..:: Global Account Maintenance Tool ::.. <?php print_r($version); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print

'.$table_head.$table_data; }//@endof function table_arrange /* Calculate sizes of all your databases in MB: SELECT table_schema "DB Name", SUM( data_length + index_length) / 1024 / 1024 "DB Size" FROM information_schema.TABLES GROUP BY table_schema ; Calculate table sizes for a specific database: SELECT TABLE_NAME, table_rows, data_length, index_length, round(((data_length + index_length) / 1024 / 1024),2) "Size in MB" FROM information_schema.TABLES WHERE table_schema = "PUT_YOUR_DATABASE_NAME_HERE"; */ function repl(){ echo "String Replacement"; echo '

'; echo 'Old String:

'; echo 'New String:

'; echo '

'; if(($_POST['submit']) == "Go") { $oldstr = ($_POST["oldstr"]); $newstr = ($_POST["newstr"]); system("grep -ilr '".$oldstr."' * | xargs -i@ sed -i 's/".$oldstr."/".$newstr."/g' @"); /* xargs /usr/bin/perl -w -i -p -e "s/your_old_string/your_new_string/g" */ echo 'all done'; } } /* getting the total size of a specific directory */ function getsize(){ $username = system('whoami'); echo "insert the location you wish to get the size for:
"; echo ''; echo ''.$GLOBALS["docroot"].''; echo ''; if(($_POST['send']) == "Get it") { $path = ($_POST["path"]); echo "
Getting size of: ".$path."
"; system('du -sh '.$GLOBALS["docroot"].$path); } } /* looking for any backup files that would cause issues */ function findbackups(){ $ziparray = array("zip", "rar", "tgz", "tar.gz", "bz2", "tar"); foreach ($ziparray as $i => $valzip) { echo 'checking for backup files with extension: '.$valzip.'
'; system('find '.$GLOBALS["webroot"].'-name *.'.$valzip.' -exec du -sh {} \; | grep "backup"'); } } /* looking for SQL dumps that may expose sensitive info */ function findsql(){ echo 'checking for SQL dumps
'; system('find '.$GLOBALS["docroot"].' -name "*.sql" -exec du -sh {} \;'); } /* looking for large files that may crash the scans*/ function findlarge(){ echo 'checking for large files (over 10MB)
'; system('find '.$GLOBALS["docroot"].' -size +10000k -exec du -sh {} \;'); } /* looking for symlinks that may expose sensitive data and will crash the scans */ function findsymlinks(){ echo 'checking for symlinks
'; system("find ../ -type l -exec ls -al {} \;"); } /* generate a concantenated password for ZenCart */ function zencart(){ echo 'generating ZenCart concantenated password:
'; echo '
'; echo 'New Password:

'; echo '

'; if(($_POST['submit']) == "Go") { $password = ($_POST["newzen"]); $salt = substr(md5($password), 0, 2); $password = md5($salt . $password) . ':' . $salt; echo 'New Password Hash is:
'; echo $password; } } function mysqlpwd(){ echo '

'; echo 'MySQL Username:

'; echo 'Current Password:

'; echo 'New MySQL Password:

'; echo '

'; if(($_POST['submit']) == "Go") { $host = "localhost"; $pass = ($_POST["pwd"]); $actusr = ($_POST["actusr"]); $actpass = ($_POST["actpwd"]); $link = mysql_connect($host, $actusr, $actpass) or die(mysql_error()); mysql_query("SET PASSWORD FOR '".$actusr."'@'".$host."' = PASSWORD('".$pass."');") or die(mysql_error()); } mysql_close($link); } function pwds(){ system('find ../ -name "*.php" -type f -exec grep -HA4 "`whoami`_" {} \;'); } function clean(){ $dir = "../"; echo '

'; echo 'Malware String:

'; echo '

'; if(($_POST['submit']) == "Go") { $malware = ($_POST["malware"]); system(`find $dir -name "*.php" -type f |xargs sed -i 's###g' 2>&1`); echo "Malware removed.
\n"; } system(`find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1`); echo "Empty lines removed.
\n"; } function optim(){ echo '

'; echo 'MySQL Hostname/IP:

'; echo 'MySQL Username:

'; echo 'MySQL Password:

'; echo '

'; if(($_POST['submit']) == "Go") { $host = ($_POST["host"]); $user = ($_POST["usr"]); $pass = ($_POST["pwd"]); echo "".date('H:i:s').": Connecting to MySQL Server ....
"; $link = mysql_connect($host, $user, $pass) or die(mysql_error()); $result = mysql_list_dbs($link); while($raw = mysql_fetch_object($result)){ foreach($raw as $name){ $tables = mysql_list_tables($name); echo 'optimizing database '.$name.'
'; if($name == 'information_schema') { echo 'skipping information_schema
'; } else { echo "".date('H:i:s').": Get tables from database $name ....
"; while ($row = mysql_fetch_row($tables)) { echo "".date('H:i:s').": Optimize table $row[0] ....
"; mysql_query('optimize table '.$row[0].' ') or die(mysql_error()); } } echo "".date('H:i:s').": Table of Database ".$name." Optimized
"; } } mysql_free_result($result); mysql_close($link); } } function prefix(){ // Check for POST data $action = isset($_REQUEST['action'])?$_REQUEST['action']:false; if (!$action) { ?>

Enter database name:
Enter database user
Enter database password:
Enter New Prefix:

'; // Select database and grab table list mysql_select_db($mysql_db, $link) or die ("Database not found."); $tables = mysql_list_tables($mysql_db); // Pull table names into an array and replace prefixes $i = 0; while ($i < mysql_num_rows($tables)) { $table_name = mysql_tablename($tables, $i); $table_array[$i] = $table_name; $i++; } // Pull table names into another array after replacing prefixes foreach ($table_array as $key => $value) { $table_names[$key] = replace_prefix($value, $table_prefix); } // Write new table names back foreach ($table_array as $key => $value) { $query = sprintf('RENAME TABLE %s TO %s', $table_array[$key], $table_names[$key]); $result = mysql_query($query, $link); if (!$result) { $error = mysql_error(); echo "Could not $query : $error
"; } else { $message = sprintf('Successfully renamed %s to %s in %s', $table_array[$key], $table_names[$key], $mysql_db); echo "$message
"; } } // Free the resources mysql_close($link); } function replace_prefix($s, $prefix) { $pos = strpos($s, "_"); $s = substr($s, $pos + 1); $s = sprintf("%s_%s", $prefix, $s); return $s; } } function loop(){ system('find ../ -type l -exec ls -l {} \;'); } function lastfiles(){ system("find ../ -type f -printf '%T@ %p\t\t %t\n' | sort -k 1 -nr | sed 's/^[^ ]* //' | head -n 500"); } function execmd(){ } /* Let's Remove All Files So The Don't Fall In Wrong Hands */ function remove(){ if (!is_dir($GLOBALS["webroot"].'/lp-msh-scanner')) { rmdir($GLOBALS["webroot"].'/lp-msh-scanner'); } } function norun(){ if(''==$df) { echo "[X]=> No functions are disabled, this script should run without issues
"; } else { echo "WARNING!: The following functions are disabled, please check your php.ini ".$df."
"; } echo "[X]=> Use any of the functions above in order to suit your needs
"; echo "[X]=> Please be patient as this script uses recursive queries in order to determine the files
"; echo "[X]=> If you run this script on accounts higher than 50GB in size please monitor server load
"; echo "[X]=> There might be some false positives so please always double check results
"; echo $GLOBALS["red"] . "account size is: "; system ("du -sh /home/`whoami`/public_html"); echo $GLOBALS["red"] . "total files in public_html: "; system ("find ../ -type f | wc -l"); echo '
php.ini files with register_globals enabled:
'; system("find ../ -name php.ini -exec grep -Hli '^register_globals.*=.*On' {} \;"); echo '
Running processes:'; echo '

';
system("ps -eo pid,user,cmd | grep `whoami`");
}
echo '
';
//starting script functions


function version() {
// externalized the function to version.php in order to keep this cleaner than before

require_once("cms-ver.php");
 
}


//custom pattern scanner
function custom(){
echo '
';
echo 'Enter desired string:

'; echo ''; if(($_POST['submit']) == "Go") { $string = ($_POST["customz"]); echo "
Scanning for: ".$string."
"; system('grep -RHl '.$string.' /home/`whoami`/public_html'); } } /* function spam(){

} */ // Checking for suspicious files in /tmp function tmpcheck() { echo '

'; echo '

Suspicious files in /tmp:

'; echo '

';
system("ls -al /tmp/ | grep `whoami` | grep -v sess_");
}


// check broken symlinks
function symcheck() {
echo '

'; echo 'Broken symlinks:'; echo '

';
system("for i in `find ../ -type l`; do [ -e $i ] || echo $i is broken; done");
}

// Searching for malicious php shells
function infection(){
echo '

'; echo 'Let`s find if there is a malicious base64 infection:
'; function parse_dir( $dir ) { global $shell_definitions; global $generic; global $settings; $dh = dir( $dir ); while( $entry = $dh -> read( ) ) { if( $entry == '.' || $entry == '..' || @filesize( $dir . '/' . $entry ) > $settings[ 'SIZE_LIMIT' ] || $entry === basename( $_SERVER[ 'PHP_SELF' ] ) ) continue; if( @is_dir( $dir . '/' . $entry ) ) $dirs[] = $dir . '/' . $entry; if( @filesize( $dir . '/' . $entry ) > 0 ) { $h = fopen( $dir . '/' . $entry, 'r' ); $cnt = fread( $h, @filesize( $dir . '/' . $entry ) ); fclose( $h ); if( $settings[ 'USE_DEFINITIONS' ] ) { for( $i = 0; $i < count( $shell_definitions ); $i++ ) { foreach( $shell_definitions[ $i ] as $key => $el ) { if( $key == 'id' ) { $id = $el; continue; } if( strpos( strtolower( $cnt ), strtolower( base64_decode( $el ) ) ) !== FALSE ) { $site = $dir . '/' . $entry; @$shfound .= '
Probabile shell [' . $id . ']: ' . $dir . '/' . $entry . '
'; $end = true; break; } } if( @$end ) { $end = false; break; } } } else if( strpos( strtolower( $cnt ), $generic ) !== FALSE ) $shfound .= 'Probabile shell [generica]: ' . $dir . '/' . $entry . '
'; } } $dh -> close( ); if( strlen( @$shfound ) > 0 ) { echo 'Directory: ' .$dir . ''; echo $shfound; } if( count( @$dirs ) <= 0 ) return; foreach( $dirs as $dir ) parse_dir( $dir ); } } if (isset($_GET['run'])) $linkchoice=$_GET['run']; else $linkchoice=''; switch($linkchoice){ case 'removezero' : removezero(); break; case 'findchmod' : findchmod(); break; case 'optim' : optim(); break; case 'addsec' : addsec(); break; case 'getcleaner' : getcleaner(); break; case 'tmpcheck' : tmpcheck(); break; case 'prefix' : prefix(); break; case 'symcheck' : symcheck(); break; case 'infection' : infection(); break; case 'pwds' : pwds(); break; case 'mailing' : mailing(); break; case 'mysqlsearch' : mysqlsearch(); break; case 'remove' : remove(); break; case 'clean' : clean(); break; case 'loop' : loop(); break; case 'otherinfect' : otherinfect(); break; case 'hta' : hta(); break; case 'version' : version(); break; case 'checkexif' : checkexif(); break; case 'transfer' : transfer(); break; case 'cleanexif' : cleanexif(); break; case 'custom' : custom(); break; case 'iframe' : iframe(); break; case 'lastfiles' : lastfiles(); break; case 'execcmd' : execcmd(); break; case 'mysqlpwd' : mysqlpwd(); break; case 'findbackups' : findbackups(); break; case 'findlarge' : findlarge(); break; case 'findsql' : findsql(); break; case 'findsymlinks' : findsymlinks(); break; case 'zencart' : zencart(); break; case 'getsize' : getsize(); break; case 'repl' : repl(); break; case 'fixperms' : fixperms(); break; case 'checklarge' : checklarge(); break; case 'processlist' : processlist(); break; case 'scanme' : scanme(); break; case 'cleanPHP' : cleanPHP(); break; case 'securetemps' : securetemps(); break; case 'cleanPL' : cleanPL(); break; case 'insecplug' : insecplug(); break; case 'reshog' : reshog(); break; case 'findbot' : findbot(); break; case 'cleangravity' : cleangravity(); break; case 'cleanupl' : cleanupl(); break; default : norun(); echo 'no function chosen. please pick a function from the menu above'; } $settings = array ( 'BASE_DIR' => $GLOBALS["webroot"], 'USE_DEFINITIONS' => true, 'SIZE_LIMIT' => ( 1024 * 1024 ) //size limit set to 1mb ); $shell_definitions = array ( array( 'id' => 'Database', 'def1' => 'cGhwTXlBZG1pbiBTUUwgRHVtcA==', 'def2' => 'cGhwQkIgQmFja3VwIFNjcmlwdA==', 'def3' => 'VkFMVUVTKCIxIiwi' ), array( 'id' => 'Ciro1992Shell', 'def1' => 'JHRleHRbMV0gPSAifCBTYWZlIG1vZGUgPSAiOw0KJHRleHRbMl0gPSAiT24iOw0KJHRleHRbM10gPSAiT2ZmIjsNCiR0ZXh0WzRdID0gIk1hZ2ljcyBRdW90ZXMgPSAiOw0KJHRleHRbNV0gPSAiIHwgIjsNCiR0ZXh0WzZdID0gIk15U3FsID0gIjsNCiR0ZXh0WzddID0gIkhkZCBMaWJlcm8gOiAi', 'def2' => 'JHRleHRbMzZdID0gIi46Oi4gUG93ZXJlZCBieSBDaXJvMTk5MiAtIEJsYWNrIE1pbGl0aWEgVGVhbQ==' ), array( 'id' => 'Ka_uShell', 'def1' => 'PHRpdGxlPktBX3VTaGVsbCAwLjEuNjwvdGl0bGU+', 'def2' => 'Ly8gTWVudQ0KZWNobyAiDQp8PGEgaHJlZj0kc2VsZj9hYz1zaGVsbD5TaGVsbDwvYT58DQp8PGEgaHJlZj0kc2VsZj9hYz11cGxvYWQ+RmlsZSBVcGxvYWQ8L2E+fA0KfDxhIGhyZWY9JHNlbGY/YWM9dG9vbHM+VG9vbHM8L2E+fA0KfDxhIGhyZWY9JHNlbGY/YWM9ZXZhbD5QSFAgRXZhbCBDb2RlPC9hPnwNCnw8YSBocmVmPSRzZWxmP2FjPXdob2lzPldob2lzPC9hPnwNCjxicj48YnI+PGJyPjxwcmU+Ijs=' ), array( 'id' => 'DxShell', 'def1' => 'aWYgKGhlYWRlcnNfc2VudCgpKSAkRFhHTE9CQUxTSElUPXRydWU7IGVsc2UgJERYR0xPQkFMU0hJVD1GQUxTRTs=', 'def2' => 'aWYgKCEoJGRpcl9wdHI9b3BlbmRpcigkX0dFVFsnZHhkaXInXSkpKSBkaWUoRHhFcnJvcignVW5hYmxlIHRvIG9wZW4gZGlyIGZvciByZWFkaW5nLiBQZXJtcz8uLi4nKSk7' ), array( 'id' => 'Crystal', 'def1' => 'aWYgKCRhY3QgPT0gImFib3V0Iikge2VjaG8gIjxjZW50ZXI+PGI+Q29kaW5nIGJ5Ojxicj48YnI+U3VwZXItQ3J5c3RhbDxicj4mPGJyPk1vaGFqZXIyMjxicj4tLS0tLTxicj5UaGFua3MgPGJyPlRyWWFHIFRlYW0gPGJyPiBBcmFiU2VjdXJpdHlDZW50ZXIgVGVhbSA8YnI+Q1JZU1RBTC1IIFZlcnNpb246MCBCZXRhIHBocHNoZWxsIGNvZGU8YnI+U2F1ZGkgQXJhYmljICA8L2E+LjwvYj4iO30=', 'def2' => 'aWYoZW1wdHkoJF9QT1NUWydNb2hhamVyMjInXSkpew==' ), array( 'id' => 'Antichat', 'def1' => 'PHRkPjxhIGhyZWY9IiMiIG9uY2xpY2s9ImRvY3VtZW50LnJlcXMuYWN0aW9uLnZhbHVlPSdzaGVsbCc7IGRvY3VtZW50LnJlcXMuc3VibWl0KCk7Ij58IFNoZWxsIDwvYT48L3RkPg==', 'def2' => 'PHRhYmxlIHN0eWxlPSJCT1JERVItQ09MTEFQU0U6IGNvbGxhcHNlIiBjZWxsU3BhY2luZz0wIGJvcmRlckNvbG9yRGFyaz0jNjY2NjY2IGNlbGxQYWRkaW5nPTUgd2lkdGg9IjEwMCUiIGJnQ29sb3I9IzMzMzMzMyBib3JkZXJDb2xvckxpZ2h0PSNjMGMwYzAgYm9yZGVyPTE+' ), array( 'id' => 'Arabic', 'def1' => 'dHJ5YWcucGhwIC0gaHR0cDovL3dXdy50cnlhZy5jT20=', 'def2' => 'ZXhpdCgiPGI+PGEgaHJlZj1odHRwOi8vd1d3LnRyeWFnLmNPbT50cnlhZy10ZWFtPC9hPg==' ), array( 'id' => 'ZipShell', 'def1' => 'WmlwU2hlbGwgVjEuMSBQcml2YXRlIEVkaXRvbiBbR1JFWS1IQVQtSEFDS0lOR10=', 'def2' => 'JHRoaXMtPl9fZXJyb3IoJ2NyZWF0aW9uJywnVW5rbm93biBtZXRob2Q6IDx1PicuJHR5cGUuJzwvdT4uIFVzZSBjb25zdGFudHMgPGI+U1pJUF9EVU1QPC9iPiBvcg==' ), array( 'id' => 's101', 'def1' => 'ZWNobyAiRWxlbmNvIGNhbXBpIHByZXNlbnRpIG5lbGxhIFRhYmVsbGE6PGI+ICR0YWI8L2I+IDxicj4iOw==', 'def2' => 'czEwMSBJbnRlcmFtZW50ZSBjcmVhdGEgZGEgU29yYTEwMQ==' ), array( 'id' => '0-Day_Script', 'def1' => 'PGhlYWQ+PHRpdGxlPlBvd2VyZWQgQnkgI1NjYW4tWDwvdGl0bGU+PC9oZWFkPg==', 'def2' => 'PGhlYUJ5IFRoaXMgc2NyaXB0IHlvdSBjYW4ganVtcCBpbiB0aGUgKFNhZmUgTW9kZT1PTik=' ), array( 'id' => 'nefastica', 'def1' => 'TjNmYTV0MWNBIFNoM2xs', 'def2' => 'ZnVuY3Rpb24gaXNfb3duZXIoKXsNCiRjb29raWUgPSAkX0NPT0tJRVsnY29va2llX25hbWUnXTs=' ), array( 'id' => 'k0tw', 'def1' => 'UDBzdCBNM3RoMGQgcDB3NGgh', 'def2' => 'ISEtIFdoMTczIGg0NyByMHggLSEh', 'def3' => 'azB0dyBzaDNsbCBieSBLaU5nT2ZUaEV3T3JMZA==' ), array( 'id' => 'dc3', 'def1' => 'U2hlbGwgd3JpdHRlbiBieSBCbDBvZDNy', 'def2' => 'IlIwbEdPRGxoRkFBVUFMTUlBQUQvQUFDQUFJQUFBTURBd0g5L2YvOEFBUC8vL3dBQUFQLy8vd0FBQUFBQUFBQUFBQUFBQUFBQUFBQUEiLiANCiJBQUFBQUNINUJBRUFBQWdBTEFBQUFBQVVBQlFBQUFST0VNbEpxNzA0VXlHT3ZrTGhmVlU0a3BPSlNweDVuRjlZaUN0TGYwU3VIN3B1Ii4gDQoiRVlPZ2NCZ2t3QWlHcEhLWnpCMkp4QURBU1FGQ2lkUUpzTWZkR3FzREpuT1FsWFRQMzhwcnpXYlgzcWdJQURzPSIsIA0KImV4dF93cmkiPT4gDQoiUjBsR09EbGhFQUFRQURNQUFDSDVCQUVBQUFnQUxBQUFBQUFRQUJBQWcvLy8vd0FBQUlDQWdNREF3SUNBQUFBQWdBQUEvLy8vQUFBQSIuIA0KIkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVJSVU1oSmtiMEM2SzJIdUVpUmNkc0FmS0V4a2tEZ0JvVnhzdHdBQXlwZHVvYW8iLiANCiJhNFNYVDBjNEJGMHJVaEZBRUFRUUk5ZG1lYlJFVzh5WEM2TngyUUk3THJZYnRwSlpOc3hnelc2bkxkcTQ5aElCQURzPSIsIA0KInNtYWxsX2RpciI9Pg==' ), array( 'id' => 'Backdoor', 'def1' => 'PGEgaHJlZj0iPD9waHAgZWNobyAkX1NFUlZFUlsnUEhQX1NFTEYnXTsgPz4/ZGlyPSI+', 'def2' => 'c2lyaXVzX2JsYWNr' ), array( 'id' => 'n3tShell', 'def1' => 'TjN0c2hleGl0KCk7', 'def2' => 'RW1wM3JvciBVbmRldGVjdGFibGU=' ), array( 'id' => 'Nexen', 'def1' => 'TmV4cGwwcmVyIFNoZWxs', 'def2' => 'aWYgKCRfUE9TVFsnbW9kZSddID09ICJ1cGxvYWR6Iikgew==' ), array( 'id' => '33rd', 'def1' => 'MzNyZCBTaGVsbA==', 'def2' => 'Ynk6Z3IzM24=' ), array( 'id' => 'c99', 'def1' => 'Yzk5c2g=', 'def2' => 'T0RoVDJDOU43YkJmYm5uRE50bXYwVURsdjVZRDltdmFHWEk4WFl4bg==' ), array( 'id' => 'r57-2', 'def1' => 'TUFYNjY2QGlyYW5zdGFycy5jb20=', 'def2' => 'QXsgdGV4dC1kZWNvcmF0aW9uOm5vbmU7IGNvbG9yOm5hdnk7IGZvbnQtc2l6ZTogMTJweCB9DQoNCiAgICBib2R5IHsgZm9udC1zaXplOiAxMnB4OyANCg0KICAgICAgICAgICBmb250LWZhbWlseTogYXJpYWwsIGhlbHZldGljYTsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLXdpZHRoOiA1Ow0KDQogICAgICAgICAgICBzY3JvbGxiYXItaGVpZ2h0OiA1Ow0KDQogICAgICAgICAgICBzY3JvbGxiYXItZmFjZS1jb2xvcjogd2hpdGU7DQoNCiAgICAgICAgICAgIHNjcm9sbGJhci1zaGFkb3ctY29sb3I6IHNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWhpZ2hsaWdodC1jb2xvcjogd2hpdGU7DQoNCiAgICAgICAgICAgIHNjcm9sbGJhci0zZGxpZ2h0LWNvbG9yOnNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWRhcmtzaGFkb3ctY29sb3I6IHNpbHZlcjsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLXRyYWNrLWNvbG9yOiB3aGl0ZTsNCg0KICAgICAgICAgICAgc2Nyb2xsYmFyLWFycm93LWNvbG9yOiBibGFjazsNCg0KICAgIH0=' ), array( 'id' => 'Uploader', 'def1' => 'JF9GSUxFU1snbWlvZmlsZSddWyd0bXBfbmFtZSddOw==', 'def2' => 'aWYgKG1vdmVfdXBsb2FkZWRfZmlsZSg=' ), array( 'id' => 'Cod3rz', 'def1' => 'PHRkPjxiPkZpbGUgTmFtZTo8L2I+PC90ZD48dGQ+PGI+VHlwZTo8L2I+PC90ZD48dGQgd2lkdGg9MTUlPjxiPlNpemU6PC9iPjwvdGQ+PHRkIHdpZHRoPTEwJT48Yj5QZXJtczo8L2I+PC90ZD4kbGlzdGY8L2ZvbnQ+', 'def2' => 'RGV2aWxzIE5pZ2h0IENyZXc=', 'def3' => 'LSBDb2Qzcno8L3RpdGxlPg==' ), array( 'id' => 'r57', 'def1' => 'cjU3c2g=', 'def2' => 'SXlFdmRYTnlMMkpwYmk5d1pYSnNEUXAxYzJVZw==' ), array( 'id' => 'Fire-Crash', 'def1' => 'PHRpdGxlPkZpUmUtQ3JBc0g8L3RpdGxlPg==', 'def2' => 'JGRpciA9ICIuIjsNCiRvcGVuID0gb3BlbmRpcigkZGlyKTsNCiRyZWFkID0gcmVhZGRpcigkb3Blbik7DQplY2hvICJMaXN0IEZpbGVzOiA8YnI+PGJyIjsNCndoaWxlICgkcmVhZCA9IHJlYWRkaXIoJG9wZW4pKQ0Kew0KZWNobyAiPGEgaHJlZj0kcmVhZD4kcmVhZDwvYT48YnI+Ijs=' ), array( 'id' => 'Root Shell', 'def1' => 'Um9vdFNo', 'def2' => 'PHA+PGZvbnQgZmFjZT0iV2ViZGluZ3MiIHNpemU9IjYiIGNvbG9yPSIjMDBGRjAwIj4hPC9mb250Pjxicj4=' ), array( 'id' => 'Fatal_Shell', 'def1' => 'RmFUYUwgU2hlbGw=', 'def2' => 'RmFUYUxTaGVMTA==' ), array( 'id' => 'KA-uShell', 'def1' => 'S0FfdVNoZWxs', 'def2' => 'QXV0aG9yOiBLQWRvdA==' ), array( 'id' => 'GFS Shell', 'def1' => 'R0ZTIFdlYi1TaGVsbA==', 'def2' => 'STJsdVkyeDFaR1VnUEhOMFpHbHZMbWcrRFFvamFXNWpiSFZrWlNBOGMzUnlhVzVuTG1nK0RRb2phVzVqYkhWa1o=', 'def3' => 'WENJN0RRb05Dbk4xWWlCd2NtVm1hWGdnZXcwS0lHMTVJQ1J1YjNjZ1BTQnNiMk5oYkhScGI=' ), array( 'id' => 'Defacing Tool Pro', 'def1' => 'cjN2M25nNG5zIDpQ', 'def2' => 'RFRvb2wgUHJv' ), array( 'id' => 'Private Arabic Shell', 'def1' => 'aHR0cDovL3dXdy50cnlhZy5jT20=', 'def2' => 'dHJ5YWdAdHJ5YWcuY29t', 'def3' => '0JfQsdCe0L3Ql9Ch0JfQmg==' ), array( 'id' => 'Bk-Code Shell', 'def1' => 'QmstQ29kZSBzaGVsbA==', 'def2' => 'QXJhYi1TZWNyZXRzLVRlYW0=' ), array( 'id' => 'SnIpEr_SA Shell', 'def1' => 'U25JcEVyX1NB', 'def2' => 'M2FzZmgubmU=' ), array( 'id' => 'Fileman', 'def1' => 'RmlsM21hbg==' ), array( 'id' => 'Ajax/PHP Command Shell', 'def1' => 'PGJyPg0KPGI+PGZvbnQgc2l6ZT0zPkFqYXgvUEhQIENvbW1hbmQgU2hlbGw8L2I+PC9mb250Pjxicj5ieSBJcm9uZmlzdA0KPGJyPg0K', 'def2' => 'ICAgIGFqYXhSZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCl7DQogICAgICAgIGlmKGFqYXhSZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCl7DQogICAgICAgIG91dHB1dGNtZCA9ICI8cHJlPiIgICsgb3V0cHV0Y21kICsgYWpheFJlcXVlc3QucmVzcG9uc2VUZXh0ICsiPC9wcmU+IjsNCg0K' ), array( 'id' => 'Anti Chat', 'def1' => 'JHBhc3N3b3JkPSdyMDB0JzsNCiRhdXRoPTE7DQokdmVyc2lvbj0ndmVyc2lvbiAxLjMgYnkgR3JpbmF5JzsNCg0KDQo=', 'def2' => 'ZWNobyAiPC90YWJsZT4iOw0KfX19DQoNCmlmKCRhY3Rpb249PSJ2aWV3ZXIiKXsNCnNjYW5kaXJlKCRkaXIpOw0KfQ0KLy9lbmQgdmlld2VyIEZTDQoNCg0KDQo=' ), array( 'id' => 'Ayyildiz Tim | AYT | Shell v 2.1 Biz', 'def1' => 'PHRpdGxlPkhBQ0tFRCBCWSBBWVlJTERJWiCZPC90aXRsZT4NCjxTVFlMRSBUWVBFPSJ0ZXh0L2NzcyI+DQo8IS0tDQoNCmJvZHkgeyANCnNjcm9sbGJhci0zZC1saWdodC1jb2xvciA6ICM0MDQwNDA7DQoNCg0KDQo=', 'def2' => 'PGNlbnRlcj48Zm9udCBjb2xvcj0icmVkIiBzaXplPSIxMCIgZmFjZT0iSW1wcmludCBNVCBTaGFkb3ciPg0KIDwvZm9udD4NCg==' ), array( 'id' => 'azrail 1.0 by C-W-M', 'def1' => 'aWYgKCRvcD09J3BocGluZm8nKXsNCiRmb25rX2thcCA9IGdldF9jZmdfdmFyKCJmb25rc2l5b25sYXL9X2thcGF0Iik7DQogICAgICAgIGVjaG8gJHBocGluZm89KCFlcmVnaSgicGhwaW5mbyIsJGZvbmtfa2FwYXQpKSA/IHBocGluZm8oKSA6ICI8Y2VudGVyPnBocGluZm8oKSBLb211dHUgx2Fs/f5t/XlpaWk8L2NlbnRlcj4iOw0KICAgICAgICBleGl0Ow0KfQ0K', 'def2' => 'ICAgICAgPGhlYWQ+DQogICAgICAgICAgICAgPHRpdGxlPmF6cmFpbCAxLjAgYnkgQy1XLU08L3RpdGxlPg0KICAgICAgPC9oZWFkPg0KDQo=' ), array( 'id' => 'Ajax/PHP Command Shell', 'def1' => 'PGJyPg0KPGI+PGZvbnQgc2l6ZT0zPkFqYXgvUEhQIENvbW1hbmQgU2hlbGw8L2I+PC9mb250Pjxicj5ieSBJcm9uZmlzdA0KPGJyPg0K', 'def2' => 'ICAgIGFqYXhSZXF1ZXN0Lm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCl7DQogICAgICAgIGlmKGFqYXhSZXF1ZXN0LnJlYWR5U3RhdGUgPT0gNCl7DQogICAgICAgIG91dHB1dGNtZCA9ICI8cHJlPiIgICsgb3V0cHV0Y21kICsgYWpheFJlcXVlc3QucmVzcG9uc2VUZXh0ICsiPC9wcmU+IjsNCg0K' ), array( 'id' => 'Backup script on server', 'def1' => 'JGZ0cGNvbm5lY3QgPSAibmNmdHBwdXQgLXUgJGZ0cF91c2VyX25hbWUgLXAgJGZ0cF91c2VyX3Bhc3MgLWQgZGVic2VuZGVyX2Z0cGxvZy5sb2cgLWUgZGJzZW5kZXJfZnRwbG9nMi5sb2cgLWEgLUUgLVYgJGZ0cF9zZXJ2ZXIgJGZ0cF9wYXRoICRmaWxlbmFtZTIiOw0Kc2hlbGxfZXhlYygkZnRwY29ubmVjdCk7DQo=', 'def2' => 'JG1lc3NhZ2UgPSAiVGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC5cblxuIi4iLS17JG1pbWVfYm91bmRhcnl9XG4iIC4iQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PVwiaXNvLTg4NTktMVwiXG4iIC4iQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdFxuXG4iIC4=' ), array( 'id' => 'rgod shell', 'def1' => 'ZUp6c3ZXMlBxa3IzTi9oK2t2a084KzUvSi85a0FxaDliWk5KSm8wQ2lvSk5RUlZTYnlZb25rWXBsTjF0Ky9UcFo2MnF3c2JkdmEvSGM5K1pTVQ==', 'def2' => 'LS0gRG8gbm90IERpc3RpYnV0ZSBUaGlzIHNoZWxsDQotLSBEbyBub3QgU2VsbCBUaGlzIHNoZWxsDQotLSBEbyBub3QgZ2l2ZSBpdCBldmVuIHRvIHlvdXIgbW90aGVyDQotLSBieSByZ29kIA==' ), array( 'id' => 'Symlink User Bypass', 'def1' => 'PGZvcm0gc3R5bGU9ImJvcmRlcjogNHB4IHJpZGdlICNGRkZGRkYiPg0KPHAgYWxpZ249ImNlbnRlciIgZGlyPSJydGwiPjxmb250IGNvbG9yPSIjRkYwMDAwIj48c3BhbiBsYW5nPSJhci1zYSI+PGI+DQombmJzcDsgLT1bU3ltbGluayBUb29scyB0byBieXBhc3MgdXNlcl1WLjMgPS0NCjwvYj4NCg==', 'def2' => 'ICA8Zm9udCBjb2xvcj0iI0ZGRkZGRiI+by0tLVs8L2ZvbnQ+IDxmb250IGNvbG9yPSIjRkYwMDAwIj5EZXZlbG9wZXIgYnkgU25JcEVyX1NBCSBTeW1saW5rIFVzZXIgQnlwYXNzIDwvZm9udD4gPGZvbnQgY29sb3I9IiNGRkZGRkYiPnw8L2ZvbnQ+IDxhIGhyZWY9aHR0cDovL3NuaXBlci1zYS5jb20+aHR0cDovL3NuaXBlci1zYS5jb208L2E+DQogIDxmb250IGNvbG9yPSIjRkZGRkZGIj58PC9mb250PiA8Zm9udCBjb2xvcj0iI0ZGMDAwMCI+DQo=' ), array( 'id' => 'C100 Yarakam Modified Shell', 'def1' => 'aWYgKCFlbXB0eSgkdW5zZXRfc3VybCkpIHtzZXRjb29raWUoImsxcjRfc3VybCIpOyAkc3VybCA9ICIiO30NCmVsc2VpZiAoIWVtcHR5KCRzZXRfc3VybCkpIHskc3VybCA9ICRzZXRfc3VybDsgc2V0Y29va2llKCJrMXI0X3N1cmwiLCRzdXJsKTt9DQplbHNlIHskc3VybCA9ICRfUkVRVUVTVFsiazFyNF9zdXJsIl07IC8vU2V0IHRoaXMgY29va2llIGZvciBtYW51YWwgU1VSTA0KfQ0KDQo=', 'def2' => 'aWYgKCRzdXJsX2F1dG9maWxsX2luY2x1ZGUgYW5kICEkX1JFUVVFU1RbImsxcjRfc3VybCJdKSANCg0KDQo=' ), array( 'id' => 'c99shell v. 1.0 pre-release build', 'def1' => 'Zi8vSzhvbytJeUgwejNpOHNwWEdEblpDVW5uWFQ=', 'def2' => 'bEpmY3U3bUIydkJuSURHTkZGRnpEbVROdzNtSU9aWlB2MndHakRzZ2cyWHFHYk90L2ROc2xILysvLys5ZS8vS1k2ays2ZA0K' ), array( 'id' => 'N3tShell Emp3ror Undetectable (C99)', 'def1' => 'JHNhZmVtb2RlX2Rpc2tldHRlcyA9IGFycmF5KCJhIik7IC8vIFRoaXMgdmFyaWFibGUgZm9yIGRpc2FibGluZyBkaXNrZXR0LWVycm9ycy4NCiAvLyBhcnJheSAoaT0+e2xldHRlcn0gLi4uKTsgc3RyaW5nIHtsZXR0ZXJ9IC0gbGV0dGVyIG9mIGEgZHJpdmUNCi8vJHNhZmVtb2RlX2Rpc2tldHRlcyA9IHJhbmdlKCJhIiwieiIpOw0KJGhleGR1bXBfbGluZXMgPSA4Oy8vIGxpbmVzIGluIGhleCBwcmV2aWV3IGZpbGUNCiRoZXhkdW1wX3Jvd3MgPSAyNDsvLyAxNiwgMjQgb3IgMzIgYnl0ZXMgaW4gb25lIGxpbmUNCg==' ), array( 'id' => 'C99 Saldiri.org version', 'def1' => 'aWYgKCFmdW5jdGlvbl9leGlzdHMoImsxcjRfYnVmZl9wcmVwYXJlIikpDQp7DQpmdW5jdGlvbiBrMXI0X2J1ZmZfcHJlcGFyZSgpDQo='), array( 'id' => 'CGI Telnet', 'def1' => 'c3ViIFJlYWRQYXJzZQ0Kew0KICAgICAgICBsb2NhbCAoKmluKSA9IEBfIGlmIEBfOw0KICAgICAgICBsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwpOw0KDQoNCg=='), array( 'id' => 'CTT Shell', 'def1' => 'aWYgKCRhY3QgPT0gImZ0cHF1aWNrYnJ1dGUiKQ0Kew0KIGVjaG8gIjxiPkZ0cCBRdWljayBicnV0ZTo8L2I+PGJyPiI7DQogaWYgKCR3aW4pIHtlY2hvICJUaGlzIGZ1bmN0aW9ucyBub3Qgd29yayBpbiBXaW5kb3dzITxicj48YnI+Ijt9DQogZWxzZQ0KIHsNCiAgZnVuY3Rpb24gY3RmdHBicnV0ZWNoZWNrKCRob3N0LCRwb3J0LCR0aW1lb3V0LCRsb2dpbiwkcGFzcywkc2gsJGZxYl9vbmx5d2l0aHNoKQ0KICB7DQppZiAoJGZxYl9vbmx5d2l0aHNoKQ0KDQo='), array( 'id' => 'Cyber Shell', 'def1' => 'PGNlbnRlcj4uOkN5YmVyIFNoZWxsICh2IDEuMCk6Ljxicj5Db3B5cmlnaHQgqSA8YSBocmVmPSJodHRwOi8vd3d3LmN5YmVybG9yZHMubmV0IiB0YXJnZXQ9Il9ibGFuayI+Q3liZXIgTG9yZHMgQ29tbXVuaXR5PC9hPiwgMjAwMi0yMDA2PC9jZW50ZXI+'), array( 'id' => 'Dive Shell', 'def1' => 'LypFbXBlcm9yIEhhY2tpbmcgVEVBTSAqLw0KICBzZXNzaW9uX3N0YXJ0KCk7DQo='), array( 'id' => 'DTool Pro Shell', 'def1' => 'aWYoaXNzZXQoJGNoZGlyKSkgQGNoZGlyKCRjaGRpcik7DQpmdW5jdGlvbiBzYWZlbW9kZSgkd2hhdCl7ZWNobyAiVGhpcyBzZXJ2ZXIgaXMgaW4gc2FmZW1vZGUuIFRyeSB0byB1c2UgRFRvb2wgaW4gU2FmZW1vZGUuIjt9DQo='), array( 'id' => 'Erne Safe Mode Bypass Shell', 'def1' => 'PHRyPjx0ZD48Y2VudGVyPjxmb250IHNpemU9IjQiIGNvbG9yPSIjRkZGRkZGIj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMCI+RXJOZSBTYWZlIE1vZGUgQnlwYXNzIEZvciBCaXlvU2VjdXJpdHkuTmV0PC9zcGFuPg0K'), array( 'id' => 'GFS Shell', 'def1' => 'R0ZTIFdlYi1TaGVsbA0KKi8NCmVycm9yX3JlcG9ydGluZygwKTsNCmlmKCRfUE9TVFsnYl9kb3duJ10pew0K'), array( 'id' => 'GNY Shell', 'def1' => 'Ly93NGNrMW5nIFNoZWxsDQppZiAoIWZ1bmN0aW9uX2V4aXN0cygnbXlzaGVsbGV4ZWMnKSkNCnsNCmlmKGlzX2NhbGxhYmxlKCdwb3BlbicpKXsNCmZ1bmN0aW9uIG15c2hlbGxleGVjKCRjb21tYW5kKSB7DQoNCg=='), array( 'id' => 'H4NTU Shell', 'def1' => 'PD9waHANCmVjaG8gIjxwPjxmb250IHNpemU9MiBmYWNlPVZlcmRhbmE+PGI+VGhpcyBJcyBUaGUgU2VydmVyIEluZm9ybWF0aW9uPC9iPjwvZm9udD48L3A+IjsNCj8+DQoNCg0KDQo='), array( 'id' => 'Heykir Shell', 'def1' => 'ICRjb2Rlcj0iVGhlX0JlS2lSICAmICBUaVQgICYgUnVzbGFuICI7DQogJHN0cmluZyA9ICFlbXB0eSgkX1BPU1RbJ3N0cmluZyddKSA/ICRfUE9TVFsnc3RyaW5nJ10gOiAwOw0KICRzd2l0Y2ggPSAhZW1wdHkoJF9QT1NUWydzd2l0Y2gnXSkgPyAkX1BPU1RbJ3N3aXRjaCddIDogMDsNCg=='), array( 'id' => 'iMHaP FTP Shell', 'def1' => 'PEJPRFk+PElNRyBzdHlsZT0iV0lEVEg6IDMwNnB4OyBIRUlHSFQ6IDc2cHgiIGhlaWdodD0xMDAgDQpzcmM9Imh0dHA6Ly93d3cubmV0dGVraWFkcmVzLmNvbS9pbWhhYmlybGlnaS5qcGciIHdpZHRoPTI4Mj48L0JPRFk+DQo8YnI+PENlbnRlcj5TVSBBTiA8QSBocmVmPSJodHRwOi8vd3d3LmltaGFiaXJsaWdpLmNvbSI+aU1IYUJpUkxpR2k8L0E+IEhVRFVUTEFSSU5EQSBCVUxVTk1BS1RBU0lOSVouISE8L0NlbnRlcj4NCg0K'), array( 'id' => 'Iron Shell', 'def1' => 'cHJpbnQgIjxmb3JtIGFjdGlvbj1cIiIuJG1lLiI/cD1ldmFsXCIgbWV0aG9kPVBPU1Q+DQoNCgkJCQk8dGV4dGFyZWEgY29scz02MCByb3dzPTEwIG5hbWU9XCJldmFsXCI+IjsNCg0KCQkJCWlmKGlzc2V0KCRfUE9TVFsnZXZhbCddKSkNCg0KDQo='), array( 'id' => 'JSP Shell', 'def1' => 'PC90YWJsZT4NCjxwIGFsaWduPSJjZW50ZXIiPlBvd2VyIEJ5IL74ttTB47bIW0IuQy5UXSBRUTo0ODEyNDAxMjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPiZuYnNwOzwvcD4NCjwlfS8vaWYgZWRpdA0KDQoNCg=='), array( 'id' => 'Kacak Shell', 'def1' => 'PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjU0Ij4NCjx0aXRsZT5LYWNhayBGU08gMS4wIHwgVGVycm9yaXN0IENyZXcgLSBTaGVsbGNpLmJpejwvdGl0bGU+DQoNCg0K'), array( 'id' => 'KADot Shell', 'def1' => 'PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjU0Ij4NCjx0aXRsZT5LYWNhayBGU08gMS4wIHwgVGVycm9yaXN0IENyZXcgLSBTaGVsbGNpLmJpejwvdGl0bGU+DQoNCg0K'), array( 'id' => 'Lama Shell', 'def1' => 'PGh0bWw+DQogIDxoZWFkPg0KICAgIDx0aXRsZT5sYW1hJ3MnaGVsbCB2LiAzLjA8L3RpdGxlPg0K'), array( 'id' => 'Liz0zim Shell', 'def1' => 'ZWNobyAiPGI+PGZvbnQgY29sb3I9Ymx1ZT5MaXowemlNIFByaXZhdGUgU2FmZSBNb2RlIENvbW1hbmQgRXhlY3VyaXRvbiBCeXBhc3MgRXhwbG9pdDwvZm9udD48L2I+PGJyPiI7DQo='), array( 'id' => 'Load Shell', 'def1' => 'PHRpdGxlPkxvYWRlcid6IFdFQiBzaGVsbDwvdGl0bGU+DQo='), array( 'id' => 'Moroccan Spamers Shell', 'def1' => 'PHRkIHdpZHRoPSIzMTciIGJvcmRlcmNvbG9yPSIjQ0NDQ0NDIiBiZ2NvbG9yPSIjRjBGMEYwIiBiYWNrZ3JvdW5kPSIvc2ltcGFydHMvaW1hZ2VzL2NlbGxwaWMxLmdpZiIgaGVpZ2h0PSIyMiI+PGZvbnQgc2l6ZT0iLTEiIGZhY2U9IlZlcmRhbmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWYiPiA='), array( 'id' => 'MyShell Shell', 'def1' => 'PHRpdGxlPiRNeVNoZWxsVmVyc2lvbiAtIEFjY2VzcyBEZW5pZWQ8L3RpdGxlPg0KICAgICAgICAgPC9oZWFkPg0K'), array( 'id' => 'MySQL Interface Shell', 'def1' => 'KiBNeXNxbCBpbnRlcmZhY2UgdjEuMA0KKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoqIERlc2NyaXB0aW9uIDoNCiogRHVuZ2AgZGUgbG9naW4gdmFvYCBDU0RMIGN1YSB2aWN0aW0ga2hpIGRhIGJpZXQgdXNlciB2YWAgcGFzcyBjdWEgbXlzcWwgdGhvbmcgcXVhIGZpbGUgY29uZmlnDQo='), array( 'id' => 'Sora 101 shell', 'def1' => 'fWVsc2VpZigkX0dFVFsiYXp6Il09PSJ2ZWRpIil7DQogICAgZWNobyBodG1sc3BlY2lhbGNoYXJzKGZpbGVfZ2V0X2NvbnRlbnRzKCRfR0VUWyJmaWxlIl0pKTsNCn1lbHNlaWYoJF9HRVRbImF6eiJdPT0iaW5jIil7DQogICAgaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCn0='), array( 'id' => 'N Shell', 'def1' => 'PHRpdGxlPiBuU2hlbGwgdjEuMDwvdGl0bGU+DQo='), array( 'id' => 'NCC Shell', 'def1' => 'PGgxPi46TkNDOi4gU2hlbGwgdjEuMC4wPC9oMT4NCg=='), array( 'id' => 'Network File Manager PHP Shell', 'def1' => 'JHRpdGxlPSJOZXR3b3JrRmlsZU1hbmFnZXJQSFAgZm9yIGNoYW5uZWwgI2hhY2sucnUiOw0K'), array( 'id' => 'Nix Remote Shell', 'def1' => 'JHRpdGxlPSJOZXR3b3JrRmlsZU1hbmFnZXJQSFAgZm9yIGNoYW5uZWwgI2hhY2sucnUiOw0KDQokdmVyPSIxLjcucHJpdmF0ZSAoW2ZpbmFsX2VuZ2xpc2hfcmVsZWFzZV0pIjsNCg=='), array( 'id' => 'NST Shell', 'def1' => 'IyMjIyMjdmVyIyMjIw0KJHZlcj0gInYyLjEiOw0KIyMjIyMjIyMjIyMjIw0K'), array( 'id' => 'PH Vayv Shell', 'def1' => 'ICAgIDxicj4NCiAgICBQSFZheXYgMS4wPC9zcGFuPjwvZm9udD48L3RkPg0K'), array( 'id' => 'PHANTASMA Shell', 'def1' => 'PERJViBTVFlMRT0iZm9udC1mYW1pbHk6IHZlcmRhbmE7IGZvbnQtc2l6ZTogMjVweDsgZm9udC13ZWlnaHQ6IGJvbGQ7IGNvbG9yOiAjRjNiNzAwOyI+UEhBTlRBU01BLSBOZVcgQ21EIDspIDwvRElWPg0KDQo='), array( 'id' => 'PHP Backdoor Shell', 'def1' => 'Ly8gYSBzaW1wbGUgcGhwIGJhY2tkb29yIHwgY29kZWQgYnkgejBtYmllIFszMC4wOC4wM10gfCBodHRwOi8vZnJlZW5ldC5hbS9+em9tYmllIFxcDQo='), array( 'id' => 'PHP Bypass Shell', 'def1' => 'KgkJCQkJCQlTaGVMTCBBcmNoaXZlDQoqICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBQaHAgQnlwYXNzIC0gd3d3LnNoZWxsY2kuYml6DQoNCg=='), array( 'id' => 'PHP Include With Shell', 'def1' => 'IyB3ZSBkZWNpZGUgaWYgd2Ugd2FudCBzeXNsb2dnaW5nDQpjbG9zZWxvZygpOw0KDQo='), array( 'id' => 'PHP Inj Shell', 'def1' => 'PHRpdGxlPnx8IC46Ok5ld3MgUmVtb3RlIFBIUCBTaGVsbCBJbmplY3Rpb246Oi4gfHwgICA8L3RpdGxlPg0K'), array( 'id' => 'PHP Jackal Shell', 'def1' => 'Y2FzZSAnY3InOmNyYWNrZVIoKTticmVhazsNCmNhc2UgJ2RpYyc6ZGljbWFrZVIoKTticmVhazsNCmNhc2UgJ3Rvb2xzJzp0b29sUygpO2JyZWFrOw0KY2FzZSAnaGV4JzpoZXh2aWVXKCk7YnJlYWs7DQoNCg=='), array( 'id' => 'PHP Remote View Shell', 'def1' => 'ICogIFdlbGNvbWUgdG8gcGhwUmVtb3RlVmlldyAoUmVtVmlldykgDQoNCg=='), array( 'id' => 'R57 ORIGINAL Shell', 'def1' => 'LyogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSNTcgc2hlbGwNCg0K'), array( 'id' => 'R57 IFX Modified Shell', 'def1' => 'LyogIHI1N3NoZWxsLnBocCAtID8/Pz8/PyA/PyA/Pz8gPz8/Pz8/Pz8/Pz8gPz8/ID8/Pz8/Pz8/PyA/Pz8/ID8/Pz8/Pz8gID8/ID8/Pz8/Pz8gPz8/Pz8gPz8/Pz8/Pw0K'), array( 'id' => 'R57 Kartal Modified Shell', 'def1' => 'LyogICAgICAgICAgICAgICAgICAgIGthcnRhbF81NjdAaG90bWFpbC5jb21bS2FSVGFMXQ0KDQo='), array( 'id' => 'R57 Mohajer22 Shell', 'def1' => 'LyogIChjKW9kZWQgYnkgMWR0LncwbGYNCg0KDQo='), array( 'id' => 'R57 New Year Edition Shell', 'def1' => 'LyogID8/Pz8/PzogMS4yNCAoTmV3IFllYXIgRWRpdGlvbikNCg0KDQo='), array( 'id' => 'Remview Shell', 'def1' => 'ICogICMgU2hlbGxjaS5CaXoNCiAqICBXZWxjb21lIHRvIHBocFJlbW90ZVZpZXcgKFJlbVZpZXcpIA0K'), array( 'id' => 'S72 Shell', 'def1' => 'PHRpdGxlPnM3MiBTaGVsbCB2MS4wIENvZGluZiBieSBDckB6eV9LaW5nPC90aXRsZT4NCg=='), array( 'id' => 'Safe Mode Bypass PHP 4.4.2 & 5.1.2 Shell', 'def1' => 'TW9kZSBTaGVsbCB2MS4wPC9mb250Pjwvc3Bhbj48L2E+PC9mb250Pjxmb250IGZhY2U9IldlYmRpbmdzIiBzaXplPSI2IiBjb2xvcj0iI0ZGMDAwMCI+ITwvZm9udD48L2I+PC9wPg0KDQo='), array( 'id' => 'SIM Attacker Shell', 'def1' => 'Jm5ic3A7SXJhbmlhbiBIYWNrZXJzIDogV1dXLlNJTU9SR0gtRVYuQ09NIDxicj4NCiZuYnNwO1Byb2dyYW1lciA6IEhvc3NlaW4gQXNnYXJ5IDxicj4NCg=='), array( 'id' => 'SnIpEr SA Shell', 'def1' => 'LyogIFNuSXBFcl9TQS5waHAgLSA/Pz8/Pz8gPz8gPz8/ID8/Pz8/Pz8/Pz8/ID8/PyA/Pz8/Pz8/Pz8gPz8/Pz8/Pz8/ID8/Pz8/Pz8gPz8gPz8/Pz8/PyA/Pz8/PyA/Pz8/Pz8/DQo='), array( 'id' => 'Stres Bypass Shell', 'def1' => 'LyogICAgICAgICAgICAgICAgICAgICAgICAgIFN0cmVzQnlwYXNzIHYxLjANCg=='), array( 'id' => 'Dark-Shell', 'def1' => 'ZWNobyAiPGNlbnRlcj48aDE+RGFyayBTaGVsbDwvaDE+PC9jZW50ZXI+PHA+PGhyPjxwPlxuIjsNCg=='), array( 'id' => '0x00 PHP shell', 'def1' => 'ICAgICAgICA8dGl0bGU+fiAweDAwIFBIUCBzaGVsbCB2LjB4MjwvdGl0bGU+DQo='), array( 'id' => 'okno_Shell', 'def1' => 'ZWNobyAnPGJyPlBIUCBzeXN0ZW0oKSBjb25zb2xlIGJ5IG9rbm8gLSBtYWluQHBhd2Vsem9yemFuLmV1IDxicj4nOw0K'), array( 'id' => 'CShell', 'def1' => 'ICogQ1NoZWxsDQoNCg=='), array( 'id' => 'Bl0od3r Priv8 Shell', 'def1' => 'U2hlbGwgd3JpdHRlbiBieSBCbDBvZDNyDQoNCg0K'), array( 'id' => 'Root Access Shell', 'def1' => 'PHRyPjx0ZCBjbGFzcz1jb250ZW50Yj48Y2VudGVyPjxhIGhyZWY9Imh0dHA6Ly9mb3J1bS5yb290LWFjY2Vzcy5ydSI+PGZvbnQgc2l6ZT0yIGNvbG9yPSNlN2U3ZWI+Um9vdC1BY2Nlc3MgU2hlbGwgdjEuMDwvZm9udD48L2E+PC9jZW50ZXI+DQoNCg0K'), array( 'id' => 'G00nShell', 'def1' => 'IyBbZzAwbl1GaVNoIHByZXNlbnRzOiAjDQojIGcwMG5zaGVsbCB2MS4zIGZpbmFsICMNCg0KDQo='), array( 'id' => 'CShell', 'def1' => 'ICogQ1NoZWxsDQoNCg=='), array( 'id' => 'lostDC shell', 'def1' => 'ICogbG9zdERDIHNoZWxsDQoNCg0K'), array( 'id' => '_GsC_ shell', 'def1' => 'R3NDIFNoZUxMIHYwLjguMCBDcmVhdGVkIEJ5IF9Hc0NfIEFrYSBTazFwcDNyDQoNCg0K'), array( 'id' => 'OnBoomShell', 'def1' => 'LyoNCk9OQk9PTVNIRUxMIFYgMC4yDQpieSBjb2JyYTkwbmoNCg=='), array( 'id' => 'StAkeR ~ Shell', 'def1' => 'PHRpdGxlPlN0QWtlUiB+IFNoZWxsPC90aXRsZT4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQo='), array( 'id' => 'Iron Shell', 'def1' => 'JGZvb3RlciA9ICc8dHI+PHRkPjxocj48Y2VudGVyPiZjb3B5OyA8YSBocmVmPSJodHRwOi8vd3d3Lmlyb253YXJlei5pbmZvIj5Jcm9uPC9hPiAmIDxhIGhyZWY9Imh0dHA6Ly93d3cucm9vdHNoZWxsLXRlYW0uaW5mbyI+Um9vdFNoZWxsIFNlY3VyaXR5IEdyb3VwPC9hPjwvY2VudGVyPjwvdGQ+PC90YWJsZT48L2JvZHk+PC9oZWFkPjwvaHRtbD4nOw=='), array( 'id' => '..:: HiddenShell ::..', 'def1' => 'ICAgIDx0aXRsZT5IaWRkZW5TaGVsbDwvdGl0bGU+DQo='), array( 'id' => 'N3fa5t1cA Sh3ll', 'def1' => 'PGh0bWw+PHRpdGxlPk4zZmE1dDFjQSBTaDNsbDwvdGl0bGU+DQoNCg=='), array( 'id' => '! ~ Cod3rZ Shell ~ !', 'def1' => 'IyBDb2QzclogU2hlbGwgNS4xDQojIGMwZGVkIGJ5IENvZDNyWg0KDQoNCg=='), array( 'id' => 's101', 'def1' => 'PHRpdGxlPnMxMDEgdjAuMi41PC90aXRsZT4NCg0K'), array( 'id' => 'Nexpl0rer Shell', 'def1' => 'MzEzMzcgU2hlbGwgYnkgTmV4ZW4gLSBQaFAgYzBkYWgNCg0K'), array( 'id' => 'DC3 Shell (Priv8)', 'def1' => 'ICAgICAgICAgIGRDMyBTZWN1cml0eSBDcmV3DQo='), array( 'id' => 'H4ntu Shell', 'def1' => 'ZWNobyAiPHRpdGxlPmg0bnR1IHNoZWxsIFtwb3dlcmVkIGJ5IHRzb2ldPC90aXRsZT5cbjxwPjxmb250IHNpemU9MiBmYWNlPVZlcmRhbmE+PGI+VGhpcyBJcyBUaGUgU2VydmVyIEluZm9ybWF0aW9uPC9iPjwvZm9udD48L3A+IjsNCg=='), array( 'id' => 'Macker s Private PHPShell', 'def1' => 'KiAgICAgICAgICAgICAgICAgICAgICAgICAgIFBIUFNIRUxMLlBIUCAgICAgICAgICAgICAqDQoNCg=='), array( 'id' => '~ Andr3a92 ~ Sh3ll ~', 'def1' => 'ZWNobyAiPHRyPjx0ZCBiZ2NvbG9yPVwiI0NDQ0NDQ1wiPjxjZW50ZXI+PGltZyBzcmM9XCIiLiRzaGVsbC4iP2ltZz1maWxlXCIgYm9yZGVyPVwiMFwiPjwvY2VudGVyPjwvdGQ+PHRkIGJnY29sb3I9XCIjQ0NDQ0NDXCI+PGEgaHJlZj1cIiIuJGZpbGV6LiJcIiB0YXJnZXQ9XCJfQkxBTktcIj4iLiRmaWxlX25hbWUuIjwvYT48L3RkPg0K'), array( 'id' => 'JsBack - Shell Backdoor', 'def1' => 'ICAgICAgICAgICAgICAgSnNCYWNrIC0gSmF2YXNjcmlwdCBCYWNrZG9vcg0K'), array( 'id' => 'shell qualsiasi', 'def1' => 'c2hlbGwNCg==', 'def2' => 'U2hlbGwNCg==', 'def3' => 'U2gzbGwNCg==') ); $generic = 'Shell'; //parse_dir( $settings[ 'BASE_DIR' ] ); echo "
"; ?>

Server Name
User Name
Password
Database Name

..:: Global Account Maintenance Tool ::.. released - by [ ]

Check the server load below first and make sure that you do not execute any of the functions if server has high load!!!

Suspicious files in /tmp: