Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Shellfinder ( by T3N38R15 ) [UPDATE]

  • 0 Vote(s) - 0 Average


07-03-2014, 01:25 AM #1
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
Salam madleets Smiley1
today i want to share with you my brand new Shellfinder code Smiley1
it detect critical php commands and then he filter it Smiley1
The Tool scan all subdirectorys of the selectet directory.
[Image: f-shellfinder153b423d90016e81b.jpg]
[Image: f-shellfinder253b424050016e81e.jpg]
Code :
NEW :
PHP Code:
<style>
    
#sbz {text-align: center;color: #000;font-size: 30px;font-weight: bold;line-height: 0.8em;letter-spacing: 0.2em;margin:0;text-shadow: 0 1px 20px #00FF00, 0 0 5px #00FF00, 0 0px 30px #00FF00, 1px 0 3px #00FF00;}
    
span.tab{padding0 10px; }
    .
box{
        -
moz-box-shadow1px 1px 8px #666;
        
-webkit-box-shadow1px 1px 8px #666;
        
box-shadow1px 1px 8px #40D5D2;
        
bordersolid 1px black;
        -
webkit-border-radius8px 8px 0px 0px;
        -
moz-border-radius8px 8px 0px 0px;
        
border-radius8px 8px 0px 0px;
        
margin15px 0px;
        
background-color#F5F5F5;
         
opacity0.8;
         
width:840px;
    }
    
#footer {
    
position absolute;
    
bottom 0;
    
height 40px;
    
margin-top 40px;
    }
    
body{
        
background-colorblack;
       
backgroundurl('http://images7.alphacoders.com/332/332232.jpg'no-repeat center center fixed;
    }
</
style>
<?
php
@set_time_limit(0);error_reporting(0);
function 
recurseDir($dir,$list) {
    if(
is_dir($dir)) {
        if(
$dh opendir($dir)){
            while(
$file readdir($dh)){
                if(
$file != '.' && $file != '..'){
                    if(
is_dir($dir '/' .  $file)){
                        
$list recurseDir($dir .'/' .  $file  '/',$list);
                    }else{
                        
$list[] = $dir '/' $file;
                     }
                }
             }
        }
         
closedir($dh);         
   }
   return 
$list;
}
echo 
'<html><head><title>Shellfinder</title></head><body><center><pre id="sbz">Shellfinder by T3N38R15</pre><div class="box" align="left">';

if(empty(
$_POST["go"])==0){
    
$files = array();
    
$files recurseDir($_POST["directory"],$files);
    echo 
'<table cellpadding="2"><tr><td>Path</td><td>Functions</td><td> Shell ?</td><td>OPTION</td></tr>';
    
$i =1;
    foreach(
$files as $file){
        if(
$file!=getcwd() . $_SERVER["PHP_SELF"]){
            
$content=file_get_contents($file);
            if (
preg_match('/(<\?php)/i',$content)){
                if (
preg_match('/(base64_\(|eval\s*\(|system\s*\(|shell_|exec\s*\(|move_uploaded_file\s*\(|gzinflate\s*\()/i',$content)){    
                    
$ve1=0;$ve2=0;$ve3=0;$ve4=0;$ve5=0;$ve6=0;
                    echo 
'<tr><td>'$file '</td><td>';
                    if (
preg_match('/(base64_)/i',$content)){echo "base64 decoding/encoding,";$ve1=1;}
                    if (
preg_match('/(eval)/i',$content)){echo "eval,";$ve2=1;}
                    if (
preg_match('/(system)/i',$content)){echo "system,";$ve3=1;}
                    if (
preg_match('/(shell_)/i',$content)){echo "Shell_,";$ve4=1;}
                    if (
preg_match('/(move_uploaded_file)/i',$content)){echo "move_uploaded_file,";$ve5=1;}
                    if (
preg_match('/(gzinflate)/i',$content)){echo "gzinflate,";$ve6=1;}
                    echo 
'</td><td>';
                    if((
$ve1==&& $ve2==1) || ($ve6==&& $ve2==1)){
                        echo 
'<font color="red">possible shell 85%</font>';
                    }elseif(
$ve5==1){
                        echo 
'<font color="red">possible uploader 90%</font>';
                    }elseif(
$ve4==1){
                        echo 
'<font color="red">possible shell-Console 50%</font>';
                    }elseif(
$ve3==1){
                        echo 
'<font color="red">system-shell 50%</font>';
                    }else{
                        echo 
' ';
                    }
                    echo 
'</td><td><form name="dt' $i '" method="post" target="_blank" style="display:inline"><input type="hidden" name="de" value="' $file '"><input type="submit" value="DELETE"></form></tr>';
                    
$i++;
                }
            }
        }
    }
    echo 
'</tr></table>';
}else{
    if(!empty(
$_POST["de"])){
        echo 
'<center>Delete the file : ' $_POST["de"] . '</br>';
        
unlink($_POST["de"]);
        if(
file_exists($_POST["de"])){echo "The file is protectet ...";}else{echo "The file is deleted";}
        echo 
'</center>';
    }else{
        echo 
'<center>To start the scanning press go.</br>this can took a bit of your time :)</br></br><form method="POST">scann : <input type="text" name="directory" value="' $_SERVER["DOCUMENT_ROOT"] . '"/></br><input type="submit" name="go" value="GO"/></form></center>';
    }
}
echo 
'</div></center></body><div id="footer"><pre id="sbz">Team Madleets</pre></div></html>';
?>
OLD :
PHP Code:
<style>
    
#sbz {text-align: center;color: #000;font-size: 30px;font-weight: bold;line-height: 0.8em;letter-spacing: 0.2em;margin:0;text-shadow: 0 1px 20px #00FF00, 0 0 5px #00FF00, 0 0px 30px #00FF00, 1px 0 3px #00FF00;}
    
span.tab{padding0 10px; }
    .
box{
        -
moz-box-shadow1px 1px 8px #666;
        
-webkit-box-shadow1px 1px 8px #666;
        
box-shadow1px 1px 8px #40D5D2;
        
bordersolid 1px black;
        -
webkit-border-radius8px 8px 0px 0px;
        -
moz-border-radius8px 8px 0px 0px;
        
border-radius8px 8px 0px 0px;
        
margin15px 0px;
        
background-color#F5F5F5;
         
opacity0.8;
         
width:840px;
    }
    
#footer {
    
position absolute;
    
bottom 0;
    
height 40px;
    
margin-top 40px;
    }
    
body{
        
background-colorblack;
       
backgroundurl('http://images7.alphacoders.com/332/332232.jpg'no-repeat center center fixed;
    }
</
style>
<?
php
@set_time_limit(0);error_reporting(0);
function 
recurseDir($dir,$list) {
    if(
is_dir($dir)) {
        if(
$dh opendir($dir)){
            while(
$file readdir($dh)){
                if(
$file != '.' && $file != '..'){
                    if(
is_dir($dir '/' .  $file)){
                        
$list recurseDir($dir .'/' .  $file  '/',$list);
                    }else{
                        
$list[] = $dir '/' $file;
                     }
                }
             }
        }
         
closedir($dh);         
   }
   return 
$list;
}
echo 
'<html><head><title>Shellfinder</title></head><body><center><pre id="sbz">Shellfinder by T3N38R15</pre><div class="box" align="left">';
if(empty(
$_POST["go"])==0){
    
$files = array();
    
$files recurseDir($_POST["directory"],$files);
    echo 
'<table cellpadding="2"><tr><td>Path</td><td>Functions</td><td> Shell ?</td></tr>';
    foreach(
$files as $file){
        if(
$file!=getcwd() . $_SERVER["PHP_SELF"]){
            
$content=file_get_contents($file);
            if (
preg_match('/(<\?php)/i',$content)){
                if (
preg_match('/(base64_\(|eval\s*\(|system\s*\(|shell_|exec\s*\(|move_uploaded_file\s*\(|gzinflate\s*\()/i',$content)){    
                    
$ve1=0;$ve2=0;$ve3=0;$ve4=0;$ve5=0;$ve6=0;
                    echo 
'<tr><td>'$file '</td><td>';
                    if (
preg_match('/(base64_)/i',$content)){echo "base64 decoding/encoding,";$ve1=1;}
                    if (
preg_match('/(eval)/i',$content)){echo "eval,";$ve2=1;}
                    if (
preg_match('/(system)/i',$content)){echo "system,";$ve3=1;}
                    if (
preg_match('/(shell_)/i',$content)){echo "Shell_,";$ve4=1;}
                    if (
preg_match('/(move_uploaded_file)/i',$content)){echo "move_uploaded_file,";$ve5=1;}
                    if (
preg_match('/(gzinflate)/i',$content)){echo "gzinflate,";$ve6=1;}
                    echo 
'</td><td>';
                    if((
$ve1==&& $ve2==1) || ($ve6==&& $ve2==1)){
                        echo 
'<font color="red">possible shell 85%</font>';
                    }elseif(
$ve5==1){
                        echo 
'<font color="red">possible uploader 90%</font>';
                    }elseif(
$ve4==1){
                        echo 
'<font color="red">possible shell-Console 50%</font>';
                    }elseif(
$ve3==1){
                        echo 
'<font color="red">system-shell 50%</font>';
                    }else{
                        echo 
' ';
                    }
                    echo 
'</td></tr>';
                }
            }
        }
    }
    echo 
'</tr></table>';
}else{
    echo 
'<center>To start the scanning press go.</br>this can took a bit of your time :)</br></br><form method="POST">scann : <input type="text" name="directory" value="' $_SERVER["DOCUMENT_ROOT"] . '"/></br><input type="submit" name="go" value="GO"/></form></center>';
}
echo 
'</div></center></body><div id="footer"><pre id="sbz">Team Madleets</pre></div></html>';
?>

[Image: xodhvlpa.jpg]
[Image: test.php]

07-03-2014, 01:32 AM #2
sniffer Offline Bug Researchers **********
Junior Administrator
Posts:878 Threads:126 Joined:Sep 2012 Reputation: 12
Mood: Happy
nice share Smiley1

jabber : [email protected]ber.ru

07-03-2014, 01:36 AM #3
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
thx sniffer Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

07-04-2014, 10:07 PM #4
w40ut Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:14 Threads:1 Joined:Jun 2014 Reputation: 0
Mood: Hacker
Wow! Biggrinsmiley

Thx dude! Smiley1

[Image: original.gif]

07-04-2014, 10:15 PM #5
Malik Haxor Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:86 Threads:32 Joined:Apr 2014 Reputation: 5
Mood: Happy
How to use this?

[Image: respected.gif][Image: vr9h11E.png] [Image: jpdRVZA.png]

07-05-2014, 06:10 AM #6
w40ut Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:14 Threads:1 Joined:Jun 2014 Reputation: 0
Mood: Hacker
(07-04-2014, 10:15 PM)Malik Haxor Wrote:  How to use this?

First you need to copy the PHP code and save it to: "example.php"
Second, you need to upload the shell to the website (you need to upload the "example.php").
Third, just go to the URL where you uploaded the "example.php" and so the scan like in the images!

** I don't know if i'm right.. that's just my opinion **

[Image: original.gif]

07-05-2014, 08:05 AM #7
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
yeah you are right man Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

07-05-2014, 05:10 PM #8
Malik Haxor Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:86 Threads:32 Joined:Apr 2014 Reputation: 5
Mood: Happy
(07-05-2014, 06:10 AM)w40ut Wrote:  
(07-04-2014, 10:15 PM)Malik Haxor Wrote:  How to use this?

First you need to copy the PHP code and save it to: "example.php"
Second, you need to upload the shell to the website (you need to upload the "example.php").
Third, just go to the URL where you uploaded the "example.php" and so the scan like in the images!

** I don't know if i'm right.. that's just my opinion **
thanx dude
:-* <3 ;-)

[Image: respected.gif][Image: vr9h11E.png] [Image: jpdRVZA.png]

07-05-2014, 06:44 PM #9
mr.lonely1337 Offline Respected *****
Respected
Posts:172 Threads:91 Joined:Dec 2013 Reputation: 3
Mood: Addicted
nice one

07-05-2014, 06:45 PM #10
black-hat Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:18 Threads:2 Joined:Jun 2014 Reputation: 2
Mood: Stoned
good bro now we need to upload 2 files Tonguesmiley Biggrinsmiley one shell and 2nd this shell finder TonguesmileyBiggrinsmiley
thanks for shre






Forum Jump:


Users browsing this thread:1 Guest(s)