body {background-color:#000;color:green;} body,td,th { font: 9pt Courier New;margin:0;vertical-align:top; } span,h1,a { color:#00ff00} span { font-weight: bolder; } h1 { border:1px solid #00ff00;padding: 2px 5px;font: 14pt Courier New;margin:0px; } div.content { padding: 5px;margin-left:5px;} a { text-decoration:none; } a:hover { background:#ff0000; } .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea { width:100%;height:250px; } input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,"Courier New"; } form { margin:0px; } #toolsTbl { text-align:center; } .toolsInp { width: 80%; } .main th {text-align:left;} .main tr:hover{background-color:#5e5e5e;} .main td, th{vertical-align:middle;} pre {font-family:Courier,Monospace;} #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft document.documentElement.clientWidth - offsetWidth);} .style2 {color: #00FF00} .style3 {color: #009900} .style4 {color: #006600} .style5 {color: #00CC00} .style6 {color: #003300} .style8 {color: #33CC00} #footer { margin-bottom: 10px; color: #666; vertical-align: top; text-align: center; font-size: 11px; } #footer ul { margin: 0; padding: 0; list-style: none; } #footer li { display: inline-block; margin-right: 15px; border-right: 1px solid #666; vertical-align: middle; } #footer li a { margin-right: 15px; } #footer li:last-child { margin-right: 0; border-right: 0; } #footer li:last-child a { margin-right: 0; } #footer a { color: #666; } #footer a:hover { color: #858585; } #footer .footer-left { height: 20px; vertical-align: middle; line-height: 20px; } @media (min-width: 39rem) { #footer { display: flex; flex-flow: row wrap; justify-content: space-between; align-items: center; align-content: center; margin-bottom: 20px; } #footer .footer-left { align-self: flex-start; margin-right: 20px; } #footer .footer-right { align-self: flex-end; } }'; set_time_limit(0); error_reporting(0); @ini_set('zlib.output_compression', 0); @ini_set('implicit_flush', 1); for($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } ob_implicit_flush(1); $path = getcwd(); if(isset($_GET['dir'])){ $path = $_GET['dir']; } if(isset($_GET['kill'])){ unlink(__FILE__); } echo "[Self Delete]
"; echo '

'; echo "CURRENT DIR: $path
"; if(isset($_GET['delete'])){ unlink($_GET['delete']); $status = "FAILED"; if(!file_exists($_GET['delete'])){ $status = "Success"; } echo "TRY TO DELETE: ".$_GET['delete']." $status
";exit; } scanBackdoor($path); function save($fname,$value){ $file = fopen($fname, "a"); fwrite($file, $value); fclose($file); } function checkBackdoor($file_location){ global $path; $patterns = [ 'exec\(', 'system\(', 'passthru\(', 'shell_exec\(', 'eval\(', 'assert\(', 'preg_replace\(', '/e', 'base64_decode\(', 'gzinflate\(', 'str_rot13\(', 'file_get_contents\(', 'file_put_contents\(', 'move_uploaded_file\(' ]; $contents = file_get_contents($file_location); if(strlen($contents) > 0){ foreach ($patterns as $pattern) { if(preg_match("#$pattern#i", $contents)){ echo "[+] Suspect file -> [DELETE] $file_location
"; save("shell-found.txt", "$file_location\n"); echo ''.htmlspecialchars($contents).'

'; return; } } } } function scanBackdoor($current_dir){ if(!is_readable($current_dir)) return; $dir_location = scandir($current_dir); $dangerous_ext = [ '.php', '.php3', '.php4', '.php5', '.php7', '.phtml', '.pht', '.phar', '.inc', '.htaccess', '.sh', '.pl', '.cgi', '.py', '.rb', '.asp', '.aspx', '.jsp', '.jspx', '.txt', '.log', '.bak', '.tmp', '.conf', '.config' ]; foreach ($dir_location as $file) { if($file === "." || $file === "..") continue; $file_location = str_replace("//", "/", "$current_dir/$file"); $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); if(in_array(".$ext", $dangerous_ext) && is_file($file_location)){ checkBackdoor($file_location); } elseif(is_dir($file_location)){ scanBackdoor($file_location); } } } ?>